diff --git a/.github/workflows/arduino.yml b/.github/workflows/arduino.yml
new file mode 100644
index 000000000..4abe52061
--- /dev/null
+++ b/.github/workflows/arduino.yml
@@ -0,0 +1,325 @@
+name: Arduino CI Build (1 of 4) wolfssl
+
+#
+# Test fetches wolfssl-examples/Arduino and uses local, latest github master branch wolfssl
+#
+# These 4 workflows across 3 repos are interdependent for the current $REPO_OWNER:
+#
+# THIS Arduino CI Build 1: https://github.com/$REPO_OWNER/wolfssl          #  /.github/workflows/arduino.yml
+#   - Builds Arduino library from local clone of wolfssl master branch
+#   - Fetches examples from https://github.com/$REPO_OWNER/wolfssl-examples
+#
+# Arduino CI Build 2: https://github.com/$REPO_OWNER/wolfssl-examples      #  /.github/workflows/arduino-release.yml
+#    - Tests examples based on latest published release of Arduino library, NOT latest on wolfssl github.
+#    - Should be identical to Arduino CI Build 3 in every way but wolfssl install.
+#    - Copies only compile script from wolfssl-examples
+#    - Builds local examples
+#    - No other repos used
+#
+# Arduino CI Build 3: https://github.com/$REPO_OWNER/wolfssl-examples      #  /.github/workflows/arduino.yml
+#   - Fetches current wolfSSL from https://github.com/$REPO_OWNER/wolfssl
+#   - Creates an updated Arduino library
+#   - Compiles local examples
+#   - Contains the source of `compile-all-examples.sh` and respective board-list.txt
+#
+# Arduino CI Build 4: https://github.com/$REPO_OWNER/Arduino-wolfssl       #  /.github/workflows/arduino.yml
+#    - Assembles and installs an updated Arduino wolfssl library from LOCAL wolfssl master source
+#    - Copies only compile script copied from wolfssl-examples
+#    - Builds local examples
+#    - No other repos used
+#
+#
+#                                   ** NOTE TO MAINTAINERS **
+#
+#           Consider using winmerge or similar tool to keep the 4 arduino[-release].yml files in relative sync.
+#           Although there are some specific differences, most of the contents are otherwise identical.
+#
+# See https://github.com/wolfSSL/Arduino-wolfSSL
+#
+# To test locally:
+# cd [your WOLFSSL_ROOT], e.g. cd /mnt/c/workspace/wolfssl-$USER
+# [optional checkout]     e.g. git checkout tags/v5.8.2-stable
+# pushd ./IDE/ARDUINO
+# export ARDUINO_ROOT="$HOME/Arduino/libraries"
+# ./wolfssl-arduino.sh INSTALL
+# cd [your WOLFSSL_EXAMPLES_ROOT] e.g. /mnt/c/workspace/wolfssl-examples-$USER
+#
+
+# START OF COMMON SECTION
+on:
+  push:
+    branches: [ '**', 'master', 'main', 'release/**' ]
+    paths:
+      - '.github/workflows/arduino.yml'
+      - 'IDE/ARDUINO/**'
+      - 'src/**'
+      - 'wolfcrypt/**'
+      - 'wolfssl/**'
+  pull_request:
+    branches: [ '**' ]
+    paths:
+      - 'github/workflows/arduino.yml'
+      - 'IDE/ARDUINO/**'
+      - 'src/**'
+      - 'wolfcrypt/**'
+      - 'wolfssl/**'
+  workflow_dispatch:
+
+concurrency:
+  group: ${{ github.workflow }}-${{ github.ref }}
+  cancel-in-progress: true
+# END OF COMMON SECTION
+
+jobs:
+  build:
+    if: github.repository_owner == 'wolfssl'
+    runs-on: ubuntu-latest
+    env:
+      REPO_OWNER: ${{ github.repository_owner }}
+    steps:
+      - name: Checkout Repository
+        uses: actions/checkout@v4
+
+      - name: Install Arduino CLI
+        run: |
+          # Script to fetch and run install.sh from arduino/arduino-cli
+
+          # The install script will test to see if the recently installed apps in in the path
+          # So set it up in advance:
+          mkdir -p "${PWD}/bin"
+          echo "${PWD}/bin" >> $GITHUB_PATH
+
+          # Sets the install directory to a consistent path at the repo root.
+          ROOT_BIN="$GITHUB_WORKSPACE/bin"
+
+          # Ensures that BINDIR exists before the installer runs
+          mkdir -p "$ROOT_BIN"
+
+          # Save as a lobal environment variable
+          echo "$ROOT_BIN" >> "$GITHUB_PATH"
+
+          # Download and run install script from Arduino:
+          # -S show errors; -L follow redirects; -v Verbose
+          set +e                 # don't abort on error
+          set -o pipefail
+
+          curl -vSL --retry 5 --retry-delay 10 \
+             https://raw.githubusercontent.com/arduino/arduino-cli/master/install.sh  \
+             | sh -x
+          rc=$?
+          c_rc=${PIPESTATUS[0]}  # curl's exit code
+          s_rc=${PIPESTATUS[1]}  # sh's  exit code
+
+          set -e                 # restore default abort-on-error
+
+          # If there was a curl error, we have our own local copy that is more reliable and can add our own debugging
+          if [ "$rc" -ne 0 ]; then
+            echo "Primary install failed: curl=$c_rc, sh=$s_rc. Falling back..." >&2
+            echo "Using local copy of arduino_install.sh"
+            pushd ./Arduino/sketches
+              chmod +x ./arduino_install.sh
+
+              # Mimic curl install, does not use current directory:
+              BINDIR="$ROOT_BIN" sh -x ./arduino_install.sh
+            popd
+          else
+            echo "Alternative install script not needed."
+          fi
+
+      - name: Confirm Arduino CLI install
+        run: arduino-cli version
+
+      - name: Setup Arduino CLI
+        run: |
+          arduino-cli config init
+          arduino-cli core update-index
+          arduino-cli config add board_manager.additional_urls https://www.pjrc.com/teensy/package_teensy_index.json
+          arduino-cli core update-index
+          arduino-cli config add board_manager.additional_urls https://arduino.esp8266.com/stable/package_esp8266com_index.json
+          arduino-cli core update-index
+          arduino-cli core install esp32:esp32            # ESP32
+          arduino-cli core install arduino:avr            # Arduino Uno, Mega, Nano
+          arduino-cli core install arduino:sam            # Arduino Due
+          arduino-cli core install arduino:samd           # Arduino Zero
+          arduino-cli core install teensy:avr             # PJRC Teensy
+          arduino-cli core install esp8266:esp8266        # ESP8266
+          arduino-cli core install arduino:mbed_nano      # nanorp2040connect
+          arduino-cli core install arduino:mbed_portenta  # portenta_h7_m7
+          arduino-cli core install arduino:mbed_edge
+          # sudo "/home/$USER/.arduino15/packages/arduino/hardware/mbed_nano/4.2.4/post_install.sh"
+          arduino-cli core install arduino:renesas_uno
+          arduino-cli lib install "ArduinoJson"           # Example dependency
+          arduino-cli lib install "WiFiNINA"              # ARDUINO_SAMD_NANO_33_IOT
+          arduino-cli lib install "Ethernet"              # Install Ethernet library
+          arduino-cli lib install "Bridge"                # Pseudo-network for things like arduino:samd:tian
+
+      - name: Set job environment variables
+        run: |
+          # Script to assign some common environment variables after everything is installed
+
+          ICON_OK=$(printf "\xE2\x9C\x85")
+          ICON_FAIL=$(printf "\xE2\x9D\x8C")
+
+          echo "GITHUB_WORK=$(realpath           "$GITHUB_WORKSPACE/../..")"  >> "$GITHUB_ENV"
+          echo "ARDUINO_ROOT=$(realpath          "$HOME/Arduino/libraries")"  >> "$GITHUB_ENV"
+
+          # Show predefined summary:
+          echo "GITHUB_WORKSPACE      = $GITHUB_WORKSPACE"
+
+          # Show assigned build:env values (e.g. "wolfssl", "gojimmpi" or other owners):
+          echo "REPO_OWNER            = $REPO_OWNER"
+
+          echo "GITHUB_ENV=$GITHUB_ENV"
+
+          # Show our custom values:
+          echo "GITHUB_WORK           = $GITHUB_WORK"
+          echo "ARDUINO_ROOT          = $ARDUINO_ROOT"
+
+          # WOLFSSL_EXAMPLES_ROOT is the repo root, not example location
+          echo "WOLFSSL_EXAMPLES_ROOT = $WOLFSSL_EXAMPLES_ROOT"
+
+      - name: Get wolfssl-examples
+        run: |
+          # Fetch Arduino examples from the wolfssl-examples repo
+          echo "Start pwd:"
+          pwd
+          # we're typically in $GITHUB_WORKSPACE=/home/runner/work/wolfssl/wolfssl
+          # goto /home/runner/work to fetch wolfssl-examples
+
+          echo "Current pwd for wolfssl-examples clone fetch: $(pwd)"
+          GITHUB_WORK=$(realpath "$GITHUB_WORKSPACE/../..")
+          echo "GITHUB_WORKSPACE=$GITHUB_WORKSPACE"
+
+          # Typically /home/runner/work
+          echo "GITHUB_WORK=$GITHUB_WORK"
+
+          pushd "$GITHUB_WORK"
+            echo "Updated pwd for wolfssl-examples clone fetch: $(pwd)"
+
+            git clone --depth 1 https://github.com/$REPO_OWNER/wolfssl-examples.git wolfssl-examples-publish
+
+            cd ./wolfssl-examples-publish
+            echo "WOLFSSL_EXAMPLES_ROOT=$(pwd)"
+
+            echo "Path for wolfssl-examples-publish: $(pwd)"
+          popd # GITHUB_WORK
+
+
+          # ** END ** Get wolfssl-examples
+
+      - name: Install wolfSSL Arduino library
+        run: |
+          # Run the local wolfssl-arduino.sh install script to install wolfssl Arduino library.
+
+          # Methods of installing Arduino library:
+          #   1) arduino-cli lib install "wolfSSL"
+          #   2) manual copy of files (typical of the Arduino-wolfssl repo)
+          #   3) run ./wolfssl-arduino.sh INSTALL (typical of the wolfssl repo)
+
+          echo "Current pwd for wolfssl-examples clone fetch: $(pwd)"
+          GITHUB_WORK=$(realpath "$GITHUB_WORKSPACE/../..")
+          echo "GITHUB_WORKSPACE=$GITHUB_WORKSPACE"
+
+          # Typically /home/runner/work
+          echo "GITHUB_WORK=$GITHUB_WORK"
+          pwd
+          pushd ./IDE/ARDUINO
+
+            # Set default ARDUINO_ROOT to Arduino library.
+            export ARDUINO_ROOT="$HOME/Arduino/libraries"
+            export WOLFSSL_EXAMPLES_ROOT="$GITHUB_WORK/wolfssl-examples-publish"
+
+            echo "ARDUINO_ROOT:          $WOLFSSL_EXAMPLES_ROOT"
+            echo "WOLFSSL_EXAMPLES_ROOT: $WOLFSSL_EXAMPLES_ROOT"
+
+            bash ./wolfssl-arduino.sh INSTALL  # Install wolfSSL library
+          popd
+
+          # ** END ** Install wolfSSL Arduino library
+
+      - name: List installed Arduino libraries
+        run: arduino-cli lib list
+
+      - name: Get compile-all-examples.sh
+        run: |
+          # Fetch compile script FROM THE CURRENT OWNER.
+          # This repo is Arduino-wolfssl; we'll fetch the script from the wolfssl-examples for the same repository owner.
+          echo "Repository owner: $REPO_OWNER"
+          echo "Current directory: $PWD"
+          echo "Current pwd for wolfssl-examples clone fetch: $PWD"
+          WOLFSSL_EXAMPLES_DIRECTORY="$ARDUINO_ROOT/wolfssl/examples"
+          THIS_BOARD_LIST="board_list.txt"
+          echo "WOLFSSL_EXAMPLES_DIRECTORY=$WOLFSSL_EXAMPLES_DIRECTORY"
+
+          # Fetch script and board list into WOLFSSL_EXAMPLES_DIRECTORY
+          echo "Fetching board_list.txt from REPO_OWNER=$REPO_OWNER"
+          curl -L "https://raw.githubusercontent.com/$REPO_OWNER/wolfssl-examples/master/Arduino/sketches/board_list.txt"          -o "$WOLFSSL_EXAMPLES_DIRECTORY/$THIS_BOARD_LIST"
+
+          # Check if the first line is "404: Not Found" - which would indicate the curl path above is bad.
+          FILE="$WOLFSSL_EXAMPLES_DIRECTORY/board_list.txt"
+
+          # Ensure the file exists
+          if [[ ! -f "$FILE" ]]; then
+              echo "File not found: $FILE"
+              exit 1
+          fi
+
+          # Check if the first line is "404: Not Found"
+          if [[ $(head -n 1 "$FILE") == "404: Not Found" ]]; then
+              echo "The first line is '404: Not Found'"
+              exit 1
+          fi
+
+          # Fetch the compile script from repo: https://github.com/[$USER]/wolfssl-examples/
+          echo "Fetching compile-all-examples.sh from REPO_OWNER=$REPO_OWNER"
+          curl -L "https://raw.githubusercontent.com/$REPO_OWNER/wolfssl-examples/master/Arduino/sketches/compile-all-examples.sh" -o "$WOLFSSL_EXAMPLES_DIRECTORY/compile-all-examples.sh"
+
+          # Check if the first line is "404: Not Found" - which would indicate the curl path above is bad.
+          FILE="$WOLFSSL_EXAMPLES_DIRECTORY/compile-all-examples.sh"
+
+          # Ensure the file exists
+          if [[ ! -f "$FILE" ]]; then
+              echo "File not found: $FILE"
+              exit 1
+          fi
+
+          # Check if the first line is "404: Not Found"
+          if [[ $(head -n 1 "$FILE") == "404: Not Found" ]]; then
+              echo "The first line is '404: Not Found'"
+              exit 1
+          fi
+
+          pushd "$WOLFSSL_EXAMPLES_DIRECTORY"
+            echo "Current directory:           $PWD"
+
+            echo "Current directory $PWD"
+            echo "Contents:"
+            ls -al
+            find ./ -type f | sort
+
+            # ensure we can execute the script here (permissions lost during curl fetch)
+            chmod +x ./compile-all-examples.sh
+            echo "Found compile script: $(ls -al ./compile-all-examples.sh ./$THIS_BOARD_LIST)"
+          popd
+
+          # ** END ** Get compile-all-examples.sh
+
+      # This will fail with Arduino published wolfSSL v5.7.6 and older
+      # as the examples moved. See https://github.com/wolfSSL/wolfssl/pull/8514
+      #
+      - name: Compile Arduino Sketches for Various Boards
+        run: |
+          # Call the compile-all-examples.sh script to compile all the examples for each of the fqbn names in the local copy of board_list.txt
+
+          echo "Current directory:           $PWD"
+          echo "ARDUINO_ROOT:                $ARDUINO_ROOT"
+          WOLFSSL_EXAMPLES_DIRECTORY="$ARDUINO_ROOT/wolfssl/examples"
+          echo "WOLFSSL_EXAMPLES_DIRECTORY:  $WOLFSSL_EXAMPLES_DIRECTORY"
+
+          echo "Change directory to Arduino examples..."
+          pushd "$WOLFSSL_EXAMPLES_DIRECTORY"
+            echo "Current directory:           $PWD"
+            echo "Calling ./compile-all-examples.sh"
+            bash ./compile-all-examples.sh
+          popd
+          # End Compile Arduino Sketches for Various Boards
diff --git a/.github/workflows/haproxy.yml b/.github/workflows/haproxy.yml
index fa1ac5bef..99db830f9 100644
--- a/.github/workflows/haproxy.yml
+++ b/.github/workflows/haproxy.yml
@@ -47,7 +47,7 @@ jobs:
     strategy:
       fail-fast: false
       matrix:
-        haproxy_ref: [ 'v3.1.0' ]
+        haproxy_ref: [ 'v3.1.0', 'v3.2.0']
     steps:
     - name: Install test dependencies
       run: |
@@ -82,6 +82,13 @@ jobs:
       working-directory: build-dir/haproxy-${{matrix.haproxy_ref}}
       run: make clean && make TARGET=linux-glibc USE_OPENSSL_WOLFSSL=1 SSL_LIB=$GITHUB_WORKSPACE/build-dir/lib SSL_INC=$GITHUB_WORKSPACE/build-dir/include ADDLIB=-Wl,-rpath,$GITHUB_WORKSPACE/build-dir/lib CFLAGS="-fsanitize=address" LDFLAGS="-fsanitize=address"
 
+      # wlallemand/VTest used in v3.1.0 is no longer available
+    - name: Patch build-vtest.sh for v3.1.0
+      if: matrix.haproxy_ref == 'v3.1.0'
+      working-directory: build-dir/haproxy-${{ matrix.haproxy_ref }}/scripts
+      run: |
+        sed -i 's|https://github.com/wlallemand/VTest/archive/refs/heads/haproxy-sd_notify.tar.gz|https://github.com/vtest/VTest2/archive/main.tar.gz|' build-vtest.sh
+
     - name: Build haproxy vtest
       working-directory: build-dir/haproxy-${{matrix.haproxy_ref}}
       run: ./scripts/build-vtest.sh
diff --git a/.github/workflows/hostap-vm.yml b/.github/workflows/hostap-vm.yml
index 43f114af3..77f7007c3 100644
--- a/.github/workflows/hostap-vm.yml
+++ b/.github/workflows/hostap-vm.yml
@@ -79,6 +79,7 @@ jobs:
           lookup-only: true
 
       - name: Checkout hostap
+        if: steps.cache.outputs.cache-hit != 'true'
         run: git clone git://w1.fi/hostap.git hostap
 
   build_uml_linux:
@@ -176,9 +177,6 @@ jobs:
           key: hostap-linux-${{ env.LINUX_REF }}
           fail-on-cache-miss: true
 
-      - name: show file structure
-        run: tree
-
         # No way to view the full strategy in the browser (really weird)
       - name: Print strategy
         run: |
@@ -232,7 +230,12 @@ jobs:
 
       - name: Update certs
         working-directory: hostap/tests/hwsim/auth_serv
-        run: ./update.sh
+        run: |
+          ./update.sh
+          # Force regeneration of rsa3072-ca.key to get rsa3072-generate.sh to
+          # correctly update all the certs
+          rm rsa3072-ca.key
+          ./rsa3072-generate.sh
 
       - if: ${{ matrix.config.osp_ref }}
         name: Checkout OSP
diff --git a/.github/workflows/libssh2.yml b/.github/workflows/libssh2.yml
index 29db70f0e..719347d28 100644
--- a/.github/workflows/libssh2.yml
+++ b/.github/workflows/libssh2.yml
@@ -76,11 +76,11 @@ jobs:
       - name: Update libssh2 test to use a stable version of debian
         working-directory: libssh2
         run: |
-            sed -i 's/testing-slim/stable-slim/' tests/openssh_server/Dockerfile
+            sed -i 's/testing-slim/oldstable-slim/' tests/openssh_server/Dockerfile
 
       - name: Run libssh2 tests
         working-directory: libssh2
-        run: make check
+        run: make -j check
 
       - name: Confirm libssh2 built with wolfSSL
         run: ldd libssh2/src/.libs/libssh2.so | grep wolfssl
diff --git a/.github/workflows/linuxkm.yml b/.github/workflows/linuxkm.yml
new file mode 100644
index 000000000..334fd7a1a
--- /dev/null
+++ b/.github/workflows/linuxkm.yml
@@ -0,0 +1,54 @@
+name: Kernel Module Build
+
+# START OF COMMON SECTION
+on:
+  push:
+    branches: [ 'master', 'main', 'release/**' ]
+  pull_request:
+    branches: [ '*' ]
+
+concurrency:
+  group: ${{ github.workflow }}-${{ github.ref }}
+  cancel-in-progress: true
+# END OF COMMON SECTION
+
+jobs:
+  build_library:
+    strategy:
+      matrix:
+        config: [
+          'EXTRA_CPPFLAGS=-Werror --enable-option-checking=fatal --enable-linuxkm --enable-linuxkm-lkcapi-register=all --enable-all --enable-kyber=yes,original --enable-lms --enable-xmss --enable-dilithium --enable-experimental --enable-dual-alg-certs --disable-qt --disable-quic --with-sys-crypto-policy=no --disable-opensslextra --disable-testcert --enable-intelasm --disable-sp-asm --enable-crypttests --enable-linuxkm-benchmarks CFLAGS="-DWOLFSSL_LINUXKM_VERBOSE_DEBUG -Wframe-larger-than=2048 -Wstack-usage=4096 -DBENCH_EMBEDDED -DBENCH_MIN_RUNTIME_SEC=0.01 -DBENCH_NTIMES=1 -DBENCH_AGREETIMES=1" --with-max-rsa-bits=16384',
+          'EXTRA_CPPFLAGS=-Werror --enable-option-checking=fatal --enable-linuxkm --enable-linuxkm-pie --enable-reproducible-build --enable-linuxkm-lkcapi-register=all --enable-all-crypto --enable-cryptonly --enable-kyber=yes,original --enable-lms --enable-xmss --enable-dilithium --enable-experimental --disable-qt --disable-quic --with-sys-crypto-policy=no --disable-opensslextra --disable-testcert --enable-intelasm --disable-sp-asm --enable-crypttests --enable-linuxkm-benchmarks CFLAGS="-DWOLFSSL_LINUXKM_VERBOSE_DEBUG -Wframe-larger-than=2048 -Wstack-usage=4096 -DBENCH_EMBEDDED -DBENCH_MIN_RUNTIME_SEC=0.01 -DBENCH_NTIMES=1 -DBENCH_AGREETIMES=1" --with-max-rsa-bits=16384'
+        ]
+    name: build module
+    if: github.repository_owner == 'wolfssl'
+    runs-on: ubuntu-latest
+    timeout-minutes: 5
+    steps:
+      - uses: actions/checkout@v4
+        name: Checkout wolfSSL
+
+      - name: Prepare target kernel for module builds
+        run: |
+          echo "updating linux-headers"
+          sudo apt-get update || $(exit 2)
+          sudo apt-get install linux-headers-$(uname -r) -y || $(exit 3)
+          echo "preparing target kernel $(uname -r)"
+          pushd "/lib/modules/$(uname -r)/build" || $(exit 4)
+          if [ -f /proc/config.gz ]; then gzip -dc /proc/config.gz > /tmp/.config && sudo mv /tmp/.config . || $(exit 5); elif [ -f "/boot/config-$(uname -r)" ]; then sudo cp -p "/boot/config-$(uname -r)" .config || $(exit 6); fi
+          sudo make -j 4 oldconfig || $(exit 7)
+          sudo make M="$(pwd)" modules_prepare || $(exit 8)
+          popd >/dev/null
+
+      - name: autogen.sh
+        run: |
+          ./autogen.sh || $(exit 9)
+
+      - name: Build libwolfssl.ko, targeting GitHub ubuntu-latest, with --enable-all, PQC, and smallstack and stack depth warnings
+        run: |
+          echo "running ./configure --with-linux-source=/lib/modules/$(uname -r)/build ${{ matrix.config }}"
+          ./configure --with-linux-source=/lib/modules/$(uname -r)/build ${{ matrix.config }} || $(exit 10)
+          # try to remove profiling (-pg) because it leads to "_mcleanup: gmon.out: Permission denied"
+          make -j 4 KERNEL_EXTRA_CFLAGS_REMOVE=-pg FORCE_NO_MODULE_SIG=1 || $(exit 11)
+          ls -l linuxkm/libwolfssl.ko || $(exit 12)
+          echo "Successful linuxkm build."
diff --git a/.github/workflows/macos-apple-native-cert-validation.yml b/.github/workflows/macos-apple-native-cert-validation.yml
index c8b161dbe..045686a14 100644
--- a/.github/workflows/macos-apple-native-cert-validation.yml
+++ b/.github/workflows/macos-apple-native-cert-validation.yml
@@ -14,8 +14,7 @@ concurrency:
 
 jobs:
   make_check:
-    strategy:
-      fail-fast: false
+    if: github.repository_owner == 'wolfssl'
     runs-on: macos-latest
     # This should be a safe limit for the tests to run.
     timeout-minutes: 5
diff --git a/.github/workflows/os-check.yml b/.github/workflows/os-check.yml
index 52a76de02..81f071ccf 100644
--- a/.github/workflows/os-check.yml
+++ b/.github/workflows/os-check.yml
@@ -57,7 +57,10 @@ jobs:
           '--enable-opensslextra=x509small',
           'CPPFLAGS=''-DWOLFSSL_EXTRA'' ',
           '--enable-lms=small,verify-only --enable-xmss=small,verify-only',
-          '--disable-sys-ca-certs'
+          '--disable-sys-ca-certs',
+          '--enable-all CPPFLAGS=-DWOLFSSL_DEBUG_CERTS ',
+          '--enable-all CFLAGS="-DWOLFSSL_CHECK_MEM_ZERO"',
+          '--enable-coding=no',
         ]
     name: make check
     if: github.repository_owner == 'wolfssl'
diff --git a/.github/workflows/packaging.yml b/.github/workflows/packaging.yml
index e498e33af..2b78fc8f9 100644
--- a/.github/workflows/packaging.yml
+++ b/.github/workflows/packaging.yml
@@ -45,8 +45,8 @@ jobs:
       - name: Confirm packages built
         run: |
           DEB_COUNT=$(find -name 'libwolfssl*.deb' | wc -l)
-          if [ "$DEB_COUNT" != "2" ]; then
-            echo Did not find exactly two deb packages!!!
+          if [ "$DEB_COUNT" != "3" ]; then
+            echo Did not find exactly three deb packages!!!
             exit 1
           fi
 # disabled 20240919 -- broken target.
diff --git a/.github/workflows/pq-all.yml b/.github/workflows/pq-all.yml
index 70fc7dda9..fc32344f6 100644
--- a/.github/workflows/pq-all.yml
+++ b/.github/workflows/pq-all.yml
@@ -21,7 +21,7 @@ jobs:
           '--enable-intelasm --enable-sp-asm --enable-mlkem=yes,kyber,ml-kem CPPFLAGS="-DWOLFSSL_ML_KEM_USE_OLD_IDS"',
           '--enable-intelasm --enable-sp-asm --enable-all --enable-testcert --enable-acert --enable-dtls13 --enable-dtls-mtu --enable-dtls-frag-ch --enable-dtlscid --enable-quic --with-sys-crypto-policy --enable-experimental --enable-kyber=yes,original --enable-lms --enable-xmss --enable-dilithium --enable-dual-alg-certs --disable-qt CPPFLAGS="-pedantic -Wdeclaration-after-statement -DWOLFCRYPT_TEST_LINT -DNO_WOLFSSL_CIPHER_SUITE_TEST -DTEST_LIBWOLFSSL_SOURCES_INCLUSION_SEQUENCE"',
           '--enable-smallstack --enable-smallstackcache --enable-intelasm --enable-sp-asm --enable-all --enable-testcert --enable-acert --enable-dtls13 --enable-dtls-mtu --enable-dtls-frag-ch --enable-dtlscid --enable-quic --with-sys-crypto-policy --enable-experimental --enable-kyber=yes,original --enable-lms --enable-xmss --enable-dilithium --enable-dual-alg-certs --disable-qt CPPFLAGS="-pedantic -Wdeclaration-after-statement -DWOLFCRYPT_TEST_LINT -DNO_WOLFSSL_CIPHER_SUITE_TEST -DTEST_LIBWOLFSSL_SOURCES_INCLUSION_SEQUENCE"',
-          '--enable-intelasm --enable-sp-asm --enable-all --enable-testcert --enable-acert --enable-dtls13 --enable-dtls-mtu --enable-dtls-frag-ch --enable-dtlscid --enable-quic --with-sys-crypto-policy --enable-experimental --enable-kyber=yes,original --enable-lms --enable-xmss --enable-dilithium --enable-dual-alg-certs --disable-qt CPPFLAGS="-pedantic -Wdeclaration-after-statement -DWOLFCRYPT_TEST_LINT -DNO_WOLFSSL_CIPHER_SUITE_TEST -DTEST_LIBWOLFSSL_SOURCES_INCLUSION_SEQUENCE" CC=c++'
+          '--enable-intelasm --enable-sp-asm --enable-all --enable-testcert --enable-acert --enable-dtls13 --enable-dtls-mtu --enable-dtls-frag-ch --enable-dtlscid --enable-quic --with-sys-crypto-policy --enable-experimental --enable-kyber=yes,original --enable-lms --enable-xmss --enable-dilithium --enable-dual-alg-certs --disable-qt CPPFLAGS="-Wdeclaration-after-statement -DWOLFCRYPT_TEST_LINT -DNO_WOLFSSL_CIPHER_SUITE_TEST -DTEST_LIBWOLFSSL_SOURCES_INCLUSION_SEQUENCE" CC=c++'
         ]
     name: make check
     if: github.repository_owner == 'wolfssl'
diff --git a/.github/workflows/rust-wrapper.yml b/.github/workflows/rust-wrapper.yml
new file mode 100644
index 000000000..de923792c
--- /dev/null
+++ b/.github/workflows/rust-wrapper.yml
@@ -0,0 +1,33 @@
+name: Build Rust Wrapper
+
+# START OF COMMON SECTION
+on:
+  push:
+    branches: [ 'master', 'main', 'release/**' ]
+  pull_request:
+    branches: [ '*' ]
+
+concurrency:
+  group: ${{ github.workflow }}-${{ github.ref }}
+  cancel-in-progress: true
+# END OF COMMON SECTION
+
+jobs:
+  build_wolfssl:
+    name: Build wolfSSL Rust Wrapper
+    if: github.repository_owner == 'wolfssl'
+    runs-on: ubuntu-24.04
+    # This should be a safe limit for the tests to run.
+    timeout-minutes: 10
+    steps:
+    - name: Build wolfSSL
+      uses: wolfSSL/actions-build-autotools-project@v1
+      with:
+        path: wolfssl
+        configure: --enable-all
+    - name: Build Rust Wrapper
+      working-directory: wolfssl
+      run: make -C wrapper/rust
+    - name: Run Rust Wrapper Tests
+      working-directory: wolfssl
+      run: make -C wrapper/rust test
diff --git a/.github/workflows/threadx.yml b/.github/workflows/threadx.yml
new file mode 100644
index 000000000..f93cea9c1
--- /dev/null
+++ b/.github/workflows/threadx.yml
@@ -0,0 +1,57 @@
+name: ThreadXBuild Test
+
+on:
+  push:
+    branches: [ 'master', 'main', 'release/**' ]
+  pull_request:
+    branches: [ '*' ]
+
+jobs:
+  build:
+
+    runs-on: ubuntu-22.04
+    timeout-minutes: 10
+
+    steps:
+    - name: Cache NetXDuo bundle
+      id: cache-netxduo
+      uses: actions/cache@v3
+      with:
+        path: ./v6.4.3_rel.tar.gz
+        key: netxduo-bundle-v6.4.3_rel
+
+    - name: Download NetXDuo bundle if not cached
+      if: steps.cache-netxduo.outputs.cache-hit != 'true'
+      run: |
+        wget https://github.com/eclipse-threadx/netxduo/archive/refs/tags/v6.4.3_rel.tar.gz
+
+    - name: Extract NetXDuo bundle
+      run: |
+        mkdir -p netxduo_src
+        tar -xzf v6.4.3_rel.tar.gz -C netxduo_src --strip-components=1
+
+    - name: Install NetXDuo Dependencies
+      working-directory: ./netxduo_src
+      run: |
+        ./scripts/install.sh
+
+    - name: Configure NetX with DNS Client Support
+      working-directory: ./netxduo_src
+      run: |
+        cp addons/dns/nxd_dns.h ./common/inc/
+        cp addons/dns/nxd_dns.c ./common/src/
+
+    - name: Build NetXDuo with DNS Support
+      working-directory: ./netxduo_src
+      run: |
+        rm -rf test/cmake/threadx
+        rm -rf test/cmake/filex
+        ./scripts/build_nxd64.sh
+
+    - name: Build wolfSSL
+      uses: wolfSSL/actions-build-autotools-project@v1
+      with:
+        path: wolfssl
+        configure: --enable-enckeys --disable-examples --disable-benchmark --disable-crypttests CPPFLAGS="-DTHREADX -DHAVE_NETX -DWOLFSSL_USER_IO -I${{ github.workspace }}/netxduo_src/common/inc -I${{ github.workspace }}/netxduo_src/ports/linux/gnu/inc -I${{ github.workspace }}/netxduo_src/test/cmake/netxduo64/build/libs/inc" LDFLAGS="-L${{ github.workspace }}/netxduo_src/test/cmake/netxduo64/build/default_build_coverage/netxduo -L${{ github.workspace }}/netxduo_src/test/cmake/netxduo64/build/libs/threadx"  LIBS="-lnetxduo -lthreadx"
+        install: false
+
diff --git a/.github/workflows/watcomc.yml b/.github/workflows/watcomc.yml
index ea1af5704..df2ba9bb1 100644
--- a/.github/workflows/watcomc.yml
+++ b/.github/workflows/watcomc.yml
@@ -62,6 +62,9 @@ jobs:
         uses: open-watcom/setup-watcom@v0
         with:
           version: ${{ matrix.platform.owimage }}
+          tag: 2025-09-01-Build
+          # Currently fixed to this build because of latest compiler error:
+          # file clbrdll.lib(fltuse80): undefined symbol _SetLD80bit_
 
       - name: Checkout wolfSSL
         uses: actions/checkout@v4
diff --git a/.gitignore b/.gitignore
index f5544aa79..2b91e077e 100644
--- a/.gitignore
+++ b/.gitignore
@@ -33,7 +33,7 @@ aclocal.m4
 aminclude.am
 lt*.m4
 Makefile.in
-Makefile
+/Makefile
 depcomp
 missing
 libtool
@@ -449,6 +449,7 @@ MagicCrypto
 # debian packaging
 debian/changelog
 debian/control
+debian/rules
 *.deb
 
 # Ada/Alire files
@@ -457,6 +458,9 @@ wrapper/Ada/config/
 wrapper/Ada/lib/
 wrapper/Ada/obj/
 
+# Rust wrapper files
+/wrapper/rust/*/target/
+
 # PlatformIO
 /**/.pio
 /**/.vscode/.browse.c_cpp.db*
diff --git a/.wolfssl_known_macro_extras b/.wolfssl_known_macro_extras
index 6fc24e6f7..fd5bd6ca4 100644
--- a/.wolfssl_known_macro_extras
+++ b/.wolfssl_known_macro_extras
@@ -2,6 +2,7 @@ AES_GCM_GMULT_NCT
 AFX_RESOURCE_DLL
 AFX_TARG_ENU
 ALLOW_BINARY_MISMATCH_INTROSPECTION
+ALLOW_SELFSIGNED_INVALID_CERTSIGN
 ALLOW_V1_EXTENSIONS
 ANDROID
 APP_ESP_HTTP_CLIENT
@@ -16,9 +17,14 @@ ARDUINO_ARCH_NRF52
 ARDUINO_ARCH_RP2040
 ARDUINO_ARCH_SAMD
 ARDUINO_ARCH_STM32
+ARDUINO_AVR_ETHERNET
+ARDUINO_AVR_LEONARDO_ETH
+ARDUINO_SAMD_MKR1000
 ARDUINO_SAMD_NANO_33_IOT
+ARDUINO_SAMD_ZERO
 ARDUINO_SAM_DUE
 ARDUINO_SEEED_XIAO
+ARDUINO_TEENSY40
 ARDUINO_TEENSY41
 ASN_DUMP_OID
 ASN_TEMPLATE_SKIP_ISCA_CHECK
@@ -127,6 +133,7 @@ CONFIG_POSIX_API
 CONFIG_POSIX_THREADS
 CONFIG_PREEMPT_COUNT
 CONFIG_PTHREAD_IPC
+CONFIG_SCHED_INFO
 CONFIG_SMP
 CONFIG_SNTP_TIME_SYNC_METHOD_SMOOTH
 CONFIG_TIMER_TASK_STACK_DEPTH
@@ -193,6 +200,10 @@ DILITHIUM_MUL_QINV_SLOW
 DILITHIUM_MUL_Q_SLOW
 DILITHIUM_MUL_SLOW
 DILITHIUM_USE_HINT_CT
+DONT_HAVE_KVMALLOC
+DONT_HAVE_KVREALLOC
+DONT_USE_KVMALLOC
+DONT_USE_KVREALLOC
 DTLS_RECEIVEFROM_NO_TIMEOUT_ON_INVALID_PEER
 ECCSI_ORDER_MORE_BITS_THAN_PRIME
 ECC_DUMP_OID
@@ -201,16 +212,20 @@ ENABLE_SECURE_SOCKETS_LOGS
 ESP32
 ESP8266
 ESP_ENABLE_WOLFSSH
+ESP_IDF_VERSION
 ESP_IDF_VERSION_MAJOR
 ESP_IDF_VERSION_MINOR
 ESP_PLATFORM
 ESP_TASK_MAIN_STACK
 ETHERNET_AVAILABLE
+ETHERNET_H
 EV_TRIGGER
+EXTERNAL_LOADER_APP
 FORCE_FAILURE_GETRANDOM
 FP_ECC_CONTROL
 FREERTOS_TCP_WINSIM
 FREESCALE
+FREESCALE_MQX
 FREESCALE_RNGB
 FREESCALE_USE_MMCAU_CLASSIC
 FSL_FEATURE_HAS_L1CACHE
@@ -405,6 +420,7 @@ NO_STDIO_FGETS_REMAP
 NO_TKERNEL_MEM_POOL
 NO_TLSX_PSKKEM_PLAIN_ANNOUNCE
 NO_VERIFY_OID
+NO_WC_DHGENERATEPUBLIC
 NO_WC_SSIZE_TYPE
 NO_WOLFSSL_ALLOC_ALIGN
 NO_WOLFSSL_AUTOSAR_CRYIF
@@ -553,6 +569,7 @@ USE_SECRET_CALLBACK
 USE_STSAFE_RNG_SEED
 USE_STSAFE_VERBOSE
 USE_TLSV13
+USE_WINDOWS_API
 USE_WOLF_STRNSTR
 USS_API
 WC_AESXTS_STREAM_NO_REQUEST_ACCOUNTING
@@ -584,6 +601,7 @@ WC_DILITHIUM_CACHE_PUB_VECTORS
 WC_DILITHIUM_FIXED_ARRAY
 WC_DISABLE_RADIX_ZERO_PAD
 WC_ECC_NONBLOCK_ONLY
+WC_FLAG_DONT_USE_AESNI
 WC_KDF_NIST_SP_800_56C
 WC_LMS_FULL_HASH
 WC_NO_RNG_SIMPLE
@@ -598,11 +616,15 @@ WC_RSA_NO_FERMAT_CHECK
 WC_SHA384
 WC_SHA384_DIGEST_SIZE
 WC_SHA512
+WC_SKIP_INCLUDED_C_FILES
 WC_SSIZE_TYPE
 WC_STRICT_SIG
-WC_WANT_FLAG_DONT_USE_AESNI
+WC_WANT_FLAG_DONT_USE_VECTOR_OPS
 WC_XMSS_FULL_HASH
+WIFIESPAT
+WIFI_101
 WIFI_AVAILABLE
+WIFI_NINA
 WIN_REUSE_CRYPT_HANDLE
 WOLFCRYPT_FIPS_CORE_DYNAMIC_HASH_VALUE
 WOLFSENTRY_H
@@ -614,6 +636,7 @@ WOLFSSL_AESNI_BY6
 WOLFSSL_AES_CTR_EXAMPLE
 WOLFSSL_AFTER_DATE_CLOCK_SKEW
 WOLFSSL_ALGO_HW_MUTEX
+WOLFSSL_ALLOW_BAD_TLS_LEGACY_VERSION
 WOLFSSL_ALLOW_CRIT_AIA
 WOLFSSL_ALLOW_CRIT_AKID
 WOLFSSL_ALLOW_CRIT_SKID
@@ -653,13 +676,11 @@ WOLFSSL_CAAM_BLACK_KEY_SM
 WOLFSSL_CAAM_NO_BLACK_KEY
 WOLFSSL_CALLBACKS
 WOLFSSL_CHECK_DESKEY
-WOLFSSL_CHECK_MEM_ZERO
 WOLFSSL_CHIBIOS
 WOLFSSL_CLANG_TIDY
 WOLFSSL_CLIENT_EXAMPLE
 WOLFSSL_CONTIKI
 WOLFSSL_CRL_ALLOW_MISSING_CDP
-WOLFSSL_CUSTOM_CONFIG
 WOLFSSL_DILITHIUM_ASSIGN_KEY
 WOLFSSL_DILITHIUM_MAKE_KEY_SMALL_MEM
 WOLFSSL_DILITHIUM_NO_ASN1
@@ -687,6 +708,7 @@ WOLFSSL_ECDHX_SHARED_NOT_ZERO
 WOLFSSL_ECDSA_MATCH_HASH
 WOLFSSL_ECDSA_SET_K_ONE_LOOP
 WOLFSSL_EC_POINT_CMP_JACOBIAN
+WOLFSSL_ED448_NO_LARGE_CODE
 WOLFSSL_EDDSA_CHECK_PRIV_ON_SIGN
 WOLFSSL_EMNET
 WOLFSSL_ESPWROOM32
@@ -761,7 +783,6 @@ WOLFSSL_NO_CT_MAX_MIN
 WOLFSSL_NO_DECODE_EXTRA
 WOLFSSL_NO_DER_TO_PEM
 WOLFSSL_NO_DH186
-WOLFSSL_NO_DH_GEN_PUB
 WOLFSSL_NO_DTLS_SIZE_CHECK
 WOLFSSL_NO_ETM_ALERT
 WOLFSSL_NO_FENCE
@@ -836,6 +857,7 @@ WOLFSSL_SERVER_EXAMPLE
 WOLFSSL_SETTINGS_FILE
 WOLFSSL_SH224
 WOLFSSL_SHA256_ALT_CH_MAJ
+WOLFSSL_SHA512_HASHTYPE
 WOLFSSL_SHUTDOWNONCE
 WOLFSSL_SILABS_TRNG
 WOLFSSL_SM4_EBC
@@ -845,6 +867,7 @@ WOLFSSL_SP_FAST_NCT_EXPTMOD
 WOLFSSL_SP_INT_SQR_VOLATILE
 WOLFSSL_STACK_CHECK
 WOLFSSL_STM32F427_RNG
+WOLFSSL_STM32U5_DHUK
 WOLFSSL_STM32_RNG_NOLIB
 WOLFSSL_STRONGEST_HASH_SIG
 WOLFSSL_STSAFE_TAKES_SLOT
@@ -868,14 +891,15 @@ WOLFSSL_TLSX_PQC_MLKEM_STORE_PRIV_KEY
 WOLFSSL_TRACK_MEMORY_FULL
 WOLFSSL_TRAP_MALLOC_SZ
 WOLFSSL_UNALIGNED_64BIT_ACCESS
+WOLFSSL_USER_DEFINED_ATOMICS
 WOLFSSL_USER_FILESYSTEM
 WOLFSSL_USER_LOG
 WOLFSSL_USER_MUTEX
 WOLFSSL_USER_THREADING
 WOLFSSL_USE_ESP32C3_CRYPT_HASH_HW
 WOLFSSL_USE_FLASHMEM
+WOLFSSL_USE_FORCE_ZERO
 WOLFSSL_USE_OPTIONS_H
-WOLFSSL_USE_POPEN_HOST
 WOLFSSL_VALIDATE_DH_KEYGEN
 WOLFSSL_WC_LMS_SERIALIZE_STATE
 WOLFSSL_WC_XMSS_NO_SHA256
@@ -942,6 +966,7 @@ __ARM_ARCH_7M__
 __ARM_FEATURE_CRYPTO
 __ASSEMBLER__
 __ATOMIC_RELAXED
+__AVR_ARCH__
 __AVR__
 __BCPLUSPLUS__
 __BIG_ENDIAN__
@@ -974,6 +999,7 @@ __LINUX__
 __LP64
 __LP64__
 __MACH__
+__MEGAAVR__
 __MICROBLAZE__
 __MINGW32__
 __MINGW64_VERSION_MAJOR
@@ -996,6 +1022,8 @@ __SAM3X4C__
 __SAM3X4E__
 __SAM3X8C__
 __SAM3X8E__
+__SAMD21__
+__SAMD51__
 __SANITIZE_ADDRESS__
 __SDCC_VERSION_MAJOR
 __SDCC_VERSION_MINOR
diff --git a/CMakeLists.txt b/CMakeLists.txt
index 2e3c99bbf..410518e4a 100644
--- a/CMakeLists.txt
+++ b/CMakeLists.txt
@@ -66,6 +66,9 @@ set(WOLFSSL_DEFINITIONS)
 set(WOLFSSL_LINK_LIBS)
 set(WOLFSSL_INCLUDE_DIRS)
 
+# Initialize pkg-config private variables
+set(PC_LIBS_PRIVATE "")
+
 set(CMAKE_MODULE_PATH ${CMAKE_MODULE_PATH} "${CMAKE_CURRENT_SOURCE_DIR}/cmake/modules/")
 include(${CMAKE_CURRENT_SOURCE_DIR}/cmake/functions.cmake)
 
@@ -281,7 +284,28 @@ add_option("WOLFSSL_DEBUG"
     "no" "yes;no")
 
 if(WOLFSSL_DEBUG)
-    set(CMAKE_C_FLAGS "-g ${CMAKE_C_FLAGS}")
+    # Optional variable inspection
+    if (0)
+        get_cmake_property(_variableNames VARIABLES)
+        list (SORT _variableNames)
+        message(STATUS "")
+        message(STATUS "ALL VARIABLES BEGIN")
+        message(STATUS "")
+        foreach (_variableName ${_variableNames})
+            message(STATUS "${_variableName}=${${_variableName}}")
+        endforeach()
+        message(STATUS "")
+        message(STATUS "ALL VARIABLES END")
+        message(STATUS "")
+    endif()
+
+    if (CMAKE_C_COMPILER_ID STREQUAL "Watcom" OR CMAKE_C_COMPILER_ID STREQUAL "OpenWatcom" OR CMAKE_GENERATOR STREQUAL "Watcom WMake")
+        # Open Watcom v2 does not support -g debugging
+        message(STATUS "Detected Watcom compiler, using CMAKE_C_FLAGS_DEBUG -d2")
+        set(CMAKE_C_FLAGS_DEBUG "-d2 ${CMAKE_C_FLAGS_DEBUG}")
+    else()
+        set(CMAKE_C_FLAGS "-g ${CMAKE_C_FLAGS}")
+    endif()
     list(APPEND WOLFSSL_DEFINITIONS
         "-DDEBUG_WOLFSSL"
         "-DDEBUG")
@@ -1604,6 +1628,14 @@ if(NOT WOLFSSL_INLINE)
     list(APPEND WOLFSSL_DEFINITIONS "-DNO_INLINE")
 endif()
 
+add_option("WOLFSSL_ARMASM_INLINE"
+    "Enable ARM assembly inline functions (default: disabled)"
+    "no" "yes;no")
+
+if (WOLFSSL_ARMASM_INLINE)
+    list(APPEND WOLFSSL_DEFINITIONS "-DWOLFSSL_ARMASM_INLINE")
+endif()
+
 # TODO:
 #       - CRL monitor
 #       - User crypto
@@ -2647,6 +2679,20 @@ if(WOLFSSL_EXAMPLES)
         tests/api/test_tls.c
         tests/api/test_x509.c
         tests/api/test_asn.c
+        tests/api/test_pkcs7.c
+        tests/api/test_pkcs12.c
+        tests/api/test_ossl_asn1.c
+        tests/api/test_ossl_bn.c
+        tests/api/test_ossl_bio.c
+        tests/api/test_ossl_dgst.c
+        tests/api/test_ossl_mac.c
+        tests/api/test_ossl_cipher.c
+        tests/api/test_ossl_rsa.c
+        tests/api/test_ossl_dh.c
+        tests/api/test_ossl_ec.c
+        tests/api/test_ossl_ecx.c
+        tests/api/test_ossl_dsa.c
+        tests/api/test_tls13.c
         tests/srp.c
         tests/suites.c
         tests/w64wrapper.c
@@ -2926,6 +2972,16 @@ if(WOLFSSL_INSTALL)
         endif()
     endif()
 
+    # Add required frameworks for static linking on Apple platforms
+    if(APPLE AND NOT BUILD_SHARED_LIBS)
+        if(WOLFSSL_SYS_CA_CERTS)
+            list(APPEND PC_LIBS_PRIVATE "-framework CoreFoundation" "-framework Security")
+        endif()
+    endif()
+
+    # Convert lists to space-separated strings for pkg-config
+    string(JOIN " " PC_LIBS_PRIVATE ${PC_LIBS_PRIVATE})
+
     configure_file(support/wolfssl.pc.in ${CMAKE_CURRENT_BINARY_DIR}/support/wolfssl.pc @ONLY)
     install(FILES ${CMAKE_CURRENT_BINARY_DIR}/support/wolfssl.pc
     DESTINATION ${CMAKE_INSTALL_LIBDIR}/pkgconfig)
diff --git a/ChangeLog.md b/ChangeLog.md
index 09728ee1e..44cfe9ba8 100644
--- a/ChangeLog.md
+++ b/ChangeLog.md
@@ -9,7 +9,7 @@ NOTE: * wolfSSL is now GPLv3 instead of GPLv2
             * MD5 is now disabled by default
 
 
-PR stands for Pull Request, and PR <NUMBER> references a GitHub pull request number where the code change was added.
+PR stands for Pull Request, and PR (NUMBER) references a GitHub pull request number where the code change was added.
 
 ## Vulnerabilities
 
@@ -68,7 +68,8 @@ Blinding enabled by default in PR https://github.com/wolfSSL/wolfssl/pull/8736
 * Implemented distro fix for the Linux Kernel Module. (PR #8994)
 * Fixed page-flags-h in the Linux Kernel Module. (PR #9001)
 * Added MODULE_LICENSE for the Linux Kernel Module. (PR #9005)
-* Post-Quantum Cryptography (PQC) & Asymmetric Algorithms
+
+### Post-Quantum Cryptography (PQC) & Asymmetric Algorithms
 * Kyber has been updated to the MLKEM ARM file for Zephyr (PR #8781)
 * Backward compatibility has been implemented for ML_KEM IDs (PR #8827)
 * ASN.1 is now ensured to be enabled when only building PQ algorithms (PR #8884)
@@ -207,7 +208,7 @@ https://www.wolfssl.com/about/wolfssl-software-development-process-quality-assur
 
 NOTE: * --enable-heapmath is deprecated
 
-PR stands for Pull Request, and PR <NUMBER> references a GitHub pull request
+PR stands for Pull Request, and PR (NUMBER) references a GitHub pull request
  number where the code change was added.
 
 
@@ -423,7 +424,7 @@ NOTE:
  user_settings.h.
 
 
-PR stands for Pull Request, and PR <NUMBER> references a GitHub pull request
+PR stands for Pull Request, and PR (NUMBER) references a GitHub pull request
  number where the code change was added.
 
 
@@ -543,7 +544,7 @@ https://www.wolfssl.com/about/wolfssl-software-development-process-quality-assur
 
 NOTE: * --enable-heapmath is being deprecated and will be removed by end of 2024
 
-PR stands for Pull Request, and PR <NUMBER> references a GitHub pull request
+PR stands for Pull Request, and PR (NUMBER) references a GitHub pull request
  number where the code change was added.
 
 
diff --git a/Docker/packaging/debian/Dockerfile b/Docker/packaging/debian/Dockerfile
index 87b0c1c80..a485273b7 100644
--- a/Docker/packaging/debian/Dockerfile
+++ b/Docker/packaging/debian/Dockerfile
@@ -2,5 +2,4 @@ FROM debian:latest
 
 RUN apt-get -y update
 RUN apt-get -y upgrade
-RUN apt-get install -y build-essential autoconf gawk debhelper lintian
-
+RUN apt-get install -y build-essential autoconf gawk debhelper lintian dpkg-dev
diff --git a/IDE/ARDUINO/README.md b/IDE/ARDUINO/README.md
index 8808b0e29..7aefeea46 100644
--- a/IDE/ARDUINO/README.md
+++ b/IDE/ARDUINO/README.md
@@ -1,18 +1,18 @@
 # wolfSSL with Arduino
 
-See the [example sketches](./sketches/README.md):
-
-NOTE: Moving; See https://github.com/wolfSSL/wolfssl-examples/pull/499
+See the [example sketches](https://github.com/wolfSSL/wolfssl-examples/tree/master/Arduino):
 
 Bare-bones templates:
 
-- [sketches/wolfssl_version](./sketches/wolfssl_version/README.md) single file.
-- [sketches/template](./sketches/template/README.md) multiple file example.
+- [sketches/wolfssl_version](https://github.com/wolfSSL/wolfssl-examples/tree/master/Arduino/sketches/wolfssl_version/README.md) single file.
+- [sketches/template](https://github.com/wolfSSL/wolfssl-examples/tree/master/Arduino/sketches/template/README.md) multiple file example.
 
 Functional examples:
-- [sketches/wolfssl_AES_CTR](./sketches/wolfssl_AES_CTR/README.md) AES CTR Encrypt / decrypt.
-- [sketches/wolfssl_client](./sketches/wolfssl_client/README.md) TLS Client.
-- [sketches/wolfssl_server](./sketches/wolfssl_server/README.md) TLS Server.
+- [sketches/wolfssl_AES_CTR](https://github.com/wolfSSL/wolfssl-examples/tree/master/Arduino/sketches/wolfssl_AES_CTR/README.md) AES CTR Encrypt / decrypt.
+- [sketches/wolfssl_client](https://github.com/wolfSSL/wolfssl-examples/tree/master/Arduino/sketches/wolfssl_client/README.md) TLS Client.
+- [sketches/wolfssl_server](https://github.com/wolfSSL/wolfssl-examples/tree/master/Arduino/sketches/wolfssl_server/README.md) TLS Server.
+- [sketches/wolfssl_client_dtls](https://github.com/wolfSSL/wolfssl-examples/tree/master/Arduino/sketches/wolfssl_client_dtls/README.md) DTLS Client.
+- [sketches/wolfssl_server_dtls](https://github.com/wolfSSL/wolfssl-examples/tree/master/Arduino/sketches/wolfssl_server_dtls/README.md) DTLS Server.
 
 Both the `template` and `wolfssl_AES_CTR` examples include VisualGDB project files.
 
diff --git a/IDE/ARDUINO/wolfssl-arduino.sh b/IDE/ARDUINO/wolfssl-arduino.sh
index d05a84802..a381a597a 100755
--- a/IDE/ARDUINO/wolfssl-arduino.sh
+++ b/IDE/ARDUINO/wolfssl-arduino.sh
@@ -26,6 +26,9 @@
 # The Arduino library include file is "wolfssl.h" (all lower case)
 # The Published wolfSSL Arduino Registry is at https://github.com/wolfSSL/Arduino-wolfSSL.git
 # See https://downloads.arduino.cc/libraries/logs/github.com/wolfSSL/Arduino-wolfSSL/
+#
+echo "wolfssl-arduino.sh v5.8.2 rev B"
+
 ROOT_DIR="/wolfssl"
 
 # The Arduino Version will initially have a suffix appended during fine tuning stage.
@@ -70,18 +73,24 @@ if [ "$ROOT_DIR" = "" ]; then
     exit 1
 fi
 
+if [ "$ARDUINO_ROOT" = "" ]; then
+    echo "No ARDUINO_ROOT export... detecting..."
+    ARDUINO_ROOT="$HOME/Arduino/libraries"
 
-ARDUINO_ROOT="$HOME/Arduino/libraries"
-
-# Check environment
-if [ -n "$WSL_DISTRO_NAME" ]; then
-    # we found a non-blank WSL environment distro name
-    current_path="$(pwd)"
-    pattern="/mnt/?"
-    if echo "$current_path" | grep -Eq "^$pattern"; then
-        # if we are in WSL and shared Windows file system, 'ln' does not work.
-        ARDUINO_ROOT="/mnt/c/Users/$USER/Documents/Arduino/libraries"
+    # Check environment
+    if [ -n "$WSL_DISTRO_NAME" ]; then
+        # we found a non-blank WSL environment distro name
+        echo "Found WSL: $WSL_DISTRO_NAME"
+        current_path="$(pwd)"
+        pattern="/mnt/?"
+        if echo "$current_path" | grep -Eq "^$pattern"; then
+            # if we are in WSL and shared Windows file system, 'ln' does not work.
+            ARDUINO_ROOT="/mnt/c/Users/$USER/Documents/Arduino/libraries"
+            echo "ARDUINO_ROOT set to $ARDUINO_ROOT"
+        fi
     fi
+else
+    echo "Using export ARDUINO_ROOT"
 fi
 echo "The Arduino library root is: $ARDUINO_ROOT"
 
@@ -173,7 +182,7 @@ THIS_DIR=${PWD##*/}
 if [ "$THIS_DIR" = "ARDUINO" ]; then
     # mkdir ./wolfssl
     if [ -d ".${ROOT_DIR}" ]; then
-        echo "ERROR: $(realpath ".${ROOT_DIR}") is not empty"
+        echo "ERROR: $(realpath ".${ROOT_DIR}") is not empty; failed prior install? Please remove."
         exit 1
     else
         echo "Step 01: mkdir .${ROOT_DIR}"
@@ -267,6 +276,7 @@ if [ "$THIS_DIR" = "ARDUINO" ]; then
     echo "Destination EXAMPLES_DIR=.${EXAMPLES_DIR}"
     echo "EXAMPLES_DIR_REAL_PATH=${EXAMPLES_DIR_REAL_PATH}"
 
+    # Only explicit source code is copied to the Arduino library. Edit with caution, no automation:
     if [ -n "$WOLFSSL_EXAMPLES_ROOT" ]; then
         echo "Copy template example...."
         mkdir -p ".${EXAMPLES_DIR}"/template/wolfssl_library/src
@@ -279,23 +289,33 @@ if [ "$THIS_DIR" = "ARDUINO" ]; then
 
         echo "Copy wolfssl_AES_CTR example...."
         mkdir -p ".${EXAMPLES_DIR}"/wolfssl_AES_CTR
-        $CP_CMD "$WOLFSSL_EXAMPLES_ROOT"/Arduino/sketches/wolfssl_AES_CTR/wolfssl_AES_CTR.ino ".${EXAMPLES_DIR}"/wolfssl_AES_CTR/wolfssl_AES_CTR.ino || exit 1
-        $CP_CMD "$WOLFSSL_EXAMPLES_ROOT"/Arduino/sketches/wolfssl_AES_CTR/README.md           ".${EXAMPLES_DIR}"/wolfssl_AES_CTR/README.md           || exit 1
+        $CP_CMD "$WOLFSSL_EXAMPLES_ROOT"/Arduino/sketches/wolfssl_AES_CTR/wolfssl_AES_CTR.ino               ".${EXAMPLES_DIR}"/wolfssl_AES_CTR/wolfssl_AES_CTR.ino               || exit 1
+        $CP_CMD "$WOLFSSL_EXAMPLES_ROOT"/Arduino/sketches/wolfssl_AES_CTR/README.md                         ".${EXAMPLES_DIR}"/wolfssl_AES_CTR/README.md                         || exit 1
 
         echo "Copy wolfssl_client example...."
         mkdir -p ".${EXAMPLES_DIR}"/wolfssl_client
-        $CP_CMD "$WOLFSSL_EXAMPLES_ROOT"/Arduino/sketches/wolfssl_client/wolfssl_client.ino   ".${EXAMPLES_DIR}"/wolfssl_client/wolfssl_client.ino   || exit 1
-        $CP_CMD "$WOLFSSL_EXAMPLES_ROOT"/Arduino/sketches/wolfssl_client/README.md            ".${EXAMPLES_DIR}"/wolfssl_client/README.md            || exit 1
+        $CP_CMD "$WOLFSSL_EXAMPLES_ROOT"/Arduino/sketches/wolfssl_client/wolfssl_client.ino                 ".${EXAMPLES_DIR}"/wolfssl_client/wolfssl_client.ino                 || exit 1
+        $CP_CMD "$WOLFSSL_EXAMPLES_ROOT"/Arduino/sketches/wolfssl_client/README.md                          ".${EXAMPLES_DIR}"/wolfssl_client/README.md                          || exit 1
+
+        echo "Copy wolfssl_client_dtls example...."
+        mkdir -p ".${EXAMPLES_DIR}"/wolfssl_client_dtls
+        $CP_CMD "$WOLFSSL_EXAMPLES_ROOT"/Arduino/sketches/wolfssl_client_dtls/wolfssl_client_dtls.ino       ".${EXAMPLES_DIR}"/wolfssl_client_dtls/wolfssl_client_dtls.ino       || exit 1
+        $CP_CMD "$WOLFSSL_EXAMPLES_ROOT"/Arduino/sketches/wolfssl_client_dtls/README.md                     ".${EXAMPLES_DIR}"/wolfssl_client_dtls/README.md                     || exit 1
 
         echo "Copy wolfssl_server example...."
         mkdir -p .${EXAMPLES_DIR}/wolfssl_server
-        $CP_CMD "$WOLFSSL_EXAMPLES_ROOT"/Arduino/sketches/wolfssl_server/wolfssl_server.ino   ".${EXAMPLES_DIR}"/wolfssl_server/wolfssl_server.ino   || exit 1
-        $CP_CMD "$WOLFSSL_EXAMPLES_ROOT"/Arduino/sketches/wolfssl_server/README.md            ".${EXAMPLES_DIR}"/wolfssl_server/README.md            || exit 1
+        $CP_CMD "$WOLFSSL_EXAMPLES_ROOT"/Arduino/sketches/wolfssl_server/wolfssl_server.ino                 ".${EXAMPLES_DIR}"/wolfssl_server/wolfssl_server.ino                 || exit 1
+        $CP_CMD "$WOLFSSL_EXAMPLES_ROOT"/Arduino/sketches/wolfssl_server/README.md                          ".${EXAMPLES_DIR}"/wolfssl_server/README.md                          || exit 1
+
+        echo "Copy wolfssl_server_dtls example...."
+        mkdir -p .${EXAMPLES_DIR}/wolfssl_server_dtls
+        $CP_CMD "$WOLFSSL_EXAMPLES_ROOT"/Arduino/sketches/wolfssl_server_dtls/wolfssl_server_dtls.ino       ".${EXAMPLES_DIR}"/wolfssl_server_dtls/wolfssl_server_dtls.ino       || exit 1
+        $CP_CMD "$WOLFSSL_EXAMPLES_ROOT"/Arduino/sketches/wolfssl_server_dtls/README.md                     ".${EXAMPLES_DIR}"/wolfssl_server_dtls/README.md                     || exit 1
 
         echo "Copy wolfssl_version example...."
         mkdir -p .${EXAMPLES_DIR}/wolfssl_version
-        $CP_CMD "$WOLFSSL_EXAMPLES_ROOT"/Arduino/sketches/wolfssl_version/wolfssl_version.ino ".${EXAMPLES_DIR}"/wolfssl_version/wolfssl_version.ino || exit 1
-        $CP_CMD "$WOLFSSL_EXAMPLES_ROOT"/Arduino/sketches/wolfssl_version/README.md           ".${EXAMPLES_DIR}"/wolfssl_version/README.md           || exit 1
+        $CP_CMD "$WOLFSSL_EXAMPLES_ROOT"/Arduino/sketches/wolfssl_version/wolfssl_version.ino               ".${EXAMPLES_DIR}"/wolfssl_version/wolfssl_version.ino               || exit 1
+        $CP_CMD "$WOLFSSL_EXAMPLES_ROOT"/Arduino/sketches/wolfssl_version/README.md                         ".${EXAMPLES_DIR}"/wolfssl_version/README.md                         || exit 1
     else
         NO_ARDUINO_EXAMPLES=1
     fi
@@ -364,27 +384,39 @@ if [ "$THIS_OPERATION" = "INSTALL" ]; then
     # Nearly an ordinary copy, but we remove any lines with ">>" (typically edit with caution warning in comments)
     grep -v '>>' ../../examples/configs/user_settings_arduino.h > ".${ROOT_SRC_DIR}"/user_settings.h || exit 1
 
-    # Show the user_settings.h revision string:
+    echo "This user_settings.h revision string:"
     grep "WOLFSSL_USER_SETTINGS_ID" ."${ROOT_SRC_DIR}/user_settings.h"
     echo ""
 
     if [ "$THIS_INSTALL_IS_GITHUB" = "true" ]; then
         echo "Installing to GitHub directory: $THIS_INSTALL_DIR"
-        cp -r ."$ROOT_DIR"/* "$THIS_INSTALL_DIR" || exit 1
+        cp -r ."$ROOT_DIR"/* "$THIS_INSTALL_DIR"                || exit 1
         echo "Removing workspace library directory: .$ROOT_DIR"
-        rm -rf ".$ROOT_DIR"
+        rm -rf ".$ROOT_DIR"                                     || exit 1
     else
 
         echo "Installing to local directory:"
         if [ "$THIS_INSTALL_DIR" = "" ]; then
-            echo "mv .$ROOT_DIR $ARDUINO_ROOT"
-            mv  ."$ROOT_DIR" "$ARDUINO_ROOT" || exit 1
+            if [ -n "$WSL_DISTRO_NAME" ]; then
+                # setfattr not installed by default
+                # echo "Set system.wsl_case_sensitive .$ROOT_DIR"
+                # setfattr -x system.wsl_case_sensitive .$ROOT_DIR
+                #
+                # use copy instead of move to avoid possible system.wsl_case_sensitive warnings
+                echo "cp -r  .\"$ROOT_DIR\" \"$ARDUINO_ROOT\""
+                      cp -r   ."$ROOT_DIR"   "$ARDUINO_ROOT"    || exit 1
 
+                echo "rm -rf .\"$ROOT_DIR\""
+                      rm -rf  ."$ROOT_DIR"                      || exit 1
+            else
+                echo "mv  .$ROOT_DIR   $ARDUINO_ROOT"
+                      mv ."$ROOT_DIR" "$ARDUINO_ROOT"           || exit 1
+            fi
             echo "Arduino wolfSSL Version: $WOLFSSL_VERSION$WOLFSSL_VERSION_ARUINO_SUFFIX"
         else
             echo "cp -r .\"$ROOT_DIR\"/* \"$THIS_INSTALL_DIR\""
-            mkdir -p "$THIS_INSTALL_DIR" || exit 1
-            cp -r ."$ROOT_DIR"/* "$THIS_INSTALL_DIR" || exit 1
+            mkdir -p "$THIS_INSTALL_DIR"                        || exit 1
+            cp -r ."$ROOT_DIR"/* "$THIS_INSTALL_DIR"            || exit 1
         fi
     fi
 fi
diff --git a/IDE/Espressif/ESP-IDF/examples/template/CMakeLists.txt b/IDE/Espressif/ESP-IDF/examples/template/CMakeLists.txt
index 61110a150..feacf8c42 100644
--- a/IDE/Espressif/ESP-IDF/examples/template/CMakeLists.txt
+++ b/IDE/Espressif/ESP-IDF/examples/template/CMakeLists.txt
@@ -7,6 +7,19 @@ message(STATUS "Begin project ${CMAKE_PROJECT_NAME}")
 
 cmake_minimum_required(VERSION 3.16)
 
+# For the main project using ESP-IDF version 6 or greater.
+# Numerous "dangerous relocation: call8: call target out of range: memcpy" errors encountered
+# So we'll allow long calls with the `-mlongcalls` compiler option for all components.
+if(IDF_VERSION_MAJOR GREATER_EQUAL 6)
+    if(IDF_TARGET STREQUAL "esp32" OR IDF_TARGET STREQUAL "esp32s2" OR IDF_TARGET STREQUAL "esp32s3")
+        message(STATUS "Adding mlongcalls")
+        add_compile_options(-mlongcalls)
+        add_link_options(-mlongcalls)
+        set(CMAKE_C_FLAGS   "${CMAKE_C_FLAGS} -mlongcalls")
+        set(CMAKE_CXX_FLAGS "${CMAKE_CXX_FLAGS} -mlongcalls")
+    endif()
+endif()
+
 # Optional no watchdog typically used for test & benchmark
 if (idf_target STREQUAL "esp8266" OR IDF_TARGET STREQUAL "esp8266" OR IDF_VERSION_MAJOR VERSION_LESS "5.0")
     set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -DWOLFSSL_ESP_NO_WATCHDOG=1")
@@ -144,5 +157,15 @@ endif()
 
 include($ENV{IDF_PATH}/tools/cmake/project.cmake)
 
+# Once the project is loaded, next check for ESP-IDF version 6 or greater.
+# Numerous "dangerous relocation: call8: call target out of range: memcpy" errors encountered
+# So we'll allow long calls with the `-mlongcalls` compiler option for all components.
+if(IDF_VERSION_MAJOR GREATER_EQUAL 6)
+    if(IDF_TARGET STREQUAL "esp32" OR IDF_TARGET STREQUAL "esp32s2" OR IDF_TARGET STREQUAL "esp32s3")
+        message(STATUS "mlongcalls for all components")
+        idf_build_set_property(COMPILE_OPTIONS "-mlongcalls" APPEND)
+    endif()
+endif()
+
 project(wolfssl_template)
 message(STATUS "end project")
diff --git a/IDE/Espressif/ESP-IDF/examples/template/components/wolfssl/include/user_settings.h b/IDE/Espressif/ESP-IDF/examples/template/components/wolfssl/include/user_settings.h
index a51634417..9c14dc9df 100644
--- a/IDE/Espressif/ESP-IDF/examples/template/components/wolfssl/include/user_settings.h
+++ b/IDE/Espressif/ESP-IDF/examples/template/components/wolfssl/include/user_settings.h
@@ -30,7 +30,7 @@
 
 /* This user_settings.h is for Espressif ESP-IDF
  *
- * Standardized wolfSSL Espressif ESP32 + ESP8266 user_settings.h V5.7.0-1
+ * Standardized wolfSSL Espressif ESP32 + ESP8266 user_settings.h V5.8.2-1 certs
  *
  * Do not include any wolfssl headers here.
  *
@@ -257,11 +257,6 @@
     #define WOLFSSL_AES_DIRECT
 #endif
 
-/* Pick a cert buffer size: */
-/* #define USE_CERT_BUFFERS_2048 */
-/* #define USE_CERT_BUFFERS_1024 */
-#define USE_CERT_BUFFERS_2048
-
 /* The Espressif sdkconfig will have chipset info.
 **
 ** Some possible values:
@@ -377,10 +372,6 @@
 /* #define DEBUG_WOLFSSL */
 #define DEBUG_WOLFSSL_MALLOC
 
-/* See test.c that sets cert buffers; we'll set them here: */
-#define USE_CERT_BUFFERS_256
-#define USE_CERT_BUFFERS_2048
-
 /* RSA_LOW_MEM: Half as much memory but twice as slow. */
 #define RSA_LOW_MEM
 
@@ -678,9 +669,6 @@
 
     #undef  HAVE_AESGCM
     #define HAVE_AESGCM
-#else
-    /* default settings */
-    #define USE_CERT_BUFFERS_2048
 #endif
 
 /* Chipset detection from sdkconfig.h
@@ -1058,10 +1046,9 @@ Turn on timer debugging (used when CPU cycles not available)
             #error "USE_CERT_BUFFERS_1024 is already defined. Pick one."
         #endif
 
-        /* Be sure to include in app when using example certs: */
-        #include <wolfssl/certs_test.h>
+        /* Be sure to include in app, not here, when using example certs: */
+        /* #include <wolfssl/certs_test.h> */
 
-        #define USE_CERT_BUFFERS_256
         #define CTX_CA_CERT          ca_cert_der_2048
         #define CTX_CA_CERT_SIZE     sizeof_ca_cert_der_2048
         #define CTX_CA_CERT_TYPE     WOLFSSL_FILETYPE_ASN1
@@ -1085,10 +1072,9 @@ Turn on timer debugging (used when CPU cycles not available)
             #error "USE_CERT_BUFFERS_2048 is already defined. Pick one."
         #endif
 
-        /* Be sure to include in app when using example certs: */
-        #include <wolfssl/certs_test.h>
+        /* Be sure to include in app, not here, when using example certs: */
+        /* #include <wolfssl/certs_test.h> */
 
-        #define USE_CERT_BUFFERS_256
         #define CTX_CA_CERT          ca_cert_der_1024
         #define CTX_CA_CERT_SIZE     sizeof_ca_cert_der_1024
         #define CTX_CA_CERT_TYPE     WOLFSSL_FILETYPE_ASN1
@@ -1108,7 +1094,6 @@ Turn on timer debugging (used when CPU cycles not available)
         #define CTX_SERVER_KEY_TYPE  WOLFSSL_FILETYPE_ASN1
     #else
         /* Optionally define custom cert arrays, sizes, and types here */
-        #error "Must define USE_CERT_BUFFERS_2048 or USE_CERT_BUFFERS_1024"
     #endif
 #endif /* Conditional key and cert constant names */
 
diff --git a/IDE/Espressif/ESP-IDF/examples/wolfssl_benchmark/CMakeLists.txt b/IDE/Espressif/ESP-IDF/examples/wolfssl_benchmark/CMakeLists.txt
index 17437542e..dcbd07ec5 100644
--- a/IDE/Espressif/ESP-IDF/examples/wolfssl_benchmark/CMakeLists.txt
+++ b/IDE/Espressif/ESP-IDF/examples/wolfssl_benchmark/CMakeLists.txt
@@ -7,6 +7,19 @@ message(STATUS "Begin project ${CMAKE_PROJECT_NAME}")
 
 cmake_minimum_required(VERSION 3.16)
 
+# For the main project using ESP-IDF version 6 or greater.
+# Numerous "dangerous relocation: call8: call target out of range: memcpy" errors encountered
+# So we'll allow long calls with the `-mlongcalls` compiler option for all components.
+if(IDF_VERSION_MAJOR GREATER_EQUAL 6)
+    if(IDF_TARGET STREQUAL "esp32" OR IDF_TARGET STREQUAL "esp32s2" OR IDF_TARGET STREQUAL "esp32s3")
+        message(STATUS "Adding mlongcalls")
+        add_compile_options(-mlongcalls)
+        add_link_options(-mlongcalls)
+        set(CMAKE_C_FLAGS   "${CMAKE_C_FLAGS} -mlongcalls")
+        set(CMAKE_CXX_FLAGS "${CMAKE_CXX_FLAGS} -mlongcalls")
+    endif()
+endif()
+
 # Optional no watchdog typically used for test & benchmark
 if (idf_target STREQUAL "esp8266" OR IDF_TARGET STREQUAL "esp8266" OR IDF_VERSION_MAJOR VERSION_LESS "5.0")
     set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -DWOLFSSL_ESP_NO_WATCHDOG=1")
@@ -144,5 +157,15 @@ endif()
 
 include($ENV{IDF_PATH}/tools/cmake/project.cmake)
 
+# Once the project is loaded, next check for ESP-IDF version 6 or greater.
+# Numerous "dangerous relocation: call8: call target out of range: memcpy" errors encountered
+# So we'll allow long calls with the `-mlongcalls` compiler option for all components.
+if(IDF_VERSION_MAJOR GREATER_EQUAL 6)
+    if(IDF_TARGET STREQUAL "esp32" OR IDF_TARGET STREQUAL "esp32s2" OR IDF_TARGET STREQUAL "esp32s3")
+        message(STATUS "mlongcalls for all components")
+        idf_build_set_property(COMPILE_OPTIONS "-mlongcalls" APPEND)
+    endif()
+endif()
+
 project(wolfssl_benchmark)
 message(STATUS "end project")
diff --git a/IDE/Espressif/ESP-IDF/examples/wolfssl_benchmark/components/wolfssl/include/user_settings.h b/IDE/Espressif/ESP-IDF/examples/wolfssl_benchmark/components/wolfssl/include/user_settings.h
index a51634417..9c14dc9df 100644
--- a/IDE/Espressif/ESP-IDF/examples/wolfssl_benchmark/components/wolfssl/include/user_settings.h
+++ b/IDE/Espressif/ESP-IDF/examples/wolfssl_benchmark/components/wolfssl/include/user_settings.h
@@ -30,7 +30,7 @@
 
 /* This user_settings.h is for Espressif ESP-IDF
  *
- * Standardized wolfSSL Espressif ESP32 + ESP8266 user_settings.h V5.7.0-1
+ * Standardized wolfSSL Espressif ESP32 + ESP8266 user_settings.h V5.8.2-1 certs
  *
  * Do not include any wolfssl headers here.
  *
@@ -257,11 +257,6 @@
     #define WOLFSSL_AES_DIRECT
 #endif
 
-/* Pick a cert buffer size: */
-/* #define USE_CERT_BUFFERS_2048 */
-/* #define USE_CERT_BUFFERS_1024 */
-#define USE_CERT_BUFFERS_2048
-
 /* The Espressif sdkconfig will have chipset info.
 **
 ** Some possible values:
@@ -377,10 +372,6 @@
 /* #define DEBUG_WOLFSSL */
 #define DEBUG_WOLFSSL_MALLOC
 
-/* See test.c that sets cert buffers; we'll set them here: */
-#define USE_CERT_BUFFERS_256
-#define USE_CERT_BUFFERS_2048
-
 /* RSA_LOW_MEM: Half as much memory but twice as slow. */
 #define RSA_LOW_MEM
 
@@ -678,9 +669,6 @@
 
     #undef  HAVE_AESGCM
     #define HAVE_AESGCM
-#else
-    /* default settings */
-    #define USE_CERT_BUFFERS_2048
 #endif
 
 /* Chipset detection from sdkconfig.h
@@ -1058,10 +1046,9 @@ Turn on timer debugging (used when CPU cycles not available)
             #error "USE_CERT_BUFFERS_1024 is already defined. Pick one."
         #endif
 
-        /* Be sure to include in app when using example certs: */
-        #include <wolfssl/certs_test.h>
+        /* Be sure to include in app, not here, when using example certs: */
+        /* #include <wolfssl/certs_test.h> */
 
-        #define USE_CERT_BUFFERS_256
         #define CTX_CA_CERT          ca_cert_der_2048
         #define CTX_CA_CERT_SIZE     sizeof_ca_cert_der_2048
         #define CTX_CA_CERT_TYPE     WOLFSSL_FILETYPE_ASN1
@@ -1085,10 +1072,9 @@ Turn on timer debugging (used when CPU cycles not available)
             #error "USE_CERT_BUFFERS_2048 is already defined. Pick one."
         #endif
 
-        /* Be sure to include in app when using example certs: */
-        #include <wolfssl/certs_test.h>
+        /* Be sure to include in app, not here, when using example certs: */
+        /* #include <wolfssl/certs_test.h> */
 
-        #define USE_CERT_BUFFERS_256
         #define CTX_CA_CERT          ca_cert_der_1024
         #define CTX_CA_CERT_SIZE     sizeof_ca_cert_der_1024
         #define CTX_CA_CERT_TYPE     WOLFSSL_FILETYPE_ASN1
@@ -1108,7 +1094,6 @@ Turn on timer debugging (used when CPU cycles not available)
         #define CTX_SERVER_KEY_TYPE  WOLFSSL_FILETYPE_ASN1
     #else
         /* Optionally define custom cert arrays, sizes, and types here */
-        #error "Must define USE_CERT_BUFFERS_2048 or USE_CERT_BUFFERS_1024"
     #endif
 #endif /* Conditional key and cert constant names */
 
diff --git a/IDE/Espressif/ESP-IDF/examples/wolfssl_client/CMakeLists.txt b/IDE/Espressif/ESP-IDF/examples/wolfssl_client/CMakeLists.txt
index f9b3bbfd0..caa597d16 100644
--- a/IDE/Espressif/ESP-IDF/examples/wolfssl_client/CMakeLists.txt
+++ b/IDE/Espressif/ESP-IDF/examples/wolfssl_client/CMakeLists.txt
@@ -7,6 +7,19 @@ message(STATUS "Begin project ${CMAKE_PROJECT_NAME}")
 
 cmake_minimum_required(VERSION 3.16)
 
+# For the main project using ESP-IDF version 6 or greater.
+# Numerous "dangerous relocation: call8: call target out of range: memcpy" errors encountered
+# So we'll allow long calls with the `-mlongcalls` compiler option for all components.
+if(IDF_VERSION_MAJOR GREATER_EQUAL 6)
+    if(IDF_TARGET STREQUAL "esp32" OR IDF_TARGET STREQUAL "esp32s2" OR IDF_TARGET STREQUAL "esp32s3")
+        message(STATUS "Adding mlongcalls")
+        add_compile_options(-mlongcalls)
+        add_link_options(-mlongcalls)
+        set(CMAKE_C_FLAGS   "${CMAKE_C_FLAGS} -mlongcalls")
+        set(CMAKE_CXX_FLAGS "${CMAKE_CXX_FLAGS} -mlongcalls")
+    endif()
+endif()
+
 # Optional no watchdog typically used for test & benchmark
 if (idf_target STREQUAL "esp8266" OR IDF_TARGET STREQUAL "esp8266" OR IDF_VERSION_MAJOR VERSION_LESS "5.0")
     set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -DWOLFSSL_ESP_NO_WATCHDOG=1")
@@ -144,5 +157,15 @@ endif()
 
 include($ENV{IDF_PATH}/tools/cmake/project.cmake)
 
+# Once the project is loaded, next check for ESP-IDF version 6 or greater.
+# Numerous "dangerous relocation: call8: call target out of range: memcpy" errors encountered
+# So we'll allow long calls with the `-mlongcalls` compiler option for all components.
+if(IDF_VERSION_MAJOR GREATER_EQUAL 6)
+    if(IDF_TARGET STREQUAL "esp32" OR IDF_TARGET STREQUAL "esp32s2" OR IDF_TARGET STREQUAL "esp32s3")
+        message(STATUS "mlongcalls for all components")
+        idf_build_set_property(COMPILE_OPTIONS "-mlongcalls" APPEND)
+    endif()
+endif()
+
 project(wolfssl_client)
 message(STATUS "end project")
diff --git a/IDE/Espressif/ESP-IDF/examples/wolfssl_client/components/wolfssl/include/user_settings.h b/IDE/Espressif/ESP-IDF/examples/wolfssl_client/components/wolfssl/include/user_settings.h
index a51634417..9c14dc9df 100644
--- a/IDE/Espressif/ESP-IDF/examples/wolfssl_client/components/wolfssl/include/user_settings.h
+++ b/IDE/Espressif/ESP-IDF/examples/wolfssl_client/components/wolfssl/include/user_settings.h
@@ -30,7 +30,7 @@
 
 /* This user_settings.h is for Espressif ESP-IDF
  *
- * Standardized wolfSSL Espressif ESP32 + ESP8266 user_settings.h V5.7.0-1
+ * Standardized wolfSSL Espressif ESP32 + ESP8266 user_settings.h V5.8.2-1 certs
  *
  * Do not include any wolfssl headers here.
  *
@@ -257,11 +257,6 @@
     #define WOLFSSL_AES_DIRECT
 #endif
 
-/* Pick a cert buffer size: */
-/* #define USE_CERT_BUFFERS_2048 */
-/* #define USE_CERT_BUFFERS_1024 */
-#define USE_CERT_BUFFERS_2048
-
 /* The Espressif sdkconfig will have chipset info.
 **
 ** Some possible values:
@@ -377,10 +372,6 @@
 /* #define DEBUG_WOLFSSL */
 #define DEBUG_WOLFSSL_MALLOC
 
-/* See test.c that sets cert buffers; we'll set them here: */
-#define USE_CERT_BUFFERS_256
-#define USE_CERT_BUFFERS_2048
-
 /* RSA_LOW_MEM: Half as much memory but twice as slow. */
 #define RSA_LOW_MEM
 
@@ -678,9 +669,6 @@
 
     #undef  HAVE_AESGCM
     #define HAVE_AESGCM
-#else
-    /* default settings */
-    #define USE_CERT_BUFFERS_2048
 #endif
 
 /* Chipset detection from sdkconfig.h
@@ -1058,10 +1046,9 @@ Turn on timer debugging (used when CPU cycles not available)
             #error "USE_CERT_BUFFERS_1024 is already defined. Pick one."
         #endif
 
-        /* Be sure to include in app when using example certs: */
-        #include <wolfssl/certs_test.h>
+        /* Be sure to include in app, not here, when using example certs: */
+        /* #include <wolfssl/certs_test.h> */
 
-        #define USE_CERT_BUFFERS_256
         #define CTX_CA_CERT          ca_cert_der_2048
         #define CTX_CA_CERT_SIZE     sizeof_ca_cert_der_2048
         #define CTX_CA_CERT_TYPE     WOLFSSL_FILETYPE_ASN1
@@ -1085,10 +1072,9 @@ Turn on timer debugging (used when CPU cycles not available)
             #error "USE_CERT_BUFFERS_2048 is already defined. Pick one."
         #endif
 
-        /* Be sure to include in app when using example certs: */
-        #include <wolfssl/certs_test.h>
+        /* Be sure to include in app, not here, when using example certs: */
+        /* #include <wolfssl/certs_test.h> */
 
-        #define USE_CERT_BUFFERS_256
         #define CTX_CA_CERT          ca_cert_der_1024
         #define CTX_CA_CERT_SIZE     sizeof_ca_cert_der_1024
         #define CTX_CA_CERT_TYPE     WOLFSSL_FILETYPE_ASN1
@@ -1108,7 +1094,6 @@ Turn on timer debugging (used when CPU cycles not available)
         #define CTX_SERVER_KEY_TYPE  WOLFSSL_FILETYPE_ASN1
     #else
         /* Optionally define custom cert arrays, sizes, and types here */
-        #error "Must define USE_CERT_BUFFERS_2048 or USE_CERT_BUFFERS_1024"
     #endif
 #endif /* Conditional key and cert constant names */
 
diff --git a/IDE/Espressif/ESP-IDF/examples/wolfssl_client/main/include/client-tls.h b/IDE/Espressif/ESP-IDF/examples/wolfssl_client/main/include/client-tls.h
index a38145fb9..b39e88782 100644
--- a/IDE/Espressif/ESP-IDF/examples/wolfssl_client/main/include/client-tls.h
+++ b/IDE/Espressif/ESP-IDF/examples/wolfssl_client/main/include/client-tls.h
@@ -21,8 +21,23 @@
 #ifndef _CLIENT_TLS_H_
 #define _CLIENT_TLS_H_
 
-/* Local project, auto-generated configuration */
-#include "sdkconfig.h"
+/* This example uses wolfssl test certificates */
+#if 1
+    /* See wolfssl/certs_test.h */
+    #if defined(CONFIG_IDF_TARGET_ESP32C2) || \
+        defined(CONFIG_IDF_TARGET_ESP8684) || \
+        defined(CONFIG_IDF_TARGET_ESP8266)
+        /* Use smaller certs for low-memory devices */
+        #define USE_CERT_BUFFERS_1024
+    #else
+        #define USE_CERT_BUFFERS_2048
+    #endif
+
+    /* always include smallest testing 32 byte RSA/ECC keys */
+    #define USE_CERT_BUFFERS_256
+#else
+    /* define your own certificate macros; see user_settings.h */
+#endif
 
 #include <wolfssl/wolfcrypt/settings.h>
 #include <wolfssl/ssl.h>
diff --git a/IDE/Espressif/ESP-IDF/examples/wolfssl_server/CMakeLists.txt b/IDE/Espressif/ESP-IDF/examples/wolfssl_server/CMakeLists.txt
index a61aed3f0..477b3be8b 100644
--- a/IDE/Espressif/ESP-IDF/examples/wolfssl_server/CMakeLists.txt
+++ b/IDE/Espressif/ESP-IDF/examples/wolfssl_server/CMakeLists.txt
@@ -7,6 +7,19 @@ message(STATUS "Begin project ${CMAKE_PROJECT_NAME}")
 
 cmake_minimum_required(VERSION 3.16)
 
+# For the main project using ESP-IDF version 6 or greater.
+# Numerous "dangerous relocation: call8: call target out of range: memcpy" errors encountered
+# So we'll allow long calls with the `-mlongcalls` compiler option for all components.
+if(IDF_VERSION_MAJOR GREATER_EQUAL 6)
+    if(IDF_TARGET STREQUAL "esp32" OR IDF_TARGET STREQUAL "esp32s2" OR IDF_TARGET STREQUAL "esp32s3")
+        message(STATUS "Adding mlongcalls")
+        add_compile_options(-mlongcalls)
+        add_link_options(-mlongcalls)
+        set(CMAKE_C_FLAGS   "${CMAKE_C_FLAGS} -mlongcalls")
+        set(CMAKE_CXX_FLAGS "${CMAKE_CXX_FLAGS} -mlongcalls")
+    endif()
+endif()
+
 # Optional no watchdog typically used for test & benchmark
 if (idf_target STREQUAL "esp8266" OR IDF_TARGET STREQUAL "esp8266" OR IDF_VERSION_MAJOR VERSION_LESS "5.0")
     set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -DWOLFSSL_ESP_NO_WATCHDOG=1")
@@ -144,5 +157,15 @@ endif()
 
 include($ENV{IDF_PATH}/tools/cmake/project.cmake)
 
+# Once the project is loaded, next check for ESP-IDF version 6 or greater.
+# Numerous "dangerous relocation: call8: call target out of range: memcpy" errors encountered
+# So we'll allow long calls with the `-mlongcalls` compiler option for all components.
+if(IDF_VERSION_MAJOR GREATER_EQUAL 6)
+    if(IDF_TARGET STREQUAL "esp32" OR IDF_TARGET STREQUAL "esp32s2" OR IDF_TARGET STREQUAL "esp32s3")
+        message(STATUS "mlongcalls for all components")
+        idf_build_set_property(COMPILE_OPTIONS "-mlongcalls" APPEND)
+    endif()
+endif()
+
 project(wolfssl_server)
 message(STATUS "end project")
diff --git a/IDE/Espressif/ESP-IDF/examples/wolfssl_server/components/wolfssl/include/user_settings.h b/IDE/Espressif/ESP-IDF/examples/wolfssl_server/components/wolfssl/include/user_settings.h
index a51634417..9c14dc9df 100644
--- a/IDE/Espressif/ESP-IDF/examples/wolfssl_server/components/wolfssl/include/user_settings.h
+++ b/IDE/Espressif/ESP-IDF/examples/wolfssl_server/components/wolfssl/include/user_settings.h
@@ -30,7 +30,7 @@
 
 /* This user_settings.h is for Espressif ESP-IDF
  *
- * Standardized wolfSSL Espressif ESP32 + ESP8266 user_settings.h V5.7.0-1
+ * Standardized wolfSSL Espressif ESP32 + ESP8266 user_settings.h V5.8.2-1 certs
  *
  * Do not include any wolfssl headers here.
  *
@@ -257,11 +257,6 @@
     #define WOLFSSL_AES_DIRECT
 #endif
 
-/* Pick a cert buffer size: */
-/* #define USE_CERT_BUFFERS_2048 */
-/* #define USE_CERT_BUFFERS_1024 */
-#define USE_CERT_BUFFERS_2048
-
 /* The Espressif sdkconfig will have chipset info.
 **
 ** Some possible values:
@@ -377,10 +372,6 @@
 /* #define DEBUG_WOLFSSL */
 #define DEBUG_WOLFSSL_MALLOC
 
-/* See test.c that sets cert buffers; we'll set them here: */
-#define USE_CERT_BUFFERS_256
-#define USE_CERT_BUFFERS_2048
-
 /* RSA_LOW_MEM: Half as much memory but twice as slow. */
 #define RSA_LOW_MEM
 
@@ -678,9 +669,6 @@
 
     #undef  HAVE_AESGCM
     #define HAVE_AESGCM
-#else
-    /* default settings */
-    #define USE_CERT_BUFFERS_2048
 #endif
 
 /* Chipset detection from sdkconfig.h
@@ -1058,10 +1046,9 @@ Turn on timer debugging (used when CPU cycles not available)
             #error "USE_CERT_BUFFERS_1024 is already defined. Pick one."
         #endif
 
-        /* Be sure to include in app when using example certs: */
-        #include <wolfssl/certs_test.h>
+        /* Be sure to include in app, not here, when using example certs: */
+        /* #include <wolfssl/certs_test.h> */
 
-        #define USE_CERT_BUFFERS_256
         #define CTX_CA_CERT          ca_cert_der_2048
         #define CTX_CA_CERT_SIZE     sizeof_ca_cert_der_2048
         #define CTX_CA_CERT_TYPE     WOLFSSL_FILETYPE_ASN1
@@ -1085,10 +1072,9 @@ Turn on timer debugging (used when CPU cycles not available)
             #error "USE_CERT_BUFFERS_2048 is already defined. Pick one."
         #endif
 
-        /* Be sure to include in app when using example certs: */
-        #include <wolfssl/certs_test.h>
+        /* Be sure to include in app, not here, when using example certs: */
+        /* #include <wolfssl/certs_test.h> */
 
-        #define USE_CERT_BUFFERS_256
         #define CTX_CA_CERT          ca_cert_der_1024
         #define CTX_CA_CERT_SIZE     sizeof_ca_cert_der_1024
         #define CTX_CA_CERT_TYPE     WOLFSSL_FILETYPE_ASN1
@@ -1108,7 +1094,6 @@ Turn on timer debugging (used when CPU cycles not available)
         #define CTX_SERVER_KEY_TYPE  WOLFSSL_FILETYPE_ASN1
     #else
         /* Optionally define custom cert arrays, sizes, and types here */
-        #error "Must define USE_CERT_BUFFERS_2048 or USE_CERT_BUFFERS_1024"
     #endif
 #endif /* Conditional key and cert constant names */
 
diff --git a/IDE/Espressif/ESP-IDF/examples/wolfssl_server/main/include/server-tls.h b/IDE/Espressif/ESP-IDF/examples/wolfssl_server/main/include/server-tls.h
index 03781b2bd..a1d12ad2c 100644
--- a/IDE/Espressif/ESP-IDF/examples/wolfssl_server/main/include/server-tls.h
+++ b/IDE/Espressif/ESP-IDF/examples/wolfssl_server/main/include/server-tls.h
@@ -21,6 +21,24 @@
 #ifndef _SERVER_TLS_
 #define _SERVER_TLS_
 
+/* This example uses wolfssl test certificates */
+#if 1
+    /* See wolfssl/certs_test.h */
+    #if defined(CONFIG_IDF_TARGET_ESP32C2) || \
+        defined(CONFIG_IDF_TARGET_ESP8684) || \
+        defined(CONFIG_IDF_TARGET_ESP8266)
+        /* Use smaller certs for low-memory devices */
+        #define USE_CERT_BUFFERS_1024
+    #else
+        #define USE_CERT_BUFFERS_2048
+    #endif
+
+    /* always include smallest testing 32 byte RSA/ECC keys */
+    #define USE_CERT_BUFFERS_256
+#else
+    /* define your own certificate macros; see user_settings.h */
+#endif
+
 #include <wolfssl/wolfcrypt/settings.h> /* includes wolfSSL user-settings.h */
 #include <wolfssl/ssl.h>
 #include "sdkconfig.h"
diff --git a/IDE/Espressif/ESP-IDF/examples/wolfssl_test/CMakeLists.txt b/IDE/Espressif/ESP-IDF/examples/wolfssl_test/CMakeLists.txt
index 2090c8ae8..ac32187d8 100644
--- a/IDE/Espressif/ESP-IDF/examples/wolfssl_test/CMakeLists.txt
+++ b/IDE/Espressif/ESP-IDF/examples/wolfssl_test/CMakeLists.txt
@@ -7,6 +7,19 @@ message(STATUS "Begin project ${CMAKE_PROJECT_NAME}")
 
 cmake_minimum_required(VERSION 3.16)
 
+# For the main project using ESP-IDF version 6 or greater.
+# Numerous "dangerous relocation: call8: call target out of range: memcpy" errors encountered
+# So we'll allow long calls with the `-mlongcalls` compiler option for all components.
+if(IDF_VERSION_MAJOR GREATER_EQUAL 6)
+    if(IDF_TARGET STREQUAL "esp32" OR IDF_TARGET STREQUAL "esp32s2" OR IDF_TARGET STREQUAL "esp32s3")
+        message(STATUS "Adding mlongcalls")
+        add_compile_options(-mlongcalls)
+        add_link_options(-mlongcalls)
+        set(CMAKE_C_FLAGS   "${CMAKE_C_FLAGS} -mlongcalls")
+        set(CMAKE_CXX_FLAGS "${CMAKE_CXX_FLAGS} -mlongcalls")
+    endif()
+endif()
+
 # Optional no watchdog typically used for test & benchmark
 if (idf_target STREQUAL "esp8266" OR IDF_TARGET STREQUAL "esp8266" OR IDF_VERSION_MAJOR VERSION_LESS "5.0")
     set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -DWOLFSSL_ESP_NO_WATCHDOG=1")
@@ -144,5 +157,15 @@ endif()
 
 include($ENV{IDF_PATH}/tools/cmake/project.cmake)
 
+# Once the project is loaded, next check for ESP-IDF version 6 or greater.
+# Numerous "dangerous relocation: call8: call target out of range: memcpy" errors encountered
+# So we'll allow long calls with the `-mlongcalls` compiler option for all components.
+if(IDF_VERSION_MAJOR GREATER_EQUAL 6)
+    if(IDF_TARGET STREQUAL "esp32" OR IDF_TARGET STREQUAL "esp32s2" OR IDF_TARGET STREQUAL "esp32s3")
+        message(STATUS "mlongcalls for all components")
+        idf_build_set_property(COMPILE_OPTIONS "-mlongcalls" APPEND)
+    endif()
+endif()
+
 project(wolfssl_test)
 message(STATUS "end project")
diff --git a/IDE/Espressif/ESP-IDF/examples/wolfssl_test/components/wolfssl/include/user_settings.h b/IDE/Espressif/ESP-IDF/examples/wolfssl_test/components/wolfssl/include/user_settings.h
index a51634417..9c14dc9df 100644
--- a/IDE/Espressif/ESP-IDF/examples/wolfssl_test/components/wolfssl/include/user_settings.h
+++ b/IDE/Espressif/ESP-IDF/examples/wolfssl_test/components/wolfssl/include/user_settings.h
@@ -30,7 +30,7 @@
 
 /* This user_settings.h is for Espressif ESP-IDF
  *
- * Standardized wolfSSL Espressif ESP32 + ESP8266 user_settings.h V5.7.0-1
+ * Standardized wolfSSL Espressif ESP32 + ESP8266 user_settings.h V5.8.2-1 certs
  *
  * Do not include any wolfssl headers here.
  *
@@ -257,11 +257,6 @@
     #define WOLFSSL_AES_DIRECT
 #endif
 
-/* Pick a cert buffer size: */
-/* #define USE_CERT_BUFFERS_2048 */
-/* #define USE_CERT_BUFFERS_1024 */
-#define USE_CERT_BUFFERS_2048
-
 /* The Espressif sdkconfig will have chipset info.
 **
 ** Some possible values:
@@ -377,10 +372,6 @@
 /* #define DEBUG_WOLFSSL */
 #define DEBUG_WOLFSSL_MALLOC
 
-/* See test.c that sets cert buffers; we'll set them here: */
-#define USE_CERT_BUFFERS_256
-#define USE_CERT_BUFFERS_2048
-
 /* RSA_LOW_MEM: Half as much memory but twice as slow. */
 #define RSA_LOW_MEM
 
@@ -678,9 +669,6 @@
 
     #undef  HAVE_AESGCM
     #define HAVE_AESGCM
-#else
-    /* default settings */
-    #define USE_CERT_BUFFERS_2048
 #endif
 
 /* Chipset detection from sdkconfig.h
@@ -1058,10 +1046,9 @@ Turn on timer debugging (used when CPU cycles not available)
             #error "USE_CERT_BUFFERS_1024 is already defined. Pick one."
         #endif
 
-        /* Be sure to include in app when using example certs: */
-        #include <wolfssl/certs_test.h>
+        /* Be sure to include in app, not here, when using example certs: */
+        /* #include <wolfssl/certs_test.h> */
 
-        #define USE_CERT_BUFFERS_256
         #define CTX_CA_CERT          ca_cert_der_2048
         #define CTX_CA_CERT_SIZE     sizeof_ca_cert_der_2048
         #define CTX_CA_CERT_TYPE     WOLFSSL_FILETYPE_ASN1
@@ -1085,10 +1072,9 @@ Turn on timer debugging (used when CPU cycles not available)
             #error "USE_CERT_BUFFERS_2048 is already defined. Pick one."
         #endif
 
-        /* Be sure to include in app when using example certs: */
-        #include <wolfssl/certs_test.h>
+        /* Be sure to include in app, not here, when using example certs: */
+        /* #include <wolfssl/certs_test.h> */
 
-        #define USE_CERT_BUFFERS_256
         #define CTX_CA_CERT          ca_cert_der_1024
         #define CTX_CA_CERT_SIZE     sizeof_ca_cert_der_1024
         #define CTX_CA_CERT_TYPE     WOLFSSL_FILETYPE_ASN1
@@ -1108,7 +1094,6 @@ Turn on timer debugging (used when CPU cycles not available)
         #define CTX_SERVER_KEY_TYPE  WOLFSSL_FILETYPE_ASN1
     #else
         /* Optionally define custom cert arrays, sizes, and types here */
-        #error "Must define USE_CERT_BUFFERS_2048 or USE_CERT_BUFFERS_1024"
     #endif
 #endif /* Conditional key and cert constant names */
 
diff --git a/IDE/INTIME-RTOS/Makefile b/IDE/INTIME-RTOS/Makefile
new file mode 100644
index 000000000..3755c2920
--- /dev/null
+++ b/IDE/INTIME-RTOS/Makefile
@@ -0,0 +1,516 @@
+# Makefile for the INtime wolfSSL library component
+#
+SWENGENV := $(RMX_SRC_BASE)/tools/swenghg
+#
+# makefile -- defines the macros, directives and rules necessary to build the
+#             wolfSSL library. 
+#
+# NOTES:
+#     1.  This makefile is a "wrapper" makefile for the Visual Studio 80
+#         INtime package project.  The makefile provides RCS and component 
+#	      release support not provided by the project's native visual Studio
+#         makefile.
+# 
+#     2.  The SWENG environment assumes makefile execution from a Windows NT
+#         environment.
+#
+#     3.  The SWENG environment assumes that a user has Microsoft Network
+#         access to the ESO server directories.
+#
+#     4.  A SWENG makefile makes no assumptions concerning a user's command
+#         path.  All command pathnames are explicit.  Furthermore, the
+#         directory component of a pathname is defined by a macro that can be
+#         overridden at makefile invocation.
+#
+#         The same cannot be said for MS Developer Studio makefiles -- they
+#         assume MSVC and Windows NT commands are in the user's path.
+#
+#     5.  A SWENG makefile makes no assumptions concerning a user's environment
+#         variable definitions.
+#
+#         The same cannot be said for MS Developer Studio makefiles -- they
+#         assume various environment variables are set properly to build their
+#         components.
+#
+#     6.  A SWENG makefile executes standard MKS and MSVC tools.  Other tool
+#         sets require additional macro and rule definition. 
+#
+
+# Default macros and directives.
+#
+# NOTES:
+#     1.  These files must always be included before all component-specific
+#         macros and directives.
+
+.INCLUDE:$(SWENGENV)/macros.wnt
+.INCLUDE:$(SWENGENV)/intimemacros.wnt
+
+# Component and version number macros:
+#
+#     COMPONENT:  The name of the product component built by this makefile.
+#                 DUE TO THE IDIOSYNCRATIC NATURE OF RCS, THIS MACRO MUST NOT
+#                 CONTAIN ANY SPECIAL CHARACTERS, INCLUDING " " AND "."!  For
+#                 example, the macro for the Real-Time Application Loader
+#                 could be defined as:
+#
+#                     COMPONENT := Real_Time_Application_Loader
+#
+#                 In the SWENG environment, a PRODUCT is the complete software
+#                 package sent to a customer (e.g., INtime V1.00).  A PRODUCT
+#                 is composed of one or more COMPONENTs (e.g., Real-Time
+#                 Application Loader, NTX Library, etc.)
+#
+#                 When choosing names for new components, ensure that they
+#                 are unique.
+#
+#     VERSION:    The version number associated with the component(s) built
+#                 by this makefile.  DUE TO THE IDIOSYNCRATIC NATURE OF RCS,
+#                 THIS MACRO MUST NOT CONTAIN ANY SPECIAL CHARACTERS,
+#                 INCLUDING " " AND "."!  For example, the macro for version
+#                 1.00 is defined:
+#
+#                        VERSION := 100
+#
+#     NAME:       A string used to name both the engineering version of the
+#                 component built by this makefile and the source files used
+#                 to build it.
+#
+# NOTES:
+#     1.  These macros must not be deleted or renamed.  Their values should be
+#         modified to match the components built by this makefile.
+#
+#     2.  The "engineer" target will not complete unless the COMPONENT,
+#         VERSION, and NAME macros are defined.
+
+COMPONENT :=    wolfssl_intime
+VERSION :=      572
+NAME :=		$(COMPONENT)_$(VERSION)
+
+# MS Developer Studio project name and directory macros.
+#
+#     PROJECT:       The project name for this component.
+#
+#     SUB_PROJECTS:  The sub-project name(s) for this component.
+#
+#     TARG_DIR:      The target directory for component files, relative to the
+#                    project and sub-project directories (generally, "Debug" or
+#                    "Release").
+#
+#     TARG_TYPE:     The target type for the project and sub-projects
+#                    (generally, "Debug" or "Release").
+#
+# NOTES:
+#     1.  These macros must not be deleted or renamed.  Their values should be
+#         modified to match the project/directory structure of the component(s)
+#         built by this makefile.  Unused macros values should be defined as
+#         $(NULL).
+
+PROJECT      := wolfssl
+SUB_PROJECTS := $(NULL)
+.IF $(DEBUG)
+TARG_DIR     := Debug
+TARG_TYPE    := Debug
+.ELSE
+TARG_DIR     := Release
+TARG_TYPE    := Release
+.END
+
+# MKS make search path for machine-generated files.
+#
+# NOTES:
+#     1.  All machine-generated target files that do not reside in the current
+#         working directory require a .SOURCE directive.  Otherwise, a .SOURCE
+#         directive is optional (but will improve makefile performance).
+
+.SOURCE.lib: $(TARG_DIR)
+
+# File list macros:
+#
+#     TARGETS:   The component(s) built by this makefile.  These are the files
+#                built by the default rule ("make" or "make all").
+#     LOGFILE:   A log file containing revision data for the project members
+#                (files) used to build the TARGETS.  The file is built by the
+#                "engineer" rule.
+#     MAKEFILE:  Makefile used to build the TARGETS (this file).
+#     ASM:       Assembly source code files used to build the TARGETS (.asm).
+#     C:         C source code files used to build the TARGETS (.c)
+#     CPP:       C++ source code files used to build the TARGETS (.cpp).
+#     SRCS:      The concatenation of ASM, C, and CPP.
+#     HDRS:      Header files used to build the TARGETS (.h, .hpp, .inc).
+#     OBJ:       Object files used to build the TARGETS (.obj).
+#     DEBRIS:    Machine-generated files to be deleted by the "clean" rule.
+#
+# NOTES:
+#     1.  These macros must not be deleted or renamed.  Their values may be
+#         modified to match the files used to build the component(s) associated
+#         with this makefile.
+#
+#     2.  The "engineer" rule will not complete unless the LOGFILE macro is
+#         defined.
+
+EXEC_TARGS := libwolfssl572.lib
+
+SRC_TARGS := user_settings.h
+TARGETS  := $(EXEC_TARGS)
+LOGFILE  := $(PROJECT).txt
+MAKEFILE := makefile
+ASM      :=
+C        :=
+CPP      :=
+RCFILE	 := 
+
+SRCS     := 
+OBJ      :=
+CFGS     := 
+
+DEBRIS   := $(LOGFILE) release* debug* *.sdf *.user *.aps *.bak *~
+
+INCL_TARGS := 	wolfssl/callbacks.h \
+	wolfssl/certs_test.h \
+	wolfssl/crl.h \
+	wolfssl/error-ssl.h \
+	wolfssl/include.am \
+	wolfssl/internal.h \
+	wolfssl/ocsp.h \
+	wolfssl/options.h \
+	wolfssl/options.h.in \
+	wolfssl/quic.h \
+	wolfssl/sniffer.h \
+	wolfssl/sniffer_error.h \
+	wolfssl/sniffer_error.rc \
+	wolfssl/ssl.h \
+	wolfssl/test.h \
+	wolfssl/version.h \
+	wolfssl/version.h.in \
+	wolfssl/wolfio.h \
+	wolfssl/openssl/aes.h \
+	wolfssl/openssl/asn1.h \
+	wolfssl/openssl/asn1t.h \
+	wolfssl/openssl/bio.h \
+	wolfssl/openssl/bn.h \
+	wolfssl/openssl/buffer.h \
+	wolfssl/openssl/camellia.h \
+	wolfssl/openssl/cmac.h \
+	wolfssl/openssl/cms.h \
+	wolfssl/openssl/compat_types.h \
+	wolfssl/openssl/conf.h \
+	wolfssl/openssl/crypto.h \
+	wolfssl/openssl/des.h \
+	wolfssl/openssl/dh.h \
+	wolfssl/openssl/dsa.h \
+	wolfssl/openssl/ec.h \
+	wolfssl/openssl/ec448.h \
+	wolfssl/openssl/ec25519.h \
+	wolfssl/openssl/ecdh.h \
+	wolfssl/openssl/ecdsa.h \
+	wolfssl/openssl/ecdh.h \
+	wolfssl/openssl/ecdsa.h \
+	wolfssl/openssl/ed448.h \
+	wolfssl/openssl/ed25519.h \
+	wolfssl/openssl/engine.h \
+	wolfssl/openssl/err.h \
+	wolfssl/openssl/evp.h \
+	wolfssl/openssl/fips_rand.h \
+	wolfssl/openssl/hmac.h \
+	wolfssl/openssl/include.am \
+	wolfssl/openssl/kdf.h \
+	wolfssl/openssl/lhash.h \
+	wolfssl/openssl/md4.h \
+	wolfssl/openssl/md5.h \
+	wolfssl/openssl/modes.h \
+	wolfssl/openssl/obj_mac.h \
+	wolfssl/openssl/objects.h \
+	wolfssl/openssl/ocsp.h \
+	wolfssl/openssl/opensslconf.h \
+	wolfssl/openssl/opensslv.h \
+	wolfssl/openssl/ossl_typ.h \
+	wolfssl/openssl/pem.h \
+	wolfssl/openssl/pkcs7.h \
+	wolfssl/openssl/pkcs12.h \
+	wolfssl/openssl/rand.h \
+	wolfssl/openssl/rc4.h \
+	wolfssl/openssl/ripemd.h \
+	wolfssl/openssl/rsa.h \
+	wolfssl/openssl/sha.h \
+	wolfssl/openssl/sha3.h \
+	wolfssl/openssl/srp.h \
+	wolfssl/openssl/ssl.h \
+	wolfssl/openssl/ssl23.h \
+	wolfssl/openssl/stack.h \
+	wolfssl/openssl/tls1.h \
+	wolfssl/openssl/txt_db.h \
+	wolfssl/openssl/ui.h \
+	wolfssl/openssl/x509.h \
+	wolfssl/openssl/x509_vfy.h \
+	wolfssl/openssl/x509v3.h \
+	wolfssl/wolfcrypt/aes.h \
+	wolfssl/wolfcrypt/arc4.h \
+	wolfssl/wolfcrypt/asn.h \
+	wolfssl/wolfcrypt/asn_public.h \
+	wolfssl/wolfcrypt/async.h \
+	wolfssl/wolfcrypt/blake2.h \
+	wolfssl/wolfcrypt/blake2-impl.h \
+	wolfssl/wolfcrypt/blake2-int.h \
+	wolfssl/wolfcrypt/camellia.h \
+	wolfssl/wolfcrypt/chacha.h \
+	wolfssl/wolfcrypt/chacha20_poly1305.h \
+	wolfssl/wolfcrypt/cmac.h \
+	wolfssl/wolfcrypt/coding.h \
+	wolfssl/wolfcrypt/compress.h \
+	wolfssl/wolfcrypt/cpuid.h \
+	wolfssl/wolfcrypt/cryptocb.h \
+	wolfssl/wolfcrypt/curve448.h \
+	wolfssl/wolfcrypt/curve25519.h \
+	wolfssl/wolfcrypt/des3.h \
+	wolfssl/wolfcrypt/dh.h \
+	wolfssl/wolfcrypt/dilithium.h \
+	wolfssl/wolfcrypt/dsa.h \
+	wolfssl/wolfcrypt/ecc.h \
+	wolfssl/wolfcrypt/eccsi.h \
+	wolfssl/wolfcrypt/ed448.h \
+	wolfssl/wolfcrypt/ed25519.h \
+	wolfssl/wolfcrypt/error-crypt.h \
+	wolfssl/wolfcrypt/ext_kyber.h \
+	wolfssl/wolfcrypt/ext_lms.h \
+	wolfssl/wolfcrypt/ext_xmss.h \
+	wolfssl/wolfcrypt/falcon.h \
+	wolfssl/wolfcrypt/fe_448.h \
+	wolfssl/wolfcrypt/fe_operations.h \
+	wolfssl/wolfcrypt/fips.h \
+	wolfssl/wolfcrypt/fips_test.h \
+	wolfssl/wolfcrypt/ge_448.h \
+	wolfssl/wolfcrypt/ge_operations.h \
+	wolfssl/wolfcrypt/hash.h \
+	wolfssl/wolfcrypt/hmac.h \
+	wolfssl/wolfcrypt/hpke.h \
+	wolfssl/wolfcrypt/include.am \
+	wolfssl/wolfcrypt/integer.h \
+	wolfssl/wolfcrypt/kdf.h \
+	wolfssl/wolfcrypt/kyber.h \
+	wolfssl/wolfcrypt/lms.h \
+	wolfssl/wolfcrypt/logging.h \
+	wolfssl/wolfcrypt/md2.h \
+	wolfssl/wolfcrypt/md4.h \
+	wolfssl/wolfcrypt/md5.h \
+	wolfssl/wolfcrypt/mem_track.h \
+	wolfssl/wolfcrypt/memory.h \
+	wolfssl/wolfcrypt/misc.h \
+	wolfssl/wolfcrypt/mpi_class.h \
+	wolfssl/wolfcrypt/mpi_superclass.h \
+	wolfssl/wolfcrypt/pkcs7.h \
+	wolfssl/wolfcrypt/pkcs11.h \
+	wolfssl/wolfcrypt/pkcs12.h \
+	wolfssl/wolfcrypt/poly1305.h \
+	wolfssl/wolfcrypt/pwdbased.h \
+	wolfssl/wolfcrypt/random.h \
+	wolfssl/wolfcrypt/rc2.h \
+	wolfssl/wolfcrypt/ripemd.h \
+	wolfssl/wolfcrypt/rsa.h \
+	wolfssl/wolfcrypt/sakke.h \
+	wolfssl/wolfcrypt/selftest.h \
+	wolfssl/wolfcrypt/settings.h \
+	wolfssl/wolfcrypt/sha.h \
+	wolfssl/wolfcrypt/sha3.h \
+	wolfssl/wolfcrypt/sha256.h \
+	wolfssl/wolfcrypt/sha512.h \
+	wolfssl/wolfcrypt/signature.h \
+	wolfssl/wolfcrypt/siphash.h \
+	wolfssl/wolfcrypt/sm2.h \
+	wolfssl/wolfcrypt/sm3.h \
+	wolfssl/wolfcrypt/sm4.h \
+	wolfssl/wolfcrypt/sp.h \
+	wolfssl/wolfcrypt/sp_int.h \
+	wolfssl/wolfcrypt/sphincs.h \
+	wolfssl/wolfcrypt/srp.h \
+	wolfssl/wolfcrypt/tfm.h \
+	wolfssl/wolfcrypt/types.h \
+	wolfssl/wolfcrypt/visibility.h \
+	wolfssl/wolfcrypt/wc_encrypt.h \
+	wolfssl/wolfcrypt/wc_kyber.h \
+	wolfssl/wolfcrypt/wc_pkcs11.h \
+	wolfssl/wolfcrypt/wc_port.h \
+	wolfssl/wolfcrypt/wolfevent.h \
+	wolfssl/wolfcrypt/wolfmath.h \
+	wolfssl/wolfcrypt/xmss.h \
+	wolfssl/wolfcrypt/port/nrf51.h \
+	wolfssl/wolfcrypt/port/af_alg/afalg_hash.h \
+	wolfssl/wolfcrypt/port/af_alg/wc_afalg.h \
+	wolfssl/wolfcrypt/port/aria/aria-crypt.h \
+	wolfssl/wolfcrypt/port/aria/aria-cryptocb.h \
+	wolfssl/wolfcrypt/port/arm/cryptoCell.h \
+	wolfssl/wolfcrypt/port/atmel/atmel.h \
+	wolfssl/wolfcrypt/port/autosar/CryIf.h \
+	wolfssl/wolfcrypt/port/autosar/Crypto.h \
+	wolfssl/wolfcrypt/port/autosar/Csm.h \
+	wolfssl/wolfcrypt/port/autosar/StandardTypes.h \
+	wolfssl/wolfcrypt/port/caam/caam_driver.h \
+	wolfssl/wolfcrypt/port/caam/caam_error.h \
+	wolfssl/wolfcrypt/port/caam/caam_qnx.h \
+	wolfssl/wolfcrypt/port/caam/wolfcaam.h \
+	wolfssl/wolfcrypt/port/caam/wolfcaam_aes.h \
+	wolfssl/wolfcrypt/port/caam/wolfcaam_cmac.h \
+	wolfssl/wolfcrypt/port/caam/wolfcaam_ecdsa.h \
+	wolfssl/wolfcrypt/port/caam/wolfcaam_fsl_nxp.h \
+	wolfssl/wolfcrypt/port/caam/wolfcaam_hash.h \
+	wolfssl/wolfcrypt/port/caam/wolfcaam_qnx.h \
+	wolfssl/wolfcrypt/port/caam/wolfcaam_rsa.h \
+	wolfssl/wolfcrypt/port/caam/wolfcaam_seco.h \
+	wolfssl/wolfcrypt/port/caam/wolfcaam_sha.h \
+	wolfssl/wolfcrypt/port/caam/wolfcaam_x25519.h \
+	wolfssl/wolfcrypt/port/cavium/cavium_nitrox.h \
+	wolfssl/wolfcrypt/port/cavium/cavium_octeon_sync.h \
+	wolfssl/wolfcrypt/port/cypress/psoc6_crypto.h \
+	wolfssl/wolfcrypt/port/devcrypto/wc_devcrypto.h \
+	wolfssl/wolfcrypt/port/Espressif/esp32-crypt.h \
+	wolfssl/wolfcrypt/port/Espressif/esp-sdk-lib.h \
+	wolfssl/wolfcrypt/port/intel/quickassist.h \
+	wolfssl/wolfcrypt/port/intel/quickassist_mem.h \
+	wolfssl/wolfcrypt/port/intel/quickassist_sync.h \
+	wolfssl/wolfcrypt/port/iotsafe/iotsafe.h \
+	wolfssl/wolfcrypt/port/kcapi/kcapi_dh.h \
+	wolfssl/wolfcrypt/port/kcapi/kcapi_ecc.h \
+	wolfssl/wolfcrypt/port/kcapi/kcapi_hash.h \
+	wolfssl/wolfcrypt/port/kcapi/kcapi_hmac.h \
+	wolfssl/wolfcrypt/port/kcapi/kcapi_rsa.h \
+	wolfssl/wolfcrypt/port/kcapi/wc_kcapi.h \
+	wolfssl/wolfcrypt/port/liboqs/liboqs.h \
+	wolfssl/wolfcrypt/port/maxim/maxq10xx.h \
+	wolfssl/wolfcrypt/port/nxp/dcp_port.h \
+	wolfssl/wolfcrypt/port/nxp/ksdk_port.h \
+	wolfssl/wolfcrypt/port/nxp/se050_port.h \
+	wolfssl/wolfcrypt/port/pic32/pic32mz-crypt.h \
+	wolfssl/wolfcrypt/port/psa/psa.h \
+	wolfssl/wolfcrypt/port/Renesas/renesas_cmn.h \
+	wolfssl/wolfcrypt/port/Renesas/renesas_sync.h \
+	wolfssl/wolfcrypt/port/Renesas/renesas_tsip_types.h \
+	wolfssl/wolfcrypt/port/Renesas/renesas-fspsm-crypt.h \
+	wolfssl/wolfcrypt/port/Renesas/renesas-fspsm-types.h \
+	wolfssl/wolfcrypt/port/Renesas/renesas-tsip-crypt.h \
+	wolfssl/wolfcrypt/port/riscv/riscv-64-asm.h \
+	wolfssl/wolfcrypt/port/silabs/silabs_aes.h \
+	wolfssl/wolfcrypt/port/silabs/silabs_ecc.h \
+	wolfssl/wolfcrypt/port/silabs/silabs_hash.h \
+	wolfssl/wolfcrypt/port/silabs/silabs_random.h \
+	wolfssl/wolfcrypt/port/st/stm32.h \
+	wolfssl/wolfcrypt/port/st/stsafe.h \
+	wolfssl/wolfcrypt/port/ti/ti-ccm.h \
+	wolfssl/wolfcrypt/port/ti/ti-hash.h \
+	wolfssl/wolfcrypt/port/xilinx/xil-sha3.h \
+	wolfssl/wolfcrypt/port/xilinx/xil-versal-glue.h \
+	wolfssl/wolfcrypt/port/xilinx/xil-versal-trng.h
+
+
+# Default rules.
+#
+# NOTES:
+#     1.  These files must always be included after the macro definitions and
+#         before the component-specific rules. 
+
+.INCLUDE:$(SWENGENV)/rules.wnt
+.INCLUDE:$(SWENGENV)/intimerules.wnt
+
+# Component-specific rules, including:
+#
+#     prodeng:  checks TARGETS into an engineering release directory using the
+#               "puttarg.ksh" script.
+#
+# NOTES:
+#     1.  The "prodeng" rule must not be renamed or deleted!  It should,
+#         however, be modified to reflect the engineering release requirements
+#         of the TARGETS.
+#
+#     2.  Rules for each of the TARGETS should be added here.
+#
+#     3.  Additional rules may be added as necessary.  Care should be taken so
+#         that rules defined in the rules.wnt file are not redefined here.
+
+prodeng: "$(PROD_ENG)/rt/include/wolfssl572/wolfssl" "$(PROD_ENG)/rt/include/wolfssl572/wolfssl/openssl" \
+	"$(PROD_ENG)/rt/include/wolfssl572/wolfssl/wolfcrypt" "$(PROD_ENG)/rt/include/wolfssl572/wolfssl/wolfcrypt/port" \
+	"$(PROD_ENG)/rt/include/wolfssl572/wolfssl/wolfcrypt/port/af_alg" "$(PROD_ENG)/rt/include/wolfssl572/wolfssl/wolfcrypt/port/aria" \
+    "$(PROD_ENG)/rt/include/wolfssl572/wolfssl/wolfcrypt/port/arm" "$(PROD_ENG)/rt/include/wolfssl572/wolfssl/wolfcrypt/port/atmel" \
+	"$(PROD_ENG)/rt/include/wolfssl572/wolfssl/wolfcrypt/port/autosar" "$(PROD_ENG)/rt/include/wolfssl572/wolfssl/wolfcrypt/port/caam" \
+	"$(PROD_ENG)/rt/include/wolfssl572/wolfssl/wolfcrypt/port/cavium" "$(PROD_ENG)/rt/include/wolfssl572/wolfssl/wolfcrypt/port/cypress" \
+	"$(PROD_ENG)/rt/include/wolfssl572/wolfssl/wolfcrypt/port/devcrypto" "$(PROD_ENG)/rt/include/wolfssl572/wolfssl/wolfcrypt/port/espressif" \
+	"$(PROD_ENG)/rt/include/wolfssl572/wolfssl/wolfcrypt/port/intel" "$(PROD_ENG)/rt/include/wolfssl572/wolfssl/wolfcrypt/port/iotsafe" \
+	"$(PROD_ENG)/rt/include/wolfssl572/wolfssl/wolfcrypt/port/kcapi" "$(PROD_ENG)/rt/include/wolfssl572/wolfssl/wolfcrypt/port/liboqs" \
+	"$(PROD_ENG)/rt/include/wolfssl572/wolfssl/wolfcrypt/port/maxim" "$(PROD_ENG)/rt/include/wolfssl572/wolfssl/wolfcrypt/port/nxp" \
+	"$(PROD_ENG)/rt/include/wolfssl572/wolfssl/wolfcrypt/port/pic32" "$(PROD_ENG)/rt/include/wolfssl572/wolfssl/wolfcrypt/port/psa" \
+	"$(PROD_ENG)/rt/include/wolfssl572/wolfssl/wolfcrypt/port/Renesas" "$(PROD_ENG)/rt/include/wolfssl572/wolfssl/wolfcrypt/port/riscv" \
+    "$(PROD_ENG)/rt/include/wolfssl572/wolfssl/wolfcrypt/port/silabs" "$(PROD_ENG)/rt/include/wolfssl572/wolfssl/wolfcrypt/port/st" \
+    "$(PROD_ENG)/rt/include/wolfssl572/wolfssl/wolfcrypt/port/ti" "$(PROD_ENG)/rt/include/wolfssl572/wolfssl/wolfcrypt/port/xilinx" \
+    "$(PROD_ENG)/rt/lib"
+[@
+for f in $(EXEC_TARGS); do
+$(SWENGENV)/puttarg $(PROD_ENG)/rt/lib $(TARG_DIR)/$$f Engineer $(NAME) "$(MESSAGE)"
+done
+for f in $(SRC_TARGS); do
+$(SWENGENV)/puttarg $(PROD_ENG)/rt/include/wolfssl572 $$f Engineer $(NAME) "$(MESSAGE)"
+done
+
+for f in $(INCL_TARGS); do
+dir=`dirname $$f | gres "wolfssl(.*)" "\1"`
+if [ ! -d $(PROD_ENG)/rt/include/wolfssl572/wolfssl$$dir ] ; then
+  mkdir $(PROD_ENG)/rt/include/wolfssl572/wolfssl$$dir
+fi
+$(SWENGENV)/puttarg $(PROD_ENG)/rt/include/wolfssl572/wolfssl$$dir ../../$$f Engineer $(NAME) "$(MESSAGE)"
+done
+]
+
+"$(PROD_ENG)/rt/include/wolfssl572/wolfssl" \
+"$(PROD_ENG)/rt/include/wolfssl572/wolfssl/openssl" \
+"$(PROD_ENG)/rt/include/wolfssl572/wolfssl/wolfcrypt" \
+"$(PROD_ENG)/rt/include/wolfssl572/wolfssl/wolfcrypt/port" \
+"$(PROD_ENG)/rt/include/wolfssl572/wolfcrypt/port/af_alg" \
+"$(PROD_ENG)/rt/include/wolfssl572/wolfssl/wolfcrypt/port/aria" \
+"$(PROD_ENG)/rt/include/wolfssl572/wolfssl/wolfcrypt/port/arm" \
+"$(PROD_ENG)/rt/include/wolfssl572/wolfssl/wolfcrypt/port/atmel" \
+"$(PROD_ENG)/rt/include/wolfssl572/wolfssl/wolfcrypt/port/autosar" \
+"$(PROD_ENG)/rt/include/wolfssl572/wolfssl/wolfcrypt/port/caam" \
+"$(PROD_ENG)/rt/include/wolfssl572/wolfssl/wolfcrypt/port/cavium" \
+"$(PROD_ENG)/rt/include/wolfssl572/wolfssl/wolfcrypt/port/cypress" \
+"$(PROD_ENG)/rt/include/wolfssl572/wolfssl/wolfcrypt/port/devcrypto" \
+"$(PROD_ENG)/rt/include/wolfssl572/wolfssl/wolfcrypt/port/espressif" \
+"$(PROD_ENG)/rt/include/wolfssl572/wolfssl/wolfcrypt/port/intel" \
+"$(PROD_ENG)/rt/include/wolfssl572/wolfssl/wolfcrypt/port/iotsafe" \
+"$(PROD_ENG)/rt/include/wolfssl572/wolfssl/wolfcrypt/port/kcapi" \
+"$(PROD_ENG)/rt/include/wolfssl572/wolfssl/wolfcrypt/port/liboqs" \
+"$(PROD_ENG)/rt/include/wolfssl572/wolfssl/wolfcrypt/port/maxim" \
+"$(PROD_ENG)/rt/include/wolfssl572/wolfssl/wolfcrypt/port/nxp" \
+"$(PROD_ENG)/rt/include/wolfssl572/wolfssl/wolfcrypt/port/pic32" \
+"$(PROD_ENG)/rt/include/wolfssl572/wolfssl/wolfcrypt/port/psa" \
+"$(PROD_ENG)/rt/include/wolfssl572/wolfssl/wolfcrypt/port/Renesas" \
+"$(PROD_ENG)/rt/include/wolfssl572/wolfssl/wolfcrypt/port/riscv" \
+"$(PROD_ENG)/rt/include/wolfssl572/wolfssl/wolfcrypt/port/silabs" \
+"$(PROD_ENG)/rt/include/wolfssl572/wolfssl/wolfcrypt/port/st" \
+"$(PROD_ENG)/rt/include/wolfssl572/wolfssl/wolfcrypt/port/ti" \
+"$(PROD_ENG)/rt/include/wolfssl572/wolfssl/wolfcrypt/port/xilinx" \
+"$(PROD_ENG)/rt/lib":
+	$(MKSBIN)/mkdir -p $@
+
+# Build project binaries, project help files, and sub-project binaries.
+#
+# NOTES:
+#     1.  To ensure that the correct environment is present when invoking a MS
+#         Developer Studio makefile, the rule initializes the required
+#         environment variables in a sub-shell before invoking the makefile.
+#
+#     2.  Path vectors are converted to Microsoft-style pathname slashes
+#         via 'redmond.ksh' before passing them as environment variables to 
+#         Microsoft tools.
+
+SOLUTIONFILE = wolfssl-lib.sln
+.INCLUDE: $(SWENGENV)/vs2019.wnt
+
+$(EXEC_TARGS) .PROLOG: rt_tree
+[@
+rm -f msbuild.log
+msbuild $(SOLUTIONFILE) /t:Rebuild /p:Configuration=$(TARG_TYPE) /fileLogger
+ec=$$?
+if [ $$ec -ne 0 ]; then
+  echo Failed to build $(@)
+else
+  echo Success!
+fi
+exit $$ec
+]
+
diff --git a/IDE/INTIME-RTOS/include.am b/IDE/INTIME-RTOS/include.am
index 5828c76ec..7c1288384 100644
--- a/IDE/INTIME-RTOS/include.am
+++ b/IDE/INTIME-RTOS/include.am
@@ -10,4 +10,7 @@ EXTRA_DIST += \
     IDE/INTIME-RTOS/wolfExamples.c \
     IDE/INTIME-RTOS/wolfExamples.h \
     IDE/INTIME-RTOS/wolfExamples.vcxproj \
-    IDE/INTIME-RTOS/wolfExamples.sln
+    IDE/INTIME-RTOS/wolfExamples.sln \
+    IDE/INTIME-RTOS/wolfssl-lib.sln \
+    IDE/INTIME-RTOS/wolfssl-lib.vcxproj \
+    IDE/INTIME-RTOS/Makefile
diff --git a/IDE/INTIME-RTOS/libwolfssl.vcxproj b/IDE/INTIME-RTOS/libwolfssl.vcxproj
old mode 100755
new mode 100644
index 77f0703b2..87ab3de8f
--- a/IDE/INTIME-RTOS/libwolfssl.vcxproj
+++ b/IDE/INTIME-RTOS/libwolfssl.vcxproj
@@ -1,210 +1,234 @@
-<?xml version="1.0" encoding="utf-8"?>
-<Project DefaultTargets="Build" ToolsVersion="14.0" xmlns="http://schemas.microsoft.com/developer/msbuild/2003">
-  <ItemGroup Label="ProjectConfigurations">
-    <ProjectConfiguration Include="Debug|INtime">
-      <Configuration>Debug</Configuration>
-      <Platform>INtime</Platform>
-    </ProjectConfiguration>
-    <ProjectConfiguration Include="Release|INtime">
-      <Configuration>Release</Configuration>
-      <Platform>INtime</Platform>
-    </ProjectConfiguration>
-  </ItemGroup>
-  <ItemGroup>
-    <Text Include="README.md" />
-  </ItemGroup>
-  <ItemGroup>
-    <ClCompile Include="libwolfssl.c" />
-    <ClCompile Include="..\..\src\crl.c" />
-    <ClCompile Include="..\..\src\internal.c" />
-    <ClCompile Include="..\..\src\wolfio.c" />
-    <ClCompile Include="..\..\src\keys.c" />
-    <ClCompile Include="..\..\src\ocsp.c" />
-    <ClCompile Include="..\..\src\sniffer.c" />
-    <ClCompile Include="..\..\src\ssl.c" />
-    <ClCompile Include="..\..\src\tls.c" />
-    <ClCompile Include="..\..\wolfcrypt\src\aes.c" />
-    <ClCompile Include="..\..\wolfcrypt\src\arc4.c" />
-    <ClCompile Include="..\..\wolfcrypt\src\asm.c" />
-    <ClCompile Include="..\..\wolfcrypt\src\asn.c" />
-    <ClCompile Include="..\..\wolfcrypt\src\blake2b.c" />
-    <ClCompile Include="..\..\wolfcrypt\src\camellia.c" />
-    <ClCompile Include="..\..\wolfcrypt\src\chacha.c" />
-    <ClCompile Include="..\..\wolfcrypt\src\chacha20_poly1305.c" />
-    <ClCompile Include="..\..\wolfcrypt\src\cmac.c" />
-    <ClCompile Include="..\..\wolfcrypt\src\coding.c" />
-    <ClCompile Include="..\..\wolfcrypt\src\compress.c" />
-    <ClCompile Include="..\..\wolfcrypt\src\curve25519.c" />
-    <ClCompile Include="..\..\wolfcrypt\src\des3.c" />
-    <ClCompile Include="..\..\wolfcrypt\src\dh.c" />
-    <ClCompile Include="..\..\wolfcrypt\src\dsa.c" />
-    <ClCompile Include="..\..\wolfcrypt\src\ecc.c" />
-    <ClCompile Include="..\..\wolfcrypt\src\ed25519.c" />
-    <ClCompile Include="..\..\wolfcrypt\src\error.c" />
-    <ClCompile Include="..\..\wolfcrypt\src\fe_low_mem.c" />
-    <ClCompile Include="..\..\wolfcrypt\src\fe_operations.c" />
-    <ClCompile Include="..\..\wolfcrypt\src\ge_low_mem.c" />
-    <ClCompile Include="..\..\wolfcrypt\src\ge_operations.c" />
-    <ClCompile Include="..\..\wolfcrypt\src\hash.c" />
-    <ClCompile Include="..\..\wolfcrypt\src\kdf.c" />
-    <ClCompile Include="..\..\wolfcrypt\src\hmac.c" />
-    <ClCompile Include="..\..\wolfcrypt\src\integer.c" />
-    <ClCompile Include="..\..\wolfcrypt\src\logging.c" />
-    <ClCompile Include="..\..\wolfcrypt\src\md2.c" />
-    <ClCompile Include="..\..\wolfcrypt\src\md4.c" />
-    <ClCompile Include="..\..\wolfcrypt\src\md5.c" />
-    <ClCompile Include="..\..\wolfcrypt\src\memory.c" />
-    <ClCompile Include="..\..\wolfcrypt\src\pkcs12.c" />
-    <ClCompile Include="..\..\wolfcrypt\src\pkcs7.c" />
-    <ClCompile Include="..\..\wolfcrypt\src\poly1305.c" />
-    <ClCompile Include="..\..\wolfcrypt\src\pwdbased.c" />
-    <ClCompile Include="..\..\wolfcrypt\src\random.c" />
-    <ClCompile Include="..\..\wolfcrypt\src\ripemd.c" />
-    <ClCompile Include="..\..\wolfcrypt\src\rsa.c" />
-    <ClCompile Include="..\..\wolfcrypt\src\sha.c" />
-    <ClCompile Include="..\..\wolfcrypt\src\sha256.c" />
-    <ClCompile Include="..\..\wolfcrypt\src\sha512.c" />
-    <ClCompile Include="..\..\wolfcrypt\src\signature.c" />
-    <ClCompile Include="..\..\wolfcrypt\src\srp.c" />
-    <ClCompile Include="..\..\wolfcrypt\src\tfm.c" />
-    <ClCompile Include="..\..\wolfcrypt\src\wc_encrypt.c" />
-    <ClCompile Include="..\..\wolfcrypt\src\wc_port.c" />
-    <ClCompile Include="..\..\wolfcrypt\src\wolfevent.c" />
-    <ClCompile Include="..\..\wolfcrypt\src\wolfmath.c" />
-  </ItemGroup>
-  <ItemGroup>
-    <ClInclude Include="user_settings.h" />
-    <ClInclude Include="..\..\wolfssl\callbacks.h" />
-    <ClInclude Include="..\..\wolfssl\certs_test.h" />
-    <ClInclude Include="..\..\wolfssl\crl.h" />
-    <ClInclude Include="..\..\wolfssl\error-ssl.h" />
-    <ClInclude Include="..\..\wolfssl\internal.h" />
-    <ClInclude Include="..\..\wolfssl\ocsp.h" />
-    <ClInclude Include="..\..\wolfssl\options.h" />
-    <ClInclude Include="..\..\wolfssl\sniffer.h" />
-    <ClInclude Include="..\..\wolfssl\sniffer_error.h" />
-    <ClInclude Include="..\..\wolfssl\ssl.h" />
-    <ClInclude Include="..\..\wolfssl\test.h" />
-    <ClInclude Include="..\..\wolfssl\version.h" />
-    <ClInclude Include="..\..\wolfssl\wolfcrypt\aes.h" />
-    <ClInclude Include="..\..\wolfssl\wolfcrypt\arc4.h" />
-    <ClInclude Include="..\..\wolfssl\wolfcrypt\asn.h" />
-    <ClInclude Include="..\..\wolfssl\wolfcrypt\asn_public.h" />
-    <ClInclude Include="..\..\wolfssl\wolfcrypt\async.h" />
-    <ClInclude Include="..\..\wolfssl\wolfcrypt\blake2-impl.h" />
-    <ClInclude Include="..\..\wolfssl\wolfcrypt\blake2-int.h" />
-    <ClInclude Include="..\..\wolfssl\wolfcrypt\blake2.h" />
-    <ClInclude Include="..\..\wolfssl\wolfcrypt\camellia.h" />
-    <ClInclude Include="..\..\wolfssl\wolfcrypt\chacha.h" />
-    <ClInclude Include="..\..\wolfssl\wolfcrypt\chacha20_poly1305.h" />
-    <ClInclude Include="..\..\wolfssl\wolfcrypt\cmac.h" />
-    <ClInclude Include="..\..\wolfssl\wolfcrypt\coding.h" />
-    <ClInclude Include="..\..\wolfssl\wolfcrypt\compress.h" />
-    <ClInclude Include="..\..\wolfssl\wolfcrypt\curve25519.h" />
-    <ClInclude Include="..\..\wolfssl\wolfcrypt\des3.h" />
-    <ClInclude Include="..\..\wolfssl\wolfcrypt\dh.h" />
-    <ClInclude Include="..\..\wolfssl\wolfcrypt\dsa.h" />
-    <ClInclude Include="..\..\wolfssl\wolfcrypt\ecc.h" />
-    <ClInclude Include="..\..\wolfssl\wolfcrypt\ed25519.h" />
-    <ClInclude Include="..\..\wolfssl\wolfcrypt\error-crypt.h" />
-    <ClInclude Include="..\..\wolfssl\wolfcrypt\fe_operations.h" />
-    <ClInclude Include="..\..\wolfssl\wolfcrypt\fips_test.h" />
-    <ClInclude Include="..\..\wolfssl\wolfcrypt\ge_operations.h" />
-    <ClInclude Include="..\..\wolfssl\wolfcrypt\hash.h" />
-    <ClInclude Include="..\..\wolfssl\wolfcrypt\hmac.h" />
-    <ClInclude Include="..\..\wolfssl\wolfcrypt\integer.h" />
-    <ClInclude Include="..\..\wolfssl\wolfcrypt\logging.h" />
-    <ClInclude Include="..\..\wolfssl\wolfcrypt\md2.h" />
-    <ClInclude Include="..\..\wolfssl\wolfcrypt\md4.h" />
-    <ClInclude Include="..\..\wolfssl\wolfcrypt\md5.h" />
-    <ClInclude Include="..\..\wolfssl\wolfcrypt\memory.h" />
-    <ClInclude Include="..\..\wolfssl\wolfcrypt\mem_track.h" />
-    <ClInclude Include="..\..\wolfssl\wolfcrypt\misc.h" />
-    <ClInclude Include="..\..\wolfssl\wolfcrypt\mpi_class.h" />
-    <ClInclude Include="..\..\wolfssl\wolfcrypt\mpi_superclass.h" />
-    <ClInclude Include="..\..\wolfssl\wolfcrypt\pkcs12.h" />
-    <ClInclude Include="..\..\wolfssl\wolfcrypt\pkcs7.h" />
-    <ClInclude Include="..\..\wolfssl\wolfcrypt\poly1305.h" />
-    <ClInclude Include="..\..\wolfssl\wolfcrypt\pwdbased.h" />
-    <ClInclude Include="..\..\wolfssl\wolfcrypt\random.h" />
-    <ClInclude Include="..\..\wolfssl\wolfcrypt\ripemd.h" />
-    <ClInclude Include="..\..\wolfssl\wolfcrypt\rsa.h" />
-    <ClInclude Include="..\..\wolfssl\wolfcrypt\settings.h" />
-    <ClInclude Include="..\..\wolfssl\wolfcrypt\sha.h" />
-    <ClInclude Include="..\..\wolfssl\wolfcrypt\sha256.h" />
-    <ClInclude Include="..\..\wolfssl\wolfcrypt\sha512.h" />
-    <ClInclude Include="..\..\wolfssl\wolfcrypt\signature.h" />
-    <ClInclude Include="..\..\wolfssl\wolfcrypt\srp.h" />
-    <ClInclude Include="..\..\wolfssl\wolfcrypt\tfm.h" />
-    <ClInclude Include="..\..\wolfssl\wolfcrypt\types.h" />
-    <ClInclude Include="..\..\wolfssl\wolfcrypt\visibility.h" />
-    <ClInclude Include="..\..\wolfssl\wolfcrypt\wc_encrypt.h" />
-    <ClInclude Include="..\..\wolfssl\wolfcrypt\wc_port.h" />
-    <ClInclude Include="..\..\wolfssl\wolfcrypt\wolfevent.h" />
-    <ClInclude Include="..\..\wolfssl\wolfcrypt\wolfmath.h" />
-  </ItemGroup>
-  <PropertyGroup Label="Globals">
-    <ProjectGuid>{1731767D-573F-45C9-A466-191DA0D180CF}</ProjectGuid>
-    <WindowsTargetPlatformVersion>8.1</WindowsTargetPlatformVersion>
-  </PropertyGroup>
-  <Import Project="$(VCTargetsPath)\Microsoft.Cpp.Default.props" />
-  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Debug|INtime'" Label="Configuration">
-    <ConfigurationType>StaticLibrary</ConfigurationType>
-    <CharacterSet>NotSet</CharacterSet>
-    <PlatformToolset>v140</PlatformToolset>
-  </PropertyGroup>
-  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Release|INtime'" Label="Configuration">
-    <ConfigurationType>StaticLibrary</ConfigurationType>
-    <WholeProgramOptimization>false</WholeProgramOptimization>
-    <CharacterSet>NotSet</CharacterSet>
-    <PlatformToolset>v140</PlatformToolset>
-  </PropertyGroup>
-  <Import Project="$(VCTargetsPath)\Microsoft.Cpp.props" />
-  <ImportGroup Label="ExtensionSettings">
-  </ImportGroup>
-  <ImportGroup Label="PropertySheets" Condition="'$(Configuration)|$(Platform)'=='Debug|INtime'">
-    <Import Project="$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props" Condition="exists('$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props')" Label="LocalAppDataPlatform" />
-  </ImportGroup>
-  <ImportGroup Label="PropertySheets" Condition="'$(Configuration)|$(Platform)'=='Release|INtime'">
-    <Import Project="$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props" Condition="exists('$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props')" Label="LocalAppDataPlatform" />
-  </ImportGroup>
-  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Debug|INtime'">
-    <IntDir>$(Configuration)_$(ProjectName)\</IntDir>
-  </PropertyGroup>
-  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Release|INtime'">
-    <IntDir>$(Configuration)_$(ProjectName)\</IntDir>
-  </PropertyGroup>
-  <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Debug|INtime'">
-    <ClCompile>
-    </ClCompile>
-    <Link>
-      <Version>21076.20052</Version>
-      <AdditionalOptions>/SAFESEH:NO %(AdditionalOptions)</AdditionalOptions>
-      <AdditionalDependencies>rt.lib;pcibus.lib;netlib.lib;clib.lib;vshelper.lib</AdditionalDependencies>
-      <OutputFile>$(SolutionDir)$(Configuration)\\libwolfssl.rsl</OutputFile>
-    </Link>
-    <ClCompile>
-      <ExceptionHandling>Async</ExceptionHandling>
-      <PreprocessorDefinitions>_USRDLL;WOLFSSL_DLL;BUILDING_WOLFSSL;WOLFSSL_USER_SETTINGS;_USE_64BIT_TIME_T;%(PreprocessorDefinitions)</PreprocessorDefinitions>
-      <AdditionalIncludeDirectories>$(ProjectDir);$(ProjectDir)..\..\;%(AdditionalIncludeDirectories)</AdditionalIncludeDirectories>
-    </ClCompile>
-  </ItemDefinitionGroup>
-  <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Release|INtime'">
-    <ClCompile>
-    </ClCompile>
-    <Link>
-      <Version>21076.20052</Version>
-      <AdditionalOptions>/SAFESEH:NO %(AdditionalOptions)</AdditionalOptions>
-      <AdditionalDependencies>rt.lib;pcibus.lib;netlib.lib;clib.lib;vshelper.lib</AdditionalDependencies>
-      <OutputFile>$(SolutionDir)$(Configuration)\\libwolfssl.rsl</OutputFile>
-    </Link>
-    <ClCompile>
-      <ExceptionHandling>Async</ExceptionHandling>
-      <PreprocessorDefinitions>_USRDLL;WOLFSSL_DLL;BUILDING_WOLFSSL;WOLFSSL_USER_SETTINGS;_USE_64BIT_TIME_T;%(PreprocessorDefinitions)</PreprocessorDefinitions>
-      <AdditionalIncludeDirectories>$(ProjectDir);$(ProjectDir)..\..\;%(AdditionalIncludeDirectories)</AdditionalIncludeDirectories>
-    </ClCompile>
-  </ItemDefinitionGroup>
-  <Import Project="$(VCTargetsPath)\Microsoft.Cpp.targets" />
-  <ImportGroup Label="ExtensionTargets">
-  </ImportGroup>
-</Project>
+<?xml version="1.0" encoding="utf-8"?>
+<Project DefaultTargets="Build" ToolsVersion="14.0" xmlns="http://schemas.microsoft.com/developer/msbuild/2003">
+  <ItemGroup Label="ProjectConfigurations">
+    <ProjectConfiguration Include="Debug|INtime">
+      <Configuration>Debug</Configuration>
+      <Platform>INtime</Platform>
+    </ProjectConfiguration>
+    <ProjectConfiguration Include="Release|INtime">
+      <Configuration>Release</Configuration>
+      <Platform>INtime</Platform>
+    </ProjectConfiguration>
+  </ItemGroup>
+  <ItemGroup>
+    <Text Include="README.md" />
+  </ItemGroup>
+  <ItemGroup>
+    <ClCompile Include="libwolfssl.c" />
+    <ClCompile Include="..\..\src\crl.c" />
+    <ClCompile Include="..\..\src\dtls13.c" />
+    <ClCompile Include="..\..\src\dtls.c" />
+    <ClCompile Include="..\..\src\internal.c" />
+    <ClCompile Include="..\..\src\wolfio.c" />
+    <ClCompile Include="..\..\src\keys.c" />
+    <ClCompile Include="..\..\src\ocsp.c" />
+    <ClCompile Include="..\..\src\sniffer.c" />
+    <ClCompile Include="..\..\src\ssl.c" />
+    <ClCompile Include="..\..\src\tls.c" />
+	<ClCompile Include="..\..\src\tls13.c" />
+    <ClCompile Include="..\..\wolfcrypt\src\aes.c" />
+    <ClCompile Include="..\..\wolfcrypt\src\arc4.c" />
+    <ClCompile Include="..\..\wolfcrypt\src\asm.c" />
+    <ClCompile Include="..\..\wolfcrypt\src\asn.c" />
+    <ClCompile Include="..\..\wolfcrypt\src\blake2b.c" />
+	<ClCompile Include="..\..\wolfcrypt\src\blake2s.c" />
+    <ClCompile Include="..\..\wolfcrypt\src\camellia.c" />
+    <ClCompile Include="..\..\wolfcrypt\src\chacha.c" />
+    <ClCompile Include="..\..\wolfcrypt\src\chacha20_poly1305.c" />
+    <ClCompile Include="..\..\wolfcrypt\src\cmac.c" />
+    <ClCompile Include="..\..\wolfcrypt\src\coding.c" />
+    <ClCompile Include="..\..\wolfcrypt\src\compress.c" />
+    <ClCompile Include="..\..\wolfcrypt\src\curve25519.c" />
+	<ClCompile Include="..\..\wolfcrypt\src\cpuid.c" />
+	<ClCompile Include="..\..\wolfcrypt\src\cryptocb.c" />
+    <ClCompile Include="..\..\wolfcrypt\src\des3.c" />
+	<ClCompile Include="..\..\wolfcrypt\src\dilithium.c" />
+    <ClCompile Include="..\..\wolfcrypt\src\dh.c" />
+    <ClCompile Include="..\..\wolfcrypt\src\dsa.c" />
+    <ClCompile Include="..\..\wolfcrypt\src\ecc.c" />
+    <ClCompile Include="..\..\wolfcrypt\src\ed25519.c" />
+	<ClCompile Include="..\..\wolfcrypt\src\ed448.c" />
+    <ClCompile Include="..\..\wolfcrypt\src\error.c" />
+	<!--ClCompile Include="..\..\wolfcrypt\src\ext_kyber.c" /-->
+    <ClCompile Include="..\..\wolfcrypt\src\falcon.c" />
+    <ClCompile Include="..\..\wolfcrypt\src\fe_448.c" />
+    <ClCompile Include="..\..\wolfcrypt\src\fe_low_mem.c" />
+    <ClCompile Include="..\..\wolfcrypt\src\fe_operations.c" />
+	<ClCompile Include="..\..\wolfcrypt\src\ge_448.c" />
+    <ClCompile Include="..\..\wolfcrypt\src\ge_low_mem.c" />
+    <ClCompile Include="..\..\wolfcrypt\src\ge_operations.c" />
+    <ClCompile Include="..\..\wolfcrypt\src\hash.c" />
+    <ClCompile Include="..\..\wolfcrypt\src\kdf.c" />
+	<!--ClCompile Include="..\..\wolfcrypt\src\wc_kyber.c" /-->
+    <!--ClCompile Include="..\..\wolfcrypt\src\wc_kyber_poly.c" /-->
+    <ClCompile Include="..\..\wolfcrypt\src\hmac.c" />
+    <ClCompile Include="..\..\wolfcrypt\src\integer.c" />
+    <ClCompile Include="..\..\wolfcrypt\src\logging.c" />
+    <ClCompile Include="..\..\wolfcrypt\src\md2.c" />
+    <ClCompile Include="..\..\wolfcrypt\src\md4.c" />
+    <ClCompile Include="..\..\wolfcrypt\src\md5.c" />
+    <ClCompile Include="..\..\wolfcrypt\src\memory.c" />
+    <ClCompile Include="..\..\wolfcrypt\src\pkcs12.c" />
+    <ClCompile Include="..\..\wolfcrypt\src\pkcs7.c" />
+    <ClCompile Include="..\..\wolfcrypt\src\poly1305.c" />
+    <ClCompile Include="..\..\wolfcrypt\src\pwdbased.c" />
+    <ClCompile Include="..\..\wolfcrypt\src\random.c" />
+	<ClCompile Include="..\..\wolfcrypt\src\rc2.c" />
+    <ClCompile Include="..\..\wolfcrypt\src\ripemd.c" />
+    <ClCompile Include="..\..\wolfcrypt\src\rsa.c" />
+    <ClCompile Include="..\..\wolfcrypt\src\sha.c" />
+    <ClCompile Include="..\..\wolfcrypt\src\sha256.c" />
+	<ClCompile Include="..\..\wolfcrypt\src\sha3.c" />
+    <ClCompile Include="..\..\wolfcrypt\src\sha512.c" />
+    <ClCompile Include="..\..\wolfcrypt\src\signature.c" />
+	<ClCompile Include="..\..\wolfcrypt\src\sphincs.c" />
+	<ClCompile Include="..\..\wolfcrypt\src\sp_c32.c" />
+    <ClCompile Include="..\..\wolfcrypt\src\sp_c64.c" />
+    <ClCompile Include="..\..\wolfcrypt\src\sp_int.c" />
+    <ClCompile Include="..\..\wolfcrypt\src\sp_x86_64.c" />
+    <ClCompile Include="..\..\wolfcrypt\src\srp.c" />
+    <ClCompile Include="..\..\wolfcrypt\src\tfm.c" />
+    <ClCompile Include="..\..\wolfcrypt\src\wc_encrypt.c" />
+    <ClCompile Include="..\..\wolfcrypt\src\wc_port.c" />
+    <ClCompile Include="..\..\wolfcrypt\src\wolfevent.c" />
+    <ClCompile Include="..\..\wolfcrypt\src\wolfmath.c" />
+    <ClCompile Include="..\..\wolfcrypt\src\wc_pkcs11.c" />
+    <ClCompile Include="..\..\wolfcrypt\src\port\liboqs\liboqs.c" />
+
+  </ItemGroup>
+  <ItemGroup>
+    <ClInclude Include="user_settings.h" />
+    <ClInclude Include="..\..\wolfssl\callbacks.h" />
+    <ClInclude Include="..\..\wolfssl\certs_test.h" />
+    <ClInclude Include="..\..\wolfssl\crl.h" />
+    <ClInclude Include="..\..\wolfssl\error-ssl.h" />
+    <ClInclude Include="..\..\wolfssl\internal.h" />
+    <ClInclude Include="..\..\wolfssl\ocsp.h" />
+    <ClInclude Include="..\..\wolfssl\options.h" />
+    <ClInclude Include="..\..\wolfssl\sniffer.h" />
+    <ClInclude Include="..\..\wolfssl\sniffer_error.h" />
+    <ClInclude Include="..\..\wolfssl\ssl.h" />
+    <ClInclude Include="..\..\wolfssl\test.h" />
+    <ClInclude Include="..\..\wolfssl\version.h" />
+    <ClInclude Include="..\..\wolfssl\wolfcrypt\aes.h" />
+    <ClInclude Include="..\..\wolfssl\wolfcrypt\arc4.h" />
+    <ClInclude Include="..\..\wolfssl\wolfcrypt\asn.h" />
+    <ClInclude Include="..\..\wolfssl\wolfcrypt\asn_public.h" />
+    <ClInclude Include="..\..\wolfssl\wolfcrypt\async.h" />
+    <ClInclude Include="..\..\wolfssl\wolfcrypt\blake2-impl.h" />
+    <ClInclude Include="..\..\wolfssl\wolfcrypt\blake2-int.h" />
+    <ClInclude Include="..\..\wolfssl\wolfcrypt\blake2.h" />
+    <ClInclude Include="..\..\wolfssl\wolfcrypt\camellia.h" />
+    <ClInclude Include="..\..\wolfssl\wolfcrypt\chacha.h" />
+    <ClInclude Include="..\..\wolfssl\wolfcrypt\chacha20_poly1305.h" />
+    <ClInclude Include="..\..\wolfssl\wolfcrypt\cmac.h" />
+    <ClInclude Include="..\..\wolfssl\wolfcrypt\coding.h" />
+    <ClInclude Include="..\..\wolfssl\wolfcrypt\compress.h" />
+    <ClInclude Include="..\..\wolfssl\wolfcrypt\curve25519.h" />
+    <ClInclude Include="..\..\wolfssl\wolfcrypt\des3.h" />
+    <ClInclude Include="..\..\wolfssl\wolfcrypt\dh.h" />
+    <ClInclude Include="..\..\wolfssl\wolfcrypt\dsa.h" />
+    <ClInclude Include="..\..\wolfssl\wolfcrypt\ecc.h" />
+    <ClInclude Include="..\..\wolfssl\wolfcrypt\ed25519.h" />
+    <ClInclude Include="..\..\wolfssl\wolfcrypt\error-crypt.h" />
+    <ClInclude Include="..\..\wolfssl\wolfcrypt\fe_operations.h" />
+    <ClInclude Include="..\..\wolfssl\wolfcrypt\fips_test.h" />
+    <ClInclude Include="..\..\wolfssl\wolfcrypt\ge_operations.h" />
+    <ClInclude Include="..\..\wolfssl\wolfcrypt\hash.h" />
+    <ClInclude Include="..\..\wolfssl\wolfcrypt\hmac.h" />
+    <ClInclude Include="..\..\wolfssl\wolfcrypt\integer.h" />
+    <ClInclude Include="..\..\wolfssl\wolfcrypt\logging.h" />
+    <ClInclude Include="..\..\wolfssl\wolfcrypt\md2.h" />
+    <ClInclude Include="..\..\wolfssl\wolfcrypt\md4.h" />
+    <ClInclude Include="..\..\wolfssl\wolfcrypt\md5.h" />
+    <ClInclude Include="..\..\wolfssl\wolfcrypt\memory.h" />
+    <ClInclude Include="..\..\wolfssl\wolfcrypt\mem_track.h" />
+    <ClInclude Include="..\..\wolfssl\wolfcrypt\misc.h" />
+    <ClInclude Include="..\..\wolfssl\wolfcrypt\mpi_class.h" />
+    <ClInclude Include="..\..\wolfssl\wolfcrypt\mpi_superclass.h" />
+    <ClInclude Include="..\..\wolfssl\wolfcrypt\pkcs12.h" />
+    <ClInclude Include="..\..\wolfssl\wolfcrypt\pkcs7.h" />
+    <ClInclude Include="..\..\wolfssl\wolfcrypt\poly1305.h" />
+    <ClInclude Include="..\..\wolfssl\wolfcrypt\pwdbased.h" />
+    <ClInclude Include="..\..\wolfssl\wolfcrypt\random.h" />
+    <ClInclude Include="..\..\wolfssl\wolfcrypt\ripemd.h" />
+    <ClInclude Include="..\..\wolfssl\wolfcrypt\rsa.h" />
+    <ClInclude Include="..\..\wolfssl\wolfcrypt\settings.h" />
+    <ClInclude Include="..\..\wolfssl\wolfcrypt\sha.h" />
+    <ClInclude Include="..\..\wolfssl\wolfcrypt\sha256.h" />
+    <ClInclude Include="..\..\wolfssl\wolfcrypt\sha512.h" />
+    <ClInclude Include="..\..\wolfssl\wolfcrypt\signature.h" />
+    <ClInclude Include="..\..\wolfssl\wolfcrypt\srp.h" />
+    <ClInclude Include="..\..\wolfssl\wolfcrypt\tfm.h" />
+    <ClInclude Include="..\..\wolfssl\wolfcrypt\types.h" />
+    <ClInclude Include="..\..\wolfssl\wolfcrypt\visibility.h" />
+    <ClInclude Include="..\..\wolfssl\wolfcrypt\wc_encrypt.h" />
+    <ClInclude Include="..\..\wolfssl\wolfcrypt\wc_port.h" />
+    <ClInclude Include="..\..\wolfssl\wolfcrypt\wolfevent.h" />
+    <ClInclude Include="..\..\wolfssl\wolfcrypt\wolfmath.h" />
+  </ItemGroup>
+  <PropertyGroup Label="Globals">
+    <ProjectGuid>{1731767D-573F-45C9-A466-191DA0D180CF}</ProjectGuid>
+    <WindowsTargetPlatformVersion>8.1</WindowsTargetPlatformVersion>
+  </PropertyGroup>
+  <Import Project="$(VCTargetsPath)\Microsoft.Cpp.Default.props" />
+  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Debug|INtime'" Label="Configuration">
+    <ConfigurationType>StaticLibrary</ConfigurationType>
+    <CharacterSet>NotSet</CharacterSet>
+    <PlatformToolset>v142</PlatformToolset>
+  </PropertyGroup>
+  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Release|INtime'" Label="Configuration">
+    <ConfigurationType>StaticLibrary</ConfigurationType>
+    <WholeProgramOptimization>false</WholeProgramOptimization>
+    <CharacterSet>NotSet</CharacterSet>
+    <PlatformToolset>v142</PlatformToolset>
+  </PropertyGroup>
+  <Import Project="$(VCTargetsPath)\Microsoft.Cpp.props" />
+  <ImportGroup Label="ExtensionSettings">
+  </ImportGroup>
+  <ImportGroup Label="PropertySheets" Condition="'$(Configuration)|$(Platform)'=='Debug|INtime'">
+    <Import Project="$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props" Condition="exists('$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props')" Label="LocalAppDataPlatform" />
+  </ImportGroup>
+  <ImportGroup Label="PropertySheets" Condition="'$(Configuration)|$(Platform)'=='Release|INtime'">
+    <Import Project="$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props" Condition="exists('$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props')" Label="LocalAppDataPlatform" />
+  </ImportGroup>
+  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Debug|INtime'">
+    <IntDir>$(Configuration)_$(ProjectName)\</IntDir>
+  </PropertyGroup>
+  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Release|INtime'">
+    <IntDir>$(Configuration)_$(ProjectName)\</IntDir>
+  </PropertyGroup>
+  <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Debug|INtime'">
+    <ClCompile>
+    </ClCompile>
+    <Link>
+      <Version>21076.20052</Version>
+      <AdditionalOptions>/SAFESEH:NO %(AdditionalOptions)</AdditionalOptions>
+      <AdditionalDependencies>rt.lib;pcibus.lib;netlib.lib;clib.lib;vshelper.lib</AdditionalDependencies>
+      <OutputFile>$(SolutionDir)$(Configuration)\\libwolfssl.rsl</OutputFile>
+    </Link>
+    <ClCompile>
+      <ExceptionHandling>Async</ExceptionHandling>
+      <PreprocessorDefinitions>_USRDLL;WOLFSSL_DLL;BUILDING_WOLFSSL;WOLFSSL_USER_SETTINGS;_USE_64BIT_TIME_T;%(PreprocessorDefinitions)</PreprocessorDefinitions>
+      <AdditionalIncludeDirectories>$(ProjectDir);$(ProjectDir)..\..\;%(AdditionalIncludeDirectories)</AdditionalIncludeDirectories>
+    </ClCompile>
+  </ItemDefinitionGroup>
+  <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Release|INtime'">
+    <ClCompile>
+    </ClCompile>
+    <Link>
+      <Version>21076.20052</Version>
+      <AdditionalOptions>/SAFESEH:NO %(AdditionalOptions)</AdditionalOptions>
+      <AdditionalDependencies>rt.lib;pcibus.lib;netlib.lib;clib.lib;vshelper.lib</AdditionalDependencies>
+      <OutputFile>$(SolutionDir)$(Configuration)\\libwolfssl.rsl</OutputFile>
+    </Link>
+    <ClCompile>
+      <ExceptionHandling>Async</ExceptionHandling>
+      <PreprocessorDefinitions>_USRDLL;WOLFSSL_DLL;BUILDING_WOLFSSL;WOLFSSL_USER_SETTINGS;_USE_64BIT_TIME_T;%(PreprocessorDefinitions)</PreprocessorDefinitions>
+      <AdditionalIncludeDirectories>$(ProjectDir);$(ProjectDir)..\..\;%(AdditionalIncludeDirectories)</AdditionalIncludeDirectories>
+    </ClCompile>
+  </ItemDefinitionGroup>
+  <Import Project="$(VCTargetsPath)\Microsoft.Cpp.targets" />
+  <ImportGroup Label="ExtensionTargets">
+  </ImportGroup>
+</Project>
\ No newline at end of file
diff --git a/IDE/INTIME-RTOS/user_settings.h b/IDE/INTIME-RTOS/user_settings.h
index 9b6a9ba07..83be2eec7 100644
--- a/IDE/INTIME-RTOS/user_settings.h
+++ b/IDE/INTIME-RTOS/user_settings.h
@@ -284,6 +284,9 @@ extern "C" {
 #undef  OPENSSL_EXTRA
 #define OPENSSL_EXTRA
 
+#undef  OPENSSL_ALL
+#define OPENSSL_ALL
+
 #undef  WOLFSSL_BASE64_ENCODE
 #define WOLFSSL_BASE64_ENCODE
 
diff --git a/IDE/INTIME-RTOS/wolfExamples.vcxproj b/IDE/INTIME-RTOS/wolfExamples.vcxproj
old mode 100755
new mode 100644
index f650244c0..90a8f5d20
--- a/IDE/INTIME-RTOS/wolfExamples.vcxproj
+++ b/IDE/INTIME-RTOS/wolfExamples.vcxproj
@@ -1,93 +1,93 @@
-<?xml version="1.0" encoding="utf-8"?>
-<Project DefaultTargets="Build" ToolsVersion="14.0" xmlns="http://schemas.microsoft.com/developer/msbuild/2003">
-  <ItemGroup Label="ProjectConfigurations">
-    <ProjectConfiguration Include="Debug|INtime">
-      <Configuration>Debug</Configuration>
-      <Platform>INtime</Platform>
-    </ProjectConfiguration>
-    <ProjectConfiguration Include="Release|INtime">
-      <Configuration>Release</Configuration>
-      <Platform>INtime</Platform>
-    </ProjectConfiguration>
-  </ItemGroup>
-  <ItemGroup>
-    <Text Include="README.md" />
-  </ItemGroup>
-  <ItemGroup>
-    <ClCompile Include="wolfExamples.c" />
-    <ClCompile Include="..\..\wolfcrypt\test\test.c" />
-    <ClCompile Include="..\..\wolfcrypt\benchmark\benchmark.c" />
-  </ItemGroup>
-  <ItemGroup>
-    <ClInclude Include="user_settings.h" />
-    <ClInclude Include="wolfExamples.h" />
-  </ItemGroup>
-  <PropertyGroup Label="Globals">
-    <ProjectGuid>{557A7EFD-2627-478A-A855-50F518DD13EE}</ProjectGuid>
-    <ProjectName>wolfExamples</ProjectName>
-    <WindowsTargetPlatformVersion>8.1</WindowsTargetPlatformVersion>
-  </PropertyGroup>
-  <Import Project="$(VCTargetsPath)\Microsoft.Cpp.Default.props" />
-  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Debug|INtime'" Label="Configuration">
-    <ConfigurationType>Application</ConfigurationType>
-    <CharacterSet>NotSet</CharacterSet>
-    <PlatformToolset>v140</PlatformToolset>
-  </PropertyGroup>
-  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Release|INtime'" Label="Configuration">
-    <ConfigurationType>Application</ConfigurationType>
-    <WholeProgramOptimization>false</WholeProgramOptimization>
-    <CharacterSet>NotSet</CharacterSet>
-    <PlatformToolset>v140</PlatformToolset>
-  </PropertyGroup>
-  <Import Project="$(VCTargetsPath)\Microsoft.Cpp.props" />
-  <ImportGroup Label="ExtensionSettings">
-  </ImportGroup>
-  <ImportGroup Label="PropertySheets" Condition="'$(Configuration)|$(Platform)'=='Debug|INtime'">
-    <Import Project="$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props" Condition="exists('$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props')" Label="LocalAppDataPlatform" />
-  </ImportGroup>
-  <ImportGroup Label="PropertySheets" Condition="'$(Configuration)|$(Platform)'=='Release|INtime'">
-    <Import Project="$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props" Condition="exists('$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props')" Label="LocalAppDataPlatform" />
-  </ImportGroup>
-  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Debug|INtime'">
-    <IntDir>$(Configuration)_$(ProjectName)\</IntDir>
-  </PropertyGroup>
-  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Release|INtime'">
-    <IntDir>$(Configuration)_$(ProjectName)\</IntDir>
-  </PropertyGroup>
-  <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Debug|INtime'">
-    <ClCompile>
-    </ClCompile>
-    <Link>
-      <Version>21076.20053</Version>
-      <AdditionalOptions>/SAFESEH:NO %(AdditionalOptions)</AdditionalOptions>
-      <AdditionalDependencies>rt.lib;pcibus.lib;netlib.lib;clib.lib;vshelper.lib;libwolfssl.lib</AdditionalDependencies>
-      <OutputFile>$(SolutionDir)$(Configuration)\\wolfExamples.rta</OutputFile>
-      <AdditionalLibraryDirectories>$(ProjectDir)$(Configuration);%(AdditionalLibraryDirectories)</AdditionalLibraryDirectories>
-    </Link>
-    <ClCompile>
-      <ExceptionHandling>Async</ExceptionHandling>
-      <PreprocessorDefinitions>WOLFSSL_USER_SETTINGS;_USE_64BIT_TIME_T;%(PreprocessorDefinitions)</PreprocessorDefinitions>
-      <AdditionalIncludeDirectories>$(ProjectDir);$(ProjectDir)..\..\;%(AdditionalIncludeDirectories)</AdditionalIncludeDirectories>
-    </ClCompile>
-  </ItemDefinitionGroup>
-  <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Release|INtime'">
-    <ClCompile>
-    </ClCompile>
-    <Link>
-      <Version>21076.20053</Version>
-      <AdditionalOptions>/SAFESEH:NO %(AdditionalOptions)</AdditionalOptions>
-      <AdditionalDependencies>rt.lib;pcibus.lib;netlib.lib;clib.lib;vshelper.lib;libwolfssl.lib</AdditionalDependencies>
-      <OutputFile>$(SolutionDir)$(Configuration)\\wolfExamples.rta</OutputFile>
-      <AdditionalLibraryDirectories>$(ProjectDir)$(Configuration);%(AdditionalLibraryDirectories)</AdditionalLibraryDirectories>
-    </Link>
-    <ClCompile>
-      <ExceptionHandling>Async</ExceptionHandling>
-      <PreprocessorDefinitions>WOLFSSL_USER_SETTINGS;%(PreprocessorDefinitions)</PreprocessorDefinitions>
-      <AdditionalIncludeDirectories>$(ProjectDir);$(ProjectDir)..\..\;%(AdditionalIncludeDirectories)</AdditionalIncludeDirectories>
-      <ProgramDataBaseFileName>$(IntDir)vc$(PlatformToolsetVersion).pdb</ProgramDataBaseFileName>
-    </ClCompile>
-  </ItemDefinitionGroup>
-  <Import Project="$(VCTargetsPath)\Microsoft.Cpp.targets" />
-  <ImportGroup Label="ExtensionTargets">
-  </ImportGroup>
-</Project>
+<?xml version="1.0" encoding="utf-8"?>
+<Project DefaultTargets="Build" ToolsVersion="14.0" xmlns="http://schemas.microsoft.com/developer/msbuild/2003">
+  <ItemGroup Label="ProjectConfigurations">
+    <ProjectConfiguration Include="Debug|INtime">
+      <Configuration>Debug</Configuration>
+      <Platform>INtime</Platform>
+    </ProjectConfiguration>
+    <ProjectConfiguration Include="Release|INtime">
+      <Configuration>Release</Configuration>
+      <Platform>INtime</Platform>
+    </ProjectConfiguration>
+  </ItemGroup>
+  <ItemGroup>
+    <Text Include="README.md" />
+  </ItemGroup>
+  <ItemGroup>
+    <ClCompile Include="wolfExamples.c" />
+    <ClCompile Include="..\..\wolfcrypt\test\test.c" />
+    <ClCompile Include="..\..\wolfcrypt\benchmark\benchmark.c" />
+  </ItemGroup>
+  <ItemGroup>
+    <ClInclude Include="user_settings.h" />
+    <ClInclude Include="wolfExamples.h" />
+  </ItemGroup>
+  <PropertyGroup Label="Globals">
+    <ProjectGuid>{557A7EFD-2627-478A-A855-50F518DD13EE}</ProjectGuid>
+    <ProjectName>wolfExamples</ProjectName>
+    <WindowsTargetPlatformVersion>8.1</WindowsTargetPlatformVersion>
+  </PropertyGroup>
+  <Import Project="$(VCTargetsPath)\Microsoft.Cpp.Default.props" />
+  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Debug|INtime'" Label="Configuration">
+    <ConfigurationType>Application</ConfigurationType>
+    <CharacterSet>NotSet</CharacterSet>
+    <PlatformToolset>v142</PlatformToolset>
+  </PropertyGroup>
+  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Release|INtime'" Label="Configuration">
+    <ConfigurationType>Application</ConfigurationType>
+    <WholeProgramOptimization>false</WholeProgramOptimization>
+    <CharacterSet>NotSet</CharacterSet>
+    <PlatformToolset>v142</PlatformToolset>
+  </PropertyGroup>
+  <Import Project="$(VCTargetsPath)\Microsoft.Cpp.props" />
+  <ImportGroup Label="ExtensionSettings">
+  </ImportGroup>
+  <ImportGroup Label="PropertySheets" Condition="'$(Configuration)|$(Platform)'=='Debug|INtime'">
+    <Import Project="$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props" Condition="exists('$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props')" Label="LocalAppDataPlatform" />
+  </ImportGroup>
+  <ImportGroup Label="PropertySheets" Condition="'$(Configuration)|$(Platform)'=='Release|INtime'">
+    <Import Project="$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props" Condition="exists('$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props')" Label="LocalAppDataPlatform" />
+  </ImportGroup>
+  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Debug|INtime'">
+    <IntDir>$(Configuration)_$(ProjectName)\</IntDir>
+  </PropertyGroup>
+  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Release|INtime'">
+    <IntDir>$(Configuration)_$(ProjectName)\</IntDir>
+  </PropertyGroup>
+  <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Debug|INtime'">
+    <ClCompile>
+    </ClCompile>
+    <Link>
+      <Version>21076.20053</Version>
+      <AdditionalOptions>/SAFESEH:NO %(AdditionalOptions)</AdditionalOptions>
+      <AdditionalDependencies>rt.lib;pcibus.lib;netlib.lib;clib.lib;vshelper.lib;libwolfssl.lib</AdditionalDependencies>
+      <OutputFile>$(SolutionDir)$(Configuration)\\wolfExamples.rta</OutputFile>
+      <AdditionalLibraryDirectories>$(ProjectDir)$(Configuration);%(AdditionalLibraryDirectories)</AdditionalLibraryDirectories>
+    </Link>
+    <ClCompile>
+      <ExceptionHandling>Async</ExceptionHandling>
+      <PreprocessorDefinitions>WOLFSSL_USER_SETTINGS;_USE_64BIT_TIME_T;%(PreprocessorDefinitions)</PreprocessorDefinitions>
+      <AdditionalIncludeDirectories>$(ProjectDir);$(ProjectDir)..\..\;%(AdditionalIncludeDirectories)</AdditionalIncludeDirectories>
+    </ClCompile>
+  </ItemDefinitionGroup>
+  <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Release|INtime'">
+    <ClCompile>
+    </ClCompile>
+    <Link>
+      <Version>21076.20053</Version>
+      <AdditionalOptions>/SAFESEH:NO %(AdditionalOptions)</AdditionalOptions>
+      <AdditionalDependencies>rt.lib;pcibus.lib;netlib.lib;clib.lib;vshelper.lib;libwolfssl.lib</AdditionalDependencies>
+      <OutputFile>$(SolutionDir)$(Configuration)\\wolfExamples.rta</OutputFile>
+      <AdditionalLibraryDirectories>$(ProjectDir)$(Configuration);%(AdditionalLibraryDirectories)</AdditionalLibraryDirectories>
+    </Link>
+    <ClCompile>
+      <ExceptionHandling>Async</ExceptionHandling>
+      <PreprocessorDefinitions>WOLFSSL_USER_SETTINGS;%(PreprocessorDefinitions)</PreprocessorDefinitions>
+      <AdditionalIncludeDirectories>$(ProjectDir);$(ProjectDir)..\..\;%(AdditionalIncludeDirectories)</AdditionalIncludeDirectories>
+      <ProgramDataBaseFileName>$(IntDir)vc$(PlatformToolsetVersion).pdb</ProgramDataBaseFileName>
+    </ClCompile>
+  </ItemDefinitionGroup>
+  <Import Project="$(VCTargetsPath)\Microsoft.Cpp.targets" />
+  <ImportGroup Label="ExtensionTargets">
+  </ImportGroup>
+</Project>
\ No newline at end of file
diff --git a/IDE/INTIME-RTOS/wolfssl-lib.sln b/IDE/INTIME-RTOS/wolfssl-lib.sln
new file mode 100644
index 000000000..8110ac245
--- /dev/null
+++ b/IDE/INTIME-RTOS/wolfssl-lib.sln
@@ -0,0 +1,22 @@
+
+Microsoft Visual Studio Solution File, Format Version 12.00
+# Visual Studio 14
+VisualStudioVersion = 14.0.25420.1
+MinimumVisualStudioVersion = 10.0.40219.1
+Project("{8BC9CEB8-8B4A-11D0-8D11-00A0C91BC942}") = "wolfssl-lib", "wolfssl-lib.vcxproj", "{3BBA3633-A077-4A57-A242-0A22328E5CF6}"
+EndProject
+Global
+	GlobalSection(SolutionConfigurationPlatforms) = preSolution
+		Debug|INtime = Debug|INtime
+		Release|INtime = Release|INtime
+	EndGlobalSection
+	GlobalSection(ProjectConfigurationPlatforms) = postSolution
+		{3BBA3633-A077-4A57-A242-0A22328E5CF6}.Debug|INtime.ActiveCfg = Debug|INtime
+		{3BBA3633-A077-4A57-A242-0A22328E5CF6}.Debug|INtime.Build.0 = Debug|INtime
+		{3BBA3633-A077-4A57-A242-0A22328E5CF6}.Release|INtime.ActiveCfg = Release|INtime
+		{3BBA3633-A077-4A57-A242-0A22328E5CF6}.Release|INtime.Build.0 = Release|INtime
+	EndGlobalSection
+	GlobalSection(SolutionProperties) = preSolution
+		HideSolutionNode = FALSE
+	EndGlobalSection
+EndGlobal
diff --git a/IDE/INTIME-RTOS/wolfssl-lib.vcxproj b/IDE/INTIME-RTOS/wolfssl-lib.vcxproj
new file mode 100644
index 000000000..c00ecf0c7
--- /dev/null
+++ b/IDE/INTIME-RTOS/wolfssl-lib.vcxproj
@@ -0,0 +1,363 @@
+<?xml version="1.0" encoding="utf-8"?>
+<Project DefaultTargets="Build" ToolsVersion="14.0" xmlns="http://schemas.microsoft.com/developer/msbuild/2003">
+  <ItemGroup Label="ProjectConfigurations">
+    <ProjectConfiguration Include="Debug|INtime">
+      <Configuration>Debug</Configuration>
+      <Platform>INtime</Platform>
+    </ProjectConfiguration>
+    <ProjectConfiguration Include="Release|INtime">
+      <Configuration>Release</Configuration>
+      <Platform>INtime</Platform>
+    </ProjectConfiguration>
+  </ItemGroup>
+  <ItemGroup>
+    <Text Include="README.md" />
+  </ItemGroup>
+  <ItemGroup>
+    <ClCompile Include="..\..\src\bio.c">
+      <ExcludedFromBuild Condition="'$(Configuration)|$(Platform)'=='Release|INtime'">true</ExcludedFromBuild>
+      <ExcludedFromBuild Condition="'$(Configuration)|$(Platform)'=='Debug|INtime'">true</ExcludedFromBuild>
+    </ClCompile>
+    <ClCompile Include="..\..\src\conf.c">
+      <ExcludedFromBuild Condition="'$(Configuration)|$(Platform)'=='Debug|INtime'">true</ExcludedFromBuild>
+      <ExcludedFromBuild Condition="'$(Configuration)|$(Platform)'=='Release|INtime'">true</ExcludedFromBuild>
+    </ClCompile>
+    <ClCompile Include="..\..\src\dtls.c" />
+    <ClCompile Include="..\..\src\dtls13.c" />
+    <ClCompile Include="..\..\src\pk.c">
+      <ExcludedFromBuild Condition="'$(Configuration)|$(Platform)'=='Release|INtime'">true</ExcludedFromBuild>
+      <ExcludedFromBuild Condition="'$(Configuration)|$(Platform)'=='Debug|INtime'">true</ExcludedFromBuild>
+    </ClCompile>
+    <ClCompile Include="..\..\src\quic.c" />
+    <ClCompile Include="..\..\src\ssl_asn1.c">
+      <ExcludedFromBuild Condition="'$(Configuration)|$(Platform)'=='Debug|INtime'">true</ExcludedFromBuild>
+      <ExcludedFromBuild Condition="'$(Configuration)|$(Platform)'=='Release|INtime'">true</ExcludedFromBuild>
+    </ClCompile>
+    <ClCompile Include="..\..\src\ssl_bn.c">
+      <ExcludedFromBuild Condition="'$(Configuration)|$(Platform)'=='Release|INtime'">true</ExcludedFromBuild>
+      <ExcludedFromBuild Condition="'$(Configuration)|$(Platform)'=='Debug|INtime'">true</ExcludedFromBuild>
+    </ClCompile>
+    <ClCompile Include="..\..\src\ssl_certman.c">
+      <ExcludedFromBuild Condition="'$(Configuration)|$(Platform)'=='Debug|INtime'">true</ExcludedFromBuild>
+      <ExcludedFromBuild Condition="'$(Configuration)|$(Platform)'=='Release|INtime'">true</ExcludedFromBuild>
+    </ClCompile>
+    <ClCompile Include="..\..\src\ssl_crypto.c">
+      <ExcludedFromBuild Condition="'$(Configuration)|$(Platform)'=='Release|INtime'">true</ExcludedFromBuild>
+      <ExcludedFromBuild Condition="'$(Configuration)|$(Platform)'=='Debug|INtime'">true</ExcludedFromBuild>
+    </ClCompile>
+    <ClCompile Include="..\..\src\ssl_load.c">
+      <ExcludedFromBuild Condition="'$(Configuration)|$(Platform)'=='Debug|INtime'">true</ExcludedFromBuild>
+      <ExcludedFromBuild Condition="'$(Configuration)|$(Platform)'=='Release|INtime'">true</ExcludedFromBuild>
+    </ClCompile>
+    <ClCompile Include="..\..\src\ssl_misc.c">
+      <ExcludedFromBuild Condition="'$(Configuration)|$(Platform)'=='Release|INtime'">true</ExcludedFromBuild>
+      <ExcludedFromBuild Condition="'$(Configuration)|$(Platform)'=='Debug|INtime'">true</ExcludedFromBuild>
+    </ClCompile>
+    <ClCompile Include="..\..\src\ssl_p7p12.c">
+      <ExcludedFromBuild Condition="'$(Configuration)|$(Platform)'=='Release|INtime'">true</ExcludedFromBuild>
+      <ExcludedFromBuild Condition="'$(Configuration)|$(Platform)'=='Debug|INtime'">true</ExcludedFromBuild>
+    </ClCompile>
+    <ClCompile Include="..\..\src\ssl_sess.c">
+      <ExcludedFromBuild Condition="'$(Configuration)|$(Platform)'=='Release|INtime'">true</ExcludedFromBuild>
+      <ExcludedFromBuild Condition="'$(Configuration)|$(Platform)'=='Debug|INtime'">true</ExcludedFromBuild>
+    </ClCompile>
+    <ClCompile Include="..\..\src\tls13.c" />
+    <ClCompile Include="..\..\src\x509.c">
+      <ExcludedFromBuild Condition="'$(Configuration)|$(Platform)'=='Debug|INtime'">true</ExcludedFromBuild>
+      <ExcludedFromBuild Condition="'$(Configuration)|$(Platform)'=='Release|INtime'">true</ExcludedFromBuild>
+    </ClCompile>
+    <ClCompile Include="..\..\src\x509_str.c">
+      <ExcludedFromBuild Condition="'$(Configuration)|$(Platform)'=='Debug|INtime'">true</ExcludedFromBuild>
+      <ExcludedFromBuild Condition="'$(Configuration)|$(Platform)'=='Release|INtime'">true</ExcludedFromBuild>
+    </ClCompile>
+    <ClCompile Include="..\..\wolfcrypt\src\async.c" />
+    <ClCompile Include="..\..\wolfcrypt\src\blake2s.c" />
+    <ClCompile Include="..\..\wolfcrypt\src\cpuid.c" />
+    <ClCompile Include="..\..\wolfcrypt\src\cryptocb.c" />
+    <ClCompile Include="..\..\wolfcrypt\src\curve448.c" />
+    <ClCompile Include="..\..\wolfcrypt\src\dilithium.c" />
+    <ClCompile Include="..\..\wolfcrypt\src\eccsi.c" />
+    <ClCompile Include="..\..\wolfcrypt\src\ed448.c" />
+    <ClCompile Include="..\..\wolfcrypt\src\evp.c">
+      <ExcludedFromBuild Condition="'$(Configuration)|$(Platform)'=='Debug|INtime'">true</ExcludedFromBuild>
+      <ExcludedFromBuild Condition="'$(Configuration)|$(Platform)'=='Release|INtime'">true</ExcludedFromBuild>
+    </ClCompile>
+    <ClCompile Include="..\..\wolfcrypt\src\ext_kyber.c" />
+    <ClCompile Include="..\..\wolfcrypt\src\ext_lms.c" />
+    <ClCompile Include="..\..\wolfcrypt\src\ext_xmss.c" />
+    <ClCompile Include="..\..\wolfcrypt\src\falcon.c" />
+    <ClCompile Include="..\..\wolfcrypt\src\fe_448.c" />
+    <ClCompile Include="..\..\wolfcrypt\src\fips.c" />
+    <ClCompile Include="..\..\wolfcrypt\src\fips_test.c" />
+    <ClCompile Include="..\..\wolfcrypt\src\ge_448.c" />
+    <ClCompile Include="..\..\wolfcrypt\src\hpke.c" />
+    <ClCompile Include="..\..\wolfcrypt\src\kdf.c" />
+    <ClCompile Include="..\..\wolfcrypt\src\misc.c">
+      <ExcludedFromBuild Condition="'$(Configuration)|$(Platform)'=='Debug|INtime'">true</ExcludedFromBuild>
+      <ExcludedFromBuild Condition="'$(Configuration)|$(Platform)'=='Release|INtime'">true</ExcludedFromBuild>
+    </ClCompile>
+    <ClCompile Include="..\..\wolfcrypt\src\rc2.c" />
+    <ClCompile Include="..\..\wolfcrypt\src\sakke.c" />
+    <ClCompile Include="..\..\wolfcrypt\src\selftest.c" />
+    <ClCompile Include="..\..\wolfcrypt\src\sha3.c" />
+    <ClCompile Include="..\..\wolfcrypt\src\siphash.c" />
+    <ClCompile Include="..\..\wolfcrypt\src\sm2.c" />
+    <ClCompile Include="..\..\wolfcrypt\src\sm3.c" />
+    <ClCompile Include="..\..\wolfcrypt\src\sm4.c" />
+    <ClCompile Include="..\..\wolfcrypt\src\sphincs.c" />
+    <ClCompile Include="..\..\wolfcrypt\src\sp_arm32.c" />
+    <ClCompile Include="..\..\wolfcrypt\src\sp_arm64.c" />
+    <ClCompile Include="..\..\wolfcrypt\src\sp_armthumb.c" />
+    <ClCompile Include="..\..\wolfcrypt\src\sp_c32.c" />
+    <ClCompile Include="..\..\wolfcrypt\src\sp_c64.c" />
+    <ClCompile Include="..\..\wolfcrypt\src\sp_cortexm.c" />
+    <ClCompile Include="..\..\wolfcrypt\src\sp_dsp32.c" />
+    <ClCompile Include="..\..\wolfcrypt\src\sp_int.c" />
+    <ClCompile Include="..\..\wolfcrypt\src\sp_sm2_arm32.c" />
+    <ClCompile Include="..\..\wolfcrypt\src\sp_sm2_arm64.c" />
+    <ClCompile Include="..\..\wolfcrypt\src\sp_sm2_armthumb.c" />
+    <ClCompile Include="..\..\wolfcrypt\src\sp_sm2_c32.c" />
+    <ClCompile Include="..\..\wolfcrypt\src\sp_sm2_c64.c" />
+    <ClCompile Include="..\..\wolfcrypt\src\sp_sm2_cortexm.c" />
+    <ClCompile Include="..\..\wolfcrypt\src\sp_sm2_x86_64.c" />
+    <ClCompile Include="..\..\wolfcrypt\src\sp_x86_64.c" />
+    <ClCompile Include="..\..\wolfcrypt\src\wc_dsp.c" />
+    <ClCompile Include="..\..\wolfcrypt\src\wc_kyber.c" />
+    <ClCompile Include="..\..\wolfcrypt\src\wc_kyber_poly.c" />
+    <ClCompile Include="..\..\wolfcrypt\src\wc_lms.c" />
+    <ClCompile Include="..\..\wolfcrypt\src\wc_lms_impl.c" />
+    <ClCompile Include="..\..\wolfcrypt\src\wc_pkcs11.c" />
+    <ClCompile Include="..\..\wolfcrypt\src\wc_xmss.c" />
+    <ClCompile Include="..\..\wolfcrypt\src\wc_xmss_impl.c" />
+    <ClCompile Include="..\..\wolfcrypt\src\wolfcrypt_first.c" />
+    <ClCompile Include="..\..\wolfcrypt\src\wolfcrypt_last.c" />
+    <ClCompile Include="libwolfssl.c" />
+    <ClCompile Include="..\..\src\crl.c" />
+    <ClCompile Include="..\..\src\internal.c" />
+    <ClCompile Include="..\..\src\wolfio.c" />
+    <ClCompile Include="..\..\src\keys.c" />
+    <ClCompile Include="..\..\src\ocsp.c" />
+    <ClCompile Include="..\..\src\sniffer.c" />
+    <ClCompile Include="..\..\src\ssl.c" />
+    <ClCompile Include="..\..\src\tls.c" />
+    <ClCompile Include="..\..\wolfcrypt\src\aes.c" />
+    <ClCompile Include="..\..\wolfcrypt\src\arc4.c" />
+    <ClCompile Include="..\..\wolfcrypt\src\asm.c" />
+    <ClCompile Include="..\..\wolfcrypt\src\asn.c" />
+    <ClCompile Include="..\..\wolfcrypt\src\blake2b.c" />
+    <ClCompile Include="..\..\wolfcrypt\src\camellia.c" />
+    <ClCompile Include="..\..\wolfcrypt\src\chacha.c" />
+    <ClCompile Include="..\..\wolfcrypt\src\chacha20_poly1305.c" />
+    <ClCompile Include="..\..\wolfcrypt\src\cmac.c" />
+    <ClCompile Include="..\..\wolfcrypt\src\coding.c" />
+    <ClCompile Include="..\..\wolfcrypt\src\compress.c" />
+    <ClCompile Include="..\..\wolfcrypt\src\curve25519.c" />
+    <ClCompile Include="..\..\wolfcrypt\src\des3.c" />
+    <ClCompile Include="..\..\wolfcrypt\src\dh.c" />
+    <ClCompile Include="..\..\wolfcrypt\src\dsa.c" />
+    <ClCompile Include="..\..\wolfcrypt\src\ecc.c" />
+    <ClCompile Include="..\..\wolfcrypt\src\ecc_fp.c" />
+    <ClCompile Include="..\..\wolfcrypt\src\ed25519.c" />
+    <ClCompile Include="..\..\wolfcrypt\src\error.c" />
+    <ClCompile Include="..\..\wolfcrypt\src\fe_low_mem.c" />
+    <ClCompile Include="..\..\wolfcrypt\src\fe_operations.c" />
+    <ClCompile Include="..\..\wolfcrypt\src\ge_low_mem.c" />
+    <ClCompile Include="..\..\wolfcrypt\src\ge_operations.c" />
+    <ClCompile Include="..\..\wolfcrypt\src\hash.c" />
+    <ClCompile Include="..\..\wolfcrypt\src\hmac.c" />
+    <ClCompile Include="..\..\wolfcrypt\src\integer.c" />
+    <ClCompile Include="..\..\wolfcrypt\src\logging.c" />
+    <ClCompile Include="..\..\wolfcrypt\src\md2.c" />
+    <ClCompile Include="..\..\wolfcrypt\src\md4.c" />
+    <ClCompile Include="..\..\wolfcrypt\src\md5.c" />
+    <ClCompile Include="..\..\wolfcrypt\src\memory.c" />
+    <ClCompile Include="..\..\wolfcrypt\src\pkcs12.c" />
+    <ClCompile Include="..\..\wolfcrypt\src\pkcs7.c" />
+    <ClCompile Include="..\..\wolfcrypt\src\poly1305.c" />
+    <ClCompile Include="..\..\wolfcrypt\src\pwdbased.c" />
+    <ClCompile Include="..\..\wolfcrypt\src\random.c" />
+    <ClCompile Include="..\..\wolfcrypt\src\ripemd.c" />
+    <ClCompile Include="..\..\wolfcrypt\src\rsa.c" />
+    <ClCompile Include="..\..\wolfcrypt\src\sha.c" />
+    <ClCompile Include="..\..\wolfcrypt\src\sha256.c" />
+    <ClCompile Include="..\..\wolfcrypt\src\sha512.c" />
+    <ClCompile Include="..\..\wolfcrypt\src\signature.c" />
+    <ClCompile Include="..\..\wolfcrypt\src\srp.c" />
+    <ClCompile Include="..\..\wolfcrypt\src\tfm.c" />
+    <ClCompile Include="..\..\wolfcrypt\src\wc_encrypt.c" />
+    <ClCompile Include="..\..\wolfcrypt\src\wc_port.c" />
+    <ClCompile Include="..\..\wolfcrypt\src\wolfevent.c" />
+    <ClCompile Include="..\..\wolfcrypt\src\wolfmath.c" />
+  </ItemGroup>
+  <ItemGroup>
+    <None Include="..\..\wolfcrypt\src\chacha_asm.asm" />
+    <None Include="..\..\wolfcrypt\src\chacha_asm.S" />
+    <None Include="..\..\wolfcrypt\src\fe_x25519_asm.S" />
+    <None Include="..\..\wolfcrypt\src\fp_mont_small.i" />
+    <None Include="..\..\wolfcrypt\src\fp_mul_comba_12.i" />
+    <None Include="..\..\wolfcrypt\src\fp_mul_comba_17.i" />
+    <None Include="..\..\wolfcrypt\src\fp_mul_comba_20.i" />
+    <None Include="..\..\wolfcrypt\src\fp_mul_comba_24.i" />
+    <None Include="..\..\wolfcrypt\src\fp_mul_comba_28.i" />
+    <None Include="..\..\wolfcrypt\src\fp_mul_comba_3.i" />
+    <None Include="..\..\wolfcrypt\src\fp_mul_comba_32.i" />
+    <None Include="..\..\wolfcrypt\src\fp_mul_comba_4.i" />
+    <None Include="..\..\wolfcrypt\src\fp_mul_comba_48.i" />
+    <None Include="..\..\wolfcrypt\src\fp_mul_comba_6.i" />
+    <None Include="..\..\wolfcrypt\src\fp_mul_comba_64.i" />
+    <None Include="..\..\wolfcrypt\src\fp_mul_comba_7.i" />
+    <None Include="..\..\wolfcrypt\src\fp_mul_comba_8.i" />
+    <None Include="..\..\wolfcrypt\src\fp_mul_comba_9.i" />
+    <None Include="..\..\wolfcrypt\src\fp_mul_comba_small_set.i" />
+    <None Include="..\..\wolfcrypt\src\fp_sqr_comba_12.i" />
+    <None Include="..\..\wolfcrypt\src\fp_sqr_comba_17.i" />
+    <None Include="..\..\wolfcrypt\src\fp_sqr_comba_20.i" />
+    <None Include="..\..\wolfcrypt\src\fp_sqr_comba_24.i" />
+    <None Include="..\..\wolfcrypt\src\fp_sqr_comba_28.i" />
+    <None Include="..\..\wolfcrypt\src\fp_sqr_comba_3.i" />
+    <None Include="..\..\wolfcrypt\src\fp_sqr_comba_32.i" />
+    <None Include="..\..\wolfcrypt\src\fp_sqr_comba_4.i" />
+    <None Include="..\..\wolfcrypt\src\fp_sqr_comba_48.i" />
+    <None Include="..\..\wolfcrypt\src\fp_sqr_comba_6.i" />
+    <None Include="..\..\wolfcrypt\src\fp_sqr_comba_64.i" />
+    <None Include="..\..\wolfcrypt\src\fp_sqr_comba_7.i" />
+    <None Include="..\..\wolfcrypt\src\fp_sqr_comba_8.i" />
+    <None Include="..\..\wolfcrypt\src\fp_sqr_comba_9.i" />
+    <None Include="..\..\wolfcrypt\src\fp_sqr_comba_small_set.i" />
+    <None Include="..\..\wolfcrypt\src\include.am" />
+    <None Include="..\..\wolfcrypt\src\poly1305_asm.asm" />
+    <None Include="..\..\wolfcrypt\src\poly1305_asm.S" />
+    <None Include="..\..\wolfcrypt\src\sha256_asm.S" />
+    <None Include="..\..\wolfcrypt\src\sha3_asm.S" />
+    <None Include="..\..\wolfcrypt\src\sha512_asm.S" />
+    <None Include="..\..\wolfcrypt\src\sm3_asm.S" />
+    <None Include="..\..\wolfcrypt\src\sp_sm2_x86_64_asm.S" />
+    <None Include="..\..\wolfcrypt\src\sp_x86_64_asm.asm" />
+    <None Include="..\..\wolfcrypt\src\sp_x86_64_asm.S" />
+    <None Include="..\..\wolfcrypt\src\wc_kyber_asm.S" />
+  </ItemGroup>
+  <ItemGroup>
+    <ClInclude Include="..\..\wolfcrypt\src\fe_x25519_128.h" />
+  </ItemGroup>
+  <PropertyGroup Label="Globals">
+    <ProjectGuid>{3BBA3633-A077-4A57-A242-0A22328E5CF6}</ProjectGuid>
+    <WindowsTargetPlatformVersion>10.0</WindowsTargetPlatformVersion>
+  </PropertyGroup>
+  <Import Project="$(VCTargetsPath)\Microsoft.Cpp.Default.props" />
+  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Debug|INtime'" Label="Configuration">
+    <ConfigurationType>StaticLibrary</ConfigurationType>
+    <CharacterSet>NotSet</CharacterSet>
+    <PlatformToolset>v140</PlatformToolset>
+  </PropertyGroup>
+  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Release|INtime'" Label="Configuration">
+    <ConfigurationType>StaticLibrary</ConfigurationType>
+    <WholeProgramOptimization>false</WholeProgramOptimization>
+    <CharacterSet>NotSet</CharacterSet>
+    <PlatformToolset>v140</PlatformToolset>
+  </PropertyGroup>
+  <Import Project="$(VCTargetsPath)\Microsoft.Cpp.props" />
+  <ImportGroup Label="ExtensionSettings">
+  </ImportGroup>
+  <ImportGroup Label="PropertySheets" Condition="'$(Configuration)|$(Platform)'=='Debug|INtime'">
+    <Import Project="$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props" Condition="exists('$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props')" Label="LocalAppDataPlatform" />
+  </ImportGroup>
+  <ImportGroup Label="PropertySheets" Condition="'$(Configuration)|$(Platform)'=='Release|INtime'">
+    <Import Project="$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props" Condition="exists('$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props')" Label="LocalAppDataPlatform" />
+  </ImportGroup>
+  <PropertyGroup Label="UserMacros" />
+  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Debug|INtime'">
+    <INtimeDseg>0</INtimeDseg>
+    <INtimeNode>Local</INtimeNode>
+    <INtimeOdir>0</INtimeOdir>
+    <TargetName>libwolfssl572</TargetName>
+  </PropertyGroup>
+  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Release|INtime'">
+    <INtimeDseg>0</INtimeDseg>
+    <INtimeNode>Local</INtimeNode>
+    <INtimeOdir>0</INtimeOdir>
+    <TargetName>libwolfssl572</TargetName>
+  </PropertyGroup>
+  <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Debug|INtime'">
+    <ClCompile>
+      <PrecompiledHeader>NotUsing</PrecompiledHeader>
+      <MinimalRebuild>false</MinimalRebuild>
+      <BasicRuntimeChecks>Default</BasicRuntimeChecks>
+      <RuntimeLibrary>MultiThreaded</RuntimeLibrary>
+      <PreprocessorDefinitions>DEBUG_WOLFSSL;_USRDLL;WOLFSSL_DLL;BUILDING_WOLFSSL;WOLFSSL_USER_SETTINGS;_DEBUG;INTIME_RTOS;%(PreprocessorDefinitions)</PreprocessorDefinitions>
+      <ExceptionHandling>Async</ExceptionHandling>
+      <BufferSecurityCheck>true</BufferSecurityCheck>
+      <FunctionLevelLinking>false</FunctionLevelLinking>
+      <FloatingPointExceptions>false</FloatingPointExceptions>
+      <RuntimeTypeInfo>false</RuntimeTypeInfo>
+      <OpenMPSupport>false</OpenMPSupport>
+      <PrecompiledHeaderFile>
+      </PrecompiledHeaderFile>
+      <ErrorReporting>Prompt</ErrorReporting>
+      <AdditionalIncludeDirectories>$(ProjectDir);$(ProjectDir)..\..\;$(intime)\rt\include\network7;$(intime)\rt\include;%(AdditionalIncludeDirectories)</AdditionalIncludeDirectories>
+    </ClCompile>
+    <Link>
+      <SubSystem>Console</SubSystem>
+      <GenerateDebugInformation>true</GenerateDebugInformation>
+      <AdditionalDependencies>rt.lib;pcibus.lib;netlib.lib;clib.lib;vshelper.lib</AdditionalDependencies>
+      <HeapReserveSize>0</HeapReserveSize>
+      <Version>21076.20052</Version>
+      <DelayLoadDLLs>
+      </DelayLoadDLLs>
+      <GenerateManifest>false</GenerateManifest>
+      <AssemblyDebug>false</AssemblyDebug>
+      <HeapCommitSize>0</HeapCommitSize>
+      <StackReserveSize>0</StackReserveSize>
+      <StackCommitSize>0</StackCommitSize>
+      <TurnOffAssemblyGeneration>false</TurnOffAssemblyGeneration>
+      <LinkErrorReporting>PromptImmediately</LinkErrorReporting>
+      <ImageHasSafeExceptionHandlers>false</ImageHasSafeExceptionHandlers>
+      <AdditionalOptions>/SAFESEH:NO %(AdditionalOptions)</AdditionalOptions>
+    </Link>
+    <Lib>
+      <OutputFile>$(SolutionDir)$(Configuration)\$(TargetName).lib</OutputFile>
+    </Lib>
+  </ItemDefinitionGroup>
+  <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Release|INtime'">
+    <ClCompile>
+      <PrecompiledHeader>NotUsing</PrecompiledHeader>
+      <RuntimeLibrary>MultiThreaded</RuntimeLibrary>
+      <FunctionLevelLinking>true</FunctionLevelLinking>
+      <IntrinsicFunctions>false</IntrinsicFunctions>
+      <PreprocessorDefinitions>_USRDLL;WOLFSSL_DLL;BUILDING_WOLFSSL;WOLFSSL_USER_SETTINGS;INTIME_RTOS;%(PreprocessorDefinitions)</PreprocessorDefinitions>
+      <ExceptionHandling>Async</ExceptionHandling>
+      <InlineFunctionExpansion>OnlyExplicitInline</InlineFunctionExpansion>
+      <StringPooling>true</StringPooling>
+      <BufferSecurityCheck>false</BufferSecurityCheck>
+      <FloatingPointExceptions>false</FloatingPointExceptions>
+      <RuntimeTypeInfo>false</RuntimeTypeInfo>
+      <PrecompiledHeaderFile>
+      </PrecompiledHeaderFile>
+      <ErrorReporting>Prompt</ErrorReporting>
+      <AdditionalIncludeDirectories>$(ProjectDir);$(ProjectDir)..\..\;$(intime)\rt\include\network7;$(intime)\rt\include;%(AdditionalIncludeDirectories)</AdditionalIncludeDirectories>
+      <DebugInformationFormat>None</DebugInformationFormat>
+    </ClCompile>
+    <Link>
+      <SubSystem>Console</SubSystem>
+      <GenerateDebugInformation>false</GenerateDebugInformation>
+      <AdditionalDependencies>rt.lib;pcibus.lib;netlib.lib;clib.lib;vshelper.lib</AdditionalDependencies>
+      <HeapReserveSize>0</HeapReserveSize>
+      <Version>21076.20052</Version>
+      <DelayLoadDLLs>
+      </DelayLoadDLLs>
+      <GenerateManifest>false</GenerateManifest>
+      <AssemblyDebug>false</AssemblyDebug>
+      <HeapCommitSize>0</HeapCommitSize>
+      <StackReserveSize>0</StackReserveSize>
+      <StackCommitSize>0</StackCommitSize>
+      <LinkErrorReporting>PromptImmediately</LinkErrorReporting>
+      <ImageHasSafeExceptionHandlers>false</ImageHasSafeExceptionHandlers>
+      <AdditionalOptions>/SAFESEH:NO %(AdditionalOptions)</AdditionalOptions>
+    </Link>
+    <Lib>
+      <OutputFile>$(SolutionDir)$(Configuration)\$(TargetName).lib</OutputFile>
+    </Lib>
+  </ItemDefinitionGroup>
+  <Import Project="$(VCTargetsPath)\Microsoft.Cpp.targets" />
+  <ImportGroup Label="ExtensionTargets">
+  </ImportGroup>
+</Project>
\ No newline at end of file
diff --git a/IDE/LINUX-SGX/build.sh b/IDE/LINUX-SGX/build.sh
index c833b55c6..317765529 100755
--- a/IDE/LINUX-SGX/build.sh
+++ b/IDE/LINUX-SGX/build.sh
@@ -1,9 +1,22 @@
 #!/bin/sh
 
 
-CFLAGS_NEW="-DDEBUG_WOLFSSL"
+CFLAGS_NEW="-DDEBUG_WOLFSSL -I/usr/lib/gcc/x86_64-linux-gnu/$(gcc -dumpversion)/include"
 export CFLAGS="${CFLAGS} ${CFLAGS_NEW}"
 echo ${CFLAGS}
 
-make -f sgx_t_static.mk HAVE_WOLFSSL_BENCHMARK=1 HAVE_WOLFSSL_TEST=1 HAVE_WOLFSSL_SP=1
+# create an empty options.h file if none exist
+if [ ! -f ../../wolfssl/options.h ]; then
+    touch ../../wolfssl/options.h
+fi
+
+NEW_INCLUDE_PATH="$C_INCLUDE_PATH:/usr/lib/gcc/x86_64-linux-gnu/$(gcc -dumpversion)/include"
+export C_INCLUDE_PATH="$NEW_INCLUDE_PATH"
+
+
+# Build without assembly optimizations
+#make -f sgx_t_static.mk HAVE_WOLFSSL_BENCHMARK=1 HAVE_WOLFSSL_TEST=1 HAVE_WOLFSSL_SP=1
+
+# Build with assembly optimizations
+make -f sgx_t_static.mk HAVE_WOLFSSL_BENCHMARK=1 HAVE_WOLFSSL_TEST=1 HAVE_WOLFSSL_SP=1 HAVE_WOLFSSL_ASSEMBLY=1
 
diff --git a/IDE/LINUX-SGX/clean.sh b/IDE/LINUX-SGX/clean.sh
index 150f46a59..8a7716d3d 100755
--- a/IDE/LINUX-SGX/clean.sh
+++ b/IDE/LINUX-SGX/clean.sh
@@ -1,3 +1,4 @@
 #!/bin/sh
 
-make -f sgx_t_static.mk clean
+make -f sgx_t_static.mk HAVE_WOLFSSL_BENCHMARK=1 HAVE_WOLFSSL_TEST=1 HAVE_WOLFSSL_SP=1 HAVE_WOLFSSL_ASSEMBLY=1 clean
+
diff --git a/IDE/LINUX-SGX/sgx_t_static.mk b/IDE/LINUX-SGX/sgx_t_static.mk
index 1941bae02..5af62f7e7 100644
--- a/IDE/LINUX-SGX/sgx_t_static.mk
+++ b/IDE/LINUX-SGX/sgx_t_static.mk
@@ -44,7 +44,8 @@ endif
 
 Crypto_Library_Name := sgx_tcrypto
 
-Wolfssl_C_Extra_Flags := -DWOLFSSL_SGX
+Wolfssl_C_Extra_Flags := -DWOLFSSL_SGX\
+			 -DWOLFSSL_CUSTOM_CONFIG
 
 Wolfssl_C_Files :=$(WOLFSSL_ROOT)/wolfcrypt/src/aes.c\
 					$(WOLFSSL_ROOT)/wolfcrypt/src/arc4.c\
@@ -52,6 +53,7 @@ Wolfssl_C_Files :=$(WOLFSSL_ROOT)/wolfcrypt/src/aes.c\
 					$(WOLFSSL_ROOT)/wolfcrypt/src/blake2b.c\
 					$(WOLFSSL_ROOT)/wolfcrypt/src/camellia.c\
 					$(WOLFSSL_ROOT)/wolfcrypt/src/coding.c\
+					$(WOLFSSL_ROOT)/wolfcrypt/src/cpuid.c\
 					$(WOLFSSL_ROOT)/wolfcrypt/src/chacha.c\
 					$(WOLFSSL_ROOT)/wolfcrypt/src/chacha20_poly1305.c\
 					$(WOLFSSL_ROOT)/src/crl.c\
@@ -88,11 +90,40 @@ Wolfssl_C_Files :=$(WOLFSSL_ROOT)/wolfcrypt/src/aes.c\
 					$(WOLFSSL_ROOT)/wolfcrypt/src/signature.c\
 					$(WOLFSSL_ROOT)/wolfcrypt/src/sp_c32.c\
 					$(WOLFSSL_ROOT)/wolfcrypt/src/sp_c64.c\
+					$(WOLFSSL_ROOT)/wolfcrypt/src/sp_x86_64.c\
 					$(WOLFSSL_ROOT)/wolfcrypt/src/sp_int.c\
 					$(WOLFSSL_ROOT)/src/ssl.c\
 					$(WOLFSSL_ROOT)/src/tls.c\
 					$(WOLFSSL_ROOT)/wolfcrypt/src/wc_encrypt.c\
-					$(WOLFSSL_ROOT)/wolfcrypt/src/wolfevent.c\
+					$(WOLFSSL_ROOT)/wolfcrypt/src/wolfevent.c
+
+
+ifeq ($(HAVE_WOLFSSL_ASSEMBLY), 1)
+	Wolfssl_ASM_Files := $(WOLFSSL_ROOT)/wolfcrypt/src/aes_asm.asm\
+               $(WOLFSSL_ROOT)/wolfcrypt/src/sp_x86_64_asm.asm
+
+	Wolfssl_S_Files := $(WOLFSSL_ROOT)/wolfcrypt/src/aes_asm.S\
+               $(WOLFSSL_ROOT)/wolfcrypt/src/aes_gcm_asm.S\
+               $(WOLFSSL_ROOT)/wolfcrypt/src/poly1305_asm.S\
+               $(WOLFSSL_ROOT)/wolfcrypt/src/sha256_asm.S\
+               $(WOLFSSL_ROOT)/wolfcrypt/src/sp_x86_64_asm.S\
+               $(WOLFSSL_ROOT)/wolfcrypt/src/aes_xts_asm.S\
+               $(WOLFSSL_ROOT)/wolfcrypt/src/sha3_asm.S\
+               $(WOLFSSL_ROOT)/wolfcrypt/src/wc_mlkem_asm.S\
+               $(WOLFSSL_ROOT)/wolfcrypt/src/chacha_asm.S\
+               $(WOLFSSL_ROOT)/wolfcrypt/src/sha512_asm.S
+
+
+	Wolfssl_C_Extra_Flags += -DWOLFSSL_X86_64_BUILD\
+               -DWOLFSSL_AESNI\
+               -maes -mavx -mavx2 -msse4.2
+
+ifeq ($(HAVE_WOLFSSL_SP), 1)
+    Wolfssl_C_Extra_Flags += -DWOLFSSL_SP_X86_64_ASM\
+			   -DWOLFSSL_SP_X86_64\
+			   -DWOLFSSL_SP_ASM
+endif
+endif
 
 Wolfssl_Include_Paths := -I$(WOLFSSL_ROOT)/ \
 						 -I$(WOLFSSL_ROOT)/wolfcrypt/ \
@@ -111,7 +142,8 @@ endif
 ifeq ($(HAVE_WOLFSSL_SP), 1)
     Wolfssl_C_Extra_Flags += -DWOLFSSL_HAVE_SP_RSA \
                              -DWOLFSSL_HAVE_SP_DH  \
-                             -DWOLFSSL_HAVE_SP_ECC
+                             -DWOLFSSL_HAVE_SP_ECC \
+                             -DWOLFSSL_SP_MATH_ALL
 endif
 
 
@@ -128,6 +160,8 @@ Wolfssl_Link_Flags := $(SGX_COMMON_CFLAGS) -Wl,--no-undefined -nostdlib -nodefau
 	-Wl,--version-script=trusted/wolfcrypt.lds
 
 Wolfssl_C_Objects := $(Wolfssl_C_Files:.c=.o)
+Wolfssl_C_Objects += $(Wolfssl_S_Files:.S=.o)
+Wolfssl_C_Objects += $(Wolfssl_ASM_Files:.asm=.o)
 
 ifeq ($(SGX_MODE), HW)
 ifneq ($(SGX_DEBUG), 1)
@@ -137,17 +171,17 @@ endif
 endif
 endif
 
-override CFLAGS += $(Wolfssl_C_Flags)
+override CPPFLAGS += $(Wolfssl_C_Flags)
 
 .PHONY: all run
 
 all: libwolfssl.sgx.static.lib.a
 
 ######## WolfSSL Objects ########
-
 libwolfssl.sgx.static.lib.a: $(Wolfssl_C_Objects)
 	ar rcs libwolfssl.sgx.static.lib.a $(Wolfssl_C_Objects)
 	@echo "LINK =>  $@"
+	@echo "Built with AES-NI ? $(HAVE_WOLFSSL_ASSEMBLY)"
 
 clean:
 	@rm -f $(WOLFSSL_ROOT)/wolfcrypt/benchmark/*.o $(WOLFSSL_ROOT)/wolfcrypt/test/*.o static_trusted/wolfssl_t.* libwolfssl.sgx.static.lib.a  $(Wolfssl_C_Objects)
diff --git a/IDE/Renesas/e2studio/RA6M3/README.md b/IDE/Renesas/e2studio/RA6M3/README.md
index 285d89799..9fe04ceba 100644
--- a/IDE/Renesas/e2studio/RA6M3/README.md
+++ b/IDE/Renesas/e2studio/RA6M3/README.md
@@ -21,25 +21,25 @@ The wolfssl Project Summary is listed below and is relevant for every project.
 |Board|EK-RA6M3|
 |Device|R7FA6M3AH3CFC|
 |Toolchain|GCC ARM Embedded|
-|FSP Version|3.5.0|
+|FSP Version|6.1.0|
 
 #### Selected software components
 
 |Components|Version|
 |:--|:--|
-|Board Support Package Common Files|v3.5.0|
-|Arm CMSIS Version 5 - Core (M)|v5.8.0+renesas.0.fsp.3.5.0|
-|FreeRTOS|v10.4.3-LTS.Patch.2+fsp.3.5.0|
-|RA6M3-EK Board Support Files|v3.5.0|
-|Board support package for R7FA6M3AH3CFC|v3.5.0|
-|Board support package for RA6M3|v3.5.0|
-|Board support package for RA6M3 - FSP Data|v3.5.0|
-|FreeRTOS - Memory Management - Heap 4|v10.4.3-LTS.Patch.2+fsp.3.5.0|
-|r_ether to FreeRTOS+TCP Wrapper|v3.5.0|
-|Ethernet|v3.5.0|
-|Ethernet PHY|v3.5.0|
-|FreeRTOS+TCP|v2.3.2-LTS.Patch.1+fsp.3.5.0|
-|FreeRTOS - Buffer Allocation 2|v2.3.2-LTS.Patch.1+fsp.3.5.0|
+|Board Support Package Common Files|v6.1.0|
+|Arm CMSIS Version 5 - Core (M)|v6.1.0+renesas.0.fsp.6.1.0|
+|FreeRTOS|v11.1.0+fsp.6.1.0|
+|RA6M3-EK Board Support Files|v6.1.0|
+|Board support package for R7FA6M3AH3CFC|v6.1.0|
+|Board support package for RA6M3|v6.1.0|
+|Board support package for RA6M3 - FSP Data|v6.1.0|
+|FreeRTOS - Memory Management - Heap 4|v11.1.0+fsp.6.1.0|
+|r_ether to FreeRTOS+TCP Wrapper|v6.1.0|
+|Ethernet|v6.1.0|
+|Ethernet PHY|v6.1.0|
+|FreeRTOS+TCP|v4.3.3+fsp.6.1.0|
+|FreeRTOS - Buffer Allocation 2|v4.3.3+fsp.6.1.0|
 
 
 ## Setup Steps
@@ -51,11 +51,11 @@ The following steps explain how to generate the missing files and where to place
 1.) Create a 'dummy' Renesas RA C Library Project.
 
 + Click File->New->`RA C/C++ Project`
-+ Click `Renesas RA C Library Project`. Click Next
 + Enter `dummy_library` as the project name. Click Next.
 + Under `Board: Custom User Board`, select `EK-RA6M3`.
-+ Under `RTOS: No RTOS`, select `FreeRTOS`.
-+ Click Next. Select `FreeRTOS - Minimal - Static Allocation`
++ Select `None`. Click Next.
++ Select `Static Library`. Under `RTOS: No RTOS`, select `FreeRTOS`. Click Next
++ Select `FreeRTOS - Minimal - Static Allocation`
 + Click Finish.
 + Open Smart Configurator by clicking configuration.xml in the project
 + Go to `BSP` tab and increase Heap Size under `RA Common` on Properties page, e.g. 0x1000
@@ -64,17 +64,18 @@ The following steps explain how to generate the missing files and where to place
 
 |Property|Value|
 |:--|:--|
-|Thread Symbol|wolfssl_tst_thread|
-|Thread Name|wolf_tst_thread|
+|Thread Symbol|wolfssl_tst_thd|
+|Thread Name|wolf_tst_thd|
 |Thread Stack size|increase depending on your environment<br> e.g. 0xA000|
-|Thread MemoryAllocation|Dynamic|
+|Thread Memory Allocation Support Dynamic Allocation|Enabled|
+|Memory Allocation Total Heap Size|increase depending on your environment<br> e.g. 0x20000|
 |Common General Use Mutexes|Enabled|
 |Common General Enable Backward Compatibility|Enabled|
-|Common Memory Allocation Support Dynamic Allocation|Enabled|
-|Common Memory Allocation Total Heap Size|increase depending on your environment<br> e.g. 0x20000|
+
 
 + Add `Heap 4` stack to sce_tst_thread from `New Stack` -> `RTOS` -> `FreeRTOS Heap 4`
-+ Add `FreeRTOS + TCP` stack to sce_tst_thread from `New Stack` -> `Networking` -> `FreeRTOS+TCP` and set properties
++ Add `FreeRTOS + TCP` stack to sce_tst_thread from `New Stack` -> `Networking` -> `FreeRTOS+TCP` and set properties. Go to `Add Ethernet Driver` box, and click the box to select `New` -> `Ethernet (r_ether)`
+. Set properties.
 
 |Property|Value|
 |:--|:--|
@@ -84,9 +85,10 @@ The following steps explain how to generate the missing files and where to place
 2.) Create a 'dummy' Renesas RA C Project Using RA Library.
 
 + Click File->New->`RA C/C++ Project`
-+ Click `Renesas RA C Project Using RA Library`. Click Next
 + Enter `dummy_app` as the project name. Click Next.
-+ Under `Executable Using an RA Static library`
++ Under `Board: Custom User Board`, select `EK-RA6M3`.
++ Select `None`. Click Next.
++ Select `Executable Using an RA Static library`, and `No RTOS`. Click Finish
 + Enter `dummy_app` as the project name. Click Next
 + Select `dummy_library` from Select Renesas RA library project.
 + Click Finish.
@@ -125,6 +127,7 @@ The following steps explain how to generate the missing files and where to place
 + Select and Copy the following folder inside dummy_app\
 
   `script/`
+  `Debug/`
 
 + Paste the copied folders into each executable projects which are Crypt test, benchmark, client and server projects\
 + The `dummy_app` project can now be deleted.
diff --git a/IDE/Renesas/e2studio/RA6M3/benchmark-wolfcrypt/.cproject b/IDE/Renesas/e2studio/RA6M3/benchmark-wolfcrypt/.cproject
index 09d968ab0..32e90c14a 100644
--- a/IDE/Renesas/e2studio/RA6M3/benchmark-wolfcrypt/.cproject
+++ b/IDE/Renesas/e2studio/RA6M3/benchmark-wolfcrypt/.cproject
@@ -54,7 +54,7 @@
 							<option id="ilg.gnuarmeclipse.managedbuild.cross.option.arm.target.fpu.unit.1066354393" name="FPU Type" superClass="ilg.gnuarmeclipse.managedbuild.cross.option.arm.target.fpu.unit" value="ilg.gnuarmeclipse.managedbuild.cross.option.arm.target.fpu.unit.fpv4spd16" valueType="enumerated"/>
 							<option id="ilg.gnuarmeclipse.managedbuild.cross.option.arm.target.fpu.abi.1749606599" name="Float ABI" superClass="ilg.gnuarmeclipse.managedbuild.cross.option.arm.target.fpu.abi" value="ilg.gnuarmeclipse.managedbuild.cross.option.arm.target.fpu.abi.hard" valueType="enumerated"/>
 							<targetPlatform archList="all" binaryParser="org.eclipse.cdt.core.ELF" id="ilg.gnuarmeclipse.managedbuild.cross.targetPlatform.1387289429" isAbstract="false" osList="all" superClass="ilg.gnuarmeclipse.managedbuild.cross.targetPlatform"/>
-							<builder buildPath="${workspace_loc:/benchmark_wolfCrypt_RA6M3G}/Debug" id="com.renesas.cdt.managedbuild.gnuarm.builder.101353899" keepEnvironmentInBuildfile="false" managedBuildOn="true" name="Gnu Make Builder" parallelBuildOn="true" parallelizationNumber="optimal" superClass="com.renesas.cdt.managedbuild.gnuarm.builder"/>
+							<builder buildPath="${workspace_loc:/benchmark_wolfCrypt_RA6M3G}/Debug" id="com.renesas.cdt.managedbuild.gnuarm.builder.101353899" keepEnvironmentInBuildfile="false" managedBuildOn="true" name="Gnu Make ビルダー" parallelBuildOn="true" parallelizationNumber="optimal" superClass="com.renesas.cdt.managedbuild.gnuarm.builder"/>
 							<tool commandLinePattern="${SECURE_BUILD_COMMAND} ${COMMAND} ${cross_toolchain_flags} ${FLAGS} -c ${OUTPUT_FLAG} ${OUTPUT_PREFIX}${OUTPUT} ${INPUTS}" id="ilg.gnuarmeclipse.managedbuild.cross.tool.assembler.117420076" name="GNU ARM Cross Assembler" superClass="ilg.gnuarmeclipse.managedbuild.cross.tool.assembler">
 								<option id="ilg.gnuarmeclipse.managedbuild.cross.option.assembler.usepreprocessor.1915546252" name="Use preprocessor" superClass="ilg.gnuarmeclipse.managedbuild.cross.option.assembler.usepreprocessor" value="true" valueType="boolean"/>
 								<option IS_BUILTIN_EMPTY="false" IS_VALUE_EMPTY="false" id="ilg.gnuarmeclipse.managedbuild.cross.option.assembler.include.paths.541441314" name="Include paths (-I)" superClass="ilg.gnuarmeclipse.managedbuild.cross.option.assembler.include.paths" valueType="includePath">
@@ -93,6 +93,10 @@
 									<listOptionValue builtIn="false" value="&quot;${workspace_loc:/wolfSSL_RA6M3/ra_cfg/fsp_cfg/driver}&quot;"/>
 									<listOptionValue builtIn="false" value="&quot;${workspace_loc:/wolfSSL_RA6M3/ra/aws/amazon-freertos/libraries/freertos_plus/standard/freertos_plus_tcp/include}&quot;"/>
 									<listOptionValue builtIn="false" value="&quot;${workspace_loc:/wolfSSL_RA6M3/ra/fsp/src/rm_freertos_plus_tcp}&quot;"/>
+									<listOptionValue builtIn="false" value="&quot;${workspace_loc:/wolfSSL_RA6M3/ra/aws/FreeRTOS/FreeRTOS/Source/include}&quot;"/>
+									<listOptionValue builtIn="false" value="&quot;${workspace_loc:/wolfSSL_RA6M3/ra/aws/FreeRTOS/FreeRTOS-Plus/Source/FreeRTOS-Plus-TCP/source/include}&quot;"/>
+									<listOptionValue builtIn="false" value="&quot;${workspace_loc:/wolfSSL_RA6M3/ra/arm/CMSIS_6/CMSIS/Core/Include}&quot;"/>
+									<listOptionValue builtIn="false" value="&quot;${workspace_loc:/wolfSSL_RA6M3/Debug}&quot;"/>
 								</option>
 								<option IS_BUILTIN_EMPTY="false" IS_VALUE_EMPTY="false" id="ilg.gnuarmeclipse.managedbuild.cross.option.c.compiler.defs.2089894925" name="Defined symbols (-D)" superClass="ilg.gnuarmeclipse.managedbuild.cross.option.c.compiler.defs" useByScannerDiscovery="true" valueType="definedSymbols">
 									<listOptionValue builtIn="false" value="_RENESAS_RA_"/>
@@ -205,7 +209,7 @@
 							<option id="ilg.gnuarmeclipse.managedbuild.cross.option.arm.target.fpu.unit.860211730" name="FPU Type" superClass="ilg.gnuarmeclipse.managedbuild.cross.option.arm.target.fpu.unit" value="ilg.gnuarmeclipse.managedbuild.cross.option.arm.target.fpu.unit.fpv4spd16" valueType="enumerated"/>
 							<option id="ilg.gnuarmeclipse.managedbuild.cross.option.arm.target.fpu.abi.1408755248" name="Float ABI" superClass="ilg.gnuarmeclipse.managedbuild.cross.option.arm.target.fpu.abi" value="ilg.gnuarmeclipse.managedbuild.cross.option.arm.target.fpu.abi.hard" valueType="enumerated"/>
 							<targetPlatform archList="all" binaryParser="org.eclipse.cdt.core.ELF" id="ilg.gnuarmeclipse.managedbuild.cross.targetPlatform.836244175" isAbstract="false" osList="all" superClass="ilg.gnuarmeclipse.managedbuild.cross.targetPlatform"/>
-							<builder buildPath="${workspace_loc:/benchmark_wolfCrypt_RA6M3G}/Release" id="com.renesas.cdt.managedbuild.gnuarm.builder.1745155981" keepEnvironmentInBuildfile="false" managedBuildOn="true" name="Gnu Make Builder" parallelBuildOn="true" parallelizationNumber="optimal" superClass="com.renesas.cdt.managedbuild.gnuarm.builder"/>
+							<builder buildPath="${workspace_loc:/benchmark_wolfCrypt_RA6M3G}/Release" id="com.renesas.cdt.managedbuild.gnuarm.builder.1745155981" keepEnvironmentInBuildfile="false" managedBuildOn="true" name="Gnu Make ビルダー" parallelBuildOn="true" parallelizationNumber="optimal" superClass="com.renesas.cdt.managedbuild.gnuarm.builder"/>
 							<tool commandLinePattern="${SECURE_BUILD_COMMAND} ${COMMAND} ${cross_toolchain_flags} ${FLAGS} -c ${OUTPUT_FLAG} ${OUTPUT_PREFIX}${OUTPUT} ${INPUTS}" id="ilg.gnuarmeclipse.managedbuild.cross.tool.assembler.1499452602" name="GNU ARM Cross Assembler" superClass="ilg.gnuarmeclipse.managedbuild.cross.tool.assembler">
 								<option id="ilg.gnuarmeclipse.managedbuild.cross.option.assembler.usepreprocessor.1733850904" name="Use preprocessor" superClass="ilg.gnuarmeclipse.managedbuild.cross.option.assembler.usepreprocessor" value="true" valueType="boolean"/>
 								<option IS_BUILTIN_EMPTY="false" IS_VALUE_EMPTY="false" id="ilg.gnuarmeclipse.managedbuild.cross.option.assembler.include.paths.121988378" name="Include paths (-I)" superClass="ilg.gnuarmeclipse.managedbuild.cross.option.assembler.include.paths" valueType="includePath">
diff --git a/IDE/Renesas/e2studio/RA6M3/benchmark-wolfcrypt/src/wolfssl_thread_entry.c b/IDE/Renesas/e2studio/RA6M3/benchmark-wolfcrypt/src/wolfssl_thread_entry.c
index 7462efd00..159b2639f 100644
--- a/IDE/Renesas/e2studio/RA6M3/benchmark-wolfcrypt/src/wolfssl_thread_entry.c
+++ b/IDE/Renesas/e2studio/RA6M3/benchmark-wolfcrypt/src/wolfssl_thread_entry.c
@@ -23,7 +23,7 @@
 
 int benchmark_test(void *args);
 
-void wolfssl_thread_entry(void *pvParameters) {
+void wolfssl_tst_thd_entry(void *pvParameters) {
     FSP_PARAMETER_NOT_USED(pvParameters);
     initialise_monitor_handles();
     benchmark_test(0);
diff --git a/IDE/Renesas/e2studio/RA6M3/client-wolfssl/.cproject b/IDE/Renesas/e2studio/RA6M3/client-wolfssl/.cproject
index 40bc7f85d..6c3a57142 100644
--- a/IDE/Renesas/e2studio/RA6M3/client-wolfssl/.cproject
+++ b/IDE/Renesas/e2studio/RA6M3/client-wolfssl/.cproject
@@ -54,7 +54,7 @@
 							<option id="ilg.gnuarmeclipse.managedbuild.cross.option.arm.target.fpu.unit.944256802" name="FPU Type" superClass="ilg.gnuarmeclipse.managedbuild.cross.option.arm.target.fpu.unit" value="ilg.gnuarmeclipse.managedbuild.cross.option.arm.target.fpu.unit.fpv4spd16" valueType="enumerated"/>
 							<option id="ilg.gnuarmeclipse.managedbuild.cross.option.arm.target.fpu.abi.1728690592" name="Float ABI" superClass="ilg.gnuarmeclipse.managedbuild.cross.option.arm.target.fpu.abi" value="ilg.gnuarmeclipse.managedbuild.cross.option.arm.target.fpu.abi.hard" valueType="enumerated"/>
 							<targetPlatform archList="all" binaryParser="org.eclipse.cdt.core.ELF" id="ilg.gnuarmeclipse.managedbuild.cross.targetPlatform.847055546" isAbstract="false" osList="all" superClass="ilg.gnuarmeclipse.managedbuild.cross.targetPlatform"/>
-							<builder buildPath="${workspace_loc:/client_wolfSSL_RA6M3}/Debug" id="com.renesas.cdt.managedbuild.gnuarm.builder.2111237750" keepEnvironmentInBuildfile="false" managedBuildOn="true" name="Gnu Make Builder" parallelBuildOn="true" parallelizationNumber="optimal" superClass="com.renesas.cdt.managedbuild.gnuarm.builder"/>
+							<builder buildPath="${workspace_loc:/client_wolfSSL_RA6M3}/Debug" id="com.renesas.cdt.managedbuild.gnuarm.builder.2111237750" keepEnvironmentInBuildfile="false" managedBuildOn="true" name="Gnu Make ビルダー" parallelBuildOn="true" parallelizationNumber="optimal" superClass="com.renesas.cdt.managedbuild.gnuarm.builder"/>
 							<tool commandLinePattern="${SECURE_BUILD_COMMAND} ${COMMAND} ${cross_toolchain_flags} ${FLAGS} -c ${OUTPUT_FLAG} ${OUTPUT_PREFIX}${OUTPUT} ${INPUTS}" id="ilg.gnuarmeclipse.managedbuild.cross.tool.assembler.1877074676" name="GNU ARM Cross Assembler" superClass="ilg.gnuarmeclipse.managedbuild.cross.tool.assembler">
 								<option id="ilg.gnuarmeclipse.managedbuild.cross.option.assembler.usepreprocessor.1521871638" name="Use preprocessor" superClass="ilg.gnuarmeclipse.managedbuild.cross.option.assembler.usepreprocessor" value="true" valueType="boolean"/>
 								<option IS_BUILTIN_EMPTY="false" IS_VALUE_EMPTY="false" id="ilg.gnuarmeclipse.managedbuild.cross.option.assembler.include.paths.1475977607" name="Include paths (-I)" superClass="ilg.gnuarmeclipse.managedbuild.cross.option.assembler.include.paths" valueType="includePath">
@@ -99,6 +99,10 @@
 									<listOptionValue builtIn="false" value="&quot;${workspace_loc:/wolfSSL_RA6M3/ra/aws/amazon-freertos/libraries/freertos_plus/standard/freertos_plus_tcp/include}&quot;"/>
 									<listOptionValue builtIn="false" value="&quot;${workspace_loc:/wolfSSL_RA6M3/ra/fsp/src/rm_freertos_plus_tcp}&quot;"/>
 									<listOptionValue builtIn="false" value="&quot;${workspace_loc:/wolfSSL_RA6M3/ra_cfg/fsp_cfg/driver}&quot;"/>
+									<listOptionValue builtIn="false" value="&quot;${workspace_loc:/wolfSSL_RA6M3/ra/aws/FreeRTOS/FreeRTOS/Source/include}&quot;"/>
+									<listOptionValue builtIn="false" value="&quot;${workspace_loc:/wolfSSL_RA6M3/ra/aws/FreeRTOS/FreeRTOS-Plus/Source/FreeRTOS-Plus-TCP/source/include}&quot;"/>
+									<listOptionValue builtIn="false" value="&quot;${workspace_loc:/wolfSSL_RA6M3/ra/arm/CMSIS_6/CMSIS/Core/Include}&quot;"/>
+									<listOptionValue builtIn="false" value="&quot;${workspace_loc:/wolfSSL_RA6M3/Debug}&quot;"/>
 								</option>
 								<option IS_BUILTIN_EMPTY="false" IS_VALUE_EMPTY="false" id="ilg.gnuarmeclipse.managedbuild.cross.option.c.compiler.defs.11889101" name="Defined symbols (-D)" superClass="ilg.gnuarmeclipse.managedbuild.cross.option.c.compiler.defs" useByScannerDiscovery="true" valueType="definedSymbols">
 									<listOptionValue builtIn="false" value="_RENESAS_RA_"/>
@@ -206,7 +210,7 @@
 							<option id="ilg.gnuarmeclipse.managedbuild.cross.option.arm.target.fpu.unit.1224145047" name="FPU Type" superClass="ilg.gnuarmeclipse.managedbuild.cross.option.arm.target.fpu.unit" value="ilg.gnuarmeclipse.managedbuild.cross.option.arm.target.fpu.unit.fpv4spd16" valueType="enumerated"/>
 							<option id="ilg.gnuarmeclipse.managedbuild.cross.option.arm.target.fpu.abi.850599989" name="Float ABI" superClass="ilg.gnuarmeclipse.managedbuild.cross.option.arm.target.fpu.abi" value="ilg.gnuarmeclipse.managedbuild.cross.option.arm.target.fpu.abi.hard" valueType="enumerated"/>
 							<targetPlatform archList="all" binaryParser="org.eclipse.cdt.core.ELF" id="ilg.gnuarmeclipse.managedbuild.cross.targetPlatform.171223350" isAbstract="false" osList="all" superClass="ilg.gnuarmeclipse.managedbuild.cross.targetPlatform"/>
-							<builder buildPath="${workspace_loc:/client_wolfSSL_RA6M3}/Release" id="com.renesas.cdt.managedbuild.gnuarm.builder.8777288" keepEnvironmentInBuildfile="false" managedBuildOn="true" name="Gnu Make Builder" parallelBuildOn="true" parallelizationNumber="optimal" superClass="com.renesas.cdt.managedbuild.gnuarm.builder"/>
+							<builder buildPath="${workspace_loc:/client_wolfSSL_RA6M3}/Release" id="com.renesas.cdt.managedbuild.gnuarm.builder.8777288" keepEnvironmentInBuildfile="false" managedBuildOn="true" name="Gnu Make ビルダー" parallelBuildOn="true" parallelizationNumber="optimal" superClass="com.renesas.cdt.managedbuild.gnuarm.builder"/>
 							<tool commandLinePattern="${SECURE_BUILD_COMMAND} ${COMMAND} ${cross_toolchain_flags} ${FLAGS} -c ${OUTPUT_FLAG} ${OUTPUT_PREFIX}${OUTPUT} ${INPUTS}" id="ilg.gnuarmeclipse.managedbuild.cross.tool.assembler.342148693" name="GNU ARM Cross Assembler" superClass="ilg.gnuarmeclipse.managedbuild.cross.tool.assembler">
 								<option id="ilg.gnuarmeclipse.managedbuild.cross.option.assembler.usepreprocessor.1084564839" name="Use preprocessor" superClass="ilg.gnuarmeclipse.managedbuild.cross.option.assembler.usepreprocessor" value="true" valueType="boolean"/>
 								<option IS_BUILTIN_EMPTY="false" IS_VALUE_EMPTY="false" id="ilg.gnuarmeclipse.managedbuild.cross.option.assembler.include.paths.1173403640" name="Include paths (-I)" superClass="ilg.gnuarmeclipse.managedbuild.cross.option.assembler.include.paths" valueType="includePath">
diff --git a/IDE/Renesas/e2studio/RA6M3/client-wolfssl/src/wolfssl_thread_entry.c b/IDE/Renesas/e2studio/RA6M3/client-wolfssl/src/wolfssl_thread_entry.c
index f97960706..553bc59c4 100644
--- a/IDE/Renesas/e2studio/RA6M3/client-wolfssl/src/wolfssl_thread_entry.c
+++ b/IDE/Renesas/e2studio/RA6M3/client-wolfssl/src/wolfssl_thread_entry.c
@@ -34,20 +34,7 @@
 #include <stdio.h>
 #include "hal_data.h"
 
-/* the function is called just before main() to set up pins */
-/* this needs to be called to setup IO Port */
-void R_BSP_WarmStart (bsp_warm_start_event_t event)
-{
-
-    if (BSP_WARM_START_POST_C == event) {
-        /* C runtime environment and system clocks are setup. */
-        /* Configure pins. */
-        R_IOPORT_Open(&g_ioport_ctrl, g_ioport.p_cfg);
-    }
-}
-
-
-void wolfssl_thread_entry(void *pvParameters) {
+void wolfssl_tst_thd_entry(void *pvParameters) {
     FSP_PARAMETER_NOT_USED(pvParameters);
 
     /* FreeRTOS+TCP Objects */
diff --git a/IDE/Renesas/e2studio/RA6M3/server-wolfssl/.cproject b/IDE/Renesas/e2studio/RA6M3/server-wolfssl/.cproject
index c0c83f07d..a517df51b 100644
--- a/IDE/Renesas/e2studio/RA6M3/server-wolfssl/.cproject
+++ b/IDE/Renesas/e2studio/RA6M3/server-wolfssl/.cproject
@@ -54,7 +54,7 @@
 							<option id="ilg.gnuarmeclipse.managedbuild.cross.option.arm.target.fpu.unit.971503214" name="FPU Type" superClass="ilg.gnuarmeclipse.managedbuild.cross.option.arm.target.fpu.unit" value="ilg.gnuarmeclipse.managedbuild.cross.option.arm.target.fpu.unit.fpv4spd16" valueType="enumerated"/>
 							<option id="ilg.gnuarmeclipse.managedbuild.cross.option.arm.target.fpu.abi.580641031" name="Float ABI" superClass="ilg.gnuarmeclipse.managedbuild.cross.option.arm.target.fpu.abi" value="ilg.gnuarmeclipse.managedbuild.cross.option.arm.target.fpu.abi.hard" valueType="enumerated"/>
 							<targetPlatform archList="all" binaryParser="org.eclipse.cdt.core.ELF" id="ilg.gnuarmeclipse.managedbuild.cross.targetPlatform.213566214" isAbstract="false" osList="all" superClass="ilg.gnuarmeclipse.managedbuild.cross.targetPlatform"/>
-							<builder buildPath="${workspace_loc:/server_wolfSSL_RA6M3}/Debug" id="com.renesas.cdt.managedbuild.gnuarm.builder.967969835" keepEnvironmentInBuildfile="false" managedBuildOn="true" name="Gnu Make Builder" parallelBuildOn="true" parallelizationNumber="optimal" superClass="com.renesas.cdt.managedbuild.gnuarm.builder"/>
+							<builder buildPath="${workspace_loc:/server_wolfSSL_RA6M3}/Debug" id="com.renesas.cdt.managedbuild.gnuarm.builder.967969835" keepEnvironmentInBuildfile="false" managedBuildOn="true" name="Gnu Make ビルダー" parallelBuildOn="true" parallelizationNumber="optimal" superClass="com.renesas.cdt.managedbuild.gnuarm.builder"/>
 							<tool commandLinePattern="${SECURE_BUILD_COMMAND} ${COMMAND} ${cross_toolchain_flags} ${FLAGS} -c ${OUTPUT_FLAG} ${OUTPUT_PREFIX}${OUTPUT} ${INPUTS}" id="ilg.gnuarmeclipse.managedbuild.cross.tool.assembler.79325762" name="GNU ARM Cross Assembler" superClass="ilg.gnuarmeclipse.managedbuild.cross.tool.assembler">
 								<option id="ilg.gnuarmeclipse.managedbuild.cross.option.assembler.usepreprocessor.1806607058" name="Use preprocessor" superClass="ilg.gnuarmeclipse.managedbuild.cross.option.assembler.usepreprocessor" value="true" valueType="boolean"/>
 								<option IS_BUILTIN_EMPTY="false" IS_VALUE_EMPTY="false" id="ilg.gnuarmeclipse.managedbuild.cross.option.assembler.include.paths.828777158" name="Include paths (-I)" superClass="ilg.gnuarmeclipse.managedbuild.cross.option.assembler.include.paths" valueType="includePath">
@@ -99,6 +99,10 @@
 									<listOptionValue builtIn="false" value="&quot;${workspace_loc:/wolfSSL_RA6M3/ra/aws/amazon-freertos/libraries/freertos_plus/standard/freertos_plus_tcp/include}&quot;"/>
 									<listOptionValue builtIn="false" value="&quot;${workspace_loc:/wolfSSL_RA6M3/ra/fsp/src/rm_freertos_plus_tcp}&quot;"/>
 									<listOptionValue builtIn="false" value="&quot;${workspace_loc:/wolfSSL_RA6M3/ra_cfg/fsp_cfg/driver}&quot;"/>
+									<listOptionValue builtIn="false" value="&quot;${workspace_loc:/wolfSSL_RA6M3/ra/aws/FreeRTOS/FreeRTOS/Source/include}&quot;"/>
+									<listOptionValue builtIn="false" value="&quot;${workspace_loc:/wolfSSL_RA6M3/ra/aws/FreeRTOS/FreeRTOS-Plus/Source/FreeRTOS-Plus-TCP/source/include}&quot;"/>
+									<listOptionValue builtIn="false" value="&quot;${workspace_loc:/wolfSSL_RA6M3/ra/arm/CMSIS_6/CMSIS/Core/Include}&quot;"/>
+									<listOptionValue builtIn="false" value="&quot;${workspace_loc:/wolfSSL_RA6M3/Debug}&quot;"/>
 								</option>
 								<option IS_BUILTIN_EMPTY="false" IS_VALUE_EMPTY="false" id="ilg.gnuarmeclipse.managedbuild.cross.option.c.compiler.defs.924310622" name="Defined symbols (-D)" superClass="ilg.gnuarmeclipse.managedbuild.cross.option.c.compiler.defs" useByScannerDiscovery="true" valueType="definedSymbols">
 									<listOptionValue builtIn="false" value="_RENESAS_RA_"/>
@@ -207,7 +211,7 @@
 							<option id="ilg.gnuarmeclipse.managedbuild.cross.option.arm.target.fpu.unit.284360640" name="FPU Type" superClass="ilg.gnuarmeclipse.managedbuild.cross.option.arm.target.fpu.unit" value="ilg.gnuarmeclipse.managedbuild.cross.option.arm.target.fpu.unit.fpv4spd16" valueType="enumerated"/>
 							<option id="ilg.gnuarmeclipse.managedbuild.cross.option.arm.target.fpu.abi.534529996" name="Float ABI" superClass="ilg.gnuarmeclipse.managedbuild.cross.option.arm.target.fpu.abi" value="ilg.gnuarmeclipse.managedbuild.cross.option.arm.target.fpu.abi.hard" valueType="enumerated"/>
 							<targetPlatform archList="all" binaryParser="org.eclipse.cdt.core.ELF" id="ilg.gnuarmeclipse.managedbuild.cross.targetPlatform.683276783" isAbstract="false" osList="all" superClass="ilg.gnuarmeclipse.managedbuild.cross.targetPlatform"/>
-							<builder buildPath="${workspace_loc:/server_wolfSSL_RA6M3}/Release" id="com.renesas.cdt.managedbuild.gnuarm.builder.606246866" keepEnvironmentInBuildfile="false" managedBuildOn="true" name="Gnu Make Builder" parallelBuildOn="true" parallelizationNumber="optimal" superClass="com.renesas.cdt.managedbuild.gnuarm.builder"/>
+							<builder buildPath="${workspace_loc:/server_wolfSSL_RA6M3}/Release" id="com.renesas.cdt.managedbuild.gnuarm.builder.606246866" keepEnvironmentInBuildfile="false" managedBuildOn="true" name="Gnu Make ビルダー" parallelBuildOn="true" parallelizationNumber="optimal" superClass="com.renesas.cdt.managedbuild.gnuarm.builder"/>
 							<tool commandLinePattern="${SECURE_BUILD_COMMAND} ${COMMAND} ${cross_toolchain_flags} ${FLAGS} -c ${OUTPUT_FLAG} ${OUTPUT_PREFIX}${OUTPUT} ${INPUTS}" id="ilg.gnuarmeclipse.managedbuild.cross.tool.assembler.399996946" name="GNU ARM Cross Assembler" superClass="ilg.gnuarmeclipse.managedbuild.cross.tool.assembler">
 								<option id="ilg.gnuarmeclipse.managedbuild.cross.option.assembler.usepreprocessor.617058558" name="Use preprocessor" superClass="ilg.gnuarmeclipse.managedbuild.cross.option.assembler.usepreprocessor" value="true" valueType="boolean"/>
 								<option IS_BUILTIN_EMPTY="false" IS_VALUE_EMPTY="false" id="ilg.gnuarmeclipse.managedbuild.cross.option.assembler.include.paths.1734515939" name="Include paths (-I)" superClass="ilg.gnuarmeclipse.managedbuild.cross.option.assembler.include.paths" valueType="includePath">
diff --git a/IDE/Renesas/e2studio/RA6M3/server-wolfssl/src/wolfssl_thread_entry.c b/IDE/Renesas/e2studio/RA6M3/server-wolfssl/src/wolfssl_thread_entry.c
index cf1c2ea99..75ecb3d91 100644
--- a/IDE/Renesas/e2studio/RA6M3/server-wolfssl/src/wolfssl_thread_entry.c
+++ b/IDE/Renesas/e2studio/RA6M3/server-wolfssl/src/wolfssl_thread_entry.c
@@ -32,20 +32,8 @@
 #include <stdio.h>
 #include "hal_data.h"
 
-/* the function is called just before main() to set up pins */
-/* this needs to be called to setup IO Port */
-void R_BSP_WarmStart (bsp_warm_start_event_t event)
-{
 
-    if (BSP_WARM_START_POST_C == event) {
-        /* C runtime environment and system clocks are setup. */
-        /* Configure pins. */
-        R_IOPORT_Open(&g_ioport_ctrl, g_ioport.p_cfg);
-    }
-}
-
-
-void wolfssl_thread_entry(void *pvParameters) {
+void wolfssl_tst_thd_entry(void *pvParameters) {
     FSP_PARAMETER_NOT_USED(pvParameters);
 
     /* FreeRTOS+TCP parameters and objects */
diff --git a/IDE/Renesas/e2studio/RA6M3/test-wolfcrypt/.cproject b/IDE/Renesas/e2studio/RA6M3/test-wolfcrypt/.cproject
index 7195b8a9c..6ed787746 100644
--- a/IDE/Renesas/e2studio/RA6M3/test-wolfcrypt/.cproject
+++ b/IDE/Renesas/e2studio/RA6M3/test-wolfcrypt/.cproject
@@ -54,7 +54,7 @@
 							<option id="ilg.gnuarmeclipse.managedbuild.cross.option.arm.target.fpu.unit.1533237073" name="FPU Type" superClass="ilg.gnuarmeclipse.managedbuild.cross.option.arm.target.fpu.unit" value="ilg.gnuarmeclipse.managedbuild.cross.option.arm.target.fpu.unit.fpv4spd16" valueType="enumerated"/>
 							<option id="ilg.gnuarmeclipse.managedbuild.cross.option.arm.target.fpu.abi.1986600717" name="Float ABI" superClass="ilg.gnuarmeclipse.managedbuild.cross.option.arm.target.fpu.abi" value="ilg.gnuarmeclipse.managedbuild.cross.option.arm.target.fpu.abi.hard" valueType="enumerated"/>
 							<targetPlatform archList="all" binaryParser="org.eclipse.cdt.core.ELF" id="ilg.gnuarmeclipse.managedbuild.cross.targetPlatform.330510769" isAbstract="false" osList="all" superClass="ilg.gnuarmeclipse.managedbuild.cross.targetPlatform"/>
-							<builder buildPath="${workspace_loc:/test_wolfCrypt_RA6M3G}/Debug" id="com.renesas.cdt.managedbuild.gnuarm.builder.381371815" keepEnvironmentInBuildfile="false" managedBuildOn="true" name="Gnu Make Builder" parallelBuildOn="true" parallelizationNumber="optimal" superClass="com.renesas.cdt.managedbuild.gnuarm.builder"/>
+							<builder buildPath="${workspace_loc:/test_wolfCrypt_RA6M3G}/Debug" id="com.renesas.cdt.managedbuild.gnuarm.builder.381371815" keepEnvironmentInBuildfile="false" managedBuildOn="true" name="Gnu Make ビルダー" parallelBuildOn="true" parallelizationNumber="optimal" superClass="com.renesas.cdt.managedbuild.gnuarm.builder"/>
 							<tool commandLinePattern="${SECURE_BUILD_COMMAND} ${COMMAND} ${cross_toolchain_flags} ${FLAGS} -c ${OUTPUT_FLAG} ${OUTPUT_PREFIX}${OUTPUT} ${INPUTS}" id="ilg.gnuarmeclipse.managedbuild.cross.tool.assembler.563593978" name="GNU ARM Cross Assembler" superClass="ilg.gnuarmeclipse.managedbuild.cross.tool.assembler">
 								<option id="ilg.gnuarmeclipse.managedbuild.cross.option.assembler.usepreprocessor.9644899" name="Use preprocessor" superClass="ilg.gnuarmeclipse.managedbuild.cross.option.assembler.usepreprocessor" value="true" valueType="boolean"/>
 								<option IS_BUILTIN_EMPTY="false" IS_VALUE_EMPTY="false" id="ilg.gnuarmeclipse.managedbuild.cross.option.assembler.include.paths.1207837318" name="Include paths (-I)" superClass="ilg.gnuarmeclipse.managedbuild.cross.option.assembler.include.paths" useByScannerDiscovery="true" valueType="includePath">
@@ -78,6 +78,7 @@
 								<option id="ilg.gnuarmeclipse.managedbuild.cross.option.c.compiler.std.97449013" name="Language standard" superClass="ilg.gnuarmeclipse.managedbuild.cross.option.c.compiler.std" useByScannerDiscovery="true" value="ilg.gnuarmeclipse.managedbuild.cross.option.c.compiler.std.c99" valueType="enumerated"/>
 								<option IS_BUILTIN_EMPTY="false" IS_VALUE_EMPTY="false" id="ilg.gnuarmeclipse.managedbuild.cross.option.c.compiler.include.paths.1182988840" name="Include paths (-I)" superClass="ilg.gnuarmeclipse.managedbuild.cross.option.c.compiler.include.paths" useByScannerDiscovery="true" valueType="includePath">
 									<listOptionValue builtIn="false" value="&quot;${ProjDirPath}/../common&quot;"/>
+									<listOptionValue builtIn="false" value="&quot;${workspace_loc:/wolfSSL_RA6M3/Debug}&quot;"/>
 									<listOptionValue builtIn="false" value="&quot;${ProjDirPath}/../../../../../&quot;"/>
 									<listOptionValue builtIn="false" value="&quot;${ProjDirPath}/../&quot;"/>
 									<listOptionValue builtIn="false" value="&quot;${workspace_loc:/wolfSSL_RA6M3/ra/fsp/inc}&quot;"/>
@@ -91,6 +92,9 @@
 									<listOptionValue builtIn="false" value="&quot;${workspace_loc:/wolfSSL_RA6M3/ra_cfg/aws}&quot;"/>
 									<listOptionValue builtIn="false" value="&quot;${workspace_loc:/wolfSSL_RA6M3/ra_cfg/fsp_cfg/bsp}&quot;"/>
 									<listOptionValue builtIn="false" value="&quot;${workspace_loc:/wolfSSL_RA6M3/ra_cfg/fsp_cfg/driver}&quot;"/>
+									<listOptionValue builtIn="false" value="&quot;${workspace_loc:/wolfSSL_RA6M3/ra/aws/FreeRTOS/FreeRTOS/Source/include}&quot;"/>
+									<listOptionValue builtIn="false" value="&quot;${workspace_loc:/wolfSSL_RA6M3/ra/aws/FreeRTOS/FreeRTOS-Plus/Source/FreeRTOS-Plus-TCP/source/include}&quot;"/>
+									<listOptionValue builtIn="false" value="&quot;${workspace_loc:/wolfSSL_RA6M3/ra/arm/CMSIS_6/CMSIS/Core/Include}&quot;"/>
 								</option>
 								<option IS_BUILTIN_EMPTY="false" IS_VALUE_EMPTY="false" id="ilg.gnuarmeclipse.managedbuild.cross.option.c.compiler.defs.1484906637" name="Defined symbols (-D)" superClass="ilg.gnuarmeclipse.managedbuild.cross.option.c.compiler.defs" useByScannerDiscovery="true" valueType="definedSymbols">
 									<listOptionValue builtIn="false" value="_RENESAS_RA_"/>
@@ -199,7 +203,7 @@
 							<option id="ilg.gnuarmeclipse.managedbuild.cross.option.arm.target.fpu.unit.226581298" name="FPU Type" superClass="ilg.gnuarmeclipse.managedbuild.cross.option.arm.target.fpu.unit" value="ilg.gnuarmeclipse.managedbuild.cross.option.arm.target.fpu.unit.fpv4spd16" valueType="enumerated"/>
 							<option id="ilg.gnuarmeclipse.managedbuild.cross.option.arm.target.fpu.abi.1814264128" name="Float ABI" superClass="ilg.gnuarmeclipse.managedbuild.cross.option.arm.target.fpu.abi" value="ilg.gnuarmeclipse.managedbuild.cross.option.arm.target.fpu.abi.hard" valueType="enumerated"/>
 							<targetPlatform archList="all" binaryParser="org.eclipse.cdt.core.ELF" id="ilg.gnuarmeclipse.managedbuild.cross.targetPlatform.1908205217" isAbstract="false" osList="all" superClass="ilg.gnuarmeclipse.managedbuild.cross.targetPlatform"/>
-							<builder buildPath="${workspace_loc:/test_wolfCrypt_RA6M3G}/Release" id="com.renesas.cdt.managedbuild.gnuarm.builder.1012539774" keepEnvironmentInBuildfile="false" managedBuildOn="true" name="Gnu Make Builder" parallelBuildOn="true" parallelizationNumber="optimal" superClass="com.renesas.cdt.managedbuild.gnuarm.builder"/>
+							<builder buildPath="${workspace_loc:/test_wolfCrypt_RA6M3G}/Release" id="com.renesas.cdt.managedbuild.gnuarm.builder.1012539774" keepEnvironmentInBuildfile="false" managedBuildOn="true" name="Gnu Make ビルダー" parallelBuildOn="true" parallelizationNumber="optimal" superClass="com.renesas.cdt.managedbuild.gnuarm.builder"/>
 							<tool commandLinePattern="${SECURE_BUILD_COMMAND} ${COMMAND} ${cross_toolchain_flags} ${FLAGS} -c ${OUTPUT_FLAG} ${OUTPUT_PREFIX}${OUTPUT} ${INPUTS}" id="ilg.gnuarmeclipse.managedbuild.cross.tool.assembler.1216775450" name="GNU ARM Cross Assembler" superClass="ilg.gnuarmeclipse.managedbuild.cross.tool.assembler">
 								<option id="ilg.gnuarmeclipse.managedbuild.cross.option.assembler.usepreprocessor.1297918163" name="Use preprocessor" superClass="ilg.gnuarmeclipse.managedbuild.cross.option.assembler.usepreprocessor" value="true" valueType="boolean"/>
 								<option IS_BUILTIN_EMPTY="false" IS_VALUE_EMPTY="false" id="ilg.gnuarmeclipse.managedbuild.cross.option.assembler.include.paths.228561926" name="Include paths (-I)" superClass="ilg.gnuarmeclipse.managedbuild.cross.option.assembler.include.paths" valueType="includePath">
diff --git a/IDE/Renesas/e2studio/RA6M3/test-wolfcrypt/src/wolfssl_thread_entry.c b/IDE/Renesas/e2studio/RA6M3/test-wolfcrypt/src/wolfssl_thread_entry.c
index d6bec7514..e14997d98 100644
--- a/IDE/Renesas/e2studio/RA6M3/test-wolfcrypt/src/wolfssl_thread_entry.c
+++ b/IDE/Renesas/e2studio/RA6M3/test-wolfcrypt/src/wolfssl_thread_entry.c
@@ -22,7 +22,7 @@
 #include <wolfssl/wolfcrypt/settings.h>
 #include "wolfcrypt/test/test.h"
 
-void wolfssl_thread_entry(void* pvParameters)
+void wolfssl_tst_thd_entry(void* pvParameters)
 {
     FSP_PARAMETER_NOT_USED (pvParameters);
     /* Benchmark output is displayed to Renesas Debug Virtual Console */
diff --git a/IDE/Renesas/e2studio/RA6M3/wolfssl/.cproject b/IDE/Renesas/e2studio/RA6M3/wolfssl/.cproject
index 19499b59a..401c879b2 100644
--- a/IDE/Renesas/e2studio/RA6M3/wolfssl/.cproject
+++ b/IDE/Renesas/e2studio/RA6M3/wolfssl/.cproject
@@ -67,6 +67,8 @@
 								<option id="ilg.gnuarmeclipse.managedbuild.cross.option.assembler.usepreprocessor.816669574" name="Use preprocessor" superClass="ilg.gnuarmeclipse.managedbuild.cross.option.assembler.usepreprocessor" value="true" valueType="boolean"/>
 								<option IS_BUILTIN_EMPTY="false" IS_VALUE_EMPTY="false" id="ilg.gnuarmeclipse.managedbuild.cross.option.assembler.defs.1258533267" name="Defined symbols (-D)" superClass="ilg.gnuarmeclipse.managedbuild.cross.option.assembler.defs" valueType="definedSymbols">
 									<listOptionValue builtIn="false" value="_RENESAS_RA_"/>
+									<listOptionValue builtIn="false" value="_RA_CORE=CM4"/>
+									<listOptionValue builtIn="false" value="_RA_ORDINAL=1"/>
 								</option>
 								<option IS_BUILTIN_EMPTY="false" IS_VALUE_EMPTY="false" id="ilg.gnuarmeclipse.managedbuild.cross.option.assembler.include.paths.1781159522" name="Include paths (-I)" superClass="ilg.gnuarmeclipse.managedbuild.cross.option.assembler.include.paths" valueType="includePath">
 									<listOptionValue builtIn="false" value="&quot;${workspace_loc:/${ProjName}/ra/fsp/inc}&quot;"/>
@@ -84,6 +86,10 @@
 									<listOptionValue builtIn="false" value="&quot;${workspace_loc:/${ProjName}/ra/aws/amazon-freertos/libraries/freertos_plus/standard/freertos_plus_tcp/include}&quot;"/>
 									<listOptionValue builtIn="false" value="&quot;${workspace_loc:/${ProjName}/ra_cfg/fsp_cfg/driver}&quot;"/>
 									<listOptionValue builtIn="false" value="&quot;${workspace_loc:/${ProjName}/src}&quot;"/>
+									<listOptionValue builtIn="false" value="&quot;.&quot;"/>
+									<listOptionValue builtIn="false" value="&quot;${workspace_loc:/${ProjName}/ra/aws/FreeRTOS/FreeRTOS/Source/include}&quot;"/>
+									<listOptionValue builtIn="false" value="&quot;${workspace_loc:/${ProjName}/ra/arm/CMSIS_6/CMSIS/Core/Include}&quot;"/>
+									<listOptionValue builtIn="false" value="&quot;${workspace_loc:/${ProjName}/ra/aws/FreeRTOS/FreeRTOS-Plus/Source/FreeRTOS-Plus-TCP/source/include}&quot;"/>
 								</option>
 								<inputType id="ilg.gnuarmeclipse.managedbuild.cross.tool.assembler.input.1944945543" superClass="ilg.gnuarmeclipse.managedbuild.cross.tool.assembler.input"/>
 							</tool>
@@ -92,6 +98,8 @@
 									<listOptionValue builtIn="false" value="_RENESAS_RA_"/>
 									<listOptionValue builtIn="false" value="WOLFSSL_RENESAS_RA6M3G"/>
 									<listOptionValue builtIn="false" value="WOLFSSL_USER_SETTINGS"/>
+									<listOptionValue builtIn="false" value="_RA_CORE=CM4"/>
+									<listOptionValue builtIn="false" value="_RA_ORDINAL=1"/>
 								</option>
 								<option id="ilg.gnuarmeclipse.managedbuild.cross.option.c.compiler.std.1681064330" name="Language standard" superClass="ilg.gnuarmeclipse.managedbuild.cross.option.c.compiler.std" useByScannerDiscovery="true" value="ilg.gnuarmeclipse.managedbuild.cross.option.c.compiler.std.c99" valueType="enumerated"/>
 								<option IS_BUILTIN_EMPTY="false" IS_VALUE_EMPTY="false" id="ilg.gnuarmeclipse.managedbuild.cross.option.c.compiler.include.paths.891615582" name="Include paths (-I)" superClass="ilg.gnuarmeclipse.managedbuild.cross.option.c.compiler.include.paths" useByScannerDiscovery="true" valueType="includePath">
@@ -113,6 +121,10 @@
 									<listOptionValue builtIn="false" value="&quot;${workspace_loc:/${ProjName}/ra_cfg/fsp_cfg/driver}&quot;"/>
 									<listOptionValue builtIn="false" value="&quot;${workspace_loc:/wolfSSL_RA6M3G/ra/aws/amazon-freertos/libraries/freertos_plus/standard/freertos_plus_tcp/source/portable}&quot;"/>
 									<listOptionValue builtIn="false" value="&quot;${workspace_loc:/${ProjName}/src}&quot;"/>
+									<listOptionValue builtIn="false" value="&quot;.&quot;"/>
+									<listOptionValue builtIn="false" value="&quot;${workspace_loc:/${ProjName}/ra/aws/FreeRTOS/FreeRTOS/Source/include}&quot;"/>
+									<listOptionValue builtIn="false" value="&quot;${workspace_loc:/${ProjName}/ra/arm/CMSIS_6/CMSIS/Core/Include}&quot;"/>
+									<listOptionValue builtIn="false" value="&quot;${workspace_loc:/${ProjName}/ra/aws/FreeRTOS/FreeRTOS-Plus/Source/FreeRTOS-Plus-TCP/source/include}&quot;"/>
 								</option>
 								<inputType id="ilg.gnuarmeclipse.managedbuild.cross.tool.c.compiler.input.1304089417" superClass="ilg.gnuarmeclipse.managedbuild.cross.tool.c.compiler.input"/>
 							</tool>
@@ -151,6 +163,116 @@
 							</tool>
 						</toolChain>
 					</folderInfo>
+					<folderInfo id="com.renesas.cdt.managedbuild.gnuarm.config.lib.debug.1761706989./ra/aws" name="aws" resourcePath="ra/aws">
+						<toolChain id="com.renesas.cdt.managedbuild.gnuarm.toolchain.lib.debug.91030017" name="GCC ARM Embedded" superClass="com.renesas.cdt.managedbuild.gnuarm.toolchain.lib.debug" unusedChildren="">
+							<option id="ilg.gnuarmeclipse.managedbuild.cross.option.optimization.level.2001249505.1108024184" name="Optimization Level" superClass="ilg.gnuarmeclipse.managedbuild.cross.option.optimization.level.2001249505"/>
+							<option id="ilg.gnuarmeclipse.managedbuild.cross.option.optimization.messagelength.377600243.1900454493" name="Message length (-fmessage-length=0)" superClass="ilg.gnuarmeclipse.managedbuild.cross.option.optimization.messagelength.377600243"/>
+							<option id="ilg.gnuarmeclipse.managedbuild.cross.option.optimization.signedchar.2017676735.165034946" name="'char' is signed (-fsigned-char)" superClass="ilg.gnuarmeclipse.managedbuild.cross.option.optimization.signedchar.2017676735"/>
+							<option id="ilg.gnuarmeclipse.managedbuild.cross.option.optimization.functionsections.576805455.752800906" name="Function sections (-ffunction-sections)" superClass="ilg.gnuarmeclipse.managedbuild.cross.option.optimization.functionsections.576805455"/>
+							<option id="ilg.gnuarmeclipse.managedbuild.cross.option.optimization.datasections.45850729.1450135011" name="Data sections (-fdata-sections)" superClass="ilg.gnuarmeclipse.managedbuild.cross.option.optimization.datasections.45850729"/>
+							<option id="ilg.gnuarmeclipse.managedbuild.cross.option.debugging.level.686367944.1219290554" name="Debug level" superClass="ilg.gnuarmeclipse.managedbuild.cross.option.debugging.level.686367944"/>
+							<option id="ilg.gnuarmeclipse.managedbuild.cross.option.debugging.format.1933780576.473553102" name="Debug format" superClass="ilg.gnuarmeclipse.managedbuild.cross.option.debugging.format.1933780576"/>
+							<option id="ilg.gnuarmeclipse.managedbuild.cross.option.toolchain.name.1119124835.1042603563" superClass="ilg.gnuarmeclipse.managedbuild.cross.option.toolchain.name.1119124835"/>
+							<option id="ilg.gnuarmeclipse.managedbuild.cross.option.architecture.1672302679.202628566" name="Architecture" superClass="ilg.gnuarmeclipse.managedbuild.cross.option.architecture.1672302679"/>
+							<option id="ilg.gnuarmeclipse.managedbuild.cross.option.arm.target.family.804524944.794330601" name="Arm family (-mcpu)" superClass="ilg.gnuarmeclipse.managedbuild.cross.option.arm.target.family.804524944"/>
+							<option id="ilg.gnuarmeclipse.managedbuild.cross.option.arm.target.instructionset.639185237.1688476763" name="Instruction set" superClass="ilg.gnuarmeclipse.managedbuild.cross.option.arm.target.instructionset.639185237"/>
+							<option id="ilg.gnuarmeclipse.managedbuild.cross.option.command.prefix.713463303.979675815" name="Prefix" superClass="ilg.gnuarmeclipse.managedbuild.cross.option.command.prefix.713463303"/>
+							<option id="ilg.gnuarmeclipse.managedbuild.cross.option.command.c.1410723886.1415411329" name="C compiler" superClass="ilg.gnuarmeclipse.managedbuild.cross.option.command.c.1410723886"/>
+							<option id="ilg.gnuarmeclipse.managedbuild.cross.option.command.cpp.1060276466.1385698993" name="C++ compiler" superClass="ilg.gnuarmeclipse.managedbuild.cross.option.command.cpp.1060276466"/>
+							<option id="ilg.gnuarmeclipse.managedbuild.cross.option.command.ar.165975284.293508603" name="Archiver" superClass="ilg.gnuarmeclipse.managedbuild.cross.option.command.ar.165975284"/>
+							<option id="ilg.gnuarmeclipse.managedbuild.cross.option.command.objcopy.1060167818.1218186697" name="Hex/Bin converter" superClass="ilg.gnuarmeclipse.managedbuild.cross.option.command.objcopy.1060167818"/>
+							<option id="ilg.gnuarmeclipse.managedbuild.cross.option.command.objdump.481833856.2065255469" name="Listing generator" superClass="ilg.gnuarmeclipse.managedbuild.cross.option.command.objdump.481833856"/>
+							<option id="ilg.gnuarmeclipse.managedbuild.cross.option.command.size.1526590825.1167692129" name="Size command" superClass="ilg.gnuarmeclipse.managedbuild.cross.option.command.size.1526590825"/>
+							<option id="ilg.gnuarmeclipse.managedbuild.cross.option.command.make.1723421995.1511521612" name="Build command" superClass="ilg.gnuarmeclipse.managedbuild.cross.option.command.make.1723421995"/>
+							<option id="ilg.gnuarmeclipse.managedbuild.cross.option.command.rm.6541130.426559080" name="Remove command" superClass="ilg.gnuarmeclipse.managedbuild.cross.option.command.rm.6541130"/>
+							<option id="ilg.gnuarmeclipse.managedbuild.cross.option.addtools.createflash.1151421133.1442105199" name="Create flash image" superClass="ilg.gnuarmeclipse.managedbuild.cross.option.addtools.createflash.1151421133"/>
+							<option id="ilg.gnuarmeclipse.managedbuild.cross.option.addtools.printsize.1881347657.667334624" name="Print size" superClass="ilg.gnuarmeclipse.managedbuild.cross.option.addtools.printsize.1881347657"/>
+							<option id="ilg.gnuarmeclipse.managedbuild.cross.option.arm.target.fpu.unit.1076035654.108668343" name="FPU Type" superClass="ilg.gnuarmeclipse.managedbuild.cross.option.arm.target.fpu.unit.1076035654"/>
+							<option id="ilg.gnuarmeclipse.managedbuild.cross.option.arm.target.fpu.abi.185856133.884135613" name="Float ABI" superClass="ilg.gnuarmeclipse.managedbuild.cross.option.arm.target.fpu.abi.185856133"/>
+							<option id="ilg.gnuarmeclipse.managedbuild.cross.option.warnings.unused.310685565.389236246" name="Warn on various unused elements (-Wunused)" superClass="ilg.gnuarmeclipse.managedbuild.cross.option.warnings.unused.310685565"/>
+							<option id="ilg.gnuarmeclipse.managedbuild.cross.option.warnings.uninitialized.739177720.573498222" name="Warn on uninitialized variables (-Wuninitialised)" superClass="ilg.gnuarmeclipse.managedbuild.cross.option.warnings.uninitialized.739177720"/>
+							<option id="ilg.gnuarmeclipse.managedbuild.cross.option.warnings.allwarn.901972467.1653210091" name="Enable all common warnings (-Wall)" superClass="ilg.gnuarmeclipse.managedbuild.cross.option.warnings.allwarn.901972467"/>
+							<option id="ilg.gnuarmeclipse.managedbuild.cross.option.warnings.extrawarn.1056252107.2053737810" name="Enable extra warnings (-Wextra)" superClass="ilg.gnuarmeclipse.managedbuild.cross.option.warnings.extrawarn.1056252107"/>
+							<option id="ilg.gnuarmeclipse.managedbuild.cross.option.warnings.missingdeclaration.588700457.1328782573" name="Warn on undeclared global function (-Wmissing-declaration)" superClass="ilg.gnuarmeclipse.managedbuild.cross.option.warnings.missingdeclaration.588700457"/>
+							<option id="ilg.gnuarmeclipse.managedbuild.cross.option.warnings.conversion.1597869170.1594918566" name="Warn on implicit conversions (-Wconversion)" superClass="ilg.gnuarmeclipse.managedbuild.cross.option.warnings.conversion.1597869170"/>
+							<option id="ilg.gnuarmeclipse.managedbuild.cross.option.warnings.pointerarith.1142953678.1050407566" name="Warn if pointer arithmetic (-Wpointer-arith)" superClass="ilg.gnuarmeclipse.managedbuild.cross.option.warnings.pointerarith.1142953678"/>
+							<option id="ilg.gnuarmeclipse.managedbuild.cross.option.warnings.shadow.1255373971.2040735761" name="Warn if shadowed variable (-Wshadow)" superClass="ilg.gnuarmeclipse.managedbuild.cross.option.warnings.shadow.1255373971"/>
+							<option id="ilg.gnuarmeclipse.managedbuild.cross.option.warnings.logicalop.74885269.1758863180" name="Warn if suspicious logical ops (-Wlogical-op)" superClass="ilg.gnuarmeclipse.managedbuild.cross.option.warnings.logicalop.74885269"/>
+							<option id="ilg.gnuarmeclipse.managedbuild.cross.option.warnings.agreggatereturn.624464928.58240205" name="Warn if struct is returned (-Wagreggate-return)" superClass="ilg.gnuarmeclipse.managedbuild.cross.option.warnings.agreggatereturn.624464928"/>
+							<option id="ilg.gnuarmeclipse.managedbuild.cross.option.warnings.floatequal.2007958701.414810561" name="Warn if floats are compared as equal (-Wfloat-equal)" superClass="ilg.gnuarmeclipse.managedbuild.cross.option.warnings.floatequal.2007958701"/>
+							<tool id="ilg.gnuarmeclipse.managedbuild.cross.tool.assembler.1540347333" name="GNU ARM Cross Assembler" superClass="ilg.gnuarmeclipse.managedbuild.cross.tool.assembler.1937788536">
+								<inputType id="ilg.gnuarmeclipse.managedbuild.cross.tool.assembler.input.1964016942" superClass="ilg.gnuarmeclipse.managedbuild.cross.tool.assembler.input"/>
+							</tool>
+							<tool id="ilg.gnuarmeclipse.managedbuild.cross.tool.c.compiler.1440201808" name="GNU ARM Cross C Compiler" superClass="ilg.gnuarmeclipse.managedbuild.cross.tool.c.compiler.1195007717">
+								<option id="ilg.gnuarmeclipse.managedbuild.cross.option.c.compiler.other.1444318747" name="Other compiler flags" superClass="ilg.gnuarmeclipse.managedbuild.cross.option.c.compiler.other" value="-w" valueType="string"/>
+								<inputType id="ilg.gnuarmeclipse.managedbuild.cross.tool.c.compiler.input.1814244990" superClass="ilg.gnuarmeclipse.managedbuild.cross.tool.c.compiler.input"/>
+							</tool>
+							<tool id="ilg.gnuarmeclipse.managedbuild.cross.tool.cpp.compiler.1435664558" name="GNU ARM Cross C++ Compiler" superClass="ilg.gnuarmeclipse.managedbuild.cross.tool.cpp.compiler.1212762249">
+								<option id="ilg.gnuarmeclipse.managedbuild.cross.option.cpp.compiler.other.1974426833" name="Other compiler flags" superClass="ilg.gnuarmeclipse.managedbuild.cross.option.cpp.compiler.other" value="-w" valueType="string"/>
+							</tool>
+							<tool id="ilg.gnuarmeclipse.managedbuild.cross.tool.c.linker.880285696" name="GNU ARM Cross C Linker" superClass="ilg.gnuarmeclipse.managedbuild.cross.tool.c.linker.1185911797"/>
+							<tool id="ilg.gnuarmeclipse.managedbuild.cross.tool.cpp.linker.12606855" name="GNU ARM Cross C++ Linker" superClass="ilg.gnuarmeclipse.managedbuild.cross.tool.cpp.linker.311751680"/>
+							<tool id="ilg.gnuarmeclipse.managedbuild.cross.tool.archiver.1475653493" name="GNU ARM Cross Archiver" superClass="ilg.gnuarmeclipse.managedbuild.cross.tool.archiver.273078254"/>
+							<tool id="ilg.gnuarmeclipse.managedbuild.cross.tool.createflash.1416259339" name="GNU ARM Cross Create Flash Image" superClass="ilg.gnuarmeclipse.managedbuild.cross.tool.createflash.227390892"/>
+							<tool id="ilg.gnuarmeclipse.managedbuild.cross.tool.createlisting.282020455" name="GNU ARM Cross Create Listing" superClass="ilg.gnuarmeclipse.managedbuild.cross.tool.createlisting.545796882"/>
+							<tool id="ilg.gnuarmeclipse.managedbuild.cross.tool.printsize.1865404358" name="GNU ARM Cross Print Size" superClass="ilg.gnuarmeclipse.managedbuild.cross.tool.printsize.699161355"/>
+						</toolChain>
+					</folderInfo>
+					<folderInfo id="com.renesas.cdt.managedbuild.gnuarm.config.lib.debug.1761706989./ra/arm" name="arm" resourcePath="ra/arm">
+						<toolChain id="com.renesas.cdt.managedbuild.gnuarm.toolchain.lib.debug.343535006" name="GCC ARM Embedded" superClass="com.renesas.cdt.managedbuild.gnuarm.toolchain.lib.debug" unusedChildren="">
+							<option id="ilg.gnuarmeclipse.managedbuild.cross.option.optimization.level.2001249505.1450147824" name="Optimization Level" superClass="ilg.gnuarmeclipse.managedbuild.cross.option.optimization.level.2001249505"/>
+							<option id="ilg.gnuarmeclipse.managedbuild.cross.option.optimization.messagelength.377600243.1675348043" name="Message length (-fmessage-length=0)" superClass="ilg.gnuarmeclipse.managedbuild.cross.option.optimization.messagelength.377600243"/>
+							<option id="ilg.gnuarmeclipse.managedbuild.cross.option.optimization.signedchar.2017676735.835209035" name="'char' is signed (-fsigned-char)" superClass="ilg.gnuarmeclipse.managedbuild.cross.option.optimization.signedchar.2017676735"/>
+							<option id="ilg.gnuarmeclipse.managedbuild.cross.option.optimization.functionsections.576805455.344641597" name="Function sections (-ffunction-sections)" superClass="ilg.gnuarmeclipse.managedbuild.cross.option.optimization.functionsections.576805455"/>
+							<option id="ilg.gnuarmeclipse.managedbuild.cross.option.optimization.datasections.45850729.2035890685" name="Data sections (-fdata-sections)" superClass="ilg.gnuarmeclipse.managedbuild.cross.option.optimization.datasections.45850729"/>
+							<option id="ilg.gnuarmeclipse.managedbuild.cross.option.debugging.level.686367944.2063211290" name="Debug level" superClass="ilg.gnuarmeclipse.managedbuild.cross.option.debugging.level.686367944"/>
+							<option id="ilg.gnuarmeclipse.managedbuild.cross.option.debugging.format.1933780576.1819176375" name="Debug format" superClass="ilg.gnuarmeclipse.managedbuild.cross.option.debugging.format.1933780576"/>
+							<option id="ilg.gnuarmeclipse.managedbuild.cross.option.toolchain.name.1119124835.777780299" superClass="ilg.gnuarmeclipse.managedbuild.cross.option.toolchain.name.1119124835"/>
+							<option id="ilg.gnuarmeclipse.managedbuild.cross.option.architecture.1672302679.1925510550" name="Architecture" superClass="ilg.gnuarmeclipse.managedbuild.cross.option.architecture.1672302679"/>
+							<option id="ilg.gnuarmeclipse.managedbuild.cross.option.arm.target.family.804524944.943958585" name="Arm family (-mcpu)" superClass="ilg.gnuarmeclipse.managedbuild.cross.option.arm.target.family.804524944"/>
+							<option id="ilg.gnuarmeclipse.managedbuild.cross.option.arm.target.instructionset.639185237.1145217310" name="Instruction set" superClass="ilg.gnuarmeclipse.managedbuild.cross.option.arm.target.instructionset.639185237"/>
+							<option id="ilg.gnuarmeclipse.managedbuild.cross.option.command.prefix.713463303.640847764" name="Prefix" superClass="ilg.gnuarmeclipse.managedbuild.cross.option.command.prefix.713463303"/>
+							<option id="ilg.gnuarmeclipse.managedbuild.cross.option.command.c.1410723886.1322257809" name="C compiler" superClass="ilg.gnuarmeclipse.managedbuild.cross.option.command.c.1410723886"/>
+							<option id="ilg.gnuarmeclipse.managedbuild.cross.option.command.cpp.1060276466.1442097510" name="C++ compiler" superClass="ilg.gnuarmeclipse.managedbuild.cross.option.command.cpp.1060276466"/>
+							<option id="ilg.gnuarmeclipse.managedbuild.cross.option.command.ar.165975284.839224690" name="Archiver" superClass="ilg.gnuarmeclipse.managedbuild.cross.option.command.ar.165975284"/>
+							<option id="ilg.gnuarmeclipse.managedbuild.cross.option.command.objcopy.1060167818.1097605179" name="Hex/Bin converter" superClass="ilg.gnuarmeclipse.managedbuild.cross.option.command.objcopy.1060167818"/>
+							<option id="ilg.gnuarmeclipse.managedbuild.cross.option.command.objdump.481833856.1579147089" name="Listing generator" superClass="ilg.gnuarmeclipse.managedbuild.cross.option.command.objdump.481833856"/>
+							<option id="ilg.gnuarmeclipse.managedbuild.cross.option.command.size.1526590825.480644907" name="Size command" superClass="ilg.gnuarmeclipse.managedbuild.cross.option.command.size.1526590825"/>
+							<option id="ilg.gnuarmeclipse.managedbuild.cross.option.command.make.1723421995.166049991" name="Build command" superClass="ilg.gnuarmeclipse.managedbuild.cross.option.command.make.1723421995"/>
+							<option id="ilg.gnuarmeclipse.managedbuild.cross.option.command.rm.6541130.119724110" name="Remove command" superClass="ilg.gnuarmeclipse.managedbuild.cross.option.command.rm.6541130"/>
+							<option id="ilg.gnuarmeclipse.managedbuild.cross.option.addtools.createflash.1151421133.318895847" name="Create flash image" superClass="ilg.gnuarmeclipse.managedbuild.cross.option.addtools.createflash.1151421133"/>
+							<option id="ilg.gnuarmeclipse.managedbuild.cross.option.addtools.printsize.1881347657.669835270" name="Print size" superClass="ilg.gnuarmeclipse.managedbuild.cross.option.addtools.printsize.1881347657"/>
+							<option id="ilg.gnuarmeclipse.managedbuild.cross.option.arm.target.fpu.unit.1076035654.1469939414" name="FPU Type" superClass="ilg.gnuarmeclipse.managedbuild.cross.option.arm.target.fpu.unit.1076035654"/>
+							<option id="ilg.gnuarmeclipse.managedbuild.cross.option.arm.target.fpu.abi.185856133.955906304" name="Float ABI" superClass="ilg.gnuarmeclipse.managedbuild.cross.option.arm.target.fpu.abi.185856133"/>
+							<option id="ilg.gnuarmeclipse.managedbuild.cross.option.warnings.unused.310685565.497506214" name="Warn on various unused elements (-Wunused)" superClass="ilg.gnuarmeclipse.managedbuild.cross.option.warnings.unused.310685565"/>
+							<option id="ilg.gnuarmeclipse.managedbuild.cross.option.warnings.uninitialized.739177720.1949570024" name="Warn on uninitialized variables (-Wuninitialised)" superClass="ilg.gnuarmeclipse.managedbuild.cross.option.warnings.uninitialized.739177720"/>
+							<option id="ilg.gnuarmeclipse.managedbuild.cross.option.warnings.allwarn.901972467.1484626281" name="Enable all common warnings (-Wall)" superClass="ilg.gnuarmeclipse.managedbuild.cross.option.warnings.allwarn.901972467"/>
+							<option id="ilg.gnuarmeclipse.managedbuild.cross.option.warnings.extrawarn.1056252107.747698365" name="Enable extra warnings (-Wextra)" superClass="ilg.gnuarmeclipse.managedbuild.cross.option.warnings.extrawarn.1056252107"/>
+							<option id="ilg.gnuarmeclipse.managedbuild.cross.option.warnings.missingdeclaration.588700457.547912405" name="Warn on undeclared global function (-Wmissing-declaration)" superClass="ilg.gnuarmeclipse.managedbuild.cross.option.warnings.missingdeclaration.588700457"/>
+							<option id="ilg.gnuarmeclipse.managedbuild.cross.option.warnings.conversion.1597869170.1779195624" name="Warn on implicit conversions (-Wconversion)" superClass="ilg.gnuarmeclipse.managedbuild.cross.option.warnings.conversion.1597869170"/>
+							<option id="ilg.gnuarmeclipse.managedbuild.cross.option.warnings.pointerarith.1142953678.1810713340" name="Warn if pointer arithmetic (-Wpointer-arith)" superClass="ilg.gnuarmeclipse.managedbuild.cross.option.warnings.pointerarith.1142953678"/>
+							<option id="ilg.gnuarmeclipse.managedbuild.cross.option.warnings.shadow.1255373971.1147375845" name="Warn if shadowed variable (-Wshadow)" superClass="ilg.gnuarmeclipse.managedbuild.cross.option.warnings.shadow.1255373971"/>
+							<option id="ilg.gnuarmeclipse.managedbuild.cross.option.warnings.logicalop.74885269.1851840902" name="Warn if suspicious logical ops (-Wlogical-op)" superClass="ilg.gnuarmeclipse.managedbuild.cross.option.warnings.logicalop.74885269"/>
+							<option id="ilg.gnuarmeclipse.managedbuild.cross.option.warnings.agreggatereturn.624464928.2104300534" name="Warn if struct is returned (-Wagreggate-return)" superClass="ilg.gnuarmeclipse.managedbuild.cross.option.warnings.agreggatereturn.624464928"/>
+							<option id="ilg.gnuarmeclipse.managedbuild.cross.option.warnings.floatequal.2007958701.1410330719" name="Warn if floats are compared as equal (-Wfloat-equal)" superClass="ilg.gnuarmeclipse.managedbuild.cross.option.warnings.floatequal.2007958701"/>
+							<tool id="ilg.gnuarmeclipse.managedbuild.cross.tool.assembler.1683495442" name="GNU ARM Cross Assembler" superClass="ilg.gnuarmeclipse.managedbuild.cross.tool.assembler.1937788536">
+								<inputType id="ilg.gnuarmeclipse.managedbuild.cross.tool.assembler.input.1845970605" superClass="ilg.gnuarmeclipse.managedbuild.cross.tool.assembler.input"/>
+							</tool>
+							<tool id="ilg.gnuarmeclipse.managedbuild.cross.tool.c.compiler.1652269700" name="GNU ARM Cross C Compiler" superClass="ilg.gnuarmeclipse.managedbuild.cross.tool.c.compiler.1195007717">
+								<option id="ilg.gnuarmeclipse.managedbuild.cross.option.c.compiler.other.953419839" name="Other compiler flags" superClass="ilg.gnuarmeclipse.managedbuild.cross.option.c.compiler.other" value="-w" valueType="string"/>
+								<inputType id="ilg.gnuarmeclipse.managedbuild.cross.tool.c.compiler.input.331909678" superClass="ilg.gnuarmeclipse.managedbuild.cross.tool.c.compiler.input"/>
+							</tool>
+							<tool id="ilg.gnuarmeclipse.managedbuild.cross.tool.cpp.compiler.735151687" name="GNU ARM Cross C++ Compiler" superClass="ilg.gnuarmeclipse.managedbuild.cross.tool.cpp.compiler.1212762249">
+								<option id="ilg.gnuarmeclipse.managedbuild.cross.option.cpp.compiler.other.2121414228" name="Other compiler flags" superClass="ilg.gnuarmeclipse.managedbuild.cross.option.cpp.compiler.other" value="-w" valueType="string"/>
+							</tool>
+							<tool id="ilg.gnuarmeclipse.managedbuild.cross.tool.c.linker.232454180" name="GNU ARM Cross C Linker" superClass="ilg.gnuarmeclipse.managedbuild.cross.tool.c.linker.1185911797"/>
+							<tool id="ilg.gnuarmeclipse.managedbuild.cross.tool.cpp.linker.1276557083" name="GNU ARM Cross C++ Linker" superClass="ilg.gnuarmeclipse.managedbuild.cross.tool.cpp.linker.311751680"/>
+							<tool id="ilg.gnuarmeclipse.managedbuild.cross.tool.archiver.1705617811" name="GNU ARM Cross Archiver" superClass="ilg.gnuarmeclipse.managedbuild.cross.tool.archiver.273078254"/>
+							<tool id="ilg.gnuarmeclipse.managedbuild.cross.tool.createflash.909620799" name="GNU ARM Cross Create Flash Image" superClass="ilg.gnuarmeclipse.managedbuild.cross.tool.createflash.227390892"/>
+							<tool id="ilg.gnuarmeclipse.managedbuild.cross.tool.createlisting.1096946542" name="GNU ARM Cross Create Listing" superClass="ilg.gnuarmeclipse.managedbuild.cross.tool.createlisting.545796882"/>
+							<tool id="ilg.gnuarmeclipse.managedbuild.cross.tool.printsize.510843886" name="GNU ARM Cross Print Size" superClass="ilg.gnuarmeclipse.managedbuild.cross.tool.printsize.699161355"/>
+						</toolChain>
+					</folderInfo>
 					<sourceEntries>
 						<entry excluding="common|wolfcrypt|src|src/crl.c|src/bio.c|ra|ra_gen" flags="VALUE_WORKSPACE_PATH" kind="sourcePath" name=""/>
 						<entry flags="VALUE_WORKSPACE_PATH" kind="sourcePath" name="ra"/>
@@ -230,6 +352,8 @@
 								<option IS_BUILTIN_EMPTY="false" IS_VALUE_EMPTY="false" id="ilg.gnuarmeclipse.managedbuild.cross.option.assembler.defs.564659763" name="Defined symbols (-D)" superClass="ilg.gnuarmeclipse.managedbuild.cross.option.assembler.defs" valueType="definedSymbols">
 									<listOptionValue builtIn="false" value="_RENESAS_RA_"/>
 									<listOptionValue builtIn="false" value="WOLFSSL_RENESAS_RA6M3G"/>
+									<listOptionValue builtIn="false" value="_RA_CORE=CM4"/>
+									<listOptionValue builtIn="false" value="_RA_ORDINAL=1"/>
 								</option>
 								<option IS_BUILTIN_EMPTY="false" IS_VALUE_EMPTY="false" id="ilg.gnuarmeclipse.managedbuild.cross.option.assembler.include.paths.373460777" name="Include paths (-I)" superClass="ilg.gnuarmeclipse.managedbuild.cross.option.assembler.include.paths" valueType="includePath">
 									<listOptionValue builtIn="false" value="&quot;${workspace_loc:/${ProjName}/ra/fsp/inc}&quot;"/>
@@ -248,6 +372,10 @@
 									<listOptionValue builtIn="false" value="&quot;${workspace_loc:/${ProjName}/ra/aws/amazon-freertos/libraries/freertos_plus/standard/freertos_plus_tcp/include}&quot;"/>
 									<listOptionValue builtIn="false" value="&quot;${workspace_loc:/${ProjName}/ra_cfg/fsp_cfg/driver}&quot;"/>
 									<listOptionValue builtIn="false" value="&quot;${workspace_loc:/${ProjName}/src}&quot;"/>
+									<listOptionValue builtIn="false" value="&quot;.&quot;"/>
+									<listOptionValue builtIn="false" value="&quot;${workspace_loc:/${ProjName}/ra/aws/FreeRTOS/FreeRTOS/Source/include}&quot;"/>
+									<listOptionValue builtIn="false" value="&quot;${workspace_loc:/${ProjName}/ra/arm/CMSIS_6/CMSIS/Core/Include}&quot;"/>
+									<listOptionValue builtIn="false" value="&quot;${workspace_loc:/${ProjName}/ra/aws/FreeRTOS/FreeRTOS-Plus/Source/FreeRTOS-Plus-TCP/source/include}&quot;"/>
 								</option>
 								<inputType id="ilg.gnuarmeclipse.managedbuild.cross.tool.assembler.input.1333795089" superClass="ilg.gnuarmeclipse.managedbuild.cross.tool.assembler.input"/>
 							</tool>
@@ -260,6 +388,8 @@
 									<listOptionValue builtIn="false" value="configUSE_MUTEXES=1"/>
 									<listOptionValue builtIn="false" value="configSUPPORT_STATIC_ALLOCATION=1"/>
 									<listOptionValue builtIn="false" value="configMEMORY_DYNAMIC_ALLOCATION=1"/>
+									<listOptionValue builtIn="false" value="_RA_CORE=CM4"/>
+									<listOptionValue builtIn="false" value="_RA_ORDINAL=1"/>
 								</option>
 								<option id="ilg.gnuarmeclipse.managedbuild.cross.option.c.compiler.std.4825216" name="Language standard" superClass="ilg.gnuarmeclipse.managedbuild.cross.option.c.compiler.std" useByScannerDiscovery="true" value="ilg.gnuarmeclipse.managedbuild.cross.option.c.compiler.std.c99" valueType="enumerated"/>
 								<option IS_BUILTIN_EMPTY="false" IS_VALUE_EMPTY="false" id="ilg.gnuarmeclipse.managedbuild.cross.option.c.compiler.include.paths.947802473" name="Include paths (-I)" superClass="ilg.gnuarmeclipse.managedbuild.cross.option.c.compiler.include.paths" useByScannerDiscovery="true" valueType="includePath">
@@ -278,6 +408,10 @@
 									<listOptionValue builtIn="false" value="&quot;${workspace_loc:/${ProjName}/ra/aws/amazon-freertos/libraries/freertos_plus/standard/freertos_plus_tcp/include}&quot;"/>
 									<listOptionValue builtIn="false" value="&quot;${workspace_loc:/${ProjName}/ra_cfg/fsp_cfg/driver}&quot;"/>
 									<listOptionValue builtIn="false" value="&quot;${workspace_loc:/${ProjName}/src}&quot;"/>
+									<listOptionValue builtIn="false" value="&quot;.&quot;"/>
+									<listOptionValue builtIn="false" value="&quot;${workspace_loc:/${ProjName}/ra/aws/FreeRTOS/FreeRTOS/Source/include}&quot;"/>
+									<listOptionValue builtIn="false" value="&quot;${workspace_loc:/${ProjName}/ra/arm/CMSIS_6/CMSIS/Core/Include}&quot;"/>
+									<listOptionValue builtIn="false" value="&quot;${workspace_loc:/${ProjName}/ra/aws/FreeRTOS/FreeRTOS-Plus/Source/FreeRTOS-Plus-TCP/source/include}&quot;"/>
 								</option>
 								<inputType id="ilg.gnuarmeclipse.managedbuild.cross.tool.c.compiler.input.179918099" superClass="ilg.gnuarmeclipse.managedbuild.cross.tool.c.compiler.input"/>
 							</tool>
@@ -316,6 +450,116 @@
 							</tool>
 						</toolChain>
 					</folderInfo>
+					<folderInfo id="com.renesas.cdt.managedbuild.gnuarm.config.lib.release.764611173./ra/aws" name="aws" resourcePath="ra/aws">
+						<toolChain id="com.renesas.cdt.managedbuild.gnuarm.toolchain.lib.release.841262386" name="GCC ARM Embedded" superClass="com.renesas.cdt.managedbuild.gnuarm.toolchain.lib.release" unusedChildren="">
+							<option id="ilg.gnuarmeclipse.managedbuild.cross.option.optimization.level.108708741.268489898" name="Optimization Level" superClass="ilg.gnuarmeclipse.managedbuild.cross.option.optimization.level.108708741"/>
+							<option id="ilg.gnuarmeclipse.managedbuild.cross.option.optimization.messagelength.493159718.595308363" name="Message length (-fmessage-length=0)" superClass="ilg.gnuarmeclipse.managedbuild.cross.option.optimization.messagelength.493159718"/>
+							<option id="ilg.gnuarmeclipse.managedbuild.cross.option.optimization.signedchar.510155687.185182196" name="'char' is signed (-fsigned-char)" superClass="ilg.gnuarmeclipse.managedbuild.cross.option.optimization.signedchar.510155687"/>
+							<option id="ilg.gnuarmeclipse.managedbuild.cross.option.optimization.functionsections.1446253115.1754931245" name="Function sections (-ffunction-sections)" superClass="ilg.gnuarmeclipse.managedbuild.cross.option.optimization.functionsections.1446253115"/>
+							<option id="ilg.gnuarmeclipse.managedbuild.cross.option.optimization.datasections.799994481.222621468" name="Data sections (-fdata-sections)" superClass="ilg.gnuarmeclipse.managedbuild.cross.option.optimization.datasections.799994481"/>
+							<option id="ilg.gnuarmeclipse.managedbuild.cross.option.debugging.level.807491339.38834977" name="Debug level" superClass="ilg.gnuarmeclipse.managedbuild.cross.option.debugging.level.807491339"/>
+							<option id="ilg.gnuarmeclipse.managedbuild.cross.option.debugging.format.295018593.953158158" name="Debug format" superClass="ilg.gnuarmeclipse.managedbuild.cross.option.debugging.format.295018593"/>
+							<option id="ilg.gnuarmeclipse.managedbuild.cross.option.toolchain.name.1246069395.688900980" superClass="ilg.gnuarmeclipse.managedbuild.cross.option.toolchain.name.1246069395"/>
+							<option id="ilg.gnuarmeclipse.managedbuild.cross.option.architecture.490030095.1559633018" name="Architecture" superClass="ilg.gnuarmeclipse.managedbuild.cross.option.architecture.490030095"/>
+							<option id="ilg.gnuarmeclipse.managedbuild.cross.option.arm.target.family.2103553360.105365571" name="Arm family (-mcpu)" superClass="ilg.gnuarmeclipse.managedbuild.cross.option.arm.target.family.2103553360"/>
+							<option id="ilg.gnuarmeclipse.managedbuild.cross.option.arm.target.instructionset.1893374652.1806828881" name="Instruction set" superClass="ilg.gnuarmeclipse.managedbuild.cross.option.arm.target.instructionset.1893374652"/>
+							<option id="ilg.gnuarmeclipse.managedbuild.cross.option.command.prefix.469714856.1777921757" name="Prefix" superClass="ilg.gnuarmeclipse.managedbuild.cross.option.command.prefix.469714856"/>
+							<option id="ilg.gnuarmeclipse.managedbuild.cross.option.command.c.2016546203.1029662828" name="C compiler" superClass="ilg.gnuarmeclipse.managedbuild.cross.option.command.c.2016546203"/>
+							<option id="ilg.gnuarmeclipse.managedbuild.cross.option.command.cpp.118965071.623619160" name="C++ compiler" superClass="ilg.gnuarmeclipse.managedbuild.cross.option.command.cpp.118965071"/>
+							<option id="ilg.gnuarmeclipse.managedbuild.cross.option.command.ar.2079701456.669770466" name="Archiver" superClass="ilg.gnuarmeclipse.managedbuild.cross.option.command.ar.2079701456"/>
+							<option id="ilg.gnuarmeclipse.managedbuild.cross.option.command.objcopy.1564469790.999346301" name="Hex/Bin converter" superClass="ilg.gnuarmeclipse.managedbuild.cross.option.command.objcopy.1564469790"/>
+							<option id="ilg.gnuarmeclipse.managedbuild.cross.option.command.objdump.1768209294.309178141" name="Listing generator" superClass="ilg.gnuarmeclipse.managedbuild.cross.option.command.objdump.1768209294"/>
+							<option id="ilg.gnuarmeclipse.managedbuild.cross.option.command.size.1832870324.1502596531" name="Size command" superClass="ilg.gnuarmeclipse.managedbuild.cross.option.command.size.1832870324"/>
+							<option id="ilg.gnuarmeclipse.managedbuild.cross.option.command.make.674776333.412791702" name="Build command" superClass="ilg.gnuarmeclipse.managedbuild.cross.option.command.make.674776333"/>
+							<option id="ilg.gnuarmeclipse.managedbuild.cross.option.command.rm.477658091.1732565883" name="Remove command" superClass="ilg.gnuarmeclipse.managedbuild.cross.option.command.rm.477658091"/>
+							<option id="ilg.gnuarmeclipse.managedbuild.cross.option.addtools.createflash.1191230920.101713400" name="Create flash image" superClass="ilg.gnuarmeclipse.managedbuild.cross.option.addtools.createflash.1191230920"/>
+							<option id="ilg.gnuarmeclipse.managedbuild.cross.option.addtools.printsize.108292829.880634767" name="Print size" superClass="ilg.gnuarmeclipse.managedbuild.cross.option.addtools.printsize.108292829"/>
+							<option id="ilg.gnuarmeclipse.managedbuild.cross.option.arm.target.fpu.unit.1112374071.676068018" name="FPU Type" superClass="ilg.gnuarmeclipse.managedbuild.cross.option.arm.target.fpu.unit.1112374071"/>
+							<option id="ilg.gnuarmeclipse.managedbuild.cross.option.arm.target.fpu.abi.1555340921.1992175329" name="Float ABI" superClass="ilg.gnuarmeclipse.managedbuild.cross.option.arm.target.fpu.abi.1555340921"/>
+							<option id="ilg.gnuarmeclipse.managedbuild.cross.option.warnings.unused.586319347.2002697044" name="Warn on various unused elements (-Wunused)" superClass="ilg.gnuarmeclipse.managedbuild.cross.option.warnings.unused.586319347"/>
+							<option id="ilg.gnuarmeclipse.managedbuild.cross.option.warnings.uninitialized.99678983.543790376" name="Warn on uninitialized variables (-Wuninitialised)" superClass="ilg.gnuarmeclipse.managedbuild.cross.option.warnings.uninitialized.99678983"/>
+							<option id="ilg.gnuarmeclipse.managedbuild.cross.option.warnings.allwarn.1599378543.70059659" name="Enable all common warnings (-Wall)" superClass="ilg.gnuarmeclipse.managedbuild.cross.option.warnings.allwarn.1599378543"/>
+							<option id="ilg.gnuarmeclipse.managedbuild.cross.option.warnings.extrawarn.635741850.977893998" name="Enable extra warnings (-Wextra)" superClass="ilg.gnuarmeclipse.managedbuild.cross.option.warnings.extrawarn.635741850"/>
+							<option id="ilg.gnuarmeclipse.managedbuild.cross.option.warnings.missingdeclaration.1565105596.481834515" name="Warn on undeclared global function (-Wmissing-declaration)" superClass="ilg.gnuarmeclipse.managedbuild.cross.option.warnings.missingdeclaration.1565105596"/>
+							<option id="ilg.gnuarmeclipse.managedbuild.cross.option.warnings.conversion.902138649.2070603189" name="Warn on implicit conversions (-Wconversion)" superClass="ilg.gnuarmeclipse.managedbuild.cross.option.warnings.conversion.902138649"/>
+							<option id="ilg.gnuarmeclipse.managedbuild.cross.option.warnings.pointerarith.438745077.1946313977" name="Warn if pointer arithmetic (-Wpointer-arith)" superClass="ilg.gnuarmeclipse.managedbuild.cross.option.warnings.pointerarith.438745077"/>
+							<option id="ilg.gnuarmeclipse.managedbuild.cross.option.warnings.shadow.2007533808.290542154" name="Warn if shadowed variable (-Wshadow)" superClass="ilg.gnuarmeclipse.managedbuild.cross.option.warnings.shadow.2007533808"/>
+							<option id="ilg.gnuarmeclipse.managedbuild.cross.option.warnings.logicalop.1202316177.1021894556" name="Warn if suspicious logical ops (-Wlogical-op)" superClass="ilg.gnuarmeclipse.managedbuild.cross.option.warnings.logicalop.1202316177"/>
+							<option id="ilg.gnuarmeclipse.managedbuild.cross.option.warnings.agreggatereturn.1438675558.1691638130" name="Warn if struct is returned (-Wagreggate-return)" superClass="ilg.gnuarmeclipse.managedbuild.cross.option.warnings.agreggatereturn.1438675558"/>
+							<option id="ilg.gnuarmeclipse.managedbuild.cross.option.warnings.floatequal.1570502611.1736056155" name="Warn if floats are compared as equal (-Wfloat-equal)" superClass="ilg.gnuarmeclipse.managedbuild.cross.option.warnings.floatequal.1570502611"/>
+							<tool id="ilg.gnuarmeclipse.managedbuild.cross.tool.assembler.174676040" name="GNU ARM Cross Assembler" superClass="ilg.gnuarmeclipse.managedbuild.cross.tool.assembler.315036765">
+								<inputType id="ilg.gnuarmeclipse.managedbuild.cross.tool.assembler.input.746965816" superClass="ilg.gnuarmeclipse.managedbuild.cross.tool.assembler.input"/>
+							</tool>
+							<tool id="ilg.gnuarmeclipse.managedbuild.cross.tool.c.compiler.1200455962" name="GNU ARM Cross C Compiler" superClass="ilg.gnuarmeclipse.managedbuild.cross.tool.c.compiler.1007215142">
+								<option id="ilg.gnuarmeclipse.managedbuild.cross.option.c.compiler.other.453274674" name="Other compiler flags" superClass="ilg.gnuarmeclipse.managedbuild.cross.option.c.compiler.other" value="-w" valueType="string"/>
+								<inputType id="ilg.gnuarmeclipse.managedbuild.cross.tool.c.compiler.input.99032971" superClass="ilg.gnuarmeclipse.managedbuild.cross.tool.c.compiler.input"/>
+							</tool>
+							<tool id="ilg.gnuarmeclipse.managedbuild.cross.tool.cpp.compiler.1968377712" name="GNU ARM Cross C++ Compiler" superClass="ilg.gnuarmeclipse.managedbuild.cross.tool.cpp.compiler.619807753">
+								<option id="ilg.gnuarmeclipse.managedbuild.cross.option.cpp.compiler.other.470700972" name="Other compiler flags" superClass="ilg.gnuarmeclipse.managedbuild.cross.option.cpp.compiler.other" value="-w" valueType="string"/>
+							</tool>
+							<tool id="ilg.gnuarmeclipse.managedbuild.cross.tool.c.linker.851780040" name="GNU ARM Cross C Linker" superClass="ilg.gnuarmeclipse.managedbuild.cross.tool.c.linker.918399890"/>
+							<tool id="ilg.gnuarmeclipse.managedbuild.cross.tool.cpp.linker.1866494507" name="GNU ARM Cross C++ Linker" superClass="ilg.gnuarmeclipse.managedbuild.cross.tool.cpp.linker.1156606973"/>
+							<tool id="ilg.gnuarmeclipse.managedbuild.cross.tool.archiver.1864013800" name="GNU ARM Cross Archiver" superClass="ilg.gnuarmeclipse.managedbuild.cross.tool.archiver.219033935"/>
+							<tool id="ilg.gnuarmeclipse.managedbuild.cross.tool.createflash.408871102" name="GNU ARM Cross Create Flash Image" superClass="ilg.gnuarmeclipse.managedbuild.cross.tool.createflash.840367062"/>
+							<tool id="ilg.gnuarmeclipse.managedbuild.cross.tool.createlisting.1594321218" name="GNU ARM Cross Create Listing" superClass="ilg.gnuarmeclipse.managedbuild.cross.tool.createlisting.1457763339"/>
+							<tool id="ilg.gnuarmeclipse.managedbuild.cross.tool.printsize.1270950787" name="GNU ARM Cross Print Size" superClass="ilg.gnuarmeclipse.managedbuild.cross.tool.printsize.993906098"/>
+						</toolChain>
+					</folderInfo>
+					<folderInfo id="com.renesas.cdt.managedbuild.gnuarm.config.lib.release.764611173./ra/arm" name="arm" resourcePath="ra/arm">
+						<toolChain id="com.renesas.cdt.managedbuild.gnuarm.toolchain.lib.release.1304302803" name="GCC ARM Embedded" superClass="com.renesas.cdt.managedbuild.gnuarm.toolchain.lib.release" unusedChildren="">
+							<option id="ilg.gnuarmeclipse.managedbuild.cross.option.optimization.level.108708741.724359540" name="Optimization Level" superClass="ilg.gnuarmeclipse.managedbuild.cross.option.optimization.level.108708741"/>
+							<option id="ilg.gnuarmeclipse.managedbuild.cross.option.optimization.messagelength.493159718.409707622" name="Message length (-fmessage-length=0)" superClass="ilg.gnuarmeclipse.managedbuild.cross.option.optimization.messagelength.493159718"/>
+							<option id="ilg.gnuarmeclipse.managedbuild.cross.option.optimization.signedchar.510155687.223231316" name="'char' is signed (-fsigned-char)" superClass="ilg.gnuarmeclipse.managedbuild.cross.option.optimization.signedchar.510155687"/>
+							<option id="ilg.gnuarmeclipse.managedbuild.cross.option.optimization.functionsections.1446253115.1425950636" name="Function sections (-ffunction-sections)" superClass="ilg.gnuarmeclipse.managedbuild.cross.option.optimization.functionsections.1446253115"/>
+							<option id="ilg.gnuarmeclipse.managedbuild.cross.option.optimization.datasections.799994481.1840680707" name="Data sections (-fdata-sections)" superClass="ilg.gnuarmeclipse.managedbuild.cross.option.optimization.datasections.799994481"/>
+							<option id="ilg.gnuarmeclipse.managedbuild.cross.option.debugging.level.807491339.156648222" name="Debug level" superClass="ilg.gnuarmeclipse.managedbuild.cross.option.debugging.level.807491339"/>
+							<option id="ilg.gnuarmeclipse.managedbuild.cross.option.debugging.format.295018593.703235600" name="Debug format" superClass="ilg.gnuarmeclipse.managedbuild.cross.option.debugging.format.295018593"/>
+							<option id="ilg.gnuarmeclipse.managedbuild.cross.option.toolchain.name.1246069395.1067049168" superClass="ilg.gnuarmeclipse.managedbuild.cross.option.toolchain.name.1246069395"/>
+							<option id="ilg.gnuarmeclipse.managedbuild.cross.option.architecture.490030095.469915089" name="Architecture" superClass="ilg.gnuarmeclipse.managedbuild.cross.option.architecture.490030095"/>
+							<option id="ilg.gnuarmeclipse.managedbuild.cross.option.arm.target.family.2103553360.824278182" name="Arm family (-mcpu)" superClass="ilg.gnuarmeclipse.managedbuild.cross.option.arm.target.family.2103553360"/>
+							<option id="ilg.gnuarmeclipse.managedbuild.cross.option.arm.target.instructionset.1893374652.1981233456" name="Instruction set" superClass="ilg.gnuarmeclipse.managedbuild.cross.option.arm.target.instructionset.1893374652"/>
+							<option id="ilg.gnuarmeclipse.managedbuild.cross.option.command.prefix.469714856.1327471490" name="Prefix" superClass="ilg.gnuarmeclipse.managedbuild.cross.option.command.prefix.469714856"/>
+							<option id="ilg.gnuarmeclipse.managedbuild.cross.option.command.c.2016546203.1783964207" name="C compiler" superClass="ilg.gnuarmeclipse.managedbuild.cross.option.command.c.2016546203"/>
+							<option id="ilg.gnuarmeclipse.managedbuild.cross.option.command.cpp.118965071.1509550005" name="C++ compiler" superClass="ilg.gnuarmeclipse.managedbuild.cross.option.command.cpp.118965071"/>
+							<option id="ilg.gnuarmeclipse.managedbuild.cross.option.command.ar.2079701456.971576282" name="Archiver" superClass="ilg.gnuarmeclipse.managedbuild.cross.option.command.ar.2079701456"/>
+							<option id="ilg.gnuarmeclipse.managedbuild.cross.option.command.objcopy.1564469790.1186674688" name="Hex/Bin converter" superClass="ilg.gnuarmeclipse.managedbuild.cross.option.command.objcopy.1564469790"/>
+							<option id="ilg.gnuarmeclipse.managedbuild.cross.option.command.objdump.1768209294.1087918809" name="Listing generator" superClass="ilg.gnuarmeclipse.managedbuild.cross.option.command.objdump.1768209294"/>
+							<option id="ilg.gnuarmeclipse.managedbuild.cross.option.command.size.1832870324.1065544037" name="Size command" superClass="ilg.gnuarmeclipse.managedbuild.cross.option.command.size.1832870324"/>
+							<option id="ilg.gnuarmeclipse.managedbuild.cross.option.command.make.674776333.1694531840" name="Build command" superClass="ilg.gnuarmeclipse.managedbuild.cross.option.command.make.674776333"/>
+							<option id="ilg.gnuarmeclipse.managedbuild.cross.option.command.rm.477658091.1609130535" name="Remove command" superClass="ilg.gnuarmeclipse.managedbuild.cross.option.command.rm.477658091"/>
+							<option id="ilg.gnuarmeclipse.managedbuild.cross.option.addtools.createflash.1191230920.2023387958" name="Create flash image" superClass="ilg.gnuarmeclipse.managedbuild.cross.option.addtools.createflash.1191230920"/>
+							<option id="ilg.gnuarmeclipse.managedbuild.cross.option.addtools.printsize.108292829.2036079893" name="Print size" superClass="ilg.gnuarmeclipse.managedbuild.cross.option.addtools.printsize.108292829"/>
+							<option id="ilg.gnuarmeclipse.managedbuild.cross.option.arm.target.fpu.unit.1112374071.1379940229" name="FPU Type" superClass="ilg.gnuarmeclipse.managedbuild.cross.option.arm.target.fpu.unit.1112374071"/>
+							<option id="ilg.gnuarmeclipse.managedbuild.cross.option.arm.target.fpu.abi.1555340921.101483448" name="Float ABI" superClass="ilg.gnuarmeclipse.managedbuild.cross.option.arm.target.fpu.abi.1555340921"/>
+							<option id="ilg.gnuarmeclipse.managedbuild.cross.option.warnings.unused.586319347.1969593843" name="Warn on various unused elements (-Wunused)" superClass="ilg.gnuarmeclipse.managedbuild.cross.option.warnings.unused.586319347"/>
+							<option id="ilg.gnuarmeclipse.managedbuild.cross.option.warnings.uninitialized.99678983.601301996" name="Warn on uninitialized variables (-Wuninitialised)" superClass="ilg.gnuarmeclipse.managedbuild.cross.option.warnings.uninitialized.99678983"/>
+							<option id="ilg.gnuarmeclipse.managedbuild.cross.option.warnings.allwarn.1599378543.520690415" name="Enable all common warnings (-Wall)" superClass="ilg.gnuarmeclipse.managedbuild.cross.option.warnings.allwarn.1599378543"/>
+							<option id="ilg.gnuarmeclipse.managedbuild.cross.option.warnings.extrawarn.635741850.278085474" name="Enable extra warnings (-Wextra)" superClass="ilg.gnuarmeclipse.managedbuild.cross.option.warnings.extrawarn.635741850"/>
+							<option id="ilg.gnuarmeclipse.managedbuild.cross.option.warnings.missingdeclaration.1565105596.989240394" name="Warn on undeclared global function (-Wmissing-declaration)" superClass="ilg.gnuarmeclipse.managedbuild.cross.option.warnings.missingdeclaration.1565105596"/>
+							<option id="ilg.gnuarmeclipse.managedbuild.cross.option.warnings.conversion.902138649.990632019" name="Warn on implicit conversions (-Wconversion)" superClass="ilg.gnuarmeclipse.managedbuild.cross.option.warnings.conversion.902138649"/>
+							<option id="ilg.gnuarmeclipse.managedbuild.cross.option.warnings.pointerarith.438745077.1488784842" name="Warn if pointer arithmetic (-Wpointer-arith)" superClass="ilg.gnuarmeclipse.managedbuild.cross.option.warnings.pointerarith.438745077"/>
+							<option id="ilg.gnuarmeclipse.managedbuild.cross.option.warnings.shadow.2007533808.1452456768" name="Warn if shadowed variable (-Wshadow)" superClass="ilg.gnuarmeclipse.managedbuild.cross.option.warnings.shadow.2007533808"/>
+							<option id="ilg.gnuarmeclipse.managedbuild.cross.option.warnings.logicalop.1202316177.239403668" name="Warn if suspicious logical ops (-Wlogical-op)" superClass="ilg.gnuarmeclipse.managedbuild.cross.option.warnings.logicalop.1202316177"/>
+							<option id="ilg.gnuarmeclipse.managedbuild.cross.option.warnings.agreggatereturn.1438675558.1096318820" name="Warn if struct is returned (-Wagreggate-return)" superClass="ilg.gnuarmeclipse.managedbuild.cross.option.warnings.agreggatereturn.1438675558"/>
+							<option id="ilg.gnuarmeclipse.managedbuild.cross.option.warnings.floatequal.1570502611.777405987" name="Warn if floats are compared as equal (-Wfloat-equal)" superClass="ilg.gnuarmeclipse.managedbuild.cross.option.warnings.floatequal.1570502611"/>
+							<tool id="ilg.gnuarmeclipse.managedbuild.cross.tool.assembler.815468667" name="GNU ARM Cross Assembler" superClass="ilg.gnuarmeclipse.managedbuild.cross.tool.assembler.315036765">
+								<inputType id="ilg.gnuarmeclipse.managedbuild.cross.tool.assembler.input.1447635171" superClass="ilg.gnuarmeclipse.managedbuild.cross.tool.assembler.input"/>
+							</tool>
+							<tool id="ilg.gnuarmeclipse.managedbuild.cross.tool.c.compiler.423579013" name="GNU ARM Cross C Compiler" superClass="ilg.gnuarmeclipse.managedbuild.cross.tool.c.compiler.1007215142">
+								<option id="ilg.gnuarmeclipse.managedbuild.cross.option.c.compiler.other.1744967881" name="Other compiler flags" superClass="ilg.gnuarmeclipse.managedbuild.cross.option.c.compiler.other" value="-w" valueType="string"/>
+								<inputType id="ilg.gnuarmeclipse.managedbuild.cross.tool.c.compiler.input.333027275" superClass="ilg.gnuarmeclipse.managedbuild.cross.tool.c.compiler.input"/>
+							</tool>
+							<tool id="ilg.gnuarmeclipse.managedbuild.cross.tool.cpp.compiler.930430993" name="GNU ARM Cross C++ Compiler" superClass="ilg.gnuarmeclipse.managedbuild.cross.tool.cpp.compiler.619807753">
+								<option id="ilg.gnuarmeclipse.managedbuild.cross.option.cpp.compiler.other.1898228441" name="Other compiler flags" superClass="ilg.gnuarmeclipse.managedbuild.cross.option.cpp.compiler.other" value="-w" valueType="string"/>
+							</tool>
+							<tool id="ilg.gnuarmeclipse.managedbuild.cross.tool.c.linker.220065215" name="GNU ARM Cross C Linker" superClass="ilg.gnuarmeclipse.managedbuild.cross.tool.c.linker.918399890"/>
+							<tool id="ilg.gnuarmeclipse.managedbuild.cross.tool.cpp.linker.921229835" name="GNU ARM Cross C++ Linker" superClass="ilg.gnuarmeclipse.managedbuild.cross.tool.cpp.linker.1156606973"/>
+							<tool id="ilg.gnuarmeclipse.managedbuild.cross.tool.archiver.1275848948" name="GNU ARM Cross Archiver" superClass="ilg.gnuarmeclipse.managedbuild.cross.tool.archiver.219033935"/>
+							<tool id="ilg.gnuarmeclipse.managedbuild.cross.tool.createflash.2073472652" name="GNU ARM Cross Create Flash Image" superClass="ilg.gnuarmeclipse.managedbuild.cross.tool.createflash.840367062"/>
+							<tool id="ilg.gnuarmeclipse.managedbuild.cross.tool.createlisting.1016269343" name="GNU ARM Cross Create Listing" superClass="ilg.gnuarmeclipse.managedbuild.cross.tool.createlisting.1457763339"/>
+							<tool id="ilg.gnuarmeclipse.managedbuild.cross.tool.printsize.354014570" name="GNU ARM Cross Print Size" superClass="ilg.gnuarmeclipse.managedbuild.cross.tool.printsize.993906098"/>
+						</toolChain>
+					</folderInfo>
 					<sourceEntries>
 						<entry flags="VALUE_WORKSPACE_PATH|RESOLVED" kind="sourcePath" name="ra"/>
 						<entry flags="VALUE_WORKSPACE_PATH|RESOLVED" kind="sourcePath" name="ra_gen"/>
diff --git a/IDE/Renesas/e2studio/RA6M4/README.md b/IDE/Renesas/e2studio/RA6M4/README.md
index f53c0a1ed..c576d8c1e 100644
--- a/IDE/Renesas/e2studio/RA6M4/README.md
+++ b/IDE/Renesas/e2studio/RA6M4/README.md
@@ -24,29 +24,29 @@ The wolfssl Project Summary is listed below and is relevant for every project.
 |Board|EK-RA6M4|
 |Device|R7FA6M4AF3CFB|
 |Toolchain|GCC ARM Embedded|
-|FSP Version|5.4.0|
+|FSP Version|6.1.0|
 
 #### Selected software components
 
 |Components|Version|
 |:--|:--|
-|Board Support Package Common Files|v5.4.0|
-|Secure Cryptography Engine on RA6 Protected Mode|v5.4.0|
-|I/O Port|v5.4.0|
-|Arm CMSIS Version 5 - Core (M)|v6.1.0+fsp.5.4.0|
-|RA6M4-EK Board Support Files|v5.4.0|
-|Board support package for R7FA6M4AF3CFB|v5.4.0|
-|Board support package for RA6M4 - Events|v5.4.0|
-|Board support package for RA6M4|v5.4.0|
-|Board support package for RA6M4 - FSP Data|v5.4.0|
-|FreeRTOS|v10.6.1+fsp.5.4.0|
-|FreeRTOS - Memory Management - Heap 4|v10.6.1+fsp.5.4.0|
-|r_ether to FreeRTOS+TCP Wrapper|v5.4.0|
-|Ethernet|v5.4.0|
-|Ethernet PHY|v5.4.0|
-|FreeRTOS+TCP|v4.0.0+fsp.5.4.0|
-|FreeRTOS - Buffer Allocation 2|v4.0.0+fsp.5.4.0|
-|FreeRTOS Port|v5.4.0|
+|Board Support Package Common Files|v6.1.0|
+|Secure Cryptography Engine on RA6 Protected Mode|v6.1.0|
+|I/O Port|v6.1.0|
+|Arm CMSIS Version 5 - Core (M)|v6.1.0+fsp.6.1.0|
+|RA6M4-EK Board Support Files|v6.1.0|
+|Board support package for R7FA6M4AF3CFB|v6.1.0|
+|Board support package for RA6M4 - Events|v6.1.0|
+|Board support package for RA6M4|v6.1.0|
+|Board support package for RA6M4 - FSP Data|v6.1.0|
+|FreeRTOS|v11.1.0+fsp.6.1.0|
+|FreeRTOS - Memory Management - Heap 4|v11.1.0+fsp.6.1.0|
+|r_ether to FreeRTOS+TCP Wrapper|v6.1.0|
+|Ethernet|v6.1.0|
+|Ethernet PHY|v6.1.0|
+|FreeRTOS+TCP|v4.3.3+fsp.6.1.0|
+|FreeRTOS - Buffer Allocation 2|v4.3.3+fsp.6.1.0|
+|FreeRTOS Port|v6.1.0|
 
 ## Setup Steps and Build wolfSSL Library
 
@@ -58,10 +58,11 @@ The wolfssl Project Summary is listed below and is relevant for every project.
 
 2.) Create a `dummy_library` Static Library.
 
-+ Click File->New->`RA C/C++ Project`.
-+ Select `EK-RA6M4` from Drop-down list.
-+ Check `Static Library`.
-+ Select FreeRTOS from RTOS selection. Click Next.
++ Click File->New->`RA C/C++ Project`. Select `EK-RA6M4` from Drop-down list.
++ Select `Flat(Non-TrustZone) Project`. Click Next.
++ Select `None`. Click Next.
++ Check `Static Library`. Click Next.
++ Select `FreeRTOS` from RTOS selection. Click Next.
 + Check `FreeRTOS minimal - Static Allocation`. Click Finish.
 + Open Smart Configurator by clicking configuration.xml in the project
 + Go to `BSP` tab and increase Heap Size under `RA Common` on Properties page, e.g. 0x1000
@@ -82,7 +83,8 @@ The wolfssl Project Summary is listed below and is relevant for every project.
 
 + Add `Heap 4` stack to sce_tst_thread from `New Stack` -> `RTOS` -> `FreeRTOS Heap 4`
 + Add `FreeRTOS + TCP` stack to sce_tst_thread from `New Stack` -> `Networking` -> `FreeRTOS+TCP` and set properties
-
++ Add Ethernet Driver by clicking `Add Ethernet Driver` element and select `New` -> `Ethernet(r_ether)`
++ Increase Heap size of `RA Common`. Go to `BSP` tab and inclease `RA Common` -> `Heap size (bytes)` to 0x2000
 |Property|Value|
 |:--|:--|
 |Network Events call vApplicationIPNetworkEventHook|Disable|
@@ -97,15 +99,15 @@ The wolfssl Project Summary is listed below and is relevant for every project.
 
 4.) Create a 'dummy_application' Renesas RA C Project Using RA Library.
 
-+ Click File->New->`RA C/C++ Project`.
-+ Select `EK-RA6M4` from Drop-down list.
-+ Check `Executable Using an RA Static Library`.
-+ Select FreeRTOS from RTOS selection. Click Finish.
++ Click File->New->`RA C/C++ Project`. Select `EK-RA6M4` from Drop-down list. Click Next.
++ Select `Flat(Non-TrustZone) Project`. Click Next
++ Select `None`. Click Next
++ Check `Executable Using an RA Static Library`. Select FreeRTOS from RTOS selection. Click Finish.
 + Enter `dummy_application` as the project name. Click Next.
-+ Under `RA library project`, select `wolfSSL_RA6M4`.
-+ Click Finish.
++ Under `RA library project`, select `wolfSSL_RA6M4`. Click Finish.
 + Copy the following folder and file at `dummy_application` to `test_RA6M4`\
   script/\
+  Debug/\
   src/sce_tst_thread_entry.c
 
 + Add `sce_test()` call under /* TODO: add your own code here */ line at sce_tst_thread_entry.c
@@ -131,29 +133,33 @@ The wolfssl Project Summary is listed below and is relevant for every project.
 + To place RTT block specific area, you can add the following line to `fsp.ld`:
 
 ```
-    .bss :
+    __ram_from_flash$$ :
     {
-        . = ALIGN(4);
-        __bss_start__ = .;
-        *(.bss*)
-        *(COMMON)
-        KEEP(*(.rtt_block)) /* <-- for SEGGER_RTT control block */
-        . = ALIGN(4);
-        __bss_end__ = .;
-    } > RAM
+        __ram_from_flash$$Base = .;__ram_from_flash$$Load = LOADADDR(__ram_from_flash$$);
+        /* section.ram.from_flash */
+        *(.ram_from_flash)
+        /* section.ram.code_from_flash */
+        *(.txt.rtt_block)              /* <-- for SEGGER_RTT control block */
+        *(.ram_code_from_flash)
+        *(.data*)
+        *(vtable)
+        __ram_from_flash$$Limit = .;
+    }> RAM AT > FLASH
 ```
   Also, adding the following line to `SEGGER_RTT.c`:
 
 ```
-SEGGER_RTT_CB _SEGGER_RTT __attribute__((section(".rtt_block")));
+SEGGER_RTT_CB _SEGGER_RTT __attribute__((section(".txt.rtt_block")));
 ```
 
   As the result, you can find the following similar line in the map file.
   e.g.
     [test_RA6M4.map]
    ```
-     .rtt_block     0x20023648       0xa8 ./src/SEGGER_RTT/SEGGER_RTT.o
-                    0x20023648                _SEGGER_RTT
+   *(.txt.rtt_block)
+   .txt.rtt_block
+               0x20000000       0xa8 ./src/SEGGER_RTT/SEGGER_RTT.o
+               0x20000000                _SEGGER_RTT
    ````
     you can specify "RTT control block" to 0x20023648 by Address
     OR
diff --git a/IDE/Renesas/e2studio/RA6M4/common/user_settings.h b/IDE/Renesas/e2studio/RA6M4/common/user_settings.h
index d6a98a90a..99c1bde05 100644
--- a/IDE/Renesas/e2studio/RA6M4/common/user_settings.h
+++ b/IDE/Renesas/e2studio/RA6M4/common/user_settings.h
@@ -108,10 +108,10 @@
     #define WC_USE_DEVID 7890
     #define NO_AES_192
     #define NO_SW_BENCH
-#endif
-
-#if defined(WOLFSSL_RENESAS_SCEPROTECT_CRYPTONLY)
+    /* Use SCE RSAES-PKCS1-V1_5 RSA Function */
+    #define WOLF_CRYPTO_CB_RSA_PAD
     #define WOLFSSL_KEY_GEN
+    #define RSA_MIN_SIZE 512
 #endif
 
 #define CUSTOM_RAND_GENERATE_BLOCK wc_fspsm_GenerateRandBlock
diff --git a/IDE/Renesas/e2studio/RA6M4/test/.cproject b/IDE/Renesas/e2studio/RA6M4/test/.cproject
index 11ea16645..57bd1be4e 100644
--- a/IDE/Renesas/e2studio/RA6M4/test/.cproject
+++ b/IDE/Renesas/e2studio/RA6M4/test/.cproject
@@ -87,6 +87,7 @@
 								<option id="ilg.gnuarmeclipse.managedbuild.cross.option.c.compiler.std.1084991557" name="Language standard" superClass="ilg.gnuarmeclipse.managedbuild.cross.option.c.compiler.std" useByScannerDiscovery="true" value="ilg.gnuarmeclipse.managedbuild.cross.option.c.compiler.std.c99" valueType="enumerated"/>
 								<option IS_BUILTIN_EMPTY="false" IS_VALUE_EMPTY="false" id="ilg.gnuarmeclipse.managedbuild.cross.option.c.compiler.include.paths.2023903025" name="Include paths (-I)" superClass="ilg.gnuarmeclipse.managedbuild.cross.option.c.compiler.include.paths" useByScannerDiscovery="true" valueType="includePath">
 									<listOptionValue builtIn="false" value="&quot;${workspace_loc:/${ProjName}/key_data}&quot;"/>
+									<listOptionValue builtIn="false" value="&quot;${workspace_loc:/wolfSSL_RA6M4/Debug}&quot;"/>
 									<listOptionValue builtIn="false" value="&quot;${ProjDirPath}/../common&quot;"/>
 									<listOptionValue builtIn="false" value="&quot;${ProjDirPath}/../../../../../&quot;"/>
 									<listOptionValue builtIn="false" value="&quot;${workspace_loc:/wolfSSL_RA6M4/src}&quot;"/>
diff --git a/IDE/Renesas/e2studio/RA6M4/test/src/test_main.c b/IDE/Renesas/e2studio/RA6M4/test/src/test_main.c
index b804ffcdc..8b4f02789 100644
--- a/IDE/Renesas/e2studio/RA6M4/test/src/test_main.c
+++ b/IDE/Renesas/e2studio/RA6M4/test/src/test_main.c
@@ -50,19 +50,6 @@ void abort(void);
  int sce_crypt_test();
 #endif
 
-void R_BSP_WarmStart(bsp_warm_start_event_t event);
-
-/* the function is called just before main() to set up pins */
-/* this needs to be called to setup IO Port */
-void R_BSP_WarmStart (bsp_warm_start_event_t event)
-{
-
-    if (BSP_WARM_START_POST_C == event) {
-        /* C runtime environment and system clocks are setup. */
-        /* Configure pins. */
-        R_IOPORT_Open(&g_ioport_ctrl, g_ioport.p_cfg);
-    }
-}
 
 #if defined(TLS_CLIENT)
 
@@ -150,18 +137,27 @@ void Clr_CallbackCtx(FSPSM_ST *g)
 {
     (void) g;
 
-   #if defined(WOLFSSL_RENESAS_SCEPROTECT_CRYPTONLY)
-    XFREE(g->wrapped_key_rsapri2048, NULL, DYNAMIC_TYPE_TMP_BUFFER);
+    if (g == NULL) return;
 
-    XFREE(g->wrapped_key_rsapub2048, NULL, DYNAMIC_TYPE_TMP_BUFFER);
+    if (g->wrapped_key_aes256 != NULL)
+        g->wrapped_key_aes256 = NULL;
 
-    XFREE(g->wrapped_key_rsapri1024, NULL, DYNAMIC_TYPE_TMP_BUFFER);
+    if (g->wrapped_key_aes128 != NULL)
+        g->wrapped_key_aes128 = NULL;
+
+   #if defined(WOLFSSL_RENESAS_RSIP_CRYPTONLY)
+    if (g->wrapped_key_rsapri2048 != NULL)
+        g->wrapped_key_rsapri2048 = NULL;
 
     if (g->wrapped_key_rsapub2048 != NULL)
-        XFREE(g->wrapped_key_rsapub1024,
-                            NULL, DYNAMIC_TYPE_TMP_BUFFER);
+        g->wrapped_key_rsapub2048 = NULL;
+
+    if (g->wrapped_key_rsapri1024 != NULL)
+        g->wrapped_key_rsapri1024 = NULL;
+
+    if (g->wrapped_key_rsapub2048 != NULL)
+        g->wrapped_key_rsapub2048 = NULL;
    #endif
-   XMEMSET(g, 0, sizeof(FSPSM_ST));
 }
 #endif
 
@@ -262,9 +258,6 @@ void sce_test(void)
     benchmark_test(NULL);
     printf("End wolfCrypt Benchmark\n");
 
-    /* free */
-    Clr_CallbackCtx(&guser_PKCbInfo);
-
 #elif defined(TLS_CLIENT)
     #include "hal_data.h"
     #include "r_sce.h"
diff --git a/IDE/Renesas/e2studio/RA6M4/test/src/wolf_client.c b/IDE/Renesas/e2studio/RA6M4/test/src/wolf_client.c
index 1517e61f8..99d5f36c1 100644
--- a/IDE/Renesas/e2studio/RA6M4/test/src/wolf_client.c
+++ b/IDE/Renesas/e2studio/RA6M4/test/src/wolf_client.c
@@ -28,6 +28,7 @@
 #include "wolfssl/wolfcrypt/settings.h"
 #include "wolfssl/ssl.h"
 #include "wolfssl/certs_test.h"
+#include "wolfssl/wolfcrypt/port/Renesas/renesas-fspsm-crypt.h"
 
 uint32_t g_encrypted_root_public_key[140];
 WOLFSSL_CTX *client_ctx = NULL;
@@ -198,7 +199,6 @@ int wolfSSL_TLS_client_do(void *pvParam)
         #if !defined(TLS_MULTITHREAD_TEST)
 
         XMEMSET(&guser_PKCbInfo, 0, sizeof(FSPSM_ST));
-        guser_PKCbInfo.devId = 0;
         wc_sce_set_callback_ctx(ssl, (void*)&guser_PKCbInfo);
 
         #else
diff --git a/IDE/Renesas/e2studio/RA6M4/test/src/wolfssl_sce_unit_test.c b/IDE/Renesas/e2studio/RA6M4/test/src/wolfssl_sce_unit_test.c
index 2dedc35a8..276a66e88 100644
--- a/IDE/Renesas/e2studio/RA6M4/test/src/wolfssl_sce_unit_test.c
+++ b/IDE/Renesas/e2studio/RA6M4/test/src/wolfssl_sce_unit_test.c
@@ -37,8 +37,6 @@
 
 #include "FreeRTOS.h"
 
-static const int devId = 7890;
-
 #ifndef NO_SHA
  int sha_test();
 #endif
@@ -63,10 +61,9 @@ static byte Aes256_Cbc_multTst_rslt = 0;
 static byte Aes128_Gcm_multTst_rslt = 0;
 static byte Aes256_Gcm_multTst_rslt = 0;
 
-int sce_crypt_AesCbc_multitest();
-int sce_crypt_AesGcm_multitest();
-int sce_crypt_Sha_AesCbcGcm_multitest();
-int sce_crypt_sha_multitest();
+int sce_crypt_AesCbc_multitest(int devId);
+int sce_crypt_AesGcm_multitest(int devId);
+int sce_crypt_Sha_AesCbcGcm_multitest(int devId);
 int sce_crypt_test();
 int sce_crypt_sha256_multitest();
 void tskSha256_Test1(void *pvParam);
@@ -97,12 +94,13 @@ FSPSM_ST gCbInfo_a; /* for multi testing */
 #endif
 typedef struct tagInfo
 {
+    int devId;
     sce_aes_wrapped_key_t aes_key;
 } Info;
 
 #if defined(HAVE_AES_CBC) && defined(WOLFSSL_AES_128)
 
-static int sce_aes_cbc_test(int prnt, FSPSM_AES_PWKEY aes_key)
+static int sce_aes_cbc_test(int prnt, FSPSM_AES_PWKEY aes_key, int devId)
 {
 
     Aes  aes[1];
@@ -171,7 +169,7 @@ static void tskAes128_Cbc_Test(void *pvParam)
     Info *p = (Info*)pvParam;
 
     while (exit_loop == 0) {
-        ret = sce_aes_cbc_test(0, &p->aes_key);
+        ret = sce_aes_cbc_test(0, &p->aes_key, p->devId);
         vTaskDelay(10/portTICK_PERIOD_MS);
         if (ret != 0) {
             printf(" result was not good(%d). sce_aes_cbc_test\n", ret);
@@ -186,7 +184,7 @@ static void tskAes128_Cbc_Test(void *pvParam)
 #endif
 
 #ifdef WOLFSSL_AES_256
-static int sce_aes256_test(int prnt, FSPSM_AES_PWKEY aes_key)
+static int sce_aes256_test(int prnt, FSPSM_AES_PWKEY aes_key, int devId)
 {
     Aes enc[1];
     byte cipher[WC_AES_BLOCK_SIZE];
@@ -269,7 +267,7 @@ static void tskAes256_Cbc_Test(void *pvParam)
     Info *p = (Info*)pvParam;
 
     while (exit_loop == 0) {
-        ret = sce_aes256_test(0, &p->aes_key);
+        ret = sce_aes256_test(0, &p->aes_key, p->devId);
         vTaskDelay(10/portTICK_PERIOD_MS);
         if (ret != 0) {
             printf(" result was not good(%d). sce_aes256_test\n", ret);
@@ -284,7 +282,7 @@ static void tskAes256_Cbc_Test(void *pvParam)
 #endif /* WOLFSSL_AES_256 */
 
 #if defined(WOLFSSL_AES_256)
-static int sce_aesgcm256_test(int prnt, FSPSM_AES_PWKEY aes256_key)
+static int sce_aesgcm256_test(int prnt, FSPSM_AES_PWKEY aes256_key, int devId)
 {
     Aes enc[1];
     Aes dec[1];
@@ -451,7 +449,7 @@ static void tskAes256_Gcm_Test(void *pvParam)
     Info *p = (Info*)pvParam;
 
     while (exit_loop == 0) {
-        ret = sce_aesgcm256_test(0, &p->aes_key);
+        ret = sce_aesgcm256_test(0, &p->aes_key, p->devId);
         vTaskDelay(10/portTICK_PERIOD_MS);
         if (ret != 0) {
             printf(" result was not good(%d). sce_aesgcm256_test\n", ret);
@@ -466,7 +464,7 @@ static void tskAes256_Gcm_Test(void *pvParam)
 
 #if defined(WOLFSSL_AES_128)
 
-static int sce_aesgcm128_test(int prnt, FSPSM_AES_PWKEY aes128_key)
+static int sce_aesgcm128_test(int prnt, FSPSM_AES_PWKEY aes128_key, int devId)
 {
     Aes enc[1];
     Aes dec[1];
@@ -597,7 +595,7 @@ static void tskAes128_Gcm_Test(void *pvParam)
     Info *p = (Info*)pvParam;
 
     while (exit_loop == 0) {
-        ret = sce_aesgcm128_test(0, &p->aes_key);
+        ret = sce_aesgcm128_test(0, &p->aes_key, p->devId);
         vTaskDelay(10/portTICK_PERIOD_MS);
         if (ret != 0) {
             printf(" result was not good(%d). sce_aesgcm128_test\n", ret);
@@ -619,7 +617,7 @@ static void tskAes128_Gcm_Test(void *pvParam)
 #define TEST_STRING_SZ   25
 #define RSA_TEST_BYTES   256 /* up to 2048-bit key */
 
-static int sce_rsa_test(int prnt, int keySize)
+static int sce_rsa_test(int prnt, int keySize, int devId)
 {
     int ret = 0;
 
@@ -654,7 +652,7 @@ static int sce_rsa_test(int prnt, int keySize)
     XMEMSET(out,  0, outSz);
     XMEMSET(out2, 0, outSz);
 
-    ret = wc_InitRsaKey_ex(key, NULL, 7890/* fixed devid for TSIP/SCE*/);
+    ret = wc_InitRsaKey_ex(key, NULL, devId);
     if (ret != 0) {
         goto out;
     }
@@ -699,7 +697,7 @@ out:
     return ret;
 }
 
-static int sce_rsa_SignVerify_test(int prnt, int keySize)
+static int sce_rsa_SignVerify_test(int prnt, int keySize, int devId)
 {
     int ret = 0;
 
@@ -730,7 +728,7 @@ static int sce_rsa_SignVerify_test(int prnt, int keySize)
     XMEMCPY(in, inStr, inLen);
     XMEMCPY(in2, inStr2, inLen);
 
-    ret = wc_InitRsaKey_ex(key, NULL, 7890/* fixed devid for TSIP/SCE*/);
+    ret = wc_InitRsaKey_ex(key, NULL, devId);
     if (ret != 0) {
         goto out;
     }
@@ -781,6 +779,7 @@ static int sce_rsa_SignVerify_test(int prnt, int keySize)
 int sce_crypt_test()
 {
     int ret = 0;
+    int devId = INVALID_DEVID;
     fsp_err_t err;
 
     Clr_CallbackCtx(&gCbInfo);
@@ -798,10 +797,8 @@ int sce_crypt_test()
         /* sets wrapped rsa 1024 bits key */
         gCbInfo.wrapped_key_rsapri1024 =
                 &g_wrapped_pair_1024key.priv_key;
-        gCbInfo.keyflgs_crypt.bits.rsapri1024_installedkey_set = 1;
         gCbInfo.wrapped_key_rsapub1024 =
                 &g_wrapped_pair_1024key.pub_key;
-        gCbInfo.keyflgs_crypt.bits.rsapub1024_installedkey_set = 1;
     }
 
     err = R_SCE_RSA2048_WrappedKeyPairGenerate(&g_wrapped_pair_2048key);
@@ -809,11 +806,8 @@ int sce_crypt_test()
         /* sets wrapped rsa 1024 bits key */
         gCbInfo.wrapped_key_rsapri2048 =
                 &g_wrapped_pair_2048key.priv_key;
-        gCbInfo.keyflgs_crypt.bits.rsapri2048_installedkey_set = 1;
-
         gCbInfo.wrapped_key_rsapub2048 =
                 &g_wrapped_pair_2048key.pub_key;
-        gCbInfo.keyflgs_crypt.bits.rsapub2048_installedkey_set = 1;
     }
 
     /* Key generation for multi testing */
@@ -822,37 +816,46 @@ int sce_crypt_test()
     SCE_KeyGeneration(&gCbInfo_a);
 
     ret = wc_CryptoCb_CryptInitRenesasCmn(NULL, &gCbInfo);
-    if ( ret > 0)
-         ret = 0;
-
+    if ( ret > 0) {
+        devId = ret;
+        ret = 0;
+    }
     if (ret == 0) {
          printf(" sce_rsa_test(512)(this will be done"
               " by SW because SCE doesn't support 512 bits key size.)");
-         ret = sce_rsa_test(1, 512);
+         ret = sce_rsa_test(1, 512, devId);
          RESULT_STR(ret)
     }
 
     if (ret == 0) {
         printf(" sce_rsa_test(1024)");
-        ret = sce_rsa_test(1, 1024);
+        gCbInfo.keyflgs_crypt.bits.rsapri1024_installedkey_set = 1;
+        gCbInfo.keyflgs_crypt.bits.rsapub1024_installedkey_set = 1;
+        gCbInfo.keyflgs_crypt.bits.rsapri2048_installedkey_set = 0;
+        gCbInfo.keyflgs_crypt.bits.rsapub2048_installedkey_set = 0;
+        ret = sce_rsa_test(1, 1024, devId);
         RESULT_STR(ret)
     }
 
     if (ret == 0) {
         printf(" sce_rsa_SignVerify_test(1024)");
-        ret = sce_rsa_SignVerify_test(1, 1024);
+        ret = sce_rsa_SignVerify_test(1, 1024, devId);
         RESULT_STR(ret)
     }
 
     if (ret == 0) {
         printf(" sce_rsa_test(2048)");
-        ret = sce_rsa_test(1, 2048);
+        gCbInfo.keyflgs_crypt.bits.rsapri1024_installedkey_set = 0;
+        gCbInfo.keyflgs_crypt.bits.rsapub1024_installedkey_set = 0;
+        gCbInfo.keyflgs_crypt.bits.rsapri2048_installedkey_set = 1;
+        gCbInfo.keyflgs_crypt.bits.rsapub2048_installedkey_set = 1;
+        ret = sce_rsa_test(1, 2048, devId);
         RESULT_STR(ret)
     }
 
     if (ret == 0 && err == FSP_SUCCESS) {
         printf(" sce_rsa_SignVerify_test(2048)");
-        ret = sce_rsa_SignVerify_test(1, 2048);
+        ret = sce_rsa_SignVerify_test(1, 2048, devId);
         RESULT_STR(ret)
     }
 
@@ -861,16 +864,16 @@ int sce_crypt_test()
     ret = sha256_test();
     RESULT_STR(ret)
 #endif
-    ret = sce_aes_cbc_test(1, &g_user_aes128_key_index1);
+    ret = sce_aes_cbc_test(1, &g_user_aes128_key_index1, devId);
     if (ret == 0) {
-        ret = sce_aes256_test(1, &g_user_aes256_key_index1);
+        ret = sce_aes256_test(1, &g_user_aes256_key_index1, devId);
     }
     if (ret == 0) {
-        ret = sce_aesgcm128_test(1, &g_user_aes128_key_index1);
+        ret = sce_aesgcm128_test(1, &g_user_aes128_key_index1, devId);
     }
 
     if (ret == 0) {
-        ret = sce_aesgcm256_test(1, &g_user_aes256_key_index1);
+        ret = sce_aesgcm256_test(1, &g_user_aes256_key_index1, devId);
     }
     printf(" \n");
     if (ret == 0) {
@@ -879,22 +882,21 @@ int sce_crypt_test()
     }
     if (ret == 0) {
         printf(" multi Aes cbc thread test\n");
-        ret = sce_crypt_AesCbc_multitest();
+        ret = sce_crypt_AesCbc_multitest(devId);
     }
     if (ret == 0) {
         printf(" multi Aes Gcm thread test\n");
-        ret = sce_crypt_AesGcm_multitest();
+        ret = sce_crypt_AesGcm_multitest(devId);
     }
     if (ret == 0) {
         printf(" multi sha aescbc aesgcm thread test\n");
-        sce_crypt_Sha_AesCbcGcm_multitest();
+        sce_crypt_Sha_AesCbcGcm_multitest(devId);
     } else
         ret = -1;
 
-    #if defined(WOLFSSL_RENESAS_RSIP_CRYPTONLY)
-        Clr_CallbackCtx(&gCbInfo);
-        Clr_CallbackCtx(&gCbInfo_a);
-    #endif
+    wc_CryptoCb_CleanupRenesasCmn(&devId);
+    Clr_CallbackCtx(&gCbInfo);
+    Clr_CallbackCtx(&gCbInfo_a);
 
     return ret;
 }
@@ -952,7 +954,7 @@ int sce_crypt_sha256_multitest()
     sha256_multTst_rslt1 = 0;
     sha256_multTst_rslt2 = 0;
 
-    exit_semaph = xSemaphoreCreateCounting(num, 0);
+    exit_semaph = xSemaphoreCreateCounting((UBaseType_t)num, 0);
     xRet = pdPASS;
 
 #ifndef NO_SHA256
@@ -991,7 +993,7 @@ int sce_crypt_sha256_multitest()
 }
 
 
-int sce_crypt_AesCbc_multitest()
+int sce_crypt_AesCbc_multitest(int devId)
 {
     int ret = 0;
     int num = 0;
@@ -1012,8 +1014,12 @@ int sce_crypt_AesCbc_multitest()
     Aes128_Cbc_multTst_rslt = 0;
     Aes256_Cbc_multTst_rslt = 0;
 
-    exit_semaph = xSemaphoreCreateCounting(num, 0);
+    exit_semaph = xSemaphoreCreateCounting((UBaseType_t)num, 0);
     xRet = pdPASS;
+    info_aes1.devId = devId;
+    info_aes2.devId = devId;
+    info_aes256_1.devId = devId;
+    info_aes256_2.devId = devId;
 
 #if defined(HAVE_AES_CBC) && defined(WOLFSSL_AES_128)
     XMEMCPY(&info_aes1.aes_key, &g_user_aes128_key_index1,
@@ -1072,7 +1078,7 @@ int sce_crypt_AesCbc_multitest()
 }
 
 
-int sce_crypt_AesGcm_multitest()
+int sce_crypt_AesGcm_multitest(int devId)
 {
     int ret = 0;
     int num = 0;
@@ -1094,9 +1100,12 @@ int sce_crypt_AesGcm_multitest()
     Aes128_Gcm_multTst_rslt = 0;
     Aes256_Gcm_multTst_rslt = 0;
 
-    exit_semaph = xSemaphoreCreateCounting(num, 0);
+    exit_semaph = xSemaphoreCreateCounting((UBaseType_t)num, 0);
     xRet = pdPASS;
-
+    info_aes1.devId = devId;
+    info_aes2.devId = devId;
+    info_aes256_1.devId = devId;
+    info_aes256_2.devId = devId;
 #if defined(WOLFSSL_AES_128)
     XMEMCPY(&info_aes1.aes_key, &g_user_aes128_key_index1,
                                     sizeof(sce_aes_wrapped_key_t));
@@ -1155,7 +1164,7 @@ int sce_crypt_AesGcm_multitest()
     return ret;
 }
 
-int sce_crypt_Sha_AesCbcGcm_multitest()
+int sce_crypt_Sha_AesCbcGcm_multitest(int devId)
 {
     int ret = 0;
     int num = 0;
@@ -1185,9 +1194,12 @@ int sce_crypt_Sha_AesCbcGcm_multitest()
     Aes128_Gcm_multTst_rslt = 0;
     Aes256_Gcm_multTst_rslt = 0;
 
-    exit_semaph = xSemaphoreCreateCounting(num, 0);
+    exit_semaph = xSemaphoreCreateCounting((UBaseType_t)num, 0);
     xRet = pdPASS;
-
+    info_aes128cbc.devId = devId;
+    info_aes128gcm.devId = devId;
+    info_aes256cbc.devId = devId;
+    info_aes256gcm.devId = devId;
 #ifndef NO_SHA256
     xRet = xTaskCreate(tskSha256_Test1, "sha256_test1",
                                             STACK_SIZE, NULL, 3, NULL);
diff --git a/IDE/Renesas/e2studio/RX72N/EnvisionKit/Simple/test/src/client/simple_tls_tsip_client.c b/IDE/Renesas/e2studio/RX72N/EnvisionKit/Simple/test/src/client/simple_tls_tsip_client.c
index fb2f81c11..c5c19e549 100644
--- a/IDE/Renesas/e2studio/RX72N/EnvisionKit/Simple/test/src/client/simple_tls_tsip_client.c
+++ b/IDE/Renesas/e2studio/RX72N/EnvisionKit/Simple/test/src/client/simple_tls_tsip_client.c
@@ -32,7 +32,7 @@
 #endif
 
 #if defined(SIMPLE_TLS_TSIP_CLIENT) || defined(SIMPLE_TLS_CLIENT)
-#define SIMPLE_TLSSEVER_IP       "192.168.11.11"
+#define SIMPLE_TLSSEVER_IP       "192.168.11.6"
 #define SIMPLE_TLSSERVER_PORT    "11111"
 
 ER    t4_tcp_callback(ID cepid, FN fncd , VP p_parblk);
@@ -308,10 +308,10 @@ void wolfSSL_TLS_client( )
     #else
 
     if (ret == 0) {
-        err = wolfSSL_use_PrivateKey_buffer(ssl, client_key_der_2048,
+        ret = wolfSSL_use_PrivateKey_buffer(ssl, client_key_der_2048,
                             sizeof_client_key_der_2048, WOLFSSL_FILETYPE_ASN1);
 
-        if (err != SSL_SUCCESS) {
+        if (ret != SSL_SUCCESS) {
             printf("ERROR wolfSSL_use_PrivateKey_buffer: %d\n",
                                                 wolfSSL_get_error(ssl, 0));
             ret = -1;
diff --git a/IDE/Renesas/e2studio/RX72N/EnvisionKit/Simple/test/test.scfg b/IDE/Renesas/e2studio/RX72N/EnvisionKit/Simple/test/test.scfg
index c3b4c35b7..020dd9ef3 100644
--- a/IDE/Renesas/e2studio/RX72N/EnvisionKit/Simple/test/test.scfg
+++ b/IDE/Renesas/e2studio/RX72N/EnvisionKit/Simple/test/test.scfg
@@ -1132,9 +1132,9 @@
         <configuration inuse="true" name="r_bsp">
             <component description="依存モジュール: なし&#10;The r_bsp package provides a foundation for code to be built on top of. It provides startup code, iodefines, and MCU information for different boards. There are 2 folders that make up the r_bsp package. The 'mcu' folder contains files that are common to a MCU group. These files provide functionality such as easy register access, CPU functions, and a file named 'mcu_info.h' for each MCU group. The 'mcu_info.h' file has information about the MCU on the board and is configured based on the information given in r_bsp_config.h. The information in 'mcu_info.h' is used to help configure Renesas middleware that uses the r_bsp package. The 'board' folder has a folder with startup code for each supported board.  Which MCU and board is chosen is decided by the settings in 'platform.h'. The user can choose which board they are using by uncommenting the include path that applies to their board. For example, if you are using the RSK+RX64M then you would uncomment the #include &quot;./board/generic_rx64m/r_bsp.h&quot; include path. Users are encouraged to add their own boards to the 'board' directory. BSPs are configured by using the r_bsp_config.h file. Each board will have a reference configuration file named r_bsp_config_reference.h. The user should copy this file to their project, rename it to r_bsp_config.h, and use the options inside the file to configure the BSP for their project." detailDescription="Board Support Packages." display="r_bsp" id="r_bsp7.51" version="7.51">
                 <gridItem id="BSP_CFG_USER_STACK_ENABLE" selectedIndex="1"/>
-                <gridItem id="BSP_CFG_USTACK_BYTES" selectedIndex="0x4000"/>
+                <gridItem id="BSP_CFG_USTACK_BYTES" selectedIndex="0x2000"/>
                 <gridItem id="BSP_CFG_ISTACK_BYTES" selectedIndex="0x400"/>
-                <gridItem id="BSP_CFG_HEAP_BYTES" selectedIndex="0xf000"/>
+                <gridItem id="BSP_CFG_HEAP_BYTES" selectedIndex="0xff00"/>
                 <gridItem id="BSP_CFG_IO_LIB_ENABLE" selectedIndex="1"/>
                 <gridItem id="BSP_CFG_USER_CHARGET_ENABLED" selectedIndex="0"/>
                 <gridItem id="BSP_CFG_USER_CHARGET_FUNCTION" selectedIndex="my_sw_charget_function"/>
diff --git a/IDE/Renesas/e2studio/RZN2L/README.md b/IDE/Renesas/e2studio/RZN2L/README.md
index c53605b79..d3f417548 100644
--- a/IDE/Renesas/e2studio/RZN2L/README.md
+++ b/IDE/Renesas/e2studio/RZN2L/README.md
@@ -21,37 +21,49 @@ The example project summary is listed below and is relevant for every project.
 ### Project Summary
 |Item|Name/Version|
 |:--|:--|
+|e2Studio|2025-04.1 (25.4.1)|
 |Board|RZN2L|
 |Device|R9A07G084M08GBG|
 |Toolchain|GCC for Renesas RZ|
 |Toolchain Version|10.3.1.20210824|
-|FSP Version|1.2.0|
+|FSP Version|2.0.0|
 
 #### Selected software components
 
 |Components|Version|Note|
 |:--|:--|:--|
-|Board Support Package Common Files|v1.20||
-|I/O Port|v1.2.0||
-|Arm CMSIS Version 5 - Core (M)|v5.7.0+renesas.1||
-|Board support package for R9A07G084M04GBG|v1.2.0|Note1|
-|Board support package for RZN2L|v1.2.0||
-|Board support package for RZN2L - FSP Data|v1.2.0||
-|RSK+RZN2L Board Support Files (RAM execution without flash memory)|v1.2.0||
-|FreeRTOS - Buffer Allocation 2|v1.2.0||
-|FreeRTOS - Memory Management - Heap 4|v1.2.0||
-|FreeRTOS+TCP|v1.2.0||
-|Ethernet PHY |v1.2.0||
-|Ethernet Selector|v1.2.0||
-|Ethernet|v1.2.0||
-|Ethernet Switch|v1.2.0||
-|SCI UART|v1.2.0||
-|r_ether to FreeRTOS+TCP Wrapper|v1.2.0||
-|Renesas Secure IP Driver|v1.3.0+fsp.1.2.0|Need to contact Renesas to get RSIP module|
-|RSIP Engine for RZ/N2L|v1.3.0+fsp.1.2.0|Need to contact Renesas to get RSIP module|
+|Board Support Package Common Files|v2.0.0||
+|I/O Port|v2.0.0||
+|Arm CMSIS Version 5 - Core (M)|v5.7.0+renesas.1.fsp.2.0.0||
+|Board support package for R9A07G084M04GBG|v2.0.0|Note1|
+|Board support package for RZN2L|v2.0.0||
+|Board support package for RZN2L - FSP Data|v2.0.0||
+|RSK+RZN2L Board Support Files (xSPI0 x1 boot mode)|v2.0.0||
+|FreeRTOS - Buffer Allocation 2|v2.0.0||
+|FreeRTOS - Memory Management - Heap 4|v2.0.0||
+|FreeRTOS+TCP|v2.0.0||
+|Ethernet PHY |v2.0.0||
+|Ethernet Selector|v2.0.0||
+|Ethernet|v2.0.0||
+|Ethernet Switch|v2.0.0||
+|SCI UART|v2.0.0||
+|r_ether to FreeRTOS+TCP Wrapper|v2.0.0||
+|Renesas Secure IP Driver|v1.5.0+fsp.1.3.0||
+|RSIP Engine for RZ/N2L|v1.5.0+fsp.1.3.0||
 
 Note1:\
- To use RSIP driver, a device type should be `R9A07G084M04GBG`. However, choosing `R9A07G084M04GBG` won't allow to select `RSK+RZN2L` board. This example uses LED and external flash memory on `RSK + RZN2L` board. Therefore, the example temporary `R9A07G084M04GBG` for the device type. Updating e2studio or fsp could resolve the issue.
+ To use RSIP driver, a device type should be `R9A07G084M08GBG`. However, choosing `R9A07G084M04GBG` won't allow to select `RSK+RZN2L` board. This example uses LED and external flash memory on `RSK + RZN2L` board. Therefore, the example temporary `R9A07G084M04GBG` for the device type. Updating e2studio or fsp could resolve the issue.
+
+## Board Settings
+This example program uses `xSPI0 boot`. Therefore, the board's switch and jumper settings required to run the sample program from external flash are shown below. For details on each setting, see the Renesas Starter Kit+ for RZN2L User's Manual.
+
+|Project|SW4-1|SW4-2|SW4-3|SW4-4|SW4-7|
+|:--|:--|:--|:--|:--|:--|
+|xSPI0 boot mode|ON|ON|ON|ON|OFF|
+
+|Project|CN8|CN24|
+|:--|:--|:--|
+|xSPI0 boot mode|Short 2-3|Short2-3|
 
 ## Setup Steps and Build wolfSSL Library
 
@@ -63,7 +75,7 @@ Note1:\
 
 + Click File->New->`RZ/N C/C++ FSP Project`.
 + Enter project name `dummy_application`.
-+ Select Board: to `RSK+RZN2L (RAM execution without flash memory)`.
++ Select Board: to `RSK+RZN2L (xSPI0 x1 boot mode)`.
 + Select Device: to `R9A07G084M04GBG`. Click Next.
 + Check to `Executable`
 + Select FreeRTOS from RTOS selection. Click Finish.
@@ -93,31 +105,125 @@ Note1:\
 + Click `Generate Project Content` on FSP configuration GUI
 
 3.) Prepare UART to logging
-
-+ Download Sample package from [BACnet Start-Up](https://www.renesas.com/us/en/products/microcontrollers-microprocessors/rz-mpus/bacnet-start-rzn2l-rsk)
++ Download Example packages from [RZ/N2L Group Example program](https://www.renesas.com/us/en/document/scd/rzn2l-group-example-program?r=1622651) and unzip the archived file.
++ unzip RZN2L_RSK_sci_uart_Rev200.zip
++ unzip RZN2L_RSK_sci_uart_Rev200/basis/gcc/RZN2L_RSK_sci_uart_Rev200a.zip
++
 + Copy the following C source files from the project to src/serial_io folder of `test_RZN2L`\
-um_serial_io_uart.c\
-um_serial_io_task_writer.c\
-um_serial_io_cfg.h\
-um_common_api.h\
-um_common_cfg.h\
-um_serial_io.c\
-um_serial_io.h\
-um_serial_io_api.h\
-um_serial_io_internal.h
+sio_char.h\
+siochar.c
 
+4.) Prepare loader project
++ Download Example packages from [RZ/N2L Group Example of separating loader program and application program projects](https://www.renesas.com/en/document/scd/11691006?language=en&r=1622651) and unzip the archived file.
++ Unzip `RZN2L_loader_application\gcc\xspi0bootx1\Loader_application_projects.zip
++ Copy `RZN2L_bsp_xspi0bootx1_loader` and `RZN2L_bsp_xspi0bootx1_app` to `<wolfSSL>\IDE\Renesas\e2studio\RZN2L` folder
++ Import `RZN2L_bsp_xspi0bootx1_loader` from `e2studio`
 
-+ Open um_serial_io_task_writer.c and re-name printf to uart_printf
+## Build `test_RZN2L`
+1). Modify `fsp/src/bsp/cmsis/Device/RENESAS/Source/cr/startup_core.c`:
+ORIGINAL
+```
+BSP_TARGET_ARM BSP_ATTRIBUTE_STACKLESS void __Vectors (void)
+{
+    __asm volatile (
+        "    ldr pc,=Reset_Handler            \n"
+```
+==>
 
-3.) Build `test_RZN2L` project
+MODIFIED
+```
+BSP_TARGET_ARM BSP_ATTRIBUTE_STACKLESS void __Vectors (void)
+{
+    __asm volatile (
+#if 0
+        "    ldr pc,=Reset_Handler            \n"
+#else
+        "    ldr pc,=local_system_init        \n"
+#endif
+```
+1). Modify `fsp/src/bsp/cmsis/Device/RENESAS/Source/startup.c`:
 
-## Run `test_RZN2L`
+ORIGINAL
+```
+void SystemInit (void)
+{
+#if BSP_CFG_EARLY_INIT
+...
+#if BSP_CFG_C_RUNTIME_INIT
 
-1). Right click the project and Select menu `Debug` -> `Renesas GDB Hardware debugging`
+    /* Copy the loader data from external Flash to internal RAM. */
+    bsp_loader_data_init();
 
-2). Select J-Link ARM and R9A07G084M04
+    /* Clear loader bss section in internal RAM. */
+    bsp_loader_bss_init();
+#endif
+...
+#if !(BSP_CFG_RAM_EXECUTION)
 
-3). Break at Entry point. Change `cpsr` register value from 0xXXXXX1yy to 0xXXXXX1da
+    /* Copy the application program from external Flash to internal RAM. */
+    bsp_copy_to_ram();
+
+    /* Clear bss section in internal RAM. */
+    bsp_application_bss_init();
+#endif
+...
+}
+```
+
+==>
+
+MODIFIED
+```
+BSP_TARGET_ARM void mpu_cache_init (void)
+{
+...
+if BSP_CFG_C_RUNTIME_INIT && !defined(EXTERNAL_LOADER_APP)
+
+    /* Copy the loader data from external Flash to internal RAM. */
+    bsp_loader_data_init();
+
+    /* Clear loader bss section in internal RAM. */
+    bsp_loader_bss_init();
+#endif
+...
+#if !(BSP_CFG_RAM_EXECUTION) && !defined(EXTERNAL_LOADER_APP)
+
+    /* Copy the application program from external Flash to internal RAM. */
+    /* bsp_copy_to_ram(); */
+
+    /* Clear bss section in internal RAM. */
+    bsp_application_bss_init();
+#endif
+...
+}
+```
+2). Copy contenst of `fsp_xspi0_boot_app.ld` of `RZN2L_bsp_xspi0bootx1_app\script\` to `test_RZN2L\script\fsp_xspi0_boot.ld`
+
+3). Right click the project and Select menu `Debug` -> `Renesas GDB Hardware debugging`
+
+4). Select J-Link ARM and R9A07G084M04
+5). Build `test_RZN2L`
+
+## Build loader project
++ Modify `src/Flash_section.s`:
+
+ORIGINAL
+```
+.incbin "../../RZN2L_bsp_xspi0bootx1_app/Debug/RZN2L_bsp_xspi0bootx1_app.bin"
+```
+
+==>
+
+MODIFIED
+```
+.incbin "../../test/Debug/test_RZN2L.bin"
+```
++ Modify `Load Image and Symbol`. Open `Debug Configuration` -> Open `Startup` tab -> Replace `RZN2L_bsp_xspi0bootx1_app.elf` to `test_RZN2L.elf`
+
+## Run loader and `test_RZN2L`
++ Run the loader project
++ Loader download `test_RZN2L` binary from flash to system ram and execute it.
++ Note: It recommends to re-build the loader project when re-building `test_RZN2L`
 
 ## Run TLS 1.3 Client
 1.) Enable `WOLFSSL_TLS13` macro in `user_settings.h`
diff --git a/IDE/Renesas/e2studio/RZN2L/common/user_settings.h b/IDE/Renesas/e2studio/RZN2L/common/user_settings.h
index 345f9b150..8aa255aea 100644
--- a/IDE/Renesas/e2studio/RZN2L/common/user_settings.h
+++ b/IDE/Renesas/e2studio/RZN2L/common/user_settings.h
@@ -20,6 +20,7 @@
  */
 /* Operating Environment and Threading */
 #if defined(WOLFSSL_RENESAS_RSIP)
+    #define WOLFSSL_RENESAS_RZFSP_VER     200
     /* FSP SM stands for Flexible Software Package Security Module
     *  WOLFSSL_RENESAS_FSPSM enables fundamental code when it uses.
     *    e.g. Open/Close/Random generator
@@ -104,7 +105,9 @@
 #endif
 
 #if defined(WOLFSSL_RENESAS_RSIP_CRYPTONLY)
+    #define WOLF_CRYPTO_CB_RSA_PAD
     #define WOLFSSL_KEY_GEN
+    #define RSA_MIN_SIZE 512
 #endif
 
 int uart_printf (const char *__restrict format, ...);
@@ -112,4 +115,7 @@ int uart_printf (const char *__restrict format, ...);
 #define printf uart_printf
 
 #define TEST_SLEEP() vTaskDelay(50)
+#if defined(WOLFSSL_RENESAS_RSIP)
 #define CUSTOM_RAND_GENERATE_BLOCK wc_fspsm_GenerateRandBlock
+#endif
+
diff --git a/IDE/Renesas/e2studio/RZN2L/include.am b/IDE/Renesas/e2studio/RZN2L/include.am
index 88ccadfc7..7ffb5eebc 100644
--- a/IDE/Renesas/e2studio/RZN2L/include.am
+++ b/IDE/Renesas/e2studio/RZN2L/include.am
@@ -7,10 +7,11 @@ EXTRA_DIST+= IDE/Renesas/e2studio/RZN2L/test/.cproject
 EXTRA_DIST+= IDE/Renesas/e2studio/RZN2L/test/.project
 EXTRA_DIST+= IDE/Renesas/e2studio/RZN2L/test/src/rzn2l_tst_thread_entry.c
 EXTRA_DIST+= IDE/Renesas/e2studio/RZN2L/test/src/wolfssl_dummy.c
+EXTRA_DIST+= IDE/Renesas/e2studio/RZN2L/test/src/local_system_init.c
 EXTRA_DIST+= IDE/Renesas/e2studio/RZN2L/test/src/test/wolf_client.c
 EXTRA_DIST+= IDE/Renesas/e2studio/RZN2L/test/src/test/wolf_server.c
 EXTRA_DIST+= IDE/Renesas/e2studio/RZN2L/test/src/test/wolfssl_rsip_unit_test.c
-EXTRA_DIST+= IDE/Renesas/e2studio/RZN2L/test/src/serial_io/.gitignore
+EXTRA_DIST+= IDE/Renesas/e2studio/RZN2L/test/src/serial_io/app_print.c
 EXTRA_DIST+= IDE/Renesas/e2studio/RZN2L/test/src/wolfCrypt/.gitignore
 EXTRA_DIST+= IDE/Renesas/e2studio/RZN2L/test/src/wolfSSL/.gitignore
 EXTRA_DIST+= IDE/Renesas/e2studio/RZN2L/common/wolfssl_demo.h
diff --git a/IDE/Renesas/e2studio/RZN2L/test/.cproject b/IDE/Renesas/e2studio/RZN2L/test/.cproject
index 98caa7842..561cbf7d7 100644
--- a/IDE/Renesas/e2studio/RZN2L/test/.cproject
+++ b/IDE/Renesas/e2studio/RZN2L/test/.cproject
@@ -43,7 +43,7 @@
 							<option id="ilg.gnuarmeclipse.managedbuild.cross.option.warnings.logicalop.2133049482" name="Warn if suspicious logical ops (-Wlogical-op)" superClass="ilg.gnuarmeclipse.managedbuild.cross.option.warnings.logicalop" value="true" valueType="boolean"/>
 							<option id="ilg.gnuarmeclipse.managedbuild.cross.option.warnings.agreggatereturn.1476755314" name="Warn if struct is returned (-Wagreggate-return)" superClass="ilg.gnuarmeclipse.managedbuild.cross.option.warnings.agreggatereturn" value="true" valueType="boolean"/>
 							<option id="ilg.gnuarmeclipse.managedbuild.cross.option.warnings.floatequal.1180377769" name="Warn if floats are compared as equal (-Wfloat-equal)" superClass="ilg.gnuarmeclipse.managedbuild.cross.option.warnings.floatequal" value="true" valueType="boolean"/>
-							<option id="com.renesas.cdt.managedbuild.gcc.rz.deviceName.385566364" name="Device name" superClass="com.renesas.cdt.managedbuild.gcc.rz.deviceName" value="R9A07G084M04GBG" valueType="string"/>
+							<option id="com.renesas.cdt.managedbuild.gcc.rz.deviceName.385566364" name="Device name" superClass="com.renesas.cdt.managedbuild.gcc.rz.deviceName" value="R9A07G084M08GBG" valueType="string"/>
 							<option id="ilg.gnuarmeclipse.managedbuild.cross.option.toolchain.name.85130646" superClass="ilg.gnuarmeclipse.managedbuild.cross.option.toolchain.name" value="GNU Tools for ARM Embedded Processors" valueType="string"/>
 							<option id="ilg.gnuarmeclipse.managedbuild.cross.option.architecture.438363043" name="Architecture" superClass="ilg.gnuarmeclipse.managedbuild.cross.option.architecture" value="ilg.gnuarmeclipse.managedbuild.cross.option.architecture.arm" valueType="enumerated"/>
 							<option id="com.renesas.cdt.managedbuild.gcc.rz.option.family.734485543" name="Arm family (-mcpu)" superClass="com.renesas.cdt.managedbuild.gcc.rz.option.family" value="ilg.gnuarmeclipse.managedbuild.cross.option.arm.target.mcpu.cortex-r52" valueType="enumerated"/>
@@ -66,6 +66,7 @@
 								<option IS_BUILTIN_EMPTY="false" IS_VALUE_EMPTY="false" id="ilg.gnuarmeclipse.managedbuild.cross.option.assembler.defs.878213280" name="Defined symbols (-D)" superClass="ilg.gnuarmeclipse.managedbuild.cross.option.assembler.defs" valueType="definedSymbols">
 									<listOptionValue builtIn="false" value="_RENESAS_RZN_"/>
 									<listOptionValue builtIn="false" value="_RZN_CORE=CR52_0"/>
+									<listOptionValue builtIn="false" value="_RZN_ORDINAL=1"/>
 								</option>
 								<option IS_BUILTIN_EMPTY="false" IS_VALUE_EMPTY="false" id="com.renesas.cdt.managedbuild.gcc.rz.option.assembler.include.1404470165" name="Include paths (-I)" superClass="com.renesas.cdt.managedbuild.gcc.rz.option.assembler.include" valueType="includePath">
 									<listOptionValue builtIn="false" value="&quot;${workspace_loc:/${ProjName}/src}&quot;"/>
@@ -96,17 +97,32 @@
 									<listOptionValue builtIn="false" value="&quot;${workspace_loc:/${ProjName}/rzn/fsp/src/r_rsip/rzt2n2/private/lib/sb_lib/inc}&quot;"/>
 									<listOptionValue builtIn="false" value="&quot;${workspace_loc:/${ProjName}/rzn/fsp/src/r_rsip/rzt2n2/private/lib/otp/inc}&quot;"/>
 									<listOptionValue builtIn="false" value="&quot;${workspace_loc:/${ProjName}/rzn/fsp/src/r_rsip/rzt2n2/private/lib/rsip/inc}&quot;"/>
+									<listOptionValue builtIn="false" value="&quot;.&quot;"/>
+									<listOptionValue builtIn="false" value="&quot;${workspace_loc:/${ProjName}/rzn/fsp/src/bsp/mcu/all/cr}&quot;"/>
+									<listOptionValue builtIn="false" value="&quot;${workspace_loc:/${ProjName}/rzn/fsp/src/rm_freertos_port/ca}&quot;"/>
+									<listOptionValue builtIn="false" value="&quot;${workspace_loc:/${ProjName}/rzn/fsp/src/rm_freertos_port/cr}&quot;"/>
+									<listOptionValue builtIn="false" value="&quot;${workspace_loc:/${ProjName}/rzn/arm/CMSIS_5/CMSIS/Core_A/Include}&quot;"/>
+									<listOptionValue builtIn="false" value="&quot;${workspace_loc:/${ProjName}/rzn/fsp/src/r_rsip_protected/src/rzt_rzn/primitive}&quot;"/>
+									<listOptionValue builtIn="false" value="&quot;${workspace_loc:/${ProjName}/rzn/fsp/src/r_rsip_protected/src/rzt_rzn/private/lib/sb_lib/inc}&quot;"/>
+									<listOptionValue builtIn="false" value="&quot;${workspace_loc:/${ProjName}/rzn/fsp/src/r_rsip_protected/src/rzt_rzn/private/lib/rsip/inc}&quot;"/>
+									<listOptionValue builtIn="false" value="&quot;${workspace_loc:/${ProjName}/rzn/fsp/src/r_rsip_protected/src/rzt_rzn/private/lib/otp/inc}&quot;"/>
+									<listOptionValue builtIn="false" value="&quot;${workspace_loc:/${ProjName}/rzn/fsp/src/r_rsip_protected/src/rzt_rzn/private/lib/inc}&quot;"/>
+									<listOptionValue builtIn="false" value="&quot;${workspace_loc:/${ProjName}/rzn/fsp/src/r_rsip_protected/src/rzt_rzn/private}&quot;"/>
+									<listOptionValue builtIn="false" value="&quot;${workspace_loc:/${ProjName}/rzn/fsp/src/r_rsip_protected/src/common/primitive}&quot;"/>
+									<listOptionValue builtIn="false" value="&quot;${workspace_loc:/${ProjName}/rzn/fsp/src/r_rsip_protected/src/common/private}&quot;"/>
+									<listOptionValue builtIn="false" value="&quot;${workspace_loc:/${ProjName}/rzn/fsp/src/r_rsip_protected/src/common/public}&quot;"/>
 								</option>
 								<inputType id="ilg.gnuarmeclipse.managedbuild.cross.tool.assembler.input.920863118" superClass="ilg.gnuarmeclipse.managedbuild.cross.tool.assembler.input"/>
 							</tool>
 							<tool id="com.renesas.cdt.managedbuild.gcc.rz.tool.compilerC.15728131" name="Cross ARM C Compiler" superClass="com.renesas.cdt.managedbuild.gcc.rz.tool.compilerC">
 								<option id="ilg.gnuarmeclipse.managedbuild.cross.option.c.compiler.std.2054256250" name="Language standard" superClass="ilg.gnuarmeclipse.managedbuild.cross.option.c.compiler.std" useByScannerDiscovery="true" value="ilg.gnuarmeclipse.managedbuild.cross.option.c.compiler.std.c99" valueType="enumerated"/>
 								<option IS_BUILTIN_EMPTY="false" IS_VALUE_EMPTY="false" id="ilg.gnuarmeclipse.managedbuild.cross.option.c.compiler.defs.737680653" name="Defined symbols (-D)" superClass="ilg.gnuarmeclipse.managedbuild.cross.option.c.compiler.defs" useByScannerDiscovery="true" valueType="definedSymbols">
-									<listOptionValue builtIn="false" value="_RENESAS_RZN_"/>
+									<listOptionValue builtIn="false" value="EXTERNAL_LOADER_APP"/>
 									<listOptionValue builtIn="false" value="WOLFSSL_RENESAS_RSIP"/>
 									<listOptionValue builtIn="false" value="WOLFSSL_RENESAS_RZN2L"/>
 									<listOptionValue builtIn="false" value="WOLFSSL_USER_SETTINGS"/>
 									<listOptionValue builtIn="false" value="_RZN_CORE=CR52_0"/>
+									<listOptionValue builtIn="false" value="_RZN_ORDINAL=1"/>
 								</option>
 								<option IS_BUILTIN_EMPTY="false" IS_VALUE_EMPTY="false" id="com.renesas.cdt.managedbuild.gcc.rz.option.compiler.include.1392028571" name="Include paths (-I)" superClass="com.renesas.cdt.managedbuild.gcc.rz.option.compiler.include" useByScannerDiscovery="false" valueType="includePath">
 									<listOptionValue builtIn="false" value="&quot;${ProjDirPath}/generate&quot;"/>
@@ -142,6 +158,20 @@
 									<listOptionValue builtIn="false" value="&quot;${workspace_loc:/${ProjName}/rzn/fsp/src/r_rsip/rzt2n2/private/lib/sb_lib/inc}&quot;"/>
 									<listOptionValue builtIn="false" value="&quot;${workspace_loc:/${ProjName}/rzn/fsp/src/r_rsip/rzt2n2/private/lib/otp/inc}&quot;"/>
 									<listOptionValue builtIn="false" value="&quot;${workspace_loc:/${ProjName}/rzn/fsp/src/r_rsip/rzt2n2/private/lib/rsip/inc}&quot;"/>
+									<listOptionValue builtIn="false" value="&quot;.&quot;"/>
+									<listOptionValue builtIn="false" value="&quot;${workspace_loc:/${ProjName}/rzn/fsp/src/bsp/mcu/all/cr}&quot;"/>
+									<listOptionValue builtIn="false" value="&quot;${workspace_loc:/${ProjName}/rzn/fsp/src/rm_freertos_port/ca}&quot;"/>
+									<listOptionValue builtIn="false" value="&quot;${workspace_loc:/${ProjName}/rzn/fsp/src/rm_freertos_port/cr}&quot;"/>
+									<listOptionValue builtIn="false" value="&quot;${workspace_loc:/${ProjName}/rzn/arm/CMSIS_5/CMSIS/Core_A/Include}&quot;"/>
+									<listOptionValue builtIn="false" value="&quot;${workspace_loc:/${ProjName}/rzn/fsp/src/r_rsip_protected/src/rzt_rzn/primitive}&quot;"/>
+									<listOptionValue builtIn="false" value="&quot;${workspace_loc:/${ProjName}/rzn/fsp/src/r_rsip_protected/src/rzt_rzn/private/lib/sb_lib/inc}&quot;"/>
+									<listOptionValue builtIn="false" value="&quot;${workspace_loc:/${ProjName}/rzn/fsp/src/r_rsip_protected/src/rzt_rzn/private/lib/rsip/inc}&quot;"/>
+									<listOptionValue builtIn="false" value="&quot;${workspace_loc:/${ProjName}/rzn/fsp/src/r_rsip_protected/src/rzt_rzn/private/lib/otp/inc}&quot;"/>
+									<listOptionValue builtIn="false" value="&quot;${workspace_loc:/${ProjName}/rzn/fsp/src/r_rsip_protected/src/rzt_rzn/private/lib/inc}&quot;"/>
+									<listOptionValue builtIn="false" value="&quot;${workspace_loc:/${ProjName}/rzn/fsp/src/r_rsip_protected/src/rzt_rzn/private}&quot;"/>
+									<listOptionValue builtIn="false" value="&quot;${workspace_loc:/${ProjName}/rzn/fsp/src/r_rsip_protected/src/common/primitive}&quot;"/>
+									<listOptionValue builtIn="false" value="&quot;${workspace_loc:/${ProjName}/rzn/fsp/src/r_rsip_protected/src/common/private}&quot;"/>
+									<listOptionValue builtIn="false" value="&quot;${workspace_loc:/${ProjName}/rzn/fsp/src/r_rsip_protected/src/common/public}&quot;"/>
 								</option>
 								<inputType id="ilg.gnuarmeclipse.managedbuild.cross.tool.c.compiler.input.1188589179" superClass="ilg.gnuarmeclipse.managedbuild.cross.tool.c.compiler.input"/>
 							</tool>
@@ -154,7 +184,7 @@
 								<option id="ilg.gnuarmeclipse.managedbuild.cross.option.c.linker.usenewlibnano.1707323954" name="Use newlib-nano (--specs=nano.specs)" superClass="ilg.gnuarmeclipse.managedbuild.cross.option.c.linker.usenewlibnano" value="true" valueType="boolean"/>
 								<option id="com.renesas.cdt.managedbuild.gcc.rz.option.linker.entrypoint.2121320154" name="Entry Point:" superClass="com.renesas.cdt.managedbuild.gcc.rz.option.linker.entrypoint" value="-Wl,-esystem_init" valueType="string"/>
 								<option IS_BUILTIN_EMPTY="false" IS_VALUE_EMPTY="false" id="com.renesas.cdt.managedbuild.gcc.rz.option.linkerscript.35544828" name="Script files (-T)" superClass="com.renesas.cdt.managedbuild.gcc.rz.option.linkerscript" valueType="stringList">
-									<listOptionValue builtIn="false" value="&quot;fsp_ram_execution.ld&quot;"/>
+									<listOptionValue builtIn="false" value="&quot;fsp_xspi0_boot.ld&quot;"/>
 								</option>
 								<option IS_BUILTIN_EMPTY="false" IS_VALUE_EMPTY="false" id="com.renesas.cdt.managedbuild.gcc.rz.archives.userIncludePath.1169036561" name="User defined archive search directories (-L)" superClass="com.renesas.cdt.managedbuild.gcc.rz.archives.userIncludePath" valueType="stringList">
 									<listOptionValue builtIn="false" value="&quot;${workspace_loc:/${ProjName}}/script&quot;"/>
@@ -436,6 +466,7 @@
 								<option IS_BUILTIN_EMPTY="false" IS_VALUE_EMPTY="true" id="com.renesas.cdt.managedbuild.gcc.rz.archives.includeFiles.1438841261" name="Standard archive (library) files (-l)" superClass="com.renesas.cdt.managedbuild.gcc.rz.archives.includeFiles" valueType="stringList"/>
 								<option id="ilg.gnuarmeclipse.managedbuild.cross.option.c.linker.usenewlibnosys.1028106860" name="Do not use syscalls (--specs=nosys.specs)" superClass="ilg.gnuarmeclipse.managedbuild.cross.option.c.linker.usenewlibnosys" value="false" valueType="boolean"/>
 								<option id="ilg.gnuarmeclipse.managedbuild.cross.option.c.linker.useprintffloat.584424940" name="Use float with nano printf (-u _printf_float)" superClass="ilg.gnuarmeclipse.managedbuild.cross.option.c.linker.useprintffloat" value="false" valueType="boolean"/>
+								<option id="com.renesas.cdt.managedbuild.gcc.rz.option.linker.usenewlibnano.2085931869" name="Use newlib-nano (--specs=nano.specs)" superClass="com.renesas.cdt.managedbuild.gcc.rz.option.linker.usenewlibnano" value="true" valueType="boolean"/>
 								<inputType id="com.renesas.cdt.managedbuild.gcc.rz.inputType.linker.c.1165207646" superClass="com.renesas.cdt.managedbuild.gcc.rz.inputType.linker.c">
 									<additionalInput kind="additionalinputdependency" paths="$(USER_OBJS)"/>
 									<additionalInput kind="additionalinputdependency" paths="$(LIBRARY_GENERATOR_OUTPUTTYPE_OUTPUTS)"/>
@@ -448,12 +479,16 @@
 								<option id="ilg.gnuarmeclipse.managedbuild.cross.option.cpp.linker.usenewlibnano.1744364271" name="Use newlib-nano (--specs=nano.specs)" superClass="ilg.gnuarmeclipse.managedbuild.cross.option.cpp.linker.usenewlibnano" value="true" valueType="boolean"/>
 								<option id="com.renesas.cdt.managedbuild.gcc.rz.option.linker.cpp.entrypoint.1291406965" name="Entry Point:" superClass="com.renesas.cdt.managedbuild.gcc.rz.option.linker.cpp.entrypoint" value="-Wl,-esystem_init" valueType="string"/>
 								<option IS_BUILTIN_EMPTY="false" IS_VALUE_EMPTY="false" id="com.renesas.cdt.managedbuild.gcc.rz.option.cpp.linkerscript.310553223" name="Script files (-T)" superClass="com.renesas.cdt.managedbuild.gcc.rz.option.cpp.linkerscript" valueType="stringList">
-									<listOptionValue builtIn="false" value="&quot;fsp_ram_execution.ld&quot;"/>
+									<listOptionValue builtIn="false" value="&quot;fsp_xspi0_boot.ld&quot;"/>
 								</option>
+								<option id="com.renesas.cdt.managedbuild.gcc.rz.option.linker.cpp.usenewlibnano.803193311" name="Use newlib-nano (--specs=nano.specs)" superClass="com.renesas.cdt.managedbuild.gcc.rz.option.linker.cpp.usenewlibnano" value="true" valueType="boolean"/>
 							</tool>
 							<tool id="com.renesas.cdt.managedbuild.gcc.rz.tool.archiver.1683309259" name="Cross ARM GNU Archiver" superClass="com.renesas.cdt.managedbuild.gcc.rz.tool.archiver"/>
 							<tool id="com.renesas.cdt.managedbuild.gcc.rz.tool.flash.495323055" name="Cross ARM GNU Create Flash Image" superClass="com.renesas.cdt.managedbuild.gcc.rz.tool.flash">
-								<option id="com.renesas.cdt.managedbuild.gcc.rz.option.flash.choice.1427749577" name="Output file format (-O)" superClass="com.renesas.cdt.managedbuild.gcc.rz.option.flash.choice" value="ilg.gnuarmeclipse.managedbuild.cross.option.createflash.choice.srec" valueType="enumerated"/>
+								<option id="com.renesas.cdt.managedbuild.gcc.rz.option.flash.choice.1427749577" name="Output file format (-O)" superClass="com.renesas.cdt.managedbuild.gcc.rz.option.flash.choice" value="ilg.gnuarmeclipse.managedbuild.cross.option.createflash.choice.binary" valueType="enumerated"/>
+								<option IS_BUILTIN_EMPTY="false" IS_VALUE_EMPTY="false" id="com.renesas.cdt.managedbuild.gcc.rz.option.flash.other.182390017" name="Other flags" superClass="com.renesas.cdt.managedbuild.gcc.rz.option.flash.other" valueType="stringList">
+									<listOptionValue builtIn="false" value="--gap-fill 0xff"/>
+								</option>
 							</tool>
 							<tool id="com.renesas.cdt.managedbuild.gcc.rz.tool.listing.1833581304" name="Cross ARM GNU Create Listing" superClass="com.renesas.cdt.managedbuild.gcc.rz.tool.listing">
 								<option id="ilg.gnuarmeclipse.managedbuild.cross.option.createlisting.source.421010994" name="Display source (--source|-S)" superClass="ilg.gnuarmeclipse.managedbuild.cross.option.createlisting.source" value="true" valueType="boolean"/>
@@ -784,7 +819,7 @@
 							<option id="ilg.gnuarmeclipse.managedbuild.cross.option.warnings.logicalop.926371065" name="Warn if suspicious logical ops (-Wlogical-op)" superClass="ilg.gnuarmeclipse.managedbuild.cross.option.warnings.logicalop" value="true" valueType="boolean"/>
 							<option id="ilg.gnuarmeclipse.managedbuild.cross.option.warnings.agreggatereturn.1328296477" name="Warn if struct is returned (-Wagreggate-return)" superClass="ilg.gnuarmeclipse.managedbuild.cross.option.warnings.agreggatereturn" value="true" valueType="boolean"/>
 							<option id="ilg.gnuarmeclipse.managedbuild.cross.option.warnings.floatequal.1500121997" name="Warn if floats are compared as equal (-Wfloat-equal)" superClass="ilg.gnuarmeclipse.managedbuild.cross.option.warnings.floatequal" value="true" valueType="boolean"/>
-							<option id="com.renesas.cdt.managedbuild.gcc.rz.deviceName.1664475593" name="Device name" superClass="com.renesas.cdt.managedbuild.gcc.rz.deviceName" value="R9A07G084M04GBG" valueType="string"/>
+							<option id="com.renesas.cdt.managedbuild.gcc.rz.deviceName.1664475593" name="Device name" superClass="com.renesas.cdt.managedbuild.gcc.rz.deviceName" value="R9A07G084M08GBG" valueType="string"/>
 							<option id="ilg.gnuarmeclipse.managedbuild.cross.option.toolchain.name.75533497" superClass="ilg.gnuarmeclipse.managedbuild.cross.option.toolchain.name" value="GNU Tools for ARM Embedded Processors" valueType="string"/>
 							<option id="ilg.gnuarmeclipse.managedbuild.cross.option.architecture.349814325" name="Architecture" superClass="ilg.gnuarmeclipse.managedbuild.cross.option.architecture" value="ilg.gnuarmeclipse.managedbuild.cross.option.architecture.arm" valueType="enumerated"/>
 							<option id="com.renesas.cdt.managedbuild.gcc.rz.option.family.2115333421" name="Arm family (-mcpu)" superClass="com.renesas.cdt.managedbuild.gcc.rz.option.family" value="ilg.gnuarmeclipse.managedbuild.cross.option.arm.target.mcpu.cortex-r52" valueType="enumerated"/>
@@ -807,6 +842,7 @@
 								<option IS_BUILTIN_EMPTY="false" IS_VALUE_EMPTY="false" id="ilg.gnuarmeclipse.managedbuild.cross.option.assembler.defs.305259748" name="Defined symbols (-D)" superClass="ilg.gnuarmeclipse.managedbuild.cross.option.assembler.defs" valueType="definedSymbols">
 									<listOptionValue builtIn="false" value="_RENESAS_RZN_"/>
 									<listOptionValue builtIn="false" value="_RZN_CORE=CR52_0"/>
+									<listOptionValue builtIn="false" value="_RZN_ORDINAL=1"/>
 								</option>
 								<option IS_BUILTIN_EMPTY="false" IS_VALUE_EMPTY="false" id="com.renesas.cdt.managedbuild.gcc.rz.option.assembler.include.1749182888" name="Include paths (-I)" superClass="com.renesas.cdt.managedbuild.gcc.rz.option.assembler.include" valueType="includePath">
 									<listOptionValue builtIn="false" value="&quot;${workspace_loc:/${ProjName}/src}&quot;"/>
@@ -837,6 +873,20 @@
 									<listOptionValue builtIn="false" value="&quot;${workspace_loc:/${ProjName}/rzn/fsp/src/r_rsip/rzt2n2/private/lib/sb_lib/inc}&quot;"/>
 									<listOptionValue builtIn="false" value="&quot;${workspace_loc:/${ProjName}/rzn/fsp/src/r_rsip/rzt2n2/private/lib/otp/inc}&quot;"/>
 									<listOptionValue builtIn="false" value="&quot;${workspace_loc:/${ProjName}/rzn/fsp/src/r_rsip/rzt2n2/private/lib/rsip/inc}&quot;"/>
+									<listOptionValue builtIn="false" value="&quot;.&quot;"/>
+									<listOptionValue builtIn="false" value="&quot;${workspace_loc:/${ProjName}/rzn/fsp/src/bsp/mcu/all/cr}&quot;"/>
+									<listOptionValue builtIn="false" value="&quot;${workspace_loc:/${ProjName}/rzn/fsp/src/rm_freertos_port/ca}&quot;"/>
+									<listOptionValue builtIn="false" value="&quot;${workspace_loc:/${ProjName}/rzn/fsp/src/rm_freertos_port/cr}&quot;"/>
+									<listOptionValue builtIn="false" value="&quot;${workspace_loc:/${ProjName}/rzn/arm/CMSIS_5/CMSIS/Core_A/Include}&quot;"/>
+									<listOptionValue builtIn="false" value="&quot;${workspace_loc:/${ProjName}/rzn/fsp/src/r_rsip_protected/src/rzt_rzn/primitive}&quot;"/>
+									<listOptionValue builtIn="false" value="&quot;${workspace_loc:/${ProjName}/rzn/fsp/src/r_rsip_protected/src/rzt_rzn/private/lib/sb_lib/inc}&quot;"/>
+									<listOptionValue builtIn="false" value="&quot;${workspace_loc:/${ProjName}/rzn/fsp/src/r_rsip_protected/src/rzt_rzn/private/lib/rsip/inc}&quot;"/>
+									<listOptionValue builtIn="false" value="&quot;${workspace_loc:/${ProjName}/rzn/fsp/src/r_rsip_protected/src/rzt_rzn/private/lib/otp/inc}&quot;"/>
+									<listOptionValue builtIn="false" value="&quot;${workspace_loc:/${ProjName}/rzn/fsp/src/r_rsip_protected/src/rzt_rzn/private/lib/inc}&quot;"/>
+									<listOptionValue builtIn="false" value="&quot;${workspace_loc:/${ProjName}/rzn/fsp/src/r_rsip_protected/src/rzt_rzn/private}&quot;"/>
+									<listOptionValue builtIn="false" value="&quot;${workspace_loc:/${ProjName}/rzn/fsp/src/r_rsip_protected/src/common/primitive}&quot;"/>
+									<listOptionValue builtIn="false" value="&quot;${workspace_loc:/${ProjName}/rzn/fsp/src/r_rsip_protected/src/common/private}&quot;"/>
+									<listOptionValue builtIn="false" value="&quot;${workspace_loc:/${ProjName}/rzn/fsp/src/r_rsip_protected/src/common/public}&quot;"/>
 								</option>
 								<inputType id="ilg.gnuarmeclipse.managedbuild.cross.tool.assembler.input.456671311" superClass="ilg.gnuarmeclipse.managedbuild.cross.tool.assembler.input"/>
 							</tool>
@@ -845,6 +895,7 @@
 								<option IS_BUILTIN_EMPTY="false" IS_VALUE_EMPTY="false" id="ilg.gnuarmeclipse.managedbuild.cross.option.c.compiler.defs.856881917" name="Defined symbols (-D)" superClass="ilg.gnuarmeclipse.managedbuild.cross.option.c.compiler.defs" useByScannerDiscovery="true" valueType="definedSymbols">
 									<listOptionValue builtIn="false" value="_RENESAS_RZN_"/>
 									<listOptionValue builtIn="false" value="_RZN_CORE=CR52_0"/>
+									<listOptionValue builtIn="false" value="_RZN_ORDINAL=1"/>
 								</option>
 								<option IS_BUILTIN_EMPTY="false" IS_VALUE_EMPTY="false" id="com.renesas.cdt.managedbuild.gcc.rz.option.compiler.include.1411892430" name="Include paths (-I)" superClass="com.renesas.cdt.managedbuild.gcc.rz.option.compiler.include" useByScannerDiscovery="false" valueType="includePath">
 									<listOptionValue builtIn="false" value="&quot;${ProjDirPath}/generate&quot;"/>
@@ -877,6 +928,20 @@
 									<listOptionValue builtIn="false" value="&quot;${workspace_loc:/${ProjName}/rzn/fsp/src/r_rsip/rzt2n2/private/lib/sb_lib/inc}&quot;"/>
 									<listOptionValue builtIn="false" value="&quot;${workspace_loc:/${ProjName}/rzn/fsp/src/r_rsip/rzt2n2/private/lib/otp/inc}&quot;"/>
 									<listOptionValue builtIn="false" value="&quot;${workspace_loc:/${ProjName}/rzn/fsp/src/r_rsip/rzt2n2/private/lib/rsip/inc}&quot;"/>
+									<listOptionValue builtIn="false" value="&quot;.&quot;"/>
+									<listOptionValue builtIn="false" value="&quot;${workspace_loc:/${ProjName}/rzn/fsp/src/bsp/mcu/all/cr}&quot;"/>
+									<listOptionValue builtIn="false" value="&quot;${workspace_loc:/${ProjName}/rzn/fsp/src/rm_freertos_port/ca}&quot;"/>
+									<listOptionValue builtIn="false" value="&quot;${workspace_loc:/${ProjName}/rzn/fsp/src/rm_freertos_port/cr}&quot;"/>
+									<listOptionValue builtIn="false" value="&quot;${workspace_loc:/${ProjName}/rzn/arm/CMSIS_5/CMSIS/Core_A/Include}&quot;"/>
+									<listOptionValue builtIn="false" value="&quot;${workspace_loc:/${ProjName}/rzn/fsp/src/r_rsip_protected/src/rzt_rzn/primitive}&quot;"/>
+									<listOptionValue builtIn="false" value="&quot;${workspace_loc:/${ProjName}/rzn/fsp/src/r_rsip_protected/src/rzt_rzn/private/lib/sb_lib/inc}&quot;"/>
+									<listOptionValue builtIn="false" value="&quot;${workspace_loc:/${ProjName}/rzn/fsp/src/r_rsip_protected/src/rzt_rzn/private/lib/rsip/inc}&quot;"/>
+									<listOptionValue builtIn="false" value="&quot;${workspace_loc:/${ProjName}/rzn/fsp/src/r_rsip_protected/src/rzt_rzn/private/lib/otp/inc}&quot;"/>
+									<listOptionValue builtIn="false" value="&quot;${workspace_loc:/${ProjName}/rzn/fsp/src/r_rsip_protected/src/rzt_rzn/private/lib/inc}&quot;"/>
+									<listOptionValue builtIn="false" value="&quot;${workspace_loc:/${ProjName}/rzn/fsp/src/r_rsip_protected/src/rzt_rzn/private}&quot;"/>
+									<listOptionValue builtIn="false" value="&quot;${workspace_loc:/${ProjName}/rzn/fsp/src/r_rsip_protected/src/common/primitive}&quot;"/>
+									<listOptionValue builtIn="false" value="&quot;${workspace_loc:/${ProjName}/rzn/fsp/src/r_rsip_protected/src/common/private}&quot;"/>
+									<listOptionValue builtIn="false" value="&quot;${workspace_loc:/${ProjName}/rzn/fsp/src/r_rsip_protected/src/common/public}&quot;"/>
 								</option>
 								<inputType id="ilg.gnuarmeclipse.managedbuild.cross.tool.c.compiler.input.179835817" superClass="ilg.gnuarmeclipse.managedbuild.cross.tool.c.compiler.input"/>
 							</tool>
@@ -889,11 +954,12 @@
 								<option id="ilg.gnuarmeclipse.managedbuild.cross.option.c.linker.usenewlibnano.2140522055" name="Use newlib-nano (--specs=nano.specs)" superClass="ilg.gnuarmeclipse.managedbuild.cross.option.c.linker.usenewlibnano" value="true" valueType="boolean"/>
 								<option id="com.renesas.cdt.managedbuild.gcc.rz.option.linker.entrypoint.2072792159" name="Entry Point:" superClass="com.renesas.cdt.managedbuild.gcc.rz.option.linker.entrypoint" value="-Wl,-esystem_init" valueType="string"/>
 								<option IS_BUILTIN_EMPTY="false" IS_VALUE_EMPTY="false" id="com.renesas.cdt.managedbuild.gcc.rz.option.linkerscript.1599876065" name="Script files (-T)" superClass="com.renesas.cdt.managedbuild.gcc.rz.option.linkerscript" valueType="stringList">
-									<listOptionValue builtIn="false" value="&quot;fsp_ram_execution.ld&quot;"/>
+									<listOptionValue builtIn="false" value="&quot;fsp_xspi0_boot.ld&quot;"/>
 								</option>
 								<option IS_BUILTIN_EMPTY="false" IS_VALUE_EMPTY="false" id="com.renesas.cdt.managedbuild.gcc.rz.archives.userIncludePath.1202803303" name="User defined archive search directories (-L)" superClass="com.renesas.cdt.managedbuild.gcc.rz.archives.userIncludePath" valueType="stringList">
 									<listOptionValue builtIn="false" value="&quot;${workspace_loc:/${ProjName}}/script&quot;"/>
 								</option>
+								<option id="com.renesas.cdt.managedbuild.gcc.rz.option.linker.usenewlibnano.885232888" name="Use newlib-nano (--specs=nano.specs)" superClass="com.renesas.cdt.managedbuild.gcc.rz.option.linker.usenewlibnano" value="true" valueType="boolean"/>
 								<inputType id="com.renesas.cdt.managedbuild.gcc.rz.inputType.linker.c.899703779" superClass="com.renesas.cdt.managedbuild.gcc.rz.inputType.linker.c">
 									<additionalInput kind="additionalinputdependency" paths="$(USER_OBJS)"/>
 									<additionalInput kind="additionalinputdependency" paths="$(LIBRARY_GENERATOR_OUTPUTTYPE_OUTPUTS)"/>
@@ -906,8 +972,9 @@
 								<option id="ilg.gnuarmeclipse.managedbuild.cross.option.cpp.linker.usenewlibnano.1225392189" name="Use newlib-nano (--specs=nano.specs)" superClass="ilg.gnuarmeclipse.managedbuild.cross.option.cpp.linker.usenewlibnano" value="true" valueType="boolean"/>
 								<option id="com.renesas.cdt.managedbuild.gcc.rz.option.linker.cpp.entrypoint.827697822" name="Entry Point:" superClass="com.renesas.cdt.managedbuild.gcc.rz.option.linker.cpp.entrypoint" value="-Wl,-esystem_init" valueType="string"/>
 								<option IS_BUILTIN_EMPTY="false" IS_VALUE_EMPTY="false" id="com.renesas.cdt.managedbuild.gcc.rz.option.cpp.linkerscript.963403495" name="Script files (-T)" superClass="com.renesas.cdt.managedbuild.gcc.rz.option.cpp.linkerscript" valueType="stringList">
-									<listOptionValue builtIn="false" value="&quot;fsp_ram_execution.ld&quot;"/>
+									<listOptionValue builtIn="false" value="&quot;fsp_xspi0_boot.ld&quot;"/>
 								</option>
+								<option id="com.renesas.cdt.managedbuild.gcc.rz.option.linker.cpp.usenewlibnano.1785719899" name="Use newlib-nano (--specs=nano.specs)" superClass="com.renesas.cdt.managedbuild.gcc.rz.option.linker.cpp.usenewlibnano" value="true" valueType="boolean"/>
 							</tool>
 							<tool id="com.renesas.cdt.managedbuild.gcc.rz.tool.archiver.1356408537" name="Cross ARM GNU Archiver" superClass="com.renesas.cdt.managedbuild.gcc.rz.tool.archiver"/>
 							<tool id="com.renesas.cdt.managedbuild.gcc.rz.tool.flash.1736780445" name="Cross ARM GNU Create Flash Image" superClass="com.renesas.cdt.managedbuild.gcc.rz.tool.flash">
diff --git a/IDE/Renesas/e2studio/RZN2L/test/script/fsp_ram_execution.ld b/IDE/Renesas/e2studio/RZN2L/test/script/fsp_ram_execution.ld
deleted file mode 100644
index 8f373e0a2..000000000
--- a/IDE/Renesas/e2studio/RZN2L/test/script/fsp_ram_execution.ld
+++ /dev/null
@@ -1,243 +0,0 @@
-/*
-                  Linker File for Renesas RZ/N2L FSP
-*/
-
-MEMORY
-{
-    ATCM : ORIGIN = 0x00000000, LENGTH = 0x00020000
-    BTCM : ORIGIN = 0x00100000, LENGTH = 0x00020000
-    SYSTEM_RAM : ORIGIN = 0x10000000, LENGTH = 0x00180000
-    SYSTEM_RAM_MIRROR : ORIGIN = 0x30000000, LENGTH = 0x00180000
-    xSPI0_CS0_SPACE_MIRROR : ORIGIN = 0x40000000, LENGTH = 0x04000000
-    xSPI0_CS1_SPACE_MIRROR : ORIGIN = 0x44000000, LENGTH = 0x04000000
-    xSPI1_CS0_SPACE_MIRROR : ORIGIN = 0x48000000, LENGTH = 0x04000000
-    xSPI1_CS1_SPACE_MIRROR : ORIGIN = 0x4C000000, LENGTH = 0x04000000
-    CS0_SPACE_MIRROR : ORIGIN = 0x50000000, LENGTH = 0x04000000
-    CS2_SPACE_MIRROR : ORIGIN = 0x54000000, LENGTH = 0x04000000
-    CS3_SPACE_MIRROR : ORIGIN = 0x58000000, LENGTH = 0x04000000
-    CS5_SPACE_MIRROR : ORIGIN = 0x5C000000, LENGTH = 0x04000000
-    xSPI0_CS0_SPACE : ORIGIN = 0x60000000, LENGTH = 0x04000000
-    xSPI0_CS1_SPACE : ORIGIN = 0x64000000, LENGTH = 0x04000000
-    xSPI1_CS0_SPACE : ORIGIN = 0x68000000, LENGTH = 0x04000000
-    xSPI1_CS1_SPACE : ORIGIN = 0x6C000000, LENGTH = 0x04000000
-    CS0_SPACE : ORIGIN = 0x70000000, LENGTH = 0x04000000
-    CS2_SPACE : ORIGIN = 0x74000000, LENGTH = 0x04000000
-    CS3_SPACE : ORIGIN = 0x78000000, LENGTH = 0x04000000
-    CS5_SPACE : ORIGIN = 0x7C000000, LENGTH = 0x04000000
-}
-
-SECTIONS
-{
-    .loader_text 0x00102000 : AT (0x00102000)
-    {
-        *(.loader_text)
-        */fsp/src/bsp/cmsis/Device/RENESAS/Source/*.o(.text*)
-        */fsp/src/bsp/mcu/all/bsp_clocks.o(.text*)
-        */fsp/src/bsp/mcu/all/bsp_irq.o(.text*)
-        */fsp/src/bsp/mcu/all/bsp_register_protection.o(.text*)
-        */fsp/src/r_ioport/r_ioport.o(.text*)
-        KEEP(*(.warm_start))
-    } > BTCM
-    .loader_data :
-    {
-        */fsp/src/bsp/cmsis/Device/RENESAS/Source/*.o(.data*)
-        */fsp/src/bsp/mcu/all/bsp_clocks.o(.data*)
-        */fsp/src/bsp/mcu/all/bsp_irq.o(.data*)
-        */fsp/src/bsp/mcu/all/bsp_register_protection.o(.data*)
-        */fsp/src/r_ioport/r_ioport.o(.data*)
-        __loader_bss_start = .;
-        */fsp/src/bsp/cmsis/Device/RENESAS/Source/*.o(.bss*)
-        */fsp/src/bsp/mcu/all/bsp_clocks.o(.bss*)
-        */fsp/src/bsp/mcu/all/bsp_irq.o(.bss*)
-        */fsp/src/bsp/mcu/all/bsp_register_protection.o(.bss*)
-        */fsp/src/r_ioport/r_ioport.o(.bss*)
-        */fsp/src/bsp/cmsis/Device/RENESAS/Source/*.o(COMMON)
-        */fsp/src/bsp/mcu/all/bsp_clocks.o(COMMON)
-        */fsp/src/bsp/mcu/all/bsp_irq.o(COMMON)
-        */fsp/src/bsp/mcu/all/bsp_register_protection.o(.COMMON)
-        */fsp/src/r_ioport/r_ioport.o(.COMMON)
-        __loader_bss_end = . ;
-    } > BTCM
-    .intvec 0x00000000 : AT (0x00000000)
-    {
-        _fvector_start = .;
-        KEEP(*(.intvec))
-        _fvector_end = .;
-    } > ATCM
-    .text 0x30000000 : AT (0x30000000)
-    {
-        _text_start = .;
-        *(.text*)
-
-        KEEP(*(.init))
-        KEEP(*(.fini))
-
-        /* .ctors */
-        *crtbegin.o(.ctors)
-        *crtbegin?.o(.ctors)
-        *(EXCLUDE_FILE(*crtend?.o *crtend.o) .ctors)
-        *(SORT(.ctors.*))
-        *(.ctors)
-        _ctor_end = .;
-
-        /* .dtors */
-        *crtbegin.o(.dtors)
-        *crtbegin?.o(.dtors)
-        *(EXCLUDE_FILE(*crtend?.o *crtend.o) .dtors)
-        *(SORT(.dtors.*))
-        *(.dtors)
-        _dtor_end = .;
-
-        *(.rodata*)
-        _erodata = .;
-        KEEP(*(.eh_frame*))
-    } > SYSTEM_RAM_MIRROR
-    .rvectors :
-    {
-        _rvectors_start = .;
-        KEEP(*(.rvectors))
-        _rvectors_end = .;
-    } > SYSTEM_RAM_MIRROR
-    .ARM.extab :
-    {
-        *(.ARM.extab* .gnu.linkonce.armextab.*)
-    } > SYSTEM_RAM_MIRROR
-    __exidx_start = .;
-    .ARM.exidx :
-    {
-        *(.ARM.exidx* .gnu.linkonce.armexidx.*)
-    } > SYSTEM_RAM_MIRROR
-    __exidx_end = .;
-    .got :
-    {
-        *(.got)
-        *(.got.plt)
-        _text_end = .;
-    } > SYSTEM_RAM_MIRROR
-    .data :
-    {
-        _data_start = .;
-
-        *(vtable)
-        *(.data.*)
-        *(.data)
-
-        . = ALIGN(4);
-        /* preinit data */
-        PROVIDE_HIDDEN (__preinit_array_start = .);
-        KEEP(*(.preinit_array))
-        PROVIDE_HIDDEN (__preinit_array_end = .);
-
-        . = ALIGN(4);
-        /* init data */
-        PROVIDE_HIDDEN (__init_array_start = .);
-        KEEP(*(SORT(.init_array.*)))
-        KEEP(*(.init_array))
-        PROVIDE_HIDDEN (__init_array_end = .);
-
-        . = ALIGN(4);
-        /* finit data */
-        PROVIDE_HIDDEN (__fini_array_start = .);
-        KEEP(*(SORT(.fini_array.*)))
-        KEEP(*(.fini_array))
-        PROVIDE_HIDDEN (__fini_array_end = .);
-
-        KEEP(*(.jcr*))
-
-        . = ALIGN(4);
-
-        /* All data end */
-        _data_end = .;
-    } > SYSTEM_RAM_MIRROR
-    .bss :
-    {
-        . = ALIGN(4);
-        __bss_start__ = .;
-        _bss = .;
-        *(.bss*)
-        *(COMMON)
-        . = ALIGN(4);
-        __bss_end__ = .;
-        _ebss = .;
-        _end = .;
-    } > SYSTEM_RAM_MIRROR
-    .heap (NOLOAD) :
-    {
-        . = ALIGN(8);
-        __HeapBase = .;
-        /* Place the STD heap here. */
-        KEEP(*(.heap))
-        __HeapLimit = .;
-    } > SYSTEM_RAM_MIRROR
-    .thread_stack (NOLOAD):
-    {
-        . = ALIGN(8);
-        __ThreadStackBase = .;
-        /* Place the Thread stacks here. */
-        KEEP(*(.stack*))
-        __ThreadStackLimit = .;
-    } > SYSTEM_RAM_MIRROR
-    .sys_stack (NOLOAD) :
-    {
-        . = ALIGN(8);
-        __SysStackBase = .;
-        /* Place the sys_stack here. */
-        KEEP(*(.sys_stack))
-        __SysStackLimit = .;
-    } > BTCM
-    .svc_stack (NOLOAD) :
-    {
-        . = ALIGN(8);
-        __SvcStackBase = .;
-        /* Place the svc_stack here. */
-        KEEP(*(.svc_stack))
-        __SvcStackLimit = .;
-    } > BTCM
-    .irq_stack (NOLOAD) :
-    {
-        . = ALIGN(8);
-        __IrqStackBase = .;
-        /* Place the irq_stack here. */
-        KEEP(*(.irq_stack))
-        __IrqStackLimit = .;
-    } > BTCM
-    .fiq_stack (NOLOAD) :
-    {
-        . = ALIGN(8);
-        __FiqStackBase = .;
-        /* Place the fiq_stack here. */
-        KEEP(*(.fiq_stack))
-        __FiqStackLimit = .;
-    } > BTCM
-    .und_stack (NOLOAD) :
-    {
-        . = ALIGN(8);
-        __UndStackBase = .;
-        /* Place the und_stack here. */
-        KEEP(*(.und_stack))
-        __UndStackLimit = .;
-    } > BTCM
-    .abt_stack (NOLOAD) :
-    {
-        . = ALIGN(8);
-        __AbtStackBase = .;
-        /* Place the abt_stack here. */
-        KEEP(*(.abt_stack))
-        __AbtStackLimit = .;
-    } > BTCM
-    .shared_noncache_buffer 0x300C0000 : AT (0x300C0000)
-    {
-        . = ALIGN(32);
-        _sncbuffer_start = .;
-        KEEP(*(.shared_noncache_buffer*))
-        _sncbuffer_end = .;
-    } > SYSTEM_RAM_MIRROR
-    .noncache_buffer 0x30100000 : AT (0x30100000)
-    {
-        . = ALIGN(32);
-        _ncbuffer_start = .;
-        KEEP(*(.noncache_buffer*))
-        _ncbuffer_end = .;
-    } > SYSTEM_RAM_MIRROR
-}
-
diff --git a/IDE/Renesas/e2studio/RZN2L/test/src/local_system_init.c b/IDE/Renesas/e2studio/RZN2L/test/src/local_system_init.c
new file mode 100644
index 000000000..470e6229c
--- /dev/null
+++ b/IDE/Renesas/e2studio/RZN2L/test/src/local_system_init.c
@@ -0,0 +1,54 @@
+/* local_system_init.c
+ *
+ * Custom configuration for wolfCrypt/wolfSSL.
+ * Enabled via WOLFSSL_USER_SETTINGS.
+ *
+ *
+ * Copyright (C) 2024 wolfSSL Inc.
+ *
+ * This file is part of wolfBoot.
+ *
+ * wolfBoot is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * wolfBoot is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA
+ */
+#include "bsp_api.h"
+
+void local_system_init (void);
+
+BSP_TARGET_ARM void local_system_init (void)
+{
+#if 1
+    /* This software loops are only needed when debugging. */
+    __asm volatile (
+        "    mov   r0, #0                         \n"
+        "    movw  r1, #0xf07f                    \n"
+        "    movt  r1, #0x2fa                     \n"
+        "software_loop:                           \n"
+        "    adds  r0, #1                         \n"
+        "    cmp   r0, r1                         \n"
+        "    bne   software_loop                  \n"
+        ::: "memory");
+#endif
+    __asm volatile (
+        "set_vbar:                           \n"
+        "    LDR   r0, =__Vectors            \n"
+        "    MCR   p15, #0, r0, c12, c0, #0  \n" /* Write r0 to VBAR */
+        ::: "memory");
+
+    __asm volatile (
+        "jump_stack_init:                      \n"
+        "    ldr r0, =stack_init               \n"
+        "    blx r0                            \n" /* Jump to stack_init */
+        );
+}
diff --git a/IDE/Renesas/e2studio/RZN2L/test/src/rzn2l_tst_thread_entry.c b/IDE/Renesas/e2studio/RZN2L/test/src/rzn2l_tst_thread_entry.c
index c9aa4acc4..ee2a86061 100644
--- a/IDE/Renesas/e2studio/RZN2L/test/src/rzn2l_tst_thread_entry.c
+++ b/IDE/Renesas/e2studio/RZN2L/test/src/rzn2l_tst_thread_entry.c
@@ -20,13 +20,10 @@
  */
 #include "rzn2l_tst_thread.h"
 
-#include "um_common_cfg.h"
-#include "um_common_api.h"
-#include "um_serial_io_api.h"
-#include "um_serial_io.h"
-
 #include "wolfssl_demo.h"
 #include "user_settings.h"
+#include "sio_char.h"
+#include <stdio.h>
 
 typedef struct func_args {
     int    argc;
@@ -34,23 +31,20 @@ typedef struct func_args {
     int    return_code;
 } func_args;
 
-static serial_io_instance_ctrl_t g_serial_io0_ctrl;
-static serial_io_cfg_t const g_serial_io0_cfg =
-{
-    .p_uart_instance = &g_uart0,
-};
-serial_io_instance_t const g_serial_io0 =
-{
-    .p_ctrl = &g_serial_io0_ctrl,
-    .p_cfg  = &g_serial_io0_cfg,
-    .p_api  = &g_serial_io_on_serial_io,
-};
-
 FSP_CPP_HEADER
 void R_BSP_WarmStart(bsp_warm_start_event_t event)
 BSP_PLACE_IN_SECTION(".warm_start");
 FSP_CPP_FOOTER
 
+void user_uart_callback (uart_callback_args_t * p_args);
+void Clr_CallbackCtx(FSPSM_ST *g);
+void RSIP_KeyGeneration(FSPSM_ST *g);
+
+uint32_t volatile g_tx_complete = 0;
+uint32_t volatile g_rx_complete  = 0;
+uint32_t g_ofband_index = 0;
+uint8_t  g_ofband_received[TRANSFER_LENGTH];
+
 void R_BSP_WarmStart(bsp_warm_start_event_t event)
 {
     if (BSP_WARM_START_RESET == event) {
@@ -61,8 +55,47 @@ void R_BSP_WarmStart(bsp_warm_start_event_t event)
     }
 }
 
-#if defined(TLS_CLIENT) || \
-    defined(TLS_SERVER)
+void user_uart_callback (uart_callback_args_t* p_args)
+{
+    /* Handle the UART event */
+    switch (p_args->event)
+    {
+        /* Received a character */
+        case UART_EVENT_RX_CHAR:
+            /* Only put the next character in the receive
+             * buffer if there is space for it
+             */
+            if (sizeof(g_ofband_received) > g_ofband_index)
+            {
+                /* Write either the next one or two bytes
+                 * depending on the receive data size
+                 */
+                if ((UART_DATA_BITS_7 == g_uart0_cfg.data_bits) ||
+                                    (UART_DATA_BITS_8 == g_uart0_cfg.data_bits))
+                {
+                    g_ofband_received[g_ofband_index++] =
+                                                        (uint8_t) p_args->data;
+                } else {
+                    uint16_t * p_dest =
+                                (uint16_t *)&g_ofband_received[g_ofband_index];
+                    *p_dest = (uint16_t) p_args->data;
+                    g_ofband_index += 2;
+                }
+            }
+            break;
+        /* Receive complete */
+        case UART_EVENT_RX_COMPLETE:
+            g_rx_complete = 1;
+            break;
+        /* Transmit complete */
+        case UART_EVENT_TX_COMPLETE:
+            g_tx_complete = 1;
+            break;
+        default:break;
+    }
+}
+
+#if defined(TLS_CLIENT) || defined(TLS_SERVER)
     extern uint8_t g_ether0_mac_address[6];
     const byte ucIPAddress[4]          = { 192, 168, 11, 241 };
     const byte ucNetMask[4]            = { 255, 255, 255, 0 };
@@ -82,9 +115,6 @@ void R_BSP_WarmStart(bsp_warm_start_event_t event)
     FSPSM_ST guser_PKCbInfo;
 #endif
 
-void Clr_CallbackCtx(FSPSM_ST *g);
-void RSIP_KeyGeneration(FSPSM_ST *g);
-
 void RSIP_KeyGeneration(FSPSM_ST *g)
 {
     fsp_err_t rsip_error_code = FSP_SUCCESS;
@@ -201,39 +231,16 @@ void wolfSSL_TLS_cleanup()
 
 #endif
 
-serial_io_instance_t   const * gp_serial_io0   = &g_serial_io0;
-static void serial_init()
-{
-    usr_err_t usr_err;
-
-    /** Open Serial I/O module. */
-    usr_err = gp_serial_io0->p_api->open
-            (gp_serial_io0->p_ctrl, gp_serial_io0->p_cfg );
-    if( USR_SUCCESS != usr_err )
-    {
-      USR_DEBUG_BLOCK_CPU();
-    }
-
-    /** Start Serial I/O module. */
-    usr_err = gp_serial_io0->p_api->start( gp_serial_io0->p_ctrl );
-    if( USR_SUCCESS != usr_err )
-    {
-      USR_DEBUG_BLOCK_CPU();
-    }
-    printf( " Started Serial I/O interface." );
-}
 
 /* rzn2l_tst_thread entry function */
 /* pvParameters contains TaskHandle_t */
 void rzn2l_tst_thread_entry(void *pvParameters)
 {
     FSP_PARAMETER_NOT_USED (pvParameters);
-
-
-    serial_init();
+    /* Open the transfer instance with initial configuration. */
+    R_SCI_UART_Open(&g_uart0_ctrl, &g_uart0_cfg);
 
 #if defined(UNIT_TEST)
-
     int ret;
 
     printf("\n");
@@ -368,8 +375,7 @@ void rzn2l_tst_thread_entry(void *pvParameters)
     TCPInit();
 
     int TCP_connect_retry = 0;
-
-    printf("\n Start TLS Connection to %s port(%d)\n", SERVER_IP, DEFAULT_PORT);
+    printf("Start TLS Connection to %s port(%d)\n", SERVER_IP, DEFAULT_PORT);
     wolfSSL_TLS_client_init();
 
     do {
@@ -403,7 +409,7 @@ void rzn2l_tst_thread_entry(void *pvParameters)
 
     int TCP_connect_retry = 0;
 
-    printf("\n Start TLS Accept at %03d.%03d.%03d.%03d port(%d)\n",
+    printf("Start TLS Accept at %03d.%03d.%03d.%03d port(%d)\n",
                                                    ucIPAddress[0],
                                                    ucIPAddress[1],
                                                    ucIPAddress[2],
diff --git a/IDE/Renesas/e2studio/RZN2L/test/src/serial_io/.gitignore b/IDE/Renesas/e2studio/RZN2L/test/src/serial_io/.gitignore
deleted file mode 100644
index c96a04f00..000000000
--- a/IDE/Renesas/e2studio/RZN2L/test/src/serial_io/.gitignore
+++ /dev/null
@@ -1,2 +0,0 @@
-*
-!.gitignore
\ No newline at end of file
diff --git a/IDE/Renesas/e2studio/RZN2L/test/src/serial_io/app_print.c b/IDE/Renesas/e2studio/RZN2L/test/src/serial_io/app_print.c
new file mode 100644
index 000000000..c79f5443c
--- /dev/null
+++ b/IDE/Renesas/e2studio/RZN2L/test/src/serial_io/app_print.c
@@ -0,0 +1,83 @@
+/* app_print.c
+ *
+ * Copyright (C) 2006-2025 wolfSSL Inc.
+ *
+ * This file is part of wolfSSL.
+ *
+ * wolfSSL is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * wolfSSL is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA
+ */
+#include <stdint.h>
+#include <stdio.h>
+#include <string.h>
+#include <stdlib.h>
+#include <stdarg.h>
+
+#include "hal_data.h"
+
+static char         g_uart_buf[256];        ///< uart tx buffer
+extern volatile uint32_t g_tx_complete;
+void uart_printf( const char *format, ... );
+
+void uart_printf( const char *format, ... )
+{
+    va_list  va;
+    uint32_t bytes;
+    uint32_t offset, len, skip;
+    char  chara;
+    const char ch = '\r';
+    char* p;
+
+    va_start( va, format );
+    bytes =  (uint32_t)vsprintf(g_uart_buf, format, va);
+    va_end( va );
+
+    if (bytes > 0) {
+        p = &g_uart_buf[0];
+        offset = 0;
+        skip = 0;
+
+        do {
+            len = 0;
+            skip = 0;
+            for (;offset < bytes; offset++, len++) {
+                chara = g_uart_buf[offset];
+                if ('\n' == chara) {
+                    skip = 1;
+                    len += 1;
+                    break;
+                }
+                if ('\r' == chara && (offset + 1) < bytes &&
+                        '\n' == g_uart_buf[offset + 1]){
+                    skip = 2;
+                    len += 2;
+                    break;
+                }
+            }
+            /* write buffer without LF */
+            R_SCI_UART_Write(&g_uart0_ctrl, (uint8_t*)p, len);
+            while(!g_tx_complete);
+            g_tx_complete = 0;
+            if (skip > 0) {
+                R_SCI_UART_Write(&g_uart0_ctrl, (uint8_t*)&ch, 1);
+                while(!g_tx_complete);
+            }
+            p += (len + skip);
+            offset += skip;
+        } while(offset < bytes);
+    }
+
+
+    g_tx_complete = 0;
+}
diff --git a/IDE/Renesas/e2studio/RZN2L/test/src/test/wolfssl_rsip_unit_test.c b/IDE/Renesas/e2studio/RZN2L/test/src/test/wolfssl_rsip_unit_test.c
index 2666b3833..5bf45499f 100644
--- a/IDE/Renesas/e2studio/RZN2L/test/src/test/wolfssl_rsip_unit_test.c
+++ b/IDE/Renesas/e2studio/RZN2L/test/src/test/wolfssl_rsip_unit_test.c
@@ -37,7 +37,6 @@
 #include "FreeRTOS.h"
 
 extern FSPSM_INSTANCE   gFSPSM_ctrl;
-int devId1 = INVALID_DEVID;
 
 #ifndef NO_SHA
  int sha_test();
@@ -74,14 +73,14 @@ static byte Aes256_Cbc_multTst_rslt = 0;
 static byte Aes128_Gcm_multTst_rslt = 0;
 static byte Aes256_Gcm_multTst_rslt = 0;
 
-int rsip_crypt_AesCbc_multitest();
-int rsip_crypt_AesGcm_multitest();
-int rsip_crypt_Sha_AesCbcGcm_multitest();
+int rsip_crypt_AesCbc_multitest(int devId);
+int rsip_crypt_AesGcm_multitest(int devId);
+int rsip_crypt_Sha_AesCbcGcm_multitest(int devId);
 int rsip_crypt_sha_multitest();
 int rsip_crypt_test();
 
 void Clr_CallbackCtx(FSPSM_ST *g);
-
+void RSIP_KeyGeneration(FSPSM_ST *g);
 FSPSM_ST gCbInfo;
 FSPSM_ST gCbInfo_a; /* for multi testing */
 
@@ -124,12 +123,13 @@ FSPSM_ST gCbInfo_a; /* for multi testing */
 #endif
 typedef struct tagInfo
 {
+    int devId;
     FSPSM_AES_PWKEY aes_key;
 } Info;
 
 #if defined(HAVE_AES_CBC) && defined(WOLFSSL_AES_128)
 
-static int rsip_aes128_cbc_test(int prnt, FSPSM_AES_PWKEY aes_key)
+static int rsip_aes128_cbc_test(int prnt, FSPSM_AES_PWKEY aes_key, int devId)
 {
 
     Aes  aes[1];
@@ -154,7 +154,7 @@ static int rsip_aes128_cbc_test(int prnt, FSPSM_AES_PWKEY aes_key)
         printf(" rsip_aes_cbc_test() ");
     }
 
-    ret = wc_AesInit(aes, NULL, devId1);
+    ret = wc_AesInit(aes, NULL, devId);
     if (ret == 0) {
         ret = wc_AesSetKey(aes, (byte*)aes_key, keySz,
                                iv, AES_ENCRYPTION);
@@ -169,7 +169,7 @@ static int rsip_aes128_cbc_test(int prnt, FSPSM_AES_PWKEY aes_key)
         ret = -1;
 
 #ifdef HAVE_AES_DECRYPT
-    ret = wc_AesInit(aes, NULL, devId1);
+    ret = wc_AesInit(aes, NULL, devId);
     if (ret == 0) {
         ret = wc_AesSetKey(aes, (byte*)aes_key, keySz,
                                iv, AES_DECRYPTION);
@@ -199,7 +199,7 @@ static void tskAes128_Cbc_Test(void *pvParam)
     Info *p = (Info*)pvParam;
 
     while (exit_loop == 0) {
-        ret = rsip_aes128_cbc_test(0, p->aes_key);
+        ret = rsip_aes128_cbc_test(0, p->aes_key, p->devId);
         vTaskDelay(10/portTICK_PERIOD_MS);
         if (ret != 0) {
             printf(" result was not good(%d). rsip_aes_cbc_test\n", ret);
@@ -214,7 +214,7 @@ static void tskAes128_Cbc_Test(void *pvParam)
 #endif
 
 #ifdef WOLFSSL_AES_256
-static int rsip_aes256_cbc_test(int prnt, FSPSM_AES_PWKEY aes_key)
+static int rsip_aes256_cbc_test(int prnt, FSPSM_AES_PWKEY aes_key, int devId)
 {
     Aes enc[1];
     byte cipher[WC_AES_BLOCK_SIZE];
@@ -237,12 +237,12 @@ static int rsip_aes256_cbc_test(int prnt, FSPSM_AES_PWKEY aes_key)
     if (prnt)
         printf(" rsip_aes256_test() ");
 
-    if (wc_AesInit(enc, NULL, devId1) != 0) {
+    if (wc_AesInit(enc, NULL, devId) != 0) {
         ret = -1;
         goto out;
     }
 
-    if (wc_AesInit(dec, NULL, devId1) != 0){
+    if (wc_AesInit(dec, NULL, devId) != 0){
         ret = -2;
         goto out;
     }
@@ -298,7 +298,7 @@ static void tskAes256_Cbc_Test(void *pvParam)
     Info *p = (Info*)pvParam;
 
     while (exit_loop == 0) {
-        ret = rsip_aes256_cbc_test(0, p->aes_key);
+        ret = rsip_aes256_cbc_test(0, p->aes_key, p->devId);
         vTaskDelay(10/portTICK_PERIOD_MS);
         if (ret != 0) {
             printf(" result was not good(%d). rsip_aes256_test\n", ret);
@@ -313,7 +313,7 @@ static void tskAes256_Cbc_Test(void *pvParam)
 #endif /* WOLFSSL_AES_256 */
 
 #if defined(WOLFSSL_AES_256)
-static int rsip_aesgcm256_test(int prnt, FSPSM_AES_PWKEY aes256_key)
+static int rsip_aesgcm256_test(int prnt, FSPSM_AES_PWKEY aes256_key, int devId)
 {
     Aes enc[1];
     Aes dec[1];
@@ -384,11 +384,11 @@ static int rsip_aesgcm256_test(int prnt, FSPSM_AES_PWKEY aes256_key)
     XMEMSET(resultP, 0, sizeof(resultP));
     XMEMSET(&userContext, 0, sizeof(FSPSM_ST));
 
-    if (wc_AesInit(enc, NULL, devId1) != 0) {
+    if (wc_AesInit(enc, NULL, devId) != 0) {
         ret = -1;
         goto out;
     }
-    if (wc_AesInit(dec, NULL, devId1) != 0) {
+    if (wc_AesInit(dec, NULL, devId) != 0) {
         ret = -2;
         goto out;
     }
@@ -478,7 +478,7 @@ static void tskAes256_Gcm_Test(void *pvParam)
     Info *p = (Info*)pvParam;
 
     while (exit_loop == 0) {
-        ret = rsip_aesgcm256_test(0, p->aes_key);
+        ret = rsip_aesgcm256_test(0, p->aes_key, p->devId);
         vTaskDelay(10/portTICK_PERIOD_MS);
         if (ret != 0) {
             printf(" result was not good(%d). rsip_aesgcm256_test\n", ret);
@@ -493,7 +493,7 @@ static void tskAes256_Gcm_Test(void *pvParam)
 
 #if defined(WOLFSSL_AES_128)
 
-static int rsip_aesgcm128_test(int prnt, FSPSM_AES_PWKEY aes128_key)
+static int rsip_aesgcm128_test(int prnt, FSPSM_AES_PWKEY aes128_key, int devId)
 {
     Aes enc[1];
     Aes dec[1];
@@ -570,12 +570,12 @@ static int rsip_aesgcm128_test(int prnt, FSPSM_AES_PWKEY aes128_key)
     XMEMSET(resultP, 0, sizeof(resultP));
     XMEMSET(&userContext, 0, sizeof(FSPSM_ST));
 
-    if (wc_AesInit(enc, NULL, devId1) != 0) {
+    if (wc_AesInit(enc, NULL, devId) != 0) {
         ret = -1;
         goto out;
     }
 
-    if (wc_AesInit(dec, NULL, devId1) != 0) {
+    if (wc_AesInit(dec, NULL, devId) != 0) {
         ret = -2;
         goto out;
     }
@@ -624,7 +624,7 @@ static void tskAes128_Gcm_Test(void *pvParam)
     Info *p = (Info*)pvParam;
 
     while (exit_loop == 0) {
-        ret = rsip_aesgcm128_test(0, p->aes_key);
+        ret = rsip_aesgcm128_test(0, p->aes_key, p->devId);
         vTaskDelay(10/portTICK_PERIOD_MS);
         if (ret != 0) {
             printf(" result was not good(%d). rsip_aesgcm128_test\n", ret);
@@ -646,7 +646,7 @@ static void tskAes128_Gcm_Test(void *pvParam)
 #define TEST_STRING_SZ   25
 #define RSA_TEST_BYTES   256 /* up to 2048-bit key */
 
-static int rsip_rsa_test(int prnt, int keySize)
+static int rsip_rsa_test(int prnt, int keySize, int devId)
 {
     int ret = 0;
 
@@ -656,7 +656,6 @@ static int rsip_rsa_test(int prnt, int keySize)
     const char inStr2[] = TEST_STRING2;
     const word32 inLen = (word32)TEST_STRING_SZ;
     const word32 outSz = RSA_TEST_BYTES;
-    word32 out_actual_len = 0;
     byte *in = NULL;
     byte *in2 = NULL;
     byte *out= NULL;
@@ -680,7 +679,7 @@ static int rsip_rsa_test(int prnt, int keySize)
     XMEMSET(out,  0, outSz);
     XMEMSET(out2, 0, outSz);
 
-    ret = wc_InitRsaKey_ex(key, NULL, 7890/* fixed devid for TSIP/SCE*/);
+    ret = wc_InitRsaKey_ex(key, NULL, devId);
     if (ret != 0) {
         goto out;
     }
@@ -727,13 +726,12 @@ out:
     return ret;
 }
 
-static int rsip_rsa_SignVerify_test(int prnt, int keySize)
+static int rsip_rsa_SignVerify_test(int prnt, int keySize, int devId)
 {
     int ret = 0;
 
     RsaKey *key = (RsaKey *)XMALLOC(sizeof *key, NULL, DYNAMIC_TYPE_TMP_BUFFER);
     WC_RNG rng;
-    word32 sigSz;
     const char inStr [] = TEST_STRING;
     const char inStr2[] = TEST_STRING2;
     const word32 inLen = (word32)TEST_STRING_SZ;
@@ -760,7 +758,7 @@ static int rsip_rsa_SignVerify_test(int prnt, int keySize)
     XMEMCPY(in, inStr, inLen);
     XMEMCPY(in2, inStr2, inLen);
 
-    ret = wc_InitRsaKey_ex(key, NULL, 7890/* fixed devid for TSIP/SCE*/);
+    ret = wc_InitRsaKey_ex(key, NULL, devId);
     if (ret != 0) {
         goto out;
     }
@@ -781,7 +779,7 @@ static int rsip_rsa_SignVerify_test(int prnt, int keySize)
     if (ret < 0) {
         goto out;
     }
-    sigSz = (word32)ret;
+
     //* this should fail */
     ret = wc_RsaSSL_Verify(in2, inLen, out, (word32)(keySize/8), key);
     if (ret != FSP_ERR_CRYPTO_RSIP_FAIL) {
@@ -902,7 +900,7 @@ int rsip_crypt_sha256_multitest()
 }
 
 
-int rsip_crypt_AesCbc_multitest()
+int rsip_crypt_AesCbc_multitest(int devId)
 {
     int ret = 0;
     int num = 0;
@@ -925,7 +923,10 @@ int rsip_crypt_AesCbc_multitest()
 
     exit_semaph = xSemaphoreCreateCounting((UBaseType_t)num, 0);
     xRet = pdPASS;
-
+    info_aes1.devId = devId;
+    info_aes2.devId = devId;
+    info_aes256_1.devId = devId;
+    info_aes256_2.devId = devId;
 #if defined(HAVE_AES_CBC) && defined(WOLFSSL_AES_128)
     XMEMCPY(&info_aes1.aes_key, &g_user_aes128_key_index1,
                                             sizeof(FSPSM_AES_PWKEY));
@@ -983,7 +984,7 @@ int rsip_crypt_AesCbc_multitest()
 }
 
 
-int rsip_crypt_AesGcm_multitest()
+int rsip_crypt_AesGcm_multitest(int devId)
 {
     int ret = 0;
     int num = 0;
@@ -1007,7 +1008,10 @@ int rsip_crypt_AesGcm_multitest()
 
     exit_semaph = xSemaphoreCreateCounting((UBaseType_t)num, 0);
     xRet = pdPASS;
-
+    info_aes1.devId = devId;
+    info_aes2.devId = devId;
+    info_aes256_1.devId = devId;
+    info_aes256_2.devId = devId;
 #if defined(WOLFSSL_AES_128)
     XMEMCPY(&info_aes1.aes_key, &g_user_aes128_key_index1,
                                     sizeof(FSPSM_AES_PWKEY));
@@ -1066,7 +1070,7 @@ int rsip_crypt_AesGcm_multitest()
     return ret;
 }
 
-int rsip_crypt_Sha_AesCbcGcm_multitest()
+int rsip_crypt_Sha_AesCbcGcm_multitest(int devId)
 {
     int ret = 0;
     int num = 0;
@@ -1098,7 +1102,10 @@ int rsip_crypt_Sha_AesCbcGcm_multitest()
 
     exit_semaph = xSemaphoreCreateCounting((UBaseType_t)num, 0);
     xRet = pdPASS;
-
+    info_aes128cbc.devId = devId;
+    info_aes128gcm.devId = devId;
+    info_aes256cbc.devId = devId;
+    info_aes256gcm.devId = devId;
 #ifndef NO_SHA256
     xRet = xTaskCreate(tskSha256_Test1, "sha256_test1",
                                             STACK_SIZE, NULL, 3, NULL);
@@ -1174,12 +1181,13 @@ int rsip_crypt_Sha_AesCbcGcm_multitest()
 int rsip_crypt_test()
 {
     int ret = 0;
+    int devId = INVALID_DEVID;
     fsp_err_t rsip_error_code = FSP_SUCCESS;
 
     /* Generate AES sce Key */
 
     if (rsip_error_code == FSP_SUCCESS) {
-       #if defined(WOLFSSL_RENESAS_RSIP_CRYPTONLY)
+    #if defined(WOLFSSL_RENESAS_RSIP_CRYPTONLY)
         /* set up Crypt Call back */
         Clr_CallbackCtx(&gCbInfo);
         Clr_CallbackCtx(&gCbInfo_a);
@@ -1204,43 +1212,54 @@ int rsip_crypt_test()
         ret = wc_CryptoCb_CryptInitRenesasCmn(NULL, &gCbInfo);
 
         if ( ret > 0) {
-            devId1 = ret;
+            devId = ret;
             ret = 0;
         }
-
+    #if RSA_MIN_SIZE < 1024
         if (ret == 0) {
             printf(" rsip_rsa_test(512)(this will be done"
             " by SW because RSIP doesn't support 512 bits key size.)");
-            ret = rsip_rsa_test(1, 512);
+            gCbInfo.keyflgs_crypt.bits.rsapri1024_installedkey_set = 0;
+            gCbInfo.keyflgs_crypt.bits.rsapub1024_installedkey_set = 0;
+            gCbInfo.keyflgs_crypt.bits.rsapri2048_installedkey_set = 0;
+            gCbInfo.keyflgs_crypt.bits.rsapub2048_installedkey_set = 0;
+            ret = rsip_rsa_test(1, 512, devId);
             RESULT_STR(ret)
         }
-
+    #endif
+    #if RSA_MIN_SIZE <= 1024
         if (ret == 0) {
             printf(" rsip_rsa_test(1024)");
-            ret = rsip_rsa_test(1, 1024);
+            gCbInfo.keyflgs_crypt.bits.rsapri1024_installedkey_set = 1;
+            gCbInfo.keyflgs_crypt.bits.rsapub1024_installedkey_set = 1;
+            gCbInfo.keyflgs_crypt.bits.rsapri2048_installedkey_set = 0;
+            gCbInfo.keyflgs_crypt.bits.rsapub2048_installedkey_set = 0;
+            ret = rsip_rsa_test(1, 1024, devId);
             RESULT_STR(ret)
         }
-
-        if (ret == 0) {
-            printf(" rsip_rsa_test(2048)");
-            ret = rsip_rsa_test(1, 2048);
-            RESULT_STR(ret)
-        }
-
         if (ret == 0) {
             gCbInfo.hash_type = RSIP_HASH_TYPE_SHA256 ;
             printf(" rsip_rsa_SignVerify_test(1024)");
-            ret = rsip_rsa_SignVerify_test(1, 1024);
+            ret = rsip_rsa_SignVerify_test(1, 1024, devId);
+            RESULT_STR(ret)
+        }
+    #endif
+        if (ret == 0) {
+            printf(" rsip_rsa_test(2048)");
+            gCbInfo.keyflgs_crypt.bits.rsapri1024_installedkey_set = 0;
+            gCbInfo.keyflgs_crypt.bits.rsapub1024_installedkey_set = 0;
+            gCbInfo.keyflgs_crypt.bits.rsapri2048_installedkey_set = 1;
+            gCbInfo.keyflgs_crypt.bits.rsapub2048_installedkey_set = 1;
+            ret = rsip_rsa_test(1, 2048, devId);
             RESULT_STR(ret)
         }
-
         if (ret == 0 && rsip_error_code == FSP_SUCCESS) {
             printf(" rsip_rsa_SignVerify_test(2048)");
-            ret = rsip_rsa_SignVerify_test(1, 2048);
+            ret = rsip_rsa_SignVerify_test(1, 2048, devId);
             RESULT_STR(ret)
         }
 
-       #endif /* WOLFSSL_RENESAS_RSIP_CRYPTONLY */
+   #endif /* WOLFSSL_RENESAS_RSIP_CRYPTONLY */
 
    #ifndef NO_SHA256
         printf(" sha256_test()");
@@ -1263,18 +1282,18 @@ int rsip_crypt_test()
         RESULT_STR(ret)
    #endif
 
-        ret = rsip_aes128_cbc_test(1, g_user_aes128_key_index1);
+        ret = rsip_aes128_cbc_test(1, g_user_aes128_key_index1, devId);
 
         if (ret == 0) {
-            ret = rsip_aes256_cbc_test(1, g_user_aes256_key_index1);
+            ret = rsip_aes256_cbc_test(1, g_user_aes256_key_index1, devId);
         }
 
         if (ret == 0) {
-            ret = rsip_aesgcm128_test(1, g_user_aes128_key_index1);
+            ret = rsip_aesgcm128_test(1, g_user_aes128_key_index1, devId);
         }
 
         if (ret == 0) {
-            ret = rsip_aesgcm256_test(1, g_user_aes256_key_index1);
+            ret = rsip_aesgcm256_test(1, g_user_aes256_key_index1, devId);
         }
 
         if (ret == 0) {
@@ -1284,20 +1303,25 @@ int rsip_crypt_test()
 
         if (ret == 0) {
             printf(" multi Aes cbc thread test\n");
-            ret = rsip_crypt_AesCbc_multitest();
+            ret = rsip_crypt_AesCbc_multitest(devId);
         }
 
         if (ret == 0) {
             printf(" multi Aes Gcm thread test\n");
-            ret = rsip_crypt_AesGcm_multitest();
+            ret = rsip_crypt_AesGcm_multitest(devId);
         }
 
         if (ret == 0) {
-            printf("rsip_crypt_Sha_AesCbcGcm_multitest\n");
-            ret = rsip_crypt_Sha_AesCbcGcm_multitest();
+            printf(" multi Sha AesCbcGcm thread test\n");
+            ret = rsip_crypt_Sha_AesCbcGcm_multitest(devId);
         }
 
     #if defined(WOLFSSL_RENESAS_RSIP_CRYPTONLY)
+        /*
+         * Need to be cleaned up before context clear
+         * for internal instance
+         */
+        wc_CryptoCb_CleanupRenesasCmn(&devId);
         Clr_CallbackCtx(&gCbInfo);
         Clr_CallbackCtx(&gCbInfo_a);
     #endif
diff --git a/IDE/Renesas/e2studio/RZN2L/test/src/wolfssl_dummy.c b/IDE/Renesas/e2studio/RZN2L/test/src/wolfssl_dummy.c
index 41c4e100f..ccbbba614 100644
--- a/IDE/Renesas/e2studio/RZN2L/test/src/wolfssl_dummy.c
+++ b/IDE/Renesas/e2studio/RZN2L/test/src/wolfssl_dummy.c
@@ -21,13 +21,30 @@
 
 #include <wolfssl/wolfcrypt/wc_port.h>
 
-#define YEAR 2023
-#define MON  9
-
 static int tick = 0;
 
+#define YEAR  ( \
+    ((__DATE__)[7]  - '0') * 1000 + \
+    ((__DATE__)[8]  - '0') * 100  + \
+    ((__DATE__)[9]  - '0') * 10   + \
+    ((__DATE__)[10] - '0') * 1      \
+)
+
+#define MONTH ( \
+    __DATE__[2] == 'n' ? (__DATE__[1] == 'a' ? 1 : 6) \
+  : __DATE__[2] == 'b' ? 2 \
+  : __DATE__[2] == 'r' ? (__DATE__[0] == 'M' ? 3 : 4) \
+  : __DATE__[2] == 'y' ? 5 \
+  : __DATE__[2] == 'l' ? 7 \
+  : __DATE__[2] == 'g' ? 8 \
+  : __DATE__[2] == 'p' ? 9 \
+  : __DATE__[2] == 't' ? 10 \
+  : __DATE__[2] == 'v' ? 11 \
+  : 12 \
+  )
+
 time_t time(time_t *t)
 {
     (void)t;
-    return ((YEAR-1970)*365+30*MON)*24*60*60 + tick++;
+    return ((YEAR-1970)*365+30*MONTH)*24*60*60 + tick++;
 }
diff --git a/IDE/STM32Cube/wolfssl_example.c b/IDE/STM32Cube/wolfssl_example.c
index d2fed0a52..9c89ddf92 100644
--- a/IDE/STM32Cube/wolfssl_example.c
+++ b/IDE/STM32Cube/wolfssl_example.c
@@ -1830,7 +1830,7 @@ double current_time(void)
     (void) date;
 
     /* return seconds.milliseconds */
-    return ((double) time.Hours * 24) + ((double) time.Minutes * 60)
+    return ((double) time.Hours * 3600) + ((double) time.Minutes * 60)
             + (double) time.Seconds + ((double) subsec / 1000);
 }
 #endif /* HAL_RTC_MODULE_ENABLED */
diff --git a/IDE/WINCE/README.md b/IDE/WINCE/README.md
new file mode 100644
index 000000000..6a394cbd0
--- /dev/null
+++ b/IDE/WINCE/README.md
@@ -0,0 +1,10 @@
+Use this file for FIPS 140-3 upcoming UPDT+OEUP and module v5.2.3, not intended
+for use with any other module version, v5.2.3 exclusive (certificate # will be
+add here upon issuance):
+
+    user_settings.h
+
+This is now a legacy file used under the 140-2 program for module v4.6.2 under
+now historical certificate #3389:
+
+    user_settings.h.140-2-deprecated
diff --git a/IDE/WINCE/include.am b/IDE/WINCE/include.am
index 052fdce8a..10212c74d 100644
--- a/IDE/WINCE/include.am
+++ b/IDE/WINCE/include.am
@@ -3,3 +3,5 @@
 # All paths should be given relative to the root
 
 EXTRA_DIST+= IDE/WINCE/user_settings.h
+EXTRA_DIST+= IDE/WINCE/README.md
+EXTRA_DIST+= IDE/WINCE/user_settings.h.140-2-deprecated
diff --git a/IDE/WINCE/user_settings.h b/IDE/WINCE/user_settings.h
index 9e1b2f046..bba21fcb0 100644
--- a/IDE/WINCE/user_settings.h
+++ b/IDE/WINCE/user_settings.h
@@ -1,63 +1,780 @@
 /* user_settings.h
  *
- * Copyright (C) 2006-2025 wolfSSL Inc.
- *
- * This file is part of wolfSSL.
- *
- * wolfSSL is free software; you can redistribute it and/or modify
- * it under the terms of the GNU General Public License as published by
- * the Free Software Foundation; either version 3 of the License, or
- * (at your option) any later version.
- *
- * wolfSSL is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
- * GNU General Public License for more details.
- *
- * You should have received a copy of the GNU General Public License
- * along with this program; if not, write to the Free Software
- * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA
- */
-#if 1
-    #define OPENSSL_COEXIST
-
-    /* HKDF for engine */
-    #undef HAVE_HKDF
-    #if 1
-        #define HAVE_HKDF
-        #define HAVE_X963_KDF
-    #endif
-
-    #undef WOLFSSL_PUBLIC_MP
-    #define WOLFSSL_PUBLIC_MP
-
-    #undef NO_OLD_RNGNAME
-    #define NO_OLD_RNGNAME
-
-    #undef NO_OLD_WC_NAMES
-    #define NO_OLD_WC_NAMES
-
-    #undef NO_OLD_SSL_NAMES
-    #define NO_OLD_SSL_NAMES
-
-    #undef NO_OLD_SHA_NAMES
-    #define NO_OLD_SHA_NAMES
-
-    #undef NO_OLD_MD5_NAME
-    #define NO_OLD_MD5_NAME
-
-    #undef NO_OLD_SHA256_NAMES
-    #define NO_OLD_SHA256_NAMES
-#endif
-
-#undef WOLFSSL_SYS_CA_CERTS
-#define WOLFSSL_SYS_CA_CERTS
-
-#undef LIBWOLFSSL_GLOBAL_EXTRA_CFLAGS
-#define LIBWOLFSSL_GLOBAL_EXTRA_CFLAGS
-
-#undef HAVE_SERVER_RENEGOTIATION_INFO
-#define HAVE_SERVER_RENEGOTIATION_INFO
+ * Copyright (C) 2006-2025 wolfSSL Inc.
+ *
+ * This file is part of wolfSSL.
+ *
+ * wolfSSL is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * wolfSSL is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA
+ */
+
+
+/* Custom wolfSSL user settings for GCC ARM */
+
+#ifndef WOLFSSL_USER_SETTINGS_H
+#define WOLFSSL_USER_SETTINGS_H
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+/* ------------------------------------------------------------------------- */
+/* Platform */
+/* ------------------------------------------------------------------------- */
+#undef  WOLFSSL_GENERAL_ALIGNMENT
+#define WOLFSSL_GENERAL_ALIGNMENT   4
+
+/* Multi-threaded support */
+#undef  SINGLE_THREADED
+#if 0
+    #define SINGLE_THREADED
+#else
+    #define ERROR_QUEUE_PER_THREAD /* if applicable otherwise comment out */
+#endif
+
+#ifdef SINGLE_THREADED
+    #undef  NO_THREAD_LS
+    #define NO_THREAD_LS
+#endif
+
+#undef  WOLFSSL_USER_IO
+//#define WOLFSSL_USER_IO
+
+#undef NO_WRITE_TEMP_FILES
+#define NO_WRITE_TEMP_FILES
+
+/* FIPS 140-3 OE specific section(s) */
+
+/* Uncomment for Android devices */
+#undef ANDROID_V454
+/* #define ANDROID_V454 */
+#ifdef ANDROID_V454
+    #if 1
+        /* To have all printouts go to the app view on the device use: */
+        extern int appendToTextView(const char* fmt, ...);
+        #undef printf
+        #define printf(format, ...) appendToTextView(format, ## __VA_ARGS__)
+    #else
+        #include <android/log.h>
+        #define WOLFLOGV(...) __android_log_print(ANDROID_LOG_VERBOSE, "wolfCrypt_android", __VA_ARGS__)
+        #undef printf
+        #define printf WOLFLOGV
+    #endif
+#endif
+
+/* Uncomment for WINCE 6.0 devices. NOTE: _WIN32_WCE defined by system */
+#if 1
+    #define NO_WOLFSSL_DIR
+    #define WOLFSSL_NO_ATOMICS
+    #define WC_NO_ASYNC_THREADING
+    #define USE_WINDOWS_API
+    #define WOLFSSL_SMALL_STACK
+    #define MAX_SUPPORTED_THREADS 1024
+    #define MAX_SUPPORTED_PRIV_KEYS 1024
+    #define MAX_CONFIGURED_THREAD 512
+#endif
+
+/* ------------------------------------------------------------------------- */
+/* Math Configuration */
+/* ------------------------------------------------------------------------- */
+#undef  SIZEOF_LONG_LONG
+#define SIZEOF_LONG_LONG 8
+
+#undef USE_FAST_MATH
+#if 1
+    #define USE_FAST_MATH
+
+    #undef  TFM_TIMING_RESISTANT
+    #define TFM_TIMING_RESISTANT
+
+    #undef TFM_NO_ASM
+    #define TFM_NO_ASM
+
+    /* Optimizations */
+    //#define TFM_ARM
+
+    /* Maximum math bits (Max RSA key bits * 2) */
+    #undef  FP_MAX_BITS
+    #define FP_MAX_BITS 16384
+#else
+    #define WOLFSSL_SP_MATH_ALL
+    #define WOLFSSL_SP_INT_NEGATIVE
+    /* Maximum math bits (largest supported key bits) */
+    #undef SP_INT_BITS
+    #define SP_INT_BITS 8192
+#endif
+
+/* Wolf Single Precision Math */
+#undef WOLFSSL_SP
+#if 0 /* SP Assembly Speedups (wPAA) */
+    //#define WOLFSSL_SP
+    //#define WOLFSSL_SP_SMALL      /* use smaller version of code */
+    //#define WOLFSSL_SP_1024
+    //#define WOLFCRYPT_HAVE_SAKKE /* Note: Sakke can be enabled with 1024-bit support */
+    //#define WOLFSSL_SP_4096 /* Explicitly enable 4096-bit support (2048/3072 on by default) */
+    //#define WOLFSSL_SP_384 /* Explicitly enable 384-bit support (others on by default) */
+    //#define WOLFSSL_SP_521 /* Explicitly enable 521-bit support (others on by default) */
+    //#define WOLFSSL_HAVE_SP_RSA
+    //#define WOLFSSL_HAVE_SP_DH
+    //#define WOLFSSL_HAVE_SP_ECC
+    /* If no PAA, leave out */
+    //#define WOLFSSL_ARMASM
+    //#define WOLFSSL_SP_ARM64_ASM
+#endif
+
+/* ------------------------------------------------------------------------- */
+/* FIPS - Requires eval or license from wolfSSL */
+/* ------------------------------------------------------------------------- */
+#undef  HAVE_FIPS
+#if 1
+
+    #define WOLFCRYPT_FIPS_CORE_HASH_VALUE \
+C149F3285397DFBD0C6720E14818475C3A50B10880EF9619463173A6D5ED15E7
+/* 0F3FB6F60279949E88901E852EADF3746E92162EB3D279E4C1052FB145FB04B6 */ /* Primary Run */
+/* F952A96D70E630665F11D9933C46546063FD70108E39AB62C0886F0888B656ED */ /* Cases 206, 208 and 209 */
+/* BADBADBADBADBADBADBADDEADBEEFDEADBEEFDEADBEEFDEADBEEFBADBADBADBD */ /* TE05.05.07 */
+/* D371272290903FB9EB78FACD3504306EC8F12342CC195950E0F516A03AA51A39 */ /* harness */
+
+#ifdef _WIN32_WCE
+    #include <stdio.h>
+    #include <stdarg.h>
+    #include <time.h>
+    #include <windows.h>
+    /* Inline function for WOLFLOGV */
+    static int wolf_logv_internal(const char* fmt, ...) {
+        int n;
+        va_list args;
+
+        Sleep(1); /* Sleep for 1 millisecond before printing */
+        /* Ensure all previous buffered output is flushed */
+        fflush(stdout);
+        fflush(stderr);
+
+        va_start(args, fmt);
+        /* Use vfprintf for va_list arguments */
+        n = vfprintf(stdout, fmt, args);
+        va_end(args);
+
+        /* Flush immediately after printing */
+        fflush(stdout);
+        fflush(stderr);
+
+        Sleep(1);  /* Sleep for 1 millisecond before printing */
+
+        return n;
+    }
+
+    /* Ensure printf is not defined before redefining it */
+    #ifdef printf
+        #undef printf
+    #endif
+
+    /* Define WOLFLOGV as the wrapper */
+    #define WOLFLOGV wolf_logv_internal
+
+    /* Redirect printf to WOLFLOGV (effectively wolf_logv_internal) */
+    #define printf WOLFLOGV
+#endif
+
+    #define HAVE_FIPS
+
+    #undef  HAVE_FIPS_VERSION
+    #define HAVE_FIPS_VERSION 5
+    #define HAVE_FIPS_VERSION_MAJOR HAVE_FIPS_VERSION
+
+    #undef HAVE_FIPS_VERSION_MINOR
+    #define HAVE_FIPS_VERSION_MINOR 2
+    #define HAVE_FIPS_VERSION_PATCH 3
+
+    #undef WOLFSSL_WOLFSSH
+    #define WOLFSSL_WOLFSSH
+
+    #undef WC_RNG_SEED_CB
+    #define WC_RNG_SEED_CB
+
+    #if 0
+        #undef NO_ATTRIBUTE_CONSTRUCTOR
+        #define NO_ATTRIBUTE_CONSTRUCTOR
+    #endif
+
+#endif
+
+
+/* ------------------------------------------------------------------------- */
+/* Crypto */
+/* ------------------------------------------------------------------------- */
+/* RSA */
+#undef NO_RSA
+#if 1
+
+    /* half as much memory but twice as slow */
+    #undef  RSA_LOW_MEM
+    //#define RSA_LOW_MEM
+
+    /* Enables blinding mode, to prevent timing attacks */
+    #if 1
+        #undef  WC_RSA_BLINDING
+        #define WC_RSA_BLINDING
+    #else
+        #undef  WC_NO_HARDEN
+        #define WC_NO_HARDEN
+    #endif
+
+    /* RSA PSS Support */
+    #if 1
+        #undef WC_RSA_PSS
+        #define WC_RSA_PSS
+
+        #undef WOLFSSL_PSS_LONG_SALT
+        #define WOLFSSL_PSS_LONG_SALT
+
+        #undef WOLFSSL_PSS_SALT_LEN_DISCOVER
+        #define WOLFSSL_PSS_SALT_LEN_DISCOVER
+    #endif
+
+    #if 1
+        #define WC_RSA_NO_PADDING
+    #endif
+#else
+    #define NO_RSA
+#endif
+
+/* ECC */
+#undef HAVE_ECC
+#if 1
+    #define HAVE_ECC
+
+    /* Manually define enabled curves */
+    #undef  ECC_USER_CURVES
+    //#define ECC_USER_CURVES
+
+    #ifdef ECC_USER_CURVES
+        /* Manual Curve Selection */
+        #define HAVE_ECC192
+        #define HAVE_ECC224
+        #undef NO_ECC256
+        #define HAVE_ECC256
+        #define HAVE_ECC384
+        #define HAVE_ECC521
+    #endif
+
+    /* Fixed point cache (speeds repeated operations against same private key) */
+    #undef  FP_ECC
+    //#define FP_ECC
+    #ifdef FP_ECC
+        /* Bits / Entries */
+        #undef  FP_ENTRIES
+        #define FP_ENTRIES  2
+        #undef  FP_LUT
+        #define FP_LUT      4
+    #endif
+
+    /* Optional ECC calculation method */
+    /* Note: doubles heap usage, but slightly faster */
+    #undef  ECC_SHAMIR
+    #define ECC_SHAMIR
+
+    /* Reduces heap usage, but slower */
+    #undef  ECC_TIMING_RESISTANT
+    #define ECC_TIMING_RESISTANT
+
+    #ifdef HAVE_FIPS
+        #undef  HAVE_ECC_CDH
+        #define HAVE_ECC_CDH /* Enable cofactor support */
+
+        #undef NO_STRICT_ECDSA_LEN
+        #define NO_STRICT_ECDSA_LEN /* Do not force fixed len w/ FIPS */
+
+        #undef  WOLFSSL_VALIDATE_ECC_IMPORT
+        #define WOLFSSL_VALIDATE_ECC_IMPORT /* Validate import */
+
+        #undef WOLFSSL_VALIDATE_ECC_KEYGEN
+        #define WOLFSSL_VALIDATE_ECC_KEYGEN /* Validate generated keys */
+
+        #undef WOLFSSL_ECDSA_SET_K
+        #define WOLFSSL_ECDSA_SET_K
+
+    #endif
+
+    /* Compressed Key Support */
+    #undef  HAVE_COMP_KEY
+    //#define HAVE_COMP_KEY
+
+    /* Use alternate ECC size for ECC math */
+    #ifdef USE_FAST_MATH
+        /* MAX ECC BITS = ROUND8(MAX ECC) * 2 */
+        #ifdef NO_RSA
+            /* Custom fastmath size if not using RSA */
+            #undef  FP_MAX_BITS
+            #define FP_MAX_BITS     (256 * 2)
+        #else
+            #undef  ALT_ECC_SIZE
+            #define ALT_ECC_SIZE
+            /* wolfSSL will compute the FP_MAX_BITS_ECC, but it can be overridden */
+            //#undef  FP_MAX_BITS_ECC
+            //#define FP_MAX_BITS_ECC (256 * 2)
+        #endif
+
+        /* Speedups specific to curve */
+        #ifndef NO_ECC256
+            #undef  TFM_ECC256
+            #define TFM_ECC256
+        #endif
+    #endif
+#endif
+
+/* DH */
+#undef  NO_DH
+#if 1
+    /* Use table for DH instead of -lm (math) lib dependency */
+    #if 1
+        #define HAVE_DH_DEFAULT_PARAMS
+        #define WOLFSSL_DH_CONST
+        #define HAVE_FFDHE_2048
+        #define HAVE_FFDHE_3072
+        #define HAVE_FFDHE_4096
+        #define HAVE_FFDHE_6144
+        #define HAVE_FFDHE_8192
+    #endif
+
+    #ifdef HAVE_FIPS
+        #define WOLFSSL_VALIDATE_FFC_IMPORT
+        #define HAVE_FFDHE_Q
+    #endif
+#else
+    #define NO_DH
+#endif
+
+
+/* AES */
+#undef NO_AES
+#if 1
+    #undef  HAVE_AES_CBC
+    #define HAVE_AES_CBC
+
+    #undef  HAVE_AESGCM
+    #define HAVE_AESGCM
+
+    /* GCM Method (slowest to fastest): GCM_SMALL, GCM_WORD32, GCM_TABLE or
+     *                                  GCM_TABLE_4BIT */
+    #define GCM_TABLE_4BIT
+
+    #undef  WOLFSSL_AES_DIRECT
+    #define WOLFSSL_AES_DIRECT
+
+    #undef  HAVE_AES_ECB
+    #define HAVE_AES_ECB
+
+    #undef  WOLFSSL_AES_COUNTER
+    #define WOLFSSL_AES_COUNTER
+
+    #undef  HAVE_AESCCM
+    #define HAVE_AESCCM
+
+    #undef WOLFSSL_AES_OFB
+    #define WOLFSSL_AES_OFB
+#else
+    #define NO_AES
+#endif
+
+
+/* DES3 */
+#undef NO_DES3
+#if 0
+    #if 1
+        #undef WOLFSSL_DES_ECB
+        #define WOLFSSL_DES_ECB
+    #endif
+#else
+    #define NO_DES3
+#endif
+
+/* ChaCha20 / Poly1305 */
+#undef HAVE_CHACHA
+#undef HAVE_POLY1305
+#if 0
+    #define HAVE_CHACHA
+    #define HAVE_POLY1305
+
+    /* Needed for Poly1305 */
+    #undef  HAVE_ONE_TIME_AUTH
+    #define HAVE_ONE_TIME_AUTH
+#endif
+
+/* Ed25519 / Curve25519 */
+#undef HAVE_CURVE25519
+#undef HAVE_ED25519
+#if 0
+    #define HAVE_CURVE25519
+    #define HAVE_ED25519 /* ED25519 Requires SHA512 */
+
+    /* Optionally use small math (less flash usage, but much slower) */
+    #if 1
+        #define CURVED25519_SMALL
+    #endif
+#endif
+
+
+/* ------------------------------------------------------------------------- */
+/* Hashing */
+/* ------------------------------------------------------------------------- */
+/* Sha */
+#undef NO_SHA
+#if 1
+    /* 1k smaller, but 25% slower */
+    //#define USE_SLOW_SHA
+#else
+    #define NO_SHA
+#endif
+
+/* Sha256 */
+#undef NO_SHA256
+#if 1
+    /* not unrolled - ~2k smaller and ~25% slower */
+    //#define USE_SLOW_SHA256
+
+    /* Sha224 */
+    #if 1
+        #define WOLFSSL_SHA224
+    #endif
+#else
+    #define NO_SHA256
+#endif
+
+/* Sha512 */
+#undef WOLFSSL_SHA512
+#if 1
+    #define WOLFSSL_SHA512
+
+    #undef  WOLFSSL_NOSHA512_224 /* Not in FIPS mode */
+    #undef  WOLFSSL_NOSHA512_256 /* Not in FIPS mode */
+
+    /* Sha384 */
+    #undef  WOLFSSL_SHA384
+    #if 1
+        #define WOLFSSL_SHA384
+    #endif
+
+    /* over twice as small, but 50% slower */
+    //#define USE_SLOW_SHA512
+#endif
+
+/* Sha3 */
+#undef WOLFSSL_SHA3
+#if 1
+    #define WOLFSSL_SHA3
+    #define Sha3 wc_Sha3
+#endif
+
+/* MD5 */
+#undef  NO_MD5
+#if 1
+
+#else
+    #define NO_MD5
+#endif
+
+/* HKDF / PRF */
+#undef HAVE_HKDF
+#if 1
+    #define HAVE_HKDF
+    #define WOLFSSL_HAVE_PRF
+#endif
+
+/* CMAC */
+#undef WOLFSSL_CMAC
+#if 1
+    #define WOLFSSL_CMAC
+#endif
+
+
+/* ------------------------------------------------------------------------- */
+/* Benchmark / Test */
+/* ------------------------------------------------------------------------- */
+/* Use reduced benchmark / test sizes */
+#undef  BENCH_EMBEDDED
+#define BENCH_EMBEDDED
+
+#undef  USE_CERT_BUFFERS_2048
+#define USE_CERT_BUFFERS_2048
+
+#undef  USE_CERT_BUFFERS_1024
+//#define USE_CERT_BUFFERS_1024
+
+#undef  USE_CERT_BUFFERS_256
+#define USE_CERT_BUFFERS_256
+
+
+/* ------------------------------------------------------------------------- */
+/* Debugging */
+/* ------------------------------------------------------------------------- */
+
+#undef DEBUG_WOLFSSL
+#undef NO_ERROR_STRINGS
+#if 1
+    #define DEBUG_WOLFSSL
+#else
+    #if 0
+        #define NO_ERROR_STRINGS
+    #endif
+#endif
+
+
+/* ------------------------------------------------------------------------- */
+/* Memory */
+/* ------------------------------------------------------------------------- */
+
+/* Override Memory API's */
+#if 0
+    #undef  XMALLOC_OVERRIDE
+    #define XMALLOC_OVERRIDE
+
+    /* prototypes for user heap override functions */
+    /* Note: Realloc only required for normal math */
+    /* Note2: XFREE(NULL) must be properly handled */
+    #include <stddef.h>  /* for size_t */
+    extern void *myMalloc(size_t n, void* heap, int type);
+    extern void myFree(void *p, void* heap, int type);
+    extern void *myRealloc(void *p, size_t n, void* heap, int type);
+
+    #define XMALLOC(n, h, t)     myMalloc(n, h, t)
+    #define XFREE(p, h, t)       myFree(p, h, t)
+    #define XREALLOC(p, n, h, t) myRealloc(p, n, h, t)
+#endif
+
+#if 0
+    /* Static memory requires fast math */
+    #define WOLFSSL_STATIC_MEMORY
+
+    /* Disable fallback malloc/free */
+    #define WOLFSSL_NO_MALLOC
+    #if 1
+        #define WOLFSSL_MALLOC_CHECK /* trap malloc failure */
+    #endif
+#endif
+
+/* Memory callbacks */
+#if 1
+    #undef  USE_WOLFSSL_MEMORY
+    #define USE_WOLFSSL_MEMORY
+
+    /* Use this to measure / print heap usage */
+    #if 0
+        #undef  WOLFSSL_TRACK_MEMORY
+//        #define WOLFSSL_TRACK_MEMORY
+
+        #undef  WOLFSSL_DEBUG_MEMORY
+        //#define WOLFSSL_DEBUG_MEMORY
+
+        #undef WOLFSSL_DEBUG_MEMORY_PRINT
+        //#define WOLFSSL_DEBUG_MEMORY_PRINT
+    #endif
+#else
+    #ifndef WOLFSSL_STATIC_MEMORY
+        #define NO_WOLFSSL_MEMORY
+        /* Otherwise we will use stdlib malloc, free and realloc */
+    #endif
+#endif
+
+
+/* ------------------------------------------------------------------------- */
+/* Port */
+/* ------------------------------------------------------------------------- */
+
+/* Override Current Time */
+/* Allows custom "custom_time()" function to be used for benchmark */
+//#define WOLFSSL_USER_CURRTIME
+//#define WOLFSSL_GMTIME
+//#define USER_TICKS
+//extern unsigned long my_time(unsigned long* timer);
+//#define XTIME my_time
+
+
+/* ------------------------------------------------------------------------- */
+/* RNG */
+/* ------------------------------------------------------------------------- */
+
+/* Seed Source */
+ /* Seed Source */
+// extern int my_rng_generate_seed(unsigned char* output, int sz);
+// #undef  CUSTOM_RAND_GENERATE_SEED
+// #define CUSTOM_RAND_GENERATE_SEED  my_rng_generate_seed
+
+/* Choose RNG method */
+#if 1
+    /* Use built-in P-RNG (SHA256 based) with HW RNG */
+    /* P-RNG + HW RNG (P-RNG is ~8K) */
+    //#define WOLFSSL_GENSEED_FORTEST
+    #undef  HAVE_HASHDRBG
+    #define HAVE_HASHDRBG
+#else
+    #undef  WC_NO_HASHDRBG
+    #define WC_NO_HASHDRBG
+
+    /* Bypass P-RNG and use only HW RNG */
+    extern int my_rng_gen_block(unsigned char* output, unsigned int sz);
+    #undef  CUSTOM_RAND_GENERATE_BLOCK
+    #define CUSTOM_RAND_GENERATE_BLOCK  my_rng_gen_block
+#endif
+
+
+/* ------------------------------------------------------------------------- */
+/* Custom Standard Lib */
+/* ------------------------------------------------------------------------- */
+/* Allows override of all standard library functions */
+#undef STRING_USER
+#if 0
+    #define STRING_USER
+
+    #include <string.h>
+
+    #undef  USE_WOLF_STRSEP
+    #define USE_WOLF_STRSEP
+    #define XSTRSEP(s1,d)     wc_strsep((s1),(d))
+
+    #undef  USE_WOLF_STRTOK
+    #define USE_WOLF_STRTOK
+    #define XSTRTOK(s1,d,ptr) wc_strtok((s1),(d),(ptr))
+
+    #define XSTRNSTR(s1,s2,n) mystrnstr((s1),(s2),(n))
+
+    #define XMEMCPY(d,s,l)    memcpy((d),(s),(l))
+    #define XMEMSET(b,c,l)    memset((b),(c),(l))
+    #define XMEMCMP(s1,s2,n)  memcmp((s1),(s2),(n))
+    #define XMEMMOVE(d,s,l)   memmove((d),(s),(l))
+
+    #define XSTRLEN(s1)       strlen((s1))
+    #define XSTRNCPY(s1,s2,n) strncpy((s1),(s2),(n))
+    #define XSTRSTR(s1,s2)    strstr((s1),(s2))
+
+    #define XSTRNCMP(s1,s2,n)     strncmp((s1),(s2),(n))
+    #define XSTRNCAT(s1,s2,n)     strncat((s1),(s2),(n))
+    #define XSTRNCASECMP(s1,s2,n) strncasecmp((s1),(s2),(n))
+
+    #define XSNPRINTF snprintf
+#endif
+
+
+
+/* ------------------------------------------------------------------------- */
+/* Enable Features */
+/* ------------------------------------------------------------------------- */
+#undef WOLFSSL_ASN_TEMPLATE
+#define WOLFSSL_ASN_TEMPLATE
+
+#undef WOLFSSL_ASN_PRINT
+#define WOLFSSL_ASN_PRINT
+
+#undef WOLFSSL_TLS13
+#if 1
+    #define WOLFSSL_TLS13
+#endif
+
+#undef WOLFSSL_KEY_GEN
+#if 1
+    #define WOLFSSL_KEY_GEN
+#endif
+
+#undef  KEEP_PEER_CERT
+//#define KEEP_PEER_CERT
+
+#undef  HAVE_TLS_EXTENSIONS
+#define HAVE_TLS_EXTENSIONS
+
+#undef HAVE_EXTENDED_MASTER
+#define HAVE_EXTENDED_MASTER
+
+#undef  HAVE_SUPPORTED_CURVES
+#define HAVE_SUPPORTED_CURVES
+
+#undef  WOLFSSL_BASE64_ENCODE
+#define WOLFSSL_BASE64_ENCODE
+
+#undef WOLFSSL_NO_HASH_RAW
+#define WOLFSSL_NO_HASH_RAW
+
+/* TLS Session Cache */
+#if 0
+    #define SMALL_SESSION_CACHE
+#else
+    #define NO_SESSION_CACHE
+#endif
+
+#undef OPENSSL_EXTRA
+//#define OPENSSL_EXTRA
+
+#undef WOLFSSL_DER_LOAD
+#define WOLFSSL_DER_LOAD
+
+#undef HAVE_SESSION_TICKET
+#define HAVE_SESSION_TICKET
+
+#undef HAVE_EX_DATA
+#define HAVE_EX_DATA
+
+#undef HAVE_ENCRYPT_THEN_MAC
+#define HAVE_ENCRYPT_THEN_MAC
+
+#undef WOLFSSL_CERT_GEN
+//#define WOLFSSL_CERT_GEN
+
+#undef ATOMIC_USER
+#define ATOMIC_USER
+
+#undef HAVE_SECRET_CALLBACK
+#define HAVE_SECRET_CALLBACK
+
+/* wolfEngine */
+#if 1
+    #define OPENSSL_COEXIST
+
+    /* HKDF for engine */
+    #undef HAVE_HKDF
+    #if 1
+        #define HAVE_HKDF
+        #define HAVE_X963_KDF
+    #endif
+
+    #undef WOLFSSL_PUBLIC_MP
+    #define WOLFSSL_PUBLIC_MP
+
+    #undef NO_OLD_RNGNAME
+    #define NO_OLD_RNGNAME
+
+    #undef NO_OLD_WC_NAMES
+    #define NO_OLD_WC_NAMES
+
+    #undef NO_OLD_SSL_NAMES
+    #define NO_OLD_SSL_NAMES
+
+    #undef NO_OLD_SHA_NAMES
+    #define NO_OLD_SHA_NAMES
+
+    #undef NO_OLD_MD5_NAME
+    #define NO_OLD_MD5_NAME
+
+    #undef NO_OLD_SHA256_NAMES
+    #define NO_OLD_SHA256_NAMES
+#endif
+
+#undef WOLFSSL_SYS_CA_CERTS
+#define WOLFSSL_SYS_CA_CERTS
+
+#undef LIBWOLFSSL_GLOBAL_EXTRA_CFLAGS
+#define LIBWOLFSSL_GLOBAL_EXTRA_CFLAGS
+
+#undef HAVE_SERVER_RENEGOTIATION_INFO
+#define HAVE_SERVER_RENEGOTIATION_INFO
 
 /* ------------------------------------------------------------------------- */
 /* Disable Features */
@@ -135,27 +852,26 @@
 #define WOLFSSL_NO_SHAKE256
 
 /* wolfSSL engineering ACVP algo and operational testing only (Default: Off) */
-#if 1
-    #undef WOLFSSL_PUBLIC_MP
+#if 0
     #define WOLFSSL_PUBLIC_MP
-
-    #undef OPTEST_LOGGING_ENABLED
-    //#define OPTEST_LOGGING_ENABLED
-
-    #undef OPTEST_INVALID_LOGGING_ENABLED
-    //#define OPTEST_INVALID_LOGGING_ENABLED
-
-    #undef NO_MAIN_OPTEST_DRIVER
     #define NO_MAIN_OPTEST_DRIVER
-
-    #undef DEBUG_FIPS_VERBOSE
+    #define NO_WRITE_TEMP_FILES
+    #define WORKING_WITH_AEGISOLVE
+    #define USE_CERT_BUFFERS_2048
+    #define USE_CERT_BUFFERS_256
+    #define OPTEST_LOGGING_ENABLED
     #define DEBUG_FIPS_VERBOSE
-
-    #undef HAVE_FORCE_FIPS_FAILURE
+    #define OPTEST_RUNNING_ORGANIC
+    #define OPTEST_INVALID_LOGGING_ENABLED
     #define HAVE_FORCE_FIPS_FAILURE
-
-    #undef NO_WRITE_TEMP_FILES
-    #define NO_WRITE_TEMPT_FILES
+    #define DEEPLY_EMBEDDED
+    #define OPTEST_LOG_TE_MAPPING
+    #define OEUP_V523
+    #define FULL_SUBMISSION
+    #define NO_MAIN_DRIVER
+    #define WC_DECLARE_NOTOK
+    #define PRINTING_ZS_CRASHES
+    #define WOLFSSL_SMALL_STACK
 #endif
 
 #ifdef __cplusplus
diff --git a/IDE/WINCE/user_settings.h.140-2-deprecated b/IDE/WINCE/user_settings.h.140-2-deprecated
new file mode 100644
index 000000000..9e1b2f046
--- /dev/null
+++ b/IDE/WINCE/user_settings.h.140-2-deprecated
@@ -0,0 +1,166 @@
+/* user_settings.h
+ *
+ * Copyright (C) 2006-2025 wolfSSL Inc.
+ *
+ * This file is part of wolfSSL.
+ *
+ * wolfSSL is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * wolfSSL is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA
+ */
+#if 1
+    #define OPENSSL_COEXIST
+
+    /* HKDF for engine */
+    #undef HAVE_HKDF
+    #if 1
+        #define HAVE_HKDF
+        #define HAVE_X963_KDF
+    #endif
+
+    #undef WOLFSSL_PUBLIC_MP
+    #define WOLFSSL_PUBLIC_MP
+
+    #undef NO_OLD_RNGNAME
+    #define NO_OLD_RNGNAME
+
+    #undef NO_OLD_WC_NAMES
+    #define NO_OLD_WC_NAMES
+
+    #undef NO_OLD_SSL_NAMES
+    #define NO_OLD_SSL_NAMES
+
+    #undef NO_OLD_SHA_NAMES
+    #define NO_OLD_SHA_NAMES
+
+    #undef NO_OLD_MD5_NAME
+    #define NO_OLD_MD5_NAME
+
+    #undef NO_OLD_SHA256_NAMES
+    #define NO_OLD_SHA256_NAMES
+#endif
+
+#undef WOLFSSL_SYS_CA_CERTS
+#define WOLFSSL_SYS_CA_CERTS
+
+#undef LIBWOLFSSL_GLOBAL_EXTRA_CFLAGS
+#define LIBWOLFSSL_GLOBAL_EXTRA_CFLAGS
+
+#undef HAVE_SERVER_RENEGOTIATION_INFO
+#define HAVE_SERVER_RENEGOTIATION_INFO
+
+/* ------------------------------------------------------------------------- */
+/* Disable Features */
+/* ------------------------------------------------------------------------- */
+#undef  NO_WOLFSSL_SERVER
+//#define NO_WOLFSSL_SERVER
+
+#undef  NO_WOLFSSL_CLIENT
+//#define NO_WOLFSSL_CLIENT
+
+#undef  NO_CRYPT_TEST
+//#define NO_CRYPT_TEST
+
+#undef  NO_CRYPT_BENCHMARK
+//#define NO_CRYPT_BENCHMARK
+
+#undef  WOLFCRYPT_ONLY
+#define WOLFCRYPT_ONLY
+
+/* In-lining of misc.c functions */
+/* If defined, must include wolfcrypt/src/misc.c in build */
+/* Slower, but about 1k smaller */
+#undef  NO_INLINE
+//#define NO_INLINE
+
+#undef  NO_FILESYSTEM
+//#define NO_FILESYSTEM
+
+#undef  NO_WRITEV
+//#define NO_WRITEV
+
+#undef  NO_MAIN_DRIVER
+#define NO_MAIN_DRIVER
+
+#undef  NO_DEV_RANDOM
+//#define NO_DEV_RANDOM
+
+#undef  NO_DSA
+#define NO_DSA
+
+#undef  NO_RC4
+#define NO_RC4
+
+#undef  NO_OLD_TLS
+#define NO_OLD_TLS
+
+#undef  NO_PSK
+#define NO_PSK
+
+#undef  NO_MD4
+#define NO_MD4
+
+#undef  NO_PWDBASED
+//#define NO_PWDBASED
+
+#undef  NO_CODING
+//#define NO_CODING
+
+#undef  NO_ASN_TIME
+//#define NO_ASN_TIME
+
+#undef  NO_CERTS
+//#define NO_CERTS
+
+#undef  NO_SIG_WRAPPER
+//#define NO_SIG_WRAPPER
+
+#undef NO_DO178
+#define NO_DO178
+
+#undef WOLFSSL_NO_SHAKE128
+#define WOLFSSL_NO_SHAKE128
+
+#undef WOLFSSL_NO_SHAKE256
+#define WOLFSSL_NO_SHAKE256
+
+/* wolfSSL engineering ACVP algo and operational testing only (Default: Off) */
+#if 1
+    #undef WOLFSSL_PUBLIC_MP
+    #define WOLFSSL_PUBLIC_MP
+
+    #undef OPTEST_LOGGING_ENABLED
+    //#define OPTEST_LOGGING_ENABLED
+
+    #undef OPTEST_INVALID_LOGGING_ENABLED
+    //#define OPTEST_INVALID_LOGGING_ENABLED
+
+    #undef NO_MAIN_OPTEST_DRIVER
+    #define NO_MAIN_OPTEST_DRIVER
+
+    #undef DEBUG_FIPS_VERBOSE
+    #define DEBUG_FIPS_VERBOSE
+
+    #undef HAVE_FORCE_FIPS_FAILURE
+    #define HAVE_FORCE_FIPS_FAILURE
+
+    #undef NO_WRITE_TEMP_FILES
+    #define NO_WRITE_TEMPT_FILES
+#endif
+
+#ifdef __cplusplus
+}
+#endif
+
+
+#endif /* WOLFSSL_USER_SETTINGS_H */
diff --git a/IDE/apple-universal/wolfssl-multiplatform/wolfssl-multiplatform/wolfssl_test_driver.c b/IDE/apple-universal/wolfssl-multiplatform/wolfssl-multiplatform/wolfssl_test_driver.c
index ab9cc83ac..bf36871ec 100644
--- a/IDE/apple-universal/wolfssl-multiplatform/wolfssl-multiplatform/wolfssl_test_driver.c
+++ b/IDE/apple-universal/wolfssl-multiplatform/wolfssl-multiplatform/wolfssl_test_driver.c
@@ -44,7 +44,7 @@ void wolfssl_test(void)
     test_func_args args = {0};
 
 #ifdef WC_RNG_SEED_CB
-    wc_SetSeed_Cb(wc_GenerateSeed);
+    wc_SetSeed_Cb(WC_GENERATE_SEED_DEFAULT);
 #endif
 
     printf("Run wolfCrypt Test:\n");
diff --git a/INSTALL b/INSTALL
index 4176fb063..ca9df34eb 100644
--- a/INSTALL
+++ b/INSTALL
@@ -208,13 +208,13 @@
 
     For a quick start, you can run the client and server like this:
 
-    $ ./examples/server/server -v 4 --pqc P521_ML_KEM_1024
-    $ ./examples/client/client -v 4 --pqc P521_ML_KEM_1024
+    $ ./examples/server/server -v 4 --pqc SecP521r1MLKEM1024
+    $ ./examples/client/client -v 4 --pqc SecP521r1MLKEM1024
 
     Look for the following line in the output of the server and client:
 
     ```
-    Using Post-Quantum KEM: P521_ML_KEM_1024
+    Using Post-Quantum KEM: SecP521r1MLKEM1024
     ```
 
     For authentication, you can generate a certificate chain using the Open
@@ -236,13 +236,13 @@
       -A certs/mldsa87_root_cert.pem \
       -c certs/mldsa44_entity_cert.pem \
       -k certs/mldsa44_entity_key.pem \
-      --pqc P521_ML_KEM_1024
+      --pqc SecP521r1MLKEM1024
 
     $ examples/client/client -v 4 -l TLS_AES_256_GCM_SHA384 \
       -A certs/mldsa44_root_cert.pem \
       -c certs/mldsa87_entity_cert.pem \
       -k certs/mldsa87_entity_key.pem \
-      --pqc P521_ML_KEM_1024
+      --pqc SecP521r1MLKEM1024
 
     Congratulations! You have just achieved a fully quantum-safe TLS 1.3
     connection!
diff --git a/Makefile.am b/Makefile.am
index 63dbb3e02..3fa836759 100644
--- a/Makefile.am
+++ b/Makefile.am
@@ -225,6 +225,9 @@ if BUILD_LINUXKM
 module:
 	+$(MAKE) -C linuxkm libwolfssl.ko
 
+module-update-fips-hash:
+	+$(MAKE) -C linuxkm module-update-fips-hash
+
 clean_module:
 	+$(MAKE) -C linuxkm clean
 
diff --git a/README b/README
index a8e5f76eb..642fcef62 100644
--- a/README
+++ b/README
@@ -140,7 +140,8 @@ Blinding enabled by default in PR https://github.com/wolfSSL/wolfssl/pull/8736
 * Implemented distro fix for the Linux Kernel Module. (PR #8994)
 * Fixed page-flags-h in the Linux Kernel Module. (PR #9001)
 * Added MODULE_LICENSE for the Linux Kernel Module. (PR #9005)
-* Post-Quantum Cryptography (PQC) & Asymmetric Algorithms
+
+### Post-Quantum Cryptography (PQC) & Asymmetric Algorithms
 * Kyber has been updated to the MLKEM ARM file for Zephyr (PR #8781)
 * Backward compatibility has been implemented for ML_KEM IDs (PR #8827)
 * ASN.1 is now ensured to be enabled when only building PQ algorithms (PR #8884)
diff --git a/README.md b/README.md
index c3809fd76..47b1b60d8 100644
--- a/README.md
+++ b/README.md
@@ -86,7 +86,7 @@ NOTE: * wolfSSL is now GPLv3 instead of GPLv2
             * MD5 is now disabled by default
 
 
-PR stands for Pull Request, and PR <NUMBER> references a GitHub pull request number where the code change was added.
+PR stands for Pull Request, and PR (NUMBER) references a GitHub pull request number where the code change was added.
 
 ## Vulnerabilities
 
@@ -145,7 +145,8 @@ Blinding enabled by default in PR https://github.com/wolfSSL/wolfssl/pull/8736
 * Implemented distro fix for the Linux Kernel Module. (PR #8994)
 * Fixed page-flags-h in the Linux Kernel Module. (PR #9001)
 * Added MODULE_LICENSE for the Linux Kernel Module. (PR #9005)
-* Post-Quantum Cryptography (PQC) & Asymmetric Algorithms
+
+### Post-Quantum Cryptography (PQC) & Asymmetric Algorithms
 * Kyber has been updated to the MLKEM ARM file for Zephyr (PR #8781)
 * Backward compatibility has been implemented for ML_KEM IDs (PR #8827)
 * ASN.1 is now ensured to be enabled when only building PQ algorithms (PR #8884)
diff --git a/certs/include.am b/certs/include.am
index 90e66c997..e4f6a0e6c 100644
--- a/certs/include.am
+++ b/certs/include.am
@@ -152,4 +152,5 @@ include certs/dilithium/include.am
 include certs/sphincs/include.am
 include certs/rpk/include.am
 include certs/acert/include.am
+include certs/mldsa/include.am
 
diff --git a/certs/intermediate/ca-ecc-bad-aki.der b/certs/intermediate/ca-ecc-bad-aki.der
new file mode 100644
index 000000000..599aa5177
Binary files /dev/null and b/certs/intermediate/ca-ecc-bad-aki.der differ
diff --git a/certs/intermediate/ca-ecc-bad-aki.pem b/certs/intermediate/ca-ecc-bad-aki.pem
new file mode 100644
index 000000000..3d8221fbe
--- /dev/null
+++ b/certs/intermediate/ca-ecc-bad-aki.pem
@@ -0,0 +1,67 @@
+Certificate:
+    Data:
+        Version: 3 (0x2)
+        Serial Number: 4113 (0x1011)
+        Signature Algorithm: sha256WithRSAEncryption
+        Issuer: C = US, ST = Washington, L = Seattle, O = wolfSSL, OU = Development, CN = wolfSSL Intermediate CA, emailAddress = info@wolfssl.com
+        Validity
+            Not Before: Jun 18 22:52:02 2025 GMT
+            Not After : Jun 13 22:52:02 2045 GMT
+        Subject: C = US, ST = Washington, L = Seattle, O = wolfSSL, OU = Development, CN = www.wolfssl.com, emailAddress = info@wolfssl.com
+        Subject Public Key Info:
+            Public Key Algorithm: id-ecPublicKey
+                Public-Key: (256 bit)
+                pub:
+                    04:02:d3:d9:6e:d6:01:8e:45:c8:b9:90:31:e5:c0:
+                    4c:e3:9e:ad:29:38:98:ba:10:d6:e9:09:2a:80:a9:
+                    2e:17:2a:b9:8a:bf:33:83:46:e3:95:0b:e4:77:40:
+                    b5:3b:43:45:33:0f:61:53:7c:37:44:c1:cb:fc:80:
+                    ca:e8:43:ea:a7
+                ASN1 OID: prime256v1
+                NIST CURVE: P-256
+        X509v3 extensions:
+            X509v3 Subject Key Identifier: 
+                56:8E:9A:C3:F0:42:DE:18:B9:45:55:6E:F9:93:CF:EA:C3:F3:A5:21
+            X509v3 Authority Key Identifier: 
+                EF:69:E0:F7:D5:1D:E6:99:EC:DC:6D:D0:F7:E2:B9:5C:64:71:83:35
+            X509v3 Basic Constraints: critical
+                CA:TRUE, pathlen:1
+            X509v3 Key Usage: critical
+                Digital Signature, Certificate Sign, CRL Sign
+    Signature Algorithm: sha256WithRSAEncryption
+    Signature Value:
+        43:55:80:10:fb:06:b8:58:4c:02:3f:43:f7:bb:fd:46:ae:83:
+        c7:fe:d3:b9:5c:58:00:49:b1:4c:ed:17:84:14:72:02:05:93:
+        d7:87:b0:27:ff:bf:8a:50:50:26:41:b5:6b:83:8e:eb:46:ab:
+        bb:da:f8:42:b2:df:3c:41:54:11:18:09:1c:a6:6e:63:56:be:
+        7a:20:0d:08:d2:c0:25:ce:a4:d0:3d:09:02:fb:7b:41:59:49:
+        b5:e1:f7:72:84:b4:c7:10:c8:a0:07:64:73:6b:80:06:7a:31:
+        62:ad:49:92:53:ef:d7:d6:b4:89:9c:15:20:a5:c4:ed:c0:39:
+        7c:68:f2:19:e0:cf:e5:bb:5a:16:10:d5:de:80:da:0f:0e:91:
+        0b:39:73:d6:a7:73:b2:b6:2b:c6:fb:bc:33:e6:fd:d9:1c:dc:
+        48:3d:1e:8b:6b:9f:8f:60:26:69:53:3b:17:ed:62:bd:34:ab:
+        8c:e4:4c:17:f4:c3:bc:81:63:ad:67:c1:5d:e3:72:ac:a5:8a:
+        bc:6f:0c:2e:33:81:81:92:20:d4:4b:e0:a3:22:12:d6:b4:27:
+        1f:37:14:a2:c4:76:c0:3c:29:44:4d:a9:35:67:21:1d:11:7f:
+        76:98:02:f7:5a:f9:05:cb:2d:3b:39:45:e9:9d:82:9a:20:b0:
+        c6:56:1c:d4
+-----BEGIN CERTIFICATE-----
+MIIDTzCCAjegAwIBAgICEBEwDQYJKoZIhvcNAQELBQAwgZ8xCzAJBgNVBAYTAlVT
+MRMwEQYDVQQIDApXYXNoaW5ndG9uMRAwDgYDVQQHDAdTZWF0dGxlMRAwDgYDVQQK
+DAd3b2xmU1NMMRQwEgYDVQQLDAtEZXZlbG9wbWVudDEgMB4GA1UEAwwXd29sZlNT
+TCBJbnRlcm1lZGlhdGUgQ0ExHzAdBgkqhkiG9w0BCQEWEGluZm9Ad29sZnNzbC5j
+b20wHhcNMjUwNjE4MjI1MjAyWhcNNDUwNjEzMjI1MjAyWjCBlzELMAkGA1UEBhMC
+VVMxEzARBgNVBAgMCldhc2hpbmd0b24xEDAOBgNVBAcMB1NlYXR0bGUxEDAOBgNV
+BAoMB3dvbGZTU0wxFDASBgNVBAsMC0RldmVsb3BtZW50MRgwFgYDVQQDDA93d3cu
+d29sZnNzbC5jb20xHzAdBgkqhkiG9w0BCQEWEGluZm9Ad29sZnNzbC5jb20wWTAT
+BgcqhkjOPQIBBggqhkjOPQMBBwNCAAQC09lu1gGORci5kDHlwEzjnq0pOJi6ENbp
+CSqAqS4XKrmKvzODRuOVC+R3QLU7Q0UzD2FTfDdEwcv8gMroQ+qno2YwZDAdBgNV
+HQ4EFgQUVo6aw/BC3hi5RVVu+ZPP6sPzpSEwHwYDVR0jBBgwFoAU72ng99Ud5pns
+3G3Q9+K5XGRxgzUwEgYDVR0TAQH/BAgwBgEB/wIBATAOBgNVHQ8BAf8EBAMCAYYw
+DQYJKoZIhvcNAQELBQADggEBAENVgBD7BrhYTAI/Q/e7/Uaug8f+07lcWABJsUzt
+F4QUcgIFk9eHsCf/v4pQUCZBtWuDjutGq7va+EKy3zxBVBEYCRymbmNWvnogDQjS
+wCXOpNA9CQL7e0FZSbXh93KEtMcQyKAHZHNrgAZ6MWKtSZJT79fWtImcFSClxO3A
+OXxo8hngz+W7WhYQ1d6A2g8OkQs5c9anc7K2K8b7vDPm/dkc3Eg9Hotrn49gJmlT
+OxftYr00q4zkTBf0w7yBY61nwV3jcqylirxvDC4zgYGSINRL4KMiEta0Jx83FKLE
+dsA8KURNqTVnIR0Rf3aYAvda+QXLLTs5RemdgpogsMZWHNQ=
+-----END CERTIFICATE-----
diff --git a/certs/intermediate/genintcerts.sh b/certs/intermediate/genintcerts.sh
index 8ed892f28..13fe30c3e 100755
--- a/certs/intermediate/genintcerts.sh
+++ b/certs/intermediate/genintcerts.sh
@@ -313,6 +313,9 @@ create_cert wolfssl_int2_ecc wolfssl_int2_ecc ./certs/ecc-key.pem server-int-ecc
 echo "Create ECC Client Certificate signed by intermediate2"
 create_cert wolfssl_int2_ecc wolfssl_int2_ecc ./certs/ecc-client-key.pem client-int-ecc-cert usr_cert "wolfSSL Client Chain ECC" 3650
 
+echo "Create alt CA with intentionally invalid AKI"
+create_cert wolfssl_root_ecc wolfssl_int ./certs/ca-ecc-key.pem ca-ecc-bad-aki v3_intermediate_ca "www.wolfssl.com" 7300
+
 echo "Generate CRLs for new certificates"
 openssl ca -config ./certs/intermediate/wolfssl_root_ecc.cnf -gencrl -crldays 1000 -out ./certs/crl/ca-int-ecc.pem -keyfile ./certs/intermediate/ca-int-ecc-key.pem -cert ./certs/intermediate/ca-int-ecc-cert.pem
 check_result $?
diff --git a/certs/intermediate/include.am b/certs/intermediate/include.am
index ad3a66b21..4773ef8b5 100644
--- a/certs/intermediate/include.am
+++ b/certs/intermediate/include.am
@@ -4,6 +4,8 @@
 
 EXTRA_DIST += \
 	     certs/intermediate/genintcerts.sh \
+	     certs/intermediate/ca-ecc-bad-aki.der \
+	     certs/intermediate/ca-ecc-bad-aki.pem \
 	     certs/intermediate/ca-int-cert.der \
 	     certs/intermediate/ca-int-cert.pem \
 	     certs/intermediate/ca-int-ecc-cert.der \
diff --git a/certs/mldsa/include.am b/certs/mldsa/include.am
new file mode 100644
index 000000000..94868dc61
--- /dev/null
+++ b/certs/mldsa/include.am
@@ -0,0 +1,23 @@
+# vim:ft=automake
+# All paths should be given relative to the root
+#
+
+EXTRA_DIST += \
+		 certs/mldsa/mldsa44_seed-only.der \
+		 certs/mldsa/mldsa44_priv-only.der \
+		 certs/mldsa/mldsa44_seed-priv.der \
+		 certs/mldsa/mldsa44_oqskeypair.der \
+		 certs/mldsa/mldsa44_bare-seed.der \
+		 certs/mldsa/mldsa44_bare-priv.der \
+		 certs/mldsa/mldsa65_seed-only.der \
+		 certs/mldsa/mldsa65_priv-only.der \
+		 certs/mldsa/mldsa65_seed-priv.der \
+		 certs/mldsa/mldsa65_oqskeypair.der \
+		 certs/mldsa/mldsa65_bare-seed.der \
+		 certs/mldsa/mldsa65_bare-priv.der \
+		 certs/mldsa/mldsa87_seed-only.der \
+		 certs/mldsa/mldsa87_priv-only.der \
+		 certs/mldsa/mldsa87_seed-priv.der \
+		 certs/mldsa/mldsa87_oqskeypair.der \
+		 certs/mldsa/mldsa87_bare-seed.der \
+		 certs/mldsa/mldsa87_bare-priv.der
diff --git a/certs/mldsa/mldsa44_bare-priv.der b/certs/mldsa/mldsa44_bare-priv.der
new file mode 100644
index 000000000..56a03bf9c
Binary files /dev/null and b/certs/mldsa/mldsa44_bare-priv.der differ
diff --git a/certs/mldsa/mldsa44_bare-seed.der b/certs/mldsa/mldsa44_bare-seed.der
new file mode 100644
index 000000000..809ef7150
Binary files /dev/null and b/certs/mldsa/mldsa44_bare-seed.der differ
diff --git a/certs/mldsa/mldsa44_oqskeypair.der b/certs/mldsa/mldsa44_oqskeypair.der
new file mode 100644
index 000000000..4669c183e
Binary files /dev/null and b/certs/mldsa/mldsa44_oqskeypair.der differ
diff --git a/certs/mldsa/mldsa44_priv-only.der b/certs/mldsa/mldsa44_priv-only.der
new file mode 100644
index 000000000..81fec03b6
Binary files /dev/null and b/certs/mldsa/mldsa44_priv-only.der differ
diff --git a/certs/mldsa/mldsa44_seed-only.der b/certs/mldsa/mldsa44_seed-only.der
new file mode 100644
index 000000000..82d0a7384
Binary files /dev/null and b/certs/mldsa/mldsa44_seed-only.der differ
diff --git a/certs/mldsa/mldsa44_seed-priv.der b/certs/mldsa/mldsa44_seed-priv.der
new file mode 100644
index 000000000..d20f7484d
Binary files /dev/null and b/certs/mldsa/mldsa44_seed-priv.der differ
diff --git a/certs/mldsa/mldsa65_bare-priv.der b/certs/mldsa/mldsa65_bare-priv.der
new file mode 100644
index 000000000..07d42314e
Binary files /dev/null and b/certs/mldsa/mldsa65_bare-priv.der differ
diff --git a/certs/mldsa/mldsa65_bare-seed.der b/certs/mldsa/mldsa65_bare-seed.der
new file mode 100644
index 000000000..53011bcfd
Binary files /dev/null and b/certs/mldsa/mldsa65_bare-seed.der differ
diff --git a/certs/mldsa/mldsa65_oqskeypair.der b/certs/mldsa/mldsa65_oqskeypair.der
new file mode 100644
index 000000000..4c43bdfd7
Binary files /dev/null and b/certs/mldsa/mldsa65_oqskeypair.der differ
diff --git a/certs/mldsa/mldsa65_priv-only.der b/certs/mldsa/mldsa65_priv-only.der
new file mode 100644
index 000000000..bdf04a2ca
Binary files /dev/null and b/certs/mldsa/mldsa65_priv-only.der differ
diff --git a/certs/mldsa/mldsa65_seed-only.der b/certs/mldsa/mldsa65_seed-only.der
new file mode 100644
index 000000000..f7e0ba696
Binary files /dev/null and b/certs/mldsa/mldsa65_seed-only.der differ
diff --git a/certs/mldsa/mldsa65_seed-priv.der b/certs/mldsa/mldsa65_seed-priv.der
new file mode 100644
index 000000000..005825f55
Binary files /dev/null and b/certs/mldsa/mldsa65_seed-priv.der differ
diff --git a/certs/mldsa/mldsa87_bare-priv.der b/certs/mldsa/mldsa87_bare-priv.der
new file mode 100644
index 000000000..c7df0f939
Binary files /dev/null and b/certs/mldsa/mldsa87_bare-priv.der differ
diff --git a/certs/mldsa/mldsa87_bare-seed.der b/certs/mldsa/mldsa87_bare-seed.der
new file mode 100644
index 000000000..bf0dcc7c3
Binary files /dev/null and b/certs/mldsa/mldsa87_bare-seed.der differ
diff --git a/certs/mldsa/mldsa87_oqskeypair.der b/certs/mldsa/mldsa87_oqskeypair.der
new file mode 100644
index 000000000..d81717730
Binary files /dev/null and b/certs/mldsa/mldsa87_oqskeypair.der differ
diff --git a/certs/mldsa/mldsa87_priv-only.der b/certs/mldsa/mldsa87_priv-only.der
new file mode 100644
index 000000000..7b94ea37f
Binary files /dev/null and b/certs/mldsa/mldsa87_priv-only.der differ
diff --git a/certs/mldsa/mldsa87_seed-only.der b/certs/mldsa/mldsa87_seed-only.der
new file mode 100644
index 000000000..6ec75512b
Binary files /dev/null and b/certs/mldsa/mldsa87_seed-only.der differ
diff --git a/certs/mldsa/mldsa87_seed-priv.der b/certs/mldsa/mldsa87_seed-priv.der
new file mode 100644
index 000000000..9b994e5c5
Binary files /dev/null and b/certs/mldsa/mldsa87_seed-priv.der differ
diff --git a/certs/renewcerts.sh b/certs/renewcerts.sh
index 693a50cf8..609726cc1 100755
--- a/certs/renewcerts.sh
+++ b/certs/renewcerts.sh
@@ -523,6 +523,11 @@ run_renewcerts(){
     openssl x509 -in client-ecc-cert.pem -text > tmp.pem
     check_result $? "Step 3"
     mv tmp.pem client-ecc-cert.pem
+
+    # Extract the Subject Key Identifier from the generated certificate
+    # for unit test use.
+    openssl x509 -in client-ecc-cert.pem -noout -text | grep -A1 'Subject Key Identifier' | tail -n +2 | sed -e 's/[ :]//g' > test/client-ecc-cert-ski.hex
+    check_result $? "Step 4"
     echo "End of section"
     echo "---------------------------------------------------------------------"
     ############################################################
@@ -792,6 +797,9 @@ run_renewcerts(){
     cd ./test || { echo "Failed to switch to dir ./test"; exit 1; }
     echo "test" | openssl cms -encrypt -binary -keyid -out ktri-keyid-cms.msg -outform der -recip ../client-cert.pem -nocerts
     check_result $? "generate ktri-keyid-cms.msg"
+    # Generate an EnvelopedData with KARI recipient for testing.
+    echo "testkari" | openssl cms -encrypt -binary -keyid -out kari-keyid-cms.msg -outform der -recip ../client-ecc-cert.pem -nocerts
+    check_result $? "generate kari-keyid-cms.msg"
     echo "testencrypt" | openssl cms -EncryptedData_encrypt -binary -keyid -aes-128-cbc -secretkey 0123456789ABCDEF0011223344556677 -out encrypteddata.msg -outform der -recip ../client-cert.pem -nocerts
     check_result $? "generate encrypteddata.msg"
     cd ../ || exit 1
diff --git a/certs/sm2/gen-sm2-certs.sh b/certs/sm2/gen-sm2-certs.sh
index 790e91f50..46f2a8cd5 100755
--- a/certs/sm2/gen-sm2-certs.sh
+++ b/certs/sm2/gen-sm2-certs.sh
@@ -91,7 +91,7 @@ openssl x509 -req -in server-sm2.csr -days 1000 -extfile ../renewcerts/wolfssl.c
 check_result $? "Generate certificate"
 rm server-sm2.csr
 
-openssl x509 -in server-sm2-cert.pem -outform DER > server-sm2.der
+openssl x509 -in server-sm2-cert.pem -outform DER > server-sm2-cert.der
 check_result $? "Convert to DER"
 openssl x509 -in server-sm2-cert.pem -text > tmp.pem
 check_result $? "Add text"
diff --git a/certs/sm2/server-sm2-cert.der b/certs/sm2/server-sm2-cert.der
new file mode 100644
index 000000000..878296d94
Binary files /dev/null and b/certs/sm2/server-sm2-cert.der differ
diff --git a/certs/test/client-ecc-cert-ski.hex b/certs/test/client-ecc-cert-ski.hex
new file mode 100644
index 000000000..d8f3582e8
--- /dev/null
+++ b/certs/test/client-ecc-cert-ski.hex
@@ -0,0 +1 @@
+EBD44B596B95613F5157B6044D894188445CABF2
diff --git a/certs/test/include.am b/certs/test/include.am
index facc4a5c4..afe2aca67 100644
--- a/certs/test/include.am
+++ b/certs/test/include.am
@@ -36,7 +36,8 @@ EXTRA_DIST += \
          certs/test/cert-over-max-altnames.cfg \
          certs/test/cert-over-max-altnames.pem \
          certs/test/cert-over-max-nc.cfg \
-         certs/test/cert-over-max-nc.pem
+         certs/test/cert-over-max-nc.pem \
+         certs/test/client-ecc-cert-ski.hex
 
 # The certs/server-cert with the last byte (signature byte) changed
 EXTRA_DIST += \
@@ -69,6 +70,7 @@ EXTRA_DIST += \
          certs/test/server-localhost.pem \
          certs/test/ossl-trusted-cert.pem \
          certs/test/ktri-keyid-cms.msg \
+         certs/test/kari-keyid-cms.msg \
          certs/test/encrypteddata.msg \
          certs/test/smime-test.p7s \
          certs/test/smime-test-canon.p7s \
diff --git a/certs/test/kari-keyid-cms.msg b/certs/test/kari-keyid-cms.msg
new file mode 100644
index 000000000..9721cf7a3
Binary files /dev/null and b/certs/test/kari-keyid-cms.msg differ
diff --git a/cmake/functions.cmake b/cmake/functions.cmake
index 222bc1e05..2ef45351e 100644
--- a/cmake/functions.cmake
+++ b/cmake/functions.cmake
@@ -23,8 +23,8 @@ function(add_option NAME HELP_STRING DEFAULT VALUES)
     if(DEFINED ${NAME})
         list(FIND VALUES ${${NAME}} IDX)
         #
-        # If the given value isn't in the list of allowed values for the option,
-        # reduce it to yes/no according to CMake's "if" logic:
+        # If the given value isn't in the list of allowed values for the
+        # option, reduce it to yes/no according to CMake's "if" logic:
         # https://cmake.org/cmake/help/latest/command/if.html#basic-expressions
         #
         # This has no functional impact; it just makes the settings in
@@ -220,6 +220,8 @@ function(generate_build_flags)
         set(BUILD_ARIA "yes" PARENT_SCOPE)
     endif()
     set(BUILD_INLINE ${WOLFSSL_INLINE} PARENT_SCOPE)
+    set(BUILD_ARMASM_INLINE ${WOLFSSL_ARMASM_INLINE} PARENT_SCOPE)
+    set(BUILD_ARM_THUMB ${WOLFSSL_ARMASM_THUMB2} PARENT_SCOPE)
     if(WOLFSSL_OCSP OR WOLFSSL_USER_SETTINGS)
         set(BUILD_OCSP "yes" PARENT_SCOPE)
     endif()
@@ -334,275 +336,402 @@ endfunction()
 
 function(generate_lib_src_list LIB_SOURCES)
     if(NOT BUILD_FLAGS_GENERATED)
-        message(FATAL_ERROR "Cannot call generate_lib_src_list without calling generate_build_flags first.")
+        message(FATAL_ERROR
+            "Cannot call generate_lib_src_list without calling "
+            "generate_build_flags first.")
     endif()
 
     # Corresponds to src/include.am
     if(BUILD_FIPS)
-         if(BUILD_FIPS_V2)
-              # FIPSv2 first file
-              list(APPEND LIB_SOURCES wolfcrypt/src/wolfcrypt_first.c)
+        if(BUILD_FIPS_V2)
+            # FIPSv2 first file
+            list(APPEND LIB_SOURCES wolfcrypt/src/wolfcrypt_first.c)
 
-              list(APPEND LIB_SOURCES
+            list(APPEND LIB_SOURCES
                 wolfcrypt/src/hmac.c
                 wolfcrypt/src/random.c
                 wolfcrypt/src/sha256.c)
 
-              if(BUILD_RSA)
-                   list(APPEND LIB_SOURCES wolfcrypt/src/rsa.c)
-              endif()
+            if(BUILD_RSA)
+                list(APPEND LIB_SOURCES wolfcrypt/src/rsa.c)
+            endif()
 
-              if(BUILD_ECC)
-                   list(APPEND LIB_SOURCES wolfcrypt/src/ecc.c)
-              endif()
+            if(BUILD_ECC)
+                list(APPEND LIB_SOURCES wolfcrypt/src/ecc.c)
+            endif()
 
-              if(BUILD_AES)
-                   list(APPEND LIB_SOURCES wolfcrypt/src/aes.c)
+            if(BUILD_AES)
+                list(APPEND LIB_SOURCES wolfcrypt/src/aes.c)
 
-                   if(BUILD_ARMASM AND BUILD_FIPS_READY)
-                        list(APPEND LIB_SOURCES wolfcrypt/src/port/arm/armv8-aes.c)
-                   endif()
-              endif()
+                if(BUILD_ARMASM AND BUILD_FIPS_READY)
+                    list(APPEND LIB_SOURCES wolfcrypt/src/port/arm/armv8-aes.c)
 
-              if(BUILD_AESNI)
-                   list(APPEND LIB_SOURCES wolfcrypt/src/aes_asm.S)
-
-                   if(BUILD_INTELASM)
-                        list(APPEND LIB_SOURCES wolfcrypt/src/aes_gcm_asm.S)
-                   endif()
-              endif()
-
-              if(BUILD_DES3)
-                   list(APPEND LIB_SOURCES wolfcrypt/src/des3.c)
-              endif()
-
-              if(BUILD_SHA)
-                   list(APPEND LIB_SOURCES wolfcrypt/src/sha.c)
-              endif()
-
-              if(BUILD_ARMASM AND BUILD_FIPS_READY)
-                   list(APPEND LIB_SOURCES wolfcrypt/src/port/arm/armv8-sha256.c)
-              endif()
-
-              if(BUILD_INTELASM)
-                   list(APPEND LIB_SOURCES wolfcrypt/src/sha256_asm.S)
-              endif()
-
-              if(BUILD_SHA512)
-                   list(APPEND LIB_SOURCES wolfcrypt/src/sha512.c)
-
-                   if(BUILD_ARMASM AND BUILD_FIPS_READY)
+                    if(BUILD_ARMASM_INLINE)
                         list(APPEND LIB_SOURCES
-                             wolfcrypt/src/port/arm/armv8-sha512.c
-                             wolfcrypt/src/port/arm/armv8-sha512-asm.S
-                             wolfcrypt/src/port/arm/armv8-32-sha512-asm.S)
-                   endif()
+                            wolfcrypt/src/port/arm/armv8-32-aes-asm_c.c)
+                    else()
+                        list(APPEND LIB_SOURCES
+                            wolfcrypt/src/port/arm/armv8-32-aes-asm.S)
+                    endif()
 
-                   if(BUILD_INTELASM)
-                        list(APPEND LIB_SOURCES wolfcrypt/src/sha512_asm.S)
-                   endif()
-              endif()
+                    if(BUILD_ARMASM_INLINE AND BUILD_ARM_THUMB)
+                        list(APPEND LIB_SOURCES
+                            wolfcrypt/src/port/arm/thumb2-aes-asm_c.c)
+                    elseif(BUILD_ARM_THUMB)
+                        list(APPEND LIB_SOURCES
+                            wolfcrypt/src/port/arm/thumb2-aes-asm.S)
+                    endif()
+                endif()
+            endif()
 
-              if(BUILD_SHA3)
-                   list(APPEND LIB_SOURCES wolfcrypt/src/sha3.c)
+            if(BUILD_AESNI)
+                list(APPEND LIB_SOURCES wolfcrypt/src/aes_asm.S)
 
-                   if(BUILD_INTELASM)
-                        list(APPEND LIB_SOURCES wolfcrypt/src/sha3_asm.S)
-                   endif()
-              endif()
+                if(BUILD_INTELASM)
+                    list(APPEND LIB_SOURCES wolfcrypt/src/aes_gcm_asm.S)
+                endif()
+            endif()
 
-              if(BUILD_DH)
-                   list(APPEND LIB_SOURCES wolfcrypt/src/dh.c)
-              endif()
+            if(BUILD_DES3)
+                list(APPEND LIB_SOURCES wolfcrypt/src/des3.c)
+            endif()
 
-              if(BUILD_CMAC)
-                   list(APPEND LIB_SOURCES wolfcrypt/src/cmac.c)
-              endif()
+            if(BUILD_SHA)
+                list(APPEND LIB_SOURCES wolfcrypt/src/sha.c)
+            endif()
 
-              list(APPEND LIB_SOURCES
-                   wolfcrypt/src/fips.c
-                   wolfcrypt/src/fips_test.c)
+            if(BUILD_ARMASM AND BUILD_FIPS_READY)
+                list(APPEND LIB_SOURCES wolfcrypt/src/port/arm/armv8-sha256.c)
+            endif()
 
-              # fips last file
-              list(APPEND LIB_SOURCES wolfcrypt/src/wolfcrypt_last.c)
-         endif()
+            if(BUILD_INTELASM)
+                list(APPEND LIB_SOURCES wolfcrypt/src/sha256_asm.S)
+            endif()
 
-         if(BUILD_FIPS_V5)
-              list(APPEND LIB_SOURCES wolfcrypt/src/wolfcrypt_first.c)
+            if(BUILD_SHA512)
+                list(APPEND LIB_SOURCES wolfcrypt/src/sha512.c)
 
-              list(APPEND LIB_SOURCES
+                if(BUILD_ARMASM AND BUILD_FIPS_READY)
+                    list(APPEND LIB_SOURCES
+                        wolfcrypt/src/port/arm/armv8-sha512.c)
+
+                    if(BUILD_ARMASM_INLINE)
+                        list(APPEND LIB_SOURCES
+                            wolfcrypt/src/port/arm/armv8-sha512-asm_c.c
+                            wolfcrypt/src/port/arm/armv8-32-sha512-asm_c.c)
+                    else()
+                        list(APPEND LIB_SOURCES
+                            wolfcrypt/src/port/arm/armv8-sha512-asm.S
+                            wolfcrypt/src/port/arm/armv8-32-sha512-asm.S)
+                    endif()
+
+                    if(BUILD_ARMASM_INLINE AND BUILD_ARM_THUMB)
+                        list(APPEND LIB_SOURCES
+                            wolfcrypt/src/port/arm/thumb2-sha512-asm_c.c)
+                    elseif(BUILD_ARM_THUMB)
+                        list(APPEND LIB_SOURCES
+                            wolfcrypt/src/port/arm/thumb2-sha512-asm.S)
+                    endif()
+                endif()
+
+                if(BUILD_INTELASM)
+                    list(APPEND LIB_SOURCES wolfcrypt/src/sha512_asm.S)
+                endif()
+            endif()
+
+            if(BUILD_SHA3)
+                list(APPEND LIB_SOURCES wolfcrypt/src/sha3.c)
+
+                if(BUILD_ARMASM)
+                    if(BUILD_ARMASM_INLINE)
+                        list(APPEND LIB_SOURCES
+                            wolfcrypt/src/port/arm/armv8-sha3-asm_c.c
+                            wolfcrypt/src/port/arm/armv8-32-sha3-asm_c.c)
+                    else()
+                        list(APPEND LIB_SOURCES
+                            wolfcrypt/src/port/arm/armv8-sha3-asm.S
+                            wolfcrypt/src/port/arm/armv8-32-sha3-asm.S)
+                    endif()
+
+                    if(BUILD_ARMASM_INLINE AND BUILD_ARM_THUMB)
+                        list(APPEND LIB_SOURCES
+                            wolfcrypt/src/port/arm/thumb2-sha3-asm_c.c)
+                    elseif(BUILD_ARM_THUMB)
+                        list(APPEND LIB_SOURCES
+                            wolfcrypt/src/port/arm/thumb2-sha3-asm.S)
+                    endif()
+                endif()
+
+                if(BUILD_INTELASM)
+                    list(APPEND LIB_SOURCES wolfcrypt/src/sha3_asm.S)
+                endif()
+            endif()
+
+            if(BUILD_DH)
+                list(APPEND LIB_SOURCES wolfcrypt/src/dh.c)
+            endif()
+
+            if(BUILD_CMAC)
+                list(APPEND LIB_SOURCES wolfcrypt/src/cmac.c)
+            endif()
+
+            list(APPEND LIB_SOURCES
+                wolfcrypt/src/fips.c
+                wolfcrypt/src/fips_test.c)
+
+            # fips last file
+            list(APPEND LIB_SOURCES wolfcrypt/src/wolfcrypt_last.c)
+        endif()
+
+        if(BUILD_FIPS_V5)
+            list(APPEND LIB_SOURCES wolfcrypt/src/wolfcrypt_first.c)
+
+            list(APPEND LIB_SOURCES
                 wolfcrypt/src/hmac.c
                 wolfcrypt/src/random.c
                 wolfcrypt/src/sha256.c)
 
-              list(APPEND LIB_SOURCES
+            list(APPEND LIB_SOURCES
                 wolfcrypt/src/kdf.c)
 
-              if(BUILD_RSA)
-                   list(APPEND LIB_SOURCES wolfcrypt/src/rsa.c)
-              endif()
-         endif()
+            if(BUILD_RSA)
+                list(APPEND LIB_SOURCES wolfcrypt/src/rsa.c)
+            endif()
+        endif()
 
-         if(BUILD_FIPS_RAND)
-              list(APPEND LIB_SOURCES
-                   wolfcrypt/src/wolfcrypt_first.c
-                   wolfcrypt/src/hmac.c
-                   wolfcrypt/src/random.c
-                   wolfcrypt/src/sha256.c
-                   wolfcrypt/src/sha256_asm.S
-                   wolfcrypt/src/fips.c
-                   wolfcrypt/src/fips_test.c
-                   wolfcrypt/src/wolfcrypt_last.c)
-         endif()
+        if(BUILD_FIPS_RAND)
+            list(APPEND LIB_SOURCES
+                wolfcrypt/src/wolfcrypt_first.c
+                wolfcrypt/src/hmac.c
+                wolfcrypt/src/random.c
+                wolfcrypt/src/sha256.c
+                wolfcrypt/src/sha256_asm.S
+                wolfcrypt/src/fips.c
+                wolfcrypt/src/fips_test.c
+                wolfcrypt/src/wolfcrypt_last.c)
+        endif()
     endif()
 
     # For wolfRand, exclude everything else.
     if(NOT BUILD_FIPS_RAND)
-         # For FIPSV2, exclude the wolfCrypt files included above.
-         # For wolfRand, exclude just a couple files.
-         # For old FIPS, keep the wolfCrypt versions of the
-         # CtaoCrypt files included above.
-         if(NOT BUILD_FIPS_V2)
-              list(APPEND LIB_SOURCES wolfcrypt/src/hmac.c)
-         endif()
+        # For FIPSV2, exclude the wolfCrypt files included above.
+        # For wolfRand, exclude just a couple files.
+        # For old FIPS, keep the wolfCrypt versions of the
+        # CtaoCrypt files included above.
+        if(NOT BUILD_FIPS_V2)
+            list(APPEND LIB_SOURCES wolfcrypt/src/hmac.c)
+        endif()
 
-         # CAVP self test
-         if(BUILD_SELFTEST)
-              list(APPEND LIB_SOURCES wolfcrypt/src/selftest.c)
-         endif()
+        # CAVP self test
+        if(BUILD_SELFTEST)
+            list(APPEND LIB_SOURCES wolfcrypt/src/selftest.c)
+        endif()
     endif()
 
     list(APPEND LIB_SOURCES
-         wolfcrypt/src/hash.c
-         wolfcrypt/src/cpuid.c)
+        wolfcrypt/src/hash.c
+        wolfcrypt/src/cpuid.c)
 
     if(NOT BUILD_FIPS_RAND)
-         if(NOT BUILD_FIPS_V5)
-              list(APPEND LIB_SOURCES wolfcrypt/src/kdf.c)
-         endif()
+        if(NOT BUILD_FIPS_V5)
+            list(APPEND LIB_SOURCES wolfcrypt/src/kdf.c)
+        endif()
 
-         if(NOT BUILD_FIPS_V2 AND BUILD_RNG)
-              list(APPEND LIB_SOURCES wolfcrypt/src/random.c)
-         endif()
+        if(NOT BUILD_FIPS_V2 AND BUILD_RNG)
+            list(APPEND LIB_SOURCES wolfcrypt/src/random.c)
+        endif()
 
-         if(NOT BUILD_FIPS_V2)
-              if(BUILD_ARMASM)
-                   list(APPEND LIB_SOURCES wolfcrypt/src/port/arm/armv8-sha256.c)
-              else()
-                   list(APPEND LIB_SOURCES wolfcrypt/src/sha256.c)
+        if(NOT BUILD_FIPS_V2)
 
-                   if(BUILD_INTELASM)
-                        list(APPEND LIB_SOURCES wolfcrypt/src/sha256_asm.S)
-                   endif()
-              endif()
-         endif()
+            list(APPEND LIB_SOURCES wolfcrypt/src/sha256.c)
 
-         if(BUILD_AFALG)
-              list(APPEND LIB_SOURCES wolfcrypt/src/port/af_alg/afalg_hash.c)
-         endif()
+            if(BUILD_ARMASM)
 
-         if(BUILD_WOLFEVENT)
-              list(APPEND LIB_SOURCES wolfcrypt/src/wolfevent.c)
-         endif()
+                if(BUILD_ARMASM_INLINE)
+                    list(APPEND LIB_SOURCES
+                        wolfcrypt/src/port/arm/armv8-sha256.c
+                        wolfcrypt/src/port/arm/armv8-32-sha256-asm_c.c)
+                else()
+                    list(APPEND LIB_SOURCES
+                        wolfcrypt/src/port/arm/armv8-sha256-asm.S
+                        wolfcrypt/src/port/arm/armv8-32-sha256-asm.S)
+                endif()
+                if(BUILD_ARMASM_INLINE AND BUILD_ARM_THUMB)
+                    list(APPEND LIB_SOURCES
+                        wolfcrypt/src/port/arm/thumb2-sha256-asm_c.c)
+                elseif(BUILD_ARM_THUMB)
+                    list(APPEND LIB_SOURCES
+                        wolfcrypt/src/port/arm/thumb2-sha256-asm.S)
+                endif()
+            else()
 
-         if(BUILD_ASYNCCRYPT)
-              list(APPEND LIB_SOURCES wolfcrypt/src/async.c)
-         endif()
+                if(BUILD_INTELASM)
+                    list(APPEND LIB_SOURCES wolfcrypt/src/sha256_asm.S)
+                endif()
+            endif()
+        endif()
 
-         if(BUILD_RSA)
-               if(NOT BUILD_FIPS_V2)
-                    list(APPEND LIB_SOURCES wolfcrypt/src/rsa.c)
-               endif()
-         endif()
+        if(BUILD_AFALG)
+            list(APPEND LIB_SOURCES wolfcrypt/src/port/af_alg/afalg_hash.c)
+        endif()
 
-         if(BUILD_SP)
-              if(BUILD_SP_C)
-                   list(APPEND LIB_SOURCES
-                        wolfcrypt/src/sp_c32.c
-                        wolfcrypt/src/sp_c64.c)
-              endif()
+        if(BUILD_WOLFEVENT)
+            list(APPEND LIB_SOURCES wolfcrypt/src/wolfevent.c)
+        endif()
 
-              if(BUILD_SP_X86_64)
-                    list(APPEND LIB_SOURCES wolfcrypt/src/sp_x86_64.c)
-                    if(WOLFSSL_X86_64_BUILD_ASM)
-                         list(APPEND LIB_SOURCES wolfcrypt/src/sp_x86_64_asm.S)
+        if(BUILD_ASYNCCRYPT)
+            list(APPEND LIB_SOURCES wolfcrypt/src/async.c)
+        endif()
+
+        if(BUILD_RSA)
+            if(NOT BUILD_FIPS_V2)
+                list(APPEND LIB_SOURCES wolfcrypt/src/rsa.c)
+            endif()
+        endif()
+
+        if(BUILD_SP)
+            if(BUILD_SP_C)
+                list(APPEND LIB_SOURCES
+                    wolfcrypt/src/sp_c32.c
+                    wolfcrypt/src/sp_c64.c)
+            endif()
+
+            if(BUILD_SP_X86_64)
+                list(APPEND LIB_SOURCES wolfcrypt/src/sp_x86_64.c)
+                if(WOLFSSL_X86_64_BUILD_ASM)
+                    list(APPEND LIB_SOURCES wolfcrypt/src/sp_x86_64_asm.S)
+                endif()
+            endif()
+
+            if(NOT BUILD_FIPS_V2 AND BUILD_SP_ARM32)
+                list(APPEND LIB_SOURCES wolfcrypt/src/sp_arm32.c)
+            endif()
+
+            if(BUILD_SP_ARM_THUMB)
+                list(APPEND LIB_SOURCES wolfcrypt/src/sp_armthumb.c)
+            endif()
+
+            if(BUILD_SP_ARM64)
+                list(APPEND LIB_SOURCES wolfcrypt/src/sp_arm64.c)
+            endif()
+
+            if(BUILD_SP_ARM_CORTEX)
+                list(APPEND LIB_SOURCES wolfcrypt/src/sp_cortexm.c)
+            endif()
+        endif()
+        if(BUILD_SP_INT)
+            list(APPEND LIB_SOURCES wolfcrypt/src/sp_int.c)
+        endif()
+
+        if(NOT BUILD_FIPS_V2)
+            if(BUILD_AES)
+                list(APPEND LIB_SOURCES wolfcrypt/src/aes.c)
+
+                if(BUILD_ARMASM)
+                    list(APPEND LIB_SOURCES
+                        wolfcrypt/src/port/arm/armv8-aes.c)
+
+                    if(BUILD_ARMASM_INLINE)
+                        list(APPEND LIB_SOURCES
+                            wolfcrypt/src/port/arm/armv8-32-aes-asm_c.c)
+                    else()
+                        list(APPEND LIB_SOURCES
+                            wolfcrypt/src/port/arm/armv8-32-aes-asm.S)
                     endif()
-              endif()
 
-              if(NOT BUILD_FIPS_V2 AND BUILD_SP_ARM32)
-                   list(APPEND LIB_SOURCES wolfcrypt/src/sp_arm32.c)
-              endif()
+                    if(BUILD_ARMASM_INLINE AND BUILD_ARM_THUMB)
+                        list(APPEND LIB_SOURCES
+                            wolfcrypt/src/port/arm/thumb2-aes-asm_c.c)
+                    elseif(BUILD_ARM_THUMB)
+                        list(APPEND LIB_SOURCES
+                            wolfcrypt/src/port/arm/thumb2-aes-asm.S)
+                    endif()
 
-              if(BUILD_SP_ARM_THUMB)
-                   list(APPEND LIB_SOURCES wolfcrypt/src/sp_armthumb.c)
-              endif()
+                endif()
 
-              if(BUILD_SP_ARM64)
-                   list(APPEND LIB_SOURCES wolfcrypt/src/sp_arm64.c)
-              endif()
+                if(BUILD_AFALG)
+                    list(APPEND LIB_SOURCES
+                        wolfcrypt/src/port/af_alg/afalg_aes.c)
+                endif()
+            endif()
+        endif()
 
-              if(BUILD_SP_ARM_CORTEX)
-                   list(APPEND LIB_SOURCES wolfcrypt/src/sp_cortexm.c)
-              endif()
-         endif()
-         if(BUILD_SP_INT)
-              list(APPEND LIB_SOURCES wolfcrypt/src/sp_int.c)
-         endif()
+        if(NOT BUILD_FIPS_V2 AND BUILD_CMAC)
+            list(APPEND LIB_SOURCES wolfcrypt/src/cmac.c)
+        endif()
 
-         if(NOT BUILD_FIPS_V2)
-              if(BUILD_AES)
-                   list(APPEND LIB_SOURCES wolfcrypt/src/aes.c)
+        if(NOT BUILD_FIPS_V2 AND BUILD_DES3)
+            list(APPEND LIB_SOURCES wolfcrypt/src/des3.c)
+        endif()
 
-                   if(BUILD_ARMASM)
-                        list(APPEND LIB_SOURCES wolfcrypt/src/port/arm/armv8-aes.c)
-                   endif()
+        if(NOT BUILD_FIPS_V2 AND BUILD_SHA)
+            list(APPEND LIB_SOURCES wolfcrypt/src/sha.c)
+        endif()
 
-                   if(BUILD_AFALG)
-                        list(APPEND LIB_SOURCES wolfcrypt/src/port/af_alg/afalg_aes.c)
-                   endif()
-              endif()
-         endif()
+        if(NOT BUILD_FIPS_V2 AND BUILD_SHA512)
+            list(APPEND LIB_SOURCES wolfcrypt/src/sha512.c)
 
-         if(NOT BUILD_FIPS_V2 AND BUILD_CMAC)
-              list(APPEND LIB_SOURCES wolfcrypt/src/cmac.c)
-         endif()
+            if(BUILD_ARMASM)
+                list(APPEND LIB_SOURCES wolfcrypt/src/port/arm/armv8-sha512.c)
 
-         if(NOT BUILD_FIPS_V2 AND BUILD_DES3)
-              list(APPEND LIB_SOURCES wolfcrypt/src/des3.c)
-         endif()
-
-         if(NOT BUILD_FIPS_V2 AND BUILD_SHA)
-              list(APPEND LIB_SOURCES wolfcrypt/src/sha.c)
-         endif()
-
-         if(NOT BUILD_FIPS_V2 AND BUILD_SHA512)
-              if(BUILD_ARMASM)
-                   list(APPEND LIB_SOURCES
-                        wolfcrypt/src/port/arm/armv8-sha512.c
+                if(BUILD_ARMASM_INLINE)
+                    list(APPEND LIB_SOURCES
+                        wolfcrypt/src/port/arm/armv8-sha512-asm_c.c
+                        wolfcrypt/src/port/arm/armv8-32-sha512-asm_c.c)
+                else()
+                    list(APPEND LIB_SOURCES
                         wolfcrypt/src/port/arm/armv8-sha512-asm.S
                         wolfcrypt/src/port/arm/armv8-32-sha512-asm.S)
-              else()
-                   list(APPEND LIB_SOURCES wolfcrypt/src/sha512.c)
+                endif()
 
-                   if(BUILD_INTELASM)
-                        list(APPEND LIB_SOURCES wolfcrypt/src/sha512_asm.S)
-                   endif()
-              endif()
-         endif()
+                if(BUILD_ARMASM_INLINE AND BUILD_ARM_THUMB)
+                    list(APPEND LIB_SOURCES
+                        wolfcrypt/src/port/arm/thumb2-sha512-asm_c.c)
+                elseif(BUILD_ARM_THUMB)
+                    list(APPEND LIB_SOURCES
+                        wolfcrypt/src/port/arm/thumb2-sha512-asm.S)
+                endif()
+            else()
 
-         if(NOT BUILD_FIPS_V2 AND BUILD_SHA3)
-              list(APPEND LIB_SOURCES wolfcrypt/src/sha3.c)
+                if(BUILD_INTELASM)
+                    list(APPEND LIB_SOURCES wolfcrypt/src/sha512_asm.S)
+                endif()
+            endif()
+        endif()
 
-              if(BUILD_INTELASM)
-                   list(APPEND LIB_SOURCES wolfcrypt/src/sha3_asm.S)
-              endif()
-         endif()
+        if(NOT BUILD_FIPS_V2 AND BUILD_SHA3)
+            list(APPEND LIB_SOURCES wolfcrypt/src/sha3.c)
+
+            if(BUILD_ARMASM)
+                if(BUILD_ARMASM_INLINE)
+                    list(APPEND LIB_SOURCES
+                        wolfcrypt/src/port/arm/armv8-sha3-asm_c.c
+                        wolfcrypt/src/port/arm/armv8-32-sha3-asm_c.c)
+                else()
+                    list(APPEND LIB_SOURCES
+                        wolfcrypt/src/port/arm/armv8-sha3-asm.S
+                        wolfcrypt/src/port/arm/armv8-32-sha3-asm.S)
+                endif()
+
+                if(BUILD_ARMASM_INLINE AND BUILD_ARM_THUMB)
+                    list(APPEND LIB_SOURCES
+                        wolfcrypt/src/port/arm/thumb2-sha3-asm_c.c)
+                elseif(BUILD_ARM_THUMB)
+                    list(APPEND LIB_SOURCES
+                        wolfcrypt/src/port/arm/thumb2-sha3-asm.S)
+                endif()
+            endif()
+
+            if(BUILD_INTELASM)
+                list(APPEND LIB_SOURCES wolfcrypt/src/sha3_asm.S)
+            endif()
+        endif()
     endif()
 
     list(APPEND LIB_SOURCES
-         wolfcrypt/src/logging.c
-         wolfcrypt/src/wc_port.c
-         wolfcrypt/src/error.c)
+        wolfcrypt/src/logging.c
+        wolfcrypt/src/wc_port.c
+        wolfcrypt/src/error.c)
 
     if(BUILD_OQS_HELPER)
         list(APPEND LIB_SOURCES
@@ -623,284 +752,351 @@ function(generate_lib_src_list LIB_SOURCES)
     endif()
 
     if(BUILD_MEMORY)
-         list(APPEND LIB_SOURCES wolfcrypt/src/memory.c)
+        list(APPEND LIB_SOURCES wolfcrypt/src/memory.c)
     endif()
 
     if(NOT BUILD_FIPS_RAND)
-         if(NOT BUILD_FIPS_V2 AND BUILD_DH)
-              list(APPEND LIB_SOURCES wolfcrypt/src/dh.c)
-         endif()
+        if(NOT BUILD_FIPS_V2 AND BUILD_DH)
+            list(APPEND LIB_SOURCES wolfcrypt/src/dh.c)
+        endif()
 
-         if(BUILD_ASN)
-              list(APPEND LIB_SOURCES wolfcrypt/src/asn.c)
-         endif()
+        if(BUILD_ASN)
+            list(APPEND LIB_SOURCES wolfcrypt/src/asn.c)
+        endif()
     endif()
 
     if(BUILD_CODING)
-         list(APPEND LIB_SOURCES wolfcrypt/src/coding.c)
+        list(APPEND LIB_SOURCES wolfcrypt/src/coding.c)
     endif()
 
     if(NOT BUILD_FIPS_RAND)
-         if(BUILD_POLY1305)
-              if(BUILD_ARMASM)
-                   list(APPEND LIB_SOURCES wolfcrypt/src/port/arm/armv8-poly1305.c)
-              endif()
+        if(BUILD_POLY1305)
+            if(BUILD_ARMASM)
+                list(APPEND LIB_SOURCES
+                    wolfcrypt/src/port/arm/armv8-poly1305.c)
 
-              list(APPEND LIB_SOURCES wolfcrypt/src/poly1305.c)
+                if(BUILD_ARMASM_INLINE)
+                    list(APPEND LIB_SOURCES
+                        wolfcrypt/src/port/arm/armv8-32-poly1305-asm_c.c)
+                else()
+                    list(APPEND LIB_SOURCES
+                        wolfcrypt/src/port/arm/armv8-32-poly1305-asm.S)
+                endif()
 
-              if(BUILD_INTELASM)
-                   list(APPEND LIB_SOURCES wolfcrypt/src/poly1305_asm.S)
-              endif()
-         endif()
+                if(BUILD_ARMASM_INLINE AND BUILD_ARM_THUMB)
+                    list(APPEND LIB_SOURCES
+                        wolfcrypt/src/port/arm/thumb2-poly1305.c
+                        wolfcrypt/src/port/arm/thumb2-poly1305-asm_c.c)
+                elseif(BUILD_ARM_THUMB)
+                    list(APPEND LIB_SOURCES
+                        wolfcrypt/src/port/arm/thumb2-poly1305.c
+                        wolfcrypt/src/port/arm/thumb2-poly1305-asm.S)
+                endif()
+            endif()
 
-         if(BUILD_RC4)
-              list(APPEND LIB_SOURCES wolfcrypt/src/arc4.c)
-         endif()
+            list(APPEND LIB_SOURCES wolfcrypt/src/poly1305.c)
 
-         if(BUILD_MD4)
-              list(APPEND LIB_SOURCES wolfcrypt/src/md4.c)
-         endif()
+            if(BUILD_INTELASM)
+                list(APPEND LIB_SOURCES wolfcrypt/src/poly1305_asm.S)
+            endif()
+        endif()
 
-         if(BUILD_MD5)
-              list(APPEND LIB_SOURCES wolfcrypt/src/md5.c)
-         endif()
+        if(BUILD_RC4)
+            list(APPEND LIB_SOURCES wolfcrypt/src/arc4.c)
+        endif()
 
-         if(BUILD_PWDBASED)
-              list(APPEND LIB_SOURCES
-                   wolfcrypt/src/pwdbased.c
-                   wolfcrypt/src/pkcs12.c)
-         endif()
+        if(BUILD_MD4)
+            list(APPEND LIB_SOURCES wolfcrypt/src/md4.c)
+        endif()
 
-         if(BUILD_DSA)
-              list(APPEND LIB_SOURCES wolfcrypt/src/dsa.c)
-         endif()
+        if(BUILD_MD5)
+            list(APPEND LIB_SOURCES wolfcrypt/src/md5.c)
+        endif()
 
-         if(NOT BUILD_FIPS_V2 AND BUILD_AESNI)
-              list(APPEND LIB_SOURCES
-                   wolfcrypt/src/aes_asm.S
-                   wolfcrypt/src/aes_gcm_asm.S)
-         endif()
+        if(BUILD_PWDBASED)
+            list(APPEND LIB_SOURCES
+                wolfcrypt/src/pwdbased.c
+                wolfcrypt/src/pkcs12.c)
+        endif()
 
-         if(BUILD_CAMELLIA)
-              list(APPEND LIB_SOURCES wolfcrypt/src/camellia.c)
-         endif()
+        if(BUILD_DSA)
+            list(APPEND LIB_SOURCES wolfcrypt/src/dsa.c)
+        endif()
 
-         if(BUILD_MD2)
-              list(APPEND LIB_SOURCES wolfcrypt/src/md2.c)
-         endif()
+        if(NOT BUILD_FIPS_V2 AND BUILD_AESNI)
+            list(APPEND LIB_SOURCES
+                wolfcrypt/src/aes_asm.S
+                wolfcrypt/src/aes_gcm_asm.S)
+        endif()
 
-         if(BUILD_RIPEMD)
-              list(APPEND LIB_SOURCES wolfcrypt/src/ripemd.c)
-         endif()
+        if(BUILD_CAMELLIA)
+            list(APPEND LIB_SOURCES wolfcrypt/src/camellia.c)
+        endif()
 
-         if(BUILD_BLAKE2)
-              list(APPEND LIB_SOURCES wolfcrypt/src/blake2b.c)
-         endif()
+        if(BUILD_MD2)
+            list(APPEND LIB_SOURCES wolfcrypt/src/md2.c)
+        endif()
 
-         if(BUILD_BLAKE2S)
-              list(APPEND LIB_SOURCES wolfcrypt/src/blake2s.c)
-         endif()
+        if(BUILD_RIPEMD)
+            list(APPEND LIB_SOURCES wolfcrypt/src/ripemd.c)
+        endif()
 
-         if(BUILD_CHACHA)
-              if(BUILD_ARMASM)
-                   list(APPEND LIB_SOURCES wolfcrypt/src/port/arm/armv8-chacha.c)
-              else()
-                   list(APPEND LIB_SOURCES wolfcrypt/src/chacha.c)
+        if(BUILD_BLAKE2)
+            list(APPEND LIB_SOURCES wolfcrypt/src/blake2b.c)
+        endif()
 
-                   if(BUILD_INTELASM)
-                        list(APPEND LIB_SOURCES wolfcrypt/src/chacha_asm.S)
-                   endif()
-              endif()
+        if(BUILD_BLAKE2S)
+            list(APPEND LIB_SOURCES wolfcrypt/src/blake2s.c)
+        endif()
 
-              if(BUILD_POLY1305)
-                   list(APPEND LIB_SOURCES wolfcrypt/src/chacha20_poly1305.c)
-              endif()
-         endif()
+        if(BUILD_CHACHA)
+            list(APPEND LIB_SOURCES wolfcrypt/src/chacha.c)
 
-         if(NOT BUILD_INLINE)
-              list(APPEND LIB_SOURCES wolfcrypt/src/misc.c)
-         endif()
+            if(BUILD_ARMASM)
+                list(APPEND LIB_SOURCES wolfcrypt/src/port/arm/armv8-chacha.c)
 
-         if(BUILD_FAST_MATH)
-              list(APPEND LIB_SOURCES wolfcrypt/src/tfm.c)
-         endif()
+                if(BUILD_ARMASM_INLINE)
+                    list(APPEND LIB_SOURCES
+                        wolfcrypt/src/port/arm/armv8-32-chacha-asm_c.c)
+                else()
+                    list(APPEND LIB_SOURCES
+                        wolfcrypt/src/port/arm/armv8-32-chacha-asm.S)
+                endif()
 
-         if(BUILD_SLOW_MATH)
-              list(APPEND LIB_SOURCES wolfcrypt/src/integer.c)
-         endif()
+                if(BUILD_ARMASM_INLINE AND BUILD_ARM_THUMB)
+                    list(APPEND LIB_SOURCES
+                        wolfcrypt/src/port/arm/thumb2-chacha.c
+                        wolfcrypt/src/port/arm/thumb2-chacha-asm_c.c)
+                elseif(BUILD_ARM_THUMB)
+                    list(APPEND LIB_SOURCES
+                        wolfcrypt/src/port/arm/thumb2-chacha.c
+                        wolfcrypt/src/port/arm/thumb2-chacha-asm.S)
+                endif()
+            else()
 
-         if(NOT BUILD_FIPS_V2 AND BUILD_ECC)
-              list(APPEND LIB_SOURCES wolfcrypt/src/ecc.c)
-         endif()
+                if(BUILD_INTELASM)
+                    list(APPEND LIB_SOURCES wolfcrypt/src/chacha_asm.S)
+                endif()
+            endif()
 
-         if(BUILD_CURVE25519)
-              list(APPEND LIB_SOURCES wolfcrypt/src/curve25519.c)
-         endif()
+            if(BUILD_POLY1305)
+                list(APPEND LIB_SOURCES wolfcrypt/src/chacha20_poly1305.c)
+            endif()
+        endif()
 
-         if(BUILD_ED25519)
-              list(APPEND LIB_SOURCES wolfcrypt/src/ed25519.c)
-         endif()
+        if(NOT BUILD_INLINE)
+            list(APPEND LIB_SOURCES wolfcrypt/src/misc.c)
+        endif()
 
-         if(BUILD_FEMATH)
-              if(BUILD_CURVE25519_SMALL)
-                   list(APPEND LIB_SOURCES wolfcrypt/src/fe_low_mem.c)
-              else()
-                   if(BUILD_INTELASM)
+        if(BUILD_FAST_MATH)
+            list(APPEND LIB_SOURCES wolfcrypt/src/tfm.c)
+        endif()
+
+        if(BUILD_SLOW_MATH)
+            list(APPEND LIB_SOURCES wolfcrypt/src/integer.c)
+        endif()
+
+        if(NOT BUILD_FIPS_V2 AND BUILD_ECC)
+            list(APPEND LIB_SOURCES wolfcrypt/src/ecc.c)
+        endif()
+
+        if(BUILD_CURVE25519)
+            list(APPEND LIB_SOURCES wolfcrypt/src/curve25519.c)
+            if(BUILD_ARMASM)
+                if (BUILD_ARMASM_INLINE)
+                    list(APPEND LIB_SOURCES
+                        wolfcrypt/src/port/arm/armv8-32-curve25519_c.c
+                        wolfcrypt/src/port/arm/armv8-curve25519_c.c)
+                else()
+                    list(APPEND LIB_SOURCES
+                        wolfcrypt/src/port/arm/armv8-32-curve25519.S
+                        wolfcrypt/src/port/arm/armv8-curve25519.S)
+                endif()
+
+                if(BUILD_ARMASM_INLINE AND BUILD_ARM_THUMB)
+                    list(APPEND LIB_SOURCES
+                        wolfcrypt/src/port/arm/thumb2-curve25519_c.c)
+                elseif(BUILD_ARM_THUMB)
+                    list(APPEND LIB_SOURCES
+                        wolfcrypt/src/port/arm/thumb2-curve25519.S)
+                endif()
+            endif()
+        endif()
+
+        if(BUILD_ED25519)
+            list(APPEND LIB_SOURCES wolfcrypt/src/ed25519.c)
+        endif()
+
+        if(BUILD_FEMATH)
+            if(BUILD_CURVE25519_SMALL)
+                list(APPEND LIB_SOURCES wolfcrypt/src/fe_low_mem.c)
+            else()
+                if(BUILD_INTELASM)
+                    list(APPEND LIB_SOURCES wolfcrypt/src/fe_x25519_asm.S)
+                else()
+                    list(APPEND LIB_SOURCES wolfcrypt/src/fe_operations.c)
+                endif()
+            endif()
+        endif()
+
+        if(BUILD_GEMATH)
+            if(BUILD_ED25519_SMALL)
+                list(APPEND LIB_SOURCES wolfcrypt/src/ge_low_mem.c)
+            else()
+                list(APPEND LIB_SOURCES wolfcrypt/src/ge_operations.c)
+
+                if(NOT BUILD_FEMATH)
+                    if(BUILD_INTELASM)
                         list(APPEND LIB_SOURCES wolfcrypt/src/fe_x25519_asm.S)
-                   else()
-                        if(BUILD_ARMASM)
-                             list(APPEND LIB_SOURCES
-                                  wolfcrypt/src/port/arm/armv8-32-curve25519.S
-                                  wolfcrypt/src/port/arm/armv8-curve25519.S)
-                        else()
-                             list(APPEND LIB_SOURCES wolfcrypt/src/fe_operations.c)
-                        endif()
-                   endif()
-              endif()
-         endif()
+                    else()
+                        list(APPEND LIB_SOURCES wolfcrypt/src/fe_operations.c)
+                    endif()
+                endif()
+            endif()
+        endif()
 
-         if(BUILD_GEMATH)
-              if(BUILD_ED25519_SMALL)
-                   list(APPEND LIB_SOURCES wolfcrypt/src/ge_low_mem.c)
-              else()
-                   list(APPEND LIB_SOURCES wolfcrypt/src/ge_operations.c)
+        if(BUILD_CURVE448)
+            list(APPEND LIB_SOURCES wolfcrypt/src/curve448.c)
+        endif()
 
-                   if(NOT BUILD_FEMATH)
-                        if(BUILD_INTELASM)
-                             list(APPEND LIB_SOURCES wolfcrypt/src/fe_x25519_asm.S)
-                        else()
-                             if(BUILD_ARMASM)
-                                  list(APPEND LIB_SOURCES wolfcrypt/src/port/arm/armv8-curve25519.S)
-                             else()
-                                  list(APPEND LIB_SOURCES wolfcrypt/src/fe_operations.c)
-                             endif()
-                        endif()
-                   endif()
-              endif()
-         endif()
+        if(BUILD_ED448)
+            list(APPEND LIB_SOURCES wolfcrypt/src/ed448.c)
+        endif()
 
-         if(BUILD_CURVE448)
-              list(APPEND LIB_SOURCES wolfcrypt/src/curve448.c)
-         endif()
+        if(BUILD_FE448)
+            list(APPEND LIB_SOURCES wolfcrypt/src/fe_448.c)
+        endif()
 
-         if(BUILD_ED448)
-              list(APPEND LIB_SOURCES wolfcrypt/src/ed448.c)
-         endif()
+        if(BUILD_GE448)
+            list(APPEND LIB_SOURCES wolfcrypt/src/ge_448.c)
 
-         if(BUILD_FE448)
-              list(APPEND LIB_SOURCES wolfcrypt/src/fe_448.c)
-         endif()
+            if(NOT BUILD_FE448)
+                list(APPEND LIB_SOURCES wolfcrypt/src/fe_448.c)
+            endif()
+        endif()
 
-         if(BUILD_GE448)
-              list(APPEND LIB_SOURCES wolfcrypt/src/ge_448.c)
+        if(BUILD_FALCON)
+            list(APPEND LIB_SOURCES wolfcrypt/src/falcon.c)
+        endif()
 
-              if(NOT BUILD_FE448)
-                   list(APPEND LIB_SOURCES wolfcrypt/src/fe_448.c)
-              endif()
-         endif()
+        if(BUILD_SPHINCS)
+            list(APPEND LIB_SOURCES wolfcrypt/src/sphincs.c)
+        endif()
 
-         if(BUILD_FALCON)
-              list(APPEND LIB_SOURCES wolfcrypt/src/falcon.c)
-         endif()
+        if(BUILD_DILITHIUM)
+            list(APPEND LIB_SOURCES wolfcrypt/src/dilithium.c)
+        endif()
 
-         if(BUILD_SPHINCS)
-              list(APPEND LIB_SOURCES wolfcrypt/src/sphincs.c)
-         endif()
+        if(BUILD_WC_MLKEM)
+            list(APPEND LIB_SOURCES wolfcrypt/src/wc_mlkem.c)
+            list(APPEND LIB_SOURCES wolfcrypt/src/wc_mlkem_poly.c)
 
-         if(BUILD_DILITHIUM)
-              list(APPEND LIB_SOURCES wolfcrypt/src/dilithium.c)
-         endif()
+            if(BUILD_ARMASM)
+                if(BUILD_ARMASM_INLINE)
+                    list(APPEND LIB_SOURCES
+                        wolfcrypt/src/port/arm/armv8-mlkem-asm_c.c
+                        wolfcrypt/src/port/arm/armv8-32-mlkem-asm_c.c)
+                else()
+                    list(APPEND LIB_SOURCES
+                        wolfcrypt/src/port/arm/armv8-mlkem-asm.S
+                        wolfcrypt/src/port/arm/armv8-32-mlkem-asm.S)
+                endif()
 
-         if(BUILD_WC_MLKEM)
-              list(APPEND LIB_SOURCES wolfcrypt/src/wc_mlkem.c)
-              list(APPEND LIB_SOURCES wolfcrypt/src/wc_mlkem_poly.c)
+                if(BUILD_ARMASM_INLINE AND BUILD_ARM_THUMB)
+                    list(APPEND LIB_SOURCES
+                        wolfcrypt/src/port/arm/thumb2-mlkem-asm_c.c)
+                elseif(BUILD_ARM_THUMB)
+                    list(APPEND LIB_SOURCES
+                        wolfcrypt/src/port/arm/thumb2-mlkem-asm.S)
+                endif()
+            endif()
 
-              if(BUILD_INTELASM)
-                   list(APPEND LIB_SOURCES wolfcrypt/src/wc_mlkem_asm.S)
-              endif()
-         endif()
+            if(BUILD_INTELASM)
+                list(APPEND LIB_SOURCES wolfcrypt/src/wc_mlkem_asm.S)
+            endif()
+        endif()
 
-         if(BUILD_EXT_MLKEM)
-              list(APPEND LIB_SOURCES wolfcrypt/src/ext_mlkem.c)
-         endif()
+        if(BUILD_EXT_MLKEM)
+            list(APPEND LIB_SOURCES wolfcrypt/src/ext_mlkem.c)
+        endif()
 
-         if(BUILD_WC_LMS)
-              list(APPEND LIB_SOURCES wolfcrypt/src/wc_lms.c)
-              list(APPEND LIB_SOURCES wolfcrypt/src/wc_lms_impl.c)
-         endif()
+        if(BUILD_WC_LMS)
+            list(APPEND LIB_SOURCES wolfcrypt/src/wc_lms.c)
+            list(APPEND LIB_SOURCES wolfcrypt/src/wc_lms_impl.c)
+        endif()
 
-         if(BUILD_WC_XMSS)
-              list(APPEND LIB_SOURCES wolfcrypt/src/wc_xmss.c)
-              list(APPEND LIB_SOURCES wolfcrypt/src/wc_xmss_impl.c)
-         endif()
+        if(BUILD_WC_XMSS)
+            list(APPEND LIB_SOURCES wolfcrypt/src/wc_xmss.c)
+            list(APPEND LIB_SOURCES wolfcrypt/src/wc_xmss_impl.c)
+        endif()
 
-         if(BUILD_LIBZ)
-              list(APPEND LIB_SOURCES wolfcrypt/src/compress.c)
-         endif()
+        if(BUILD_LIBZ)
+            list(APPEND LIB_SOURCES wolfcrypt/src/compress.c)
+        endif()
 
-         if(BUILD_PKCS7)
-              list(APPEND LIB_SOURCES wolfcrypt/src/pkcs7.c)
-         endif()
+        if(BUILD_PKCS7)
+            list(APPEND LIB_SOURCES wolfcrypt/src/pkcs7.c)
+        endif()
 
-         if(BUILD_SRP)
-              list(APPEND LIB_SOURCES wolfcrypt/src/srp.c)
-         endif()
+        if(BUILD_SRP)
+            list(APPEND LIB_SOURCES wolfcrypt/src/srp.c)
+        endif()
 
-         if(BUILD_AFALG)
-              list(APPEND LIB_SOURCES wolfcrypt/src/port/af_alg/wc_afalg.c)
-         endif()
+        if(BUILD_AFALG)
+            list(APPEND LIB_SOURCES wolfcrypt/src/port/af_alg/wc_afalg.c)
+        endif()
 
-         if(NOT BUILD_CRYPTONLY)
-              # ssl files
-              list(APPEND LIB_SOURCES
-                   src/internal.c
-                   src/wolfio.c
-                   src/keys.c
-                   src/ssl.c
-                   src/ocsp.c
-                   src/tls.c)
+        if(NOT BUILD_CRYPTONLY)
+            # ssl files
+            list(APPEND LIB_SOURCES
+                src/internal.c
+                src/wolfio.c
+                src/keys.c
+                src/ssl.c
+                src/ocsp.c
+                src/tls.c)
 
-              if(BUILD_TLS13)
-                   list(APPEND LIB_SOURCES src/tls13.c)
-              endif()
+            if(BUILD_TLS13)
+                list(APPEND LIB_SOURCES src/tls13.c)
+            endif()
 
-              if(BUILD_DTLS13)
-                   list(APPEND LIB_SOURCES src/dtls13.c)
-              endif()
+            if(BUILD_DTLS13)
+                list(APPEND LIB_SOURCES src/dtls13.c)
+            endif()
 
-              if(BUILD_QUIC)
-                   list(APPEND LIB_SOURCES src/quic.c)
-              endif()
+            if(BUILD_QUIC)
+                list(APPEND LIB_SOURCES src/quic.c)
+            endif()
 
-              if(BUILD_OCSP)
-                   list(APPEND LIB_SOURCES src/ocsp.c)
-              endif()
+            if(BUILD_OCSP)
+                list(APPEND LIB_SOURCES src/ocsp.c)
+            endif()
 
-              if(BUILD_CRL)
-                   list(APPEND LIB_SOURCES src/crl.c)
-              endif()
+            if(BUILD_CRL)
+                list(APPEND LIB_SOURCES src/crl.c)
+            endif()
 
-              if(BUILD_SNIFFER)
-                   list(APPEND LIB_SOURCES src/sniffer.c)
-              endif()
+            if(BUILD_SNIFFER)
+                list(APPEND LIB_SOURCES src/sniffer.c)
+            endif()
 
-              if(BUILD_DTLS_COMMON)
-                   list(APPEND LIB_SOURCES src/dtls.c)
-              endif()
+            if(BUILD_DTLS_COMMON)
+                list(APPEND LIB_SOURCES src/dtls.c)
+            endif()
 
-              if(BUILD_QUIC)
-                   list(APPEND LIB_SOURCES src/quic.c)
-              endif()
-          endif()
+            if(BUILD_QUIC)
+                list(APPEND LIB_SOURCES src/quic.c)
+            endif()
+        endif()
     endif()
 
     # Corresponds to wolfcrypt/src/include.am
     if(BUILD_CRYPTOCB)
-           list(APPEND LIB_SOURCES wolfcrypt/src/cryptocb.c)
+        list(APPEND LIB_SOURCES wolfcrypt/src/cryptocb.c)
     endif()
 
     if(BUILD_PKCS11)
-           list(APPEND LIB_SOURCES wolfcrypt/src/wc_pkcs11.c)
+        list(APPEND LIB_SOURCES wolfcrypt/src/wc_pkcs11.c)
     endif()
 
     if(BUILD_DEVCRYPTO)
@@ -948,7 +1144,7 @@ function(generate_lib_src_list LIB_SOURCES)
     endif()
 
     if(BUILD_HPKE)
-         list(APPEND LIB_SOURCES wolfcrypt/src/hpke.c)
+        list(APPEND LIB_SOURCES wolfcrypt/src/hpke.c)
     endif()
 
     set(LIB_SOURCES ${LIB_SOURCES} PARENT_SCOPE)
@@ -969,14 +1165,16 @@ endfunction()
 #
 function(set_wolfssl_definitions SEARCH_VALUE RESULT)
     if (${SEARCH_VALUE} STREQUAL "")
-        message(FATAL_ERROR "Function set_wolfssl_definitions cannot have blank SEARCH_VALUE")
+        message(FATAL_ERROR
+            "Function set_wolfssl_definitions cannot have blank SEARCH_VALUE")
     endif()
 
     list(FIND WOLFSSL_DEFINITIONS "${SEARCH_VALUE}" pos)
     string(SUBSTRING "${SEARCH_VALUE}" 0 2 PREFIX_VALUE)
 
     if ("${PREFIX_VALUE}" STREQUAL "-D")
-        message(FATAL_ERROR "Do not specify the -D prefix in set_wolfssl_definitions")
+        message(FATAL_ERROR
+            "Do not specify the -D prefix in set_wolfssl_definitions")
     endif()
 
     if(${pos} EQUAL -1)
@@ -985,7 +1183,8 @@ function(set_wolfssl_definitions SEARCH_VALUE RESULT)
         message(STATUS "Enabling ${SEARCH_VALUE}")
         list(APPEND WOLFSSL_DEFINITIONS "-D${SEARCH_VALUE}")
         set(${SEARCH_VALUE} 1 PARENT_SCOPE)
-        # override_cache("${SEARCH_VALUE}" "yes") # Need to check that value is settable
+        # override_cache("${SEARCH_VALUE}" "yes")
+        # Need to check that value is settable
         set(${RESULT} 1 PARENT_SCOPE)
         message(STATUS "Enabling ${SEARCH_VALUE} - success")
 
@@ -1002,18 +1201,21 @@ endfunction()
 # Searches WOLFSSL_DEFINITIONS for SEARCH_VALUE
 #   Returns RESULT = 1 (true) if the search value is found
 #
-# Unlike set_wolfssl_definitions(), this function only queries the WOLFSSL_DEFINITIONS.
+# Unlike set_wolfssl_definitions(), this function only queries the
+# WOLFSSL_DEFINITIONS.
 #
 function(get_wolfssl_definitions SEARCH_VALUE RESULT)
     if (${SEARCH_VALUE} STREQUAL "")
-        message(FATAL_ERROR "Function get_wolfssl_definitions cannot have blank SEARCH_VALUE")
+        message(FATAL_ERROR
+            "Function get_wolfssl_definitions cannot have blank SEARCH_VALUE")
     endif()
 
     list(FIND WOLFSSL_DEFINITIONS "${SEARCH_VALUE}" pos)
     string(SUBSTRING "${SEARCH_VALUE}" 0 2 PREFIX_VALUE)
 
     if ("${PREFIX_VALUE}" STREQUAL "-D")
-        message(FATAL_ERROR "Do not specify the -D prefix in get_wolfssl_definitions")
+        message(FATAL_ERROR
+            "Do not specify the -D prefix in get_wolfssl_definitions")
     endif()
 
 
diff --git a/configure.ac b/configure.ac
index 77c8e1012..802abaca5 100644
--- a/configure.ac
+++ b/configure.ac
@@ -46,6 +46,10 @@ AC_ARG_VAR(EXTRA_LDFLAGS, [Extra LDFLAGS to add to end of autoconf-computed arg
 WOLFSSL_CONFIG_ARGS=$ac_configure_args
 AC_SUBST([WOLFSSL_CONFIG_ARGS])
 
+# Store configure options and CFLAGS for debian rules generation
+CONFIGURE_OPTIONS="$ac_configure_args"
+AC_SUBST([CONFIGURE_OPTIONS])
+
 # shared library versioning
 # The three numbers in the libwolfssl.so.*.*.* file name. Unfortunately
 
@@ -196,6 +200,7 @@ OPTIMIZE_HUGE_CFLAGS="-funroll-loops -DTFM_SMALL_SET -DTFM_HUGE_SET"
 DEBUG_CFLAGS="-g -DDEBUG -DDEBUG_WOLFSSL"
 LIB_ADD=
 LIB_STATIC_ADD=
+PC_LIBS_PRIVATE=""
 
 OPTIMIZE_CFLAGS="$OPTIMIZE_CFLAGS $EXTRA_OPTS_CFLAGS"
 OPTIMIZE_FAST_CFLAGS="$OPTIMIZE_FAST_CFLAGS $EXTRA_OPTS_CFLAGS"
@@ -437,6 +442,8 @@ AS_CASE([$ENABLED_WOLFENGINE],
 #   rand - wolfRand
 #   v5 - FIPS 140-3 Cert 4718
 #   cert4718 - alias for v5
+#   v5.2.3 -- FIPS 140-3 with support for ARM acceleration, derived from Cert 4718
+#   v5.2.4 -- FIPS 140-3 with support for Linux kernel mode, derived from v5.2.3
 #   ready - FIPS 140-3 settings with in-tree wolfcrypt sources, feature locked
 #   dev - FIPS 140-3 settings with in-tree wolfcrypt sources, features freely adjustable
 #   v5-ready - Alias for ready.
@@ -493,6 +500,24 @@ AS_CASE([$ENABLED_FIPS],
         DEF_SP_MATH="no"
         DEF_FAST_MATH="yes"
     ],
+    [v5.2.3],[
+        FIPS_VERSION="v5"
+        HAVE_FIPS_VERSION_MAJOR=5
+        HAVE_FIPS_VERSION_MINOR=2
+        HAVE_FIPS_VERSION_PATCH=3
+        ENABLED_FIPS="yes"
+        DEF_SP_MATH="yes"
+        DEF_FAST_MATH="no"
+    ],
+    [v5.2.4],[
+        FIPS_VERSION="v5"
+        HAVE_FIPS_VERSION_MAJOR=5
+        HAVE_FIPS_VERSION_MINOR=2
+        HAVE_FIPS_VERSION_PATCH=4
+        ENABLED_FIPS="yes"
+        DEF_SP_MATH="yes"
+        DEF_FAST_MATH="no"
+    ],
     [v5-RC12],[
         FIPS_VERSION="v5-RC12"
         HAVE_FIPS_VERSION_MAJOR=5
@@ -1101,6 +1126,7 @@ then
         AC_MSG_ERROR([--enable-all-osp is incompatible with --enable-linuxkm-defaults])
     fi
 
+    test "$enable_wolfguard" = "" && enable_wolfguard=yes
     test "$enable_webserver" = "" && enable_webserver=yes
 
     if test "$ENABLED_SP_MATH" != "yes"
@@ -1293,7 +1319,6 @@ then
     test "$enable_certext" = "" && enable_certext=yes
     test "$enable_sep" = "" && enable_sep=yes
     test "$enable_hkdf" = "" && enable_hkdf=yes
-    test "$enable_fpecc" = "" && test "$enable_ecc" != "no" && enable_fpecc=yes
     test "$enable_eccencrypt" = "" && test "$enable_ecc" != "no" && enable_eccencrypt=yes
     test "$enable_psk" = "" && enable_psk=yes
     test "$enable_cmac" = "" && enable_cmac=yes
@@ -1323,6 +1348,13 @@ then
     test "$enable_anon" = "" && enable_anon=yes
     test "$enable_ssh" = "" && test "$enable_hmac" != "no" && enable_ssh=yes
 
+    # the compiler optimizer generates a weird out-of-bounds bss reference for
+    # find_hole() in the FP_ECC implementation.
+    if test "$ENABLED_LINUXKM_PIE" != yes
+    then
+        test "$enable_fpecc" = "" && test "$enable_ecc" != "no" && enable_fpecc=yes
+    fi
+
     if test "x$FIPS_VERSION" != "xv1"
     then
         test "$enable_rsapss" = "" && enable_rsapss=yes
@@ -1344,8 +1376,6 @@ then
     then
         test "$enable_curve25519" = "" && enable_curve25519=yes
         test "$enable_curve448" = "" && enable_curve448=yes
-        test "$enable_cryptocb" = "" && enable_cryptocb=yes
-        test "$enable_pkcallbacks" = "" && enable_pkcallbacks=yes
         test "$enable_xchacha" = "" && test "$enable_chacha" != "no" && enable_xchacha=yes
         test "$enable_pkcs7" = "" && enable_pkcs7=yes
         test "$enable_nullcipher" = "" && enable_nullcipher=yes
@@ -1358,6 +1388,8 @@ then
 
         if test "$ENABLED_LINUXKM_DEFAULTS" != "yes"
         then
+            test "$enable_cryptocb" = "" && enable_cryptocb=yes
+            test "$enable_pkcallbacks" = "" && enable_pkcallbacks=yes
             test "$enable_eccsi" = "" && test "$enable_ecc" != "no" && enable_eccsi=yes
             test "$enable_sakke" = "" && test "$enable_ecc" != "no" && enable_sakke=yes
         fi
@@ -1370,7 +1402,7 @@ then
         test "$enable_aesxts_stream" = "" && test "$enable_aesxts" = "yes" && enable_aesxts_stream=yes
         test "$enable_shake128" = "" && enable_shake128=yes
         test "$enable_shake256" = "" && enable_shake256=yes
-        test "$enable_compkey" = "" && test "$ENABLED_LINUXKM_DEFAULTS" != "yes" && enable_compkey=yes
+        test "$enable_compkey" = "" && enable_compkey=yes
         # AFALG lacks AES-ECB
         test "$enable_srtp_kdf" = "" && test "$enable_afalg" != "yes" && enable_srtp_kdf=yes
     fi
@@ -1399,6 +1431,26 @@ then
     AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_HAVE_ISSUER_NAMES"
 fi
 
+# wolfGuard
+AC_ARG_ENABLE([wolfguard],
+    [AS_HELP_STRING([--enable-wolfguard],[Enable wolfGuard dependencies (default: disabled)])],
+    [ ENABLED_WOLFGUARD=$enableval ],
+    [ ENABLED_WOLFGUARD=no ]
+    )
+if test "$ENABLED_WOLFGUARD" = "yes"
+then
+    test "$enable_ecc" = "" && enable_ecc=yes
+    test "$enable_sha256" = "" && enable_sha256=yes
+    test "$enable_aesgcm" = "" && enable_aesgcm=yes
+    test "$enable_base64encode" = "" && enable_base64encode=yes
+    test "$enable_base16" = "" && enable_base16=yes
+    if test "$ENABLED_FIPS" = "no" || test "$HAVE_FIPS_VERSION" -ge 6
+    then
+        test "$enable_compkey" = "" && enable_compkey=yes
+        test "$enable_aesgcm_stream" = "" && enable_aesgcm_stream=yes
+    fi
+fi
+
 # liboqs
 ENABLED_LIBOQS="no"
 tryliboqsdir=""
@@ -1676,6 +1728,7 @@ then
 
     if test "$ENABLED_LIBOQS" = "no"; then
         AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_WC_DILITHIUM"
+        AM_CCASFLAGS="$AM_CCASFLAGS -DWOLFSSL_WC_DILITHIUM"
         test "$enable_sha3" = "" && enable_sha3=yes
         test "$enable_shake128" = "" && enable_shake128=yes
         test "$enable_shake256" = "" && enable_shake256=yes
@@ -3779,6 +3832,18 @@ then
     AM_CFLAGS="$AM_CFLAGS -DHAVE_INTEL_RDRAND"
 fi
 
+# INTEL RDSEED
+AC_ARG_ENABLE([intelrdseed],
+    [AS_HELP_STRING([--enable-intelrdseed],[Enable Intel rdseed as preferred RNG seeding source (default: disabled)])],
+    [ ENABLED_INTELRDSEED=$enableval ],
+    [ ENABLED_INTELRDSEED=no ]
+    )
+
+if test "$ENABLED_INTELRDSEED" = "yes"
+then
+    AM_CFLAGS="$AM_CFLAGS -DHAVE_INTEL_RDSEED"
+fi
+
 # AMD RDSEED
 AC_ARG_ENABLE([amdrand],
     [AS_HELP_STRING([--enable-amdrand],[Enable AMD rdseed as preferred RNG seeding source (default: disabled)])],
@@ -5655,7 +5720,11 @@ AC_ARG_ENABLE([pwdbased],
 # MemUse Entropy
 # wolfEntropy Software Jitter SP800-90B certifiable entropy source
 
-if test "$ENABLED_LINUXKM_DEFAULTS" = "yes"
+if test "$ENABLED_LINUXKM_DEFAULTS" = "yes" && \
+   test "$ENABLED_AMDRDSEED" != "yes" && \
+   test "$ENABLED_INTELRDRAND" != "yes" && \
+   test "$ENABLED_INTELRDSEED" != "yes" && \
+   (test "$ENABLED_FIPS" = "no" || test "$HAVE_FIPS_VERSION" -ge 6)
 then
     ENABLED_ENTROPY_MEMUSE_DEFAULT=yes
 else
@@ -5746,7 +5815,7 @@ AS_CASE([$FIPS_VERSION],
                (test "$FIPS_VERSION" != "dev" || test "$enable_keygen" != "no")],
             [ENABLED_KEYGEN="yes"; AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_KEY_GEN"])
 
-#        AS_IF([test "$ENABLED_COMPKEY" = "yes" &&
+#        AS_IF([test "$ENABLED_COMPKEY" != "yes" &&
 #               (test "$FIPS_VERSION" != "dev" || test "$enable_compkey" != "yes")],
 #            [ENABLED_COMPKEY="yes"])
 
@@ -7333,7 +7402,7 @@ then
 fi
 
 # Small Stack - Cache on object
-if test "$ENABLED_LINUXKM_DEFAULTS" = "yes"
+if test "$ENABLED_LINUXKM_DEFAULTS" = "yes" && (test "$ENABLED_FIPS" = "no" || test "$HAVE_FIPS_VERSION" -ge 6)
 then
     ENABLED_SMALL_STACK_CACHE_DEFAULT=yes
 else
@@ -8177,6 +8246,20 @@ then
         ENABLED_TICKET_NONCE_MALLOC="yes"
         AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_TICKET_NONCE_MALLOC"
     fi
+elif test "$ENABLED_CURL" = "tiny"
+then
+    # basic config to support tiny-curl.
+    # OPENSSL_EXTRA_X509_SMALL is sufficient.
+    if test "x$ENABLED_OPENSSLEXTRA" = "xno"
+    then
+        ENABLED_OPENSSLEXTRA="x509small"
+    fi
+
+    # expose a bit more compat API without full OPENSSL_EXTRA.
+    AM_CFLAGS="$AM_CFLAGS -DHAVE_CURL"
+
+    # session cache is necessary, but can be small or micro.
+    AM_CFLAGS="$AM_CFLAGS -DSMALL_SESSION_CACHE"
 fi
 
 if test "$ENABLED_PSK" = "no" && test "$ENABLED_LEANPSK" = "no" \
@@ -9806,6 +9889,20 @@ then
     fi
 fi
 
+# Make function 'wolfSSL_X509_EXTENSION_get_data' return different type of
+# data for each type of extension, as it used to do in the past, instead of
+# always returning the full OCTET STRING of the extension. Use only if you
+# need to keep compatibility with older versions.
+AC_ARG_ENABLE([old-extdata-fmt],
+    [AS_HELP_STRING([--enable-old-extdata-fmt],[Enable old format for extracting extension data (default: disabled)])],
+    [ ENABLED_OLD_EXTDATA_FMT=$enableval ],
+    [ ENABLED_OLD_EXTDATA_FMT=no ]
+    )
+
+if test "x$ENABLED_OLD_EXTDATA_FMT" = "xyes"; then
+  AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_OLD_EXTDATA_FMT"
+fi
+
 # determine if we have key validation mechanism
 if test "x$ENABLED_ECC" != "xno" || test "x$ENABLED_RSA" = "xyes"
 then
@@ -10606,6 +10703,13 @@ case $host_os in
                 MINGW_LIB_WARNING="yes"
             fi
         fi ;;
+    *darwin*)
+        # Add required frameworks for static linking on macOS
+        if test "$enable_shared" = "no"; then
+            if test "x$ENABLED_SYS_CA_CERTS" = "xyes"; then
+                PC_LIBS_PRIVATE="$PC_LIBS_PRIVATE -framework CoreFoundation -framework Security"
+            fi
+        fi ;;
 esac
 
 if test "$enable_shared" = "no"; then
@@ -10614,6 +10718,17 @@ if test "$enable_shared" = "no"; then
     fi
 fi
 
+if test "$ENABLED_WOLFGUARD" = "yes"; then
+    if test "$ENABLED_ECC" = "no" ||
+       test "$ENABLED_SHA256" = "no" ||
+       test "$ENABLED_AESGCM" = "no" ||
+       test "$ENABLED_HMAC" = "no" ||
+       test "$ENABLED_RNG" = "no"
+    then
+        AC_MSG_ERROR([--enable-wolfguard requires ECC, SHA256-HMAC, AES-GCM, and RNG.])
+    fi
+fi
+
 if test "x$ENABLED_LINUXKM" = "xyes"; then
     AX_SIMD_CC_COMPILER_FLAGS
     AC_SUBST([CFLAGS_FPU_DISABLE])
@@ -10678,9 +10793,6 @@ if test "x$ENABLED_LINUXKM" = "xyes"; then
     if test "$ENABLED_STACKLOG" = "yes"; then
         AC_MSG_ERROR([--enable-stacklog is incompatible with --enable-linuxkm.])
     fi
-    if test "$ENABLED_COMPKEY" = "yes"; then
-        AC_MSG_ERROR([--enable-compkey is incompatible with --enable-linuxkm.])
-    fi
 fi
 
 AS_IF([test "$ENABLED_ASM" = "no" && (test "$ENABLED_INTELASM" != "no" || \
@@ -10905,6 +11017,7 @@ AC_SUBST([AM_CCASFLAGS])
 AC_SUBST([LIB_ADD])
 AC_SUBST([LIB_STATIC_ADD])
 AC_SUBST([LIBM])
+AC_SUBST([PC_LIBS_PRIVATE])
 
 # FINAL
 AC_CONFIG_FILES([stamp-h], [echo timestamp > stamp-h])
@@ -10918,6 +11031,7 @@ AC_CONFIG_FILES([Makefile
         wolfcrypt/test/test_paths.h
         ])
 AC_CONFIG_FILES([scripts/unit.test],[chmod +x scripts/unit.test])
+AC_CONFIG_FILES([debian/rules],[chmod +x debian/rules])
 
 AX_CREATE_GENERIC_CONFIG
 AX_AM_JOBSERVER([yes])
diff --git a/debian/include.am b/debian/include.am
index e6f932b89..f939867b2 100644
--- a/debian/include.am
+++ b/debian/include.am
@@ -1,77 +1,25 @@
 # vim:ft=automake
 
-DEB_HOST_MULTIARCH ?= $(shell dpkg-architecture -qDEB_HOST_MULTIARCH)
-
+# Debian packaging using dpkg-buildpackage
 deb:
-# Setup meta folders
-	mkdir -p debian/libwolfssl/DEBIAN debian/libwolfssl-dev/DEBIAN
-# "Install" wolfSSL
-	make install exec_prefix=$(CURDIR)/debian/libwolfssl/usr \
-		prefix=$(CURDIR)/debian/libwolfssl-dev/usr
-# deb shared lib stuff
-	fakeroot dh_makeshlibs
-	dh_shlibdeps
-	dh_installdeb
-# Generate the lib and src descriptions
-	fakeroot dh_gencontrol
-# Make adjustments to the package structure and to satisfy lintian checks
-# Correct doc dir name
-	@rm -rf debian/libwolfssl-dev/usr/share/doc/libwolfssl-dev
-	@mv debian/libwolfssl-dev/usr/share/doc/wolfssl \
-		debian/libwolfssl-dev/usr/share/doc/libwolfssl-dev
-# Clear lib folder
-	@rm -rf debian/libwolfssl-dev/usr/lib
-	@mkdir -p debian/libwolfssl-dev/usr/lib
-# Move the top level .so into the dev pkg
-	@mv debian/libwolfssl/usr/lib/libwolfssl.so debian/libwolfssl-dev/usr/lib
-# Create correct pkg doc dir
-	@rm -rf debian/libwolfssl/usr/share/doc/libwolfssl
-	@mkdir -p debian/libwolfssl/usr/share/doc/libwolfssl
-# Place changelog
-	@gzip -n -9 -c debian/changelog | \
-		tee debian/libwolfssl/usr/share/doc/libwolfssl/changelog.gz > \
-		debian/libwolfssl-dev/usr/share/doc/libwolfssl-dev/changelog.gz
-# Place copyright
-	@cp debian/copyright debian/libwolfssl/usr/share/doc/libwolfssl
-	@cp debian/copyright debian/libwolfssl-dev/usr/share/doc/libwolfssl-dev
-# Remove .la file https://wiki.debian.org/ReleaseGoals/LAFileRemoval
-	@rm debian/libwolfssl/usr/lib/libwolfssl.la
-# Strip unwanted symbols
-# https://www.debian.org/doc/debian-policy/ch-files.html#binaries
-	@strip --strip-unneeded debian/libwolfssl/usr/lib/libwolfssl.so.*.*.*
-# Place pkgconfig so that it is available for cross-compilation
-# https://lintian.debian.org/tags/pkg-config-unavailable-for-cross-compilation
-	@rm -rf debian/libwolfssl/usr/lib/$(DEB_HOST_MULTIARCH)
-	@mkdir -p debian/libwolfssl/usr/lib/$(DEB_HOST_MULTIARCH)
-	@mv debian/libwolfssl/usr/lib/pkgconfig \
-		debian/libwolfssl/usr/lib/$(DEB_HOST_MULTIARCH)
-# Set the expected access rules
-	@chmod 644 debian/libwolfssl/usr/lib/libwolfssl.so.*.*.*
-	@chmod 644 debian/libwolfssl/usr/share/doc/libwolfssl/changelog.gz \
-		debian/libwolfssl/usr/share/doc/libwolfssl/copyright \
-		debian/libwolfssl-dev/usr/share/doc/libwolfssl-dev/changelog.gz \
-		debian/libwolfssl-dev/usr/share/doc/libwolfssl-dev/copyright
-# Do this as the last step to mark all directories with the correct access bits
-	@find debian/libwolfssl*/usr -type d | xargs chmod 755
-# Generate debs
-	dpkg-deb --root-owner-group -b debian/libwolfssl .
-	dpkg-deb --root-owner-group -b debian/libwolfssl-dev .
-# Check that everything is correct with lintian
-# - we don't provide a manual page for wolfssl-config
-# - we don't care about matching the soname for our debs
-	lintian *.deb --fail-on error,warning --tag-display-limit 0 \
-		--suppress-tags no-manual-page,package-name-doesnt-match-sonames
-# Clean up the working dirs
-	make deb-clean
+	dpkg-buildpackage -us -uc
+
+deb-source:
+	dpkg-buildpackage -S -us -uc
+
+deb-binary:
+	dpkg-buildpackage -B -us -uc
 
 deb-docker:
 	docker build -t "debian-builder:Dockerfile" Docker/packaging/debian
 	docker run --rm -v $(CURDIR):/opt/wolfssl debian-builder:Dockerfile \
-		bash -c 'cd /opt/wolfssl && ./config.status --recheck && make deb && \
-				make clean deb-clean &> /dev/null'
-# To allow the user to keep using the configuration on the host
-	@./config.status --recheck &> /dev/null
+		bash -c 'cd /opt/wolfssl && ./autogen.sh && ./configure $(WOLFSSL_CONFIG_ARGS) && make deb && find .. -maxdepth 1 -type f -exec cp {} . \;'
 
 deb-clean:
+	dh_clean --exclude=debian/control --exclude=debian/changelog \
+		--exclude=debian/rules || true
 	rm -rf debian/libwolfssl debian/libwolfssl-dev debian/files \
-		debian/*.substvars debian/.debhelper
+		debian/*.substvars debian/.debhelper debian/tmp
+	rm -f debian/debhelper-build-stamp
+
+.PHONY: deb deb-source deb-binary deb-docker deb-clean
diff --git a/debian/libwolfssl-dev.install b/debian/libwolfssl-dev.install
new file mode 100644
index 000000000..21de1f206
--- /dev/null
+++ b/debian/libwolfssl-dev.install
@@ -0,0 +1,6 @@
+usr/include/
+usr/lib/*/libwolfssl.so
+usr/lib/*/libwolfssl.a
+usr/lib/*/pkgconfig/wolfssl.pc
+usr/bin/wolfssl-config
+usr/share/doc/wolfssl/
diff --git a/debian/libwolfssl.install b/debian/libwolfssl.install
new file mode 100644
index 000000000..74c748be5
--- /dev/null
+++ b/debian/libwolfssl.install
@@ -0,0 +1 @@
+usr/lib/*/libwolfssl.so.*
diff --git a/debian/rules.in b/debian/rules.in
new file mode 100644
index 000000000..88e12e219
--- /dev/null
+++ b/debian/rules.in
@@ -0,0 +1,61 @@
+#!/usr/bin/make -f
+
+# Store the configure options and CFLAGS used during ./configure
+# This file is generated from rules.in by the configure script
+CONFIGURE_OPTIONS = @CONFIGURE_OPTIONS@
+ENABLED_FIPS = @ENABLED_FIPS@
+
+# Use debhelper with automatic sequence
+%:
+	dh $@
+
+# Override configure to use the stored options
+override_dh_auto_configure:
+	./configure \
+		--build=$(DEB_BUILD_GNU_TYPE) \
+		--host=$(DEB_HOST_GNU_TYPE) \
+		--prefix=/usr \
+		--mandir=/usr/share/man \
+		--infodir=/usr/share/info \
+		--sysconfdir=/etc \
+		--localstatedir=/var \
+		--libdir=/usr/lib/$(DEB_HOST_MULTIARCH) \
+		--libexecdir=/usr/lib/$(DEB_HOST_MULTIARCH) \
+		--disable-maintainer-mode \
+		--disable-dependency-tracking \
+		--enable-shared \
+		--enable-static \
+		$(CONFIGURE_OPTIONS)
+
+# Override test to skip them (optional, remove if you want to run tests)
+#override_dh_auto_test:
+	# Skip tests during package build
+
+# Handle FIPS builds which require special hash generation
+override_dh_auto_build:
+ifeq ($(ENABLED_FIPS),yes)
+	# FIPS build requires two-stage process with hash generation
+	$(MAKE)
+	./fips-hash.sh
+	$(MAKE)
+else
+	# Standard build
+	dh_auto_build
+endif
+
+# Handle multiarch library placement and remove .la files
+override_dh_auto_install:
+	dh_auto_install
+	# Remove .la files (not needed in modern Debian packages)
+	find debian/tmp -name '*.la' -delete
+
+# Set proper permissions and strip symbols
+override_dh_strip:
+	dh_strip --dbgsym-migration='libwolfssl-dbg (<< 5.0.0-1~)'
+
+# Auto-clean override - prevent make distclean from removing debian files
+override_dh_auto_clean:
+	# Run make clean instead of make distclean to preserve debian files
+	if [ -f Makefile ]; then \
+		$(MAKE) clean; \
+	fi
diff --git a/debian/source/format b/debian/source/format
new file mode 100644
index 000000000..89ae9db8f
--- /dev/null
+++ b/debian/source/format
@@ -0,0 +1 @@
+3.0 (native)
diff --git a/doc/dox_comments/header_files/ecc.h b/doc/dox_comments/header_files/ecc.h
index 20bd89ccd..ce48cf634 100644
--- a/doc/dox_comments/header_files/ecc.h
+++ b/doc/dox_comments/header_files/ecc.h
@@ -113,6 +113,114 @@ int wc_ecc_make_key(WC_RNG* rng, int keysize, ecc_key* key);
 
 int wc_ecc_make_key_ex(WC_RNG* rng, int keysize, ecc_key* key, int curve_id);
 
+/*!
+    \ingroup ECC
+
+    \brief wc_ecc_make_pub computes the public component from an ecc_key with an
+    existing private component.  If pubOut is supplied, the computed public key
+    is stored there, else it is stored in the supplied ecc_key public component
+    slot.
+
+    \return 0 Returned on success.
+    \return ECC_BAD_ARG_E Returned if rng or key evaluate to NULL
+    \return BAD_FUNC_ARG Returned if the supplied key is not a valid ecc_key.
+    \return MEMORY_E Returned if there is an error allocating memory while
+    computing the public key
+    \return MP_INIT_E may be returned if there is an error while computing
+    the public key
+    \return MP_READ_E may be returned if there is an error while computing
+    the public key
+    \return MP_CMP_E may be returned if there is an error while computing the
+    public key
+    \return MP_INVMOD_E may be returned if there is an error while computing
+    the public key
+    \return MP_EXPTMOD_E may be returned if there is an error while computing
+    the public key
+    \return MP_MOD_E may be returned if there is an error while computing the
+    public key
+    \return MP_MUL_E may be returned if there is an error while computing the
+    public key
+    \return MP_ADD_E may be returned if there is an error while computing the
+    public key
+    \return MP_MULMOD_E may be returned if there is an error while computing
+    the public key
+    \return MP_TO_E may be returned if there is an error while computing the
+    public key
+    \return MP_MEM may be returned if there is an error while computing the
+    public key
+    \return ECC_OUT_OF_RANGE_E may be returned if there is an error while computing the
+    public key
+    \return ECC_PRIV_KEY_E may be returned if there is an error while computing the
+    public key
+    \return ECC_INF_E may be returned if there is an error while computing the
+    public key
+
+    \param key Pointer to an ecc_key containing a valid private component
+    \param pubOut Optional pointer to an ecc_point struct in which to store
+    the computed public key
+
+    \sa wc_ecc_make_pub_ex
+    \sa wc_ecc_make_key
+*/
+
+int wc_ecc_make_pub(ecc_key* key, ecc_point* pubOut);
+
+/*!
+    \ingroup ECC
+
+    \brief wc_ecc_make_pub_ex computes the public component from an ecc_key with
+    an existing private component.  If pubOut is supplied, the computed public
+    key is stored there, else it is stored in the supplied ecc_key public
+    component slot.  The supplied rng, if non-NULL, is used to blind the private
+    key value used in the computation.  If rng is NULL, an ephemeral rng is
+    instantiated internally.
+
+    \return 0 Returned on success.
+    \return ECC_BAD_ARG_E Returned if rng or key evaluate to NULL
+    \return BAD_FUNC_ARG Returned if the supplied key is not a valid ecc_key.
+    \return MEMORY_E Returned if there is an error allocating memory while
+    computing the public key
+    \return MP_INIT_E may be returned if there is an error while computing
+    the public key
+    \return MP_READ_E may be returned if there is an error while computing
+    the public key
+    \return MP_CMP_E may be returned if there is an error while computing the
+    public key
+    \return MP_INVMOD_E may be returned if there is an error while computing
+    the public key
+    \return MP_EXPTMOD_E may be returned if there is an error while computing
+    the public key
+    \return MP_MOD_E may be returned if there is an error while computing the
+    public key
+    \return MP_MUL_E may be returned if there is an error while computing the
+    public key
+    \return MP_ADD_E may be returned if there is an error while computing the
+    public key
+    \return MP_MULMOD_E may be returned if there is an error while computing
+    the public key
+    \return MP_TO_E may be returned if there is an error while computing the
+    public key
+    \return MP_MEM may be returned if there is an error while computing the
+    public key
+    \return ECC_OUT_OF_RANGE_E may be returned if there is an error while computing the
+    public key
+    \return ECC_PRIV_KEY_E may be returned if there is an error while computing the
+    public key
+    \return ECC_INF_E may be returned if there is an error while computing the
+    public key
+
+    \param key Pointer to an ecc_key containing a valid private component
+    \param pubOut Optional pointer to an ecc_point struct in which to store
+    the computed public key
+    \param rng Rng to be used in the public key computation
+
+    \sa wc_ecc_make_pub
+    \sa wc_ecc_make_key
+    \sa wc_InitRng
+*/
+
+int wc_ecc_make_pub_ex(ecc_key* key, ecc_point* pubOut, WC_RNG* rng);
+
 /*!
     \ingroup ECC
 
@@ -960,6 +1068,7 @@ int wc_ecc_mulmod(mp_int* k, ecc_point *G, ecc_point *R,
 
     \sa wc_ecc_export_x963_ex
     \sa wc_ecc_import_x963
+    \sa wc_ecc_make_pub
 */
 
 int wc_ecc_export_x963(ecc_key* key, byte* out, word32* outLen);
@@ -967,23 +1076,25 @@ int wc_ecc_export_x963(ecc_key* key, byte* out, word32* outLen);
 /*!
     \ingroup ECC
 
-    \brief This function exports the ECC key from the ecc_key structure,
+    \brief This function exports the public key from the ecc_key structure,
     storing the result in out. The key will be stored in ANSI X9.63 format.
     It stores the bytes written to the output buffer in outLen. This function
     allows the additional option of compressing the certificate through the
     compressed parameter. When this parameter is true, the key will be stored
     in ANSI X9.63 compressed format.
 
-    \return 0 Returned on successfully exporting the ecc_key
+    \return 0 Returned on successfully exporting the ecc_key public component
+    \return ECC_PRIVATEKEY_ONLY Returned if the ecc_key public component is
+    missing
     \return NOT_COMPILED_IN Returned if the HAVE_COMP_KEY was not enabled at
     compile time, but the key was requested in compressed format
     \return LENGTH_ONLY_E Returned if the output buffer evaluates to NULL, but
     the other two input parameters are valid. Indicates that the function is
-    only returning the length required to store the key
+    only returning the length required to store the public key
     \return ECC_BAD_ARG_E Returned if any of the input parameters are NULL, or
     the key is unsupported (has an invalid index)
     \return BUFFER_E Returned if the output buffer is too small to store the
-    ecc key. If the output buffer is too small, the size needed will be
+    public key. If the output buffer is too small, the size needed will be
     returned in outLen
     \return MEMORY_E Returned if there is an error allocating memory with
     XMALLOC
@@ -1010,9 +1121,9 @@ int wc_ecc_export_x963(ecc_key* key, byte* out, word32* outLen);
 
     \param key pointer to the ecc_key object to export
     \param out pointer to the buffer in which to store the ANSI X9.63
-    formatted key
+    formatted public key
     \param outLen size of the output buffer. On successfully storing the
-    key, will hold the bytes written to the output buffer
+    public key, will hold the bytes written to the output buffer
     \param compressed indicator of whether to store the key in compressed
     format. 1==compressed, 0==uncompressed
 
@@ -1031,6 +1142,7 @@ int wc_ecc_export_x963(ecc_key* key, byte* out, word32* outLen);
 
     \sa wc_ecc_export_x963
     \sa wc_ecc_import_x963
+    \sa wc_ecc_make_pub
 */
 
 int wc_ecc_export_x963_ex(ecc_key* key, byte* out, word32* outLen, int compressed);
diff --git a/doc/dox_comments/header_files/ed25519.h b/doc/dox_comments/header_files/ed25519.h
index 9ab61de62..a1d0064db 100644
--- a/doc/dox_comments/header_files/ed25519.h
+++ b/doc/dox_comments/header_files/ed25519.h
@@ -767,7 +767,7 @@ int wc_ed25519_import_private_key_ex(const byte* priv, word32 privSz,
 /*!
     \ingroup ED25519
 
-    \brief This function exports the private key from an ed25519_key
+    \brief This function exports the public key from an ed25519_key
     structure. It stores the public key in the buffer out, and sets the bytes
     written to this buffer in outLen.
 
diff --git a/doc/dox_comments/header_files/memory.h b/doc/dox_comments/header_files/memory.h
index fbc2172fc..84742f9dd 100644
--- a/doc/dox_comments/header_files/memory.h
+++ b/doc/dox_comments/header_files/memory.h
@@ -159,6 +159,8 @@ int wolfSSL_SetAllocators(wolfSSL_Malloc_cb,
     (--enable-staticmemory). It gives the optimum buffer size for memory
     “buckets”. This allows for a way to compute buffer size so that no
     extra unused memory is left at the end after it has been partitioned.
+    For the none _ex version of this function the default bucket and
+    distribution list set during compile time is used.
     The returned value, if positive, is the computed buffer size to use.
 
     \return Success On successfully completing buffer size calculations a
@@ -174,6 +176,7 @@ int wolfSSL_SetAllocators(wolfSSL_Malloc_cb,
     byte buffer[1000];
     word32 size = sizeof(buffer);
     int optimum;
+
     optimum = wolfSSL_StaticBufferSz(buffer, size, WOLFMEM_GENERAL);
     if (optimum < 0) { //handle error case }
     printf(“The optimum buffer size to make use of all memory is %d\n”,
@@ -409,3 +412,228 @@ int wolfSSL_is_static_memory(WOLFSSL* ssl, WOLFSSL_MEM_CONN_STATS* mem_stats);
 */
 int wc_LoadStaticMemory(WOLFSSL_HEAP_HINT* hint, unsigned char* buf, unsigned int sz,
                 int flag, int max);
+
+/*!
+    \ingroup Memory
+
+    \brief This function is used to set aside static memory for wolfCrypt use with custom
+    bucket sizes and distributions. Memory can be used by passing the created heap hint
+    into functions. This extended version allows for custom bucket sizes and distributions
+    instead of using the default predefined sizes.
+
+    \return If successful, 0 will be returned.
+    \return All unsuccessful return values will be less than 0.
+
+    \param hint WOLFSSL_HEAP_HINT structure to use
+    \param buf memory to use for all operations.
+    \param sz size of memory buffer being passed in.
+    \param flag type of memory.
+    \param max max concurrent operations (handshakes, IO).
+    \param bucket_sizes array of bucket sizes to use
+    \param bucket_count number of bucket sizes in the array
+
+    _Example_
+    \code
+    WOLFSSL_HEAP_HINT hint;
+    int ret;
+    unsigned char memory[MAX];
+    int memorySz = MAX;
+    int flag = WOLFMEM_GENERAL | WOLFMEM_TRACK_STATS;
+    word16 bucket_sizes[] = {64, 128, 256, 512, 1024};
+    int bucket_count = 5;
+    ...
+
+    // load in memory for use with custom bucket sizes
+
+    ret = wc_LoadStaticMemory_ex(&hint, memory, memorySz, flag, 0,
+                                 bucket_sizes, bucket_count);
+    if (ret != SSL_SUCCESS) {
+        // handle error case
+    }
+    ...
+
+    ret = wc_InitRng_ex(&rng, hint, 0);
+
+    // check ret value
+    \endcode
+
+    \sa wc_LoadStaticMemory
+    \sa wc_UnloadStaticMemory
+*/
+int wc_LoadStaticMemory_ex(WOLFSSL_HEAP_HINT* hint, unsigned char* buf, unsigned int sz,
+                int flag, int max, word16* bucket_sizes, int bucket_count);
+
+/*!
+    \ingroup Memory
+
+    \brief This function sets a global heap hint that will be used when NULL heap hint
+    is passed to memory allocation functions. This allows for setting a default heap
+    hint that will be used across the entire application.
+
+    \return Returns the previous global heap hint that was set.
+
+    \param hint WOLFSSL_HEAP_HINT structure to use as the global heap hint
+
+    _Example_
+    \code
+    WOLFSSL_HEAP_HINT hint;
+    WOLFSSL_HEAP_HINT* prev_hint;
+    int ret;
+    unsigned char memory[MAX];
+    int memorySz = MAX;
+    ...
+
+    // load in memory for use
+    ret = wc_LoadStaticMemory(&hint, memory, memorySz, WOLFMEM_GENERAL, 0);
+    if (ret != SSL_SUCCESS) {
+        // handle error case
+    }
+
+    // set as global heap hint
+    prev_hint = wolfSSL_SetGlobalHeapHint(&hint);
+    if (prev_hint != NULL) {
+        // there was a previous global heap hint
+    }
+    \endcode
+
+    \sa wolfSSL_GetGlobalHeapHint
+    \sa wc_LoadStaticMemory
+*/
+WOLFSSL_HEAP_HINT* wolfSSL_SetGlobalHeapHint(WOLFSSL_HEAP_HINT* hint);
+
+/*!
+    \ingroup Memory
+
+    \brief This function gets the current global heap hint that is used when NULL
+    heap hint is passed to memory allocation functions.
+
+    \return Returns the current global heap hint, or NULL if none is set.
+
+    \param none No parameters.
+
+    _Example_
+    \code
+    WOLFSSL_HEAP_HINT* current_hint;
+    ...
+
+    current_hint = wolfSSL_GetGlobalHeapHint();
+    if (current_hint != NULL) {
+        // there is a global heap hint set
+        // can use current_hint for operations
+    }
+    \endcode
+
+    \sa wolfSSL_SetGlobalHeapHint
+    \sa wc_LoadStaticMemory
+*/
+WOLFSSL_HEAP_HINT* wolfSSL_GetGlobalHeapHint(void);
+
+/*!
+    \ingroup Memory
+
+    \brief This function sets a debug callback function for static memory allocation
+    tracking. Used with WOLFSSL_STATIC_MEMORY_DEBUG_CALLBACK build option. The callback
+    function will be called during memory allocation and deallocation operations to
+    provide debugging information.
+
+    \return If successful, 0 will be returned.
+    \return All unsuccessful return values will be less than 0.
+
+    \param cb debug callback function to set
+
+    _Example_
+    \code
+    static void debug_memory_cb(const char* func, const char* file, int line,
+                                void* ptr, size_t size, int type)
+    {
+        printf("Memory %s: %s:%d ptr=%p size=%zu type=%d\n",
+               func, file, line, ptr, size, type);
+    }
+    ...
+
+    // set debug callback
+    int ret = wolfSSL_SetDebugMemoryCb(debug_memory_cb);
+    if (ret != 0) {
+        // handle error case
+    }
+    \endcode
+
+    \sa none
+*/
+int wolfSSL_SetDebugMemoryCb(wolfSSL_DebugMemoryCb cb);
+
+/*!
+    \ingroup Memory
+
+    \brief This function frees static memory heap and associated mutex. Should be
+    called when done using static memory allocation to properly clean up resources.
+
+    \return If successful, 0 will be returned.
+    \return All unsuccessful return values will be less than 0.
+
+    \param hint WOLFSSL_HEAP_HINT structure to unload
+
+    _Example_
+    \code
+    WOLFSSL_HEAP_HINT hint;
+    int ret;
+    unsigned char memory[MAX];
+    int memorySz = MAX;
+    ...
+
+    // load in memory for use
+    ret = wc_LoadStaticMemory(&hint, memory, memorySz, WOLFMEM_GENERAL, 0);
+    if (ret != SSL_SUCCESS) {
+        // handle error case
+    }
+
+    // use memory for operations
+    ...
+
+    // cleanup when done
+    ret = wc_UnloadStaticMemory(&hint);
+    if (ret != 0) {
+        // handle error case
+    }
+    \endcode
+
+    \sa wc_LoadStaticMemory
+    \sa wc_LoadStaticMemory_ex
+*/
+int wc_UnloadStaticMemory(WOLFSSL_HEAP_HINT* hint);
+
+/*!
+    \ingroup Memory
+
+    \brief This function calculates the required buffer size for static memory allocation
+    with custom bucket sizes and distributions. This extended version allows for custom
+    bucket sizes instead of using the default predefined sizes.
+
+    \return On successfully completing buffer size calculations a positive value is returned.
+    \return All negative values are considered to be error cases.
+
+    \param bucket_sizes array of bucket sizes to use
+    \param bucket_count number of bucket sizes in the array
+    \param flag desired type of memory ie WOLFMEM_GENERAL or WOLFMEM_IO_POOL
+
+    _Example_
+    \code
+    word32 sizeList[] = {64, 128, 256, 512, 1024};
+    word32 distList[] = {1, 2, 1, 1, 1};
+    int listSz = 5;
+    int optimum;
+
+    optimum = wolfSSL_StaticBufferSz_ex(listSz, sizeList, distList, NULL, 0,
+        WOLFMEM_GENERAL);
+    if (optimum < 0) { //handle error case }
+    printf("The optimum buffer size with custom buckets is %d\n", optimum);
+    ...
+    \endcode
+
+    \sa wolfSSL_StaticBufferSz
+    \sa wc_LoadStaticMemory_ex
+*/
+int wolfSSL_StaticBufferSz_ex(unsigned int listSz,
+            const word32 *sizeList, const word32 *distList,
+            byte* buffer, word32 sz, int flag);
+
diff --git a/doc/dox_comments/header_files/pkcs7.h b/doc/dox_comments/header_files/pkcs7.h
index be5a75c43..31498ef9c 100644
--- a/doc/dox_comments/header_files/pkcs7.h
+++ b/doc/dox_comments/header_files/pkcs7.h
@@ -1,3 +1,23 @@
+/*!
+    \ingroup PKCS7
+
+    \brief Callback used for a custom AES key wrap/unwrap operation.
+
+    \return The size of the wrapped/unwrapped key written to the output buffer
+    should be returned on success. A 0 return value or error code (< 0)
+    indicates a failure.
+
+    \param[in] key Specify the key to use.
+    \param[in] keySz Size of the key to use.
+    \param[in] in Specify the input data to wrap/unwrap.
+    \param[in] inSz Size of the input data.
+    \param[in] wrap 1 if the requested operation is a key wrap, 0 for unwrap.
+    \param[out] out Specify the output buffer.
+    \param[out] outSz Size of the output buffer.
+*/
+typedef int (*CallbackAESKeyWrapUnwrap)(const byte* key, word32 keySz,
+        const byte* in, word32 inSz, int wrap, byte* out, word32 outSz);
+
 /*!
     \ingroup PKCS7
 
@@ -477,6 +497,21 @@ int wc_PKCS7_VerifySignedData_ex(PKCS7* pkcs7, const byte* hashBuf,
     word32 hashSz, byte* pkiMsgHead, word32 pkiMsgHeadSz, byte* pkiMsgFoot,
     word32 pkiMsgFootSz);
 
+/*!
+    \ingroup PKCS7
+
+    \brief Set the callback function to be used to perform a custom AES key
+    wrap/unwrap operation.
+
+    \retval 0 Callback function was set successfully
+    \retval BAD_FUNC_ARG Parameter pkcs7 is NULL
+
+    \param pkcs7 pointer to the PKCS7 structure
+    \param aesKeyWrapCb pointer to custom AES key wrap/unwrap function
+*/
+int wc_PKCS7_SetAESKeyWrapUnwrapCb(wc_PKCS7* pkcs7,
+        CallbackAESKeyWrapUnwrap aesKeyWrapCb);
+
 /*!
     \ingroup PKCS7
 
@@ -497,6 +532,8 @@ int wc_PKCS7_VerifySignedData_ex(PKCS7* pkcs7, const byte* hashBuf,
     number generator for encryption
     \return DRBG_FAILED Returned if there is an error generating numbers with
     the random number generator used for encryption
+    \return NOT_COMPILED_IN may be returned if using an ECC key and wolfssl was
+    built without HAVE_X963_KDF support
 
     \param pkcs7 pointer to the PKCS7 structure to encode
     \param output pointer to the buffer in which to store the encoded
@@ -538,6 +575,13 @@ int  wc_PKCS7_EncodeEnvelopedData(PKCS7* pkcs7,
     type, decoding the message into output. It uses the private key of the
     PKCS7 object passed in to decrypt the message.
 
+    Note that if the EnvelopedData is encrypted using an ECC key and the
+    KeyAgreementRecipientInfo structure, then either the HAVE_AES_KEYWRAP
+    build option should be enabled to enable the wolfcrypt built-in AES key
+    wrap/unwrap functionality, or a custom AES key wrap/unwrap callback should
+    be set with wc_PKCS7_SetAESKeyWrapUnwrapCb(). If neither of these is true,
+    decryption will fail.
+
     \return On successfully extracting the information from the message,
     returns the bytes written to output
     \return BAD_FUNC_ARG Returned if one of the input parameters is invalid
@@ -575,6 +619,8 @@ int  wc_PKCS7_EncodeEnvelopedData(PKCS7* pkcs7,
     verification
     \return MP_MEM may be returned if there is an error during signature
     verification
+    \return NOT_COMPILED_IN may be returned if the EnvelopedData is encrypted
+    using an ECC key and wolfssl was built without HAVE_X963_KDF support
 
     \param pkcs7 pointer to the PKCS7 structure containing the private key with
     which to decode the enveloped data package
@@ -608,6 +654,31 @@ int  wc_PKCS7_EncodeEnvelopedData(PKCS7* pkcs7,
 int wc_PKCS7_DecodeEnvelopedData(PKCS7* pkcs7, byte* pkiMsg,
         word32 pkiMsgSz, byte* output, word32 outputSz);
 
+/*!
+    \ingroup PKCS7
+
+    \brief This function extracts the KeyAgreeRecipientIdentifier object from
+    an EnvelopedData package containing a KeyAgreeRecipientInfo RecipientInfo
+    object. Only the first KeyAgreeRecipientIdentifer found in the first
+    RecipientInfo is copied. This function does not support multiple
+    RecipientInfo objects or multiple RecipientEncryptedKey objects within an
+    KeyAgreeRecipientInfo.
+
+    \return Returns 0 on success.
+    \return BAD_FUNC_ARG Returned if one of the input parameters is invalid.
+    \return ASN_PARSE_E Returned if there is an error parsing the input message.
+    \return PKCS7_OID_E Returned if the input message is not an enveloped
+    data type.
+    \return BUFFER_E Returned if there is not enough room in the output buffer.
+
+    \param[in] in Input buffer containing the EnvelopedData ContentInfo message.
+    \param[in] inSz Size of the input buffer.
+    \param[out] out Output buffer.
+    \param[in,out] outSz Output buffer size on input, Size written on output.
+*/
+int wc_PKCS7_GetEnvelopedDataKariRid(const byte * in, word32 inSz,
+        byte * out, word32 * outSz);
+
 /*!
     \ingroup PKCS7
 
@@ -712,3 +783,97 @@ int wc_PKCS7_DecodeEncryptedData(PKCS7* pkcs7, byte* pkiMsg,
 */
 int wc_PKCS7_DecodeEncryptedKeyPackage(wc_PKCS7 * pkcs7,
         byte * pkiMsg, word32 pkiMsgSz, byte * output, word32 outputSz);
+
+/*!
+    \ingroup PKCS7
+
+    \brief This function provides access to a SymmetricKeyPackage attribute.
+
+    \return 0 The requested attribute has been successfully located.
+    attr and attrSz output variables are populated with the address and size of
+    the attribute. The attribute will be in the same buffer passed in via the
+    skp input pointer.
+    \return BAD_FUNC_ARG One of the input parameters is invalid.
+    \return ASN_PARSE_E An error was encountered parsing the input object.
+    \return BAD_INDEX_E The requested attribute index was invalid.
+
+    \param[in] skp Input buffer containing the SymmetricKeyPackage object.
+    \param[in] skpSz Size of the SymmetricKeyPackage object.
+    \param[in] index Index of the attribute to access.
+    \param[out] attr Buffer in which to store the pointer to the requested
+    attribute object.
+    \param[out] attrSz Buffer in which to store the size of the requested
+    attribute object.
+*/
+int wc_PKCS7_DecodeSymmetricKeyPackageAttribute(const byte * skp,
+        word32 skpSz, size_t index, const byte ** attr, word32 * attrSz);
+
+/*!
+    \ingroup PKCS7
+
+    \brief This function provides access to a SymmetricKeyPackage key.
+
+    \return 0 The requested key has been successfully located.
+    key and keySz output variables are populated with the address and size of
+    the key. The key will be in the same buffer passed in via the
+    skp input pointer.
+    \return BAD_FUNC_ARG One of the input parameters is invalid.
+    \return ASN_PARSE_E An error was encountered parsing the input object.
+    \return BAD_INDEX_E The requested key index was invalid.
+
+    \param[in] skp Input buffer containing the SymmetricKeyPackage object.
+    \param[in] skpSz Size of the SymmetricKeyPackage object.
+    \param[in] index Index of the key to access.
+    \param[out] key Buffer in which to store the pointer to the requested
+    key object.
+    \param[out] keySz Buffer in which to store the size of the requested
+    key object.
+*/
+int wc_PKCS7_DecodeSymmetricKeyPackageKey(const byte * skp,
+        word32 skpSz, size_t index, const byte ** key, word32 * keySz);
+
+/*!
+    \ingroup PKCS7
+
+    \brief This function provides access to a OneSymmetricKey attribute.
+
+    \return 0 The requested attribute has been successfully located.
+    attr and attrSz output variables are populated with the address and size of
+    the attribute. The attribute will be in the same buffer passed in via the
+    osk input pointer.
+    \return BAD_FUNC_ARG One of the input parameters is invalid.
+    \return ASN_PARSE_E An error was encountered parsing the input object.
+    \return BAD_INDEX_E The requested attribute index was invalid.
+
+    \param[in] osk Input buffer containing the OneSymmetricKey object.
+    \param[in] oskSz Size of the OneSymmetricKey object.
+    \param[in] index Index of the attribute to access.
+    \param[out] attr Buffer in which to store the pointer to the requested
+    attribute object.
+    \param[out] attrSz Buffer in which to store the size of the requested
+    attribute object.
+*/
+int wc_PKCS7_DecodeOneSymmetricKeyAttribute(const byte * osk,
+        word32 oskSz, size_t index, const byte ** attr, word32 * attrSz);
+
+/*!
+    \ingroup PKCS7
+
+    \brief This function provides access to a OneSymmetricKey key.
+
+    \return 0 The requested key has been successfully located.
+    key and keySz output variables are populated with the address and size of
+    the key. The key will be in the same buffer passed in via the
+    osk input pointer.
+    \return BAD_FUNC_ARG One of the input parameters is invalid.
+    \return ASN_PARSE_E An error was encountered parsing the input object.
+
+    \param[in] osk Input buffer containing the OneSymmetricKey object.
+    \param[in] oskSz Size of the OneSymmetricKey object.
+    \param[out] key Buffer in which to store the pointer to the requested
+    key object.
+    \param[out] keySz Buffer in which to store the size of the requested
+    key object.
+*/
+int wc_PKCS7_DecodeOneSymmetricKeyKey(const byte * osk,
+        word32 oskSz, const byte ** key, word32 * keySz);
diff --git a/doc/dox_comments/header_files/pwdbased.h b/doc/dox_comments/header_files/pwdbased.h
index 4454c2e8b..a73f508d3 100644
--- a/doc/dox_comments/header_files/pwdbased.h
+++ b/doc/dox_comments/header_files/pwdbased.h
@@ -45,7 +45,7 @@
 */
 int wc_PBKDF1(byte* output, const byte* passwd, int pLen,
                       const byte* salt, int sLen, int iterations, int kLen,
-                      int typeH);
+                      int hashType);
 
 /*!
     \ingroup Password
@@ -96,7 +96,7 @@ int wc_PBKDF1(byte* output, const byte* passwd, int pLen,
 */
 int wc_PBKDF2(byte* output, const byte* passwd, int pLen,
                       const byte* salt, int sLen, int iterations, int kLen,
-                      int typeH);
+                      int hashType);
 
 /*!
     \ingroup Password
@@ -132,10 +132,10 @@ int wc_PBKDF2(byte* output, const byte* passwd, int pLen,
     Should be kLen long
     \param passwd pointer to the buffer containing the password to use for
     the key derivation
-    \param pLen length of the password to use for key derivation
+    \param passLen length of the password to use for key derivation
     \param salt pointer to the buffer containing the salt to use
     for key derivation
-    \param sLen length of the salt
+    \param saltLen length of the salt
     \param iterations number of times to process the hash
     \param kLen desired length of the derived key
     \param hashType the hashing algorithm to use. Valid choices are: WC_MD5,
@@ -165,6 +165,6 @@ int wc_PBKDF2(byte* output, const byte* passwd, int pLen,
     \sa wc_PBKDF1
     \sa wc_PBKDF2
 */
-int wc_PKCS12_PBKDF(byte* output, const byte* passwd, int pLen,
-                            const byte* salt, int sLen, int iterations,
-                            int kLen, int typeH, int purpose);
+int wc_PKCS12_PBKDF(byte* output, const byte* passwd, int passLen,
+                            const byte* salt, int saltLen, int iterations,
+                            int kLen, int hashType, int id);
diff --git a/doc/dox_comments/header_files/random.h b/doc/dox_comments/header_files/random.h
index e66c22662..d7647142c 100644
--- a/doc/dox_comments/header_files/random.h
+++ b/doc/dox_comments/header_files/random.h
@@ -279,17 +279,17 @@ WC_RNG* wc_rng_free(WC_RNG* rng);
     \brief Creates and tests functionality of drbg.
 
     \return 0 on success
-    \return BAD_FUNC_ARG entropyA and output must not be null.  If reseed
-    set entropyB must not be null
+    \return BAD_FUNC_ARG seedA and output must not be null.  If reseed
+    set seedB must not be null
     \return -1 test failed
 
     \param int reseed: if set, will test reseed functionality
-    \param entropyA: entropy to instantiate drgb with
-    \param entropyASz: size of entropyA in bytes
-    \param entropyB: If reseed set, drbg will be reseeded with entropyB
-    \param entropyBSz: size of entropyB in bytes
-    \param output: initialized to random data seeded with entropyB if
-    seedrandom is set, and entropyA otherwise
+    \param seedA: seed to instantiate drgb with
+    \param seedASz: size of seedA in bytes
+    \param seedB: If reseed set, drbg will be reseeded with seedB
+    \param seedBSz: size of seedB in bytes
+    \param output: initialized to random data seeded with seedB if
+    seedrandom is set, and seedA otherwise
     \param outputSz: length of output in bytes
 
     _Example_
@@ -322,7 +322,6 @@ WC_RNG* wc_rng_free(WC_RNG* rng);
     \sa wc_RNG_GenerateByte
     \sa wc_FreeRng
 */
-int wc_RNG_HealthTest(int reseed,
-                                        const byte* entropyA, word32 entropyASz,
-                                        const byte* entropyB, word32 entropyBSz,
-                                        byte* output, word32 outputSz);
+int wc_RNG_HealthTest(int reseed, const byte* seedA, word32 seedASz,
+        const byte* seedB, word32 seedBSz,
+        byte* output, word32 outputSz);
diff --git a/doc/dox_comments/header_files/ssl.h b/doc/dox_comments/header_files/ssl.h
index 30e5fc2d4..e6901921d 100644
--- a/doc/dox_comments/header_files/ssl.h
+++ b/doc/dox_comments/header_files/ssl.h
@@ -4115,7 +4115,7 @@ char* wolfSSL_ERR_error_string(unsigned long errNumber, char* data);
     \sa wolfSSL_load_error_strings
 */
 void  wolfSSL_ERR_error_string_n(unsigned long e, char* buf,
-                                           unsigned long sz);
+                                           unsigned long len);
 
 /*!
     \ingroup TLS
@@ -7659,20 +7659,20 @@ int wolfSSL_SetMinEccKey_Sz(WOLFSSL* ssl, short keySz);
     \return MEMORY_E returned if there is an error with memory allocation.
 
     \param ssl a pointer to a WOLFSSL structure, created using wolfSSL_new().
-    \param msk a void pointer variable that will hold the result
+    \param key a void pointer variable that will hold the result
     of the p_hash function.
     \param len an unsigned integer that represents the length of
-    the msk variable.
+    the key variable.
     \param label a constant char pointer that is copied from in wc_PRF().
 
     _Example_
     \code
     WOLFSSL* ssl = wolfSSL_new(ctx);;
-    void* msk;
+    void* key;
     unsigned int len;
     const char* label;
     …
-    return wolfSSL_make_eap_keys(ssl, msk, len, label);
+    return wolfSSL_make_eap_keys(ssl, key, len, label);
     \endcode
 
     \sa wc_PRF
@@ -9916,7 +9916,8 @@ int wolfSSL_CertManagerVerifyBuffer(WOLFSSL_CERT_MANAGER* cm,
 
     \param cm a pointer to a WOLFSSL_CERT_MANAGER structure, created using
     wolfSSL_CertManagerNew().
-    \param vc a VerifyCallback function pointer to the callback routine
+    \param verify_callback a VerifyCallback function pointer to the callback
+    routine
 
     _Example_
     \code
@@ -9935,7 +9936,7 @@ int wolfSSL_CertManagerVerifyBuffer(WOLFSSL_CERT_MANAGER* cm,
     \sa wolfSSL_CertManagerVerify
 */
 void wolfSSL_CertManagerSetVerify(WOLFSSL_CERT_MANAGER* cm,
-                                                             VerifyCallback vc);
+        VerifyCallback verify_callback);
 
 /*!
     \brief Check CRL if the option is enabled and compares the cert to the
@@ -11970,11 +11971,13 @@ int wolfSSL_CTX_UseSessionTicket(WOLFSSL_CTX* ctx);
     \ingroup IO
 
     \brief This function copies the ticket member of the Session structure to
-    the buffer.
+    the buffer. If buf is NULL and bufSz is non-NULL, bufSz will be set to the
+    ticket length.
 
     \return SSL_SUCCESS returned if the function executed without error.
-    \return BAD_FUNC_ARG returned if one of the arguments was NULL or if the
-    bufSz argument was 0.
+    \return BAD_FUNC_ARG returned if ssl or bufSz is NULL, or if bufSz
+    is non-NULL and buf is NULL
+
 
     \param ssl a pointer to a WOLFSSL structure, created using wolfSSL_new().
     \param buf a byte pointer representing the memory buffer.
@@ -15254,6 +15257,239 @@ RFC 9146 and RFC 9147.
 const unsigned char* wolfSSL_dtls_cid_parse(const unsigned char* msg,
         unsigned int msgSz, unsigned int cidSz);
 
+/*!
+    \ingroup TLS
+    \brief On the server, this sets a list of CA names to be sent to clients in
+    certificate requests as a hint for which CA's are supported by the server.
+
+    On the client, this function has no effect.
+
+    \param [in] ctx Pointer to the wolfSSL context
+    \param [in] names List of names to be set
+
+    \sa wolfSSL_set_client_CA_list
+    \sa wolfSSL_CTX_get_client_CA_list
+    \sa wolfSSL_get_client_CA_list
+    \sa wolfSSL_CTX_set0_CA_list
+    \sa wolfSSL_set0_CA_list
+    \sa wolfSSL_CTX_get0_CA_list
+    \sa wolfSSL_get0_CA_list
+    \sa wolfSSL_get0_peer_CA_list
+*/
+void wolfSSL_CTX_set_client_CA_list(WOLFSSL_CTX* ctx,
+                                    WOLF_STACK_OF(WOLFSSL_X509_NAME)* names);
+
+/*!
+    \ingroup TLS
+    \brief This retrieves the list previously set via
+     wolfSSL_CTX_set_client_CA_list, or NULL if no list has been set.
+
+    \param [in] ctx Pointer to the wolfSSL context
+    \return A stack of WOLFSSL_X509_NAMEs containing the CA names
+
+    \sa wolfSSL_set_client_CA_list
+    \sa wolfSSL_CTX_set_client_CA_list
+    \sa wolfSSL_get_client_CA_list
+    \sa wolfSSL_CTX_set0_CA_list
+    \sa wolfSSL_set0_CA_list
+    \sa wolfSSL_CTX_get0_CA_list
+    \sa wolfSSL_get0_CA_list
+    \sa wolfSSL_get0_peer_CA_list
+*/
+WOLFSSL_STACK *wolfSSL_CTX_get_client_CA_list(
+        const WOLFSSL_CTX *ctx);
+
+/*!
+    \ingroup TLS
+    \brief Same as wolfSSL_CTX_set_client_CA_list, but specific to a session.
+    If a CA list is set on both the context and the session, the list on the
+    session is used.
+
+    \param [in] ssl Pointer to the WOLFSSL object
+    \param [in] names List of names to be set.
+
+    \sa wolfSSL_CTX_set_client_CA_list
+    \sa wolfSSL_CTX_get_client_CA_list
+    \sa wolfSSL_get_client_CA_list
+    \sa wolfSSL_CTX_set0_CA_list
+    \sa wolfSSL_set0_CA_list
+    \sa wolfSSL_CTX_get0_CA_list
+    \sa wolfSSL_get0_CA_list
+    \sa wolfSSL_get0_peer_CA_list
+*/
+void wolfSSL_set_client_CA_list(WOLFSSL* ssl,
+                                    WOLF_STACK_OF(WOLFSSL_X509_NAME)* names);
+
+/*!
+    \ingroup TLS
+    \brief On the server, this retrieves the list previously set via
+    wolfSSL_set_client_CA_list. If none was set, returns the list previously
+    set via wolfSSL_CTX_set_client_CA_list. If no list at all was set, returns
+    NULL.
+
+    On the client, this retrieves the list that was received from the server,
+    or NULL if none was received. wolfSSL_CTX_set_cert_cb can be used to
+    register a callback to dynamically load certificates when a certificate
+    request is received from the server.
+
+    \param [in] ssl Pointer to the WOLFSSL object
+    \return A stack of WOLFSSL_X509_NAMEs containing the CA names
+
+    \sa wolfSSL_CTX_set_cert_cb
+    \sa wolfSSL_CTX_set_client_CA_list
+    \sa wolfSSL_CTX_get_client_CA_list
+    \sa wolfSSL_get_client_CA_list
+    \sa wolfSSL_CTX_set0_CA_list
+    \sa wolfSSL_set0_CA_list
+    \sa wolfSSL_CTX_get0_CA_list
+    \sa wolfSSL_get0_CA_list
+    \sa wolfSSL_get0_peer_CA_list
+*/
+WOLFSSL_STACK* wolfSSL_get_client_CA_list(
+            const WOLFSSL* ssl);
+
+/*!
+    \ingroup TLS
+    \brief This function sets a list of CA names to be sent to the peer as a
+    hint for which CA's are supported for its authentication.
+
+    In TLS >= 1.3, this is supported in both directions between the client and
+    the server. On the server, the CA names will be sent as part of a
+    CertificateRequest, making this function an equivalent of *_set_client_CA_list;
+    on the client, these are sent as part of ClientHello.
+
+    In TLS < 1.3, sending CA names from the client to the server is not
+    supported, therefore this function is equivalent to
+    wolfSSL_CTX_set_client_CA_list.
+
+    Note that the lists set via *_set_client_CA_list and *_set0_CA_list are
+    separate internally, i.e. calling *_get_client_CA_list will not retrieve a
+    list set via *_set0_CA_list and vice versa. If both are set, the server will
+    ignore *_set0_CA_list when sending CA names to the client.
+
+    \param [in] ctx Pointer to the wolfSSL context
+    \param [in] names List of names to be set
+
+    \sa wolfSSL_CTX_set_client_CA_list
+    \sa wolfSSL_set_client_CA_list
+    \sa wolfSSL_CTX_get_client_CA_list
+    \sa wolfSSL_get_client_CA_list
+    \sa wolfSSL_set0_CA_list
+    \sa wolfSSL_CTX_get0_CA_list
+    \sa wolfSSL_get0_CA_list
+    \sa wolfSSL_get0_peer_CA_list
+*/
+void wolfSSL_CTX_set0_CA_list(WOLFSSL_CTX *ctx,
+        WOLF_STACK_OF(WOLFSSL_X509_NAME)* names);
+
+/*!
+    \ingroup TLS
+    \brief This retrieves the list previously set via
+    wolfSSL_CTX_set0_CA_list, or NULL if no list has been set.
+
+    \param [in] ctx Pointer to the wolfSSL context
+    \return A stack of WOLFSSL_X509_NAMEs containing the CA names
+
+    \sa wolfSSL_CTX_set_client_CA_list
+    \sa wolfSSL_set_client_CA_list
+    \sa wolfSSL_CTX_get_client_CA_list
+    \sa wolfSSL_get_client_CA_list
+    \sa wolfSSL_CTX_set0_CA_list
+    \sa wolfSSL_set0_CA_list
+    \sa wolfSSL_get0_CA_list
+    \sa wolfSSL_get0_peer_CA_list
+*/
+WOLFSSL_STACK *wolfSSL_CTX_get0_CA_list(
+        const WOLFSSL_CTX *ctx);
+
+/*!
+    \ingroup TLS
+    \brief Same as wolfSSL_CTX_set0_CA_list, but specific to a session.
+    If a CA list is set on both the context and the session, the list on the
+    session is used.
+
+    \param [in] ssl Pointer to the WOLFSSL object
+    \param [in] names List of names to be set.
+
+    \sa wolfSSL_CTX_set_client_CA_list
+    \sa wolfSSL_set_client_CA_list
+    \sa wolfSSL_CTX_get_client_CA_list
+    \sa wolfSSL_get_client_CA_list
+    \sa wolfSSL_CTX_set0_CA_list
+    \sa wolfSSL_CTX_get0_CA_list
+    \sa wolfSSL_get0_CA_list
+    \sa wolfSSL_get0_peer_CA_list
+*/
+void wolfSSL_set0_CA_list(WOLFSSL *ssl,
+        WOLF_STACK_OF(WOLFSSL_X509_NAME) *names);
+
+/*!
+    \ingroup TLS
+    \brief This retrieves the list previously set via wolfSSL_set0_CA_list. If
+    none was set, returns the list previously set via
+    wolfSSL_CTX_set0_CA_list. If no list at all was set, returns NULL.
+
+    \param [in] ssl Pointer to the WOLFSSL object
+    \return A stack of WOLFSSL_X509_NAMEs containing the CA names
+
+    \sa wolfSSL_CTX_set_client_CA_list
+    \sa wolfSSL_set_client_CA_list
+    \sa wolfSSL_CTX_get_client_CA_list
+    \sa wolfSSL_get_client_CA_list
+    \sa wolfSSL_CTX_set0_CA_list
+    \sa wolfSSL_set0_CA_list
+    \sa wolfSSL_CTX_get0_CA_list
+    \sa wolfSSL_get0_peer_CA_list
+*/
+WOLFSSL_STACK *wolfSSL_get0_CA_list(
+        const WOLFSSL *ssl);
+
+/*!
+    \ingroup TLS
+    \brief This returns the CA list received from the peer.
+
+    On the client, this is the list sent by the server in a CertificateRequest,
+    and this function is equivalent to wolfSSL_get_client_CA_list.
+
+    On the server, this is the list sent by the client in the ClientHello message
+    in TLS >= 1.3; in TLS < 1.3, the function always returns NULL on the server
+    side.
+
+    wolfSSL_CTX_set_cert_cb can be used to register a callback to dynamically
+    load certificates when a CA list is received from the peer.
+
+    \param [in] ssl Pointer to the WOLFSSL object
+    \return A stack of WOLFSSL_X509_NAMEs containing the CA names
+
+    \sa wolfSSL_CTX_set_cert_cb
+    \sa wolfSSL_CTX_set_client_CA_list
+    \sa wolfSSL_set_client_CA_list
+    \sa wolfSSL_CTX_get_client_CA_list
+    \sa wolfSSL_get_client_CA_list
+    \sa wolfSSL_CTX_set0_CA_list
+    \sa wolfSSL_set0_CA_list
+    \sa wolfSSL_CTX_get0_CA_list
+    \sa wolfSSL_get0_CA_list
+*/
+WOLFSSL_STACK *wolfSSL_get0_peer_CA_list(const WOLFSSL *ssl);
+
+/*!
+    \ingroup TLS
+    \brief This function sets a callback that will be called whenever a
+    certificate is about to be used, to allow the application to inspect, set
+    or clear any certificates, for example to react to a CA list sent from the
+    peer.
+
+    \param [in] ctx Pointer to the wolfSSL context
+    \param [in] cb Function pointer to the callback
+    \param [in] arg Pointer that will be passed to the callback
+
+    \sa wolfSSL_get0_peer_CA_list
+    \sa wolfSSL_get_client_CA_list
+*/
+void wolfSSL_CTX_set_cert_cb(WOLFSSL_CTX* ctx,
+    int (*cb)(WOLFSSL *, void *), void *arg);
+
 /*!
     \ingroup TLS
 
diff --git a/examples/async/async_client.c b/examples/async/async_client.c
index ac29dd0e0..f65066f37 100644
--- a/examples/async/async_client.c
+++ b/examples/async/async_client.c
@@ -179,20 +179,8 @@ int client_async_test(int argc, char** argv)
     }
 
     /* Connect to wolfSSL on the server side */
-#ifdef WOLFSSL_ASYNC_CRYPT
-    err = 0; /* Reset error */
-#endif
-    do {
-    #ifdef WOLFSSL_ASYNC_CRYPT
-        if (err == WC_NO_ERR_TRACE(WC_PENDING_E)) {
-            ret = wolfSSL_AsyncPoll(ssl, WOLF_POLL_FLAG_CHECK_HW);
-            if (ret < 0)
-                break;
-        }
-    #endif
-        ret = wolfSSL_connect(ssl);
-        err = wolfSSL_get_error(ssl, 0);
-    } while (err == WC_NO_ERR_TRACE(WC_PENDING_E));
+    WOLFSSL_ASYNC_WHILE_PENDING(ret = wolfSSL_connect(ssl),
+                                ret != WOLFSSL_SUCCESS);
     if (ret != WOLFSSL_SUCCESS) {
         fprintf(stderr, "wolfSSL_connect error %d: %s\n",
                 err, wolfSSL_ERR_error_string(err, errBuff));
@@ -209,20 +197,8 @@ int client_async_test(int argc, char** argv)
     len = strnlen(buff, sizeof(buff));
 
     /* Send the message to the server */
-#ifdef WOLFSSL_ASYNC_CRYPT
-    err = 0; /* Reset error */
-#endif
-    do {
-    #ifdef WOLFSSL_ASYNC_CRYPT
-        if (err == WC_NO_ERR_TRACE(WC_PENDING_E)) {
-            ret = wolfSSL_AsyncPoll(ssl, WOLF_POLL_FLAG_CHECK_HW);
-            if (ret < 0)
-                break;
-        }
-    #endif
-        ret = wolfSSL_write(ssl, buff, (int)len);
-        err = wolfSSL_get_error(ssl, 0);
-    } while (err == WC_NO_ERR_TRACE(WC_PENDING_E));
+    WOLFSSL_ASYNC_WHILE_PENDING(ret = wolfSSL_write(ssl, buff, (int)len),
+                                ret <= 0);
     if (ret != (int)len) {
         fprintf(stderr, "wolfSSL_write error %d: %s\n",
                 err, wolfSSL_ERR_error_string(err, errBuff));
@@ -231,20 +207,8 @@ int client_async_test(int argc, char** argv)
 
     /* Read the server data into our buff array */
     memset(buff, 0, sizeof(buff));
-#ifdef WOLFSSL_ASYNC_CRYPT
-    err = 0; /* Reset error */
-#endif
-    do {
-    #ifdef WOLFSSL_ASYNC_CRYPT
-        if (err == WC_NO_ERR_TRACE(WC_PENDING_E)) {
-            ret = wolfSSL_AsyncPoll(ssl, WOLF_POLL_FLAG_CHECK_HW);
-            if (ret < 0)
-                break;
-        }
-    #endif
-        ret = wolfSSL_read(ssl, buff, sizeof(buff)-1);
-        err = wolfSSL_get_error(ssl, 0);
-    } while (err == WC_NO_ERR_TRACE(WC_PENDING_E));
+    WOLFSSL_ASYNC_WHILE_PENDING(ret = wolfSSL_read(ssl, buff, sizeof(buff)-1),
+                                ret <= 0);
     if (ret < 0) {
         fprintf(stderr, "wolfSSL_read error %d: %s\n",
                 err, wolfSSL_ERR_error_string(err, errBuff));
diff --git a/examples/async/async_server.c b/examples/async/async_server.c
index 2228dc9c2..929293805 100644
--- a/examples/async/async_server.c
+++ b/examples/async/async_server.c
@@ -243,20 +243,8 @@ int server_async_test(int argc, char** argv)
         wolfSSL_set_fd(ssl, mConnd);
 
         /* Establish TLS connection */
-    #ifdef WOLFSSL_ASYNC_CRYPT
-        err = 0; /* Reset error */
-    #endif
-        do {
-        #ifdef WOLFSSL_ASYNC_CRYPT
-            if (err == WC_NO_ERR_TRACE(WC_PENDING_E)) {
-                ret = wolfSSL_AsyncPoll(ssl, WOLF_POLL_FLAG_CHECK_HW);
-                if (ret < 0)
-                    break;
-            }
-        #endif
-            ret = wolfSSL_accept(ssl);
-            err = wolfSSL_get_error(ssl, 0);
-        } while (err == WC_NO_ERR_TRACE(WC_PENDING_E));
+        WOLFSSL_ASYNC_WHILE_PENDING(ret = wolfSSL_accept(ssl),
+                                    ret != WOLFSSL_SUCCESS);
         if (ret != WOLFSSL_SUCCESS) {
             fprintf(stderr, "wolfSSL_accept error %d: %s\n",
                 err, wolfSSL_ERR_error_string(err, errBuff));
@@ -268,20 +256,8 @@ int server_async_test(int argc, char** argv)
 
         /* Read the client data into our buff array */
         memset(buff, 0, sizeof(buff));
-    #ifdef WOLFSSL_ASYNC_CRYPT
-        err = 0; /* Reset error */
-    #endif
-        do {
-        #ifdef WOLFSSL_ASYNC_CRYPT
-            if (err == WC_NO_ERR_TRACE(WC_PENDING_E)) {
-                ret = wolfSSL_AsyncPoll(ssl, WOLF_POLL_FLAG_CHECK_HW);
-                if (ret < 0)
-                    break;
-            }
-        #endif
-            ret = wolfSSL_read(ssl, buff, sizeof(buff)-1);
-            err = wolfSSL_get_error(ssl, 0);
-        } while (err == WC_NO_ERR_TRACE(WC_PENDING_E));
+        WOLFSSL_ASYNC_WHILE_PENDING(ret = wolfSSL_read(ssl, buff, sizeof(buff)-1),
+                                    ret <= 0);
         if (ret < 0) {
             fprintf(stderr, "wolfSSL_read error %d: %s\n",
                     err, wolfSSL_ERR_error_string(err, errBuff));
@@ -303,20 +279,8 @@ int server_async_test(int argc, char** argv)
         len = strnlen(buff, sizeof(buff));
 
         /* Reply back to the client */
-    #ifdef WOLFSSL_ASYNC_CRYPT
-        err = 0; /* Reset error */
-    #endif
-        do {
-        #ifdef WOLFSSL_ASYNC_CRYPT
-            if (err == WC_NO_ERR_TRACE(WC_PENDING_E)) {
-                ret = wolfSSL_AsyncPoll(ssl, WOLF_POLL_FLAG_CHECK_HW);
-                if (ret < 0)
-                    break;
-            }
-        #endif
-            ret = wolfSSL_write(ssl, buff, (int)len);
-            err = wolfSSL_get_error(ssl, 0);
-        } while (err == WC_NO_ERR_TRACE(WC_PENDING_E));
+        WOLFSSL_ASYNC_WHILE_PENDING(ret = wolfSSL_write(ssl, buff, (int)len),
+                                    ret <= 0);
         if (ret != (int)len) {
             fprintf(stderr, "wolfSSL_write error %d: %s\n",
                     err, wolfSSL_ERR_error_string(err, errBuff));
diff --git a/examples/benchmark/tls_bench.c b/examples/benchmark/tls_bench.c
index ecde30c5d..29fe81e48 100644
--- a/examples/benchmark/tls_bench.c
+++ b/examples/benchmark/tls_bench.c
@@ -85,12 +85,12 @@ Or
         #define SINGLE_THREADED
     #endif
 #endif
-/* Conversely, if both server and client are enabled, we must require pthreads */
+
+/* If both client and server are enabled and single threaded, just disable this example */
 #if !defined(NO_WOLFSSL_CLIENT) && !defined(NO_WOLFSSL_SERVER) \
     && defined(SINGLE_THREADED)
-    #error "threads must be enabled if building benchmark suite \
-to run both client and server. Please define HAVE_PTHREAD if your \
-platform supports it"
+    #undef  NO_TLS
+    #define NO_TLS
 #endif
 
 #if 0
@@ -296,14 +296,14 @@ static struct group_info groups[] = {
     { WOLFSSL_ML_KEM_512, "ML_KEM_512" },
     { WOLFSSL_ML_KEM_768, "ML_KEM_768" },
     { WOLFSSL_ML_KEM_1024, "ML_KEM_1024" },
-    { WOLFSSL_P256_ML_KEM_512,   "P256_ML_KEM_512"   },
-    { WOLFSSL_P384_ML_KEM_768,   "P384_ML_KEM_768"   },
-    { WOLFSSL_P256_ML_KEM_768,   "P256_ML_KEM_768"   },
-    { WOLFSSL_P521_ML_KEM_1024,  "P521_ML_KEM_1024"  },
-    { WOLFSSL_P384_ML_KEM_1024,  "P384_ML_KEM_1024"  },
-    { WOLFSSL_X25519_ML_KEM_512, "X25519_ML_KEM_512" },
-    { WOLFSSL_X448_ML_KEM_768,   "X448_ML_KEM_768"   },
-    { WOLFSSL_X25519_ML_KEM_768, "X25519_ML_KEM_768" },
+    { WOLFSSL_SECP256R1MLKEM512,   "SecP256r1MLKEM512"   },
+    { WOLFSSL_SECP384R1MLKEM768,   "SecP384r1MLKEM768"   },
+    { WOLFSSL_SECP256R1MLKEM768,   "SecP256r1MLKEM768"   },
+    { WOLFSSL_SECP521R1MLKEM1024,  "SecP521r1MLKEM1024"  },
+    { WOLFSSL_SECP384R1MLKEM1024,  "SecP384r1MLKEM1024"  },
+    { WOLFSSL_X25519MLKEM512, "X25519MLKEM512" },
+    { WOLFSSL_X448MLKEM768,   "X448MLKEM768"   },
+    { WOLFSSL_X25519MLKEM768, "X25519MLKEM768" },
 #endif
 #ifdef WOLFSSL_MLKEM_KYBER
     { WOLFSSL_KYBER_LEVEL1, "KYBER_LEVEL1" },
diff --git a/examples/client/client.c b/examples/client/client.c
index 578508dc6..b47b3ecd7 100644
--- a/examples/client/client.c
+++ b/examples/client/client.c
@@ -422,44 +422,44 @@ static void SetKeyShare(WOLFSSL* ssl, int onlyKeyShare, int useX25519,
             else
         #endif
         #ifndef WOLFSSL_NO_ML_KEM_512
-            if (XSTRCMP(pqcAlg, "P256_ML_KEM_512") == 0) {
-                group = WOLFSSL_P256_ML_KEM_512;
+            if (XSTRCMP(pqcAlg, "SecP256r1MLKEM512") == 0) {
+                group = WOLFSSL_SECP256R1MLKEM512;
             }
             else
         #endif
         #ifndef WOLFSSL_NO_ML_KEM_768
-            if (XSTRCMP(pqcAlg, "P384_ML_KEM_768") == 0) {
-                group = WOLFSSL_P384_ML_KEM_768;
+            if (XSTRCMP(pqcAlg, "SecP384r1MLKEM768") == 0) {
+                group = WOLFSSL_SECP384R1MLKEM768;
             }
-            else if (XSTRCMP(pqcAlg, "P256_ML_KEM_768") == 0) {
-                group = WOLFSSL_P256_ML_KEM_768;
+            else if (XSTRCMP(pqcAlg, "SecP256r1MLKEM768") == 0) {
+                group = WOLFSSL_SECP256R1MLKEM768;
             }
             else
         #endif
         #ifndef WOLFSSL_NO_ML_KEM_1024
-            if (XSTRCMP(pqcAlg, "P521_ML_KEM_1024") == 0) {
-                group = WOLFSSL_P521_ML_KEM_1024;
+            if (XSTRCMP(pqcAlg, "SecP521r1MLKEM1024") == 0) {
+                group = WOLFSSL_SECP521R1MLKEM1024;
             }
-            else if (XSTRCMP(pqcAlg, "P384_ML_KEM_1024") == 0) {
-                group = WOLFSSL_P384_ML_KEM_1024;
+            else if (XSTRCMP(pqcAlg, "SecP384r1MLKEM1024") == 0) {
+                group = WOLFSSL_SECP384R1MLKEM1024;
             }
             else
         #endif
         #if !defined(WOLFSSL_NO_ML_KEM_512) && defined(HAVE_CURVE25519)
-            if (XSTRCMP(pqcAlg, "X25519_ML_KEM_512") == 0) {
-                group = WOLFSSL_X25519_ML_KEM_512;
+            if (XSTRCMP(pqcAlg, "X25519MLKEM512") == 0) {
+                group = WOLFSSL_X25519MLKEM512;
             }
             else
         #endif
         #if !defined(WOLFSSL_NO_ML_KEM_768) && defined(HAVE_CURVE25519)
-            if (XSTRCMP(pqcAlg, "X25519_ML_KEM_768") == 0) {
-                group = WOLFSSL_X25519_ML_KEM_768;
+            if (XSTRCMP(pqcAlg, "X25519MLKEM768") == 0) {
+                group = WOLFSSL_X25519MLKEM768;
             }
             else
         #endif
         #if !defined(WOLFSSL_NO_ML_KEM_768) && defined(HAVE_CURVE448)
-            if (XSTRCMP(pqcAlg, "X448_ML_KEM_768") == 0) {
-                group = WOLFSSL_X448_ML_KEM_768;
+            if (XSTRCMP(pqcAlg, "X448MLKEM768") == 0) {
+                group = WOLFSSL_X448MLKEM768;
             }
             else
         #endif
@@ -554,19 +554,8 @@ static void EarlyData(WOLFSSL_CTX* ctx, WOLFSSL* ssl, const char* msg,
     int err;
     int ret;
 
-    do {
-        err = 0; /* reset error */
-        ret = wolfSSL_write_early_data(ssl, msg, msgSz, &msgSz);
-        if (ret <= 0) {
-            err = wolfSSL_get_error(ssl, 0);
-        #ifdef WOLFSSL_ASYNC_CRYPT
-            if (err == WC_NO_ERR_TRACE(WC_PENDING_E)) {
-                ret = wolfSSL_AsyncPoll(ssl, WOLF_POLL_FLAG_CHECK_HW);
-                if (ret < 0) break;
-            }
-        #endif
-        }
-    } while (err == WC_NO_ERR_TRACE(WC_PENDING_E));
+    WOLFSSL_ASYNC_WHILE_PENDING(ret = wolfSSL_write_early_data(ssl, msg, msgSz, &msgSz),
+                                ret <= 0);
     if (ret != msgSz) {
         LOG_ERROR("SSL_write_early_data msg error %d, %s\n", err,
                                          wolfSSL_ERR_error_string((unsigned long)err, buffer));
@@ -666,20 +655,8 @@ static int ClientBenchmarkConnections(WOLFSSL_CTX* ctx, char* host, word16 port,
                 EarlyData(ctx, ssl, kEarlyMsg, sizeof(kEarlyMsg)-1, buffer);
             }
     #endif
-            do {
-                err = 0; /* reset error */
-                ret = wolfSSL_connect(ssl);
-                if (ret != WOLFSSL_SUCCESS) {
-                    err = wolfSSL_get_error(ssl, 0);
-                #ifdef WOLFSSL_ASYNC_CRYPT
-                    if (err == WC_NO_ERR_TRACE(WC_PENDING_E)) {
-                        /* returns the number of polled items or <0 for error */
-                        ret = wolfSSL_AsyncPoll(ssl, WOLF_POLL_FLAG_CHECK_HW);
-                        if (ret < 0) break;
-                    }
-                #endif
-                }
-            } while (err == WC_NO_ERR_TRACE(WC_PENDING_E));
+            WOLFSSL_ASYNC_WHILE_PENDING(ret = wolfSSL_connect(ssl),
+                                        ret != WOLFSSL_SUCCESS);
         #ifdef WOLFSSL_EARLY_DATA
             EarlyDataStatus(ssl);
         #endif
@@ -770,19 +747,8 @@ static int ClientBenchmarkThroughput(WOLFSSL_CTX* ctx, char* host, word16 port,
     }
 #endif
 
-    do {
-        err = 0; /* reset error */
-        ret = wolfSSL_connect(ssl);
-        if (ret != WOLFSSL_SUCCESS) {
-            err = wolfSSL_get_error(ssl, 0);
-        #ifdef WOLFSSL_ASYNC_CRYPT
-            if (err == WC_NO_ERR_TRACE(WC_PENDING_E)) {
-                ret = wolfSSL_AsyncPoll(ssl, WOLF_POLL_FLAG_CHECK_HW);
-                if (ret < 0) break;
-            }
-        #endif
-        }
-    } while (err == WC_NO_ERR_TRACE(WC_PENDING_E));
+    WOLFSSL_ASYNC_WHILE_PENDING(ret = wolfSSL_connect(ssl),
+                                ret != WOLFSSL_SUCCESS);
     if (ret == WOLFSSL_SUCCESS) {
         /* Perform throughput test */
         char *tx_buffer, *rx_buffer;
@@ -822,19 +788,8 @@ static int ClientBenchmarkThroughput(WOLFSSL_CTX* ctx, char* host, word16 port,
 
                     /* Perform TX */
                     start = current_time(1);
-                    do {
-                        err = 0; /* reset error */
-                        ret = wolfSSL_write(ssl, tx_buffer, len);
-                        if (ret <= 0) {
-                            err = wolfSSL_get_error(ssl, 0);
-                        #ifdef WOLFSSL_ASYNC_CRYPT
-                            if (err == WC_NO_ERR_TRACE(WC_PENDING_E)) {
-                                ret = wolfSSL_AsyncPoll(ssl, WOLF_POLL_FLAG_CHECK_HW);
-                                if (ret < 0) break;
-                            }
-                        #endif
-                        }
-                    } while (err == WC_NO_ERR_TRACE(WC_PENDING_E));
+                    WOLFSSL_ASYNC_WHILE_PENDING(ret = wolfSSL_write(ssl, tx_buffer, len),
+                                                ret <= 0);
                     if (ret != len) {
                         LOG_ERROR("SSL_write bench error %d!\n", err);
                         if (!exitWithRet)
@@ -1012,35 +967,17 @@ static int SMTP_Shutdown(WOLFSSL* ssl, int wc_shutdown)
     XMEMSET(tmpBuf, 0, sizeof(tmpBuf));
 
     /* C: QUIT */
-    do {
-        ret = wolfSSL_write(ssl, starttlsCmd[5], (int)XSTRLEN(starttlsCmd[5]));
-        if (ret < 0) {
-            err = wolfSSL_get_error(ssl, 0);
-        #ifdef WOLFSSL_ASYNC_CRYPT
-            if (err == WC_NO_ERR_TRACE(WC_PENDING_E)) {
-                ret = wolfSSL_AsyncPoll(ssl, WOLF_POLL_FLAG_CHECK_HW);
-                if (ret < 0) break;
-            }
-        #endif
-        }
-    } while (err == WC_NO_ERR_TRACE(WC_PENDING_E));
+    WOLFSSL_ASYNC_WHILE_PENDING(
+       ret = wolfSSL_write(ssl, starttlsCmd[5], (int)XSTRLEN(starttlsCmd[5])),
+       ret < 0);
     if (ret != (int)XSTRLEN(starttlsCmd[5])) {
         err_sys("failed to send SMTP QUIT command\n");
     }
 
     /* S: 221 2.0.0 Service closing transmission channel */
-    do {
-        ret = wolfSSL_read(ssl, tmpBuf, sizeof(tmpBuf)-1);
-        if (ret < 0) {
-            err = wolfSSL_get_error(ssl, 0);
-        #ifdef WOLFSSL_ASYNC_CRYPT
-            if (err == WC_NO_ERR_TRACE(WC_PENDING_E)) {
-                ret = wolfSSL_AsyncPoll(ssl, WOLF_POLL_FLAG_CHECK_HW);
-                if (ret < 0) break;
-            }
-        #endif
-        }
-    } while (err == WC_NO_ERR_TRACE(WC_PENDING_E));
+    WOLFSSL_ASYNC_WHILE_PENDING(
+       ret = wolfSSL_read(ssl, tmpBuf, sizeof(tmpBuf)-1),
+       ret < 0);
     if (ret < 0) {
         err_sys("failed to read SMTP closing down response\n");
     }
@@ -1421,12 +1358,16 @@ static const char* client_usage_msg[][78] = {
 #ifdef HAVE_PQC
         "--pqc <alg> Key Share with specified post-quantum algorithm only:\n"
 #ifndef WOLFSSL_NO_ML_KEM
-            "            ML_KEM_512, ML_KEM_768, ML_KEM_1024, P256_ML_KEM_512,"
-            "\n"
-            "            P384_ML_KEM_768, P256_ML_KEM_768, P521_ML_KEM_1024,\n"
-            "            P384_ML_KEM_1024, X25519_ML_KEM_512, "
-            "X25519_ML_KEM_768,\n"
-            "            X448_ML_KEM_768\n"
+            "            ML_KEM_512, ML_KEM_768, ML_KEM_1024,\n"
+            "            SecP256r1MLKEM512,\n"
+            "            SecP384r1MLKEM768,\n"
+            "            SecP521r1MLKEM1024,\n"
+            "            SecP256r1MLKEM768,\n"
+            "            SecP521r1MLKEM1024,\n"
+            "            SecP384r1MLKEM1024,\n"
+            "            X25519MLKEM512,\n"
+            "            X25519MLKEM768,\n"
+            "            X448MLKEM768\n"
 #endif
 #ifdef WOLFSSL_MLKEM_KYBER
             "            KYBER_LEVEL1, KYBER_LEVEL3, KYBER_LEVEL5, "
@@ -1675,9 +1616,16 @@ static const char* client_usage_msg[][78] = {
 #ifdef HAVE_PQC
         "--pqc <alg> post-quantum 名前付きグループとの鍵共有のみ:\n"
 #ifndef WOLFSSL_NO_ML_KEM
-            "            ML_KEM_512, ML_KEM_768, ML_KEM_1024, P256_ML_KEM_512,"
-            "\n"
-            "            P384_ML_KEM_768, P521_ML_KEM_1024\n"
+            "            ML_KEM_512, ML_KEM_768, ML_KEM_1024,\n"
+            "            SecP256r1MLKEM512,\n"
+            "            SecP384r1MLKEM768,\n"
+            "            SecP521r1MLKEM1024,\n"
+            "            SecP256r1MLKEM768,\n"
+            "            SecP521r1MLKEM1024,\n"
+            "            SecP384r1MLKEM1024,\n"
+            "            X25519MLKEM512,\n"
+            "            X25519MLKEM768,\n"
+            "            X448MLKEM768\n"
 #endif
 #ifdef WOLFSSL_MLKEM_KYBER
             "            KYBER_LEVEL1, KYBER_LEVEL3, KYBER_LEVEL5, "
@@ -2273,7 +2221,11 @@ THREAD_RETURN WOLFSSL_THREAD client_test(void* args)
 #ifdef HAVE_RPK
     int useRPK = 0;
 #endif /* HAVE_RPK */
+#ifdef WOLFSSL_PEM_TO_DER
     int fileFormat = WOLFSSL_FILETYPE_PEM;
+#else
+    int fileFormat = WOLFSSL_FILETYPE_ASN1;
+#endif
 #if defined(WOLFSSL_SYS_CRYPTO_POLICY)
     const char * policy = NULL;
 #endif /* WOLFSSL_SYS_CRYPTO_POLICY */
@@ -4133,19 +4085,8 @@ THREAD_RETURN WOLFSSL_THREAD client_test(void* args)
         if (usePsk && earlyData)
             EarlyData(ctx, ssl, kEarlyMsg, sizeof(kEarlyMsg)-1, buffer);
 #endif
-        do {
-            err = 0; /* reset error */
-            ret = wolfSSL_connect(ssl);
-            if (ret != WOLFSSL_SUCCESS) {
-                err = wolfSSL_get_error(ssl, 0);
-            #ifdef WOLFSSL_ASYNC_CRYPT
-                if (err == WC_NO_ERR_TRACE(WC_PENDING_E)) {
-                    ret = wolfSSL_AsyncPoll(ssl, WOLF_POLL_FLAG_CHECK_HW);
-                    if (ret < 0) break;
-                }
-            #endif
-            }
-        } while (err == WC_NO_ERR_TRACE(WC_PENDING_E));
+        WOLFSSL_ASYNC_WHILE_PENDING(ret = wolfSSL_connect(ssl),
+                                    ret != WOLFSSL_SUCCESS);
     }
 #else
     timeoutConnect.tv_sec  = DEFAULT_TIMEOUT_SEC;
diff --git a/examples/configs/user_settings_arduino.h b/examples/configs/user_settings_arduino.h
index 9efdb870e..ae2374587 100644
--- a/examples/configs/user_settings_arduino.h
+++ b/examples/configs/user_settings_arduino.h
@@ -25,7 +25,7 @@
 */
 
 /* Define a macro to display user settings version in example code: */
-#define WOLFSSL_USER_SETTINGS_ID "Arduino user_settings.h v5.7.6"
+#define WOLFSSL_USER_SETTINGS_ID "Arduino user_settings.h v5.8.2"
 
 /* Disable wolfcrypt cryptographic security hardening. Comment out to enable: */
 /* #define WC_NO_HARDEN */
@@ -40,7 +40,6 @@
 #define WOLFSSL_IGNORE_FILE_WARN
 
 #define NO_FILESYSTEM
-#define USE_CERT_BUFFERS_2048
 
 /* Make sure this is not an ESP-IDF file */
 #undef  WOLFSSL_ESPIDF
@@ -58,13 +57,143 @@
 #define RSA_LOW_MEM
 
 #define NO_OLD_TLS
-/* TLS 1.3                                 */
-/* #define WOLFSSL_TLS13 */
-#if defined(WOLFSSL_TLS13)
+
+/* To see board properties & definitions:
+ * arduino-cli compile --fqbn [] --show-properties ./sketches/wolfssl_client */
+
+#if defined(ARDUINO_AVR_ETHERNET)
+    /* TODO: optimize client / server to fit in 32K flash?
+     * currently 164K too big: */
+    #define WOLFSSL_NO_TLS13
+    #define WOLFSSL_MIN_CONFIG
+    #define WOLFSSL_USER_IO
+    #define WOLFSSL_NO_WRITEV
+    #define NO_FILESYSTEM
+    #define WOLFSSL_NO_CERTS
+    #define HAVE_TLS
+    #define NO_RC4
+    #define NO_PSK
+    #define NO_SESSION_CACHE
+    #define NO_CERT_VERIFY
+
+    #define NO_MAIN_DRIVER
+    #define WOLFSSL_NO_SP
+    #define WOLFSSL_NO_SIG_WRAPPER
+    #define TFM_TIMING_RESISTANT
+
+    #undef WOLFSSL_DTLS
+    #undef WOLFSSL_DTLS13
+#endif
+
+#if defined(ARDUINO_AVR_LEONARDO_ETH)
+    /* No time available */
+    /* Used only here in Arduino, WOLFSSL_NO_TLS13 is not a wolfssl macro */
+    #undef  WOLFSSL_NO_TLS13
+    #define WOLFSSL_NO_TLS13
+
+    #define NO_TLS
+    #undef  WOLFSSL_TLS13
+
+    #define WOLFSSL_NO_TLS12
+#endif
+
+#if defined(ESP8266) || defined(__SAM3X8E__) || \
+    defined(ARDUINO_AVR_ETHERNET) || defined(ARDUINO_AVR_LEONARDO_ETH)
+    #define WOLFSSL_NO_SOCK
+    #define WOLFSSL_USER_IO
+    #define NO_WRITEV
+
+    /* There's limited RAM on these devices */
+    #define USE_CERT_BUFFERS_1024
+
+    /* SNI, Supported Groups (elliptic curves), ALPN: */
     #define HAVE_TLS_EXTENSIONS
-    #define WC_RSA_PSS
-    #define HAVE_HKDF
-    #define HAVE_AEAD
+
+    #define HAVE_SUPPORTED_CURVES
+
+    #if defined(WOLFSSL_NO_TLS13) && defined(WOLFSSL_NO_TLS12)
+        /* NO TLS */
+        #define NO_TLS
+    #elif defined(WOLFSSL_NO_TLS13)
+        /* Only TLS 1.2*/
+        /* enabled by default, for clarity: */
+        #undef WOLFSSL_NO_TLS12
+
+        /* Ensure TLS 1.3 is not enabled */
+        #undef WOLFSSL_TLS13
+    #elif defined(WOLFSSL_NO_TLS12)
+        /* Only TLS 1.3*/
+        #define WOLFSSL_TLS13
+        #if defined(WOLFSSL_TLS13)
+            #define WC_RSA_PSS
+            #define HAVE_HKDF
+            #define HAVE_AEAD
+        #endif
+    #else
+        /* Both TLS 1.2 and TLS 1.3 */
+
+        /* TLS 1.2 enabled by default, for clarity: */
+        #undef WOLFSSL_NO_TLS12
+
+        /* Enable only TLS 1.3 on small memory devices */
+        #define WOLFSSL_TLS13
+        #if defined(WOLFSSL_TLS13)
+            #define WC_RSA_PSS
+            #define HAVE_HKDF
+            #define HAVE_AEAD
+        #endif
+    #endif
+
+    #undef WOLFSSL_DTLS
+    #undef WOLFSSL_DTLS13
+#elif defined(ESP32)  || \
+    defined(WIFI_101) || defined(WIFI_NINA) || defined(WIFIESPAT) || \
+    defined(ETHERNET_H) || defined(ARDUINO_TEENSY41) || \
+    defined(ARDUINO_SAMD_MKR1000)
+
+    #define USE_CERT_BUFFERS_2048
+
+    /* Only boards known to have networking will have TLS / DTLS enabled */
+
+    #define HAVE_TLS_EXTENSIONS
+    #define HAVE_SUPPORTED_CURVES
+
+    /* Enable TLS 1.3                                 */
+    #define WOLFSSL_TLS13
+    #if defined(WOLFSSL_TLS13)
+        #define HAVE_TLS_EXTENSIONS
+        #define WC_RSA_PSS
+        #define HAVE_HKDF
+        #define HAVE_AEAD
+    #endif
+
+    /* Enable DTLS */
+    #define WOLFSSL_DTLS 1
+    #if defined(WOLFSSL_DTLS)
+        #define WOLFSSL_DTLS13
+
+        /* WOLFSSL_DTLS13 requires WOLFSSL_TLS13 */
+        #undef  WOLFSSL_TLS13
+        #define WOLFSSL_TLS13
+        #define USE_WOLFSSL_IO
+
+        /* WOLFSSL_SEND_HRR_COOKIE is needed to use DTLS 1.3 server */
+        #define WOLFSSL_SEND_HRR_COOKIE
+    #endif
+#elif defined (__AVR__) || defined(__AVR_ARCH__) || defined(__MEGAAVR__)
+    /* Do not enable TLS on platforms without networking */
+
+    /* We'll assume all AVR targets are small: 8 or 16 bit */
+    #define WC_16BIT_CPU
+    #define NO_TLS
+#elif (defined(__SAMD21__) || defined(__SAMD51__)) && defined(ARDUINO_SAMD_ZERO)
+    /* No networking on ARDUINO_SAMD_ZERO */
+#elif defined(ARDUINO_TEENSY40)
+    /* No networking on TEENSY boards */
+
+#else
+    /* other / unknown board */
+    #define USE_CERT_BUFFERS_1024
 #endif
 
 /*  #define HAVE_SUPPORTED_CURVES  */
@@ -72,9 +201,6 @@
 /* Cannot use WOLFSSL_NO_MALLOC with small stack */
 /* #define WOLFSSL_NO_MALLOC */
 
-#define HAVE_TLS_EXTENSIONS
-#define HAVE_SUPPORTED_CURVES
-
 /* To further reduce size, client or server functionality can be disabled.
  * Here, we check if the example code gave us a hint.
  *
@@ -503,6 +629,20 @@
         #define CTX_SERVER_KEY_SIZE  sizeof_server_key_der_1024
         #define CTX_SERVER_KEY_TYPE  WOLFSSL_FILETYPE_ASN1
     #else
-        #error "Must define USE_CERT_BUFFERS_2048 or USE_CERT_BUFFERS_1024"
+        #define USE_CERT_BUFFERS_256
     #endif
 #endif
+
+/* Final checks */
+
+/* This should already be done in settings.h for newer versions of wolfSSL:
+ *
+ * There's currently no 100% reliable "smaller than 32 bit" detection.
+ * The user can specify: WC_16BIT_CPU
+ * Lower 16 bits of new OID values may collide on some 16 bit platforms.
+ *   e.g  Arduino Mega, fqbn=arduino:avr:mega  */
+#if defined(WC_16BIT_CPU)
+    /* Force the old, 16 bit OIDs to be used in wolfcrypt/oid_sum.h */
+    #undef  WOLFSSL_OLD_OID_SUM
+    #define WOLFSSL_OLD_OID_SUM
+#endif
diff --git a/examples/echoclient/echoclient.c b/examples/echoclient/echoclient.c
index c90b2fb86..4c12ec538 100644
--- a/examples/echoclient/echoclient.c
+++ b/examples/echoclient/echoclient.c
@@ -228,19 +228,7 @@ void echoclient_test(void* args)
 
     SSL_set_fd(ssl, sockfd);
 
-    do {
-        err = 0; /* Reset error */
-        ret = SSL_connect(ssl);
-        if (ret != WOLFSSL_SUCCESS) {
-            err = SSL_get_error(ssl, 0);
-        #ifdef WOLFSSL_ASYNC_CRYPT
-            if (err == WC_NO_ERR_TRACE(WC_PENDING_E)) {
-                ret = wolfSSL_AsyncPoll(ssl, WOLF_POLL_FLAG_CHECK_HW);
-                if (ret < 0) break;
-            }
-        #endif
-        }
-    } while (err == WC_NO_ERR_TRACE(WC_PENDING_E));
+    WOLFSSL_ASYNC_WHILE_PENDING(ret = SSL_connect(ssl), ret != WOLFSSL_SUCCESS);
     if (ret != WOLFSSL_SUCCESS) {
         fprintf(stderr, "SSL_connect error %d, %s\n", err,
             ERR_error_string((unsigned long)err, buffer));
@@ -251,19 +239,7 @@ void echoclient_test(void* args)
 
         sendSz = (int)XSTRLEN(msg);
 
-        do {
-            err = 0; /* reset error */
-            ret = SSL_write(ssl, msg, sendSz);
-            if (ret <= 0) {
-                err = SSL_get_error(ssl, 0);
-            #ifdef WOLFSSL_ASYNC_CRYPT
-                if (err == WC_NO_ERR_TRACE(WC_PENDING_E)) {
-                    ret = wolfSSL_AsyncPoll(ssl, WOLF_POLL_FLAG_CHECK_HW);
-                    if (ret < 0) break;
-                }
-            #endif
-            }
-        } while (err == WC_NO_ERR_TRACE(WC_PENDING_E));
+        WOLFSSL_ASYNC_WHILE_PENDING(ret = SSL_write(ssl, msg, sendSz), ret <= 0);
         if (ret != sendSz) {
             fprintf(stderr, "SSL_write msg error %d, %s\n", err,
                 ERR_error_string((unsigned long)err, buffer));
@@ -286,19 +262,8 @@ void echoclient_test(void* args)
         while (sendSz)
     #endif
         {
-            do {
-                err = 0; /* reset error */
-                ret = SSL_read(ssl, reply, sizeof(reply)-1);
-                if (ret <= 0) {
-                    err = SSL_get_error(ssl, 0);
-                #ifdef WOLFSSL_ASYNC_CRYPT
-                    if (err == WC_NO_ERR_TRACE(WC_PENDING_E)) {
-                        ret = wolfSSL_AsyncPoll(ssl, WOLF_POLL_FLAG_CHECK_HW);
-                        if (ret < 0) break;
-                    }
-                #endif
-                }
-            } while (err == WC_NO_ERR_TRACE(WC_PENDING_E));
+            WOLFSSL_ASYNC_WHILE_PENDING(
+                ret = SSL_read(ssl, reply, sizeof(reply)-1), ret <= 0);
             if (ret > 0) {
                 reply[ret] = 0;
                 LIBCALL_CHECK_RET(fputs(reply, fout));
diff --git a/examples/echoserver/echoserver.c b/examples/echoserver/echoserver.c
index 3ff0e6024..cb1b782c1 100644
--- a/examples/echoserver/echoserver.c
+++ b/examples/echoserver/echoserver.c
@@ -180,12 +180,12 @@ THREAD_RETURN WOLFSSL_THREAD echoserver_test(void* args)
     if (doPSK == 0) {
     #if defined(HAVE_ECC) && !defined(WOLFSSL_SNIFFER)
         /* ecc */
-        if (wolfSSL_CTX_use_certificate_file(ctx, eccCertFile, WOLFSSL_FILETYPE_PEM)
+        if (wolfSSL_CTX_use_certificate_file(ctx, eccCertFile, CERT_FILETYPE)
                 != WOLFSSL_SUCCESS)
             err_sys("can't load server cert file, "
                     "Please run from wolfSSL home dir");
 
-        if (wolfSSL_CTX_use_PrivateKey_file(ctx, eccKeyFile, WOLFSSL_FILETYPE_PEM)
+        if (wolfSSL_CTX_use_PrivateKey_file(ctx, eccKeyFile, CERT_FILETYPE)
                 != WOLFSSL_SUCCESS)
             err_sys("can't load server key file, "
                     "Please run from wolfSSL home dir");
@@ -196,7 +196,7 @@ THREAD_RETURN WOLFSSL_THREAD echoserver_test(void* args)
             err_sys("can't load server cert file, "
                     "Please run from wolfSSL home dir");
 
-        if (wolfSSL_CTX_use_PrivateKey_file(ctx, edKeyFile, WOLFSSL_FILETYPE_PEM)
+        if (wolfSSL_CTX_use_PrivateKey_file(ctx, edKeyFile, CERT_FILETYPE)
                 != WOLFSSL_SUCCESS)
             err_sys("can't load server key file, "
                     "Please run from wolfSSL home dir");
@@ -208,19 +208,19 @@ THREAD_RETURN WOLFSSL_THREAD echoserver_test(void* args)
                     "Please run from wolfSSL home dir");
 
         if (wolfSSL_CTX_use_PrivateKey_file(ctx, ed448KeyFile,
-                WOLFSSL_FILETYPE_PEM) != WOLFSSL_SUCCESS)
+                CERT_FILETYPE) != WOLFSSL_SUCCESS)
             err_sys("can't load server key file, "
                     "Please run from wolfSSL home dir");
     #elif defined(NO_CERTS)
         /* do nothing, just don't load cert files */
     #else
         /* normal */
-        if (wolfSSL_CTX_use_certificate_file(ctx, svrCertFile, WOLFSSL_FILETYPE_PEM)
+        if (wolfSSL_CTX_use_certificate_file(ctx, svrCertFile, CERT_FILETYPE)
                 != WOLFSSL_SUCCESS)
             err_sys("can't load server cert file, "
                     "Please run from wolfSSL home dir");
 
-        if (wolfSSL_CTX_use_PrivateKey_file(ctx, svrKeyFile, WOLFSSL_FILETYPE_PEM)
+        if (wolfSSL_CTX_use_PrivateKey_file(ctx, svrKeyFile, CERT_FILETYPE)
                 != WOLFSSL_SUCCESS)
             err_sys("can't load server key file, "
                     "Please run from wolfSSL home dir");
@@ -309,24 +309,13 @@ THREAD_RETURN WOLFSSL_THREAD echoserver_test(void* args)
         if (ssl == NULL) err_sys("SSL_new failed");
         wolfSSL_set_fd(ssl, clientfd);
         #if !defined(NO_FILESYSTEM) && !defined(NO_DH) && !defined(NO_ASN)
-            wolfSSL_SetTmpDH_file(ssl, dhParamFile, WOLFSSL_FILETYPE_PEM);
+            wolfSSL_SetTmpDH_file(ssl, dhParamFile, CERT_FILETYPE);
         #elif !defined(NO_DH)
             SetDH(ssl);  /* will repick suites with DHE, higher than PSK */
         #endif
 
-        do {
-            err = 0; /* Reset error */
-            ret = wolfSSL_accept(ssl);
-            if (ret != WOLFSSL_SUCCESS) {
-                err = wolfSSL_get_error(ssl, 0);
-            #ifdef WOLFSSL_ASYNC_CRYPT
-                if (err == WC_NO_ERR_TRACE(WC_PENDING_E)) {
-                    ret = wolfSSL_AsyncPoll(ssl, WOLF_POLL_FLAG_CHECK_HW);
-                    if (ret < 0) break;
-                }
-            #endif
-            }
-        } while (err == WC_NO_ERR_TRACE(WC_PENDING_E));
+        WOLFSSL_ASYNC_WHILE_PENDING(ret = wolfSSL_accept(ssl),
+                                    ret != WOLFSSL_SUCCESS);
         if (ret != WOLFSSL_SUCCESS) {
             fprintf(stderr, "SSL_accept error = %d, %s\n", err,
                 wolfSSL_ERR_error_string((unsigned long)err, buffer));
@@ -354,19 +343,8 @@ THREAD_RETURN WOLFSSL_THREAD echoserver_test(void* args)
         while (1) {
             int echoSz;
 
-            do {
-                err = 0; /* reset error */
-                ret = wolfSSL_read(ssl, command, sizeof(command)-1);
-                if (ret <= 0) {
-                    err = wolfSSL_get_error(ssl, 0);
-                #ifdef WOLFSSL_ASYNC_CRYPT
-                    if (err == WC_NO_ERR_TRACE(WC_PENDING_E)) {
-                        ret = wolfSSL_AsyncPoll(ssl, WOLF_POLL_FLAG_CHECK_HW);
-                        if (ret < 0) break;
-                    }
-                #endif
-                }
-            } while (err == WC_NO_ERR_TRACE(WC_PENDING_E));
+            WOLFSSL_ASYNC_WHILE_PENDING(ret = wolfSSL_read(ssl, command, sizeof(command)-1),
+                                        ret <= 0);
             if (ret <= 0) {
                 if (err != WOLFSSL_ERROR_WANT_READ && err != WOLFSSL_ERROR_ZERO_RETURN){
                     fprintf(stderr, "SSL_read echo error %d, %s!\n", err,
@@ -417,19 +395,8 @@ THREAD_RETURN WOLFSSL_THREAD echoserver_test(void* args)
                 }
                 strncpy(command, resp, sizeof(command));
 
-                do {
-                    err = 0; /* reset error */
-                    ret = wolfSSL_write(write_ssl, command, echoSz);
-                    if (ret <= 0) {
-                        err = wolfSSL_get_error(write_ssl, 0);
-                    #ifdef WOLFSSL_ASYNC_CRYPT
-                        if (err == WC_NO_ERR_TRACE(WC_PENDING_E)) {
-                            ret = wolfSSL_AsyncPoll(write_ssl, WOLF_POLL_FLAG_CHECK_HW);
-                            if (ret < 0) break;
-                        }
-                    #endif
-                    }
-                } while (err == WC_NO_ERR_TRACE(WC_PENDING_E));
+                WOLFSSL_ASYNC_WHILE_PENDING(ret = wolfSSL_write(write_ssl, command, echoSz),
+                                            ret <= 0);
                 if (ret != echoSz) {
                     fprintf(stderr, "SSL_write get error = %d, %s\n", err,
                         wolfSSL_ERR_error_string((unsigned long)err, buffer));
@@ -443,20 +410,8 @@ THREAD_RETURN WOLFSSL_THREAD echoserver_test(void* args)
             LIBCALL_CHECK_RET(fputs(command, fout));
         #endif
 
-            do {
-                err = 0; /* reset error */
-                ret = wolfSSL_write(write_ssl, command, echoSz);
-                if (ret <= 0) {
-                    err = wolfSSL_get_error(write_ssl, 0);
-                #ifdef WOLFSSL_ASYNC_CRYPT
-                    if (err == WC_NO_ERR_TRACE(WC_PENDING_E)) {
-                        ret = wolfSSL_AsyncPoll(write_ssl, WOLF_POLL_FLAG_CHECK_HW);
-                        if (ret < 0) break;
-                    }
-                #endif
-                }
-            } while (err == WC_NO_ERR_TRACE(WC_PENDING_E));
-
+            WOLFSSL_ASYNC_WHILE_PENDING(ret = wolfSSL_write(write_ssl, command, echoSz),
+                                        ret <= 0);
             if (ret != echoSz) {
                 fprintf(stderr, "SSL_write echo error = %d, %s\n", err,
                         wolfSSL_ERR_error_string((unsigned long)err, buffer));
diff --git a/examples/server/server.c b/examples/server/server.c
index ab672cc8b..06e0aeb6a 100644
--- a/examples/server/server.c
+++ b/examples/server/server.c
@@ -482,19 +482,9 @@ int ServerEchoData(SSL* ssl, int clientfd, int echoData, int block,
             }
 
             /* Write data */
-            do {
-                err = 0; /* reset error */
-                ret = SSL_write(ssl, buffer, (int)min((word32)len, (word32)rx_pos));
-                if (ret <= 0) {
-                    err = SSL_get_error(ssl, 0);
-                #ifdef WOLFSSL_ASYNC_CRYPT
-                    if (err == WC_NO_ERR_TRACE(WC_PENDING_E)) {
-                        ret = wolfSSL_AsyncPoll(ssl, WOLF_POLL_FLAG_CHECK_HW);
-                        if (ret < 0) break;
-                    }
-                #endif
-                }
-            } while (err == WC_NO_ERR_TRACE(WC_PENDING_E));
+            WOLFSSL_ASYNC_WHILE_PENDING(
+                  ret = SSL_write(ssl, buffer, (int)min((word32)len, (word32)rx_pos)),
+                  ret <= 0);
             if (ret != (int)min((word32)len, (word32)rx_pos)) {
                 LOG_ERROR("SSL_write echo error %d\n", err);
                 err_sys_ex(runWithErrors, "SSL_write failed");
@@ -735,44 +725,44 @@ static void SetKeyShare(WOLFSSL* ssl, int onlyKeyShare, int useX25519,
             else
         #endif
         #ifndef WOLFSSL_NO_ML_KEM_512
-            if (XSTRCMP(pqcAlg, "P256_ML_KEM_512") == 0) {
-                groups[count] = WOLFSSL_P256_ML_KEM_512;
+            if (XSTRCMP(pqcAlg, "SecP256r1MLKEM512") == 0) {
+                groups[count] = WOLFSSL_SECP256R1MLKEM512;
             }
             else
         #endif
         #ifndef WOLFSSL_NO_ML_KEM_768
-            if (XSTRCMP(pqcAlg, "P384_ML_KEM_768") == 0) {
-                groups[count] = WOLFSSL_P384_ML_KEM_768;
+            if (XSTRCMP(pqcAlg, "SecP384r1MLKEM768") == 0) {
+                groups[count] = WOLFSSL_SECP384R1MLKEM768;
             }
-            else if (XSTRCMP(pqcAlg, "P256_ML_KEM_768") == 0) {
-                groups[count] = WOLFSSL_P256_ML_KEM_768;
+            else if (XSTRCMP(pqcAlg, "SecP256r1MLKEM768") == 0) {
+                groups[count] = WOLFSSL_SECP256R1MLKEM768;
             }
             else
         #endif
         #ifndef WOLFSSL_NO_ML_KEM_1024
-            if (XSTRCMP(pqcAlg, "P521_ML_KEM_1024") == 0) {
-                groups[count] = WOLFSSL_P521_ML_KEM_1024;
+            if (XSTRCMP(pqcAlg, "SecP521r1MLKEM1024") == 0) {
+                groups[count] = WOLFSSL_SECP521R1MLKEM1024;
             }
-            else if (XSTRCMP(pqcAlg, "P384_ML_KEM_1024") == 0) {
-                groups[count] = WOLFSSL_P384_ML_KEM_1024;
+            else if (XSTRCMP(pqcAlg, "SecP384r1MLKEM1024") == 0) {
+                groups[count] = WOLFSSL_SECP384R1MLKEM1024;
             }
             else
         #endif
         #if !defined(WOLFSSL_NO_ML_KEM_512) && defined(HAVE_CURVE25519)
-            if (XSTRCMP(pqcAlg, "X25519_ML_KEM_512") == 0) {
-                groups[count] = WOLFSSL_X25519_ML_KEM_512;
+            if (XSTRCMP(pqcAlg, "X25519MLKEM512") == 0) {
+                groups[count] = WOLFSSL_X25519MLKEM512;
             }
             else
         #endif
         #if !defined(WOLFSSL_NO_ML_KEM_768) && defined(HAVE_CURVE25519)
-            if (XSTRCMP(pqcAlg, "X25519_ML_KEM_768") == 0) {
-                groups[count] = WOLFSSL_X25519_ML_KEM_768;
+            if (XSTRCMP(pqcAlg, "X25519MLKEM768") == 0) {
+                groups[count] = WOLFSSL_X25519MLKEM768;
             }
             else
         #endif
         #if !defined(WOLFSSL_NO_ML_KEM_768) && defined(HAVE_CURVE448)
-            if (XSTRCMP(pqcAlg, "X448_ML_KEM_768") == 0) {
-                groups[count] = WOLFSSL_X448_ML_KEM_768;
+            if (XSTRCMP(pqcAlg, "X448MLKEM768") == 0) {
+                groups[count] = WOLFSSL_X448MLKEM768;
             }
             else
         #endif
@@ -1070,12 +1060,16 @@ static const char* server_usage_msg[][66] = {
 #ifdef HAVE_PQC
         "--pqc <alg> Key Share with specified post-quantum algorithm only:\n"
 #ifndef WOLFSSL_NO_ML_KEM
-            "            ML_KEM_512, ML_KEM_768, ML_KEM_1024, P256_ML_KEM_512,"
-            "\n"
-            "            P384_ML_KEM_768, P256_ML_KEM_768, P521_ML_KEM_1024,\n"
-            "            P384_ML_KEM_1024, X25519_ML_KEM_512, "
-            "X25519_ML_KEM_768,\n"
-            "            X448_ML_KEM_768\n"
+            "            ML_KEM_512, ML_KEM_768, ML_KEM_1024,\n"
+            "            SecP256r1MLKEM512,\n"
+            "            SecP384r1MLKEM768,\n"
+            "            SecP521r1MLKEM1024,\n"
+            "            SecP256r1MLKEM768,\n"
+            "            SecP521r1MLKEM1024,\n"
+            "            SecP384r1MLKEM1024,\n"
+            "            X25519MLKEM512,\n"
+            "            X25519MLKEM768,\n"
+            "            X448MLKEM768\n"
 #endif
 #ifdef WOLFSSL_MLKEM_KYBER
             "            KYBER_LEVEL1, KYBER_LEVEL3, KYBER_LEVEL5, "
@@ -1282,9 +1276,16 @@ static const char* server_usage_msg[][66] = {
 #ifdef HAVE_PQC
         "--pqc <alg> post-quantum 名前付きグループとの鍵共有のみ:\n"
 #ifndef WOLFSSL_NO_ML_KEM
-            "            ML_KEM_512, ML_KEM_768, ML_KEM_1024, P256_ML_KEM_512,"
-            "\n"
-            "            P384_ML_KEM_768, P521_ML_KEM_1024\n"
+            "            ML_KEM_512, ML_KEM_768, ML_KEM_1024,"
+            "            SecP256r1MLKEM512,\n"
+            "            SecP384r1MLKEM768,\n"
+            "            SecP521r1MLKEM1024,\n"
+            "            SecP256r1MLKEM768,\n"
+            "            SecP521r1MLKEM1024,\n"
+            "            SecP384r1MLKEM1024,\n"
+            "            X25519MLKEM512,\n"
+            "            X25519MLKEM768,\n"
+            "            X448MLKEM768\n"
 #endif
 #ifdef WOLFSSL_MLKEM_KYBER
             "            KYBER_LEVEL1, KYBER_LEVEL3, KYBER_LEVEL5, "
@@ -2770,7 +2771,8 @@ THREAD_RETURN WOLFSSL_THREAD server_test(void* args)
     wolfSSL_CTX_set_TicketEncCtx(ctx, &myTicketCtx);
 #endif
 
-#if defined(WOLFSSL_SNIFFER) && defined(WOLFSSL_STATIC_EPHEMERAL)
+#if defined(WOLFSSL_SNIFFER) && defined(WOLFSSL_STATIC_EPHEMERAL) && \
+    defined(WOLFSSL_PEM_TO_DER)
     /* used for testing only to set a static/fixed ephemeral key
         for use with the sniffer */
 #if defined(HAVE_ECC) && !defined(NO_ECC_SECP) && \
@@ -2803,7 +2805,7 @@ THREAD_RETURN WOLFSSL_THREAD server_test(void* args)
         err_sys_ex(runWithErrors, "error loading static X25519 key");
     }
 #endif
-#endif /* WOLFSSL_SNIFFER && WOLFSSL_STATIC_EPHEMERAL */
+#endif /* WOLFSSL_SNIFFER && WOLFSSL_STATIC_EPHEMERAL && WOLFSSL_PEM_TO_DER */
 
     if (cipherList && !useDefCipherList) {
         if (SSL_CTX_set_cipher_list(ctx, cipherList) != WOLFSSL_SUCCESS)
@@ -2848,8 +2850,13 @@ THREAD_RETURN WOLFSSL_THREAD server_test(void* args)
                 WOLFSSL_FILETYPE_ASN1) != WOLFSSL_SUCCESS)
             err_sys_ex(catastrophic, "can't load server cert buffer");
     #elif !defined(TEST_LOAD_BUFFER)
+        #if defined(WOLFSSL_PEM_TO_DER)
         if (SSL_CTX_use_certificate_chain_file(ctx, ourCert)
                                          != WOLFSSL_SUCCESS)
+        #else
+        if (wolfSSL_CTX_use_certificate_chain_file_format(ctx, ourCert,
+                WOLFSSL_FILETYPE_ASN1) != WOLFSSL_SUCCESS)
+        #endif
             err_sys_ex(catastrophic, "can't load server cert file, check file "
                        "and run from wolfSSL home dir");
     #else
@@ -2891,8 +2898,13 @@ THREAD_RETURN WOLFSSL_THREAD server_test(void* args)
             sizeof_server_key_der_2048, SSL_FILETYPE_ASN1) != WOLFSSL_SUCCESS)
             err_sys_ex(catastrophic, "can't load server private key buffer");
     #elif !defined(TEST_LOAD_BUFFER)
+        #if defined(WOLFSSL_PEM_TO_DER)
         if (SSL_CTX_use_PrivateKey_file(ctx, ourKey, WOLFSSL_FILETYPE_PEM)
                                          != WOLFSSL_SUCCESS)
+        #else
+        if (SSL_CTX_use_PrivateKey_file(ctx, ourKey, WOLFSSL_FILETYPE_ASN1)
+                                         != WOLFSSL_SUCCESS)
+        #endif
             err_sys_ex(catastrophic, "can't load server private key file, "
                        "check file and run from wolfSSL home dir");
         #ifdef WOLFSSL_DUAL_ALG_CERTS
@@ -3585,19 +3597,8 @@ THREAD_RETURN WOLFSSL_THREAD server_test(void* args)
                 } while (err == WC_NO_ERR_TRACE(WC_PENDING_E) || ret > 0);
             }
     #endif
-            do {
-                err = 0; /* reset error */
-                ret = SSL_accept(ssl);
-                if (ret != WOLFSSL_SUCCESS) {
-                    err = SSL_get_error(ssl, 0);
-                #ifdef WOLFSSL_ASYNC_CRYPT
-                    if (err == WC_NO_ERR_TRACE(WC_PENDING_E)) {
-                        ret = wolfSSL_AsyncPoll(ssl, WOLF_POLL_FLAG_CHECK_HW);
-                        if (ret < 0) break;
-                    }
-                #endif
-                }
-            } while (err == WC_NO_ERR_TRACE(WC_PENDING_E));
+            WOLFSSL_ASYNC_WHILE_PENDING(ret = SSL_accept(ssl),
+                                        ret != WOLFSSL_SUCCESS);
         }
 #else
         if (nonBlocking) {
@@ -4092,7 +4093,7 @@ exit:
 #endif
         wolfSSL_Init();
 #ifdef WC_RNG_SEED_CB
-        wc_SetSeed_Cb(wc_GenerateSeed);
+        wc_SetSeed_Cb(WC_GENERATE_SEED_DEFAULT);
 #endif
         ChangeToWolfRoot();
 
diff --git a/gencertbuf.pl b/gencertbuf.pl
index 8f0ba607c..0c2d70af8 100755
--- a/gencertbuf.pl
+++ b/gencertbuf.pl
@@ -13,7 +13,8 @@ use warnings;
 # ---- SCRIPT SETTINGS -------------------------------------------------------
 
 # output C header file to write cert/key buffers to
-my $outputFile = "./wolfssl/certs_test.h";
+my $outputFile   = "./wolfssl/certs_test.h";
+my $outputFileSM = "./wolfssl/certs_test_sm.h";
 
 # ecc keys and certs to be converted
 # Used with HAVE_ECC && USE_CERT_BUFFERS_256
@@ -109,6 +110,42 @@ my @fileList_4096 = (
         [ "./certs/dh4096.der", "dh_key_der_4096" ],
         );
 
+# SM ciphers PRM format in certs/sm2
+my @fileList_sm2 = (
+        [ "./certs/sm2/ca-sm2.pem",          "ca_sm2"          ],
+        [ "./certs/sm2/ca-sm2-key.pem",      "ca_sm2_key"      ],
+        [ "./certs/sm2/ca-sm2-priv.pem",     "ca_sm2_priv"     ],
+        [ "./certs/sm2/client-sm2.pem",      "client_sm2"      ],
+        [ "./certs/sm2/client-sm2-key.pem",  "client_sm2_key"  ],
+        [ "./certs/sm2/client-sm2-priv.pem", "client_sm2_priv" ],
+        [ "./certs/sm2/root-sm2.pem",        "root_sm2"        ],
+        [ "./certs/sm2/root-sm2-key.pem",    "root_sm2_key"    ],
+        [ "./certs/sm2/root-sm2-priv.pem",   "root_sm2_priv"   ],
+        [ "./certs/sm2/self-sm2-cert.pem",   "self_sm2_cert"   ],
+        [ "./certs/sm2/self-sm2-key.pem",    "self_sm2_key"    ],
+        [ "./certs/sm2/self-sm2-priv.pem",   "self_sm2_priv"   ],
+        [ "./certs/sm2/server-sm2.pem",      "server_sm2"      ],
+        [ "./certs/sm2/server-sm2-cert.pem", "server_sm2_cert" ],
+        [ "./certs/sm2/server-sm2-key.pem",  "server_sm2_key"  ],
+        [ "./certs/sm2/server-sm2-priv.pem", "server_sm2_priv" ],
+        );
+
+my @fileList_sm2_der = (
+        [ "./certs/sm2/ca-sm2.der",          "ca_sm2_der"          ],
+        [ "./certs/sm2/ca-sm2-key.der",      "ca_sm2_key_der"      ],
+        [ "./certs/sm2/ca-sm2-priv.der",     "ca_sm2_priv_der"     ],
+        [ "./certs/sm2/client-sm2.der",      "client_sm2_der"      ],
+        [ "./certs/sm2/client-sm2-key.der",  "client_sm2_key_der"  ],
+        [ "./certs/sm2/client-sm2-priv.der", "client_sm2_priv_der" ],
+        [ "./certs/sm2/root-sm2.der",        "root_sm2_der"        ],
+        [ "./certs/sm2/root-sm2-key.der",    "root_sm2_key_der"    ],
+        [ "./certs/sm2/root-sm2-priv.der",   "root_sm2_priv_der"   ],
+        [ "./certs/sm2/server-sm2.der",      "server_sm2_der"      ],
+        [ "./certs/sm2/server-sm2-cert.der", "server_sm2_cert_der" ],
+        [ "./certs/sm2/server-sm2-key.der",  "server_sm2_key_der"  ],
+        [ "./certs/sm2/server-sm2-priv.der", "server_sm2_priv_der" ],
+        );
+
 #Falcon Post-Quantum Keys
 #Used with HAVE_PQC
 my @fileList_falcon = (
@@ -130,15 +167,17 @@ my @fileList_sphincs = (
 
 # ----------------------------------------------------------------------------
 
-my $num_ecc = @fileList_ecc;
-my $num_ed = @fileList_ed;
-my $num_x = @fileList_x;
-my $num_1024 = @fileList_1024;
-my $num_2048 = @fileList_2048;
-my $num_3072 = @fileList_3072;
-my $num_4096 = @fileList_4096;
-my $num_falcon = @fileList_falcon;
-my $num_sphincs = @fileList_sphincs;
+my $num_ecc      = @fileList_ecc;
+my $num_ed       = @fileList_ed;
+my $num_x        = @fileList_x;
+my $num_1024     = @fileList_1024;
+my $num_2048     = @fileList_2048;
+my $num_3072     = @fileList_3072;
+my $num_4096     = @fileList_4096;
+my $num_sm2      = @fileList_sm2;
+my $num_sm2_der  = @fileList_sm2_der;
+my $num_falcon   = @fileList_falcon;
+my $num_sphincs  = @fileList_sphincs;
 
 # open our output file, "+>" creates and/or truncates
 open OUT_FILE, "+>", $outputFile  or die $!;
@@ -160,7 +199,11 @@ for (my $i = 0; $i < $num_1024; $i++) {
     print OUT_FILE "{\n";
     file_to_hex($fname);
     print OUT_FILE "};\n";
-    print OUT_FILE "static const int sizeof_$sname = sizeof($sname);\n\n";
+
+    # In C89/C90 (which Watcom generally defaults to), sizeof must be a
+    # compile-time constant expression when used in a static initializer.
+    # So don't use `static const int sizeof_` here:
+    print OUT_FILE "#define sizeof_$sname (sizeof($sname))\n\n"
 }
 print OUT_FILE "#endif /* USE_CERT_BUFFERS_1024 */\n\n";
 
@@ -177,7 +220,10 @@ for (my $i = 0; $i < $num_2048; $i++) {
     print OUT_FILE "{\n";
     file_to_hex($fname);
     print OUT_FILE "};\n";
-    print OUT_FILE "static const int sizeof_$sname = sizeof($sname);\n\n";
+    # In C89/C90 (which Watcom generally defaults to), sizeof must be a
+    # compile-time constant expression when used in a static initializer.
+    # So don't use `static const int sizeof_` here:
+    print OUT_FILE "#define sizeof_$sname (sizeof($sname))\n\n"
 }
 
 
@@ -196,7 +242,10 @@ for (my $i = 0; $i < $num_3072; $i++) {
     print OUT_FILE "{\n";
     file_to_hex($fname);
     print OUT_FILE "};\n";
-    print OUT_FILE "static const int sizeof_$sname = sizeof($sname);\n\n";
+    # In C89/C90 (which Watcom generally defaults to), sizeof must be a
+    # compile-time constant expression when used in a static initializer.
+    # So don't use `static const int sizeof_` here:
+    print OUT_FILE "#define sizeof_$sname (sizeof($sname))\n\n"
 }
 
 print OUT_FILE "#endif /* USE_CERT_BUFFERS_3072 */\n\n";
@@ -214,7 +263,10 @@ for (my $i = 0; $i < $num_4096; $i++) {
     print OUT_FILE "{\n";
     file_to_hex($fname);
     print OUT_FILE "};\n";
-    print OUT_FILE "static const int sizeof_$sname = sizeof($sname);\n\n";
+    # In C89/C90 (which Watcom generally defaults to), sizeof must be a
+    # compile-time constant expression when used in a static initializer.
+    # So don't use `static const int sizeof_` here:
+    print OUT_FILE "#define sizeof_$sname (sizeof($sname))\n\n"
 }
 
 print OUT_FILE "#endif /* USE_CERT_BUFFERS_4096 */\n\n";
@@ -231,7 +283,10 @@ for (my $i = 0; $i < $num_falcon; $i++) {
     print OUT_FILE "{\n";
     file_to_hex($fname);
     print OUT_FILE "};\n";
-    print OUT_FILE "static const int sizeof_$sname = sizeof($sname);\n\n";
+    # In C89/C90 (which Watcom generally defaults to), sizeof must be a
+    # compile-time constant expression when used in a static initializer.
+    # So don't use `static const int sizeof_` here:
+    print OUT_FILE "#define sizeof_$sname (sizeof($sname))\n\n"
 }
 
 print OUT_FILE "#endif /* HAVE_FALCON */\n\n";
@@ -500,7 +555,7 @@ static const unsigned char bench_dilithium_level2_key[] = {
     0x12, 0xea, 0xc1, 0x94, 0x37, 0xa0, 0x11, 0xff, 0xb2, 0xa4,
     0xc3, 0x61, 0xf2, 0xa3, 0x49, 0xbe, 0xe7, 0xb6, 0x96, 0x2f,
 };
-static const int sizeof_bench_dilithium_level2_key = sizeof(bench_dilithium_level2_key);
+#define sizeof_bench_dilithium_level2_key (sizeof(bench_dilithium_level2_key))
 
 #endif /* !WOLFSSL_DILITHIUM_NO_SIGN */
 
@@ -642,8 +697,8 @@ static const unsigned char bench_dilithium_level2_pubkey[] = {
     0x36, 0x8b, 0x81, 0x26, 0x99, 0x92, 0x42, 0xda, 0x45, 0xb1,
     0xfe, 0x4b,
 };
-static const int sizeof_bench_dilithium_level2_pubkey =
-    sizeof(bench_dilithium_level2_pubkey);
+#define sizeof_bench_dilithium_level2_pubkey \\
+       (sizeof(bench_dilithium_level2_pubkey))
 
 #endif /* !WOLFSSL_DILITHIUM_NO_VERIFY */
 
@@ -1057,7 +1112,7 @@ static const unsigned char bench_dilithium_level3_key[] = {
     0xd2, 0x71, 0xb2, 0x5e, 0xae, 0x72, 0xc9, 0x69, 0x3b, 0x80,
     0xc2, 0x27,
 };
-static const int sizeof_bench_dilithium_level3_key = sizeof(bench_dilithium_level3_key);
+#define sizeof_bench_dilithium_level3_key (sizeof(bench_dilithium_level3_key))
 
 #endif /* !WOLFSSL_DILITHIUM_NO_SIGN */
 
@@ -1764,7 +1819,7 @@ static const unsigned char bench_dilithium_level5_key[] = {
     0x15, 0xed, 0xa6, 0x86, 0x8f, 0x2f, 0xe5, 0x67, 0x0f, 0xdd,
     0xbf, 0x70, 0x53, 0xaa, 0x9b, 0x74,
 };
-static const int sizeof_bench_dilithium_level5_key = sizeof(bench_dilithium_level5_key);
+#define sizeof_bench_dilithium_level5_key (sizeof(bench_dilithium_level5_key))
 
 #endif /* !WOLFSSL_DILITHIUM_NO_SIGN */
 
@@ -2034,8 +2089,8 @@ static const unsigned char bench_dilithium_level5_pubkey[] = {
     0xe9, 0x0e, 0x42, 0xdd, 0x17, 0xd7, 0x6e, 0x19, 0x8d, 0x95,
     0x0a, 0x93,
 };
-static const int sizeof_bench_dilithium_level5_pubkey =
-    sizeof(bench_dilithium_level5_pubkey);
+#define sizeof_bench_dilithium_level5_pubkey \\
+       (sizeof(bench_dilithium_level5_pubkey))
 
 #endif /* !WOLFSSL_DILITHIUM_NO_VERIFY */
 
@@ -2055,7 +2110,10 @@ for (my $i = 0; $i < $num_sphincs; $i++) {
     print OUT_FILE "{\n";
     file_to_hex($fname);
     print OUT_FILE "};\n";
-    print OUT_FILE "static const int sizeof_$sname = sizeof($sname);\n\n";
+    # In C89/C90 (which Watcom generally defaults to), sizeof must be a
+    # compile-time constant expression when used in a static initializer.
+    # So don't use `static const int sizeof_` here:
+    print OUT_FILE "#define sizeof_$sname (sizeof($sname))\n\n"
 }
 
 print OUT_FILE "#endif /* HAVE_SPHINCS */\n\n";
@@ -2072,7 +2130,10 @@ for (my $i = 0; $i < $num_ecc; $i++) {
     print OUT_FILE "{\n";
     file_to_hex($fname);
     print OUT_FILE "};\n";
-    print OUT_FILE "static const int sizeof_$sname = sizeof($sname);\n\n";
+    # In C89/C90 (which Watcom generally defaults to), sizeof must be a
+    # compile-time constant expression when used in a static initializer.
+    # So don't use `static const int sizeof_` here:
+    print OUT_FILE "#define sizeof_$sname (sizeof($sname))\n\n"
 }
 print OUT_FILE "#endif /* HAVE_ECC && USE_CERT_BUFFERS_256 */\n\n";
 
@@ -2147,7 +2208,10 @@ for (my $i = 0; $i < $num_ed; $i++) {
     print OUT_FILE "{\n";
     file_to_hex($fname);
     print OUT_FILE "};\n";
-    print OUT_FILE "static const int sizeof_$sname = sizeof($sname);\n\n";
+    # In C89/C90 (which Watcom generally defaults to), sizeof must be a
+    # compile-time constant expression when used in a static initializer.
+    # So don't use `static const int sizeof_` here:
+    print OUT_FILE "#define sizeof_$sname (sizeof($sname))\n\n"
 }
 print OUT_FILE "#endif /* HAVE_ED25519 */\n\n";
 
@@ -2164,7 +2228,10 @@ for (my $i = 0; $i < $num_x; $i++) {
     print OUT_FILE "{\n";
     file_to_hex($fname);
     print OUT_FILE "};\n";
-    print OUT_FILE "static const int sizeof_$sname = sizeof($sname);\n\n";
+    # In C89/C90 (which Watcom generally defaults to), sizeof must be a
+    # compile-time constant expression when used in a static initializer.
+    # So don't use `static const int sizeof_` here:
+    print OUT_FILE "#define sizeof_$sname (sizeof($sname))\n\n"
 }
 print OUT_FILE "#endif /* USE_CERT_BUFFERS_25519 */\n\n";
 
@@ -2174,9 +2241,68 @@ print OUT_FILE "#endif /* WOLFSSL_CERTS_TEST_H */\n\n";
 # close certs_test.h file
 close OUT_FILE or die $!;
 
+#---------------------------------------------------------------------------
+# open our output file, "+>" creates and/or truncates
+open OUT_FILE_SM, "+>", $outputFileSM  or die $!;
+
+print OUT_FILE_SM "/* certs_test_sm.h */\n";
+print OUT_FILE_SM "/* This file was generated using: ./gencertbuf.pl */\n\n";
+print OUT_FILE_SM "#ifndef WOLFSSL_CERTS_TEST_SM_H\n";
+print OUT_FILE_SM "#define WOLFSSL_CERTS_TEST_SM_H\n\n";
+print OUT_FILE_SM "#if defined(WOLFSSL_SM2) || defined(WOLFSSL_SM3) || defined(WOLFSSL_SM4)\n\n";
+print OUT_FILE_SM "    /* DER Certs Begin */\n\n";
+
+# convert and print SM2 DER format certs/keys
+for (my $i = 0; $i < $num_sm2_der; $i++) {
+
+    my $fname = $fileList_sm2_der[$i][0];
+    my $sname = $fileList_sm2_der[$i][1];
+
+    print OUT_FILE_SM "/* $fname */\n";
+    print OUT_FILE_SM "static const unsigned char $sname\[] =\n";
+    print OUT_FILE_SM "{\n";
+    file_to_hex($fname, \*OUT_FILE_SM);
+    print OUT_FILE_SM "};\n";
+    # In C89/C90 (which Watcom generally defaults to), sizeof must be a
+    # compile-time constant expression when used in a static initializer.
+    # So don't use `static const int sizeof_` here:
+    print OUT_FILE_SM "#define sizeof_$sname (sizeof($sname))\n\n";
+}
+print OUT_FILE_SM "    /* DER Certs End */\n\n";
+
+
+# convert and print SM2 PEM format certs/keys
+print OUT_FILE_SM "#ifdef WOLFSSL_NO_PEM\n\n";
+print OUT_FILE_SM "    /* SM PEM Certs disabled */\n\n";
+print OUT_FILE_SM "#else\n\n";
+
+for (my $i = 0; $i < $num_sm2; $i++) {
+
+    my $fname = $fileList_sm2[$i][0];
+    my $sname = $fileList_sm2[$i][1];
+
+    print OUT_FILE_SM "/* $fname */\n";
+    print OUT_FILE_SM "static const unsigned char $sname\[] =\n";
+    print OUT_FILE_SM "{\n";
+    file_to_hex($fname, \*OUT_FILE_SM);
+    print OUT_FILE_SM "};\n";
+    # In C89/C90 (which Watcom generally defaults to), sizeof must be a
+    # compile-time constant expression when used in a static initializer.
+    # So don't use `static const int sizeof_` here:
+    print OUT_FILE_SM "#define sizeof_$sname (sizeof($sname))\n\n";
+}
+
+print OUT_FILE_SM "#endif /* WOLFSSL_NO_PEM */\n\n";
+print OUT_FILE_SM "#endif /* WOLFSSL_SM2 || WOLFSSL_SM3 || WOLFSSL_SM4 */\n";
+print OUT_FILE_SM "#endif /* WOLFSSL_CERTS_TEST_SM_H */\n";
+
+# close certs_test_sm.h file
+close OUT_FILE_SM or die $!;
+
 # print file as hex, comma-separated, as needed by C buffer
 sub file_to_hex {
-    my $fileName = $_[0];
+    my ($fileName, $out_fh) = @_;
+    $out_fh //= \*OUT_FILE;   # default handle
 
     open my $fp, "<", $fileName or die $!;
     binmode($fp);
@@ -2187,26 +2313,27 @@ sub file_to_hex {
     for (my $i = 0, my $j = 1; $i < $fileLen; $i++, $j++)
     {
         if ($j == 1) {
-            print OUT_FILE "        ";
+            print {$out_fh} "        ";
         }
         if ($j != 1) {
-            print OUT_FILE " ";
+            print {$out_fh} " ";
         }
         read($fp, $byte, 1) or die "Error reading $fileName";
         my $output = sprintf("0x%02X", ord($byte));
-        print OUT_FILE $output;
+        print {$out_fh} $output;
 
         if ($i != ($fileLen - 1)) {
-            print OUT_FILE ",";
+            print {$out_fh} ",";
         }
 
         if ($j == 10) {
             $j = 0;
-            print OUT_FILE "\n";
+            print {$out_fh} "\n";
         }
     }
 
-    print OUT_FILE "\n";
+    print {$out_fh} "\n";
 
     close($fp);
 }
+
diff --git a/linuxkm/Kbuild b/linuxkm/Kbuild
index 282bd7ad0..74f055061 100644
--- a/linuxkm/Kbuild
+++ b/linuxkm/Kbuild
@@ -101,8 +101,14 @@ $(obj)/wolfcrypt/test/test.o: ccflags-y += -DNO_MAIN_DRIVER -DWOLFSSL_NO_OPTIONS
 $(obj)/wolfcrypt/src/aes.o: ccflags-y = $(WOLFSSL_CFLAGS) $(WOLFSSL_CFLAGS_YES_VECTOR_INSNS)
 
 ifeq "$(ENABLED_LINUXKM_PIE)" "yes"
+    # note, we need -fno-stack-protector to avoid references to
+    # "__stack_chk_fail" from the wolfCrypt container.
     PIE_FLAGS := -fPIE -fno-stack-protector -fno-toplevel-reorder
     PIE_SUPPORT_FLAGS := -DUSE_WOLFSSL_LINUXKM_PIE_REDIRECT_TABLE
+    # the kernel sanitizers generate external references to
+    # __ubsan_handle_out_of_bounds(), __ubsan_handle_shift_out_of_bounds(), etc.
+    KASAN_SANITIZE := n
+    UBSAN_SANITIZE := n
     ifeq "$(KERNEL_ARCH_X86)" "yes"
         PIE_FLAGS += -mcmodel=small
         ifeq "$(CONFIG_MITIGATION_RETPOLINE)" "y"
@@ -121,9 +127,17 @@ ifeq "$(ENABLED_LINUXKM_PIE)" "yes"
     endif
     $(WOLFCRYPT_PIE_FILES): ccflags-y += $(PIE_SUPPORT_FLAGS) $(PIE_FLAGS)
     $(WOLFCRYPT_PIE_FILES): ccflags-remove-y += -pg
-    # disabling retpoline generation leads to profuse warnings without this:
-    $(WOLFCRYPT_PIE_FILES): OBJECT_FILES_NON_STANDARD := y
     $(obj)/linuxkm/module_hooks.o: ccflags-y += $(PIE_SUPPORT_FLAGS)
+    # using inline retpolines leads to "unannotated intra-function call"
+    # warnings from objtool without this:
+    $(WOLFCRYPT_PIE_FILES): OBJECT_FILES_NON_STANDARD := y
+    ifdef FORCE_GLOBAL_OBJTOOL_OFF
+        undefine CONFIG_OBJTOOL
+    endif
+endif
+
+ifdef KERNEL_EXTRA_CFLAGS_REMOVE
+    ccflags-remove-y += KERNEL_EXTRA_CFLAGS_REMOVE
 endif
 
 $(obj)/wolfcrypt/benchmark/benchmark.o: ccflags-y = $(WOLFSSL_CFLAGS) $(CFLAGS_FPU_ENABLE) $(CFLAGS_SIMD_ENABLE) $(PIE_SUPPORT_FLAGS) -DNO_MAIN_FUNCTION -DWOLFSSL_NO_OPTIONS_H
@@ -154,6 +168,8 @@ $(obj)/wolfcrypt/src/poly1305_asm.o: asflags-y = $(WOLFSSL_ASFLAGS) $(ASFLAGS_FP
 $(obj)/wolfcrypt/src/poly1305_asm.o: OBJECT_FILES_NON_STANDARD := y
 $(obj)/wolfcrypt/src/wc_mlkem_asm.o: asflags-y = $(WOLFSSL_ASFLAGS) $(ASFLAGS_FPU_DISABLE_SIMD_ENABLE)
 $(obj)/wolfcrypt/src/wc_mlkem_asm.o: OBJECT_FILES_NON_STANDARD := y
+$(obj)/wolfcrypt/src/wc_mldsa_asm.o: asflags-y = $(WOLFSSL_ASFLAGS) $(ASFLAGS_FPU_DISABLE_SIMD_ENABLE)
+$(obj)/wolfcrypt/src/wc_mldsa_asm.o: OBJECT_FILES_NON_STANDARD := y
 
 ifndef READELF
     READELF := readelf
@@ -163,8 +179,6 @@ ifeq "$(ENABLED_LINUXKM_PIE)" "yes"
 
 LDFLAGS_libwolfssl.o += -T $(src)/wolfcrypt.lds
 
-rename-pie-text-and-data-sections: $(WOLFSSL_OBJ_TARGETS)
-
 ifndef NM
     NM := nm
 endif
@@ -173,41 +187,41 @@ ifndef OBJCOPY
     OBJCOPY := objcopy
 endif
 
-.PHONY: rename-pie-text-and-data-sections
-rename-pie-text-and-data-sections:
-ifneq "$(quiet)" "silent_"
-	@echo -n '  Checking wolfCrypt for unresolved symbols and forbidden relocations... '
-endif
-	@cd "$(obj)" || exit $$?
-	$(LD) -relocatable -o wolfcrypt_test_link.o $(WOLFCRYPT_PIE_FILES) || exit $$?
-	undefined=$$($(NM) --undefined-only wolfcrypt_test_link.o) || exit $$?
-	GOT_relocs=$$($(READELF) --relocs --wide wolfcrypt_test_link.o | egrep '^[^ ]+ +[^ ]+ +[^ ]*GOT[^ ]* ') || [ $$? = 1 ] || exit 2
-	rm wolfcrypt_test_link.o
-	if [ -n "$$undefined" ]; then
-	    echo "wolfCrypt container has unresolved symbols:" 1>&2
-	    echo "$$undefined" 1>&2
-	    exit 1
-	fi
-	if [ -n "$$GOT_relocs" ]; then
-	    echo "wolfCrypt container has GOT relocations (non-local function address used as operand?):" 1>&2
-	    echo "$$GOT_relocs" 1>&2
-	    exit 1
-	fi
-ifneq "$(quiet)" "silent_"
-	echo 'OK.'
-endif
-	cd "$(obj)" || exit $$?
-	for file in $(WOLFCRYPT_PIE_FILES); do
+RENAME_PIE_TEXT_AND_DATA_SECTIONS := \
+	if [[ "$(quiet)" != "silent_" ]]; then \
+	    echo -n '  Checking wolfCrypt for unresolved symbols and forbidden relocations... '; \
+	fi; \
+	cd "$(obj)" || exit $$?; \
+	$(LD) -relocatable -o wolfcrypt_test_link.o $(WOLFCRYPT_PIE_FILES) || exit $$?; \
+	undefined=$$($(NM) --undefined-only wolfcrypt_test_link.o) || exit $$?; \
+	GOT_relocs=$$($(READELF) --relocs --wide wolfcrypt_test_link.o | grep -E '^[^ ]+ +[^ ]+ +[^ ]*GOT[^ ]* ') || [ $$? = 1 ] || exit 2; \
+	rm wolfcrypt_test_link.o; \
+	if [ -n "$$undefined" ]; then \
+	    echo "wolfCrypt container has unresolved symbols:" 1>&2; \
+	    echo "$$undefined" 1>&2; \
+	    exit 1; \
+	fi; \
+	if [ -n "$$GOT_relocs" ]; then \
+	    echo "wolfCrypt container has GOT relocations (non-local function address used as operand?):" 1>&2; \
+	    echo "$$GOT_relocs" 1>&2; \
+	    exit 1; \
+	fi; \
+	if [[ "$(quiet)" != "silent_" ]]; then \
+	    echo 'OK.'; \
+	fi; \
+	cd "$(obj)" || exit $$?; \
+	for file in $(WOLFCRYPT_PIE_FILES); do			\
 	    $(OBJCOPY) --rename-section .text=.text.wolfcrypt	\
 	    --rename-section .text.unlikely=.text.wolfcrypt	\
 	    --rename-section .rodata=.rodata.wolfcrypt		\
 	    --rename-section .rodata.str1.1=.rodata.wolfcrypt	\
 	    --rename-section .rodata.str1.8=.rodata.wolfcrypt	\
 	    --rename-section .rodata.cst16=.rodata.wolfcrypt	\
+	    --rename-section .rodata.cst32=.rodata.wolfcrypt	\
 	    --rename-section .data=.data.wolfcrypt		\
 	    --rename-section .data.rel.local=.data.wolfcrypt    \
-	    --rename-section .bss=.bss.wolfcrypt "$$file" || exit $$?
-	done
+	    --rename-section .bss=.bss.wolfcrypt "$$file" || exit $$?; \
+	done; \
 	[ "$(KERNEL_ARCH_X86)" != "yes" ] ||			\
 	{ $(READELF) --sections --syms --wide $(WOLFCRYPT_PIE_FILES) |	\
 	$(AWK) -v obj="$(obj)" '					\
@@ -281,19 +295,16 @@ endif
 		} else {						\
 		    exit(0);						\
 	    }}'; } || \
-	{ echo 'Error: symbol(s) missed by containerization.' >&2; exit 1; }
-ifneq "$(quiet)" "silent_"
-	echo '  wolfCrypt .{text,data,rodata} sections containerized to .{text,data,rodata}.wolfcrypt'
+	{ echo 'Error: symbol(s) missed by containerization.' >&2; exit 1; }; \
+	if [[ "$(quiet)" != "silent_" ]]; then \
+	    echo '  wolfCrypt .{text,data,rodata} sections containerized to .{text,data,rodata}.wolfcrypt'; \
+	fi
 endif
 
-$(obj)/linuxkm/module_exports.c: rename-pie-text-and-data-sections
-
-endif
-
-
 # auto-generate the exported symbol list, leveraging the WOLFSSL_API visibility tags.
 # exclude symbols that don't match wc_* or wolf*.
-$(obj)/linuxkm/module_exports.c: $(src)/module_exports.c.template $(WOLFSSL_OBJ_TARGETS)
+$(obj)/linuxkm/module_exports.c: $(src)/module_exports.c.template $(WOLFSSL_OBJ_TARGETS) $(obj)/linuxkm/module_hooks.o
+	@$(RENAME_PIE_TEXT_AND_DATA_SECTIONS)
 	@cp $< $@ || exit $$?
 	if [[ "$${VERSION}" -gt 6 || ("$${VERSION}" -eq 6 && "$${PATCHLEVEL}" -ge 13) ]]; then
 	    # use ASCII octal escape to avoid syntax disruption in the awk script.
@@ -301,7 +312,7 @@ $(obj)/linuxkm/module_exports.c: $(src)/module_exports.c.template $(WOLFSSL_OBJ_
 	else
 	    ns='WOLFSSL'
 	fi
-	$(READELF) --symbols --wide $(WOLFSSL_OBJ_TARGETS) |
+	$(READELF) --symbols --wide $(filter %.o,$^) |
 		$(AWK) '/^ *[0-9]+: / {
 		  if ($$8 !~ /^(wc_|wolf|WOLF|TLSX_)/){next;}
 		  if (($$4 == "FUNC") && ($$5 == "GLOBAL") && ($$6 == "DEFAULT")) {
diff --git a/linuxkm/Makefile b/linuxkm/Makefile
index 98198f35c..c0914347c 100644
--- a/linuxkm/Makefile
+++ b/linuxkm/Makefile
@@ -18,12 +18,11 @@
 # along with this program; if not, write to the Free Software
 # Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA
 
+.ONESHELL:
 SHELL=bash
 
 all: libwolfssl.ko libwolfssl.ko.signed
 
-.PHONY: libwolfssl.ko
-
 ifndef MODULE_TOP
     MODULE_TOP=$(CURDIR)
 endif
@@ -54,7 +53,7 @@ ifeq "$(ENABLED_LINUXKM_BENCHMARKS)" "yes"
 endif
 
 ifeq "$(ENABLED_LINUXKM_PIE)" "yes"
-    WOLFCRYPT_PIE_FILES := linuxkm/pie_first.o $(filter wolfcrypt/src/%,$(WOLFSSL_OBJ_FILES)) linuxkm/pie_redirect_table.o linuxkm/pie_last.o
+    WOLFCRYPT_PIE_FILES := $(filter wolfcrypt/src/%,$(WOLFSSL_OBJ_FILES)) linuxkm/pie_redirect_table.o
     WOLFSSL_OBJ_FILES := $(WOLFCRYPT_PIE_FILES) $(filter-out $(WOLFCRYPT_PIE_FILES),$(WOLFSSL_OBJ_FILES))
 endif
 
@@ -82,51 +81,134 @@ ifdef LD
     endif
 endif
 
+ifndef READELF
+    READELF := readelf
+endif
+
+ifndef AWK
+    AWK := awk
+endif
+
+ifndef TMPDIR
+    TMPDIR := /tmp
+endif
+
+ifndef MAKE_TMPDIR
+    MAKE_TMPDIR := $(TMPDIR)
+endif
+
+GENERATE_RELOC_TAB := $(READELF) --wide -r libwolfssl.ko |				\
+	$(AWK) 'BEGIN {									\
+	    n=0;									\
+	    bad_relocs=0;								\
+	    printf("%s\n    ",								\
+	        "const unsigned int wc_linuxkm_pie_reloc_tab[] = { ");			\
+	}										\
+	/^Relocation section '\''\.rela\.text\.wolfcrypt'\''/ {				\
+	    p=1;									\
+	    next;									\
+	}										\
+	/^Relocation section/ {								\
+	    p=0;									\
+	}										\
+	/^0/ {										\
+	    if (p) {									\
+	        if ($$3 !~ "^(R_X86_64_PLT32|R_X86_64_PC32|R_AARCH64_.*)$$") {		\
+	            print "Unexpected relocation type:\n" $$0 >"/dev/stderr";		\
+	            ++bad_relocs;							\
+	        }									\
+	        printf("0x%s%s",							\
+	            gensub("^0*","",1,$$1),						\
+	            ((++n%8) ? ", " : ",\n    "));					\
+	    }										\
+	}										\
+	END {										\
+	    if (bad_relocs) {								\
+	        print "Found " bad_relocs " unexpected relocations." >"/dev/stderr";	\
+	        exit(1);								\
+	    }										\
+	    print "~0U };\nconst size_t wc_linuxkm_pie_reloc_tab_length = sizeof wc_linuxkm_pie_reloc_tab / sizeof wc_linuxkm_pie_reloc_tab[0];";\
+	}'
+
+.PHONY: libwolfssl.ko
 libwolfssl.ko:
 	@if test -z '$(KERNEL_ROOT)'; then echo '$$KERNEL_ROOT is unset' >&2; exit 1; fi
 	@if test -z '$(AM_CFLAGS)$(CFLAGS)'; then echo '$$AM_CFLAGS and $$CFLAGS are both unset.' >&2; exit 1; fi
 	@if test -z '$(src_libwolfssl_la_OBJECTS)'; then echo '$$src_libwolfssl_la_OBJECTS is unset.' >&2; exit 1; fi
         # after commit 9a0ebe5011 (6.10), sources must be in $(obj).  work around this by making links to all needed sources:
 	@mkdir -p '$(MODULE_TOP)/linuxkm'
-	@test '$(MODULE_TOP)/module_hooks.c' -ef '$(MODULE_TOP)/linuxkm/module_hooks.c' || cp --no-dereference --symbolic-link --no-clobber '$(MODULE_TOP)'/*.[ch] '$(MODULE_TOP)/linuxkm/'
-	@test '$(SRC_TOP)/wolfcrypt/src/wc_port.c' -ef '$(MODULE_TOP)/wolfcrypt/src/wc_port.c' || cp --no-dereference --symbolic-link --no-clobber --recursive '$(SRC_TOP)/wolfcrypt' '$(MODULE_TOP)/'
-	@test '$(SRC_TOP)/src/wolfio.c' -ef '$(MODULE_TOP)/src/wolfio.c' || cp --no-dereference --symbolic-link --no-clobber --recursive '$(SRC_TOP)/src' '$(MODULE_TOP)/'
+	@test '$(MODULE_TOP)/module_hooks.c' -ef '$(MODULE_TOP)/linuxkm/module_hooks.c' || cp --verbose --no-dereference --symbolic-link --no-clobber '$(MODULE_TOP)'/*.[ch] '$(MODULE_TOP)/linuxkm/'
+	@test '$(SRC_TOP)/wolfcrypt/src/wc_port.c' -ef '$(MODULE_TOP)/wolfcrypt/src/wc_port.c' || cp --verbose --no-dereference --symbolic-link --no-clobber --recursive '$(SRC_TOP)/wolfcrypt' '$(MODULE_TOP)/'
+	@test '$(SRC_TOP)/src/wolfio.c' -ef '$(MODULE_TOP)/src/wolfio.c' || cp --verbose --no-dereference --symbolic-link --no-clobber --recursive '$(SRC_TOP)/src' '$(MODULE_TOP)/'
 ifeq "$(ENABLED_LINUXKM_PIE)" "yes"
+	@$(eval RELOC_TMP := $(shell mktemp "$(MAKE_TMPDIR)/wc_linuxkm_pie_reloc_tab.c.XXXXXX"))
+	@[[ -f wc_linuxkm_pie_reloc_tab.c ]] || echo -e "const unsigned int wc_linuxkm_pie_reloc_tab[] = { ~0U };\nconst size_t wc_linuxkm_pie_reloc_tab_length = 1;" > wc_linuxkm_pie_reloc_tab.c
+	@if [[ -f libwolfssl.ko ]]; then touch -r libwolfssl.ko "$(RELOC_TMP)"; fi
 	+$(MAKE) ARCH='$(KERNEL_ARCH)' $(OVERRIDE_PATHS) $(CROSS_COMPILE) -C '$(KERNEL_ROOT)' M='$(MODULE_TOP)' $(KBUILD_EXTRA_FLAGS) CC_FLAGS_FTRACE=
+	# if the above make didn't build a fresh libwolfssl.ko, then the module is already up to date and we leave it untouched, assuring stability for purposes of module-update-fips-hash.
+	@if [[ ! libwolfssl.ko -nt "$(RELOC_TMP)" ]]; then rm "$(RELOC_TMP)"; exit 0; fi
+	@$(GENERATE_RELOC_TAB) >| wc_linuxkm_pie_reloc_tab.c
+	+$(MAKE) ARCH='$(KERNEL_ARCH)' $(OVERRIDE_PATHS) $(CROSS_COMPILE) -C '$(KERNEL_ROOT)' M='$(MODULE_TOP)' $(KBUILD_EXTRA_FLAGS) CC_FLAGS_FTRACE=
+	@$(GENERATE_RELOC_TAB) >| $(RELOC_TMP)
+	@if diff wc_linuxkm_pie_reloc_tab.c $(RELOC_TMP); then echo " Relocation table is stable."; else echo "PIE failed: relocation table is unstable." 1>&2; rm $(RELOC_TMP); exit 1; fi
+	@rm $(RELOC_TMP)
 else
 	+$(MAKE) ARCH='$(KERNEL_ARCH)' $(OVERRIDE_PATHS) $(CROSS_COMPILE) -C '$(KERNEL_ROOT)' M='$(MODULE_TOP)' $(KBUILD_EXTRA_FLAGS)
 endif
 
+.PHONY: module-update-fips-hash
+module-update-fips-hash: libwolfssl.ko
+	@if test -z '$(FIPS_HASH)'; then echo '  $$FIPS_HASH is unset' >&2; exit 1; fi
+	@if [[ ! '$(FIPS_HASH)' =~ [0-9a-fA-F]{64} ]]; then echo '  $$FIPS_HASH is malformed' >&2; exit 1; fi
+	@readarray -t rodata_segment < <($(READELF) --wide --sections libwolfssl.ko | \
+	    sed -E -n 's/^[[:space:]]*\[[[:space:]]*([0-9]+)\][[:space:]]+\.rodata\.wolfcrypt[[:space:]]+PROGBITS[[:space:]]+[0-9a-fA-F]+[[:space:]]+([0-9a-fA-F]+)[[:space:]].*$$/\1\n\2/p'); \
+	if [[ $${#rodata_segment[@]} != 2 ]]; then echo '  unexpected rodata_segment.' >&2; exit 1; fi; \
+	readarray -t verifyCore_attrs < <($(READELF) --wide --symbols libwolfssl.ko | \
+	    sed -E -n 's/^[[:space:]]*[0-9]+: ([0-9a-fA-F]+)[[:space:]]+([0-9]+)[[:space:]]+OBJECT[[:space:]]+[A-Z]+[[:space:]]+[A-Z]+[[:space:]]+'"$${rodata_segment[0]}"'[[:space:]]+verifyCore$$/\1\n\2/p'); \
+	if [[ $${#verifyCore_attrs[@]} != 2 ]]; then echo '  unexpected verifyCore_attrs.' >&2; exit 1; fi; \
+	if [[ "$${verifyCore_attrs[1]}" != "65" ]]; then echo "  verifyCore has unexpected length $${verifyCore_attrs[1]}." >&2; exit 1; fi; \
+	verifyCore_offset=$$((0x$${rodata_segment[1]} + 0x$${verifyCore_attrs[0]})); \
+	current_verifyCore=$$(dd bs=1 if=libwolfssl.ko skip=$$verifyCore_offset count=64 status=none); \
+	if [[ ! "$$current_verifyCore" =~ [0-9a-fA-F]{64} ]]; then echo "  verifyCore at offset $$verifyCore_offset has unexpected value." >&2; exit 1; fi; \
+	if [[ '$(FIPS_HASH)' == "$$current_verifyCore" ]]; then echo '  Supplied FIPS_HASH matches existing verifyCore -- no update needed.'; exit 0; fi; \
+	echo -n '$(FIPS_HASH)' | dd bs=1 conv=notrunc of=libwolfssl.ko seek=$$verifyCore_offset count=64 status=none && \
+	echo "  FIPS verifyCore updated successfully." && \
+	if [[ -f libwolfssl.ko.signed ]]; then $(MAKE) -C . libwolfssl.ko.signed; fi
+
 libwolfssl.ko.signed: libwolfssl.ko
-	@cd '$(KERNEL_ROOT)' || exit $$?;							\
-	while read configline; do								\
-		case "$$configline" in								\
-		CONFIG_MODULE_SIG*=*)								\
-			declare "$${configline%=*}"="$${configline#*=}"				\
-			;;									\
-		esac;										\
-	done < .config || exit $$?;								\
-	if [[ "$${CONFIG_MODULE_SIG}" = "y" && -n "$${CONFIG_MODULE_SIG_KEY}" && 		\
-		-n "$${CONFIG_MODULE_SIG_HASH}" && ( ! -f '$(MODULE_TOP)/$@' ||			\
-			'$(MODULE_TOP)/$<' -nt '$(MODULE_TOP)/$@' ) ]]; then			\
-		CONFIG_MODULE_SIG_KEY="$${CONFIG_MODULE_SIG_KEY#\"}";				\
-		CONFIG_MODULE_SIG_KEY="$${CONFIG_MODULE_SIG_KEY%\"}";				\
-		CONFIG_MODULE_SIG_HASH="$${CONFIG_MODULE_SIG_HASH#\"}";				\
-		CONFIG_MODULE_SIG_HASH="$${CONFIG_MODULE_SIG_HASH%\"}";				\
-		cp -p '$(MODULE_TOP)/$<' '$(MODULE_TOP)/$@' || exit $$?;			\
-		./scripts/sign-file "$${CONFIG_MODULE_SIG_HASH}"				\
-				    "$${CONFIG_MODULE_SIG_KEY}"					\
-				    "$${CONFIG_MODULE_SIG_KEY/%.pem/.x509}"			\
-				    '$(MODULE_TOP)/$@';						\
-		sign_file_exitval=$$?;								\
-		if [[ $$sign_file_exitval != 0 ]]; then						\
-			$(RM) -f '$(MODULE_TOP)/$@';						\
-			exit $$sign_file_exitval;						\
-		fi;										\
-		if [[ "$(quiet)" != "silent_" ]]; then						\
-			echo "  Module $@ signed by $${CONFIG_MODULE_SIG_KEY}.";		\
-		fi										\
+ifdef FORCE_NO_MODULE_SIG
+	@echo 'Skipping module signature operation because FORCE_NO_MODULE_SIG.'
+else
+	@cd '$(KERNEL_ROOT)' || exit $$?;						\
+	while read configline; do							\
+		case "$$configline" in							\
+		CONFIG_MODULE_SIG*=*)							\
+			declare "$${configline%=*}"="$${configline#*=}"			\
+			;;								\
+		esac;									\
+	done < .config || exit $$?;							\
+	if [[ "$${CONFIG_MODULE_SIG}" = "y" && -n "$${CONFIG_MODULE_SIG_KEY}" && 	\
+		-n "$${CONFIG_MODULE_SIG_HASH}" && ( ! -f '$(MODULE_TOP)/$@' ||		\
+			'$(MODULE_TOP)/$<' -nt '$(MODULE_TOP)/$@' ) ]]; then		\
+		CONFIG_MODULE_SIG_KEY="$${CONFIG_MODULE_SIG_KEY#\"}";			\
+		CONFIG_MODULE_SIG_KEY="$${CONFIG_MODULE_SIG_KEY%\"}";			\
+		CONFIG_MODULE_SIG_HASH="$${CONFIG_MODULE_SIG_HASH#\"}";			\
+		CONFIG_MODULE_SIG_HASH="$${CONFIG_MODULE_SIG_HASH%\"}";			\
+		cp -p '$(MODULE_TOP)/$<' '$(MODULE_TOP)/$@' || exit $$?;		\
+		./scripts/sign-file "$${CONFIG_MODULE_SIG_HASH}"			\
+				    "$${CONFIG_MODULE_SIG_KEY}"				\
+				    "$${CONFIG_MODULE_SIG_KEY/%.pem/.x509}"		\
+				    '$(MODULE_TOP)/$@';					\
+		sign_file_exitval=$$?;							\
+		if [[ $$sign_file_exitval != 0 ]]; then					\
+			$(RM) -f '$(MODULE_TOP)/$@';					\
+			exit $$sign_file_exitval;					\
+		fi;									\
+		if [[ "$(quiet)" != "silent_" ]]; then					\
+			echo "  Module $@ signed by $${CONFIG_MODULE_SIG_KEY}.";	\
+		fi									\
 	fi
+endif
 
 
 .PHONY: install modules_install
diff --git a/linuxkm/include.am b/linuxkm/include.am
index 318465d00..353911615 100644
--- a/linuxkm/include.am
+++ b/linuxkm/include.am
@@ -8,9 +8,7 @@ EXTRA_DIST += m4/ax_linuxkm.m4 \
 	      linuxkm/get_thread_size.c \
 	      linuxkm/module_hooks.c \
 	      linuxkm/module_exports.c.template \
-	      linuxkm/pie_first.c \
 	      linuxkm/pie_redirect_table.c \
-	      linuxkm/pie_last.c \
 	      linuxkm/linuxkm_memory.c \
 	      linuxkm/linuxkm_wc_port.h \
 	      linuxkm/x86_vector_register_glue.c \
diff --git a/linuxkm/linuxkm_wc_port.h b/linuxkm/linuxkm_wc_port.h
index 214eccf04..aa2f25c6d 100644
--- a/linuxkm/linuxkm_wc_port.h
+++ b/linuxkm/linuxkm_wc_port.h
@@ -81,28 +81,38 @@
      * kvrealloc() added in de2860f463, merged for 5.15, backported to 5.10.137.
      * moved to ultimate home (slab.h) in 8587ca6f34, merged for 5.16.
      *
-     * however, until 6.11, it took an extra argument, oldsize, that makes it
-     * incompatible with traditional libc usage patterns, so we don't try to use it.
+     * however, until 6.12 (commit 590b9d576c), it took an extra argument,
+     * oldsize, that makes it incompatible with traditional libc usage patterns,
+     * so we don't try to use it.
      */
-    #if LINUX_VERSION_CODE >= KERNEL_VERSION(4, 12, 0)
+    #if LINUX_VERSION_CODE >= KERNEL_VERSION(4, 12, 0) && \
+        !defined(DONT_HAVE_KVMALLOC) && !defined(HAVE_KVMALLOC)
         #define HAVE_KVMALLOC
     #endif
-    #if LINUX_VERSION_CODE >= KERNEL_VERSION(6, 11, 0)
+    #if LINUX_VERSION_CODE >= KERNEL_VERSION(6, 12, 0) && \
+        !defined(DONT_HAVE_KVREALLOC) && !defined(HAVE_KVREALLOC)
         #define HAVE_KVREALLOC
     #endif
 
     #ifdef WOLFCRYPT_ONLY
-        #ifdef HAVE_KVMALLOC
+        #if defined(HAVE_KVMALLOC) && \
+            !defined(DONT_USE_KVMALLOC) && !defined(USE_KVMALLOC)
             #define USE_KVMALLOC
         #endif
-        #ifdef HAVE_KVREALLOC
+        #if defined(HAVE_KVREALLOC) && \
+            !defined(DONT_USE_KVREALLOC) && !defined(USE_KVREALLOC)
             #define USE_KVREALLOC
         #endif
     #else
         /* functioning realloc() is needed for the TLS stack. */
-        #if defined(HAVE_KVMALLOC) && defined(HAVE_KVREALLOC)
-            #define USE_KVMALLOC
-            #define USE_KVREALLOC
+        #if defined(HAVE_KVMALLOC) && defined(HAVE_KVREALLOC) && \
+            !defined(DONT_USE_KVMALLOC) && !defined(DONT_USE_KVREALLOC)
+            #ifndef USE_KVMALLOC
+                #define USE_KVMALLOC
+            #endif
+            #ifndef USE_KVREALLOC
+                #define USE_KVREALLOC
+            #endif
         #endif
     #endif
 
@@ -116,6 +126,54 @@
     extern int wc_lkm_LockMutex(struct wolfSSL_Mutex* m);
 #endif
 
+    #ifndef WC_LINUXKM_INTR_SIGNALS
+        #define WC_LINUXKM_INTR_SIGNALS { SIGKILL, SIGABRT, SIGHUP, SIGINT }
+    #endif
+    extern int wc_linuxkm_check_for_intr_signals(void);
+    #ifndef WC_LINUXKM_MAX_NS_WITHOUT_YIELD
+        #define WC_LINUXKM_MAX_NS_WITHOUT_YIELD 1000000000
+    #endif
+    extern void wc_linuxkm_relax_long_loop(void);
+
+    enum wc_svr_flags {
+        WC_SVR_FLAG_NONE = 0,
+        WC_SVR_FLAG_INHIBIT = 1,
+    };
+
+    #if defined(WOLFSSL_AESNI) || defined(USE_INTEL_SPEEDUP) || \
+        defined(WOLFSSL_SP_X86_64_ASM)
+        #ifndef CONFIG_X86
+            #error X86 SIMD extensions requested, but CONFIG_X86 is not set.
+        #endif
+        #define WOLFSSL_LINUXKM_SIMD
+        #define WOLFSSL_LINUXKM_SIMD_X86
+        #ifndef WOLFSSL_USE_SAVE_VECTOR_REGISTERS
+            #define WOLFSSL_USE_SAVE_VECTOR_REGISTERS
+        #endif
+    #elif defined(WOLFSSL_ARMASM) || defined(WOLFSSL_SP_ARM32_ASM) || \
+          defined(WOLFSSL_SP_ARM64_ASM) || defined(WOLFSSL_SP_ARM_THUMB_ASM) ||\
+          defined(WOLFSSL_SP_ARM_CORTEX_M_ASM)
+        #if !defined(CONFIG_ARM) && !defined(CONFIG_ARM64)
+            #error ARM SIMD extensions requested, but CONFIG_ARM* is not set.
+        #endif
+        #define WOLFSSL_LINUXKM_SIMD
+        #define WOLFSSL_LINUXKM_SIMD_ARM
+        #ifndef WOLFSSL_USE_SAVE_VECTOR_REGISTERS
+            #define WOLFSSL_USE_SAVE_VECTOR_REGISTERS
+        #endif
+    #endif
+
+    #if defined(HAVE_HASHDRBG) && defined(HAVE_FIPS) && FIPS_VERSION3_LT(6, 0, 0) && \
+            (defined(HAVE_INTEL_RDSEED) || defined(HAVE_AMD_RDSEED)) && \
+            !defined(WC_LINUXKM_RDSEED_IN_GLUE_LAYER)
+        #define WC_LINUXKM_RDSEED_IN_GLUE_LAYER
+    #endif
+    #ifdef WC_LINUXKM_RDSEED_IN_GLUE_LAYER
+        struct OS_Seed;
+        extern int wc_linuxkm_GenerateSeed_IntelRD(struct OS_Seed* os, unsigned char* output, unsigned int sz);
+        #define WC_GENERATE_SEED_DEFAULT wc_linuxkm_GenerateSeed_IntelRD
+    #endif
+
     #ifdef BUILDING_WOLFSSL
 
     #if ((LINUX_VERSION_CODE >= KERNEL_VERSION(5, 16, 0)) || \
@@ -341,6 +399,8 @@
     #if LINUX_VERSION_CODE >= KERNEL_VERSION(4, 14, 0)
         /* for signal_pending() */
         #include <linux/sched/signal.h>
+        /* for local_clock() */
+        #include <linux/sched/clock.h>
     #endif
     #include <linux/random.h>
 
@@ -362,6 +422,17 @@
             #define WC_AES_XTS_SUPPORT_SIMULTANEOUS_ENC_AND_DEC_KEYS
         #endif
 
+        /* setup for LINUXKM_LKCAPI_REGISTER_HASH_DRBG_DEFAULT needs to be here
+         * to assure that calls to get_random_bytes() in random.c are gated out
+         * (they would recurse, potentially infinitely).
+         */
+        #if (defined(LINUXKM_LKCAPI_REGISTER_ALL) && \
+             !defined(LINUXKM_LKCAPI_DONT_REGISTER_HASH_DRBG) && \
+             !defined(LINUXKM_LKCAPI_DONT_REGISTER_HASH_DRBG_DEFAULT)) && \
+            !defined(LINUXKM_LKCAPI_REGISTER_HASH_DRBG_DEFAULT)
+            #define LINUXKM_LKCAPI_REGISTER_HASH_DRBG_DEFAULT
+        #endif
+
         #ifndef __PIE__
             #include <linux/crypto.h>
             #include <linux/scatterlist.h>
@@ -387,53 +458,29 @@
         #endif /* !__PIE__ */
     #endif /* LINUXKM_LKCAPI_REGISTER */
 
-    #if defined(WOLFSSL_AESNI) || defined(USE_INTEL_SPEEDUP) || \
-        defined(WOLFSSL_SP_X86_64_ASM)
-        #ifndef CONFIG_X86
-            #error X86 SIMD extensions requested, but CONFIG_X86 is not set.
-        #endif
-        #define WOLFSSL_LINUXKM_SIMD
-        #define WOLFSSL_LINUXKM_SIMD_X86
-        #ifndef WOLFSSL_LINUXKM_USE_SAVE_VECTOR_REGISTERS
-            #define WOLFSSL_LINUXKM_USE_SAVE_VECTOR_REGISTERS
-        #endif
-    #elif defined(WOLFSSL_ARMASM) || defined(WOLFSSL_SP_ARM32_ASM) || \
-          defined(WOLFSSL_SP_ARM64_ASM) || defined(WOLFSSL_SP_ARM_THUMB_ASM) ||\
-          defined(WOLFSSL_SP_ARM_CORTEX_M_ASM)
-        #if !defined(CONFIG_ARM) && !defined(CONFIG_ARM64)
-            #error ARM SIMD extensions requested, but CONFIG_ARM* is not set.
-        #endif
-        #define WOLFSSL_LINUXKM_SIMD
-        #define WOLFSSL_LINUXKM_SIMD_ARM
-        #ifndef WOLFSSL_LINUXKM_USE_SAVE_VECTOR_REGISTERS
-            #define WOLFSSL_LINUXKM_USE_SAVE_VECTOR_REGISTERS
-        #endif
-    #else
-        #ifndef WOLFSSL_NO_ASM
-            #define WOLFSSL_NO_ASM
-        #endif
+    #ifndef WC_CHECK_FOR_INTR_SIGNALS
+        #define WC_CHECK_FOR_INTR_SIGNALS() wc_linuxkm_check_for_intr_signals()
+    #endif
+    #ifndef WC_RELAX_LONG_LOOP
+        #define WC_RELAX_LONG_LOOP() wc_linuxkm_relax_long_loop()
     #endif
 
     /* benchmarks.c uses floating point math, so needs a working
      * SAVE_VECTOR_REGISTERS().
      */
     #if defined(WOLFSSL_LINUXKM_BENCHMARKS) && \
-        !defined(WOLFSSL_LINUXKM_USE_SAVE_VECTOR_REGISTERS)
-        #define WOLFSSL_LINUXKM_USE_SAVE_VECTOR_REGISTERS
+        !defined(WOLFSSL_USE_SAVE_VECTOR_REGISTERS)
+        #define WOLFSSL_USE_SAVE_VECTOR_REGISTERS
     #endif
 
-    #if defined(WOLFSSL_LINUXKM_USE_SAVE_VECTOR_REGISTERS) && \
+    #if defined(WOLFSSL_USE_SAVE_VECTOR_REGISTERS) && \
         defined(CONFIG_X86)
 
-        enum wc_svr_flags {
-            WC_SVR_FLAG_INHIBIT = 1,
-        };
-
         extern __must_check int allocate_wolfcrypt_linuxkm_fpu_states(void);
         extern void free_wolfcrypt_linuxkm_fpu_states(void);
-        extern __must_check int can_save_vector_registers_x86(void);
-        extern __must_check int save_vector_registers_x86(enum wc_svr_flags flags);
-        extern void restore_vector_registers_x86(void);
+        WOLFSSL_API __must_check int wc_can_save_vector_registers_x86(void);
+        WOLFSSL_API __must_check int wc_save_vector_registers_x86(enum wc_svr_flags flags);
+        WOLFSSL_API void wc_restore_vector_registers_x86(enum wc_svr_flags flags);
 
         #if LINUX_VERSION_CODE < KERNEL_VERSION(4, 0, 0)
             #include <asm/i387.h>
@@ -443,14 +490,14 @@
         #endif
         #ifndef CAN_SAVE_VECTOR_REGISTERS
             #ifdef DEBUG_VECTOR_REGISTER_ACCESS_FUZZING
-                #define CAN_SAVE_VECTOR_REGISTERS() (can_save_vector_registers_x86() && (SAVE_VECTOR_REGISTERS2_fuzzer() == 0))
+                #define CAN_SAVE_VECTOR_REGISTERS() (wc_can_save_vector_registers_x86() && (SAVE_VECTOR_REGISTERS2_fuzzer() == 0))
             #else
-                #define CAN_SAVE_VECTOR_REGISTERS() can_save_vector_registers_x86()
+                #define CAN_SAVE_VECTOR_REGISTERS() wc_can_save_vector_registers_x86()
             #endif
         #endif
         #ifndef SAVE_VECTOR_REGISTERS
             #define SAVE_VECTOR_REGISTERS(fail_clause) {     \
-                int _svr_ret = save_vector_registers_x86(0); \
+                int _svr_ret = wc_save_vector_registers_x86(WC_SVR_FLAG_NONE); \
                 if (_svr_ret != 0) {                         \
                     fail_clause                              \
                 }                                            \
@@ -461,25 +508,25 @@
                 #define SAVE_VECTOR_REGISTERS2() ({                    \
                     int _fuzzer_ret = SAVE_VECTOR_REGISTERS2_fuzzer(); \
                     (_fuzzer_ret == 0) ?                               \
-                     save_vector_registers_x86(0) :                    \
+                     wc_save_vector_registers_x86(WC_SVR_FLAG_NONE) :  \
                      _fuzzer_ret;                                      \
                 })
             #else
-                #define SAVE_VECTOR_REGISTERS2() save_vector_registers_x86(0)
+                #define SAVE_VECTOR_REGISTERS2() wc_save_vector_registers_x86(WC_SVR_FLAG_NONE)
             #endif
         #endif
         #ifndef RESTORE_VECTOR_REGISTERS
-            #define RESTORE_VECTOR_REGISTERS() restore_vector_registers_x86()
+            #define RESTORE_VECTOR_REGISTERS() wc_restore_vector_registers_x86(WC_SVR_FLAG_NONE)
         #endif
 
         #ifndef DISABLE_VECTOR_REGISTERS
-            #define DISABLE_VECTOR_REGISTERS() save_vector_registers_x86(WC_SVR_FLAG_INHIBIT)
+            #define DISABLE_VECTOR_REGISTERS() wc_save_vector_registers_x86(WC_SVR_FLAG_INHIBIT)
         #endif
         #ifndef REENABLE_VECTOR_REGISTERS
-            #define REENABLE_VECTOR_REGISTERS() restore_vector_registers_x86()
+            #define REENABLE_VECTOR_REGISTERS() wc_restore_vector_registers_x86(WC_SVR_FLAG_INHIBIT)
         #endif
 
-    #elif defined(WOLFSSL_LINUXKM_USE_SAVE_VECTOR_REGISTERS) && (defined(CONFIG_ARM) || defined(CONFIG_ARM64))
+    #elif defined(WOLFSSL_USE_SAVE_VECTOR_REGISTERS) && (defined(CONFIG_ARM) || defined(CONFIG_ARM64))
 
         #error kernel module ARM SIMD is not yet tested or usable.
 
@@ -515,9 +562,9 @@
             #define RESTORE_VECTOR_REGISTERS() restore_vector_registers_arm()
         #endif
 
-    #elif defined(WOLFSSL_LINUXKM_USE_SAVE_VECTOR_REGISTERS)
-        #error WOLFSSL_LINUXKM_USE_SAVE_VECTOR_REGISTERS is set for an unsupported architecture.
-    #endif /* WOLFSSL_LINUXKM_USE_SAVE_VECTOR_REGISTERS */
+    #elif defined(WOLFSSL_USE_SAVE_VECTOR_REGISTERS)
+        #error WOLFSSL_USE_SAVE_VECTOR_REGISTERS is set for an unimplemented architecture.
+    #endif /* WOLFSSL_USE_SAVE_VECTOR_REGISTERS */
 
     _Pragma("GCC diagnostic pop");
 
@@ -617,6 +664,32 @@
         #error "compiling -fPIE requires PIE redirect table."
     #endif
 
+    #ifdef HAVE_LINUXKM_PIE_SUPPORT
+
+    #ifndef WOLFSSL_TEXT_SEGMENT_CANONICALIZER
+        #define WOLFSSL_TEXT_SEGMENT_CANONICALIZER(text_in, text_in_len, text_out, cur_index_p) \
+            wc_linuxkm_normalize_relocations(text_in, text_in_len, text_out, cur_index_p)
+        #define WOLFSSL_TEXT_SEGMENT_CANONICALIZER_BUFSIZ 8192
+    #endif
+
+    extern const u8
+        __wc_text_start[],
+        __wc_text_end[],
+        __wc_rodata_start[],
+        __wc_rodata_end[],
+        __wc_rwdata_start[],
+        __wc_rwdata_end[],
+        __wc_bss_start[],
+        __wc_bss_end[];
+    extern const unsigned int wc_linuxkm_pie_reloc_tab[];
+    extern const size_t wc_linuxkm_pie_reloc_tab_length;
+    extern ssize_t wc_linuxkm_normalize_relocations(
+        const u8 *text_in,
+        size_t text_in_len,
+        u8 *text_out,
+        ssize_t *cur_index_p);
+    #endif /* HAVE_LINUXKM_PIE_SUPPORT */
+
     #ifdef USE_WOLFSSL_LINUXKM_PIE_REDIRECT_TABLE
 
 #ifdef CONFIG_MIPS
@@ -626,6 +699,8 @@
 #endif
 
     struct wolfssl_linuxkm_pie_redirect_table {
+        typeof(wc_linuxkm_normalize_relocations) *wc_linuxkm_normalize_relocations;
+
     #ifndef __ARCH_MEMCMP_NO_REDIRECT
         typeof(memcmp) *memcmp;
     #endif
@@ -680,13 +755,24 @@
 
         const unsigned char *_ctype;
 
-#if LINUX_VERSION_CODE >= KERNEL_VERSION(6, 11, 0)
+#if LINUX_VERSION_CODE >= KERNEL_VERSION(6, 18, 0)
+        typeof(kmalloc_noprof) *kmalloc_noprof;
+        typeof(krealloc_node_align_noprof) *krealloc_node_align_noprof;
+        typeof(kzalloc_noprof) *kzalloc_noprof;
+        typeof(__kvmalloc_node_noprof) *__kvmalloc_node_noprof;
+        typeof(__kmalloc_cache_noprof) *__kmalloc_cache_noprof;
+        #ifdef HAVE_KVREALLOC
+            typeof(kvrealloc_node_align_noprof) *kvrealloc_node_align_noprof;
+        #endif
+#elif LINUX_VERSION_CODE >= KERNEL_VERSION(6, 11, 0)
         typeof(kmalloc_noprof) *kmalloc_noprof;
         typeof(krealloc_noprof) *krealloc_noprof;
         typeof(kzalloc_noprof) *kzalloc_noprof;
         typeof(__kvmalloc_node_noprof) *__kvmalloc_node_noprof;
         typeof(__kmalloc_cache_noprof) *__kmalloc_cache_noprof;
-        typeof(kvrealloc_noprof) *kvrealloc_noprof;
+        #ifdef HAVE_KVREALLOC
+            typeof(kvrealloc_noprof) *kvrealloc_noprof;
+        #endif
 #elif LINUX_VERSION_CODE >= KERNEL_VERSION(6, 10, 0)
         typeof(kmalloc_noprof) *kmalloc_noprof;
         typeof(krealloc_noprof) *krealloc_noprof;
@@ -731,19 +817,19 @@
 
         struct task_struct *(*get_current)(void);
 
-        #ifdef WOLFSSL_LINUXKM_USE_SAVE_VECTOR_REGISTERS
+        #ifdef WOLFSSL_USE_SAVE_VECTOR_REGISTERS
 
             #ifdef CONFIG_X86
                 typeof(allocate_wolfcrypt_linuxkm_fpu_states) *allocate_wolfcrypt_linuxkm_fpu_states;
-                typeof(can_save_vector_registers_x86) *can_save_vector_registers_x86;
+                typeof(wc_can_save_vector_registers_x86) *wc_can_save_vector_registers_x86;
                 typeof(free_wolfcrypt_linuxkm_fpu_states) *free_wolfcrypt_linuxkm_fpu_states;
-                typeof(restore_vector_registers_x86) *restore_vector_registers_x86;
-                typeof(save_vector_registers_x86) *save_vector_registers_x86;
+                typeof(wc_restore_vector_registers_x86) *wc_restore_vector_registers_x86;
+                typeof(wc_save_vector_registers_x86) *wc_save_vector_registers_x86;
             #else /* !CONFIG_X86 */
-                #error WOLFSSL_LINUXKM_USE_SAVE_VECTOR_REGISTERS is set for an unsupported architecture.
+                #error WOLFSSL_USE_SAVE_VECTOR_REGISTERS is set for an unimplemented architecture.
             #endif /* arch */
 
-        #endif /* WOLFSSL_LINUXKM_USE_SAVE_VECTOR_REGISTERS */
+        #endif /* WOLFSSL_USE_SAVE_VECTOR_REGISTERS */
 
         typeof(__mutex_init) *__mutex_init;
         #if LINUX_VERSION_CODE < KERNEL_VERSION(4, 0, 0)
@@ -863,140 +949,189 @@
         typeof(wc_lkm_LockMutex) *wc_lkm_LockMutex;
         #endif
 
+        typeof(wc_linuxkm_check_for_intr_signals) *wc_linuxkm_check_for_intr_signals;
+        typeof(wc_linuxkm_relax_long_loop) *wc_linuxkm_relax_long_loop;
+
         const void *_last_slot;
     };
 
     extern const struct wolfssl_linuxkm_pie_redirect_table *wolfssl_linuxkm_get_pie_redirect_table(void);
+    extern struct wolfssl_linuxkm_pie_redirect_table wolfssl_linuxkm_pie_redirect_table;
+
+
+    #if defined(WC_LKM_INDIRECT_SYM)
+        /* keep user-supplied override definition. */
+    #elif defined(WC_LKM_INDIRECT_SYM_BY_FUNC_ONLY) || \
+        defined(WC_LKM_INDIRECT_SYM_BY_DIRECT_TABLE_READ)
+        /* keep user-supplied override method. */
+    #elif defined(CONFIG_X86)
+        #define WC_LKM_INDIRECT_SYM_BY_DIRECT_TABLE_READ
+    #elif defined(CONFIG_ARM64)
+        /* direct access to wolfssl_linuxkm_pie_redirect_table.x on aarch64
+         * produces GOT relocations, e.g. R_AARCH64_LD64_GOT_LO12_NC.
+         */
+        #define WC_LKM_INDIRECT_SYM_BY_FUNC_ONLY
+    #else
+        /* for other archs, by default use the safe way. */
+        #define WC_LKM_INDIRECT_SYM_BY_FUNC_ONLY
+    #endif
+
+    #if defined(WC_LKM_INDIRECT_SYM)
+        /* keep user-supplied override definition. */
+    #elif defined(WC_LKM_INDIRECT_SYM_BY_FUNC_ONLY)
+        #define WC_LKM_INDIRECT_SYM(x) (wolfssl_linuxkm_get_pie_redirect_table()->x)
+    #elif defined(WC_LKM_INDIRECT_SYM_BY_DIRECT_TABLE_READ)
+        #define WC_LKM_INDIRECT_SYM(x) (wolfssl_linuxkm_pie_redirect_table.x)
+    #else
+        #error no WC_LKM_INDIRECT_SYM method defined.
+    #endif
 
     #ifdef __PIE__
 
+    #define wc_linuxkm_normalize_relocations \
+        WC_LKM_INDIRECT_SYM(wc_linuxkm_normalize_relocations)
+
     #ifndef __ARCH_MEMCMP_NO_REDIRECT
-        #define memcmp (wolfssl_linuxkm_get_pie_redirect_table()->memcmp)
+        #define memcmp WC_LKM_INDIRECT_SYM(memcmp)
     #endif
     #ifndef __ARCH_MEMCPY_NO_REDIRECT
-        #define memcpy (wolfssl_linuxkm_get_pie_redirect_table()->memcpy)
+        #define memcpy WC_LKM_INDIRECT_SYM(memcpy)
     #endif
     #ifndef __ARCH_MEMSET_NO_REDIRECT
-        #define memset (wolfssl_linuxkm_get_pie_redirect_table()->memset)
+        #define memset WC_LKM_INDIRECT_SYM(memset)
     #endif
     #ifndef __ARCH_MEMMOVE_NO_REDIRECT
-        #define memmove (wolfssl_linuxkm_get_pie_redirect_table()->memmove)
+        #define memmove WC_LKM_INDIRECT_SYM(memmove)
     #endif
     #ifndef __ARCH_STRCMP_NO_REDIRECT
-        #define strcmp (wolfssl_linuxkm_get_pie_redirect_table()->strcmp)
+        #define strcmp WC_LKM_INDIRECT_SYM(strcmp)
     #endif
     #ifndef __ARCH_STRNCMP_NO_REDIRECT
-        #define strncmp (wolfssl_linuxkm_get_pie_redirect_table()->strncmp)
+        #define strncmp WC_LKM_INDIRECT_SYM(strncmp)
     #endif
     #ifndef __ARCH_STRCASECMP_NO_REDIRECT
-        #define strcasecmp (wolfssl_linuxkm_get_pie_redirect_table()->strcasecmp)
+        #define strcasecmp WC_LKM_INDIRECT_SYM(strcasecmp)
     #endif
     #ifndef __ARCH_STRNCASECMP_NO_REDIRECT
-        #define strncasecmp (wolfssl_linuxkm_get_pie_redirect_table()->strncasecmp)
+        #define strncasecmp WC_LKM_INDIRECT_SYM(strncasecmp)
     #endif
     #ifndef __ARCH_STRLEN_NO_REDIRECT
-        #define strlen (wolfssl_linuxkm_get_pie_redirect_table()->strlen)
+        #define strlen WC_LKM_INDIRECT_SYM(strlen)
     #endif
     #ifndef __ARCH_STRSTR_NO_REDIRECT
-        #define strstr (wolfssl_linuxkm_get_pie_redirect_table()->strstr)
+        #define strstr WC_LKM_INDIRECT_SYM(strstr)
     #endif
     #ifndef __ARCH_STRNCPY_NO_REDIRECT
-        #define strncpy (wolfssl_linuxkm_get_pie_redirect_table()->strncpy)
+        #define strncpy WC_LKM_INDIRECT_SYM(strncpy)
     #endif
     #ifndef __ARCH_STRNCAT_NO_REDIRECT
-        #define strncat (wolfssl_linuxkm_get_pie_redirect_table()->strncat)
+        #define strncat WC_LKM_INDIRECT_SYM(strncat)
     #endif
-    #define kstrtoll (wolfssl_linuxkm_get_pie_redirect_table()->kstrtoll)
+    #define kstrtoll WC_LKM_INDIRECT_SYM(kstrtoll)
 
     #if (LINUX_VERSION_CODE >= KERNEL_VERSION(5, 15, 0)) || \
         (defined(RHEL_MAJOR) && \
          ((RHEL_MAJOR > 9) || ((RHEL_MAJOR == 9) && (RHEL_MINOR >= 5))))
-        #define _printk (wolfssl_linuxkm_get_pie_redirect_table()->_printk)
+        #define _printk WC_LKM_INDIRECT_SYM(_printk)
     #else
-        #define printk (wolfssl_linuxkm_get_pie_redirect_table()->printk)
+        #define printk WC_LKM_INDIRECT_SYM(printk)
     #endif
 
     #ifdef CONFIG_FORTIFY_SOURCE
-        #define __warn_printk (wolfssl_linuxkm_get_pie_redirect_table()->__warn_printk)
+        #define __warn_printk WC_LKM_INDIRECT_SYM(__warn_printk)
     #endif
 
-    #define snprintf (wolfssl_linuxkm_get_pie_redirect_table()->snprintf)
+    #define snprintf WC_LKM_INDIRECT_SYM(snprintf)
 
-    #define _ctype (wolfssl_linuxkm_get_pie_redirect_table()->_ctype)
+    #define _ctype WC_LKM_INDIRECT_SYM(_ctype)
 
-#if LINUX_VERSION_CODE >= KERNEL_VERSION(6, 11, 0)
+#if LINUX_VERSION_CODE >= KERNEL_VERSION(6, 18, 0)
     /* see include/linux/alloc_tag.h and include/linux/slab.h */
-    #define kmalloc_noprof (wolfssl_linuxkm_get_pie_redirect_table()->kmalloc_noprof)
-    #define krealloc_noprof (wolfssl_linuxkm_get_pie_redirect_table()->krealloc_noprof)
-    #define kzalloc_noprof (wolfssl_linuxkm_get_pie_redirect_table()->kzalloc_noprof)
-    #define __kvmalloc_node_noprof (wolfssl_linuxkm_get_pie_redirect_table()->__kvmalloc_node_noprof)
-    #define __kmalloc_cache_noprof (wolfssl_linuxkm_get_pie_redirect_table()->__kmalloc_cache_noprof)
-    #define kvrealloc_noprof (wolfssl_linuxkm_get_pie_redirect_table()->kvrealloc_noprof)
+    #define kmalloc_noprof WC_LKM_INDIRECT_SYM(kmalloc_noprof)
+    #define krealloc_node_align_noprof WC_LKM_INDIRECT_SYM(krealloc_node_align_noprof)
+    #define kzalloc_noprof WC_LKM_INDIRECT_SYM(kzalloc_noprof)
+    #define __kvmalloc_node_noprof WC_LKM_INDIRECT_SYM(__kvmalloc_node_noprof)
+    #define __kmalloc_cache_noprof WC_LKM_INDIRECT_SYM(__kmalloc_cache_noprof)
+    #ifdef HAVE_KVREALLOC
+        #define kvrealloc_node_align_noprof WC_LKM_INDIRECT_SYM(kvrealloc_node_align_noprof)
+    #endif
+#elif LINUX_VERSION_CODE >= KERNEL_VERSION(6, 11, 0)
+    /* see include/linux/alloc_tag.h and include/linux/slab.h */
+    #define kmalloc_noprof WC_LKM_INDIRECT_SYM(kmalloc_noprof)
+    #define krealloc_noprof WC_LKM_INDIRECT_SYM(krealloc_noprof)
+    #define kzalloc_noprof WC_LKM_INDIRECT_SYM(kzalloc_noprof)
+    #define __kvmalloc_node_noprof WC_LKM_INDIRECT_SYM(__kvmalloc_node_noprof)
+    #define __kmalloc_cache_noprof WC_LKM_INDIRECT_SYM(__kmalloc_cache_noprof)
+    #ifdef HAVE_KVREALLOC
+        #define kvrealloc_noprof WC_LKM_INDIRECT_SYM(kvrealloc_noprof)
+    #endif
 #elif LINUX_VERSION_CODE >= KERNEL_VERSION(6, 10, 0)
     /* see include/linux/alloc_tag.h and include/linux/slab.h */
-    #define kmalloc_noprof (wolfssl_linuxkm_get_pie_redirect_table()->kmalloc_noprof)
-    #define krealloc_noprof (wolfssl_linuxkm_get_pie_redirect_table()->krealloc_noprof)
-    #define kzalloc_noprof (wolfssl_linuxkm_get_pie_redirect_table()->kzalloc_noprof)
-    #define kvmalloc_node_noprof (wolfssl_linuxkm_get_pie_redirect_table()->kvmalloc_node_noprof)
-    #define kmalloc_trace_noprof (wolfssl_linuxkm_get_pie_redirect_table()->kmalloc_trace_noprof)
-    #define kvrealloc_noprof (wolfssl_linuxkm_get_pie_redirect_table()->kvrealloc_noprof)
+    #define kmalloc_noprof WC_LKM_INDIRECT_SYM(kmalloc_noprof)
+    #define krealloc_noprof WC_LKM_INDIRECT_SYM(krealloc_noprof)
+    #define kzalloc_noprof WC_LKM_INDIRECT_SYM(kzalloc_noprof)
+    #define kvmalloc_node_noprof WC_LKM_INDIRECT_SYM(kvmalloc_node_noprof)
+    #define kmalloc_trace_noprof WC_LKM_INDIRECT_SYM(kmalloc_trace_noprof)
+    #ifdef HAVE_KVREALLOC
+        #define kvrealloc_noprof WC_LKM_INDIRECT_SYM(kvrealloc_noprof)
+    #endif
 #else /* <6.10.0 */
-    #define kmalloc (wolfssl_linuxkm_get_pie_redirect_table()->kmalloc)
-    #define krealloc (wolfssl_linuxkm_get_pie_redirect_table()->krealloc)
+    #define kmalloc WC_LKM_INDIRECT_SYM(kmalloc)
+    #define krealloc WC_LKM_INDIRECT_SYM(krealloc)
     #define kzalloc(size, flags) kmalloc(size, (flags) | __GFP_ZERO)
     #ifdef HAVE_KVMALLOC
-        #define kvmalloc_node (wolfssl_linuxkm_get_pie_redirect_table()->kvmalloc_node)
+        #define kvmalloc_node WC_LKM_INDIRECT_SYM(kvmalloc_node)
     #endif
     #ifdef HAVE_KVREALLOC
-        #define kvrealloc (wolfssl_linuxkm_get_pie_redirect_table()->kvrealloc)
+        #define kvrealloc WC_LKM_INDIRECT_SYM(kvrealloc)
     #endif
     #if LINUX_VERSION_CODE >= KERNEL_VERSION(6, 1, 0) || \
         (defined(RHEL_MAJOR) &&                                    \
          ((RHEL_MAJOR > 9) || ((RHEL_MAJOR == 9) && (RHEL_MINOR >= 5))))
-        #define kmalloc_trace (wolfssl_linuxkm_get_pie_redirect_table()->kmalloc_trace)
+        #define kmalloc_trace WC_LKM_INDIRECT_SYM(kmalloc_trace)
     #else
-        #define kmem_cache_alloc_trace (wolfssl_linuxkm_get_pie_redirect_table()->kmem_cache_alloc_trace)
-        #define kmalloc_order_trace (wolfssl_linuxkm_get_pie_redirect_table()->kmalloc_order_trace)
+        #define kmem_cache_alloc_trace WC_LKM_INDIRECT_SYM(kmem_cache_alloc_trace)
+        #define kmalloc_order_trace WC_LKM_INDIRECT_SYM(kmalloc_order_trace)
     #endif
 #endif /* <6.10.0 */
 
-    #define kfree (wolfssl_linuxkm_get_pie_redirect_table()->kfree)
+    #define kfree WC_LKM_INDIRECT_SYM(kfree)
     #ifdef HAVE_KVMALLOC
-        #define kvfree (wolfssl_linuxkm_get_pie_redirect_table()->kvfree)
+        #define kvfree WC_LKM_INDIRECT_SYM(kvfree)
     #endif
-    #define ksize (wolfssl_linuxkm_get_pie_redirect_table()->ksize)
+    #define ksize WC_LKM_INDIRECT_SYM(ksize)
 
-    #define get_random_bytes (wolfssl_linuxkm_get_pie_redirect_table()->get_random_bytes)
+    #define get_random_bytes WC_LKM_INDIRECT_SYM(get_random_bytes)
     #if LINUX_VERSION_CODE < KERNEL_VERSION(4, 0, 0)
-        #define getnstimeofday (wolfssl_linuxkm_get_pie_redirect_table()->getnstimeofday)
+        #define getnstimeofday WC_LKM_INDIRECT_SYM(getnstimeofday)
     #elif LINUX_VERSION_CODE < KERNEL_VERSION(5, 0, 0)
-        #define current_kernel_time64 (wolfssl_linuxkm_get_pie_redirect_table()->current_kernel_time64)
+        #define current_kernel_time64 WC_LKM_INDIRECT_SYM(current_kernel_time64)
     #else
-        #define ktime_get_coarse_real_ts64 (wolfssl_linuxkm_get_pie_redirect_table()->ktime_get_coarse_real_ts64)
+        #define ktime_get_coarse_real_ts64 WC_LKM_INDIRECT_SYM(ktime_get_coarse_real_ts64)
     #endif
 
     #undef get_current
-    #define get_current (wolfssl_linuxkm_get_pie_redirect_table()->get_current)
+    #define get_current WC_LKM_INDIRECT_SYM(get_current)
 
-    #if defined(WOLFSSL_LINUXKM_USE_SAVE_VECTOR_REGISTERS) && defined(CONFIG_X86)
-        #define allocate_wolfcrypt_linuxkm_fpu_states (wolfssl_linuxkm_get_pie_redirect_table()->allocate_wolfcrypt_linuxkm_fpu_states)
-        #define can_save_vector_registers_x86 (wolfssl_linuxkm_get_pie_redirect_table()->can_save_vector_registers_x86)
-        #define free_wolfcrypt_linuxkm_fpu_states (wolfssl_linuxkm_get_pie_redirect_table()->free_wolfcrypt_linuxkm_fpu_states)
-        #define restore_vector_registers_x86 (wolfssl_linuxkm_get_pie_redirect_table()->restore_vector_registers_x86)
-        #define save_vector_registers_x86 (wolfssl_linuxkm_get_pie_redirect_table()->save_vector_registers_x86)
-    #elif defined(WOLFSSL_LINUXKM_USE_SAVE_VECTOR_REGISTERS)
-        #error WOLFSSL_LINUXKM_USE_SAVE_VECTOR_REGISTERS is set for an unsupported architecture.
-    #endif /* WOLFSSL_LINUXKM_USE_SAVE_VECTOR_REGISTERS */
+    #if defined(WOLFSSL_USE_SAVE_VECTOR_REGISTERS) && defined(CONFIG_X86)
+        #define allocate_wolfcrypt_linuxkm_fpu_states WC_LKM_INDIRECT_SYM(allocate_wolfcrypt_linuxkm_fpu_states)
+        #define wc_can_save_vector_registers_x86 WC_LKM_INDIRECT_SYM(wc_can_save_vector_registers_x86)
+        #define free_wolfcrypt_linuxkm_fpu_states WC_LKM_INDIRECT_SYM(free_wolfcrypt_linuxkm_fpu_states)
+        #define wc_restore_vector_registers_x86 WC_LKM_INDIRECT_SYM(wc_restore_vector_registers_x86)
+        #define wc_save_vector_registers_x86 WC_LKM_INDIRECT_SYM(wc_save_vector_registers_x86)
+    #elif defined(WOLFSSL_USE_SAVE_VECTOR_REGISTERS)
+        #error WOLFSSL_USE_SAVE_VECTOR_REGISTERS is set for an unimplemented architecture.
+    #endif /* WOLFSSL_USE_SAVE_VECTOR_REGISTERS */
 
-    #define __mutex_init (wolfssl_linuxkm_get_pie_redirect_table()->__mutex_init)
+    #define __mutex_init WC_LKM_INDIRECT_SYM(__mutex_init)
     #if LINUX_VERSION_CODE < KERNEL_VERSION(4, 0, 0)
-        #define mutex_lock_nested (wolfssl_linuxkm_get_pie_redirect_table()->mutex_lock_nested)
+        #define mutex_lock_nested WC_LKM_INDIRECT_SYM(mutex_lock_nested)
     #else
-        #define mutex_lock (wolfssl_linuxkm_get_pie_redirect_table()->mutex_lock)
+        #define mutex_lock WC_LKM_INDIRECT_SYM(mutex_lock)
     #endif
-    #define mutex_unlock (wolfssl_linuxkm_get_pie_redirect_table()->mutex_unlock)
+    #define mutex_unlock WC_LKM_INDIRECT_SYM(mutex_unlock)
     #if LINUX_VERSION_CODE < KERNEL_VERSION(4, 0, 0)
-        #define mutex_destroy (wolfssl_linuxkm_get_pie_redirect_table()->mutex_destroy)
+        #define mutex_destroy WC_LKM_INDIRECT_SYM(mutex_destroy)
     #endif
 
     /* per linux/ctype.h, tolower() and toupper() are macros bound to static inlines
@@ -1009,51 +1144,54 @@
     #define toupper(c) (isupper(c) ? (c) : ((c) - ('a'-'A')))
 
     #if !defined(WOLFCRYPT_ONLY) && !defined(NO_CERTS)
-        #define GetCA (wolfssl_linuxkm_get_pie_redirect_table()->GetCA)
+        #define GetCA WC_LKM_INDIRECT_SYM(GetCA)
         #ifndef NO_SKID
-            #define GetCAByName (wolfssl_linuxkm_get_pie_redirect_table()->GetCAByName)
+            #define GetCAByName WC_LKM_INDIRECT_SYM(GetCAByName)
             #ifdef HAVE_OCSP
-                #define GetCAByKeyHash (wolfssl_linuxkm_get_pie_redirect_table()->GetCAByKeyHash)
+                #define GetCAByKeyHash WC_LKM_INDIRECT_SYM(GetCAByKeyHash)
             #endif /* HAVE_OCSP */
         #endif /* NO_SKID */
         #ifdef WOLFSSL_AKID_NAME
-            #define GetCAByAKID (wolfssl_linuxkm_get_pie_redirect_table()->GetCAByAKID)
+            #define GetCAByAKID WC_LKM_INDIRECT_SYM(GetCAByAKID)
         #endif
 
         #if defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL)
-            #define wolfSSL_X509_NAME_add_entry_by_NID (wolfssl_linuxkm_get_pie_redirect_table()->wolfSSL_X509_NAME_add_entry_by_NID)
-            #define wolfSSL_X509_NAME_free (wolfssl_linuxkm_get_pie_redirect_table()->wolfSSL_X509_NAME_free)
-            #define wolfSSL_X509_NAME_new_ex (wolfssl_linuxkm_get_pie_redirect_table()->wolfSSL_X509_NAME_new_ex)
+            #define wolfSSL_X509_NAME_add_entry_by_NID WC_LKM_INDIRECT_SYM(wolfSSL_X509_NAME_add_entry_by_NID)
+            #define wolfSSL_X509_NAME_free WC_LKM_INDIRECT_SYM(wolfSSL_X509_NAME_free)
+            #define wolfSSL_X509_NAME_new_ex WC_LKM_INDIRECT_SYM(wolfSSL_X509_NAME_new_ex)
         #endif /* OPENSSL_EXTRA || OPENSSL_EXTRA_X509_SMALL */
 
     #endif /* !WOLFCRYPT_ONLY && !NO_CERTS */
 
     #ifdef WOLFSSL_DEBUG_BACKTRACE_ERROR_CODES
-        #define dump_stack (wolfssl_linuxkm_get_pie_redirect_table()->dump_stack)
+        #define dump_stack WC_LKM_INDIRECT_SYM(dump_stack)
     #endif
 
     #undef preempt_count /* just in case -- not a macro on x86. */
-    #define preempt_count (wolfssl_linuxkm_get_pie_redirect_table()->preempt_count)
+    #define preempt_count WC_LKM_INDIRECT_SYM(preempt_count)
 
     #ifndef WOLFSSL_LINUXKM_USE_MUTEXES
         #ifndef _raw_spin_lock_irqsave
-            #define _raw_spin_lock_irqsave (wolfssl_linuxkm_get_pie_redirect_table()->_raw_spin_lock_irqsave)
+            #define _raw_spin_lock_irqsave WC_LKM_INDIRECT_SYM(_raw_spin_lock_irqsave)
         #endif
         #ifndef _raw_spin_trylock
-            #define _raw_spin_trylock (wolfssl_linuxkm_get_pie_redirect_table()->_raw_spin_trylock)
+            #define _raw_spin_trylock WC_LKM_INDIRECT_SYM(_raw_spin_trylock)
         #endif
         #ifndef _raw_spin_unlock_irqrestore
-            #define _raw_spin_unlock_irqrestore (wolfssl_linuxkm_get_pie_redirect_table()->_raw_spin_unlock_irqrestore)
+            #define _raw_spin_unlock_irqrestore WC_LKM_INDIRECT_SYM(_raw_spin_unlock_irqrestore)
         #endif
     #endif
 
-    #define _cond_resched (wolfssl_linuxkm_get_pie_redirect_table()->_cond_resched)
+    #define _cond_resched WC_LKM_INDIRECT_SYM(_cond_resched)
 
     /* this is defined in linux/spinlock.h as an inline that calls the unshimmed
      * raw_spin_unlock_irqrestore().  use a macro here to supersede it.
      */
     #define spin_unlock_irqrestore(lock, flags) raw_spin_unlock_irqrestore(&((lock)->rlock), flags)
 
+    #define wc_linuxkm_check_for_intr_signals WC_LKM_INDIRECT_SYM(wc_linuxkm_check_for_intr_signals)
+    #define wc_linuxkm_relax_long_loop WC_LKM_INDIRECT_SYM(wc_linuxkm_relax_long_loop)
+
     #endif /* __PIE__ */
 
     #endif /* USE_WOLFSSL_LINUXKM_PIE_REDIRECT_TABLE */
@@ -1079,11 +1217,11 @@
     #if (LINUX_VERSION_CODE >= KERNEL_VERSION(5, 15, 0)) || \
         (defined(RHEL_MAJOR) && \
          ((RHEL_MAJOR > 9) || ((RHEL_MAJOR == 9) && (RHEL_MINOR >= 5))))
-        #define lkm_printf(format, args...) _printk(KERN_INFO "wolfssl: %s(): " format, __func__, ## args)
+        #define wc_km_printf(format, args...) _printk(KERN_INFO "wolfssl: %s(): " format, __func__, ## args)
     #else
-        #define lkm_printf(format, args...) printk(KERN_INFO "wolfssl: %s(): " format, __func__, ## args)
+        #define wc_km_printf(format, args...) printk(KERN_INFO "wolfssl: %s(): " format, __func__, ## args)
     #endif
-    #define printf(...) lkm_printf(__VA_ARGS__)
+    #define printf(...) wc_km_printf(__VA_ARGS__)
 
     #ifdef HAVE_FIPS
         extern void fipsEntry(void);
@@ -1110,6 +1248,25 @@
 
     #endif /* BUILDING_WOLFSSL */
 
+    #if !defined(BUILDING_WOLFSSL)
+        /* some caller code needs these. */
+        #if defined(WOLFSSL_USE_SAVE_VECTOR_REGISTERS)
+            #if defined(CONFIG_X86)
+                WOLFSSL_API __must_check int wc_can_save_vector_registers_x86(void);
+                WOLFSSL_API __must_check int wc_save_vector_registers_x86(enum wc_svr_flags flags);
+                WOLFSSL_API void wc_restore_vector_registers_x86(enum wc_svr_flags flags);
+                #ifndef DISABLE_VECTOR_REGISTERS
+                    #define DISABLE_VECTOR_REGISTERS() wc_save_vector_registers_x86(WC_SVR_FLAG_INHIBIT)
+                #endif
+                #ifndef REENABLE_VECTOR_REGISTERS
+                    #define REENABLE_VECTOR_REGISTERS() wc_restore_vector_registers_x86(WC_SVR_FLAG_INHIBIT)
+                #endif
+            #else /* !CONFIG_X86 */
+                #error WOLFSSL_USE_SAVE_VECTOR_REGISTERS is set for an unimplemented architecture.
+            #endif /* !CONFIG_X86 */
+        #endif /* WOLFSSL_USE_SAVE_VECTOR_REGISTERS */
+    #endif /* !BUILDING_WOLFSSL */
+
     /* Copied from wc_port.h: For FIPS keep the function names the same */
     #ifdef HAVE_FIPS
     #define wc_InitMutex   InitMutex
@@ -1163,6 +1320,12 @@
             return 0;
         }
     #else
+        /* if BUILDING_WOLFSSL, spinlock.h will have already been included
+         * recursively above, with the bevy of warnings suppressed, and the
+         * below include will be a redundant no-op.
+         */
+        #include <linux/spinlock.h>
+
         typedef struct wolfSSL_Mutex {
             spinlock_t lock;
             unsigned long irq_flags;
@@ -1190,7 +1353,7 @@
          */
         static __always_inline int wc_LockMutex(wolfSSL_Mutex *m)
         {
-            return (wolfssl_linuxkm_get_pie_redirect_table()->wc_lkm_LockMutex)(m);
+            return WC_LKM_INDIRECT_SYM(wc_lkm_LockMutex)(m);
         }
 
         #else /* !__PIE__ */
diff --git a/linuxkm/lkcapi_aes_glue.c b/linuxkm/lkcapi_aes_glue.c
index cb5e0ea52..7cf99b07b 100644
--- a/linuxkm/lkcapi_aes_glue.c
+++ b/linuxkm/lkcapi_aes_glue.c
@@ -19,6 +19,9 @@
  * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA
  */
 
+/* included by linuxkm/lkcapi_glue.c */
+#ifndef WC_SKIP_INCLUDED_C_FILES
+
 #ifndef LINUXKM_LKCAPI_REGISTER
     #error lkcapi_aes_glue.c included in non-LINUXKM_LKCAPI_REGISTER project.
 #endif
@@ -67,8 +70,13 @@
 
 #include <wolfssl/wolfcrypt/aes.h>
 
-#if defined(WC_LINUXKM_C_FALLBACK_IN_SHIMS) && !defined(WC_FLAG_DONT_USE_AESNI)
-    #error WC_LINUXKM_C_FALLBACK_IN_SHIMS is defined but WC_FLAG_DONT_USE_AESNI is missing.
+#if defined(WC_FLAG_DONT_USE_AESNI) && !defined(WC_FLAG_DONT_USE_VECTOR_OPS)
+    /* backward compat */
+    #define WC_FLAG_DONT_USE_VECTOR_OPS WC_FLAG_DONT_USE_AESNI
+#endif
+
+#if defined(WC_LINUXKM_C_FALLBACK_IN_SHIMS) && !defined(WC_FLAG_DONT_USE_VECTOR_OPS)
+    #error WC_LINUXKM_C_FALLBACK_IN_SHIMS is defined but WC_FLAG_DONT_USE_VECTOR_OPS is missing.
 #endif
 
 /* note the FIPS code will be returned on failure even in non-FIPS builds. */
@@ -497,7 +505,7 @@ static int km_AesSetKeyCommon(struct km_AesCtx * ctx, const u8 *in_key,
 #ifdef WC_LINUXKM_C_FALLBACK_IN_SHIMS
 
     if (ctx->aes_encrypt->use_aesni) {
-        ctx->aes_encrypt_C->use_aesni = WC_FLAG_DONT_USE_AESNI;
+        ctx->aes_encrypt_C->use_aesni = WC_FLAG_DONT_USE_VECTOR_OPS;
 
         err = wc_AesSetKey(ctx->aes_encrypt_C, in_key, key_len, NULL, AES_ENCRYPTION);
 
@@ -513,7 +521,7 @@ static int km_AesSetKeyCommon(struct km_AesCtx * ctx, const u8 *in_key,
     }
 
     if (ctx->aes_decrypt_C && ctx->aes_decrypt->use_aesni) {
-        ctx->aes_decrypt_C->use_aesni = WC_FLAG_DONT_USE_AESNI;
+        ctx->aes_decrypt_C->use_aesni = WC_FLAG_DONT_USE_VECTOR_OPS;
 
         err = wc_AesSetKey(ctx->aes_decrypt_C, in_key, key_len, NULL,
                            AES_DECRYPTION);
@@ -924,7 +932,7 @@ static int km_AesGcmSetKey(struct crypto_aead *tfm, const u8 *in_key,
 
 #ifdef WC_LINUXKM_C_FALLBACK_IN_SHIMS
     if (ctx->aes_encrypt->use_aesni) {
-        ctx->aes_encrypt_C->use_aesni = WC_FLAG_DONT_USE_AESNI;
+        ctx->aes_encrypt_C->use_aesni = WC_FLAG_DONT_USE_VECTOR_OPS;
 
         err = wc_AesGcmSetKey(ctx->aes_encrypt_C, in_key, key_len);
 
@@ -972,7 +980,7 @@ static int km_AesGcmSetKey_Rfc4106(struct crypto_aead *tfm, const u8 *in_key,
 
 #ifdef WC_LINUXKM_C_FALLBACK_IN_SHIMS
     if (ctx->aes_encrypt->use_aesni) {
-        ctx->aes_encrypt_C->use_aesni = WC_FLAG_DONT_USE_AESNI;
+        ctx->aes_encrypt_C->use_aesni = WC_FLAG_DONT_USE_VECTOR_OPS;
 
         err = wc_AesGcmSetKey(ctx->aes_encrypt_C, in_key, key_len);
 
@@ -1609,7 +1617,7 @@ static int km_AesXtsSetKey(struct crypto_skcipher *tfm, const u8 *in_key,
     }
 
     /* It's possible to set ctx->aesXts->{tweak,aes,aes_decrypt}.use_aesni to
-     * WC_FLAG_DONT_USE_AESNI here, for WC_LINUXKM_C_FALLBACK_IN_SHIMS in
+     * WC_FLAG_DONT_USE_VECTOR_OPS here, for WC_LINUXKM_C_FALLBACK_IN_SHIMS in
      * AES-XTS, but we can use the WC_C_DYNAMIC_FALLBACK mechanism
      * unconditionally because there's no AES-XTS in Cert 4718.
      */
@@ -4312,3 +4320,5 @@ static int linuxkm_test_aesecb(void) {
 #endif /* LINUXKM_LKCAPI_REGISTER_AESECB */
 
 #endif /* LINUXKM_LKCAPI_REGISTER_AES */
+
+#endif /* !WC_SKIP_INCLUDED_C_FILES */
diff --git a/linuxkm/lkcapi_dh_glue.c b/linuxkm/lkcapi_dh_glue.c
index d8db8db12..8b3ff0ce5 100644
--- a/linuxkm/lkcapi_dh_glue.c
+++ b/linuxkm/lkcapi_dh_glue.c
@@ -20,6 +20,9 @@
  * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA
  */
 
+/* included by linuxkm/lkcapi_glue.c */
+#ifndef WC_SKIP_INCLUDED_C_FILES
+
 #ifndef LINUXKM_LKCAPI_REGISTER
     #error lkcapi_dh_glue.c included in non-LINUXKM_LKCAPI_REGISTER project.
 #endif
@@ -33,9 +36,8 @@
 #endif
 
 #if defined(LINUXKM_LKCAPI_REGISTER_DH) && \
-    (!defined(WOLFSSL_DH_EXTRA) ||         \
-     !defined(WOLFSSL_DH_GEN_PUB))
-     /* not supported without WOLFSSL_DH_EXTRA && WOLFSSL_DH_GEN_PUB */
+    !defined(WOLFSSL_DH_EXTRA)
+     /* not supported without WOLFSSL_DH_EXTRA */
     #undef LINUXKM_LKCAPI_REGISTER_DH
 
     #if defined(LINUXKM_LKCAPI_REGISTER_ALL_KCONFIG) && defined(CONFIG_CRYPTO_DH)
@@ -2966,3 +2968,5 @@ test_kpp_end:
 }
 
 #endif /* LINUXKM_LKCAPI_REGISTER_DH */
+
+#endif /* !WC_SKIP_INCLUDED_C_FILES */
diff --git a/linuxkm/lkcapi_ecdh_glue.c b/linuxkm/lkcapi_ecdh_glue.c
index 96d5ce8db..86231183d 100644
--- a/linuxkm/lkcapi_ecdh_glue.c
+++ b/linuxkm/lkcapi_ecdh_glue.c
@@ -20,6 +20,9 @@
  * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA
  */
 
+/* included by linuxkm/lkcapi_glue.c */
+#ifndef WC_SKIP_INCLUDED_C_FILES
+
 #ifndef LINUXKM_LKCAPI_REGISTER
     #error lkcapi_ecdh_glue.c included in non-LINUXKM_LKCAPI_REGISTER project.
 #endif
@@ -991,3 +994,5 @@ test_ecdh_nist_end:
 }
 
 #endif /* LINUXKM_LKCAPI_REGISTER_ECDH */
+
+#endif /* !WC_SKIP_INCLUDED_C_FILES */
diff --git a/linuxkm/lkcapi_ecdsa_glue.c b/linuxkm/lkcapi_ecdsa_glue.c
index f7e3cf67a..92d38dfd2 100644
--- a/linuxkm/lkcapi_ecdsa_glue.c
+++ b/linuxkm/lkcapi_ecdsa_glue.c
@@ -20,6 +20,9 @@
  * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA
  */
 
+/* included by linuxkm/lkcapi_glue.c */
+#ifndef WC_SKIP_INCLUDED_C_FILES
+
 #ifndef LINUXKM_LKCAPI_REGISTER
     #error lkcapi_ecdsa_glue.c included in non-LINUXKM_LKCAPI_REGISTER project.
 #endif
@@ -843,3 +846,5 @@ test_ecdsa_nist_end:
 }
 
 #endif /* LINUXKM_LKCAPI_REGISTER_ECDSA */
+
+#endif /* !WC_SKIP_INCLUDED_C_FILES */
diff --git a/linuxkm/lkcapi_glue.c b/linuxkm/lkcapi_glue.c
index 8511ac421..db34d95aa 100644
--- a/linuxkm/lkcapi_glue.c
+++ b/linuxkm/lkcapi_glue.c
@@ -21,6 +21,7 @@
  */
 
 /* included by linuxkm/module_hooks.c */
+#ifndef WC_SKIP_INCLUDED_C_FILES
 
 #ifndef LINUXKM_LKCAPI_REGISTER
     #error lkcapi_glue.c included in non-LINUXKM_LKCAPI_REGISTER project.
@@ -310,6 +311,7 @@ static int linuxkm_lkcapi_sysfs_deinstall(void) {
     return 0;
 }
 
+static volatile int linuxkm_lkcapi_registering_now = 0;
 static int linuxkm_lkcapi_registered = 0;
 static int linuxkm_lkcapi_n_registered = 0;
 
@@ -318,9 +320,11 @@ static int linuxkm_lkcapi_register(void)
     int ret = -1;
     int seen_err = 0;
 
+    linuxkm_lkcapi_registering_now = 1;
+
     ret = linuxkm_lkcapi_sysfs_install();
     if (ret)
-        return ret;
+        goto out;
 
 #if defined(CONFIG_CRYPTO_MANAGER_EXTRA_TESTS) || \
     defined(CONFIG_CRYPTO_SELFTESTS_FULL)
@@ -704,11 +708,14 @@ static int linuxkm_lkcapi_register(void)
 
     if (ret == -1) {
         /* no installations occurred */
-        if (linuxkm_lkcapi_registered)
-            return -EEXIST;
+        if (linuxkm_lkcapi_registered) {
+            ret = -EEXIST;
+            goto out;
+        }
         else {
             linuxkm_lkcapi_registered = 1;
-            return 0;
+            ret = 0;
+            goto out;
         }
     }
     else {
@@ -716,8 +723,15 @@ static int linuxkm_lkcapi_register(void)
          * occurred.
          */
         linuxkm_lkcapi_registered = 1;
-        return seen_err;
+        ret = seen_err;
+        goto out;
     }
+
+out:
+
+    linuxkm_lkcapi_registering_now = 0;
+
+    return ret;
 }
 
 static int linuxkm_lkcapi_unregister(void)
@@ -968,3 +982,5 @@ static int linuxkm_lkcapi_unregister(void)
 
     return seen_err;
 }
+
+#endif /* !WC_SKIP_INCLUDED_C_FILES */
diff --git a/linuxkm/lkcapi_rsa_glue.c b/linuxkm/lkcapi_rsa_glue.c
index 218d9eb37..0902af41f 100644
--- a/linuxkm/lkcapi_rsa_glue.c
+++ b/linuxkm/lkcapi_rsa_glue.c
@@ -20,6 +20,9 @@
  * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA
  */
 
+/* included by linuxkm/lkcapi_glue.c */
+#ifndef WC_SKIP_INCLUDED_C_FILES
+
 #ifndef LINUXKM_LKCAPI_REGISTER
     #error lkcapi_rsa_glue.c included in non-LINUXKM_LKCAPI_REGISTER project.
 #endif
@@ -3250,3 +3253,5 @@ static int get_hash_enc_len(int hash_oid)
     return enc_len;
 }
 #endif /* LINUXKM_LKCAPI_REGISTER_RSA */
+
+#endif /* !WC_SKIP_INCLUDED_C_FILES */
diff --git a/linuxkm/lkcapi_sha_glue.c b/linuxkm/lkcapi_sha_glue.c
index f2c754861..196ade40f 100644
--- a/linuxkm/lkcapi_sha_glue.c
+++ b/linuxkm/lkcapi_sha_glue.c
@@ -19,6 +19,9 @@
  * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA
  */
 
+/* included by linuxkm/lkcapi_glue.c */
+#ifndef WC_SKIP_INCLUDED_C_FILES
+
 #ifndef LINUXKM_LKCAPI_REGISTER
     #error lkcapi_sha_glue.c included in non-LINUXKM_LKCAPI_REGISTER project.
 #endif
@@ -374,10 +377,7 @@
         !defined(LINUXKM_LKCAPI_REGISTER_HASH_DRBG)
         #define LINUXKM_LKCAPI_REGISTER_HASH_DRBG
     #endif
-    #if (defined(LINUXKM_LKCAPI_REGISTER_ALL) && !defined(LINUXKM_LKCAPI_DONT_REGISTER_HASH_DRBG_DEFAULT)) && \
-        !defined(LINUXKM_LKCAPI_REGISTER_HASH_DRBG_DEFAULT)
-        #define LINUXKM_LKCAPI_REGISTER_HASH_DRBG_DEFAULT
-    #endif
+    /* setup for LINUXKM_LKCAPI_REGISTER_HASH_DRBG_DEFAULT is in linuxkm_wc_port.h */
 #else
     #undef LINUXKM_LKCAPI_REGISTER_HASH_DRBG
 #endif
@@ -980,6 +980,9 @@ static inline void wc_linuxkm_drbg_ctx_clear(struct wc_linuxkm_drbg_ctx * ctx)
             if (ctx->rngs[i].lock != 0) {
                 /* better to leak than to crash. */
                 pr_err("BUG: wc_linuxkm_drbg_ctx_clear called with DRBG #%d still locked.", i);
+                ctx->rngs = NULL;
+                ctx->n_rngs = 0;
+                return;
             }
             else
                 wc_FreeRng(&ctx->rngs[i].rng);
@@ -1289,7 +1292,7 @@ static int wc_linuxkm_drbg_loaded = 0;
 #ifdef LINUXKM_DRBG_GET_RANDOM_BYTES
 
 #if !(defined(HAVE_ENTROPY_MEMUSE) || defined(HAVE_INTEL_RDSEED) ||    \
-    defined(HAVE_AMD_RDSEED))
+      defined(HAVE_AMD_RDSEED) || defined(WC_LINUXKM_RDSEED_IN_GLUE_LAYER))
     #error LINUXKM_DRBG_GET_RANDOM_BYTES requires a native or intrinsic entropy source.
 #endif
 
@@ -2045,3 +2048,5 @@ static int wc_linuxkm_drbg_cleanup(void) {
 }
 
 #endif /* LINUXKM_LKCAPI_REGISTER_HASH_DRBG */
+
+#endif /* !WC_SKIP_INCLUDED_C_FILES */
diff --git a/linuxkm/module_hooks.c b/linuxkm/module_hooks.c
index 389ff1f59..d61e202dc 100644
--- a/linuxkm/module_hooks.c
+++ b/linuxkm/module_hooks.c
@@ -43,6 +43,12 @@
 #endif
 #include <wolfssl/wolfcrypt/random.h>
 #include <wolfssl/wolfcrypt/sha256.h>
+#ifdef NO_INLINE
+    #include <wolfssl/wolfcrypt/misc.h>
+#else
+    #define WOLFSSL_MISC_INCLUDED
+    #include <wolfcrypt/src/misc.c>
+#endif
 
 #ifdef WOLFSSL_DEBUG_TRACE_ERROR_CODES
     enum linux_errcodes {
@@ -91,7 +97,7 @@ extern const unsigned int wolfCrypt_PIE_rodata_end[];
 /* cheap portable ad-hoc hash function to confirm bitwise stability of the PIE
  * binary image.
  */
-static unsigned int hash_span(char *start, char *end) {
+static unsigned int hash_span(const u8 *start, const u8 *end) {
     unsigned int sum = 1;
     while (start < end) {
         unsigned int rotate_by;
@@ -102,6 +108,9 @@ static unsigned int hash_span(char *start, char *end) {
     return sum;
 }
 
+static int total_text_r = 0, total_rodata_r = 0, total_rwdata_r = 0,
+    total_bss_r = 0, total_other_r = 0;
+
 #endif /* DEBUG_LINUXKM_PIE_SUPPORT */
 
 #ifdef USE_WOLFSSL_LINUXKM_PIE_REDIRECT_TABLE
@@ -198,7 +207,166 @@ WC_MAYBE_UNUSED static int linuxkm_lkcapi_sysfs_deinstall_node(struct kobj_attri
     #include "linuxkm/lkcapi_glue.c"
 #endif
 
-#if defined(WOLFSSL_LINUXKM_USE_SAVE_VECTOR_REGISTERS) && defined(CONFIG_X86)
+int wc_linuxkm_check_for_intr_signals(void) {
+    static const int intr_signals[] = WC_LINUXKM_INTR_SIGNALS;
+    if (preempt_count() != 0)
+        return 0;
+
+#if defined(HAVE_FIPS) && defined(LINUXKM_LKCAPI_REGISTER)
+    /* ignore signals during FIPS startup sequence -- failed alg tests cause
+     * kernel panics on FIPS kernels.
+     */
+    if (linuxkm_lkcapi_registering_now)
+        return 0;
+#endif
+    if (signal_pending(current)) {
+        int i;
+        for (i = 0;
+             i < (int)sizeof(intr_signals) / (int)sizeof(intr_signals[0]);
+             ++i)
+        {
+            if (sigismember(&current->pending.signal, intr_signals[i])) {
+#ifdef WOLFSSL_LINUXKM_VERBOSE_DEBUG
+                pr_err("INFO: wc_linuxkm_check_for_intr_signals returning "
+                       "INTERRUPTED_E on signal %d\n", intr_signals[i]);
+#endif
+                return INTERRUPTED_E;
+            }
+        }
+    }
+    return 0;
+}
+
+void wc_linuxkm_relax_long_loop(void) {
+    #if WC_LINUXKM_MAX_NS_WITHOUT_YIELD >= 0
+    if (preempt_count() == 0) {
+        #if (WC_LINUXKM_MAX_NS_WITHOUT_YIELD == 0) || !defined(CONFIG_SCHED_INFO)
+        cond_resched();
+        #else
+        /* note that local_clock() wraps a local_clock_noinstr() in a
+         * preempt_disable_notrace(), which sounds expensive but isn't --
+         * preempt_disable_notrace() is actually just a nonlocking integer
+         * increment of current_thread_info()->preempt.count, protected only by
+         * various compiler optimizer barriers.
+         */
+        u64 now = local_clock();
+        u64 current_last_arrival = current->sched_info.last_arrival;
+        s64 delta = (s64)(now - current_last_arrival);
+        if (delta > WC_LINUXKM_MAX_NS_WITHOUT_YIELD) {
+            cond_resched();
+            /* if nothing else is runnable, cond_resched() is a no-op and
+             * doesn't even update .last_arrival.  we could force update by
+             * sleeping, but there's no need.  we've been nice enough by just
+             * cond_resched()ing, and it's actually preferable to call
+             * cond_resched() frequently once computation has looped
+             * continuously for longer than WC_LINUXKM_MAX_NS_WITHOUT_YIELD.
+             */
+        }
+        #endif
+    }
+    #endif
+}
+
+/* backported wc_GenerateSeed_IntelRD() for FIPS v5. */
+#ifdef WC_LINUXKM_RDSEED_IN_GLUE_LAYER
+
+#include <wolfssl/wolfcrypt/cpuid.h>
+#include <wolfssl/wolfcrypt/random.h>
+
+static cpuid_flags_t intel_flags = WC_CPUID_INITIALIZER;
+static inline void wc_InitRng_IntelRD(void)
+{
+    cpuid_get_flags_ex(&intel_flags);
+}
+
+#define INTELRD_RETRY 32
+
+static WC_INLINE int IntelRDseed64(word64* seed)
+{
+    unsigned char ok;
+
+    __asm__ volatile("rdseed %0; setc %1":"=r"(*seed), "=qm"(ok));
+    return (ok) ? 0 : -1;
+}
+
+/* return 0 on success */
+static WC_INLINE int IntelRDseed64_r(word64* rnd)
+{
+    int iters, retry_counter;
+    word64 buf;
+#if defined(HAVE_AMD_RDSEED)
+    /* See "AMD RNG ESV Public Use Document".  Version 0.7 of October 24,
+     * 2024 specifies 0.656 to 1.312 bits of entropy per 128 bit block of
+     * RDSEED output, depending on CPU family.
+     *
+     * FIPS v5 random.c sets ENTROPY_SCALE_FACTOR to 1 for
+     * HAVE_INTEL_RDSEED.
+     */
+    iters = 128;
+#elif defined(HAVE_INTEL_RDSEED)
+    /* The value of 2 applies to Intel's RDSEED which provides about
+     * 0.5 bits minimum of entropy per bit. The value of 4 gives a
+     * conservative margin for FIPS.
+     *
+     * FIPS v5 random.c sets ENTROPY_SCALE_FACTOR to 2 for
+     * HAVE_INTEL_RDSEED.
+     */
+    iters = 2;
+#else
+    #error WC_LINUXKM_RDSEED_IN_GLUE_LAYER requires HAVE_INTEL_RDSEED or HAVE_AMD_RDSEED
+#endif
+
+    while (--iters >= 0) {
+        for (retry_counter = 0; retry_counter < INTELRD_RETRY; retry_counter++) {
+            if (IntelRDseed64(&buf) == 0)
+                break;
+        }
+        if (retry_counter == INTELRD_RETRY)
+            return -1;
+        WC_SANITIZE_DISABLE();
+        *rnd ^= buf; /* deliberately retain any garbage passed in the dest buffer. */
+        WC_SANITIZE_ENABLE();
+        buf = 0;
+    }
+    return 0;
+}
+
+/* return 0 on success */
+int wc_linuxkm_GenerateSeed_IntelRD(struct OS_Seed* os, byte* output, word32 sz)
+{
+    int ret;
+    word64 rndTmp;
+
+    (void)os;
+
+    wc_InitRng_IntelRD();
+
+    if (!IS_INTEL_RDSEED(intel_flags))
+        return -1;
+
+    for (; (sz / sizeof(word64)) > 0; sz -= sizeof(word64),
+                                                    output += sizeof(word64)) {
+        ret = IntelRDseed64_r((word64*)output);
+        if (ret != 0)
+            return ret;
+    }
+    if (sz == 0)
+        return 0;
+
+    /* handle unaligned remainder */
+    ret = IntelRDseed64_r(&rndTmp);
+    if (ret != 0)
+        return ret;
+
+    XMEMCPY(output, &rndTmp, sz);
+    wc_ForceZero(&rndTmp, sizeof(rndTmp));
+
+    return 0;
+}
+
+#endif /* WC_LINUXKM_RDSEED_IN_GLUE_LAYER */
+
+#if defined(WOLFSSL_USE_SAVE_VECTOR_REGISTERS) && defined(CONFIG_X86)
     #include "linuxkm/x86_vector_register_glue.c"
 #endif
 
@@ -251,24 +419,28 @@ static int wolfssl_init(void)
 #endif
 
     {
-        char *pie_text_start = (char *)wolfCrypt_PIE_first_function;
-        char *pie_text_end = (char *)wolfCrypt_PIE_last_function;
-        char *pie_rodata_start = (char *)wolfCrypt_PIE_rodata_start;
-        char *pie_rodata_end = (char *)wolfCrypt_PIE_rodata_end;
-        unsigned int text_hash, rodata_hash;
-
-        text_hash = hash_span(pie_text_start, pie_text_end);
-        rodata_hash = hash_span(pie_rodata_start, pie_rodata_end);
+        unsigned int text_hash = hash_span(__wc_text_start, __wc_text_end);
+        unsigned int rodata_hash = hash_span(__wc_rodata_start, __wc_rodata_end);
 
         /* note, "%pK" conceals the actual layout information.  "%px" exposes
          * the true module start address, which is potentially useful to an
          * attacker.
          */
         pr_info("wolfCrypt section hashes (spans): text 0x%x (%lu), rodata 0x%x (%lu), offset %c0x%lx\n",
-                text_hash, pie_text_end-pie_text_start,
-                rodata_hash, pie_rodata_end-pie_rodata_start,
-                pie_text_start < pie_rodata_start ? '+' : '-',
-                pie_text_start < pie_rodata_start ? pie_rodata_start - pie_text_start : pie_text_start - pie_rodata_start);
+                text_hash, __wc_text_end - __wc_text_start,
+                rodata_hash, __wc_rodata_end - __wc_rodata_start,
+                &__wc_text_start[0] < &__wc_rodata_start[0] ? '+' : '-',
+                &__wc_text_start[0] < &__wc_rodata_start[0] ? &__wc_rodata_start[0] - &__wc_text_start[0] : &__wc_text_start[0] - &__wc_rodata_start[0]);
+        pr_info("wolfCrypt segments: text=%x-%x, rodata=%x-%x, "
+                "rwdata=%x-%x, bss=%x-%x\n",
+                (unsigned)(uintptr_t)__wc_text_start,
+                (unsigned)(uintptr_t)__wc_text_end,
+                (unsigned)(uintptr_t)__wc_rodata_start,
+                (unsigned)(uintptr_t)__wc_rodata_end,
+                (unsigned)(uintptr_t)__wc_rwdata_start,
+                (unsigned)(uintptr_t)__wc_rwdata_end,
+                (unsigned)(uintptr_t)__wc_bss_start,
+                (unsigned)(uintptr_t)__wc_bss_end);
     }
 
 #endif /* HAVE_LINUXKM_PIE_SUPPORT && DEBUG_LINUXKM_PIE_SUPPORT */
@@ -279,7 +451,19 @@ static int wolfssl_init(void)
         pr_err("ERROR: wolfCrypt_SetCb_fips() failed: %s\n", wc_GetErrorString(ret));
         return -ECANCELED;
     }
+
+#if defined(HAVE_LINUXKM_PIE_SUPPORT) && defined(DEBUG_LINUXKM_PIE_SUPPORT)
+    total_text_r = total_rodata_r = total_rwdata_r = total_bss_r =
+        total_other_r = 0;
+#endif
+
     fipsEntry();
+
+#if defined(HAVE_LINUXKM_PIE_SUPPORT) && defined(DEBUG_LINUXKM_PIE_SUPPORT)
+    pr_info("relocation normalizations: text=%d, rodata=%d, rwdata=%d, bss=%d, other=%d\n",
+            total_text_r, total_rodata_r, total_rwdata_r, total_bss_r, total_other_r);
+#endif
+
     ret = wolfCrypt_GetStatus_fips();
     if (ret != 0) {
         pr_err("ERROR: wolfCrypt_GetStatus_fips() failed with code %d: %s\n", ret, wc_GetErrorString(ret));
@@ -293,14 +477,15 @@ static int wolfssl_init(void)
 #endif /* HAVE_FIPS */
 
 #ifdef WC_RNG_SEED_CB
-    ret = wc_SetSeed_Cb(wc_GenerateSeed);
+    ret = wc_SetSeed_Cb(WC_GENERATE_SEED_DEFAULT);
+
     if (ret < 0) {
         pr_err("ERROR: wc_SetSeed_Cb() failed with return code %d.\n", ret);
         (void)libwolfssl_cleanup();
         msleep(10);
         return -ECANCELED;
     }
-#endif
+#endif /* WC_RNG_SEED_CB */
 
 #ifdef WOLFCRYPT_ONLY
     ret = wolfCrypt_Init();
@@ -473,9 +658,227 @@ MODULE_AUTHOR("https://www.wolfssl.com/");
 MODULE_DESCRIPTION("libwolfssl cryptographic and protocol facilities");
 MODULE_VERSION(LIBWOLFSSL_VERSION_STRING);
 
+#ifdef HAVE_LINUXKM_PIE_SUPPORT
+
+#include "linuxkm/wc_linuxkm_pie_reloc_tab.c"
+
+static inline int find_reloc_tab_offset(size_t text_in_offset) {
+    int ret, hop;
+    if (wc_linuxkm_pie_reloc_tab_length <= 1)
+        return -1;
+    if (text_in_offset >= (size_t)((uintptr_t)__wc_text_end - (uintptr_t)__wc_text_start))
+        return -1;
+    if (text_in_offset >= (size_t)wc_linuxkm_pie_reloc_tab[wc_linuxkm_pie_reloc_tab_length - 1])
+        return -1;
+    for (ret = 0,
+             hop = (int)wc_linuxkm_pie_reloc_tab_length / 2;
+         hop;
+         hop >>= 1)
+    {
+        if (text_in_offset == (size_t)wc_linuxkm_pie_reloc_tab[ret])
+            break;
+        else if (text_in_offset > (size_t)wc_linuxkm_pie_reloc_tab[ret])
+            ret += hop;
+        else if (ret)
+            ret -= hop;
+    }
+
+    while ((ret < (int)wc_linuxkm_pie_reloc_tab_length - 1) &&
+           ((size_t)wc_linuxkm_pie_reloc_tab[ret] < text_in_offset))
+        ++ret;
+
+    while ((ret > 0) &&
+           ((size_t)wc_linuxkm_pie_reloc_tab[ret - 1] >= text_in_offset))
+        --ret;
+
+    return ret;
+}
+
+#define WC_RODATA_TAG (0x1U << 29)
+#define WC_RWDATA_TAG (0x2U << 29)
+#define WC_BSS_TAG (0x3U << 29)
+#define WC_OTHER_TAG (0x4U << 29)
+
+#if LINUX_VERSION_CODE >= KERNEL_VERSION(6, 12, 0)
+#include <linux/unaligned.h>
+#else
+#include <asm-generic/unaligned.h>
+#endif
+
+ssize_t wc_linuxkm_normalize_relocations(
+    const u8 *text_in,
+    size_t text_in_len,
+    u8 *text_out,
+    ssize_t *cur_index_p)
+{
+    ssize_t i = -1;
+    size_t text_in_offset;
+    size_t last_reloc; /* for error-checking order in wc_linuxkm_pie_reloc_tab[] */
+#ifdef DEBUG_LINUXKM_PIE_SUPPORT
+    int n_text_r = 0, n_rodata_r = 0, n_rwdata_r = 0, n_bss_r = 0, n_other_r = 0;
+#endif
+
+    if ((text_in_len == 0) ||
+        (text_in < __wc_text_start) ||
+        (text_in + text_in_len >= __wc_text_end))
+    {
+        return -1;
+    }
+
+    text_in_offset = (uintptr_t)text_in - (uintptr_t)__wc_text_start;
+
+    if (cur_index_p)
+        i = *cur_index_p;
+
+    if (i == -1)
+        i = find_reloc_tab_offset(text_in_offset);
+
+    if (i < 0) {
+        return i;
+    }
+
+    WC_SANITIZE_DISABLE();
+    memcpy(text_out, text_in, text_in_len);
+    WC_SANITIZE_ENABLE();
+
+    for (last_reloc = wc_linuxkm_pie_reloc_tab[i > 0 ? i-1 : 0];
+         (size_t)i < wc_linuxkm_pie_reloc_tab_length - 1;
+         ++i)
+    {
+        size_t next_reloc = wc_linuxkm_pie_reloc_tab[i];
+        int reloc_buf;
+        uintptr_t abs_ptr;
+
+        if (last_reloc > next_reloc) {
+            pr_err("BUG: out-of-order offset found at wc_linuxkm_pie_reloc_tab[%zd]: %zu > %zu\n",
+                   i, last_reloc, next_reloc);
+            return -1;
+        }
+        last_reloc = next_reloc;
+
+        next_reloc -= text_in_offset;
+
+        if (next_reloc >= text_in_len) {
+            /* no more relocations in this buffer. */
+            break;
+        }
+        if (next_reloc > text_in_len - sizeof reloc_buf) {
+            /* relocation straddles buffer at end -- caller will try again with
+             * that relocation at the start.
+             */
+            text_in_len -= (sizeof reloc_buf - 1);
+            break;
+        }
+
+        reloc_buf = (int)get_unaligned((int32_t *)&text_out[next_reloc]);
+
+        /* the +4 accounts for the disp32 field size, as RIP points to the next
+         * instruction byte per the x86_64 ABI.
+         */
+        abs_ptr = (uintptr_t)text_in + next_reloc + 4 + reloc_buf;
+
+        if ((abs_ptr >= (uintptr_t)__wc_text_start) &&
+            (abs_ptr <= (uintptr_t)__wc_text_end))
+        {
+            /* internal references in the .wolfcrypt.text segment don't need
+             * normalization.
+             */
+#ifdef DEBUG_LINUXKM_PIE_SUPPORT
+            ++n_text_r;
+#endif
+            continue;
+        }
+        /* for the rodata, rwdata, and bss segments, recognize dest addrs one
+         * byte outside the segment -- the compiler occasionally generates
+         * these, e.g. __wc_rwdata_start - 1 in DoInCoreCheck() in kernel 6.1
+         * build of FIPS v5.
+         */
+        else if ((abs_ptr >= (uintptr_t)__wc_rodata_start - 1) &&
+                 (abs_ptr <= (uintptr_t)__wc_rodata_end + 1))
+        {
+#ifdef DEBUG_LINUXKM_PIE_SUPPORT
+            ++n_rodata_r;
+#endif
+            reloc_buf -= (int)((uintptr_t)__wc_rodata_start - 1 -
+                               (uintptr_t)__wc_text_start);
+            reloc_buf ^= WC_RODATA_TAG;
+        }
+        else if ((abs_ptr >= (uintptr_t)__wc_rwdata_start - 1) &&
+                 (abs_ptr <= (uintptr_t)__wc_rwdata_end + 1))
+        {
+#ifdef DEBUG_LINUXKM_PIE_SUPPORT
+            ++n_rwdata_r;
+#endif
+            reloc_buf -= (int)((uintptr_t)__wc_rwdata_start - 1 -
+                               (uintptr_t)__wc_text_start);
+            reloc_buf ^= WC_RWDATA_TAG;
+        }
+        else if ((abs_ptr >= (uintptr_t)__wc_bss_start - 1) &&
+                 (abs_ptr <= (uintptr_t)__wc_bss_end + 1))
+        {
+#ifdef DEBUG_LINUXKM_PIE_SUPPORT
+            ++n_bss_r;
+#endif
+            reloc_buf -= (int)((uintptr_t)__wc_bss_start - 1 -
+                               (uintptr_t)__wc_text_start);
+            reloc_buf ^= WC_BSS_TAG;
+        }
+        else {
+            /* relocation referring to non-wolfcrypt segment -- these can only
+             * be stabilized by zeroing them.
+             */
+            reloc_buf = WC_OTHER_TAG;
+#ifdef DEBUG_LINUXKM_PIE_SUPPORT
+            ++n_other_r;
+            /* we're currently only handling 32 bit relocations (R_X86_64_PLT32
+             * and R_X86_64_PC32) so the top half of the word64 is padding we
+             * can lop off for rendering.
+             */
+            pr_notice("found non-wolfcrypt relocation at text offset 0x%x to "
+                      "addr 0x%x, text=%x-%x, rodata=%x-%x, "
+                      "rwdata=%x-%x, bss=%x-%x\n",
+                      wc_linuxkm_pie_reloc_tab[i],
+                      (unsigned)(uintptr_t)abs_ptr,
+                      (unsigned)(uintptr_t)__wc_text_start,
+                      (unsigned)(uintptr_t)__wc_text_end,
+                      (unsigned)(uintptr_t)__wc_rodata_start,
+                      (unsigned)(uintptr_t)__wc_rodata_end,
+                      (unsigned)(uintptr_t)__wc_rwdata_start,
+                      (unsigned)(uintptr_t)__wc_rwdata_end,
+                      (unsigned)(uintptr_t)__wc_bss_start,
+                      (unsigned)(uintptr_t)__wc_bss_end);
+#endif
+        }
+        put_unaligned((u32)reloc_buf, (int32_t *)&text_out[next_reloc]);
+    }
+
+#ifdef DEBUG_LINUXKM_PIE_SUPPORT
+    total_text_r += n_text_r;
+    total_rodata_r += n_rodata_r;
+    total_rwdata_r += n_rwdata_r;
+    total_bss_r += n_bss_r;
+    total_other_r += n_other_r;
+
+    if (n_other_r > 0)
+        pr_notice("text_in=%x relocs=%d/%d/%d/%d/%d ret = %zu\n",
+                  (unsigned)(uintptr_t)text_in, n_text_r, n_rodata_r,
+                  n_rwdata_r, n_bss_r, n_other_r,
+                  text_in_len);
+#endif
+
+    if (cur_index_p)
+        *cur_index_p = i;
+
+    return text_in_len;
+}
+
+#endif /* HAVE_LINUXKM_PIE_SUPPORT */
+
 #ifdef USE_WOLFSSL_LINUXKM_PIE_REDIRECT_TABLE
 
-/* get_current() is an inline or macro, depending on the target -- sidestep the whole issue with a wrapper func. */
+/* get_current() is an inline or macro, depending on the target -- sidestep the
+ * whole issue with a wrapper func.
+ */
 static struct task_struct *my_get_current_thread(void) {
     return get_current();
 }
@@ -494,6 +897,9 @@ static int set_up_wolfssl_linuxkm_pie_redirect_table(void) {
         0,
         sizeof wolfssl_linuxkm_pie_redirect_table);
 
+    wolfssl_linuxkm_pie_redirect_table.wc_linuxkm_normalize_relocations =
+        wc_linuxkm_normalize_relocations;
+
 #ifndef __ARCH_MEMCMP_NO_REDIRECT
     wolfssl_linuxkm_pie_redirect_table.memcmp = memcmp;
 #endif
@@ -550,20 +956,33 @@ static int set_up_wolfssl_linuxkm_pie_redirect_table(void) {
 
     wolfssl_linuxkm_pie_redirect_table._ctype = _ctype;
 
-#if LINUX_VERSION_CODE >= KERNEL_VERSION(6, 11, 0)
+#if LINUX_VERSION_CODE >= KERNEL_VERSION(6, 18, 0)
+    wolfssl_linuxkm_pie_redirect_table.kmalloc_noprof = kmalloc_noprof;
+    wolfssl_linuxkm_pie_redirect_table.krealloc_node_align_noprof = krealloc_node_align_noprof;
+    wolfssl_linuxkm_pie_redirect_table.kzalloc_noprof = kzalloc_noprof;
+    wolfssl_linuxkm_pie_redirect_table.__kvmalloc_node_noprof = __kvmalloc_node_noprof;
+    wolfssl_linuxkm_pie_redirect_table.__kmalloc_cache_noprof = __kmalloc_cache_noprof;
+#ifdef HAVE_KVREALLOC
+    wolfssl_linuxkm_pie_redirect_table.kvrealloc_node_align_noprof = kvrealloc_node_align_noprof;
+#endif
+#elif LINUX_VERSION_CODE >= KERNEL_VERSION(6, 11, 0)
     wolfssl_linuxkm_pie_redirect_table.kmalloc_noprof = kmalloc_noprof;
     wolfssl_linuxkm_pie_redirect_table.krealloc_noprof = krealloc_noprof;
     wolfssl_linuxkm_pie_redirect_table.kzalloc_noprof = kzalloc_noprof;
     wolfssl_linuxkm_pie_redirect_table.__kvmalloc_node_noprof = __kvmalloc_node_noprof;
     wolfssl_linuxkm_pie_redirect_table.__kmalloc_cache_noprof = __kmalloc_cache_noprof;
+#ifdef HAVE_KVREALLOC
     wolfssl_linuxkm_pie_redirect_table.kvrealloc_noprof = kvrealloc_noprof;
+#endif
 #elif LINUX_VERSION_CODE >= KERNEL_VERSION(6, 10, 0)
     wolfssl_linuxkm_pie_redirect_table.kmalloc_noprof = kmalloc_noprof;
     wolfssl_linuxkm_pie_redirect_table.krealloc_noprof = krealloc_noprof;
     wolfssl_linuxkm_pie_redirect_table.kzalloc_noprof = kzalloc_noprof;
     wolfssl_linuxkm_pie_redirect_table.kvmalloc_node_noprof = kvmalloc_node_noprof;
     wolfssl_linuxkm_pie_redirect_table.kmalloc_trace_noprof = kmalloc_trace_noprof;
+#ifdef HAVE_KVREALLOC
     wolfssl_linuxkm_pie_redirect_table.kvrealloc_noprof = kvrealloc_noprof;
+#endif
 #else
     wolfssl_linuxkm_pie_redirect_table.kmalloc = kmalloc;
     wolfssl_linuxkm_pie_redirect_table.krealloc = krealloc;
@@ -606,15 +1025,15 @@ static int set_up_wolfssl_linuxkm_pie_redirect_table(void) {
 
     wolfssl_linuxkm_pie_redirect_table.get_current = my_get_current_thread;
 
-#if defined(WOLFSSL_LINUXKM_USE_SAVE_VECTOR_REGISTERS) && defined(CONFIG_X86)
+#if defined(WOLFSSL_USE_SAVE_VECTOR_REGISTERS) && defined(CONFIG_X86)
     wolfssl_linuxkm_pie_redirect_table.allocate_wolfcrypt_linuxkm_fpu_states = allocate_wolfcrypt_linuxkm_fpu_states;
-    wolfssl_linuxkm_pie_redirect_table.can_save_vector_registers_x86 = can_save_vector_registers_x86;
+    wolfssl_linuxkm_pie_redirect_table.wc_can_save_vector_registers_x86 = wc_can_save_vector_registers_x86;
     wolfssl_linuxkm_pie_redirect_table.free_wolfcrypt_linuxkm_fpu_states = free_wolfcrypt_linuxkm_fpu_states;
-    wolfssl_linuxkm_pie_redirect_table.restore_vector_registers_x86 = restore_vector_registers_x86;
-    wolfssl_linuxkm_pie_redirect_table.save_vector_registers_x86 = save_vector_registers_x86;
-#elif defined(WOLFSSL_LINUXKM_USE_SAVE_VECTOR_REGISTERS)
-    #error WOLFSSL_LINUXKM_USE_SAVE_VECTOR_REGISTERS is set for an unsupported architecture.
-#endif /* WOLFSSL_LINUXKM_USE_SAVE_VECTOR_REGISTERS */
+    wolfssl_linuxkm_pie_redirect_table.wc_restore_vector_registers_x86 = wc_restore_vector_registers_x86;
+    wolfssl_linuxkm_pie_redirect_table.wc_save_vector_registers_x86 = wc_save_vector_registers_x86;
+#elif defined(WOLFSSL_USE_SAVE_VECTOR_REGISTERS)
+    #error WOLFSSL_USE_SAVE_VECTOR_REGISTERS is set for an unsupported architecture.
+#endif /* WOLFSSL_USE_SAVE_VECTOR_REGISTERS */
 
     wolfssl_linuxkm_pie_redirect_table.__mutex_init = __mutex_init;
     #if LINUX_VERSION_CODE < KERNEL_VERSION(4, 0, 0)
@@ -741,6 +1160,9 @@ static int set_up_wolfssl_linuxkm_pie_redirect_table(void) {
     wolfssl_linuxkm_pie_redirect_table.queued_spin_lock_slowpath = queued_spin_lock_slowpath;
 #endif
 
+    wolfssl_linuxkm_pie_redirect_table.wc_linuxkm_check_for_intr_signals = wc_linuxkm_check_for_intr_signals;
+    wolfssl_linuxkm_pie_redirect_table.wc_linuxkm_relax_long_loop = wc_linuxkm_relax_long_loop;
+
     /* runtime assert that the table has no null slots after initialization. */
     {
         unsigned long *i;
@@ -762,7 +1184,6 @@ static int set_up_wolfssl_linuxkm_pie_redirect_table(void) {
 
 #endif /* USE_WOLFSSL_LINUXKM_PIE_REDIRECT_TABLE */
 
-
 #ifdef WOLFCRYPT_FIPS_CORE_DYNAMIC_HASH_VALUE
 
 #include <wolfssl/wolfcrypt/coding.h>
@@ -770,6 +1191,7 @@ static int set_up_wolfssl_linuxkm_pie_redirect_table(void) {
 PRAGMA_GCC_DIAG_PUSH
 PRAGMA_GCC("GCC diagnostic ignored \"-Wnested-externs\"")
 PRAGMA_GCC("GCC diagnostic ignored \"-Wpointer-arith\"")
+PRAGMA_GCC("GCC diagnostic ignored \"-Wunused-parameter\"")
 #include <crypto/hash.h>
 PRAGMA_GCC_DIAG_POP
 
@@ -890,12 +1312,47 @@ static int updateFipsHash(void)
         goto out;
     }
 
-    WC_SANITIZE_DISABLE();
+#if defined(WOLFSSL_LINUXKM) && defined(USE_WOLFSSL_LINUXKM_PIE_REDIRECT_TABLE)
+    {
+        ssize_t cur_reloc_index = -1;
+        const byte *text_p = (const byte *)first;
+        byte *buf = XMALLOC(8192, NULL, DYNAMIC_TYPE_TMP_BUFFER);
 
+        if (! buf) {
+            pr_err("ERROR: malloc failed in updateFipsHash()\n");
+            ret = MEMORY_E;
+            goto out;
+        }
+
+        while (text_p < (const byte *)last) {
+            ssize_t progress = wc_linuxkm_normalize_relocations(
+                text_p,
+                min(8192, (word32)((const byte *)last - text_p)),
+                buf,
+                &cur_reloc_index);
+            if (progress < 0) {
+                ret = IN_CORE_FIPS_E;
+                break;
+            }
+            ret = crypto_shash_update(desc, buf, (word32)progress);
+            if (ret)
+                break;
+            text_p += progress;
+        }
+
+        XFREE(buf, NULL, DYNAMIC_TYPE_TMP_BUFFER);
+    }
+
+    WC_SANITIZE_DISABLE();
+#else
+    WC_SANITIZE_DISABLE();
     ret = crypto_shash_update(desc, (byte *)(wc_ptr_t)first, (word32)code_sz);
+#endif /* !WOLFSSL_LINUXKM_PIE_REDIRECT_TABLE */
+
     if (ret) {
         pr_err("ERROR: crypto_shash_update failed: err %d\n", ret);
         ret = BAD_STATE_E;
+        WC_SANITIZE_ENABLE();
         goto out;
     }
 
@@ -915,6 +1372,7 @@ static int updateFipsHash(void)
     if (ret) {
         pr_err("ERROR: crypto_shash_update failed: err %d\n", ret);
         ret = BAD_STATE_E;
+        WC_SANITIZE_ENABLE();
         goto out;
     }
 
diff --git a/linuxkm/wolfcrypt.lds b/linuxkm/wolfcrypt.lds
index 4db5774b2..6399a0c26 100644
--- a/linuxkm/wolfcrypt.lds
+++ b/linuxkm/wolfcrypt.lds
@@ -1,19 +1,31 @@
 SECTIONS {
     . = ALIGN(4096);
     .text.wolfcrypt : {
+        __wc_text_start = .;
         *(.text.wolfcrypt)
+	. = ALIGN(4096);
+        __wc_text_end = .;
     }
     . = ALIGN(4096);
     .rodata.wolfcrypt : {
+        __wc_rodata_start = .;
         *(.rodata.wolfcrypt)
+        . = ALIGN(4096);
+        __wc_rodata_end = .;
     }
     . = ALIGN(4096);
     .data.wolfcrypt : {
+        __wc_rwdata_start = .;
         *(.data.wolfcrypt)
+        . = ALIGN(4096);
+        __wc_rwdata_end = .;
     }
     . = ALIGN(4096);
     .bss.wolfcrypt : {
+        __wc_bss_start = .;
         *(.bss.wolfcrypt)
+        . = ALIGN(4096);
+        __wc_bss_end = .;
     }
     . = ALIGN(4096);
 }
diff --git a/linuxkm/x86_vector_register_glue.c b/linuxkm/x86_vector_register_glue.c
index a6f6ebbac..0bf01b42a 100644
--- a/linuxkm/x86_vector_register_glue.c
+++ b/linuxkm/x86_vector_register_glue.c
@@ -21,8 +21,9 @@
  */
 
 /* included by linuxkm/module_hooks.c */
+#ifndef WC_SKIP_INCLUDED_C_FILES
 
-#if !defined(WOLFSSL_LINUXKM_USE_SAVE_VECTOR_REGISTERS) || !defined(CONFIG_X86)
+#if !defined(WOLFSSL_USE_SAVE_VECTOR_REGISTERS) || !defined(CONFIG_X86)
     #error x86_vector_register_glue.c included in non-vectorized/non-x86 project.
 #endif
 
@@ -38,7 +39,7 @@
  * checks in __kernel_fpu_begin(), and lacks TIF_NEED_FPU_LOAD.
  */
 #if (LINUX_VERSION_CODE < KERNEL_VERSION(5, 4, 0))
-    #error WOLFSSL_LINUXKM_USE_SAVE_VECTOR_REGISTERS on x86 requires kernel 5.4.0 or higher.
+    #error WOLFSSL_USE_SAVE_VECTOR_REGISTERS on x86 requires kernel 5.4.0 or higher.
 #endif
 
 static unsigned int wc_linuxkm_fpu_states_n_tracked = 0;
@@ -233,7 +234,7 @@ static inline struct wc_thread_fpu_count_ent *wc_linuxkm_fpu_state_assoc(
     if (unlikely(wc_linuxkm_fpu_states == NULL)) {
         if (! assume_fpu_began) {
             /* this was just a quick check for whether we're in a recursive
-             * save_vector_registers_x86().  we're not.
+             * wc_save_vector_registers_x86().  we're not.
              */
             return NULL;
         }
@@ -253,7 +254,7 @@ static inline struct wc_thread_fpu_count_ent *wc_linuxkm_fpu_state_assoc(
     }
     if (! assume_fpu_began) {
         /* this was just a quick check for whether we're in a recursive
-         * save_vector_registers_x86().  we're not.
+         * wc_save_vector_registers_x86().  we're not.
          *
          * if we're in a softirq context, we'll always wind up here, because
          * processes with entries in wc_linuxkm_fpu_states[] always have
@@ -296,7 +297,7 @@ static inline void wc_linuxkm_fpu_state_release(
     __atomic_store_n(&ent->pid, 0, __ATOMIC_RELEASE);
 }
 
-WARN_UNUSED_RESULT int can_save_vector_registers_x86(void)
+WARN_UNUSED_RESULT int wc_can_save_vector_registers_x86(void)
 {
     struct wc_thread_fpu_count_ent *pstate;
 
@@ -329,7 +330,7 @@ WARN_UNUSED_RESULT int can_save_vector_registers_x86(void)
         return 0;
 }
 
-WARN_UNUSED_RESULT int save_vector_registers_x86(enum wc_svr_flags flags)
+WARN_UNUSED_RESULT int wc_save_vector_registers_x86(enum wc_svr_flags flags)
 {
     struct wc_thread_fpu_count_ent *pstate;
 
@@ -338,7 +339,7 @@ WARN_UNUSED_RESULT int save_vector_registers_x86(enum wc_svr_flags flags)
      * a second look at preempt_count().
      */
     if (((preempt_count() & (NMI_MASK | HARDIRQ_MASK)) != 0) || (task_pid_nr(current) == 0)) {
-        VRG_PR_WARN_X("WARNING: save_vector_registers_x86 called with preempt_count 0x%x and pid %d on CPU %d.\n", preempt_count(), task_pid_nr(current), raw_smp_processor_id());
+        VRG_PR_WARN_X("WARNING: wc_save_vector_registers_x86 called with preempt_count 0x%x and pid %d on CPU %d.\n", preempt_count(), task_pid_nr(current), raw_smp_processor_id());
         return WC_ACCEL_INHIBIT_E;
     }
 
@@ -346,32 +347,40 @@ WARN_UNUSED_RESULT int save_vector_registers_x86(enum wc_svr_flags flags)
 
     /* allow for nested calls */
     if (pstate && (pstate->fpu_state != 0U)) {
-        if (unlikely(pstate->fpu_state & WC_FPU_INHIBITED_FLAG)) {
-            if (flags & WC_SVR_FLAG_INHIBIT) {
-                /* allow recursive inhibit calls as long as the whole stack of
-                 * them is inhibiting.
-                 */
-                ++pstate->fpu_state;
-                return 0;
-            }
-            else
-                return WC_ACCEL_INHIBIT_E;
+        if (pstate->fpu_state & WC_FPU_INHIBITED_FLAG) {
+            /* don't allow recursive inhibit calls when already inhibited --
+             * it would add no functionality and require keeping a separate
+             * count of inhibit recursions.
+             */
+            return WC_ACCEL_INHIBIT_E;
         }
-        if (unlikely(flags & WC_SVR_FLAG_INHIBIT))
-            return BAD_STATE_E;
         if (unlikely((pstate->fpu_state & WC_FPU_COUNT_MASK)
                      == WC_FPU_COUNT_MASK))
         {
-            pr_err("ERROR: save_vector_registers_x86 recursion register overflow for "
+            pr_err("ERROR: wc_save_vector_registers_x86 recursion register overflow for "
                    "pid %d on CPU %d.\n", pstate->pid, raw_smp_processor_id());
             return BAD_STATE_E;
-        } else {
+        }
+        if (flags & WC_SVR_FLAG_INHIBIT) {
+            ++pstate->fpu_state;
+            pstate->fpu_state |= WC_FPU_INHIBITED_FLAG;
+            return 0;
+        }
+        else {
             ++pstate->fpu_state;
             return 0;
         }
         __builtin_unreachable();
     }
 
+    {
+        int ret = WC_CHECK_FOR_INTR_SIGNALS();
+        if (ret)
+            return ret;
+    }
+
+    WC_RELAX_LONG_LOOP();
+
     if (flags & WC_SVR_FLAG_INHIBIT) {
         if ((preempt_count() != 0) && !may_use_simd())
             return WC_ACCEL_INHIBIT_E; /* not an error here, just a
@@ -388,7 +397,7 @@ WARN_UNUSED_RESULT int save_vector_registers_x86(enum wc_svr_flags flags)
         local_bh_disable();
 
         if (preempt_count() == 0) {
-            VRG_PR_ERR_X("BUG: save_vector_registers_x86(): zero preempt_count after local_bh_disable() on CPU %d.\n",
+            VRG_PR_ERR_X("BUG: wc_save_vector_registers_x86(): zero preempt_count after local_bh_disable() on CPU %d.\n",
                    raw_smp_processor_id());
             #if defined(CONFIG_SMP) && !defined(CONFIG_PREEMPT_COUNT) && \
                 (LINUX_VERSION_CODE >= KERNEL_VERSION(5, 7, 0))
@@ -451,13 +460,13 @@ WARN_UNUSED_RESULT int save_vector_registers_x86(enum wc_svr_flags flags)
         pstate->fpu_state = 1U;
 
         if (preempt_count() == 0) {
-            VRG_PR_ERR_X("BUG: save_vector_registers_x86(): zero preempt_count after kernel_fpu_begin() on CPU %d.\n",
+            VRG_PR_ERR_X("BUG: wc_save_vector_registers_x86(): zero preempt_count after kernel_fpu_begin() on CPU %d.\n",
                          raw_smp_processor_id());
         }
 
         return 0;
     } else  {
-        VRG_PR_WARN_X("WARNING: save_vector_registers_x86 called with no saved state and nonzero preempt_count 0x%x on CPU %d.\n", preempt_count(), raw_smp_processor_id());
+        VRG_PR_WARN_X("WARNING: wc_save_vector_registers_x86 called with no saved state and nonzero preempt_count 0x%x on CPU %d.\n", preempt_count(), raw_smp_processor_id());
         #ifdef WOLFSSL_LINUXKM_VERBOSE_DEBUG
         dump_stack();
         #endif
@@ -467,25 +476,33 @@ WARN_UNUSED_RESULT int save_vector_registers_x86(enum wc_svr_flags flags)
     __builtin_unreachable();
 }
 
-void restore_vector_registers_x86(void)
+void wc_restore_vector_registers_x86(enum wc_svr_flags flags)
 {
     struct wc_thread_fpu_count_ent *pstate;
 
     if (((preempt_count() & (NMI_MASK | HARDIRQ_MASK)) != 0) || (task_pid_nr(current) == 0)) {
-        VRG_PR_WARN_X("BUG: restore_vector_registers_x86() called from interrupt handler on CPU %d.\n",
+        VRG_PR_WARN_X("BUG: wc_restore_vector_registers_x86() called from interrupt handler on CPU %d.\n",
                 raw_smp_processor_id());
         return;
     }
 
     pstate = wc_linuxkm_fpu_state_assoc(0, 1);
     if (unlikely(pstate == NULL)) {
-        VRG_PR_WARN_X("BUG: restore_vector_registers_x86() called by pid %d on CPU %d "
+        VRG_PR_WARN_X("BUG: wc_restore_vector_registers_x86() called by pid %d on CPU %d "
                "with no saved state.\n", task_pid_nr(current),
                raw_smp_processor_id());
         return;
     }
 
     if ((--pstate->fpu_state & WC_FPU_COUNT_MASK) > 0U) {
+        if (flags & WC_SVR_FLAG_INHIBIT) {
+            if (pstate->fpu_state & WC_FPU_INHIBITED_FLAG)
+                pstate->fpu_state &= ~WC_FPU_INHIBITED_FLAG;
+            else
+                VRG_PR_WARN_X("BUG: wc_restore_vector_registers_x86() called by pid %d on CPU %d "
+                              "with _INHIBIT flag but saved state isn't _INHIBITED_.\n", task_pid_nr(current),
+                              raw_smp_processor_id());
+        }
         return;
     }
 
@@ -497,6 +514,10 @@ void restore_vector_registers_x86(void)
         #endif
         local_bh_enable();
     } else if (unlikely(pstate->fpu_state & WC_FPU_INHIBITED_FLAG)) {
+        if (unlikely(! (flags & WC_SVR_FLAG_INHIBIT)))
+            VRG_PR_WARN_X("BUG: wc_restore_vector_registers_x86() called by pid %d on CPU %d "
+                          "without _INHIBIT flag but saved state is _INHIBITED_.\n", task_pid_nr(current),
+                          raw_smp_processor_id());
         pstate->fpu_state = 0U;
         wc_linuxkm_fpu_state_release(pstate);
         local_bh_enable();
@@ -507,5 +528,9 @@ void restore_vector_registers_x86(void)
     migrate_enable();
     #endif
 
+    WC_RELAX_LONG_LOOP();
+
     return;
 }
+
+#endif /* !WC_SKIP_INCLUDED_C_FILES */
diff --git a/m4/ax_harden_compiler_flags.m4 b/m4/ax_harden_compiler_flags.m4
index d4377a70e..f33e00748 100644
--- a/m4/ax_harden_compiler_flags.m4
+++ b/m4/ax_harden_compiler_flags.m4
@@ -145,7 +145,9 @@
       AX_APPEND_COMPILE_FLAGS([-Wpointer-arith],,[$ax_append_compile_cflags_extra])
       AX_APPEND_COMPILE_FLAGS([-Wpointer-sign],,[$ax_append_compile_cflags_extra])
 dnl      AX_APPEND_COMPILE_FLAGS([-Wredundant-decls],,[$ax_append_compile_cflags_extra])
-      AX_APPEND_COMPILE_FLAGS([-Wshadow],,[$ax_append_compile_cflags_extra])
+      AS_CASE([$CFLAGS], [*-Wno-shadow*], [], [
+        AX_APPEND_COMPILE_FLAGS([-Wshadow],,[$ax_append_compile_cflags_extra])
+        ])
       AX_APPEND_COMPILE_FLAGS([-Wshorten-64-to-32],,[$ax_append_compile_cflags_extra])
       AX_APPEND_COMPILE_FLAGS([-Wsign-compare],,[$ax_append_compile_cflags_extra])
       AX_APPEND_COMPILE_FLAGS([-Wstrict-overflow=1],,[$ax_append_compile_cflags_extra])
@@ -207,7 +209,9 @@ dnl      AX_APPEND_COMPILE_FLAGS([-Wredundant-decls],,[$ax_append_compile_cflags
       AX_APPEND_COMPILE_FLAGS([-Woverloaded-virtual],,[$ax_append_compile_cxxflags_extra])
       AX_APPEND_COMPILE_FLAGS([-Wpointer-arith],,[$ax_append_compile_cxxflags_extra])
 dnl      AX_APPEND_COMPILE_FLAGS([-Wredundant-decls],,[$ax_append_compile_cxxflags_extra])
-      AX_APPEND_COMPILE_FLAGS([-Wshadow],,[$ax_append_compile_cxxflags_extra])
+      AS_CASE([$CFLAGS], [*-Wno-shadow*], [], [
+        AX_APPEND_COMPILE_FLAGS([-Wshadow],,[$ax_append_compile_cxxflags_extra])
+        ])
       AX_APPEND_COMPILE_FLAGS([-Wshorten-64-to-32],,[$ax_append_compile_cxxflags_extra])
       AX_APPEND_COMPILE_FLAGS([-Wsign-compare],,[$ax_append_compile_cxxflags_extra])
       AX_APPEND_COMPILE_FLAGS([-Wstrict-overflow=1],,[$ax_append_compile_cxxflags_extra])
diff --git a/src/bio.c b/src/bio.c
index ce74983f8..7dad889fa 100644
--- a/src/bio.c
+++ b/src/bio.c
@@ -1404,7 +1404,7 @@ long wolfSSL_BIO_get_mem_ptr(WOLFSSL_BIO *bio, WOLFSSL_BUF_MEM **ptr)
     }
 #endif
 
-WOLFSSL_API long wolfSSL_BIO_int_ctrl(WOLFSSL_BIO *bp, int cmd, long larg, int iarg)
+long wolfSSL_BIO_int_ctrl(WOLFSSL_BIO *bp, int cmd, long larg, int iarg)
 {
     (void) bp;
     (void) cmd;
@@ -3327,7 +3327,7 @@ int wolfSSL_BIO_vprintf(WOLFSSL_BIO* bio, const char* format, va_list args)
     /* In Visual Studio versions prior to Visual Studio 2013, the va_* symbols
        aren't defined. If using Visual Studio 2013 or later, define
        HAVE_VA_COPY. */
-    #if !defined(_WIN32) || defined(HAVE_VA_COPY)
+    #if defined(XVSNPRINTF) && (!defined(_WIN32) || defined(HAVE_VA_COPY))
         case WOLFSSL_BIO_SSL:
             {
                 int count;
@@ -3358,7 +3358,7 @@ int wolfSSL_BIO_vprintf(WOLFSSL_BIO* bio, const char* format, va_list args)
                 va_end(copy);
             }
             break;
-    #endif /* !_WIN32 || HAVE_VA_COPY */
+    #endif /* XVSNPRINTF && (!_WIN32 || HAVE_VA_COPY) */
 
         default:
             WOLFSSL_MSG("Unsupported WOLFSSL_BIO type for wolfSSL_BIO_printf");
diff --git a/src/crl.c b/src/crl.c
index 4e4700f85..576fe2e95 100644
--- a/src/crl.c
+++ b/src/crl.c
@@ -39,8 +39,9 @@ CRL Options:
 
 #include <wolfssl/internal.h>
 #include <wolfssl/error-ssl.h>
+#include <wolfssl/wolfcrypt/logging.h>
 
-#ifndef WOLFSSL_LINUXKM
+#ifndef NO_STRING_H
     #include <string.h>
 #endif
 
@@ -209,20 +210,23 @@ static CRL_Entry* CRL_Entry_new(void* heap)
 /* Free all CRL Entry resources */
 static void CRL_Entry_free(CRL_Entry* crle, void* heap)
 {
-#ifdef CRL_STATIC_REVOKED_LIST
-    if (crle != NULL) {
-        XMEMSET(crle->certs, 0, CRL_MAX_REVOKED_CERTS*sizeof(RevokedCert));
+    WOLFSSL_ENTER("CRL_Entry_free");
+    if (crle == NULL) {
+        WOLFSSL_MSG("CRL Entry is null");
+        return;
     }
+#ifdef CRL_STATIC_REVOKED_LIST
+    XMEMSET(crle->certs, 0, CRL_MAX_REVOKED_CERTS*sizeof(RevokedCert));
 #else
-    RevokedCert* tmp = crle->certs;
-    RevokedCert* next;
+    {
+        RevokedCert* tmp;
+        RevokedCert* next;
 
-    WOLFSSL_ENTER("FreeCRL_Entry");
+        for (tmp = crle->certs; tmp != NULL; tmp = next) {
+            next = tmp->next;
+            XFREE(tmp, heap, DYNAMIC_TYPE_REVOKED);
+        }
 
-    while (tmp != NULL) {
-        next = tmp->next;
-        XFREE(tmp, heap, DYNAMIC_TYPE_REVOKED);
-        tmp = next;
     }
 #endif
     XFREE(crle->signature, heap, DYNAMIC_TYPE_CRL_ENTRY);
@@ -791,7 +795,7 @@ int BufferLoadCRL(WOLFSSL_CRL* crl, const byte* buff, long sz, int type,
 
     crl->currentEntry = CRL_Entry_new(crl->heap);
     if (crl->currentEntry == NULL) {
-        WOLFSSL_MSG("alloc CRL Entry failed");
+        WOLFSSL_MSG_CERT_LOG("alloc CRL Entry failed");
     #ifdef WOLFSSL_SMALL_STACK
         XFREE(dcrl, NULL, DYNAMIC_TYPE_TMP_BUFFER);
     #endif
@@ -802,9 +806,11 @@ int BufferLoadCRL(WOLFSSL_CRL* crl, const byte* buff, long sz, int type,
     InitDecodedCRL(dcrl, crl->heap);
     ret = ParseCRL(crl->currentEntry->certs, dcrl, myBuffer, (word32)sz,
                    verify, crl->cm);
+
     if (ret != 0 && !(ret == WC_NO_ERR_TRACE(ASN_CRL_NO_SIGNER_E)
                       && verify == NO_VERIFY)) {
-        WOLFSSL_MSG("ParseCRL error");
+        WOLFSSL_MSG_CERT_LOG("ParseCRL error");
+        WOLFSSL_MSG_CERT_EX("ParseCRL verify = %d, ret = %d", verify, ret);
         CRL_Entry_free(crl->currentEntry, crl->heap);
         crl->currentEntry = NULL;
     }
@@ -812,7 +818,7 @@ int BufferLoadCRL(WOLFSSL_CRL* crl, const byte* buff, long sz, int type,
         ret = AddCRL(crl, dcrl, myBuffer,
                      ret != WC_NO_ERR_TRACE(ASN_CRL_NO_SIGNER_E));
         if (ret != 0) {
-            WOLFSSL_MSG("AddCRL error");
+            WOLFSSL_MSG_CERT_LOG("AddCRL error");
             crl->currentEntry = NULL;
         }
     }
@@ -1636,7 +1642,7 @@ static int StopMonitor(wolfSSL_CRL_mfd_t mfd)
 
 #ifdef DEBUG_WOLFSSL
 #define SHOW_WINDOWS_ERROR() do {                               \
-    LPVOID lpMsgBuf;                                            \
+    LPVOID lpMsgBuf = NULL;                                     \
     DWORD dw = GetLastError();                                  \
     FormatMessageA(                                             \
         FORMAT_MESSAGE_ALLOCATE_BUFFER |                        \
diff --git a/src/dtls13.c b/src/dtls13.c
index c4e2b61d9..399fc7a61 100644
--- a/src/dtls13.c
+++ b/src/dtls13.c
@@ -255,7 +255,7 @@ static int Dtls13GetRnMask(WOLFSSL* ssl, const byte* ciphertext, byte* mask,
             return BAD_STATE_E;
 #if !defined(HAVE_SELFTEST) && \
     (!defined(HAVE_FIPS) || (defined(FIPS_VERSION_GE) && FIPS_VERSION_GE(5,3)) \
-    || defined(WOLFSSL_LINUXKM))
+    || defined(WOLFSSL_KERNEL_MODE))
         return wc_AesEncryptDirect(c->aes, mask, ciphertext);
 #else
         wc_AesEncryptDirect(c->aes, mask, ciphertext);
diff --git a/src/include.am b/src/include.am
index 420d880d2..dee6bbe29 100644
--- a/src/include.am
+++ b/src/include.am
@@ -1270,6 +1270,11 @@ endif
 
 if BUILD_DILITHIUM
 src_libwolfssl@LIBSUFFIX@_la_SOURCES += wolfcrypt/src/dilithium.c
+if !BUILD_X86_ASM
+if BUILD_INTELASM
+src_libwolfssl@LIBSUFFIX@_la_SOURCES += wolfcrypt/src/wc_mldsa_asm.S
+endif BUILD_INTELASM
+endif !BUILD_X86_ASM
 endif
 
 if BUILD_WC_LMS
diff --git a/src/internal.c b/src/internal.c
index c74bcf36f..1834fdee4 100644
--- a/src/internal.c
+++ b/src/internal.c
@@ -315,6 +315,82 @@ void wolfssl_priv_der_unblind(DerBuffer* key, DerBuffer* mask)
                        const unsigned char* secret, int secretSz, void* ctx);
 #endif
 
+    /*
+     * This function builds up string for key-logging then call user's
+     * key-log-callback to pass the string.
+     * The user's key-logging callback has been set via
+     * wolfSSL_CTX_set_keylog_callback function. The logging string format is:
+     * "<Label> <hex-encoded client random> <hex-encoded secret>"
+     *
+     * parameter
+     *  - ssl: WOLFSSL object
+     *  - secret: pointer to the buffer holding secret
+     *  - secretSz: size of secret
+     *  - label: for logging string
+     *  - labelSz: label size
+     * returns 0 on success, negative value on failure.
+     */
+    static int SessionSecret_callback_common(const WOLFSSL* ssl,
+                       const unsigned char* secret, int secretSz,
+                       const char* label, int labelSz)
+    {
+        wolfSSL_CTX_keylog_cb_func logCb = NULL;
+        int buffSz;
+        byte* log = NULL;
+        word32 outSz;
+        int idx;
+        int ret;
+
+        if (ssl == NULL || secret == NULL || secretSz == 0 ||
+            label == NULL || labelSz == 0)
+            return BAD_FUNC_ARG;
+        if (ssl->arrays == NULL || ssl->ctx == NULL)
+            return BAD_FUNC_ARG;
+
+        /* get the user-callback func from CTX */
+        logCb = ssl->ctx->keyLogCb;
+        if (logCb == NULL)
+            return 0;
+
+        /* prepare a log string for passing user callback
+         * "<Label> <hex-encoded client random> <hex-encoded secret>" */
+        buffSz = labelSz + (RAN_LEN * 2) + 1 + secretSz * 2 + 1;
+        log    = XMALLOC(buffSz, ssl->heap, DYNAMIC_TYPE_SECRET);
+        if (log == NULL)
+            return MEMORY_E;
+#ifdef WOLFSSL_CHECK_MEM_ZERO
+        wc_MemZero_Add("SessionSecret log", log, buffSz);
+#endif
+
+        XMEMSET(log, 0, buffSz);
+        XMEMCPY(log, label, labelSz - 1);    /* put label w/o terminator */
+        log[labelSz - 1] = ' ';              /* '\0' -> ' ' */
+
+        idx = labelSz;
+        outSz = buffSz - idx;
+        if ((ret = Base16_Encode(ssl->arrays->clientRandom, RAN_LEN,
+                                            log + idx, &outSz)) == 0) {
+            idx += (outSz - 1); /* reduce terminator byte */
+            outSz = buffSz - idx;
+
+            if (outSz > 1) {
+                log[idx++] = ' ';        /* add space*/
+                outSz = buffSz - idx;
+
+                if ((ret = Base16_Encode((byte*)secret, secretSz,
+                                log + idx, &outSz)) == 0) {
+                    logCb(ssl, (char*)log);
+                    ret = 0;
+                }
+            }
+            else
+                ret = MEMORY_E;
+        }
+        /* Zero out Base16 encoded secret and other data. */
+        ForceZero(log, buffSz);
+        XFREE(log, ssl->heap, DYNAMIC_TYPE_SECRET);
+        return ret;
+    }
 
     /* Label string for client random. */
     #define SSC_CR      "CLIENT_RANDOM"
@@ -335,34 +411,16 @@ void wolfssl_priv_der_unblind(DerBuffer* key, DerBuffer* mask)
     static int SessionSecret_callback(WOLFSSL* ssl, void* secret,
                     int* secretSz, void* ctx)
     {
-        wolfSSL_CTX_keylog_cb_func logCb = NULL;
-        int msSz;
         int invalidCount;
         int i;
-        const char* label = SSC_CR;
-        int labelSz = sizeof(SSC_CR);
-        int buffSz;
-        byte* log = NULL;
-        word32 outSz;
-        int idx;
-        int ret;
         (void)ctx;
 
-        if (ssl == NULL || secret == NULL || secretSz == NULL || *secretSz == 0)
+        if (secret == NULL || secretSz == NULL || *secretSz == 0)
             return BAD_FUNC_ARG;
-        if (ssl->arrays == NULL)
-            return BAD_FUNC_ARG;
-
-        /* get the user-callback func from CTX */
-        logCb = ssl->ctx->keyLogCb;
-        if (logCb == NULL) {
-            return 0; /* no logging callback */
-        }
 
         /* make sure the given master-secret has a meaningful value */
-        msSz   = *secretSz;
         invalidCount = 0;
-        for (i = 0; i < msSz; i++) {
+        for (i = 0; i < *secretSz; i++) {
             if (((byte*)secret)[i] == 0) {
                 invalidCount++;
             }
@@ -372,47 +430,8 @@ void wolfssl_priv_der_unblind(DerBuffer* key, DerBuffer* mask)
             return 0; /* ignore error */
         }
 
-        /* build up a hex-decoded keylog string
-         * "CLIENT_RANDOM <hex-encoded client rand> <hex-encoded master-secret>"
-         * note that each keylog string does not have CR/LF.
-         */
-        buffSz  = labelSz + (RAN_LEN * 2) + 1 + ((*secretSz) * 2) + 1;
-        log     = XMALLOC(buffSz, ssl->heap, DYNAMIC_TYPE_SECRET);
-        if (log == NULL)
-            return MEMORY_E;
-#ifdef WOLFSSL_CHECK_MEM_ZERO
-        wc_MemZero_Add("SessionSecret log", log, buffSz);
-#endif
-
-        XMEMSET(log, 0, buffSz);
-        XMEMCPY(log, label, labelSz -1);     /* put label w/o terminator */
-        log[labelSz - 1] = ' ';              /* '\0' -> ' ' */
-        idx = labelSz;
-        outSz = buffSz - idx;
-        if ((ret = Base16_Encode(ssl->arrays->clientRandom, RAN_LEN,
-                                            log + idx, &outSz)) == 0) {
-            idx += (outSz - 1); /* reduce terminator byte */
-            outSz = buffSz - idx;
-
-            if (outSz > 1) {
-                log[idx++] = ' ';  /* add space*/
-                outSz = buffSz - idx;
-
-                if ((ret = Base16_Encode((byte*)secret, *secretSz,
-                                             log + idx, &outSz)) == 0) {
-                    /* pass the log to the client callback*/
-                    logCb(ssl, (char*)log);
-                    ret = 0;
-                }
-            }
-            else {
-                ret = BUFFER_E;
-            }
-        }
-        /* Zero out Base16 encoded secret and other data. */
-        ForceZero(log, buffSz);
-        XFREE(log, ssl->heap, DYNAMIC_TYPE_SECRET);
-        return ret;
+        return SessionSecret_callback_common(ssl, secret, *secretSz,
+                                             SSC_CR, sizeof(SSC_CR));
     }
 
 #if defined(WOLFSSL_TLS13)
@@ -450,27 +469,10 @@ void wolfssl_priv_der_unblind(DerBuffer* key, DerBuffer* mask)
     static int SessionSecret_callback_Tls13(WOLFSSL* ssl, int id,
         const unsigned char* secret, int secretSz, void* ctx)
     {
-        wolfSSL_CTX_keylog_cb_func logCb = NULL;
         const char* label;
         int         labelSz = 0;
-        int         buffSz  = 0;
-        byte*       log     = NULL;
-        word32 outSz;
-        int idx;
-        int ret;
-
         (void)ctx;
 
-        if (ssl == NULL || secret == NULL || secretSz == 0)
-            return BAD_FUNC_ARG;
-        if (ssl->arrays == NULL)
-            return BAD_FUNC_ARG;
-
-        /* get the user-callback func from CTX*/
-        logCb = ssl->ctx->keyLogCb;
-        if (logCb == NULL)
-            return 0;
-
         switch (id) {
             case CLIENT_EARLY_TRAFFIC_SECRET:
                 labelSz = sizeof(SSC_TLS13_CETS);
@@ -510,44 +512,8 @@ void wolfssl_priv_der_unblind(DerBuffer* key, DerBuffer* mask)
             default:
                 return BAD_FUNC_ARG;
         }
-        /* prepare a log string for passing user callback
-         * "<Label> <hex-encoded client random> <hex-encoded secret>" */
-        buffSz = labelSz + (RAN_LEN * 2) + 1 + secretSz * 2 + 1;
-        log    = XMALLOC(buffSz, ssl->heap, DYNAMIC_TYPE_SECRET);
-        if (log == NULL)
-            return MEMORY_E;
-#ifdef WOLFSSL_CHECK_MEM_ZERO
-        wc_MemZero_Add("SessionSecret log", log, buffSz);
-#endif
-
-        XMEMSET(log, 0, buffSz);
-        XMEMCPY(log, label, labelSz - 1);     /* put label w/o terminator */
-        log[labelSz - 1] = ' ';               /* '\0' -> ' ' */
-
-        idx = labelSz;
-        outSz = buffSz - idx;
-        if ((ret = Base16_Encode(ssl->arrays->clientRandom, RAN_LEN,
-                                            log + idx, &outSz)) == 0) {
-            idx  += (outSz - 1); /* reduce terminator byte */
-            outSz = buffSz - idx;
-
-            if (outSz >1) {
-                log[idx++] = ' ';        /* add space*/
-                outSz = buffSz - idx;
-
-                if ((ret = Base16_Encode((byte*)secret, secretSz,
-                                log + idx, &outSz)) == 0) {
-                    logCb(ssl, (char*)log);
-                    ret = 0;
-                }
-            }
-            else
-                ret = MEMORY_E;
-        }
-        /* Zero out Base16 encoded secret and other data. */
-        ForceZero(log, buffSz);
-        XFREE(log, ssl->heap, DYNAMIC_TYPE_SECRET);
-        return ret;
+        return SessionSecret_callback_common(ssl, secret, secretSz,
+                                             label, labelSz);
     }
 #endif /* WOLFSSL_TLS13*/
 #endif /* OPENSSL_EXTRA && HAVE_SECRET_CALLBACK*/
@@ -604,6 +570,9 @@ int IsAtLeastTLSv1_3(const ProtocolVersion pv)
 
 int IsEncryptionOn(const WOLFSSL* ssl, int isSend)
 {
+    if (ssl == NULL) {
+        return BAD_FUNC_ARG;
+    }
 #ifdef WOLFSSL_DTLS
     /* For DTLS, epoch 0 is always not encrypted. */
     if (ssl->options.dtls && !isSend) {
@@ -1908,7 +1877,7 @@ int wolfSSL_session_import_internal(WOLFSSL* ssl, const unsigned char* buf,
                     optSz = DTLS_EXPORT_OPT_SZ_4;
                 }
                 else {
-                    optSz = TLS_EXPORT_OPT_SZ;
+                    optSz = TLS_EXPORT_OPT_SZ_4;
                 }
                 break;
 
@@ -2908,6 +2877,8 @@ void SSL_CtxResourceFree(WOLFSSL_CTX* ctx)
     #ifndef WOLFSSL_NO_CA_NAMES
         wolfSSL_sk_X509_NAME_pop_free(ctx->client_ca_names, NULL);
         ctx->client_ca_names = NULL;
+        wolfSSL_sk_X509_NAME_pop_free(ctx->ca_names, NULL);
+        ctx->ca_names = NULL;
     #endif
     #ifdef OPENSSL_EXTRA
         if (ctx->x509Chain) {
@@ -5044,7 +5015,8 @@ int ConvertHashPss(int hashAlgo, enum wc_HashType* hashType, int* mgf)
 }
 #endif
 
-#if !defined(NO_WOLFSSL_SERVER) || !defined(WOLFSSL_NO_CLIENT_AUTH)
+#if (!defined(NO_WOLFSSL_SERVER) || !defined(WOLFSSL_NO_CLIENT_AUTH)) && \
+    (!defined(WOLFSSL_RSA_PUBLIC_ONLY) && !defined(WOLFSSL_RSA_VERIFY_ONLY))
 int RsaSign(WOLFSSL* ssl, const byte* in, word32 inSz, byte* out,
             word32* outSz, int sigAlgo, int hashAlgo, RsaKey* key,
             DerBuffer* keyBufInfo)
@@ -5348,7 +5320,8 @@ int VerifyRsaSign(WOLFSSL* ssl, byte* verifySig, word32 sigSz,
 
 #ifndef WOLFSSL_NO_TLS12
 
-#if !defined(NO_WOLFSSL_SERVER) || !defined(WOLFSSL_NO_CLIENT_AUTH)
+#if (!defined(NO_WOLFSSL_SERVER) || !defined(WOLFSSL_NO_CLIENT_AUTH)) && \
+    !defined(WOLFSSL_RSA_PUBLIC_ONLY)
 int RsaDec(WOLFSSL* ssl, byte* in, word32 inSz, byte** out, word32* outSz,
     RsaKey* key, DerBuffer* keyBufInfo)
 {
@@ -5413,6 +5386,7 @@ int RsaDec(WOLFSSL* ssl, byte* in, word32 inSz, byte** out, word32* outSz,
 }
 #endif /* !NO_WOLFSSL_SERVER) || !WOLFSSL_NO_CLIENT_AUTH */
 
+#ifndef WOLFSSL_RSA_VERIFY_ONLY
 int RsaEnc(WOLFSSL* ssl, const byte* in, word32 inSz, byte* out, word32* outSz,
     RsaKey* key, buffer* keyBufInfo)
 {
@@ -5472,6 +5446,7 @@ int RsaEnc(WOLFSSL* ssl, const byte* in, word32 inSz, byte* out, word32* outSz,
 
     return ret;
 }
+#endif
 
 #endif /* !WOLFSSL_NO_TLS12 */
 
@@ -6698,9 +6673,11 @@ int InitSSL_Suites(WOLFSSL* ssl)
     byte haveAnon = 0;
     byte haveRSA = 0;
     byte haveMcast = 0;
+    byte haveCertSetupCb = 0;
 
     (void)haveAnon; /* Squash unused var warnings */
     (void)haveMcast;
+    (void)haveCertSetupCb;
 
     if (!ssl)
         return BAD_FUNC_ARG;
@@ -6719,6 +6696,10 @@ int InitSSL_Suites(WOLFSSL* ssl)
     haveMcast = (byte)ssl->options.haveMcast;
 #endif /* WOLFSSL_MULTICAST */
 #endif /* !NO_CERTS && !WOLFSSL_SESSION_EXPORT */
+#if defined(WOLFSSL_TLS13) && !defined(NO_CERTS) && defined(OPENSSL_EXTRA)
+    if (ssl->ctx->certSetupCb != NULL)
+        haveCertSetupCb = 1;
+#endif /* WOLFSSL_TLS13 && !NO_CERTS && OPENSSL_EXTRA */
 
 #ifdef WOLFSSL_EARLY_DATA
     if (ssl->options.side == WOLFSSL_SERVER_END)
@@ -6746,10 +6727,11 @@ int InitSSL_Suites(WOLFSSL* ssl)
     }
 
 #if !defined(NO_CERTS) && !defined(WOLFSSL_SESSION_EXPORT)
-    /* make sure server has cert and key unless using PSK, Anon, or
-     * Multicast. This should be true even if just switching ssl ctx */
+    /* make sure server has cert and key unless using PSK, Anon,
+     * Multicast or cert setup callback. This should be true even if just
+     * switching ssl ctx */
     if (ssl->options.side == WOLFSSL_SERVER_END &&
-            !havePSK && !haveAnon && !haveMcast) {
+            !havePSK && !haveAnon && !haveMcast && !haveCertSetupCb) {
 
         /* server certificate must be loaded */
         if (!ssl->buffers.certificate || !ssl->buffers.certificate->buffer) {
@@ -7427,6 +7409,7 @@ int ReinitSSL(WOLFSSL* ssl, WOLFSSL_CTX* ctx, int writeDup)
         ssl->arrays->preMasterSecret = (byte*)XMALLOC(ENCRYPT_LEN, ssl->heap,
             DYNAMIC_TYPE_SECRET);
         if (ssl->arrays->preMasterSecret == NULL) {
+            WOLFSSL_MSG("preMasterSecret Memory error");
             return MEMORY_E;
         }
 #ifdef WOLFSSL_CHECK_MEM_ZERO
@@ -8025,7 +8008,7 @@ int InitSSL(WOLFSSL* ssl, WOLFSSL_CTX* ctx, int writeDup)
     ssl->secLevel = ctx->secLevel;
 #endif /* WOLFSSL_SYS_CRYPTO_POLICY */
     /* Returns 0 on success, not WOLFSSL_SUCCESS (1) */
-    WOLFSSL_MSG_EX("InitSSL done. return 0 (success)");
+    WOLFSSL_MSG("InitSSL done. return 0 (success)");
     return 0;
 }
 
@@ -8820,6 +8803,10 @@ void wolfSSL_ResourceFree(WOLFSSL* ssl)
 #ifndef WOLFSSL_NO_CA_NAMES
     wolfSSL_sk_X509_NAME_pop_free(ssl->client_ca_names, NULL);
     ssl->client_ca_names = NULL;
+    wolfSSL_sk_X509_NAME_pop_free(ssl->ca_names, NULL);
+    ssl->ca_names = NULL;
+    wolfSSL_sk_X509_NAME_pop_free(ssl->peer_ca_names, NULL);
+    ssl->peer_ca_names = NULL;
 #endif
 #ifdef WOLFSSL_DTLS13
     Dtls13FreeFsmResources(ssl);
@@ -10847,12 +10834,16 @@ static int SendHandshakeMsg(WOLFSSL* ssl, byte* input, word32 inputSz,
 #endif /* !WOLFSSL_NO_TLS12 */
 
 
-/* return bytes received, -1 on error */
+/* return bytes received, WOLFSSL_FATAL_ERROR on error,
+ * or BAD_FUNC_ARG if ssl is null */
 static int wolfSSLReceive(WOLFSSL* ssl, byte* buf, word32 sz)
 {
     int recvd;
     int retryLimit = WOLFSSL_MODE_AUTO_RETRY_ATTEMPTS;
 
+    if (ssl == NULL) {
+        return BAD_FUNC_ARG;
+    }
 #ifdef WOLFSSL_QUIC
     if (WOLFSSL_IS_QUIC(ssl)) {
         /* QUIC only "reads" from data provided by the application
@@ -10997,7 +10988,7 @@ void ShrinkInputBuffer(WOLFSSL* ssl, int forcedFree)
     }
 
     ForceZero(ssl->buffers.inputBuffer.buffer,
-        ssl->buffers.inputBuffer.length);
+        ssl->buffers.inputBuffer.bufferSize);
     XFREE(ssl->buffers.inputBuffer.buffer - ssl->buffers.inputBuffer.offset,
           ssl->heap, DYNAMIC_TYPE_IN_BUFFER);
     ssl->buffers.inputBuffer.buffer = ssl->buffers.inputBuffer.staticBuffer;
@@ -11012,6 +11003,11 @@ int SendBuffered(WOLFSSL* ssl)
 {
     int retryLimit = WOLFSSL_MODE_AUTO_RETRY_ATTEMPTS;
 
+    if (ssl == NULL) {
+        WOLFSSL_MSG("ssl is null");
+        return BAD_FUNC_ARG;
+    }
+
     if (ssl->CBIOSend == NULL && !WOLFSSL_IS_QUIC(ssl)) {
         WOLFSSL_MSG("Your IO Send callback is null, please set");
         return SOCKET_ERROR_E;
@@ -11201,8 +11197,10 @@ static WC_INLINE int GrowOutputBuffer(WOLFSSL* ssl, int size)
         return BUFFER_E;
     if (! WC_SAFE_SUM_WORD32(newSz, (word32)size, newSz))
         return BUFFER_E;
+#if WOLFSSL_GENERAL_ALIGNMENT > 0
     if (! WC_SAFE_SUM_WORD32(newSz, align, newSz))
         return BUFFER_E;
+#endif
     tmp = (byte*)XMALLOC(newSz, ssl->heap, DYNAMIC_TYPE_OUT_BUFFER);
     newSz -= align;
     WOLFSSL_MSG("growing output buffer");
@@ -11382,6 +11380,10 @@ int CheckAvailableSize(WOLFSSL *ssl, int size)
 
 int MsgCheckEncryption(WOLFSSL* ssl, byte type, byte encrypted)
 {
+    if (ssl == NULL) {
+        WOLFSSL_MSG("ssl is null");
+        return BAD_FUNC_ARG;
+    }
 #ifdef WOLFSSL_QUIC
     /* QUIC protects messages outside of the TLS scope */
     if (WOLFSSL_IS_QUIC(ssl) && IsAtLeastTLSv1_3(ssl->version))
@@ -12947,6 +12949,36 @@ int CipherRequires(byte first, byte second, int requirement)
 #endif /* !NO_TLS */
 
 #ifndef NO_CERTS
+#if defined(WOLFSSL_IP_ALT_NAME) && !defined(WOLFSSL_USER_IO)
+static int MatchIPv6(const char* pattern, int patternLen,
+                     const char* str, word32 strLen)
+{
+    WOLFSSL_SOCKADDR_IN6 addr1, addr2;
+    char patBuf[WOLFSSL_MAX_IPSTR];
+    char strBuf[WOLFSSL_MAX_IPSTR];
+
+    if ((word32)patternLen >= sizeof(patBuf) || strLen >= sizeof(strBuf))
+        return 0;
+
+    /* Make sure strings are null-terminated and safely copied */
+    XMEMCPY(patBuf, pattern, patternLen);
+    patBuf[patternLen] = '\0';
+    XMEMCPY(strBuf, str, strLen);
+    strBuf[strLen] = '\0';
+
+    XMEMSET(&addr1, 0, sizeof(addr1));
+    XMEMSET(&addr2, 0, sizeof(addr2));
+
+    /* Try parsing both as IPv6 */
+    if (XINET_PTON(WOLFSSL_IP6, patBuf, &addr1) != 1)
+        return 0;
+    if (XINET_PTON(WOLFSSL_IP6, strBuf, &addr2) != 1)
+        return 0;
+
+    /* Compare raw address bytes */
+    return XMEMCMP(&addr1, &addr2, sizeof(WOLFSSL_SOCKADDR_IN6)) == 0;
+}
+#endif /* WOLFSSL_IP_ALT_NAME && !WOLFSSL_USER_IO */
 
 /* Match names with wildcards, each wildcard can represent a single name
    component or fragment but not multiple names, i.e.,
@@ -12966,6 +12998,12 @@ int MatchDomainName(const char* pattern, int patternLen, const char* str,
     if (pattern == NULL || str == NULL || patternLen <= 0 || strLen == 0)
         return 0;
 
+#if defined(WOLFSSL_IP_ALT_NAME) && !defined(WOLFSSL_USER_IO)
+    /* First try to match IPv6 addresses */
+    if (MatchIPv6(pattern, patternLen, str, strLen))
+        return 1;
+#endif
+
     while (patternLen > 0) {
         /* Get the next pattern char to evaluate */
         char p = (char)XTOLOWER((unsigned char)*pattern);
@@ -15740,7 +15778,8 @@ int ProcessPeerCerts(WOLFSSL* ssl, byte* input, word32* inOutIdx,
                         if (ret == WC_NO_ERR_TRACE(ASN_NO_SIGNER_E) ||
                             ret == WC_NO_ERR_TRACE(ASN_SELF_SIGNED_E)) {
                             if (!ssl->options.usingAltCertChain) {
-                                WOLFSSL_MSG("Trying alternate cert chain");
+                                WOLFSSL_MSG_CERT_LOG(
+                                                 "Trying alternate cert chain");
                                 ssl->options.usingAltCertChain = 1;
                             }
 
@@ -15752,8 +15791,25 @@ int ProcessPeerCerts(WOLFSSL* ssl, byte* input, word32* inOutIdx,
 
                             /* do not add to certificate manager */
                             skipAddCA = 1;
+                        } /* ASN_NO_SIGNER_E || ASN_SELF_SIGNED_E */
+                    } /* ret != 0 && isCA */
+                #else
+                    /* Not defined: WOLFSSL_ALT_CERT_CHAINS
+                     * When WOLFSSL_DEBUG_CERTS enabled, suggest solution */
+                    #ifdef WOLFSSL_DEBUG_CERTS
+                    if (ret != 0 && args->dCert->isCA) {
+                        if (ret == WC_NO_ERR_TRACE(ASN_NO_SIGNER_E)) {
+                            WOLFSSL_MSG_CERT(
+                                  "Consider enabling WOLFSSL_ALT_CERT_CHAINS"
+                                  " to resolve ASN_NO_SIGNER_E");
                         }
-                    }
+                        if (ret == WC_NO_ERR_TRACE(ASN_SELF_SIGNED_E)) {
+                            WOLFSSL_MSG_CERT(
+                                  "Consider enabling WOLFSSL_ALT_CERT_CHAINS"
+                                  " to resolve ASN_SELF_SIGNED_E");
+                        }
+                    } /* check alt-cert possible fixable error codes */
+                    #endif
                 #endif /* WOLFSSL_ALT_CERT_CHAINS */
 
                 #if defined(__APPLE__) && defined(WOLFSSL_SYS_CA_CERTS)
@@ -18886,8 +18942,9 @@ static int DoDtlsHandShakeMsg(WOLFSSL* ssl, byte* input, word32* inOutIdx,
 
     if (type == finished && ssl->keys.dtls_peer_handshake_number >=
                             ssl->keys.dtls_expected_peer_handshake_number &&
-                            ssl->keys.curEpoch == ssl->keys.dtls_epoch) {
-        /* finished msg should be ignore from the current epoch
+                            ssl->keys.curEpoch == ssl->keys.dtls_epoch &&
+                            ssl->keys.curEpoch != 0) {
+        /* finished msg should be ignored from the current epoch
          * if it comes from a previous handshake */
         if (ssl->options.side == WOLFSSL_CLIENT_END) {
             ignoreFinished = ssl->options.connectState < FINISHED_DONE;
@@ -20957,7 +21014,7 @@ static byte MaskPadding(const byte* data, int sz, int macSz)
         checkSz = TLS_MAX_PAD_SZ;
 
     for (i = 0; i < checkSz; i++) {
-        byte mask = ctMaskLTE(i, paddingSz);
+        volatile byte mask = ctMaskLTE(i, paddingSz);
         good |= mask & (data[sz - 1 - i] ^ paddingSz);
     }
 
@@ -20977,16 +21034,21 @@ static byte MaskPadding(const byte* data, int sz, int macSz)
 static byte MaskMac(const byte* data, int sz, int macSz, byte* expMac)
 {
     int i, j;
-    unsigned char mac[WC_MAX_DIGEST_SIZE];
-    int scanStart = sz - 1 - TLS_MAX_PAD_SZ - macSz;
-    int macEnd = sz - 1 - data[sz - 1];
-    int macStart = macEnd - macSz;
     int r = 0;
-    unsigned char started, notEnded;
+    unsigned char mac[WC_MAX_DIGEST_SIZE];
+    volatile int scanStart = sz - 1 - TLS_MAX_PAD_SZ - macSz;
+    volatile int macEnd = sz - 1 - data[sz - 1];
+    volatile int macStart = macEnd - macSz;
+    volatile int maskScanStart;
+    volatile int maskMacStart;
+    volatile unsigned char started;
+    volatile unsigned char notEnded;
     unsigned char good = 0;
 
-    scanStart &= ctMaskIntGTE(scanStart, 0);
-    macStart &= ctMaskIntGTE(macStart, 0);
+    maskScanStart = ctMaskIntGTE(scanStart, 0);
+    maskMacStart = ctMaskIntGTE(macStart, 0);
+    scanStart &= maskScanStart;
+    macStart &= maskMacStart;
 
     /* Div on Intel has different speeds depending on value.
      * Use a bitwise AND or mod a specific value (converted to mul). */
@@ -21956,22 +22018,19 @@ static int DoDecrypt(WOLFSSL *ssl)
 
                 /* Last of padding bytes - indicates length. */
                 ssl->keys.padSz = in->buffer[off];
-                /* Constant time checking of padding - don't leak
-                    * the length of the data.
-                    */
+                /* Constant time checking of padding - don't leak the length of
+                 * the data. */
                 /* Compare max pad bytes or at most data + pad. */
                 for (i = 1; i < MAX_PAD_SIZE && off >= i; i++) {
-                    /* Mask on indicates this is expected to be a
-                        * padding byte.
-                        */
-                    padding &= ctMaskLTE((int)i,
-                                            (int)ssl->keys.padSz);
-                    /* When this is a padding byte and not equal
-                        * to length then mask is set.
-                        */
-                    invalid |= padding &
-                                ctMaskNotEq(in->buffer[off - i],
-                                            (int)ssl->keys.padSz);
+                    /* Mask on indicates this is expected to be a padding byte.
+                     */
+                    volatile byte maskPadByte = ctMaskLTE((int)i,
+                                                          (int)ssl->keys.padSz);
+                    padding &= maskPadByte;
+                    /* When this is a padding byte and not equal to length then
+                     * mask is set. */
+                    invalid |= padding & ctMaskNotEq(in->buffer[off - i],
+                                                     (int)ssl->keys.padSz);
                 }
                 /* If mask is set then there was an error. */
                 if (invalid) {
@@ -23546,6 +23605,10 @@ int BuildMessage(WOLFSSL* ssl, byte* output, int outSz, const byte* input,
     BuildMsgArgs  lcl_args;
 #endif
 
+#ifdef WOLFSSL_DTLS_CID
+    byte cidSz = 0;
+#endif
+
     WOLFSSL_ENTER("BuildMessage");
 
     if (ssl == NULL) {
@@ -23678,14 +23741,11 @@ int BuildMessage(WOLFSSL* ssl, byte* output, int outSz, const byte* input,
                 args->idx      += DTLS_RECORD_EXTRA;
                 args->headerSz += DTLS_RECORD_EXTRA;
         #ifdef WOLFSSL_DTLS_CID
-                if (ssl->options.dtls) {
-                    byte cidSz = 0;
-                    if ((cidSz = DtlsGetCidTxSize(ssl)) > 0) {
-                        args->sz       += cidSz;
-                        args->idx      += cidSz;
-                        args->headerSz += cidSz;
-                        args->sz++; /* real_type. no padding. */
-                    }
+                if ((cidSz = DtlsGetCidTxSize(ssl)) > 0) {
+                    args->sz       += cidSz;
+                    args->idx      += cidSz;
+                    args->headerSz += cidSz;
+                    args->sz++; /* real_type. no padding. */
                 }
         #endif
             }
@@ -24786,7 +24846,7 @@ int SendCertificateRequest(WOLFSSL* ssl)
 
 #ifndef WOLFSSL_NO_CA_NAMES
     /* Certificate Authorities */
-    names = SSL_CA_NAMES(ssl);
+    names = SSL_PRIORITY_CA_NAMES(ssl);
     while (names != NULL) {
         byte seq[MAX_SEQ_SZ];
         WOLFSSL_X509_NAME* name = names->data.name;
@@ -24878,7 +24938,7 @@ int SendCertificateRequest(WOLFSSL* ssl)
     c16toa((word16)dnLen, &output[i]);  /* auth's */
     i += REQ_HEADER_SZ;
 #ifndef WOLFSSL_NO_CA_NAMES
-    names = SSL_CA_NAMES(ssl);
+    names = SSL_PRIORITY_CA_NAMES(ssl);
     while (names != NULL) {
         byte seq[MAX_SEQ_SZ];
         WOLFSSL_X509_NAME* name = names->data.name;
@@ -28814,10 +28874,6 @@ int SetSuitesHashSigAlgo(Suites* suites, const char* list)
 
     do {
         if (*list == '+') {
-            if (mac_alg != 0) {
-                ret = 0;
-                break;
-            }
             sig_alg = GetSigAlgFromName(s, (int)(list - s));
             if (sig_alg == 0) {
                 ret = 0;
@@ -31712,10 +31768,9 @@ static int HashSkeData(WOLFSSL* ssl, enum wc_HashType hashType,
             return BUFFER_ERROR;
 
     #if defined(OPENSSL_ALL) || defined(WOLFSSL_NGINX) || defined(HAVE_LIGHTY)
-        if (ssl->client_ca_names != ssl->ctx->client_ca_names)
-            wolfSSL_sk_X509_NAME_pop_free(ssl->client_ca_names, NULL);
-        ssl->client_ca_names = wolfSSL_sk_X509_NAME_new(NULL);
-        if (ssl->client_ca_names == NULL) {
+        wolfSSL_sk_X509_NAME_pop_free(ssl->peer_ca_names, NULL);
+        ssl->peer_ca_names = wolfSSL_sk_X509_NAME_new(NULL);
+        if (ssl->peer_ca_names == NULL) {
             return MEMORY_ERROR;
         }
     #endif
@@ -31760,7 +31815,7 @@ static int HashSkeData(WOLFSSL* ssl, enum wc_HashType hashType,
                 }
 
                 if (ret == 0) {
-                    if (wolfSSL_sk_X509_NAME_push(ssl->client_ca_names, name)
+                    if (wolfSSL_sk_X509_NAME_push(ssl->peer_ca_names, name)
                         <= 0)
                     {
                         ret = MEMORY_ERROR;
@@ -32210,6 +32265,188 @@ exit_gdpk:
     return ret;
 }
 #endif
+#if defined(HAVE_ECC) || defined(HAVE_CURVE25519) || defined(HAVE_CURVE448)
+static int GetEcDiffieHellmanKea(WOLFSSL *ssl,
+                                 const byte *input, word32 size, DskeArgs *args)
+{
+    int ret;
+    byte b;
+#ifdef HAVE_ECC
+    int curveId;
+#endif
+    int curveOid;
+    word16 length;
+
+    if ((args->idx - args->begin) + ENUM_LEN + OPAQUE16_LEN +
+        OPAQUE8_LEN > size) {
+        return BUFFER_ERROR;
+    }
+
+    b = input[args->idx++];
+    if (b != named_curve) {
+        return ECC_CURVETYPE_ERROR;
+    }
+
+    args->idx += 1;     /* curve type, eat leading 0 */
+    b = input[args->idx++];
+    if ((curveOid = CheckCurveId(b)) < 0) {
+        return ECC_CURVE_ERROR;
+    }
+    ssl->ecdhCurveOID = (word32) curveOid;
+#if defined(WOLFSSL_TLS13) || defined(HAVE_FFDHE)
+    ssl->namedGroup = 0;
+#endif
+
+    length = input[args->idx++];
+    if ((args->idx - args->begin) + length > size) {
+        return BUFFER_ERROR;
+    }
+#ifdef HAVE_CURVE25519
+    if (ssl->ecdhCurveOID == ECC_X25519_OID) {
+        if (ssl->peerX25519Key == NULL) {
+            ret = AllocKey(ssl, DYNAMIC_TYPE_CURVE25519,
+                           (void **)&ssl->peerX25519Key);
+            if (ret != 0) {
+                return ret;
+            }
+        }
+        else if (ssl->peerX25519KeyPresent) {
+            ret = ReuseKey(ssl, DYNAMIC_TYPE_CURVE25519, ssl->peerX25519Key);
+            ssl->peerX25519KeyPresent = 0;
+            if (ret != 0) {
+                return ret;
+            }
+        }
+
+        if ((ret = wc_curve25519_check_public(input + args->idx, length,
+                                              EC25519_LITTLE_ENDIAN)) != 0) {
+#ifdef WOLFSSL_EXTRA_ALERTS
+            if (ret == WC_NO_ERR_TRACE(BUFFER_E))
+                SendAlert(ssl, alert_fatal, decode_error);
+            else if (ret == WC_NO_ERR_TRACE(ECC_OUT_OF_RANGE_E))
+                SendAlert(ssl, alert_fatal, bad_record_mac);
+            else {
+                SendAlert(ssl, alert_fatal, illegal_parameter);
+            }
+#else
+            (void)ret;
+#endif
+            return ECC_PEERKEY_ERROR;
+        }
+
+        if (wc_curve25519_import_public_ex(input + args->idx,
+                                           length, ssl->peerX25519Key,
+                                           EC25519_LITTLE_ENDIAN) != 0) {
+            return ECC_PEERKEY_ERROR;
+        }
+
+        args->idx += length;
+        ssl->peerX25519KeyPresent = 1;
+        return 0;
+    }
+#endif
+#ifdef HAVE_CURVE448
+    if (ssl->ecdhCurveOID == ECC_X448_OID) {
+        if (ssl->peerX448Key == NULL) {
+            ret = AllocKey(ssl, DYNAMIC_TYPE_CURVE448,
+                           (void **)&ssl->peerX448Key);
+            if (ret != 0) {
+                return ret;
+            }
+        }
+        else if (ssl->peerX448KeyPresent) {
+            ret = ReuseKey(ssl, DYNAMIC_TYPE_CURVE448, ssl->peerX448Key);
+            ssl->peerX448KeyPresent = 0;
+            if (ret != 0) {
+                return ret;
+            }
+        }
+
+        if ((ret = wc_curve448_check_public(input + args->idx, length,
+                                            EC448_LITTLE_ENDIAN)) != 0) {
+#ifdef WOLFSSL_EXTRA_ALERTS
+            if (ret == WC_NO_ERR_TRACE(BUFFER_E))
+                SendAlert(ssl, alert_fatal, decode_error);
+            else if (ret == WC_NO_ERR_TRACE(ECC_OUT_OF_RANGE_E))
+                SendAlert(ssl, alert_fatal, bad_record_mac);
+            else {
+                SendAlert(ssl, alert_fatal, illegal_parameter);
+            }
+#else
+            (void)ret;
+#endif
+            return ECC_PEERKEY_ERROR;
+        }
+
+        if (wc_curve448_import_public_ex(input + args->idx,
+                                         length, ssl->peerX448Key,
+                                         EC448_LITTLE_ENDIAN) != 0) {
+            return ECC_PEERKEY_ERROR;
+        }
+
+        args->idx += length;
+        ssl->peerX448KeyPresent = 1;
+        return 0;
+    }
+#endif
+#ifdef HAVE_ECC
+    if (ssl->peerEccKey == NULL) {
+        ret = AllocKey(ssl, DYNAMIC_TYPE_ECC, (void **)&ssl->peerEccKey);
+        if (ret != 0) {
+            return ret;
+        }
+    }
+    else if (ssl->peerEccKeyPresent) {
+        ret = ReuseKey(ssl, DYNAMIC_TYPE_ECC, ssl->peerEccKey);
+        ssl->peerEccKeyPresent = 0;
+        if (ret != 0) {
+            return ret;
+        }
+    }
+
+    curveId = wc_ecc_get_oid((word32) curveOid, NULL, NULL);
+    if (wc_ecc_import_x963_ex(input + args->idx, length,
+                              ssl->peerEccKey, curveId) != 0) {
+#ifdef WOLFSSL_EXTRA_ALERTS
+        SendAlert(ssl, alert_fatal, illegal_parameter);
+#endif
+        return ECC_PEERKEY_ERROR;
+    }
+
+    args->idx += length;
+    ssl->peerEccKeyPresent = 1;
+#endif
+    return 0;
+}
+#endif /* def(HAVE_ECC) || def(HAVE_CURVE25519) || def(HAVE_CURVE448)) */
+
+#if !defined(NO_PSK)
+static int GetPSKServerHint(WOLFSSL *ssl, const byte *input, word32 size,
+                            DskeArgs *args)
+{
+    int srvHintLen;
+    word16 length;
+
+    if ((args->idx - args->begin) + OPAQUE16_LEN > size) {
+        return BUFFER_ERROR;
+    }
+
+    ato16(input + args->idx, &length);
+    args->idx += OPAQUE16_LEN;
+
+    if ((args->idx - args->begin) + length > size) {
+        return BUFFER_ERROR;
+    }
+
+    /* get PSK server hint from the wire */
+    srvHintLen = (int)min(length, MAX_PSK_ID_LEN);
+    XMEMCPY(ssl->arrays->server_hint, input + args->idx, (size_t)(srvHintLen));
+    ssl->arrays->server_hint[srvHintLen] = '\0';        /* null term */
+
+    args->idx += length;
+    return 0;
+}
+#endif /* !defined(NO_PSK) */
 
 /* handle processing of server_key_exchange (12) */
 static int DoServerKeyExchange(WOLFSSL* ssl, const byte* input,
@@ -32277,26 +32514,7 @@ static int DoServerKeyExchange(WOLFSSL* ssl, const byte* input,
             #ifndef NO_PSK
                 case psk_kea:
                 {
-                    int srvHintLen;
-                    word16 length;
-
-                    if ((args->idx - args->begin) + OPAQUE16_LEN > size) {
-                        ERROR_OUT(BUFFER_ERROR, exit_dske);
-                    }
-
-                    ato16(input + args->idx, &length);
-                    args->idx += OPAQUE16_LEN;
-
-                    if ((args->idx - args->begin) + length > size) {
-                        ERROR_OUT(BUFFER_ERROR, exit_dske);
-                    }
-
-                    /* get PSK server hint from the wire */
-                    srvHintLen = (int)min(length, MAX_PSK_ID_LEN);
-                    XMEMCPY(ssl->arrays->server_hint, input + args->idx,
-                            (size_t)(srvHintLen));
-                    ssl->arrays->server_hint[srvHintLen] = '\0'; /* null term */
-                    args->idx += length;
+                    ret = GetPSKServerHint(ssl, input, size, args);
                     break;
                 }
             #endif /* !NO_PSK */
@@ -32304,8 +32522,6 @@ static int DoServerKeyExchange(WOLFSSL* ssl, const byte* input,
                 case diffie_hellman_kea:
                 {
                     ret = GetDhPublicKey(ssl, input, size, args);
-                    if (ret != 0)
-                        goto exit_dske;
                     break;
                 }
             #endif /* !NO_DH */
@@ -32313,181 +32529,16 @@ static int DoServerKeyExchange(WOLFSSL* ssl, const byte* input,
                                                           defined(HAVE_CURVE448)
                 case ecc_diffie_hellman_kea:
                 {
-                    byte b;
-                #ifdef HAVE_ECC
-                    int curveId;
-                #endif
-                    int curveOid;
-                    word16 length;
-
-                    if ((args->idx - args->begin) + ENUM_LEN + OPAQUE16_LEN +
-                                                        OPAQUE8_LEN > size) {
-                        ERROR_OUT(BUFFER_ERROR, exit_dske);
-                    }
-
-                    b = input[args->idx++];
-                    if (b != named_curve) {
-                        ERROR_OUT(ECC_CURVETYPE_ERROR, exit_dske);
-                    }
-
-                    args->idx += 1;   /* curve type, eat leading 0 */
-                    b = input[args->idx++];
-                    if ((curveOid = CheckCurveId(b)) < 0) {
-                        ERROR_OUT(ECC_CURVE_ERROR, exit_dske);
-                    }
-                    ssl->ecdhCurveOID = (word32)curveOid;
-                #if defined(WOLFSSL_TLS13) || defined(HAVE_FFDHE)
-                    ssl->namedGroup = 0;
-                #endif
-
-                    length = input[args->idx++];
-                    if ((args->idx - args->begin) + length > size) {
-                        ERROR_OUT(BUFFER_ERROR, exit_dske);
-                    }
-
-                #ifdef HAVE_CURVE25519
-                    if (ssl->ecdhCurveOID == ECC_X25519_OID) {
-                        if (ssl->peerX25519Key == NULL) {
-                            ret = AllocKey(ssl, DYNAMIC_TYPE_CURVE25519,
-                                           (void**)&ssl->peerX25519Key);
-                            if (ret != 0) {
-                                goto exit_dske;
-                            }
-                        } else if (ssl->peerX25519KeyPresent) {
-                            ret = ReuseKey(ssl, DYNAMIC_TYPE_CURVE25519,
-                                           ssl->peerX25519Key);
-                            ssl->peerX25519KeyPresent = 0;
-                            if (ret != 0) {
-                                goto exit_dske;
-                            }
-                        }
-
-                        if ((ret = wc_curve25519_check_public(
-                                input + args->idx, length,
-                                EC25519_LITTLE_ENDIAN)) != 0) {
-                        #ifdef WOLFSSL_EXTRA_ALERTS
-                            if (ret == WC_NO_ERR_TRACE(BUFFER_E))
-                                SendAlert(ssl, alert_fatal, decode_error);
-                            else if (ret == WC_NO_ERR_TRACE(ECC_OUT_OF_RANGE_E))
-                                SendAlert(ssl, alert_fatal, bad_record_mac);
-                            else {
-                                SendAlert(ssl, alert_fatal, illegal_parameter);
-                            }
-                        #endif
-                            ERROR_OUT(ECC_PEERKEY_ERROR, exit_dske);
-                        }
-
-                        if (wc_curve25519_import_public_ex(input + args->idx,
-                                length, ssl->peerX25519Key,
-                                EC25519_LITTLE_ENDIAN) != 0) {
-                            ERROR_OUT(ECC_PEERKEY_ERROR, exit_dske);
-                        }
-
-                        args->idx += length;
-                        ssl->peerX25519KeyPresent = 1;
-                        break;
-                    }
-                #endif
-                #ifdef HAVE_CURVE448
-                    if (ssl->ecdhCurveOID == ECC_X448_OID) {
-                        if (ssl->peerX448Key == NULL) {
-                            ret = AllocKey(ssl, DYNAMIC_TYPE_CURVE448,
-                                           (void**)&ssl->peerX448Key);
-                            if (ret != 0) {
-                                goto exit_dske;
-                            }
-                        } else if (ssl->peerX448KeyPresent) {
-                            ret = ReuseKey(ssl, DYNAMIC_TYPE_CURVE448,
-                                           ssl->peerX448Key);
-                            ssl->peerX448KeyPresent = 0;
-                            if (ret != 0) {
-                                goto exit_dske;
-                            }
-                        }
-
-                        if ((ret = wc_curve448_check_public(
-                                input + args->idx, length,
-                                EC448_LITTLE_ENDIAN)) != 0) {
-                        #ifdef WOLFSSL_EXTRA_ALERTS
-                            if (ret == WC_NO_ERR_TRACE(BUFFER_E))
-                                SendAlert(ssl, alert_fatal, decode_error);
-                            else if (ret == WC_NO_ERR_TRACE(ECC_OUT_OF_RANGE_E))
-                                SendAlert(ssl, alert_fatal, bad_record_mac);
-                            else {
-                                SendAlert(ssl, alert_fatal, illegal_parameter);
-                            }
-                        #endif
-                            ERROR_OUT(ECC_PEERKEY_ERROR, exit_dske);
-                        }
-
-                        if (wc_curve448_import_public_ex(input + args->idx,
-                                length, ssl->peerX448Key,
-                                EC448_LITTLE_ENDIAN) != 0) {
-                            ERROR_OUT(ECC_PEERKEY_ERROR, exit_dske);
-                        }
-
-                        args->idx += length;
-                        ssl->peerX448KeyPresent = 1;
-                        break;
-                    }
-                #endif
-                #ifdef HAVE_ECC
-                    if (ssl->peerEccKey == NULL) {
-                        ret = AllocKey(ssl, DYNAMIC_TYPE_ECC,
-                                       (void**)&ssl->peerEccKey);
-                        if (ret != 0) {
-                            goto exit_dske;
-                        }
-                    } else if (ssl->peerEccKeyPresent) {
-                        ret = ReuseKey(ssl, DYNAMIC_TYPE_ECC, ssl->peerEccKey);
-                        ssl->peerEccKeyPresent = 0;
-                        if (ret != 0) {
-                            goto exit_dske;
-                        }
-                    }
-
-                    curveId = wc_ecc_get_oid((word32)curveOid, NULL, NULL);
-                    if (wc_ecc_import_x963_ex(input + args->idx, length,
-                                        ssl->peerEccKey, curveId) != 0) {
-                    #ifdef WOLFSSL_EXTRA_ALERTS
-                        SendAlert(ssl, alert_fatal, illegal_parameter);
-                    #endif
-                        ERROR_OUT(ECC_PEERKEY_ERROR, exit_dske);
-                    }
-
-                    args->idx += length;
-                    ssl->peerEccKeyPresent = 1;
-                #endif
+                    ret = GetEcDiffieHellmanKea(ssl, input, size, args);
                     break;
                 }
             #endif /* HAVE_ECC || HAVE_CURVE25519 || HAVE_CURVE448 */
             #if !defined(NO_DH) && !defined(NO_PSK)
                 case dhe_psk_kea:
                 {
-                    int srvHintLen;
-                    word16 length;
-
-                    if ((args->idx - args->begin) + OPAQUE16_LEN > size) {
-                        ERROR_OUT(BUFFER_ERROR, exit_dske);
-                    }
-
-                    ato16(input + args->idx, &length);
-                    args->idx += OPAQUE16_LEN;
-
-                    if ((args->idx - args->begin) + length > size) {
-                        ERROR_OUT(BUFFER_ERROR, exit_dske);
-                    }
-
-                    /* get PSK server hint from the wire */
-                    srvHintLen = (int)min(length, MAX_PSK_ID_LEN);
-                    XMEMCPY(ssl->arrays->server_hint, input + args->idx,
-                                                                srvHintLen);
-                    ssl->arrays->server_hint[srvHintLen] = '\0'; /* null term */
-                    args->idx += length;
-
-                    ret = GetDhPublicKey(ssl, input, size, args);
-                    if (ret != 0)
-                        goto exit_dske;
+                    ret = GetPSKServerHint(ssl, input, size, args);
+                    if (ret == 0)
+                        ret = GetDhPublicKey(ssl, input, size, args);
                     break;
                 }
             #endif /* !NO_DH && !NO_PSK */
@@ -32495,162 +32546,9 @@ static int DoServerKeyExchange(WOLFSSL* ssl, const byte* input,
                                      defined(HAVE_CURVE448)) && !defined(NO_PSK)
                 case ecdhe_psk_kea:
                 {
-                    byte b;
-                    int curveOid, curveId;
-                    int srvHintLen;
-                    word16 length;
-
-                    if ((args->idx - args->begin) + OPAQUE16_LEN > size) {
-                        ERROR_OUT(BUFFER_ERROR, exit_dske);
-                    }
-
-                    ato16(input + args->idx, &length);
-                    args->idx += OPAQUE16_LEN;
-
-                    if ((args->idx - args->begin) + length > size) {
-                        ERROR_OUT(BUFFER_ERROR, exit_dske);
-                    }
-
-                    /* get PSK server hint from the wire */
-                    srvHintLen = (int)min(length, MAX_PSK_ID_LEN);
-                    XMEMCPY(ssl->arrays->server_hint, input + args->idx,
-                                                    (size_t)(srvHintLen));
-                    ssl->arrays->server_hint[srvHintLen] = '\0'; /* null term */
-
-                    args->idx += length;
-
-                    if ((args->idx - args->begin) + ENUM_LEN + OPAQUE16_LEN +
-                        OPAQUE8_LEN > size) {
-                        ERROR_OUT(BUFFER_ERROR, exit_dske);
-                    }
-
-                    /* Check curve name and ID */
-                    b = input[args->idx++];
-                    if (b != named_curve) {
-                        ERROR_OUT(ECC_CURVETYPE_ERROR, exit_dske);
-                    }
-
-                    args->idx += 1;   /* curve type, eat leading 0 */
-                    b = input[args->idx++];
-                    if ((curveOid = CheckCurveId(b)) < 0) {
-                        ERROR_OUT(ECC_CURVE_ERROR, exit_dske);
-                    }
-                    ssl->ecdhCurveOID = (word32)curveOid;
-
-                    length = input[args->idx++];
-                    if ((args->idx - args->begin) + length > size) {
-                        ERROR_OUT(BUFFER_ERROR, exit_dske);
-                    }
-
-                #ifdef HAVE_CURVE25519
-                    if (ssl->ecdhCurveOID == ECC_X25519_OID) {
-                        if (ssl->peerX25519Key == NULL) {
-                            ret = AllocKey(ssl, DYNAMIC_TYPE_CURVE25519,
-                                           (void**)&ssl->peerX25519Key);
-                            if (ret != 0) {
-                                goto exit_dske;
-                            }
-                        } else if (ssl->peerEccKeyPresent) {
-                            ret = ReuseKey(ssl, DYNAMIC_TYPE_CURVE25519,
-                                           ssl->peerX25519Key);
-                            ssl->peerX25519KeyPresent = 0;
-                            if (ret != 0) {
-                                goto exit_dske;
-                            }
-                        }
-
-                        if ((ret = wc_curve25519_check_public(
-                                input + args->idx, length,
-                                EC25519_LITTLE_ENDIAN)) != 0) {
-                        #ifdef WOLFSSL_EXTRA_ALERTS
-                            if (ret == WC_NO_ERR_TRACE(BUFFER_E))
-                                SendAlert(ssl, alert_fatal, decode_error);
-                            else if (ret == WC_NO_ERR_TRACE(ECC_OUT_OF_RANGE_E))
-                                SendAlert(ssl, alert_fatal, bad_record_mac);
-                            else {
-                                SendAlert(ssl, alert_fatal, illegal_parameter);
-                            }
-                        #endif
-                            ERROR_OUT(ECC_PEERKEY_ERROR, exit_dske);
-                        }
-
-                        if (wc_curve25519_import_public_ex(input + args->idx,
-                                length, ssl->peerX25519Key,
-                                EC25519_LITTLE_ENDIAN) != 0) {
-                            ERROR_OUT(ECC_PEERKEY_ERROR, exit_dske);
-                        }
-
-                        args->idx += length;
-                        ssl->peerX25519KeyPresent = 1;
-                        break;
-                    }
-                #endif
-                #ifdef HAVE_CURVE448
-                    if (ssl->ecdhCurveOID == ECC_X448_OID) {
-                        if (ssl->peerX448Key == NULL) {
-                            ret = AllocKey(ssl, DYNAMIC_TYPE_CURVE448,
-                                           (void**)&ssl->peerX448Key);
-                            if (ret != 0) {
-                                goto exit_dske;
-                            }
-                        } else if (ssl->peerEccKeyPresent) {
-                            ret = ReuseKey(ssl, DYNAMIC_TYPE_CURVE448,
-                                           ssl->peerX448Key);
-                            ssl->peerX448KeyPresent = 0;
-                            if (ret != 0) {
-                                goto exit_dske;
-                            }
-                        }
-
-                        if ((ret = wc_curve448_check_public(
-                                input + args->idx, length,
-                                EC448_LITTLE_ENDIAN)) != 0) {
-                        #ifdef WOLFSSL_EXTRA_ALERTS
-                            if (ret == WC_NO_ERR_TRACE(BUFFER_E))
-                                SendAlert(ssl, alert_fatal, decode_error);
-                            else if (ret == WC_NO_ERR_TRACE(ECC_OUT_OF_RANGE_E))
-                                SendAlert(ssl, alert_fatal, bad_record_mac);
-                            else {
-                                SendAlert(ssl, alert_fatal, illegal_parameter);
-                            }
-                        #endif
-                            ERROR_OUT(ECC_PEERKEY_ERROR, exit_dske);
-                        }
-
-                        if (wc_curve448_import_public_ex(input + args->idx,
-                                length, ssl->peerX448Key,
-                                EC448_LITTLE_ENDIAN) != 0) {
-                            ERROR_OUT(ECC_PEERKEY_ERROR, exit_dske);
-                        }
-
-                        args->idx += length;
-                        ssl->peerX448KeyPresent = 1;
-                        break;
-                    }
-                #endif
-
-                    if (ssl->peerEccKey == NULL) {
-                        ret = AllocKey(ssl, DYNAMIC_TYPE_ECC,
-                                 (void**)&ssl->peerEccKey);
-                        if (ret != 0) {
-                            goto exit_dske;
-                        }
-                    } else if (ssl->peerEccKeyPresent) {
-                        ret = ReuseKey(ssl, DYNAMIC_TYPE_ECC, ssl->peerEccKey);
-                        ssl->peerEccKeyPresent = 0;
-                        if (ret != 0) {
-                            goto exit_dske;
-                        }
-                    }
-
-                    curveId = wc_ecc_get_oid((word32)curveOid, NULL, NULL);
-                    if (wc_ecc_import_x963_ex(input + args->idx, length,
-                        ssl->peerEccKey, curveId) != 0) {
-                        ERROR_OUT(ECC_PEERKEY_ERROR, exit_dske);
-                    }
-
-                    args->idx += length;
-                    ssl->peerEccKeyPresent = 1;
+                    ret = GetPSKServerHint(ssl, input, size, args);
+                    if (ret == 0)
+                        ret = GetEcDiffieHellmanKea(ssl, input, size, args);
                     break;
                 }
             #endif /* (HAVE_ECC || HAVE_CURVE25519 || HAVE_CURVE448) && !NO_PSK */
@@ -34033,7 +33931,7 @@ int SendClientKeyExchange(WOLFSSL* ssl)
         {
             switch(ssl->specs.kea)
             {
-            #ifndef NO_RSA
+            #if !defined(NO_RSA) && !defined(WOLFSSL_RSA_VERIFY_ONLY)
                 case rsa_kea:
                 {
                         ret = RsaEnc(ssl,
@@ -34049,7 +33947,7 @@ int SendClientKeyExchange(WOLFSSL* ssl)
 
                     break;
                 }
-            #endif /* !NO_RSA */
+            #endif /* !NO_RSA && !WOLFSSL_RSA_VERIFY_ONLY */
             #ifndef NO_DH
                 case diffie_hellman_kea:
                 {
@@ -34880,7 +34778,8 @@ int SendCertificateVerify(WOLFSSL* ssl)
                 );
             }
         #endif /* HAVE_ED448 && !NO_ED448_CLIENT_AUTH */
-        #ifndef NO_RSA
+        #if !defined(NO_RSA) && !defined(WOLFSSL_RSA_PUBLIC_ONLY) && \
+            !defined(WOLFSSL_RSA_VERIFY_ONLY)
             if (ssl->hsType == DYNAMIC_TYPE_RSA) {
                 RsaKey* key = (RsaKey*)ssl->hsKey;
 
@@ -34894,7 +34793,7 @@ int SendCertificateVerify(WOLFSSL* ssl)
                     ssl->buffers.key
                 );
             }
-        #endif /* !NO_RSA */
+        #endif /* !NO_RSA && !WOLFSSL_RSA_PUBLIC_ONLY && !WOLFSSL_RSA_VERIFY_ONLY */
 
             /* Check for error */
             if (ret != 0) {
@@ -35382,14 +35281,14 @@ static int DoSessionTicket(WOLFSSL* ssl, const byte* input, word32* inOutIdx,
     {
         switch (group) {
         #ifndef WOLFSSL_NO_ML_KEM
-            case WOLFSSL_P256_ML_KEM_768:
-            case WOLFSSL_X25519_ML_KEM_768:
-            case WOLFSSL_P384_ML_KEM_1024:
-            case WOLFSSL_P256_ML_KEM_512:
-            case WOLFSSL_P384_ML_KEM_768:
-            case WOLFSSL_P521_ML_KEM_1024:
-            case WOLFSSL_X25519_ML_KEM_512:
-            case WOLFSSL_X448_ML_KEM_768:
+            case WOLFSSL_SECP256R1MLKEM768:
+            case WOLFSSL_X25519MLKEM768:
+            case WOLFSSL_SECP384R1MLKEM1024:
+            case WOLFSSL_SECP256R1MLKEM512:
+            case WOLFSSL_SECP384R1MLKEM768:
+            case WOLFSSL_SECP521R1MLKEM1024:
+            case WOLFSSL_X25519MLKEM512:
+            case WOLFSSL_X448MLKEM768:
 #ifdef WOLFSSL_ML_KEM_USE_OLD_IDS
             case WOLFSSL_P256_ML_KEM_512_OLD:
             case WOLFSSL_P384_ML_KEM_768_OLD:
@@ -36958,7 +36857,9 @@ static int DoSessionTicket(WOLFSSL* ssl, const byte* input, word32* inOutIdx,
                         /* Sign hash to create signature */
                         switch (ssl->options.sigAlgo)
                         {
-                        #ifndef NO_RSA
+                        #if !defined(NO_RSA) && \
+                            !defined(WOLFSSL_RSA_PUBLIC_ONLY) && \
+                            !defined(WOLFSSL_RSA_VERIFY_ONLY)
                         #ifdef WC_RSA_PSS
                             case rsa_pss_sa_algo:
                         #endif
@@ -36977,7 +36878,8 @@ static int DoSessionTicket(WOLFSSL* ssl, const byte* input, word32* inOutIdx,
                                 );
                                 break;
                             }
-                        #endif /* !NO_RSA */
+                        #endif /* !NO_RSA && !WOLFSSL_RSA_PUBLIC_ONLY
+                                  && !WOLFSSL_RSA_VERIFY_ONLY */
                         #ifdef HAVE_ECC
                         #if defined(WOLFSSL_SM2) && defined(WOLFSSL_SM3)
                             case sm2_sa_algo:
@@ -37071,7 +36973,9 @@ static int DoSessionTicket(WOLFSSL* ssl, const byte* input, word32* inOutIdx,
                         /* Sign hash to create signature */
                         switch (ssl->options.sigAlgo)
                         {
-                        #ifndef NO_RSA
+                        #if !defined(NO_RSA) && \
+                            !defined(WOLFSSL_RSA_PUBLIC_ONLY) && \
+                            !defined(WOLFSSL_RSA_VERIFY_ONLY)
                         #ifdef WC_RSA_PSS
                             case rsa_pss_sa_algo:
                         #endif
@@ -37094,7 +36998,8 @@ static int DoSessionTicket(WOLFSSL* ssl, const byte* input, word32* inOutIdx,
                                 );
                                 break;
                             }
-                        #endif /* NO_RSA */
+                        #endif /* !NO_RSA && !WOLFSSL_RSA_PUBLIC_ONLY
+                                  && !WOLFSSL_RSA_VERIFY_ONLY */
                             default:
                                 break;
                         } /* switch (ssl->options.sigAlgo) */
@@ -41774,11 +41679,11 @@ static int DefTicketEncCb(WOLFSSL* ssl, byte key_name[WOLFSSL_TICKET_NAME_SZ],
             case TLS_ASYNC_DO:
             {
                 switch (ssl->specs.kea) {
-                #ifndef NO_RSA
+                #if !defined(NO_RSA) && !defined(WOLFSSL_RSA_PUBLIC_ONLY)
                     case rsa_kea:
                     {
                         RsaKey* key = (RsaKey*)ssl->hsKey;
-                        int lenErrMask;
+                        volatile int lenErrMask;
 
                         ret = RsaDec(ssl,
                             input + args->idx,
@@ -41810,7 +41715,7 @@ static int DefTicketEncCb(WOLFSSL* ssl, byte key_name[WOLFSSL_TICKET_NAME_SZ],
                         ret = 0;
                         break;
                     } /* rsa_kea */
-                #endif /* !NO_RSA */
+                #endif /* !NO_RSA && !WOLFSSL_RSA_PUBLIC_ONLY */
                 #ifndef NO_PSK
                     case psk_kea:
                     {
@@ -41992,7 +41897,7 @@ static int DefTicketEncCb(WOLFSSL* ssl, byte key_name[WOLFSSL_TICKET_NAME_SZ],
                     case rsa_kea:
                     {
                         byte *tmpRsa;
-                        byte mask;
+                        volatile byte mask;
 
                         /* Add the signature length to idx */
                         args->idx += args->length;
diff --git a/src/keys.c b/src/keys.c
index e42a6eba3..a3da542fa 100644
--- a/src/keys.c
+++ b/src/keys.c
@@ -1218,8 +1218,8 @@ int GetCipherSpec(word16 side, byte cipherSuite0, byte cipherSuite,
         specs->bulk_cipher_algorithm = wolfssl_cipher_null;
         specs->cipher_type           = aead;
         specs->mac_algorithm         = sha256_mac;
-        specs->kea                   = 0;
-        specs->sig_algo              = 0;
+        specs->kea                   = any_kea;
+        specs->sig_algo              = any_sa_algo;
         specs->hash_size             = WC_SHA256_DIGEST_SIZE;
         specs->pad_size              = PAD_SHA;
         specs->static_ecdh           = 0;
@@ -1236,8 +1236,8 @@ int GetCipherSpec(word16 side, byte cipherSuite0, byte cipherSuite,
         specs->bulk_cipher_algorithm = wolfssl_cipher_null;
         specs->cipher_type           = aead;
         specs->mac_algorithm         = sha384_mac;
-        specs->kea                   = 0;
-        specs->sig_algo              = 0;
+        specs->kea                   = any_kea;
+        specs->sig_algo              = any_sa_algo;
         specs->hash_size             = WC_SHA384_DIGEST_SIZE;
         specs->pad_size              = PAD_SHA;
         specs->static_ecdh           = 0;
@@ -1266,8 +1266,8 @@ int GetCipherSpec(word16 side, byte cipherSuite0, byte cipherSuite,
             specs->bulk_cipher_algorithm = wolfssl_aes_gcm;
             specs->cipher_type           = aead;
             specs->mac_algorithm         = sha256_mac;
-            specs->kea                   = 0;
-            specs->sig_algo              = 0;
+            specs->kea                   = any_kea;
+            specs->sig_algo              = any_sa_algo;
             specs->hash_size             = WC_SHA256_DIGEST_SIZE;
             specs->pad_size              = PAD_SHA;
             specs->static_ecdh           = 0;
@@ -1284,8 +1284,8 @@ int GetCipherSpec(word16 side, byte cipherSuite0, byte cipherSuite,
             specs->bulk_cipher_algorithm = wolfssl_aes_gcm;
             specs->cipher_type           = aead;
             specs->mac_algorithm         = sha384_mac;
-            specs->kea                   = 0;
-            specs->sig_algo              = 0;
+            specs->kea                   = any_kea;
+            specs->sig_algo              = any_sa_algo;
             specs->hash_size             = WC_SHA384_DIGEST_SIZE;
             specs->pad_size              = PAD_SHA;
             specs->static_ecdh           = 0;
@@ -1302,8 +1302,8 @@ int GetCipherSpec(word16 side, byte cipherSuite0, byte cipherSuite,
             specs->bulk_cipher_algorithm = wolfssl_chacha;
             specs->cipher_type           = aead;
             specs->mac_algorithm         = sha256_mac;
-            specs->kea                   = 0;
-            specs->sig_algo              = 0;
+            specs->kea                   = any_kea;
+            specs->sig_algo              = any_sa_algo;
             specs->hash_size             = WC_SHA256_DIGEST_SIZE;
             specs->pad_size              = PAD_SHA;
             specs->static_ecdh           = 0;
@@ -1322,8 +1322,8 @@ int GetCipherSpec(word16 side, byte cipherSuite0, byte cipherSuite,
             specs->bulk_cipher_algorithm = wolfssl_aes_ccm;
             specs->cipher_type           = aead;
             specs->mac_algorithm         = sha256_mac;
-            specs->kea                   = 0;
-            specs->sig_algo              = 0;
+            specs->kea                   = any_kea;
+            specs->sig_algo              = any_sa_algo;
             specs->hash_size             = WC_SHA256_DIGEST_SIZE;
             specs->pad_size              = PAD_SHA;
             specs->static_ecdh           = 0;
@@ -1340,8 +1340,8 @@ int GetCipherSpec(word16 side, byte cipherSuite0, byte cipherSuite,
             specs->bulk_cipher_algorithm = wolfssl_aes_ccm;
             specs->cipher_type           = aead;
             specs->mac_algorithm         = sha256_mac;
-            specs->kea                   = 0;
-            specs->sig_algo              = 0;
+            specs->kea                   = any_kea;
+            specs->sig_algo              = any_sa_algo;
             specs->hash_size             = WC_SHA256_DIGEST_SIZE;
             specs->pad_size              = PAD_SHA;
             specs->static_ecdh           = 0;
@@ -1466,8 +1466,8 @@ int GetCipherSpec(word16 side, byte cipherSuite0, byte cipherSuite,
         specs->bulk_cipher_algorithm = wolfssl_sm4_gcm;
         specs->cipher_type           = aead;
         specs->mac_algorithm         = sm3_mac;
-        specs->kea                   = 0;
-        specs->sig_algo              = 0;
+        specs->kea                   = any_kea;
+        specs->sig_algo              = any_sa_algo;
         specs->hash_size             = WC_SM3_DIGEST_SIZE;
         specs->pad_size              = PAD_SHA;
         specs->static_ecdh           = 0;
@@ -1484,8 +1484,8 @@ int GetCipherSpec(word16 side, byte cipherSuite0, byte cipherSuite,
         specs->bulk_cipher_algorithm = wolfssl_sm4_ccm;
         specs->cipher_type           = aead;
         specs->mac_algorithm         = sm3_mac;
-        specs->kea                   = 0;
-        specs->sig_algo              = 0;
+        specs->kea                   = any_kea;
+        specs->sig_algo              = any_sa_algo;
         specs->hash_size             = WC_SM3_DIGEST_SIZE;
         specs->pad_size              = PAD_SHA;
         specs->static_ecdh           = 0;
@@ -3556,10 +3556,10 @@ int SetKeysSide(WOLFSSL* ssl, enum encrypt_side side)
         void* ctx = wolfSSL_GetEncryptKeysCtx(ssl);
         #if defined(WOLFSSL_RENESAS_FSPSM_TLS)
             FSPSM_ST* cbInfo = (FSPSM_ST*)ctx;
-            cbInfo->side = side;
+            cbInfo->internal->side = side;
         #elif defined(WOLFSSL_RENESAS_TSIP_TLS)
             TsipUserCtx* cbInfo = (TsipUserCtx*)ctx;
-            cbInfo->key_side = side;
+            cbInfo->internal->key_side = side;
         #endif
         ret = ssl->ctx->EncryptKeysCb(ssl, ctx);
     }
diff --git a/src/pk.c b/src/pk.c
index 7cb73d7a4..8bc1c75c0 100644
--- a/src/pk.c
+++ b/src/pk.c
@@ -8858,7 +8858,7 @@ static int _DH_compute_key(unsigned char* key, const WOLFSSL_BIGNUM* otherPub,
     if (ret == 0) {
         /* Validate the size of the private key. */
         sz = wolfSSL_BN_num_bytes(dh->priv_key);
-        if (sz > (int)privSz) {
+        if (sz > privSz) {
             WOLFSSL_ERROR_MSG("Bad priv internal size");
             ret = WOLFSSL_FATAL_ERROR;
         }
@@ -8957,12 +8957,14 @@ static int _DH_compute_key(unsigned char* key, const WOLFSSL_BIGNUM* otherPub,
     }
     PRIVATE_KEY_LOCK();
 
+    if (privSz > 0) {
 #ifdef WOLFSSL_SMALL_STACK
-    if (priv != NULL)
+        if (priv != NULL)
 #endif
-    {
-        /* Zeroize sensitive data. */
-        ForceZero(priv, (word32)privSz);
+        {
+            /* Zeroize sensitive data. */
+            ForceZero(priv, (word32)privSz);
+        }
     }
 #ifdef WOLFSSL_SMALL_STACK
     XFREE(pub,  NULL, DYNAMIC_TYPE_PUBLIC_KEY);
diff --git a/src/sniffer.c b/src/sniffer.c
index 2bda75883..dbf301f57 100644
--- a/src/sniffer.c
+++ b/src/sniffer.c
@@ -504,11 +504,6 @@ typedef struct KeyShareInfo {
     int         curve_id;
 } KeyShareInfo;
 
-/* maximum previous acks to capture */
-#ifndef WC_SNIFFER_HS_ACK_HIST_MAX
-#define WC_SNIFFER_HS_ACK_HIST_MAX 10
-#endif
-
 /* Sniffer Session holds info for each client/server SSL/TLS session */
 typedef struct SnifferSession {
     SnifferServer* context;         /* server context */
@@ -520,10 +515,10 @@ typedef struct SnifferSession {
     word16         cliPort;         /* client port */
     word32         cliSeqStart;     /* client start sequence */
     word32         srvSeqStart;     /* server start sequence */
+    word32         cliSeqLast;      /* client last sequence */
+    word32         srvSeqLast;      /* server last sequence */
     word32         cliExpected;     /* client expected sequence (relative) */
     word32         srvExpected;     /* server expected sequence (relative) */
-    word32         cliAcks[WC_SNIFFER_HS_ACK_HIST_MAX]; /* history of acks during handshake */
-    word32         srvAcks[WC_SNIFFER_HS_ACK_HIST_MAX]; /* history of acks during handshake */
     FinCapture     finCapture;      /* retain out of order FIN s */
     Flags          flags;           /* session flags */
     time_t         lastUsed;        /* last used ticks */
@@ -2230,8 +2225,23 @@ static int GetRecordHeader(const byte* input, RecordLayerHeader* rh, int* size)
     XMEMCPY(rh, input, RECORD_HEADER_SZ);
     *size = (rh->length[0] << 8) | rh->length[1];
 
+    /* make sure length is valid */
     if (*size > (MAX_RECORD_SIZE + COMP_EXTRA + MAX_MSG_EXTRA))
         return LENGTH_ERROR;
+    /* make sure the record type is valid */
+    if (rh->type < change_cipher_spec ||
+    #ifdef WOLFSSL_DTLS13
+        rh->type > ack
+    #else
+        rh->type > dtls12_cid
+    #endif
+        ) {
+        return UNKNOWN_RECORD_TYPE;
+    }
+    /* make sure version is valid */
+    if (rh->pvMajor > SSLv3_MAJOR || rh->pvMinor > TLSv1_3_MINOR) {
+        return VERSION_ERROR;
+    }
 
     return 0;
 }
@@ -5623,47 +5633,6 @@ static int AddFinCapture(SnifferSession* session, word32 sequence)
     return 1;
 }
 
-static int FindPrevAck(SnifferSession* session, word32 realAck)
-{
-    int i;
-    word32* acks = (session->flags.side == WOLFSSL_SERVER_END) ?
-        session->cliAcks : session->srvAcks;
-    /* if previous ack found return 1, otherwise 0 */
-    for (i=0; i<WC_SNIFFER_HS_ACK_HIST_MAX; i++) {
-        if (acks[i] == realAck) {
-            return 1;
-        }
-
-    }
-    return 0;
-}
-static void AddAck(SnifferSession* session, word32 realAck)
-{
-    int i;
-    word32* acks = (session->flags.side == WOLFSSL_SERVER_END) ?
-        session->cliAcks : session->srvAcks;
-    /* find first empty ack slot */
-    for (i=0; i<WC_SNIFFER_HS_ACK_HIST_MAX; i++) {
-        if (acks[i] == 0) {
-            break;
-        }
-    }
-    /* if out of slots, find oldest */
-    if (i == WC_SNIFFER_HS_ACK_HIST_MAX) {
-        int idx = 0;
-        word32 lastAck = realAck;
-        for (i=0; i<WC_SNIFFER_HS_ACK_HIST_MAX; i++) {
-            if (acks[i] < lastAck) {
-                idx = i;
-                lastAck = acks[i];
-            }
-        }
-        i  = idx;
-    }
-
-    acks[i] = realAck;
-}
-
 /* Adjust incoming sequence based on side */
 /* returns 0 on success (continue), -1 on error, 1 on success (end) */
 static int AdjustSequence(TcpInfo* tcpInfo, SnifferSession* session,
@@ -5671,7 +5640,9 @@ static int AdjustSequence(TcpInfo* tcpInfo, SnifferSession* session,
 {
     int ret = 0;
     word32  seqStart = (session->flags.side == WOLFSSL_SERVER_END) ?
-                                     session->cliSeqStart :session->srvSeqStart;
+                                    session->cliSeqStart : session->srvSeqStart;
+    word32* seqLast = (session->flags.side == WOLFSSL_SERVER_END) ?
+                                    &session->cliSeqLast : &session->srvSeqLast;
     word32  real     = tcpInfo->sequence - seqStart;
     word32* expected = (session->flags.side == WOLFSSL_SERVER_END) ?
                                   &session->cliExpected : &session->srvExpected;
@@ -5688,6 +5659,7 @@ static int AdjustSequence(TcpInfo* tcpInfo, SnifferSession* session,
     TraceRelativeSequence(*expected, real);
 
     if (real < *expected) {
+        int overlap = *expected - real;
 
         if (real + *sslBytes > *expected) {
         #ifdef WOLFSSL_ASYNC_CRYPT
@@ -5702,7 +5674,6 @@ static int AdjustSequence(TcpInfo* tcpInfo, SnifferSession* session,
              * same action but for a different setup case. If changing this
              * block be sure to also update the block below. */
             if (reassemblyList) {
-                int overlap = *expected - real;
                 word32 newEnd;
 
                 /* adjust to expected, remove duplicate */
@@ -5731,11 +5702,23 @@ static int AdjustSequence(TcpInfo* tcpInfo, SnifferSession* session,
                                  newEnd - reassemblyList->end, session, error);
                 }
             }
-            else {
-                /* DUP overlap, allow */
-                if (*sslBytes > 0) {
-                    skipPartial = 0; /* do not reset sslBytes */
+            else if (*sslBytes > 0) {
+                if (real + *sslBytes - 1 > *seqLast) {
+                    /* fix segment overlap */
+                #ifdef DEBUG_SNIFFER
+                    WOLFSSL* ssl = (session->flags.side == WOLFSSL_SERVER_END) ?
+                                    session->sslServer : session->sslClient;
+                    printf("\tSegment %d overlap (%d -> %d)\n",
+                        *sslBytes,
+                        ssl->buffers.inputBuffer.length - overlap,
+                        ssl->buffers.inputBuffer.length + *sslBytes - overlap - 1);
+                #endif
+                    *sslBytes -= overlap;
+                    *sslFrame += overlap;
                 }
+
+                /* DUP overlap, allow */
+                skipPartial = 0; /* do not reset sslBytes */
             }
             ret = 0;
         }
@@ -5744,13 +5727,13 @@ static int AdjustSequence(TcpInfo* tcpInfo, SnifferSession* session,
              * possible spurious retransmission. */
             if (*sslBytes > 0) {
                 /* If packet has data attempt to process packet, if hasn't
-                 * already been ack'd during handshake */
+                 * already been received */
                 if (
                 #ifdef WOLFSSL_ASYNC_CRYPT
                     session->sslServer->error != WC_NO_ERR_TRACE(WC_PENDING_E) &&
                     session->pendSeq != tcpInfo->sequence &&
                 #endif
-                                                   FindPrevAck(session, real)) {
+                    real + *sslBytes -1 <= *seqLast) {
                     Trace(DUPLICATE_STR);
                     ret = 1;
                 }
@@ -5822,7 +5805,7 @@ static int AdjustSequence(TcpInfo* tcpInfo, SnifferSession* session,
             *expected += 1;
     }
     if (*sslBytes > 0) {
-        AddAck(session, real);
+        *seqLast = real + *sslBytes - 1;
     }
     if (*sslBytes > 0 && skipPartial) {
         *sslBytes = 0;
@@ -6402,7 +6385,7 @@ doPart:
                             ivExtra = AESGCM_EXP_IV_SZ;
                     }
 
-                    ret -= ivExtra;;
+                    ret -= ivExtra;
 
                 #if defined(HAVE_ENCRYPT_THEN_MAC) && \
                     !defined(WOLFSSL_AEAD_ONLY)
@@ -6410,7 +6393,7 @@ doPart:
                         ret -= MacSize(ssl);
                 #endif
                     TraceGotData(ret);
-                    if (ret) {  /* may be blank message */
+                    if (ret > 0) {  /* may be blank message */
                         if (data != NULL) {
                             byte* tmpData;  /* don't leak on realloc free */
                             /* add an extra byte at end of allocation in case
@@ -6464,10 +6447,20 @@ doPart:
                         decoded += ret;
                         ssl->buffers.clearOutputBuffer.length = 0;
                     }
+                    else if (ret < 0){
+                    #ifdef DEBUG_SNIFFER
+                        printf("Invalid data offset calculation! "
+                            "ret %d, inOutIdx %d, ivExtra %d\n",
+                            ret, inOutIdx, ivExtra);
+                    #endif
+                        /* set error, but do not treat fatal */
+                        SetError(BAD_APP_DATA_STR, error, session, 0);
+                        return WOLFSSL_FATAL_ERROR;
+                    }
                 }
                 else {
                     /* set error, but do not treat fatal */
-                    SetError(BAD_APP_DATA_STR, error,session, 0);
+                    SetError(BAD_APP_DATA_STR, error, session, 0);
                     return WOLFSSL_FATAL_ERROR;
                 }
                 if (ssl->buffers.outputBuffer.dynamicFlag)
@@ -6496,8 +6489,9 @@ doPart:
             return WOLFSSL_FATAL_ERROR;
     }
 
-    /* do we have another msg in record ? */
-    if (sslFrame < recordEnd) {
+    /* do we have another msg in record (if app data did we decode bytes?) */
+    if (sslFrame < recordEnd && ((enum ContentType)rh.type != application_data ||
+        ((enum ContentType)rh.type == application_data && decoded))) {
         Trace(ANOTHER_MSG_STR);
         goto doPart;
     }
diff --git a/src/ssl.c b/src/ssl.c
index 4191557cf..78cb42a17 100644
--- a/src/ssl.c
+++ b/src/ssl.c
@@ -3368,7 +3368,7 @@ int wolfSSL_read(WOLFSSL* ssl, void* data, int sz)
 }
 
 
-/* returns 0 on failure and on no read */
+/* returns 0 on failure and 1 on read */
 int wolfSSL_read_ex(WOLFSSL* ssl, void* data, size_t sz, size_t* rd)
 {
     int ret;
@@ -3388,8 +3388,7 @@ int wolfSSL_read_ex(WOLFSSL* ssl, void* data, size_t sz, size_t* rd)
         *rd = (size_t)ret;
     }
 
-    if (ret <= 0) ret = 0;
-    return ret;
+    return ret > 0 ? 1 : 0;
 }
 
 #ifdef WOLFSSL_MULTICAST
@@ -3715,14 +3714,14 @@ static int isValidCurveGroup(word16 name)
         case WOLFSSL_ML_KEM_768:
         case WOLFSSL_ML_KEM_1024:
     #if defined(WOLFSSL_WC_MLKEM) || defined(HAVE_LIBOQS)
-        case WOLFSSL_P256_ML_KEM_512:
-        case WOLFSSL_P384_ML_KEM_768:
-        case WOLFSSL_P521_ML_KEM_1024:
-        case WOLFSSL_P384_ML_KEM_1024:
-        case WOLFSSL_X25519_ML_KEM_512:
-        case WOLFSSL_X448_ML_KEM_768:
-        case WOLFSSL_X25519_ML_KEM_768:
-        case WOLFSSL_P256_ML_KEM_768:
+        case WOLFSSL_SECP256R1MLKEM512:
+        case WOLFSSL_SECP384R1MLKEM768:
+        case WOLFSSL_SECP521R1MLKEM1024:
+        case WOLFSSL_SECP384R1MLKEM1024:
+        case WOLFSSL_X25519MLKEM512:
+        case WOLFSSL_X448MLKEM768:
+        case WOLFSSL_X25519MLKEM768:
+        case WOLFSSL_SECP256R1MLKEM768:
     #endif
 #endif /* !WOLFSSL_NO_ML_KEM */
 #ifdef WOLFSSL_MLKEM_KYBER
@@ -3855,7 +3854,7 @@ WOLFSSL_ABI
 int wolfSSL_UseALPN(WOLFSSL* ssl, char *protocol_name_list,
                     word32 protocol_name_listSz, byte options)
 {
-    char    *list, *ptr, **token;
+    char    *list, *ptr = NULL, **token;
     word16  len;
     int     idx = 0;
     int     ret = WC_NO_ERR_TRACE(WOLFSSL_FAILURE);
@@ -4292,7 +4291,15 @@ int wolfSSL_CTX_UseSessionTicket(WOLFSSL_CTX* ctx)
 
 int wolfSSL_get_SessionTicket(WOLFSSL* ssl, byte* buf, word32* bufSz)
 {
-    if (ssl == NULL || buf == NULL || bufSz == NULL || *bufSz == 0)
+    if (ssl == NULL || bufSz == NULL)
+        return BAD_FUNC_ARG;
+
+    if (*bufSz == 0 && buf == NULL) {
+        *bufSz = ssl->session->ticketLen;
+        return LENGTH_ONLY_E;
+    }
+
+    if (buf == NULL)
         return BAD_FUNC_ARG;
 
     if (ssl->session->ticketLen <= *bufSz) {
@@ -5869,7 +5876,7 @@ int AddCA(WOLFSSL_CERT_MANAGER* cm, DerBuffer** pDer, int type, int verify)
 #endif
     DerBuffer*   der = *pDer;
 
-    WOLFSSL_MSG("Adding a CA");
+    WOLFSSL_MSG_CERT_LOG("Adding a CA");
 
     if (cm == NULL) {
         FreeDer(pDer);
@@ -5893,8 +5900,34 @@ int AddCA(WOLFSSL_CERT_MANAGER* cm, DerBuffer** pDer, int type, int verify)
     }
 #endif
 
+    WOLFSSL_MSG_CERT("\tParsing new CA");
     ret = ParseCert(cert, CA_TYPE, verify, cm);
+
     WOLFSSL_MSG("\tParsed new CA");
+#ifdef WOLFSSL_DEBUG_CERTS
+    #ifdef WOLFSSL_SMALL_STACK
+    if (cert == NULL) {
+        WOLFSSL_MSG_CERT(WOLFSSL_MSG_CERT_INDENT "Failed; cert is NULL");
+    }
+    else
+    #endif
+    {
+        const char*  err_msg;
+        if (ret == 0) {
+            WOLFSSL_MSG_CERT_EX(WOLFSSL_MSG_CERT_INDENT "issuer:  '%s'",
+                cert->issuer);
+            WOLFSSL_MSG_CERT_EX(WOLFSSL_MSG_CERT_INDENT "subject: '%s'",
+                cert->subject);
+        }
+        else {
+            WOLFSSL_MSG_CERT(
+                WOLFSSL_MSG_CERT_INDENT "Failed during parse of new CA");
+            err_msg = wc_GetErrorString(ret);
+            WOLFSSL_MSG_CERT_EX(WOLFSSL_MSG_CERT_INDENT "error ret: %d; %s",
+                ret, err_msg);
+        }
+    }
+#endif /* WOLFSSL_DEBUG_CERTS */
 
 #ifndef NO_SKID
     subjectHash = cert->extSubjKeyId;
@@ -5903,7 +5936,7 @@ int AddCA(WOLFSSL_CERT_MANAGER* cm, DerBuffer** pDer, int type, int verify)
 #endif
 
     /* check CA key size */
-    if (verify) {
+    if (verify && (ret == 0 )) {
         switch (cert->keyOID) {
         #ifndef NO_RSA
             #ifdef WC_RSA_PSS
@@ -5913,7 +5946,10 @@ int AddCA(WOLFSSL_CERT_MANAGER* cm, DerBuffer** pDer, int type, int verify)
                 if (cm->minRsaKeySz < 0 ||
                                    cert->pubKeySize < (word16)cm->minRsaKeySz) {
                     ret = RSA_KEY_SIZE_E;
-                    WOLFSSL_MSG("\tCA RSA key size error");
+                    WOLFSSL_MSG_CERT_LOG("\tCA RSA key size error");
+                    WOLFSSL_MSG_CERT_EX("\tCA RSA pubKeySize = %d; "
+                                                "minRsaKeySz = %d",
+                                   cert->pubKeySize, cm->minRsaKeySz);
                 }
                 break;
         #endif /* !NO_RSA */
@@ -5922,7 +5958,10 @@ int AddCA(WOLFSSL_CERT_MANAGER* cm, DerBuffer** pDer, int type, int verify)
                 if (cm->minEccKeySz < 0 ||
                                    cert->pubKeySize < (word16)cm->minEccKeySz) {
                     ret = ECC_KEY_SIZE_E;
-                    WOLFSSL_MSG("\tCA ECC key size error");
+                    WOLFSSL_MSG_CERT_LOG("\tCA ECC key size error");
+                    WOLFSSL_MSG_CERT_EX("\tCA ECC pubKeySize = %d; "
+                                                 "minEccKeySz = %d",
+                                   cert->pubKeySize, cm->minEccKeySz);
                 }
                 break;
             #endif /* HAVE_ECC */
@@ -6041,11 +6080,13 @@ int AddCA(WOLFSSL_CERT_MANAGER* cm, DerBuffer** pDer, int type, int verify)
     if (ret == 0 && signer != NULL) {
         ret = FillSigner(signer, cert, type, der);
 
-    #ifndef NO_SKID
-        row = HashSigner(signer->subjectKeyIdHash);
-    #else
-        row = HashSigner(signer->subjectNameHash);
-    #endif
+        if (ret == 0){
+        #ifndef NO_SKID
+            row = HashSigner(signer->subjectKeyIdHash);
+        #else
+            row = HashSigner(signer->subjectNameHash);
+        #endif
+        }
 
     #if defined(WOLFSSL_RENESAS_TSIP_TLS) || defined(WOLFSSL_RENESAS_FSPSM_TLS)
         /* Verify CA by TSIP so that generated tsip key is going to          */
@@ -6100,6 +6141,98 @@ int AddCA(WOLFSSL_CERT_MANAGER* cm, DerBuffer** pDer, int type, int verify)
     return ret == 0 ? WOLFSSL_SUCCESS : ret;
 }
 
+/* Removes the CA with the passed in subject hash from the
+   cert manager's CA cert store. */
+int RemoveCA(WOLFSSL_CERT_MANAGER* cm, byte* hash, int type)
+{
+    Signer* current;
+    Signer** prev;
+    int     ret = WC_NO_ERR_TRACE(WOLFSSL_FAILURE);
+    word32  row;
+
+    WOLFSSL_MSG("Removing a CA");
+
+    if (cm == NULL || hash == NULL) {
+        return BAD_FUNC_ARG;
+    }
+
+    row = HashSigner(hash);
+
+    if (wc_LockMutex(&cm->caLock) != 0) {
+        return BAD_MUTEX_E;
+    }
+    current = cm->caTable[row];
+    prev = &cm->caTable[row];
+    while (current) {
+        byte* subjectHash;
+
+    #ifndef NO_SKID
+        subjectHash = current->subjectKeyIdHash;
+    #else
+        subjectHash = current->subjectNameHash;
+    #endif
+
+        if ((current->type == type) &&
+            (XMEMCMP(hash, subjectHash, SIGNER_DIGEST_SIZE) == 0)) {
+            *prev = current->next;
+            FreeSigner(current, cm->heap);
+            ret = WOLFSSL_SUCCESS;
+            break;
+        }
+        prev = &current->next;
+        current = current->next;
+    }
+    wc_UnLockMutex(&cm->caLock);
+
+    WOLFSSL_LEAVE("RemoveCA", ret);
+
+    return ret;
+}
+
+
+/* Sets the CA with the passed in subject hash
+   to the provided type. */
+int SetCAType(WOLFSSL_CERT_MANAGER* cm, byte* hash, int type)
+{
+    Signer* current;
+    int     ret = WC_NO_ERR_TRACE(WOLFSSL_FAILURE);
+    word32  row;
+
+    WOLFSSL_MSG_EX("Setting CA to type %d", type);
+
+    if (cm == NULL || hash == NULL ||
+        type < WOLFSSL_USER_CA || type > WOLFSSL_USER_INTER) {
+        return ret;
+    }
+
+    row = HashSigner(hash);
+
+    if (wc_LockMutex(&cm->caLock) != 0) {
+        return ret;
+    }
+    current = cm->caTable[row];
+    while (current) {
+        byte* subjectHash;
+
+    #ifndef NO_SKID
+        subjectHash = current->subjectKeyIdHash;
+    #else
+        subjectHash = current->subjectNameHash;
+    #endif
+
+        if (XMEMCMP(hash, subjectHash, SIGNER_DIGEST_SIZE) == 0) {
+            current->type = (byte)type;
+            ret = WOLFSSL_SUCCESS;
+            break;
+        }
+        current = current->next;
+    }
+    wc_UnLockMutex(&cm->caLock);
+
+    WOLFSSL_LEAVE("SetCAType", ret);
+
+    return ret;
+}
 #endif /* !NO_CERTS */
 
 
@@ -6238,7 +6371,7 @@ int wolfSSL_Init(void)
 #endif
 
     #ifdef WC_RNG_SEED_CB
-        wc_SetSeed_Cb(wc_GenerateSeed);
+        wc_SetSeed_Cb(WC_GENERATE_SEED_DEFAULT);
     #endif
 
 #ifdef OPENSSL_EXTRA
@@ -7216,9 +7349,8 @@ static int check_cert_key(DerBuffer* cert, DerBuffer* key, DerBuffer* altKey,
 #ifdef WOLF_PRIVATE_KEY_ID
         if (ret == WOLFSSL_SUCCESS && altDevId != INVALID_DEVID) {
             /* We have to decode the public key first */
-            word32 idx = 0;
-            /* Dilithium has the largest public key at the moment */
-            word32 pubKeyLen = DILITHIUM_MAX_PUB_KEY_SIZE;
+            /* Default to max pub key size. */
+            word32 pubKeyLen = MAX_PUBLIC_KEY_SZ;
             byte* decodedPubKey = (byte*)XMALLOC(pubKeyLen, heap,
                                             DYNAMIC_TYPE_PUBLIC_KEY);
             if (decodedPubKey == NULL) {
@@ -7232,9 +7364,14 @@ static int check_cert_key(DerBuffer* cert, DerBuffer* key, DerBuffer* altKey,
                     ret = 0;
                 }
                 else {
+                #if defined(WC_ENABLE_ASYM_KEY_IMPORT)
+                    word32 idx = 0;
                     ret = DecodeAsymKeyPublic(der->sapkiDer, &idx,
                                               der->sapkiLen, decodedPubKey,
                                               &pubKeyLen, der->sapkiOID);
+                #else
+                    ret = NOT_COMPILED_IN;
+                #endif /* WC_ENABLE_ASYM_KEY_IMPORT */
                 }
             }
             if (ret == 0) {
@@ -8718,148 +8855,75 @@ static int isArrayUnique(const char* buf, size_t len)
     return 1;
 }
 
-/* Set user preference for the client_cert_type exetnsion.
+/* Set user preference for the {client,server}_cert_type extension.
  * Takes byte array containing cert types the caller can provide to its peer.
  * Cert types are in preferred order in the array.
  */
-WOLFSSL_API int wolfSSL_CTX_set_client_cert_type(WOLFSSL_CTX* ctx,
-                                          const char* buf, int bufLen)
+static int set_cert_type(RpkConfig* cfg,
+                         int client, const char* buf, int bufLen)
 {
     int i;
+    byte* certTypeCnt;
+    byte* certTypes;
 
-    if (ctx == NULL || bufLen > MAX_CLIENT_CERT_TYPE_CNT) {
+    if (cfg == NULL || bufLen > (client ? MAX_CLIENT_CERT_TYPE_CNT :
+                                          MAX_SERVER_CERT_TYPE_CNT)) {
         return BAD_FUNC_ARG;
     }
 
-    /* if buf is set to NULL or bufLen is set to zero, it defaults the setting*/
+    if (client) {
+        certTypeCnt = &cfg->preferred_ClientCertTypeCnt;
+        certTypes   =  cfg->preferred_ClientCertTypes;
+    }
+    else {
+        certTypeCnt = &cfg->preferred_ServerCertTypeCnt;
+        certTypes   =  cfg->preferred_ServerCertTypes;
+    }
+    /* if buf is set to NULL or bufLen is zero, it defaults the setting*/
     if (buf == NULL || bufLen == 0) {
-        ctx->rpkConfig.preferred_ClientCertTypeCnt = 1;
-        ctx->rpkConfig.preferred_ClientCertTypes[0]= WOLFSSL_CERT_TYPE_X509;
-        ctx->rpkConfig.preferred_ClientCertTypes[1]= WOLFSSL_CERT_TYPE_X509;
+        *certTypeCnt = 1;
+        for (i = 0; i < 2; i++)
+            certTypes[i] = WOLFSSL_CERT_TYPE_X509;
         return WOLFSSL_SUCCESS;
     }
 
     if (!isArrayUnique(buf, (size_t)bufLen))
         return BAD_FUNC_ARG;
 
-    for (i = 0; i < bufLen; i++){
+    for (i = 0; i < bufLen; i++) {
         if (buf[i] != WOLFSSL_CERT_TYPE_RPK && buf[i] != WOLFSSL_CERT_TYPE_X509)
             return BAD_FUNC_ARG;
-
-        ctx->rpkConfig.preferred_ClientCertTypes[i] = (byte)buf[i];
+        certTypes[i] = (byte)buf[i];
     }
-    ctx->rpkConfig.preferred_ClientCertTypeCnt = bufLen;
+    *certTypeCnt = bufLen;
 
     return WOLFSSL_SUCCESS;
 }
-
-/* Set user preference for the server_cert_type exetnsion.
- * Takes byte array containing cert types the caller can provide to its peer.
- * Cert types are in preferred order in the array.
- */
-WOLFSSL_API int wolfSSL_CTX_set_server_cert_type(WOLFSSL_CTX* ctx,
-                                                const char* buf, int bufLen)
+int wolfSSL_set_client_cert_type(WOLFSSL* ssl, const char* buf, int buflen)
 {
-    int i;
-
-    if (ctx == NULL || bufLen > MAX_SERVER_CERT_TYPE_CNT) {
+    if (ssl == NULL)
         return BAD_FUNC_ARG;
-    }
-
-    /* if buf is set to NULL or bufLen is set to zero, it defaults the setting*/
-    if (buf == NULL || bufLen == 0) {
-        ctx->rpkConfig.preferred_ServerCertTypeCnt = 1;
-        ctx->rpkConfig.preferred_ServerCertTypes[0]= WOLFSSL_CERT_TYPE_X509;
-        ctx->rpkConfig.preferred_ServerCertTypes[1]= WOLFSSL_CERT_TYPE_X509;
-        return WOLFSSL_SUCCESS;
-    }
-
-    if (!isArrayUnique(buf, (size_t)bufLen))
-        return BAD_FUNC_ARG;
-
-    for (i = 0; i < bufLen; i++){
-        if (buf[i] != WOLFSSL_CERT_TYPE_RPK && buf[i] != WOLFSSL_CERT_TYPE_X509)
-            return BAD_FUNC_ARG;
-
-        ctx->rpkConfig.preferred_ServerCertTypes[i] = (byte)buf[i];
-    }
-    ctx->rpkConfig.preferred_ServerCertTypeCnt = bufLen;
-
-    return WOLFSSL_SUCCESS;
+    return set_cert_type(&ssl->options.rpkConfig, 1, buf, buflen);
 }
-
-/* Set user preference for the client_cert_type exetnsion.
- * Takes byte array containing cert types the caller can provide to its peer.
- * Cert types are in preferred order in the array.
- */
-WOLFSSL_API int wolfSSL_set_client_cert_type(WOLFSSL* ssl,
-                                          const char* buf, int bufLen)
+int wolfSSL_set_server_cert_type(WOLFSSL* ssl, const char* buf, int buflen)
 {
-    int i;
-
-    if (ssl == NULL || bufLen > MAX_CLIENT_CERT_TYPE_CNT) {
+    if (ssl == NULL)
         return BAD_FUNC_ARG;
-    }
-
-    /* if buf is set to NULL or bufLen is set to zero, it defaults the setting*/
-    if (buf == NULL || bufLen == 0) {
-        ssl->options.rpkConfig.preferred_ClientCertTypeCnt = 1;
-        ssl->options.rpkConfig.preferred_ClientCertTypes[0]
-                                                    = WOLFSSL_CERT_TYPE_X509;
-        ssl->options.rpkConfig.preferred_ClientCertTypes[1]
-                                                    = WOLFSSL_CERT_TYPE_X509;
-        return WOLFSSL_SUCCESS;
-    }
-
-    if (!isArrayUnique(buf, (size_t)bufLen))
-        return BAD_FUNC_ARG;
-
-    for (i = 0; i < bufLen; i++){
-        if (buf[i] != WOLFSSL_CERT_TYPE_RPK && buf[i] != WOLFSSL_CERT_TYPE_X509)
-            return BAD_FUNC_ARG;
-
-        ssl->options.rpkConfig.preferred_ClientCertTypes[i] = (byte)buf[i];
-    }
-    ssl->options.rpkConfig.preferred_ClientCertTypeCnt = bufLen;
-
-    return WOLFSSL_SUCCESS;
+    return set_cert_type(&ssl->options.rpkConfig, 0, buf, buflen);
 }
-
-/* Set user preference for the server_cert_type exetnsion.
- * Takes byte array containing cert types the caller can provide to its peer.
- * Cert types are in preferred order in the array.
- */
-WOLFSSL_API int wolfSSL_set_server_cert_type(WOLFSSL* ssl,
-                                          const char* buf, int bufLen)
+int wolfSSL_CTX_set_client_cert_type(WOLFSSL_CTX* ctx,
+                                     const char* buf, int buflen)
 {
-    int i;
-
-    if (ssl == NULL || bufLen > MAX_SERVER_CERT_TYPE_CNT) {
+    if (ctx == NULL)
         return BAD_FUNC_ARG;
-    }
-
-    /* if buf is set to NULL or bufLen is set to zero, it defaults the setting*/
-    if (buf == NULL || bufLen == 0) {
-        ssl->options.rpkConfig.preferred_ServerCertTypeCnt = 1;
-        ssl->options.rpkConfig.preferred_ServerCertTypes[0]
-                                                    = WOLFSSL_CERT_TYPE_X509;
-        ssl->options.rpkConfig.preferred_ServerCertTypes[1]
-                                                    = WOLFSSL_CERT_TYPE_X509;
-        return WOLFSSL_SUCCESS;
-    }
-
-    if (!isArrayUnique(buf, (size_t)bufLen))
+    return set_cert_type(&ctx->rpkConfig, 1, buf, buflen);
+}
+int wolfSSL_CTX_set_server_cert_type(WOLFSSL_CTX* ctx,
+                                     const char* buf, int buflen)
+{
+    if (ctx == NULL)
         return BAD_FUNC_ARG;
-
-    for (i = 0; i < bufLen; i++){
-        if (buf[i] != WOLFSSL_CERT_TYPE_RPK && buf[i] != WOLFSSL_CERT_TYPE_X509)
-            return BAD_FUNC_ARG;
-
-        ssl->options.rpkConfig.preferred_ServerCertTypes[i] = (byte)buf[i];
-    }
-    ssl->options.rpkConfig.preferred_ServerCertTypeCnt = bufLen;
-
-    return WOLFSSL_SUCCESS;
+    return set_cert_type(&ctx->rpkConfig, 0, buf, buflen);
 }
 
 /* get negotiated certificate type value and return it to the second parameter.
@@ -8871,7 +8935,7 @@ WOLFSSL_API int wolfSSL_set_server_cert_type(WOLFSSL* ssl,
  * in case no negotiation performed, it returns WOLFSSL_SUCCESS and -1 is for
  * cert type.
  */
-WOLFSSL_API int wolfSSL_get_negotiated_client_cert_type(WOLFSSL* ssl, int* tp)
+int wolfSSL_get_negotiated_client_cert_type(WOLFSSL* ssl, int* tp)
 {
     int ret = WOLFSSL_SUCCESS;
 
@@ -8902,7 +8966,7 @@ WOLFSSL_API int wolfSSL_get_negotiated_client_cert_type(WOLFSSL* ssl, int* tp)
  * in case no negotiation performed, it returns WOLFSSL_SUCCESS and -1 is for
  * cert type.
  */
-WOLFSSL_API int wolfSSL_get_negotiated_server_cert_type(WOLFSSL* ssl, int* tp)
+int wolfSSL_get_negotiated_server_cert_type(WOLFSSL* ssl, int* tp)
 {
     int ret = WOLFSSL_SUCCESS;
 
@@ -9021,7 +9085,7 @@ static SetVerifyOptions ModeToVerifyOptions(int mode)
 }
 
 WOLFSSL_ABI
-void wolfSSL_CTX_set_verify(WOLFSSL_CTX* ctx, int mode, VerifyCallback vc)
+void wolfSSL_CTX_set_verify(WOLFSSL_CTX* ctx, int mode, VerifyCallback verify_callback)
 {
     SetVerifyOptions opts;
 
@@ -9039,7 +9103,7 @@ void wolfSSL_CTX_set_verify(WOLFSSL_CTX* ctx, int mode, VerifyCallback vc)
     ctx->verifyPostHandshake = opts.verifyPostHandshake;
 #endif
 
-    ctx->verifyCallback = vc;
+    ctx->verifyCallback = verify_callback;
 }
 
 #ifdef OPENSSL_ALL
@@ -9056,7 +9120,7 @@ void wolfSSL_CTX_set_cert_verify_callback(WOLFSSL_CTX* ctx,
 #endif
 
 
-void wolfSSL_set_verify(WOLFSSL* ssl, int mode, VerifyCallback vc)
+void wolfSSL_set_verify(WOLFSSL* ssl, int mode, VerifyCallback verify_callback)
 {
     SetVerifyOptions opts;
 
@@ -9074,7 +9138,7 @@ void wolfSSL_set_verify(WOLFSSL* ssl, int mode, VerifyCallback vc)
     ssl->options.verifyPostHandshake = opts.verifyPostHandshake;
 #endif
 
-    ssl->verifyCallback = vc;
+    ssl->verifyCallback = verify_callback;
 }
 
 void wolfSSL_set_verify_result(WOLFSSL *ssl, long v)
@@ -10821,8 +10885,7 @@ int wolfSSL_DTLS_SetCookieSecret(WOLFSSL* ssl,
             ssl->options.dtls   = 1;
             ssl->options.tls    = 1;
             ssl->options.tls1_1 = 1;
-            if (!IsDtlsNotSctpMode(ssl) || !IsDtlsNotSrtpMode(ssl) ||
-                    IsSCR(ssl))
+            if (!IsDtlsNotSctpMode(ssl) || IsSCR(ssl))
                 ssl->options.dtlsStateful = 1;
         }
     #endif
@@ -12188,7 +12251,28 @@ int wolfSSL_set_compression(WOLFSSL* ssl)
             ssl->client_ca_names = names;
         }
     }
-#endif
+
+    void wolfSSL_CTX_set0_CA_list(WOLFSSL_CTX* ctx,
+                                  WOLF_STACK_OF(WOLFSSL_X509_NAME)* names)
+    {
+        WOLFSSL_ENTER("wolfSSL_CTX_set0_CA_list");
+        if (ctx != NULL) {
+            wolfSSL_sk_X509_NAME_pop_free(ctx->ca_names, NULL);
+            ctx->ca_names = names;
+        }
+    }
+
+    void wolfSSL_set0_CA_list(WOLFSSL* ssl,
+                              WOLF_STACK_OF(WOLFSSL_X509_NAME)* names)
+    {
+        WOLFSSL_ENTER("wolfSSL_set0_CA_list");
+        if (ssl != NULL) {
+            if (ssl->ca_names != ssl->ctx->ca_names)
+                wolfSSL_sk_X509_NAME_pop_free(ssl->ca_names, NULL);
+            ssl->ca_names = names;
+        }
+    }
+#endif /* WOLFSSL_NO_CA_NAMES */
 
 #ifdef OPENSSL_EXTRA
     /* registers client cert callback, called during handshake if server
@@ -12325,6 +12409,7 @@ int wolfSSL_set_compression(WOLFSSL* ssl)
             *sigAlgo = SM2k;
             break;
         case invalid_sa_algo:
+        case any_sa_algo:
         default:
             *hashAlgo = WC_HASH_TYPE_NONE;
             *sigAlgo = 0;
@@ -12419,8 +12504,9 @@ int wolfSSL_set_compression(WOLFSSL* ssl)
         return ctx->client_ca_names;
     }
 
-    /* returns the CA's set on server side or the CA's sent from server when
-     * on client side */
+    /* On server side: returns the CAs set via *_set_client_CA_list();
+     * On client side: returns the CAs received from server -- same as
+     * wolfSSL_get0_peer_CA_list() */
     WOLF_STACK_OF(WOLFSSL_X509_NAME)* wolfSSL_get_client_CA_list(
             const WOLFSSL* ssl)
     {
@@ -12431,36 +12517,64 @@ int wolfSSL_set_compression(WOLFSSL* ssl)
             return NULL;
         }
 
+        if (ssl->options.side == WOLFSSL_CLIENT_END)
+            return ssl->peer_ca_names;
+        else
+            return SSL_CLIENT_CA_NAMES(ssl);
+    }
+
+    WOLF_STACK_OF(WOLFSSL_X509_NAME)* wolfSSL_CTX_get0_CA_list(
+            const WOLFSSL_CTX *ctx)
+    {
+        WOLFSSL_ENTER("wolfSSL_CTX_get0_CA_list");
+
+        if (ctx == NULL) {
+            WOLFSSL_MSG("Bad argument passed to wolfSSL_CTX_get0_CA_list");
+            return NULL;
+        }
+
+        return ctx->ca_names;
+    }
+
+    /* Always returns the CA's set via *_set0_CA_list */
+    WOLF_STACK_OF(WOLFSSL_X509_NAME)* wolfSSL_get0_CA_list(const WOLFSSL *ssl)
+    {
+        WOLFSSL_ENTER("wolfSSL_get0_CA_list");
+
+        if (ssl == NULL) {
+            WOLFSSL_MSG("Bad argument passed to wolfSSL_get0_CA_list");
+            return NULL;
+        }
+
         return SSL_CA_NAMES(ssl);
     }
 
+    /* Always returns the CA's received from the peer */
+    WOLF_STACK_OF(WOLFSSL_X509_NAME)* wolfSSL_get0_peer_CA_list(
+            const WOLFSSL* ssl)
+    {
+        WOLFSSL_ENTER("wolfSSL_get0_peer_CA_list");
+
+        if (ssl == NULL) {
+            WOLFSSL_MSG("Bad argument passed to wolfSSL_get0_peer_CA_list");
+            return NULL;
+        }
+
+        return ssl->peer_ca_names;
+    }
+
     #if !defined(NO_CERTS)
-    int wolfSSL_CTX_add_client_CA(WOLFSSL_CTX* ctx, WOLFSSL_X509* x509)
+    static int add_to_CA_list(WOLFSSL_STACK* ca_names, WOLFSSL_X509* x509)
     {
         WOLFSSL_X509_NAME *nameCopy = NULL;
 
-        WOLFSSL_ENTER("wolfSSL_CTX_add_client_CA");
-
-        if (ctx == NULL || x509 == NULL){
-            WOLFSSL_MSG("Bad argument");
-            return WOLFSSL_FAILURE;
-        }
-
-        if (ctx->client_ca_names == NULL) {
-            ctx->client_ca_names = wolfSSL_sk_X509_NAME_new(NULL);
-            if (ctx->client_ca_names == NULL) {
-                WOLFSSL_MSG("wolfSSL_sk_X509_NAME_new error");
-                return WOLFSSL_FAILURE;
-            }
-        }
-
         nameCopy = wolfSSL_X509_NAME_dup(wolfSSL_X509_get_subject_name(x509));
         if (nameCopy == NULL) {
             WOLFSSL_MSG("wolfSSL_X509_NAME_dup error");
             return WOLFSSL_FAILURE;
         }
 
-        if (wolfSSL_sk_X509_NAME_push(ctx->client_ca_names, nameCopy) <= 0) {
+        if (wolfSSL_sk_X509_NAME_push(ca_names, nameCopy) <= 0) {
             WOLFSSL_MSG("wolfSSL_sk_X509_NAME_push error");
             wolfSSL_X509_NAME_free(nameCopy);
             return WOLFSSL_FAILURE;
@@ -12468,7 +12582,75 @@ int wolfSSL_set_compression(WOLFSSL* ssl)
 
         return WOLFSSL_SUCCESS;
     }
-    #endif
+
+    int wolfSSL_CTX_add_client_CA(WOLFSSL_CTX* ctx, WOLFSSL_X509* x509)
+    {
+        WOLFSSL_ENTER("wolfSSL_CTX_add_client_CA");
+        if (ctx == NULL || x509 == NULL) {
+            WOLFSSL_MSG("Bad argument");
+            return WOLFSSL_FAILURE;
+        }
+        if (ctx->client_ca_names == NULL) {
+            ctx->client_ca_names = wolfSSL_sk_X509_NAME_new(NULL);
+            if (ctx->client_ca_names == NULL) {
+                WOLFSSL_MSG("wolfSSL_sk_X509_NAME_new error");
+                return WOLFSSL_FAILURE;
+            }
+        }
+        return add_to_CA_list(ctx->client_ca_names, x509);
+    }
+
+    int wolfSSL_add_client_CA(WOLFSSL* ssl, WOLFSSL_X509* x509)
+    {
+        WOLFSSL_ENTER("wolfSSL_add_client_CA");
+        if (ssl == NULL || x509 == NULL) {
+            WOLFSSL_MSG("Bad argument");
+            return WOLFSSL_FAILURE;
+        }
+        if (ssl->client_ca_names == NULL) {
+            ssl->client_ca_names = wolfSSL_sk_X509_NAME_new(NULL);
+            if (ssl->client_ca_names == NULL) {
+                WOLFSSL_MSG("wolfSSL_sk_X509_NAME_new error");
+                return WOLFSSL_FAILURE;
+            }
+        }
+        return add_to_CA_list(ssl->client_ca_names, x509);
+    }
+
+    int wolfSSL_CTX_add1_to_CA_list(WOLFSSL_CTX* ctx, WOLFSSL_X509* x509)
+    {
+        WOLFSSL_ENTER("wolfSSL_CTX_add1_to_CA_list");
+        if (ctx == NULL || x509 == NULL) {
+            WOLFSSL_MSG("Bad argument");
+            return WOLFSSL_FAILURE;
+        }
+        if (ctx->ca_names == NULL) {
+            ctx->ca_names = wolfSSL_sk_X509_NAME_new(NULL);
+            if (ctx->ca_names == NULL) {
+                WOLFSSL_MSG("wolfSSL_sk_X509_NAME_new error");
+                return WOLFSSL_FAILURE;
+            }
+        }
+        return add_to_CA_list(ctx->ca_names, x509);
+    }
+
+    int wolfSSL_add1_to_CA_list(WOLFSSL* ssl, WOLFSSL_X509* x509)
+    {
+        WOLFSSL_ENTER("wolfSSL_add1_to_CA_list");
+        if (ssl == NULL || x509 == NULL) {
+            WOLFSSL_MSG("Bad argument");
+            return WOLFSSL_FAILURE;
+        }
+        if (ssl->ca_names == NULL) {
+            ssl->ca_names = wolfSSL_sk_X509_NAME_new(NULL);
+            if (ssl->ca_names == NULL) {
+                WOLFSSL_MSG("wolfSSL_sk_X509_NAME_new error");
+                return WOLFSSL_FAILURE;
+            }
+        }
+        return add_to_CA_list(ssl->ca_names, x509);
+    }
+    #endif /* !NO_CERTS */
 
     #ifndef NO_BIO
         #if !defined(NO_RSA) && !defined(NO_CERTS)
@@ -14133,6 +14315,12 @@ size_t wolfSSL_get_client_random(const WOLFSSL* ssl, unsigned char* out,
         ssl->options.haveSessionId = 0;
         ssl->options.tls = 0;
         ssl->options.tls1_1 = 0;
+    #ifdef WOLFSSL_TLS13
+    #ifdef WOLFSSL_SEND_HRR_COOKIE
+        ssl->options.hrrSentCookie = 0;
+    #endif
+        ssl->options.hrrSentKeyShare = 0;
+    #endif
     #ifdef WOLFSSL_DTLS
         ssl->options.dtlsStateful = 0;
     #endif
@@ -15612,48 +15800,48 @@ const char* wolfSSL_get_curve_name(WOLFSSL* ssl)
     #ifndef WOLFSSL_NO_ML_KEM_512
         case WOLFSSL_ML_KEM_512:
             return "ML_KEM_512";
-        case WOLFSSL_P256_ML_KEM_512:
-            return "P256_ML_KEM_512";
+        case WOLFSSL_SECP256R1MLKEM512:
+            return "SecP256r1MLKEM512";
 #ifdef WOLFSSL_ML_KEM_USE_OLD_IDS
         case WOLFSSL_P256_ML_KEM_512_OLD:
             return "P256_ML_KEM_512_OLD";
 #endif
         #ifdef HAVE_CURVE25519
-        case WOLFSSL_X25519_ML_KEM_512:
-            return "X25519_ML_KEM_512";
+        case WOLFSSL_X25519MLKEM512:
+            return "X25519MLKEM512";
         #endif
     #endif
     #ifndef WOLFSSL_NO_ML_KEM_768
         case WOLFSSL_ML_KEM_768:
             return "ML_KEM_768";
-        case WOLFSSL_P384_ML_KEM_768:
-            return "P384_ML_KEM_768";
+        case WOLFSSL_SECP384R1MLKEM768:
+            return "SecP384r1MLKEM768";
 #ifdef WOLFSSL_ML_KEM_USE_OLD_IDS
         case WOLFSSL_P384_ML_KEM_768_OLD:
             return "P384_ML_KEM_768_OLD";
 #endif
-        case WOLFSSL_P256_ML_KEM_768:
-            return "P256_ML_KEM_768";
+        case WOLFSSL_SECP256R1MLKEM768:
+            return "SecP256r1MLKEM768";
         #ifdef HAVE_CURVE25519
-        case WOLFSSL_X25519_ML_KEM_768:
-            return "X25519_ML_KEM_768";
+        case WOLFSSL_X25519MLKEM768:
+            return "X25519MLKEM768";
         #endif
         #ifdef HAVE_CURVE448
-        case WOLFSSL_X448_ML_KEM_768:
-            return "X448_ML_KEM_768";
+        case WOLFSSL_X448MLKEM768:
+            return "X448MLKEM768";
         #endif
     #endif
     #ifndef WOLFSSL_NO_ML_KEM_1024
         case WOLFSSL_ML_KEM_1024:
             return "ML_KEM_1024";
-        case WOLFSSL_P521_ML_KEM_1024:
-            return "P521_ML_KEM_1024";
+        case WOLFSSL_SECP521R1MLKEM1024:
+            return "SecP521r1MLKEM1024";
 #ifdef WOLFSSL_ML_KEM_USE_OLD_IDS
         case WOLFSSL_P521_ML_KEM_1024_OLD:
             return "P521_ML_KEM_1024_OLD";
 #endif
-        case WOLFSSL_P384_ML_KEM_1024:
-            return "P384_ML_KEM_1024";
+        case WOLFSSL_SECP384R1MLKEM1024:
+            return "SecP384r1MLKEM1024";
     #endif
 #elif defined(HAVE_LIBOQS)
         case WOLFSSL_ML_KEM_512:
@@ -15662,25 +15850,25 @@ const char* wolfSSL_get_curve_name(WOLFSSL* ssl)
             return "ML_KEM_768";
         case WOLFSSL_ML_KEM_1024:
             return "ML_KEM_1024";
-        case WOLFSSL_P256_ML_KEM_512:
-            return "P256_ML_KEM_512";
-        case WOLFSSL_P384_ML_KEM_768:
-            return "P384_ML_KEM_768";
-        case WOLFSSL_P256_ML_KEM_768:
-            return "P256_ML_KEM_768";
-        case WOLFSSL_P521_ML_KEM_1024:
-            return "P521_ML_KEM_1024";
-        case WOLFSSL_P384_ML_KEM_1024:
-            return "P384_ML_KEM_1024";
+        case WOLFSSL_SECP256R1MLKEM512:
+            return "SecP256r1MLKEM512";
+        case WOLFSSL_SECP384R1MLKEM768:
+            return "SecP384r1MLKEM768";
+        case WOLFSSL_SECP256R1MLKEM768:
+            return "SecP256r1MLKEM768";
+        case WOLFSSL_SECP521R1MLKEM1024:
+            return "SecP521r1MLKEM1024";
+        case WOLFSSL_SECP384R1MLKEM1024:
+            return "SecP384r1MLKEM1024";
     #ifdef HAVE_CURVE25519
-        case WOLFSSL_X25519_ML_KEM_512:
-            return "X25519_ML_KEM_512";
-        case WOLFSSL_X25519_ML_KEM_768:
-            return "X25519_ML_KEM_768";
+        case WOLFSSL_X25519MLKEM512:
+            return "X25519MLKEM512";
+        case WOLFSSL_X25519MLKEM768:
+            return "X25519MLKEM768";
     #endif
     #ifdef HAVE_CURVE448
-        case WOLFSSL_X448_ML_KEM_768:
-            return "X448_ML_KEM_768";
+        case WOLFSSL_X448MLKEM768:
+            return "X448MLKEM768";
     #endif
 #endif /* WOLFSSL_WC_MLKEM */
 #endif /* WOLFSSL_NO_ML_KEM */
@@ -16120,6 +16308,9 @@ static WC_INLINE const char* wolfssl_kea_to_string(int kea)
             keaStr = "ECDH";
             break;
 #endif
+        case any_kea:
+            keaStr = "any";
+            break;
         default:
             keaStr = "unknown";
             break;
@@ -16171,6 +16362,9 @@ static WC_INLINE const char* wolfssl_sigalg_to_string(int sig_algo)
             authStr = "Ed448";
             break;
 #endif
+        case any_sa_algo:
+            authStr = "any";
+            break;
         default:
             authStr = "unknown";
             break;
@@ -16201,18 +16395,18 @@ static WC_INLINE const char* wolfssl_cipher_to_string(int cipher, int key_size)
 #endif
 #ifndef NO_AES
         case wolfssl_aes:
-            if (key_size == 128)
+            if (key_size == AES_128_KEY_SIZE)
                 encStr = "AES(128)";
-            else if (key_size == 256)
+            else if (key_size == AES_256_KEY_SIZE)
                 encStr = "AES(256)";
             else
                 encStr = "AES(?)";
             break;
     #ifdef HAVE_AESGCM
         case wolfssl_aes_gcm:
-            if (key_size == 128)
+            if (key_size == AES_128_KEY_SIZE)
                 encStr = "AESGCM(128)";
-            else if (key_size == 256)
+            else if (key_size == AES_256_KEY_SIZE)
                 encStr = "AESGCM(256)";
             else
                 encStr = "AESGCM(?)";
@@ -16220,9 +16414,9 @@ static WC_INLINE const char* wolfssl_cipher_to_string(int cipher, int key_size)
     #endif
     #ifdef HAVE_AESCCM
         case wolfssl_aes_ccm:
-            if (key_size == 128)
+            if (key_size == AES_128_KEY_SIZE)
                 encStr = "AESCCM(128)";
-            else if (key_size == 256)
+            else if (key_size == AES_256_KEY_SIZE)
                 encStr = "AESCCM(256)";
             else
                 encStr = "AESCCM(?)";
@@ -16236,11 +16430,11 @@ static WC_INLINE const char* wolfssl_cipher_to_string(int cipher, int key_size)
 #endif
 #ifdef HAVE_ARIA
         case wolfssl_aria_gcm:
-            if (key_size == 128)
+            if (key_size == ARIA_128_KEY_SIZE)
                 encStr = "Aria(128)";
-            else if (key_size == 192)
+            else if (key_size == ARIA_192_KEY_SIZE)
                 encStr = "Aria(192)";
-            else if (key_size == 256)
+            else if (key_size == ARIA_256_KEY_SIZE)
                 encStr = "Aria(256)";
             else
                 encStr = "Aria(?)";
@@ -16248,9 +16442,9 @@ static WC_INLINE const char* wolfssl_cipher_to_string(int cipher, int key_size)
 #endif
 #ifdef HAVE_CAMELLIA
         case wolfssl_camellia:
-            if (key_size == 128)
+            if (key_size == CAMELLIA_128_KEY_SIZE)
                 encStr = "Camellia(128)";
-            else if (key_size == 256)
+            else if (key_size == CAMELLIA_256_KEY_SIZE)
                 encStr = "Camellia(256)";
             else
                 encStr = "Camellia(?)";
@@ -16337,7 +16531,10 @@ char* wolfSSL_CIPHER_description(const WOLFSSL_CIPHER* cipher, char* in,
     authStr = wolfssl_sigalg_to_string(cipher->ssl->specs.sig_algo);
     encStr = wolfssl_cipher_to_string(cipher->ssl->specs.bulk_cipher_algorithm,
                                       cipher->ssl->specs.key_size);
-    macStr = wolfssl_mac_to_string(cipher->ssl->specs.mac_algorithm);
+    if (cipher->ssl->specs.cipher_type == aead)
+        macStr = "AEAD";
+    else
+        macStr = wolfssl_mac_to_string(cipher->ssl->specs.mac_algorithm);
 
     /* Build up the string by copying onto the end. */
     XSTRNCPY(in, wolfSSL_CIPHER_get_name(cipher), (size_t)len);
@@ -16649,7 +16846,7 @@ int wolfSSL_i2d_PublicKey(const WOLFSSL_EVP_PKEY *key, unsigned char **der)
     }
 
     if (ret == 0) {
-        pub_derSz = (word32)wc_EccPublicKeyDerSize(eccKey, 0);
+        pub_derSz = (word32)wc_EccPublicKeyDerSize(eccKey, 1);
         if ((int)pub_derSz <= 0) {
             ret = WOLFSSL_FAILURE;
         }
@@ -16665,7 +16862,7 @@ int wolfSSL_i2d_PublicKey(const WOLFSSL_EVP_PKEY *key, unsigned char **der)
     }
 
     if (ret == 0) {
-        pub_derSz = (word32)wc_EccPublicKeyToDer(eccKey, pub_der, pub_derSz, 0);
+        pub_derSz = (word32)wc_EccPublicKeyToDer(eccKey, pub_der, pub_derSz, 1);
         if ((int)pub_derSz <= 0) {
             ret = WOLFSSL_FATAL_ERROR;
         }
@@ -19217,6 +19414,7 @@ static int SaToNid(byte sa, int* nid)
             *nid = WC_NID_sm2;
             break;
         case invalid_sa_algo:
+        case any_sa_algo:
         default:
             ret = WOLFSSL_FAILURE;
             break;
@@ -23256,22 +23454,22 @@ const WOLF_EC_NIST_NAME kNistCurves[] = {
     {CURVE_NAME("ML_KEM_768"), WOLFSSL_ML_KEM_768, WOLFSSL_ML_KEM_768},
     {CURVE_NAME("ML_KEM_1024"), WOLFSSL_ML_KEM_1024, WOLFSSL_ML_KEM_1024},
 #if (defined(WOLFSSL_WC_MLKEM) || defined(HAVE_LIBOQS)) && defined(HAVE_ECC)
-    {CURVE_NAME("P256_ML_KEM_512"), WOLFSSL_P256_ML_KEM_512,
-     WOLFSSL_P256_ML_KEM_512},
-    {CURVE_NAME("P384_ML_KEM_768"), WOLFSSL_P384_ML_KEM_768,
-     WOLFSSL_P384_ML_KEM_768},
-    {CURVE_NAME("P256_ML_KEM_768"), WOLFSSL_P256_ML_KEM_768,
-     WOLFSSL_P256_ML_KEM_768},
-    {CURVE_NAME("P521_ML_KEM_1024"), WOLFSSL_P521_ML_KEM_1024,
-     WOLFSSL_P521_ML_KEM_1024},
-    {CURVE_NAME("P384_ML_KEM_1024"), WOLFSSL_P384_ML_KEM_1024,
-     WOLFSSL_P384_ML_KEM_1024},
-    {CURVE_NAME("X25519_ML_KEM_512"), WOLFSSL_X25519_ML_KEM_512,
-     WOLFSSL_X25519_ML_KEM_512},
-    {CURVE_NAME("X448_ML_KEM_768"), WOLFSSL_X448_ML_KEM_768,
-     WOLFSSL_X448_ML_KEM_768},
-    {CURVE_NAME("X25519_ML_KEM_768"), WOLFSSL_X25519_ML_KEM_768,
-     WOLFSSL_X25519_ML_KEM_768},
+    {CURVE_NAME("SecP256r1MLKEM512"), WOLFSSL_SECP256R1MLKEM512,
+     WOLFSSL_SECP256R1MLKEM512},
+    {CURVE_NAME("SecP384r1MLKEM768"), WOLFSSL_SECP384R1MLKEM768,
+     WOLFSSL_SECP384R1MLKEM768},
+    {CURVE_NAME("SecP256r1MLKEM768"), WOLFSSL_SECP256R1MLKEM768,
+     WOLFSSL_SECP256R1MLKEM768},
+    {CURVE_NAME("SecP521r1MLKEM1024"), WOLFSSL_SECP521R1MLKEM1024,
+     WOLFSSL_SECP521R1MLKEM1024},
+    {CURVE_NAME("SecP384r1MLKEM1024"), WOLFSSL_SECP384R1MLKEM1024,
+     WOLFSSL_SECP384R1MLKEM1024},
+    {CURVE_NAME("X25519MLKEM512"), WOLFSSL_X25519MLKEM512,
+     WOLFSSL_X25519MLKEM512},
+    {CURVE_NAME("X448MLKEM768"), WOLFSSL_X448MLKEM768,
+     WOLFSSL_X448MLKEM768},
+    {CURVE_NAME("X25519MLKEM768"), WOLFSSL_X25519MLKEM768,
+     WOLFSSL_X25519MLKEM768},
 #endif
 #endif /* !WOLFSSL_NO_ML_KEM */
 #ifdef WOLFSSL_MLKEM_KYBER
diff --git a/src/ssl_asn1.c b/src/ssl_asn1.c
index f2ffbc6f3..d501b6a68 100644
--- a/src/ssl_asn1.c
+++ b/src/ssl_asn1.c
@@ -1043,7 +1043,6 @@ static int wolfssl_asn1_integer_require_len(WOLFSSL_ASN1_INTEGER* a, int len,
     int ret = 1;
     byte* data;
     byte* oldData = a->intData;
-    int oldLen = a->length;
 
     if (a->isDynamic && (len > (int)a->dataMax)) {
         oldData = a->data;
@@ -1051,7 +1050,6 @@ static int wolfssl_asn1_integer_require_len(WOLFSSL_ASN1_INTEGER* a, int len,
         a->data = a->intData;
         a->dataMax = (unsigned int)sizeof(a->intData);
     }
-    a->length = 0;
     if ((!a->isDynamic) && (len > (int)a->dataMax)) {
         /* Create a new buffer to hold large integer value. */
         data = (byte*)XMALLOC((size_t)len, NULL, DYNAMIC_TYPE_OPENSSL);
@@ -1068,10 +1066,10 @@ static int wolfssl_asn1_integer_require_len(WOLFSSL_ASN1_INTEGER* a, int len,
     if (keepOldData) {
          if (oldData != a->data) {
              /* Copy old data into new buffer. */
-             XMEMCPY(a->data, oldData, (size_t)oldLen);
+             XMEMCPY(a->data, oldData, (size_t)a->length);
          }
-         /* Restore old length. */
-         a->length = oldLen;
+    } else {
+        a->length = 0;
     }
     if (oldData != a->intData) {
          /* Dispose of the old dynamic data. */
@@ -2087,11 +2085,13 @@ int wolfSSL_ASN1_get_object(const unsigned char **in, long *len, int *tag,
     }
     if (!err) {
         /* Length at least 1, parameters valid - cannot fail to get tag. */
-        GetASNTag(*in, &inOutIdx, &t, (word32)inLen);
-        /* Get length in DER encoding. */
-        if (GetLength_ex(*in, &inOutIdx, &l, (word32)inLen, 0) < 0) {
-            WOLFSSL_MSG("GetLength error");
-            err = 1;
+        err = GetASNTag(*in, &inOutIdx, &t, (word32)inLen);
+        if (!err){
+            /* Get length in DER encoding. */
+            if (GetLength_ex(*in, &inOutIdx, &l, (word32)inLen, 0) < 0) {
+                WOLFSSL_MSG("GetLength error");
+                err = 1;
+            }
         }
     }
     if (!err) {
@@ -3549,7 +3549,7 @@ int wolfSSL_ASN1_STRING_print_ex(WOLFSSL_BIO *bio, WOLFSSL_ASN1_STRING *str,
         }
     }
 
-    if ((!err) && (str_len != -1)) {
+    if ((!err) && (str_len >= 0)) {
         /* Include any characters written for type. */
         str_len += type_len;
     }
diff --git a/src/ssl_certman.c b/src/ssl_certman.c
index 286831b9d..8bd3a2f68 100644
--- a/src/ssl_certman.c
+++ b/src/ssl_certman.c
@@ -453,12 +453,12 @@ int wolfSSL_CertManagerUnloadCAs(WOLFSSL_CERT_MANAGER* cm)
     return ret;
 }
 
-static int wolfSSL_CertManagerUnloadIntermediateCertsEx(
+int wolfSSL_CertManagerUnloadTypeCerts(
                                 WOLFSSL_CERT_MANAGER* cm, byte type)
 {
     int ret = WOLFSSL_SUCCESS;
 
-    WOLFSSL_ENTER("wolfSSL_CertManagerUnloadIntermediateCertsEx");
+    WOLFSSL_ENTER("wolfSSL_CertManagerUnloadTypeCerts");
 
     /* Validate parameter. */
     if (cm == NULL) {
@@ -485,7 +485,7 @@ static int wolfSSL_CertManagerUnloadTempIntermediateCerts(
     WOLFSSL_CERT_MANAGER* cm)
 {
     WOLFSSL_ENTER("wolfSSL_CertManagerUnloadTempIntermediateCerts");
-    return wolfSSL_CertManagerUnloadIntermediateCertsEx(cm, WOLFSSL_TEMP_CA);
+    return wolfSSL_CertManagerUnloadTypeCerts(cm, WOLFSSL_TEMP_CA);
 }
 #endif
 
@@ -493,7 +493,7 @@ int wolfSSL_CertManagerUnloadIntermediateCerts(
     WOLFSSL_CERT_MANAGER* cm)
 {
     WOLFSSL_ENTER("wolfSSL_CertManagerUnloadIntermediateCerts");
-    return wolfSSL_CertManagerUnloadIntermediateCertsEx(cm, WOLFSSL_CHAIN_CA);
+    return wolfSSL_CertManagerUnloadTypeCerts(cm, WOLFSSL_CHAIN_CA);
 }
 
 #ifdef WOLFSSL_TRUST_PEER_CERT
@@ -530,7 +530,7 @@ int wolfSSL_CertManagerUnload_trust_peers(WOLFSSL_CERT_MANAGER* cm)
 }
 #endif /* WOLFSSL_TRUST_PEER_CERT */
 
-/* Load certificate/s from buffer with flags.
+/* Load certificate/s from buffer with flags and type.
  *
  * @param [in] cm         Certificate manager.
  * @param [in] buff       Buffer holding encoding of certificate.
@@ -544,17 +544,26 @@ int wolfSSL_CertManagerUnload_trust_peers(WOLFSSL_CERT_MANAGER* cm)
  *                          WOLFSSL_LOAD_FLAG_PEM_CA_ONLY,
  *                          WOLFSSL_LOAD_FLAG_IGNORE_BAD_PATH_ERR, and
  *                          WOLFSSL_LOAD_FLAG_IGNORE_ZEROFILE.
+ * @param [in] type       The CA cert's type, used in the internal CA
+                            table.  Defaults to WOLFSSL_USER_CA, passing
+                            in WOLFSSL_USER_CA = noop.  Recommended to
+                            set to WOLFSSL_USER_INTER when loading
+                            intermediate certs to allow unloading via
+                            wolfSSL_CertManagerUnloadTypeCerts.
  * @return  WOLFSSL_SUCCESS on success.
  * @return  WOLFSSL_FATAL_ERROR when cm is NULL or failed create WOLFSSL_CTX.
  * @return  Other values on loading failure.
  */
-int wolfSSL_CertManagerLoadCABuffer_ex(WOLFSSL_CERT_MANAGER* cm,
-    const unsigned char* buff, long sz, int format, int userChain, word32 flags)
+int wolfSSL_CertManagerLoadCABufferType(WOLFSSL_CERT_MANAGER* cm,
+    const unsigned char* buff, long sz, int format, int userChain,
+    word32 flags, int type)
 {
     int ret = WOLFSSL_SUCCESS;
     WOLFSSL_CTX* tmp = NULL;
+    DecodedCert* dCert = NULL;
+    DerBuffer* der = NULL;
 
-    WOLFSSL_ENTER("wolfSSL_CertManagerLoadCABuffer_ex");
+    WOLFSSL_ENTER("wolfSSL_CertManagerLoadCABufferType");
 
     /* Validate parameters. */
     if (cm == NULL) {
@@ -583,10 +592,81 @@ int wolfSSL_CertManagerLoadCABuffer_ex(WOLFSSL_CERT_MANAGER* cm,
         /* Clear certificate manager in WOLFSSL_CTX so it won't be freed. */
         tmp->cm = NULL;
     }
+    if (ret == WOLFSSL_SUCCESS && type != WOLFSSL_USER_CA) {
+        dCert = (DecodedCert*)XMALLOC(sizeof(DecodedCert), cm->heap,
+                                                DYNAMIC_TYPE_DCERT);
+
+        if (dCert == NULL) {
+            ret = WOLFSSL_FATAL_ERROR;
+        } else {
+            if (format == WOLFSSL_FILETYPE_PEM) {
+            #ifndef WOLFSSL_PEM_TO_DER
+                ret = NOT_COMPILED_IN;
+            #else
+                ret = PemToDer(buff, sz, CERT_TYPE, &der, cm->heap, NULL, NULL);
+                if (!ret) {
+                    /* Replace buffer pointer and size with DER buffer. */
+                    buff = der->buffer;
+                    sz = (long)der->length;
+                    ret = WOLFSSL_SUCCESS;
+                } else {
+                    WOLFSSL_ERROR(ret);
+                    ret = WOLFSSL_FATAL_ERROR;
+                }
+            #endif
+            }
+
+            if (ret == WOLFSSL_SUCCESS) {
+                XMEMSET(dCert, 0, sizeof(DecodedCert));
+                wc_InitDecodedCert(dCert, buff,
+                                (word32)sz, cm->heap);
+                ret = wc_ParseCert(dCert, CERT_TYPE, NO_VERIFY, NULL);
+                if (ret) {
+                    ret = WOLFSSL_FATAL_ERROR;
+                } else {
+                    ret = SetCAType(cm, dCert->extSubjKeyId, type);
+                }
+            }
+
+            if (dCert) {
+                wc_FreeDecodedCert(dCert);
+                XFREE(dCert, cm->heap, DYNAMIC_TYPE_DCERT);
+            }
+            if (der) {
+                FreeDer(&der);
+            }
+        }
+    }
 
     /* Dispose of temporary WOLFSSL_CTX. */
     wolfSSL_CTX_free(tmp);
     return ret;
+
+}
+
+/* Load certificate/s from buffer with flags.
+ *
+ * @param [in] cm         Certificate manager.
+ * @param [in] buff       Buffer holding encoding of certificate.
+ * @param [in] sz         Length in bytes of data in buffer.
+ * @param [in] format     Format of encoding. Valid values:
+ *                          WOLFSSL_FILETYPE_ASN1, WOLFSSL_FILETYPE_PEM.
+ * @param [in] userChain  Indicates buffer holds chain of certificates.
+ * @param [in] flags      Flags to modify behaviour of loading. Valid flags:
+ *                          WOLFSSL_LOAD_FLAG_IGNORE_ERR,
+ *                          WOLFSSL_LOAD_FLAG_DATE_ERR_OKAY,
+ *                          WOLFSSL_LOAD_FLAG_PEM_CA_ONLY,
+ *                          WOLFSSL_LOAD_FLAG_IGNORE_BAD_PATH_ERR, and
+ *                          WOLFSSL_LOAD_FLAG_IGNORE_ZEROFILE.
+ * @return  WOLFSSL_SUCCESS on success.
+ * @return  WOLFSSL_FATAL_ERROR when cm is NULL or failed create WOLFSSL_CTX.
+ * @return  Other values on loading failure.
+ */
+int wolfSSL_CertManagerLoadCABuffer_ex(WOLFSSL_CERT_MANAGER* cm,
+    const unsigned char* buff, long sz, int format, int userChain, word32 flags)
+{
+    return wolfSSL_CertManagerLoadCABufferType(cm, buff, sz, format, userChain,
+        flags, WOLFSSL_USER_CA);
 }
 
 /* Load certificate/s from buffer into table.
diff --git a/src/ssl_crypto.c b/src/ssl_crypto.c
index 6ba73ab25..9a64e3680 100644
--- a/src/ssl_crypto.c
+++ b/src/ssl_crypto.c
@@ -3102,7 +3102,7 @@ void wolfSSL_AES_encrypt(const unsigned char* input, unsigned char* output,
     else
 #if !defined(HAVE_SELFTEST) && \
     (!defined(HAVE_FIPS) || (defined(FIPS_VERSION_GE) && FIPS_VERSION_GE(5,3)) \
-    || defined(WOLFSSL_LINUXKM))
+    || defined(WOLFSSL_KERNEL_MODE))
     /* Encrypt a block with wolfCrypt AES. */
     if (wc_AesEncryptDirect((Aes*)key, output, input) != 0) {
         WOLFSSL_MSG("wc_AesEncryptDirect failed");
diff --git a/src/ssl_load.c b/src/ssl_load.c
index d50fae933..fac44a2e2 100644
--- a/src/ssl_load.c
+++ b/src/ssl_load.c
@@ -28,6 +28,7 @@
  */
 
 #ifdef WOLFSSL_SYS_CA_CERTS
+/* Will be turned off automatically when NO_FILESYSTEM is defined */
 
 #ifdef _WIN32
     #define _WINSOCKAPI_ /* block inclusion of winsock.h header file */
@@ -59,6 +60,8 @@
     #endif
 #else
 
+#include <wolfssl/wolfcrypt/logging.h>
+
 #if defined(HAVE_SESSION_TICKET) || !defined(NO_PSK)
     /* PSK field of context when it exists. */
     #define CTX_HAVE_PSK(ctx)   (ctx)->havePSK
@@ -2721,7 +2724,7 @@ int ProcessFile(WOLFSSL_CTX* ctx, const char* fname, int format, int type,
         &sz);
     if ((ret == 0) && (type == DETECT_CERT_TYPE) &&
             (format != WOLFSSL_FILETYPE_PEM)) {
-        WOLFSSL_MSG("Cannot detect certificate type when not PEM");
+        WOLFSSL_MSG_CERT_LOG("Cannot detect certificate type when not PEM");
         ret = WOLFSSL_BAD_CERTTYPE;
     }
     /* Try to detect type by parsing cert header and footer. */
@@ -2729,17 +2732,24 @@ int ProcessFile(WOLFSSL_CTX* ctx, const char* fname, int format, int type,
 #if !defined(NO_CODING) && !defined(WOLFSSL_NO_PEM)
         const char* header = NULL;
         const char* footer = NULL;
+#ifdef HAVE_CRL
+        WOLFSSL_MSG_CERT("Detecting cert type... (including CRL_TYPE)");
+#else
+        WOLFSSL_MSG_CERT("Detecting cert type... (HAVE_CRL not defined)");
+#endif
 
         /* Look for CA header and footer - same as CERT_TYPE. */
         if (wc_PemGetHeaderFooter(CA_TYPE, &header, &footer) == 0 &&
                 (XSTRNSTR((char*)content.buffer, header, (word32)sz) != NULL)) {
             type = CA_TYPE;
+            WOLFSSL_MSG_CERT_LOG_EX("Detected cert type CA_TYPE = %d:", type);
         }
 #ifdef HAVE_CRL
         /* Look for CRL header and footer. */
         else if (wc_PemGetHeaderFooter(CRL_TYPE, &header, &footer) == 0 &&
                 (XSTRNSTR((char*)content.buffer, header, (word32)sz) != NULL)) {
             type = CRL_TYPE;
+            WOLFSSL_MSG_CERT_LOG_EX("Detected cert type CRL_TYPE = %d:", type);
         }
 #endif
         /* Look for cert header and footer - same as CA_TYPE. */
@@ -2747,12 +2757,13 @@ int ProcessFile(WOLFSSL_CTX* ctx, const char* fname, int format, int type,
                 (XSTRNSTR((char*)content.buffer, header, (word32)sz) !=
                     NULL)) {
             type = CERT_TYPE;
+            WOLFSSL_MSG_CERT_LOG_EX("Detected cert type CERT_TYPE = %d:", type);
         }
         else
-#endif
+#endif /* !NO_CODING && !WOLFSSL_NO_PEM */
         {
             /* Not a header that we support. */
-            WOLFSSL_MSG("Failed to detect certificate type");
+            WOLFSSL_MSG_CERT_LOG("Failed to detect certificate type");
 #ifdef WOLFSSL_DEBUG_CERTIFICATE_LOADS
             WOLFSSL_DEBUG_PRINTF(
                 "ERROR: ProcessFile: Failed to detect certificate type"
@@ -2761,17 +2772,19 @@ int ProcessFile(WOLFSSL_CTX* ctx, const char* fname, int format, int type,
 #endif
             ret = WOLFSSL_BAD_CERTTYPE;
         }
-    }
+    } /* (ret == 0) && (type == DETECT_CERT_TYPE) */
+
     if (ret == 0) {
         /* When CA or trusted peer and PEM - process as a chain buffer. */
         if (((type == CA_TYPE) || (type == TRUSTED_PEER_TYPE)) &&
                 (format == WOLFSSL_FILETYPE_PEM)) {
+            WOLFSSL_MSG_CERT("Processing cert chain buffer...");
             ret = ProcessChainBuffer(ctx, ssl, content.buffer, sz, type,
                 verify, fname);
         }
 #ifdef HAVE_CRL
         else if (type == CRL_TYPE) {
-            /* Load the CRL. */
+            WOLFSSL_MSG_CERT("Loading CRL...");
             ret = BufferLoadCRL(crl, content.buffer, sz, format, verify);
         }
 #endif
@@ -3005,9 +3018,15 @@ int wolfSSL_CTX_load_verify_locations_ex(WOLFSSL_CTX* ctx, const char* file,
         }
 
         if (file != NULL) {
+#ifdef WOLFSSL_PEM_TO_DER
             /* Load the PEM formatted CA file */
             ret = ProcessFile(ctx, file, WOLFSSL_FILETYPE_PEM, CA_TYPE, NULL, 0,
                 NULL, verify);
+#else
+            /* Load the DER formatted CA file */
+            ret = ProcessFile(ctx, file, WOLFSSL_FILETYPE_ASN1, CA_TYPE, NULL, 0,
+                NULL, verify);
+#endif
 #ifndef NO_WOLFSSL_DIR
             if (ret == 1) {
                 /* Include success in overall count. */
@@ -3016,7 +3035,11 @@ int wolfSSL_CTX_load_verify_locations_ex(WOLFSSL_CTX* ctx, const char* file,
 #endif
 #if defined(WOLFSSL_TRUST_PEER_CERT) && defined(OPENSSL_COMPATIBLE_DEFAULTS)
             /* Load CA as a trusted peer certificate. */
+#ifdef WOLFSSL_PEM_TO_DER
             ret = wolfSSL_CTX_trust_peer_cert(ctx, file, WOLFSSL_FILETYPE_PEM);
+#else
+            ret = wolfSSL_CTX_trust_peer_cert(ctx, file, WOLFSSL_FILETYPE_ASN1);
+#endif
             if (ret != 1) {
                 WOLFSSL_MSG("wolfSSL_CTX_trust_peer_cert error");
             }
@@ -3579,8 +3602,13 @@ int wolfSSL_CTX_use_certificate_chain_file(WOLFSSL_CTX* ctx, const char* file)
     /* process up to MAX_CHAIN_DEPTH plus subject cert */
     WOLFSSL_ENTER("wolfSSL_CTX_use_certificate_chain_file");
 
+#ifdef WOLFSSL_PEM_TO_DER
     ret = ProcessFile(ctx, file, WOLFSSL_FILETYPE_PEM, CERT_TYPE, NULL, 1, NULL,
         GET_VERIFY_SETTING_CTX(ctx));
+#else
+    ret = ProcessFile(ctx, file, WOLFSSL_FILETYPE_ASN1, CERT_TYPE, NULL, 1, NULL,
+        GET_VERIFY_SETTING_CTX(ctx));
+#endif
 
     /* Return 1 on success or 0 on failure. */
     return WS_RC(ret);
@@ -3882,8 +3910,13 @@ int wolfSSL_use_certificate_chain_file(WOLFSSL* ssl, const char* file)
         ret = BAD_FUNC_ARG;
     }
     else {
+#ifdef WOLFSSL_PEM_TO_DER
         ret = ProcessFile(ssl->ctx, file, WOLFSSL_FILETYPE_PEM, CERT_TYPE, ssl,
             1, NULL, GET_VERIFY_SETTING_SSL(ssl));
+#else
+        ret = ProcessFile(ssl->ctx, file, WOLFSSL_FILETYPE_ASN1, CERT_TYPE, ssl,
+            1, NULL, GET_VERIFY_SETTING_SSL(ssl));
+#endif
         /* Return 1 on success or 0 on failure. */
         ret = WS_RC(ret);
     }
@@ -4470,8 +4503,13 @@ int wolfSSL_CTX_use_certificate_chain_buffer_format(WOLFSSL_CTX* ctx,
 int wolfSSL_CTX_use_certificate_chain_buffer(WOLFSSL_CTX* ctx,
     const unsigned char* in, long sz)
 {
+#ifdef WOLFSSL_PEM_TO_DER
     return wolfSSL_CTX_use_certificate_chain_buffer_format(ctx, in, sz,
         WOLFSSL_FILETYPE_PEM);
+#else
+    return wolfSSL_CTX_use_certificate_chain_buffer_format(ctx, in, sz,
+        WOLFSSL_FILETYPE_ASN1);
+#endif
 }
 
 /* Load a user certificate in a buffer into SSL.
@@ -4810,8 +4848,13 @@ int wolfSSL_use_certificate_chain_buffer_format(WOLFSSL* ssl,
 int wolfSSL_use_certificate_chain_buffer(WOLFSSL* ssl, const unsigned char* in,
     long sz)
 {
+#ifdef WOLFSSL_PEM_TO_DER
     return wolfSSL_use_certificate_chain_buffer_format(ssl, in, sz,
         WOLFSSL_FILETYPE_PEM);
+#else
+    return wolfSSL_use_certificate_chain_buffer_format(ssl, in, sz,
+        WOLFSSL_FILETYPE_ASN1);
+#endif
 }
 
 #if defined(OPENSSL_EXTRA) || defined(HAVE_LIGHTY) || \
diff --git a/src/ssl_sess.c b/src/ssl_sess.c
index bd869d346..50e3fedb4 100644
--- a/src/ssl_sess.c
+++ b/src/ssl_sess.c
@@ -290,7 +290,7 @@ WOLFSSL_SESSION* wolfSSL_get1_session(WOLFSSL* ssl)
 }
 
 /* session is a private struct, return if it is setup or not */
-WOLFSSL_API int wolfSSL_SessionIsSetup(WOLFSSL_SESSION* session)
+int wolfSSL_SessionIsSetup(WOLFSSL_SESSION* session)
 {
     if (session != NULL)
         return session->isSetup;
diff --git a/src/tls.c b/src/tls.c
index c6c811194..6ee4621bf 100644
--- a/src/tls.c
+++ b/src/tls.c
@@ -52,7 +52,7 @@
 #endif
 
 #if defined(WOLFSSL_RENESAS_TSIP_TLS)
-    #include <wolfssl/wolfcrypt/port/Renesas/renesas-tsip-crypt.h>
+    #include <wolfssl/wolfcrypt/port/Renesas/renesas_tsip_internal.h>
 #endif
 
 #include <wolfssl/wolfcrypt/hpke.h>
@@ -448,12 +448,12 @@ static int _DeriveTlsKeys(byte* key_dig, word32 key_dig_len,
 }
 
 /* External facing wrapper so user can call as well, 0 on success */
-int wolfSSL_DeriveTlsKeys(byte* key_dig, word32 key_dig_len,
+int wolfSSL_DeriveTlsKeys(byte* key_data, word32 keyLen,
                          const byte* ms, word32 msLen,
                          const byte* sr, const byte* cr,
                          int tls1_2, int hash_type)
 {
-    return _DeriveTlsKeys(key_dig, key_dig_len, ms, msLen, sr, cr, tls1_2,
+    return _DeriveTlsKeys(key_data, keyLen, ms, msLen, sr, cr, tls1_2,
         hash_type, NULL, INVALID_DEVID);
 }
 
@@ -705,7 +705,7 @@ int MakeTlsMasterSecret(WOLFSSL* ssl)
 
 /* Used by EAP-TLS and EAP-TTLS to derive keying material from
  * the master_secret. */
-int wolfSSL_make_eap_keys(WOLFSSL* ssl, void* msk, unsigned int len,
+int wolfSSL_make_eap_keys(WOLFSSL* ssl, void* key, unsigned int len,
                                                               const char* label)
 {
     int   ret;
@@ -730,7 +730,7 @@ int wolfSSL_make_eap_keys(WOLFSSL* ssl, void* msk, unsigned int len,
 
 #ifdef WOLFSSL_HAVE_PRF
     PRIVATE_KEY_UNLOCK();
-    ret = wc_PRF_TLS((byte*)msk, len, ssl->arrays->masterSecret, SECRET_LEN,
+    ret = wc_PRF_TLS((byte*)key, len, ssl->arrays->masterSecret, SECRET_LEN,
               (const byte *)label, (word32)XSTRLEN(label), seed, SEED_LEN,
               IsAtLeastTLSv1_2(ssl), ssl->specs.mac_algorithm,
               ssl->heap, ssl->devId);
@@ -740,7 +740,7 @@ int wolfSSL_make_eap_keys(WOLFSSL* ssl, void* msk, unsigned int len,
     ret = PRF_MISSING;
     WOLFSSL_MSG("Pseudo-random function is not enabled");
 
-    (void)msk;
+    (void)key;
     (void)len;
     (void)label;
 #endif
@@ -946,7 +946,10 @@ static int Hmac_UpdateFinal_CT(Hmac* hmac, byte* digest, const byte* in,
     unsigned int k;
     int          blockBits, blockMask;
     int          lastBlockLen, extraLen, eocIndex;
-    int          blocks, safeBlocks, lenBlock, eocBlock;
+    int          blocks;
+    int          safeBlocks;
+    int          lenBlock;
+    int          eocBlock;
     word32       maxLen;
     int          blockSz, padSz;
     int          ret;
@@ -1056,7 +1059,8 @@ static int Hmac_UpdateFinal_CT(Hmac* hmac, byte* digest, const byte* in,
 
         for (j = 0; j < blockSz; j++) {
             unsigned char atEoc = ctMaskEq(j, eocIndex) & isEocBlock;
-            unsigned char pastEoc = ctMaskGT(j, eocIndex) & isEocBlock;
+            volatile unsigned char maskPastEoc = ctMaskGT(j, eocIndex);
+            volatile unsigned char pastEoc = maskPastEoc & isEocBlock;
             unsigned char b = 0;
 
             if (k < headerSz)
@@ -4580,26 +4584,26 @@ static int TLSX_IsGroupSupported(int namedGroup)
     #ifdef WOLFSSL_WC_MLKEM
         #ifndef WOLFSSL_NO_ML_KEM_512
             case WOLFSSL_ML_KEM_512:
-            case WOLFSSL_P256_ML_KEM_512:
+            case WOLFSSL_SECP256R1MLKEM512:
         #if defined(HAVE_CURVE25519) && ECC_MIN_KEY_SZ <= 256
-            case WOLFSSL_X25519_ML_KEM_512:
+            case WOLFSSL_X25519MLKEM512:
         #endif
         #endif
         #ifndef WOLFSSL_NO_ML_KEM_768
             case WOLFSSL_ML_KEM_768:
-            case WOLFSSL_P384_ML_KEM_768:
-            case WOLFSSL_P256_ML_KEM_768:
+            case WOLFSSL_SECP384R1MLKEM768:
+            case WOLFSSL_SECP256R1MLKEM768:
         #if defined(HAVE_CURVE25519) && ECC_MIN_KEY_SZ <= 256
-            case WOLFSSL_X25519_ML_KEM_768:
+            case WOLFSSL_X25519MLKEM768:
         #endif
         #if defined(HAVE_CURVE448) && ECC_MIN_KEY_SZ <= 448
-            case WOLFSSL_X448_ML_KEM_768:
+            case WOLFSSL_X448MLKEM768:
         #endif
         #endif
         #ifndef WOLFSSL_NO_ML_KEM_1024
             case WOLFSSL_ML_KEM_1024:
-            case WOLFSSL_P521_ML_KEM_1024:
-            case WOLFSSL_P384_ML_KEM_1024:
+            case WOLFSSL_SECP521R1MLKEM1024:
+            case WOLFSSL_SECP384R1MLKEM1024:
                 break;
         #endif
 #ifdef WOLFSSL_ML_KEM_USE_OLD_IDS
@@ -4626,14 +4630,14 @@ static int TLSX_IsGroupSupported(int namedGroup)
             break;
         }
 
-        case WOLFSSL_P256_ML_KEM_512:
-        case WOLFSSL_P384_ML_KEM_768:
-        case WOLFSSL_P256_ML_KEM_768:
-        case WOLFSSL_P521_ML_KEM_1024:
-        case WOLFSSL_P384_ML_KEM_1024:
-        case WOLFSSL_X25519_ML_KEM_512:
-        case WOLFSSL_X448_ML_KEM_768:
-        case WOLFSSL_X25519_ML_KEM_768:
+        case WOLFSSL_SECP256R1MLKEM512:
+        case WOLFSSL_SECP384R1MLKEM768:
+        case WOLFSSL_SECP256R1MLKEM768:
+        case WOLFSSL_SECP521R1MLKEM1024:
+        case WOLFSSL_SECP384R1MLKEM1024:
+        case WOLFSSL_X25519MLKEM512:
+        case WOLFSSL_X448MLKEM768:
+        case WOLFSSL_X25519MLKEM768:
         {
             int ret;
             int id;
@@ -5285,14 +5289,16 @@ static int tlsx_ffdhe_find_group(WOLFSSL* ssl, SupportedCurve* clientGroup,
             if (serverGroup->name != group->name)
                 continue;
 
-            wc_DhGetNamedKeyParamSize(serverGroup->name, &p_len, NULL, NULL);
-            if (p_len == 0) {
-                ret = BAD_FUNC_ARG;
-                break;
-            }
-            if (p_len >= ssl->options.minDhKeySz &&
-                                             p_len <= ssl->options.maxDhKeySz) {
-                break;
+            ret = wc_DhGetNamedKeyParamSize(serverGroup->name, &p_len, NULL, NULL);
+            if (ret == 0) {
+                if (p_len == 0) {
+                    ret = BAD_FUNC_ARG;
+                    break;
+                }
+                if (p_len >= ssl->options.minDhKeySz &&
+                                                p_len <= ssl->options.maxDhKeySz) {
+                    break;
+                }
             }
         }
 
@@ -5884,15 +5890,15 @@ int TLSX_UseSupportedCurve(TLSX** extensions, word16 name, void* heap)
         if (ret != 0)
             return ret;
 #ifdef WOLFSSL_ML_KEM_USE_OLD_IDS
-        if (name == WOLFSSL_P256_ML_KEM_512) {
+        if (name == WOLFSSL_SECP256R1MLKEM512) {
             ret = TLSX_SupportedCurve_Append((SupportedCurve*)extension->data,
                 WOLFSSL_P256_ML_KEM_512_OLD, heap);
         }
-        else if (name == WOLFSSL_P384_ML_KEM_768) {
+        else if (name == WOLFSSL_SECP384R1MLKEM768) {
             ret = TLSX_SupportedCurve_Append((SupportedCurve*)extension->data,
                 WOLFSSL_P384_ML_KEM_768_OLD, heap);
         }
-        else if (name == WOLFSSL_P521_ML_KEM_1024) {
+        else if (name == WOLFSSL_SECP521R1MLKEM1024) {
             ret = TLSX_SupportedCurve_Append((SupportedCurve*)extension->data,
                 WOLFSSL_P521_ML_KEM_1024_OLD, heap);
         }
@@ -7316,9 +7322,11 @@ static int TLSX_Cookie_Parse(WOLFSSL* ssl, const byte* input, word16 length,
     if (length - idx != len)
         return BUFFER_E;
 
-    if (msgType == hello_retry_request)
+    if (msgType == hello_retry_request) {
+        ssl->options.hrrSentCookie = 1;
         return TLSX_Cookie_Use(ssl, input + idx, len, NULL, 0, 1,
                                &ssl->extensions);
+    }
 
     /* client_hello */
     extension = TLSX_Find(ssl->extensions, TLSX_COOKIE);
@@ -7425,18 +7433,9 @@ static word16 TLSX_CA_Names_GetSize(void* data)
     WOLF_STACK_OF(WOLFSSL_X509_NAME)* names;
     word16 size = 0;
 
-    if (ssl->options.side == WOLFSSL_CLIENT_END) {
-        /* To add support use a different member like ssl->ca_names and
-         * add accessor functions:
-         * - *_set0_CA_list
-         * - *_get0_CA_list */
-        WOLFSSL_MSG("We don't currently support sending the client's list.");
-        return 0;
-    }
-
     /* Length of names */
     size += OPAQUE16_LEN;
-    for (names = SSL_CA_NAMES(ssl); names != NULL; names = names->next) {
+    for (names = SSL_PRIORITY_CA_NAMES(ssl); names != NULL; names = names->next) {
         byte seq[MAX_SEQ_SZ];
         WOLFSSL_X509_NAME* name = names->data.name;
 
@@ -7455,19 +7454,10 @@ static word16 TLSX_CA_Names_Write(void* data, byte* output)
     WOLF_STACK_OF(WOLFSSL_X509_NAME)* names;
     byte* len;
 
-    if (ssl->options.side == WOLFSSL_CLIENT_END) {
-        /* To add support use a different member like ssl->ca_names and
-         * add accessor functions:
-         * - *_set0_CA_list
-         * - *_get0_CA_list */
-        WOLFSSL_MSG("We don't currently support sending the client's list.");
-        return 0;
-    }
-
     /* Reserve space for the length value */
     len = output;
     output += OPAQUE16_LEN;
-    for (names = SSL_CA_NAMES(ssl); names != NULL; names = names->next) {
+    for (names = SSL_PRIORITY_CA_NAMES(ssl); names != NULL; names = names->next) {
         byte seq[MAX_SEQ_SZ];
         WOLFSSL_X509_NAME* name = names->data.name;
 
@@ -7492,19 +7482,9 @@ static int TLSX_CA_Names_Parse(WOLFSSL *ssl, const byte* input,
 
     (void)isRequest;
 
-    if (ssl->options.side == WOLFSSL_SERVER_END) {
-        /* To add support use a different member like ssl->ca_names and
-         * add accessor functions:
-         * - *_set0_CA_list
-         * - *_get0_CA_list */
-        WOLFSSL_MSG("We don't currently support parsing the client's list.");
-        return 0;
-    }
-
-    if (ssl->client_ca_names != ssl->ctx->client_ca_names)
-        wolfSSL_sk_X509_NAME_pop_free(ssl->client_ca_names, NULL);
-    ssl->client_ca_names = wolfSSL_sk_X509_NAME_new(NULL);
-    if (ssl->client_ca_names == NULL)
+    wolfSSL_sk_X509_NAME_pop_free(ssl->peer_ca_names, NULL);
+    ssl->peer_ca_names = wolfSSL_sk_X509_NAME_new(NULL);
+    if (ssl->peer_ca_names == NULL)
         return MEMORY_ERROR;
 
     if (length < OPAQUE16_LEN)
@@ -7556,7 +7536,7 @@ static int TLSX_CA_Names_Parse(WOLFSSL *ssl, const byte* input,
 
         if (ret == 0) {
             CopyDecodedName(name, cert, ASN_SUBJECT);
-            if (wolfSSL_sk_X509_NAME_push(ssl->client_ca_names, name) <= 0)
+            if (wolfSSL_sk_X509_NAME_push(ssl->peer_ca_names, name) <= 0)
                 ret = MEMORY_ERROR;
         }
 
@@ -7871,6 +7851,14 @@ static int TLSX_SetSignatureAlgorithmsCert(TLSX** extensions,
 /* Key Share                                                                  */
 /******************************************************************************/
 
+#ifndef MAX_KEYSHARE_NAMED_GROUPS
+    #if defined(WOLFSSL_HAVE_MLKEM) && !defined(WOLFSSL_MLKEM_NO_MAKE_KEY)
+        #define MAX_KEYSHARE_NAMED_GROUPS    24
+    #else
+        #define MAX_KEYSHARE_NAMED_GROUPS    12
+    #endif
+#endif
+
 #if defined(WOLFSSL_TLS13) && defined(HAVE_SUPPORTED_CURVES)
 /* Create a key share entry using named Diffie-Hellman parameters group.
  * Generates a key pair.
@@ -8465,22 +8453,22 @@ typedef struct PqcHybridMapping {
 
 static const PqcHybridMapping pqc_hybrid_mapping[] = {
 #ifndef WOLFSSL_NO_ML_KEM
-    {WOLFSSL_P256_ML_KEM_512, WOLFSSL_ECC_SECP256R1, WOLFSSL_ML_KEM_512, 0},
-    {WOLFSSL_P384_ML_KEM_768, WOLFSSL_ECC_SECP384R1, WOLFSSL_ML_KEM_768, 0},
-    {WOLFSSL_P256_ML_KEM_768, WOLFSSL_ECC_SECP256R1, WOLFSSL_ML_KEM_768, 0},
-    {WOLFSSL_P521_ML_KEM_1024, WOLFSSL_ECC_SECP521R1, WOLFSSL_ML_KEM_1024, 0},
-    {WOLFSSL_P384_ML_KEM_1024, WOLFSSL_ECC_SECP384R1, WOLFSSL_ML_KEM_1024, 0},
+    {WOLFSSL_SECP256R1MLKEM512, WOLFSSL_ECC_SECP256R1, WOLFSSL_ML_KEM_512, 0},
+    {WOLFSSL_SECP384R1MLKEM768, WOLFSSL_ECC_SECP384R1, WOLFSSL_ML_KEM_768, 0},
+    {WOLFSSL_SECP256R1MLKEM768, WOLFSSL_ECC_SECP256R1, WOLFSSL_ML_KEM_768, 0},
+    {WOLFSSL_SECP521R1MLKEM1024, WOLFSSL_ECC_SECP521R1, WOLFSSL_ML_KEM_1024, 0},
+    {WOLFSSL_SECP384R1MLKEM1024, WOLFSSL_ECC_SECP384R1, WOLFSSL_ML_KEM_1024, 0},
 #ifdef WOLFSSL_ML_KEM_USE_OLD_IDS
     {WOLFSSL_P256_ML_KEM_512_OLD, WOLFSSL_ECC_SECP256R1, WOLFSSL_ML_KEM_512, 0},
     {WOLFSSL_P384_ML_KEM_768_OLD, WOLFSSL_ECC_SECP384R1, WOLFSSL_ML_KEM_768, 0},
     {WOLFSSL_P521_ML_KEM_1024_OLD, WOLFSSL_ECC_SECP521R1, WOLFSSL_ML_KEM_1024, 0},
 #endif
 #ifdef HAVE_CURVE25519
-    {WOLFSSL_X25519_ML_KEM_512, WOLFSSL_ECC_X25519, WOLFSSL_ML_KEM_512, 1},
-    {WOLFSSL_X25519_ML_KEM_768, WOLFSSL_ECC_X25519, WOLFSSL_ML_KEM_768, 1},
+    {WOLFSSL_X25519MLKEM512, WOLFSSL_ECC_X25519, WOLFSSL_ML_KEM_512, 1},
+    {WOLFSSL_X25519MLKEM768, WOLFSSL_ECC_X25519, WOLFSSL_ML_KEM_768, 1},
 #endif
 #ifdef HAVE_CURVE448
-    {WOLFSSL_X448_ML_KEM_768, WOLFSSL_ECC_X448, WOLFSSL_ML_KEM_768, 1},
+    {WOLFSSL_X448MLKEM768, WOLFSSL_ECC_X448, WOLFSSL_ML_KEM_768, 1},
 #endif
 #endif /* WOLFSSL_NO_ML_KEM */
 #ifdef WOLFSSL_MLKEM_KYBER
@@ -8537,7 +8525,11 @@ static int TLSX_KeyShare_GenPqcKeyClient(WOLFSSL *ssl, KeyShareEntry* kse)
     int ret = 0;
     int type = 0;
 #ifndef WOLFSSL_TLSX_PQC_MLKEM_STORE_OBJ
-    KyberKey kem[1];
+    #ifdef WOLFSSL_SMALL_STACK
+        KyberKey *kem = NULL;
+    #else
+        KyberKey kem[1];
+    #endif
     byte* privKey = NULL;
     word32 privSz = 0;
 #else
@@ -8559,6 +8551,18 @@ static int TLSX_KeyShare_GenPqcKeyClient(WOLFSSL *ssl, KeyShareEntry* kse)
     }
 
 #ifndef WOLFSSL_TLSX_PQC_MLKEM_STORE_OBJ
+
+    #ifdef WOLFSSL_SMALL_STACK
+    if (ret == 0) {
+        kem = (KyberKey *)XMALLOC(sizeof(*kem), ssl->heap,
+                                  DYNAMIC_TYPE_PRIVATE_KEY);
+        if (kem == NULL) {
+            WOLFSSL_MSG("KEM memory allocation failure");
+            ret = MEMORY_ERROR;
+        }
+    }
+    #endif /* WOLFSSL_SMALL_STACK */
+
     if (ret == 0) {
         ret = wc_KyberKey_Init(type, kem, ssl->heap, ssl->devId);
         if (ret != 0) {
@@ -8658,6 +8662,11 @@ static int TLSX_KeyShare_GenPqcKeyClient(WOLFSSL *ssl, KeyShareEntry* kse)
     #endif
     }
 
+    #if !defined(WOLFSSL_TLSX_PQC_MLKEM_STORE_OBJ) && \
+        defined(WOLFSSL_SMALL_STACK)
+    XFREE(kem, ssl->heap, DYNAMIC_TYPE_PRIVATE_KEY);
+    #endif
+
     return ret;
 }
 
@@ -9851,6 +9860,7 @@ static int TLSX_KeyShare_Process(WOLFSSL* ssl, KeyShareEntry* keyShareEntry)
     int ret;
 
 #if defined(HAVE_SESSION_TICKET) || !defined(NO_PSK)
+    keyShareEntry->session = ssl->session->namedGroup;
     ssl->session->namedGroup = keyShareEntry->group;
 #endif
     /* reset the pre master secret size */
@@ -9879,6 +9889,9 @@ static int TLSX_KeyShare_Process(WOLFSSL* ssl, KeyShareEntry* keyShareEntry)
         WOLFSSL_BUFFER(ssl->arrays->preMasterSecret, ssl->arrays->preMasterSz);
     }
 #endif
+#if defined(HAVE_SESSION_TICKET) || !defined(NO_PSK)
+    keyShareEntry->derived = (ret == 0);
+#endif
 #ifdef WOLFSSL_ASYNC_CRYPT
     keyShareEntry->lastRet = ret;
 #endif
@@ -9896,13 +9909,15 @@ static int TLSX_KeyShare_Process(WOLFSSL* ssl, KeyShareEntry* keyShareEntry)
  * number on error.
  */
 static int TLSX_KeyShareEntry_Parse(const WOLFSSL* ssl, const byte* input,
-            word16 length, KeyShareEntry **kse, TLSX** extensions)
+            word16 length, KeyShareEntry **kse, word16* seenGroups,
+            int* seenGroupsCnt, TLSX** extensions)
 {
     int    ret;
     word16 group;
     word16 keLen;
     int    offset = 0;
     byte*  ke;
+    int    i;
 
     if (length < OPAQUE16_LEN + OPAQUE16_LEN)
         return BUFFER_ERROR;
@@ -9917,6 +9932,19 @@ static int TLSX_KeyShareEntry_Parse(const WOLFSSL* ssl, const byte* input,
     if (keLen > length - offset)
         return BUFFER_ERROR;
 
+    if (seenGroups != NULL) {
+        if (*seenGroupsCnt == MAX_KEYSHARE_NAMED_GROUPS) {
+            return BAD_KEY_SHARE_DATA;
+        }
+        for (i = 0; i < *seenGroupsCnt; i++) {
+            if (seenGroups[i] == group) {
+                return BAD_KEY_SHARE_DATA;
+            }
+        }
+        seenGroups[i] = group;
+        *seenGroupsCnt = i + 1;
+    }
+
 #ifdef WOLFSSL_HAVE_MLKEM
     if ((WOLFSSL_NAMED_GROUP_IS_PQC(group) ||
          WOLFSSL_NAMED_GROUP_IS_PQC_HYBRID(group)) &&
@@ -10021,6 +10049,8 @@ int TLSX_KeyShare_Parse_ClientHello(const WOLFSSL* ssl,
     int    offset = 0;
     word16 len;
     TLSX*  extension;
+    word16 seenGroups[MAX_KEYSHARE_NAMED_GROUPS];
+    int    seenGroupsCnt = 0;
 
     /* Add a KeyShare extension if it doesn't exist even if peer sent no
      * entries. The presence of this extension signals that the peer can be
@@ -10044,7 +10074,8 @@ int TLSX_KeyShare_Parse_ClientHello(const WOLFSSL* ssl,
 
     while (offset < (int)length) {
         ret = TLSX_KeyShareEntry_Parse(ssl, &input[offset],
-                length - (word16)offset, NULL, extensions);
+                length - (word16)offset, NULL, seenGroups, &seenGroupsCnt,
+                extensions);
         if (ret < 0)
             return ret;
 
@@ -10096,8 +10127,8 @@ int TLSX_KeyShare_Parse(WOLFSSL* ssl, const byte* input, word16 length,
         }
 
         /* ServerHello contains one key share entry. */
-        len = TLSX_KeyShareEntry_Parse(ssl, input, length, &keyShareEntry,
-                &ssl->extensions);
+        len = TLSX_KeyShareEntry_Parse(ssl, input, length, &keyShareEntry, NULL,
+                NULL, &ssl->extensions);
         if (len != (int)length)
             return BUFFER_ERROR;
 
@@ -10120,6 +10151,8 @@ int TLSX_KeyShare_Parse(WOLFSSL* ssl, const byte* input, word16 length,
         if (length != OPAQUE16_LEN)
             return BUFFER_ERROR;
 
+        ssl->options.hrrSentKeyShare = 1;
+
         /* The data is the named group the server wants to use. */
         ato16(input, &group);
 
@@ -10582,11 +10615,11 @@ int TLSX_KeyShare_Use(const WOLFSSL* ssl, word16 group, word16 len, byte* data,
     while (keyShareEntry != NULL) {
 #ifdef WOLFSSL_ML_KEM_USE_OLD_IDS
         if ((group == WOLFSSL_P256_ML_KEM_512_OLD &&
-                keyShareEntry->group == WOLFSSL_P256_ML_KEM_512) ||
+                keyShareEntry->group == WOLFSSL_SECP256R1MLKEM512) ||
             (group == WOLFSSL_P384_ML_KEM_768_OLD &&
-                keyShareEntry->group == WOLFSSL_P384_ML_KEM_768) ||
+                keyShareEntry->group == WOLFSSL_SECP384R1MLKEM768) ||
             (group == WOLFSSL_P521_ML_KEM_1024_OLD &&
-                keyShareEntry->group == WOLFSSL_P521_ML_KEM_1024)) {
+                keyShareEntry->group == WOLFSSL_SECP521R1MLKEM1024)) {
             keyShareEntry->group = group;
             break;
         }
@@ -10713,43 +10746,43 @@ static const word16 preferredGroup[] = {
 #ifdef WOLFSSL_WC_MLKEM
     #ifndef WOLFSSL_NO_ML_KEM_512
     WOLFSSL_ML_KEM_512,
-    WOLFSSL_P256_ML_KEM_512,
+    WOLFSSL_SECP256R1MLKEM512,
     #if defined(HAVE_CURVE25519) && ECC_MIN_KEY_SZ <= 256
-    WOLFSSL_X25519_ML_KEM_512,
+    WOLFSSL_X25519MLKEM512,
     #endif
     #endif
     #ifndef WOLFSSL_NO_ML_KEM_768
     WOLFSSL_ML_KEM_768,
-    WOLFSSL_P384_ML_KEM_768,
-    WOLFSSL_P256_ML_KEM_768,
+    WOLFSSL_SECP384R1MLKEM768,
+    WOLFSSL_SECP256R1MLKEM768,
     #if defined(HAVE_CURVE25519) && ECC_MIN_KEY_SZ <= 256
-    WOLFSSL_X25519_ML_KEM_768,
+    WOLFSSL_X25519MLKEM768,
     #endif
     #if defined(HAVE_CURVE448) && ECC_MIN_KEY_SZ <= 448
-    WOLFSSL_X448_ML_KEM_768,
+    WOLFSSL_X448MLKEM768,
     #endif
     #endif
     #ifndef WOLFSSL_NO_ML_KEM_1024
     WOLFSSL_ML_KEM_1024,
-    WOLFSSL_P521_ML_KEM_1024,
-    WOLFSSL_P384_ML_KEM_1024,
+    WOLFSSL_SECP521R1MLKEM1024,
+    WOLFSSL_SECP384R1MLKEM1024,
     #endif
 #elif defined(HAVE_LIBOQS)
     /* These require a runtime call to TLSX_IsGroupSupported to use */
     WOLFSSL_ML_KEM_512,
     WOLFSSL_ML_KEM_768,
     WOLFSSL_ML_KEM_1024,
-    WOLFSSL_P256_ML_KEM_512,
-    WOLFSSL_P384_ML_KEM_768,
-    WOLFSSL_P256_ML_KEM_768,
-    WOLFSSL_P521_ML_KEM_1024,
-    WOLFSSL_P384_ML_KEM_1024,
+    WOLFSSL_SECP256R1MLKEM512,
+    WOLFSSL_SECP384R1MLKEM768,
+    WOLFSSL_SECP256R1MLKEM768,
+    WOLFSSL_SECP521R1MLKEM1024,
+    WOLFSSL_SECP384R1MLKEM1024,
     #if defined(HAVE_CURVE25519) && ECC_MIN_KEY_SZ <= 256
-    WOLFSSL_X25519_ML_KEM_512,
-    WOLFSSL_X25519_ML_KEM_768,
+    WOLFSSL_X25519MLKEM512,
+    WOLFSSL_X25519MLKEM768,
     #endif
     #if defined(HAVE_CURVE448) && ECC_MIN_KEY_SZ <= 448
-    WOLFSSL_X448_ML_KEM_768,
+    WOLFSSL_X448MLKEM768,
     #endif
 #endif
 #endif /* !WOLFSSL_NO_ML_KEM */
@@ -10832,11 +10865,11 @@ static int TLSX_KeyShare_GroupRank(const WOLFSSL* ssl, int group)
     for (i = 0; i < numGroups; i++) {
 #ifdef WOLFSSL_ML_KEM_USE_OLD_IDS
         if ((group == WOLFSSL_P256_ML_KEM_512_OLD &&
-             groups[i] == WOLFSSL_P256_ML_KEM_512) ||
+             groups[i] == WOLFSSL_SECP256R1MLKEM512) ||
             (group == WOLFSSL_P384_ML_KEM_768_OLD &&
-             groups[i] == WOLFSSL_P384_ML_KEM_768) ||
+             groups[i] == WOLFSSL_SECP384R1MLKEM768) ||
             (group == WOLFSSL_P521_ML_KEM_1024_OLD &&
-             groups[i] == WOLFSSL_P521_ML_KEM_1024)) {
+             groups[i] == WOLFSSL_SECP521R1MLKEM1024)) {
             return i;
         }
 #endif
@@ -14441,11 +14474,11 @@ static int TLSX_PopulateSupportedGroups(WOLFSSL* ssl, TLSX** extensions)
         ret = TLSX_UseSupportedCurve(extensions, WOLFSSL_ML_KEM_512,
                                      ssl->heap);
     if (ret == WOLFSSL_SUCCESS)
-        ret = TLSX_UseSupportedCurve(extensions, WOLFSSL_P256_ML_KEM_512,
+        ret = TLSX_UseSupportedCurve(extensions, WOLFSSL_SECP256R1MLKEM512,
                                      ssl->heap);
     #if defined(HAVE_CURVE25519) && ECC_MIN_KEY_SZ <= 256
     if (ret == WOLFSSL_SUCCESS)
-        ret = TLSX_UseSupportedCurve(extensions, WOLFSSL_X25519_ML_KEM_512,
+        ret = TLSX_UseSupportedCurve(extensions, WOLFSSL_X25519MLKEM512,
                                      ssl->heap);
     #endif
 #endif
@@ -14454,19 +14487,19 @@ static int TLSX_PopulateSupportedGroups(WOLFSSL* ssl, TLSX** extensions)
         ret = TLSX_UseSupportedCurve(extensions, WOLFSSL_ML_KEM_768,
                                      ssl->heap);
     if (ret == WOLFSSL_SUCCESS)
-        ret = TLSX_UseSupportedCurve(extensions, WOLFSSL_P384_ML_KEM_768,
+        ret = TLSX_UseSupportedCurve(extensions, WOLFSSL_SECP384R1MLKEM768,
                                      ssl->heap);
     if (ret == WOLFSSL_SUCCESS)
-        ret = TLSX_UseSupportedCurve(extensions, WOLFSSL_P256_ML_KEM_768,
+        ret = TLSX_UseSupportedCurve(extensions, WOLFSSL_SECP256R1MLKEM768,
                                      ssl->heap);
     #if defined(HAVE_CURVE25519) && ECC_MIN_KEY_SZ <= 256
     if (ret == WOLFSSL_SUCCESS)
-        ret = TLSX_UseSupportedCurve(extensions, WOLFSSL_X25519_ML_KEM_768,
+        ret = TLSX_UseSupportedCurve(extensions, WOLFSSL_X25519MLKEM768,
                                      ssl->heap);
     #endif
     #if defined(HAVE_CURVE448) && ECC_MIN_KEY_SZ <= 448
     if (ret == WOLFSSL_SUCCESS)
-        ret = TLSX_UseSupportedCurve(extensions, WOLFSSL_X448_ML_KEM_768,
+        ret = TLSX_UseSupportedCurve(extensions, WOLFSSL_X448MLKEM768,
                                      ssl->heap);
     #endif
 #endif
@@ -14475,10 +14508,10 @@ static int TLSX_PopulateSupportedGroups(WOLFSSL* ssl, TLSX** extensions)
         ret = TLSX_UseSupportedCurve(extensions, WOLFSSL_ML_KEM_1024,
                                      ssl->heap);
     if (ret == WOLFSSL_SUCCESS)
-        ret = TLSX_UseSupportedCurve(extensions, WOLFSSL_P521_ML_KEM_1024,
+        ret = TLSX_UseSupportedCurve(extensions, WOLFSSL_SECP521R1MLKEM1024,
                                      ssl->heap);
     if (ret == WOLFSSL_SUCCESS)
-        ret = TLSX_UseSupportedCurve(extensions, WOLFSSL_P384_ML_KEM_1024,
+        ret = TLSX_UseSupportedCurve(extensions, WOLFSSL_SECP384R1MLKEM1024,
                                      ssl->heap);
 #endif
 #elif defined(HAVE_LIBOQS)
@@ -14490,31 +14523,31 @@ static int TLSX_PopulateSupportedGroups(WOLFSSL* ssl, TLSX** extensions)
         ret = TLSX_UseSupportedCurve(extensions, WOLFSSL_ML_KEM_1024,
                                      ssl->heap);
     if (ret == WOLFSSL_SUCCESS)
-        ret = TLSX_UseSupportedCurve(extensions, WOLFSSL_P256_ML_KEM_512,
+        ret = TLSX_UseSupportedCurve(extensions, WOLFSSL_SECP256R1MLKEM512,
                                      ssl->heap);
     if (ret == WOLFSSL_SUCCESS)
-        ret = TLSX_UseSupportedCurve(extensions, WOLFSSL_P384_ML_KEM_768,
+        ret = TLSX_UseSupportedCurve(extensions, WOLFSSL_SECP384R1MLKEM768,
                                      ssl->heap);
     if (ret == WOLFSSL_SUCCESS)
-        ret = TLSX_UseSupportedCurve(extensions, WOLFSSL_P256_ML_KEM_768,
+        ret = TLSX_UseSupportedCurve(extensions, WOLFSSL_SECP256R1MLKEM768,
                                      ssl->heap);
     if (ret == WOLFSSL_SUCCESS)
-        ret = TLSX_UseSupportedCurve(extensions, WOLFSSL_P521_ML_KEM_1024,
+        ret = TLSX_UseSupportedCurve(extensions, WOLFSSL_SECP521R1MLKEM1024,
                                      ssl->heap);
     if (ret == WOLFSSL_SUCCESS)
-        ret = TLSX_UseSupportedCurve(extensions, WOLFSSL_P384_ML_KEM_1024,
+        ret = TLSX_UseSupportedCurve(extensions, WOLFSSL_SECP384R1MLKEM1024,
                                      ssl->heap);
     #if defined(HAVE_CURVE25519) && ECC_MIN_KEY_SZ <= 256
     if (ret == WOLFSSL_SUCCESS)
-        ret = TLSX_UseSupportedCurve(extensions, WOLFSSL_X25519_ML_KEM_512,
+        ret = TLSX_UseSupportedCurve(extensions, WOLFSSL_X25519MLKEM512,
                                      ssl->heap);
     if (ret == WOLFSSL_SUCCESS)
-        ret = TLSX_UseSupportedCurve(extensions, WOLFSSL_X25519_ML_KEM_768,
+        ret = TLSX_UseSupportedCurve(extensions, WOLFSSL_X25519MLKEM768,
                                      ssl->heap);
     #endif
     #if defined(HAVE_CURVE448) && ECC_MIN_KEY_SZ <= 448
     if (ret == WOLFSSL_SUCCESS)
-        ret = TLSX_UseSupportedCurve(extensions, WOLFSSL_X448_ML_KEM_768,
+        ret = TLSX_UseSupportedCurve(extensions, WOLFSSL_X448MLKEM768,
                                      ssl->heap);
     #endif
 #endif /* HAVE_LIBOQS */
@@ -14692,13 +14725,12 @@ int TLSX_PopulateExtensions(WOLFSSL* ssl, byte isServer)
 #endif
 #ifdef WOLFSSL_TLS13
     #if !defined(NO_CERTS) && !defined(WOLFSSL_NO_CA_NAMES)
-        if (isServer && IsAtLeastTLSv1_3(ssl->version)) {
-            if (SSL_CA_NAMES(ssl) != NULL) {
-                WOLFSSL_MSG("Adding certificate authorities extension");
-                if ((ret = TLSX_Push(&ssl->extensions,
-                        TLSX_CERTIFICATE_AUTHORITIES, ssl, ssl->heap)) != 0) {
-                        return ret;
-                }
+        if (IsAtLeastTLSv1_3(ssl->version) &&
+                SSL_PRIORITY_CA_NAMES(ssl) != NULL) {
+            WOLFSSL_MSG("Adding certificate authorities extension");
+            if ((ret = TLSX_Push(&ssl->extensions,
+                    TLSX_CERTIFICATE_AUTHORITIES, ssl, ssl->heap)) != 0) {
+                    return ret;
             }
         }
     #endif
@@ -15184,10 +15216,13 @@ int TLSX_GetRequestSize(WOLFSSL* ssl, byte msgType, word32* pLength)
         #ifdef WOLFSSL_POST_HANDSHAKE_AUTH
             TURN_ON(semaphore, TLSX_ToSemaphore(TLSX_POST_HANDSHAKE_AUTH));
         #endif
-        #if !defined(NO_CERTS) && !defined(WOLFSSL_NO_CA_NAMES)
+        }
+    #endif
+    #if !defined(NO_CERTS) && !defined(WOLFSSL_NO_CA_NAMES)
+        if (!IsAtLeastTLSv1_3(ssl->version) ||
+                SSL_CA_NAMES(ssl) == NULL) {
             TURN_ON(semaphore,
                     TLSX_ToSemaphore(TLSX_CERTIFICATE_AUTHORITIES));
-        #endif
         }
     #endif
 #endif /* WOLFSSL_TLS13 */
@@ -15210,8 +15245,10 @@ int TLSX_GetRequestSize(WOLFSSL* ssl, byte msgType, word32* pLength)
         TURN_OFF(semaphore, TLSX_ToSemaphore(TLSX_SIGNATURE_ALGORITHMS));
 #endif
 #if !defined(NO_CERTS) && !defined(WOLFSSL_NO_CA_NAMES)
-        if (SSL_CA_NAMES(ssl) != NULL)
-            TURN_OFF(semaphore, TLSX_ToSemaphore(TLSX_CERTIFICATE_AUTHORITIES));
+        if (SSL_PRIORITY_CA_NAMES(ssl) != NULL) {
+            TURN_OFF(semaphore,
+                    TLSX_ToSemaphore(TLSX_CERTIFICATE_AUTHORITIES));
+        }
 #endif
         /* TODO: TLSX_SIGNED_CERTIFICATE_TIMESTAMP, OID_FILTERS
          *       TLSX_STATUS_REQUEST
@@ -15424,16 +15461,18 @@ int TLSX_WriteRequest(WOLFSSL* ssl, byte* output, byte msgType, word32* pOffset)
         #ifdef WOLFSSL_POST_HANDSHAKE_AUTH
             TURN_ON(semaphore, TLSX_ToSemaphore(TLSX_POST_HANDSHAKE_AUTH));
         #endif
-        #if !defined(NO_CERTS) && !defined(WOLFSSL_NO_CA_NAMES)
-            TURN_ON(semaphore,
-                    TLSX_ToSemaphore(TLSX_CERTIFICATE_AUTHORITIES));
-        #endif
         #ifdef WOLFSSL_DUAL_ALG_CERTS
             TURN_ON(semaphore,
                     TLSX_ToSemaphore(TLSX_CKS));
         #endif
         }
     #endif
+    #if !defined(NO_CERTS) && !defined(WOLFSSL_NO_CA_NAMES)
+        if (!IsAtLeastTLSv1_3(ssl->version) || SSL_CA_NAMES(ssl) == NULL) {
+            TURN_ON(semaphore,
+                    TLSX_ToSemaphore(TLSX_CERTIFICATE_AUTHORITIES));
+        }
+    #endif
     #if defined(HAVE_SESSION_TICKET) || !defined(NO_PSK)
         /* Must write Pre-shared Key extension at the end in TLS v1.3.
          * Must not write out Pre-shared Key extension in earlier versions of
@@ -15460,7 +15499,7 @@ int TLSX_WriteRequest(WOLFSSL* ssl, byte* output, byte msgType, word32* pOffset)
         TURN_OFF(semaphore, TLSX_ToSemaphore(TLSX_SIGNATURE_ALGORITHMS));
 #endif
 #if !defined(NO_CERTS) && !defined(WOLFSSL_NO_CA_NAMES)
-        if (SSL_CA_NAMES(ssl) != NULL) {
+        if (SSL_PRIORITY_CA_NAMES(ssl) != NULL) {
             TURN_OFF(semaphore,
                     TLSX_ToSemaphore(TLSX_CERTIFICATE_AUTHORITIES));
         }
@@ -16076,6 +16115,9 @@ int TLSX_Parse(WOLFSSL* ssl, const byte* input, word16 length, byte msgType,
         if ((type <= 62) || (type == TLSX_RENEGOTIATION_INFO)
         #ifdef WOLFSSL_QUIC
             || (type == TLSX_KEY_QUIC_TP_PARAMS_DRAFT)
+        #endif
+        #ifdef WOLFSSL_DUAL_ALG_CERTS
+            || (type == TLSX_CKS)
         #endif
             )
         {
@@ -16681,12 +16723,30 @@ int TLSX_Parse(WOLFSSL* ssl, const byte* input, word16 length, byte msgType,
         ssl->options.noPskDheKe = 1;
     }
 #endif
+#if defined(WOLFSSL_TLS13) && defined(HAVE_SUPPORTED_CURVES)
+    /* RFC 8446 Section 9.2: ClientHello with KeyShare must
+     * contain SupportedGroups and vice-versa. */
+    if (IsAtLeastTLSv1_3(ssl->version) && msgType == client_hello && isRequest) {
+        int hasKeyShare = !IS_OFF(seenType, TLSX_ToSemaphore(TLSX_KEY_SHARE));
+        int hasSupportedGroups = !IS_OFF(seenType, TLSX_ToSemaphore(TLSX_SUPPORTED_GROUPS));
+
+        if (hasKeyShare && !hasSupportedGroups) {
+            WOLFSSL_MSG("ClientHello with KeyShare extension missing required SupportedGroups extension");
+            return MISSING_HANDSHAKE_DATA;
+        }
+        if (hasSupportedGroups && !hasKeyShare) {
+            WOLFSSL_MSG("ClientHello with SupportedGroups extension missing required KeyShare extension");
+            return MISSING_HANDSHAKE_DATA;
+        }
+    }
+#endif
 
     if (ret == 0)
         ret = SNI_VERIFY_PARSE(ssl, isRequest);
     if (ret == 0)
         ret = TCA_VERIFY_PARSE(ssl, isRequest);
 
+    WOLFSSL_LEAVE("Leaving TLSX_Parse", ret);
     return ret;
 }
 
diff --git a/src/tls13.c b/src/tls13.c
index b860c192f..76a6b3977 100644
--- a/src/tls13.c
+++ b/src/tls13.c
@@ -3993,6 +3993,42 @@ static int SetupPskKey(WOLFSSL* ssl, PreSharedKey* psk, int clientHello)
     }
 #endif
 
+#ifdef HAVE_SUPPORTED_CURVES
+    if (!clientHello) {
+        TLSX* ext;
+        word32 modes;
+        KeyShareEntry* kse = NULL;
+
+        /* Get the PSK key exchange modes the client wants to negotiate. */
+        ext = TLSX_Find(ssl->extensions, TLSX_PSK_KEY_EXCHANGE_MODES);
+        if (ext == NULL) {
+            WOLFSSL_ERROR_VERBOSE(PSK_KEY_ERROR);
+            return PSK_KEY_ERROR;
+        }
+        modes = ext->val;
+
+        ext = TLSX_Find(ssl->extensions, TLSX_KEY_SHARE);
+        if (ext != NULL) {
+            kse = (KeyShareEntry*)ext->data;
+        }
+        /* Use (EC)DHE for forward-security if possible. */
+        if (((modes & (1 << PSK_DHE_KE)) != 0) && (!ssl->options.noPskDheKe) &&
+                                                (kse != NULL) && kse->derived) {
+            if ((kse->session != 0) && (kse->session != kse->group)) {
+                WOLFSSL_ERROR_VERBOSE(PSK_KEY_ERROR);
+                return PSK_KEY_ERROR;
+            }
+        }
+        else if (ssl->options.onlyPskDheKe) {
+            WOLFSSL_ERROR_VERBOSE(PSK_KEY_ERROR);
+            return PSK_KEY_ERROR;
+        }
+        else if (ssl->options.noPskDheKe) {
+            ssl->arrays->preMasterSz = 0;
+        }
+    }
+    else
+#endif
     if (ssl->options.noPskDheKe) {
         ssl->arrays->preMasterSz = 0;
     }
@@ -5599,6 +5635,21 @@ int DoTls13ServerHello(WOLFSSL* ssl, const byte* input, word32* inOutIdx,
 
     }
     else {
+        /* https://datatracker.ietf.org/doc/html/rfc8446#section-4.1.4
+         * Clients MUST abort the handshake with an
+         * "illegal_parameter" alert if the HelloRetryRequest would not result
+         * in any change in the ClientHello.
+         */
+        /* Check if the HRR contained a cookie or a keyshare */
+        if (!ssl->options.hrrSentKeyShare
+#ifdef WOLFSSL_SEND_HRR_COOKIE
+                && !ssl->options.hrrSentCookie
+#endif
+                ) {
+            SendAlert(ssl, alert_fatal, illegal_parameter);
+            return DUPLICATE_MSG_E;
+        }
+
         ssl->options.tls1_3 = 1;
         ssl->options.serverState = SERVER_HELLO_RETRY_REQUEST_COMPLETE;
 
@@ -5729,11 +5780,6 @@ static int DoTls13CertificateRequest(WOLFSSL* ssl, const byte* input,
     if (ssl->toInfoOn) AddLateName("CertificateRequest", &ssl->timeoutInfo);
 #endif
 
-#ifdef OPENSSL_EXTRA
-    if ((ret = CertSetupCbWrapper(ssl)) != 0)
-        return ret;
-#endif
-
     if (OPAQUE8_LEN > size)
         return BUFFER_ERROR;
 
@@ -5778,6 +5824,11 @@ static int DoTls13CertificateRequest(WOLFSSL* ssl, const byte* input,
     }
     *inOutIdx += len;
 
+#ifdef OPENSSL_EXTRA
+    if ((ret = CertSetupCbWrapper(ssl)) != 0)
+        return ret;
+#endif
+
     if ((ssl->buffers.certificate && ssl->buffers.certificate->buffer &&
         ((ssl->buffers.key && ssl->buffers.key->buffer)
         #ifdef HAVE_PK_CALLBACKS
@@ -6165,7 +6216,8 @@ static int DoPreSharedKeys(WOLFSSL* ssl, const byte* input, word32 inputSz,
         if (ret != 0)
             return ret;
         if (binderLen != current->binderLen ||
-                             XMEMCMP(binder, current->binder, binderLen) != 0) {
+                             ConstantCompare(binder, current->binder,
+                                binderLen) != 0) {
             WOLFSSL_ERROR_VERBOSE(BAD_BINDER);
             return BAD_BINDER;
         }
@@ -6826,6 +6878,23 @@ int DoTls13ClientHello(WOLFSSL* ssl, const byte* input, word32* inOutIdx,
 #endif /* WOLFSSL_DTLS13 */
 
     if (!ssl->options.dtls) {
+#ifndef WOLFSSL_ALLOW_BAD_TLS_LEGACY_VERSION
+        /* Check for TLS 1.3 version (0x0304) in legacy version field. RFC 8446
+         * Section 4.2.1 allows this action:
+         *
+         * "Servers MAY abort the handshake upon receiving a ClientHello with
+         * legacy_version 0x0304 or later."
+         *
+         * Note that if WOLFSSL_ALLOW_BAD_TLS_LEGACY_VERSION is defined then the
+         * semantics of RFC 5246 Appendix E will be followed. A ServerHello with
+         * version 1.2 will be sent. The same is true if TLS 1.3 is not enabled.
+         */
+        if (args->pv.major == SSLv3_MAJOR && args->pv.minor >= TLSv1_3_MINOR) {
+            WOLFSSL_MSG("Legacy version field is TLS 1.3 or later. Aborting.");
+            ERROR_OUT(VERSION_ERROR, exit_dch);
+        }
+#endif /* WOLFSSL_ALLOW_BAD_TLS_LEGACY_VERSION */
+
         /* Legacy protocol version cannot negotiate TLS 1.3 or higher. */
         if (args->pv.major > SSLv3_MAJOR || (args->pv.major == SSLv3_MAJOR &&
                                              args->pv.minor >= TLSv1_3_MINOR)) {
@@ -9495,7 +9564,8 @@ static int SendTls13CertificateVerify(WOLFSSL* ssl)
                 args->length = (word16)args->sigLen;
             }
         #endif /* HAVE_DILITHIUM */
-        #ifndef NO_RSA
+        #if !defined(NO_RSA) && !defined(WOLFSSL_RSA_PUBLIC_ONLY) && \
+            !defined(WOLFSSL_RSA_VERIFY_ONLY)
             if (ssl->hsType == DYNAMIC_TYPE_RSA) {
                 args->toSign = rsaSigBuf->buffer;
                 args->toSignSz = (word32)rsaSigBuf->length;
@@ -9516,7 +9586,7 @@ static int SendTls13CertificateVerify(WOLFSSL* ssl)
                     XMEMCPY(args->sigData, sigOut, args->sigLen);
                 }
             }
-        #endif /* !NO_RSA */
+        #endif /* !NO_RSA && !WOLFSSL_RSA_PUBLIC_ONLY && !WOLFSSL_RSA_VERIFY_ONLY */
 
             /* Check for error */
             if (ret != 0) {
@@ -9549,7 +9619,8 @@ static int SendTls13CertificateVerify(WOLFSSL* ssl)
                                   );
                 }
             #endif /* HAVE_ECC */
-            #ifndef NO_RSA
+            #if !defined(NO_RSA) && !defined(WOLFSSL_RSA_PUBLIC_ONLY) && \
+                !defined(WOLFSSL_RSA_VERIFY_ONLY)
                 if (ssl->hsAltType == DYNAMIC_TYPE_RSA) {
                     args->toSign = rsaSigBuf->buffer;
                     args->toSignSz = (word32)rsaSigBuf->length;
@@ -9571,7 +9642,7 @@ static int SendTls13CertificateVerify(WOLFSSL* ssl)
                         XMEMCPY(args->altSigData, sigOut, args->altSigLen);
                     }
                 }
-            #endif /* !NO_RSA */
+            #endif /* !NO_RSA && !WOLFSSL_RSA_PUBLIC_ONLY && !WOLFSSL_RSA_VERIFY_ONLY */
             #if defined(HAVE_FALCON)
                 if (ssl->hsAltType == DYNAMIC_TYPE_FALCON) {
                     ret = wc_falcon_sign_msg(args->altSigData,
@@ -10101,12 +10172,26 @@ static int DoTls13CertificateVerify(WOLFSSL* ssl, byte* input,
         case TLS_ASYNC_BUILD:
         {
             int validSigAlgo;
+            const Suites* suites = WOLFSSL_SUITES(ssl);
+            word16 i;
 
             /* Signature algorithm. */
             if ((args->idx - args->begin) + ENUM_LEN + ENUM_LEN > totalSz) {
                 ERROR_OUT(BUFFER_ERROR, exit_dcv);
             }
 
+            validSigAlgo = 0;
+            for (i = 0; i < suites->hashSigAlgoSz; i += 2) {
+                 if ((suites->hashSigAlgo[i + 0] == input[args->idx + 0]) &&
+                         (suites->hashSigAlgo[i + 1] == input[args->idx + 1])) {
+                     validSigAlgo = 1;
+                     break;
+                 }
+            }
+            if (!validSigAlgo) {
+                ERROR_OUT(INVALID_PARAMETER, exit_dcv);
+            }
+
 #ifdef WOLFSSL_DUAL_ALG_CERTS
             if (ssl->peerSigSpec == NULL) {
                 /* The peer did not respond. We didn't send CKS or they don't
@@ -10470,28 +10555,17 @@ static int DoTls13CertificateVerify(WOLFSSL* ssl, byte* input,
         #endif /* !NO_RSA */
         #ifdef HAVE_ECC
             if ((ssl->options.peerSigAlgo == ecc_dsa_sa_algo) &&
-                (ssl->peerEccDsaKeyPresent)) {
-            #if defined(WOLFSSL_SM2) && defined(WOLFSSL_SM3)
-                if (ssl->options.peerSigAlgo == sm2_sa_algo) {
-                    ret = Sm2wSm3Verify(ssl, TLS13_SM2_SIG_ID,
-                        TLS13_SM2_SIG_ID_SZ, sig, args->sigSz,
-                        args->sigData, args->sigDataSz,
-                        ssl->peerEccDsaKey, NULL);
-                }
-                else
-            #endif
-                {
-                    WOLFSSL_MSG("Doing ECC peer cert verify");
-                    ret = EccVerify(ssl, sig, args->sigSz,
-                        args->sigData, args->sigDataSz,
-                        ssl->peerEccDsaKey,
-                    #ifdef HAVE_PK_CALLBACKS
-                        &ssl->buffers.peerEccDsaKey
-                    #else
-                        NULL
-                    #endif
-                        );
-                }
+                    ssl->peerEccDsaKeyPresent) {
+                WOLFSSL_MSG("Doing ECC peer cert verify");
+                ret = EccVerify(ssl, sig, args->sigSz,
+                    args->sigData, args->sigDataSz,
+                    ssl->peerEccDsaKey,
+                #ifdef HAVE_PK_CALLBACKS
+                    &ssl->buffers.peerEccDsaKey
+                #else
+                    NULL
+                #endif
+                    );
 
                 if (ret >= 0) {
                     /* CLIENT/SERVER: data verified with public key from
@@ -10503,6 +10577,23 @@ static int DoTls13CertificateVerify(WOLFSSL* ssl, byte* input,
                 }
             }
         #endif /* HAVE_ECC */
+        #if defined(HAVE_ECC) && defined(WOLFSSL_SM2) && defined(WOLFSSL_SM3)
+            if ((ssl->options.peerSigAlgo == sm2_sa_algo) &&
+                   ssl->peerEccDsaKeyPresent) {
+                WOLFSSL_MSG("Doing SM2/SM3 peer cert verify");
+                ret = Sm2wSm3Verify(ssl, TLS13_SM2_SIG_ID, TLS13_SM2_SIG_ID_SZ,
+                    sig, args->sigSz, args->sigData, args->sigDataSz,
+                    ssl->peerEccDsaKey, NULL);
+                if (ret >= 0) {
+                    /* CLIENT/SERVER: data verified with public key from
+                     * certificate. */
+                    ssl->options.peerAuthGood = 1;
+
+                    FreeKey(ssl, DYNAMIC_TYPE_ECC, (void**)&ssl->peerEccDsaKey);
+                    ssl->peerEccDsaKeyPresent = 0;
+                }
+            }
+        #endif
         #ifdef HAVE_ED25519
             if ((ssl->options.peerSigAlgo == ed25519_sa_algo) &&
                 (ssl->peerEd25519KeyPresent)) {
diff --git a/src/wolfio.c b/src/wolfio.c
index b3bb6a8ad..62e78f10c 100644
--- a/src/wolfio.c
+++ b/src/wolfio.c
@@ -40,6 +40,7 @@
 #include <wolfssl/internal.h>
 #include <wolfssl/error-ssl.h>
 #include <wolfssl/wolfio.h>
+#include <wolfssl/wolfcrypt/logging.h>
 
 #ifdef NUCLEUS_PLUS_2_3
 /* Holds last Nucleus networking error number */
@@ -182,7 +183,8 @@ static WC_INLINE int wolfSSL_LastError(int err, SOCKET_T sd)
  */
 static int TranslateIoReturnCode(int err, SOCKET_T sd, int direction)
 {
-#if defined(_WIN32) && !defined(__WATCOMC__) && !defined(_WIN32_WCE)
+#if defined(_WIN32) && !defined(__WATCOMC__) && !defined(_WIN32_WCE) && \
+    !defined(INTIME_RTOS)
     size_t errstr_offset;
     char errstr[WOLFSSL_STRERROR_BUFFER_SIZE];
 #endif /* _WIN32 */
@@ -241,7 +243,8 @@ static int TranslateIoReturnCode(int err, SOCKET_T sd, int direction)
         return WOLFSSL_CBIO_ERR_CONN_CLOSE;
     }
 
-#if defined(_WIN32) && !defined(__WATCOMC__) && !defined(_WIN32_WCE)
+#if defined(_WIN32) && !defined(__WATCOMC__) && !defined(_WIN32_WCE) && \
+    !defined(INTIME_RTOS)
     strcpy_s(errstr, sizeof(errstr), "\tGeneral error: ");
     errstr_offset = strlen(errstr);
     FormatMessageA(FORMAT_MESSAGE_FROM_SYSTEM | FORMAT_MESSAGE_IGNORE_INSERTS,
@@ -1347,7 +1350,6 @@ int wolfIO_TcpConnect(SOCKET_T* sockfd, const char* ip, word16 port, int to_sec)
     char strPort[6];
 #else
     /* use gethostbyname */
-#if !defined(WOLFSSL_USE_POPEN_HOST)
 #if defined(__GLIBC__) && (__GLIBC__ >= 2) && defined(__USE_MISC) && \
     !defined(SINGLE_THREADED)
     HOSTENT entry_buf, *entry = NULL;
@@ -1356,7 +1358,6 @@ int wolfIO_TcpConnect(SOCKET_T* sockfd, const char* ip, word16 port, int to_sec)
 #else
     HOSTENT *entry;
 #endif
-#endif /* !WOLFSSL_USE_POPEN_HOST */
 #ifdef WOLFSSL_IPV6
     SOCKADDR_IN6 *sin;
 #else
@@ -1405,67 +1406,6 @@ int wolfIO_TcpConnect(SOCKET_T* sockfd, const char* ip, word16 port, int to_sec)
     sockaddr_len = answer->ai_addrlen;
     XMEMCPY(&addr, answer->ai_addr, (size_t)sockaddr_len);
     freeaddrinfo(answer);
-#elif defined(WOLFSSL_USE_POPEN_HOST) && !defined(WOLFSSL_IPV6)
-    {
-        char host_ipaddr[4] = { 127, 0, 0, 1 };
-        int found = 1;
-
-        if ((XSTRNCMP(ip, "localhost", 10) != 0) &&
-            (XSTRNCMP(ip, "127.0.0.1", 10) != 0)) {
-            FILE* fp;
-            char host_out[100];
-            char cmd[100];
-
-            XSTRNCPY(cmd, "host ", 6);
-            XSTRNCAT(cmd, ip, 99 - XSTRLEN(cmd));
-            found = 0;
-            fp = popen(cmd, "r");
-            if (fp != NULL) {
-                while (fgets(host_out, sizeof(host_out), fp) != NULL) {
-                    int i;
-                    int j = 0;
-                    for (j = 0; host_out[j] != '\0'; j++) {
-                        if ((host_out[j] >= '0') && (host_out[j] <= '9')) {
-                            break;
-                        }
-                    }
-                    found = (host_out[j] >= '0') && (host_out[j] <= '9');
-                    if (!found) {
-                        continue;
-                    }
-
-                    for (i = 0; i < 4; i++) {
-                        host_ipaddr[i] = atoi(host_out + j);
-                        while ((host_out[j] >= '0') && (host_out[j] <= '9')) {
-                            j++;
-                        }
-                        if (host_out[j] == '.') {
-                            j++;
-                            found &= (i != 3);
-                        }
-                        else {
-                            found &= (i == 3);
-                            break;
-                        }
-                    }
-                    if (found) {
-                        break;
-                    }
-                }
-                pclose(fp);
-            }
-        }
-        if (found) {
-            sin = (SOCKADDR_IN *)&addr;
-            sin->sin_family = AF_INET;
-            sin->sin_port = XHTONS(port);
-            XMEMCPY(&sin->sin_addr.s_addr, host_ipaddr, sizeof(host_ipaddr));
-        }
-        else {
-            WOLFSSL_MSG("no addr info for responder");
-            return WOLFSSL_FATAL_ERROR;
-        }
-    }
 #else
 #if defined(__GLIBC__) && (__GLIBC__ >= 2) && defined(__USE_MISC) && \
     !defined(SINGLE_THREADED)
@@ -2121,7 +2061,7 @@ static const char* ocspAppStrList[] = {
     NULL
 };
 
-WOLFSSL_API int wolfIO_HttpProcessResponseOcspGenericIO(
+int wolfIO_HttpProcessResponseOcspGenericIO(
     WolfSSLGenericIORecvCb ioCb, void* ioCbCtx, unsigned char** respBuf,
     unsigned char* httpBuf, int httpBufSz, void* heap)
 {
diff --git a/src/x509.c b/src/x509.c
index 323daa119..739c53deb 100644
--- a/src/x509.c
+++ b/src/x509.c
@@ -680,15 +680,6 @@ static int wolfssl_x509_alt_names_to_gn(WOLFSSL_X509* x509,
     DNS_entry* dns = NULL;
     WOLFSSL_STACK* sk;
 
-#ifdef OPENSSL_ALL
-    ret = wolfSSL_ASN1_STRING_set(&ext->value, x509->subjAltNameSrc,
-              x509->subjAltNameSz);
-    if (ret != WOLFSSL_SUCCESS) {
-        WOLFSSL_MSG("ASN1_STRING_set() failed");
-        goto err;
-    }
-#endif
-
     sk = (WOLFSSL_GENERAL_NAMES*)XMALLOC(sizeof(WOLFSSL_GENERAL_NAMES), NULL,
         DYNAMIC_TYPE_ASN1);
     if (sk == NULL) {
@@ -746,8 +737,6 @@ WOLFSSL_X509_EXTENSION* wolfSSL_X509_set_ext(WOLFSSL_X509* x509, int loc)
     byte* oidBuf;
     word32 oid, idx = 0, tmpIdx = 0, nid;
     WOLFSSL_X509_EXTENSION* ext = NULL;
-    WOLFSSL_ASN1_INTEGER* a;
-    WOLFSSL_STACK* sk;
 #ifdef WOLFSSL_SMALL_STACK
     DecodedCert* cert = NULL;
 #else
@@ -911,12 +900,14 @@ WOLFSSL_X509_EXTENSION* wolfSSL_X509_set_ext(WOLFSSL_X509* x509, int loc)
         switch (oid) {
             case BASIC_CA_OID:
             {
+                WOLFSSL_ASN1_INTEGER* a;
                 word32 dataIdx = idx;
                 word32 dummyOid;
                 int dataLen = 0;
 
                 if (!isSet)
                     break;
+
                 /* Set pathlength */
                 a = wolfSSL_ASN1_INTEGER_new();
 
@@ -954,10 +945,13 @@ WOLFSSL_X509_EXTENSION* wolfSSL_X509_set_ext(WOLFSSL_X509* x509, int loc)
                 ext->obj->pathlen = a;
 
                 ext->obj->ca = x509->isCa;
-                ext->crit = x509->basicConstCrit;
                 break;
             }
+
             case AUTH_INFO_OID:
+            {
+                WOLFSSL_STACK* sk;
+
                 if (!isSet)
                     break;
 
@@ -1046,94 +1040,8 @@ WOLFSSL_X509_EXTENSION* wolfSSL_X509_set_ext(WOLFSSL_X509* x509, int loc)
                     }
                 }
                 ext->ext_sk = sk;
-                ext->crit = x509->authInfoCrit;
-                break;
-
-            case AUTH_KEY_OID:
-                if (!isSet)
-                    break;
-
-                ret = wolfSSL_ASN1_STRING_set(&ext->value, x509->authKeyId,
-                                        x509->authKeyIdSz);
-                if (ret != WOLFSSL_SUCCESS) {
-                    WOLFSSL_MSG("ASN1_STRING_set() failed");
-                    wolfSSL_X509_EXTENSION_free(ext);
-                    FreeDecodedCert(cert);
-                #ifdef WOLFSSL_SMALL_STACK
-                    XFREE(cert, NULL, DYNAMIC_TYPE_DCERT);
-                #endif
-                    return NULL;
-                }
-                ext->crit = x509->authKeyIdCrit;
-                break;
-
-            case SUBJ_KEY_OID:
-                if (!isSet)
-                    break;
-
-                ret = wolfSSL_ASN1_STRING_set(&ext->value, x509->subjKeyId,
-                                        x509->subjKeyIdSz);
-                if (ret != WOLFSSL_SUCCESS) {
-                    WOLFSSL_MSG("ASN1_STRING_set() failed");
-                    wolfSSL_X509_EXTENSION_free(ext);
-                    FreeDecodedCert(cert);
-                #ifdef WOLFSSL_SMALL_STACK
-                    XFREE(cert, NULL, DYNAMIC_TYPE_DCERT);
-                #endif
-                    return NULL;
-                }
-                ext->crit = x509->subjKeyIdCrit;
-                break;
-
-            case CERT_POLICY_OID:
-                if (!isSet)
-                    break;
-            #ifdef WOLFSSL_SEP
-                ext->crit = x509->certPolicyCrit;
-            #endif
-                break;
-
-            case KEY_USAGE_OID:
-                if (!isSet)
-                    break;
-
-                ret = wolfSSL_ASN1_STRING_set(&ext->value,
-                                  (byte*)&(x509->keyUsage), sizeof(word16));
-                if (ret != WOLFSSL_SUCCESS) {
-                    WOLFSSL_MSG("ASN1_STRING_set() failed");
-                    wolfSSL_X509_EXTENSION_free(ext);
-                    FreeDecodedCert(cert);
-                #ifdef WOLFSSL_SMALL_STACK
-                    XFREE(cert, NULL, DYNAMIC_TYPE_DCERT);
-                #endif
-                    return NULL;
-                }
-                ext->crit = x509->keyUsageCrit;
-                break;
-
-            case EXT_KEY_USAGE_OID:
-                if (!isSet)
-                    break;
-
-                ret = wolfSSL_ASN1_STRING_set(&ext->value, x509->extKeyUsageSrc,
-                                              x509->extKeyUsageSz);
-                if (ret != WOLFSSL_SUCCESS) {
-                    WOLFSSL_MSG("ASN1_STRING_set() failed");
-                    wolfSSL_X509_EXTENSION_free(ext);
-                    FreeDecodedCert(cert);
-                #ifdef WOLFSSL_SMALL_STACK
-                    XFREE(cert, NULL, DYNAMIC_TYPE_DCERT);
-                #endif
-                    return NULL;
-                }
-                ext->crit = x509->extKeyUsageCrit;
-                break;
-
-            case CRL_DIST_OID:
-                if (!isSet)
-                    break;
-                ext->crit = x509->CRLdistCrit;
                 break;
+            }
 
             case ALT_NAMES_OID:
                 if (!isSet)
@@ -1147,137 +1055,161 @@ WOLFSSL_X509_EXTENSION* wolfSSL_X509_set_ext(WOLFSSL_X509* x509, int loc)
                     return NULL;
                 }
                 break;
+        }
 
-            default:
-                WOLFSSL_MSG("Unknown extension type found, parsing OID");
-                /* If the extension type is not recognized/supported,
-                 *  set the ASN1_OBJECT in the extension with the
-                 *  parsed oid for access in later function calls */
+        /* The ASN1_OBJECT in the extension is set in the same way
+         * for recognized and for unrecognized extension types, as
+         * the full OCTET STRING */
 
-                /* Get OID from input */
-                if (GetASNObjectId(input, &idx, &length, (word32)sz) != 0) {
-                    WOLFSSL_MSG("Failed to Get ASN Object Id");
-                    wolfSSL_X509_EXTENSION_free(ext);
-                    FreeDecodedCert(cert);
-                #ifdef WOLFSSL_SMALL_STACK
-                    XFREE(cert, NULL, DYNAMIC_TYPE_DCERT);
-                #endif
-                    return NULL;
-                }
-                oidBuf = (byte*)XMALLOC(length+1+MAX_LENGTH_SZ, NULL,
-                                    DYNAMIC_TYPE_TMP_BUFFER);
-                if (oidBuf == NULL) {
-                    WOLFSSL_MSG("Failed to malloc tmp buffer");
-                    wolfSSL_X509_EXTENSION_free(ext);
-                    FreeDecodedCert(cert);
-                #ifdef WOLFSSL_SMALL_STACK
-                    XFREE(cert, NULL, DYNAMIC_TYPE_DCERT);
-                #endif
-                    return NULL;
-                }
-                oidBuf[0] = ASN_OBJECT_ID;
-                objSz++;
-                objSz += SetLength(length, oidBuf + 1);
-                objSz += length;
+        /* Get OID from input */
+        if (GetASNObjectId(input, &idx, &length, (word32)sz) != 0) {
+            WOLFSSL_MSG("Failed to Get ASN Object Id");
+            wolfSSL_X509_EXTENSION_free(ext);
+            FreeDecodedCert(cert);
+        #ifdef WOLFSSL_SMALL_STACK
+            XFREE(cert, NULL, DYNAMIC_TYPE_DCERT);
+        #endif
+            return NULL;
+        }
+        oidBuf = (byte*)XMALLOC(length+1+MAX_LENGTH_SZ, NULL,
+                            DYNAMIC_TYPE_TMP_BUFFER);
+        if (oidBuf == NULL) {
+            WOLFSSL_MSG("Failed to malloc tmp buffer");
+            wolfSSL_X509_EXTENSION_free(ext);
+            FreeDecodedCert(cert);
+        #ifdef WOLFSSL_SMALL_STACK
+            XFREE(cert, NULL, DYNAMIC_TYPE_DCERT);
+        #endif
+            return NULL;
+        }
+        oidBuf[0] = ASN_OBJECT_ID;
+        objSz++;
+        objSz += SetLength(length, oidBuf + 1);
+        objSz += length;
 
-                /* Set object size and reallocate space in object buffer */
-                if (ext->obj == NULL) {
-                    ext->obj = wolfSSL_ASN1_OBJECT_new();
-                    if (ext->obj == NULL) {
-                        XFREE(oidBuf, NULL, DYNAMIC_TYPE_TMP_BUFFER);
-                        wolfSSL_X509_EXTENSION_free(ext);
-                        FreeDecodedCert(cert);
-                #ifdef WOLFSSL_SMALL_STACK
-                        XFREE(cert, NULL, DYNAMIC_TYPE_DCERT);
-                #endif
-                        return NULL;
-                    }
-                }
-
-                if (((ext->obj->dynamic & WOLFSSL_ASN1_DYNAMIC_DATA) != 0) ||
-                    (ext->obj->obj == NULL)) {
-                #ifdef WOLFSSL_NO_REALLOC
-                    byte* tmp = NULL;
-
-                    tmp = (byte*)XMALLOC(objSz, NULL, DYNAMIC_TYPE_ASN1);
-                    if (tmp != NULL && ext->obj->obj != NULL) {
-                        XMEMCPY(tmp, ext->obj->obj, ext->obj->objSz);
-                        XFREE((byte*)ext->obj->obj, NULL, DYNAMIC_TYPE_ASN1);
-                    }
-                    else if (tmp == NULL) {
-                        ext->obj->obj = tmp;
-                    }
-                    ext->obj->obj = tmp;
-                #else
-                    ext->obj->obj = (byte*)XREALLOC((byte*)ext->obj->obj, objSz,
-                                           NULL, DYNAMIC_TYPE_ASN1);
-                #endif
-                    if (ext->obj->obj == NULL) {
-                        wolfSSL_X509_EXTENSION_free(ext);
-                        FreeDecodedCert(cert);
-                        XFREE(oidBuf, NULL, DYNAMIC_TYPE_TMP_BUFFER);
-                    #ifdef WOLFSSL_SMALL_STACK
-                        XFREE(cert, NULL, DYNAMIC_TYPE_DCERT);
-                    #endif
-                        return NULL;
-                    }
-                    ext->obj->dynamic |= WOLFSSL_ASN1_DYNAMIC_DATA;
-                }
-                else {
-                    ext->obj->dynamic &= ~WOLFSSL_ASN1_DYNAMIC_DATA;
-                }
-                ext->obj->objSz = (unsigned int)objSz;
-
-                /* Get OID from input and copy to ASN1_OBJECT buffer */
-                XMEMCPY(oidBuf+2, input+idx, length);
-                XMEMCPY((byte*)ext->obj->obj, oidBuf, ext->obj->objSz);
+        /* Set object size and reallocate space in object buffer */
+        if (ext->obj == NULL) {
+            ext->obj = wolfSSL_ASN1_OBJECT_new();
+            if (ext->obj == NULL) {
                 XFREE(oidBuf, NULL, DYNAMIC_TYPE_TMP_BUFFER);
-                oidBuf = NULL;
-                ext->obj->grp = oidCertExtType;
-                ext->crit = 0;
+                wolfSSL_X509_EXTENSION_free(ext);
+                FreeDecodedCert(cert);
+        #ifdef WOLFSSL_SMALL_STACK
+                XFREE(cert, NULL, DYNAMIC_TYPE_DCERT);
+        #endif
+                return NULL;
+            }
+        }
 
-                /* Get extension data and copy as ASN1_STRING */
-                tmpIdx = idx + length;
-                if ((tmpIdx >= (word32)sz) ||
-                    (input[tmpIdx] != ASN_OCTET_STRING))
-                {
-                    WOLFSSL_MSG("Error decoding unknown extension data");
-                    wolfSSL_ASN1_OBJECT_free(ext->obj);
-                    wolfSSL_X509_EXTENSION_free(ext);
-                    FreeDecodedCert(cert);
-                #ifdef WOLFSSL_SMALL_STACK
-                    XFREE(cert, NULL, DYNAMIC_TYPE_DCERT);
-                #endif
-                    return NULL;
-                }
+        if (((ext->obj->dynamic & WOLFSSL_ASN1_DYNAMIC_DATA) != 0) ||
+            (ext->obj->obj == NULL)) {
+        #ifdef WOLFSSL_NO_REALLOC
+            byte* tmp = NULL;
 
-                tmpIdx++;
+            tmp = (byte*)XMALLOC(objSz, NULL, DYNAMIC_TYPE_ASN1);
+            if (tmp != NULL && ext->obj->obj != NULL) {
+                XMEMCPY(tmp, ext->obj->obj, ext->obj->objSz);
+                XFREE((byte*)ext->obj->obj, NULL, DYNAMIC_TYPE_ASN1);
+            }
+            else if (tmp == NULL) {
+                ext->obj->obj = tmp;
+            }
+            ext->obj->obj = tmp;
+        #else
+            ext->obj->obj = (byte*)XREALLOC((byte*)ext->obj->obj, objSz,
+                                   NULL, DYNAMIC_TYPE_ASN1);
+        #endif
+            if (ext->obj->obj == NULL) {
+                wolfSSL_X509_EXTENSION_free(ext);
+                FreeDecodedCert(cert);
+                XFREE(oidBuf, NULL, DYNAMIC_TYPE_TMP_BUFFER);
+            #ifdef WOLFSSL_SMALL_STACK
+                XFREE(cert, NULL, DYNAMIC_TYPE_DCERT);
+            #endif
+                return NULL;
+            }
+            ext->obj->dynamic |= WOLFSSL_ASN1_DYNAMIC_DATA;
+        }
+        else {
+            ext->obj->dynamic &= ~WOLFSSL_ASN1_DYNAMIC_DATA;
+        }
+        ext->obj->objSz = (unsigned int)objSz;
 
-                if (GetLength(input, &tmpIdx, &length, (word32)sz) <= 0) {
-                    WOLFSSL_MSG("Error: Invalid Input Length.");
-                    wolfSSL_ASN1_OBJECT_free(ext->obj);
-                    wolfSSL_X509_EXTENSION_free(ext);
-                    FreeDecodedCert(cert);
-                #ifdef WOLFSSL_SMALL_STACK
-                    XFREE(cert, NULL, DYNAMIC_TYPE_DCERT);
-                #endif
-                    return NULL;
-                }
-                ext->value.data = (char*)XMALLOC(length, NULL,
-                    DYNAMIC_TYPE_ASN1);
-                ext->value.isDynamic = 1;
-                if (ext->value.data == NULL) {
-                    WOLFSSL_MSG("Failed to malloc ASN1_STRING data");
-                    wolfSSL_X509_EXTENSION_free(ext);
-                    FreeDecodedCert(cert);
-                #ifdef WOLFSSL_SMALL_STACK
-                    XFREE(cert, NULL, DYNAMIC_TYPE_DCERT);
-                #endif
-                    return NULL;
-                }
-                XMEMCPY(ext->value.data,input+tmpIdx,length);
-                ext->value.length = length;
-        } /* switch(oid) */
+        /* Get OID from input and copy to ASN1_OBJECT buffer */
+        XMEMCPY(oidBuf+2, input+idx, length);
+        XMEMCPY((byte*)ext->obj->obj, oidBuf, ext->obj->objSz);
+        XFREE(oidBuf, NULL, DYNAMIC_TYPE_TMP_BUFFER);
+        oidBuf = NULL;
+        ext->obj->grp = oidCertExtType;
+        ext->crit = 0;
+
+        tmpIdx = idx + length;
+
+        /* Get CRITICAL. If not present, defaults to false.
+         * It present, must be a valid TRUE */
+        if ((tmpIdx < (word32)sz) &&
+            (input[tmpIdx] == ASN_BOOLEAN))
+        {
+            if (((tmpIdx + 2) >= (word32)sz) ||
+                /* Check bool length */
+                (input[tmpIdx+1] != 1) ||
+                /* Assert true if CRITICAL present */
+                (input[tmpIdx+2] != 0xff))
+            {
+                WOLFSSL_MSG("Error decoding unknown extension data");
+                wolfSSL_ASN1_OBJECT_free(ext->obj);
+                wolfSSL_X509_EXTENSION_free(ext);
+                FreeDecodedCert(cert);
+            #ifdef WOLFSSL_SMALL_STACK
+                XFREE(cert, NULL, DYNAMIC_TYPE_DCERT);
+            #endif
+                return NULL;
+            }
+
+            ext->crit = 1;
+            tmpIdx += 3;
+        }
+
+        /* Get extension data and copy as ASN1_STRING */
+        if ((tmpIdx >= (word32)sz) ||
+            (input[tmpIdx] != ASN_OCTET_STRING))
+        {
+            WOLFSSL_MSG("Error decoding unknown extension data");
+            wolfSSL_ASN1_OBJECT_free(ext->obj);
+            wolfSSL_X509_EXTENSION_free(ext);
+            FreeDecodedCert(cert);
+        #ifdef WOLFSSL_SMALL_STACK
+            XFREE(cert, NULL, DYNAMIC_TYPE_DCERT);
+        #endif
+            return NULL;
+        }
+
+        tmpIdx++;
+
+        if (GetLength(input, &tmpIdx, &length, (word32)sz) <= 0) {
+            WOLFSSL_MSG("Error: Invalid Input Length.");
+            wolfSSL_ASN1_OBJECT_free(ext->obj);
+            wolfSSL_X509_EXTENSION_free(ext);
+            FreeDecodedCert(cert);
+        #ifdef WOLFSSL_SMALL_STACK
+            XFREE(cert, NULL, DYNAMIC_TYPE_DCERT);
+        #endif
+            return NULL;
+        }
+        ext->value.data = (char*)XMALLOC(length, NULL,
+            DYNAMIC_TYPE_ASN1);
+        ext->value.isDynamic = 1;
+        if (ext->value.data == NULL) {
+            WOLFSSL_MSG("Failed to malloc ASN1_STRING data");
+            wolfSSL_X509_EXTENSION_free(ext);
+            FreeDecodedCert(cert);
+        #ifdef WOLFSSL_SMALL_STACK
+            XFREE(cert, NULL, DYNAMIC_TYPE_DCERT);
+        #endif
+            return NULL;
+        }
+        XMEMCPY(ext->value.data,input+tmpIdx,length);
+        ext->value.length = length;
 
         break; /* Got the Extension. Now exit while loop. */
 
@@ -1529,6 +1461,18 @@ int wolfSSL_X509_add_ext(WOLFSSL_X509 *x509, WOLFSSL_X509_EXTENSION *ext,
     return WOLFSSL_SUCCESS;
 }
 
+/* Returns pointer to ASN1_STRING in X509_EXTENSION object */
+static WOLFSSL_ASN1_STRING* wolfSSL_X509_EXTENSION_get_data_internal(
+    WOLFSSL_X509_EXTENSION* ext)
+{
+    WOLFSSL_ENTER("wolfSSL_X509_EXTENSION_get_data_internal");
+    if (ext == NULL)
+        return NULL;
+
+    return &ext->value;
+}
+
+
 #ifndef NO_BIO
 /* Return 0 on success and 1 on failure. Copies ext data to bio, using indent
  *  to pad the output. flag is ignored. */
@@ -1555,7 +1499,7 @@ int wolfSSL_X509V3_EXT_print(WOLFSSL_BIO *out, WOLFSSL_X509_EXTENSION *ext,
         return rc;
     }
 
-    str = wolfSSL_X509_EXTENSION_get_data(ext);
+    str = wolfSSL_X509_EXTENSION_get_data_internal(ext);
     if (str == NULL) {
         WOLFSSL_MSG("Error getting ASN1_STRING from X509_EXTENSION");
         return rc;
@@ -1620,7 +1564,8 @@ int wolfSSL_X509V3_EXT_print(WOLFSSL_BIO *out, WOLFSSL_X509_EXTENSION *ext,
             asn1str = wolfSSL_i2s_ASN1_STRING(NULL, str);
             tmpLen = XSNPRINTF(tmp, tmpSz, "%*s%s", indent, "", asn1str);
             XFREE(asn1str, NULL, DYNAMIC_TYPE_TMP_BUFFER);
-            if (tmpLen >= tmpSz) return rc;
+            if (tmpLen >= tmpSz)
+                tmpLen = tmpSz - 1;
             break;
         }
         case AUTH_INFO_OID:
@@ -1963,8 +1908,14 @@ void* wolfSSL_X509V3_EXT_d2i(WOLFSSL_X509_EXTENSION* ext)
     WOLFSSL_ASN1_OBJECT* object;
     WOLFSSL_BASIC_CONSTRAINTS* bc;
     WOLFSSL_AUTHORITY_KEYID* akey;
-    WOLFSSL_ASN1_STRING* asn1String, *newString;
+    WOLFSSL_ASN1_STRING* asn1String = NULL, *newString = NULL;
     WOLFSSL_STACK* sk;
+    void *data = NULL;
+#ifdef WOLFSSL_SMALL_STACK
+    DecodedCert *cert;
+#else
+    DecodedCert cert[1];
+#endif
 
     WOLFSSL_ENTER("wolfSSL_X509V3_EXT_d2i");
 
@@ -1985,6 +1936,35 @@ void* wolfSSL_X509V3_EXT_d2i(WOLFSSL_X509_EXTENSION* ext)
         return NULL;
     }
 
+#ifdef WOLFSSL_SMALL_STACK
+    cert = (DecodedCert *)XMALLOC(sizeof(*cert), NULL,
+            DYNAMIC_TYPE_X509_EXT);
+    if (cert == NULL) {
+        WOLFSSL_MSG("\tout of memory");
+        return NULL;
+    }
+#endif
+
+    InitDecodedCert(cert, NULL, 0, NULL);
+
+    if ((object->type != WC_NID_basic_constraints) &&
+        (object->type != WC_NID_subject_alt_name) &&
+        (object->type != WC_NID_info_access)) {
+
+        asn1String = wolfSSL_X509_EXTENSION_get_data_internal(ext);
+        if (asn1String == NULL) {
+            WOLFSSL_MSG("X509_EXTENSION_get_data() failed");
+            goto out;
+        }
+
+        ret = DecodeExtensionType((const byte*)asn1String->data,
+                asn1String->length, object->type, (byte)ext->crit, cert, NULL);
+        if (ret != 0) {
+            WOLFSSL_MSG("DecodeExtensionType() failed");
+            goto out;
+        }
+    }
+
     /* Return pointer to proper internal structure based on NID */
     switch (object->type) {
         /* basicConstraints */
@@ -1994,7 +1974,7 @@ void* wolfSSL_X509V3_EXT_d2i(WOLFSSL_X509_EXTENSION* ext)
             bc = wolfSSL_BASIC_CONSTRAINTS_new();
             if (bc == NULL) {
                 WOLFSSL_MSG("Failed to malloc basic constraints");
-                return NULL;
+                break;
             }
             /* Copy pathlen and CA into BASIC_CONSTRAINTS from object */
             bc->ca = object->ca;
@@ -2003,38 +1983,41 @@ void* wolfSSL_X509V3_EXT_d2i(WOLFSSL_X509_EXTENSION* ext)
                 if (bc->pathlen == NULL) {
                     WOLFSSL_MSG("Failed to duplicate ASN1_INTEGER");
                     wolfSSL_BASIC_CONSTRAINTS_free(bc);
-                    return NULL;
+                    break;
                 }
             }
             else
                 bc->pathlen = NULL;
-            return bc;
+
+            data = bc;
+            break;
 
         /* subjectKeyIdentifier */
         case WC_NID_subject_key_identifier:
+        {
             WOLFSSL_MSG("subjectKeyIdentifier");
-            asn1String = wolfSSL_X509_EXTENSION_get_data(ext);
-            if (asn1String == NULL) {
-                WOLFSSL_MSG("X509_EXTENSION_get_data() failed");
-                return NULL;
-            }
+
             newString = wolfSSL_ASN1_STRING_new();
             if (newString == NULL) {
                 WOLFSSL_MSG("Failed to malloc ASN1_STRING");
-                return NULL;
+                break;
             }
-            ret = wolfSSL_ASN1_STRING_set(newString, asn1String->data,
-                                                            asn1String->length);
+            ret = wolfSSL_ASN1_STRING_set(newString, cert->extSubjKeyId,
+                                          cert->extSubjKeyIdSz);
             if (ret != WOLFSSL_SUCCESS) {
                 WOLFSSL_MSG("ASN1_STRING_set() failed");
                 wolfSSL_ASN1_STRING_free(newString);
-                return NULL;
+                break;
             };
+
             newString->type = asn1String->type;
-            return newString;
+            data = newString;
+            break;
+        }
 
         /* authorityKeyIdentifier */
         case WC_NID_authority_key_identifier:
+        {
             WOLFSSL_MSG("AuthorityKeyIdentifier");
 
             akey = (WOLFSSL_AUTHORITY_KEYID*)
@@ -2042,7 +2025,7 @@ void* wolfSSL_X509V3_EXT_d2i(WOLFSSL_X509_EXTENSION* ext)
                     DYNAMIC_TYPE_X509_EXT);
             if (akey == NULL) {
                 WOLFSSL_MSG("Failed to malloc authority key id");
-                return NULL;
+                break;
             }
 
             XMEMSET(akey, 0, sizeof(WOLFSSL_AUTHORITY_KEYID));
@@ -2051,22 +2034,15 @@ void* wolfSSL_X509V3_EXT_d2i(WOLFSSL_X509_EXTENSION* ext)
             if (akey->keyid == NULL) {
                 WOLFSSL_MSG("ASN1_STRING_new() failed");
                 wolfSSL_AUTHORITY_KEYID_free(akey);
-                return NULL;
+                break;
             }
 
-            asn1String = wolfSSL_X509_EXTENSION_get_data(ext);
-            if (asn1String == NULL) {
-                WOLFSSL_MSG("X509_EXTENSION_get_data() failed");
-                wolfSSL_AUTHORITY_KEYID_free(akey);
-                return NULL;
-            }
-
-            ret = wolfSSL_ASN1_STRING_set(akey->keyid, asn1String->data,
-                                                            asn1String->length);
+            ret = wolfSSL_ASN1_STRING_set(akey->keyid, cert->extAuthKeyId,
+                                          cert->extAuthKeyIdSz);
             if (ret != WOLFSSL_SUCCESS) {
                 WOLFSSL_MSG("ASN1_STRING_set() failed");
                 wolfSSL_AUTHORITY_KEYID_free(akey);
-                return NULL;
+                break;
             };
             akey->keyid->type   = asn1String->type;
 
@@ -2074,71 +2050,83 @@ void* wolfSSL_X509V3_EXT_d2i(WOLFSSL_X509_EXTENSION* ext)
                 updated for future use */
             akey->issuer = NULL;
             akey->serial = NULL;
-            return akey;
+
+            data = akey;
+            break;
+        }
 
         /* keyUsage */
         case WC_NID_key_usage:
+        {
             WOLFSSL_MSG("keyUsage");
+
             /* This may need to be updated for future use. The i2v method for
                 keyUsage is not currently set. For now, return the ASN1_STRING
                 representation of KeyUsage bit string */
-            asn1String = wolfSSL_X509_EXTENSION_get_data(ext);
-            if (asn1String == NULL) {
-                WOLFSSL_MSG("X509_EXTENSION_get_data() failed");
-                return NULL;
-            }
             newString = wolfSSL_ASN1_STRING_new();
             if (newString == NULL) {
                 WOLFSSL_MSG("Failed to malloc ASN1_STRING");
-                return NULL;
+                break;
             }
-            ret = wolfSSL_ASN1_STRING_set(newString, asn1String->data,
-                                                            asn1String->length);
+            ret = wolfSSL_ASN1_STRING_set(newString, (byte*)&cert->extKeyUsage,
+                                                                sizeof(word16));
             if (ret != WOLFSSL_SUCCESS) {
                 WOLFSSL_MSG("ASN1_STRING_set() failed");
                 wolfSSL_ASN1_STRING_free(newString);
-                return NULL;
+                break;
             };
             newString->type = asn1String->type;
-            return newString;
+            data = newString;
+            break;
+        }
 
         /* extKeyUsage */
         case WC_NID_ext_key_usage:
             WOLFSSL_MSG("extKeyUsage not supported yet");
-            return NULL;
+            break;
 
         /* certificatePolicies */
         case WC_NID_certificate_policies:
             WOLFSSL_MSG("certificatePolicies not supported yet");
-            return NULL;
+            break;
 
         /* cRLDistributionPoints */
         case WC_NID_crl_distribution_points:
             WOLFSSL_MSG("cRLDistributionPoints not supported yet");
-            return NULL;
+            break;
 
         case WC_NID_subject_alt_name:
             if (ext->ext_sk == NULL) {
                 WOLFSSL_MSG("Subject alt name stack NULL");
-                return NULL;
+                break;
             }
             sk = wolfSSL_sk_dup(ext->ext_sk);
             if (sk == NULL) {
                 WOLFSSL_MSG("Failed to duplicate subject alt names stack.");
-                return NULL;
+                break;
             }
-            return sk;
+            data = sk;
+            break;
 
         /* authorityInfoAccess */
         case WC_NID_info_access:
             WOLFSSL_MSG("AuthorityInfoAccess");
-            return wolfssl_x509v3_ext_aia_d2i(ext);
+            data = wolfssl_x509v3_ext_aia_d2i(ext);
+            break;
 
         default:
             WOLFSSL_MSG("Extension NID not in table, returning NULL");
             break;
     }
-    return NULL;
+
+out:
+
+    FreeDecodedCert(cert);
+#ifdef WOLFSSL_SMALL_STACK
+    XFREE(cert, NULL, DYNAMIC_TYPE_X509_EXT);
+#endif
+
+    return data;
 }
 
 /* Looks for the extension matching the passed in nid
@@ -3288,14 +3276,154 @@ int wolfSSL_X509_EXTENSION_set_object(WOLFSSL_X509_EXTENSION* ext,
 }
 #endif /* OPENSSL_ALL */
 
+#ifdef WOLFSSL_OLD_EXTDATA_FMT
+/*
+ * Replace the current string in 'asn1str', which is the full X.509
+ * extension octet string with some data specific for the extension
+ * type. The extension is the one given in 'oid'.
+ * Return 0 in case of success, or a negative error code.
+ */
+static int wolfSSL_ASN1_STRING_into_old_ext_fmt(WOLFSSL_ASN1_STRING *asn1str,
+                                                word32 oid)
+{
+    switch (oid)
+    {
+        case AUTH_INFO_OID:
+            wolfSSL_ASN1_STRING_clear(asn1str);
+            asn1str->data = NULL;
+            asn1str->length = 0;
+            return 0;
+
+        case AUTH_KEY_OID:
+        {
+            int ret = 0;
+            const byte *extAuthKeyId = NULL;
+            word32 extAuthKeyIdSz = 0;
+            char *data = NULL;
+
+            ret = DecodeAuthKeyId((const byte *)asn1str->data, asn1str->length,
+                    &extAuthKeyId, &extAuthKeyIdSz, NULL, NULL, NULL, NULL);
+
+            if (ret != 0)
+                return ret;
+
+            data = (char*)XMALLOC((size_t)(extAuthKeyIdSz), NULL,
+                                  DYNAMIC_TYPE_OPENSSL);
+            if (data == NULL)
+                return MEMORY_ERROR;
+
+            XMEMCPY(data, extAuthKeyId, (size_t)extAuthKeyIdSz);
+            wolfSSL_ASN1_STRING_set(asn1str, data, extAuthKeyIdSz);
+            XFREE(data, NULL, DYNAMIC_TYPE_OPENSSL);
+            return 0;
+        }
+
+        case SUBJ_KEY_OID:
+        {
+            int ret = 0;
+            const byte *extSubjKeyId = NULL;
+            word32 extSubjKeyIdSz = 0;
+            char *data = NULL;
+
+            ret = DecodeSubjKeyId((const byte *)asn1str->data, asn1str->length,
+                    &extSubjKeyId, &extSubjKeyIdSz);
+            if (ret != 0)
+                return ret;
+
+            data = (char*)XMALLOC((size_t)(extSubjKeyIdSz), NULL,
+                                  DYNAMIC_TYPE_OPENSSL);
+            if (data == NULL)
+                return MEMORY_ERROR;
+
+            XMEMCPY(data, extSubjKeyId, (size_t)extSubjKeyIdSz);
+            wolfSSL_ASN1_STRING_set(asn1str, data, extSubjKeyIdSz);
+            XFREE(data, NULL, DYNAMIC_TYPE_OPENSSL);
+            return 0;
+        }
+
+        case CERT_POLICY_OID:
+            wolfSSL_ASN1_STRING_clear(asn1str);
+            asn1str->data = NULL;
+            asn1str->length = 0;
+            return 0;
+
+        case KEY_USAGE_OID:
+        {
+            int ret = 0;
+            word16 extKeyUsage = 0;
+
+            ret = DecodeKeyUsage((const byte *)asn1str->data, asn1str->length,
+                    &extKeyUsage);
+            if (ret != 0)
+                return ret;
+
+            wolfSSL_ASN1_STRING_set(asn1str, (byte*)&extKeyUsage,
+                                    sizeof(extKeyUsage));
+            return 0;
+        }
+
+        case EXT_KEY_USAGE_OID:
+        {
+            int ret = 0;
+            const byte *extExtKeyUsageSrc = NULL;
+            word32 extExtKeyUsageSz = 0;
+            word32 extExtKeyUsageCount = 0;
+            byte extExtKeyUsage = 0;
+            byte extExtKeyUsageSsh = 0;
+            char *data = NULL;
+
+            ret = DecodeExtKeyUsage((const byte*)asn1str->data, asn1str->length,
+                    &extExtKeyUsageSrc, &extExtKeyUsageSz, &extExtKeyUsageCount,
+                    &extExtKeyUsage, &extExtKeyUsageSsh);
+            if (ret != 0)
+                return ret;
+
+            data = (char*)XMALLOC((size_t)(extExtKeyUsageSz), NULL,
+                                  DYNAMIC_TYPE_OPENSSL);
+            if (data == NULL)
+                return MEMORY_ERROR;
+
+            XMEMCPY(data, extExtKeyUsageSrc, (size_t)extExtKeyUsageSz);
+            wolfSSL_ASN1_STRING_set(asn1str, data, extExtKeyUsageSz);
+            XFREE(data, NULL, DYNAMIC_TYPE_OPENSSL);
+            return 0;
+        }
+
+        case CRL_DIST_OID:
+            wolfSSL_ASN1_STRING_clear(asn1str);
+            asn1str->data = NULL;
+            asn1str->length = 0;
+            return 0;
+
+        default:
+            /* Do nothing, it is already set */
+            return 0;
+    }
+}
+#endif /* WOLFSSL_OLD_EXTDATA_FMT */
+
 /* Returns pointer to ASN1_STRING in X509_EXTENSION object */
 WOLFSSL_ASN1_STRING* wolfSSL_X509_EXTENSION_get_data(
     WOLFSSL_X509_EXTENSION* ext)
 {
-    WOLFSSL_ENTER("wolfSSL_X509_EXTENSION_get_data");
-    if (ext == NULL)
-        return NULL;
-    return &ext->value;
+    WOLFSSL_ASN1_STRING *ret;
+
+    ret =  wolfSSL_X509_EXTENSION_get_data_internal(ext);
+
+#ifdef WOLFSSL_OLD_EXTDATA_FMT
+    if (ret)
+    {
+        int error;
+        error = wolfSSL_ASN1_STRING_into_old_ext_fmt (ret, ext->obj->type);
+        if (error != 0)
+        {
+            WOLFSSL_MSG("Error calling wolfSSL_ASN1_STRING_into_old_ext_fmt");
+            return NULL;
+        }
+    }
+#endif
+
+    return ret;
 }
 
 
@@ -3311,7 +3439,7 @@ int wolfSSL_X509_EXTENSION_set_data(WOLFSSL_X509_EXTENSION* ext,
     if (ext == NULL || data == NULL)
         return WOLFSSL_FAILURE;
 
-    current = wolfSSL_X509_EXTENSION_get_data(ext);
+    current = wolfSSL_X509_EXTENSION_get_data_internal(ext);
     if (current->length > 0 && current->data != NULL && current->isDynamic) {
         XFREE(current->data, NULL, DYNAMIC_TYPE_OPENSSL);
     }
@@ -8386,7 +8514,7 @@ WOLFSSL_X509 *wolfSSL_d2i_X509_fp(XFILE fp, WOLFSSL_X509 **x509)
 /* @param file   file name to load                                 */
 /* @param type   WOLFSSL_FILETYPE_PEM or WOLFSSL_FILETYPE_ASN1     */
 /* @return a number of loading CRL or certificate, otherwise zero  */
-WOLFSSL_API int wolfSSL_X509_load_cert_crl_file(WOLFSSL_X509_LOOKUP *ctx,
+int wolfSSL_X509_load_cert_crl_file(WOLFSSL_X509_LOOKUP *ctx,
     const char *file, int type)
 {
     WOLFSSL_X509 *x509 = NULL;
@@ -8523,7 +8651,7 @@ WOLFSSL_API int wolfSSL_X509_load_cert_crl_file(WOLFSSL_X509_LOOKUP *ctx,
 #ifdef HAVE_CRL
 
 #ifndef NO_BIO
-WOLFSSL_API WOLFSSL_X509_CRL *wolfSSL_d2i_X509_CRL_bio(WOLFSSL_BIO *bp,
+WOLFSSL_X509_CRL *wolfSSL_d2i_X509_CRL_bio(WOLFSSL_BIO *bp,
                                                     WOLFSSL_X509_CRL **x)
 {
     int derSz;
@@ -8561,7 +8689,7 @@ WOLFSSL_X509_CRL *wolfSSL_d2i_X509_CRL_fp(XFILE fp, WOLFSSL_X509_CRL **crl)
 /* @param file  a file to read                                           */
 /* @param type  WOLFSSL_FILETYPE_PEM or WOLFSSL_FILETYPE_ASN1            */
 /* @return WOLFSSL_SUCCESS(1) on successful, otherwise WOLFSSL_FAILURE(0)*/
-WOLFSSL_API int wolfSSL_X509_load_crl_file(WOLFSSL_X509_LOOKUP *ctx,
+int wolfSSL_X509_load_crl_file(WOLFSSL_X509_LOOKUP *ctx,
                                              const char *file, int type)
 {
 #ifndef NO_BIO
@@ -12398,7 +12526,7 @@ err_exit:
     return NULL;
 }
 
-WOLFSSL_API WOLFSSL_X509* wolfSSL_PEM_read_X509(XFILE fp, WOLFSSL_X509 **x,
+WOLFSSL_X509* wolfSSL_PEM_read_X509(XFILE fp, WOLFSSL_X509 **x,
                                                 wc_pem_password_cb *cb, void *u)
 {
     return (WOLFSSL_X509* )wolfSSL_PEM_read_X509_ex(fp, (void **)x, cb, u,
@@ -12406,7 +12534,7 @@ WOLFSSL_API WOLFSSL_X509* wolfSSL_PEM_read_X509(XFILE fp, WOLFSSL_X509 **x,
 }
 
 #if defined(HAVE_CRL)
-WOLFSSL_API WOLFSSL_X509_CRL* wolfSSL_PEM_read_X509_CRL(XFILE fp,
+WOLFSSL_X509_CRL* wolfSSL_PEM_read_X509_CRL(XFILE fp,
                         WOLFSSL_X509_CRL **crl, wc_pem_password_cb *cb, void *u)
 {
     return (WOLFSSL_X509_CRL* )wolfSSL_PEM_read_X509_ex(fp, (void **)crl, cb, u,
@@ -15663,7 +15791,7 @@ int wolfSSL_X509_ACERT_get_serial_number(WOLFSSL_X509_ACERT* x509,
  * Returns WOLFSSL_SUCCESS on success.
  * Returns BAD_FUNC_ARG if input pointers are null.
  * */
-WOLFSSL_API int wolfSSL_X509_ACERT_get_attr_buf(const WOLFSSL_X509_ACERT* x509,
+int wolfSSL_X509_ACERT_get_attr_buf(const WOLFSSL_X509_ACERT* x509,
                                                 const byte ** rawAttr,
                                                 word32 * rawAttrLen)
 {
@@ -15678,7 +15806,7 @@ WOLFSSL_API int wolfSSL_X509_ACERT_get_attr_buf(const WOLFSSL_X509_ACERT* x509,
 }
 
 #ifndef NO_WOLFSSL_STUB
-WOLFSSL_API int wolfSSL_X509_ACERT_sign(WOLFSSL_X509_ACERT * x509,
+int wolfSSL_X509_ACERT_sign(WOLFSSL_X509_ACERT * x509,
                                         WOLFSSL_EVP_PKEY * pkey,
                                         const WOLFSSL_EVP_MD * md)
 {
diff --git a/src/x509_str.c b/src/x509_str.c
index 4571b95bd..f10281397 100644
--- a/src/x509_str.c
+++ b/src/x509_str.c
@@ -404,6 +404,64 @@ exit:
     return ret;
 }
 
+static int X509StoreRemoveCa(WOLFSSL_X509_STORE* store,
+                                            WOLFSSL_X509* x509, int type) {
+    int result = WC_NO_ERR_TRACE(WOLFSSL_FATAL_ERROR);
+    byte          hash[KEYID_SIZE];
+
+    if (store != NULL && x509 != NULL && x509->derCert != NULL) {
+        result = GetHashId(x509->subjKeyId, (int)x509->subjKeyIdSz,
+                    hash, HashIdAlg(x509->sigOID));
+        if (result) {
+            result = WOLFSSL_FATAL_ERROR;
+        } else {
+            result = RemoveCA(store->cm, hash, type);
+        }
+    }
+
+    return result;
+}
+
+static int X509StoreMoveCert(WOLFSSL_STACK *certs_stack,
+                             WOLFSSL_STACK *dest_stack,
+                             WOLFSSL_X509 *cert) {
+    int i;
+
+    if (certs_stack == NULL || dest_stack == NULL || cert == NULL)
+        return WOLFSSL_FATAL_ERROR;
+
+    for (i = 0; i < wolfSSL_sk_X509_num(certs_stack); i++) {
+        if (wolfSSL_sk_X509_value(certs_stack, i) == cert) {
+            wolfSSL_sk_X509_push(dest_stack,
+                                 (WOLFSSL_X509*)wolfSSL_sk_pop_node(certs_stack, i));
+            return WOLFSSL_SUCCESS;
+        }
+    }
+
+    return WOLFSSL_FAILURE;
+}
+
+
+/* Current certificate failed, but it is possible there is an
+ * alternative cert with the same subject key which will work.
+ * Retry until all possible candidate certs are exhausted. */
+static int X509VerifyCertSetupRetry(WOLFSSL_X509_STORE_CTX* ctx,
+    WOLF_STACK_OF(WOLFSSL_X509)* certs, WOLF_STACK_OF(WOLFSSL_X509)* failed,
+    int* depth, int origDepth) {
+    int ret = WC_NO_ERR_TRACE(WOLFSSL_FAILURE);
+
+    WOLFSSL_MSG("X509_verify_cert current cert failed, "
+                "retrying with other certs.");
+    ret = X509StoreRemoveCa(ctx->store, ctx->current_cert,
+                            WOLFSSL_TEMP_CA);
+    X509StoreMoveCert(certs, failed, ctx->current_cert);
+    ctx->current_cert = wolfSSL_sk_X509_pop(ctx->chain);
+    if (*depth < origDepth)
+        *depth += 1;
+
+    return ret;
+}
+
 /* Verifies certificate chain using WOLFSSL_X509_STORE_CTX
  * returns 1 on success or <= 0 on failure.
  */
@@ -414,11 +472,14 @@ int wolfSSL_X509_verify_cert(WOLFSSL_X509_STORE_CTX* ctx)
     int added = 0;
     int i = 0;
     int numInterAdd = 0;
+    int numFailedCerts = 0;
     int depth = 0;
+    int origDepth = 0;
     WOLFSSL_X509 *issuer = NULL;
     WOLFSSL_X509 *orig = NULL;
     WOLF_STACK_OF(WOLFSSL_X509)* certs = NULL;
     WOLF_STACK_OF(WOLFSSL_X509)* certsToUse = NULL;
+    WOLF_STACK_OF(WOLFSSL_X509)* failedCerts = NULL;
     WOLFSSL_ENTER("wolfSSL_X509_verify_cert");
 
     if (ctx == NULL || ctx->store == NULL || ctx->store->cm == NULL
@@ -427,6 +488,7 @@ int wolfSSL_X509_verify_cert(WOLFSSL_X509_STORE_CTX* ctx)
     }
 
     certs = ctx->store->certs;
+
     if (ctx->setTrustedSk != NULL) {
         certs = ctx->setTrustedSk;
     }
@@ -450,6 +512,10 @@ int wolfSSL_X509_verify_cert(WOLFSSL_X509_STORE_CTX* ctx)
     }
     ctx->chain = wolfSSL_sk_X509_new_null();
 
+    failedCerts = wolfSSL_sk_X509_new_null();
+    if (!failedCerts)
+        return WOLFSSL_FATAL_ERROR;
+
     if (ctx->depth > 0) {
         depth = ctx->depth + 1;
     }
@@ -458,6 +524,7 @@ int wolfSSL_X509_verify_cert(WOLFSSL_X509_STORE_CTX* ctx)
     }
 
     orig = ctx->current_cert;
+    origDepth = depth;
     while(done == 0 && depth > 0) {
         issuer = NULL;
 
@@ -486,23 +553,28 @@ int wolfSSL_X509_verify_cert(WOLFSSL_X509_STORE_CTX* ctx)
                         goto exit;
                     }
                 }
-            } else {
+            } else
         #endif
-            ret = X509StoreAddCa(ctx->store, issuer,
-                                            WOLFSSL_TEMP_CA);
-            if (ret != WOLFSSL_SUCCESS) {
-                goto exit;
+            {
+                ret = X509StoreAddCa(ctx->store, issuer,
+                                                WOLFSSL_TEMP_CA);
+                if (ret != WOLFSSL_SUCCESS) {
+                    X509VerifyCertSetupRetry(ctx, certs, failedCerts,
+                        &depth, origDepth);
+                    continue;
+                }
+                added = 1;
+                ret = X509StoreVerifyCert(ctx);
+                if (ret != WOLFSSL_SUCCESS) {
+                    if ((origDepth - depth) <= 1)
+                        added = 0;
+                    X509VerifyCertSetupRetry(ctx, certs, failedCerts,
+                        &depth, origDepth);
+                    continue;
+                }
+                /* Add it to the current chain and look at the issuer cert next */
+                wolfSSL_sk_X509_push(ctx->chain, ctx->current_cert);
             }
-            added = 1;
-            ret = X509StoreVerifyCert(ctx);
-            if (ret != WOLFSSL_SUCCESS) {
-                goto exit;
-            }
-            /* Add it to the current chain and look at the issuer cert next */
-            wolfSSL_sk_X509_push(ctx->chain, ctx->current_cert);
-        #if defined(OPENSSL_ALL) || defined(WOLFSSL_QT)
-            }
-        #endif
             ctx->current_cert = issuer;
         }
         else if (ret == WC_NO_ERR_TRACE(WOLFSSL_FAILURE)) {
@@ -515,8 +587,11 @@ int wolfSSL_X509_verify_cert(WOLFSSL_X509_STORE_CTX* ctx)
                     (added == 1)) {
                     wolfSSL_sk_X509_push(ctx->chain, ctx->current_cert);
                     ret = WOLFSSL_SUCCESS;
+                } else {
+                    X509VerifyCertSetupRetry(ctx, certs, failedCerts,
+                        &depth, origDepth);
+                    continue;
                 }
-                goto exit;
             }
 
             /* Cert verified, finish building the chain */
@@ -551,6 +626,14 @@ int wolfSSL_X509_verify_cert(WOLFSSL_X509_STORE_CTX* ctx)
     }
 
 exit:
+    /* Copy back failed certs. */
+    numFailedCerts = wolfSSL_sk_X509_num(failedCerts);
+    for (i = 0; i < numFailedCerts; i++)
+    {
+        wolfSSL_sk_X509_push(certs, wolfSSL_sk_X509_pop(failedCerts));
+    }
+    wolfSSL_sk_X509_pop_free(failedCerts, NULL);
+
     /* Remove additional intermediates from init from the store */
     if (ctx != NULL && numInterAdd > 0) {
         for (i = 0; i < numInterAdd; i++) {
@@ -1390,7 +1473,6 @@ static int X509StoreAddCa(WOLFSSL_X509_STORE* store,
     return result;
 }
 
-
 int wolfSSL_X509_STORE_add_cert(WOLFSSL_X509_STORE* store, WOLFSSL_X509* x509)
 {
     int result = WC_NO_ERR_TRACE(WOLFSSL_FATAL_ERROR);
@@ -1584,7 +1666,7 @@ static int X509StoreLoadFile(WOLFSSL_X509_STORE *str,
  * a file or directory.
  * Returns WOLFSSL_SUCCESS on success or WOLFSSL_FAILURE if an error occurs.
  */
-WOLFSSL_API int wolfSSL_X509_STORE_load_locations(WOLFSSL_X509_STORE *str,
+int wolfSSL_X509_STORE_load_locations(WOLFSSL_X509_STORE *str,
                                             const char *file, const char *dir)
 {
     WOLFSSL_CTX* ctx;
diff --git a/support/wolfssl.pc.in b/support/wolfssl.pc.in
index 19aa4431c..9e799bbbe 100644
--- a/support/wolfssl.pc.in
+++ b/support/wolfssl.pc.in
@@ -7,5 +7,5 @@ Name: wolfssl
 Description: wolfssl C library.
 Version: @VERSION@
 Libs: -L${libdir} -lwolfssl
-Libs.private: @LIBM@
+Libs.private: @LIBM@ @PC_LIBS_PRIVATE@
 Cflags: -I${includedir}
diff --git a/tests/api.c b/tests/api.c
index 92272d02e..c22d02456 100644
--- a/tests/api.c
+++ b/tests/api.c
@@ -67,95 +67,10 @@
 /* for testing compatibility layer callbacks */
 #include "examples/server/server.h"
 
-#ifndef NO_MD5
-    #include <wolfssl/wolfcrypt/md5.h>
-#endif
-#ifndef NO_SHA
-    #include <wolfssl/wolfcrypt/sha.h>
-#endif
-#ifndef NO_SHA256
-    #include <wolfssl/wolfcrypt/sha256.h>
-#endif
-#ifdef WOLFSSL_SHA512
-    #include <wolfssl/wolfcrypt/sha512.h>
-#endif
-#ifdef WOLFSSL_SHA384
-    #include <wolfssl/wolfcrypt/sha512.h>
-#endif
-#ifdef WOLFSSL_SHA3
-    #include <wolfssl/wolfcrypt/sha3.h>
-#endif
-#ifdef WOLFSSL_SM3
-    #include <wolfssl/wolfcrypt/sm3.h>
-#endif
-#ifndef NO_AES
-    #include <wolfssl/wolfcrypt/aes.h>
-    #ifdef HAVE_AES_DECRYPT
-        #include <wolfssl/wolfcrypt/wc_encrypt.h>
-    #endif
-#endif
-#ifdef WOLFSSL_SM4
-    #include <wolfssl/wolfcrypt/sm4.h>
-#endif
-#ifdef WOLFSSL_RIPEMD
-    #include <wolfssl/wolfcrypt/ripemd.h>
-#endif
-#ifndef NO_DES3
-    #include <wolfssl/wolfcrypt/des3.h>
-    #include <wolfssl/wolfcrypt/wc_encrypt.h>
-#endif
-#ifdef WC_RC2
-    #include <wolfssl/wolfcrypt/rc2.h>
-#endif
-
-#ifndef NO_HMAC
-    #include <wolfssl/wolfcrypt/hmac.h>
-#endif
-
-#ifdef HAVE_CHACHA
-    #include <wolfssl/wolfcrypt/chacha.h>
-#endif
-
-#ifdef HAVE_POLY1305
-    #include <wolfssl/wolfcrypt/poly1305.h>
-#endif
-
-#if defined(HAVE_CHACHA) && defined(HAVE_POLY1305)
-    #include <wolfssl/wolfcrypt/chacha20_poly1305.h>
-#endif
-
-#ifdef HAVE_CAMELLIA
-    #include <wolfssl/wolfcrypt/camellia.h>
-#endif
-
-#ifndef NO_RC4
-    #include <wolfssl/wolfcrypt/arc4.h>
-#endif
-
-#ifdef HAVE_BLAKE2
-    #include <wolfssl/wolfcrypt/blake2.h>
-#endif
-
-#ifndef NO_RSA
-    #include <wolfssl/wolfcrypt/rsa.h>
-#endif
-
 #ifndef NO_SIG_WRAPPER
     #include <wolfssl/wolfcrypt/signature.h>
 #endif
 
-#ifdef HAVE_AESCCM
-    #include <wolfssl/wolfcrypt/aes.h>
-#endif
-
-#ifdef HAVE_PKCS7
-    #include <wolfssl/wolfcrypt/pkcs7.h>
-    #include <wolfssl/wolfcrypt/asn.h>
-    #ifdef HAVE_LIBZ
-        #include <wolfssl/wolfcrypt/compress.h>
-    #endif
-#endif
-
 #ifdef WOLFSSL_SMALL_CERT_VERIFY
     #include <wolfssl/wolfcrypt/asn.h>
 #endif
@@ -164,37 +79,6 @@
     #include <wolfssl/wolfcrypt/dsa.h>
 #endif
 
-#ifdef WOLFSSL_CMAC
-    #include <wolfssl/wolfcrypt/cmac.h>
-#endif
-
-#ifdef HAVE_ED25519
-    #include <wolfssl/wolfcrypt/ed25519.h>
-#endif
-#ifdef HAVE_CURVE25519
-    #include <wolfssl/wolfcrypt/curve25519.h>
-#endif
-#ifdef HAVE_ED448
-    #include <wolfssl/wolfcrypt/ed448.h>
-#endif
-#ifdef HAVE_CURVE448
-    #include <wolfssl/wolfcrypt/curve448.h>
-#endif
-
-#ifdef WOLFSSL_HAVE_MLKEM
-    #include <wolfssl/wolfcrypt/mlkem.h>
-#ifdef WOLFSSL_WC_MLKEM
-    #include <wolfssl/wolfcrypt/wc_mlkem.h>
-#endif
-#endif
-#ifdef HAVE_DILITHIUM
-    #include <wolfssl/wolfcrypt/dilithium.h>
-#endif
-
-#ifdef HAVE_PKCS12
-    #include <wolfssl/wolfcrypt/pkcs12.h>
-#endif
-
 #if defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL) || \
     defined(OPENSSL_ALL)
     #include <wolfssl/openssl/ssl.h>
@@ -243,9 +127,6 @@
 #ifdef HAVE_ECC
     #include <wolfssl/openssl/ecdsa.h>
 #endif
-#ifdef HAVE_PKCS7
-    #include <wolfssl/openssl/pkcs7.h>
-#endif
 #ifdef HAVE_CURVE25519
     #include <wolfssl/openssl/ec25519.h>
 #endif
@@ -333,12 +214,20 @@
 #include <tests/api/test_tls.h>
 #include <tests/api/test_x509.h>
 #include <tests/api/test_asn.h>
-
-#if !defined(NO_FILESYSTEM) && !defined(NO_CERTS) && !defined(NO_TLS) && \
-    !defined(NO_RSA)        && !defined(SINGLE_THREADED) && \
-    !defined(NO_WOLFSSL_SERVER) && !defined(NO_WOLFSSL_CLIENT)
-    #define HAVE_IO_TESTS_DEPENDENCIES
-#endif
+#include <tests/api/test_pkcs7.h>
+#include <tests/api/test_pkcs12.h>
+#include <tests/api/test_ossl_asn1.h>
+#include <tests/api/test_ossl_bn.h>
+#include <tests/api/test_ossl_bio.h>
+#include <tests/api/test_ossl_dgst.h>
+#include <tests/api/test_ossl_mac.h>
+#include <tests/api/test_ossl_cipher.h>
+#include <tests/api/test_ossl_rsa.h>
+#include <tests/api/test_ossl_dh.h>
+#include <tests/api/test_ossl_ec.h>
+#include <tests/api/test_ossl_ecx.h>
+#include <tests/api/test_ossl_dsa.h>
+#include <tests/api/test_tls13.h>
 
 #if !defined(NO_FILESYSTEM) && !defined(NO_CERTS) && !defined(NO_TLS) && \
     !defined(NO_RSA) && \
@@ -365,32 +254,6 @@
     #endif
 #endif
 
-#if defined(HAVE_PKCS7)
-    typedef struct {
-        const byte* content;
-        word32      contentSz;
-        int         contentOID;
-        int         encryptOID;
-        int         keyWrapOID;
-        int         keyAgreeOID;
-        byte*       cert;
-        size_t      certSz;
-        byte*       privateKey;
-        word32      privateKeySz;
-    } pkcs7EnvelopedVector;
-
-    #ifndef NO_PKCS7_ENCRYPTED_DATA
-        typedef struct {
-            const byte*     content;
-            word32          contentSz;
-            int             contentOID;
-            int             encryptOID;
-            byte*           encryptionKey;
-            word32          encryptionKeySz;
-        } pkcs7EncryptedVector;
-    #endif
-#endif /* HAVE_PKCS7 */
-
 #ifdef WOLFSSL_DUMP_MEMIO_STREAM
 const char* currentTestName;
 char tmpDirName[16];
@@ -469,7 +332,7 @@ static int wolfssl_bio_s_fixed_mem_read(WOLFSSL_BIO* bio, char* data, int len)
     return len;
 }
 
-static WOLFSSL_BIO_METHOD* wolfSSL_BIO_s_fixed_mem(void)
+WOLFSSL_BIO_METHOD* wolfSSL_BIO_s_fixed_mem(void)
 {
     static WOLFSSL_BIO_METHOD meth;
 
@@ -1883,9 +1746,9 @@ static int test_for_double_Free(void)
         ExpectNotNull(ctx = wolfSSL_CTX_new(wolfSSLv23_client_method()));
 #endif
         ExpectTrue(wolfSSL_CTX_use_certificate_file(ctx, testCertFile,
-            WOLFSSL_FILETYPE_PEM));
+            CERT_FILETYPE));
         ExpectTrue(wolfSSL_CTX_use_PrivateKey_file(ctx, testKeyFile,
-            WOLFSSL_FILETYPE_PEM));
+            CERT_FILETYPE));
         ExpectNotNull(ssl = wolfSSL_new(ctx));
 
         /* First test freeing SSL, then CTX */
@@ -1900,9 +1763,9 @@ static int test_for_double_Free(void)
         ExpectNotNull(ctx = wolfSSL_CTX_new(wolfSSLv23_server_method()));
 #endif
         ExpectTrue(wolfSSL_CTX_use_certificate_file(ctx, testCertFile,
-            WOLFSSL_FILETYPE_PEM));
+            CERT_FILETYPE));
         ExpectTrue(wolfSSL_CTX_use_PrivateKey_file(ctx, testKeyFile,
-            WOLFSSL_FILETYPE_PEM));
+            CERT_FILETYPE));
         ExpectNotNull(ssl = wolfSSL_new(ctx));
 
         /* Next test freeing CTX then SSL */
@@ -1918,9 +1781,9 @@ static int test_for_double_Free(void)
 #endif
         /* Test setting ciphers at ctx level */
         ExpectTrue(wolfSSL_CTX_use_certificate_file(ctx, testCertFile,
-            WOLFSSL_FILETYPE_PEM));
+            CERT_FILETYPE));
         ExpectTrue(wolfSSL_CTX_use_PrivateKey_file(ctx, testKeyFile,
-            WOLFSSL_FILETYPE_PEM));
+            CERT_FILETYPE));
         ExpectTrue(wolfSSL_CTX_set_cipher_list(ctx, optionsCiphers));
 #if defined(OPENSSL_EXTRA) && defined(WOLFSSL_TLS13) && defined(HAVE_AESGCM) && \
         defined(WOLFSSL_SHA384) && defined(WOLFSSL_AES_256)
@@ -1949,9 +1812,9 @@ static int test_for_double_Free(void)
         ExpectNotNull(ctx = wolfSSL_CTX_new(wolfSSLv23_server_method()));
 #endif
         ExpectTrue(wolfSSL_CTX_use_certificate_file(ctx, testCertFile,
-            WOLFSSL_FILETYPE_PEM));
+            CERT_FILETYPE));
         ExpectTrue(wolfSSL_CTX_use_PrivateKey_file(ctx, testKeyFile,
-            WOLFSSL_FILETYPE_PEM));
+            CERT_FILETYPE));
         ExpectNotNull(ssl = wolfSSL_new(ctx));
         /* test setting ciphers at SSL level */
         ExpectTrue(wolfSSL_set_cipher_list(ssl, optionsCiphers));
@@ -2158,9 +2021,9 @@ static int test_wolfSSL_CTX_set_cipher_list_bytes(void)
 #endif
 
     ExpectTrue(wolfSSL_CTX_use_certificate_file(ctx, testCertFile,
-                                                         WOLFSSL_FILETYPE_PEM));
+                                                         CERT_FILETYPE));
     ExpectTrue(wolfSSL_CTX_use_PrivateKey_file(ctx, testKeyFile,
-                                                         WOLFSSL_FILETYPE_PEM));
+                                                         CERT_FILETYPE));
 
     ExpectNotNull(ssl = wolfSSL_new(ctx));
 
@@ -2221,21 +2084,21 @@ static int test_wolfSSL_CTX_use_certificate_file(void)
 
     /* invalid context */
     ExpectFalse(wolfSSL_CTX_use_certificate_file(NULL, svrCertFile,
-                                                         WOLFSSL_FILETYPE_PEM));
+                                                         CERT_FILETYPE));
     /* invalid cert file */
     ExpectFalse(wolfSSL_CTX_use_certificate_file(ctx, bogusFile,
-                                                         WOLFSSL_FILETYPE_PEM));
+                                                         CERT_FILETYPE));
     /* invalid cert type */
     ExpectFalse(wolfSSL_CTX_use_certificate_file(ctx, svrCertFile, 9999));
 
 #ifdef NO_RSA
     /* rsa needed */
     ExpectFalse(wolfSSL_CTX_use_certificate_file(ctx, svrCertFile,
-                                                         WOLFSSL_FILETYPE_PEM));
+                                                         CERT_FILETYPE));
 #else
     /* success */
     ExpectTrue(wolfSSL_CTX_use_certificate_file(ctx, svrCertFile,
-                                                         WOLFSSL_FILETYPE_PEM));
+                                                         CERT_FILETYPE));
 #endif
 
     wolfSSL_CTX_free(ctx);
@@ -2349,26 +2212,31 @@ static int test_wolfSSL_CTX_use_PrivateKey_file(void)
 
     /* invalid context */
     ExpectFalse(wolfSSL_CTX_use_PrivateKey_file(NULL, svrKeyFile,
-                                                         WOLFSSL_FILETYPE_PEM));
+                                                         CERT_FILETYPE));
     /* invalid key file */
     ExpectFalse(wolfSSL_CTX_use_PrivateKey_file(ctx, bogusFile,
-                                                         WOLFSSL_FILETYPE_PEM));
+                                                         CERT_FILETYPE));
     /* invalid key type */
     ExpectFalse(wolfSSL_CTX_use_PrivateKey_file(ctx, svrKeyFile, 9999));
 
     /* invalid key format */
+#ifdef WOLFSSL_PEM_TO_DER
     ExpectFalse(wolfSSL_CTX_use_PrivateKey_file(ctx, "./certs/dh-priv-2048.pem",
                                                          WOLFSSL_FILETYPE_PEM));
+#else
+    ExpectFalse(wolfSSL_CTX_use_PrivateKey_file(ctx, "./certs/dh-priv-2048.der",
+                                                         WOLFSSL_FILETYPE_ASN1));
+#endif
 
     /* success */
 #ifdef NO_RSA
     /* rsa needed */
     ExpectFalse(wolfSSL_CTX_use_PrivateKey_file(ctx, svrKeyFile,
-                                                         WOLFSSL_FILETYPE_PEM));
+                                                         CERT_FILETYPE));
 #else
     /* success */
     ExpectTrue(wolfSSL_CTX_use_PrivateKey_file(ctx, svrKeyFile,
-                                                         WOLFSSL_FILETYPE_PEM));
+                                                         CERT_FILETYPE));
 #endif
 
     wolfSSL_CTX_free(ctx);
@@ -2625,7 +2493,8 @@ static int test_wolfSSL_CTX_load_verify_locations(void)
     int* p;
 #endif
 #endif
-#if !defined(NO_WOLFSSL_DIR) && !defined(WOLFSSL_TIRTOS)
+#if !defined(NO_WOLFSSL_DIR) && !defined(WOLFSSL_TIRTOS) && \
+    defined(WOLFSSL_PEM_TO_DER)
     const char* load_certs_path = "./certs/external";
     const char* load_no_certs_path = "./examples";
     const char* load_expired_path = "./certs/test/expired";
@@ -2787,7 +2656,8 @@ static int test_wolfSSL_CTX_load_verify_locations(void)
 #endif
 #endif
 
-#if !defined(NO_WOLFSSL_DIR) && !defined(WOLFSSL_TIRTOS)
+#if !defined(NO_WOLFSSL_DIR) && !defined(WOLFSSL_TIRTOS) && \
+    defined(WOLFSSL_PEM_TO_DER)
     /* Test loading CA certificates using a path */
     #ifdef NO_RSA
     /* failure here okay since certs in external directory are RSA */
@@ -2836,7 +2706,8 @@ static int test_wolfSSL_CTX_load_system_CA_certs(void)
 {
     int res = TEST_SKIPPED;
 #if defined(WOLFSSL_SYS_CA_CERTS) && !defined(NO_WOLFSSL_CLIENT) && \
-    !defined(NO_TLS) && (!defined(NO_RSA) || defined(HAVE_ECC))
+    !defined(NO_TLS) && (!defined(NO_RSA) || defined(HAVE_ECC)) && \
+    defined(WOLFSSL_PEM_TO_DER)
     WOLFSSL_CTX* ctx;
     byte dirValid = 0;
     int ret = 0;
@@ -2931,7 +2802,7 @@ static int test_cm_load_ca_file(const char* ca_cert_file)
     ret = load_file(ca_cert_file, &cert_buf, &cert_sz);
     if (ret == 0) {
         /* normal test */
-        ret = test_cm_load_ca_buffer(cert_buf, cert_sz, WOLFSSL_FILETYPE_PEM);
+        ret = test_cm_load_ca_buffer(cert_buf, cert_sz, CERT_FILETYPE);
 
         if (ret == WOLFSSL_SUCCESS) {
             /* test including null terminator in length */
@@ -2943,7 +2814,7 @@ static int test_cm_load_ca_file(const char* ca_cert_file)
                 cert_buf = tmp;
                 cert_buf[cert_sz] = '\0';
                 ret = test_cm_load_ca_buffer(cert_buf, cert_sz+1,
-                        WOLFSSL_FILETYPE_PEM);
+                        CERT_FILETYPE);
             }
 
         }
@@ -3001,7 +2872,7 @@ static int test_cm_load_ca_file_ex(const char* ca_cert_file, word32 flags)
     if (ret == 0) {
         /* normal test */
         ret = test_cm_load_ca_buffer_ex(cert_buf, cert_sz,
-                                        WOLFSSL_FILETYPE_PEM, flags);
+                                        CERT_FILETYPE, flags);
 
         if (ret == WOLFSSL_SUCCESS) {
             /* test including null terminator in length */
@@ -3013,7 +2884,7 @@ static int test_cm_load_ca_file_ex(const char* ca_cert_file, word32 flags)
                 cert_buf = tmp;
                 cert_buf[cert_sz] = '\0';
                 ret = test_cm_load_ca_buffer_ex(cert_buf, cert_sz+1,
-                        WOLFSSL_FILETYPE_PEM, flags);
+                        CERT_FILETYPE, flags);
             }
 
         }
@@ -3045,7 +2916,7 @@ static int test_wolfSSL_CertManagerAPI(void)
     EXPECT_DECLS;
 #ifndef NO_CERTS
     WOLFSSL_CERT_MANAGER* cm = NULL;
-    unsigned char c;
+    unsigned char c = 0;
 
     ExpectNotNull(cm = wolfSSL_CertManagerNew_ex(NULL));
 
@@ -3080,9 +2951,13 @@ static int test_wolfSSL_CertManagerAPI(void)
 
 #if !defined(NO_FILESYSTEM)
     {
+    #ifdef WOLFSSL_PEM_TO_DER
         const char* ca_cert = "./certs/ca-cert.pem";
     #if !defined(NO_WOLFSSL_CLIENT) || !defined(WOLFSSL_NO_CLIENT_AUTH)
         const char* ca_cert_der = "./certs/ca-cert.der";
+    #endif
+    #else
+        const char* ca_cert = "./certs/ca-cert.der";
     #endif
         const char* ca_path = "./certs";
 
@@ -3095,10 +2970,12 @@ static int test_wolfSSL_CertManagerAPI(void)
             WOLFSSL_FILETYPE_PEM), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
         ExpectIntEQ(wolfSSL_CertManagerVerify(cm, ca_cert, -1),
             WC_NO_ERR_TRACE(WOLFSSL_BAD_FILETYPE));
-        ExpectIntEQ(wolfSSL_CertManagerVerify(cm, "no-file",
-            WOLFSSL_FILETYPE_ASN1), WC_NO_ERR_TRACE(WOLFSSL_BAD_FILE));
+#ifdef WOLFSSL_PEM_TO_DER
         ExpectIntEQ(wolfSSL_CertManagerVerify(cm, ca_cert_der,
             WOLFSSL_FILETYPE_PEM), WC_NO_ERR_TRACE(ASN_NO_PEM_HEADER));
+#endif
+        ExpectIntEQ(wolfSSL_CertManagerVerify(cm, "no-file",
+            WOLFSSL_FILETYPE_ASN1), WC_NO_ERR_TRACE(WOLFSSL_BAD_FILE));
     #endif
 
         ExpectIntEQ(wolfSSL_CertManagerLoadCA(NULL, NULL, NULL),
@@ -3216,8 +3093,13 @@ static int test_wolfSSL_CertManagerLoadCABuffer(void)
 {
     EXPECT_DECLS;
 #if !defined(NO_FILESYSTEM) && !defined(NO_CERTS) && !defined(NO_TLS)
+#if defined(WOLFSSL_PEM_TO_DER)
     const char* ca_cert = "./certs/ca-cert.pem";
     const char* ca_expired_cert = "./certs/test/expired/expired-ca.pem";
+#else
+    const char* ca_cert = "./certs/ca-cert.der";
+    const char* ca_expired_cert = "./certs/test/expired/expired-ca.der";
+#endif
     int ret;
 
     ExpectIntLE(ret = test_cm_load_ca_file(ca_cert), 1);
@@ -3248,8 +3130,13 @@ static int test_wolfSSL_CertManagerLoadCABuffer_ex(void)
 {
     EXPECT_DECLS;
 #if !defined(NO_FILESYSTEM) && !defined(NO_CERTS) && !defined(NO_TLS)
+#if defined(WOLFSSL_PEM_TO_DER)
     const char* ca_cert = "./certs/ca-cert.pem";
     const char* ca_expired_cert = "./certs/test/expired/expired-ca.pem";
+#else
+    const char* ca_cert = "./certs/ca-cert.der";
+    const char* ca_expired_cert = "./certs/test/expired/expired-ca.der";
+#endif
     int ret;
 
     ExpectIntLE(ret = test_cm_load_ca_file_ex(ca_cert, WOLFSSL_LOAD_FLAG_NONE),
@@ -3281,6 +3168,147 @@ static int test_wolfSSL_CertManagerLoadCABuffer_ex(void)
     return EXPECT_RESULT();
 }
 
+static int test_wolfSSL_CertManagerLoadCABufferType(void)
+{
+    EXPECT_DECLS;
+#if !defined(NO_FILESYSTEM) && !defined(NO_CERTS) && !defined(NO_TLS) && \
+    !defined(NO_RSA) && !defined(WOLFSSL_TEST_APPLE_NATIVE_CERT_VALIDATION)
+#if defined(WOLFSSL_PEM_TO_DER)
+    const char* ca_cert = "./certs/ca-cert.pem";
+    const char* int1_cert = "./certs/intermediate/ca-int-cert.pem";
+    const char* int2_cert = "./certs/intermediate/ca-int2-cert.pem";
+    const char* client_cert = "./certs/intermediate/client-int-cert.pem";
+#else
+    const char* ca_cert = "./certs/ca-cert.der";
+    const char* int1_cert = "./certs/intermediate/ca-int-cert.der";
+    const char* int2_cert = "./certs/intermediate/ca-int2-cert.der";
+    const char* client_cert = "./certs/intermediate/client-int-cert.der";
+#endif
+    byte* ca_cert_buf = NULL;
+    byte* int1_cert_buf = NULL;
+    byte* int2_cert_buf = NULL;
+    byte* client_cert_buf = NULL;
+    size_t ca_cert_sz = 0;
+    size_t int1_cert_sz = 0;
+    size_t int2_cert_sz = 0;
+    size_t client_cert_sz = 0;
+    WOLFSSL_CERT_MANAGER* cm = NULL;
+
+    ExpectNotNull(cm = wolfSSL_CertManagerNew());
+    ExpectIntEQ(load_file(ca_cert, &ca_cert_buf, &ca_cert_sz), 0);
+    ExpectIntEQ(load_file(int1_cert, &int1_cert_buf, &int1_cert_sz), 0);
+    ExpectIntEQ(load_file(int2_cert, &int2_cert_buf, &int2_cert_sz), 0);
+    ExpectIntEQ(load_file(client_cert, &client_cert_buf, &client_cert_sz), 0);
+
+    ExpectIntNE(wolfSSL_CertManagerLoadCABufferType(cm, ca_cert_buf,
+        (sword32)ca_cert_sz, CERT_FILETYPE, 0,
+        WOLFSSL_LOAD_VERIFY_DEFAULT_FLAGS, 0), WOLFSSL_SUCCESS);
+    ExpectIntNE(wolfSSL_CertManagerLoadCABufferType(cm, ca_cert_buf,
+        (sword32)ca_cert_sz, CERT_FILETYPE, 0,
+        WOLFSSL_LOAD_VERIFY_DEFAULT_FLAGS, 5), WOLFSSL_SUCCESS);
+
+    ExpectIntEQ(wolfSSL_CertManagerLoadCABufferType(cm, ca_cert_buf,
+        (sword32)ca_cert_sz, CERT_FILETYPE, 0,
+        WOLFSSL_LOAD_VERIFY_DEFAULT_FLAGS, WOLFSSL_USER_CA),
+        WOLFSSL_SUCCESS);
+    ExpectIntEQ(wolfSSL_CertManagerVerifyBuffer(cm, int1_cert_buf,
+        int1_cert_sz, CERT_FILETYPE), WOLFSSL_SUCCESS);
+    ExpectIntEQ(wolfSSL_CertManagerLoadCABufferType(cm, int1_cert_buf,
+        (sword32)int1_cert_sz, CERT_FILETYPE, 0,
+        WOLFSSL_LOAD_VERIFY_DEFAULT_FLAGS, WOLFSSL_USER_INTER),
+        WOLFSSL_SUCCESS);
+    ExpectIntEQ(wolfSSL_CertManagerVerifyBuffer(cm, int2_cert_buf,
+        int2_cert_sz, CERT_FILETYPE), WOLFSSL_SUCCESS);
+    ExpectIntEQ(wolfSSL_CertManagerLoadCABufferType(cm, int2_cert_buf,
+        (sword32)int2_cert_sz, CERT_FILETYPE, 0,
+        WOLFSSL_LOAD_VERIFY_DEFAULT_FLAGS, WOLFSSL_USER_INTER),
+        WOLFSSL_SUCCESS);
+    ExpectIntEQ(wolfSSL_CertManagerVerifyBuffer(cm, client_cert_buf,
+        client_cert_sz, CERT_FILETYPE), WOLFSSL_SUCCESS);
+    ExpectIntEQ(wolfSSL_CertManagerLoadCABufferType(cm, client_cert_buf,
+        (sword32)client_cert_sz, CERT_FILETYPE, 0,
+        WOLFSSL_LOAD_VERIFY_DEFAULT_FLAGS, WOLFSSL_USER_INTER),
+        WOLFSSL_SUCCESS);
+
+    ExpectIntEQ(wolfSSL_CertManagerUnloadTypeCerts(cm, WOLFSSL_USER_INTER),
+        WOLFSSL_SUCCESS);
+
+    /* Intermediate certs have been unloaded, but CA cert is still
+       loaded.  Expect first level intermediate to verify, rest to fail. */
+    ExpectIntEQ(wolfSSL_CertManagerVerifyBuffer(cm, int1_cert_buf,
+        int1_cert_sz, CERT_FILETYPE), WOLFSSL_SUCCESS);
+    ExpectIntNE(wolfSSL_CertManagerVerifyBuffer(cm, int2_cert_buf,
+        int2_cert_sz, CERT_FILETYPE), WOLFSSL_SUCCESS);
+    ExpectIntNE(wolfSSL_CertManagerVerifyBuffer(cm, client_cert_buf,
+        client_cert_sz, CERT_FILETYPE), WOLFSSL_SUCCESS);
+
+    ExpectIntEQ(wolfSSL_CertManagerLoadCABufferType(cm, int1_cert_buf,
+        (sword32)int1_cert_sz, CERT_FILETYPE, 0,
+        WOLFSSL_LOAD_VERIFY_DEFAULT_FLAGS, WOLFSSL_TEMP_CA),
+        WOLFSSL_SUCCESS);
+    ExpectIntEQ(wolfSSL_CertManagerVerifyBuffer(cm, int2_cert_buf,
+        int2_cert_sz, CERT_FILETYPE), WOLFSSL_SUCCESS);
+    ExpectIntEQ(wolfSSL_CertManagerLoadCABufferType(cm, int2_cert_buf,
+        (sword32)int2_cert_sz, CERT_FILETYPE, 0,
+        WOLFSSL_LOAD_VERIFY_DEFAULT_FLAGS, WOLFSSL_CHAIN_CA),
+        WOLFSSL_SUCCESS);
+    ExpectIntEQ(wolfSSL_CertManagerVerifyBuffer(cm, client_cert_buf,
+        client_cert_sz, CERT_FILETYPE), WOLFSSL_SUCCESS);
+    ExpectIntEQ(wolfSSL_CertManagerLoadCABufferType(cm, client_cert_buf,
+        (sword32)client_cert_sz, CERT_FILETYPE, 0,
+        WOLFSSL_LOAD_VERIFY_DEFAULT_FLAGS, WOLFSSL_USER_INTER),
+        WOLFSSL_SUCCESS);
+
+    ExpectIntEQ(wolfSSL_CertManagerUnloadTypeCerts(cm, WOLFSSL_USER_INTER),
+        WOLFSSL_SUCCESS);
+    ExpectIntEQ(wolfSSL_CertManagerVerifyBuffer(cm, int1_cert_buf,
+        int1_cert_sz, CERT_FILETYPE), WOLFSSL_SUCCESS);
+    ExpectIntEQ(wolfSSL_CertManagerVerifyBuffer(cm, int2_cert_buf,
+        int2_cert_sz, CERT_FILETYPE), WOLFSSL_SUCCESS);
+    ExpectIntEQ(wolfSSL_CertManagerVerifyBuffer(cm, client_cert_buf,
+        client_cert_sz, CERT_FILETYPE), WOLFSSL_SUCCESS);
+
+    ExpectIntEQ(wolfSSL_CertManagerUnloadTypeCerts(cm, WOLFSSL_CHAIN_CA),
+        WOLFSSL_SUCCESS);
+    ExpectIntEQ(wolfSSL_CertManagerVerifyBuffer(cm, int1_cert_buf,
+        int1_cert_sz, CERT_FILETYPE), WOLFSSL_SUCCESS);
+    ExpectIntEQ(wolfSSL_CertManagerVerifyBuffer(cm, int2_cert_buf,
+        int2_cert_sz, CERT_FILETYPE), WOLFSSL_SUCCESS);
+    ExpectIntNE(wolfSSL_CertManagerVerifyBuffer(cm, client_cert_buf,
+        client_cert_sz, CERT_FILETYPE), WOLFSSL_SUCCESS);
+
+    ExpectIntEQ(wolfSSL_CertManagerUnloadTypeCerts(cm, WOLFSSL_TEMP_CA),
+        WOLFSSL_SUCCESS);
+    ExpectIntEQ(wolfSSL_CertManagerVerifyBuffer(cm, int1_cert_buf,
+        int1_cert_sz, CERT_FILETYPE), WOLFSSL_SUCCESS);
+    ExpectIntNE(wolfSSL_CertManagerVerifyBuffer(cm, int2_cert_buf,
+        int2_cert_sz, CERT_FILETYPE), WOLFSSL_SUCCESS);
+    ExpectIntNE(wolfSSL_CertManagerVerifyBuffer(cm, client_cert_buf,
+        client_cert_sz, CERT_FILETYPE), WOLFSSL_SUCCESS);
+
+    ExpectIntEQ(wolfSSL_CertManagerUnloadTypeCerts(cm, WOLFSSL_USER_CA),
+        WOLFSSL_SUCCESS);
+    ExpectIntNE(wolfSSL_CertManagerVerifyBuffer(cm, int1_cert_buf,
+        int1_cert_sz, CERT_FILETYPE), WOLFSSL_SUCCESS);
+    ExpectIntNE(wolfSSL_CertManagerVerifyBuffer(cm, int2_cert_buf,
+        int2_cert_sz, CERT_FILETYPE), WOLFSSL_SUCCESS);
+    ExpectIntNE(wolfSSL_CertManagerVerifyBuffer(cm, client_cert_buf,
+        client_cert_sz, CERT_FILETYPE), WOLFSSL_SUCCESS);
+
+    if (cm)
+        wolfSSL_CertManagerFree(cm);
+    if (ca_cert_buf)
+        free(ca_cert_buf);
+    if (int1_cert_buf)
+        free(int1_cert_buf);
+    if (int2_cert_buf)
+        free(int2_cert_buf);
+    if (client_cert_buf)
+        free(client_cert_buf);
+#endif
+
+    return EXPECT_RESULT();
+}
 
 static int test_wolfSSL_CertManagerGetCerts(void)
 {
@@ -3359,8 +3387,13 @@ static int test_wolfSSL_CertManagerSetVerify(void)
     (!defined(NO_WOLFSSL_CLIENT) || !defined(WOLFSSL_NO_CLIENT_AUTH))
     WOLFSSL_CERT_MANAGER* cm = NULL;
     int tmp = myVerifyAction;
+#ifdef WOLFSSL_PEM_TO_DER
     const char* ca_cert = "./certs/ca-cert.pem";
     const char* expiredCert = "./certs/test/expired/expired-cert.pem";
+#else
+    const char* ca_cert = "./certs/ca-cert.der";
+    const char* expiredCert = "./certs/test/expired/expired-cert.der";
+#endif
 
     wolfSSL_CertManagerSetVerify(NULL, NULL);
     wolfSSL_CertManagerSetVerify(NULL, myVerify);
@@ -3379,7 +3412,7 @@ static int test_wolfSSL_CertManagerSetVerify(void)
     myVerifyAction = VERIFY_OVERRIDE_ERROR;
 
     ExpectIntEQ(wolfSSL_CertManagerVerify(cm, expiredCert,
-        WOLFSSL_FILETYPE_PEM), WOLFSSL_SUCCESS);
+        CERT_FILETYPE), WOLFSSL_SUCCESS);
 
 #ifdef WOLFSSL_ALWAYS_VERIFY_CB
     {
@@ -5093,13 +5126,21 @@ static int test_wolfSSL_CertRsaPss(void)
      (defined(HAVE_SELFTEST_VERSION) && (HAVE_SELFTEST_VERSION > 2)))
     XFILE f = XBADFILE;
     const char* rsaPssSha256Cert = "./certs/rsapss/ca-rsapss.der";
+#ifdef WOLFSSL_PEM_TO_DER
     const char* rsaPssRootSha256Cert = "./certs/rsapss/root-rsapss.pem";
+#else
+    const char* rsaPssRootSha256Cert = "./certs/rsapss/root-rsapss.der";
+#endif
 #if defined(WOLFSSL_SHA384) && defined(WOLFSSL_PSS_LONG_SALT) && \
     RSA_MAX_SIZE >= 3072
     const char* rsaPssSha384Cert = "./certs/rsapss/ca-3072-rsapss.der";
 #endif
 #if defined(WOLFSSL_SHA384) && RSA_MAX_SIZE >= 3072
+#ifdef WOLFSSL_PEM_TO_DER
     const char* rsaPssRootSha384Cert = "./certs/rsapss/root-3072-rsapss.pem";
+#else
+    const char* rsaPssRootSha384Cert = "./certs/rsapss/root-3072-rsapss.der";
+#endif
 #endif
     DecodedCert cert;
     byte buf[4096];
@@ -5247,8 +5288,13 @@ static int test_wolfSSL_CTX_load_verify_locations_ex(void)
 #if !defined(NO_FILESYSTEM) && !defined(NO_CERTS) && !defined(NO_TLS) && \
     !defined(NO_WOLFSSL_CLIENT) && !defined(NO_RSA)
     WOLFSSL_CTX* ctx = NULL;
+#ifdef WOLFSSL_PEM_TO_DER
     const char* ca_cert = "./certs/ca-cert.pem";
     const char* ca_expired_cert = "./certs/test/expired/expired-ca.pem";
+#else
+    const char* ca_cert = "./certs/ca-cert.der";
+    const char* ca_expired_cert = "./certs/test/expired/expired-ca.der";
+#endif
 
     ExpectNotNull(ctx = wolfSSL_CTX_new(wolfSSLv23_client_method()));
 
@@ -5457,7 +5503,7 @@ static int test_wolfSSL_CTX_use_certificate_chain_buffer_format(void)
     WOLFSSL_CTX* ctx = NULL;
     WOLFSSL* ssl = NULL;
 #ifndef NO_FILESYSTEM
-    const char* cert = "./certs/server-cert.pem";
+    const char* cert = svrCertFile;
     unsigned char* buf = NULL;
     size_t len = 0;
 
@@ -5475,19 +5521,23 @@ static int test_wolfSSL_CTX_use_certificate_chain_buffer_format(void)
         NULL, 0, WOLFSSL_FILETYPE_ASN1), WC_NO_ERR_TRACE(ASN_PARSE_E));
     ExpectIntEQ(wolfSSL_CTX_use_certificate_chain_buffer(NULL, NULL, 0),
         WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+#ifdef WOLFSSL_PEM_TO_DER
     ExpectIntEQ(wolfSSL_CTX_use_certificate_chain_buffer(ctx, NULL, 0),
         WC_NO_ERR_TRACE(ASN_NO_PEM_HEADER));
+#endif
     ExpectIntEQ(wolfSSL_CTX_use_certificate_chain_buffer(NULL, buf,
         (sword32)len), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
     ExpectIntEQ(wolfSSL_use_certificate_chain_buffer(NULL, NULL, 0),
         WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+#ifdef WOLFSSL_PEM_TO_DER
     ExpectIntEQ(wolfSSL_use_certificate_chain_buffer(ssl, NULL, 0),
         WC_NO_ERR_TRACE(ASN_NO_PEM_HEADER));
+#endif
     ExpectIntEQ(wolfSSL_use_certificate_chain_buffer(NULL, buf, (sword32)len),
         WC_NO_ERR_TRACE(BAD_FUNC_ARG));
 
     ExpectIntEQ(wolfSSL_CTX_use_certificate_chain_buffer_format(ctx, buf,
-        (sword32)len, WOLFSSL_FILETYPE_PEM), WOLFSSL_SUCCESS);
+        (sword32)len, CERT_FILETYPE), WOLFSSL_SUCCESS);
 
     ExpectIntEQ(wolfSSL_CTX_use_certificate_chain_buffer(ctx, buf, (sword32)len),
         WOLFSSL_SUCCESS);
@@ -5504,12 +5554,14 @@ static int test_wolfSSL_CTX_use_certificate_chain_buffer_format(void)
         server_cert_der_2048, sizeof_server_cert_der_2048,
         WOLFSSL_FILETYPE_ASN1), WOLFSSL_SUCCESS);
 
+#ifdef WOLFSSL_PEM_TO_DER
     ExpectIntEQ(wolfSSL_CTX_use_certificate_chain_buffer(ctx,
         server_cert_der_2048, sizeof_server_cert_der_2048),
         WC_NO_ERR_TRACE(ASN_NO_PEM_HEADER));
 
     ExpectIntEQ(wolfSSL_use_certificate_chain_buffer(ssl, server_cert_der_2048,
         sizeof_server_cert_der_2048), WC_NO_ERR_TRACE(ASN_NO_PEM_HEADER));
+#endif
 
     wolfSSL_free(ssl);
     wolfSSL_CTX_free(ctx);
@@ -5529,7 +5581,7 @@ static int test_wolfSSL_CTX_use_certificate_chain_file_format(void)
     !defined(NO_RSA) && \
     (!defined(NO_WOLFSSL_CLIENT) || !defined(NO_WOLFSSL_SERVER))
     const char* server_chain_der = "./certs/server-cert-chain.der";
-    const char* client_single_pem = "./certs/client-cert.pem";
+    const char* client_single_pem = cliCertFile;
     WOLFSSL_CTX* ctx = NULL;
 
     (void)server_chain_der;
@@ -5545,7 +5597,7 @@ static int test_wolfSSL_CTX_use_certificate_chain_file_format(void)
     ExpectIntEQ(wolfSSL_CTX_use_certificate_chain_file_format(ctx,
         server_chain_der, WOLFSSL_FILETYPE_ASN1), WOLFSSL_SUCCESS);
     ExpectIntEQ(wolfSSL_CTX_use_certificate_chain_file_format(ctx,
-        client_single_pem, WOLFSSL_FILETYPE_PEM), WOLFSSL_SUCCESS);
+        client_single_pem, CERT_FILETYPE), WOLFSSL_SUCCESS);
 
     wolfSSL_CTX_free(ctx);
 #endif
@@ -5558,7 +5610,7 @@ static int test_wolfSSL_use_certificate_chain_file(void)
 #if !defined(NO_FILESYSTEM) && !defined(NO_CERTS) && !defined(NO_TLS) && \
     !defined(NO_WOLFSSL_CLIENT) && !defined(NO_RSA)
     const char* server_chain_der = "./certs/server-cert-chain.der";
-    const char* client_single_pem = "./certs/client-cert.pem";
+    const char* client_single_pem = cliCertFile;
     WOLFSSL_CTX* ctx = NULL;
     WOLFSSL* ssl = NULL;
 
@@ -5580,13 +5632,15 @@ static int test_wolfSSL_use_certificate_chain_file(void)
         WC_NO_ERR_TRACE(WOLFSSL_FAILURE));
     ExpectIntEQ(wolfSSL_use_certificate_chain_file(NULL, client_single_pem),
         WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+#ifdef WOLFSSL_PEM_TO_DER
     ExpectIntEQ(wolfSSL_use_certificate_chain_file(ssl, server_chain_der),
         WC_NO_ERR_TRACE(WOLFSSL_FAILURE));
+#endif
 
     ExpectIntEQ(wolfSSL_use_certificate_chain_file_format(ssl,
         server_chain_der, WOLFSSL_FILETYPE_ASN1), WOLFSSL_SUCCESS);
     ExpectIntEQ(wolfSSL_use_certificate_chain_file_format(ssl,
-        client_single_pem, WOLFSSL_FILETYPE_PEM), WOLFSSL_SUCCESS);
+        client_single_pem, CERT_FILETYPE), WOLFSSL_SUCCESS);
     ExpectIntEQ(wolfSSL_use_certificate_chain_file(ssl, client_single_pem),
         WOLFSSL_SUCCESS);
 
@@ -5604,7 +5658,11 @@ static int test_wolfSSL_CTX_SetTmpDH_file(void)
     (!defined(NO_WOLFSSL_CLIENT) || !defined(NO_WOLFSSL_SERVER))
     WOLFSSL_CTX *ctx = NULL;
 #if defined(WOLFSSL_WPAS) && !defined(NO_DSA)
+#if defined(WOLFSSL_PEM_TO_DER)
     const char* dsaParamFile = "./certs/dsaparams.pem";
+#else
+    const char* dsaParamFile = "./certs/dsaparams.der";
+#endif
 #endif
 
     (void)ctx;
@@ -5617,21 +5675,21 @@ static int test_wolfSSL_CTX_SetTmpDH_file(void)
 
     /* invalid context */
     ExpectIntNE(WOLFSSL_SUCCESS, wolfSSL_CTX_SetTmpDH_file(NULL,
-                dhParamFile, WOLFSSL_FILETYPE_PEM));
+                dhParamFile, CERT_FILETYPE));
 
     /* invalid dhParamFile file */
     ExpectIntNE(WOLFSSL_SUCCESS, wolfSSL_CTX_SetTmpDH_file(ctx,
-                NULL, WOLFSSL_FILETYPE_PEM));
+                NULL, CERT_FILETYPE));
 
     ExpectIntNE(WOLFSSL_SUCCESS, wolfSSL_CTX_SetTmpDH_file(ctx,
-                bogusFile, WOLFSSL_FILETYPE_PEM));
+                bogusFile, CERT_FILETYPE));
 
     /* success */
     ExpectIntEQ(WOLFSSL_SUCCESS, wolfSSL_CTX_SetTmpDH_file(ctx, dhParamFile,
-                WOLFSSL_FILETYPE_PEM));
+                CERT_FILETYPE));
 #if defined(WOLFSSL_WPAS) && !defined(NO_DSA)
     ExpectIntEQ(WOLFSSL_SUCCESS, wolfSSL_CTX_SetTmpDH_file(ctx, dsaParamFile,
-                WOLFSSL_FILETYPE_PEM));
+                CERT_FILETYPE));
 #endif
 
     wolfSSL_CTX_free(ctx);
@@ -6022,9 +6080,9 @@ static int test_server_wolfSSL_new(void)
     ExpectNotNull(ctx        = wolfSSL_CTX_new(wolfSSLv23_server_method()));
 
     ExpectTrue(wolfSSL_CTX_use_certificate_file(ctx, svrCertFile,
-        WOLFSSL_FILETYPE_PEM));
+        CERT_FILETYPE));
     ExpectTrue(wolfSSL_CTX_use_PrivateKey_file(ctx, svrKeyFile,
-        WOLFSSL_FILETYPE_PEM));
+        CERT_FILETYPE));
 
     /* invalid context */
     ExpectNull(ssl = wolfSSL_new(NULL));
@@ -6087,53 +6145,60 @@ static int test_wolfSSL_SetTmpDH_file(void)
 
     WOLFSSL_CTX *ctx = NULL;
     WOLFSSL *ssl = NULL;
+#ifdef WOLFSSL_PEM_TO_DER
     const char* dhX942ParamFile = "./certs/x942dh2048.pem";
 #if defined(WOLFSSL_WPAS) && !defined(NO_DSA)
     const char* dsaParamFile = "./certs/dsaparams.pem";
+#endif
+#else
+    const char* dhX942ParamFile = "./certs/x942dh2048.der";
+#if defined(WOLFSSL_WPAS) && !defined(NO_DSA)
+    const char* dsaParamFile = "./certs/dsaparams.der";
+#endif
 #endif
 
     ExpectNotNull(ctx = wolfSSL_CTX_new(wolfSSLv23_server_method()));
 #ifndef NO_RSA
     ExpectTrue(wolfSSL_CTX_use_certificate_file(ctx, svrCertFile,
-               WOLFSSL_FILETYPE_PEM));
+               CERT_FILETYPE));
     ExpectTrue(wolfSSL_CTX_use_PrivateKey_file(ctx, svrKeyFile,
-               WOLFSSL_FILETYPE_PEM));
+               CERT_FILETYPE));
 #elif defined(HAVE_ECC)
     ExpectTrue(wolfSSL_CTX_use_certificate_file(ctx, eccCertFile,
-               WOLFSSL_FILETYPE_PEM));
+               CERT_FILETYPE));
     ExpectTrue(wolfSSL_CTX_use_PrivateKey_file(ctx, eccKeyFile,
-               WOLFSSL_FILETYPE_PEM));
+               CERT_FILETYPE));
 #elif defined(HAVE_ED25519)
     ExpectTrue(wolfSSL_CTX_use_certificate_file(ctx, edCertFile,
-               WOLFSSL_FILETYPE_PEM));
+               CERT_FILETYPE));
     ExpectTrue(wolfSSL_CTX_use_PrivateKey_file(ctx, edKeyFile,
-               WOLFSSL_FILETYPE_PEM));
+               CERT_FILETYPE));
 #elif defined(HAVE_ED448)
     ExpectTrue(wolfSSL_CTX_use_certificate_file(ctx, ed448CertFile,
-               WOLFSSL_FILETYPE_PEM));
+               CERT_FILETYPE));
     ExpectTrue(wolfSSL_CTX_use_PrivateKey_file(ctx, ed448KeyFile,
-               WOLFSSL_FILETYPE_PEM));
+               CERT_FILETYPE));
 #endif
     ExpectNotNull(ssl = wolfSSL_new(ctx));
 
     /* invalid ssl */
     ExpectIntNE(WOLFSSL_SUCCESS, wolfSSL_SetTmpDH_file(NULL,
-                dhParamFile, WOLFSSL_FILETYPE_PEM));
+                dhParamFile, CERT_FILETYPE));
 
     /* invalid dhParamFile file */
     ExpectIntNE(WOLFSSL_SUCCESS, wolfSSL_SetTmpDH_file(ssl,
-                NULL, WOLFSSL_FILETYPE_PEM));
+                NULL, CERT_FILETYPE));
     ExpectIntNE(WOLFSSL_SUCCESS, wolfSSL_SetTmpDH_file(ssl,
-                bogusFile, WOLFSSL_FILETYPE_PEM));
+                bogusFile, CERT_FILETYPE));
 
     /* success */
     ExpectIntEQ(WOLFSSL_SUCCESS, wolfSSL_SetTmpDH_file(ssl, dhParamFile,
-                WOLFSSL_FILETYPE_PEM));
+                CERT_FILETYPE));
     ExpectIntEQ(WOLFSSL_SUCCESS, wolfSSL_SetTmpDH_file(ssl, dhX942ParamFile,
-                WOLFSSL_FILETYPE_PEM));
+                CERT_FILETYPE));
 #if defined(WOLFSSL_WPAS) && !defined(NO_DSA)
     ExpectIntEQ(WOLFSSL_SUCCESS, wolfSSL_CTX_SetTmpDH_file(ctx, dsaParamFile,
-                WOLFSSL_FILETYPE_PEM));
+                CERT_FILETYPE));
 #endif
 
     wolfSSL_free(ssl);
@@ -6282,406 +6347,6 @@ static int test_wolfSSL_SetMinVersion(void)
 } /* END test_wolfSSL_SetMinVersion */
 
 
-#ifdef OPENSSL_EXTRA
-static int test_EC25519(void)
-{
-    EXPECT_DECLS;
-#if defined(HAVE_CURVE25519) && defined(WOLFSSL_KEY_GEN)
-    byte         priv[CURVE25519_KEYSIZE];
-    unsigned int privSz = CURVE25519_KEYSIZE;
-    byte         pub[CURVE25519_KEYSIZE];
-    unsigned int pubSz = CURVE25519_KEYSIZE;
-    byte         priv2[CURVE25519_KEYSIZE];
-    unsigned int priv2Sz = CURVE25519_KEYSIZE;
-    byte         pub2[CURVE25519_KEYSIZE];
-    unsigned int pub2Sz = CURVE25519_KEYSIZE;
-    byte         shared[CURVE25519_KEYSIZE];
-    unsigned int sharedSz = CURVE25519_KEYSIZE;
-    byte         shared2[CURVE25519_KEYSIZE];
-    unsigned int shared2Sz = CURVE25519_KEYSIZE;
-
-    /* Bad parameter testing of key generation. */
-    ExpectIntEQ(wolfSSL_EC25519_generate_key(NULL,    NULL, NULL,   NULL), 0);
-    ExpectIntEQ(wolfSSL_EC25519_generate_key(NULL, &privSz, NULL, &pubSz), 0);
-    ExpectIntEQ(wolfSSL_EC25519_generate_key(NULL, &privSz,  pub, &pubSz), 0);
-    ExpectIntEQ(wolfSSL_EC25519_generate_key(priv,    NULL,  pub, &pubSz), 0);
-    ExpectIntEQ(wolfSSL_EC25519_generate_key(priv, &privSz, NULL, &pubSz), 0);
-    ExpectIntEQ(wolfSSL_EC25519_generate_key(priv, &privSz,  pub,   NULL), 0);
-    /*   Bad length */
-    privSz = 1;
-    ExpectIntEQ(wolfSSL_EC25519_generate_key(priv, &privSz, pub, &pubSz), 0);
-    privSz = CURVE25519_KEYSIZE;
-    pubSz = 1;
-    ExpectIntEQ(wolfSSL_EC25519_generate_key(priv, &privSz, pub, &pubSz), 0);
-    pubSz = CURVE25519_KEYSIZE;
-
-    /* Good case of generating key. */
-    ExpectIntEQ(wolfSSL_EC25519_generate_key(priv, &privSz, pub, &pubSz), 1);
-    ExpectIntEQ(wolfSSL_EC25519_generate_key(priv2, &priv2Sz, pub2, &pub2Sz),
-        1);
-    ExpectIntEQ(privSz, CURVE25519_KEYSIZE);
-    ExpectIntEQ(pubSz, CURVE25519_KEYSIZE);
-
-    /* Bad parameter testing of shared key. */
-    ExpectIntEQ(wolfSSL_EC25519_shared_key(  NULL,      NULL, NULL, privSz,
-        NULL,  pubSz), 0);
-    ExpectIntEQ(wolfSSL_EC25519_shared_key(  NULL, &sharedSz, NULL, privSz,
-        NULL, pubSz), 0);
-    ExpectIntEQ(wolfSSL_EC25519_shared_key(  NULL, &sharedSz, priv, privSz,
-         pub, pubSz), 0);
-    ExpectIntEQ(wolfSSL_EC25519_shared_key(shared, &sharedSz, NULL, privSz,
-         pub, pubSz), 0);
-    ExpectIntEQ(wolfSSL_EC25519_shared_key(shared, &sharedSz, priv, privSz,
-        NULL, pubSz), 0);
-    ExpectIntEQ(wolfSSL_EC25519_shared_key(  NULL, &sharedSz, priv, privSz,
-         pub, pubSz), 0);
-    ExpectIntEQ(wolfSSL_EC25519_shared_key(shared,      NULL, priv, privSz,
-         pub, pubSz), 0);
-    ExpectIntEQ(wolfSSL_EC25519_shared_key(shared, &sharedSz, NULL, privSz,
-         pub, pubSz), 0);
-    ExpectIntEQ(wolfSSL_EC25519_shared_key(shared, &sharedSz, priv, privSz,
-        NULL, pubSz), 0);
-    /*   Bad length. */
-    sharedSz = 1;
-    ExpectIntEQ(wolfSSL_EC25519_shared_key(shared, &sharedSz, priv, privSz,
-         pub, pubSz), 0);
-    sharedSz = CURVE25519_KEYSIZE;
-    privSz = 1;
-    ExpectIntEQ(wolfSSL_EC25519_shared_key(shared, &sharedSz, priv, privSz,
-         pub, pubSz), 0);
-    privSz = CURVE25519_KEYSIZE;
-    pubSz = 1;
-    ExpectIntEQ(wolfSSL_EC25519_shared_key(shared, &sharedSz, priv, privSz,
-         pub, pubSz), 0);
-    pubSz = CURVE25519_KEYSIZE;
-
-    /* Good case of shared key. */
-    ExpectIntEQ(wolfSSL_EC25519_shared_key(shared, &sharedSz, priv, privSz,
-        pub2, pub2Sz), 1);
-    ExpectIntEQ(wolfSSL_EC25519_shared_key(shared2, &shared2Sz, priv2, priv2Sz,
-        pub, pubSz), 1);
-    ExpectIntEQ(sharedSz, CURVE25519_KEYSIZE);
-    ExpectIntEQ(shared2Sz, CURVE25519_KEYSIZE);
-    ExpectIntEQ(XMEMCMP(shared, shared2, sharedSz), 0);
-#endif /* HAVE_CURVE25519 && WOLFSSL_KEY_GEN */
-    return EXPECT_RESULT();
-}
-
-static int test_ED25519(void)
-{
-    EXPECT_DECLS;
-#if defined(HAVE_ED25519) && defined(HAVE_ED25519_KEY_EXPORT) && \
-    defined(WOLFSSL_KEY_GEN)
-    byte         priv[ED25519_PRV_KEY_SIZE];
-    unsigned int privSz = (unsigned int)sizeof(priv);
-    byte         pub[ED25519_PUB_KEY_SIZE];
-    unsigned int pubSz = (unsigned int)sizeof(pub);
-#if defined(HAVE_ED25519_SIGN) && defined(HAVE_ED25519_KEY_IMPORT)
-    const char*  msg = TEST_STRING;
-    unsigned int msglen = (unsigned int)TEST_STRING_SZ;
-    byte         sig[ED25519_SIG_SIZE];
-    unsigned int sigSz = (unsigned int)sizeof(sig);
-#endif /* HAVE_ED25519_SIGN && HAVE_ED25519_KEY_IMPORT */
-
-    /* Bad parameter testing of key generation. */
-    ExpectIntEQ(wolfSSL_ED25519_generate_key(NULL,    NULL, NULL,   NULL), 0);
-    ExpectIntEQ(wolfSSL_ED25519_generate_key(priv,    NULL, NULL,   NULL), 0);
-    ExpectIntEQ(wolfSSL_ED25519_generate_key(NULL, &privSz, NULL,   NULL), 0);
-    ExpectIntEQ(wolfSSL_ED25519_generate_key(NULL,    NULL,  pub,   NULL), 0);
-    ExpectIntEQ(wolfSSL_ED25519_generate_key(NULL,    NULL, NULL, &pubSz), 0);
-    ExpectIntEQ(wolfSSL_ED25519_generate_key(NULL, &privSz,  pub, &pubSz), 0);
-    ExpectIntEQ(wolfSSL_ED25519_generate_key(priv,    NULL,  pub, &pubSz), 0);
-    ExpectIntEQ(wolfSSL_ED25519_generate_key(priv, &privSz, NULL, &pubSz), 0);
-    ExpectIntEQ(wolfSSL_ED25519_generate_key(priv, &privSz,  pub,   NULL), 0);
-    /*   Bad length. */
-    privSz = 1;
-    ExpectIntEQ(wolfSSL_ED25519_generate_key(priv, &privSz, pub, &pubSz), 0);
-    privSz = ED25519_PRV_KEY_SIZE;
-    pubSz = 1;
-    ExpectIntEQ(wolfSSL_ED25519_generate_key(priv, &privSz, pub, &pubSz), 0);
-    pubSz = ED25519_PUB_KEY_SIZE;
-
-    /* Good case of generating key. */
-    ExpectIntEQ(wolfSSL_ED25519_generate_key(priv, &privSz, pub, &pubSz),
-        1);
-    ExpectIntEQ(privSz, ED25519_PRV_KEY_SIZE);
-    ExpectIntEQ(pubSz, ED25519_PUB_KEY_SIZE);
-
-#if defined(HAVE_ED25519_SIGN) && defined(HAVE_ED25519_KEY_IMPORT)
-    /* Bad parameter testing of signing. */
-    ExpectIntEQ(wolfSSL_ED25519_sign(      NULL, msglen, NULL, privSz, NULL,
-          NULL), 0);
-    ExpectIntEQ(wolfSSL_ED25519_sign((byte*)msg, msglen, NULL, privSz, NULL,
-          NULL), 0);
-    ExpectIntEQ(wolfSSL_ED25519_sign(      NULL, msglen, priv, privSz, NULL,
-          NULL), 0);
-    ExpectIntEQ(wolfSSL_ED25519_sign(      NULL, msglen, NULL, privSz, sig,
-          NULL), 0);
-    ExpectIntEQ(wolfSSL_ED25519_sign(      NULL, msglen, NULL, privSz, NULL,
-        &sigSz), 0);
-    ExpectIntEQ(wolfSSL_ED25519_sign(      NULL, msglen, priv, privSz,  sig,
-        &sigSz), 0);
-    ExpectIntEQ(wolfSSL_ED25519_sign((byte*)msg, msglen, NULL, privSz,  sig,
-        &sigSz), 0);
-    ExpectIntEQ(wolfSSL_ED25519_sign((byte*)msg, msglen, priv, privSz,  NULL,
-        &sigSz), 0);
-    ExpectIntEQ(wolfSSL_ED25519_sign((byte*)msg, msglen, priv, privSz,  sig,
-          NULL), 0);
-    /*   Bad length. */
-    privSz = 1;
-    ExpectIntEQ(wolfSSL_ED25519_sign((byte*)msg, msglen, priv, privSz, sig,
-        &sigSz), 0);
-    privSz = ED25519_PRV_KEY_SIZE;
-    sigSz = 1;
-    ExpectIntEQ(wolfSSL_ED25519_sign((byte*)msg, msglen, priv, privSz, sig,
-        &sigSz), 0);
-    sigSz = ED25519_SIG_SIZE;
-
-    /* Good case of signing. */
-    ExpectIntEQ(wolfSSL_ED25519_sign((byte*)msg, msglen, priv, privSz, sig,
-        &sigSz), 1);
-    ExpectIntEQ(sigSz, ED25519_SIG_SIZE);
-
-#ifdef HAVE_ED25519_VERIFY
-    /* Bad parameter testing of verification. */
-    ExpectIntEQ(wolfSSL_ED25519_verify(      NULL, msglen, NULL, pubSz, NULL,
-        sigSz), 0);
-    ExpectIntEQ(wolfSSL_ED25519_verify((byte*)msg, msglen, NULL, pubSz, NULL,
-        sigSz), 0);
-    ExpectIntEQ(wolfSSL_ED25519_verify(      NULL, msglen,  pub, pubSz, NULL,
-        sigSz), 0);
-    ExpectIntEQ(wolfSSL_ED25519_verify(      NULL, msglen, NULL, pubSz,  sig,
-        sigSz), 0);
-    ExpectIntEQ(wolfSSL_ED25519_verify(      NULL, msglen,  pub, pubSz,  sig,
-        sigSz), 0);
-    ExpectIntEQ(wolfSSL_ED25519_verify((byte*)msg, msglen, NULL, pubSz,  sig,
-        sigSz), 0);
-    ExpectIntEQ(wolfSSL_ED25519_verify((byte*)msg, msglen,  pub, pubSz, NULL,
-        sigSz), 0);
-    /*   Bad length. */
-    pubSz = 1;
-    ExpectIntEQ(wolfSSL_ED25519_verify((byte*)msg, msglen, pub, pubSz, sig,
-        sigSz), 0);
-    pubSz = ED25519_PUB_KEY_SIZE;
-    sigSz = 1;
-    ExpectIntEQ(wolfSSL_ED25519_verify((byte*)msg, msglen, pub, pubSz, sig,
-        sigSz), 0);
-    sigSz = ED25519_SIG_SIZE;
-
-    /* Good case of verification. */
-    ExpectIntEQ(wolfSSL_ED25519_verify((byte*)msg, msglen, pub, pubSz, sig,
-        sigSz), 1);
-    /* Bad signature. */
-    if (EXPECT_SUCCESS()) {
-        sig[1] ^= 0x80;
-    }
-    ExpectIntEQ(wolfSSL_ED25519_verify((byte*)msg, msglen, pub, pubSz, sig,
-        sigSz), 0);
-#endif /* HAVE_ED25519_VERIFY */
-#endif /* HAVE_ED25519_SIGN && HAVE_ED25519_KEY_IMPORT */
-#endif /* HAVE_ED25519 && HAVE_ED25519_KEY_EXPORT && WOLFSSL_KEY_GEN */
-    return EXPECT_RESULT();
-}
-
-static int test_EC448(void)
-{
-    EXPECT_DECLS;
-#if defined(HAVE_CURVE448) && defined(WOLFSSL_KEY_GEN)
-    byte         priv[CURVE448_KEY_SIZE];
-    unsigned int privSz = CURVE448_KEY_SIZE;
-    byte         pub[CURVE448_KEY_SIZE];
-    unsigned int pubSz = CURVE448_KEY_SIZE;
-    byte         priv2[CURVE448_KEY_SIZE];
-    unsigned int priv2Sz = CURVE448_KEY_SIZE;
-    byte         pub2[CURVE448_KEY_SIZE];
-    unsigned int pub2Sz = CURVE448_KEY_SIZE;
-    byte         shared[CURVE448_KEY_SIZE];
-    unsigned int sharedSz = CURVE448_KEY_SIZE;
-    byte         shared2[CURVE448_KEY_SIZE];
-    unsigned int shared2Sz = CURVE448_KEY_SIZE;
-
-    /* Bad parameter testing of key generation. */
-    ExpectIntEQ(wolfSSL_EC448_generate_key(NULL,    NULL, NULL,   NULL), 0);
-    ExpectIntEQ(wolfSSL_EC448_generate_key(NULL, &privSz, NULL, &pubSz), 0);
-    ExpectIntEQ(wolfSSL_EC448_generate_key(NULL, &privSz,  pub, &pubSz), 0);
-    ExpectIntEQ(wolfSSL_EC448_generate_key(priv,    NULL,  pub, &pubSz), 0);
-    ExpectIntEQ(wolfSSL_EC448_generate_key(priv, &privSz, NULL, &pubSz), 0);
-    ExpectIntEQ(wolfSSL_EC448_generate_key(priv, &privSz,  pub,   NULL), 0);
-    /*   Bad length. */
-    privSz = 1;
-    ExpectIntEQ(wolfSSL_EC448_generate_key(priv, &privSz, pub, &pubSz), 0);
-    privSz = CURVE448_KEY_SIZE;
-    pubSz = 1;
-    ExpectIntEQ(wolfSSL_EC448_generate_key(priv, &privSz, pub, &pubSz), 0);
-    pubSz = CURVE448_KEY_SIZE;
-
-    /* Good case of generating key. */
-    ExpectIntEQ(wolfSSL_EC448_generate_key(priv, &privSz, pub, &pubSz), 1);
-    ExpectIntEQ(wolfSSL_EC448_generate_key(priv2, &priv2Sz, pub2, &pub2Sz), 1);
-    ExpectIntEQ(privSz, CURVE448_KEY_SIZE);
-    ExpectIntEQ(pubSz, CURVE448_KEY_SIZE);
-
-    /* Bad parameter testing of shared key. */
-    ExpectIntEQ(wolfSSL_EC448_shared_key(  NULL,      NULL, NULL, privSz,
-        NULL,  pubSz), 0);
-    ExpectIntEQ(wolfSSL_EC448_shared_key(  NULL, &sharedSz, NULL, privSz,
-        NULL, pubSz), 0);
-    ExpectIntEQ(wolfSSL_EC448_shared_key(  NULL, &sharedSz, priv, privSz,
-         pub, pubSz), 0);
-    ExpectIntEQ(wolfSSL_EC448_shared_key(shared, &sharedSz, NULL, privSz,
-         pub, pubSz), 0);
-    ExpectIntEQ(wolfSSL_EC448_shared_key(shared, &sharedSz, priv, privSz,
-        NULL, pubSz), 0);
-    ExpectIntEQ(wolfSSL_EC448_shared_key(  NULL, &sharedSz, priv, privSz,
-         pub, pubSz), 0);
-    ExpectIntEQ(wolfSSL_EC448_shared_key(shared,      NULL, priv, privSz,
-         pub, pubSz), 0);
-    ExpectIntEQ(wolfSSL_EC448_shared_key(shared, &sharedSz, NULL, privSz,
-         pub, pubSz), 0);
-    ExpectIntEQ(wolfSSL_EC448_shared_key(shared, &sharedSz, priv, privSz,
-        NULL, pubSz), 0);
-    /*   Bad length. */
-    sharedSz = 1;
-    ExpectIntEQ(wolfSSL_EC448_shared_key(shared, &sharedSz, priv, privSz,
-         pub, pubSz), 0);
-    sharedSz = CURVE448_KEY_SIZE;
-    privSz = 1;
-    ExpectIntEQ(wolfSSL_EC448_shared_key(shared, &sharedSz, priv, privSz,
-         pub, pubSz), 0);
-    privSz = CURVE448_KEY_SIZE;
-    pubSz = 1;
-    ExpectIntEQ(wolfSSL_EC448_shared_key(shared, &sharedSz, priv, privSz,
-         pub, pubSz), 0);
-    pubSz = CURVE448_KEY_SIZE;
-
-    /* Good case of shared key. */
-    ExpectIntEQ(wolfSSL_EC448_shared_key(shared, &sharedSz, priv, privSz,
-        pub2, pub2Sz), 1);
-    ExpectIntEQ(wolfSSL_EC448_shared_key(shared2, &shared2Sz, priv2, priv2Sz,
-        pub, pubSz), 1);
-    ExpectIntEQ(sharedSz, CURVE448_KEY_SIZE);
-    ExpectIntEQ(shared2Sz, CURVE448_KEY_SIZE);
-    ExpectIntEQ(XMEMCMP(shared, shared2, sharedSz), 0);
-#endif /* HAVE_CURVE448 && WOLFSSL_KEY_GEN */
-    return EXPECT_RESULT();
-}
-
-static int test_ED448(void)
-{
-    EXPECT_DECLS;
-#if defined(HAVE_ED448) && defined(HAVE_ED448_KEY_EXPORT) && \
-    defined(WOLFSSL_KEY_GEN)
-    byte         priv[ED448_PRV_KEY_SIZE];
-    unsigned int privSz = (unsigned int)sizeof(priv);
-    byte         pub[ED448_PUB_KEY_SIZE];
-    unsigned int pubSz = (unsigned int)sizeof(pub);
-#if defined(HAVE_ED448_SIGN) && defined(HAVE_ED448_KEY_IMPORT)
-    const char*  msg = TEST_STRING;
-    unsigned int msglen = (unsigned int)TEST_STRING_SZ;
-    byte         sig[ED448_SIG_SIZE];
-    unsigned int sigSz = (unsigned int)sizeof(sig);
-#endif /* HAVE_ED448_SIGN && HAVE_ED448_KEY_IMPORT */
-
-    /* Bad parameter testing of key generation. */
-    ExpectIntEQ(wolfSSL_ED448_generate_key(NULL,    NULL, NULL,   NULL), 0);
-    ExpectIntEQ(wolfSSL_ED448_generate_key(priv,    NULL, NULL,   NULL), 0);
-    ExpectIntEQ(wolfSSL_ED448_generate_key(NULL, &privSz, NULL,   NULL), 0);
-    ExpectIntEQ(wolfSSL_ED448_generate_key(NULL,    NULL,  pub,   NULL), 0);
-    ExpectIntEQ(wolfSSL_ED448_generate_key(NULL,    NULL, NULL, &pubSz), 0);
-    ExpectIntEQ(wolfSSL_ED448_generate_key(NULL, &privSz,  pub, &pubSz), 0);
-    ExpectIntEQ(wolfSSL_ED448_generate_key(priv,    NULL,  pub, &pubSz), 0);
-    ExpectIntEQ(wolfSSL_ED448_generate_key(priv, &privSz, NULL, &pubSz), 0);
-    ExpectIntEQ(wolfSSL_ED448_generate_key(priv, &privSz,  pub,   NULL), 0);
-    /*   Bad length. */
-    privSz = 1;
-    ExpectIntEQ(wolfSSL_ED448_generate_key(priv, &privSz, pub, &pubSz), 0);
-    privSz = ED448_PRV_KEY_SIZE;
-    pubSz = 1;
-    ExpectIntEQ(wolfSSL_ED448_generate_key(priv, &privSz, pub, &pubSz), 0);
-    pubSz = ED448_PUB_KEY_SIZE;
-
-    /* Good case of generating key. */
-    ExpectIntEQ(wolfSSL_ED448_generate_key(priv, &privSz, pub, &pubSz), 1);
-    ExpectIntEQ(privSz, ED448_PRV_KEY_SIZE);
-    ExpectIntEQ(pubSz, ED448_PUB_KEY_SIZE);
-
-#if defined(HAVE_ED448_SIGN) && defined(HAVE_ED448_KEY_IMPORT)
-    /* Bad parameter testing of signing. */
-    ExpectIntEQ(wolfSSL_ED448_sign(      NULL, msglen, NULL, privSz, NULL,
-          NULL), 0);
-    ExpectIntEQ(wolfSSL_ED448_sign((byte*)msg, msglen, NULL, privSz, NULL,
-          NULL), 0);
-    ExpectIntEQ(wolfSSL_ED448_sign(      NULL, msglen, priv, privSz, NULL,
-          NULL), 0);
-    ExpectIntEQ(wolfSSL_ED448_sign(      NULL, msglen, NULL, privSz, sig,
-          NULL), 0);
-    ExpectIntEQ(wolfSSL_ED448_sign(      NULL, msglen, NULL, privSz, NULL,
-        &sigSz), 0);
-    ExpectIntEQ(wolfSSL_ED448_sign(      NULL, msglen, priv, privSz,  sig,
-        &sigSz), 0);
-    ExpectIntEQ(wolfSSL_ED448_sign((byte*)msg, msglen, NULL, privSz,  sig,
-        &sigSz), 0);
-    ExpectIntEQ(wolfSSL_ED448_sign((byte*)msg, msglen, priv, privSz,  NULL,
-        &sigSz), 0);
-    ExpectIntEQ(wolfSSL_ED448_sign((byte*)msg, msglen, priv, privSz,  sig,
-          NULL), 0);
-    /*   Bad length. */
-    privSz = 1;
-    ExpectIntEQ(wolfSSL_ED448_sign((byte*)msg, msglen, priv, privSz, sig,
-        &sigSz), 0);
-    privSz = ED448_PRV_KEY_SIZE;
-    sigSz = 1;
-    ExpectIntEQ(wolfSSL_ED448_sign((byte*)msg, msglen, priv, privSz, sig,
-        &sigSz), 0);
-    sigSz = ED448_SIG_SIZE;
-
-    /* Good case of signing. */
-    ExpectIntEQ(wolfSSL_ED448_sign((byte*)msg, msglen, priv, privSz, sig,
-        &sigSz), 1);
-    ExpectIntEQ(sigSz, ED448_SIG_SIZE);
-
-#ifdef HAVE_ED448_VERIFY
-   /* Bad parameter testing of verification. */
-    ExpectIntEQ(wolfSSL_ED448_verify(      NULL, msglen, NULL, pubSz, NULL,
-        sigSz), 0);
-    ExpectIntEQ(wolfSSL_ED448_verify((byte*)msg, msglen, NULL, pubSz, NULL,
-        sigSz), 0);
-    ExpectIntEQ(wolfSSL_ED448_verify(      NULL, msglen,  pub, pubSz, NULL,
-        sigSz), 0);
-    ExpectIntEQ(wolfSSL_ED448_verify(      NULL, msglen, NULL, pubSz,  sig,
-        sigSz), 0);
-    ExpectIntEQ(wolfSSL_ED448_verify(      NULL, msglen,  pub, pubSz,  sig,
-        sigSz), 0);
-    ExpectIntEQ(wolfSSL_ED448_verify((byte*)msg, msglen, NULL, pubSz,  sig,
-        sigSz), 0);
-    ExpectIntEQ(wolfSSL_ED448_verify((byte*)msg, msglen,  pub, pubSz, NULL,
-        sigSz), 0);
-    /*   Bad length. */
-    pubSz = 1;
-    ExpectIntEQ(wolfSSL_ED448_verify((byte*)msg, msglen, pub, pubSz, sig,
-        sigSz), 0);
-    pubSz = ED448_PUB_KEY_SIZE;
-    sigSz = 1;
-    ExpectIntEQ(wolfSSL_ED448_verify((byte*)msg, msglen, pub, pubSz, sig,
-        sigSz), 0);
-    sigSz = ED448_SIG_SIZE;
-
-    /* Good case of verification. */
-    ExpectIntEQ(wolfSSL_ED448_verify((byte*)msg, msglen, pub, pubSz, sig,
-        sigSz), 1);
-    /* Bad signature. */
-    if (EXPECT_SUCCESS()) {
-        sig[1] ^= 0x80;
-    }
-    ExpectIntEQ(wolfSSL_ED448_verify((byte*)msg, msglen, pub, pubSz, sig,
-        sigSz), 0);
-#endif /* HAVE_ED448_VERIFY */
-#endif /* HAVE_ED448_SIGN && HAVE_ED448_KEY_IMPORT */
-#endif /* HAVE_ED448 && HAVE_ED448_KEY_EXPORT && WOLFSSL_KEY_GEN */
-    return EXPECT_RESULT();
-}
-#endif /* OPENSSL_EXTRA */
-
 #include <wolfssl/openssl/pem.h>
 /*----------------------------------------------------------------------------*
  | EVP
@@ -7879,14 +7544,14 @@ int test_ssl_memio_setup(test_ssl_memio_ctx *ctx)
         ExpectIntEQ(wolfSSL_CTX_use_certificate_chain_file(ctx->c_ctx,
             clientCertFile), WOLFSSL_SUCCESS);
         ExpectIntEQ(wolfSSL_CTX_use_PrivateKey_file(ctx->c_ctx, clientKeyFile,
-            WOLFSSL_FILETYPE_PEM), WOLFSSL_SUCCESS);
+            CERT_FILETYPE), WOLFSSL_SUCCESS);
     }
 #ifdef HAVE_CRL
     if (ctx->c_cb.crlPemFile != NULL) {
         ExpectIntEQ(wolfSSL_CTX_EnableCRL(ctx->c_ctx, WOLFSSL_CRL_CHECKALL),
             WOLFSSL_SUCCESS);
         ExpectIntEQ(wolfSSL_CTX_LoadCRLFile(ctx->c_ctx, ctx->c_cb.crlPemFile,
-            WOLFSSL_FILETYPE_PEM), WOLFSSL_SUCCESS);
+            CERT_FILETYPE), WOLFSSL_SUCCESS);
     }
 #endif
     if (ctx->c_ciphers != NULL) {
@@ -7962,7 +7627,7 @@ int test_ssl_memio_setup(test_ssl_memio_ctx *ctx)
 #endif
     {
         ExpectIntEQ(wolfSSL_CTX_use_PrivateKey_file(ctx->s_ctx, serverKeyFile,
-            WOLFSSL_FILETYPE_PEM), WOLFSSL_SUCCESS);
+            CERT_FILETYPE), WOLFSSL_SUCCESS);
     }
     if (ctx->s_ciphers != NULL) {
         ExpectIntEQ(wolfSSL_CTX_set_cipher_list(ctx->s_ctx, ctx->s_ciphers),
@@ -7988,7 +7653,7 @@ int test_ssl_memio_setup(test_ssl_memio_ctx *ctx)
         ExpectIntEQ(wolfSSL_use_certificate_chain_file(ctx->c_ssl,
                 clientCertFile), WOLFSSL_SUCCESS);
         ExpectIntEQ(wolfSSL_use_PrivateKey_file(ctx->c_ssl, clientKeyFile,
-            WOLFSSL_FILETYPE_PEM), WOLFSSL_SUCCESS);
+            CERT_FILETYPE), WOLFSSL_SUCCESS);
     }
     if (ctx->c_cb.ssl_ready != NULL) {
         ExpectIntEQ(ctx->c_cb.ssl_ready(ctx->c_ssl), TEST_SUCCESS);
@@ -8009,10 +7674,10 @@ int test_ssl_memio_setup(test_ssl_memio_ctx *ctx)
         ExpectIntEQ(wolfSSL_use_certificate_chain_file(ctx->s_ssl,
                 serverCertFile), WOLFSSL_SUCCESS);
         ExpectIntEQ(wolfSSL_use_PrivateKey_file(ctx->s_ssl, serverKeyFile,
-            WOLFSSL_FILETYPE_PEM), WOLFSSL_SUCCESS);
+            CERT_FILETYPE), WOLFSSL_SUCCESS);
     }
 #if !defined(NO_FILESYSTEM) && !defined(NO_DH)
-    wolfSSL_SetTmpDH_file(ctx->s_ssl, dhParamFile, WOLFSSL_FILETYPE_PEM);
+    wolfSSL_SetTmpDH_file(ctx->s_ssl, dhParamFile, CERT_FILETYPE);
 #elif !defined(NO_DH)
     /* will repick suites with DHE, higher priority than PSK */
     SetDH(ctx->s_ssl);
@@ -8359,7 +8024,7 @@ static int nonblocking_accept_read(void* args, WOLFSSL* ssl, SOCKET_T* sockfd)
 }
 #endif /* WOLFSSL_SESSION_EXPORT */
 
-static THREAD_RETURN WOLFSSL_THREAD test_server_nofail(void* args)
+THREAD_RETURN WOLFSSL_THREAD test_server_nofail(void* args)
 {
     SOCKET_T sockfd = 0;
     SOCKET_T clientfd = 0;
@@ -8476,10 +8141,10 @@ static THREAD_RETURN WOLFSSL_THREAD test_server_nofail(void* args)
         certFile = cbf->certPemFile;
 #if defined(OPENSSL_EXTRA) || defined(WOLFSSL_EITHER_SIDE)
     if (!sharedCtx && wolfSSL_CTX_use_certificate_file(ctx, certFile,
-                                     WOLFSSL_FILETYPE_PEM) != WOLFSSL_SUCCESS) {
+                                     CERT_FILETYPE) != WOLFSSL_SUCCESS) {
 #else
     if (wolfSSL_CTX_use_certificate_file(ctx, certFile,
-                                     WOLFSSL_FILETYPE_PEM) != WOLFSSL_SUCCESS) {
+                                     CERT_FILETYPE) != WOLFSSL_SUCCESS) {
 #endif
         /*err_sys("can't load server cert chain file, "
                 "Please run from wolfSSL home dir");*/
@@ -8490,10 +8155,10 @@ static THREAD_RETURN WOLFSSL_THREAD test_server_nofail(void* args)
         keyFile = cbf->keyPemFile;
 #if defined(OPENSSL_EXTRA) || defined(WOLFSSL_EITHER_SIDE)
     if (!sharedCtx && wolfSSL_CTX_use_PrivateKey_file(ctx, keyFile,
-                                     WOLFSSL_FILETYPE_PEM) != WOLFSSL_SUCCESS) {
+                                     CERT_FILETYPE) != WOLFSSL_SUCCESS) {
 #else
     if (wolfSSL_CTX_use_PrivateKey_file(ctx, keyFile,
-                                     WOLFSSL_FILETYPE_PEM) != WOLFSSL_SUCCESS) {
+                                     CERT_FILETYPE) != WOLFSSL_SUCCESS) {
 #endif
         /*err_sys("can't load server key file, "
                 "Please run from wolfSSL home dir");*/
@@ -8504,7 +8169,7 @@ static THREAD_RETURN WOLFSSL_THREAD test_server_nofail(void* args)
     if (cbf != NULL && cbf->crlPemFile != NULL) {
         if (wolfSSL_CTX_EnableCRL(ctx, WOLFSSL_CRL_CHECKALL) != WOLFSSL_SUCCESS)
             goto done;
-        if (wolfSSL_CTX_LoadCRLFile(ctx, cbf->crlPemFile, WOLFSSL_FILETYPE_PEM)
+        if (wolfSSL_CTX_LoadCRLFile(ctx, cbf->crlPemFile, CERT_FILETYPE)
                 != WOLFSSL_SUCCESS)
             goto done;
     }
@@ -8536,10 +8201,10 @@ static THREAD_RETURN WOLFSSL_THREAD test_server_nofail(void* args)
 #endif
 #if defined(OPENSSL_EXTRA) || defined(WOLFSSL_EITHER_SIDE)
     if (sharedCtx && wolfSSL_use_certificate_file(ssl, certFile,
-                                     WOLFSSL_FILETYPE_PEM) != WOLFSSL_SUCCESS) {
+                                     CERT_FILETYPE) != WOLFSSL_SUCCESS) {
 #else
     if (wolfSSL_use_certificate_file(ssl, certFile,
-                                     WOLFSSL_FILETYPE_PEM) != WOLFSSL_SUCCESS) {
+                                     CERT_FILETYPE) != WOLFSSL_SUCCESS) {
 #endif
         /*err_sys("can't load server cert chain file, "
                 "Please run from wolfSSL home dir");*/
@@ -8547,10 +8212,10 @@ static THREAD_RETURN WOLFSSL_THREAD test_server_nofail(void* args)
     }
 #if defined(OPENSSL_EXTRA) || defined(WOLFSSL_EITHER_SIDE)
     if (sharedCtx && wolfSSL_use_PrivateKey_file(ssl, keyFile,
-                                     WOLFSSL_FILETYPE_PEM) != WOLFSSL_SUCCESS) {
+                                     CERT_FILETYPE) != WOLFSSL_SUCCESS) {
 #else
     if (wolfSSL_use_PrivateKey_file(ssl, keyFile,
-                                     WOLFSSL_FILETYPE_PEM) != WOLFSSL_SUCCESS) {
+                                     CERT_FILETYPE) != WOLFSSL_SUCCESS) {
 #endif
         /*err_sys("can't load server key file, "
                 "Please run from wolfSSL home dir");*/
@@ -8563,7 +8228,7 @@ static THREAD_RETURN WOLFSSL_THREAD test_server_nofail(void* args)
     }
 
 #if !defined(NO_FILESYSTEM) && !defined(NO_DH)
-    wolfSSL_SetTmpDH_file(ssl, dhParamFile, WOLFSSL_FILETYPE_PEM);
+    wolfSSL_SetTmpDH_file(ssl, dhParamFile, CERT_FILETYPE);
 #elif !defined(NO_DH)
     SetDH(ssl);  /* will repick suites with DHE, higher priority than PSK */
 #endif
@@ -8587,19 +8252,8 @@ static THREAD_RETURN WOLFSSL_THREAD test_server_nofail(void* args)
     }
 #endif
 
-    #ifdef WOLFSSL_ASYNC_CRYPT
-    err = 0; /* Reset error */
-    #endif
-    do {
-    #ifdef WOLFSSL_ASYNC_CRYPT
-        if (err == WC_NO_ERR_TRACE(WC_PENDING_E)) {
-            ret = wolfSSL_AsyncPoll(ssl, WOLF_POLL_FLAG_CHECK_HW);
-            if (ret < 0) { break; } else if (ret == 0) { continue; }
-        }
-    #endif
-        ret = wolfSSL_negotiate(ssl);
-        err = wolfSSL_get_error(ssl, 0);
-    } while (err == WC_NO_ERR_TRACE(WC_PENDING_E));
+    WOLFSSL_ASYNC_WHILE_PENDING(ret = wolfSSL_negotiate(ssl),
+                                ret != WOLFSSL_SUCCESS);
     if (ret != WOLFSSL_SUCCESS) {
         char buff[WOLFSSL_MAX_ERROR_SZ];
         fprintf(stderr, "error = %d, %s\n", err,
@@ -8751,7 +8405,7 @@ static THREAD_RETURN WOLFSSL_THREAD test_server_loop(void* args)
         goto done;
     }
     if (!sharedCtx && wolfSSL_CTX_use_certificate_file(ctx, svrCertFile,
-                                     WOLFSSL_FILETYPE_PEM) != WOLFSSL_SUCCESS) {
+                                     CERT_FILETYPE) != WOLFSSL_SUCCESS) {
         /*err_sys("can't load server cert chain file, "
                 "Please run from wolfSSL home dir");*/
         /* Release the wait for TCP ready. */
@@ -8759,7 +8413,7 @@ static THREAD_RETURN WOLFSSL_THREAD test_server_loop(void* args)
         goto done;
     }
     if (!sharedCtx && wolfSSL_CTX_use_PrivateKey_file(ctx, svrKeyFile,
-                                     WOLFSSL_FILETYPE_PEM) != WOLFSSL_SUCCESS) {
+                                     CERT_FILETYPE) != WOLFSSL_SUCCESS) {
         /*err_sys("can't load server key file, "
                 "Please run from wolfSSL home dir");*/
         /* Release the wait for TCP ready. */
@@ -8778,7 +8432,7 @@ static THREAD_RETURN WOLFSSL_THREAD test_server_loop(void* args)
             goto done;
         }
         if (sharedCtx && wolfSSL_use_certificate_file(ssl, svrCertFile,
-                                     WOLFSSL_FILETYPE_PEM) != WOLFSSL_SUCCESS) {
+                                     CERT_FILETYPE) != WOLFSSL_SUCCESS) {
             /*err_sys("can't load server cert chain file, "
                     "Please run from wolfSSL home dir");*/
             /* Release the wait for TCP ready. */
@@ -8786,7 +8440,7 @@ static THREAD_RETURN WOLFSSL_THREAD test_server_loop(void* args)
             goto done;
         }
         if (sharedCtx && wolfSSL_use_PrivateKey_file(ssl, svrKeyFile,
-                                     WOLFSSL_FILETYPE_PEM) != WOLFSSL_SUCCESS) {
+                                     CERT_FILETYPE) != WOLFSSL_SUCCESS) {
             /*err_sys("can't load server key file, "
                     "Please run from wolfSSL home dir");*/
             /* Release the wait for TCP ready. */
@@ -8795,7 +8449,7 @@ static THREAD_RETURN WOLFSSL_THREAD test_server_loop(void* args)
         }
 
 #if !defined(NO_FILESYSTEM) && !defined(NO_DH)
-        wolfSSL_SetTmpDH_file(ssl, dhParamFile, WOLFSSL_FILETYPE_PEM);
+        wolfSSL_SetTmpDH_file(ssl, dhParamFile, CERT_FILETYPE);
 #elif !defined(NO_DH)
         SetDH(ssl);  /* will repick suites with DHE, higher priority than PSK */
 #endif
@@ -8812,19 +8466,8 @@ static THREAD_RETURN WOLFSSL_THREAD test_server_loop(void* args)
             goto done;
         }
 
-        #ifdef WOLFSSL_ASYNC_CRYPT
-        err = 0; /* Reset error */
-        #endif
-        do {
-        #ifdef WOLFSSL_ASYNC_CRYPT
-            if (err == WC_NO_ERR_TRACE(WC_PENDING_E)) {
-                ret = wolfSSL_AsyncPoll(ssl, WOLF_POLL_FLAG_CHECK_HW);
-                if (ret < 0) { break; } else if (ret == 0) { continue; }
-            }
-        #endif
-            ret = wolfSSL_accept(ssl);
-            err = wolfSSL_get_error(ssl, 0);
-        } while (err == WC_NO_ERR_TRACE(WC_PENDING_E));
+        WOLFSSL_ASYNC_WHILE_PENDING(ret = wolfSSL_accept(ssl),
+                                    ret != WOLFSSL_SUCCESS);
         if (ret != WOLFSSL_SUCCESS) {
             char buff[WOLFSSL_MAX_ERROR_SZ];
             fprintf(stderr, "error = %d, %s\n", err,
@@ -8881,7 +8524,7 @@ done:
 }
 #endif /* defined(OPENSSL_EXTRA) && !defined(NO_SESSION_CACHE) && !defined(WOLFSSL_TLS13) */
 
-static int test_client_nofail(void* args, cbType cb)
+int test_client_nofail(void* args, cbType cb)
 {
 #if !defined(NO_WOLFSSL_CLIENT)
     SOCKET_T sockfd = 0;
@@ -8949,10 +8592,10 @@ static int test_client_nofail(void* args, cbType cb)
     }
 #if defined(OPENSSL_EXTRA) || defined(WOLFSSL_EITHER_SIDE)
     if (!sharedCtx && wolfSSL_CTX_use_certificate_file(ctx, cliCertFile,
-                                     WOLFSSL_FILETYPE_PEM) != WOLFSSL_SUCCESS) {
+                                     CERT_FILETYPE) != WOLFSSL_SUCCESS) {
 #else
     if (wolfSSL_CTX_use_certificate_file(ctx, cliCertFile,
-                                     WOLFSSL_FILETYPE_PEM) != WOLFSSL_SUCCESS) {
+                                     CERT_FILETYPE) != WOLFSSL_SUCCESS) {
 #endif
         /*err_sys("can't load client cert file, "
                 "Please run from wolfSSL home dir");*/
@@ -8960,10 +8603,10 @@ static int test_client_nofail(void* args, cbType cb)
     }
 #if defined(OPENSSL_EXTRA) || defined(WOLFSSL_EITHER_SIDE)
     if (!sharedCtx && wolfSSL_CTX_use_PrivateKey_file(ctx, cliKeyFile,
-                                     WOLFSSL_FILETYPE_PEM) != WOLFSSL_SUCCESS) {
+                                     CERT_FILETYPE) != WOLFSSL_SUCCESS) {
 #else
     if (wolfSSL_CTX_use_PrivateKey_file(ctx, cliKeyFile,
-                                     WOLFSSL_FILETYPE_PEM) != WOLFSSL_SUCCESS) {
+                                     CERT_FILETYPE) != WOLFSSL_SUCCESS) {
 #endif
 
         /*err_sys("can't load client key file, "
@@ -8982,7 +8625,7 @@ static int test_client_nofail(void* args, cbType cb)
     if (cbf != NULL && cbf->crlPemFile != NULL) {
         if (wolfSSL_CTX_EnableCRL(ctx, WOLFSSL_CRL_CHECKALL) != WOLFSSL_SUCCESS)
             goto done;
-        if (wolfSSL_CTX_LoadCRLFile(ctx, cbf->crlPemFile, WOLFSSL_FILETYPE_PEM)
+        if (wolfSSL_CTX_LoadCRLFile(ctx, cbf->crlPemFile, CERT_FILETYPE)
                 != WOLFSSL_SUCCESS)
             goto done;
     }
@@ -8999,10 +8642,10 @@ static int test_client_nofail(void* args, cbType cb)
     }
 #if defined(OPENSSL_EXTRA) || defined(WOLFSSL_EITHER_SIDE)
     if (sharedCtx && wolfSSL_use_certificate_file(ssl, cliCertFile,
-                                     WOLFSSL_FILETYPE_PEM) != WOLFSSL_SUCCESS) {
+                                     CERT_FILETYPE) != WOLFSSL_SUCCESS) {
 #else
     if (wolfSSL_use_certificate_file(ssl, cliCertFile,
-                                     WOLFSSL_FILETYPE_PEM) != WOLFSSL_SUCCESS) {
+                                     CERT_FILETYPE) != WOLFSSL_SUCCESS) {
 #endif
         /*err_sys("can't load client cert file, "
                 "Please run from wolfSSL home dir");*/
@@ -9010,10 +8653,10 @@ static int test_client_nofail(void* args, cbType cb)
     }
 #if defined(OPENSSL_EXTRA) || defined(WOLFSSL_EITHER_SIDE)
     if (sharedCtx && wolfSSL_use_PrivateKey_file(ssl, cliKeyFile,
-                                     WOLFSSL_FILETYPE_PEM) != WOLFSSL_SUCCESS) {
+                                     CERT_FILETYPE) != WOLFSSL_SUCCESS) {
 #else
     if (wolfSSL_use_PrivateKey_file(ssl, cliKeyFile,
-                                     WOLFSSL_FILETYPE_PEM) != WOLFSSL_SUCCESS) {
+                                     CERT_FILETYPE) != WOLFSSL_SUCCESS) {
 #endif
         /*err_sys("can't load client key file, "
                 "Please run from wolfSSL home dir");*/
@@ -9049,19 +8692,8 @@ static int test_client_nofail(void* args, cbType cb)
         cbf->ssl_ready(ssl);
     }
 
-    #ifdef WOLFSSL_ASYNC_CRYPT
-    err = 0; /* Reset error */
-    #endif
-    do {
-    #ifdef WOLFSSL_ASYNC_CRYPT
-        if (err == WC_NO_ERR_TRACE(WC_PENDING_E)) {
-            ret = wolfSSL_AsyncPoll(ssl, WOLF_POLL_FLAG_CHECK_HW);
-            if (ret < 0) { break; } else if (ret == 0) { continue; }
-        }
-    #endif
-        ret = wolfSSL_negotiate(ssl);
-        err = wolfSSL_get_error(ssl, 0);
-    } while (err == WC_NO_ERR_TRACE(WC_PENDING_E));
+    WOLFSSL_ASYNC_WHILE_PENDING(ret = wolfSSL_negotiate(ssl),
+                                ret != WOLFSSL_SUCCESS);
     if (ret != WOLFSSL_SUCCESS) {
         char buff[WOLFSSL_MAX_ERROR_SZ];
         fprintf(stderr, "error = %d, %s\n", err,
@@ -9300,19 +8932,8 @@ static void test_client_reuse_WOLFSSLobj(void* args, cbType cb,
         cbf->ssl_ready(ssl);
     }
 
-    #ifdef WOLFSSL_ASYNC_CRYPT
-    err = 0; /* Reset error */
-    #endif
-    do {
-    #ifdef WOLFSSL_ASYNC_CRYPT
-        if (err == WC_NO_ERR_TRACE(WC_PENDING_E)) {
-            ret = wolfSSL_AsyncPoll(ssl, WOLF_POLL_FLAG_CHECK_HW);
-            if (ret < 0) { break; } else if (ret == 0) { continue; }
-        }
-    #endif
-        ret = wolfSSL_connect(ssl);
-        err = wolfSSL_get_error(ssl, 0);
-    } while (err == WC_NO_ERR_TRACE(WC_PENDING_E));
+    WOLFSSL_ASYNC_WHILE_PENDING(ret = wolfSSL_connect(ssl),
+                                ret != WOLFSSL_SUCCESS);
     if (ret != WOLFSSL_SUCCESS) {
         char buff[WOLFSSL_MAX_ERROR_SZ];
         fprintf(stderr, "error = %d, %s\n", err,
@@ -9364,19 +8985,8 @@ static void test_client_reuse_WOLFSSLobj(void* args, cbType cb,
         goto done;
     }
 
-    #ifdef WOLFSSL_ASYNC_CRYPT
-    err = 0; /* Reset error */
-    #endif
-    do {
-    #ifdef WOLFSSL_ASYNC_CRYPT
-        if (err == WC_NO_ERR_TRACE(WC_PENDING_E)) {
-            ret = wolfSSL_AsyncPoll(ssl, WOLF_POLL_FLAG_CHECK_HW);
-            if (ret < 0) { break; } else if (ret == 0) { continue; }
-        }
-    #endif
-        ret = wolfSSL_connect(ssl);
-        err = wolfSSL_get_error(ssl, 0);
-    } while (err == WC_NO_ERR_TRACE(WC_PENDING_E));
+    WOLFSSL_ASYNC_WHILE_PENDING(ret = wolfSSL_connect(ssl),
+                                ret != WOLFSSL_SUCCESS);
     if (ret != WOLFSSL_SUCCESS) {
         char buff[WOLFSSL_MAX_ERROR_SZ];
         fprintf(stderr, "error = %d, %s\n", err,
@@ -9548,19 +9158,19 @@ static THREAD_RETURN WOLFSSL_THREAD run_wolfssl_server(void* args)
     }
 
     if (wolfSSL_CTX_use_certificate_file(ctx, callbacks->certPemFile,
-            WOLFSSL_FILETYPE_PEM) != WOLFSSL_SUCCESS) {
+            CERT_FILETYPE) != WOLFSSL_SUCCESS) {
         goto cleanup;
     }
 
     if (wolfSSL_CTX_use_PrivateKey_file(ctx, callbacks->keyPemFile,
-            WOLFSSL_FILETYPE_PEM) != WOLFSSL_SUCCESS) {
+            CERT_FILETYPE) != WOLFSSL_SUCCESS) {
         goto cleanup;
     }
 
 #ifdef HAVE_CRL
     if (callbacks->crlPemFile != NULL) {
         if (wolfSSL_CTX_LoadCRLFile(ctx, callbacks->crlPemFile,
-                WOLFSSL_FILETYPE_PEM) != WOLFSSL_SUCCESS) {
+                CERT_FILETYPE) != WOLFSSL_SUCCESS) {
             goto cleanup;
         }
     }
@@ -9598,19 +9208,19 @@ static THREAD_RETURN WOLFSSL_THREAD run_wolfssl_server(void* args)
         wolfSSL_SetDevId(ssl, callbacks->devId);
 
         if (wolfSSL_use_certificate_file(ssl, callbacks->certPemFile,
-                WOLFSSL_FILETYPE_PEM) != WOLFSSL_SUCCESS) {
+                CERT_FILETYPE) != WOLFSSL_SUCCESS) {
             goto cleanup;
         }
 
         if (wolfSSL_use_PrivateKey_file(ssl, callbacks->keyPemFile,
-                WOLFSSL_FILETYPE_PEM) != WOLFSSL_SUCCESS) {
+                CERT_FILETYPE) != WOLFSSL_SUCCESS) {
             goto cleanup;
         }
     }
 
 #ifdef NO_PSK
     #if !defined(NO_FILESYSTEM) && !defined(NO_DH)
-        wolfSSL_SetTmpDH_file(ssl, dhParamFile, WOLFSSL_FILETYPE_PEM);
+        wolfSSL_SetTmpDH_file(ssl, dhParamFile, CERT_FILETYPE);
     #elif !defined(NO_DH)
         SetDH(ssl);  /* will repick suites with DHE, higher priority than PSK */
     #endif
@@ -9619,19 +9229,8 @@ static THREAD_RETURN WOLFSSL_THREAD run_wolfssl_server(void* args)
     if (callbacks->ssl_ready)
         callbacks->ssl_ready(ssl);
 
-#ifdef WOLFSSL_ASYNC_CRYPT
-    err = 0; /* Reset error */
-#endif
-    do {
-    #ifdef WOLFSSL_ASYNC_CRYPT
-        if (err == WC_NO_ERR_TRACE(WC_PENDING_E)) {
-            ret = wolfSSL_AsyncPoll(ssl, WOLF_POLL_FLAG_CHECK_HW);
-            if (ret < 0) { break; } else if (ret == 0) { continue; }
-        }
-    #endif
-        ret = wolfSSL_accept(ssl);
-        err = wolfSSL_get_error(ssl, ret);
-    } while (err == WC_NO_ERR_TRACE(WC_PENDING_E));
+    WOLFSSL_ASYNC_WHILE_PENDING(ret = wolfSSL_accept(ssl),
+                                ret != WOLFSSL_SUCCESS);
     if (ret != WOLFSSL_SUCCESS) {
         char buff[WOLFSSL_MAX_ERROR_SZ];
         fprintf(stderr, "accept error = %d, %s\n", err,
@@ -9639,37 +9238,15 @@ static THREAD_RETURN WOLFSSL_THREAD run_wolfssl_server(void* args)
         /*err_sys("SSL_accept failed");*/
     }
     else {
-    #ifdef WOLFSSL_ASYNC_CRYPT
-        err = 0; /* Reset error */
-    #endif
-        do {
-        #ifdef WOLFSSL_ASYNC_CRYPT
-            if (err == WC_NO_ERR_TRACE(WC_PENDING_E)) {
-                ret = wolfSSL_AsyncPoll(ssl, WOLF_POLL_FLAG_CHECK_HW);
-                if (ret < 0) { break; } else if (ret == 0) { continue; }
-            }
-        #endif
-            idx = wolfSSL_read(ssl, input, sizeof(input)-1);
-            err = wolfSSL_get_error(ssl, idx);
-        } while (err == WC_NO_ERR_TRACE(WC_PENDING_E));
+        WOLFSSL_ASYNC_WHILE_PENDING(idx = wolfSSL_read(ssl, input, sizeof(input)-1),
+                                    idx <= 0);
         if (idx > 0) {
             input[idx] = 0;
             fprintf(stderr, "Client message: %s\n", input);
         }
 
-    #ifdef WOLFSSL_ASYNC_CRYPT
-        err = 0; /* Reset error */
-    #endif
-        do {
-        #ifdef WOLFSSL_ASYNC_CRYPT
-            if (err == WC_NO_ERR_TRACE(WC_PENDING_E)) {
-                ret = wolfSSL_AsyncPoll(ssl, WOLF_POLL_FLAG_CHECK_HW);
-                if (ret < 0) { break; } else if (ret == 0) { continue; }
-            }
-        #endif
-            ret = wolfSSL_write(ssl, msg, len);
-            err = wolfSSL_get_error(ssl, ret);
-        } while (err == WC_NO_ERR_TRACE(WC_PENDING_E));
+        WOLFSSL_ASYNC_WHILE_PENDING(ret = wolfSSL_write(ssl, msg, len),
+                                    len != ret);
         if (len != ret) {
             goto cleanup;
         }
@@ -9785,12 +9362,12 @@ static void run_wolfssl_client(void* args)
 
     if (!callbacks->loadToSSL) {
         if (wolfSSL_CTX_use_certificate_file(ctx, callbacks->certPemFile,
-                WOLFSSL_FILETYPE_PEM) != WOLFSSL_SUCCESS) {
+                CERT_FILETYPE) != WOLFSSL_SUCCESS) {
             goto cleanup;
         }
 
         if (wolfSSL_CTX_use_PrivateKey_file(ctx, callbacks->keyPemFile,
-                WOLFSSL_FILETYPE_PEM) != WOLFSSL_SUCCESS) {
+                CERT_FILETYPE) != WOLFSSL_SUCCESS) {
             goto cleanup;
         }
     }
@@ -9798,7 +9375,7 @@ static void run_wolfssl_client(void* args)
 #ifdef HAVE_CRL
     if (callbacks->crlPemFile != NULL) {
         if (wolfSSL_CTX_LoadCRLFile(ctx, callbacks->crlPemFile,
-                WOLFSSL_FILETYPE_PEM) != WOLFSSL_SUCCESS) {
+                CERT_FILETYPE) != WOLFSSL_SUCCESS) {
             goto cleanup;
         }
     }
@@ -9824,12 +9401,12 @@ static void run_wolfssl_client(void* args)
         wolfSSL_SetDevId(ssl, callbacks->devId);
 
         if (wolfSSL_use_certificate_file(ssl, callbacks->certPemFile,
-                WOLFSSL_FILETYPE_PEM) != WOLFSSL_SUCCESS) {
+                CERT_FILETYPE) != WOLFSSL_SUCCESS) {
             goto cleanup;
         }
 
         if (wolfSSL_use_PrivateKey_file(ssl, callbacks->keyPemFile,
-                WOLFSSL_FILETYPE_PEM) != WOLFSSL_SUCCESS) {
+                CERT_FILETYPE) != WOLFSSL_SUCCESS) {
             goto cleanup;
         }
     }
@@ -9837,19 +9414,8 @@ static void run_wolfssl_client(void* args)
     if (callbacks->ssl_ready)
         callbacks->ssl_ready(ssl);
 
-    #ifdef WOLFSSL_ASYNC_CRYPT
-    err = 0; /* Reset error */
-    #endif
-    do {
-    #ifdef WOLFSSL_ASYNC_CRYPT
-        if (err == WC_NO_ERR_TRACE(WC_PENDING_E)) {
-            ret = wolfSSL_AsyncPoll(ssl, WOLF_POLL_FLAG_CHECK_HW);
-            if (ret < 0) { break; } else if (ret == 0) { continue; }
-        }
-    #endif
-        ret = wolfSSL_connect(ssl);
-        err = wolfSSL_get_error(ssl, ret);
-    } while (err == WC_NO_ERR_TRACE(WC_PENDING_E));
+    WOLFSSL_ASYNC_WHILE_PENDING(ret = wolfSSL_connect(ssl),
+                                ret != WOLFSSL_SUCCESS);
     if (ret != WOLFSSL_SUCCESS) {
         char buff[WOLFSSL_MAX_ERROR_SZ];
         fprintf(stderr, "error = %d, %s\n", err,
@@ -9857,35 +9423,13 @@ static void run_wolfssl_client(void* args)
         /*err_sys("SSL_connect failed");*/
     }
     else {
-        #ifdef WOLFSSL_ASYNC_CRYPT
-        err = 0; /* Reset error */
-        #endif
-        do {
-        #ifdef WOLFSSL_ASYNC_CRYPT
-            if (err == WC_NO_ERR_TRACE(WC_PENDING_E)) {
-                ret = wolfSSL_AsyncPoll(ssl, WOLF_POLL_FLAG_CHECK_HW);
-                if (ret < 0) { break; } else if (ret == 0) { continue; }
-            }
-        #endif
-            ret = wolfSSL_write(ssl, msg, len);
-            err = wolfSSL_get_error(ssl, ret);
-        } while (err == WC_NO_ERR_TRACE(WC_PENDING_E));
+        WOLFSSL_ASYNC_WHILE_PENDING(ret = wolfSSL_write(ssl, msg, len),
+                                    ret != len);
         if (len != ret)
             goto cleanup;
 
-        #ifdef WOLFSSL_ASYNC_CRYPT
-        err = 0; /* Reset error */
-        #endif
-        do {
-        #ifdef WOLFSSL_ASYNC_CRYPT
-            if (err == WC_NO_ERR_TRACE(WC_PENDING_E)) {
-                ret = wolfSSL_AsyncPoll(ssl, WOLF_POLL_FLAG_CHECK_HW);
-                if (ret < 0) { break; } else if (ret == 0) { continue; }
-            }
-        #endif
-            ret = wolfSSL_read(ssl, input, sizeof(input)-1);
-            err = wolfSSL_get_error(ssl, ret);
-        } while (err == WC_NO_ERR_TRACE(WC_PENDING_E));
+        WOLFSSL_ASYNC_WHILE_PENDING(ret = wolfSSL_read(ssl, input, sizeof(input)-1),
+                                    ret <= 0);
         if (ret > 0) {
             input[ret] = '\0'; /* null term */
             fprintf(stderr, "Server response: %s\n", input);
@@ -11480,7 +11024,7 @@ static int test_wolfSSL_dtls_export(void)
 
 #if defined(WOLFSSL_SESSION_EXPORT) && !defined(WOLFSSL_NO_TLS12)
 #ifdef WOLFSSL_TLS13
-static const byte canned_client_tls13_session[] = {
+static const byte canned_client_tls13_session_v4[] = {
     0xA7, 0xA4, 0x01, 0x18, 0x00, 0x41, 0x00, 0x00,
     0x01, 0x00, 0x00, 0x80, 0x04, 0x00, 0x00, 0x00,
     0x00, 0x80, 0x00, 0x1C, 0x01, 0x00, 0x00, 0x01,
@@ -11519,6 +11063,33 @@ static const byte canned_client_tls13_session[] = {
     0x00, 0x03
 };
 
+static const byte canned_client_tls13_session_v5[] = {
+    0xa7, 0xa5, 0x01, 0x19, 0x00, 0x42, 0x00, 0x00, 0x01, 0x00, 0x00, 0x80,
+    0x04, 0x00, 0x00, 0x00, 0x00, 0x80, 0x00, 0x1c, 0x01, 0x00, 0x00, 0x01,
+    0x00, 0x01, 0x01, 0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x01,
+    0x00, 0x00, 0x00, 0x01, 0x01, 0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x01,
+    0x00, 0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x13, 0x01, 0x0a, 0x0f, 0x10,
+    0x01, 0x02, 0x09, 0x00, 0x05, 0x00, 0x00, 0x00, 0x00, 0x01, 0x03, 0x04,
+    0x00, 0xb7, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x02, 0x00, 0x00,
+    0x00, 0x00, 0x00, 0x00, 0x00, 0x01, 0x00, 0x00, 0x00, 0x27, 0x00, 0x00,
+    0x00, 0x11, 0x01, 0x01, 0x00, 0x20, 0x84, 0x4f, 0x18, 0xd8, 0xc1, 0x24,
+    0xd8, 0xbb, 0x17, 0x9e, 0x31, 0xa3, 0xf8, 0xa7, 0x3c, 0xba, 0xec, 0xfa,
+    0xb4, 0x7f, 0xc5, 0x78, 0xeb, 0x6d, 0xe3, 0x2b, 0x7b, 0x94, 0xbe, 0x20,
+    0x11, 0x7e, 0x17, 0x10, 0xa7, 0x10, 0x19, 0xec, 0x62, 0xcc, 0xbe, 0xf5,
+    0x01, 0x35, 0x3c, 0xea, 0xef, 0x44, 0x3c, 0x40, 0xa2, 0xbc, 0x18, 0x43,
+    0xa1, 0xa1, 0x65, 0x5c, 0x48, 0xe2, 0xf9, 0x38, 0xeb, 0x11, 0x10, 0x72,
+    0x7c, 0x78, 0x22, 0x13, 0x3b, 0x19, 0x40, 0xf0, 0x73, 0xbe, 0x96, 0x14,
+    0x78, 0x26, 0xb9, 0x6b, 0x2e, 0x72, 0x22, 0x0d, 0x90, 0x94, 0xdd, 0x78,
+    0x77, 0xfc, 0x0c, 0x2e, 0x63, 0x6e, 0xf0, 0x0c, 0x35, 0x41, 0xcd, 0xf3,
+    0x49, 0x31, 0x08, 0xd0, 0x6f, 0x02, 0x3d, 0xc1, 0xd3, 0xb7, 0xee, 0x3a,
+    0xa0, 0x8e, 0xa1, 0x4d, 0xc3, 0x2e, 0x5e, 0x06, 0x00, 0x00, 0x00, 0x00,
+    0x00, 0x00, 0x00, 0x00, 0x0c, 0x35, 0x41, 0xcd, 0xf3, 0x49, 0x31, 0x08,
+    0xd0, 0x6f, 0x02, 0x3d, 0xc1, 0xd3, 0xb7, 0xee, 0x3a, 0xa0, 0x8e, 0xa1,
+    0x4d, 0xc3, 0x2e, 0x5e, 0x06, 0x00, 0x10, 0x00, 0x10, 0x00, 0x0c, 0x00,
+    0x10, 0x00, 0x10, 0x07, 0x02, 0x04, 0x00, 0x00, 0x20, 0x28, 0x00, 0x00,
+    0x06, 0x00, 0x00, 0x00, 0x00, 0x00, 0x03
+};
+
 static const byte canned_server_tls13_session[] = {
     0xA7, 0xA4, 0x01, 0x18, 0x00, 0x41, 0x01, 0x00,
     0x01, 0x00, 0x00, 0x80, 0x04, 0x00, 0x00, 0x00,
@@ -11559,7 +11130,7 @@ static const byte canned_server_tls13_session[] = {
 };
 #endif /* WOLFSSL_TLS13 */
 
-static const byte canned_client_session[] = {
+static const byte canned_client_session_v4[] = {
     0xA7, 0xA4, 0x01, 0x40, 0x00, 0x41, 0x00, 0x00,
     0x00, 0x00, 0x00, 0x80, 0x02, 0x00, 0x00, 0x00,
     0x00, 0x80, 0x00, 0x1C, 0x00, 0x00, 0x00, 0x01,
@@ -11603,6 +11174,36 @@ static const byte canned_client_session[] = {
     0x00, 0x03
 };
 
+static const byte canned_client_session_v5[] = {
+    0xa7, 0xa5, 0x01, 0x41, 0x00, 0x42, 0x00, 0x00, 0x00, 0x00, 0x00, 0x80,
+    0x02, 0x00, 0x00, 0x00, 0x00, 0x80, 0x00, 0x1c, 0x00, 0x00, 0x00, 0x01,
+    0x00, 0x01, 0x01, 0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x01,
+    0x00, 0x00, 0x00, 0x01, 0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+    0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0xc0, 0x27, 0x0a, 0x0d, 0x10,
+    0x01, 0x01, 0x0a, 0x00, 0x05, 0x00, 0x01, 0x01, 0x01, 0x01, 0x03, 0x03,
+    0x00, 0xbf, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x02, 0x00, 0x00,
+    0x00, 0x00, 0x00, 0x00, 0x00, 0x02, 0x00, 0x00, 0x00, 0x50, 0x00, 0x00,
+    0x00, 0x0a, 0x01, 0x01, 0x00, 0x20, 0x69, 0x11, 0x6d, 0x97, 0x15, 0x6e,
+    0x52, 0x27, 0xd6, 0x1d, 0x1d, 0xf5, 0x0d, 0x59, 0xa5, 0xac, 0x2e, 0x8c,
+    0x0e, 0xcb, 0x26, 0x1e, 0xe2, 0xce, 0xbb, 0xce, 0xe1, 0x7d, 0xd7, 0xef,
+    0xa5, 0x44, 0x80, 0x2a, 0xde, 0xbb, 0x75, 0xb0, 0x1d, 0x75, 0x17, 0x20,
+    0x4c, 0x08, 0x05, 0x1b, 0xba, 0x60, 0x1f, 0x6c, 0x91, 0x8c, 0xaa, 0xbb,
+    0xe5, 0xa3, 0x0b, 0x12, 0x3e, 0xc0, 0x35, 0x43, 0x1d, 0xe2, 0x10, 0xe2,
+    0x02, 0x92, 0x4b, 0x8f, 0x05, 0xa9, 0x4b, 0xcc, 0x90, 0xc3, 0x0e, 0xc2,
+    0x0f, 0xe9, 0x33, 0x85, 0x9b, 0x3c, 0x19, 0x21, 0xd5, 0x62, 0xe5, 0xe1,
+    0x17, 0x8f, 0x8c, 0x19, 0x52, 0xd8, 0x59, 0x10, 0x2d, 0x20, 0x6f, 0xba,
+    0xc1, 0x1c, 0xd1, 0x82, 0xc7, 0x32, 0x1b, 0xbb, 0xcc, 0x30, 0x03, 0xd7,
+    0x3a, 0xc8, 0x18, 0xed, 0x58, 0xc8, 0x11, 0xfe, 0x71, 0x9c, 0x71, 0xd8,
+    0x6b, 0xe0, 0x25, 0x64, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+    0x0c, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+    0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+    0x00, 0x00, 0x10, 0x00, 0x10, 0x00, 0x10, 0x00, 0x10, 0x00, 0x00, 0x06,
+    0x01, 0x04, 0x08, 0x01, 0x20, 0x28, 0x00, 0x09, 0xe1, 0x50, 0x70, 0x02,
+    0x2f, 0x7e, 0xda, 0xbd, 0x40, 0xc5, 0x58, 0x87, 0xce, 0x43, 0xf3, 0xc5,
+    0x8f, 0xa1, 0x59, 0x93, 0xef, 0x7e, 0xd3, 0xd0, 0xb5, 0x87, 0x1d, 0x81,
+    0x54, 0x14, 0x63, 0x00, 0x06, 0x00, 0x00, 0x00, 0x00, 0x00, 0x03
+};
+
 
 static const byte canned_server_session[] = {
     0xA7, 0xA4, 0x01, 0x40, 0x00, 0x41, 0x00, 0x00,
@@ -11648,7 +11249,6 @@ static const byte canned_server_session[] = {
     0x00, 0x04
 };
 
-
 static THREAD_RETURN WOLFSSL_THREAD tls_export_server(void* args)
 {
     SOCKET_T sockfd = 0;
@@ -11788,7 +11388,9 @@ static void load_tls13_canned_server(WOLFSSL* ssl)
 
 
 /* v is for version WOLFSSL_TLSV1_2 or WOLFSSL_TLSV1_3 */
-static int test_wolfSSL_tls_export_run(int v)
+static int test_wolfSSL_tls_export_run(method_provider server_method,
+        method_provider client_method, ssl_callback ssl_ready,
+        const byte* clientSession, int clientSessionSz, int cmpSess)
 {
     EXPECT_DECLS;
     SOCKET_T sockfd = 0;
@@ -11798,8 +11400,6 @@ static int test_wolfSSL_tls_export_run(int v)
     char reply[1024];
     word32 replySz;
     int  msgSz = (int)XSTRLEN(msg);
-    const byte* clientSession = NULL;
-    int   clientSessionSz = 0;
 
     tcp_ready ready;
     func_args server_args;
@@ -11810,6 +11410,8 @@ static int test_wolfSSL_tls_export_run(int v)
     fdOpenSession(Task_self());
 #endif
 
+    (void)cmpSess;
+
     InitTcpReady(&ready);
 
 #if defined(USE_WINDOWS_API)
@@ -11819,29 +11421,9 @@ static int test_wolfSSL_tls_export_run(int v)
 
     XMEMSET(&server_args, 0, sizeof(func_args));
     XMEMSET(&server_cbf, 0, sizeof(callback_functions));
-    switch (v) {
-        case WOLFSSL_TLSV1_2:
-            server_cbf.method     = wolfTLSv1_2_server_method;
-            server_cbf.ssl_ready  = load_tls12_canned_server;
-
-            /* setup the client side */
-            ExpectNotNull(ctx = wolfSSL_CTX_new(wolfTLSv1_2_client_method()));
-            wolfSSL_CTX_set_cipher_list(ctx, "ECDHE-RSA-AES128-SHA256");
-            clientSession   = canned_client_session;
-            clientSessionSz = sizeof(canned_client_session);
-            break;
-    #ifdef WOLFSSL_TLS13
-        case WOLFSSL_TLSV1_3:
-            server_cbf.method     = wolfTLSv1_3_server_method;
-            server_cbf.ssl_ready  = load_tls13_canned_server;
-
-            /* setup the client side */
-            ExpectNotNull(ctx = wolfSSL_CTX_new(wolfTLSv1_3_client_method()));
-            clientSession   = canned_client_tls13_session;
-            clientSessionSz = sizeof(canned_client_tls13_session);
-            break;
-    #endif
-    }
+    server_cbf.method = server_method;
+    server_cbf.ssl_ready = ssl_ready;
+    ExpectNotNull(ctx = wolfSSL_CTX_new(client_method()));
     server_args.callbacks = &server_cbf;
     server_args.signal    = &ready;
 
@@ -11860,8 +11442,11 @@ static int test_wolfSSL_tls_export_run(int v)
     replySz = sizeof(reply);
     ExpectIntGT(wolfSSL_tls_export(ssl, (byte*)reply, &replySz), 0);
 #if !defined(NO_PSK) && defined(HAVE_ANON)
-    /* index 20 has is setting if PSK was on and 49 is if anon is allowed */
-    ExpectIntEQ(XMEMCMP(reply, clientSession, replySz), 0);
+    if (cmpSess) {
+        /* index 20 has is setting if PSK was on and 49 is if anon is allowed */
+        ExpectIntEQ(replySz, clientSessionSz);
+        ExpectBufEQ(reply, clientSession, replySz);
+    }
 #endif
     wolfSSL_set_fd(ssl, sockfd);
 
@@ -11897,16 +11482,27 @@ static int test_wolfSSL_tls_export_run(int v)
 
 static int test_wolfSSL_tls_export(void)
 {
-    int res = TEST_SKIPPED;
+    EXPECT_DECLS;
 #if defined(WOLFSSL_SESSION_EXPORT) && !defined(WOLFSSL_NO_TLS12)
-    test_wolfSSL_tls_export_run(WOLFSSL_TLSV1_2);
+    EXPECT_TEST(test_wolfSSL_tls_export_run(wolfTLSv1_2_server_method,
+        wolfTLSv1_2_client_method, load_tls12_canned_server,
+        canned_client_session_v4, sizeof(canned_client_session_v4), 0));
+    EXPECT_TEST(test_wolfSSL_tls_export_run(wolfTLSv1_2_server_method,
+        wolfTLSv1_2_client_method, load_tls12_canned_server,
+        canned_client_session_v5, sizeof(canned_client_session_v5), 1));
     #ifdef WOLFSSL_TLS13
-    test_wolfSSL_tls_export_run(WOLFSSL_TLSV1_3);
+    EXPECT_TEST(test_wolfSSL_tls_export_run(wolfTLSv1_3_server_method,
+        wolfTLSv1_3_client_method, load_tls13_canned_server,
+        canned_client_tls13_session_v4, sizeof(canned_client_tls13_session_v4),
+        0));
+    EXPECT_TEST(test_wolfSSL_tls_export_run(wolfTLSv1_3_server_method,
+        wolfTLSv1_3_client_method, load_tls13_canned_server,
+        canned_client_tls13_session_v5, sizeof(canned_client_tls13_session_v5),
+        1));
     #endif
-    res = TEST_RES_CHECK(1);
 #endif
 
-    return res;
+    return EXPECT_RESULT();
 }
 
 /*----------------------------------------------------------------------------*
@@ -13319,9 +12915,9 @@ static int test_tls_ext_duplicate(void)
     ExpectNotNull(ctx = wolfSSL_CTX_new(wolfSSLv23_server_method()));
 
     ExpectTrue(wolfSSL_CTX_use_certificate_file(ctx, testCertFile,
-        WOLFSSL_FILETYPE_PEM));
+        CERT_FILETYPE));
     ExpectTrue(wolfSSL_CTX_use_PrivateKey_file(ctx, testKeyFile,
-        WOLFSSL_FILETYPE_PEM));
+        CERT_FILETYPE));
 
     /* Read from 'msg'. */
     wolfSSL_SetIORecv(ctx, BufferInfoRecv);
@@ -13348,13 +12944,94 @@ static int test_tls_ext_duplicate(void)
     return EXPECT_RESULT();
 }
 
+
+/* Test TLS connection abort when legacy version field indicates TLS 1.3 or
+ * higher. Based on test_tls_ext_duplicate() but with legacy version modified
+ * to 0x0304.
+ */
+static int test_tls_bad_legacy_version(void)
+{
+    EXPECT_DECLS;
+#if defined(WOLFSSL_TLS13) && !defined(WOLFSSL_ALLOW_BAD_TLS_LEGACY_VERSION)
+#if !defined(NO_WOLFSSL_SERVER) && !defined(NO_TLS) && \
+    !defined(NO_FILESYSTEM) && (!defined(NO_RSA) || defined(HAVE_ECC))
+    /* This is exactly the same as the buffer in test_tls_ext_duplicate() except
+     * the 11th byte is set to 0x04. That change means the legacy protocol
+     * version field is invalid. That will be caught before the dulplicate
+     * signature algorithms extension. */
+    const unsigned char clientHelloBadLegacyVersion[] = {
+        0x16, 0x03, 0x03, 0x00, 0x6a, 0x01, 0x00, 0x00,
+        0x66, 0x03, 0x04, 0xf4, 0x65, 0xbd, 0x22, 0xfe,
+        0x6e, 0xab, 0x66, 0xdd, 0xcf, 0xe9, 0x65, 0x55,
+        0xe8, 0xdf, 0xc3, 0x8e, 0x4b, 0x00, 0xbc, 0xf8,
+        0x23, 0x57, 0x1b, 0xa0, 0xc8, 0xa9, 0xe2, 0x8c,
+        0x91, 0x6e, 0xf9, 0x20, 0xf7, 0x5c, 0xc5, 0x5b,
+        0x75, 0x8c, 0x47, 0x0a, 0x0e, 0xc4, 0x1a, 0xda,
+        0xef, 0x75, 0xe5, 0x21, 0x00, 0x00, 0x00, 0x00,
+        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+        0x00, 0x00, 0x00, 0x00, 0x00, 0x04, 0x13, 0x01,
+        0x00, 0x9e, 0x01, 0x00,
+        /* Extensions - duplicate signature algorithms. */
+                                0x00, 0x19, 0x00, 0x0d,
+        0x00, 0x04, 0x00, 0x02, 0x04, 0x01, 0x00, 0x0d,
+        0x00, 0x04, 0x00, 0x02, 0x04, 0x01,
+        /* Supported Versions extension for TLS 1.3. */
+                                            0x00, 0x2b,
+        0x00, 0x05, 0x04, 0x03, 0x04, 0x03, 0x03
+    };
+
+    WOLFSSL_BUFFER_INFO msg;
+    const char* testCertFile;
+    const char* testKeyFile;
+    WOLFSSL_CTX *ctx = NULL;
+    WOLFSSL     *ssl = NULL;
+
+#ifndef NO_RSA
+    testCertFile = svrCertFile;
+    testKeyFile = svrKeyFile;
+#elif defined(HAVE_ECC)
+    testCertFile = eccCertFile;
+    testKeyFile = eccKeyFile;
+#endif
+
+    ExpectNotNull(ctx = wolfSSL_CTX_new(wolfSSLv23_server_method()));
+
+    ExpectTrue(wolfSSL_CTX_use_certificate_file(ctx, testCertFile,
+        CERT_FILETYPE));
+    ExpectTrue(wolfSSL_CTX_use_PrivateKey_file(ctx, testKeyFile,
+        CERT_FILETYPE));
+
+    /* Read from 'msg'. */
+    wolfSSL_SetIORecv(ctx, BufferInfoRecv);
+    /* No where to send to - dummy sender. */
+    wolfSSL_SetIOSend(ctx, DummySend);
+
+    ssl = wolfSSL_new(ctx);
+    ExpectNotNull(ssl);
+
+    msg.buffer = (unsigned char*)clientHelloBadLegacyVersion;
+    msg.length = (unsigned int)sizeof(clientHelloBadLegacyVersion);
+    wolfSSL_SetIOReadCtx(ssl, &msg);
+
+    ExpectIntNE(wolfSSL_accept(ssl), WOLFSSL_SUCCESS);
+    /* Connection should fail due to bad legacy version field. When that
+     * happens the return code is VERSION_ERROR but that gets transformed into
+     * SOCKET_ERROR_E. */
+    ExpectIntEQ(wolfSSL_get_error(ssl, 0), WC_NO_ERR_TRACE(SOCKET_ERROR_E));
+
+    wolfSSL_free(ssl);
+    wolfSSL_CTX_free(ctx);
+#endif
+#endif
+    return EXPECT_RESULT();
+}
 /*----------------------------------------------------------------------------*
  | X509 Tests
  *----------------------------------------------------------------------------*/
 static int test_wolfSSL_X509_NAME_get_entry(void)
 {
     EXPECT_DECLS;
-#if !defined(NO_CERTS) && !defined(NO_RSA)
+#if !defined(NO_CERTS) && !defined(NO_RSA) && !defined(NO_FILESYSTEM)
 #if defined(OPENSSL_ALL) || \
         (defined(OPENSSL_EXTRA) && \
             (defined(KEEP_PEER_CERT) || defined(SESSION_CERTS)))
@@ -13362,10 +13039,8 @@ static int test_wolfSSL_X509_NAME_get_entry(void)
     X509_NAME_ENTRY* ne = NULL;
     X509_NAME* name = NULL;
     X509* x509 = NULL;
-#ifndef NO_FILESYSTEM
     ASN1_STRING* asn = NULL;
     char* subCN = NULL;
-#endif
     int idx = 0;
     ASN1_OBJECT *object = NULL;
 #if defined(WOLFSSL_APACHE_HTTPD) || defined(OPENSSL_ALL) || \
@@ -13375,7 +13050,6 @@ static int test_wolfSSL_X509_NAME_get_entry(void)
 #endif
 #endif
 
-#ifndef NO_FILESYSTEM
     ExpectNotNull(x509 = wolfSSL_X509_load_certificate_file(cliCertFile,
         WOLFSSL_FILETYPE_PEM));
     ExpectNotNull(name = X509_get_subject_name(x509));
@@ -13386,7 +13060,6 @@ static int test_wolfSSL_X509_NAME_get_entry(void)
     ExpectNotNull(subCN = (char*)ASN1_STRING_data(asn));
     wolfSSL_FreeX509(x509);
     x509 = NULL;
-#endif
 
     ExpectNotNull(x509 = wolfSSL_X509_load_certificate_file(cliCertFile,
         WOLFSSL_FILETYPE_PEM));
@@ -13411,7 +13084,7 @@ static int test_wolfSSL_X509_NAME_get_entry(void)
     ExpectNotNull(object = X509_NAME_ENTRY_get_object(ne));
     wolfSSL_FreeX509(x509);
 #endif /* OPENSSL_ALL || (OPENSSL_EXTRA && (KEEP_PEER_CERT || SESSION_CERTS) */
-#endif /* !NO_CERTS && !NO_RSA */
+#endif /* !NO_CERTS && !NO_RSA && !NO_FILESYSTEM */
 
     return EXPECT_RESULT();
 }
@@ -13926,10 +13599,14 @@ static int test_wolfSSL_PKCS8(void)
     byte buff[FOURK_BUF];
     byte der[FOURK_BUF];
     #ifndef NO_RSA
+#ifdef WOLFSSL_PEM_TO_DER
         const char serverKeyPkcs8PemFile[] = "./certs/server-keyPkcs8.pem";
+#endif
         const char serverKeyPkcs8DerFile[] = "./certs/server-keyPkcs8.der";
     #endif
+#ifdef WOLFSSL_PEM_TO_DER
     const char eccPkcs8PrivKeyPemFile[] = "./certs/ecc-privkeyPkcs8.pem";
+#endif
     #ifdef HAVE_ECC
         const char eccPkcs8PrivKeyDerFile[] = "./certs/ecc-privkeyPkcs8.der";
     #endif
@@ -13975,6 +13652,7 @@ static int test_wolfSSL_PKCS8(void)
     flag = 1; /* used by password callback as return code */
 
     #if !defined(NO_RSA) && !defined(NO_SHA)
+    #if defined(WOLFSSL_PEM_TO_DER)
     /* test loading PEM PKCS8 encrypted file */
     ExpectTrue((f = XFOPEN(serverKeyPkcs8EncPemFile, "rb")) != XBADFILE);
     ExpectIntGT(bytes = (int)XFREAD(buff, 1, sizeof(buff), f), 0);
@@ -13997,6 +13675,7 @@ static int test_wolfSSL_PKCS8(void)
     /* test that error value is returned with a bad password */
     ExpectIntLT(wc_KeyPemToDer(buff, bytes, der, (word32)sizeof(der),
         "bad"), 0);
+    #endif
 
     /* test loading PEM PKCS8 encrypted file */
     ExpectTrue((f = XFOPEN(serverKeyPkcs8EncDerFile, "rb")) != XBADFILE);
@@ -14016,6 +13695,7 @@ static int test_wolfSSL_PKCS8(void)
     #endif /* !NO_RSA && !NO_SHA */
 
     #if defined(HAVE_ECC) && !defined(NO_SHA)
+    #if defined(WOLFSSL_PEM_TO_DER)
     /* test loading PEM PKCS8 encrypted ECC Key file */
     ExpectTrue((f = XFOPEN(eccPkcs8EncPrivKeyPemFile, "rb")) != XBADFILE);
     ExpectIntGT(bytes = (int)XFREAD(buff, 1, sizeof(buff), f), 0);
@@ -14039,6 +13719,7 @@ static int test_wolfSSL_PKCS8(void)
     /* test that error value is returned with a bad password */
     ExpectIntLT(wc_KeyPemToDer(buff, bytes, der, (word32)sizeof(der),
         "bad"), 0);
+    #endif
 
     /* test loading DER PKCS8 encrypted ECC Key file */
     ExpectTrue((f = XFOPEN(eccPkcs8EncPrivKeyDerFile, "rb")) != XBADFILE);
@@ -14073,6 +13754,7 @@ static int test_wolfSSL_PKCS8(void)
     ExpectIntEQ(wolfSSL_CTX_use_PrivateKey_buffer(ctx, buff, bytes,
                 WOLFSSL_FILETYPE_ASN1), WOLFSSL_SUCCESS);
 
+    #ifdef WOLFSSL_PEM_TO_DER
     /* test loading PEM PKCS8 private key file (not encrypted) */
     ExpectTrue((f = XFOPEN(serverKeyPkcs8PemFile, "rb")) != XBADFILE);
     ExpectIntGT(bytes = (int)XFREAD(buff, 1, sizeof(buff), f), 0);
@@ -14082,8 +13764,10 @@ static int test_wolfSSL_PKCS8(void)
     }
     ExpectIntEQ(wolfSSL_CTX_use_PrivateKey_buffer(ctx, buff, bytes,
                 WOLFSSL_FILETYPE_PEM), WOLFSSL_SUCCESS);
+    #endif
 #endif /* !NO_RSA */
 
+#ifdef WOLFSSL_PEM_TO_DER
     /* Test PKCS8 PEM ECC key no crypt */
     ExpectTrue((f = XFOPEN(eccPkcs8PrivKeyPemFile, "rb")) != XBADFILE);
     ExpectIntGT(bytes = (int)XFREAD(buff, 1, sizeof(buff), f), 0);
@@ -14091,12 +13775,13 @@ static int test_wolfSSL_PKCS8(void)
         XFCLOSE(f);
         f = XBADFILE;
     }
+#endif
 #ifdef HAVE_ECC
+#ifdef WOLFSSL_PEM_TO_DER
     /* Test PKCS8 PEM ECC key no crypt */
     ExpectIntEQ(wolfSSL_CTX_use_PrivateKey_buffer(ctx, buff, bytes,
                 WOLFSSL_FILETYPE_PEM), WOLFSSL_SUCCESS);
 
-#if !defined(NO_CODING) && !defined(WOLFSSL_NO_PEM)
     /* decrypt PKCS8 PEM to key in DER format */
     ExpectIntGT((bytes = wc_KeyPemToDer(buff, bytes, der,
         (word32)sizeof(der), NULL)), 0);
@@ -14118,9 +13803,11 @@ static int test_wolfSSL_PKCS8(void)
     ExpectIntEQ(wolfSSL_CTX_use_PrivateKey_buffer(ctx, buff, bytes,
                 WOLFSSL_FILETYPE_ASN1), WOLFSSL_SUCCESS);
 #else
+#ifdef WOLFSSL_PEM_TO_DER
     /* if HAVE_ECC is not defined then BEGIN EC PRIVATE KEY is not found */
     ExpectIntEQ((bytes = wc_KeyPemToDer(buff, bytes, der,
         (word32)sizeof(der), NULL)), WC_NO_ERR_TRACE(ASN_NO_PEM_HEADER));
+#endif
 #endif /* HAVE_ECC */
 
     wolfSSL_CTX_free(ctx);
@@ -15520,6670 +15207,6 @@ static int test_wc_SetAuthKeyIdFromPublicKey_ex(void)
     return EXPECT_RESULT();
 } /* End test_wc_SetAuthKeyIdFromPublicKey_ex*/
 
-/*
- * Testing wc_PKCS7_New()
- */
-static int test_wc_PKCS7_New(void)
-{
-    EXPECT_DECLS;
-#if defined(HAVE_PKCS7)
-    PKCS7* pkcs7 = NULL;
-
-    ExpectNotNull(pkcs7 = wc_PKCS7_New(NULL, testDevId));
-    wc_PKCS7_Free(pkcs7);
-#endif
-    return EXPECT_RESULT();
-} /* END test-wc_PKCS7_New */
-
-/*
- * Testing wc_PKCS7_Init()
- */
-static int test_wc_PKCS7_Init(void)
-{
-    EXPECT_DECLS;
-#if defined(HAVE_PKCS7)
-    PKCS7* pkcs7 = NULL;
-    void*  heap = NULL;
-
-    ExpectNotNull(pkcs7 = wc_PKCS7_New(heap, testDevId));
-
-    ExpectIntEQ(wc_PKCS7_Init(pkcs7, heap, testDevId), 0);
-    /* Pass in bad args. */
-    ExpectIntEQ(wc_PKCS7_Init(NULL, heap, testDevId), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
-
-    wc_PKCS7_Free(pkcs7);
-#endif
-    return EXPECT_RESULT();
-} /* END test-wc_PKCS7_Init */
-
-
-/*
- * Testing wc_PKCS7_InitWithCert()
- */
-static int test_wc_PKCS7_InitWithCert(void)
-{
-    EXPECT_DECLS;
-#if defined(HAVE_PKCS7)
-    PKCS7* pkcs7 = NULL;
-
-#ifndef NO_RSA
-    #if defined(USE_CERT_BUFFERS_2048)
-        unsigned char    cert[sizeof(client_cert_der_2048)];
-        int              certSz = (int)sizeof(cert);
-
-        XMEMSET(cert, 0, certSz);
-        XMEMCPY(cert, client_cert_der_2048, sizeof(client_cert_der_2048));
-    #elif defined(USE_CERT_BUFFERS_1024)
-        unsigned char    cert[sizeof(client_cert_der_1024)];
-        int              certSz = (int)sizeof(cert);
-
-        XMEMSET(cert, 0, certSz);
-        XMEMCPY(cert, client_cert_der_1024, sizeof_client_cert_der_1024);
-    #else
-        unsigned char   cert[ONEK_BUF];
-        XFILE           fp = XBADFILE;
-        int             certSz;
-
-        ExpectTrue((fp = XFOPEN("./certs/1024/client-cert.der", "rb")) !=
-            XBADFILE);
-        ExpectIntGT(certSz = (int)XFREAD(cert, 1, sizeof_client_cert_der_1024,
-            fp), 0);
-        if (fp != XBADFILE)
-            XFCLOSE(fp);
-    #endif
-#elif defined(HAVE_ECC)
-    #if defined(USE_CERT_BUFFERS_256)
-        unsigned char    cert[sizeof(cliecc_cert_der_256)];
-        int              certSz = (int)sizeof(cert);
-
-        XMEMSET(cert, 0, certSz);
-        XMEMCPY(cert, cliecc_cert_der_256, sizeof(cliecc_cert_der_256));
-    #else
-        unsigned char   cert[ONEK_BUF];
-        XFILE           fp = XBADFILE;
-        int             certSz;
-
-        ExpectTrue((fp = XFOPEN("./certs/client-ecc-cert.der", "rb")) !=
-            XBADFILE);
-        ExpectIntGT(certSz = (int)XFREAD(cert, 1, sizeof(cliecc_cert_der_256),
-            fp), 0);
-        if (fp != XBADFILE)
-            XFCLOSE(fp);
-    #endif
-#else
-        #error PKCS7 requires ECC or RSA
-#endif
-
-#ifdef HAVE_ECC
-    {
-    /* bad test case from ZD 11011, malformed cert gives bad ECC key */
-        static unsigned char certWithInvalidEccKey[] = {
-        0x30, 0x82, 0x03, 0x5F, 0x30, 0x82, 0x03, 0x04, 0xA0, 0x03, 0x02, 0x01,
-        0x02, 0x02, 0x14, 0x61, 0xB3, 0x1E, 0x59, 0xF3, 0x68, 0x6C, 0xA4, 0x79,
-        0x42, 0x83, 0x2F, 0x1A, 0x50, 0x71, 0x03, 0xBE, 0x31, 0xAA, 0x2C, 0x30,
-        0x0A, 0x06, 0x08, 0x2A, 0x86, 0x48, 0xCE, 0x3D, 0x04, 0x03, 0x02, 0x30,
-        0x81, 0x8D, 0x31, 0x0B, 0x30, 0x09, 0x06, 0x03, 0x55, 0x04, 0x06, 0x13,
-        0x02, 0x55, 0x53, 0x31, 0x0F, 0x30, 0x0D, 0x06, 0x03, 0x55, 0x04, 0x08,
-        0x0C, 0x06, 0x4F, 0x72, 0x65, 0x67, 0x6F, 0x6E, 0x31, 0x0E, 0x30, 0x0C,
-        0x06, 0x03, 0x55, 0x04, 0x07, 0x0C, 0x05, 0x53, 0x61, 0x6C, 0x65, 0x6D,
-        0x31, 0x13, 0x30, 0x11, 0x06, 0x03, 0x55, 0x04, 0x0A, 0x0C, 0x0A, 0x43,
-        0x6C, 0x69, 0x65, 0x6E, 0x74, 0x20, 0x45, 0x43, 0x43, 0x31, 0x0D, 0x30,
-        0x0B, 0x06, 0x03, 0x55, 0x04, 0x0B, 0x0C, 0x04, 0x46, 0x61, 0x73, 0x74,
-        0x31, 0x18, 0x30, 0x16, 0x06, 0x03, 0x55, 0x04, 0x03, 0x0C, 0x0F, 0x77,
-        0x77, 0x77, 0x2E, 0x77, 0x6F, 0x6C, 0x66, 0x73, 0x73, 0x6C, 0x2E, 0x63,
-        0x6F, 0x6D, 0x31, 0x1F, 0x30, 0x1D, 0x06, 0x09, 0x2A, 0x86, 0x48, 0x86,
-        0xF7, 0x0D, 0x01, 0x09, 0x01, 0x16, 0x10, 0x69, 0x6E, 0x66, 0x6F, 0x40,
-        0x77, 0x6F, 0x6C, 0x66, 0x73, 0x73, 0x6C, 0x2E, 0x63, 0x6F, 0x6D, 0x30,
-        0x1E, 0x17, 0x0D, 0x32, 0x30, 0x30, 0x36, 0x31, 0x39, 0x31, 0x33, 0x32,
-        0x33, 0x34, 0x31, 0x5A, 0x17, 0x0D, 0x32, 0x33, 0x30, 0x33, 0x31, 0x36,
-        0x31, 0x33, 0x32, 0x33, 0x34, 0x31, 0x5A, 0x30, 0x81, 0x8D, 0x31, 0x0B,
-        0x30, 0x09, 0x06, 0x03, 0x55, 0x04, 0x06, 0x13, 0x02, 0x55, 0x53, 0x31,
-        0x0F, 0x30, 0x0D, 0x06, 0x03, 0x55, 0x04, 0x08, 0x0C, 0x06, 0x4F, 0x72,
-        0x65, 0x67, 0x6F, 0x6E, 0x31, 0x0E, 0x30, 0x0C, 0x06, 0x03, 0x55, 0x04,
-        0x07, 0x0C, 0x05, 0x53, 0x61, 0x6C, 0x65, 0x6D, 0x31, 0x13, 0x30, 0x11,
-        0x06, 0x03, 0x55, 0x04, 0x0A, 0x0C, 0x0A, 0x43, 0x6C, 0x69, 0x65, 0x6E,
-        0x74, 0x20, 0x45, 0x43, 0x43, 0x31, 0x0D, 0x30, 0x0B, 0x06, 0x03, 0x55,
-        0x04, 0x0B, 0x0C, 0x04, 0x46, 0x61, 0x73, 0x74, 0x31, 0x18, 0x30, 0x26,
-        0x06, 0x03, 0x55, 0x04, 0x03, 0x0C, 0x0F, 0x77, 0x77, 0x77, 0x2E, 0x77,
-        0x6F, 0x6C, 0x66, 0x73, 0x73, 0x6C, 0x2E, 0x63, 0x6F, 0x6D, 0x31, 0x1F,
-        0x30, 0x1D, 0x06, 0x09, 0x2A, 0x86, 0x48, 0x86, 0xF7, 0x0D, 0x01, 0x09,
-        0x01, 0x16, 0x10, 0x69, 0x6E, 0x66, 0x6F, 0x40, 0x77, 0x6F, 0x6C, 0x66,
-        0x73, 0x73, 0x6C, 0x2E, 0x63, 0x6F, 0x6D, 0x30, 0x59, 0x30, 0x13, 0x06,
-        0x07, 0x2A, 0x86, 0x48, 0xCE, 0x3D, 0x02, 0x01, 0x06, 0x08, 0x2A, 0x86,
-        0x48, 0xCE, 0x3D, 0x03, 0x01, 0x07, 0x03, 0x02, 0x00, 0x04, 0x55, 0xBF,
-        0xF4, 0x0F, 0x44, 0x50, 0x9A, 0x3D, 0xCE, 0x9B, 0xB7, 0xF0, 0xC5, 0x4D,
-        0xF5, 0x70, 0x7B, 0xD4, 0xEC, 0x24, 0x8E, 0x19, 0x80, 0xEC, 0x5A, 0x4C,
-        0xA2, 0x24, 0x03, 0x62, 0x2C, 0x9B, 0xDA, 0xEF, 0xA2, 0x35, 0x12, 0x43,
-        0x84, 0x76, 0x16, 0xC6, 0x56, 0x95, 0x06, 0xCC, 0x01, 0xA9, 0xBD, 0xF6,
-        0x75, 0x1A, 0x42, 0xF7, 0xBD, 0xA9, 0xB2, 0x36, 0x22, 0x5F, 0xC7, 0x5D,
-        0x7F, 0xB4, 0xA3, 0x82, 0x01, 0x3E, 0x30, 0x82, 0x01, 0x3A, 0x30, 0x1D,
-        0x06, 0x03, 0x55, 0x1D, 0x0E, 0x04, 0x16, 0x04, 0x14, 0xEB, 0xD4, 0x4B,
-        0x59, 0x6B, 0x95, 0x61, 0x3F, 0x51, 0x57, 0xB6, 0x04, 0x4D, 0x89, 0x41,
-        0x88, 0x44, 0x5C, 0xAB, 0xF2, 0x30, 0x81, 0xCD, 0x06, 0x03, 0x55, 0x1D,
-        0x23, 0x04, 0x81, 0xC5, 0x30, 0x81, 0xC2, 0x80, 0x14, 0xEB, 0xD4, 0x4B,
-        0x59, 0x72, 0x95, 0x61, 0x3F, 0x51, 0x57, 0xB6, 0x04, 0x4D, 0x89, 0x41,
-        0x88, 0x44, 0x5C, 0xAB, 0xF2, 0xA1, 0x81, 0x93, 0xA4, 0x81, 0x90, 0x30,
-        0x81, 0x8D, 0x31, 0x0B, 0x30, 0x09, 0x06, 0x03, 0x55, 0x04, 0x06, 0x13,
-        0x02, 0x55, 0x53, 0x31, 0x0F, 0x30, 0x0D, 0x06, 0x03, 0x55, 0x08, 0x08,
-        0x0C, 0x06, 0x4F, 0x72, 0x65, 0x67, 0x6F, 0x6E, 0x31, 0x0E, 0x30, 0x0C,
-        0x06, 0x03, 0x55, 0x04, 0x07, 0x0C, 0x05, 0x53, 0x61, 0x6C, 0x65, 0x6D,
-        0x31, 0x13, 0x30, 0x11, 0x06, 0x03, 0x55, 0x04, 0x0A, 0x0C, 0x0A, 0x43,
-        0x6C, 0x69, 0x65, 0x6E, 0x74, 0x20, 0x45, 0x43, 0x43, 0x31, 0x0D, 0x30,
-        0x0B, 0x06, 0x03, 0x55, 0x04, 0x0B, 0x0C, 0x04, 0x46, 0x61, 0x73, 0x74,
-        0x31, 0x18, 0x30, 0x16, 0x06, 0x03, 0x55, 0x04, 0x03, 0x0C, 0x0F, 0x77,
-        0x77, 0x77, 0x2E, 0x77, 0x6F, 0x6C, 0x66, 0x73, 0x73, 0x6C, 0x2E, 0x63,
-        0x6F, 0x6D, 0x30, 0x1F, 0x30, 0x1D, 0x06, 0x09, 0x2A, 0x86, 0x48, 0x86,
-        0xF7, 0x0D, 0x01, 0x09, 0x01, 0x16, 0x10, 0x69, 0x6E, 0x66, 0x6F, 0x40,
-        0x77, 0x6F, 0x6C, 0x66, 0x73, 0x73, 0x6C, 0x2E, 0x63, 0x6F, 0x6D, 0x82,
-        0x14, 0x61, 0xB3, 0x1E, 0x59, 0xF3, 0x68, 0x6C, 0xA4, 0x79, 0x42, 0x83,
-        0x2F, 0x1A, 0x50, 0x71, 0x03, 0xBE, 0x32, 0xAA, 0x2C, 0x30, 0x0C, 0x06,
-        0x03, 0x55, 0x1D, 0x13, 0x04, 0x05, 0x30, 0x03, 0x01, 0x01, 0xFF, 0x30,
-        0x1C, 0x06, 0x03, 0x55, 0x1D, 0x11, 0x04, 0x15, 0x30, 0x13, 0x82, 0x0B,
-        0x65, 0x78, 0x61, 0x6D, 0x70, 0x6C, 0x65, 0x2E, 0x63, 0x6F, 0x6D, 0x87,
-        0x04, 0x23, 0x00, 0x00, 0x01, 0x30, 0x1D, 0x06, 0x03, 0x55, 0x1D, 0x25,
-        0x04, 0x16, 0x30, 0x14, 0x06, 0x08, 0x2B, 0x06, 0x01, 0x05, 0x05, 0x07,
-        0x03, 0x01, 0x06, 0x08, 0x2B, 0x06, 0x01, 0x05, 0x05, 0x07, 0x03, 0x02,
-        0x30, 0x0A, 0x06, 0x08, 0x2A, 0x86, 0x48, 0xCE, 0x3D, 0x04, 0x03, 0x02,
-        0x03, 0x49, 0x00, 0x30, 0x46, 0x02, 0x21, 0x00, 0xE4, 0xA0, 0x23, 0x26,
-        0x2B, 0x0B, 0x42, 0x0F, 0x97, 0x37, 0x6D, 0xCB, 0x14, 0x23, 0xC3, 0xC3,
-        0xE6, 0x44, 0xCF, 0x5F, 0x4C, 0x26, 0xA3, 0x72, 0x64, 0x7A, 0x9C, 0xCB,
-        0x64, 0xAB, 0xA6, 0xBE, 0x02, 0x21, 0x00, 0xAA, 0xC5, 0xA3, 0x50, 0xF6,
-        0xF1, 0xA5, 0xDB, 0x05, 0xE0, 0x75, 0xD2, 0xF7, 0xBA, 0x49, 0x5F, 0x8F,
-        0x7D, 0x1C, 0x44, 0xB1, 0x6E, 0xDF, 0xC8, 0xDA, 0x10, 0x48, 0x2D, 0x53,
-        0x08, 0xA8, 0xB4
-        };
-#endif
-        ExpectNotNull(pkcs7 = wc_PKCS7_New(HEAP_HINT, testDevId));
-        /* If initialization is not successful, it's free'd in init func. */
-        ExpectIntEQ(wc_PKCS7_InitWithCert(pkcs7, (byte*)cert, (word32)certSz),
-            0);
-        wc_PKCS7_Free(pkcs7);
-        pkcs7 = NULL;
-
-        ExpectNotNull(pkcs7 = wc_PKCS7_New(HEAP_HINT, testDevId));
-        /* Valid initialization usage. */
-        ExpectIntEQ(wc_PKCS7_InitWithCert(pkcs7, NULL, 0), 0);
-
-        /* Pass in bad args. No need free for null checks, free at end.*/
-        ExpectIntEQ(wc_PKCS7_InitWithCert(NULL, (byte*)cert, (word32)certSz),
-            WC_NO_ERR_TRACE(BAD_FUNC_ARG));
-        ExpectIntEQ(wc_PKCS7_InitWithCert(pkcs7, NULL, (word32)certSz),
-            WC_NO_ERR_TRACE(BAD_FUNC_ARG));
-
-#ifdef HAVE_ECC
-        ExpectIntLT(wc_PKCS7_InitWithCert(pkcs7, certWithInvalidEccKey,
-            sizeof(certWithInvalidEccKey)), 0);
-    }
-#endif
-
-    wc_PKCS7_Free(pkcs7);
-#endif
-    return EXPECT_RESULT();
-} /* END test_wc_PKCS7_InitWithCert */
-
-
-/*
- * Testing wc_PKCS7_EncodeData()
- */
-static int test_wc_PKCS7_EncodeData(void)
-{
-    EXPECT_DECLS;
-#if defined(HAVE_PKCS7)
-    PKCS7* pkcs7 = NULL;
-    byte   output[FOURK_BUF];
-    byte   data[] = "My encoded DER cert.";
-
-#ifndef NO_RSA
-    #if defined(USE_CERT_BUFFERS_2048)
-        unsigned char cert[sizeof(client_cert_der_2048)];
-        unsigned char key[sizeof(client_key_der_2048)];
-        int certSz = (int)sizeof(cert);
-        int keySz = (int)sizeof(key);
-
-        XMEMSET(cert, 0, certSz);
-        XMEMSET(key, 0, keySz);
-        XMEMCPY(cert, client_cert_der_2048, certSz);
-        XMEMCPY(key, client_key_der_2048, keySz);
-    #elif defined(USE_CERT_BUFFERS_1024)
-        unsigned char cert[sizeof(sizeof_client_cert_der_1024)];
-        unsigned char key[sizeof_client_key_der_1024];
-        int certSz = (int)sizeof(cert);
-        int keySz = (int)sizeof(key);
-
-        XMEMSET(cert, 0, certSz);
-        XMEMSET(key, 0, keySz);
-        XMEMCPY(cert, client_cert_der_1024, certSz);
-        XMEMCPY(key, client_key_der_1024, keySz);
-    #else
-        unsigned char cert[ONEK_BUF];
-        unsigned char key[ONEK_BUF];
-        XFILE         fp = XBADFILE;
-        int           certSz;
-        int           keySz;
-
-        ExpectTrue((fp = XFOPEN("./certs/1024/client-cert.der", "rb")) !=
-            XBADFILE);
-        ExpectIntGT(certSz = (int)XFREAD(cert, 1, sizeof_client_cert_der_1024,
-            fp), 0);
-        if (fp != XBADFILE) {
-            XFCLOSE(fp);
-            fp = XBADFILE;
-        }
-
-        ExpectTrue((fp = XFOPEN("./certs/1024/client-key.der", "rb")) !=
-            XBADFILE);
-        ExpectIntGT(keySz = (int)XFREAD(key, 1, sizeof_client_key_der_1024, fp),
-            0);
-        if (fp != XBADFILE)
-            XFCLOSE(fp);
-    #endif
-#elif defined(HAVE_ECC)
-    #if defined(USE_CERT_BUFFERS_256)
-        unsigned char    cert[sizeof(cliecc_cert_der_256)];
-        unsigned char    key[sizeof(ecc_clikey_der_256)];
-        int              certSz = (int)sizeof(cert);
-        int              keySz = (int)sizeof(key);
-        XMEMSET(cert, 0, certSz);
-        XMEMSET(key, 0, keySz);
-        XMEMCPY(cert, cliecc_cert_der_256, sizeof_cliecc_cert_der_256);
-        XMEMCPY(key, ecc_clikey_der_256, sizeof_ecc_clikey_der_256);
-    #else
-        unsigned char   cert[ONEK_BUF];
-        unsigned char   key[ONEK_BUF];
-        XFILE           fp = XBADFILE;
-        int             certSz, keySz;
-
-        ExpectTrue((fp = XFOPEN("./certs/client-ecc-cert.der", "rb")) !=
-            XBADFILE);
-        ExpectIntGT(certSz = (int)XFREAD(cert, 1, sizeof_cliecc_cert_der_256,
-            fp), 0);
-        if (fp != XBADFILE) {
-            XFCLOSE(fp);
-            fp = XBADFILE;
-        }
-
-        ExpectTrue((fp = XFOPEN("./certs/client-ecc-key.der", "rb")) !=
-            XBADFILE);
-        ExpectIntGT(keySz = (int)XFREAD(key, 1, sizeof_ecc_clikey_der_256, fp),
-            0);
-        if (fp != XBADFILE)
-            XFCLOSE(fp);
-    #endif
-#endif
-
-    XMEMSET(output, 0, sizeof(output));
-
-    ExpectNotNull(pkcs7 = wc_PKCS7_New(HEAP_HINT, testDevId));
-    ExpectIntEQ(wc_PKCS7_Init(pkcs7, HEAP_HINT, INVALID_DEVID), 0);
-
-    ExpectIntEQ(wc_PKCS7_InitWithCert(pkcs7, (byte*)cert, (word32)certSz), 0);
-
-    if (pkcs7 != NULL) {
-        pkcs7->content = data;
-        pkcs7->contentSz = sizeof(data);
-        pkcs7->privateKey = key;
-        pkcs7->privateKeySz = (word32)keySz;
-    }
-    ExpectIntGT(wc_PKCS7_EncodeData(pkcs7, output, (word32)sizeof(output)), 0);
-
-    /* Test bad args. */
-    ExpectIntEQ(wc_PKCS7_EncodeData(NULL, output, (word32)sizeof(output)),
-                                                            WC_NO_ERR_TRACE(BAD_FUNC_ARG));
-    ExpectIntEQ(wc_PKCS7_EncodeData(pkcs7, NULL, (word32)sizeof(output)),
-                                                            WC_NO_ERR_TRACE(BAD_FUNC_ARG));
-    ExpectIntEQ(wc_PKCS7_EncodeData(pkcs7, output, 5), WC_NO_ERR_TRACE(BUFFER_E));
-
-    wc_PKCS7_Free(pkcs7);
-#endif
-    return EXPECT_RESULT();
-}  /* END test_wc_PKCS7_EncodeData */
-
-
-#if defined(HAVE_PKCS7) && defined(HAVE_PKCS7_RSA_RAW_SIGN_CALLBACK) && \
-    !defined(NO_RSA) && !defined(NO_SHA256)
-/* RSA sign raw digest callback */
-static int rsaSignRawDigestCb(PKCS7* pkcs7, byte* digest, word32 digestSz,
-                              byte* out, word32 outSz, byte* privateKey,
-                              word32 privateKeySz, int devid, int hashOID)
-{
-    /* specific DigestInfo ASN.1 encoding prefix for a SHA2565 digest */
-    byte digInfoEncoding[] = {
-        0x30, 0x31, 0x30, 0x0d, 0x06, 0x09, 0x60, 0x86,
-        0x48, 0x01, 0x65, 0x03, 0x04, 0x02, 0x01, 0x05,
-        0x00, 0x04, 0x20
-    };
-
-    int ret;
-    byte digestInfo[ONEK_BUF];
-    byte sig[FOURK_BUF];
-    word32 digestInfoSz = 0;
-    word32 idx = 0;
-    RsaKey rsa;
-
-    /* SHA-256 required only for this example callback due to above
-     * digInfoEncoding[] */
-    if (pkcs7 == NULL || digest == NULL || out == NULL ||
-        (sizeof(digestInfo) < sizeof(digInfoEncoding) + digestSz) ||
-        (hashOID != SHA256h)) {
-        return -1;
-    }
-
-    /* build DigestInfo */
-    XMEMCPY(digestInfo, digInfoEncoding, sizeof(digInfoEncoding));
-    digestInfoSz += sizeof(digInfoEncoding);
-    XMEMCPY(digestInfo + digestInfoSz, digest, digestSz);
-    digestInfoSz += digestSz;
-
-    /* set up RSA key */
-    ret = wc_InitRsaKey_ex(&rsa, pkcs7->heap, devid);
-    if (ret != 0) {
-        return ret;
-    }
-
-    ret = wc_RsaPrivateKeyDecode(privateKey, &idx, &rsa, privateKeySz);
-
-    /* sign DigestInfo */
-    if (ret == 0) {
-        ret = wc_RsaSSL_Sign(digestInfo, digestInfoSz, sig, sizeof(sig),
-                             &rsa, pkcs7->rng);
-        if (ret > 0) {
-            if (ret > (int)outSz) {
-                /* output buffer too small */
-                ret = -1;
-            }
-            else {
-                /* success, ret holds sig size */
-                XMEMCPY(out, sig, ret);
-            }
-        }
-    }
-
-    wc_FreeRsaKey(&rsa);
-
-    return ret;
-}
-#endif
-
-#if defined(HAVE_PKCS7) && defined(ASN_BER_TO_DER)
-typedef struct encodeSignedDataStream {
-    byte out[FOURK_BUF*3];
-    int  idx;
-    word32 outIdx;
-    word32 chunkSz; /* max amount of data to be returned */
-} encodeSignedDataStream;
-
-
-/* content is 8k of partially created bundle */
-static int GetContentCB(PKCS7* pkcs7, byte** content, void* ctx)
-{
-    int ret = 0;
-    encodeSignedDataStream* strm = (encodeSignedDataStream*)ctx;
-
-    if (strm->outIdx  < pkcs7->contentSz) {
-        ret = (pkcs7->contentSz > strm->outIdx + strm->chunkSz)?
-                strm->chunkSz : pkcs7->contentSz - strm->outIdx;
-        *content = strm->out + strm->outIdx;
-        strm->outIdx += ret;
-    }
-
-    (void)pkcs7;
-    return ret;
-}
-
-static int StreamOutputCB(PKCS7* pkcs7, const byte* output, word32 outputSz,
-    void* ctx)
-{
-    encodeSignedDataStream* strm = (encodeSignedDataStream*)ctx;
-
-    XMEMCPY(strm->out + strm->idx, output, outputSz);
-    strm->idx += outputSz;
-    (void)pkcs7;
-    return 0;
-}
-#endif
-
-
-/*
- * Testing wc_PKCS7_EncodeSignedData()
- */
-static int test_wc_PKCS7_EncodeSignedData(void)
-{
-    EXPECT_DECLS;
-#if defined(HAVE_PKCS7)
-    PKCS7* pkcs7 = NULL;
-    WC_RNG rng;
-    byte   output[FOURK_BUF];
-    byte   badOut[1];
-    word32 outputSz = (word32)sizeof(output);
-    word32 badOutSz = 0;
-    byte   data[] = "Test data to encode.";
-#ifndef NO_RSA
-    int    encryptOid = RSAk;
-    #if defined(USE_CERT_BUFFERS_2048)
-        byte        key[sizeof(client_key_der_2048)];
-        byte        cert[sizeof(client_cert_der_2048)];
-        word32      keySz = (word32)sizeof(key);
-        word32      certSz = (word32)sizeof(cert);
-        XMEMSET(key, 0, keySz);
-        XMEMSET(cert, 0, certSz);
-        XMEMCPY(key, client_key_der_2048, keySz);
-        XMEMCPY(cert, client_cert_der_2048, certSz);
-    #elif defined(USE_CERT_BUFFERS_1024)
-        byte        key[sizeof_client_key_der_1024];
-        byte        cert[sizeof(sizeof_client_cert_der_1024)];
-        word32      keySz = (word32)sizeof(key);
-        word32      certSz = (word32)sizeof(cert);
-        XMEMSET(key, 0, keySz);
-        XMEMSET(cert, 0, certSz);
-        XMEMCPY(key, client_key_der_1024, keySz);
-        XMEMCPY(cert, client_cert_der_1024, certSz);
-    #else
-        unsigned char   cert[ONEK_BUF];
-        unsigned char   key[ONEK_BUF];
-        XFILE           fp = XBADFILE;
-        int             certSz;
-        int             keySz;
-
-        ExpectTrue((fp = XFOPEN("./certs/1024/client-cert.der", "rb")) !=
-            XBADFILE);
-        ExpectIntGT(certSz = (int)XFREAD(cert, 1, sizeof_client_cert_der_1024,
-            fp), 0);
-        if (fp != XBADFILE) {
-            XFCLOSE(fp);
-            fp = XBADFILE;
-        }
-
-        ExpectTrue((fp = XFOPEN("./certs/1024/client-key.der", "rb")) !=
-            XBADFILE);
-        ExpectIntGT(keySz = (int)XFREAD(key, 1, sizeof_client_key_der_1024, fp),
-            0);
-        if (fp != XBADFILE)
-            XFCLOSE(fp);
-    #endif
-#elif defined(HAVE_ECC)
-    int    encryptOid = ECDSAk;
-    #if defined(USE_CERT_BUFFERS_256)
-        unsigned char    cert[sizeof(cliecc_cert_der_256)];
-        unsigned char    key[sizeof(ecc_clikey_der_256)];
-        int              certSz = (int)sizeof(cert);
-        int              keySz = (int)sizeof(key);
-        XMEMSET(cert, 0, certSz);
-        XMEMSET(key, 0, keySz);
-        XMEMCPY(cert, cliecc_cert_der_256, certSz);
-        XMEMCPY(key, ecc_clikey_der_256, keySz);
-    #else
-        unsigned char   cert[ONEK_BUF];
-        unsigned char   key[ONEK_BUF];
-        XFILE           fp = XBADFILE;
-        int             certSz;
-        int             keySz;
-
-        ExpectTrue((fp = XFOPEN("./certs/client-ecc-cert.der", "rb")) !=
-            XBADFILE);
-        ExpectIntGT(certSz = (int)XFREAD(cert, 1, ONEK_BUF, fp), 0);
-        if (fp != XBADFILE) {
-            XFCLOSE(fp);
-            fp = XBADFILE;
-        }
-
-        ExpectTrue((fp = XFOPEN("./certs/client-ecc-key.der", "rb")) !=
-            XBADFILE);
-        ExpectIntGT(keySz = (int)XFREAD(key, 1, ONEK_BUF, fp), 0);
-        if (fp != XBADFILE)
-            XFCLOSE(fp);
-    #endif
-#endif
-
-    XMEMSET(&rng, 0, sizeof(WC_RNG));
-
-    XMEMSET(output, 0, outputSz);
-    ExpectIntEQ(wc_InitRng(&rng), 0);
-
-    ExpectNotNull(pkcs7 = wc_PKCS7_New(HEAP_HINT, testDevId));
-    ExpectIntEQ(wc_PKCS7_Init(pkcs7, HEAP_HINT, INVALID_DEVID), 0);
-
-    ExpectIntEQ(wc_PKCS7_InitWithCert(pkcs7, cert, certSz), 0);
-
-    if (pkcs7 != NULL) {
-        pkcs7->content = data;
-        pkcs7->contentSz = (word32)sizeof(data);
-        pkcs7->privateKey = key;
-        pkcs7->privateKeySz = (word32)sizeof(key);
-        pkcs7->encryptOID = encryptOid;
-    #ifdef NO_SHA
-        pkcs7->hashOID = SHA256h;
-    #else
-        pkcs7->hashOID = SHAh;
-    #endif
-        pkcs7->rng = &rng;
-    }
-
-    ExpectIntGT(wc_PKCS7_EncodeSignedData(pkcs7, output, outputSz), 0);
-    wc_PKCS7_Free(pkcs7);
-    pkcs7 = NULL;
-
-    ExpectNotNull(pkcs7 = wc_PKCS7_New(HEAP_HINT, testDevId));
-    ExpectIntEQ(wc_PKCS7_InitWithCert(pkcs7, NULL, 0), 0);
-    ExpectIntEQ(wc_PKCS7_VerifySignedData(pkcs7, output, outputSz), 0);
-
-#if defined(ASN_BER_TO_DER) && !defined(NO_RSA)
-    wc_PKCS7_Free(pkcs7);
-    pkcs7 = NULL;
-
-    /* reinitialize and test setting stream mode */
-    {
-        int signedSz = 0, i;
-        encodeSignedDataStream strm;
-        static const int numberOfChunkSizes = 4;
-        static const word32 chunkSizes[] = { 4080, 4096, 5000, 9999 };
-        /* chunkSizes were chosen to test around the default 4096 octet string
-         * size used in pkcs7.c */
-
-        XMEMSET(&strm, 0, sizeof(strm));
-
-        ExpectNotNull(pkcs7 = wc_PKCS7_New(HEAP_HINT, testDevId));
-        ExpectIntEQ(wc_PKCS7_Init(pkcs7, HEAP_HINT, INVALID_DEVID), 0);
-
-        ExpectIntEQ(wc_PKCS7_InitWithCert(pkcs7, cert, certSz), 0);
-
-        if (pkcs7 != NULL) {
-            pkcs7->content = data;
-            pkcs7->contentSz = (word32)sizeof(data);
-            pkcs7->privateKey = key;
-            pkcs7->privateKeySz = (word32)sizeof(key);
-            pkcs7->encryptOID = encryptOid;
-        #ifdef NO_SHA
-            pkcs7->hashOID = SHA256h;
-        #else
-            pkcs7->hashOID = SHAh;
-        #endif
-            pkcs7->rng = &rng;
-        }
-        ExpectIntEQ(wc_PKCS7_GetStreamMode(pkcs7), 0);
-        ExpectIntEQ(wc_PKCS7_SetStreamMode(pkcs7, 1, NULL, NULL, NULL), 0);
-        ExpectIntEQ(wc_PKCS7_SetStreamMode(NULL, 1, NULL, NULL, NULL),
-            WC_NO_ERR_TRACE(BAD_FUNC_ARG));
-        ExpectIntEQ(wc_PKCS7_GetStreamMode(pkcs7), 1);
-
-        ExpectIntGT(signedSz = wc_PKCS7_EncodeSignedData(pkcs7, output,
-            outputSz), 0);
-        wc_PKCS7_Free(pkcs7);
-        pkcs7 = NULL;
-
-        ExpectNotNull(pkcs7 = wc_PKCS7_New(HEAP_HINT, testDevId));
-        ExpectIntEQ(wc_PKCS7_InitWithCert(pkcs7, NULL, 0), 0);
-
-        /* use exact signed buffer size since BER encoded */
-        ExpectIntEQ(wc_PKCS7_VerifySignedData(pkcs7, output,
-            (word32)signedSz), 0);
-        wc_PKCS7_Free(pkcs7);
-
-        /* now try with using callbacks for IO */
-        for (i = 0; i < numberOfChunkSizes; i++) {
-            strm.idx    = 0;
-            strm.outIdx = 0;
-            strm.chunkSz = chunkSizes[i];
-
-            ExpectNotNull(pkcs7 = wc_PKCS7_New(HEAP_HINT, testDevId));
-            ExpectIntEQ(wc_PKCS7_Init(pkcs7, HEAP_HINT, INVALID_DEVID), 0);
-
-            ExpectIntEQ(wc_PKCS7_InitWithCert(pkcs7, cert, certSz), 0);
-
-            if (pkcs7 != NULL) {
-                pkcs7->contentSz  = 10000;
-                pkcs7->privateKey = key;
-                pkcs7->privateKeySz = (word32)sizeof(key);
-                pkcs7->encryptOID = encryptOid;
-            #ifdef NO_SHA
-                pkcs7->hashOID = SHA256h;
-            #else
-                pkcs7->hashOID = SHAh;
-            #endif
-                pkcs7->rng = &rng;
-            }
-            ExpectIntEQ(wc_PKCS7_SetStreamMode(pkcs7, 1, GetContentCB,
-                StreamOutputCB, (void*)&strm), 0);
-
-            ExpectIntGT(signedSz = wc_PKCS7_EncodeSignedData(pkcs7, NULL, 0),
-                0);
-            wc_PKCS7_Free(pkcs7);
-            pkcs7 = NULL;
-
-            ExpectNotNull(pkcs7 = wc_PKCS7_New(HEAP_HINT, testDevId));
-            ExpectIntEQ(wc_PKCS7_InitWithCert(pkcs7, NULL, 0), 0);
-
-            /* use exact signed buffer size since BER encoded */
-            ExpectIntEQ(wc_PKCS7_VerifySignedData(pkcs7, strm.out,
-                (word32)signedSz), 0);
-            wc_PKCS7_Free(pkcs7);
-            pkcs7 = NULL;
-        }
-    }
-#endif
-#ifndef NO_PKCS7_STREAM
-    wc_PKCS7_Free(pkcs7);
-    pkcs7 = NULL;
-
-    {
-        word32 z;
-        int ret;
-
-        ExpectNotNull(pkcs7 = wc_PKCS7_New(HEAP_HINT, testDevId));
-        ExpectIntEQ(wc_PKCS7_InitWithCert(pkcs7, NULL, 0), 0);
-
-        /* test for streaming mode */
-        ret = -1;
-        for (z = 0; z < outputSz && ret != 0; z++) {
-            ret = wc_PKCS7_VerifySignedData(pkcs7, output + z, 1);
-            if (ret < 0){
-                ExpectIntEQ(ret, WC_NO_ERR_TRACE(WC_PKCS7_WANT_READ_E));
-            }
-        }
-        ExpectIntEQ(ret, 0);
-        ExpectIntNE(pkcs7->contentSz, 0);
-        ExpectNotNull(pkcs7->contentDynamic);
-    }
-#endif /* !NO_PKCS7_STREAM */
-
-
-    /* Pass in bad args. */
-    ExpectIntEQ(wc_PKCS7_EncodeSignedData(NULL, output, outputSz),
-        WC_NO_ERR_TRACE(BAD_FUNC_ARG));
-    ExpectIntEQ(wc_PKCS7_EncodeSignedData(pkcs7, NULL, outputSz), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
-    ExpectIntEQ(wc_PKCS7_EncodeSignedData(pkcs7, badOut,
-                                badOutSz), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
-    if (pkcs7 != NULL) {
-        pkcs7->hashOID = 0; /* bad hashOID */
-    }
-    ExpectIntEQ(wc_PKCS7_EncodeSignedData(pkcs7, output, outputSz),
-        WC_NO_ERR_TRACE(BAD_FUNC_ARG));
-
-#if defined(HAVE_PKCS7) && defined(HAVE_PKCS7_RSA_RAW_SIGN_CALLBACK) && \
-    !defined(NO_RSA) && !defined(NO_SHA256)
-    /* test RSA sign raw digest callback, if using RSA and compiled in.
-     * Example callback assumes SHA-256, so only run test if compiled in. */
-    wc_PKCS7_Free(pkcs7);
-    pkcs7 = NULL;
-    ExpectNotNull(pkcs7 = wc_PKCS7_New(HEAP_HINT, testDevId));
-    ExpectIntEQ(wc_PKCS7_InitWithCert(pkcs7, cert, certSz), 0);
-
-    if (pkcs7 != NULL) {
-        pkcs7->content = data;
-        pkcs7->contentSz = (word32)sizeof(data);
-        pkcs7->privateKey = key;
-        pkcs7->privateKeySz = (word32)sizeof(key);
-        pkcs7->encryptOID = RSAk;
-        pkcs7->hashOID = SHA256h;
-        pkcs7->rng = &rng;
-    }
-
-    ExpectIntEQ(wc_PKCS7_SetRsaSignRawDigestCb(pkcs7, rsaSignRawDigestCb), 0);
-
-    ExpectIntGT(wc_PKCS7_EncodeSignedData(pkcs7, output, outputSz), 0);
-#endif
-
-    wc_PKCS7_Free(pkcs7);
-    DoExpectIntEQ(wc_FreeRng(&rng), 0);
-
-#endif
-    return EXPECT_RESULT();
-} /* END test_wc_PKCS7_EncodeSignedData */
-
-
-/*
- * Testing wc_PKCS7_EncodeSignedData_ex() and wc_PKCS7_VerifySignedData_ex()
- */
-static int test_wc_PKCS7_EncodeSignedData_ex(void)
-{
-    EXPECT_DECLS;
-#if defined(HAVE_PKCS7)
-    int        i;
-    PKCS7*     pkcs7 = NULL;
-    WC_RNG     rng;
-    byte       outputHead[FOURK_BUF/2];
-    byte       outputFoot[FOURK_BUF/2];
-    word32     outputHeadSz = (word32)sizeof(outputHead);
-    word32     outputFootSz = (word32)sizeof(outputFoot);
-    byte       data[FOURK_BUF];
-    wc_HashAlg hash;
-#ifdef NO_SHA
-    enum wc_HashType hashType = WC_HASH_TYPE_SHA256;
-#else
-    enum wc_HashType hashType = WC_HASH_TYPE_SHA;
-#endif
-    byte        hashBuf[WC_MAX_DIGEST_SIZE];
-    word32      hashSz = (word32)wc_HashGetDigestSize(hashType);
-
-#ifndef NO_RSA
-    #if defined(USE_CERT_BUFFERS_2048)
-        byte        key[sizeof(client_key_der_2048)];
-        byte        cert[sizeof(client_cert_der_2048)];
-        word32      keySz = (word32)sizeof(key);
-        word32      certSz = (word32)sizeof(cert);
-        XMEMSET(key, 0, keySz);
-        XMEMSET(cert, 0, certSz);
-        XMEMCPY(key, client_key_der_2048, keySz);
-        XMEMCPY(cert, client_cert_der_2048, certSz);
-    #elif defined(USE_CERT_BUFFERS_1024)
-        byte        key[sizeof_client_key_der_1024];
-        byte        cert[sizeof(sizeof_client_cert_der_1024)];
-        word32      keySz = (word32)sizeof(key);
-        word32      certSz = (word32)sizeof(cert);
-        XMEMSET(key, 0, keySz);
-        XMEMSET(cert, 0, certSz);
-        XMEMCPY(key, client_key_der_1024, keySz);
-        XMEMCPY(cert, client_cert_der_1024, certSz);
-    #else
-        unsigned char  cert[ONEK_BUF];
-        unsigned char  key[ONEK_BUF];
-        XFILE          fp = XBADFILE;
-        int            certSz;
-        int            keySz;
-
-        ExpectTure((fp = XFOPEN("./certs/1024/client-cert.der", "rb")) !=
-            XBADFILE);
-        ExpectIntGT(certSz = (int)XFREAD(cert, 1, sizeof_client_cert_der_1024,
-            fp), 0);
-        if (fp != XBADFILE) {
-            XFCLOSE(fp);
-            fp = XBADFILE;
-        }
-
-        ExpectTrue((fp = XFOPEN("./certs/1024/client-key.der", "rb")) !=
-            XBADFILE);
-        ExpectIntGT(keySz = (int)XFREAD(key, 1, sizeof_client_key_der_1024, fp),
-            0);
-        if (fp != XBADFILE)
-            XFCLOSE(fp);
-    #endif
-#elif defined(HAVE_ECC)
-    #if defined(USE_CERT_BUFFERS_256)
-        unsigned char   cert[sizeof(cliecc_cert_der_256)];
-        unsigned char   key[sizeof(ecc_clikey_der_256)];
-        int             certSz = (int)sizeof(cert);
-        int             keySz = (int)sizeof(key);
-
-        XMEMSET(cert, 0, certSz);
-        XMEMSET(key, 0, keySz);
-        XMEMCPY(cert, cliecc_cert_der_256, sizeof_cliecc_cert_der_256);
-        XMEMCPY(key, ecc_clikey_der_256, sizeof_ecc_clikey_der_256);
-    #else
-        unsigned char cert[ONEK_BUF];
-        unsigned char key[ONEK_BUF];
-        XFILE         fp = XBADFILE;
-        int           certSz;
-        int           keySz;
-
-        ExpectTrue((fp = XFOPEN("./certs/client-ecc-cert.der", "rb")) !=
-            XBADFILE);
-        ExpectIntGT(certSz = (int)XFREAD(cert, 1, sizeof_cliecc_cert_der_256,
-            fp), 0);
-        if (fp != XBADFILE) {
-            XFCLOSE(fp);
-            fp = XBADFILE;
-        }
-
-        ExpectTrue((fp = XFOPEN("./certs/client-ecc-key.der", "rb")) !=
-            XBADFILE);
-        ExpectIntGT(keySz = (int)XFREAD(key, 1, sizeof_ecc_clikey_der_256, fp),
-            0);
-        if (fp != XBADFILE)
-            XFCLOSE(fp);
-    #endif
-#endif
-
-    XMEMSET(&rng, 0, sizeof(WC_RNG));
-
-    /* initialize large data with sequence */
-    for (i=0; i<(int)sizeof(data); i++)
-        data[i] = i & 0xff;
-
-    XMEMSET(outputHead, 0, outputHeadSz);
-    XMEMSET(outputFoot, 0, outputFootSz);
-    ExpectIntEQ(wc_InitRng(&rng), 0);
-
-    ExpectNotNull(pkcs7 = wc_PKCS7_New(HEAP_HINT, testDevId));
-    ExpectIntEQ(wc_PKCS7_Init(pkcs7, HEAP_HINT, INVALID_DEVID), 0);
-
-    ExpectIntEQ(wc_PKCS7_InitWithCert(pkcs7, cert, certSz), 0);
-
-    if (pkcs7 != NULL) {
-        pkcs7->content = NULL; /* not used for ex */
-        pkcs7->contentSz = (word32)sizeof(data);
-        pkcs7->privateKey = key;
-        pkcs7->privateKeySz = (word32)sizeof(key);
-        pkcs7->encryptOID = RSAk;
-    #ifdef NO_SHA
-        pkcs7->hashOID = SHA256h;
-    #else
-        pkcs7->hashOID = SHAh;
-    #endif
-        pkcs7->rng = &rng;
-    }
-
-    /* calculate hash for content */
-    XMEMSET(&hash, 0, sizeof(wc_HashAlg));
-    ExpectIntEQ(wc_HashInit(&hash, hashType), 0);
-    ExpectIntEQ(wc_HashUpdate(&hash, hashType, data, sizeof(data)), 0);
-    ExpectIntEQ(wc_HashFinal(&hash, hashType, hashBuf), 0);
-    DoExpectIntEQ(wc_HashFree(&hash, hashType), 0);
-
-    /* Perform PKCS7 sign using hash directly */
-    ExpectIntEQ(wc_PKCS7_EncodeSignedData_ex(pkcs7, hashBuf, hashSz,
-        outputHead, &outputHeadSz, outputFoot, &outputFootSz), 0);
-    ExpectIntGT(outputHeadSz, 0);
-    ExpectIntGT(outputFootSz, 0);
-
-    wc_PKCS7_Free(pkcs7);
-    pkcs7 = NULL;
-    ExpectNotNull(pkcs7 = wc_PKCS7_New(HEAP_HINT, testDevId));
-    ExpectIntEQ(wc_PKCS7_InitWithCert(pkcs7, NULL, 0), 0);
-
-    /* required parameter even on verify when using _ex, if using outputHead
-     * and outputFoot */
-    if (pkcs7 != NULL) {
-        pkcs7->contentSz = (word32)sizeof(data);
-    }
-    ExpectIntEQ(wc_PKCS7_VerifySignedData_ex(pkcs7, hashBuf, hashSz,
-        outputHead, outputHeadSz, outputFoot, outputFootSz), 0);
-
-    wc_PKCS7_Free(pkcs7);
-    pkcs7 = NULL;
-
-    /* assembly complete PKCS7 sign and use normal verify */
-    {
-        byte* output = NULL;
-        word32 outputSz = 0;
-    #ifndef NO_PKCS7_STREAM
-        word32 z;
-        int ret;
-    #endif /* !NO_PKCS7_STREAM */
-
-        ExpectNotNull(output = (byte*)XMALLOC(
-            outputHeadSz + sizeof(data) + outputFootSz, HEAP_HINT,
-            DYNAMIC_TYPE_TMP_BUFFER));
-        if (output != NULL) {
-            XMEMCPY(&output[outputSz], outputHead, outputHeadSz);
-            outputSz += outputHeadSz;
-            XMEMCPY(&output[outputSz], data, sizeof(data));
-            outputSz += sizeof(data);
-            XMEMCPY(&output[outputSz], outputFoot, outputFootSz);
-            outputSz += outputFootSz;
-        }
-
-        ExpectNotNull(pkcs7 = wc_PKCS7_New(HEAP_HINT, testDevId));
-        ExpectIntEQ(wc_PKCS7_InitWithCert(pkcs7, NULL, 0), 0);
-        ExpectIntEQ(wc_PKCS7_VerifySignedData(pkcs7, output, outputSz), 0);
-
-    #ifndef NO_PKCS7_STREAM
-        wc_PKCS7_Free(pkcs7);
-        pkcs7 = NULL;
-
-        ExpectNotNull(pkcs7 = wc_PKCS7_New(HEAP_HINT, testDevId));
-        ExpectIntEQ(wc_PKCS7_InitWithCert(pkcs7, NULL, 0), 0);
-
-        /* test for streaming mode */
-        ret = -1;
-        for (z = 0; z < outputSz && ret != 0; z++) {
-            ret = wc_PKCS7_VerifySignedData(pkcs7, output + z, 1);
-            if (ret < 0){
-                ExpectIntEQ(ret, WC_NO_ERR_TRACE(WC_PKCS7_WANT_READ_E));
-            }
-        }
-        ExpectIntEQ(ret, 0);
-        ExpectIntNE(pkcs7->contentSz, 0);
-        ExpectNotNull(pkcs7->contentDynamic);
-
-        wc_PKCS7_Free(pkcs7);
-        pkcs7 = NULL;
-        ExpectNotNull(pkcs7 = wc_PKCS7_New(HEAP_HINT, testDevId));
-        ExpectIntEQ(wc_PKCS7_InitWithCert(pkcs7, NULL, 0), 0);
-    #endif /* !NO_PKCS7_STREAM */
-
-        XFREE(output, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
-    }
-
-    /* Pass in bad args. */
-    ExpectIntEQ(wc_PKCS7_EncodeSignedData_ex(NULL, hashBuf, hashSz, outputHead,
-        &outputHeadSz, outputFoot, &outputFootSz), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
-    ExpectIntEQ(wc_PKCS7_EncodeSignedData_ex(pkcs7, NULL, hashSz, outputHead,
-        &outputHeadSz, outputFoot, &outputFootSz), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
-    ExpectIntEQ(wc_PKCS7_EncodeSignedData_ex(pkcs7, hashBuf, 0, outputHead,
-        &outputHeadSz, outputFoot, &outputFootSz), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
-    ExpectIntEQ(wc_PKCS7_EncodeSignedData_ex(pkcs7, hashBuf, hashSz, NULL,
-        &outputHeadSz, outputFoot, &outputFootSz), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
-    ExpectIntEQ(wc_PKCS7_EncodeSignedData_ex(pkcs7, hashBuf, hashSz,
-        outputHead, NULL, outputFoot, &outputFootSz), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
-    ExpectIntEQ(wc_PKCS7_EncodeSignedData_ex(pkcs7, hashBuf, hashSz,
-        outputHead, &outputHeadSz, NULL, &outputFootSz), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
-    ExpectIntEQ(wc_PKCS7_EncodeSignedData_ex(pkcs7, hashBuf, hashSz,
-        outputHead, &outputHeadSz, outputFoot, NULL), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
-    if (pkcs7 != NULL) {
-        pkcs7->hashOID = 0; /* bad hashOID */
-    }
-    ExpectIntEQ(wc_PKCS7_EncodeSignedData_ex(pkcs7, hashBuf, hashSz,
-        outputHead, &outputHeadSz, outputFoot, &outputFootSz), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
-
-    ExpectIntEQ(wc_PKCS7_VerifySignedData_ex(NULL, hashBuf, hashSz, outputHead,
-        outputHeadSz, outputFoot, outputFootSz), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
-
-    ExpectIntEQ(wc_PKCS7_VerifySignedData_ex(pkcs7, NULL, hashSz, outputHead,
-        outputHeadSz, outputFoot, outputFootSz), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
-#ifndef NO_PKCS7_STREAM
-    ExpectIntEQ(wc_PKCS7_VerifySignedData_ex(pkcs7, hashBuf, 0, outputHead,
-        outputHeadSz, outputFoot, outputFootSz), WC_NO_ERR_TRACE(WC_PKCS7_WANT_READ_E));
-#else
-    ExpectIntEQ(wc_PKCS7_VerifySignedData_ex(pkcs7, hashBuf, 0, outputHead,
-        outputHeadSz, outputFoot, outputFootSz), WC_NO_ERR_TRACE(BUFFER_E));
-#endif
-    ExpectIntEQ(wc_PKCS7_VerifySignedData_ex(pkcs7, hashBuf, hashSz, NULL,
-        outputHeadSz, outputFoot, outputFootSz), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
-#ifndef NO_PKCS7_STREAM
-    /* can pass in 0 buffer length with streaming API */
-    ExpectIntEQ(wc_PKCS7_VerifySignedData_ex(pkcs7, hashBuf, hashSz,
-        outputHead, 0, outputFoot, outputFootSz), WC_NO_ERR_TRACE(WC_PKCS7_WANT_READ_E));
-#else
-    ExpectIntEQ(wc_PKCS7_VerifySignedData_ex(pkcs7, hashBuf, hashSz,
-        outputHead, 0, outputFoot, outputFootSz), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
-#endif
-    ExpectIntEQ(wc_PKCS7_VerifySignedData_ex(pkcs7, hashBuf, hashSz,
-        outputHead, outputHeadSz, NULL, outputFootSz), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
-#ifndef NO_PKCS7_STREAM
-    ExpectIntEQ(wc_PKCS7_VerifySignedData_ex(pkcs7, hashBuf, hashSz,
-        outputHead, outputHeadSz, outputFoot, 0), WC_NO_ERR_TRACE(WC_PKCS7_WANT_READ_E));
-#else
-    ExpectIntEQ(wc_PKCS7_VerifySignedData_ex(pkcs7, hashBuf, hashSz,
-        outputHead, outputHeadSz, outputFoot, 0), WC_NO_ERR_TRACE(BUFFER_E));
-#endif
-
-    wc_PKCS7_Free(pkcs7);
-    DoExpectIntEQ(wc_FreeRng(&rng), 0);
-#endif
-    return EXPECT_RESULT();
-} /* END test_wc_PKCS7_EncodeSignedData_ex */
-
-
-#if defined(HAVE_PKCS7) && !defined(NO_FILESYSTEM)
-
-/**
- * Loads certs/keys from files or buffers into the argument buffers,
- * helper function called by CreatePKCS7SignedData().
- *
- * Returns 0 on success, negative on error.
- */
-static int LoadPKCS7SignedDataCerts(
-        int useIntermediateCertChain, int pkAlgoType,
-        byte* intCARoot, word32* intCARootSz,
-        byte* intCA1, word32* intCA1Sz,
-        byte* intCA2, word32* intCA2Sz,
-        byte* cert, word32* certSz,
-        byte* key, word32* keySz)
-{
-    EXPECT_DECLS;
-    int ret = 0;
-    XFILE fp = XBADFILE;
-
-#ifndef NO_RSA
-    const char* intCARootRSA   = "./certs/ca-cert.der";
-    const char* intCA1RSA      = "./certs/intermediate/ca-int-cert.der";
-    const char* intCA2RSA      = "./certs/intermediate/ca-int2-cert.der";
-    const char* intServCertRSA = "./certs/intermediate/server-int-cert.der";
-    const char* intServKeyRSA  = "./certs/server-key.der";
-
-    #if !defined(USE_CERT_BUFFERS_2048) && !defined(USE_CERT_BUFFERS_1024)
-        const char* cli1024Cert    = "./certs/1024/client-cert.der";
-        const char* cli1024Key     = "./certs/1024/client-key.der";
-    #endif
-#endif
-#ifdef HAVE_ECC
-    const char* intCARootECC   = "./certs/ca-ecc-cert.der";
-    const char* intCA1ECC      = "./certs/intermediate/ca-int-ecc-cert.der";
-    const char* intCA2ECC      = "./certs/intermediate/ca-int2-ecc-cert.der";
-    const char* intServCertECC = "./certs/intermediate/server-int-ecc-cert.der";
-    const char* intServKeyECC  = "./certs/ecc-key.der";
-
-    #ifndef USE_CERT_BUFFERS_256
-        const char* cliEccCert     = "./certs/client-ecc-cert.der";
-        const char* cliEccKey      = "./certs/client-ecc-key.der";
-    #endif
-#endif
-
-    if (cert == NULL || certSz == NULL || key == NULL || keySz == NULL ||
-        ((useIntermediateCertChain == 1) &&
-        (intCARoot == NULL || intCARootSz == NULL || intCA1 == NULL ||
-         intCA1Sz == NULL || intCA2 == NULL || intCA2Sz == NULL))) {
-        return BAD_FUNC_ARG;
-    }
-
-    /* Read/load certs and keys to use for signing based on PK type and chain */
-    switch (pkAlgoType) {
-#ifndef NO_RSA
-        case RSA_TYPE:
-            if (useIntermediateCertChain == 1) {
-                ExpectTrue((fp = XFOPEN(intCARootRSA, "rb")) != XBADFILE);
-                *intCARootSz = (word32)XFREAD(intCARoot, 1, *intCARootSz, fp);
-                if (fp != XBADFILE) {
-                    XFCLOSE(fp);
-                    fp = XBADFILE;
-                }
-                ExpectIntGT(*intCARootSz, 0);
-
-                ExpectTrue((fp = XFOPEN(intCA1RSA, "rb")) != XBADFILE);
-                if (fp != XBADFILE) {
-                    *intCA1Sz = (word32)XFREAD(intCA1, 1, *intCA1Sz, fp);
-                    XFCLOSE(fp);
-                    fp = XBADFILE;
-                }
-                ExpectIntGT(*intCA1Sz, 0);
-
-                ExpectTrue((fp = XFOPEN(intCA2RSA, "rb")) != XBADFILE);
-                if (fp != XBADFILE) {
-                    *intCA2Sz = (word32)XFREAD(intCA2, 1, *intCA2Sz, fp);
-                    XFCLOSE(fp);
-                    fp = XBADFILE;
-                }
-                ExpectIntGT(*intCA2Sz, 0);
-
-                ExpectTrue((fp = XFOPEN(intServCertRSA, "rb")) != XBADFILE);
-                if (fp != XBADFILE) {
-                    *certSz = (word32)XFREAD(cert, 1, *certSz, fp);
-                    XFCLOSE(fp);
-                    fp = XBADFILE;
-                }
-                ExpectIntGT(*certSz, 0);
-
-                ExpectTrue((fp = XFOPEN(intServKeyRSA, "rb")) != XBADFILE);
-                if (fp != XBADFILE) {
-                    *keySz = (word32)XFREAD(key, 1, *keySz, fp);
-                    XFCLOSE(fp);
-                    fp = XBADFILE;
-                }
-                ExpectIntGT(*keySz, 0);
-            }
-            else {
-            #if defined(USE_CERT_BUFFERS_2048)
-                *keySz  = sizeof_client_key_der_2048;
-                *certSz = sizeof_client_cert_der_2048;
-                XMEMCPY(key, client_key_der_2048, *keySz);
-                XMEMCPY(cert, client_cert_der_2048, *certSz);
-            #elif defined(USE_CERT_BUFFERS_1024)
-                *keySz  = sizeof_client_key_der_1024;
-                *certSz = sizeof_client_cert_der_1024;
-                XMEMCPY(key, client_key_der_1024, *keySz);
-                XMEMCPY(cert, client_cert_der_1024, *certSz);
-            #else
-                ExpectTrue((fp = XFOPEN(cli1024Key, "rb")) != XBADFILE);
-                if (fp != XBADFILE) {
-                    *keySz = (word32)XFREAD(key, 1, *keySz, fp);
-                    XFCLOSE(fp);
-                    fp = XBADFILE;
-                }
-                ExpectIntGT(*keySz, 0);
-
-                ExpectTrue((fp = XFOPEN(cli1024Cert, "rb")) != XBADFILE);
-                if (fp != XBADFILE) {
-                    *certSz = (word32)XFREAD(cert, 1, *certSz, fp);
-                    XFCLOSE(fp);
-                    fp = XBADFILE;
-                }
-                ExpectIntGT(*certSz, 0);
-            #endif /* USE_CERT_BUFFERS_2048 */
-            }
-            break;
-#endif /* !NO_RSA */
-#ifdef HAVE_ECC
-        case ECC_TYPE:
-            if (useIntermediateCertChain == 1) {
-                ExpectTrue((fp = XFOPEN(intCARootECC, "rb")) != XBADFILE);
-                if (fp != XBADFILE) {
-                    *intCARootSz = (word32)XFREAD(intCARoot, 1, *intCARootSz,
-                                                  fp);
-                    XFCLOSE(fp);
-                    fp = XBADFILE;
-                }
-                ExpectIntGT(*intCARootSz, 0);
-
-                ExpectTrue((fp = XFOPEN(intCA1ECC, "rb")) != XBADFILE);
-                if (fp != XBADFILE) {
-                    *intCA1Sz = (word32)XFREAD(intCA1, 1, *intCA1Sz, fp);
-                    XFCLOSE(fp);
-                    fp = XBADFILE;
-                }
-                ExpectIntGT(*intCA1Sz, 0);
-
-                ExpectTrue((fp = XFOPEN(intCA2ECC, "rb")) != XBADFILE);
-                if (fp != XBADFILE) {
-                    *intCA2Sz = (word32)XFREAD(intCA2, 1, *intCA2Sz, fp);
-                    XFCLOSE(fp);
-                    fp = XBADFILE;
-                }
-                ExpectIntGT(*intCA2Sz, 0);
-
-                ExpectTrue((fp = XFOPEN(intServCertECC, "rb")) != XBADFILE);
-                if (fp != XBADFILE) {
-                    *certSz = (word32)XFREAD(cert, 1, *certSz, fp);
-                    XFCLOSE(fp);
-                    fp = XBADFILE;
-                }
-                ExpectIntGT(*certSz, 0);
-
-                ExpectTrue((fp = XFOPEN(intServKeyECC, "rb")) != XBADFILE);
-                if (fp != XBADFILE) {
-                    *keySz = (word32)XFREAD(key, 1, *keySz, fp);
-                    XFCLOSE(fp);
-                    fp = XBADFILE;
-                }
-                ExpectIntGT(*keySz, 0);
-            }
-            else {
-            #if defined(USE_CERT_BUFFERS_256)
-                *keySz  = sizeof_ecc_clikey_der_256;
-                *certSz = sizeof_cliecc_cert_der_256;
-                XMEMCPY(key, ecc_clikey_der_256, *keySz);
-                XMEMCPY(cert, cliecc_cert_der_256, *certSz);
-            #else
-                ExpectTrue((fp = XFOPEN(cliEccKey, "rb")) != XBADFILE);
-                if (fp != XBADFILE) {
-                    *keySz = (word32)XFREAD(key, 1, *keySz, fp);
-                    XFCLOSE(fp);
-                    fp = XBADFILE;
-                }
-                ExpectIntGT(*keySz, 0);
-
-                ExpectTrue((fp = XFOPEN(cliEccCert, "rb")) != XBADFILE);
-                if (fp != XBADFILE) {
-                    *certSz = (word32)XFREAD(cert, 1, *certSz, fp);
-                    XFCLOSE(fp);
-                    fp = XBADFILE;
-                }
-                ExpectIntGT(*certSz, 0);
-            #endif /* USE_CERT_BUFFERS_256 */
-            }
-            break;
-#endif /* HAVE_ECC */
-        default:
-            WOLFSSL_MSG("Unsupported SignedData PK type");
-            ret = BAD_FUNC_ARG;
-            break;
-    }
-
-    if (EXPECT_FAIL() && (ret == 0)) {
-        ret = BAD_FUNC_ARG;
-    }
-    return ret;
-}
-
-/**
- * Creates a PKCS7/CMS SignedData bundle to use for testing.
- *
- * output          output buffer to place SignedData
- * outputSz        size of output buffer
- * data            data buffer to be signed
- * dataSz          size of data buffer
- * withAttribs     [1/0] include attributes in SignedData message
- * detachedSig     [1/0] create detached signature, no content
- * useIntCertChain [1/0] use certificate chain and include intermediate and
- *                 root CAs in bundle
- * pkAlgoType      RSA_TYPE or ECC_TYPE, choose what key/cert type to use
- *
- * Return size of bundle created on success, negative on error */
-static int CreatePKCS7SignedData(unsigned char* output, int outputSz,
-                                 byte* data, word32 dataSz,
-                                 int withAttribs, int detachedSig,
-                                 int useIntermediateCertChain,
-                                 int pkAlgoType)
-{
-    EXPECT_DECLS;
-    int ret = 0;
-    WC_RNG rng;
-    PKCS7* pkcs7 = NULL;
-
-    static byte messageTypeOid[] =
-               { 0x06, 0x0a, 0x60, 0x86, 0x48, 0x01, 0x86, 0xF8, 0x45, 0x01,
-                 0x09, 0x02 };
-    static byte messageType[] = { 0x13, 2, '1', '9' };
-
-    PKCS7Attrib attribs[] =
-    {
-        { messageTypeOid, sizeof(messageTypeOid), messageType,
-                                       sizeof(messageType) }
-    };
-
-    byte intCARoot[TWOK_BUF];
-    byte intCA1[TWOK_BUF];
-    byte intCA2[TWOK_BUF];
-    byte cert[TWOK_BUF];
-    byte key[TWOK_BUF];
-
-    word32 intCARootSz = sizeof(intCARoot);
-    word32 intCA1Sz    = sizeof(intCA1);
-    word32 intCA2Sz    = sizeof(intCA2);
-    word32 certSz      = sizeof(cert);
-    word32 keySz       = sizeof(key);
-
-    XMEMSET(intCARoot, 0, intCARootSz);
-    XMEMSET(intCA1, 0, intCA1Sz);
-    XMEMSET(intCA2, 0, intCA2Sz);
-    XMEMSET(cert, 0, certSz);
-    XMEMSET(key, 0, keySz);
-
-    ret = LoadPKCS7SignedDataCerts(useIntermediateCertChain, pkAlgoType,
-                intCARoot, &intCARootSz, intCA1, &intCA1Sz, intCA2, &intCA2Sz,
-                cert, &certSz, key, &keySz);
-    ExpectIntEQ(ret, 0);
-
-    XMEMSET(output, 0, outputSz);
-    ExpectIntEQ(wc_InitRng(&rng), 0);
-
-    ExpectNotNull(pkcs7 = wc_PKCS7_New(HEAP_HINT, testDevId));
-    ExpectIntEQ(wc_PKCS7_Init(pkcs7, HEAP_HINT, INVALID_DEVID), 0);
-    ExpectIntEQ(wc_PKCS7_InitWithCert(pkcs7, cert, certSz), 0);
-
-    if (useIntermediateCertChain == 1) {
-        /* Add intermediate and root CA certs into SignedData Certs SET */
-        ExpectIntEQ(wc_PKCS7_AddCertificate(pkcs7, intCA2, intCA2Sz), 0);
-        ExpectIntEQ(wc_PKCS7_AddCertificate(pkcs7, intCA1, intCA1Sz), 0);
-        ExpectIntEQ(wc_PKCS7_AddCertificate(pkcs7, intCARoot, intCARootSz), 0);
-    }
-
-    if (pkcs7 != NULL) {
-        pkcs7->content = data;
-        pkcs7->contentSz = dataSz;
-        pkcs7->privateKey = key;
-        pkcs7->privateKeySz = (word32)sizeof(key);
-        if (pkAlgoType == RSA_TYPE) {
-            pkcs7->encryptOID = RSAk;
-        }
-        else {
-            pkcs7->encryptOID = ECDSAk;
-        }
-    #ifdef NO_SHA
-        pkcs7->hashOID = SHA256h;
-    #else
-        pkcs7->hashOID = SHAh;
-    #endif
-        pkcs7->rng = &rng;
-        if (withAttribs) {
-            /* include a signed attribute */
-            pkcs7->signedAttribs   = attribs;
-            pkcs7->signedAttribsSz = (sizeof(attribs)/sizeof(PKCS7Attrib));
-        }
-    }
-
-    if (detachedSig) {
-        ExpectIntEQ(wc_PKCS7_SetDetached(pkcs7, 1), 0);
-    }
-
-    outputSz = wc_PKCS7_EncodeSignedData(pkcs7, output, (word32)outputSz);
-    ExpectIntGT(outputSz, 0);
-    wc_PKCS7_Free(pkcs7);
-    pkcs7 = NULL;
-    ExpectNotNull(pkcs7 = wc_PKCS7_New(HEAP_HINT, testDevId));
-    ExpectIntEQ(wc_PKCS7_InitWithCert(pkcs7, NULL, 0), 0);
-    if (detachedSig && (pkcs7 != NULL)) {
-        pkcs7->content = data;
-        pkcs7->contentSz = dataSz;
-    }
-    ExpectIntEQ(wc_PKCS7_VerifySignedData(pkcs7, output, (word32)outputSz), 0);
-
-    wc_PKCS7_Free(pkcs7);
-    wc_FreeRng(&rng);
-
-    if (EXPECT_FAIL()) {
-        outputSz = 0;
-    }
-    return outputSz;
-}
-#endif
-
-/*
- * Testing wc_PKCS_VerifySignedData()
- */
-static int test_wc_PKCS7_VerifySignedData_RSA(void)
-{
-    EXPECT_DECLS;
-#if defined(HAVE_PKCS7) && !defined(NO_FILESYSTEM) && !defined(NO_RSA)
-    PKCS7* pkcs7 = NULL;
-    byte   output[6000]; /* Large size needed for bundles with int CA certs */
-    word32 outputSz = sizeof(output);
-    byte   data[] = "Test data to encode.";
-    byte   badOut[1];
-    word32 badOutSz = 0;
-    byte   badContent[] = "This is different content than was signed";
-    wc_HashAlg hash;
-#ifdef NO_SHA
-    enum wc_HashType hashType = WC_HASH_TYPE_SHA256;
-#else
-    enum wc_HashType hashType = WC_HASH_TYPE_SHA;
-#endif
-    byte        hashBuf[WC_MAX_DIGEST_SIZE];
-    word32      hashSz = (word32)wc_HashGetDigestSize(hashType);
-#ifndef NO_RSA
-    PKCS7DecodedAttrib* decodedAttrib = NULL;
-    /* contentType OID (1.2.840.113549.1.9.3) */
-    static const byte contentTypeOid[] =
-        { 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xF7, 0x0d, 0x01, 0x09, 0x03 };
-
-    /* PKCS#7 DATA content type (contentType defaults to DATA) */
-    static const byte dataType[] =
-        { 0x2A, 0x86, 0x48, 0x86, 0xF7, 0x0D, 0x01, 0x07, 0x01 };
-
-    /* messageDigest OID (1.2.840.113549.1.9.4) */
-    static const byte messageDigestOid[] =
-        { 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x09, 0x04 };
-#ifndef NO_ASN_TIME
-    /* signingTime OID () */
-    static const byte signingTimeOid[] =
-        { 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x09, 0x05};
-#endif
-#if !defined(NO_ASN) && !defined(NO_ASN_TIME)
-    int dateLength = 0;
-    byte dateFormat;
-    const byte* datePart = NULL;
-    struct tm timearg;
-    time_t now;
-    struct tm* nowTm = NULL;
-#ifdef NEED_TMP_TIME
-    struct tm tmpTimeStorage;
-    struct tm* tmpTime = &tmpTimeStorage;
-#endif
-#endif /* !NO_ASN && !NO_ASN_TIME */
-#ifndef NO_PKCS7_STREAM
-    word32 z;
-    int ret;
-#endif /* !NO_PKCS7_STREAM */
-
-    XMEMSET(&hash, 0, sizeof(wc_HashAlg));
-
-    /* Success test with RSA certs/key */
-    ExpectIntGT((outputSz = (word32)CreatePKCS7SignedData(output, (int)outputSz, data,
-        (word32)sizeof(data), 0, 0, 0, RSA_TYPE)), 0);
-
-    /* calculate hash for content, used later */
-    ExpectIntEQ(wc_HashInit(&hash, hashType), 0);
-    ExpectIntEQ(wc_HashUpdate(&hash, hashType, data, sizeof(data)), 0);
-    ExpectIntEQ(wc_HashFinal(&hash, hashType, hashBuf), 0);
-    DoExpectIntEQ(wc_HashFree(&hash, hashType), 0);
-
-    ExpectNotNull(pkcs7 = wc_PKCS7_New(HEAP_HINT, testDevId));
-    ExpectIntEQ(wc_PKCS7_Init(pkcs7, HEAP_HINT, INVALID_DEVID), 0);
-    ExpectIntEQ(wc_PKCS7_InitWithCert(pkcs7, NULL, 0), 0);
-    ExpectIntEQ(wc_PKCS7_VerifySignedData(pkcs7, output, outputSz), 0);
-
-#ifndef NO_PKCS7_STREAM
-    wc_PKCS7_Free(pkcs7);
-    pkcs7 = NULL;
-
-    ExpectNotNull(pkcs7 = wc_PKCS7_New(HEAP_HINT, testDevId));
-    ExpectIntEQ(wc_PKCS7_InitWithCert(pkcs7, NULL, 0), 0);
-
-    /* test for streaming */
-    ret = -1;
-    for (z = 0; z < outputSz && ret != 0; z++) {
-        ret = wc_PKCS7_VerifySignedData(pkcs7, output + z, 1);
-        if (ret < 0){
-            ExpectIntEQ(ret, WC_NO_ERR_TRACE(WC_PKCS7_WANT_READ_E));
-        }
-    }
-    ExpectIntEQ(ret, 0);
-    ExpectIntNE(pkcs7->contentSz, 0);
-    ExpectNotNull(pkcs7->contentDynamic);
-#endif /* !NO_PKCS7_STREAM */
-
-    /* Check that decoded signed attributes are correct */
-
-    /* messageDigest should be first */
-    if (pkcs7 != NULL) {
-        decodedAttrib = pkcs7->decodedAttrib;
-    }
-    ExpectNotNull(decodedAttrib);
-    ExpectIntEQ(decodedAttrib->oidSz, (word32)sizeof(messageDigestOid));
-    ExpectIntEQ(XMEMCMP(decodedAttrib->oid, messageDigestOid,
-        decodedAttrib->oidSz), 0);
-    /* + 2 for OCTET STRING and length bytes */
-    ExpectIntEQ(decodedAttrib->valueSz, hashSz + 2);
-    ExpectNotNull(decodedAttrib->value);
-    ExpectIntEQ(XMEMCMP(decodedAttrib->value + 2, hashBuf, hashSz), 0);
-
-#ifndef NO_ASN_TIME
-    /* signingTime should be second */
-    if (decodedAttrib != NULL) {
-        decodedAttrib = decodedAttrib->next;
-    }
-    ExpectNotNull(decodedAttrib);
-    ExpectIntEQ(decodedAttrib->oidSz, (word32)sizeof(signingTimeOid));
-    ExpectIntEQ(XMEMCMP(decodedAttrib->oid, signingTimeOid,
-        decodedAttrib->oidSz), 0);
-
-    ExpectIntGT(decodedAttrib->valueSz, 0);
-    ExpectNotNull(decodedAttrib->value);
-#endif
-
-    /* Verify signingTime if ASN and time are available */
-#if !defined(NO_ASN) && !defined(NO_ASN_TIME)
-    ExpectIntEQ(wc_GetDateInfo(decodedAttrib->value, decodedAttrib->valueSz,
-        &datePart, &dateFormat, &dateLength), 0);
-    ExpectNotNull(datePart);
-    ExpectIntGT(dateLength, 0);
-    XMEMSET(&timearg, 0, sizeof(timearg));
-    ExpectIntEQ(wc_GetDateAsCalendarTime(datePart, dateLength, dateFormat,
-         &timearg), 0);
-
-    /* Get current time and compare year/month/day against attribute value */
-    ExpectIntEQ(wc_GetTime(&now, sizeof(now)), 0);
-    nowTm = (struct tm*)XGMTIME((time_t*)&now, tmpTime);
-    ExpectNotNull(nowTm);
-
-    ExpectIntEQ(timearg.tm_year, nowTm->tm_year);
-    ExpectIntEQ(timearg.tm_mon, nowTm->tm_mon);
-    ExpectIntEQ(timearg.tm_mday, nowTm->tm_mday);
-#endif /* !NO_ASN && !NO_ASN_TIME */
-
-    /* contentType should be third */
-    if (decodedAttrib != NULL) {
-        decodedAttrib = decodedAttrib->next;
-    }
-    ExpectNotNull(decodedAttrib);
-    ExpectIntEQ(decodedAttrib->oidSz, (word32)sizeof(contentTypeOid));
-    ExpectIntEQ(XMEMCMP(decodedAttrib->oid, contentTypeOid,
-        decodedAttrib->oidSz), 0);
-    ExpectIntEQ(decodedAttrib->valueSz, (int)sizeof(dataType) + 2);
-    ExpectNotNull(decodedAttrib->value);
-    ExpectIntEQ(XMEMCMP(decodedAttrib->value + 2, dataType, sizeof(dataType)),
-        0);
-#endif /* !NO_RSA */
-
-    /* Test bad args. */
-    ExpectIntEQ(wc_PKCS7_VerifySignedData(NULL, output, outputSz),
-                                          WC_NO_ERR_TRACE(BAD_FUNC_ARG));
-    ExpectIntEQ(wc_PKCS7_VerifySignedData(pkcs7, NULL, outputSz),
-                                          WC_NO_ERR_TRACE(BAD_FUNC_ARG));
-    #ifndef NO_PKCS7_STREAM
-        /* can pass in 0 buffer length with streaming API */
-        ExpectIntEQ(wc_PKCS7_VerifySignedData(pkcs7, badOut,
-                                    badOutSz), WC_NO_ERR_TRACE(WC_PKCS7_WANT_READ_E));
-    #else
-        ExpectIntEQ(wc_PKCS7_VerifySignedData(pkcs7, badOut,
-                                    badOutSz), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
-    #endif
-    wc_PKCS7_Free(pkcs7);
-    pkcs7 = NULL;
-
-#ifndef NO_RSA
-    /* Try RSA certs/key/sig first */
-    outputSz = sizeof(output);
-    XMEMSET(output, 0, outputSz);
-    ExpectIntGT((outputSz = (word32)CreatePKCS7SignedData(output, (int)outputSz, data,
-                                                  (word32)sizeof(data),
-                                                  1, 1, 0, RSA_TYPE)), 0);
-    ExpectNotNull(pkcs7 = wc_PKCS7_New(HEAP_HINT, testDevId));
-    ExpectIntEQ(wc_PKCS7_InitWithCert(pkcs7, NULL, 0), 0);
-    if (pkcs7 != NULL) {
-        pkcs7->content = badContent;
-        pkcs7->contentSz = sizeof(badContent);
-    }
-    ExpectIntEQ(wc_PKCS7_VerifySignedData(pkcs7, output, outputSz),
-                WC_NO_ERR_TRACE(SIG_VERIFY_E));
-
-    wc_PKCS7_Free(pkcs7);
-    pkcs7 = NULL;
-
-#ifndef NO_PKCS7_STREAM
-    ExpectNotNull(pkcs7 = wc_PKCS7_New(HEAP_HINT, testDevId));
-    ExpectIntEQ(wc_PKCS7_InitWithCert(pkcs7, NULL, 0), 0);
-    if (pkcs7 != NULL) {
-        pkcs7->content = badContent;
-        pkcs7->contentSz = sizeof(badContent);
-    }
-    /* test for streaming */
-    ret = -1;
-    for (z = 0; z < outputSz && ret != 0; z++) {
-        ret = wc_PKCS7_VerifySignedData(pkcs7, output + z, 1);
-        if (ret == WC_NO_ERR_TRACE(WC_PKCS7_WANT_READ_E)){
-            continue;
-        }
-        else if (ret < 0) {
-            break;
-        }
-    }
-    ExpectIntEQ(ret, WC_NO_ERR_TRACE(SIG_VERIFY_E));
-    ExpectIntNE(pkcs7->contentSz, 0);
-    ExpectNotNull(pkcs7->contentDynamic);
-    wc_PKCS7_Free(pkcs7);
-    pkcs7 = NULL;
-#endif /* !NO_PKCS7_STREAM */
-
-
-    /* Test success case with detached signature and valid content */
-    ExpectNotNull(pkcs7 = wc_PKCS7_New(HEAP_HINT, testDevId));
-    ExpectIntEQ(wc_PKCS7_InitWithCert(pkcs7, NULL, 0), 0);
-    if (pkcs7 != NULL) {
-        pkcs7->content = data;
-        pkcs7->contentSz = sizeof(data);
-    }
-    ExpectIntEQ(wc_PKCS7_VerifySignedData(pkcs7, output, outputSz), 0);
-    wc_PKCS7_Free(pkcs7);
-    pkcs7 = NULL;
-
-#ifndef NO_PKCS7_STREAM
-    ExpectNotNull(pkcs7 = wc_PKCS7_New(HEAP_HINT, testDevId));
-    ExpectIntEQ(wc_PKCS7_InitWithCert(pkcs7, NULL, 0), 0);
-    if (pkcs7 != NULL) {
-        pkcs7->content = data;
-        pkcs7->contentSz = sizeof(data);
-    }
-
-    /* test for streaming */
-    ret = -1;
-    for (z = 0; z < outputSz && ret != 0; z++) {
-        ret = wc_PKCS7_VerifySignedData(pkcs7, output + z, 1);
-        if (ret < 0){
-            ExpectIntEQ(ret, WC_NO_ERR_TRACE(WC_PKCS7_WANT_READ_E));
-        }
-    }
-    ExpectIntEQ(ret, 0);
-    ExpectIntNE(pkcs7->contentSz, 0);
-    ExpectNotNull(pkcs7->contentDynamic);
-
-    wc_PKCS7_Free(pkcs7);
-    pkcs7 = NULL;
-#endif /* !NO_PKCS7_STREAM */
-
-    /* verify using pre-computed content digest only (no content) */
-    {
-        ExpectNotNull(pkcs7 = wc_PKCS7_New(HEAP_HINT, testDevId));
-        ExpectIntEQ(wc_PKCS7_Init(pkcs7, NULL, 0), 0);
-        ExpectIntEQ(wc_PKCS7_VerifySignedData_ex(pkcs7, hashBuf, hashSz,
-            output, outputSz, NULL, 0), 0);
-        wc_PKCS7_Free(pkcs7);
-        pkcs7 = NULL;
-    }
-#endif /* !NO_RSA */
-
-    /* Test verify on signedData containing intermediate/root CA certs */
-#ifndef NO_RSA
-    outputSz = sizeof(output);
-    XMEMSET(output, 0, outputSz);
-    ExpectIntGT((outputSz = (word32)CreatePKCS7SignedData(output, (int)outputSz, data,
-                                                  (word32)sizeof(data),
-                                                  0, 0, 1, RSA_TYPE)), 0);
-    ExpectNotNull(pkcs7 = wc_PKCS7_New(HEAP_HINT, testDevId));
-    ExpectIntEQ(wc_PKCS7_InitWithCert(pkcs7, NULL, 0), 0);
-    ExpectIntEQ(wc_PKCS7_VerifySignedData(pkcs7, output, outputSz), 0);
-    wc_PKCS7_Free(pkcs7);
-    pkcs7 = NULL;
-
-#ifndef NO_PKCS7_STREAM
-    ExpectNotNull(pkcs7 = wc_PKCS7_New(HEAP_HINT, testDevId));
-    ExpectIntEQ(wc_PKCS7_InitWithCert(pkcs7, NULL, 0), 0);
-
-    /* test for streaming */
-    ret = -1;
-    for (z = 0; z < outputSz && ret != 0; z++) {
-        ret = wc_PKCS7_VerifySignedData(pkcs7, output + z, 1);
-        if (ret < 0){
-            ExpectIntEQ(ret, WC_NO_ERR_TRACE(WC_PKCS7_WANT_READ_E));
-        }
-    }
-    ExpectIntEQ(ret, 0);
-    ExpectIntNE(pkcs7->contentSz, 0);
-    ExpectNotNull(pkcs7->contentDynamic);
-
-    wc_PKCS7_Free(pkcs7);
-    pkcs7 = NULL;
-#endif /* !NO_PKCS7_STREAM */
-
-#endif /* !NO_RSA */
-#if defined(ASN_BER_TO_DER) && !defined(NO_PKCS7_STREAM) && \
-        !defined(NO_FILESYSTEM)
-    {
-        XFILE signedBundle = XBADFILE;
-        int   signedBundleSz = 0;
-        int   chunkSz = 1;
-        int   i, rc = 0;
-        byte* buf = NULL;
-
-        ExpectTrue((signedBundle = XFOPEN("./certs/test-stream-sign.p7b",
-            "rb")) != XBADFILE);
-        ExpectTrue(XFSEEK(signedBundle, 0, XSEEK_END) == 0);
-        ExpectIntGT(signedBundleSz = (int)XFTELL(signedBundle), 0);
-        ExpectTrue(XFSEEK(signedBundle, 0, XSEEK_SET) == 0);
-        ExpectNotNull(buf = (byte*)XMALLOC(signedBundleSz, HEAP_HINT,
-            DYNAMIC_TYPE_FILE));
-        if (buf != NULL) {
-            ExpectIntEQ(XFREAD(buf, 1, (size_t)signedBundleSz, signedBundle),
-                signedBundleSz);
-        }
-        if (signedBundle != XBADFILE) {
-            XFCLOSE(signedBundle);
-            signedBundle = XBADFILE;
-        }
-
-        if (buf != NULL) {
-            ExpectNotNull(pkcs7 = wc_PKCS7_New(HEAP_HINT, testDevId));
-            ExpectIntEQ(wc_PKCS7_InitWithCert(pkcs7, NULL, 0), 0);
-            for (i = 0; i < signedBundleSz;) {
-                int sz = (i + chunkSz > signedBundleSz)? signedBundleSz - i :
-                    chunkSz;
-                rc = wc_PKCS7_VerifySignedData(pkcs7, buf + i, (word32)sz);
-                if (rc < 0 ) {
-                    if (rc == WC_NO_ERR_TRACE(WC_PKCS7_WANT_READ_E)) {
-                        i += sz;
-                        continue;
-                    }
-                    break;
-                }
-                else {
-                    break;
-                }
-            }
-            ExpectIntEQ(rc, WC_NO_ERR_TRACE(PKCS7_SIGNEEDS_CHECK));
-            wc_PKCS7_Free(pkcs7);
-            pkcs7 = NULL;
-        }
-
-        /* now try with malformed bundle */
-        if (buf != NULL) {
-            ExpectNotNull(pkcs7 = wc_PKCS7_New(HEAP_HINT, testDevId));
-            ExpectIntEQ(wc_PKCS7_InitWithCert(pkcs7, NULL, 0), 0);
-            buf[signedBundleSz - 2] = buf[signedBundleSz - 2] + 1;
-            for (i = 0; i < signedBundleSz;) {
-                int sz = (i + chunkSz > signedBundleSz)? signedBundleSz - i :
-                    chunkSz;
-                rc = wc_PKCS7_VerifySignedData(pkcs7, buf + i, (word32)sz);
-                if (rc < 0 ) {
-                    if (rc == WC_NO_ERR_TRACE(WC_PKCS7_WANT_READ_E)) {
-                        i += sz;
-                        continue;
-                    }
-                    break;
-                }
-                else {
-                    break;
-                }
-            }
-            ExpectIntEQ(rc, WC_NO_ERR_TRACE(ASN_PARSE_E));
-            wc_PKCS7_Free(pkcs7);
-            pkcs7 = NULL;
-        }
-
-        if (buf != NULL)
-            XFREE(buf, HEAP_HINT, DYNAMIC_TYPE_FILE);
-    }
-#endif /* BER and stream */
-#endif
-    return EXPECT_RESULT();
-} /* END test_wc_PKCS7_VerifySignedData()_RSA */
-
-/*
- * Testing wc_PKCS_VerifySignedData()
- */
-static int test_wc_PKCS7_VerifySignedData_ECC(void)
-{
-    EXPECT_DECLS;
-#if defined(HAVE_PKCS7) && !defined(NO_FILESYSTEM) && defined(HAVE_ECC)
-    PKCS7* pkcs7 = NULL;
-    byte   output[6000]; /* Large size needed for bundles with int CA certs */
-    word32 outputSz = sizeof(output);
-    byte   data[] = "Test data to encode.";
-    byte   badContent[] = "This is different content than was signed";
-    wc_HashAlg hash;
-#ifndef NO_PKCS7_STREAM
-    word32 z;
-    int ret;
-#endif /* !NO_PKCS7_STREAM */
-#ifdef NO_SHA
-    enum wc_HashType hashType = WC_HASH_TYPE_SHA256;
-#else
-    enum wc_HashType hashType = WC_HASH_TYPE_SHA;
-#endif
-    byte        hashBuf[WC_MAX_DIGEST_SIZE];
-    word32      hashSz = (word32)wc_HashGetDigestSize(hashType);
-
-    XMEMSET(&hash, 0, sizeof(wc_HashAlg));
-
-    /* Success test with ECC certs/key */
-    outputSz = sizeof(output);
-    XMEMSET(output, 0, outputSz);
-    ExpectIntGT((outputSz = (word32)CreatePKCS7SignedData(output, (int)outputSz, data,
-        (word32)sizeof(data), 0, 0, 0, ECC_TYPE)), 0);
-
-    ExpectNotNull(pkcs7 = wc_PKCS7_New(HEAP_HINT, testDevId));
-    ExpectIntEQ(wc_PKCS7_Init(pkcs7, HEAP_HINT, INVALID_DEVID), 0);
-    ExpectIntEQ(wc_PKCS7_InitWithCert(pkcs7, NULL, 0), 0);
-    ExpectIntEQ(wc_PKCS7_VerifySignedData(pkcs7, output, outputSz), 0);
-    wc_PKCS7_Free(pkcs7);
-    pkcs7 = NULL;
-
-#ifndef NO_PKCS7_STREAM
-    ExpectNotNull(pkcs7 = wc_PKCS7_New(HEAP_HINT, testDevId));
-    ExpectIntEQ(wc_PKCS7_InitWithCert(pkcs7, NULL, 0), 0);
-
-    /* test for streaming */
-    ret = -1;
-    for (z = 0; z < outputSz && ret != 0; z++) {
-        ret = wc_PKCS7_VerifySignedData(pkcs7, output + z, 1);
-        if (ret < 0){
-            ExpectIntEQ(ret, WC_NO_ERR_TRACE(WC_PKCS7_WANT_READ_E));
-        }
-    }
-    ExpectIntEQ(ret, 0);
-    ExpectIntNE(pkcs7->contentSz, 0);
-    ExpectNotNull(pkcs7->contentDynamic);
-    wc_PKCS7_Free(pkcs7);
-    pkcs7 = NULL;
-#endif /* !NO_PKCS7_STREAM */
-
-    /* Invalid content should error, use detached signature so we can
-     * easily change content */
-    outputSz = sizeof(output);
-    XMEMSET(output, 0, outputSz);
-    ExpectIntGT((outputSz = (word32)CreatePKCS7SignedData(output, (int)outputSz, data,
-        (word32)sizeof(data), 1, 1, 0, ECC_TYPE)), 0);
-    ExpectNotNull(pkcs7 = wc_PKCS7_New(HEAP_HINT, testDevId));
-    ExpectIntEQ(wc_PKCS7_InitWithCert(pkcs7, NULL, 0), 0);
-    if (pkcs7 != NULL) {
-        pkcs7->content = badContent;
-        pkcs7->contentSz = sizeof(badContent);
-    }
-    ExpectIntEQ(wc_PKCS7_VerifySignedData(pkcs7, output, outputSz),
-        WC_NO_ERR_TRACE(SIG_VERIFY_E));
-    wc_PKCS7_Free(pkcs7);
-    pkcs7 = NULL;
-
-#ifndef NO_PKCS7_STREAM
-    ExpectNotNull(pkcs7 = wc_PKCS7_New(HEAP_HINT, testDevId));
-    ExpectIntEQ(wc_PKCS7_InitWithCert(pkcs7, NULL, 0), 0);
-    if (pkcs7 != NULL) {
-        pkcs7->content = badContent;
-        pkcs7->contentSz = sizeof(badContent);
-    }
-
-    /* test for streaming */
-    ret = -1;
-    for (z = 0; z < outputSz && ret != 0; z++) {
-        ret = wc_PKCS7_VerifySignedData(pkcs7, output + z, 1);
-        if (ret == WC_NO_ERR_TRACE(WC_PKCS7_WANT_READ_E)){
-            continue;
-        }
-        else if (ret < 0) {
-            break;
-        }
-    }
-    ExpectIntEQ(ret, WC_NO_ERR_TRACE(SIG_VERIFY_E));
-    ExpectIntNE(pkcs7->contentSz, 0);
-    ExpectNotNull(pkcs7->contentDynamic);
-    wc_PKCS7_Free(pkcs7);
-    pkcs7 = NULL;
-#endif /* !NO_PKCS7_STREAM */
-
-
-    /* Test success case with detached signature and valid content */
-    ExpectNotNull(pkcs7 = wc_PKCS7_New(HEAP_HINT, testDevId));
-    ExpectIntEQ(wc_PKCS7_InitWithCert(pkcs7, NULL, 0), 0);
-    if (pkcs7 != NULL) {
-        pkcs7->content = data;
-        pkcs7->contentSz = sizeof(data);
-    }
-    ExpectIntEQ(wc_PKCS7_VerifySignedData(pkcs7, output, outputSz), 0);
-    wc_PKCS7_Free(pkcs7);
-    pkcs7 = NULL;
-
-#ifndef NO_PKCS7_STREAM
-    ExpectNotNull(pkcs7 = wc_PKCS7_New(HEAP_HINT, testDevId));
-    ExpectIntEQ(wc_PKCS7_InitWithCert(pkcs7, NULL, 0), 0);
-    if (pkcs7 != NULL) {
-        pkcs7->content = data;
-        pkcs7->contentSz = sizeof(data);
-    }
-
-    /* test for streaming */
-    ret = -1;
-    for (z = 0; z < outputSz && ret != 0; z++) {
-        ret = wc_PKCS7_VerifySignedData(pkcs7, output + z, 1);
-        if (ret < 0){
-            ExpectIntEQ(ret, WC_NO_ERR_TRACE(WC_PKCS7_WANT_READ_E));
-        }
-    }
-    ExpectIntEQ(ret, 0);
-    ExpectIntNE(pkcs7->contentSz, 0);
-    ExpectNotNull(pkcs7->contentDynamic);
-
-    wc_PKCS7_Free(pkcs7);
-    pkcs7 = NULL;
-#endif /* !NO_PKCS7_STREAM */
-
-    /* verify using pre-computed content digest only (no content) */
-    {
-        /* calculate hash for content */
-        ExpectIntEQ(wc_HashInit(&hash, hashType), 0);
-        ExpectIntEQ(wc_HashUpdate(&hash, hashType, data, sizeof(data)), 0);
-        ExpectIntEQ(wc_HashFinal(&hash, hashType, hashBuf), 0);
-        ExpectIntEQ(wc_HashFree(&hash, hashType), 0);
-
-        ExpectNotNull(pkcs7 = wc_PKCS7_New(HEAP_HINT, testDevId));
-        ExpectIntEQ(wc_PKCS7_Init(pkcs7, NULL, 0), 0);
-        ExpectIntEQ(wc_PKCS7_VerifySignedData_ex(pkcs7, hashBuf, hashSz,
-            output, outputSz, NULL, 0), 0);
-        wc_PKCS7_Free(pkcs7);
-        pkcs7 = NULL;
-    }
-
-    /* Test verify on signedData containing intermediate/root CA certs */
-    outputSz = sizeof(output);
-    XMEMSET(output, 0, outputSz);
-    ExpectIntGT((outputSz = (word32)CreatePKCS7SignedData(output, (int)outputSz, data,
-        (word32)sizeof(data), 0, 0, 1, ECC_TYPE)), 0);
-    ExpectNotNull(pkcs7 = wc_PKCS7_New(HEAP_HINT, testDevId));
-    ExpectIntEQ(wc_PKCS7_InitWithCert(pkcs7, NULL, 0), 0);
-    ExpectIntEQ(wc_PKCS7_VerifySignedData(pkcs7, output, outputSz), 0);
-    wc_PKCS7_Free(pkcs7);
-    pkcs7 = NULL;
-
-#ifndef NO_PKCS7_STREAM
-    ExpectNotNull(pkcs7 = wc_PKCS7_New(HEAP_HINT, testDevId));
-    ExpectIntEQ(wc_PKCS7_InitWithCert(pkcs7, NULL, 0), 0);
-
-    /* test for streaming */
-    ret = -1;
-    for (z = 0; z < outputSz && ret != 0; z++) {
-        ret = wc_PKCS7_VerifySignedData(pkcs7, output + z, 1);
-        if (ret < 0){
-            ExpectIntEQ(ret, WC_NO_ERR_TRACE(WC_PKCS7_WANT_READ_E));
-        }
-    }
-    ExpectIntEQ(ret, 0);
-    ExpectIntNE(pkcs7->contentSz, 0);
-    ExpectNotNull(pkcs7->contentDynamic);
-
-    wc_PKCS7_Free(pkcs7);
-    pkcs7 = NULL;
-#endif /* !NO_PKCS7_STREAM */
-
-#endif
-    return EXPECT_RESULT();
-} /* END test_wc_PKCS7_VerifySignedData_ECC() */
-
-
-#if defined(HAVE_PKCS7) && !defined(NO_AES) && defined(HAVE_AES_CBC) && \
-    defined(WOLFSSL_AES_256)
-static const byte defKey[] = {
-    0x01,0x02,0x03,0x04,0x05,0x06,0x07,0x08,
-    0x01,0x02,0x03,0x04,0x05,0x06,0x07,0x08,
-    0x01,0x02,0x03,0x04,0x05,0x06,0x07,0x08,
-    0x01,0x02,0x03,0x04,0x05,0x06,0x07,0x08
-};
-static byte aesHandle[32]; /* simulated hardware key handle */
-
-/* return 0 on success */
-static int myDecryptionFunc(PKCS7* pkcs7, int encryptOID, byte* iv, int ivSz,
-        byte* aad, word32 aadSz, byte* authTag, word32 authTagSz,
-        byte* in, int inSz, byte* out, void* usrCtx)
-{
-    int ret;
-    Aes aes;
-
-    if (usrCtx == NULL) {
-        /* no simulated handle passed in */
-        return -1;
-    }
-
-    switch (encryptOID) {
-        case AES256CBCb:
-            if (ivSz  != AES_BLOCK_SIZE)
-                return BAD_FUNC_ARG;
-            break;
-
-        default:
-            WOLFSSL_MSG("Unsupported content cipher type for test");
-            return ALGO_ID_E;
-    };
-
-    /* simulate using handle to get key */
-    ret = wc_AesInit(&aes, HEAP_HINT, INVALID_DEVID);
-    if (ret == 0) {
-        ret = wc_AesSetKey(&aes, (byte*)usrCtx, 32, iv, AES_DECRYPTION);
-        if (ret == 0)
-            ret = wc_AesCbcDecrypt(&aes, out, in, (word32)inSz);
-        wc_AesFree(&aes);
-    }
-
-    (void)aad;
-    (void)aadSz;
-    (void)authTag;
-    (void)authTagSz;
-    (void)pkcs7;
-    return ret;
-}
-
-
-/* returns key size on success */
-static int myCEKwrapFunc(PKCS7* pkcs7, byte* cek, word32 cekSz, byte* keyId,
-        word32 keyIdSz, byte* orginKey, word32 orginKeySz,
-        byte* out, word32 outSz, int keyWrapAlgo, int type, int direction)
-{
-    int ret = -1;
-
-    (void)cekSz;
-    (void)cek;
-    (void)outSz;
-    (void)keyIdSz;
-    (void)direction;
-    (void)orginKey; /* used with KAKRI */
-    (void)orginKeySz;
-
-    if (out == NULL)
-        return BAD_FUNC_ARG;
-
-    if (keyId[0] != 0x00) {
-        return -1;
-    }
-
-    if (type != (int)PKCS7_KEKRI) {
-        return -1;
-    }
-
-    switch (keyWrapAlgo) {
-        case AES256_WRAP:
-            /* simulate setting a handle for later decryption but use key
-             * as handle in the test case here */
-            ret = wc_AesKeyUnWrap(defKey, sizeof(defKey), cek, cekSz,
-                                      aesHandle, sizeof(aesHandle), NULL);
-            if (ret < 0)
-                return ret;
-
-            ret = wc_PKCS7_SetDecodeEncryptedCtx(pkcs7, (void*)aesHandle);
-            if (ret < 0)
-                return ret;
-
-            /* return key size on success */
-            return sizeof(defKey);
-
-        default:
-            WOLFSSL_MSG("Unsupported key wrap algorithm in example");
-            return BAD_KEYWRAP_ALG_E;
-    };
-}
-#endif /* HAVE_PKCS7 && !NO_AES && HAVE_AES_CBC && WOLFSSL_AES_256 */
-
-
-#if defined(HAVE_PKCS7) && defined(ASN_BER_TO_DER)
-#define MAX_TEST_DECODE_SIZE 6000
-static int test_wc_PKCS7_DecodeEnvelopedData_stream_decrypt_cb(wc_PKCS7* pkcs7,
-    const byte* output, word32 outputSz, void* ctx) {
-     WOLFSSL_BUFFER_INFO* out = (WOLFSSL_BUFFER_INFO*)ctx;
-
-    if (out == NULL) {
-        return -1;
-    }
-
-    if (outputSz + out->length > MAX_TEST_DECODE_SIZE) {
-        printf("Example buffer size needs increased");
-    }
-
-    /* printf("Decoded in %d bytes\n", outputSz);
-     * for (word32 z = 0; z < outputSz; z++) printf("%02X", output[z]);
-     * printf("\n");
-    */
-
-    XMEMCPY(out->buffer + out->length, output, outputSz);
-    out->length += outputSz;
-
-    (void)pkcs7;
-    return 0;
-}
-#endif /* HAVE_PKCS7 && ASN_BER_TO_DER */
-
-/*
- * Testing wc_PKCS7_DecodeEnvelopedData with streaming
- */
-static int test_wc_PKCS7_DecodeEnvelopedData_stream(void)
-{
-#if defined(HAVE_PKCS7) && defined(ASN_BER_TO_DER)
-    EXPECT_DECLS;
-    PKCS7*      pkcs7 = NULL;
-    int ret = 0;
-    XFILE f = XBADFILE;
-    const char* testStream = "./certs/test-stream-dec.p7b";
-    byte testStreamBuffer[100];
-    size_t testStreamBufferSz = 0;
-    byte decodedData[MAX_TEST_DECODE_SIZE]; /* large enough to hold result of decode, which is ca-cert.pem */
-    WOLFSSL_BUFFER_INFO out;
-
-    out.length = 0;
-    out.buffer = decodedData;
-
-    ExpectNotNull(pkcs7 = wc_PKCS7_New(HEAP_HINT, testDevId));
-    ExpectIntEQ(wc_PKCS7_InitWithCert(pkcs7, (byte*)client_cert_der_2048,
-        sizeof_client_cert_der_2048), 0);
-
-    ExpectIntEQ(wc_PKCS7_SetKey(pkcs7, (byte*)client_key_der_2048,
-        sizeof_client_key_der_2048), 0);
-    ExpectIntEQ(wc_PKCS7_SetStreamMode(pkcs7, 1, NULL,
-        test_wc_PKCS7_DecodeEnvelopedData_stream_decrypt_cb, (void*)&out), 0);
-
-    ExpectTrue((f = XFOPEN(testStream, "rb")) != XBADFILE);
-    if (EXPECT_SUCCESS()) {
-        do {
-            testStreamBufferSz = XFREAD(testStreamBuffer, 1,
-                sizeof(testStreamBuffer), f);
-            if (testStreamBufferSz == 0) {
-                break;
-            }
-
-            ret = wc_PKCS7_DecodeEnvelopedData(pkcs7, testStreamBuffer,
-                (word32)testStreamBufferSz, NULL, 0);
-            if (testStreamBufferSz < sizeof(testStreamBuffer)) {
-                break;
-            }
-        } while (ret == WC_NO_ERR_TRACE(WC_PKCS7_WANT_READ_E));
-    #ifdef NO_DES3
-        ExpectIntEQ(ret, ALGO_ID_E);
-    #else
-        ExpectIntGT(ret, 0);
-    #endif
-    }
-
-    if (f != XBADFILE) {
-        XFCLOSE(f);
-        f = XBADFILE;
-    }
-
-    wc_PKCS7_Free(pkcs7);
-    return EXPECT_RESULT();
-#else
-    return TEST_SKIPPED;
-#endif
-} /* END test_wc_PKCS7_DecodeEnvelopedData_stream() */
-
-/*
- * Testing wc_PKCS7_EncodeEnvelopedData(), wc_PKCS7_DecodeEnvelopedData()
- */
-static int test_wc_PKCS7_EncodeDecodeEnvelopedData(void)
-{
-    EXPECT_DECLS;
-#if defined(HAVE_PKCS7)
-    PKCS7*      pkcs7 = NULL;
-#ifdef ASN_BER_TO_DER
-    int encodedSz = 0;
-#endif
-#ifdef ECC_TIMING_RESISTANT
-    WC_RNG      rng;
-#endif
-    word32      tempWrd32   = 0;
-    byte*       tmpBytePtr = NULL;
-    const char  input[] = "Test data to encode.";
-    int         i;
-    int         testSz = 0;
-    #if !defined(NO_RSA) && (!defined(NO_AES) || (!defined(NO_SHA) || \
-        !defined(NO_SHA256) || defined(WOLFSSL_SHA512)))
-        byte*   rsaCert     = NULL;
-        byte*   rsaPrivKey  = NULL;
-        word32  rsaCertSz;
-        word32  rsaPrivKeySz;
-        #if !defined(NO_FILESYSTEM) && (!defined(USE_CERT_BUFFERS_1024) && \
-                                           !defined(USE_CERT_BUFFERS_2048) )
-            static const char* rsaClientCert = "./certs/client-cert.der";
-            static const char* rsaClientKey = "./certs/client-key.der";
-            rsaCertSz = (word32)sizeof(rsaClientCert);
-            rsaPrivKeySz = (word32)sizeof(rsaClientKey);
-        #endif
-    #endif
-    #if defined(HAVE_ECC) && (!defined(NO_AES) || (!defined(NO_SHA) ||\
-        !defined(NO_SHA256) || defined(WOLFSSL_SHA512)))
-        byte*   eccCert     = NULL;
-        byte*   eccPrivKey  = NULL;
-        word32  eccCertSz;
-        word32  eccPrivKeySz;
-        #if !defined(NO_FILESYSTEM) && !defined(USE_CERT_BUFFERS_256)
-            static const char* eccClientCert = "./certs/client-ecc-cert.der";
-            static const char* eccClientKey = "./certs/ecc-client-key.der";
-        #endif
-    #endif
-    /* Generic buffer size. */
-    byte    output[ONEK_BUF];
-    byte    decoded[sizeof(input)/sizeof(char)];
-    int     decodedSz = 0;
-#ifndef NO_FILESYSTEM
-    XFILE certFile = XBADFILE;
-    XFILE keyFile = XBADFILE;
-#endif
-
-#ifdef ECC_TIMING_RESISTANT
-    XMEMSET(&rng, 0, sizeof(WC_RNG));
-#endif
-
-#if !defined(NO_RSA) && (!defined(NO_AES) || (!defined(NO_SHA) ||\
-    !defined(NO_SHA256) || defined(WOLFSSL_SHA512)))
-    /* RSA certs and keys. */
-    #if defined(USE_CERT_BUFFERS_1024)
-        rsaCertSz = (word32)sizeof_client_cert_der_1024;
-        /* Allocate buffer space. */
-        ExpectNotNull(rsaCert = (byte*)XMALLOC(rsaCertSz, HEAP_HINT,
-            DYNAMIC_TYPE_TMP_BUFFER));
-        /* Init buffer. */
-        if (rsaCert != NULL) {
-            XMEMCPY(rsaCert, client_cert_der_1024, rsaCertSz);
-        }
-        rsaPrivKeySz = (word32)sizeof_client_key_der_1024;
-        ExpectNotNull(rsaPrivKey = (byte*)XMALLOC(rsaPrivKeySz, HEAP_HINT,
-            DYNAMIC_TYPE_TMP_BUFFER));
-        if (rsaPrivKey != NULL) {
-            XMEMCPY(rsaPrivKey, client_key_der_1024, rsaPrivKeySz);
-        }
-    #elif defined(USE_CERT_BUFFERS_2048)
-        rsaCertSz = (word32)sizeof_client_cert_der_2048;
-        /* Allocate buffer */
-        ExpectNotNull(rsaCert = (byte*)XMALLOC(rsaCertSz, HEAP_HINT,
-            DYNAMIC_TYPE_TMP_BUFFER));
-        /* Init buffer. */
-        if (rsaCert != NULL) {
-            XMEMCPY(rsaCert, client_cert_der_2048, rsaCertSz);
-        }
-        rsaPrivKeySz = (word32)sizeof_client_key_der_2048;
-        ExpectNotNull(rsaPrivKey = (byte*)XMALLOC(rsaPrivKeySz, HEAP_HINT,
-            DYNAMIC_TYPE_TMP_BUFFER));
-        if (rsaPrivKey != NULL) {
-            XMEMCPY(rsaPrivKey, client_key_der_2048, rsaPrivKeySz);
-        }
-    #else
-        /* File system. */
-        ExpectTrue((certFile = XFOPEN(rsaClientCert, "rb")) != XBADFILE);
-        rsaCertSz = (word32)FOURK_BUF;
-        ExpectNotNull(rsaCert = (byte*)XMALLOC(FOURK_BUF, HEAP_HINT,
-            DYNAMIC_TYPE_TMP_BUFFER));
-        ExpectTrue((rsaCertSz = (word32)XFREAD(rsaCert, 1, rsaCertSz,
-            certFile)) > 0);
-        if (certFile != XBADFILE)
-            XFCLOSE(certFile);
-        ExpectTrue((keyFile = XFOPEN(rsaClientKey, "rb")) != XBADFILE);
-        ExpectNotNull(rsaPrivKey = (byte*)XMALLOC(FOURK_BUF, HEAP_HINT,
-            DYNAMIC_TYPE_TMP_BUFFER));
-        rsaPrivKeySz = (word32)FOURK_BUF;
-        ExpectTrue((rsaPrivKeySz = (word32)XFREAD(rsaPrivKey, 1, rsaPrivKeySz,
-            keyFile)) > 0);
-        if (keyFile != XBADFILE)
-            XFCLOSE(keyFile);
-    #endif /* USE_CERT_BUFFERS */
-#endif /* NO_RSA */
-
-/* ECC */
-#if defined(HAVE_ECC) && (!defined(NO_AES) || (!defined(NO_SHA) ||\
-    !defined(NO_SHA256) || defined(WOLFSSL_SHA512)))
-
-    #ifdef USE_CERT_BUFFERS_256
-        ExpectNotNull(eccCert = (byte*)XMALLOC(TWOK_BUF, HEAP_HINT,
-            DYNAMIC_TYPE_TMP_BUFFER));
-        /* Init buffer. */
-        eccCertSz = (word32)sizeof_cliecc_cert_der_256;
-        if (eccCert != NULL) {
-            XMEMCPY(eccCert, cliecc_cert_der_256, eccCertSz);
-        }
-        ExpectNotNull(eccPrivKey = (byte*)XMALLOC(TWOK_BUF, HEAP_HINT,
-            DYNAMIC_TYPE_TMP_BUFFER));
-        eccPrivKeySz = (word32)sizeof_ecc_clikey_der_256;
-        if (eccPrivKey != NULL) {
-            XMEMCPY(eccPrivKey, ecc_clikey_der_256, eccPrivKeySz);
-        }
-    #else /* File system. */
-        ExpectTrue((certFile = XFOPEN(eccClientCert, "rb")) != XBADFILE);
-        eccCertSz = (word32)FOURK_BUF;
-        ExpectNotNull(eccCert = (byte*)XMALLOC(FOURK_BUF, HEAP_HINT,
-            DYNAMIC_TYPE_TMP_BUFFER));
-        ExpectTrue((eccCertSz = (word32)XFREAD(eccCert, 1, eccCertSz,
-            certFile)) > 0);
-        if (certFile != XBADFILE) {
-            XFCLOSE(certFile);
-        }
-        ExpectTrue((keyFile = XFOPEN(eccClientKey, "rb")) != XBADFILE);
-        eccPrivKeySz = (word32)FOURK_BUF;
-        ExpectNotNull(eccPrivKey = (byte*)XMALLOC(FOURK_BUF, HEAP_HINT,
-            DYNAMIC_TYPE_TMP_BUFFER));
-        ExpectTrue((eccPrivKeySz = (word32)XFREAD(eccPrivKey, 1, eccPrivKeySz,
-            keyFile)) > 0);
-        if (keyFile != XBADFILE) {
-            XFCLOSE(keyFile);
-        }
-    #endif /* USE_CERT_BUFFERS_256 */
-#endif /* END HAVE_ECC */
-
-#ifndef NO_FILESYSTEM
-    /* Silence. */
-    (void)keyFile;
-    (void)certFile;
-#endif
-
-    {
-    const pkcs7EnvelopedVector testVectors[] = {
-    /* DATA is a global variable defined in the makefile. */
-#if !defined(NO_RSA)
-    #ifndef NO_DES3
-        {(byte*)input, (word32)(sizeof(input)/sizeof(char)), DATA, DES3b, 0, 0,
-            rsaCert, rsaCertSz, rsaPrivKey, rsaPrivKeySz},
-    #endif /* NO_DES3 */
-    #if !defined(NO_AES) && defined(HAVE_AES_CBC)
-        #ifdef WOLFSSL_AES_128
-        {(byte*)input, (word32)(sizeof(input)/sizeof(char)), DATA, AES128CBCb,
-            0, 0, rsaCert, rsaCertSz, rsaPrivKey, rsaPrivKeySz},
-        #endif
-        #ifdef WOLFSSL_AES_192
-        {(byte*)input, (word32)(sizeof(input)/sizeof(char)), DATA, AES192CBCb,
-            0, 0, rsaCert, rsaCertSz, rsaPrivKey, rsaPrivKeySz},
-        #endif
-        #ifdef WOLFSSL_AES_256
-        {(byte*)input, (word32)(sizeof(input)/sizeof(char)), DATA, AES256CBCb,
-            0, 0, rsaCert, rsaCertSz, rsaPrivKey, rsaPrivKeySz},
-        #endif
-    #endif /* NO_AES && HAVE_AES_CBC */
-
-#endif /* NO_RSA */
-#if defined(HAVE_ECC)
-    #if !defined(NO_AES) && defined(HAVE_AES_CBC)
-        #if !defined(NO_SHA) && defined(WOLFSSL_AES_128)
-            {(byte*)input, (word32)(sizeof(input)/sizeof(char)), DATA,
-                AES128CBCb, AES128_WRAP, dhSinglePass_stdDH_sha1kdf_scheme,
-                eccCert, eccCertSz, eccPrivKey, eccPrivKeySz},
-        #endif
-        #if !defined(NO_SHA256) && defined(WOLFSSL_AES_256)
-            {(byte*)input, (word32)(sizeof(input)/sizeof(char)), DATA,
-                AES256CBCb, AES256_WRAP, dhSinglePass_stdDH_sha256kdf_scheme,
-                eccCert, eccCertSz, eccPrivKey, eccPrivKeySz},
-        #endif
-        #if defined(WOLFSSL_SHA512) && defined(WOLFSSL_AES_256)
-            {(byte*)input, (word32)(sizeof(input)/sizeof(char)), DATA,
-                AES256CBCb, AES256_WRAP, dhSinglePass_stdDH_sha512kdf_scheme,
-                eccCert, eccCertSz, eccPrivKey, eccPrivKeySz},
-        #endif
-    #endif /* NO_AES && HAVE_AES_CBC*/
-#endif /* END HAVE_ECC */
-    }; /* END pkcs7EnvelopedVector */
-
-#ifdef ECC_TIMING_RESISTANT
-    ExpectIntEQ(wc_InitRng(&rng), 0);
-#endif
-
-    ExpectNotNull(pkcs7 = wc_PKCS7_New(HEAP_HINT, testDevId));
-    ExpectIntEQ(wc_PKCS7_Init(pkcs7, HEAP_HINT, testDevId), 0);
-
-    testSz = (int)sizeof(testVectors)/(int)sizeof(pkcs7EnvelopedVector);
-    for (i = 0; i < testSz; i++) {
-    #ifdef ASN_BER_TO_DER
-        encodeSignedDataStream strm;
-
-        /* test setting stream mode, the first one using IO callbacks */
-        ExpectIntEQ(wc_PKCS7_InitWithCert(pkcs7, (testVectors + i)->cert,
-                                    (word32)(testVectors + i)->certSz), 0);
-        if (pkcs7 != NULL) {
-        #ifdef ECC_TIMING_RESISTANT
-            pkcs7->rng = &rng;
-        #endif
-
-            if (i != 0)
-                pkcs7->content       = (byte*)(testVectors + i)->content;
-            pkcs7->contentSz     = (testVectors + i)->contentSz;
-            pkcs7->contentOID    = (testVectors + i)->contentOID;
-            pkcs7->encryptOID    = (testVectors + i)->encryptOID;
-            pkcs7->keyWrapOID    = (testVectors + i)->keyWrapOID;
-            pkcs7->keyAgreeOID   = (testVectors + i)->keyAgreeOID;
-            pkcs7->privateKey    = (testVectors + i)->privateKey;
-            pkcs7->privateKeySz  = (testVectors + i)->privateKeySz;
-        }
-
-        if (i == 0) {
-            XMEMSET(&strm, 0, sizeof(strm));
-            strm.chunkSz = FOURK_BUF;
-            ExpectIntEQ(wc_PKCS7_SetStreamMode(pkcs7, 1, GetContentCB,
-                StreamOutputCB, (void*)&strm), 0);
-            encodedSz = wc_PKCS7_EncodeEnvelopedData(pkcs7, NULL, 0);
-        }
-        else {
-            ExpectIntEQ(wc_PKCS7_SetStreamMode(pkcs7, 1, NULL, NULL, NULL), 0);
-            encodedSz = wc_PKCS7_EncodeEnvelopedData(pkcs7, output,
-                (word32)sizeof(output));
-        }
-
-        switch ((testVectors + i)->encryptOID) {
-        #ifndef NO_DES3
-            case DES3b:
-            case DESb:
-                ExpectIntEQ(encodedSz, WC_NO_ERR_TRACE(BAD_FUNC_ARG));
-                break;
-        #endif
-        #ifdef HAVE_AESCCM
-        #ifdef WOLFSSL_AES_128
-            case AES128CCMb:
-                ExpectIntEQ(encodedSz, WC_NO_ERR_TRACE(BAD_FUNC_ARG));
-                break;
-        #endif
-        #ifdef WOLFSSL_AES_192
-            case AES192CCMb:
-                ExpectIntEQ(encodedSz, WC_NO_ERR_TRACE(BAD_FUNC_ARG));
-                break;
-        #endif
-        #ifdef WOLFSSL_AES_256
-            case AES256CCMb:
-                ExpectIntEQ(encodedSz, WC_NO_ERR_TRACE(BAD_FUNC_ARG));
-                break;
-        #endif
-        #endif
-            default:
-                ExpectIntGE(encodedSz, 0);
-        }
-
-        if (encodedSz > 0) {
-            if (i == 0) {
-                decodedSz = wc_PKCS7_DecodeEnvelopedData(pkcs7,
-                    strm.out, (word32)encodedSz, decoded,
-                    (word32)sizeof(decoded));
-            }
-            else {
-                decodedSz = wc_PKCS7_DecodeEnvelopedData(pkcs7, output,
-                    (word32)encodedSz, decoded, (word32)sizeof(decoded));
-            }
-            ExpectIntGE(decodedSz, 0);
-            /* Verify the size of each buffer. */
-            ExpectIntEQ((word32)sizeof(input)/sizeof(char), decodedSz);
-        }
-        wc_PKCS7_Free(pkcs7);
-        pkcs7 = NULL;
-        ExpectNotNull(pkcs7 = wc_PKCS7_New(HEAP_HINT, testDevId));
-    #endif
-
-        ExpectIntEQ(wc_PKCS7_InitWithCert(pkcs7, (testVectors + i)->cert,
-                                    (word32)(testVectors + i)->certSz), 0);
-        if (pkcs7 != NULL) {
-#ifdef ECC_TIMING_RESISTANT
-            pkcs7->rng = &rng;
-#endif
-
-            pkcs7->content       = (byte*)(testVectors + i)->content;
-            pkcs7->contentSz     = (testVectors + i)->contentSz;
-            pkcs7->contentOID    = (testVectors + i)->contentOID;
-            pkcs7->encryptOID    = (testVectors + i)->encryptOID;
-            pkcs7->keyWrapOID    = (testVectors + i)->keyWrapOID;
-            pkcs7->keyAgreeOID   = (testVectors + i)->keyAgreeOID;
-            pkcs7->privateKey    = (testVectors + i)->privateKey;
-            pkcs7->privateKeySz  = (testVectors + i)->privateKeySz;
-        }
-
-    #ifdef ASN_BER_TO_DER
-        /* test without setting stream mode */
-        ExpectIntEQ(wc_PKCS7_GetStreamMode(pkcs7), 0);
-    #endif
-
-        ExpectIntGE(wc_PKCS7_EncodeEnvelopedData(pkcs7, output,
-            (word32)sizeof(output)), 0);
-
-        decodedSz = wc_PKCS7_DecodeEnvelopedData(pkcs7, output,
-            (word32)sizeof(output), decoded, (word32)sizeof(decoded));
-        ExpectIntGE(decodedSz, 0);
-        /* Verify the size of each buffer. */
-        ExpectIntEQ((word32)sizeof(input)/sizeof(char), decodedSz);
-
-        /* Don't free the last time through the loop. */
-        if (i < testSz - 1) {
-            wc_PKCS7_Free(pkcs7);
-            pkcs7 = NULL;
-            ExpectNotNull(pkcs7 = wc_PKCS7_New(HEAP_HINT, testDevId));
-        }
-    }  /* END test loop. */
-    }
-
-    /* Test bad args. */
-    ExpectIntEQ(wc_PKCS7_EncodeEnvelopedData(NULL, output,
-                    (word32)sizeof(output)), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
-    ExpectIntEQ(wc_PKCS7_EncodeEnvelopedData(pkcs7, NULL,
-                    (word32)sizeof(output)), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
-    ExpectIntEQ(wc_PKCS7_EncodeEnvelopedData(pkcs7, output, 0), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
-
-    /* Decode.  */
-    ExpectIntEQ(wc_PKCS7_DecodeEnvelopedData(NULL, output,
-        (word32)sizeof(output), decoded, (word32)sizeof(decoded)),
-        WC_NO_ERR_TRACE(BAD_FUNC_ARG));
-    ExpectIntEQ(wc_PKCS7_DecodeEnvelopedData(pkcs7, output,
-        (word32)sizeof(output), NULL, (word32)sizeof(decoded)), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
-    ExpectIntEQ(wc_PKCS7_DecodeEnvelopedData(pkcs7, output,
-        (word32)sizeof(output), decoded, 0), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
-    ExpectIntEQ(wc_PKCS7_DecodeEnvelopedData(pkcs7, NULL,
-        (word32)sizeof(output), decoded, (word32)sizeof(decoded)),
-        WC_NO_ERR_TRACE(BAD_FUNC_ARG));
-    ExpectIntEQ(wc_PKCS7_DecodeEnvelopedData(pkcs7, output, 0, decoded,
-        (word32)sizeof(decoded)), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
-    /* Should get a return of BAD_FUNC_ARG with structure data. Order matters.*/
-#if defined(HAVE_ECC) && !defined(NO_AES) && defined(HAVE_AES_CBC)
-    /* only a failure for KARI test cases */
-    if (pkcs7 != NULL) {
-        tempWrd32 = pkcs7->singleCertSz;
-        pkcs7->singleCertSz = 0;
-    }
-    #if defined(WOLFSSL_ASN_TEMPLATE)
-    ExpectIntEQ(wc_PKCS7_DecodeEnvelopedData(pkcs7, output,
-        (word32)sizeof(output), decoded, (word32)sizeof(decoded)),
-        WC_NO_ERR_TRACE(BUFFER_E));
-    #else
-    ExpectIntEQ(wc_PKCS7_DecodeEnvelopedData(pkcs7, output,
-        (word32)sizeof(output), decoded, (word32)sizeof(decoded)),
-        WC_NO_ERR_TRACE(ASN_PARSE_E));
-    #endif
-    if (pkcs7 != NULL) {
-        pkcs7->singleCertSz = tempWrd32;
-
-        tmpBytePtr = pkcs7->singleCert;
-        pkcs7->singleCert = NULL;
-    }
-  #ifndef NO_RSA
-    #if defined(NO_PKCS7_STREAM)
-    /* when none streaming mode is used and PKCS7 is in bad state buffer error
-     * is returned from kari parse which gets set to bad func arg */
-    ExpectIntEQ(wc_PKCS7_DecodeEnvelopedData(pkcs7, output,
-        (word32)sizeof(output), decoded, (word32)sizeof(decoded)),
-        WC_NO_ERR_TRACE(BAD_FUNC_ARG));
-    #else
-    ExpectIntEQ(wc_PKCS7_DecodeEnvelopedData(pkcs7, output,
-        (word32)sizeof(output), decoded, (word32)sizeof(decoded)),
-        WC_NO_ERR_TRACE(ASN_PARSE_E));
-    #endif
-  #endif /* !NO_RSA */
-    if (pkcs7 != NULL) {
-        pkcs7->singleCert = tmpBytePtr;
-    }
-#endif
-    if (pkcs7 != NULL) {
-        tempWrd32 = pkcs7->privateKeySz;
-        pkcs7->privateKeySz = 0;
-    }
-
-    ExpectIntEQ(wc_PKCS7_DecodeEnvelopedData(pkcs7, output,
-        (word32)sizeof(output), decoded, (word32)sizeof(decoded)),
-        WC_NO_ERR_TRACE(BAD_FUNC_ARG));
-    if (pkcs7 != NULL) {
-        pkcs7->privateKeySz = tempWrd32;
-
-        tmpBytePtr = pkcs7->privateKey;
-        pkcs7->privateKey = NULL;
-    }
-    ExpectIntEQ(wc_PKCS7_DecodeEnvelopedData(pkcs7, output,
-        (word32)sizeof(output), decoded, (word32)sizeof(decoded)),
-        WC_NO_ERR_TRACE(BAD_FUNC_ARG));
-    if (pkcs7 != NULL) {
-        pkcs7->privateKey = tmpBytePtr;
-    }
-
-    wc_PKCS7_Free(pkcs7);
-    pkcs7 = NULL;
-
-#if !defined(NO_AES) && defined(HAVE_AES_CBC) && defined(WOLFSSL_AES_256)
-    /* test of decrypt callback with KEKRI enveloped data */
-    {
-        int envelopedSz = 0;
-        const byte keyId[] = { 0x00 };
-
-        ExpectNotNull(pkcs7 = wc_PKCS7_New(HEAP_HINT, testDevId));
-        if (pkcs7 != NULL) {
-            pkcs7->content      = (byte*)input;
-            pkcs7->contentSz    = (word32)(sizeof(input)/sizeof(char));
-            pkcs7->contentOID   = DATA;
-            pkcs7->encryptOID   = AES256CBCb;
-        }
-        ExpectIntGT(wc_PKCS7_AddRecipient_KEKRI(pkcs7, AES256_WRAP,
-                    (byte*)defKey, sizeof(defKey), (byte*)keyId,
-                    sizeof(keyId), NULL, NULL, 0, NULL, 0, 0), 0);
-        ExpectIntEQ(wc_PKCS7_SetSignerIdentifierType(pkcs7, CMS_SKID), 0);
-        ExpectIntGT((envelopedSz = wc_PKCS7_EncodeEnvelopedData(pkcs7, output,
-                        (word32)sizeof(output))), 0);
-        wc_PKCS7_Free(pkcs7);
-        pkcs7 = NULL;
-
-        /* decode envelopedData */
-        ExpectNotNull(pkcs7 = wc_PKCS7_New(HEAP_HINT, testDevId));
-        ExpectIntEQ(wc_PKCS7_SetWrapCEKCb(pkcs7, myCEKwrapFunc), 0);
-        ExpectIntEQ(wc_PKCS7_SetDecodeEncryptedCb(pkcs7, myDecryptionFunc), 0);
-        ExpectIntGT((decodedSz = wc_PKCS7_DecodeEnvelopedData(pkcs7, output,
-                        (word32)envelopedSz, decoded, sizeof(decoded))), 0);
-        wc_PKCS7_Free(pkcs7);
-        pkcs7 = NULL;
-    }
-#endif /* !NO_AES && WOLFSSL_AES_256 */
-
-#ifndef NO_RSA
-    XFREE(rsaCert, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
-    XFREE(rsaPrivKey, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
-#endif /* NO_RSA */
-#ifdef HAVE_ECC
-    XFREE(eccCert, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
-    XFREE(eccPrivKey, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
-#endif /* HAVE_ECC */
-
-#ifdef ECC_TIMING_RESISTANT
-    DoExpectIntEQ(wc_FreeRng(&rng), 0);
-#endif
-
-#if defined(USE_CERT_BUFFERS_2048) && !defined(NO_DES3) && \
-    !defined(NO_RSA) && !defined(NO_SHA)
-    {
-        byte   out[7];
-        byte   *cms = NULL;
-        word32 cmsSz;
-        XFILE  cmsFile = XBADFILE;
-
-        XMEMSET(out, 0, sizeof(out));
-        ExpectNotNull(pkcs7 = wc_PKCS7_New(HEAP_HINT, testDevId));
-        ExpectTrue((cmsFile = XFOPEN("./certs/test/ktri-keyid-cms.msg", "rb"))
-            != XBADFILE);
-        cmsSz = (word32)FOURK_BUF;
-        ExpectNotNull(cms = (byte*)XMALLOC(FOURK_BUF, HEAP_HINT,
-            DYNAMIC_TYPE_TMP_BUFFER));
-        ExpectTrue((cmsSz = (word32)XFREAD(cms, 1, cmsSz, cmsFile)) > 0);
-        if (cmsFile != XBADFILE)
-            XFCLOSE(cmsFile);
-
-        ExpectIntEQ(wc_PKCS7_InitWithCert(pkcs7, (byte*)client_cert_der_2048,
-            sizeof_client_cert_der_2048), 0);
-        if (pkcs7 != NULL) {
-            pkcs7->privateKey   = (byte*)client_key_der_2048;
-            pkcs7->privateKeySz = sizeof_client_key_der_2048;
-        }
-        ExpectIntLT(wc_PKCS7_DecodeEnvelopedData(pkcs7, cms, cmsSz, out,
-            2), 0);
-        ExpectIntGT(wc_PKCS7_DecodeEnvelopedData(pkcs7, cms, cmsSz, out,
-            sizeof(out)), 0);
-        XFREE(cms, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
-        ExpectIntEQ(XMEMCMP(out, "test", 4), 0);
-        wc_PKCS7_Free(pkcs7);
-        pkcs7 = NULL;
-    }
-#endif /* USE_CERT_BUFFERS_2048 && !NO_DES3 && !NO_RSA && !NO_SHA */
-#endif /* HAVE_PKCS7 */
-    return EXPECT_RESULT();
-} /* END test_wc_PKCS7_EncodeDecodeEnvelopedData() */
-
-
-/*
- * Testing wc_PKCS7_EncodeEncryptedData()
- */
-static int test_wc_PKCS7_EncodeEncryptedData(void)
-{
-    EXPECT_DECLS;
-#if defined(HAVE_PKCS7) && !defined(NO_PKCS7_ENCRYPTED_DATA)
-    PKCS7*      pkcs7 = NULL;
-    byte*       tmpBytePtr = NULL;
-    byte        encrypted[TWOK_BUF];
-    byte        decoded[TWOK_BUF];
-    word32      tmpWrd32 = 0;
-    int         tmpInt = 0;
-    int         decodedSz = 0;
-    int         encryptedSz = 0;
-    int         testSz = 0;
-    int         i = 0;
-    const byte data[] = { /* Hello World */
-        0x48,0x65,0x6c,0x6c,0x6f,0x20,0x57,0x6f,
-        0x72,0x6c,0x64
-    };
-    #ifndef NO_DES3
-        byte desKey[] = {
-            0x01,0x23,0x45,0x67,0x89,0xab,0xcd,0xef
-        };
-        byte des3Key[] = {
-            0x01,0x23,0x45,0x67,0x89,0xab,0xcd,0xef,
-            0xfe,0xde,0xba,0x98,0x76,0x54,0x32,0x10,
-            0x89,0xab,0xcd,0xef,0x01,0x23,0x45,0x67
-        };
-    #endif
-    #if !defined(NO_AES) && defined(HAVE_AES_CBC)
-        #ifdef WOLFSSL_AES_128
-        byte aes128Key[] = {
-            0x01,0x02,0x03,0x04,0x05,0x06,0x07,0x08,
-            0x01,0x02,0x03,0x04,0x05,0x06,0x07,0x08
-        };
-        #endif
-        #ifdef WOLFSSL_AES_192
-        byte aes192Key[] = {
-            0x01,0x02,0x03,0x04,0x05,0x06,0x07,0x08,
-            0x01,0x02,0x03,0x04,0x05,0x06,0x07,0x08,
-            0x01,0x02,0x03,0x04,0x05,0x06,0x07,0x08
-        };
-        #endif
-        #ifdef WOLFSSL_AES_256
-        byte aes256Key[] = {
-            0x01,0x02,0x03,0x04,0x05,0x06,0x07,0x08,
-            0x01,0x02,0x03,0x04,0x05,0x06,0x07,0x08,
-            0x01,0x02,0x03,0x04,0x05,0x06,0x07,0x08,
-            0x01,0x02,0x03,0x04,0x05,0x06,0x07,0x08
-        };
-        #endif
-    #endif /* !NO_AES && HAVE_AES_CBC */
-    const pkcs7EncryptedVector testVectors[] =
-    {
-    #ifndef NO_DES3
-        {data, (word32)sizeof(data), DATA, DES3b, des3Key, sizeof(des3Key)},
-
-        {data, (word32)sizeof(data), DATA, DESb, desKey, sizeof(desKey)},
-    #endif /* !NO_DES3 */
-    #if !defined(NO_AES) && defined(HAVE_AES_CBC)
-        #ifdef WOLFSSL_AES_128
-        {data, (word32)sizeof(data), DATA, AES128CBCb, aes128Key,
-         sizeof(aes128Key)},
-        #endif
-
-        #ifdef WOLFSSL_AES_192
-        {data, (word32)sizeof(data), DATA, AES192CBCb, aes192Key,
-         sizeof(aes192Key)},
-        #endif
-
-        #ifdef WOLFSSL_AES_256
-        {data, (word32)sizeof(data), DATA, AES256CBCb, aes256Key,
-         sizeof(aes256Key)},
-        #endif
-
-    #endif /* !NO_AES && HAVE_AES_CBC */
-    };
-
-    testSz = sizeof(testVectors) / sizeof(pkcs7EncryptedVector);
-
-    for (i = 0; i < testSz; i++) {
-        ExpectNotNull(pkcs7 = wc_PKCS7_New(HEAP_HINT, testDevId));
-        ExpectIntEQ(wc_PKCS7_Init(pkcs7, HEAP_HINT, testDevId), 0);
-        if (pkcs7 != NULL) {
-            pkcs7->content              = (byte*)testVectors[i].content;
-            pkcs7->contentSz            = testVectors[i].contentSz;
-            pkcs7->contentOID           = testVectors[i].contentOID;
-            pkcs7->encryptOID           = testVectors[i].encryptOID;
-            pkcs7->encryptionKey        = testVectors[i].encryptionKey;
-            pkcs7->encryptionKeySz      = testVectors[i].encryptionKeySz;
-            pkcs7->heap                 = HEAP_HINT;
-        }
-
-        /* encode encryptedData */
-        ExpectIntGT(encryptedSz = wc_PKCS7_EncodeEncryptedData(pkcs7, encrypted,
-            sizeof(encrypted)), 0);
-
-        /* Decode encryptedData */
-        ExpectIntGT(decodedSz = wc_PKCS7_DecodeEncryptedData(pkcs7, encrypted,
-            (word32)encryptedSz, decoded, sizeof(decoded)), 0);
-
-        ExpectIntEQ(XMEMCMP(decoded, data, decodedSz), 0);
-        /* Keep values for last itr. */
-        if (i < testSz - 1) {
-            wc_PKCS7_Free(pkcs7);
-            pkcs7 = NULL;
-        }
-    }
-    if (pkcs7 == NULL || testSz == 0) {
-        ExpectNotNull(pkcs7 = wc_PKCS7_New(HEAP_HINT, testDevId));
-        ExpectIntEQ(wc_PKCS7_Init(pkcs7, HEAP_HINT, testDevId), 0);
-    }
-
-    ExpectIntEQ(wc_PKCS7_EncodeEncryptedData(NULL, encrypted,
-        sizeof(encrypted)),WC_NO_ERR_TRACE(BAD_FUNC_ARG));
-    ExpectIntEQ(wc_PKCS7_EncodeEncryptedData(pkcs7, NULL,
-        sizeof(encrypted)), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
-    ExpectIntEQ(wc_PKCS7_EncodeEncryptedData(pkcs7, encrypted,
-        0), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
-    /* Testing the struct. */
-    if (pkcs7 != NULL) {
-        tmpBytePtr = pkcs7->content;
-        pkcs7->content = NULL;
-    }
-    ExpectIntEQ(wc_PKCS7_EncodeEncryptedData(pkcs7, encrypted,
-        sizeof(encrypted)), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
-    if (pkcs7 != NULL) {
-        pkcs7->content = tmpBytePtr;
-        tmpWrd32 = pkcs7->contentSz;
-        pkcs7->contentSz = 0;
-    }
-    ExpectIntEQ(wc_PKCS7_EncodeEncryptedData(pkcs7, encrypted,
-        sizeof(encrypted)), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
-    if (pkcs7 != NULL) {
-        pkcs7->contentSz = tmpWrd32;
-        tmpInt = pkcs7->encryptOID;
-        pkcs7->encryptOID = 0;
-    }
-    ExpectIntEQ(wc_PKCS7_EncodeEncryptedData(pkcs7, encrypted,
-        sizeof(encrypted)), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
-    if (pkcs7 != NULL) {
-        pkcs7->encryptOID = tmpInt;
-        tmpBytePtr = pkcs7->encryptionKey;
-        pkcs7->encryptionKey = NULL;
-    }
-    ExpectIntEQ(wc_PKCS7_EncodeEncryptedData(pkcs7, encrypted,
-        sizeof(encrypted)), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
-    if (pkcs7 != NULL) {
-        pkcs7->encryptionKey = tmpBytePtr;
-        tmpWrd32 = pkcs7->encryptionKeySz;
-        pkcs7->encryptionKeySz = 0;
-    }
-    ExpectIntEQ(wc_PKCS7_EncodeEncryptedData(pkcs7, encrypted,
-        sizeof(encrypted)), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
-    if (pkcs7 != NULL) {
-        pkcs7->encryptionKeySz = tmpWrd32;
-    }
-
-    ExpectIntEQ(wc_PKCS7_DecodeEncryptedData(NULL, encrypted, (word32)encryptedSz,
-        decoded, sizeof(decoded)), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
-    ExpectIntEQ(wc_PKCS7_DecodeEncryptedData(pkcs7, NULL, (word32)encryptedSz,
-        decoded, sizeof(decoded)), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
-    ExpectIntEQ(wc_PKCS7_DecodeEncryptedData(pkcs7, encrypted, 0,
-        decoded, sizeof(decoded)), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
-    ExpectIntEQ(wc_PKCS7_DecodeEncryptedData(pkcs7, encrypted, (word32)encryptedSz,
-        NULL, sizeof(decoded)), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
-    ExpectIntEQ(wc_PKCS7_DecodeEncryptedData(pkcs7, encrypted, (word32)encryptedSz,
-        decoded, 0), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
-    /* Test struct fields */
-
-    if (pkcs7 != NULL) {
-        tmpBytePtr = pkcs7->encryptionKey;
-        pkcs7->encryptionKey = NULL;
-    }
-    ExpectIntEQ(wc_PKCS7_DecodeEncryptedData(pkcs7, encrypted, (word32)encryptedSz,
-        decoded, sizeof(decoded)), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
-    if (pkcs7 != NULL) {
-        pkcs7->encryptionKey = tmpBytePtr;
-        pkcs7->encryptionKeySz = 0;
-    }
-    ExpectIntEQ(wc_PKCS7_DecodeEncryptedData(pkcs7, encrypted, (word32)encryptedSz,
-        decoded, sizeof(decoded)), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
-
-    wc_PKCS7_Free(pkcs7);
-#endif
-    return EXPECT_RESULT();
-} /* END test_wc_PKCS7_EncodeEncryptedData() */
-
-
-#if defined(HAVE_PKCS7) && defined(USE_CERT_BUFFERS_2048) && !defined(NO_DES3) && !defined(NO_RSA) && !defined(NO_SHA)
-static void build_test_EncryptedKeyPackage(byte * out, word32 * out_size, byte * in_data, word32 in_size, size_t in_content_type, size_t test_vector)
-{
-    /* EncryptedKeyPackage ContentType TLV DER */
-    static const byte ekp_oid_tlv[] = {0x06U, 10U,
-        0X60U, 0X86U, 0X48U, 0X01U, 0X65U, 0X02U, 0X01U, 0X02U, 0X4EU, 0X02U};
-    if (in_content_type == ENCRYPTED_DATA) {
-        /* EncryptedData subtype */
-        size_t ekp_content_der_size = 2U + in_size;
-        size_t ekp_content_info_size = sizeof(ekp_oid_tlv) + ekp_content_der_size;
-        /* EncryptedKeyPackage ContentType */
-        out[0] = 0x30U;
-        out[1] = ekp_content_info_size & 0x7FU;
-        /* EncryptedKeyPackage ContentInfo */
-        XMEMCPY(&out[2], ekp_oid_tlv, sizeof(ekp_oid_tlv));
-        /* EncryptedKeyPackage content [0] */
-        out[14] = 0xA0U;
-        out[15] = in_size & 0x7FU;
-        XMEMCPY(&out[16], in_data, in_size);
-        *out_size = 16U + in_size;
-        switch (test_vector)
-        {
-        case 1: out[0] = 0x20U; break;
-        case 2: out[2] = 0x01U; break;
-        case 3: out[7] = 0x42U; break;
-        case 4: out[14] = 0xA2U; break;
-        }
-    }
-    else if (in_content_type == ENVELOPED_DATA) {
-        /* EnvelopedData subtype */
-        size_t ekp_choice_der_size = 4U + in_size;
-        size_t ekp_content_der_size = 4U + ekp_choice_der_size;
-        size_t ekp_content_info_size = sizeof(ekp_oid_tlv) + ekp_content_der_size;
-        /* EncryptedKeyPackage ContentType */
-        out[0] = 0x30U;
-        out[1] = 0x82U;
-        out[2] = ekp_content_info_size >> 8U;
-        out[3] = ekp_content_info_size & 0xFFU;
-        /* EncryptedKeyPackage ContentInfo */
-        XMEMCPY(&out[4], ekp_oid_tlv, sizeof(ekp_oid_tlv));
-        /* EncryptedKeyPackage content [0] */
-        out[16] = 0xA0U;
-        out[17] = 0x82U;
-        out[18] = ekp_choice_der_size >> 8U;
-        out[19] = ekp_choice_der_size & 0xFFU;
-        /* EncryptedKeyPackage CHOICE [0] EnvelopedData */
-        out[20] = 0xA0U;
-        out[21] = 0x82U;
-        out[22] = in_size >> 8U;
-        out[23] = in_size & 0xFFU;
-        XMEMCPY(&out[24], in_data, in_size);
-        *out_size = 24U + in_size;
-        switch (test_vector)
-        {
-        case 1: out[0] = 0x20U; break;
-        case 2: out[4] = 0x01U; break;
-        case 3: out[9] = 0x42U; break;
-        case 4: out[16] = 0xA2U; break;
-        }
-    }
-}
-#endif /* HAVE_PKCS7 && USE_CERT_BUFFERS_2048 && !NO_DES3 && !NO_RSA && !NO_SHA */
-
-/*
- * Test wc_PKCS7_DecodeEncryptedKeyPackage().
- */
-static int test_wc_PKCS7_DecodeEncryptedKeyPackage(void)
-{
-    EXPECT_DECLS;
-#if defined(HAVE_PKCS7) && defined(USE_CERT_BUFFERS_2048) && !defined(NO_DES3) && !defined(NO_RSA) && !defined(NO_SHA)
-    static const struct {
-        const char * msg_file_name;
-        word32 msg_content_type;
-    } test_messages[] = {
-        {"./certs/test/ktri-keyid-cms.msg", ENVELOPED_DATA},
-        {"./certs/test/encrypteddata.msg", ENCRYPTED_DATA},
-    };
-    static const int test_vectors[] = {
-        0,
-        WC_NO_ERR_TRACE(ASN_PARSE_E),
-        WC_NO_ERR_TRACE(ASN_PARSE_E),
-        WC_NO_ERR_TRACE(PKCS7_OID_E),
-        WC_NO_ERR_TRACE(ASN_PARSE_E),
-    };
-    static const byte key[] = {
-        0x01U, 0x23U, 0x45U, 0x67U, 0x89U, 0xABU, 0xCDU, 0xEFU,
-        0x00U, 0x11U, 0x22U, 0x33U, 0x44U, 0x55U, 0x66U, 0x77U,
-    };
-    size_t test_msg = 0U;
-    size_t test_vector = 0U;
-
-    for (test_msg = 0U; test_msg < (sizeof(test_messages)/sizeof(test_messages[0])); test_msg++)
-    {
-        for (test_vector = 0U; test_vector < (sizeof(test_vectors)/sizeof(test_vectors[0])); test_vector++)
-        {
-            byte * ekp_cms_der = NULL;
-            word32 ekp_cms_der_size = 0U;
-            byte * inner_cms_der = NULL;
-            word32 inner_cms_der_size = (word32)FOURK_BUF;
-            XFILE inner_cms_file = XBADFILE;
-            PKCS7 * pkcs7 = NULL;
-            byte out[15] = {0};
-            int result = 0;
-
-            ExpectNotNull(ekp_cms_der = (byte *)XMALLOC(FOURK_BUF, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER));
-            /* Check for possible previous test failure. */
-            if (ekp_cms_der == NULL) {
-                break;
-            }
-
-            ExpectNotNull(inner_cms_der = (byte *)XMALLOC(FOURK_BUF, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER));
-            ExpectTrue((inner_cms_file = XFOPEN(test_messages[test_msg].msg_file_name, "rb")) != XBADFILE);
-            ExpectTrue((inner_cms_der_size = (word32)XFREAD(inner_cms_der, 1, inner_cms_der_size, inner_cms_file)) > 0);
-            if (inner_cms_file != XBADFILE) {
-                XFCLOSE(inner_cms_file);
-            }
-            if (test_messages[test_msg].msg_content_type == ENVELOPED_DATA) {
-                /* Verify that the build_test_EncryptedKeyPackage can format as expected. */
-                ExpectIntGT(inner_cms_der_size, 127);
-            }
-            if (test_messages[test_msg].msg_content_type == ENCRYPTED_DATA) {
-                /* Verify that the build_test_EncryptedKeyPackage can format as expected. */
-                ExpectIntLT(inner_cms_der_size, 124);
-            }
-            build_test_EncryptedKeyPackage(ekp_cms_der, &ekp_cms_der_size, inner_cms_der, inner_cms_der_size, test_messages[test_msg].msg_content_type, test_vector);
-            XFREE(inner_cms_der, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
-
-            ExpectNotNull(pkcs7 = wc_PKCS7_New(HEAP_HINT, testDevId));
-            ExpectIntEQ(wc_PKCS7_InitWithCert(pkcs7, (byte *)client_cert_der_2048, sizeof_client_cert_der_2048), 0);
-            if (pkcs7 != NULL) {
-                if (test_messages[test_msg].msg_content_type == ENVELOPED_DATA) {
-                    /* To test EnvelopedData, set private key. */
-                    pkcs7->privateKey = (byte *)client_key_der_2048;
-                    pkcs7->privateKeySz = sizeof_client_key_der_2048;
-                }
-                if (test_messages[test_msg].msg_content_type == ENCRYPTED_DATA) {
-                    /* To test EncryptedData, set symmetric encryption key. */
-                    pkcs7->encryptionKey = (byte *)key;
-                    pkcs7->encryptionKeySz = sizeof(key);
-                }
-            }
-            ExpectIntEQ(wc_PKCS7_DecodeEncryptedKeyPackage(pkcs7, NULL, ekp_cms_der_size, out, sizeof(out)), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
-            result = wc_PKCS7_DecodeEncryptedKeyPackage(pkcs7, ekp_cms_der, ekp_cms_der_size, out, sizeof(out));
-            if (result == WC_NO_ERR_TRACE(WC_PKCS7_WANT_READ_E)) {
-                result = wc_PKCS7_DecodeEncryptedKeyPackage(pkcs7, ekp_cms_der, ekp_cms_der_size, out, sizeof(out));
-            }
-            if (test_vectors[test_vector] == 0U) {
-                if (test_messages[test_msg].msg_content_type == ENVELOPED_DATA) {
-                    ExpectIntGT(result, 0);
-                    ExpectIntEQ(XMEMCMP(out, "test", 4), 0);
-                }
-                if (test_messages[test_msg].msg_content_type == ENCRYPTED_DATA) {
-#ifndef NO_PKCS7_ENCRYPTED_DATA
-                    ExpectIntGT(result, 0);
-                    ExpectIntEQ(XMEMCMP(out, "testencrypt", 11), 0);
-#else
-                    ExpectIntEQ(result, WC_NO_ERR_TRACE(ASN_PARSE_E));
-#endif
-                }
-            }
-            else {
-                ExpectIntEQ(result, test_vectors[test_vector]);
-            }
-            XFREE(ekp_cms_der, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
-            wc_PKCS7_Free(pkcs7);
-        }
-    }
-#endif /* HAVE_PKCS7 && USE_CERT_BUFFERS_2048 && !NO_DES3 && !NO_RSA && !NO_SHA */
-    return EXPECT_RESULT();
-} /* END test_wc_PKCS7_DecodeEncryptedKeyPackage() */
-
-
-/*
- * Testing wc_PKCS7_Degenerate()
- */
-static int test_wc_PKCS7_Degenerate(void)
-{
-    EXPECT_DECLS;
-#if defined(HAVE_PKCS7) && !defined(NO_FILESYSTEM)
-    PKCS7* pkcs7 = NULL;
-    char   fName[] = "./certs/test-degenerate.p7b";
-    XFILE  f = XBADFILE;
-    byte   der[4096];
-    word32 derSz = 0;
-#ifndef NO_PKCS7_STREAM
-    word32 z;
-    int ret;
-#endif /* !NO_PKCS7_STREAM */
-    ExpectTrue((f = XFOPEN(fName, "rb")) != XBADFILE);
-    ExpectTrue((derSz = (word32)XFREAD(der, 1, sizeof(der), f)) > 0);
-    if (f != XBADFILE)
-        XFCLOSE(f);
-
-    /* test degenerate success */
-    ExpectNotNull(pkcs7 = wc_PKCS7_New(HEAP_HINT, testDevId));
-    ExpectIntEQ(wc_PKCS7_Init(pkcs7, HEAP_HINT, INVALID_DEVID), 0);
-    ExpectIntEQ(wc_PKCS7_InitWithCert(pkcs7, NULL, 0), 0);
-#ifndef NO_RSA
-    ExpectIntEQ(wc_PKCS7_VerifySignedData(pkcs7, der, derSz), 0);
-
-    #ifndef NO_PKCS7_STREAM
-    wc_PKCS7_Free(pkcs7);
-    pkcs7 = NULL;
-    ExpectNotNull(pkcs7 = wc_PKCS7_New(HEAP_HINT, testDevId));
-    ExpectIntEQ(wc_PKCS7_Init(pkcs7, HEAP_HINT, INVALID_DEVID), 0);
-    ExpectIntEQ(wc_PKCS7_InitWithCert(pkcs7, NULL, 0), 0);
-
-    /* test for streaming */
-    ret = -1;
-    for (z = 0; z < derSz && ret != 0; z++) {
-        ret = wc_PKCS7_VerifySignedData(pkcs7, der + z, 1);
-        if (ret < 0){
-            ExpectIntEQ(ret, WC_NO_ERR_TRACE(WC_PKCS7_WANT_READ_E));
-        }
-    }
-    ExpectIntEQ(ret, 0);
-    #endif /* !NO_PKCS7_STREAM */
-#else
-    ExpectIntNE(wc_PKCS7_VerifySignedData(pkcs7, der, derSz), 0);
-#endif /* NO_RSA */
-    wc_PKCS7_Free(pkcs7);
-    pkcs7 = NULL;
-
-    /* test with turning off degenerate cases */
-    ExpectNotNull(pkcs7 = wc_PKCS7_New(HEAP_HINT, testDevId));
-    ExpectIntEQ(wc_PKCS7_Init(pkcs7, HEAP_HINT, INVALID_DEVID), 0);
-    ExpectIntEQ(wc_PKCS7_InitWithCert(pkcs7, NULL, 0), 0);
-    wc_PKCS7_AllowDegenerate(pkcs7, 0); /* override allowing degenerate case */
-    ExpectIntEQ(wc_PKCS7_VerifySignedData(pkcs7, der, derSz),
-        WC_NO_ERR_TRACE(PKCS7_NO_SIGNER_E));
-
-    #ifndef NO_PKCS7_STREAM
-    wc_PKCS7_Free(pkcs7);
-    pkcs7 = NULL;
-    ExpectNotNull(pkcs7 = wc_PKCS7_New(HEAP_HINT, testDevId));
-    ExpectIntEQ(wc_PKCS7_Init(pkcs7, HEAP_HINT, INVALID_DEVID), 0);
-    ExpectIntEQ(wc_PKCS7_InitWithCert(pkcs7, NULL, 0), 0);
-    wc_PKCS7_AllowDegenerate(pkcs7, 0); /* override allowing degenerate case */
-
-    /* test for streaming */
-    ret = -1;
-    for (z = 0; z < derSz && ret != 0; z++) {
-        ret = wc_PKCS7_VerifySignedData(pkcs7, der + z, 1);
-        if (ret == WC_NO_ERR_TRACE(WC_PKCS7_WANT_READ_E)){
-            continue;
-        }
-        else
-            break;
-    }
-    ExpectIntEQ(ret, WC_NO_ERR_TRACE(PKCS7_NO_SIGNER_E));
-    #endif /* !NO_PKCS7_STREAM */
-
-    wc_PKCS7_Free(pkcs7);
-#endif
-    return EXPECT_RESULT();
-} /* END test_wc_PKCS7_Degenerate() */
-
-#if defined(HAVE_PKCS7) && !defined(NO_FILESYSTEM) && \
-    defined(ASN_BER_TO_DER) && !defined(NO_DES3) && !defined(NO_SHA)
-static byte berContent[] = {
-    0x30, 0x80, 0x06, 0x09, 0x2A, 0x86, 0x48, 0x86,
-    0xF7, 0x0D, 0x01, 0x07, 0x03, 0xA0, 0x80, 0x30,
-    0x80, 0x02, 0x01, 0x00, 0x31, 0x82, 0x01, 0x48,
-    0x30, 0x82, 0x01, 0x44, 0x02, 0x01, 0x00, 0x30,
-    0x81, 0xAC, 0x30, 0x81, 0x9E, 0x31, 0x0B, 0x30,
-    0x09, 0x06, 0x03, 0x55, 0x04, 0x06, 0x13, 0x02,
-    0x55, 0x53, 0x31, 0x10, 0x30, 0x0E, 0x06, 0x03,
-    0x55, 0x04, 0x08, 0x0C, 0x07, 0x4D, 0x6F, 0x6E,
-    0x74, 0x61, 0x6E, 0x61, 0x31, 0x10, 0x30, 0x0E,
-    0x06, 0x03, 0x55, 0x04, 0x07, 0x0C, 0x07, 0x42,
-    0x6F, 0x7A, 0x65, 0x6D, 0x61, 0x6E, 0x31, 0x15,
-    0x30, 0x13, 0x06, 0x03, 0x55, 0x04, 0x0A, 0x0C,
-    0x0C, 0x77, 0x6F, 0x6C, 0x66, 0x53, 0x53, 0x4C,
-    0x5F, 0x31, 0x30, 0x32, 0x34, 0x31, 0x19, 0x30,
-    0x17, 0x06, 0x03, 0x55, 0x04, 0x0B, 0x0C, 0x10,
-    0x50, 0x72, 0x6F, 0x67, 0x72, 0x61, 0x6D, 0x6D,
-    0x69, 0x6E, 0x67, 0x2D, 0x31, 0x30, 0x32, 0x34,
-    0x31, 0x18, 0x30, 0x16, 0x06, 0x03, 0x55, 0x04,
-    0x03, 0x0C, 0x0F, 0x77, 0x77, 0x77, 0x2E, 0x77,
-    0x6F, 0x6C, 0x66, 0x73, 0x73, 0x6C, 0x2E, 0x63,
-    0x6F, 0x6D, 0x31, 0x1F, 0x30, 0x1D, 0x06, 0x09,
-    0x2A, 0x86, 0x48, 0x86, 0xF7, 0x0D, 0x01, 0x09,
-    0x01, 0x16, 0x10, 0x69, 0x6E, 0x66, 0x6F, 0x40,
-    0x77, 0x6F, 0x6C, 0x66, 0x73, 0x73, 0x6C, 0x2E,
-    0x63, 0x6F, 0x6D, 0x02, 0x09, 0x00, 0xBB, 0xD3,
-    0x10, 0x03, 0xE6, 0x9D, 0x28, 0x03, 0x30, 0x0D,
-    0x06, 0x09, 0x2A, 0x86, 0x48, 0x86, 0xF7, 0x0D,
-    0x01, 0x01, 0x01, 0x05, 0x00, 0x04, 0x81, 0x80,
-    0x2F, 0xF9, 0x77, 0x4F, 0x04, 0x5C, 0x16, 0x62,
-    0xF0, 0x77, 0x8D, 0x95, 0x4C, 0xB1, 0x44, 0x9A,
-    0x8C, 0x3C, 0x8C, 0xE4, 0xD1, 0xC1, 0x14, 0x72,
-    0xD0, 0x4A, 0x1A, 0x94, 0x27, 0x0F, 0xAA, 0xE8,
-    0xD0, 0xA2, 0xE7, 0xED, 0x4C, 0x7F, 0x0F, 0xC7,
-    0x1B, 0xFB, 0x81, 0x0E, 0x76, 0x8F, 0xDD, 0x32,
-    0x11, 0x68, 0xA0, 0x13, 0xD2, 0x8D, 0x95, 0xEF,
-    0x80, 0x53, 0x81, 0x0E, 0x1F, 0xC8, 0xD6, 0x76,
-    0x5C, 0x31, 0xD3, 0x77, 0x33, 0x29, 0xA6, 0x1A,
-    0xD3, 0xC6, 0x14, 0x36, 0xCA, 0x8E, 0x7D, 0x72,
-    0xA0, 0x29, 0x4C, 0xC7, 0x3A, 0xAF, 0xFE, 0xF7,
-    0xFC, 0xD7, 0xE2, 0x8F, 0x6A, 0x20, 0x46, 0x09,
-    0x40, 0x22, 0x2D, 0x79, 0x38, 0x11, 0xB1, 0x4A,
-    0xE3, 0x48, 0xE8, 0x10, 0x37, 0xA0, 0x22, 0xF7,
-    0xB4, 0x79, 0xD1, 0xA9, 0x3D, 0xC2, 0xAB, 0x37,
-    0xAE, 0x82, 0x68, 0x1A, 0x16, 0xEF, 0x33, 0x0C,
-    0x30, 0x80, 0x06, 0x09, 0x2A, 0x86, 0x48, 0x86,
-    0xF7, 0x0D, 0x01, 0x07, 0x01, 0x30, 0x14, 0x06,
-    0x08, 0x2A, 0x86, 0x48, 0x86, 0xF7, 0x0D, 0x03,
-    0x07, 0x04, 0x08, 0xAD, 0xD0, 0x38, 0x9B, 0x16,
-    0x4B, 0x7F, 0x99, 0xA0, 0x80, 0x04, 0x82, 0x03,
-    0xE8, 0x6D, 0x48, 0xFB, 0x8A, 0xBD, 0xED, 0x6C,
-    0xCD, 0xC6, 0x48, 0xFD, 0xB7, 0xB0, 0x7C, 0x86,
-    0x2C, 0x8D, 0xF0, 0x23, 0x12, 0xD8, 0xA3, 0x2A,
-    0x21, 0x6F, 0x8B, 0x75, 0xBB, 0x47, 0x7F, 0xC9,
-    0xBA, 0xBA, 0xFF, 0x91, 0x09, 0x01, 0x7A, 0x5C,
-    0x96, 0x02, 0xB8, 0x8E, 0xF8, 0x67, 0x7E, 0x8F,
-    0xF9, 0x51, 0x0E, 0xFF, 0x8E, 0xE2, 0x61, 0xC0,
-    0xDF, 0xFA, 0xE2, 0x4C, 0x50, 0x90, 0xAE, 0xA1,
-    0x15, 0x38, 0x3D, 0xBE, 0x88, 0xD7, 0x57, 0xC0,
-    0x11, 0x44, 0xA2, 0x61, 0x05, 0x49, 0x6A, 0x94,
-    0x04, 0x10, 0xD9, 0xC2, 0x2D, 0x15, 0x20, 0x0D,
-    0xBD, 0xA2, 0xEF, 0xE4, 0x68, 0xFA, 0x39, 0x75,
-    0x7E, 0xD8, 0x64, 0x44, 0xCB, 0xE0, 0x00, 0x6D,
-    0x57, 0x4E, 0x8A, 0x17, 0xA9, 0x83, 0x6C, 0x7F,
-    0xFE, 0x01, 0xEE, 0xDE, 0x99, 0x3A, 0xB2, 0xFF,
-    0xD3, 0x72, 0x78, 0xBA, 0xF1, 0x23, 0x54, 0x48,
-    0x02, 0xD8, 0x38, 0xA9, 0x54, 0xE5, 0x4A, 0x81,
-    0xB9, 0xC0, 0x67, 0xB2, 0x7D, 0x3C, 0x6F, 0xCE,
-    0xA4, 0xDD, 0x34, 0x5F, 0x60, 0xB1, 0xA3, 0x7A,
-    0xE4, 0x43, 0xF2, 0x89, 0x64, 0x35, 0x09, 0x32,
-    0x51, 0xFB, 0x5C, 0x67, 0x0C, 0x3B, 0xFC, 0x36,
-    0x6B, 0x37, 0x43, 0x6C, 0x03, 0xCD, 0x44, 0xC7,
-    0x2B, 0x62, 0xD6, 0xD1, 0xF4, 0x07, 0x7B, 0x19,
-    0x91, 0xF0, 0xD7, 0xF5, 0x54, 0xBC, 0x0F, 0x42,
-    0x6B, 0x69, 0xF7, 0xA3, 0xC8, 0xEE, 0xB9, 0x7A,
-    0x9E, 0x3D, 0xDF, 0x53, 0x47, 0xF7, 0x50, 0x67,
-    0x00, 0xCF, 0x2B, 0x3B, 0xE9, 0x85, 0xEE, 0xBD,
-    0x4C, 0x64, 0x66, 0x0B, 0x77, 0x80, 0x9D, 0xEF,
-    0x11, 0x32, 0x77, 0xA8, 0xA4, 0x5F, 0xEE, 0x2D,
-    0xE0, 0x43, 0x87, 0x76, 0x87, 0x53, 0x4E, 0xD7,
-    0x1A, 0x04, 0x7B, 0xE1, 0xD1, 0xE1, 0xF5, 0x87,
-    0x51, 0x13, 0xE0, 0xC2, 0xAA, 0xA3, 0x4B, 0xAA,
-    0x9E, 0xB4, 0xA6, 0x1D, 0x4E, 0x28, 0x57, 0x0B,
-    0x80, 0x90, 0x81, 0x4E, 0x04, 0xF5, 0x30, 0x8D,
-    0x51, 0xCE, 0x57, 0x2F, 0x88, 0xC5, 0x70, 0xC4,
-    0x06, 0x8F, 0xDD, 0x37, 0xC1, 0x34, 0x1E, 0x0E,
-    0x15, 0x32, 0x23, 0x92, 0xAB, 0x40, 0xEA, 0xF7,
-    0x43, 0xE2, 0x1D, 0xE2, 0x4B, 0xC9, 0x91, 0xF4,
-    0x63, 0x21, 0x34, 0xDB, 0xE9, 0x86, 0x83, 0x1A,
-    0xD2, 0x52, 0xEF, 0x7A, 0xA2, 0xEE, 0xA4, 0x11,
-    0x56, 0xD3, 0x6C, 0xF5, 0x6D, 0xE4, 0xA5, 0x2D,
-    0x99, 0x02, 0x10, 0xDF, 0x29, 0xC5, 0xE3, 0x0B,
-    0xC4, 0xA1, 0xEE, 0x5F, 0x4A, 0x10, 0xEE, 0x85,
-    0x73, 0x2A, 0x92, 0x15, 0x2C, 0xC8, 0xF4, 0x8C,
-    0xD7, 0x3D, 0xBC, 0xAD, 0x18, 0xE0, 0x59, 0xD3,
-    0xEE, 0x75, 0x90, 0x1C, 0xCC, 0x76, 0xC6, 0x64,
-    0x17, 0xD2, 0xD0, 0x91, 0xA6, 0xD0, 0xC1, 0x4A,
-    0xAA, 0x58, 0x22, 0xEC, 0x45, 0x98, 0xF2, 0xCC,
-    0x4C, 0xE4, 0xBF, 0xED, 0xF6, 0x44, 0x72, 0x36,
-    0x65, 0x3F, 0xE3, 0xB5, 0x8B, 0x3E, 0x54, 0x9C,
-    0x82, 0x86, 0x5E, 0xB0, 0xF2, 0x12, 0xE5, 0x69,
-    0xFA, 0x46, 0xA2, 0x54, 0xFC, 0xF5, 0x4B, 0xE0,
-    0x24, 0x3B, 0x99, 0x04, 0x1A, 0x7A, 0xF7, 0xD1,
-    0xFF, 0x68, 0x97, 0xB2, 0x85, 0x82, 0x95, 0x27,
-    0x2B, 0xF4, 0xE7, 0x1A, 0x74, 0x19, 0xEC, 0x8C,
-    0x4E, 0xA7, 0x0F, 0xAD, 0x4F, 0x5A, 0x02, 0x80,
-    0xC1, 0x6A, 0x9E, 0x54, 0xE4, 0x8E, 0xA3, 0x41,
-    0x3F, 0x6F, 0x9C, 0x82, 0x9F, 0x83, 0xB0, 0x44,
-    0x01, 0x5F, 0x10, 0x9D, 0xD3, 0xB6, 0x33, 0x5B,
-    0xAF, 0xAC, 0x6B, 0x57, 0x2A, 0x01, 0xED, 0x0E,
-    0x17, 0xB9, 0x80, 0x76, 0x12, 0x1C, 0x51, 0x56,
-    0xDD, 0x6D, 0x94, 0xAB, 0xD2, 0xE5, 0x15, 0x2D,
-    0x3C, 0xC5, 0xE8, 0x62, 0x05, 0x8B, 0x40, 0xB1,
-    0xC2, 0x83, 0xCA, 0xAC, 0x4B, 0x8B, 0x39, 0xF7,
-    0xA0, 0x08, 0x43, 0x5C, 0xF7, 0xE8, 0xED, 0x40,
-    0x72, 0x73, 0xE3, 0x6B, 0x18, 0x67, 0xA0, 0xB6,
-    0x0F, 0xED, 0x8F, 0x9A, 0xE4, 0x27, 0x62, 0x23,
-    0xAA, 0x6D, 0x6C, 0x31, 0xC9, 0x9D, 0x6B, 0xE0,
-    0xBF, 0x9D, 0x7D, 0x2E, 0x76, 0x71, 0x06, 0x39,
-    0xAC, 0x96, 0x1C, 0xAF, 0x30, 0xF2, 0x62, 0x9C,
-    0x84, 0x3F, 0x43, 0x5E, 0x19, 0xA8, 0xE5, 0x3C,
-    0x9D, 0x43, 0x3C, 0x43, 0x41, 0xE8, 0x82, 0xE7,
-    0x5B, 0xF3, 0xE2, 0x15, 0xE3, 0x52, 0x20, 0xFD,
-    0x0D, 0xB2, 0x4D, 0x48, 0xAD, 0x53, 0x7E, 0x0C,
-    0xF0, 0xB9, 0xBE, 0xC9, 0x58, 0x4B, 0xC8, 0xA8,
-    0xA3, 0x36, 0xF1, 0x2C, 0xD2, 0xE1, 0xC8, 0xC4,
-    0x3C, 0x48, 0x70, 0xC2, 0x6D, 0x6C, 0x3D, 0x99,
-    0xAC, 0x43, 0x19, 0x69, 0xCA, 0x67, 0x1A, 0xC9,
-    0xE1, 0x47, 0xFA, 0x0A, 0xE6, 0x5B, 0x6F, 0x61,
-    0xD0, 0x03, 0xE4, 0x03, 0x4B, 0xFD, 0xE2, 0xA5,
-    0x8D, 0x83, 0x01, 0x7E, 0xC0, 0x7B, 0x2E, 0x0B,
-    0x29, 0xDD, 0xD6, 0xDC, 0x71, 0x46, 0xBD, 0x9A,
-    0x40, 0x46, 0x1E, 0x0A, 0xB1, 0x00, 0xE7, 0x71,
-    0x29, 0x77, 0xFC, 0x9A, 0x76, 0x8A, 0x5F, 0x66,
-    0x9B, 0x63, 0x91, 0x12, 0x78, 0xBF, 0x67, 0xAD,
-    0xA1, 0x72, 0x9E, 0xC5, 0x3E, 0xE5, 0xCB, 0xAF,
-    0xD6, 0x5A, 0x0D, 0xB6, 0x9B, 0xA3, 0x78, 0xE8,
-    0xB0, 0x8F, 0x69, 0xED, 0xC1, 0x73, 0xD5, 0xE5,
-    0x1C, 0x18, 0xA0, 0x58, 0x4C, 0x49, 0xBD, 0x91,
-    0xCE, 0x15, 0x0D, 0xAA, 0x5A, 0x07, 0xEA, 0x1C,
-    0xA7, 0x4B, 0x11, 0x31, 0x80, 0xAF, 0xA1, 0x0A,
-    0xED, 0x6C, 0x70, 0xE4, 0xDB, 0x75, 0x86, 0xAE,
-    0xBF, 0x4A, 0x05, 0x72, 0xDE, 0x84, 0x8C, 0x7B,
-    0x59, 0x81, 0x58, 0xE0, 0xC0, 0x15, 0xB5, 0xF3,
-    0xD5, 0x73, 0x78, 0x83, 0x53, 0xDA, 0x92, 0xC1,
-    0xE6, 0x71, 0x74, 0xC7, 0x7E, 0xAA, 0x36, 0x06,
-    0xF0, 0xDF, 0xBA, 0xFB, 0xEF, 0x54, 0xE8, 0x11,
-    0xB2, 0x33, 0xA3, 0x0B, 0x9E, 0x0C, 0x59, 0x75,
-    0x13, 0xFA, 0x7F, 0x88, 0xB9, 0x86, 0xBD, 0x1A,
-    0xDB, 0x52, 0x12, 0xFB, 0x6D, 0x1A, 0xCB, 0x49,
-    0x94, 0x94, 0xC4, 0xA9, 0x99, 0xC0, 0xA4, 0xB6,
-    0x60, 0x36, 0x09, 0x94, 0x2A, 0xD5, 0xC4, 0x26,
-    0xF4, 0xA3, 0x6A, 0x0E, 0x57, 0x8B, 0x7C, 0xA4,
-    0x1D, 0x75, 0xE8, 0x2A, 0xF3, 0xC4, 0x3C, 0x7D,
-    0x45, 0x6D, 0xD8, 0x24, 0xD1, 0x3B, 0xF7, 0xCF,
-    0xE4, 0x45, 0x2A, 0x55, 0xE5, 0xA9, 0x1F, 0x1C,
-    0x8F, 0x55, 0x8D, 0xC1, 0xF7, 0x74, 0xCC, 0x26,
-    0xC7, 0xBA, 0x2E, 0x5C, 0xC1, 0x71, 0x0A, 0xAA,
-    0xD9, 0x6D, 0x76, 0xA7, 0xF9, 0xD1, 0x18, 0xCB,
-    0x5A, 0x52, 0x98, 0xA8, 0x0D, 0x3F, 0x06, 0xFC,
-    0x49, 0x11, 0x21, 0x5F, 0x86, 0x19, 0x33, 0x81,
-    0xB5, 0x7A, 0xDA, 0xA1, 0x47, 0xBF, 0x7C, 0xD7,
-    0x05, 0x96, 0xC7, 0xF5, 0xC1, 0x61, 0xE5, 0x18,
-    0xA5, 0x38, 0x68, 0xED, 0xB4, 0x17, 0x62, 0x0D,
-    0x01, 0x5E, 0xC3, 0x04, 0xA6, 0xBA, 0xB1, 0x01,
-    0x60, 0x5C, 0xC1, 0x3A, 0x34, 0x97, 0xD6, 0xDB,
-    0x67, 0x73, 0x4D, 0x33, 0x96, 0x01, 0x67, 0x44,
-    0xEA, 0x47, 0x5E, 0x44, 0xB5, 0xE5, 0xD1, 0x6C,
-    0x20, 0xA9, 0x6D, 0x4D, 0xBC, 0x02, 0xF0, 0x70,
-    0xE4, 0xDD, 0xE9, 0xD5, 0x5C, 0x28, 0x29, 0x0B,
-    0xB4, 0x60, 0x2A, 0xF1, 0xF7, 0x1A, 0xF0, 0x36,
-    0xAE, 0x51, 0x3A, 0xAE, 0x6E, 0x48, 0x7D, 0xC7,
-    0x5C, 0xF3, 0xDC, 0xF6, 0xED, 0x27, 0x4E, 0x8E,
-    0x48, 0x18, 0x3E, 0x08, 0xF1, 0xD8, 0x3D, 0x0D,
-    0xE7, 0x2F, 0x65, 0x8A, 0x6F, 0xE2, 0x1E, 0x06,
-    0xC1, 0x04, 0x58, 0x7B, 0x4A, 0x75, 0x60, 0x92,
-    0x13, 0xC6, 0x40, 0x2D, 0x3A, 0x8A, 0xD1, 0x03,
-    0x05, 0x1F, 0x28, 0x66, 0xC2, 0x57, 0x2A, 0x4C,
-    0xE1, 0xA3, 0xCB, 0xA1, 0x95, 0x30, 0x10, 0xED,
-    0xDF, 0xAE, 0x70, 0x49, 0x4E, 0xF6, 0xB4, 0x5A,
-    0xB6, 0x22, 0x56, 0x37, 0x05, 0xE7, 0x3E, 0xB2,
-    0xE3, 0x96, 0x62, 0xEC, 0x09, 0x53, 0xC0, 0x50,
-    0x3D, 0xA7, 0xBC, 0x9B, 0x39, 0x02, 0x26, 0x16,
-    0xB5, 0x34, 0x17, 0xD4, 0xCA, 0xFE, 0x1D, 0xE4,
-    0x5A, 0xDA, 0x4C, 0xC2, 0xCA, 0x8E, 0x79, 0xBF,
-    0xD8, 0x4C, 0xBB, 0xFA, 0x30, 0x7B, 0xA9, 0x3E,
-    0x52, 0x19, 0xB1, 0x00, 0x00, 0x00, 0x00, 0x00,
-    0x00, 0x00, 0x00, 0x00, 0x00
-};
-#endif /* HAVE_PKCS7 && !NO_FILESYSTEM && ASN_BER_TO_DER &&
-        * !NO_DES3 && !NO_SHA
-        */
-
-/*
- * Testing wc_PKCS7_BER()
- */
-static int test_wc_PKCS7_BER(void)
-{
-    EXPECT_DECLS;
-#if defined(HAVE_PKCS7) && !defined(NO_FILESYSTEM) && \
-    !defined(NO_SHA) && defined(ASN_BER_TO_DER)
-    PKCS7* pkcs7 = NULL;
-    char   fName[] = "./certs/test-ber-exp02-05-2022.p7b";
-    XFILE  f = XBADFILE;
-    byte   der[4096];
-#ifndef NO_DES3
-    byte   decoded[2048];
-#endif
-    word32 derSz = 0;
-#if !defined(NO_PKCS7_STREAM) && !defined(NO_RSA)
-    word32 z;
-    int ret;
-#endif /* !NO_PKCS7_STREAM && !NO_RSA */
-
-    ExpectTrue((f = XFOPEN(fName, "rb")) != XBADFILE);
-    ExpectTrue((derSz = (word32)XFREAD(der, 1, sizeof(der), f)) > 0);
-    if (f != XBADFILE) {
-        XFCLOSE(f);
-        f = XBADFILE;
-    }
-
-    ExpectNotNull(pkcs7 = wc_PKCS7_New(HEAP_HINT, testDevId));
-    ExpectIntEQ(wc_PKCS7_Init(pkcs7, HEAP_HINT, INVALID_DEVID), 0);
-    ExpectIntEQ(wc_PKCS7_InitWithCert(pkcs7, NULL, 0), 0);
-#ifndef NO_RSA
-    ExpectIntEQ(wc_PKCS7_VerifySignedData(pkcs7, der, derSz), 0);
-
-    #ifndef NO_PKCS7_STREAM
-    wc_PKCS7_Free(pkcs7);
-    pkcs7 = NULL;
-    ExpectNotNull(pkcs7 = wc_PKCS7_New(HEAP_HINT, testDevId));
-    ExpectIntEQ(wc_PKCS7_Init(pkcs7, HEAP_HINT, INVALID_DEVID), 0);
-    ExpectIntEQ(wc_PKCS7_InitWithCert(pkcs7, NULL, 0), 0);
-
-    /* test for streaming */
-    ret = -1;
-    for (z = 0; z < derSz && ret != 0; z++) {
-        ret = wc_PKCS7_VerifySignedData(pkcs7, der + z, 1);
-        if (ret < 0){
-            ExpectIntEQ(ret, WC_NO_ERR_TRACE(WC_PKCS7_WANT_READ_E));
-        }
-    }
-    ExpectIntEQ(ret, 0);
-    #endif /* !NO_PKCS7_STREAM */
-#else
-    ExpectIntNE(wc_PKCS7_VerifySignedData(pkcs7, der, derSz), 0);
-#endif
-    wc_PKCS7_Free(pkcs7);
-    pkcs7 = NULL;
-
-#ifndef NO_DES3
-    /* decode BER content */
-    ExpectTrue((f = XFOPEN("./certs/1024/client-cert.der", "rb")) != XBADFILE);
-    ExpectTrue((derSz = (word32)XFREAD(der, 1, sizeof(der), f)) > 0);
-    if (f != XBADFILE) {
-        XFCLOSE(f);
-        f = XBADFILE;
-    }
-    ExpectNotNull(pkcs7 = wc_PKCS7_New(HEAP_HINT, testDevId));
-#ifndef NO_RSA
-    ExpectIntEQ(wc_PKCS7_InitWithCert(pkcs7, der, derSz), 0);
-#else
-    ExpectIntNE(wc_PKCS7_InitWithCert(pkcs7, der, derSz), 0);
-#endif
-
-    ExpectTrue((f = XFOPEN("./certs/1024/client-key.der", "rb")) != XBADFILE);
-    ExpectTrue((derSz = (word32)XFREAD(der, 1, sizeof(der), f)) > 0);
-    if (f != XBADFILE) {
-        XFCLOSE(f);
-        f = XBADFILE;
-    }
-    if (pkcs7 != NULL) {
-        pkcs7->privateKey   = der;
-        pkcs7->privateKeySz = derSz;
-    }
-#ifndef NO_RSA
-#ifdef WOLFSSL_SP_MATH
-    ExpectIntEQ(wc_PKCS7_DecodeEnvelopedData(pkcs7, berContent,
-        sizeof(berContent), decoded, sizeof(decoded)), WC_NO_ERR_TRACE(WC_KEY_SIZE_E));
-#else
-    ExpectIntGT(wc_PKCS7_DecodeEnvelopedData(pkcs7, berContent,
-        sizeof(berContent), decoded, sizeof(decoded)), 0);
-#endif
-#else
-    ExpectIntEQ(wc_PKCS7_DecodeEnvelopedData(pkcs7, berContent,
-        sizeof(berContent), decoded, sizeof(decoded)), WC_NO_ERR_TRACE(NOT_COMPILED_IN));
-#endif
-    wc_PKCS7_Free(pkcs7);
-#endif /* !NO_DES3 */
-#endif
-    return EXPECT_RESULT();
-} /* END test_wc_PKCS7_BER() */
-
-static int test_wc_PKCS7_signed_enveloped(void)
-{
-    EXPECT_DECLS;
-#if defined(HAVE_PKCS7) && !defined(NO_RSA) && !defined(NO_AES) && \
-    defined(WOLFSSL_AES_256) && !defined(NO_FILESYSTEM)
-    XFILE  f = XBADFILE;
-    PKCS7* pkcs7 = NULL;
-#ifdef HAVE_AES_CBC
-    PKCS7* inner = NULL;
-#endif
-    WC_RNG rng;
-    unsigned char key[FOURK_BUF/2];
-    unsigned char cert[FOURK_BUF/2];
-    unsigned char env[FOURK_BUF];
-    int envSz  = FOURK_BUF;
-    int keySz = 0;
-    int certSz = 0;
-    unsigned char sig[FOURK_BUF * 2];
-    int sigSz = FOURK_BUF * 2;
-#ifdef HAVE_AES_CBC
-    unsigned char decoded[FOURK_BUF];
-    int decodedSz = FOURK_BUF;
-#endif
-#ifndef NO_PKCS7_STREAM
-    int z;
-    int ret;
-#endif /* !NO_PKCS7_STREAM */
-
-    XMEMSET(&rng, 0, sizeof(WC_RNG));
-
-    /* load cert */
-    ExpectTrue((f = XFOPEN(cliCertDerFile, "rb")) != XBADFILE);
-    ExpectIntGT((certSz = (int)XFREAD(cert, 1, sizeof(cert), f)), 0);
-    if (f != XBADFILE) {
-        XFCLOSE(f);
-        f = XBADFILE;
-    }
-
-    /* load key */
-    ExpectTrue((f = XFOPEN(cliKeyFile, "rb")) != XBADFILE);
-    ExpectIntGT((keySz = (int)XFREAD(key, 1, sizeof(key), f)), 0);
-    if (f != XBADFILE) {
-        XFCLOSE(f);
-        f = XBADFILE;
-    }
-    ExpectIntGT(keySz = wolfSSL_KeyPemToDer(key, keySz, key, keySz, NULL), 0);
-
-    /* sign cert for envelope */
-    ExpectNotNull(pkcs7 = wc_PKCS7_New(NULL, 0));
-    ExpectIntEQ(wc_InitRng(&rng), 0);
-    ExpectIntEQ(wc_PKCS7_InitWithCert(pkcs7, cert, (word32)certSz), 0);
-    if (pkcs7 != NULL) {
-        pkcs7->content    = cert;
-        pkcs7->contentSz  = (word32)certSz;
-        pkcs7->contentOID = DATA;
-        pkcs7->privateKey   = key;
-        pkcs7->privateKeySz = (word32)keySz;
-        pkcs7->encryptOID   = RSAk;
-        pkcs7->hashOID      = SHA256h;
-        pkcs7->rng          = &rng;
-    }
-    ExpectIntGT((sigSz = wc_PKCS7_EncodeSignedData(pkcs7, sig, (word32)sigSz)), 0);
-    wc_PKCS7_Free(pkcs7);
-    pkcs7 = NULL;
-    DoExpectIntEQ(wc_FreeRng(&rng), 0);
-
-#if defined(HAVE_AES_CBC) && defined(WOLFSSL_AES_256)
-    /* create envelope */
-    ExpectNotNull(pkcs7 = wc_PKCS7_New(NULL, 0));
-    ExpectIntEQ(wc_PKCS7_InitWithCert(pkcs7, cert, (word32)certSz), 0);
-    if (pkcs7 != NULL) {
-        pkcs7->content   = sig;
-        pkcs7->contentSz = (word32)sigSz;
-        pkcs7->contentOID = DATA;
-        pkcs7->encryptOID = AES256CBCb;
-        pkcs7->privateKey   = key;
-        pkcs7->privateKeySz = (word32)keySz;
-    }
-    ExpectIntGT((envSz = wc_PKCS7_EncodeEnvelopedData(pkcs7, env, (word32)envSz)), 0);
-    ExpectIntLT(wc_PKCS7_EncodeEnvelopedData(pkcs7, env, 2), 0);
-    wc_PKCS7_Free(pkcs7);
-    pkcs7 = NULL;
-#endif
-
-    /* create bad signed enveloped data */
-    sigSz = FOURK_BUF * 2;
-    ExpectNotNull(pkcs7 = wc_PKCS7_New(NULL, 0));
-    ExpectIntEQ(wc_InitRng(&rng), 0);
-    ExpectIntEQ(wc_PKCS7_InitWithCert(pkcs7, cert, (word32)certSz), 0);
-    if (pkcs7 != NULL) {
-        pkcs7->content    = env;
-        pkcs7->contentSz  = (word32)envSz;
-        pkcs7->contentOID = DATA;
-        pkcs7->privateKey   = key;
-        pkcs7->privateKeySz = (word32)keySz;
-        pkcs7->encryptOID   = RSAk;
-        pkcs7->hashOID      = SHA256h;
-        pkcs7->rng = &rng;
-    }
-
-    /* Set no certs in bundle for this test. */
-    if (pkcs7 != NULL) {
-        ExpectIntEQ(wc_PKCS7_SetNoCerts(pkcs7, 1), 0);
-        ExpectIntEQ(wc_PKCS7_SetNoCerts(NULL, 1), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
-        ExpectIntEQ(wc_PKCS7_GetNoCerts(pkcs7), 1);
-    }
-    ExpectIntGT((sigSz = wc_PKCS7_EncodeSignedData(pkcs7, sig, (word32)sigSz)), 0);
-    wc_PKCS7_Free(pkcs7);
-    pkcs7 = NULL;
-
-    /* check verify fails */
-    ExpectNotNull(pkcs7 = wc_PKCS7_New(NULL, 0));
-    ExpectIntEQ(wc_PKCS7_InitWithCert(pkcs7, NULL, 0), 0);
-    ExpectIntEQ(wc_PKCS7_VerifySignedData(pkcs7, sig, (word32)sigSz),
-            WC_NO_ERR_TRACE(PKCS7_SIGNEEDS_CHECK));
-
-    /* try verifying the signature manually */
-    {
-        RsaKey rKey;
-        word32 idx = 0;
-        byte digest[MAX_SEQ_SZ + MAX_ALGO_SZ + MAX_OCTET_STR_SZ +
-            WC_MAX_DIGEST_SIZE];
-        int  digestSz = 0;
-
-        ExpectIntEQ(wc_InitRsaKey(&rKey, HEAP_HINT), 0);
-        ExpectIntEQ(wc_RsaPrivateKeyDecode(key, &idx, &rKey, (word32)keySz), 0);
-        ExpectIntGT(digestSz = wc_RsaSSL_Verify(pkcs7->signature,
-            pkcs7->signatureSz, digest, sizeof(digest), &rKey), 0);
-        ExpectIntEQ(digestSz, pkcs7->pkcs7DigestSz);
-        ExpectIntEQ(XMEMCMP(digest, pkcs7->pkcs7Digest, digestSz), 0);
-        ExpectIntEQ(wc_FreeRsaKey(&rKey), 0);
-        /* verify was success */
-    }
-
-    wc_PKCS7_Free(pkcs7);
-    pkcs7 = NULL;
-
-    /* initializing the PKCS7 struct with the signing certificate should pass */
-    ExpectNotNull(pkcs7 = wc_PKCS7_New(NULL, 0));
-    ExpectIntEQ(wc_PKCS7_InitWithCert(pkcs7, cert, (word32)certSz), 0);
-    ExpectIntEQ(wc_PKCS7_VerifySignedData(pkcs7, sig, (word32)sigSz), 0);
-
-#ifndef NO_PKCS7_STREAM
-    wc_PKCS7_Free(pkcs7);
-    pkcs7 = NULL;
-    ExpectNotNull(pkcs7 = wc_PKCS7_New(HEAP_HINT, testDevId));
-    ExpectIntEQ(wc_PKCS7_InitWithCert(pkcs7, cert, (word32)certSz), 0);
-
-    /* test for streaming */
-    ret = -1;
-    for (z = 0; z < sigSz && ret != 0; z++) {
-        ret = wc_PKCS7_VerifySignedData(pkcs7, sig + z, 1);
-        if (ret < 0){
-            ExpectIntEQ(ret, WC_NO_ERR_TRACE(WC_PKCS7_WANT_READ_E));
-        }
-    }
-    ExpectIntEQ(ret, 0);
-#endif /* !NO_PKCS7_STREAM */
-
-    wc_PKCS7_Free(pkcs7);
-    pkcs7 = NULL;
-
-    /* create valid degenerate bundle */
-    sigSz = FOURK_BUF * 2;
-    ExpectNotNull(pkcs7 = wc_PKCS7_New(NULL, 0));
-    if (pkcs7 != NULL) {
-        pkcs7->content    = env;
-        pkcs7->contentSz  = (word32)envSz;
-        pkcs7->contentOID = DATA;
-        pkcs7->privateKey   = key;
-        pkcs7->privateKeySz = (word32)keySz;
-        pkcs7->encryptOID   = RSAk;
-        pkcs7->hashOID      = SHA256h;
-        pkcs7->rng = &rng;
-    }
-    ExpectIntEQ(wc_PKCS7_SetSignerIdentifierType(pkcs7, DEGENERATE_SID), 0);
-    ExpectIntGT((sigSz = wc_PKCS7_EncodeSignedData(pkcs7, sig, (word32)sigSz)), 0);
-    wc_PKCS7_Free(pkcs7);
-    pkcs7 = NULL;
-    wc_FreeRng(&rng);
-
-    /* check verify */
-    ExpectNotNull(pkcs7 = wc_PKCS7_New(NULL, 0));
-    ExpectIntEQ(wc_PKCS7_Init(pkcs7, HEAP_HINT, testDevId), 0);
-    ExpectIntEQ(wc_PKCS7_VerifySignedData(pkcs7, sig, (word32)sigSz), 0);
-    ExpectNotNull(pkcs7->content);
-
-#ifndef NO_PKCS7_STREAM
-    wc_PKCS7_Free(pkcs7);
-    pkcs7 = NULL;
-
-    /* create valid degenerate bundle */
-    sigSz = FOURK_BUF * 2;
-    ExpectNotNull(pkcs7 = wc_PKCS7_New(NULL, 0));
-    if (pkcs7 != NULL) {
-        pkcs7->content    = env;
-        pkcs7->contentSz  = (word32)envSz;
-        pkcs7->contentOID = DATA;
-        pkcs7->privateKey   = key;
-        pkcs7->privateKeySz = (word32)keySz;
-        pkcs7->encryptOID   = RSAk;
-        pkcs7->hashOID      = SHA256h;
-        pkcs7->rng = &rng;
-    }
-    ExpectIntEQ(wc_PKCS7_SetSignerIdentifierType(pkcs7, DEGENERATE_SID), 0);
-    ExpectIntGT((sigSz = wc_PKCS7_EncodeSignedData(pkcs7, sig, (word32)sigSz)), 0);
-    wc_PKCS7_Free(pkcs7);
-    pkcs7 = NULL;
-    wc_FreeRng(&rng);
-
-    /* check verify */
-    ExpectNotNull(pkcs7 = wc_PKCS7_New(NULL, 0));
-    ExpectIntEQ(wc_PKCS7_Init(pkcs7, HEAP_HINT, testDevId), 0);
-    /* test for streaming */
-    ret = -1;
-    for (z = 0; z < sigSz && ret != 0; z++) {
-        ret = wc_PKCS7_VerifySignedData(pkcs7, sig + z, 1);
-        if (ret < 0){
-            ExpectIntEQ(ret, WC_NO_ERR_TRACE(WC_PKCS7_WANT_READ_E));
-        }
-    }
-    ExpectIntEQ(ret, 0);
-#endif /* !NO_PKCS7_STREAM */
-
-#ifdef HAVE_AES_CBC
-    /* check decode */
-    ExpectNotNull(inner = wc_PKCS7_New(NULL, 0));
-    ExpectIntEQ(wc_PKCS7_InitWithCert(inner, cert, (word32)certSz), 0);
-    if (inner != NULL) {
-        inner->privateKey   = key;
-        inner->privateKeySz = (word32)keySz;
-    }
-    ExpectIntGT((decodedSz = wc_PKCS7_DecodeEnvelopedData(inner, pkcs7->content,
-                   pkcs7->contentSz, decoded, (word32)decodedSz)), 0);
-    wc_PKCS7_Free(inner);
-    inner = NULL;
-#endif
-    wc_PKCS7_Free(pkcs7);
-    pkcs7 = NULL;
-
-#ifdef HAVE_AES_CBC
-    /* check cert set */
-    ExpectNotNull(pkcs7 = wc_PKCS7_New(NULL, 0));
-    ExpectIntEQ(wc_PKCS7_InitWithCert(pkcs7, NULL, 0), 0);
-    ExpectIntEQ(wc_PKCS7_VerifySignedData(pkcs7, decoded, (word32)decodedSz), 0);
-    ExpectNotNull(pkcs7->singleCert);
-    ExpectIntNE(pkcs7->singleCertSz, 0);
-    wc_PKCS7_Free(pkcs7);
-    pkcs7 = NULL;
-
-#ifndef NO_PKCS7_STREAM
-    ExpectNotNull(pkcs7 = wc_PKCS7_New(NULL, 0));
-    ExpectIntEQ(wc_PKCS7_InitWithCert(pkcs7, NULL, 0), 0);
-    /* test for streaming */
-    ret = -1;
-    for (z = 0; z < decodedSz && ret != 0; z++) {
-        ret = wc_PKCS7_VerifySignedData(pkcs7, decoded + z, 1);
-        if (ret < 0){
-            ExpectIntEQ(ret, WC_NO_ERR_TRACE(WC_PKCS7_WANT_READ_E));
-        }
-    }
-    ExpectIntEQ(ret, 0);
-    ExpectNotNull(pkcs7->singleCert);
-    ExpectIntNE(pkcs7->singleCertSz, 0);
-    wc_PKCS7_Free(pkcs7);
-    pkcs7 = NULL;
-#endif /* !NO_PKCS7_STREAM */
-#endif
-
-    {
-        /* arbitrary custom SKID */
-        const byte customSKID[] = {
-            0x40, 0x25, 0x77, 0x56
-        };
-
-        ExpectIntEQ(wc_InitRng(&rng), 0);
-        sigSz = FOURK_BUF * 2;
-        ExpectNotNull(pkcs7 = wc_PKCS7_New(HEAP_HINT, testDevId));
-        if (pkcs7 != NULL) {
-            ExpectIntEQ(wc_PKCS7_InitWithCert(pkcs7, cert, (word32)certSz), 0);
-            pkcs7->content    = cert;
-            pkcs7->contentSz  = (word32)certSz;
-            pkcs7->contentOID = DATA;
-            pkcs7->privateKey   = key;
-            pkcs7->privateKeySz = (word32)keySz;
-            pkcs7->encryptOID   = RSAk;
-            pkcs7->hashOID      = SHA256h;
-            pkcs7->rng          = &rng;
-            ExpectIntEQ(wc_PKCS7_SetSignerIdentifierType(pkcs7, CMS_SKID), 0);
-            ExpectIntEQ(wc_PKCS7_SetCustomSKID(pkcs7, customSKID,
-                        sizeof(customSKID)), 0);
-            ExpectIntGT((sigSz = wc_PKCS7_EncodeSignedData(pkcs7, sig,
-                (word32)sigSz)), 0);
-        }
-        wc_PKCS7_Free(pkcs7);
-        pkcs7 = NULL;
-        wc_FreeRng(&rng);
-    }
-#endif /* HAVE_PKCS7 && !NO_RSA && !NO_AES */
-    return EXPECT_RESULT();
-}
-
-static int test_wc_PKCS7_NoDefaultSignedAttribs(void)
-{
-    EXPECT_DECLS;
-#if defined(HAVE_PKCS7) && !defined(NO_FILESYSTEM) && !defined(NO_RSA) \
-    && !defined(NO_AES)
-    PKCS7* pkcs7 = NULL;
-    void*  heap = NULL;
-
-    ExpectNotNull(pkcs7 = wc_PKCS7_New(heap, testDevId));
-    ExpectIntEQ(wc_PKCS7_Init(pkcs7, heap, testDevId), 0);
-
-    ExpectIntEQ(wc_PKCS7_NoDefaultSignedAttribs(NULL), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
-    ExpectIntEQ(wc_PKCS7_NoDefaultSignedAttribs(pkcs7), 0);
-
-    wc_PKCS7_Free(pkcs7);
-#endif
-    return EXPECT_RESULT();
-}
-
-static int test_wc_PKCS7_SetOriEncryptCtx(void)
-{
-    EXPECT_DECLS;
-#if defined(HAVE_PKCS7) && !defined(NO_FILESYSTEM) && !defined(NO_RSA) \
-    && !defined(NO_AES)
-    PKCS7*       pkcs7 = NULL;
-    void*        heap = NULL;
-    WOLFSSL_CTX* ctx = NULL;
-
-    ExpectNotNull(pkcs7 = wc_PKCS7_New(heap, testDevId));
-    ExpectIntEQ(wc_PKCS7_Init(pkcs7, heap, testDevId), 0);
-
-    ExpectIntEQ(wc_PKCS7_SetOriEncryptCtx(NULL, ctx), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
-    ExpectIntEQ(wc_PKCS7_SetOriEncryptCtx(pkcs7, ctx), 0);
-
-    wc_PKCS7_Free(pkcs7);
-#endif
-    return EXPECT_RESULT();
-}
-
-static int test_wc_PKCS7_SetOriDecryptCtx(void)
-{
-    EXPECT_DECLS;
-#if defined(HAVE_PKCS7) && !defined(NO_FILESYSTEM) && !defined(NO_RSA) \
-    && !defined(NO_AES)
-    PKCS7*       pkcs7 = NULL;
-    void*        heap = NULL;
-    WOLFSSL_CTX* ctx = NULL;
-
-    ExpectNotNull(pkcs7 = wc_PKCS7_New(heap, testDevId));
-    ExpectIntEQ(wc_PKCS7_Init(pkcs7, heap, testDevId), 0);
-
-    ExpectIntEQ(wc_PKCS7_SetOriDecryptCtx(NULL, ctx), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
-    ExpectIntEQ(wc_PKCS7_SetOriDecryptCtx(pkcs7, ctx), 0);
-
-    wc_PKCS7_Free(pkcs7);
-#endif
-    return EXPECT_RESULT();
-}
-
-static int test_wc_PKCS7_DecodeCompressedData(void)
-{
-    EXPECT_DECLS;
-#if defined(HAVE_PKCS7) && !defined(NO_FILESYSTEM) && !defined(NO_RSA) \
-    && !defined(NO_AES) && defined(HAVE_LIBZ)
-    PKCS7* pkcs7 = NULL;
-    void*  heap = NULL;
-    byte   out[4096];
-    byte*  decompressed = NULL;
-    int    outSz;
-    int    decompressedSz;
-    const char* cert = "./certs/client-cert.pem";
-    byte*  cert_buf = NULL;
-    size_t cert_sz = 0;
-
-    ExpectIntEQ(load_file(cert, &cert_buf, &cert_sz), 0);
-    ExpectNotNull((decompressed = (byte*)XMALLOC(cert_sz, heap,
-        DYNAMIC_TYPE_TMP_BUFFER)));
-    decompressedSz = (int)cert_sz;
-    ExpectNotNull((pkcs7 = wc_PKCS7_New(heap, testDevId)));
-
-    if (pkcs7 != NULL) {
-        pkcs7->content    = (byte*)cert_buf;
-        pkcs7->contentSz  = (word32)cert_sz;
-        pkcs7->contentOID = DATA;
-    }
-
-    ExpectIntGT((outSz = wc_PKCS7_EncodeCompressedData(pkcs7, out,
-        sizeof(out))), 0);
-    wc_PKCS7_Free(pkcs7);
-    pkcs7 = NULL;
-
-    /* compressed key should be smaller than when started */
-    ExpectIntLT(outSz, cert_sz);
-
-    /* test decompression */
-    ExpectNotNull((pkcs7 = wc_PKCS7_New(heap, testDevId)));
-    ExpectIntEQ(pkcs7->contentOID, 0);
-
-    /* fail case with out buffer too small */
-    ExpectIntLT(wc_PKCS7_DecodeCompressedData(pkcs7, out, outSz,
-        decompressed, outSz), 0);
-
-    /* success case */
-    ExpectIntEQ(wc_PKCS7_DecodeCompressedData(pkcs7, out, outSz,
-        decompressed, decompressedSz), cert_sz);
-    ExpectIntEQ(pkcs7->contentOID, DATA);
-    ExpectIntEQ(XMEMCMP(decompressed, cert_buf, cert_sz), 0);
-    XFREE(decompressed, heap, DYNAMIC_TYPE_TMP_BUFFER);
-    decompressed = NULL;
-
-    /* test decompression function with different 'max' inputs */
-    outSz = sizeof(out);
-    ExpectIntGT((outSz = wc_Compress(out, outSz, cert_buf, (word32)cert_sz, 0)),
-        0);
-    ExpectIntLT(wc_DeCompressDynamic(&decompressed, 1, DYNAMIC_TYPE_TMP_BUFFER,
-        out, outSz, 0, heap), 0);
-    ExpectNull(decompressed);
-    ExpectIntGT(wc_DeCompressDynamic(&decompressed, -1, DYNAMIC_TYPE_TMP_BUFFER,
-        out, outSz, 0, heap), 0);
-    ExpectNotNull(decompressed);
-    ExpectIntEQ(XMEMCMP(decompressed, cert_buf, cert_sz), 0);
-    XFREE(decompressed, heap, DYNAMIC_TYPE_TMP_BUFFER);
-    decompressed = NULL;
-
-    ExpectIntGT(wc_DeCompressDynamic(&decompressed, DYNAMIC_TYPE_TMP_BUFFER, 5,
-        out, outSz, 0, heap), 0);
-    ExpectNotNull(decompressed);
-    ExpectIntEQ(XMEMCMP(decompressed, cert_buf, cert_sz), 0);
-    XFREE(decompressed, heap, DYNAMIC_TYPE_TMP_BUFFER);
-
-    if (cert_buf != NULL)
-        free(cert_buf);
-    wc_PKCS7_Free(pkcs7);
-#endif
-    return EXPECT_RESULT();
-}
-
-static int test_wc_i2d_PKCS12(void)
-{
-    EXPECT_DECLS;
-#if !defined(NO_ASN) && !defined(NO_PWDBASED) && defined(HAVE_PKCS12) \
-    && !defined(NO_FILESYSTEM) && !defined(NO_RSA) \
-    && !defined(NO_AES) && !defined(NO_SHA)
-    WC_PKCS12* pkcs12 = NULL;
-    unsigned char der[FOURK_BUF * 2];
-    unsigned char* pt;
-    int derSz = 0;
-    unsigned char out[FOURK_BUF * 2];
-    int outSz = FOURK_BUF * 2;
-    const char p12_f[] = "./certs/test-servercert.p12";
-    XFILE f = XBADFILE;
-
-    ExpectTrue((f =  XFOPEN(p12_f, "rb")) != XBADFILE);
-    ExpectIntGT(derSz = (int)XFREAD(der, 1, sizeof(der), f), 0);
-    if (f != XBADFILE)
-        XFCLOSE(f);
-
-    ExpectNotNull(pkcs12 = wc_PKCS12_new());
-    ExpectIntEQ(wc_d2i_PKCS12(der, (word32)derSz, pkcs12), 0);
-    ExpectIntEQ(wc_i2d_PKCS12(pkcs12, NULL, &outSz), WC_NO_ERR_TRACE(LENGTH_ONLY_E));
-    ExpectIntEQ(outSz, derSz);
-
-    outSz = derSz - 1;
-    pt = out;
-    ExpectIntLE(wc_i2d_PKCS12(pkcs12, &pt, &outSz), 0);
-
-    outSz = derSz;
-    ExpectIntEQ(wc_i2d_PKCS12(pkcs12, &pt, &outSz), derSz);
-    ExpectIntEQ((pt == out), 0);
-
-    pt = NULL;
-    ExpectIntEQ(wc_i2d_PKCS12(pkcs12, &pt, NULL), derSz);
-    XFREE(pt, NULL, DYNAMIC_TYPE_PKCS);
-    wc_PKCS12_free(pkcs12);
-    pkcs12 = NULL;
-
-    /* Run the same test but use wc_d2i_PKCS12_fp. */
-    ExpectNotNull(pkcs12 = wc_PKCS12_new());
-    ExpectIntEQ(wc_d2i_PKCS12_fp("./certs/test-servercert.p12", &pkcs12), 0);
-    ExpectIntEQ(wc_i2d_PKCS12(pkcs12, NULL, &outSz), WC_NO_ERR_TRACE(LENGTH_ONLY_E));
-    ExpectIntEQ(outSz, derSz);
-    wc_PKCS12_free(pkcs12);
-    pkcs12 = NULL;
-
-    /* wc_d2i_PKCS12_fp can also allocate the PKCS12 object for the caller. */
-    ExpectIntEQ(wc_d2i_PKCS12_fp("./certs/test-servercert.p12", &pkcs12), 0);
-    ExpectIntEQ(wc_i2d_PKCS12(pkcs12, NULL, &outSz), WC_NO_ERR_TRACE(LENGTH_ONLY_E));
-    ExpectIntEQ(outSz, derSz);
-    wc_PKCS12_free(pkcs12);
-    pkcs12 = NULL;
-#endif
-    return EXPECT_RESULT();
-}
-
-static int test_wc_PKCS12_create_once(int keyEncType, int certEncType)
-{
-    EXPECT_DECLS;
-#if !defined(NO_ASN) && defined(HAVE_PKCS12) && !defined(NO_PWDBASED) && \
-    !defined(NO_RSA) && !defined(NO_ASN_CRYPT) && \
-    !defined(NO_HMAC) && !defined(NO_CERTS) && defined(USE_CERT_BUFFERS_2048)
-
-    byte* inKey = (byte*) server_key_der_2048;
-    const word32 inKeySz= sizeof_server_key_der_2048;
-    byte* inCert = (byte*) server_cert_der_2048;
-    const word32 inCertSz = sizeof_server_cert_der_2048;
-    WC_DerCertList inCa = {
-        (byte*)ca_cert_der_2048, sizeof_ca_cert_der_2048, NULL
-    };
-    char pkcs12Passwd[] = "test_wc_PKCS12_create";
-
-    WC_PKCS12* pkcs12Export = NULL;
-    WC_PKCS12* pkcs12Import = NULL;
-    byte* pkcs12Der = NULL;
-    byte* outKey = NULL;
-    byte* outCert = NULL;
-    WC_DerCertList* outCaList = NULL;
-    word32 pkcs12DerSz = 0;
-    word32 outKeySz = 0;
-    word32 outCertSz = 0;
-
-    ExpectNotNull(pkcs12Export = wc_PKCS12_create(pkcs12Passwd,
-        sizeof(pkcs12Passwd) - 1,
-        (char*) "friendlyName" /* not used currently */,
-        inKey, inKeySz, inCert, inCertSz, &inCa, keyEncType, certEncType,
-        2048, 2048, 0 /* not used currently */, NULL));
-    pkcs12Der = NULL;
-    ExpectIntGE((pkcs12DerSz = wc_i2d_PKCS12(pkcs12Export, &pkcs12Der, NULL)),
-        0);
-
-    ExpectNotNull(pkcs12Import = wc_PKCS12_new_ex(NULL));
-    ExpectIntGE(wc_d2i_PKCS12(pkcs12Der, pkcs12DerSz, pkcs12Import), 0);
-    ExpectIntEQ(wc_PKCS12_parse(pkcs12Import, pkcs12Passwd, &outKey, &outKeySz,
-        &outCert, &outCertSz, &outCaList), 0);
-
-    ExpectIntEQ(outKeySz, inKeySz);
-    ExpectIntEQ(outCertSz, outCertSz);
-    ExpectNotNull(outCaList);
-    ExpectNotNull(outCaList->buffer);
-    ExpectIntEQ(outCaList->bufferSz, inCa.bufferSz);
-    ExpectNull(outCaList->next);
-
-    ExpectIntEQ(XMEMCMP(inKey, outKey, outKeySz), 0);
-    ExpectIntEQ(XMEMCMP(inCert, outCert, outCertSz), 0);
-    ExpectIntEQ(XMEMCMP(inCa.buffer, outCaList->buffer, outCaList->bufferSz),
-        0);
-
-    XFREE(outKey, NULL, DYNAMIC_TYPE_PUBLIC_KEY);
-    XFREE(outCert, NULL, DYNAMIC_TYPE_PKCS);
-    wc_FreeCertList(outCaList, NULL);
-    wc_PKCS12_free(pkcs12Import);
-    XFREE(pkcs12Der, NULL, DYNAMIC_TYPE_PKCS);
-    wc_PKCS12_free(pkcs12Export);
-#endif
-    (void) keyEncType;
-    (void) certEncType;
-
-    return EXPECT_RESULT();
-}
-
-static int test_wc_PKCS12_create(void)
-{
-    EXPECT_DECLS;
-
-    EXPECT_TEST(test_wc_PKCS12_create_once(-1, -1));
-#if !defined(NO_RC4) && !defined(NO_SHA)
-    EXPECT_TEST(test_wc_PKCS12_create_once(PBE_SHA1_RC4_128, PBE_SHA1_RC4_128));
-#endif
-#if !defined(NO_DES3) && !defined(NO_SHA)
-    EXPECT_TEST(test_wc_PKCS12_create_once(PBE_SHA1_DES, PBE_SHA1_DES));
-#endif
-#if !defined(NO_DES3) && !defined(NO_SHA)
-    EXPECT_TEST(test_wc_PKCS12_create_once(PBE_SHA1_DES3, PBE_SHA1_DES3));
-#endif
-#if defined(HAVE_AES_CBC) && !defined(NO_AES) && !defined(NO_AES_256) && \
-    !defined(NO_SHA) && defined(WOLFSSL_ASN_TEMPLATE)
-    /* Encoding certificate with PBE_AES256_CBC needs WOLFSSL_ASN_TEMPLATE */
-    EXPECT_TEST(test_wc_PKCS12_create_once(PBE_AES256_CBC, PBE_AES256_CBC));
-#endif
-#if defined(HAVE_AES_CBC) && !defined(NO_AES) && !defined(NO_AES_128) && \
-    !defined(NO_SHA) && defined(WOLFSSL_ASN_TEMPLATE)
-    /* Encoding certificate with PBE_AES128_CBC needs WOLFSSL_ASN_TEMPLATE */
-    EXPECT_TEST(test_wc_PKCS12_create_once(PBE_AES128_CBC, PBE_AES128_CBC));
-#endif
-/* Testing a mixture of 2 algorithms */
-#if defined(HAVE_AES_CBC) && !defined(NO_AES) && !defined(NO_AES_256) && \
-    !defined(NO_SHA) && defined(WOLFSSL_ASN_TEMPLATE) && !defined(NO_DES3)
-    EXPECT_TEST(test_wc_PKCS12_create_once(PBE_AES256_CBC, PBE_SHA1_DES3));
-#endif
-
-    (void) test_wc_PKCS12_create_once;
-
-    return EXPECT_RESULT();
-}
-
-/*----------------------------------------------------------------------------*
- | ASN.1 Tests
- *----------------------------------------------------------------------------*/
-
-static int test_wolfSSL_ASN1_BIT_STRING(void)
-{
-    EXPECT_DECLS;
-#if !defined(NO_CERTS) && defined(OPENSSL_ALL)
-    ASN1_BIT_STRING* str = NULL;
-    ASN1_BIT_STRING* str2 = NULL;
-    unsigned char* der = NULL;
-
-    ExpectNotNull(str = ASN1_BIT_STRING_new());
-    /* Empty data testing. */
-    ExpectIntEQ(ASN1_BIT_STRING_get_bit(str, 1), 0);
-    ASN1_BIT_STRING_free(str);
-    str = NULL;
-
-    ExpectNotNull(str = ASN1_BIT_STRING_new());
-
-    /* Invalid parameter testing. */
-    ExpectIntEQ(ASN1_BIT_STRING_set_bit(NULL, 42, 1), 0);
-    ExpectIntEQ(ASN1_BIT_STRING_set_bit(str, -1, 1), 0);
-    ExpectIntEQ(ASN1_BIT_STRING_set_bit(str, 42, 2), 0);
-    ExpectIntEQ(ASN1_BIT_STRING_set_bit(str, 42, -1), 0);
-
-    /* No bit string - bit is always 0. */
-    ExpectIntEQ(ASN1_BIT_STRING_get_bit(NULL, 42), 0);
-    ExpectIntEQ(ASN1_BIT_STRING_get_bit(NULL, -1), 0);
-    ExpectIntEQ(ASN1_BIT_STRING_get_bit(str, -1), 0);
-    ExpectIntEQ(ASN1_BIT_STRING_get_bit(str, 0), 0);
-
-    ExpectIntEQ(ASN1_BIT_STRING_set_bit(str, 42, 1), 1);
-    ExpectIntEQ(ASN1_BIT_STRING_get_bit(str, 42), 1);
-    ExpectIntEQ(ASN1_BIT_STRING_get_bit(str, 41), 0);
-    ExpectIntEQ(ASN1_BIT_STRING_get_bit(str, -1), 0);
-    ExpectIntEQ(ASN1_BIT_STRING_set_bit(str, 84, 1), 1);
-    ExpectIntEQ(ASN1_BIT_STRING_get_bit(str, 84), 1);
-    ExpectIntEQ(ASN1_BIT_STRING_get_bit(str, 83), 0);
-    ExpectIntEQ(ASN1_BIT_STRING_set_bit(str, 91, 0), 1);
-    ExpectIntEQ(ASN1_BIT_STRING_get_bit(str, 91), 0);
-    ExpectIntEQ(ASN1_BIT_STRING_set_bit(str, 89, 0), 1);
-    ExpectIntEQ(ASN1_BIT_STRING_get_bit(str, 89), 0);
-    ExpectIntEQ(ASN1_BIT_STRING_set_bit(str, 42, 0), 1);
-    ExpectIntEQ(ASN1_BIT_STRING_get_bit(str, 42), 0);
-
-    ExpectIntEQ(i2d_ASN1_BIT_STRING(str, NULL), 14);
-    ExpectIntEQ(i2d_ASN1_BIT_STRING(str, &der), 14);
-#ifdef WOLFSSL_ASN_TEMPLATE
-    {
-        const unsigned char* tmp = der;
-        ExpectNotNull(d2i_ASN1_BIT_STRING(&str2, &tmp, 14));
-    }
-#endif
-
-    ASN1_BIT_STRING_free(str);
-    ASN1_BIT_STRING_free(str2);
-    ASN1_BIT_STRING_free(NULL);
-    XFREE(der, NULL, DYNAMIC_TYPE_ASN1);
-#endif
-    return EXPECT_RESULT();
-}
-
-static int test_wolfSSL_ASN1_INTEGER(void)
-{
-    EXPECT_DECLS;
-#if defined(OPENSSL_EXTRA) && !defined(NO_ASN)
-    ASN1_INTEGER* a = NULL;
-    ASN1_INTEGER* dup = NULL;
-    const unsigned char invalidLenDer[] = {
-        0x02, 0x20, 0x00
-    };
-    const unsigned char longDer[] = {
-        0x02, 0x20,
-            0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08,
-            0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08,
-            0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08,
-            0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08
-    };
-    const unsigned char* p;
-
-    /* Invalid parameter testing. */
-    ASN1_INTEGER_free(NULL);
-    ExpectNull(wolfSSL_ASN1_INTEGER_dup(NULL));
-
-    ExpectNotNull(a = ASN1_INTEGER_new());
-    ExpectNotNull(dup = wolfSSL_ASN1_INTEGER_dup(a));
-    ASN1_INTEGER_free(dup);
-    dup = NULL;
-    ASN1_INTEGER_free(a);
-    a = NULL;
-
-    p = invalidLenDer;
-    ExpectNull(d2i_ASN1_INTEGER(NULL, &p, sizeof(invalidLenDer)));
-
-    p = longDer;
-    ExpectNotNull(a = d2i_ASN1_INTEGER(NULL, &p, sizeof(longDer)));
-    ExpectPtrNE(p, longDer);
-    ExpectNotNull(dup = wolfSSL_ASN1_INTEGER_dup(a));
-    ASN1_INTEGER_free(dup);
-    ASN1_INTEGER_free(a);
-#endif
-    return EXPECT_RESULT();
-}
-
-static int test_wolfSSL_ASN1_INTEGER_cmp(void)
-{
-    EXPECT_DECLS;
-#if defined(OPENSSL_EXTRA) && !defined(NO_ASN)
-    ASN1_INTEGER* a = NULL;
-    ASN1_INTEGER* b = NULL;
-
-    ExpectNotNull(a = ASN1_INTEGER_new());
-    ExpectNotNull(b = ASN1_INTEGER_new());
-    ExpectIntEQ(ASN1_INTEGER_set(a, 1), 1);
-    ExpectIntEQ(ASN1_INTEGER_set(b, 1), 1);
-
-    /* Invalid parameter testing. */
-    ExpectIntEQ(wolfSSL_ASN1_INTEGER_cmp(NULL, NULL), -1);
-    ExpectIntEQ(wolfSSL_ASN1_INTEGER_cmp(a, NULL), -1);
-    ExpectIntEQ(wolfSSL_ASN1_INTEGER_cmp(NULL, b), -1);
-
-    ExpectIntEQ(wolfSSL_ASN1_INTEGER_cmp(a, b), 0);
-    ExpectIntEQ(ASN1_INTEGER_set(b, -1), 1);
-    ExpectIntGT(wolfSSL_ASN1_INTEGER_cmp(a, b), 0);
-    ExpectIntEQ(ASN1_INTEGER_set(a, -2), 1);
-    ExpectIntLT(wolfSSL_ASN1_INTEGER_cmp(a, b), 0);
-    ExpectIntEQ(ASN1_INTEGER_set(b, 1), 1);
-    ExpectIntLT(wolfSSL_ASN1_INTEGER_cmp(a, b), 0);
-    ExpectIntEQ(ASN1_INTEGER_set(a, 0x01), 1);
-    ExpectIntEQ(ASN1_INTEGER_set(b, 0x1000), 1);
-    ExpectIntLT(wolfSSL_ASN1_INTEGER_cmp(a, b), 0);
-    ExpectIntGT(wolfSSL_ASN1_INTEGER_cmp(b, a), 0);
-
-    ASN1_INTEGER_free(b);
-    ASN1_INTEGER_free(a);
-#endif
-    return EXPECT_RESULT();
-}
-
-static int test_wolfSSL_ASN1_INTEGER_BN(void)
-{
-    EXPECT_DECLS;
-#if defined(OPENSSL_EXTRA) && !defined(NO_ASN)
-    ASN1_INTEGER* ai = NULL;
-    ASN1_INTEGER* ai2 = NULL;
-    BIGNUM* bn = NULL;
-    BIGNUM* bn2 = NULL;
-
-    ExpectNotNull(ai = ASN1_INTEGER_new());
-    ExpectNotNull(bn2 = BN_new());
-
-    /* Invalid parameter testing. */
-    ExpectNull(bn = ASN1_INTEGER_to_BN(NULL, NULL));
-    ExpectNull(ai2 = BN_to_ASN1_INTEGER(NULL, NULL));
-
-    /* at the moment hard setting since no set function */
-    if (ai != NULL) {
-        ai->data[0] = 0xff; /* No DER encoding. */
-        ai->length = 1;
-    }
-#if defined(WOLFSSL_QT) || defined(WOLFSSL_HAPROXY)
-    ExpectNotNull(bn = ASN1_INTEGER_to_BN(ai, NULL));
-    BN_free(bn);
-    bn = NULL;
-#else
-    ExpectNull(ASN1_INTEGER_to_BN(ai, NULL));
-#endif
-
-    if (ai != NULL) {
-        ai->data[0] = 0x02; /* tag for ASN_INTEGER */
-        ai->data[1] = 0x04; /* bad length of integer */
-        ai->data[2] = 0x03;
-        ai->length = 3;
-    }
-#if defined(WOLFSSL_QT) || defined(WOLFSSL_HAPROXY)
-    /* Interpreted as a number 0x020403. */
-    ExpectNotNull(bn = ASN1_INTEGER_to_BN(ai, NULL));
-    BN_free(bn);
-    bn = NULL;
-#else
-    ExpectNull(ASN1_INTEGER_to_BN(ai, NULL));
-#endif
-
-    if (ai != NULL) {
-        ai->data[0] = 0x02; /* tag for ASN_INTEGER */
-        ai->data[1] = 0x01; /* length of integer */
-        ai->data[2] = 0x03;
-        ai->length = 3;
-    }
-    ExpectNotNull(bn = ASN1_INTEGER_to_BN(ai, NULL));
-    ExpectNotNull(ai2 = BN_to_ASN1_INTEGER(bn, NULL));
-    ExpectIntEQ(ASN1_INTEGER_cmp(ai, ai2), 0);
-    ExpectNotNull(bn2 = ASN1_INTEGER_to_BN(ai2, bn2));
-    ExpectIntEQ(BN_cmp(bn, bn2), 0);
-
-    if (ai != NULL) {
-        ai->data[0] = 0x02; /* tag for ASN_INTEGER */
-        ai->data[1] = 0x02; /* length of integer */
-        ai->data[2] = 0x00; /* padding byte to ensure positive */
-        ai->data[3] = 0xff;
-        ai->length = 4;
-    }
-    ExpectNotNull(bn = ASN1_INTEGER_to_BN(ai, bn));
-    ExpectNotNull(ai2 = BN_to_ASN1_INTEGER(bn, ai2));
-    ExpectIntEQ(ASN1_INTEGER_cmp(ai, ai2), 0);
-    ExpectNotNull(bn2 = ASN1_INTEGER_to_BN(ai2, bn2));
-    ExpectIntEQ(BN_cmp(bn, bn2), 0);
-
-    if (ai != NULL) {
-        ai->data[0] = 0x02; /* tag for ASN_INTEGER */
-        ai->data[1] = 0x01; /* length of integer */
-        ai->data[2] = 0x00;
-        ai->length = 3;
-    }
-    ExpectNotNull(bn = ASN1_INTEGER_to_BN(ai, bn));
-    ExpectNotNull(ai2 = BN_to_ASN1_INTEGER(bn, ai2));
-    ExpectIntEQ(ASN1_INTEGER_cmp(ai, ai2), 0);
-    ExpectNotNull(bn2 = ASN1_INTEGER_to_BN(ai2, bn2));
-    ExpectIntEQ(BN_cmp(bn, bn2), 0);
-
-    if (ai != NULL) {
-        ai->data[0] = 0x02; /* tag for ASN_INTEGER */
-        ai->data[1] = 0x01; /* length of integer */
-        ai->data[2] = 0x01;
-        ai->length = 3;
-        ai->negative = 1;
-    }
-    ExpectNotNull(bn = ASN1_INTEGER_to_BN(ai, bn));
-    ExpectNotNull(ai2 = BN_to_ASN1_INTEGER(bn, ai2));
-    ExpectIntEQ(ASN1_INTEGER_cmp(ai, ai2), 0);
-    ExpectNotNull(bn2 = ASN1_INTEGER_to_BN(ai2, bn2));
-    ExpectIntEQ(BN_cmp(bn, bn2), 0);
-
-    BN_free(bn2);
-    BN_free(bn);
-    ASN1_INTEGER_free(ai2);
-    ASN1_INTEGER_free(ai);
-#endif
-    return EXPECT_RESULT();
-}
-
-static int test_wolfSSL_ASN1_INTEGER_get_set(void)
-{
-    EXPECT_DECLS;
-#if defined(OPENSSL_EXTRA) && !defined(NO_ASN)
-    ASN1_INTEGER *a = NULL;
-    long val;
-
-    ExpectNotNull(a = ASN1_INTEGER_new());
-    /* Invalid parameter testing. */
-    ExpectIntEQ(ASN1_INTEGER_get(NULL), 0);
-#if defined(WOLFSSL_QT) || defined(WOLFSSL_HAPROXY)
-    ExpectIntEQ(ASN1_INTEGER_get(a), 0);
-#else
-    ExpectIntEQ(ASN1_INTEGER_get(a), -1);
-#endif
-    ASN1_INTEGER_free(a);
-    a = NULL;
-
-    ExpectNotNull(a = ASN1_INTEGER_new());
-    val = 0;
-    ExpectIntEQ(ASN1_INTEGER_set(NULL, val), 0);
-    ASN1_INTEGER_free(a);
-    a = NULL;
-
-    /* 0 */
-    ExpectNotNull(a = ASN1_INTEGER_new());
-    val = 0;
-    ExpectIntEQ(ASN1_INTEGER_set(a, val), 1);
-    ExpectTrue(ASN1_INTEGER_get(a) == val);
-    ASN1_INTEGER_free(a);
-    a = NULL;
-
-    /* 40 */
-    ExpectNotNull(a = ASN1_INTEGER_new());
-    val = 40;
-    ExpectIntEQ(ASN1_INTEGER_set(a, val), 1);
-    ExpectTrue(ASN1_INTEGER_get(a) == val);
-    ASN1_INTEGER_free(a);
-    a = NULL;
-
-    /* -40 */
-    ExpectNotNull(a = ASN1_INTEGER_new());
-    val = -40;
-    ExpectIntEQ(ASN1_INTEGER_set(a, val), 1);
-    ExpectTrue(ASN1_INTEGER_get(a) == val);
-    ASN1_INTEGER_free(a);
-    a = NULL;
-
-    /* 128 */
-    ExpectNotNull(a = ASN1_INTEGER_new());
-    val = 128;
-    ExpectIntEQ(ASN1_INTEGER_set(a, val), 1);
-    ExpectTrue(ASN1_INTEGER_get(a) == val);
-    ASN1_INTEGER_free(a);
-    a = NULL;
-
-    /* -128 */
-    ExpectNotNull(a = ASN1_INTEGER_new());
-    val = -128;
-    ExpectIntEQ(ASN1_INTEGER_set(a, val), 1);
-    ExpectTrue(ASN1_INTEGER_get(a) == val);
-    ASN1_INTEGER_free(a);
-    a = NULL;
-
-    /* 200 */
-    ExpectNotNull(a = ASN1_INTEGER_new());
-    val = 200;
-    ExpectIntEQ(ASN1_INTEGER_set(a, val), 1);
-    ExpectTrue(ASN1_INTEGER_get(a) == val);
-    ASN1_INTEGER_free(a);
-    a = NULL;
-
-    /* int max (2147483647) */
-    ExpectNotNull(a = ASN1_INTEGER_new());
-    val = 2147483647;
-    ExpectIntEQ(ASN1_INTEGER_set(a, val), 1);
-    ExpectTrue(ASN1_INTEGER_get(a) == val);
-    ASN1_INTEGER_free(a);
-    a = NULL;
-
-    /* int min (-2147483648) */
-    ExpectNotNull(a = ASN1_INTEGER_new());
-    val = -2147483647 - 1;
-    ExpectIntEQ(ASN1_INTEGER_set(a, val), 1);
-    ExpectTrue(ASN1_INTEGER_get(a) == val);
-    ASN1_INTEGER_free(a);
-    a = NULL;
-
-    /* long max positive */
-    ExpectNotNull(a = ASN1_INTEGER_new());
-    val = (long)(((unsigned long)-1) >> 1);
-    ExpectIntEQ(ASN1_INTEGER_set(a, val), 1);
-    ExpectTrue(ASN1_INTEGER_get(a) == val);
-    ASN1_INTEGER_free(a);
-#endif
-    return EXPECT_RESULT();
-}
-
-#if defined(OPENSSL_EXTRA)
-typedef struct ASN1IntTestVector {
-    const byte* der;
-    const size_t derSz;
-    const long value;
-} ASN1IntTestVector;
-#endif
-static int test_wolfSSL_d2i_ASN1_INTEGER(void)
-{
-    EXPECT_DECLS;
-#if defined(OPENSSL_EXTRA)
-    size_t i;
-    WOLFSSL_ASN1_INTEGER* a = NULL;
-    WOLFSSL_ASN1_INTEGER* b = NULL;
-    WOLFSSL_ASN1_INTEGER* c = NULL;
-    const byte* p = NULL;
-    byte* p2 = NULL;
-    byte* reEncoded = NULL;
-    int reEncodedSz = 0;
-
-    static const byte zeroDer[] = {
-        0x02, 0x01, 0x00
-    };
-    static const byte oneDer[] = {
-        0x02, 0x01, 0x01
-    };
-    static const byte negativeDer[] = {
-        0x02, 0x03, 0xC1, 0x16, 0x0D
-    };
-    static const byte positiveDer[] = {
-        0x02, 0x03, 0x01, 0x00, 0x01
-    };
-    static const byte primeDer[] = {
-        0x02, 0x82, 0x01, 0x01, 0x00, 0xc0, 0x95, 0x08, 0xe1, 0x57, 0x41,
-        0xf2, 0x71, 0x6d, 0xb7, 0xd2, 0x45, 0x41, 0x27, 0x01, 0x65, 0xc6,
-        0x45, 0xae, 0xf2, 0xbc, 0x24, 0x30, 0xb8, 0x95, 0xce, 0x2f, 0x4e,
-        0xd6, 0xf6, 0x1c, 0x88, 0xbc, 0x7c, 0x9f, 0xfb, 0xa8, 0x67, 0x7f,
-        0xfe, 0x5c, 0x9c, 0x51, 0x75, 0xf7, 0x8a, 0xca, 0x07, 0xe7, 0x35,
-        0x2f, 0x8f, 0xe1, 0xbd, 0x7b, 0xc0, 0x2f, 0x7c, 0xab, 0x64, 0xa8,
-        0x17, 0xfc, 0xca, 0x5d, 0x7b, 0xba, 0xe0, 0x21, 0xe5, 0x72, 0x2e,
-        0x6f, 0x2e, 0x86, 0xd8, 0x95, 0x73, 0xda, 0xac, 0x1b, 0x53, 0xb9,
-        0x5f, 0x3f, 0xd7, 0x19, 0x0d, 0x25, 0x4f, 0xe1, 0x63, 0x63, 0x51,
-        0x8b, 0x0b, 0x64, 0x3f, 0xad, 0x43, 0xb8, 0xa5, 0x1c, 0x5c, 0x34,
-        0xb3, 0xae, 0x00, 0xa0, 0x63, 0xc5, 0xf6, 0x7f, 0x0b, 0x59, 0x68,
-        0x78, 0x73, 0xa6, 0x8c, 0x18, 0xa9, 0x02, 0x6d, 0xaf, 0xc3, 0x19,
-        0x01, 0x2e, 0xb8, 0x10, 0xe3, 0xc6, 0xcc, 0x40, 0xb4, 0x69, 0xa3,
-        0x46, 0x33, 0x69, 0x87, 0x6e, 0xc4, 0xbb, 0x17, 0xa6, 0xf3, 0xe8,
-        0xdd, 0xad, 0x73, 0xbc, 0x7b, 0x2f, 0x21, 0xb5, 0xfd, 0x66, 0x51,
-        0x0c, 0xbd, 0x54, 0xb3, 0xe1, 0x6d, 0x5f, 0x1c, 0xbc, 0x23, 0x73,
-        0xd1, 0x09, 0x03, 0x89, 0x14, 0xd2, 0x10, 0xb9, 0x64, 0xc3, 0x2a,
-        0xd0, 0xa1, 0x96, 0x4a, 0xbc, 0xe1, 0xd4, 0x1a, 0x5b, 0xc7, 0xa0,
-        0xc0, 0xc1, 0x63, 0x78, 0x0f, 0x44, 0x37, 0x30, 0x32, 0x96, 0x80,
-        0x32, 0x23, 0x95, 0xa1, 0x77, 0xba, 0x13, 0xd2, 0x97, 0x73, 0xe2,
-        0x5d, 0x25, 0xc9, 0x6a, 0x0d, 0xc3, 0x39, 0x60, 0xa4, 0xb4, 0xb0,
-        0x69, 0x42, 0x42, 0x09, 0xe9, 0xd8, 0x08, 0xbc, 0x33, 0x20, 0xb3,
-        0x58, 0x22, 0xa7, 0xaa, 0xeb, 0xc4, 0xe1, 0xe6, 0x61, 0x83, 0xc5,
-        0xd2, 0x96, 0xdf, 0xd9, 0xd0, 0x4f, 0xad, 0xd7
-    };
-    static const byte garbageDer[] = {0xDE, 0xAD, 0xBE, 0xEF};
-
-    static const ASN1IntTestVector testVectors[] = {
-        {zeroDer, sizeof(zeroDer), 0},
-        {oneDer, sizeof(oneDer), 1},
-        {negativeDer, sizeof(negativeDer), -4123123},
-        {positiveDer, sizeof(positiveDer), 65537},
-        {primeDer, sizeof(primeDer), 0}
-    };
-    static const size_t NUM_TEST_VECTORS =
-        sizeof(testVectors)/sizeof(testVectors[0]);
-
-    /* Check d2i error conditions */
-    /* NULL pointer to input. */
-    ExpectNull((a = wolfSSL_d2i_ASN1_INTEGER(&b, NULL, 1)));
-    ExpectNull(b);
-    /* NULL input. */
-    ExpectNull((a = wolfSSL_d2i_ASN1_INTEGER(&b, &p, 1)));
-    ExpectNull(b);
-    /* 0 length. */
-    p = testVectors[0].der;
-    ExpectNull((a = wolfSSL_d2i_ASN1_INTEGER(&b, &p, 0)));
-    ExpectNull(b);
-    /* Negative length. */
-    p = testVectors[0].der;
-    ExpectNull((a = wolfSSL_d2i_ASN1_INTEGER(&b, &p, -1)));
-    ExpectNull(b);
-    /* Garbage DER input. */
-    p = garbageDer;
-    ExpectNull((a = wolfSSL_d2i_ASN1_INTEGER(&b, &p, sizeof(garbageDer))));
-    ExpectNull(b);
-
-    /* Check i2d error conditions */
-    /* NULL input. */
-    ExpectIntLT(wolfSSL_i2d_ASN1_INTEGER(NULL, &p2), 0);
-    /* 0 length input data buffer (a->length == 0). */
-    ExpectNotNull((a = wolfSSL_ASN1_INTEGER_new()));
-    ExpectIntLT(wolfSSL_i2d_ASN1_INTEGER(a, &p2), 0);
-    if (a != NULL)
-        a->data = NULL;
-    /* NULL input data buffer. */
-    ExpectIntLT(wolfSSL_i2d_ASN1_INTEGER(a, &p2), 0);
-    if (a != NULL) {
-        /* Reset a->data. */
-        a->isDynamic = 0;
-        a->data = a->intData;
-    }
-    /* Reset p2 to NULL. */
-    XFREE(p2, NULL, DYNAMIC_TYPE_ASN1);
-
-    /* Set a to valid value. */
-    ExpectIntEQ(wolfSSL_ASN1_INTEGER_set(a, 1), WOLFSSL_SUCCESS);
-    /* NULL output buffer. */
-    ExpectIntEQ(wolfSSL_i2d_ASN1_INTEGER(a, NULL), 3);
-    wolfSSL_ASN1_INTEGER_free(a);
-    a = NULL;
-
-    for (i = 0; i < NUM_TEST_VECTORS; ++i) {
-        p = testVectors[i].der;
-        ExpectNotNull(a = wolfSSL_d2i_ASN1_INTEGER(&b, &p,
-            testVectors[i].derSz));
-        ExpectIntEQ(wolfSSL_ASN1_INTEGER_cmp(a, b), 0);
-
-        if (testVectors[i].derSz <= sizeof(long)) {
-            ExpectNotNull(c = wolfSSL_ASN1_INTEGER_new());
-            ExpectIntEQ(wolfSSL_ASN1_INTEGER_set(c, testVectors[i].value), 1);
-            ExpectIntEQ(wolfSSL_ASN1_INTEGER_cmp(a, c), 0);
-            wolfSSL_ASN1_INTEGER_free(c);
-            c = NULL;
-        }
-
-        /* Convert to DER without a pre-allocated output buffer. */
-        ExpectIntGT((reEncodedSz = wolfSSL_i2d_ASN1_INTEGER(a, &reEncoded)), 0);
-        ExpectIntEQ(reEncodedSz, testVectors[i].derSz);
-        ExpectIntEQ(XMEMCMP(reEncoded, testVectors[i].der, reEncodedSz), 0);
-
-        /* Convert to DER with a pre-allocated output buffer. In this case, the
-         * output buffer pointer should be incremented just past the end of the
-         * encoded data. */
-        p2 = reEncoded;
-        ExpectIntGT((reEncodedSz = wolfSSL_i2d_ASN1_INTEGER(a, &p2)), 0);
-        ExpectIntEQ(reEncodedSz, testVectors[i].derSz);
-        ExpectPtrEq(reEncoded, p2 - reEncodedSz);
-        ExpectIntEQ(XMEMCMP(reEncoded, testVectors[i].der, reEncodedSz), 0);
-
-        XFREE(reEncoded, NULL, DYNAMIC_TYPE_ASN1);
-        reEncoded = NULL;
-        wolfSSL_ASN1_INTEGER_free(a);
-        a = NULL;
-    }
-#endif /* OPENSSL_EXTRA */
-    return EXPECT_RESULT();
-}
-
-static int test_wolfSSL_a2i_ASN1_INTEGER(void)
-{
-    EXPECT_DECLS;
-#if defined(OPENSSL_EXTRA) && !defined(NO_BIO)
-    BIO* bio = NULL;
-    BIO* out = NULL;
-    BIO* fixed = NULL;
-    ASN1_INTEGER* ai = NULL;
-    char buf[] = "123456\n12345\n1123456789123456\\\n78901234567890 \r\n\n";
-    char tmp[1024];
-    int  tmpSz;
-
-    const char expected1[] = "123456";
-    const char expected2[] = "112345678912345678901234567890";
-    char longStr[] = "123456781234567812345678123456781234567812345678\n"
-        "123456781234567812345678123456781234567812345678\\\n12345678\n";
-
-    ExpectNotNull(out = BIO_new(BIO_s_mem()));
-    ExpectNotNull(ai = ASN1_INTEGER_new());
-
-    ExpectNotNull(bio = BIO_new_mem_buf(buf, -1));
-
-    /* Invalid parameter testing. */
-    ExpectIntEQ(a2i_ASN1_INTEGER(NULL, NULL, NULL, -1), 0);
-    ExpectIntEQ(a2i_ASN1_INTEGER(bio, NULL, NULL, -1), 0);
-    ExpectIntEQ(a2i_ASN1_INTEGER(NULL, ai, NULL, -1), 0);
-    ExpectIntEQ(a2i_ASN1_INTEGER(NULL, NULL, tmp, -1), 0);
-    ExpectIntEQ(a2i_ASN1_INTEGER(NULL, NULL, NULL, sizeof(tmp)), 0);
-    ExpectIntEQ(a2i_ASN1_INTEGER(NULL, ai, tmp, sizeof(tmp)), 0);
-    ExpectIntEQ(a2i_ASN1_INTEGER(bio, NULL, tmp, sizeof(tmp)), 0);
-    ExpectIntEQ(a2i_ASN1_INTEGER(bio, ai, NULL, sizeof(tmp)), 0);
-    ExpectIntEQ(a2i_ASN1_INTEGER(bio, ai, tmp, -1), 0);
-    ExpectIntEQ(i2a_ASN1_INTEGER(NULL, NULL), 0);
-    ExpectIntEQ(i2a_ASN1_INTEGER(bio, NULL), 0);
-    ExpectIntEQ(i2a_ASN1_INTEGER(NULL, ai), 0);
-
-    /* No data to read from BIO. */
-    ExpectIntEQ(a2i_ASN1_INTEGER(out, ai, tmp, sizeof(tmp)), 0);
-
-    /* read first line */
-    ExpectIntEQ(a2i_ASN1_INTEGER(bio, ai, tmp, sizeof(tmp)), 1);
-    ExpectIntEQ(i2a_ASN1_INTEGER(out, ai), 6);
-    XMEMSET(tmp, 0, sizeof(tmp));
-    tmpSz = BIO_read(out, tmp, sizeof(tmp));
-    ExpectIntEQ(tmpSz, 6);
-    ExpectIntEQ(XMEMCMP(tmp, expected1, tmpSz), 0);
-
-    /* fail on second line (not % 2) */
-    ExpectIntEQ(a2i_ASN1_INTEGER(bio, ai, tmp, sizeof(tmp)), 0);
-
-    /* read 3rd long line */
-    ExpectIntEQ(a2i_ASN1_INTEGER(bio, ai, tmp, sizeof(tmp)), 1);
-    ExpectIntEQ(i2a_ASN1_INTEGER(out, ai), 30);
-    XMEMSET(tmp, 0, sizeof(tmp));
-    tmpSz = BIO_read(out, tmp, sizeof(tmp));
-    ExpectIntEQ(tmpSz, 30);
-    ExpectIntEQ(XMEMCMP(tmp, expected2, tmpSz), 0);
-
-    /* fail on empty line */
-    ExpectIntEQ(a2i_ASN1_INTEGER(bio, ai, tmp, sizeof(tmp)), 0);
-
-    BIO_free(bio);
-    bio = NULL;
-
-    /* Make long integer, requiring dynamic memory, even longer. */
-    ExpectNotNull(bio = BIO_new_mem_buf(longStr, -1));
-    ExpectIntEQ(a2i_ASN1_INTEGER(bio, ai, tmp, sizeof(tmp)), 1);
-    ExpectIntEQ(i2a_ASN1_INTEGER(out, ai), 48);
-    XMEMSET(tmp, 0, sizeof(tmp));
-    tmpSz = BIO_read(out, tmp, sizeof(tmp));
-    ExpectIntEQ(tmpSz, 48);
-    ExpectIntEQ(a2i_ASN1_INTEGER(bio, ai, tmp, sizeof(tmp)), 1);
-    ExpectIntEQ(i2a_ASN1_INTEGER(out, ai), 56);
-    XMEMSET(tmp, 0, sizeof(tmp));
-    tmpSz = BIO_read(out, tmp, sizeof(tmp));
-    ExpectIntEQ(tmpSz, 56);
-    ExpectIntEQ(wolfSSL_ASN1_INTEGER_set(ai, 1), 1);
-    BIO_free(bio);
-    BIO_free(out);
-
-    ExpectNotNull(fixed = BIO_new(wolfSSL_BIO_s_fixed_mem()));
-    ExpectIntEQ(BIO_set_write_buf_size(fixed, 1), 1);
-    /* Ensure there is 0 bytes available to write into. */
-    ExpectIntEQ(BIO_write(fixed, tmp, 1), 1);
-    ExpectIntEQ(i2a_ASN1_INTEGER(fixed, ai), 0);
-    ExpectIntEQ(BIO_set_write_buf_size(fixed, 1), 1);
-    ExpectIntEQ(i2a_ASN1_INTEGER(fixed, ai), 0);
-    BIO_free(fixed);
-
-    ASN1_INTEGER_free(ai);
-#endif
-    return EXPECT_RESULT();
-}
-
-static int test_wolfSSL_i2c_ASN1_INTEGER(void)
-{
-    EXPECT_DECLS;
-#if defined(OPENSSL_EXTRA) && !defined(NO_ASN)
-    ASN1_INTEGER *a = NULL;
-    unsigned char *pp = NULL,*tpp = NULL;
-    int ret = 0;
-
-    ExpectNotNull(a = wolfSSL_ASN1_INTEGER_new());
-
-    /* Invalid parameter testing. */
-    /* Set pp to an invalid value. */
-    pp = NULL;
-    ExpectIntEQ(i2c_ASN1_INTEGER(NULL, &pp), 0);
-    ExpectIntEQ(i2c_ASN1_INTEGER(a, &pp), 0);
-    ExpectIntEQ(i2c_ASN1_INTEGER(NULL, NULL), 0);
-
-    /* 40 */
-    if (a != NULL) {
-        a->intData[0] = ASN_INTEGER;
-        a->intData[1] = 1;
-        a->intData[2] = 40;
-    }
-    ExpectIntEQ(ret = i2c_ASN1_INTEGER(a, NULL), 1);
-    ExpectNotNull(pp = (unsigned char*)XMALLOC(ret + 1, NULL,
-                DYNAMIC_TYPE_TMP_BUFFER));
-    tpp = pp;
-    if (tpp != NULL) {
-        ExpectNotNull(XMEMSET(tpp, 0, ret + 1));
-        ExpectIntEQ(i2c_ASN1_INTEGER(a, &tpp), 1);
-        tpp--;
-        ExpectIntEQ(*tpp, 40);
-    }
-    XFREE(pp, NULL, DYNAMIC_TYPE_TMP_BUFFER);
-    pp = NULL;
-
-    /* 128 */
-    if (a != NULL) {
-        a->intData[0] = ASN_INTEGER;
-        a->intData[1] = 1;
-        a->intData[2] = 128;
-    }
-    ExpectIntEQ(ret = i2c_ASN1_INTEGER(a, NULL), 2);
-    ExpectNotNull(pp = (unsigned char*)XMALLOC(ret + 1, NULL,
-                DYNAMIC_TYPE_TMP_BUFFER));
-    tpp = pp;
-    if (tpp != NULL) {
-        ExpectNotNull(XMEMSET(tpp, 0, ret + 1));
-        ExpectIntEQ(i2c_ASN1_INTEGER(a, &tpp), 2);
-        tpp--;
-        ExpectIntEQ(*(tpp--), 128);
-        ExpectIntEQ(*tpp, 0);
-    }
-    XFREE(pp, NULL, DYNAMIC_TYPE_TMP_BUFFER);
-    pp = NULL;
-
-    /* -40 */
-    if (a != NULL) {
-        a->intData[0] = ASN_INTEGER;
-        a->intData[1] = 1;
-        a->intData[2] = 40;
-        a->negative = 1;
-    }
-    ExpectIntEQ(ret = i2c_ASN1_INTEGER(a, NULL), 1);
-    ExpectNotNull(pp = (unsigned char*)XMALLOC(ret + 1, NULL,
-                DYNAMIC_TYPE_TMP_BUFFER));
-    tpp = pp;
-    if (tpp != NULL) {
-        ExpectNotNull(XMEMSET(tpp, 0, ret + 1));
-        ExpectIntEQ(i2c_ASN1_INTEGER(a, &tpp), 1);
-        tpp--;
-        ExpectIntEQ(*tpp, 216);
-    }
-    XFREE(pp, NULL, DYNAMIC_TYPE_TMP_BUFFER);
-    pp = NULL;
-
-    /* -128 */
-    if (a != NULL) {
-        a->intData[0] = ASN_INTEGER;
-        a->intData[1] = 1;
-        a->intData[2] = 128;
-        a->negative = 1;
-    }
-    ExpectIntEQ(ret = i2c_ASN1_INTEGER(a, NULL), 1);
-    ExpectNotNull(pp = (unsigned char*)XMALLOC(ret + 1, NULL,
-                DYNAMIC_TYPE_TMP_BUFFER));
-    tpp = pp;
-    if (tpp != NULL) {
-        ExpectNotNull(XMEMSET(tpp, 0, ret + 1));
-        ExpectIntEQ(i2c_ASN1_INTEGER(a, &tpp), 1);
-        tpp--;
-        ExpectIntEQ(*tpp, 128);
-    }
-    XFREE(pp, NULL, DYNAMIC_TYPE_TMP_BUFFER);
-    pp = NULL;
-
-    /* -200 */
-    if (a != NULL) {
-        a->intData[0] = ASN_INTEGER;
-        a->intData[1] = 1;
-        a->intData[2] = 200;
-        a->negative = 1;
-    }
-    ExpectIntEQ(ret = i2c_ASN1_INTEGER(a, NULL), 2);
-    ExpectNotNull(pp = (unsigned char*)XMALLOC(ret + 1, NULL,
-            DYNAMIC_TYPE_TMP_BUFFER));
-    tpp = pp;
-    if (tpp != NULL) {
-        ExpectNotNull(XMEMSET(tpp, 0, ret + 1));
-        ExpectIntEQ(i2c_ASN1_INTEGER(a, &tpp), 2);
-        tpp--;
-        ExpectIntEQ(*(tpp--), 56);
-        ExpectIntEQ(*tpp, 255);
-    }
-    XFREE(pp, NULL, DYNAMIC_TYPE_TMP_BUFFER);
-    pp = NULL;
-
-    /* Empty */
-    if (a != NULL) {
-        a->intData[0] = ASN_INTEGER;
-        a->intData[1] = 0;
-        a->negative = 0;
-    }
-    ExpectIntEQ(ret = i2c_ASN1_INTEGER(a, NULL), 1);
-    ExpectNotNull(pp = (unsigned char*)XMALLOC(ret + 1, NULL,
-                DYNAMIC_TYPE_TMP_BUFFER));
-    tpp = pp;
-    if (tpp != NULL) {
-        ExpectNotNull(XMEMSET(tpp, 0, ret + 1));
-        ExpectIntEQ(i2c_ASN1_INTEGER(a, &tpp), 1);
-        tpp--;
-        ExpectIntEQ(*tpp, 0);
-    }
-    XFREE(pp, NULL, DYNAMIC_TYPE_TMP_BUFFER);
-    pp = NULL;
-
-    /* 0 */
-    if (a != NULL) {
-        a->intData[0] = ASN_INTEGER;
-        a->intData[1] = 1;
-        a->intData[2] = 0;
-        a->negative = 1;
-    }
-    ExpectIntEQ(ret = i2c_ASN1_INTEGER(a, NULL), 1);
-    ExpectNotNull(pp = (unsigned char*)XMALLOC(ret + 1, NULL,
-                DYNAMIC_TYPE_TMP_BUFFER));
-    if (tpp != NULL) {
-        tpp = pp;
-        ExpectNotNull(XMEMSET(tpp, 0, ret + 1));
-        ExpectIntEQ(i2c_ASN1_INTEGER(a, &tpp), 1);
-        tpp--;
-        ExpectIntEQ(*tpp, 0);
-    }
-    XFREE(pp, NULL, DYNAMIC_TYPE_TMP_BUFFER);
-    pp = NULL;
-
-    /* 0x100 */
-    if (a != NULL) {
-        a->intData[0] = ASN_INTEGER;
-        a->intData[1] = 2;
-        a->intData[2] = 0x01;
-        a->intData[3] = 0x00;
-        a->negative = 0;
-    }
-    ExpectIntEQ(ret = i2c_ASN1_INTEGER(a, NULL), 2);
-    ExpectNotNull(pp = (unsigned char*)XMALLOC(ret + 1, NULL,
-                DYNAMIC_TYPE_TMP_BUFFER));
-    if (tpp != NULL) {
-        tpp = pp;
-        ExpectNotNull(XMEMSET(tpp, 0, ret + 1));
-        ExpectIntEQ(i2c_ASN1_INTEGER(a, &tpp), 2);
-        tpp -= 2;
-        ExpectIntEQ(tpp[0], 0x01);
-        ExpectIntEQ(tpp[1], 0x00);
-    }
-    XFREE(pp, NULL, DYNAMIC_TYPE_TMP_BUFFER);
-    pp = NULL;
-
-    /* -0x8000 => 0x8000 */
-    if (a != NULL) {
-        a->intData[0] = ASN_INTEGER;
-        a->intData[1] = 2;
-        a->intData[2] = 0x80;
-        a->intData[3] = 0x00;
-        a->negative = 1;
-    }
-    ExpectIntEQ(ret = i2c_ASN1_INTEGER(a, NULL), 2);
-    ExpectNotNull(pp = (unsigned char*)XMALLOC(ret + 1, NULL,
-                DYNAMIC_TYPE_TMP_BUFFER));
-    tpp = pp;
-    if (tpp != NULL) {
-        ExpectNotNull(XMEMSET(tpp, 0, ret + 1));
-        ExpectIntEQ(i2c_ASN1_INTEGER(a, &tpp), 2);
-        tpp -= 2;
-        ExpectIntEQ(tpp[0], 0x80);
-        ExpectIntEQ(tpp[1], 0x00);
-    }
-    XFREE(pp, NULL, DYNAMIC_TYPE_TMP_BUFFER);
-    pp = NULL;
-
-    /* -0x8001 => 0xFF7FFF */
-    if (a != NULL) {
-        a->intData[0] = ASN_INTEGER;
-        a->intData[1] = 2;
-        a->intData[2] = 0x80;
-        a->intData[3] = 0x01;
-        a->negative = 1;
-    }
-    ExpectIntEQ(ret = i2c_ASN1_INTEGER(a, NULL), 3);
-    ExpectNotNull(pp = (unsigned char*)XMALLOC(ret + 1, NULL,
-                DYNAMIC_TYPE_TMP_BUFFER));
-    tpp = pp;
-    if (tpp != NULL) {
-        ExpectNotNull(XMEMSET(tpp, 0, ret + 1));
-        ExpectIntEQ(i2c_ASN1_INTEGER(a, &tpp), 3);
-        tpp -= 3;
-        ExpectIntEQ(tpp[0], 0xFF);
-        ExpectIntEQ(tpp[1], 0x7F);
-        ExpectIntEQ(tpp[2], 0xFF);
-    }
-    XFREE(pp, NULL, DYNAMIC_TYPE_TMP_BUFFER);
-
-    wolfSSL_ASN1_INTEGER_free(a);
-#endif /* OPENSSL_EXTRA && !NO_ASN */
-    return EXPECT_RESULT();
-}
-
-static int test_wolfSSL_ASN1_OBJECT(void)
-{
-    EXPECT_DECLS;
-#if defined(OPENSSL_EXTRA)
-    ASN1_OBJECT* a = NULL;
-    ASN1_OBJECT s;
-    const unsigned char der[] = { 0x06, 0x01, 0x00 };
-
-    /* Invalid parameter testing. */
-    ASN1_OBJECT_free(NULL);
-    ExpectNull(wolfSSL_ASN1_OBJECT_dup(NULL));
-
-    /* Test that a static ASN1_OBJECT can be freed. */
-    XMEMSET(&s, 0, sizeof(ASN1_OBJECT));
-    ASN1_OBJECT_free(&s);
-    ExpectNotNull(a = wolfSSL_ASN1_OBJECT_dup(&s));
-    ASN1_OBJECT_free(a);
-    a = NULL;
-    s.obj = der;
-    s.objSz = sizeof(der);
-    ExpectNotNull(a = wolfSSL_ASN1_OBJECT_dup(&s));
-    ASN1_OBJECT_free(a);
-    ASN1_OBJECT_free(&s);
-#endif /* OPENSSL_EXTRA */
-    return EXPECT_RESULT();
-}
-
-static int test_wolfSSL_ASN1_get_object(void)
-{
-    EXPECT_DECLS;
-#if defined(OPENSSL_EXTRA) && defined(HAVE_ECC) && defined(USE_CERT_BUFFERS_256)
-    const unsigned char* derBuf = cliecc_cert_der_256;
-    const unsigned char* nullPtr = NULL;
-    const unsigned char objDerInvalidLen[] = { 0x30, 0x81 };
-    const unsigned char objDerBadLen[] = { 0x30, 0x04 };
-    const unsigned char objDerNotObj[] = { 0x02, 0x01, 0x00 };
-    const unsigned char objDerNoData[] = { 0x06, 0x00 };
-    const unsigned char* p;
-    unsigned char objDer[10];
-    unsigned char* der;
-    unsigned char* derPtr;
-    int len = sizeof_cliecc_cert_der_256;
-    long asnLen = 0;
-    int tag = 0;
-    int cls = 0;
-    ASN1_OBJECT* a = NULL;
-    ASN1_OBJECT s;
-
-    XMEMSET(&s, 0, sizeof(ASN1_OBJECT));
-
-    /* Invalid encoding at length. */
-    p = objDerInvalidLen;
-    ExpectIntEQ(ASN1_get_object(&p, &asnLen, &tag, &cls, sizeof(objDerBadLen)),
-        0x80);
-    p = objDerBadLen;
-    /* Error = 0x80, Constructed = 0x20 */
-    ExpectIntEQ(ASN1_get_object(&p, &asnLen, &tag, &cls, sizeof(objDerBadLen)),
-        0x80 | 0x20);
-
-    /* Read a couple TLV triplets and make sure they match the expected values
-     */
-
-    /* SEQUENCE */
-    ExpectIntEQ(ASN1_get_object(&derBuf, &asnLen, &tag, &cls, len) & 0x80, 0);
-    ExpectIntEQ(asnLen, 862);
-    ExpectIntEQ(tag, 0x10);
-    ExpectIntEQ(cls, 0);
-
-    /* SEQUENCE */
-    ExpectIntEQ(ASN1_get_object(&derBuf, &asnLen, &tag, &cls,
-            len - (derBuf - cliecc_cert_der_256)) & 0x80, 0);
-    ExpectIntEQ(asnLen, 772);
-    ExpectIntEQ(tag, 0x10);
-    ExpectIntEQ(cls, 0);
-
-    /* [0] */
-    ExpectIntEQ(ASN1_get_object(&derBuf, &asnLen, &tag, &cls,
-            len - (derBuf - cliecc_cert_der_256)) & 0x80, 0);
-    ExpectIntEQ(asnLen, 3);
-    ExpectIntEQ(tag, 0);
-    ExpectIntEQ(cls, 0x80);
-
-    /* INTEGER */
-    ExpectIntEQ(ASN1_get_object(&derBuf, &asnLen, &tag, &cls,
-            len - (derBuf - cliecc_cert_der_256)) & 0x80, 0);
-    ExpectIntEQ(asnLen, 1);
-    ExpectIntEQ(tag, 0x2);
-    ExpectIntEQ(cls, 0);
-    derBuf += asnLen;
-
-    /* INTEGER */
-    ExpectIntEQ(ASN1_get_object(&derBuf, &asnLen, &tag, &cls,
-            len - (derBuf - cliecc_cert_der_256)) & 0x80, 0);
-    ExpectIntEQ(asnLen, 20);
-    ExpectIntEQ(tag, 0x2);
-    ExpectIntEQ(cls, 0);
-    derBuf += asnLen;
-
-    /* SEQUENCE */
-    ExpectIntEQ(ASN1_get_object(&derBuf, &asnLen, &tag, &cls,
-            len - (derBuf - cliecc_cert_der_256)) & 0x80, 0);
-    ExpectIntEQ(asnLen, 10);
-    ExpectIntEQ(tag, 0x10);
-    ExpectIntEQ(cls, 0);
-
-    /* Found OBJECT_ID. */
-
-    /* Invalid parameter testing. */
-    ExpectIntEQ(ASN1_get_object(NULL, NULL, NULL, NULL, 0), 0x80);
-    ExpectIntEQ(ASN1_get_object(&nullPtr, NULL, NULL, NULL, 0), 0x80);
-    ExpectIntEQ(ASN1_get_object(NULL, &asnLen, &tag, &cls, len), 0x80);
-    ExpectIntEQ(ASN1_get_object(&nullPtr, &asnLen, &tag, &cls, len), 0x80);
-    ExpectIntEQ(ASN1_get_object(&derBuf, NULL, &tag, &cls, len), 0x80);
-    ExpectIntEQ(ASN1_get_object(&derBuf, &asnLen, NULL, &cls, len), 0x80);
-    ExpectIntEQ(ASN1_get_object(&derBuf, &asnLen, &tag, NULL, len), 0x80);
-    ExpectIntEQ(ASN1_get_object(&derBuf, &asnLen, &tag, &cls, 0), 0x80);
-    ExpectIntEQ(ASN1_get_object(&derBuf, &asnLen, &tag, &cls, -1), 0x80);
-    ExpectNull(d2i_ASN1_OBJECT(NULL, NULL, -1));
-    ExpectNull(d2i_ASN1_OBJECT(NULL, &nullPtr, -1));
-    ExpectNull(d2i_ASN1_OBJECT(NULL, &derBuf, -1));
-    ExpectNull(d2i_ASN1_OBJECT(NULL, NULL, 0));
-    ExpectNull(d2i_ASN1_OBJECT(&a, NULL, len));
-    ExpectNull(d2i_ASN1_OBJECT(&a, &nullPtr, len));
-    ExpectNull(d2i_ASN1_OBJECT(&a, &derBuf, -1));
-    ExpectNull(c2i_ASN1_OBJECT(NULL, NULL, -1));
-    ExpectNull(c2i_ASN1_OBJECT(NULL, &nullPtr, -1));
-    ExpectNull(c2i_ASN1_OBJECT(NULL, &derBuf, -1));
-    ExpectNull(c2i_ASN1_OBJECT(NULL, NULL, 1));
-    ExpectNull(c2i_ASN1_OBJECT(NULL, &nullPtr, 1));
-
-    /* Invalid encoding at length. */
-    p = objDerInvalidLen;
-    ExpectNull(d2i_ASN1_OBJECT(&a, &p, sizeof(objDerInvalidLen)));
-    p = objDerBadLen;
-    ExpectNull(d2i_ASN1_OBJECT(&a, &p, sizeof(objDerBadLen)));
-    p = objDerNotObj;
-    ExpectNull(d2i_ASN1_OBJECT(&a, &p, sizeof(objDerNotObj)));
-    p = objDerNoData;
-    ExpectNull(d2i_ASN1_OBJECT(&a, &p, sizeof(objDerNoData)));
-
-    /* Create an ASN OBJECT from content */
-    p = derBuf + 2;
-    ExpectNotNull(a = c2i_ASN1_OBJECT(NULL, &p, 8));
-    ASN1_OBJECT_free(a);
-    a = NULL;
-    /* Create an ASN OBJECT from DER */
-    ExpectNotNull(d2i_ASN1_OBJECT(&a, &derBuf, len));
-
-    /* Invalid parameter testing. */
-    ExpectIntEQ(i2d_ASN1_OBJECT(NULL, NULL), 0);
-    ExpectIntEQ(i2d_ASN1_OBJECT(&s, NULL), 0);
-
-    ExpectIntEQ(i2d_ASN1_OBJECT(a, NULL), 10);
-    der = NULL;
-    ExpectIntEQ(i2d_ASN1_OBJECT(a, &der), 10);
-    derPtr = objDer;
-    ExpectIntEQ(i2d_ASN1_OBJECT(a, &derPtr), 10);
-    ExpectPtrNE(derPtr, objDer);
-    ExpectIntEQ(XMEMCMP(der, objDer, 10), 0);
-    XFREE(der, NULL, DYNAMIC_TYPE_OPENSSL);
-
-    ASN1_OBJECT_free(a);
-#endif /* OPENSSL_EXTRA && HAVE_ECC && USE_CERT_BUFFERS_256 */
-    return EXPECT_RESULT();
-}
-
-static int test_wolfSSL_i2a_ASN1_OBJECT(void)
-{
-    EXPECT_DECLS;
-#if defined(OPENSSL_EXTRA) && !defined(NO_ASN) && !defined(NO_BIO)
-    ASN1_OBJECT* obj = NULL;
-    ASN1_OBJECT* a = NULL;
-    BIO *bio = NULL;
-    const unsigned char notObjDer[] = { 0x04, 0x01, 0xff };
-    const unsigned char* p;
-
-    ExpectNotNull(obj = OBJ_nid2obj(NID_sha256));
-    ExpectTrue((bio = BIO_new(BIO_s_mem())) != NULL);
-
-    ExpectIntGT(wolfSSL_i2a_ASN1_OBJECT(bio, obj), 0);
-    ExpectIntGT(wolfSSL_i2a_ASN1_OBJECT(bio, NULL), 0);
-
-    ExpectIntEQ(wolfSSL_i2a_ASN1_OBJECT(NULL, obj), 0);
-
-    /* No DER encoding in ASN1_OBJECT. */
-    ExpectNotNull(a = wolfSSL_ASN1_OBJECT_new());
-    ExpectIntEQ(wolfSSL_i2a_ASN1_OBJECT(bio, a), 0);
-    ASN1_OBJECT_free(a);
-    a = NULL;
-    /* DER encoding */
-    p = notObjDer;
-    ExpectNotNull(a = c2i_ASN1_OBJECT(NULL, &p, 3));
-    ExpectIntEQ(wolfSSL_i2a_ASN1_OBJECT(bio, a), 5);
-    ASN1_OBJECT_free(a);
-
-    BIO_free(bio);
-    ASN1_OBJECT_free(obj);
-#endif
-    return EXPECT_RESULT();
-}
-
-static int test_wolfSSL_i2t_ASN1_OBJECT(void)
-{
-    EXPECT_DECLS;
-#if defined(OPENSSL_EXTRA) && \
-    defined(WOLFSSL_CERT_EXT) && defined(WOLFSSL_CERT_GEN)
-    char buf[50] = {0};
-    ASN1_OBJECT* obj;
-    const char* oid = "2.5.29.19";
-    const char* ln  = "X509v3 Basic Constraints";
-
-    obj = NULL;
-    ExpectIntEQ(i2t_ASN1_OBJECT(NULL, sizeof(buf), obj), 0);
-    ExpectIntEQ(i2t_ASN1_OBJECT(buf, sizeof(buf), NULL), 0);
-    ExpectIntEQ(i2t_ASN1_OBJECT(buf, 0, NULL), 0);
-
-    ExpectNotNull(obj = OBJ_txt2obj(oid, 0));
-    XMEMSET(buf, 0, sizeof(buf));
-    ExpectIntEQ(i2t_ASN1_OBJECT(buf, sizeof(buf), obj), XSTRLEN(ln));
-    ExpectIntEQ(XSTRNCMP(buf, ln, XSTRLEN(ln)), 0);
-    ASN1_OBJECT_free(obj);
-#endif /* OPENSSL_EXTRA && WOLFSSL_CERT_EXT && WOLFSSL_CERT_GEN */
-    return EXPECT_RESULT();
-}
-
-static int test_wolfSSL_sk_ASN1_OBJECT(void)
-{
-    EXPECT_DECLS;
-#if !defined(NO_ASN) && (defined(OPENSSL_EXTRA) || defined(WOLFSSL_WPAS_SMALL))
-    WOLFSSL_STACK* sk = NULL;
-    WOLFSSL_ASN1_OBJECT* obj;
-
-    ExpectNotNull(obj = wolfSSL_ASN1_OBJECT_new());
-
-    ExpectNotNull(sk = wolfSSL_sk_new_asn1_obj());
-    wolfSSL_sk_ASN1_OBJECT_free(sk);
-    sk = NULL;
-
-    ExpectNotNull(sk = wolfSSL_sk_new_asn1_obj());
-    ExpectIntEQ(wolfSSL_sk_ASN1_OBJECT_push(NULL, NULL), -1);
-    ExpectIntEQ(wolfSSL_sk_ASN1_OBJECT_push(sk, NULL), 0);
-    ExpectIntEQ(wolfSSL_sk_ASN1_OBJECT_push(NULL, obj), -1);
-    ExpectIntEQ(wolfSSL_sk_ASN1_OBJECT_push(sk, obj), 1);
-    wolfSSL_sk_ASN1_OBJECT_pop_free(sk, NULL);
-    sk = NULL;
-    /* obj freed in pop_free call. */
-
-    ExpectNotNull(obj = wolfSSL_ASN1_OBJECT_new());
-    ExpectNotNull(sk = wolfSSL_sk_new_asn1_obj());
-    ExpectIntEQ(wolfSSL_sk_ASN1_OBJECT_push(sk, obj), 1);
-    ExpectPtrEq(obj, wolfSSL_sk_ASN1_OBJECT_pop(sk));
-    wolfSSL_sk_ASN1_OBJECT_free(sk);
-    wolfSSL_ASN1_OBJECT_free(obj);
-#endif /* !NO_ASN && (OPENSSL_EXTRA || WOLFSSL_WPAS_SMALL) */
-    return EXPECT_RESULT();
-}
-
-static int test_wolfSSL_ASN1_STRING(void)
-{
-    EXPECT_DECLS;
-#if defined(OPENSSL_EXTRA)
-    ASN1_STRING* str = NULL;
-    ASN1_STRING* c = NULL;
-    const char data[]  = "hello wolfSSL";
-    const char data2[] = "Same len data";
-    const char longData[] =
-        "This string must be longer than CTC_NAME_SIZE that is defined as 64.";
-
-    ExpectNotNull(str = ASN1_STRING_type_new(V_ASN1_OCTET_STRING));
-    ASN1_STRING_free(str);
-    str = NULL;
-
-    ExpectNotNull(str = ASN1_STRING_type_new(V_ASN1_OCTET_STRING));
-    ExpectIntEQ(ASN1_STRING_type(str), V_ASN1_OCTET_STRING);
-    ExpectIntEQ(ASN1_STRING_type(NULL), 0);
-    /* Check setting to NULL works. */
-    ExpectIntEQ(ASN1_STRING_set(str, NULL, 0), 1);
-    ExpectIntEQ(ASN1_STRING_set(str, (const void*)data, sizeof(data)), 1);
-    ExpectIntEQ(ASN1_STRING_set(str, (const void*)data, -1), 1);
-    ExpectIntEQ(ASN1_STRING_set(str, NULL, -1), 0);
-    ExpectIntEQ(ASN1_STRING_set(NULL, NULL, 0), 0);
-
-    ExpectIntEQ(wolfSSL_ASN1_STRING_copy(NULL, NULL), 0);
-    ExpectIntEQ(wolfSSL_ASN1_STRING_copy(str, NULL), 0);
-    ExpectIntEQ(wolfSSL_ASN1_STRING_copy(NULL, str), 0);
-    ExpectNull(wolfSSL_ASN1_STRING_dup(NULL));
-
-    ExpectNotNull(c = wolfSSL_ASN1_STRING_dup(str));
-    ExpectIntEQ(ASN1_STRING_cmp(NULL, NULL), -1);
-    ExpectIntEQ(ASN1_STRING_cmp(str, NULL), -1);
-    ExpectIntEQ(ASN1_STRING_cmp(NULL, c), -1);
-    ExpectIntEQ(ASN1_STRING_cmp(str, c), 0);
-    ExpectIntEQ(ASN1_STRING_set(c, (const void*)data2, -1), 1);
-    ExpectIntGT(ASN1_STRING_cmp(str, c), 0);
-    ExpectIntEQ(ASN1_STRING_set(str, (const void*)longData, -1), 1);
-    ExpectIntEQ(wolfSSL_ASN1_STRING_copy(c, str), 1);
-    ExpectIntEQ(ASN1_STRING_cmp(str, c), 0);
-    /* Check setting back to smaller size frees dynamic data. */
-    ExpectIntEQ(ASN1_STRING_set(str, (const void*)data, -1), 1);
-    ExpectIntLT(ASN1_STRING_cmp(str, c), 0);
-    ExpectIntGT(ASN1_STRING_cmp(c, str), 0);
-
-    ExpectNull(ASN1_STRING_get0_data(NULL));
-    ExpectNotNull(ASN1_STRING_get0_data(str));
-    ExpectNull(ASN1_STRING_data(NULL));
-    ExpectNotNull(ASN1_STRING_data(str));
-    ExpectIntEQ(ASN1_STRING_length(NULL), 0);
-    ExpectIntGT(ASN1_STRING_length(str), 0);
-
-    ASN1_STRING_free(c);
-    ASN1_STRING_free(str);
-    ASN1_STRING_free(NULL);
-
-#ifndef NO_WOLFSSL_STUB
-    ExpectNull(d2i_DISPLAYTEXT(NULL, NULL, 0));
-#endif
-#endif
-    return EXPECT_RESULT();
-}
-
-static int test_wolfSSL_ASN1_STRING_to_UTF8(void)
-{
-    EXPECT_DECLS;
-#if defined(OPENSSL_ALL) && !defined(NO_ASN) && !defined(NO_RSA) && \
-    !defined(NO_FILESYSTEM)
-    WOLFSSL_X509* x509 = NULL;
-    WOLFSSL_X509_NAME* subject = NULL;
-    WOLFSSL_X509_NAME_ENTRY* e = NULL;
-    WOLFSSL_ASN1_STRING* a = NULL;
-    FILE* file = XBADFILE;
-    int idx = 0;
-    char targetOutput[16] = "www.wolfssl.com";
-    unsigned char* actual_output = NULL;
-    int len = 0;
-
-    ExpectNotNull(file = fopen("./certs/server-cert.pem", "rb"));
-    ExpectNotNull(x509 = wolfSSL_PEM_read_X509(file, NULL, NULL, NULL));
-    if (file != XBADFILE)
-        fclose(file);
-
-    /* wolfSSL_ASN1_STRING_to_UTF8(): NID_commonName */
-    ExpectNotNull(subject = wolfSSL_X509_get_subject_name(x509));
-    ExpectIntEQ((idx = wolfSSL_X509_NAME_get_index_by_NID(subject,
-                    NID_commonName, -1)), 5);
-    ExpectNotNull(e = wolfSSL_X509_NAME_get_entry(subject, idx));
-    ExpectNotNull(a = wolfSSL_X509_NAME_ENTRY_get_data(e));
-    ExpectIntEQ((len = wolfSSL_ASN1_STRING_to_UTF8(&actual_output, a)), 15);
-    ExpectIntEQ(strncmp((const char*)actual_output, targetOutput, (size_t)len), 0);
-    a = NULL;
-
-    /* wolfSSL_ASN1_STRING_to_UTF8(NULL, valid) */
-    ExpectIntEQ((len = wolfSSL_ASN1_STRING_to_UTF8(NULL, a)), -1);
-
-    /* wolfSSL_ASN1_STRING_to_UTF8(valid, NULL) */
-    ExpectIntEQ((len = wolfSSL_ASN1_STRING_to_UTF8(&actual_output, NULL)), -1);
-
-    /* wolfSSL_ASN1_STRING_to_UTF8(NULL, NULL) */
-    ExpectIntEQ((len = wolfSSL_ASN1_STRING_to_UTF8(NULL, NULL)), -1);
-
-    wolfSSL_X509_free(x509);
-    XFREE(actual_output, NULL, DYNAMIC_TYPE_TMP_BUFFER);
-
-    ExpectNotNull(a = ASN1_STRING_new());
-    ExpectIntEQ(wolfSSL_ASN1_STRING_to_UTF8(&actual_output, a), -1);
-    ASN1_STRING_free(a);
-#endif
-    return EXPECT_RESULT();
-}
-
-static int test_wolfSSL_i2s_ASN1_STRING(void)
-{
-    EXPECT_DECLS;
-#if defined(OPENSSL_EXTRA) && !defined(NO_ASN)
-    WOLFSSL_ASN1_STRING* str = NULL;
-    const char* data = "test_wolfSSL_i2s_ASN1_STRING";
-    char* ret = NULL;
-
-    ExpectNotNull(str = ASN1_STRING_new());
-
-    ExpectNull(ret = wolfSSL_i2s_ASN1_STRING(NULL, NULL));
-    XFREE(ret, NULL, DYNAMIC_TYPE_TMP_BUFFER);
-    ret = NULL;
-    /* No data. */
-    ExpectNull(ret = wolfSSL_i2s_ASN1_STRING(NULL, str));
-    XFREE(ret, NULL, DYNAMIC_TYPE_TMP_BUFFER);
-    ret = NULL;
-
-    ExpectIntEQ(ASN1_STRING_set(str, data, 0), 1);
-    ExpectNotNull(ret = wolfSSL_i2s_ASN1_STRING(NULL, str));
-    XFREE(ret, NULL, DYNAMIC_TYPE_TMP_BUFFER);
-    ret = NULL;
-
-    ExpectIntEQ(ASN1_STRING_set(str, data, -1), 1);
-    /* No type. */
-    ExpectNotNull(ret = wolfSSL_i2s_ASN1_STRING(NULL, str));
-    XFREE(ret, NULL, DYNAMIC_TYPE_TMP_BUFFER);
-
-    ASN1_STRING_free(str);
-#endif
-    return EXPECT_RESULT();
-}
-
-static int test_wolfSSL_ASN1_STRING_canon(void)
-{
-    EXPECT_DECLS;
-#if defined(WOLFSSL_TEST_STATIC_BUILD)
-#if !defined(NO_CERTS) && (defined(OPENSSL_ALL) || defined(OPENSSL_EXTRA) || \
-    defined(OPENSSL_EXTRA_X509_SMALL))
-    WOLFSSL_ASN1_STRING* orig = NULL;
-    WOLFSSL_ASN1_STRING* canon = NULL;
-    const char* data = "test_wolfSSL_ASN1_STRING_canon";
-    const char* whitespaceOnly = "\t\r\n";
-    const char* modData = "  \x01\f\t\x02\r\n\v\xff\nTt \n";
-    const char* canonData = "\x01 \x02 \xff tt";
-    const char longData[] =
-        "This string must be longer than CTC_NAME_SIZE that is defined as 64.";
-
-    ExpectNotNull(orig = ASN1_STRING_new());
-    ExpectNotNull(canon = ASN1_STRING_new());
-
-    /* Invalid parameter testing. */
-    ExpectIntEQ(wolfSSL_ASN1_STRING_canon(NULL, NULL), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
-    ExpectIntEQ(wolfSSL_ASN1_STRING_canon(canon, NULL), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
-    ExpectIntEQ(wolfSSL_ASN1_STRING_canon(NULL, orig), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
-
-    ExpectIntEQ(wolfSSL_ASN1_STRING_canon(canon, orig), 1);
-    ExpectIntEQ(ASN1_STRING_cmp(orig, canon), 0);
-
-    ExpectIntEQ(ASN1_STRING_set(orig, longData, (int)XSTRLEN(data)), 1);
-    ExpectIntEQ(wolfSSL_ASN1_STRING_canon(canon, orig), 1);
-    ExpectIntEQ(ASN1_STRING_cmp(orig, canon), 0);
-
-    ExpectIntEQ(ASN1_STRING_set(orig, data, (int)XSTRLEN(data)), 1);
-    ExpectIntEQ(wolfSSL_ASN1_STRING_canon(canon, orig), 1);
-    ExpectIntEQ(ASN1_STRING_cmp(orig, canon), 0);
-
-    ASN1_STRING_free(orig);
-    orig = NULL;
-
-    ExpectNotNull(orig = ASN1_STRING_type_new(MBSTRING_UTF8));
-    ExpectIntEQ(ASN1_STRING_set(orig, modData, 15), 1);
-    ExpectIntEQ(wolfSSL_ASN1_STRING_canon(canon, orig), 1);
-    ExpectIntEQ(ASN1_STRING_set(orig, canonData, 8), 1);
-    ExpectIntEQ(ASN1_STRING_cmp(orig, canon), 0);
-    ASN1_STRING_free(orig);
-    orig = NULL;
-
-    ExpectNotNull(orig = ASN1_STRING_type_new(V_ASN1_PRINTABLESTRING));
-    ExpectIntEQ(ASN1_STRING_set(orig, whitespaceOnly, 3), 1);
-    ExpectIntEQ(wolfSSL_ASN1_STRING_canon(canon, orig), 1);
-    ASN1_STRING_free(orig);
-    orig = NULL;
-    ExpectNotNull(orig = ASN1_STRING_type_new(MBSTRING_UTF8));
-    ExpectIntEQ(ASN1_STRING_cmp(orig, canon), 0);
-
-    ASN1_STRING_free(orig);
-    ASN1_STRING_free(canon);
-#endif
-#endif
-    return EXPECT_RESULT();
-}
-
-static int test_wolfSSL_ASN1_STRING_print(void)
-{
-    EXPECT_DECLS;
-#if defined(OPENSSL_ALL) && !defined(NO_ASN) && !defined(NO_CERTS) && \
-    !defined(NO_BIO)
-    ASN1_STRING* asnStr = NULL;
-    const char HELLO_DATA[]= \
-                      {'H','e','l','l','o',' ','w','o','l','f','S','S','L','!'};
-    #define MAX_UNPRINTABLE_CHAR 32
-    #define MAX_BUF 255
-    unsigned char unprintableData[MAX_UNPRINTABLE_CHAR + sizeof(HELLO_DATA)];
-    unsigned char expected[sizeof(unprintableData)+1];
-    unsigned char rbuf[MAX_BUF];
-    BIO *bio = NULL;
-    int p_len;
-    int i;
-
-    /* setup */
-
-    for (i = 0; i < (int)sizeof(HELLO_DATA); i++) {
-        unprintableData[i]  = (unsigned char)HELLO_DATA[i];
-        expected[i]         = (unsigned char)HELLO_DATA[i];
-    }
-
-    for (i = 0; i < (int)MAX_UNPRINTABLE_CHAR; i++) {
-        unprintableData[sizeof(HELLO_DATA)+i] = i;
-
-        if (i == (int)'\n' || i == (int)'\r')
-            expected[sizeof(HELLO_DATA)+i] = i;
-        else
-            expected[sizeof(HELLO_DATA)+i] = '.';
-    }
-
-    unprintableData[sizeof(unprintableData)-1] = '\0';
-    expected[sizeof(expected)-1] = '\0';
-
-    XMEMSET(rbuf, 0, MAX_BUF);
-    ExpectNotNull(bio = BIO_new(BIO_s_mem()));
-    ExpectIntEQ(BIO_set_write_buf_size(bio, MAX_BUF), 0);
-
-    ExpectNotNull(asnStr = ASN1_STRING_type_new(V_ASN1_OCTET_STRING));
-    ExpectIntEQ(ASN1_STRING_set(asnStr,(const void*)unprintableData,
-            (int)sizeof(unprintableData)), 1);
-    /* test */
-    ExpectIntEQ(wolfSSL_ASN1_STRING_print(NULL, NULL), 0);
-    ExpectIntEQ(wolfSSL_ASN1_STRING_print(bio, NULL), 0);
-    ExpectIntEQ(wolfSSL_ASN1_STRING_print(NULL, asnStr), 0);
-    ExpectIntEQ(p_len = wolfSSL_ASN1_STRING_print(bio, asnStr), 46);
-    ExpectIntEQ(BIO_read(bio, (void*)rbuf, 46), 46);
-
-    ExpectStrEQ((char*)rbuf, (const char*)expected);
-
-    BIO_free(bio);
-    bio = NULL;
-
-    ExpectNotNull(bio = BIO_new(wolfSSL_BIO_s_fixed_mem()));
-    ExpectIntEQ(BIO_set_write_buf_size(bio, 1), 1);
-    /* Ensure there is 0 bytes available to write into. */
-    ExpectIntEQ(BIO_write(bio, rbuf, 1), 1);
-    ExpectIntEQ(wolfSSL_ASN1_STRING_print(bio, asnStr), 0);
-    ExpectIntEQ(BIO_set_write_buf_size(bio, 1), 1);
-    ExpectIntEQ(wolfSSL_ASN1_STRING_print(bio, asnStr), 0);
-    ExpectIntEQ(BIO_set_write_buf_size(bio, 45), 1);
-    ExpectIntEQ(wolfSSL_ASN1_STRING_print(bio, asnStr), 0);
-    BIO_free(bio);
-
-    ASN1_STRING_free(asnStr);
-#endif /* OPENSSL_EXTRA && !NO_ASN && !NO_CERTS && !NO_BIO */
-    return EXPECT_RESULT();
-}
-
-static int test_wolfSSL_ASN1_STRING_print_ex(void)
-{
-    EXPECT_DECLS;
-#if defined(OPENSSL_EXTRA) && !defined(NO_ASN) && !defined(NO_BIO)
-    ASN1_STRING* asn_str = NULL;
-    const char data[] = "Hello wolfSSL!";
-    ASN1_STRING* esc_str = NULL;
-    const char esc_data[] = "a+;<>";
-    ASN1_STRING* neg_int = NULL;
-    const char neg_int_data[] = "\xff";
-    ASN1_STRING* neg_enum = NULL;
-    const char neg_enum_data[] = "\xff";
-    BIO *bio = NULL;
-    BIO *fixed = NULL;
-    unsigned long flags;
-    int p_len;
-    unsigned char rbuf[255];
-
-    /* setup */
-    XMEMSET(rbuf, 0, 255);
-    ExpectNotNull(bio = BIO_new(BIO_s_mem()));
-    ExpectIntEQ(BIO_set_write_buf_size(bio, 255), 0);
-    ExpectNotNull(fixed = BIO_new(wolfSSL_BIO_s_fixed_mem()));
-
-    ExpectNotNull(asn_str = ASN1_STRING_type_new(V_ASN1_OCTET_STRING));
-    ExpectIntEQ(ASN1_STRING_set(asn_str, (const void*)data, sizeof(data)), 1);
-    ExpectNotNull(esc_str = ASN1_STRING_type_new(V_ASN1_OCTET_STRING));
-    ExpectIntEQ(ASN1_STRING_set(esc_str, (const void*)esc_data,
-        sizeof(esc_data)), 1);
-    ExpectNotNull(neg_int = ASN1_STRING_type_new(V_ASN1_NEG_INTEGER));
-    ExpectIntEQ(ASN1_STRING_set(neg_int, (const void*)neg_int_data,
-        sizeof(neg_int_data) - 1), 1);
-    ExpectNotNull(neg_enum = ASN1_STRING_type_new(V_ASN1_NEG_ENUMERATED));
-    ExpectIntEQ(ASN1_STRING_set(neg_enum, (const void*)neg_enum_data,
-        sizeof(neg_enum_data) - 1), 1);
-
-    /* Invalid parameter testing. */
-    ExpectIntEQ(wolfSSL_ASN1_STRING_print_ex(NULL, NULL, 0), 0);
-    ExpectIntEQ(wolfSSL_ASN1_STRING_print_ex(bio, NULL, 0), 0);
-    ExpectIntEQ(wolfSSL_ASN1_STRING_print_ex(NULL, asn_str, 0), 0);
-
-    /* no flags */
-    XMEMSET(rbuf, 0, 255);
-    flags = 0;
-    ExpectIntEQ(p_len = wolfSSL_ASN1_STRING_print_ex(bio, asn_str, flags), 15);
-    ExpectIntEQ(BIO_read(bio, (void*)rbuf, 15), 15);
-    ExpectStrEQ((char*)rbuf, "Hello wolfSSL!");
-    ExpectIntEQ(BIO_set_write_buf_size(fixed, 1), 1);
-    /* Ensure there is 0 bytes available to write into. */
-    ExpectIntEQ(BIO_write(fixed, rbuf, 1), 1);
-    ExpectIntEQ(wolfSSL_ASN1_STRING_print_ex(fixed, asn_str, flags), 0);
-    ExpectIntEQ(BIO_set_write_buf_size(fixed, 1), 1);
-    ExpectIntEQ(wolfSSL_ASN1_STRING_print_ex(fixed, asn_str, flags), 0);
-    ExpectIntEQ(BIO_set_write_buf_size(fixed, 14), 1);
-    ExpectIntEQ(wolfSSL_ASN1_STRING_print_ex(fixed, asn_str, flags), 0);
-
-    /* RFC2253 Escape */
-    XMEMSET(rbuf, 0, 255);
-    flags = ASN1_STRFLGS_ESC_2253;
-    ExpectIntEQ(p_len = wolfSSL_ASN1_STRING_print_ex(bio, esc_str, flags), 9);
-    ExpectIntEQ(BIO_read(bio, (void*)rbuf, 9), 9);
-    ExpectStrEQ((char*)rbuf, "a\\+\\;\\<\\>");
-    ExpectIntEQ(BIO_set_write_buf_size(fixed, 1), 1);
-    /* Ensure there is 0 bytes available to write into. */
-    ExpectIntEQ(BIO_write(fixed, rbuf, 1), 1);
-    ExpectIntEQ(wolfSSL_ASN1_STRING_print_ex(fixed, esc_str, flags), 0);
-    ExpectIntEQ(BIO_set_write_buf_size(fixed, 1), 1);
-    ExpectIntEQ(wolfSSL_ASN1_STRING_print_ex(fixed, esc_str, flags), 0);
-    ExpectIntEQ(BIO_set_write_buf_size(fixed, 8), 1);
-    ExpectIntEQ(wolfSSL_ASN1_STRING_print_ex(fixed, esc_str, flags), 0);
-
-    /* Show type */
-    XMEMSET(rbuf, 0, 255);
-    flags = ASN1_STRFLGS_SHOW_TYPE;
-    ExpectIntEQ(p_len = wolfSSL_ASN1_STRING_print_ex(bio, asn_str, flags), 28);
-    ExpectIntEQ(BIO_read(bio, (void*)rbuf, 28), 28);
-    ExpectStrEQ((char*)rbuf, "OCTET STRING:Hello wolfSSL!");
-    ExpectIntEQ(BIO_set_write_buf_size(fixed, 1), 1);
-    /* Ensure there is 0 bytes available to write into. */
-    ExpectIntEQ(BIO_write(fixed, rbuf, 1), 1);
-    ExpectIntEQ(wolfSSL_ASN1_STRING_print_ex(fixed, asn_str, flags), 0);
-    ExpectIntEQ(BIO_set_write_buf_size(fixed, 1), 1);
-    ExpectIntEQ(wolfSSL_ASN1_STRING_print_ex(fixed, asn_str, flags), 0);
-    ExpectIntEQ(BIO_set_write_buf_size(fixed, 12), 1);
-    ExpectIntEQ(wolfSSL_ASN1_STRING_print_ex(fixed, asn_str, flags), 0);
-    ExpectIntEQ(BIO_set_write_buf_size(fixed, 27), 1);
-    ExpectIntEQ(wolfSSL_ASN1_STRING_print_ex(fixed, asn_str, flags), 0);
-
-    /* Dump All */
-    XMEMSET(rbuf, 0, 255);
-    flags = ASN1_STRFLGS_DUMP_ALL;
-    ExpectIntEQ(p_len = wolfSSL_ASN1_STRING_print_ex(bio, asn_str, flags), 31);
-    ExpectIntEQ(BIO_read(bio, (void*)rbuf, 31), 31);
-    ExpectStrEQ((char*)rbuf, "#48656C6C6F20776F6C6653534C2100");
-    ExpectIntEQ(BIO_set_write_buf_size(fixed, 1), 1);
-    /* Ensure there is 0 bytes available to write into. */
-    ExpectIntEQ(BIO_write(fixed, rbuf, 1), 1);
-    ExpectIntEQ(wolfSSL_ASN1_STRING_print_ex(fixed, asn_str, flags), 0);
-    ExpectIntEQ(BIO_set_write_buf_size(fixed, 1), 1);
-    ExpectIntEQ(wolfSSL_ASN1_STRING_print_ex(fixed, asn_str, flags), 0);
-    ExpectIntEQ(BIO_set_write_buf_size(fixed, 30), 1);
-    ExpectIntEQ(wolfSSL_ASN1_STRING_print_ex(fixed, asn_str, flags), 0);
-
-    /* Dump Der */
-    XMEMSET(rbuf, 0, 255);
-    flags = ASN1_STRFLGS_DUMP_ALL | ASN1_STRFLGS_DUMP_DER;
-    ExpectIntEQ(p_len = wolfSSL_ASN1_STRING_print_ex(bio, asn_str, flags), 35);
-    ExpectIntEQ(BIO_read(bio, (void*)rbuf, 35), 35);
-    ExpectStrEQ((char*)rbuf, "#040F48656C6C6F20776F6C6653534C2100");
-    ExpectIntEQ(BIO_set_write_buf_size(fixed, 1), 1);
-    /* Ensure there is 0 bytes available to write into. */
-    ExpectIntEQ(BIO_write(fixed, rbuf, 1), 1);
-    ExpectIntEQ(wolfSSL_ASN1_STRING_print_ex(fixed, asn_str, flags), 0);
-    ExpectIntEQ(BIO_set_write_buf_size(fixed, 1), 1);
-    ExpectIntEQ(wolfSSL_ASN1_STRING_print_ex(fixed, asn_str, flags), 0);
-    ExpectIntEQ(BIO_set_write_buf_size(fixed, 2), 1);
-    ExpectIntEQ(wolfSSL_ASN1_STRING_print_ex(fixed, asn_str, flags), 0);
-    ExpectIntEQ(BIO_set_write_buf_size(fixed, 30), 1);
-    ExpectIntEQ(wolfSSL_ASN1_STRING_print_ex(fixed, asn_str, flags), 0);
-
-    /* Dump All + Show type */
-    XMEMSET(rbuf, 0, 255);
-    flags = ASN1_STRFLGS_DUMP_ALL | ASN1_STRFLGS_SHOW_TYPE;
-    ExpectIntEQ(p_len = wolfSSL_ASN1_STRING_print_ex(bio, asn_str, flags), 44);
-    ExpectIntEQ(BIO_read(bio, (void*)rbuf, 44), 44);
-    ExpectStrEQ((char*)rbuf, "OCTET STRING:#48656C6C6F20776F6C6653534C2100");
-
-    /* Dump All + Show type - Negative Integer. */
-    XMEMSET(rbuf, 0, 255);
-    flags = ASN1_STRFLGS_DUMP_ALL | ASN1_STRFLGS_SHOW_TYPE;
-    ExpectIntEQ(p_len = wolfSSL_ASN1_STRING_print_ex(bio, neg_int, flags), 11);
-    ExpectIntEQ(BIO_read(bio, (void*)rbuf, 11), 11);
-    ExpectStrEQ((char*)rbuf, "INTEGER:#FF");
-
-    /* Dump All + Show type - Negative Enumerated. */
-    XMEMSET(rbuf, 0, 255);
-    flags = ASN1_STRFLGS_DUMP_ALL | ASN1_STRFLGS_SHOW_TYPE;
-    ExpectIntEQ(p_len = wolfSSL_ASN1_STRING_print_ex(bio, neg_enum, flags), 14);
-    ExpectIntEQ(BIO_read(bio, (void*)rbuf, 14), 14);
-    ExpectStrEQ((char*)rbuf, "ENUMERATED:#FF");
-
-    BIO_free(fixed);
-    BIO_free(bio);
-    ASN1_STRING_free(asn_str);
-    ASN1_STRING_free(esc_str);
-    ASN1_STRING_free(neg_int);
-    ASN1_STRING_free(neg_enum);
-
-    ExpectStrEQ(wolfSSL_ASN1_tag2str(-1), "(unknown)");
-    ExpectStrEQ(wolfSSL_ASN1_tag2str(31), "(unknown)");
-#endif
-    return EXPECT_RESULT();
-}
-
-static int test_wolfSSL_ASN1_UNIVERSALSTRING_to_string(void)
-{
-    EXPECT_DECLS;
-#if defined(OPENSSL_ALL) && !defined(NO_ASN)
-    ASN1_STRING* asn1str_test = NULL;
-    ASN1_STRING* asn1str_answer = NULL;
-    /* Each character is encoded using 4 bytes */
-    char input[] = {
-            0, 0, 0, 'T',
-            0, 0, 0, 'e',
-            0, 0, 0, 's',
-            0, 0, 0, 't',
-    };
-    char output[] = "Test";
-    char badInput[] = {
-            1, 0, 0, 'T',
-            0, 1, 0, 'e',
-            0, 0, 1, 's',
-    };
-
-    ExpectIntEQ(ASN1_UNIVERSALSTRING_to_string(NULL), 0);
-    /* Test wrong type. */
-    ExpectNotNull(asn1str_test = ASN1_STRING_type_new(V_ASN1_OCTET_STRING));
-    ExpectIntEQ(ASN1_UNIVERSALSTRING_to_string(asn1str_test), 0);
-    ASN1_STRING_free(asn1str_test);
-    asn1str_test = NULL;
-
-    ExpectNotNull(asn1str_test = ASN1_STRING_type_new(V_ASN1_UNIVERSALSTRING));
-
-    /* Test bad length. */
-    ExpectIntEQ(ASN1_STRING_set(asn1str_test, input, sizeof(input) - 1), 1);
-    ExpectIntEQ(ASN1_UNIVERSALSTRING_to_string(asn1str_test), 0);
-    /* Test bad input. */
-    ExpectIntEQ(ASN1_STRING_set(asn1str_test, badInput + 0, 4), 1);
-    ExpectIntEQ(ASN1_UNIVERSALSTRING_to_string(asn1str_test), 0);
-    ExpectIntEQ(ASN1_STRING_set(asn1str_test, badInput + 4, 4), 1);
-    ExpectIntEQ(ASN1_UNIVERSALSTRING_to_string(asn1str_test), 0);
-    ExpectIntEQ(ASN1_STRING_set(asn1str_test, badInput + 8, 4), 1);
-    ExpectIntEQ(ASN1_UNIVERSALSTRING_to_string(asn1str_test), 0);
-
-    ExpectIntEQ(ASN1_STRING_set(asn1str_test, input, sizeof(input)), 1);
-    ExpectIntEQ(ASN1_UNIVERSALSTRING_to_string(asn1str_test), 1);
-
-    ExpectNotNull(
-        asn1str_answer = ASN1_STRING_type_new(V_ASN1_PRINTABLESTRING));
-    ExpectIntEQ(ASN1_STRING_set(asn1str_answer, output, sizeof(output)-1), 1);
-
-    ExpectIntEQ(ASN1_STRING_cmp(asn1str_test, asn1str_answer), 0);
-
-    ASN1_STRING_free(asn1str_test);
-    ASN1_STRING_free(asn1str_answer);
-#endif /* OPENSSL_ALL && !NO_ASN */
-    return EXPECT_RESULT();
-}
-
-static int test_wolfSSL_ASN1_GENERALIZEDTIME_free(void)
-{
-    EXPECT_DECLS;
-#if defined(OPENSSL_EXTRA) && !defined(NO_ASN_TIME)
-    WOLFSSL_ASN1_GENERALIZEDTIME* asn1_gtime = NULL;
-
-    ExpectNotNull(asn1_gtime = ASN1_GENERALIZEDTIME_new());
-    if (asn1_gtime != NULL)
-        XMEMCPY(asn1_gtime->data, "20180504123500Z", ASN_GENERALIZED_TIME_SIZE);
-    ASN1_GENERALIZEDTIME_free(asn1_gtime);
-#endif /* OPENSSL_EXTRA && !NO_ASN_TIME */
-    return EXPECT_RESULT();
-}
-
-static int test_wolfSSL_ASN1_GENERALIZEDTIME_print(void)
-{
-    EXPECT_DECLS;
-#if defined(OPENSSL_EXTRA) && !defined(NO_ASN_TIME) && !defined(NO_BIO)
-    WOLFSSL_ASN1_GENERALIZEDTIME* gtime = NULL;
-    BIO* bio = NULL;
-    unsigned char buf[24];
-    int i;
-
-    ExpectNotNull(bio = BIO_new(BIO_s_mem()));
-    BIO_set_write_buf_size(bio, 24);
-
-    ExpectNotNull(gtime = ASN1_GENERALIZEDTIME_new());
-    /* Type not set. */
-    ExpectIntEQ(wolfSSL_ASN1_GENERALIZEDTIME_print(bio, gtime), 0);
-    ExpectIntEQ(wolfSSL_ASN1_TIME_set_string(gtime, "20180504123500Z"), 1);
-
-    /* Invalid parameters testing. */
-    ExpectIntEQ(wolfSSL_ASN1_GENERALIZEDTIME_print(NULL, NULL), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
-    ExpectIntEQ(wolfSSL_ASN1_GENERALIZEDTIME_print(bio, NULL), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
-    ExpectIntEQ(wolfSSL_ASN1_GENERALIZEDTIME_print(NULL, gtime), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
-
-    ExpectIntEQ(wolfSSL_ASN1_GENERALIZEDTIME_print(bio, gtime), 1);
-    ExpectIntEQ(BIO_read(bio, buf, sizeof(buf)), 20);
-    ExpectIntEQ(XMEMCMP(buf, "May 04 12:35:00 2018", 20), 0);
-
-    BIO_free(bio);
-    bio = NULL;
-
-    ExpectNotNull(bio = BIO_new(wolfSSL_BIO_s_fixed_mem()));
-    ExpectIntEQ(BIO_set_write_buf_size(bio, 1), 1);
-    /* Ensure there is 0 bytes available to write into. */
-    ExpectIntEQ(BIO_write(bio, buf, 1), 1);
-    ExpectIntEQ(wolfSSL_ASN1_GENERALIZEDTIME_print(bio, gtime), 0);
-    for (i = 1; i < 20; i++) {
-        ExpectIntEQ(BIO_set_write_buf_size(bio, i), 1);
-        ExpectIntEQ(wolfSSL_ASN1_GENERALIZEDTIME_print(bio, gtime), 0);
-    }
-    BIO_free(bio);
-
-    wolfSSL_ASN1_GENERALIZEDTIME_free(gtime);
-#endif /* OPENSSL_EXTRA && !NO_ASN_TIME && !NO_BIO */
-    return EXPECT_RESULT();
-}
-
-static int test_wolfSSL_ASN1_TIME(void)
-{
-    EXPECT_DECLS;
-#if defined(OPENSSL_EXTRA) && !defined(NO_ASN_TIME)
-    WOLFSSL_ASN1_TIME* asn_time = NULL;
-    unsigned char *data = NULL;
-
-    ExpectNotNull(asn_time = ASN1_TIME_new());
-
-#ifndef NO_WOLFSSL_STUB
-    ExpectNotNull(ASN1_TIME_set(asn_time, 1));
-#endif
-    ExpectIntEQ(ASN1_TIME_set_string(NULL, NULL), 0);
-    ExpectIntEQ(ASN1_TIME_set_string(asn_time, NULL), 0);
-    ExpectIntEQ(ASN1_TIME_set_string(NULL,
-        "String longer than CTC_DATA_SIZE that is 32 bytes"), 0);
-    ExpectIntEQ(ASN1_TIME_set_string(NULL, "101219181011Z"), 1);
-    ExpectIntEQ(ASN1_TIME_set_string(asn_time, "101219181011Z"), 1);
-
-    ExpectIntEQ(wolfSSL_ASN1_TIME_get_length(NULL), 0);
-    ExpectIntEQ(wolfSSL_ASN1_TIME_get_length(asn_time), ASN_UTC_TIME_SIZE - 1);
-    ExpectNull(wolfSSL_ASN1_TIME_get_data(NULL));
-    ExpectNotNull(data = wolfSSL_ASN1_TIME_get_data(asn_time));
-    ExpectIntEQ(XMEMCMP(data, "101219181011Z", 14), 0);
-
-    ExpectIntEQ(ASN1_TIME_check(NULL), 0);
-    ExpectIntEQ(ASN1_TIME_check(asn_time), 1);
-
-    ExpectIntEQ(ASN1_TIME_set_string_X509(asn_time, "101219181011Z"), 1);
-    ExpectIntEQ(ASN1_TIME_set_string_X509(asn_time, "101219181011Za"), 0);
-
-    ASN1_TIME_free(asn_time);
-    ASN1_TIME_free(NULL);
-#endif
-    return EXPECT_RESULT();
-}
-
-static int test_wolfSSL_ASN1_TIME_to_string(void)
-{
-    EXPECT_DECLS;
-#ifndef NO_ASN_TIME
-#if defined(WOLFSSL_MYSQL_COMPATIBLE) || defined(WOLFSSL_NGINX) || \
-    defined(WOLFSSL_HAPROXY) || defined(OPENSSL_EXTRA) || defined(OPENSSL_ALL)
-    WOLFSSL_ASN1_TIME* t = NULL;
-    char buf[ASN_GENERALIZED_TIME_SIZE];
-
-    ExpectNotNull((t = ASN1_TIME_new()));
-    ExpectIntEQ(ASN1_TIME_set_string(t, "030222211515Z"), 1);
-
-    /* Invalid parameter testing. */
-    ExpectNull(ASN1_TIME_to_string(NULL, NULL, 4));
-    ExpectNull(ASN1_TIME_to_string(t, NULL, 4));
-    ExpectNull(ASN1_TIME_to_string(NULL, buf, 4));
-    ExpectNull(ASN1_TIME_to_string(NULL, NULL, 5));
-    ExpectNull(ASN1_TIME_to_string(NULL, buf, 5));
-    ExpectNull(ASN1_TIME_to_string(t, NULL, 5));
-    ExpectNull(ASN1_TIME_to_string(t, buf, 4));
-    /* Buffer needs to be longer than minimum of 5 characters. */
-    ExpectNull(ASN1_TIME_to_string(t, buf, 5));
-
-    ASN1_TIME_free(t);
-#endif
-#endif /* NO_ASN_TIME */
-    return EXPECT_RESULT();
-}
-
-static int test_wolfSSL_ASN1_TIME_diff_compare(void)
-{
-    EXPECT_DECLS;
-#if defined(OPENSSL_EXTRA) && !defined(NO_ASN_TIME)
-    ASN1_TIME* fromTime = NULL;
-    ASN1_TIME* closeToTime = NULL;
-    ASN1_TIME* toTime = NULL;
-    ASN1_TIME* invalidTime = NULL;
-    int daysDiff = 0;
-    int secsDiff = 0;
-
-    ExpectNotNull((fromTime = ASN1_TIME_new()));
-    /* Feb 22, 2003, 21:15:15 */
-    ExpectIntEQ(ASN1_TIME_set_string(fromTime, "030222211515Z"), 1);
-    ExpectNotNull((closeToTime = ASN1_TIME_new()));
-    /* Feb 22, 2003, 21:16:15 */
-    ExpectIntEQ(ASN1_TIME_set_string(closeToTime, "030222211615Z"), 1);
-    ExpectNotNull((toTime = ASN1_TIME_new()));
-    /* Dec 19, 2010, 18:10:11 */
-    ExpectIntEQ(ASN1_TIME_set_string(toTime, "101219181011Z"), 1);
-    ExpectNotNull((invalidTime = ASN1_TIME_new()));
-    /* Dec 19, 2010, 18:10:11 but 'U' instead of 'Z' which is invalid. */
-    ExpectIntEQ(ASN1_TIME_set_string(invalidTime, "102519181011U"), 1);
-
-    ExpectIntEQ(ASN1_TIME_diff(&daysDiff, &secsDiff, fromTime, invalidTime), 0);
-    ExpectIntEQ(ASN1_TIME_diff(&daysDiff, &secsDiff, invalidTime, toTime), 0);
-
-    ExpectIntEQ(ASN1_TIME_diff(&daysDiff, &secsDiff, fromTime, toTime), 1);
-
-    /* Test when secsDiff or daysDiff is NULL. */
-    ExpectIntEQ(ASN1_TIME_diff(NULL, &secsDiff, fromTime, toTime), 1);
-    ExpectIntEQ(ASN1_TIME_diff(&daysDiff, NULL, fromTime, toTime), 1);
-    ExpectIntEQ(ASN1_TIME_diff(NULL, NULL, fromTime, toTime), 1);
-
-    /* If both times are NULL, difference is 0. */
-    ExpectIntEQ(ASN1_TIME_diff(&daysDiff, &secsDiff, NULL, NULL), 1);
-    ExpectIntEQ(daysDiff, 0);
-    ExpectIntEQ(secsDiff, 0);
-
-    /* If one time is NULL, it defaults to the current time. */
-    ExpectIntEQ(ASN1_TIME_diff(&daysDiff, &secsDiff, NULL, toTime), 1);
-    ExpectIntEQ(ASN1_TIME_diff(&daysDiff, &secsDiff, fromTime, NULL), 1);
-
-    /* Normal operation. Both times non-NULL. */
-    ExpectIntEQ(ASN1_TIME_diff(&daysDiff, &secsDiff, fromTime, toTime), 1);
-    ExpectIntEQ(daysDiff, 2856);
-    ExpectIntEQ(secsDiff, 75296);
-    /* Swapping the times should return negative values. */
-    ExpectIntEQ(ASN1_TIME_diff(&daysDiff, &secsDiff, toTime, fromTime), 1);
-    ExpectIntEQ(daysDiff, -2856);
-    ExpectIntEQ(secsDiff, -75296);
-
-    /* Compare with invalid time string. */
-    ExpectIntEQ(ASN1_TIME_compare(fromTime, invalidTime), -2);
-    ExpectIntEQ(ASN1_TIME_compare(invalidTime, toTime), -2);
-    /* Compare with days difference of 0. */
-    ExpectIntEQ(ASN1_TIME_compare(fromTime, closeToTime), -1);
-    ExpectIntEQ(ASN1_TIME_compare(closeToTime, fromTime), 1);
-    /* Days and seconds differences not 0. */
-    ExpectIntEQ(ASN1_TIME_compare(fromTime, toTime), -1);
-    ExpectIntEQ(ASN1_TIME_compare(toTime, fromTime), 1);
-    /* Same time. */
-    ExpectIntEQ(ASN1_TIME_compare(fromTime, fromTime), 0);
-
-    /* Compare regression test: No seconds difference, just difference in days.
-     */
-    ASN1_TIME_set_string(fromTime, "19700101000000Z");
-    ASN1_TIME_set_string(toTime, "19800101000000Z");
-    ExpectIntEQ(ASN1_TIME_compare(fromTime, toTime), -1);
-    ExpectIntEQ(ASN1_TIME_compare(toTime, fromTime), 1);
-    ExpectIntEQ(ASN1_TIME_compare(fromTime, fromTime), 0);
-
-    /* Edge case with Unix epoch. */
-    ExpectNotNull(ASN1_TIME_set_string(fromTime, "19700101000000Z"));
-    ExpectNotNull(ASN1_TIME_set_string(toTime, "19800101000000Z"));
-    ExpectIntEQ(ASN1_TIME_diff(&daysDiff, &secsDiff, fromTime, toTime), 1);
-    ExpectIntEQ(daysDiff, 3652);
-    ExpectIntEQ(secsDiff, 0);
-
-    /* Edge case with year > 2038 (year 2038 problem). */
-    ExpectNotNull(ASN1_TIME_set_string(toTime, "99991231235959Z"));
-    ExpectIntEQ(ASN1_TIME_diff(&daysDiff, &secsDiff, fromTime, toTime), 1);
-    ExpectIntEQ(daysDiff, 2932896);
-    ExpectIntEQ(secsDiff, 86399);
-
-    ASN1_TIME_free(fromTime);
-    ASN1_TIME_free(closeToTime);
-    ASN1_TIME_free(toTime);
-    ASN1_TIME_free(invalidTime);
-#endif
-    return EXPECT_RESULT();
-}
-
-static int test_wolfSSL_ASN1_TIME_adj(void)
-{
-    EXPECT_DECLS;
-#if defined(OPENSSL_EXTRA) && !defined(NO_ASN_TIME) && \
-    !defined(USER_TIME) && !defined(TIME_OVERRIDES)
-    const int year = 365*24*60*60;
-    const int day  = 24*60*60;
-    const int hour = 60*60;
-    const int mini = 60;
-    const byte asn_utc_time = ASN_UTC_TIME;
-#if !defined(TIME_T_NOT_64BIT) && !defined(NO_64BIT)
-    const byte asn_gen_time = ASN_GENERALIZED_TIME;
-#endif
-    WOLFSSL_ASN1_TIME* asn_time = NULL;
-    WOLFSSL_ASN1_TIME* s = NULL;
-    int offset_day;
-    long offset_sec;
-    char date_str[CTC_DATE_SIZE + 1];
-    time_t t;
-
-    ExpectNotNull(s = wolfSSL_ASN1_TIME_new());
-    /* UTC notation test */
-    /* 2000/2/15 20:30:00 */
-    t = (time_t)30 * year + 45 * day + 20 * hour + 30 * mini + 7 * day;
-    offset_day = 7;
-    offset_sec = 45 * mini;
-    /* offset_sec = -45 * min;*/
-    ExpectNotNull(asn_time =
-            wolfSSL_ASN1_TIME_adj(s, t, offset_day, offset_sec));
-    if (asn_time != NULL) {
-        ExpectTrue(asn_time->type == asn_utc_time);
-        ExpectNotNull(XSTRNCPY(date_str, (const char*)&asn_time->data,
-            CTC_DATE_SIZE));
-        date_str[CTC_DATE_SIZE] = '\0';
-        ExpectIntEQ(0, XMEMCMP(date_str, "000222211500Z", 13));
-        if (asn_time != s) {
-            XFREE(asn_time, NULL, DYNAMIC_TYPE_OPENSSL);
-        }
-        asn_time = NULL;
-    }
-
-    /* negative offset */
-    offset_sec = -45 * mini;
-    asn_time = wolfSSL_ASN1_TIME_adj(s, t, offset_day, offset_sec);
-    ExpectNotNull(asn_time);
-    if (asn_time != NULL) {
-        ExpectTrue(asn_time->type == asn_utc_time);
-        ExpectNotNull(XSTRNCPY(date_str, (const char*)&asn_time->data,
-            CTC_DATE_SIZE));
-        date_str[CTC_DATE_SIZE] = '\0';
-        ExpectIntEQ(0, XMEMCMP(date_str, "000222194500Z", 13));
-        if (asn_time != s) {
-            XFREE(asn_time, NULL, DYNAMIC_TYPE_OPENSSL);
-        }
-        asn_time = NULL;
-    }
-
-    XFREE(s, NULL, DYNAMIC_TYPE_OPENSSL);
-    s = NULL;
-    XMEMSET(date_str, 0, sizeof(date_str));
-
-    /* Generalized time will overflow time_t if not long */
-#if !defined(TIME_T_NOT_64BIT) && !defined(NO_64BIT)
-    s = (WOLFSSL_ASN1_TIME*)XMALLOC(sizeof(WOLFSSL_ASN1_TIME), NULL,
-                                    DYNAMIC_TYPE_OPENSSL);
-    /* GeneralizedTime notation test */
-    /* 2055/03/01 09:00:00 */
-    t = (time_t)85 * year + 59 * day + 9 * hour + 21 * day;
-        offset_day = 12;
-        offset_sec = 10 * mini;
-    ExpectNotNull(asn_time = wolfSSL_ASN1_TIME_adj(s, t, offset_day,
-        offset_sec));
-    if (asn_time != NULL) {
-        ExpectTrue(asn_time->type == asn_gen_time);
-        ExpectNotNull(XSTRNCPY(date_str, (const char*)&asn_time->data,
-            CTC_DATE_SIZE));
-        date_str[CTC_DATE_SIZE] = '\0';
-        ExpectIntEQ(0, XMEMCMP(date_str, "20550313091000Z", 15));
-        if (asn_time != s) {
-            XFREE(asn_time, NULL, DYNAMIC_TYPE_OPENSSL);
-        }
-        asn_time = NULL;
-    }
-
-    XFREE(s, NULL, DYNAMIC_TYPE_OPENSSL);
-    s = NULL;
-    XMEMSET(date_str, 0, sizeof(date_str));
-#endif /* !TIME_T_NOT_64BIT && !NO_64BIT */
-
-    /* if WOLFSSL_ASN1_TIME struct is not allocated */
-    s = NULL;
-
-    t = (time_t)30 * year + 45 * day + 20 * hour + 30 * mini + 15 + 7 * day;
-    offset_day = 7;
-    offset_sec = 45 * mini;
-    ExpectNotNull(asn_time = wolfSSL_ASN1_TIME_adj(s, t, offset_day,
-        offset_sec));
-    if (asn_time != NULL) {
-        ExpectTrue(asn_time->type == asn_utc_time);
-        ExpectNotNull(XSTRNCPY(date_str, (const char*)&asn_time->data,
-            CTC_DATE_SIZE));
-        date_str[CTC_DATE_SIZE] = '\0';
-        ExpectIntEQ(0, XMEMCMP(date_str, "000222211515Z", 13));
-        XFREE(asn_time, NULL, DYNAMIC_TYPE_OPENSSL);
-        asn_time = NULL;
-    }
-    ExpectNotNull(asn_time = wolfSSL_ASN1_TIME_adj(NULL, t, offset_day,
-        offset_sec));
-    if (asn_time != NULL) {
-        ExpectTrue(asn_time->type == asn_utc_time);
-        ExpectNotNull(XSTRNCPY(date_str, (const char*)&asn_time->data,
-            CTC_DATE_SIZE));
-        date_str[CTC_DATE_SIZE] = '\0';
-        ExpectIntEQ(0, XMEMCMP(date_str, "000222211515Z", 13));
-        XFREE(asn_time, NULL, DYNAMIC_TYPE_OPENSSL);
-        asn_time = NULL;
-    }
-#endif
-    return EXPECT_RESULT();
-}
-
-static int test_wolfSSL_ASN1_TIME_to_tm(void)
-{
-    EXPECT_DECLS;
-#if (defined(WOLFSSL_MYSQL_COMPATIBLE) || defined(WOLFSSL_NGINX) || \
-      defined(WOLFSSL_HAPROXY) || defined(OPENSSL_EXTRA) || \
-      defined(OPENSSL_ALL)) && !defined(NO_ASN_TIME)
-    ASN1_TIME asnTime;
-    struct tm tm;
-    time_t testTime = 1683926567; /* Fri May 12 09:22:47 PM UTC 2023 */
-
-    XMEMSET(&tm, 0, sizeof(struct tm));
-
-    XMEMSET(&asnTime, 0, sizeof(ASN1_TIME));
-    ExpectIntEQ(ASN1_TIME_set_string(&asnTime, "000222211515Z"), 1);
-    ExpectIntEQ(ASN1_TIME_to_tm(&asnTime, NULL), 1);
-    ExpectIntEQ(ASN1_TIME_to_tm(&asnTime, &tm), 1);
-
-    ExpectIntEQ(tm.tm_sec, 15);
-    ExpectIntEQ(tm.tm_min, 15);
-    ExpectIntEQ(tm.tm_hour, 21);
-    ExpectIntEQ(tm.tm_mday, 22);
-    ExpectIntEQ(tm.tm_mon, 1);
-    ExpectIntEQ(tm.tm_year, 100);
-    ExpectIntEQ(tm.tm_isdst, 0);
-#ifdef XMKTIME
-    ExpectIntEQ(tm.tm_wday, 2);
-    ExpectIntEQ(tm.tm_yday, 52);
-#endif
-
-    ExpectIntEQ(ASN1_TIME_set_string(&asnTime, "500222211515Z"), 1);
-    ExpectIntEQ(ASN1_TIME_to_tm(&asnTime, &tm), 1);
-    ExpectIntEQ(tm.tm_year, 50);
-
-    /* Get current time. */
-    ExpectIntEQ(ASN1_TIME_to_tm(NULL, NULL), 0);
-    ExpectIntEQ(ASN1_TIME_to_tm(NULL, &tm), 1);
-
-    XMEMSET(&asnTime, 0, sizeof(ASN1_TIME));
-    /* 0 length. */
-    ExpectIntEQ(ASN1_TIME_to_tm(&asnTime, &tm), 0);
-    /* No type. */
-    asnTime.length = 1;
-    ExpectIntEQ(ASN1_TIME_to_tm(&asnTime, &tm), 0);
-    /* Not UTCTIME length. */
-    asnTime.type = V_ASN1_UTCTIME;
-    ExpectIntEQ(ASN1_TIME_to_tm(&asnTime, &tm), 0);
-    /* Not GENERALIZEDTIME length. */
-    asnTime.type = V_ASN1_GENERALIZEDTIME;
-    ExpectIntEQ(ASN1_TIME_to_tm(&asnTime, &tm), 0);
-
-    /* Not Zulu timezone. */
-    ExpectIntEQ(ASN1_TIME_set_string(&asnTime, "000222211515U"), 1);
-    ExpectIntEQ(ASN1_TIME_to_tm(&asnTime, &tm), 0);
-    ExpectIntEQ(ASN1_TIME_set_string(&asnTime, "20000222211515U"), 1);
-    ExpectIntEQ(ASN1_TIME_to_tm(&asnTime, &tm), 0);
-
-#ifdef XMKTIME
-    ExpectNotNull(ASN1_TIME_adj(&asnTime, testTime, 0, 0));
-    ExpectIntEQ(ASN1_TIME_to_tm(&asnTime, &tm), 1);
-    ExpectIntEQ(tm.tm_sec, 47);
-    ExpectIntEQ(tm.tm_min, 22);
-    ExpectIntEQ(tm.tm_hour, 21);
-    ExpectIntEQ(tm.tm_mday, 12);
-    ExpectIntEQ(tm.tm_mon, 4);
-    ExpectIntEQ(tm.tm_year, 123);
-    ExpectIntEQ(tm.tm_wday, 5);
-    ExpectIntEQ(tm.tm_yday, 131);
-    /* Confirm that when used with a tm struct from ASN1_TIME_adj, all other
-       fields are zeroed out as expected. */
-    ExpectIntEQ(tm.tm_isdst, 0);
-#endif
-#endif
-    return EXPECT_RESULT();
-}
-
-static int test_wolfSSL_ASN1_TIME_to_generalizedtime(void)
-{
-    EXPECT_DECLS;
-#if defined(OPENSSL_EXTRA) && !defined(NO_ASN_TIME)
-    WOLFSSL_ASN1_TIME *t = NULL;
-    WOLFSSL_ASN1_TIME *out = NULL;
-    WOLFSSL_ASN1_TIME *gtime = NULL;
-    int tlen = 0;
-    unsigned char *data = NULL;
-
-    ExpectNotNull(t = wolfSSL_ASN1_TIME_new());
-    ExpectNull(wolfSSL_ASN1_TIME_to_generalizedtime(NULL, &out));
-    /* type not set. */
-    ExpectNull(wolfSSL_ASN1_TIME_to_generalizedtime(t, &out));
-    XFREE(t, NULL, DYNAMIC_TYPE_TMP_BUFFER);
-    t = NULL;
-
-    /* UTC Time test */
-    ExpectNotNull(t = wolfSSL_ASN1_TIME_new());
-    if (t != NULL) {
-        XMEMSET(t->data, 0, ASN_GENERALIZED_TIME_SIZE);
-        t->type = ASN_UTC_TIME;
-        t->length = ASN_UTC_TIME_SIZE;
-        XMEMCPY(t->data, "050727123456Z", ASN_UTC_TIME_SIZE);
-    }
-
-    ExpectIntEQ(tlen = wolfSSL_ASN1_TIME_get_length(t), ASN_UTC_TIME_SIZE);
-    ExpectStrEQ((char*)(data = wolfSSL_ASN1_TIME_get_data(t)), "050727123456Z");
-
-    out = NULL;
-    ExpectNotNull(gtime = wolfSSL_ASN1_TIME_to_generalizedtime(t, &out));
-    wolfSSL_ASN1_TIME_free(gtime);
-    gtime = NULL;
-    ExpectNotNull(out = wolfSSL_ASN1_TIME_new());
-    ExpectNotNull(gtime = wolfSSL_ASN1_TIME_to_generalizedtime(t, &out));
-    ExpectPtrEq(gtime, out);
-    ExpectIntEQ(gtime->type, ASN_GENERALIZED_TIME);
-    ExpectIntEQ(gtime->length, ASN_GENERALIZED_TIME_SIZE);
-    ExpectStrEQ((char*)gtime->data, "20050727123456Z");
-
-    /* Generalized Time test */
-    ExpectNotNull(XMEMSET(t, 0, ASN_GENERALIZED_TIME_SIZE));
-    ExpectNotNull(XMEMSET(out, 0, ASN_GENERALIZED_TIME_SIZE));
-    ExpectNotNull(XMEMSET(data, 0, ASN_GENERALIZED_TIME_SIZE));
-    if (t != NULL) {
-        t->type = ASN_GENERALIZED_TIME;
-        t->length = ASN_GENERALIZED_TIME_SIZE;
-        XMEMCPY(t->data, "20050727123456Z", ASN_GENERALIZED_TIME_SIZE);
-    }
-
-    ExpectIntEQ(tlen = wolfSSL_ASN1_TIME_get_length(t),
-        ASN_GENERALIZED_TIME_SIZE);
-    ExpectStrEQ((char*)(data = wolfSSL_ASN1_TIME_get_data(t)),
-        "20050727123456Z");
-    ExpectNotNull(gtime = wolfSSL_ASN1_TIME_to_generalizedtime(t, &out));
-    ExpectIntEQ(gtime->type, ASN_GENERALIZED_TIME);
-    ExpectIntEQ(gtime->length, ASN_GENERALIZED_TIME_SIZE);
-    ExpectStrEQ((char*)gtime->data, "20050727123456Z");
-
-    /* UTC Time to Generalized Time 1900's test */
-    ExpectNotNull(XMEMSET(t, 0, ASN_GENERALIZED_TIME_SIZE));
-    ExpectNotNull(XMEMSET(out, 0, ASN_GENERALIZED_TIME_SIZE));
-    ExpectNotNull(XMEMSET(data, 0, ASN_GENERALIZED_TIME_SIZE));
-    if (t != NULL) {
-        t->type = ASN_UTC_TIME;
-        t->length = ASN_UTC_TIME_SIZE;
-        XMEMCPY(t->data, "500727123456Z", ASN_UTC_TIME_SIZE);
-    }
-
-    ExpectNotNull(gtime = wolfSSL_ASN1_TIME_to_generalizedtime(t, &out));
-    ExpectIntEQ(gtime->type, ASN_GENERALIZED_TIME);
-    ExpectIntEQ(gtime->length, ASN_GENERALIZED_TIME_SIZE);
-    ExpectStrEQ((char*)gtime->data, "19500727123456Z");
-    XFREE(out, NULL, DYNAMIC_TYPE_TMP_BUFFER);
-
-    /* Null parameter test */
-    ExpectNotNull(XMEMSET(t, 0, ASN_GENERALIZED_TIME_SIZE));
-    gtime = NULL;
-    out = NULL;
-    if (t != NULL) {
-        t->type = ASN_UTC_TIME;
-        t->length = ASN_UTC_TIME_SIZE;
-        XMEMCPY(t->data, "050727123456Z", ASN_UTC_TIME_SIZE);
-    }
-    ExpectNotNull(gtime = wolfSSL_ASN1_TIME_to_generalizedtime(t, NULL));
-    ExpectIntEQ(gtime->type, ASN_GENERALIZED_TIME);
-    ExpectIntEQ(gtime->length, ASN_GENERALIZED_TIME_SIZE);
-    ExpectStrEQ((char*)gtime->data, "20050727123456Z");
-
-    XFREE(gtime, NULL, DYNAMIC_TYPE_TMP_BUFFER);
-    XFREE(t, NULL, DYNAMIC_TYPE_TMP_BUFFER);
-#endif
-    return EXPECT_RESULT();
-}
-
-static int test_wolfSSL_ASN1_TIME_print(void)
-{
-    EXPECT_DECLS;
-#if !defined(NO_CERTS) && !defined(NO_RSA) && !defined(NO_BIO) && \
-    (defined(WOLFSSL_MYSQL_COMPATIBLE) || defined(WOLFSSL_NGINX) || \
-     defined(WOLFSSL_HAPROXY) || defined(OPENSSL_EXTRA) || \
-     defined(OPENSSL_ALL)) && defined(USE_CERT_BUFFERS_2048) && \
-    !defined(NO_ASN_TIME)
-    BIO*  bio = NULL;
-    BIO*  fixed = NULL;
-    X509*  x509 = NULL;
-    const unsigned char* der = client_cert_der_2048;
-    ASN1_TIME* notAfter = NULL;
-    ASN1_TIME* notBefore = NULL;
-    unsigned char buf[25];
-
-    ExpectNotNull(bio = BIO_new(BIO_s_mem()));
-    ExpectNotNull(fixed = BIO_new(wolfSSL_BIO_s_fixed_mem()));
-    ExpectNotNull(x509 = wolfSSL_X509_load_certificate_buffer(der,
-                sizeof_client_cert_der_2048, WOLFSSL_FILETYPE_ASN1));
-    ExpectNotNull(notBefore = X509_get_notBefore(x509));
-
-    ExpectIntEQ(ASN1_TIME_print(NULL, NULL), 0);
-    ExpectIntEQ(ASN1_TIME_print(bio, NULL), 0);
-    ExpectIntEQ(ASN1_TIME_print(NULL, notBefore), 0);
-
-    ExpectIntEQ(ASN1_TIME_print(bio, notBefore), 1);
-    ExpectIntEQ(BIO_read(bio, buf, sizeof(buf)), 24);
-    ExpectIntEQ(XMEMCMP(buf, "Dec 18 21:25:29 2024 GMT", sizeof(buf) - 1), 0);
-
-    /* Test BIO_write fails. */
-    ExpectIntEQ(BIO_set_write_buf_size(fixed, 1), 1);
-    /* Ensure there is 0 bytes available to write into. */
-    ExpectIntEQ(BIO_write(fixed, buf, 1), 1);
-    ExpectIntEQ(ASN1_TIME_print(fixed, notBefore), 0);
-    ExpectIntEQ(BIO_set_write_buf_size(fixed, 1), 1);
-    ExpectIntEQ(ASN1_TIME_print(fixed, notBefore), 0);
-    ExpectIntEQ(BIO_set_write_buf_size(fixed, 23), 1);
-    ExpectIntEQ(ASN1_TIME_print(fixed, notBefore), 0);
-
-    /* create a bad time and test results */
-    ExpectNotNull(notAfter = X509_get_notAfter(x509));
-    ExpectIntEQ(ASN1_TIME_check(notAfter), 1);
-    if (EXPECT_SUCCESS()) {
-        notAfter->data[8] = 0;
-        notAfter->data[3] = 0;
-    }
-    ExpectIntNE(ASN1_TIME_print(bio, notAfter), 1);
-    ExpectIntEQ(BIO_read(bio, buf, sizeof(buf)), 14);
-    ExpectIntEQ(XMEMCMP(buf, "Bad time value", 14), 0);
-    ExpectIntEQ(ASN1_TIME_check(notAfter), 0);
-
-    BIO_free(bio);
-    BIO_free(fixed);
-    X509_free(x509);
-#endif
-    return EXPECT_RESULT();
-}
-
-static int test_wolfSSL_ASN1_UTCTIME_print(void)
-{
-    EXPECT_DECLS;
-#if defined(OPENSSL_EXTRA) && !defined(NO_ASN_TIME) && !defined(NO_BIO)
-    BIO*  bio = NULL;
-    ASN1_UTCTIME* utc = NULL;
-    unsigned char buf[25];
-    const char* validDate   = "190424111501Z";   /* UTC =   YYMMDDHHMMSSZ */
-    const char* invalidDate = "190424111501X";   /* UTC =   YYMMDDHHMMSSZ */
-    const char* genDate     = "20190424111501Z"; /* GEN = YYYYMMDDHHMMSSZ */
-
-    /* Valid date */
-    ExpectNotNull(bio = BIO_new(BIO_s_mem()));
-    ExpectNotNull(utc = (ASN1_UTCTIME*)XMALLOC(sizeof(ASN1_UTCTIME), NULL,
-                                                           DYNAMIC_TYPE_ASN1));
-    if (utc != NULL) {
-        utc->type = ASN_UTC_TIME;
-        utc->length = ASN_UTC_TIME_SIZE;
-        XMEMCPY(utc->data, (byte*)validDate, ASN_UTC_TIME_SIZE);
-    }
-
-    ExpectIntEQ(ASN1_UTCTIME_print(NULL, NULL), 0);
-    ExpectIntEQ(ASN1_UTCTIME_print(bio, NULL), 0);
-    ExpectIntEQ(ASN1_UTCTIME_print(NULL, utc), 0);
-
-    ExpectIntEQ(ASN1_UTCTIME_print(bio, utc), 1);
-    ExpectIntEQ(BIO_read(bio, buf, sizeof(buf)), 24);
-    ExpectIntEQ(XMEMCMP(buf, "Apr 24 11:15:01 2019 GMT", sizeof(buf)-1), 0);
-
-    XMEMSET(buf, 0, sizeof(buf));
-    BIO_free(bio);
-    bio = NULL;
-
-    /* Invalid format */
-    ExpectNotNull(bio = BIO_new(BIO_s_mem()));
-    if (utc != NULL) {
-        utc->type = ASN_UTC_TIME;
-        utc->length = ASN_UTC_TIME_SIZE;
-        XMEMCPY(utc->data, (byte*)invalidDate, ASN_UTC_TIME_SIZE);
-    }
-    ExpectIntEQ(ASN1_UTCTIME_print(bio, utc), 0);
-    ExpectIntEQ(BIO_read(bio, buf, sizeof(buf)), 14);
-    ExpectIntEQ(XMEMCMP(buf, "Bad time value", 14), 0);
-
-    /* Invalid type */
-    if (utc != NULL) {
-        utc->type = ASN_GENERALIZED_TIME;
-        utc->length = ASN_GENERALIZED_TIME_SIZE;
-        XMEMCPY(utc->data, (byte*)genDate, ASN_GENERALIZED_TIME_SIZE);
-    }
-    ExpectIntEQ(ASN1_UTCTIME_print(bio, utc), 0);
-
-    XFREE(utc, NULL, DYNAMIC_TYPE_ASN1);
-    BIO_free(bio);
-#endif /* OPENSSL_EXTRA && !NO_ASN_TIME && !NO_BIO */
-    return EXPECT_RESULT();
-}
-
-static int test_wolfSSL_ASN1_TYPE(void)
-{
-    EXPECT_DECLS;
-#if defined(OPENSSL_ALL) || defined(WOLFSSL_APACHE_HTTPD) || \
-    defined(WOLFSSL_HAPROXY) || defined(WOLFSSL_WPAS)
-    WOLFSSL_ASN1_TYPE* t = NULL;
-    WOLFSSL_ASN1_OBJECT* obj = NULL;
-#ifndef NO_ASN_TIME
-    WOLFSSL_ASN1_TIME* time = NULL;
-#endif
-    WOLFSSL_ASN1_STRING* str = NULL;
-    unsigned char data[] = { 0x00 };
-
-    ASN1_TYPE_set(NULL, V_ASN1_NULL, NULL);
-
-    ExpectNotNull(t = wolfSSL_ASN1_TYPE_new());
-    ASN1_TYPE_set(t, V_ASN1_EOC, NULL);
-    wolfSSL_ASN1_TYPE_free(t);
-    t = NULL;
-
-    ExpectNotNull(t = wolfSSL_ASN1_TYPE_new());
-    ASN1_TYPE_set(t, V_ASN1_NULL, NULL);
-    ASN1_TYPE_set(t, V_ASN1_NULL, data);
-    wolfSSL_ASN1_TYPE_free(t);
-    t = NULL;
-
-    ExpectNotNull(t = wolfSSL_ASN1_TYPE_new());
-    ExpectNotNull(obj = wolfSSL_ASN1_OBJECT_new());
-    ASN1_TYPE_set(t, V_ASN1_OBJECT, obj);
-    wolfSSL_ASN1_TYPE_free(t);
-    t = NULL;
-
-#ifndef NO_ASN_TIME
-    ExpectNotNull(t = wolfSSL_ASN1_TYPE_new());
-    ExpectNotNull(time = wolfSSL_ASN1_TIME_new());
-    ASN1_TYPE_set(t, V_ASN1_UTCTIME, time);
-    wolfSSL_ASN1_TYPE_free(t);
-    t = NULL;
-
-    ExpectNotNull(t = wolfSSL_ASN1_TYPE_new());
-    ExpectNotNull(time = wolfSSL_ASN1_TIME_new());
-    ASN1_TYPE_set(t, V_ASN1_GENERALIZEDTIME, time);
-    wolfSSL_ASN1_TYPE_free(t);
-    t = NULL;
-#endif
-
-    ExpectNotNull(t = wolfSSL_ASN1_TYPE_new());
-    ExpectNotNull(str = wolfSSL_ASN1_STRING_new());
-    ASN1_TYPE_set(t, V_ASN1_UTF8STRING, str);
-    wolfSSL_ASN1_TYPE_free(t);
-    t = NULL;
-
-    ExpectNotNull(t = wolfSSL_ASN1_TYPE_new());
-    ExpectNotNull(str = wolfSSL_ASN1_STRING_new());
-    ASN1_TYPE_set(t, V_ASN1_PRINTABLESTRING, str);
-    wolfSSL_ASN1_TYPE_free(t);
-    t = NULL;
-
-    ExpectNotNull(t = wolfSSL_ASN1_TYPE_new());
-    ExpectNotNull(str = wolfSSL_ASN1_STRING_new());
-    ASN1_TYPE_set(t, V_ASN1_T61STRING, str);
-    wolfSSL_ASN1_TYPE_free(t);
-    t = NULL;
-
-    ExpectNotNull(t = wolfSSL_ASN1_TYPE_new());
-    ExpectNotNull(str = wolfSSL_ASN1_STRING_new());
-    ASN1_TYPE_set(t, V_ASN1_IA5STRING, str);
-    wolfSSL_ASN1_TYPE_free(t);
-    t = NULL;
-
-    ExpectNotNull(t = wolfSSL_ASN1_TYPE_new());
-    ExpectNotNull(str = wolfSSL_ASN1_STRING_new());
-    ASN1_TYPE_set(t, V_ASN1_UNIVERSALSTRING, str);
-    wolfSSL_ASN1_TYPE_free(t);
-    t = NULL;
-
-    ExpectNotNull(t = wolfSSL_ASN1_TYPE_new());
-    ExpectNotNull(str = wolfSSL_ASN1_STRING_new());
-    ASN1_TYPE_set(t, V_ASN1_SEQUENCE, str);
-    wolfSSL_ASN1_TYPE_free(t);
-    t = NULL;
-#endif
-    return EXPECT_RESULT();
-}
-
-/* Testing code used in old dpp.c in hostap */
-#if defined(OPENSSL_ALL) && defined(HAVE_ECC) && defined(USE_CERT_BUFFERS_256)
-typedef struct {
-    /* AlgorithmIdentifier ecPublicKey with optional parameters present
-     * as an OID identifying the curve */
-    X509_ALGOR *alg;
-    /* Compressed format public key per ANSI X9.63 */
-    ASN1_BIT_STRING *pub_key;
-} DPP_BOOTSTRAPPING_KEY;
-
-ASN1_SEQUENCE(DPP_BOOTSTRAPPING_KEY) = {
-    ASN1_SIMPLE(DPP_BOOTSTRAPPING_KEY, alg, X509_ALGOR),
-    ASN1_SIMPLE(DPP_BOOTSTRAPPING_KEY, pub_key, ASN1_BIT_STRING)
-} ASN1_SEQUENCE_END(DPP_BOOTSTRAPPING_KEY)
-
-IMPLEMENT_ASN1_FUNCTIONS(DPP_BOOTSTRAPPING_KEY)
-
-typedef struct {
-    int type;
-    union {
-        ASN1_BIT_STRING *str1;
-        ASN1_BIT_STRING *str2;
-        ASN1_BIT_STRING *str3;
-    } d;
-} ASN1_CHOICE_TEST;
-
-ASN1_CHOICE(ASN1_CHOICE_TEST) = {
-    ASN1_IMP(ASN1_CHOICE_TEST, d.str1, ASN1_BIT_STRING, 1),
-    ASN1_IMP(ASN1_CHOICE_TEST, d.str2, ASN1_BIT_STRING, 2),
-    ASN1_IMP(ASN1_CHOICE_TEST, d.str3, ASN1_BIT_STRING, 3)
-} ASN1_CHOICE_END(ASN1_CHOICE_TEST)
-
-IMPLEMENT_ASN1_FUNCTIONS(ASN1_CHOICE_TEST)
-
-/* Test nested objects */
-typedef struct {
-    DPP_BOOTSTRAPPING_KEY* key;
-    ASN1_INTEGER* asnNum;
-    ASN1_INTEGER* expNum;
-    STACK_OF(ASN1_GENERALSTRING) *strList;
-    ASN1_CHOICE_TEST* str;
-} TEST_ASN1_NEST1;
-
-ASN1_SEQUENCE(TEST_ASN1_NEST1) = {
-    ASN1_SIMPLE(TEST_ASN1_NEST1, key, DPP_BOOTSTRAPPING_KEY),
-    ASN1_SIMPLE(TEST_ASN1_NEST1, asnNum, ASN1_INTEGER),
-    ASN1_EXP(TEST_ASN1_NEST1, expNum, ASN1_INTEGER, 0),
-    ASN1_EXP_SEQUENCE_OF(TEST_ASN1_NEST1, strList, ASN1_GENERALSTRING, 1),
-    ASN1_SIMPLE(TEST_ASN1_NEST1, str, ASN1_CHOICE_TEST)
-} ASN1_SEQUENCE_END(TEST_ASN1_NEST1)
-
-IMPLEMENT_ASN1_FUNCTIONS(TEST_ASN1_NEST1)
-
-typedef struct {
-    ASN1_INTEGER* num;
-    DPP_BOOTSTRAPPING_KEY* key;
-    TEST_ASN1_NEST1* asn1_obj;
-} TEST_ASN1_NEST2;
-
-ASN1_SEQUENCE(TEST_ASN1_NEST2) = {
-    ASN1_SIMPLE(TEST_ASN1_NEST2, num, ASN1_INTEGER),
-    ASN1_SIMPLE(TEST_ASN1_NEST2, key, DPP_BOOTSTRAPPING_KEY),
-    ASN1_SIMPLE(TEST_ASN1_NEST2, asn1_obj, TEST_ASN1_NEST1)
-} ASN1_SEQUENCE_END(TEST_ASN1_NEST2)
-
-IMPLEMENT_ASN1_FUNCTIONS(TEST_ASN1_NEST2)
-/* End nested objects */
-
-typedef struct {
-    ASN1_INTEGER *integer;
-} TEST_ASN1;
-
-ASN1_SEQUENCE(TEST_ASN1) = {
-    ASN1_SIMPLE(TEST_ASN1, integer, ASN1_INTEGER),
-} ASN1_SEQUENCE_END(TEST_ASN1)
-
-IMPLEMENT_ASN1_FUNCTIONS(TEST_ASN1)
-
-typedef STACK_OF(ASN1_INTEGER) TEST_ASN1_ITEM;
-
-ASN1_ITEM_TEMPLATE(TEST_ASN1_ITEM) =
-        ASN1_EX_TEMPLATE_TYPE(ASN1_TFLG_SEQUENCE_OF, 0, MemName, ASN1_INTEGER)
-ASN1_ITEM_TEMPLATE_END(TEST_ASN1_ITEM)
-
-IMPLEMENT_ASN1_FUNCTIONS(TEST_ASN1_ITEM)
-#endif
-
-static int test_wolfSSL_IMPLEMENT_ASN1_FUNCTIONS(void)
-{
-    EXPECT_DECLS;
-    /* Testing code used in dpp.c in hostap */
-#if defined(OPENSSL_ALL) && defined(HAVE_ECC) && defined(USE_CERT_BUFFERS_256)
-#if !defined(HAVE_FIPS) || (defined(HAVE_FIPS_VERSION) && (HAVE_FIPS_VERSION>2))
-    EC_KEY *eckey = NULL;
-    EVP_PKEY *key = NULL;
-    size_t len = 0;
-    unsigned char *der = NULL;
-    unsigned char *der2 = NULL;
-    const unsigned char *tmp = NULL;
-    DPP_BOOTSTRAPPING_KEY *bootstrap = NULL, *bootstrap2 = NULL;
-    const unsigned char *in = ecc_clikey_der_256;
-    WOLFSSL_ASN1_OBJECT* ec_obj = NULL;
-    WOLFSSL_ASN1_OBJECT* group_obj = NULL;
-    const EC_GROUP *group = NULL;
-    const EC_POINT *point = NULL;
-    int nid;
-    TEST_ASN1 *test_asn1 = NULL;
-    TEST_ASN1 *test_asn1_2 = NULL;
-
-    const unsigned char badObjDer[] = { 0x06, 0x00 };
-    const unsigned char goodObjDer[] = {
-        0x06, 0x07, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x02, 0x01
-    };
-    WOLFSSL_ASN1_ITEM emptyTemplate;
-
-    XMEMSET(&emptyTemplate, 0, sizeof(WOLFSSL_ASN1_ITEM));
-
-    ExpectNotNull(bootstrap = DPP_BOOTSTRAPPING_KEY_new());
-
-    der = NULL;
-    ExpectIntEQ(i2d_DPP_BOOTSTRAPPING_KEY(NULL, &der), -1);
-    ExpectIntEQ(wolfSSL_ASN1_item_i2d(bootstrap, &der, NULL), -1);
-    ExpectIntEQ(i2d_DPP_BOOTSTRAPPING_KEY(bootstrap, &der), -1);
-
-    ExpectNotNull(key = d2i_PrivateKey(EVP_PKEY_EC, NULL, &in,
-                                       (long)sizeof_ecc_clikey_der_256));
-    ExpectNotNull(eckey = EVP_PKEY_get1_EC_KEY(key));
-    ExpectNotNull(group = EC_KEY_get0_group(eckey));
-    ExpectNotNull(point = EC_KEY_get0_public_key(eckey));
-    nid = EC_GROUP_get_curve_name(group);
-
-    ec_obj = OBJ_nid2obj(EVP_PKEY_EC);
-    group_obj = OBJ_nid2obj(nid);
-    if ((ec_obj != NULL) && (group_obj != NULL)) {
-        ExpectIntEQ(X509_ALGOR_set0(NULL, ec_obj, V_ASN1_OBJECT,
-            group_obj), 0);
-        ExpectIntEQ(X509_ALGOR_set0(bootstrap->alg, NULL, V_ASN1_OBJECT,
-            NULL), 1);
-        ExpectIntEQ(X509_ALGOR_set0(bootstrap->alg, ec_obj, V_ASN1_OBJECT,
-            group_obj), 1);
-        if (EXPECT_SUCCESS()) {
-            ec_obj = NULL;
-            group_obj = NULL;
-        }
-    }
-    wolfSSL_ASN1_OBJECT_free(group_obj);
-    wolfSSL_ASN1_OBJECT_free(ec_obj);
-    ExpectIntEQ(EC_POINT_point2oct(group, point, 0, NULL, 0, NULL), 0);
-#ifdef HAVE_COMP_KEY
-    ExpectIntGT((len = EC_POINT_point2oct(
-                                   group, point, POINT_CONVERSION_COMPRESSED,
-                                   NULL, 0, NULL)), 0);
-#else
-    ExpectIntGT((len = EC_POINT_point2oct(
-                                   group, point, POINT_CONVERSION_UNCOMPRESSED,
-                                   NULL, 0, NULL)), 0);
-#endif
-    ExpectNotNull(der = (unsigned char*)XMALLOC(len, NULL, DYNAMIC_TYPE_ASN1));
-#ifdef HAVE_COMP_KEY
-    ExpectIntEQ(EC_POINT_point2oct(group, point, POINT_CONVERSION_COMPRESSED,
-                                   der, len-1, NULL), 0);
-    ExpectIntEQ(EC_POINT_point2oct(group, point, POINT_CONVERSION_COMPRESSED,
-                                   der, len, NULL), len);
-#else
-    ExpectIntEQ(EC_POINT_point2oct(group, point, POINT_CONVERSION_UNCOMPRESSED,
-                                   der, len-1, NULL), 0);
-    ExpectIntEQ(EC_POINT_point2oct(group, point, POINT_CONVERSION_UNCOMPRESSED,
-                                   der, len, NULL), len);
-#endif
-    if (EXPECT_SUCCESS()) {
-        bootstrap->pub_key->data = der;
-        bootstrap->pub_key->length = (int)len;
-        /* Not actually used */
-        bootstrap->pub_key->flags &= ~(ASN1_STRING_FLAG_BITS_LEFT | 0x07);
-        bootstrap->pub_key->flags |= ASN1_STRING_FLAG_BITS_LEFT;
-    }
-
-    ExpectIntEQ(i2d_DPP_BOOTSTRAPPING_KEY(bootstrap, NULL), 16+len);
-    der = NULL;
-    ExpectIntEQ(i2d_DPP_BOOTSTRAPPING_KEY(bootstrap, &der), 16+len);
-    der2 = NULL;
-#ifdef WOLFSSL_ASN_TEMPLATE
-    tmp = der;
-    ExpectNotNull(d2i_DPP_BOOTSTRAPPING_KEY(&bootstrap2, &tmp, 16+len));
-    ExpectIntEQ(i2d_DPP_BOOTSTRAPPING_KEY(bootstrap2, &der2), 16+len);
-    ExpectBufEQ(der, der2, 49);
-#endif
-
-    XFREE(der, NULL, DYNAMIC_TYPE_ASN1);
-    XFREE(der2, NULL, DYNAMIC_TYPE_ASN1);
-    EVP_PKEY_free(key);
-    EC_KEY_free(eckey);
-    DPP_BOOTSTRAPPING_KEY_free(bootstrap);
-    DPP_BOOTSTRAPPING_KEY_free(bootstrap2);
-    bootstrap = NULL;
-    DPP_BOOTSTRAPPING_KEY_free(NULL);
-
-    /* Create bootstrap key with bad OBJECT_ID DER data, parameter that is
-     * a NULL and an empty BIT_STRING. */
-    ExpectNotNull(bootstrap = DPP_BOOTSTRAPPING_KEY_new());
-    ExpectNotNull(bootstrap->alg->algorithm = wolfSSL_ASN1_OBJECT_new());
-    if (EXPECT_SUCCESS()) {
-        bootstrap->alg->algorithm->obj = badObjDer;
-        bootstrap->alg->algorithm->objSz = (unsigned int)sizeof(badObjDer);
-    }
-    ExpectNotNull(bootstrap->alg->parameter = wolfSSL_ASN1_TYPE_new());
-    if (EXPECT_SUCCESS()) {
-        bootstrap->alg->parameter->type = V_ASN1_NULL;
-        bootstrap->alg->parameter->value.ptr = NULL;
-        bootstrap->pub_key->data = NULL;
-        bootstrap->pub_key->length = 0;
-        /* Not actually used */
-        bootstrap->pub_key->flags &= ~(ASN1_STRING_FLAG_BITS_LEFT | 0x07);
-        bootstrap->pub_key->flags |= ASN1_STRING_FLAG_BITS_LEFT;
-    }
-    /* Encode with bad OBJECT_ID. */
-    der = NULL;
-    ExpectIntEQ(i2d_DPP_BOOTSTRAPPING_KEY(bootstrap, &der), -1);
-
-    /* Fix OBJECT_ID and encode with empty BIT_STRING. */
-    if (EXPECT_SUCCESS()) {
-        bootstrap->alg->algorithm->obj = goodObjDer;
-        bootstrap->alg->algorithm->objSz = (unsigned int)sizeof(goodObjDer);
-        bootstrap->alg->algorithm->grp = 2;
-    }
-    der = NULL;
-    ExpectIntEQ(i2d_DPP_BOOTSTRAPPING_KEY(bootstrap, &der), 16);
-    ExpectIntEQ(wolfSSL_ASN1_item_i2d(bootstrap, &der, &emptyTemplate), -1);
-    XFREE(der, NULL, DYNAMIC_TYPE_ASN1);
-    DPP_BOOTSTRAPPING_KEY_free(bootstrap);
-
-    /* Test integer */
-    ExpectNotNull(test_asn1 = TEST_ASN1_new());
-    der = NULL;
-    ExpectIntEQ(ASN1_INTEGER_set(test_asn1->integer, 100), 1);
-    ExpectIntEQ(i2d_TEST_ASN1(test_asn1, &der), 5);
-    tmp = der;
-    ExpectNotNull(d2i_TEST_ASN1(&test_asn1_2, &tmp, 5));
-    der2 = NULL;
-    ExpectIntEQ(i2d_TEST_ASN1(test_asn1_2, &der2), 5);
-    ExpectBufEQ(der, der2, 5);
-    XFREE(der, NULL, DYNAMIC_TYPE_ASN1);
-    XFREE(der2, NULL, DYNAMIC_TYPE_ASN1);
-    TEST_ASN1_free(test_asn1);
-    TEST_ASN1_free(test_asn1_2);
-
-    /* Test integer cases. */
-    ExpectNull(wolfSSL_ASN1_item_new(NULL));
-    TEST_ASN1_free(NULL);
-
-    /* Test nested asn1 objects */
-    {
-        TEST_ASN1_NEST2 *nested_asn1 = NULL;
-        TEST_ASN1_NEST2 *nested_asn1_2 = NULL;
-        int i;
-
-        ExpectNotNull(nested_asn1 = TEST_ASN1_NEST2_new());
-        /* Populate nested_asn1 with some random data */
-        /* nested_asn1->num */
-        ExpectIntEQ(ASN1_INTEGER_set(nested_asn1->num, 30003), 1);
-        /* nested_asn1->key */
-        ec_obj = OBJ_nid2obj(EVP_PKEY_EC);
-        group_obj = OBJ_nid2obj(NID_secp256k1);
-        ExpectIntEQ(X509_ALGOR_set0(nested_asn1->key->alg, ec_obj,
-                V_ASN1_OBJECT, group_obj), 1);
-        if (EXPECT_SUCCESS()) {
-            ec_obj = NULL;
-            group_obj = NULL;
-        }
-        else {
-            wolfSSL_ASN1_OBJECT_free(ec_obj);
-            wolfSSL_ASN1_OBJECT_free(group_obj);
-        }
-        ExpectIntEQ(ASN1_BIT_STRING_set_bit(nested_asn1->key->pub_key, 50, 1),
-                1);
-        /* nested_asn1->asn1_obj->key */
-        ec_obj = OBJ_nid2obj(EVP_PKEY_EC);
-        group_obj = OBJ_nid2obj(NID_secp256k1);
-        ExpectIntEQ(X509_ALGOR_set0(nested_asn1->asn1_obj->key->alg, ec_obj,
-                V_ASN1_OBJECT, group_obj), 1);
-        if (EXPECT_SUCCESS()) {
-            ec_obj = NULL;
-            group_obj = NULL;
-        }
-        else {
-            wolfSSL_ASN1_OBJECT_free(ec_obj);
-            wolfSSL_ASN1_OBJECT_free(group_obj);
-        }
-        ExpectIntEQ(ASN1_BIT_STRING_set_bit(nested_asn1->asn1_obj->key->pub_key,
-                500, 1), 1);
-        /* nested_asn1->asn1_obj->asnNum */
-        ExpectIntEQ(ASN1_INTEGER_set(nested_asn1->asn1_obj->asnNum, 666666), 1);
-        /* nested_asn1->asn1_obj->expNum */
-        ExpectIntEQ(ASN1_INTEGER_set(nested_asn1->asn1_obj->expNum, 22222), 1);
-        /* nested_asn1->asn1_obj->strList */
-        for (i = 10; i >= 0; i--) {
-            ASN1_GENERALSTRING* genStr = NULL;
-            char fmtStr[20];
-
-            ExpectIntGT(snprintf(fmtStr, sizeof(fmtStr), "Bonjour #%d", i), 0);
-            ExpectNotNull(genStr = ASN1_GENERALSTRING_new());
-            ExpectIntEQ(ASN1_GENERALSTRING_set(genStr, fmtStr, -1), 1);
-            ExpectIntGT(
-                    sk_ASN1_GENERALSTRING_push(nested_asn1->asn1_obj->strList,
-                            genStr), 0);
-            if (EXPECT_FAIL()) {
-                ASN1_GENERALSTRING_free(genStr);
-            }
-        }
-        /* nested_asn1->asn1_obj->str */
-        ExpectNotNull(nested_asn1->asn1_obj->str->d.str2
-                = ASN1_BIT_STRING_new());
-        ExpectIntEQ(ASN1_BIT_STRING_set_bit(nested_asn1->asn1_obj->str->d.str2,
-                150, 1), 1);
-        if (nested_asn1 != NULL) {
-            nested_asn1->asn1_obj->str->type = 2;
-        }
-
-        der = NULL;
-        ExpectIntEQ(i2d_TEST_ASN1_NEST2(nested_asn1, &der), 285);
-#ifdef WOLFSSL_ASN_TEMPLATE
-        tmp = der;
-        ExpectNotNull(d2i_TEST_ASN1_NEST2(&nested_asn1_2, &tmp, 285));
-        der2 = NULL;
-        ExpectIntEQ(i2d_TEST_ASN1_NEST2(nested_asn1_2, &der2), 285);
-        ExpectBufEQ(der, der2, 285);
-        XFREE(der2, NULL, DYNAMIC_TYPE_ASN1);
-#endif
-        XFREE(der, NULL, DYNAMIC_TYPE_ASN1);
-
-        TEST_ASN1_NEST2_free(nested_asn1);
-        TEST_ASN1_NEST2_free(nested_asn1_2);
-    }
-
-    /* Test ASN1_ITEM_TEMPLATE */
-    {
-        TEST_ASN1_ITEM* asn1_item = NULL;
-        TEST_ASN1_ITEM* asn1_item2 = NULL;
-        int i;
-
-        ExpectNotNull(asn1_item = TEST_ASN1_ITEM_new());
-        for (i = 0; i < 11; i++) {
-            ASN1_INTEGER* asn1_num = NULL;
-
-            ExpectNotNull(asn1_num = ASN1_INTEGER_new());
-            ExpectIntEQ(ASN1_INTEGER_set(asn1_num, i), 1);
-            ExpectIntGT(wolfSSL_sk_insert(asn1_item, asn1_num, -1), 0);
-            if (EXPECT_FAIL()) {
-                ASN1_INTEGER_free(asn1_num);
-            }
-        }
-
-        der = NULL;
-        ExpectIntEQ(i2d_TEST_ASN1_ITEM(asn1_item, &der), 35);
-        tmp = der;
-        ExpectNotNull(d2i_TEST_ASN1_ITEM(&asn1_item2, &tmp, 35));
-        der2 = NULL;
-        ExpectIntEQ(i2d_TEST_ASN1_ITEM(asn1_item2, &der2), 35);
-        ExpectBufEQ(der, der2, 35);
-        XFREE(der, NULL, DYNAMIC_TYPE_ASN1);
-        XFREE(der2, NULL, DYNAMIC_TYPE_ASN1);
-
-        TEST_ASN1_ITEM_free(asn1_item);
-        TEST_ASN1_ITEM_free(asn1_item2);
-    }
-
-#endif /* !HAVE_FIPS || HAVE_FIPS_VERSION > 2 */
-#endif /* OPENSSL_ALL && HAVE_ECC && USE_CERT_BUFFERS_256 */
-    return EXPECT_RESULT();
-}
-
-static int test_wolfSSL_i2d_ASN1_TYPE(void)
-{
-    EXPECT_DECLS;
-#if defined(OPENSSL_EXTRA)
-    /* Taken from one of sssd's certs othernames */
-    unsigned char str_bin[] = {
-        0x04, 0x10, 0xa4, 0x9b, 0xc8, 0xf4, 0x85, 0x8e, 0x89, 0x4d, 0x85, 0x8d,
-        0x27, 0xbd, 0x63, 0xaa, 0x93, 0x93
-    };
-    ASN1_TYPE* asn1type = NULL;
-    unsigned char* der = NULL;
-
-    /* Create ASN1_TYPE manually as we don't have a d2i version yet */
-    {
-        ASN1_STRING* str = NULL;
-        ExpectNotNull(str = ASN1_STRING_type_new(V_ASN1_SEQUENCE));
-        ExpectIntEQ(ASN1_STRING_set(str, str_bin, sizeof(str_bin)), 1);
-        ExpectNotNull(asn1type = ASN1_TYPE_new());
-        if (asn1type != NULL) {
-            ASN1_TYPE_set(asn1type, V_ASN1_SEQUENCE, str);
-        }
-        else {
-            ASN1_STRING_free(str);
-        }
-    }
-
-    ExpectIntEQ(i2d_ASN1_TYPE(asn1type, NULL), sizeof(str_bin));
-    ExpectIntEQ(i2d_ASN1_TYPE(asn1type, &der), sizeof(str_bin));
-    ExpectBufEQ(der, str_bin, sizeof(str_bin));
-
-    ASN1_TYPE_free(asn1type);
-    XFREE(der, NULL, DYNAMIC_TYPE_ASN1);
-#endif
-    return EXPECT_RESULT();
-}
-
-static int test_wolfSSL_i2d_ASN1_SEQUENCE(void)
-{
-    EXPECT_DECLS;
-#if defined(OPENSSL_EXTRA)
-    /* Taken from one of sssd's certs othernames */
-    unsigned char str_bin[] = {
-      0x04, 0x10, 0xa4, 0x9b, 0xc8, 0xf4, 0x85, 0x8e, 0x89, 0x4d, 0x85, 0x8d,
-      0x27, 0xbd, 0x63, 0xaa, 0x93, 0x93
-    };
-    ASN1_STRING* str = NULL;
-    unsigned char* der = NULL;
-
-    ExpectNotNull(str = ASN1_STRING_type_new(V_ASN1_SEQUENCE));
-    ExpectIntEQ(ASN1_STRING_set(str, str_bin, sizeof(str_bin)), 1);
-    ExpectIntEQ(i2d_ASN1_SEQUENCE(str, NULL), sizeof(str_bin));
-    ExpectIntEQ(i2d_ASN1_SEQUENCE(str, &der), sizeof(str_bin));
-
-    ASN1_STRING_free(str);
-    XFREE(der, NULL, DYNAMIC_TYPE_ASN1);
-#endif
-    return EXPECT_RESULT();
-}
-
-static int test_ASN1_strings(void)
-{
-    EXPECT_DECLS;
-#if defined(OPENSSL_EXTRA)
-    char text[] = "\0\0test string";
-    unsigned char* der = NULL;
-    ASN1_STRING* str = NULL;
-
-    /* Set the length byte */
-    text[1] = XSTRLEN(text + 2);
-
-    /* GENERALSTRING */
-    {
-        const unsigned char* p = (const unsigned char*)text;
-        text[0] = ASN_GENERALSTRING;
-        ExpectNotNull(d2i_ASN1_GENERALSTRING(&str, &p, sizeof(text)));
-        ExpectIntEQ(i2d_ASN1_GENERALSTRING(str, &der), 13);
-        ASN1_STRING_free(str);
-        str = NULL;
-        XFREE(der, NULL, DYNAMIC_TYPE_ASN1);
-        der = NULL;
-    }
-
-    /* OCTET_STRING */
-    {
-        const unsigned char* p = (const unsigned char*)text;
-        text[0] = ASN_OCTET_STRING;
-        ExpectNotNull(d2i_ASN1_OCTET_STRING(&str, &p, sizeof(text)));
-        ExpectIntEQ(i2d_ASN1_OCTET_STRING(str, &der), 13);
-        ASN1_STRING_free(str);
-        str = NULL;
-        XFREE(der, NULL, DYNAMIC_TYPE_ASN1);
-        der = NULL;
-    }
-
-    /* UTF8STRING */
-    {
-        const unsigned char* p = (const unsigned char*)text;
-        text[0] = ASN_UTF8STRING;
-        ExpectNotNull(d2i_ASN1_UTF8STRING(&str, &p, sizeof(text)));
-        ExpectIntEQ(i2d_ASN1_UTF8STRING(str, &der), 13);
-        ASN1_STRING_free(str);
-        str = NULL;
-        XFREE(der, NULL, DYNAMIC_TYPE_ASN1);
-        der = NULL;
-    }
-
-#endif
-    return EXPECT_RESULT();
-}
-
 static int test_wolfSSL_lhash(void)
 {
     EXPECT_DECLS;
@@ -24008,7 +17031,8 @@ static int test_wolfSSL_X509_check_private_key(void)
 {
     EXPECT_DECLS;
 #if defined(OPENSSL_EXTRA) && !defined(NO_CERTS) && !defined(NO_RSA) && \
-        defined(USE_CERT_BUFFERS_2048) && !defined(NO_CHECK_PRIVATE_KEY)
+        defined(USE_CERT_BUFFERS_2048) && !defined(NO_CHECK_PRIVATE_KEY) && \
+        !defined(NO_FILESYSTEM)
     X509*  x509 = NULL;
     EVP_PKEY* pkey = NULL;
     const byte* key;
@@ -25477,60 +18501,6 @@ static int test_wolfSSL_PEM_PUBKEY(void)
 
 #endif /* !NO_BIO */
 
-static int test_DSA_do_sign_verify(void)
-{
-    EXPECT_DECLS;
-#if !defined(HAVE_SELFTEST) && !defined(HAVE_FIPS)
-#if defined(OPENSSL_EXTRA) && !defined(NO_FILESYSTEM) && \
-    !defined(NO_DSA)
-    unsigned char digest[WC_SHA_DIGEST_SIZE];
-    DSA_SIG* sig = NULL;
-    DSA* dsa = NULL;
-    word32  bytes;
-    byte sigBin[DSA_SIG_SIZE];
-    int dsacheck;
-
-#ifdef USE_CERT_BUFFERS_1024
-    byte    tmp[ONEK_BUF];
-
-    XMEMSET(tmp, 0, sizeof(tmp));
-    XMEMCPY(tmp, dsa_key_der_1024, sizeof_dsa_key_der_1024);
-    bytes = sizeof_dsa_key_der_1024;
-#elif defined(USE_CERT_BUFFERS_2048)
-    byte    tmp[TWOK_BUF];
-
-    XMEMSET(tmp, 0, sizeof(tmp));
-    XMEMCPY(tmp, dsa_key_der_2048, sizeof_dsa_key_der_2048);
-    bytes = sizeof_dsa_key_der_2048;
-#else
-    byte    tmp[TWOK_BUF];
-    XFILE   fp = XBADFILE;
-
-    XMEMSET(tmp, 0, sizeof(tmp));
-    ExpectTrue((fp = XFOPEN("./certs/dsa2048.der", "rb") != XBADFILE);
-    ExpectIntGT(bytes = (word32) XFREAD(tmp, 1, sizeof(tmp), fp), 0);
-    if (fp != XBADFILE)
-        XFCLOSE(fp);
-#endif /* END USE_CERT_BUFFERS_1024 */
-
-    XMEMSET(digest, 202, sizeof(digest));
-
-    ExpectNotNull(dsa = DSA_new());
-    ExpectIntEQ(DSA_LoadDer(dsa, tmp, (int)bytes), 1);
-
-    ExpectIntEQ(wolfSSL_DSA_do_sign(digest, sigBin, dsa), 1);
-    ExpectIntEQ(wolfSSL_DSA_do_verify(digest, sigBin, dsa, &dsacheck), 1);
-
-    ExpectNotNull(sig = DSA_do_sign(digest, WC_SHA_DIGEST_SIZE, dsa));
-    ExpectIntEQ(DSA_do_verify(digest, WC_SHA_DIGEST_SIZE, sig, dsa), 1);
-
-    DSA_SIG_free(sig);
-    DSA_free(dsa);
-#endif
-#endif /* !HAVE_SELFTEST && !HAVE_FIPS */
-    return EXPECT_RESULT();
-}
-
 static int test_wolfSSL_tmp_dh(void)
 {
     EXPECT_DECLS;
@@ -27052,7 +20022,7 @@ static int test_wolfSSL_X509_STORE_CTX_trusted_stack_cleanup(void)
 static int test_wolfSSL_X509_STORE_CTX_get_issuer(void)
 {
     EXPECT_DECLS;
-#if defined(OPENSSL_EXTRA) && !defined(NO_RSA)
+#if defined(OPENSSL_EXTRA) && !defined(NO_RSA) && !defined(NO_FILESYSTEM)
     X509_STORE_CTX* ctx = NULL;
     X509_STORE* str = NULL;
     X509* x509Ca = NULL;
@@ -27658,6 +20628,50 @@ static int test_wolfSSL_X509_STORE_CTX_ex11(X509_STORE_test_data *testData)
     X509_STORE_free(store);
     return EXPECT_RESULT();
 }
+
+static int test_wolfSSL_X509_STORE_CTX_ex12(void)
+{
+    EXPECT_DECLS;
+#ifdef HAVE_ECC
+    X509_STORE* store = NULL;
+    X509_STORE_CTX* ctx = NULL;
+    STACK_OF(X509)* chain = NULL;
+    X509* rootEccX509 = NULL;
+    X509* badAkiX509 = NULL;
+    X509* ca1X509 = NULL;
+
+    const char* intCARootECCFile    = "./certs/ca-ecc-cert.pem";
+    const char* intCA1ECCFile       = "./certs/intermediate/ca-int-ecc-cert.pem";
+    const char* intCABadAKIECCFile = "./certs/intermediate/ca-ecc-bad-aki.pem";
+
+    /* Test case 12, multiple CAs with the same SKI including 1 with intentionally
+       bad/unregistered AKI.  x509_verify_cert should still form a valid chain
+       using the valid CA, ignoring the bad CA. Developed from customer provided
+       reproducer. */
+
+    ExpectNotNull(store = X509_STORE_new());
+    ExpectNotNull(rootEccX509 = test_wolfSSL_X509_STORE_CTX_ex_helper(intCARootECCFile));
+    ExpectIntEQ(X509_STORE_add_cert(store, rootEccX509), 1);
+    ExpectNotNull(badAkiX509 = test_wolfSSL_X509_STORE_CTX_ex_helper(intCABadAKIECCFile));
+    ExpectNotNull(ctx = X509_STORE_CTX_new());
+    ExpectIntEQ(X509_STORE_CTX_init(ctx, store, badAkiX509, NULL), 1);
+    ExpectIntEQ(X509_verify_cert(ctx), 0);
+    X509_STORE_CTX_cleanup(ctx);
+
+    ExpectIntEQ(X509_STORE_add_cert(store, badAkiX509), 1);
+    ExpectNotNull(ca1X509 = test_wolfSSL_X509_STORE_CTX_ex_helper(intCA1ECCFile));
+    ExpectIntEQ(X509_STORE_CTX_init(ctx, store, ca1X509, NULL), 1);
+    ExpectIntEQ(X509_verify_cert(ctx), 1);
+    ExpectNotNull(chain = X509_STORE_CTX_get_chain(ctx));
+
+    X509_STORE_CTX_free(ctx);
+    X509_STORE_free(store);
+    X509_free(rootEccX509);
+    X509_free(badAkiX509);
+    X509_free(ca1X509);
+#endif
+    return EXPECT_RESULT();
+}
 #endif
 
 static int test_wolfSSL_X509_STORE_CTX_ex(void)
@@ -27697,6 +20711,7 @@ static int test_wolfSSL_X509_STORE_CTX_ex(void)
     ExpectIntEQ(test_wolfSSL_X509_STORE_CTX_ex9(&testData), 1);
     ExpectIntEQ(test_wolfSSL_X509_STORE_CTX_ex10(&testData), 1);
     ExpectIntEQ(test_wolfSSL_X509_STORE_CTX_ex11(&testData), 1);
+    test_wolfSSL_X509_STORE_CTX_ex12();
 
     if(testData.x509Ca) {
         X509_free(testData.x509Ca);
@@ -27721,7 +20736,7 @@ static int test_wolfSSL_X509_STORE_CTX_ex(void)
 }
 
 
-#if defined(OPENSSL_EXTRA) && !defined(NO_RSA)
+#if defined(OPENSSL_EXTRA) && !defined(NO_RSA) && !defined(NO_FILESYSTEM)
 static int test_X509_STORE_untrusted_load_cert_to_stack(const char* filename,
         STACK_OF(X509)* chain)
 {
@@ -27860,7 +20875,7 @@ static int test_X509_STORE_untrusted_certs(const char** filenames, int ret,
 static int test_X509_STORE_untrusted(void)
 {
     EXPECT_DECLS;
-#if defined(OPENSSL_EXTRA) && !defined(NO_RSA)
+#if defined(OPENSSL_EXTRA) && !defined(NO_RSA) && !defined(NO_FILESYSTEM)
     const char* untrusted1[] = {
         "./certs/intermediate/ca-int2-cert.pem",
         NULL
@@ -28043,7 +21058,8 @@ static int test_wolfSSL_get0_param(void)
 {
     EXPECT_DECLS;
 #if defined(OPENSSL_EXTRA) && !defined(NO_RSA) && !defined(NO_TLS) && \
-    (!defined(NO_WOLFSSL_CLIENT) || !defined(NO_WOLFSSL_SERVER))
+    (!defined(NO_WOLFSSL_CLIENT) || !defined(NO_WOLFSSL_SERVER)) && \
+    !defined(NO_FILESYSTEM)
     SSL_CTX* ctx = NULL;
     SSL*     ssl = NULL;
 
@@ -28098,7 +21114,8 @@ static int test_wolfSSL_set1_host(void)
 {
     EXPECT_DECLS;
 #if defined(OPENSSL_EXTRA) && !defined(NO_RSA) && !defined(NO_TLS) && \
-    (!defined(NO_WOLFSSL_CLIENT) || !defined(NO_WOLFSSL_SERVER))
+    (!defined(NO_WOLFSSL_CLIENT) || !defined(NO_WOLFSSL_SERVER)) && \
+    !defined(NO_FILESYSTEM)
     const char host[] = "www.test_wolfSSL_set1_host.com";
     const char emptyStr[] = "";
     SSL_CTX*   ctx = NULL;
@@ -28142,7 +21159,7 @@ static int test_wolfSSL_set1_host(void)
 static int test_wolfSSL_X509_VERIFY_PARAM_set1_ip(void)
 {
     EXPECT_DECLS;
-#if defined(OPENSSL_EXTRA)
+#if defined(OPENSSL_EXTRA) && !defined(NO_FILESYSTEM)
     unsigned char buf[16] = {0};
     WOLFSSL_X509_VERIFY_PARAM* param = NULL;
 
@@ -28445,7 +21462,7 @@ static int test_wolfSSL_CTX_add_client_CA(void)
     EXPECT_DECLS;
 #if !defined(WOLFSSL_NO_CA_NAMES) && defined(OPENSSL_EXTRA) && \
     !defined(NO_RSA) && !defined(NO_CERTS) && \
-    !defined(NO_TLS) && !defined(NO_WOLFSSL_CLIENT)
+    !defined(NO_TLS) && !defined(NO_WOLFSSL_CLIENT) && !defined(NO_FILESYSTEM)
     WOLFSSL_CTX* ctx = NULL;
     WOLFSSL_X509* x509 = NULL;
     WOLFSSL_X509* x509_a = NULL;
@@ -29171,7 +22188,8 @@ static int test_wolfSSL_CTX_set_srp_password(void)
 static int test_wolfSSL_X509_STORE(void)
 {
     EXPECT_DECLS;
-#if defined(OPENSSL_EXTRA) && !defined(NO_RSA) && !defined(NO_TLS)
+#if defined(OPENSSL_EXTRA) && !defined(NO_RSA) && !defined(NO_TLS) && \
+    !defined(NO_FILESYSTEM)
     X509_STORE *store = NULL;
 
 #ifdef HAVE_CRL
@@ -29239,7 +22257,7 @@ static int test_wolfSSL_X509_STORE(void)
 
 
 
-#ifndef WOLFCRYPT_ONLY
+#if !defined(WOLFCRYPT_ONLY) && !defined(NO_FILESYSTEM)
     {
     #if !defined(NO_WOLFSSL_CLIENT) || !defined(NO_WOLFSSL_SERVER)
         SSL_CTX* ctx = NULL;
@@ -29484,1057 +22502,6 @@ static int test_X509_STORE_get0_objects(void)
     return EXPECT_RESULT();
 }
 
-static int test_wolfSSL_BN_CTX(void)
-{
-    EXPECT_DECLS;
-#if defined(OPENSSL_EXTRA) && !defined(NO_ASN) && \
-    !defined(OPENSSL_EXTRA_NO_BN) && !defined(WOLFSSL_SP_MATH)
-    WOLFSSL_BN_CTX* bn_ctx = NULL;
-
-    ExpectNotNull(bn_ctx = BN_CTX_new());
-
-    ExpectNull(BN_CTX_get(NULL));
-    ExpectNotNull(BN_CTX_get(bn_ctx));
-    ExpectNotNull(BN_CTX_get(bn_ctx));
-    ExpectNotNull(BN_CTX_get(bn_ctx));
-    ExpectNotNull(BN_CTX_get(bn_ctx));
-    ExpectNotNull(BN_CTX_get(bn_ctx));
-    ExpectNotNull(BN_CTX_get(bn_ctx));
-
-#ifndef NO_WOLFSSL_STUB
-    /* No implementation. */
-    BN_CTX_start(NULL);
-    BN_CTX_start(bn_ctx);
-    BN_CTX_init(NULL);
-#endif
-
-    BN_CTX_free(NULL);
-    BN_CTX_free(bn_ctx);
-#endif /* defined(OPENSSL_EXTRA) && !defined(NO_ASN) */
-    return EXPECT_RESULT();
-}
-
-static int test_wolfSSL_BN(void)
-{
-    EXPECT_DECLS;
-#if defined(OPENSSL_EXTRA) && !defined(NO_ASN) && \
-    !defined(OPENSSL_EXTRA_NO_BN) && !defined(WOLFSSL_SP_MATH)
-    BIGNUM* a = NULL;
-    BIGNUM* b = NULL;
-    BIGNUM* c = NULL;
-    BIGNUM* d = NULL;
-    BIGNUM emptyBN;
-
-    /* Setup */
-    XMEMSET(&emptyBN, 0, sizeof(emptyBN));
-    /* internal not set emptyBN. */
-
-    ExpectNotNull(a = BN_new());
-    ExpectNotNull(b = BN_new());
-    ExpectNotNull(c = BN_dup(b));
-    ExpectNotNull(d = BN_new());
-
-    /* Invalid parameter testing. */
-    BN_free(NULL);
-    ExpectNull(BN_dup(NULL));
-    ExpectNull(BN_dup(&emptyBN));
-
-    ExpectNull(BN_copy(NULL, NULL));
-    ExpectNull(BN_copy(b, NULL));
-    ExpectNull(BN_copy(NULL, c));
-    ExpectNull(BN_copy(b, &emptyBN));
-    ExpectNull(BN_copy(&emptyBN, c));
-
-    BN_clear(NULL);
-    BN_clear(&emptyBN);
-
-    ExpectIntEQ(BN_num_bytes(NULL), 0);
-    ExpectIntEQ(BN_num_bytes(&emptyBN), 0);
-
-    ExpectIntEQ(BN_num_bits(NULL), 0);
-    ExpectIntEQ(BN_num_bits(&emptyBN), 0);
-
-    ExpectIntEQ(BN_is_negative(NULL), 0);
-    ExpectIntEQ(BN_is_negative(&emptyBN), 0);
-    /* END Invalid Parameters */
-
-    ExpectIntEQ(BN_set_word(a, 3), SSL_SUCCESS);
-    ExpectIntEQ(BN_set_word(b, 2), SSL_SUCCESS);
-    ExpectIntEQ(BN_set_word(c, 5), SSL_SUCCESS);
-
-    ExpectIntEQ(BN_num_bits(a), 2);
-    ExpectIntEQ(BN_num_bytes(a), 1);
-
-#if !defined(WOLFSSL_SP_MATH) && (!defined(WOLFSSL_SP_MATH_ALL) || \
-                                               defined(WOLFSSL_SP_INT_NEGATIVE))
-    ExpectIntEQ(BN_set_word(a, 1), SSL_SUCCESS);
-    ExpectIntEQ(BN_set_word(b, 5), SSL_SUCCESS);
-    ExpectIntEQ(BN_is_word(a, (WOLFSSL_BN_ULONG)BN_get_word(a)), SSL_SUCCESS);
-    ExpectIntEQ(BN_is_word(a, 3), WC_NO_ERR_TRACE(WOLFSSL_FAILURE));
-    ExpectIntEQ(BN_sub(c, a, b), SSL_SUCCESS);
-#if defined(WOLFSSL_KEY_GEN) || defined(HAVE_COMP_KEY)
-    {
-        /* Do additional tests on negative BN conversions. */
-        char*         ret = NULL;
-        ASN1_INTEGER* asn1 = NULL;
-        BIGNUM*       tmp = NULL;
-
-        /* Sanity check we have a negative BN. */
-        ExpectIntEQ(BN_is_negative(c), 1);
-        ExpectNotNull(ret = BN_bn2dec(c));
-        ExpectIntEQ(XMEMCMP(ret, "-4", sizeof("-4")), 0);
-        XFREE(ret, NULL, DYNAMIC_TYPE_OPENSSL);
-        ret = NULL;
-
-        /* Convert to ASN1_INTEGER and back to BN. */
-        ExpectNotNull(asn1 = BN_to_ASN1_INTEGER(c, NULL));
-        ExpectNotNull(tmp = ASN1_INTEGER_to_BN(asn1, NULL));
-
-        /* After converting back BN should be negative and correct. */
-        ExpectIntEQ(BN_is_negative(tmp), 1);
-        ExpectNotNull(ret = BN_bn2dec(tmp));
-        ExpectIntEQ(XMEMCMP(ret, "-4", sizeof("-4")), 0);
-        XFREE(ret, NULL, DYNAMIC_TYPE_OPENSSL);
-        ASN1_INTEGER_free(asn1);
-        BN_free(tmp);
-    }
-#endif
-    ExpectIntEQ(BN_get_word(c), 4);
-#endif
-
-    ExpectIntEQ(BN_set_word(a, 3), 1);
-    ExpectIntEQ(BN_set_word(b, 3), 1);
-    ExpectIntEQ(BN_set_word(c, 4), 1);
-
-    /* NULL == NULL, NULL < num, num > NULL */
-    ExpectIntEQ(BN_cmp(NULL, NULL), 0);
-    ExpectIntEQ(BN_cmp(&emptyBN, &emptyBN), 0);
-    ExpectIntLT(BN_cmp(NULL, b), 0);
-    ExpectIntLT(BN_cmp(&emptyBN, b), 0);
-    ExpectIntGT(BN_cmp(a, NULL), 0);
-    ExpectIntGT(BN_cmp(a, &emptyBN), 0);
-
-    ExpectIntEQ(BN_cmp(a, b), 0);
-    ExpectIntLT(BN_cmp(a, c), 0);
-    ExpectIntGT(BN_cmp(c, b), 0);
-
-#if !defined(NO_FILESYSTEM) && !defined(NO_STDIO_FILESYSTEM)
-    ExpectIntEQ(BN_print_fp(XBADFILE, NULL), 0);
-    ExpectIntEQ(BN_print_fp(XBADFILE, &emptyBN), 0);
-    ExpectIntEQ(BN_print_fp(stderr, NULL), 0);
-    ExpectIntEQ(BN_print_fp(stderr, &emptyBN), 0);
-    ExpectIntEQ(BN_print_fp(XBADFILE, a), 0);
-
-    ExpectIntEQ(BN_print_fp(stderr, a), 1);
-#endif
-
-    BN_clear(a);
-
-    BN_free(a);
-    BN_free(b);
-    BN_free(c);
-    BN_clear_free(d);
-#endif /* defined(OPENSSL_EXTRA) && !defined(NO_ASN) */
-    return EXPECT_RESULT();
-}
-
-static int test_wolfSSL_BN_init(void)
-{
-    EXPECT_DECLS;
-#if defined(OPENSSL_EXTRA) && !defined(NO_ASN) && \
-    !defined(OPENSSL_EXTRA_NO_BN) && !defined(WOLFSSL_SP_MATH)
-#if !defined(USE_INTEGER_HEAP_MATH) && !defined(HAVE_WOLF_BIGINT)
-    BIGNUM* ap = NULL;
-    BIGNUM bv;
-    BIGNUM cv;
-    BIGNUM dv;
-
-    ExpectNotNull(ap = BN_new());
-
-    BN_init(NULL);
-    XMEMSET(&bv, 0, sizeof(bv));
-    ExpectNull(BN_dup(&bv));
-
-    BN_init(&bv);
-    BN_init(&cv);
-    BN_init(&dv);
-
-    ExpectIntEQ(BN_set_word(ap, 3), SSL_SUCCESS);
-    ExpectIntEQ(BN_set_word(&bv, 2), SSL_SUCCESS);
-    ExpectIntEQ(BN_set_word(&cv, 5), SSL_SUCCESS);
-
-    /* a^b mod c = */
-    ExpectIntEQ(BN_mod_exp(&dv, NULL, &bv, &cv, NULL), WC_NO_ERR_TRACE(WOLFSSL_FAILURE));
-    ExpectIntEQ(BN_mod_exp(&dv, ap, &bv, &cv, NULL), WOLFSSL_SUCCESS);
-
-    /* check result  3^2 mod 5 */
-    ExpectIntEQ(BN_get_word(&dv), 4);
-
-    /* a*b mod c = */
-    ExpectIntEQ(BN_mod_mul(&dv, NULL, &bv, &cv, NULL), WC_NO_ERR_TRACE(WOLFSSL_FAILURE));
-    ExpectIntEQ(BN_mod_mul(&dv, ap, &bv, &cv, NULL), SSL_SUCCESS);
-
-    /* check result  3*2 mod 5 */
-    ExpectIntEQ(BN_get_word(&dv), 1);
-
-    {
-        BN_MONT_CTX* montCtx = NULL;
-        ExpectNotNull(montCtx = BN_MONT_CTX_new());
-
-        ExpectIntEQ(BN_MONT_CTX_set(montCtx, &cv, NULL), SSL_SUCCESS);
-        ExpectIntEQ(BN_set_word(&bv, 2), SSL_SUCCESS);
-        ExpectIntEQ(BN_set_word(&cv, 5), SSL_SUCCESS);
-        ExpectIntEQ(BN_mod_exp_mont_word(&dv, 3, &bv, &cv, NULL, NULL),
-                    WOLFSSL_SUCCESS);
-        /* check result  3^2 mod 5 */
-        ExpectIntEQ(BN_get_word(&dv), 4);
-
-        BN_MONT_CTX_free(montCtx);
-    }
-
-    BN_free(ap);
-#endif
-#endif /* defined(OPENSSL_EXTRA) && !defined(NO_ASN) */
-    return EXPECT_RESULT();
-}
-
-static int test_wolfSSL_BN_enc_dec(void)
-{
-    EXPECT_DECLS;
-#if defined(OPENSSL_EXTRA) && !defined(NO_ASN) && !defined(WOLFSSL_SP_MATH)
-    BIGNUM* a = NULL;
-    BIGNUM* b = NULL;
-    BIGNUM* c = NULL;
-    BIGNUM emptyBN;
-    char* str = NULL;
-    const char* emptyStr = "";
-    const char* numberStr = "12345";
-    const char* badStr = "g12345";
-#if defined(WOLFSSL_KEY_GEN) || defined(HAVE_COMP_KEY)
-    const char* twoStr = "2";
-#endif
-    unsigned char binNum[] = { 0x01, 0x02, 0x03, 0x04, 0x05 };
-    unsigned char outNum[5];
-
-    /* Setup */
-    XMEMSET(&emptyBN, 0, sizeof(emptyBN));
-    ExpectNotNull(a = BN_new());
-    ExpectNotNull(b = BN_new());
-
-    /* Invalid parameters */
-    ExpectIntEQ(BN_bn2bin(NULL, NULL), -1);
-    ExpectIntEQ(BN_bn2bin(&emptyBN, NULL), -1);
-    ExpectIntEQ(BN_bn2bin(NULL, outNum), -1);
-    ExpectIntEQ(BN_bn2bin(&emptyBN, outNum), -1);
-    ExpectNull(BN_bn2hex(NULL));
-    ExpectNull(BN_bn2hex(&emptyBN));
-    ExpectNull(BN_bn2dec(NULL));
-    ExpectNull(BN_bn2dec(&emptyBN));
-
-    ExpectNotNull(c = BN_bin2bn(NULL, 0, NULL));
-    BN_clear(c);
-    BN_free(c);
-    c = NULL;
-
-    ExpectNotNull(BN_bin2bn(NULL, sizeof(binNum), a));
-    BN_free(a);
-    a = NULL;
-    ExpectNotNull(a = BN_new());
-    ExpectIntEQ(BN_set_word(a, 2), 1);
-    ExpectNull(BN_bin2bn(binNum, -1, a));
-    ExpectNull(BN_bin2bn(binNum, -1, NULL));
-    ExpectNull(BN_bin2bn(binNum, sizeof(binNum), &emptyBN));
-
-    ExpectIntEQ(BN_hex2bn(NULL, NULL), 0);
-    ExpectIntEQ(BN_hex2bn(NULL, numberStr), 0);
-    ExpectIntEQ(BN_hex2bn(&a, NULL), 0);
-    ExpectIntEQ(BN_hex2bn(&a, emptyStr), 0);
-    ExpectIntEQ(BN_hex2bn(&a, badStr), 0);
-    ExpectIntEQ(BN_hex2bn(&c, badStr), 0);
-
-    ExpectIntEQ(BN_dec2bn(NULL, NULL), 0);
-    ExpectIntEQ(BN_dec2bn(NULL, numberStr), 0);
-    ExpectIntEQ(BN_dec2bn(&a, NULL), 0);
-    ExpectIntEQ(BN_dec2bn(&a, emptyStr), 0);
-    ExpectIntEQ(BN_dec2bn(&a, badStr), 0);
-    ExpectIntEQ(BN_dec2bn(&c, badStr), 0);
-
-    ExpectIntEQ(BN_set_word(a, 2), 1);
-
-    ExpectIntEQ(BN_bn2bin(a, NULL), 1);
-    ExpectIntEQ(BN_bn2bin(a, outNum), 1);
-    ExpectNotNull(BN_bin2bn(outNum, 1, b));
-    ExpectIntEQ(BN_cmp(a, b), 0);
-    ExpectNotNull(BN_bin2bn(binNum, sizeof(binNum), b));
-    ExpectIntEQ(BN_cmp(a, b), -1);
-
-    ExpectNotNull(str = BN_bn2hex(a));
-    ExpectNotNull(BN_hex2bn(&b, str));
-    ExpectIntEQ(BN_cmp(a, b), 0);
-    ExpectNotNull(BN_hex2bn(&b, numberStr));
-    ExpectIntEQ(BN_cmp(a, b), -1);
-    XFREE(str, NULL, DYNAMIC_TYPE_OPENSSL);
-    str = NULL;
-
-#if defined(WOLFSSL_KEY_GEN) || defined(HAVE_COMP_KEY)
-    ExpectNotNull(str = BN_bn2dec(a));
-    ExpectStrEQ(str, twoStr);
-    XFREE(str, NULL, DYNAMIC_TYPE_OPENSSL);
-    str = NULL;
-
-#ifndef NO_RSA
-    ExpectNotNull(str = BN_bn2dec(a));
-    ExpectNotNull(BN_dec2bn(&b, str));
-    ExpectIntEQ(BN_cmp(a, b), 0);
-    ExpectNotNull(BN_dec2bn(&b, numberStr));
-    ExpectIntEQ(BN_cmp(a, b), -1);
-    XFREE(str, NULL, DYNAMIC_TYPE_OPENSSL);
-    str = NULL;
-#else
-    /* No implementation - fail with good parameters. */
-    ExpectIntEQ(BN_dec2bn(&a, numberStr), 0);
-#endif
-#endif
-
-    BN_free(b);
-    BN_free(a);
-#endif /* defined(OPENSSL_EXTRA) && !defined(NO_ASN) */
-    return EXPECT_RESULT();
-}
-
-static int test_wolfSSL_BN_word(void)
-{
-    EXPECT_DECLS;
-#if defined(OPENSSL_EXTRA) && !defined(NO_ASN) && !defined(WOLFSSL_SP_MATH)
-    BIGNUM* a = NULL;
-    BIGNUM* b = NULL;
-    BIGNUM* c = NULL;
-    BIGNUM av;
-
-    ExpectNotNull(a = BN_new());
-    ExpectNotNull(b = BN_new());
-    ExpectNotNull(c = BN_new());
-    XMEMSET(&av, 0, sizeof(av));
-
-    /* Invalid parameter. */
-    ExpectIntEQ(BN_add_word(NULL, 3), 0);
-    ExpectIntEQ(BN_add_word(&av, 3), 0);
-    ExpectIntEQ(BN_sub_word(NULL, 3), 0);
-    ExpectIntEQ(BN_sub_word(&av, 3), 0);
-    ExpectIntEQ(BN_set_word(NULL, 3), 0);
-    ExpectIntEQ(BN_set_word(&av, 3), 0);
-    ExpectIntEQ(BN_get_word(NULL), 0);
-    ExpectIntEQ(BN_get_word(&av), 0);
-    ExpectIntEQ(BN_is_word(NULL, 3), 0);
-    ExpectIntEQ(BN_is_word(&av, 3), 0);
-#if defined(WOLFSSL_KEY_GEN) && (!defined(NO_RSA) || !defined(NO_DH) || \
-    !defined(NO_DSA))
-    ExpectIntEQ(BN_mod_word(NULL, 3), -1);
-    ExpectIntEQ(BN_mod_word(&av, 3), -1);
-#endif
-    ExpectIntEQ(BN_one(NULL), 0);
-    ExpectIntEQ(BN_one(&av), 0);
-    BN_zero(NULL);
-    BN_zero(&av);
-    ExpectIntEQ(BN_is_one(NULL), 0);
-    ExpectIntEQ(BN_is_one(&av), 0);
-    ExpectIntEQ(BN_is_zero(NULL), 0);
-    ExpectIntEQ(BN_is_zero(&av), 0);
-
-    ExpectIntEQ(BN_set_word(a, 3), 1);
-    ExpectIntEQ(BN_set_word(b, 2), 1);
-    ExpectIntEQ(BN_set_word(c, 5), 1);
-
-    /* a + 3 = */
-    ExpectIntEQ(BN_add_word(a, 3), 1);
-
-    /* check result 3 + 3*/
-    ExpectIntEQ(BN_get_word(a), 6);
-    ExpectIntEQ(BN_is_word(a, 6), 1);
-    ExpectIntEQ(BN_is_word(a, 5), 0);
-
-    /* set a back to 3 */
-    ExpectIntEQ(BN_set_word(a, 3), 1);
-
-    /* a - 3 = */
-    ExpectIntEQ(BN_sub_word(a, 3), 1);
-
-    /* check result 3 - 3*/
-    ExpectIntEQ(BN_get_word(a), 0);
-
-    ExpectIntEQ(BN_one(a), 1);
-    ExpectIntEQ(BN_is_word(a, 1), 1);
-    ExpectIntEQ(BN_is_word(a, 0), 0);
-    ExpectIntEQ(BN_is_one(a), 1);
-    ExpectIntEQ(BN_is_zero(a), 0);
-    BN_zero(a);
-    ExpectIntEQ(BN_is_word(a, 0), 1);
-    ExpectIntEQ(BN_is_word(a, 1), 0);
-    ExpectIntEQ(BN_is_zero(a), 1);
-    ExpectIntEQ(BN_is_one(a), 0);
-
-#if defined(WOLFSSL_KEY_GEN) && (!defined(NO_RSA) || !defined(NO_DH) || \
-    !defined(NO_DSA))
-    ExpectIntEQ(BN_set_word(a, 5), 1);
-    ExpectIntEQ(BN_mod_word(a, 3), 2);
-    ExpectIntEQ(BN_mod_word(a, 0), -1);
-#endif
-
-    ExpectIntEQ(BN_set_word(a, 5), 1);
-    ExpectIntEQ(BN_mul_word(a, 5), 1);
-    /* check result 5 * 5 */
-    ExpectIntEQ(BN_get_word(a), 25);
-#if defined(WOLFSSL_SP_MATH) || defined(WOLFSSL_SP_MATH_ALL)
-    ExpectIntEQ(BN_div_word(a, 5), 1);
-    /* check result 25 / 5 */
-    ExpectIntEQ(BN_get_word(a), 5);
-#endif
-
-    BN_free(c);
-    BN_free(b);
-    BN_free(a);
-#endif /* defined(OPENSSL_EXTRA) && !defined(NO_ASN) */
-    return EXPECT_RESULT();
-}
-
-static int test_wolfSSL_BN_bits(void)
-{
-    EXPECT_DECLS;
-#if defined(OPENSSL_EXTRA) && !defined(NO_ASN) && \
-    !defined(OPENSSL_EXTRA_NO_BN) && !defined(WOLFSSL_SP_MATH)
-    BIGNUM* a = NULL;
-    BIGNUM emptyBN;
-
-    /* Setup */
-    XMEMSET(&emptyBN, 0, sizeof(emptyBN));
-    ExpectNotNull(a = BN_new());
-
-    /* Invalid parameters. */
-    ExpectIntEQ(BN_set_bit(NULL, 1), 0);
-    ExpectIntEQ(BN_set_bit(&emptyBN, 1), 0);
-    ExpectIntEQ(BN_set_bit(a, -1), 0);
-    ExpectIntEQ(BN_clear_bit(NULL, 1), 0);
-    ExpectIntEQ(BN_clear_bit(&emptyBN, 1), 0);
-    ExpectIntEQ(BN_clear_bit(a, -1), 0);
-    ExpectIntEQ(BN_is_bit_set(NULL, 1), 0);
-    ExpectIntEQ(BN_is_bit_set(&emptyBN, 1), 0);
-    ExpectIntEQ(BN_is_bit_set(a, -1), 0);
-    ExpectIntEQ(BN_is_odd(NULL), 0);
-    ExpectIntEQ(BN_is_odd(&emptyBN), 0);
-
-    ExpectIntEQ(BN_set_word(a, 0), 1);
-    ExpectIntEQ(BN_is_zero(a), 1);
-    ExpectIntEQ(BN_set_bit(a, 0x45), 1);
-    ExpectIntEQ(BN_is_zero(a), 0);
-    ExpectIntEQ(BN_is_bit_set(a, 0x45), 1);
-    ExpectIntEQ(BN_clear_bit(a, 0x45), 1);
-    ExpectIntEQ(BN_is_bit_set(a, 0x45), 0);
-    ExpectIntEQ(BN_is_zero(a), 1);
-
-    ExpectIntEQ(BN_set_bit(a, 0), 1);
-    ExpectIntEQ(BN_is_odd(a), 1);
-    ExpectIntEQ(BN_clear_bit(a, 0), 1);
-    ExpectIntEQ(BN_is_odd(a), 0);
-    ExpectIntEQ(BN_set_bit(a, 1), 1);
-    ExpectIntEQ(BN_is_odd(a), 0);
-
-    ExpectIntEQ(BN_set_bit(a, 129), 1);
-    ExpectIntEQ(BN_get_word(a), WOLFSSL_BN_MAX_VAL);
-
-#ifndef NO_WOLFSSL_STUB
-    ExpectIntEQ(BN_mask_bits(a, 1), 0);
-#endif
-
-    BN_free(a);
-#endif
-    return EXPECT_RESULT();
-}
-
-static int test_wolfSSL_BN_shift(void)
-{
-    EXPECT_DECLS;
-#if defined(OPENSSL_EXTRA) && !defined(NO_ASN) && \
-    !defined(OPENSSL_EXTRA_NO_BN) && !defined(WOLFSSL_SP_MATH)
-    BIGNUM* a = NULL;
-    BIGNUM* b = NULL;
-    BIGNUM emptyBN;
-
-    /* Setup */
-    XMEMSET(&emptyBN, 0, sizeof(emptyBN));
-    ExpectNotNull(a = BN_new());
-    ExpectNotNull(b = BN_new());
-
-    /* Invalid parameters. */
-    ExpectIntEQ(BN_lshift(NULL, NULL, 1), 0);
-    ExpectIntEQ(BN_lshift(&emptyBN, NULL, 1), 0);
-    ExpectIntEQ(BN_lshift(NULL, &emptyBN, 1), 0);
-    ExpectIntEQ(BN_lshift(b, NULL, 1), 0);
-    ExpectIntEQ(BN_lshift(b, &emptyBN, 1), 0);
-    ExpectIntEQ(BN_lshift(NULL, a, 1), 0);
-    ExpectIntEQ(BN_lshift(&emptyBN, a, 1), 0);
-    ExpectIntEQ(BN_lshift(b, a, -1), 0);
-
-    ExpectIntEQ(BN_rshift(NULL, NULL, 1), 0);
-    ExpectIntEQ(BN_rshift(&emptyBN, NULL, 1), 0);
-    ExpectIntEQ(BN_rshift(NULL, &emptyBN, 1), 0);
-    ExpectIntEQ(BN_rshift(b, NULL, 1), 0);
-    ExpectIntEQ(BN_rshift(b, &emptyBN, 1), 0);
-    ExpectIntEQ(BN_rshift(NULL, a, 1), 0);
-    ExpectIntEQ(BN_rshift(&emptyBN, a, 1), 0);
-    ExpectIntEQ(BN_rshift(b, a, -1), 0);
-
-    ExpectIntEQ(BN_set_word(a, 1), 1);
-    ExpectIntEQ(BN_lshift(b, a, 1), 1);
-    ExpectIntEQ(BN_is_word(b, 2), 1);
-    ExpectIntEQ(BN_lshift(a, a, 1), 1);
-    ExpectIntEQ(BN_is_word(a, 2), 1);
-    ExpectIntEQ(BN_rshift(b, a, 1), 1);
-    ExpectIntEQ(BN_is_word(b, 1), 1);
-    ExpectIntEQ(BN_rshift(a, a, 1), 1);
-    ExpectIntEQ(BN_is_word(a, 1), 1);
-
-    BN_free(b);
-    BN_free(a);
-#endif
-    return EXPECT_RESULT();
-}
-
-static int test_wolfSSL_BN_math(void)
-{
-    EXPECT_DECLS;
-#if defined(OPENSSL_EXTRA) && !defined(NO_ASN) && \
-    !defined(OPENSSL_EXTRA_NO_BN) && !defined(WOLFSSL_SP_MATH)
-    BIGNUM* a = NULL;
-    BIGNUM* b = NULL;
-    BIGNUM* r = NULL;
-    BIGNUM* rem = NULL;
-    BIGNUM emptyBN;
-    BN_ULONG val1;
-    BN_ULONG val2;
-
-    /* Setup */
-    XMEMSET(&emptyBN, 0, sizeof(emptyBN));
-    ExpectNotNull(a = BN_new());
-    ExpectNotNull(b = BN_new());
-    ExpectNotNull(r = BN_new());
-    ExpectNotNull(rem = BN_new());
-
-    /* Invalid parameters. */
-    ExpectIntEQ(BN_add(NULL, NULL, NULL), 0);
-    ExpectIntEQ(BN_add(r, NULL, NULL), 0);
-    ExpectIntEQ(BN_add(NULL, a, NULL), 0);
-    ExpectIntEQ(BN_add(NULL, NULL, b), 0);
-    ExpectIntEQ(BN_add(r, a, NULL), 0);
-    ExpectIntEQ(BN_add(r, NULL, b), 0);
-    ExpectIntEQ(BN_add(NULL, a, b), 0);
-
-    ExpectIntEQ(BN_add(&emptyBN, &emptyBN, &emptyBN), 0);
-    ExpectIntEQ(BN_add(r, &emptyBN, &emptyBN), 0);
-    ExpectIntEQ(BN_add(&emptyBN, a, &emptyBN), 0);
-    ExpectIntEQ(BN_add(&emptyBN, &emptyBN, b), 0);
-    ExpectIntEQ(BN_add(r, a, &emptyBN), 0);
-    ExpectIntEQ(BN_add(r, &emptyBN, b), 0);
-    ExpectIntEQ(BN_add(&emptyBN, a, b), 0);
-
-    ExpectIntEQ(BN_sub(NULL, NULL, NULL), 0);
-    ExpectIntEQ(BN_sub(r, NULL, NULL), 0);
-    ExpectIntEQ(BN_sub(NULL, a, NULL), 0);
-    ExpectIntEQ(BN_sub(NULL, NULL, b), 0);
-    ExpectIntEQ(BN_sub(r, a, NULL), 0);
-    ExpectIntEQ(BN_sub(r, NULL, b), 0);
-    ExpectIntEQ(BN_sub(NULL, a, b), 0);
-
-    ExpectIntEQ(BN_sub(&emptyBN, &emptyBN, &emptyBN), 0);
-    ExpectIntEQ(BN_sub(r, &emptyBN, &emptyBN), 0);
-    ExpectIntEQ(BN_sub(&emptyBN, a, &emptyBN), 0);
-    ExpectIntEQ(BN_sub(&emptyBN, &emptyBN, b), 0);
-    ExpectIntEQ(BN_sub(r, a, &emptyBN), 0);
-    ExpectIntEQ(BN_sub(r, &emptyBN, b), 0);
-    ExpectIntEQ(BN_sub(&emptyBN, a, b), 0);
-
-    ExpectIntEQ(BN_mul(NULL, NULL, NULL, NULL), 0);
-    ExpectIntEQ(BN_mul(r, NULL, NULL, NULL), 0);
-    ExpectIntEQ(BN_mul(NULL, a, NULL, NULL), 0);
-    ExpectIntEQ(BN_mul(NULL, NULL, b, NULL), 0);
-    ExpectIntEQ(BN_mul(r, a, NULL, NULL), 0);
-    ExpectIntEQ(BN_mul(r, NULL, b, NULL), 0);
-    ExpectIntEQ(BN_mul(NULL, a, b, NULL), 0);
-
-    ExpectIntEQ(BN_mul(&emptyBN, &emptyBN, &emptyBN, NULL), 0);
-    ExpectIntEQ(BN_mul(r, &emptyBN, &emptyBN, NULL), 0);
-    ExpectIntEQ(BN_mul(&emptyBN, a, &emptyBN, NULL), 0);
-    ExpectIntEQ(BN_mul(&emptyBN, &emptyBN, b, NULL), 0);
-    ExpectIntEQ(BN_mul(r, a, &emptyBN, NULL), 0);
-    ExpectIntEQ(BN_mul(r, &emptyBN, b, NULL), 0);
-    ExpectIntEQ(BN_mul(&emptyBN, a, b, NULL), 0);
-
-    ExpectIntEQ(BN_div(NULL, NULL, NULL, NULL, NULL), 0);
-    ExpectIntEQ(BN_div(r, NULL, NULL, NULL, NULL), 0);
-    ExpectIntEQ(BN_div(NULL, rem, NULL, NULL, NULL), 0);
-    ExpectIntEQ(BN_div(NULL, NULL, a, NULL, NULL), 0);
-    ExpectIntEQ(BN_div(NULL, NULL, NULL, b, NULL), 0);
-    ExpectIntEQ(BN_div(NULL, rem, a, b, NULL), 0);
-    ExpectIntEQ(BN_div(r, NULL, a, b, NULL), 0);
-    ExpectIntEQ(BN_div(r, rem, NULL, b, NULL), 0);
-    ExpectIntEQ(BN_div(r, rem, a, NULL, NULL), 0);
-
-    ExpectIntEQ(BN_div(&emptyBN, &emptyBN, &emptyBN, &emptyBN, NULL), 0);
-    ExpectIntEQ(BN_div(r, &emptyBN, &emptyBN, &emptyBN, NULL), 0);
-    ExpectIntEQ(BN_div(&emptyBN, rem, &emptyBN, &emptyBN, NULL), 0);
-    ExpectIntEQ(BN_div(&emptyBN, &emptyBN, a, &emptyBN, NULL), 0);
-    ExpectIntEQ(BN_div(&emptyBN, &emptyBN, &emptyBN, b, NULL), 0);
-    ExpectIntEQ(BN_div(&emptyBN, rem, a, b, NULL), 0);
-    ExpectIntEQ(BN_div(r, &emptyBN, a, b, NULL), 0);
-    ExpectIntEQ(BN_div(r, rem, &emptyBN, b, NULL), 0);
-    ExpectIntEQ(BN_div(r, rem, a, &emptyBN, NULL), 0);
-
-    ExpectIntEQ(BN_mod(NULL, NULL, NULL, NULL), 0);
-    ExpectIntEQ(BN_mod(r, NULL, NULL, NULL), 0);
-    ExpectIntEQ(BN_mod(NULL, a, NULL, NULL), 0);
-    ExpectIntEQ(BN_mod(NULL, NULL, b, NULL), 0);
-    ExpectIntEQ(BN_mod(r, a, NULL, NULL), 0);
-    ExpectIntEQ(BN_mod(r, NULL, b, NULL), 0);
-    ExpectIntEQ(BN_mod(NULL, a, b, NULL), 0);
-
-    ExpectIntEQ(BN_mod(&emptyBN, &emptyBN, &emptyBN, NULL), 0);
-    ExpectIntEQ(BN_mod(r, &emptyBN, &emptyBN, NULL), 0);
-    ExpectIntEQ(BN_mod(&emptyBN, a, &emptyBN, NULL), 0);
-    ExpectIntEQ(BN_mod(&emptyBN, &emptyBN, b, NULL), 0);
-    ExpectIntEQ(BN_mod(r, a, &emptyBN, NULL), 0);
-    ExpectIntEQ(BN_mod(r, &emptyBN, b, NULL), 0);
-    ExpectIntEQ(BN_mod(&emptyBN, a, b, NULL), 0);
-    /* END Invalid parameters. */
-
-    val1 = 8;
-    val2 = 3;
-    ExpectIntEQ(BN_set_word(a, val1), 1);
-    ExpectIntEQ(BN_set_word(b, val2), 1);
-    ExpectIntEQ(BN_add(r, a, b), 1);
-    ExpectIntEQ(BN_is_word(r, val1 + val2), 1);
-    ExpectIntEQ(BN_sub(r, a, b), 1);
-    ExpectIntEQ(BN_is_word(r, val1 - val2), 1);
-    ExpectIntEQ(BN_mul(r, a, b, NULL), 1);
-    ExpectIntEQ(BN_is_word(r, val1 * val2), 1);
-    ExpectIntEQ(BN_div(r, rem, a, b, NULL), 1);
-    ExpectIntEQ(BN_is_word(r, val1 / val2), 1);
-    ExpectIntEQ(BN_is_word(rem, val1 % val2), 1);
-    ExpectIntEQ(BN_mod(r, a, b, NULL), 1);
-    ExpectIntEQ(BN_is_word(r, val1 % val2), 1);
-
-    BN_free(rem);
-    BN_free(r);
-    BN_free(b);
-    BN_free(a);
-#endif
-    return EXPECT_RESULT();
-}
-
-static int test_wolfSSL_BN_math_mod(void)
-{
-    EXPECT_DECLS;
-#if defined(OPENSSL_EXTRA) && !defined(NO_ASN) && \
-    !defined(OPENSSL_EXTRA_NO_BN) && !defined(WOLFSSL_SP_MATH)
-    BIGNUM* a = NULL;
-    BIGNUM* b = NULL;
-    BIGNUM* m = NULL;
-    BIGNUM* r = NULL;
-    BIGNUM* t = NULL;
-    BIGNUM emptyBN;
-    BN_ULONG val1;
-    BN_ULONG val2;
-    BN_ULONG val3;
-
-    /* Setup */
-    XMEMSET(&emptyBN, 0, sizeof(emptyBN));
-    ExpectNotNull(a = BN_new());
-    ExpectNotNull(b = BN_new());
-    ExpectNotNull(m = BN_new());
-    ExpectNotNull(r = BN_new());
-
-    /* Invalid parameters. */
-    ExpectIntEQ(BN_mod_add(NULL, NULL, NULL, NULL, NULL), 0);
-    ExpectIntEQ(BN_mod_add(r, NULL, NULL, NULL, NULL), 0);
-    ExpectIntEQ(BN_mod_add(NULL, a, NULL, NULL, NULL), 0);
-    ExpectIntEQ(BN_mod_add(NULL, NULL, b, NULL, NULL), 0);
-    ExpectIntEQ(BN_mod_add(NULL, NULL, NULL, m, NULL), 0);
-    ExpectIntEQ(BN_mod_add(NULL, a, b, m, NULL), 0);
-    ExpectIntEQ(BN_mod_add(r, NULL, b, m, NULL), 0);
-    ExpectIntEQ(BN_mod_add(r, a, NULL, m, NULL), 0);
-    ExpectIntEQ(BN_mod_add(r, a, m, NULL, NULL), 0);
-
-    ExpectIntEQ(BN_mod_add(&emptyBN, &emptyBN, &emptyBN, &emptyBN, NULL), 0);
-    ExpectIntEQ(BN_mod_add(r, &emptyBN, &emptyBN, &emptyBN, NULL), 0);
-    ExpectIntEQ(BN_mod_add(&emptyBN, a, &emptyBN, &emptyBN, NULL), 0);
-    ExpectIntEQ(BN_mod_add(&emptyBN, &emptyBN, b, &emptyBN, NULL), 0);
-    ExpectIntEQ(BN_mod_add(&emptyBN, &emptyBN, &emptyBN, m, NULL), 0);
-    ExpectIntEQ(BN_mod_add(&emptyBN, a, b, m, NULL), 0);
-    ExpectIntEQ(BN_mod_add(r, &emptyBN, b, m, NULL), 0);
-    ExpectIntEQ(BN_mod_add(r, a, &emptyBN, m, NULL), 0);
-    ExpectIntEQ(BN_mod_add(r, a, m, &emptyBN, NULL), 0);
-
-    ExpectIntEQ(BN_mod_mul(NULL, NULL, NULL, NULL, NULL), 0);
-    ExpectIntEQ(BN_mod_mul(r, NULL, NULL, NULL, NULL), 0);
-    ExpectIntEQ(BN_mod_mul(NULL, a, NULL, NULL, NULL), 0);
-    ExpectIntEQ(BN_mod_mul(NULL, NULL, b, NULL, NULL), 0);
-    ExpectIntEQ(BN_mod_mul(NULL, NULL, NULL, m, NULL), 0);
-    ExpectIntEQ(BN_mod_mul(NULL, a, b, m, NULL), 0);
-    ExpectIntEQ(BN_mod_mul(r, NULL, b, m, NULL), 0);
-    ExpectIntEQ(BN_mod_mul(r, a, NULL, m, NULL), 0);
-    ExpectIntEQ(BN_mod_mul(r, a, m, NULL, NULL), 0);
-
-    ExpectIntEQ(BN_mod_mul(&emptyBN, &emptyBN, &emptyBN, &emptyBN, NULL), 0);
-    ExpectIntEQ(BN_mod_mul(r, &emptyBN, &emptyBN, &emptyBN, NULL), 0);
-    ExpectIntEQ(BN_mod_mul(&emptyBN, a, &emptyBN, &emptyBN, NULL), 0);
-    ExpectIntEQ(BN_mod_mul(&emptyBN, &emptyBN, b, &emptyBN, NULL), 0);
-    ExpectIntEQ(BN_mod_mul(&emptyBN, &emptyBN, &emptyBN, m, NULL), 0);
-    ExpectIntEQ(BN_mod_mul(&emptyBN, a, b, m, NULL), 0);
-    ExpectIntEQ(BN_mod_mul(r, &emptyBN, b, m, NULL), 0);
-    ExpectIntEQ(BN_mod_mul(r, a, &emptyBN, m, NULL), 0);
-    ExpectIntEQ(BN_mod_mul(r, a, m, &emptyBN, NULL), 0);
-
-    ExpectIntEQ(BN_mod_exp(NULL, NULL, NULL, NULL, NULL), 0);
-    ExpectIntEQ(BN_mod_exp(r, NULL, NULL, NULL, NULL), 0);
-    ExpectIntEQ(BN_mod_exp(NULL, a, NULL, NULL, NULL), 0);
-    ExpectIntEQ(BN_mod_exp(NULL, NULL, b, NULL, NULL), 0);
-    ExpectIntEQ(BN_mod_exp(NULL, NULL, NULL, m, NULL), 0);
-    ExpectIntEQ(BN_mod_exp(NULL, a, b, m, NULL), 0);
-    ExpectIntEQ(BN_mod_exp(r, NULL, b, m, NULL), 0);
-    ExpectIntEQ(BN_mod_exp(r, a, NULL, m, NULL), 0);
-    ExpectIntEQ(BN_mod_exp(r, a, m, NULL, NULL), 0);
-
-    ExpectIntEQ(BN_mod_exp(&emptyBN, &emptyBN, &emptyBN, &emptyBN, NULL), 0);
-    ExpectIntEQ(BN_mod_exp(r, &emptyBN, &emptyBN, &emptyBN, NULL), 0);
-    ExpectIntEQ(BN_mod_exp(&emptyBN, a, &emptyBN, &emptyBN, NULL), 0);
-    ExpectIntEQ(BN_mod_exp(&emptyBN, &emptyBN, b, &emptyBN, NULL), 0);
-    ExpectIntEQ(BN_mod_exp(&emptyBN, &emptyBN, &emptyBN, m, NULL), 0);
-    ExpectIntEQ(BN_mod_exp(&emptyBN, a, b, m, NULL), 0);
-    ExpectIntEQ(BN_mod_exp(r, &emptyBN, b, m, NULL), 0);
-    ExpectIntEQ(BN_mod_exp(r, a, &emptyBN, m, NULL), 0);
-    ExpectIntEQ(BN_mod_exp(r, a, m, &emptyBN, NULL), 0);
-
-    ExpectNull(BN_mod_inverse(r, NULL, NULL, NULL));
-    ExpectNull(BN_mod_inverse(r, a, NULL, NULL));
-    ExpectNull(BN_mod_inverse(r, NULL, m, NULL));
-    ExpectNull(BN_mod_inverse(r, NULL, m, NULL));
-    ExpectNull(BN_mod_inverse(r, a, NULL, NULL));
-
-    ExpectNull(BN_mod_inverse(&emptyBN, &emptyBN, &emptyBN, NULL));
-    ExpectNull(BN_mod_inverse(r, &emptyBN, &emptyBN, NULL));
-    ExpectNull(BN_mod_inverse(&emptyBN, a, &emptyBN, NULL));
-    ExpectNull(BN_mod_inverse(&emptyBN, &emptyBN, m, NULL));
-    ExpectNull(BN_mod_inverse(&emptyBN, a, m, NULL));
-    ExpectNull(BN_mod_inverse(r, &emptyBN, m, NULL));
-    ExpectNull(BN_mod_inverse(r, a, &emptyBN, NULL));
-    /* END Invalid parameters. */
-
-    val1 = 9;
-    val2 = 13;
-    val3 = 5;
-    ExpectIntEQ(BN_set_word(a, val1), 1);
-    ExpectIntEQ(BN_set_word(b, val2), 1);
-    ExpectIntEQ(BN_set_word(m, val3), 1);
-    ExpectIntEQ(BN_mod_add(r, a, b, m, NULL), 1);
-    ExpectIntEQ(BN_is_word(r, (val1 + val2) % val3), 1);
-    ExpectIntEQ(BN_mod_mul(r, a, b, m, NULL), 1);
-    ExpectIntEQ(BN_is_word(r, (val1 * val2) % val3), 1);
-
-    ExpectIntEQ(BN_set_word(a, 2), 1);
-    ExpectIntEQ(BN_set_word(b, 3), 1);
-    ExpectIntEQ(BN_set_word(m, 5), 1);
-    /* (2 ^ 3) % 5 = 8 % 5 = 3 */
-    ExpectIntEQ(BN_mod_exp(r, a, b, m, NULL), 1);
-    ExpectIntEQ(BN_is_word(r, 3), 1);
-
-    /* (2 * 3) % 5 = 6 % 5 = 1 => inv = 3 */
-    ExpectNotNull(BN_mod_inverse(r, a, m, NULL));
-    ExpectIntEQ(BN_is_word(r, 3), 1);
-    ExpectNotNull(t = BN_mod_inverse(NULL, a, m, NULL));
-    ExpectIntEQ(BN_is_word(t, 3), 1);
-    BN_free(t);
-    /* No inverse case. No inverse when a divides b. */
-    ExpectIntEQ(BN_set_word(a, 3), 1);
-    ExpectIntEQ(BN_set_word(m, 9), 1);
-    ExpectNull(BN_mod_inverse(r, a, m, NULL));
-
-    BN_free(r);
-    BN_free(m);
-    BN_free(b);
-    BN_free(a);
-#endif
-    return EXPECT_RESULT();
-}
-
-static int test_wolfSSL_BN_math_other(void)
-{
-    EXPECT_DECLS;
-#if defined(OPENSSL_EXTRA) && !defined(NO_ASN) && \
-    !defined(OPENSSL_EXTRA_NO_BN) && !defined(WOLFSSL_SP_MATH)
-#if !defined(NO_RSA) && defined(WOLFSSL_KEY_GEN)
-    BIGNUM* a = NULL;
-    BIGNUM* b = NULL;
-    BIGNUM* r = NULL;
-    BIGNUM emptyBN;
-
-    /* Setup */
-    XMEMSET(&emptyBN, 0, sizeof(emptyBN));
-    ExpectNotNull(a = BN_new());
-    ExpectNotNull(b = BN_new());
-    ExpectNotNull(r = BN_new());
-
-    /* Invalid parameters. */
-    ExpectIntEQ(BN_gcd(NULL, NULL, NULL, NULL), 0);
-    ExpectIntEQ(BN_gcd(r, NULL, NULL, NULL), 0);
-    ExpectIntEQ(BN_gcd(NULL, a, NULL, NULL), 0);
-    ExpectIntEQ(BN_gcd(NULL, NULL, b, NULL), 0);
-    ExpectIntEQ(BN_gcd(NULL, a, b, NULL), 0);
-    ExpectIntEQ(BN_gcd(r, NULL, b, NULL), 0);
-    ExpectIntEQ(BN_gcd(r, a, NULL, NULL), 0);
-
-    ExpectIntEQ(BN_gcd(&emptyBN, &emptyBN, &emptyBN, NULL), 0);
-    ExpectIntEQ(BN_gcd(r, &emptyBN, &emptyBN, NULL), 0);
-    ExpectIntEQ(BN_gcd(&emptyBN, a, &emptyBN, NULL), 0);
-    ExpectIntEQ(BN_gcd(&emptyBN, &emptyBN, b, NULL), 0);
-    ExpectIntEQ(BN_gcd(&emptyBN, a, b, NULL), 0);
-    ExpectIntEQ(BN_gcd(r, &emptyBN, b, NULL), 0);
-    ExpectIntEQ(BN_gcd(r, a, &emptyBN, NULL), 0);
-    /* END Invalid parameters. */
-
-    /* No common factors between 2 and 3. */
-    ExpectIntEQ(BN_set_word(a, 2), 1);
-    ExpectIntEQ(BN_set_word(b, 3), 1);
-    ExpectIntEQ(BN_gcd(r, a, b, NULL), 1);
-    ExpectIntEQ(BN_is_word(r, 1), 1);
-    /* 3 is largest value that divides both 6 and 9. */
-    ExpectIntEQ(BN_set_word(a, 6), 1);
-    ExpectIntEQ(BN_set_word(b, 9), 1);
-    ExpectIntEQ(BN_gcd(r, a, b, NULL), 1);
-    ExpectIntEQ(BN_is_word(r, 3), 1);
-    /* GCD of 0 and 0 is undefined. */
-    ExpectIntEQ(BN_set_word(a, 0), 1);
-    ExpectIntEQ(BN_set_word(b, 0), 1);
-    ExpectIntEQ(BN_gcd(r, a, b, NULL), 0);
-
-    /* Teardown */
-    BN_free(r);
-    BN_free(b);
-    BN_free(a);
-#endif
-#endif
-    return EXPECT_RESULT();
-}
-
-static int test_wolfSSL_BN_rand(void)
-{
-    EXPECT_DECLS;
-#if defined(OPENSSL_EXTRA) && !defined(OPENSSL_EXTRA_NO_BN)
-    BIGNUM* bn = NULL;
-    BIGNUM* range = NULL;
-    BIGNUM emptyBN;
-
-    XMEMSET(&emptyBN, 0, sizeof(emptyBN));
-    ExpectNotNull(bn = BN_new());
-    ExpectNotNull(range = BN_new());
-
-    /* Invalid parameters. */
-    ExpectIntEQ(BN_rand(NULL, -1, 0, 0), 0);
-    ExpectIntEQ(BN_rand(bn, -1, 0, 0), 0);
-    ExpectIntEQ(BN_rand(NULL, 1, 0, 0), 0);
-    ExpectIntEQ(BN_rand(&emptyBN, -1, 0, 0), 0);
-    ExpectIntEQ(BN_rand(bn, -1, 0, 0), 0);
-    ExpectIntEQ(BN_rand(&emptyBN, 1, 0, 0), 0);
-
-    ExpectIntEQ(BN_pseudo_rand(NULL, -1, 0, 0), 0);
-    ExpectIntEQ(BN_pseudo_rand(bn, -1, 0, 0), 0);
-    ExpectIntEQ(BN_pseudo_rand(NULL, 1, 0, 0), 0);
-    ExpectIntEQ(BN_pseudo_rand(&emptyBN, -1, 0, 0), 0);
-    ExpectIntEQ(BN_pseudo_rand(bn, -1, 0, 0), 0);
-    ExpectIntEQ(BN_pseudo_rand(&emptyBN, 1, 0, 0), 0);
-
-    ExpectIntEQ(BN_rand_range(NULL, NULL), 0);
-    ExpectIntEQ(BN_rand_range(bn, NULL), 0);
-    ExpectIntEQ(BN_rand_range(NULL, range), 0);
-    ExpectIntEQ(BN_rand_range(&emptyBN, &emptyBN), 0);
-    ExpectIntEQ(BN_rand_range(bn, &emptyBN), 0);
-    ExpectIntEQ(BN_rand_range(&emptyBN, range), 0);
-
-    /* 0 bit random value must be 0 and so cannot set bit in any position. */
-    ExpectIntEQ(BN_rand(bn, 0, WOLFSSL_BN_RAND_TOP_ONE,
-        WOLFSSL_BN_RAND_BOTTOM_ODD), 0);
-    ExpectIntEQ(BN_rand(bn, 0, WOLFSSL_BN_RAND_TOP_TWO,
-        WOLFSSL_BN_RAND_BOTTOM_ODD), 0);
-    ExpectIntEQ(BN_rand(bn, 0, WOLFSSL_BN_RAND_TOP_ANY,
-        WOLFSSL_BN_RAND_BOTTOM_ODD), 0);
-    ExpectIntEQ(BN_rand(bn, 0, WOLFSSL_BN_RAND_TOP_ONE,
-        WOLFSSL_BN_RAND_BOTTOM_ANY), 0);
-    ExpectIntEQ(BN_rand(bn, 0, WOLFSSL_BN_RAND_TOP_TWO,
-        WOLFSSL_BN_RAND_BOTTOM_ANY), 0);
-    ExpectIntEQ(BN_pseudo_rand(bn, 0, WOLFSSL_BN_RAND_TOP_ONE,
-        WOLFSSL_BN_RAND_BOTTOM_ODD), 0);
-    ExpectIntEQ(BN_pseudo_rand(bn, 0, WOLFSSL_BN_RAND_TOP_TWO,
-        WOLFSSL_BN_RAND_BOTTOM_ODD), 0);
-    ExpectIntEQ(BN_pseudo_rand(bn, 0, WOLFSSL_BN_RAND_TOP_ANY,
-        WOLFSSL_BN_RAND_BOTTOM_ODD), 0);
-    ExpectIntEQ(BN_pseudo_rand(bn, 0, WOLFSSL_BN_RAND_TOP_ONE,
-        WOLFSSL_BN_RAND_BOTTOM_ANY), 0);
-    ExpectIntEQ(BN_pseudo_rand(bn, 0, WOLFSSL_BN_RAND_TOP_TWO,
-        WOLFSSL_BN_RAND_BOTTOM_ANY), 0);
-
-    /* 1 bit random value must have no more than one top bit set. */
-    ExpectIntEQ(BN_rand(bn, 1, WOLFSSL_BN_RAND_TOP_TWO,
-        WOLFSSL_BN_RAND_BOTTOM_ANY), 0);
-    ExpectIntEQ(BN_rand(bn, 1, WOLFSSL_BN_RAND_TOP_TWO,
-        WOLFSSL_BN_RAND_BOTTOM_ODD), 0);
-    ExpectIntEQ(BN_pseudo_rand(bn, 1, WOLFSSL_BN_RAND_TOP_TWO,
-        WOLFSSL_BN_RAND_BOTTOM_ANY), 0);
-    ExpectIntEQ(BN_pseudo_rand(bn, 1, WOLFSSL_BN_RAND_TOP_TWO,
-        WOLFSSL_BN_RAND_BOTTOM_ODD), 0);
-    /* END Invalid parameters. */
-
-    /* 0 bit random: 0. */
-    ExpectIntEQ(BN_rand(bn, 0, WOLFSSL_BN_RAND_TOP_ANY,
-        WOLFSSL_BN_RAND_BOTTOM_ANY), 1);
-    ExpectIntEQ(BN_is_zero(bn), 1);
-
-    ExpectIntEQ(BN_set_word(bn, 2), 1); /* Make sure not zero. */
-    ExpectIntEQ(BN_pseudo_rand(bn, 0, WOLFSSL_BN_RAND_TOP_ANY,
-        WOLFSSL_BN_RAND_BOTTOM_ANY), 1);
-    ExpectIntEQ(BN_is_zero(bn), 1);
-
-    /* 1 bit random: 0 or 1. */
-    ExpectIntEQ(BN_rand(bn, 1, WOLFSSL_BN_RAND_TOP_ANY,
-        WOLFSSL_BN_RAND_BOTTOM_ANY), 1);
-    ExpectIntLT(BN_get_word(bn), 2); /* Make sure valid range. */
-    ExpectIntEQ(BN_rand(bn, 1, WOLFSSL_BN_RAND_TOP_ONE,
-        WOLFSSL_BN_RAND_BOTTOM_ANY), 1);
-    ExpectIntEQ(BN_get_word(bn), 1);
-    ExpectIntEQ(BN_rand(bn, 1, WOLFSSL_BN_RAND_TOP_ONE,
-        WOLFSSL_BN_RAND_BOTTOM_ODD), 1);
-    ExpectIntEQ(BN_get_word(bn), 1);
-
-    ExpectIntEQ(BN_pseudo_rand(bn, 1, WOLFSSL_BN_RAND_TOP_ANY,
-        WOLFSSL_BN_RAND_BOTTOM_ANY), 1);
-    ExpectIntLT(BN_get_word(bn), 2); /* Make sure valid range. */
-    ExpectIntEQ(BN_pseudo_rand(bn, 1, WOLFSSL_BN_RAND_TOP_ONE,
-        WOLFSSL_BN_RAND_BOTTOM_ANY), 1);
-    ExpectIntEQ(BN_get_word(bn), 1);
-    ExpectIntEQ(BN_pseudo_rand(bn, 1, WOLFSSL_BN_RAND_TOP_ONE,
-        WOLFSSL_BN_RAND_BOTTOM_ODD), 1);
-    ExpectIntEQ(BN_get_word(bn), 1);
-
-    ExpectIntEQ(BN_rand(bn, 8, WOLFSSL_BN_RAND_TOP_ONE,
-        WOLFSSL_BN_RAND_BOTTOM_ANY), 1);
-    ExpectIntEQ(BN_num_bits(bn), 8);
-    ExpectIntEQ(BN_is_bit_set(bn, 7), 1);
-    ExpectIntEQ(BN_pseudo_rand(bn, 8, WOLFSSL_BN_RAND_TOP_ONE,
-        WOLFSSL_BN_RAND_BOTTOM_ANY), 1);
-    ExpectIntEQ(BN_num_bits(bn), 8);
-    ExpectIntEQ(BN_is_bit_set(bn, 7), 1);
-
-    ExpectIntEQ(BN_rand(bn, 8, WOLFSSL_BN_RAND_TOP_TWO,
-        WOLFSSL_BN_RAND_BOTTOM_ANY), 1);
-    ExpectIntEQ(BN_is_bit_set(bn, 7), 1);
-    ExpectIntEQ(BN_is_bit_set(bn, 6), 1);
-    ExpectIntEQ(BN_pseudo_rand(bn, 8, WOLFSSL_BN_RAND_TOP_TWO,
-        WOLFSSL_BN_RAND_BOTTOM_ANY), 1);
-    ExpectIntEQ(BN_is_bit_set(bn, 7), 1);
-    ExpectIntEQ(BN_is_bit_set(bn, 6), 1);
-
-    ExpectIntEQ(BN_rand(bn, 8, WOLFSSL_BN_RAND_TOP_ONE,
-        WOLFSSL_BN_RAND_BOTTOM_ODD), 1);
-    ExpectIntEQ(BN_is_bit_set(bn, 0), 1);
-    ExpectIntEQ(BN_pseudo_rand(bn, 8, WOLFSSL_BN_RAND_TOP_ONE,
-        WOLFSSL_BN_RAND_BOTTOM_ODD), 1);
-    ExpectIntEQ(BN_is_bit_set(bn, 0), 1);
-
-    /* Regression test: Older versions of wolfSSL_BN_rand would round the
-     * requested number of bits up to the nearest multiple of 8. E.g. in this
-     * case, requesting a 13-bit random number would actually return a 16-bit
-     * random number. */
-    ExpectIntEQ(BN_rand(bn, 13, WOLFSSL_BN_RAND_TOP_ONE,
-        WOLFSSL_BN_RAND_BOTTOM_ANY), 1);
-    ExpectIntEQ(BN_num_bits(bn), 13);
-
-    ExpectIntEQ(BN_rand(range, 64, WOLFSSL_BN_RAND_TOP_ONE,
-        WOLFSSL_BN_RAND_BOTTOM_ANY), 1);
-    ExpectIntEQ(BN_rand_range(bn, range), 1);
-
-    ExpectIntEQ(BN_set_word(range, 0), 1);
-    ExpectIntEQ(BN_rand_range(bn, range), 1);
-    ExpectIntEQ(BN_set_word(range, 1), 1);
-    ExpectIntEQ(BN_rand_range(bn, range), 1);
-
-    BN_free(bn);
-    BN_free(range);
-#endif
-    return EXPECT_RESULT();
-}
-
-static int test_wolfSSL_BN_prime(void)
-{
-    EXPECT_DECLS;
-#if defined(OPENSSL_EXTRA) && !defined(NO_ASN) && \
-    !defined(OPENSSL_EXTRA_NO_BN) && !defined(WOLFSSL_SP_MATH)
-#if defined(WOLFSSL_KEY_GEN) && (!defined(NO_RSA) || !defined(NO_DH) || !defined(NO_DSA))
-    BIGNUM* a = NULL;
-    BIGNUM* add = NULL;
-    BIGNUM* rem = NULL;
-    BIGNUM emptyBN;
-
-    XMEMSET(&emptyBN, 0, sizeof(emptyBN));
-    ExpectNotNull(a = BN_new());
-    ExpectNotNull(add = BN_new());
-    ExpectNotNull(rem = BN_new());
-
-    /* Invalid parameters. */
-    /* BN_generate_prime_ex()
-     * prime - must have valid BIGNUM
-     * bits  - Greater then 0
-     * safe  - not supported, must be 0
-     * add   - not supported, must be NULL
-     * rem   - not supported, must be NULL
-     * cb    - anything
-     */
-    ExpectIntEQ(BN_generate_prime_ex(NULL, -1, 1, add, rem, NULL), 0);
-    ExpectIntEQ(BN_generate_prime_ex(&emptyBN, -1, 1, add, rem, NULL), 0);
-    ExpectIntEQ(BN_generate_prime_ex(a, -1, 1, add, rem, NULL), 0);
-    ExpectIntEQ(BN_generate_prime_ex(NULL, 2, 1, add, rem, NULL), 0);
-    ExpectIntEQ(BN_generate_prime_ex(&emptyBN, 2, 1, add, rem, NULL), 0);
-    ExpectIntEQ(BN_generate_prime_ex(NULL, -1, 0, add, rem, NULL), 0);
-    ExpectIntEQ(BN_generate_prime_ex(&emptyBN, -1, 0, add, rem, NULL), 0);
-    ExpectIntEQ(BN_generate_prime_ex(NULL, -1, 1, NULL, rem, NULL), 0);
-    ExpectIntEQ(BN_generate_prime_ex(&emptyBN, -1, 1, NULL, rem, NULL), 0);
-    ExpectIntEQ(BN_generate_prime_ex(NULL, -1, 1, add, NULL, NULL), 0);
-    ExpectIntEQ(BN_generate_prime_ex(&emptyBN, -1, 1, add, NULL, NULL), 0);
-    ExpectIntEQ(BN_generate_prime_ex(NULL, 2, 0, NULL, NULL, NULL), 0);
-    ExpectIntEQ(BN_generate_prime_ex(&emptyBN, 2, 0, NULL, NULL, NULL), 0);
-    ExpectIntEQ(BN_generate_prime_ex(a, -1, 0, NULL, NULL, NULL), 0);
-    ExpectIntEQ(BN_generate_prime_ex(a, 0, 0, NULL, NULL, NULL), 0);
-    ExpectIntEQ(BN_generate_prime_ex(a, 2, 1, NULL, NULL, NULL), 0);
-    ExpectIntEQ(BN_generate_prime_ex(a, 2, 0, add, NULL, NULL), 0);
-    ExpectIntEQ(BN_generate_prime_ex(a, 2, 0, NULL, rem, NULL), 0);
-
-    ExpectIntEQ(BN_is_prime_ex(NULL, -1, NULL, NULL), -1);
-    ExpectIntEQ(BN_is_prime_ex(&emptyBN, -1, NULL, NULL), -1);
-    ExpectIntEQ(BN_is_prime_ex(a, -1, NULL, NULL), -1);
-    ExpectIntEQ(BN_is_prime_ex(a, 2048, NULL, NULL), -1);
-    ExpectIntEQ(BN_is_prime_ex(NULL, 1, NULL, NULL), -1);
-    ExpectIntEQ(BN_is_prime_ex(&emptyBN, 1, NULL, NULL), -1);
-    /* END Invalid parameters. */
-
-    ExpectIntEQ(BN_generate_prime_ex(a, 512, 0, NULL, NULL, NULL), 1);
-    ExpectIntEQ(BN_is_prime_ex(a, 8, NULL, NULL), 1);
-
-    ExpectIntEQ(BN_clear_bit(a, 0), 1);
-    ExpectIntEQ(BN_is_prime_ex(a, 8, NULL, NULL), 0);
-
-    BN_free(rem);
-    BN_free(add);
-    BN_free(a);
-#endif
-#endif /* defined(OPENSSL_EXTRA) && !defined(NO_ASN) */
-    return EXPECT_RESULT();
-}
-
 #if defined(OPENSSL_EXTRA) && !defined(NO_CERTS) && !defined(NO_TLS) && \
    !defined(NO_FILESYSTEM) && !defined(NO_RSA)
 #define TEST_ARG 0x1234
@@ -30788,9 +22755,9 @@ static int test_wolfSSL_set_options(void)
     ExpectNotNull(ctx = wolfSSL_CTX_new(wolfSSLv23_client_method()));
 #endif
     ExpectTrue(wolfSSL_CTX_use_certificate_file(ctx, svrCertFile,
-                                                WOLFSSL_FILETYPE_PEM));
+                                                CERT_FILETYPE));
     ExpectTrue(wolfSSL_CTX_use_PrivateKey_file(ctx, svrKeyFile,
-                                               WOLFSSL_FILETYPE_PEM));
+                                               CERT_FILETYPE));
 
     ExpectTrue(wolfSSL_CTX_set_options(ctx, WOLFSSL_OP_NO_TLSv1)
                == WOLFSSL_OP_NO_TLSv1);
@@ -30816,9 +22783,9 @@ static int test_wolfSSL_set_options(void)
     ExpectNotNull(ctx = wolfSSL_CTX_new(wolfSSLv23_client_method()));
 #endif
     ExpectTrue(wolfSSL_CTX_use_certificate_file(ctx, svrCertFile,
-                                               WOLFSSL_FILETYPE_PEM));
+                                               CERT_FILETYPE));
     ExpectTrue(wolfSSL_CTX_use_PrivateKey_file(ctx, svrKeyFile,
-                                               WOLFSSL_FILETYPE_PEM));
+                                               CERT_FILETYPE));
 #ifdef OPENSSL_EXTRA
     ExpectTrue(wolfSSL_CTX_set_msg_callback(ctx, msg_cb) == WOLFSSL_SUCCESS);
 #endif
@@ -30932,7 +22899,8 @@ static int test_wolfSSL_set1_curves_list(void)
 {
     EXPECT_DECLS;
 #if defined(OPENSSL_EXTRA) && defined(HAVE_ECC) && !defined(NO_TLS) && \
-    (!defined(NO_WOLFSSL_CLIENT) || !defined(NO_WOLFSSL_SERVER))
+    (!defined(NO_WOLFSSL_CLIENT) || !defined(NO_WOLFSSL_SERVER)) && \
+    !defined(NO_FILESYSTEM)
     SSL*     ssl = NULL;
     SSL_CTX* ctx = NULL;
 
@@ -31090,7 +23058,8 @@ static int test_wolfSSL_set1_sigalgs_list(void)
     EXPECT_DECLS;
 #if defined(OPENSSL_EXTRA) && !defined(NO_CERTS) && !defined(NO_RSA) && \
     !defined(NO_TLS) && \
-    (!defined(NO_WOLFSSL_CLIENT) || !defined(NO_WOLFSSL_SERVER))
+    (!defined(NO_WOLFSSL_CLIENT) || !defined(NO_WOLFSSL_SERVER)) && \
+    !defined(NO_FILESYSTEM)
     SSL*     ssl = NULL;
     SSL_CTX* ctx = NULL;
 
@@ -33721,7 +25690,7 @@ static int test_wolfSSL_RAND_poll(void)
     ExpectIntNE(XMEMCMP(rand1, rand2, 16), 0);
 
     /* reset the seed function used */
-    wc_SetSeed_Cb(wc_GenerateSeed);
+    wc_SetSeed_Cb(WC_GENERATE_SEED_DEFAULT);
 #endif
     RAND_cleanup();
 
@@ -34411,2108 +26380,6 @@ static int test_wolfSSL_GetLoggingCb(void)
 
 #endif /* !NO_BIO */
 
-static int test_wolfSSL_MD4(void)
-{
-    EXPECT_DECLS;
-#if defined(OPENSSL_EXTRA) && !defined(NO_MD4)
-    MD4_CTX md4;
-    unsigned char out[16]; /* MD4_DIGEST_SIZE */
-    const char* msg = "12345678901234567890123456789012345678901234567890123456"
-                      "789012345678901234567890";
-    const char* test = "\xe3\x3b\x4d\xdc\x9c\x38\xf2\x19\x9c\x3e\x7b\x16\x4f"
-                       "\xcc\x05\x36";
-    int msgSz = (int)XSTRLEN(msg);
-
-
-    XMEMSET(out, 0, sizeof(out));
-    MD4_Init(&md4);
-    MD4_Update(&md4, (const void*)msg, (word32)msgSz);
-    MD4_Final(out, &md4);
-    ExpectIntEQ(XMEMCMP(out, test, sizeof(out)), 0);
-#endif
-    return EXPECT_RESULT();
-}
-
-static int test_wolfSSL_MD5(void)
-{
-    EXPECT_DECLS;
-#if defined(OPENSSL_EXTRA) && !defined(NO_MD5)
-    byte input1[] = "";
-    byte input2[] = "message digest";
-    byte hash[WC_MD5_DIGEST_SIZE];
-    unsigned char output1[] =
-        "\xd4\x1d\x8c\xd9\x8f\x00\xb2\x04\xe9\x80\x09\x98\xec\xf8\x42\x7e";
-    unsigned char output2[] =
-        "\xf9\x6b\x69\x7d\x7c\xb7\x93\x8d\x52\x5a\x2f\x31\xaa\xf1\x61\xd0";
-    WOLFSSL_MD5_CTX md5;
-
-    XMEMSET(&md5, 0, sizeof(md5));
-
-    /* Test cases for illegal parameters */
-    ExpectIntEQ(MD5_Init(NULL), 0);
-    ExpectIntEQ(MD5_Init(&md5), 1);
-    ExpectIntEQ(MD5_Update(NULL, input1, 0), 0);
-    ExpectIntEQ(MD5_Update(NULL, NULL, 0), 0);
-    ExpectIntEQ(MD5_Update(&md5, NULL, 1), 0);
-    ExpectIntEQ(MD5_Final(NULL, &md5), 0);
-    ExpectIntEQ(MD5_Final(hash, NULL), 0);
-    ExpectIntEQ(MD5_Final(NULL, NULL), 0);
-
-    /* Init MD5 CTX */
-    ExpectIntEQ(wolfSSL_MD5_Init(&md5), 1);
-    ExpectIntEQ(wolfSSL_MD5_Update(&md5, input1, XSTRLEN((const char*)&input1)),
-        1);
-    ExpectIntEQ(wolfSSL_MD5_Final(hash, &md5), 1);
-    ExpectIntEQ(XMEMCMP(&hash, output1, WC_MD5_DIGEST_SIZE), 0);
-
-    /* Init MD5 CTX */
-    ExpectIntEQ(wolfSSL_MD5_Init(&md5), 1);
-    ExpectIntEQ(wolfSSL_MD5_Update(&md5, input2,
-        (int)XSTRLEN((const char*)input2)), 1);
-    ExpectIntEQ(wolfSSL_MD5_Final(hash, &md5), 1);
-    ExpectIntEQ(XMEMCMP(&hash, output2, WC_MD5_DIGEST_SIZE), 0);
-#if !defined(NO_OLD_NAMES) && \
-  (!defined(HAVE_FIPS) || (defined(HAVE_FIPS_VERSION) && (HAVE_FIPS_VERSION>2)))
-    ExpectPtrNE(MD5(NULL, 1, (byte*)&hash), &hash);
-    ExpectPtrEq(MD5(input1, 0, (byte*)&hash), &hash);
-    ExpectPtrNE(MD5(input1, 1, NULL), NULL);
-    ExpectPtrNE(MD5(NULL, 0, NULL), NULL);
-
-    ExpectPtrEq(MD5(input1, (int)XSTRLEN((const char*)&input1), (byte*)&hash),
-        &hash);
-    ExpectIntEQ(XMEMCMP(&hash, output1, WC_MD5_DIGEST_SIZE), 0);
-
-    ExpectPtrEq(MD5(input2, (int)XSTRLEN((const char*)&input2), (byte*)&hash),
-        &hash);
-    ExpectIntEQ(XMEMCMP(&hash, output2, WC_MD5_DIGEST_SIZE), 0);
-    {
-        byte data[] = "Data to be hashed.";
-        XMEMSET(hash, 0, WC_MD5_DIGEST_SIZE);
-
-        ExpectNotNull(MD5(data, sizeof(data), NULL));
-        ExpectNotNull(MD5(data, sizeof(data), hash));
-        ExpectNotNull(MD5(NULL, 0, hash));
-        ExpectNull(MD5(NULL, sizeof(data), hash));
-    }
-#endif
-#endif
-    return EXPECT_RESULT();
-}
-
-static int test_wolfSSL_MD5_Transform(void)
-{
-    EXPECT_DECLS;
-#if defined(OPENSSL_EXTRA) && !defined(NO_MD5)
-    byte input1[] = "";
-    byte input2[] = "abc";
-    byte local[WC_MD5_BLOCK_SIZE];
-    word32 sLen = 0;
-#ifdef BIG_ENDIAN_ORDER
-    unsigned char output1[] =
-        "\x03\x1f\x1d\xac\x6e\xa5\x8e\xd0\x1f\xab\x67\xb7\x74\x31\x77\x91";
-    unsigned char output2[] =
-        "\xef\xd3\x79\x8d\x67\x17\x25\x90\xa4\x13\x79\xc7\xe3\xa7\x7b\xbc";
-#else
-    unsigned char output1[] =
-        "\xac\x1d\x1f\x03\xd0\x8e\xa5\x6e\xb7\x67\xab\x1f\x91\x77\x31\x74";
-    unsigned char output2[] =
-        "\x8d\x79\xd3\xef\x90\x25\x17\x67\xc7\x79\x13\xa4\xbc\x7b\xa7\xe3";
-#endif
-
-    union {
-        wc_Md5 native;
-        MD5_CTX compat;
-    } md5;
-
-    XMEMSET(&md5.compat, 0, sizeof(md5.compat));
-    XMEMSET(&local, 0, sizeof(local));
-
-    /* sanity check */
-    ExpectIntEQ(MD5_Transform(NULL, NULL), 0);
-    ExpectIntEQ(MD5_Transform(NULL, (const byte*)&input1), 0);
-    ExpectIntEQ(MD5_Transform(&md5.compat, NULL), 0);
-    ExpectIntEQ(wc_Md5Transform(NULL, NULL), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
-    ExpectIntEQ(wc_Md5Transform(NULL, (const byte*)&input1), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
-    ExpectIntEQ(wc_Md5Transform(&md5.native, NULL), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
-
-    /* Init MD5 CTX */
-    ExpectIntEQ(wolfSSL_MD5_Init(&md5.compat), 1);
-    /* Do Transform*/
-    sLen = (word32)XSTRLEN((char*)input1);
-    XMEMCPY(local, input1, sLen);
-    ExpectIntEQ(MD5_Transform(&md5.compat, (const byte*)&local[0]), 1);
-
-    ExpectIntEQ(XMEMCMP(md5.native.digest, output1, WC_MD5_DIGEST_SIZE), 0);
-
-    /* Init MD5 CTX */
-    ExpectIntEQ(MD5_Init(&md5.compat), 1);
-    sLen = (word32)XSTRLEN((char*)input2);
-    XMEMSET(local, 0, WC_MD5_BLOCK_SIZE);
-    XMEMCPY(local, input2, sLen);
-    ExpectIntEQ(MD5_Transform(&md5.compat, (const byte*)&local[0]), 1);
-    ExpectIntEQ(XMEMCMP(md5.native.digest, output2, WC_MD5_DIGEST_SIZE), 0);
-#endif
-    return EXPECT_RESULT();
-}
-
-static int test_wolfSSL_SHA(void)
-{
-    EXPECT_DECLS;
-#if defined(OPENSSL_EXTRA) && !defined(HAVE_SELFTEST)
-    #if !defined(NO_SHA) && defined(NO_OLD_SHA_NAMES) && \
-        (!defined(HAVE_FIPS) || \
-        (defined(HAVE_FIPS_VERSION) && HAVE_FIPS_VERSION > 2))
-    {
-        const unsigned char in[] = "abc";
-        unsigned char expected[] = "\xA9\x99\x3E\x36\x47\x06\x81\x6A\xBA\x3E"
-                                   "\x25\x71\x78\x50\xC2\x6C\x9C\xD0\xD8\x9D";
-        unsigned char out[WC_SHA_DIGEST_SIZE];
-        unsigned char* p = NULL;
-        WOLFSSL_SHA_CTX sha;
-
-        XMEMSET(out, 0, WC_SHA_DIGEST_SIZE);
-        ExpectNotNull(SHA1(in, XSTRLEN((char*)in), out));
-        ExpectIntEQ(XMEMCMP(out, expected, WC_SHA_DIGEST_SIZE), 0);
-
-        /* SHA interface test */
-        XMEMSET(out, 0, WC_SHA_DIGEST_SIZE);
-
-        ExpectNull(SHA(NULL, XSTRLEN((char*)in), out));
-        ExpectNotNull(SHA(in, 0, out));
-        ExpectNotNull(SHA(in, XSTRLEN((char*)in), NULL));
-        ExpectNotNull(SHA(NULL, 0, out));
-        ExpectNotNull(SHA(NULL, 0, NULL));
-
-        ExpectNotNull(SHA(in, XSTRLEN((char*)in), out));
-        ExpectIntEQ(XMEMCMP(out, expected, WC_SHA_DIGEST_SIZE), 0);
-        ExpectNotNull(p = SHA(in, XSTRLEN((char*)in), NULL));
-        ExpectIntEQ(XMEMCMP(p, expected, WC_SHA_DIGEST_SIZE), 0);
-
-        ExpectIntEQ(wolfSSL_SHA_Init(&sha), 1);
-        ExpectIntEQ(wolfSSL_SHA_Update(&sha, in, XSTRLEN((char*)in)), 1);
-        ExpectIntEQ(wolfSSL_SHA_Final(out, &sha), 1);
-        ExpectIntEQ(XMEMCMP(out, expected, WC_SHA_DIGEST_SIZE), 0);
-
-        ExpectIntEQ(wolfSSL_SHA1_Init(&sha), 1);
-        ExpectIntEQ(wolfSSL_SHA1_Update(&sha, in, XSTRLEN((char*)in)), 1);
-        ExpectIntEQ(wolfSSL_SHA1_Final(out, &sha), 1);
-        ExpectIntEQ(XMEMCMP(out, expected, WC_SHA_DIGEST_SIZE), 0);
-    }
-    #endif
-
-    #if !defined(NO_SHA256)
-    {
-        const unsigned char in[] = "abc";
-        unsigned char expected[] =
-            "\xBA\x78\x16\xBF\x8F\x01\xCF\xEA\x41\x41\x40\xDE\x5D\xAE\x22"
-            "\x23\xB0\x03\x61\xA3\x96\x17\x7A\x9C\xB4\x10\xFF\x61\xF2\x00"
-            "\x15\xAD";
-        unsigned char out[WC_SHA256_DIGEST_SIZE];
-        unsigned char* p = NULL;
-
-        XMEMSET(out, 0, WC_SHA256_DIGEST_SIZE);
-#if !defined(NO_OLD_NAMES) && !defined(HAVE_FIPS)
-        ExpectNotNull(SHA256(in, XSTRLEN((char*)in), out));
-#else
-        ExpectNotNull(wolfSSL_SHA256(in, XSTRLEN((char*)in), out));
-#endif
-        ExpectIntEQ(XMEMCMP(out, expected, WC_SHA256_DIGEST_SIZE), 0);
-#if !defined(NO_OLD_NAMES) && !defined(HAVE_FIPS)
-        ExpectNotNull(p = SHA256(in, XSTRLEN((char*)in), NULL));
-#else
-        ExpectNotNull(p = wolfSSL_SHA256(in, XSTRLEN((char*)in), NULL));
-#endif
-        ExpectIntEQ(XMEMCMP(p, expected, WC_SHA256_DIGEST_SIZE), 0);
-    }
-    #endif
-
-    #if defined(WOLFSSL_SHA384)
-    {
-        const unsigned char in[] = "abc";
-        unsigned char expected[] =
-            "\xcb\x00\x75\x3f\x45\xa3\x5e\x8b\xb5\xa0\x3d\x69\x9a\xc6\x50"
-            "\x07\x27\x2c\x32\xab\x0e\xde\xd1\x63\x1a\x8b\x60\x5a\x43\xff"
-            "\x5b\xed\x80\x86\x07\x2b\xa1\xe7\xcc\x23\x58\xba\xec\xa1\x34"
-            "\xc8\x25\xa7";
-        unsigned char out[WC_SHA384_DIGEST_SIZE];
-        unsigned char* p = NULL;
-
-        XMEMSET(out, 0, WC_SHA384_DIGEST_SIZE);
-#if !defined(NO_OLD_NAMES) && !defined(HAVE_FIPS)
-        ExpectNotNull(SHA384(in, XSTRLEN((char*)in), out));
-#else
-        ExpectNotNull(wolfSSL_SHA384(in, XSTRLEN((char*)in), out));
-#endif
-        ExpectIntEQ(XMEMCMP(out, expected, WC_SHA384_DIGEST_SIZE), 0);
-#if !defined(NO_OLD_NAMES) && !defined(HAVE_FIPS)
-        ExpectNotNull(p = SHA384(in, XSTRLEN((char*)in), NULL));
-#else
-        ExpectNotNull(p = wolfSSL_SHA384(in, XSTRLEN((char*)in), NULL));
-#endif
-        ExpectIntEQ(XMEMCMP(p, expected, WC_SHA384_DIGEST_SIZE), 0);
-    }
-    #endif
-
-    #if defined(WOLFSSL_SHA512)
-    {
-        const unsigned char in[] = "abc";
-        unsigned char expected[] =
-            "\xdd\xaf\x35\xa1\x93\x61\x7a\xba\xcc\x41\x73\x49\xae\x20\x41"
-            "\x31\x12\xe6\xfa\x4e\x89\xa9\x7e\xa2\x0a\x9e\xee\xe6\x4b\x55"
-            "\xd3\x9a\x21\x92\x99\x2a\x27\x4f\xc1\xa8\x36\xba\x3c\x23\xa3"
-            "\xfe\xeb\xbd\x45\x4d\x44\x23\x64\x3c\xe8\x0e\x2a\x9a\xc9\x4f"
-            "\xa5\x4c\xa4\x9f";
-        unsigned char out[WC_SHA512_DIGEST_SIZE];
-        unsigned char* p = NULL;
-
-        XMEMSET(out, 0, WC_SHA512_DIGEST_SIZE);
-#if !defined(NO_OLD_NAMES) && !defined(HAVE_FIPS)
-        ExpectNotNull(SHA512(in, XSTRLEN((char*)in), out));
-#else
-        ExpectNotNull(wolfSSL_SHA512(in, XSTRLEN((char*)in), out));
-#endif
-        ExpectIntEQ(XMEMCMP(out, expected, WC_SHA512_DIGEST_SIZE), 0);
-#if !defined(NO_OLD_NAMES) && !defined(HAVE_FIPS)
-        ExpectNotNull(p = SHA512(in, XSTRLEN((char*)in), NULL));
-#else
-        ExpectNotNull(p = wolfSSL_SHA512(in, XSTRLEN((char*)in), NULL));
-#endif
-        ExpectIntEQ(XMEMCMP(p, expected, WC_SHA512_DIGEST_SIZE), 0);
-    }
-    #endif
-#endif
-    return EXPECT_RESULT();
-}
-
-static int test_wolfSSL_SHA_Transform(void)
-{
-    EXPECT_DECLS;
-#if defined(OPENSSL_EXTRA) && !defined(NO_SHA)
-#if !defined(HAVE_SELFTEST) && (!defined(HAVE_FIPS) || \
-        (defined(HAVE_FIPS_VERSION) && (HAVE_FIPS_VERSION > 2)))
-    byte input1[] = "";
-    byte input2[] = "abc";
-    byte local[WC_SHA_BLOCK_SIZE];
-    word32 sLen = 0;
-#ifdef BIG_ENDIAN_ORDER
-    unsigned char output1[] =
-        "\x92\xb4\x04\xe5\x56\x58\x8c\xed\x6c\x1a\xcd\x4e\xbf\x05\x3f\x68"
-        "\x09\xf7\x3a\x93";
-    unsigned char output2[] =
-        "\x97\xb2\x74\x8b\x4f\x5b\xbc\xca\x5b\xc0\xe6\xea\x2d\x40\xb4\xa0"
-        "\x7c\x6e\x08\xb8";
-#else
-    unsigned char output1[] =
-        "\xe5\x04\xb4\x92\xed\x8c\x58\x56\x4e\xcd\x1a\x6c\x68\x3f\x05\xbf"
-        "\x93\x3a\xf7\x09";
-    unsigned char output2[] =
-        "\x8b\x74\xb2\x97\xca\xbc\x5b\x4f\xea\xe6\xc0\x5b\xa0\xb4\x40\x2d"
-        "\xb8\x08\x6e\x7c";
-#endif
-
-    union {
-        wc_Sha native;
-        SHA_CTX compat;
-    } sha;
-    union {
-        wc_Sha native;
-        SHA_CTX compat;
-    } sha1;
-
-    XMEMSET(&sha.compat, 0, sizeof(sha.compat));
-    XMEMSET(&local, 0, sizeof(local));
-
-    /* sanity check */
-    ExpectIntEQ(SHA_Transform(NULL, NULL), 0);
-    ExpectIntEQ(SHA_Transform(NULL, (const byte*)&input1), 0);
-    ExpectIntEQ(SHA_Transform(&sha.compat, NULL), 0);
-    ExpectIntEQ(SHA1_Transform(NULL, NULL), 0);
-    ExpectIntEQ(SHA1_Transform(NULL, (const byte*)&input1), 0);
-    ExpectIntEQ(SHA1_Transform(&sha.compat, NULL), 0);
-    ExpectIntEQ(wc_ShaTransform(NULL, NULL), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
-    ExpectIntEQ(wc_ShaTransform(NULL, (const byte*)&input1), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
-    ExpectIntEQ(wc_ShaTransform(&sha.native, NULL), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
-
-    /* Init SHA CTX */
-    ExpectIntEQ(SHA_Init(&sha.compat), 1);
-    /* Do Transform*/
-    sLen = (word32)XSTRLEN((char*)input1);
-    XMEMCPY(local, input1, sLen);
-    ExpectIntEQ(SHA_Transform(&sha.compat, (const byte*)&local[0]), 1);
-    ExpectIntEQ(XMEMCMP(sha.native.digest, output1, WC_SHA_DIGEST_SIZE), 0);
-    ExpectIntEQ(SHA_Final(local, &sha.compat), 1); /* frees resources */
-
-    /* Init SHA CTX */
-    ExpectIntEQ(SHA_Init(&sha.compat), 1);
-    sLen = (word32)XSTRLEN((char*)input2);
-    XMEMSET(local, 0, WC_SHA_BLOCK_SIZE);
-    XMEMCPY(local, input2, sLen);
-    ExpectIntEQ(SHA_Transform(&sha.compat, (const byte*)&local[0]), 1);
-    ExpectIntEQ(XMEMCMP(sha.native.digest, output2, WC_SHA_DIGEST_SIZE), 0);
-    ExpectIntEQ(SHA_Final(local, &sha.compat), 1); /* frees resources */
-
-    /* SHA1 */
-    XMEMSET(local, 0, WC_SHA_BLOCK_SIZE);
-    /* Init SHA CTX */
-    ExpectIntEQ(SHA1_Init(&sha1.compat), 1);
-    /* Do Transform*/
-    sLen = (word32)XSTRLEN((char*)input1);
-    XMEMCPY(local, input1, sLen);
-    ExpectIntEQ(SHA1_Transform(&sha1.compat, (const byte*)&local[0]), 1);
-    ExpectIntEQ(XMEMCMP(sha1.native.digest, output1, WC_SHA_DIGEST_SIZE), 0);
-    ExpectIntEQ(SHA1_Final(local, &sha1.compat), 1); /* frees resources */
-
-    /* Init SHA CTX */
-    ExpectIntEQ(SHA1_Init(&sha1.compat), 1);
-    sLen = (word32)XSTRLEN((char*)input2);
-    XMEMSET(local, 0, WC_SHA_BLOCK_SIZE);
-    XMEMCPY(local, input2, sLen);
-    ExpectIntEQ(SHA1_Transform(&sha1.compat, (const byte*)&local[0]), 1);
-    ExpectIntEQ(XMEMCMP(sha1.native.digest, output2, WC_SHA_DIGEST_SIZE), 0);
-    ExpectIntEQ(SHA_Final(local, &sha1.compat), 1); /* frees resources */
-#endif
-#endif
-    return EXPECT_RESULT();
-}
-
-static int test_wolfSSL_SHA224(void)
-{
-    EXPECT_DECLS;
-#if defined(OPENSSL_EXTRA) && defined(WOLFSSL_SHA224) && \
-    !defined(HAVE_SELFTEST) && (!defined(HAVE_FIPS) || \
-    (defined(HAVE_FIPS_VERSION) && HAVE_FIPS_VERSION > 2))
-    unsigned char input[] =
-        "abcdbcdecdefdefgefghfghighijhijkijkljklmklmnlmnomnopnopq";
-    unsigned char output[] =
-         "\x75\x38\x8b\x16\x51\x27\x76\xcc\x5d\xba\x5d\xa1\xfd\x89\x01"
-         "\x50\xb0\xc6\x45\x5c\xb4\xf5\x8b\x19\x52\x52\x25\x25";
-    size_t inLen;
-    byte hash[WC_SHA224_DIGEST_SIZE];
-    unsigned char* p = NULL;
-
-    inLen  = XSTRLEN((char*)input);
-
-    XMEMSET(hash, 0, WC_SHA224_DIGEST_SIZE);
-
-    ExpectNull(SHA224(NULL, inLen, hash));
-    ExpectNotNull(SHA224(input, 0, hash));
-    ExpectNotNull(SHA224(input, inLen, NULL));
-    ExpectNotNull(SHA224(NULL, 0, hash));
-    ExpectNotNull(SHA224(NULL, 0, NULL));
-
-    ExpectNotNull(SHA224(input, inLen, hash));
-    ExpectIntEQ(XMEMCMP(hash, output, WC_SHA224_DIGEST_SIZE), 0);
-    ExpectNotNull(p = SHA224(input, inLen, NULL));
-    ExpectIntEQ(XMEMCMP(p, output, WC_SHA224_DIGEST_SIZE), 0);
-#endif
-    return EXPECT_RESULT();
-}
-
-static int test_wolfSSL_SHA256(void)
-{
-    EXPECT_DECLS;
-#if defined(OPENSSL_EXTRA) && !defined(NO_SHA256) && \
-    defined(NO_OLD_SHA_NAMES) && !defined(HAVE_FIPS) && !defined(HAVE_SELFTEST)
-    unsigned char input[] =
-        "abcdbcdecdefdefgefghfghighijhijkijkljklmklmnlmnomnopnopq";
-    unsigned char output[] =
-        "\x24\x8D\x6A\x61\xD2\x06\x38\xB8\xE5\xC0\x26\x93\x0C\x3E\x60"
-        "\x39\xA3\x3C\xE4\x59\x64\xFF\x21\x67\xF6\xEC\xED\xD4\x19\xDB"
-        "\x06\xC1";
-    size_t inLen;
-    byte hash[WC_SHA256_DIGEST_SIZE];
-
-    inLen  = XSTRLEN((char*)input);
-
-    XMEMSET(hash, 0, WC_SHA256_DIGEST_SIZE);
-    ExpectNotNull(SHA256(input, inLen, hash));
-    ExpectIntEQ(XMEMCMP(hash, output, WC_SHA256_DIGEST_SIZE), 0);
-#endif
-    return EXPECT_RESULT();
-}
-
-static int test_wolfSSL_SHA256_Transform(void)
-{
-    EXPECT_DECLS;
-#if defined(OPENSSL_EXTRA) && !defined(NO_SHA256)
-#if !defined(HAVE_SELFTEST) && (!defined(HAVE_FIPS) || \
-        (defined(HAVE_FIPS_VERSION) && (HAVE_FIPS_VERSION > 2))) && \
-        !defined(WOLFSSL_DEVCRYPTO_HASH) && !defined(WOLFSSL_AFALG_HASH) && \
-        !defined(WOLFSSL_KCAPI_HASH)
-    byte input1[] = "";
-    byte input2[] = "abc";
-    byte local[WC_SHA256_BLOCK_SIZE];
-    word32 sLen = 0;
-#ifdef BIG_ENDIAN_ORDER
-    unsigned char output1[] =
-        "\xda\x56\x98\xbe\x17\xb9\xb4\x69\x62\x33\x57\x99\x77\x9f\xbe\xca"
-        "\x8c\xe5\xd4\x91\xc0\xd2\x62\x43\xba\xfe\xf9\xea\x18\x37\xa9\xd8";
-    unsigned char output2[] =
-        "\x1d\x4e\xd4\x67\x67\x7c\x61\x67\x44\x10\x76\x26\x78\x10\xff\xb8"
-        "\x40\xc8\x9a\x39\x73\x16\x60\x8c\xa6\x61\xd6\x05\x91\xf2\x8c\x35";
-#else
-    unsigned char output1[] =
-        "\xbe\x98\x56\xda\x69\xb4\xb9\x17\x99\x57\x33\x62\xca\xbe\x9f\x77"
-        "\x91\xd4\xe5\x8c\x43\x62\xd2\xc0\xea\xf9\xfe\xba\xd8\xa9\x37\x18";
-    unsigned char output2[] =
-        "\x67\xd4\x4e\x1d\x67\x61\x7c\x67\x26\x76\x10\x44\xb8\xff\x10\x78"
-        "\x39\x9a\xc8\x40\x8c\x60\x16\x73\x05\xd6\x61\xa6\x35\x8c\xf2\x91";
-#endif
-    union {
-        wc_Sha256 native;
-        SHA256_CTX compat;
-    } sha256;
-
-    XMEMSET(&sha256.compat, 0, sizeof(sha256.compat));
-    XMEMSET(&local, 0, sizeof(local));
-
-    /* sanity check */
-    ExpectIntEQ(SHA256_Transform(NULL, NULL), 0);
-    ExpectIntEQ(SHA256_Transform(NULL, (const byte*)&input1), 0);
-    ExpectIntEQ(SHA256_Transform(&sha256.compat, NULL), 0);
-    ExpectIntEQ(wc_Sha256Transform(NULL, NULL), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
-    ExpectIntEQ(wc_Sha256Transform(NULL, (const byte*)&input1), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
-    ExpectIntEQ(wc_Sha256Transform(&sha256.native, NULL), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
-
-    /* Init SHA256 CTX */
-    ExpectIntEQ(SHA256_Init(&sha256.compat), 1);
-    /* Do Transform*/
-    sLen = (word32)XSTRLEN((char*)input1);
-    XMEMCPY(local, input1, sLen);
-    ExpectIntEQ(SHA256_Transform(&sha256.compat, (const byte*)&local[0]), 1);
-    ExpectIntEQ(XMEMCMP(sha256.native.digest, output1, WC_SHA256_DIGEST_SIZE),
-        0);
-    ExpectIntEQ(SHA256_Final(local, &sha256.compat), 1); /* frees resources */
-
-    /* Init SHA256 CTX */
-    ExpectIntEQ(SHA256_Init(&sha256.compat), 1);
-    sLen = (word32)XSTRLEN((char*)input2);
-    XMEMSET(local, 0, WC_SHA256_BLOCK_SIZE);
-    XMEMCPY(local, input2, sLen);
-    ExpectIntEQ(SHA256_Transform(&sha256.compat, (const byte*)&local[0]), 1);
-    ExpectIntEQ(XMEMCMP(sha256.native.digest, output2, WC_SHA256_DIGEST_SIZE),
-        0);
-    ExpectIntEQ(SHA256_Final(local, &sha256.compat), 1); /* frees resources */
-#endif
-#endif
-    return EXPECT_RESULT();
-}
-
-static int test_wolfSSL_SHA512_Transform(void)
-{
-    EXPECT_DECLS;
-#if defined(OPENSSL_EXTRA) && defined(WOLFSSL_SHA512)
-#if !defined(HAVE_SELFTEST) && (!defined(HAVE_FIPS) || \
-        (defined(HAVE_FIPS_VERSION) && (HAVE_FIPS_VERSION > 2))) && \
-        !defined(WOLFSSL_KCAPI_HASH)
-    byte input1[] = "";
-    byte input2[] = "abc";
-    byte local[WC_SHA512_BLOCK_SIZE];
-    word32 sLen = 0;
-#ifdef BIG_ENDIAN_ORDER
-    unsigned char output1[] =
-        "\xcf\x78\x81\xd5\x77\x4a\xcb\xe8\x53\x33\x62\xe0\xfb\xc7\x80\x70"
-        "\x02\x67\x63\x9d\x87\x46\x0e\xda\x30\x86\xcb\x40\xe8\x59\x31\xb0"
-        "\x71\x7d\xc9\x52\x88\xa0\x23\xa3\x96\xba\xb2\xc1\x4c\xe0\xb5\xe0"
-        "\x6f\xc4\xfe\x04\xea\xe3\x3e\x0b\x91\xf4\xd8\x0c\xbd\x66\x8b\xee";
-   unsigned char output2[] =
-        "\x11\x10\x93\x4e\xeb\xa0\xcc\x0d\xfd\x33\x43\x9c\xfb\x04\xc8\x21"
-        "\xa9\xb4\x26\x3d\xca\xab\x31\x41\xe2\xc6\xaa\xaf\xe1\x67\xd7\xab"
-        "\x31\x8f\x2e\x54\x2c\xba\x4e\x83\xbe\x88\xec\x9d\x8f\x2b\x38\x98"
-        "\x14\xd2\x4e\x9d\x53\x8b\x5e\x4d\xde\x68\x6c\x69\xaf\x20\x96\xf0";
-#else
-    unsigned char output1[] =
-        "\xe8\xcb\x4a\x77\xd5\x81\x78\xcf\x70\x80\xc7\xfb\xe0\x62\x33\x53"
-        "\xda\x0e\x46\x87\x9d\x63\x67\x02\xb0\x31\x59\xe8\x40\xcb\x86\x30"
-        "\xa3\x23\xa0\x88\x52\xc9\x7d\x71\xe0\xb5\xe0\x4c\xc1\xb2\xba\x96"
-        "\x0b\x3e\xe3\xea\x04\xfe\xc4\x6f\xee\x8b\x66\xbd\x0c\xd8\xf4\x91";
-   unsigned char output2[] =
-        "\x0d\xcc\xa0\xeb\x4e\x93\x10\x11\x21\xc8\x04\xfb\x9c\x43\x33\xfd"
-        "\x41\x31\xab\xca\x3d\x26\xb4\xa9\xab\xd7\x67\xe1\xaf\xaa\xc6\xe2"
-        "\x83\x4e\xba\x2c\x54\x2e\x8f\x31\x98\x38\x2b\x8f\x9d\xec\x88\xbe"
-        "\x4d\x5e\x8b\x53\x9d\x4e\xd2\x14\xf0\x96\x20\xaf\x69\x6c\x68\xde";
-#endif
-    union {
-        wc_Sha512 native;
-        SHA512_CTX compat;
-    } sha512;
-
-    XMEMSET(&sha512.compat, 0, sizeof(sha512.compat));
-    XMEMSET(&local, 0, sizeof(local));
-
-    /* sanity check */
-    ExpectIntEQ(SHA512_Transform(NULL, NULL), 0);
-    ExpectIntEQ(SHA512_Transform(NULL, (const byte*)&input1), 0);
-    ExpectIntEQ(SHA512_Transform(&sha512.compat, NULL), 0);
-    ExpectIntEQ(wc_Sha512Transform(NULL, NULL), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
-    ExpectIntEQ(wc_Sha512Transform(NULL, (const byte*)&input1), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
-    ExpectIntEQ(wc_Sha512Transform(&sha512.native, NULL), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
-
-    /* Init SHA512 CTX */
-    ExpectIntEQ(wolfSSL_SHA512_Init(&sha512.compat), 1);
-
-    /* Do Transform*/
-    sLen = (word32)XSTRLEN((char*)input1);
-    XMEMCPY(local, input1, sLen);
-    ExpectIntEQ(SHA512_Transform(&sha512.compat, (const byte*)&local[0]), 1);
-    ExpectIntEQ(XMEMCMP(sha512.native.digest, output1,
-                                                    WC_SHA512_DIGEST_SIZE), 0);
-    ExpectIntEQ(SHA512_Final(local, &sha512.compat), 1); /* frees resources */
-
-    /* Init SHA512 CTX */
-    ExpectIntEQ(SHA512_Init(&sha512.compat), 1);
-    sLen = (word32)XSTRLEN((char*)input2);
-    XMEMSET(local, 0, WC_SHA512_BLOCK_SIZE);
-    XMEMCPY(local, input2, sLen);
-    ExpectIntEQ(SHA512_Transform(&sha512.compat, (const byte*)&local[0]), 1);
-    ExpectIntEQ(XMEMCMP(sha512.native.digest, output2,
-                                                    WC_SHA512_DIGEST_SIZE), 0);
-    ExpectIntEQ(SHA512_Final(local, &sha512.compat), 1); /* frees resources */
-
-    (void)input1;
-#endif
-#endif
-    return EXPECT_RESULT();
-}
-
-static int test_wolfSSL_SHA512_224_Transform(void)
-{
-    EXPECT_DECLS;
-#if defined(OPENSSL_EXTRA) && defined(WOLFSSL_SHA512) && \
-    !defined(WOLFSSL_NOSHA512_224)
-#if !defined(HAVE_SELFTEST) && (!defined(HAVE_FIPS) || \
-        (defined(HAVE_FIPS_VERSION) && (HAVE_FIPS_VERSION > 2))) && \
-        !defined(WOLFSSL_KCAPI_HASH)
-    byte input1[] = "";
-    byte input2[] = "abc";
-    byte local[WC_SHA512_BLOCK_SIZE];
-    word32 sLen = 0;
-    unsigned char output1[] =
-        "\x94\x24\x66\xd4\x60\x3a\xeb\x23\x1d\xa8\x69\x31\x3c\xd2\xde\x11"
-        "\x48\x0f\x4a\x5a\xdf\x3a\x8d\x87\xcf\xcd\xbf\xa5\x03\x21\x50\xf1"
-        "\x8a\x0d\x0f\x0d\x3c\x07\xba\x52\xe0\xaa\x3c\xbb\xf1\xd3\x3f\xca"
-        "\x12\xa7\x61\xf8\x47\xda\x0d\x1b\x79\xc2\x65\x13\x92\xc1\x9c\xa5";
-   unsigned char output2[] =
-        "\x51\x28\xe7\x0b\xca\x1e\xbc\x5f\xd7\x34\x0b\x48\x30\xd7\xc2\x75"
-        "\x6d\x8d\x48\x2c\x1f\xc7\x9e\x2b\x20\x5e\xbb\x0f\x0e\x4d\xb7\x61"
-        "\x31\x76\x33\xa0\xb4\x3d\x5f\x93\xc1\x73\xac\xf7\x21\xff\x69\x17"
-        "\xce\x66\xe5\x1e\x31\xe7\xf3\x22\x0f\x0b\x34\xd7\x5a\x57\xeb\xbf";
-    union {
-        wc_Sha512 native;
-        SHA512_CTX compat;
-    } sha512;
-
-#ifdef BIG_ENDIAN_ORDER
-    ByteReverseWords64((word64*)output1, (word64*)output1, sizeof(output1));
-    ByteReverseWords64((word64*)output2, (word64*)output2, sizeof(output2));
-#endif
-
-    XMEMSET(&sha512.compat, 0, sizeof(sha512.compat));
-    XMEMSET(&local, 0, sizeof(local));
-
-    /* sanity check */
-    ExpectIntEQ(SHA512_224_Transform(NULL, NULL), 0);
-    ExpectIntEQ(SHA512_224_Transform(NULL, (const byte*)&input1), 0);
-    ExpectIntEQ(SHA512_224_Transform(&sha512.compat, NULL), 0);
-    ExpectIntEQ(wc_Sha512_224Transform(NULL, NULL), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
-    ExpectIntEQ(wc_Sha512_224Transform(NULL, (const byte*)&input1),
-        WC_NO_ERR_TRACE(BAD_FUNC_ARG));
-    ExpectIntEQ(wc_Sha512_224Transform(&sha512.native, NULL), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
-
-    /* Init SHA512 CTX */
-    ExpectIntEQ(wolfSSL_SHA512_224_Init(&sha512.compat), 1);
-
-    /* Do Transform*/
-    sLen = (word32)XSTRLEN((char*)input1);
-    XMEMCPY(local, input1, sLen);
-    ExpectIntEQ(SHA512_224_Transform(&sha512.compat, (const byte*)&local[0]),
-        1);
-    ExpectIntEQ(XMEMCMP(sha512.native.digest, output1,
-        WC_SHA512_DIGEST_SIZE), 0);
-    /* frees resources */
-    ExpectIntEQ(SHA512_224_Final(local, &sha512.compat), 1);
-
-    /* Init SHA512 CTX */
-    ExpectIntEQ(SHA512_224_Init(&sha512.compat), 1);
-    sLen = (word32)XSTRLEN((char*)input2);
-    XMEMSET(local, 0, WC_SHA512_BLOCK_SIZE);
-    XMEMCPY(local, input2, sLen);
-    ExpectIntEQ(SHA512_224_Transform(&sha512.compat, (const byte*)&local[0]),
-        1);
-    ExpectIntEQ(XMEMCMP(sha512.native.digest, output2,
-        WC_SHA512_DIGEST_SIZE), 0);
-    /* frees resources */
-    ExpectIntEQ(SHA512_224_Final(local, &sha512.compat), 1);
-#endif
-#endif
-    return EXPECT_RESULT();
-}
-
-static int test_wolfSSL_SHA512_256_Transform(void)
-{
-    EXPECT_DECLS;
-#if defined(OPENSSL_EXTRA) && defined(WOLFSSL_SHA512) && \
-    !defined(WOLFSSL_NOSHA512_256)
-#if !defined(HAVE_SELFTEST) && (!defined(HAVE_FIPS) || \
-        (defined(HAVE_FIPS_VERSION) && (HAVE_FIPS_VERSION > 2))) && \
-        !defined(WOLFSSL_KCAPI_HASH)
-    byte input1[] = "";
-    byte input2[] = "abc";
-    byte local[WC_SHA512_BLOCK_SIZE];
-    word32 sLen = 0;
-    unsigned char output1[] =
-        "\xf8\x37\x37\x5a\xd7\x2e\x56\xec\xe2\x51\xa8\x31\x3a\xa0\x63\x2b"
-        "\x7e\x7c\x64\xcc\xd9\xff\x2b\x6b\xeb\xc3\xd4\x4d\x7f\x8a\x3a\xb5"
-        "\x61\x85\x0b\x37\x30\x9f\x3b\x08\x5e\x7b\xd3\xbc\x6d\x00\x61\xc0"
-        "\x65\x9a\xd7\x73\xda\x40\xbe\xc1\xe5\x2f\xc6\x5d\xb7\x9f\xbe\x60";
-   unsigned char output2[] =
-        "\x22\xad\xc0\x30\xee\xd4\x6a\xef\x13\xee\x5a\x95\x8b\x1f\xb7\xb6"
-        "\xb6\xba\xc0\x44\xb8\x18\x3b\xf0\xf6\x4b\x70\x9f\x03\xba\x64\xa1"
-        "\xe1\xe3\x45\x15\x91\x7d\xcb\x0b\x9a\xf0\xd2\x8e\x47\x8b\x37\x78"
-        "\x91\x41\xa6\xc4\xb0\x29\x8f\x8b\xdd\x78\x5c\xf2\x73\x3f\x21\x31";
-    union {
-        wc_Sha512 native;
-        SHA512_CTX compat;
-    } sha512;
-
-#ifdef BIG_ENDIAN_ORDER
-    ByteReverseWords64((word64*)output1, (word64*)output1, sizeof(output1));
-    ByteReverseWords64((word64*)output2, (word64*)output2, sizeof(output2));
-#endif
-
-    XMEMSET(&sha512.compat, 0, sizeof(sha512.compat));
-    XMEMSET(&local, 0, sizeof(local));
-
-    /* sanity check */
-    ExpectIntEQ(SHA512_256_Transform(NULL, NULL), 0);
-    ExpectIntEQ(SHA512_256_Transform(NULL, (const byte*)&input1), 0);
-    ExpectIntEQ(SHA512_256_Transform(&sha512.compat, NULL), 0);
-    ExpectIntEQ(wc_Sha512_256Transform(NULL, NULL), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
-    ExpectIntEQ(wc_Sha512_256Transform(NULL, (const byte*)&input1),
-        WC_NO_ERR_TRACE(BAD_FUNC_ARG));
-    ExpectIntEQ(wc_Sha512_256Transform(&sha512.native, NULL), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
-
-    /* Init SHA512 CTX */
-    ExpectIntEQ(wolfSSL_SHA512_256_Init(&sha512.compat), 1);
-
-    /* Do Transform*/
-    sLen = (word32)XSTRLEN((char*)input1);
-    XMEMCPY(local, input1, sLen);
-    ExpectIntEQ(SHA512_256_Transform(&sha512.compat, (const byte*)&local[0]),
-        1);
-    ExpectIntEQ(XMEMCMP(sha512.native.digest, output1,
-        WC_SHA512_DIGEST_SIZE), 0);
-    /* frees resources */
-    ExpectIntEQ(SHA512_256_Final(local, &sha512.compat), 1);
-
-    /* Init SHA512 CTX */
-    ExpectIntEQ(SHA512_256_Init(&sha512.compat), 1);
-    sLen = (word32)XSTRLEN((char*)input2);
-    XMEMSET(local, 0, WC_SHA512_BLOCK_SIZE);
-    XMEMCPY(local, input2, sLen);
-    ExpectIntEQ(SHA512_256_Transform(&sha512.compat, (const byte*)&local[0]),
-        1);
-    ExpectIntEQ(XMEMCMP(sha512.native.digest, output2,
-        WC_SHA512_DIGEST_SIZE), 0);
-    /* frees resources */
-    ExpectIntEQ(SHA512_256_Final(local, &sha512.compat), 1);
-#endif
-#endif
-    return EXPECT_RESULT();
-}
-
-#if defined(OPENSSL_EXTRA) && !defined(NO_HMAC)
-/* helper function for test_wolfSSL_HMAC_CTX, digest size is expected to be a
- * buffer of 64 bytes.
- *
- * returns the size of the digest buffer on success and a negative value on
- * failure.
- */
-static int test_HMAC_CTX_helper(const EVP_MD* type, unsigned char* digest,
-    int* sz)
-{
-    EXPECT_DECLS;
-    HMAC_CTX ctx1;
-    HMAC_CTX ctx2;
-
-    unsigned char key[] = "\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b"
-                          "\x0b\x0b\x0b\x0b\x0b\x0b\x0b";
-    unsigned char long_key[] =
-        "0123456789012345678901234567890123456789"
-        "0123456789012345678901234567890123456789"
-        "0123456789012345678901234567890123456789"
-        "0123456789012345678901234567890123456789";
-
-    unsigned char msg[] = "message to hash";
-    unsigned int  digestSz = 64;
-    int keySz = sizeof(key);
-    int long_keySz = sizeof(long_key);
-    int msgSz = sizeof(msg);
-
-    unsigned char digest2[64];
-    unsigned int digestSz2 = 64;
-
-    HMAC_CTX_init(&ctx1);
-    HMAC_CTX_init(&ctx2);
-
-    ExpectIntEQ(HMAC_Init(&ctx1, (const void*)key, keySz, type), SSL_SUCCESS);
-    ExpectIntEQ(HMAC_Update(&ctx1, msg, msgSz), SSL_SUCCESS);
-    ExpectIntEQ(HMAC_CTX_copy(&ctx2, &ctx1), SSL_SUCCESS);
-
-    ExpectIntEQ(HMAC_Update(&ctx1, msg, msgSz), SSL_SUCCESS);
-    ExpectIntEQ(HMAC_Final(&ctx1, digest, &digestSz), SSL_SUCCESS);
-    HMAC_CTX_cleanup(&ctx1);
-
-    ExpectIntEQ(HMAC_Update(&ctx2, msg, msgSz), SSL_SUCCESS);
-    ExpectIntEQ(HMAC_Final(&ctx2, digest2, &digestSz2), SSL_SUCCESS);
-    HMAC_CTX_cleanup(&ctx2);
-
-    ExpectIntEQ(digestSz, digestSz2);
-    ExpectIntEQ(XMEMCMP(digest, digest2, digestSz), 0);
-
-    /* test HMAC_Init with NULL key */
-
-    /* init after copy */
-    HMAC_CTX_init(&ctx1);
-    ExpectIntEQ(HMAC_Init(&ctx1, (const void*)key, keySz, type), SSL_SUCCESS);
-    ExpectIntEQ(HMAC_Update(&ctx1, msg, msgSz), SSL_SUCCESS);
-    ExpectIntEQ(HMAC_CTX_copy(&ctx2, &ctx1), SSL_SUCCESS);
-
-    ExpectIntEQ(HMAC_Init(&ctx1, NULL, 0, NULL), SSL_SUCCESS);
-    ExpectIntEQ(HMAC_Update(&ctx1, msg, msgSz), SSL_SUCCESS);
-    ExpectIntEQ(HMAC_Update(&ctx1, msg, msgSz), SSL_SUCCESS);
-    ExpectIntEQ(HMAC_Final(&ctx1, digest, &digestSz), SSL_SUCCESS);
-    HMAC_CTX_cleanup(&ctx1);
-
-    ExpectIntEQ(HMAC_Init(&ctx2, NULL, 0, NULL), SSL_SUCCESS);
-    ExpectIntEQ(HMAC_Update(&ctx2, msg, msgSz), SSL_SUCCESS);
-    ExpectIntEQ(HMAC_Update(&ctx2, msg, msgSz), SSL_SUCCESS);
-    ExpectIntEQ(HMAC_Final(&ctx2, digest2, &digestSz), SSL_SUCCESS);
-    HMAC_CTX_cleanup(&ctx2);
-
-    ExpectIntEQ(digestSz, digestSz2);
-    ExpectIntEQ(XMEMCMP(digest, digest2, digestSz), 0);
-
-    /* long key */
-    HMAC_CTX_init(&ctx1);
-    ExpectIntEQ(HMAC_Init(&ctx1, (const void*)long_key, long_keySz, type),
-        SSL_SUCCESS);
-    ExpectIntEQ(HMAC_Update(&ctx1, msg, msgSz), SSL_SUCCESS);
-    ExpectIntEQ(HMAC_CTX_copy(&ctx2, &ctx1), SSL_SUCCESS);
-
-    ExpectIntEQ(HMAC_Init(&ctx1, NULL, 0, NULL), SSL_SUCCESS);
-    ExpectIntEQ(HMAC_Update(&ctx1, msg, msgSz), SSL_SUCCESS);
-    ExpectIntEQ(HMAC_Update(&ctx1, msg, msgSz), SSL_SUCCESS);
-    ExpectIntEQ(HMAC_Final(&ctx1, digest, &digestSz), SSL_SUCCESS);
-    HMAC_CTX_cleanup(&ctx1);
-
-    ExpectIntEQ(HMAC_Init(&ctx2, NULL, 0, NULL), SSL_SUCCESS);
-    ExpectIntEQ(HMAC_Update(&ctx2, msg, msgSz), SSL_SUCCESS);
-    ExpectIntEQ(HMAC_Update(&ctx2, msg, msgSz), SSL_SUCCESS);
-    ExpectIntEQ(HMAC_Final(&ctx2, digest2, &digestSz), SSL_SUCCESS);
-    HMAC_CTX_cleanup(&ctx2);
-
-    ExpectIntEQ(digestSz, digestSz2);
-    ExpectIntEQ(XMEMCMP(digest, digest2, digestSz), 0);
-
-    /* init before copy */
-    HMAC_CTX_init(&ctx1);
-    ExpectIntEQ(HMAC_Init(&ctx1, (const void*)key, keySz, type), SSL_SUCCESS);
-    ExpectIntEQ(HMAC_Update(&ctx1, msg, msgSz), SSL_SUCCESS);
-    ExpectIntEQ(HMAC_Init(&ctx1, NULL, 0, NULL), SSL_SUCCESS);
-    ExpectIntEQ(HMAC_CTX_copy(&ctx2, &ctx1), SSL_SUCCESS);
-
-    ExpectIntEQ(HMAC_Update(&ctx1, msg, msgSz), SSL_SUCCESS);
-    ExpectIntEQ(HMAC_Update(&ctx1, msg, msgSz), SSL_SUCCESS);
-    ExpectIntEQ(HMAC_Final(&ctx1, digest, &digestSz), SSL_SUCCESS);
-    HMAC_CTX_cleanup(&ctx1);
-
-    ExpectIntEQ(HMAC_Update(&ctx2, msg, msgSz), SSL_SUCCESS);
-    ExpectIntEQ(HMAC_Update(&ctx2, msg, msgSz), SSL_SUCCESS);
-    ExpectIntEQ(HMAC_Final(&ctx2, digest2, &digestSz), SSL_SUCCESS);
-    HMAC_CTX_cleanup(&ctx2);
-
-    ExpectIntEQ(digestSz, digestSz2);
-    ExpectIntEQ(XMEMCMP(digest, digest2, digestSz), 0);
-
-    *sz = (int)digestSz;
-    return EXPECT_RESULT();
-}
-#endif /* defined(OPENSSL_EXTRA) && !defined(NO_HMAC) */
-
-static int test_wolfSSL_HMAC_CTX(void)
-{
-    EXPECT_DECLS;
-#if defined(OPENSSL_EXTRA) && !defined(NO_HMAC)
-    unsigned char digest[64];
-    int digestSz;
-    WOLFSSL_HMAC_CTX* hmac_ctx = NULL;
-    WOLFSSL_HMAC_CTX ctx1;
-    WOLFSSL_HMAC_CTX ctx2;
-
-    ExpectNotNull(hmac_ctx = wolfSSL_HMAC_CTX_new());
-    ExpectIntEQ(wolfSSL_HMAC_CTX_Init(NULL), 1);
-    ExpectIntEQ(wolfSSL_HMAC_CTX_Init(hmac_ctx), 1);
-    wolfSSL_HMAC_CTX_free(NULL);
-    wolfSSL_HMAC_CTX_free(hmac_ctx);
-
-    XMEMSET(&ctx2, 0, sizeof(WOLFSSL_HMAC_CTX));
-    ExpectIntEQ(HMAC_CTX_init(NULL), 1);
-    ExpectIntEQ(HMAC_CTX_init(&ctx2), 1);
-    ExpectIntEQ(HMAC_CTX_copy(NULL, NULL), 0);
-    ExpectIntEQ(HMAC_CTX_copy(NULL, &ctx2), 0);
-    ExpectIntEQ(HMAC_CTX_copy(&ctx2, NULL), 0);
-#if defined(HAVE_SELFTEST) || (defined(HAVE_FIPS) && \
-    ((! defined(HAVE_FIPS_VERSION)) || \
-     defined(HAVE_FIPS_VERSION) && (HAVE_FIPS_VERSION <= 2)))
-    /* Copy object that hasn't had a digest set - MD5. */
-    ExpectIntEQ(HMAC_CTX_copy(&ctx1, &ctx2), 1);
-#else
-    /* Copy object that hasn't had a digest set. */
-    ExpectIntEQ(HMAC_CTX_copy(&ctx1, &ctx2), 0);
-#endif
-    HMAC_CTX_cleanup(NULL);
-    HMAC_CTX_cleanup(&ctx2);
-
-    ExpectNull(HMAC_CTX_get_md(NULL));
-
-    #ifndef NO_SHA
-    ExpectIntEQ((test_HMAC_CTX_helper(EVP_sha1(), digest, &digestSz)),
-        TEST_SUCCESS);
-    ExpectIntEQ(digestSz, 20);
-    ExpectIntEQ(XMEMCMP("\xD9\x68\x77\x23\x70\xFB\x53\x70\x53\xBA\x0E\xDC\xDA"
-                          "\xBF\x03\x98\x31\x19\xB2\xCC", digest, digestSz), 0);
-    #endif /* !NO_SHA */
-    #ifdef WOLFSSL_SHA224
-    ExpectIntEQ((test_HMAC_CTX_helper(EVP_sha224(), digest, &digestSz)),
-        TEST_SUCCESS);
-    ExpectIntEQ(digestSz, 28);
-    ExpectIntEQ(XMEMCMP("\x57\xFD\xF4\xE1\x2D\xB0\x79\xD7\x4B\x25\x7E\xB1\x95"
-                          "\x9C\x11\xAC\x2D\x1E\x78\x94\x4F\x3A\x0F\xED\xF8\xAD"
-                          "\x02\x0E", digest, digestSz), 0);
-    #endif /* WOLFSSL_SHA224 */
-    #ifndef NO_SHA256
-    ExpectIntEQ((test_HMAC_CTX_helper(EVP_sha256(), digest, &digestSz)),
-        TEST_SUCCESS);
-    ExpectIntEQ(digestSz, 32);
-    ExpectIntEQ(XMEMCMP("\x13\xAB\x76\x91\x0C\x37\x86\x8D\xB3\x7E\x30\x0C\xFC"
-                          "\xB0\x2E\x8E\x4A\xD7\xD4\x25\xCC\x3A\xA9\x0F\xA2\xF2"
-                          "\x47\x1E\x62\x6F\x5D\xF2", digest, digestSz), 0);
-    #endif /* !NO_SHA256 */
-
-    #ifdef WOLFSSL_SHA384
-    ExpectIntEQ((test_HMAC_CTX_helper(EVP_sha384(), digest, &digestSz)),
-        TEST_SUCCESS);
-    ExpectIntEQ(digestSz, 48);
-    ExpectIntEQ(XMEMCMP("\x9E\xCB\x07\x0C\x11\x76\x3F\x23\xC3\x25\x0E\xC4\xB7"
-                          "\x28\x77\x95\x99\xD5\x9D\x7A\xBB\x1A\x9F\xB7\xFD\x25"
-                          "\xC9\x72\x47\x9F\x8F\x86\x76\xD6\x20\x57\x87\xB7\xE7"
-                          "\xCD\xFB\xC2\xCC\x9F\x2B\xC5\x41\xAB",
-                          digest, digestSz), 0);
-    #endif /* WOLFSSL_SHA384 */
-    #ifdef WOLFSSL_SHA512
-    ExpectIntEQ((test_HMAC_CTX_helper(EVP_sha512(), digest, &digestSz)),
-        TEST_SUCCESS);
-    ExpectIntEQ(digestSz, 64);
-    ExpectIntEQ(XMEMCMP("\xD4\x21\x0C\x8B\x60\x6F\xF4\xBF\x07\x2F\x26\xCC\xAD"
-                          "\xBC\x06\x0B\x34\x78\x8B\x4F\xD6\xC0\x42\xF1\x33\x10"
-                          "\x6C\x4F\x1E\x55\x59\xDD\x2A\x9F\x15\x88\x62\xF8\x60"
-                          "\xA3\x99\x91\xE2\x08\x7B\xF7\x95\x3A\xB0\x92\x48\x60"
-                          "\x88\x8B\x5B\xB8\x5F\xE9\xB6\xB1\x96\xE3\xB5\xF0",
-                          digest, digestSz), 0);
-    #endif /* WOLFSSL_SHA512 */
-
-#ifdef WOLFSSL_SHA3
-    #ifndef WOLFSSL_NOSHA3_224
-    ExpectIntEQ((test_HMAC_CTX_helper(EVP_sha3_224(), digest, &digestSz)),
-        TEST_SUCCESS);
-    ExpectIntEQ(digestSz, 28);
-    ExpectIntEQ(XMEMCMP("\xdc\x53\x25\x3f\xc0\x9d\x2b\x0c\x7f\x59\x11\x17\x08"
-                        "\x5c\xe8\x43\x31\x01\x5a\xb3\xe3\x08\x37\x71\x26\x0b"
-                        "\x29\x0f", digest, digestSz), 0);
-    #endif
-    #ifndef WOLFSSL_NOSHA3_256
-    ExpectIntEQ((test_HMAC_CTX_helper(EVP_sha3_256(), digest, &digestSz)),
-        TEST_SUCCESS);
-    ExpectIntEQ(digestSz, 32);
-    ExpectIntEQ(XMEMCMP("\x0f\x00\x89\x82\x15\xce\xd6\x45\x01\x83\xce\xc8\x35"
-                        "\xab\x71\x07\xc9\xfe\x61\x22\x38\xf9\x09\xad\x35\x65"
-                        "\x43\x77\x24\xd4\x1e\xf4", digest, digestSz), 0);
-    #endif
-    #ifndef WOLFSSL_NOSHA3_384
-    ExpectIntEQ((test_HMAC_CTX_helper(EVP_sha3_384(), digest, &digestSz)),
-        TEST_SUCCESS);
-    ExpectIntEQ(digestSz, 48);
-    ExpectIntEQ(XMEMCMP("\x0f\x6a\xc0\xfb\xc3\xf2\x80\xb1\xb4\x04\xb6\xc8\x45"
-                        "\x23\x3b\xb4\xbe\xc6\xea\x85\x07\xca\x8c\x71\xbb\x6e"
-                        "\x79\xf6\xf9\x2b\x98\xf5\xef\x11\x39\xd4\x5d\xd3\xca"
-                        "\xc0\xe6\x81\xf7\x73\xf9\x85\x5d\x4f",
-                          digest, digestSz), 0);
-    #endif
-    #ifndef WOLFSSL_NOSHA3_512
-    ExpectIntEQ((test_HMAC_CTX_helper(EVP_sha3_512(), digest, &digestSz)),
-        TEST_SUCCESS);
-    ExpectIntEQ(digestSz, 64);
-    ExpectIntEQ(XMEMCMP("\x3e\x77\xe3\x59\x42\x89\xed\xc3\xa4\x26\x3d\xa4\x75"
-                        "\xd2\x84\x8c\xb2\xf3\x25\x04\x47\x61\xce\x1c\x42\x86"
-                        "\xcd\xf4\x56\xaa\x2f\x84\xb1\x3b\x18\xed\xe6\xd6\x48"
-                        "\x15\xb0\x29\xc5\x9d\x32\xef\xdd\x3e\x09\xf6\xed\x9e"
-                        "\x70\xbc\x1c\x63\xf7\x3b\x3e\xe1\xdc\x84\x9c\x1c",
-                          digest, digestSz), 0);
-    #endif
-#endif
-
-    #if !defined(NO_MD5) && (!defined(HAVE_FIPS_VERSION) || \
-        HAVE_FIPS_VERSION <= 2)
-    ExpectIntEQ((test_HMAC_CTX_helper(EVP_md5(), digest, &digestSz)),
-        TEST_SUCCESS);
-    ExpectIntEQ(digestSz, 16);
-    ExpectIntEQ(XMEMCMP("\xB7\x27\xC4\x41\xE5\x2E\x62\xBA\x54\xED\x72\x70\x9F"
-                          "\xE4\x98\xDD", digest, digestSz), 0);
-    #endif /* !NO_MD5 */
-#endif
-    return EXPECT_RESULT();
-}
-
-#if defined(OPENSSL_EXTRA) && (!defined(NO_SHA256) || \
-    defined(WOLFSSL_SHA224) || defined(WOLFSSL_SHA384) || \
-    defined(WOLFSSL_SHA512) || defined(WOLFSSL_SHA3))
-static int test_openssl_hmac(const WOLFSSL_EVP_MD* md, int md_len)
-{
-    EXPECT_DECLS;
-    static const unsigned char key[] = "simple test key";
-    HMAC_CTX* hmac = NULL;
-    ENGINE* e = NULL;
-    unsigned char hash[WC_MAX_DIGEST_SIZE];
-    unsigned int len;
-
-    ExpectNotNull(hmac = HMAC_CTX_new());
-    HMAC_CTX_init(hmac);
-#if defined(HAVE_SELFTEST) || (defined(HAVE_FIPS) && \
-    ((! defined(HAVE_FIPS_VERSION)) || \
-     defined(HAVE_FIPS_VERSION) && (HAVE_FIPS_VERSION <= 2)))
-    /* Get size on object that hasn't had a digest set - MD5. */
-    ExpectIntEQ(HMAC_size(hmac), 16);
-    ExpectIntEQ(HMAC_Init(hmac, NULL, 0, NULL), 1);
-    ExpectIntEQ(HMAC_Init(hmac, (void*)key, (int)sizeof(key), NULL), 1);
-    ExpectIntEQ(HMAC_Init(hmac, NULL, 0, md), 1);
-#else
-    ExpectIntEQ(HMAC_size(hmac), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
-    ExpectIntEQ(HMAC_Init(hmac, NULL, 0, NULL), 0);
-    ExpectIntEQ(HMAC_Init(hmac, (void*)key, (int)sizeof(key), NULL), 0);
-    ExpectIntEQ(HMAC_Init(hmac, NULL, 0, md), 0);
-#endif
-    ExpectIntEQ(HMAC_Init_ex(NULL, (void*)key, (int)sizeof(key), md, e), 0);
-    ExpectIntEQ(HMAC_Init_ex(hmac, (void*)key, (int)sizeof(key), md, e), 1);
-
-    /* reusing test key as data to hash */
-    ExpectIntEQ(HMAC_Update(NULL, key, (int)sizeof(key)), 0);
-    ExpectIntEQ(HMAC_Update(hmac, key, (int)sizeof(key)), 1);
-    ExpectIntEQ(HMAC_Update(hmac, key, 0), 1);
-    ExpectIntEQ(HMAC_Update(hmac, NULL, 0), 1);
-    ExpectIntEQ(HMAC_Update(hmac, NULL, (int)sizeof(key)), 1);
-    ExpectIntEQ(HMAC_Final(NULL, NULL, &len), 0);
-    ExpectIntEQ(HMAC_Final(hmac, NULL, &len), 0);
-    ExpectIntEQ(HMAC_Final(NULL, hash, &len), 0);
-    ExpectIntEQ(HMAC_Final(hmac, hash, &len), 1);
-    ExpectIntEQ(HMAC_Final(hmac, hash, NULL), 1);
-    ExpectIntEQ(len, md_len);
-    ExpectIntEQ(HMAC_size(NULL), 0);
-    ExpectIntEQ(HMAC_size(hmac), md_len);
-    ExpectStrEQ(HMAC_CTX_get_md(hmac), md);
-
-    HMAC_cleanup(NULL);
-    HMAC_cleanup(hmac);
-    HMAC_CTX_free(hmac);
-
-    len = 0;
-    ExpectNull(HMAC(NULL, key, (int)sizeof(key), NULL, 0, hash, &len));
-    ExpectNull(HMAC(md, NULL, (int)sizeof(key), NULL, 0, hash, &len));
-    ExpectNull(HMAC(md, key, (int)sizeof(key), NULL, 0, NULL, &len));
-    ExpectNotNull(HMAC(md, key, (int)sizeof(key), NULL, 0, hash, &len));
-    ExpectIntEQ(len, md_len);
-    ExpectNotNull(HMAC(md, key, (int)sizeof(key), NULL, 0, hash, NULL));
-    /* With data. */
-    ExpectNotNull(HMAC(md, key, (int)sizeof(key), key, (int)sizeof(key), hash,
-        &len));
-    /* With NULL data. */
-    ExpectNull(HMAC(md, key, (int)sizeof(key), NULL, (int)sizeof(key), hash,
-        &len));
-    /* With zero length data. */
-    ExpectNotNull(HMAC(md, key, (int)sizeof(key), key, 0, hash, &len));
-
-    return EXPECT_RESULT();
-}
-#endif
-
-static int test_wolfSSL_HMAC(void)
-{
-    EXPECT_DECLS;
-#if defined(OPENSSL_EXTRA) && (!defined(NO_SHA256) || \
-    defined(WOLFSSL_SHA224) || defined(WOLFSSL_SHA384) || \
-    defined(WOLFSSL_SHA512) || defined(WOLFSSL_SHA3))
-#ifndef NO_SHA256
-    ExpectIntEQ(test_openssl_hmac(EVP_sha256(), (int)WC_SHA256_DIGEST_SIZE),
-        TEST_SUCCESS);
-#endif
-#ifdef WOLFSSL_SHA224
-    ExpectIntEQ(test_openssl_hmac(EVP_sha224(), (int)WC_SHA224_DIGEST_SIZE),
-        TEST_SUCCESS);
-#endif
-#ifdef WOLFSSL_SHA384
-    ExpectIntEQ(test_openssl_hmac(EVP_sha384(), (int)WC_SHA384_DIGEST_SIZE),
-        TEST_SUCCESS);
-#endif
-#ifdef WOLFSSL_SHA512
-    ExpectIntEQ(test_openssl_hmac(EVP_sha512(), (int)WC_SHA512_DIGEST_SIZE),
-        TEST_SUCCESS);
-#endif
-#ifdef WOLFSSL_SHA3
-    #ifndef WOLFSSL_NOSHA3_224
-        ExpectIntEQ(test_openssl_hmac(EVP_sha3_224(),
-             (int)WC_SHA3_224_DIGEST_SIZE), TEST_SUCCESS);
-    #endif
-    #ifndef WOLFSSL_NOSHA3_256
-        ExpectIntEQ(test_openssl_hmac(EVP_sha3_256(),
-             (int)WC_SHA3_256_DIGEST_SIZE), TEST_SUCCESS);
-    #endif
-    #ifndef WOLFSSL_NOSHA3_384
-        ExpectIntEQ(test_openssl_hmac(EVP_sha3_384(),
-             (int)WC_SHA3_384_DIGEST_SIZE), TEST_SUCCESS);
-    #endif
-    #ifndef WOLFSSL_NOSHA3_512
-        ExpectIntEQ(test_openssl_hmac(EVP_sha3_512(),
-             (int)WC_SHA3_512_DIGEST_SIZE), TEST_SUCCESS);
-    #endif
-#endif
-#ifndef NO_SHA
-    ExpectIntEQ(test_openssl_hmac(EVP_sha1(), (int)WC_SHA_DIGEST_SIZE),
-        TEST_SUCCESS);
-#endif
-#endif
-    return EXPECT_RESULT();
-}
-
-static int test_wolfSSL_CMAC(void)
-{
-    EXPECT_DECLS;
-#if defined(WOLFSSL_CMAC) && defined(OPENSSL_EXTRA) && \
-    defined(WOLFSSL_AES_DIRECT)
-    int i;
-    byte key[AES_256_KEY_SIZE];
-    CMAC_CTX* cmacCtx = NULL;
-    byte out[AES_BLOCK_SIZE];
-    size_t outLen = AES_BLOCK_SIZE;
-
-    for (i=0; i < AES_256_KEY_SIZE; ++i) {
-        key[i] = i;
-    }
-    ExpectNotNull(cmacCtx = CMAC_CTX_new());
-    /* Check CMAC_CTX_get0_cipher_ctx; return value not used. */
-    ExpectNotNull(CMAC_CTX_get0_cipher_ctx(cmacCtx));
-    ExpectIntEQ(CMAC_Init(cmacCtx, key, AES_128_KEY_SIZE, EVP_aes_128_cbc(),
-        NULL), 1);
-    /* reusing test key as data to hash */
-    ExpectIntEQ(CMAC_Update(cmacCtx, key, AES_128_KEY_SIZE), 1);
-    ExpectIntEQ(CMAC_Update(cmacCtx, NULL, 0), 1);
-    ExpectIntEQ(CMAC_Final(cmacCtx, out, &outLen), 1);
-    ExpectIntEQ(outLen, AES_BLOCK_SIZE);
-
-    /* No Update works. */
-    ExpectIntEQ(CMAC_Init(cmacCtx, key, AES_128_KEY_SIZE, EVP_aes_128_cbc(),
-        NULL), 1);
-    ExpectIntEQ(CMAC_Final(cmacCtx, out, NULL), 1);
-
-    ExpectIntEQ(CMAC_Init(cmacCtx, key, AES_128_KEY_SIZE, EVP_aes_128_cbc(),
-        NULL), 1);
-    /* Test parameters with CMAC_Update. */
-    ExpectIntEQ(CMAC_Update(NULL, NULL, 0), 0);
-    ExpectIntEQ(CMAC_Update(NULL, key, 0), 0);
-    ExpectIntEQ(CMAC_Update(NULL, NULL, AES_128_KEY_SIZE), 0);
-    ExpectIntEQ(CMAC_Update(NULL, key, AES_128_KEY_SIZE), 0);
-    ExpectIntEQ(CMAC_Update(cmacCtx, key, 0), 1);
-    ExpectIntEQ(CMAC_Update(cmacCtx, NULL, 0), 1);
-    ExpectIntEQ(CMAC_Update(cmacCtx, NULL, AES_128_KEY_SIZE), 1);
-    /* Test parameters with CMAC_Final. */
-    ExpectIntEQ(CMAC_Final(NULL, NULL, NULL), 0);
-    ExpectIntEQ(CMAC_Final(NULL, out, NULL), 0);
-    ExpectIntEQ(CMAC_Final(NULL, NULL, &outLen), 0);
-    ExpectIntEQ(CMAC_Final(NULL, out, &outLen), 0);
-    ExpectIntEQ(CMAC_Final(cmacCtx, NULL, NULL), 1);
-    ExpectIntEQ(CMAC_Final(cmacCtx, NULL, &outLen), 1);
-    ExpectIntEQ(CMAC_Final(cmacCtx, out, NULL), 1);
-    CMAC_CTX_free(cmacCtx);
-
-    /* Test parameters with CMAC Init. */
-    cmacCtx = NULL;
-    ExpectNotNull(cmacCtx = CMAC_CTX_new());
-    ExpectNotNull(CMAC_CTX_get0_cipher_ctx(cmacCtx));
-    ExpectIntEQ(CMAC_Init(NULL, NULL, 0, NULL, NULL), 0);
-    #ifdef WOLFSSL_AES_192
-    ExpectIntEQ(CMAC_Init(NULL, key, AES_192_KEY_SIZE, EVP_aes_192_cbc(),
-        NULL), 0);
-    ExpectIntEQ(CMAC_Init(cmacCtx, NULL, AES_192_KEY_SIZE, EVP_aes_192_cbc(),
-        NULL), 0);
-    /* give a key too small for the cipher, verify we get failure */
-    ExpectIntEQ(CMAC_Init(cmacCtx, key, AES_128_KEY_SIZE, EVP_aes_192_cbc(),
-        NULL), 0);
-    ExpectIntEQ(CMAC_Init(cmacCtx, key, AES_192_KEY_SIZE, NULL, NULL), 0);
-    #endif
-    #if defined(HAVE_AESGCM) && defined(WOLFSSL_AES_128)
-    /* Only AES-CBC supported. */
-    ExpectIntEQ(CMAC_Init(cmacCtx, key, AES_128_KEY_SIZE, EVP_aes_128_gcm(),
-        NULL), 0);
-    #endif
-    CMAC_CTX_free(cmacCtx);
-
-    ExpectNull(CMAC_CTX_get0_cipher_ctx(NULL));
-    cmacCtx = NULL;
-    ExpectNotNull(cmacCtx = CMAC_CTX_new());
-    /* No Init. */
-    ExpectIntEQ(CMAC_Final(cmacCtx, out, &outLen), 0);
-    CMAC_CTX_free(cmacCtx);
-
-    /* Test AES-256-CBC */
-#ifdef WOLFSSL_AES_256
-    cmacCtx = NULL;
-    ExpectNotNull(cmacCtx = CMAC_CTX_new());
-    ExpectIntEQ(CMAC_Init(cmacCtx, key, AES_256_KEY_SIZE, EVP_aes_256_cbc(),
-        NULL), 1);
-    ExpectIntEQ(CMAC_Update(cmacCtx, key, AES_128_KEY_SIZE), 1);
-    ExpectIntEQ(CMAC_Final(cmacCtx, out, NULL), 1);
-    CMAC_CTX_free(cmacCtx);
-#endif
-
-    /* Test AES-192-CBC */
-#ifdef WOLFSSL_AES_192
-    cmacCtx = NULL;
-    ExpectNotNull(cmacCtx = CMAC_CTX_new());
-    ExpectIntEQ(CMAC_Init(cmacCtx, key, AES_192_KEY_SIZE, EVP_aes_192_cbc(),
-        NULL), 1);
-    ExpectIntEQ(CMAC_Update(cmacCtx, key, AES_128_KEY_SIZE), 1);
-    ExpectIntEQ(CMAC_Final(cmacCtx, out, NULL), 1);
-    CMAC_CTX_free(cmacCtx);
-#endif
-
-    cmacCtx = NULL;
-    ExpectNotNull(cmacCtx = CMAC_CTX_new());
-    CMAC_CTX_free(cmacCtx);
-#endif /* WOLFSSL_CMAC && OPENSSL_EXTRA && WOLFSSL_AES_DIRECT */
-    return EXPECT_RESULT();
-}
-
-static int test_wolfSSL_DES(void)
-{
-    EXPECT_DECLS;
-#if defined(OPENSSL_EXTRA) && !defined(NO_DES3)
-    const_DES_cblock myDes;
-    DES_cblock iv;
-    DES_key_schedule key;
-    word32 i = 0;
-    DES_LONG dl = 0;
-    unsigned char msg[] = "hello wolfssl";
-    unsigned char weakKey[][8] = {
-        { 0x01, 0x01, 0x01, 0x01, 0x01, 0x01, 0x01, 0x01 },
-        { 0xFE, 0xFE, 0xFE, 0xFE, 0xFE, 0xFE, 0xFE, 0xFE },
-        { 0xE0, 0xE0, 0xE0, 0xE0, 0xF1, 0xF1, 0xF1, 0xF1 },
-        { 0x1F, 0x1F, 0x1F, 0x1F, 0x0E, 0x0E, 0x0E, 0x0E }
-    };
-    unsigned char semiWeakKey[][8] = {
-        { 0x01, 0x1F, 0x01, 0x1F, 0x01, 0x0E, 0x01, 0x0E },
-        { 0x1F, 0x01, 0x1F, 0x01, 0x0E, 0x01, 0x0E, 0x01 },
-        { 0x01, 0xE0, 0x01, 0xE0, 0x01, 0xF1, 0x01, 0xF1 },
-        { 0xE0, 0x01, 0xE0, 0x01, 0xF1, 0x01, 0xF1, 0x01 },
-        { 0x01, 0xFE, 0x01, 0xFE, 0x01, 0xFE, 0x01, 0xFE },
-        { 0xFE, 0x01, 0xFE, 0x01, 0xFE, 0x01, 0xFE, 0x01 },
-        { 0x1F, 0xE0, 0x1F, 0xE0, 0x0E, 0xF1, 0x0E, 0xF1 },
-        { 0xE0, 0x1F, 0xE0, 0x1F, 0xF1, 0x0E, 0xF1, 0x0E },
-        { 0x1F, 0xFE, 0x1F, 0xFE, 0x0E, 0xFE, 0x0E, 0xFE },
-        { 0xFE, 0x1F, 0xFE, 0x1F, 0xFE, 0x0E, 0xFE, 0x0E },
-        { 0xE0, 0xFE, 0xE0, 0xFE, 0xF1, 0xFE, 0xF1, 0xFE },
-        { 0xFE, 0xE0, 0xFE, 0xE0, 0xFE, 0xF1, 0xFE, 0xF1 }
-    };
-
-    /* check, check of odd parity */
-    XMEMSET(myDes, 4, sizeof(const_DES_cblock));
-    XMEMSET(key, 5, sizeof(DES_key_schedule));
-
-    DES_set_key(&myDes, &key);
-
-    myDes[0] = 6; /* set even parity */
-    ExpectIntEQ(DES_set_key_checked(&myDes, &key), -1);
-    ExpectIntNE(key[0], myDes[0]); /* should not have copied over key */
-    ExpectIntEQ(DES_set_key_checked(NULL, NULL), -2);
-    ExpectIntEQ(DES_set_key_checked(&myDes, NULL), -2);
-    ExpectIntEQ(DES_set_key_checked(NULL, &key), -2);
-
-    /* set odd parity for success case */
-    DES_set_odd_parity(&myDes);
-    ExpectIntEQ(DES_check_key_parity(&myDes), 1);
-    fprintf(stderr, "%02x %02x %02x %02x", myDes[0], myDes[1], myDes[2],
-        myDes[3]);
-    ExpectIntEQ(DES_set_key_checked(&myDes, &key), 0);
-    for (i = 0; i < sizeof(DES_key_schedule); i++) {
-        ExpectIntEQ(key[i], myDes[i]);
-    }
-    ExpectIntEQ(DES_is_weak_key(&myDes), 0);
-
-    /* check weak key */
-    XMEMSET(myDes, 1, sizeof(const_DES_cblock));
-    XMEMSET(key, 5, sizeof(DES_key_schedule));
-    ExpectIntEQ(DES_set_key_checked(&myDes, &key), -2);
-    ExpectIntNE(key[0], myDes[0]); /* should not have copied over key */
-
-    DES_set_key_unchecked(NULL, NULL);
-    DES_set_key_unchecked(&myDes, NULL);
-    DES_set_key_unchecked(NULL, &key);
-    /* compare arrays, should be the same */
-    /* now do unchecked copy of a weak key over */
-    DES_set_key_unchecked(&myDes, &key);
-    /* compare arrays, should be the same */
-    for (i = 0; i < sizeof(DES_key_schedule); i++) {
-        ExpectIntEQ(key[i], myDes[i]);
-    }
-    ExpectIntEQ(DES_is_weak_key(&myDes), 1);
-
-    myDes[7] = 2;
-    ExpectIntEQ(DES_set_key_checked(&myDes, &key), 0);
-    ExpectIntEQ(DES_is_weak_key(&myDes), 0);
-    ExpectIntEQ(DES_is_weak_key(NULL), 1);
-
-    /* Test all weak keys. */
-    for (i = 0; i < sizeof(weakKey) / sizeof(*weakKey); i++) {
-        ExpectIntEQ(DES_set_key_checked(&weakKey[i], &key), -2);
-    }
-    /* Test all semi-weak keys. */
-    for (i = 0; i < sizeof(semiWeakKey) / sizeof(*semiWeakKey); i++) {
-        ExpectIntEQ(DES_set_key_checked(&semiWeakKey[i], &key), -2);
-    }
-
-    /* check DES_key_sched API */
-    XMEMSET(key, 1, sizeof(DES_key_schedule));
-    ExpectIntEQ(DES_key_sched(&myDes, NULL), 0);
-    ExpectIntEQ(DES_key_sched(NULL, &key),   0);
-    ExpectIntEQ(DES_key_sched(&myDes, &key), 0);
-    /* compare arrays, should be the same */
-    for (i = 0; i < sizeof(DES_key_schedule); i++) {
-        ExpectIntEQ(key[i], myDes[i]);
-    }
-
-
-    ExpectIntEQ((DES_cbc_cksum(NULL, NULL, 0, NULL, NULL)), 0);
-    ExpectIntEQ((DES_cbc_cksum(msg, NULL, 0, NULL, NULL)), 0);
-    ExpectIntEQ((DES_cbc_cksum(NULL, &key, 0, NULL, NULL)), 0);
-    ExpectIntEQ((DES_cbc_cksum(NULL, NULL, 0, &myDes, NULL)), 0);
-    ExpectIntEQ((DES_cbc_cksum(NULL, NULL, 0, NULL, &iv)), 0);
-    ExpectIntEQ((DES_cbc_cksum(NULL, &key, sizeof(msg), &myDes, &iv)), 0);
-    ExpectIntEQ((DES_cbc_cksum(msg, NULL, sizeof(msg), &myDes, &iv)), 0);
-    ExpectIntEQ((DES_cbc_cksum(msg, &key, sizeof(msg), NULL, &iv)), 0);
-    ExpectIntEQ((DES_cbc_cksum(msg, &key, sizeof(msg), &myDes, NULL)), 0);
-    /* DES_cbc_cksum should return the last 4 of the last 8 bytes after
-     * DES_cbc_encrypt on the input */
-    XMEMSET(iv, 0, sizeof(DES_cblock));
-    XMEMSET(myDes, 5, sizeof(DES_key_schedule));
-    ExpectIntGT((dl = DES_cbc_cksum(msg, &key, sizeof(msg), &myDes, &iv)), 0);
-    ExpectIntEQ(dl, 480052723);
-#endif /* defined(OPENSSL_EXTRA) && !defined(NO_DES3) */
-    return EXPECT_RESULT();
-}
-
-static int test_wolfSSL_DES_ncbc(void)
-{
-    EXPECT_DECLS;
-#if defined(OPENSSL_EXTRA) && !defined(NO_DES3)
-    const_DES_cblock myDes;
-    DES_cblock iv = {1};
-    DES_key_schedule key = {0};
-    unsigned char msg[] = "hello wolfssl";
-    unsigned char out[DES_BLOCK_SIZE * 2] = {0};
-    unsigned char pln[DES_BLOCK_SIZE * 2] = {0};
-
-    unsigned char exp[]  = {0x31, 0x98, 0x2F, 0x3A, 0x55, 0xBF, 0xD8, 0xC4};
-    unsigned char exp2[] = {0xC7, 0x45, 0x8B, 0x28, 0x10, 0x53, 0xE0, 0x58};
-
-    /* partial block test */
-    DES_set_key(&key, &myDes);
-    DES_ncbc_encrypt(msg, out, 3, &myDes, &iv, DES_ENCRYPT);
-    ExpectIntEQ(XMEMCMP(exp, out, DES_BLOCK_SIZE), 0);
-    ExpectIntEQ(XMEMCMP(exp, iv, DES_BLOCK_SIZE), 0);
-
-    DES_set_key(&key, &myDes);
-    XMEMSET((byte*)&iv, 0, DES_BLOCK_SIZE);
-    *((byte*)&iv) = 1;
-    DES_ncbc_encrypt(out, pln, 3, &myDes, &iv, DES_DECRYPT);
-    ExpectIntEQ(XMEMCMP(msg, pln, 3), 0);
-    ExpectIntEQ(XMEMCMP(exp, iv, DES_BLOCK_SIZE), 0);
-
-    /* full block test */
-    DES_set_key(&key, &myDes);
-    XMEMSET(pln, 0, DES_BLOCK_SIZE);
-    XMEMSET((byte*)&iv, 0, DES_BLOCK_SIZE);
-    *((byte*)&iv) = 1;
-    DES_ncbc_encrypt(msg, out, 8, &myDes, &iv, DES_ENCRYPT);
-    ExpectIntEQ(XMEMCMP(exp2, out, DES_BLOCK_SIZE), 0);
-    ExpectIntEQ(XMEMCMP(exp2, iv, DES_BLOCK_SIZE), 0);
-
-    DES_set_key(&key, &myDes);
-    XMEMSET((byte*)&iv, 0, DES_BLOCK_SIZE);
-    *((byte*)&iv) = 1;
-    DES_ncbc_encrypt(out, pln, 8, &myDes, &iv, DES_DECRYPT);
-    ExpectIntEQ(XMEMCMP(msg, pln, 8), 0);
-    ExpectIntEQ(XMEMCMP(exp2, iv, DES_BLOCK_SIZE), 0);
-#endif
-    return EXPECT_RESULT();
-}
-
-static int test_wolfSSL_DES_ecb_encrypt(void)
-{
-    EXPECT_DECLS;
-#if defined(OPENSSL_EXTRA) && !defined(NO_DES3) && defined(WOLFSSL_DES_ECB)
-    WOLFSSL_DES_cblock input1, input2, output1, output2, back1, back2;
-    WOLFSSL_DES_key_schedule key;
-
-    XMEMCPY(key, "12345678", sizeof(WOLFSSL_DES_key_schedule));
-    XMEMCPY(input1, "Iamhuman", sizeof(WOLFSSL_DES_cblock));
-    XMEMCPY(input2, "Whoisit?", sizeof(WOLFSSL_DES_cblock));
-    XMEMSET(output1, 0, sizeof(WOLFSSL_DES_cblock));
-    XMEMSET(output2, 0, sizeof(WOLFSSL_DES_cblock));
-    XMEMSET(back1, 0, sizeof(WOLFSSL_DES_cblock));
-    XMEMSET(back2, 0, sizeof(WOLFSSL_DES_cblock));
-
-    wolfSSL_DES_ecb_encrypt(NULL, NULL, NULL, DES_ENCRYPT);
-    wolfSSL_DES_ecb_encrypt(&input1, NULL, NULL, DES_ENCRYPT);
-    wolfSSL_DES_ecb_encrypt(NULL, &output1, NULL, DES_ENCRYPT);
-    wolfSSL_DES_ecb_encrypt(NULL, NULL, &key, DES_ENCRYPT);
-    wolfSSL_DES_ecb_encrypt(&input1, &output1, NULL, DES_ENCRYPT);
-    wolfSSL_DES_ecb_encrypt(&input1, NULL, &key, DES_ENCRYPT);
-    wolfSSL_DES_ecb_encrypt(NULL, &output1, &key, DES_ENCRYPT);
-
-    /* Encrypt messages */
-    wolfSSL_DES_ecb_encrypt(&input1, &output1, &key, DES_ENCRYPT);
-    wolfSSL_DES_ecb_encrypt(&input2, &output2, &key, DES_ENCRYPT);
-
-    {
-        /* Decrypt messages */
-        int ret1 = 0;
-        int ret2 = 0;
-        wolfSSL_DES_ecb_encrypt(&output1, &back1, &key, DES_DECRYPT);
-        ExpectIntEQ(ret1 = XMEMCMP((unsigned char *)back1,
-            (unsigned char *)input1, sizeof(WOLFSSL_DES_cblock)), 0);
-        wolfSSL_DES_ecb_encrypt(&output2, &back2, &key, DES_DECRYPT);
-        ExpectIntEQ(ret2 = XMEMCMP((unsigned char *)back2,
-            (unsigned char *)input2, sizeof(WOLFSSL_DES_cblock)), 0);
-    }
-#endif
-    return EXPECT_RESULT();
-}
-
-static int test_wolfSSL_DES_ede3_cbc_encrypt(void)
-{
-    EXPECT_DECLS;
-#if defined(OPENSSL_EXTRA) && !defined(NO_DES3)
-    unsigned char input1[8], input2[8];
-    unsigned char output1[8], output2[8];
-    unsigned char back1[8], back2[8];
-    WOLFSSL_DES_cblock iv1, iv2;
-    WOLFSSL_DES_key_schedule key1, key2, key3;
-    int i;
-
-    XMEMCPY(key1, "12345678", sizeof(WOLFSSL_DES_key_schedule));
-    XMEMCPY(key2, "23456781", sizeof(WOLFSSL_DES_key_schedule));
-    XMEMCPY(key3, "34567823", sizeof(WOLFSSL_DES_key_schedule));
-    XMEMCPY(input1, "Iamhuman", sizeof(input1));
-    XMEMCPY(input2, "Whoisit?", sizeof(input2));
-
-    XMEMSET(output1, 0, sizeof(output1));
-    XMEMSET(output2, 0, sizeof(output2));
-    XMEMSET(back1, 0, sizeof(back1));
-    XMEMSET(back2, 0, sizeof(back2));
-
-    XMEMCPY(iv1, "87654321", sizeof(WOLFSSL_DES_cblock));
-    XMEMCPY(iv2, "98765432", sizeof(WOLFSSL_DES_cblock));
-    /* Encrypt messages */
-    wolfSSL_DES_ede3_cbc_encrypt(input1, output1, 8, &key1, &key2, &key3, &iv1,
-        DES_ENCRYPT);
-    wolfSSL_DES_ede3_cbc_encrypt(input2, output2, 8, &key1, &key2, &key3, &iv2,
-        DES_ENCRYPT);
-
-    {
-        XMEMCPY(iv1, "87654321", sizeof(WOLFSSL_DES_cblock));
-        XMEMCPY(iv2, "98765432", sizeof(WOLFSSL_DES_cblock));
-        /* Decrypt messages */
-        wolfSSL_DES_ede3_cbc_encrypt(output1, back1, 8, &key1, &key2, &key3,
-            &iv1, DES_DECRYPT);
-        ExpectIntEQ(XMEMCMP(back1, input1, sizeof(input1)), 0);
-        wolfSSL_DES_ede3_cbc_encrypt(output2, back2, 8, &key1, &key2, &key3,
-            &iv2, DES_DECRYPT);
-        ExpectIntEQ(XMEMCMP(back2, input2, sizeof(input2)), 0);
-    }
-
-    for (i = 0; i < 8; i++) {
-        XMEMSET(output1, 0, sizeof(output1));
-        XMEMSET(output2, 0, sizeof(output2));
-        XMEMSET(back1, 0, sizeof(back1));
-        XMEMSET(back2, 0, sizeof(back2));
-
-        XMEMCPY(iv1, "87654321", sizeof(WOLFSSL_DES_cblock));
-        XMEMCPY(iv2, "98765432", sizeof(WOLFSSL_DES_cblock));
-        /* Encrypt partial messages */
-        wolfSSL_DES_ede3_cbc_encrypt(input1, output1, i, &key1, &key2, &key3,
-            &iv1, DES_ENCRYPT);
-        wolfSSL_DES_ede3_cbc_encrypt(input2, output2, i, &key1, &key2, &key3,
-            &iv2, DES_ENCRYPT);
-
-        {
-            XMEMCPY(iv1, "87654321", sizeof(WOLFSSL_DES_cblock));
-            XMEMCPY(iv2, "98765432", sizeof(WOLFSSL_DES_cblock));
-            /* Decrypt messages */
-            wolfSSL_DES_ede3_cbc_encrypt(output1, back1, i, &key1, &key2,
-                &key3, &iv1, DES_DECRYPT);
-            ExpectIntEQ(XMEMCMP(back1, input1, i), 0);
-            wolfSSL_DES_ede3_cbc_encrypt(output2, back2, i, &key1, &key2,
-                &key3, &iv2, DES_DECRYPT);
-            ExpectIntEQ(XMEMCMP(back2, input2, i), 0);
-        }
-    }
-#endif
-    return EXPECT_RESULT();
-}
-
-static int test_wolfSSL_AES_encrypt(void)
-{
-    EXPECT_DECLS;
-#if defined(OPENSSL_EXTRA) && !defined(NO_AES) && defined(HAVE_AES_ECB) && \
-    defined(WOLFSSL_AES_256) && !defined(WOLFSSL_NO_OPENSSL_AES_LOW_LEVEL_API)
-    AES_KEY enc;
-    AES_KEY dec;
-    const byte msg[] = {
-        0x6b, 0xc1, 0xbe, 0xe2, 0x2e, 0x40, 0x9f, 0x96,
-        0xe9, 0x3d, 0x7e, 0x11, 0x73, 0x93, 0x17, 0x2a
-    };
-    const byte exp[] = {
-        0xf3, 0xee, 0xd1, 0xbd, 0xb5, 0xd2, 0xa0, 0x3c,
-        0x06, 0x4b, 0x5a, 0x7e, 0x3d, 0xb1, 0x81, 0xf8,
-    };
-    const byte key[] = {
-        0x60, 0x3d, 0xeb, 0x10, 0x15, 0xca, 0x71, 0xbe,
-        0x2b, 0x73, 0xae, 0xf0, 0x85, 0x7d, 0x77, 0x81,
-        0x1f, 0x35, 0x2c, 0x07, 0x3b, 0x61, 0x08, 0xd7,
-        0x2d, 0x98, 0x10, 0xa3, 0x09, 0x14, 0xdf, 0xf4
-    };
-    byte eout[sizeof(msg)];
-    byte dout[sizeof(msg)];
-
-    ExpectIntEQ(AES_set_encrypt_key(key, sizeof(key)*8, &enc), 0);
-    ExpectIntEQ(AES_set_decrypt_key(key, sizeof(key)*8, &dec), 0);
-
-    wolfSSL_AES_encrypt(NULL, NULL, NULL);
-    wolfSSL_AES_encrypt(msg, NULL, NULL);
-    wolfSSL_AES_encrypt(NULL, eout, NULL);
-    wolfSSL_AES_encrypt(NULL, NULL, &enc);
-    wolfSSL_AES_encrypt(msg, eout, NULL);
-    wolfSSL_AES_encrypt(msg, NULL, &enc);
-    wolfSSL_AES_encrypt(NULL, eout, &enc);
-
-    wolfSSL_AES_decrypt(NULL, NULL, NULL);
-    wolfSSL_AES_decrypt(eout, NULL, NULL);
-    wolfSSL_AES_decrypt(NULL, dout, NULL);
-    wolfSSL_AES_decrypt(NULL, NULL, &dec);
-    wolfSSL_AES_decrypt(eout, dout, NULL);
-    wolfSSL_AES_decrypt(eout, NULL, &dec);
-    wolfSSL_AES_decrypt(NULL, dout, &dec);
-
-    wolfSSL_AES_encrypt(msg, eout, &enc);
-    ExpectIntEQ(XMEMCMP(eout, exp, AES_BLOCK_SIZE), 0);
-    wolfSSL_AES_decrypt(eout, dout, &dec);
-    ExpectIntEQ(XMEMCMP(dout, msg, AES_BLOCK_SIZE), 0);
-#endif
-    return EXPECT_RESULT();
-}
-
-static int test_wolfSSL_AES_ecb_encrypt(void)
-{
-    EXPECT_DECLS;
-#if defined(OPENSSL_EXTRA) && !defined(NO_AES) && defined(HAVE_AES_ECB) && \
-    defined(WOLFSSL_AES_256) && !defined(WOLFSSL_NO_OPENSSL_AES_LOW_LEVEL_API)
-    AES_KEY aes;
-    const byte msg[] =
-    {
-      0x6b,0xc1,0xbe,0xe2,0x2e,0x40,0x9f,0x96,
-      0xe9,0x3d,0x7e,0x11,0x73,0x93,0x17,0x2a
-    };
-
-    const byte verify[] =
-    {
-        0xf3,0xee,0xd1,0xbd,0xb5,0xd2,0xa0,0x3c,
-        0x06,0x4b,0x5a,0x7e,0x3d,0xb1,0x81,0xf8
-    };
-
-    const byte key[] =
-    {
-      0x60,0x3d,0xeb,0x10,0x15,0xca,0x71,0xbe,
-      0x2b,0x73,0xae,0xf0,0x85,0x7d,0x77,0x81,
-      0x1f,0x35,0x2c,0x07,0x3b,0x61,0x08,0xd7,
-      0x2d,0x98,0x10,0xa3,0x09,0x14,0xdf,0xf4
-    };
-
-
-    byte out[AES_BLOCK_SIZE];
-
-    ExpectIntEQ(AES_set_encrypt_key(key, sizeof(key)*8, &aes), 0);
-    XMEMSET(out, 0, AES_BLOCK_SIZE);
-    AES_ecb_encrypt(msg, out, &aes, AES_ENCRYPT);
-    ExpectIntEQ(XMEMCMP(out, verify, AES_BLOCK_SIZE), 0);
-
-#ifdef HAVE_AES_DECRYPT
-    ExpectIntEQ(AES_set_decrypt_key(key, sizeof(key)*8, &aes), 0);
-    XMEMSET(out, 0, AES_BLOCK_SIZE);
-    AES_ecb_encrypt(verify, out, &aes, AES_DECRYPT);
-    ExpectIntEQ(XMEMCMP(out, msg, AES_BLOCK_SIZE), 0);
-#endif
-
-    /* test bad arguments */
-    AES_ecb_encrypt(NULL, out, &aes, AES_DECRYPT);
-    AES_ecb_encrypt(verify, NULL, &aes, AES_DECRYPT);
-    AES_ecb_encrypt(verify, out, NULL, AES_DECRYPT);
-#endif
-    return EXPECT_RESULT();
-}
-
-static int test_wolfSSL_AES_cbc_encrypt(void)
-{
-    EXPECT_DECLS;
-#if !defined(NO_AES) && defined(HAVE_AES_CBC) && defined(OPENSSL_EXTRA) && \
-        !defined(WOLFSSL_NO_OPENSSL_AES_LOW_LEVEL_API)
-    AES_KEY aes;
-    AES_KEY* aesN = NULL;
-    size_t len = 0;
-    size_t lenB = 0;
-    int keySz0 = 0;
-    int keySzN = -1;
-    byte out[AES_BLOCK_SIZE] = {0};
-    byte* outN = NULL;
-
-    /* Test vectors retrieved from:
-     *   <begin URL>
-     *       https://csrc.nist.gov/
-     *       CSRC/media/Projects/Cryptographic-Algorithm-Validation-Program/
-     *       documents/aes/KAT_AES.zip
-     *   </end URL>
-     */
-    const byte* pt128N  = NULL;
-    byte* key128N       = NULL;
-    byte* iv128N        = NULL;
-    byte iv128tmp[AES_BLOCK_SIZE] = {0};
-
-    const byte pt128[]  = { 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
-                            0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00 };
-
-    const byte ct128[]  = { 0x87,0x85,0xb1,0xa7,0x5b,0x0f,0x3b,0xd9,
-                            0x58,0xdc,0xd0,0xe2,0x93,0x18,0xc5,0x21 };
-
-    const byte iv128[]  = { 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
-                            0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00 };
-
-    byte key128[]       = { 0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,
-                            0xff,0xff,0xf0,0x00,0x00,0x00,0x00,0x00 };
-
-
-    len = sizeof(pt128);
-
-    #define STRESS_T(a, b, c, d, e, f, g, h, i) \
-            wolfSSL_AES_cbc_encrypt(a, b, c, d, e, f); \
-            ExpectIntNE(XMEMCMP(b, g, h), i)
-
-    #define RESET_IV(x, y) XMEMCPY(x, y, AES_BLOCK_SIZE)
-
-    /* Stressing wolfSSL_AES_cbc_encrypt() */
-    STRESS_T(pt128N, out, len, &aes, iv128tmp, 1, ct128, AES_BLOCK_SIZE, 0);
-    STRESS_T(pt128, out, len, &aes, iv128N, 1, ct128, AES_BLOCK_SIZE, 0);
-
-    wolfSSL_AES_cbc_encrypt(pt128, outN, len, &aes, iv128tmp, AES_ENCRYPT);
-    ExpectIntNE(XMEMCMP(out, ct128, AES_BLOCK_SIZE), 0);
-    wolfSSL_AES_cbc_encrypt(pt128, out, len, aesN, iv128tmp, AES_ENCRYPT);
-    ExpectIntNE(XMEMCMP(out, ct128, AES_BLOCK_SIZE), 0);
-
-    STRESS_T(pt128, out, lenB, &aes, iv128tmp, 1, ct128, AES_BLOCK_SIZE, 0);
-
-    /* Stressing wolfSSL_AES_set_encrypt_key */
-    ExpectIntNE(wolfSSL_AES_set_encrypt_key(key128N, sizeof(key128)*8, &aes),0);
-    ExpectIntNE(wolfSSL_AES_set_encrypt_key(key128, sizeof(key128)*8, aesN),0);
-    ExpectIntNE(wolfSSL_AES_set_encrypt_key(key128, keySz0, &aes), 0);
-    ExpectIntNE(wolfSSL_AES_set_encrypt_key(key128, keySzN, &aes), 0);
-
-    /* Stressing wolfSSL_AES_set_decrypt_key */
-    ExpectIntNE(wolfSSL_AES_set_decrypt_key(key128N, sizeof(key128)*8, &aes),0);
-    ExpectIntNE(wolfSSL_AES_set_decrypt_key(key128N, sizeof(key128)*8, aesN),0);
-    ExpectIntNE(wolfSSL_AES_set_decrypt_key(key128, keySz0, &aes), 0);
-    ExpectIntNE(wolfSSL_AES_set_decrypt_key(key128, keySzN, &aes), 0);
-
-  #ifdef WOLFSSL_AES_128
-
-    /* wolfSSL_AES_cbc_encrypt() 128-bit */
-    XMEMSET(out, 0, AES_BLOCK_SIZE);
-    RESET_IV(iv128tmp, iv128);
-
-    ExpectIntEQ(wolfSSL_AES_set_encrypt_key(key128, sizeof(key128)*8, &aes), 0);
-    wolfSSL_AES_cbc_encrypt(pt128, out, len, &aes, iv128tmp, AES_ENCRYPT);
-    ExpectIntEQ(XMEMCMP(out, ct128, AES_BLOCK_SIZE), 0);
-    wc_AesFree((Aes*)&aes);
-
-    #ifdef HAVE_AES_DECRYPT
-
-    /* wolfSSL_AES_cbc_encrypt() 128-bit in decrypt mode */
-    XMEMSET(out, 0, AES_BLOCK_SIZE);
-    RESET_IV(iv128tmp, iv128);
-    len = sizeof(ct128);
-
-    ExpectIntEQ(wolfSSL_AES_set_decrypt_key(key128, sizeof(key128)*8, &aes), 0);
-    wolfSSL_AES_cbc_encrypt(ct128, out, len, &aes, iv128tmp, AES_DECRYPT);
-    ExpectIntEQ(XMEMCMP(out, pt128, AES_BLOCK_SIZE), 0);
-    wc_AesFree((Aes*)&aes);
-
-    #endif
-
-  #endif /* WOLFSSL_AES_128 */
-  #ifdef WOLFSSL_AES_192
-  {
-    /* Test vectors from NIST Special Publication 800-38A, 2001 Edition
-     * Appendix F.2.3  */
-
-    byte iv192tmp[AES_BLOCK_SIZE] = {0};
-
-    const byte pt192[]  = { 0x6b,0xc1,0xbe,0xe2,0x2e,0x40,0x9f,0x96,
-                            0xe9,0x3d,0x7e,0x11,0x73,0x93,0x17,0x2a };
-
-    const byte ct192[]  = { 0x4f,0x02,0x1d,0xb2,0x43,0xbc,0x63,0x3d,
-                            0x71,0x78,0x18,0x3a,0x9f,0xa0,0x71,0xe8 };
-
-    const byte iv192[]  = { 0x00,0x01,0x02,0x03,0x04,0x05,0x06,0x07,
-                            0x08,0x09,0x0A,0x0B,0x0C,0x0D,0x0E,0x0F };
-
-    byte key192[]       = { 0x8e,0x73,0xb0,0xf7,0xda,0x0e,0x64,0x52,
-                            0xc8,0x10,0xf3,0x2b,0x80,0x90,0x79,0xe5,
-                            0x62,0xf8,0xea,0xd2,0x52,0x2c,0x6b,0x7b };
-
-    len = sizeof(pt192);
-
-    /* wolfSSL_AES_cbc_encrypt() 192-bit */
-    XMEMSET(out, 0, AES_BLOCK_SIZE);
-    RESET_IV(iv192tmp, iv192);
-
-    ExpectIntEQ(wolfSSL_AES_set_encrypt_key(key192, sizeof(key192)*8, &aes), 0);
-    wolfSSL_AES_cbc_encrypt(pt192, out, len, &aes, iv192tmp, AES_ENCRYPT);
-    ExpectIntEQ(XMEMCMP(out, ct192, AES_BLOCK_SIZE), 0);
-    wc_AesFree((Aes*)&aes);
-
-    #ifdef HAVE_AES_DECRYPT
-
-    /* wolfSSL_AES_cbc_encrypt() 192-bit in decrypt mode */
-    len = sizeof(ct192);
-    RESET_IV(iv192tmp, iv192);
-    XMEMSET(out, 0, AES_BLOCK_SIZE);
-
-    ExpectIntEQ(wolfSSL_AES_set_decrypt_key(key192, sizeof(key192)*8, &aes), 0);
-    wolfSSL_AES_cbc_encrypt(ct192, out, len, &aes, iv192tmp, AES_DECRYPT);
-    ExpectIntEQ(XMEMCMP(out, pt192, AES_BLOCK_SIZE), 0);
-    wc_AesFree((Aes*)&aes);
-
-    #endif
-  }
-  #endif /* WOLFSSL_AES_192 */
-  #ifdef WOLFSSL_AES_256
-  {
-    /* Test vectors from NIST Special Publication 800-38A, 2001 Edition,
-     * Appendix F.2.5  */
-    byte iv256tmp[AES_BLOCK_SIZE] = {0};
-
-    const byte pt256[]  = { 0x6b,0xc1,0xbe,0xe2,0x2e,0x40,0x9f,0x96,
-                            0xe9,0x3d,0x7e,0x11,0x73,0x93,0x17,0x2a };
-
-    const byte ct256[]  = { 0xf5,0x8c,0x4c,0x04,0xd6,0xe5,0xf1,0xba,
-                            0x77,0x9e,0xab,0xfb,0x5f,0x7b,0xfb,0xd6 };
-
-    const byte iv256[]  = { 0x00,0x01,0x02,0x03,0x04,0x05,0x06,0x07,
-                            0x08,0x09,0x0A,0x0B,0x0C,0x0D,0x0E,0x0F };
-
-    byte key256[]       = { 0x60,0x3d,0xeb,0x10,0x15,0xca,0x71,0xbe,
-                            0x2b,0x73,0xae,0xf0,0x85,0x7d,0x77,0x81,
-                            0x1f,0x35,0x2c,0x07,0x3b,0x61,0x08,0xd7,
-                            0x2d,0x98,0x10,0xa3,0x09,0x14,0xdf,0xf4 };
-
-
-    len = sizeof(pt256);
-
-    /* wolfSSL_AES_cbc_encrypt() 256-bit */
-    XMEMSET(out, 0, AES_BLOCK_SIZE);
-    RESET_IV(iv256tmp, iv256);
-
-    ExpectIntEQ(wolfSSL_AES_set_encrypt_key(key256, sizeof(key256)*8, &aes), 0);
-    wolfSSL_AES_cbc_encrypt(pt256, out, len, &aes, iv256tmp, AES_ENCRYPT);
-    ExpectIntEQ(XMEMCMP(out, ct256, AES_BLOCK_SIZE), 0);
-    wc_AesFree((Aes*)&aes);
-
-    #ifdef HAVE_AES_DECRYPT
-
-    /* wolfSSL_AES_cbc_encrypt() 256-bit in decrypt mode */
-    len = sizeof(ct256);
-    RESET_IV(iv256tmp, iv256);
-    XMEMSET(out, 0, AES_BLOCK_SIZE);
-
-    ExpectIntEQ(wolfSSL_AES_set_decrypt_key(key256, sizeof(key256)*8, &aes), 0);
-    wolfSSL_AES_cbc_encrypt(ct256, out, len, &aes, iv256tmp, AES_DECRYPT);
-    ExpectIntEQ(XMEMCMP(out, pt256, AES_BLOCK_SIZE), 0);
-    wc_AesFree((Aes*)&aes);
-
-    #endif
-
-    #if defined(HAVE_AES_KEYWRAP) && !defined(HAVE_FIPS) && \
-        !defined(HAVE_SELFTEST)
-    {
-    byte wrapCipher[sizeof(key256) + KEYWRAP_BLOCK_SIZE] = { 0 };
-    byte wrapPlain[sizeof(key256)] = { 0 };
-    byte wrapIV[KEYWRAP_BLOCK_SIZE] = { 0 };
-
-    /* wolfSSL_AES_wrap_key() 256-bit NULL iv */
-    ExpectIntEQ(wolfSSL_AES_set_encrypt_key(key256, sizeof(key256)*8, &aes), 0);
-    ExpectIntEQ(wolfSSL_AES_wrap_key(&aes, NULL, wrapCipher, key256,
-            15), WC_NO_ERR_TRACE(WOLFSSL_FAILURE));
-    ExpectIntEQ(wolfSSL_AES_wrap_key(&aes, NULL, wrapCipher, key256,
-            sizeof(key256)), sizeof(wrapCipher));
-    wc_AesFree((Aes*)&aes);
-
-    /* wolfSSL_AES_unwrap_key() 256-bit NULL iv */
-    ExpectIntEQ(wolfSSL_AES_set_decrypt_key(key256, sizeof(key256)*8, &aes), 0);
-    ExpectIntEQ(wolfSSL_AES_unwrap_key(&aes, NULL, wrapPlain, wrapCipher,
-            23), WC_NO_ERR_TRACE(WOLFSSL_FAILURE));
-    ExpectIntEQ(wolfSSL_AES_unwrap_key(&aes, NULL, wrapPlain, wrapCipher,
-            sizeof(wrapCipher)), sizeof(wrapPlain));
-    ExpectIntEQ(XMEMCMP(wrapPlain, key256, sizeof(key256)), 0);
-    XMEMSET(wrapCipher, 0, sizeof(wrapCipher));
-    XMEMSET(wrapPlain, 0, sizeof(wrapPlain));
-    wc_AesFree((Aes*)&aes);
-
-    /* wolfSSL_AES_wrap_key() 256-bit custom iv */
-    ExpectIntEQ(wolfSSL_AES_set_encrypt_key(key256, sizeof(key256)*8, &aes), 0);
-    ExpectIntEQ(wolfSSL_AES_wrap_key(&aes, wrapIV, wrapCipher, key256,
-            sizeof(key256)), sizeof(wrapCipher));
-    wc_AesFree((Aes*)&aes);
-
-    /* wolfSSL_AES_unwrap_key() 256-bit custom iv */
-    ExpectIntEQ(wolfSSL_AES_set_decrypt_key(key256, sizeof(key256)*8, &aes), 0);
-    ExpectIntEQ(wolfSSL_AES_unwrap_key(&aes, wrapIV, wrapPlain, wrapCipher,
-            sizeof(wrapCipher)), sizeof(wrapPlain));
-    ExpectIntEQ(XMEMCMP(wrapPlain, key256, sizeof(key256)), 0);
-    wc_AesFree((Aes*)&aes);
-
-    ExpectIntEQ(wolfSSL_AES_wrap_key(NULL, NULL, NULL, NULL, 0), 0);
-    ExpectIntEQ(wolfSSL_AES_wrap_key(&aes, NULL, NULL, NULL, 0), 0);
-    ExpectIntEQ(wolfSSL_AES_wrap_key(NULL, wrapIV, NULL, NULL, 0), 0);
-    ExpectIntEQ(wolfSSL_AES_wrap_key(NULL, NULL, wrapCipher, NULL, 0), 0);
-    ExpectIntEQ(wolfSSL_AES_wrap_key(NULL, NULL, NULL, key256, 0), 0);
-    ExpectIntEQ(wolfSSL_AES_wrap_key(NULL, wrapIV, wrapCipher, key256, 0), 0);
-    ExpectIntEQ(wolfSSL_AES_wrap_key(&aes, NULL, wrapCipher, key256, 0), 0);
-    ExpectIntEQ(wolfSSL_AES_wrap_key(&aes, wrapIV, NULL, key256, 0), 0);
-    ExpectIntEQ(wolfSSL_AES_wrap_key(&aes, wrapIV, wrapCipher, NULL, 0), 0);
-
-    ExpectIntEQ(wolfSSL_AES_unwrap_key(NULL, NULL, NULL, NULL, 0), 0);
-    ExpectIntEQ(wolfSSL_AES_unwrap_key(&aes, NULL, NULL, NULL, 0), 0);
-    ExpectIntEQ(wolfSSL_AES_unwrap_key(NULL, wrapIV, NULL, NULL, 0), 0);
-    ExpectIntEQ(wolfSSL_AES_unwrap_key(NULL, NULL, wrapPlain, NULL, 0), 0);
-    ExpectIntEQ(wolfSSL_AES_unwrap_key(NULL, NULL, NULL, wrapCipher, 0), 0);
-    ExpectIntEQ(wolfSSL_AES_unwrap_key(NULL, wrapIV, wrapPlain, wrapCipher, 0),
-        0);
-    ExpectIntEQ(wolfSSL_AES_unwrap_key(&aes, NULL, wrapPlain, wrapCipher, 0),
-        0);
-    ExpectIntEQ(wolfSSL_AES_unwrap_key(&aes, wrapIV, NULL, wrapCipher, 0), 0);
-    ExpectIntEQ(wolfSSL_AES_wrap_key(&aes, wrapIV, wrapPlain, NULL, 0), 0);
-    }
-    #endif /* HAVE_AES_KEYWRAP */
-  }
-  #endif /* WOLFSSL_AES_256 */
-#endif
-    return EXPECT_RESULT();
-}
-
-static int test_wolfSSL_AES_cfb128_encrypt(void)
-{
-    EXPECT_DECLS;
-#if defined(OPENSSL_EXTRA) && !defined(NO_AES) && defined(WOLFSSL_AES_CFB) && \
-        !defined(WOLFSSL_NO_OPENSSL_AES_LOW_LEVEL_API)
-    AES_KEY aesEnc;
-    AES_KEY aesDec;
-    const byte msg[] = {
-        0x6b, 0xc1, 0xbe, 0xe2, 0x2e, 0x40, 0x9f, 0x96,
-        0xe9, 0x3d, 0x7e, 0x11, 0x73, 0x93, 0x17, 0x2a
-    };
-    const byte exp[] = {
-        0x2c, 0x4e, 0xc4, 0x58, 0x4b, 0xf3, 0xb3, 0xad,
-        0xd0, 0xe6, 0xf1, 0x80, 0x43, 0x59, 0x54, 0x6b
-    };
-    const byte key[] = {
-        0x60, 0x3d, 0xeb, 0x10, 0x15, 0xca, 0x71, 0xbe,
-        0x2b, 0x73, 0xae, 0xf0, 0x85, 0x7d, 0x77, 0x81
-    };
-    const byte ivData[] = {
-        0x2b, 0x73, 0xae, 0xf0, 0x85, 0x7d, 0x77, 0x81,
-        0x1f, 0x35, 0x2c, 0x07, 0x3b, 0x61, 0x08, 0xd7,
-    };
-    byte out[AES_BLOCK_SIZE];
-    byte iv[AES_BLOCK_SIZE];
-    word32 i;
-    int num;
-
-    ExpectIntEQ(AES_set_encrypt_key(key, sizeof(key)*8, &aesEnc), 0);
-    XMEMCPY(iv, ivData, sizeof(iv));
-    XMEMSET(out, 0, AES_BLOCK_SIZE);
-    AES_cfb128_encrypt(msg, out, sizeof(msg), &aesEnc, iv, NULL, AES_ENCRYPT);
-    ExpectIntEQ(XMEMCMP(out, exp, sizeof(msg)), 0);
-    ExpectIntNE(XMEMCMP(iv, ivData, sizeof(iv)), 0);
-
-#ifdef HAVE_AES_DECRYPT
-    ExpectIntEQ(AES_set_encrypt_key(key, sizeof(key)*8, &aesDec), 0);
-    XMEMCPY(iv, ivData, sizeof(iv));
-    XMEMSET(out, 0, AES_BLOCK_SIZE);
-    AES_cfb128_encrypt(exp, out, sizeof(msg), &aesDec, iv, NULL, AES_DECRYPT);
-    ExpectIntEQ(XMEMCMP(out, msg, sizeof(msg)), 0);
-    ExpectIntNE(XMEMCMP(iv, ivData, sizeof(iv)), 0);
-#endif
-
-    for (i = 0; EXPECT_SUCCESS() && (i <= sizeof(msg)); i++) {
-        ExpectIntEQ(AES_set_encrypt_key(key, sizeof(key)*8, &aesEnc), 0);
-        XMEMCPY(iv, ivData, sizeof(iv));
-        XMEMSET(out, 0, AES_BLOCK_SIZE);
-        AES_cfb128_encrypt(msg, out, i, &aesEnc, iv, &num, AES_ENCRYPT);
-        ExpectIntEQ(num, i % AES_BLOCK_SIZE);
-        ExpectIntEQ(XMEMCMP(out, exp, i), 0);
-        if (i == 0) {
-            ExpectIntEQ(XMEMCMP(iv, ivData, sizeof(iv)), 0);
-        }
-        else {
-            ExpectIntNE(XMEMCMP(iv, ivData, sizeof(iv)), 0);
-        }
-
-    #ifdef HAVE_AES_DECRYPT
-        ExpectIntEQ(AES_set_encrypt_key(key, sizeof(key)*8, &aesDec), 0);
-        XMEMCPY(iv, ivData, sizeof(iv));
-        XMEMSET(out, 0, AES_BLOCK_SIZE);
-        AES_cfb128_encrypt(exp, out, i, &aesDec, iv, &num, AES_DECRYPT);
-        ExpectIntEQ(num, i % AES_BLOCK_SIZE);
-        ExpectIntEQ(XMEMCMP(out, msg, i), 0);
-        if (i == 0) {
-            ExpectIntEQ(XMEMCMP(iv, ivData, sizeof(iv)), 0);
-        }
-        else {
-            ExpectIntNE(XMEMCMP(iv, ivData, sizeof(iv)), 0);
-        }
-    #endif
-    }
-
-    if (EXPECT_SUCCESS()) {
-        /* test bad arguments */
-        AES_cfb128_encrypt(NULL, NULL, 0, NULL, NULL, NULL, AES_DECRYPT);
-        AES_cfb128_encrypt(msg, NULL, 0, NULL, NULL, NULL, AES_DECRYPT);
-        AES_cfb128_encrypt(NULL, out, 0, NULL, NULL, NULL, AES_DECRYPT);
-        AES_cfb128_encrypt(NULL, NULL, 0, &aesDec, NULL, NULL, AES_DECRYPT);
-        AES_cfb128_encrypt(NULL, NULL, 0, NULL, iv, NULL, AES_DECRYPT);
-        AES_cfb128_encrypt(NULL, out, 0, &aesDec, iv, NULL, AES_DECRYPT);
-        AES_cfb128_encrypt(msg, NULL, 0, &aesDec, iv, NULL, AES_DECRYPT);
-        AES_cfb128_encrypt(msg, out, 0, NULL, iv, NULL, AES_DECRYPT);
-        AES_cfb128_encrypt(msg, out, 0, &aesDec, NULL, NULL, AES_DECRYPT);
-    }
-#endif
-    return EXPECT_RESULT();
-}
-
-static int test_wolfSSL_CRYPTO_cts128(void)
-{
-    EXPECT_DECLS;
-#if !defined(NO_AES) && defined(HAVE_AES_CBC) && defined(OPENSSL_EXTRA) && \
-    defined(HAVE_CTS) && !defined(WOLFSSL_NO_OPENSSL_AES_LOW_LEVEL_API)
-    byte tmp[64]; /* Largest vector size */
-    /* Test vectors taken form RFC3962 Appendix B */
-    const testVector vects[] = {
-        {
-            "\x49\x20\x77\x6f\x75\x6c\x64\x20\x6c\x69\x6b\x65\x20\x74\x68\x65"
-            "\x20",
-            "\xc6\x35\x35\x68\xf2\xbf\x8c\xb4\xd8\xa5\x80\x36\x2d\xa7\xff\x7f"
-            "\x97",
-            17, 17
-        },
-        {
-            "\x49\x20\x77\x6f\x75\x6c\x64\x20\x6c\x69\x6b\x65\x20\x74\x68\x65"
-            "\x20\x47\x65\x6e\x65\x72\x61\x6c\x20\x47\x61\x75\x27\x73\x20",
-            "\xfc\x00\x78\x3e\x0e\xfd\xb2\xc1\xd4\x45\xd4\xc8\xef\xf7\xed\x22"
-            "\x97\x68\x72\x68\xd6\xec\xcc\xc0\xc0\x7b\x25\xe2\x5e\xcf\xe5",
-            31, 31
-        },
-        {
-            "\x49\x20\x77\x6f\x75\x6c\x64\x20\x6c\x69\x6b\x65\x20\x74\x68\x65"
-            "\x20\x47\x65\x6e\x65\x72\x61\x6c\x20\x47\x61\x75\x27\x73\x20\x43",
-            "\x39\x31\x25\x23\xa7\x86\x62\xd5\xbe\x7f\xcb\xcc\x98\xeb\xf5\xa8"
-            "\x97\x68\x72\x68\xd6\xec\xcc\xc0\xc0\x7b\x25\xe2\x5e\xcf\xe5\x84",
-            32, 32
-        },
-        {
-            "\x49\x20\x77\x6f\x75\x6c\x64\x20\x6c\x69\x6b\x65\x20\x74\x68\x65"
-            "\x20\x47\x65\x6e\x65\x72\x61\x6c\x20\x47\x61\x75\x27\x73\x20\x43"
-            "\x68\x69\x63\x6b\x65\x6e\x2c\x20\x70\x6c\x65\x61\x73\x65\x2c",
-            "\x97\x68\x72\x68\xd6\xec\xcc\xc0\xc0\x7b\x25\xe2\x5e\xcf\xe5\x84"
-            "\xb3\xff\xfd\x94\x0c\x16\xa1\x8c\x1b\x55\x49\xd2\xf8\x38\x02\x9e"
-            "\x39\x31\x25\x23\xa7\x86\x62\xd5\xbe\x7f\xcb\xcc\x98\xeb\xf5",
-            47, 47
-        },
-        {
-            "\x49\x20\x77\x6f\x75\x6c\x64\x20\x6c\x69\x6b\x65\x20\x74\x68\x65"
-            "\x20\x47\x65\x6e\x65\x72\x61\x6c\x20\x47\x61\x75\x27\x73\x20\x43"
-            "\x68\x69\x63\x6b\x65\x6e\x2c\x20\x70\x6c\x65\x61\x73\x65\x2c\x20",
-            "\x97\x68\x72\x68\xd6\xec\xcc\xc0\xc0\x7b\x25\xe2\x5e\xcf\xe5\x84"
-            "\x9d\xad\x8b\xbb\x96\xc4\xcd\xc0\x3b\xc1\x03\xe1\xa1\x94\xbb\xd8"
-            "\x39\x31\x25\x23\xa7\x86\x62\xd5\xbe\x7f\xcb\xcc\x98\xeb\xf5\xa8",
-            48, 48
-        },
-        {
-            "\x49\x20\x77\x6f\x75\x6c\x64\x20\x6c\x69\x6b\x65\x20\x74\x68\x65"
-            "\x20\x47\x65\x6e\x65\x72\x61\x6c\x20\x47\x61\x75\x27\x73\x20\x43"
-            "\x68\x69\x63\x6b\x65\x6e\x2c\x20\x70\x6c\x65\x61\x73\x65\x2c\x20"
-            "\x61\x6e\x64\x20\x77\x6f\x6e\x74\x6f\x6e\x20\x73\x6f\x75\x70\x2e",
-            "\x97\x68\x72\x68\xd6\xec\xcc\xc0\xc0\x7b\x25\xe2\x5e\xcf\xe5\x84"
-            "\x39\x31\x25\x23\xa7\x86\x62\xd5\xbe\x7f\xcb\xcc\x98\xeb\xf5\xa8"
-            "\x48\x07\xef\xe8\x36\xee\x89\xa5\x26\x73\x0d\xbc\x2f\x7b\xc8\x40"
-            "\x9d\xad\x8b\xbb\x96\xc4\xcd\xc0\x3b\xc1\x03\xe1\xa1\x94\xbb\xd8",
-            64, 64
-        }
-    };
-    byte keyBytes[AES_128_KEY_SIZE] = {
-        0x63, 0x68, 0x69, 0x63, 0x6b, 0x65, 0x6e, 0x20,
-        0x74, 0x65, 0x72, 0x69, 0x79, 0x61, 0x6b, 0x69
-    };
-    size_t i;
-    AES_KEY encKey;
-    byte iv[AES_IV_SIZE]; /* All-zero IV for all cases */
-
-    XMEMSET(tmp, 0, sizeof(tmp));
-
-    for (i = 0; i < sizeof(vects)/sizeof(vects[0]); i++) {
-        AES_KEY decKey;
-
-        ExpectIntEQ(AES_set_encrypt_key(keyBytes, AES_128_KEY_SIZE * 8,
-            &encKey), 0);
-        ExpectIntEQ(AES_set_decrypt_key(keyBytes, AES_128_KEY_SIZE * 8,
-            &decKey), 0);
-        XMEMSET(iv, 0, sizeof(iv));
-        ExpectIntEQ(CRYPTO_cts128_encrypt((const unsigned char*)vects[i].input,
-            tmp, vects[i].inLen, &encKey, iv, (cbc128_f)AES_cbc_encrypt),
-            vects[i].outLen);
-        ExpectIntEQ(XMEMCMP(tmp, vects[i].output, vects[i].outLen), 0);
-        XMEMSET(iv, 0, sizeof(iv));
-        ExpectIntEQ(CRYPTO_cts128_decrypt((const unsigned char*)vects[i].output,
-            tmp, vects[i].outLen, &decKey, iv, (cbc128_f)AES_cbc_encrypt),
-            vects[i].inLen);
-        ExpectIntEQ(XMEMCMP(tmp, vects[i].input, vects[i].inLen), 0);
-    }
-
-    ExpectIntEQ(CRYPTO_cts128_encrypt(NULL, NULL, 17, NULL, NULL, NULL), 0);
-    ExpectIntEQ(CRYPTO_cts128_encrypt(tmp, NULL, 17, NULL, NULL, NULL), 0);
-    ExpectIntEQ(CRYPTO_cts128_encrypt(NULL, tmp, 17, NULL, NULL, NULL), 0);
-    ExpectIntEQ(CRYPTO_cts128_encrypt(NULL, NULL, 17, &encKey, NULL, NULL), 0);
-    ExpectIntEQ(CRYPTO_cts128_encrypt(NULL, NULL, 17, NULL, iv, NULL), 0);
-    ExpectIntEQ(CRYPTO_cts128_encrypt(NULL, NULL, 17, NULL, NULL,
-        (cbc128_f)AES_cbc_encrypt), 0);
-    ExpectIntEQ(CRYPTO_cts128_encrypt(NULL, tmp, 17, &encKey, iv,
-        (cbc128_f)AES_cbc_encrypt), 0);
-    ExpectIntEQ(CRYPTO_cts128_encrypt(tmp, NULL, 17, &encKey, iv,
-        (cbc128_f)AES_cbc_encrypt), 0);
-    ExpectIntEQ(CRYPTO_cts128_encrypt(tmp, tmp, 17, NULL, iv,
-        (cbc128_f)AES_cbc_encrypt), 0);
-    ExpectIntEQ(CRYPTO_cts128_encrypt(tmp, tmp, 17, &encKey, NULL,
-        (cbc128_f)AES_cbc_encrypt), 0);
-    ExpectIntEQ(CRYPTO_cts128_encrypt(tmp, tmp, 17, &encKey, iv, NULL), 0);
-    /* Length too small. */
-    ExpectIntEQ(CRYPTO_cts128_encrypt(tmp, tmp, 0, &encKey, iv,
-        (cbc128_f)AES_cbc_encrypt), 0);
-
-    ExpectIntEQ(CRYPTO_cts128_decrypt(NULL, NULL, 17, NULL, NULL, NULL), 0);
-    ExpectIntEQ(CRYPTO_cts128_decrypt(tmp, NULL, 17, NULL, NULL, NULL), 0);
-    ExpectIntEQ(CRYPTO_cts128_decrypt(NULL, tmp, 17, NULL, NULL, NULL), 0);
-    ExpectIntEQ(CRYPTO_cts128_decrypt(NULL, NULL, 17, &encKey, NULL, NULL), 0);
-    ExpectIntEQ(CRYPTO_cts128_decrypt(NULL, NULL, 17, NULL, iv, NULL), 0);
-    ExpectIntEQ(CRYPTO_cts128_decrypt(NULL, NULL, 17, NULL, NULL,
-        (cbc128_f)AES_cbc_encrypt), 0);
-    ExpectIntEQ(CRYPTO_cts128_decrypt(NULL, tmp, 17, &encKey, iv,
-        (cbc128_f)AES_cbc_encrypt), 0);
-    ExpectIntEQ(CRYPTO_cts128_decrypt(tmp, NULL, 17, &encKey, iv,
-        (cbc128_f)AES_cbc_encrypt), 0);
-    ExpectIntEQ(CRYPTO_cts128_decrypt(tmp, tmp, 17, NULL, iv,
-        (cbc128_f)AES_cbc_encrypt), 0);
-    ExpectIntEQ(CRYPTO_cts128_decrypt(tmp, tmp, 17, &encKey, NULL,
-        (cbc128_f)AES_cbc_encrypt), 0);
-    ExpectIntEQ(CRYPTO_cts128_decrypt(tmp, tmp, 17, &encKey, iv, NULL), 0);
-    /* Length too small. */
-    ExpectIntEQ(CRYPTO_cts128_decrypt(tmp, tmp, 0, &encKey, iv,
-        (cbc128_f)AES_cbc_encrypt), 0);
-#endif /* !NO_AES && HAVE_AES_CBC && OPENSSL_EXTRA && HAVE_CTS */
-    return EXPECT_RESULT();
-}
-
-static int test_wolfSSL_RC4(void)
-{
-    EXPECT_DECLS;
-#if !defined(NO_RC4) && defined(OPENSSL_EXTRA)
-    WOLFSSL_RC4_KEY rc4Key;
-    unsigned char key[] =  {
-        0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08,
-        0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08,
-        0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08,
-        0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08,
-    };
-    unsigned char data[] = {
-        0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
-        0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
-        0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
-        0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
-    };
-    unsigned char enc[sizeof(data)];
-    unsigned char dec[sizeof(data)];
-    word32 i;
-    word32 j;
-
-    wolfSSL_RC4_set_key(NULL, -1, NULL);
-    wolfSSL_RC4_set_key(&rc4Key, -1, NULL);
-    wolfSSL_RC4_set_key(NULL, 0, NULL);
-    wolfSSL_RC4_set_key(NULL, -1, key);
-    wolfSSL_RC4_set_key(&rc4Key, 0, NULL);
-    wolfSSL_RC4_set_key(&rc4Key, -1, key);
-    wolfSSL_RC4_set_key(NULL, 0, key);
-
-    wolfSSL_RC4(NULL, 0, NULL, NULL);
-    wolfSSL_RC4(&rc4Key, 0, NULL, NULL);
-    wolfSSL_RC4(NULL, 0, data, NULL);
-    wolfSSL_RC4(NULL, 0, NULL, enc);
-    wolfSSL_RC4(&rc4Key, 0, data, NULL);
-    wolfSSL_RC4(&rc4Key, 0, NULL, enc);
-    wolfSSL_RC4(NULL, 0, data, enc);
-
-    ExpectIntEQ(1, 1);
-    for (i = 0; EXPECT_SUCCESS() && (i <= sizeof(key)); i++) {
-        for (j = 0; EXPECT_SUCCESS() && (j <= sizeof(data)); j++) {
-            XMEMSET(enc, 0, sizeof(enc));
-            XMEMSET(dec, 0, sizeof(dec));
-
-            /* Encrypt */
-            wolfSSL_RC4_set_key(&rc4Key, (int)i, key);
-            wolfSSL_RC4(&rc4Key, j, data, enc);
-            /* Decrypt */
-            wolfSSL_RC4_set_key(&rc4Key, (int)i, key);
-            wolfSSL_RC4(&rc4Key, j, enc, dec);
-
-            ExpectIntEQ(XMEMCMP(dec, data, j), 0);
-        }
-    }
-#endif
-    return EXPECT_RESULT();
-}
-
 static int test_wolfSSL_OBJ(void)
 {
 /* Password "wolfSSL test" is only 12 (96-bit) too short for testing in FIPS
@@ -37614,1102 +27481,6 @@ static int test_wolfSSL_X509_set_version(void)
     return EXPECT_RESULT();
 }
 
-#ifndef NO_BIO
-
-static int test_wolfSSL_BIO_gets(void)
-{
-    EXPECT_DECLS;
-#if defined(OPENSSL_EXTRA)
-    BIO* bio = NULL;
-    BIO* bio2 = NULL;
-    char msg[] = "\nhello wolfSSL\n security plus\t---...**adf\na...b.c";
-    char emp[] = "";
-    char bio_buffer[20];
-    int bufferSz = 20;
-#ifdef OPENSSL_ALL
-    BUF_MEM* emp_bm = NULL;
-    BUF_MEM* msg_bm = NULL;
-#endif
-
-    /* try with bad args */
-    ExpectNull(bio = BIO_new_mem_buf(NULL, sizeof(msg)));
-#ifdef OPENSSL_ALL
-    ExpectIntEQ(BIO_set_mem_buf(bio, NULL, BIO_NOCLOSE), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
-#endif
-
-    /* try with real msg */
-    ExpectNotNull(bio = BIO_new_mem_buf((void*)msg, -1));
-    XMEMSET(bio_buffer, 0, bufferSz);
-    ExpectNotNull(BIO_push(bio, BIO_new(BIO_s_bio())));
-    ExpectNull(bio2 = BIO_find_type(bio, BIO_TYPE_FILE));
-    ExpectNotNull(bio2 = BIO_find_type(bio, BIO_TYPE_BIO));
-    ExpectFalse(bio2 != BIO_next(bio));
-
-    /* make buffer filled with no terminating characters */
-    XMEMSET(bio_buffer, 1, bufferSz);
-
-    /* BIO_gets reads a line of data */
-    ExpectIntEQ(BIO_gets(bio, bio_buffer, -3), 0);
-    ExpectIntEQ(BIO_gets(bio, bio_buffer, bufferSz), 1);
-    ExpectIntEQ(BIO_gets(bio, bio_buffer, bufferSz), 14);
-    ExpectStrEQ(bio_buffer, "hello wolfSSL\n");
-    ExpectIntEQ(BIO_gets(bio, bio_buffer, bufferSz), 19);
-    ExpectIntEQ(BIO_gets(bio, bio_buffer, bufferSz), 8);
-    ExpectIntEQ(BIO_gets(bio, bio_buffer, -1), 0);
-
-#ifdef OPENSSL_ALL
-    /* test setting the mem_buf manually */
-    BIO_free(bio);
-    ExpectNotNull(bio = BIO_new_mem_buf((void*)msg, -1));
-    ExpectNotNull(emp_bm = BUF_MEM_new());
-    ExpectNotNull(msg_bm = BUF_MEM_new());
-    ExpectIntEQ(BUF_MEM_grow(msg_bm, sizeof(msg)), sizeof(msg));
-    if (EXPECT_SUCCESS()) {
-        XFREE(msg_bm->data, NULL, DYNAMIC_TYPE_OPENSSL);
-        msg_bm->data = NULL;
-    }
-    /* emp size is 1 for terminator */
-    ExpectIntEQ(BUF_MEM_grow(emp_bm, sizeof(emp)), sizeof(emp));
-    if (EXPECT_SUCCESS()) {
-        XFREE(emp_bm->data, NULL, DYNAMIC_TYPE_OPENSSL);
-        emp_bm->data = emp;
-        msg_bm->data = msg;
-    }
-    ExpectIntEQ(BIO_set_mem_buf(bio, emp_bm, BIO_CLOSE), WOLFSSL_SUCCESS);
-
-    /* check reading an empty string */
-    ExpectIntEQ(BIO_gets(bio, bio_buffer, bufferSz), 1); /* just terminator */
-    ExpectStrEQ(emp, bio_buffer);
-    ExpectIntEQ(BIO_gets(bio, bio_buffer, bufferSz), 0); /* Nothing to read */
-
-    /* BIO_gets reads a line of data */
-    ExpectIntEQ(BIO_set_mem_buf(bio, msg_bm, BIO_NOCLOSE), WOLFSSL_SUCCESS);
-    ExpectIntEQ(BIO_gets(bio, bio_buffer, -3), 0);
-    ExpectIntEQ(BIO_gets(bio, bio_buffer, bufferSz), 1);
-    ExpectIntEQ(BIO_gets(bio, bio_buffer, bufferSz), 14);
-    ExpectStrEQ(bio_buffer, "hello wolfSSL\n");
-    ExpectIntEQ(BIO_gets(bio, bio_buffer, bufferSz), 19);
-    ExpectIntEQ(BIO_gets(bio, bio_buffer, bufferSz), 8);
-    ExpectIntEQ(BIO_gets(bio, bio_buffer, -1), 0);
-
-    if (EXPECT_SUCCESS())
-        emp_bm->data = NULL;
-    BUF_MEM_free(emp_bm);
-    if (EXPECT_SUCCESS())
-        msg_bm->data = NULL;
-    BUF_MEM_free(msg_bm);
-#endif
-
-    /* check not null terminated string */
-    BIO_free(bio);
-    bio = NULL;
-    msg[0] = 0x33;
-    msg[1] = 0x33;
-    msg[2] = 0x33;
-    ExpectNotNull(bio = BIO_new_mem_buf((void*)msg, 3));
-    ExpectIntEQ(BIO_gets(bio, bio_buffer, 3), 2);
-    ExpectIntEQ(bio_buffer[0], msg[0]);
-    ExpectIntEQ(bio_buffer[1], msg[1]);
-    ExpectIntNE(bio_buffer[2], msg[2]);
-
-    BIO_free(bio);
-    bio = NULL;
-    msg[3]    = 0x33;
-    bio_buffer[3] = 0x33;
-    ExpectNotNull(bio = BIO_new_mem_buf((void*)msg, 3));
-    ExpectIntEQ(BIO_gets(bio, bio_buffer, bufferSz), 3);
-    ExpectIntEQ(bio_buffer[0], msg[0]);
-    ExpectIntEQ(bio_buffer[1], msg[1]);
-    ExpectIntEQ(bio_buffer[2], msg[2]);
-    ExpectIntNE(bio_buffer[3], 0x33); /* make sure null terminator was set */
-
-    /* check reading an empty string */
-    BIO_free(bio);
-    bio = NULL;
-    ExpectNotNull(bio = BIO_new_mem_buf((void*)emp, sizeof(emp)));
-    ExpectIntEQ(BIO_gets(bio, bio_buffer, bufferSz), 1); /* just terminator */
-    ExpectStrEQ(emp, bio_buffer);
-    ExpectIntEQ(BIO_gets(bio, bio_buffer, bufferSz), 0); /* Nothing to read */
-
-    /* check error cases */
-    BIO_free(bio);
-    bio = NULL;
-    ExpectIntEQ(BIO_gets(NULL, NULL, 0), WC_NO_ERR_TRACE(WOLFSSL_FAILURE));
-    ExpectNotNull(bio = BIO_new(BIO_s_mem()));
-    ExpectIntEQ(BIO_gets(bio, bio_buffer, 2), 0); /* nothing to read */
-
-#if !defined(NO_FILESYSTEM)
-    {
-        BIO*  f_bio = NULL;
-        XFILE f = XBADFILE;
-
-        ExpectNotNull(f_bio = BIO_new(BIO_s_file()));
-        ExpectIntLE(BIO_gets(f_bio, bio_buffer, bufferSz), 0);
-
-        ExpectTrue((f = XFOPEN(svrCertFile, "rb")) != XBADFILE);
-        ExpectIntEQ((int)BIO_set_fp(f_bio, f, BIO_CLOSE), SSL_SUCCESS);
-        if (EXPECT_FAIL() && (f != XBADFILE)) {
-            XFCLOSE(f);
-        }
-        ExpectIntGT(BIO_gets(f_bio, bio_buffer, bufferSz), 0);
-
-        BIO_free(f_bio);
-        f_bio = NULL;
-    }
-#endif /* NO_FILESYSTEM */
-
-    BIO_free(bio);
-    bio = NULL;
-    BIO_free(bio2);
-    bio2 = NULL;
-
-    /* try with type BIO */
-    XMEMCPY(msg, "\nhello wolfSSL\n security plus\t---...**adf\na...b.c",
-        sizeof(msg));
-    ExpectNotNull(bio = BIO_new(BIO_s_bio()));
-    ExpectIntEQ(BIO_gets(bio, bio_buffer, 2), 0); /* nothing to read */
-    ExpectNotNull(bio2 = BIO_new(BIO_s_bio()));
-
-    ExpectIntEQ(BIO_set_write_buf_size(bio, 10),           SSL_SUCCESS);
-    ExpectIntEQ(BIO_set_write_buf_size(bio2, sizeof(msg)), SSL_SUCCESS);
-    ExpectIntEQ(BIO_make_bio_pair(bio, bio2),              SSL_SUCCESS);
-
-    ExpectIntEQ(BIO_write(bio2, msg, sizeof(msg)), sizeof(msg));
-    ExpectIntEQ(BIO_gets(bio, bio_buffer, -3), 0);
-    ExpectIntEQ(BIO_gets(bio, bio_buffer, bufferSz), 1);
-    ExpectIntEQ(BIO_gets(bio, bio_buffer, bufferSz), 14);
-    ExpectStrEQ(bio_buffer, "hello wolfSSL\n");
-    ExpectIntEQ(BIO_gets(bio, bio_buffer, bufferSz), 19);
-    ExpectIntEQ(BIO_gets(bio, bio_buffer, bufferSz), 8);
-    ExpectIntEQ(BIO_gets(bio, bio_buffer, -1), 0);
-
-    BIO_free(bio);
-    bio = NULL;
-    BIO_free(bio2);
-    bio2 = NULL;
-
-    /* check reading an empty string */
-    ExpectNotNull(bio = BIO_new(BIO_s_bio()));
-    ExpectIntEQ(BIO_set_write_buf_size(bio, sizeof(emp)), SSL_SUCCESS);
-    ExpectIntEQ(BIO_gets(bio, bio_buffer, bufferSz), 0); /* Nothing to read */
-    ExpectStrEQ(emp, bio_buffer);
-
-    BIO_free(bio);
-    bio = NULL;
-#endif
-    return EXPECT_RESULT();
-}
-
-
-static int test_wolfSSL_BIO_puts(void)
-{
-    EXPECT_DECLS;
-#if defined(OPENSSL_EXTRA)
-    BIO* bio = NULL;
-    char input[] = "hello\0world\n.....ok\n\0";
-    char output[128];
-
-    XMEMSET(output, 0, sizeof(output));
-    ExpectNotNull(bio = BIO_new(BIO_s_mem()));
-    ExpectIntEQ(BIO_puts(bio, input), 5);
-    ExpectIntEQ(BIO_pending(bio), 5);
-    ExpectIntEQ(BIO_puts(bio, input + 6), 14);
-    ExpectIntEQ(BIO_pending(bio), 19);
-    ExpectIntEQ(BIO_gets(bio, output, sizeof(output)), 11);
-    ExpectStrEQ(output, "helloworld\n");
-    ExpectIntEQ(BIO_pending(bio), 8);
-    ExpectIntEQ(BIO_gets(bio, output, sizeof(output)), 8);
-    ExpectStrEQ(output, ".....ok\n");
-    ExpectIntEQ(BIO_pending(bio), 0);
-    ExpectIntEQ(BIO_puts(bio, ""), -1);
-
-    BIO_free(bio);
-#endif
-    return EXPECT_RESULT();
-}
-
-static int test_wolfSSL_BIO_dump(void)
-{
-    EXPECT_DECLS;
-#if defined(OPENSSL_EXTRA)
-    BIO* bio;
-    static const unsigned char data[] = {
-        0x30, 0x59, 0x30, 0x13, 0x06, 0x07, 0x2A, 0x86, 0x48, 0xCE,
-        0x3D, 0x02, 0x01, 0x06, 0x08, 0x2A, 0x86, 0x48, 0xCE, 0x3D,
-        0x03, 0x01, 0x07, 0x03, 0x42, 0x00, 0x04, 0x55, 0xBF, 0xF4,
-        0x0F, 0x44, 0x50, 0x9A, 0x3D, 0xCE, 0x9B, 0xB7, 0xF0, 0xC5,
-        0x4D, 0xF5, 0x70, 0x7B, 0xD4, 0xEC, 0x24, 0x8E, 0x19, 0x80,
-        0xEC, 0x5A, 0x4C, 0xA2, 0x24, 0x03, 0x62, 0x2C, 0x9B, 0xDA,
-        0xEF, 0xA2, 0x35, 0x12, 0x43, 0x84, 0x76, 0x16, 0xC6, 0x56,
-        0x95, 0x06, 0xCC, 0x01, 0xA9, 0xBD, 0xF6, 0x75, 0x1A, 0x42,
-        0xF7, 0xBD, 0xA9, 0xB2, 0x36, 0x22, 0x5F, 0xC7, 0x5D, 0x7F,
-        0xB4
-    };
-    /* Generated with OpenSSL. */
-    static const char expected[] =
-"0000 - 30 59 30 13 06 07 2a 86-48 ce 3d 02 01 06 08 2a   0Y0...*.H.=....*\n"
-"0010 - 86 48 ce 3d 03 01 07 03-42 00 04 55 bf f4 0f 44   .H.=....B..U...D\n"
-"0020 - 50 9a 3d ce 9b b7 f0 c5-4d f5 70 7b d4 ec 24 8e   P.=.....M.p{..$.\n"
-"0030 - 19 80 ec 5a 4c a2 24 03-62 2c 9b da ef a2 35 12   ...ZL.$.b,....5.\n"
-"0040 - 43 84 76 16 c6 56 95 06-cc 01 a9 bd f6 75 1a 42   C.v..V.......u.B\n"
-"0050 - f7 bd a9 b2 36 22 5f c7-5d 7f b4                  ....6\"_.]..\n";
-    static const char expectedAll[] =
-"0000 - 00 01 02 03 04 05 06 07-08 09 0a 0b 0c 0d 0e 0f   ................\n"
-"0010 - 10 11 12 13 14 15 16 17-18 19 1a 1b 1c 1d 1e 1f   ................\n"
-"0020 - 20 21 22 23 24 25 26 27-28 29 2a 2b 2c 2d 2e 2f    !\"#$%&'()*+,-./\n"
-"0030 - 30 31 32 33 34 35 36 37-38 39 3a 3b 3c 3d 3e 3f   0123456789:;<=>?\n"
-"0040 - 40 41 42 43 44 45 46 47-48 49 4a 4b 4c 4d 4e 4f   @ABCDEFGHIJKLMNO\n"
-"0050 - 50 51 52 53 54 55 56 57-58 59 5a 5b 5c 5d 5e 5f   PQRSTUVWXYZ[\\]^_\n"
-"0060 - 60 61 62 63 64 65 66 67-68 69 6a 6b 6c 6d 6e 6f   `abcdefghijklmno\n"
-"0070 - 70 71 72 73 74 75 76 77-78 79 7a 7b 7c 7d 7e 7f   pqrstuvwxyz{|}~.\n"
-"0080 - 80 81 82 83 84 85 86 87-88 89 8a 8b 8c 8d 8e 8f   ................\n"
-"0090 - 90 91 92 93 94 95 96 97-98 99 9a 9b 9c 9d 9e 9f   ................\n"
-"00a0 - a0 a1 a2 a3 a4 a5 a6 a7-a8 a9 aa ab ac ad ae af   ................\n"
-"00b0 - b0 b1 b2 b3 b4 b5 b6 b7-b8 b9 ba bb bc bd be bf   ................\n"
-"00c0 - c0 c1 c2 c3 c4 c5 c6 c7-c8 c9 ca cb cc cd ce cf   ................\n"
-"00d0 - d0 d1 d2 d3 d4 d5 d6 d7-d8 d9 da db dc dd de df   ................\n"
-"00e0 - e0 e1 e2 e3 e4 e5 e6 e7-e8 e9 ea eb ec ed ee ef   ................\n"
-"00f0 - f0 f1 f2 f3 f4 f5 f6 f7-f8 f9 fa fb fc fd fe ff   ................\n";
-    char output[16 * 80];
-    int i;
-
-    ExpectNotNull(bio = BIO_new(BIO_s_mem()));
-
-    /* Example key dumped. */
-    ExpectIntEQ(BIO_dump(bio, (const char*)data, (int)sizeof(data)),
-        sizeof(expected) - 1);
-    ExpectIntEQ(BIO_read(bio, output, sizeof(output)), sizeof(expected) - 1);
-    ExpectIntEQ(XMEMCMP(output, expected, sizeof(expected) - 1), 0);
-
-    /* Try every possible value for a character. */
-    for (i = 0; i < 256; i++)
-       output[i] = i;
-    ExpectIntEQ(BIO_dump(bio, output, 256), sizeof(expectedAll) - 1);
-    ExpectIntEQ(BIO_read(bio, output, sizeof(output)), sizeof(expectedAll) - 1);
-    ExpectIntEQ(XMEMCMP(output, expectedAll, sizeof(expectedAll) - 1), 0);
-
-    BIO_free(bio);
-#endif
-    return EXPECT_RESULT();
-}
-
-#if defined(OPENSSL_ALL) && !defined(NO_FILESYSTEM) && !defined(NO_CERTS) && \
-    !defined(NO_RSA) && defined(HAVE_EXT_CACHE) && \
-    defined(HAVE_IO_TESTS_DEPENDENCIES) && defined(USE_WOLFSSL_IO)
-static int forceWantRead(WOLFSSL *ssl, char *buf, int sz, void *ctx)
-{
-    (void)ssl;
-    (void)buf;
-    (void)sz;
-    (void)ctx;
-    return WOLFSSL_CBIO_ERR_WANT_READ;
-}
-#endif
-
-static int test_wolfSSL_BIO_should_retry(void)
-{
-    EXPECT_DECLS;
-#if defined(OPENSSL_ALL) && !defined(NO_FILESYSTEM) && !defined(NO_CERTS) && \
-    !defined(NO_RSA) && defined(HAVE_EXT_CACHE) && \
-    defined(HAVE_IO_TESTS_DEPENDENCIES) && defined(USE_WOLFSSL_IO)
-    tcp_ready ready;
-    func_args server_args;
-    THREAD_TYPE serverThread;
-    SOCKET_T sockfd = 0;
-    WOLFSSL_CTX* ctx = NULL;
-    WOLFSSL*     ssl = NULL;
-    char msg[64] = "hello wolfssl!";
-    char reply[1024];
-    int  msgSz = (int)XSTRLEN(msg);
-    int  ret;
-    BIO* bio = NULL;
-
-    XMEMSET(&server_args, 0, sizeof(func_args));
-#ifdef WOLFSSL_TIRTOS
-    fdOpenSession(Task_self());
-#endif
-
-    StartTCP();
-    InitTcpReady(&ready);
-
-#if defined(USE_WINDOWS_API)
-    /* use RNG to get random port if using windows */
-    ready.port = GetRandomPort();
-#endif
-
-    server_args.signal = &ready;
-    start_thread(test_server_nofail, &server_args, &serverThread);
-    wait_tcp_ready(&server_args);
-
-
-    ExpectNotNull(ctx = wolfSSL_CTX_new(wolfSSLv23_client_method()));
-#ifdef OPENSSL_COMPATIBLE_DEFAULTS
-    ExpectIntEQ(wolfSSL_CTX_clear_mode(ctx, SSL_MODE_AUTO_RETRY), 0);
-#endif
-    ExpectIntEQ(WOLFSSL_SUCCESS,
-            wolfSSL_CTX_load_verify_locations(ctx, caCertFile, 0));
-    ExpectIntEQ(WOLFSSL_SUCCESS,
-          wolfSSL_CTX_use_certificate_file(ctx, cliCertFile, SSL_FILETYPE_PEM));
-    ExpectIntEQ(WOLFSSL_SUCCESS,
-            wolfSSL_CTX_use_PrivateKey_file(ctx, cliKeyFile, SSL_FILETYPE_PEM));
-    tcp_connect(&sockfd, wolfSSLIP, server_args.signal->port, 0, 0, NULL);
-
-    /* force retry */
-    ExpectNotNull(bio = wolfSSL_BIO_new_ssl(ctx, 1));
-    ExpectIntEQ(BIO_get_ssl(bio, &ssl), 1);
-    ExpectNotNull(ssl);
-    ExpectIntEQ(wolfSSL_set_fd(ssl, sockfd), WOLFSSL_SUCCESS);
-    wolfSSL_SSLSetIORecv(ssl, forceWantRead);
-    if (EXPECT_FAIL()) {
-        wolfSSL_free(ssl);
-        ssl = NULL;
-    }
-
-    ExpectIntLE(BIO_write(bio, msg, msgSz), 0);
-    ExpectIntNE(BIO_should_retry(bio), 0);
-    ExpectIntEQ(BIO_should_read(bio), 0);
-    ExpectIntEQ(BIO_should_write(bio), 0);
-
-
-    /* now perform successful connection */
-    wolfSSL_SSLSetIORecv(ssl, EmbedReceive);
-    ExpectIntEQ(BIO_write(bio, msg, msgSz), msgSz);
-    ExpectIntNE(BIO_read(bio, reply, sizeof(reply)), 0);
-    ret = wolfSSL_get_error(ssl, -1);
-    if (ret == WOLFSSL_ERROR_WANT_READ || ret == WOLFSSL_ERROR_WANT_WRITE) {
-        ExpectIntNE(BIO_should_retry(bio), 0);
-
-        if (ret == WOLFSSL_ERROR_WANT_READ)
-            ExpectIntEQ(BIO_should_read(bio), 1);
-        else
-            ExpectIntEQ(BIO_should_read(bio), 0);
-
-        if (ret == WOLFSSL_ERROR_WANT_WRITE)
-            ExpectIntEQ(BIO_should_write(bio), 1);
-        else
-            ExpectIntEQ(BIO_should_write(bio), 0);
-    }
-    else {
-        ExpectIntEQ(BIO_should_retry(bio), 0);
-        ExpectIntEQ(BIO_should_read(bio), 0);
-        ExpectIntEQ(BIO_should_write(bio), 0);
-    }
-    ExpectIntEQ(XMEMCMP(reply, "I hear you fa shizzle!",
-                XSTRLEN("I hear you fa shizzle!")), 0);
-    BIO_free(bio);
-    wolfSSL_CTX_free(ctx);
-
-    CloseSocket(sockfd);
-
-    join_thread(serverThread);
-    FreeTcpReady(&ready);
-
-#ifdef WOLFSSL_TIRTOS
-    fdOpenSession(Task_self());
-#endif
-#endif
-    return EXPECT_RESULT();
-}
-
-static int test_wolfSSL_BIO_connect(void)
-{
-    EXPECT_DECLS;
-#if defined(OPENSSL_ALL) && defined(HAVE_IO_TESTS_DEPENDENCIES) && \
-            defined(HAVE_HTTP_CLIENT) && !defined(NO_WOLFSSL_CLIENT)
-    tcp_ready ready;
-    func_args server_args;
-    THREAD_TYPE serverThread;
-    BIO *tcpBio = NULL;
-    BIO *sslBio = NULL;
-    SSL_CTX* ctx = NULL;
-    SSL *ssl = NULL;
-    SSL *sslPtr;
-    char msg[] = "hello wolfssl!";
-    char reply[30];
-    char buff[10] = {0};
-
-    ExpectNotNull(ctx = wolfSSL_CTX_new(wolfSSLv23_client_method()));
-    ExpectIntEQ(WOLFSSL_SUCCESS,
-            wolfSSL_CTX_load_verify_locations(ctx, caCertFile, 0));
-    ExpectIntEQ(WOLFSSL_SUCCESS,
-          wolfSSL_CTX_use_certificate_file(ctx, cliCertFile, SSL_FILETYPE_PEM));
-    ExpectIntEQ(WOLFSSL_SUCCESS,
-            wolfSSL_CTX_use_PrivateKey_file(ctx, cliKeyFile, SSL_FILETYPE_PEM));
-
-    /* Setup server */
-    XMEMSET(&server_args, 0, sizeof(func_args));
-    StartTCP();
-    InitTcpReady(&ready);
-#if defined(USE_WINDOWS_API)
-    /* use RNG to get random port if using windows */
-    ready.port = GetRandomPort();
-#endif
-    server_args.signal = &ready;
-    start_thread(test_server_nofail, &server_args, &serverThread);
-    wait_tcp_ready(&server_args);
-    ExpectIntGT(XSNPRINTF(buff, sizeof(buff), "%d", ready.port), 0);
-
-    /* Start the test proper */
-    /* Setup the TCP BIO */
-    ExpectNotNull(tcpBio = BIO_new_connect(wolfSSLIP));
-    ExpectIntEQ(BIO_set_conn_port(tcpBio, buff), 1);
-    /* Setup the SSL object */
-    ExpectNotNull(ssl = SSL_new(ctx));
-    SSL_set_connect_state(ssl);
-    /* Setup the SSL BIO */
-    ExpectNotNull(sslBio = BIO_new(BIO_f_ssl()));
-    ExpectIntEQ(BIO_set_ssl(sslBio, ssl, BIO_CLOSE), 1);
-    if (EXPECT_FAIL()) {
-        wolfSSL_free(ssl);
-    }
-    /* Verify that BIO_get_ssl works. */
-    ExpectIntEQ(BIO_get_ssl(sslBio, &sslPtr), 1);
-    ExpectPtrEq(ssl, sslPtr);
-    /* Link BIO's so that sslBio uses tcpBio for IO */
-    ExpectPtrEq(BIO_push(sslBio, tcpBio), sslBio);
-    /* Do TCP connect */
-    ExpectIntEQ(BIO_do_connect(sslBio), 1);
-    /* Do TLS handshake */
-    ExpectIntEQ(BIO_do_handshake(sslBio), 1);
-    /* Test writing */
-    ExpectIntEQ(BIO_write(sslBio, msg, sizeof(msg)), sizeof(msg));
-    /* Expect length of default wolfSSL reply */
-    ExpectIntEQ(BIO_read(sslBio, reply, sizeof(reply)), 23);
-
-    /* Clean it all up */
-    BIO_free_all(sslBio);
-    /* Server clean up */
-    join_thread(serverThread);
-    FreeTcpReady(&ready);
-
-    /* Run the same test, but use BIO_new_ssl_connect and set the IP and port
-     * after. */
-    XMEMSET(&server_args, 0, sizeof(func_args));
-    StartTCP();
-    InitTcpReady(&ready);
-#if defined(USE_WINDOWS_API)
-    /* use RNG to get random port if using windows */
-    ready.port = GetRandomPort();
-#endif
-    server_args.signal = &ready;
-    start_thread(test_server_nofail, &server_args, &serverThread);
-    wait_tcp_ready(&server_args);
-    ExpectIntGT(XSNPRINTF(buff, sizeof(buff), "%d", ready.port), 0);
-
-    ExpectNotNull(sslBio = BIO_new_ssl_connect(ctx));
-    ExpectIntEQ(BIO_set_conn_hostname(sslBio, (char*)wolfSSLIP), 1);
-    ExpectIntEQ(BIO_set_conn_port(sslBio, buff), 1);
-    ExpectIntEQ(BIO_do_connect(sslBio), 1);
-    ExpectIntEQ(BIO_do_handshake(sslBio), 1);
-    ExpectIntEQ(BIO_write(sslBio, msg, sizeof(msg)), sizeof(msg));
-    ExpectIntEQ(BIO_read(sslBio, reply, sizeof(reply)), 23);
-    /* Attempt to close the TLS connection gracefully. */
-    BIO_ssl_shutdown(sslBio);
-
-    BIO_free_all(sslBio);
-    join_thread(serverThread);
-    FreeTcpReady(&ready);
-
-    SSL_CTX_free(ctx);
-
-#if defined(HAVE_ECC) && defined(FP_ECC) && defined(HAVE_THREAD_LS)
-    wc_ecc_fp_free();  /* free per thread cache */
-#endif
-#endif
-    return EXPECT_RESULT();
-}
-
-
-static int test_wolfSSL_BIO_tls(void)
-{
-    EXPECT_DECLS;
-#if !defined(NO_BIO) && defined(OPENSSL_EXTRA) && \
-    !defined(NO_WOLFSSL_CLIENT) && !defined(NO_TLS)
-    SSL_CTX* ctx = NULL;
-    SSL *ssl = NULL;
-    BIO *readBio = NULL;
-    BIO *writeBio = NULL;
-    int ret;
-    int err = 0;
-
-    ExpectNotNull(ctx = SSL_CTX_new(SSLv23_method()));
-    ExpectNotNull(ssl = SSL_new(ctx));
-
-    ExpectNotNull(readBio = BIO_new(BIO_s_mem()));
-    ExpectNotNull(writeBio = BIO_new(BIO_s_mem()));
-    /* Qt reads data from write-bio,
-     * then writes the read data into plain packet.
-     * Qt reads data from plain packet,
-     * then writes the read data into read-bio.
-     */
-    SSL_set_bio(ssl, readBio, writeBio);
-
-    do {
-    #ifdef WOLFSSL_ASYNC_CRYPT
-        if (err == WC_NO_ERR_TRACE(WC_PENDING_E)) {
-            ret = wolfSSL_AsyncPoll(ssl, WOLF_POLL_FLAG_CHECK_HW);
-            if (ret < 0) { break; } else if (ret == 0) { continue; }
-        }
-    #endif
-        ret = SSL_connect(ssl);
-        err = SSL_get_error(ssl, 0);
-    } while (err == WC_NO_ERR_TRACE(WC_PENDING_E));
-    ExpectIntEQ(ret, WC_NO_ERR_TRACE(WOLFSSL_FATAL_ERROR));
-    /* in this use case, should return WANT READ
-     * so that Qt will read the data from plain packet for next state.
-     */
-    ExpectIntEQ(err, SSL_ERROR_WANT_READ);
-
-    SSL_free(ssl);
-    SSL_CTX_free(ctx);
-#endif
-    return EXPECT_RESULT();
-}
-
-
-static int test_wolfSSL_BIO_datagram(void)
-{
-    EXPECT_DECLS;
-#if !defined(NO_BIO) && defined(WOLFSSL_DTLS) && defined(WOLFSSL_HAVE_BIO_ADDR) && defined(OPENSSL_EXTRA)
-    int ret;
-    SOCKET_T fd1 = SOCKET_INVALID, fd2 = SOCKET_INVALID;
-    WOLFSSL_BIO *bio1 = NULL, *bio2 = NULL;
-    WOLFSSL_BIO_ADDR *bio_addr1 = NULL, *bio_addr2 = NULL;
-    SOCKADDR_IN sin1, sin2;
-    socklen_t slen;
-    static const char test_msg[] = "I am a datagram, short and stout.";
-    char test_msg_recvd[sizeof(test_msg) + 10];
-#ifdef USE_WINDOWS_API
-    static const DWORD timeout = 250; /* ms */
-#else
-    static const struct timeval timeout = { 0, 250000 };
-#endif
-
-    StartTCP();
-
-    if (EXPECT_SUCCESS()) {
-        fd1 = socket(AF_INET, SOCK_DGRAM, IPPROTO_UDP);
-        ExpectIntNE(fd1, SOCKET_INVALID);
-    }
-    if (EXPECT_SUCCESS()) {
-        fd2 = socket(AF_INET, SOCK_DGRAM, IPPROTO_UDP);
-        ExpectIntNE(fd2, SOCKET_INVALID);
-    }
-
-    if (EXPECT_SUCCESS()) {
-        bio1 = wolfSSL_BIO_new_dgram(fd1, 1 /* closeF */);
-        ExpectNotNull(bio1);
-    }
-
-    if (EXPECT_SUCCESS()) {
-        bio2 = wolfSSL_BIO_new_dgram(fd2, 1 /* closeF */);
-        ExpectNotNull(bio2);
-    }
-
-    if (EXPECT_SUCCESS()) {
-        sin1.sin_family = AF_INET;
-        sin1.sin_addr.s_addr = htonl(INADDR_LOOPBACK);
-        sin1.sin_port = 0;
-        slen = (socklen_t)sizeof(sin1);
-        ExpectIntEQ(bind(fd1, (const struct sockaddr *)&sin1, slen), 0);
-        ExpectIntEQ(setsockopt(fd1, SOL_SOCKET, SO_RCVTIMEO, (const char *)&timeout, sizeof(timeout)), 0);
-        ExpectIntEQ(getsockname(fd1, (struct sockaddr *)&sin1, &slen), 0);
-    }
-
-    if (EXPECT_SUCCESS()) {
-        sin2.sin_family = AF_INET;
-        sin2.sin_addr.s_addr = htonl(INADDR_LOOPBACK);
-        sin2.sin_port = 0;
-        slen = (socklen_t)sizeof(sin2);
-        ExpectIntEQ(bind(fd2, (const struct sockaddr *)&sin2, slen), 0);
-        ExpectIntEQ(setsockopt(fd2, SOL_SOCKET, SO_RCVTIMEO, (const char *)&timeout, sizeof(timeout)), 0);
-        ExpectIntEQ(getsockname(fd2, (struct sockaddr *)&sin2, &slen), 0);
-    }
-
-    if (EXPECT_SUCCESS()) {
-        bio_addr1 = wolfSSL_BIO_ADDR_new();
-        ExpectNotNull(bio_addr1);
-    }
-
-    if (EXPECT_SUCCESS()) {
-        bio_addr2 = wolfSSL_BIO_ADDR_new();
-        ExpectNotNull(bio_addr2);
-    }
-
-    if (EXPECT_SUCCESS()) {
-        /* for OpenSSL compatibility, direct copying of sockaddrs into BIO_ADDRs must work right. */
-        XMEMCPY(&bio_addr2->sa_in, &sin2, sizeof(sin2));
-        ExpectIntEQ((int)wolfSSL_BIO_ctrl(bio1, BIO_CTRL_DGRAM_SET_PEER, 0, bio_addr2), WOLFSSL_SUCCESS);
-        wolfSSL_BIO_ADDR_clear(bio_addr2);
-    }
-
-    test_msg_recvd[0] = 0;
-    ExpectIntEQ(wolfSSL_BIO_write(bio1, test_msg, sizeof(test_msg)), (int)sizeof(test_msg));
-    ExpectIntEQ(wolfSSL_BIO_read(bio2, test_msg_recvd, sizeof(test_msg_recvd)), (int)sizeof(test_msg));
-    ExpectIntEQ(XMEMCMP(test_msg_recvd, test_msg, sizeof(test_msg)), 0);
-
-#ifdef WOLFSSL_BIO_HAVE_FLOW_STATS
-    ExpectIntEQ(wolfSSL_BIO_number_written(bio1), sizeof(test_msg));
-    ExpectIntEQ(wolfSSL_BIO_number_read(bio2), sizeof(test_msg));
-#endif
-
-    /* bio2 should now have bio1's addr stored as its peer_addr, because the
-     * BIOs aren't "connected" yet.  use it to send a reply.
-     */
-
-    test_msg_recvd[0] = 0;
-    ExpectIntEQ(wolfSSL_BIO_write(bio2, test_msg, sizeof(test_msg)), (int)sizeof(test_msg));
-    ExpectIntEQ(wolfSSL_BIO_read(bio1, test_msg_recvd, sizeof(test_msg_recvd)), (int)sizeof(test_msg));
-    ExpectIntEQ(XMEMCMP(test_msg_recvd, test_msg, sizeof(test_msg)), 0);
-
-    ExpectIntEQ(wolfSSL_BIO_read(bio1, test_msg_recvd, sizeof(test_msg_recvd)), WOLFSSL_BIO_ERROR);
-    ExpectIntNE(BIO_should_retry(bio1), 0);
-
-    ExpectIntEQ(wolfSSL_BIO_read(bio2, test_msg_recvd, sizeof(test_msg_recvd)), WOLFSSL_BIO_ERROR);
-    ExpectIntNE(BIO_should_retry(bio2), 0);
-
-    /* now "connect" the sockets. */
-
-    ExpectIntEQ(connect(fd1, (const struct sockaddr *)&sin2, (socklen_t)sizeof(sin2)), 0);
-    ExpectIntEQ(connect(fd2, (const struct sockaddr *)&sin1, (socklen_t)sizeof(sin1)), 0);
-
-    if (EXPECT_SUCCESS()) {
-        XMEMCPY(&bio_addr2->sa_in, &sin2, sizeof(sin2));
-        ExpectIntEQ((int)wolfSSL_BIO_ctrl(bio1, BIO_CTRL_DGRAM_SET_CONNECTED, 0, bio_addr2), WOLFSSL_SUCCESS);
-        wolfSSL_BIO_ADDR_clear(bio_addr2);
-    }
-
-    if (EXPECT_SUCCESS()) {
-        XMEMCPY(&bio_addr1->sa_in, &sin1, sizeof(sin1));
-        ExpectIntEQ((int)wolfSSL_BIO_ctrl(bio2, BIO_CTRL_DGRAM_SET_CONNECTED, 0, bio_addr1), WOLFSSL_SUCCESS);
-        wolfSSL_BIO_ADDR_clear(bio_addr1);
-    }
-
-    test_msg_recvd[0] = 0;
-    ExpectIntEQ(wolfSSL_BIO_write(bio2, test_msg, sizeof(test_msg)), (int)sizeof(test_msg));
-    ExpectIntEQ(wolfSSL_BIO_read(bio1, test_msg_recvd, sizeof(test_msg_recvd)), (int)sizeof(test_msg));
-    ExpectIntEQ(XMEMCMP(test_msg_recvd, test_msg, sizeof(test_msg)), 0);
-
-    test_msg_recvd[0] = 0;
-    ExpectIntEQ(wolfSSL_BIO_write(bio1, test_msg, sizeof(test_msg)), (int)sizeof(test_msg));
-    ExpectIntEQ(wolfSSL_BIO_read(bio2, test_msg_recvd, sizeof(test_msg_recvd)), (int)sizeof(test_msg));
-    ExpectIntEQ(XMEMCMP(test_msg_recvd, test_msg, sizeof(test_msg)), 0);
-
-#ifdef __linux__
-    /* now "disconnect" the sockets and attempt transmits expected to fail. */
-
-    sin1.sin_family = AF_UNSPEC;
-    ExpectIntEQ(connect(fd1, (const struct sockaddr *)&sin1, (socklen_t)sizeof(sin1)), 0);
-    ExpectIntEQ(connect(fd2, (const struct sockaddr *)&sin1, (socklen_t)sizeof(sin1)), 0);
-    sin1.sin_family = AF_INET;
-
-    ExpectIntEQ((int)wolfSSL_BIO_ctrl(bio1, BIO_CTRL_DGRAM_SET_CONNECTED, 0, NULL), WOLFSSL_SUCCESS);
-    ExpectIntEQ((int)wolfSSL_BIO_ctrl(bio2, BIO_CTRL_DGRAM_SET_CONNECTED, 0, NULL), WOLFSSL_SUCCESS);
-
-    if (EXPECT_SUCCESS()) {
-        sin2.sin_addr.s_addr = htonl(0xc0a8c0a8); /* 192.168.192.168 -- invalid for loopback interface. */
-        XMEMCPY(&bio_addr2->sa_in, &sin2, sizeof(sin2));
-        ExpectIntEQ((int)wolfSSL_BIO_ctrl(bio1, BIO_CTRL_DGRAM_SET_PEER, 0, bio_addr2), WOLFSSL_SUCCESS);
-        wolfSSL_BIO_ADDR_clear(bio_addr2);
-    }
-
-    test_msg_recvd[0] = 0;
-    errno = 0;
-    ExpectIntEQ(wolfSSL_BIO_write(bio1, test_msg, sizeof(test_msg)), -1);
-    ExpectTrue((errno == EINVAL) || (errno == ENETUNREACH));
-
-#endif /* __linux__ */
-
-
-    if (bio1) {
-        ret = wolfSSL_BIO_free(bio1);
-        ExpectIntEQ(ret, WOLFSSL_SUCCESS);
-    } else if (fd1 != SOCKET_INVALID)
-        CloseSocket(fd1);
-    if (bio2) {
-        ret = wolfSSL_BIO_free(bio2);
-        ExpectIntEQ(ret, WOLFSSL_SUCCESS);
-    } else if (fd2 != SOCKET_INVALID)
-        CloseSocket(fd2);
-    if (bio_addr1)
-        wolfSSL_BIO_ADDR_free(bio_addr1);
-    if (bio_addr2)
-        wolfSSL_BIO_ADDR_free(bio_addr2);
-
-#endif /* !NO_BIO && WOLFSSL_DTLS && WOLFSSL_HAVE_BIO_ADDR && OPENSSL_EXTRA */
-
-    return EXPECT_RESULT();
-}
-
-static int test_wolfSSL_BIO_s_null(void)
-{
-    EXPECT_DECLS;
-#if !defined(NO_BIO) && defined(OPENSSL_EXTRA)
-    BIO *b = NULL;
-    char testData[10] = {'t','e','s','t',0};
-
-    ExpectNotNull(b = BIO_new(BIO_s_null()));
-    ExpectIntEQ(BIO_write(b, testData, sizeof(testData)), sizeof(testData));
-    ExpectIntEQ(BIO_read(b, testData, sizeof(testData)), 0);
-    ExpectIntEQ(BIO_puts(b, testData), 4);
-    ExpectIntEQ(BIO_gets(b, testData, sizeof(testData)), 0);
-    ExpectIntEQ(BIO_pending(b), 0);
-    ExpectIntEQ(BIO_eof(b), 1);
-
-    BIO_free(b);
-#endif
-    return EXPECT_RESULT();
-}
-
-#if defined(OPENSSL_ALL) && defined(HAVE_IO_TESTS_DEPENDENCIES) && \
-    defined(HAVE_HTTP_CLIENT)
-static THREAD_RETURN WOLFSSL_THREAD test_wolfSSL_BIO_accept_client(void* args)
-{
-    BIO* clientBio;
-    SSL* sslClient;
-    SSL_CTX* ctx;
-    char connectAddr[20]; /* IP + port */;
-
-    (void)args;
-
-    AssertIntGT(snprintf(connectAddr, sizeof(connectAddr), "%s:%d", wolfSSLIP, wolfSSLPort), 0);
-    clientBio = BIO_new_connect(connectAddr);
-    AssertNotNull(clientBio);
-    AssertIntEQ(BIO_do_connect(clientBio), 1);
-    ctx = SSL_CTX_new(SSLv23_method());
-    AssertNotNull(ctx);
-    sslClient = SSL_new(ctx);
-    AssertNotNull(sslClient);
-    AssertIntEQ(wolfSSL_CTX_load_verify_locations(ctx, caCertFile, 0), WOLFSSL_SUCCESS);
-    SSL_set_bio(sslClient, clientBio, clientBio);
-    AssertIntEQ(SSL_connect(sslClient), 1);
-
-    SSL_free(sslClient);
-    SSL_CTX_free(ctx);
-
-#if defined(HAVE_ECC) && defined(FP_ECC) && defined(HAVE_THREAD_LS)
-    wc_ecc_fp_free();  /* free per thread cache */
-#endif
-
-    WOLFSSL_RETURN_FROM_THREAD(0);
-}
-#endif
-
-static int test_wolfSSL_BIO_accept(void)
-{
-    EXPECT_DECLS;
-#if defined(OPENSSL_ALL) && defined(HAVE_IO_TESTS_DEPENDENCIES) && \
-    defined(HAVE_HTTP_CLIENT)
-    BIO* serverBindBio = NULL;
-    BIO* serverAcceptBio = NULL;
-    SSL* sslServer = NULL;
-    SSL_CTX* ctx = NULL;
-    func_args args;
-    THREAD_TYPE thread;
-    char port[10]; /* 10 bytes should be enough to store the string
-                    * representation of the port */
-
-    ExpectIntGT(snprintf(port, sizeof(port), "%d", wolfSSLPort), 0);
-    ExpectNotNull(serverBindBio = BIO_new_accept(port));
-
-    /* First BIO_do_accept binds the port */
-    ExpectIntEQ(BIO_do_accept(serverBindBio), 1);
-
-    XMEMSET(&args, 0, sizeof(func_args));
-    start_thread(test_wolfSSL_BIO_accept_client, &args, &thread);
-
-    ExpectIntEQ(BIO_do_accept(serverBindBio), 1);
-    /* Let's plug it into SSL to test */
-    ExpectNotNull(ctx = SSL_CTX_new(SSLv23_method()));
-    ExpectIntEQ(wolfSSL_CTX_use_certificate_file(ctx, svrCertFile,
-        SSL_FILETYPE_PEM), WOLFSSL_SUCCESS);
-    ExpectIntEQ(wolfSSL_CTX_use_PrivateKey_file(ctx, svrKeyFile,
-        SSL_FILETYPE_PEM), WOLFSSL_SUCCESS);
-    ExpectNotNull(sslServer = SSL_new(ctx));
-    ExpectNotNull(serverAcceptBio = BIO_pop(serverBindBio));
-    SSL_set_bio(sslServer, serverAcceptBio, serverAcceptBio);
-    ExpectIntEQ(SSL_accept(sslServer), 1);
-
-    join_thread(thread);
-
-    BIO_free(serverBindBio);
-    SSL_free(sslServer);
-    SSL_CTX_free(ctx);
-
-#if defined(HAVE_ECC) && defined(FP_ECC) && defined(HAVE_THREAD_LS)
-    wc_ecc_fp_free();  /* free per thread cache */
-#endif
-#endif
-    return EXPECT_RESULT();
-}
-
-static int test_wolfSSL_BIO_write(void)
-{
-    EXPECT_DECLS;
-#if defined(OPENSSL_EXTRA) && defined(WOLFSSL_BASE64_ENCODE)
-    BIO* bio = NULL;
-    BIO* bio64 = NULL;
-    BIO* bio_mem = NULL;
-    BIO* ptr = NULL;
-    int  sz;
-    char msg[] = "conversion test";
-    char out[40];
-    char expected[] = "Y29udmVyc2lvbiB0ZXN0AA==\n";
-    void* bufPtr = NULL;
-    BUF_MEM* buf = NULL;
-
-    ExpectNotNull(bio64 = BIO_new(BIO_f_base64()));
-    ExpectNotNull(bio   = BIO_push(bio64, BIO_new(BIO_s_mem())));
-    if (EXPECT_FAIL()) {
-        BIO_free(bio64);
-    }
-
-    /* now should convert to base64 then write to memory */
-    ExpectIntEQ(BIO_write(bio, msg, sizeof(msg)), sizeof(msg));
-    BIO_flush(bio);
-
-    /* test BIO chain */
-    ExpectIntEQ(SSL_SUCCESS, (int)BIO_get_mem_ptr(bio, &buf));
-    ExpectNotNull(buf);
-    ExpectIntEQ(buf->length, 25);
-    ExpectIntEQ(BIO_get_mem_data(bio, &bufPtr), 25);
-    ExpectPtrEq(buf->data, bufPtr);
-
-    ExpectNotNull(ptr = BIO_find_type(bio, BIO_TYPE_MEM));
-    sz = sizeof(out);
-    XMEMSET(out, 0, sz);
-    ExpectIntEQ((sz = BIO_read(ptr, out, sz)), 25);
-    ExpectIntEQ(XMEMCMP(out, expected, sz), 0);
-
-    /* write then read should return the same message */
-    ExpectIntEQ(BIO_write(bio, msg, sizeof(msg)), sizeof(msg));
-    sz = sizeof(out);
-    XMEMSET(out, 0, sz);
-    ExpectIntEQ(BIO_read(bio, out, sz), 16);
-    ExpectIntEQ(XMEMCMP(out, msg, sizeof(msg)), 0);
-
-    /* now try encoding with no line ending */
-    BIO_set_flags(bio64, BIO_FLAGS_BASE64_NO_NL);
-#ifdef HAVE_EX_DATA
-    BIO_set_ex_data(bio64, 0, (void*) "data");
-    ExpectIntEQ(strcmp((const char*)BIO_get_ex_data(bio64, 0), "data"), 0);
-#endif
-    ExpectIntEQ(BIO_write(bio, msg, sizeof(msg)), sizeof(msg));
-    BIO_flush(bio);
-    sz = sizeof(out);
-    XMEMSET(out, 0, sz);
-    ExpectIntEQ((sz = BIO_read(ptr, out, sz)), 24);
-    ExpectIntEQ(XMEMCMP(out, expected, sz), 0);
-
-    BIO_free_all(bio); /* frees bio64 also */
-    bio = NULL;
-
-    /* test with more than one bio64 in list */
-    ExpectNotNull(bio64 = BIO_new(BIO_f_base64()));
-    ExpectNotNull(bio   = BIO_push(BIO_new(BIO_f_base64()), bio64));
-    if (EXPECT_FAIL()) {
-        BIO_free_all(bio);
-        bio = NULL;
-        bio64 = NULL;
-    }
-    ExpectNotNull(bio_mem = BIO_new(BIO_s_mem()));
-    ExpectNotNull(BIO_push(bio64, bio_mem));
-    if (EXPECT_FAIL()) {
-        BIO_free(bio_mem);
-    }
-
-    /* now should convert to base64 when stored and then decode with read */
-    if (bio == NULL) {
-        ExpectNotNull(bio = BIO_new(BIO_f_base64()));
-    }
-    ExpectIntEQ(BIO_write(bio, msg, sizeof(msg)), 25);
-    BIO_flush(bio);
-    sz = sizeof(out);
-    XMEMSET(out, 0, sz);
-    ExpectIntEQ((sz = BIO_read(bio, out, sz)), 16);
-    ExpectIntEQ(XMEMCMP(out, msg, sz), 0);
-    BIO_clear_flags(bio64, ~0);
-    BIO_set_retry_read(bio);
-    BIO_free_all(bio); /* frees bio64s also */
-    bio = NULL;
-
-    ExpectNotNull(bio = BIO_new_mem_buf(out, 0));
-    ExpectIntEQ(BIO_write(bio, msg, sizeof(msg)), sizeof(msg));
-    BIO_free(bio);
-#endif
-    return EXPECT_RESULT();
-}
-
-
-static int test_wolfSSL_BIO_printf(void)
-{
-    EXPECT_DECLS;
-#if defined(OPENSSL_ALL)
-    BIO* bio = NULL;
-    int  sz = 7;
-    char msg[] = "TLS 1.3 for the world";
-    char out[60];
-    char expected[] = "TLS 1.3 for the world : sz = 7";
-
-    XMEMSET(out, 0, sizeof(out));
-    ExpectNotNull(bio = BIO_new(BIO_s_mem()));
-    ExpectIntEQ(BIO_printf(bio, "%s : sz = %d", msg, sz), 30);
-    ExpectIntEQ(BIO_printf(NULL, ""), WC_NO_ERR_TRACE(WOLFSSL_FATAL_ERROR));
-    ExpectIntEQ(BIO_read(bio, out, sizeof(out)), 30);
-    ExpectIntEQ(XSTRNCMP(out, expected, sizeof(expected)), 0);
-    BIO_free(bio);
-#endif
-    return EXPECT_RESULT();
-}
-
-static int test_wolfSSL_BIO_f_md(void)
-{
-    EXPECT_DECLS;
-#if defined(OPENSSL_ALL) && !defined(NO_SHA256)
-    BIO* bio = NULL;
-    BIO* mem = NULL;
-    char msg[] = "message to hash";
-    char out[60];
-    EVP_MD_CTX* ctx = NULL;
-    const unsigned char testKey[] =
-    {
-        0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b,
-        0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b,
-        0x0b, 0x0b, 0x0b, 0x0b
-    };
-    const char testData[] = "Hi There";
-    const unsigned char testResult[] =
-    {
-        0xb0, 0x34, 0x4c, 0x61, 0xd8, 0xdb, 0x38, 0x53,
-        0x5c, 0xa8, 0xaf, 0xce, 0xaf, 0x0b, 0xf1, 0x2b,
-        0x88, 0x1d, 0xc2, 0x00, 0xc9, 0x83, 0x3d, 0xa7,
-        0x26, 0xe9, 0x37, 0x6c, 0x2e, 0x32, 0xcf, 0xf7
-    };
-    const unsigned char expectedHash[] =
-    {
-       0x66, 0x49, 0x3C, 0xE8, 0x8A, 0x57, 0xB0, 0x60,
-       0xDC, 0x55, 0x7D, 0xFC, 0x1F, 0xA5, 0xE5, 0x07,
-       0x70, 0x5A, 0xF6, 0xD7, 0xC4, 0x1F, 0x1A, 0xE4,
-       0x2D, 0xA6, 0xFD, 0xD1, 0x29, 0x7D, 0x60, 0x0D
-    };
-    const unsigned char emptyHash[] =
-    {
-        0xE3, 0xB0, 0xC4, 0x42, 0x98, 0xFC, 0x1C, 0x14,
-        0x9A, 0xFB, 0xF4, 0xC8, 0x99, 0x6F, 0xB9, 0x24,
-        0x27, 0xAE, 0x41, 0xE4, 0x64, 0x9B, 0x93, 0x4C,
-        0xA4, 0x95, 0x99, 0x1B, 0x78, 0x52, 0xB8, 0x55
-    };
-    unsigned char check[sizeof(testResult) + 1];
-    size_t checkSz = sizeof(check);
-    EVP_PKEY* key = NULL;
-
-    XMEMSET(out, 0, sizeof(out));
-    ExpectNotNull(bio = BIO_new(BIO_f_md()));
-    ExpectNotNull(mem = BIO_new(BIO_s_mem()));
-
-    ExpectIntEQ(BIO_get_md_ctx(bio, &ctx), 1);
-    ExpectIntEQ(EVP_DigestInit(ctx, EVP_sha256()), 1);
-
-    /* should not be able to write/read yet since just digest wrapper and no
-     * data is passing through the bio */
-    ExpectIntEQ(BIO_write(bio, msg, 0), 0);
-    ExpectIntEQ(BIO_pending(bio), 0);
-    ExpectIntEQ(BIO_read(bio, out, sizeof(out)), 0);
-    ExpectIntEQ(BIO_gets(bio, out, 3), 0);
-    ExpectIntEQ(BIO_gets(bio, out, sizeof(out)), 32);
-    ExpectIntEQ(XMEMCMP(emptyHash, out, 32), 0);
-    BIO_reset(bio);
-
-    /* append BIO mem to bio in order to read/write */
-    ExpectNotNull(bio = BIO_push(bio, mem));
-
-    XMEMSET(out, 0, sizeof(out));
-    ExpectIntEQ(BIO_write(mem, msg, sizeof(msg)), 16);
-    ExpectIntEQ(BIO_pending(bio), 16);
-
-    /* this just reads the message and does not hash it (gets calls final) */
-    ExpectIntEQ(BIO_read(bio, out, sizeof(out)), 16);
-    ExpectIntEQ(XMEMCMP(out, msg, sizeof(msg)), 0);
-
-    /* create a message digest using BIO */
-    XMEMSET(out, 0, sizeof(out));
-    ExpectIntEQ(BIO_write(bio, msg, sizeof(msg)), 16);
-    ExpectIntEQ(BIO_pending(mem), 16);
-    ExpectIntEQ(BIO_pending(bio), 16);
-    ExpectIntEQ(BIO_gets(bio, out, sizeof(out)), 32);
-    ExpectIntEQ(XMEMCMP(expectedHash, out, 32), 0);
-    BIO_free(bio);
-    bio = NULL;
-    BIO_free(mem);
-    mem = NULL;
-
-    /* test with HMAC */
-    XMEMSET(out, 0, sizeof(out));
-    ExpectNotNull(bio = BIO_new(BIO_f_md()));
-    ExpectNotNull(mem = BIO_new(BIO_s_mem()));
-    BIO_get_md_ctx(bio, &ctx);
-    ExpectNotNull(key = EVP_PKEY_new_mac_key(EVP_PKEY_HMAC, NULL, testKey,
-        (int)sizeof(testKey)));
-    EVP_DigestSignInit(ctx, NULL, EVP_sha256(), NULL, key);
-    ExpectNotNull(bio = BIO_push(bio, mem));
-    BIO_write(bio, testData, (int)strlen(testData));
-    checkSz = sizeof(check);
-    ExpectIntEQ(EVP_DigestSignFinal(ctx, NULL, &checkSz), 1);
-    checkSz = sizeof(check);
-    ExpectIntEQ(EVP_DigestSignFinal(ctx, check, &checkSz), 1);
-
-    ExpectIntEQ(XMEMCMP(check, testResult, sizeof(testResult)), 0);
-
-    EVP_PKEY_free(key);
-    BIO_free(bio);
-    BIO_free(mem);
-#endif
-    return EXPECT_RESULT();
-}
-
-static int test_wolfSSL_BIO_up_ref(void)
-{
-    EXPECT_DECLS;
-#if defined(OPENSSL_ALL) || defined(OPENSSL_EXTRA)
-    BIO* bio = NULL;
-
-    ExpectNotNull(bio = BIO_new(BIO_f_md()));
-    ExpectIntEQ(BIO_up_ref(NULL), 0);
-    ExpectIntEQ(BIO_up_ref(bio), 1);
-    BIO_free(bio);
-    ExpectIntEQ(BIO_up_ref(bio), 1);
-    BIO_free(bio);
-    BIO_free(bio);
-#endif
-    return EXPECT_RESULT();
-}
-static int test_wolfSSL_BIO_reset(void)
-{
-    EXPECT_DECLS;
-#if defined(OPENSSL_ALL) || defined(OPENSSL_EXTRA)
-    BIO* bio = NULL;
-    byte buf[16];
-
-    ExpectNotNull(bio = BIO_new_mem_buf("secure your data",
-        (word32)XSTRLEN("secure your data")));
-    ExpectIntEQ(BIO_read(bio, buf, 6), 6);
-    ExpectIntEQ(XMEMCMP(buf, "secure", 6), 0);
-    XMEMSET(buf, 0, 16);
-    ExpectIntEQ(BIO_read(bio, buf, 16), 10);
-    ExpectIntEQ(XMEMCMP(buf, " your data", 10), 0);
-    /* You cannot write to MEM BIO with read-only mode. */
-    ExpectIntEQ(BIO_write(bio, "WriteToReadonly", 15), 0);
-    ExpectIntEQ(BIO_read(bio, buf, 16), -1);
-    XMEMSET(buf, 0, 16);
-    ExpectIntEQ(BIO_reset(bio), 1);
-    ExpectIntEQ(BIO_read(bio, buf, 16), 16);
-    ExpectIntEQ(XMEMCMP(buf, "secure your data", 16), 0);
-    BIO_free(bio);
-#endif
-    return EXPECT_RESULT();
-}
-#endif /* !NO_BIO */
-
 #if defined(OPENSSL_EXTRA) && defined(HAVE_SSL_MEMIO_TESTS_DEPENDENCIES)
 
 /* test that the callback arg is correct */
@@ -39109,9 +27880,9 @@ static int test_wolfSSL_SESSION(void)
 #endif
 
     ExpectTrue(wolfSSL_CTX_use_certificate_file(ctx, cliCertFile,
-        WOLFSSL_FILETYPE_PEM));
+        CERT_FILETYPE));
     ExpectTrue(wolfSSL_CTX_use_PrivateKey_file(ctx, cliKeyFile,
-        WOLFSSL_FILETYPE_PEM));
+        CERT_FILETYPE));
     ExpectIntEQ(wolfSSL_CTX_load_verify_locations(ctx, caCertFile, 0),
         WOLFSSL_SUCCESS);
 #ifdef WOLFSSL_ENCRYPTED_KEYS
@@ -39144,49 +27915,17 @@ static int test_wolfSSL_SESSION(void)
     tcp_connect(&sockfd, wolfSSLIP, ready.port, 0, 0, ssl);
     ExpectIntEQ(wolfSSL_set_fd(ssl, sockfd), WOLFSSL_SUCCESS);
 
-    #ifdef WOLFSSL_ASYNC_CRYPT
-    err = 0; /* Reset error */
-    #endif
-    do {
-    #ifdef WOLFSSL_ASYNC_CRYPT
-        if (err == WC_NO_ERR_TRACE(WC_PENDING_E)) {
-            ret = wolfSSL_AsyncPoll(ssl, WOLF_POLL_FLAG_CHECK_HW);
-            if (ret < 0) { break; } else if (ret == 0) { continue; }
-        }
-    #endif
-        ret = wolfSSL_connect(ssl);
-        err = wolfSSL_get_error(ssl, 0);
-    } while (err == WC_NO_ERR_TRACE(WC_PENDING_E));
+    WOLFSSL_ASYNC_WHILE_PENDING(ret = wolfSSL_connect(ssl),
+                                ret != WOLFSSL_SUCCESS);
     ExpectIntEQ(ret, WOLFSSL_SUCCESS);
 
-    #ifdef WOLFSSL_ASYNC_CRYPT
-    err = 0; /* Reset error */
-    #endif
-    do {
-    #ifdef WOLFSSL_ASYNC_CRYPT
-        if (err == WC_NO_ERR_TRACE(WC_PENDING_E)) {
-            ret = wolfSSL_AsyncPoll(ssl, WOLF_POLL_FLAG_CHECK_HW);
-            if (ret < 0) { break; } else if (ret == 0) { continue; }
-        }
-    #endif
-        ret = wolfSSL_write(ssl, sendGET, (int)XSTRLEN(sendGET));
-        err = wolfSSL_get_error(ssl, 0);
-    } while (err == WC_NO_ERR_TRACE(WC_PENDING_E));
+    WOLFSSL_ASYNC_WHILE_PENDING(
+        ret = wolfSSL_write(ssl, sendGET, (int)XSTRLEN(sendGET)),
+        ret <= 0);
     ExpectIntEQ(ret, (int)XSTRLEN(sendGET));
 
-    #ifdef WOLFSSL_ASYNC_CRYPT
-    err = 0; /* Reset error */
-    #endif
-    do {
-    #ifdef WOLFSSL_ASYNC_CRYPT
-        if (err == WC_NO_ERR_TRACE(WC_PENDING_E)) {
-            ret = wolfSSL_AsyncPoll(ssl, WOLF_POLL_FLAG_CHECK_HW);
-            if (ret < 0) { break; } else if (ret == 0) { continue; }
-        }
-    #endif
-        ret = wolfSSL_read(ssl, msg, sizeof(msg));
-        err = wolfSSL_get_error(ssl, 0);
-    } while (err == WC_NO_ERR_TRACE(WC_PENDING_E));
+    WOLFSSL_ASYNC_WHILE_PENDING(ret = wolfSSL_read(ssl, msg, sizeof(msg)),
+                                ret != 23);
     ExpectIntEQ(ret, 23);
 
     ExpectPtrNE((sess = wolfSSL_get1_session(ssl)), NULL); /* ref count 1 */
@@ -39287,6 +28026,7 @@ static int test_wolfSSL_SESSION(void)
         const char* ticket = "This is a session ticket";
         char buf[64] = {0};
         word32 bufSz = (word32)sizeof(buf);
+        word32 retSz = 0;
 
         ExpectIntEQ(WOLFSSL_SUCCESS,
             wolfSSL_set_SessionTicket(ssl, (byte *)ticket,
@@ -39294,6 +28034,10 @@ static int test_wolfSSL_SESSION(void)
         ExpectIntEQ(WOLFSSL_SUCCESS,
             wolfSSL_get_SessionTicket(ssl, (byte *)buf, &bufSz));
         ExpectStrEQ(ticket, buf);
+
+        /* return ticket length if buffer parameter is null */
+        wolfSSL_get_SessionTicket(ssl, NULL, &retSz);
+        ExpectIntEQ(bufSz, retSz);
     }
 #endif
 
@@ -40737,71 +29481,11 @@ static int test_wolfSSL_EVP_Cipher_extra(void)
     return EXPECT_RESULT();
 }
 
-static int test_wolfSSL_PEM_read_DHparams(void)
-{
-    EXPECT_DECLS;
-#if defined(OPENSSL_ALL) && !defined(NO_DH) && defined(WOLFSSL_DH_EXTRA) && \
-    !defined(NO_FILESYSTEM)
-    DH* dh = NULL;
-    XFILE fp = XBADFILE;
-    unsigned char derOut[300];
-    unsigned char* derOutBuf = derOut;
-    int derOutSz = 0;
-
-    unsigned char derExpected[300];
-    int derExpectedSz = 0;
-
-    XMEMSET(derOut, 0, sizeof(derOut));
-    XMEMSET(derExpected, 0, sizeof(derExpected));
-
-    /* open DH param file, read into DH struct */
-    ExpectTrue((fp = XFOPEN(dhParamFile, "rb")) != XBADFILE);
-
-    /* bad args */
-    ExpectNull(dh = PEM_read_DHparams(NULL, &dh, NULL, NULL));
-    ExpectNull(dh = PEM_read_DHparams(NULL, NULL, NULL, NULL));
-
-    /* good args */
-    ExpectNotNull(dh = PEM_read_DHparams(fp, &dh, NULL, NULL));
-    if (fp != XBADFILE) {
-        XFCLOSE(fp);
-        fp = XBADFILE;
-    }
-
-    /* read in certs/dh2048.der for comparison against exported params */
-    ExpectTrue((fp = XFOPEN("./certs/dh2048.der", "rb")) != XBADFILE);
-    ExpectIntGT(derExpectedSz = (int)XFREAD(derExpected, 1, sizeof(derExpected),
-        fp), 0);
-    if (fp != XBADFILE) {
-        XFCLOSE(fp);
-        fp = XBADFILE;
-    }
-
-    /* export DH back to DER and compare */
-    derOutSz = wolfSSL_i2d_DHparams(dh, &derOutBuf);
-    ExpectIntEQ(derOutSz, derExpectedSz);
-    ExpectIntEQ(XMEMCMP(derOut, derExpected, derOutSz), 0);
-
-    DH_free(dh);
-    dh = NULL;
-
-    /* Test parsing with X9.42 header */
-    ExpectTrue((fp = XFOPEN("./certs/x942dh2048.pem", "rb")) != XBADFILE);
-    ExpectNotNull(dh = PEM_read_DHparams(fp, &dh, NULL, NULL));
-    if (fp != XBADFILE)
-        XFCLOSE(fp);
-
-    DH_free(dh);
-    dh = NULL;
-#endif
-    return EXPECT_RESULT();
-}
-
-
 static int test_wolfSSL_X509_get_serialNumber(void)
 {
     EXPECT_DECLS;
-#if defined(OPENSSL_EXTRA) && !defined(NO_CERTS) && !defined(NO_RSA)
+#if defined(OPENSSL_EXTRA) && !defined(NO_CERTS) && !defined(NO_RSA) && \
+    !defined(NO_FILESYSTEM)
     ASN1_INTEGER* a = NULL;
     BIGNUM* bn = NULL;
     X509*   x509 = NULL;
@@ -40935,7 +29619,8 @@ static int test_wolfSSL_X509_ext_get_critical_by_NID(void)
 static int test_wolfSSL_X509_CRL_distribution_points(void)
 {
     EXPECT_DECLS;
-#if defined(OPENSSL_EXTRA) && !defined(NO_CERTS) && !defined(NO_RSA)
+#if defined(OPENSSL_EXTRA) && !defined(NO_CERTS) && !defined(NO_RSA) && \
+    !defined(NO_FILESYSTEM)
     WOLFSSL_X509* x509 = NULL;
     const char* file = "./certs/client-crl-dist.pem";
 
@@ -41705,74 +30390,6 @@ static int test_wolfSSL_EVP_PKEY_set1_get1_DSA(void)
     return EXPECT_RESULT();
 } /* END test_EVP_PKEY_set1_get1_DSA */
 
-static int test_wolfSSL_DSA_generate_parameters(void)
-{
-    EXPECT_DECLS;
-#if !defined(NO_DSA) && !defined(HAVE_SELFTEST) && defined(WOLFSSL_KEY_GEN) && \
-    !defined(HAVE_FIPS)
-    DSA *dsa = NULL;
-
-    ExpectNotNull(dsa = DSA_generate_parameters(2048, NULL, 0, NULL, NULL, NULL,
-        NULL));
-    DSA_free(dsa);
-#endif
-    return EXPECT_RESULT();
-}
-
-static int test_wolfSSL_DSA_SIG(void)
-{
-    EXPECT_DECLS;
-#if !defined(NO_DSA) && !defined(HAVE_SELFTEST) && defined(WOLFSSL_KEY_GEN) && \
-    !defined(HAVE_FIPS)
-    DSA          *dsa      = NULL;
-    DSA          *dsa2     = NULL;
-    DSA_SIG      *sig      = NULL;
-    const BIGNUM *p        = NULL;
-    const BIGNUM *q        = NULL;
-    const BIGNUM *g        = NULL;
-    const BIGNUM *pub      = NULL;
-    const BIGNUM *priv     = NULL;
-    BIGNUM       *dup_p    = NULL;
-    BIGNUM       *dup_q    = NULL;
-    BIGNUM       *dup_g    = NULL;
-    BIGNUM       *dup_pub  = NULL;
-    BIGNUM       *dup_priv = NULL;
-    const byte digest[WC_SHA_DIGEST_SIZE] = {0};
-
-    ExpectNotNull(dsa = DSA_new());
-    ExpectIntEQ(DSA_generate_parameters_ex(dsa, 2048, NULL, 0, NULL, NULL,
-         NULL), 1);
-    ExpectIntEQ(DSA_generate_key(dsa), 1);
-    DSA_get0_pqg(dsa, &p, &q, &g);
-    DSA_get0_key(dsa, &pub, &priv);
-    ExpectNotNull(dup_p    = BN_dup(p));
-    ExpectNotNull(dup_q    = BN_dup(q));
-    ExpectNotNull(dup_g    = BN_dup(g));
-    ExpectNotNull(dup_pub  = BN_dup(pub));
-    ExpectNotNull(dup_priv = BN_dup(priv));
-
-    ExpectNotNull(sig = DSA_do_sign(digest, sizeof(digest), dsa));
-    ExpectNotNull(dsa2 = DSA_new());
-    ExpectIntEQ(DSA_set0_pqg(dsa2, dup_p, dup_q, dup_g), 1);
-    if (EXPECT_FAIL()) {
-        BN_free(dup_p);
-        BN_free(dup_q);
-        BN_free(dup_g);
-    }
-    ExpectIntEQ(DSA_set0_key(dsa2, dup_pub, dup_priv), 1);
-    if (EXPECT_FAIL()) {
-        BN_free(dup_pub);
-        BN_free(dup_priv);
-    }
-    ExpectIntEQ(DSA_do_verify(digest, sizeof(digest), sig, dsa2), 1);
-
-    DSA_free(dsa);
-    DSA_free(dsa2);
-    DSA_SIG_free(sig);
-#endif
-    return EXPECT_RESULT();
-}
-
 static int test_wolfSSL_EVP_PKEY_set1_get1_EC_KEY (void)
 {
     EXPECT_DECLS;
@@ -44846,6 +33463,13 @@ static int test_wolfSSL_X509_EXTENSION_get_data(void)
     WOLFSSL_X509_EXTENSION* ext = NULL;
     WOLFSSL_ASN1_STRING* str = NULL;
     XFILE file = XBADFILE;
+#ifndef WOLFSSL_OLD_EXTDATA_FMT
+    const byte ext_data[] = {
+        0x04, 0x14, 0xB3, 0x11, 0x32, 0xC9, 0x92, 0x98,
+        0x84, 0xE2, 0xC9, 0xF8, 0xD0, 0x3B, 0x6E, 0x03,
+        0x42, 0xCA, 0x1F, 0x0E, 0x8E, 0x3C,
+    };
+#endif
 
     ExpectTrue((file = XFOPEN("./certs/server-cert.pem", "rb")) != XBADFILE);
     ExpectNotNull(x509 = wolfSSL_PEM_read_X509(file, NULL, NULL, NULL));
@@ -44856,6 +33480,11 @@ static int test_wolfSSL_X509_EXTENSION_get_data(void)
     ExpectNull(str = wolfSSL_X509_EXTENSION_get_data(NULL));
     ExpectNotNull(str = wolfSSL_X509_EXTENSION_get_data(ext));
 
+#ifndef WOLFSSL_OLD_EXTDATA_FMT
+    ExpectIntEQ(str->length, sizeof (ext_data));
+    ExpectBufEQ(str->data, ext_data, sizeof (ext_data));
+#endif
+
     wolfSSL_X509_free(x509);
 #endif
     return EXPECT_RESULT();
@@ -45178,11 +33807,14 @@ static int test_wolfSSL_d2i_and_i2d_PublicKey_ecc(void)
     unsigned char *tmp = NULL;
     int derLen;
     unsigned char pub_buf[65];
+    unsigned char pub_spki_buf[91];
     const int pub_len = 65;
+    const int pub_spki_len = 91;
     BN_CTX* ctx = NULL;
     EC_GROUP* curve = NULL;
     EC_KEY* ephemeral_key = NULL;
     const EC_POINT* h = NULL;
+    ecc_key *eccKey = NULL;
 
     /* Generate an x963 key pair and get public part into pub_buf */
     ExpectNotNull(ctx = BN_CTX_new());
@@ -45193,6 +33825,17 @@ static int test_wolfSSL_d2i_and_i2d_PublicKey_ecc(void)
     ExpectNotNull(h = EC_KEY_get0_public_key(ephemeral_key));
     ExpectIntEQ(pub_len, EC_POINT_point2oct(curve, h,
         POINT_CONVERSION_UNCOMPRESSED, pub_buf, pub_len, ctx));
+    /* Create an ecc key struct from the point.
+       Use it to create a DER with the appropriate
+       SubjectPublicKeyInfo format. */
+    ExpectNotNull(eccKey = (ecc_key *)XMALLOC(sizeof(*eccKey), NULL,
+        DYNAMIC_TYPE_ECC));
+    ExpectIntEQ(wc_ecc_init(eccKey), 0);
+    ExpectIntEQ(wc_ecc_import_x963(pub_buf, pub_len, eccKey), 0);
+    ExpectIntEQ(derLen = wc_EccPublicKeyDerSize(eccKey, 1),
+        pub_spki_len);
+    ExpectIntEQ(derLen = wc_EccPublicKeyToDer(eccKey, pub_spki_buf,
+        pub_spki_len, 1), pub_spki_len);
     /* Prepare the EVP_PKEY */
     ExpectNotNull(pkey = EVP_PKEY_new());
 
@@ -45204,17 +33847,19 @@ static int test_wolfSSL_d2i_and_i2d_PublicKey_ecc(void)
     /* Check that key can be successfully encoded. */
     ExpectIntGE((derLen = wolfSSL_i2d_PublicKey(pkey, &der)), 0);
     /* Ensure that the encoded version matches the original. */
-    ExpectIntEQ(derLen, pub_len);
-    ExpectIntEQ(XMEMCMP(der, pub_buf, derLen), 0);
+    ExpectIntEQ(derLen, pub_spki_len);
+    ExpectIntEQ(XMEMCMP(der, pub_spki_buf, derLen), 0);
 
     /* Do same test except with pre-allocated buffer to ensure the der pointer
      * is advanced. */
     tmp = der;
     ExpectIntGE((derLen = wolfSSL_i2d_PublicKey(pkey, &tmp)), 0);
-    ExpectIntEQ(derLen, pub_len);
-    ExpectIntEQ(XMEMCMP(der, pub_buf, derLen), 0);
+    ExpectIntEQ(derLen, pub_spki_len);
+    ExpectIntEQ(XMEMCMP(der, pub_spki_buf, derLen), 0);
     ExpectTrue(der + derLen == tmp);
 
+    wc_ecc_free(eccKey);
+    XFREE(eccKey, NULL, DYNAMIC_TYPE_ECC);
     XFREE(der, HEAP_HINT, DYNAMIC_TYPE_OPENSSL);
     EVP_PKEY_free(pkey);
     EC_KEY_free(ephemeral_key);
@@ -46164,6 +34809,194 @@ static int test_wc_CreateEncryptedPKCS8Key(void)
     return EXPECT_RESULT();
 }
 
+static int test_wc_DecryptedPKCS8Key(void)
+{
+    EXPECT_DECLS;
+#if defined(HAVE_PKCS8) && !defined(NO_PWDBASED) && defined(WOLFSSL_AES_256) \
+ && !defined(NO_AES_CBC) && !defined(NO_RSA) && !defined(NO_SHA) && \
+    !defined(NO_ASN_CRYPT)
+    static byte badPkcs5RsaEnc[] = {
+        0x30, 0x82, 0x05, 0x2d, 0x30, 0x57, 0x06, 0x09,
+        0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x05,
+        0x0d, 0x30, 0x4a, 0x30, 0x29, 0x06, 0x09, 0x2a,
+        0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x05, 0x0c,
+        0x30, 0x1c, 0x04, 0x09, 0xad, 0x8f, 0xb7, 0x90,
+        0x43, 0xd9, 0x3f, 0xe5, 0x02, 0x02, 0x04, 0x02,
+        0x02, 0x04, 0x80, 0x30, 0x0c, 0x06, 0x08, 0x2a,
+        0xbc, 0x48, 0x86, 0xf7, 0x0d, 0x02, 0x09, 0x05,
+        0x00, 0x30, 0x1d, 0x06, 0x09, 0x60, 0x86, 0x48,
+        0x01, 0x65, 0x03, 0x04, 0x01, 0x2a, 0x04, 0x10,
+        0x90, 0xf9, 0xa4, 0xd7, 0xf2, 0xae, 0x58, 0xd6,
+        0xe1, 0x7c, 0x60, 0x7b, 0x84, 0xc0, 0x8c, 0x44,
+        0x04, 0x50, 0xc8, 0xd0, 0x03, 0xa7, 0x79, 0xa9,
+        0x11, 0x8b, 0xbd, 0xd6, 0xcb, 0xd9, 0x9e, 0xd7,
+        0x2d, 0xac, 0x2c, 0xb8, 0xc9, 0x5f, 0xe7, 0x8b,
+        0x36, 0x26, 0x26, 0x23, 0x2a, 0x21, 0x25, 0x6f,
+        0xd0, 0x52, 0xd3, 0xeb, 0xff, 0x1f, 0x06, 0xb0,
+        0x40, 0xd1, 0x4b, 0x9e, 0x73, 0xbf, 0x17, 0x24,
+        0x0b, 0x2d, 0xf6, 0x4f, 0xce, 0xb4, 0x47, 0x82,
+        0x7c, 0x23, 0x21, 0xdc, 0x71, 0xc7, 0x1c, 0x71,
+        0xc7, 0x1c, 0x71, 0xc7, 0x1c, 0x71, 0xc7, 0x1c,
+        0x71, 0xc7, 0x1c, 0x71, 0xc7, 0x1c, 0x71, 0xc7,
+        0x1c, 0x71, 0xc7, 0x1c, 0x71, 0xc7, 0x1c, 0x71,
+        0xc7, 0x1c, 0x71, 0xc7, 0x1c, 0x71, 0xc7, 0x07,
+        0x27, 0x82, 0xcd, 0x36, 0xd7, 0xf4, 0xa1, 0xb5,
+        0xc5, 0x17, 0x5f, 0xe6, 0xd0, 0xf3, 0x97, 0x3e,
+        0x1a, 0xcd, 0x39, 0x9d, 0x41, 0xce, 0xed, 0x14,
+        0xdb, 0x3d, 0xa5, 0x7b, 0xd3, 0xcb, 0x93, 0x1a,
+        0x4c, 0x32, 0x0e, 0x8b, 0xa3, 0x41, 0xbe, 0xcb,
+        0xa3, 0xd5, 0xfb, 0x8d, 0xb6, 0x8a, 0x4e, 0x0b,
+        0x0b, 0xbd, 0x74, 0x33, 0xd2, 0xb6, 0x43, 0x20,
+        0x96, 0xf9, 0x46, 0x57, 0x66, 0x54, 0x94, 0xfa,
+        0x1c, 0x3a, 0xe4, 0xf7, 0x0a, 0x59, 0x37, 0x5f,
+        0x6a, 0xc2, 0xba, 0xea, 0xfd, 0xd4, 0xd7, 0x64,
+        0xee, 0x53, 0x40, 0xe9, 0x3c, 0x71, 0xbf, 0x93,
+        0x87, 0xf3, 0x53, 0x0c, 0x92, 0x0b, 0xbe, 0x4c,
+        0xde, 0x35, 0xd7, 0xb0, 0x60, 0xc6, 0x37, 0x1c,
+        0x4c, 0x08, 0x8f, 0xe1, 0x95, 0xba, 0xde, 0x42,
+        0x68, 0x6a, 0x76, 0x0b, 0x84, 0x14, 0xc6, 0x5e,
+        0xb1, 0xa1, 0x45, 0xa7, 0x31, 0x72, 0xfe, 0xaa,
+        0x43, 0x86, 0xa3, 0x31, 0x41, 0x68, 0x66, 0x41,
+        0x31, 0xe0, 0xa4, 0x63, 0x1d, 0x62, 0x57, 0x2c,
+        0x49, 0x9b, 0x9c, 0x32, 0x4a, 0x4f, 0x3c, 0xf3,
+        0xcf, 0x3c, 0xf3, 0xcf, 0x3c, 0xf3, 0xcf, 0x3c,
+        0xf3, 0xcf, 0x3c, 0xf3, 0xcf, 0x3c, 0xf3, 0xcf,
+        0x3c, 0xf3, 0xcf, 0x3c, 0xf3, 0xcf, 0x3c, 0xf3,
+        0xcf, 0x3c, 0xf3, 0xcf, 0x3c, 0xf3, 0xcf, 0x3c,
+        0xf3, 0xcf, 0x3c, 0xf3, 0xcf, 0x3c, 0xf3, 0xcf,
+        0x3c, 0xf3, 0xcf, 0x3c, 0xf3, 0xcf, 0x3c, 0xf3,
+        0xcf, 0x3c, 0xf3, 0xcf, 0x3c, 0xf3, 0xcf, 0x3c,
+        0xf3, 0xcf, 0x3c, 0xf3, 0xcf, 0x3d, 0x4c, 0x72,
+        0x7d, 0xc7, 0xa8, 0x07, 0x4f, 0xa4, 0x52, 0x1f,
+        0xb8, 0xa9, 0x89, 0x4c, 0x65, 0xd1, 0x8f, 0x3c,
+        0xf3, 0xcf, 0x3c, 0xf3, 0xcf, 0x3f, 0x1e, 0x31,
+        0x53, 0x77, 0x37, 0xaf, 0xe4, 0x43, 0x23, 0x34,
+        0xfc, 0x8e, 0xc2, 0xba, 0x32, 0x40, 0xb3, 0xe7,
+        0xab, 0x6d, 0xc3, 0xa0, 0x9e, 0xc7, 0x6c, 0x13,
+        0xe7, 0x77, 0xd5, 0x0a, 0x1a, 0x04, 0xb7, 0xd4,
+        0x13, 0xcd, 0x04, 0x39, 0x22, 0x67, 0xc4, 0x00,
+        0xe4, 0xd0, 0x1f, 0xf7, 0x9d, 0x2b, 0x73, 0xda,
+        0xee, 0x00, 0x1b, 0x9a, 0x5c, 0xb0, 0x4c, 0x90,
+        0x9b, 0x38, 0x41, 0xd3, 0x13, 0xd0, 0xfa, 0xec,
+        0x0f, 0x65, 0xe9, 0x02, 0x90, 0x39, 0xa8, 0xe4,
+        0xd4, 0x52, 0xa6, 0x1f, 0x7a, 0x54, 0x00, 0x19,
+        0x13, 0x94, 0xae, 0x7a, 0xf2, 0xa7, 0xce, 0xf5,
+        0x29, 0x78, 0x66, 0x1c, 0x03, 0x26, 0x65, 0xe8,
+        0x03, 0x8e, 0x97, 0x67, 0x20, 0x61, 0x4c, 0xbd,
+        0xa0, 0xb3, 0x88, 0x10, 0x8b, 0x74, 0x40, 0x8d,
+        0xc6, 0xe6, 0x26, 0x32, 0x0f, 0x01, 0x47, 0x35,
+        0xb3, 0x86, 0x87, 0xa9, 0x6d, 0xf8, 0xf8, 0x9f,
+        0xca, 0x30, 0x69, 0xf7, 0x5d, 0x89, 0x3f, 0xf5,
+        0x1d, 0xd5, 0x26, 0xd7, 0xef, 0x43, 0x26, 0x06,
+        0x26, 0x7b, 0xf0, 0xdd, 0x86, 0xa6, 0x58, 0x71,
+        0xd6, 0xcb, 0x45, 0xb4, 0x4f, 0x52, 0xd7, 0xf1,
+        0xae, 0x06, 0xad, 0xc7, 0x94, 0x17, 0xe8, 0x44,
+        0x59, 0x02, 0xe1, 0x22, 0x9e, 0x59, 0xa6, 0xcc,
+        0x3b, 0x20, 0x5b, 0x95, 0xf1, 0x34, 0x31, 0x52,
+        0x7e, 0x6d, 0xff, 0x4b, 0x45, 0x9a, 0xff, 0xba,
+        0x1a, 0x41, 0x48, 0x20, 0x49, 0xb8, 0x62, 0xef,
+        0x82, 0xca, 0x14, 0x7e, 0x14, 0xfa, 0x49, 0x3f,
+        0xfb, 0x5e, 0xb1, 0x60, 0x30, 0x94, 0x4c, 0xee,
+        0x4b, 0x78, 0xa2, 0x79, 0xb2, 0xa1, 0xbd, 0xb1,
+        0x94, 0x24, 0xd6, 0x9c, 0xf0, 0x41, 0x3b, 0xc6,
+        0xf2, 0x30, 0x8c, 0x8a, 0xdd, 0x2e, 0x44, 0x41,
+        0x7e, 0x92, 0x3b, 0x09, 0x2e, 0x19, 0x9d, 0xb3,
+        0xb8, 0xa6, 0x9f, 0x86, 0x7e, 0x88, 0x5d, 0xe0,
+        0x13, 0x7c, 0x89, 0xf6, 0x96, 0xb1, 0x66, 0x3f,
+        0xc2, 0x8f, 0x71, 0x43, 0x6a, 0xd5, 0x8c, 0x6e,
+        0xae, 0xdf, 0x80, 0xd6, 0x01, 0x7a, 0x50, 0xf6,
+        0x2b, 0x25, 0x0f, 0x8d, 0x84, 0x3b, 0xd5, 0xb5,
+        0x61, 0xb1, 0x61, 0x58, 0xff, 0x4c, 0xe8, 0x6a,
+        0xa4, 0xae, 0x2b, 0xf5, 0xfe, 0xee, 0xeb, 0xa6,
+        0xf2, 0xf3, 0xc5, 0xa1, 0x63, 0x92, 0xde, 0x67,
+        0x2f, 0x40, 0xfc, 0x3b, 0x36, 0x64, 0xcc, 0x7b,
+        0xe9, 0xd8, 0xf7, 0x5d, 0x40, 0x56, 0x10, 0xaf,
+        0xd4, 0x52, 0xe2, 0xa6, 0x7c, 0xe9, 0xe4, 0x4b,
+        0x0b, 0xbd, 0x74, 0x33, 0xd2, 0xb6, 0x43, 0xd6,
+        0x0a, 0xe0, 0x12, 0x21, 0xa7, 0xab, 0x45, 0x19,
+        0x6e, 0xae, 0x71, 0x83, 0x22, 0x1a, 0x0d, 0xde,
+        0xd5, 0xb6, 0x82, 0xd2, 0xd7, 0xd8, 0x14, 0x6d,
+        0xfa, 0xb4, 0xae, 0xee, 0x55, 0x43, 0xd2, 0x1e,
+        0x59, 0xe2, 0x01, 0xe0, 0xfa, 0x53, 0x43, 0x3b,
+        0x40, 0x17, 0x06, 0x6a, 0x5e, 0x5f, 0x42, 0xc2,
+        0x6a, 0x4e, 0x7c, 0x5a, 0x69, 0x41, 0x8b, 0x62,
+        0x76, 0xd4, 0x1b, 0x00, 0xbc, 0x24, 0x27, 0x71,
+        0xf8, 0xf3, 0xca, 0x57, 0x10, 0xb9, 0x32, 0x14,
+        0x9b, 0x92, 0x35, 0xdd, 0xb7, 0xb8, 0x2e, 0xd8,
+        0xb3, 0xe9, 0x62, 0x8e, 0xe2, 0x5e, 0x16, 0xd4,
+        0xed, 0xf4, 0xd3, 0xc1, 0xba, 0x5d, 0x49, 0xce,
+        0x78, 0x5c, 0xf5, 0xbb, 0xad, 0x61, 0x1f, 0x64,
+        0x52, 0x22, 0xb4, 0xa3, 0x07, 0x18, 0x3d, 0xd3,
+        0x9d, 0xec, 0xe6, 0x9e, 0xb5, 0xad, 0x0c, 0xd3,
+        0x3b, 0xb6, 0xeb, 0xcd, 0x9c, 0x69, 0x45, 0xf2,
+        0x07, 0x24, 0xe9, 0xd7, 0xe0, 0xe7, 0x62, 0xe5,
+        0x01, 0x34, 0x24, 0x4e, 0xf6, 0x32, 0xe8, 0x42,
+        0x97, 0x3e, 0x14, 0xaf, 0xbc, 0x26, 0xbd, 0x73,
+        0xc5, 0xde, 0x5a, 0x8e, 0x65, 0x61, 0x97, 0x81,
+        0x31, 0x52, 0xa3, 0xbd, 0x9b, 0x9e, 0xda, 0xdd,
+        0x37, 0x15, 0x30, 0xfb, 0x3b, 0x59, 0x0c, 0x91,
+        0x8b, 0x54, 0x49, 0x68, 0xc6, 0x41, 0x38, 0x77,
+        0x1c, 0x00, 0xb2, 0xc3, 0x37, 0xe2, 0x50, 0x67,
+        0xeb, 0x49, 0xa4, 0xde, 0x04, 0x1e, 0xf5, 0xcc,
+        0x49, 0x24, 0x5a, 0x8d, 0x94, 0x33, 0xbf, 0x55,
+        0xf8, 0x70, 0x7d, 0x1e, 0x5b, 0xe3, 0x74, 0x6b,
+        0x34, 0xb3, 0xf6, 0x8a, 0x47, 0xf9, 0x2f, 0xc9,
+        0xcb, 0x6a, 0x80, 0x89, 0xf2, 0x19, 0x24, 0x5b,
+        0xdf, 0x04, 0x9a, 0x53, 0x1c, 0x9f, 0x71, 0xea,
+        0x01, 0xd3, 0xe9, 0x14, 0x87, 0xee, 0x2a, 0x62,
+        0x53, 0x19, 0x74, 0x64, 0x19, 0x03, 0x00, 0xd6,
+        0xa1, 0xcb, 0xdf, 0x59, 0x77, 0x6b, 0xa9, 0x25,
+        0x32, 0xff, 0xe9, 0xa9, 0x41, 0x06, 0x0c, 0x06,
+        0xd4, 0xae, 0xfb, 0x58, 0x20, 0x2e, 0xe3, 0xe0,
+        0xce, 0x53, 0xea, 0x03, 0xcb, 0x3f, 0x64, 0xe9,
+        0xd9, 0xc1, 0x0e, 0xf8, 0xec, 0x97, 0xee, 0x05,
+        0x42, 0x41, 0x61, 0xcc, 0x75, 0x13, 0x8d, 0x88,
+        0x62, 0x84, 0xa1, 0x3c, 0xa3, 0x30, 0xce, 0x12,
+        0xf1, 0x84, 0xee, 0x26, 0x08, 0x04, 0xae, 0x67,
+        0x56, 0xa0, 0x84, 0x91, 0x8a, 0xbd, 0xc4, 0xba,
+        0x07, 0xb3, 0x06, 0xe7, 0xc8, 0x12, 0xae, 0x56,
+        0x46, 0xcd, 0x8d, 0x5c, 0x91, 0x05, 0x90, 0x11,
+        0x37, 0xef, 0xe0, 0x3e, 0xf3, 0xc6, 0x95, 0x13,
+        0xeb, 0x2f, 0xe4, 0x3e, 0xfc, 0xe4, 0xc0, 0x61,
+        0xfb, 0x1b, 0x74, 0x78, 0xe9, 0x6b, 0x7d, 0xe4,
+        0xa2, 0xc4, 0x6d, 0x26, 0x6d, 0xc0, 0x06, 0xba,
+        0x9f, 0x7e, 0x7d, 0x5e, 0x7f, 0xfa, 0x66, 0x08,
+        0xd9, 0x70, 0x39, 0x05, 0xfa, 0x10, 0xfd, 0x5f,
+        0xaa, 0xc4, 0x9d, 0x02, 0xd4, 0xf8, 0x0f, 0x3f,
+        0xd3, 0xbe, 0xaa, 0x86, 0x4a, 0x0f, 0x8e, 0x23,
+        0x02, 0xbf, 0x48, 0x26, 0x93, 0x5f, 0xc2, 0xc5,
+        0x05, 0xca, 0xa1, 0x6d, 0x96, 0xd1, 0x3a, 0x30,
+        0x66, 0xe1, 0x97, 0x1d, 0x4c, 0xb0, 0x93, 0xd7,
+        0x8d, 0x3c, 0xc0, 0xf9, 0x2b, 0x81, 0x0d, 0xd7,
+        0x68, 0x49, 0x18, 0xab, 0xdc, 0x4b, 0xa0, 0x7b,
+        0x30, 0x6e, 0x7c, 0x81, 0x2a, 0xe5, 0x64, 0x6c,
+        0xd8, 0xd5, 0xc9, 0x10, 0x59, 0x01, 0x13, 0x7e,
+        0xfe, 0x03, 0xef, 0x3c, 0x69, 0x51, 0x3e, 0xb2,
+        0xfe, 0x43, 0xef, 0xce, 0x4c, 0x06, 0x1f, 0xb1,
+        0xb7, 0x47, 0x8e, 0x96, 0xb7, 0xde, 0x4a, 0x2c,
+        0x46, 0xd2, 0x66, 0xdc, 0x00, 0x6b, 0xa9, 0xf7,
+        0xe7, 0xd5, 0xe7, 0xff, 0xa6, 0x60, 0x8d, 0x97,
+        0x03, 0x90, 0x5f, 0xa1, 0x0f, 0xd5, 0xfa, 0xac,
+        0x49, 0xd0, 0x2d, 0x4f, 0x80, 0xf3, 0xfd, 0x3b,
+        0xea, 0xa8, 0x64, 0xa0, 0xf8, 0xe2, 0x30, 0x2b,
+        0xf4, 0x80, 0x2c, 0x50, 0x5c, 0xaa, 0x16, 0xd9,
+        0x6d, 0x13, 0xa3, 0x06, 0x6e, 0x19, 0x71, 0xd4,
+        0xcb, 0x09, 0x3d, 0x78, 0xd3, 0xcc, 0x0f, 0x92,
+        0xb8, 0x10, 0xdd, 0x76, 0x88, 0x97, 0x1b, 0x7f,
+        0xf0, 0x5c, 0xfb, 0x97, 0x66, 0x3e, 0x7f, 0x66,
+        0xf9, 0xa4, 0xd5, 0x29, 0xb5, 0x54, 0x8a, 0xaa,
+        0xfc, 0xe2, 0xdb, 0xb7,
+    };
+    const char password[] = "password";
+    word32 passwordSz = (word32)XSTRLEN(password);
+
+    /* Decrypt the encrypted PKCS8 key we just made. */
+    ExpectIntEQ(wc_DecryptPKCS8Key(badPkcs5RsaEnc, sizeof(badPkcs5RsaEnc),
+        password, (int)passwordSz), ASN_PARSE_E);
+#endif
+    return EXPECT_RESULT();
+}
+
 static int test_wc_GetPkcs8TraditionalOffset(void)
 {
     EXPECT_DECLS;
@@ -47339,7 +36172,7 @@ static int test_sk_X509_CRL(void)
 #endif
     WOLFSSL_X509_REVOKED revoked;
     WOLFSSL_ASN1_INTEGER* asnInt = NULL;
-    const WOLFSSL_ASN1_INTEGER* sn;
+    const WOLFSSL_ASN1_INTEGER* sn = NULL;
 
 #if (!defined(NO_FILESYSTEM) && !defined(NO_STDIO_FILESYSTEM)) || \
     !defined(NO_BIO)
@@ -48861,7 +37694,11 @@ static int test_RsaSigFailure_cm(void)
 {
     EXPECT_DECLS;
 #ifndef NO_RSA
+#ifdef WOLFSSL_PEM_TO_DER
     const char* ca_cert = "./certs/ca-cert.pem";
+#else
+    const char* ca_cert = "./certs/ca-cert.der";
+#endif
     const char* server_cert = "./certs/server-cert.der";
     byte* cert_buf = NULL;
     size_t cert_sz = 0;
@@ -48897,7 +37734,11 @@ static int test_EccSigFailure_cm(void)
     EXPECT_DECLS;
 #ifdef HAVE_ECC
     /* self-signed ECC cert, so use server cert as CA */
+#ifdef WOLFSSL_PEM_TO_DER
     const char* ca_cert = "./certs/ca-ecc-cert.pem";
+#else
+    const char* ca_cert = "./certs/ca-ecc-cert.der";
+#endif
     const char* server_cert = "./certs/server-ecc.der";
     byte* cert_buf = NULL;
     size_t cert_sz = 0;
@@ -48936,958 +37777,6 @@ static int test_EccSigFailure_cm(void)
 #endif /* !NO_RSA || HAVE_ECC */
 #endif /* NO_CERTS */
 
-#ifdef WOLFSSL_TLS13
-#if defined(WOLFSSL_SEND_HRR_COOKIE) && !defined(NO_WOLFSSL_SERVER)
-#ifdef WC_SHA384_DIGEST_SIZE
-    static byte fixedKey[WC_SHA384_DIGEST_SIZE] = { 0, };
-#else
-    static byte fixedKey[WC_SHA256_DIGEST_SIZE] = { 0, };
-#endif
-#endif
-#ifdef WOLFSSL_EARLY_DATA
-static const char earlyData[] = "Early Data";
-static       char earlyDataBuffer[1];
-#endif
-
-static int test_tls13_apis(void)
-{
-    EXPECT_DECLS;
-#if defined(HAVE_SUPPORTED_CURVES) && defined(HAVE_ECC) && \
-    (!defined(NO_WOLFSSL_SERVER) || !defined(NO_WOLFSSL_CLIENT))
-    int          ret;
-#endif
-#ifndef WOLFSSL_NO_TLS12
-#ifndef NO_WOLFSSL_CLIENT
-    WOLFSSL_CTX* clientTls12Ctx = NULL;
-    WOLFSSL*     clientTls12Ssl = NULL;
-#endif
-#ifndef NO_WOLFSSL_SERVER
-    WOLFSSL_CTX* serverTls12Ctx = NULL;
-    WOLFSSL*     serverTls12Ssl = NULL;
-#endif
-#endif
-#ifndef NO_WOLFSSL_CLIENT
-    WOLFSSL_CTX* clientCtx = NULL;
-    WOLFSSL*     clientSsl = NULL;
-#endif
-#ifndef NO_WOLFSSL_SERVER
-    WOLFSSL_CTX* serverCtx = NULL;
-    WOLFSSL*     serverSsl = NULL;
-#if !defined(NO_CERTS) && !defined(NO_FILESYSTEM)
-#ifndef NO_RSA
-    const char*  ourCert = svrCertFile;
-    const char*  ourKey  = svrKeyFile;
-#elif defined(HAVE_ECC)
-    const char*  ourCert = eccCertFile;
-    const char*  ourKey  = eccKeyFile;
-#elif defined(HAVE_ED25519)
-    const char*  ourCert = edCertFile;
-    const char*  ourKey  = edKeyFile;
-#elif defined(HAVE_ED448)
-    const char*  ourCert = ed448CertFile;
-    const char*  ourKey  = ed448KeyFile;
-#endif
-#endif
-#endif
-    int          required;
-#ifdef WOLFSSL_EARLY_DATA
-    int          outSz;
-#endif
-#if defined(HAVE_ECC) && defined(HAVE_SUPPORTED_CURVES)
-    int          groups[2] = { WOLFSSL_ECC_SECP256R1,
-#ifdef WOLFSSL_HAVE_MLKEM
-#ifdef WOLFSSL_MLKEM_KYBER
-    #ifndef WOLFSSL_NO_KYBER512
-                               WOLFSSL_KYBER_LEVEL1
-    #elif !defined(WOLFSSL_NO_KYBER768)
-                               WOLFSSL_KYBER_LEVEL3
-    #else
-                               WOLFSSL_KYBER_LEVEL5
-    #endif
-#else
-    #ifndef WOLFSSL_NO_ML_KEM_512
-                               WOLFSSL_ML_KEM_512
-    #elif !defined(WOLFSSL_NO_ML_KEM_768)
-                               WOLFSSL_ML_KEM_768
-    #else
-                               WOLFSSL_ML_KEM_1024
-    #endif
-#endif
-#else
-                               WOLFSSL_ECC_SECP256R1
-#endif
-                             };
-#if !defined(NO_WOLFSSL_SERVER) || !defined(NO_WOLFSSL_CLIENT)
-    int          bad_groups[2] = { 0xDEAD, 0xBEEF };
-#endif /* !NO_WOLFSSL_SERVER || !NO_WOLFSSL_CLIENT */
-    int          numGroups = 2;
-#endif
-#if defined(OPENSSL_EXTRA) && defined(HAVE_ECC)
-    char         groupList[] =
-#ifdef HAVE_CURVE25519
-            "X25519:"
-#endif
-#ifdef HAVE_CURVE448
-            "X448:"
-#endif
-#ifndef NO_ECC_SECP
-#if (defined(HAVE_ECC521) || defined(HAVE_ALL_CURVES)) && ECC_MIN_KEY_SZ <= 521
-            "P-521:secp521r1:"
-#endif
-#if (defined(HAVE_ECC384) || defined(HAVE_ALL_CURVES)) && ECC_MIN_KEY_SZ <= 384
-            "P-384:secp384r1:"
-#endif
-#if (!defined(NO_ECC256)  || defined(HAVE_ALL_CURVES)) && ECC_MIN_KEY_SZ <= 256
-            "P-256:secp256r1"
-#if defined(WOLFSSL_HAVE_MLKEM) && !defined(WOLFSSL_MLKEM_NO_MALLOC) && \
-    !defined(WOLFSSL_MLKEM_NO_MAKE_KEY) && \
-    !defined(WOLFSSL_MLKEM_NO_ENCAPSULATE) && \
-    !defined(WOLFSSL_MLKEM_NO_DECAPSULATE)
-#ifdef WOLFSSL_MLKEM_KYBER
-    #ifndef WOLFSSL_NO_KYBER512
-            ":P256_KYBER_LEVEL1"
-    #elif !defined(WOLFSSL_NO_KYBER768)
-            ":P256_KYBER_LEVEL3"
-    #else
-            ":P256_KYBER_LEVEL5"
-    #endif
-#else
-    #ifndef WOLFSSL_NO_KYBER512
-            ":P256_ML_KEM_512"
-    #elif !defined(WOLFSSL_NO_KYBER768)
-            ":P256_ML_KEM_768"
-    #else
-            ":P256_ML_KEM_1024"
-    #endif
-#endif
-#endif
-#endif
-#endif /* !defined(NO_ECC_SECP) */
-#if defined(WOLFSSL_HAVE_MLKEM) && !defined(WOLFSSL_MLKEM_NO_MALLOC) && \
-    !defined(WOLFSSL_MLKEM_NO_MAKE_KEY) && \
-    !defined(WOLFSSL_MLKEM_NO_ENCAPSULATE) && \
-    !defined(WOLFSSL_MLKEM_NO_DECAPSULATE)
-#ifdef WOLFSSL_MLKEM_KYBER
-    #ifndef WOLFSSL_NO_KYBER512
-            ":KYBER_LEVEL1"
-    #elif !defined(WOLFSSL_NO_KYBER768)
-            ":KYBER_LEVEL3"
-    #else
-            ":KYBER_LEVEL5"
-    #endif
-#else
-    #ifndef WOLFSSL_NO_KYBER512
-            ":ML_KEM_512"
-    #elif !defined(WOLFSSL_NO_KYBER768)
-            ":ML_KEM_768"
-    #else
-            ":ML_KEM_1024"
-    #endif
-#endif
-#endif
-            "";
-#endif /* defined(OPENSSL_EXTRA) && defined(HAVE_ECC) */
-#if defined(WOLFSSL_HAVE_MLKEM) && !defined(WOLFSSL_MLKEM_NO_MALLOC) && \
-    !defined(WOLFSSL_MLKEM_NO_MAKE_KEY) && \
-    !defined(WOLFSSL_MLKEM_NO_ENCAPSULATE) && \
-    !defined(WOLFSSL_MLKEM_NO_DECAPSULATE)
-    int mlkemLevel;
-#endif
-
-#ifndef WOLFSSL_NO_TLS12
-#ifndef NO_WOLFSSL_CLIENT
-    clientTls12Ctx = wolfSSL_CTX_new(wolfTLSv1_2_client_method());
-    clientTls12Ssl = wolfSSL_new(clientTls12Ctx);
-#endif
-#ifndef NO_WOLFSSL_SERVER
-    serverTls12Ctx = wolfSSL_CTX_new(wolfTLSv1_2_server_method());
-#if !defined(NO_CERTS)
-    #if !defined(NO_FILESYSTEM)
-    wolfSSL_CTX_use_certificate_chain_file(serverTls12Ctx, ourCert);
-    wolfSSL_CTX_use_PrivateKey_file(serverTls12Ctx, ourKey,
-        WOLFSSL_FILETYPE_PEM);
-    #elif defined(USE_CERT_BUFFERS_2048)
-    wolfSSL_CTX_use_certificate_chain_buffer_format(serverTls12Ctx,
-        server_cert_der_2048, sizeof_server_cert_der_2048,
-        WOLFSSL_FILETYPE_ASN1);
-    wolfSSL_CTX_use_PrivateKey_buffer(serverTls12Ctx, server_key_der_2048,
-        sizeof_server_key_der_2048, WOLFSSL_FILETYPE_ASN1);
-    #elif defined(USE_CERT_BUFFERS_256)
-    wolfSSL_CTX_use_certificate_chain_buffer_format(serverTls12Ctx,
-        serv_ecc_der_256, sizeof_serv_ecc_der_256, WOLFSSL_FILETYPE_ASN1);
-    wolfSSL_CTX_use_PrivateKey_buffer(serverTls12Ctx, ecc_key_der_256,
-        sizeof_ecc_key_der_256, WOLFSSL_FILETYPE_ASN1);
-    #endif
-#endif
-    serverTls12Ssl = wolfSSL_new(serverTls12Ctx);
-#endif
-#endif
-
-#ifndef NO_WOLFSSL_CLIENT
-    clientCtx = wolfSSL_CTX_new(wolfTLSv1_3_client_method());
-    clientSsl = wolfSSL_new(clientCtx);
-#endif
-#ifndef NO_WOLFSSL_SERVER
-    serverCtx = wolfSSL_CTX_new(wolfTLSv1_3_server_method());
-#if !defined(NO_CERTS)
-    /* ignore load failures, since we just need the server to have a cert set */
-    #if !defined(NO_FILESYSTEM)
-    wolfSSL_CTX_use_certificate_chain_file(serverCtx, ourCert);
-    wolfSSL_CTX_use_PrivateKey_file(serverCtx, ourKey, WOLFSSL_FILETYPE_PEM);
-    #elif defined(USE_CERT_BUFFERS_2048)
-    wolfSSL_CTX_use_certificate_chain_buffer_format(serverCtx,
-        server_cert_der_2048, sizeof_server_cert_der_2048,
-        WOLFSSL_FILETYPE_ASN1);
-    wolfSSL_CTX_use_PrivateKey_buffer(serverCtx, server_key_der_2048,
-        sizeof_server_key_der_2048, WOLFSSL_FILETYPE_ASN1);
-    #elif defined(USE_CERT_BUFFERS_256)
-    wolfSSL_CTX_use_certificate_chain_buffer_format(serverCtx, serv_ecc_der_256,
-        sizeof_serv_ecc_der_256, WOLFSSL_FILETYPE_ASN1);
-    wolfSSL_CTX_use_PrivateKey_buffer(serverCtx, ecc_key_der_256,
-        sizeof_ecc_key_der_256, WOLFSSL_FILETYPE_ASN1);
-    #endif
-#endif
-    serverSsl = wolfSSL_new(serverCtx);
-    ExpectNotNull(serverSsl);
-#endif
-
-#ifdef WOLFSSL_SEND_HRR_COOKIE
-    ExpectIntEQ(wolfSSL_send_hrr_cookie(NULL, NULL, 0), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
-#ifndef NO_WOLFSSL_CLIENT
-    ExpectIntEQ(wolfSSL_send_hrr_cookie(clientSsl, NULL, 0), WC_NO_ERR_TRACE(SIDE_ERROR));
-#endif
-#ifndef NO_WOLFSSL_SERVER
-#ifndef WOLFSSL_NO_TLS12
-    ExpectIntEQ(wolfSSL_send_hrr_cookie(serverTls12Ssl, NULL, 0),
-        WC_NO_ERR_TRACE(BAD_FUNC_ARG));
-#endif
-
-    ExpectIntEQ(wolfSSL_send_hrr_cookie(serverSsl, NULL, 0), WOLFSSL_SUCCESS);
-    ExpectIntEQ(wolfSSL_send_hrr_cookie(serverSsl, fixedKey, sizeof(fixedKey)),
-        WOLFSSL_SUCCESS);
-#endif
-#endif
-
-#ifdef HAVE_SUPPORTED_CURVES
-#ifdef HAVE_ECC
-    ExpectIntEQ(wolfSSL_UseKeyShare(NULL, WOLFSSL_ECC_SECP256R1),
-        WC_NO_ERR_TRACE(BAD_FUNC_ARG));
-#ifndef NO_WOLFSSL_SERVER
-    do {
-        ret = wolfSSL_UseKeyShare(serverSsl, WOLFSSL_ECC_SECP256R1);
-    #ifdef WOLFSSL_ASYNC_CRYPT
-        if (ret == WC_NO_ERR_TRACE(WC_PENDING_E))
-            wolfSSL_AsyncPoll(serverSsl, WOLF_POLL_FLAG_CHECK_HW);
-    #endif
-    }
-    while (ret == WC_NO_ERR_TRACE(WC_PENDING_E));
-    ExpectIntEQ(ret, WOLFSSL_SUCCESS);
-#endif
-#ifndef NO_WOLFSSL_CLIENT
-#ifndef WOLFSSL_NO_TLS12
-    do {
-        ret = wolfSSL_UseKeyShare(clientTls12Ssl, WOLFSSL_ECC_SECP256R1);
-    #ifdef WOLFSSL_ASYNC_CRYPT
-        if (ret == WC_NO_ERR_TRACE(WC_PENDING_E))
-            wolfSSL_AsyncPoll(clientTls12Ssl, WOLF_POLL_FLAG_CHECK_HW);
-    #endif
-    }
-    while (ret == WC_NO_ERR_TRACE(WC_PENDING_E));
-    ExpectIntEQ(ret, WOLFSSL_SUCCESS);
-#endif
-    do {
-        ret = wolfSSL_UseKeyShare(clientSsl, WOLFSSL_ECC_SECP256R1);
-    #ifdef WOLFSSL_ASYNC_CRYPT
-        if (ret == WC_NO_ERR_TRACE(WC_PENDING_E))
-            wolfSSL_AsyncPoll(clientSsl, WOLF_POLL_FLAG_CHECK_HW);
-    #endif
-    }
-    while (ret == WC_NO_ERR_TRACE(WC_PENDING_E));
-    ExpectIntEQ(ret, WOLFSSL_SUCCESS);
-#endif
-#elif defined(HAVE_CURVE25519)
-    ExpectIntEQ(wolfSSL_UseKeyShare(NULL, WOLFSSL_ECC_X25519), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
-#ifndef NO_WOLFSSL_SERVER
-    ExpectIntEQ(wolfSSL_UseKeyShare(serverSsl, WOLFSSL_ECC_X25519),
-        WOLFSSL_SUCCESS);
-#endif
-#ifndef NO_WOLFSSL_CLIENT
-#ifndef WOLFSSL_NO_TLS12
-    ExpectIntEQ(wolfSSL_UseKeyShare(clientTls12Ssl, WOLFSSL_ECC_X25519),
-        WOLFSSL_SUCCESS);
-#endif
-    ExpectIntEQ(wolfSSL_UseKeyShare(clientSsl, WOLFSSL_ECC_X25519),
-        WOLFSSL_SUCCESS);
-#endif
-#elif defined(HAVE_CURVE448)
-    ExpectIntEQ(wolfSSL_UseKeyShare(NULL, WOLFSSL_ECC_X448), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
-#ifndef NO_WOLFSSL_SERVER
-    ExpectIntEQ(wolfSSL_UseKeyShare(serverSsl, WOLFSSL_ECC_X448),
-        WOLFSSL_SUCCESS);
-#endif
-#ifndef NO_WOLFSSL_CLIENT
-#ifndef WOLFSSL_NO_TLS12
-    ExpectIntEQ(wolfSSL_UseKeyShare(clientTls12Ssl, WOLFSSL_ECC_X448),
-        WOLFSSL_SUCCESS);
-#endif
-    ExpectIntEQ(wolfSSL_UseKeyShare(clientSsl, WOLFSSL_ECC_X448),
-        WOLFSSL_SUCCESS);
-#endif
-#else
-    ExpectIntEQ(wolfSSL_UseKeyShare(NULL, WOLFSSL_ECC_SECP256R1),
-        WC_NO_ERR_TRACE(BAD_FUNC_ARG));
-#ifndef NO_WOLFSSL_CLIENT
-#ifndef WOLFSSL_NO_TLS12
-    ExpectIntEQ(wolfSSL_UseKeyShare(clientTls12Ssl, WOLFSSL_ECC_SECP256R1),
-        WC_NO_ERR_TRACE(NOT_COMPILED_IN));
-#endif
-    ExpectIntEQ(wolfSSL_UseKeyShare(clientSsl, WOLFSSL_ECC_SECP256R1),
-        WC_NO_ERR_TRACE(NOT_COMPILED_IN));
-#endif
-#endif
-
-#if defined(WOLFSSL_HAVE_MLKEM) && !defined(WOLFSSL_MLKEM_NO_MALLOC) && \
-    !defined(WOLFSSL_MLKEM_NO_MAKE_KEY) && \
-    !defined(WOLFSSL_MLKEM_NO_ENCAPSULATE) && \
-    !defined(WOLFSSL_MLKEM_NO_DECAPSULATE)
-#ifndef WOLFSSL_NO_ML_KEM
-#ifndef WOLFSSL_NO_ML_KEM_768
-    mlkemLevel = WOLFSSL_ML_KEM_768;
-#elif !defined(WOLFSSL_NO_ML_KEM_1024)
-    mlkemLevel = WOLFSSL_ML_KEM_1024;
-#else
-    mlkemLevel = WOLFSSL_ML_KEM_512;
-#endif
-#else
-#ifndef WOLFSSL_NO_KYBER768
-    mlkemLevel = WOLFSSL_KYBER_LEVEL3;
-#elif !defined(WOLFSSL_NO_KYBER1024)
-    mlkemLevel = WOLFSSL_KYBER_LEVEL5;
-#else
-    mlkemLevel = WOLFSSL_KYBER_LEVEL1;
-#endif
-#endif
-    ExpectIntEQ(wolfSSL_UseKeyShare(NULL, mlkemLevel),
-        WC_NO_ERR_TRACE(BAD_FUNC_ARG));
-#ifndef NO_WOLFSSL_SERVER
-    ExpectIntEQ(wolfSSL_UseKeyShare(serverSsl, mlkemLevel),
-        WOLFSSL_SUCCESS);
-#endif
-#ifndef NO_WOLFSSL_CLIENT
-#ifndef WOLFSSL_NO_TLS12
-    ExpectIntEQ(wolfSSL_UseKeyShare(clientTls12Ssl, mlkemLevel),
-        WC_NO_ERR_TRACE(BAD_FUNC_ARG));
-#endif
-    ExpectIntEQ(wolfSSL_UseKeyShare(clientSsl, mlkemLevel),
-        WOLFSSL_SUCCESS);
-#endif
-#endif
-
-    ExpectIntEQ(wolfSSL_NoKeyShares(NULL), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
-#ifndef NO_WOLFSSL_SERVER
-    ExpectIntEQ(wolfSSL_NoKeyShares(serverSsl), WC_NO_ERR_TRACE(SIDE_ERROR));
-#endif
-#ifndef NO_WOLFSSL_CLIENT
-#ifndef WOLFSSL_NO_TLS12
-    ExpectIntEQ(wolfSSL_NoKeyShares(clientTls12Ssl), WOLFSSL_SUCCESS);
-#endif
-    ExpectIntEQ(wolfSSL_NoKeyShares(clientSsl), WOLFSSL_SUCCESS);
-#endif
-#endif /* HAVE_SUPPORTED_CURVES */
-
-    ExpectIntEQ(wolfSSL_CTX_no_ticket_TLSv13(NULL), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
-#ifndef NO_WOLFSSL_CLIENT
-    ExpectIntEQ(wolfSSL_CTX_no_ticket_TLSv13(clientCtx), WC_NO_ERR_TRACE(SIDE_ERROR));
-#endif
-#ifndef NO_WOLFSSL_SERVER
-#ifndef WOLFSSL_NO_TLS12
-    ExpectIntEQ(wolfSSL_CTX_no_ticket_TLSv13(serverTls12Ctx), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
-#endif
-    ExpectIntEQ(wolfSSL_CTX_no_ticket_TLSv13(serverCtx), 0);
-#endif
-
-    ExpectIntEQ(wolfSSL_no_ticket_TLSv13(NULL), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
-#ifndef NO_WOLFSSL_CLIENT
-    ExpectIntEQ(wolfSSL_no_ticket_TLSv13(clientSsl), WC_NO_ERR_TRACE(SIDE_ERROR));
-#endif
-#ifndef NO_WOLFSSL_SERVER
-#ifndef WOLFSSL_NO_TLS12
-    ExpectIntEQ(wolfSSL_no_ticket_TLSv13(serverTls12Ssl), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
-#endif
-    ExpectIntEQ(wolfSSL_no_ticket_TLSv13(serverSsl), 0);
-#endif
-
-    ExpectIntEQ(wolfSSL_CTX_no_dhe_psk(NULL), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
-#ifndef NO_WOLFSSL_CLIENT
-#ifndef WOLFSSL_NO_TLS12
-    ExpectIntEQ(wolfSSL_CTX_no_dhe_psk(clientTls12Ctx), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
-#endif
-    ExpectIntEQ(wolfSSL_CTX_no_dhe_psk(clientCtx), 0);
-#endif
-#ifndef NO_WOLFSSL_SERVER
-    ExpectIntEQ(wolfSSL_CTX_no_dhe_psk(serverCtx), 0);
-#endif
-
-    ExpectIntEQ(wolfSSL_no_dhe_psk(NULL), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
-#ifndef NO_WOLFSSL_CLIENT
-#ifndef WOLFSSL_NO_TLS12
-    ExpectIntEQ(wolfSSL_no_dhe_psk(clientTls12Ssl), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
-#endif
-    ExpectIntEQ(wolfSSL_no_dhe_psk(clientSsl), 0);
-#endif
-#ifndef NO_WOLFSSL_SERVER
-    ExpectIntEQ(wolfSSL_no_dhe_psk(serverSsl), 0);
-#endif
-
-    ExpectIntEQ(wolfSSL_update_keys(NULL), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
-#ifndef NO_WOLFSSL_CLIENT
-#ifndef WOLFSSL_NO_TLS12
-    ExpectIntEQ(wolfSSL_update_keys(clientTls12Ssl), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
-#endif
-    ExpectIntEQ(wolfSSL_update_keys(clientSsl), WC_NO_ERR_TRACE(BUILD_MSG_ERROR));
-#endif
-#ifndef NO_WOLFSSL_SERVER
-    ExpectIntEQ(wolfSSL_update_keys(serverSsl), WC_NO_ERR_TRACE(BUILD_MSG_ERROR));
-#endif
-
-    ExpectIntEQ(wolfSSL_key_update_response(NULL, NULL), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
-    ExpectIntEQ(wolfSSL_key_update_response(NULL, &required), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
-#ifndef NO_WOLFSSL_CLIENT
-#ifndef WOLFSSL_NO_TLS12
-    ExpectIntEQ(wolfSSL_key_update_response(clientTls12Ssl, &required),
-        WC_NO_ERR_TRACE(BAD_FUNC_ARG));
-#endif
-    ExpectIntEQ(wolfSSL_key_update_response(clientSsl, NULL), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
-#endif
-#ifndef NO_WOLFSSL_SERVER
-    ExpectIntEQ(wolfSSL_key_update_response(serverSsl, NULL), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
-#endif
-
-#if !defined(NO_CERTS) && defined(WOLFSSL_POST_HANDSHAKE_AUTH)
-    ExpectIntEQ(wolfSSL_CTX_allow_post_handshake_auth(NULL), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
-#ifndef NO_WOLFSSL_SERVER
-    ExpectIntEQ(wolfSSL_CTX_allow_post_handshake_auth(serverCtx), WC_NO_ERR_TRACE(SIDE_ERROR));
-#endif
-#ifndef NO_WOLFSSL_CLIENT
-#ifndef WOLFSSL_NO_TLS12
-    ExpectIntEQ(wolfSSL_CTX_allow_post_handshake_auth(clientTls12Ctx),
-        WC_NO_ERR_TRACE(BAD_FUNC_ARG));
-#endif
-    ExpectIntEQ(wolfSSL_CTX_allow_post_handshake_auth(clientCtx), 0);
-#endif
-
-    ExpectIntEQ(wolfSSL_allow_post_handshake_auth(NULL), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
-#ifndef NO_WOLFSSL_SERVER
-    ExpectIntEQ(wolfSSL_allow_post_handshake_auth(serverSsl), WC_NO_ERR_TRACE(SIDE_ERROR));
-#endif
-#ifndef NO_WOLFSSL_CLIENT
-#ifndef WOLFSSL_NO_TLS12
-    ExpectIntEQ(wolfSSL_allow_post_handshake_auth(clientTls12Ssl),
-        WC_NO_ERR_TRACE(BAD_FUNC_ARG));
-#endif
-    ExpectIntEQ(wolfSSL_allow_post_handshake_auth(clientSsl), 0);
-#endif
-
-    ExpectIntEQ(wolfSSL_request_certificate(NULL), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
-#ifndef NO_WOLFSSL_CLIENT
-    ExpectIntEQ(wolfSSL_request_certificate(clientSsl), WC_NO_ERR_TRACE(SIDE_ERROR));
-#endif
-#ifndef NO_WOLFSSL_SERVER
-#ifndef WOLFSSL_NO_TLS12
-    ExpectIntEQ(wolfSSL_request_certificate(serverTls12Ssl),
-        WC_NO_ERR_TRACE(BAD_FUNC_ARG));
-#endif
-    ExpectIntEQ(wolfSSL_request_certificate(serverSsl), WC_NO_ERR_TRACE(NOT_READY_ERROR));
-#endif
-#endif
-
-#ifdef HAVE_ECC
-#ifndef WOLFSSL_NO_SERVER_GROUPS_EXT
-    ExpectIntEQ(wolfSSL_preferred_group(NULL), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
-#ifndef NO_WOLFSSL_SERVER
-    ExpectIntEQ(wolfSSL_preferred_group(serverSsl), WC_NO_ERR_TRACE(SIDE_ERROR));
-#endif
-#ifndef NO_WOLFSSL_CLIENT
-#ifndef WOLFSSL_NO_TLS12
-    ExpectIntEQ(wolfSSL_preferred_group(clientTls12Ssl), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
-#endif
-    ExpectIntEQ(wolfSSL_preferred_group(clientSsl), WC_NO_ERR_TRACE(NOT_READY_ERROR));
-#endif
-#endif
-
-#ifdef HAVE_SUPPORTED_CURVES
-    ExpectIntEQ(wolfSSL_CTX_set_groups(NULL, NULL, 0), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
-#ifndef NO_WOLFSSL_CLIENT
-    ExpectIntEQ(wolfSSL_CTX_set_groups(clientCtx, NULL, 0), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
-#endif
-    ExpectIntEQ(wolfSSL_CTX_set_groups(NULL, groups, numGroups), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
-#ifndef NO_WOLFSSL_CLIENT
-#ifndef WOLFSSL_NO_TLS12
-    ExpectIntEQ(wolfSSL_CTX_set_groups(clientTls12Ctx, groups, numGroups),
-        WOLFSSL_SUCCESS);
-#endif
-    ExpectIntEQ(wolfSSL_CTX_set_groups(clientCtx, groups,
-        WOLFSSL_MAX_GROUP_COUNT + 1), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
-    ExpectIntEQ(wolfSSL_CTX_set_groups(clientCtx, groups, numGroups),
-        WOLFSSL_SUCCESS);
-    ExpectIntEQ(wolfSSL_CTX_set_groups(clientCtx, bad_groups, numGroups),
-        WC_NO_ERR_TRACE(BAD_FUNC_ARG));
-#endif
-#ifndef NO_WOLFSSL_SERVER
-    ExpectIntEQ(wolfSSL_CTX_set_groups(serverCtx, groups, numGroups),
-        WOLFSSL_SUCCESS);
-    ExpectIntEQ(wolfSSL_CTX_set_groups(serverCtx, bad_groups, numGroups),
-        WC_NO_ERR_TRACE(BAD_FUNC_ARG));
-#endif
-
-    ExpectIntEQ(wolfSSL_set_groups(NULL, NULL, 0), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
-#ifndef NO_WOLFSSL_CLIENT
-    ExpectIntEQ(wolfSSL_set_groups(clientSsl, NULL, 0), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
-#endif
-    ExpectIntEQ(wolfSSL_set_groups(NULL, groups, numGroups), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
-#ifndef NO_WOLFSSL_CLIENT
-#ifndef WOLFSSL_NO_TLS12
-    ExpectIntEQ(wolfSSL_set_groups(clientTls12Ssl, groups, numGroups),
-        WOLFSSL_SUCCESS);
-#endif
-    ExpectIntEQ(wolfSSL_set_groups(clientSsl, groups,
-        WOLFSSL_MAX_GROUP_COUNT + 1), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
-    ExpectIntEQ(wolfSSL_set_groups(clientSsl, groups, numGroups),
-        WOLFSSL_SUCCESS);
-    ExpectIntEQ(wolfSSL_set_groups(clientSsl, bad_groups, numGroups),
-        WC_NO_ERR_TRACE(BAD_FUNC_ARG));
-#endif
-#ifndef NO_WOLFSSL_SERVER
-    ExpectIntEQ(wolfSSL_set_groups(serverSsl, groups, numGroups),
-        WOLFSSL_SUCCESS);
-    ExpectIntEQ(wolfSSL_set_groups(serverSsl, bad_groups, numGroups),
-        WC_NO_ERR_TRACE(BAD_FUNC_ARG));
-#endif
-
-#ifdef OPENSSL_EXTRA
-    ExpectIntEQ(wolfSSL_CTX_set1_groups_list(NULL, NULL), WC_NO_ERR_TRACE(WOLFSSL_FAILURE));
-#ifndef NO_WOLFSSL_CLIENT
-    ExpectIntEQ(wolfSSL_CTX_set1_groups_list(clientCtx, NULL),
-        WC_NO_ERR_TRACE(WOLFSSL_FAILURE));
-#endif
-    ExpectIntEQ(wolfSSL_CTX_set1_groups_list(NULL, groupList),
-        WC_NO_ERR_TRACE(WOLFSSL_FAILURE));
-#ifndef NO_WOLFSSL_CLIENT
-#ifndef WOLFSSL_NO_TLS12
-    ExpectIntEQ(wolfSSL_CTX_set1_groups_list(clientTls12Ctx, groupList),
-        WOLFSSL_SUCCESS);
-#endif
-    ExpectIntEQ(wolfSSL_CTX_set1_groups_list(clientCtx, groupList),
-        WOLFSSL_SUCCESS);
-#endif
-#ifndef NO_WOLFSSL_SERVER
-    ExpectIntEQ(wolfSSL_CTX_set1_groups_list(serverCtx, groupList),
-        WOLFSSL_SUCCESS);
-#endif
-
-    ExpectIntEQ(wolfSSL_set1_groups_list(NULL, NULL), WC_NO_ERR_TRACE(WOLFSSL_FAILURE));
-#ifndef NO_WOLFSSL_CLIENT
-    ExpectIntEQ(wolfSSL_set1_groups_list(clientSsl, NULL), WC_NO_ERR_TRACE(WOLFSSL_FAILURE));
-#endif
-    ExpectIntEQ(wolfSSL_set1_groups_list(NULL, groupList), WC_NO_ERR_TRACE(WOLFSSL_FAILURE));
-#ifndef NO_WOLFSSL_CLIENT
-#ifndef WOLFSSL_NO_TLS12
-    ExpectIntEQ(wolfSSL_set1_groups_list(clientTls12Ssl, groupList),
-        WOLFSSL_SUCCESS);
-#endif
-    ExpectIntEQ(wolfSSL_set1_groups_list(clientSsl, groupList),
-        WOLFSSL_SUCCESS);
-#endif
-#ifndef NO_WOLFSSL_SERVER
-    ExpectIntEQ(wolfSSL_set1_groups_list(serverSsl, groupList),
-        WOLFSSL_SUCCESS);
-#endif
-#endif /* OPENSSL_EXTRA */
-#endif /* HAVE_SUPPORTED_CURVES */
-#endif /* HAVE_ECC */
-
-#ifdef WOLFSSL_EARLY_DATA
-#ifndef OPENSSL_EXTRA
-    ExpectIntEQ(wolfSSL_CTX_set_max_early_data(NULL, 0), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
-    ExpectIntEQ(wolfSSL_CTX_get_max_early_data(NULL), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
-#else
-    ExpectIntEQ(SSL_CTX_set_max_early_data(NULL, 0), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
-    ExpectIntEQ(SSL_CTX_get_max_early_data(NULL), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
-#endif
-#ifndef NO_WOLFSSL_CLIENT
-#ifndef OPENSSL_EXTRA
-    ExpectIntEQ(wolfSSL_CTX_set_max_early_data(clientCtx, 0), WC_NO_ERR_TRACE(SIDE_ERROR));
-    ExpectIntEQ(wolfSSL_CTX_get_max_early_data(clientCtx), WC_NO_ERR_TRACE(SIDE_ERROR));
-#else
-    ExpectIntEQ(SSL_CTX_set_max_early_data(clientCtx, 0), WC_NO_ERR_TRACE(SIDE_ERROR));
-    ExpectIntEQ(SSL_CTX_get_max_early_data(clientCtx), WC_NO_ERR_TRACE(SIDE_ERROR));
-#endif
-#endif
-#ifndef NO_WOLFSSL_SERVER
-#ifndef WOLFSSL_NO_TLS12
-#ifndef OPENSSL_EXTRA
-    ExpectIntEQ(wolfSSL_CTX_set_max_early_data(serverTls12Ctx, 0),
-        WC_NO_ERR_TRACE(BAD_FUNC_ARG));
-    ExpectIntEQ(wolfSSL_CTX_get_max_early_data(serverTls12Ctx), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
-#else
-    ExpectIntEQ(SSL_CTX_set_max_early_data(serverTls12Ctx, 0),
-        WC_NO_ERR_TRACE(BAD_FUNC_ARG));
-    ExpectIntEQ(SSL_CTX_get_max_early_data(serverTls12Ctx), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
-#endif
-#endif
-#ifndef OPENSSL_EXTRA
-#ifdef WOLFSSL_ERROR_CODE_OPENSSL
-    ExpectIntEQ(wolfSSL_CTX_set_max_early_data(serverCtx, 32),
-        WOLFSSL_SUCCESS);
-#else
-    ExpectIntEQ(wolfSSL_CTX_set_max_early_data(serverCtx, 32), 0);
-#endif
-    ExpectIntEQ(wolfSSL_CTX_get_max_early_data(serverCtx), 32);
-#else
-    ExpectIntEQ(SSL_CTX_set_max_early_data(serverCtx, 32), 1);
-    ExpectIntEQ(SSL_CTX_get_max_early_data(serverCtx), 32);
-#endif
-#endif
-
-#ifndef OPENSSL_EXTRA
-    ExpectIntEQ(wolfSSL_set_max_early_data(NULL, 0), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
-    ExpectIntEQ(wolfSSL_get_max_early_data(NULL), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
-#else
-    ExpectIntEQ(SSL_set_max_early_data(NULL, 0), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
-    ExpectIntEQ(SSL_get_max_early_data(NULL), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
-#endif
-#ifndef NO_WOLFSSL_CLIENT
-#ifndef OPENSSL_EXTRA
-#ifdef WOLFSSL_ERROR_CODE_OPENSSL
-    ExpectIntEQ(wolfSSL_set_max_early_data(clientSsl, 17), WOLFSSL_SUCCESS);
-#else
-    ExpectIntEQ(wolfSSL_set_max_early_data(clientSsl, 17), 0);
-#endif
-    ExpectIntEQ(wolfSSL_get_max_early_data(clientSsl), 17);
-#else
-    ExpectIntEQ(SSL_set_max_early_data(clientSsl, 17), WOLFSSL_SUCCESS);
-    ExpectIntEQ(SSL_get_max_early_data(clientSsl), 17);
-#endif
-#endif
-#ifndef NO_WOLFSSL_SERVER
-#ifndef WOLFSSL_NO_TLS12
-#ifndef OPENSSL_EXTRA
-    ExpectIntEQ(wolfSSL_set_max_early_data(serverTls12Ssl, 0), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
-    ExpectIntEQ(wolfSSL_get_max_early_data(serverTls12Ssl), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
-#else
-    ExpectIntEQ(SSL_set_max_early_data(serverTls12Ssl, 0), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
-    ExpectIntEQ(SSL_get_max_early_data(serverTls12Ssl), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
-#endif
-#endif
-#ifndef OPENSSL_EXTRA
-#ifdef WOLFSSL_ERROR_CODE_OPENSSL
-    ExpectIntEQ(wolfSSL_set_max_early_data(serverSsl, 16), WOLFSSL_SUCCESS);
-#else
-    ExpectIntEQ(wolfSSL_set_max_early_data(serverSsl, 16), 0);
-#endif
-    ExpectIntEQ(wolfSSL_get_max_early_data(serverSsl), 16);
-#else
-    ExpectIntEQ(SSL_set_max_early_data(serverSsl, 16), 1);
-    ExpectIntEQ(SSL_get_max_early_data(serverSsl), 16);
-#endif
-#endif
-
-
-    ExpectIntEQ(wolfSSL_write_early_data(NULL, earlyData, sizeof(earlyData),
-        &outSz), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
-#ifndef NO_WOLFSSL_CLIENT
-    ExpectIntEQ(wolfSSL_write_early_data(clientSsl, NULL, sizeof(earlyData),
-        &outSz), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
-    ExpectIntEQ(wolfSSL_write_early_data(clientSsl, earlyData, -1, &outSz),
-        WC_NO_ERR_TRACE(BAD_FUNC_ARG));
-    ExpectIntEQ(wolfSSL_write_early_data(clientSsl, earlyData,
-        sizeof(earlyData), NULL), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
-#endif
-#ifndef NO_WOLFSSL_SERVER
-    ExpectIntEQ(wolfSSL_write_early_data(serverSsl, earlyData,
-        sizeof(earlyData), &outSz), WC_NO_ERR_TRACE(SIDE_ERROR));
-#endif
-#ifndef NO_WOLFSSL_CLIENT
-#ifndef WOLFSSL_NO_TLS12
-    ExpectIntEQ(wolfSSL_write_early_data(clientTls12Ssl, earlyData,
-        sizeof(earlyData), &outSz), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
-#endif
-    ExpectIntEQ(wolfSSL_write_early_data(clientSsl, earlyData,
-        sizeof(earlyData), &outSz), WC_NO_ERR_TRACE(WOLFSSL_FATAL_ERROR));
-#endif
-
-    ExpectIntEQ(wolfSSL_read_early_data(NULL, earlyDataBuffer,
-        sizeof(earlyDataBuffer), &outSz), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
-#ifndef NO_WOLFSSL_SERVER
-    ExpectIntEQ(wolfSSL_read_early_data(serverSsl, NULL,
-        sizeof(earlyDataBuffer), &outSz), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
-    ExpectIntEQ(wolfSSL_read_early_data(serverSsl, earlyDataBuffer, -1,
-        &outSz), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
-    ExpectIntEQ(wolfSSL_read_early_data(serverSsl, earlyDataBuffer,
-        sizeof(earlyDataBuffer), NULL), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
-#endif
-#ifndef NO_WOLFSSL_CLIENT
-    ExpectIntEQ(wolfSSL_read_early_data(clientSsl, earlyDataBuffer,
-        sizeof(earlyDataBuffer), &outSz), WC_NO_ERR_TRACE(SIDE_ERROR));
-#endif
-#ifndef NO_WOLFSSL_SERVER
-#ifndef WOLFSSL_NO_TLS12
-    ExpectIntEQ(wolfSSL_read_early_data(serverTls12Ssl, earlyDataBuffer,
-        sizeof(earlyDataBuffer), &outSz), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
-#endif
-    ExpectIntEQ(wolfSSL_read_early_data(serverSsl, earlyDataBuffer,
-        sizeof(earlyDataBuffer), &outSz), WC_NO_ERR_TRACE(WOLFSSL_FATAL_ERROR));
-#endif
-#endif
-
-#if defined(OPENSSL_EXTRA) && defined(WOLFSSL_EARLY_DATA)
-    ExpectIntLT(SSL_get_early_data_status(NULL), 0);
-#endif
-
-
-#ifndef NO_WOLFSSL_SERVER
-    wolfSSL_free(serverSsl);
-    wolfSSL_CTX_free(serverCtx);
-#endif
-#ifndef NO_WOLFSSL_CLIENT
-    wolfSSL_free(clientSsl);
-    wolfSSL_CTX_free(clientCtx);
-#endif
-
-#ifndef WOLFSSL_NO_TLS12
-#ifndef NO_WOLFSSL_SERVER
-    wolfSSL_free(serverTls12Ssl);
-    wolfSSL_CTX_free(serverTls12Ctx);
-#endif
-#ifndef NO_WOLFSSL_CLIENT
-    wolfSSL_free(clientTls12Ssl);
-    wolfSSL_CTX_free(clientTls12Ctx);
-#endif
-#endif
-
-    return EXPECT_RESULT();
-}
-
-#if defined(HAVE_SESSION_TICKET) && !defined(NO_WOLFSSL_SERVER) && \
-    defined(HAVE_ECC) && defined(BUILD_TLS_AES_128_GCM_SHA256) && \
-    defined(BUILD_TLS_AES_256_GCM_SHA384)
-/* Called when writing. */
-static int CsSend(WOLFSSL* ssl, char* buf, int sz, void* ctx)
-{
-    (void)ssl;
-    (void)buf;
-    (void)sz;
-    (void)ctx;
-
-    /* Force error return from wolfSSL_accept_TLSv13(). */
-    return WANT_WRITE;
-}
-/* Called when reading. */
-static int CsRecv(WOLFSSL* ssl, char* buf, int sz, void* ctx)
-{
-    WOLFSSL_BUFFER_INFO* msg = (WOLFSSL_BUFFER_INFO*)ctx;
-    int len = (int)msg->length;
-
-    (void)ssl;
-    (void)sz;
-
-    /* Pass back as much of message as will fit in buffer. */
-    if (len > sz)
-        len = sz;
-    XMEMCPY(buf, msg->buffer, len);
-    /* Move over returned data. */
-    msg->buffer += len;
-    msg->length -= len;
-
-    /* Amount actually copied. */
-    return len;
-}
-#endif
-
-static int test_tls13_cipher_suites(void)
-{
-    EXPECT_DECLS;
-#if defined(HAVE_SESSION_TICKET) && !defined(NO_WOLFSSL_SERVER) && \
-    defined(HAVE_ECC) && defined(BUILD_TLS_AES_128_GCM_SHA256) && \
-    defined(BUILD_TLS_AES_256_GCM_SHA384)
-    WOLFSSL_CTX* ctx = NULL;
-    WOLFSSL *ssl = NULL;
-    int i;
-    byte clientHello[] = {
-        0x16, 0x03, 0x03, 0x01, 0x9b, 0x01, 0x00, 0x01,
-        0x97, 0x03, 0x03, 0xf4, 0x65, 0xbd, 0x22, 0xfe,
-        0x6e, 0xab, 0x66, 0xdd, 0xcf, 0xe9, 0x65, 0x55,
-        0xe8, 0xdf, 0xc3, 0x8e, 0x4b, 0x00, 0xbc, 0xf8,
-        0x23, 0x57, 0x1b, 0xa0, 0xc8, 0xa9, 0xe2, 0x8c,
-        0x91, 0x6e, 0xf9, 0x20, 0xf7, 0x5c, 0xc5, 0x5b,
-        0x75, 0x8c, 0x47, 0x0a, 0x0e, 0xc4, 0x1a, 0xda,
-        0xef, 0x75, 0xe5, 0x21, 0x00, 0x00, 0x00, 0x00,
-        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
-        0x00, 0x00, 0x00, 0x00, 0x00, 0x04,
-        /* Cipher suites: 0x13, 0x01 = TLS13-AES128-GCM-SHA256, twice. */
-                                            0x13, 0x01,
-        0x13, 0x01, 0x01, 0x00, 0x01, 0x4a, 0x00, 0x2d,
-        0x00, 0x03, 0x02, 0x00, 0x01, 0x00, 0x33, 0x00,
-        0x47, 0x00, 0x45, 0x00, 0x17, 0x00, 0x41, 0x04,
-        0x90, 0xfc, 0xe2, 0x97, 0x05, 0x7c, 0xb5, 0x23,
-        0x5d, 0x5f, 0x5b, 0xcd, 0x0c, 0x1e, 0xe0, 0xe9,
-        0xab, 0x38, 0x6b, 0x1e, 0x20, 0x5c, 0x1c, 0x90,
-        0x2a, 0x9e, 0x68, 0x8e, 0x70, 0x05, 0x10, 0xa8,
-        0x02, 0x1b, 0xf9, 0x5c, 0xef, 0xc9, 0xaf, 0xca,
-        0x1a, 0x3b, 0x16, 0x8b, 0xe4, 0x1b, 0x3c, 0x15,
-        0xb8, 0x0d, 0xbd, 0xaf, 0x62, 0x8d, 0xa7, 0x13,
-        0xa0, 0x7c, 0xe0, 0x59, 0x0c, 0x4f, 0x8a, 0x6d,
-        0x00, 0x2b, 0x00, 0x03, 0x02, 0x03, 0x04, 0x00,
-        0x0d, 0x00, 0x20, 0x00, 0x1e, 0x06, 0x03, 0x05,
-        0x03, 0x04, 0x03, 0x02, 0x03, 0x08, 0x06, 0x08,
-        0x0b, 0x08, 0x05, 0x08, 0x0a, 0x08, 0x04, 0x08,
-        0x09, 0x06, 0x01, 0x05, 0x01, 0x04, 0x01, 0x03,
-        0x01, 0x02, 0x01, 0x00, 0x0a, 0x00, 0x04, 0x00,
-        0x02, 0x00, 0x17, 0x00, 0x16, 0x00, 0x00, 0x00,
-        0x23, 0x00, 0x00, 0x00, 0x29, 0x00, 0xb9, 0x00,
-        0x94, 0x00, 0x8e, 0x0f, 0x12, 0xfa, 0x84, 0x1f,
-        0x76, 0x94, 0xd7, 0x09, 0x5e, 0xad, 0x08, 0x51,
-        0xb6, 0x80, 0x28, 0x31, 0x8b, 0xfd, 0xc6, 0xbd,
-        0x9e, 0xf5, 0x3b, 0x4d, 0x02, 0xbe, 0x1d, 0x73,
-        0xea, 0x13, 0x68, 0x00, 0x4c, 0xfd, 0x3d, 0x48,
-        0x51, 0xf9, 0x06, 0xbb, 0x92, 0xed, 0x42, 0x9f,
-        0x7f, 0x2c, 0x73, 0x9f, 0xd9, 0xb4, 0xef, 0x05,
-        0x26, 0x5b, 0x60, 0x5c, 0x0a, 0xfc, 0xa3, 0xbd,
-        0x2d, 0x2d, 0x8b, 0xf9, 0xaa, 0x5c, 0x96, 0x3a,
-        0xf2, 0xec, 0xfa, 0xe5, 0x57, 0x2e, 0x87, 0xbe,
-        0x27, 0xc5, 0x3d, 0x4f, 0x5d, 0xdd, 0xde, 0x1c,
-        0x1b, 0xb3, 0xcc, 0x27, 0x27, 0x57, 0x5a, 0xd9,
-        0xea, 0x99, 0x27, 0x23, 0xa6, 0x0e, 0xea, 0x9c,
-        0x0d, 0x85, 0xcb, 0x72, 0xeb, 0xd7, 0x93, 0xe3,
-        0xfe, 0xf7, 0x5c, 0xc5, 0x5b, 0x75, 0x8c, 0x47,
-        0x0a, 0x0e, 0xc4, 0x1a, 0xda, 0xef, 0x75, 0xe5,
-        0x21, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
-        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
-        0x00, 0xfb, 0x92, 0xce, 0xaa, 0x00, 0x21, 0x20,
-        0xcb, 0x73, 0x25, 0x80, 0x46, 0x78, 0x4f, 0xe5,
-        0x34, 0xf6, 0x91, 0x13, 0x7f, 0xc8, 0x8d, 0xdc,
-        0x81, 0x04, 0xb7, 0x0d, 0x49, 0x85, 0x2e, 0x12,
-        0x7a, 0x07, 0x23, 0xe9, 0x13, 0xa4, 0x6d, 0x8c
-    };
-    WOLFSSL_BUFFER_INFO msg;
-    /* Offset into ClientHello message data of first cipher suite. */
-    const int csOff = 78;
-    /* Server cipher list. */
-    const char* serverCs = "TLS13-AES256-GCM-SHA384:TLS13-AES128-GCM-SHA256";
-    /* Suite list with duplicates. */
-    const char* dupCs = "TLS13-AES128-GCM-SHA256:"
-                        "TLS13-AES128-GCM-SHA256:"
-                        "TLS13-AES256-GCM-SHA384:"
-                        "TLS13-AES256-GCM-SHA384:"
-                        "TLS13-AES128-GCM-SHA256";
-#if defined(OPENSSL_EXTRA) || defined(WOLFSSL_SET_CIPHER_BYTES)
-    const byte dupCsBytes[] = { TLS13_BYTE, TLS_AES_256_GCM_SHA384,
-                                TLS13_BYTE, TLS_AES_256_GCM_SHA384,
-                                TLS13_BYTE, TLS_AES_128_GCM_SHA256,
-                                TLS13_BYTE, TLS_AES_128_GCM_SHA256,
-                                TLS13_BYTE, TLS_AES_256_GCM_SHA384 };
-#endif
-
-    /* Set up wolfSSL context. */
-    ExpectNotNull(ctx = wolfSSL_CTX_new(wolfTLSv1_3_server_method()));
-    ExpectTrue(wolfSSL_CTX_use_certificate_file(ctx, eccCertFile,
-        WOLFSSL_FILETYPE_PEM));
-    ExpectTrue(wolfSSL_CTX_use_PrivateKey_file(ctx, eccKeyFile,
-        WOLFSSL_FILETYPE_PEM));
-    /* Read from 'msg'. */
-    wolfSSL_SetIORecv(ctx, CsRecv);
-    /* No where to send to - dummy sender. */
-    wolfSSL_SetIOSend(ctx, CsSend);
-
-    /* Test cipher suite list with many copies of a cipher suite. */
-    ExpectNotNull(ssl = wolfSSL_new(ctx));
-    msg.buffer = clientHello;
-    msg.length = (unsigned int)sizeof(clientHello);
-    wolfSSL_SetIOReadCtx(ssl, &msg);
-    /* Force server to have as many occurrences of same cipher suite as
-     * possible. */
-    if (ssl != NULL) {
-        Suites* suites = (Suites*)WOLFSSL_SUITES(ssl);
-        suites->suiteSz = WOLFSSL_MAX_SUITE_SZ;
-        for (i = 0; i < suites->suiteSz; i += 2) {
-            suites->suites[i + 0] = TLS13_BYTE;
-            suites->suites[i + 1] = TLS_AES_128_GCM_SHA256;
-        }
-    }
-    /* Test multiple occurrences of same cipher suite. */
-    ExpectIntEQ(wolfSSL_accept_TLSv13(ssl), WC_NO_ERR_TRACE(WOLFSSL_FATAL_ERROR));
-    wolfSSL_free(ssl);
-    ssl = NULL;
-
-    /* Set client order opposite to server order:
-     *   TLS13-AES128-GCM-SHA256:TLS13-AES256-GCM-SHA384 */
-    clientHello[csOff + 0] = TLS13_BYTE;
-    clientHello[csOff + 1] = TLS_AES_128_GCM_SHA256;
-    clientHello[csOff + 2] = TLS13_BYTE;
-    clientHello[csOff + 3] = TLS_AES_256_GCM_SHA384;
-
-    /* Test server order negotiation. */
-    ExpectNotNull(ssl = wolfSSL_new(ctx));
-    msg.buffer = clientHello;
-    msg.length = (unsigned int)sizeof(clientHello);
-    wolfSSL_SetIOReadCtx(ssl, &msg);
-    /* Server order: TLS13-AES256-GCM-SHA384:TLS13-AES128-GCM-SHA256 */
-    ExpectIntEQ(wolfSSL_set_cipher_list(ssl, serverCs), WOLFSSL_SUCCESS);
-    /* Negotiate cipher suites in server order: TLS13-AES256-GCM-SHA384 */
-    ExpectIntEQ(wolfSSL_accept_TLSv13(ssl), WC_NO_ERR_TRACE(WOLFSSL_FATAL_ERROR));
-    /* Check refined order - server order. */
-    ExpectIntEQ(ssl->suites->suiteSz, 4);
-    ExpectIntEQ(ssl->suites->suites[0], TLS13_BYTE);
-    ExpectIntEQ(ssl->suites->suites[1], TLS_AES_256_GCM_SHA384);
-    ExpectIntEQ(ssl->suites->suites[2], TLS13_BYTE);
-    ExpectIntEQ(ssl->suites->suites[3], TLS_AES_128_GCM_SHA256);
-    wolfSSL_free(ssl);
-    ssl = NULL;
-
-    /* Test client order negotiation. */
-    ExpectNotNull(ssl = wolfSSL_new(ctx));
-    msg.buffer = clientHello;
-    msg.length = (unsigned int)sizeof(clientHello);
-    wolfSSL_SetIOReadCtx(ssl, &msg);
-    /* Server order: TLS13-AES256-GCM-SHA384:TLS13-AES128-GCM-SHA256 */
-    ExpectIntEQ(wolfSSL_set_cipher_list(ssl, serverCs), WOLFSSL_SUCCESS);
-    ExpectIntEQ(wolfSSL_UseClientSuites(ssl), 0);
-    /* Negotiate cipher suites in client order: TLS13-AES128-GCM-SHA256 */
-    ExpectIntEQ(wolfSSL_accept_TLSv13(ssl), WC_NO_ERR_TRACE(WOLFSSL_FATAL_ERROR));
-    /* Check refined order - client order. */
-    ExpectIntEQ(ssl->suites->suiteSz, 4);
-    ExpectIntEQ(ssl->suites->suites[0], TLS13_BYTE);
-    ExpectIntEQ(ssl->suites->suites[1], TLS_AES_128_GCM_SHA256);
-    ExpectIntEQ(ssl->suites->suites[2], TLS13_BYTE);
-    ExpectIntEQ(ssl->suites->suites[3], TLS_AES_256_GCM_SHA384);
-    wolfSSL_free(ssl);
-    ssl = NULL;
-
-    /* Check duplicate detection is working. */
-    ExpectIntEQ(wolfSSL_CTX_set_cipher_list(ctx, dupCs), WOLFSSL_SUCCESS);
-    ExpectIntEQ(ctx->suites->suiteSz, 4);
-    ExpectIntEQ(ctx->suites->suites[0], TLS13_BYTE);
-    ExpectIntEQ(ctx->suites->suites[1], TLS_AES_128_GCM_SHA256);
-    ExpectIntEQ(ctx->suites->suites[2], TLS13_BYTE);
-    ExpectIntEQ(ctx->suites->suites[3], TLS_AES_256_GCM_SHA384);
-
-#if defined(OPENSSL_EXTRA) || defined(WOLFSSL_SET_CIPHER_BYTES)
-    ExpectIntEQ(wolfSSL_CTX_set_cipher_list_bytes(ctx, dupCsBytes,
-        sizeof(dupCsBytes)), WOLFSSL_SUCCESS);
-    ExpectIntEQ(ctx->suites->suiteSz, 4);
-    ExpectIntEQ(ctx->suites->suites[0], TLS13_BYTE);
-    ExpectIntEQ(ctx->suites->suites[1], TLS_AES_256_GCM_SHA384);
-    ExpectIntEQ(ctx->suites->suites[2], TLS13_BYTE);
-    ExpectIntEQ(ctx->suites->suites[3], TLS_AES_128_GCM_SHA256);
-#endif
-
-    wolfSSL_CTX_free(ctx);
-#endif
-    return EXPECT_RESULT();
-}
-
-#endif
-
 #if defined(HAVE_PK_CALLBACKS) && !defined(WOLFSSL_NO_TLS12)
 #if !defined(NO_FILESYSTEM) && !defined(NO_DH) && \
         !defined(NO_AES) && defined(HAVE_AES_CBC) && \
@@ -52554,4247 +40443,8 @@ static int test_wolfSSL_X509_CRL_print(void)
     return EXPECT_RESULT();
 }
 
-static int test_wolfSSL_BIO_get_len(void)
-{
-    EXPECT_DECLS;
-#if defined(OPENSSL_EXTRA) && !defined(NO_BIO)
-    BIO *bio = NULL;
-    const char txt[] = "Some example text to push to the BIO.";
-
-    ExpectIntEQ(wolfSSL_BIO_get_len(bio), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
-
-    ExpectNotNull(bio = wolfSSL_BIO_new(wolfSSL_BIO_s_mem()));
-
-    ExpectIntEQ(wolfSSL_BIO_write(bio, txt, sizeof(txt)), sizeof(txt));
-    ExpectIntEQ(wolfSSL_BIO_get_len(bio), sizeof(txt));
-    BIO_free(bio);
-    bio = NULL;
-
-    ExpectNotNull(bio = BIO_new_fd(STDERR_FILENO, BIO_NOCLOSE));
-    ExpectIntEQ(wolfSSL_BIO_get_len(bio), WC_NO_ERR_TRACE(WOLFSSL_BAD_FILE));
-    BIO_free(bio);
-#endif
-    return EXPECT_RESULT();
-}
-
 #endif /* !NO_BIO */
 
-static int test_wolfSSL_RSA(void)
-{
-    EXPECT_DECLS;
-#if defined(OPENSSL_EXTRA) && !defined(NO_RSA) && defined(WOLFSSL_KEY_GEN)
-    RSA* rsa = NULL;
-    const BIGNUM *n = NULL;
-    const BIGNUM *e = NULL;
-    const BIGNUM *d = NULL;
-    const BIGNUM *p = NULL;
-    const BIGNUM *q = NULL;
-    const BIGNUM *dmp1 = NULL;
-    const BIGNUM *dmq1 = NULL;
-    const BIGNUM *iqmp = NULL;
-
-    ExpectNotNull(rsa = RSA_new());
-    ExpectIntEQ(RSA_size(NULL), 0);
-    ExpectIntEQ(RSA_size(rsa), 0);
-    ExpectIntEQ(RSA_set0_key(rsa, NULL, NULL, NULL), 0);
-    ExpectIntEQ(RSA_set0_crt_params(rsa, NULL, NULL, NULL), 0);
-    ExpectIntEQ(RSA_set0_factors(rsa, NULL, NULL), 0);
-#ifdef WOLFSSL_RSA_KEY_CHECK
-    ExpectIntEQ(RSA_check_key(rsa), 0);
-#endif
-
-    RSA_free(rsa);
-    rsa = NULL;
-    ExpectNotNull(rsa = RSA_generate_key(2048, 3, NULL, NULL));
-    ExpectIntEQ(RSA_size(rsa), 256);
-
-#if (!defined(HAVE_FIPS) || FIPS_VERSION3_GT(6,0,0)) && !defined(HAVE_SELFTEST)
-    {
-        /* Test setting only subset of parameters */
-        RSA *rsa2 = NULL;
-        unsigned char hash[SHA256_DIGEST_LENGTH];
-        unsigned char signature[2048/8];
-        unsigned int signatureLen = 0;
-        BIGNUM* n2 = NULL;
-        BIGNUM* e2 = NULL;
-        BIGNUM* d2 = NULL;
-        BIGNUM* p2 = NULL;
-        BIGNUM* q2 = NULL;
-        BIGNUM* dmp12 = NULL;
-        BIGNUM* dmq12 = NULL;
-        BIGNUM* iqmp2 = NULL;
-
-        XMEMSET(hash, 0, sizeof(hash));
-        RSA_get0_key(rsa, &n, &e, &d);
-        RSA_get0_factors(rsa, &p, &q);
-        RSA_get0_crt_params(rsa, &dmp1, &dmq1, &iqmp);
-
-        ExpectIntEQ(RSA_sign(NID_sha256, hash, sizeof(hash), signature,
-            &signatureLen, rsa), 1);
-        /* Quick sanity check */
-        ExpectIntEQ(RSA_verify(NID_sha256, hash, sizeof(hash), signature,
-            signatureLen, rsa), 1);
-
-        /* Verifying */
-        ExpectNotNull(n2 = BN_dup(n));
-        ExpectNotNull(e2 = BN_dup(e));
-        ExpectNotNull(p2 = BN_dup(p));
-        ExpectNotNull(q2 = BN_dup(q));
-        ExpectNotNull(dmp12 = BN_dup(dmp1));
-        ExpectNotNull(dmq12 = BN_dup(dmq1));
-        ExpectNotNull(iqmp2 = BN_dup(iqmp));
-
-        ExpectNotNull(rsa2 = RSA_new());
-        ExpectIntEQ(RSA_set0_key(rsa2, n2, e2, NULL), 1);
-        if (EXPECT_SUCCESS()) {
-            n2 = NULL;
-            e2 = NULL;
-        }
-        ExpectIntEQ(RSA_verify(NID_sha256, hash, sizeof(hash), signature,
-            signatureLen, rsa2), 1);
-        ExpectIntEQ(RSA_set0_factors(rsa2, p2, q2), 1);
-        if (EXPECT_SUCCESS()) {
-            p2 = NULL;
-            q2 = NULL;
-        }
-        ExpectIntEQ(RSA_verify(NID_sha256, hash, sizeof(hash), signature,
-            signatureLen, rsa2), 1);
-        ExpectIntEQ(RSA_set0_crt_params(rsa2, dmp12, dmq12, iqmp2), 1);
-        if (EXPECT_SUCCESS()) {
-            dmp12 = NULL;
-            dmq12 = NULL;
-            iqmp2 = NULL;
-        }
-        ExpectIntEQ(RSA_verify(NID_sha256, hash, sizeof(hash), signature,
-            signatureLen, rsa2), 1);
-        RSA_free(rsa2);
-        rsa2 = NULL;
-
-        BN_free(iqmp2);
-        iqmp2 = NULL;
-        BN_free(dmq12);
-        dmq12 = NULL;
-        BN_free(dmp12);
-        dmp12 = NULL;
-        BN_free(q2);
-        q2 = NULL;
-        BN_free(p2);
-        p2 = NULL;
-        BN_free(e2);
-        e2 = NULL;
-        BN_free(n2);
-        n2 = NULL;
-
-        ExpectNotNull(n2 = BN_dup(n));
-        ExpectNotNull(e2 = BN_dup(e));
-        ExpectNotNull(d2 = BN_dup(d));
-        ExpectNotNull(p2 = BN_dup(p));
-        ExpectNotNull(q2 = BN_dup(q));
-        ExpectNotNull(dmp12 = BN_dup(dmp1));
-        ExpectNotNull(dmq12 = BN_dup(dmq1));
-        ExpectNotNull(iqmp2 = BN_dup(iqmp));
-
-        /* Signing */
-        XMEMSET(signature, 0, sizeof(signature));
-        ExpectNotNull(rsa2 = RSA_new());
-        ExpectIntEQ(RSA_set0_key(rsa2, n2, e2, d2), 1);
-        if (EXPECT_SUCCESS()) {
-            n2 = NULL;
-            e2 = NULL;
-            d2 = NULL;
-        }
-#if defined(WOLFSSL_SP_MATH) && !defined(RSA_LOW_MEM)
-        /* SP is not support signing without CRT parameters. */
-        ExpectIntEQ(RSA_sign(NID_sha256, hash, sizeof(hash), signature,
-            &signatureLen, rsa2), 0);
-        ExpectIntEQ(RSA_set0_factors(rsa2, p2, q2), 1);
-        if (EXPECT_SUCCESS()) {
-            p2 = NULL;
-            q2 = NULL;
-        }
-        ExpectIntEQ(RSA_sign(NID_sha256, hash, sizeof(hash), signature,
-            &signatureLen, rsa2), 0);
-#else
-        ExpectIntEQ(RSA_sign(NID_sha256, hash, sizeof(hash), signature,
-            &signatureLen, rsa2), 1);
-        ExpectIntEQ(RSA_verify(NID_sha256, hash, sizeof(hash), signature,
-            signatureLen, rsa), 1);
-        ExpectIntEQ(RSA_set0_factors(rsa2, p2, q2), 1);
-        if (EXPECT_SUCCESS()) {
-            p2 = NULL;
-            q2 = NULL;
-        }
-        XMEMSET(signature, 0, sizeof(signature));
-        ExpectIntEQ(RSA_sign(NID_sha256, hash, sizeof(hash), signature,
-            &signatureLen, rsa2), 1);
-        ExpectIntEQ(RSA_verify(NID_sha256, hash, sizeof(hash), signature,
-            signatureLen, rsa), 1);
-#endif
-        ExpectIntEQ(RSA_set0_crt_params(rsa2, dmp12, dmq12, iqmp2), 1);
-        if (EXPECT_SUCCESS()) {
-            dmp12 = NULL;
-            dmq12 = NULL;
-            iqmp2 = NULL;
-        }
-        ExpectIntEQ(RSA_sign(NID_sha256, hash, sizeof(hash), signature,
-            &signatureLen, rsa2), 1);
-        ExpectIntEQ(RSA_verify(NID_sha256, hash, sizeof(hash), signature,
-            signatureLen, rsa), 1);
-        RSA_free(rsa2);
-        rsa2 = NULL;
-
-        BN_free(iqmp2);
-        BN_free(dmq12);
-        BN_free(dmp12);
-        BN_free(q2);
-        BN_free(p2);
-        BN_free(d2);
-        BN_free(e2);
-        BN_free(n2);
-    }
-#endif
-
-#ifdef WOLFSSL_RSA_KEY_CHECK
-    ExpectIntEQ(RSA_check_key(NULL), 0);
-    ExpectIntEQ(RSA_check_key(rsa), 1);
-#endif
-
-    /* sanity check */
-    ExpectIntEQ(RSA_bits(NULL), 0);
-
-    /* key */
-    ExpectIntEQ(RSA_bits(rsa), 2048);
-    RSA_get0_key(rsa, &n, &e, &d);
-    ExpectPtrEq(rsa->n, n);
-    ExpectPtrEq(rsa->e, e);
-    ExpectPtrEq(rsa->d, d);
-    n = NULL;
-    e = NULL;
-    d = NULL;
-    ExpectNotNull(n = BN_new());
-    ExpectNotNull(e = BN_new());
-    ExpectNotNull(d = BN_new());
-    ExpectIntEQ(RSA_set0_key(rsa, (BIGNUM*)n, (BIGNUM*)e, (BIGNUM*)d), 1);
-    if (EXPECT_FAIL()) {
-        BN_free((BIGNUM*)n);
-        BN_free((BIGNUM*)e);
-        BN_free((BIGNUM*)d);
-    }
-    ExpectPtrEq(rsa->n, n);
-    ExpectPtrEq(rsa->e, e);
-    ExpectPtrEq(rsa->d, d);
-    ExpectIntEQ(RSA_set0_key(rsa, NULL, NULL, NULL), 1);
-    ExpectIntEQ(RSA_set0_key(NULL, (BIGNUM*)n, (BIGNUM*)e, (BIGNUM*)d), 0);
-
-    /* crt_params */
-    RSA_get0_crt_params(rsa, &dmp1, &dmq1, &iqmp);
-    ExpectPtrEq(rsa->dmp1, dmp1);
-    ExpectPtrEq(rsa->dmq1, dmq1);
-    ExpectPtrEq(rsa->iqmp, iqmp);
-    dmp1 = NULL;
-    dmq1 = NULL;
-    iqmp = NULL;
-    ExpectNotNull(dmp1 = BN_new());
-    ExpectNotNull(dmq1 = BN_new());
-    ExpectNotNull(iqmp = BN_new());
-    ExpectIntEQ(RSA_set0_crt_params(rsa, (BIGNUM*)dmp1, (BIGNUM*)dmq1,
-        (BIGNUM*)iqmp), 1);
-    if (EXPECT_FAIL()) {
-        BN_free((BIGNUM*)dmp1);
-        BN_free((BIGNUM*)dmq1);
-        BN_free((BIGNUM*)iqmp);
-    }
-    ExpectPtrEq(rsa->dmp1, dmp1);
-    ExpectPtrEq(rsa->dmq1, dmq1);
-    ExpectPtrEq(rsa->iqmp, iqmp);
-    ExpectIntEQ(RSA_set0_crt_params(rsa, NULL, NULL, NULL), 1);
-    ExpectIntEQ(RSA_set0_crt_params(NULL, (BIGNUM*)dmp1, (BIGNUM*)dmq1,
-        (BIGNUM*)iqmp), 0);
-    RSA_get0_crt_params(NULL, NULL, NULL, NULL);
-    RSA_get0_crt_params(rsa, NULL, NULL, NULL);
-    RSA_get0_crt_params(NULL, &dmp1, &dmq1, &iqmp);
-    ExpectNull(dmp1);
-    ExpectNull(dmq1);
-    ExpectNull(iqmp);
-
-    /* factors */
-    RSA_get0_factors(rsa, NULL, NULL);
-    RSA_get0_factors(rsa, &p, &q);
-    ExpectPtrEq(rsa->p, p);
-    ExpectPtrEq(rsa->q, q);
-    p = NULL;
-    q = NULL;
-    ExpectNotNull(p = BN_new());
-    ExpectNotNull(q = BN_new());
-    ExpectIntEQ(RSA_set0_factors(rsa, (BIGNUM*)p, (BIGNUM*)q), 1);
-    if (EXPECT_FAIL()) {
-        BN_free((BIGNUM*)p);
-        BN_free((BIGNUM*)q);
-    }
-    ExpectPtrEq(rsa->p, p);
-    ExpectPtrEq(rsa->q, q);
-    ExpectIntEQ(RSA_set0_factors(rsa, NULL, NULL), 1);
-    ExpectIntEQ(RSA_set0_factors(NULL, (BIGNUM*)p, (BIGNUM*)q), 0);
-    RSA_get0_factors(NULL, NULL, NULL);
-    RSA_get0_factors(NULL, &p, &q);
-    ExpectNull(p);
-    ExpectNull(q);
-
-    ExpectIntEQ(BN_hex2bn(&rsa->n, "1FFFFF"), 1);
-    ExpectIntEQ(RSA_bits(rsa), 21);
-    RSA_free(rsa);
-    rsa = NULL;
-
-#if !defined(USE_FAST_MATH) || (FP_MAX_BITS >= (3072*2))
-    ExpectNotNull(rsa = RSA_generate_key(3072, 17, NULL, NULL));
-    ExpectIntEQ(RSA_size(rsa), 384);
-    ExpectIntEQ(RSA_bits(rsa), 3072);
-    RSA_free(rsa);
-    rsa = NULL;
-#endif
-
-    /* remove for now with odd key size until adjusting rsa key size check with
-       wc_MakeRsaKey()
-    ExpectNotNull(rsa = RSA_generate_key(2999, 65537, NULL, NULL));
-    RSA_free(rsa);
-    rsa = NULL;
-    */
-
-    ExpectNull(RSA_generate_key(-1, 3, NULL, NULL));
-    ExpectNull(RSA_generate_key(RSA_MIN_SIZE - 1, 3, NULL, NULL));
-    ExpectNull(RSA_generate_key(RSA_MAX_SIZE + 1, 3, NULL, NULL));
-    ExpectNull(RSA_generate_key(2048, 0, NULL, NULL));
-
-
-#if !defined(NO_FILESYSTEM) && !defined(NO_ASN)
-    {
-        byte buff[FOURK_BUF];
-        byte der[FOURK_BUF];
-        const char PrivKeyPemFile[] = "certs/client-keyEnc.pem";
-
-        XFILE f = XBADFILE;
-        int bytes = 0;
-
-        /* test loading encrypted RSA private pem w/o password */
-        ExpectTrue((f = XFOPEN(PrivKeyPemFile, "rb")) != XBADFILE);
-        ExpectIntGT(bytes = (int)XFREAD(buff, 1, sizeof(buff), f), 0);
-        if (f != XBADFILE)
-            XFCLOSE(f);
-        XMEMSET(der, 0, sizeof(der));
-        /* test that error value is returned with no password */
-        ExpectIntLT(wc_KeyPemToDer(buff, bytes, der, (word32)sizeof(der), ""),
-            0);
-    }
-#endif
-#endif
-    return EXPECT_RESULT();
-}
-
-static int test_wolfSSL_RSA_DER(void)
-{
-    EXPECT_DECLS;
-#if defined(WOLFSSL_KEY_GEN) && !defined(NO_RSA) && defined(OPENSSL_EXTRA)
-    RSA *rsa = NULL;
-    int i;
-    const unsigned char *buff = NULL;
-    unsigned char *newBuff = NULL;
-
-    struct tbl_s
-    {
-        const unsigned char *der;
-        int sz;
-    } tbl[] = {
-
-#ifdef USE_CERT_BUFFERS_1024
-        {client_key_der_1024, sizeof_client_key_der_1024},
-        {server_key_der_1024, sizeof_server_key_der_1024},
-#endif
-#ifdef USE_CERT_BUFFERS_2048
-        {client_key_der_2048, sizeof_client_key_der_2048},
-        {server_key_der_2048, sizeof_server_key_der_2048},
-#endif
-        {NULL, 0}
-    };
-
-    /* Public Key DER */
-    struct tbl_s pub[] = {
-#ifdef USE_CERT_BUFFERS_1024
-        {client_keypub_der_1024, sizeof_client_keypub_der_1024},
-#endif
-#ifdef USE_CERT_BUFFERS_2048
-        {client_keypub_der_2048, sizeof_client_keypub_der_2048},
-#endif
-        {NULL, 0}
-    };
-
-    ExpectNull(d2i_RSAPublicKey(&rsa, NULL, pub[0].sz));
-    buff = pub[0].der;
-    ExpectNull(d2i_RSAPublicKey(&rsa, &buff, 1));
-    ExpectNull(d2i_RSAPrivateKey(&rsa, NULL, tbl[0].sz));
-    buff = tbl[0].der;
-    ExpectNull(d2i_RSAPrivateKey(&rsa, &buff, 1));
-
-    ExpectIntEQ(i2d_RSAPublicKey(NULL, NULL), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
-    rsa = RSA_new();
-    ExpectIntEQ(i2d_RSAPublicKey(rsa, NULL), 0);
-    RSA_free(rsa);
-    rsa = NULL;
-
-    for (i = 0; tbl[i].der != NULL; i++)
-    {
-        /* Passing in pointer results in pointer moving. */
-        buff = tbl[i].der;
-        ExpectNotNull(d2i_RSAPublicKey(&rsa, &buff, tbl[i].sz));
-        ExpectNotNull(rsa);
-        RSA_free(rsa);
-        rsa = NULL;
-    }
-    for (i = 0; tbl[i].der != NULL; i++)
-    {
-        /* Passing in pointer results in pointer moving. */
-        buff = tbl[i].der;
-        ExpectNotNull(d2i_RSAPrivateKey(&rsa, &buff, tbl[i].sz));
-        ExpectNotNull(rsa);
-        RSA_free(rsa);
-        rsa = NULL;
-    }
-
-    for (i = 0; pub[i].der != NULL; i++)
-    {
-        buff = pub[i].der;
-        ExpectNotNull(d2i_RSAPublicKey(&rsa, &buff, pub[i].sz));
-        ExpectNotNull(rsa);
-        ExpectIntEQ(i2d_RSAPublicKey(rsa, NULL), pub[i].sz);
-        newBuff = NULL;
-        ExpectIntEQ(i2d_RSAPublicKey(rsa, &newBuff), pub[i].sz);
-        ExpectNotNull(newBuff);
-        ExpectIntEQ(XMEMCMP((void *)newBuff, (void *)pub[i].der, pub[i].sz), 0);
-        XFREE((void *)newBuff, NULL, DYNAMIC_TYPE_TMP_BUFFER);
-        RSA_free(rsa);
-        rsa = NULL;
-    }
-#endif
-    return EXPECT_RESULT();
-}
-
-static int test_wolfSSL_RSA_print(void)
-{
-    EXPECT_DECLS;
-#if defined(OPENSSL_EXTRA) && !defined(NO_FILESYSTEM) && \
-   !defined(NO_STDIO_FILESYSTEM) && \
-   !defined(NO_RSA) && defined(WOLFSSL_KEY_GEN) && \
-   !defined(NO_BIO) && defined(XFPRINTF)
-    BIO *bio = NULL;
-    WOLFSSL_RSA* rsa = NULL;
-
-    ExpectNotNull(bio = BIO_new_fd(STDERR_FILENO, BIO_NOCLOSE));
-    ExpectNotNull(rsa = RSA_new());
-
-    ExpectIntEQ(RSA_print(NULL, rsa, 0), -1);
-    ExpectIntEQ(RSA_print_fp(XBADFILE, rsa, 0), 0);
-    ExpectIntEQ(RSA_print(bio, NULL, 0), -1);
-    ExpectIntEQ(RSA_print_fp(stderr, NULL, 0), 0);
-    /* Some very large number of indent spaces. */
-    ExpectIntEQ(RSA_print(bio, rsa, 128), -1);
-    /* RSA is empty. */
-    ExpectIntEQ(RSA_print(bio, rsa, 0), 0);
-    ExpectIntEQ(RSA_print_fp(stderr, rsa, 0), 0);
-
-    RSA_free(rsa);
-    rsa = NULL;
-    ExpectNotNull(rsa = RSA_generate_key(2048, 3, NULL, NULL));
-
-    ExpectIntEQ(RSA_print(bio, rsa, 0), 1);
-    ExpectIntEQ(RSA_print(bio, rsa, 4), 1);
-    ExpectIntEQ(RSA_print(bio, rsa, -1), 1);
-    ExpectIntEQ(RSA_print_fp(stderr, rsa, 0), 1);
-    ExpectIntEQ(RSA_print_fp(stderr, rsa, 4), 1);
-    ExpectIntEQ(RSA_print_fp(stderr, rsa, -1), 1);
-
-    BIO_free(bio);
-    RSA_free(rsa);
-#endif
-    return EXPECT_RESULT();
-}
-
-static int test_wolfSSL_RSA_padding_add_PKCS1_PSS(void)
-{
-    EXPECT_DECLS;
-#ifndef NO_RSA
-#if defined(OPENSSL_ALL) && defined(WC_RSA_PSS) && !defined(WC_NO_RNG)
-#if !defined(HAVE_FIPS) || (defined(HAVE_FIPS_VERSION) && (HAVE_FIPS_VERSION>2))
-    RSA *rsa = NULL;
-    const unsigned char *derBuf = client_key_der_2048;
-    unsigned char em[256] = {0}; /* len = 2048/8 */
-    /* Random data simulating a hash */
-    const unsigned char mHash[WC_SHA256_DIGEST_SIZE] = {
-        0x28, 0x6e, 0xfd, 0xf8, 0x76, 0xc7, 0x00, 0x3d, 0x91, 0x4e, 0x59, 0xe4,
-        0x8e, 0xb7, 0x40, 0x7b, 0xd1, 0x0c, 0x98, 0x4b, 0xe3, 0x3d, 0xb3, 0xeb,
-        0x6f, 0x8a, 0x3c, 0x42, 0xab, 0x21, 0xad, 0x28
-    };
-
-    ExpectNotNull(d2i_RSAPrivateKey(&rsa, &derBuf, sizeof_client_key_der_2048));
-    ExpectIntEQ(RSA_padding_add_PKCS1_PSS(NULL, em, mHash, EVP_sha256(),
-        RSA_PSS_SALTLEN_DIGEST), 0);
-    ExpectIntEQ(RSA_padding_add_PKCS1_PSS(rsa, NULL, mHash, EVP_sha256(),
-        RSA_PSS_SALTLEN_DIGEST), 0);
-    ExpectIntEQ(RSA_padding_add_PKCS1_PSS(rsa, em, NULL, EVP_sha256(),
-        RSA_PSS_SALTLEN_DIGEST), 0);
-    ExpectIntEQ(RSA_padding_add_PKCS1_PSS(rsa, em, mHash, NULL,
-        RSA_PSS_SALTLEN_DIGEST), 0);
-    ExpectIntEQ(RSA_padding_add_PKCS1_PSS(rsa, em, mHash, EVP_sha256(), -5), 0);
-
-    ExpectIntEQ(RSA_verify_PKCS1_PSS(NULL, mHash, EVP_sha256(), em,
-        RSA_PSS_SALTLEN_MAX_SIGN), 0);
-    ExpectIntEQ(RSA_verify_PKCS1_PSS(rsa, NULL, EVP_sha256(), em,
-        RSA_PSS_SALTLEN_MAX_SIGN), 0);
-    ExpectIntEQ(RSA_verify_PKCS1_PSS(rsa, mHash, NULL, em,
-        RSA_PSS_SALTLEN_MAX_SIGN), 0);
-    ExpectIntEQ(RSA_verify_PKCS1_PSS(rsa, mHash, EVP_sha256(), NULL,
-        RSA_PSS_SALTLEN_MAX_SIGN), 0);
-    ExpectIntEQ(RSA_verify_PKCS1_PSS(rsa, mHash, EVP_sha256(), em,
-        RSA_PSS_SALTLEN_MAX_SIGN), 0);
-    ExpectIntEQ(RSA_verify_PKCS1_PSS(rsa, mHash, EVP_sha256(), em, -5), 0);
-
-    ExpectIntEQ(RSA_padding_add_PKCS1_PSS(rsa, em, mHash, EVP_sha256(),
-        RSA_PSS_SALTLEN_DIGEST), 1);
-    ExpectIntEQ(RSA_verify_PKCS1_PSS(rsa, mHash, EVP_sha256(), em,
-        RSA_PSS_SALTLEN_DIGEST), 1);
-
-    ExpectIntEQ(RSA_padding_add_PKCS1_PSS(rsa, em, mHash, EVP_sha256(),
-        RSA_PSS_SALTLEN_MAX_SIGN), 1);
-    ExpectIntEQ(RSA_verify_PKCS1_PSS(rsa, mHash, EVP_sha256(), em,
-        RSA_PSS_SALTLEN_MAX_SIGN), 1);
-
-    ExpectIntEQ(RSA_padding_add_PKCS1_PSS(rsa, em, mHash, EVP_sha256(),
-        RSA_PSS_SALTLEN_MAX), 1);
-    ExpectIntEQ(RSA_verify_PKCS1_PSS(rsa, mHash, EVP_sha256(), em,
-        RSA_PSS_SALTLEN_MAX), 1);
-
-    ExpectIntEQ(RSA_padding_add_PKCS1_PSS(rsa, em, mHash, EVP_sha256(), 10), 1);
-    ExpectIntEQ(RSA_verify_PKCS1_PSS(rsa, mHash, EVP_sha256(), em, 10), 1);
-
-    RSA_free(rsa);
-#endif /* !HAVE_FIPS || HAVE_FIPS_VERSION > 2 */
-#endif /* OPENSSL_ALL && WC_RSA_PSS && !WC_NO_RNG*/
-#endif
-    return EXPECT_RESULT();
-}
-
-static int test_wolfSSL_RSA_sign_sha3(void)
-{
-    EXPECT_DECLS;
-#if !defined(NO_RSA) && defined(WOLFSSL_SHA3) && !defined(WOLFSSL_NOSHA3_256)
-#if defined(OPENSSL_ALL) && defined(WC_RSA_PSS) && !defined(WC_NO_RNG)
-    RSA* rsa = NULL;
-    const unsigned char *derBuf = client_key_der_2048;
-    unsigned char sigRet[256] = {0};
-    unsigned int sigLen = sizeof(sigRet);
-    /* Random data simulating a hash */
-    const unsigned char mHash[WC_SHA3_256_DIGEST_SIZE] = {
-        0x28, 0x6e, 0xfd, 0xf8, 0x76, 0xc7, 0x00, 0x3d, 0x91, 0x4e, 0x59, 0xe4,
-        0x8e, 0xb7, 0x40, 0x7b, 0xd1, 0x0c, 0x98, 0x4b, 0xe3, 0x3d, 0xb3, 0xeb,
-        0x6f, 0x8a, 0x3c, 0x42, 0xab, 0x21, 0xad, 0x28
-    };
-
-    ExpectNotNull(d2i_RSAPrivateKey(&rsa, &derBuf, sizeof_client_key_der_2048));
-    ExpectIntEQ(RSA_sign(NID_sha3_256, mHash, sizeof(mHash), sigRet, &sigLen,
-        rsa), 1);
-
-    RSA_free(rsa);
-#endif /* OPENSSL_ALL && WC_RSA_PSS && !WC_NO_RNG*/
-#endif /* !NO_RSA && WOLFSSL_SHA3 && !WOLFSSL_NOSHA3_256*/
-    return EXPECT_RESULT();
-}
-
-static int test_wolfSSL_RSA_get0_key(void)
-{
-    EXPECT_DECLS;
-#if defined(OPENSSL_EXTRA) && !defined(NO_RSA)
-    RSA *rsa = NULL;
-    const BIGNUM* n = NULL;
-    const BIGNUM* e = NULL;
-    const BIGNUM* d = NULL;
-
-    const unsigned char* der;
-    int derSz;
-
-#ifdef USE_CERT_BUFFERS_1024
-    der = client_key_der_1024;
-    derSz = sizeof_client_key_der_1024;
-#elif defined(USE_CERT_BUFFERS_2048)
-    der = client_key_der_2048;
-    derSz = sizeof_client_key_der_2048;
-#else
-    der = NULL;
-    derSz = 0;
-#endif
-
-    if (der != NULL) {
-        RSA_get0_key(NULL, NULL, NULL, NULL);
-        RSA_get0_key(rsa, NULL, NULL, NULL);
-        RSA_get0_key(NULL, &n, &e, &d);
-        ExpectNull(n);
-        ExpectNull(e);
-        ExpectNull(d);
-
-        ExpectNotNull(d2i_RSAPrivateKey(&rsa, &der, derSz));
-        ExpectNotNull(rsa);
-
-        RSA_get0_key(rsa, NULL, NULL, NULL);
-        RSA_get0_key(rsa, &n, NULL, NULL);
-        ExpectNotNull(n);
-        RSA_get0_key(rsa, NULL, &e, NULL);
-        ExpectNotNull(e);
-        RSA_get0_key(rsa, NULL, NULL, &d);
-        ExpectNotNull(d);
-        RSA_get0_key(rsa, &n, &e, &d);
-        ExpectNotNull(n);
-        ExpectNotNull(e);
-        ExpectNotNull(d);
-
-        RSA_free(rsa);
-    }
-#endif
-    return EXPECT_RESULT();
-}
-
-static int test_wolfSSL_RSA_meth(void)
-{
-    EXPECT_DECLS;
-#if defined(OPENSSL_EXTRA) && !defined(NO_RSA)
-    RSA *rsa = NULL;
-    RSA_METHOD *rsa_meth = NULL;
-
-#ifdef WOLFSSL_KEY_GEN
-    ExpectNotNull(rsa = RSA_generate_key(2048, 3, NULL, NULL));
-    RSA_free(rsa);
-    rsa = NULL;
-#else
-    ExpectNull(rsa = RSA_generate_key(2048, 3, NULL, NULL));
-#endif
-
-    ExpectNotNull(RSA_get_default_method());
-
-    wolfSSL_RSA_meth_free(NULL);
-
-    ExpectNull(wolfSSL_RSA_meth_new(NULL, 0));
-
-    ExpectNotNull(rsa_meth = RSA_meth_new("placeholder RSA method",
-        RSA_METHOD_FLAG_NO_CHECK));
-
-#ifndef NO_WOLFSSL_STUB
-    ExpectIntEQ(RSA_meth_set_pub_enc(rsa_meth, NULL), 1);
-    ExpectIntEQ(RSA_meth_set_pub_dec(rsa_meth, NULL), 1);
-    ExpectIntEQ(RSA_meth_set_priv_enc(rsa_meth, NULL), 1);
-    ExpectIntEQ(RSA_meth_set_priv_dec(rsa_meth, NULL), 1);
-    ExpectIntEQ(RSA_meth_set_init(rsa_meth, NULL), 1);
-    ExpectIntEQ(RSA_meth_set_finish(rsa_meth, NULL), 1);
-    ExpectIntEQ(RSA_meth_set0_app_data(rsa_meth, NULL), 1);
-#endif
-
-    ExpectIntEQ(RSA_flags(NULL), 0);
-    RSA_set_flags(NULL, RSA_FLAG_CACHE_PUBLIC);
-    RSA_clear_flags(NULL, RSA_FLAG_CACHE_PUBLIC);
-    ExpectIntEQ(RSA_test_flags(NULL, RSA_FLAG_CACHE_PUBLIC), 0);
-
-    ExpectNotNull(rsa = RSA_new());
-    /* No method set. */
-    ExpectIntEQ(RSA_flags(rsa), 0);
-    RSA_set_flags(rsa, RSA_FLAG_CACHE_PUBLIC);
-    RSA_clear_flags(rsa, RSA_FLAG_CACHE_PUBLIC);
-    ExpectIntEQ(RSA_test_flags(rsa, RSA_FLAG_CACHE_PUBLIC), 0);
-
-    ExpectIntEQ(RSA_set_method(NULL, rsa_meth), 1);
-    ExpectIntEQ(RSA_set_method(rsa, rsa_meth), 1);
-    if (EXPECT_FAIL()) {
-        wolfSSL_RSA_meth_free(rsa_meth);
-    }
-    ExpectNull(RSA_get_method(NULL));
-    ExpectPtrEq(RSA_get_method(rsa), rsa_meth);
-    ExpectIntEQ(RSA_flags(rsa), RSA_METHOD_FLAG_NO_CHECK);
-    RSA_set_flags(rsa, RSA_FLAG_CACHE_PUBLIC);
-    ExpectIntNE(RSA_test_flags(rsa, RSA_FLAG_CACHE_PUBLIC), 0);
-    ExpectIntEQ(RSA_flags(rsa), RSA_FLAG_CACHE_PUBLIC |
-                                RSA_METHOD_FLAG_NO_CHECK);
-    RSA_clear_flags(rsa, RSA_FLAG_CACHE_PUBLIC);
-    ExpectIntEQ(RSA_test_flags(rsa, RSA_FLAG_CACHE_PUBLIC), 0);
-    ExpectIntNE(RSA_flags(rsa), RSA_FLAG_CACHE_PUBLIC);
-
-    /* rsa_meth is freed here */
-    RSA_free(rsa);
-#endif
-    return EXPECT_RESULT();
-}
-
-static int test_wolfSSL_RSA_verify(void)
-{
-    EXPECT_DECLS;
-#if defined(OPENSSL_EXTRA) && !defined(NO_RSA) && !defined(NO_FILESYSTEM)
-#ifndef NO_BIO
-    XFILE fp = XBADFILE;
-    RSA *pKey = NULL;
-    RSA *pubKey = NULL;
-    X509 *cert = NULL;
-    const char *text = "Hello wolfSSL !";
-    unsigned char hash[SHA256_DIGEST_LENGTH];
-    unsigned char signature[2048/8];
-    unsigned int signatureLength;
-    byte *buf = NULL;
-    BIO *bio = NULL;
-    SHA256_CTX c;
-    EVP_PKEY *evpPkey = NULL;
-    EVP_PKEY *evpPubkey = NULL;
-    long lsz = 0;
-    size_t sz;
-
-    /* generate hash */
-    SHA256_Init(&c);
-    SHA256_Update(&c, text, strlen(text));
-    SHA256_Final(hash, &c);
-#ifdef WOLFSSL_SMALL_STACK_CACHE
-    /* workaround for small stack cache case */
-    wc_Sha256Free((wc_Sha256*)&c);
-#endif
-
-    /* read private key file */
-    ExpectTrue((fp = XFOPEN(svrKeyFile, "rb")) != XBADFILE);
-    ExpectIntEQ(XFSEEK(fp, 0, XSEEK_END), 0);
-    ExpectTrue((lsz = XFTELL(fp)) > 0);
-    sz = (size_t)lsz;
-    ExpectIntEQ(XFSEEK(fp, 0, XSEEK_SET), 0);
-    ExpectNotNull(buf = (byte*)XMALLOC(sz, NULL, DYNAMIC_TYPE_FILE));
-    ExpectIntEQ(XFREAD(buf, 1, sz, fp), sz);
-    if (fp != XBADFILE) {
-        XFCLOSE(fp);
-        fp = XBADFILE;
-    }
-
-    /* read private key and sign hash data */
-    ExpectNotNull(bio = BIO_new_mem_buf(buf, (int)sz));
-    ExpectNotNull(evpPkey = PEM_read_bio_PrivateKey(bio, NULL, NULL, NULL));
-    ExpectNotNull(pKey = EVP_PKEY_get1_RSA(evpPkey));
-    ExpectIntEQ(RSA_sign(NID_sha256, hash, SHA256_DIGEST_LENGTH,
-        signature, &signatureLength, pKey), SSL_SUCCESS);
-
-    /* read public key and verify signed data */
-    ExpectTrue((fp = XFOPEN(svrCertFile,"rb")) != XBADFILE);
-    ExpectNotNull(cert = PEM_read_X509(fp, 0, 0, 0 ));
-    if (fp != XBADFILE)
-        XFCLOSE(fp);
-    ExpectNull(X509_get_pubkey(NULL));
-    ExpectNotNull(evpPubkey = X509_get_pubkey(cert));
-    ExpectNotNull(pubKey = EVP_PKEY_get1_RSA(evpPubkey));
-    ExpectIntEQ(RSA_verify(NID_sha256, hash, SHA256_DIGEST_LENGTH, signature,
-        signatureLength, pubKey), SSL_SUCCESS);
-
-    ExpectIntEQ(RSA_verify(NID_sha256, NULL, SHA256_DIGEST_LENGTH, NULL,
-        signatureLength, NULL), WC_NO_ERR_TRACE(WOLFSSL_FAILURE));
-    ExpectIntEQ(RSA_verify(NID_sha256, NULL, SHA256_DIGEST_LENGTH, signature,
-        signatureLength, pubKey), WC_NO_ERR_TRACE(WOLFSSL_FAILURE));
-    ExpectIntEQ(RSA_verify(NID_sha256, hash, SHA256_DIGEST_LENGTH, NULL,
-        signatureLength, pubKey), WC_NO_ERR_TRACE(WOLFSSL_FAILURE));
-    ExpectIntEQ(RSA_verify(NID_sha256, hash, SHA256_DIGEST_LENGTH, signature,
-        signatureLength, NULL), WC_NO_ERR_TRACE(WOLFSSL_FAILURE));
-
-
-    RSA_free(pKey);
-    EVP_PKEY_free(evpPkey);
-    RSA_free(pubKey);
-    EVP_PKEY_free(evpPubkey);
-    X509_free(cert);
-    BIO_free(bio);
-    XFREE(buf, NULL, DYNAMIC_TYPE_FILE);
-#endif
-#endif
-    return EXPECT_RESULT();
-}
-
-static int test_wolfSSL_RSA_sign(void)
-{
-    EXPECT_DECLS;
-#if defined(OPENSSL_EXTRA) && !defined(NO_RSA)
-    RSA *rsa;
-    unsigned char hash[SHA256_DIGEST_LENGTH];
-#ifdef USE_CERT_BUFFERS_1024
-    const unsigned char* privDer = client_key_der_1024;
-    size_t privDerSz = sizeof_client_key_der_1024;
-    const unsigned char* pubDer = client_keypub_der_1024;
-    size_t pubDerSz = sizeof_client_keypub_der_1024;
-    unsigned char signature[1024/8];
-#else
-    const unsigned char* privDer = client_key_der_2048;
-    size_t privDerSz = sizeof_client_key_der_2048;
-    const unsigned char* pubDer = client_keypub_der_2048;
-    size_t pubDerSz = sizeof_client_keypub_der_2048;
-    unsigned char signature[2048/8];
-#endif
-    unsigned int signatureLen;
-    const unsigned char* der;
-
-    XMEMSET(hash, 0, sizeof(hash));
-
-    der = privDer;
-    rsa = NULL;
-    ExpectNotNull(d2i_RSAPrivateKey(&rsa, &der, privDerSz));
-
-    /* Invalid parameters. */
-    ExpectIntEQ(RSA_sign(NID_rsaEncryption, NULL, 0, NULL, NULL, NULL), 0);
-    ExpectIntEQ(RSA_sign(NID_rsaEncryption, hash, sizeof(hash), signature,
-        &signatureLen, rsa), 0);
-    ExpectIntEQ(RSA_sign(NID_sha256, NULL, sizeof(hash), signature,
-        &signatureLen, rsa), 0);
-    ExpectIntEQ(RSA_sign(NID_sha256, hash, sizeof(hash), NULL,
-        &signatureLen, rsa), 0);
-    ExpectIntEQ(RSA_sign(NID_sha256, hash, sizeof(hash), signature,
-        NULL, rsa), 0);
-    ExpectIntEQ(RSA_sign(NID_sha256, hash, sizeof(hash), signature,
-        &signatureLen, NULL), 0);
-
-    ExpectIntEQ(RSA_sign(NID_sha256, hash, sizeof(hash), signature,
-        &signatureLen, rsa), 1);
-
-    RSA_free(rsa);
-    der = pubDer;
-    rsa = NULL;
-    ExpectNotNull(d2i_RSAPublicKey(&rsa, &der, pubDerSz));
-
-    ExpectIntEQ(RSA_verify(NID_sha256, hash, sizeof(hash), signature,
-        signatureLen, rsa), 1);
-
-    RSA_free(rsa);
-#endif
-    return EXPECT_RESULT();
-}
-
-static int test_wolfSSL_RSA_sign_ex(void)
-{
-    EXPECT_DECLS;
-#if defined(OPENSSL_EXTRA) && !defined(NO_RSA)
-    RSA *rsa = NULL;
-    unsigned char hash[SHA256_DIGEST_LENGTH];
-#ifdef USE_CERT_BUFFERS_1024
-    const unsigned char* privDer = client_key_der_1024;
-    size_t privDerSz = sizeof_client_key_der_1024;
-    const unsigned char* pubDer = client_keypub_der_1024;
-    size_t pubDerSz = sizeof_client_keypub_der_1024;
-    unsigned char signature[1024/8];
-#else
-    const unsigned char* privDer = client_key_der_2048;
-    size_t privDerSz = sizeof_client_key_der_2048;
-    const unsigned char* pubDer = client_keypub_der_2048;
-    size_t pubDerSz = sizeof_client_keypub_der_2048;
-    unsigned char signature[2048/8];
-#endif
-    unsigned int signatureLen;
-    const unsigned char* der;
-    unsigned char encodedHash[51];
-    unsigned int encodedHashLen;
-    const unsigned char expEncHash[] = {
-        0x30, 0x31, 0x30, 0x0d, 0x06, 0x09, 0x60, 0x86,
-        0x48, 0x01, 0x65, 0x03, 0x04, 0x02, 0x01, 0x05,
-        0x00, 0x04, 0x20,
-        /* Hash data */
-        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
-        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
-        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
-        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
-    };
-
-    XMEMSET(hash, 0, sizeof(hash));
-
-    ExpectNotNull(rsa = wolfSSL_RSA_new());
-    ExpectIntEQ(wolfSSL_RSA_sign_ex(NID_sha256, hash, sizeof(hash), signature,
-        &signatureLen, rsa, 1), 0);
-    wolfSSL_RSA_free(rsa);
-
-    der = privDer;
-    rsa = NULL;
-    ExpectNotNull(d2i_RSAPrivateKey(&rsa, &der, privDerSz));
-
-    ExpectIntEQ(wolfSSL_RSA_sign_ex(NID_rsaEncryption,NULL, 0, NULL, NULL, NULL,
-        -1), 0);
-    ExpectIntEQ(wolfSSL_RSA_sign_ex(NID_rsaEncryption, hash, sizeof(hash),
-        signature, &signatureLen, rsa, 1), 0);
-    ExpectIntEQ(wolfSSL_RSA_sign_ex(NID_sha256, NULL, sizeof(hash), signature,
-        &signatureLen, rsa, 1), 0);
-    ExpectIntEQ(wolfSSL_RSA_sign_ex(NID_sha256, hash, sizeof(hash), NULL,
-        &signatureLen, rsa, 1), 0);
-    ExpectIntEQ(wolfSSL_RSA_sign_ex(NID_sha256, hash, sizeof(hash), signature,
-        NULL, rsa, 1), 0);
-    ExpectIntEQ(wolfSSL_RSA_sign_ex(NID_sha256, hash, sizeof(hash), signature,
-        &signatureLen, NULL, 1), 0);
-    ExpectIntEQ(wolfSSL_RSA_sign_ex(NID_sha256, hash, sizeof(hash), signature,
-        &signatureLen, rsa, -1), 0);
-    ExpectIntEQ(wolfSSL_RSA_sign_ex(NID_sha256, NULL, sizeof(hash), signature,
-        &signatureLen, rsa, 0), 0);
-    ExpectIntEQ(wolfSSL_RSA_sign_ex(NID_sha256, hash, sizeof(hash), NULL,
-        &signatureLen, rsa, 0), 0);
-    ExpectIntEQ(wolfSSL_RSA_sign_ex(NID_sha256, hash, sizeof(hash), signature,
-        NULL, rsa, 0), 0);
-
-    ExpectIntEQ(wolfSSL_RSA_sign_ex(NID_sha256, hash, sizeof(hash), signature,
-        &signatureLen, rsa, 1), 1);
-    /* Test returning encoded hash. */
-    ExpectIntEQ(wolfSSL_RSA_sign_ex(NID_sha256, hash, sizeof(hash), encodedHash,
-        &encodedHashLen, rsa, 0), 1);
-    ExpectIntEQ(encodedHashLen, sizeof(expEncHash));
-    ExpectIntEQ(XMEMCMP(encodedHash, expEncHash, sizeof(expEncHash)), 0);
-
-    RSA_free(rsa);
-    der = pubDer;
-    rsa = NULL;
-    ExpectNotNull(d2i_RSAPublicKey(&rsa, &der, pubDerSz));
-
-    ExpectIntEQ(RSA_verify(NID_sha256, hash, sizeof(hash), signature,
-        signatureLen, rsa), 1);
-
-    RSA_free(rsa);
-#endif
-    return EXPECT_RESULT();
-}
-
-
-static int test_wolfSSL_RSA_public_decrypt(void)
-{
-    EXPECT_DECLS;
-#if defined(OPENSSL_EXTRA) && !defined(NO_RSA)
-    RSA *rsa;
-    unsigned char msg[SHA256_DIGEST_LENGTH];
-#ifdef USE_CERT_BUFFERS_1024
-    const unsigned char* pubDer = client_keypub_der_1024;
-    size_t pubDerSz = sizeof_client_keypub_der_1024;
-    unsigned char decMsg[1024/8];
-    const unsigned char encMsg[] = {
-        0x45, 0x8e, 0x6e, 0x7a, 0x9c, 0xe1, 0x67, 0x36,
-        0x72, 0xfc, 0x9d, 0x05, 0xdf, 0xc2, 0xaf, 0x54,
-        0xc5, 0x2f, 0x94, 0xb8, 0xc7, 0x82, 0x40, 0xfa,
-        0xa7, 0x8c, 0xb1, 0x89, 0x40, 0xc3, 0x59, 0x5a,
-        0x77, 0x08, 0x54, 0x93, 0x43, 0x7f, 0xc4, 0xb7,
-        0xc4, 0x78, 0xf1, 0xf8, 0xab, 0xbf, 0xc2, 0x81,
-        0x5d, 0x97, 0xea, 0x7a, 0x60, 0x90, 0x51, 0xb7,
-        0x47, 0x78, 0x48, 0x1e, 0x88, 0x6b, 0x89, 0xde,
-        0xce, 0x41, 0x41, 0xae, 0x49, 0xf6, 0xfd, 0x2d,
-        0x2d, 0x9c, 0x70, 0x7d, 0xf9, 0xcf, 0x77, 0x5f,
-        0x06, 0xc7, 0x20, 0xe3, 0x57, 0xd4, 0xd8, 0x1a,
-        0x96, 0xa2, 0x39, 0xb0, 0x6e, 0x8e, 0x68, 0xf8,
-        0x57, 0x7b, 0x26, 0x88, 0x17, 0xc4, 0xb7, 0xf1,
-        0x59, 0xfa, 0xb6, 0x95, 0xdd, 0x1e, 0xe8, 0xd8,
-        0x4e, 0xbd, 0xcd, 0x41, 0xad, 0xc7, 0xe2, 0x39,
-        0xb8, 0x00, 0xca, 0xf5, 0x59, 0xdf, 0xf8, 0x43
-    };
-#if !defined(HAVE_SELFTEST) && (!defined(HAVE_FIPS) || \
-    (defined(HAVE_FIPS_VERSION) && HAVE_FIPS_VERSION > 2)) && \
-    defined(WC_RSA_NO_PADDING)
-    const unsigned char encMsgNoPad[] = {
-        0x0d, 0x41, 0x5a, 0xc7, 0x60, 0xd7, 0xbe, 0xb6,
-        0x42, 0xd1, 0x65, 0xb1, 0x7e, 0x59, 0x54, 0xcc,
-        0x76, 0x62, 0xd0, 0x2f, 0x4d, 0xe3, 0x23, 0x62,
-        0xc8, 0x14, 0xfe, 0x5e, 0xa1, 0xc7, 0x05, 0xee,
-        0x9e, 0x28, 0x2e, 0xf5, 0xfd, 0xa4, 0xc0, 0x43,
-        0x55, 0xa2, 0x6b, 0x6b, 0x16, 0xa7, 0x63, 0x06,
-        0xa7, 0x78, 0x4f, 0xda, 0xae, 0x10, 0x6d, 0xd1,
-        0x2e, 0x1d, 0xbb, 0xbc, 0xc4, 0x1d, 0x82, 0xe4,
-        0xc6, 0x76, 0x77, 0xa6, 0x0a, 0xef, 0xd2, 0x89,
-        0xff, 0x30, 0x85, 0x22, 0xa0, 0x68, 0x88, 0x54,
-        0xa3, 0xd1, 0x92, 0xd1, 0x3f, 0x57, 0xe4, 0xc7,
-        0x43, 0x5a, 0x8b, 0xb3, 0x86, 0xaf, 0xd5, 0x6d,
-        0x07, 0xe1, 0xa0, 0x5f, 0xe1, 0x9a, 0x06, 0xba,
-        0x56, 0xd2, 0xb0, 0x73, 0xf5, 0xb3, 0xd0, 0x5f,
-        0xc0, 0xbf, 0x22, 0x4c, 0x54, 0x4e, 0x11, 0xe2,
-        0xc5, 0xf8, 0x66, 0x39, 0x9d, 0x70, 0x90, 0x31
-    };
-#endif
-#else
-    const unsigned char* pubDer = client_keypub_der_2048;
-    size_t pubDerSz = sizeof_client_keypub_der_2048;
-    unsigned char decMsg[2048/8];
-    const unsigned char encMsg[] = {
-        0x16, 0x5d, 0xbb, 0x00, 0x38, 0x73, 0x01, 0x34,
-        0xca, 0x59, 0xc6, 0x8b, 0x64, 0x70, 0x89, 0xf5,
-        0x50, 0x2d, 0x1d, 0x69, 0x1f, 0x07, 0x1e, 0x31,
-        0xae, 0x9b, 0xa6, 0x6e, 0xee, 0x80, 0xd9, 0x9e,
-        0x59, 0x33, 0x70, 0x30, 0x28, 0x42, 0x7d, 0x24,
-        0x36, 0x95, 0x6b, 0xf9, 0x0a, 0x23, 0xcb, 0xce,
-        0x66, 0xa5, 0x07, 0x5e, 0x11, 0xa7, 0xdc, 0xfb,
-        0xd9, 0xc2, 0x51, 0xf0, 0x05, 0xc9, 0x39, 0xb3,
-        0xae, 0xff, 0xfb, 0xe9, 0xb1, 0x9a, 0x54, 0xac,
-        0x1d, 0xca, 0x42, 0x1a, 0xfd, 0x7c, 0x97, 0xa0,
-        0x60, 0x2b, 0xcd, 0xb6, 0x36, 0x33, 0xfc, 0x44,
-        0x69, 0xf7, 0x2e, 0x8c, 0x3b, 0x5f, 0xb4, 0x9f,
-        0xa7, 0x02, 0x8f, 0x6d, 0x6b, 0x79, 0x10, 0x32,
-        0x7d, 0xf4, 0x5d, 0xa1, 0x63, 0x22, 0x59, 0xc4,
-        0x44, 0x8e, 0x44, 0x24, 0x8b, 0x14, 0x9d, 0x2b,
-        0xb5, 0xd3, 0xad, 0x9a, 0x87, 0x0d, 0xe7, 0x70,
-        0x6d, 0xe9, 0xae, 0xaa, 0x52, 0xbf, 0x1a, 0x9b,
-        0xc8, 0x3d, 0x45, 0x7c, 0xd1, 0x90, 0xe3, 0xd9,
-        0x57, 0xcf, 0xc3, 0x29, 0x69, 0x05, 0x07, 0x96,
-        0x2e, 0x46, 0x74, 0x0a, 0xa7, 0x76, 0x8b, 0xc0,
-        0x1c, 0x04, 0x80, 0x08, 0xa0, 0x94, 0x7e, 0xbb,
-        0x2d, 0x99, 0xe9, 0xab, 0x18, 0x4d, 0x48, 0x2d,
-        0x94, 0x5e, 0x50, 0x21, 0x42, 0xdf, 0xf5, 0x61,
-        0x42, 0x7d, 0x86, 0x5d, 0x9e, 0x89, 0xc9, 0x5b,
-        0x24, 0xab, 0xa1, 0xd8, 0x20, 0x45, 0xcb, 0x81,
-        0xcf, 0xc5, 0x25, 0x7d, 0x11, 0x6e, 0xbd, 0x80,
-        0xac, 0xba, 0xdc, 0xef, 0xb9, 0x05, 0x9c, 0xd5,
-        0xc2, 0x26, 0x57, 0x69, 0x8b, 0x08, 0x27, 0xc7,
-        0xea, 0xbe, 0xaf, 0x52, 0x21, 0x95, 0x9f, 0xa0,
-        0x2f, 0x2f, 0x53, 0x7c, 0x2f, 0xa3, 0x0b, 0x79,
-        0x39, 0x01, 0xa3, 0x37, 0x46, 0xa8, 0xc4, 0x34,
-        0x41, 0x20, 0x7c, 0x3f, 0x70, 0x9a, 0x47, 0xe8
-    };
-#if !defined(HAVE_SELFTEST) && (!defined(HAVE_FIPS) || \
-    (defined(HAVE_FIPS_VERSION) && HAVE_FIPS_VERSION > 2)) && \
-    defined(WC_RSA_NO_PADDING)
-    const unsigned char encMsgNoPad[] = {
-        0x79, 0x69, 0xdc, 0x0d, 0xff, 0x09, 0xeb, 0x91,
-        0xbc, 0xda, 0xe4, 0xd3, 0xcd, 0xd5, 0xd3, 0x1c,
-        0xb9, 0x66, 0xa8, 0x02, 0xf3, 0x75, 0x40, 0xf1,
-        0x38, 0x4a, 0x37, 0x7b, 0x19, 0xc8, 0xcd, 0xea,
-        0x79, 0xa8, 0x51, 0x32, 0x00, 0x3f, 0x4c, 0xde,
-        0xaa, 0xe5, 0xe2, 0x7c, 0x10, 0xcd, 0x6e, 0x00,
-        0xc6, 0xc4, 0x63, 0x98, 0x58, 0x9b, 0x38, 0xca,
-        0xf0, 0x5d, 0xc8, 0xf0, 0x57, 0xf6, 0x21, 0x50,
-        0x3f, 0x63, 0x05, 0x9f, 0xbf, 0xb6, 0x3b, 0x50,
-        0x85, 0x06, 0x34, 0x08, 0x57, 0xb9, 0x44, 0xce,
-        0xe4, 0x66, 0xbf, 0x0c, 0xfe, 0x36, 0xa4, 0x5b,
-        0xed, 0x2d, 0x7d, 0xed, 0xf1, 0xbd, 0xda, 0x3e,
-        0x19, 0x1f, 0x99, 0xc8, 0xe4, 0xc2, 0xbb, 0xb5,
-        0x6c, 0x83, 0x22, 0xd1, 0xe7, 0x57, 0xcf, 0x1b,
-        0x91, 0x0c, 0xa5, 0x47, 0x06, 0x71, 0x8f, 0x93,
-        0xf3, 0xad, 0xdb, 0xe3, 0xf8, 0xa0, 0x0b, 0xcd,
-        0x89, 0x4e, 0xa5, 0xb5, 0x03, 0x68, 0x61, 0x89,
-        0x0b, 0xe2, 0x03, 0x8b, 0x1f, 0x54, 0xae, 0x0f,
-        0xfa, 0xf0, 0xb7, 0x0f, 0x8c, 0x84, 0x35, 0x13,
-        0x8d, 0x65, 0x1f, 0x2c, 0xd5, 0xce, 0xc4, 0x6c,
-        0x98, 0x67, 0xe4, 0x1a, 0x85, 0x67, 0x69, 0x17,
-        0x17, 0x5a, 0x5d, 0xfd, 0x23, 0xdd, 0x03, 0x3f,
-        0x6d, 0x7a, 0xb6, 0x8b, 0x99, 0xc0, 0xb6, 0x70,
-        0x86, 0xac, 0xf6, 0x02, 0xc2, 0x28, 0x42, 0xed,
-        0x06, 0xcf, 0xca, 0x3d, 0x07, 0x16, 0xf0, 0x0e,
-        0x04, 0x55, 0x1e, 0x59, 0x3f, 0x32, 0xc7, 0x12,
-        0xc5, 0x0d, 0x9d, 0x64, 0x7d, 0x2e, 0xd4, 0xbc,
-        0x8c, 0x24, 0x42, 0x94, 0x2b, 0xf6, 0x11, 0x7f,
-        0xb1, 0x1c, 0x09, 0x12, 0x6f, 0x5e, 0x2e, 0x7a,
-        0xc6, 0x01, 0xe0, 0x98, 0x31, 0xb7, 0x13, 0x03,
-        0xce, 0x29, 0xe1, 0xef, 0x9d, 0xdf, 0x9b, 0xa5,
-        0xba, 0x0b, 0xad, 0xf2, 0xeb, 0x2f, 0xf9, 0xd1
-    };
-#endif
-#endif
-    const unsigned char* der;
-#if !defined(HAVE_SELFTEST) && (!defined(HAVE_FIPS) || \
-    (defined(HAVE_FIPS_VERSION) && HAVE_FIPS_VERSION > 2)) && \
-    defined(WC_RSA_NO_PADDING)
-    int i;
-#endif
-
-    XMEMSET(msg, 0, sizeof(msg));
-
-    der = pubDer;
-    rsa = NULL;
-    ExpectNotNull(d2i_RSAPublicKey(&rsa, &der, pubDerSz));
-
-    ExpectIntEQ(RSA_public_decrypt(0, NULL, NULL, NULL, 0), -1);
-    ExpectIntEQ(RSA_public_decrypt(-1, encMsg, decMsg, rsa,
-        RSA_PKCS1_PADDING), -1);
-    ExpectIntEQ(RSA_public_decrypt(sizeof(encMsg), NULL, decMsg, rsa,
-        RSA_PKCS1_PADDING), -1);
-    ExpectIntEQ(RSA_public_decrypt(sizeof(encMsg), encMsg, NULL, rsa,
-        RSA_PKCS1_PADDING), -1);
-    ExpectIntEQ(RSA_public_decrypt(sizeof(encMsg), encMsg, decMsg, NULL,
-        RSA_PKCS1_PADDING), -1);
-    ExpectIntEQ(RSA_public_decrypt(sizeof(encMsg), encMsg, decMsg, rsa,
-        RSA_PKCS1_PSS_PADDING), -1);
-
-    ExpectIntEQ(RSA_public_decrypt(sizeof(encMsg), encMsg, decMsg, rsa,
-        RSA_PKCS1_PADDING), 32);
-    ExpectIntEQ(XMEMCMP(decMsg, msg, sizeof(msg)), 0);
-
-#if !defined(HAVE_SELFTEST) && (!defined(HAVE_FIPS) || \
-    (defined(HAVE_FIPS_VERSION) && HAVE_FIPS_VERSION > 2)) && \
-    defined(WC_RSA_NO_PADDING)
-    ExpectIntEQ(RSA_public_decrypt(sizeof(encMsgNoPad), encMsgNoPad, decMsg,
-        rsa, RSA_NO_PADDING), sizeof(decMsg));
-    /* Zeros before actual data. */
-    for (i = 0; i < (int)(sizeof(decMsg) - sizeof(msg)); i += sizeof(msg)) {
-        ExpectIntEQ(XMEMCMP(decMsg + i, msg, sizeof(msg)), 0);
-    }
-    /* Check actual data. */
-    XMEMSET(msg, 0x01, sizeof(msg));
-    ExpectIntEQ(XMEMCMP(decMsg + i, msg, sizeof(msg)), 0);
-#endif
-
-    RSA_free(rsa);
-#endif
-    return EXPECT_RESULT();
-}
-
-static int test_wolfSSL_RSA_private_encrypt(void)
-{
-    EXPECT_DECLS;
-#if defined(OPENSSL_EXTRA) && !defined(NO_RSA)
-    RSA *rsa;
-    unsigned char msg[SHA256_DIGEST_LENGTH];
-#ifdef USE_CERT_BUFFERS_1024
-    const unsigned char* privDer = client_key_der_1024;
-    size_t privDerSz = sizeof_client_key_der_1024;
-    unsigned char encMsg[1024/8];
-    const unsigned char expEncMsg[] = {
-        0x45, 0x8e, 0x6e, 0x7a, 0x9c, 0xe1, 0x67, 0x36,
-        0x72, 0xfc, 0x9d, 0x05, 0xdf, 0xc2, 0xaf, 0x54,
-        0xc5, 0x2f, 0x94, 0xb8, 0xc7, 0x82, 0x40, 0xfa,
-        0xa7, 0x8c, 0xb1, 0x89, 0x40, 0xc3, 0x59, 0x5a,
-        0x77, 0x08, 0x54, 0x93, 0x43, 0x7f, 0xc4, 0xb7,
-        0xc4, 0x78, 0xf1, 0xf8, 0xab, 0xbf, 0xc2, 0x81,
-        0x5d, 0x97, 0xea, 0x7a, 0x60, 0x90, 0x51, 0xb7,
-        0x47, 0x78, 0x48, 0x1e, 0x88, 0x6b, 0x89, 0xde,
-        0xce, 0x41, 0x41, 0xae, 0x49, 0xf6, 0xfd, 0x2d,
-        0x2d, 0x9c, 0x70, 0x7d, 0xf9, 0xcf, 0x77, 0x5f,
-        0x06, 0xc7, 0x20, 0xe3, 0x57, 0xd4, 0xd8, 0x1a,
-        0x96, 0xa2, 0x39, 0xb0, 0x6e, 0x8e, 0x68, 0xf8,
-        0x57, 0x7b, 0x26, 0x88, 0x17, 0xc4, 0xb7, 0xf1,
-        0x59, 0xfa, 0xb6, 0x95, 0xdd, 0x1e, 0xe8, 0xd8,
-        0x4e, 0xbd, 0xcd, 0x41, 0xad, 0xc7, 0xe2, 0x39,
-        0xb8, 0x00, 0xca, 0xf5, 0x59, 0xdf, 0xf8, 0x43
-    };
-#ifdef WC_RSA_NO_PADDING
-    const unsigned char expEncMsgNoPad[] = {
-        0x0d, 0x41, 0x5a, 0xc7, 0x60, 0xd7, 0xbe, 0xb6,
-        0x42, 0xd1, 0x65, 0xb1, 0x7e, 0x59, 0x54, 0xcc,
-        0x76, 0x62, 0xd0, 0x2f, 0x4d, 0xe3, 0x23, 0x62,
-        0xc8, 0x14, 0xfe, 0x5e, 0xa1, 0xc7, 0x05, 0xee,
-        0x9e, 0x28, 0x2e, 0xf5, 0xfd, 0xa4, 0xc0, 0x43,
-        0x55, 0xa2, 0x6b, 0x6b, 0x16, 0xa7, 0x63, 0x06,
-        0xa7, 0x78, 0x4f, 0xda, 0xae, 0x10, 0x6d, 0xd1,
-        0x2e, 0x1d, 0xbb, 0xbc, 0xc4, 0x1d, 0x82, 0xe4,
-        0xc6, 0x76, 0x77, 0xa6, 0x0a, 0xef, 0xd2, 0x89,
-        0xff, 0x30, 0x85, 0x22, 0xa0, 0x68, 0x88, 0x54,
-        0xa3, 0xd1, 0x92, 0xd1, 0x3f, 0x57, 0xe4, 0xc7,
-        0x43, 0x5a, 0x8b, 0xb3, 0x86, 0xaf, 0xd5, 0x6d,
-        0x07, 0xe1, 0xa0, 0x5f, 0xe1, 0x9a, 0x06, 0xba,
-        0x56, 0xd2, 0xb0, 0x73, 0xf5, 0xb3, 0xd0, 0x5f,
-        0xc0, 0xbf, 0x22, 0x4c, 0x54, 0x4e, 0x11, 0xe2,
-        0xc5, 0xf8, 0x66, 0x39, 0x9d, 0x70, 0x90, 0x31
-    };
-#endif
-#else
-    const unsigned char* privDer = client_key_der_2048;
-    size_t privDerSz = sizeof_client_key_der_2048;
-    unsigned char encMsg[2048/8];
-    const unsigned char expEncMsg[] = {
-        0x16, 0x5d, 0xbb, 0x00, 0x38, 0x73, 0x01, 0x34,
-        0xca, 0x59, 0xc6, 0x8b, 0x64, 0x70, 0x89, 0xf5,
-        0x50, 0x2d, 0x1d, 0x69, 0x1f, 0x07, 0x1e, 0x31,
-        0xae, 0x9b, 0xa6, 0x6e, 0xee, 0x80, 0xd9, 0x9e,
-        0x59, 0x33, 0x70, 0x30, 0x28, 0x42, 0x7d, 0x24,
-        0x36, 0x95, 0x6b, 0xf9, 0x0a, 0x23, 0xcb, 0xce,
-        0x66, 0xa5, 0x07, 0x5e, 0x11, 0xa7, 0xdc, 0xfb,
-        0xd9, 0xc2, 0x51, 0xf0, 0x05, 0xc9, 0x39, 0xb3,
-        0xae, 0xff, 0xfb, 0xe9, 0xb1, 0x9a, 0x54, 0xac,
-        0x1d, 0xca, 0x42, 0x1a, 0xfd, 0x7c, 0x97, 0xa0,
-        0x60, 0x2b, 0xcd, 0xb6, 0x36, 0x33, 0xfc, 0x44,
-        0x69, 0xf7, 0x2e, 0x8c, 0x3b, 0x5f, 0xb4, 0x9f,
-        0xa7, 0x02, 0x8f, 0x6d, 0x6b, 0x79, 0x10, 0x32,
-        0x7d, 0xf4, 0x5d, 0xa1, 0x63, 0x22, 0x59, 0xc4,
-        0x44, 0x8e, 0x44, 0x24, 0x8b, 0x14, 0x9d, 0x2b,
-        0xb5, 0xd3, 0xad, 0x9a, 0x87, 0x0d, 0xe7, 0x70,
-        0x6d, 0xe9, 0xae, 0xaa, 0x52, 0xbf, 0x1a, 0x9b,
-        0xc8, 0x3d, 0x45, 0x7c, 0xd1, 0x90, 0xe3, 0xd9,
-        0x57, 0xcf, 0xc3, 0x29, 0x69, 0x05, 0x07, 0x96,
-        0x2e, 0x46, 0x74, 0x0a, 0xa7, 0x76, 0x8b, 0xc0,
-        0x1c, 0x04, 0x80, 0x08, 0xa0, 0x94, 0x7e, 0xbb,
-        0x2d, 0x99, 0xe9, 0xab, 0x18, 0x4d, 0x48, 0x2d,
-        0x94, 0x5e, 0x50, 0x21, 0x42, 0xdf, 0xf5, 0x61,
-        0x42, 0x7d, 0x86, 0x5d, 0x9e, 0x89, 0xc9, 0x5b,
-        0x24, 0xab, 0xa1, 0xd8, 0x20, 0x45, 0xcb, 0x81,
-        0xcf, 0xc5, 0x25, 0x7d, 0x11, 0x6e, 0xbd, 0x80,
-        0xac, 0xba, 0xdc, 0xef, 0xb9, 0x05, 0x9c, 0xd5,
-        0xc2, 0x26, 0x57, 0x69, 0x8b, 0x08, 0x27, 0xc7,
-        0xea, 0xbe, 0xaf, 0x52, 0x21, 0x95, 0x9f, 0xa0,
-        0x2f, 0x2f, 0x53, 0x7c, 0x2f, 0xa3, 0x0b, 0x79,
-        0x39, 0x01, 0xa3, 0x37, 0x46, 0xa8, 0xc4, 0x34,
-        0x41, 0x20, 0x7c, 0x3f, 0x70, 0x9a, 0x47, 0xe8
-    };
-#ifdef WC_RSA_NO_PADDING
-    const unsigned char expEncMsgNoPad[] = {
-        0x79, 0x69, 0xdc, 0x0d, 0xff, 0x09, 0xeb, 0x91,
-        0xbc, 0xda, 0xe4, 0xd3, 0xcd, 0xd5, 0xd3, 0x1c,
-        0xb9, 0x66, 0xa8, 0x02, 0xf3, 0x75, 0x40, 0xf1,
-        0x38, 0x4a, 0x37, 0x7b, 0x19, 0xc8, 0xcd, 0xea,
-        0x79, 0xa8, 0x51, 0x32, 0x00, 0x3f, 0x4c, 0xde,
-        0xaa, 0xe5, 0xe2, 0x7c, 0x10, 0xcd, 0x6e, 0x00,
-        0xc6, 0xc4, 0x63, 0x98, 0x58, 0x9b, 0x38, 0xca,
-        0xf0, 0x5d, 0xc8, 0xf0, 0x57, 0xf6, 0x21, 0x50,
-        0x3f, 0x63, 0x05, 0x9f, 0xbf, 0xb6, 0x3b, 0x50,
-        0x85, 0x06, 0x34, 0x08, 0x57, 0xb9, 0x44, 0xce,
-        0xe4, 0x66, 0xbf, 0x0c, 0xfe, 0x36, 0xa4, 0x5b,
-        0xed, 0x2d, 0x7d, 0xed, 0xf1, 0xbd, 0xda, 0x3e,
-        0x19, 0x1f, 0x99, 0xc8, 0xe4, 0xc2, 0xbb, 0xb5,
-        0x6c, 0x83, 0x22, 0xd1, 0xe7, 0x57, 0xcf, 0x1b,
-        0x91, 0x0c, 0xa5, 0x47, 0x06, 0x71, 0x8f, 0x93,
-        0xf3, 0xad, 0xdb, 0xe3, 0xf8, 0xa0, 0x0b, 0xcd,
-        0x89, 0x4e, 0xa5, 0xb5, 0x03, 0x68, 0x61, 0x89,
-        0x0b, 0xe2, 0x03, 0x8b, 0x1f, 0x54, 0xae, 0x0f,
-        0xfa, 0xf0, 0xb7, 0x0f, 0x8c, 0x84, 0x35, 0x13,
-        0x8d, 0x65, 0x1f, 0x2c, 0xd5, 0xce, 0xc4, 0x6c,
-        0x98, 0x67, 0xe4, 0x1a, 0x85, 0x67, 0x69, 0x17,
-        0x17, 0x5a, 0x5d, 0xfd, 0x23, 0xdd, 0x03, 0x3f,
-        0x6d, 0x7a, 0xb6, 0x8b, 0x99, 0xc0, 0xb6, 0x70,
-        0x86, 0xac, 0xf6, 0x02, 0xc2, 0x28, 0x42, 0xed,
-        0x06, 0xcf, 0xca, 0x3d, 0x07, 0x16, 0xf0, 0x0e,
-        0x04, 0x55, 0x1e, 0x59, 0x3f, 0x32, 0xc7, 0x12,
-        0xc5, 0x0d, 0x9d, 0x64, 0x7d, 0x2e, 0xd4, 0xbc,
-        0x8c, 0x24, 0x42, 0x94, 0x2b, 0xf6, 0x11, 0x7f,
-        0xb1, 0x1c, 0x09, 0x12, 0x6f, 0x5e, 0x2e, 0x7a,
-        0xc6, 0x01, 0xe0, 0x98, 0x31, 0xb7, 0x13, 0x03,
-        0xce, 0x29, 0xe1, 0xef, 0x9d, 0xdf, 0x9b, 0xa5,
-        0xba, 0x0b, 0xad, 0xf2, 0xeb, 0x2f, 0xf9, 0xd1
-    };
-#endif
-#endif
-    const unsigned char* der;
-
-    XMEMSET(msg, 0x00, sizeof(msg));
-
-    der = privDer;
-    rsa = NULL;
-    ExpectNotNull(d2i_RSAPrivateKey(&rsa, &der, privDerSz));
-
-    ExpectIntEQ(RSA_private_encrypt(0, NULL, NULL, NULL, 0), -1);
-    ExpectIntEQ(RSA_private_encrypt(0, msg, encMsg, rsa, RSA_PKCS1_PADDING),
-        -1);
-    ExpectIntEQ(RSA_private_encrypt(sizeof(msg), NULL, encMsg, rsa,
-        RSA_PKCS1_PADDING), -1);
-    ExpectIntEQ(RSA_private_encrypt(sizeof(msg), msg, NULL, rsa,
-        RSA_PKCS1_PADDING), -1);
-    ExpectIntEQ(RSA_private_encrypt(sizeof(msg), msg, encMsg, NULL,
-         RSA_PKCS1_PADDING), -1);
-    ExpectIntEQ(RSA_private_encrypt(sizeof(msg), msg, encMsg, rsa,
-         RSA_PKCS1_PSS_PADDING), -1);
-
-    ExpectIntEQ(RSA_private_encrypt(sizeof(msg), msg, encMsg, rsa,
-         RSA_PKCS1_PADDING), sizeof(encMsg));
-    ExpectIntEQ(XMEMCMP(encMsg, expEncMsg, sizeof(expEncMsg)), 0);
-
-#ifdef WC_RSA_NO_PADDING
-    /* Non-zero message. */
-    XMEMSET(msg, 0x01, sizeof(msg));
-    ExpectIntEQ(RSA_private_encrypt(sizeof(msg), msg, encMsg, rsa,
-         RSA_NO_PADDING), sizeof(encMsg));
-    ExpectIntEQ(XMEMCMP(encMsg, expEncMsgNoPad, sizeof(expEncMsgNoPad)), 0);
-#endif
-
-    RSA_free(rsa);
-#endif
-    return EXPECT_RESULT();
-}
-
-static int test_wolfSSL_RSA_public_encrypt(void)
-{
-    EXPECT_DECLS;
-#if defined(OPENSSL_EXTRA) && !defined(NO_RSA)
-    RSA* rsa = NULL;
-    const unsigned char msg[2048/8] = { 0 };
-    unsigned char encMsg[2048/8];
-
-    ExpectNotNull(rsa = RSA_new());
-
-    ExpectIntEQ(RSA_public_encrypt(-1, msg, encMsg, rsa,
-        RSA_PKCS1_PADDING), -1);
-    ExpectIntEQ(RSA_public_encrypt(sizeof(msg), NULL, encMsg, rsa,
-        RSA_PKCS1_PADDING), -1);
-    ExpectIntEQ(RSA_public_encrypt(sizeof(msg), msg, NULL, rsa,
-        RSA_PKCS1_PADDING), -1);
-    ExpectIntEQ(RSA_public_encrypt(sizeof(msg), msg, encMsg, NULL,
-        RSA_PKCS1_PADDING), -1);
-    ExpectIntEQ(RSA_public_encrypt(sizeof(msg), msg, encMsg, rsa,
-        RSA_PKCS1_PSS_PADDING), -1);
-    /* Empty RSA key. */
-    ExpectIntEQ(RSA_public_encrypt(sizeof(msg), msg, encMsg, rsa,
-        RSA_PKCS1_PADDING), -1);
-
-    RSA_free(rsa);
-#endif
-    return EXPECT_RESULT();
-}
-
-static int test_wolfSSL_RSA_private_decrypt(void)
-{
-    EXPECT_DECLS;
-#if defined(OPENSSL_EXTRA) && !defined(NO_RSA)
-    RSA* rsa = NULL;
-    unsigned char msg[2048/8];
-    const unsigned char encMsg[2048/8] = { 0 };
-
-    ExpectNotNull(rsa = RSA_new());
-
-    ExpectIntEQ(RSA_private_decrypt(-1, encMsg, msg, rsa,
-        RSA_PKCS1_PADDING), -1);
-    ExpectIntEQ(RSA_private_decrypt(sizeof(encMsg), NULL, msg, rsa,
-        RSA_PKCS1_PADDING), -1);
-    ExpectIntEQ(RSA_private_decrypt(sizeof(encMsg), encMsg, NULL, rsa,
-        RSA_PKCS1_PADDING), -1);
-    ExpectIntEQ(RSA_private_decrypt(sizeof(encMsg), encMsg, msg, NULL,
-        RSA_PKCS1_PADDING), -1);
-    ExpectIntEQ(RSA_private_decrypt(sizeof(encMsg), encMsg, msg, rsa,
-        RSA_PKCS1_PSS_PADDING), -1);
-    /* Empty RSA key. */
-    ExpectIntEQ(RSA_private_decrypt(sizeof(encMsg), encMsg, msg, rsa,
-        RSA_PKCS1_PADDING), -1);
-
-    RSA_free(rsa);
-#endif
-    return EXPECT_RESULT();
-}
-
-static int test_wolfSSL_RSA_GenAdd(void)
-{
-    EXPECT_DECLS;
-#if defined(OPENSSL_EXTRA) && !defined(NO_RSA)
-    RSA *rsa;
-#ifdef USE_CERT_BUFFERS_1024
-    const unsigned char* privDer = client_key_der_1024;
-    size_t privDerSz = sizeof_client_key_der_1024;
-    const unsigned char* pubDer = client_keypub_der_1024;
-    size_t pubDerSz = sizeof_client_keypub_der_1024;
-#else
-    const unsigned char* privDer = client_key_der_2048;
-    size_t privDerSz = sizeof_client_key_der_2048;
-    const unsigned char* pubDer = client_keypub_der_2048;
-    size_t pubDerSz = sizeof_client_keypub_der_2048;
-#endif
-    const unsigned char* der;
-
-    der = privDer;
-    rsa = NULL;
-    ExpectNotNull(d2i_RSAPrivateKey(&rsa, &der, privDerSz));
-
-    ExpectIntEQ(wolfSSL_RSA_GenAdd(NULL), -1);
-#if defined(WOLFSSL_KEY_GEN) || defined(OPENSSL_EXTRA) || \
-    !defined(RSA_LOW_MEM)
-    ExpectIntEQ(wolfSSL_RSA_GenAdd(rsa), 1);
-#else
-    /* dmp1 and dmq1 are not set (allocated) in this config */
-    ExpectIntEQ(wolfSSL_RSA_GenAdd(rsa), -1);
-#endif
-
-    RSA_free(rsa);
-    der = pubDer;
-    rsa = NULL;
-    ExpectNotNull(d2i_RSAPublicKey(&rsa, &der, pubDerSz));
-    /* Need private values. */
-    ExpectIntEQ(wolfSSL_RSA_GenAdd(rsa), -1);
-
-    RSA_free(rsa);
-#endif
-    return EXPECT_RESULT();
-}
-
-static int test_wolfSSL_RSA_blinding_on(void)
-{
-    EXPECT_DECLS;
-#if defined(OPENSSL_EXTRA) && !defined(NO_RSA) && !defined(NO_WOLFSSL_STUB)
-    RSA *rsa;
-    WOLFSSL_BN_CTX *bnCtx = NULL;
-#ifdef USE_CERT_BUFFERS_1024
-    const unsigned char* privDer = client_key_der_1024;
-    size_t privDerSz = sizeof_client_key_der_1024;
-#else
-    const unsigned char* privDer = client_key_der_2048;
-    size_t privDerSz = sizeof_client_key_der_2048;
-#endif
-    const unsigned char* der;
-
-    der = privDer;
-    rsa = NULL;
-    ExpectNotNull(d2i_RSAPrivateKey(&rsa, &der, privDerSz));
-    ExpectNotNull(bnCtx = wolfSSL_BN_CTX_new());
-
-    /* Does nothing so all parameters are valid. */
-    ExpectIntEQ(wolfSSL_RSA_blinding_on(NULL, NULL), 1);
-    ExpectIntEQ(wolfSSL_RSA_blinding_on(rsa, NULL), 1);
-    ExpectIntEQ(wolfSSL_RSA_blinding_on(NULL, bnCtx), 1);
-    ExpectIntEQ(wolfSSL_RSA_blinding_on(rsa, bnCtx), 1);
-
-    wolfSSL_BN_CTX_free(bnCtx);
-    RSA_free(rsa);
-#endif
-    return EXPECT_RESULT();
-}
-
-static int test_wolfSSL_RSA_ex_data(void)
-{
-    EXPECT_DECLS;
-#if !defined(NO_RSA) && defined(OPENSSL_EXTRA)
-    RSA* rsa = NULL;
-    unsigned char data[1];
-
-    ExpectNotNull(rsa = RSA_new());
-
-    ExpectNull(wolfSSL_RSA_get_ex_data(NULL, 0));
-    ExpectNull(wolfSSL_RSA_get_ex_data(rsa, 0));
-#ifdef MAX_EX_DATA
-    ExpectNull(wolfSSL_RSA_get_ex_data(rsa, MAX_EX_DATA));
-    ExpectIntEQ(wolfSSL_RSA_set_ex_data(rsa, MAX_EX_DATA, data), 0);
-#endif
-    ExpectIntEQ(wolfSSL_RSA_set_ex_data(NULL, 0, NULL), 0);
-    ExpectIntEQ(wolfSSL_RSA_set_ex_data(NULL, 0, data), 0);
-
-#ifdef HAVE_EX_DATA
-    ExpectIntEQ(wolfSSL_RSA_set_ex_data(rsa, 0, NULL), 1);
-    ExpectIntEQ(wolfSSL_RSA_set_ex_data(rsa, 0, data), 1);
-    ExpectPtrEq(wolfSSL_RSA_get_ex_data(rsa, 0), data);
-#else
-    ExpectIntEQ(wolfSSL_RSA_set_ex_data(rsa, 0, NULL), 0);
-    ExpectIntEQ(wolfSSL_RSA_set_ex_data(rsa, 0, data), 0);
-    ExpectNull(wolfSSL_RSA_get_ex_data(rsa, 0));
-#endif
-
-    RSA_free(rsa);
-#endif /* !NO_RSA && OPENSSL_EXTRA */
-    return EXPECT_RESULT();
-}
-
-static int test_wolfSSL_RSA_LoadDer(void)
-{
-    EXPECT_DECLS;
-#if !defined(NO_RSA) && (defined(OPENSSL_EXTRA) || \
-    defined(OPENSSL_EXTRA_X509_SMALL))
-    RSA *rsa = NULL;
-#ifdef USE_CERT_BUFFERS_1024
-    const unsigned char* privDer = client_key_der_1024;
-    size_t privDerSz = sizeof_client_key_der_1024;
-#else
-    const unsigned char* privDer = client_key_der_2048;
-    size_t privDerSz = sizeof_client_key_der_2048;
-#endif
-
-    ExpectNotNull(rsa = RSA_new());
-
-    ExpectIntEQ(wolfSSL_RSA_LoadDer(NULL, privDer, (int)privDerSz), -1);
-    ExpectIntEQ(wolfSSL_RSA_LoadDer(rsa, NULL, (int)privDerSz), -1);
-    ExpectIntEQ(wolfSSL_RSA_LoadDer(rsa, privDer, 0), -1);
-
-    ExpectIntEQ(wolfSSL_RSA_LoadDer(rsa, privDer, (int)privDerSz), 1);
-
-    RSA_free(rsa);
-#endif /* !NO_RSA && OPENSSL_EXTRA */
-    return EXPECT_RESULT();
-}
-
-/* Local API. */
-static int test_wolfSSL_RSA_To_Der(void)
-{
-    EXPECT_DECLS;
-#ifdef WOLFSSL_TEST_STATIC_BUILD
-#if defined(WOLFSSL_KEY_GEN) && defined(OPENSSL_EXTRA) && !defined(NO_RSA)
-    RSA* rsa;
-#ifdef USE_CERT_BUFFERS_1024
-    const unsigned char* privDer = client_key_der_1024;
-    size_t privDerSz = sizeof_client_key_der_1024;
-    const unsigned char* pubDer = client_keypub_der_1024;
-    size_t pubDerSz = sizeof_client_keypub_der_1024;
-    unsigned char out[sizeof(client_key_der_1024)];
-#else
-    const unsigned char* privDer = client_key_der_2048;
-    size_t privDerSz = sizeof_client_key_der_2048;
-    const unsigned char* pubDer = client_keypub_der_2048;
-    size_t pubDerSz = sizeof_client_keypub_der_2048;
-    unsigned char out[sizeof(client_key_der_2048)];
-#endif
-    const unsigned char* der;
-    unsigned char* outDer = NULL;
-
-    der = privDer;
-    rsa = NULL;
-    ExpectNotNull(wolfSSL_d2i_RSAPrivateKey(&rsa, &der, privDerSz));
-
-    ExpectIntEQ(wolfSSL_RSA_To_Der(NULL, &outDer, 0, HEAP_HINT), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
-    ExpectIntEQ(wolfSSL_RSA_To_Der(rsa, &outDer, 2, HEAP_HINT), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
-
-    ExpectIntEQ(wolfSSL_RSA_To_Der(rsa, NULL, 0, HEAP_HINT), privDerSz);
-    outDer = out;
-    ExpectIntEQ(wolfSSL_RSA_To_Der(rsa, &outDer, 0, HEAP_HINT), privDerSz);
-    ExpectIntEQ(XMEMCMP(out, privDer, privDerSz), 0);
-    outDer = NULL;
-    ExpectIntEQ(wolfSSL_RSA_To_Der(rsa, &outDer, 0, HEAP_HINT), privDerSz);
-    ExpectNotNull(outDer);
-    ExpectIntEQ(XMEMCMP(outDer, privDer, privDerSz), 0);
-    XFREE(outDer, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
-
-    ExpectIntEQ(wolfSSL_RSA_To_Der(rsa, NULL, 1, HEAP_HINT), pubDerSz);
-    outDer = out;
-    ExpectIntEQ(wolfSSL_RSA_To_Der(rsa, &outDer, 1, HEAP_HINT), pubDerSz);
-    ExpectIntEQ(XMEMCMP(out, pubDer, pubDerSz), 0);
-
-    RSA_free(rsa);
-
-    ExpectNotNull(rsa = RSA_new());
-    ExpectIntEQ(wolfSSL_RSA_To_Der(rsa, &outDer, 0, HEAP_HINT), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
-    ExpectIntEQ(wolfSSL_RSA_To_Der(rsa, &outDer, 1, HEAP_HINT), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
-    RSA_free(rsa);
-
-    der = pubDer;
-    rsa = NULL;
-    ExpectNotNull(wolfSSL_d2i_RSAPublicKey(&rsa, &der, pubDerSz));
-    ExpectIntEQ(wolfSSL_RSA_To_Der(rsa, &outDer, 0, HEAP_HINT), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
-    RSA_free(rsa);
-#endif
-#endif
-    return EXPECT_RESULT();
-}
-
-/* wolfSSL_PEM_read_RSAPublicKey is a stub function. */
-static int test_wolfSSL_PEM_read_RSAPublicKey(void)
-{
-    EXPECT_DECLS;
-#if !defined(NO_RSA) && defined(OPENSSL_EXTRA) && !defined(NO_FILESYSTEM)
-    XFILE file = XBADFILE;
-    const char* fname = "./certs/server-keyPub.pem";
-    RSA *rsa = NULL;
-
-    ExpectNull(wolfSSL_PEM_read_RSAPublicKey(XBADFILE, NULL, NULL, NULL));
-
-    ExpectTrue((file = XFOPEN(fname, "rb")) != XBADFILE);
-    ExpectNotNull(rsa = PEM_read_RSA_PUBKEY(file, NULL, NULL, NULL));
-    ExpectIntEQ(RSA_size(rsa), 256);
-    RSA_free(rsa);
-    if (file != XBADFILE)
-        XFCLOSE(file);
-#endif
-    return EXPECT_RESULT();
-}
-
-/* wolfSSL_PEM_read_RSAPublicKey is a stub function. */
-static int test_wolfSSL_PEM_write_RSA_PUBKEY(void)
-{
-    EXPECT_DECLS;
-#if !defined(NO_RSA) && defined(OPENSSL_EXTRA) && !defined(NO_FILESYSTEM) && \
-    defined(WOLFSSL_KEY_GEN)
-    RSA* rsa = NULL;
-
-    ExpectIntEQ(wolfSSL_PEM_write_RSA_PUBKEY(XBADFILE, NULL), 0);
-    ExpectIntEQ(wolfSSL_PEM_write_RSA_PUBKEY(stderr, NULL), 0);
-    /* Valid but stub so returns 0. */
-    ExpectIntEQ(wolfSSL_PEM_write_RSA_PUBKEY(stderr, rsa), 0);
-#endif
-    return EXPECT_RESULT();
-}
-
-static int test_wolfSSL_PEM_write_RSAPrivateKey(void)
-{
-    EXPECT_DECLS;
-#if !defined(NO_RSA) && defined(OPENSSL_EXTRA) && defined(WOLFSSL_KEY_GEN) && \
-    (defined(WOLFSSL_PEM_TO_DER) || defined(WOLFSSL_DER_TO_PEM)) && \
-    !defined(NO_FILESYSTEM)
-    RSA* rsa = NULL;
-#ifdef USE_CERT_BUFFERS_1024
-    const unsigned char* privDer = client_key_der_1024;
-    size_t privDerSz = sizeof_client_key_der_1024;
-#else
-    const unsigned char* privDer = client_key_der_2048;
-    size_t privDerSz = sizeof_client_key_der_2048;
-#endif
-    const unsigned char* der;
-#ifndef NO_AES
-    unsigned char passwd[] = "password";
-#endif
-
-    ExpectNotNull(rsa = RSA_new());
-    ExpectIntEQ(wolfSSL_PEM_write_RSAPrivateKey(stderr, rsa, NULL, NULL, 0,
-        NULL, NULL), 0);
-    RSA_free(rsa);
-
-    der = privDer;
-    rsa = NULL;
-    ExpectNotNull(wolfSSL_d2i_RSAPrivateKey(&rsa, &der, privDerSz));
-
-    ExpectIntEQ(wolfSSL_PEM_write_RSAPrivateKey(XBADFILE, rsa, NULL, NULL, 0,
-        NULL, NULL), 0);
-    ExpectIntEQ(wolfSSL_PEM_write_RSAPrivateKey(stderr, NULL, NULL, NULL, 0,
-        NULL, NULL), 0);
-
-    ExpectIntEQ(wolfSSL_PEM_write_RSAPrivateKey(stderr, rsa, NULL, NULL, 0,
-        NULL, NULL), 1);
-#if !defined(NO_AES) && defined(HAVE_AES_CBC)
-    ExpectIntEQ(wolfSSL_PEM_write_RSAPrivateKey(stderr, rsa, EVP_aes_128_cbc(),
-        NULL, 0, NULL, NULL), 1);
-    ExpectIntEQ(wolfSSL_PEM_write_RSAPrivateKey(stderr, rsa, EVP_aes_128_cbc(),
-        passwd, sizeof(passwd) - 1, NULL, NULL), 1);
-#endif
-
-    RSA_free(rsa);
-#endif
-    return EXPECT_RESULT();
-}
-
-static int test_wolfSSL_PEM_write_mem_RSAPrivateKey(void)
-{
-    EXPECT_DECLS;
-#if !defined(NO_RSA) && defined(OPENSSL_EXTRA) && defined(WOLFSSL_KEY_GEN) && \
-    (defined(WOLFSSL_PEM_TO_DER) || defined(WOLFSSL_DER_TO_PEM))
-    RSA* rsa = NULL;
-#ifdef USE_CERT_BUFFERS_1024
-    const unsigned char* privDer = client_key_der_1024;
-    size_t privDerSz = sizeof_client_key_der_1024;
-#else
-    const unsigned char* privDer = client_key_der_2048;
-    size_t privDerSz = sizeof_client_key_der_2048;
-#endif
-    const unsigned char* der;
-#ifndef NO_AES
-    unsigned char passwd[] = "password";
-#endif
-    unsigned char* pem = NULL;
-    int plen;
-
-    ExpectNotNull(rsa = RSA_new());
-    ExpectIntEQ(wolfSSL_PEM_write_mem_RSAPrivateKey(rsa, NULL, NULL, 0, &pem,
-        &plen), 0);
-    RSA_free(rsa);
-
-    der = privDer;
-    rsa = NULL;
-    ExpectNotNull(wolfSSL_d2i_RSAPrivateKey(&rsa, &der, privDerSz));
-
-    ExpectIntEQ(wolfSSL_PEM_write_mem_RSAPrivateKey(NULL, NULL, NULL, 0, &pem,
-        &plen), 0);
-    ExpectIntEQ(wolfSSL_PEM_write_mem_RSAPrivateKey(rsa, NULL, NULL, 0, NULL,
-        &plen), 0);
-    ExpectIntEQ(wolfSSL_PEM_write_mem_RSAPrivateKey(rsa, NULL, NULL, 0, &pem,
-        NULL), 0);
-
-    ExpectIntEQ(wolfSSL_PEM_write_mem_RSAPrivateKey(rsa, NULL, NULL, 0, &pem,
-        &plen), 1);
-    XFREE(pem, NULL, DYNAMIC_TYPE_KEY);
-    pem = NULL;
-#if !defined(NO_AES) && defined(HAVE_AES_CBC)
-    ExpectIntEQ(wolfSSL_PEM_write_mem_RSAPrivateKey(rsa, EVP_aes_128_cbc(),
-        NULL, 0, &pem, &plen), 1);
-    XFREE(pem, NULL, DYNAMIC_TYPE_KEY);
-    pem = NULL;
-    ExpectIntEQ(wolfSSL_PEM_write_mem_RSAPrivateKey(rsa, EVP_aes_128_cbc(),
-        passwd, sizeof(passwd) - 1, &pem, &plen), 1);
-    XFREE(pem, NULL, DYNAMIC_TYPE_KEY);
-#endif
-
-    RSA_free(rsa);
-#endif
-    return EXPECT_RESULT();
-}
-
-static int test_wolfSSL_DH(void)
-{
-    EXPECT_DECLS;
-#if defined(OPENSSL_EXTRA) && !defined(NO_DH)
-    DH *dh = NULL;
-    BIGNUM* p;
-    BIGNUM* q;
-    BIGNUM* g;
-    BIGNUM* pub = NULL;
-    BIGNUM* priv = NULL;
-#if defined(OPENSSL_ALL)
-#if !defined(HAVE_FIPS) || \
-        (defined(HAVE_FIPS_VERSION) && (HAVE_FIPS_VERSION > 2))
-    FILE* f = NULL;
-    unsigned char buf[268];
-    const unsigned char* pt = buf;
-    long len = 0;
-
-    dh = NULL;
-    XMEMSET(buf, 0, sizeof(buf));
-    /* Test 2048 bit parameters */
-    ExpectTrue((f = XFOPEN("./certs/dh2048.der", "rb")) != XBADFILE);
-    ExpectTrue((len = (long)XFREAD(buf, 1, sizeof(buf), f)) > 0);
-    if (f != XBADFILE)
-        XFCLOSE(f);
-
-    ExpectNotNull(dh = d2i_DHparams(NULL, &pt, len));
-    ExpectNotNull(dh->p);
-    ExpectNotNull(dh->g);
-    ExpectTrue(pt == buf);
-    ExpectIntEQ(DH_generate_key(dh), 1);
-
-    /* first, test for expected successful key agreement. */
-    if (EXPECT_SUCCESS()) {
-        DH *dh2 = NULL;
-        unsigned char buf2[268];
-        int sz1 = 0, sz2 = 0;
-
-        ExpectNotNull(dh2 = d2i_DHparams(NULL, &pt, len));
-        ExpectIntEQ(DH_generate_key(dh2), 1);
-
-        ExpectIntGT(sz1=DH_compute_key(buf, dh2->pub_key, dh), 0);
-        ExpectIntGT(sz2=DH_compute_key(buf2, dh->pub_key, dh2), 0);
-        ExpectIntEQ(sz1, sz2);
-        ExpectIntEQ(XMEMCMP(buf, buf2, (size_t)sz1), 0);
-
-        ExpectIntNE(sz1 = DH_size(dh), 0);
-        ExpectIntEQ(DH_compute_key_padded(buf, dh2->pub_key, dh), sz1);
-        ExpectIntEQ(DH_compute_key_padded(buf2, dh->pub_key, dh2), sz1);
-        ExpectIntEQ(XMEMCMP(buf, buf2, (size_t)sz1), 0);
-
-        if (dh2 != NULL)
-            DH_free(dh2);
-    }
-
-    ExpectIntEQ(DH_generate_key(dh), 1);
-    ExpectIntEQ(DH_compute_key(NULL, NULL, NULL), -1);
-    ExpectNotNull(pub = BN_new());
-    ExpectIntEQ(BN_set_word(pub, 1), 1);
-    ExpectIntEQ(DH_compute_key(buf, NULL, NULL), -1);
-    ExpectIntEQ(DH_compute_key(NULL, pub, NULL), -1);
-    ExpectIntEQ(DH_compute_key(NULL, NULL, dh), -1);
-    ExpectIntEQ(DH_compute_key(buf, pub, NULL), -1);
-    ExpectIntEQ(DH_compute_key(buf, NULL, dh), -1);
-    ExpectIntEQ(DH_compute_key(NULL, pub, dh), -1);
-    ExpectIntEQ(DH_compute_key(buf, pub, dh), -1);
-    BN_free(pub);
-    pub = NULL;
-
-    DH_get0_pqg(dh, (const BIGNUM**)&p,
-                    (const BIGNUM**)&q,
-                    (const BIGNUM**)&g);
-    ExpectPtrEq(p, dh->p);
-    ExpectPtrEq(q, dh->q);
-    ExpectPtrEq(g, dh->g);
-    DH_get0_key(NULL, (const BIGNUM**)&pub, (const BIGNUM**)&priv);
-    DH_get0_key(dh, (const BIGNUM**)&pub, (const BIGNUM**)&priv);
-    ExpectPtrEq(pub, dh->pub_key);
-    ExpectPtrEq(priv, dh->priv_key);
-    DH_get0_key(dh, (const BIGNUM**)&pub, NULL);
-    ExpectPtrEq(pub, dh->pub_key);
-    DH_get0_key(dh, NULL, (const BIGNUM**)&priv);
-    ExpectPtrEq(priv, dh->priv_key);
-    pub = NULL;
-    priv = NULL;
-    ExpectNotNull(pub = BN_new());
-    ExpectNotNull(priv = BN_new());
-    ExpectIntEQ(DH_set0_key(NULL, pub, priv), 0);
-    ExpectIntEQ(DH_set0_key(dh, pub, priv), 1);
-    if (EXPECT_FAIL()) {
-        BN_free(pub);
-        BN_free(priv);
-    }
-    pub = NULL;
-    priv = NULL;
-    ExpectNotNull(pub = BN_new());
-    ExpectIntEQ(DH_set0_key(dh, pub, NULL), 1);
-    if (EXPECT_FAIL()) {
-        BN_free(pub);
-    }
-    ExpectNotNull(priv = BN_new());
-    ExpectIntEQ(DH_set0_key(dh, NULL, priv), 1);
-    if (EXPECT_FAIL()) {
-        BN_free(priv);
-    }
-    ExpectPtrEq(pub, dh->pub_key);
-    ExpectPtrEq(priv, dh->priv_key);
-    pub = NULL;
-    priv = NULL;
-
-    DH_free(dh);
-    dh = NULL;
-
-    ExpectNotNull(dh = DH_new());
-    p = NULL;
-    ExpectNotNull(p = BN_new());
-    ExpectIntEQ(BN_set_word(p, 1), 1);
-    ExpectIntEQ(DH_compute_key(buf, p, dh), -1);
-    ExpectNotNull(pub = BN_new());
-    ExpectNotNull(priv = BN_new());
-    ExpectIntEQ(DH_set0_key(dh, pub, priv), 1);
-    if (EXPECT_FAIL()) {
-        BN_free(pub);
-        BN_free(priv);
-    }
-    pub = NULL;
-    priv = NULL;
-    ExpectIntEQ(DH_compute_key(buf, p, dh), -1);
-    BN_free(p);
-    p = NULL;
-    DH_free(dh);
-    dh = NULL;
-
-#ifdef WOLFSSL_KEY_GEN
-    ExpectNotNull(dh = DH_generate_parameters(2048, 2, NULL, NULL));
-    ExpectIntEQ(wolfSSL_DH_generate_parameters_ex(NULL, 2048, 2, NULL), 0);
-    DH_free(dh);
-    dh = NULL;
-#endif
-#endif /* !HAVE_FIPS || (HAVE_FIPS_VERSION && HAVE_FIPS_VERSION > 2) */
-#endif /* OPENSSL_ALL */
-
-    (void)dh;
-    (void)p;
-    (void)q;
-    (void)g;
-    (void)pub;
-    (void)priv;
-
-    ExpectNotNull(dh = wolfSSL_DH_new());
-
-    /* invalid parameters test */
-    DH_get0_pqg(NULL, (const BIGNUM**)&p,
-                      (const BIGNUM**)&q,
-                      (const BIGNUM**)&g);
-
-    DH_get0_pqg(dh, NULL,
-                    (const BIGNUM**)&q,
-                    (const BIGNUM**)&g);
-
-    DH_get0_pqg(dh, NULL, NULL, (const BIGNUM**)&g);
-
-    DH_get0_pqg(dh, NULL, NULL, NULL);
-
-    DH_get0_pqg(dh, (const BIGNUM**)&p,
-                    (const BIGNUM**)&q,
-                    (const BIGNUM**)&g);
-
-    ExpectPtrEq(p, NULL);
-    ExpectPtrEq(q, NULL);
-    ExpectPtrEq(g, NULL);
-    DH_free(dh);
-    dh = NULL;
-
-#if !defined(HAVE_FIPS) || (defined(HAVE_FIPS) && !defined(WOLFSSL_DH_EXTRA)) \
- || (defined(HAVE_FIPS_VERSION) && FIPS_VERSION_GT(2,0))
-#if defined(OPENSSL_ALL) || \
-    defined(OPENSSL_VERSION_NUMBER) && OPENSSL_VERSION_NUMBER >= 0x10100000L
-    dh = wolfSSL_DH_new();
-    ExpectNotNull(dh);
-    p = wolfSSL_BN_new();
-    ExpectNotNull(p);
-    ExpectIntEQ(BN_set_word(p, 11), 1);
-    g = wolfSSL_BN_new();
-    ExpectNotNull(g);
-    ExpectIntEQ(BN_set_word(g, 2), 1);
-    q = wolfSSL_BN_new();
-    ExpectNotNull(q);
-    ExpectIntEQ(BN_set_word(q, 5), 1);
-    ExpectIntEQ(wolfSSL_DH_set0_pqg(NULL, NULL, NULL, NULL), 0);
-    ExpectIntEQ(wolfSSL_DH_set0_pqg(dh, NULL, NULL, NULL), 0);
-    ExpectIntEQ(wolfSSL_DH_set0_pqg(NULL, p, NULL, NULL), 0);
-    ExpectIntEQ(wolfSSL_DH_set0_pqg(NULL, NULL, q, NULL), 0);
-    ExpectIntEQ(wolfSSL_DH_set0_pqg(NULL, NULL, NULL, g), 0);
-    ExpectIntEQ(wolfSSL_DH_set0_pqg(NULL, p, q, g), 0);
-    ExpectIntEQ(wolfSSL_DH_set0_pqg(dh, NULL, q, g), 0);
-    ExpectIntEQ(wolfSSL_DH_set0_pqg(dh, p, q, NULL), 0);
-    /* Don't need q. */
-    ExpectIntEQ(wolfSSL_DH_set0_pqg(dh, p, NULL, g), 1);
-    if (EXPECT_FAIL()) {
-        BN_free(p);
-        BN_free(g);
-    }
-    p = NULL;
-    g = NULL;
-    /* Setting again will free the p and g. */
-    wolfSSL_BN_free(q);
-    q = NULL;
-    DH_free(dh);
-    dh = NULL;
-
-    dh = wolfSSL_DH_new();
-    ExpectNotNull(dh);
-
-    p = wolfSSL_BN_new();
-    ExpectNotNull(p);
-    ExpectIntEQ(BN_set_word(p, 11), 1);
-    g = wolfSSL_BN_new();
-    ExpectNotNull(g);
-    ExpectIntEQ(BN_set_word(g, 2), 1);
-    q = wolfSSL_BN_new();
-    ExpectNotNull(q);
-    ExpectIntEQ(BN_set_word(q, 5), 1);
-    ExpectIntEQ(wolfSSL_DH_set0_pqg(dh, p, q, g), 1);
-    /* p, q and g are now owned by dh - don't free. */
-    if (EXPECT_FAIL()) {
-        BN_free(p);
-        BN_free(q);
-        BN_free(g);
-    }
-    p = NULL;
-    q = NULL;
-    g = NULL;
-
-    p = wolfSSL_BN_new();
-    ExpectNotNull(p);
-    ExpectIntEQ(BN_set_word(p, 11), 1);
-    g = wolfSSL_BN_new();
-    ExpectNotNull(g);
-    ExpectIntEQ(BN_set_word(g, 2), 1);
-    q = wolfSSL_BN_new();
-    ExpectNotNull(q);
-    ExpectIntEQ(wolfSSL_DH_set0_pqg(dh, p, NULL, NULL), 1);
-    if (EXPECT_FAIL()) {
-        BN_free(p);
-    }
-    p = NULL;
-    ExpectIntEQ(wolfSSL_DH_set0_pqg(dh, NULL, q, NULL), 1);
-    if (EXPECT_FAIL()) {
-        BN_free(q);
-    }
-    q = NULL;
-    ExpectIntEQ(wolfSSL_DH_set0_pqg(dh, NULL, NULL, g), 1);
-    if (EXPECT_FAIL()) {
-        BN_free(g);
-    }
-    g = NULL;
-    ExpectIntEQ(wolfSSL_DH_set0_pqg(dh, NULL, NULL, NULL), 1);
-    /* p, q and g are now owned by dh - don't free. */
-
-    DH_free(dh);
-    dh = NULL;
-
-    ExpectIntEQ(DH_generate_key(NULL), 0);
-    ExpectNotNull(dh = DH_new());
-    ExpectIntEQ(DH_generate_key(dh), 0);
-    p = wolfSSL_BN_new();
-    ExpectNotNull(p);
-    ExpectIntEQ(BN_set_word(p, 0), 1);
-    g = wolfSSL_BN_new();
-    ExpectNotNull(g);
-    ExpectIntEQ(BN_set_word(g, 2), 1);
-    ExpectIntEQ(wolfSSL_DH_set0_pqg(dh, p, NULL, g), 1);
-    if (EXPECT_FAIL()) {
-        BN_free(p);
-        BN_free(g);
-    }
-    p = NULL;
-    g = NULL;
-    ExpectIntEQ(DH_generate_key(dh), 0);
-    DH_free(dh);
-    dh = NULL;
-#endif
-#endif
-
-    /* Test DH_up_ref() */
-    dh = wolfSSL_DH_new();
-    ExpectNotNull(dh);
-    ExpectIntEQ(wolfSSL_DH_up_ref(NULL), WC_NO_ERR_TRACE(WOLFSSL_FAILURE));
-    ExpectIntEQ(wolfSSL_DH_up_ref(dh), WOLFSSL_SUCCESS);
-    DH_free(dh); /* decrease ref count */
-    DH_free(dh); /* free WOLFSSL_DH */
-    dh = NULL;
-    q = NULL;
-
-    ExpectNull((dh = DH_new_by_nid(NID_sha1)));
-#if (defined(HAVE_PUBLIC_FFDHE) || (defined(HAVE_FIPS) && \
-    FIPS_VERSION_EQ(2,0))) || (!defined(HAVE_PUBLIC_FFDHE) && \
-    (!defined(HAVE_FIPS) || FIPS_VERSION_GT(2,0)))
-#ifdef HAVE_FFDHE_2048
-    ExpectNotNull((dh = DH_new_by_nid(NID_ffdhe2048)));
-    DH_free(dh);
-    dh = NULL;
-    q = NULL;
-#endif
-#ifdef HAVE_FFDHE_3072
-    ExpectNotNull((dh = DH_new_by_nid(NID_ffdhe3072)));
-    DH_free(dh);
-    dh = NULL;
-    q = NULL;
-#endif
-#ifdef HAVE_FFDHE_4096
-    ExpectNotNull((dh = DH_new_by_nid(NID_ffdhe4096)));
-    DH_free(dh);
-    dh = NULL;
-    q = NULL;
-#endif
-#else
-    ExpectNull((dh = DH_new_by_nid(NID_ffdhe2048)));
-#endif /* (HAVE_PUBLIC_FFDHE || (HAVE_FIPS && HAVE_FIPS_VERSION == 2)) ||
-        * (!HAVE_PUBLIC_FFDHE && (!HAVE_FIPS || HAVE_FIPS_VERSION > 2))*/
-
-    ExpectIntEQ(wolfSSL_DH_size(NULL), -1);
-#endif /* OPENSSL_EXTRA && !NO_DH */
-    return EXPECT_RESULT();
-}
-
-static int test_wolfSSL_DH_dup(void)
-{
-    EXPECT_DECLS;
-#if !defined(NO_DH) && defined(WOLFSSL_DH_EXTRA)
-#if defined(WOLFSSL_QT) || defined(OPENSSL_ALL) || defined(WOLFSSL_OPENSSH) || \
-    defined(OPENSSL_EXTRA)
-    DH *dh = NULL;
-    DH *dhDup = NULL;
-
-    ExpectNotNull(dh = wolfSSL_DH_new());
-
-    ExpectNull(dhDup = wolfSSL_DH_dup(NULL));
-    ExpectNull(dhDup = wolfSSL_DH_dup(dh));
-
-#if defined(OPENSSL_ALL) || \
-    defined(OPENSSL_VERSION_NUMBER) && OPENSSL_VERSION_NUMBER >= 0x10100000L
-    {
-        WOLFSSL_BIGNUM* p = NULL;
-        WOLFSSL_BIGNUM* g = NULL;
-
-        ExpectNotNull(p = wolfSSL_BN_new());
-        ExpectNotNull(g = wolfSSL_BN_new());
-        ExpectIntEQ(wolfSSL_BN_set_word(p, 11), WOLFSSL_SUCCESS);
-        ExpectIntEQ(wolfSSL_BN_set_word(g, 2), WOLFSSL_SUCCESS);
-
-        ExpectIntEQ(wolfSSL_DH_set0_pqg(dh, p, NULL, g), 1);
-        if (EXPECT_FAIL()) {
-            wolfSSL_BN_free(p);
-            wolfSSL_BN_free(g);
-        }
-
-        ExpectNotNull(dhDup = wolfSSL_DH_dup(dh));
-        wolfSSL_DH_free(dhDup);
-    }
-#endif
-
-    wolfSSL_DH_free(dh);
-#endif
-#endif
-    return EXPECT_RESULT();
-}
-
-static int test_wolfSSL_DH_check(void)
-{
-    EXPECT_DECLS;
-#ifdef OPENSSL_ALL
-#ifndef NO_DH
-#ifndef NO_BIO
-#ifndef NO_DSA
-    byte buf[6000];
-    char file[] = "./certs/dsaparams.pem";
-    XFILE f = XBADFILE;
-    int  bytes = 0;
-    BIO* bio = NULL;
-    DSA* dsa = NULL;
-#elif !defined(HAVE_FIPS) || FIPS_VERSION_GT(2,0)
-    static const byte dh2048[] = {
-        0x30, 0x82, 0x01, 0x08, 0x02, 0x82, 0x01, 0x01,
-        0x00, 0xb0, 0xa1, 0x08, 0x06, 0x9c, 0x08, 0x13,
-        0xba, 0x59, 0x06, 0x3c, 0xbc, 0x30, 0xd5, 0xf5,
-        0x00, 0xc1, 0x4f, 0x44, 0xa7, 0xd6, 0xef, 0x4a,
-        0xc6, 0x25, 0x27, 0x1c, 0xe8, 0xd2, 0x96, 0x53,
-        0x0a, 0x5c, 0x91, 0xdd, 0xa2, 0xc2, 0x94, 0x84,
-        0xbf, 0x7d, 0xb2, 0x44, 0x9f, 0x9b, 0xd2, 0xc1,
-        0x8a, 0xc5, 0xbe, 0x72, 0x5c, 0xa7, 0xe7, 0x91,
-        0xe6, 0xd4, 0x9f, 0x73, 0x07, 0x85, 0x5b, 0x66,
-        0x48, 0xc7, 0x70, 0xfa, 0xb4, 0xee, 0x02, 0xc9,
-        0x3d, 0x9a, 0x4a, 0xda, 0x3d, 0xc1, 0x46, 0x3e,
-        0x19, 0x69, 0xd1, 0x17, 0x46, 0x07, 0xa3, 0x4d,
-        0x9f, 0x2b, 0x96, 0x17, 0x39, 0x6d, 0x30, 0x8d,
-        0x2a, 0xf3, 0x94, 0xd3, 0x75, 0xcf, 0xa0, 0x75,
-        0xe6, 0xf2, 0x92, 0x1f, 0x1a, 0x70, 0x05, 0xaa,
-        0x04, 0x83, 0x57, 0x30, 0xfb, 0xda, 0x76, 0x93,
-        0x38, 0x50, 0xe8, 0x27, 0xfd, 0x63, 0xee, 0x3c,
-        0xe5, 0xb7, 0xc8, 0x09, 0xae, 0x6f, 0x50, 0x35,
-        0x8e, 0x84, 0xce, 0x4a, 0x00, 0xe9, 0x12, 0x7e,
-        0x5a, 0x31, 0xd7, 0x33, 0xfc, 0x21, 0x13, 0x76,
-        0xcc, 0x16, 0x30, 0xdb, 0x0c, 0xfc, 0xc5, 0x62,
-        0xa7, 0x35, 0xb8, 0xef, 0xb7, 0xb0, 0xac, 0xc0,
-        0x36, 0xf6, 0xd9, 0xc9, 0x46, 0x48, 0xf9, 0x40,
-        0x90, 0x00, 0x2b, 0x1b, 0xaa, 0x6c, 0xe3, 0x1a,
-        0xc3, 0x0b, 0x03, 0x9e, 0x1b, 0xc2, 0x46, 0xe4,
-        0x48, 0x4e, 0x22, 0x73, 0x6f, 0xc3, 0x5f, 0xd4,
-        0x9a, 0xd6, 0x30, 0x07, 0x48, 0xd6, 0x8c, 0x90,
-        0xab, 0xd4, 0xf6, 0xf1, 0xe3, 0x48, 0xd3, 0x58,
-        0x4b, 0xa6, 0xb9, 0xcd, 0x29, 0xbf, 0x68, 0x1f,
-        0x08, 0x4b, 0x63, 0x86, 0x2f, 0x5c, 0x6b, 0xd6,
-        0xb6, 0x06, 0x65, 0xf7, 0xa6, 0xdc, 0x00, 0x67,
-        0x6b, 0xbb, 0xc3, 0xa9, 0x41, 0x83, 0xfb, 0xc7,
-        0xfa, 0xc8, 0xe2, 0x1e, 0x7e, 0xaf, 0x00, 0x3f,
-        0x93, 0x02, 0x01, 0x02
-    };
-    const byte* params;
-#endif
-    DH*  dh = NULL;
-    WOLFSSL_BIGNUM* p = NULL;
-    WOLFSSL_BIGNUM* g = NULL;
-    WOLFSSL_BIGNUM* pTmp = NULL;
-    WOLFSSL_BIGNUM* gTmp = NULL;
-    int codes = -1;
-
-#ifndef NO_DSA
-    /* Initialize DH */
-    ExpectTrue((f = XFOPEN(file, "rb")) != XBADFILE);
-    ExpectIntGT(bytes = (int)XFREAD(buf, 1, sizeof(buf), f), 0);
-    if (f != XBADFILE)
-        XFCLOSE(f);
-
-    ExpectNotNull(bio = BIO_new_mem_buf((void*)buf, bytes));
-
-    ExpectNotNull(dsa = wolfSSL_PEM_read_bio_DSAparams(bio, NULL, NULL, NULL));
-
-    ExpectNotNull(dh = wolfSSL_DSA_dup_DH(dsa));
-    ExpectNotNull(dh);
-
-    BIO_free(bio);
-    DSA_free(dsa);
-#elif !defined(HAVE_FIPS) || FIPS_VERSION_GT(2,0)
-    params = dh2048;
-    ExpectNotNull(dh = wolfSSL_d2i_DHparams(NULL, &params,
-        (long)sizeof(dh2048)));
-#else
-    ExpectNotNull(dh = wolfSSL_DH_new_by_nid(NID_ffdhe2048));
-#endif
-
-    /* Test assumed to be valid dh.
-     * Should return WOLFSSL_SUCCESS
-     * codes should be 0
-     * Invalid codes = {DH_NOT_SUITABLE_GENERATOR, DH_CHECK_P_NOT_PRIME}
-     */
-    ExpectIntEQ(wolfSSL_DH_check(dh, &codes), 1);
-    ExpectIntEQ(codes, 0);
-
-    /* Test NULL dh: expected BAD_FUNC_ARG */
-    ExpectIntEQ(wolfSSL_DH_check(NULL, &codes), 0);
-
-    /* Break dh prime to test if codes = DH_CHECK_P_NOT_PRIME */
-    if (dh != NULL) {
-        pTmp = dh->p;
-        dh->p  = NULL;
-    }
-    ExpectIntEQ(wolfSSL_DH_check(dh, &codes), 1);
-    ExpectIntEQ(wolfSSL_DH_check(dh, NULL), 0);
-    ExpectIntEQ(codes, DH_CHECK_P_NOT_PRIME);
-    /* set dh->p back to normal so it won't fail on next tests */
-    if (dh != NULL) {
-        dh->p = pTmp;
-        pTmp = NULL;
-    }
-
-    /* Break dh generator to test if codes = DH_NOT_SUITABLE_GENERATOR */
-    if (dh != NULL) {
-        gTmp = dh->g;
-        dh->g = NULL;
-    }
-    ExpectIntEQ(wolfSSL_DH_check(dh, &codes), 1);
-    ExpectIntEQ(wolfSSL_DH_check(dh, NULL), 0);
-    ExpectIntEQ(codes, DH_NOT_SUITABLE_GENERATOR);
-    if (dh != NULL) {
-        dh->g = gTmp;
-        gTmp = NULL;
-    }
-
-    /* Cleanup */
-    DH_free(dh);
-    dh = NULL;
-
-    dh = DH_new();
-    ExpectNotNull(dh);
-    /* Check empty DH. */
-    ExpectIntEQ(wolfSSL_DH_check(dh, &codes), 1);
-    ExpectIntEQ(wolfSSL_DH_check(dh, NULL), 0);
-    ExpectIntEQ(codes, DH_NOT_SUITABLE_GENERATOR | DH_CHECK_P_NOT_PRIME);
-    /* Check non-prime valued p. */
-    ExpectNotNull(p = BN_new());
-    ExpectIntEQ(BN_set_word(p, 4), 1);
-    ExpectNotNull(g = BN_new());
-    ExpectIntEQ(BN_set_word(g, 2), 1);
-    ExpectIntEQ(DH_set0_pqg(dh, p, NULL, g), 1);
-    if (EXPECT_FAIL()) {
-        wolfSSL_BN_free(p);
-        wolfSSL_BN_free(g);
-    }
-    ExpectIntEQ(wolfSSL_DH_check(dh, &codes), 1);
-    ExpectIntEQ(wolfSSL_DH_check(dh, NULL), 0);
-    ExpectIntEQ(codes, DH_CHECK_P_NOT_PRIME);
-    DH_free(dh);
-    dh = NULL;
-#endif
-#endif /* !NO_DH  && !NO_DSA */
-#endif
-    return EXPECT_RESULT();
-}
-
-static int test_wolfSSL_DH_prime(void)
-{
-    EXPECT_DECLS;
-#if defined(OPENSSL_EXTRA) && !defined(NO_DH)
-    WOLFSSL_BIGNUM* bn = NULL;
-#if WOLFSSL_MAX_BN_BITS >= 768
-    WOLFSSL_BIGNUM* bn2 = NULL;
-#endif
-
-    bn = wolfSSL_DH_768_prime(NULL);
-#if WOLFSSL_MAX_BN_BITS >= 768
-    ExpectNotNull(bn);
-    bn2 = wolfSSL_DH_768_prime(bn);
-    ExpectNotNull(bn2);
-    ExpectTrue(bn == bn2);
-    wolfSSL_BN_free(bn);
-    bn = NULL;
-#else
-    ExpectNull(bn);
-#endif
-
-    bn = wolfSSL_DH_1024_prime(NULL);
-#if WOLFSSL_MAX_BN_BITS >= 1024
-    ExpectNotNull(bn);
-    wolfSSL_BN_free(bn);
-    bn = NULL;
-#else
-    ExpectNull(bn);
-#endif
-    bn = wolfSSL_DH_2048_prime(NULL);
-#if WOLFSSL_MAX_BN_BITS >= 2048
-    ExpectNotNull(bn);
-    wolfSSL_BN_free(bn);
-    bn = NULL;
-#else
-    ExpectNull(bn);
-#endif
-    bn = wolfSSL_DH_3072_prime(NULL);
-#if WOLFSSL_MAX_BN_BITS >= 3072
-    ExpectNotNull(bn);
-    wolfSSL_BN_free(bn);
-    bn = NULL;
-#else
-    ExpectNull(bn);
-#endif
-    bn = wolfSSL_DH_4096_prime(NULL);
-#if WOLFSSL_MAX_BN_BITS >= 4096
-    ExpectNotNull(bn);
-    wolfSSL_BN_free(bn);
-    bn = NULL;
-#else
-    ExpectNull(bn);
-#endif
-    bn = wolfSSL_DH_6144_prime(NULL);
-#if WOLFSSL_MAX_BN_BITS >= 6144
-    ExpectNotNull(bn);
-    wolfSSL_BN_free(bn);
-    bn = NULL;
-#else
-    ExpectNull(bn);
-#endif
-    bn = wolfSSL_DH_8192_prime(NULL);
-#if WOLFSSL_MAX_BN_BITS >= 8192
-    ExpectNotNull(bn);
-    wolfSSL_BN_free(bn);
-    bn = NULL;
-#else
-    ExpectNull(bn);
-#endif
-#endif
-    return EXPECT_RESULT();
-}
-
-static int test_wolfSSL_DH_1536_prime(void)
-{
-    EXPECT_DECLS;
-#if defined(OPENSSL_EXTRA) && !defined(NO_DH)
-    BIGNUM* bn = NULL;
-    unsigned char bits[200];
-    int sz = 192; /* known binary size */
-    const byte expected[] = {
-        0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,
-        0xC9,0x0F,0xDA,0xA2,0x21,0x68,0xC2,0x34,
-        0xC4,0xC6,0x62,0x8B,0x80,0xDC,0x1C,0xD1,
-        0x29,0x02,0x4E,0x08,0x8A,0x67,0xCC,0x74,
-        0x02,0x0B,0xBE,0xA6,0x3B,0x13,0x9B,0x22,
-        0x51,0x4A,0x08,0x79,0x8E,0x34,0x04,0xDD,
-        0xEF,0x95,0x19,0xB3,0xCD,0x3A,0x43,0x1B,
-        0x30,0x2B,0x0A,0x6D,0xF2,0x5F,0x14,0x37,
-        0x4F,0xE1,0x35,0x6D,0x6D,0x51,0xC2,0x45,
-        0xE4,0x85,0xB5,0x76,0x62,0x5E,0x7E,0xC6,
-        0xF4,0x4C,0x42,0xE9,0xA6,0x37,0xED,0x6B,
-        0x0B,0xFF,0x5C,0xB6,0xF4,0x06,0xB7,0xED,
-        0xEE,0x38,0x6B,0xFB,0x5A,0x89,0x9F,0xA5,
-        0xAE,0x9F,0x24,0x11,0x7C,0x4B,0x1F,0xE6,
-        0x49,0x28,0x66,0x51,0xEC,0xE4,0x5B,0x3D,
-        0xC2,0x00,0x7C,0xB8,0xA1,0x63,0xBF,0x05,
-        0x98,0xDA,0x48,0x36,0x1C,0x55,0xD3,0x9A,
-        0x69,0x16,0x3F,0xA8,0xFD,0x24,0xCF,0x5F,
-        0x83,0x65,0x5D,0x23,0xDC,0xA3,0xAD,0x96,
-        0x1C,0x62,0xF3,0x56,0x20,0x85,0x52,0xBB,
-        0x9E,0xD5,0x29,0x07,0x70,0x96,0x96,0x6D,
-        0x67,0x0C,0x35,0x4E,0x4A,0xBC,0x98,0x04,
-        0xF1,0x74,0x6C,0x08,0xCA,0x23,0x73,0x27,
-        0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,
-    };
-
-    ExpectNotNull(bn = get_rfc3526_prime_1536(NULL));
-    ExpectIntEQ(sz, BN_bn2bin((const BIGNUM*)bn, bits));
-    ExpectIntEQ(0, XMEMCMP(expected, bits, sz));
-
-    BN_free(bn);
-#endif
-    return EXPECT_RESULT();
-}
-
-static int test_wolfSSL_DH_get_2048_256(void)
-{
-    EXPECT_DECLS;
-#if defined(OPENSSL_EXTRA) && !defined(NO_DH)
-    WOLFSSL_DH* dh = NULL;
-    const WOLFSSL_BIGNUM* pBn;
-    const WOLFSSL_BIGNUM* gBn;
-    const WOLFSSL_BIGNUM* qBn;
-    const byte pExpected[] = {
-        0x87, 0xA8, 0xE6, 0x1D, 0xB4, 0xB6, 0x66, 0x3C, 0xFF, 0xBB, 0xD1, 0x9C,
-        0x65, 0x19, 0x59, 0x99, 0x8C, 0xEE, 0xF6, 0x08, 0x66, 0x0D, 0xD0, 0xF2,
-        0x5D, 0x2C, 0xEE, 0xD4, 0x43, 0x5E, 0x3B, 0x00, 0xE0, 0x0D, 0xF8, 0xF1,
-        0xD6, 0x19, 0x57, 0xD4, 0xFA, 0xF7, 0xDF, 0x45, 0x61, 0xB2, 0xAA, 0x30,
-        0x16, 0xC3, 0xD9, 0x11, 0x34, 0x09, 0x6F, 0xAA, 0x3B, 0xF4, 0x29, 0x6D,
-        0x83, 0x0E, 0x9A, 0x7C, 0x20, 0x9E, 0x0C, 0x64, 0x97, 0x51, 0x7A, 0xBD,
-        0x5A, 0x8A, 0x9D, 0x30, 0x6B, 0xCF, 0x67, 0xED, 0x91, 0xF9, 0xE6, 0x72,
-        0x5B, 0x47, 0x58, 0xC0, 0x22, 0xE0, 0xB1, 0xEF, 0x42, 0x75, 0xBF, 0x7B,
-        0x6C, 0x5B, 0xFC, 0x11, 0xD4, 0x5F, 0x90, 0x88, 0xB9, 0x41, 0xF5, 0x4E,
-        0xB1, 0xE5, 0x9B, 0xB8, 0xBC, 0x39, 0xA0, 0xBF, 0x12, 0x30, 0x7F, 0x5C,
-        0x4F, 0xDB, 0x70, 0xC5, 0x81, 0xB2, 0x3F, 0x76, 0xB6, 0x3A, 0xCA, 0xE1,
-        0xCA, 0xA6, 0xB7, 0x90, 0x2D, 0x52, 0x52, 0x67, 0x35, 0x48, 0x8A, 0x0E,
-        0xF1, 0x3C, 0x6D, 0x9A, 0x51, 0xBF, 0xA4, 0xAB, 0x3A, 0xD8, 0x34, 0x77,
-        0x96, 0x52, 0x4D, 0x8E, 0xF6, 0xA1, 0x67, 0xB5, 0xA4, 0x18, 0x25, 0xD9,
-        0x67, 0xE1, 0x44, 0xE5, 0x14, 0x05, 0x64, 0x25, 0x1C, 0xCA, 0xCB, 0x83,
-        0xE6, 0xB4, 0x86, 0xF6, 0xB3, 0xCA, 0x3F, 0x79, 0x71, 0x50, 0x60, 0x26,
-        0xC0, 0xB8, 0x57, 0xF6, 0x89, 0x96, 0x28, 0x56, 0xDE, 0xD4, 0x01, 0x0A,
-        0xBD, 0x0B, 0xE6, 0x21, 0xC3, 0xA3, 0x96, 0x0A, 0x54, 0xE7, 0x10, 0xC3,
-        0x75, 0xF2, 0x63, 0x75, 0xD7, 0x01, 0x41, 0x03, 0xA4, 0xB5, 0x43, 0x30,
-        0xC1, 0x98, 0xAF, 0x12, 0x61, 0x16, 0xD2, 0x27, 0x6E, 0x11, 0x71, 0x5F,
-        0x69, 0x38, 0x77, 0xFA, 0xD7, 0xEF, 0x09, 0xCA, 0xDB, 0x09, 0x4A, 0xE9,
-        0x1E, 0x1A, 0x15, 0x97
-    };
-    const byte gExpected[] = {
-        0x3F, 0xB3, 0x2C, 0x9B, 0x73, 0x13, 0x4D, 0x0B, 0x2E, 0x77, 0x50, 0x66,
-        0x60, 0xED, 0xBD, 0x48, 0x4C, 0xA7, 0xB1, 0x8F, 0x21, 0xEF, 0x20, 0x54,
-        0x07, 0xF4, 0x79, 0x3A, 0x1A, 0x0B, 0xA1, 0x25, 0x10, 0xDB, 0xC1, 0x50,
-        0x77, 0xBE, 0x46, 0x3F, 0xFF, 0x4F, 0xED, 0x4A, 0xAC, 0x0B, 0xB5, 0x55,
-        0xBE, 0x3A, 0x6C, 0x1B, 0x0C, 0x6B, 0x47, 0xB1, 0xBC, 0x37, 0x73, 0xBF,
-        0x7E, 0x8C, 0x6F, 0x62, 0x90, 0x12, 0x28, 0xF8, 0xC2, 0x8C, 0xBB, 0x18,
-        0xA5, 0x5A, 0xE3, 0x13, 0x41, 0x00, 0x0A, 0x65, 0x01, 0x96, 0xF9, 0x31,
-        0xC7, 0x7A, 0x57, 0xF2, 0xDD, 0xF4, 0x63, 0xE5, 0xE9, 0xEC, 0x14, 0x4B,
-        0x77, 0x7D, 0xE6, 0x2A, 0xAA, 0xB8, 0xA8, 0x62, 0x8A, 0xC3, 0x76, 0xD2,
-        0x82, 0xD6, 0xED, 0x38, 0x64, 0xE6, 0x79, 0x82, 0x42, 0x8E, 0xBC, 0x83,
-        0x1D, 0x14, 0x34, 0x8F, 0x6F, 0x2F, 0x91, 0x93, 0xB5, 0x04, 0x5A, 0xF2,
-        0x76, 0x71, 0x64, 0xE1, 0xDF, 0xC9, 0x67, 0xC1, 0xFB, 0x3F, 0x2E, 0x55,
-        0xA4, 0xBD, 0x1B, 0xFF, 0xE8, 0x3B, 0x9C, 0x80, 0xD0, 0x52, 0xB9, 0x85,
-        0xD1, 0x82, 0xEA, 0x0A, 0xDB, 0x2A, 0x3B, 0x73, 0x13, 0xD3, 0xFE, 0x14,
-        0xC8, 0x48, 0x4B, 0x1E, 0x05, 0x25, 0x88, 0xB9, 0xB7, 0xD2, 0xBB, 0xD2,
-        0xDF, 0x01, 0x61, 0x99, 0xEC, 0xD0, 0x6E, 0x15, 0x57, 0xCD, 0x09, 0x15,
-        0xB3, 0x35, 0x3B, 0xBB, 0x64, 0xE0, 0xEC, 0x37, 0x7F, 0xD0, 0x28, 0x37,
-        0x0D, 0xF9, 0x2B, 0x52, 0xC7, 0x89, 0x14, 0x28, 0xCD, 0xC6, 0x7E, 0xB6,
-        0x18, 0x4B, 0x52, 0x3D, 0x1D, 0xB2, 0x46, 0xC3, 0x2F, 0x63, 0x07, 0x84,
-        0x90, 0xF0, 0x0E, 0xF8, 0xD6, 0x47, 0xD1, 0x48, 0xD4, 0x79, 0x54, 0x51,
-        0x5E, 0x23, 0x27, 0xCF, 0xEF, 0x98, 0xC5, 0x82, 0x66, 0x4B, 0x4C, 0x0F,
-        0x6C, 0xC4, 0x16, 0x59
-    };
-    const byte qExpected[] = {
-        0x8C, 0xF8, 0x36, 0x42, 0xA7, 0x09, 0xA0, 0x97, 0xB4, 0x47, 0x99, 0x76,
-        0x40, 0x12, 0x9D, 0xA2, 0x99, 0xB1, 0xA4, 0x7D, 0x1E, 0xB3, 0x75, 0x0B,
-        0xA3, 0x08, 0xB0, 0xFE, 0x64, 0xF5, 0xFB, 0xD3
-    };
-    int pSz = 0;
-    int qSz = 0;
-    int gSz = 0;
-    byte* pReturned = NULL;
-    byte* qReturned = NULL;
-    byte* gReturned = NULL;
-
-    ExpectNotNull((dh = wolfSSL_DH_get_2048_256()));
-    wolfSSL_DH_get0_pqg(dh, &pBn, &qBn, &gBn);
-
-    ExpectIntGT((pSz = wolfSSL_BN_num_bytes(pBn)), 0);
-    ExpectNotNull(pReturned = (byte*)XMALLOC(pSz, NULL,
-        DYNAMIC_TYPE_TMP_BUFFER));
-    ExpectIntGT((pSz = wolfSSL_BN_bn2bin(pBn, pReturned)), 0);
-    ExpectIntEQ(pSz, sizeof(pExpected));
-    ExpectIntEQ(XMEMCMP(pExpected, pReturned, pSz), 0);
-
-    ExpectIntGT((qSz = wolfSSL_BN_num_bytes(qBn)), 0);
-    ExpectNotNull(qReturned = (byte*)XMALLOC(qSz, NULL,
-        DYNAMIC_TYPE_TMP_BUFFER));
-    ExpectIntGT((qSz = wolfSSL_BN_bn2bin(qBn, qReturned)), 0);
-    ExpectIntEQ(qSz, sizeof(qExpected));
-    ExpectIntEQ(XMEMCMP(qExpected, qReturned, qSz), 0);
-
-    ExpectIntGT((gSz = wolfSSL_BN_num_bytes(gBn)), 0);
-    ExpectNotNull(gReturned = (byte*)XMALLOC(gSz, NULL,
-        DYNAMIC_TYPE_TMP_BUFFER));
-    ExpectIntGT((gSz = wolfSSL_BN_bn2bin(gBn, gReturned)), 0);
-    ExpectIntEQ(gSz, sizeof(gExpected));
-    ExpectIntEQ(XMEMCMP(gExpected, gReturned, gSz), 0);
-
-    wolfSSL_DH_free(dh);
-    XFREE(pReturned, NULL, DYNAMIC_TYPE_TMP_BUFFER);
-    XFREE(gReturned, NULL, DYNAMIC_TYPE_TMP_BUFFER);
-    XFREE(qReturned, NULL, DYNAMIC_TYPE_TMP_BUFFER);
-#endif
-    return EXPECT_RESULT();
-}
-
-static int test_wolfSSL_PEM_write_DHparams(void)
-{
-    EXPECT_DECLS;
-#if defined(OPENSSL_EXTRA) && !defined(NO_BIO) && \
-    !defined(NO_DH) && defined(WOLFSSL_DH_EXTRA) && !defined(NO_FILESYSTEM)
-    DH* dh = NULL;
-    BIO* bio = NULL;
-    XFILE fp = XBADFILE;
-    byte pem[2048];
-    int  pemSz = 0;
-    const char expected[] =
-        "-----BEGIN DH PARAMETERS-----\n"
-        "MIIBCAKCAQEAsKEIBpwIE7pZBjy8MNX1AMFPRKfW70rGJScc6NKWUwpckd2iwpSE\n"
-        "v32yRJ+b0sGKxb5yXKfnkebUn3MHhVtmSMdw+rTuAsk9mkraPcFGPhlp0RdGB6NN\n"
-        "nyuWFzltMI0q85TTdc+gdebykh8acAWqBINXMPvadpM4UOgn/WPuPOW3yAmub1A1\n"
-        "joTOSgDpEn5aMdcz/CETdswWMNsM/MVipzW477ewrMA29tnJRkj5QJAAKxuqbOMa\n"
-        "wwsDnhvCRuRITiJzb8Nf1JrWMAdI1oyQq9T28eNI01hLprnNKb9oHwhLY4YvXGvW\n"
-        "tgZl96bcAGdru8OpQYP7x/rI4h5+rwA/kwIBAg==\n"
-        "-----END DH PARAMETERS-----\n";
-    const char badPem[] =
-        "-----BEGIN DH PARAMETERS-----\n"
-        "-----END DH PARAMETERS-----\n";
-    const char emptySeqPem[] =
-        "-----BEGIN DH PARAMETERS-----\n"
-        "MAA=\n"
-        "-----END DH PARAMETERS-----\n";
-
-    ExpectTrue((fp = XFOPEN(dhParamFile, "rb")) != XBADFILE);
-    ExpectIntGT((pemSz = (int)XFREAD(pem, 1, sizeof(pem), fp)), 0);
-    if (fp != XBADFILE) {
-        XFCLOSE(fp);
-        fp = XBADFILE;
-    }
-
-    ExpectNull(PEM_read_bio_DHparams(NULL, NULL, NULL, NULL));
-
-    ExpectNotNull(bio = BIO_new(BIO_s_mem()));
-    ExpectNull(dh = PEM_read_bio_DHparams(bio, NULL, NULL, NULL));
-    ExpectIntEQ(BIO_write(bio, badPem, (int)sizeof(badPem)),
-        (int)sizeof(badPem));
-    ExpectNull(dh = PEM_read_bio_DHparams(bio, NULL, NULL, NULL));
-    BIO_free(bio);
-    bio = NULL;
-
-    ExpectNotNull(bio = BIO_new(BIO_s_mem()));
-    ExpectNull(dh = PEM_read_bio_DHparams(bio, NULL, NULL, NULL));
-    ExpectIntEQ(BIO_write(bio, emptySeqPem, (int)sizeof(emptySeqPem)),
-        (int)sizeof(emptySeqPem));
-    ExpectNull(dh = PEM_read_bio_DHparams(bio, NULL, NULL, NULL));
-    BIO_free(bio);
-    bio = NULL;
-
-    ExpectNotNull(bio = BIO_new(BIO_s_mem()));
-    ExpectIntEQ(BIO_write(bio, pem, pemSz), pemSz);
-    ExpectNotNull(dh = PEM_read_bio_DHparams(bio, NULL, NULL, NULL));
-    BIO_free(bio);
-    bio = NULL;
-
-    ExpectNotNull(fp = XFOPEN("./test-write-dhparams.pem", "wb"));
-    ExpectIntEQ(PEM_write_DHparams(fp, dh), WOLFSSL_SUCCESS);
-    ExpectIntEQ(PEM_write_DHparams(fp, NULL), WC_NO_ERR_TRACE(WOLFSSL_FAILURE));
-    DH_free(dh);
-    dh = NULL;
-
-    dh = wolfSSL_DH_new();
-    ExpectIntEQ(PEM_write_DHparams(fp, dh), WC_NO_ERR_TRACE(WOLFSSL_FAILURE));
-    if (fp != XBADFILE) {
-        XFCLOSE(fp);
-        fp = XBADFILE;
-    }
-    wolfSSL_DH_free(dh);
-    dh = NULL;
-
-    /* check results */
-    XMEMSET(pem, 0, sizeof(pem));
-    ExpectTrue((fp = XFOPEN("./test-write-dhparams.pem", "rb")) != XBADFILE);
-    ExpectIntGT((pemSz = (int)XFREAD(pem, 1, sizeof(pem), fp)), 0);
-    ExpectIntEQ(XMEMCMP(pem, expected, pemSz), 0);
-    if (fp != XBADFILE)
-        XFCLOSE(fp);
-#endif
-    return EXPECT_RESULT();
-}
-
-static int test_wolfSSL_d2i_DHparams(void)
-{
-    EXPECT_DECLS;
-#ifdef OPENSSL_ALL
-#if !defined(NO_DH) && (defined(HAVE_FFDHE_2048) || defined(HAVE_FFDHE_3072))
-#if !defined(HAVE_FIPS) || (defined(HAVE_FIPS_VERSION) && (HAVE_FIPS_VERSION>2))
-    XFILE f = XBADFILE;
-    unsigned char buf[4096];
-    const unsigned char* pt = buf;
-#ifdef HAVE_FFDHE_2048
-    const char* params1 = "./certs/dh2048.der";
-#endif
-#ifdef HAVE_FFDHE_3072
-    const char* params2 = "./certs/dh3072.der";
-#endif
-    long len = 0;
-    WOLFSSL_DH* dh = NULL;
-    XMEMSET(buf, 0, sizeof(buf));
-
-    /* Test 2048 bit parameters */
-#ifdef HAVE_FFDHE_2048
-    ExpectTrue((f = XFOPEN(params1, "rb")) != XBADFILE);
-    ExpectTrue((len = (long)XFREAD(buf, 1, sizeof(buf), f)) > 0);
-    if (f != XBADFILE) {
-        XFCLOSE(f);
-        f = XBADFILE;
-    }
-
-    /* Valid case */
-    ExpectNotNull(dh = wolfSSL_d2i_DHparams(NULL, &pt, len));
-    ExpectNotNull(dh->p);
-    ExpectNotNull(dh->g);
-    ExpectTrue(pt == buf);
-    ExpectIntEQ(DH_set_length(NULL, BN_num_bits(dh->p)), 0);
-    ExpectIntEQ(DH_set_length(dh, BN_num_bits(dh->p)), 1);
-    ExpectIntEQ(DH_generate_key(dh), WOLFSSL_SUCCESS);
-
-    /* Invalid cases */
-    ExpectNull(wolfSSL_d2i_DHparams(NULL, NULL, len));
-    ExpectNull(wolfSSL_d2i_DHparams(NULL, &pt, -1));
-    ExpectNull(wolfSSL_d2i_DHparams(NULL, &pt, 10));
-
-    DH_free(dh);
-    dh = NULL;
-
-    *buf = 0;
-    pt = buf;
-#endif /* HAVE_FFDHE_2048 */
-
-    /* Test 3072 bit parameters */
-#ifdef HAVE_FFDHE_3072
-    ExpectTrue((f = XFOPEN(params2, "rb")) != XBADFILE);
-    ExpectTrue((len = (long)XFREAD(buf, 1, sizeof(buf), f)) > 0);
-    if (f != XBADFILE) {
-        XFCLOSE(f);
-        f = XBADFILE;
-    }
-
-    /* Valid case */
-    ExpectNotNull(dh = wolfSSL_d2i_DHparams(&dh, &pt, len));
-    ExpectNotNull(dh->p);
-    ExpectNotNull(dh->g);
-    ExpectTrue(pt != buf);
-    ExpectIntEQ(DH_generate_key(dh), 1);
-
-    /* Invalid cases */
-    ExpectNull(wolfSSL_d2i_DHparams(NULL, NULL, len));
-    ExpectNull(wolfSSL_d2i_DHparams(NULL, &pt, -1));
-
-    DH_free(dh);
-    dh = NULL;
-#endif /* HAVE_FFDHE_3072 */
-
-#endif /* !HAVE_FIPS || HAVE_FIPS_VERSION > 2 */
-#endif /* !NO_DH */
-#endif
-    return EXPECT_RESULT();
-}
-
-static int test_wolfSSL_DH_LoadDer(void)
-{
-    EXPECT_DECLS;
-#if !defined(NO_DH) && (!defined(HAVE_FIPS) || FIPS_VERSION_GT(2,0)) && \
-    defined(OPENSSL_EXTRA)
-    static const byte dh2048[] = {
-        0x30, 0x82, 0x01, 0x08, 0x02, 0x82, 0x01, 0x01,
-        0x00, 0xb0, 0xa1, 0x08, 0x06, 0x9c, 0x08, 0x13,
-        0xba, 0x59, 0x06, 0x3c, 0xbc, 0x30, 0xd5, 0xf5,
-        0x00, 0xc1, 0x4f, 0x44, 0xa7, 0xd6, 0xef, 0x4a,
-        0xc6, 0x25, 0x27, 0x1c, 0xe8, 0xd2, 0x96, 0x53,
-        0x0a, 0x5c, 0x91, 0xdd, 0xa2, 0xc2, 0x94, 0x84,
-        0xbf, 0x7d, 0xb2, 0x44, 0x9f, 0x9b, 0xd2, 0xc1,
-        0x8a, 0xc5, 0xbe, 0x72, 0x5c, 0xa7, 0xe7, 0x91,
-        0xe6, 0xd4, 0x9f, 0x73, 0x07, 0x85, 0x5b, 0x66,
-        0x48, 0xc7, 0x70, 0xfa, 0xb4, 0xee, 0x02, 0xc9,
-        0x3d, 0x9a, 0x4a, 0xda, 0x3d, 0xc1, 0x46, 0x3e,
-        0x19, 0x69, 0xd1, 0x17, 0x46, 0x07, 0xa3, 0x4d,
-        0x9f, 0x2b, 0x96, 0x17, 0x39, 0x6d, 0x30, 0x8d,
-        0x2a, 0xf3, 0x94, 0xd3, 0x75, 0xcf, 0xa0, 0x75,
-        0xe6, 0xf2, 0x92, 0x1f, 0x1a, 0x70, 0x05, 0xaa,
-        0x04, 0x83, 0x57, 0x30, 0xfb, 0xda, 0x76, 0x93,
-        0x38, 0x50, 0xe8, 0x27, 0xfd, 0x63, 0xee, 0x3c,
-        0xe5, 0xb7, 0xc8, 0x09, 0xae, 0x6f, 0x50, 0x35,
-        0x8e, 0x84, 0xce, 0x4a, 0x00, 0xe9, 0x12, 0x7e,
-        0x5a, 0x31, 0xd7, 0x33, 0xfc, 0x21, 0x13, 0x76,
-        0xcc, 0x16, 0x30, 0xdb, 0x0c, 0xfc, 0xc5, 0x62,
-        0xa7, 0x35, 0xb8, 0xef, 0xb7, 0xb0, 0xac, 0xc0,
-        0x36, 0xf6, 0xd9, 0xc9, 0x46, 0x48, 0xf9, 0x40,
-        0x90, 0x00, 0x2b, 0x1b, 0xaa, 0x6c, 0xe3, 0x1a,
-        0xc3, 0x0b, 0x03, 0x9e, 0x1b, 0xc2, 0x46, 0xe4,
-        0x48, 0x4e, 0x22, 0x73, 0x6f, 0xc3, 0x5f, 0xd4,
-        0x9a, 0xd6, 0x30, 0x07, 0x48, 0xd6, 0x8c, 0x90,
-        0xab, 0xd4, 0xf6, 0xf1, 0xe3, 0x48, 0xd3, 0x58,
-        0x4b, 0xa6, 0xb9, 0xcd, 0x29, 0xbf, 0x68, 0x1f,
-        0x08, 0x4b, 0x63, 0x86, 0x2f, 0x5c, 0x6b, 0xd6,
-        0xb6, 0x06, 0x65, 0xf7, 0xa6, 0xdc, 0x00, 0x67,
-        0x6b, 0xbb, 0xc3, 0xa9, 0x41, 0x83, 0xfb, 0xc7,
-        0xfa, 0xc8, 0xe2, 0x1e, 0x7e, 0xaf, 0x00, 0x3f,
-        0x93, 0x02, 0x01, 0x02
-    };
-    WOLFSSL_DH* dh = NULL;
-
-    ExpectNotNull(dh = wolfSSL_DH_new());
-
-    ExpectIntEQ(wolfSSL_DH_LoadDer(NULL, NULL, 0), -1);
-    ExpectIntEQ(wolfSSL_DH_LoadDer(dh, NULL, 0), -1);
-    ExpectIntEQ(wolfSSL_DH_LoadDer(NULL, dh2048, sizeof(dh2048)), -1);
-
-    ExpectIntEQ(wolfSSL_DH_LoadDer(dh, dh2048, sizeof(dh2048)), 1);
-
-    wolfSSL_DH_free(dh);
-#endif
-    return EXPECT_RESULT();
-}
-
-static int test_wolfSSL_i2d_DHparams(void)
-{
-    EXPECT_DECLS;
-#ifdef OPENSSL_ALL
-#if !defined(NO_DH) && (defined(HAVE_FFDHE_2048) || defined(HAVE_FFDHE_3072))
-#if !defined(HAVE_FIPS) || (defined(HAVE_FIPS_VERSION) && (HAVE_FIPS_VERSION>2))
-    XFILE f = XBADFILE;
-    unsigned char buf[4096];
-    const unsigned char* pt;
-    unsigned char* pt2;
-#ifdef HAVE_FFDHE_2048
-    const char* params1 = "./certs/dh2048.der";
-#endif
-#ifdef HAVE_FFDHE_3072
-    const char* params2 = "./certs/dh3072.der";
-#endif
-    long len = 0;
-    WOLFSSL_DH* dh = NULL;
-
-    /* Test 2048 bit parameters */
-#ifdef HAVE_FFDHE_2048
-    pt = buf;
-    pt2 = buf;
-
-    ExpectTrue((f = XFOPEN(params1, "rb")) != XBADFILE);
-    ExpectTrue((len = (long)XFREAD(buf, 1, sizeof(buf), f)) > 0);
-    if (f != XBADFILE) {
-        XFCLOSE(f);
-        f = XBADFILE;
-    }
-
-    /* Valid case */
-    ExpectNotNull(dh = wolfSSL_d2i_DHparams(NULL, &pt, len));
-    ExpectTrue(pt == buf);
-    ExpectIntEQ(DH_generate_key(dh), 1);
-    ExpectIntEQ(wolfSSL_i2d_DHparams(dh, &pt2), 268);
-
-    /* Invalid case */
-    ExpectIntEQ(wolfSSL_i2d_DHparams(NULL, &pt2), 0);
-
-    /* Return length only */
-    ExpectIntEQ(wolfSSL_i2d_DHparams(dh, NULL), 268);
-
-    DH_free(dh);
-    dh = NULL;
-
-    *buf = 0;
-#endif
-
-    /* Test 3072 bit parameters */
-#ifdef HAVE_FFDHE_3072
-    pt = buf;
-    pt2 = buf;
-
-    ExpectTrue((f = XFOPEN(params2, "rb")) != XBADFILE);
-    ExpectTrue((len = (long)XFREAD(buf, 1, sizeof(buf), f)) > 0);
-    if (f != XBADFILE) {
-        XFCLOSE(f);
-        f = XBADFILE;
-    }
-
-    /* Valid case */
-    ExpectNotNull(dh = wolfSSL_d2i_DHparams(NULL, &pt, len));
-    ExpectTrue(pt == buf);
-    ExpectIntEQ(DH_generate_key(dh), 1);
-    ExpectIntEQ(wolfSSL_i2d_DHparams(dh, &pt2), 396);
-
-    /* Invalid case */
-    ExpectIntEQ(wolfSSL_i2d_DHparams(NULL, &pt2), 0);
-
-    /* Return length only */
-    ExpectIntEQ(wolfSSL_i2d_DHparams(dh, NULL), 396);
-
-    DH_free(dh);
-    dh = NULL;
-#endif
-
-    dh = DH_new();
-    ExpectNotNull(dh);
-    pt2 = buf;
-    ExpectIntEQ(wolfSSL_i2d_DHparams(dh, &pt2), 0);
-    DH_free(dh);
-    dh = NULL;
-#endif /* !HAVE_FIPS || HAVE_FIPS_VERSION > 2 */
-#endif /* !NO_DH && (HAVE_FFDHE_2048 || HAVE_FFDHE_3072) */
-#endif
-    return EXPECT_RESULT();
-}
-
-#if defined(HAVE_ECC) && !defined(OPENSSL_NO_PK)
-
-/*----------------------------------------------------------------------------*
- | EC
- *----------------------------------------------------------------------------*/
-
-static int test_wolfSSL_EC_GROUP(void)
-{
-    EXPECT_DECLS;
-#ifdef OPENSSL_EXTRA
-    EC_GROUP *group = NULL;
-    EC_GROUP *group2 = NULL;
-    EC_GROUP *group3 = NULL;
-#ifndef HAVE_ECC_BRAINPOOL
-    EC_GROUP *group4 = NULL;
-#endif
-    WOLFSSL_BIGNUM* order = NULL;
-    int group_bits;
-    int i;
-    static const int knownEccNids[] = {
-        NID_X9_62_prime192v1,
-        NID_X9_62_prime192v2,
-        NID_X9_62_prime192v3,
-        NID_X9_62_prime239v1,
-        NID_X9_62_prime239v2,
-        NID_X9_62_prime239v3,
-        NID_X9_62_prime256v1,
-        NID_secp112r1,
-        NID_secp112r2,
-        NID_secp128r1,
-        NID_secp128r2,
-        NID_secp160r1,
-        NID_secp160r2,
-        NID_secp224r1,
-        NID_secp384r1,
-        NID_secp521r1,
-        NID_secp160k1,
-        NID_secp192k1,
-        NID_secp224k1,
-        NID_secp256k1,
-        NID_brainpoolP160r1,
-        NID_brainpoolP192r1,
-        NID_brainpoolP224r1,
-        NID_brainpoolP256r1,
-        NID_brainpoolP320r1,
-        NID_brainpoolP384r1,
-        NID_brainpoolP512r1,
-    };
-    int knowEccNidsLen = (int)(sizeof(knownEccNids) / sizeof(*knownEccNids));
-    static const int knownEccEnums[] = {
-        ECC_SECP192R1,
-        ECC_PRIME192V2,
-        ECC_PRIME192V3,
-        ECC_PRIME239V1,
-        ECC_PRIME239V2,
-        ECC_PRIME239V3,
-        ECC_SECP256R1,
-        ECC_SECP112R1,
-        ECC_SECP112R2,
-        ECC_SECP128R1,
-        ECC_SECP128R2,
-        ECC_SECP160R1,
-        ECC_SECP160R2,
-        ECC_SECP224R1,
-        ECC_SECP384R1,
-        ECC_SECP521R1,
-        ECC_SECP160K1,
-        ECC_SECP192K1,
-        ECC_SECP224K1,
-        ECC_SECP256K1,
-        ECC_BRAINPOOLP160R1,
-        ECC_BRAINPOOLP192R1,
-        ECC_BRAINPOOLP224R1,
-        ECC_BRAINPOOLP256R1,
-        ECC_BRAINPOOLP320R1,
-        ECC_BRAINPOOLP384R1,
-        ECC_BRAINPOOLP512R1,
-    };
-    int knowEccEnumsLen = (int)(sizeof(knownEccEnums) / sizeof(*knownEccEnums));
-
-    ExpectNotNull(group = EC_GROUP_new_by_curve_name(NID_X9_62_prime256v1));
-    ExpectNotNull(group2 = EC_GROUP_dup(group));
-    ExpectNotNull(group3 = wolfSSL_EC_GROUP_new_by_curve_name(NID_secp384r1));
-#ifndef HAVE_ECC_BRAINPOOL
-    ExpectNotNull(group4 = wolfSSL_EC_GROUP_new_by_curve_name(
-        NID_brainpoolP256r1));
-#endif
-
-    ExpectNull(EC_GROUP_dup(NULL));
-
-    ExpectIntEQ(wolfSSL_EC_GROUP_get_curve_name(NULL), 0);
-    ExpectIntEQ(wolfSSL_EC_GROUP_get_curve_name(group), NID_X9_62_prime256v1);
-
-    ExpectIntEQ((group_bits = EC_GROUP_order_bits(NULL)), 0);
-    ExpectIntEQ((group_bits = EC_GROUP_order_bits(group)), 256);
-#ifndef HAVE_ECC_BRAINPOOL
-    ExpectIntEQ((group_bits = EC_GROUP_order_bits(group4)), 0);
-#endif
-
-    ExpectIntEQ(wolfSSL_EC_GROUP_get_degree(NULL), 0);
-    ExpectIntEQ(wolfSSL_EC_GROUP_get_degree(group), 256);
-
-    ExpectNotNull(order = BN_new());
-    ExpectIntEQ(wolfSSL_EC_GROUP_get_order(NULL, NULL, NULL), 0);
-    ExpectIntEQ(wolfSSL_EC_GROUP_get_order(group, NULL, NULL), 0);
-    ExpectIntEQ(wolfSSL_EC_GROUP_get_order(NULL, order, NULL), 0);
-    ExpectIntEQ(wolfSSL_EC_GROUP_get_order(group, order, NULL), 1);
-    wolfSSL_BN_free(order);
-
-    ExpectNotNull(EC_GROUP_method_of(group));
-
-    ExpectIntEQ(EC_METHOD_get_field_type(NULL), 0);
-    ExpectIntEQ(EC_METHOD_get_field_type(EC_GROUP_method_of(group)),
-        NID_X9_62_prime_field);
-
-    ExpectIntEQ(wolfSSL_EC_GROUP_cmp(NULL, NULL, NULL), -1);
-    ExpectIntEQ(wolfSSL_EC_GROUP_cmp(group, NULL, NULL), -1);
-    ExpectIntEQ(wolfSSL_EC_GROUP_cmp(NULL, group, NULL), -1);
-    ExpectIntEQ(wolfSSL_EC_GROUP_cmp(group, group3, NULL), 1);
-
-#ifndef NO_WOLFSSL_STUB
-    wolfSSL_EC_GROUP_set_asn1_flag(group, OPENSSL_EC_NAMED_CURVE);
-#endif
-
-#ifndef HAVE_ECC_BRAINPOOL
-    EC_GROUP_free(group4);
-#endif
-    EC_GROUP_free(group3);
-    EC_GROUP_free(group2);
-    EC_GROUP_free(group);
-
-    for (i = 0; i < knowEccNidsLen; i++) {
-        group = NULL;
-        ExpectNotNull(group = EC_GROUP_new_by_curve_name(knownEccNids[i]));
-        ExpectIntGT(wolfSSL_EC_GROUP_get_degree(group), 0);
-        EC_GROUP_free(group);
-    }
-    for (i = 0; i < knowEccEnumsLen; i++) {
-        group = NULL;
-        ExpectNotNull(group = EC_GROUP_new_by_curve_name(knownEccEnums[i]));
-        ExpectIntEQ(wolfSSL_EC_GROUP_get_curve_name(group), knownEccNids[i]);
-        EC_GROUP_free(group);
-    }
-#endif
-   return EXPECT_RESULT();
-}
-
-static int test_wolfSSL_PEM_read_bio_ECPKParameters(void)
-{
-    EXPECT_DECLS;
-#if !defined(NO_FILESYSTEM) && defined(OPENSSL_EXTRA) && !defined(NO_BIO)
-    EC_GROUP *group = NULL;
-    BIO* bio = NULL;
-#if (defined(HAVE_ECC384) || defined(HAVE_ALL_CURVES)) && \
-    ECC_MIN_KEY_SZ <= 384 && !defined(NO_ECC_SECP)
-    EC_GROUP *ret = NULL;
-    static char ec_nc_p384[] = "-----BEGIN EC PARAMETERS-----\n"
-                               "BgUrgQQAIg==\n"
-                               "-----END EC PARAMETERS-----";
-#endif
-    static char ec_nc_bad_1[] = "-----BEGIN EC PARAMETERS-----\n"
-                                "MAA=\n"
-                                "-----END EC PARAMETERS-----";
-    static char ec_nc_bad_2[] = "-----BEGIN EC PARAMETERS-----\n"
-                                "BgA=\n"
-                                "-----END EC PARAMETERS-----";
-    static char ec_nc_bad_3[] = "-----BEGIN EC PARAMETERS-----\n"
-                                "BgE=\n"
-                                "-----END EC PARAMETERS-----";
-    static char ec_nc_bad_4[] = "-----BEGIN EC PARAMETERS-----\n"
-                                "BgE*\n"
-                                "-----END EC PARAMETERS-----";
-
-    /* Test that first parameter, bio, being NULL fails. */
-    ExpectNull(PEM_read_bio_ECPKParameters(NULL, NULL, NULL, NULL));
-
-    /* Test that reading named parameters works. */
-    ExpectNotNull(bio = BIO_new(BIO_s_file()));
-    ExpectIntEQ(BIO_read_filename(bio, eccKeyFile), WOLFSSL_SUCCESS);
-    ExpectNotNull(group = PEM_read_bio_ECPKParameters(bio, NULL, NULL, NULL));
-    ExpectIntEQ(EC_GROUP_get_curve_name(group), NID_X9_62_prime256v1);
-    BIO_free(bio);
-    bio = NULL;
-    EC_GROUP_free(group);
-    group = NULL;
-
-#if (defined(HAVE_ECC384) || defined(HAVE_ALL_CURVES)) && \
-    ECC_MIN_KEY_SZ <= 384 && !defined(NO_ECC_SECP)
-    /* Test that reusing group works. */
-    ExpectNotNull(bio = BIO_new_mem_buf((unsigned char*)ec_nc_p384,
-        sizeof(ec_nc_p384)));
-    ExpectNotNull(group = PEM_read_bio_ECPKParameters(bio, &group, NULL, NULL));
-    ExpectIntEQ(EC_GROUP_get_curve_name(group), NID_secp384r1);
-    BIO_free(bio);
-    bio = NULL;
-    EC_GROUP_free(group);
-    group = NULL;
-
-    /* Test that returning through group works. */
-    ExpectNotNull(bio = BIO_new_mem_buf((unsigned char*)ec_nc_p384,
-        sizeof(ec_nc_p384)));
-    ExpectNotNull(ret = PEM_read_bio_ECPKParameters(bio, &group, NULL, NULL));
-    ExpectIntEQ(ret == group, 1);
-    ExpectIntEQ(EC_GROUP_get_curve_name(group), NID_secp384r1);
-    BIO_free(bio);
-    bio = NULL;
-    EC_GROUP_free(group);
-    group = NULL;
-#endif
-
-    /* Test 0x30, 0x00 (not and object id) fails. */
-    ExpectNotNull(bio = BIO_new_mem_buf((unsigned char*)ec_nc_bad_1,
-        sizeof(ec_nc_bad_1)));
-    ExpectNull(PEM_read_bio_ECPKParameters(bio, NULL, NULL, NULL));
-    BIO_free(bio);
-    bio = NULL;
-
-    /* Test 0x06, 0x00 (empty object id) fails. */
-    ExpectNotNull(bio = BIO_new_mem_buf((unsigned char*)ec_nc_bad_2,
-        sizeof(ec_nc_bad_2)));
-    ExpectNull(PEM_read_bio_ECPKParameters(bio, NULL, NULL, NULL));
-    BIO_free(bio);
-    bio = NULL;
-
-    /* Test 0x06, 0x01 (badly formed object id) fails. */
-    ExpectNotNull(bio = BIO_new_mem_buf((unsigned char*)ec_nc_bad_3,
-        sizeof(ec_nc_bad_3)));
-    ExpectNull(PEM_read_bio_ECPKParameters(bio, NULL, NULL, NULL));
-    BIO_free(bio);
-    bio = NULL;
-
-    /* Test invalid PEM encoding - invalid character. */
-    ExpectNotNull(bio = BIO_new_mem_buf((unsigned char*)ec_nc_bad_4,
-        sizeof(ec_nc_bad_4)));
-    ExpectNull(PEM_read_bio_ECPKParameters(bio, NULL, NULL, NULL));
-    BIO_free(bio);
-#endif
-    return EXPECT_RESULT();
-}
-
-static int test_wolfSSL_i2d_ECPKParameters(void)
-{
-    EXPECT_DECLS;
-#if defined(OPENSSL_EXTRA)
-    EC_GROUP* grp = NULL;
-    unsigned char p256_oid[] = {
-        0x06, 0x08, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x03, 0x01, 0x07
-    };
-    unsigned char *der = p256_oid;
-    unsigned char out_der[sizeof(p256_oid)];
-
-    XMEMSET(out_der, 0, sizeof(out_der));
-    ExpectNotNull(d2i_ECPKParameters(&grp, (const unsigned char **)&der,
-            sizeof(p256_oid)));
-    der = out_der;
-    ExpectIntEQ(i2d_ECPKParameters(grp, &der), sizeof(p256_oid));
-    ExpectBufEQ(p256_oid, out_der, sizeof(p256_oid));
-    EC_GROUP_free(grp);
-#endif
-    return EXPECT_RESULT();
-}
-
-static int test_wolfSSL_EC_POINT(void)
-{
-    EXPECT_DECLS;
-#if !defined(WOLFSSL_SP_MATH) && \
-  (!defined(HAVE_FIPS) || (defined(HAVE_FIPS_VERSION) && (HAVE_FIPS_VERSION>2)))
-
-#ifdef OPENSSL_EXTRA
-    BN_CTX* ctx = NULL;
-    EC_GROUP* group = NULL;
-#ifndef HAVE_ECC_BRAINPOOL
-    EC_GROUP* group2 = NULL;
-#endif
-    EC_POINT* Gxy = NULL;
-    EC_POINT* new_point = NULL;
-    EC_POINT* set_point = NULL;
-    EC_POINT* get_point = NULL;
-    EC_POINT* infinity = NULL;
-    BIGNUM* k = NULL;
-    BIGNUM* Gx = NULL;
-    BIGNUM* Gy = NULL;
-    BIGNUM* Gz = NULL;
-    BIGNUM* X = NULL;
-    BIGNUM* Y = NULL;
-    BIGNUM* set_point_bn = NULL;
-    char* hexStr = NULL;
-
-    const char* kTest = "F4F8338AFCC562C5C3F3E1E46A7EFECD"
-                        "17AF381913FF7A96314EA47055EA0FD0";
-    /* NISTP256R1 Gx/Gy */
-    const char* kGx   = "6B17D1F2E12C4247F8BCE6E563A440F2"
-                        "77037D812DEB33A0F4A13945D898C296";
-    const char* kGy   = "4FE342E2FE1A7F9B8EE7EB4A7C0F9E16"
-                        "2BCE33576B315ECECBB6406837BF51F5";
-    const char* uncompG
-                      = "046B17D1F2E12C4247F8BCE6E563A440F2"
-                        "77037D812DEB33A0F4A13945D898C296"
-                        "4FE342E2FE1A7F9B8EE7EB4A7C0F9E16"
-                        "2BCE33576B315ECECBB6406837BF51F5";
-    const char* compG
-                      = "036B17D1F2E12C4247F8BCE6E563A440F2"
-                        "77037D812DEB33A0F4A13945D898C296";
-
-#ifndef HAVE_SELFTEST
-    EC_POINT *tmp = NULL;
-    size_t bin_len;
-    unsigned int blen = 0;
-    unsigned char* buf = NULL;
-    unsigned char bufInf[1] = { 0x00 };
-
-    const unsigned char binUncompG[] = {
-        0x04, 0x6b, 0x17, 0xd1, 0xf2, 0xe1, 0x2c, 0x42, 0x47, 0xf8, 0xbc,
-        0xe6, 0xe5, 0x63, 0xa4, 0x40, 0xf2, 0x77, 0x03, 0x7d, 0x81, 0x2d,
-        0xeb, 0x33, 0xa0, 0xf4, 0xa1, 0x39, 0x45, 0xd8, 0x98, 0xc2, 0x96,
-        0x4f, 0xe3, 0x42, 0xe2, 0xfe, 0x1a, 0x7f, 0x9b, 0x8e, 0xe7, 0xeb,
-        0x4a, 0x7c, 0x0f, 0x9e, 0x16, 0x2b, 0xce, 0x33, 0x57, 0x6b, 0x31,
-        0x5e, 0xce, 0xcb, 0xb6, 0x40, 0x68, 0x37, 0xbf, 0x51, 0xf5,
-    };
-    const unsigned char binUncompGBad[] = {
-        0x09, 0x6b, 0x17, 0xd1, 0xf2, 0xe1, 0x2c, 0x42, 0x47, 0xf8, 0xbc,
-        0xe6, 0xe5, 0x63, 0xa4, 0x40, 0xf2, 0x77, 0x03, 0x7d, 0x81, 0x2d,
-        0xeb, 0x33, 0xa0, 0xf4, 0xa1, 0x39, 0x45, 0xd8, 0x98, 0xc2, 0x96,
-        0x4f, 0xe3, 0x42, 0xe2, 0xfe, 0x1a, 0x7f, 0x9b, 0x8e, 0xe7, 0xeb,
-        0x4a, 0x7c, 0x0f, 0x9e, 0x16, 0x2b, 0xce, 0x33, 0x57, 0x6b, 0x31,
-        0x5e, 0xce, 0xcb, 0xb6, 0x40, 0x68, 0x37, 0xbf, 0x51, 0xf5,
-    };
-
-#ifdef HAVE_COMP_KEY
-    const unsigned char binCompG[] = {
-        0x03, 0x6b, 0x17, 0xd1, 0xf2, 0xe1, 0x2c, 0x42, 0x47, 0xf8, 0xbc,
-        0xe6, 0xe5, 0x63, 0xa4, 0x40, 0xf2, 0x77, 0x03, 0x7d, 0x81, 0x2d,
-        0xeb, 0x33, 0xa0, 0xf4, 0xa1, 0x39, 0x45, 0xd8, 0x98, 0xc2, 0x96,
-    };
-#endif
-#endif
-
-    ExpectNotNull(ctx = BN_CTX_new());
-    ExpectNotNull(group = EC_GROUP_new_by_curve_name(NID_X9_62_prime256v1));
-#ifndef HAVE_ECC_BRAINPOOL
-    /* Used to make groups curve_idx == -1. */
-    ExpectNotNull(group2 = EC_GROUP_new_by_curve_name(NID_brainpoolP256r1));
-#endif
-
-    ExpectNull(EC_POINT_new(NULL));
-    ExpectNotNull(Gxy = EC_POINT_new(group));
-    ExpectNotNull(new_point = EC_POINT_new(group));
-    ExpectNotNull(set_point = EC_POINT_new(group));
-    ExpectNotNull(X = BN_new());
-    ExpectNotNull(Y = BN_new());
-    ExpectNotNull(set_point_bn = BN_new());
-
-    ExpectNotNull(infinity = EC_POINT_new(group));
-
-    /* load test values */
-    ExpectIntEQ(BN_hex2bn(&k,  kTest), WOLFSSL_SUCCESS);
-    ExpectIntEQ(BN_hex2bn(&Gx, kGx),   WOLFSSL_SUCCESS);
-    ExpectIntEQ(BN_hex2bn(&Gy, kGy),   WOLFSSL_SUCCESS);
-    ExpectIntEQ(BN_hex2bn(&Gz, "1"),   WOLFSSL_SUCCESS);
-
-    /* populate coordinates for input point */
-    if (Gxy != NULL) {
-        Gxy->X = Gx;
-        Gxy->Y = Gy;
-        Gxy->Z = Gz;
-    }
-
-    /* Test handling of NULL point. */
-    EC_POINT_clear_free(NULL);
-
-    ExpectIntEQ(wolfSSL_EC_POINT_get_affine_coordinates_GFp(NULL, NULL,
-        NULL, NULL, ctx), 0);
-    ExpectIntEQ(wolfSSL_EC_POINT_get_affine_coordinates_GFp(group, NULL,
-        NULL, NULL, ctx), 0);
-    ExpectIntEQ(wolfSSL_EC_POINT_get_affine_coordinates_GFp(NULL, Gxy,
-        NULL, NULL, ctx), 0);
-    ExpectIntEQ(wolfSSL_EC_POINT_get_affine_coordinates_GFp(NULL, NULL,
-        X, NULL, ctx), 0);
-    ExpectIntEQ(wolfSSL_EC_POINT_get_affine_coordinates_GFp(NULL, NULL,
-        NULL, Y, ctx), 0);
-    ExpectIntEQ(wolfSSL_EC_POINT_get_affine_coordinates_GFp(NULL, Gxy,
-        X, Y, ctx), 0);
-    ExpectIntEQ(wolfSSL_EC_POINT_get_affine_coordinates_GFp(group, NULL,
-        X, Y, ctx), 0);
-    ExpectIntEQ(wolfSSL_EC_POINT_get_affine_coordinates_GFp(group, Gxy,
-        NULL, Y, ctx), 0);
-    ExpectIntEQ(wolfSSL_EC_POINT_get_affine_coordinates_GFp(group, Gxy,
-        X, NULL, ctx), 0);
-    /* Getting point at infinity returns an error. */
-    ExpectIntEQ(wolfSSL_EC_POINT_get_affine_coordinates_GFp(group, infinity,
-        X, Y, ctx), 0);
-
-#if !defined(WOLFSSL_ATECC508A) && !defined(WOLFSSL_ATECC608A) && \
-    !defined(HAVE_SELFTEST) && !defined(WOLFSSL_SP_MATH) && \
-    !defined(WOLF_CRYPTO_CB_ONLY_ECC)
-    ExpectIntEQ(EC_POINT_add(NULL, NULL, NULL, NULL, ctx), 0);
-    ExpectIntEQ(EC_POINT_add(group, NULL, NULL, NULL, ctx), 0);
-    ExpectIntEQ(EC_POINT_add(NULL, new_point, NULL, NULL, ctx), 0);
-    ExpectIntEQ(EC_POINT_add(NULL, NULL, new_point, NULL, ctx), 0);
-    ExpectIntEQ(EC_POINT_add(NULL, NULL, NULL, Gxy, ctx), 0);
-    ExpectIntEQ(EC_POINT_add(NULL, new_point, new_point, Gxy, ctx), 0);
-    ExpectIntEQ(EC_POINT_add(group, NULL, new_point, Gxy, ctx), 0);
-    ExpectIntEQ(EC_POINT_add(group, new_point, NULL, Gxy, ctx), 0);
-    ExpectIntEQ(EC_POINT_add(group, new_point, new_point, NULL, ctx), 0);
-
-    ExpectIntEQ(EC_POINT_mul(NULL, NULL, Gx, Gxy, k, ctx), 0);
-    ExpectIntEQ(EC_POINT_mul(NULL, new_point, Gx, Gxy, k, ctx), 0);
-    ExpectIntEQ(EC_POINT_mul(group, NULL, Gx, Gxy, k, ctx), 0);
-
-    ExpectIntEQ(EC_POINT_add(group, new_point, new_point, Gxy, ctx), 1);
-    /* perform point multiplication */
-    ExpectIntEQ(EC_POINT_mul(group, new_point, Gx, Gxy, k, ctx), 1);
-    ExpectIntEQ(BN_is_zero(new_point->X), 0);
-    ExpectIntEQ(BN_is_zero(new_point->Y), 0);
-    ExpectIntEQ(BN_is_zero(new_point->Z), 0);
-    ExpectIntEQ(EC_POINT_mul(group, new_point, NULL, Gxy, k, ctx), 1);
-    ExpectIntEQ(BN_is_zero(new_point->X), 0);
-    ExpectIntEQ(BN_is_zero(new_point->Y), 0);
-    ExpectIntEQ(BN_is_zero(new_point->Z), 0);
-    ExpectIntEQ(EC_POINT_mul(group, new_point, Gx, NULL, NULL, ctx), 1);
-    ExpectIntEQ(BN_is_zero(new_point->X), 0);
-    ExpectIntEQ(BN_is_zero(new_point->Y), 0);
-    ExpectIntEQ(BN_is_zero(new_point->Z), 0);
-    ExpectIntEQ(EC_POINT_mul(group, new_point, NULL, NULL, NULL, ctx), 1);
-    ExpectIntEQ(BN_is_zero(new_point->X), 1);
-    ExpectIntEQ(BN_is_zero(new_point->Y), 1);
-    ExpectIntEQ(BN_is_zero(new_point->Z), 1);
-    /* Set point to something. */
-    ExpectIntEQ(EC_POINT_add(group, new_point, Gxy, Gxy, ctx), 1);
-#else
-    ExpectIntEQ(EC_POINT_set_affine_coordinates_GFp(group, new_point, Gx, Gy,
-        ctx), 1);
-    ExpectIntEQ(BN_is_zero(new_point->X), 0);
-    ExpectIntEQ(BN_is_zero(new_point->Y), 0);
-    ExpectIntEQ(BN_is_zero(new_point->Z), 0);
-#endif
-
-    /* check if point X coordinate is zero */
-    ExpectIntEQ(BN_is_zero(new_point->X), 0);
-
-#if defined(USE_ECC_B_PARAM) && !defined(HAVE_SELFTEST) && \
-    (!defined(HAVE_FIPS) || FIPS_VERSION_GT(2,0))
-    ExpectIntEQ(EC_POINT_is_on_curve(group, new_point, ctx), 1);
-#endif
-
-    /* extract the coordinates from point */
-    ExpectIntEQ(EC_POINT_get_affine_coordinates_GFp(group, new_point, X, Y,
-        ctx), WOLFSSL_SUCCESS);
-
-    /* check if point X coordinate is zero */
-    ExpectIntEQ(BN_is_zero(X), WC_NO_ERR_TRACE(WOLFSSL_FAILURE));
-
-    /* set the same X and Y points in another object */
-    ExpectIntEQ(EC_POINT_set_affine_coordinates_GFp(group, set_point, X, Y,
-        ctx), WOLFSSL_SUCCESS);
-
-    /* compare points as they should be the same */
-    ExpectIntEQ(EC_POINT_cmp(NULL, NULL, NULL, ctx), -1);
-    ExpectIntEQ(EC_POINT_cmp(group, NULL, NULL, ctx), -1);
-    ExpectIntEQ(EC_POINT_cmp(NULL, new_point, NULL, ctx), -1);
-    ExpectIntEQ(EC_POINT_cmp(NULL, NULL, set_point, ctx), -1);
-    ExpectIntEQ(EC_POINT_cmp(NULL, new_point, set_point, ctx), -1);
-    ExpectIntEQ(EC_POINT_cmp(group, NULL, set_point, ctx), -1);
-    ExpectIntEQ(EC_POINT_cmp(group, new_point, NULL, ctx), -1);
-    ExpectIntEQ(EC_POINT_cmp(group, new_point, set_point, ctx), 0);
-
-    /* Test copying */
-    ExpectIntEQ(EC_POINT_copy(NULL, NULL), 0);
-    ExpectIntEQ(EC_POINT_copy(NULL, set_point), 0);
-    ExpectIntEQ(EC_POINT_copy(new_point, NULL), 0);
-    ExpectIntEQ(EC_POINT_copy(new_point, set_point), 1);
-
-    /* Test inverting */
-    ExpectIntEQ(EC_POINT_invert(NULL, NULL, ctx), 0);
-    ExpectIntEQ(EC_POINT_invert(NULL, new_point, ctx), 0);
-    ExpectIntEQ(EC_POINT_invert(group, NULL, ctx), 0);
-    ExpectIntEQ(EC_POINT_invert(group, new_point, ctx), 1);
-
-#if !defined(WOLFSSL_ATECC508A) && !defined(WOLFSSL_ATECC608A) && \
-    !defined(HAVE_SELFTEST) && !defined(WOLFSSL_SP_MATH) && \
-    !defined(WOLF_CRYPTO_CB_ONLY_ECC)
-    {
-        EC_POINT* orig_point = NULL;
-        ExpectNotNull(orig_point = EC_POINT_new(group));
-        ExpectIntEQ(EC_POINT_add(group, orig_point, set_point, set_point, NULL),
-                    1);
-        /* new_point should be set_point inverted so adding it will revert
-         * the point back to set_point */
-        ExpectIntEQ(EC_POINT_add(group, orig_point, orig_point, new_point,
-                                 NULL), 1);
-        ExpectIntEQ(EC_POINT_cmp(group, orig_point, set_point, NULL), 0);
-        EC_POINT_free(orig_point);
-    }
-#endif
-
-    /* Test getting affine converts from projective. */
-    ExpectIntEQ(EC_POINT_copy(set_point, new_point), 1);
-    /* Force non-affine coordinates */
-    ExpectIntEQ(BN_add(new_point->Z, (WOLFSSL_BIGNUM*)BN_value_one(),
-        (WOLFSSL_BIGNUM*)BN_value_one()), 1);
-    if (new_point != NULL) {
-        new_point->inSet = 0;
-    }
-    /* extract the coordinates from point */
-    ExpectIntEQ(EC_POINT_get_affine_coordinates_GFp(group, new_point, X, Y,
-        ctx), WOLFSSL_SUCCESS);
-    /* check if point ordinates have changed. */
-    ExpectIntNE(BN_cmp(X, set_point->X), 0);
-    ExpectIntNE(BN_cmp(Y, set_point->Y), 0);
-
-    /* Test check for infinity */
-#ifndef WOLF_CRYPTO_CB_ONLY_ECC
-    ExpectIntEQ(EC_POINT_is_at_infinity(NULL, NULL), 0);
-    ExpectIntEQ(EC_POINT_is_at_infinity(NULL, infinity), 0);
-    ExpectIntEQ(EC_POINT_is_at_infinity(group, NULL), 0);
-    ExpectIntEQ(EC_POINT_is_at_infinity(group, infinity), 1);
-    ExpectIntEQ(EC_POINT_is_at_infinity(group, Gxy), 0);
-#else
-    ExpectIntEQ(EC_POINT_is_at_infinity(group, infinity), 0);
-#endif
-
-    ExpectPtrEq(EC_POINT_point2bn(group, set_point,
-        POINT_CONVERSION_UNCOMPRESSED, set_point_bn, ctx), set_point_bn);
-
-    /* check bn2hex */
-    hexStr = BN_bn2hex(k);
-    ExpectStrEQ(hexStr, kTest);
-#if !defined(NO_FILESYSTEM) && !defined(NO_STDIO_FILESYSTEM) && \
-     defined(XFPRINTF)
-    BN_print_fp(stderr, k);
-    fprintf(stderr, "\n");
-#endif
-    XFREE(hexStr, NULL, DYNAMIC_TYPE_ECC);
-
-    hexStr = BN_bn2hex(Gx);
-    ExpectStrEQ(hexStr, kGx);
-#if !defined(NO_FILESYSTEM) && !defined(NO_STDIO_FILESYSTEM) && \
-     defined(XFPRINTF)
-    BN_print_fp(stderr, Gx);
-    fprintf(stderr, "\n");
-#endif
-    XFREE(hexStr, NULL, DYNAMIC_TYPE_ECC);
-
-    hexStr = BN_bn2hex(Gy);
-    ExpectStrEQ(hexStr, kGy);
-#if !defined(NO_FILESYSTEM) && !defined(NO_STDIO_FILESYSTEM) && \
-     defined(XFPRINTF)
-    BN_print_fp(stderr, Gy);
-    fprintf(stderr, "\n");
-#endif
-    XFREE(hexStr, NULL, DYNAMIC_TYPE_ECC);
-
-    /* Test point to hex */
-    ExpectNull(EC_POINT_point2hex(NULL, NULL, POINT_CONVERSION_UNCOMPRESSED,
-        ctx));
-    ExpectNull(EC_POINT_point2hex(NULL, Gxy, POINT_CONVERSION_UNCOMPRESSED,
-        ctx));
-    ExpectNull(EC_POINT_point2hex(group, NULL, POINT_CONVERSION_UNCOMPRESSED,
-        ctx));
-#ifndef HAVE_ECC_BRAINPOOL
-    /* Group not supported in wolfCrypt. */
-    ExpectNull(EC_POINT_point2hex(group2, Gxy, POINT_CONVERSION_UNCOMPRESSED,
-        ctx));
-#endif
-
-    hexStr = EC_POINT_point2hex(group, Gxy, POINT_CONVERSION_UNCOMPRESSED, ctx);
-    ExpectNotNull(hexStr);
-    ExpectStrEQ(hexStr, uncompG);
-    ExpectNotNull(get_point = EC_POINT_hex2point(group, hexStr, NULL, ctx));
-    ExpectIntEQ(EC_POINT_cmp(group, Gxy, get_point, ctx), 0);
-    XFREE(hexStr, NULL, DYNAMIC_TYPE_ECC);
-
-    hexStr = EC_POINT_point2hex(group, Gxy, POINT_CONVERSION_COMPRESSED, ctx);
-    ExpectNotNull(hexStr);
-    ExpectStrEQ(hexStr, compG);
-    #ifdef HAVE_COMP_KEY
-    ExpectNotNull(get_point = EC_POINT_hex2point
-                                            (group, hexStr, get_point, ctx));
-    ExpectIntEQ(EC_POINT_cmp(group, Gxy, get_point, ctx), 0);
-    #endif
-    XFREE(hexStr, NULL, DYNAMIC_TYPE_ECC);
-    EC_POINT_free(get_point);
-
-#ifndef HAVE_SELFTEST
-    /* Test point to oct */
-    ExpectIntEQ(EC_POINT_point2oct(NULL, NULL, POINT_CONVERSION_UNCOMPRESSED,
-        NULL, 0, ctx), 0);
-    ExpectIntEQ(EC_POINT_point2oct(NULL, Gxy, POINT_CONVERSION_UNCOMPRESSED,
-        NULL, 0, ctx), 0);
-    ExpectIntEQ(EC_POINT_point2oct(group, NULL, POINT_CONVERSION_UNCOMPRESSED,
-        NULL, 0, ctx), 0);
-    bin_len = EC_POINT_point2oct(group, Gxy, POINT_CONVERSION_UNCOMPRESSED,
-        NULL, 0, ctx);
-    ExpectIntEQ(bin_len, sizeof(binUncompG));
-    ExpectNotNull(buf = (unsigned char*)XMALLOC(bin_len, NULL,
-         DYNAMIC_TYPE_ECC));
-    ExpectIntEQ(EC_POINT_point2oct(group, Gxy, POINT_CONVERSION_UNCOMPRESSED,
-        buf, bin_len, ctx), bin_len);
-    ExpectIntEQ(XMEMCMP(buf, binUncompG, sizeof(binUncompG)), 0);
-    XFREE(buf, NULL, DYNAMIC_TYPE_ECC);
-
-    /* Infinity (x=0, y=0) encodes as '0x00'. */
-    ExpectIntEQ(EC_POINT_point2oct(group, infinity,
-        POINT_CONVERSION_UNCOMPRESSED, NULL, 0, ctx), 1);
-    ExpectIntEQ(EC_POINT_point2oct(group, infinity,
-        POINT_CONVERSION_UNCOMPRESSED, bufInf, 0, ctx), 0);
-    ExpectIntEQ(EC_POINT_point2oct(group, infinity,
-        POINT_CONVERSION_UNCOMPRESSED, bufInf, 1, ctx), 1);
-    ExpectIntEQ(bufInf[0], 0);
-
-    wolfSSL_EC_POINT_dump(NULL, NULL);
-    /* Test point i2d */
-    ExpectIntEQ(ECPoint_i2d(NULL, NULL, NULL, &blen), 0);
-    ExpectIntEQ(ECPoint_i2d(NULL, Gxy, NULL, &blen), 0);
-    ExpectIntEQ(ECPoint_i2d(group, NULL, NULL, &blen), 0);
-    ExpectIntEQ(ECPoint_i2d(group, Gxy, NULL, NULL), 0);
-    ExpectIntEQ(ECPoint_i2d(group, Gxy, NULL, &blen), 1);
-    ExpectIntEQ(blen, sizeof(binUncompG));
-    ExpectNotNull(buf = (unsigned char*)XMALLOC(blen, NULL, DYNAMIC_TYPE_ECC));
-    blen--;
-    ExpectIntEQ(ECPoint_i2d(group, Gxy, buf, &blen), 0);
-    blen++;
-    ExpectIntEQ(ECPoint_i2d(group, Gxy, buf, &blen), 1);
-    ExpectIntEQ(XMEMCMP(buf, binUncompG, sizeof(binUncompG)), 0);
-    XFREE(buf, NULL, DYNAMIC_TYPE_ECC);
-
-#ifdef HAVE_COMP_KEY
-    /* Test point to oct compressed */
-    bin_len = EC_POINT_point2oct(group, Gxy, POINT_CONVERSION_COMPRESSED, NULL,
-        0, ctx);
-    ExpectIntEQ(bin_len, sizeof(binCompG));
-    ExpectNotNull(buf = (unsigned char*)XMALLOC(bin_len, NULL,
-        DYNAMIC_TYPE_ECC));
-    ExpectIntEQ(EC_POINT_point2oct(group, Gxy, POINT_CONVERSION_COMPRESSED, buf,
-        bin_len, ctx), bin_len);
-    ExpectIntEQ(XMEMCMP(buf, binCompG, sizeof(binCompG)), 0);
-    XFREE(buf, NULL, DYNAMIC_TYPE_ECC);
-#endif
-
-    /* Test point BN */
-    ExpectNull(wolfSSL_EC_POINT_point2bn(NULL, NULL,
-        POINT_CONVERSION_UNCOMPRESSED, NULL, ctx));
-    ExpectNull(wolfSSL_EC_POINT_point2bn(NULL, Gxy,
-        POINT_CONVERSION_UNCOMPRESSED, NULL, ctx));
-    ExpectNull(wolfSSL_EC_POINT_point2bn(group, NULL,
-        POINT_CONVERSION_UNCOMPRESSED, NULL, ctx));
-    ExpectNull(wolfSSL_EC_POINT_point2bn(group, Gxy, 0, NULL, ctx));
-
-    /* Test oct to point */
-    ExpectNotNull(tmp = EC_POINT_new(group));
-    ExpectIntEQ(EC_POINT_oct2point(NULL, NULL, binUncompG, sizeof(binUncompG),
-        ctx), 0);
-    ExpectIntEQ(EC_POINT_oct2point(NULL, tmp, binUncompG, sizeof(binUncompG),
-        ctx), 0);
-    ExpectIntEQ(EC_POINT_oct2point(group, NULL, binUncompG, sizeof(binUncompG),
-        ctx), 0);
-    ExpectIntEQ(EC_POINT_oct2point(group, tmp, binUncompGBad,
-        sizeof(binUncompGBad), ctx), 0);
-    ExpectIntEQ(EC_POINT_oct2point(group, tmp, binUncompG, sizeof(binUncompG),
-        ctx), 1);
-    ExpectIntEQ(EC_POINT_cmp(group, tmp, Gxy, ctx), 0);
-    EC_POINT_free(tmp);
-    tmp = NULL;
-
-    /* Test setting BN ordinates. */
-    ExpectNotNull(tmp = EC_POINT_new(group));
-    ExpectIntEQ(wolfSSL_EC_POINT_set_affine_coordinates_GFp(NULL, NULL, NULL,
-        NULL, ctx), 0);
-    ExpectIntEQ(wolfSSL_EC_POINT_set_affine_coordinates_GFp(group, NULL, NULL,
-        NULL, ctx), 0);
-    ExpectIntEQ(wolfSSL_EC_POINT_set_affine_coordinates_GFp(NULL, tmp, NULL,
-        NULL, ctx), 0);
-    ExpectIntEQ(wolfSSL_EC_POINT_set_affine_coordinates_GFp(NULL, NULL, Gx,
-        NULL, ctx), 0);
-    ExpectIntEQ(wolfSSL_EC_POINT_set_affine_coordinates_GFp(NULL, NULL, NULL,
-        Gy, ctx), 0);
-    ExpectIntEQ(wolfSSL_EC_POINT_set_affine_coordinates_GFp(NULL, tmp, Gx, Gy,
-        ctx), 0);
-    ExpectIntEQ(wolfSSL_EC_POINT_set_affine_coordinates_GFp(group, NULL, Gx, Gy,
-        ctx), 0);
-    ExpectIntEQ(wolfSSL_EC_POINT_set_affine_coordinates_GFp(group, tmp, NULL,
-        Gy, ctx), 0);
-    ExpectIntEQ(wolfSSL_EC_POINT_set_affine_coordinates_GFp(group, tmp, Gx,
-        NULL, ctx), 0);
-    ExpectIntEQ(wolfSSL_EC_POINT_set_affine_coordinates_GFp(group, tmp, Gx, Gy,
-        ctx), 1);
-    EC_POINT_free(tmp);
-    tmp = NULL;
-
-    /* Test point d2i */
-    ExpectNotNull(tmp = EC_POINT_new(group));
-    ExpectIntEQ(ECPoint_d2i(NULL, sizeof(binUncompG), NULL, NULL), 0);
-    ExpectIntEQ(ECPoint_d2i(binUncompG, sizeof(binUncompG), NULL, NULL), 0);
-    ExpectIntEQ(ECPoint_d2i(NULL, sizeof(binUncompG), group, NULL), 0);
-    ExpectIntEQ(ECPoint_d2i(NULL, sizeof(binUncompG), NULL, tmp), 0);
-    ExpectIntEQ(ECPoint_d2i(NULL, sizeof(binUncompG), group, tmp), 0);
-    ExpectIntEQ(ECPoint_d2i(binUncompG, sizeof(binUncompG), NULL, tmp), 0);
-    ExpectIntEQ(ECPoint_d2i(binUncompG, sizeof(binUncompG), group, NULL), 0);
-    ExpectIntEQ(ECPoint_d2i(binUncompGBad, sizeof(binUncompG), group, tmp), 0);
-    ExpectIntEQ(ECPoint_d2i(binUncompG, sizeof(binUncompG), group, tmp), 1);
-    ExpectIntEQ(EC_POINT_cmp(group, tmp, Gxy, ctx), 0);
-    EC_POINT_free(tmp);
-    tmp = NULL;
-
-#ifdef HAVE_COMP_KEY
-    /* Test oct compressed to point */
-    ExpectNotNull(tmp = EC_POINT_new(group));
-    ExpectIntEQ(EC_POINT_oct2point(group, tmp, binCompG, sizeof(binCompG), ctx),
-        1);
-    ExpectIntEQ(EC_POINT_cmp(group, tmp, Gxy, ctx), 0);
-    EC_POINT_free(tmp);
-    tmp = NULL;
-
-    /* Test point d2i - compressed */
-    ExpectNotNull(tmp = EC_POINT_new(group));
-    ExpectIntEQ(ECPoint_d2i(binCompG, sizeof(binCompG), group, tmp), 1);
-    ExpectIntEQ(EC_POINT_cmp(group, tmp, Gxy, ctx), 0);
-    EC_POINT_free(tmp);
-    tmp = NULL;
-#endif
-#endif
-
-    /* test BN_mod_add */
-    ExpectIntEQ(BN_mod_add(new_point->Z, (WOLFSSL_BIGNUM*)BN_value_one(),
-        (WOLFSSL_BIGNUM*)BN_value_one(), (WOLFSSL_BIGNUM*)BN_value_one(), NULL),
-        1);
-    ExpectIntEQ(BN_is_zero(new_point->Z), 1);
-
-    /* cleanup */
-    BN_free(X);
-    BN_free(Y);
-    BN_free(k);
-    BN_free(set_point_bn);
-    EC_POINT_free(infinity);
-    EC_POINT_free(new_point);
-    EC_POINT_free(set_point);
-    EC_POINT_clear_free(Gxy);
-#ifndef HAVE_ECC_BRAINPOOL
-    EC_GROUP_free(group2);
-#endif
-    EC_GROUP_free(group);
-    BN_CTX_free(ctx);
-#endif
-#endif /* !WOLFSSL_SP_MATH && ( !HAVE_FIPS || HAVE_FIPS_VERSION > 2) */
-    return EXPECT_RESULT();
-}
-
-static int test_wolfSSL_SPAKE(void)
-{
-    EXPECT_DECLS;
-
-#if defined(OPENSSL_EXTRA) && defined(HAVE_ECC) && !defined(WOLFSSL_ATECC508A) \
-    && !defined(WOLFSSL_ATECC608A) && !defined(HAVE_SELFTEST) && \
-       !defined(WOLFSSL_SP_MATH) && !defined(WOLF_CRYPTO_CB_ONLY_ECC)
-    BIGNUM* x = NULL; /* kdc priv */
-    BIGNUM* y = NULL; /* client priv */
-    BIGNUM* w = NULL; /* shared value */
-    byte M_bytes[] = {
-        /* uncompressed */
-        0x04,
-        /* x */
-        0x88, 0x6e, 0x2f, 0x97, 0xac, 0xe4, 0x6e, 0x55, 0xba, 0x9d, 0xd7, 0x24,
-        0x25, 0x79, 0xf2, 0x99, 0x3b, 0x64, 0xe1, 0x6e, 0xf3, 0xdc, 0xab, 0x95,
-        0xaf, 0xd4, 0x97, 0x33, 0x3d, 0x8f, 0xa1, 0x2f,
-        /* y */
-        0x5f, 0xf3, 0x55, 0x16, 0x3e, 0x43, 0xce, 0x22, 0x4e, 0x0b, 0x0e, 0x65,
-        0xff, 0x02, 0xac, 0x8e, 0x5c, 0x7b, 0xe0, 0x94, 0x19, 0xc7, 0x85, 0xe0,
-        0xca, 0x54, 0x7d, 0x55, 0xa1, 0x2e, 0x2d, 0x20
-    };
-    EC_POINT* M = NULL; /* shared value */
-    byte N_bytes[] = {
-        /* uncompressed */
-        0x04,
-        /* x */
-        0xd8, 0xbb, 0xd6, 0xc6, 0x39, 0xc6, 0x29, 0x37, 0xb0, 0x4d, 0x99, 0x7f,
-        0x38, 0xc3, 0x77, 0x07, 0x19, 0xc6, 0x29, 0xd7, 0x01, 0x4d, 0x49, 0xa2,
-        0x4b, 0x4f, 0x98, 0xba, 0xa1, 0x29, 0x2b, 0x49,
-        /* y */
-        0x07, 0xd6, 0x0a, 0xa6, 0xbf, 0xad, 0xe4, 0x50, 0x08, 0xa6, 0x36, 0x33,
-        0x7f, 0x51, 0x68, 0xc6, 0x4d, 0x9b, 0xd3, 0x60, 0x34, 0x80, 0x8c, 0xd5,
-        0x64, 0x49, 0x0b, 0x1e, 0x65, 0x6e, 0xdb, 0xe7
-    };
-    EC_POINT* N = NULL; /* shared value */
-    EC_POINT* T = NULL; /* kdc pub */
-    EC_POINT* tmp1 = NULL; /* kdc pub */
-    EC_POINT* tmp2 = NULL; /* kdc pub */
-    EC_POINT* S = NULL; /* client pub */
-    EC_POINT* client_secret = NULL;
-    EC_POINT* kdc_secret = NULL;
-    EC_GROUP* group = NULL;
-    BN_CTX* bn_ctx = NULL;
-
-    /* Values taken from a test run of Kerberos 5 */
-
-    ExpectNotNull(group = EC_GROUP_new_by_curve_name(NID_X9_62_prime256v1));
-    ExpectNotNull(bn_ctx = BN_CTX_new());
-
-    ExpectNotNull(M = EC_POINT_new(group));
-    ExpectNotNull(N = EC_POINT_new(group));
-    ExpectNotNull(T = EC_POINT_new(group));
-    ExpectNotNull(tmp1 = EC_POINT_new(group));
-    ExpectNotNull(tmp2 = EC_POINT_new(group));
-    ExpectNotNull(S = EC_POINT_new(group));
-    ExpectNotNull(client_secret = EC_POINT_new(group));
-    ExpectNotNull(kdc_secret = EC_POINT_new(group));
-    ExpectIntEQ(BN_hex2bn(&x, "DAC3027CD692B4BDF0EDFE9B7D0E4E7"
-                              "E5D8768A725EAEEA6FC68EC239A17C0"), 1);
-    ExpectIntEQ(BN_hex2bn(&y, "6F6A1D394E26B1655A54B26DCE30D49"
-                              "90CC47EBE08F809EF3FF7F6AEAABBB5"), 1);
-    ExpectIntEQ(BN_hex2bn(&w, "1D992AB8BA851B9BA05353453D81EE9"
-                              "506AB395478F0AAB647752CF117B36250"), 1);
-    ExpectIntEQ(EC_POINT_oct2point(group, M, M_bytes, sizeof(M_bytes), bn_ctx),
-                1);
-    ExpectIntEQ(EC_POINT_oct2point(group, N, N_bytes, sizeof(N_bytes), bn_ctx),
-                1);
-
-    /* Function pattern similar to ossl_keygen and ossl_result in krb5 */
-
-    /* kdc */
-    /* T=x*P+w*M */
-    /* All in one function call */
-    ExpectIntEQ(EC_POINT_mul(group, T, x, M, w, bn_ctx), 1);
-    /* Spread into separate calls */
-    ExpectIntEQ(EC_POINT_mul(group, tmp1, x, NULL, NULL, bn_ctx), 1);
-    ExpectIntEQ(EC_POINT_mul(group, tmp2, NULL, M, w, bn_ctx), 1);
-    ExpectIntEQ(EC_POINT_add(group, tmp1, tmp1, tmp2, bn_ctx),
-                1);
-    ExpectIntEQ(EC_POINT_cmp(group, T, tmp1, bn_ctx), 0);
-    /* client */
-    /* S=y*P+w*N */
-    /* All in one function call */
-    ExpectIntEQ(EC_POINT_mul(group, S, y, N, w, bn_ctx), 1);
-    /* Spread into separate calls */
-    ExpectIntEQ(EC_POINT_mul(group, tmp1, y, NULL, NULL, bn_ctx), 1);
-    ExpectIntEQ(EC_POINT_mul(group, tmp2, NULL, N, w, bn_ctx), 1);
-    ExpectIntEQ(EC_POINT_add(group, tmp1, tmp1, tmp2, bn_ctx),
-                1);
-    ExpectIntEQ(EC_POINT_cmp(group, S, tmp1, bn_ctx), 0);
-    /* K=y*(T-w*M) */
-    ExpectIntEQ(EC_POINT_mul(group, client_secret, NULL, M, w, bn_ctx), 1);
-    ExpectIntEQ(EC_POINT_invert(group, client_secret, bn_ctx), 1);
-    ExpectIntEQ(EC_POINT_add(group, client_secret, T, client_secret, bn_ctx),
-                1);
-    ExpectIntEQ(EC_POINT_mul(group, client_secret, NULL, client_secret, y,
-                             bn_ctx), 1);
-    /* kdc */
-    /* K=x*(S-w*N) */
-    ExpectIntEQ(EC_POINT_mul(group, kdc_secret, NULL, N, w, bn_ctx), 1);
-    ExpectIntEQ(EC_POINT_invert(group, kdc_secret, bn_ctx), 1);
-    ExpectIntEQ(EC_POINT_add(group, kdc_secret, S, kdc_secret, bn_ctx),
-                1);
-    ExpectIntEQ(EC_POINT_mul(group, kdc_secret, NULL, kdc_secret, x, bn_ctx),
-                1);
-
-    /* kdc_secret == client_secret */
-    ExpectIntEQ(EC_POINT_cmp(group, client_secret, kdc_secret, bn_ctx), 0);
-
-    BN_free(x);
-    BN_free(y);
-    BN_free(w);
-    EC_POINT_free(M);
-    EC_POINT_free(N);
-    EC_POINT_free(T);
-    EC_POINT_free(tmp1);
-    EC_POINT_free(tmp2);
-    EC_POINT_free(S);
-    EC_POINT_free(client_secret);
-    EC_POINT_free(kdc_secret);
-    EC_GROUP_free(group);
-    BN_CTX_free(bn_ctx);
-#endif
-    return EXPECT_RESULT();
-}
-
-static int test_wolfSSL_EC_KEY_generate(void)
-{
-    EXPECT_DECLS;
-#ifdef OPENSSL_EXTRA
-    WOLFSSL_EC_KEY* key = NULL;
-#ifndef HAVE_ECC_BRAINPOOL
-    WOLFSSL_EC_GROUP* group = NULL;
-#endif
-
-    ExpectNotNull(key = EC_KEY_new_by_curve_name(NID_X9_62_prime256v1));
-
-    ExpectIntEQ(wolfSSL_EC_KEY_generate_key(NULL), 0);
-    ExpectIntEQ(wolfSSL_EC_KEY_generate_key(key), 1);
-    wolfSSL_EC_KEY_free(key);
-    key = NULL;
-
-#ifndef HAVE_ECC_BRAINPOOL
-    ExpectNotNull(group = wolfSSL_EC_GROUP_new_by_curve_name(
-        NID_brainpoolP256r1));
-    ExpectNotNull(key = wolfSSL_EC_KEY_new());
-    ExpectIntEQ(wolfSSL_EC_KEY_set_group(key, group), 1);
-    ExpectIntEQ(wolfSSL_EC_KEY_generate_key(key), 0);
-    wolfSSL_EC_KEY_free(key);
-    wolfSSL_EC_GROUP_free(group);
-#endif
-#endif
-    return EXPECT_RESULT();
-}
-
-static int test_EC_i2d(void)
-{
-    EXPECT_DECLS;
-#if defined(OPENSSL_EXTRA) && !defined(HAVE_FIPS)
-    EC_KEY *key = NULL;
-    EC_KEY *copy = NULL;
-    int len = 0;
-    unsigned char *buf = NULL;
-    unsigned char *p = NULL;
-    const unsigned char *tmp = NULL;
-    const unsigned char octBad[] = {
-        0x09, 0x6b, 0x17, 0xd1, 0xf2, 0xe1, 0x2c, 0x42, 0x47, 0xf8, 0xbc,
-        0xe6, 0xe5, 0x63, 0xa4, 0x40, 0xf2, 0x77, 0x03, 0x7d, 0x81, 0x2d,
-        0xeb, 0x33, 0xa0, 0xf4, 0xa1, 0x39, 0x45, 0xd8, 0x98, 0xc2, 0x96,
-        0x4f, 0xe3, 0x42, 0xe2, 0xfe, 0x1a, 0x7f, 0x9b, 0x8e, 0xe7, 0xeb,
-        0x4a, 0x7c, 0x0f, 0x9e, 0x16, 0x2b, 0xce, 0x33, 0x57, 0x6b, 0x31,
-        0x5e, 0xce, 0xcb, 0xb6, 0x40, 0x68, 0x37, 0xbf, 0x51, 0xf5,
-    };
-
-    ExpectNotNull(key = EC_KEY_new_by_curve_name(NID_X9_62_prime256v1));
-    ExpectIntEQ(EC_KEY_generate_key(key), 1);
-    ExpectIntGT((len = i2d_EC_PUBKEY(key, NULL)), 0);
-    ExpectNotNull(buf = (unsigned char*)XMALLOC(len, NULL,
-        DYNAMIC_TYPE_TMP_BUFFER));
-    p = buf;
-    ExpectIntEQ(i2d_EC_PUBKEY(key, &p), len);
-
-    ExpectNull(o2i_ECPublicKey(NULL, NULL, -1));
-    ExpectNull(o2i_ECPublicKey(&copy, NULL, -1));
-    ExpectNull(o2i_ECPublicKey(&key, NULL, -1));
-    ExpectNull(o2i_ECPublicKey(NULL, &tmp, -1));
-    ExpectNull(o2i_ECPublicKey(NULL, NULL, 0));
-    ExpectNull(o2i_ECPublicKey(&key, NULL, 0));
-    ExpectNull(o2i_ECPublicKey(&key, &tmp, 0));
-    tmp = buf;
-    ExpectNull(o2i_ECPublicKey(NULL, &tmp, 0));
-    ExpectNull(o2i_ECPublicKey(&copy, &tmp, 0));
-    ExpectNull(o2i_ECPublicKey(NULL, &tmp, -1));
-    ExpectNull(o2i_ECPublicKey(&key, &tmp, -1));
-
-    ExpectIntEQ(i2o_ECPublicKey(NULL, NULL), 0);
-    ExpectIntEQ(i2o_ECPublicKey(NULL, &buf), 0);
-
-    tmp = buf;
-    ExpectNull(d2i_ECPrivateKey(NULL, &tmp, 0));
-    ExpectNull(d2i_ECPrivateKey(NULL, &tmp, 1));
-    ExpectNull(d2i_ECPrivateKey(&copy, &tmp, 0));
-    ExpectNull(d2i_ECPrivateKey(&copy, &tmp, 1));
-    ExpectNull(d2i_ECPrivateKey(&key, &tmp, 0));
-
-    {
-        EC_KEY *pubkey = NULL;
-        BIO* bio = NULL;
-
-        ExpectNotNull(bio = BIO_new(BIO_s_mem()));
-        ExpectIntGT(BIO_write(bio, buf, len), 0);
-        ExpectNotNull(d2i_EC_PUBKEY_bio(bio, &pubkey));
-
-        BIO_free(bio);
-        EC_KEY_free(pubkey);
-    }
-
-    ExpectIntEQ(i2d_ECPrivateKey(NULL, &p), 0);
-    ExpectIntEQ(i2d_ECPrivateKey(NULL, NULL), 0);
-
-    ExpectIntEQ(wolfSSL_EC_KEY_LoadDer(NULL, NULL, -1), -1);
-    ExpectIntEQ(wolfSSL_EC_KEY_LoadDer_ex(NULL, NULL, -1, 0), -1);
-    ExpectIntEQ(wolfSSL_EC_KEY_LoadDer_ex(key, NULL, -1, 0), -1);
-    ExpectIntEQ(wolfSSL_EC_KEY_LoadDer_ex(NULL, buf, -1, 0), -1);
-    ExpectIntEQ(wolfSSL_EC_KEY_LoadDer_ex(NULL, NULL, 0, 0), -1);
-    ExpectIntEQ(wolfSSL_EC_KEY_LoadDer_ex(NULL, NULL, -1,
-        WOLFSSL_EC_KEY_LOAD_PUBLIC), -1);
-    ExpectIntEQ(wolfSSL_EC_KEY_LoadDer_ex(NULL, buf, len,
-        WOLFSSL_EC_KEY_LOAD_PUBLIC), -1);
-    ExpectIntEQ(wolfSSL_EC_KEY_LoadDer_ex(key, NULL, len,
-        WOLFSSL_EC_KEY_LOAD_PUBLIC), -1);
-    ExpectIntEQ(wolfSSL_EC_KEY_LoadDer_ex(key, buf, -1,
-        WOLFSSL_EC_KEY_LOAD_PUBLIC), -1);
-    ExpectIntEQ(wolfSSL_EC_KEY_LoadDer_ex(key, buf, len, 0), -1);
-    ExpectIntEQ(wolfSSL_EC_KEY_LoadDer_ex(key, buf, len,
-        WOLFSSL_EC_KEY_LOAD_PRIVATE), -1);
-    ExpectIntEQ(wolfSSL_EC_KEY_LoadDer_ex(key, octBad, sizeof(octBad),
-        WOLFSSL_EC_KEY_LOAD_PRIVATE), -1);
-    ExpectIntEQ(wolfSSL_EC_KEY_LoadDer_ex(key, octBad, sizeof(octBad),
-        WOLFSSL_EC_KEY_LOAD_PUBLIC), -1);
-
-    XFREE(buf, NULL, DYNAMIC_TYPE_TMP_BUFFER);
-    buf = NULL;
-    buf = NULL;
-
-    ExpectIntGT((len = i2d_ECPrivateKey(key, NULL)), 0);
-    ExpectNotNull(buf = (unsigned char*)XMALLOC(len, NULL,
-        DYNAMIC_TYPE_TMP_BUFFER));
-    p = buf;
-    ExpectIntEQ(i2d_ECPrivateKey(key, &p), len);
-
-    p = NULL;
-    ExpectIntEQ(i2d_ECPrivateKey(key, &p), len);
-    XFREE(p, NULL, DYNAMIC_TYPE_TMP_BUFFER);
-    p = NULL;
-
-    /* Bad point is also an invalid private key. */
-    tmp = octBad;
-    ExpectNull(d2i_ECPrivateKey(&copy, &tmp, sizeof(octBad)));
-    tmp = buf;
-    ExpectNotNull(d2i_ECPrivateKey(&copy, &tmp, len));
-    XFREE(buf, NULL, DYNAMIC_TYPE_TMP_BUFFER);
-    buf = NULL;
-    buf = NULL;
-
-    ExpectIntGT((len = i2o_ECPublicKey(key, NULL)), 0);
-    ExpectNotNull(buf = (unsigned char*)XMALLOC(len, NULL,
-        DYNAMIC_TYPE_TMP_BUFFER));
-    p = buf;
-    ExpectIntGT((len = i2o_ECPublicKey(key, &p)), 0);
-    p = NULL;
-    ExpectIntGT((len = i2o_ECPublicKey(key, &p)), 0);
-    tmp = buf;
-    ExpectNotNull(o2i_ECPublicKey(&copy, &tmp, len));
-    tmp = octBad;
-    ExpectNull(o2i_ECPublicKey(&key, &tmp, sizeof(octBad)));
-
-    ExpectIntEQ(EC_KEY_check_key(NULL), 0);
-    ExpectIntEQ(EC_KEY_check_key(key), 1);
-
-    XFREE(p, NULL, DYNAMIC_TYPE_OPENSSL);
-    XFREE(buf, NULL, DYNAMIC_TYPE_OPENSSL);
-
-    EC_KEY_free(key);
-    EC_KEY_free(copy);
-#endif
-    return EXPECT_RESULT();
-}
-
-static int test_wolfSSL_EC_curve(void)
-{
-    EXPECT_DECLS;
-#if defined(OPENSSL_EXTRA)
-    int nid = NID_secp160k1;
-    const char* nid_name = NULL;
-
-    ExpectNull(EC_curve_nid2nist(NID_sha256));
-
-    ExpectNotNull(nid_name = EC_curve_nid2nist(nid));
-    ExpectIntEQ(XMEMCMP(nid_name, "K-160", XSTRLEN("K-160")), 0);
-
-    ExpectIntEQ(EC_curve_nist2nid("INVALID"), 0);
-    ExpectIntEQ(EC_curve_nist2nid(nid_name), nid);
-#endif
-    return EXPECT_RESULT();
-}
-
-static int test_wolfSSL_EC_KEY_dup(void)
-{
-    EXPECT_DECLS;
-#if defined(OPENSSL_ALL) && !defined(NO_CERTS)
-    WOLFSSL_EC_KEY* ecKey = NULL;
-    WOLFSSL_EC_KEY* dupKey = NULL;
-    ecc_key* srcKey = NULL;
-    ecc_key* destKey = NULL;
-
-    ExpectNotNull(ecKey = wolfSSL_EC_KEY_new());
-    ExpectIntEQ(wolfSSL_EC_KEY_generate_key(ecKey), 1);
-
-    /* Valid cases */
-    ExpectNotNull(dupKey = wolfSSL_EC_KEY_dup(ecKey));
-    ExpectIntEQ(EC_KEY_check_key(dupKey), 1);
-
-    /* Compare pubkey */
-    if (ecKey != NULL) {
-        srcKey = (ecc_key*)ecKey->internal;
-    }
-    if (dupKey != NULL) {
-        destKey = (ecc_key*)dupKey->internal;
-    }
-    ExpectIntEQ(wc_ecc_cmp_point(&srcKey->pubkey, &destKey->pubkey), 0);
-
-    /* compare EC_GROUP */
-    ExpectIntEQ(wolfSSL_EC_GROUP_cmp(ecKey->group, dupKey->group, NULL), MP_EQ);
-
-    /* compare EC_POINT */
-    ExpectIntEQ(wolfSSL_EC_POINT_cmp(ecKey->group, ecKey->pub_key, \
-                dupKey->pub_key, NULL), MP_EQ);
-
-    /* compare BIGNUM */
-    ExpectIntEQ(wolfSSL_BN_cmp(ecKey->priv_key, dupKey->priv_key), MP_EQ);
-    wolfSSL_EC_KEY_free(dupKey);
-    dupKey = NULL;
-
-    /* Invalid cases */
-    /* NULL key */
-    ExpectNull(dupKey = wolfSSL_EC_KEY_dup(NULL));
-    /* NULL ecc_key */
-    if (ecKey != NULL) {
-        wc_ecc_free((ecc_key*)ecKey->internal);
-        XFREE(ecKey->internal, NULL, DYNAMIC_TYPE_ECC);
-        ecKey->internal = NULL; /* Set ecc_key to NULL */
-    }
-    ExpectNull(dupKey = wolfSSL_EC_KEY_dup(ecKey));
-    wolfSSL_EC_KEY_free(ecKey);
-    ecKey = NULL;
-    wolfSSL_EC_KEY_free(dupKey);
-    dupKey = NULL;
-
-    /* NULL Group */
-    ExpectNotNull(ecKey = wolfSSL_EC_KEY_new());
-    ExpectIntEQ(wolfSSL_EC_KEY_generate_key(ecKey), 1);
-    if (ecKey != NULL) {
-        wolfSSL_EC_GROUP_free(ecKey->group);
-        ecKey->group = NULL; /* Set group to NULL */
-    }
-    ExpectNull(dupKey = wolfSSL_EC_KEY_dup(ecKey));
-    wolfSSL_EC_KEY_free(ecKey);
-    ecKey = NULL;
-    wolfSSL_EC_KEY_free(dupKey);
-    dupKey = NULL;
-
-    /* NULL public key */
-    ExpectNotNull(ecKey = wolfSSL_EC_KEY_new());
-    ExpectIntEQ(wolfSSL_EC_KEY_generate_key(ecKey), 1);
-    if (ecKey != NULL) {
-        wc_ecc_del_point((ecc_point*)ecKey->pub_key->internal);
-        ecKey->pub_key->internal = NULL; /* Set ecc_point to NULL */
-    }
-
-    ExpectNull(dupKey = wolfSSL_EC_KEY_dup(ecKey));
-    if (ecKey != NULL) {
-        wolfSSL_EC_POINT_free(ecKey->pub_key);
-        ecKey->pub_key = NULL; /* Set pub_key to NULL */
-    }
-    ExpectNull(dupKey = wolfSSL_EC_KEY_dup(ecKey));
-    wolfSSL_EC_KEY_free(ecKey);
-    ecKey = NULL;
-    wolfSSL_EC_KEY_free(dupKey);
-    dupKey = NULL;
-
-    /* NULL private key */
-    ExpectNotNull(ecKey = wolfSSL_EC_KEY_new());
-    ExpectIntEQ(wolfSSL_EC_KEY_generate_key(ecKey), 1);
-
-    if (ecKey != NULL) {
-        wolfSSL_BN_free(ecKey->priv_key);
-        ecKey->priv_key = NULL; /* Set priv_key to NULL */
-    }
-    ExpectNull(dupKey = wolfSSL_EC_KEY_dup(ecKey));
-
-    wolfSSL_EC_KEY_free(ecKey);
-    ecKey = NULL;
-    wolfSSL_EC_KEY_free(dupKey);
-    dupKey = NULL;
-
-    /* Test EC_KEY_up_ref */
-    ExpectNotNull(ecKey = wolfSSL_EC_KEY_new());
-    ExpectIntEQ(wolfSSL_EC_KEY_generate_key(ecKey), WOLFSSL_SUCCESS);
-    ExpectIntEQ(wolfSSL_EC_KEY_up_ref(NULL), WC_NO_ERR_TRACE(WOLFSSL_FAILURE));
-    ExpectIntEQ(wolfSSL_EC_KEY_up_ref(ecKey), WOLFSSL_SUCCESS);
-    /* reference count doesn't follow duplicate */
-    ExpectNotNull(dupKey = wolfSSL_EC_KEY_dup(ecKey));
-    ExpectIntEQ(wolfSSL_EC_KEY_up_ref(dupKey), WOLFSSL_SUCCESS); /* +1 */
-    ExpectIntEQ(wolfSSL_EC_KEY_up_ref(dupKey), WOLFSSL_SUCCESS); /* +2 */
-    wolfSSL_EC_KEY_free(dupKey); /* 3 */
-    wolfSSL_EC_KEY_free(dupKey); /* 2 */
-    wolfSSL_EC_KEY_free(dupKey); /* 1, free */
-    wolfSSL_EC_KEY_free(ecKey);  /* 2 */
-    wolfSSL_EC_KEY_free(ecKey);  /* 1, free */
-#endif
-    return EXPECT_RESULT();
-}
-
-static int test_wolfSSL_EC_KEY_set_group(void)
-{
-    EXPECT_DECLS;
-#if defined(HAVE_ECC) && !defined(NO_ECC256) && !defined(NO_ECC_SECP) && \
-    defined(OPENSSL_EXTRA)
-    EC_KEY   *key    = NULL;
-    EC_GROUP *group  = NULL;
-    const EC_GROUP *group2 = NULL;
-
-    ExpectNotNull(group = EC_GROUP_new_by_curve_name(NID_X9_62_prime256v1));
-    ExpectNotNull(key = EC_KEY_new());
-
-    ExpectNull(EC_KEY_get0_group(NULL));
-    ExpectIntEQ(EC_KEY_set_group(NULL, NULL), 0);
-    ExpectIntEQ(EC_KEY_set_group(key, NULL), 0);
-    ExpectIntEQ(EC_KEY_set_group(NULL, group), 0);
-
-    ExpectIntEQ(EC_KEY_set_group(key, group), WOLFSSL_SUCCESS);
-    ExpectNotNull(group2 = EC_KEY_get0_group(key));
-    ExpectIntEQ(EC_GROUP_cmp(group2, group, NULL), 0);
-
-    EC_GROUP_free(group);
-    EC_KEY_free(key);
-#endif
-    return EXPECT_RESULT();
-}
-
-static int test_wolfSSL_EC_KEY_set_conv_form(void)
-{
-    EXPECT_DECLS;
-#if defined(HAVE_ECC) && defined(OPENSSL_EXTRA) && !defined(NO_BIO)
-    BIO* bio = NULL;
-    EC_KEY* key = NULL;
-
-    /* Error condition: NULL key. */
-    ExpectIntLT(EC_KEY_get_conv_form(NULL), 0);
-
-    ExpectNotNull(bio = BIO_new_file("./certs/ecc-keyPub.pem", "rb"));
-    ExpectNotNull(key = PEM_read_bio_EC_PUBKEY(bio, NULL, NULL, NULL));
-    /* Conversion form defaults to uncompressed. */
-    ExpectIntEQ(EC_KEY_get_conv_form(key), POINT_CONVERSION_UNCOMPRESSED);
-#ifdef HAVE_COMP_KEY
-    /* Explicitly set to compressed. */
-    EC_KEY_set_conv_form(key, POINT_CONVERSION_COMPRESSED);
-    ExpectIntEQ(EC_KEY_get_conv_form(key), POINT_CONVERSION_COMPRESSED);
-#else
-    /* Will still work just won't change anything. */
-    EC_KEY_set_conv_form(key, POINT_CONVERSION_COMPRESSED);
-    ExpectIntEQ(EC_KEY_get_conv_form(key), POINT_CONVERSION_UNCOMPRESSED);
-    EC_KEY_set_conv_form(key, POINT_CONVERSION_UNCOMPRESSED);
-    ExpectIntEQ(EC_KEY_get_conv_form(key), POINT_CONVERSION_UNCOMPRESSED);
-#endif
-    EC_KEY_set_conv_form(NULL, POINT_CONVERSION_UNCOMPRESSED);
-
-    BIO_free(bio);
-    EC_KEY_free(key);
-#endif
-    return EXPECT_RESULT();
-}
-
-static int test_wolfSSL_EC_KEY_private_key(void)
-{
-    EXPECT_DECLS;
-#if defined(OPENSSL_EXTRA) && !defined(NO_BIO)
-    WOLFSSL_EC_KEY* key = NULL;
-    WOLFSSL_BIGNUM* priv = NULL;
-    WOLFSSL_BIGNUM* priv2 = NULL;
-    WOLFSSL_BIGNUM* bn;
-
-    ExpectNotNull(key = EC_KEY_new_by_curve_name(NID_X9_62_prime256v1));
-    ExpectNotNull(priv = wolfSSL_BN_new());
-    ExpectNotNull(priv2 = wolfSSL_BN_new());
-    ExpectIntNE(BN_set_word(priv, 2), 0);
-    ExpectIntNE(BN_set_word(priv2, 2), 0);
-
-    ExpectNull(wolfSSL_EC_KEY_get0_private_key(NULL));
-    /* No private key set. */
-    ExpectNull(wolfSSL_EC_KEY_get0_private_key(key));
-
-    ExpectIntEQ(wolfSSL_EC_KEY_set_private_key(NULL, NULL), 0);
-    ExpectIntEQ(wolfSSL_EC_KEY_set_private_key(key, NULL), 0);
-    ExpectIntEQ(wolfSSL_EC_KEY_set_private_key(NULL, priv), 0);
-
-    ExpectIntEQ(wolfSSL_EC_KEY_set_private_key(key, priv), 1);
-    ExpectNotNull(bn = wolfSSL_EC_KEY_get0_private_key(key));
-    ExpectPtrNE(bn, priv);
-    ExpectIntEQ(wolfSSL_EC_KEY_set_private_key(key, priv2), 1);
-    ExpectNotNull(bn = wolfSSL_EC_KEY_get0_private_key(key));
-    ExpectPtrNE(bn, priv2);
-
-    wolfSSL_BN_free(priv2);
-    wolfSSL_BN_free(priv);
-    wolfSSL_EC_KEY_free(key);
-#endif
-    return EXPECT_RESULT();
-}
-
-static int test_wolfSSL_EC_KEY_public_key(void)
-{
-    EXPECT_DECLS;
-#if defined(OPENSSL_EXTRA) && !defined(NO_BIO)
-    WOLFSSL_EC_KEY* key = NULL;
-    WOLFSSL_EC_POINT* pub = NULL;
-    WOLFSSL_EC_POINT* point = NULL;
-
-    ExpectNotNull(key = EC_KEY_new_by_curve_name(NID_X9_62_prime256v1));
-
-    ExpectNull(wolfSSL_EC_KEY_get0_public_key(NULL));
-    ExpectNotNull(wolfSSL_EC_KEY_get0_public_key(key));
-
-    ExpectIntEQ(wolfSSL_EC_KEY_generate_key(key), 1);
-
-    ExpectNotNull(pub = wolfSSL_EC_KEY_get0_public_key(key));
-
-    ExpectIntEQ(wolfSSL_EC_KEY_set_public_key(NULL, NULL), 0);
-    ExpectIntEQ(wolfSSL_EC_KEY_set_public_key(key, NULL), 0);
-    ExpectIntEQ(wolfSSL_EC_KEY_set_public_key(NULL, pub), 0);
-
-    ExpectIntEQ(wolfSSL_EC_KEY_set_public_key(key, pub), 1);
-    ExpectNotNull(point = wolfSSL_EC_KEY_get0_public_key(key));
-    ExpectPtrEq(point, pub);
-
-    wolfSSL_EC_KEY_free(key);
-#endif
-    return EXPECT_RESULT();
-}
-
-static int test_wolfSSL_EC_KEY_print_fp(void)
-{
-    EXPECT_DECLS;
-#if defined(HAVE_ECC) && ((defined(HAVE_ECC224) && defined(HAVE_ECC256)) || \
-    defined(HAVE_ALL_CURVES)) && ECC_MIN_KEY_SZ <= 224 && \
-    defined(OPENSSL_EXTRA) && defined(XFPRINTF) && !defined(NO_FILESYSTEM) && \
-    !defined(NO_STDIO_FILESYSTEM)
-    EC_KEY* key = NULL;
-
-    /* Bad file pointer. */
-    ExpectIntEQ(wolfSSL_EC_KEY_print_fp(NULL, key, 0), WC_NO_ERR_TRACE(WOLFSSL_FAILURE));
-    /* NULL key. */
-    ExpectIntEQ(wolfSSL_EC_KEY_print_fp(stderr, NULL, 0), WC_NO_ERR_TRACE(WOLFSSL_FAILURE));
-    ExpectNotNull((key = wolfSSL_EC_KEY_new_by_curve_name(NID_secp224r1)));
-    /* Negative indent. */
-    ExpectIntEQ(wolfSSL_EC_KEY_print_fp(stderr, key, -1), WC_NO_ERR_TRACE(WOLFSSL_FAILURE));
-
-    ExpectIntEQ(wolfSSL_EC_KEY_print_fp(stderr, key, 4), WOLFSSL_SUCCESS);
-    ExpectIntEQ(wolfSSL_EC_KEY_generate_key(key), WOLFSSL_SUCCESS);
-    ExpectIntEQ(wolfSSL_EC_KEY_print_fp(stderr, key, 4), WOLFSSL_SUCCESS);
-    wolfSSL_EC_KEY_free(key);
-
-    ExpectNotNull((key = wolfSSL_EC_KEY_new_by_curve_name(
-        NID_X9_62_prime256v1)));
-    ExpectIntEQ(wolfSSL_EC_KEY_generate_key(key), WOLFSSL_SUCCESS);
-    ExpectIntEQ(wolfSSL_EC_KEY_print_fp(stderr, key, 4), WOLFSSL_SUCCESS);
-    wolfSSL_EC_KEY_free(key);
-#endif
-    return EXPECT_RESULT();
-}
-
-static int test_wolfSSL_EC_get_builtin_curves(void)
-{
-    EXPECT_DECLS;
-#if defined(OPENSSL_EXTRA) || defined(OPENSSL_ALL)
-#if !defined(HAVE_FIPS) || (defined(HAVE_FIPS_VERSION) && (HAVE_FIPS_VERSION>2))
-    EC_builtin_curve* curves = NULL;
-    size_t crv_len = 0;
-    size_t i = 0;
-
-    ExpectIntGT((crv_len = EC_get_builtin_curves(NULL, 0)), 0);
-    ExpectNotNull(curves = (EC_builtin_curve*)XMALLOC(
-        sizeof(EC_builtin_curve) * crv_len, NULL, DYNAMIC_TYPE_TMP_BUFFER));
-
-    ExpectIntEQ((EC_get_builtin_curves(curves, 0)), crv_len);
-    ExpectIntEQ(EC_get_builtin_curves(curves, crv_len), crv_len);
-
-    for (i = 0; EXPECT_SUCCESS() && (i < crv_len); i++) {
-        if (curves[i].comment != NULL) {
-            ExpectStrEQ(OBJ_nid2sn(curves[i].nid), curves[i].comment);
-        }
-    }
-
-    if (crv_len > 1) {
-        ExpectIntEQ(EC_get_builtin_curves(curves, crv_len - 1), crv_len - 1);
-    }
-
-    XFREE(curves, NULL, DYNAMIC_TYPE_TMP_BUFFER);
-#endif /* !HAVE_FIPS || HAVE_FIPS_VERSION > 2 */
-#endif /* OPENSSL_EXTRA || OPENSSL_ALL */
-    return EXPECT_RESULT();
-}
-
-static int test_wolfSSL_ECDSA_SIG(void)
-{
-    EXPECT_DECLS;
-#ifdef OPENSSL_EXTRA
-    WOLFSSL_ECDSA_SIG* sig = NULL;
-    WOLFSSL_ECDSA_SIG* sig2 = NULL;
-    WOLFSSL_BIGNUM* r = NULL;
-    WOLFSSL_BIGNUM* s = NULL;
-    const WOLFSSL_BIGNUM* r2 = NULL;
-    const WOLFSSL_BIGNUM* s2 = NULL;
-    const unsigned char* cp = NULL;
-    unsigned char* p = NULL;
-    unsigned char outSig[8];
-    unsigned char sigData[8] =
-                             { 0x30, 0x06, 0x02, 0x01, 0x01, 0x02, 0x01, 0x01 };
-    unsigned char sigDataBad[8] =
-                             { 0x30, 0x07, 0x02, 0x01, 0x01, 0x02, 0x01, 0x01 };
-
-    wolfSSL_ECDSA_SIG_free(NULL);
-
-    ExpectNotNull(sig = wolfSSL_ECDSA_SIG_new());
-    ExpectNotNull(r = wolfSSL_BN_new());
-    ExpectNotNull(s = wolfSSL_BN_new());
-    ExpectIntEQ(wolfSSL_BN_set_word(r, 1), 1);
-    ExpectIntEQ(wolfSSL_BN_set_word(s, 1), 1);
-
-    wolfSSL_ECDSA_SIG_get0(NULL, NULL, NULL);
-    wolfSSL_ECDSA_SIG_get0(NULL, &r2, NULL);
-    wolfSSL_ECDSA_SIG_get0(NULL, NULL, &s2);
-    wolfSSL_ECDSA_SIG_get0(NULL, &r2, &s2);
-    ExpectIntEQ(wolfSSL_ECDSA_SIG_set0(NULL, NULL, NULL), 0);
-    ExpectIntEQ(wolfSSL_ECDSA_SIG_set0(sig, NULL, NULL), 0);
-    ExpectIntEQ(wolfSSL_ECDSA_SIG_set0(NULL, r, NULL), 0);
-    ExpectIntEQ(wolfSSL_ECDSA_SIG_set0(NULL, NULL, s), 0);
-    ExpectIntEQ(wolfSSL_ECDSA_SIG_set0(NULL, r, s), 0);
-    ExpectIntEQ(wolfSSL_ECDSA_SIG_set0(sig, NULL, s), 0);
-    ExpectIntEQ(wolfSSL_ECDSA_SIG_set0(sig, r, NULL), 0);
-
-    r2 = NULL;
-    s2 = NULL;
-    wolfSSL_ECDSA_SIG_get0(NULL, &r2, &s2);
-    ExpectNull(r2);
-    ExpectNull(s2);
-    ExpectIntEQ(wolfSSL_ECDSA_SIG_set0(sig, r, s), 1);
-    if (EXPECT_FAIL()) {
-        wolfSSL_BN_free(r);
-        wolfSSL_BN_free(s);
-    }
-    wolfSSL_ECDSA_SIG_get0(sig, &r2, &s2);
-    ExpectPtrEq(r2, r);
-    ExpectPtrEq(s2, s);
-    r2 = NULL;
-    wolfSSL_ECDSA_SIG_get0(sig, &r2, NULL);
-    ExpectPtrEq(r2, r);
-    s2 = NULL;
-    wolfSSL_ECDSA_SIG_get0(sig, NULL, &s2);
-    ExpectPtrEq(s2, s);
-
-    /* r and s are freed when sig is freed. */
-    wolfSSL_ECDSA_SIG_free(sig);
-    sig = NULL;
-
-    ExpectNull(wolfSSL_d2i_ECDSA_SIG(NULL, NULL, sizeof(sigData)));
-    cp = sigDataBad;
-    ExpectNull(wolfSSL_d2i_ECDSA_SIG(NULL, &cp, sizeof(sigDataBad)));
-    cp = sigData;
-    ExpectNotNull((sig = wolfSSL_d2i_ECDSA_SIG(NULL, &cp, sizeof(sigData))));
-    ExpectIntEQ((cp == sigData + 8), 1);
-    cp = sigData;
-    ExpectNull(wolfSSL_d2i_ECDSA_SIG(&sig, NULL, sizeof(sigData)));
-    ExpectNotNull((sig2 = wolfSSL_d2i_ECDSA_SIG(&sig, &cp, sizeof(sigData))));
-    ExpectIntEQ((sig == sig2), 1);
-    cp = outSig;
-
-    p = outSig;
-    ExpectIntEQ(wolfSSL_i2d_ECDSA_SIG(NULL, &p), 0);
-    ExpectIntEQ(wolfSSL_i2d_ECDSA_SIG(NULL, NULL), 0);
-    ExpectIntEQ(wolfSSL_i2d_ECDSA_SIG(sig, NULL), 8);
-    ExpectIntEQ(wolfSSL_i2d_ECDSA_SIG(sig, &p), sizeof(sigData));
-    ExpectIntEQ((p == outSig + 8), 1);
-    ExpectIntEQ(XMEMCMP(sigData, outSig, 8), 0);
-
-    p = NULL;
-    ExpectIntEQ(wolfSSL_i2d_ECDSA_SIG(sig, &p), 8);
-#ifndef WOLFSSL_I2D_ECDSA_SIG_ALLOC
-    ExpectNull(p);
-#else
-    ExpectNotNull(p);
-    ExpectIntEQ(XMEMCMP(p, outSig, 8), 0);
-    XFREE(p, NULL, DYNAMIC_TYPE_OPENSSL);
-#endif
-
-    wolfSSL_ECDSA_SIG_free(sig);
-#endif
-    return EXPECT_RESULT();
-}
-
-static int test_ECDSA_size_sign(void)
-{
-    EXPECT_DECLS;
-#if defined(OPENSSL_EXTRA) && !defined(NO_ECC256) && !defined(NO_ECC_SECP)
-    EC_KEY* key = NULL;
-    ECDSA_SIG* ecdsaSig = NULL;
-    int id;
-    byte hash[WC_MAX_DIGEST_SIZE];
-    byte hash2[WC_MAX_DIGEST_SIZE];
-    byte sig[ECC_MAX_SIG_SIZE];
-    unsigned int sigSz = sizeof(sig);
-
-    XMEMSET(hash, 123, sizeof(hash));
-    XMEMSET(hash2, 234, sizeof(hash2));
-
-    id = wc_ecc_get_curve_id_from_name("SECP256R1");
-    ExpectIntEQ(id, ECC_SECP256R1);
-
-    ExpectNotNull(key = EC_KEY_new_by_curve_name(NID_X9_62_prime256v1));
-    ExpectIntEQ(EC_KEY_generate_key(key), 1);
-
-    ExpectIntGE(ECDSA_size(NULL), 0);
-
-    ExpectIntEQ(ECDSA_sign(0, hash, sizeof(hash), sig, &sigSz, NULL), 0);
-    ExpectIntEQ(ECDSA_sign(0, NULL, sizeof(hash), sig, &sigSz, key), 0);
-    ExpectIntEQ(ECDSA_sign(0, hash, sizeof(hash), NULL, &sigSz, key), 0);
-    ExpectIntEQ(ECDSA_verify(0, hash, sizeof(hash), sig, (int)sigSz, NULL), 0);
-    ExpectIntEQ(ECDSA_verify(0, NULL, sizeof(hash), sig, (int)sigSz, key), 0);
-    ExpectIntEQ(ECDSA_verify(0, hash, sizeof(hash), NULL, (int)sigSz, key), 0);
-
-    ExpectIntEQ(ECDSA_sign(0, hash, sizeof(hash), sig, &sigSz, key), 1);
-    ExpectIntGE(ECDSA_size(key), sigSz);
-    ExpectIntEQ(ECDSA_verify(0, hash, sizeof(hash), sig, (int)sigSz, key), 1);
-    ExpectIntEQ(ECDSA_verify(0, hash2, sizeof(hash2), sig, (int)sigSz, key), 0);
-
-    ExpectNull(ECDSA_do_sign(NULL, sizeof(hash), NULL));
-    ExpectNull(ECDSA_do_sign(NULL, sizeof(hash), key));
-    ExpectNull(ECDSA_do_sign(hash, sizeof(hash), NULL));
-    ExpectNotNull(ecdsaSig = ECDSA_do_sign(hash, sizeof(hash), key));
-    ExpectIntEQ(ECDSA_do_verify(NULL, sizeof(hash), NULL, NULL), -1);
-    ExpectIntEQ(ECDSA_do_verify(hash, sizeof(hash), NULL, NULL), -1);
-    ExpectIntEQ(ECDSA_do_verify(NULL, sizeof(hash), ecdsaSig, NULL), -1);
-    ExpectIntEQ(ECDSA_do_verify(NULL, sizeof(hash), NULL, key), -1);
-    ExpectIntEQ(ECDSA_do_verify(NULL, sizeof(hash), ecdsaSig, key), -1);
-    ExpectIntEQ(ECDSA_do_verify(hash, sizeof(hash), NULL, key), -1);
-    ExpectIntEQ(ECDSA_do_verify(hash, sizeof(hash), ecdsaSig, NULL), -1);
-    ExpectIntEQ(ECDSA_do_verify(hash, sizeof(hash), ecdsaSig, key), 1);
-    ExpectIntEQ(ECDSA_do_verify(hash2, sizeof(hash2), ecdsaSig, key), 0);
-    ECDSA_SIG_free(ecdsaSig);
-
-    EC_KEY_free(key);
-#endif /* OPENSSL_EXTRA && !NO_ECC256 && !NO_ECC_SECP */
-    return EXPECT_RESULT();
-}
-
-static int test_ECDH_compute_key(void)
-{
-    EXPECT_DECLS;
-#if defined(OPENSSL_EXTRA) && !defined(NO_ECC256) && !defined(NO_ECC_SECP) && \
-    !defined(WOLF_CRYPTO_CB_ONLY_ECC)
-    EC_KEY* key1 = NULL;
-    EC_KEY* key2 = NULL;
-    EC_POINT* pub1 = NULL;
-    EC_POINT* pub2 = NULL;
-    byte secret1[32];
-    byte secret2[32];
-    int i;
-
-    ExpectNotNull(key1 = EC_KEY_new_by_curve_name(NID_X9_62_prime256v1));
-    ExpectIntEQ(EC_KEY_generate_key(key1), 1);
-    ExpectNotNull(pub1 = wolfSSL_EC_KEY_get0_public_key(key1));
-    ExpectNotNull(key2 = EC_KEY_new_by_curve_name(NID_X9_62_prime256v1));
-    ExpectIntEQ(EC_KEY_generate_key(key2), 1);
-    ExpectNotNull(pub2 = wolfSSL_EC_KEY_get0_public_key(key2));
-
-    ExpectIntEQ(ECDH_compute_key(NULL, sizeof(secret1), NULL, NULL, NULL), 0);
-    ExpectIntEQ(ECDH_compute_key(secret1, sizeof(secret1), NULL, NULL, NULL),
-        0);
-    ExpectIntEQ(ECDH_compute_key(NULL, sizeof(secret1), pub2, NULL, NULL), 0);
-    ExpectIntEQ(ECDH_compute_key(NULL, sizeof(secret1), NULL, key1, NULL), 0);
-    ExpectIntEQ(ECDH_compute_key(NULL, sizeof(secret1), pub2, key1, NULL), 0);
-    ExpectIntEQ(ECDH_compute_key(secret1, sizeof(secret1), NULL, key1, NULL),
-        0);
-    ExpectIntEQ(ECDH_compute_key(secret1, sizeof(secret1), pub2, NULL, NULL),
-        0);
-
-    ExpectIntEQ(ECDH_compute_key(secret1, sizeof(secret1) - 16, pub2, key1,
-        NULL), 0);
-
-    ExpectIntEQ(ECDH_compute_key(secret1, sizeof(secret1), pub2, key1, NULL),
-        sizeof(secret1));
-    ExpectIntEQ(ECDH_compute_key(secret2, sizeof(secret2), pub1, key2, NULL),
-        sizeof(secret2));
-
-    for (i = 0; i < (int)sizeof(secret1); i++) {
-        ExpectIntEQ(secret1[i], secret2[i]);
-    }
-
-    EC_KEY_free(key2);
-    EC_KEY_free(key1);
-#endif /* OPENSSL_EXTRA && !NO_ECC256 && !NO_ECC_SECP &&
-        * !WOLF_CRYPTO_CB_ONLY_ECC */
-    return EXPECT_RESULT();
-}
-
-#endif /* HAVE_ECC && !OPENSSL_NO_PK */
-
 #if defined(OPENSSL_EXTRA) && !defined(NO_CERTS) && \
     defined(WOLFSSL_CERT_GEN) && defined(WOLFSSL_CERT_REQ) && \
     !defined(NO_ASN_TIME)
@@ -57812,10 +41462,10 @@ static int test_wolfSSL_dtls_bad_record(void)
     !defined(NO_WOLFSSL_CLIENT) && !defined(NO_WOLFSSL_SERVER) && \
     defined(HAVE_IO_TESTS_DEPENDENCIES)
 static volatile int test_AEAD_seq_num = 0;
-#ifdef WOLFSSL_ATOMIC_INITIALIZER
-wolfSSL_Atomic_Int test_AEAD_done = WOLFSSL_ATOMIC_INITIALIZER(0);
-#else
+#ifdef WOLFSSL_NO_ATOMICS
 static volatile int test_AEAD_done = 0;
+#else
+wolfSSL_Atomic_Int test_AEAD_done = WOLFSSL_ATOMIC_INITIALIZER(0);
 #endif
 #ifdef WOLFSSL_MUTEX_INITIALIZER
 static wolfSSL_Mutex test_AEAD_mutex = WOLFSSL_MUTEX_INITIALIZER(test_AEAD_mutex);
@@ -58361,6 +42011,7 @@ static int test_wolfSSL_dtls_stateless(void)
 
 #ifdef HAVE_CERT_CHAIN_VALIDATION
 #ifndef WOLFSSL_TEST_APPLE_NATIVE_CERT_VALIDATION
+#ifdef WOLFSSL_PEM_TO_DER
 static int load_ca_into_cm(WOLFSSL_CERT_MANAGER* cm, char* certA)
 {
     int ret;
@@ -58378,7 +42029,7 @@ static int load_ca_into_cm(WOLFSSL_CERT_MANAGER* cm, char* certA)
 static int verify_cert_with_cm(WOLFSSL_CERT_MANAGER* cm, char* certA)
 {
     int ret;
-    if ((ret = wolfSSL_CertManagerVerify(cm, certA, WOLFSSL_FILETYPE_PEM))
+    if ((ret = wolfSSL_CertManagerVerify(cm, certA, CERT_FILETYPE))
                                                          != WOLFSSL_SUCCESS) {
         fprintf(stderr, "could not verify the cert: %s\n", certA);
         fprintf(stderr, "Error: (%d): %s\n", ret,
@@ -58598,6 +42249,7 @@ static int test_various_pathlen_chains(void)
     return EXPECT_RESULT();
 }
 #endif
+#endif
 #endif /* !NO_RSA && !NO_SHA && !NO_FILESYSTEM && !NO_CERTS */
 
 #if defined(HAVE_KEYING_MATERIAL) && defined(HAVE_SSL_MEMIO_TESTS_DEPENDENCIES)
@@ -63136,77 +46788,6 @@ static int test_multiple_alerts_EAGAIN(void)
 }
 #endif
 
-#if defined(WOLFSSL_TLS13) && defined(HAVE_MANUAL_MEMIO_TESTS_DEPENDENCIES)\
-    && !defined(NO_PSK)
-static unsigned int test_tls13_bad_psk_binder_client_cb(WOLFSSL* ssl,
-        const char* hint, char* identity, unsigned int id_max_len,
-        unsigned char* key, unsigned int key_max_len)
-{
-    (void)ssl;
-    (void)hint;
-    (void)key_max_len;
-
-    /* see internal.h MAX_PSK_ID_LEN for PSK identity limit */
-    XSTRNCPY(identity, "Client_identity", id_max_len);
-
-    key[0] = 0x20;
-    return 1;
-}
-
-static unsigned int test_tls13_bad_psk_binder_server_cb(WOLFSSL* ssl,
-        const char* id, unsigned char* key, unsigned int key_max_len)
-{
-    (void)ssl;
-    (void)id;
-    (void)key_max_len;
-    /* zero means error */
-    key[0] = 0x10;
-    return 1;
-}
-#endif
-
-static int test_tls13_bad_psk_binder(void)
-{
-    EXPECT_DECLS;
-#if defined(WOLFSSL_TLS13) && defined(HAVE_MANUAL_MEMIO_TESTS_DEPENDENCIES)\
-    && !defined(NO_PSK)
-    WOLFSSL_CTX *ctx_c = NULL;
-    WOLFSSL_CTX *ctx_s = NULL;
-    WOLFSSL *ssl_c = NULL;
-    WOLFSSL *ssl_s = NULL;
-    struct test_memio_ctx test_ctx;
-    WOLFSSL_ALERT_HISTORY h;
-
-    XMEMSET(&test_ctx, 0, sizeof(test_ctx));
-    ExpectIntEQ(test_memio_setup(&test_ctx, &ctx_c, &ctx_s, &ssl_c, &ssl_s,
-        wolfTLSv1_3_client_method, wolfTLSv1_3_server_method), 0);
-
-    wolfSSL_set_psk_client_callback(ssl_c, test_tls13_bad_psk_binder_client_cb);
-    wolfSSL_set_psk_server_callback(ssl_s, test_tls13_bad_psk_binder_server_cb);
-
-    ExpectIntNE(wolfSSL_connect(ssl_c), WOLFSSL_SUCCESS);
-    ExpectIntEQ(wolfSSL_get_error(ssl_c, WC_NO_ERR_TRACE(WOLFSSL_FATAL_ERROR)),
-        WOLFSSL_ERROR_WANT_READ);
-
-    ExpectIntNE(wolfSSL_accept(ssl_s), WOLFSSL_SUCCESS);
-    ExpectIntEQ( wolfSSL_get_error(ssl_s, WC_NO_ERR_TRACE(WOLFSSL_FATAL_ERROR)),
-        WC_NO_ERR_TRACE(BAD_BINDER));
-
-    ExpectIntNE(wolfSSL_connect(ssl_c), WOLFSSL_SUCCESS);
-    ExpectIntEQ(wolfSSL_get_error(ssl_c, WC_NO_ERR_TRACE(WOLFSSL_FATAL_ERROR)),
-        WC_NO_ERR_TRACE(FATAL_ERROR));
-    ExpectIntEQ(wolfSSL_get_alert_history(ssl_c, &h), WOLFSSL_SUCCESS);
-    ExpectIntEQ(h.last_rx.code, illegal_parameter);
-    ExpectIntEQ(h.last_rx.level, alert_fatal);
-
-    wolfSSL_free(ssl_c);
-    wolfSSL_CTX_free(ctx_c);
-    wolfSSL_free(ssl_s);
-    wolfSSL_CTX_free(ctx_s);
-#endif
-    return EXPECT_RESULT();
-}
-
 #if defined(WOLFSSL_HARDEN_TLS) && !defined(WOLFSSL_NO_TLS12) && \
         defined(HAVE_IO_TESTS_DEPENDENCIES)
 static int test_harden_no_secure_renegotiation_io_cb(WOLFSSL *ssl, char *buf,
@@ -63396,115 +46977,6 @@ static int test_override_alt_cert_chain(void)
 }
 #endif
 
-#if defined(HAVE_RPK) && !defined(NO_TLS)
-
-#define svrRpkCertFile     "./certs/rpk/server-cert-rpk.der"
-#define clntRpkCertFile    "./certs/rpk/client-cert-rpk.der"
-
-#if defined(WOLFSSL_ALWAYS_VERIFY_CB) && defined(WOLFSSL_TLS13)
-static int MyRpkVerifyCb(int mode, WOLFSSL_X509_STORE_CTX* strctx)
-{
-    int ret = WOLFSSL_SUCCESS;
-    (void)mode;
-    (void)strctx;
-    WOLFSSL_ENTER("MyRpkVerifyCb");
-    return ret;
-}
-#endif /* WOLFSSL_ALWAYS_VERIFY_CB && WOLFSSL_TLS13 */
-
-static WC_INLINE int test_rpk_memio_setup(
-    struct test_memio_ctx *ctx,
-    WOLFSSL_CTX **ctx_c,
-    WOLFSSL_CTX **ctx_s,
-    WOLFSSL **ssl_c,
-    WOLFSSL **ssl_s,
-    method_provider method_c,
-    method_provider method_s,
-    const char* certfile_c, int fmt_cc, /* client cert file path and format */
-    const char* certfile_s, int fmt_cs, /* server cert file path and format */
-    const char* pkey_c,     int fmt_kc, /* client private key and format */
-    const char* pkey_s,     int fmt_ks  /* server private key and format */
-    )
-{
-    int ret;
-    if (ctx_c != NULL && *ctx_c == NULL) {
-        *ctx_c = wolfSSL_CTX_new(method_c());
-        if (*ctx_c == NULL) {
-            return -1;
-        }
-        wolfSSL_CTX_set_verify(*ctx_c, WOLFSSL_VERIFY_PEER, NULL);
-
-        ret = wolfSSL_CTX_load_verify_locations(*ctx_c, caCertFile, 0);
-        if (ret != WOLFSSL_SUCCESS) {
-            return -1;
-        }
-        wolfSSL_SetIORecv(*ctx_c, test_memio_read_cb);
-        wolfSSL_SetIOSend(*ctx_c, test_memio_write_cb);
-
-        ret = wolfSSL_CTX_use_certificate_file(*ctx_c, certfile_c, fmt_cc);
-        if (ret != WOLFSSL_SUCCESS) {
-            return -1;
-        }
-        ret = wolfSSL_CTX_use_PrivateKey_file(*ctx_c, pkey_c, fmt_kc);
-        if (ret != WOLFSSL_SUCCESS) {
-            return -1;
-        }
-    }
-
-    if (ctx_s != NULL && *ctx_s == NULL) {
-        *ctx_s = wolfSSL_CTX_new(method_s());
-        if (*ctx_s == NULL) {
-            return -1;
-        }
-        wolfSSL_CTX_set_verify(*ctx_s, WOLFSSL_VERIFY_PEER, NULL);
-
-        ret = wolfSSL_CTX_load_verify_locations(*ctx_s, cliCertFile, 0);
-        if (ret != WOLFSSL_SUCCESS) {
-            return -1;
-        }
-
-        ret = wolfSSL_CTX_use_PrivateKey_file(*ctx_s, pkey_s, fmt_ks);
-        if (ret != WOLFSSL_SUCCESS) {
-            return -1;
-        }
-        ret = wolfSSL_CTX_use_certificate_file(*ctx_s, certfile_s, fmt_cs);
-        if (ret != WOLFSSL_SUCCESS) {
-            return -1;
-        }
-        wolfSSL_SetIORecv(*ctx_s, test_memio_read_cb);
-        wolfSSL_SetIOSend(*ctx_s, test_memio_write_cb);
-        if (ctx->s_ciphers != NULL) {
-            ret = wolfSSL_CTX_set_cipher_list(*ctx_s, ctx->s_ciphers);
-            if (ret != WOLFSSL_SUCCESS) {
-                return -1;
-            }
-        }
-    }
-
-    if (ctx_c != NULL && ssl_c != NULL) {
-        *ssl_c = wolfSSL_new(*ctx_c);
-        if (*ssl_c == NULL) {
-            return -1;
-        }
-        wolfSSL_SetIOWriteCtx(*ssl_c, ctx);
-        wolfSSL_SetIOReadCtx(*ssl_c, ctx);
-    }
-    if (ctx_s != NULL && ssl_s != NULL) {
-        *ssl_s = wolfSSL_new(*ctx_s);
-        if (*ssl_s == NULL) {
-            return -1;
-        }
-        wolfSSL_SetIOWriteCtx(*ssl_s, ctx);
-        wolfSSL_SetIOReadCtx(*ssl_s, ctx);
-#if !defined(NO_DH)
-        SetDH(*ssl_s);
-#endif
-    }
-
-    return 0;
-}
-#endif /* HAVE_RPK && !NO_TLS */
-
 static int test_rpk_set_xxx_cert_type(void)
 {
     EXPECT_DECLS;
@@ -63739,689 +47211,6 @@ static int test_rpk_set_xxx_cert_type(void)
     return EXPECT_RESULT();
 }
 
-static int test_tls13_rpk_handshake(void)
-{
-    EXPECT_DECLS;
-#if defined(HAVE_RPK) && (!defined(WOLFSSL_NO_TLS12) || defined(WOLFSSL_TLS13))
-#ifdef WOLFSSL_TLS13
-    int ret = 0;
-#endif
-    WOLFSSL_CTX *ctx_c = NULL, *ctx_s = NULL;
-    WOLFSSL *ssl_c = NULL, *ssl_s = NULL;
-    struct test_memio_ctx test_ctx;
-    int err;
-    char certType_c[MAX_CLIENT_CERT_TYPE_CNT];
-    char certType_s[MAX_CLIENT_CERT_TYPE_CNT];
-    int typeCnt_c;
-    int typeCnt_s;
-    int tp = 0;
-#if defined(WOLFSSL_ALWAYS_VERIFY_CB) && defined(WOLFSSL_TLS13)
-    int isServer;
-#endif
-
-    (void)err;
-    (void)typeCnt_c;
-    (void)typeCnt_s;
-    (void)certType_c;
-    (void)certType_s;
-
-#ifndef WOLFSSL_NO_TLS12
-    /*  TLS1.2
-     *  Both client and server load x509 cert and start handshaking.
-     *  Check no negotiation occurred.
-     */
-    XMEMSET(&test_ctx, 0, sizeof(test_ctx));
-
-    ExpectIntEQ(
-        test_rpk_memio_setup(
-            &test_ctx, &ctx_c, &ctx_s, &ssl_c, &ssl_s,
-            wolfTLSv1_2_client_method, wolfTLSv1_2_server_method,
-            cliCertFile,     WOLFSSL_FILETYPE_PEM,
-            svrCertFile,     WOLFSSL_FILETYPE_PEM,
-            cliKeyFile,      WOLFSSL_FILETYPE_PEM,
-            svrKeyFile,      WOLFSSL_FILETYPE_PEM)
-        , 0);
-
-
-    /* set client certificate type in client end */
-    certType_c[0] = WOLFSSL_CERT_TYPE_RPK;
-    certType_c[1] = WOLFSSL_CERT_TYPE_X509;
-    typeCnt_c = 2;
-
-    certType_s[0] = WOLFSSL_CERT_TYPE_RPK;
-    certType_s[1] = WOLFSSL_CERT_TYPE_X509;
-    typeCnt_s = 2;
-
-    /*  both client and server do not call client/server_cert_type APIs,
-     *  expecting default settings works and no negotiation performed.
-     */
-
-    ExpectIntEQ(test_memio_do_handshake(ssl_c, ssl_s, 10, NULL), 0);
-
-    /* confirm no negotiation occurred */
-    ExpectIntEQ(wolfSSL_get_negotiated_client_cert_type(ssl_c, &tp),
-                                                            WOLFSSL_SUCCESS);
-    ExpectIntEQ((int)tp, WOLFSSL_CERT_TYPE_UNKNOWN);
-    ExpectIntEQ(wolfSSL_get_negotiated_server_cert_type(ssl_c, &tp),
-                                                            WOLFSSL_SUCCESS);
-    ExpectIntEQ(tp, WOLFSSL_CERT_TYPE_UNKNOWN);
-    ExpectIntEQ(wolfSSL_get_negotiated_client_cert_type(ssl_s, &tp),
-                                                            WOLFSSL_SUCCESS);
-    ExpectIntEQ(tp, WOLFSSL_CERT_TYPE_UNKNOWN);
-
-    ExpectIntEQ(wolfSSL_get_negotiated_server_cert_type(ssl_s, &tp),
-                                                            WOLFSSL_SUCCESS);
-    ExpectIntEQ(tp, WOLFSSL_CERT_TYPE_UNKNOWN);
-
-    (void)typeCnt_c;
-    (void)typeCnt_s;
-
-    wolfSSL_free(ssl_c);
-    wolfSSL_CTX_free(ctx_c);
-    wolfSSL_free(ssl_s);
-    wolfSSL_CTX_free(ctx_s);
-    ssl_c = ssl_s = NULL;
-    ctx_c = ctx_s = NULL;
-#endif
-
-#ifdef WOLFSSL_TLS13
-    /*  Both client and server load x509 cert and start handshaking.
-     *  Check no negotiation occurred.
-     */
-    XMEMSET(&test_ctx, 0, sizeof(test_ctx));
-
-    ExpectIntEQ(
-        test_rpk_memio_setup(
-            &test_ctx, &ctx_c, &ctx_s, &ssl_c, &ssl_s,
-            wolfTLSv1_3_client_method, wolfTLSv1_3_server_method,
-            cliCertFile,     WOLFSSL_FILETYPE_PEM,
-            svrCertFile,     WOLFSSL_FILETYPE_PEM,
-            cliKeyFile,      WOLFSSL_FILETYPE_PEM,
-            svrKeyFile,      WOLFSSL_FILETYPE_PEM )
-        , 0);
-
-    /* set client certificate type in client end */
-    certType_c[0] = WOLFSSL_CERT_TYPE_RPK;
-    certType_c[1] = WOLFSSL_CERT_TYPE_X509;
-    typeCnt_c = 2;
-
-    certType_s[0] = WOLFSSL_CERT_TYPE_RPK;
-    certType_s[1] = WOLFSSL_CERT_TYPE_X509;
-    typeCnt_s = 2;
-
-    /*  both client and server do not call client/server_cert_type APIs,
-     *  expecting default settings works and no negotiation performed.
-     */
-
-    ExpectIntEQ(test_memio_do_handshake(ssl_c, ssl_s, 10, NULL), 0);
-
-    /* confirm no negotiation occurred */
-    ExpectIntEQ(wolfSSL_get_negotiated_client_cert_type(ssl_c, &tp),
-                                                        WOLFSSL_SUCCESS);
-    ExpectIntEQ((int)tp, WOLFSSL_CERT_TYPE_UNKNOWN);
-
-    ExpectIntEQ(wolfSSL_get_negotiated_server_cert_type(ssl_c, &tp),
-                                                        WOLFSSL_SUCCESS);
-    ExpectIntEQ(tp, WOLFSSL_CERT_TYPE_UNKNOWN);
-
-    ExpectIntEQ(wolfSSL_get_negotiated_client_cert_type(ssl_s, &tp),
-                                                        WOLFSSL_SUCCESS);
-    ExpectIntEQ(tp, WOLFSSL_CERT_TYPE_UNKNOWN);
-
-    ExpectIntEQ(wolfSSL_get_negotiated_server_cert_type(ssl_s, &tp),
-                                                        WOLFSSL_SUCCESS);
-    ExpectIntEQ(tp, WOLFSSL_CERT_TYPE_UNKNOWN);
-
-    (void)typeCnt_c;
-    (void)typeCnt_s;
-
-    wolfSSL_free(ssl_c);
-    wolfSSL_CTX_free(ctx_c);
-    wolfSSL_free(ssl_s);
-    wolfSSL_CTX_free(ctx_s);
-    ssl_c = ssl_s = NULL;
-    ctx_c = ctx_s = NULL;
-
-
-    /*  Both client and server load RPK cert and start handshaking.
-     *  Confirm negotiated cert types match as expected.
-     */
-    XMEMSET(&test_ctx, 0, sizeof(test_ctx));
-
-    ExpectIntEQ(
-        test_rpk_memio_setup(
-            &test_ctx, &ctx_c, &ctx_s, &ssl_c, &ssl_s,
-            wolfTLSv1_3_client_method, wolfTLSv1_3_server_method,
-            clntRpkCertFile, WOLFSSL_FILETYPE_ASN1,
-            svrRpkCertFile,  WOLFSSL_FILETYPE_ASN1,
-            cliKeyFile,      WOLFSSL_FILETYPE_PEM,
-            svrKeyFile,      WOLFSSL_FILETYPE_PEM )
-        , 0);
-
-    /* set client certificate type in client end */
-    certType_c[0] = WOLFSSL_CERT_TYPE_RPK;
-    certType_c[1] = WOLFSSL_CERT_TYPE_X509;
-    typeCnt_c = 2;
-
-    certType_s[0] = WOLFSSL_CERT_TYPE_RPK;
-    certType_s[1] = WOLFSSL_CERT_TYPE_X509;
-    typeCnt_s = 2;
-
-    ExpectIntEQ(wolfSSL_set_client_cert_type(ssl_c, certType_c, typeCnt_c),
-                                                        WOLFSSL_SUCCESS);
-
-    /* set server certificate type in client end */
-    ExpectIntEQ(wolfSSL_set_server_cert_type(ssl_c, certType_s, typeCnt_s),
-                                                        WOLFSSL_SUCCESS);
-
-    /* set client certificate type in server end */
-    ExpectIntEQ(wolfSSL_set_client_cert_type(ssl_s, certType_c, typeCnt_c),
-                                                        WOLFSSL_SUCCESS);
-
-    /* set server certificate type in server end */
-    ExpectIntEQ(wolfSSL_set_server_cert_type(ssl_s, certType_s, typeCnt_s),
-                                                        WOLFSSL_SUCCESS);
-
-    ExpectIntEQ(test_memio_do_handshake(ssl_c, ssl_s, 10, NULL), 0);
-
-    ExpectIntEQ(wolfSSL_get_negotiated_client_cert_type(ssl_c, &tp),
-                                                        WOLFSSL_SUCCESS);
-    ExpectIntEQ(tp, WOLFSSL_CERT_TYPE_RPK);
-
-    ExpectIntEQ(wolfSSL_get_negotiated_server_cert_type(ssl_c, &tp),
-                                                        WOLFSSL_SUCCESS);
-    ExpectIntEQ(tp, WOLFSSL_CERT_TYPE_RPK);
-
-    ExpectIntEQ(wolfSSL_get_negotiated_client_cert_type(ssl_s, &tp),
-                                                        WOLFSSL_SUCCESS);
-    ExpectIntEQ(tp, WOLFSSL_CERT_TYPE_RPK);
-
-    ExpectIntEQ(wolfSSL_get_negotiated_server_cert_type(ssl_s, &tp),
-                                                        WOLFSSL_SUCCESS);
-    ExpectIntEQ(tp, WOLFSSL_CERT_TYPE_RPK);
-
-    wolfSSL_free(ssl_c);
-    wolfSSL_CTX_free(ctx_c);
-    wolfSSL_free(ssl_s);
-    wolfSSL_CTX_free(ctx_s);
-    ssl_c = ssl_s = NULL;
-    ctx_c = ctx_s = NULL;
-#endif
-
-
-#ifndef WOLFSSL_NO_TLS12
-    /*  TLS1.2
-     *  Both client and server load RPK cert and start handshaking.
-     *  Confirm negotiated cert types match as expected.
-     */
-    XMEMSET(&test_ctx, 0, sizeof(test_ctx));
-
-    ExpectIntEQ(
-        test_rpk_memio_setup(
-            &test_ctx, &ctx_c, &ctx_s, &ssl_c, &ssl_s,
-            wolfTLSv1_2_client_method, wolfTLSv1_2_server_method,
-            clntRpkCertFile, WOLFSSL_FILETYPE_ASN1,
-            svrRpkCertFile,  WOLFSSL_FILETYPE_ASN1,
-            cliKeyFile,      WOLFSSL_FILETYPE_PEM,
-            svrKeyFile,      WOLFSSL_FILETYPE_PEM )
-        , 0);
-
-    /* set client certificate type in client end */
-    certType_c[0] = WOLFSSL_CERT_TYPE_RPK;
-    certType_c[1] = WOLFSSL_CERT_TYPE_X509;
-    typeCnt_c = 2;
-
-    certType_s[0] = WOLFSSL_CERT_TYPE_RPK;
-    certType_s[1] = WOLFSSL_CERT_TYPE_X509;
-    typeCnt_s = 2;
-
-    ExpectIntEQ(wolfSSL_set_client_cert_type(ssl_c, certType_c, typeCnt_c),
-                                                        WOLFSSL_SUCCESS);
-
-    /* set server certificate type in client end */
-    ExpectIntEQ(wolfSSL_set_server_cert_type(ssl_c, certType_s, typeCnt_s),
-                                                        WOLFSSL_SUCCESS);
-
-    /* set client certificate type in server end */
-    ExpectIntEQ(wolfSSL_set_client_cert_type(ssl_s, certType_c, typeCnt_c),
-                                                        WOLFSSL_SUCCESS);
-
-    /* set server certificate type in server end */
-    ExpectIntEQ(wolfSSL_set_server_cert_type(ssl_s, certType_s, typeCnt_s),
-                                                        WOLFSSL_SUCCESS);
-
-    if (test_memio_do_handshake(ssl_c, ssl_s, 10, NULL) != 0)
-        return TEST_FAIL;
-
-    ExpectIntEQ(wolfSSL_get_negotiated_client_cert_type(ssl_c, &tp),
-                                                        WOLFSSL_SUCCESS);
-    ExpectIntEQ(tp, WOLFSSL_CERT_TYPE_RPK);
-
-    ExpectIntEQ(wolfSSL_get_negotiated_server_cert_type(ssl_c, &tp),
-                                                        WOLFSSL_SUCCESS);
-    ExpectIntEQ(tp, WOLFSSL_CERT_TYPE_RPK);
-
-    ExpectIntEQ(wolfSSL_get_negotiated_client_cert_type(ssl_s, &tp),
-                                                        WOLFSSL_SUCCESS);
-    ExpectIntEQ(tp, WOLFSSL_CERT_TYPE_RPK);
-
-    ExpectIntEQ(wolfSSL_get_negotiated_server_cert_type(ssl_s, &tp),
-                                                        WOLFSSL_SUCCESS);
-    ExpectIntEQ(tp, WOLFSSL_CERT_TYPE_RPK);
-
-    wolfSSL_free(ssl_c);
-    wolfSSL_CTX_free(ctx_c);
-    wolfSSL_free(ssl_s);
-    wolfSSL_CTX_free(ctx_s);
-    ssl_c = ssl_s = NULL;
-    ctx_c = ctx_s = NULL;
-#endif
-
-
-#ifdef WOLFSSL_TLS13
-    /*  Both client and server load x509 cert.
-     *  Have client call set_client_cert_type with both RPK and x509.
-     *  This doesn't makes client add client cert type extension to ClientHello,
-     *  since it does not load RPK cert actually.
-     */
-    XMEMSET(&test_ctx, 0, sizeof(test_ctx));
-
-    ExpectIntEQ(
-        test_rpk_memio_setup(
-            &test_ctx, &ctx_c, &ctx_s, &ssl_c, &ssl_s,
-            wolfTLSv1_3_client_method, wolfTLSv1_3_server_method,
-            cliCertFile,     WOLFSSL_FILETYPE_PEM,
-            svrCertFile,     WOLFSSL_FILETYPE_PEM,
-            cliKeyFile,      WOLFSSL_FILETYPE_PEM,
-            svrKeyFile,      WOLFSSL_FILETYPE_PEM )
-        , 0);
-
-    /* set client certificate type in client end
-     *
-     * client indicates both RPK and x509 certs are available but loaded RPK
-     * cert only. It does not have client add client-cert-type extension in CH.
-     */
-    certType_c[0] = WOLFSSL_CERT_TYPE_RPK;
-    certType_c[1] = WOLFSSL_CERT_TYPE_X509;
-    typeCnt_c = 2;
-
-    ExpectIntEQ(wolfSSL_set_client_cert_type(ssl_c, certType_c, typeCnt_c),
-                                                        WOLFSSL_SUCCESS);
-
-    /* client indicates both RPK and x509 certs are acceptable */
-    certType_s[0] = WOLFSSL_CERT_TYPE_RPK;
-    certType_s[1] = WOLFSSL_CERT_TYPE_X509;
-    typeCnt_s = 2;
-
-    ExpectIntEQ(wolfSSL_set_server_cert_type(ssl_c, certType_s, typeCnt_s),
-                                                        WOLFSSL_SUCCESS);
-
-    /* server indicates both RPK and x509 certs are acceptable */
-    certType_c[0] = WOLFSSL_CERT_TYPE_RPK;
-    certType_c[1] = WOLFSSL_CERT_TYPE_X509;
-    typeCnt_c = 2;
-
-    ExpectIntEQ(wolfSSL_set_client_cert_type(ssl_s, certType_c, typeCnt_c),
-                                                        WOLFSSL_SUCCESS);
-
-    /* server should indicate only RPK cert is available */
-    certType_s[0] = WOLFSSL_CERT_TYPE_X509;
-    certType_s[1] = -1;
-    typeCnt_s = 1;
-
-    ExpectIntEQ(wolfSSL_set_server_cert_type(ssl_s, certType_s, typeCnt_s),
-                                                        WOLFSSL_SUCCESS);
-
-    if (test_memio_do_handshake(ssl_c, ssl_s, 10, NULL) != 0)
-        return TEST_FAIL;
-
-    /* Negotiation for client-cert-type should NOT happen. Therefore -1 should
-     * be returned as cert type.
-     */
-    ExpectIntEQ(wolfSSL_get_negotiated_client_cert_type(ssl_c, &tp),
-                                                        WOLFSSL_SUCCESS);
-    ExpectIntEQ(tp, WOLFSSL_CERT_TYPE_UNKNOWN);
-
-    ExpectIntEQ(wolfSSL_get_negotiated_server_cert_type(ssl_c, &tp),
-                                                        WOLFSSL_SUCCESS);
-    ExpectIntEQ(tp, WOLFSSL_CERT_TYPE_X509);
-
-    ExpectIntEQ(wolfSSL_get_negotiated_client_cert_type(ssl_s, &tp),
-                                                        WOLFSSL_SUCCESS);
-    ExpectIntEQ(tp, WOLFSSL_CERT_TYPE_UNKNOWN);
-
-    ExpectIntEQ(wolfSSL_get_negotiated_server_cert_type(ssl_s, &tp),
-                                                        WOLFSSL_SUCCESS);
-    ExpectIntEQ(tp, WOLFSSL_CERT_TYPE_X509);
-
-    wolfSSL_free(ssl_c);
-    wolfSSL_CTX_free(ctx_c);
-    wolfSSL_free(ssl_s);
-    wolfSSL_CTX_free(ctx_s);
-    ssl_c = ssl_s = NULL;
-    ctx_c = ctx_s = NULL;
-
-
-    /*  Have client load RPK cert and have server load x509 cert.
-     *  Check the negotiation result from both ends.
-     */
-    XMEMSET(&test_ctx, 0, sizeof(test_ctx));
-
-    ExpectIntEQ(
-        test_rpk_memio_setup(
-            &test_ctx, &ctx_c, &ctx_s, &ssl_c, &ssl_s,
-            wolfTLSv1_3_client_method, wolfTLSv1_3_server_method,
-            clntRpkCertFile, WOLFSSL_FILETYPE_ASN1,
-            svrCertFile,     WOLFSSL_FILETYPE_PEM,
-            cliKeyFile,      WOLFSSL_FILETYPE_PEM,
-            svrKeyFile,      WOLFSSL_FILETYPE_PEM )
-        , 0);
-
-    /* have client tell to use RPK cert */
-    certType_c[0] = WOLFSSL_CERT_TYPE_RPK;
-    certType_c[1] = -1;
-    typeCnt_c = 1;
-
-    ExpectIntEQ(wolfSSL_set_client_cert_type(ssl_c, certType_c, typeCnt_c),
-                                                        WOLFSSL_SUCCESS);
-
-    /* have client tell to accept both RPK and x509 cert */
-    certType_s[0] = WOLFSSL_CERT_TYPE_X509;
-    certType_s[1] = WOLFSSL_CERT_TYPE_RPK;
-    typeCnt_s = 2;
-
-    ExpectIntEQ(wolfSSL_set_server_cert_type(ssl_c, certType_s, typeCnt_s),
-                                                        WOLFSSL_SUCCESS);
-
-    /* have server accept to both RPK and x509 cert */
-    certType_c[0] = WOLFSSL_CERT_TYPE_X509;
-    certType_c[1] = WOLFSSL_CERT_TYPE_RPK;
-    typeCnt_c = 2;
-
-    ExpectIntEQ(wolfSSL_set_client_cert_type(ssl_s, certType_c, typeCnt_c),
-                                                        WOLFSSL_SUCCESS);
-
-    /* does not call wolfSSL_set_server_cert_type intentionally in sesrver
-     * end, expecting the default setting works.
-     */
-
-
-    if (test_memio_do_handshake(ssl_c, ssl_s, 10, NULL) != 0)
-        return TEST_FAIL;
-
-    ExpectIntEQ(wolfSSL_get_negotiated_client_cert_type(ssl_c, &tp),
-                                                        WOLFSSL_SUCCESS);
-    ExpectIntEQ(tp, WOLFSSL_CERT_TYPE_RPK);
-
-    ExpectIntEQ(wolfSSL_get_negotiated_server_cert_type(ssl_c, &tp),
-                                                        WOLFSSL_SUCCESS);
-    ExpectIntEQ(tp, WOLFSSL_CERT_TYPE_X509);
-
-    ExpectIntEQ(wolfSSL_get_negotiated_client_cert_type(ssl_s, &tp),
-                                                        WOLFSSL_SUCCESS);
-    ExpectIntEQ(tp, WOLFSSL_CERT_TYPE_RPK);
-
-    ExpectIntEQ(wolfSSL_get_negotiated_server_cert_type(ssl_s, &tp),
-                                                        WOLFSSL_SUCCESS);
-    ExpectIntEQ(tp, WOLFSSL_CERT_TYPE_X509);
-
-    wolfSSL_free(ssl_c);
-    wolfSSL_CTX_free(ctx_c);
-    wolfSSL_free(ssl_s);
-    wolfSSL_CTX_free(ctx_s);
-    ssl_c = ssl_s = NULL;
-    ctx_c = ctx_s = NULL;
-
-
-    /*  Have both client and server load RPK cert, however, have server
-     *  indicate its cert type x509.
-     *  Client is expected to detect the cert type mismatch then to send alert
-     *  with "unsupported_certificate".
-     */
-    XMEMSET(&test_ctx, 0, sizeof(test_ctx));
-
-    ExpectIntEQ(
-        test_rpk_memio_setup(
-            &test_ctx, &ctx_c, &ctx_s, &ssl_c, &ssl_s,
-            wolfTLSv1_3_client_method, wolfTLSv1_3_server_method,
-            clntRpkCertFile, WOLFSSL_FILETYPE_ASN1,
-            svrRpkCertFile,  WOLFSSL_FILETYPE_ASN1, /* server sends RPK cert */
-            cliKeyFile,      WOLFSSL_FILETYPE_PEM,
-            svrKeyFile,      WOLFSSL_FILETYPE_PEM )
-        , 0);
-
-    /* have client tell to use RPK cert */
-    certType_c[0] = WOLFSSL_CERT_TYPE_RPK;
-    certType_c[1] = -1;
-    typeCnt_c = 1;
-
-    ExpectIntEQ(wolfSSL_set_client_cert_type(ssl_c, certType_c, typeCnt_c),
-                                                        WOLFSSL_SUCCESS);
-
-    /* have client tell to accept both RPK and x509 cert */
-    certType_s[0] = WOLFSSL_CERT_TYPE_X509;
-    certType_s[1] = WOLFSSL_CERT_TYPE_RPK;
-    typeCnt_s = 2;
-
-    ExpectIntEQ(wolfSSL_set_server_cert_type(ssl_c, certType_s, typeCnt_s),
-                                                        WOLFSSL_SUCCESS);
-
-    /* have server accept to both RPK and x509 cert */
-    certType_c[0] = WOLFSSL_CERT_TYPE_X509;
-    certType_c[1] = WOLFSSL_CERT_TYPE_RPK;
-    typeCnt_c = 2;
-
-    ExpectIntEQ(wolfSSL_set_client_cert_type(ssl_s, certType_c, typeCnt_c),
-                                                        WOLFSSL_SUCCESS);
-
-    /* have server tell to use x509 cert intentionally. This will bring
-     * certificate type mismatch in client side.
-     */
-    certType_s[0] = WOLFSSL_CERT_TYPE_X509;
-    certType_s[1] = -1;
-    typeCnt_s = 1;
-
-    ExpectIntEQ(wolfSSL_set_server_cert_type(ssl_s, certType_s, typeCnt_s),
-                                                        WOLFSSL_SUCCESS);
-
-    /* expect client detect cert type mismatch then send Alert */
-    ret = test_memio_do_handshake(ssl_c, ssl_s, 10, NULL);
-    if (ret != -1)
-        return TEST_FAIL;
-
-    ExpectIntEQ(wolfSSL_get_error(ssl_c, ret), WC_NO_ERR_TRACE(UNSUPPORTED_CERTIFICATE));
-
-    ExpectIntEQ(wolfSSL_get_negotiated_client_cert_type(ssl_c, &tp),
-                                                        WOLFSSL_SUCCESS);
-    ExpectIntEQ(tp, WOLFSSL_CERT_TYPE_RPK);
-
-    ExpectIntEQ(wolfSSL_get_negotiated_server_cert_type(ssl_c, &tp),
-                                                        WOLFSSL_SUCCESS);
-    ExpectIntEQ(tp, WOLFSSL_CERT_TYPE_X509);
-
-    ExpectIntEQ(wolfSSL_get_negotiated_client_cert_type(ssl_s, &tp),
-                                                        WOLFSSL_SUCCESS);
-    ExpectIntEQ(tp, WOLFSSL_CERT_TYPE_RPK);
-
-    ExpectIntEQ(wolfSSL_get_negotiated_server_cert_type(ssl_s, &tp),
-                                                        WOLFSSL_SUCCESS);
-    ExpectIntEQ(tp, WOLFSSL_CERT_TYPE_X509);
-
-    wolfSSL_free(ssl_c);
-    wolfSSL_CTX_free(ctx_c);
-    wolfSSL_free(ssl_s);
-    wolfSSL_CTX_free(ctx_s);
-    ssl_c = ssl_s = NULL;
-    ctx_c = ctx_s = NULL;
-
-
-    /*  Have client load x509 cert and server load RPK cert,
-     *  however, have client indicate its cert type RPK.
-     *  Server is expected to detect the cert type mismatch then to send alert
-     *  with "unsupported_certificate".
-     */
-    XMEMSET(&test_ctx, 0, sizeof(test_ctx));
-
-    ExpectIntEQ(
-        test_rpk_memio_setup(
-            &test_ctx, &ctx_c, &ctx_s, &ssl_c, &ssl_s,
-            wolfTLSv1_3_client_method, wolfTLSv1_3_server_method,
-            cliCertFile,     WOLFSSL_FILETYPE_PEM,
-            svrRpkCertFile,  WOLFSSL_FILETYPE_ASN1,
-            cliKeyFile,      WOLFSSL_FILETYPE_PEM,
-            svrKeyFile,      WOLFSSL_FILETYPE_PEM )
-        , 0);
-
-    /* have client tell to use RPK cert intentionally */
-    certType_c[0] = WOLFSSL_CERT_TYPE_RPK;
-    certType_c[1] = -1;
-    typeCnt_c = 1;
-
-    ExpectIntEQ(wolfSSL_set_client_cert_type(ssl_c, certType_c, typeCnt_c),
-                                                        WOLFSSL_SUCCESS);
-
-    /* have client tell to accept both RPK and x509 cert */
-    certType_s[0] = WOLFSSL_CERT_TYPE_X509;
-    certType_s[1] = WOLFSSL_CERT_TYPE_RPK;
-    typeCnt_s = 2;
-
-    ExpectIntEQ(wolfSSL_set_server_cert_type(ssl_c, certType_s, typeCnt_s),
-                                                        WOLFSSL_SUCCESS);
-
-    /* have server accept to both RPK and x509 cert */
-    certType_c[0] = WOLFSSL_CERT_TYPE_X509;
-    certType_c[1] = WOLFSSL_CERT_TYPE_RPK;
-    typeCnt_c = 2;
-
-    ExpectIntEQ(wolfSSL_set_client_cert_type(ssl_s, certType_c, typeCnt_c),
-                                                        WOLFSSL_SUCCESS);
-
-    /* have server tell to use x509 cert intentionally. This will bring
-     * certificate type mismatch in client side.
-     */
-    certType_s[0] = WOLFSSL_CERT_TYPE_X509;
-    certType_s[1] = -1;
-    typeCnt_s = 1;
-
-    ExpectIntEQ(wolfSSL_set_server_cert_type(ssl_s, certType_s, typeCnt_s),
-                                                        WOLFSSL_SUCCESS);
-
-    ret = test_memio_do_handshake(ssl_c, ssl_s, 10, NULL);
-
-    /* expect server detect cert type mismatch then send Alert */
-    ExpectIntNE(ret, 0);
-    err = wolfSSL_get_error(ssl_c, ret);
-    ExpectIntEQ(err, WC_NO_ERR_TRACE(UNSUPPORTED_CERTIFICATE));
-
-    /* client did not load RPK cert actually, so negotiation did not happen */
-    ExpectIntEQ(wolfSSL_get_negotiated_client_cert_type(ssl_c, &tp),
-                                                        WOLFSSL_SUCCESS);
-    ExpectIntEQ(tp, WOLFSSL_CERT_TYPE_UNKNOWN);
-
-    ExpectIntEQ(wolfSSL_get_negotiated_server_cert_type(ssl_c, &tp),
-                                                        WOLFSSL_SUCCESS);
-    ExpectIntEQ(tp, WOLFSSL_CERT_TYPE_X509);
-
-    /* client did not load RPK cert actually, so negotiation did not happen */
-    ExpectIntEQ(wolfSSL_get_negotiated_client_cert_type(ssl_s, &tp),
-                                                        WOLFSSL_SUCCESS);
-    ExpectIntEQ(tp, WOLFSSL_CERT_TYPE_UNKNOWN);
-
-    ExpectIntEQ(wolfSSL_get_negotiated_server_cert_type(ssl_s, &tp),
-                                                        WOLFSSL_SUCCESS);
-    ExpectIntEQ(tp, WOLFSSL_CERT_TYPE_X509);
-
-    wolfSSL_free(ssl_c);
-    wolfSSL_CTX_free(ctx_c);
-    wolfSSL_free(ssl_s);
-    wolfSSL_CTX_free(ctx_s);
-    ssl_c = ssl_s = NULL;
-    ctx_c = ctx_s = NULL;
-
-
-#if defined(WOLFSSL_ALWAYS_VERIFY_CB)
-    /*  Both client and server load RPK cert and set certificate verify
-     *  callbacks then start handshaking.
-     *  Confirm both side can refer the peer's cert.
-     */
-    XMEMSET(&test_ctx, 0, sizeof(test_ctx));
-
-    ExpectIntEQ(
-        test_rpk_memio_setup(
-            &test_ctx, &ctx_c, &ctx_s, &ssl_c, &ssl_s,
-            wolfTLSv1_3_client_method, wolfTLSv1_3_server_method,
-            clntRpkCertFile, WOLFSSL_FILETYPE_ASN1,
-            svrRpkCertFile,  WOLFSSL_FILETYPE_ASN1,
-            cliKeyFile,      WOLFSSL_FILETYPE_PEM,
-            svrKeyFile,      WOLFSSL_FILETYPE_PEM )
-        , 0);
-
-    /* set client certificate type in client end */
-    certType_c[0] = WOLFSSL_CERT_TYPE_RPK;
-    certType_c[1] = WOLFSSL_CERT_TYPE_X509;
-    typeCnt_c = 2;
-
-    certType_s[0] = WOLFSSL_CERT_TYPE_RPK;
-    certType_s[1] = WOLFSSL_CERT_TYPE_X509;
-    typeCnt_s = 2;
-
-    ExpectIntEQ(wolfSSL_set_client_cert_type(ssl_c, certType_c, typeCnt_c),
-                                                        WOLFSSL_SUCCESS);
-
-    /* set server certificate type in client end */
-    ExpectIntEQ(wolfSSL_set_server_cert_type(ssl_c, certType_s, typeCnt_s),
-                                                        WOLFSSL_SUCCESS);
-
-    /* set client certificate type in server end */
-    ExpectIntEQ(wolfSSL_set_client_cert_type(ssl_s, certType_c, typeCnt_c),
-                                                        WOLFSSL_SUCCESS);
-
-    /* set server certificate type in server end */
-    ExpectIntEQ(wolfSSL_set_server_cert_type(ssl_s, certType_s, typeCnt_s),
-                                                        WOLFSSL_SUCCESS);
-
-    /* set certificate verify callback to both client and server */
-    isServer = 0;
-    wolfSSL_SetCertCbCtx(ssl_c, &isServer);
-    wolfSSL_set_verify(ssl_c, SSL_VERIFY_PEER, MyRpkVerifyCb);
-
-    isServer = 1;
-    wolfSSL_SetCertCbCtx(ssl_c, &isServer);
-    wolfSSL_set_verify(ssl_s, SSL_VERIFY_PEER, MyRpkVerifyCb);
-
-    ret = test_memio_do_handshake(ssl_c, ssl_s, 10, NULL);
-    if (ret != 0)
-        return TEST_FAIL;
-
-    ExpectIntEQ(wolfSSL_get_negotiated_client_cert_type(ssl_c, &tp),
-                                                        WOLFSSL_SUCCESS);
-    ExpectIntEQ(tp, WOLFSSL_CERT_TYPE_RPK);
-
-    ExpectIntEQ(wolfSSL_get_negotiated_server_cert_type(ssl_c, &tp),
-                                                        WOLFSSL_SUCCESS);
-    ExpectIntEQ(tp, WOLFSSL_CERT_TYPE_RPK);
-
-    ExpectIntEQ(wolfSSL_get_negotiated_client_cert_type(ssl_s, &tp),
-                                                        WOLFSSL_SUCCESS);
-    ExpectIntEQ(tp, WOLFSSL_CERT_TYPE_RPK);
-
-    ExpectIntEQ(wolfSSL_get_negotiated_server_cert_type(ssl_s, &tp),
-                                                        WOLFSSL_SUCCESS);
-    ExpectIntEQ(tp, WOLFSSL_CERT_TYPE_RPK);
-
-    wolfSSL_free(ssl_c);
-    wolfSSL_CTX_free(ctx_c);
-    wolfSSL_free(ssl_s);
-    wolfSSL_CTX_free(ctx_s);
-    ssl_c = ssl_s = NULL;
-    ctx_c = ctx_s = NULL;
-#endif /* WOLFSSL_ALWAYS_VERIFY_CB */
-#endif /* WOLFSSL_TLS13 */
-
-#endif /* HAVE_RPK && (!WOLFSSL_NO_TLS12 || WOLFSSL_TLS13) */
-    return EXPECT_RESULT();
-}
-
 #if defined(HAVE_MANUAL_MEMIO_TESTS_DEPENDENCIES) && defined(WOLFSSL_DTLS13)
 
 
@@ -65809,13 +48598,13 @@ static int test_certreq_sighash_algos(void)
         wolfTLSv1_2_client_method, wolfTLSv1_2_server_method), 0);
 
     ExpectIntEQ(wolfSSL_CTX_load_verify_locations(ctx_c,
-            "./certs/ca-ecc-cert.pem", NULL), WOLFSSL_SUCCESS);
+            caEccCertFile, NULL), WOLFSSL_SUCCESS);
 
     wolfSSL_set_verify(ssl_s, WOLFSSL_VERIFY_PEER, NULL);
-    ExpectIntEQ(wolfSSL_use_PrivateKey_file(ssl_s, "./certs/ecc-key.pem",
-            WOLFSSL_FILETYPE_PEM), WOLFSSL_SUCCESS);
-    ExpectIntEQ(wolfSSL_use_certificate_file(ssl_s, "./certs/server-ecc.pem",
-            WOLFSSL_FILETYPE_PEM), WOLFSSL_SUCCESS);
+    ExpectIntEQ(wolfSSL_use_PrivateKey_file(ssl_s, eccKeyFile,
+            CERT_FILETYPE), WOLFSSL_SUCCESS);
+    ExpectIntEQ(wolfSSL_use_certificate_file(ssl_s, eccCertFile,
+            CERT_FILETYPE), WOLFSSL_SUCCESS);
 
     ExpectIntEQ(wolfSSL_connect(ssl_c), WC_NO_ERR_TRACE(WOLFSSL_FATAL_ERROR));
     ExpectIntEQ(wolfSSL_get_error(ssl_c, WC_NO_ERR_TRACE(WOLFSSL_FATAL_ERROR)),
@@ -66558,226 +49347,6 @@ static int test_dtls13_missing_finished_server(void)
     return EXPECT_RESULT();
 }
 
-#if defined(HAVE_IO_TESTS_DEPENDENCIES) && defined(WOLFSSL_TLS13) && \
-    defined(HAVE_LIBOQS)
-static void test_tls13_pq_groups_ctx_ready(WOLFSSL_CTX* ctx)
-{
-#ifdef WOLFSSL_MLKEM_KYBER
-    int group = WOLFSSL_KYBER_LEVEL5;
-#else
-    int group = WOLFSSL_ML_KEM_1024;
-#endif
-    AssertIntEQ(wolfSSL_CTX_set_groups(ctx, &group, 1), WOLFSSL_SUCCESS);
-}
-
-static void test_tls13_pq_groups_on_result(WOLFSSL* ssl)
-{
-#ifdef WOLFSSL_MLKEM_KYBER
-    AssertStrEQ(wolfSSL_get_curve_name(ssl), "KYBER_LEVEL5");
-#else
-    AssertStrEQ(wolfSSL_get_curve_name(ssl), "ML_KEM_1024");
-#endif
-}
-#endif
-
-static int test_tls13_pq_groups(void)
-{
-    EXPECT_DECLS;
-#if defined(HAVE_IO_TESTS_DEPENDENCIES) && defined(WOLFSSL_TLS13) && \
-    defined(HAVE_LIBOQS)
-    callback_functions func_cb_client;
-    callback_functions func_cb_server;
-
-    XMEMSET(&func_cb_client, 0, sizeof(callback_functions));
-    XMEMSET(&func_cb_server, 0, sizeof(callback_functions));
-
-    func_cb_client.method = wolfTLSv1_3_client_method;
-    func_cb_server.method = wolfTLSv1_3_server_method;
-    func_cb_client.ctx_ready = test_tls13_pq_groups_ctx_ready;
-    func_cb_client.on_result = test_tls13_pq_groups_on_result;
-    func_cb_server.on_result = test_tls13_pq_groups_on_result;
-
-    test_wolfSSL_client_server_nofail(&func_cb_client, &func_cb_server);
-
-    ExpectIntEQ(func_cb_client.return_code, TEST_SUCCESS);
-    ExpectIntEQ(func_cb_server.return_code, TEST_SUCCESS);
-#endif
-    return EXPECT_RESULT();
-}
-
-static int test_tls13_early_data(void)
-{
-    EXPECT_DECLS;
-#if defined(HAVE_MANUAL_MEMIO_TESTS_DEPENDENCIES) && \
-    defined(WOLFSSL_EARLY_DATA) && defined(HAVE_SESSION_TICKET)
-    int written = 0;
-    int read = 0;
-    size_t i;
-    int splitEarlyData;
-    char msg[] = "This is early data";
-    char msg2[] = "This is client data";
-    char msg3[] = "This is server data";
-    char msg4[] = "This is server immediate data";
-    char msgBuf[50];
-    struct {
-        method_provider client_meth;
-        method_provider server_meth;
-        const char* tls_version;
-        int isUdp;
-    } params[] = {
-#ifdef WOLFSSL_TLS13
-        { wolfTLSv1_3_client_method, wolfTLSv1_3_server_method,
-                "TLS 1.3", 0 },
-#endif
-#ifdef WOLFSSL_DTLS13
-        { wolfDTLSv1_3_client_method, wolfDTLSv1_3_server_method,
-                "DTLS 1.3", 1 },
-#endif
-    };
-
-    for (i = 0; i < sizeof(params)/sizeof(*params) && !EXPECT_FAIL(); i++) {
-        for (splitEarlyData = 0; splitEarlyData < 2; splitEarlyData++) {
-            struct test_memio_ctx test_ctx;
-            WOLFSSL_CTX *ctx_c = NULL, *ctx_s = NULL;
-            WOLFSSL *ssl_c = NULL, *ssl_s = NULL;
-            WOLFSSL_SESSION *sess = NULL;
-
-            XMEMSET(&test_ctx, 0, sizeof(test_ctx));
-
-            fprintf(stderr, "\tEarly data with %s\n", params[i].tls_version);
-
-            ExpectIntEQ(test_memio_setup(&test_ctx, &ctx_c, &ctx_s, &ssl_c,
-                    &ssl_s, params[i].client_meth, params[i].server_meth), 0);
-
-            /* Get a ticket so that we can do 0-RTT on the next connection */
-            ExpectIntEQ(test_memio_do_handshake(ssl_c, ssl_s, 10, NULL), 0);
-            /* Make sure we read the ticket */
-            ExpectIntEQ(wolfSSL_read(ssl_c, msgBuf, sizeof(msgBuf)), -1);
-            ExpectIntEQ(wolfSSL_get_error(ssl_c, -1), WOLFSSL_ERROR_WANT_READ);
-            ExpectNotNull(sess = wolfSSL_get1_session(ssl_c));
-
-            wolfSSL_free(ssl_c);
-            ssl_c = NULL;
-            wolfSSL_free(ssl_s);
-            ssl_s = NULL;
-            XMEMSET(&test_ctx, 0, sizeof(test_ctx));
-            ExpectIntEQ(test_memio_setup(&test_ctx, &ctx_c, &ctx_s, &ssl_c, &ssl_s,
-                    params[i].client_meth, params[i].server_meth), 0);
-            wolfSSL_SetLoggingPrefix("client");
-            ExpectIntEQ(wolfSSL_set_session(ssl_c, sess), WOLFSSL_SUCCESS);
-#ifdef WOLFSSL_DTLS13
-            if (params[i].isUdp) {
-                wolfSSL_SetLoggingPrefix("server");
-#ifdef WOLFSSL_DTLS13_NO_HRR_ON_RESUME
-                ExpectIntEQ(wolfSSL_dtls13_no_hrr_on_resume(ssl_s, 1), WOLFSSL_SUCCESS);
-#else
-                /* Let's test this but we generally don't recommend turning off the
-                 * cookie exchange */
-                ExpectIntEQ(wolfSSL_disable_hrr_cookie(ssl_s), WOLFSSL_SUCCESS);
-#endif
-            }
-#endif
-
-            /* Test 0-RTT data */
-            wolfSSL_SetLoggingPrefix("client");
-            ExpectIntEQ(wolfSSL_write_early_data(ssl_c, msg, sizeof(msg),
-                    &written), sizeof(msg));
-            ExpectIntEQ(written, sizeof(msg));
-
-            if (splitEarlyData) {
-                ExpectIntEQ(wolfSSL_write_early_data(ssl_c, msg, sizeof(msg),
-                        &written), sizeof(msg));
-                ExpectIntEQ(written, sizeof(msg));
-            }
-
-            /* Read first 0-RTT data (if split otherwise entire data) */
-            wolfSSL_SetLoggingPrefix("server");
-            ExpectIntEQ(wolfSSL_read_early_data(ssl_s, msgBuf, sizeof(msgBuf),
-                    &read), sizeof(msg));
-            ExpectIntEQ(read, sizeof(msg));
-            ExpectStrEQ(msg, msgBuf);
-
-            /* Test 0.5-RTT data */
-            ExpectIntEQ(wolfSSL_write(ssl_s, msg4, sizeof(msg4)), sizeof(msg4));
-
-            if (splitEarlyData) {
-                /* Read second 0-RTT data */
-                ExpectIntEQ(wolfSSL_read_early_data(ssl_s, msgBuf, sizeof(msgBuf),
-                        &read), sizeof(msg));
-                ExpectIntEQ(read, sizeof(msg));
-                ExpectStrEQ(msg, msgBuf);
-            }
-
-            if (params[i].isUdp) {
-                wolfSSL_SetLoggingPrefix("client");
-                ExpectIntEQ(wolfSSL_connect(ssl_c), -1);
-                ExpectIntEQ(wolfSSL_get_error(ssl_c, -1), WC_NO_ERR_TRACE(APP_DATA_READY));
-
-                /* Read server 0.5-RTT data */
-                ExpectIntEQ(wolfSSL_read(ssl_c, msgBuf, sizeof(msgBuf)), sizeof(msg4));
-                ExpectStrEQ(msg4, msgBuf);
-
-                /* Complete handshake */
-                ExpectIntEQ(wolfSSL_connect(ssl_c), -1);
-                ExpectIntEQ(wolfSSL_get_error(ssl_c, -1), WOLFSSL_ERROR_WANT_READ);
-                /* Use wolfSSL_is_init_finished to check if handshake is complete. Normally
-                 * a user would loop until it is true but here we control both sides so we
-                 * just assert the expected value. wolfSSL_read_early_data does not provide
-                 * handshake status to us with non-blocking IO and we can't use
-                 * wolfSSL_accept as TLS layer may return ZERO_RETURN due to early data
-                 * parsing logic. */
-                wolfSSL_SetLoggingPrefix("server");
-                ExpectFalse(wolfSSL_is_init_finished(ssl_s));
-                ExpectIntEQ(wolfSSL_read_early_data(ssl_s, msgBuf, sizeof(msgBuf),
-                        &read), 0);
-                ExpectIntEQ(read, 0);
-                ExpectTrue(wolfSSL_is_init_finished(ssl_s));
-
-                wolfSSL_SetLoggingPrefix("client");
-                ExpectIntEQ(wolfSSL_connect(ssl_c), WOLFSSL_SUCCESS);
-            }
-            else {
-                wolfSSL_SetLoggingPrefix("client");
-                ExpectIntEQ(wolfSSL_connect(ssl_c), WOLFSSL_SUCCESS);
-
-                wolfSSL_SetLoggingPrefix("server");
-                ExpectFalse(wolfSSL_is_init_finished(ssl_s));
-                ExpectIntEQ(wolfSSL_read_early_data(ssl_s, msgBuf, sizeof(msgBuf),
-                        &read), 0);
-                ExpectIntEQ(read, 0);
-                ExpectTrue(wolfSSL_is_init_finished(ssl_s));
-
-                /* Read server 0.5-RTT data */
-                wolfSSL_SetLoggingPrefix("client");
-                ExpectIntEQ(wolfSSL_read(ssl_c, msgBuf, sizeof(msgBuf)), sizeof(msg4));
-                ExpectStrEQ(msg4, msgBuf);
-            }
-
-            /* Test bi-directional write */
-            wolfSSL_SetLoggingPrefix("client");
-            ExpectIntEQ(wolfSSL_write(ssl_c, msg2, sizeof(msg2)), sizeof(msg2));
-            wolfSSL_SetLoggingPrefix("server");
-            ExpectIntEQ(wolfSSL_read(ssl_s, msgBuf, sizeof(msgBuf)), sizeof(msg2));
-            ExpectStrEQ(msg2, msgBuf);
-            ExpectIntEQ(wolfSSL_write(ssl_s, msg3, sizeof(msg3)), sizeof(msg3));
-            wolfSSL_SetLoggingPrefix("client");
-            ExpectIntEQ(wolfSSL_read(ssl_c, msgBuf, sizeof(msgBuf)), sizeof(msg3));
-            ExpectStrEQ(msg3, msgBuf);
-
-            wolfSSL_SetLoggingPrefix(NULL);
-            ExpectTrue(wolfSSL_session_reused(ssl_c));
-            ExpectTrue(wolfSSL_session_reused(ssl_s));
-
-            wolfSSL_SESSION_free(sess);
-            wolfSSL_free(ssl_c);
-            wolfSSL_free(ssl_s);
-            wolfSSL_CTX_free(ctx_c);
-            wolfSSL_CTX_free(ctx_s);
-        }
-    }
-#endif
-    return EXPECT_RESULT();
-}
 
 #ifdef HAVE_CERTIFICATE_STATUS_REQUEST
 static int test_self_signed_stapling_client_v1_ctx_ready(WOLFSSL_CTX* ctx)
@@ -67492,9 +50061,13 @@ static int test_tls_cert_store_unchanged(void)
                 Fail(("Should not enter here"), ("Entered here"));
         }
 
-
+#ifdef WOLFSSL_PEM_TO_DER
         client_cbf.certPemFile = "certs/intermediate/client-chain.pem";
         server_cbf.certPemFile = "certs/intermediate/server-chain.pem";
+#else
+        client_cbf.certPemFile = "certs/intermediate/client-chain.der";
+        server_cbf.certPemFile = "certs/intermediate/server-chain.der";
+#endif
 
         server_cbf.caPemFile = caCertFile;
 
@@ -67904,6 +50477,7 @@ TEST_CASE testCases[] = {
     /* wolfCrypt ASN tests */
     TEST_DECL(test_ToTraditional),
     TEST_DECL(test_wc_CreateEncryptedPKCS8Key),
+    TEST_DECL(test_wc_DecryptedPKCS8Key),
     TEST_DECL(test_wc_GetPkcs8TraditionalOffset),
 
     /* Certificate */
@@ -67925,29 +50499,14 @@ TEST_CASE testCases[] = {
     TEST_DECL(test_wc_SetSubjectKeyIdFromPublicKey_ex),
 
     /* wolfcrypt PKCS#7 */
-    TEST_DECL(test_wc_PKCS7_New),
-    TEST_DECL(test_wc_PKCS7_Init),
-    TEST_DECL(test_wc_PKCS7_InitWithCert),
-    TEST_DECL(test_wc_PKCS7_EncodeData),
-    TEST_DECL(test_wc_PKCS7_EncodeSignedData),
-    TEST_DECL(test_wc_PKCS7_EncodeSignedData_ex),
-    TEST_DECL(test_wc_PKCS7_VerifySignedData_RSA),
-    TEST_DECL(test_wc_PKCS7_VerifySignedData_ECC),
-    TEST_DECL(test_wc_PKCS7_DecodeEnvelopedData_stream),
-    TEST_DECL(test_wc_PKCS7_EncodeDecodeEnvelopedData),
-    TEST_DECL(test_wc_PKCS7_EncodeEncryptedData),
-    TEST_DECL(test_wc_PKCS7_DecodeEncryptedKeyPackage),
-    TEST_DECL(test_wc_PKCS7_Degenerate),
-    TEST_DECL(test_wc_PKCS7_BER),
-    TEST_DECL(test_wc_PKCS7_signed_enveloped),
-    TEST_DECL(test_wc_PKCS7_NoDefaultSignedAttribs),
-    TEST_DECL(test_wc_PKCS7_SetOriEncryptCtx),
-    TEST_DECL(test_wc_PKCS7_SetOriDecryptCtx),
-    TEST_DECL(test_wc_PKCS7_DecodeCompressedData),
+    TEST_PKCS7_DECLS,
+    TEST_PKCS7_SIGNED_DATA_DECLS,
+    TEST_PKCS7_ENCRYPTED_DATA_DECLS,
+    TEST_PKCS7_SIGNED_ENCRYPTED_DATA_DECLS,
+    TEST_PKCS7_COMPRESSED_DATA_DECLS,
 
     /* wolfCrypt PKCS#12 */
-    TEST_DECL(test_wc_i2d_PKCS12),
-    TEST_DECL(test_wc_PKCS12_create),
+    TEST_PKCS12_DECLS,
 
     /*
      * test_wolfCrypt_Cleanup needs to come after the above wolfCrypt tests to
@@ -67972,41 +50531,12 @@ TEST_CASE testCases[] = {
     TEST_DECL(test_stubs_are_stubs),
 
     /* ASN.1 compatibility API tests */
-    TEST_DECL(test_wolfSSL_ASN1_BIT_STRING),
-    TEST_DECL(test_wolfSSL_ASN1_INTEGER),
-    TEST_DECL(test_wolfSSL_ASN1_INTEGER_cmp),
-    TEST_DECL(test_wolfSSL_ASN1_INTEGER_BN),
-    TEST_DECL(test_wolfSSL_ASN1_INTEGER_get_set),
-    TEST_DECL(test_wolfSSL_d2i_ASN1_INTEGER),
-    TEST_DECL(test_wolfSSL_a2i_ASN1_INTEGER),
-    TEST_DECL(test_wolfSSL_i2c_ASN1_INTEGER),
-    TEST_DECL(test_wolfSSL_ASN1_OBJECT),
-    TEST_DECL(test_wolfSSL_ASN1_get_object),
-    TEST_DECL(test_wolfSSL_i2a_ASN1_OBJECT),
-    TEST_DECL(test_wolfSSL_i2t_ASN1_OBJECT),
-    TEST_DECL(test_wolfSSL_sk_ASN1_OBJECT),
-    TEST_DECL(test_wolfSSL_ASN1_STRING),
-    TEST_DECL(test_wolfSSL_ASN1_STRING_to_UTF8),
-    TEST_DECL(test_wolfSSL_i2s_ASN1_STRING),
-    TEST_DECL(test_wolfSSL_ASN1_STRING_canon),
-    TEST_DECL(test_wolfSSL_ASN1_STRING_print),
-    TEST_DECL(test_wolfSSL_ASN1_STRING_print_ex),
-    TEST_DECL(test_wolfSSL_ASN1_UNIVERSALSTRING_to_string),
-    TEST_DECL(test_wolfSSL_ASN1_GENERALIZEDTIME_free),
-    TEST_DECL(test_wolfSSL_ASN1_GENERALIZEDTIME_print),
-    TEST_DECL(test_wolfSSL_ASN1_TIME),
-    TEST_DECL(test_wolfSSL_ASN1_TIME_to_string),
-    TEST_DECL(test_wolfSSL_ASN1_TIME_diff_compare),
-    TEST_DECL(test_wolfSSL_ASN1_TIME_adj),
-    TEST_DECL(test_wolfSSL_ASN1_TIME_to_tm),
-    TEST_DECL(test_wolfSSL_ASN1_TIME_to_generalizedtime),
-    TEST_DECL(test_wolfSSL_ASN1_TIME_print),
-    TEST_DECL(test_wolfSSL_ASN1_UTCTIME_print),
-    TEST_DECL(test_wolfSSL_ASN1_TYPE),
-    TEST_DECL(test_wolfSSL_IMPLEMENT_ASN1_FUNCTIONS),
-    TEST_DECL(test_wolfSSL_i2d_ASN1_TYPE),
-    TEST_DECL(test_wolfSSL_i2d_ASN1_SEQUENCE),
-    TEST_DECL(test_ASN1_strings),
+    TEST_OSSL_ASN1_BIT_STRING_DECLS,
+    TEST_OSSL_ASN1_INTEGER_DECLS,
+    TEST_OSSL_ASN1_OBJECT_DECLS,
+    TEST_OSSL_ASN1_STRING_DECLS,
+    TEST_OSSL_ASN1_TIME_DECLS,
+    TEST_OSSL_ASN1_TYPE_DECLS,
 
     TEST_DECL(test_wolfSSL_lhash),
 
@@ -68340,18 +50870,7 @@ TEST_CASE testCases[] = {
     TEST_DECL(test_wolfSSL_RAND_poll),
 
     /* BN compatibility API */
-    TEST_DECL(test_wolfSSL_BN_CTX),
-    TEST_DECL(test_wolfSSL_BN),
-    TEST_DECL(test_wolfSSL_BN_init),
-    TEST_DECL(test_wolfSSL_BN_enc_dec),
-    TEST_DECL(test_wolfSSL_BN_word),
-    TEST_DECL(test_wolfSSL_BN_bits),
-    TEST_DECL(test_wolfSSL_BN_shift),
-    TEST_DECL(test_wolfSSL_BN_math),
-    TEST_DECL(test_wolfSSL_BN_math_mod),
-    TEST_DECL(test_wolfSSL_BN_math_other),
-    TEST_DECL(test_wolfSSL_BN_rand),
-    TEST_DECL(test_wolfSSL_BN_prime),
+    TEST_OSSL_ASN1_BN_DECLS,
 
     /* OpenSSL PKCS5 API test */
     TEST_DECL(test_wolfSSL_PKCS5),
@@ -68396,17 +50915,7 @@ TEST_CASE testCases[] = {
 #endif
 
 #ifndef NO_BIO
-    TEST_DECL(test_wolfSSL_BIO_gets),
-    TEST_DECL(test_wolfSSL_BIO_puts),
-    TEST_DECL(test_wolfSSL_BIO_dump),
-    /* Can't memory test as server hangs. */
-    TEST_DECL(test_wolfSSL_BIO_should_retry),
-    TEST_DECL(test_wolfSSL_BIO_write),
-    TEST_DECL(test_wolfSSL_BIO_printf),
-    TEST_DECL(test_wolfSSL_BIO_f_md),
-    TEST_DECL(test_wolfSSL_BIO_up_ref),
-    TEST_DECL(test_wolfSSL_BIO_reset),
-    TEST_DECL(test_wolfSSL_BIO_get_len),
+    TEST_OSSL_BIO_DECLS,
 #endif
 
     TEST_DECL(test_wolfSSL_check_domain),
@@ -68476,101 +50985,18 @@ TEST_CASE testCases[] = {
      * Crypto API tests
      *********************************/
 
-    TEST_DECL(test_wolfSSL_MD4),
-    TEST_DECL(test_wolfSSL_MD5),
-    TEST_DECL(test_wolfSSL_MD5_Transform),
-    TEST_DECL(test_wolfSSL_SHA),
-    TEST_DECL(test_wolfSSL_SHA_Transform),
-    TEST_DECL(test_wolfSSL_SHA224),
-    TEST_DECL(test_wolfSSL_SHA256),
-    TEST_DECL(test_wolfSSL_SHA256_Transform),
-    TEST_DECL(test_wolfSSL_SHA512_Transform),
-    TEST_DECL(test_wolfSSL_SHA512_224_Transform),
-    TEST_DECL(test_wolfSSL_SHA512_256_Transform),
-    TEST_DECL(test_wolfSSL_HMAC_CTX),
-    TEST_DECL(test_wolfSSL_HMAC),
-    TEST_DECL(test_wolfSSL_CMAC),
-
-    TEST_DECL(test_wolfSSL_DES),
-    TEST_DECL(test_wolfSSL_DES_ncbc),
-    TEST_DECL(test_wolfSSL_DES_ecb_encrypt),
-    TEST_DECL(test_wolfSSL_DES_ede3_cbc_encrypt),
-    TEST_DECL(test_wolfSSL_AES_encrypt),
-    TEST_DECL(test_wolfSSL_AES_ecb_encrypt),
-    TEST_DECL(test_wolfSSL_AES_cbc_encrypt),
-    TEST_DECL(test_wolfSSL_AES_cfb128_encrypt),
-    TEST_DECL(test_wolfSSL_CRYPTO_cts128),
-    TEST_DECL(test_wolfSSL_RC4),
-
-    TEST_DECL(test_wolfSSL_RSA),
-    TEST_DECL(test_wolfSSL_RSA_DER),
-    TEST_DECL(test_wolfSSL_RSA_print),
-    TEST_DECL(test_wolfSSL_RSA_padding_add_PKCS1_PSS),
-    TEST_DECL(test_wolfSSL_RSA_sign_sha3),
-    TEST_DECL(test_wolfSSL_RSA_get0_key),
-    TEST_DECL(test_wolfSSL_RSA_meth),
-    TEST_DECL(test_wolfSSL_RSA_verify),
-    TEST_DECL(test_wolfSSL_RSA_sign),
-    TEST_DECL(test_wolfSSL_RSA_sign_ex),
-    TEST_DECL(test_wolfSSL_RSA_public_decrypt),
-    TEST_DECL(test_wolfSSL_RSA_private_encrypt),
-    TEST_DECL(test_wolfSSL_RSA_public_encrypt),
-    TEST_DECL(test_wolfSSL_RSA_private_decrypt),
-    TEST_DECL(test_wolfSSL_RSA_GenAdd),
-    TEST_DECL(test_wolfSSL_RSA_blinding_on),
-    TEST_DECL(test_wolfSSL_RSA_ex_data),
-    TEST_DECL(test_wolfSSL_RSA_LoadDer),
-    TEST_DECL(test_wolfSSL_RSA_To_Der),
-    TEST_DECL(test_wolfSSL_PEM_read_RSAPublicKey),
-    TEST_DECL(test_wolfSSL_PEM_write_RSA_PUBKEY),
-    TEST_DECL(test_wolfSSL_PEM_write_RSAPrivateKey),
-    TEST_DECL(test_wolfSSL_PEM_write_mem_RSAPrivateKey),
-
-    TEST_DECL(test_wolfSSL_DH),
-    TEST_DECL(test_wolfSSL_DH_dup),
-    TEST_DECL(test_wolfSSL_DH_check),
-    TEST_DECL(test_wolfSSL_DH_prime),
-    TEST_DECL(test_wolfSSL_DH_1536_prime),
-    TEST_DECL(test_wolfSSL_DH_get_2048_256),
-    TEST_DECL(test_wolfSSL_PEM_write_DHparams),
-    TEST_DECL(test_wolfSSL_PEM_read_DHparams),
-    TEST_DECL(test_wolfSSL_d2i_DHparams),
-    TEST_DECL(test_wolfSSL_DH_LoadDer),
-    TEST_DECL(test_wolfSSL_i2d_DHparams),
-
+    TEST_OSSL_DIGEST_DECLS,
+    TEST_OSSL_MAC_DECLS,
+    TEST_OSSL_CIPHER_DECLS,
+    TEST_OSSL_RSA_DECLS,
+    TEST_OSSL_DH_DECLS,
 #if defined(HAVE_ECC) && !defined(OPENSSL_NO_PK)
-    TEST_DECL(test_wolfSSL_EC_GROUP),
-    TEST_DECL(test_wolfSSL_i2d_ECPKParameters),
-    TEST_DECL(test_wolfSSL_PEM_read_bio_ECPKParameters),
-    TEST_DECL(test_wolfSSL_EC_POINT),
-    TEST_DECL(test_wolfSSL_SPAKE),
-    TEST_DECL(test_wolfSSL_EC_KEY_generate),
-    TEST_DECL(test_EC_i2d),
-    TEST_DECL(test_wolfSSL_EC_curve),
-    TEST_DECL(test_wolfSSL_EC_KEY_dup),
-    TEST_DECL(test_wolfSSL_EC_KEY_set_group),
-    TEST_DECL(test_wolfSSL_EC_KEY_set_conv_form),
-    TEST_DECL(test_wolfSSL_EC_KEY_private_key),
-    TEST_DECL(test_wolfSSL_EC_KEY_public_key),
-    TEST_DECL(test_wolfSSL_EC_KEY_print_fp),
-    TEST_DECL(test_wolfSSL_EC_get_builtin_curves),
-    TEST_DECL(test_wolfSSL_ECDSA_SIG),
-    TEST_DECL(test_ECDSA_size_sign),
-    TEST_DECL(test_ECDH_compute_key),
+    TEST_OSSL_EC_DECLS,
 #endif
-
 #ifdef OPENSSL_EXTRA
-    TEST_DECL(test_EC25519),
-    TEST_DECL(test_ED25519),
-    TEST_DECL(test_EC448),
-    TEST_DECL(test_ED448),
-#endif
-
-    TEST_DECL(test_DSA_do_sign_verify),
-#ifdef OPENSSL_ALL
-    TEST_DECL(test_wolfSSL_DSA_generate_parameters),
-    TEST_DECL(test_wolfSSL_DSA_SIG),
+    TEST_OSSL_ECX_DECLS,
 #endif
+    TEST_OSSL_DSA_DECLS,
 
     TEST_DECL(test_openssl_generate_key_and_cert),
 
@@ -68584,6 +51010,7 @@ TEST_CASE testCases[] = {
     TEST_DECL(test_wolfSSL_CertManagerAPI),
     TEST_DECL(test_wolfSSL_CertManagerLoadCABuffer),
     TEST_DECL(test_wolfSSL_CertManagerLoadCABuffer_ex),
+    TEST_DECL(test_wolfSSL_CertManagerLoadCABufferType),
     TEST_DECL(test_wolfSSL_CertManagerGetCerts),
     TEST_DECL(test_wolfSSL_CertManagerSetVerify),
     TEST_DECL(test_wolfSSL_CertManagerNameConstraint),
@@ -68595,7 +51022,8 @@ TEST_CASE testCases[] = {
     TEST_DECL(test_wolfSSL_CRL_duplicate_extensions),
     TEST_DECL(test_wolfSSL_CertManagerCheckOCSPResponse),
     TEST_DECL(test_wolfSSL_CheckOCSPResponse),
-#if defined(HAVE_CERT_CHAIN_VALIDATION) && !defined(WOLFSSL_TEST_APPLE_NATIVE_CERT_VALIDATION)
+#if defined(HAVE_CERT_CHAIN_VALIDATION) && !defined(WOLFSSL_TEST_APPLE_NATIVE_CERT_VALIDATION) && \
+    defined(WOLFSSL_PEM_TO_DER)
     TEST_DECL(test_various_pathlen_chains),
 #endif
 TEST_DECL(test_wc_RsaPSS_DigitalSignVerify),
@@ -68617,11 +51045,7 @@ TEST_DECL(test_wc_RsaPSS_DigitalSignVerify),
 #endif
     TEST_DECL(test_wolfSSL_set_options),
 
-#ifdef WOLFSSL_TLS13
-    /* TLS v1.3 API tests */
-    TEST_DECL(test_tls13_apis),
-    TEST_DECL(test_tls13_cipher_suites),
-#endif
+    TEST_TLS13_DECLS,
 
     TEST_DECL(test_wolfSSL_tmp_dh),
     TEST_DECL(test_wolfSSL_ctrl),
@@ -68792,9 +51216,12 @@ TEST_DECL(test_wc_RsaPSS_DigitalSignVerify),
 #endif
     TEST_DECL(test_tls_ems_downgrade),
     TEST_DECL(test_wolfSSL_DisableExtendedMasterSecret),
+    TEST_DECL(test_certificate_authorities_certificate_request),
+    TEST_DECL(test_certificate_authorities_client_hello),
     TEST_DECL(test_wolfSSL_wolfSSL_UseSecureRenegotiation),
     TEST_DECL(test_wolfSSL_SCR_Reconnect),
     TEST_DECL(test_tls_ext_duplicate),
+    TEST_DECL(test_tls_bad_legacy_version),
 #if defined(WOLFSSL_TLS13) && defined(HAVE_ECH) && \
     defined(HAVE_IO_TESTS_DEPENDENCIES)
     TEST_DECL(test_wolfSSL_Tls13_ECH_params),
@@ -68833,13 +51260,7 @@ TEST_DECL(test_wc_RsaPSS_DigitalSignVerify),
     TEST_DECL(test_generate_cookie),
 
 #ifndef NO_BIO
-    /* Can't memory test as server hangs. */
-    TEST_DECL(test_wolfSSL_BIO_connect),
-    /* Can't memory test as server Asserts in thread. */
-    TEST_DECL(test_wolfSSL_BIO_accept),
-    TEST_DECL(test_wolfSSL_BIO_tls),
-    TEST_DECL(test_wolfSSL_BIO_s_null),
-    TEST_DECL(test_wolfSSL_BIO_datagram),
+    TEST_OSSL_BIO_TLS_DECLS,
 #endif
 
 #if defined(HAVE_PK_CALLBACKS) && !defined(WOLFSSL_NO_TLS12)
@@ -68892,12 +51313,10 @@ TEST_DECL(test_wc_RsaPSS_DigitalSignVerify),
     TEST_DECL(test_extra_alerts_skip_hs),
     TEST_DECL(test_extra_alerts_bad_psk),
     TEST_DECL(test_multiple_alerts_EAGAIN),
-    TEST_DECL(test_tls13_bad_psk_binder),
     /* Can't memory test as client/server Asserts. */
     TEST_DECL(test_harden_no_secure_renegotiation),
     TEST_DECL(test_override_alt_cert_chain),
     TEST_DECL(test_rpk_set_xxx_cert_type),
-    TEST_DECL(test_tls13_rpk_handshake),
     TEST_DECL(test_dtls13_bad_epoch_ch),
     TEST_DECL(test_short_session_id),
     TEST_DECL(test_wolfSSL_dtls13_null_cipher),
@@ -68936,8 +51355,6 @@ TEST_DECL(test_wc_RsaPSS_DigitalSignVerify),
     TEST_DECL(test_dtls13_missing_finished_client),
     TEST_DECL(test_dtls13_missing_finished_server),
     TEST_DECL(test_wolfSSL_dtls_set_pending_peer),
-    TEST_DECL(test_tls13_pq_groups),
-    TEST_DECL(test_tls13_early_data),
     TEST_DECL(test_tls_multi_handshakes_one_record),
     TEST_DECL(test_write_dup),
     TEST_DECL(test_read_write_hs),
@@ -68952,6 +51369,9 @@ TEST_DECL(test_wc_RsaPSS_DigitalSignVerify),
     TEST_DECL(test_dtls13_epochs),
     TEST_DECL(test_dtls_rtx_across_epoch_change),
     TEST_DECL(test_dtls_drop_client_ack),
+    TEST_DECL(test_dtls_bogus_finished_epoch_zero),
+    TEST_DECL(test_dtls_replay),
+    TEST_DECL(test_dtls_srtp),
     TEST_DECL(test_dtls13_ack_order),
     TEST_DECL(test_dtls_version_checking),
     TEST_DECL(test_ocsp_status_callback),
diff --git a/tests/api/include.am b/tests/api/include.am
index 7a5b5048c..21d7dd89e 100644
--- a/tests/api/include.am
+++ b/tests/api/include.am
@@ -58,6 +58,27 @@ tests_unit_test_SOURCES += tests/api/test_tls.c
 tests_unit_test_SOURCES += tests/api/test_x509.c
 # ASN
 tests_unit_test_SOURCES += tests/api/test_asn.c
+# PKCS#7
+tests_unit_test_SOURCES += tests/api/test_pkcs7.c
+# PKCS#12
+tests_unit_test_SOURCES += tests/api/test_pkcs12.c
+# OpenSSL ASN.1
+tests_unit_test_SOURCES += tests/api/test_ossl_asn1.c
+# OpenSSL BN
+tests_unit_test_SOURCES += tests/api/test_ossl_bn.c
+# OpenSSL BIO
+tests_unit_test_SOURCES += tests/api/test_ossl_bio.c
+# OpenSSL Crypto
+tests_unit_test_SOURCES += tests/api/test_ossl_dgst.c
+tests_unit_test_SOURCES += tests/api/test_ossl_mac.c
+tests_unit_test_SOURCES += tests/api/test_ossl_cipher.c
+tests_unit_test_SOURCES += tests/api/test_ossl_rsa.c
+tests_unit_test_SOURCES += tests/api/test_ossl_dh.c
+tests_unit_test_SOURCES += tests/api/test_ossl_ec.c
+tests_unit_test_SOURCES += tests/api/test_ossl_ecx.c
+tests_unit_test_SOURCES += tests/api/test_ossl_dsa.c
+# TLS 1.3 specific
+tests_unit_test_SOURCES += tests/api/test_tls13.c
 endif
 
 EXTRA_DIST += tests/api/api.h
@@ -111,4 +132,18 @@ EXTRA_DIST += tests/api/test_tls_ext.h
 EXTRA_DIST += tests/api/test_tls.h
 EXTRA_DIST += tests/api/test_x509.h
 EXTRA_DIST += tests/api/test_asn.h
+EXTRA_DIST += tests/api/test_pkcs7.h
+EXTRA_DIST += tests/api/test_pkcs12.h
+EXTRA_DIST += tests/api/test_ossl_asn1.h
+EXTRA_DIST += tests/api/test_ossl_bn.h
+EXTRA_DIST += tests/api/test_ossl_bio.h
+EXTRA_DIST += tests/api/test_ossl_dgst.h
+EXTRA_DIST += tests/api/test_ossl_mac.h
+EXTRA_DIST += tests/api/test_ossl_cipher.h
+EXTRA_DIST += tests/api/test_ossl_rsa.h
+EXTRA_DIST += tests/api/test_ossl_dh.h
+EXTRA_DIST += tests/api/test_ossl_ec.h
+EXTRA_DIST += tests/api/test_ossl_ecx.h
+EXTRA_DIST += tests/api/test_ossl_dsa.h
+EXTRA_DIST += tests/api/test_tls13.h
 
diff --git a/tests/api/test_asn.c b/tests/api/test_asn.c
index afd1fdfe2..794029da1 100644
--- a/tests/api/test_asn.c
+++ b/tests/api/test_asn.c
@@ -23,8 +23,395 @@
 
 #include <tests/api/test_asn.h>
 
+#if defined(WC_ENABLE_ASYM_KEY_EXPORT) && defined(HAVE_ED25519)
+static int test_SetAsymKeyDer_once(byte* privKey, word32 privKeySz, byte* pubKey,
+    word32 pubKeySz, byte* trueDer, word32 trueDerSz)
+{
+    EXPECT_DECLS;
+
+    byte* calcDer = NULL;
+    word32 calcDerSz = 0;
+
+    ExpectIntEQ(calcDerSz = SetAsymKeyDer(privKey, privKeySz, pubKey, pubKeySz,
+        NULL, 0, ED25519k), trueDerSz);
+    ExpectNotNull(calcDer = (byte*)XMALLOC(calcDerSz, NULL,
+        DYNAMIC_TYPE_TMP_BUFFER));
+    ExpectIntEQ(calcDerSz = SetAsymKeyDer(privKey, privKeySz, pubKey, pubKeySz,
+        calcDer, calcDerSz, ED25519k), trueDerSz);
+    ExpectIntEQ(XMEMCMP(calcDer, trueDer, trueDerSz), 0);
+    XFREE(calcDer, NULL, DYNAMIC_TYPE_TMP_BUFFER);
+
+    return EXPECT_RESULT();
+}
+#endif /* WC_ENABLE_ASYM_KEY_EXPORT && HAVE_ED25519 */
+
+int test_SetAsymKeyDer(void)
+{
+    EXPECT_DECLS;
+
+#if defined(WC_ENABLE_ASYM_KEY_EXPORT) && defined(HAVE_ED25519)
+    /* We can't access the keyEd25519Oid variable, so declare it instead */
+    byte algId[] = {43, 101, 112};
+    byte version[] = {0x0};
+    byte keyPat = 0xcc;
+
+    byte* privKey = NULL;
+    word32 privKeySz = 0;
+    byte* pubKey = NULL;
+    word32 pubKeySz = 0;
+    byte trueDer[310]; /* The largest size is 310 bytes on Condition 8 */
+    word32 trueDerSz = 0;
+
+    /*
+     * Condition 1:
+     *     PKEY data = 34            (1 to 127)
+     *     PKEY_CURVEPKEY data = 32  (1 to 127)
+     *     PUBKEY data = 0           (Empty)
+     *     SEQ data = 46             (1 to 127)
+     */
+    privKeySz = 32;
+    pubKeySz = 0;
+    trueDerSz = 48;
+
+    /* SEQ */
+    trueDer[0]  = ASN_SEQUENCE | ASN_CONSTRUCTED;
+    trueDer[1]  = trueDerSz - 2;
+    /* VER */
+    trueDer[2]  = ASN_INTEGER;
+    trueDer[3]  = sizeof(version);
+    trueDer[4]  = version[0];
+    /* PKEYALGO_SEQ */
+    trueDer[5]  = ASN_SEQUENCE | ASN_CONSTRUCTED;
+    trueDer[6]  = sizeof(algId) + 2;
+    trueDer[7]  = ASN_OBJECT_ID;
+    trueDer[8]  = sizeof(algId);
+    trueDer[9]  = algId[0];
+    trueDer[10] = algId[1];
+    trueDer[11] = algId[2];
+    /* PKEY */
+    trueDer[12] = ASN_OCTET_STRING;
+    trueDer[13] = privKeySz + 2;
+    trueDer[14] = ASN_OCTET_STRING;
+    trueDer[15] = privKeySz;
+    privKey     = &trueDer[16];
+    XMEMSET(privKey, keyPat, privKeySz); /* trueDer[16] to trueDer[47] */
+    /* PUBKEY */
+    pubKey = NULL; /* Empty */
+
+    EXPECT_TEST(test_SetAsymKeyDer_once(privKey, privKeySz, pubKey, pubKeySz,
+        trueDer, trueDerSz));
+
+    /*
+     * Condition 2:
+     *     PKEY data = 129          (128 to 255)
+     *     PKEY_CURVEKEY data = 127 (0 to 127)
+     *     PUBKEY data = 0          (Empty)
+     *     SEQ data = 142           (128 to 255)
+     */
+    privKeySz = 127;
+    pubKeySz = 0;
+    trueDerSz = 145;
+
+    /* SEQ */
+    trueDer[0]  = ASN_SEQUENCE | ASN_CONSTRUCTED;
+    trueDer[1]  = 0x81;
+    trueDer[2]  = trueDerSz - 3;
+    /* VER */
+    trueDer[3]  = ASN_INTEGER;
+    trueDer[4]  = sizeof(version);
+    trueDer[5]  = version[0];
+    /* PKEYALGO_SEQ */
+    trueDer[6]  = ASN_SEQUENCE | ASN_CONSTRUCTED;
+    trueDer[7]  = sizeof(algId) + 2;
+    trueDer[8]  = ASN_OBJECT_ID;
+    trueDer[9]  = sizeof(algId);
+    trueDer[10] = algId[0];
+    trueDer[11] = algId[1];
+    trueDer[12] = algId[2];
+    /* PKEY */
+    trueDer[13] = ASN_OCTET_STRING;
+    trueDer[14] = 0x81;
+    trueDer[15] = privKeySz + 2;
+    trueDer[16] = ASN_OCTET_STRING;
+    trueDer[17] = privKeySz;
+    privKey     = &trueDer[18];
+    XMEMSET(privKey, keyPat, privKeySz); /* trueDer[18] to trueDer[144] */
+    /* PUBKEY */
+    pubKey = NULL; /* Empty */
+
+    EXPECT_TEST(test_SetAsymKeyDer_once(privKey, privKeySz, pubKey, pubKeySz,
+        trueDer, trueDerSz));
+
+    /*
+     * Condition 3:
+     *     PKEY data = 131     (128 to 255)
+     *     PKEY_CURVEKEY = 128 (128 to 255)
+     *     PUBKEY data = 0     (Empty)
+     *     SEQ data =144       (128 to 255)
+     */
+    privKeySz = 128;
+    pubKeySz = 0;
+    trueDerSz = 147;
+
+    /* SEQ */
+    trueDer[0]  = ASN_SEQUENCE | ASN_CONSTRUCTED;
+    trueDer[1]  = 0x81;
+    trueDer[2]  = trueDerSz - 3;
+    /* VER */
+    trueDer[3]  = ASN_INTEGER;
+    trueDer[4]  = sizeof(version);
+    trueDer[5]  = version[0];
+    /* PKEYALGO_SEQ */
+    trueDer[6]  = ASN_SEQUENCE | ASN_CONSTRUCTED;
+    trueDer[7]  = sizeof(algId) + 2;
+    trueDer[8]  = ASN_OBJECT_ID;
+    trueDer[9]  = sizeof(algId);
+    trueDer[10] = algId[0];
+    trueDer[11] = algId[1];
+    trueDer[12] = algId[2];
+    /* PKEY */
+    trueDer[13] = ASN_OCTET_STRING;
+    trueDer[14] = 0x81;
+    trueDer[15] = privKeySz + 3;
+    trueDer[16] = ASN_OCTET_STRING;
+    trueDer[17] = 0x81;
+    trueDer[18] = privKeySz;
+    privKey     = &trueDer[19];
+    XMEMSET(privKey, keyPat, privKeySz); /* trueDer[19] to trueDer[146] */
+    /* PUBKEY */
+    pubKey = NULL; /* Empty */
+
+    EXPECT_TEST(test_SetAsymKeyDer_once(privKey, privKeySz, pubKey, pubKeySz,
+        trueDer, trueDerSz));
+
+    /*
+     * Condition 4:
+     *     PKEY data = 258           (256 to 65535)
+     *     PKEY_CURVEPKEY data = 255 (128 to 255)
+     *     PUBKEY data = 0           (Empty)
+     *     SEQ data = 272            (256 to 65536)
+     */
+    privKeySz = 255;
+    pubKeySz = 0;
+    trueDerSz = 276;
+
+    /* SEQ */
+    trueDer[0]  = ASN_SEQUENCE | ASN_CONSTRUCTED;
+    trueDer[1]  = 0x82;
+    trueDer[2]  = ((trueDerSz - 4) >> 8) & 0xff;
+    trueDer[3]  = (trueDerSz - 4) & 0xff;
+    /* VER */
+    trueDer[4]  = ASN_INTEGER;
+    trueDer[5]  = sizeof(version);
+    trueDer[6]  = version[0];
+    /* PKEYALGO_SEQ */
+    trueDer[7]  = ASN_SEQUENCE | ASN_CONSTRUCTED;
+    trueDer[8]  = sizeof(algId) + 2;
+    trueDer[9]  = ASN_OBJECT_ID;
+    trueDer[10] = sizeof(algId);
+    trueDer[11] = algId[0];
+    trueDer[12] = algId[1];
+    trueDer[13] = algId[2];
+    /* PKEY */
+    trueDer[14] = ASN_OCTET_STRING;
+    trueDer[15] = 0x82;
+    trueDer[16] = ((privKeySz + 3) >> 8) & 0xff;
+    trueDer[17] = (privKeySz + 3) & 0xff;
+    trueDer[18] = ASN_OCTET_STRING;
+    trueDer[19] = 0x81;
+    trueDer[20] = privKeySz;
+    privKey     = &trueDer[21];
+    XMEMSET(privKey, keyPat, privKeySz); /* trueDer[21] to trueDer[275] */
+    /* PUBKEY */
+    pubKey = NULL; /* Empty */
+
+    EXPECT_TEST(test_SetAsymKeyDer_once(privKey, privKeySz, pubKey, pubKeySz,
+        trueDer, trueDerSz));
+
+    /*
+     * Condition 5:
+     *     PKEY data = 260           (256 to 65535)
+     *     PKEY_CURVEPKEY data = 256 (256 to 65535)
+     *     PUBKEY data = 0           (Empty)
+     *     SEQ data = 274            (256 to 65535)
+     */
+    privKeySz = 256;
+    pubKeySz = 0;
+    trueDerSz = 278;
+
+    /* SEQ */
+    trueDer[0]  = ASN_SEQUENCE | ASN_CONSTRUCTED;
+    trueDer[1]  = 0x82;
+    trueDer[2]  = ((trueDerSz - 4) >> 8) & 0xff;
+    trueDer[3]  = (trueDerSz - 4) & 0xff;
+    /* VER */
+    trueDer[4]  = ASN_INTEGER;
+    trueDer[5]  = sizeof(version);
+    trueDer[6]  = version[0];
+    /* PKEYALGO_SEQ */
+    trueDer[7]  = ASN_SEQUENCE | ASN_CONSTRUCTED;
+    trueDer[8]  = sizeof(algId) + 2;
+    trueDer[9]  = ASN_OBJECT_ID;
+    trueDer[10] = sizeof(algId);
+    trueDer[11] = algId[0];
+    trueDer[12] = algId[1];
+    trueDer[13] = algId[2];
+    /* PKEY */
+    trueDer[14] = ASN_OCTET_STRING;
+    trueDer[15] = 0x82;
+    trueDer[16] = ((privKeySz + 4) >> 8) & 0xff;
+    trueDer[17] = (privKeySz + 4) & 0xff;
+    trueDer[18] = ASN_OCTET_STRING;
+    trueDer[19] = 0x82;
+    trueDer[20] = (privKeySz >> 8) & 0xff;
+    trueDer[21] = privKeySz & 0xff;
+    privKey     = &trueDer[22];
+    XMEMSET(privKey, keyPat, privKeySz); /* trueDer[22] to trueDer[277] */
+    /* PUBKEY */
+    pubKey = NULL; /* Empty */
+
+    EXPECT_TEST(test_SetAsymKeyDer_once(privKey, privKeySz, pubKey, pubKeySz,
+        trueDer, trueDerSz));
+
+    /*
+     * Condition 6:
+     *     PKEY data = 34            (1 to 127)
+     *     PKEY_CURVEPKEY data = 32  (1 to 127)
+     *     PUBKEY data = 32          (1 to 127)
+     *     SEQ data = 80             (1 to 127)
+     */
+    privKeySz = 32;
+    pubKeySz = 32;
+    trueDerSz = 82;
+
+    /* SEQ */
+    trueDer[0]  = ASN_SEQUENCE | ASN_CONSTRUCTED;
+    trueDer[1]  = trueDerSz - 2;
+    /* VER */
+    trueDer[2]  = ASN_INTEGER;
+    trueDer[3]  = sizeof(version);
+    trueDer[4]  = version[0];
+    /* PKEYALGO_SEQ */
+    trueDer[5]  = ASN_SEQUENCE | ASN_CONSTRUCTED;
+    trueDer[6]  = sizeof(algId) + 2;
+    trueDer[7]  = ASN_OBJECT_ID;
+    trueDer[8]  = sizeof(algId);
+    trueDer[9]  = algId[0];
+    trueDer[10] = algId[1];
+    trueDer[11] = algId[2];
+    /* PKEY */
+    trueDer[12] = ASN_OCTET_STRING;
+    trueDer[13] = privKeySz + 2;
+    trueDer[14] = ASN_OCTET_STRING;
+    trueDer[15] = privKeySz;
+    privKey     = &trueDer[16];
+    XMEMSET(privKey, keyPat, privKeySz); /* trueDer[16] to trueDer[47] */
+    /* PUBKEY */
+    trueDer[48] = ASN_CONTEXT_SPECIFIC | ASN_ASYMKEY_PUBKEY;
+    trueDer[49] = pubKeySz;
+    pubKey      = &trueDer[50];
+    XMEMSET(pubKey, keyPat, pubKeySz); /* trueDer[50] to trueDer[81] */
+
+    EXPECT_TEST(test_SetAsymKeyDer_once(privKey, privKeySz, pubKey, pubKeySz,
+        trueDer, trueDerSz));
+
+    /*
+     * Condition 7:
+     *     PKEY data = 34            (1 to 127)
+     *     PKEY_CURVEPKEY data = 32  (1 to 127)
+     *     PUBKEY data = 128         (128 to 255)
+     *     SEQ data = 180            (128 to 255)
+     */
+    privKeySz = 32;
+    pubKeySz = 128;
+    trueDerSz = 180;
+
+    /* SEQ */
+    trueDer[0]  = ASN_SEQUENCE | ASN_CONSTRUCTED;
+    trueDer[1]  = 0x81;
+    trueDer[2]  = trueDerSz - 3;
+    /* VER */
+    trueDer[3]  = ASN_INTEGER;
+    trueDer[4]  = sizeof(version);
+    trueDer[5]  = version[0];
+    /* PKEYALGO_SEQ */
+    trueDer[6]  = ASN_SEQUENCE | ASN_CONSTRUCTED;
+    trueDer[7]  = sizeof(algId) + 2;
+    trueDer[8]  = ASN_OBJECT_ID;
+    trueDer[9]  = sizeof(algId);
+    trueDer[10] = algId[0];
+    trueDer[11] = algId[1];
+    trueDer[12] = algId[2];
+    /* PKEY */
+    trueDer[13] = ASN_OCTET_STRING;
+    trueDer[14] = privKeySz + 2;
+    trueDer[15] = ASN_OCTET_STRING;
+    trueDer[16] = privKeySz;
+    privKey     = &trueDer[17];
+    XMEMSET(privKey, keyPat, privKeySz); /* trueDer[17] to trueDer[48] */
+    /* PUBKEY */
+    trueDer[49] = ASN_CONTEXT_SPECIFIC | ASN_ASYMKEY_PUBKEY;
+    trueDer[50] = 0x81;
+    trueDer[51] = pubKeySz;
+    pubKey      = &trueDer[52];
+    XMEMSET(pubKey, keyPat, pubKeySz); /* trueDer[52] to trueDer[179] */
+
+    EXPECT_TEST(test_SetAsymKeyDer_once(privKey, privKeySz, pubKey, pubKeySz,
+        trueDer, trueDerSz));
+
+    /*
+     * Condition 8:
+     *     PKEY data = 34            (1 to 127)
+     *     PKEY_CURVEPKEY data = 32  (1 to 127)
+     *     PUBKEY data = 256         (256 to 65535)
+     *     SEQ data = 306            (256 to 65535)
+     */
+    privKeySz = 32;
+    pubKeySz = 256;
+    trueDerSz = 310;
+
+    /* SEQ */
+    trueDer[0]  = ASN_SEQUENCE | ASN_CONSTRUCTED;
+    trueDer[1]  = 0x82;
+    trueDer[2]  = ((trueDerSz - 4) >> 8) & 0xff;
+    trueDer[3]  = (trueDerSz - 4) & 0xff;
+    /* VER */
+    trueDer[4]  = ASN_INTEGER;
+    trueDer[5]  = sizeof(version);
+    trueDer[6]  = version[0];
+    /* PKEYALGO_SEQ */
+    trueDer[7]  = ASN_SEQUENCE | ASN_CONSTRUCTED;
+    trueDer[8]  = sizeof(algId) + 2;
+    trueDer[9]  = ASN_OBJECT_ID;
+    trueDer[10] = sizeof(algId);
+    trueDer[11] = algId[0];
+    trueDer[12] = algId[1];
+    trueDer[13] = algId[2];
+    /* PKEY */
+    trueDer[14] = ASN_OCTET_STRING;
+    trueDer[15] = privKeySz + 2;
+    trueDer[16] = ASN_OCTET_STRING;
+    trueDer[17] = privKeySz;
+    privKey     = &trueDer[18];
+    XMEMSET(privKey, keyPat, privKeySz); /* trueDer[18] to trueDer[49] */
+    /* PUBKEY */
+    trueDer[50] = ASN_CONTEXT_SPECIFIC | ASN_ASYMKEY_PUBKEY;
+    trueDer[51] = 0x82;
+    trueDer[52] = (pubKeySz >> 8) & 0xff;
+    trueDer[53] = pubKeySz & 0xff;
+    pubKey      = &trueDer[54];
+    XMEMSET(pubKey, keyPat, pubKeySz); /* trueDer[54] to trueDer[309] */
+
+    EXPECT_TEST(test_SetAsymKeyDer_once(privKey, privKeySz, pubKey, pubKeySz,
+        trueDer, trueDerSz));
+#endif /* WC_ENABLE_ASYM_KEY_EXPORT && HAVE_ED25519 */
+
+    return EXPECT_RESULT();
+
+}
+
 #ifndef NO_ASN
-static int test_SetShortInt_once(word32 val, byte* valDer, word32 valDerSz)
+static int test_GetSetShortInt_once(word32 val, byte* valDer, word32 valDerSz)
 {
     EXPECT_DECLS;
 
@@ -36,6 +423,7 @@ static int test_SetShortInt_once(word32 val, byte* valDer, word32 valDerSz)
     word32 outDerSz = 0;
     word32 inOutIdx = 0;
     word32 maxIdx = MAX_SHORT_SZ;
+    int value;
 
     ExpectIntLE(2 + valDerSz, MAX_SHORT_SZ);
     ExpectIntEQ(outDerSz = SetShortInt(outDer, &inOutIdx, val, maxIdx),
@@ -43,6 +431,11 @@ static int test_SetShortInt_once(word32 val, byte* valDer, word32 valDerSz)
     ExpectIntEQ(outDer[0], ASN_INTEGER);
     ExpectIntEQ(outDer[1], valDerSz);
     ExpectIntEQ(XMEMCMP(outDer + 2, valDer, valDerSz), 0);
+    if (val < 0x80000000) {
+        /* GetShortInt only supports positive values. */
+        inOutIdx = 0;
+        ExpectIntEQ(val, GetShortInt(outDer, &inOutIdx, &value, maxIdx));
+    }
 
 #endif /* !WOLFSSL_ASN_TEMPLATE || HAVE_PKCS8 || HAVE_PKCS12 */
 #endif /* !NO_PWDBASED */
@@ -55,7 +448,7 @@ static int test_SetShortInt_once(word32 val, byte* valDer, word32 valDerSz)
 }
 #endif
 
-int test_SetShortInt(void)
+int test_GetSetShortInt(void)
 {
     EXPECT_DECLS;
 
@@ -66,43 +459,43 @@ int test_SetShortInt(void)
     {
         /* Input 1 byte min */
         valDer[0] = 0x00;
-        EXPECT_TEST(test_SetShortInt_once(0x00, valDer, 1));
+        EXPECT_TEST(test_GetSetShortInt_once(0x00, valDer, 1));
 
         /* Input 1 byte max */
         valDer[0] = 0x00;
         valDer[1] = 0xff;
-        EXPECT_TEST(test_SetShortInt_once(0xff, valDer, 2));
+        EXPECT_TEST(test_GetSetShortInt_once(0xff, valDer, 2));
 
         /* Input 2 bytes min */
         valDer[0] = 0x01;
         valDer[1] = 0x00;
-        EXPECT_TEST(test_SetShortInt_once(0x0100, valDer, 2));
+        EXPECT_TEST(test_GetSetShortInt_once(0x0100, valDer, 2));
 
         /* Input 2 bytes max */
         valDer[0] = 0x00;
         valDer[1] = 0xff;
         valDer[2] = 0xff;
-        EXPECT_TEST(test_SetShortInt_once(0xffff, valDer, 3));
+        EXPECT_TEST(test_GetSetShortInt_once(0xffff, valDer, 3));
 
         /* Input 3 bytes min */
         valDer[0] = 0x01;
         valDer[1] = 0x00;
         valDer[2] = 0x00;
-        EXPECT_TEST(test_SetShortInt_once(0x010000, valDer, 3));
+        EXPECT_TEST(test_GetSetShortInt_once(0x010000, valDer, 3));
 
         /* Input 3 bytes max */
         valDer[0] = 0x00;
         valDer[1] = 0xff;
         valDer[2] = 0xff;
         valDer[3] = 0xff;
-        EXPECT_TEST(test_SetShortInt_once(0xffffff, valDer, 4));
+        EXPECT_TEST(test_GetSetShortInt_once(0xffffff, valDer, 4));
 
         /* Input 4 bytes min */
         valDer[0] = 0x01;
         valDer[1] = 0x00;
         valDer[2] = 0x00;
         valDer[3] = 0x00;
-        EXPECT_TEST(test_SetShortInt_once(0x01000000, valDer, 4));
+        EXPECT_TEST(test_GetSetShortInt_once(0x01000000, valDer, 4));
 
         /* Input 4 bytes max */
         valDer[0] = 0x00;
@@ -110,7 +503,7 @@ int test_SetShortInt(void)
         valDer[2] = 0xff;
         valDer[3] = 0xff;
         valDer[4] = 0xff;
-        EXPECT_TEST(test_SetShortInt_once(0xffffffff, valDer, 5));
+        EXPECT_TEST(test_GetSetShortInt_once(0xffffffff, valDer, 5));
     }
 
     /* Corner tests for output size */
@@ -119,43 +512,43 @@ int test_SetShortInt(void)
 
         /* Output 1 byte max */
         valDer[0] = 0x7f;
-        EXPECT_TEST(test_SetShortInt_once(0x7f, valDer, 1));
+        EXPECT_TEST(test_GetSetShortInt_once(0x7f, valDer, 1));
 
         /* Output 2 bytes min */
         valDer[0] = 0x00;
         valDer[1] = 0x80;
-        EXPECT_TEST(test_SetShortInt_once(0x80, valDer, 2));
+        EXPECT_TEST(test_GetSetShortInt_once(0x80, valDer, 2));
 
         /* Output 2 bytes max */
         valDer[0] = 0x7f;
         valDer[1] = 0xff;
-        EXPECT_TEST(test_SetShortInt_once(0x7fff, valDer, 2));
+        EXPECT_TEST(test_GetSetShortInt_once(0x7fff, valDer, 2));
 
         /* Output 3 bytes min */
         valDer[0] = 0x00;
         valDer[1] = 0x80;
         valDer[2] = 0x00;
-        EXPECT_TEST(test_SetShortInt_once(0x8000, valDer, 3));
+        EXPECT_TEST(test_GetSetShortInt_once(0x8000, valDer, 3));
 
         /* Output 3 bytes max */
         valDer[0] = 0x7f;
         valDer[1] = 0xff;
         valDer[2] = 0xff;
-        EXPECT_TEST(test_SetShortInt_once(0x7fffff, valDer, 3));
+        EXPECT_TEST(test_GetSetShortInt_once(0x7fffff, valDer, 3));
 
         /* Output 4 bytes min */
         valDer[0] = 0x00;
         valDer[1] = 0x80;
         valDer[2] = 0x00;
         valDer[3] = 0x00;
-        EXPECT_TEST(test_SetShortInt_once(0x800000, valDer, 4));
+        EXPECT_TEST(test_GetSetShortInt_once(0x800000, valDer, 4));
 
         /* Output 4 bytes max */
         valDer[0] = 0x7f;
         valDer[1] = 0xff;
         valDer[2] = 0xff;
         valDer[3] = 0xff;
-        EXPECT_TEST(test_SetShortInt_once(0x7fffffff, valDer, 4));
+        EXPECT_TEST(test_GetSetShortInt_once(0x7fffffff, valDer, 4));
 
         /* Output 5 bytes min */
         valDer[0] = 0x00;
@@ -163,7 +556,7 @@ int test_SetShortInt(void)
         valDer[2] = 0x00;
         valDer[3] = 0x00;
         valDer[4] = 0x00;
-        EXPECT_TEST(test_SetShortInt_once(0x80000000, valDer, 5));
+        EXPECT_TEST(test_GetSetShortInt_once(0x80000000, valDer, 5));
 
         /* Skip "Output 5 bytes max" because of same as "Input 4 bytes max" */
     }
@@ -171,8 +564,76 @@ int test_SetShortInt(void)
     /* Extra tests */
     {
         valDer[0] = 0x01;
-        EXPECT_TEST(test_SetShortInt_once(0x01, valDer, 1));
+        EXPECT_TEST(test_GetSetShortInt_once(0x01, valDer, 1));
     }
+
+#if !defined(NO_PWDBASED) || defined(WOLFSSL_ASN_EXTRA)
+    /* Negative INTEGER values. */
+    {
+        word32 idx = 0;
+        int value;
+
+        valDer[0] = ASN_INTEGER;
+        valDer[1] = 1;
+        valDer[2] = 0x80;
+        ExpectIntEQ(GetShortInt(valDer, &idx, &value, 3),
+                WC_NO_ERR_TRACE(ASN_EXPECT_0_E));
+
+        idx = 0;
+        valDer[0] = ASN_INTEGER;
+        valDer[1] = 4;
+        valDer[2] = 0xFF;
+        valDer[3] = 0xFF;
+        valDer[4] = 0xFF;
+        valDer[5] = 0xFF;
+        ExpectIntEQ(GetShortInt(valDer, &idx, &value, 6),
+                WC_NO_ERR_TRACE(ASN_EXPECT_0_E));
+    }
+#endif
+#endif
+
+    return EXPECT_RESULT();
+}
+
+
+int test_wc_IndexSequenceOf(void)
+{
+    EXPECT_DECLS;
+
+#ifndef NO_ASN
+    const byte int_seq[] = {
+        0x30, 0x0A,
+        0x02, 0x01, 0x0A,
+        0x02, 0x02, 0x00, 0xF0,
+        0x02, 0x01, 0x7F,
+    };
+    const byte bad_seq[] = {
+        0xA0, 0x01, 0x01,
+    };
+    const byte empty_seq[] = {
+        0x30, 0x00,
+    };
+
+    const byte * element;
+    word32 elementSz;
+
+    ExpectIntEQ(wc_IndexSequenceOf(int_seq, sizeof(int_seq), 0U, &element, &elementSz), 0);
+    ExpectPtrEq(element, &int_seq[2]);
+    ExpectIntEQ(elementSz, 3);
+
+    ExpectIntEQ(wc_IndexSequenceOf(int_seq, sizeof(int_seq), 1U, &element, &elementSz), 0);
+    ExpectPtrEq(element, &int_seq[5]);
+    ExpectIntEQ(elementSz, 4);
+
+    ExpectIntEQ(wc_IndexSequenceOf(int_seq, sizeof(int_seq), 2U, &element, &elementSz), 0);
+    ExpectPtrEq(element, &int_seq[9]);
+    ExpectIntEQ(elementSz, 3);
+
+    ExpectIntEQ(wc_IndexSequenceOf(int_seq, sizeof(int_seq), 3U, &element, &elementSz), WC_NO_ERR_TRACE(BAD_INDEX_E));
+
+    ExpectIntEQ(wc_IndexSequenceOf(bad_seq, sizeof(bad_seq), 0U, &element, &elementSz), WC_NO_ERR_TRACE(ASN_PARSE_E));
+
+    ExpectIntEQ(wc_IndexSequenceOf(empty_seq, sizeof(empty_seq), 0U, &element, &elementSz), WC_NO_ERR_TRACE(BAD_INDEX_E));
 #endif
 
     return EXPECT_RESULT();
diff --git a/tests/api/test_asn.h b/tests/api/test_asn.h
index 2fad6d644..1d2e20b2f 100644
--- a/tests/api/test_asn.h
+++ b/tests/api/test_asn.h
@@ -24,9 +24,13 @@
 
 #include <tests/api/api_decl.h>
 
-int test_SetShortInt(void);
+int test_SetAsymKeyDer(void);
+int test_GetSetShortInt(void);
+int test_wc_IndexSequenceOf(void);
 
 #define TEST_ASN_DECLS                                              \
-    TEST_DECL_GROUP("asn", test_SetShortInt)                        \
+    TEST_DECL_GROUP("asn", test_SetAsymKeyDer),                     \
+    TEST_DECL_GROUP("asn", test_GetSetShortInt),                    \
+    TEST_DECL_GROUP("asn", test_wc_IndexSequenceOf)
 
 #endif /* WOLFCRYPT_TEST_ASN_H */
diff --git a/tests/api/test_dtls.c b/tests/api/test_dtls.c
index cc0c1a254..d4aead783 100644
--- a/tests/api/test_dtls.c
+++ b/tests/api/test_dtls.c
@@ -1393,6 +1393,7 @@ int test_dtls_rtx_across_epoch_change(void)
           defined(WOLFSSL_DTLS13) */
     return EXPECT_RESULT();
 }
+
 int test_dtls_drop_client_ack(void)
 {
     EXPECT_DECLS;
@@ -1472,3 +1473,167 @@ int test_dtls_drop_client_ack(void)
           defined(WOLFSSL_DTLS13) */
     return EXPECT_RESULT();
 }
+
+int test_dtls_bogus_finished_epoch_zero(void)
+{
+    EXPECT_DECLS;
+#if defined(HAVE_MANUAL_MEMIO_TESTS_DEPENDENCIES) && defined(WOLFSSL_DTLS) && \
+    !defined(WOLFSSL_NO_TLS12) && defined(HAVE_AES_CBC) && \
+    defined(WOLFSSL_AES_128) && !defined(NO_SHA256)
+    WOLFSSL_CTX *ctx_c = NULL, *ctx_s = NULL;
+    WOLFSSL *ssl_c = NULL, *ssl_s = NULL;
+    struct test_memio_ctx test_ctx;
+    int error;
+
+    /* bogus Finished message bytes from the original bug report (epoch 0)
+     * https://github.com/wolfSSL/wolfssl/issues/9188 */
+    static const unsigned char bogus_finished[] = {
+        0x16, 0xfe, 0xfd, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+        0x18, 0x14, 0x00, 0x00, 0x0c, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+        0x0c, 0xd9, 0xc6, 0xe3, 0x01, 0x59, 0xf2, 0xc2, 0x4f, 0xfa, 0xfd, 0x20,
+        0xd7
+    };
+
+    /* serverHelloDone message bytes */
+    static const unsigned char server_hello_done_message[] = {
+        0x16, 0xfe, 0xfd, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x01, 0x00,
+        0x0c, 0x0e, 0x00, 0x00, 0x00, 0x00, 0x01, 0x00, 0x00, 0x00, 0x00, 0x00,
+        0x00
+    };
+
+    XMEMSET(&test_ctx, 0, sizeof(test_ctx));
+
+    /* setting up dtls 1.2 contexts */
+    ExpectIntEQ(test_memio_setup(&test_ctx, &ctx_c, &ctx_s, &ssl_c, &ssl_s,
+            wolfDTLSv1_2_client_method, wolfDTLSv1_2_server_method), 0);
+
+    /* start handshake, send first ClientHelloDone */
+    ExpectIntEQ(wolfSSL_connect(ssl_c), -1);
+    ExpectIntEQ(wolfSSL_get_error(ssl_c, -1), WOLFSSL_ERROR_WANT_READ);
+
+    /* clearing server buffer to inject the wrong Finished packet */
+    test_memio_clear_buffer(&test_ctx, 1);
+    ExpectIntEQ(test_memio_inject_message(&test_ctx, 1,
+            (const char*)bogus_finished, sizeof(bogus_finished)), 0);
+
+    /* continue client handshake to process it */
+    ExpectIntEQ(wolfSSL_connect(ssl_c), -1);
+
+    /* client should terminate with dtls sequence error */
+    error = wolfSSL_get_error(ssl_c, -1);
+
+    /* check if the error is SEQUENCE_ERROR, handshake should not
+     * expect a finished packet in that moment, in particular should not
+     * be in epoch = 0 (should be epoch = 1) */
+    ExpectTrue(error == WC_NO_ERR_TRACE(SEQUENCE_ERROR) ||
+               error == WC_NO_ERR_TRACE(WOLFSSL_ERROR_WANT_READ));
+
+    /* forcing injection ServerHelloDone to test if client would replay
+     * ClientHello */
+    test_memio_clear_buffer(&test_ctx, 0);
+    ExpectIntEQ(test_memio_inject_message(&test_ctx, 1,
+            (const char*)server_hello_done_message, sizeof(server_hello_done_message)), 0);
+    wolfSSL_connect(ssl_c);
+
+    /* verifying no ClientHello replay occurred,
+     * buffer should empty since we exit early on
+     * because of the bogus finished packet */
+    ExpectIntLE(test_ctx.s_len, 0);
+
+    wolfSSL_free(ssl_c);
+    wolfSSL_CTX_free(ctx_c);
+    wolfSSL_free(ssl_s);
+    wolfSSL_CTX_free(ctx_s);
+#endif
+    return EXPECT_RESULT();
+}
+
+int test_dtls_replay(void)
+{
+    EXPECT_DECLS;
+#if defined(HAVE_MANUAL_MEMIO_TESTS_DEPENDENCIES) && defined(WOLFSSL_DTLS)
+    size_t i;
+    struct {
+        method_provider client_meth;
+        method_provider server_meth;
+        const char* tls_version;
+    } params[] = {
+#if defined(WOLFSSL_TLS13) && defined(WOLFSSL_DTLS13)
+        { wolfDTLSv1_3_client_method, wolfDTLSv1_3_server_method, "DTLSv1_3" },
+#endif
+#if !defined(WOLFSSL_NO_TLS12) && defined(WOLFSSL_DTLS)
+        { wolfDTLSv1_2_client_method, wolfDTLSv1_2_server_method, "DTLSv1_2" },
+#endif
+#if !defined(NO_OLD_TLS) && defined(WOLFSSL_DTLS)
+        { wolfDTLSv1_client_method, wolfDTLSv1_server_method, "DTLSv1_0" },
+#endif
+    };
+    for (i = 0; i < XELEM_CNT(params) && !EXPECT_FAIL(); i++) {
+        WOLFSSL_CTX *ctx_c = NULL, *ctx_s = NULL;
+        WOLFSSL *ssl_c = NULL, *ssl_s = NULL;
+        struct test_memio_ctx test_ctx;
+
+        char msg_buf[256];
+        int msg_len = sizeof(msg_buf);
+        byte app_data[8];
+
+        XMEMSET(&test_ctx, 0, sizeof(test_ctx));
+
+        /* Setup DTLS contexts */
+        ExpectIntEQ(test_memio_setup(&test_ctx, &ctx_c, &ctx_s, &ssl_c, &ssl_s,
+                params[i].client_meth, params[i].server_meth), 0);
+        ExpectIntEQ(test_memio_do_handshake(ssl_c, ssl_s, 10, NULL), 0);
+
+        ExpectIntEQ(wolfSSL_write(ssl_c, "test", 4), 4);
+        ExpectIntEQ(test_memio_copy_message(&test_ctx, 0, msg_buf, &msg_len, 0), 0);
+        ExpectIntEQ(wolfSSL_read(ssl_s, app_data, sizeof(app_data)), 4);
+        ExpectIntEQ(test_memio_inject_message(&test_ctx, 0, msg_buf, msg_len), 0);
+        ExpectIntEQ(wolfSSL_read(ssl_s, app_data, sizeof(app_data)), -1);
+        ExpectIntEQ(wolfSSL_get_error(ssl_s, -1), WOLFSSL_ERROR_WANT_READ);
+
+        wolfSSL_free(ssl_c);
+        wolfSSL_CTX_free(ctx_c);
+        wolfSSL_free(ssl_s);
+        wolfSSL_CTX_free(ctx_s);
+    }
+#endif
+    return EXPECT_RESULT();
+}
+
+#if defined(WOLFSSL_DTLS13) && defined(HAVE_SSL_MEMIO_TESTS_DEPENDENCIES) && \
+    defined(WOLFSSL_SRTP)
+static int test_dtls_srtp_ctx_ready(WOLFSSL_CTX* ctx)
+{
+    EXPECT_DECLS;
+    ExpectIntEQ(wolfSSL_CTX_set_tlsext_use_srtp(ctx, "SRTP_AEAD_AES_256_GCM:"
+         "SRTP_AEAD_AES_128_GCM:SRTP_AES128_CM_SHA1_80:SRTP_AES128_CM_SHA1_32"),
+          0);
+    return EXPECT_RESULT();
+}
+
+int test_dtls_srtp(void)
+{
+    EXPECT_DECLS;
+    test_ssl_cbf client_cbf;
+    test_ssl_cbf server_cbf;
+
+    XMEMSET(&client_cbf, 0, sizeof(client_cbf));
+    XMEMSET(&server_cbf, 0, sizeof(server_cbf));
+
+    client_cbf.method = wolfDTLSv1_3_client_method;
+    client_cbf.ctx_ready = test_dtls_srtp_ctx_ready;
+    server_cbf.method = wolfDTLSv1_3_server_method;
+    server_cbf.ctx_ready = test_dtls_srtp_ctx_ready;
+
+    ExpectIntEQ(test_wolfSSL_client_server_nofail_memio(&client_cbf,
+        &server_cbf, NULL), TEST_SUCCESS);
+
+    return EXPECT_RESULT();
+}
+#else
+int test_dtls_srtp(void)
+{
+    EXPECT_DECLS;
+    return EXPECT_RESULT();
+}
+#endif
diff --git a/tests/api/test_dtls.h b/tests/api/test_dtls.h
index 199518790..caff1a19b 100644
--- a/tests/api/test_dtls.h
+++ b/tests/api/test_dtls.h
@@ -38,4 +38,7 @@ int test_records_span_network_boundaries(void);
 int test_dtls_record_cross_boundaries(void);
 int test_dtls_rtx_across_epoch_change(void);
 int test_dtls_drop_client_ack(void);
+int test_dtls_bogus_finished_epoch_zero(void);
+int test_dtls_replay(void);
+int test_dtls_srtp(void);
 #endif /* TESTS_API_DTLS_H */
diff --git a/tests/api/test_ecc.c b/tests/api/test_ecc.c
index b60a11da5..bd24c7072 100644
--- a/tests/api/test_ecc.c
+++ b/tests/api/test_ecc.c
@@ -1360,7 +1360,7 @@ int test_wc_ecc_pointFns(void)
     EXPECT_DECLS;
 #if defined(HAVE_ECC) && defined(HAVE_ECC_KEY_EXPORT) && \
     !defined(WC_NO_RNG) && !defined(WOLFSSL_ATECC508A) && \
-    !defined(WOLFSSL_ATECC608A)
+    !defined(WOLFSSL_ATECC608A) && !defined(WOLF_CRYPTO_CB_ONLY_ECC)
     ecc_key    key;
     WC_RNG     rng;
     int        ret;
@@ -1465,7 +1465,7 @@ int test_wc_ecc_shared_secret_ssh(void)
 #if defined(HAVE_ECC) && defined(HAVE_ECC_DHE) && \
     !defined(WC_NO_RNG) && !defined(WOLFSSL_ATECC508A) && \
     !defined(WOLFSSL_ATECC608A) && !defined(PLUTON_CRYPTO_ECC) && \
-    !defined(WOLFSSL_CRYPTOCELL)
+    !defined(WOLFSSL_CRYPTOCELL) && !defined(WOLF_CRYPTO_CB_ONLY_ECC)
     ecc_key key;
     ecc_key key2;
     WC_RNG  rng;
@@ -1639,7 +1639,8 @@ int test_wc_ecc_mulmod(void)
     EXPECT_DECLS;
 #if defined(HAVE_ECC) && !defined(WC_NO_RNG) && \
     !(defined(WOLFSSL_ATECC508A) || defined(WOLFSSL_ATECC608A) || \
-      defined(WOLFSSL_VALIDATE_ECC_IMPORT))
+      defined(WOLFSSL_VALIDATE_ECC_IMPORT)) && \
+    !defined(WOLF_CRYPTO_CB_ONLY_ECC)
     ecc_key     key1;
     ecc_key     key2;
     ecc_key     key3;
diff --git a/tests/api/test_hash.c b/tests/api/test_hash.c
index 717c0849d..ac0b635ff 100644
--- a/tests/api/test_hash.c
+++ b/tests/api/test_hash.c
@@ -214,9 +214,9 @@ int test_wc_HashInit(void)
 
     for (i = 0; i < notSupportedHashLen; i++) {
         /* check for null ptr */
-        ExpectIntEQ(wc_HashInit(NULL, supportedHash[i]),
+        ExpectIntEQ(wc_HashInit(NULL, notSupportedHash[i]),
             WC_NO_ERR_TRACE(BAD_FUNC_ARG));
-        ExpectIntEQ(wc_HashInit_ex(NULL, supportedHash[i], HEAP_HINT,
+        ExpectIntEQ(wc_HashInit_ex(NULL, notSupportedHash[i], HEAP_HINT,
             INVALID_DEVID), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
 
         ExpectIntEQ(wc_HashInit(&hash, notSupportedHash[i]),
diff --git a/tests/api/test_mldsa.c b/tests/api/test_mldsa.c
index 52c7076c1..775db3e27 100644
--- a/tests/api/test_mldsa.c
+++ b/tests/api/test_mldsa.c
@@ -16658,7 +16658,239 @@ int test_wc_dilithium_verify_kats(void)
     return EXPECT_RESULT();
 }
 
-int test_mldsa_pkcs8(void)
+#if !defined(NO_ASN) && defined(HAVE_PKCS8) && \
+    defined(HAVE_DILITHIUM) && defined(WOLFSSL_WC_DILITHIUM) && \
+    !defined(WOLFSSL_DILITHIUM_NO_MAKE_KEY) && \
+    !defined(WOLFSSL_DILITHIUM_NO_ASN1) && defined(WOLFSSL_ASN_TEMPLATE)
+static struct {
+    const char* fileName;
+    byte level;
+    /* 0: Unsupported, 1: Supported*/
+    int p8_lv;     /* Support PKCS8 format with specifying level          */
+    int p8_nolv;   /* Support PKCS8 format without specifying level       */
+    int trad_lv;   /* Support traditional format with specifying level    */
+    int trad_nolv; /* Support traditional format without specifying level */
+} ossl_form[] = {
+    /*
+     * Generated test files with the following commands:
+     *     openssl genpkey -outform DER -algorithm ${ALGO} \
+     *         -provparam ml-dsa.output_formats=${OUT_FORM} -out ${OUT_FILE}
+     */
+
+#ifndef WOLFSSL_NO_ML_DSA_44
+    /* ALGO=ML-DSA-44, OUT_FORM=seed-only, OUT_FILE=mldsa44_seed-only.der   */
+    {"certs/mldsa/mldsa44_seed-only.der",  WC_ML_DSA_44, 1, 1, 1, 0},
+    /* ALGO=ML-DSA-44, OUT_FORM=priv-only, OUT_FILE=mldsa44_priv-only.der   */
+    {"certs/mldsa/mldsa44_priv-only.der",  WC_ML_DSA_44, 1, 1, 1, 0},
+    /* ALGO=ML-DSA-44, OUT_FORM=seed-priv, OUT_FILE=mldsa44_seed-priv.der   */
+    {"certs/mldsa/mldsa44_seed-priv.der",  WC_ML_DSA_44, 1, 1, 1, 0},
+    /* ALGO=ML-DSA-44, OUT_FORM=oqskeypair, OUT_FILE=mldsa44_oqskeypair.der */
+    {"certs/mldsa/mldsa44_oqskeypair.der", WC_ML_DSA_44, 1, 1, 1, 0},
+    /* ALGO=ML-DSA-44, OUT_FORM=bare-seed, OUT_FILE=mldsa44_bare-seed.der   */
+    {"certs/mldsa/mldsa44_bare-seed.der",  WC_ML_DSA_44, 0, 0, 0, 0},
+    /* ALGO=ML-DSA-44, OUT_FORM=bare-priv, OUT_FILE=mldsa44_bare-priv.der   */
+    {"certs/mldsa/mldsa44_bare-priv.der",  WC_ML_DSA_44, 0, 0, 0, 0},
+#endif
+#ifndef WOLFSSL_NO_ML_DSA_65
+    /* ALGO=ML-DSA-65, OUT_FORM=seed-only, OUT_FILE=mldsa65_seed-only.der   */
+    {"certs/mldsa/mldsa65_seed-only.der",  WC_ML_DSA_65, 1, 1, 1, 0},
+    /* ALGO=ML-DSA-65, OUT_FORM=priv-only, OUT_FILE=mldsa65_priv-only.der   */
+    {"certs/mldsa/mldsa65_priv-only.der",  WC_ML_DSA_65, 1, 1, 1, 0},
+    /* ALGO=ML-DSA-65, OUT_FORM=seed-priv, OUT_FILE=mldsa65_seed-priv.der   */
+    {"certs/mldsa/mldsa65_seed-priv.der",  WC_ML_DSA_65, 1, 1, 1, 0},
+    /* ALGO=ML-DSA-65, OUT_FORM=oqskeypair, OUT_FILE=mldsa65_oqskeypair.der */
+    {"certs/mldsa/mldsa65_oqskeypair.der", WC_ML_DSA_65, 1, 1, 1, 0},
+    /* ALGO=ML-DSA-65, OUT_FORM=bare-seed, OUT_FILE=mldsa65_bare-seed.der   */
+    {"certs/mldsa/mldsa65_bare-seed.der",  WC_ML_DSA_65, 0, 0, 0, 0},
+    /* ALGO=ML-DSA-65, OUT_FORM=bare-priv, OUT_FILE=mldsa65_bare-priv.der   */
+    {"certs/mldsa/mldsa65_bare-priv.der",  WC_ML_DSA_65, 0, 0, 0, 0},
+#endif
+#ifndef WOLFSSL_NO_ML_DSA_87
+    /* ALGO=ML-DSA-87, OUT_FORM=seed-only, OUT_FILE=mldsa87_seed-only.der   */
+    {"certs/mldsa/mldsa87_seed-only.der",  WC_ML_DSA_87, 1, 1, 1, 0},
+    /* ALGO=ML-DSA-87, OUT_FORM=priv-only, OUT_FILE=mldsa87_priv-only.der   */
+    {"certs/mldsa/mldsa87_priv-only.der",  WC_ML_DSA_87, 1, 1, 1, 0},
+    /* ALGO=ML-DSA-87, OUT_FORM=seed-priv, OUT_FILE=mldsa87_seed-priv.der   */
+    {"certs/mldsa/mldsa87_seed-priv.der",  WC_ML_DSA_87, 1, 1, 1, 0},
+    /* ALGO=ML-DSA-87, OUT_FORM=oqskeypair, OUT_FILE=mldsa87_oqskeypair.der */
+    {"certs/mldsa/mldsa87_oqskeypair.der", WC_ML_DSA_87, 1, 1, 1, 0},
+    /* ALGO=ML-DSA-87, OUT_FORM=bare-seed, OUT_FILE=mldsa87_bare-seed.der   */
+    {"certs/mldsa/mldsa87_bare-seed.der",  WC_ML_DSA_87, 0, 0, 0, 0},
+    /* ALGO=ML-DSA-87, OUT_FORM=bare-priv, OUT_FILE=mldsa87_bare-priv.der   */
+    {"certs/mldsa/mldsa87_bare-priv.der",  WC_ML_DSA_87, 0, 0, 0, 0}
+#endif
+};
+#endif
+
+int test_wc_Dilithium_PrivateKeyDecode_OpenSSL_form(void)
+{
+    EXPECT_DECLS;
+
+#if !defined(NO_ASN) && defined(HAVE_PKCS8) && \
+    defined(HAVE_DILITHIUM) && defined(WOLFSSL_WC_DILITHIUM) && \
+    !defined(WOLFSSL_DILITHIUM_NO_MAKE_KEY) && \
+    !defined(WOLFSSL_DILITHIUM_NO_ASN1) && defined(WOLFSSL_ASN_TEMPLATE)
+
+    byte* der = NULL;
+    size_t derMaxSz = ML_DSA_LEVEL5_BOTH_KEY_DER_SIZE;
+    size_t derSz = 0;
+    FILE* fp = NULL;
+    word32 inOutIdx = 0;
+    word32 inOutIdx2 = 0;
+    dilithium_key key;
+    int expect = 0;
+    int pkeySz = 0;
+    byte level = 0;
+
+    ExpectNotNull(der = (byte*) XMALLOC(derMaxSz, NULL,
+        DYNAMIC_TYPE_TMP_BUFFER));
+
+    for (size_t i = 0; i < sizeof(ossl_form) / sizeof(ossl_form[0]); ++i) {
+        ExpectNotNull(fp = XFOPEN(ossl_form[i].fileName, "rb"));
+        ExpectIntGT(derSz = XFREAD(der, 1, derMaxSz, fp), 0);
+        ExpectIntEQ(XFCLOSE(fp), 0);
+
+        /* Specify a level with PKCS8 format */
+        XMEMSET(&key, 0, sizeof(key));
+        ExpectIntEQ(wc_dilithium_init(&key), 0);
+        ExpectIntEQ(wc_dilithium_set_level(&key, ossl_form[i].level), 0);
+        inOutIdx = 0;
+        expect = ossl_form[i].p8_lv ? 0 : ASN_PARSE_E;
+        ExpectIntEQ(wc_Dilithium_PrivateKeyDecode(der, &inOutIdx, &key,
+            (word32)derSz), expect);
+        if (expect == 0) {
+            ExpectIntEQ(wc_dilithium_get_level(&key, &level), 0);
+            ExpectIntEQ(level, ossl_form[i].level);
+        }
+        wc_dilithium_free(&key);
+
+        /* Not specify a level with PKCS8 format */
+        XMEMSET(&key, 0, sizeof(key));
+        ExpectIntEQ(wc_dilithium_init(&key), 0);
+        inOutIdx = 0;
+        expect = ossl_form[i].p8_nolv ? 0 : ASN_PARSE_E;
+        ExpectIntEQ(wc_Dilithium_PrivateKeyDecode(der, &inOutIdx, &key,
+            (word32)derSz), expect);
+        if (expect == 0) {
+            ExpectIntEQ(wc_dilithium_get_level(&key, &level), 0);
+            ExpectIntEQ(level, ossl_form[i].level);
+        }
+        wc_dilithium_free(&key);
+
+        /* Specify a level with traditional format */
+        XMEMSET(&key, 0, sizeof(key));
+        ExpectIntEQ(wc_dilithium_init(&key), 0);
+        ExpectIntEQ(wc_dilithium_set_level(&key, ossl_form[i].level), 0);
+        inOutIdx = 0;
+        expect = ossl_form[i].trad_lv ? 0 : ASN_PARSE_E;
+        ExpectIntGT(pkeySz = wc_GetPkcs8TraditionalOffset(der, &inOutIdx,
+            (word32)derSz), 0);
+        inOutIdx2 = 0;
+        ExpectIntEQ(wc_Dilithium_PrivateKeyDecode(der + inOutIdx, &inOutIdx2,
+            &key, (word32)pkeySz), expect);
+        if (expect == 0) {
+            ExpectIntEQ(wc_dilithium_get_level(&key, &level), 0);
+            ExpectIntEQ(level, ossl_form[i].level);
+        }
+        wc_dilithium_free(&key);
+
+        /* Not specify a level with traditional format */
+        XMEMSET(&key, 0, sizeof(key));
+        ExpectIntEQ(wc_dilithium_init(&key), 0);
+        inOutIdx = 0;
+        expect = ossl_form[i].trad_nolv ? 0 : ASN_PARSE_E;
+        ExpectIntGT(pkeySz = wc_GetPkcs8TraditionalOffset(der, &inOutIdx,
+            (word32)derSz), 0);
+        inOutIdx2 = 0;
+        ExpectIntEQ(wc_Dilithium_PrivateKeyDecode(der + inOutIdx, &inOutIdx2,
+            &key, (word32)pkeySz), expect);
+        if (expect == 0) {
+            ExpectIntEQ(wc_dilithium_get_level(&key, &level), 0);
+            ExpectIntEQ(level, ossl_form[i].level);
+        }
+        wc_dilithium_free(&key);
+    }
+
+    XFREE(der, NULL, DYNAMIC_TYPE_TMP_BUFFER);
+#endif
+    return EXPECT_RESULT();
+}
+
+int test_mldsa_pkcs8_import_OpenSSL_form(void)
+{
+    EXPECT_DECLS;
+#if !defined(NO_ASN) && defined(HAVE_PKCS8) && \
+    defined(HAVE_DILITHIUM) && defined(WOLFSSL_WC_DILITHIUM) && \
+    !defined(WOLFSSL_DILITHIUM_NO_MAKE_KEY) && \
+    !defined(WOLFSSL_DILITHIUM_NO_SIGN) && \
+    !defined(WOLFSSL_DILITHIUM_NO_ASN1) && defined(WOLFSSL_ASN_TEMPLATE) && \
+    !defined(NO_TLS) && \
+    (!defined(NO_WOLFSSL_CLIENT) || !defined(NO_WOLFSSL_SERVER))
+
+    byte* der = NULL;
+    size_t derMaxSz = ML_DSA_LEVEL5_BOTH_KEY_DER_SIZE;
+    size_t derSz = 0;
+    WOLFSSL_CTX* ctx = NULL;
+    FILE* fp = NULL;
+#ifdef WOLFSSL_DER_TO_PEM
+    byte* pem = NULL;
+    size_t pemMaxSz = ML_DSA_LEVEL5_BOTH_KEY_PEM_SIZE;
+    size_t pemSz = 0;
+#endif /* WOLFSSL_DER_TO_PEM */
+
+    ExpectNotNull(der = (byte*) XMALLOC(derMaxSz, NULL,
+        DYNAMIC_TYPE_TMP_BUFFER));
+#ifdef WOLFSSL_DER_TO_PEM
+    ExpectNotNull(pem = (byte*) XMALLOC(pemMaxSz, NULL,
+        DYNAMIC_TYPE_TMP_BUFFER));
+#endif /* WOLFSSL_DER_TO_PEM */
+
+#ifndef NO_WOLFSSL_SERVER
+        ExpectNotNull(ctx = wolfSSL_CTX_new(wolfSSLv23_server_method()));
+#else
+        ExpectNotNull(ctx = wolfSSL_CTX_new(wolfSSLv23_client_method()));
+#endif /* NO_WOLFSSL_SERVER */
+
+    for (size_t i = 0; i < sizeof(ossl_form) / sizeof(ossl_form[0]); ++i) {
+        ExpectNotNull(fp = XFOPEN(ossl_form[i].fileName, "rb"));
+        ExpectIntGT(derSz = XFREAD(der, 1, derMaxSz, fp), 0);
+        ExpectIntEQ(XFCLOSE(fp), 0);
+
+        /* DER */
+        if (ossl_form[i].p8_nolv) {
+            ExpectIntEQ(wolfSSL_CTX_use_PrivateKey_buffer(ctx, der, derSz,
+                WOLFSSL_FILETYPE_ASN1), WOLFSSL_SUCCESS);
+        }
+        else {
+            ExpectIntEQ(wolfSSL_CTX_use_PrivateKey_buffer(ctx, der, derSz,
+                WOLFSSL_FILETYPE_ASN1), WOLFSSL_BAD_FILE);
+        }
+
+#ifdef WOLFSSL_DER_TO_PEM
+        /* PEM */
+        ExpectIntGT(pemSz = wc_DerToPem(der, (word32)derSz, pem,
+            (word32)pemMaxSz, PKCS8_PRIVATEKEY_TYPE), 0);
+        if (ossl_form[i].p8_nolv) {
+            ExpectIntEQ(wolfSSL_CTX_use_PrivateKey_buffer(ctx, pem, pemSz,
+                WOLFSSL_FILETYPE_PEM), WOLFSSL_SUCCESS);
+        }
+        else {
+            ExpectIntEQ(wolfSSL_CTX_use_PrivateKey_buffer(ctx, pem, pemSz,
+                WOLFSSL_FILETYPE_PEM), ASN_PARSE_E);
+        }
+#endif /* WOLFSSL_DER_TO_PEM */
+    }
+
+    wolfSSL_CTX_free(ctx);
+    XFREE(der, NULL, DYNAMIC_TYPE_TMP_BUFFER);
+#ifdef WOLFSSL_DER_TO_PEM
+    XFREE(pem, NULL, DYNAMIC_TYPE_TMP_BUFFER);
+#endif /* WOLFSSL_DER_TO_PEM */
+#endif
+    return EXPECT_RESULT();
+}
+
+int test_mldsa_pkcs8_export_import_wolfSSL_form(void)
 {
     EXPECT_DECLS;
 #if !defined(NO_ASN) && defined(HAVE_PKCS8) && \
@@ -16666,7 +16898,7 @@ int test_mldsa_pkcs8(void)
     (!defined(NO_WOLFSSL_CLIENT) || !defined(NO_WOLFSSL_SERVER)) && \
     !defined(WOLFSSL_DILITHIUM_NO_MAKE_KEY) && \
     !defined(WOLFSSL_DILITHIUM_NO_SIGN) && \
-    !defined(WOLFSSL_DILITHIUM_NO_ASN1)
+    !defined(WOLFSSL_DILITHIUM_NO_ASN1) && defined(WOLFSSL_ASN_TEMPLATE)
 
     WOLFSSL_CTX* ctx = NULL;
     size_t i;
@@ -16676,10 +16908,8 @@ int test_mldsa_pkcs8(void)
     byte* temp = NULL;  /* Store PEM or intermediate key */
     word32 derSz = 0;
     word32 pemSz = 0;
-    word32 keySz = 0;
     dilithium_key mldsa_key;
     WC_RNG rng;
-    word32 size;
     int ret;
 
     struct {
@@ -16746,43 +16976,6 @@ int test_mldsa_pkcs8(void)
         ExpectIntEQ(wolfSSL_CTX_use_PrivateKey_buffer(ctx, der, derSz,
             WOLFSSL_FILETYPE_ASN1), WOLFSSL_SUCCESS);
 
-#ifdef WOLFSSL_DER_TO_PEM
-        ExpectIntGT(pemSz = wc_DerToPem(der, derSz, temp, tempMaxSz,
-            PKCS8_PRIVATEKEY_TYPE), 0);
-        ExpectIntEQ(wolfSSL_CTX_use_PrivateKey_buffer(ctx, temp, pemSz,
-            WOLFSSL_FILETYPE_PEM), WOLFSSL_SUCCESS);
-#endif /* WOLFSSL_DER_TO_PEM */
-    }
-
-    /* Test private + public key (integrated format) */
-    for (i = 0; i < sizeof(test_variant) / sizeof(test_variant[0]); ++i) {
-        ExpectIntEQ(wc_dilithium_set_level(&mldsa_key, test_variant[i].wcId),
-            0);
-        ExpectIntEQ(wc_dilithium_make_key(&mldsa_key, &rng), 0);
-
-        if (EXPECT_FAIL())
-            break;
-
-        keySz = 0;
-        temp[0] = 0x04;  /* ASN.1 OCTET STRING */
-        temp[1] = 0x82;  /* 2 bytes length field */
-        temp[2] = (test_variant[i].keySz >> 8) & 0xff;  /* MSB of the length */
-        temp[3] = test_variant[i].keySz & 0xff;         /* LSB of the length */
-        keySz += 4;
-        size = tempMaxSz - keySz;
-        ExpectIntEQ(wc_dilithium_export_private(&mldsa_key, temp + keySz,
-            &size), 0);
-        keySz += size;
-        size = tempMaxSz - keySz;
-        ExpectIntEQ(wc_dilithium_export_public(&mldsa_key, temp + keySz, &size),
-            0);
-        keySz += size;
-        derSz = derMaxSz;
-        ExpectIntGT(wc_CreatePKCS8Key(der, &derSz, temp, keySz,
-            test_variant[i].oidSum, NULL, 0), 0);
-        ExpectIntEQ(wolfSSL_CTX_use_PrivateKey_buffer(ctx, der, derSz,
-            WOLFSSL_FILETYPE_ASN1), WOLFSSL_SUCCESS);
-
 #ifdef WOLFSSL_DER_TO_PEM
         ExpectIntGT(pemSz = wc_DerToPem(der, derSz, temp, tempMaxSz,
             PKCS8_PRIVATEKEY_TYPE), 0);
@@ -16820,7 +17013,10 @@ int test_mldsa_pkcs12(void)
     const word32 inKeyMaxSz = inKeyHeaderSz + DILITHIUM_MAX_PRV_KEY_SIZE;
     const word32 certConstSz = 412;
     const word32 inCertMaxSz =
-        certConstSz + DILITHIUM_MAX_SIG_SIZE + DILITHIUM_MAX_PUB_KEY_SIZE;
+        certConstSz + DILITHIUM_MAX_PUB_KEY_SIZE +
+        WOLFSSL_ASN_MAX_LENGTH_SZ + DILITHIUM_MAX_SIG_SIZE;
+        /* max signature size + ASN1 encoding */
+
     const word32 pkcs8HeaderSz = 24;
     WC_RNG rng;
     dilithium_key mldsa_key;
@@ -16913,7 +17109,7 @@ int test_mldsa_pkcs12(void)
         XSTRNCPY((char*)cert.beforeDate, "\x18\x0f""20250101000000Z",
             CTC_DATE_SIZE);
         cert.beforeDateSz = 17;
-        XSTRNCPY((char*)cert.afterDate, "\x18\x0f""20493112115959Z",
+        XSTRNCPY((char*)cert.afterDate, "\x18\x0f""20491231115959Z",
             CTC_DATE_SIZE);
         cert.afterDateSz = 17;
         cert.selfSigned = 1;
diff --git a/tests/api/test_mldsa.h b/tests/api/test_mldsa.h
index d1322e571..488c3a2b3 100644
--- a/tests/api/test_mldsa.h
+++ b/tests/api/test_mldsa.h
@@ -35,22 +35,26 @@ int test_wc_dilithium_der(void);
 int test_wc_dilithium_make_key_from_seed(void);
 int test_wc_dilithium_sig_kats(void);
 int test_wc_dilithium_verify_kats(void);
-int test_mldsa_pkcs8(void);
+int test_wc_Dilithium_PrivateKeyDecode_OpenSSL_form(void);
+int test_mldsa_pkcs8_import_OpenSSL_form(void);
+int test_mldsa_pkcs8_export_import_wolfSSL_form(void);
 int test_mldsa_pkcs12(void);
 
-#define TEST_MLDSA_DECLS                                            \
-    TEST_DECL_GROUP("mldsa", test_wc_dilithium),                    \
-    TEST_DECL_GROUP("mldsa", test_wc_dilithium_make_key),           \
-    TEST_DECL_GROUP("mldsa", test_wc_dilithium_sign),               \
-    TEST_DECL_GROUP("mldsa", test_wc_dilithium_verify),             \
-    TEST_DECL_GROUP("mldsa", test_wc_dilithium_sign_vfy),           \
-    TEST_DECL_GROUP("mldsa", test_wc_dilithium_check_key),          \
-    TEST_DECL_GROUP("mldsa", test_wc_dilithium_public_der_decode),  \
-    TEST_DECL_GROUP("mldsa", test_wc_dilithium_der),                \
-    TEST_DECL_GROUP("mldsa", test_wc_dilithium_make_key_from_seed), \
-    TEST_DECL_GROUP("mldsa", test_wc_dilithium_sig_kats),           \
-    TEST_DECL_GROUP("mldsa", test_wc_dilithium_verify_kats),        \
-    TEST_DECL_GROUP("mldsa", test_mldsa_pkcs8),                     \
+#define TEST_MLDSA_DECLS                                                       \
+    TEST_DECL_GROUP("mldsa", test_wc_dilithium),                               \
+    TEST_DECL_GROUP("mldsa", test_wc_dilithium_make_key),                      \
+    TEST_DECL_GROUP("mldsa", test_wc_dilithium_sign),                          \
+    TEST_DECL_GROUP("mldsa", test_wc_dilithium_verify),                        \
+    TEST_DECL_GROUP("mldsa", test_wc_dilithium_sign_vfy),                      \
+    TEST_DECL_GROUP("mldsa", test_wc_dilithium_check_key),                     \
+    TEST_DECL_GROUP("mldsa", test_wc_dilithium_public_der_decode),             \
+    TEST_DECL_GROUP("mldsa", test_wc_dilithium_der),                           \
+    TEST_DECL_GROUP("mldsa", test_wc_dilithium_make_key_from_seed),            \
+    TEST_DECL_GROUP("mldsa", test_wc_dilithium_sig_kats),                      \
+    TEST_DECL_GROUP("mldsa", test_wc_dilithium_verify_kats),                   \
+    TEST_DECL_GROUP("mldsa", test_wc_Dilithium_PrivateKeyDecode_OpenSSL_form), \
+    TEST_DECL_GROUP("mldsa", test_mldsa_pkcs8_import_OpenSSL_form),            \
+    TEST_DECL_GROUP("mldsa", test_mldsa_pkcs8_export_import_wolfSSL_form),     \
     TEST_DECL_GROUP("mldsa", test_mldsa_pkcs12)
 
 #endif /* WOLFCRYPT_TEST_MLDSA_H */
diff --git a/tests/api/test_ossl_asn1.c b/tests/api/test_ossl_asn1.c
new file mode 100644
index 000000000..4edf0ca00
--- /dev/null
+++ b/tests/api/test_ossl_asn1.c
@@ -0,0 +1,2784 @@
+/* test_ossl_asn1.c
+ *
+ * Copyright (C) 2006-2025 wolfSSL Inc.
+ *
+ * This file is part of wolfSSL.
+ *
+ * wolfSSL is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * wolfSSL is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA
+ */
+
+#include <tests/unit.h>
+
+#ifdef NO_INLINE
+    #include <wolfssl/wolfcrypt/misc.h>
+#else
+    #define WOLFSSL_MISC_INCLUDED
+    #include <wolfcrypt/src/misc.c>
+#endif
+
+#include <wolfssl/openssl/asn1.h>
+#include <wolfssl/openssl/x509v3.h>
+#include <wolfssl/internal.h>
+#include <wolfssl/wolfcrypt/types.h>
+#include <tests/api/api.h>
+#include <tests/api/test_ossl_asn1.h>
+
+/*******************************************************************************
+ * ASN.1 OpenSSL compatibility API Testing
+ ******************************************************************************/
+
+int test_wolfSSL_ASN1_BIT_STRING(void)
+{
+    EXPECT_DECLS;
+#if !defined(NO_CERTS) && defined(OPENSSL_ALL)
+    ASN1_BIT_STRING* str = NULL;
+    ASN1_BIT_STRING* str2 = NULL;
+    unsigned char* der = NULL;
+
+    ExpectNotNull(str = ASN1_BIT_STRING_new());
+    /* Empty data testing. */
+    ExpectIntEQ(ASN1_BIT_STRING_get_bit(str, 1), 0);
+    ASN1_BIT_STRING_free(str);
+    str = NULL;
+
+    ExpectNotNull(str = ASN1_BIT_STRING_new());
+
+    /* Invalid parameter testing. */
+    ExpectIntEQ(ASN1_BIT_STRING_set_bit(NULL, 42, 1), 0);
+    ExpectIntEQ(ASN1_BIT_STRING_set_bit(str, -1, 1), 0);
+    ExpectIntEQ(ASN1_BIT_STRING_set_bit(str, 42, 2), 0);
+    ExpectIntEQ(ASN1_BIT_STRING_set_bit(str, 42, -1), 0);
+
+    /* No bit string - bit is always 0. */
+    ExpectIntEQ(ASN1_BIT_STRING_get_bit(NULL, 42), 0);
+    ExpectIntEQ(ASN1_BIT_STRING_get_bit(NULL, -1), 0);
+    ExpectIntEQ(ASN1_BIT_STRING_get_bit(str, -1), 0);
+    ExpectIntEQ(ASN1_BIT_STRING_get_bit(str, 0), 0);
+
+    ExpectIntEQ(ASN1_BIT_STRING_set_bit(str, 42, 1), 1);
+    ExpectIntEQ(ASN1_BIT_STRING_get_bit(str, 42), 1);
+    ExpectIntEQ(ASN1_BIT_STRING_get_bit(str, 41), 0);
+    ExpectIntEQ(ASN1_BIT_STRING_get_bit(str, -1), 0);
+    ExpectIntEQ(ASN1_BIT_STRING_set_bit(str, 84, 1), 1);
+    ExpectIntEQ(ASN1_BIT_STRING_get_bit(str, 84), 1);
+    ExpectIntEQ(ASN1_BIT_STRING_get_bit(str, 83), 0);
+    ExpectIntEQ(ASN1_BIT_STRING_set_bit(str, 91, 0), 1);
+    ExpectIntEQ(ASN1_BIT_STRING_get_bit(str, 91), 0);
+    ExpectIntEQ(ASN1_BIT_STRING_set_bit(str, 89, 0), 1);
+    ExpectIntEQ(ASN1_BIT_STRING_get_bit(str, 89), 0);
+    ExpectIntEQ(ASN1_BIT_STRING_set_bit(str, 42, 0), 1);
+    ExpectIntEQ(ASN1_BIT_STRING_get_bit(str, 42), 0);
+
+    ExpectIntEQ(i2d_ASN1_BIT_STRING(str, NULL), 14);
+    ExpectIntEQ(i2d_ASN1_BIT_STRING(str, &der), 14);
+#ifdef WOLFSSL_ASN_TEMPLATE
+    {
+        const unsigned char* tmp = der;
+        ExpectNotNull(d2i_ASN1_BIT_STRING(&str2, &tmp, 14));
+    }
+#endif
+
+    ASN1_BIT_STRING_free(str);
+    ASN1_BIT_STRING_free(str2);
+    ASN1_BIT_STRING_free(NULL);
+    XFREE(der, NULL, DYNAMIC_TYPE_ASN1);
+#endif
+    return EXPECT_RESULT();
+}
+
+int test_wolfSSL_ASN1_INTEGER(void)
+{
+    EXPECT_DECLS;
+#if defined(OPENSSL_EXTRA) && !defined(NO_ASN)
+    ASN1_INTEGER* a = NULL;
+    ASN1_INTEGER* dup = NULL;
+    const unsigned char invalidLenDer[] = {
+        0x02, 0x20, 0x00
+    };
+    const unsigned char longDer[] = {
+        0x02, 0x20,
+            0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08,
+            0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08,
+            0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08,
+            0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08
+    };
+    const unsigned char* p;
+
+    /* Invalid parameter testing. */
+    ASN1_INTEGER_free(NULL);
+    ExpectNull(wolfSSL_ASN1_INTEGER_dup(NULL));
+
+    ExpectNotNull(a = ASN1_INTEGER_new());
+    ExpectNotNull(dup = wolfSSL_ASN1_INTEGER_dup(a));
+    ASN1_INTEGER_free(dup);
+    dup = NULL;
+    ASN1_INTEGER_free(a);
+    a = NULL;
+
+    p = invalidLenDer;
+    ExpectNull(d2i_ASN1_INTEGER(NULL, &p, sizeof(invalidLenDer)));
+
+    p = longDer;
+    ExpectNotNull(a = d2i_ASN1_INTEGER(NULL, &p, sizeof(longDer)));
+    ExpectPtrNE(p, longDer);
+    ExpectNotNull(dup = wolfSSL_ASN1_INTEGER_dup(a));
+    ASN1_INTEGER_free(dup);
+    ASN1_INTEGER_free(a);
+#endif
+    return EXPECT_RESULT();
+}
+
+int test_wolfSSL_ASN1_INTEGER_cmp(void)
+{
+    EXPECT_DECLS;
+#if defined(OPENSSL_EXTRA) && !defined(NO_ASN)
+    ASN1_INTEGER* a = NULL;
+    ASN1_INTEGER* b = NULL;
+
+    ExpectNotNull(a = ASN1_INTEGER_new());
+    ExpectNotNull(b = ASN1_INTEGER_new());
+    ExpectIntEQ(ASN1_INTEGER_set(a, 1), 1);
+    ExpectIntEQ(ASN1_INTEGER_set(b, 1), 1);
+
+    /* Invalid parameter testing. */
+    ExpectIntEQ(wolfSSL_ASN1_INTEGER_cmp(NULL, NULL), -1);
+    ExpectIntEQ(wolfSSL_ASN1_INTEGER_cmp(a, NULL), -1);
+    ExpectIntEQ(wolfSSL_ASN1_INTEGER_cmp(NULL, b), -1);
+
+    ExpectIntEQ(wolfSSL_ASN1_INTEGER_cmp(a, b), 0);
+    ExpectIntEQ(ASN1_INTEGER_set(b, -1), 1);
+    ExpectIntGT(wolfSSL_ASN1_INTEGER_cmp(a, b), 0);
+    ExpectIntEQ(ASN1_INTEGER_set(a, -2), 1);
+    ExpectIntLT(wolfSSL_ASN1_INTEGER_cmp(a, b), 0);
+    ExpectIntEQ(ASN1_INTEGER_set(b, 1), 1);
+    ExpectIntLT(wolfSSL_ASN1_INTEGER_cmp(a, b), 0);
+    ExpectIntEQ(ASN1_INTEGER_set(a, 0x01), 1);
+    ExpectIntEQ(ASN1_INTEGER_set(b, 0x1000), 1);
+    ExpectIntLT(wolfSSL_ASN1_INTEGER_cmp(a, b), 0);
+    ExpectIntGT(wolfSSL_ASN1_INTEGER_cmp(b, a), 0);
+
+    ASN1_INTEGER_free(b);
+    ASN1_INTEGER_free(a);
+#endif
+    return EXPECT_RESULT();
+}
+
+int test_wolfSSL_ASN1_INTEGER_BN(void)
+{
+    EXPECT_DECLS;
+#if defined(OPENSSL_EXTRA) && !defined(NO_ASN)
+    ASN1_INTEGER* ai = NULL;
+    ASN1_INTEGER* ai2 = NULL;
+    BIGNUM* bn = NULL;
+    BIGNUM* bn2 = NULL;
+
+    ExpectNotNull(ai = ASN1_INTEGER_new());
+    ExpectNotNull(bn2 = BN_new());
+
+    /* Invalid parameter testing. */
+    ExpectNull(bn = ASN1_INTEGER_to_BN(NULL, NULL));
+    ExpectNull(ai2 = BN_to_ASN1_INTEGER(NULL, NULL));
+
+    /* at the moment hard setting since no set function */
+    if (ai != NULL) {
+        ai->data[0] = 0xff; /* No DER encoding. */
+        ai->length = 1;
+    }
+#if defined(WOLFSSL_QT) || defined(WOLFSSL_HAPROXY)
+    ExpectNotNull(bn = ASN1_INTEGER_to_BN(ai, NULL));
+    BN_free(bn);
+    bn = NULL;
+#else
+    ExpectNull(ASN1_INTEGER_to_BN(ai, NULL));
+#endif
+
+    if (ai != NULL) {
+        ai->data[0] = 0x02; /* tag for ASN_INTEGER */
+        ai->data[1] = 0x04; /* bad length of integer */
+        ai->data[2] = 0x03;
+        ai->length = 3;
+    }
+#if defined(WOLFSSL_QT) || defined(WOLFSSL_HAPROXY)
+    /* Interpreted as a number 0x020403. */
+    ExpectNotNull(bn = ASN1_INTEGER_to_BN(ai, NULL));
+    BN_free(bn);
+    bn = NULL;
+#else
+    ExpectNull(ASN1_INTEGER_to_BN(ai, NULL));
+#endif
+
+    if (ai != NULL) {
+        ai->data[0] = 0x02; /* tag for ASN_INTEGER */
+        ai->data[1] = 0x01; /* length of integer */
+        ai->data[2] = 0x03;
+        ai->length = 3;
+    }
+    ExpectNotNull(bn = ASN1_INTEGER_to_BN(ai, NULL));
+    ExpectNotNull(ai2 = BN_to_ASN1_INTEGER(bn, NULL));
+    ExpectIntEQ(ASN1_INTEGER_cmp(ai, ai2), 0);
+    ExpectNotNull(bn2 = ASN1_INTEGER_to_BN(ai2, bn2));
+    ExpectIntEQ(BN_cmp(bn, bn2), 0);
+
+    if (ai != NULL) {
+        ai->data[0] = 0x02; /* tag for ASN_INTEGER */
+        ai->data[1] = 0x02; /* length of integer */
+        ai->data[2] = 0x00; /* padding byte to ensure positive */
+        ai->data[3] = 0xff;
+        ai->length = 4;
+    }
+    ExpectNotNull(bn = ASN1_INTEGER_to_BN(ai, bn));
+    ExpectNotNull(ai2 = BN_to_ASN1_INTEGER(bn, ai2));
+    ExpectIntEQ(ASN1_INTEGER_cmp(ai, ai2), 0);
+    ExpectNotNull(bn2 = ASN1_INTEGER_to_BN(ai2, bn2));
+    ExpectIntEQ(BN_cmp(bn, bn2), 0);
+
+    if (ai != NULL) {
+        ai->data[0] = 0x02; /* tag for ASN_INTEGER */
+        ai->data[1] = 0x01; /* length of integer */
+        ai->data[2] = 0x00;
+        ai->length = 3;
+    }
+    ExpectNotNull(bn = ASN1_INTEGER_to_BN(ai, bn));
+    ExpectNotNull(ai2 = BN_to_ASN1_INTEGER(bn, ai2));
+    ExpectIntEQ(ASN1_INTEGER_cmp(ai, ai2), 0);
+    ExpectNotNull(bn2 = ASN1_INTEGER_to_BN(ai2, bn2));
+    ExpectIntEQ(BN_cmp(bn, bn2), 0);
+
+    if (ai != NULL) {
+        ai->data[0] = 0x02; /* tag for ASN_INTEGER */
+        ai->data[1] = 0x01; /* length of integer */
+        ai->data[2] = 0x01;
+        ai->length = 3;
+        ai->negative = 1;
+    }
+    ExpectNotNull(bn = ASN1_INTEGER_to_BN(ai, bn));
+    ExpectNotNull(ai2 = BN_to_ASN1_INTEGER(bn, ai2));
+    ExpectIntEQ(ASN1_INTEGER_cmp(ai, ai2), 0);
+    ExpectNotNull(bn2 = ASN1_INTEGER_to_BN(ai2, bn2));
+    ExpectIntEQ(BN_cmp(bn, bn2), 0);
+
+    BN_free(bn2);
+    BN_free(bn);
+    ASN1_INTEGER_free(ai2);
+    ASN1_INTEGER_free(ai);
+#endif
+    return EXPECT_RESULT();
+}
+
+int test_wolfSSL_ASN1_INTEGER_get_set(void)
+{
+    EXPECT_DECLS;
+#if defined(OPENSSL_EXTRA) && !defined(NO_ASN)
+    ASN1_INTEGER *a = NULL;
+    long val;
+
+    ExpectNotNull(a = ASN1_INTEGER_new());
+    /* Invalid parameter testing. */
+    ExpectIntEQ(ASN1_INTEGER_get(NULL), 0);
+#if defined(WOLFSSL_QT) || defined(WOLFSSL_HAPROXY)
+    ExpectIntEQ(ASN1_INTEGER_get(a), 0);
+#else
+    ExpectIntEQ(ASN1_INTEGER_get(a), -1);
+#endif
+    ASN1_INTEGER_free(a);
+    a = NULL;
+
+    ExpectNotNull(a = ASN1_INTEGER_new());
+    val = 0;
+    ExpectIntEQ(ASN1_INTEGER_set(NULL, val), 0);
+    ASN1_INTEGER_free(a);
+    a = NULL;
+
+    /* 0 */
+    ExpectNotNull(a = ASN1_INTEGER_new());
+    val = 0;
+    ExpectIntEQ(ASN1_INTEGER_set(a, val), 1);
+    ExpectTrue(ASN1_INTEGER_get(a) == val);
+    ASN1_INTEGER_free(a);
+    a = NULL;
+
+    /* 40 */
+    ExpectNotNull(a = ASN1_INTEGER_new());
+    val = 40;
+    ExpectIntEQ(ASN1_INTEGER_set(a, val), 1);
+    ExpectTrue(ASN1_INTEGER_get(a) == val);
+    ASN1_INTEGER_free(a);
+    a = NULL;
+
+    /* -40 */
+    ExpectNotNull(a = ASN1_INTEGER_new());
+    val = -40;
+    ExpectIntEQ(ASN1_INTEGER_set(a, val), 1);
+    ExpectTrue(ASN1_INTEGER_get(a) == val);
+    ASN1_INTEGER_free(a);
+    a = NULL;
+
+    /* 128 */
+    ExpectNotNull(a = ASN1_INTEGER_new());
+    val = 128;
+    ExpectIntEQ(ASN1_INTEGER_set(a, val), 1);
+    ExpectTrue(ASN1_INTEGER_get(a) == val);
+    ASN1_INTEGER_free(a);
+    a = NULL;
+
+    /* -128 */
+    ExpectNotNull(a = ASN1_INTEGER_new());
+    val = -128;
+    ExpectIntEQ(ASN1_INTEGER_set(a, val), 1);
+    ExpectTrue(ASN1_INTEGER_get(a) == val);
+    ASN1_INTEGER_free(a);
+    a = NULL;
+
+    /* 200 */
+    ExpectNotNull(a = ASN1_INTEGER_new());
+    val = 200;
+    ExpectIntEQ(ASN1_INTEGER_set(a, val), 1);
+    ExpectTrue(ASN1_INTEGER_get(a) == val);
+    ASN1_INTEGER_free(a);
+    a = NULL;
+
+    /* int max (2147483647) */
+    ExpectNotNull(a = ASN1_INTEGER_new());
+    val = 2147483647;
+    ExpectIntEQ(ASN1_INTEGER_set(a, val), 1);
+    ExpectTrue(ASN1_INTEGER_get(a) == val);
+    ASN1_INTEGER_free(a);
+    a = NULL;
+
+    /* int min (-2147483648) */
+    ExpectNotNull(a = ASN1_INTEGER_new());
+    val = -2147483647 - 1;
+    ExpectIntEQ(ASN1_INTEGER_set(a, val), 1);
+    ExpectTrue(ASN1_INTEGER_get(a) == val);
+    ASN1_INTEGER_free(a);
+    a = NULL;
+
+    /* long max positive */
+    ExpectNotNull(a = ASN1_INTEGER_new());
+    val = (long)(((unsigned long)-1) >> 1);
+    ExpectIntEQ(ASN1_INTEGER_set(a, val), 1);
+    ExpectTrue(ASN1_INTEGER_get(a) == val);
+    ASN1_INTEGER_free(a);
+#endif
+    return EXPECT_RESULT();
+}
+
+#if defined(OPENSSL_EXTRA)
+typedef struct ASN1IntTestVector {
+    const byte* der;
+    const size_t derSz;
+    const long value;
+} ASN1IntTestVector;
+#endif
+int test_wolfSSL_d2i_ASN1_INTEGER(void)
+{
+    EXPECT_DECLS;
+#if defined(OPENSSL_EXTRA)
+    size_t i;
+    WOLFSSL_ASN1_INTEGER* a = NULL;
+    WOLFSSL_ASN1_INTEGER* b = NULL;
+    WOLFSSL_ASN1_INTEGER* c = NULL;
+    const byte* p = NULL;
+    byte* p2 = NULL;
+    byte* reEncoded = NULL;
+    int reEncodedSz = 0;
+
+    static const byte zeroDer[] = {
+        0x02, 0x01, 0x00
+    };
+    static const byte oneDer[] = {
+        0x02, 0x01, 0x01
+    };
+    static const byte negativeDer[] = {
+        0x02, 0x03, 0xC1, 0x16, 0x0D
+    };
+    static const byte positiveDer[] = {
+        0x02, 0x03, 0x01, 0x00, 0x01
+    };
+    static const byte primeDer[] = {
+        0x02, 0x82, 0x01, 0x01, 0x00, 0xc0, 0x95, 0x08, 0xe1, 0x57, 0x41,
+        0xf2, 0x71, 0x6d, 0xb7, 0xd2, 0x45, 0x41, 0x27, 0x01, 0x65, 0xc6,
+        0x45, 0xae, 0xf2, 0xbc, 0x24, 0x30, 0xb8, 0x95, 0xce, 0x2f, 0x4e,
+        0xd6, 0xf6, 0x1c, 0x88, 0xbc, 0x7c, 0x9f, 0xfb, 0xa8, 0x67, 0x7f,
+        0xfe, 0x5c, 0x9c, 0x51, 0x75, 0xf7, 0x8a, 0xca, 0x07, 0xe7, 0x35,
+        0x2f, 0x8f, 0xe1, 0xbd, 0x7b, 0xc0, 0x2f, 0x7c, 0xab, 0x64, 0xa8,
+        0x17, 0xfc, 0xca, 0x5d, 0x7b, 0xba, 0xe0, 0x21, 0xe5, 0x72, 0x2e,
+        0x6f, 0x2e, 0x86, 0xd8, 0x95, 0x73, 0xda, 0xac, 0x1b, 0x53, 0xb9,
+        0x5f, 0x3f, 0xd7, 0x19, 0x0d, 0x25, 0x4f, 0xe1, 0x63, 0x63, 0x51,
+        0x8b, 0x0b, 0x64, 0x3f, 0xad, 0x43, 0xb8, 0xa5, 0x1c, 0x5c, 0x34,
+        0xb3, 0xae, 0x00, 0xa0, 0x63, 0xc5, 0xf6, 0x7f, 0x0b, 0x59, 0x68,
+        0x78, 0x73, 0xa6, 0x8c, 0x18, 0xa9, 0x02, 0x6d, 0xaf, 0xc3, 0x19,
+        0x01, 0x2e, 0xb8, 0x10, 0xe3, 0xc6, 0xcc, 0x40, 0xb4, 0x69, 0xa3,
+        0x46, 0x33, 0x69, 0x87, 0x6e, 0xc4, 0xbb, 0x17, 0xa6, 0xf3, 0xe8,
+        0xdd, 0xad, 0x73, 0xbc, 0x7b, 0x2f, 0x21, 0xb5, 0xfd, 0x66, 0x51,
+        0x0c, 0xbd, 0x54, 0xb3, 0xe1, 0x6d, 0x5f, 0x1c, 0xbc, 0x23, 0x73,
+        0xd1, 0x09, 0x03, 0x89, 0x14, 0xd2, 0x10, 0xb9, 0x64, 0xc3, 0x2a,
+        0xd0, 0xa1, 0x96, 0x4a, 0xbc, 0xe1, 0xd4, 0x1a, 0x5b, 0xc7, 0xa0,
+        0xc0, 0xc1, 0x63, 0x78, 0x0f, 0x44, 0x37, 0x30, 0x32, 0x96, 0x80,
+        0x32, 0x23, 0x95, 0xa1, 0x77, 0xba, 0x13, 0xd2, 0x97, 0x73, 0xe2,
+        0x5d, 0x25, 0xc9, 0x6a, 0x0d, 0xc3, 0x39, 0x60, 0xa4, 0xb4, 0xb0,
+        0x69, 0x42, 0x42, 0x09, 0xe9, 0xd8, 0x08, 0xbc, 0x33, 0x20, 0xb3,
+        0x58, 0x22, 0xa7, 0xaa, 0xeb, 0xc4, 0xe1, 0xe6, 0x61, 0x83, 0xc5,
+        0xd2, 0x96, 0xdf, 0xd9, 0xd0, 0x4f, 0xad, 0xd7
+    };
+    static const byte garbageDer[] = {0xDE, 0xAD, 0xBE, 0xEF};
+
+    static const ASN1IntTestVector testVectors[] = {
+        {zeroDer, sizeof(zeroDer), 0},
+        {oneDer, sizeof(oneDer), 1},
+        {negativeDer, sizeof(negativeDer), -4123123},
+        {positiveDer, sizeof(positiveDer), 65537},
+        {primeDer, sizeof(primeDer), 0}
+    };
+    static const size_t NUM_TEST_VECTORS =
+        sizeof(testVectors)/sizeof(testVectors[0]);
+
+    /* Check d2i error conditions */
+    /* NULL pointer to input. */
+    ExpectNull((a = wolfSSL_d2i_ASN1_INTEGER(&b, NULL, 1)));
+    ExpectNull(b);
+    /* NULL input. */
+    ExpectNull((a = wolfSSL_d2i_ASN1_INTEGER(&b, &p, 1)));
+    ExpectNull(b);
+    /* 0 length. */
+    p = testVectors[0].der;
+    ExpectNull((a = wolfSSL_d2i_ASN1_INTEGER(&b, &p, 0)));
+    ExpectNull(b);
+    /* Negative length. */
+    p = testVectors[0].der;
+    ExpectNull((a = wolfSSL_d2i_ASN1_INTEGER(&b, &p, -1)));
+    ExpectNull(b);
+    /* Garbage DER input. */
+    p = garbageDer;
+    ExpectNull((a = wolfSSL_d2i_ASN1_INTEGER(&b, &p, sizeof(garbageDer))));
+    ExpectNull(b);
+
+    /* Check i2d error conditions */
+    /* NULL input. */
+    ExpectIntLT(wolfSSL_i2d_ASN1_INTEGER(NULL, &p2), 0);
+    /* 0 length input data buffer (a->length == 0). */
+    ExpectNotNull((a = wolfSSL_ASN1_INTEGER_new()));
+    ExpectIntLT(wolfSSL_i2d_ASN1_INTEGER(a, &p2), 0);
+    if (a != NULL)
+        a->data = NULL;
+    /* NULL input data buffer. */
+    ExpectIntLT(wolfSSL_i2d_ASN1_INTEGER(a, &p2), 0);
+    if (a != NULL) {
+        /* Reset a->data. */
+        a->isDynamic = 0;
+        a->data = a->intData;
+    }
+    /* Reset p2 to NULL. */
+    XFREE(p2, NULL, DYNAMIC_TYPE_ASN1);
+
+    /* Set a to valid value. */
+    ExpectIntEQ(wolfSSL_ASN1_INTEGER_set(a, 1), WOLFSSL_SUCCESS);
+    /* NULL output buffer. */
+    ExpectIntEQ(wolfSSL_i2d_ASN1_INTEGER(a, NULL), 3);
+    wolfSSL_ASN1_INTEGER_free(a);
+    a = NULL;
+
+    for (i = 0; i < NUM_TEST_VECTORS; ++i) {
+        p = testVectors[i].der;
+        ExpectNotNull(a = wolfSSL_d2i_ASN1_INTEGER(&b, &p,
+            testVectors[i].derSz));
+        ExpectIntEQ(wolfSSL_ASN1_INTEGER_cmp(a, b), 0);
+
+        if (testVectors[i].derSz <= sizeof(long)) {
+            ExpectNotNull(c = wolfSSL_ASN1_INTEGER_new());
+            ExpectIntEQ(wolfSSL_ASN1_INTEGER_set(c, testVectors[i].value), 1);
+            ExpectIntEQ(wolfSSL_ASN1_INTEGER_cmp(a, c), 0);
+            wolfSSL_ASN1_INTEGER_free(c);
+            c = NULL;
+        }
+
+        /* Convert to DER without a pre-allocated output buffer. */
+        ExpectIntGT((reEncodedSz = wolfSSL_i2d_ASN1_INTEGER(a, &reEncoded)), 0);
+        ExpectIntEQ(reEncodedSz, testVectors[i].derSz);
+        ExpectIntEQ(XMEMCMP(reEncoded, testVectors[i].der, reEncodedSz), 0);
+
+        /* Convert to DER with a pre-allocated output buffer. In this case, the
+         * output buffer pointer should be incremented just past the end of the
+         * encoded data. */
+        p2 = reEncoded;
+        ExpectIntGT((reEncodedSz = wolfSSL_i2d_ASN1_INTEGER(a, &p2)), 0);
+        ExpectIntEQ(reEncodedSz, testVectors[i].derSz);
+        ExpectPtrEq(reEncoded, p2 - reEncodedSz);
+        ExpectIntEQ(XMEMCMP(reEncoded, testVectors[i].der, reEncodedSz), 0);
+
+        XFREE(reEncoded, NULL, DYNAMIC_TYPE_ASN1);
+        reEncoded = NULL;
+        wolfSSL_ASN1_INTEGER_free(a);
+        a = NULL;
+    }
+#endif /* OPENSSL_EXTRA */
+    return EXPECT_RESULT();
+}
+
+int test_wolfSSL_a2i_ASN1_INTEGER(void)
+{
+    EXPECT_DECLS;
+#if defined(OPENSSL_EXTRA) && !defined(NO_BIO)
+    BIO* bio = NULL;
+    BIO* out = NULL;
+    BIO* fixed = NULL;
+    ASN1_INTEGER* ai = NULL;
+    char buf[] = "123456\n12345\n1123456789123456\\\n78901234567890 \r\n\n";
+    char tmp[1024];
+    int  tmpSz;
+
+    const char expected1[] = "123456";
+    const char expected2[] = "112345678912345678901234567890";
+    char longStr[] = "123456781234567812345678123456781234567812345678\n"
+        "123456781234567812345678123456781234567812345678\\\n12345678\n";
+
+    ExpectNotNull(out = BIO_new(BIO_s_mem()));
+    ExpectNotNull(ai = ASN1_INTEGER_new());
+
+    ExpectNotNull(bio = BIO_new_mem_buf(buf, -1));
+
+    /* Invalid parameter testing. */
+    ExpectIntEQ(a2i_ASN1_INTEGER(NULL, NULL, NULL, -1), 0);
+    ExpectIntEQ(a2i_ASN1_INTEGER(bio, NULL, NULL, -1), 0);
+    ExpectIntEQ(a2i_ASN1_INTEGER(NULL, ai, NULL, -1), 0);
+    ExpectIntEQ(a2i_ASN1_INTEGER(NULL, NULL, tmp, -1), 0);
+    ExpectIntEQ(a2i_ASN1_INTEGER(NULL, NULL, NULL, sizeof(tmp)), 0);
+    ExpectIntEQ(a2i_ASN1_INTEGER(NULL, ai, tmp, sizeof(tmp)), 0);
+    ExpectIntEQ(a2i_ASN1_INTEGER(bio, NULL, tmp, sizeof(tmp)), 0);
+    ExpectIntEQ(a2i_ASN1_INTEGER(bio, ai, NULL, sizeof(tmp)), 0);
+    ExpectIntEQ(a2i_ASN1_INTEGER(bio, ai, tmp, -1), 0);
+    ExpectIntEQ(i2a_ASN1_INTEGER(NULL, NULL), 0);
+    ExpectIntEQ(i2a_ASN1_INTEGER(bio, NULL), 0);
+    ExpectIntEQ(i2a_ASN1_INTEGER(NULL, ai), 0);
+
+    /* No data to read from BIO. */
+    ExpectIntEQ(a2i_ASN1_INTEGER(out, ai, tmp, sizeof(tmp)), 0);
+
+    /* read first line */
+    ExpectIntEQ(a2i_ASN1_INTEGER(bio, ai, tmp, sizeof(tmp)), 1);
+    ExpectIntEQ(i2a_ASN1_INTEGER(out, ai), 6);
+    XMEMSET(tmp, 0, sizeof(tmp));
+    tmpSz = BIO_read(out, tmp, sizeof(tmp));
+    ExpectIntEQ(tmpSz, 6);
+    ExpectIntEQ(XMEMCMP(tmp, expected1, tmpSz), 0);
+
+    /* fail on second line (not % 2) */
+    ExpectIntEQ(a2i_ASN1_INTEGER(bio, ai, tmp, sizeof(tmp)), 0);
+
+    /* read 3rd long line */
+    ExpectIntEQ(a2i_ASN1_INTEGER(bio, ai, tmp, sizeof(tmp)), 1);
+    ExpectIntEQ(i2a_ASN1_INTEGER(out, ai), 30);
+    XMEMSET(tmp, 0, sizeof(tmp));
+    tmpSz = BIO_read(out, tmp, sizeof(tmp));
+    ExpectIntEQ(tmpSz, 30);
+    ExpectIntEQ(XMEMCMP(tmp, expected2, tmpSz), 0);
+
+    /* fail on empty line */
+    ExpectIntEQ(a2i_ASN1_INTEGER(bio, ai, tmp, sizeof(tmp)), 0);
+
+    BIO_free(bio);
+    bio = NULL;
+
+    /* Make long integer, requiring dynamic memory, even longer. */
+    ExpectNotNull(bio = BIO_new_mem_buf(longStr, -1));
+    ExpectIntEQ(a2i_ASN1_INTEGER(bio, ai, tmp, sizeof(tmp)), 1);
+    ExpectIntEQ(i2a_ASN1_INTEGER(out, ai), 48);
+    XMEMSET(tmp, 0, sizeof(tmp));
+    tmpSz = BIO_read(out, tmp, sizeof(tmp));
+    ExpectIntEQ(tmpSz, 48);
+    ExpectIntEQ(a2i_ASN1_INTEGER(bio, ai, tmp, sizeof(tmp)), 1);
+    ExpectIntEQ(i2a_ASN1_INTEGER(out, ai), 56);
+    XMEMSET(tmp, 0, sizeof(tmp));
+    tmpSz = BIO_read(out, tmp, sizeof(tmp));
+    ExpectIntEQ(tmpSz, 56);
+    ExpectIntEQ(wolfSSL_ASN1_INTEGER_set(ai, 1), 1);
+    BIO_free(bio);
+    BIO_free(out);
+
+    ExpectNotNull(fixed = BIO_new(wolfSSL_BIO_s_fixed_mem()));
+    ExpectIntEQ(BIO_set_write_buf_size(fixed, 1), 1);
+    /* Ensure there is 0 bytes available to write into. */
+    ExpectIntEQ(BIO_write(fixed, tmp, 1), 1);
+    ExpectIntEQ(i2a_ASN1_INTEGER(fixed, ai), 0);
+    ExpectIntEQ(BIO_set_write_buf_size(fixed, 1), 1);
+    ExpectIntEQ(i2a_ASN1_INTEGER(fixed, ai), 0);
+    BIO_free(fixed);
+
+    ASN1_INTEGER_free(ai);
+#endif
+    return EXPECT_RESULT();
+}
+
+int test_wolfSSL_i2c_ASN1_INTEGER(void)
+{
+    EXPECT_DECLS;
+#if defined(OPENSSL_EXTRA) && !defined(NO_ASN)
+    ASN1_INTEGER *a = NULL;
+    unsigned char *pp = NULL,*tpp = NULL;
+    int ret = 0;
+
+    ExpectNotNull(a = wolfSSL_ASN1_INTEGER_new());
+
+    /* Invalid parameter testing. */
+    /* Set pp to an invalid value. */
+    pp = NULL;
+    ExpectIntEQ(i2c_ASN1_INTEGER(NULL, &pp), 0);
+    ExpectIntEQ(i2c_ASN1_INTEGER(a, &pp), 0);
+    ExpectIntEQ(i2c_ASN1_INTEGER(NULL, NULL), 0);
+
+    /* 40 */
+    if (a != NULL) {
+        a->intData[0] = ASN_INTEGER;
+        a->intData[1] = 1;
+        a->intData[2] = 40;
+    }
+    ExpectIntEQ(ret = i2c_ASN1_INTEGER(a, NULL), 1);
+    ExpectNotNull(pp = (unsigned char*)XMALLOC(ret + 1, NULL,
+                DYNAMIC_TYPE_TMP_BUFFER));
+    tpp = pp;
+    if (tpp != NULL) {
+        ExpectNotNull(XMEMSET(tpp, 0, ret + 1));
+        ExpectIntEQ(i2c_ASN1_INTEGER(a, &tpp), 1);
+        tpp--;
+        ExpectIntEQ(*tpp, 40);
+    }
+    XFREE(pp, NULL, DYNAMIC_TYPE_TMP_BUFFER);
+    pp = NULL;
+
+    /* 128 */
+    if (a != NULL) {
+        a->intData[0] = ASN_INTEGER;
+        a->intData[1] = 1;
+        a->intData[2] = 128;
+    }
+    ExpectIntEQ(ret = i2c_ASN1_INTEGER(a, NULL), 2);
+    ExpectNotNull(pp = (unsigned char*)XMALLOC(ret + 1, NULL,
+                DYNAMIC_TYPE_TMP_BUFFER));
+    tpp = pp;
+    if (tpp != NULL) {
+        ExpectNotNull(XMEMSET(tpp, 0, ret + 1));
+        ExpectIntEQ(i2c_ASN1_INTEGER(a, &tpp), 2);
+        tpp--;
+        ExpectIntEQ(*(tpp--), 128);
+        ExpectIntEQ(*tpp, 0);
+    }
+    XFREE(pp, NULL, DYNAMIC_TYPE_TMP_BUFFER);
+    pp = NULL;
+
+    /* -40 */
+    if (a != NULL) {
+        a->intData[0] = ASN_INTEGER;
+        a->intData[1] = 1;
+        a->intData[2] = 40;
+        a->negative = 1;
+    }
+    ExpectIntEQ(ret = i2c_ASN1_INTEGER(a, NULL), 1);
+    ExpectNotNull(pp = (unsigned char*)XMALLOC(ret + 1, NULL,
+                DYNAMIC_TYPE_TMP_BUFFER));
+    tpp = pp;
+    if (tpp != NULL) {
+        ExpectNotNull(XMEMSET(tpp, 0, ret + 1));
+        ExpectIntEQ(i2c_ASN1_INTEGER(a, &tpp), 1);
+        tpp--;
+        ExpectIntEQ(*tpp, 216);
+    }
+    XFREE(pp, NULL, DYNAMIC_TYPE_TMP_BUFFER);
+    pp = NULL;
+
+    /* -128 */
+    if (a != NULL) {
+        a->intData[0] = ASN_INTEGER;
+        a->intData[1] = 1;
+        a->intData[2] = 128;
+        a->negative = 1;
+    }
+    ExpectIntEQ(ret = i2c_ASN1_INTEGER(a, NULL), 1);
+    ExpectNotNull(pp = (unsigned char*)XMALLOC(ret + 1, NULL,
+                DYNAMIC_TYPE_TMP_BUFFER));
+    tpp = pp;
+    if (tpp != NULL) {
+        ExpectNotNull(XMEMSET(tpp, 0, ret + 1));
+        ExpectIntEQ(i2c_ASN1_INTEGER(a, &tpp), 1);
+        tpp--;
+        ExpectIntEQ(*tpp, 128);
+    }
+    XFREE(pp, NULL, DYNAMIC_TYPE_TMP_BUFFER);
+    pp = NULL;
+
+    /* -200 */
+    if (a != NULL) {
+        a->intData[0] = ASN_INTEGER;
+        a->intData[1] = 1;
+        a->intData[2] = 200;
+        a->negative = 1;
+    }
+    ExpectIntEQ(ret = i2c_ASN1_INTEGER(a, NULL), 2);
+    ExpectNotNull(pp = (unsigned char*)XMALLOC(ret + 1, NULL,
+            DYNAMIC_TYPE_TMP_BUFFER));
+    tpp = pp;
+    if (tpp != NULL) {
+        ExpectNotNull(XMEMSET(tpp, 0, ret + 1));
+        ExpectIntEQ(i2c_ASN1_INTEGER(a, &tpp), 2);
+        tpp--;
+        ExpectIntEQ(*(tpp--), 56);
+        ExpectIntEQ(*tpp, 255);
+    }
+    XFREE(pp, NULL, DYNAMIC_TYPE_TMP_BUFFER);
+    pp = NULL;
+
+    /* Empty */
+    if (a != NULL) {
+        a->intData[0] = ASN_INTEGER;
+        a->intData[1] = 0;
+        a->negative = 0;
+    }
+    ExpectIntEQ(ret = i2c_ASN1_INTEGER(a, NULL), 1);
+    ExpectNotNull(pp = (unsigned char*)XMALLOC(ret + 1, NULL,
+                DYNAMIC_TYPE_TMP_BUFFER));
+    tpp = pp;
+    if (tpp != NULL) {
+        ExpectNotNull(XMEMSET(tpp, 0, ret + 1));
+        ExpectIntEQ(i2c_ASN1_INTEGER(a, &tpp), 1);
+        tpp--;
+        ExpectIntEQ(*tpp, 0);
+    }
+    XFREE(pp, NULL, DYNAMIC_TYPE_TMP_BUFFER);
+    pp = NULL;
+
+    /* 0 */
+    if (a != NULL) {
+        a->intData[0] = ASN_INTEGER;
+        a->intData[1] = 1;
+        a->intData[2] = 0;
+        a->negative = 1;
+    }
+    ExpectIntEQ(ret = i2c_ASN1_INTEGER(a, NULL), 1);
+    ExpectNotNull(pp = (unsigned char*)XMALLOC(ret + 1, NULL,
+                DYNAMIC_TYPE_TMP_BUFFER));
+    if (tpp != NULL) {
+        tpp = pp;
+        ExpectNotNull(XMEMSET(tpp, 0, ret + 1));
+        ExpectIntEQ(i2c_ASN1_INTEGER(a, &tpp), 1);
+        tpp--;
+        ExpectIntEQ(*tpp, 0);
+    }
+    XFREE(pp, NULL, DYNAMIC_TYPE_TMP_BUFFER);
+    pp = NULL;
+
+    /* 0x100 */
+    if (a != NULL) {
+        a->intData[0] = ASN_INTEGER;
+        a->intData[1] = 2;
+        a->intData[2] = 0x01;
+        a->intData[3] = 0x00;
+        a->negative = 0;
+    }
+    ExpectIntEQ(ret = i2c_ASN1_INTEGER(a, NULL), 2);
+    ExpectNotNull(pp = (unsigned char*)XMALLOC(ret + 1, NULL,
+                DYNAMIC_TYPE_TMP_BUFFER));
+    if (tpp != NULL) {
+        tpp = pp;
+        ExpectNotNull(XMEMSET(tpp, 0, ret + 1));
+        ExpectIntEQ(i2c_ASN1_INTEGER(a, &tpp), 2);
+        tpp -= 2;
+        ExpectIntEQ(tpp[0], 0x01);
+        ExpectIntEQ(tpp[1], 0x00);
+    }
+    XFREE(pp, NULL, DYNAMIC_TYPE_TMP_BUFFER);
+    pp = NULL;
+
+    /* -0x8000 => 0x8000 */
+    if (a != NULL) {
+        a->intData[0] = ASN_INTEGER;
+        a->intData[1] = 2;
+        a->intData[2] = 0x80;
+        a->intData[3] = 0x00;
+        a->negative = 1;
+    }
+    ExpectIntEQ(ret = i2c_ASN1_INTEGER(a, NULL), 2);
+    ExpectNotNull(pp = (unsigned char*)XMALLOC(ret + 1, NULL,
+                DYNAMIC_TYPE_TMP_BUFFER));
+    tpp = pp;
+    if (tpp != NULL) {
+        ExpectNotNull(XMEMSET(tpp, 0, ret + 1));
+        ExpectIntEQ(i2c_ASN1_INTEGER(a, &tpp), 2);
+        tpp -= 2;
+        ExpectIntEQ(tpp[0], 0x80);
+        ExpectIntEQ(tpp[1], 0x00);
+    }
+    XFREE(pp, NULL, DYNAMIC_TYPE_TMP_BUFFER);
+    pp = NULL;
+
+    /* -0x8001 => 0xFF7FFF */
+    if (a != NULL) {
+        a->intData[0] = ASN_INTEGER;
+        a->intData[1] = 2;
+        a->intData[2] = 0x80;
+        a->intData[3] = 0x01;
+        a->negative = 1;
+    }
+    ExpectIntEQ(ret = i2c_ASN1_INTEGER(a, NULL), 3);
+    ExpectNotNull(pp = (unsigned char*)XMALLOC(ret + 1, NULL,
+                DYNAMIC_TYPE_TMP_BUFFER));
+    tpp = pp;
+    if (tpp != NULL) {
+        ExpectNotNull(XMEMSET(tpp, 0, ret + 1));
+        ExpectIntEQ(i2c_ASN1_INTEGER(a, &tpp), 3);
+        tpp -= 3;
+        ExpectIntEQ(tpp[0], 0xFF);
+        ExpectIntEQ(tpp[1], 0x7F);
+        ExpectIntEQ(tpp[2], 0xFF);
+    }
+    XFREE(pp, NULL, DYNAMIC_TYPE_TMP_BUFFER);
+
+    wolfSSL_ASN1_INTEGER_free(a);
+#endif /* OPENSSL_EXTRA && !NO_ASN */
+    return EXPECT_RESULT();
+}
+
+int test_wolfSSL_ASN1_OBJECT(void)
+{
+    EXPECT_DECLS;
+#if defined(OPENSSL_EXTRA)
+    ASN1_OBJECT* a = NULL;
+    ASN1_OBJECT s;
+    const unsigned char der[] = { 0x06, 0x01, 0x00 };
+
+    /* Invalid parameter testing. */
+    ASN1_OBJECT_free(NULL);
+    ExpectNull(wolfSSL_ASN1_OBJECT_dup(NULL));
+
+    /* Test that a static ASN1_OBJECT can be freed. */
+    XMEMSET(&s, 0, sizeof(ASN1_OBJECT));
+    ASN1_OBJECT_free(&s);
+    ExpectNotNull(a = wolfSSL_ASN1_OBJECT_dup(&s));
+    ASN1_OBJECT_free(a);
+    a = NULL;
+    s.obj = der;
+    s.objSz = sizeof(der);
+    ExpectNotNull(a = wolfSSL_ASN1_OBJECT_dup(&s));
+    ASN1_OBJECT_free(a);
+    ASN1_OBJECT_free(&s);
+#endif /* OPENSSL_EXTRA */
+    return EXPECT_RESULT();
+}
+
+int test_wolfSSL_ASN1_get_object(void)
+{
+    EXPECT_DECLS;
+#if defined(OPENSSL_EXTRA) && defined(HAVE_ECC) && defined(USE_CERT_BUFFERS_256)
+    const unsigned char* derBuf = cliecc_cert_der_256;
+    const unsigned char* nullPtr = NULL;
+    const unsigned char objDerInvalidLen[] = { 0x30, 0x81 };
+    const unsigned char objDerBadLen[] = { 0x30, 0x04 };
+    const unsigned char objDerNotObj[] = { 0x02, 0x01, 0x00 };
+    const unsigned char objDerNoData[] = { 0x06, 0x00 };
+    const unsigned char* p;
+    unsigned char objDer[10];
+    unsigned char* der;
+    unsigned char* derPtr;
+    int len = sizeof_cliecc_cert_der_256;
+    long asnLen = 0;
+    int tag = 0;
+    int cls = 0;
+    ASN1_OBJECT* a = NULL;
+    ASN1_OBJECT s;
+
+    XMEMSET(&s, 0, sizeof(ASN1_OBJECT));
+
+    /* Invalid encoding at length. */
+    p = objDerInvalidLen;
+    ExpectIntEQ(ASN1_get_object(&p, &asnLen, &tag, &cls, sizeof(objDerBadLen)),
+        0x80);
+    p = objDerBadLen;
+    /* Error = 0x80, Constructed = 0x20 */
+    ExpectIntEQ(ASN1_get_object(&p, &asnLen, &tag, &cls, sizeof(objDerBadLen)),
+        0x80 | 0x20);
+
+    /* Read a couple TLV triplets and make sure they match the expected values
+     */
+
+    /* SEQUENCE */
+    ExpectIntEQ(ASN1_get_object(&derBuf, &asnLen, &tag, &cls, len) & 0x80, 0);
+    ExpectIntEQ(asnLen, 862);
+    ExpectIntEQ(tag, 0x10);
+    ExpectIntEQ(cls, 0);
+
+    /* SEQUENCE */
+    ExpectIntEQ(ASN1_get_object(&derBuf, &asnLen, &tag, &cls,
+            len - (derBuf - cliecc_cert_der_256)) & 0x80, 0);
+    ExpectIntEQ(asnLen, 772);
+    ExpectIntEQ(tag, 0x10);
+    ExpectIntEQ(cls, 0);
+
+    /* [0] */
+    ExpectIntEQ(ASN1_get_object(&derBuf, &asnLen, &tag, &cls,
+            len - (derBuf - cliecc_cert_der_256)) & 0x80, 0);
+    ExpectIntEQ(asnLen, 3);
+    ExpectIntEQ(tag, 0);
+    ExpectIntEQ(cls, 0x80);
+
+    /* INTEGER */
+    ExpectIntEQ(ASN1_get_object(&derBuf, &asnLen, &tag, &cls,
+            len - (derBuf - cliecc_cert_der_256)) & 0x80, 0);
+    ExpectIntEQ(asnLen, 1);
+    ExpectIntEQ(tag, 0x2);
+    ExpectIntEQ(cls, 0);
+    derBuf += asnLen;
+
+    /* INTEGER */
+    ExpectIntEQ(ASN1_get_object(&derBuf, &asnLen, &tag, &cls,
+            len - (derBuf - cliecc_cert_der_256)) & 0x80, 0);
+    ExpectIntEQ(asnLen, 20);
+    ExpectIntEQ(tag, 0x2);
+    ExpectIntEQ(cls, 0);
+    derBuf += asnLen;
+
+    /* SEQUENCE */
+    ExpectIntEQ(ASN1_get_object(&derBuf, &asnLen, &tag, &cls,
+            len - (derBuf - cliecc_cert_der_256)) & 0x80, 0);
+    ExpectIntEQ(asnLen, 10);
+    ExpectIntEQ(tag, 0x10);
+    ExpectIntEQ(cls, 0);
+
+    /* Found OBJECT_ID. */
+
+    /* Invalid parameter testing. */
+    ExpectIntEQ(ASN1_get_object(NULL, NULL, NULL, NULL, 0), 0x80);
+    ExpectIntEQ(ASN1_get_object(&nullPtr, NULL, NULL, NULL, 0), 0x80);
+    ExpectIntEQ(ASN1_get_object(NULL, &asnLen, &tag, &cls, len), 0x80);
+    ExpectIntEQ(ASN1_get_object(&nullPtr, &asnLen, &tag, &cls, len), 0x80);
+    ExpectIntEQ(ASN1_get_object(&derBuf, NULL, &tag, &cls, len), 0x80);
+    ExpectIntEQ(ASN1_get_object(&derBuf, &asnLen, NULL, &cls, len), 0x80);
+    ExpectIntEQ(ASN1_get_object(&derBuf, &asnLen, &tag, NULL, len), 0x80);
+    ExpectIntEQ(ASN1_get_object(&derBuf, &asnLen, &tag, &cls, 0), 0x80);
+    ExpectIntEQ(ASN1_get_object(&derBuf, &asnLen, &tag, &cls, -1), 0x80);
+    ExpectNull(d2i_ASN1_OBJECT(NULL, NULL, -1));
+    ExpectNull(d2i_ASN1_OBJECT(NULL, &nullPtr, -1));
+    ExpectNull(d2i_ASN1_OBJECT(NULL, &derBuf, -1));
+    ExpectNull(d2i_ASN1_OBJECT(NULL, NULL, 0));
+    ExpectNull(d2i_ASN1_OBJECT(&a, NULL, len));
+    ExpectNull(d2i_ASN1_OBJECT(&a, &nullPtr, len));
+    ExpectNull(d2i_ASN1_OBJECT(&a, &derBuf, -1));
+    ExpectNull(c2i_ASN1_OBJECT(NULL, NULL, -1));
+    ExpectNull(c2i_ASN1_OBJECT(NULL, &nullPtr, -1));
+    ExpectNull(c2i_ASN1_OBJECT(NULL, &derBuf, -1));
+    ExpectNull(c2i_ASN1_OBJECT(NULL, NULL, 1));
+    ExpectNull(c2i_ASN1_OBJECT(NULL, &nullPtr, 1));
+
+    /* Invalid encoding at length. */
+    p = objDerInvalidLen;
+    ExpectNull(d2i_ASN1_OBJECT(&a, &p, sizeof(objDerInvalidLen)));
+    p = objDerBadLen;
+    ExpectNull(d2i_ASN1_OBJECT(&a, &p, sizeof(objDerBadLen)));
+    p = objDerNotObj;
+    ExpectNull(d2i_ASN1_OBJECT(&a, &p, sizeof(objDerNotObj)));
+    p = objDerNoData;
+    ExpectNull(d2i_ASN1_OBJECT(&a, &p, sizeof(objDerNoData)));
+
+    /* Create an ASN OBJECT from content */
+    p = derBuf + 2;
+    ExpectNotNull(a = c2i_ASN1_OBJECT(NULL, &p, 8));
+    ASN1_OBJECT_free(a);
+    a = NULL;
+    /* Create an ASN OBJECT from DER */
+    ExpectNotNull(d2i_ASN1_OBJECT(&a, &derBuf, len));
+
+    /* Invalid parameter testing. */
+    ExpectIntEQ(i2d_ASN1_OBJECT(NULL, NULL), 0);
+    ExpectIntEQ(i2d_ASN1_OBJECT(&s, NULL), 0);
+
+    ExpectIntEQ(i2d_ASN1_OBJECT(a, NULL), 10);
+    der = NULL;
+    ExpectIntEQ(i2d_ASN1_OBJECT(a, &der), 10);
+    derPtr = objDer;
+    ExpectIntEQ(i2d_ASN1_OBJECT(a, &derPtr), 10);
+    ExpectPtrNE(derPtr, objDer);
+    ExpectIntEQ(XMEMCMP(der, objDer, 10), 0);
+    XFREE(der, NULL, DYNAMIC_TYPE_OPENSSL);
+
+    ASN1_OBJECT_free(a);
+#endif /* OPENSSL_EXTRA && HAVE_ECC && USE_CERT_BUFFERS_256 */
+    return EXPECT_RESULT();
+}
+
+int test_wolfSSL_i2a_ASN1_OBJECT(void)
+{
+    EXPECT_DECLS;
+#if defined(OPENSSL_EXTRA) && !defined(NO_ASN) && !defined(NO_BIO)
+    ASN1_OBJECT* obj = NULL;
+    ASN1_OBJECT* a = NULL;
+    BIO *bio = NULL;
+    const unsigned char notObjDer[] = { 0x04, 0x01, 0xff };
+    const unsigned char* p;
+
+    ExpectNotNull(obj = OBJ_nid2obj(NID_sha256));
+    ExpectTrue((bio = BIO_new(BIO_s_mem())) != NULL);
+
+    ExpectIntGT(wolfSSL_i2a_ASN1_OBJECT(bio, obj), 0);
+    ExpectIntGT(wolfSSL_i2a_ASN1_OBJECT(bio, NULL), 0);
+
+    ExpectIntEQ(wolfSSL_i2a_ASN1_OBJECT(NULL, obj), 0);
+
+    /* No DER encoding in ASN1_OBJECT. */
+    ExpectNotNull(a = wolfSSL_ASN1_OBJECT_new());
+    ExpectIntEQ(wolfSSL_i2a_ASN1_OBJECT(bio, a), 0);
+    ASN1_OBJECT_free(a);
+    a = NULL;
+    /* DER encoding */
+    p = notObjDer;
+    ExpectNotNull(a = c2i_ASN1_OBJECT(NULL, &p, 3));
+    ExpectIntEQ(wolfSSL_i2a_ASN1_OBJECT(bio, a), 5);
+    ASN1_OBJECT_free(a);
+
+    BIO_free(bio);
+    ASN1_OBJECT_free(obj);
+#endif
+    return EXPECT_RESULT();
+}
+
+int test_wolfSSL_i2t_ASN1_OBJECT(void)
+{
+    EXPECT_DECLS;
+#if defined(OPENSSL_EXTRA) && \
+    defined(WOLFSSL_CERT_EXT) && defined(WOLFSSL_CERT_GEN)
+    char buf[50] = {0};
+    ASN1_OBJECT* obj;
+    const char* oid = "2.5.29.19";
+    const char* ln  = "X509v3 Basic Constraints";
+
+    obj = NULL;
+    ExpectIntEQ(i2t_ASN1_OBJECT(NULL, sizeof(buf), obj), 0);
+    ExpectIntEQ(i2t_ASN1_OBJECT(buf, sizeof(buf), NULL), 0);
+    ExpectIntEQ(i2t_ASN1_OBJECT(buf, 0, NULL), 0);
+
+    ExpectNotNull(obj = OBJ_txt2obj(oid, 0));
+    XMEMSET(buf, 0, sizeof(buf));
+    ExpectIntEQ(i2t_ASN1_OBJECT(buf, sizeof(buf), obj), XSTRLEN(ln));
+    ExpectIntEQ(XSTRNCMP(buf, ln, XSTRLEN(ln)), 0);
+    ASN1_OBJECT_free(obj);
+#endif /* OPENSSL_EXTRA && WOLFSSL_CERT_EXT && WOLFSSL_CERT_GEN */
+    return EXPECT_RESULT();
+}
+
+int test_wolfSSL_sk_ASN1_OBJECT(void)
+{
+    EXPECT_DECLS;
+#if !defined(NO_ASN) && (defined(OPENSSL_EXTRA) || defined(WOLFSSL_WPAS_SMALL))
+    WOLFSSL_STACK* sk = NULL;
+    WOLFSSL_ASN1_OBJECT* obj;
+
+    ExpectNotNull(obj = wolfSSL_ASN1_OBJECT_new());
+
+    ExpectNotNull(sk = wolfSSL_sk_new_asn1_obj());
+    wolfSSL_sk_ASN1_OBJECT_free(sk);
+    sk = NULL;
+
+    ExpectNotNull(sk = wolfSSL_sk_new_asn1_obj());
+    ExpectIntEQ(wolfSSL_sk_ASN1_OBJECT_push(NULL, NULL), -1);
+    ExpectIntEQ(wolfSSL_sk_ASN1_OBJECT_push(sk, NULL), 0);
+    ExpectIntEQ(wolfSSL_sk_ASN1_OBJECT_push(NULL, obj), -1);
+    ExpectIntEQ(wolfSSL_sk_ASN1_OBJECT_push(sk, obj), 1);
+    wolfSSL_sk_ASN1_OBJECT_pop_free(sk, NULL);
+    sk = NULL;
+    /* obj freed in pop_free call. */
+
+    ExpectNotNull(obj = wolfSSL_ASN1_OBJECT_new());
+    ExpectNotNull(sk = wolfSSL_sk_new_asn1_obj());
+    ExpectIntEQ(wolfSSL_sk_ASN1_OBJECT_push(sk, obj), 1);
+    ExpectPtrEq(obj, wolfSSL_sk_ASN1_OBJECT_pop(sk));
+    wolfSSL_sk_ASN1_OBJECT_free(sk);
+    wolfSSL_ASN1_OBJECT_free(obj);
+#endif /* !NO_ASN && (OPENSSL_EXTRA || WOLFSSL_WPAS_SMALL) */
+    return EXPECT_RESULT();
+}
+
+int test_wolfSSL_ASN1_STRING(void)
+{
+    EXPECT_DECLS;
+#if defined(OPENSSL_EXTRA)
+    ASN1_STRING* str = NULL;
+    ASN1_STRING* c = NULL;
+    const char data[]  = "hello wolfSSL";
+    const char data2[] = "Same len data";
+    const char longData[] =
+        "This string must be longer than CTC_NAME_SIZE that is defined as 64.";
+
+    ExpectNotNull(str = ASN1_STRING_type_new(V_ASN1_OCTET_STRING));
+    ASN1_STRING_free(str);
+    str = NULL;
+
+    ExpectNotNull(str = ASN1_STRING_type_new(V_ASN1_OCTET_STRING));
+    ExpectIntEQ(ASN1_STRING_type(str), V_ASN1_OCTET_STRING);
+    ExpectIntEQ(ASN1_STRING_type(NULL), 0);
+    /* Check setting to NULL works. */
+    ExpectIntEQ(ASN1_STRING_set(str, NULL, 0), 1);
+    ExpectIntEQ(ASN1_STRING_set(str, (const void*)data, sizeof(data)), 1);
+    ExpectIntEQ(ASN1_STRING_set(str, (const void*)data, -1), 1);
+    ExpectIntEQ(ASN1_STRING_set(str, NULL, -1), 0);
+    ExpectIntEQ(ASN1_STRING_set(NULL, NULL, 0), 0);
+
+    ExpectIntEQ(wolfSSL_ASN1_STRING_copy(NULL, NULL), 0);
+    ExpectIntEQ(wolfSSL_ASN1_STRING_copy(str, NULL), 0);
+    ExpectIntEQ(wolfSSL_ASN1_STRING_copy(NULL, str), 0);
+    ExpectNull(wolfSSL_ASN1_STRING_dup(NULL));
+
+    ExpectNotNull(c = wolfSSL_ASN1_STRING_dup(str));
+    ExpectIntEQ(ASN1_STRING_cmp(NULL, NULL), -1);
+    ExpectIntEQ(ASN1_STRING_cmp(str, NULL), -1);
+    ExpectIntEQ(ASN1_STRING_cmp(NULL, c), -1);
+    ExpectIntEQ(ASN1_STRING_cmp(str, c), 0);
+    ExpectIntEQ(ASN1_STRING_set(c, (const void*)data2, -1), 1);
+    ExpectIntGT(ASN1_STRING_cmp(str, c), 0);
+    ExpectIntEQ(ASN1_STRING_set(str, (const void*)longData, -1), 1);
+    ExpectIntEQ(wolfSSL_ASN1_STRING_copy(c, str), 1);
+    ExpectIntEQ(ASN1_STRING_cmp(str, c), 0);
+    /* Check setting back to smaller size frees dynamic data. */
+    ExpectIntEQ(ASN1_STRING_set(str, (const void*)data, -1), 1);
+    ExpectIntLT(ASN1_STRING_cmp(str, c), 0);
+    ExpectIntGT(ASN1_STRING_cmp(c, str), 0);
+
+    ExpectNull(ASN1_STRING_get0_data(NULL));
+    ExpectNotNull(ASN1_STRING_get0_data(str));
+    ExpectNull(ASN1_STRING_data(NULL));
+    ExpectNotNull(ASN1_STRING_data(str));
+    ExpectIntEQ(ASN1_STRING_length(NULL), 0);
+    ExpectIntGT(ASN1_STRING_length(str), 0);
+
+    ASN1_STRING_free(c);
+    ASN1_STRING_free(str);
+    ASN1_STRING_free(NULL);
+
+#ifndef NO_WOLFSSL_STUB
+    ExpectNull(d2i_DISPLAYTEXT(NULL, NULL, 0));
+#endif
+#endif
+    return EXPECT_RESULT();
+}
+
+int test_wolfSSL_ASN1_STRING_to_UTF8(void)
+{
+    EXPECT_DECLS;
+#if defined(OPENSSL_ALL) && !defined(NO_ASN) && !defined(NO_RSA) && \
+    !defined(NO_FILESYSTEM)
+    WOLFSSL_X509* x509 = NULL;
+    WOLFSSL_X509_NAME* subject = NULL;
+    WOLFSSL_X509_NAME_ENTRY* e = NULL;
+    WOLFSSL_ASN1_STRING* a = NULL;
+    FILE* file = XBADFILE;
+    int idx = 0;
+    char targetOutput[16] = "www.wolfssl.com";
+    unsigned char* actual_output = NULL;
+    int len = 0;
+
+    ExpectNotNull(file = fopen("./certs/server-cert.pem", "rb"));
+    ExpectNotNull(x509 = wolfSSL_PEM_read_X509(file, NULL, NULL, NULL));
+    if (file != XBADFILE)
+        fclose(file);
+
+    /* wolfSSL_ASN1_STRING_to_UTF8(): NID_commonName */
+    ExpectNotNull(subject = wolfSSL_X509_get_subject_name(x509));
+    ExpectIntEQ((idx = wolfSSL_X509_NAME_get_index_by_NID(subject,
+                    NID_commonName, -1)), 5);
+    ExpectNotNull(e = wolfSSL_X509_NAME_get_entry(subject, idx));
+    ExpectNotNull(a = wolfSSL_X509_NAME_ENTRY_get_data(e));
+    ExpectIntEQ((len = wolfSSL_ASN1_STRING_to_UTF8(&actual_output, a)), 15);
+    ExpectIntEQ(strncmp((const char*)actual_output, targetOutput, (size_t)len), 0);
+    a = NULL;
+
+    /* wolfSSL_ASN1_STRING_to_UTF8(NULL, valid) */
+    ExpectIntEQ((len = wolfSSL_ASN1_STRING_to_UTF8(NULL, a)), -1);
+
+    /* wolfSSL_ASN1_STRING_to_UTF8(valid, NULL) */
+    ExpectIntEQ((len = wolfSSL_ASN1_STRING_to_UTF8(&actual_output, NULL)), -1);
+
+    /* wolfSSL_ASN1_STRING_to_UTF8(NULL, NULL) */
+    ExpectIntEQ((len = wolfSSL_ASN1_STRING_to_UTF8(NULL, NULL)), -1);
+
+    wolfSSL_X509_free(x509);
+    XFREE(actual_output, NULL, DYNAMIC_TYPE_TMP_BUFFER);
+
+    ExpectNotNull(a = ASN1_STRING_new());
+    ExpectIntEQ(wolfSSL_ASN1_STRING_to_UTF8(&actual_output, a), -1);
+    ASN1_STRING_free(a);
+#endif
+    return EXPECT_RESULT();
+}
+
+int test_wolfSSL_i2s_ASN1_STRING(void)
+{
+    EXPECT_DECLS;
+#if defined(OPENSSL_EXTRA) && !defined(NO_ASN)
+    WOLFSSL_ASN1_STRING* str = NULL;
+    const char* data = "test_wolfSSL_i2s_ASN1_STRING";
+    char* ret = NULL;
+
+    ExpectNotNull(str = ASN1_STRING_new());
+
+    ExpectNull(ret = wolfSSL_i2s_ASN1_STRING(NULL, NULL));
+    XFREE(ret, NULL, DYNAMIC_TYPE_TMP_BUFFER);
+    ret = NULL;
+    /* No data. */
+    ExpectNull(ret = wolfSSL_i2s_ASN1_STRING(NULL, str));
+    XFREE(ret, NULL, DYNAMIC_TYPE_TMP_BUFFER);
+    ret = NULL;
+
+    ExpectIntEQ(ASN1_STRING_set(str, data, 0), 1);
+    ExpectNotNull(ret = wolfSSL_i2s_ASN1_STRING(NULL, str));
+    XFREE(ret, NULL, DYNAMIC_TYPE_TMP_BUFFER);
+    ret = NULL;
+
+    ExpectIntEQ(ASN1_STRING_set(str, data, -1), 1);
+    /* No type. */
+    ExpectNotNull(ret = wolfSSL_i2s_ASN1_STRING(NULL, str));
+    XFREE(ret, NULL, DYNAMIC_TYPE_TMP_BUFFER);
+
+    ASN1_STRING_free(str);
+#endif
+    return EXPECT_RESULT();
+}
+
+int test_wolfSSL_ASN1_STRING_canon(void)
+{
+    EXPECT_DECLS;
+#if defined(WOLFSSL_TEST_STATIC_BUILD)
+#if !defined(NO_CERTS) && (defined(OPENSSL_ALL) || defined(OPENSSL_EXTRA) || \
+    defined(OPENSSL_EXTRA_X509_SMALL))
+    WOLFSSL_ASN1_STRING* orig = NULL;
+    WOLFSSL_ASN1_STRING* canon = NULL;
+    const char* data = "test_wolfSSL_ASN1_STRING_canon";
+    const char* whitespaceOnly = "\t\r\n";
+    const char* modData = "  \x01\f\t\x02\r\n\v\xff\nTt \n";
+    const char* canonData = "\x01 \x02 \xff tt";
+    const char longData[] =
+        "This string must be longer than CTC_NAME_SIZE that is defined as 64.";
+
+    ExpectNotNull(orig = ASN1_STRING_new());
+    ExpectNotNull(canon = ASN1_STRING_new());
+
+    /* Invalid parameter testing. */
+    ExpectIntEQ(wolfSSL_ASN1_STRING_canon(NULL, NULL), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    ExpectIntEQ(wolfSSL_ASN1_STRING_canon(canon, NULL), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    ExpectIntEQ(wolfSSL_ASN1_STRING_canon(NULL, orig), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+
+    ExpectIntEQ(wolfSSL_ASN1_STRING_canon(canon, orig), 1);
+    ExpectIntEQ(ASN1_STRING_cmp(orig, canon), 0);
+
+    ExpectIntEQ(ASN1_STRING_set(orig, longData, (int)XSTRLEN(data)), 1);
+    ExpectIntEQ(wolfSSL_ASN1_STRING_canon(canon, orig), 1);
+    ExpectIntEQ(ASN1_STRING_cmp(orig, canon), 0);
+
+    ExpectIntEQ(ASN1_STRING_set(orig, data, (int)XSTRLEN(data)), 1);
+    ExpectIntEQ(wolfSSL_ASN1_STRING_canon(canon, orig), 1);
+    ExpectIntEQ(ASN1_STRING_cmp(orig, canon), 0);
+
+    ASN1_STRING_free(orig);
+    orig = NULL;
+
+    ExpectNotNull(orig = ASN1_STRING_type_new(MBSTRING_UTF8));
+    ExpectIntEQ(ASN1_STRING_set(orig, modData, 15), 1);
+    ExpectIntEQ(wolfSSL_ASN1_STRING_canon(canon, orig), 1);
+    ExpectIntEQ(ASN1_STRING_set(orig, canonData, 8), 1);
+    ExpectIntEQ(ASN1_STRING_cmp(orig, canon), 0);
+    ASN1_STRING_free(orig);
+    orig = NULL;
+
+    ExpectNotNull(orig = ASN1_STRING_type_new(V_ASN1_PRINTABLESTRING));
+    ExpectIntEQ(ASN1_STRING_set(orig, whitespaceOnly, 3), 1);
+    ExpectIntEQ(wolfSSL_ASN1_STRING_canon(canon, orig), 1);
+    ASN1_STRING_free(orig);
+    orig = NULL;
+    ExpectNotNull(orig = ASN1_STRING_type_new(MBSTRING_UTF8));
+    ExpectIntEQ(ASN1_STRING_cmp(orig, canon), 0);
+
+    ASN1_STRING_free(orig);
+    ASN1_STRING_free(canon);
+#endif
+#endif
+    return EXPECT_RESULT();
+}
+
+int test_wolfSSL_ASN1_STRING_print(void)
+{
+    EXPECT_DECLS;
+#if defined(OPENSSL_ALL) && !defined(NO_ASN) && !defined(NO_CERTS) && \
+    !defined(NO_BIO)
+    ASN1_STRING* asnStr = NULL;
+    const char HELLO_DATA[]= \
+                      {'H','e','l','l','o',' ','w','o','l','f','S','S','L','!'};
+    #define MAX_UNPRINTABLE_CHAR 32
+    #define MAX_BUF 255
+    unsigned char unprintableData[MAX_UNPRINTABLE_CHAR + sizeof(HELLO_DATA)];
+    unsigned char expected[sizeof(unprintableData)+1];
+    unsigned char rbuf[MAX_BUF];
+    BIO *bio = NULL;
+    int p_len;
+    int i;
+
+    /* setup */
+
+    for (i = 0; i < (int)sizeof(HELLO_DATA); i++) {
+        unprintableData[i]  = (unsigned char)HELLO_DATA[i];
+        expected[i]         = (unsigned char)HELLO_DATA[i];
+    }
+
+    for (i = 0; i < (int)MAX_UNPRINTABLE_CHAR; i++) {
+        unprintableData[sizeof(HELLO_DATA)+i] = i;
+
+        if (i == (int)'\n' || i == (int)'\r')
+            expected[sizeof(HELLO_DATA)+i] = i;
+        else
+            expected[sizeof(HELLO_DATA)+i] = '.';
+    }
+
+    unprintableData[sizeof(unprintableData)-1] = '\0';
+    expected[sizeof(expected)-1] = '\0';
+
+    XMEMSET(rbuf, 0, MAX_BUF);
+    ExpectNotNull(bio = BIO_new(BIO_s_mem()));
+    ExpectIntEQ(BIO_set_write_buf_size(bio, MAX_BUF), 0);
+
+    ExpectNotNull(asnStr = ASN1_STRING_type_new(V_ASN1_OCTET_STRING));
+    ExpectIntEQ(ASN1_STRING_set(asnStr,(const void*)unprintableData,
+            (int)sizeof(unprintableData)), 1);
+    /* test */
+    ExpectIntEQ(wolfSSL_ASN1_STRING_print(NULL, NULL), 0);
+    ExpectIntEQ(wolfSSL_ASN1_STRING_print(bio, NULL), 0);
+    ExpectIntEQ(wolfSSL_ASN1_STRING_print(NULL, asnStr), 0);
+    ExpectIntEQ(p_len = wolfSSL_ASN1_STRING_print(bio, asnStr), 46);
+    ExpectIntEQ(BIO_read(bio, (void*)rbuf, 46), 46);
+
+    ExpectStrEQ((char*)rbuf, (const char*)expected);
+
+    BIO_free(bio);
+    bio = NULL;
+
+    ExpectNotNull(bio = BIO_new(wolfSSL_BIO_s_fixed_mem()));
+    ExpectIntEQ(BIO_set_write_buf_size(bio, 1), 1);
+    /* Ensure there is 0 bytes available to write into. */
+    ExpectIntEQ(BIO_write(bio, rbuf, 1), 1);
+    ExpectIntEQ(wolfSSL_ASN1_STRING_print(bio, asnStr), 0);
+    ExpectIntEQ(BIO_set_write_buf_size(bio, 1), 1);
+    ExpectIntEQ(wolfSSL_ASN1_STRING_print(bio, asnStr), 0);
+    ExpectIntEQ(BIO_set_write_buf_size(bio, 45), 1);
+    ExpectIntEQ(wolfSSL_ASN1_STRING_print(bio, asnStr), 0);
+    BIO_free(bio);
+
+    ASN1_STRING_free(asnStr);
+#endif /* OPENSSL_EXTRA && !NO_ASN && !NO_CERTS && !NO_BIO */
+    return EXPECT_RESULT();
+}
+
+int test_wolfSSL_ASN1_STRING_print_ex(void)
+{
+    EXPECT_DECLS;
+#if defined(OPENSSL_EXTRA) && !defined(NO_ASN) && !defined(NO_BIO)
+    ASN1_STRING* asn_str = NULL;
+    const char data[] = "Hello wolfSSL!";
+    ASN1_STRING* esc_str = NULL;
+    const char esc_data[] = "a+;<>";
+    ASN1_STRING* neg_int = NULL;
+    const char neg_int_data[] = "\xff";
+    ASN1_STRING* neg_enum = NULL;
+    const char neg_enum_data[] = "\xff";
+    BIO *bio = NULL;
+    BIO *fixed = NULL;
+    unsigned long flags;
+    int p_len;
+    unsigned char rbuf[255];
+
+    /* setup */
+    XMEMSET(rbuf, 0, 255);
+    ExpectNotNull(bio = BIO_new(BIO_s_mem()));
+    ExpectIntEQ(BIO_set_write_buf_size(bio, 255), 0);
+    ExpectNotNull(fixed = BIO_new(wolfSSL_BIO_s_fixed_mem()));
+
+    ExpectNotNull(asn_str = ASN1_STRING_type_new(V_ASN1_OCTET_STRING));
+    ExpectIntEQ(ASN1_STRING_set(asn_str, (const void*)data, sizeof(data)), 1);
+    ExpectNotNull(esc_str = ASN1_STRING_type_new(V_ASN1_OCTET_STRING));
+    ExpectIntEQ(ASN1_STRING_set(esc_str, (const void*)esc_data,
+        sizeof(esc_data)), 1);
+    ExpectNotNull(neg_int = ASN1_STRING_type_new(V_ASN1_NEG_INTEGER));
+    ExpectIntEQ(ASN1_STRING_set(neg_int, (const void*)neg_int_data,
+        sizeof(neg_int_data) - 1), 1);
+    ExpectNotNull(neg_enum = ASN1_STRING_type_new(V_ASN1_NEG_ENUMERATED));
+    ExpectIntEQ(ASN1_STRING_set(neg_enum, (const void*)neg_enum_data,
+        sizeof(neg_enum_data) - 1), 1);
+
+    /* Invalid parameter testing. */
+    ExpectIntEQ(wolfSSL_ASN1_STRING_print_ex(NULL, NULL, 0), 0);
+    ExpectIntEQ(wolfSSL_ASN1_STRING_print_ex(bio, NULL, 0), 0);
+    ExpectIntEQ(wolfSSL_ASN1_STRING_print_ex(NULL, asn_str, 0), 0);
+
+    /* no flags */
+    XMEMSET(rbuf, 0, 255);
+    flags = 0;
+    ExpectIntEQ(p_len = wolfSSL_ASN1_STRING_print_ex(bio, asn_str, flags), 15);
+    ExpectIntEQ(BIO_read(bio, (void*)rbuf, 15), 15);
+    ExpectStrEQ((char*)rbuf, "Hello wolfSSL!");
+    ExpectIntEQ(BIO_set_write_buf_size(fixed, 1), 1);
+    /* Ensure there is 0 bytes available to write into. */
+    ExpectIntEQ(BIO_write(fixed, rbuf, 1), 1);
+    ExpectIntEQ(wolfSSL_ASN1_STRING_print_ex(fixed, asn_str, flags), 0);
+    ExpectIntEQ(BIO_set_write_buf_size(fixed, 1), 1);
+    ExpectIntEQ(wolfSSL_ASN1_STRING_print_ex(fixed, asn_str, flags), 0);
+    ExpectIntEQ(BIO_set_write_buf_size(fixed, 14), 1);
+    ExpectIntEQ(wolfSSL_ASN1_STRING_print_ex(fixed, asn_str, flags), 0);
+
+    /* RFC2253 Escape */
+    XMEMSET(rbuf, 0, 255);
+    flags = ASN1_STRFLGS_ESC_2253;
+    ExpectIntEQ(p_len = wolfSSL_ASN1_STRING_print_ex(bio, esc_str, flags), 9);
+    ExpectIntEQ(BIO_read(bio, (void*)rbuf, 9), 9);
+    ExpectStrEQ((char*)rbuf, "a\\+\\;\\<\\>");
+    ExpectIntEQ(BIO_set_write_buf_size(fixed, 1), 1);
+    /* Ensure there is 0 bytes available to write into. */
+    ExpectIntEQ(BIO_write(fixed, rbuf, 1), 1);
+    ExpectIntEQ(wolfSSL_ASN1_STRING_print_ex(fixed, esc_str, flags), 0);
+    ExpectIntEQ(BIO_set_write_buf_size(fixed, 1), 1);
+    ExpectIntEQ(wolfSSL_ASN1_STRING_print_ex(fixed, esc_str, flags), 0);
+    ExpectIntEQ(BIO_set_write_buf_size(fixed, 8), 1);
+    ExpectIntEQ(wolfSSL_ASN1_STRING_print_ex(fixed, esc_str, flags), 0);
+
+    /* Show type */
+    XMEMSET(rbuf, 0, 255);
+    flags = ASN1_STRFLGS_SHOW_TYPE;
+    ExpectIntEQ(p_len = wolfSSL_ASN1_STRING_print_ex(bio, asn_str, flags), 28);
+    ExpectIntEQ(BIO_read(bio, (void*)rbuf, 28), 28);
+    ExpectStrEQ((char*)rbuf, "OCTET STRING:Hello wolfSSL!");
+    ExpectIntEQ(BIO_set_write_buf_size(fixed, 1), 1);
+    /* Ensure there is 0 bytes available to write into. */
+    ExpectIntEQ(BIO_write(fixed, rbuf, 1), 1);
+    ExpectIntEQ(wolfSSL_ASN1_STRING_print_ex(fixed, asn_str, flags), 0);
+    ExpectIntEQ(BIO_set_write_buf_size(fixed, 1), 1);
+    ExpectIntEQ(wolfSSL_ASN1_STRING_print_ex(fixed, asn_str, flags), 0);
+    ExpectIntEQ(BIO_set_write_buf_size(fixed, 12), 1);
+    ExpectIntEQ(wolfSSL_ASN1_STRING_print_ex(fixed, asn_str, flags), 0);
+    ExpectIntEQ(BIO_set_write_buf_size(fixed, 27), 1);
+    ExpectIntEQ(wolfSSL_ASN1_STRING_print_ex(fixed, asn_str, flags), 0);
+
+    /* Dump All */
+    XMEMSET(rbuf, 0, 255);
+    flags = ASN1_STRFLGS_DUMP_ALL;
+    ExpectIntEQ(p_len = wolfSSL_ASN1_STRING_print_ex(bio, asn_str, flags), 31);
+    ExpectIntEQ(BIO_read(bio, (void*)rbuf, 31), 31);
+    ExpectStrEQ((char*)rbuf, "#48656C6C6F20776F6C6653534C2100");
+    ExpectIntEQ(BIO_set_write_buf_size(fixed, 1), 1);
+    /* Ensure there is 0 bytes available to write into. */
+    ExpectIntEQ(BIO_write(fixed, rbuf, 1), 1);
+    ExpectIntEQ(wolfSSL_ASN1_STRING_print_ex(fixed, asn_str, flags), 0);
+    ExpectIntEQ(BIO_set_write_buf_size(fixed, 1), 1);
+    ExpectIntEQ(wolfSSL_ASN1_STRING_print_ex(fixed, asn_str, flags), 0);
+    ExpectIntEQ(BIO_set_write_buf_size(fixed, 30), 1);
+    ExpectIntEQ(wolfSSL_ASN1_STRING_print_ex(fixed, asn_str, flags), 0);
+
+    /* Dump Der */
+    XMEMSET(rbuf, 0, 255);
+    flags = ASN1_STRFLGS_DUMP_ALL | ASN1_STRFLGS_DUMP_DER;
+    ExpectIntEQ(p_len = wolfSSL_ASN1_STRING_print_ex(bio, asn_str, flags), 35);
+    ExpectIntEQ(BIO_read(bio, (void*)rbuf, 35), 35);
+    ExpectStrEQ((char*)rbuf, "#040F48656C6C6F20776F6C6653534C2100");
+    ExpectIntEQ(BIO_set_write_buf_size(fixed, 1), 1);
+    /* Ensure there is 0 bytes available to write into. */
+    ExpectIntEQ(BIO_write(fixed, rbuf, 1), 1);
+    ExpectIntEQ(wolfSSL_ASN1_STRING_print_ex(fixed, asn_str, flags), 0);
+    ExpectIntEQ(BIO_set_write_buf_size(fixed, 1), 1);
+    ExpectIntEQ(wolfSSL_ASN1_STRING_print_ex(fixed, asn_str, flags), 0);
+    ExpectIntEQ(BIO_set_write_buf_size(fixed, 2), 1);
+    ExpectIntEQ(wolfSSL_ASN1_STRING_print_ex(fixed, asn_str, flags), 0);
+    ExpectIntEQ(BIO_set_write_buf_size(fixed, 30), 1);
+    ExpectIntEQ(wolfSSL_ASN1_STRING_print_ex(fixed, asn_str, flags), 0);
+
+    /* Dump All + Show type */
+    XMEMSET(rbuf, 0, 255);
+    flags = ASN1_STRFLGS_DUMP_ALL | ASN1_STRFLGS_SHOW_TYPE;
+    ExpectIntEQ(p_len = wolfSSL_ASN1_STRING_print_ex(bio, asn_str, flags), 44);
+    ExpectIntEQ(BIO_read(bio, (void*)rbuf, 44), 44);
+    ExpectStrEQ((char*)rbuf, "OCTET STRING:#48656C6C6F20776F6C6653534C2100");
+
+    /* Dump All + Show type - Negative Integer. */
+    XMEMSET(rbuf, 0, 255);
+    flags = ASN1_STRFLGS_DUMP_ALL | ASN1_STRFLGS_SHOW_TYPE;
+    ExpectIntEQ(p_len = wolfSSL_ASN1_STRING_print_ex(bio, neg_int, flags), 11);
+    ExpectIntEQ(BIO_read(bio, (void*)rbuf, 11), 11);
+    ExpectStrEQ((char*)rbuf, "INTEGER:#FF");
+
+    /* Dump All + Show type - Negative Enumerated. */
+    XMEMSET(rbuf, 0, 255);
+    flags = ASN1_STRFLGS_DUMP_ALL | ASN1_STRFLGS_SHOW_TYPE;
+    ExpectIntEQ(p_len = wolfSSL_ASN1_STRING_print_ex(bio, neg_enum, flags), 14);
+    ExpectIntEQ(BIO_read(bio, (void*)rbuf, 14), 14);
+    ExpectStrEQ((char*)rbuf, "ENUMERATED:#FF");
+
+    BIO_free(fixed);
+    BIO_free(bio);
+    ASN1_STRING_free(asn_str);
+    ASN1_STRING_free(esc_str);
+    ASN1_STRING_free(neg_int);
+    ASN1_STRING_free(neg_enum);
+
+    ExpectStrEQ(wolfSSL_ASN1_tag2str(-1), "(unknown)");
+    ExpectStrEQ(wolfSSL_ASN1_tag2str(31), "(unknown)");
+#endif
+    return EXPECT_RESULT();
+}
+
+int test_wolfSSL_ASN1_UNIVERSALSTRING_to_string(void)
+{
+    EXPECT_DECLS;
+#if defined(OPENSSL_ALL) && !defined(NO_ASN)
+    ASN1_STRING* asn1str_test = NULL;
+    ASN1_STRING* asn1str_answer = NULL;
+    /* Each character is encoded using 4 bytes */
+    char input[] = {
+            0, 0, 0, 'T',
+            0, 0, 0, 'e',
+            0, 0, 0, 's',
+            0, 0, 0, 't',
+    };
+    char output[] = "Test";
+    char badInput[] = {
+            1, 0, 0, 'T',
+            0, 1, 0, 'e',
+            0, 0, 1, 's',
+    };
+
+    ExpectIntEQ(ASN1_UNIVERSALSTRING_to_string(NULL), 0);
+    /* Test wrong type. */
+    ExpectNotNull(asn1str_test = ASN1_STRING_type_new(V_ASN1_OCTET_STRING));
+    ExpectIntEQ(ASN1_UNIVERSALSTRING_to_string(asn1str_test), 0);
+    ASN1_STRING_free(asn1str_test);
+    asn1str_test = NULL;
+
+    ExpectNotNull(asn1str_test = ASN1_STRING_type_new(V_ASN1_UNIVERSALSTRING));
+
+    /* Test bad length. */
+    ExpectIntEQ(ASN1_STRING_set(asn1str_test, input, sizeof(input) - 1), 1);
+    ExpectIntEQ(ASN1_UNIVERSALSTRING_to_string(asn1str_test), 0);
+    /* Test bad input. */
+    ExpectIntEQ(ASN1_STRING_set(asn1str_test, badInput + 0, 4), 1);
+    ExpectIntEQ(ASN1_UNIVERSALSTRING_to_string(asn1str_test), 0);
+    ExpectIntEQ(ASN1_STRING_set(asn1str_test, badInput + 4, 4), 1);
+    ExpectIntEQ(ASN1_UNIVERSALSTRING_to_string(asn1str_test), 0);
+    ExpectIntEQ(ASN1_STRING_set(asn1str_test, badInput + 8, 4), 1);
+    ExpectIntEQ(ASN1_UNIVERSALSTRING_to_string(asn1str_test), 0);
+
+    ExpectIntEQ(ASN1_STRING_set(asn1str_test, input, sizeof(input)), 1);
+    ExpectIntEQ(ASN1_UNIVERSALSTRING_to_string(asn1str_test), 1);
+
+    ExpectNotNull(
+        asn1str_answer = ASN1_STRING_type_new(V_ASN1_PRINTABLESTRING));
+    ExpectIntEQ(ASN1_STRING_set(asn1str_answer, output, sizeof(output)-1), 1);
+
+    ExpectIntEQ(ASN1_STRING_cmp(asn1str_test, asn1str_answer), 0);
+
+    ASN1_STRING_free(asn1str_test);
+    ASN1_STRING_free(asn1str_answer);
+#endif /* OPENSSL_ALL && !NO_ASN */
+    return EXPECT_RESULT();
+}
+
+int test_wolfSSL_ASN1_GENERALIZEDTIME_free(void)
+{
+    EXPECT_DECLS;
+#if defined(OPENSSL_EXTRA) && !defined(NO_ASN_TIME)
+    WOLFSSL_ASN1_GENERALIZEDTIME* asn1_gtime = NULL;
+
+    ExpectNotNull(asn1_gtime = ASN1_GENERALIZEDTIME_new());
+    if (asn1_gtime != NULL)
+        XMEMCPY(asn1_gtime->data, "20180504123500Z", ASN_GENERALIZED_TIME_SIZE);
+    ASN1_GENERALIZEDTIME_free(asn1_gtime);
+#endif /* OPENSSL_EXTRA && !NO_ASN_TIME */
+    return EXPECT_RESULT();
+}
+
+int test_wolfSSL_ASN1_GENERALIZEDTIME_print(void)
+{
+    EXPECT_DECLS;
+#if defined(OPENSSL_EXTRA) && !defined(NO_ASN_TIME) && !defined(NO_BIO)
+    WOLFSSL_ASN1_GENERALIZEDTIME* gtime = NULL;
+    BIO* bio = NULL;
+    unsigned char buf[24];
+    int i;
+
+    ExpectNotNull(bio = BIO_new(BIO_s_mem()));
+    BIO_set_write_buf_size(bio, 24);
+
+    ExpectNotNull(gtime = ASN1_GENERALIZEDTIME_new());
+    /* Type not set. */
+    ExpectIntEQ(wolfSSL_ASN1_GENERALIZEDTIME_print(bio, gtime), 0);
+    ExpectIntEQ(wolfSSL_ASN1_TIME_set_string(gtime, "20180504123500Z"), 1);
+
+    /* Invalid parameters testing. */
+    ExpectIntEQ(wolfSSL_ASN1_GENERALIZEDTIME_print(NULL, NULL), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    ExpectIntEQ(wolfSSL_ASN1_GENERALIZEDTIME_print(bio, NULL), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    ExpectIntEQ(wolfSSL_ASN1_GENERALIZEDTIME_print(NULL, gtime), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+
+    ExpectIntEQ(wolfSSL_ASN1_GENERALIZEDTIME_print(bio, gtime), 1);
+    ExpectIntEQ(BIO_read(bio, buf, sizeof(buf)), 20);
+    ExpectIntEQ(XMEMCMP(buf, "May 04 12:35:00 2018", 20), 0);
+
+    BIO_free(bio);
+    bio = NULL;
+
+    ExpectNotNull(bio = BIO_new(wolfSSL_BIO_s_fixed_mem()));
+    ExpectIntEQ(BIO_set_write_buf_size(bio, 1), 1);
+    /* Ensure there is 0 bytes available to write into. */
+    ExpectIntEQ(BIO_write(bio, buf, 1), 1);
+    ExpectIntEQ(wolfSSL_ASN1_GENERALIZEDTIME_print(bio, gtime), 0);
+    for (i = 1; i < 20; i++) {
+        ExpectIntEQ(BIO_set_write_buf_size(bio, i), 1);
+        ExpectIntEQ(wolfSSL_ASN1_GENERALIZEDTIME_print(bio, gtime), 0);
+    }
+    BIO_free(bio);
+
+    wolfSSL_ASN1_GENERALIZEDTIME_free(gtime);
+#endif /* OPENSSL_EXTRA && !NO_ASN_TIME && !NO_BIO */
+    return EXPECT_RESULT();
+}
+
+int test_wolfSSL_ASN1_TIME(void)
+{
+    EXPECT_DECLS;
+#if defined(OPENSSL_EXTRA) && !defined(NO_ASN_TIME)
+    WOLFSSL_ASN1_TIME* asn_time = NULL;
+    unsigned char *data = NULL;
+
+    ExpectNotNull(asn_time = ASN1_TIME_new());
+
+#ifndef NO_WOLFSSL_STUB
+    ExpectNotNull(ASN1_TIME_set(asn_time, 1));
+#endif
+    ExpectIntEQ(ASN1_TIME_set_string(NULL, NULL), 0);
+    ExpectIntEQ(ASN1_TIME_set_string(asn_time, NULL), 0);
+    ExpectIntEQ(ASN1_TIME_set_string(NULL,
+        "String longer than CTC_DATA_SIZE that is 32 bytes"), 0);
+    ExpectIntEQ(ASN1_TIME_set_string(NULL, "101219181011Z"), 1);
+    ExpectIntEQ(ASN1_TIME_set_string(asn_time, "101219181011Z"), 1);
+
+    ExpectIntEQ(wolfSSL_ASN1_TIME_get_length(NULL), 0);
+    ExpectIntEQ(wolfSSL_ASN1_TIME_get_length(asn_time), ASN_UTC_TIME_SIZE - 1);
+    ExpectNull(wolfSSL_ASN1_TIME_get_data(NULL));
+    ExpectNotNull(data = wolfSSL_ASN1_TIME_get_data(asn_time));
+    ExpectIntEQ(XMEMCMP(data, "101219181011Z", 14), 0);
+
+    ExpectIntEQ(ASN1_TIME_check(NULL), 0);
+    ExpectIntEQ(ASN1_TIME_check(asn_time), 1);
+
+    ExpectIntEQ(ASN1_TIME_set_string_X509(asn_time, "101219181011Z"), 1);
+    ExpectIntEQ(ASN1_TIME_set_string_X509(asn_time, "101219181011Za"), 0);
+
+    ASN1_TIME_free(asn_time);
+    ASN1_TIME_free(NULL);
+#endif
+    return EXPECT_RESULT();
+}
+
+int test_wolfSSL_ASN1_TIME_to_string(void)
+{
+    EXPECT_DECLS;
+#ifndef NO_ASN_TIME
+#if defined(WOLFSSL_MYSQL_COMPATIBLE) || defined(WOLFSSL_NGINX) || \
+    defined(WOLFSSL_HAPROXY) || defined(OPENSSL_EXTRA) || defined(OPENSSL_ALL)
+    WOLFSSL_ASN1_TIME* t = NULL;
+    char buf[ASN_GENERALIZED_TIME_SIZE];
+
+    ExpectNotNull((t = ASN1_TIME_new()));
+    ExpectIntEQ(ASN1_TIME_set_string(t, "030222211515Z"), 1);
+
+    /* Invalid parameter testing. */
+    ExpectNull(ASN1_TIME_to_string(NULL, NULL, 4));
+    ExpectNull(ASN1_TIME_to_string(t, NULL, 4));
+    ExpectNull(ASN1_TIME_to_string(NULL, buf, 4));
+    ExpectNull(ASN1_TIME_to_string(NULL, NULL, 5));
+    ExpectNull(ASN1_TIME_to_string(NULL, buf, 5));
+    ExpectNull(ASN1_TIME_to_string(t, NULL, 5));
+    ExpectNull(ASN1_TIME_to_string(t, buf, 4));
+    /* Buffer needs to be longer than minimum of 5 characters. */
+    ExpectNull(ASN1_TIME_to_string(t, buf, 5));
+
+    ASN1_TIME_free(t);
+#endif
+#endif /* NO_ASN_TIME */
+    return EXPECT_RESULT();
+}
+
+int test_wolfSSL_ASN1_TIME_diff_compare(void)
+{
+    EXPECT_DECLS;
+#if defined(OPENSSL_EXTRA) && !defined(NO_ASN_TIME)
+    ASN1_TIME* fromTime = NULL;
+    ASN1_TIME* closeToTime = NULL;
+    ASN1_TIME* toTime = NULL;
+    ASN1_TIME* invalidTime = NULL;
+    int daysDiff = 0;
+    int secsDiff = 0;
+
+    ExpectNotNull((fromTime = ASN1_TIME_new()));
+    /* Feb 22, 2003, 21:15:15 */
+    ExpectIntEQ(ASN1_TIME_set_string(fromTime, "030222211515Z"), 1);
+    ExpectNotNull((closeToTime = ASN1_TIME_new()));
+    /* Feb 22, 2003, 21:16:15 */
+    ExpectIntEQ(ASN1_TIME_set_string(closeToTime, "030222211615Z"), 1);
+    ExpectNotNull((toTime = ASN1_TIME_new()));
+    /* Dec 19, 2010, 18:10:11 */
+    ExpectIntEQ(ASN1_TIME_set_string(toTime, "101219181011Z"), 1);
+    ExpectNotNull((invalidTime = ASN1_TIME_new()));
+    /* Dec 19, 2010, 18:10:11 but 'U' instead of 'Z' which is invalid. */
+    ExpectIntEQ(ASN1_TIME_set_string(invalidTime, "102519181011U"), 1);
+
+    ExpectIntEQ(ASN1_TIME_diff(&daysDiff, &secsDiff, fromTime, invalidTime), 0);
+    ExpectIntEQ(ASN1_TIME_diff(&daysDiff, &secsDiff, invalidTime, toTime), 0);
+
+    ExpectIntEQ(ASN1_TIME_diff(&daysDiff, &secsDiff, fromTime, toTime), 1);
+
+    /* Test when secsDiff or daysDiff is NULL. */
+    ExpectIntEQ(ASN1_TIME_diff(NULL, &secsDiff, fromTime, toTime), 1);
+    ExpectIntEQ(ASN1_TIME_diff(&daysDiff, NULL, fromTime, toTime), 1);
+    ExpectIntEQ(ASN1_TIME_diff(NULL, NULL, fromTime, toTime), 1);
+
+    /* If both times are NULL, difference is 0. */
+    ExpectIntEQ(ASN1_TIME_diff(&daysDiff, &secsDiff, NULL, NULL), 1);
+    ExpectIntEQ(daysDiff, 0);
+    ExpectIntEQ(secsDiff, 0);
+
+    /* If one time is NULL, it defaults to the current time. */
+    ExpectIntEQ(ASN1_TIME_diff(&daysDiff, &secsDiff, NULL, toTime), 1);
+    ExpectIntEQ(ASN1_TIME_diff(&daysDiff, &secsDiff, fromTime, NULL), 1);
+
+    /* Normal operation. Both times non-NULL. */
+    ExpectIntEQ(ASN1_TIME_diff(&daysDiff, &secsDiff, fromTime, toTime), 1);
+    ExpectIntEQ(daysDiff, 2856);
+    ExpectIntEQ(secsDiff, 75296);
+    /* Swapping the times should return negative values. */
+    ExpectIntEQ(ASN1_TIME_diff(&daysDiff, &secsDiff, toTime, fromTime), 1);
+    ExpectIntEQ(daysDiff, -2856);
+    ExpectIntEQ(secsDiff, -75296);
+
+    /* Compare with invalid time string. */
+    ExpectIntEQ(ASN1_TIME_compare(fromTime, invalidTime), -2);
+    ExpectIntEQ(ASN1_TIME_compare(invalidTime, toTime), -2);
+    /* Compare with days difference of 0. */
+    ExpectIntEQ(ASN1_TIME_compare(fromTime, closeToTime), -1);
+    ExpectIntEQ(ASN1_TIME_compare(closeToTime, fromTime), 1);
+    /* Days and seconds differences not 0. */
+    ExpectIntEQ(ASN1_TIME_compare(fromTime, toTime), -1);
+    ExpectIntEQ(ASN1_TIME_compare(toTime, fromTime), 1);
+    /* Same time. */
+    ExpectIntEQ(ASN1_TIME_compare(fromTime, fromTime), 0);
+
+    /* Compare regression test: No seconds difference, just difference in days.
+     */
+    ASN1_TIME_set_string(fromTime, "19700101000000Z");
+    ASN1_TIME_set_string(toTime, "19800101000000Z");
+    ExpectIntEQ(ASN1_TIME_compare(fromTime, toTime), -1);
+    ExpectIntEQ(ASN1_TIME_compare(toTime, fromTime), 1);
+    ExpectIntEQ(ASN1_TIME_compare(fromTime, fromTime), 0);
+
+    /* Edge case with Unix epoch. */
+    ExpectNotNull(ASN1_TIME_set_string(fromTime, "19700101000000Z"));
+    ExpectNotNull(ASN1_TIME_set_string(toTime, "19800101000000Z"));
+    ExpectIntEQ(ASN1_TIME_diff(&daysDiff, &secsDiff, fromTime, toTime), 1);
+    ExpectIntEQ(daysDiff, 3652);
+    ExpectIntEQ(secsDiff, 0);
+
+    /* Edge case with year > 2038 (year 2038 problem). */
+    ExpectNotNull(ASN1_TIME_set_string(toTime, "99991231235959Z"));
+    ExpectIntEQ(ASN1_TIME_diff(&daysDiff, &secsDiff, fromTime, toTime), 1);
+    ExpectIntEQ(daysDiff, 2932896);
+    ExpectIntEQ(secsDiff, 86399);
+
+    ASN1_TIME_free(fromTime);
+    ASN1_TIME_free(closeToTime);
+    ASN1_TIME_free(toTime);
+    ASN1_TIME_free(invalidTime);
+#endif
+    return EXPECT_RESULT();
+}
+
+int test_wolfSSL_ASN1_TIME_adj(void)
+{
+    EXPECT_DECLS;
+#if defined(OPENSSL_EXTRA) && !defined(NO_ASN_TIME) && \
+    !defined(USER_TIME) && !defined(TIME_OVERRIDES)
+    const int year = 365*24*60*60;
+    const int day  = 24*60*60;
+    const int hour = 60*60;
+    const int mini = 60;
+    const byte asn_utc_time = ASN_UTC_TIME;
+#if !defined(TIME_T_NOT_64BIT) && !defined(NO_64BIT)
+    const byte asn_gen_time = ASN_GENERALIZED_TIME;
+#endif
+    WOLFSSL_ASN1_TIME* asn_time = NULL;
+    WOLFSSL_ASN1_TIME* s = NULL;
+    int offset_day;
+    long offset_sec;
+    char date_str[CTC_DATE_SIZE + 1];
+    time_t t;
+
+    ExpectNotNull(s = wolfSSL_ASN1_TIME_new());
+    /* UTC notation test */
+    /* 2000/2/15 20:30:00 */
+    t = (time_t)30 * year + 45 * day + 20 * hour + 30 * mini + 7 * day;
+    offset_day = 7;
+    offset_sec = 45 * mini;
+    /* offset_sec = -45 * min;*/
+    ExpectNotNull(asn_time =
+            wolfSSL_ASN1_TIME_adj(s, t, offset_day, offset_sec));
+    if (asn_time != NULL) {
+        ExpectTrue(asn_time->type == asn_utc_time);
+        ExpectNotNull(XSTRNCPY(date_str, (const char*)&asn_time->data,
+            CTC_DATE_SIZE));
+        date_str[CTC_DATE_SIZE] = '\0';
+        ExpectIntEQ(0, XMEMCMP(date_str, "000222211500Z", 13));
+        if (asn_time != s) {
+            XFREE(asn_time, NULL, DYNAMIC_TYPE_OPENSSL);
+        }
+        asn_time = NULL;
+    }
+
+    /* negative offset */
+    offset_sec = -45 * mini;
+    asn_time = wolfSSL_ASN1_TIME_adj(s, t, offset_day, offset_sec);
+    ExpectNotNull(asn_time);
+    if (asn_time != NULL) {
+        ExpectTrue(asn_time->type == asn_utc_time);
+        ExpectNotNull(XSTRNCPY(date_str, (const char*)&asn_time->data,
+            CTC_DATE_SIZE));
+        date_str[CTC_DATE_SIZE] = '\0';
+        ExpectIntEQ(0, XMEMCMP(date_str, "000222194500Z", 13));
+        if (asn_time != s) {
+            XFREE(asn_time, NULL, DYNAMIC_TYPE_OPENSSL);
+        }
+        asn_time = NULL;
+    }
+
+    XFREE(s, NULL, DYNAMIC_TYPE_OPENSSL);
+    s = NULL;
+    XMEMSET(date_str, 0, sizeof(date_str));
+
+    /* Generalized time will overflow time_t if not long */
+#if !defined(TIME_T_NOT_64BIT) && !defined(NO_64BIT)
+    s = (WOLFSSL_ASN1_TIME*)XMALLOC(sizeof(WOLFSSL_ASN1_TIME), NULL,
+                                    DYNAMIC_TYPE_OPENSSL);
+    /* GeneralizedTime notation test */
+    /* 2055/03/01 09:00:00 */
+    t = (time_t)85 * year + 59 * day + 9 * hour + 21 * day;
+        offset_day = 12;
+        offset_sec = 10 * mini;
+    ExpectNotNull(asn_time = wolfSSL_ASN1_TIME_adj(s, t, offset_day,
+        offset_sec));
+    if (asn_time != NULL) {
+        ExpectTrue(asn_time->type == asn_gen_time);
+        ExpectNotNull(XSTRNCPY(date_str, (const char*)&asn_time->data,
+            CTC_DATE_SIZE));
+        date_str[CTC_DATE_SIZE] = '\0';
+        ExpectIntEQ(0, XMEMCMP(date_str, "20550313091000Z", 15));
+        if (asn_time != s) {
+            XFREE(asn_time, NULL, DYNAMIC_TYPE_OPENSSL);
+        }
+        asn_time = NULL;
+    }
+
+    XFREE(s, NULL, DYNAMIC_TYPE_OPENSSL);
+    s = NULL;
+    XMEMSET(date_str, 0, sizeof(date_str));
+#endif /* !TIME_T_NOT_64BIT && !NO_64BIT */
+
+    /* if WOLFSSL_ASN1_TIME struct is not allocated */
+    s = NULL;
+
+    t = (time_t)30 * year + 45 * day + 20 * hour + 30 * mini + 15 + 7 * day;
+    offset_day = 7;
+    offset_sec = 45 * mini;
+    ExpectNotNull(asn_time = wolfSSL_ASN1_TIME_adj(s, t, offset_day,
+        offset_sec));
+    if (asn_time != NULL) {
+        ExpectTrue(asn_time->type == asn_utc_time);
+        ExpectNotNull(XSTRNCPY(date_str, (const char*)&asn_time->data,
+            CTC_DATE_SIZE));
+        date_str[CTC_DATE_SIZE] = '\0';
+        ExpectIntEQ(0, XMEMCMP(date_str, "000222211515Z", 13));
+        XFREE(asn_time, NULL, DYNAMIC_TYPE_OPENSSL);
+        asn_time = NULL;
+    }
+    ExpectNotNull(asn_time = wolfSSL_ASN1_TIME_adj(NULL, t, offset_day,
+        offset_sec));
+    if (asn_time != NULL) {
+        ExpectTrue(asn_time->type == asn_utc_time);
+        ExpectNotNull(XSTRNCPY(date_str, (const char*)&asn_time->data,
+            CTC_DATE_SIZE));
+        date_str[CTC_DATE_SIZE] = '\0';
+        ExpectIntEQ(0, XMEMCMP(date_str, "000222211515Z", 13));
+        XFREE(asn_time, NULL, DYNAMIC_TYPE_OPENSSL);
+        asn_time = NULL;
+    }
+#endif
+    return EXPECT_RESULT();
+}
+
+int test_wolfSSL_ASN1_TIME_to_tm(void)
+{
+    EXPECT_DECLS;
+#if (defined(WOLFSSL_MYSQL_COMPATIBLE) || defined(WOLFSSL_NGINX) || \
+      defined(WOLFSSL_HAPROXY) || defined(OPENSSL_EXTRA) || \
+      defined(OPENSSL_ALL)) && !defined(NO_ASN_TIME)
+    ASN1_TIME asnTime;
+    struct tm tm;
+    time_t testTime = 1683926567; /* Fri May 12 09:22:47 PM UTC 2023 */
+
+    XMEMSET(&tm, 0, sizeof(struct tm));
+
+    XMEMSET(&asnTime, 0, sizeof(ASN1_TIME));
+    ExpectIntEQ(ASN1_TIME_set_string(&asnTime, "000222211515Z"), 1);
+    ExpectIntEQ(ASN1_TIME_to_tm(&asnTime, NULL), 1);
+    ExpectIntEQ(ASN1_TIME_to_tm(&asnTime, &tm), 1);
+
+    ExpectIntEQ(tm.tm_sec, 15);
+    ExpectIntEQ(tm.tm_min, 15);
+    ExpectIntEQ(tm.tm_hour, 21);
+    ExpectIntEQ(tm.tm_mday, 22);
+    ExpectIntEQ(tm.tm_mon, 1);
+    ExpectIntEQ(tm.tm_year, 100);
+    ExpectIntEQ(tm.tm_isdst, 0);
+#ifdef XMKTIME
+    ExpectIntEQ(tm.tm_wday, 2);
+    ExpectIntEQ(tm.tm_yday, 52);
+#endif
+
+    ExpectIntEQ(ASN1_TIME_set_string(&asnTime, "500222211515Z"), 1);
+    ExpectIntEQ(ASN1_TIME_to_tm(&asnTime, &tm), 1);
+    ExpectIntEQ(tm.tm_year, 50);
+
+    /* Get current time. */
+    ExpectIntEQ(ASN1_TIME_to_tm(NULL, NULL), 0);
+    ExpectIntEQ(ASN1_TIME_to_tm(NULL, &tm), 1);
+
+    XMEMSET(&asnTime, 0, sizeof(ASN1_TIME));
+    /* 0 length. */
+    ExpectIntEQ(ASN1_TIME_to_tm(&asnTime, &tm), 0);
+    /* No type. */
+    asnTime.length = 1;
+    ExpectIntEQ(ASN1_TIME_to_tm(&asnTime, &tm), 0);
+    /* Not UTCTIME length. */
+    asnTime.type = V_ASN1_UTCTIME;
+    ExpectIntEQ(ASN1_TIME_to_tm(&asnTime, &tm), 0);
+    /* Not GENERALIZEDTIME length. */
+    asnTime.type = V_ASN1_GENERALIZEDTIME;
+    ExpectIntEQ(ASN1_TIME_to_tm(&asnTime, &tm), 0);
+
+    /* Not Zulu timezone. */
+    ExpectIntEQ(ASN1_TIME_set_string(&asnTime, "000222211515U"), 1);
+    ExpectIntEQ(ASN1_TIME_to_tm(&asnTime, &tm), 0);
+    ExpectIntEQ(ASN1_TIME_set_string(&asnTime, "20000222211515U"), 1);
+    ExpectIntEQ(ASN1_TIME_to_tm(&asnTime, &tm), 0);
+
+#ifdef XMKTIME
+    ExpectNotNull(ASN1_TIME_adj(&asnTime, testTime, 0, 0));
+    ExpectIntEQ(ASN1_TIME_to_tm(&asnTime, &tm), 1);
+    ExpectIntEQ(tm.tm_sec, 47);
+    ExpectIntEQ(tm.tm_min, 22);
+    ExpectIntEQ(tm.tm_hour, 21);
+    ExpectIntEQ(tm.tm_mday, 12);
+    ExpectIntEQ(tm.tm_mon, 4);
+    ExpectIntEQ(tm.tm_year, 123);
+    ExpectIntEQ(tm.tm_wday, 5);
+    ExpectIntEQ(tm.tm_yday, 131);
+    /* Confirm that when used with a tm struct from ASN1_TIME_adj, all other
+       fields are zeroed out as expected. */
+    ExpectIntEQ(tm.tm_isdst, 0);
+#endif
+#endif
+    return EXPECT_RESULT();
+}
+
+int test_wolfSSL_ASN1_TIME_to_generalizedtime(void)
+{
+    EXPECT_DECLS;
+#if defined(OPENSSL_EXTRA) && !defined(NO_ASN_TIME)
+    WOLFSSL_ASN1_TIME *t = NULL;
+    WOLFSSL_ASN1_TIME *out = NULL;
+    WOLFSSL_ASN1_TIME *gtime = NULL;
+    int tlen = 0;
+    unsigned char *data = NULL;
+
+    ExpectNotNull(t = wolfSSL_ASN1_TIME_new());
+    ExpectNull(wolfSSL_ASN1_TIME_to_generalizedtime(NULL, &out));
+    /* type not set. */
+    ExpectNull(wolfSSL_ASN1_TIME_to_generalizedtime(t, &out));
+    XFREE(t, NULL, DYNAMIC_TYPE_TMP_BUFFER);
+    t = NULL;
+
+    /* UTC Time test */
+    ExpectNotNull(t = wolfSSL_ASN1_TIME_new());
+    if (t != NULL) {
+        XMEMSET(t->data, 0, ASN_GENERALIZED_TIME_SIZE);
+        t->type = ASN_UTC_TIME;
+        t->length = ASN_UTC_TIME_SIZE;
+        XMEMCPY(t->data, "050727123456Z", ASN_UTC_TIME_SIZE);
+    }
+
+    ExpectIntEQ(tlen = wolfSSL_ASN1_TIME_get_length(t), ASN_UTC_TIME_SIZE);
+    ExpectStrEQ((char*)(data = wolfSSL_ASN1_TIME_get_data(t)), "050727123456Z");
+
+    out = NULL;
+    ExpectNotNull(gtime = wolfSSL_ASN1_TIME_to_generalizedtime(t, &out));
+    wolfSSL_ASN1_TIME_free(gtime);
+    gtime = NULL;
+    ExpectNotNull(out = wolfSSL_ASN1_TIME_new());
+    ExpectNotNull(gtime = wolfSSL_ASN1_TIME_to_generalizedtime(t, &out));
+    ExpectPtrEq(gtime, out);
+    ExpectIntEQ(gtime->type, ASN_GENERALIZED_TIME);
+    ExpectIntEQ(gtime->length, ASN_GENERALIZED_TIME_SIZE);
+    ExpectStrEQ((char*)gtime->data, "20050727123456Z");
+
+    /* Generalized Time test */
+    ExpectNotNull(XMEMSET(t, 0, ASN_GENERALIZED_TIME_SIZE));
+    ExpectNotNull(XMEMSET(out, 0, ASN_GENERALIZED_TIME_SIZE));
+    ExpectNotNull(XMEMSET(data, 0, ASN_GENERALIZED_TIME_SIZE));
+    if (t != NULL) {
+        t->type = ASN_GENERALIZED_TIME;
+        t->length = ASN_GENERALIZED_TIME_SIZE;
+        XMEMCPY(t->data, "20050727123456Z", ASN_GENERALIZED_TIME_SIZE);
+    }
+
+    ExpectIntEQ(tlen = wolfSSL_ASN1_TIME_get_length(t),
+        ASN_GENERALIZED_TIME_SIZE);
+    ExpectStrEQ((char*)(data = wolfSSL_ASN1_TIME_get_data(t)),
+        "20050727123456Z");
+    ExpectNotNull(gtime = wolfSSL_ASN1_TIME_to_generalizedtime(t, &out));
+    ExpectIntEQ(gtime->type, ASN_GENERALIZED_TIME);
+    ExpectIntEQ(gtime->length, ASN_GENERALIZED_TIME_SIZE);
+    ExpectStrEQ((char*)gtime->data, "20050727123456Z");
+
+    /* UTC Time to Generalized Time 1900's test */
+    ExpectNotNull(XMEMSET(t, 0, ASN_GENERALIZED_TIME_SIZE));
+    ExpectNotNull(XMEMSET(out, 0, ASN_GENERALIZED_TIME_SIZE));
+    ExpectNotNull(XMEMSET(data, 0, ASN_GENERALIZED_TIME_SIZE));
+    if (t != NULL) {
+        t->type = ASN_UTC_TIME;
+        t->length = ASN_UTC_TIME_SIZE;
+        XMEMCPY(t->data, "500727123456Z", ASN_UTC_TIME_SIZE);
+    }
+
+    ExpectNotNull(gtime = wolfSSL_ASN1_TIME_to_generalizedtime(t, &out));
+    ExpectIntEQ(gtime->type, ASN_GENERALIZED_TIME);
+    ExpectIntEQ(gtime->length, ASN_GENERALIZED_TIME_SIZE);
+    ExpectStrEQ((char*)gtime->data, "19500727123456Z");
+    XFREE(out, NULL, DYNAMIC_TYPE_TMP_BUFFER);
+
+    /* Null parameter test */
+    ExpectNotNull(XMEMSET(t, 0, ASN_GENERALIZED_TIME_SIZE));
+    gtime = NULL;
+    out = NULL;
+    if (t != NULL) {
+        t->type = ASN_UTC_TIME;
+        t->length = ASN_UTC_TIME_SIZE;
+        XMEMCPY(t->data, "050727123456Z", ASN_UTC_TIME_SIZE);
+    }
+    ExpectNotNull(gtime = wolfSSL_ASN1_TIME_to_generalizedtime(t, NULL));
+    ExpectIntEQ(gtime->type, ASN_GENERALIZED_TIME);
+    ExpectIntEQ(gtime->length, ASN_GENERALIZED_TIME_SIZE);
+    ExpectStrEQ((char*)gtime->data, "20050727123456Z");
+
+    XFREE(gtime, NULL, DYNAMIC_TYPE_TMP_BUFFER);
+    XFREE(t, NULL, DYNAMIC_TYPE_TMP_BUFFER);
+#endif
+    return EXPECT_RESULT();
+}
+
+int test_wolfSSL_ASN1_TIME_print(void)
+{
+    EXPECT_DECLS;
+#if !defined(NO_CERTS) && !defined(NO_RSA) && !defined(NO_BIO) && \
+    (defined(WOLFSSL_MYSQL_COMPATIBLE) || defined(WOLFSSL_NGINX) || \
+     defined(WOLFSSL_HAPROXY) || defined(OPENSSL_EXTRA) || \
+     defined(OPENSSL_ALL)) && defined(USE_CERT_BUFFERS_2048) && \
+    !defined(NO_ASN_TIME)
+    BIO*  bio = NULL;
+    BIO*  fixed = NULL;
+    X509*  x509 = NULL;
+    const unsigned char* der = client_cert_der_2048;
+    ASN1_TIME* notAfter = NULL;
+    ASN1_TIME* notBefore = NULL;
+    unsigned char buf[25];
+
+    ExpectNotNull(bio = BIO_new(BIO_s_mem()));
+    ExpectNotNull(fixed = BIO_new(wolfSSL_BIO_s_fixed_mem()));
+    ExpectNotNull(x509 = wolfSSL_X509_load_certificate_buffer(der,
+                sizeof_client_cert_der_2048, WOLFSSL_FILETYPE_ASN1));
+    ExpectNotNull(notBefore = X509_get_notBefore(x509));
+
+    ExpectIntEQ(ASN1_TIME_print(NULL, NULL), 0);
+    ExpectIntEQ(ASN1_TIME_print(bio, NULL), 0);
+    ExpectIntEQ(ASN1_TIME_print(NULL, notBefore), 0);
+
+    ExpectIntEQ(ASN1_TIME_print(bio, notBefore), 1);
+    ExpectIntEQ(BIO_read(bio, buf, sizeof(buf)), 24);
+    ExpectIntEQ(XMEMCMP(buf, "Dec 18 21:25:29 2024 GMT", sizeof(buf) - 1), 0);
+
+    /* Test BIO_write fails. */
+    ExpectIntEQ(BIO_set_write_buf_size(fixed, 1), 1);
+    /* Ensure there is 0 bytes available to write into. */
+    ExpectIntEQ(BIO_write(fixed, buf, 1), 1);
+    ExpectIntEQ(ASN1_TIME_print(fixed, notBefore), 0);
+    ExpectIntEQ(BIO_set_write_buf_size(fixed, 1), 1);
+    ExpectIntEQ(ASN1_TIME_print(fixed, notBefore), 0);
+    ExpectIntEQ(BIO_set_write_buf_size(fixed, 23), 1);
+    ExpectIntEQ(ASN1_TIME_print(fixed, notBefore), 0);
+
+    /* create a bad time and test results */
+    ExpectNotNull(notAfter = X509_get_notAfter(x509));
+    ExpectIntEQ(ASN1_TIME_check(notAfter), 1);
+    if (EXPECT_SUCCESS()) {
+        notAfter->data[8] = 0;
+        notAfter->data[3] = 0;
+    }
+    ExpectIntNE(ASN1_TIME_print(bio, notAfter), 1);
+    ExpectIntEQ(BIO_read(bio, buf, sizeof(buf)), 14);
+    ExpectIntEQ(XMEMCMP(buf, "Bad time value", 14), 0);
+    ExpectIntEQ(ASN1_TIME_check(notAfter), 0);
+
+    BIO_free(bio);
+    BIO_free(fixed);
+    X509_free(x509);
+#endif
+    return EXPECT_RESULT();
+}
+
+int test_wolfSSL_ASN1_UTCTIME_print(void)
+{
+    EXPECT_DECLS;
+#if defined(OPENSSL_EXTRA) && !defined(NO_ASN_TIME) && !defined(NO_BIO)
+    BIO*  bio = NULL;
+    ASN1_UTCTIME* utc = NULL;
+    unsigned char buf[25];
+    const char* validDate   = "190424111501Z";   /* UTC =   YYMMDDHHMMSSZ */
+    const char* invalidDate = "190424111501X";   /* UTC =   YYMMDDHHMMSSZ */
+    const char* genDate     = "20190424111501Z"; /* GEN = YYYYMMDDHHMMSSZ */
+
+    /* Valid date */
+    ExpectNotNull(bio = BIO_new(BIO_s_mem()));
+    ExpectNotNull(utc = (ASN1_UTCTIME*)XMALLOC(sizeof(ASN1_UTCTIME), NULL,
+                                                           DYNAMIC_TYPE_ASN1));
+    if (utc != NULL) {
+        utc->type = ASN_UTC_TIME;
+        utc->length = ASN_UTC_TIME_SIZE;
+        XMEMCPY(utc->data, (byte*)validDate, ASN_UTC_TIME_SIZE);
+    }
+
+    ExpectIntEQ(ASN1_UTCTIME_print(NULL, NULL), 0);
+    ExpectIntEQ(ASN1_UTCTIME_print(bio, NULL), 0);
+    ExpectIntEQ(ASN1_UTCTIME_print(NULL, utc), 0);
+
+    ExpectIntEQ(ASN1_UTCTIME_print(bio, utc), 1);
+    ExpectIntEQ(BIO_read(bio, buf, sizeof(buf)), 24);
+    ExpectIntEQ(XMEMCMP(buf, "Apr 24 11:15:01 2019 GMT", sizeof(buf)-1), 0);
+
+    XMEMSET(buf, 0, sizeof(buf));
+    BIO_free(bio);
+    bio = NULL;
+
+    /* Invalid format */
+    ExpectNotNull(bio = BIO_new(BIO_s_mem()));
+    if (utc != NULL) {
+        utc->type = ASN_UTC_TIME;
+        utc->length = ASN_UTC_TIME_SIZE;
+        XMEMCPY(utc->data, (byte*)invalidDate, ASN_UTC_TIME_SIZE);
+    }
+    ExpectIntEQ(ASN1_UTCTIME_print(bio, utc), 0);
+    ExpectIntEQ(BIO_read(bio, buf, sizeof(buf)), 14);
+    ExpectIntEQ(XMEMCMP(buf, "Bad time value", 14), 0);
+
+    /* Invalid type */
+    if (utc != NULL) {
+        utc->type = ASN_GENERALIZED_TIME;
+        utc->length = ASN_GENERALIZED_TIME_SIZE;
+        XMEMCPY(utc->data, (byte*)genDate, ASN_GENERALIZED_TIME_SIZE);
+    }
+    ExpectIntEQ(ASN1_UTCTIME_print(bio, utc), 0);
+
+    XFREE(utc, NULL, DYNAMIC_TYPE_ASN1);
+    BIO_free(bio);
+#endif /* OPENSSL_EXTRA && !NO_ASN_TIME && !NO_BIO */
+    return EXPECT_RESULT();
+}
+
+int test_wolfSSL_ASN1_TYPE(void)
+{
+    EXPECT_DECLS;
+#if defined(OPENSSL_ALL) || defined(WOLFSSL_APACHE_HTTPD) || \
+    defined(WOLFSSL_HAPROXY) || defined(WOLFSSL_WPAS)
+    WOLFSSL_ASN1_TYPE* t = NULL;
+    WOLFSSL_ASN1_OBJECT* obj = NULL;
+#ifndef NO_ASN_TIME
+    WOLFSSL_ASN1_TIME* time = NULL;
+#endif
+    WOLFSSL_ASN1_STRING* str = NULL;
+    unsigned char data[] = { 0x00 };
+
+    ASN1_TYPE_set(NULL, V_ASN1_NULL, NULL);
+
+    ExpectNotNull(t = wolfSSL_ASN1_TYPE_new());
+    ASN1_TYPE_set(t, V_ASN1_EOC, NULL);
+    wolfSSL_ASN1_TYPE_free(t);
+    t = NULL;
+
+    ExpectNotNull(t = wolfSSL_ASN1_TYPE_new());
+    ASN1_TYPE_set(t, V_ASN1_NULL, NULL);
+    ASN1_TYPE_set(t, V_ASN1_NULL, data);
+    wolfSSL_ASN1_TYPE_free(t);
+    t = NULL;
+
+    ExpectNotNull(t = wolfSSL_ASN1_TYPE_new());
+    ExpectNotNull(obj = wolfSSL_ASN1_OBJECT_new());
+    ASN1_TYPE_set(t, V_ASN1_OBJECT, obj);
+    wolfSSL_ASN1_TYPE_free(t);
+    t = NULL;
+
+#ifndef NO_ASN_TIME
+    ExpectNotNull(t = wolfSSL_ASN1_TYPE_new());
+    ExpectNotNull(time = wolfSSL_ASN1_TIME_new());
+    ASN1_TYPE_set(t, V_ASN1_UTCTIME, time);
+    wolfSSL_ASN1_TYPE_free(t);
+    t = NULL;
+
+    ExpectNotNull(t = wolfSSL_ASN1_TYPE_new());
+    ExpectNotNull(time = wolfSSL_ASN1_TIME_new());
+    ASN1_TYPE_set(t, V_ASN1_GENERALIZEDTIME, time);
+    wolfSSL_ASN1_TYPE_free(t);
+    t = NULL;
+#endif
+
+    ExpectNotNull(t = wolfSSL_ASN1_TYPE_new());
+    ExpectNotNull(str = wolfSSL_ASN1_STRING_new());
+    ASN1_TYPE_set(t, V_ASN1_UTF8STRING, str);
+    wolfSSL_ASN1_TYPE_free(t);
+    t = NULL;
+
+    ExpectNotNull(t = wolfSSL_ASN1_TYPE_new());
+    ExpectNotNull(str = wolfSSL_ASN1_STRING_new());
+    ASN1_TYPE_set(t, V_ASN1_PRINTABLESTRING, str);
+    wolfSSL_ASN1_TYPE_free(t);
+    t = NULL;
+
+    ExpectNotNull(t = wolfSSL_ASN1_TYPE_new());
+    ExpectNotNull(str = wolfSSL_ASN1_STRING_new());
+    ASN1_TYPE_set(t, V_ASN1_T61STRING, str);
+    wolfSSL_ASN1_TYPE_free(t);
+    t = NULL;
+
+    ExpectNotNull(t = wolfSSL_ASN1_TYPE_new());
+    ExpectNotNull(str = wolfSSL_ASN1_STRING_new());
+    ASN1_TYPE_set(t, V_ASN1_IA5STRING, str);
+    wolfSSL_ASN1_TYPE_free(t);
+    t = NULL;
+
+    ExpectNotNull(t = wolfSSL_ASN1_TYPE_new());
+    ExpectNotNull(str = wolfSSL_ASN1_STRING_new());
+    ASN1_TYPE_set(t, V_ASN1_UNIVERSALSTRING, str);
+    wolfSSL_ASN1_TYPE_free(t);
+    t = NULL;
+
+    ExpectNotNull(t = wolfSSL_ASN1_TYPE_new());
+    ExpectNotNull(str = wolfSSL_ASN1_STRING_new());
+    ASN1_TYPE_set(t, V_ASN1_SEQUENCE, str);
+    wolfSSL_ASN1_TYPE_free(t);
+    t = NULL;
+#endif
+    return EXPECT_RESULT();
+}
+
+/* Testing code used in old dpp.c in hostap */
+#if defined(OPENSSL_ALL) && defined(HAVE_ECC) && defined(USE_CERT_BUFFERS_256)
+typedef struct {
+    /* AlgorithmIdentifier ecPublicKey with optional parameters present
+     * as an OID identifying the curve */
+    X509_ALGOR *alg;
+    /* Compressed format public key per ANSI X9.63 */
+    ASN1_BIT_STRING *pub_key;
+} DPP_BOOTSTRAPPING_KEY;
+
+ASN1_SEQUENCE(DPP_BOOTSTRAPPING_KEY) = {
+    ASN1_SIMPLE(DPP_BOOTSTRAPPING_KEY, alg, X509_ALGOR),
+    ASN1_SIMPLE(DPP_BOOTSTRAPPING_KEY, pub_key, ASN1_BIT_STRING)
+} ASN1_SEQUENCE_END(DPP_BOOTSTRAPPING_KEY)
+
+IMPLEMENT_ASN1_FUNCTIONS(DPP_BOOTSTRAPPING_KEY)
+
+typedef struct {
+    int type;
+    union {
+        ASN1_BIT_STRING *str1;
+        ASN1_BIT_STRING *str2;
+        ASN1_BIT_STRING *str3;
+    } d;
+} ASN1_CHOICE_TEST;
+
+ASN1_CHOICE(ASN1_CHOICE_TEST) = {
+    ASN1_IMP(ASN1_CHOICE_TEST, d.str1, ASN1_BIT_STRING, 1),
+    ASN1_IMP(ASN1_CHOICE_TEST, d.str2, ASN1_BIT_STRING, 2),
+    ASN1_IMP(ASN1_CHOICE_TEST, d.str3, ASN1_BIT_STRING, 3)
+} ASN1_CHOICE_END(ASN1_CHOICE_TEST)
+
+IMPLEMENT_ASN1_FUNCTIONS(ASN1_CHOICE_TEST)
+
+/* Test nested objects */
+typedef struct {
+    DPP_BOOTSTRAPPING_KEY* key;
+    ASN1_INTEGER* asnNum;
+    ASN1_INTEGER* expNum;
+    STACK_OF(ASN1_GENERALSTRING) *strList;
+    ASN1_CHOICE_TEST* str;
+} TEST_ASN1_NEST1;
+
+ASN1_SEQUENCE(TEST_ASN1_NEST1) = {
+    ASN1_SIMPLE(TEST_ASN1_NEST1, key, DPP_BOOTSTRAPPING_KEY),
+    ASN1_SIMPLE(TEST_ASN1_NEST1, asnNum, ASN1_INTEGER),
+    ASN1_EXP(TEST_ASN1_NEST1, expNum, ASN1_INTEGER, 0),
+    ASN1_EXP_SEQUENCE_OF(TEST_ASN1_NEST1, strList, ASN1_GENERALSTRING, 1),
+    ASN1_SIMPLE(TEST_ASN1_NEST1, str, ASN1_CHOICE_TEST)
+} ASN1_SEQUENCE_END(TEST_ASN1_NEST1)
+
+IMPLEMENT_ASN1_FUNCTIONS(TEST_ASN1_NEST1)
+
+typedef struct {
+    ASN1_INTEGER* num;
+    DPP_BOOTSTRAPPING_KEY* key;
+    TEST_ASN1_NEST1* asn1_obj;
+} TEST_ASN1_NEST2;
+
+ASN1_SEQUENCE(TEST_ASN1_NEST2) = {
+    ASN1_SIMPLE(TEST_ASN1_NEST2, num, ASN1_INTEGER),
+    ASN1_SIMPLE(TEST_ASN1_NEST2, key, DPP_BOOTSTRAPPING_KEY),
+    ASN1_SIMPLE(TEST_ASN1_NEST2, asn1_obj, TEST_ASN1_NEST1)
+} ASN1_SEQUENCE_END(TEST_ASN1_NEST2)
+
+IMPLEMENT_ASN1_FUNCTIONS(TEST_ASN1_NEST2)
+/* End nested objects */
+
+typedef struct {
+    ASN1_INTEGER *integer;
+} TEST_ASN1;
+
+ASN1_SEQUENCE(TEST_ASN1) = {
+    ASN1_SIMPLE(TEST_ASN1, integer, ASN1_INTEGER),
+} ASN1_SEQUENCE_END(TEST_ASN1)
+
+IMPLEMENT_ASN1_FUNCTIONS(TEST_ASN1)
+
+typedef STACK_OF(ASN1_INTEGER) TEST_ASN1_ITEM;
+
+ASN1_ITEM_TEMPLATE(TEST_ASN1_ITEM) =
+        ASN1_EX_TEMPLATE_TYPE(ASN1_TFLG_SEQUENCE_OF, 0, MemName, ASN1_INTEGER)
+ASN1_ITEM_TEMPLATE_END(TEST_ASN1_ITEM)
+
+IMPLEMENT_ASN1_FUNCTIONS(TEST_ASN1_ITEM)
+#endif
+
+int test_wolfSSL_IMPLEMENT_ASN1_FUNCTIONS(void)
+{
+    EXPECT_DECLS;
+    /* Testing code used in dpp.c in hostap */
+#if defined(OPENSSL_ALL) && defined(HAVE_ECC) && defined(USE_CERT_BUFFERS_256)
+#if !defined(HAVE_FIPS) || (defined(HAVE_FIPS_VERSION) && (HAVE_FIPS_VERSION>2))
+    EC_KEY *eckey = NULL;
+    EVP_PKEY *key = NULL;
+    size_t len = 0;
+    unsigned char *der = NULL;
+    unsigned char *der2 = NULL;
+    const unsigned char *tmp = NULL;
+    DPP_BOOTSTRAPPING_KEY *bootstrap = NULL, *bootstrap2 = NULL;
+    const unsigned char *in = ecc_clikey_der_256;
+    WOLFSSL_ASN1_OBJECT* ec_obj = NULL;
+    WOLFSSL_ASN1_OBJECT* group_obj = NULL;
+    const EC_GROUP *group = NULL;
+    const EC_POINT *point = NULL;
+    int nid;
+    TEST_ASN1 *test_asn1 = NULL;
+    TEST_ASN1 *test_asn1_2 = NULL;
+
+    const unsigned char badObjDer[] = { 0x06, 0x00 };
+    const unsigned char goodObjDer[] = {
+        0x06, 0x07, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x02, 0x01
+    };
+    WOLFSSL_ASN1_ITEM emptyTemplate;
+
+    XMEMSET(&emptyTemplate, 0, sizeof(WOLFSSL_ASN1_ITEM));
+
+    ExpectNotNull(bootstrap = DPP_BOOTSTRAPPING_KEY_new());
+
+    der = NULL;
+    ExpectIntEQ(i2d_DPP_BOOTSTRAPPING_KEY(NULL, &der), -1);
+    ExpectIntEQ(wolfSSL_ASN1_item_i2d(bootstrap, &der, NULL), -1);
+    ExpectIntEQ(i2d_DPP_BOOTSTRAPPING_KEY(bootstrap, &der), -1);
+
+    ExpectNotNull(key = d2i_PrivateKey(EVP_PKEY_EC, NULL, &in,
+                                       (long)sizeof_ecc_clikey_der_256));
+    ExpectNotNull(eckey = EVP_PKEY_get1_EC_KEY(key));
+    ExpectNotNull(group = EC_KEY_get0_group(eckey));
+    ExpectNotNull(point = EC_KEY_get0_public_key(eckey));
+    nid = EC_GROUP_get_curve_name(group);
+
+    ec_obj = OBJ_nid2obj(EVP_PKEY_EC);
+    group_obj = OBJ_nid2obj(nid);
+    if ((ec_obj != NULL) && (group_obj != NULL)) {
+        ExpectIntEQ(X509_ALGOR_set0(NULL, ec_obj, V_ASN1_OBJECT,
+            group_obj), 0);
+        ExpectIntEQ(X509_ALGOR_set0(bootstrap->alg, NULL, V_ASN1_OBJECT,
+            NULL), 1);
+        ExpectIntEQ(X509_ALGOR_set0(bootstrap->alg, ec_obj, V_ASN1_OBJECT,
+            group_obj), 1);
+        if (EXPECT_SUCCESS()) {
+            ec_obj = NULL;
+            group_obj = NULL;
+        }
+    }
+    wolfSSL_ASN1_OBJECT_free(group_obj);
+    wolfSSL_ASN1_OBJECT_free(ec_obj);
+    ExpectIntEQ(EC_POINT_point2oct(group, point, 0, NULL, 0, NULL), 0);
+#ifdef HAVE_COMP_KEY
+    ExpectIntGT((len = EC_POINT_point2oct(
+                                   group, point, POINT_CONVERSION_COMPRESSED,
+                                   NULL, 0, NULL)), 0);
+#else
+    ExpectIntGT((len = EC_POINT_point2oct(
+                                   group, point, POINT_CONVERSION_UNCOMPRESSED,
+                                   NULL, 0, NULL)), 0);
+#endif
+    ExpectNotNull(der = (unsigned char*)XMALLOC(len, NULL, DYNAMIC_TYPE_ASN1));
+#ifdef HAVE_COMP_KEY
+    ExpectIntEQ(EC_POINT_point2oct(group, point, POINT_CONVERSION_COMPRESSED,
+                                   der, len-1, NULL), 0);
+    ExpectIntEQ(EC_POINT_point2oct(group, point, POINT_CONVERSION_COMPRESSED,
+                                   der, len, NULL), len);
+#else
+    ExpectIntEQ(EC_POINT_point2oct(group, point, POINT_CONVERSION_UNCOMPRESSED,
+                                   der, len-1, NULL), 0);
+    ExpectIntEQ(EC_POINT_point2oct(group, point, POINT_CONVERSION_UNCOMPRESSED,
+                                   der, len, NULL), len);
+#endif
+    if (EXPECT_SUCCESS()) {
+        bootstrap->pub_key->data = der;
+        bootstrap->pub_key->length = (int)len;
+        /* Not actually used */
+        bootstrap->pub_key->flags &= ~(ASN1_STRING_FLAG_BITS_LEFT | 0x07);
+        bootstrap->pub_key->flags |= ASN1_STRING_FLAG_BITS_LEFT;
+    }
+
+    ExpectIntEQ(i2d_DPP_BOOTSTRAPPING_KEY(bootstrap, NULL), 16+len);
+    der = NULL;
+    ExpectIntEQ(i2d_DPP_BOOTSTRAPPING_KEY(bootstrap, &der), 16+len);
+    der2 = NULL;
+#ifdef WOLFSSL_ASN_TEMPLATE
+    tmp = der;
+    ExpectNotNull(d2i_DPP_BOOTSTRAPPING_KEY(&bootstrap2, &tmp, 16+len));
+    ExpectIntEQ(i2d_DPP_BOOTSTRAPPING_KEY(bootstrap2, &der2), 16+len);
+    ExpectBufEQ(der, der2, 49);
+#endif
+
+    XFREE(der, NULL, DYNAMIC_TYPE_ASN1);
+    XFREE(der2, NULL, DYNAMIC_TYPE_ASN1);
+    EVP_PKEY_free(key);
+    EC_KEY_free(eckey);
+    DPP_BOOTSTRAPPING_KEY_free(bootstrap);
+    DPP_BOOTSTRAPPING_KEY_free(bootstrap2);
+    bootstrap = NULL;
+    DPP_BOOTSTRAPPING_KEY_free(NULL);
+
+    /* Create bootstrap key with bad OBJECT_ID DER data, parameter that is
+     * a NULL and an empty BIT_STRING. */
+    ExpectNotNull(bootstrap = DPP_BOOTSTRAPPING_KEY_new());
+    ExpectNotNull(bootstrap->alg->algorithm = wolfSSL_ASN1_OBJECT_new());
+    if (EXPECT_SUCCESS()) {
+        bootstrap->alg->algorithm->obj = badObjDer;
+        bootstrap->alg->algorithm->objSz = (unsigned int)sizeof(badObjDer);
+    }
+    ExpectNotNull(bootstrap->alg->parameter = wolfSSL_ASN1_TYPE_new());
+    if (EXPECT_SUCCESS()) {
+        bootstrap->alg->parameter->type = V_ASN1_NULL;
+        bootstrap->alg->parameter->value.ptr = NULL;
+        bootstrap->pub_key->data = NULL;
+        bootstrap->pub_key->length = 0;
+        /* Not actually used */
+        bootstrap->pub_key->flags &= ~(ASN1_STRING_FLAG_BITS_LEFT | 0x07);
+        bootstrap->pub_key->flags |= ASN1_STRING_FLAG_BITS_LEFT;
+    }
+    /* Encode with bad OBJECT_ID. */
+    der = NULL;
+    ExpectIntEQ(i2d_DPP_BOOTSTRAPPING_KEY(bootstrap, &der), -1);
+
+    /* Fix OBJECT_ID and encode with empty BIT_STRING. */
+    if (EXPECT_SUCCESS()) {
+        bootstrap->alg->algorithm->obj = goodObjDer;
+        bootstrap->alg->algorithm->objSz = (unsigned int)sizeof(goodObjDer);
+        bootstrap->alg->algorithm->grp = 2;
+    }
+    der = NULL;
+    ExpectIntEQ(i2d_DPP_BOOTSTRAPPING_KEY(bootstrap, &der), 16);
+    ExpectIntEQ(wolfSSL_ASN1_item_i2d(bootstrap, &der, &emptyTemplate), -1);
+    XFREE(der, NULL, DYNAMIC_TYPE_ASN1);
+    DPP_BOOTSTRAPPING_KEY_free(bootstrap);
+
+    /* Test integer */
+    ExpectNotNull(test_asn1 = TEST_ASN1_new());
+    der = NULL;
+    ExpectIntEQ(ASN1_INTEGER_set(test_asn1->integer, 100), 1);
+    ExpectIntEQ(i2d_TEST_ASN1(test_asn1, &der), 5);
+    tmp = der;
+    ExpectNotNull(d2i_TEST_ASN1(&test_asn1_2, &tmp, 5));
+    der2 = NULL;
+    ExpectIntEQ(i2d_TEST_ASN1(test_asn1_2, &der2), 5);
+    ExpectBufEQ(der, der2, 5);
+    XFREE(der, NULL, DYNAMIC_TYPE_ASN1);
+    XFREE(der2, NULL, DYNAMIC_TYPE_ASN1);
+    TEST_ASN1_free(test_asn1);
+    TEST_ASN1_free(test_asn1_2);
+
+    /* Test integer cases. */
+    ExpectNull(wolfSSL_ASN1_item_new(NULL));
+    TEST_ASN1_free(NULL);
+
+    /* Test nested asn1 objects */
+    {
+        TEST_ASN1_NEST2 *nested_asn1 = NULL;
+        TEST_ASN1_NEST2 *nested_asn1_2 = NULL;
+        int i;
+
+        ExpectNotNull(nested_asn1 = TEST_ASN1_NEST2_new());
+        /* Populate nested_asn1 with some random data */
+        /* nested_asn1->num */
+        ExpectIntEQ(ASN1_INTEGER_set(nested_asn1->num, 30003), 1);
+        /* nested_asn1->key */
+        ec_obj = OBJ_nid2obj(EVP_PKEY_EC);
+        group_obj = OBJ_nid2obj(NID_secp256k1);
+        ExpectIntEQ(X509_ALGOR_set0(nested_asn1->key->alg, ec_obj,
+                V_ASN1_OBJECT, group_obj), 1);
+        if (EXPECT_SUCCESS()) {
+            ec_obj = NULL;
+            group_obj = NULL;
+        }
+        else {
+            wolfSSL_ASN1_OBJECT_free(ec_obj);
+            wolfSSL_ASN1_OBJECT_free(group_obj);
+        }
+        ExpectIntEQ(ASN1_BIT_STRING_set_bit(nested_asn1->key->pub_key, 50, 1),
+                1);
+        /* nested_asn1->asn1_obj->key */
+        ec_obj = OBJ_nid2obj(EVP_PKEY_EC);
+        group_obj = OBJ_nid2obj(NID_secp256k1);
+        ExpectIntEQ(X509_ALGOR_set0(nested_asn1->asn1_obj->key->alg, ec_obj,
+                V_ASN1_OBJECT, group_obj), 1);
+        if (EXPECT_SUCCESS()) {
+            ec_obj = NULL;
+            group_obj = NULL;
+        }
+        else {
+            wolfSSL_ASN1_OBJECT_free(ec_obj);
+            wolfSSL_ASN1_OBJECT_free(group_obj);
+        }
+        ExpectIntEQ(ASN1_BIT_STRING_set_bit(nested_asn1->asn1_obj->key->pub_key,
+                500, 1), 1);
+        /* nested_asn1->asn1_obj->asnNum */
+        ExpectIntEQ(ASN1_INTEGER_set(nested_asn1->asn1_obj->asnNum, 666666), 1);
+        /* nested_asn1->asn1_obj->expNum */
+        ExpectIntEQ(ASN1_INTEGER_set(nested_asn1->asn1_obj->expNum, 22222), 1);
+        /* nested_asn1->asn1_obj->strList */
+        for (i = 10; i >= 0; i--) {
+            ASN1_GENERALSTRING* genStr = NULL;
+            char fmtStr[20];
+
+            ExpectIntGT(snprintf(fmtStr, sizeof(fmtStr), "Bonjour #%d", i), 0);
+            ExpectNotNull(genStr = ASN1_GENERALSTRING_new());
+            ExpectIntEQ(ASN1_GENERALSTRING_set(genStr, fmtStr, -1), 1);
+            ExpectIntGT(
+                    sk_ASN1_GENERALSTRING_push(nested_asn1->asn1_obj->strList,
+                            genStr), 0);
+            if (EXPECT_FAIL()) {
+                ASN1_GENERALSTRING_free(genStr);
+            }
+        }
+        /* nested_asn1->asn1_obj->str */
+        ExpectNotNull(nested_asn1->asn1_obj->str->d.str2
+                = ASN1_BIT_STRING_new());
+        ExpectIntEQ(ASN1_BIT_STRING_set_bit(nested_asn1->asn1_obj->str->d.str2,
+                150, 1), 1);
+        if (nested_asn1 != NULL) {
+            nested_asn1->asn1_obj->str->type = 2;
+        }
+
+        der = NULL;
+        ExpectIntEQ(i2d_TEST_ASN1_NEST2(nested_asn1, &der), 285);
+#ifdef WOLFSSL_ASN_TEMPLATE
+        tmp = der;
+        ExpectNotNull(d2i_TEST_ASN1_NEST2(&nested_asn1_2, &tmp, 285));
+        der2 = NULL;
+        ExpectIntEQ(i2d_TEST_ASN1_NEST2(nested_asn1_2, &der2), 285);
+        ExpectBufEQ(der, der2, 285);
+        XFREE(der2, NULL, DYNAMIC_TYPE_ASN1);
+#endif
+        XFREE(der, NULL, DYNAMIC_TYPE_ASN1);
+
+        TEST_ASN1_NEST2_free(nested_asn1);
+        TEST_ASN1_NEST2_free(nested_asn1_2);
+    }
+
+    /* Test ASN1_ITEM_TEMPLATE */
+    {
+        TEST_ASN1_ITEM* asn1_item = NULL;
+        TEST_ASN1_ITEM* asn1_item2 = NULL;
+        int i;
+
+        ExpectNotNull(asn1_item = TEST_ASN1_ITEM_new());
+        for (i = 0; i < 11; i++) {
+            ASN1_INTEGER* asn1_num = NULL;
+
+            ExpectNotNull(asn1_num = ASN1_INTEGER_new());
+            ExpectIntEQ(ASN1_INTEGER_set(asn1_num, i), 1);
+            ExpectIntGT(wolfSSL_sk_insert(asn1_item, asn1_num, -1), 0);
+            if (EXPECT_FAIL()) {
+                ASN1_INTEGER_free(asn1_num);
+            }
+        }
+
+        der = NULL;
+        ExpectIntEQ(i2d_TEST_ASN1_ITEM(asn1_item, &der), 35);
+        tmp = der;
+        ExpectNotNull(d2i_TEST_ASN1_ITEM(&asn1_item2, &tmp, 35));
+        der2 = NULL;
+        ExpectIntEQ(i2d_TEST_ASN1_ITEM(asn1_item2, &der2), 35);
+        ExpectBufEQ(der, der2, 35);
+        XFREE(der, NULL, DYNAMIC_TYPE_ASN1);
+        XFREE(der2, NULL, DYNAMIC_TYPE_ASN1);
+
+        TEST_ASN1_ITEM_free(asn1_item);
+        TEST_ASN1_ITEM_free(asn1_item2);
+    }
+
+#endif /* !HAVE_FIPS || HAVE_FIPS_VERSION > 2 */
+#endif /* OPENSSL_ALL && HAVE_ECC && USE_CERT_BUFFERS_256 */
+    return EXPECT_RESULT();
+}
+
+int test_wolfSSL_i2d_ASN1_TYPE(void)
+{
+    EXPECT_DECLS;
+#if defined(OPENSSL_EXTRA)
+    /* Taken from one of sssd's certs othernames */
+    unsigned char str_bin[] = {
+        0x04, 0x10, 0xa4, 0x9b, 0xc8, 0xf4, 0x85, 0x8e, 0x89, 0x4d, 0x85, 0x8d,
+        0x27, 0xbd, 0x63, 0xaa, 0x93, 0x93
+    };
+    ASN1_TYPE* asn1type = NULL;
+    unsigned char* der = NULL;
+
+    /* Create ASN1_TYPE manually as we don't have a d2i version yet */
+    {
+        ASN1_STRING* str = NULL;
+        ExpectNotNull(str = ASN1_STRING_type_new(V_ASN1_SEQUENCE));
+        ExpectIntEQ(ASN1_STRING_set(str, str_bin, sizeof(str_bin)), 1);
+        ExpectNotNull(asn1type = ASN1_TYPE_new());
+        if (asn1type != NULL) {
+            ASN1_TYPE_set(asn1type, V_ASN1_SEQUENCE, str);
+        }
+        else {
+            ASN1_STRING_free(str);
+        }
+    }
+
+    ExpectIntEQ(i2d_ASN1_TYPE(asn1type, NULL), sizeof(str_bin));
+    ExpectIntEQ(i2d_ASN1_TYPE(asn1type, &der), sizeof(str_bin));
+    ExpectBufEQ(der, str_bin, sizeof(str_bin));
+
+    ASN1_TYPE_free(asn1type);
+    XFREE(der, NULL, DYNAMIC_TYPE_ASN1);
+#endif
+    return EXPECT_RESULT();
+}
+
+int test_wolfSSL_i2d_ASN1_SEQUENCE(void)
+{
+    EXPECT_DECLS;
+#if defined(OPENSSL_EXTRA)
+    /* Taken from one of sssd's certs othernames */
+    unsigned char str_bin[] = {
+      0x04, 0x10, 0xa4, 0x9b, 0xc8, 0xf4, 0x85, 0x8e, 0x89, 0x4d, 0x85, 0x8d,
+      0x27, 0xbd, 0x63, 0xaa, 0x93, 0x93
+    };
+    ASN1_STRING* str = NULL;
+    unsigned char* der = NULL;
+
+    ExpectNotNull(str = ASN1_STRING_type_new(V_ASN1_SEQUENCE));
+    ExpectIntEQ(ASN1_STRING_set(str, str_bin, sizeof(str_bin)), 1);
+    ExpectIntEQ(i2d_ASN1_SEQUENCE(str, NULL), sizeof(str_bin));
+    ExpectIntEQ(i2d_ASN1_SEQUENCE(str, &der), sizeof(str_bin));
+
+    ASN1_STRING_free(str);
+    XFREE(der, NULL, DYNAMIC_TYPE_ASN1);
+#endif
+    return EXPECT_RESULT();
+}
+
+int test_ASN1_strings(void)
+{
+    EXPECT_DECLS;
+#if defined(OPENSSL_EXTRA)
+    char text[] = "\0\0test string";
+    unsigned char* der = NULL;
+    ASN1_STRING* str = NULL;
+
+    /* Set the length byte */
+    text[1] = XSTRLEN(text + 2);
+
+    /* GENERALSTRING */
+    {
+        const unsigned char* p = (const unsigned char*)text;
+        text[0] = ASN_GENERALSTRING;
+        ExpectNotNull(d2i_ASN1_GENERALSTRING(&str, &p, sizeof(text)));
+        ExpectIntEQ(i2d_ASN1_GENERALSTRING(str, &der), 13);
+        ASN1_STRING_free(str);
+        str = NULL;
+        XFREE(der, NULL, DYNAMIC_TYPE_ASN1);
+        der = NULL;
+    }
+
+    /* OCTET_STRING */
+    {
+        const unsigned char* p = (const unsigned char*)text;
+        text[0] = ASN_OCTET_STRING;
+        ExpectNotNull(d2i_ASN1_OCTET_STRING(&str, &p, sizeof(text)));
+        ExpectIntEQ(i2d_ASN1_OCTET_STRING(str, &der), 13);
+        ASN1_STRING_free(str);
+        str = NULL;
+        XFREE(der, NULL, DYNAMIC_TYPE_ASN1);
+        der = NULL;
+    }
+
+    /* UTF8STRING */
+    {
+        const unsigned char* p = (const unsigned char*)text;
+        text[0] = ASN_UTF8STRING;
+        ExpectNotNull(d2i_ASN1_UTF8STRING(&str, &p, sizeof(text)));
+        ExpectIntEQ(i2d_ASN1_UTF8STRING(str, &der), 13);
+        ASN1_STRING_free(str);
+        str = NULL;
+        XFREE(der, NULL, DYNAMIC_TYPE_ASN1);
+        der = NULL;
+    }
+
+#endif
+    return EXPECT_RESULT();
+}
+
diff --git a/tests/api/test_ossl_asn1.h b/tests/api/test_ossl_asn1.h
new file mode 100644
index 000000000..58f496ed9
--- /dev/null
+++ b/tests/api/test_ossl_asn1.h
@@ -0,0 +1,112 @@
+/* test_ossl_asn1.h
+ *
+ * Copyright (C) 2006-2025 wolfSSL Inc.
+ *
+ * This file is part of wolfSSL.
+ *
+ * wolfSSL is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * wolfSSL is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA
+ */
+
+#ifndef WOLFCRYPT_TEST_OSSL_ASN1_H
+#define WOLFCRYPT_TEST_OSSL_ASN1_H
+
+#include <tests/api/api_decl.h>
+
+int test_wolfSSL_ASN1_BIT_STRING(void);
+int test_wolfSSL_ASN1_INTEGER(void);
+int test_wolfSSL_ASN1_INTEGER_cmp(void);
+int test_wolfSSL_ASN1_INTEGER_BN(void);
+int test_wolfSSL_ASN1_INTEGER_get_set(void);
+int test_wolfSSL_d2i_ASN1_INTEGER(void);
+int test_wolfSSL_a2i_ASN1_INTEGER(void);
+int test_wolfSSL_i2c_ASN1_INTEGER(void);
+int test_wolfSSL_ASN1_OBJECT(void);
+int test_wolfSSL_ASN1_get_object(void);
+int test_wolfSSL_i2a_ASN1_OBJECT(void);
+int test_wolfSSL_i2t_ASN1_OBJECT(void);
+int test_wolfSSL_sk_ASN1_OBJECT(void);
+int test_wolfSSL_ASN1_STRING(void);
+int test_wolfSSL_ASN1_STRING_to_UTF8(void);
+int test_wolfSSL_i2s_ASN1_STRING(void);
+int test_wolfSSL_ASN1_STRING_canon(void);
+int test_wolfSSL_ASN1_STRING_print(void);
+int test_wolfSSL_ASN1_STRING_print_ex(void);
+int test_wolfSSL_ASN1_UNIVERSALSTRING_to_string(void);
+int test_wolfSSL_ASN1_GENERALIZEDTIME_free(void);
+int test_wolfSSL_ASN1_GENERALIZEDTIME_print(void);
+int test_wolfSSL_ASN1_TIME(void);
+int test_wolfSSL_ASN1_TIME_to_string(void);
+int test_wolfSSL_ASN1_TIME_diff_compare(void);
+int test_wolfSSL_ASN1_TIME_adj(void);
+int test_wolfSSL_ASN1_TIME_to_tm(void);
+int test_wolfSSL_ASN1_TIME_to_generalizedtime(void);
+int test_wolfSSL_ASN1_TIME_print(void);
+int test_wolfSSL_ASN1_UTCTIME_print(void);
+int test_wolfSSL_ASN1_TYPE(void);
+int test_wolfSSL_IMPLEMENT_ASN1_FUNCTIONS(void);
+int test_wolfSSL_i2d_ASN1_TYPE(void);
+int test_wolfSSL_i2d_ASN1_SEQUENCE(void);
+int test_ASN1_strings(void);
+
+#define TEST_OSSL_ASN1_BIT_STRING_DECLS                             \
+    TEST_DECL_GROUP("ossl_asn1_bs", test_wolfSSL_ASN1_BIT_STRING)
+
+#define TEST_OSSL_ASN1_INTEGER_DECLS                                        \
+    TEST_DECL_GROUP("ossl_asn1_int", test_wolfSSL_ASN1_INTEGER),            \
+    TEST_DECL_GROUP("ossl_asn1_int", test_wolfSSL_ASN1_INTEGER_cmp),        \
+    TEST_DECL_GROUP("ossl_asn1_int", test_wolfSSL_ASN1_INTEGER_BN),         \
+    TEST_DECL_GROUP("ossl_asn1_int", test_wolfSSL_ASN1_INTEGER_get_set),    \
+    TEST_DECL_GROUP("ossl_asn1_int", test_wolfSSL_d2i_ASN1_INTEGER),        \
+    TEST_DECL_GROUP("ossl_asn1_int", test_wolfSSL_a2i_ASN1_INTEGER),        \
+    TEST_DECL_GROUP("ossl_asn1_int", test_wolfSSL_i2c_ASN1_INTEGER)
+
+#define TEST_OSSL_ASN1_OBJECT_DECLS                                         \
+    TEST_DECL_GROUP("ossl_asn1_obj", test_wolfSSL_ASN1_OBJECT),             \
+    TEST_DECL_GROUP("ossl_asn1_obj", test_wolfSSL_ASN1_get_object),         \
+    TEST_DECL_GROUP("ossl_asn1_obj", test_wolfSSL_i2a_ASN1_OBJECT),         \
+    TEST_DECL_GROUP("ossl_asn1_obj", test_wolfSSL_i2t_ASN1_OBJECT),         \
+    TEST_DECL_GROUP("ossl_asn1_obj", test_wolfSSL_sk_ASN1_OBJECT)
+
+#define TEST_OSSL_ASN1_STRING_DECLS                                            \
+    TEST_DECL_GROUP("ossl_asn1_str", test_wolfSSL_ASN1_STRING),                \
+    TEST_DECL_GROUP("ossl_asn1_str", test_wolfSSL_ASN1_STRING_to_UTF8),        \
+    TEST_DECL_GROUP("ossl_asn1_str", test_wolfSSL_i2s_ASN1_STRING),            \
+    TEST_DECL_GROUP("ossl_asn1_str", test_wolfSSL_ASN1_STRING_canon),          \
+    TEST_DECL_GROUP("ossl_asn1_str", test_wolfSSL_ASN1_STRING_print),          \
+    TEST_DECL_GROUP("ossl_asn1_str", test_wolfSSL_ASN1_STRING_print_ex),       \
+    TEST_DECL_GROUP("ossl_asn1_str",                                           \
+                                 test_wolfSSL_ASN1_UNIVERSALSTRING_to_string), \
+    TEST_DECL_GROUP("ossl_asn1_str", test_ASN1_strings)
+
+#define TEST_OSSL_ASN1_TIME_DECLS                                              \
+    TEST_DECL_GROUP("ossl_asn1_tm", test_wolfSSL_ASN1_GENERALIZEDTIME_free),   \
+    TEST_DECL_GROUP("ossl_asn1_tm", test_wolfSSL_ASN1_GENERALIZEDTIME_print),  \
+    TEST_DECL_GROUP("ossl_asn1_tm", test_wolfSSL_ASN1_TIME),                   \
+    TEST_DECL_GROUP("ossl_asn1_tm", test_wolfSSL_ASN1_TIME_to_string),         \
+    TEST_DECL_GROUP("ossl_asn1_tm", test_wolfSSL_ASN1_TIME_diff_compare),      \
+    TEST_DECL_GROUP("ossl_asn1_tm", test_wolfSSL_ASN1_TIME_adj),               \
+    TEST_DECL_GROUP("ossl_asn1_tm", test_wolfSSL_ASN1_TIME_to_tm),             \
+    TEST_DECL_GROUP("ossl_asn1_tm",                                            \
+                                   test_wolfSSL_ASN1_TIME_to_generalizedtime), \
+    TEST_DECL_GROUP("ossl_asn1_tm", test_wolfSSL_ASN1_TIME_print),             \
+    TEST_DECL_GROUP("ossl_asn1_tm", test_wolfSSL_ASN1_UTCTIME_print)
+
+#define TEST_OSSL_ASN1_TYPE_DECLS                                              \
+    TEST_DECL_GROUP("ossl_asn1_type", test_wolfSSL_ASN1_TYPE),                 \
+    TEST_DECL_GROUP("ossl_asn1_type", test_wolfSSL_IMPLEMENT_ASN1_FUNCTIONS),  \
+    TEST_DECL_GROUP("ossl_asn1_type", test_wolfSSL_i2d_ASN1_TYPE),             \
+    TEST_DECL_GROUP("ossl_asn1_type", test_wolfSSL_i2d_ASN1_SEQUENCE)
+
+#endif /* WOLFCRYPT_TEST_OSSL_ASN1_H */
diff --git a/tests/api/test_ossl_bio.c b/tests/api/test_ossl_bio.c
new file mode 100644
index 000000000..cedf9f918
--- /dev/null
+++ b/tests/api/test_ossl_bio.c
@@ -0,0 +1,1160 @@
+/* test_ossl_bio.c
+ *
+ * Copyright (C) 2006-2025 wolfSSL Inc.
+ *
+ * This file is part of wolfSSL.
+ *
+ * wolfSSL is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * wolfSSL is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA
+ */
+
+#include <tests/unit.h>
+
+#ifdef NO_INLINE
+    #include <wolfssl/wolfcrypt/misc.h>
+#else
+    #define WOLFSSL_MISC_INCLUDED
+    #include <wolfcrypt/src/misc.c>
+#endif
+
+#include <wolfssl/openssl/bio.h>
+#include <wolfssl/openssl/buffer.h>
+#include <wolfssl/wolfcrypt/types.h>
+#include <tests/api/api.h>
+#include <tests/api/test_ossl_bio.h>
+
+/*******************************************************************************
+ * BIO OpenSSL compatibility API Testing
+ ******************************************************************************/
+
+#ifndef NO_BIO
+
+int test_wolfSSL_BIO_gets(void)
+{
+    EXPECT_DECLS;
+#if defined(OPENSSL_EXTRA)
+    BIO* bio = NULL;
+    BIO* bio2 = NULL;
+    char msg[] = "\nhello wolfSSL\n security plus\t---...**adf\na...b.c";
+    char emp[] = "";
+    char bio_buffer[20];
+    int bufferSz = 20;
+#ifdef OPENSSL_ALL
+    BUF_MEM* emp_bm = NULL;
+    BUF_MEM* msg_bm = NULL;
+#endif
+
+    /* try with bad args */
+    ExpectNull(bio = BIO_new_mem_buf(NULL, sizeof(msg)));
+#ifdef OPENSSL_ALL
+    ExpectIntEQ(BIO_set_mem_buf(bio, NULL, BIO_NOCLOSE), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+#endif
+
+    /* try with real msg */
+    ExpectNotNull(bio = BIO_new_mem_buf((void*)msg, -1));
+    XMEMSET(bio_buffer, 0, bufferSz);
+    ExpectNotNull(BIO_push(bio, BIO_new(BIO_s_bio())));
+    ExpectNull(bio2 = BIO_find_type(bio, BIO_TYPE_FILE));
+    ExpectNotNull(bio2 = BIO_find_type(bio, BIO_TYPE_BIO));
+    ExpectFalse(bio2 != BIO_next(bio));
+
+    /* make buffer filled with no terminating characters */
+    XMEMSET(bio_buffer, 1, bufferSz);
+
+    /* BIO_gets reads a line of data */
+    ExpectIntEQ(BIO_gets(bio, bio_buffer, -3), 0);
+    ExpectIntEQ(BIO_gets(bio, bio_buffer, bufferSz), 1);
+    ExpectIntEQ(BIO_gets(bio, bio_buffer, bufferSz), 14);
+    ExpectStrEQ(bio_buffer, "hello wolfSSL\n");
+    ExpectIntEQ(BIO_gets(bio, bio_buffer, bufferSz), 19);
+    ExpectIntEQ(BIO_gets(bio, bio_buffer, bufferSz), 8);
+    ExpectIntEQ(BIO_gets(bio, bio_buffer, -1), 0);
+
+#ifdef OPENSSL_ALL
+    /* test setting the mem_buf manually */
+    BIO_free(bio);
+    ExpectNotNull(bio = BIO_new_mem_buf((void*)msg, -1));
+    ExpectNotNull(emp_bm = BUF_MEM_new());
+    ExpectNotNull(msg_bm = BUF_MEM_new());
+    ExpectIntEQ(BUF_MEM_grow(msg_bm, sizeof(msg)), sizeof(msg));
+    if (EXPECT_SUCCESS()) {
+        XFREE(msg_bm->data, NULL, DYNAMIC_TYPE_OPENSSL);
+        msg_bm->data = NULL;
+    }
+    /* emp size is 1 for terminator */
+    ExpectIntEQ(BUF_MEM_grow(emp_bm, sizeof(emp)), sizeof(emp));
+    if (EXPECT_SUCCESS()) {
+        XFREE(emp_bm->data, NULL, DYNAMIC_TYPE_OPENSSL);
+        emp_bm->data = emp;
+        msg_bm->data = msg;
+    }
+    ExpectIntEQ(BIO_set_mem_buf(bio, emp_bm, BIO_CLOSE), WOLFSSL_SUCCESS);
+
+    /* check reading an empty string */
+    ExpectIntEQ(BIO_gets(bio, bio_buffer, bufferSz), 1); /* just terminator */
+    ExpectStrEQ(emp, bio_buffer);
+    ExpectIntEQ(BIO_gets(bio, bio_buffer, bufferSz), 0); /* Nothing to read */
+
+    /* BIO_gets reads a line of data */
+    ExpectIntEQ(BIO_set_mem_buf(bio, msg_bm, BIO_NOCLOSE), WOLFSSL_SUCCESS);
+    ExpectIntEQ(BIO_gets(bio, bio_buffer, -3), 0);
+    ExpectIntEQ(BIO_gets(bio, bio_buffer, bufferSz), 1);
+    ExpectIntEQ(BIO_gets(bio, bio_buffer, bufferSz), 14);
+    ExpectStrEQ(bio_buffer, "hello wolfSSL\n");
+    ExpectIntEQ(BIO_gets(bio, bio_buffer, bufferSz), 19);
+    ExpectIntEQ(BIO_gets(bio, bio_buffer, bufferSz), 8);
+    ExpectIntEQ(BIO_gets(bio, bio_buffer, -1), 0);
+
+    if (EXPECT_SUCCESS())
+        emp_bm->data = NULL;
+    BUF_MEM_free(emp_bm);
+    if (EXPECT_SUCCESS())
+        msg_bm->data = NULL;
+    BUF_MEM_free(msg_bm);
+#endif
+
+    /* check not null terminated string */
+    BIO_free(bio);
+    bio = NULL;
+    msg[0] = 0x33;
+    msg[1] = 0x33;
+    msg[2] = 0x33;
+    ExpectNotNull(bio = BIO_new_mem_buf((void*)msg, 3));
+    ExpectIntEQ(BIO_gets(bio, bio_buffer, 3), 2);
+    ExpectIntEQ(bio_buffer[0], msg[0]);
+    ExpectIntEQ(bio_buffer[1], msg[1]);
+    ExpectIntNE(bio_buffer[2], msg[2]);
+
+    BIO_free(bio);
+    bio = NULL;
+    msg[3]    = 0x33;
+    bio_buffer[3] = 0x33;
+    ExpectNotNull(bio = BIO_new_mem_buf((void*)msg, 3));
+    ExpectIntEQ(BIO_gets(bio, bio_buffer, bufferSz), 3);
+    ExpectIntEQ(bio_buffer[0], msg[0]);
+    ExpectIntEQ(bio_buffer[1], msg[1]);
+    ExpectIntEQ(bio_buffer[2], msg[2]);
+    ExpectIntNE(bio_buffer[3], 0x33); /* make sure null terminator was set */
+
+    /* check reading an empty string */
+    BIO_free(bio);
+    bio = NULL;
+    ExpectNotNull(bio = BIO_new_mem_buf((void*)emp, sizeof(emp)));
+    ExpectIntEQ(BIO_gets(bio, bio_buffer, bufferSz), 1); /* just terminator */
+    ExpectStrEQ(emp, bio_buffer);
+    ExpectIntEQ(BIO_gets(bio, bio_buffer, bufferSz), 0); /* Nothing to read */
+
+    /* check error cases */
+    BIO_free(bio);
+    bio = NULL;
+    ExpectIntEQ(BIO_gets(NULL, NULL, 0), WC_NO_ERR_TRACE(WOLFSSL_FAILURE));
+    ExpectNotNull(bio = BIO_new(BIO_s_mem()));
+    ExpectIntEQ(BIO_gets(bio, bio_buffer, 2), 0); /* nothing to read */
+
+#if !defined(NO_FILESYSTEM)
+    {
+        BIO*  f_bio = NULL;
+        XFILE f = XBADFILE;
+
+        ExpectNotNull(f_bio = BIO_new(BIO_s_file()));
+        ExpectIntLE(BIO_gets(f_bio, bio_buffer, bufferSz), 0);
+
+        ExpectTrue((f = XFOPEN(svrCertFile, "rb")) != XBADFILE);
+        ExpectIntEQ((int)BIO_set_fp(f_bio, f, BIO_CLOSE), SSL_SUCCESS);
+        if (EXPECT_FAIL() && (f != XBADFILE)) {
+            XFCLOSE(f);
+        }
+        ExpectIntGT(BIO_gets(f_bio, bio_buffer, bufferSz), 0);
+
+        BIO_free(f_bio);
+        f_bio = NULL;
+    }
+#endif /* NO_FILESYSTEM */
+
+    BIO_free(bio);
+    bio = NULL;
+    BIO_free(bio2);
+    bio2 = NULL;
+
+    /* try with type BIO */
+    XMEMCPY(msg, "\nhello wolfSSL\n security plus\t---...**adf\na...b.c",
+        sizeof(msg));
+    ExpectNotNull(bio = BIO_new(BIO_s_bio()));
+    ExpectIntEQ(BIO_gets(bio, bio_buffer, 2), 0); /* nothing to read */
+    ExpectNotNull(bio2 = BIO_new(BIO_s_bio()));
+
+    ExpectIntEQ(BIO_set_write_buf_size(bio, 10),           SSL_SUCCESS);
+    ExpectIntEQ(BIO_set_write_buf_size(bio2, sizeof(msg)), SSL_SUCCESS);
+    ExpectIntEQ(BIO_make_bio_pair(bio, bio2),              SSL_SUCCESS);
+
+    ExpectIntEQ(BIO_write(bio2, msg, sizeof(msg)), sizeof(msg));
+    ExpectIntEQ(BIO_gets(bio, bio_buffer, -3), 0);
+    ExpectIntEQ(BIO_gets(bio, bio_buffer, bufferSz), 1);
+    ExpectIntEQ(BIO_gets(bio, bio_buffer, bufferSz), 14);
+    ExpectStrEQ(bio_buffer, "hello wolfSSL\n");
+    ExpectIntEQ(BIO_gets(bio, bio_buffer, bufferSz), 19);
+    ExpectIntEQ(BIO_gets(bio, bio_buffer, bufferSz), 8);
+    ExpectIntEQ(BIO_gets(bio, bio_buffer, -1), 0);
+
+    BIO_free(bio);
+    bio = NULL;
+    BIO_free(bio2);
+    bio2 = NULL;
+
+    /* check reading an empty string */
+    ExpectNotNull(bio = BIO_new(BIO_s_bio()));
+    ExpectIntEQ(BIO_set_write_buf_size(bio, sizeof(emp)), SSL_SUCCESS);
+    ExpectIntEQ(BIO_gets(bio, bio_buffer, bufferSz), 0); /* Nothing to read */
+    ExpectStrEQ(emp, bio_buffer);
+
+    BIO_free(bio);
+    bio = NULL;
+#endif
+    return EXPECT_RESULT();
+}
+
+
+int test_wolfSSL_BIO_puts(void)
+{
+    EXPECT_DECLS;
+#if defined(OPENSSL_EXTRA)
+    BIO* bio = NULL;
+    char input[] = "hello\0world\n.....ok\n\0";
+    char output[128];
+
+    XMEMSET(output, 0, sizeof(output));
+    ExpectNotNull(bio = BIO_new(BIO_s_mem()));
+    ExpectIntEQ(BIO_puts(bio, input), 5);
+    ExpectIntEQ(BIO_pending(bio), 5);
+    ExpectIntEQ(BIO_puts(bio, input + 6), 14);
+    ExpectIntEQ(BIO_pending(bio), 19);
+    ExpectIntEQ(BIO_gets(bio, output, sizeof(output)), 11);
+    ExpectStrEQ(output, "helloworld\n");
+    ExpectIntEQ(BIO_pending(bio), 8);
+    ExpectIntEQ(BIO_gets(bio, output, sizeof(output)), 8);
+    ExpectStrEQ(output, ".....ok\n");
+    ExpectIntEQ(BIO_pending(bio), 0);
+    ExpectIntEQ(BIO_puts(bio, ""), -1);
+
+    BIO_free(bio);
+#endif
+    return EXPECT_RESULT();
+}
+
+int test_wolfSSL_BIO_dump(void)
+{
+    EXPECT_DECLS;
+#if defined(OPENSSL_EXTRA) && !defined(NO_FILESYSTEM)
+    BIO* bio;
+    static const unsigned char data[] = {
+        0x30, 0x59, 0x30, 0x13, 0x06, 0x07, 0x2A, 0x86, 0x48, 0xCE,
+        0x3D, 0x02, 0x01, 0x06, 0x08, 0x2A, 0x86, 0x48, 0xCE, 0x3D,
+        0x03, 0x01, 0x07, 0x03, 0x42, 0x00, 0x04, 0x55, 0xBF, 0xF4,
+        0x0F, 0x44, 0x50, 0x9A, 0x3D, 0xCE, 0x9B, 0xB7, 0xF0, 0xC5,
+        0x4D, 0xF5, 0x70, 0x7B, 0xD4, 0xEC, 0x24, 0x8E, 0x19, 0x80,
+        0xEC, 0x5A, 0x4C, 0xA2, 0x24, 0x03, 0x62, 0x2C, 0x9B, 0xDA,
+        0xEF, 0xA2, 0x35, 0x12, 0x43, 0x84, 0x76, 0x16, 0xC6, 0x56,
+        0x95, 0x06, 0xCC, 0x01, 0xA9, 0xBD, 0xF6, 0x75, 0x1A, 0x42,
+        0xF7, 0xBD, 0xA9, 0xB2, 0x36, 0x22, 0x5F, 0xC7, 0x5D, 0x7F,
+        0xB4
+    };
+    /* Generated with OpenSSL. */
+    static const char expected[] =
+"0000 - 30 59 30 13 06 07 2a 86-48 ce 3d 02 01 06 08 2a   0Y0...*.H.=....*\n"
+"0010 - 86 48 ce 3d 03 01 07 03-42 00 04 55 bf f4 0f 44   .H.=....B..U...D\n"
+"0020 - 50 9a 3d ce 9b b7 f0 c5-4d f5 70 7b d4 ec 24 8e   P.=.....M.p{..$.\n"
+"0030 - 19 80 ec 5a 4c a2 24 03-62 2c 9b da ef a2 35 12   ...ZL.$.b,....5.\n"
+"0040 - 43 84 76 16 c6 56 95 06-cc 01 a9 bd f6 75 1a 42   C.v..V.......u.B\n"
+"0050 - f7 bd a9 b2 36 22 5f c7-5d 7f b4                  ....6\"_.]..\n";
+    static const char expectedAll[] =
+"0000 - 00 01 02 03 04 05 06 07-08 09 0a 0b 0c 0d 0e 0f   ................\n"
+"0010 - 10 11 12 13 14 15 16 17-18 19 1a 1b 1c 1d 1e 1f   ................\n"
+"0020 - 20 21 22 23 24 25 26 27-28 29 2a 2b 2c 2d 2e 2f    !\"#$%&'()*+,-./\n"
+"0030 - 30 31 32 33 34 35 36 37-38 39 3a 3b 3c 3d 3e 3f   0123456789:;<=>?\n"
+"0040 - 40 41 42 43 44 45 46 47-48 49 4a 4b 4c 4d 4e 4f   @ABCDEFGHIJKLMNO\n"
+"0050 - 50 51 52 53 54 55 56 57-58 59 5a 5b 5c 5d 5e 5f   PQRSTUVWXYZ[\\]^_\n"
+"0060 - 60 61 62 63 64 65 66 67-68 69 6a 6b 6c 6d 6e 6f   `abcdefghijklmno\n"
+"0070 - 70 71 72 73 74 75 76 77-78 79 7a 7b 7c 7d 7e 7f   pqrstuvwxyz{|}~.\n"
+"0080 - 80 81 82 83 84 85 86 87-88 89 8a 8b 8c 8d 8e 8f   ................\n"
+"0090 - 90 91 92 93 94 95 96 97-98 99 9a 9b 9c 9d 9e 9f   ................\n"
+"00a0 - a0 a1 a2 a3 a4 a5 a6 a7-a8 a9 aa ab ac ad ae af   ................\n"
+"00b0 - b0 b1 b2 b3 b4 b5 b6 b7-b8 b9 ba bb bc bd be bf   ................\n"
+"00c0 - c0 c1 c2 c3 c4 c5 c6 c7-c8 c9 ca cb cc cd ce cf   ................\n"
+"00d0 - d0 d1 d2 d3 d4 d5 d6 d7-d8 d9 da db dc dd de df   ................\n"
+"00e0 - e0 e1 e2 e3 e4 e5 e6 e7-e8 e9 ea eb ec ed ee ef   ................\n"
+"00f0 - f0 f1 f2 f3 f4 f5 f6 f7-f8 f9 fa fb fc fd fe ff   ................\n";
+    char output[16 * 80];
+    int i;
+
+    ExpectNotNull(bio = BIO_new(BIO_s_mem()));
+
+    /* Example key dumped. */
+    ExpectIntEQ(BIO_dump(bio, (const char*)data, (int)sizeof(data)),
+        sizeof(expected) - 1);
+    ExpectIntEQ(BIO_read(bio, output, sizeof(output)), sizeof(expected) - 1);
+    ExpectIntEQ(XMEMCMP(output, expected, sizeof(expected) - 1), 0);
+
+    /* Try every possible value for a character. */
+    for (i = 0; i < 256; i++)
+       output[i] = i;
+    ExpectIntEQ(BIO_dump(bio, output, 256), sizeof(expectedAll) - 1);
+    ExpectIntEQ(BIO_read(bio, output, sizeof(output)), sizeof(expectedAll) - 1);
+    ExpectIntEQ(XMEMCMP(output, expectedAll, sizeof(expectedAll) - 1), 0);
+
+    BIO_free(bio);
+#endif
+    return EXPECT_RESULT();
+}
+
+#if defined(OPENSSL_ALL) && !defined(NO_FILESYSTEM) && !defined(NO_CERTS) && \
+    !defined(NO_RSA) && defined(HAVE_EXT_CACHE) && \
+    defined(HAVE_IO_TESTS_DEPENDENCIES) && defined(USE_WOLFSSL_IO)
+static int forceWantRead(WOLFSSL *ssl, char *buf, int sz, void *ctx)
+{
+    (void)ssl;
+    (void)buf;
+    (void)sz;
+    (void)ctx;
+    return WOLFSSL_CBIO_ERR_WANT_READ;
+}
+#endif
+
+int test_wolfSSL_BIO_should_retry(void)
+{
+    EXPECT_DECLS;
+#if defined(OPENSSL_ALL) && !defined(NO_FILESYSTEM) && !defined(NO_CERTS) && \
+    !defined(NO_RSA) && defined(HAVE_EXT_CACHE) && \
+    defined(HAVE_IO_TESTS_DEPENDENCIES) && defined(USE_WOLFSSL_IO)
+    tcp_ready ready;
+    func_args server_args;
+    THREAD_TYPE serverThread;
+    SOCKET_T sockfd = 0;
+    WOLFSSL_CTX* ctx = NULL;
+    WOLFSSL*     ssl = NULL;
+    char msg[64] = "hello wolfssl!";
+    char reply[1024];
+    int  msgSz = (int)XSTRLEN(msg);
+    int  ret;
+    BIO* bio = NULL;
+
+    XMEMSET(&server_args, 0, sizeof(func_args));
+#ifdef WOLFSSL_TIRTOS
+    fdOpenSession(Task_self());
+#endif
+
+    StartTCP();
+    InitTcpReady(&ready);
+
+#if defined(USE_WINDOWS_API)
+    /* use RNG to get random port if using windows */
+    ready.port = GetRandomPort();
+#endif
+
+    server_args.signal = &ready;
+    start_thread(test_server_nofail, &server_args, &serverThread);
+    wait_tcp_ready(&server_args);
+
+
+    ExpectNotNull(ctx = wolfSSL_CTX_new(wolfSSLv23_client_method()));
+#ifdef OPENSSL_COMPATIBLE_DEFAULTS
+    ExpectIntEQ(wolfSSL_CTX_clear_mode(ctx, SSL_MODE_AUTO_RETRY), 0);
+#endif
+    ExpectIntEQ(WOLFSSL_SUCCESS,
+            wolfSSL_CTX_load_verify_locations(ctx, caCertFile, 0));
+    ExpectIntEQ(WOLFSSL_SUCCESS,
+          wolfSSL_CTX_use_certificate_file(ctx, cliCertFile, SSL_FILETYPE_PEM));
+    ExpectIntEQ(WOLFSSL_SUCCESS,
+            wolfSSL_CTX_use_PrivateKey_file(ctx, cliKeyFile, SSL_FILETYPE_PEM));
+    tcp_connect(&sockfd, wolfSSLIP, server_args.signal->port, 0, 0, NULL);
+
+    /* force retry */
+    ExpectNotNull(bio = wolfSSL_BIO_new_ssl(ctx, 1));
+    ExpectIntEQ(BIO_get_ssl(bio, &ssl), 1);
+    ExpectNotNull(ssl);
+    ExpectIntEQ(wolfSSL_set_fd(ssl, sockfd), WOLFSSL_SUCCESS);
+    wolfSSL_SSLSetIORecv(ssl, forceWantRead);
+    if (EXPECT_FAIL()) {
+        wolfSSL_free(ssl);
+        ssl = NULL;
+    }
+
+    ExpectIntLE(BIO_write(bio, msg, msgSz), 0);
+    ExpectIntNE(BIO_should_retry(bio), 0);
+    ExpectIntEQ(BIO_should_read(bio), 0);
+    ExpectIntEQ(BIO_should_write(bio), 0);
+
+
+    /* now perform successful connection */
+    wolfSSL_SSLSetIORecv(ssl, EmbedReceive);
+    ExpectIntEQ(BIO_write(bio, msg, msgSz), msgSz);
+    ExpectIntNE(BIO_read(bio, reply, sizeof(reply)), 0);
+    ret = wolfSSL_get_error(ssl, -1);
+    if (ret == WOLFSSL_ERROR_WANT_READ || ret == WOLFSSL_ERROR_WANT_WRITE) {
+        ExpectIntNE(BIO_should_retry(bio), 0);
+
+        if (ret == WOLFSSL_ERROR_WANT_READ)
+            ExpectIntEQ(BIO_should_read(bio), 1);
+        else
+            ExpectIntEQ(BIO_should_read(bio), 0);
+
+        if (ret == WOLFSSL_ERROR_WANT_WRITE)
+            ExpectIntEQ(BIO_should_write(bio), 1);
+        else
+            ExpectIntEQ(BIO_should_write(bio), 0);
+    }
+    else {
+        ExpectIntEQ(BIO_should_retry(bio), 0);
+        ExpectIntEQ(BIO_should_read(bio), 0);
+        ExpectIntEQ(BIO_should_write(bio), 0);
+    }
+    ExpectIntEQ(XMEMCMP(reply, "I hear you fa shizzle!",
+                XSTRLEN("I hear you fa shizzle!")), 0);
+    BIO_free(bio);
+    wolfSSL_CTX_free(ctx);
+
+    CloseSocket(sockfd);
+
+    join_thread(serverThread);
+    FreeTcpReady(&ready);
+
+#ifdef WOLFSSL_TIRTOS
+    fdOpenSession(Task_self());
+#endif
+#endif
+    return EXPECT_RESULT();
+}
+
+int test_wolfSSL_BIO_connect(void)
+{
+    EXPECT_DECLS;
+#if defined(OPENSSL_ALL) && defined(HAVE_IO_TESTS_DEPENDENCIES) && \
+            defined(HAVE_HTTP_CLIENT) && !defined(NO_WOLFSSL_CLIENT)
+    tcp_ready ready;
+    func_args server_args;
+    THREAD_TYPE serverThread;
+    BIO *tcpBio = NULL;
+    BIO *sslBio = NULL;
+    SSL_CTX* ctx = NULL;
+    SSL *ssl = NULL;
+    SSL *sslPtr;
+    char msg[] = "hello wolfssl!";
+    char reply[30];
+    char buff[10] = {0};
+
+    ExpectNotNull(ctx = wolfSSL_CTX_new(wolfSSLv23_client_method()));
+    ExpectIntEQ(WOLFSSL_SUCCESS,
+            wolfSSL_CTX_load_verify_locations(ctx, caCertFile, 0));
+    ExpectIntEQ(WOLFSSL_SUCCESS,
+          wolfSSL_CTX_use_certificate_file(ctx, cliCertFile, SSL_FILETYPE_PEM));
+    ExpectIntEQ(WOLFSSL_SUCCESS,
+            wolfSSL_CTX_use_PrivateKey_file(ctx, cliKeyFile, SSL_FILETYPE_PEM));
+
+    /* Setup server */
+    XMEMSET(&server_args, 0, sizeof(func_args));
+    StartTCP();
+    InitTcpReady(&ready);
+#if defined(USE_WINDOWS_API)
+    /* use RNG to get random port if using windows */
+    ready.port = GetRandomPort();
+#endif
+    server_args.signal = &ready;
+    start_thread(test_server_nofail, &server_args, &serverThread);
+    wait_tcp_ready(&server_args);
+    ExpectIntGT(XSNPRINTF(buff, sizeof(buff), "%d", ready.port), 0);
+
+    /* Start the test proper */
+    /* Setup the TCP BIO */
+    ExpectNotNull(tcpBio = BIO_new_connect(wolfSSLIP));
+    ExpectIntEQ(BIO_set_conn_port(tcpBio, buff), 1);
+    /* Setup the SSL object */
+    ExpectNotNull(ssl = SSL_new(ctx));
+    SSL_set_connect_state(ssl);
+    /* Setup the SSL BIO */
+    ExpectNotNull(sslBio = BIO_new(BIO_f_ssl()));
+    ExpectIntEQ(BIO_set_ssl(sslBio, ssl, BIO_CLOSE), 1);
+    if (EXPECT_FAIL()) {
+        wolfSSL_free(ssl);
+    }
+    /* Verify that BIO_get_ssl works. */
+    ExpectIntEQ(BIO_get_ssl(sslBio, &sslPtr), 1);
+    ExpectPtrEq(ssl, sslPtr);
+    /* Link BIO's so that sslBio uses tcpBio for IO */
+    ExpectPtrEq(BIO_push(sslBio, tcpBio), sslBio);
+    /* Do TCP connect */
+    ExpectIntEQ(BIO_do_connect(sslBio), 1);
+    /* Do TLS handshake */
+    ExpectIntEQ(BIO_do_handshake(sslBio), 1);
+    /* Test writing */
+    ExpectIntEQ(BIO_write(sslBio, msg, sizeof(msg)), sizeof(msg));
+    /* Expect length of default wolfSSL reply */
+    ExpectIntEQ(BIO_read(sslBio, reply, sizeof(reply)), 23);
+
+    /* Clean it all up */
+    BIO_free_all(sslBio);
+    /* Server clean up */
+    join_thread(serverThread);
+    FreeTcpReady(&ready);
+
+    /* Run the same test, but use BIO_new_ssl_connect and set the IP and port
+     * after. */
+    XMEMSET(&server_args, 0, sizeof(func_args));
+    StartTCP();
+    InitTcpReady(&ready);
+#if defined(USE_WINDOWS_API)
+    /* use RNG to get random port if using windows */
+    ready.port = GetRandomPort();
+#endif
+    server_args.signal = &ready;
+    start_thread(test_server_nofail, &server_args, &serverThread);
+    wait_tcp_ready(&server_args);
+    ExpectIntGT(XSNPRINTF(buff, sizeof(buff), "%d", ready.port), 0);
+
+    ExpectNotNull(sslBio = BIO_new_ssl_connect(ctx));
+    ExpectIntEQ(BIO_set_conn_hostname(sslBio, (char*)wolfSSLIP), 1);
+    ExpectIntEQ(BIO_set_conn_port(sslBio, buff), 1);
+    ExpectIntEQ(BIO_do_connect(sslBio), 1);
+    ExpectIntEQ(BIO_do_handshake(sslBio), 1);
+    ExpectIntEQ(BIO_write(sslBio, msg, sizeof(msg)), sizeof(msg));
+    ExpectIntEQ(BIO_read(sslBio, reply, sizeof(reply)), 23);
+    /* Attempt to close the TLS connection gracefully. */
+    BIO_ssl_shutdown(sslBio);
+
+    BIO_free_all(sslBio);
+    join_thread(serverThread);
+    FreeTcpReady(&ready);
+
+    SSL_CTX_free(ctx);
+
+#if defined(HAVE_ECC) && defined(FP_ECC) && defined(HAVE_THREAD_LS)
+    wc_ecc_fp_free();  /* free per thread cache */
+#endif
+#endif
+    return EXPECT_RESULT();
+}
+
+
+int test_wolfSSL_BIO_tls(void)
+{
+    EXPECT_DECLS;
+#if !defined(NO_BIO) && defined(OPENSSL_EXTRA) && \
+    !defined(NO_WOLFSSL_CLIENT) && !defined(NO_TLS)
+    SSL_CTX* ctx = NULL;
+    SSL *ssl = NULL;
+    BIO *readBio = NULL;
+    BIO *writeBio = NULL;
+    int ret;
+    int err = 0;
+
+    ExpectNotNull(ctx = SSL_CTX_new(SSLv23_method()));
+    ExpectNotNull(ssl = SSL_new(ctx));
+
+    ExpectNotNull(readBio = BIO_new(BIO_s_mem()));
+    ExpectNotNull(writeBio = BIO_new(BIO_s_mem()));
+    /* Qt reads data from write-bio,
+     * then writes the read data into plain packet.
+     * Qt reads data from plain packet,
+     * then writes the read data into read-bio.
+     */
+    SSL_set_bio(ssl, readBio, writeBio);
+
+    do {
+    #ifdef WOLFSSL_ASYNC_CRYPT
+        if (err == WC_NO_ERR_TRACE(WC_PENDING_E)) {
+            ret = wolfSSL_AsyncPoll(ssl, WOLF_POLL_FLAG_CHECK_HW);
+            if (ret < 0) { break; } else if (ret == 0) { continue; }
+        }
+    #endif
+        ret = SSL_connect(ssl);
+        err = SSL_get_error(ssl, 0);
+    } while (err == WC_NO_ERR_TRACE(WC_PENDING_E));
+    ExpectIntEQ(ret, WC_NO_ERR_TRACE(WOLFSSL_FATAL_ERROR));
+    /* in this use case, should return WANT READ
+     * so that Qt will read the data from plain packet for next state.
+     */
+    ExpectIntEQ(err, SSL_ERROR_WANT_READ);
+
+    SSL_free(ssl);
+    SSL_CTX_free(ctx);
+#endif
+    return EXPECT_RESULT();
+}
+
+
+int test_wolfSSL_BIO_datagram(void)
+{
+    EXPECT_DECLS;
+#if !defined(NO_BIO) && defined(WOLFSSL_DTLS) && defined(WOLFSSL_HAVE_BIO_ADDR) && defined(OPENSSL_EXTRA)
+    int ret;
+    SOCKET_T fd1 = SOCKET_INVALID, fd2 = SOCKET_INVALID;
+    WOLFSSL_BIO *bio1 = NULL, *bio2 = NULL;
+    WOLFSSL_BIO_ADDR *bio_addr1 = NULL, *bio_addr2 = NULL;
+    SOCKADDR_IN sin1, sin2;
+    socklen_t slen;
+    static const char test_msg[] = "I am a datagram, short and stout.";
+    char test_msg_recvd[sizeof(test_msg) + 10];
+#ifdef USE_WINDOWS_API
+    static const DWORD timeout = 250; /* ms */
+#else
+    static const struct timeval timeout = { 0, 250000 };
+#endif
+
+    StartTCP();
+
+    if (EXPECT_SUCCESS()) {
+        fd1 = socket(AF_INET, SOCK_DGRAM, IPPROTO_UDP);
+        ExpectIntNE(fd1, SOCKET_INVALID);
+    }
+    if (EXPECT_SUCCESS()) {
+        fd2 = socket(AF_INET, SOCK_DGRAM, IPPROTO_UDP);
+        ExpectIntNE(fd2, SOCKET_INVALID);
+    }
+
+    if (EXPECT_SUCCESS()) {
+        bio1 = wolfSSL_BIO_new_dgram(fd1, 1 /* closeF */);
+        ExpectNotNull(bio1);
+    }
+
+    if (EXPECT_SUCCESS()) {
+        bio2 = wolfSSL_BIO_new_dgram(fd2, 1 /* closeF */);
+        ExpectNotNull(bio2);
+    }
+
+    if (EXPECT_SUCCESS()) {
+        sin1.sin_family = AF_INET;
+        sin1.sin_addr.s_addr = htonl(INADDR_LOOPBACK);
+        sin1.sin_port = 0;
+        slen = (socklen_t)sizeof(sin1);
+        ExpectIntEQ(bind(fd1, (const struct sockaddr *)&sin1, slen), 0);
+        ExpectIntEQ(setsockopt(fd1, SOL_SOCKET, SO_RCVTIMEO, (const char *)&timeout, sizeof(timeout)), 0);
+        ExpectIntEQ(getsockname(fd1, (struct sockaddr *)&sin1, &slen), 0);
+    }
+
+    if (EXPECT_SUCCESS()) {
+        sin2.sin_family = AF_INET;
+        sin2.sin_addr.s_addr = htonl(INADDR_LOOPBACK);
+        sin2.sin_port = 0;
+        slen = (socklen_t)sizeof(sin2);
+        ExpectIntEQ(bind(fd2, (const struct sockaddr *)&sin2, slen), 0);
+        ExpectIntEQ(setsockopt(fd2, SOL_SOCKET, SO_RCVTIMEO, (const char *)&timeout, sizeof(timeout)), 0);
+        ExpectIntEQ(getsockname(fd2, (struct sockaddr *)&sin2, &slen), 0);
+    }
+
+    if (EXPECT_SUCCESS()) {
+        bio_addr1 = wolfSSL_BIO_ADDR_new();
+        ExpectNotNull(bio_addr1);
+    }
+
+    if (EXPECT_SUCCESS()) {
+        bio_addr2 = wolfSSL_BIO_ADDR_new();
+        ExpectNotNull(bio_addr2);
+    }
+
+    if (EXPECT_SUCCESS()) {
+        /* for OpenSSL compatibility, direct copying of sockaddrs into BIO_ADDRs must work right. */
+        XMEMCPY(&bio_addr2->sa_in, &sin2, sizeof(sin2));
+        ExpectIntEQ((int)wolfSSL_BIO_ctrl(bio1, BIO_CTRL_DGRAM_SET_PEER, 0, bio_addr2), WOLFSSL_SUCCESS);
+        wolfSSL_BIO_ADDR_clear(bio_addr2);
+    }
+
+    test_msg_recvd[0] = 0;
+    ExpectIntEQ(wolfSSL_BIO_write(bio1, test_msg, sizeof(test_msg)), (int)sizeof(test_msg));
+    ExpectIntEQ(wolfSSL_BIO_read(bio2, test_msg_recvd, sizeof(test_msg_recvd)), (int)sizeof(test_msg));
+    ExpectIntEQ(XMEMCMP(test_msg_recvd, test_msg, sizeof(test_msg)), 0);
+
+#ifdef WOLFSSL_BIO_HAVE_FLOW_STATS
+    ExpectIntEQ(wolfSSL_BIO_number_written(bio1), sizeof(test_msg));
+    ExpectIntEQ(wolfSSL_BIO_number_read(bio2), sizeof(test_msg));
+#endif
+
+    /* bio2 should now have bio1's addr stored as its peer_addr, because the
+     * BIOs aren't "connected" yet.  use it to send a reply.
+     */
+
+    test_msg_recvd[0] = 0;
+    ExpectIntEQ(wolfSSL_BIO_write(bio2, test_msg, sizeof(test_msg)), (int)sizeof(test_msg));
+    ExpectIntEQ(wolfSSL_BIO_read(bio1, test_msg_recvd, sizeof(test_msg_recvd)), (int)sizeof(test_msg));
+    ExpectIntEQ(XMEMCMP(test_msg_recvd, test_msg, sizeof(test_msg)), 0);
+
+    ExpectIntEQ(wolfSSL_BIO_read(bio1, test_msg_recvd, sizeof(test_msg_recvd)), WOLFSSL_BIO_ERROR);
+    ExpectIntNE(BIO_should_retry(bio1), 0);
+
+    ExpectIntEQ(wolfSSL_BIO_read(bio2, test_msg_recvd, sizeof(test_msg_recvd)), WOLFSSL_BIO_ERROR);
+    ExpectIntNE(BIO_should_retry(bio2), 0);
+
+    /* now "connect" the sockets. */
+
+    ExpectIntEQ(connect(fd1, (const struct sockaddr *)&sin2, (socklen_t)sizeof(sin2)), 0);
+    ExpectIntEQ(connect(fd2, (const struct sockaddr *)&sin1, (socklen_t)sizeof(sin1)), 0);
+
+    if (EXPECT_SUCCESS()) {
+        XMEMCPY(&bio_addr2->sa_in, &sin2, sizeof(sin2));
+        ExpectIntEQ((int)wolfSSL_BIO_ctrl(bio1, BIO_CTRL_DGRAM_SET_CONNECTED, 0, bio_addr2), WOLFSSL_SUCCESS);
+        wolfSSL_BIO_ADDR_clear(bio_addr2);
+    }
+
+    if (EXPECT_SUCCESS()) {
+        XMEMCPY(&bio_addr1->sa_in, &sin1, sizeof(sin1));
+        ExpectIntEQ((int)wolfSSL_BIO_ctrl(bio2, BIO_CTRL_DGRAM_SET_CONNECTED, 0, bio_addr1), WOLFSSL_SUCCESS);
+        wolfSSL_BIO_ADDR_clear(bio_addr1);
+    }
+
+    test_msg_recvd[0] = 0;
+    ExpectIntEQ(wolfSSL_BIO_write(bio2, test_msg, sizeof(test_msg)), (int)sizeof(test_msg));
+    ExpectIntEQ(wolfSSL_BIO_read(bio1, test_msg_recvd, sizeof(test_msg_recvd)), (int)sizeof(test_msg));
+    ExpectIntEQ(XMEMCMP(test_msg_recvd, test_msg, sizeof(test_msg)), 0);
+
+    test_msg_recvd[0] = 0;
+    ExpectIntEQ(wolfSSL_BIO_write(bio1, test_msg, sizeof(test_msg)), (int)sizeof(test_msg));
+    ExpectIntEQ(wolfSSL_BIO_read(bio2, test_msg_recvd, sizeof(test_msg_recvd)), (int)sizeof(test_msg));
+    ExpectIntEQ(XMEMCMP(test_msg_recvd, test_msg, sizeof(test_msg)), 0);
+
+#ifdef __linux__
+    /* now "disconnect" the sockets and attempt transmits expected to fail. */
+
+    sin1.sin_family = AF_UNSPEC;
+    ExpectIntEQ(connect(fd1, (const struct sockaddr *)&sin1, (socklen_t)sizeof(sin1)), 0);
+    ExpectIntEQ(connect(fd2, (const struct sockaddr *)&sin1, (socklen_t)sizeof(sin1)), 0);
+    sin1.sin_family = AF_INET;
+
+    ExpectIntEQ((int)wolfSSL_BIO_ctrl(bio1, BIO_CTRL_DGRAM_SET_CONNECTED, 0, NULL), WOLFSSL_SUCCESS);
+    ExpectIntEQ((int)wolfSSL_BIO_ctrl(bio2, BIO_CTRL_DGRAM_SET_CONNECTED, 0, NULL), WOLFSSL_SUCCESS);
+
+    if (EXPECT_SUCCESS()) {
+        sin2.sin_addr.s_addr = htonl(0xc0a8c0a8); /* 192.168.192.168 -- invalid for loopback interface. */
+        XMEMCPY(&bio_addr2->sa_in, &sin2, sizeof(sin2));
+        ExpectIntEQ((int)wolfSSL_BIO_ctrl(bio1, BIO_CTRL_DGRAM_SET_PEER, 0, bio_addr2), WOLFSSL_SUCCESS);
+        wolfSSL_BIO_ADDR_clear(bio_addr2);
+    }
+
+    test_msg_recvd[0] = 0;
+    errno = 0;
+    ExpectIntEQ(wolfSSL_BIO_write(bio1, test_msg, sizeof(test_msg)), -1);
+    ExpectTrue((errno == EINVAL) || (errno == ENETUNREACH));
+
+#endif /* __linux__ */
+
+
+    if (bio1) {
+        ret = wolfSSL_BIO_free(bio1);
+        ExpectIntEQ(ret, WOLFSSL_SUCCESS);
+    } else if (fd1 != SOCKET_INVALID)
+        CloseSocket(fd1);
+    if (bio2) {
+        ret = wolfSSL_BIO_free(bio2);
+        ExpectIntEQ(ret, WOLFSSL_SUCCESS);
+    } else if (fd2 != SOCKET_INVALID)
+        CloseSocket(fd2);
+    if (bio_addr1)
+        wolfSSL_BIO_ADDR_free(bio_addr1);
+    if (bio_addr2)
+        wolfSSL_BIO_ADDR_free(bio_addr2);
+
+#endif /* !NO_BIO && WOLFSSL_DTLS && WOLFSSL_HAVE_BIO_ADDR && OPENSSL_EXTRA */
+
+    return EXPECT_RESULT();
+}
+
+int test_wolfSSL_BIO_s_null(void)
+{
+    EXPECT_DECLS;
+#if !defined(NO_BIO) && defined(OPENSSL_EXTRA)
+    BIO *b = NULL;
+    char testData[10] = {'t','e','s','t',0};
+
+    ExpectNotNull(b = BIO_new(BIO_s_null()));
+    ExpectIntEQ(BIO_write(b, testData, sizeof(testData)), sizeof(testData));
+    ExpectIntEQ(BIO_read(b, testData, sizeof(testData)), 0);
+    ExpectIntEQ(BIO_puts(b, testData), 4);
+    ExpectIntEQ(BIO_gets(b, testData, sizeof(testData)), 0);
+    ExpectIntEQ(BIO_pending(b), 0);
+    ExpectIntEQ(BIO_eof(b), 1);
+
+    BIO_free(b);
+#endif
+    return EXPECT_RESULT();
+}
+
+#if defined(OPENSSL_ALL) && defined(HAVE_IO_TESTS_DEPENDENCIES) && \
+    defined(HAVE_HTTP_CLIENT)
+static THREAD_RETURN WOLFSSL_THREAD test_wolfSSL_BIO_accept_client(void* args)
+{
+    BIO* clientBio;
+    SSL* sslClient;
+    SSL_CTX* ctx;
+    char connectAddr[20]; /* IP + port */;
+
+    (void)args;
+
+    AssertIntGT(snprintf(connectAddr, sizeof(connectAddr), "%s:%d", wolfSSLIP, wolfSSLPort), 0);
+    clientBio = BIO_new_connect(connectAddr);
+    AssertNotNull(clientBio);
+    AssertIntEQ(BIO_do_connect(clientBio), 1);
+    ctx = SSL_CTX_new(SSLv23_method());
+    AssertNotNull(ctx);
+    sslClient = SSL_new(ctx);
+    AssertNotNull(sslClient);
+    AssertIntEQ(wolfSSL_CTX_load_verify_locations(ctx, caCertFile, 0), WOLFSSL_SUCCESS);
+    SSL_set_bio(sslClient, clientBio, clientBio);
+    AssertIntEQ(SSL_connect(sslClient), 1);
+
+    SSL_free(sslClient);
+    SSL_CTX_free(ctx);
+
+#if defined(HAVE_ECC) && defined(FP_ECC) && defined(HAVE_THREAD_LS)
+    wc_ecc_fp_free();  /* free per thread cache */
+#endif
+
+    WOLFSSL_RETURN_FROM_THREAD(0);
+}
+#endif
+
+int test_wolfSSL_BIO_accept(void)
+{
+    EXPECT_DECLS;
+#if defined(OPENSSL_ALL) && defined(HAVE_IO_TESTS_DEPENDENCIES) && \
+    defined(HAVE_HTTP_CLIENT)
+    BIO* serverBindBio = NULL;
+    BIO* serverAcceptBio = NULL;
+    SSL* sslServer = NULL;
+    SSL_CTX* ctx = NULL;
+    func_args args;
+    THREAD_TYPE thread;
+    char port[10]; /* 10 bytes should be enough to store the string
+                    * representation of the port */
+
+    ExpectIntGT(snprintf(port, sizeof(port), "%d", wolfSSLPort), 0);
+    ExpectNotNull(serverBindBio = BIO_new_accept(port));
+
+    /* First BIO_do_accept binds the port */
+    ExpectIntEQ(BIO_do_accept(serverBindBio), 1);
+
+    XMEMSET(&args, 0, sizeof(func_args));
+    start_thread(test_wolfSSL_BIO_accept_client, &args, &thread);
+
+    ExpectIntEQ(BIO_do_accept(serverBindBio), 1);
+    /* Let's plug it into SSL to test */
+    ExpectNotNull(ctx = SSL_CTX_new(SSLv23_method()));
+    ExpectIntEQ(wolfSSL_CTX_use_certificate_file(ctx, svrCertFile,
+        SSL_FILETYPE_PEM), WOLFSSL_SUCCESS);
+    ExpectIntEQ(wolfSSL_CTX_use_PrivateKey_file(ctx, svrKeyFile,
+        SSL_FILETYPE_PEM), WOLFSSL_SUCCESS);
+    ExpectNotNull(sslServer = SSL_new(ctx));
+    ExpectNotNull(serverAcceptBio = BIO_pop(serverBindBio));
+    SSL_set_bio(sslServer, serverAcceptBio, serverAcceptBio);
+    ExpectIntEQ(SSL_accept(sslServer), 1);
+
+    join_thread(thread);
+
+    BIO_free(serverBindBio);
+    SSL_free(sslServer);
+    SSL_CTX_free(ctx);
+
+#if defined(HAVE_ECC) && defined(FP_ECC) && defined(HAVE_THREAD_LS)
+    wc_ecc_fp_free();  /* free per thread cache */
+#endif
+#endif
+    return EXPECT_RESULT();
+}
+
+int test_wolfSSL_BIO_write(void)
+{
+    EXPECT_DECLS;
+#if defined(OPENSSL_EXTRA) && defined(WOLFSSL_BASE64_ENCODE)
+    BIO* bio = NULL;
+    BIO* bio64 = NULL;
+    BIO* bio_mem = NULL;
+    BIO* ptr = NULL;
+    int  sz;
+    char msg[] = "conversion test";
+    char out[40];
+    char expected[] = "Y29udmVyc2lvbiB0ZXN0AA==\n";
+    void* bufPtr = NULL;
+    BUF_MEM* buf = NULL;
+
+    ExpectNotNull(bio64 = BIO_new(BIO_f_base64()));
+    ExpectNotNull(bio   = BIO_push(bio64, BIO_new(BIO_s_mem())));
+    if (EXPECT_FAIL()) {
+        BIO_free(bio64);
+    }
+
+    /* now should convert to base64 then write to memory */
+    ExpectIntEQ(BIO_write(bio, msg, sizeof(msg)), sizeof(msg));
+    BIO_flush(bio);
+
+    /* test BIO chain */
+    ExpectIntEQ(SSL_SUCCESS, (int)BIO_get_mem_ptr(bio, &buf));
+    ExpectNotNull(buf);
+    ExpectIntEQ(buf->length, 25);
+    ExpectIntEQ(BIO_get_mem_data(bio, &bufPtr), 25);
+    ExpectPtrEq(buf->data, bufPtr);
+
+    ExpectNotNull(ptr = BIO_find_type(bio, BIO_TYPE_MEM));
+    sz = sizeof(out);
+    XMEMSET(out, 0, sz);
+    ExpectIntEQ((sz = BIO_read(ptr, out, sz)), 25);
+    ExpectIntEQ(XMEMCMP(out, expected, sz), 0);
+
+    /* write then read should return the same message */
+    ExpectIntEQ(BIO_write(bio, msg, sizeof(msg)), sizeof(msg));
+    sz = sizeof(out);
+    XMEMSET(out, 0, sz);
+    ExpectIntEQ(BIO_read(bio, out, sz), 16);
+    ExpectIntEQ(XMEMCMP(out, msg, sizeof(msg)), 0);
+
+    /* now try encoding with no line ending */
+    BIO_set_flags(bio64, BIO_FLAGS_BASE64_NO_NL);
+#ifdef HAVE_EX_DATA
+    BIO_set_ex_data(bio64, 0, (void*) "data");
+    ExpectIntEQ(strcmp((const char*)BIO_get_ex_data(bio64, 0), "data"), 0);
+#endif
+    ExpectIntEQ(BIO_write(bio, msg, sizeof(msg)), sizeof(msg));
+    BIO_flush(bio);
+    sz = sizeof(out);
+    XMEMSET(out, 0, sz);
+    ExpectIntEQ((sz = BIO_read(ptr, out, sz)), 24);
+    ExpectIntEQ(XMEMCMP(out, expected, sz), 0);
+
+    BIO_free_all(bio); /* frees bio64 also */
+    bio = NULL;
+
+    /* test with more than one bio64 in list */
+    ExpectNotNull(bio64 = BIO_new(BIO_f_base64()));
+    ExpectNotNull(bio   = BIO_push(BIO_new(BIO_f_base64()), bio64));
+    if (EXPECT_FAIL()) {
+        BIO_free_all(bio);
+        bio = NULL;
+        bio64 = NULL;
+    }
+    ExpectNotNull(bio_mem = BIO_new(BIO_s_mem()));
+    ExpectNotNull(BIO_push(bio64, bio_mem));
+    if (EXPECT_FAIL()) {
+        BIO_free(bio_mem);
+    }
+
+    /* now should convert to base64 when stored and then decode with read */
+    if (bio == NULL) {
+        ExpectNotNull(bio = BIO_new(BIO_f_base64()));
+    }
+    ExpectIntEQ(BIO_write(bio, msg, sizeof(msg)), 25);
+    BIO_flush(bio);
+    sz = sizeof(out);
+    XMEMSET(out, 0, sz);
+    ExpectIntEQ((sz = BIO_read(bio, out, sz)), 16);
+    ExpectIntEQ(XMEMCMP(out, msg, sz), 0);
+    BIO_clear_flags(bio64, ~0);
+    BIO_set_retry_read(bio);
+    BIO_free_all(bio); /* frees bio64s also */
+    bio = NULL;
+
+    ExpectNotNull(bio = BIO_new_mem_buf(out, 0));
+    ExpectIntEQ(BIO_write(bio, msg, sizeof(msg)), sizeof(msg));
+    BIO_free(bio);
+#endif
+    return EXPECT_RESULT();
+}
+
+
+int test_wolfSSL_BIO_printf(void)
+{
+    EXPECT_DECLS;
+#if defined(OPENSSL_ALL)
+    BIO* bio = NULL;
+    int  sz = 7;
+    char msg[] = "TLS 1.3 for the world";
+    char out[60];
+    char expected[] = "TLS 1.3 for the world : sz = 7";
+
+    XMEMSET(out, 0, sizeof(out));
+    ExpectNotNull(bio = BIO_new(BIO_s_mem()));
+    ExpectIntEQ(BIO_printf(bio, "%s : sz = %d", msg, sz), 30);
+    ExpectIntEQ(BIO_printf(NULL, ""), WC_NO_ERR_TRACE(WOLFSSL_FATAL_ERROR));
+    ExpectIntEQ(BIO_read(bio, out, sizeof(out)), 30);
+    ExpectIntEQ(XSTRNCMP(out, expected, sizeof(expected)), 0);
+    BIO_free(bio);
+#endif
+    return EXPECT_RESULT();
+}
+
+int test_wolfSSL_BIO_f_md(void)
+{
+    EXPECT_DECLS;
+#if defined(OPENSSL_ALL) && !defined(NO_SHA256)
+    BIO* bio = NULL;
+    BIO* mem = NULL;
+    char msg[] = "message to hash";
+    char out[60];
+    EVP_MD_CTX* ctx = NULL;
+    const unsigned char testKey[] =
+    {
+        0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b,
+        0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b,
+        0x0b, 0x0b, 0x0b, 0x0b
+    };
+    const char testData[] = "Hi There";
+    const unsigned char testResult[] =
+    {
+        0xb0, 0x34, 0x4c, 0x61, 0xd8, 0xdb, 0x38, 0x53,
+        0x5c, 0xa8, 0xaf, 0xce, 0xaf, 0x0b, 0xf1, 0x2b,
+        0x88, 0x1d, 0xc2, 0x00, 0xc9, 0x83, 0x3d, 0xa7,
+        0x26, 0xe9, 0x37, 0x6c, 0x2e, 0x32, 0xcf, 0xf7
+    };
+    const unsigned char expectedHash[] =
+    {
+       0x66, 0x49, 0x3C, 0xE8, 0x8A, 0x57, 0xB0, 0x60,
+       0xDC, 0x55, 0x7D, 0xFC, 0x1F, 0xA5, 0xE5, 0x07,
+       0x70, 0x5A, 0xF6, 0xD7, 0xC4, 0x1F, 0x1A, 0xE4,
+       0x2D, 0xA6, 0xFD, 0xD1, 0x29, 0x7D, 0x60, 0x0D
+    };
+    const unsigned char emptyHash[] =
+    {
+        0xE3, 0xB0, 0xC4, 0x42, 0x98, 0xFC, 0x1C, 0x14,
+        0x9A, 0xFB, 0xF4, 0xC8, 0x99, 0x6F, 0xB9, 0x24,
+        0x27, 0xAE, 0x41, 0xE4, 0x64, 0x9B, 0x93, 0x4C,
+        0xA4, 0x95, 0x99, 0x1B, 0x78, 0x52, 0xB8, 0x55
+    };
+    unsigned char check[sizeof(testResult) + 1];
+    size_t checkSz = sizeof(check);
+    EVP_PKEY* key = NULL;
+
+    XMEMSET(out, 0, sizeof(out));
+    ExpectNotNull(bio = BIO_new(BIO_f_md()));
+    ExpectNotNull(mem = BIO_new(BIO_s_mem()));
+
+    ExpectIntEQ(BIO_get_md_ctx(bio, &ctx), 1);
+    ExpectIntEQ(EVP_DigestInit(ctx, EVP_sha256()), 1);
+
+    /* should not be able to write/read yet since just digest wrapper and no
+     * data is passing through the bio */
+    ExpectIntEQ(BIO_write(bio, msg, 0), 0);
+    ExpectIntEQ(BIO_pending(bio), 0);
+    ExpectIntEQ(BIO_read(bio, out, sizeof(out)), 0);
+    ExpectIntEQ(BIO_gets(bio, out, 3), 0);
+    ExpectIntEQ(BIO_gets(bio, out, sizeof(out)), 32);
+    ExpectIntEQ(XMEMCMP(emptyHash, out, 32), 0);
+    BIO_reset(bio);
+
+    /* append BIO mem to bio in order to read/write */
+    ExpectNotNull(bio = BIO_push(bio, mem));
+
+    XMEMSET(out, 0, sizeof(out));
+    ExpectIntEQ(BIO_write(mem, msg, sizeof(msg)), 16);
+    ExpectIntEQ(BIO_pending(bio), 16);
+
+    /* this just reads the message and does not hash it (gets calls final) */
+    ExpectIntEQ(BIO_read(bio, out, sizeof(out)), 16);
+    ExpectIntEQ(XMEMCMP(out, msg, sizeof(msg)), 0);
+
+    /* create a message digest using BIO */
+    XMEMSET(out, 0, sizeof(out));
+    ExpectIntEQ(BIO_write(bio, msg, sizeof(msg)), 16);
+    ExpectIntEQ(BIO_pending(mem), 16);
+    ExpectIntEQ(BIO_pending(bio), 16);
+    ExpectIntEQ(BIO_gets(bio, out, sizeof(out)), 32);
+    ExpectIntEQ(XMEMCMP(expectedHash, out, 32), 0);
+    BIO_free(bio);
+    bio = NULL;
+    BIO_free(mem);
+    mem = NULL;
+
+    /* test with HMAC */
+    XMEMSET(out, 0, sizeof(out));
+    ExpectNotNull(bio = BIO_new(BIO_f_md()));
+    ExpectNotNull(mem = BIO_new(BIO_s_mem()));
+    BIO_get_md_ctx(bio, &ctx);
+    ExpectNotNull(key = EVP_PKEY_new_mac_key(EVP_PKEY_HMAC, NULL, testKey,
+        (int)sizeof(testKey)));
+    EVP_DigestSignInit(ctx, NULL, EVP_sha256(), NULL, key);
+    ExpectNotNull(bio = BIO_push(bio, mem));
+    BIO_write(bio, testData, (int)strlen(testData));
+    checkSz = sizeof(check);
+    ExpectIntEQ(EVP_DigestSignFinal(ctx, NULL, &checkSz), 1);
+    checkSz = sizeof(check);
+    ExpectIntEQ(EVP_DigestSignFinal(ctx, check, &checkSz), 1);
+
+    ExpectIntEQ(XMEMCMP(check, testResult, sizeof(testResult)), 0);
+
+    EVP_PKEY_free(key);
+    BIO_free(bio);
+    BIO_free(mem);
+#endif
+    return EXPECT_RESULT();
+}
+
+int test_wolfSSL_BIO_up_ref(void)
+{
+    EXPECT_DECLS;
+#if defined(OPENSSL_ALL) || defined(OPENSSL_EXTRA)
+    BIO* bio = NULL;
+
+    ExpectNotNull(bio = BIO_new(BIO_f_md()));
+    ExpectIntEQ(BIO_up_ref(NULL), 0);
+    ExpectIntEQ(BIO_up_ref(bio), 1);
+    BIO_free(bio);
+    ExpectIntEQ(BIO_up_ref(bio), 1);
+    BIO_free(bio);
+    BIO_free(bio);
+#endif
+    return EXPECT_RESULT();
+}
+int test_wolfSSL_BIO_reset(void)
+{
+    EXPECT_DECLS;
+#if defined(OPENSSL_ALL) || defined(OPENSSL_EXTRA)
+    BIO* bio = NULL;
+    byte buf[16];
+
+    ExpectNotNull(bio = BIO_new_mem_buf("secure your data",
+        (word32)XSTRLEN("secure your data")));
+    ExpectIntEQ(BIO_read(bio, buf, 6), 6);
+    ExpectIntEQ(XMEMCMP(buf, "secure", 6), 0);
+    XMEMSET(buf, 0, 16);
+    ExpectIntEQ(BIO_read(bio, buf, 16), 10);
+    ExpectIntEQ(XMEMCMP(buf, " your data", 10), 0);
+    /* You cannot write to MEM BIO with read-only mode. */
+    ExpectIntEQ(BIO_write(bio, "WriteToReadonly", 15), 0);
+    ExpectIntEQ(BIO_read(bio, buf, 16), -1);
+    XMEMSET(buf, 0, 16);
+    ExpectIntEQ(BIO_reset(bio), 1);
+    ExpectIntEQ(BIO_read(bio, buf, 16), 16);
+    ExpectIntEQ(XMEMCMP(buf, "secure your data", 16), 0);
+    BIO_free(bio);
+#endif
+    return EXPECT_RESULT();
+}
+
+int test_wolfSSL_BIO_get_len(void)
+{
+    EXPECT_DECLS;
+#if defined(OPENSSL_EXTRA) && !defined(NO_BIO) && !defined(NO_FILESYSTEM)
+    BIO *bio = NULL;
+    const char txt[] = "Some example text to push to the BIO.";
+
+    ExpectIntEQ(wolfSSL_BIO_get_len(bio), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+
+    ExpectNotNull(bio = wolfSSL_BIO_new(wolfSSL_BIO_s_mem()));
+
+    ExpectIntEQ(wolfSSL_BIO_write(bio, txt, sizeof(txt)), sizeof(txt));
+    ExpectIntEQ(wolfSSL_BIO_get_len(bio), sizeof(txt));
+    BIO_free(bio);
+    bio = NULL;
+
+    ExpectNotNull(bio = BIO_new_fd(STDERR_FILENO, BIO_NOCLOSE));
+    ExpectIntEQ(wolfSSL_BIO_get_len(bio), WC_NO_ERR_TRACE(WOLFSSL_BAD_FILE));
+    BIO_free(bio);
+#endif
+    return EXPECT_RESULT();
+}
+
+#endif /* !NO_BIO */
+
diff --git a/tests/api/test_ossl_bio.h b/tests/api/test_ossl_bio.h
new file mode 100644
index 000000000..8bcbc743f
--- /dev/null
+++ b/tests/api/test_ossl_bio.h
@@ -0,0 +1,65 @@
+/* test_ossl_bio.h
+ *
+ * Copyright (C) 2006-2025 wolfSSL Inc.
+ *
+ * This file is part of wolfSSL.
+ *
+ * wolfSSL is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * wolfSSL is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA
+ */
+
+#ifndef WOLFCRYPT_TEST_OSSL_BIO_H
+#define WOLFCRYPT_TEST_OSSL_BIO_H
+
+#include <tests/api/api_decl.h>
+
+#ifndef NO_BIO
+int test_wolfSSL_BIO_gets(void);
+int test_wolfSSL_BIO_puts(void);
+int test_wolfSSL_BIO_dump(void);
+int test_wolfSSL_BIO_should_retry(void);
+int test_wolfSSL_BIO_connect(void);
+int test_wolfSSL_BIO_tls(void);
+int test_wolfSSL_BIO_datagram(void);
+int test_wolfSSL_BIO_s_null(void);
+int test_wolfSSL_BIO_accept(void);
+int test_wolfSSL_BIO_write(void);
+int test_wolfSSL_BIO_printf(void);
+int test_wolfSSL_BIO_f_md(void);
+int test_wolfSSL_BIO_up_ref(void);
+int test_wolfSSL_BIO_reset(void);
+int test_wolfSSL_BIO_get_len(void);
+
+#define TEST_OSSL_BIO_DECLS                                       \
+    TEST_DECL_GROUP("ossl_bio", test_wolfSSL_BIO_gets),           \
+    TEST_DECL_GROUP("ossl_bio", test_wolfSSL_BIO_puts),           \
+    TEST_DECL_GROUP("ossl_bio", test_wolfSSL_BIO_dump),           \
+    TEST_DECL_GROUP("ossl_bio", test_wolfSSL_BIO_should_retry),   \
+    TEST_DECL_GROUP("ossl_bio", test_wolfSSL_BIO_s_null),         \
+    TEST_DECL_GROUP("ossl_bio", test_wolfSSL_BIO_write),          \
+    TEST_DECL_GROUP("ossl_bio", test_wolfSSL_BIO_printf),         \
+    TEST_DECL_GROUP("ossl_bio", test_wolfSSL_BIO_f_md),           \
+    TEST_DECL_GROUP("ossl_bio", test_wolfSSL_BIO_up_ref),         \
+    TEST_DECL_GROUP("ossl_bio", test_wolfSSL_BIO_reset),          \
+    TEST_DECL_GROUP("ossl_bio", test_wolfSSL_BIO_get_len)
+
+#define TEST_OSSL_BIO_TLS_DECLS                                   \
+    TEST_DECL_GROUP("ossl_bio_tls", test_wolfSSL_BIO_connect),    \
+    TEST_DECL_GROUP("ossl_bio_tls", test_wolfSSL_BIO_accept),     \
+    TEST_DECL_GROUP("ossl_bio_tls", test_wolfSSL_BIO_tls),        \
+    TEST_DECL_GROUP("ossl_bio_tls", test_wolfSSL_BIO_datagram)
+
+#endif
+
+#endif /* WOLFCRYPT_TEST_OSSL_BIO_H */
diff --git a/tests/api/test_ossl_bn.c b/tests/api/test_ossl_bn.c
new file mode 100644
index 000000000..176772eec
--- /dev/null
+++ b/tests/api/test_ossl_bn.c
@@ -0,0 +1,1090 @@
+/* test_ossl_bn.c
+ *
+ * Copyright (C) 2006-2025 wolfSSL Inc.
+ *
+ * This file is part of wolfSSL.
+ *
+ * wolfSSL is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * wolfSSL is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA
+ */
+
+#include <tests/unit.h>
+
+#ifdef NO_INLINE
+    #include <wolfssl/wolfcrypt/misc.h>
+#else
+    #define WOLFSSL_MISC_INCLUDED
+    #include <wolfcrypt/src/misc.c>
+#endif
+
+#include <wolfssl/openssl/bn.h>
+#include <wolfssl/wolfcrypt/types.h>
+#include <tests/api/api.h>
+#include <tests/api/test_ossl_bn.h>
+
+/*******************************************************************************
+ * BN OpenSSL compatibility API Testing
+ ******************************************************************************/
+
+int test_wolfSSL_BN_CTX(void)
+{
+    EXPECT_DECLS;
+#if defined(OPENSSL_EXTRA) && !defined(NO_ASN) && \
+    !defined(OPENSSL_EXTRA_NO_BN) && !defined(WOLFSSL_SP_MATH)
+    WOLFSSL_BN_CTX* bn_ctx = NULL;
+
+    ExpectNotNull(bn_ctx = BN_CTX_new());
+
+    ExpectNull(BN_CTX_get(NULL));
+    ExpectNotNull(BN_CTX_get(bn_ctx));
+    ExpectNotNull(BN_CTX_get(bn_ctx));
+    ExpectNotNull(BN_CTX_get(bn_ctx));
+    ExpectNotNull(BN_CTX_get(bn_ctx));
+    ExpectNotNull(BN_CTX_get(bn_ctx));
+    ExpectNotNull(BN_CTX_get(bn_ctx));
+
+#ifndef NO_WOLFSSL_STUB
+    /* No implementation. */
+    BN_CTX_start(NULL);
+    BN_CTX_start(bn_ctx);
+    BN_CTX_init(NULL);
+#endif
+
+    BN_CTX_free(NULL);
+    BN_CTX_free(bn_ctx);
+#endif /* defined(OPENSSL_EXTRA) && !defined(NO_ASN) */
+    return EXPECT_RESULT();
+}
+
+int test_wolfSSL_BN(void)
+{
+    EXPECT_DECLS;
+#if defined(OPENSSL_EXTRA) && !defined(NO_ASN) && \
+    !defined(OPENSSL_EXTRA_NO_BN) && !defined(WOLFSSL_SP_MATH)
+    BIGNUM* a = NULL;
+    BIGNUM* b = NULL;
+    BIGNUM* c = NULL;
+    BIGNUM* d = NULL;
+    BIGNUM emptyBN;
+
+    /* Setup */
+    XMEMSET(&emptyBN, 0, sizeof(emptyBN));
+    /* internal not set emptyBN. */
+
+    ExpectNotNull(a = BN_new());
+    ExpectNotNull(b = BN_new());
+    ExpectNotNull(c = BN_dup(b));
+    ExpectNotNull(d = BN_new());
+
+    /* Invalid parameter testing. */
+    BN_free(NULL);
+    ExpectNull(BN_dup(NULL));
+    ExpectNull(BN_dup(&emptyBN));
+
+    ExpectNull(BN_copy(NULL, NULL));
+    ExpectNull(BN_copy(b, NULL));
+    ExpectNull(BN_copy(NULL, c));
+    ExpectNull(BN_copy(b, &emptyBN));
+    ExpectNull(BN_copy(&emptyBN, c));
+
+    BN_clear(NULL);
+    BN_clear(&emptyBN);
+
+    ExpectIntEQ(BN_num_bytes(NULL), 0);
+    ExpectIntEQ(BN_num_bytes(&emptyBN), 0);
+
+    ExpectIntEQ(BN_num_bits(NULL), 0);
+    ExpectIntEQ(BN_num_bits(&emptyBN), 0);
+
+    ExpectIntEQ(BN_is_negative(NULL), 0);
+    ExpectIntEQ(BN_is_negative(&emptyBN), 0);
+    /* END Invalid Parameters */
+
+    ExpectIntEQ(BN_set_word(a, 3), SSL_SUCCESS);
+    ExpectIntEQ(BN_set_word(b, 2), SSL_SUCCESS);
+    ExpectIntEQ(BN_set_word(c, 5), SSL_SUCCESS);
+
+    ExpectIntEQ(BN_num_bits(a), 2);
+    ExpectIntEQ(BN_num_bytes(a), 1);
+
+#if !defined(WOLFSSL_SP_MATH) && (!defined(WOLFSSL_SP_MATH_ALL) || \
+                                               defined(WOLFSSL_SP_INT_NEGATIVE))
+    ExpectIntEQ(BN_set_word(a, 1), SSL_SUCCESS);
+    ExpectIntEQ(BN_set_word(b, 5), SSL_SUCCESS);
+    ExpectIntEQ(BN_is_word(a, (WOLFSSL_BN_ULONG)BN_get_word(a)), SSL_SUCCESS);
+    ExpectIntEQ(BN_is_word(a, 3), WC_NO_ERR_TRACE(WOLFSSL_FAILURE));
+    ExpectIntEQ(BN_sub(c, a, b), SSL_SUCCESS);
+#if defined(WOLFSSL_KEY_GEN) || defined(HAVE_COMP_KEY)
+    {
+        /* Do additional tests on negative BN conversions. */
+        char*         ret = NULL;
+        ASN1_INTEGER* asn1 = NULL;
+        BIGNUM*       tmp = NULL;
+
+        /* Sanity check we have a negative BN. */
+        ExpectIntEQ(BN_is_negative(c), 1);
+        ExpectNotNull(ret = BN_bn2dec(c));
+        ExpectIntEQ(XMEMCMP(ret, "-4", sizeof("-4")), 0);
+        XFREE(ret, NULL, DYNAMIC_TYPE_OPENSSL);
+        ret = NULL;
+
+        /* Convert to ASN1_INTEGER and back to BN. */
+        ExpectNotNull(asn1 = BN_to_ASN1_INTEGER(c, NULL));
+        ExpectNotNull(tmp = ASN1_INTEGER_to_BN(asn1, NULL));
+
+        /* After converting back BN should be negative and correct. */
+        ExpectIntEQ(BN_is_negative(tmp), 1);
+        ExpectNotNull(ret = BN_bn2dec(tmp));
+        ExpectIntEQ(XMEMCMP(ret, "-4", sizeof("-4")), 0);
+        XFREE(ret, NULL, DYNAMIC_TYPE_OPENSSL);
+        ASN1_INTEGER_free(asn1);
+        BN_free(tmp);
+    }
+#endif
+    ExpectIntEQ(BN_get_word(c), 4);
+#endif
+
+    ExpectIntEQ(BN_set_word(a, 3), 1);
+    ExpectIntEQ(BN_set_word(b, 3), 1);
+    ExpectIntEQ(BN_set_word(c, 4), 1);
+
+    /* NULL == NULL, NULL < num, num > NULL */
+    ExpectIntEQ(BN_cmp(NULL, NULL), 0);
+    ExpectIntEQ(BN_cmp(&emptyBN, &emptyBN), 0);
+    ExpectIntLT(BN_cmp(NULL, b), 0);
+    ExpectIntLT(BN_cmp(&emptyBN, b), 0);
+    ExpectIntGT(BN_cmp(a, NULL), 0);
+    ExpectIntGT(BN_cmp(a, &emptyBN), 0);
+
+    ExpectIntEQ(BN_cmp(a, b), 0);
+    ExpectIntLT(BN_cmp(a, c), 0);
+    ExpectIntGT(BN_cmp(c, b), 0);
+
+#if !defined(NO_FILESYSTEM) && !defined(NO_STDIO_FILESYSTEM)
+    ExpectIntEQ(BN_print_fp(XBADFILE, NULL), 0);
+    ExpectIntEQ(BN_print_fp(XBADFILE, &emptyBN), 0);
+    ExpectIntEQ(BN_print_fp(stderr, NULL), 0);
+    ExpectIntEQ(BN_print_fp(stderr, &emptyBN), 0);
+    ExpectIntEQ(BN_print_fp(XBADFILE, a), 0);
+
+    ExpectIntEQ(BN_print_fp(stderr, a), 1);
+#endif
+
+    BN_clear(a);
+
+    BN_free(a);
+    BN_free(b);
+    BN_free(c);
+    BN_clear_free(d);
+#endif /* defined(OPENSSL_EXTRA) && !defined(NO_ASN) */
+    return EXPECT_RESULT();
+}
+
+int test_wolfSSL_BN_init(void)
+{
+    EXPECT_DECLS;
+#if defined(OPENSSL_EXTRA) && !defined(NO_ASN) && \
+    !defined(OPENSSL_EXTRA_NO_BN) && !defined(WOLFSSL_SP_MATH)
+#if !defined(USE_INTEGER_HEAP_MATH) && !defined(HAVE_WOLF_BIGINT)
+    BIGNUM* ap = NULL;
+    BIGNUM bv;
+    BIGNUM cv;
+    BIGNUM dv;
+
+    ExpectNotNull(ap = BN_new());
+
+    BN_init(NULL);
+    XMEMSET(&bv, 0, sizeof(bv));
+    ExpectNull(BN_dup(&bv));
+
+    BN_init(&bv);
+    BN_init(&cv);
+    BN_init(&dv);
+
+    ExpectIntEQ(BN_set_word(ap, 3), SSL_SUCCESS);
+    ExpectIntEQ(BN_set_word(&bv, 2), SSL_SUCCESS);
+    ExpectIntEQ(BN_set_word(&cv, 5), SSL_SUCCESS);
+
+    /* a^b mod c = */
+    ExpectIntEQ(BN_mod_exp(&dv, NULL, &bv, &cv, NULL), WC_NO_ERR_TRACE(WOLFSSL_FAILURE));
+    ExpectIntEQ(BN_mod_exp(&dv, ap, &bv, &cv, NULL), WOLFSSL_SUCCESS);
+
+    /* check result  3^2 mod 5 */
+    ExpectIntEQ(BN_get_word(&dv), 4);
+
+    /* a*b mod c = */
+    ExpectIntEQ(BN_mod_mul(&dv, NULL, &bv, &cv, NULL), WC_NO_ERR_TRACE(WOLFSSL_FAILURE));
+    ExpectIntEQ(BN_mod_mul(&dv, ap, &bv, &cv, NULL), SSL_SUCCESS);
+
+    /* check result  3*2 mod 5 */
+    ExpectIntEQ(BN_get_word(&dv), 1);
+
+    {
+        BN_MONT_CTX* montCtx = NULL;
+        ExpectNotNull(montCtx = BN_MONT_CTX_new());
+
+        ExpectIntEQ(BN_MONT_CTX_set(montCtx, &cv, NULL), SSL_SUCCESS);
+        ExpectIntEQ(BN_set_word(&bv, 2), SSL_SUCCESS);
+        ExpectIntEQ(BN_set_word(&cv, 5), SSL_SUCCESS);
+        ExpectIntEQ(BN_mod_exp_mont_word(&dv, 3, &bv, &cv, NULL, NULL),
+                    WOLFSSL_SUCCESS);
+        /* check result  3^2 mod 5 */
+        ExpectIntEQ(BN_get_word(&dv), 4);
+
+        BN_MONT_CTX_free(montCtx);
+    }
+
+    BN_free(ap);
+#endif
+#endif /* defined(OPENSSL_EXTRA) && !defined(NO_ASN) */
+    return EXPECT_RESULT();
+}
+
+int test_wolfSSL_BN_enc_dec(void)
+{
+    EXPECT_DECLS;
+#if defined(OPENSSL_EXTRA) && !defined(NO_ASN) && !defined(WOLFSSL_SP_MATH)
+    BIGNUM* a = NULL;
+    BIGNUM* b = NULL;
+    BIGNUM* c = NULL;
+    BIGNUM emptyBN;
+    char* str = NULL;
+    const char* emptyStr = "";
+    const char* numberStr = "12345";
+    const char* badStr = "g12345";
+#if defined(WOLFSSL_KEY_GEN) || defined(HAVE_COMP_KEY)
+    const char* twoStr = "2";
+#endif
+    unsigned char binNum[] = { 0x01, 0x02, 0x03, 0x04, 0x05 };
+    unsigned char outNum[5];
+
+    /* Setup */
+    XMEMSET(&emptyBN, 0, sizeof(emptyBN));
+    ExpectNotNull(a = BN_new());
+    ExpectNotNull(b = BN_new());
+
+    /* Invalid parameters */
+    ExpectIntEQ(BN_bn2bin(NULL, NULL), -1);
+    ExpectIntEQ(BN_bn2bin(&emptyBN, NULL), -1);
+    ExpectIntEQ(BN_bn2bin(NULL, outNum), -1);
+    ExpectIntEQ(BN_bn2bin(&emptyBN, outNum), -1);
+    ExpectNull(BN_bn2hex(NULL));
+    ExpectNull(BN_bn2hex(&emptyBN));
+    ExpectNull(BN_bn2dec(NULL));
+    ExpectNull(BN_bn2dec(&emptyBN));
+
+    ExpectNotNull(c = BN_bin2bn(NULL, 0, NULL));
+    BN_clear(c);
+    BN_free(c);
+    c = NULL;
+
+    ExpectNotNull(BN_bin2bn(NULL, sizeof(binNum), a));
+    BN_free(a);
+    a = NULL;
+    ExpectNotNull(a = BN_new());
+    ExpectIntEQ(BN_set_word(a, 2), 1);
+    ExpectNull(BN_bin2bn(binNum, -1, a));
+    ExpectNull(BN_bin2bn(binNum, -1, NULL));
+    ExpectNull(BN_bin2bn(binNum, sizeof(binNum), &emptyBN));
+
+    ExpectIntEQ(BN_hex2bn(NULL, NULL), 0);
+    ExpectIntEQ(BN_hex2bn(NULL, numberStr), 0);
+    ExpectIntEQ(BN_hex2bn(&a, NULL), 0);
+    ExpectIntEQ(BN_hex2bn(&a, emptyStr), 0);
+    ExpectIntEQ(BN_hex2bn(&a, badStr), 0);
+    ExpectIntEQ(BN_hex2bn(&c, badStr), 0);
+
+    ExpectIntEQ(BN_dec2bn(NULL, NULL), 0);
+    ExpectIntEQ(BN_dec2bn(NULL, numberStr), 0);
+    ExpectIntEQ(BN_dec2bn(&a, NULL), 0);
+    ExpectIntEQ(BN_dec2bn(&a, emptyStr), 0);
+    ExpectIntEQ(BN_dec2bn(&a, badStr), 0);
+    ExpectIntEQ(BN_dec2bn(&c, badStr), 0);
+
+    ExpectIntEQ(BN_set_word(a, 2), 1);
+
+    ExpectIntEQ(BN_bn2bin(a, NULL), 1);
+    ExpectIntEQ(BN_bn2bin(a, outNum), 1);
+    ExpectNotNull(BN_bin2bn(outNum, 1, b));
+    ExpectIntEQ(BN_cmp(a, b), 0);
+    ExpectNotNull(BN_bin2bn(binNum, sizeof(binNum), b));
+    ExpectIntEQ(BN_cmp(a, b), -1);
+
+    ExpectNotNull(str = BN_bn2hex(a));
+    ExpectNotNull(BN_hex2bn(&b, str));
+    ExpectIntEQ(BN_cmp(a, b), 0);
+    ExpectNotNull(BN_hex2bn(&b, numberStr));
+    ExpectIntEQ(BN_cmp(a, b), -1);
+    XFREE(str, NULL, DYNAMIC_TYPE_OPENSSL);
+    str = NULL;
+
+#if defined(WOLFSSL_KEY_GEN) || defined(HAVE_COMP_KEY)
+    ExpectNotNull(str = BN_bn2dec(a));
+    ExpectStrEQ(str, twoStr);
+    XFREE(str, NULL, DYNAMIC_TYPE_OPENSSL);
+    str = NULL;
+
+#ifndef NO_RSA
+    ExpectNotNull(str = BN_bn2dec(a));
+    ExpectNotNull(BN_dec2bn(&b, str));
+    ExpectIntEQ(BN_cmp(a, b), 0);
+    ExpectNotNull(BN_dec2bn(&b, numberStr));
+    ExpectIntEQ(BN_cmp(a, b), -1);
+    XFREE(str, NULL, DYNAMIC_TYPE_OPENSSL);
+    str = NULL;
+#else
+    /* No implementation - fail with good parameters. */
+    ExpectIntEQ(BN_dec2bn(&a, numberStr), 0);
+#endif
+#endif
+
+    BN_free(b);
+    BN_free(a);
+#endif /* defined(OPENSSL_EXTRA) && !defined(NO_ASN) */
+    return EXPECT_RESULT();
+}
+
+int test_wolfSSL_BN_word(void)
+{
+    EXPECT_DECLS;
+#if defined(OPENSSL_EXTRA) && !defined(NO_ASN) && !defined(WOLFSSL_SP_MATH)
+    BIGNUM* a = NULL;
+    BIGNUM* b = NULL;
+    BIGNUM* c = NULL;
+    BIGNUM av;
+
+    ExpectNotNull(a = BN_new());
+    ExpectNotNull(b = BN_new());
+    ExpectNotNull(c = BN_new());
+    XMEMSET(&av, 0, sizeof(av));
+
+    /* Invalid parameter. */
+    ExpectIntEQ(BN_add_word(NULL, 3), 0);
+    ExpectIntEQ(BN_add_word(&av, 3), 0);
+    ExpectIntEQ(BN_sub_word(NULL, 3), 0);
+    ExpectIntEQ(BN_sub_word(&av, 3), 0);
+    ExpectIntEQ(BN_set_word(NULL, 3), 0);
+    ExpectIntEQ(BN_set_word(&av, 3), 0);
+    ExpectIntEQ(BN_get_word(NULL), 0);
+    ExpectIntEQ(BN_get_word(&av), 0);
+    ExpectIntEQ(BN_is_word(NULL, 3), 0);
+    ExpectIntEQ(BN_is_word(&av, 3), 0);
+#if defined(WOLFSSL_KEY_GEN) && (!defined(NO_RSA) || !defined(NO_DH) || \
+    !defined(NO_DSA))
+    ExpectIntEQ(BN_mod_word(NULL, 3), -1);
+    ExpectIntEQ(BN_mod_word(&av, 3), -1);
+#endif
+    ExpectIntEQ(BN_one(NULL), 0);
+    ExpectIntEQ(BN_one(&av), 0);
+    BN_zero(NULL);
+    BN_zero(&av);
+    ExpectIntEQ(BN_is_one(NULL), 0);
+    ExpectIntEQ(BN_is_one(&av), 0);
+    ExpectIntEQ(BN_is_zero(NULL), 0);
+    ExpectIntEQ(BN_is_zero(&av), 0);
+
+    ExpectIntEQ(BN_set_word(a, 3), 1);
+    ExpectIntEQ(BN_set_word(b, 2), 1);
+    ExpectIntEQ(BN_set_word(c, 5), 1);
+
+    /* a + 3 = */
+    ExpectIntEQ(BN_add_word(a, 3), 1);
+
+    /* check result 3 + 3*/
+    ExpectIntEQ(BN_get_word(a), 6);
+    ExpectIntEQ(BN_is_word(a, 6), 1);
+    ExpectIntEQ(BN_is_word(a, 5), 0);
+
+    /* set a back to 3 */
+    ExpectIntEQ(BN_set_word(a, 3), 1);
+
+    /* a - 3 = */
+    ExpectIntEQ(BN_sub_word(a, 3), 1);
+
+    /* check result 3 - 3*/
+    ExpectIntEQ(BN_get_word(a), 0);
+
+    ExpectIntEQ(BN_one(a), 1);
+    ExpectIntEQ(BN_is_word(a, 1), 1);
+    ExpectIntEQ(BN_is_word(a, 0), 0);
+    ExpectIntEQ(BN_is_one(a), 1);
+    ExpectIntEQ(BN_is_zero(a), 0);
+    BN_zero(a);
+    ExpectIntEQ(BN_is_word(a, 0), 1);
+    ExpectIntEQ(BN_is_word(a, 1), 0);
+    ExpectIntEQ(BN_is_zero(a), 1);
+    ExpectIntEQ(BN_is_one(a), 0);
+
+#if defined(WOLFSSL_KEY_GEN) && (!defined(NO_RSA) || !defined(NO_DH) || \
+    !defined(NO_DSA))
+    ExpectIntEQ(BN_set_word(a, 5), 1);
+    ExpectIntEQ(BN_mod_word(a, 3), 2);
+    ExpectIntEQ(BN_mod_word(a, 0), -1);
+#endif
+
+    ExpectIntEQ(BN_set_word(a, 5), 1);
+    ExpectIntEQ(BN_mul_word(a, 5), 1);
+    /* check result 5 * 5 */
+    ExpectIntEQ(BN_get_word(a), 25);
+#if defined(WOLFSSL_SP_MATH) || defined(WOLFSSL_SP_MATH_ALL)
+    ExpectIntEQ(BN_div_word(a, 5), 1);
+    /* check result 25 / 5 */
+    ExpectIntEQ(BN_get_word(a), 5);
+#endif
+
+    BN_free(c);
+    BN_free(b);
+    BN_free(a);
+#endif /* defined(OPENSSL_EXTRA) && !defined(NO_ASN) */
+    return EXPECT_RESULT();
+}
+
+int test_wolfSSL_BN_bits(void)
+{
+    EXPECT_DECLS;
+#if defined(OPENSSL_EXTRA) && !defined(NO_ASN) && \
+    !defined(OPENSSL_EXTRA_NO_BN) && !defined(WOLFSSL_SP_MATH)
+    BIGNUM* a = NULL;
+    BIGNUM emptyBN;
+
+    /* Setup */
+    XMEMSET(&emptyBN, 0, sizeof(emptyBN));
+    ExpectNotNull(a = BN_new());
+
+    /* Invalid parameters. */
+    ExpectIntEQ(BN_set_bit(NULL, 1), 0);
+    ExpectIntEQ(BN_set_bit(&emptyBN, 1), 0);
+    ExpectIntEQ(BN_set_bit(a, -1), 0);
+    ExpectIntEQ(BN_clear_bit(NULL, 1), 0);
+    ExpectIntEQ(BN_clear_bit(&emptyBN, 1), 0);
+    ExpectIntEQ(BN_clear_bit(a, -1), 0);
+    ExpectIntEQ(BN_is_bit_set(NULL, 1), 0);
+    ExpectIntEQ(BN_is_bit_set(&emptyBN, 1), 0);
+    ExpectIntEQ(BN_is_bit_set(a, -1), 0);
+    ExpectIntEQ(BN_is_odd(NULL), 0);
+    ExpectIntEQ(BN_is_odd(&emptyBN), 0);
+
+    ExpectIntEQ(BN_set_word(a, 0), 1);
+    ExpectIntEQ(BN_is_zero(a), 1);
+    ExpectIntEQ(BN_set_bit(a, 0x45), 1);
+    ExpectIntEQ(BN_is_zero(a), 0);
+    ExpectIntEQ(BN_is_bit_set(a, 0x45), 1);
+    ExpectIntEQ(BN_clear_bit(a, 0x45), 1);
+    ExpectIntEQ(BN_is_bit_set(a, 0x45), 0);
+    ExpectIntEQ(BN_is_zero(a), 1);
+
+    ExpectIntEQ(BN_set_bit(a, 0), 1);
+    ExpectIntEQ(BN_is_odd(a), 1);
+    ExpectIntEQ(BN_clear_bit(a, 0), 1);
+    ExpectIntEQ(BN_is_odd(a), 0);
+    ExpectIntEQ(BN_set_bit(a, 1), 1);
+    ExpectIntEQ(BN_is_odd(a), 0);
+
+    ExpectIntEQ(BN_set_bit(a, 129), 1);
+    ExpectIntEQ(BN_get_word(a), WOLFSSL_BN_MAX_VAL);
+
+#ifndef NO_WOLFSSL_STUB
+    ExpectIntEQ(BN_mask_bits(a, 1), 0);
+#endif
+
+    BN_free(a);
+#endif
+    return EXPECT_RESULT();
+}
+
+int test_wolfSSL_BN_shift(void)
+{
+    EXPECT_DECLS;
+#if defined(OPENSSL_EXTRA) && !defined(NO_ASN) && \
+    !defined(OPENSSL_EXTRA_NO_BN) && !defined(WOLFSSL_SP_MATH)
+    BIGNUM* a = NULL;
+    BIGNUM* b = NULL;
+    BIGNUM emptyBN;
+
+    /* Setup */
+    XMEMSET(&emptyBN, 0, sizeof(emptyBN));
+    ExpectNotNull(a = BN_new());
+    ExpectNotNull(b = BN_new());
+
+    /* Invalid parameters. */
+    ExpectIntEQ(BN_lshift(NULL, NULL, 1), 0);
+    ExpectIntEQ(BN_lshift(&emptyBN, NULL, 1), 0);
+    ExpectIntEQ(BN_lshift(NULL, &emptyBN, 1), 0);
+    ExpectIntEQ(BN_lshift(b, NULL, 1), 0);
+    ExpectIntEQ(BN_lshift(b, &emptyBN, 1), 0);
+    ExpectIntEQ(BN_lshift(NULL, a, 1), 0);
+    ExpectIntEQ(BN_lshift(&emptyBN, a, 1), 0);
+    ExpectIntEQ(BN_lshift(b, a, -1), 0);
+
+    ExpectIntEQ(BN_rshift(NULL, NULL, 1), 0);
+    ExpectIntEQ(BN_rshift(&emptyBN, NULL, 1), 0);
+    ExpectIntEQ(BN_rshift(NULL, &emptyBN, 1), 0);
+    ExpectIntEQ(BN_rshift(b, NULL, 1), 0);
+    ExpectIntEQ(BN_rshift(b, &emptyBN, 1), 0);
+    ExpectIntEQ(BN_rshift(NULL, a, 1), 0);
+    ExpectIntEQ(BN_rshift(&emptyBN, a, 1), 0);
+    ExpectIntEQ(BN_rshift(b, a, -1), 0);
+
+    ExpectIntEQ(BN_set_word(a, 1), 1);
+    ExpectIntEQ(BN_lshift(b, a, 1), 1);
+    ExpectIntEQ(BN_is_word(b, 2), 1);
+    ExpectIntEQ(BN_lshift(a, a, 1), 1);
+    ExpectIntEQ(BN_is_word(a, 2), 1);
+    ExpectIntEQ(BN_rshift(b, a, 1), 1);
+    ExpectIntEQ(BN_is_word(b, 1), 1);
+    ExpectIntEQ(BN_rshift(a, a, 1), 1);
+    ExpectIntEQ(BN_is_word(a, 1), 1);
+
+    BN_free(b);
+    BN_free(a);
+#endif
+    return EXPECT_RESULT();
+}
+
+int test_wolfSSL_BN_math(void)
+{
+    EXPECT_DECLS;
+#if defined(OPENSSL_EXTRA) && !defined(NO_ASN) && \
+    !defined(OPENSSL_EXTRA_NO_BN) && !defined(WOLFSSL_SP_MATH)
+    BIGNUM* a = NULL;
+    BIGNUM* b = NULL;
+    BIGNUM* r = NULL;
+    BIGNUM* rem = NULL;
+    BIGNUM emptyBN;
+    BN_ULONG val1;
+    BN_ULONG val2;
+
+    /* Setup */
+    XMEMSET(&emptyBN, 0, sizeof(emptyBN));
+    ExpectNotNull(a = BN_new());
+    ExpectNotNull(b = BN_new());
+    ExpectNotNull(r = BN_new());
+    ExpectNotNull(rem = BN_new());
+
+    /* Invalid parameters. */
+    ExpectIntEQ(BN_add(NULL, NULL, NULL), 0);
+    ExpectIntEQ(BN_add(r, NULL, NULL), 0);
+    ExpectIntEQ(BN_add(NULL, a, NULL), 0);
+    ExpectIntEQ(BN_add(NULL, NULL, b), 0);
+    ExpectIntEQ(BN_add(r, a, NULL), 0);
+    ExpectIntEQ(BN_add(r, NULL, b), 0);
+    ExpectIntEQ(BN_add(NULL, a, b), 0);
+
+    ExpectIntEQ(BN_add(&emptyBN, &emptyBN, &emptyBN), 0);
+    ExpectIntEQ(BN_add(r, &emptyBN, &emptyBN), 0);
+    ExpectIntEQ(BN_add(&emptyBN, a, &emptyBN), 0);
+    ExpectIntEQ(BN_add(&emptyBN, &emptyBN, b), 0);
+    ExpectIntEQ(BN_add(r, a, &emptyBN), 0);
+    ExpectIntEQ(BN_add(r, &emptyBN, b), 0);
+    ExpectIntEQ(BN_add(&emptyBN, a, b), 0);
+
+    ExpectIntEQ(BN_sub(NULL, NULL, NULL), 0);
+    ExpectIntEQ(BN_sub(r, NULL, NULL), 0);
+    ExpectIntEQ(BN_sub(NULL, a, NULL), 0);
+    ExpectIntEQ(BN_sub(NULL, NULL, b), 0);
+    ExpectIntEQ(BN_sub(r, a, NULL), 0);
+    ExpectIntEQ(BN_sub(r, NULL, b), 0);
+    ExpectIntEQ(BN_sub(NULL, a, b), 0);
+
+    ExpectIntEQ(BN_sub(&emptyBN, &emptyBN, &emptyBN), 0);
+    ExpectIntEQ(BN_sub(r, &emptyBN, &emptyBN), 0);
+    ExpectIntEQ(BN_sub(&emptyBN, a, &emptyBN), 0);
+    ExpectIntEQ(BN_sub(&emptyBN, &emptyBN, b), 0);
+    ExpectIntEQ(BN_sub(r, a, &emptyBN), 0);
+    ExpectIntEQ(BN_sub(r, &emptyBN, b), 0);
+    ExpectIntEQ(BN_sub(&emptyBN, a, b), 0);
+
+    ExpectIntEQ(BN_mul(NULL, NULL, NULL, NULL), 0);
+    ExpectIntEQ(BN_mul(r, NULL, NULL, NULL), 0);
+    ExpectIntEQ(BN_mul(NULL, a, NULL, NULL), 0);
+    ExpectIntEQ(BN_mul(NULL, NULL, b, NULL), 0);
+    ExpectIntEQ(BN_mul(r, a, NULL, NULL), 0);
+    ExpectIntEQ(BN_mul(r, NULL, b, NULL), 0);
+    ExpectIntEQ(BN_mul(NULL, a, b, NULL), 0);
+
+    ExpectIntEQ(BN_mul(&emptyBN, &emptyBN, &emptyBN, NULL), 0);
+    ExpectIntEQ(BN_mul(r, &emptyBN, &emptyBN, NULL), 0);
+    ExpectIntEQ(BN_mul(&emptyBN, a, &emptyBN, NULL), 0);
+    ExpectIntEQ(BN_mul(&emptyBN, &emptyBN, b, NULL), 0);
+    ExpectIntEQ(BN_mul(r, a, &emptyBN, NULL), 0);
+    ExpectIntEQ(BN_mul(r, &emptyBN, b, NULL), 0);
+    ExpectIntEQ(BN_mul(&emptyBN, a, b, NULL), 0);
+
+    ExpectIntEQ(BN_div(NULL, NULL, NULL, NULL, NULL), 0);
+    ExpectIntEQ(BN_div(r, NULL, NULL, NULL, NULL), 0);
+    ExpectIntEQ(BN_div(NULL, rem, NULL, NULL, NULL), 0);
+    ExpectIntEQ(BN_div(NULL, NULL, a, NULL, NULL), 0);
+    ExpectIntEQ(BN_div(NULL, NULL, NULL, b, NULL), 0);
+    ExpectIntEQ(BN_div(NULL, rem, a, b, NULL), 0);
+    ExpectIntEQ(BN_div(r, NULL, a, b, NULL), 0);
+    ExpectIntEQ(BN_div(r, rem, NULL, b, NULL), 0);
+    ExpectIntEQ(BN_div(r, rem, a, NULL, NULL), 0);
+
+    ExpectIntEQ(BN_div(&emptyBN, &emptyBN, &emptyBN, &emptyBN, NULL), 0);
+    ExpectIntEQ(BN_div(r, &emptyBN, &emptyBN, &emptyBN, NULL), 0);
+    ExpectIntEQ(BN_div(&emptyBN, rem, &emptyBN, &emptyBN, NULL), 0);
+    ExpectIntEQ(BN_div(&emptyBN, &emptyBN, a, &emptyBN, NULL), 0);
+    ExpectIntEQ(BN_div(&emptyBN, &emptyBN, &emptyBN, b, NULL), 0);
+    ExpectIntEQ(BN_div(&emptyBN, rem, a, b, NULL), 0);
+    ExpectIntEQ(BN_div(r, &emptyBN, a, b, NULL), 0);
+    ExpectIntEQ(BN_div(r, rem, &emptyBN, b, NULL), 0);
+    ExpectIntEQ(BN_div(r, rem, a, &emptyBN, NULL), 0);
+
+    ExpectIntEQ(BN_mod(NULL, NULL, NULL, NULL), 0);
+    ExpectIntEQ(BN_mod(r, NULL, NULL, NULL), 0);
+    ExpectIntEQ(BN_mod(NULL, a, NULL, NULL), 0);
+    ExpectIntEQ(BN_mod(NULL, NULL, b, NULL), 0);
+    ExpectIntEQ(BN_mod(r, a, NULL, NULL), 0);
+    ExpectIntEQ(BN_mod(r, NULL, b, NULL), 0);
+    ExpectIntEQ(BN_mod(NULL, a, b, NULL), 0);
+
+    ExpectIntEQ(BN_mod(&emptyBN, &emptyBN, &emptyBN, NULL), 0);
+    ExpectIntEQ(BN_mod(r, &emptyBN, &emptyBN, NULL), 0);
+    ExpectIntEQ(BN_mod(&emptyBN, a, &emptyBN, NULL), 0);
+    ExpectIntEQ(BN_mod(&emptyBN, &emptyBN, b, NULL), 0);
+    ExpectIntEQ(BN_mod(r, a, &emptyBN, NULL), 0);
+    ExpectIntEQ(BN_mod(r, &emptyBN, b, NULL), 0);
+    ExpectIntEQ(BN_mod(&emptyBN, a, b, NULL), 0);
+    /* END Invalid parameters. */
+
+    val1 = 8;
+    val2 = 3;
+    ExpectIntEQ(BN_set_word(a, val1), 1);
+    ExpectIntEQ(BN_set_word(b, val2), 1);
+    ExpectIntEQ(BN_add(r, a, b), 1);
+    ExpectIntEQ(BN_is_word(r, val1 + val2), 1);
+    ExpectIntEQ(BN_sub(r, a, b), 1);
+    ExpectIntEQ(BN_is_word(r, val1 - val2), 1);
+    ExpectIntEQ(BN_mul(r, a, b, NULL), 1);
+    ExpectIntEQ(BN_is_word(r, val1 * val2), 1);
+    ExpectIntEQ(BN_div(r, rem, a, b, NULL), 1);
+    ExpectIntEQ(BN_is_word(r, val1 / val2), 1);
+    ExpectIntEQ(BN_is_word(rem, val1 % val2), 1);
+    ExpectIntEQ(BN_mod(r, a, b, NULL), 1);
+    ExpectIntEQ(BN_is_word(r, val1 % val2), 1);
+
+    BN_free(rem);
+    BN_free(r);
+    BN_free(b);
+    BN_free(a);
+#endif
+    return EXPECT_RESULT();
+}
+
+int test_wolfSSL_BN_math_mod(void)
+{
+    EXPECT_DECLS;
+#if defined(OPENSSL_EXTRA) && !defined(NO_ASN) && \
+    !defined(OPENSSL_EXTRA_NO_BN) && !defined(WOLFSSL_SP_MATH)
+    BIGNUM* a = NULL;
+    BIGNUM* b = NULL;
+    BIGNUM* m = NULL;
+    BIGNUM* r = NULL;
+    BIGNUM* t = NULL;
+    BIGNUM emptyBN;
+    BN_ULONG val1;
+    BN_ULONG val2;
+    BN_ULONG val3;
+
+    /* Setup */
+    XMEMSET(&emptyBN, 0, sizeof(emptyBN));
+    ExpectNotNull(a = BN_new());
+    ExpectNotNull(b = BN_new());
+    ExpectNotNull(m = BN_new());
+    ExpectNotNull(r = BN_new());
+
+    /* Invalid parameters. */
+    ExpectIntEQ(BN_mod_add(NULL, NULL, NULL, NULL, NULL), 0);
+    ExpectIntEQ(BN_mod_add(r, NULL, NULL, NULL, NULL), 0);
+    ExpectIntEQ(BN_mod_add(NULL, a, NULL, NULL, NULL), 0);
+    ExpectIntEQ(BN_mod_add(NULL, NULL, b, NULL, NULL), 0);
+    ExpectIntEQ(BN_mod_add(NULL, NULL, NULL, m, NULL), 0);
+    ExpectIntEQ(BN_mod_add(NULL, a, b, m, NULL), 0);
+    ExpectIntEQ(BN_mod_add(r, NULL, b, m, NULL), 0);
+    ExpectIntEQ(BN_mod_add(r, a, NULL, m, NULL), 0);
+    ExpectIntEQ(BN_mod_add(r, a, m, NULL, NULL), 0);
+
+    ExpectIntEQ(BN_mod_add(&emptyBN, &emptyBN, &emptyBN, &emptyBN, NULL), 0);
+    ExpectIntEQ(BN_mod_add(r, &emptyBN, &emptyBN, &emptyBN, NULL), 0);
+    ExpectIntEQ(BN_mod_add(&emptyBN, a, &emptyBN, &emptyBN, NULL), 0);
+    ExpectIntEQ(BN_mod_add(&emptyBN, &emptyBN, b, &emptyBN, NULL), 0);
+    ExpectIntEQ(BN_mod_add(&emptyBN, &emptyBN, &emptyBN, m, NULL), 0);
+    ExpectIntEQ(BN_mod_add(&emptyBN, a, b, m, NULL), 0);
+    ExpectIntEQ(BN_mod_add(r, &emptyBN, b, m, NULL), 0);
+    ExpectIntEQ(BN_mod_add(r, a, &emptyBN, m, NULL), 0);
+    ExpectIntEQ(BN_mod_add(r, a, m, &emptyBN, NULL), 0);
+
+    ExpectIntEQ(BN_mod_mul(NULL, NULL, NULL, NULL, NULL), 0);
+    ExpectIntEQ(BN_mod_mul(r, NULL, NULL, NULL, NULL), 0);
+    ExpectIntEQ(BN_mod_mul(NULL, a, NULL, NULL, NULL), 0);
+    ExpectIntEQ(BN_mod_mul(NULL, NULL, b, NULL, NULL), 0);
+    ExpectIntEQ(BN_mod_mul(NULL, NULL, NULL, m, NULL), 0);
+    ExpectIntEQ(BN_mod_mul(NULL, a, b, m, NULL), 0);
+    ExpectIntEQ(BN_mod_mul(r, NULL, b, m, NULL), 0);
+    ExpectIntEQ(BN_mod_mul(r, a, NULL, m, NULL), 0);
+    ExpectIntEQ(BN_mod_mul(r, a, m, NULL, NULL), 0);
+
+    ExpectIntEQ(BN_mod_mul(&emptyBN, &emptyBN, &emptyBN, &emptyBN, NULL), 0);
+    ExpectIntEQ(BN_mod_mul(r, &emptyBN, &emptyBN, &emptyBN, NULL), 0);
+    ExpectIntEQ(BN_mod_mul(&emptyBN, a, &emptyBN, &emptyBN, NULL), 0);
+    ExpectIntEQ(BN_mod_mul(&emptyBN, &emptyBN, b, &emptyBN, NULL), 0);
+    ExpectIntEQ(BN_mod_mul(&emptyBN, &emptyBN, &emptyBN, m, NULL), 0);
+    ExpectIntEQ(BN_mod_mul(&emptyBN, a, b, m, NULL), 0);
+    ExpectIntEQ(BN_mod_mul(r, &emptyBN, b, m, NULL), 0);
+    ExpectIntEQ(BN_mod_mul(r, a, &emptyBN, m, NULL), 0);
+    ExpectIntEQ(BN_mod_mul(r, a, m, &emptyBN, NULL), 0);
+
+    ExpectIntEQ(BN_mod_exp(NULL, NULL, NULL, NULL, NULL), 0);
+    ExpectIntEQ(BN_mod_exp(r, NULL, NULL, NULL, NULL), 0);
+    ExpectIntEQ(BN_mod_exp(NULL, a, NULL, NULL, NULL), 0);
+    ExpectIntEQ(BN_mod_exp(NULL, NULL, b, NULL, NULL), 0);
+    ExpectIntEQ(BN_mod_exp(NULL, NULL, NULL, m, NULL), 0);
+    ExpectIntEQ(BN_mod_exp(NULL, a, b, m, NULL), 0);
+    ExpectIntEQ(BN_mod_exp(r, NULL, b, m, NULL), 0);
+    ExpectIntEQ(BN_mod_exp(r, a, NULL, m, NULL), 0);
+    ExpectIntEQ(BN_mod_exp(r, a, m, NULL, NULL), 0);
+
+    ExpectIntEQ(BN_mod_exp(&emptyBN, &emptyBN, &emptyBN, &emptyBN, NULL), 0);
+    ExpectIntEQ(BN_mod_exp(r, &emptyBN, &emptyBN, &emptyBN, NULL), 0);
+    ExpectIntEQ(BN_mod_exp(&emptyBN, a, &emptyBN, &emptyBN, NULL), 0);
+    ExpectIntEQ(BN_mod_exp(&emptyBN, &emptyBN, b, &emptyBN, NULL), 0);
+    ExpectIntEQ(BN_mod_exp(&emptyBN, &emptyBN, &emptyBN, m, NULL), 0);
+    ExpectIntEQ(BN_mod_exp(&emptyBN, a, b, m, NULL), 0);
+    ExpectIntEQ(BN_mod_exp(r, &emptyBN, b, m, NULL), 0);
+    ExpectIntEQ(BN_mod_exp(r, a, &emptyBN, m, NULL), 0);
+    ExpectIntEQ(BN_mod_exp(r, a, m, &emptyBN, NULL), 0);
+
+    ExpectNull(BN_mod_inverse(r, NULL, NULL, NULL));
+    ExpectNull(BN_mod_inverse(r, a, NULL, NULL));
+    ExpectNull(BN_mod_inverse(r, NULL, m, NULL));
+    ExpectNull(BN_mod_inverse(r, NULL, m, NULL));
+    ExpectNull(BN_mod_inverse(r, a, NULL, NULL));
+
+    ExpectNull(BN_mod_inverse(&emptyBN, &emptyBN, &emptyBN, NULL));
+    ExpectNull(BN_mod_inverse(r, &emptyBN, &emptyBN, NULL));
+    ExpectNull(BN_mod_inverse(&emptyBN, a, &emptyBN, NULL));
+    ExpectNull(BN_mod_inverse(&emptyBN, &emptyBN, m, NULL));
+    ExpectNull(BN_mod_inverse(&emptyBN, a, m, NULL));
+    ExpectNull(BN_mod_inverse(r, &emptyBN, m, NULL));
+    ExpectNull(BN_mod_inverse(r, a, &emptyBN, NULL));
+    /* END Invalid parameters. */
+
+    val1 = 9;
+    val2 = 13;
+    val3 = 5;
+    ExpectIntEQ(BN_set_word(a, val1), 1);
+    ExpectIntEQ(BN_set_word(b, val2), 1);
+    ExpectIntEQ(BN_set_word(m, val3), 1);
+    ExpectIntEQ(BN_mod_add(r, a, b, m, NULL), 1);
+    ExpectIntEQ(BN_is_word(r, (val1 + val2) % val3), 1);
+    ExpectIntEQ(BN_mod_mul(r, a, b, m, NULL), 1);
+    ExpectIntEQ(BN_is_word(r, (val1 * val2) % val3), 1);
+
+    ExpectIntEQ(BN_set_word(a, 2), 1);
+    ExpectIntEQ(BN_set_word(b, 3), 1);
+    ExpectIntEQ(BN_set_word(m, 5), 1);
+    /* (2 ^ 3) % 5 = 8 % 5 = 3 */
+    ExpectIntEQ(BN_mod_exp(r, a, b, m, NULL), 1);
+    ExpectIntEQ(BN_is_word(r, 3), 1);
+
+    /* (2 * 3) % 5 = 6 % 5 = 1 => inv = 3 */
+    ExpectNotNull(BN_mod_inverse(r, a, m, NULL));
+    ExpectIntEQ(BN_is_word(r, 3), 1);
+    ExpectNotNull(t = BN_mod_inverse(NULL, a, m, NULL));
+    ExpectIntEQ(BN_is_word(t, 3), 1);
+    BN_free(t);
+    /* No inverse case. No inverse when a divides b. */
+    ExpectIntEQ(BN_set_word(a, 3), 1);
+    ExpectIntEQ(BN_set_word(m, 9), 1);
+    ExpectNull(BN_mod_inverse(r, a, m, NULL));
+
+    BN_free(r);
+    BN_free(m);
+    BN_free(b);
+    BN_free(a);
+#endif
+    return EXPECT_RESULT();
+}
+
+int test_wolfSSL_BN_math_other(void)
+{
+    EXPECT_DECLS;
+#if defined(OPENSSL_EXTRA) && !defined(NO_ASN) && \
+    !defined(OPENSSL_EXTRA_NO_BN) && !defined(WOLFSSL_SP_MATH)
+#if !defined(NO_RSA) && defined(WOLFSSL_KEY_GEN)
+    BIGNUM* a = NULL;
+    BIGNUM* b = NULL;
+    BIGNUM* r = NULL;
+    BIGNUM emptyBN;
+
+    /* Setup */
+    XMEMSET(&emptyBN, 0, sizeof(emptyBN));
+    ExpectNotNull(a = BN_new());
+    ExpectNotNull(b = BN_new());
+    ExpectNotNull(r = BN_new());
+
+    /* Invalid parameters. */
+    ExpectIntEQ(BN_gcd(NULL, NULL, NULL, NULL), 0);
+    ExpectIntEQ(BN_gcd(r, NULL, NULL, NULL), 0);
+    ExpectIntEQ(BN_gcd(NULL, a, NULL, NULL), 0);
+    ExpectIntEQ(BN_gcd(NULL, NULL, b, NULL), 0);
+    ExpectIntEQ(BN_gcd(NULL, a, b, NULL), 0);
+    ExpectIntEQ(BN_gcd(r, NULL, b, NULL), 0);
+    ExpectIntEQ(BN_gcd(r, a, NULL, NULL), 0);
+
+    ExpectIntEQ(BN_gcd(&emptyBN, &emptyBN, &emptyBN, NULL), 0);
+    ExpectIntEQ(BN_gcd(r, &emptyBN, &emptyBN, NULL), 0);
+    ExpectIntEQ(BN_gcd(&emptyBN, a, &emptyBN, NULL), 0);
+    ExpectIntEQ(BN_gcd(&emptyBN, &emptyBN, b, NULL), 0);
+    ExpectIntEQ(BN_gcd(&emptyBN, a, b, NULL), 0);
+    ExpectIntEQ(BN_gcd(r, &emptyBN, b, NULL), 0);
+    ExpectIntEQ(BN_gcd(r, a, &emptyBN, NULL), 0);
+    /* END Invalid parameters. */
+
+    /* No common factors between 2 and 3. */
+    ExpectIntEQ(BN_set_word(a, 2), 1);
+    ExpectIntEQ(BN_set_word(b, 3), 1);
+    ExpectIntEQ(BN_gcd(r, a, b, NULL), 1);
+    ExpectIntEQ(BN_is_word(r, 1), 1);
+    /* 3 is largest value that divides both 6 and 9. */
+    ExpectIntEQ(BN_set_word(a, 6), 1);
+    ExpectIntEQ(BN_set_word(b, 9), 1);
+    ExpectIntEQ(BN_gcd(r, a, b, NULL), 1);
+    ExpectIntEQ(BN_is_word(r, 3), 1);
+    /* GCD of 0 and 0 is undefined. */
+    ExpectIntEQ(BN_set_word(a, 0), 1);
+    ExpectIntEQ(BN_set_word(b, 0), 1);
+    ExpectIntEQ(BN_gcd(r, a, b, NULL), 0);
+
+    /* Teardown */
+    BN_free(r);
+    BN_free(b);
+    BN_free(a);
+#endif
+#endif
+    return EXPECT_RESULT();
+}
+
+int test_wolfSSL_BN_rand(void)
+{
+    EXPECT_DECLS;
+#if defined(OPENSSL_EXTRA) && !defined(OPENSSL_EXTRA_NO_BN)
+    BIGNUM* bn = NULL;
+    BIGNUM* range = NULL;
+    BIGNUM emptyBN;
+
+    XMEMSET(&emptyBN, 0, sizeof(emptyBN));
+    ExpectNotNull(bn = BN_new());
+    ExpectNotNull(range = BN_new());
+
+    /* Invalid parameters. */
+    ExpectIntEQ(BN_rand(NULL, -1, 0, 0), 0);
+    ExpectIntEQ(BN_rand(bn, -1, 0, 0), 0);
+    ExpectIntEQ(BN_rand(NULL, 1, 0, 0), 0);
+    ExpectIntEQ(BN_rand(&emptyBN, -1, 0, 0), 0);
+    ExpectIntEQ(BN_rand(bn, -1, 0, 0), 0);
+    ExpectIntEQ(BN_rand(&emptyBN, 1, 0, 0), 0);
+
+    ExpectIntEQ(BN_pseudo_rand(NULL, -1, 0, 0), 0);
+    ExpectIntEQ(BN_pseudo_rand(bn, -1, 0, 0), 0);
+    ExpectIntEQ(BN_pseudo_rand(NULL, 1, 0, 0), 0);
+    ExpectIntEQ(BN_pseudo_rand(&emptyBN, -1, 0, 0), 0);
+    ExpectIntEQ(BN_pseudo_rand(bn, -1, 0, 0), 0);
+    ExpectIntEQ(BN_pseudo_rand(&emptyBN, 1, 0, 0), 0);
+
+    ExpectIntEQ(BN_rand_range(NULL, NULL), 0);
+    ExpectIntEQ(BN_rand_range(bn, NULL), 0);
+    ExpectIntEQ(BN_rand_range(NULL, range), 0);
+    ExpectIntEQ(BN_rand_range(&emptyBN, &emptyBN), 0);
+    ExpectIntEQ(BN_rand_range(bn, &emptyBN), 0);
+    ExpectIntEQ(BN_rand_range(&emptyBN, range), 0);
+
+    /* 0 bit random value must be 0 and so cannot set bit in any position. */
+    ExpectIntEQ(BN_rand(bn, 0, WOLFSSL_BN_RAND_TOP_ONE,
+        WOLFSSL_BN_RAND_BOTTOM_ODD), 0);
+    ExpectIntEQ(BN_rand(bn, 0, WOLFSSL_BN_RAND_TOP_TWO,
+        WOLFSSL_BN_RAND_BOTTOM_ODD), 0);
+    ExpectIntEQ(BN_rand(bn, 0, WOLFSSL_BN_RAND_TOP_ANY,
+        WOLFSSL_BN_RAND_BOTTOM_ODD), 0);
+    ExpectIntEQ(BN_rand(bn, 0, WOLFSSL_BN_RAND_TOP_ONE,
+        WOLFSSL_BN_RAND_BOTTOM_ANY), 0);
+    ExpectIntEQ(BN_rand(bn, 0, WOLFSSL_BN_RAND_TOP_TWO,
+        WOLFSSL_BN_RAND_BOTTOM_ANY), 0);
+    ExpectIntEQ(BN_pseudo_rand(bn, 0, WOLFSSL_BN_RAND_TOP_ONE,
+        WOLFSSL_BN_RAND_BOTTOM_ODD), 0);
+    ExpectIntEQ(BN_pseudo_rand(bn, 0, WOLFSSL_BN_RAND_TOP_TWO,
+        WOLFSSL_BN_RAND_BOTTOM_ODD), 0);
+    ExpectIntEQ(BN_pseudo_rand(bn, 0, WOLFSSL_BN_RAND_TOP_ANY,
+        WOLFSSL_BN_RAND_BOTTOM_ODD), 0);
+    ExpectIntEQ(BN_pseudo_rand(bn, 0, WOLFSSL_BN_RAND_TOP_ONE,
+        WOLFSSL_BN_RAND_BOTTOM_ANY), 0);
+    ExpectIntEQ(BN_pseudo_rand(bn, 0, WOLFSSL_BN_RAND_TOP_TWO,
+        WOLFSSL_BN_RAND_BOTTOM_ANY), 0);
+
+    /* 1 bit random value must have no more than one top bit set. */
+    ExpectIntEQ(BN_rand(bn, 1, WOLFSSL_BN_RAND_TOP_TWO,
+        WOLFSSL_BN_RAND_BOTTOM_ANY), 0);
+    ExpectIntEQ(BN_rand(bn, 1, WOLFSSL_BN_RAND_TOP_TWO,
+        WOLFSSL_BN_RAND_BOTTOM_ODD), 0);
+    ExpectIntEQ(BN_pseudo_rand(bn, 1, WOLFSSL_BN_RAND_TOP_TWO,
+        WOLFSSL_BN_RAND_BOTTOM_ANY), 0);
+    ExpectIntEQ(BN_pseudo_rand(bn, 1, WOLFSSL_BN_RAND_TOP_TWO,
+        WOLFSSL_BN_RAND_BOTTOM_ODD), 0);
+    /* END Invalid parameters. */
+
+    /* 0 bit random: 0. */
+    ExpectIntEQ(BN_rand(bn, 0, WOLFSSL_BN_RAND_TOP_ANY,
+        WOLFSSL_BN_RAND_BOTTOM_ANY), 1);
+    ExpectIntEQ(BN_is_zero(bn), 1);
+
+    ExpectIntEQ(BN_set_word(bn, 2), 1); /* Make sure not zero. */
+    ExpectIntEQ(BN_pseudo_rand(bn, 0, WOLFSSL_BN_RAND_TOP_ANY,
+        WOLFSSL_BN_RAND_BOTTOM_ANY), 1);
+    ExpectIntEQ(BN_is_zero(bn), 1);
+
+    /* 1 bit random: 0 or 1. */
+    ExpectIntEQ(BN_rand(bn, 1, WOLFSSL_BN_RAND_TOP_ANY,
+        WOLFSSL_BN_RAND_BOTTOM_ANY), 1);
+    ExpectIntLT(BN_get_word(bn), 2); /* Make sure valid range. */
+    ExpectIntEQ(BN_rand(bn, 1, WOLFSSL_BN_RAND_TOP_ONE,
+        WOLFSSL_BN_RAND_BOTTOM_ANY), 1);
+    ExpectIntEQ(BN_get_word(bn), 1);
+    ExpectIntEQ(BN_rand(bn, 1, WOLFSSL_BN_RAND_TOP_ONE,
+        WOLFSSL_BN_RAND_BOTTOM_ODD), 1);
+    ExpectIntEQ(BN_get_word(bn), 1);
+
+    ExpectIntEQ(BN_pseudo_rand(bn, 1, WOLFSSL_BN_RAND_TOP_ANY,
+        WOLFSSL_BN_RAND_BOTTOM_ANY), 1);
+    ExpectIntLT(BN_get_word(bn), 2); /* Make sure valid range. */
+    ExpectIntEQ(BN_pseudo_rand(bn, 1, WOLFSSL_BN_RAND_TOP_ONE,
+        WOLFSSL_BN_RAND_BOTTOM_ANY), 1);
+    ExpectIntEQ(BN_get_word(bn), 1);
+    ExpectIntEQ(BN_pseudo_rand(bn, 1, WOLFSSL_BN_RAND_TOP_ONE,
+        WOLFSSL_BN_RAND_BOTTOM_ODD), 1);
+    ExpectIntEQ(BN_get_word(bn), 1);
+
+    ExpectIntEQ(BN_rand(bn, 8, WOLFSSL_BN_RAND_TOP_ONE,
+        WOLFSSL_BN_RAND_BOTTOM_ANY), 1);
+    ExpectIntEQ(BN_num_bits(bn), 8);
+    ExpectIntEQ(BN_is_bit_set(bn, 7), 1);
+    ExpectIntEQ(BN_pseudo_rand(bn, 8, WOLFSSL_BN_RAND_TOP_ONE,
+        WOLFSSL_BN_RAND_BOTTOM_ANY), 1);
+    ExpectIntEQ(BN_num_bits(bn), 8);
+    ExpectIntEQ(BN_is_bit_set(bn, 7), 1);
+
+    ExpectIntEQ(BN_rand(bn, 8, WOLFSSL_BN_RAND_TOP_TWO,
+        WOLFSSL_BN_RAND_BOTTOM_ANY), 1);
+    ExpectIntEQ(BN_is_bit_set(bn, 7), 1);
+    ExpectIntEQ(BN_is_bit_set(bn, 6), 1);
+    ExpectIntEQ(BN_pseudo_rand(bn, 8, WOLFSSL_BN_RAND_TOP_TWO,
+        WOLFSSL_BN_RAND_BOTTOM_ANY), 1);
+    ExpectIntEQ(BN_is_bit_set(bn, 7), 1);
+    ExpectIntEQ(BN_is_bit_set(bn, 6), 1);
+
+    ExpectIntEQ(BN_rand(bn, 8, WOLFSSL_BN_RAND_TOP_ONE,
+        WOLFSSL_BN_RAND_BOTTOM_ODD), 1);
+    ExpectIntEQ(BN_is_bit_set(bn, 0), 1);
+    ExpectIntEQ(BN_pseudo_rand(bn, 8, WOLFSSL_BN_RAND_TOP_ONE,
+        WOLFSSL_BN_RAND_BOTTOM_ODD), 1);
+    ExpectIntEQ(BN_is_bit_set(bn, 0), 1);
+
+    /* Regression test: Older versions of wolfSSL_BN_rand would round the
+     * requested number of bits up to the nearest multiple of 8. E.g. in this
+     * case, requesting a 13-bit random number would actually return a 16-bit
+     * random number. */
+    ExpectIntEQ(BN_rand(bn, 13, WOLFSSL_BN_RAND_TOP_ONE,
+        WOLFSSL_BN_RAND_BOTTOM_ANY), 1);
+    ExpectIntEQ(BN_num_bits(bn), 13);
+
+    ExpectIntEQ(BN_rand(range, 64, WOLFSSL_BN_RAND_TOP_ONE,
+        WOLFSSL_BN_RAND_BOTTOM_ANY), 1);
+    ExpectIntEQ(BN_rand_range(bn, range), 1);
+
+    ExpectIntEQ(BN_set_word(range, 0), 1);
+    ExpectIntEQ(BN_rand_range(bn, range), 1);
+    ExpectIntEQ(BN_set_word(range, 1), 1);
+    ExpectIntEQ(BN_rand_range(bn, range), 1);
+
+    BN_free(bn);
+    BN_free(range);
+#endif
+    return EXPECT_RESULT();
+}
+
+int test_wolfSSL_BN_prime(void)
+{
+    EXPECT_DECLS;
+#if defined(OPENSSL_EXTRA) && !defined(NO_ASN) && \
+    !defined(OPENSSL_EXTRA_NO_BN) && !defined(WOLFSSL_SP_MATH)
+#if defined(WOLFSSL_KEY_GEN) && (!defined(NO_RSA) || !defined(NO_DH) || !defined(NO_DSA))
+    BIGNUM* a = NULL;
+    BIGNUM* add = NULL;
+    BIGNUM* rem = NULL;
+    BIGNUM emptyBN;
+
+    XMEMSET(&emptyBN, 0, sizeof(emptyBN));
+    ExpectNotNull(a = BN_new());
+    ExpectNotNull(add = BN_new());
+    ExpectNotNull(rem = BN_new());
+
+    /* Invalid parameters. */
+    /* BN_generate_prime_ex()
+     * prime - must have valid BIGNUM
+     * bits  - Greater then 0
+     * safe  - not supported, must be 0
+     * add   - not supported, must be NULL
+     * rem   - not supported, must be NULL
+     * cb    - anything
+     */
+    ExpectIntEQ(BN_generate_prime_ex(NULL, -1, 1, add, rem, NULL), 0);
+    ExpectIntEQ(BN_generate_prime_ex(&emptyBN, -1, 1, add, rem, NULL), 0);
+    ExpectIntEQ(BN_generate_prime_ex(a, -1, 1, add, rem, NULL), 0);
+    ExpectIntEQ(BN_generate_prime_ex(NULL, 2, 1, add, rem, NULL), 0);
+    ExpectIntEQ(BN_generate_prime_ex(&emptyBN, 2, 1, add, rem, NULL), 0);
+    ExpectIntEQ(BN_generate_prime_ex(NULL, -1, 0, add, rem, NULL), 0);
+    ExpectIntEQ(BN_generate_prime_ex(&emptyBN, -1, 0, add, rem, NULL), 0);
+    ExpectIntEQ(BN_generate_prime_ex(NULL, -1, 1, NULL, rem, NULL), 0);
+    ExpectIntEQ(BN_generate_prime_ex(&emptyBN, -1, 1, NULL, rem, NULL), 0);
+    ExpectIntEQ(BN_generate_prime_ex(NULL, -1, 1, add, NULL, NULL), 0);
+    ExpectIntEQ(BN_generate_prime_ex(&emptyBN, -1, 1, add, NULL, NULL), 0);
+    ExpectIntEQ(BN_generate_prime_ex(NULL, 2, 0, NULL, NULL, NULL), 0);
+    ExpectIntEQ(BN_generate_prime_ex(&emptyBN, 2, 0, NULL, NULL, NULL), 0);
+    ExpectIntEQ(BN_generate_prime_ex(a, -1, 0, NULL, NULL, NULL), 0);
+    ExpectIntEQ(BN_generate_prime_ex(a, 0, 0, NULL, NULL, NULL), 0);
+    ExpectIntEQ(BN_generate_prime_ex(a, 2, 1, NULL, NULL, NULL), 0);
+    ExpectIntEQ(BN_generate_prime_ex(a, 2, 0, add, NULL, NULL), 0);
+    ExpectIntEQ(BN_generate_prime_ex(a, 2, 0, NULL, rem, NULL), 0);
+
+    ExpectIntEQ(BN_is_prime_ex(NULL, -1, NULL, NULL), -1);
+    ExpectIntEQ(BN_is_prime_ex(&emptyBN, -1, NULL, NULL), -1);
+    ExpectIntEQ(BN_is_prime_ex(a, -1, NULL, NULL), -1);
+    ExpectIntEQ(BN_is_prime_ex(a, 2048, NULL, NULL), -1);
+    ExpectIntEQ(BN_is_prime_ex(NULL, 1, NULL, NULL), -1);
+    ExpectIntEQ(BN_is_prime_ex(&emptyBN, 1, NULL, NULL), -1);
+    /* END Invalid parameters. */
+
+    ExpectIntEQ(BN_generate_prime_ex(a, 512, 0, NULL, NULL, NULL), 1);
+    ExpectIntEQ(BN_is_prime_ex(a, 8, NULL, NULL), 1);
+
+    ExpectIntEQ(BN_clear_bit(a, 0), 1);
+    ExpectIntEQ(BN_is_prime_ex(a, 8, NULL, NULL), 0);
+
+    BN_free(rem);
+    BN_free(add);
+    BN_free(a);
+#endif
+#endif /* defined(OPENSSL_EXTRA) && !defined(NO_ASN) */
+    return EXPECT_RESULT();
+}
+
diff --git a/tests/api/test_ossl_bn.h b/tests/api/test_ossl_bn.h
new file mode 100644
index 000000000..2793533b9
--- /dev/null
+++ b/tests/api/test_ossl_bn.h
@@ -0,0 +1,54 @@
+/* test_ossl_bn.h
+ *
+ * Copyright (C) 2006-2025 wolfSSL Inc.
+ *
+ * This file is part of wolfSSL.
+ *
+ * wolfSSL is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * wolfSSL is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA
+ */
+
+#ifndef WOLFCRYPT_TEST_OSSL_BN_H
+#define WOLFCRYPT_TEST_OSSL_BN_H
+
+#include <tests/api/api_decl.h>
+
+int test_wolfSSL_BN_CTX(void);
+int test_wolfSSL_BN(void);
+int test_wolfSSL_BN_init(void);
+int test_wolfSSL_BN_enc_dec(void);
+int test_wolfSSL_BN_word(void);
+int test_wolfSSL_BN_bits(void);
+int test_wolfSSL_BN_shift(void);
+int test_wolfSSL_BN_math(void);
+int test_wolfSSL_BN_math_mod(void);
+int test_wolfSSL_BN_math_other(void);
+int test_wolfSSL_BN_rand(void);
+int test_wolfSSL_BN_prime(void);
+
+#define TEST_OSSL_ASN1_BN_DECLS                             \
+    TEST_DECL_GROUP("ossl_bn", test_wolfSSL_BN_CTX),        \
+    TEST_DECL_GROUP("ossl_bn", test_wolfSSL_BN),            \
+    TEST_DECL_GROUP("ossl_bn", test_wolfSSL_BN_init),       \
+    TEST_DECL_GROUP("ossl_bn", test_wolfSSL_BN_enc_dec),    \
+    TEST_DECL_GROUP("ossl_bn", test_wolfSSL_BN_word),       \
+    TEST_DECL_GROUP("ossl_bn", test_wolfSSL_BN_bits),       \
+    TEST_DECL_GROUP("ossl_bn", test_wolfSSL_BN_shift),      \
+    TEST_DECL_GROUP("ossl_bn", test_wolfSSL_BN_math),       \
+    TEST_DECL_GROUP("ossl_bn", test_wolfSSL_BN_math_mod),   \
+    TEST_DECL_GROUP("ossl_bn", test_wolfSSL_BN_math_other), \
+    TEST_DECL_GROUP("ossl_bn", test_wolfSSL_BN_rand),       \
+    TEST_DECL_GROUP("ossl_bn", test_wolfSSL_BN_prime)
+
+#endif /* WOLFCRYPT_TEST_OSSL_BN_H */
diff --git a/tests/api/test_ossl_cipher.c b/tests/api/test_ossl_cipher.c
new file mode 100644
index 000000000..bbd09f099
--- /dev/null
+++ b/tests/api/test_ossl_cipher.c
@@ -0,0 +1,954 @@
+/* test_ossl_cipher.c
+ *
+ * Copyright (C) 2006-2025 wolfSSL Inc.
+ *
+ * This file is part of wolfSSL.
+ *
+ * wolfSSL is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * wolfSSL is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA
+ */
+
+#include <tests/unit.h>
+
+#ifdef NO_INLINE
+    #include <wolfssl/wolfcrypt/misc.h>
+#else
+    #define WOLFSSL_MISC_INCLUDED
+    #include <wolfcrypt/src/misc.c>
+#endif
+
+#include <wolfssl/openssl/des.h>
+#include <wolfssl/openssl/aes.h>
+#include <wolfssl/openssl/rc4.h>
+#include <wolfssl/openssl/modes.h>
+#include <wolfssl/wolfcrypt/types.h>
+#include <tests/api/api.h>
+#include <tests/api/test_ossl_cipher.h>
+
+/*******************************************************************************
+ * Cipher OpenSSL compatibility API Testing
+ ******************************************************************************/
+
+int test_wolfSSL_DES(void)
+{
+    EXPECT_DECLS;
+#if defined(OPENSSL_EXTRA) && !defined(NO_DES3)
+    const_DES_cblock myDes;
+    DES_cblock iv;
+    DES_key_schedule key;
+    word32 i = 0;
+    DES_LONG dl = 0;
+    unsigned char msg[] = "hello wolfssl";
+    unsigned char weakKey[][8] = {
+        { 0x01, 0x01, 0x01, 0x01, 0x01, 0x01, 0x01, 0x01 },
+        { 0xFE, 0xFE, 0xFE, 0xFE, 0xFE, 0xFE, 0xFE, 0xFE },
+        { 0xE0, 0xE0, 0xE0, 0xE0, 0xF1, 0xF1, 0xF1, 0xF1 },
+        { 0x1F, 0x1F, 0x1F, 0x1F, 0x0E, 0x0E, 0x0E, 0x0E }
+    };
+    unsigned char semiWeakKey[][8] = {
+        { 0x01, 0x1F, 0x01, 0x1F, 0x01, 0x0E, 0x01, 0x0E },
+        { 0x1F, 0x01, 0x1F, 0x01, 0x0E, 0x01, 0x0E, 0x01 },
+        { 0x01, 0xE0, 0x01, 0xE0, 0x01, 0xF1, 0x01, 0xF1 },
+        { 0xE0, 0x01, 0xE0, 0x01, 0xF1, 0x01, 0xF1, 0x01 },
+        { 0x01, 0xFE, 0x01, 0xFE, 0x01, 0xFE, 0x01, 0xFE },
+        { 0xFE, 0x01, 0xFE, 0x01, 0xFE, 0x01, 0xFE, 0x01 },
+        { 0x1F, 0xE0, 0x1F, 0xE0, 0x0E, 0xF1, 0x0E, 0xF1 },
+        { 0xE0, 0x1F, 0xE0, 0x1F, 0xF1, 0x0E, 0xF1, 0x0E },
+        { 0x1F, 0xFE, 0x1F, 0xFE, 0x0E, 0xFE, 0x0E, 0xFE },
+        { 0xFE, 0x1F, 0xFE, 0x1F, 0xFE, 0x0E, 0xFE, 0x0E },
+        { 0xE0, 0xFE, 0xE0, 0xFE, 0xF1, 0xFE, 0xF1, 0xFE },
+        { 0xFE, 0xE0, 0xFE, 0xE0, 0xFE, 0xF1, 0xFE, 0xF1 }
+    };
+
+    /* check, check of odd parity */
+    XMEMSET(myDes, 4, sizeof(const_DES_cblock));
+    XMEMSET(key, 5, sizeof(DES_key_schedule));
+
+    DES_set_key(&myDes, &key);
+
+    myDes[0] = 6; /* set even parity */
+    ExpectIntEQ(DES_set_key_checked(&myDes, &key), -1);
+    ExpectIntNE(key[0], myDes[0]); /* should not have copied over key */
+    ExpectIntEQ(DES_set_key_checked(NULL, NULL), -2);
+    ExpectIntEQ(DES_set_key_checked(&myDes, NULL), -2);
+    ExpectIntEQ(DES_set_key_checked(NULL, &key), -2);
+
+    /* set odd parity for success case */
+    DES_set_odd_parity(&myDes);
+    ExpectIntEQ(DES_check_key_parity(&myDes), 1);
+    fprintf(stderr, "%02x %02x %02x %02x", myDes[0], myDes[1], myDes[2],
+        myDes[3]);
+    ExpectIntEQ(DES_set_key_checked(&myDes, &key), 0);
+    for (i = 0; i < sizeof(DES_key_schedule); i++) {
+        ExpectIntEQ(key[i], myDes[i]);
+    }
+    ExpectIntEQ(DES_is_weak_key(&myDes), 0);
+
+    /* check weak key */
+    XMEMSET(myDes, 1, sizeof(const_DES_cblock));
+    XMEMSET(key, 5, sizeof(DES_key_schedule));
+    ExpectIntEQ(DES_set_key_checked(&myDes, &key), -2);
+    ExpectIntNE(key[0], myDes[0]); /* should not have copied over key */
+
+    DES_set_key_unchecked(NULL, NULL);
+    DES_set_key_unchecked(&myDes, NULL);
+    DES_set_key_unchecked(NULL, &key);
+    /* compare arrays, should be the same */
+    /* now do unchecked copy of a weak key over */
+    DES_set_key_unchecked(&myDes, &key);
+    /* compare arrays, should be the same */
+    for (i = 0; i < sizeof(DES_key_schedule); i++) {
+        ExpectIntEQ(key[i], myDes[i]);
+    }
+    ExpectIntEQ(DES_is_weak_key(&myDes), 1);
+
+    myDes[7] = 2;
+    ExpectIntEQ(DES_set_key_checked(&myDes, &key), 0);
+    ExpectIntEQ(DES_is_weak_key(&myDes), 0);
+    ExpectIntEQ(DES_is_weak_key(NULL), 1);
+
+    /* Test all weak keys. */
+    for (i = 0; i < sizeof(weakKey) / sizeof(*weakKey); i++) {
+        ExpectIntEQ(DES_set_key_checked(&weakKey[i], &key), -2);
+    }
+    /* Test all semi-weak keys. */
+    for (i = 0; i < sizeof(semiWeakKey) / sizeof(*semiWeakKey); i++) {
+        ExpectIntEQ(DES_set_key_checked(&semiWeakKey[i], &key), -2);
+    }
+
+    /* check DES_key_sched API */
+    XMEMSET(key, 1, sizeof(DES_key_schedule));
+    ExpectIntEQ(DES_key_sched(&myDes, NULL), 0);
+    ExpectIntEQ(DES_key_sched(NULL, &key),   0);
+    ExpectIntEQ(DES_key_sched(&myDes, &key), 0);
+    /* compare arrays, should be the same */
+    for (i = 0; i < sizeof(DES_key_schedule); i++) {
+        ExpectIntEQ(key[i], myDes[i]);
+    }
+
+
+    ExpectIntEQ((DES_cbc_cksum(NULL, NULL, 0, NULL, NULL)), 0);
+    ExpectIntEQ((DES_cbc_cksum(msg, NULL, 0, NULL, NULL)), 0);
+    ExpectIntEQ((DES_cbc_cksum(NULL, &key, 0, NULL, NULL)), 0);
+    ExpectIntEQ((DES_cbc_cksum(NULL, NULL, 0, &myDes, NULL)), 0);
+    ExpectIntEQ((DES_cbc_cksum(NULL, NULL, 0, NULL, &iv)), 0);
+    ExpectIntEQ((DES_cbc_cksum(NULL, &key, sizeof(msg), &myDes, &iv)), 0);
+    ExpectIntEQ((DES_cbc_cksum(msg, NULL, sizeof(msg), &myDes, &iv)), 0);
+    ExpectIntEQ((DES_cbc_cksum(msg, &key, sizeof(msg), NULL, &iv)), 0);
+    ExpectIntEQ((DES_cbc_cksum(msg, &key, sizeof(msg), &myDes, NULL)), 0);
+    /* DES_cbc_cksum should return the last 4 of the last 8 bytes after
+     * DES_cbc_encrypt on the input */
+    XMEMSET(iv, 0, sizeof(DES_cblock));
+    XMEMSET(myDes, 5, sizeof(DES_key_schedule));
+    ExpectIntGT((dl = DES_cbc_cksum(msg, &key, sizeof(msg), &myDes, &iv)), 0);
+    ExpectIntEQ(dl, 480052723);
+#endif /* defined(OPENSSL_EXTRA) && !defined(NO_DES3) */
+    return EXPECT_RESULT();
+}
+
+int test_wolfSSL_DES_ncbc(void)
+{
+    EXPECT_DECLS;
+#if defined(OPENSSL_EXTRA) && !defined(NO_DES3)
+    const_DES_cblock myDes;
+    DES_cblock iv = {1};
+    DES_key_schedule key = {0};
+    unsigned char msg[] = "hello wolfssl";
+    unsigned char out[DES_BLOCK_SIZE * 2] = {0};
+    unsigned char pln[DES_BLOCK_SIZE * 2] = {0};
+
+    unsigned char exp[]  = {0x31, 0x98, 0x2F, 0x3A, 0x55, 0xBF, 0xD8, 0xC4};
+    unsigned char exp2[] = {0xC7, 0x45, 0x8B, 0x28, 0x10, 0x53, 0xE0, 0x58};
+
+    /* partial block test */
+    DES_set_key(&key, &myDes);
+    DES_ncbc_encrypt(msg, out, 3, &myDes, &iv, DES_ENCRYPT);
+    ExpectIntEQ(XMEMCMP(exp, out, DES_BLOCK_SIZE), 0);
+    ExpectIntEQ(XMEMCMP(exp, iv, DES_BLOCK_SIZE), 0);
+
+    DES_set_key(&key, &myDes);
+    XMEMSET((byte*)&iv, 0, DES_BLOCK_SIZE);
+    *((byte*)&iv) = 1;
+    DES_ncbc_encrypt(out, pln, 3, &myDes, &iv, DES_DECRYPT);
+    ExpectIntEQ(XMEMCMP(msg, pln, 3), 0);
+    ExpectIntEQ(XMEMCMP(exp, iv, DES_BLOCK_SIZE), 0);
+
+    /* full block test */
+    DES_set_key(&key, &myDes);
+    XMEMSET(pln, 0, DES_BLOCK_SIZE);
+    XMEMSET((byte*)&iv, 0, DES_BLOCK_SIZE);
+    *((byte*)&iv) = 1;
+    DES_ncbc_encrypt(msg, out, 8, &myDes, &iv, DES_ENCRYPT);
+    ExpectIntEQ(XMEMCMP(exp2, out, DES_BLOCK_SIZE), 0);
+    ExpectIntEQ(XMEMCMP(exp2, iv, DES_BLOCK_SIZE), 0);
+
+    DES_set_key(&key, &myDes);
+    XMEMSET((byte*)&iv, 0, DES_BLOCK_SIZE);
+    *((byte*)&iv) = 1;
+    DES_ncbc_encrypt(out, pln, 8, &myDes, &iv, DES_DECRYPT);
+    ExpectIntEQ(XMEMCMP(msg, pln, 8), 0);
+    ExpectIntEQ(XMEMCMP(exp2, iv, DES_BLOCK_SIZE), 0);
+#endif
+    return EXPECT_RESULT();
+}
+
+int test_wolfSSL_DES_ecb_encrypt(void)
+{
+    EXPECT_DECLS;
+#if defined(OPENSSL_EXTRA) && !defined(NO_DES3) && defined(WOLFSSL_DES_ECB)
+    WOLFSSL_DES_cblock input1, input2, output1, output2, back1, back2;
+    WOLFSSL_DES_key_schedule key;
+
+    XMEMCPY(key, "12345678", sizeof(WOLFSSL_DES_key_schedule));
+    XMEMCPY(input1, "Iamhuman", sizeof(WOLFSSL_DES_cblock));
+    XMEMCPY(input2, "Whoisit?", sizeof(WOLFSSL_DES_cblock));
+    XMEMSET(output1, 0, sizeof(WOLFSSL_DES_cblock));
+    XMEMSET(output2, 0, sizeof(WOLFSSL_DES_cblock));
+    XMEMSET(back1, 0, sizeof(WOLFSSL_DES_cblock));
+    XMEMSET(back2, 0, sizeof(WOLFSSL_DES_cblock));
+
+    wolfSSL_DES_ecb_encrypt(NULL, NULL, NULL, DES_ENCRYPT);
+    wolfSSL_DES_ecb_encrypt(&input1, NULL, NULL, DES_ENCRYPT);
+    wolfSSL_DES_ecb_encrypt(NULL, &output1, NULL, DES_ENCRYPT);
+    wolfSSL_DES_ecb_encrypt(NULL, NULL, &key, DES_ENCRYPT);
+    wolfSSL_DES_ecb_encrypt(&input1, &output1, NULL, DES_ENCRYPT);
+    wolfSSL_DES_ecb_encrypt(&input1, NULL, &key, DES_ENCRYPT);
+    wolfSSL_DES_ecb_encrypt(NULL, &output1, &key, DES_ENCRYPT);
+
+    /* Encrypt messages */
+    wolfSSL_DES_ecb_encrypt(&input1, &output1, &key, DES_ENCRYPT);
+    wolfSSL_DES_ecb_encrypt(&input2, &output2, &key, DES_ENCRYPT);
+
+    {
+        /* Decrypt messages */
+        int ret1 = 0;
+        int ret2 = 0;
+        wolfSSL_DES_ecb_encrypt(&output1, &back1, &key, DES_DECRYPT);
+        ExpectIntEQ(ret1 = XMEMCMP((unsigned char *)back1,
+            (unsigned char *)input1, sizeof(WOLFSSL_DES_cblock)), 0);
+        wolfSSL_DES_ecb_encrypt(&output2, &back2, &key, DES_DECRYPT);
+        ExpectIntEQ(ret2 = XMEMCMP((unsigned char *)back2,
+            (unsigned char *)input2, sizeof(WOLFSSL_DES_cblock)), 0);
+    }
+#endif
+    return EXPECT_RESULT();
+}
+
+int test_wolfSSL_DES_ede3_cbc_encrypt(void)
+{
+    EXPECT_DECLS;
+#if defined(OPENSSL_EXTRA) && !defined(NO_DES3)
+    unsigned char input1[8], input2[8];
+    unsigned char output1[8], output2[8];
+    unsigned char back1[8], back2[8];
+    WOLFSSL_DES_cblock iv1, iv2;
+    WOLFSSL_DES_key_schedule key1, key2, key3;
+    int i;
+
+    XMEMCPY(key1, "12345678", sizeof(WOLFSSL_DES_key_schedule));
+    XMEMCPY(key2, "23456781", sizeof(WOLFSSL_DES_key_schedule));
+    XMEMCPY(key3, "34567823", sizeof(WOLFSSL_DES_key_schedule));
+    XMEMCPY(input1, "Iamhuman", sizeof(input1));
+    XMEMCPY(input2, "Whoisit?", sizeof(input2));
+
+    XMEMSET(output1, 0, sizeof(output1));
+    XMEMSET(output2, 0, sizeof(output2));
+    XMEMSET(back1, 0, sizeof(back1));
+    XMEMSET(back2, 0, sizeof(back2));
+
+    XMEMCPY(iv1, "87654321", sizeof(WOLFSSL_DES_cblock));
+    XMEMCPY(iv2, "98765432", sizeof(WOLFSSL_DES_cblock));
+    /* Encrypt messages */
+    wolfSSL_DES_ede3_cbc_encrypt(input1, output1, 8, &key1, &key2, &key3, &iv1,
+        DES_ENCRYPT);
+    wolfSSL_DES_ede3_cbc_encrypt(input2, output2, 8, &key1, &key2, &key3, &iv2,
+        DES_ENCRYPT);
+
+    {
+        XMEMCPY(iv1, "87654321", sizeof(WOLFSSL_DES_cblock));
+        XMEMCPY(iv2, "98765432", sizeof(WOLFSSL_DES_cblock));
+        /* Decrypt messages */
+        wolfSSL_DES_ede3_cbc_encrypt(output1, back1, 8, &key1, &key2, &key3,
+            &iv1, DES_DECRYPT);
+        ExpectIntEQ(XMEMCMP(back1, input1, sizeof(input1)), 0);
+        wolfSSL_DES_ede3_cbc_encrypt(output2, back2, 8, &key1, &key2, &key3,
+            &iv2, DES_DECRYPT);
+        ExpectIntEQ(XMEMCMP(back2, input2, sizeof(input2)), 0);
+    }
+
+    for (i = 0; i < 8; i++) {
+        XMEMSET(output1, 0, sizeof(output1));
+        XMEMSET(output2, 0, sizeof(output2));
+        XMEMSET(back1, 0, sizeof(back1));
+        XMEMSET(back2, 0, sizeof(back2));
+
+        XMEMCPY(iv1, "87654321", sizeof(WOLFSSL_DES_cblock));
+        XMEMCPY(iv2, "98765432", sizeof(WOLFSSL_DES_cblock));
+        /* Encrypt partial messages */
+        wolfSSL_DES_ede3_cbc_encrypt(input1, output1, i, &key1, &key2, &key3,
+            &iv1, DES_ENCRYPT);
+        wolfSSL_DES_ede3_cbc_encrypt(input2, output2, i, &key1, &key2, &key3,
+            &iv2, DES_ENCRYPT);
+
+        {
+            XMEMCPY(iv1, "87654321", sizeof(WOLFSSL_DES_cblock));
+            XMEMCPY(iv2, "98765432", sizeof(WOLFSSL_DES_cblock));
+            /* Decrypt messages */
+            wolfSSL_DES_ede3_cbc_encrypt(output1, back1, i, &key1, &key2,
+                &key3, &iv1, DES_DECRYPT);
+            ExpectIntEQ(XMEMCMP(back1, input1, i), 0);
+            wolfSSL_DES_ede3_cbc_encrypt(output2, back2, i, &key1, &key2,
+                &key3, &iv2, DES_DECRYPT);
+            ExpectIntEQ(XMEMCMP(back2, input2, i), 0);
+        }
+    }
+#endif
+    return EXPECT_RESULT();
+}
+
+int test_wolfSSL_AES_encrypt(void)
+{
+    EXPECT_DECLS;
+#if defined(OPENSSL_EXTRA) && !defined(NO_AES) && defined(HAVE_AES_ECB) && \
+    defined(WOLFSSL_AES_256) && !defined(WOLFSSL_NO_OPENSSL_AES_LOW_LEVEL_API)
+    AES_KEY enc;
+    AES_KEY dec;
+    const byte msg[] = {
+        0x6b, 0xc1, 0xbe, 0xe2, 0x2e, 0x40, 0x9f, 0x96,
+        0xe9, 0x3d, 0x7e, 0x11, 0x73, 0x93, 0x17, 0x2a
+    };
+    const byte exp[] = {
+        0xf3, 0xee, 0xd1, 0xbd, 0xb5, 0xd2, 0xa0, 0x3c,
+        0x06, 0x4b, 0x5a, 0x7e, 0x3d, 0xb1, 0x81, 0xf8,
+    };
+    const byte key[] = {
+        0x60, 0x3d, 0xeb, 0x10, 0x15, 0xca, 0x71, 0xbe,
+        0x2b, 0x73, 0xae, 0xf0, 0x85, 0x7d, 0x77, 0x81,
+        0x1f, 0x35, 0x2c, 0x07, 0x3b, 0x61, 0x08, 0xd7,
+        0x2d, 0x98, 0x10, 0xa3, 0x09, 0x14, 0xdf, 0xf4
+    };
+    byte eout[sizeof(msg)];
+    byte dout[sizeof(msg)];
+
+    ExpectIntEQ(AES_set_encrypt_key(key, sizeof(key)*8, &enc), 0);
+    ExpectIntEQ(AES_set_decrypt_key(key, sizeof(key)*8, &dec), 0);
+
+    wolfSSL_AES_encrypt(NULL, NULL, NULL);
+    wolfSSL_AES_encrypt(msg, NULL, NULL);
+    wolfSSL_AES_encrypt(NULL, eout, NULL);
+    wolfSSL_AES_encrypt(NULL, NULL, &enc);
+    wolfSSL_AES_encrypt(msg, eout, NULL);
+    wolfSSL_AES_encrypt(msg, NULL, &enc);
+    wolfSSL_AES_encrypt(NULL, eout, &enc);
+
+    wolfSSL_AES_decrypt(NULL, NULL, NULL);
+    wolfSSL_AES_decrypt(eout, NULL, NULL);
+    wolfSSL_AES_decrypt(NULL, dout, NULL);
+    wolfSSL_AES_decrypt(NULL, NULL, &dec);
+    wolfSSL_AES_decrypt(eout, dout, NULL);
+    wolfSSL_AES_decrypt(eout, NULL, &dec);
+    wolfSSL_AES_decrypt(NULL, dout, &dec);
+
+    wolfSSL_AES_encrypt(msg, eout, &enc);
+    ExpectIntEQ(XMEMCMP(eout, exp, AES_BLOCK_SIZE), 0);
+    wolfSSL_AES_decrypt(eout, dout, &dec);
+    ExpectIntEQ(XMEMCMP(dout, msg, AES_BLOCK_SIZE), 0);
+#endif
+    return EXPECT_RESULT();
+}
+
+int test_wolfSSL_AES_ecb_encrypt(void)
+{
+    EXPECT_DECLS;
+#if defined(OPENSSL_EXTRA) && !defined(NO_AES) && defined(HAVE_AES_ECB) && \
+    defined(WOLFSSL_AES_256) && !defined(WOLFSSL_NO_OPENSSL_AES_LOW_LEVEL_API)
+    AES_KEY aes;
+    const byte msg[] =
+    {
+      0x6b,0xc1,0xbe,0xe2,0x2e,0x40,0x9f,0x96,
+      0xe9,0x3d,0x7e,0x11,0x73,0x93,0x17,0x2a
+    };
+
+    const byte verify[] =
+    {
+        0xf3,0xee,0xd1,0xbd,0xb5,0xd2,0xa0,0x3c,
+        0x06,0x4b,0x5a,0x7e,0x3d,0xb1,0x81,0xf8
+    };
+
+    const byte key[] =
+    {
+      0x60,0x3d,0xeb,0x10,0x15,0xca,0x71,0xbe,
+      0x2b,0x73,0xae,0xf0,0x85,0x7d,0x77,0x81,
+      0x1f,0x35,0x2c,0x07,0x3b,0x61,0x08,0xd7,
+      0x2d,0x98,0x10,0xa3,0x09,0x14,0xdf,0xf4
+    };
+
+
+    byte out[AES_BLOCK_SIZE];
+
+    ExpectIntEQ(AES_set_encrypt_key(key, sizeof(key)*8, &aes), 0);
+    XMEMSET(out, 0, AES_BLOCK_SIZE);
+    AES_ecb_encrypt(msg, out, &aes, AES_ENCRYPT);
+    ExpectIntEQ(XMEMCMP(out, verify, AES_BLOCK_SIZE), 0);
+
+#ifdef HAVE_AES_DECRYPT
+    ExpectIntEQ(AES_set_decrypt_key(key, sizeof(key)*8, &aes), 0);
+    XMEMSET(out, 0, AES_BLOCK_SIZE);
+    AES_ecb_encrypt(verify, out, &aes, AES_DECRYPT);
+    ExpectIntEQ(XMEMCMP(out, msg, AES_BLOCK_SIZE), 0);
+#endif
+
+    /* test bad arguments */
+    AES_ecb_encrypt(NULL, out, &aes, AES_DECRYPT);
+    AES_ecb_encrypt(verify, NULL, &aes, AES_DECRYPT);
+    AES_ecb_encrypt(verify, out, NULL, AES_DECRYPT);
+#endif
+    return EXPECT_RESULT();
+}
+
+int test_wolfSSL_AES_cbc_encrypt(void)
+{
+    EXPECT_DECLS;
+#if !defined(NO_AES) && defined(HAVE_AES_CBC) && defined(OPENSSL_EXTRA) && \
+        !defined(WOLFSSL_NO_OPENSSL_AES_LOW_LEVEL_API)
+    AES_KEY aes;
+    AES_KEY* aesN = NULL;
+    size_t len = 0;
+    size_t lenB = 0;
+    int keySz0 = 0;
+    int keySzN = -1;
+    byte out[AES_BLOCK_SIZE] = {0};
+    byte* outN = NULL;
+
+    /* Test vectors retrieved from:
+     *   <begin URL>
+     *       https://csrc.nist.gov/
+     *       CSRC/media/Projects/Cryptographic-Algorithm-Validation-Program/
+     *       documents/aes/KAT_AES.zip
+     *   </end URL>
+     */
+    const byte* pt128N  = NULL;
+    byte* key128N       = NULL;
+    byte* iv128N        = NULL;
+    byte iv128tmp[AES_BLOCK_SIZE] = {0};
+
+    const byte pt128[]  = { 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
+                            0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00 };
+
+    const byte ct128[]  = { 0x87,0x85,0xb1,0xa7,0x5b,0x0f,0x3b,0xd9,
+                            0x58,0xdc,0xd0,0xe2,0x93,0x18,0xc5,0x21 };
+
+    const byte iv128[]  = { 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
+                            0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00 };
+
+    byte key128[]       = { 0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,
+                            0xff,0xff,0xf0,0x00,0x00,0x00,0x00,0x00 };
+
+
+    len = sizeof(pt128);
+
+    #define STRESS_T(a, b, c, d, e, f, g, h, i) \
+            wolfSSL_AES_cbc_encrypt(a, b, c, d, e, f); \
+            ExpectIntNE(XMEMCMP(b, g, h), i)
+
+    #define RESET_IV(x, y) XMEMCPY(x, y, AES_BLOCK_SIZE)
+
+    /* Stressing wolfSSL_AES_cbc_encrypt() */
+    STRESS_T(pt128N, out, len, &aes, iv128tmp, 1, ct128, AES_BLOCK_SIZE, 0);
+    STRESS_T(pt128, out, len, &aes, iv128N, 1, ct128, AES_BLOCK_SIZE, 0);
+
+    wolfSSL_AES_cbc_encrypt(pt128, outN, len, &aes, iv128tmp, AES_ENCRYPT);
+    ExpectIntNE(XMEMCMP(out, ct128, AES_BLOCK_SIZE), 0);
+    wolfSSL_AES_cbc_encrypt(pt128, out, len, aesN, iv128tmp, AES_ENCRYPT);
+    ExpectIntNE(XMEMCMP(out, ct128, AES_BLOCK_SIZE), 0);
+
+    STRESS_T(pt128, out, lenB, &aes, iv128tmp, 1, ct128, AES_BLOCK_SIZE, 0);
+
+    /* Stressing wolfSSL_AES_set_encrypt_key */
+    ExpectIntNE(wolfSSL_AES_set_encrypt_key(key128N, sizeof(key128)*8, &aes),0);
+    ExpectIntNE(wolfSSL_AES_set_encrypt_key(key128, sizeof(key128)*8, aesN),0);
+    ExpectIntNE(wolfSSL_AES_set_encrypt_key(key128, keySz0, &aes), 0);
+    ExpectIntNE(wolfSSL_AES_set_encrypt_key(key128, keySzN, &aes), 0);
+
+    /* Stressing wolfSSL_AES_set_decrypt_key */
+    ExpectIntNE(wolfSSL_AES_set_decrypt_key(key128N, sizeof(key128)*8, &aes),0);
+    ExpectIntNE(wolfSSL_AES_set_decrypt_key(key128N, sizeof(key128)*8, aesN),0);
+    ExpectIntNE(wolfSSL_AES_set_decrypt_key(key128, keySz0, &aes), 0);
+    ExpectIntNE(wolfSSL_AES_set_decrypt_key(key128, keySzN, &aes), 0);
+
+  #ifdef WOLFSSL_AES_128
+
+    /* wolfSSL_AES_cbc_encrypt() 128-bit */
+    XMEMSET(out, 0, AES_BLOCK_SIZE);
+    RESET_IV(iv128tmp, iv128);
+
+    ExpectIntEQ(wolfSSL_AES_set_encrypt_key(key128, sizeof(key128)*8, &aes), 0);
+    wolfSSL_AES_cbc_encrypt(pt128, out, len, &aes, iv128tmp, AES_ENCRYPT);
+    ExpectIntEQ(XMEMCMP(out, ct128, AES_BLOCK_SIZE), 0);
+    wc_AesFree((Aes*)&aes);
+
+    #ifdef HAVE_AES_DECRYPT
+
+    /* wolfSSL_AES_cbc_encrypt() 128-bit in decrypt mode */
+    XMEMSET(out, 0, AES_BLOCK_SIZE);
+    RESET_IV(iv128tmp, iv128);
+    len = sizeof(ct128);
+
+    ExpectIntEQ(wolfSSL_AES_set_decrypt_key(key128, sizeof(key128)*8, &aes), 0);
+    wolfSSL_AES_cbc_encrypt(ct128, out, len, &aes, iv128tmp, AES_DECRYPT);
+    ExpectIntEQ(XMEMCMP(out, pt128, AES_BLOCK_SIZE), 0);
+    wc_AesFree((Aes*)&aes);
+
+    #endif
+
+  #endif /* WOLFSSL_AES_128 */
+  #ifdef WOLFSSL_AES_192
+  {
+    /* Test vectors from NIST Special Publication 800-38A, 2001 Edition
+     * Appendix F.2.3  */
+
+    byte iv192tmp[AES_BLOCK_SIZE] = {0};
+
+    const byte pt192[]  = { 0x6b,0xc1,0xbe,0xe2,0x2e,0x40,0x9f,0x96,
+                            0xe9,0x3d,0x7e,0x11,0x73,0x93,0x17,0x2a };
+
+    const byte ct192[]  = { 0x4f,0x02,0x1d,0xb2,0x43,0xbc,0x63,0x3d,
+                            0x71,0x78,0x18,0x3a,0x9f,0xa0,0x71,0xe8 };
+
+    const byte iv192[]  = { 0x00,0x01,0x02,0x03,0x04,0x05,0x06,0x07,
+                            0x08,0x09,0x0A,0x0B,0x0C,0x0D,0x0E,0x0F };
+
+    byte key192[]       = { 0x8e,0x73,0xb0,0xf7,0xda,0x0e,0x64,0x52,
+                            0xc8,0x10,0xf3,0x2b,0x80,0x90,0x79,0xe5,
+                            0x62,0xf8,0xea,0xd2,0x52,0x2c,0x6b,0x7b };
+
+    len = sizeof(pt192);
+
+    /* wolfSSL_AES_cbc_encrypt() 192-bit */
+    XMEMSET(out, 0, AES_BLOCK_SIZE);
+    RESET_IV(iv192tmp, iv192);
+
+    ExpectIntEQ(wolfSSL_AES_set_encrypt_key(key192, sizeof(key192)*8, &aes), 0);
+    wolfSSL_AES_cbc_encrypt(pt192, out, len, &aes, iv192tmp, AES_ENCRYPT);
+    ExpectIntEQ(XMEMCMP(out, ct192, AES_BLOCK_SIZE), 0);
+    wc_AesFree((Aes*)&aes);
+
+    #ifdef HAVE_AES_DECRYPT
+
+    /* wolfSSL_AES_cbc_encrypt() 192-bit in decrypt mode */
+    len = sizeof(ct192);
+    RESET_IV(iv192tmp, iv192);
+    XMEMSET(out, 0, AES_BLOCK_SIZE);
+
+    ExpectIntEQ(wolfSSL_AES_set_decrypt_key(key192, sizeof(key192)*8, &aes), 0);
+    wolfSSL_AES_cbc_encrypt(ct192, out, len, &aes, iv192tmp, AES_DECRYPT);
+    ExpectIntEQ(XMEMCMP(out, pt192, AES_BLOCK_SIZE), 0);
+    wc_AesFree((Aes*)&aes);
+
+    #endif
+  }
+  #endif /* WOLFSSL_AES_192 */
+  #ifdef WOLFSSL_AES_256
+  {
+    /* Test vectors from NIST Special Publication 800-38A, 2001 Edition,
+     * Appendix F.2.5  */
+    byte iv256tmp[AES_BLOCK_SIZE] = {0};
+
+    const byte pt256[]  = { 0x6b,0xc1,0xbe,0xe2,0x2e,0x40,0x9f,0x96,
+                            0xe9,0x3d,0x7e,0x11,0x73,0x93,0x17,0x2a };
+
+    const byte ct256[]  = { 0xf5,0x8c,0x4c,0x04,0xd6,0xe5,0xf1,0xba,
+                            0x77,0x9e,0xab,0xfb,0x5f,0x7b,0xfb,0xd6 };
+
+    const byte iv256[]  = { 0x00,0x01,0x02,0x03,0x04,0x05,0x06,0x07,
+                            0x08,0x09,0x0A,0x0B,0x0C,0x0D,0x0E,0x0F };
+
+    byte key256[]       = { 0x60,0x3d,0xeb,0x10,0x15,0xca,0x71,0xbe,
+                            0x2b,0x73,0xae,0xf0,0x85,0x7d,0x77,0x81,
+                            0x1f,0x35,0x2c,0x07,0x3b,0x61,0x08,0xd7,
+                            0x2d,0x98,0x10,0xa3,0x09,0x14,0xdf,0xf4 };
+
+
+    len = sizeof(pt256);
+
+    /* wolfSSL_AES_cbc_encrypt() 256-bit */
+    XMEMSET(out, 0, AES_BLOCK_SIZE);
+    RESET_IV(iv256tmp, iv256);
+
+    ExpectIntEQ(wolfSSL_AES_set_encrypt_key(key256, sizeof(key256)*8, &aes), 0);
+    wolfSSL_AES_cbc_encrypt(pt256, out, len, &aes, iv256tmp, AES_ENCRYPT);
+    ExpectIntEQ(XMEMCMP(out, ct256, AES_BLOCK_SIZE), 0);
+    wc_AesFree((Aes*)&aes);
+
+    #ifdef HAVE_AES_DECRYPT
+
+    /* wolfSSL_AES_cbc_encrypt() 256-bit in decrypt mode */
+    len = sizeof(ct256);
+    RESET_IV(iv256tmp, iv256);
+    XMEMSET(out, 0, AES_BLOCK_SIZE);
+
+    ExpectIntEQ(wolfSSL_AES_set_decrypt_key(key256, sizeof(key256)*8, &aes), 0);
+    wolfSSL_AES_cbc_encrypt(ct256, out, len, &aes, iv256tmp, AES_DECRYPT);
+    ExpectIntEQ(XMEMCMP(out, pt256, AES_BLOCK_SIZE), 0);
+    wc_AesFree((Aes*)&aes);
+
+    #endif
+
+    #if defined(HAVE_AES_KEYWRAP) && !defined(HAVE_FIPS) && \
+        !defined(HAVE_SELFTEST)
+    {
+    byte wrapCipher[sizeof(key256) + KEYWRAP_BLOCK_SIZE] = { 0 };
+    byte wrapPlain[sizeof(key256)] = { 0 };
+    byte wrapIV[KEYWRAP_BLOCK_SIZE] = { 0 };
+
+    /* wolfSSL_AES_wrap_key() 256-bit NULL iv */
+    ExpectIntEQ(wolfSSL_AES_set_encrypt_key(key256, sizeof(key256)*8, &aes), 0);
+    ExpectIntEQ(wolfSSL_AES_wrap_key(&aes, NULL, wrapCipher, key256,
+            15), WC_NO_ERR_TRACE(WOLFSSL_FAILURE));
+    ExpectIntEQ(wolfSSL_AES_wrap_key(&aes, NULL, wrapCipher, key256,
+            sizeof(key256)), sizeof(wrapCipher));
+    wc_AesFree((Aes*)&aes);
+
+    /* wolfSSL_AES_unwrap_key() 256-bit NULL iv */
+    ExpectIntEQ(wolfSSL_AES_set_decrypt_key(key256, sizeof(key256)*8, &aes), 0);
+    ExpectIntEQ(wolfSSL_AES_unwrap_key(&aes, NULL, wrapPlain, wrapCipher,
+            23), WC_NO_ERR_TRACE(WOLFSSL_FAILURE));
+    ExpectIntEQ(wolfSSL_AES_unwrap_key(&aes, NULL, wrapPlain, wrapCipher,
+            sizeof(wrapCipher)), sizeof(wrapPlain));
+    ExpectIntEQ(XMEMCMP(wrapPlain, key256, sizeof(key256)), 0);
+    XMEMSET(wrapCipher, 0, sizeof(wrapCipher));
+    XMEMSET(wrapPlain, 0, sizeof(wrapPlain));
+    wc_AesFree((Aes*)&aes);
+
+    /* wolfSSL_AES_wrap_key() 256-bit custom iv */
+    ExpectIntEQ(wolfSSL_AES_set_encrypt_key(key256, sizeof(key256)*8, &aes), 0);
+    ExpectIntEQ(wolfSSL_AES_wrap_key(&aes, wrapIV, wrapCipher, key256,
+            sizeof(key256)), sizeof(wrapCipher));
+    wc_AesFree((Aes*)&aes);
+
+    /* wolfSSL_AES_unwrap_key() 256-bit custom iv */
+    ExpectIntEQ(wolfSSL_AES_set_decrypt_key(key256, sizeof(key256)*8, &aes), 0);
+    ExpectIntEQ(wolfSSL_AES_unwrap_key(&aes, wrapIV, wrapPlain, wrapCipher,
+            sizeof(wrapCipher)), sizeof(wrapPlain));
+    ExpectIntEQ(XMEMCMP(wrapPlain, key256, sizeof(key256)), 0);
+    wc_AesFree((Aes*)&aes);
+
+    ExpectIntEQ(wolfSSL_AES_wrap_key(NULL, NULL, NULL, NULL, 0), 0);
+    ExpectIntEQ(wolfSSL_AES_wrap_key(&aes, NULL, NULL, NULL, 0), 0);
+    ExpectIntEQ(wolfSSL_AES_wrap_key(NULL, wrapIV, NULL, NULL, 0), 0);
+    ExpectIntEQ(wolfSSL_AES_wrap_key(NULL, NULL, wrapCipher, NULL, 0), 0);
+    ExpectIntEQ(wolfSSL_AES_wrap_key(NULL, NULL, NULL, key256, 0), 0);
+    ExpectIntEQ(wolfSSL_AES_wrap_key(NULL, wrapIV, wrapCipher, key256, 0), 0);
+    ExpectIntEQ(wolfSSL_AES_wrap_key(&aes, NULL, wrapCipher, key256, 0), 0);
+    ExpectIntEQ(wolfSSL_AES_wrap_key(&aes, wrapIV, NULL, key256, 0), 0);
+    ExpectIntEQ(wolfSSL_AES_wrap_key(&aes, wrapIV, wrapCipher, NULL, 0), 0);
+
+    ExpectIntEQ(wolfSSL_AES_unwrap_key(NULL, NULL, NULL, NULL, 0), 0);
+    ExpectIntEQ(wolfSSL_AES_unwrap_key(&aes, NULL, NULL, NULL, 0), 0);
+    ExpectIntEQ(wolfSSL_AES_unwrap_key(NULL, wrapIV, NULL, NULL, 0), 0);
+    ExpectIntEQ(wolfSSL_AES_unwrap_key(NULL, NULL, wrapPlain, NULL, 0), 0);
+    ExpectIntEQ(wolfSSL_AES_unwrap_key(NULL, NULL, NULL, wrapCipher, 0), 0);
+    ExpectIntEQ(wolfSSL_AES_unwrap_key(NULL, wrapIV, wrapPlain, wrapCipher, 0),
+        0);
+    ExpectIntEQ(wolfSSL_AES_unwrap_key(&aes, NULL, wrapPlain, wrapCipher, 0),
+        0);
+    ExpectIntEQ(wolfSSL_AES_unwrap_key(&aes, wrapIV, NULL, wrapCipher, 0), 0);
+    ExpectIntEQ(wolfSSL_AES_wrap_key(&aes, wrapIV, wrapPlain, NULL, 0), 0);
+    }
+    #endif /* HAVE_AES_KEYWRAP */
+  }
+  #endif /* WOLFSSL_AES_256 */
+#endif
+    return EXPECT_RESULT();
+}
+
+int test_wolfSSL_AES_cfb128_encrypt(void)
+{
+    EXPECT_DECLS;
+#if defined(OPENSSL_EXTRA) && !defined(NO_AES) && defined(WOLFSSL_AES_CFB) && \
+        !defined(WOLFSSL_NO_OPENSSL_AES_LOW_LEVEL_API)
+    AES_KEY aesEnc;
+    AES_KEY aesDec;
+    const byte msg[] = {
+        0x6b, 0xc1, 0xbe, 0xe2, 0x2e, 0x40, 0x9f, 0x96,
+        0xe9, 0x3d, 0x7e, 0x11, 0x73, 0x93, 0x17, 0x2a
+    };
+    const byte exp[] = {
+        0x2c, 0x4e, 0xc4, 0x58, 0x4b, 0xf3, 0xb3, 0xad,
+        0xd0, 0xe6, 0xf1, 0x80, 0x43, 0x59, 0x54, 0x6b
+    };
+    const byte key[] = {
+        0x60, 0x3d, 0xeb, 0x10, 0x15, 0xca, 0x71, 0xbe,
+        0x2b, 0x73, 0xae, 0xf0, 0x85, 0x7d, 0x77, 0x81
+    };
+    const byte ivData[] = {
+        0x2b, 0x73, 0xae, 0xf0, 0x85, 0x7d, 0x77, 0x81,
+        0x1f, 0x35, 0x2c, 0x07, 0x3b, 0x61, 0x08, 0xd7,
+    };
+    byte out[AES_BLOCK_SIZE];
+    byte iv[AES_BLOCK_SIZE];
+    word32 i;
+    int num;
+
+    ExpectIntEQ(AES_set_encrypt_key(key, sizeof(key)*8, &aesEnc), 0);
+    XMEMCPY(iv, ivData, sizeof(iv));
+    XMEMSET(out, 0, AES_BLOCK_SIZE);
+    AES_cfb128_encrypt(msg, out, sizeof(msg), &aesEnc, iv, NULL, AES_ENCRYPT);
+    ExpectIntEQ(XMEMCMP(out, exp, sizeof(msg)), 0);
+    ExpectIntNE(XMEMCMP(iv, ivData, sizeof(iv)), 0);
+
+#ifdef HAVE_AES_DECRYPT
+    ExpectIntEQ(AES_set_encrypt_key(key, sizeof(key)*8, &aesDec), 0);
+    XMEMCPY(iv, ivData, sizeof(iv));
+    XMEMSET(out, 0, AES_BLOCK_SIZE);
+    AES_cfb128_encrypt(exp, out, sizeof(msg), &aesDec, iv, NULL, AES_DECRYPT);
+    ExpectIntEQ(XMEMCMP(out, msg, sizeof(msg)), 0);
+    ExpectIntNE(XMEMCMP(iv, ivData, sizeof(iv)), 0);
+#endif
+
+    for (i = 0; EXPECT_SUCCESS() && (i <= sizeof(msg)); i++) {
+        ExpectIntEQ(AES_set_encrypt_key(key, sizeof(key)*8, &aesEnc), 0);
+        XMEMCPY(iv, ivData, sizeof(iv));
+        XMEMSET(out, 0, AES_BLOCK_SIZE);
+        AES_cfb128_encrypt(msg, out, i, &aesEnc, iv, &num, AES_ENCRYPT);
+        ExpectIntEQ(num, i % AES_BLOCK_SIZE);
+        ExpectIntEQ(XMEMCMP(out, exp, i), 0);
+        if (i == 0) {
+            ExpectIntEQ(XMEMCMP(iv, ivData, sizeof(iv)), 0);
+        }
+        else {
+            ExpectIntNE(XMEMCMP(iv, ivData, sizeof(iv)), 0);
+        }
+
+    #ifdef HAVE_AES_DECRYPT
+        ExpectIntEQ(AES_set_encrypt_key(key, sizeof(key)*8, &aesDec), 0);
+        XMEMCPY(iv, ivData, sizeof(iv));
+        XMEMSET(out, 0, AES_BLOCK_SIZE);
+        AES_cfb128_encrypt(exp, out, i, &aesDec, iv, &num, AES_DECRYPT);
+        ExpectIntEQ(num, i % AES_BLOCK_SIZE);
+        ExpectIntEQ(XMEMCMP(out, msg, i), 0);
+        if (i == 0) {
+            ExpectIntEQ(XMEMCMP(iv, ivData, sizeof(iv)), 0);
+        }
+        else {
+            ExpectIntNE(XMEMCMP(iv, ivData, sizeof(iv)), 0);
+        }
+    #endif
+    }
+
+    if (EXPECT_SUCCESS()) {
+        /* test bad arguments */
+        AES_cfb128_encrypt(NULL, NULL, 0, NULL, NULL, NULL, AES_DECRYPT);
+        AES_cfb128_encrypt(msg, NULL, 0, NULL, NULL, NULL, AES_DECRYPT);
+        AES_cfb128_encrypt(NULL, out, 0, NULL, NULL, NULL, AES_DECRYPT);
+        AES_cfb128_encrypt(NULL, NULL, 0, &aesDec, NULL, NULL, AES_DECRYPT);
+        AES_cfb128_encrypt(NULL, NULL, 0, NULL, iv, NULL, AES_DECRYPT);
+        AES_cfb128_encrypt(NULL, out, 0, &aesDec, iv, NULL, AES_DECRYPT);
+        AES_cfb128_encrypt(msg, NULL, 0, &aesDec, iv, NULL, AES_DECRYPT);
+        AES_cfb128_encrypt(msg, out, 0, NULL, iv, NULL, AES_DECRYPT);
+        AES_cfb128_encrypt(msg, out, 0, &aesDec, NULL, NULL, AES_DECRYPT);
+    }
+#endif
+    return EXPECT_RESULT();
+}
+
+int test_wolfSSL_CRYPTO_cts128(void)
+{
+    EXPECT_DECLS;
+#if !defined(NO_AES) && defined(HAVE_AES_CBC) && defined(OPENSSL_EXTRA) && \
+    defined(HAVE_CTS) && !defined(WOLFSSL_NO_OPENSSL_AES_LOW_LEVEL_API)
+    byte tmp[64]; /* Largest vector size */
+    /* Test vectors taken form RFC3962 Appendix B */
+    const testVector vects[] = {
+        {
+            "\x49\x20\x77\x6f\x75\x6c\x64\x20\x6c\x69\x6b\x65\x20\x74\x68\x65"
+            "\x20",
+            "\xc6\x35\x35\x68\xf2\xbf\x8c\xb4\xd8\xa5\x80\x36\x2d\xa7\xff\x7f"
+            "\x97",
+            17, 17
+        },
+        {
+            "\x49\x20\x77\x6f\x75\x6c\x64\x20\x6c\x69\x6b\x65\x20\x74\x68\x65"
+            "\x20\x47\x65\x6e\x65\x72\x61\x6c\x20\x47\x61\x75\x27\x73\x20",
+            "\xfc\x00\x78\x3e\x0e\xfd\xb2\xc1\xd4\x45\xd4\xc8\xef\xf7\xed\x22"
+            "\x97\x68\x72\x68\xd6\xec\xcc\xc0\xc0\x7b\x25\xe2\x5e\xcf\xe5",
+            31, 31
+        },
+        {
+            "\x49\x20\x77\x6f\x75\x6c\x64\x20\x6c\x69\x6b\x65\x20\x74\x68\x65"
+            "\x20\x47\x65\x6e\x65\x72\x61\x6c\x20\x47\x61\x75\x27\x73\x20\x43",
+            "\x39\x31\x25\x23\xa7\x86\x62\xd5\xbe\x7f\xcb\xcc\x98\xeb\xf5\xa8"
+            "\x97\x68\x72\x68\xd6\xec\xcc\xc0\xc0\x7b\x25\xe2\x5e\xcf\xe5\x84",
+            32, 32
+        },
+        {
+            "\x49\x20\x77\x6f\x75\x6c\x64\x20\x6c\x69\x6b\x65\x20\x74\x68\x65"
+            "\x20\x47\x65\x6e\x65\x72\x61\x6c\x20\x47\x61\x75\x27\x73\x20\x43"
+            "\x68\x69\x63\x6b\x65\x6e\x2c\x20\x70\x6c\x65\x61\x73\x65\x2c",
+            "\x97\x68\x72\x68\xd6\xec\xcc\xc0\xc0\x7b\x25\xe2\x5e\xcf\xe5\x84"
+            "\xb3\xff\xfd\x94\x0c\x16\xa1\x8c\x1b\x55\x49\xd2\xf8\x38\x02\x9e"
+            "\x39\x31\x25\x23\xa7\x86\x62\xd5\xbe\x7f\xcb\xcc\x98\xeb\xf5",
+            47, 47
+        },
+        {
+            "\x49\x20\x77\x6f\x75\x6c\x64\x20\x6c\x69\x6b\x65\x20\x74\x68\x65"
+            "\x20\x47\x65\x6e\x65\x72\x61\x6c\x20\x47\x61\x75\x27\x73\x20\x43"
+            "\x68\x69\x63\x6b\x65\x6e\x2c\x20\x70\x6c\x65\x61\x73\x65\x2c\x20",
+            "\x97\x68\x72\x68\xd6\xec\xcc\xc0\xc0\x7b\x25\xe2\x5e\xcf\xe5\x84"
+            "\x9d\xad\x8b\xbb\x96\xc4\xcd\xc0\x3b\xc1\x03\xe1\xa1\x94\xbb\xd8"
+            "\x39\x31\x25\x23\xa7\x86\x62\xd5\xbe\x7f\xcb\xcc\x98\xeb\xf5\xa8",
+            48, 48
+        },
+        {
+            "\x49\x20\x77\x6f\x75\x6c\x64\x20\x6c\x69\x6b\x65\x20\x74\x68\x65"
+            "\x20\x47\x65\x6e\x65\x72\x61\x6c\x20\x47\x61\x75\x27\x73\x20\x43"
+            "\x68\x69\x63\x6b\x65\x6e\x2c\x20\x70\x6c\x65\x61\x73\x65\x2c\x20"
+            "\x61\x6e\x64\x20\x77\x6f\x6e\x74\x6f\x6e\x20\x73\x6f\x75\x70\x2e",
+            "\x97\x68\x72\x68\xd6\xec\xcc\xc0\xc0\x7b\x25\xe2\x5e\xcf\xe5\x84"
+            "\x39\x31\x25\x23\xa7\x86\x62\xd5\xbe\x7f\xcb\xcc\x98\xeb\xf5\xa8"
+            "\x48\x07\xef\xe8\x36\xee\x89\xa5\x26\x73\x0d\xbc\x2f\x7b\xc8\x40"
+            "\x9d\xad\x8b\xbb\x96\xc4\xcd\xc0\x3b\xc1\x03\xe1\xa1\x94\xbb\xd8",
+            64, 64
+        }
+    };
+    byte keyBytes[AES_128_KEY_SIZE] = {
+        0x63, 0x68, 0x69, 0x63, 0x6b, 0x65, 0x6e, 0x20,
+        0x74, 0x65, 0x72, 0x69, 0x79, 0x61, 0x6b, 0x69
+    };
+    size_t i;
+    AES_KEY encKey;
+    byte iv[AES_IV_SIZE]; /* All-zero IV for all cases */
+
+    XMEMSET(tmp, 0, sizeof(tmp));
+
+    for (i = 0; i < sizeof(vects)/sizeof(vects[0]); i++) {
+        AES_KEY decKey;
+
+        ExpectIntEQ(AES_set_encrypt_key(keyBytes, AES_128_KEY_SIZE * 8,
+            &encKey), 0);
+        ExpectIntEQ(AES_set_decrypt_key(keyBytes, AES_128_KEY_SIZE * 8,
+            &decKey), 0);
+        XMEMSET(iv, 0, sizeof(iv));
+        ExpectIntEQ(CRYPTO_cts128_encrypt((const unsigned char*)vects[i].input,
+            tmp, vects[i].inLen, &encKey, iv, (cbc128_f)AES_cbc_encrypt),
+            vects[i].outLen);
+        ExpectIntEQ(XMEMCMP(tmp, vects[i].output, vects[i].outLen), 0);
+        XMEMSET(iv, 0, sizeof(iv));
+        ExpectIntEQ(CRYPTO_cts128_decrypt((const unsigned char*)vects[i].output,
+            tmp, vects[i].outLen, &decKey, iv, (cbc128_f)AES_cbc_encrypt),
+            vects[i].inLen);
+        ExpectIntEQ(XMEMCMP(tmp, vects[i].input, vects[i].inLen), 0);
+    }
+
+    ExpectIntEQ(CRYPTO_cts128_encrypt(NULL, NULL, 17, NULL, NULL, NULL), 0);
+    ExpectIntEQ(CRYPTO_cts128_encrypt(tmp, NULL, 17, NULL, NULL, NULL), 0);
+    ExpectIntEQ(CRYPTO_cts128_encrypt(NULL, tmp, 17, NULL, NULL, NULL), 0);
+    ExpectIntEQ(CRYPTO_cts128_encrypt(NULL, NULL, 17, &encKey, NULL, NULL), 0);
+    ExpectIntEQ(CRYPTO_cts128_encrypt(NULL, NULL, 17, NULL, iv, NULL), 0);
+    ExpectIntEQ(CRYPTO_cts128_encrypt(NULL, NULL, 17, NULL, NULL,
+        (cbc128_f)AES_cbc_encrypt), 0);
+    ExpectIntEQ(CRYPTO_cts128_encrypt(NULL, tmp, 17, &encKey, iv,
+        (cbc128_f)AES_cbc_encrypt), 0);
+    ExpectIntEQ(CRYPTO_cts128_encrypt(tmp, NULL, 17, &encKey, iv,
+        (cbc128_f)AES_cbc_encrypt), 0);
+    ExpectIntEQ(CRYPTO_cts128_encrypt(tmp, tmp, 17, NULL, iv,
+        (cbc128_f)AES_cbc_encrypt), 0);
+    ExpectIntEQ(CRYPTO_cts128_encrypt(tmp, tmp, 17, &encKey, NULL,
+        (cbc128_f)AES_cbc_encrypt), 0);
+    ExpectIntEQ(CRYPTO_cts128_encrypt(tmp, tmp, 17, &encKey, iv, NULL), 0);
+    /* Length too small. */
+    ExpectIntEQ(CRYPTO_cts128_encrypt(tmp, tmp, 0, &encKey, iv,
+        (cbc128_f)AES_cbc_encrypt), 0);
+
+    ExpectIntEQ(CRYPTO_cts128_decrypt(NULL, NULL, 17, NULL, NULL, NULL), 0);
+    ExpectIntEQ(CRYPTO_cts128_decrypt(tmp, NULL, 17, NULL, NULL, NULL), 0);
+    ExpectIntEQ(CRYPTO_cts128_decrypt(NULL, tmp, 17, NULL, NULL, NULL), 0);
+    ExpectIntEQ(CRYPTO_cts128_decrypt(NULL, NULL, 17, &encKey, NULL, NULL), 0);
+    ExpectIntEQ(CRYPTO_cts128_decrypt(NULL, NULL, 17, NULL, iv, NULL), 0);
+    ExpectIntEQ(CRYPTO_cts128_decrypt(NULL, NULL, 17, NULL, NULL,
+        (cbc128_f)AES_cbc_encrypt), 0);
+    ExpectIntEQ(CRYPTO_cts128_decrypt(NULL, tmp, 17, &encKey, iv,
+        (cbc128_f)AES_cbc_encrypt), 0);
+    ExpectIntEQ(CRYPTO_cts128_decrypt(tmp, NULL, 17, &encKey, iv,
+        (cbc128_f)AES_cbc_encrypt), 0);
+    ExpectIntEQ(CRYPTO_cts128_decrypt(tmp, tmp, 17, NULL, iv,
+        (cbc128_f)AES_cbc_encrypt), 0);
+    ExpectIntEQ(CRYPTO_cts128_decrypt(tmp, tmp, 17, &encKey, NULL,
+        (cbc128_f)AES_cbc_encrypt), 0);
+    ExpectIntEQ(CRYPTO_cts128_decrypt(tmp, tmp, 17, &encKey, iv, NULL), 0);
+    /* Length too small. */
+    ExpectIntEQ(CRYPTO_cts128_decrypt(tmp, tmp, 0, &encKey, iv,
+        (cbc128_f)AES_cbc_encrypt), 0);
+#endif /* !NO_AES && HAVE_AES_CBC && OPENSSL_EXTRA && HAVE_CTS */
+    return EXPECT_RESULT();
+}
+
+int test_wolfSSL_RC4(void)
+{
+    EXPECT_DECLS;
+#if !defined(NO_RC4) && defined(OPENSSL_EXTRA)
+    WOLFSSL_RC4_KEY rc4Key;
+    unsigned char key[] =  {
+        0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08,
+        0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08,
+        0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08,
+        0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08,
+    };
+    unsigned char data[] = {
+        0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
+        0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
+        0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
+        0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
+    };
+    unsigned char enc[sizeof(data)];
+    unsigned char dec[sizeof(data)];
+    word32 i;
+    word32 j;
+
+    wolfSSL_RC4_set_key(NULL, -1, NULL);
+    wolfSSL_RC4_set_key(&rc4Key, -1, NULL);
+    wolfSSL_RC4_set_key(NULL, 0, NULL);
+    wolfSSL_RC4_set_key(NULL, -1, key);
+    wolfSSL_RC4_set_key(&rc4Key, 0, NULL);
+    wolfSSL_RC4_set_key(&rc4Key, -1, key);
+    wolfSSL_RC4_set_key(NULL, 0, key);
+
+    wolfSSL_RC4(NULL, 0, NULL, NULL);
+    wolfSSL_RC4(&rc4Key, 0, NULL, NULL);
+    wolfSSL_RC4(NULL, 0, data, NULL);
+    wolfSSL_RC4(NULL, 0, NULL, enc);
+    wolfSSL_RC4(&rc4Key, 0, data, NULL);
+    wolfSSL_RC4(&rc4Key, 0, NULL, enc);
+    wolfSSL_RC4(NULL, 0, data, enc);
+
+    ExpectIntEQ(1, 1);
+    for (i = 0; EXPECT_SUCCESS() && (i <= sizeof(key)); i++) {
+        for (j = 0; EXPECT_SUCCESS() && (j <= sizeof(data)); j++) {
+            XMEMSET(enc, 0, sizeof(enc));
+            XMEMSET(dec, 0, sizeof(dec));
+
+            /* Encrypt */
+            wolfSSL_RC4_set_key(&rc4Key, (int)i, key);
+            wolfSSL_RC4(&rc4Key, j, data, enc);
+            /* Decrypt */
+            wolfSSL_RC4_set_key(&rc4Key, (int)i, key);
+            wolfSSL_RC4(&rc4Key, j, enc, dec);
+
+            ExpectIntEQ(XMEMCMP(dec, data, j), 0);
+        }
+    }
+#endif
+    return EXPECT_RESULT();
+}
+
diff --git a/tests/api/test_ossl_cipher.h b/tests/api/test_ossl_cipher.h
new file mode 100644
index 000000000..ae691990e
--- /dev/null
+++ b/tests/api/test_ossl_cipher.h
@@ -0,0 +1,51 @@
+/* test_ossl_cipher.h
+ *
+ * Copyright (C) 2006-2025 wolfSSL Inc.
+ *
+ * This file is part of wolfSSL.
+ *
+ * wolfSSL is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * wolfSSL is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA
+ */
+
+#ifndef WOLFCRYPT_TEST_OSSL_CIPHER_H
+#define WOLFCRYPT_TEST_OSSL_CIPHER_H
+
+#include <tests/api/api_decl.h>
+
+int test_wolfSSL_DES(void);
+int test_wolfSSL_DES_ncbc(void);
+int test_wolfSSL_DES_ecb_encrypt(void);
+int test_wolfSSL_DES_ede3_cbc_encrypt(void);
+int test_wolfSSL_AES_encrypt(void);
+int test_wolfSSL_AES_ecb_encrypt(void);
+int test_wolfSSL_AES_cbc_encrypt(void);
+int test_wolfSSL_AES_cfb128_encrypt(void);
+int test_wolfSSL_CRYPTO_cts128(void);
+int test_wolfSSL_RC4(void);
+
+#define TEST_OSSL_CIPHER_DECLS                                          \
+    TEST_DECL_GROUP("ossl_cipher", test_wolfSSL_DES),                   \
+    TEST_DECL_GROUP("ossl_cipher", test_wolfSSL_DES_ncbc),              \
+    TEST_DECL_GROUP("ossl_cipher", test_wolfSSL_DES_ecb_encrypt),       \
+    TEST_DECL_GROUP("ossl_cipher", test_wolfSSL_DES_ede3_cbc_encrypt),  \
+    TEST_DECL_GROUP("ossl_cipher", test_wolfSSL_AES_encrypt),           \
+    TEST_DECL_GROUP("ossl_cipher", test_wolfSSL_AES_ecb_encrypt),       \
+    TEST_DECL_GROUP("ossl_cipher", test_wolfSSL_AES_cbc_encrypt),       \
+    TEST_DECL_GROUP("ossl_cipher", test_wolfSSL_AES_cfb128_encrypt),    \
+    TEST_DECL_GROUP("ossl_cipher", test_wolfSSL_CRYPTO_cts128),         \
+    TEST_DECL_GROUP("ossl_cipher", test_wolfSSL_RC4)
+
+#endif /* WOLFCRYPT_TEST_OSSL_CIPHER_H */
+
diff --git a/tests/api/test_ossl_dgst.c b/tests/api/test_ossl_dgst.c
new file mode 100644
index 000000000..8bc6c467e
--- /dev/null
+++ b/tests/api/test_ossl_dgst.c
@@ -0,0 +1,752 @@
+/* test_ossl_dgst.c
+ *
+ * Copyright (C) 2006-2025 wolfSSL Inc.
+ *
+ * This file is part of wolfSSL.
+ *
+ * wolfSSL is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * wolfSSL is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA
+ */
+
+#include <tests/unit.h>
+
+#ifdef NO_INLINE
+    #include <wolfssl/wolfcrypt/misc.h>
+#else
+    #define WOLFSSL_MISC_INCLUDED
+    #include <wolfcrypt/src/misc.c>
+#endif
+
+#include <wolfssl/openssl/md4.h>
+#include <wolfssl/openssl/md5.h>
+#include <wolfssl/openssl/sha.h>
+#include <wolfssl/openssl/sha3.h>
+#include <wolfssl/wolfcrypt/types.h>
+#include <tests/api/api.h>
+#include <tests/api/test_ossl_dgst.h>
+
+/*******************************************************************************
+ * Digest OpenSSL compatibility API Testing
+ ******************************************************************************/
+
+int test_wolfSSL_MD4(void)
+{
+    EXPECT_DECLS;
+#if defined(OPENSSL_EXTRA) && !defined(NO_MD4)
+    MD4_CTX md4;
+    unsigned char out[16]; /* MD4_DIGEST_SIZE */
+    const char* msg = "12345678901234567890123456789012345678901234567890123456"
+                      "789012345678901234567890";
+    const char* test = "\xe3\x3b\x4d\xdc\x9c\x38\xf2\x19\x9c\x3e\x7b\x16\x4f"
+                       "\xcc\x05\x36";
+    int msgSz = (int)XSTRLEN(msg);
+
+
+    XMEMSET(out, 0, sizeof(out));
+    MD4_Init(&md4);
+    MD4_Update(&md4, (const void*)msg, (word32)msgSz);
+    MD4_Final(out, &md4);
+    ExpectIntEQ(XMEMCMP(out, test, sizeof(out)), 0);
+#endif
+    return EXPECT_RESULT();
+}
+
+int test_wolfSSL_MD5(void)
+{
+    EXPECT_DECLS;
+#if defined(OPENSSL_EXTRA) && !defined(NO_MD5)
+    byte input1[] = "";
+    byte input2[] = "message digest";
+    byte hash[WC_MD5_DIGEST_SIZE];
+    unsigned char output1[] =
+        "\xd4\x1d\x8c\xd9\x8f\x00\xb2\x04\xe9\x80\x09\x98\xec\xf8\x42\x7e";
+    unsigned char output2[] =
+        "\xf9\x6b\x69\x7d\x7c\xb7\x93\x8d\x52\x5a\x2f\x31\xaa\xf1\x61\xd0";
+    WOLFSSL_MD5_CTX md5;
+
+    XMEMSET(&md5, 0, sizeof(md5));
+
+    /* Test cases for illegal parameters */
+    ExpectIntEQ(MD5_Init(NULL), 0);
+    ExpectIntEQ(MD5_Init(&md5), 1);
+    ExpectIntEQ(MD5_Update(NULL, input1, 0), 0);
+    ExpectIntEQ(MD5_Update(NULL, NULL, 0), 0);
+    ExpectIntEQ(MD5_Update(&md5, NULL, 1), 0);
+    ExpectIntEQ(MD5_Final(NULL, &md5), 0);
+    ExpectIntEQ(MD5_Final(hash, NULL), 0);
+    ExpectIntEQ(MD5_Final(NULL, NULL), 0);
+
+    /* Init MD5 CTX */
+    ExpectIntEQ(wolfSSL_MD5_Init(&md5), 1);
+    ExpectIntEQ(wolfSSL_MD5_Update(&md5, input1, XSTRLEN((const char*)&input1)),
+        1);
+    ExpectIntEQ(wolfSSL_MD5_Final(hash, &md5), 1);
+    ExpectIntEQ(XMEMCMP(&hash, output1, WC_MD5_DIGEST_SIZE), 0);
+
+    /* Init MD5 CTX */
+    ExpectIntEQ(wolfSSL_MD5_Init(&md5), 1);
+    ExpectIntEQ(wolfSSL_MD5_Update(&md5, input2,
+        (int)XSTRLEN((const char*)input2)), 1);
+    ExpectIntEQ(wolfSSL_MD5_Final(hash, &md5), 1);
+    ExpectIntEQ(XMEMCMP(&hash, output2, WC_MD5_DIGEST_SIZE), 0);
+#if !defined(NO_OLD_NAMES) && \
+  (!defined(HAVE_FIPS) || (defined(HAVE_FIPS_VERSION) && (HAVE_FIPS_VERSION>2)))
+    ExpectPtrNE(MD5(NULL, 1, (byte*)&hash), &hash);
+    ExpectPtrEq(MD5(input1, 0, (byte*)&hash), &hash);
+    ExpectPtrNE(MD5(input1, 1, NULL), NULL);
+    ExpectPtrNE(MD5(NULL, 0, NULL), NULL);
+
+    ExpectPtrEq(MD5(input1, (int)XSTRLEN((const char*)&input1), (byte*)&hash),
+        &hash);
+    ExpectIntEQ(XMEMCMP(&hash, output1, WC_MD5_DIGEST_SIZE), 0);
+
+    ExpectPtrEq(MD5(input2, (int)XSTRLEN((const char*)&input2), (byte*)&hash),
+        &hash);
+    ExpectIntEQ(XMEMCMP(&hash, output2, WC_MD5_DIGEST_SIZE), 0);
+    {
+        byte data[] = "Data to be hashed.";
+        XMEMSET(hash, 0, WC_MD5_DIGEST_SIZE);
+
+        ExpectNotNull(MD5(data, sizeof(data), NULL));
+        ExpectNotNull(MD5(data, sizeof(data), hash));
+        ExpectNotNull(MD5(NULL, 0, hash));
+        ExpectNull(MD5(NULL, sizeof(data), hash));
+    }
+#endif
+#endif
+    return EXPECT_RESULT();
+}
+
+int test_wolfSSL_MD5_Transform(void)
+{
+    EXPECT_DECLS;
+#if defined(OPENSSL_EXTRA) && !defined(NO_MD5)
+    byte input1[] = "";
+    byte input2[] = "abc";
+    byte local[WC_MD5_BLOCK_SIZE];
+    word32 sLen = 0;
+#ifdef BIG_ENDIAN_ORDER
+    unsigned char output1[] =
+        "\x03\x1f\x1d\xac\x6e\xa5\x8e\xd0\x1f\xab\x67\xb7\x74\x31\x77\x91";
+    unsigned char output2[] =
+        "\xef\xd3\x79\x8d\x67\x17\x25\x90\xa4\x13\x79\xc7\xe3\xa7\x7b\xbc";
+#else
+    unsigned char output1[] =
+        "\xac\x1d\x1f\x03\xd0\x8e\xa5\x6e\xb7\x67\xab\x1f\x91\x77\x31\x74";
+    unsigned char output2[] =
+        "\x8d\x79\xd3\xef\x90\x25\x17\x67\xc7\x79\x13\xa4\xbc\x7b\xa7\xe3";
+#endif
+
+    union {
+        wc_Md5 native;
+        MD5_CTX compat;
+    } md5;
+
+    XMEMSET(&md5.compat, 0, sizeof(md5.compat));
+    XMEMSET(&local, 0, sizeof(local));
+
+    /* sanity check */
+    ExpectIntEQ(MD5_Transform(NULL, NULL), 0);
+    ExpectIntEQ(MD5_Transform(NULL, (const byte*)&input1), 0);
+    ExpectIntEQ(MD5_Transform(&md5.compat, NULL), 0);
+    ExpectIntEQ(wc_Md5Transform(NULL, NULL), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    ExpectIntEQ(wc_Md5Transform(NULL, (const byte*)&input1), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    ExpectIntEQ(wc_Md5Transform(&md5.native, NULL), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+
+    /* Init MD5 CTX */
+    ExpectIntEQ(wolfSSL_MD5_Init(&md5.compat), 1);
+    /* Do Transform*/
+    sLen = (word32)XSTRLEN((char*)input1);
+    XMEMCPY(local, input1, sLen);
+    ExpectIntEQ(MD5_Transform(&md5.compat, (const byte*)&local[0]), 1);
+
+    ExpectIntEQ(XMEMCMP(md5.native.digest, output1, WC_MD5_DIGEST_SIZE), 0);
+
+    /* Init MD5 CTX */
+    ExpectIntEQ(MD5_Init(&md5.compat), 1);
+    sLen = (word32)XSTRLEN((char*)input2);
+    XMEMSET(local, 0, WC_MD5_BLOCK_SIZE);
+    XMEMCPY(local, input2, sLen);
+    ExpectIntEQ(MD5_Transform(&md5.compat, (const byte*)&local[0]), 1);
+    ExpectIntEQ(XMEMCMP(md5.native.digest, output2, WC_MD5_DIGEST_SIZE), 0);
+#endif
+    return EXPECT_RESULT();
+}
+
+int test_wolfSSL_SHA(void)
+{
+    EXPECT_DECLS;
+#if defined(OPENSSL_EXTRA) && !defined(HAVE_SELFTEST)
+    #if !defined(NO_SHA) && defined(NO_OLD_SHA_NAMES) && \
+        (!defined(HAVE_FIPS) || \
+        (defined(HAVE_FIPS_VERSION) && HAVE_FIPS_VERSION > 2))
+    {
+        const unsigned char in[] = "abc";
+        unsigned char expected[] = "\xA9\x99\x3E\x36\x47\x06\x81\x6A\xBA\x3E"
+                                   "\x25\x71\x78\x50\xC2\x6C\x9C\xD0\xD8\x9D";
+        unsigned char out[WC_SHA_DIGEST_SIZE];
+        unsigned char* p = NULL;
+        WOLFSSL_SHA_CTX sha;
+
+        XMEMSET(out, 0, WC_SHA_DIGEST_SIZE);
+        ExpectNotNull(SHA1(in, XSTRLEN((char*)in), out));
+        ExpectIntEQ(XMEMCMP(out, expected, WC_SHA_DIGEST_SIZE), 0);
+
+        /* SHA interface test */
+        XMEMSET(out, 0, WC_SHA_DIGEST_SIZE);
+
+        ExpectNull(SHA(NULL, XSTRLEN((char*)in), out));
+        ExpectNotNull(SHA(in, 0, out));
+        ExpectNotNull(SHA(in, XSTRLEN((char*)in), NULL));
+        ExpectNotNull(SHA(NULL, 0, out));
+        ExpectNotNull(SHA(NULL, 0, NULL));
+
+        ExpectNotNull(SHA(in, XSTRLEN((char*)in), out));
+        ExpectIntEQ(XMEMCMP(out, expected, WC_SHA_DIGEST_SIZE), 0);
+        ExpectNotNull(p = SHA(in, XSTRLEN((char*)in), NULL));
+        ExpectIntEQ(XMEMCMP(p, expected, WC_SHA_DIGEST_SIZE), 0);
+
+        ExpectIntEQ(wolfSSL_SHA_Init(&sha), 1);
+        ExpectIntEQ(wolfSSL_SHA_Update(&sha, in, XSTRLEN((char*)in)), 1);
+        ExpectIntEQ(wolfSSL_SHA_Final(out, &sha), 1);
+        ExpectIntEQ(XMEMCMP(out, expected, WC_SHA_DIGEST_SIZE), 0);
+
+        ExpectIntEQ(wolfSSL_SHA1_Init(&sha), 1);
+        ExpectIntEQ(wolfSSL_SHA1_Update(&sha, in, XSTRLEN((char*)in)), 1);
+        ExpectIntEQ(wolfSSL_SHA1_Final(out, &sha), 1);
+        ExpectIntEQ(XMEMCMP(out, expected, WC_SHA_DIGEST_SIZE), 0);
+    }
+    #endif
+
+    #if !defined(NO_SHA256)
+    {
+        const unsigned char in[] = "abc";
+        unsigned char expected[] =
+            "\xBA\x78\x16\xBF\x8F\x01\xCF\xEA\x41\x41\x40\xDE\x5D\xAE\x22"
+            "\x23\xB0\x03\x61\xA3\x96\x17\x7A\x9C\xB4\x10\xFF\x61\xF2\x00"
+            "\x15\xAD";
+        unsigned char out[WC_SHA256_DIGEST_SIZE];
+        unsigned char* p = NULL;
+
+        XMEMSET(out, 0, WC_SHA256_DIGEST_SIZE);
+#if !defined(NO_OLD_NAMES) && !defined(HAVE_FIPS)
+        ExpectNotNull(SHA256(in, XSTRLEN((char*)in), out));
+#else
+        ExpectNotNull(wolfSSL_SHA256(in, XSTRLEN((char*)in), out));
+#endif
+        ExpectIntEQ(XMEMCMP(out, expected, WC_SHA256_DIGEST_SIZE), 0);
+#if !defined(NO_OLD_NAMES) && !defined(HAVE_FIPS)
+        ExpectNotNull(p = SHA256(in, XSTRLEN((char*)in), NULL));
+#else
+        ExpectNotNull(p = wolfSSL_SHA256(in, XSTRLEN((char*)in), NULL));
+#endif
+        ExpectIntEQ(XMEMCMP(p, expected, WC_SHA256_DIGEST_SIZE), 0);
+    }
+    #endif
+
+    #if defined(WOLFSSL_SHA384)
+    {
+        const unsigned char in[] = "abc";
+        unsigned char expected[] =
+            "\xcb\x00\x75\x3f\x45\xa3\x5e\x8b\xb5\xa0\x3d\x69\x9a\xc6\x50"
+            "\x07\x27\x2c\x32\xab\x0e\xde\xd1\x63\x1a\x8b\x60\x5a\x43\xff"
+            "\x5b\xed\x80\x86\x07\x2b\xa1\xe7\xcc\x23\x58\xba\xec\xa1\x34"
+            "\xc8\x25\xa7";
+        unsigned char out[WC_SHA384_DIGEST_SIZE];
+        unsigned char* p = NULL;
+
+        XMEMSET(out, 0, WC_SHA384_DIGEST_SIZE);
+#if !defined(NO_OLD_NAMES) && !defined(HAVE_FIPS)
+        ExpectNotNull(SHA384(in, XSTRLEN((char*)in), out));
+#else
+        ExpectNotNull(wolfSSL_SHA384(in, XSTRLEN((char*)in), out));
+#endif
+        ExpectIntEQ(XMEMCMP(out, expected, WC_SHA384_DIGEST_SIZE), 0);
+#if !defined(NO_OLD_NAMES) && !defined(HAVE_FIPS)
+        ExpectNotNull(p = SHA384(in, XSTRLEN((char*)in), NULL));
+#else
+        ExpectNotNull(p = wolfSSL_SHA384(in, XSTRLEN((char*)in), NULL));
+#endif
+        ExpectIntEQ(XMEMCMP(p, expected, WC_SHA384_DIGEST_SIZE), 0);
+    }
+    #endif
+
+    #if defined(WOLFSSL_SHA512)
+    {
+        const unsigned char in[] = "abc";
+        unsigned char expected[] =
+            "\xdd\xaf\x35\xa1\x93\x61\x7a\xba\xcc\x41\x73\x49\xae\x20\x41"
+            "\x31\x12\xe6\xfa\x4e\x89\xa9\x7e\xa2\x0a\x9e\xee\xe6\x4b\x55"
+            "\xd3\x9a\x21\x92\x99\x2a\x27\x4f\xc1\xa8\x36\xba\x3c\x23\xa3"
+            "\xfe\xeb\xbd\x45\x4d\x44\x23\x64\x3c\xe8\x0e\x2a\x9a\xc9\x4f"
+            "\xa5\x4c\xa4\x9f";
+        unsigned char out[WC_SHA512_DIGEST_SIZE];
+        unsigned char* p = NULL;
+
+        XMEMSET(out, 0, WC_SHA512_DIGEST_SIZE);
+#if !defined(NO_OLD_NAMES) && !defined(HAVE_FIPS)
+        ExpectNotNull(SHA512(in, XSTRLEN((char*)in), out));
+#else
+        ExpectNotNull(wolfSSL_SHA512(in, XSTRLEN((char*)in), out));
+#endif
+        ExpectIntEQ(XMEMCMP(out, expected, WC_SHA512_DIGEST_SIZE), 0);
+#if !defined(NO_OLD_NAMES) && !defined(HAVE_FIPS)
+        ExpectNotNull(p = SHA512(in, XSTRLEN((char*)in), NULL));
+#else
+        ExpectNotNull(p = wolfSSL_SHA512(in, XSTRLEN((char*)in), NULL));
+#endif
+        ExpectIntEQ(XMEMCMP(p, expected, WC_SHA512_DIGEST_SIZE), 0);
+    }
+    #endif
+#endif
+    return EXPECT_RESULT();
+}
+
+int test_wolfSSL_SHA_Transform(void)
+{
+    EXPECT_DECLS;
+#if defined(OPENSSL_EXTRA) && !defined(NO_SHA)
+#if !defined(HAVE_SELFTEST) && (!defined(HAVE_FIPS) || \
+        (defined(HAVE_FIPS_VERSION) && (HAVE_FIPS_VERSION > 2)))
+    byte input1[] = "";
+    byte input2[] = "abc";
+    byte local[WC_SHA_BLOCK_SIZE];
+    word32 sLen = 0;
+#ifdef BIG_ENDIAN_ORDER
+    unsigned char output1[] =
+        "\x92\xb4\x04\xe5\x56\x58\x8c\xed\x6c\x1a\xcd\x4e\xbf\x05\x3f\x68"
+        "\x09\xf7\x3a\x93";
+    unsigned char output2[] =
+        "\x97\xb2\x74\x8b\x4f\x5b\xbc\xca\x5b\xc0\xe6\xea\x2d\x40\xb4\xa0"
+        "\x7c\x6e\x08\xb8";
+#else
+    unsigned char output1[] =
+        "\xe5\x04\xb4\x92\xed\x8c\x58\x56\x4e\xcd\x1a\x6c\x68\x3f\x05\xbf"
+        "\x93\x3a\xf7\x09";
+    unsigned char output2[] =
+        "\x8b\x74\xb2\x97\xca\xbc\x5b\x4f\xea\xe6\xc0\x5b\xa0\xb4\x40\x2d"
+        "\xb8\x08\x6e\x7c";
+#endif
+
+    union {
+        wc_Sha native;
+        SHA_CTX compat;
+    } sha;
+    union {
+        wc_Sha native;
+        SHA_CTX compat;
+    } sha1;
+
+    XMEMSET(&sha.compat, 0, sizeof(sha.compat));
+    XMEMSET(&local, 0, sizeof(local));
+
+    /* sanity check */
+    ExpectIntEQ(SHA_Transform(NULL, NULL), 0);
+    ExpectIntEQ(SHA_Transform(NULL, (const byte*)&input1), 0);
+    ExpectIntEQ(SHA_Transform(&sha.compat, NULL), 0);
+    ExpectIntEQ(SHA1_Transform(NULL, NULL), 0);
+    ExpectIntEQ(SHA1_Transform(NULL, (const byte*)&input1), 0);
+    ExpectIntEQ(SHA1_Transform(&sha.compat, NULL), 0);
+    ExpectIntEQ(wc_ShaTransform(NULL, NULL), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    ExpectIntEQ(wc_ShaTransform(NULL, (const byte*)&input1), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    ExpectIntEQ(wc_ShaTransform(&sha.native, NULL), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+
+    /* Init SHA CTX */
+    ExpectIntEQ(SHA_Init(&sha.compat), 1);
+    /* Do Transform*/
+    sLen = (word32)XSTRLEN((char*)input1);
+    XMEMCPY(local, input1, sLen);
+    ExpectIntEQ(SHA_Transform(&sha.compat, (const byte*)&local[0]), 1);
+    ExpectIntEQ(XMEMCMP(sha.native.digest, output1, WC_SHA_DIGEST_SIZE), 0);
+    ExpectIntEQ(SHA_Final(local, &sha.compat), 1); /* frees resources */
+
+    /* Init SHA CTX */
+    ExpectIntEQ(SHA_Init(&sha.compat), 1);
+    sLen = (word32)XSTRLEN((char*)input2);
+    XMEMSET(local, 0, WC_SHA_BLOCK_SIZE);
+    XMEMCPY(local, input2, sLen);
+    ExpectIntEQ(SHA_Transform(&sha.compat, (const byte*)&local[0]), 1);
+    ExpectIntEQ(XMEMCMP(sha.native.digest, output2, WC_SHA_DIGEST_SIZE), 0);
+    ExpectIntEQ(SHA_Final(local, &sha.compat), 1); /* frees resources */
+
+    /* SHA1 */
+    XMEMSET(local, 0, WC_SHA_BLOCK_SIZE);
+    /* Init SHA CTX */
+    ExpectIntEQ(SHA1_Init(&sha1.compat), 1);
+    /* Do Transform*/
+    sLen = (word32)XSTRLEN((char*)input1);
+    XMEMCPY(local, input1, sLen);
+    ExpectIntEQ(SHA1_Transform(&sha1.compat, (const byte*)&local[0]), 1);
+    ExpectIntEQ(XMEMCMP(sha1.native.digest, output1, WC_SHA_DIGEST_SIZE), 0);
+    ExpectIntEQ(SHA1_Final(local, &sha1.compat), 1); /* frees resources */
+
+    /* Init SHA CTX */
+    ExpectIntEQ(SHA1_Init(&sha1.compat), 1);
+    sLen = (word32)XSTRLEN((char*)input2);
+    XMEMSET(local, 0, WC_SHA_BLOCK_SIZE);
+    XMEMCPY(local, input2, sLen);
+    ExpectIntEQ(SHA1_Transform(&sha1.compat, (const byte*)&local[0]), 1);
+    ExpectIntEQ(XMEMCMP(sha1.native.digest, output2, WC_SHA_DIGEST_SIZE), 0);
+    ExpectIntEQ(SHA_Final(local, &sha1.compat), 1); /* frees resources */
+#endif
+#endif
+    return EXPECT_RESULT();
+}
+
+int test_wolfSSL_SHA224(void)
+{
+    EXPECT_DECLS;
+#if defined(OPENSSL_EXTRA) && defined(WOLFSSL_SHA224) && \
+    !defined(HAVE_SELFTEST) && (!defined(HAVE_FIPS) || \
+    (defined(HAVE_FIPS_VERSION) && HAVE_FIPS_VERSION > 2))
+    unsigned char input[] =
+        "abcdbcdecdefdefgefghfghighijhijkijkljklmklmnlmnomnopnopq";
+    unsigned char output[] =
+         "\x75\x38\x8b\x16\x51\x27\x76\xcc\x5d\xba\x5d\xa1\xfd\x89\x01"
+         "\x50\xb0\xc6\x45\x5c\xb4\xf5\x8b\x19\x52\x52\x25\x25";
+    size_t inLen;
+    byte hash[WC_SHA224_DIGEST_SIZE];
+    unsigned char* p = NULL;
+
+    inLen  = XSTRLEN((char*)input);
+
+    XMEMSET(hash, 0, WC_SHA224_DIGEST_SIZE);
+
+    ExpectNull(SHA224(NULL, inLen, hash));
+    ExpectNotNull(SHA224(input, 0, hash));
+    ExpectNotNull(SHA224(input, inLen, NULL));
+    ExpectNotNull(SHA224(NULL, 0, hash));
+    ExpectNotNull(SHA224(NULL, 0, NULL));
+
+    ExpectNotNull(SHA224(input, inLen, hash));
+    ExpectIntEQ(XMEMCMP(hash, output, WC_SHA224_DIGEST_SIZE), 0);
+    ExpectNotNull(p = SHA224(input, inLen, NULL));
+    ExpectIntEQ(XMEMCMP(p, output, WC_SHA224_DIGEST_SIZE), 0);
+#endif
+    return EXPECT_RESULT();
+}
+
+int test_wolfSSL_SHA256(void)
+{
+    EXPECT_DECLS;
+#if defined(OPENSSL_EXTRA) && !defined(NO_SHA256) && \
+    defined(NO_OLD_SHA_NAMES) && !defined(HAVE_FIPS) && !defined(HAVE_SELFTEST)
+    unsigned char input[] =
+        "abcdbcdecdefdefgefghfghighijhijkijkljklmklmnlmnomnopnopq";
+    unsigned char output[] =
+        "\x24\x8D\x6A\x61\xD2\x06\x38\xB8\xE5\xC0\x26\x93\x0C\x3E\x60"
+        "\x39\xA3\x3C\xE4\x59\x64\xFF\x21\x67\xF6\xEC\xED\xD4\x19\xDB"
+        "\x06\xC1";
+    size_t inLen;
+    byte hash[WC_SHA256_DIGEST_SIZE];
+
+    inLen  = XSTRLEN((char*)input);
+
+    XMEMSET(hash, 0, WC_SHA256_DIGEST_SIZE);
+    ExpectNotNull(SHA256(input, inLen, hash));
+    ExpectIntEQ(XMEMCMP(hash, output, WC_SHA256_DIGEST_SIZE), 0);
+#endif
+    return EXPECT_RESULT();
+}
+
+int test_wolfSSL_SHA256_Transform(void)
+{
+    EXPECT_DECLS;
+#if defined(OPENSSL_EXTRA) && !defined(NO_SHA256)
+#if !defined(HAVE_SELFTEST) && (!defined(HAVE_FIPS) || \
+        (defined(HAVE_FIPS_VERSION) && (HAVE_FIPS_VERSION > 2))) && \
+        !defined(WOLFSSL_DEVCRYPTO_HASH) && !defined(WOLFSSL_AFALG_HASH) && \
+        !defined(WOLFSSL_KCAPI_HASH)
+    byte input1[] = "";
+    byte input2[] = "abc";
+    byte local[WC_SHA256_BLOCK_SIZE];
+    word32 sLen = 0;
+#ifdef BIG_ENDIAN_ORDER
+    unsigned char output1[] =
+        "\xda\x56\x98\xbe\x17\xb9\xb4\x69\x62\x33\x57\x99\x77\x9f\xbe\xca"
+        "\x8c\xe5\xd4\x91\xc0\xd2\x62\x43\xba\xfe\xf9\xea\x18\x37\xa9\xd8";
+    unsigned char output2[] =
+        "\x1d\x4e\xd4\x67\x67\x7c\x61\x67\x44\x10\x76\x26\x78\x10\xff\xb8"
+        "\x40\xc8\x9a\x39\x73\x16\x60\x8c\xa6\x61\xd6\x05\x91\xf2\x8c\x35";
+#else
+    unsigned char output1[] =
+        "\xbe\x98\x56\xda\x69\xb4\xb9\x17\x99\x57\x33\x62\xca\xbe\x9f\x77"
+        "\x91\xd4\xe5\x8c\x43\x62\xd2\xc0\xea\xf9\xfe\xba\xd8\xa9\x37\x18";
+    unsigned char output2[] =
+        "\x67\xd4\x4e\x1d\x67\x61\x7c\x67\x26\x76\x10\x44\xb8\xff\x10\x78"
+        "\x39\x9a\xc8\x40\x8c\x60\x16\x73\x05\xd6\x61\xa6\x35\x8c\xf2\x91";
+#endif
+    union {
+        wc_Sha256 native;
+        SHA256_CTX compat;
+    } sha256;
+
+    XMEMSET(&sha256.compat, 0, sizeof(sha256.compat));
+    XMEMSET(&local, 0, sizeof(local));
+
+    /* sanity check */
+    ExpectIntEQ(SHA256_Transform(NULL, NULL), 0);
+    ExpectIntEQ(SHA256_Transform(NULL, (const byte*)&input1), 0);
+    ExpectIntEQ(SHA256_Transform(&sha256.compat, NULL), 0);
+    ExpectIntEQ(wc_Sha256Transform(NULL, NULL), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    ExpectIntEQ(wc_Sha256Transform(NULL, (const byte*)&input1), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    ExpectIntEQ(wc_Sha256Transform(&sha256.native, NULL), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+
+    /* Init SHA256 CTX */
+    ExpectIntEQ(SHA256_Init(&sha256.compat), 1);
+    /* Do Transform*/
+    sLen = (word32)XSTRLEN((char*)input1);
+    XMEMCPY(local, input1, sLen);
+    ExpectIntEQ(SHA256_Transform(&sha256.compat, (const byte*)&local[0]), 1);
+    ExpectIntEQ(XMEMCMP(sha256.native.digest, output1, WC_SHA256_DIGEST_SIZE),
+        0);
+    ExpectIntEQ(SHA256_Final(local, &sha256.compat), 1); /* frees resources */
+
+    /* Init SHA256 CTX */
+    ExpectIntEQ(SHA256_Init(&sha256.compat), 1);
+    sLen = (word32)XSTRLEN((char*)input2);
+    XMEMSET(local, 0, WC_SHA256_BLOCK_SIZE);
+    XMEMCPY(local, input2, sLen);
+    ExpectIntEQ(SHA256_Transform(&sha256.compat, (const byte*)&local[0]), 1);
+    ExpectIntEQ(XMEMCMP(sha256.native.digest, output2, WC_SHA256_DIGEST_SIZE),
+        0);
+    ExpectIntEQ(SHA256_Final(local, &sha256.compat), 1); /* frees resources */
+#endif
+#endif
+    return EXPECT_RESULT();
+}
+
+int test_wolfSSL_SHA512_Transform(void)
+{
+    EXPECT_DECLS;
+#if defined(OPENSSL_EXTRA) && defined(WOLFSSL_SHA512)
+#if !defined(HAVE_SELFTEST) && (!defined(HAVE_FIPS) || \
+        (defined(HAVE_FIPS_VERSION) && (HAVE_FIPS_VERSION > 2))) && \
+        !defined(WOLFSSL_KCAPI_HASH)
+    byte input1[] = "";
+    byte input2[] = "abc";
+    byte local[WC_SHA512_BLOCK_SIZE];
+    word32 sLen = 0;
+#ifdef BIG_ENDIAN_ORDER
+    unsigned char output1[] =
+        "\xcf\x78\x81\xd5\x77\x4a\xcb\xe8\x53\x33\x62\xe0\xfb\xc7\x80\x70"
+        "\x02\x67\x63\x9d\x87\x46\x0e\xda\x30\x86\xcb\x40\xe8\x59\x31\xb0"
+        "\x71\x7d\xc9\x52\x88\xa0\x23\xa3\x96\xba\xb2\xc1\x4c\xe0\xb5\xe0"
+        "\x6f\xc4\xfe\x04\xea\xe3\x3e\x0b\x91\xf4\xd8\x0c\xbd\x66\x8b\xee";
+   unsigned char output2[] =
+        "\x11\x10\x93\x4e\xeb\xa0\xcc\x0d\xfd\x33\x43\x9c\xfb\x04\xc8\x21"
+        "\xa9\xb4\x26\x3d\xca\xab\x31\x41\xe2\xc6\xaa\xaf\xe1\x67\xd7\xab"
+        "\x31\x8f\x2e\x54\x2c\xba\x4e\x83\xbe\x88\xec\x9d\x8f\x2b\x38\x98"
+        "\x14\xd2\x4e\x9d\x53\x8b\x5e\x4d\xde\x68\x6c\x69\xaf\x20\x96\xf0";
+#else
+    unsigned char output1[] =
+        "\xe8\xcb\x4a\x77\xd5\x81\x78\xcf\x70\x80\xc7\xfb\xe0\x62\x33\x53"
+        "\xda\x0e\x46\x87\x9d\x63\x67\x02\xb0\x31\x59\xe8\x40\xcb\x86\x30"
+        "\xa3\x23\xa0\x88\x52\xc9\x7d\x71\xe0\xb5\xe0\x4c\xc1\xb2\xba\x96"
+        "\x0b\x3e\xe3\xea\x04\xfe\xc4\x6f\xee\x8b\x66\xbd\x0c\xd8\xf4\x91";
+   unsigned char output2[] =
+        "\x0d\xcc\xa0\xeb\x4e\x93\x10\x11\x21\xc8\x04\xfb\x9c\x43\x33\xfd"
+        "\x41\x31\xab\xca\x3d\x26\xb4\xa9\xab\xd7\x67\xe1\xaf\xaa\xc6\xe2"
+        "\x83\x4e\xba\x2c\x54\x2e\x8f\x31\x98\x38\x2b\x8f\x9d\xec\x88\xbe"
+        "\x4d\x5e\x8b\x53\x9d\x4e\xd2\x14\xf0\x96\x20\xaf\x69\x6c\x68\xde";
+#endif
+    union {
+        wc_Sha512 native;
+        SHA512_CTX compat;
+    } sha512;
+
+    XMEMSET(&sha512.compat, 0, sizeof(sha512.compat));
+    XMEMSET(&local, 0, sizeof(local));
+
+    /* sanity check */
+    ExpectIntEQ(SHA512_Transform(NULL, NULL), 0);
+    ExpectIntEQ(SHA512_Transform(NULL, (const byte*)&input1), 0);
+    ExpectIntEQ(SHA512_Transform(&sha512.compat, NULL), 0);
+    ExpectIntEQ(wc_Sha512Transform(NULL, NULL), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    ExpectIntEQ(wc_Sha512Transform(NULL, (const byte*)&input1), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    ExpectIntEQ(wc_Sha512Transform(&sha512.native, NULL), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+
+    /* Init SHA512 CTX */
+    ExpectIntEQ(wolfSSL_SHA512_Init(&sha512.compat), 1);
+
+    /* Do Transform*/
+    sLen = (word32)XSTRLEN((char*)input1);
+    XMEMCPY(local, input1, sLen);
+    ExpectIntEQ(SHA512_Transform(&sha512.compat, (const byte*)&local[0]), 1);
+    ExpectIntEQ(XMEMCMP(sha512.native.digest, output1,
+                                                    WC_SHA512_DIGEST_SIZE), 0);
+    ExpectIntEQ(SHA512_Final(local, &sha512.compat), 1); /* frees resources */
+
+    /* Init SHA512 CTX */
+    ExpectIntEQ(SHA512_Init(&sha512.compat), 1);
+    sLen = (word32)XSTRLEN((char*)input2);
+    XMEMSET(local, 0, WC_SHA512_BLOCK_SIZE);
+    XMEMCPY(local, input2, sLen);
+    ExpectIntEQ(SHA512_Transform(&sha512.compat, (const byte*)&local[0]), 1);
+    ExpectIntEQ(XMEMCMP(sha512.native.digest, output2,
+                                                    WC_SHA512_DIGEST_SIZE), 0);
+    ExpectIntEQ(SHA512_Final(local, &sha512.compat), 1); /* frees resources */
+
+    (void)input1;
+#endif
+#endif
+    return EXPECT_RESULT();
+}
+
+int test_wolfSSL_SHA512_224_Transform(void)
+{
+    EXPECT_DECLS;
+#if defined(OPENSSL_EXTRA) && defined(WOLFSSL_SHA512) && \
+    !defined(WOLFSSL_NOSHA512_224)
+#if !defined(HAVE_SELFTEST) && (!defined(HAVE_FIPS) || \
+        (defined(HAVE_FIPS_VERSION) && (HAVE_FIPS_VERSION > 2))) && \
+        !defined(WOLFSSL_KCAPI_HASH)
+    byte input1[] = "";
+    byte input2[] = "abc";
+    byte local[WC_SHA512_BLOCK_SIZE];
+    word32 sLen = 0;
+    unsigned char output1[] =
+        "\x94\x24\x66\xd4\x60\x3a\xeb\x23\x1d\xa8\x69\x31\x3c\xd2\xde\x11"
+        "\x48\x0f\x4a\x5a\xdf\x3a\x8d\x87\xcf\xcd\xbf\xa5\x03\x21\x50\xf1"
+        "\x8a\x0d\x0f\x0d\x3c\x07\xba\x52\xe0\xaa\x3c\xbb\xf1\xd3\x3f\xca"
+        "\x12\xa7\x61\xf8\x47\xda\x0d\x1b\x79\xc2\x65\x13\x92\xc1\x9c\xa5";
+   unsigned char output2[] =
+        "\x51\x28\xe7\x0b\xca\x1e\xbc\x5f\xd7\x34\x0b\x48\x30\xd7\xc2\x75"
+        "\x6d\x8d\x48\x2c\x1f\xc7\x9e\x2b\x20\x5e\xbb\x0f\x0e\x4d\xb7\x61"
+        "\x31\x76\x33\xa0\xb4\x3d\x5f\x93\xc1\x73\xac\xf7\x21\xff\x69\x17"
+        "\xce\x66\xe5\x1e\x31\xe7\xf3\x22\x0f\x0b\x34\xd7\x5a\x57\xeb\xbf";
+    union {
+        wc_Sha512 native;
+        SHA512_CTX compat;
+    } sha512;
+
+#ifdef BIG_ENDIAN_ORDER
+    ByteReverseWords64((word64*)output1, (word64*)output1, sizeof(output1));
+    ByteReverseWords64((word64*)output2, (word64*)output2, sizeof(output2));
+#endif
+
+    XMEMSET(&sha512.compat, 0, sizeof(sha512.compat));
+    XMEMSET(&local, 0, sizeof(local));
+
+    /* sanity check */
+    ExpectIntEQ(SHA512_224_Transform(NULL, NULL), 0);
+    ExpectIntEQ(SHA512_224_Transform(NULL, (const byte*)&input1), 0);
+    ExpectIntEQ(SHA512_224_Transform(&sha512.compat, NULL), 0);
+    ExpectIntEQ(wc_Sha512_224Transform(NULL, NULL), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    ExpectIntEQ(wc_Sha512_224Transform(NULL, (const byte*)&input1),
+        WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    ExpectIntEQ(wc_Sha512_224Transform(&sha512.native, NULL), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+
+    /* Init SHA512 CTX */
+    ExpectIntEQ(wolfSSL_SHA512_224_Init(&sha512.compat), 1);
+
+    /* Do Transform*/
+    sLen = (word32)XSTRLEN((char*)input1);
+    XMEMCPY(local, input1, sLen);
+    ExpectIntEQ(SHA512_224_Transform(&sha512.compat, (const byte*)&local[0]),
+        1);
+    ExpectIntEQ(XMEMCMP(sha512.native.digest, output1,
+        WC_SHA512_DIGEST_SIZE), 0);
+    /* frees resources */
+    ExpectIntEQ(SHA512_224_Final(local, &sha512.compat), 1);
+
+    /* Init SHA512 CTX */
+    ExpectIntEQ(SHA512_224_Init(&sha512.compat), 1);
+    sLen = (word32)XSTRLEN((char*)input2);
+    XMEMSET(local, 0, WC_SHA512_BLOCK_SIZE);
+    XMEMCPY(local, input2, sLen);
+    ExpectIntEQ(SHA512_224_Transform(&sha512.compat, (const byte*)&local[0]),
+        1);
+    ExpectIntEQ(XMEMCMP(sha512.native.digest, output2,
+        WC_SHA512_DIGEST_SIZE), 0);
+    /* frees resources */
+    ExpectIntEQ(SHA512_224_Final(local, &sha512.compat), 1);
+#endif
+#endif
+    return EXPECT_RESULT();
+}
+
+int test_wolfSSL_SHA512_256_Transform(void)
+{
+    EXPECT_DECLS;
+#if defined(OPENSSL_EXTRA) && defined(WOLFSSL_SHA512) && \
+    !defined(WOLFSSL_NOSHA512_256)
+#if !defined(HAVE_SELFTEST) && (!defined(HAVE_FIPS) || \
+        (defined(HAVE_FIPS_VERSION) && (HAVE_FIPS_VERSION > 2))) && \
+        !defined(WOLFSSL_KCAPI_HASH)
+    byte input1[] = "";
+    byte input2[] = "abc";
+    byte local[WC_SHA512_BLOCK_SIZE];
+    word32 sLen = 0;
+    unsigned char output1[] =
+        "\xf8\x37\x37\x5a\xd7\x2e\x56\xec\xe2\x51\xa8\x31\x3a\xa0\x63\x2b"
+        "\x7e\x7c\x64\xcc\xd9\xff\x2b\x6b\xeb\xc3\xd4\x4d\x7f\x8a\x3a\xb5"
+        "\x61\x85\x0b\x37\x30\x9f\x3b\x08\x5e\x7b\xd3\xbc\x6d\x00\x61\xc0"
+        "\x65\x9a\xd7\x73\xda\x40\xbe\xc1\xe5\x2f\xc6\x5d\xb7\x9f\xbe\x60";
+   unsigned char output2[] =
+        "\x22\xad\xc0\x30\xee\xd4\x6a\xef\x13\xee\x5a\x95\x8b\x1f\xb7\xb6"
+        "\xb6\xba\xc0\x44\xb8\x18\x3b\xf0\xf6\x4b\x70\x9f\x03\xba\x64\xa1"
+        "\xe1\xe3\x45\x15\x91\x7d\xcb\x0b\x9a\xf0\xd2\x8e\x47\x8b\x37\x78"
+        "\x91\x41\xa6\xc4\xb0\x29\x8f\x8b\xdd\x78\x5c\xf2\x73\x3f\x21\x31";
+    union {
+        wc_Sha512 native;
+        SHA512_CTX compat;
+    } sha512;
+
+#ifdef BIG_ENDIAN_ORDER
+    ByteReverseWords64((word64*)output1, (word64*)output1, sizeof(output1));
+    ByteReverseWords64((word64*)output2, (word64*)output2, sizeof(output2));
+#endif
+
+    XMEMSET(&sha512.compat, 0, sizeof(sha512.compat));
+    XMEMSET(&local, 0, sizeof(local));
+
+    /* sanity check */
+    ExpectIntEQ(SHA512_256_Transform(NULL, NULL), 0);
+    ExpectIntEQ(SHA512_256_Transform(NULL, (const byte*)&input1), 0);
+    ExpectIntEQ(SHA512_256_Transform(&sha512.compat, NULL), 0);
+    ExpectIntEQ(wc_Sha512_256Transform(NULL, NULL), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    ExpectIntEQ(wc_Sha512_256Transform(NULL, (const byte*)&input1),
+        WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    ExpectIntEQ(wc_Sha512_256Transform(&sha512.native, NULL), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+
+    /* Init SHA512 CTX */
+    ExpectIntEQ(wolfSSL_SHA512_256_Init(&sha512.compat), 1);
+
+    /* Do Transform*/
+    sLen = (word32)XSTRLEN((char*)input1);
+    XMEMCPY(local, input1, sLen);
+    ExpectIntEQ(SHA512_256_Transform(&sha512.compat, (const byte*)&local[0]),
+        1);
+    ExpectIntEQ(XMEMCMP(sha512.native.digest, output1,
+        WC_SHA512_DIGEST_SIZE), 0);
+    /* frees resources */
+    ExpectIntEQ(SHA512_256_Final(local, &sha512.compat), 1);
+
+    /* Init SHA512 CTX */
+    ExpectIntEQ(SHA512_256_Init(&sha512.compat), 1);
+    sLen = (word32)XSTRLEN((char*)input2);
+    XMEMSET(local, 0, WC_SHA512_BLOCK_SIZE);
+    XMEMCPY(local, input2, sLen);
+    ExpectIntEQ(SHA512_256_Transform(&sha512.compat, (const byte*)&local[0]),
+        1);
+    ExpectIntEQ(XMEMCMP(sha512.native.digest, output2,
+        WC_SHA512_DIGEST_SIZE), 0);
+    /* frees resources */
+    ExpectIntEQ(SHA512_256_Final(local, &sha512.compat), 1);
+#endif
+#endif
+    return EXPECT_RESULT();
+}
+
diff --git a/tests/api/test_ossl_dgst.h b/tests/api/test_ossl_dgst.h
new file mode 100644
index 000000000..3b77f535a
--- /dev/null
+++ b/tests/api/test_ossl_dgst.h
@@ -0,0 +1,53 @@
+/* test_ossl_dgst.h
+ *
+ * Copyright (C) 2006-2025 wolfSSL Inc.
+ *
+ * This file is part of wolfSSL.
+ *
+ * wolfSSL is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * wolfSSL is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA
+ */
+
+#ifndef WOLFCRYPT_TEST_OSSL_DGST_H
+#define WOLFCRYPT_TEST_OSSL_DGST_H
+
+#include <tests/api/api_decl.h>
+
+int test_wolfSSL_MD4(void);
+int test_wolfSSL_MD5(void);
+int test_wolfSSL_MD5_Transform(void);
+int test_wolfSSL_SHA(void);
+int test_wolfSSL_SHA_Transform(void);
+int test_wolfSSL_SHA224(void);
+int test_wolfSSL_SHA256(void);
+int test_wolfSSL_SHA256_Transform(void);
+int test_wolfSSL_SHA512_Transform(void);
+int test_wolfSSL_SHA512_224_Transform(void);
+int test_wolfSSL_SHA512_256_Transform(void);
+
+#define TEST_OSSL_DIGEST_DECLS                                       \
+    TEST_DECL_GROUP("ossl_dgst", test_wolfSSL_MD4),                  \
+    TEST_DECL_GROUP("ossl_dgst", test_wolfSSL_MD5),                  \
+    TEST_DECL_GROUP("ossl_dgst", test_wolfSSL_MD5_Transform),        \
+    TEST_DECL_GROUP("ossl_dgst", test_wolfSSL_SHA),                  \
+    TEST_DECL_GROUP("ossl_dgst", test_wolfSSL_SHA_Transform),        \
+    TEST_DECL_GROUP("ossl_dgst", test_wolfSSL_SHA224),               \
+    TEST_DECL_GROUP("ossl_dgst", test_wolfSSL_SHA256),               \
+    TEST_DECL_GROUP("ossl_dgst", test_wolfSSL_SHA256_Transform),     \
+    TEST_DECL_GROUP("ossl_dgst", test_wolfSSL_SHA512_Transform),     \
+    TEST_DECL_GROUP("ossl_dgst", test_wolfSSL_SHA512_224_Transform), \
+    TEST_DECL_GROUP("ossl_dgst", test_wolfSSL_SHA512_256_Transform)
+
+#endif /* WOLFCRYPT_TEST_OSSL_DGST_H */
+
diff --git a/tests/api/test_ossl_dh.c b/tests/api/test_ossl_dh.c
new file mode 100644
index 000000000..687155eb9
--- /dev/null
+++ b/tests/api/test_ossl_dh.c
@@ -0,0 +1,1145 @@
+/* test_ossl_dh.c
+ *
+ * Copyright (C) 2006-2025 wolfSSL Inc.
+ *
+ * This file is part of wolfSSL.
+ *
+ * wolfSSL is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * wolfSSL is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA
+ */
+
+#include <tests/unit.h>
+
+#ifdef NO_INLINE
+    #include <wolfssl/wolfcrypt/misc.h>
+#else
+    #define WOLFSSL_MISC_INCLUDED
+    #include <wolfcrypt/src/misc.c>
+#endif
+
+#include <wolfssl/openssl/dh.h>
+#include <wolfssl/openssl/pem.h>
+#include <wolfssl/wolfcrypt/types.h>
+#include <tests/api/api.h>
+#include <tests/api/test_ossl_dh.h>
+
+/*******************************************************************************
+ * DH OpenSSL compatibility API Testing
+ ******************************************************************************/
+
+int test_wolfSSL_DH(void)
+{
+    EXPECT_DECLS;
+#if defined(OPENSSL_EXTRA) && !defined(NO_DH)
+    DH *dh = NULL;
+    BIGNUM* p;
+    BIGNUM* q;
+    BIGNUM* g;
+    BIGNUM* pub = NULL;
+    BIGNUM* priv = NULL;
+#if defined(OPENSSL_ALL)
+#if !defined(HAVE_FIPS) || \
+        (defined(HAVE_FIPS_VERSION) && (HAVE_FIPS_VERSION > 2))
+    FILE* f = NULL;
+    unsigned char buf[268];
+    const unsigned char* pt = buf;
+    long len = 0;
+
+    dh = NULL;
+    XMEMSET(buf, 0, sizeof(buf));
+    /* Test 2048 bit parameters */
+    ExpectTrue((f = XFOPEN("./certs/dh2048.der", "rb")) != XBADFILE);
+    ExpectTrue((len = (long)XFREAD(buf, 1, sizeof(buf), f)) > 0);
+    if (f != XBADFILE)
+        XFCLOSE(f);
+
+    ExpectNotNull(dh = d2i_DHparams(NULL, &pt, len));
+    ExpectNotNull(dh->p);
+    ExpectNotNull(dh->g);
+    ExpectTrue(pt == buf);
+    ExpectIntEQ(DH_generate_key(dh), 1);
+
+    /* first, test for expected successful key agreement. */
+    if (EXPECT_SUCCESS()) {
+        DH *dh2 = NULL;
+        unsigned char buf2[268];
+        int sz1 = 0, sz2 = 0;
+
+        ExpectNotNull(dh2 = d2i_DHparams(NULL, &pt, len));
+        ExpectIntEQ(DH_generate_key(dh2), 1);
+
+        ExpectIntGT(sz1=DH_compute_key(buf, dh2->pub_key, dh), 0);
+        ExpectIntGT(sz2=DH_compute_key(buf2, dh->pub_key, dh2), 0);
+        ExpectIntEQ(sz1, sz2);
+        ExpectIntEQ(XMEMCMP(buf, buf2, (size_t)sz1), 0);
+
+        ExpectIntNE(sz1 = DH_size(dh), 0);
+        ExpectIntEQ(DH_compute_key_padded(buf, dh2->pub_key, dh), sz1);
+        ExpectIntEQ(DH_compute_key_padded(buf2, dh->pub_key, dh2), sz1);
+        ExpectIntEQ(XMEMCMP(buf, buf2, (size_t)sz1), 0);
+
+        if (dh2 != NULL)
+            DH_free(dh2);
+    }
+
+    ExpectIntEQ(DH_generate_key(dh), 1);
+    ExpectIntEQ(DH_compute_key(NULL, NULL, NULL), -1);
+    ExpectNotNull(pub = BN_new());
+    ExpectIntEQ(BN_set_word(pub, 1), 1);
+    ExpectIntEQ(DH_compute_key(buf, NULL, NULL), -1);
+    ExpectIntEQ(DH_compute_key(NULL, pub, NULL), -1);
+    ExpectIntEQ(DH_compute_key(NULL, NULL, dh), -1);
+    ExpectIntEQ(DH_compute_key(buf, pub, NULL), -1);
+    ExpectIntEQ(DH_compute_key(buf, NULL, dh), -1);
+    ExpectIntEQ(DH_compute_key(NULL, pub, dh), -1);
+    ExpectIntEQ(DH_compute_key(buf, pub, dh), -1);
+    BN_free(pub);
+    pub = NULL;
+
+    DH_get0_pqg(dh, (const BIGNUM**)&p,
+                    (const BIGNUM**)&q,
+                    (const BIGNUM**)&g);
+    ExpectPtrEq(p, dh->p);
+    ExpectPtrEq(q, dh->q);
+    ExpectPtrEq(g, dh->g);
+    DH_get0_key(NULL, (const BIGNUM**)&pub, (const BIGNUM**)&priv);
+    DH_get0_key(dh, (const BIGNUM**)&pub, (const BIGNUM**)&priv);
+    ExpectPtrEq(pub, dh->pub_key);
+    ExpectPtrEq(priv, dh->priv_key);
+    DH_get0_key(dh, (const BIGNUM**)&pub, NULL);
+    ExpectPtrEq(pub, dh->pub_key);
+    DH_get0_key(dh, NULL, (const BIGNUM**)&priv);
+    ExpectPtrEq(priv, dh->priv_key);
+    pub = NULL;
+    priv = NULL;
+    ExpectNotNull(pub = BN_new());
+    ExpectNotNull(priv = BN_new());
+    ExpectIntEQ(DH_set0_key(NULL, pub, priv), 0);
+    ExpectIntEQ(DH_set0_key(dh, pub, priv), 1);
+    if (EXPECT_FAIL()) {
+        BN_free(pub);
+        BN_free(priv);
+    }
+    pub = NULL;
+    priv = NULL;
+    ExpectNotNull(pub = BN_new());
+    ExpectIntEQ(DH_set0_key(dh, pub, NULL), 1);
+    if (EXPECT_FAIL()) {
+        BN_free(pub);
+    }
+    ExpectNotNull(priv = BN_new());
+    ExpectIntEQ(DH_set0_key(dh, NULL, priv), 1);
+    if (EXPECT_FAIL()) {
+        BN_free(priv);
+    }
+    ExpectPtrEq(pub, dh->pub_key);
+    ExpectPtrEq(priv, dh->priv_key);
+    pub = NULL;
+    priv = NULL;
+
+    DH_free(dh);
+    dh = NULL;
+
+    ExpectNotNull(dh = DH_new());
+    p = NULL;
+    ExpectNotNull(p = BN_new());
+    ExpectIntEQ(BN_set_word(p, 1), 1);
+    ExpectIntEQ(DH_compute_key(buf, p, dh), -1);
+    ExpectNotNull(pub = BN_new());
+    ExpectNotNull(priv = BN_new());
+    ExpectIntEQ(DH_set0_key(dh, pub, priv), 1);
+    if (EXPECT_FAIL()) {
+        BN_free(pub);
+        BN_free(priv);
+    }
+    pub = NULL;
+    priv = NULL;
+    ExpectIntEQ(DH_compute_key(buf, p, dh), -1);
+    BN_free(p);
+    p = NULL;
+    DH_free(dh);
+    dh = NULL;
+
+#ifdef WOLFSSL_KEY_GEN
+    ExpectNotNull(dh = DH_generate_parameters(2048, 2, NULL, NULL));
+    ExpectIntEQ(wolfSSL_DH_generate_parameters_ex(NULL, 2048, 2, NULL), 0);
+    DH_free(dh);
+    dh = NULL;
+#endif
+#endif /* !HAVE_FIPS || (HAVE_FIPS_VERSION && HAVE_FIPS_VERSION > 2) */
+#endif /* OPENSSL_ALL */
+
+    (void)dh;
+    (void)p;
+    (void)q;
+    (void)g;
+    (void)pub;
+    (void)priv;
+
+    ExpectNotNull(dh = wolfSSL_DH_new());
+
+    /* invalid parameters test */
+    DH_get0_pqg(NULL, (const BIGNUM**)&p,
+                      (const BIGNUM**)&q,
+                      (const BIGNUM**)&g);
+
+    DH_get0_pqg(dh, NULL,
+                    (const BIGNUM**)&q,
+                    (const BIGNUM**)&g);
+
+    DH_get0_pqg(dh, NULL, NULL, (const BIGNUM**)&g);
+
+    DH_get0_pqg(dh, NULL, NULL, NULL);
+
+    DH_get0_pqg(dh, (const BIGNUM**)&p,
+                    (const BIGNUM**)&q,
+                    (const BIGNUM**)&g);
+
+    ExpectPtrEq(p, NULL);
+    ExpectPtrEq(q, NULL);
+    ExpectPtrEq(g, NULL);
+    DH_free(dh);
+    dh = NULL;
+
+#if !defined(HAVE_FIPS) || (defined(HAVE_FIPS) && !defined(WOLFSSL_DH_EXTRA)) \
+ || (defined(HAVE_FIPS_VERSION) && FIPS_VERSION_GT(2,0))
+#if defined(OPENSSL_ALL) || \
+    defined(OPENSSL_VERSION_NUMBER) && OPENSSL_VERSION_NUMBER >= 0x10100000L
+    dh = wolfSSL_DH_new();
+    ExpectNotNull(dh);
+    p = wolfSSL_BN_new();
+    ExpectNotNull(p);
+    ExpectIntEQ(BN_set_word(p, 11), 1);
+    g = wolfSSL_BN_new();
+    ExpectNotNull(g);
+    ExpectIntEQ(BN_set_word(g, 2), 1);
+    q = wolfSSL_BN_new();
+    ExpectNotNull(q);
+    ExpectIntEQ(BN_set_word(q, 5), 1);
+    ExpectIntEQ(wolfSSL_DH_set0_pqg(NULL, NULL, NULL, NULL), 0);
+    ExpectIntEQ(wolfSSL_DH_set0_pqg(dh, NULL, NULL, NULL), 0);
+    ExpectIntEQ(wolfSSL_DH_set0_pqg(NULL, p, NULL, NULL), 0);
+    ExpectIntEQ(wolfSSL_DH_set0_pqg(NULL, NULL, q, NULL), 0);
+    ExpectIntEQ(wolfSSL_DH_set0_pqg(NULL, NULL, NULL, g), 0);
+    ExpectIntEQ(wolfSSL_DH_set0_pqg(NULL, p, q, g), 0);
+    ExpectIntEQ(wolfSSL_DH_set0_pqg(dh, NULL, q, g), 0);
+    ExpectIntEQ(wolfSSL_DH_set0_pqg(dh, p, q, NULL), 0);
+    /* Don't need q. */
+    ExpectIntEQ(wolfSSL_DH_set0_pqg(dh, p, NULL, g), 1);
+    if (EXPECT_FAIL()) {
+        BN_free(p);
+        BN_free(g);
+    }
+    p = NULL;
+    g = NULL;
+    /* Setting again will free the p and g. */
+    wolfSSL_BN_free(q);
+    q = NULL;
+    DH_free(dh);
+    dh = NULL;
+
+    dh = wolfSSL_DH_new();
+    ExpectNotNull(dh);
+
+    p = wolfSSL_BN_new();
+    ExpectNotNull(p);
+    ExpectIntEQ(BN_set_word(p, 11), 1);
+    g = wolfSSL_BN_new();
+    ExpectNotNull(g);
+    ExpectIntEQ(BN_set_word(g, 2), 1);
+    q = wolfSSL_BN_new();
+    ExpectNotNull(q);
+    ExpectIntEQ(BN_set_word(q, 5), 1);
+    ExpectIntEQ(wolfSSL_DH_set0_pqg(dh, p, q, g), 1);
+    /* p, q and g are now owned by dh - don't free. */
+    if (EXPECT_FAIL()) {
+        BN_free(p);
+        BN_free(q);
+        BN_free(g);
+    }
+    p = NULL;
+    q = NULL;
+    g = NULL;
+
+    p = wolfSSL_BN_new();
+    ExpectNotNull(p);
+    ExpectIntEQ(BN_set_word(p, 11), 1);
+    g = wolfSSL_BN_new();
+    ExpectNotNull(g);
+    ExpectIntEQ(BN_set_word(g, 2), 1);
+    q = wolfSSL_BN_new();
+    ExpectNotNull(q);
+    ExpectIntEQ(wolfSSL_DH_set0_pqg(dh, p, NULL, NULL), 1);
+    if (EXPECT_FAIL()) {
+        BN_free(p);
+    }
+    p = NULL;
+    ExpectIntEQ(wolfSSL_DH_set0_pqg(dh, NULL, q, NULL), 1);
+    if (EXPECT_FAIL()) {
+        BN_free(q);
+    }
+    q = NULL;
+    ExpectIntEQ(wolfSSL_DH_set0_pqg(dh, NULL, NULL, g), 1);
+    if (EXPECT_FAIL()) {
+        BN_free(g);
+    }
+    g = NULL;
+    ExpectIntEQ(wolfSSL_DH_set0_pqg(dh, NULL, NULL, NULL), 1);
+    /* p, q and g are now owned by dh - don't free. */
+
+    DH_free(dh);
+    dh = NULL;
+
+    ExpectIntEQ(DH_generate_key(NULL), 0);
+    ExpectNotNull(dh = DH_new());
+    ExpectIntEQ(DH_generate_key(dh), 0);
+    p = wolfSSL_BN_new();
+    ExpectNotNull(p);
+    ExpectIntEQ(BN_set_word(p, 0), 1);
+    g = wolfSSL_BN_new();
+    ExpectNotNull(g);
+    ExpectIntEQ(BN_set_word(g, 2), 1);
+    ExpectIntEQ(wolfSSL_DH_set0_pqg(dh, p, NULL, g), 1);
+    if (EXPECT_FAIL()) {
+        BN_free(p);
+        BN_free(g);
+    }
+    p = NULL;
+    g = NULL;
+    ExpectIntEQ(DH_generate_key(dh), 0);
+    DH_free(dh);
+    dh = NULL;
+#endif
+#endif
+
+    /* Test DH_up_ref() */
+    dh = wolfSSL_DH_new();
+    ExpectNotNull(dh);
+    ExpectIntEQ(wolfSSL_DH_up_ref(NULL), WC_NO_ERR_TRACE(WOLFSSL_FAILURE));
+    ExpectIntEQ(wolfSSL_DH_up_ref(dh), WOLFSSL_SUCCESS);
+    DH_free(dh); /* decrease ref count */
+    DH_free(dh); /* free WOLFSSL_DH */
+    dh = NULL;
+    q = NULL;
+
+    ExpectNull((dh = DH_new_by_nid(NID_sha1)));
+#if (defined(HAVE_PUBLIC_FFDHE) || (defined(HAVE_FIPS) && \
+    FIPS_VERSION_EQ(2,0))) || (!defined(HAVE_PUBLIC_FFDHE) && \
+    (!defined(HAVE_FIPS) || FIPS_VERSION_GT(2,0)))
+#ifdef HAVE_FFDHE_2048
+    ExpectNotNull((dh = DH_new_by_nid(NID_ffdhe2048)));
+    DH_free(dh);
+    dh = NULL;
+    q = NULL;
+#endif
+#ifdef HAVE_FFDHE_3072
+    ExpectNotNull((dh = DH_new_by_nid(NID_ffdhe3072)));
+    DH_free(dh);
+    dh = NULL;
+    q = NULL;
+#endif
+#ifdef HAVE_FFDHE_4096
+    ExpectNotNull((dh = DH_new_by_nid(NID_ffdhe4096)));
+    DH_free(dh);
+    dh = NULL;
+    q = NULL;
+#endif
+#else
+    ExpectNull((dh = DH_new_by_nid(NID_ffdhe2048)));
+#endif /* (HAVE_PUBLIC_FFDHE || (HAVE_FIPS && HAVE_FIPS_VERSION == 2)) ||
+        * (!HAVE_PUBLIC_FFDHE && (!HAVE_FIPS || HAVE_FIPS_VERSION > 2))*/
+
+    ExpectIntEQ(wolfSSL_DH_size(NULL), -1);
+#endif /* OPENSSL_EXTRA && !NO_DH */
+    return EXPECT_RESULT();
+}
+
+int test_wolfSSL_DH_dup(void)
+{
+    EXPECT_DECLS;
+#if !defined(NO_DH) && defined(WOLFSSL_DH_EXTRA)
+#if defined(WOLFSSL_QT) || defined(OPENSSL_ALL) || defined(WOLFSSL_OPENSSH) || \
+    defined(OPENSSL_EXTRA)
+    DH *dh = NULL;
+    DH *dhDup = NULL;
+
+    ExpectNotNull(dh = wolfSSL_DH_new());
+
+    ExpectNull(dhDup = wolfSSL_DH_dup(NULL));
+    ExpectNull(dhDup = wolfSSL_DH_dup(dh));
+
+#if defined(OPENSSL_ALL) || \
+    defined(OPENSSL_VERSION_NUMBER) && OPENSSL_VERSION_NUMBER >= 0x10100000L
+    {
+        WOLFSSL_BIGNUM* p = NULL;
+        WOLFSSL_BIGNUM* g = NULL;
+
+        ExpectNotNull(p = wolfSSL_BN_new());
+        ExpectNotNull(g = wolfSSL_BN_new());
+        ExpectIntEQ(wolfSSL_BN_set_word(p, 11), WOLFSSL_SUCCESS);
+        ExpectIntEQ(wolfSSL_BN_set_word(g, 2), WOLFSSL_SUCCESS);
+
+        ExpectIntEQ(wolfSSL_DH_set0_pqg(dh, p, NULL, g), 1);
+        if (EXPECT_FAIL()) {
+            wolfSSL_BN_free(p);
+            wolfSSL_BN_free(g);
+        }
+
+        ExpectNotNull(dhDup = wolfSSL_DH_dup(dh));
+        wolfSSL_DH_free(dhDup);
+    }
+#endif
+
+    wolfSSL_DH_free(dh);
+#endif
+#endif
+    return EXPECT_RESULT();
+}
+
+int test_wolfSSL_DH_check(void)
+{
+    EXPECT_DECLS;
+#ifdef OPENSSL_ALL
+#ifndef NO_DH
+#ifndef NO_BIO
+#ifndef NO_DSA
+    byte buf[6000];
+    char file[] = "./certs/dsaparams.pem";
+    XFILE f = XBADFILE;
+    int  bytes = 0;
+    BIO* bio = NULL;
+    DSA* dsa = NULL;
+#elif !defined(HAVE_FIPS) || FIPS_VERSION_GT(2,0)
+    static const byte dh2048[] = {
+        0x30, 0x82, 0x01, 0x08, 0x02, 0x82, 0x01, 0x01,
+        0x00, 0xb0, 0xa1, 0x08, 0x06, 0x9c, 0x08, 0x13,
+        0xba, 0x59, 0x06, 0x3c, 0xbc, 0x30, 0xd5, 0xf5,
+        0x00, 0xc1, 0x4f, 0x44, 0xa7, 0xd6, 0xef, 0x4a,
+        0xc6, 0x25, 0x27, 0x1c, 0xe8, 0xd2, 0x96, 0x53,
+        0x0a, 0x5c, 0x91, 0xdd, 0xa2, 0xc2, 0x94, 0x84,
+        0xbf, 0x7d, 0xb2, 0x44, 0x9f, 0x9b, 0xd2, 0xc1,
+        0x8a, 0xc5, 0xbe, 0x72, 0x5c, 0xa7, 0xe7, 0x91,
+        0xe6, 0xd4, 0x9f, 0x73, 0x07, 0x85, 0x5b, 0x66,
+        0x48, 0xc7, 0x70, 0xfa, 0xb4, 0xee, 0x02, 0xc9,
+        0x3d, 0x9a, 0x4a, 0xda, 0x3d, 0xc1, 0x46, 0x3e,
+        0x19, 0x69, 0xd1, 0x17, 0x46, 0x07, 0xa3, 0x4d,
+        0x9f, 0x2b, 0x96, 0x17, 0x39, 0x6d, 0x30, 0x8d,
+        0x2a, 0xf3, 0x94, 0xd3, 0x75, 0xcf, 0xa0, 0x75,
+        0xe6, 0xf2, 0x92, 0x1f, 0x1a, 0x70, 0x05, 0xaa,
+        0x04, 0x83, 0x57, 0x30, 0xfb, 0xda, 0x76, 0x93,
+        0x38, 0x50, 0xe8, 0x27, 0xfd, 0x63, 0xee, 0x3c,
+        0xe5, 0xb7, 0xc8, 0x09, 0xae, 0x6f, 0x50, 0x35,
+        0x8e, 0x84, 0xce, 0x4a, 0x00, 0xe9, 0x12, 0x7e,
+        0x5a, 0x31, 0xd7, 0x33, 0xfc, 0x21, 0x13, 0x76,
+        0xcc, 0x16, 0x30, 0xdb, 0x0c, 0xfc, 0xc5, 0x62,
+        0xa7, 0x35, 0xb8, 0xef, 0xb7, 0xb0, 0xac, 0xc0,
+        0x36, 0xf6, 0xd9, 0xc9, 0x46, 0x48, 0xf9, 0x40,
+        0x90, 0x00, 0x2b, 0x1b, 0xaa, 0x6c, 0xe3, 0x1a,
+        0xc3, 0x0b, 0x03, 0x9e, 0x1b, 0xc2, 0x46, 0xe4,
+        0x48, 0x4e, 0x22, 0x73, 0x6f, 0xc3, 0x5f, 0xd4,
+        0x9a, 0xd6, 0x30, 0x07, 0x48, 0xd6, 0x8c, 0x90,
+        0xab, 0xd4, 0xf6, 0xf1, 0xe3, 0x48, 0xd3, 0x58,
+        0x4b, 0xa6, 0xb9, 0xcd, 0x29, 0xbf, 0x68, 0x1f,
+        0x08, 0x4b, 0x63, 0x86, 0x2f, 0x5c, 0x6b, 0xd6,
+        0xb6, 0x06, 0x65, 0xf7, 0xa6, 0xdc, 0x00, 0x67,
+        0x6b, 0xbb, 0xc3, 0xa9, 0x41, 0x83, 0xfb, 0xc7,
+        0xfa, 0xc8, 0xe2, 0x1e, 0x7e, 0xaf, 0x00, 0x3f,
+        0x93, 0x02, 0x01, 0x02
+    };
+    const byte* params;
+#endif
+    DH*  dh = NULL;
+    WOLFSSL_BIGNUM* p = NULL;
+    WOLFSSL_BIGNUM* g = NULL;
+    WOLFSSL_BIGNUM* pTmp = NULL;
+    WOLFSSL_BIGNUM* gTmp = NULL;
+    int codes = -1;
+
+#ifndef NO_DSA
+    /* Initialize DH */
+    ExpectTrue((f = XFOPEN(file, "rb")) != XBADFILE);
+    ExpectIntGT(bytes = (int)XFREAD(buf, 1, sizeof(buf), f), 0);
+    if (f != XBADFILE)
+        XFCLOSE(f);
+
+    ExpectNotNull(bio = BIO_new_mem_buf((void*)buf, bytes));
+
+    ExpectNotNull(dsa = wolfSSL_PEM_read_bio_DSAparams(bio, NULL, NULL, NULL));
+
+    ExpectNotNull(dh = wolfSSL_DSA_dup_DH(dsa));
+    ExpectNotNull(dh);
+
+    BIO_free(bio);
+    DSA_free(dsa);
+#elif !defined(HAVE_FIPS) || FIPS_VERSION_GT(2,0)
+    params = dh2048;
+    ExpectNotNull(dh = wolfSSL_d2i_DHparams(NULL, &params,
+        (long)sizeof(dh2048)));
+#else
+    ExpectNotNull(dh = wolfSSL_DH_new_by_nid(NID_ffdhe2048));
+#endif
+
+    /* Test assumed to be valid dh.
+     * Should return WOLFSSL_SUCCESS
+     * codes should be 0
+     * Invalid codes = {DH_NOT_SUITABLE_GENERATOR, DH_CHECK_P_NOT_PRIME}
+     */
+    ExpectIntEQ(wolfSSL_DH_check(dh, &codes), 1);
+    ExpectIntEQ(codes, 0);
+
+    /* Test NULL dh: expected BAD_FUNC_ARG */
+    ExpectIntEQ(wolfSSL_DH_check(NULL, &codes), 0);
+
+    /* Break dh prime to test if codes = DH_CHECK_P_NOT_PRIME */
+    if (dh != NULL) {
+        pTmp = dh->p;
+        dh->p  = NULL;
+    }
+    ExpectIntEQ(wolfSSL_DH_check(dh, &codes), 1);
+    ExpectIntEQ(wolfSSL_DH_check(dh, NULL), 0);
+    ExpectIntEQ(codes, DH_CHECK_P_NOT_PRIME);
+    /* set dh->p back to normal so it won't fail on next tests */
+    if (dh != NULL) {
+        dh->p = pTmp;
+        pTmp = NULL;
+    }
+
+    /* Break dh generator to test if codes = DH_NOT_SUITABLE_GENERATOR */
+    if (dh != NULL) {
+        gTmp = dh->g;
+        dh->g = NULL;
+    }
+    ExpectIntEQ(wolfSSL_DH_check(dh, &codes), 1);
+    ExpectIntEQ(wolfSSL_DH_check(dh, NULL), 0);
+    ExpectIntEQ(codes, DH_NOT_SUITABLE_GENERATOR);
+    if (dh != NULL) {
+        dh->g = gTmp;
+        gTmp = NULL;
+    }
+
+    /* Cleanup */
+    DH_free(dh);
+    dh = NULL;
+
+    dh = DH_new();
+    ExpectNotNull(dh);
+    /* Check empty DH. */
+    ExpectIntEQ(wolfSSL_DH_check(dh, &codes), 1);
+    ExpectIntEQ(wolfSSL_DH_check(dh, NULL), 0);
+    ExpectIntEQ(codes, DH_NOT_SUITABLE_GENERATOR | DH_CHECK_P_NOT_PRIME);
+    /* Check non-prime valued p. */
+    ExpectNotNull(p = BN_new());
+    ExpectIntEQ(BN_set_word(p, 4), 1);
+    ExpectNotNull(g = BN_new());
+    ExpectIntEQ(BN_set_word(g, 2), 1);
+    ExpectIntEQ(DH_set0_pqg(dh, p, NULL, g), 1);
+    if (EXPECT_FAIL()) {
+        wolfSSL_BN_free(p);
+        wolfSSL_BN_free(g);
+    }
+    ExpectIntEQ(wolfSSL_DH_check(dh, &codes), 1);
+    ExpectIntEQ(wolfSSL_DH_check(dh, NULL), 0);
+    ExpectIntEQ(codes, DH_CHECK_P_NOT_PRIME);
+    DH_free(dh);
+    dh = NULL;
+#endif
+#endif /* !NO_DH  && !NO_DSA */
+#endif
+    return EXPECT_RESULT();
+}
+
+int test_wolfSSL_DH_prime(void)
+{
+    EXPECT_DECLS;
+#if defined(OPENSSL_EXTRA) && !defined(NO_DH)
+    WOLFSSL_BIGNUM* bn = NULL;
+#if WOLFSSL_MAX_BN_BITS >= 768
+    WOLFSSL_BIGNUM* bn2 = NULL;
+#endif
+
+    bn = wolfSSL_DH_768_prime(NULL);
+#if WOLFSSL_MAX_BN_BITS >= 768
+    ExpectNotNull(bn);
+    bn2 = wolfSSL_DH_768_prime(bn);
+    ExpectNotNull(bn2);
+    ExpectTrue(bn == bn2);
+    wolfSSL_BN_free(bn);
+    bn = NULL;
+#else
+    ExpectNull(bn);
+#endif
+
+    bn = wolfSSL_DH_1024_prime(NULL);
+#if WOLFSSL_MAX_BN_BITS >= 1024
+    ExpectNotNull(bn);
+    wolfSSL_BN_free(bn);
+    bn = NULL;
+#else
+    ExpectNull(bn);
+#endif
+    bn = wolfSSL_DH_2048_prime(NULL);
+#if WOLFSSL_MAX_BN_BITS >= 2048
+    ExpectNotNull(bn);
+    wolfSSL_BN_free(bn);
+    bn = NULL;
+#else
+    ExpectNull(bn);
+#endif
+    bn = wolfSSL_DH_3072_prime(NULL);
+#if WOLFSSL_MAX_BN_BITS >= 3072
+    ExpectNotNull(bn);
+    wolfSSL_BN_free(bn);
+    bn = NULL;
+#else
+    ExpectNull(bn);
+#endif
+    bn = wolfSSL_DH_4096_prime(NULL);
+#if WOLFSSL_MAX_BN_BITS >= 4096
+    ExpectNotNull(bn);
+    wolfSSL_BN_free(bn);
+    bn = NULL;
+#else
+    ExpectNull(bn);
+#endif
+    bn = wolfSSL_DH_6144_prime(NULL);
+#if WOLFSSL_MAX_BN_BITS >= 6144
+    ExpectNotNull(bn);
+    wolfSSL_BN_free(bn);
+    bn = NULL;
+#else
+    ExpectNull(bn);
+#endif
+    bn = wolfSSL_DH_8192_prime(NULL);
+#if WOLFSSL_MAX_BN_BITS >= 8192
+    ExpectNotNull(bn);
+    wolfSSL_BN_free(bn);
+    bn = NULL;
+#else
+    ExpectNull(bn);
+#endif
+#endif
+    return EXPECT_RESULT();
+}
+
+int test_wolfSSL_DH_1536_prime(void)
+{
+    EXPECT_DECLS;
+#if defined(OPENSSL_EXTRA) && !defined(NO_DH)
+    BIGNUM* bn = NULL;
+    unsigned char bits[200];
+    int sz = 192; /* known binary size */
+    const byte expected[] = {
+        0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,
+        0xC9,0x0F,0xDA,0xA2,0x21,0x68,0xC2,0x34,
+        0xC4,0xC6,0x62,0x8B,0x80,0xDC,0x1C,0xD1,
+        0x29,0x02,0x4E,0x08,0x8A,0x67,0xCC,0x74,
+        0x02,0x0B,0xBE,0xA6,0x3B,0x13,0x9B,0x22,
+        0x51,0x4A,0x08,0x79,0x8E,0x34,0x04,0xDD,
+        0xEF,0x95,0x19,0xB3,0xCD,0x3A,0x43,0x1B,
+        0x30,0x2B,0x0A,0x6D,0xF2,0x5F,0x14,0x37,
+        0x4F,0xE1,0x35,0x6D,0x6D,0x51,0xC2,0x45,
+        0xE4,0x85,0xB5,0x76,0x62,0x5E,0x7E,0xC6,
+        0xF4,0x4C,0x42,0xE9,0xA6,0x37,0xED,0x6B,
+        0x0B,0xFF,0x5C,0xB6,0xF4,0x06,0xB7,0xED,
+        0xEE,0x38,0x6B,0xFB,0x5A,0x89,0x9F,0xA5,
+        0xAE,0x9F,0x24,0x11,0x7C,0x4B,0x1F,0xE6,
+        0x49,0x28,0x66,0x51,0xEC,0xE4,0x5B,0x3D,
+        0xC2,0x00,0x7C,0xB8,0xA1,0x63,0xBF,0x05,
+        0x98,0xDA,0x48,0x36,0x1C,0x55,0xD3,0x9A,
+        0x69,0x16,0x3F,0xA8,0xFD,0x24,0xCF,0x5F,
+        0x83,0x65,0x5D,0x23,0xDC,0xA3,0xAD,0x96,
+        0x1C,0x62,0xF3,0x56,0x20,0x85,0x52,0xBB,
+        0x9E,0xD5,0x29,0x07,0x70,0x96,0x96,0x6D,
+        0x67,0x0C,0x35,0x4E,0x4A,0xBC,0x98,0x04,
+        0xF1,0x74,0x6C,0x08,0xCA,0x23,0x73,0x27,
+        0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,
+    };
+
+    ExpectNotNull(bn = get_rfc3526_prime_1536(NULL));
+    ExpectIntEQ(sz, BN_bn2bin((const BIGNUM*)bn, bits));
+    ExpectIntEQ(0, XMEMCMP(expected, bits, sz));
+
+    BN_free(bn);
+#endif
+    return EXPECT_RESULT();
+}
+
+int test_wolfSSL_DH_get_2048_256(void)
+{
+    EXPECT_DECLS;
+#if defined(OPENSSL_EXTRA) && !defined(NO_DH)
+    WOLFSSL_DH* dh = NULL;
+    const WOLFSSL_BIGNUM* pBn;
+    const WOLFSSL_BIGNUM* gBn;
+    const WOLFSSL_BIGNUM* qBn;
+    const byte pExpected[] = {
+        0x87, 0xA8, 0xE6, 0x1D, 0xB4, 0xB6, 0x66, 0x3C, 0xFF, 0xBB, 0xD1, 0x9C,
+        0x65, 0x19, 0x59, 0x99, 0x8C, 0xEE, 0xF6, 0x08, 0x66, 0x0D, 0xD0, 0xF2,
+        0x5D, 0x2C, 0xEE, 0xD4, 0x43, 0x5E, 0x3B, 0x00, 0xE0, 0x0D, 0xF8, 0xF1,
+        0xD6, 0x19, 0x57, 0xD4, 0xFA, 0xF7, 0xDF, 0x45, 0x61, 0xB2, 0xAA, 0x30,
+        0x16, 0xC3, 0xD9, 0x11, 0x34, 0x09, 0x6F, 0xAA, 0x3B, 0xF4, 0x29, 0x6D,
+        0x83, 0x0E, 0x9A, 0x7C, 0x20, 0x9E, 0x0C, 0x64, 0x97, 0x51, 0x7A, 0xBD,
+        0x5A, 0x8A, 0x9D, 0x30, 0x6B, 0xCF, 0x67, 0xED, 0x91, 0xF9, 0xE6, 0x72,
+        0x5B, 0x47, 0x58, 0xC0, 0x22, 0xE0, 0xB1, 0xEF, 0x42, 0x75, 0xBF, 0x7B,
+        0x6C, 0x5B, 0xFC, 0x11, 0xD4, 0x5F, 0x90, 0x88, 0xB9, 0x41, 0xF5, 0x4E,
+        0xB1, 0xE5, 0x9B, 0xB8, 0xBC, 0x39, 0xA0, 0xBF, 0x12, 0x30, 0x7F, 0x5C,
+        0x4F, 0xDB, 0x70, 0xC5, 0x81, 0xB2, 0x3F, 0x76, 0xB6, 0x3A, 0xCA, 0xE1,
+        0xCA, 0xA6, 0xB7, 0x90, 0x2D, 0x52, 0x52, 0x67, 0x35, 0x48, 0x8A, 0x0E,
+        0xF1, 0x3C, 0x6D, 0x9A, 0x51, 0xBF, 0xA4, 0xAB, 0x3A, 0xD8, 0x34, 0x77,
+        0x96, 0x52, 0x4D, 0x8E, 0xF6, 0xA1, 0x67, 0xB5, 0xA4, 0x18, 0x25, 0xD9,
+        0x67, 0xE1, 0x44, 0xE5, 0x14, 0x05, 0x64, 0x25, 0x1C, 0xCA, 0xCB, 0x83,
+        0xE6, 0xB4, 0x86, 0xF6, 0xB3, 0xCA, 0x3F, 0x79, 0x71, 0x50, 0x60, 0x26,
+        0xC0, 0xB8, 0x57, 0xF6, 0x89, 0x96, 0x28, 0x56, 0xDE, 0xD4, 0x01, 0x0A,
+        0xBD, 0x0B, 0xE6, 0x21, 0xC3, 0xA3, 0x96, 0x0A, 0x54, 0xE7, 0x10, 0xC3,
+        0x75, 0xF2, 0x63, 0x75, 0xD7, 0x01, 0x41, 0x03, 0xA4, 0xB5, 0x43, 0x30,
+        0xC1, 0x98, 0xAF, 0x12, 0x61, 0x16, 0xD2, 0x27, 0x6E, 0x11, 0x71, 0x5F,
+        0x69, 0x38, 0x77, 0xFA, 0xD7, 0xEF, 0x09, 0xCA, 0xDB, 0x09, 0x4A, 0xE9,
+        0x1E, 0x1A, 0x15, 0x97
+    };
+    const byte gExpected[] = {
+        0x3F, 0xB3, 0x2C, 0x9B, 0x73, 0x13, 0x4D, 0x0B, 0x2E, 0x77, 0x50, 0x66,
+        0x60, 0xED, 0xBD, 0x48, 0x4C, 0xA7, 0xB1, 0x8F, 0x21, 0xEF, 0x20, 0x54,
+        0x07, 0xF4, 0x79, 0x3A, 0x1A, 0x0B, 0xA1, 0x25, 0x10, 0xDB, 0xC1, 0x50,
+        0x77, 0xBE, 0x46, 0x3F, 0xFF, 0x4F, 0xED, 0x4A, 0xAC, 0x0B, 0xB5, 0x55,
+        0xBE, 0x3A, 0x6C, 0x1B, 0x0C, 0x6B, 0x47, 0xB1, 0xBC, 0x37, 0x73, 0xBF,
+        0x7E, 0x8C, 0x6F, 0x62, 0x90, 0x12, 0x28, 0xF8, 0xC2, 0x8C, 0xBB, 0x18,
+        0xA5, 0x5A, 0xE3, 0x13, 0x41, 0x00, 0x0A, 0x65, 0x01, 0x96, 0xF9, 0x31,
+        0xC7, 0x7A, 0x57, 0xF2, 0xDD, 0xF4, 0x63, 0xE5, 0xE9, 0xEC, 0x14, 0x4B,
+        0x77, 0x7D, 0xE6, 0x2A, 0xAA, 0xB8, 0xA8, 0x62, 0x8A, 0xC3, 0x76, 0xD2,
+        0x82, 0xD6, 0xED, 0x38, 0x64, 0xE6, 0x79, 0x82, 0x42, 0x8E, 0xBC, 0x83,
+        0x1D, 0x14, 0x34, 0x8F, 0x6F, 0x2F, 0x91, 0x93, 0xB5, 0x04, 0x5A, 0xF2,
+        0x76, 0x71, 0x64, 0xE1, 0xDF, 0xC9, 0x67, 0xC1, 0xFB, 0x3F, 0x2E, 0x55,
+        0xA4, 0xBD, 0x1B, 0xFF, 0xE8, 0x3B, 0x9C, 0x80, 0xD0, 0x52, 0xB9, 0x85,
+        0xD1, 0x82, 0xEA, 0x0A, 0xDB, 0x2A, 0x3B, 0x73, 0x13, 0xD3, 0xFE, 0x14,
+        0xC8, 0x48, 0x4B, 0x1E, 0x05, 0x25, 0x88, 0xB9, 0xB7, 0xD2, 0xBB, 0xD2,
+        0xDF, 0x01, 0x61, 0x99, 0xEC, 0xD0, 0x6E, 0x15, 0x57, 0xCD, 0x09, 0x15,
+        0xB3, 0x35, 0x3B, 0xBB, 0x64, 0xE0, 0xEC, 0x37, 0x7F, 0xD0, 0x28, 0x37,
+        0x0D, 0xF9, 0x2B, 0x52, 0xC7, 0x89, 0x14, 0x28, 0xCD, 0xC6, 0x7E, 0xB6,
+        0x18, 0x4B, 0x52, 0x3D, 0x1D, 0xB2, 0x46, 0xC3, 0x2F, 0x63, 0x07, 0x84,
+        0x90, 0xF0, 0x0E, 0xF8, 0xD6, 0x47, 0xD1, 0x48, 0xD4, 0x79, 0x54, 0x51,
+        0x5E, 0x23, 0x27, 0xCF, 0xEF, 0x98, 0xC5, 0x82, 0x66, 0x4B, 0x4C, 0x0F,
+        0x6C, 0xC4, 0x16, 0x59
+    };
+    const byte qExpected[] = {
+        0x8C, 0xF8, 0x36, 0x42, 0xA7, 0x09, 0xA0, 0x97, 0xB4, 0x47, 0x99, 0x76,
+        0x40, 0x12, 0x9D, 0xA2, 0x99, 0xB1, 0xA4, 0x7D, 0x1E, 0xB3, 0x75, 0x0B,
+        0xA3, 0x08, 0xB0, 0xFE, 0x64, 0xF5, 0xFB, 0xD3
+    };
+    int pSz = 0;
+    int qSz = 0;
+    int gSz = 0;
+    byte* pReturned = NULL;
+    byte* qReturned = NULL;
+    byte* gReturned = NULL;
+
+    ExpectNotNull((dh = wolfSSL_DH_get_2048_256()));
+    wolfSSL_DH_get0_pqg(dh, &pBn, &qBn, &gBn);
+
+    ExpectIntGT((pSz = wolfSSL_BN_num_bytes(pBn)), 0);
+    ExpectNotNull(pReturned = (byte*)XMALLOC(pSz, NULL,
+        DYNAMIC_TYPE_TMP_BUFFER));
+    ExpectIntGT((pSz = wolfSSL_BN_bn2bin(pBn, pReturned)), 0);
+    ExpectIntEQ(pSz, sizeof(pExpected));
+    ExpectIntEQ(XMEMCMP(pExpected, pReturned, pSz), 0);
+
+    ExpectIntGT((qSz = wolfSSL_BN_num_bytes(qBn)), 0);
+    ExpectNotNull(qReturned = (byte*)XMALLOC(qSz, NULL,
+        DYNAMIC_TYPE_TMP_BUFFER));
+    ExpectIntGT((qSz = wolfSSL_BN_bn2bin(qBn, qReturned)), 0);
+    ExpectIntEQ(qSz, sizeof(qExpected));
+    ExpectIntEQ(XMEMCMP(qExpected, qReturned, qSz), 0);
+
+    ExpectIntGT((gSz = wolfSSL_BN_num_bytes(gBn)), 0);
+    ExpectNotNull(gReturned = (byte*)XMALLOC(gSz, NULL,
+        DYNAMIC_TYPE_TMP_BUFFER));
+    ExpectIntGT((gSz = wolfSSL_BN_bn2bin(gBn, gReturned)), 0);
+    ExpectIntEQ(gSz, sizeof(gExpected));
+    ExpectIntEQ(XMEMCMP(gExpected, gReturned, gSz), 0);
+
+    wolfSSL_DH_free(dh);
+    XFREE(pReturned, NULL, DYNAMIC_TYPE_TMP_BUFFER);
+    XFREE(gReturned, NULL, DYNAMIC_TYPE_TMP_BUFFER);
+    XFREE(qReturned, NULL, DYNAMIC_TYPE_TMP_BUFFER);
+#endif
+    return EXPECT_RESULT();
+}
+
+int test_wolfSSL_PEM_read_DHparams(void)
+{
+    EXPECT_DECLS;
+#if defined(OPENSSL_ALL) && !defined(NO_DH) && defined(WOLFSSL_DH_EXTRA) && \
+    !defined(NO_FILESYSTEM)
+    DH* dh = NULL;
+    XFILE fp = XBADFILE;
+    unsigned char derOut[300];
+    unsigned char* derOutBuf = derOut;
+    int derOutSz = 0;
+
+    unsigned char derExpected[300];
+    int derExpectedSz = 0;
+
+    XMEMSET(derOut, 0, sizeof(derOut));
+    XMEMSET(derExpected, 0, sizeof(derExpected));
+
+    /* open DH param file, read into DH struct */
+    ExpectTrue((fp = XFOPEN(dhParamFile, "rb")) != XBADFILE);
+
+    /* bad args */
+    ExpectNull(dh = PEM_read_DHparams(NULL, &dh, NULL, NULL));
+    ExpectNull(dh = PEM_read_DHparams(NULL, NULL, NULL, NULL));
+
+    /* good args */
+    ExpectNotNull(dh = PEM_read_DHparams(fp, &dh, NULL, NULL));
+    if (fp != XBADFILE) {
+        XFCLOSE(fp);
+        fp = XBADFILE;
+    }
+
+    /* read in certs/dh2048.der for comparison against exported params */
+    ExpectTrue((fp = XFOPEN("./certs/dh2048.der", "rb")) != XBADFILE);
+    ExpectIntGT(derExpectedSz = (int)XFREAD(derExpected, 1, sizeof(derExpected),
+        fp), 0);
+    if (fp != XBADFILE) {
+        XFCLOSE(fp);
+        fp = XBADFILE;
+    }
+
+    /* export DH back to DER and compare */
+    derOutSz = wolfSSL_i2d_DHparams(dh, &derOutBuf);
+    ExpectIntEQ(derOutSz, derExpectedSz);
+    ExpectIntEQ(XMEMCMP(derOut, derExpected, derOutSz), 0);
+
+    DH_free(dh);
+    dh = NULL;
+
+    /* Test parsing with X9.42 header */
+    ExpectTrue((fp = XFOPEN("./certs/x942dh2048.pem", "rb")) != XBADFILE);
+    ExpectNotNull(dh = PEM_read_DHparams(fp, &dh, NULL, NULL));
+    if (fp != XBADFILE)
+        XFCLOSE(fp);
+
+    DH_free(dh);
+    dh = NULL;
+#endif
+    return EXPECT_RESULT();
+}
+
+int test_wolfSSL_PEM_write_DHparams(void)
+{
+    EXPECT_DECLS;
+#if defined(OPENSSL_EXTRA) && !defined(NO_BIO) && \
+    !defined(NO_DH) && defined(WOLFSSL_DH_EXTRA) && !defined(NO_FILESYSTEM)
+    DH* dh = NULL;
+    BIO* bio = NULL;
+    XFILE fp = XBADFILE;
+    byte pem[2048];
+    int  pemSz = 0;
+    const char expected[] =
+        "-----BEGIN DH PARAMETERS-----\n"
+        "MIIBCAKCAQEAsKEIBpwIE7pZBjy8MNX1AMFPRKfW70rGJScc6NKWUwpckd2iwpSE\n"
+        "v32yRJ+b0sGKxb5yXKfnkebUn3MHhVtmSMdw+rTuAsk9mkraPcFGPhlp0RdGB6NN\n"
+        "nyuWFzltMI0q85TTdc+gdebykh8acAWqBINXMPvadpM4UOgn/WPuPOW3yAmub1A1\n"
+        "joTOSgDpEn5aMdcz/CETdswWMNsM/MVipzW477ewrMA29tnJRkj5QJAAKxuqbOMa\n"
+        "wwsDnhvCRuRITiJzb8Nf1JrWMAdI1oyQq9T28eNI01hLprnNKb9oHwhLY4YvXGvW\n"
+        "tgZl96bcAGdru8OpQYP7x/rI4h5+rwA/kwIBAg==\n"
+        "-----END DH PARAMETERS-----\n";
+    const char badPem[] =
+        "-----BEGIN DH PARAMETERS-----\n"
+        "-----END DH PARAMETERS-----\n";
+    const char emptySeqPem[] =
+        "-----BEGIN DH PARAMETERS-----\n"
+        "MAA=\n"
+        "-----END DH PARAMETERS-----\n";
+
+    ExpectTrue((fp = XFOPEN(dhParamFile, "rb")) != XBADFILE);
+    ExpectIntGT((pemSz = (int)XFREAD(pem, 1, sizeof(pem), fp)), 0);
+    if (fp != XBADFILE) {
+        XFCLOSE(fp);
+        fp = XBADFILE;
+    }
+
+    ExpectNull(PEM_read_bio_DHparams(NULL, NULL, NULL, NULL));
+
+    ExpectNotNull(bio = BIO_new(BIO_s_mem()));
+    ExpectNull(dh = PEM_read_bio_DHparams(bio, NULL, NULL, NULL));
+    ExpectIntEQ(BIO_write(bio, badPem, (int)sizeof(badPem)),
+        (int)sizeof(badPem));
+    ExpectNull(dh = PEM_read_bio_DHparams(bio, NULL, NULL, NULL));
+    BIO_free(bio);
+    bio = NULL;
+
+    ExpectNotNull(bio = BIO_new(BIO_s_mem()));
+    ExpectNull(dh = PEM_read_bio_DHparams(bio, NULL, NULL, NULL));
+    ExpectIntEQ(BIO_write(bio, emptySeqPem, (int)sizeof(emptySeqPem)),
+        (int)sizeof(emptySeqPem));
+    ExpectNull(dh = PEM_read_bio_DHparams(bio, NULL, NULL, NULL));
+    BIO_free(bio);
+    bio = NULL;
+
+    ExpectNotNull(bio = BIO_new(BIO_s_mem()));
+    ExpectIntEQ(BIO_write(bio, pem, pemSz), pemSz);
+    ExpectNotNull(dh = PEM_read_bio_DHparams(bio, NULL, NULL, NULL));
+    BIO_free(bio);
+    bio = NULL;
+
+    ExpectNotNull(fp = XFOPEN("./test-write-dhparams.pem", "wb"));
+    ExpectIntEQ(PEM_write_DHparams(fp, dh), WOLFSSL_SUCCESS);
+    ExpectIntEQ(PEM_write_DHparams(fp, NULL), WC_NO_ERR_TRACE(WOLFSSL_FAILURE));
+    DH_free(dh);
+    dh = NULL;
+
+    dh = wolfSSL_DH_new();
+    ExpectIntEQ(PEM_write_DHparams(fp, dh), WC_NO_ERR_TRACE(WOLFSSL_FAILURE));
+    if (fp != XBADFILE) {
+        XFCLOSE(fp);
+        fp = XBADFILE;
+    }
+    wolfSSL_DH_free(dh);
+    dh = NULL;
+
+    /* check results */
+    XMEMSET(pem, 0, sizeof(pem));
+    ExpectTrue((fp = XFOPEN("./test-write-dhparams.pem", "rb")) != XBADFILE);
+    ExpectIntGT((pemSz = (int)XFREAD(pem, 1, sizeof(pem), fp)), 0);
+    ExpectIntEQ(XMEMCMP(pem, expected, pemSz), 0);
+    if (fp != XBADFILE)
+        XFCLOSE(fp);
+#endif
+    return EXPECT_RESULT();
+}
+
+int test_wolfSSL_d2i_DHparams(void)
+{
+    EXPECT_DECLS;
+#ifdef OPENSSL_ALL
+#if !defined(NO_DH) && (defined(HAVE_FFDHE_2048) || defined(HAVE_FFDHE_3072))
+#if !defined(HAVE_FIPS) || (defined(HAVE_FIPS_VERSION) && (HAVE_FIPS_VERSION>2))
+    XFILE f = XBADFILE;
+    unsigned char buf[4096];
+    const unsigned char* pt = buf;
+#ifdef HAVE_FFDHE_2048
+    const char* params1 = "./certs/dh2048.der";
+#endif
+#ifdef HAVE_FFDHE_3072
+    const char* params2 = "./certs/dh3072.der";
+#endif
+    long len = 0;
+    WOLFSSL_DH* dh = NULL;
+    XMEMSET(buf, 0, sizeof(buf));
+
+    /* Test 2048 bit parameters */
+#ifdef HAVE_FFDHE_2048
+    ExpectTrue((f = XFOPEN(params1, "rb")) != XBADFILE);
+    ExpectTrue((len = (long)XFREAD(buf, 1, sizeof(buf), f)) > 0);
+    if (f != XBADFILE) {
+        XFCLOSE(f);
+        f = XBADFILE;
+    }
+
+    /* Valid case */
+    ExpectNotNull(dh = wolfSSL_d2i_DHparams(NULL, &pt, len));
+    ExpectNotNull(dh->p);
+    ExpectNotNull(dh->g);
+    ExpectTrue(pt == buf);
+    ExpectIntEQ(DH_set_length(NULL, BN_num_bits(dh->p)), 0);
+    ExpectIntEQ(DH_set_length(dh, BN_num_bits(dh->p)), 1);
+    ExpectIntEQ(DH_generate_key(dh), WOLFSSL_SUCCESS);
+
+    /* Invalid cases */
+    ExpectNull(wolfSSL_d2i_DHparams(NULL, NULL, len));
+    ExpectNull(wolfSSL_d2i_DHparams(NULL, &pt, -1));
+    ExpectNull(wolfSSL_d2i_DHparams(NULL, &pt, 10));
+
+    DH_free(dh);
+    dh = NULL;
+
+    *buf = 0;
+    pt = buf;
+#endif /* HAVE_FFDHE_2048 */
+
+    /* Test 3072 bit parameters */
+#ifdef HAVE_FFDHE_3072
+    ExpectTrue((f = XFOPEN(params2, "rb")) != XBADFILE);
+    ExpectTrue((len = (long)XFREAD(buf, 1, sizeof(buf), f)) > 0);
+    if (f != XBADFILE) {
+        XFCLOSE(f);
+        f = XBADFILE;
+    }
+
+    /* Valid case */
+    ExpectNotNull(dh = wolfSSL_d2i_DHparams(&dh, &pt, len));
+    ExpectNotNull(dh->p);
+    ExpectNotNull(dh->g);
+    ExpectTrue(pt != buf);
+    ExpectIntEQ(DH_generate_key(dh), 1);
+
+    /* Invalid cases */
+    ExpectNull(wolfSSL_d2i_DHparams(NULL, NULL, len));
+    ExpectNull(wolfSSL_d2i_DHparams(NULL, &pt, -1));
+
+    DH_free(dh);
+    dh = NULL;
+#endif /* HAVE_FFDHE_3072 */
+
+#endif /* !HAVE_FIPS || HAVE_FIPS_VERSION > 2 */
+#endif /* !NO_DH */
+#endif
+    return EXPECT_RESULT();
+}
+
+int test_wolfSSL_DH_LoadDer(void)
+{
+    EXPECT_DECLS;
+#if !defined(NO_DH) && (!defined(HAVE_FIPS) || FIPS_VERSION_GT(2,0)) && \
+    defined(OPENSSL_EXTRA)
+    static const byte dh2048[] = {
+        0x30, 0x82, 0x01, 0x08, 0x02, 0x82, 0x01, 0x01,
+        0x00, 0xb0, 0xa1, 0x08, 0x06, 0x9c, 0x08, 0x13,
+        0xba, 0x59, 0x06, 0x3c, 0xbc, 0x30, 0xd5, 0xf5,
+        0x00, 0xc1, 0x4f, 0x44, 0xa7, 0xd6, 0xef, 0x4a,
+        0xc6, 0x25, 0x27, 0x1c, 0xe8, 0xd2, 0x96, 0x53,
+        0x0a, 0x5c, 0x91, 0xdd, 0xa2, 0xc2, 0x94, 0x84,
+        0xbf, 0x7d, 0xb2, 0x44, 0x9f, 0x9b, 0xd2, 0xc1,
+        0x8a, 0xc5, 0xbe, 0x72, 0x5c, 0xa7, 0xe7, 0x91,
+        0xe6, 0xd4, 0x9f, 0x73, 0x07, 0x85, 0x5b, 0x66,
+        0x48, 0xc7, 0x70, 0xfa, 0xb4, 0xee, 0x02, 0xc9,
+        0x3d, 0x9a, 0x4a, 0xda, 0x3d, 0xc1, 0x46, 0x3e,
+        0x19, 0x69, 0xd1, 0x17, 0x46, 0x07, 0xa3, 0x4d,
+        0x9f, 0x2b, 0x96, 0x17, 0x39, 0x6d, 0x30, 0x8d,
+        0x2a, 0xf3, 0x94, 0xd3, 0x75, 0xcf, 0xa0, 0x75,
+        0xe6, 0xf2, 0x92, 0x1f, 0x1a, 0x70, 0x05, 0xaa,
+        0x04, 0x83, 0x57, 0x30, 0xfb, 0xda, 0x76, 0x93,
+        0x38, 0x50, 0xe8, 0x27, 0xfd, 0x63, 0xee, 0x3c,
+        0xe5, 0xb7, 0xc8, 0x09, 0xae, 0x6f, 0x50, 0x35,
+        0x8e, 0x84, 0xce, 0x4a, 0x00, 0xe9, 0x12, 0x7e,
+        0x5a, 0x31, 0xd7, 0x33, 0xfc, 0x21, 0x13, 0x76,
+        0xcc, 0x16, 0x30, 0xdb, 0x0c, 0xfc, 0xc5, 0x62,
+        0xa7, 0x35, 0xb8, 0xef, 0xb7, 0xb0, 0xac, 0xc0,
+        0x36, 0xf6, 0xd9, 0xc9, 0x46, 0x48, 0xf9, 0x40,
+        0x90, 0x00, 0x2b, 0x1b, 0xaa, 0x6c, 0xe3, 0x1a,
+        0xc3, 0x0b, 0x03, 0x9e, 0x1b, 0xc2, 0x46, 0xe4,
+        0x48, 0x4e, 0x22, 0x73, 0x6f, 0xc3, 0x5f, 0xd4,
+        0x9a, 0xd6, 0x30, 0x07, 0x48, 0xd6, 0x8c, 0x90,
+        0xab, 0xd4, 0xf6, 0xf1, 0xe3, 0x48, 0xd3, 0x58,
+        0x4b, 0xa6, 0xb9, 0xcd, 0x29, 0xbf, 0x68, 0x1f,
+        0x08, 0x4b, 0x63, 0x86, 0x2f, 0x5c, 0x6b, 0xd6,
+        0xb6, 0x06, 0x65, 0xf7, 0xa6, 0xdc, 0x00, 0x67,
+        0x6b, 0xbb, 0xc3, 0xa9, 0x41, 0x83, 0xfb, 0xc7,
+        0xfa, 0xc8, 0xe2, 0x1e, 0x7e, 0xaf, 0x00, 0x3f,
+        0x93, 0x02, 0x01, 0x02
+    };
+    WOLFSSL_DH* dh = NULL;
+
+    ExpectNotNull(dh = wolfSSL_DH_new());
+
+    ExpectIntEQ(wolfSSL_DH_LoadDer(NULL, NULL, 0), -1);
+    ExpectIntEQ(wolfSSL_DH_LoadDer(dh, NULL, 0), -1);
+    ExpectIntEQ(wolfSSL_DH_LoadDer(NULL, dh2048, sizeof(dh2048)), -1);
+
+    ExpectIntEQ(wolfSSL_DH_LoadDer(dh, dh2048, sizeof(dh2048)), 1);
+
+    wolfSSL_DH_free(dh);
+#endif
+    return EXPECT_RESULT();
+}
+
+int test_wolfSSL_i2d_DHparams(void)
+{
+    EXPECT_DECLS;
+#ifdef OPENSSL_ALL
+#if !defined(NO_DH) && (defined(HAVE_FFDHE_2048) || defined(HAVE_FFDHE_3072))
+#if !defined(HAVE_FIPS) || (defined(HAVE_FIPS_VERSION) && (HAVE_FIPS_VERSION>2))
+    XFILE f = XBADFILE;
+    unsigned char buf[4096];
+    const unsigned char* pt;
+    unsigned char* pt2;
+#ifdef HAVE_FFDHE_2048
+    const char* params1 = "./certs/dh2048.der";
+#endif
+#ifdef HAVE_FFDHE_3072
+    const char* params2 = "./certs/dh3072.der";
+#endif
+    long len = 0;
+    WOLFSSL_DH* dh = NULL;
+
+    /* Test 2048 bit parameters */
+#ifdef HAVE_FFDHE_2048
+    pt = buf;
+    pt2 = buf;
+
+    ExpectTrue((f = XFOPEN(params1, "rb")) != XBADFILE);
+    ExpectTrue((len = (long)XFREAD(buf, 1, sizeof(buf), f)) > 0);
+    if (f != XBADFILE) {
+        XFCLOSE(f);
+        f = XBADFILE;
+    }
+
+    /* Valid case */
+    ExpectNotNull(dh = wolfSSL_d2i_DHparams(NULL, &pt, len));
+    ExpectTrue(pt == buf);
+    ExpectIntEQ(DH_generate_key(dh), 1);
+    ExpectIntEQ(wolfSSL_i2d_DHparams(dh, &pt2), 268);
+
+    /* Invalid case */
+    ExpectIntEQ(wolfSSL_i2d_DHparams(NULL, &pt2), 0);
+
+    /* Return length only */
+    ExpectIntEQ(wolfSSL_i2d_DHparams(dh, NULL), 268);
+
+    DH_free(dh);
+    dh = NULL;
+
+    *buf = 0;
+#endif
+
+    /* Test 3072 bit parameters */
+#ifdef HAVE_FFDHE_3072
+    pt = buf;
+    pt2 = buf;
+
+    ExpectTrue((f = XFOPEN(params2, "rb")) != XBADFILE);
+    ExpectTrue((len = (long)XFREAD(buf, 1, sizeof(buf), f)) > 0);
+    if (f != XBADFILE) {
+        XFCLOSE(f);
+        f = XBADFILE;
+    }
+
+    /* Valid case */
+    ExpectNotNull(dh = wolfSSL_d2i_DHparams(NULL, &pt, len));
+    ExpectTrue(pt == buf);
+    ExpectIntEQ(DH_generate_key(dh), 1);
+    ExpectIntEQ(wolfSSL_i2d_DHparams(dh, &pt2), 396);
+
+    /* Invalid case */
+    ExpectIntEQ(wolfSSL_i2d_DHparams(NULL, &pt2), 0);
+
+    /* Return length only */
+    ExpectIntEQ(wolfSSL_i2d_DHparams(dh, NULL), 396);
+
+    DH_free(dh);
+    dh = NULL;
+#endif
+
+    dh = DH_new();
+    ExpectNotNull(dh);
+    pt2 = buf;
+    ExpectIntEQ(wolfSSL_i2d_DHparams(dh, &pt2), 0);
+    DH_free(dh);
+    dh = NULL;
+#endif /* !HAVE_FIPS || HAVE_FIPS_VERSION > 2 */
+#endif /* !NO_DH && (HAVE_FFDHE_2048 || HAVE_FFDHE_3072) */
+#endif
+    return EXPECT_RESULT();
+}
+
diff --git a/tests/api/test_ossl_dh.h b/tests/api/test_ossl_dh.h
new file mode 100644
index 000000000..01bd200d2
--- /dev/null
+++ b/tests/api/test_ossl_dh.h
@@ -0,0 +1,53 @@
+/* test_ossl_dh.h
+ *
+ * Copyright (C) 2006-2025 wolfSSL Inc.
+ *
+ * This file is part of wolfSSL.
+ *
+ * wolfSSL is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * wolfSSL is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA
+ */
+
+#ifndef WOLFCRYPT_TEST_OSSL_DH_H
+#define WOLFCRYPT_TEST_OSSL_DH_H
+
+#include <tests/api/api_decl.h>
+
+int test_wolfSSL_DH(void);
+int test_wolfSSL_DH_dup(void);
+int test_wolfSSL_DH_check(void);
+int test_wolfSSL_DH_prime(void);
+int test_wolfSSL_DH_1536_prime(void);
+int test_wolfSSL_DH_get_2048_256(void);
+int test_wolfSSL_PEM_read_DHparams(void);
+int test_wolfSSL_PEM_write_DHparams(void);
+int test_wolfSSL_d2i_DHparams(void);
+int test_wolfSSL_DH_LoadDer(void);
+int test_wolfSSL_i2d_DHparams(void);
+
+#define TEST_OSSL_DH_DECLS                                          \
+    TEST_DECL_GROUP("ossl_dh", test_wolfSSL_DH),                    \
+    TEST_DECL_GROUP("ossl_dh", test_wolfSSL_DH_dup),                \
+    TEST_DECL_GROUP("ossl_dh", test_wolfSSL_DH_check),              \
+    TEST_DECL_GROUP("ossl_dh", test_wolfSSL_DH_prime),              \
+    TEST_DECL_GROUP("ossl_dh", test_wolfSSL_DH_1536_prime),         \
+    TEST_DECL_GROUP("ossl_dh", test_wolfSSL_DH_get_2048_256),       \
+    TEST_DECL_GROUP("ossl_dh", test_wolfSSL_PEM_read_DHparams),     \
+    TEST_DECL_GROUP("ossl_dh", test_wolfSSL_PEM_write_DHparams),    \
+    TEST_DECL_GROUP("ossl_dh", test_wolfSSL_d2i_DHparams),          \
+    TEST_DECL_GROUP("ossl_dh", test_wolfSSL_DH_LoadDer),            \
+    TEST_DECL_GROUP("ossl_dh", test_wolfSSL_i2d_DHparams)
+
+#endif /* WOLFCRYPT_TEST_OSSL_DH_H */
+
diff --git a/tests/api/test_ossl_dsa.c b/tests/api/test_ossl_dsa.c
new file mode 100644
index 000000000..7d0958636
--- /dev/null
+++ b/tests/api/test_ossl_dsa.c
@@ -0,0 +1,162 @@
+/* test_ossl_dsa.c
+ *
+ * Copyright (C) 2006-2025 wolfSSL Inc.
+ *
+ * This file is part of wolfSSL.
+ *
+ * wolfSSL is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * wolfSSL is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA
+ */
+
+#include <tests/unit.h>
+
+#ifdef NO_INLINE
+    #include <wolfssl/wolfcrypt/misc.h>
+#else
+    #define WOLFSSL_MISC_INCLUDED
+    #include <wolfcrypt/src/misc.c>
+#endif
+
+#include <wolfssl/openssl/dsa.h>
+#include <wolfssl/openssl/pem.h>
+#include <wolfssl/wolfcrypt/types.h>
+#include <tests/api/api.h>
+#include <tests/api/test_ossl_dsa.h>
+
+/*******************************************************************************
+ * DSA OpenSSL compatibility API Testing
+ ******************************************************************************/
+
+int test_DSA_do_sign_verify(void)
+{
+    EXPECT_DECLS;
+#if !defined(HAVE_SELFTEST) && !defined(HAVE_FIPS)
+#if defined(OPENSSL_EXTRA) && !defined(NO_FILESYSTEM) && \
+    !defined(NO_DSA)
+    unsigned char digest[WC_SHA_DIGEST_SIZE];
+    DSA_SIG* sig = NULL;
+    DSA* dsa = NULL;
+    word32  bytes;
+    byte sigBin[DSA_SIG_SIZE];
+    int dsacheck;
+
+#ifdef USE_CERT_BUFFERS_1024
+    byte    tmp[ONEK_BUF];
+
+    XMEMSET(tmp, 0, sizeof(tmp));
+    XMEMCPY(tmp, dsa_key_der_1024, sizeof_dsa_key_der_1024);
+    bytes = sizeof_dsa_key_der_1024;
+#elif defined(USE_CERT_BUFFERS_2048)
+    byte    tmp[TWOK_BUF];
+
+    XMEMSET(tmp, 0, sizeof(tmp));
+    XMEMCPY(tmp, dsa_key_der_2048, sizeof_dsa_key_der_2048);
+    bytes = sizeof_dsa_key_der_2048;
+#else
+    byte    tmp[TWOK_BUF];
+    XFILE   fp = XBADFILE;
+
+    XMEMSET(tmp, 0, sizeof(tmp));
+    ExpectTrue((fp = XFOPEN("./certs/dsa2048.der", "rb") != XBADFILE);
+    ExpectIntGT(bytes = (word32) XFREAD(tmp, 1, sizeof(tmp), fp), 0);
+    if (fp != XBADFILE)
+        XFCLOSE(fp);
+#endif /* END USE_CERT_BUFFERS_1024 */
+
+    XMEMSET(digest, 202, sizeof(digest));
+
+    ExpectNotNull(dsa = DSA_new());
+    ExpectIntEQ(DSA_LoadDer(dsa, tmp, (int)bytes), 1);
+
+    ExpectIntEQ(wolfSSL_DSA_do_sign(digest, sigBin, dsa), 1);
+    ExpectIntEQ(wolfSSL_DSA_do_verify(digest, sigBin, dsa, &dsacheck), 1);
+
+    ExpectNotNull(sig = DSA_do_sign(digest, WC_SHA_DIGEST_SIZE, dsa));
+    ExpectIntEQ(DSA_do_verify(digest, WC_SHA_DIGEST_SIZE, sig, dsa), 1);
+
+    DSA_SIG_free(sig);
+    DSA_free(dsa);
+#endif
+#endif /* !HAVE_SELFTEST && !HAVE_FIPS */
+    return EXPECT_RESULT();
+}
+
+int test_wolfSSL_DSA_generate_parameters(void)
+{
+    EXPECT_DECLS;
+#if !defined(NO_DSA) && !defined(HAVE_SELFTEST) && defined(WOLFSSL_KEY_GEN) && \
+    !defined(HAVE_FIPS) && defined(OPENSSL_ALL)
+    DSA *dsa = NULL;
+
+    ExpectNotNull(dsa = DSA_generate_parameters(2048, NULL, 0, NULL, NULL, NULL,
+        NULL));
+    DSA_free(dsa);
+#endif
+    return EXPECT_RESULT();
+}
+
+int test_wolfSSL_DSA_SIG(void)
+{
+    EXPECT_DECLS;
+#if !defined(NO_DSA) && !defined(HAVE_SELFTEST) && defined(WOLFSSL_KEY_GEN) && \
+    !defined(HAVE_FIPS) && defined(OPENSSL_ALL)
+    DSA          *dsa      = NULL;
+    DSA          *dsa2     = NULL;
+    DSA_SIG      *sig      = NULL;
+    const BIGNUM *p        = NULL;
+    const BIGNUM *q        = NULL;
+    const BIGNUM *g        = NULL;
+    const BIGNUM *pub      = NULL;
+    const BIGNUM *priv     = NULL;
+    BIGNUM       *dup_p    = NULL;
+    BIGNUM       *dup_q    = NULL;
+    BIGNUM       *dup_g    = NULL;
+    BIGNUM       *dup_pub  = NULL;
+    BIGNUM       *dup_priv = NULL;
+    const byte digest[WC_SHA_DIGEST_SIZE] = {0};
+
+    ExpectNotNull(dsa = DSA_new());
+    ExpectIntEQ(DSA_generate_parameters_ex(dsa, 2048, NULL, 0, NULL, NULL,
+         NULL), 1);
+    ExpectIntEQ(DSA_generate_key(dsa), 1);
+    DSA_get0_pqg(dsa, &p, &q, &g);
+    DSA_get0_key(dsa, &pub, &priv);
+    ExpectNotNull(dup_p    = BN_dup(p));
+    ExpectNotNull(dup_q    = BN_dup(q));
+    ExpectNotNull(dup_g    = BN_dup(g));
+    ExpectNotNull(dup_pub  = BN_dup(pub));
+    ExpectNotNull(dup_priv = BN_dup(priv));
+
+    ExpectNotNull(sig = DSA_do_sign(digest, sizeof(digest), dsa));
+    ExpectNotNull(dsa2 = DSA_new());
+    ExpectIntEQ(DSA_set0_pqg(dsa2, dup_p, dup_q, dup_g), 1);
+    if (EXPECT_FAIL()) {
+        BN_free(dup_p);
+        BN_free(dup_q);
+        BN_free(dup_g);
+    }
+    ExpectIntEQ(DSA_set0_key(dsa2, dup_pub, dup_priv), 1);
+    if (EXPECT_FAIL()) {
+        BN_free(dup_pub);
+        BN_free(dup_priv);
+    }
+    ExpectIntEQ(DSA_do_verify(digest, sizeof(digest), sig, dsa2), 1);
+
+    DSA_free(dsa);
+    DSA_free(dsa2);
+    DSA_SIG_free(sig);
+#endif
+    return EXPECT_RESULT();
+}
+
diff --git a/tests/api/test_ossl_dsa.h b/tests/api/test_ossl_dsa.h
new file mode 100644
index 000000000..21629d77a
--- /dev/null
+++ b/tests/api/test_ossl_dsa.h
@@ -0,0 +1,37 @@
+/* test_ossl_dsa.h
+ *
+ * Copyright (C) 2006-2025 wolfSSL Inc.
+ *
+ * This file is part of wolfSSL.
+ *
+ * wolfSSL is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * wolfSSL is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA
+ */
+
+#ifndef WOLFCRYPT_TEST_OSSL_DSA_H
+#define WOLFCRYPT_TEST_OSSL_DSA_H
+
+#include <tests/api/api_decl.h>
+
+int test_DSA_do_sign_verify(void);
+int test_wolfSSL_DSA_generate_parameters(void);
+int test_wolfSSL_DSA_SIG(void);
+
+#define TEST_OSSL_DSA_DECLS                                             \
+    TEST_DECL_GROUP("ossl_dsa", test_DSA_do_sign_verify),               \
+    TEST_DECL_GROUP("ossl_dsa", test_wolfSSL_DSA_generate_parameters),  \
+    TEST_DECL_GROUP("ossl_dsa", test_wolfSSL_DSA_SIG)
+
+#endif /* WOLFCRYPT_TEST_OSSL_DSA_H */
+
diff --git a/tests/api/test_ossl_ec.c b/tests/api/test_ossl_ec.c
new file mode 100644
index 000000000..dd5bf28cb
--- /dev/null
+++ b/tests/api/test_ossl_ec.c
@@ -0,0 +1,1605 @@
+/* test_ossl_ec.c
+ *
+ * Copyright (C) 2006-2025 wolfSSL Inc.
+ *
+ * This file is part of wolfSSL.
+ *
+ * wolfSSL is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * wolfSSL is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA
+ */
+
+#include <tests/unit.h>
+
+#ifdef NO_INLINE
+    #include <wolfssl/wolfcrypt/misc.h>
+#else
+    #define WOLFSSL_MISC_INCLUDED
+    #include <wolfcrypt/src/misc.c>
+#endif
+
+#include <wolfssl/openssl/ec.h>
+#include <wolfssl/openssl/ecdh.h>
+#include <wolfssl/openssl/pem.h>
+#include <wolfssl/wolfcrypt/types.h>
+#include <tests/api/api.h>
+#include <tests/api/test_ossl_ec.h>
+
+/*******************************************************************************
+ * EC OpenSSL compatibility API Testing
+ ******************************************************************************/
+
+#if defined(HAVE_ECC) && !defined(OPENSSL_NO_PK)
+
+int test_wolfSSL_EC_GROUP(void)
+{
+    EXPECT_DECLS;
+#ifdef OPENSSL_EXTRA
+    EC_GROUP *group = NULL;
+    EC_GROUP *group2 = NULL;
+    EC_GROUP *group3 = NULL;
+#ifndef HAVE_ECC_BRAINPOOL
+    EC_GROUP *group4 = NULL;
+#endif
+    WOLFSSL_BIGNUM* order = NULL;
+    int group_bits;
+    int i;
+    static const int knownEccNids[] = {
+        NID_X9_62_prime192v1,
+        NID_X9_62_prime192v2,
+        NID_X9_62_prime192v3,
+        NID_X9_62_prime239v1,
+        NID_X9_62_prime239v2,
+        NID_X9_62_prime239v3,
+        NID_X9_62_prime256v1,
+        NID_secp112r1,
+        NID_secp112r2,
+        NID_secp128r1,
+        NID_secp128r2,
+        NID_secp160r1,
+        NID_secp160r2,
+        NID_secp224r1,
+        NID_secp384r1,
+        NID_secp521r1,
+        NID_secp160k1,
+        NID_secp192k1,
+        NID_secp224k1,
+        NID_secp256k1,
+        NID_brainpoolP160r1,
+        NID_brainpoolP192r1,
+        NID_brainpoolP224r1,
+        NID_brainpoolP256r1,
+        NID_brainpoolP320r1,
+        NID_brainpoolP384r1,
+        NID_brainpoolP512r1,
+    };
+    int knowEccNidsLen = (int)(sizeof(knownEccNids) / sizeof(*knownEccNids));
+    static const int knownEccEnums[] = {
+        ECC_SECP192R1,
+        ECC_PRIME192V2,
+        ECC_PRIME192V3,
+        ECC_PRIME239V1,
+        ECC_PRIME239V2,
+        ECC_PRIME239V3,
+        ECC_SECP256R1,
+        ECC_SECP112R1,
+        ECC_SECP112R2,
+        ECC_SECP128R1,
+        ECC_SECP128R2,
+        ECC_SECP160R1,
+        ECC_SECP160R2,
+        ECC_SECP224R1,
+        ECC_SECP384R1,
+        ECC_SECP521R1,
+        ECC_SECP160K1,
+        ECC_SECP192K1,
+        ECC_SECP224K1,
+        ECC_SECP256K1,
+        ECC_BRAINPOOLP160R1,
+        ECC_BRAINPOOLP192R1,
+        ECC_BRAINPOOLP224R1,
+        ECC_BRAINPOOLP256R1,
+        ECC_BRAINPOOLP320R1,
+        ECC_BRAINPOOLP384R1,
+        ECC_BRAINPOOLP512R1,
+    };
+    int knowEccEnumsLen = (int)(sizeof(knownEccEnums) / sizeof(*knownEccEnums));
+
+    ExpectNotNull(group = EC_GROUP_new_by_curve_name(NID_X9_62_prime256v1));
+    ExpectNotNull(group2 = EC_GROUP_dup(group));
+    ExpectNotNull(group3 = wolfSSL_EC_GROUP_new_by_curve_name(NID_secp384r1));
+#ifndef HAVE_ECC_BRAINPOOL
+    ExpectNotNull(group4 = wolfSSL_EC_GROUP_new_by_curve_name(
+        NID_brainpoolP256r1));
+#endif
+
+    ExpectNull(EC_GROUP_dup(NULL));
+
+    ExpectIntEQ(wolfSSL_EC_GROUP_get_curve_name(NULL), 0);
+    ExpectIntEQ(wolfSSL_EC_GROUP_get_curve_name(group), NID_X9_62_prime256v1);
+
+    ExpectIntEQ((group_bits = EC_GROUP_order_bits(NULL)), 0);
+    ExpectIntEQ((group_bits = EC_GROUP_order_bits(group)), 256);
+#ifndef HAVE_ECC_BRAINPOOL
+    ExpectIntEQ((group_bits = EC_GROUP_order_bits(group4)), 0);
+#endif
+
+    ExpectIntEQ(wolfSSL_EC_GROUP_get_degree(NULL), 0);
+    ExpectIntEQ(wolfSSL_EC_GROUP_get_degree(group), 256);
+
+    ExpectNotNull(order = BN_new());
+    ExpectIntEQ(wolfSSL_EC_GROUP_get_order(NULL, NULL, NULL), 0);
+    ExpectIntEQ(wolfSSL_EC_GROUP_get_order(group, NULL, NULL), 0);
+    ExpectIntEQ(wolfSSL_EC_GROUP_get_order(NULL, order, NULL), 0);
+    ExpectIntEQ(wolfSSL_EC_GROUP_get_order(group, order, NULL), 1);
+    wolfSSL_BN_free(order);
+
+    ExpectNotNull(EC_GROUP_method_of(group));
+
+    ExpectIntEQ(EC_METHOD_get_field_type(NULL), 0);
+    ExpectIntEQ(EC_METHOD_get_field_type(EC_GROUP_method_of(group)),
+        NID_X9_62_prime_field);
+
+    ExpectIntEQ(wolfSSL_EC_GROUP_cmp(NULL, NULL, NULL), -1);
+    ExpectIntEQ(wolfSSL_EC_GROUP_cmp(group, NULL, NULL), -1);
+    ExpectIntEQ(wolfSSL_EC_GROUP_cmp(NULL, group, NULL), -1);
+    ExpectIntEQ(wolfSSL_EC_GROUP_cmp(group, group3, NULL), 1);
+
+#ifndef NO_WOLFSSL_STUB
+    wolfSSL_EC_GROUP_set_asn1_flag(group, OPENSSL_EC_NAMED_CURVE);
+#endif
+
+#ifndef HAVE_ECC_BRAINPOOL
+    EC_GROUP_free(group4);
+#endif
+    EC_GROUP_free(group3);
+    EC_GROUP_free(group2);
+    EC_GROUP_free(group);
+
+    for (i = 0; i < knowEccNidsLen; i++) {
+        group = NULL;
+        ExpectNotNull(group = EC_GROUP_new_by_curve_name(knownEccNids[i]));
+        ExpectIntGT(wolfSSL_EC_GROUP_get_degree(group), 0);
+        EC_GROUP_free(group);
+    }
+    for (i = 0; i < knowEccEnumsLen; i++) {
+        group = NULL;
+        ExpectNotNull(group = EC_GROUP_new_by_curve_name(knownEccEnums[i]));
+        ExpectIntEQ(wolfSSL_EC_GROUP_get_curve_name(group), knownEccNids[i]);
+        EC_GROUP_free(group);
+    }
+#endif
+   return EXPECT_RESULT();
+}
+
+int test_wolfSSL_PEM_read_bio_ECPKParameters(void)
+{
+    EXPECT_DECLS;
+#if !defined(NO_FILESYSTEM) && defined(OPENSSL_EXTRA) && !defined(NO_BIO)
+    EC_GROUP *group = NULL;
+    BIO* bio = NULL;
+#if (defined(HAVE_ECC384) || defined(HAVE_ALL_CURVES)) && \
+    ECC_MIN_KEY_SZ <= 384 && !defined(NO_ECC_SECP)
+    EC_GROUP *ret = NULL;
+    static char ec_nc_p384[] = "-----BEGIN EC PARAMETERS-----\n"
+                               "BgUrgQQAIg==\n"
+                               "-----END EC PARAMETERS-----";
+#endif
+    static char ec_nc_bad_1[] = "-----BEGIN EC PARAMETERS-----\n"
+                                "MAA=\n"
+                                "-----END EC PARAMETERS-----";
+    static char ec_nc_bad_2[] = "-----BEGIN EC PARAMETERS-----\n"
+                                "BgA=\n"
+                                "-----END EC PARAMETERS-----";
+    static char ec_nc_bad_3[] = "-----BEGIN EC PARAMETERS-----\n"
+                                "BgE=\n"
+                                "-----END EC PARAMETERS-----";
+    static char ec_nc_bad_4[] = "-----BEGIN EC PARAMETERS-----\n"
+                                "BgE*\n"
+                                "-----END EC PARAMETERS-----";
+
+    /* Test that first parameter, bio, being NULL fails. */
+    ExpectNull(PEM_read_bio_ECPKParameters(NULL, NULL, NULL, NULL));
+
+    /* Test that reading named parameters works. */
+    ExpectNotNull(bio = BIO_new(BIO_s_file()));
+    ExpectIntEQ(BIO_read_filename(bio, eccKeyFile), WOLFSSL_SUCCESS);
+    ExpectNotNull(group = PEM_read_bio_ECPKParameters(bio, NULL, NULL, NULL));
+    ExpectIntEQ(EC_GROUP_get_curve_name(group), NID_X9_62_prime256v1);
+    BIO_free(bio);
+    bio = NULL;
+    EC_GROUP_free(group);
+    group = NULL;
+
+#if (defined(HAVE_ECC384) || defined(HAVE_ALL_CURVES)) && \
+    ECC_MIN_KEY_SZ <= 384 && !defined(NO_ECC_SECP)
+    /* Test that reusing group works. */
+    ExpectNotNull(bio = BIO_new_mem_buf((unsigned char*)ec_nc_p384,
+        sizeof(ec_nc_p384)));
+    ExpectNotNull(group = PEM_read_bio_ECPKParameters(bio, &group, NULL, NULL));
+    ExpectIntEQ(EC_GROUP_get_curve_name(group), NID_secp384r1);
+    BIO_free(bio);
+    bio = NULL;
+    EC_GROUP_free(group);
+    group = NULL;
+
+    /* Test that returning through group works. */
+    ExpectNotNull(bio = BIO_new_mem_buf((unsigned char*)ec_nc_p384,
+        sizeof(ec_nc_p384)));
+    ExpectNotNull(ret = PEM_read_bio_ECPKParameters(bio, &group, NULL, NULL));
+    ExpectIntEQ(ret == group, 1);
+    ExpectIntEQ(EC_GROUP_get_curve_name(group), NID_secp384r1);
+    BIO_free(bio);
+    bio = NULL;
+    EC_GROUP_free(group);
+    group = NULL;
+#endif
+
+    /* Test 0x30, 0x00 (not and object id) fails. */
+    ExpectNotNull(bio = BIO_new_mem_buf((unsigned char*)ec_nc_bad_1,
+        sizeof(ec_nc_bad_1)));
+    ExpectNull(PEM_read_bio_ECPKParameters(bio, NULL, NULL, NULL));
+    BIO_free(bio);
+    bio = NULL;
+
+    /* Test 0x06, 0x00 (empty object id) fails. */
+    ExpectNotNull(bio = BIO_new_mem_buf((unsigned char*)ec_nc_bad_2,
+        sizeof(ec_nc_bad_2)));
+    ExpectNull(PEM_read_bio_ECPKParameters(bio, NULL, NULL, NULL));
+    BIO_free(bio);
+    bio = NULL;
+
+    /* Test 0x06, 0x01 (badly formed object id) fails. */
+    ExpectNotNull(bio = BIO_new_mem_buf((unsigned char*)ec_nc_bad_3,
+        sizeof(ec_nc_bad_3)));
+    ExpectNull(PEM_read_bio_ECPKParameters(bio, NULL, NULL, NULL));
+    BIO_free(bio);
+    bio = NULL;
+
+    /* Test invalid PEM encoding - invalid character. */
+    ExpectNotNull(bio = BIO_new_mem_buf((unsigned char*)ec_nc_bad_4,
+        sizeof(ec_nc_bad_4)));
+    ExpectNull(PEM_read_bio_ECPKParameters(bio, NULL, NULL, NULL));
+    BIO_free(bio);
+#endif
+    return EXPECT_RESULT();
+}
+
+int test_wolfSSL_i2d_ECPKParameters(void)
+{
+    EXPECT_DECLS;
+#if defined(OPENSSL_EXTRA)
+    EC_GROUP* grp = NULL;
+    unsigned char p256_oid[] = {
+        0x06, 0x08, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x03, 0x01, 0x07
+    };
+    unsigned char *der = p256_oid;
+    unsigned char out_der[sizeof(p256_oid)];
+
+    XMEMSET(out_der, 0, sizeof(out_der));
+    ExpectNotNull(d2i_ECPKParameters(&grp, (const unsigned char **)&der,
+            sizeof(p256_oid)));
+    der = out_der;
+    ExpectIntEQ(i2d_ECPKParameters(grp, &der), sizeof(p256_oid));
+    ExpectBufEQ(p256_oid, out_der, sizeof(p256_oid));
+    EC_GROUP_free(grp);
+#endif
+    return EXPECT_RESULT();
+}
+
+int test_wolfSSL_EC_POINT(void)
+{
+    EXPECT_DECLS;
+#if !defined(WOLFSSL_SP_MATH) && \
+  (!defined(HAVE_FIPS) || (defined(HAVE_FIPS_VERSION) && (HAVE_FIPS_VERSION>2)))
+
+#ifdef OPENSSL_EXTRA
+    BN_CTX* ctx = NULL;
+    EC_GROUP* group = NULL;
+#ifndef HAVE_ECC_BRAINPOOL
+    EC_GROUP* group2 = NULL;
+#endif
+    EC_POINT* Gxy = NULL;
+    EC_POINT* new_point = NULL;
+    EC_POINT* set_point = NULL;
+    EC_POINT* get_point = NULL;
+    EC_POINT* infinity = NULL;
+    BIGNUM* k = NULL;
+    BIGNUM* Gx = NULL;
+    BIGNUM* Gy = NULL;
+    BIGNUM* Gz = NULL;
+    BIGNUM* X = NULL;
+    BIGNUM* Y = NULL;
+    BIGNUM* set_point_bn = NULL;
+    char* hexStr = NULL;
+
+    const char* kTest = "F4F8338AFCC562C5C3F3E1E46A7EFECD"
+                        "17AF381913FF7A96314EA47055EA0FD0";
+    /* NISTP256R1 Gx/Gy */
+    const char* kGx   = "6B17D1F2E12C4247F8BCE6E563A440F2"
+                        "77037D812DEB33A0F4A13945D898C296";
+    const char* kGy   = "4FE342E2FE1A7F9B8EE7EB4A7C0F9E16"
+                        "2BCE33576B315ECECBB6406837BF51F5";
+    const char* uncompG
+                      = "046B17D1F2E12C4247F8BCE6E563A440F2"
+                        "77037D812DEB33A0F4A13945D898C296"
+                        "4FE342E2FE1A7F9B8EE7EB4A7C0F9E16"
+                        "2BCE33576B315ECECBB6406837BF51F5";
+    const char* compG
+                      = "036B17D1F2E12C4247F8BCE6E563A440F2"
+                        "77037D812DEB33A0F4A13945D898C296";
+
+#ifndef HAVE_SELFTEST
+    EC_POINT *tmp = NULL;
+    size_t bin_len;
+    unsigned int blen = 0;
+    unsigned char* buf = NULL;
+    unsigned char bufInf[1] = { 0x00 };
+
+    const unsigned char binUncompG[] = {
+        0x04, 0x6b, 0x17, 0xd1, 0xf2, 0xe1, 0x2c, 0x42, 0x47, 0xf8, 0xbc,
+        0xe6, 0xe5, 0x63, 0xa4, 0x40, 0xf2, 0x77, 0x03, 0x7d, 0x81, 0x2d,
+        0xeb, 0x33, 0xa0, 0xf4, 0xa1, 0x39, 0x45, 0xd8, 0x98, 0xc2, 0x96,
+        0x4f, 0xe3, 0x42, 0xe2, 0xfe, 0x1a, 0x7f, 0x9b, 0x8e, 0xe7, 0xeb,
+        0x4a, 0x7c, 0x0f, 0x9e, 0x16, 0x2b, 0xce, 0x33, 0x57, 0x6b, 0x31,
+        0x5e, 0xce, 0xcb, 0xb6, 0x40, 0x68, 0x37, 0xbf, 0x51, 0xf5,
+    };
+    const unsigned char binUncompGBad[] = {
+        0x09, 0x6b, 0x17, 0xd1, 0xf2, 0xe1, 0x2c, 0x42, 0x47, 0xf8, 0xbc,
+        0xe6, 0xe5, 0x63, 0xa4, 0x40, 0xf2, 0x77, 0x03, 0x7d, 0x81, 0x2d,
+        0xeb, 0x33, 0xa0, 0xf4, 0xa1, 0x39, 0x45, 0xd8, 0x98, 0xc2, 0x96,
+        0x4f, 0xe3, 0x42, 0xe2, 0xfe, 0x1a, 0x7f, 0x9b, 0x8e, 0xe7, 0xeb,
+        0x4a, 0x7c, 0x0f, 0x9e, 0x16, 0x2b, 0xce, 0x33, 0x57, 0x6b, 0x31,
+        0x5e, 0xce, 0xcb, 0xb6, 0x40, 0x68, 0x37, 0xbf, 0x51, 0xf5,
+    };
+
+#ifdef HAVE_COMP_KEY
+    const unsigned char binCompG[] = {
+        0x03, 0x6b, 0x17, 0xd1, 0xf2, 0xe1, 0x2c, 0x42, 0x47, 0xf8, 0xbc,
+        0xe6, 0xe5, 0x63, 0xa4, 0x40, 0xf2, 0x77, 0x03, 0x7d, 0x81, 0x2d,
+        0xeb, 0x33, 0xa0, 0xf4, 0xa1, 0x39, 0x45, 0xd8, 0x98, 0xc2, 0x96,
+    };
+#endif
+#endif
+
+    ExpectNotNull(ctx = BN_CTX_new());
+    ExpectNotNull(group = EC_GROUP_new_by_curve_name(NID_X9_62_prime256v1));
+#ifndef HAVE_ECC_BRAINPOOL
+    /* Used to make groups curve_idx == -1. */
+    ExpectNotNull(group2 = EC_GROUP_new_by_curve_name(NID_brainpoolP256r1));
+#endif
+
+    ExpectNull(EC_POINT_new(NULL));
+    ExpectNotNull(Gxy = EC_POINT_new(group));
+    ExpectNotNull(new_point = EC_POINT_new(group));
+    ExpectNotNull(set_point = EC_POINT_new(group));
+    ExpectNotNull(X = BN_new());
+    ExpectNotNull(Y = BN_new());
+    ExpectNotNull(set_point_bn = BN_new());
+
+    ExpectNotNull(infinity = EC_POINT_new(group));
+
+    /* load test values */
+    ExpectIntEQ(BN_hex2bn(&k,  kTest), WOLFSSL_SUCCESS);
+    ExpectIntEQ(BN_hex2bn(&Gx, kGx),   WOLFSSL_SUCCESS);
+    ExpectIntEQ(BN_hex2bn(&Gy, kGy),   WOLFSSL_SUCCESS);
+    ExpectIntEQ(BN_hex2bn(&Gz, "1"),   WOLFSSL_SUCCESS);
+
+    /* populate coordinates for input point */
+    if (Gxy != NULL) {
+        Gxy->X = Gx;
+        Gxy->Y = Gy;
+        Gxy->Z = Gz;
+    }
+
+    /* Test handling of NULL point. */
+    EC_POINT_clear_free(NULL);
+
+    ExpectIntEQ(wolfSSL_EC_POINT_get_affine_coordinates_GFp(NULL, NULL,
+        NULL, NULL, ctx), 0);
+    ExpectIntEQ(wolfSSL_EC_POINT_get_affine_coordinates_GFp(group, NULL,
+        NULL, NULL, ctx), 0);
+    ExpectIntEQ(wolfSSL_EC_POINT_get_affine_coordinates_GFp(NULL, Gxy,
+        NULL, NULL, ctx), 0);
+    ExpectIntEQ(wolfSSL_EC_POINT_get_affine_coordinates_GFp(NULL, NULL,
+        X, NULL, ctx), 0);
+    ExpectIntEQ(wolfSSL_EC_POINT_get_affine_coordinates_GFp(NULL, NULL,
+        NULL, Y, ctx), 0);
+    ExpectIntEQ(wolfSSL_EC_POINT_get_affine_coordinates_GFp(NULL, Gxy,
+        X, Y, ctx), 0);
+    ExpectIntEQ(wolfSSL_EC_POINT_get_affine_coordinates_GFp(group, NULL,
+        X, Y, ctx), 0);
+    ExpectIntEQ(wolfSSL_EC_POINT_get_affine_coordinates_GFp(group, Gxy,
+        NULL, Y, ctx), 0);
+    ExpectIntEQ(wolfSSL_EC_POINT_get_affine_coordinates_GFp(group, Gxy,
+        X, NULL, ctx), 0);
+    /* Getting point at infinity returns an error. */
+    ExpectIntEQ(wolfSSL_EC_POINT_get_affine_coordinates_GFp(group, infinity,
+        X, Y, ctx), 0);
+
+#if !defined(WOLFSSL_ATECC508A) && !defined(WOLFSSL_ATECC608A) && \
+    !defined(HAVE_SELFTEST) && !defined(WOLFSSL_SP_MATH) && \
+    !defined(WOLF_CRYPTO_CB_ONLY_ECC)
+    ExpectIntEQ(EC_POINT_add(NULL, NULL, NULL, NULL, ctx), 0);
+    ExpectIntEQ(EC_POINT_add(group, NULL, NULL, NULL, ctx), 0);
+    ExpectIntEQ(EC_POINT_add(NULL, new_point, NULL, NULL, ctx), 0);
+    ExpectIntEQ(EC_POINT_add(NULL, NULL, new_point, NULL, ctx), 0);
+    ExpectIntEQ(EC_POINT_add(NULL, NULL, NULL, Gxy, ctx), 0);
+    ExpectIntEQ(EC_POINT_add(NULL, new_point, new_point, Gxy, ctx), 0);
+    ExpectIntEQ(EC_POINT_add(group, NULL, new_point, Gxy, ctx), 0);
+    ExpectIntEQ(EC_POINT_add(group, new_point, NULL, Gxy, ctx), 0);
+    ExpectIntEQ(EC_POINT_add(group, new_point, new_point, NULL, ctx), 0);
+
+    ExpectIntEQ(EC_POINT_mul(NULL, NULL, Gx, Gxy, k, ctx), 0);
+    ExpectIntEQ(EC_POINT_mul(NULL, new_point, Gx, Gxy, k, ctx), 0);
+    ExpectIntEQ(EC_POINT_mul(group, NULL, Gx, Gxy, k, ctx), 0);
+
+    ExpectIntEQ(EC_POINT_add(group, new_point, new_point, Gxy, ctx), 1);
+    /* perform point multiplication */
+    ExpectIntEQ(EC_POINT_mul(group, new_point, Gx, Gxy, k, ctx), 1);
+    ExpectIntEQ(BN_is_zero(new_point->X), 0);
+    ExpectIntEQ(BN_is_zero(new_point->Y), 0);
+    ExpectIntEQ(BN_is_zero(new_point->Z), 0);
+    ExpectIntEQ(EC_POINT_mul(group, new_point, NULL, Gxy, k, ctx), 1);
+    ExpectIntEQ(BN_is_zero(new_point->X), 0);
+    ExpectIntEQ(BN_is_zero(new_point->Y), 0);
+    ExpectIntEQ(BN_is_zero(new_point->Z), 0);
+    ExpectIntEQ(EC_POINT_mul(group, new_point, Gx, NULL, NULL, ctx), 1);
+    ExpectIntEQ(BN_is_zero(new_point->X), 0);
+    ExpectIntEQ(BN_is_zero(new_point->Y), 0);
+    ExpectIntEQ(BN_is_zero(new_point->Z), 0);
+    ExpectIntEQ(EC_POINT_mul(group, new_point, NULL, NULL, NULL, ctx), 1);
+    ExpectIntEQ(BN_is_zero(new_point->X), 1);
+    ExpectIntEQ(BN_is_zero(new_point->Y), 1);
+    ExpectIntEQ(BN_is_zero(new_point->Z), 1);
+    /* Set point to something. */
+    ExpectIntEQ(EC_POINT_add(group, new_point, Gxy, Gxy, ctx), 1);
+#else
+    ExpectIntEQ(EC_POINT_set_affine_coordinates_GFp(group, new_point, Gx, Gy,
+        ctx), 1);
+    ExpectIntEQ(BN_is_zero(new_point->X), 0);
+    ExpectIntEQ(BN_is_zero(new_point->Y), 0);
+    ExpectIntEQ(BN_is_zero(new_point->Z), 0);
+#endif
+
+    /* check if point X coordinate is zero */
+    ExpectIntEQ(BN_is_zero(new_point->X), 0);
+
+#if defined(USE_ECC_B_PARAM) && !defined(HAVE_SELFTEST) && \
+    (!defined(HAVE_FIPS) || FIPS_VERSION_GT(2,0))
+    ExpectIntEQ(EC_POINT_is_on_curve(group, new_point, ctx), 1);
+#endif
+
+    /* extract the coordinates from point */
+    ExpectIntEQ(EC_POINT_get_affine_coordinates_GFp(group, new_point, X, Y,
+        ctx), WOLFSSL_SUCCESS);
+
+    /* check if point X coordinate is zero */
+    ExpectIntEQ(BN_is_zero(X), WC_NO_ERR_TRACE(WOLFSSL_FAILURE));
+
+    /* set the same X and Y points in another object */
+    ExpectIntEQ(EC_POINT_set_affine_coordinates_GFp(group, set_point, X, Y,
+        ctx), WOLFSSL_SUCCESS);
+
+    /* compare points as they should be the same */
+    ExpectIntEQ(EC_POINT_cmp(NULL, NULL, NULL, ctx), -1);
+    ExpectIntEQ(EC_POINT_cmp(group, NULL, NULL, ctx), -1);
+    ExpectIntEQ(EC_POINT_cmp(NULL, new_point, NULL, ctx), -1);
+    ExpectIntEQ(EC_POINT_cmp(NULL, NULL, set_point, ctx), -1);
+    ExpectIntEQ(EC_POINT_cmp(NULL, new_point, set_point, ctx), -1);
+    ExpectIntEQ(EC_POINT_cmp(group, NULL, set_point, ctx), -1);
+    ExpectIntEQ(EC_POINT_cmp(group, new_point, NULL, ctx), -1);
+    ExpectIntEQ(EC_POINT_cmp(group, new_point, set_point, ctx), 0);
+
+    /* Test copying */
+    ExpectIntEQ(EC_POINT_copy(NULL, NULL), 0);
+    ExpectIntEQ(EC_POINT_copy(NULL, set_point), 0);
+    ExpectIntEQ(EC_POINT_copy(new_point, NULL), 0);
+    ExpectIntEQ(EC_POINT_copy(new_point, set_point), 1);
+
+    /* Test inverting */
+    ExpectIntEQ(EC_POINT_invert(NULL, NULL, ctx), 0);
+    ExpectIntEQ(EC_POINT_invert(NULL, new_point, ctx), 0);
+    ExpectIntEQ(EC_POINT_invert(group, NULL, ctx), 0);
+    ExpectIntEQ(EC_POINT_invert(group, new_point, ctx), 1);
+
+#if !defined(WOLFSSL_ATECC508A) && !defined(WOLFSSL_ATECC608A) && \
+    !defined(HAVE_SELFTEST) && !defined(WOLFSSL_SP_MATH) && \
+    !defined(WOLF_CRYPTO_CB_ONLY_ECC)
+    {
+        EC_POINT* orig_point = NULL;
+        ExpectNotNull(orig_point = EC_POINT_new(group));
+        ExpectIntEQ(EC_POINT_add(group, orig_point, set_point, set_point, NULL),
+                    1);
+        /* new_point should be set_point inverted so adding it will revert
+         * the point back to set_point */
+        ExpectIntEQ(EC_POINT_add(group, orig_point, orig_point, new_point,
+                                 NULL), 1);
+        ExpectIntEQ(EC_POINT_cmp(group, orig_point, set_point, NULL), 0);
+        EC_POINT_free(orig_point);
+    }
+#endif
+
+    /* Test getting affine converts from projective. */
+    ExpectIntEQ(EC_POINT_copy(set_point, new_point), 1);
+    /* Force non-affine coordinates */
+    ExpectIntEQ(BN_add(new_point->Z, (WOLFSSL_BIGNUM*)BN_value_one(),
+        (WOLFSSL_BIGNUM*)BN_value_one()), 1);
+    if (new_point != NULL) {
+        new_point->inSet = 0;
+    }
+    /* extract the coordinates from point */
+    ExpectIntEQ(EC_POINT_get_affine_coordinates_GFp(group, new_point, X, Y,
+        ctx), WOLFSSL_SUCCESS);
+    /* check if point ordinates have changed. */
+    ExpectIntNE(BN_cmp(X, set_point->X), 0);
+    ExpectIntNE(BN_cmp(Y, set_point->Y), 0);
+
+    /* Test check for infinity */
+#ifndef WOLF_CRYPTO_CB_ONLY_ECC
+    ExpectIntEQ(EC_POINT_is_at_infinity(NULL, NULL), 0);
+    ExpectIntEQ(EC_POINT_is_at_infinity(NULL, infinity), 0);
+    ExpectIntEQ(EC_POINT_is_at_infinity(group, NULL), 0);
+    ExpectIntEQ(EC_POINT_is_at_infinity(group, infinity), 1);
+    ExpectIntEQ(EC_POINT_is_at_infinity(group, Gxy), 0);
+#else
+    ExpectIntEQ(EC_POINT_is_at_infinity(group, infinity), 0);
+#endif
+
+    ExpectPtrEq(EC_POINT_point2bn(group, set_point,
+        POINT_CONVERSION_UNCOMPRESSED, set_point_bn, ctx), set_point_bn);
+
+    /* check bn2hex */
+    hexStr = BN_bn2hex(k);
+    ExpectStrEQ(hexStr, kTest);
+#if !defined(NO_FILESYSTEM) && !defined(NO_STDIO_FILESYSTEM) && \
+     defined(XFPRINTF)
+    BN_print_fp(stderr, k);
+    fprintf(stderr, "\n");
+#endif
+    XFREE(hexStr, NULL, DYNAMIC_TYPE_ECC);
+
+    hexStr = BN_bn2hex(Gx);
+    ExpectStrEQ(hexStr, kGx);
+#if !defined(NO_FILESYSTEM) && !defined(NO_STDIO_FILESYSTEM) && \
+     defined(XFPRINTF)
+    BN_print_fp(stderr, Gx);
+    fprintf(stderr, "\n");
+#endif
+    XFREE(hexStr, NULL, DYNAMIC_TYPE_ECC);
+
+    hexStr = BN_bn2hex(Gy);
+    ExpectStrEQ(hexStr, kGy);
+#if !defined(NO_FILESYSTEM) && !defined(NO_STDIO_FILESYSTEM) && \
+     defined(XFPRINTF)
+    BN_print_fp(stderr, Gy);
+    fprintf(stderr, "\n");
+#endif
+    XFREE(hexStr, NULL, DYNAMIC_TYPE_ECC);
+
+    /* Test point to hex */
+    ExpectNull(EC_POINT_point2hex(NULL, NULL, POINT_CONVERSION_UNCOMPRESSED,
+        ctx));
+    ExpectNull(EC_POINT_point2hex(NULL, Gxy, POINT_CONVERSION_UNCOMPRESSED,
+        ctx));
+    ExpectNull(EC_POINT_point2hex(group, NULL, POINT_CONVERSION_UNCOMPRESSED,
+        ctx));
+#ifndef HAVE_ECC_BRAINPOOL
+    /* Group not supported in wolfCrypt. */
+    ExpectNull(EC_POINT_point2hex(group2, Gxy, POINT_CONVERSION_UNCOMPRESSED,
+        ctx));
+#endif
+
+    hexStr = EC_POINT_point2hex(group, Gxy, POINT_CONVERSION_UNCOMPRESSED, ctx);
+    ExpectNotNull(hexStr);
+    ExpectStrEQ(hexStr, uncompG);
+    ExpectNotNull(get_point = EC_POINT_hex2point(group, hexStr, NULL, ctx));
+    ExpectIntEQ(EC_POINT_cmp(group, Gxy, get_point, ctx), 0);
+    XFREE(hexStr, NULL, DYNAMIC_TYPE_ECC);
+
+    hexStr = EC_POINT_point2hex(group, Gxy, POINT_CONVERSION_COMPRESSED, ctx);
+    ExpectNotNull(hexStr);
+    ExpectStrEQ(hexStr, compG);
+    #ifdef HAVE_COMP_KEY
+    ExpectNotNull(get_point = EC_POINT_hex2point
+                                            (group, hexStr, get_point, ctx));
+    ExpectIntEQ(EC_POINT_cmp(group, Gxy, get_point, ctx), 0);
+    #endif
+    XFREE(hexStr, NULL, DYNAMIC_TYPE_ECC);
+    EC_POINT_free(get_point);
+
+#ifndef HAVE_SELFTEST
+    /* Test point to oct */
+    ExpectIntEQ(EC_POINT_point2oct(NULL, NULL, POINT_CONVERSION_UNCOMPRESSED,
+        NULL, 0, ctx), 0);
+    ExpectIntEQ(EC_POINT_point2oct(NULL, Gxy, POINT_CONVERSION_UNCOMPRESSED,
+        NULL, 0, ctx), 0);
+    ExpectIntEQ(EC_POINT_point2oct(group, NULL, POINT_CONVERSION_UNCOMPRESSED,
+        NULL, 0, ctx), 0);
+    bin_len = EC_POINT_point2oct(group, Gxy, POINT_CONVERSION_UNCOMPRESSED,
+        NULL, 0, ctx);
+    ExpectIntEQ(bin_len, sizeof(binUncompG));
+    ExpectNotNull(buf = (unsigned char*)XMALLOC(bin_len, NULL,
+         DYNAMIC_TYPE_ECC));
+    ExpectIntEQ(EC_POINT_point2oct(group, Gxy, POINT_CONVERSION_UNCOMPRESSED,
+        buf, bin_len, ctx), bin_len);
+    ExpectIntEQ(XMEMCMP(buf, binUncompG, sizeof(binUncompG)), 0);
+    XFREE(buf, NULL, DYNAMIC_TYPE_ECC);
+
+    /* Infinity (x=0, y=0) encodes as '0x00'. */
+    ExpectIntEQ(EC_POINT_point2oct(group, infinity,
+        POINT_CONVERSION_UNCOMPRESSED, NULL, 0, ctx), 1);
+    ExpectIntEQ(EC_POINT_point2oct(group, infinity,
+        POINT_CONVERSION_UNCOMPRESSED, bufInf, 0, ctx), 0);
+    ExpectIntEQ(EC_POINT_point2oct(group, infinity,
+        POINT_CONVERSION_UNCOMPRESSED, bufInf, 1, ctx), 1);
+    ExpectIntEQ(bufInf[0], 0);
+
+    wolfSSL_EC_POINT_dump(NULL, NULL);
+    /* Test point i2d */
+    ExpectIntEQ(ECPoint_i2d(NULL, NULL, NULL, &blen), 0);
+    ExpectIntEQ(ECPoint_i2d(NULL, Gxy, NULL, &blen), 0);
+    ExpectIntEQ(ECPoint_i2d(group, NULL, NULL, &blen), 0);
+    ExpectIntEQ(ECPoint_i2d(group, Gxy, NULL, NULL), 0);
+    ExpectIntEQ(ECPoint_i2d(group, Gxy, NULL, &blen), 1);
+    ExpectIntEQ(blen, sizeof(binUncompG));
+    ExpectNotNull(buf = (unsigned char*)XMALLOC(blen, NULL, DYNAMIC_TYPE_ECC));
+    blen--;
+    ExpectIntEQ(ECPoint_i2d(group, Gxy, buf, &blen), 0);
+    blen++;
+    ExpectIntEQ(ECPoint_i2d(group, Gxy, buf, &blen), 1);
+    ExpectIntEQ(XMEMCMP(buf, binUncompG, sizeof(binUncompG)), 0);
+    XFREE(buf, NULL, DYNAMIC_TYPE_ECC);
+
+#ifdef HAVE_COMP_KEY
+    /* Test point to oct compressed */
+    bin_len = EC_POINT_point2oct(group, Gxy, POINT_CONVERSION_COMPRESSED, NULL,
+        0, ctx);
+    ExpectIntEQ(bin_len, sizeof(binCompG));
+    ExpectNotNull(buf = (unsigned char*)XMALLOC(bin_len, NULL,
+        DYNAMIC_TYPE_ECC));
+    ExpectIntEQ(EC_POINT_point2oct(group, Gxy, POINT_CONVERSION_COMPRESSED, buf,
+        bin_len, ctx), bin_len);
+    ExpectIntEQ(XMEMCMP(buf, binCompG, sizeof(binCompG)), 0);
+    XFREE(buf, NULL, DYNAMIC_TYPE_ECC);
+#endif
+
+    /* Test point BN */
+    ExpectNull(wolfSSL_EC_POINT_point2bn(NULL, NULL,
+        POINT_CONVERSION_UNCOMPRESSED, NULL, ctx));
+    ExpectNull(wolfSSL_EC_POINT_point2bn(NULL, Gxy,
+        POINT_CONVERSION_UNCOMPRESSED, NULL, ctx));
+    ExpectNull(wolfSSL_EC_POINT_point2bn(group, NULL,
+        POINT_CONVERSION_UNCOMPRESSED, NULL, ctx));
+    ExpectNull(wolfSSL_EC_POINT_point2bn(group, Gxy, 0, NULL, ctx));
+
+    /* Test oct to point */
+    ExpectNotNull(tmp = EC_POINT_new(group));
+    ExpectIntEQ(EC_POINT_oct2point(NULL, NULL, binUncompG, sizeof(binUncompG),
+        ctx), 0);
+    ExpectIntEQ(EC_POINT_oct2point(NULL, tmp, binUncompG, sizeof(binUncompG),
+        ctx), 0);
+    ExpectIntEQ(EC_POINT_oct2point(group, NULL, binUncompG, sizeof(binUncompG),
+        ctx), 0);
+    ExpectIntEQ(EC_POINT_oct2point(group, tmp, binUncompGBad,
+        sizeof(binUncompGBad), ctx), 0);
+    ExpectIntEQ(EC_POINT_oct2point(group, tmp, binUncompG, sizeof(binUncompG),
+        ctx), 1);
+    ExpectIntEQ(EC_POINT_cmp(group, tmp, Gxy, ctx), 0);
+    EC_POINT_free(tmp);
+    tmp = NULL;
+
+    /* Test setting BN ordinates. */
+    ExpectNotNull(tmp = EC_POINT_new(group));
+    ExpectIntEQ(wolfSSL_EC_POINT_set_affine_coordinates_GFp(NULL, NULL, NULL,
+        NULL, ctx), 0);
+    ExpectIntEQ(wolfSSL_EC_POINT_set_affine_coordinates_GFp(group, NULL, NULL,
+        NULL, ctx), 0);
+    ExpectIntEQ(wolfSSL_EC_POINT_set_affine_coordinates_GFp(NULL, tmp, NULL,
+        NULL, ctx), 0);
+    ExpectIntEQ(wolfSSL_EC_POINT_set_affine_coordinates_GFp(NULL, NULL, Gx,
+        NULL, ctx), 0);
+    ExpectIntEQ(wolfSSL_EC_POINT_set_affine_coordinates_GFp(NULL, NULL, NULL,
+        Gy, ctx), 0);
+    ExpectIntEQ(wolfSSL_EC_POINT_set_affine_coordinates_GFp(NULL, tmp, Gx, Gy,
+        ctx), 0);
+    ExpectIntEQ(wolfSSL_EC_POINT_set_affine_coordinates_GFp(group, NULL, Gx, Gy,
+        ctx), 0);
+    ExpectIntEQ(wolfSSL_EC_POINT_set_affine_coordinates_GFp(group, tmp, NULL,
+        Gy, ctx), 0);
+    ExpectIntEQ(wolfSSL_EC_POINT_set_affine_coordinates_GFp(group, tmp, Gx,
+        NULL, ctx), 0);
+    ExpectIntEQ(wolfSSL_EC_POINT_set_affine_coordinates_GFp(group, tmp, Gx, Gy,
+        ctx), 1);
+    EC_POINT_free(tmp);
+    tmp = NULL;
+
+    /* Test point d2i */
+    ExpectNotNull(tmp = EC_POINT_new(group));
+    ExpectIntEQ(ECPoint_d2i(NULL, sizeof(binUncompG), NULL, NULL), 0);
+    ExpectIntEQ(ECPoint_d2i(binUncompG, sizeof(binUncompG), NULL, NULL), 0);
+    ExpectIntEQ(ECPoint_d2i(NULL, sizeof(binUncompG), group, NULL), 0);
+    ExpectIntEQ(ECPoint_d2i(NULL, sizeof(binUncompG), NULL, tmp), 0);
+    ExpectIntEQ(ECPoint_d2i(NULL, sizeof(binUncompG), group, tmp), 0);
+    ExpectIntEQ(ECPoint_d2i(binUncompG, sizeof(binUncompG), NULL, tmp), 0);
+    ExpectIntEQ(ECPoint_d2i(binUncompG, sizeof(binUncompG), group, NULL), 0);
+    ExpectIntEQ(ECPoint_d2i(binUncompGBad, sizeof(binUncompG), group, tmp), 0);
+    ExpectIntEQ(ECPoint_d2i(binUncompG, sizeof(binUncompG), group, tmp), 1);
+    ExpectIntEQ(EC_POINT_cmp(group, tmp, Gxy, ctx), 0);
+    EC_POINT_free(tmp);
+    tmp = NULL;
+
+#ifdef HAVE_COMP_KEY
+    /* Test oct compressed to point */
+    ExpectNotNull(tmp = EC_POINT_new(group));
+    ExpectIntEQ(EC_POINT_oct2point(group, tmp, binCompG, sizeof(binCompG), ctx),
+        1);
+    ExpectIntEQ(EC_POINT_cmp(group, tmp, Gxy, ctx), 0);
+    EC_POINT_free(tmp);
+    tmp = NULL;
+
+    /* Test point d2i - compressed */
+    ExpectNotNull(tmp = EC_POINT_new(group));
+    ExpectIntEQ(ECPoint_d2i(binCompG, sizeof(binCompG), group, tmp), 1);
+    ExpectIntEQ(EC_POINT_cmp(group, tmp, Gxy, ctx), 0);
+    EC_POINT_free(tmp);
+    tmp = NULL;
+#endif
+#endif
+
+    /* test BN_mod_add */
+    ExpectIntEQ(BN_mod_add(new_point->Z, (WOLFSSL_BIGNUM*)BN_value_one(),
+        (WOLFSSL_BIGNUM*)BN_value_one(), (WOLFSSL_BIGNUM*)BN_value_one(), NULL),
+        1);
+    ExpectIntEQ(BN_is_zero(new_point->Z), 1);
+
+    /* cleanup */
+    BN_free(X);
+    BN_free(Y);
+    BN_free(k);
+    BN_free(set_point_bn);
+    EC_POINT_free(infinity);
+    EC_POINT_free(new_point);
+    EC_POINT_free(set_point);
+    EC_POINT_clear_free(Gxy);
+#ifndef HAVE_ECC_BRAINPOOL
+    EC_GROUP_free(group2);
+#endif
+    EC_GROUP_free(group);
+    BN_CTX_free(ctx);
+#endif
+#endif /* !WOLFSSL_SP_MATH && ( !HAVE_FIPS || HAVE_FIPS_VERSION > 2) */
+    return EXPECT_RESULT();
+}
+
+int test_wolfSSL_SPAKE(void)
+{
+    EXPECT_DECLS;
+
+#if defined(OPENSSL_EXTRA) && defined(HAVE_ECC) && !defined(WOLFSSL_ATECC508A) \
+    && !defined(WOLFSSL_ATECC608A) && !defined(HAVE_SELFTEST) && \
+       !defined(WOLFSSL_SP_MATH) && !defined(WOLF_CRYPTO_CB_ONLY_ECC)
+    BIGNUM* x = NULL; /* kdc priv */
+    BIGNUM* y = NULL; /* client priv */
+    BIGNUM* w = NULL; /* shared value */
+    byte M_bytes[] = {
+        /* uncompressed */
+        0x04,
+        /* x */
+        0x88, 0x6e, 0x2f, 0x97, 0xac, 0xe4, 0x6e, 0x55, 0xba, 0x9d, 0xd7, 0x24,
+        0x25, 0x79, 0xf2, 0x99, 0x3b, 0x64, 0xe1, 0x6e, 0xf3, 0xdc, 0xab, 0x95,
+        0xaf, 0xd4, 0x97, 0x33, 0x3d, 0x8f, 0xa1, 0x2f,
+        /* y */
+        0x5f, 0xf3, 0x55, 0x16, 0x3e, 0x43, 0xce, 0x22, 0x4e, 0x0b, 0x0e, 0x65,
+        0xff, 0x02, 0xac, 0x8e, 0x5c, 0x7b, 0xe0, 0x94, 0x19, 0xc7, 0x85, 0xe0,
+        0xca, 0x54, 0x7d, 0x55, 0xa1, 0x2e, 0x2d, 0x20
+    };
+    EC_POINT* M = NULL; /* shared value */
+    byte N_bytes[] = {
+        /* uncompressed */
+        0x04,
+        /* x */
+        0xd8, 0xbb, 0xd6, 0xc6, 0x39, 0xc6, 0x29, 0x37, 0xb0, 0x4d, 0x99, 0x7f,
+        0x38, 0xc3, 0x77, 0x07, 0x19, 0xc6, 0x29, 0xd7, 0x01, 0x4d, 0x49, 0xa2,
+        0x4b, 0x4f, 0x98, 0xba, 0xa1, 0x29, 0x2b, 0x49,
+        /* y */
+        0x07, 0xd6, 0x0a, 0xa6, 0xbf, 0xad, 0xe4, 0x50, 0x08, 0xa6, 0x36, 0x33,
+        0x7f, 0x51, 0x68, 0xc6, 0x4d, 0x9b, 0xd3, 0x60, 0x34, 0x80, 0x8c, 0xd5,
+        0x64, 0x49, 0x0b, 0x1e, 0x65, 0x6e, 0xdb, 0xe7
+    };
+    EC_POINT* N = NULL; /* shared value */
+    EC_POINT* T = NULL; /* kdc pub */
+    EC_POINT* tmp1 = NULL; /* kdc pub */
+    EC_POINT* tmp2 = NULL; /* kdc pub */
+    EC_POINT* S = NULL; /* client pub */
+    EC_POINT* client_secret = NULL;
+    EC_POINT* kdc_secret = NULL;
+    EC_GROUP* group = NULL;
+    BN_CTX* bn_ctx = NULL;
+
+    /* Values taken from a test run of Kerberos 5 */
+
+    ExpectNotNull(group = EC_GROUP_new_by_curve_name(NID_X9_62_prime256v1));
+    ExpectNotNull(bn_ctx = BN_CTX_new());
+
+    ExpectNotNull(M = EC_POINT_new(group));
+    ExpectNotNull(N = EC_POINT_new(group));
+    ExpectNotNull(T = EC_POINT_new(group));
+    ExpectNotNull(tmp1 = EC_POINT_new(group));
+    ExpectNotNull(tmp2 = EC_POINT_new(group));
+    ExpectNotNull(S = EC_POINT_new(group));
+    ExpectNotNull(client_secret = EC_POINT_new(group));
+    ExpectNotNull(kdc_secret = EC_POINT_new(group));
+    ExpectIntEQ(BN_hex2bn(&x, "DAC3027CD692B4BDF0EDFE9B7D0E4E7"
+                              "E5D8768A725EAEEA6FC68EC239A17C0"), 1);
+    ExpectIntEQ(BN_hex2bn(&y, "6F6A1D394E26B1655A54B26DCE30D49"
+                              "90CC47EBE08F809EF3FF7F6AEAABBB5"), 1);
+    ExpectIntEQ(BN_hex2bn(&w, "1D992AB8BA851B9BA05353453D81EE9"
+                              "506AB395478F0AAB647752CF117B36250"), 1);
+    ExpectIntEQ(EC_POINT_oct2point(group, M, M_bytes, sizeof(M_bytes), bn_ctx),
+                1);
+    ExpectIntEQ(EC_POINT_oct2point(group, N, N_bytes, sizeof(N_bytes), bn_ctx),
+                1);
+
+    /* Function pattern similar to ossl_keygen and ossl_result in krb5 */
+
+    /* kdc */
+    /* T=x*P+w*M */
+    /* All in one function call */
+    ExpectIntEQ(EC_POINT_mul(group, T, x, M, w, bn_ctx), 1);
+    /* Spread into separate calls */
+    ExpectIntEQ(EC_POINT_mul(group, tmp1, x, NULL, NULL, bn_ctx), 1);
+    ExpectIntEQ(EC_POINT_mul(group, tmp2, NULL, M, w, bn_ctx), 1);
+    ExpectIntEQ(EC_POINT_add(group, tmp1, tmp1, tmp2, bn_ctx),
+                1);
+    ExpectIntEQ(EC_POINT_cmp(group, T, tmp1, bn_ctx), 0);
+    /* client */
+    /* S=y*P+w*N */
+    /* All in one function call */
+    ExpectIntEQ(EC_POINT_mul(group, S, y, N, w, bn_ctx), 1);
+    /* Spread into separate calls */
+    ExpectIntEQ(EC_POINT_mul(group, tmp1, y, NULL, NULL, bn_ctx), 1);
+    ExpectIntEQ(EC_POINT_mul(group, tmp2, NULL, N, w, bn_ctx), 1);
+    ExpectIntEQ(EC_POINT_add(group, tmp1, tmp1, tmp2, bn_ctx),
+                1);
+    ExpectIntEQ(EC_POINT_cmp(group, S, tmp1, bn_ctx), 0);
+    /* K=y*(T-w*M) */
+    ExpectIntEQ(EC_POINT_mul(group, client_secret, NULL, M, w, bn_ctx), 1);
+    ExpectIntEQ(EC_POINT_invert(group, client_secret, bn_ctx), 1);
+    ExpectIntEQ(EC_POINT_add(group, client_secret, T, client_secret, bn_ctx),
+                1);
+    ExpectIntEQ(EC_POINT_mul(group, client_secret, NULL, client_secret, y,
+                             bn_ctx), 1);
+    /* kdc */
+    /* K=x*(S-w*N) */
+    ExpectIntEQ(EC_POINT_mul(group, kdc_secret, NULL, N, w, bn_ctx), 1);
+    ExpectIntEQ(EC_POINT_invert(group, kdc_secret, bn_ctx), 1);
+    ExpectIntEQ(EC_POINT_add(group, kdc_secret, S, kdc_secret, bn_ctx),
+                1);
+    ExpectIntEQ(EC_POINT_mul(group, kdc_secret, NULL, kdc_secret, x, bn_ctx),
+                1);
+
+    /* kdc_secret == client_secret */
+    ExpectIntEQ(EC_POINT_cmp(group, client_secret, kdc_secret, bn_ctx), 0);
+
+    BN_free(x);
+    BN_free(y);
+    BN_free(w);
+    EC_POINT_free(M);
+    EC_POINT_free(N);
+    EC_POINT_free(T);
+    EC_POINT_free(tmp1);
+    EC_POINT_free(tmp2);
+    EC_POINT_free(S);
+    EC_POINT_free(client_secret);
+    EC_POINT_free(kdc_secret);
+    EC_GROUP_free(group);
+    BN_CTX_free(bn_ctx);
+#endif
+    return EXPECT_RESULT();
+}
+
+int test_wolfSSL_EC_KEY_generate(void)
+{
+    EXPECT_DECLS;
+#ifdef OPENSSL_EXTRA
+    WOLFSSL_EC_KEY* key = NULL;
+#ifndef HAVE_ECC_BRAINPOOL
+    WOLFSSL_EC_GROUP* group = NULL;
+#endif
+
+    ExpectNotNull(key = EC_KEY_new_by_curve_name(NID_X9_62_prime256v1));
+
+    ExpectIntEQ(wolfSSL_EC_KEY_generate_key(NULL), 0);
+    ExpectIntEQ(wolfSSL_EC_KEY_generate_key(key), 1);
+    wolfSSL_EC_KEY_free(key);
+    key = NULL;
+
+#ifndef HAVE_ECC_BRAINPOOL
+    ExpectNotNull(group = wolfSSL_EC_GROUP_new_by_curve_name(
+        NID_brainpoolP256r1));
+    ExpectNotNull(key = wolfSSL_EC_KEY_new());
+    ExpectIntEQ(wolfSSL_EC_KEY_set_group(key, group), 1);
+    ExpectIntEQ(wolfSSL_EC_KEY_generate_key(key), 0);
+    wolfSSL_EC_KEY_free(key);
+    wolfSSL_EC_GROUP_free(group);
+#endif
+#endif
+    return EXPECT_RESULT();
+}
+
+int test_EC_i2d(void)
+{
+    EXPECT_DECLS;
+#if defined(OPENSSL_EXTRA) && !defined(HAVE_FIPS)
+    EC_KEY *key = NULL;
+    EC_KEY *copy = NULL;
+    int len = 0;
+    unsigned char *buf = NULL;
+    unsigned char *p = NULL;
+    const unsigned char *tmp = NULL;
+    const unsigned char octBad[] = {
+        0x09, 0x6b, 0x17, 0xd1, 0xf2, 0xe1, 0x2c, 0x42, 0x47, 0xf8, 0xbc,
+        0xe6, 0xe5, 0x63, 0xa4, 0x40, 0xf2, 0x77, 0x03, 0x7d, 0x81, 0x2d,
+        0xeb, 0x33, 0xa0, 0xf4, 0xa1, 0x39, 0x45, 0xd8, 0x98, 0xc2, 0x96,
+        0x4f, 0xe3, 0x42, 0xe2, 0xfe, 0x1a, 0x7f, 0x9b, 0x8e, 0xe7, 0xeb,
+        0x4a, 0x7c, 0x0f, 0x9e, 0x16, 0x2b, 0xce, 0x33, 0x57, 0x6b, 0x31,
+        0x5e, 0xce, 0xcb, 0xb6, 0x40, 0x68, 0x37, 0xbf, 0x51, 0xf5,
+    };
+
+    ExpectNotNull(key = EC_KEY_new_by_curve_name(NID_X9_62_prime256v1));
+    ExpectIntEQ(EC_KEY_generate_key(key), 1);
+    ExpectIntGT((len = i2d_EC_PUBKEY(key, NULL)), 0);
+    ExpectNotNull(buf = (unsigned char*)XMALLOC(len, NULL,
+        DYNAMIC_TYPE_TMP_BUFFER));
+    p = buf;
+    ExpectIntEQ(i2d_EC_PUBKEY(key, &p), len);
+
+    ExpectNull(o2i_ECPublicKey(NULL, NULL, -1));
+    ExpectNull(o2i_ECPublicKey(&copy, NULL, -1));
+    ExpectNull(o2i_ECPublicKey(&key, NULL, -1));
+    ExpectNull(o2i_ECPublicKey(NULL, &tmp, -1));
+    ExpectNull(o2i_ECPublicKey(NULL, NULL, 0));
+    ExpectNull(o2i_ECPublicKey(&key, NULL, 0));
+    ExpectNull(o2i_ECPublicKey(&key, &tmp, 0));
+    tmp = buf;
+    ExpectNull(o2i_ECPublicKey(NULL, &tmp, 0));
+    ExpectNull(o2i_ECPublicKey(&copy, &tmp, 0));
+    ExpectNull(o2i_ECPublicKey(NULL, &tmp, -1));
+    ExpectNull(o2i_ECPublicKey(&key, &tmp, -1));
+
+    ExpectIntEQ(i2o_ECPublicKey(NULL, NULL), 0);
+    ExpectIntEQ(i2o_ECPublicKey(NULL, &buf), 0);
+
+    tmp = buf;
+    ExpectNull(d2i_ECPrivateKey(NULL, &tmp, 0));
+    ExpectNull(d2i_ECPrivateKey(NULL, &tmp, 1));
+    ExpectNull(d2i_ECPrivateKey(&copy, &tmp, 0));
+    ExpectNull(d2i_ECPrivateKey(&copy, &tmp, 1));
+    ExpectNull(d2i_ECPrivateKey(&key, &tmp, 0));
+
+    {
+        EC_KEY *pubkey = NULL;
+        BIO* bio = NULL;
+
+        ExpectNotNull(bio = BIO_new(BIO_s_mem()));
+        ExpectIntGT(BIO_write(bio, buf, len), 0);
+        ExpectNotNull(d2i_EC_PUBKEY_bio(bio, &pubkey));
+
+        BIO_free(bio);
+        EC_KEY_free(pubkey);
+    }
+
+    ExpectIntEQ(i2d_ECPrivateKey(NULL, &p), 0);
+    ExpectIntEQ(i2d_ECPrivateKey(NULL, NULL), 0);
+
+    ExpectIntEQ(wolfSSL_EC_KEY_LoadDer(NULL, NULL, -1), -1);
+    ExpectIntEQ(wolfSSL_EC_KEY_LoadDer_ex(NULL, NULL, -1, 0), -1);
+    ExpectIntEQ(wolfSSL_EC_KEY_LoadDer_ex(key, NULL, -1, 0), -1);
+    ExpectIntEQ(wolfSSL_EC_KEY_LoadDer_ex(NULL, buf, -1, 0), -1);
+    ExpectIntEQ(wolfSSL_EC_KEY_LoadDer_ex(NULL, NULL, 0, 0), -1);
+    ExpectIntEQ(wolfSSL_EC_KEY_LoadDer_ex(NULL, NULL, -1,
+        WOLFSSL_EC_KEY_LOAD_PUBLIC), -1);
+    ExpectIntEQ(wolfSSL_EC_KEY_LoadDer_ex(NULL, buf, len,
+        WOLFSSL_EC_KEY_LOAD_PUBLIC), -1);
+    ExpectIntEQ(wolfSSL_EC_KEY_LoadDer_ex(key, NULL, len,
+        WOLFSSL_EC_KEY_LOAD_PUBLIC), -1);
+    ExpectIntEQ(wolfSSL_EC_KEY_LoadDer_ex(key, buf, -1,
+        WOLFSSL_EC_KEY_LOAD_PUBLIC), -1);
+    ExpectIntEQ(wolfSSL_EC_KEY_LoadDer_ex(key, buf, len, 0), -1);
+    ExpectIntEQ(wolfSSL_EC_KEY_LoadDer_ex(key, buf, len,
+        WOLFSSL_EC_KEY_LOAD_PRIVATE), -1);
+    ExpectIntEQ(wolfSSL_EC_KEY_LoadDer_ex(key, octBad, sizeof(octBad),
+        WOLFSSL_EC_KEY_LOAD_PRIVATE), -1);
+    ExpectIntEQ(wolfSSL_EC_KEY_LoadDer_ex(key, octBad, sizeof(octBad),
+        WOLFSSL_EC_KEY_LOAD_PUBLIC), -1);
+
+    XFREE(buf, NULL, DYNAMIC_TYPE_TMP_BUFFER);
+    buf = NULL;
+    buf = NULL;
+
+    ExpectIntGT((len = i2d_ECPrivateKey(key, NULL)), 0);
+    ExpectNotNull(buf = (unsigned char*)XMALLOC(len, NULL,
+        DYNAMIC_TYPE_TMP_BUFFER));
+    p = buf;
+    ExpectIntEQ(i2d_ECPrivateKey(key, &p), len);
+
+    p = NULL;
+    ExpectIntEQ(i2d_ECPrivateKey(key, &p), len);
+    XFREE(p, NULL, DYNAMIC_TYPE_TMP_BUFFER);
+    p = NULL;
+
+    /* Bad point is also an invalid private key. */
+    tmp = octBad;
+    ExpectNull(d2i_ECPrivateKey(&copy, &tmp, sizeof(octBad)));
+    tmp = buf;
+    ExpectNotNull(d2i_ECPrivateKey(&copy, &tmp, len));
+    XFREE(buf, NULL, DYNAMIC_TYPE_TMP_BUFFER);
+    buf = NULL;
+    buf = NULL;
+
+    ExpectIntGT((len = i2o_ECPublicKey(key, NULL)), 0);
+    ExpectNotNull(buf = (unsigned char*)XMALLOC(len, NULL,
+        DYNAMIC_TYPE_TMP_BUFFER));
+    p = buf;
+    ExpectIntGT((len = i2o_ECPublicKey(key, &p)), 0);
+    p = NULL;
+    ExpectIntGT((len = i2o_ECPublicKey(key, &p)), 0);
+    tmp = buf;
+    ExpectNotNull(o2i_ECPublicKey(&copy, &tmp, len));
+    tmp = octBad;
+    ExpectNull(o2i_ECPublicKey(&key, &tmp, sizeof(octBad)));
+
+    ExpectIntEQ(EC_KEY_check_key(NULL), 0);
+    ExpectIntEQ(EC_KEY_check_key(key), 1);
+
+    XFREE(p, NULL, DYNAMIC_TYPE_OPENSSL);
+    XFREE(buf, NULL, DYNAMIC_TYPE_OPENSSL);
+
+    EC_KEY_free(key);
+    EC_KEY_free(copy);
+#endif
+    return EXPECT_RESULT();
+}
+
+int test_wolfSSL_EC_curve(void)
+{
+    EXPECT_DECLS;
+#if defined(OPENSSL_EXTRA)
+    int nid = NID_secp160k1;
+    const char* nid_name = NULL;
+
+    ExpectNull(EC_curve_nid2nist(NID_sha256));
+
+    ExpectNotNull(nid_name = EC_curve_nid2nist(nid));
+    ExpectIntEQ(XMEMCMP(nid_name, "K-160", XSTRLEN("K-160")), 0);
+
+    ExpectIntEQ(EC_curve_nist2nid("INVALID"), 0);
+    ExpectIntEQ(EC_curve_nist2nid(nid_name), nid);
+#endif
+    return EXPECT_RESULT();
+}
+
+int test_wolfSSL_EC_KEY_dup(void)
+{
+    EXPECT_DECLS;
+#if defined(OPENSSL_ALL) && !defined(NO_CERTS)
+    WOLFSSL_EC_KEY* ecKey = NULL;
+    WOLFSSL_EC_KEY* dupKey = NULL;
+    ecc_key* srcKey = NULL;
+    ecc_key* destKey = NULL;
+
+    ExpectNotNull(ecKey = wolfSSL_EC_KEY_new());
+    ExpectIntEQ(wolfSSL_EC_KEY_generate_key(ecKey), 1);
+
+    /* Valid cases */
+    ExpectNotNull(dupKey = wolfSSL_EC_KEY_dup(ecKey));
+    ExpectIntEQ(EC_KEY_check_key(dupKey), 1);
+
+    /* Compare pubkey */
+    if (ecKey != NULL) {
+        srcKey = (ecc_key*)ecKey->internal;
+    }
+    if (dupKey != NULL) {
+        destKey = (ecc_key*)dupKey->internal;
+    }
+    ExpectIntEQ(wc_ecc_cmp_point(&srcKey->pubkey, &destKey->pubkey), 0);
+
+    /* compare EC_GROUP */
+    ExpectIntEQ(wolfSSL_EC_GROUP_cmp(ecKey->group, dupKey->group, NULL), MP_EQ);
+
+    /* compare EC_POINT */
+    ExpectIntEQ(wolfSSL_EC_POINT_cmp(ecKey->group, ecKey->pub_key, \
+                dupKey->pub_key, NULL), MP_EQ);
+
+    /* compare BIGNUM */
+    ExpectIntEQ(wolfSSL_BN_cmp(ecKey->priv_key, dupKey->priv_key), MP_EQ);
+    wolfSSL_EC_KEY_free(dupKey);
+    dupKey = NULL;
+
+    /* Invalid cases */
+    /* NULL key */
+    ExpectNull(dupKey = wolfSSL_EC_KEY_dup(NULL));
+    /* NULL ecc_key */
+    if (ecKey != NULL) {
+        wc_ecc_free((ecc_key*)ecKey->internal);
+        XFREE(ecKey->internal, NULL, DYNAMIC_TYPE_ECC);
+        ecKey->internal = NULL; /* Set ecc_key to NULL */
+    }
+    ExpectNull(dupKey = wolfSSL_EC_KEY_dup(ecKey));
+    wolfSSL_EC_KEY_free(ecKey);
+    ecKey = NULL;
+    wolfSSL_EC_KEY_free(dupKey);
+    dupKey = NULL;
+
+    /* NULL Group */
+    ExpectNotNull(ecKey = wolfSSL_EC_KEY_new());
+    ExpectIntEQ(wolfSSL_EC_KEY_generate_key(ecKey), 1);
+    if (ecKey != NULL) {
+        wolfSSL_EC_GROUP_free(ecKey->group);
+        ecKey->group = NULL; /* Set group to NULL */
+    }
+    ExpectNull(dupKey = wolfSSL_EC_KEY_dup(ecKey));
+    wolfSSL_EC_KEY_free(ecKey);
+    ecKey = NULL;
+    wolfSSL_EC_KEY_free(dupKey);
+    dupKey = NULL;
+
+    /* NULL public key */
+    ExpectNotNull(ecKey = wolfSSL_EC_KEY_new());
+    ExpectIntEQ(wolfSSL_EC_KEY_generate_key(ecKey), 1);
+    if (ecKey != NULL) {
+        wc_ecc_del_point((ecc_point*)ecKey->pub_key->internal);
+        ecKey->pub_key->internal = NULL; /* Set ecc_point to NULL */
+    }
+
+    ExpectNull(dupKey = wolfSSL_EC_KEY_dup(ecKey));
+    if (ecKey != NULL) {
+        wolfSSL_EC_POINT_free(ecKey->pub_key);
+        ecKey->pub_key = NULL; /* Set pub_key to NULL */
+    }
+    ExpectNull(dupKey = wolfSSL_EC_KEY_dup(ecKey));
+    wolfSSL_EC_KEY_free(ecKey);
+    ecKey = NULL;
+    wolfSSL_EC_KEY_free(dupKey);
+    dupKey = NULL;
+
+    /* NULL private key */
+    ExpectNotNull(ecKey = wolfSSL_EC_KEY_new());
+    ExpectIntEQ(wolfSSL_EC_KEY_generate_key(ecKey), 1);
+
+    if (ecKey != NULL) {
+        wolfSSL_BN_free(ecKey->priv_key);
+        ecKey->priv_key = NULL; /* Set priv_key to NULL */
+    }
+    ExpectNull(dupKey = wolfSSL_EC_KEY_dup(ecKey));
+
+    wolfSSL_EC_KEY_free(ecKey);
+    ecKey = NULL;
+    wolfSSL_EC_KEY_free(dupKey);
+    dupKey = NULL;
+
+    /* Test EC_KEY_up_ref */
+    ExpectNotNull(ecKey = wolfSSL_EC_KEY_new());
+    ExpectIntEQ(wolfSSL_EC_KEY_generate_key(ecKey), WOLFSSL_SUCCESS);
+    ExpectIntEQ(wolfSSL_EC_KEY_up_ref(NULL), WC_NO_ERR_TRACE(WOLFSSL_FAILURE));
+    ExpectIntEQ(wolfSSL_EC_KEY_up_ref(ecKey), WOLFSSL_SUCCESS);
+    /* reference count doesn't follow duplicate */
+    ExpectNotNull(dupKey = wolfSSL_EC_KEY_dup(ecKey));
+    ExpectIntEQ(wolfSSL_EC_KEY_up_ref(dupKey), WOLFSSL_SUCCESS); /* +1 */
+    ExpectIntEQ(wolfSSL_EC_KEY_up_ref(dupKey), WOLFSSL_SUCCESS); /* +2 */
+    wolfSSL_EC_KEY_free(dupKey); /* 3 */
+    wolfSSL_EC_KEY_free(dupKey); /* 2 */
+    wolfSSL_EC_KEY_free(dupKey); /* 1, free */
+    wolfSSL_EC_KEY_free(ecKey);  /* 2 */
+    wolfSSL_EC_KEY_free(ecKey);  /* 1, free */
+#endif
+    return EXPECT_RESULT();
+}
+
+int test_wolfSSL_EC_KEY_set_group(void)
+{
+    EXPECT_DECLS;
+#if defined(HAVE_ECC) && !defined(NO_ECC256) && !defined(NO_ECC_SECP) && \
+    defined(OPENSSL_EXTRA)
+    EC_KEY   *key    = NULL;
+    EC_GROUP *group  = NULL;
+    const EC_GROUP *group2 = NULL;
+
+    ExpectNotNull(group = EC_GROUP_new_by_curve_name(NID_X9_62_prime256v1));
+    ExpectNotNull(key = EC_KEY_new());
+
+    ExpectNull(EC_KEY_get0_group(NULL));
+    ExpectIntEQ(EC_KEY_set_group(NULL, NULL), 0);
+    ExpectIntEQ(EC_KEY_set_group(key, NULL), 0);
+    ExpectIntEQ(EC_KEY_set_group(NULL, group), 0);
+
+    ExpectIntEQ(EC_KEY_set_group(key, group), WOLFSSL_SUCCESS);
+    ExpectNotNull(group2 = EC_KEY_get0_group(key));
+    ExpectIntEQ(EC_GROUP_cmp(group2, group, NULL), 0);
+
+    EC_GROUP_free(group);
+    EC_KEY_free(key);
+#endif
+    return EXPECT_RESULT();
+}
+
+int test_wolfSSL_EC_KEY_set_conv_form(void)
+{
+    EXPECT_DECLS;
+#if defined(HAVE_ECC) && defined(OPENSSL_EXTRA) && !defined(NO_BIO) && \
+    !defined(NO_FILESYSTEM)
+    BIO* bio = NULL;
+    EC_KEY* key = NULL;
+
+    /* Error condition: NULL key. */
+    ExpectIntLT(EC_KEY_get_conv_form(NULL), 0);
+
+    ExpectNotNull(bio = BIO_new_file("./certs/ecc-keyPub.pem", "rb"));
+    ExpectNotNull(key = PEM_read_bio_EC_PUBKEY(bio, NULL, NULL, NULL));
+    /* Conversion form defaults to uncompressed. */
+    ExpectIntEQ(EC_KEY_get_conv_form(key), POINT_CONVERSION_UNCOMPRESSED);
+#ifdef HAVE_COMP_KEY
+    /* Explicitly set to compressed. */
+    EC_KEY_set_conv_form(key, POINT_CONVERSION_COMPRESSED);
+    ExpectIntEQ(EC_KEY_get_conv_form(key), POINT_CONVERSION_COMPRESSED);
+#else
+    /* Will still work just won't change anything. */
+    EC_KEY_set_conv_form(key, POINT_CONVERSION_COMPRESSED);
+    ExpectIntEQ(EC_KEY_get_conv_form(key), POINT_CONVERSION_UNCOMPRESSED);
+    EC_KEY_set_conv_form(key, POINT_CONVERSION_UNCOMPRESSED);
+    ExpectIntEQ(EC_KEY_get_conv_form(key), POINT_CONVERSION_UNCOMPRESSED);
+#endif
+    EC_KEY_set_conv_form(NULL, POINT_CONVERSION_UNCOMPRESSED);
+
+    BIO_free(bio);
+    EC_KEY_free(key);
+#endif
+    return EXPECT_RESULT();
+}
+
+int test_wolfSSL_EC_KEY_private_key(void)
+{
+    EXPECT_DECLS;
+#if defined(OPENSSL_EXTRA) && !defined(NO_BIO)
+    WOLFSSL_EC_KEY* key = NULL;
+    WOLFSSL_BIGNUM* priv = NULL;
+    WOLFSSL_BIGNUM* priv2 = NULL;
+    WOLFSSL_BIGNUM* bn = NULL;
+
+    ExpectNotNull(key = EC_KEY_new_by_curve_name(NID_X9_62_prime256v1));
+    ExpectNotNull(priv = wolfSSL_BN_new());
+    ExpectNotNull(priv2 = wolfSSL_BN_new());
+    ExpectIntNE(BN_set_word(priv, 2), 0);
+    ExpectIntNE(BN_set_word(priv2, 2), 0);
+
+    ExpectNull(wolfSSL_EC_KEY_get0_private_key(NULL));
+    /* No private key set. */
+    ExpectNull(wolfSSL_EC_KEY_get0_private_key(key));
+
+    ExpectIntEQ(wolfSSL_EC_KEY_set_private_key(NULL, NULL), 0);
+    ExpectIntEQ(wolfSSL_EC_KEY_set_private_key(key, NULL), 0);
+    ExpectIntEQ(wolfSSL_EC_KEY_set_private_key(NULL, priv), 0);
+
+    ExpectIntEQ(wolfSSL_EC_KEY_set_private_key(key, priv), 1);
+    ExpectNotNull(bn = wolfSSL_EC_KEY_get0_private_key(key));
+    ExpectPtrNE(bn, priv);
+    ExpectIntEQ(wolfSSL_EC_KEY_set_private_key(key, priv2), 1);
+    ExpectNotNull(bn = wolfSSL_EC_KEY_get0_private_key(key));
+    ExpectPtrNE(bn, priv2);
+
+    wolfSSL_BN_free(priv2);
+    wolfSSL_BN_free(priv);
+    wolfSSL_EC_KEY_free(key);
+#endif
+    return EXPECT_RESULT();
+}
+
+int test_wolfSSL_EC_KEY_public_key(void)
+{
+    EXPECT_DECLS;
+#if defined(OPENSSL_EXTRA) && !defined(NO_BIO)
+    WOLFSSL_EC_KEY* key = NULL;
+    WOLFSSL_EC_POINT* pub = NULL;
+    WOLFSSL_EC_POINT* point = NULL;
+
+    ExpectNotNull(key = EC_KEY_new_by_curve_name(NID_X9_62_prime256v1));
+
+    ExpectNull(wolfSSL_EC_KEY_get0_public_key(NULL));
+    ExpectNotNull(wolfSSL_EC_KEY_get0_public_key(key));
+
+    ExpectIntEQ(wolfSSL_EC_KEY_generate_key(key), 1);
+
+    ExpectNotNull(pub = wolfSSL_EC_KEY_get0_public_key(key));
+
+    ExpectIntEQ(wolfSSL_EC_KEY_set_public_key(NULL, NULL), 0);
+    ExpectIntEQ(wolfSSL_EC_KEY_set_public_key(key, NULL), 0);
+    ExpectIntEQ(wolfSSL_EC_KEY_set_public_key(NULL, pub), 0);
+
+    ExpectIntEQ(wolfSSL_EC_KEY_set_public_key(key, pub), 1);
+    ExpectNotNull(point = wolfSSL_EC_KEY_get0_public_key(key));
+    ExpectPtrEq(point, pub);
+
+    wolfSSL_EC_KEY_free(key);
+#endif
+    return EXPECT_RESULT();
+}
+
+int test_wolfSSL_EC_KEY_print_fp(void)
+{
+    EXPECT_DECLS;
+#if defined(HAVE_ECC) && ((defined(HAVE_ECC224) && defined(HAVE_ECC256)) || \
+    defined(HAVE_ALL_CURVES)) && ECC_MIN_KEY_SZ <= 224 && \
+    defined(OPENSSL_EXTRA) && defined(XFPRINTF) && !defined(NO_FILESYSTEM) && \
+    !defined(NO_STDIO_FILESYSTEM)
+    EC_KEY* key = NULL;
+
+    /* Bad file pointer. */
+    ExpectIntEQ(wolfSSL_EC_KEY_print_fp(NULL, key, 0), WC_NO_ERR_TRACE(WOLFSSL_FAILURE));
+    /* NULL key. */
+    ExpectIntEQ(wolfSSL_EC_KEY_print_fp(stderr, NULL, 0), WC_NO_ERR_TRACE(WOLFSSL_FAILURE));
+    ExpectNotNull((key = wolfSSL_EC_KEY_new_by_curve_name(NID_secp224r1)));
+    /* Negative indent. */
+    ExpectIntEQ(wolfSSL_EC_KEY_print_fp(stderr, key, -1), WC_NO_ERR_TRACE(WOLFSSL_FAILURE));
+
+    ExpectIntEQ(wolfSSL_EC_KEY_print_fp(stderr, key, 4), WOLFSSL_SUCCESS);
+    ExpectIntEQ(wolfSSL_EC_KEY_generate_key(key), WOLFSSL_SUCCESS);
+    ExpectIntEQ(wolfSSL_EC_KEY_print_fp(stderr, key, 4), WOLFSSL_SUCCESS);
+    wolfSSL_EC_KEY_free(key);
+
+    ExpectNotNull((key = wolfSSL_EC_KEY_new_by_curve_name(
+        NID_X9_62_prime256v1)));
+    ExpectIntEQ(wolfSSL_EC_KEY_generate_key(key), WOLFSSL_SUCCESS);
+    ExpectIntEQ(wolfSSL_EC_KEY_print_fp(stderr, key, 4), WOLFSSL_SUCCESS);
+    wolfSSL_EC_KEY_free(key);
+#endif
+    return EXPECT_RESULT();
+}
+
+int test_wolfSSL_EC_get_builtin_curves(void)
+{
+    EXPECT_DECLS;
+#if defined(OPENSSL_EXTRA) || defined(OPENSSL_ALL)
+#if !defined(HAVE_FIPS) || (defined(HAVE_FIPS_VERSION) && (HAVE_FIPS_VERSION>2))
+    EC_builtin_curve* curves = NULL;
+    size_t crv_len = 0;
+    size_t i = 0;
+
+    ExpectIntGT((crv_len = EC_get_builtin_curves(NULL, 0)), 0);
+    ExpectNotNull(curves = (EC_builtin_curve*)XMALLOC(
+        sizeof(EC_builtin_curve) * crv_len, NULL, DYNAMIC_TYPE_TMP_BUFFER));
+
+    ExpectIntEQ((EC_get_builtin_curves(curves, 0)), crv_len);
+    ExpectIntEQ(EC_get_builtin_curves(curves, crv_len), crv_len);
+
+    for (i = 0; EXPECT_SUCCESS() && (i < crv_len); i++) {
+        if (curves[i].comment != NULL) {
+            ExpectStrEQ(OBJ_nid2sn(curves[i].nid), curves[i].comment);
+        }
+    }
+
+    if (crv_len > 1) {
+        ExpectIntEQ(EC_get_builtin_curves(curves, crv_len - 1), crv_len - 1);
+    }
+
+    XFREE(curves, NULL, DYNAMIC_TYPE_TMP_BUFFER);
+#endif /* !HAVE_FIPS || HAVE_FIPS_VERSION > 2 */
+#endif /* OPENSSL_EXTRA || OPENSSL_ALL */
+    return EXPECT_RESULT();
+}
+
+int test_wolfSSL_ECDSA_SIG(void)
+{
+    EXPECT_DECLS;
+#ifdef OPENSSL_EXTRA
+    WOLFSSL_ECDSA_SIG* sig = NULL;
+    WOLFSSL_ECDSA_SIG* sig2 = NULL;
+    WOLFSSL_BIGNUM* r = NULL;
+    WOLFSSL_BIGNUM* s = NULL;
+    const WOLFSSL_BIGNUM* r2 = NULL;
+    const WOLFSSL_BIGNUM* s2 = NULL;
+    const unsigned char* cp = NULL;
+    unsigned char* p = NULL;
+    unsigned char outSig[8];
+    unsigned char sigData[8] =
+                             { 0x30, 0x06, 0x02, 0x01, 0x01, 0x02, 0x01, 0x01 };
+    unsigned char sigDataBad[8] =
+                             { 0x30, 0x07, 0x02, 0x01, 0x01, 0x02, 0x01, 0x01 };
+
+    wolfSSL_ECDSA_SIG_free(NULL);
+
+    ExpectNotNull(sig = wolfSSL_ECDSA_SIG_new());
+    ExpectNotNull(r = wolfSSL_BN_new());
+    ExpectNotNull(s = wolfSSL_BN_new());
+    ExpectIntEQ(wolfSSL_BN_set_word(r, 1), 1);
+    ExpectIntEQ(wolfSSL_BN_set_word(s, 1), 1);
+
+    wolfSSL_ECDSA_SIG_get0(NULL, NULL, NULL);
+    wolfSSL_ECDSA_SIG_get0(NULL, &r2, NULL);
+    wolfSSL_ECDSA_SIG_get0(NULL, NULL, &s2);
+    wolfSSL_ECDSA_SIG_get0(NULL, &r2, &s2);
+    ExpectIntEQ(wolfSSL_ECDSA_SIG_set0(NULL, NULL, NULL), 0);
+    ExpectIntEQ(wolfSSL_ECDSA_SIG_set0(sig, NULL, NULL), 0);
+    ExpectIntEQ(wolfSSL_ECDSA_SIG_set0(NULL, r, NULL), 0);
+    ExpectIntEQ(wolfSSL_ECDSA_SIG_set0(NULL, NULL, s), 0);
+    ExpectIntEQ(wolfSSL_ECDSA_SIG_set0(NULL, r, s), 0);
+    ExpectIntEQ(wolfSSL_ECDSA_SIG_set0(sig, NULL, s), 0);
+    ExpectIntEQ(wolfSSL_ECDSA_SIG_set0(sig, r, NULL), 0);
+
+    r2 = NULL;
+    s2 = NULL;
+    wolfSSL_ECDSA_SIG_get0(NULL, &r2, &s2);
+    ExpectNull(r2);
+    ExpectNull(s2);
+    ExpectIntEQ(wolfSSL_ECDSA_SIG_set0(sig, r, s), 1);
+    if (EXPECT_FAIL()) {
+        wolfSSL_BN_free(r);
+        wolfSSL_BN_free(s);
+    }
+    wolfSSL_ECDSA_SIG_get0(sig, &r2, &s2);
+    ExpectPtrEq(r2, r);
+    ExpectPtrEq(s2, s);
+    r2 = NULL;
+    wolfSSL_ECDSA_SIG_get0(sig, &r2, NULL);
+    ExpectPtrEq(r2, r);
+    s2 = NULL;
+    wolfSSL_ECDSA_SIG_get0(sig, NULL, &s2);
+    ExpectPtrEq(s2, s);
+
+    /* r and s are freed when sig is freed. */
+    wolfSSL_ECDSA_SIG_free(sig);
+    sig = NULL;
+
+    ExpectNull(wolfSSL_d2i_ECDSA_SIG(NULL, NULL, sizeof(sigData)));
+    cp = sigDataBad;
+    ExpectNull(wolfSSL_d2i_ECDSA_SIG(NULL, &cp, sizeof(sigDataBad)));
+    cp = sigData;
+    ExpectNotNull((sig = wolfSSL_d2i_ECDSA_SIG(NULL, &cp, sizeof(sigData))));
+    ExpectIntEQ((cp == sigData + 8), 1);
+    cp = sigData;
+    ExpectNull(wolfSSL_d2i_ECDSA_SIG(&sig, NULL, sizeof(sigData)));
+    ExpectNotNull((sig2 = wolfSSL_d2i_ECDSA_SIG(&sig, &cp, sizeof(sigData))));
+    ExpectIntEQ((sig == sig2), 1);
+    cp = outSig;
+
+    p = outSig;
+    ExpectIntEQ(wolfSSL_i2d_ECDSA_SIG(NULL, &p), 0);
+    ExpectIntEQ(wolfSSL_i2d_ECDSA_SIG(NULL, NULL), 0);
+    ExpectIntEQ(wolfSSL_i2d_ECDSA_SIG(sig, NULL), 8);
+    ExpectIntEQ(wolfSSL_i2d_ECDSA_SIG(sig, &p), sizeof(sigData));
+    ExpectIntEQ((p == outSig + 8), 1);
+    ExpectIntEQ(XMEMCMP(sigData, outSig, 8), 0);
+
+    p = NULL;
+    ExpectIntEQ(wolfSSL_i2d_ECDSA_SIG(sig, &p), 8);
+#ifndef WOLFSSL_I2D_ECDSA_SIG_ALLOC
+    ExpectNull(p);
+#else
+    ExpectNotNull(p);
+    ExpectIntEQ(XMEMCMP(p, outSig, 8), 0);
+    XFREE(p, NULL, DYNAMIC_TYPE_OPENSSL);
+#endif
+
+    wolfSSL_ECDSA_SIG_free(sig);
+#endif
+    return EXPECT_RESULT();
+}
+
+int test_ECDSA_size_sign(void)
+{
+    EXPECT_DECLS;
+#if defined(OPENSSL_EXTRA) && !defined(NO_ECC256) && !defined(NO_ECC_SECP)
+    EC_KEY* key = NULL;
+    ECDSA_SIG* ecdsaSig = NULL;
+    int id;
+    byte hash[WC_MAX_DIGEST_SIZE];
+    byte hash2[WC_MAX_DIGEST_SIZE];
+    byte sig[ECC_MAX_SIG_SIZE];
+    unsigned int sigSz = sizeof(sig);
+
+    XMEMSET(hash, 123, sizeof(hash));
+    XMEMSET(hash2, 234, sizeof(hash2));
+
+    id = wc_ecc_get_curve_id_from_name("SECP256R1");
+    ExpectIntEQ(id, ECC_SECP256R1);
+
+    ExpectNotNull(key = EC_KEY_new_by_curve_name(NID_X9_62_prime256v1));
+    ExpectIntEQ(EC_KEY_generate_key(key), 1);
+
+    ExpectIntGE(ECDSA_size(NULL), 0);
+
+    ExpectIntEQ(ECDSA_sign(0, hash, sizeof(hash), sig, &sigSz, NULL), 0);
+    ExpectIntEQ(ECDSA_sign(0, NULL, sizeof(hash), sig, &sigSz, key), 0);
+    ExpectIntEQ(ECDSA_sign(0, hash, sizeof(hash), NULL, &sigSz, key), 0);
+    ExpectIntEQ(ECDSA_verify(0, hash, sizeof(hash), sig, (int)sigSz, NULL), 0);
+    ExpectIntEQ(ECDSA_verify(0, NULL, sizeof(hash), sig, (int)sigSz, key), 0);
+    ExpectIntEQ(ECDSA_verify(0, hash, sizeof(hash), NULL, (int)sigSz, key), 0);
+
+    ExpectIntEQ(ECDSA_sign(0, hash, sizeof(hash), sig, &sigSz, key), 1);
+    ExpectIntGE(ECDSA_size(key), sigSz);
+    ExpectIntEQ(ECDSA_verify(0, hash, sizeof(hash), sig, (int)sigSz, key), 1);
+    ExpectIntEQ(ECDSA_verify(0, hash2, sizeof(hash2), sig, (int)sigSz, key), 0);
+
+    ExpectNull(ECDSA_do_sign(NULL, sizeof(hash), NULL));
+    ExpectNull(ECDSA_do_sign(NULL, sizeof(hash), key));
+    ExpectNull(ECDSA_do_sign(hash, sizeof(hash), NULL));
+    ExpectNotNull(ecdsaSig = ECDSA_do_sign(hash, sizeof(hash), key));
+    ExpectIntEQ(ECDSA_do_verify(NULL, sizeof(hash), NULL, NULL), -1);
+    ExpectIntEQ(ECDSA_do_verify(hash, sizeof(hash), NULL, NULL), -1);
+    ExpectIntEQ(ECDSA_do_verify(NULL, sizeof(hash), ecdsaSig, NULL), -1);
+    ExpectIntEQ(ECDSA_do_verify(NULL, sizeof(hash), NULL, key), -1);
+    ExpectIntEQ(ECDSA_do_verify(NULL, sizeof(hash), ecdsaSig, key), -1);
+    ExpectIntEQ(ECDSA_do_verify(hash, sizeof(hash), NULL, key), -1);
+    ExpectIntEQ(ECDSA_do_verify(hash, sizeof(hash), ecdsaSig, NULL), -1);
+    ExpectIntEQ(ECDSA_do_verify(hash, sizeof(hash), ecdsaSig, key), 1);
+    ExpectIntEQ(ECDSA_do_verify(hash2, sizeof(hash2), ecdsaSig, key), 0);
+    ECDSA_SIG_free(ecdsaSig);
+
+    EC_KEY_free(key);
+#endif /* OPENSSL_EXTRA && !NO_ECC256 && !NO_ECC_SECP */
+    return EXPECT_RESULT();
+}
+
+int test_ECDH_compute_key(void)
+{
+    EXPECT_DECLS;
+#if defined(OPENSSL_EXTRA) && !defined(NO_ECC256) && !defined(NO_ECC_SECP) && \
+    !defined(WOLF_CRYPTO_CB_ONLY_ECC)
+    EC_KEY* key1 = NULL;
+    EC_KEY* key2 = NULL;
+    EC_POINT* pub1 = NULL;
+    EC_POINT* pub2 = NULL;
+    byte secret1[32];
+    byte secret2[32];
+    int i;
+
+    ExpectNotNull(key1 = EC_KEY_new_by_curve_name(NID_X9_62_prime256v1));
+    ExpectIntEQ(EC_KEY_generate_key(key1), 1);
+    ExpectNotNull(pub1 = wolfSSL_EC_KEY_get0_public_key(key1));
+    ExpectNotNull(key2 = EC_KEY_new_by_curve_name(NID_X9_62_prime256v1));
+    ExpectIntEQ(EC_KEY_generate_key(key2), 1);
+    ExpectNotNull(pub2 = wolfSSL_EC_KEY_get0_public_key(key2));
+
+    ExpectIntEQ(ECDH_compute_key(NULL, sizeof(secret1), NULL, NULL, NULL), 0);
+    ExpectIntEQ(ECDH_compute_key(secret1, sizeof(secret1), NULL, NULL, NULL),
+        0);
+    ExpectIntEQ(ECDH_compute_key(NULL, sizeof(secret1), pub2, NULL, NULL), 0);
+    ExpectIntEQ(ECDH_compute_key(NULL, sizeof(secret1), NULL, key1, NULL), 0);
+    ExpectIntEQ(ECDH_compute_key(NULL, sizeof(secret1), pub2, key1, NULL), 0);
+    ExpectIntEQ(ECDH_compute_key(secret1, sizeof(secret1), NULL, key1, NULL),
+        0);
+    ExpectIntEQ(ECDH_compute_key(secret1, sizeof(secret1), pub2, NULL, NULL),
+        0);
+
+    ExpectIntEQ(ECDH_compute_key(secret1, sizeof(secret1) - 16, pub2, key1,
+        NULL), 0);
+
+    ExpectIntEQ(ECDH_compute_key(secret1, sizeof(secret1), pub2, key1, NULL),
+        sizeof(secret1));
+    ExpectIntEQ(ECDH_compute_key(secret2, sizeof(secret2), pub1, key2, NULL),
+        sizeof(secret2));
+
+    for (i = 0; i < (int)sizeof(secret1); i++) {
+        ExpectIntEQ(secret1[i], secret2[i]);
+    }
+
+    EC_KEY_free(key2);
+    EC_KEY_free(key1);
+#endif /* OPENSSL_EXTRA && !NO_ECC256 && !NO_ECC_SECP &&
+        * !WOLF_CRYPTO_CB_ONLY_ECC */
+    return EXPECT_RESULT();
+}
+
+#endif /* HAVE_ECC && !OPENSSL_NO_PK */
+
+
diff --git a/tests/api/test_ossl_ec.h b/tests/api/test_ossl_ec.h
new file mode 100644
index 000000000..c577e322a
--- /dev/null
+++ b/tests/api/test_ossl_ec.h
@@ -0,0 +1,72 @@
+/* test_ossl_ec.h
+ *
+ * Copyright (C) 2006-2025 wolfSSL Inc.
+ *
+ * This file is part of wolfSSL.
+ *
+ * wolfSSL is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * wolfSSL is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA
+ */
+
+#ifndef WOLFCRYPT_TEST_OSSL_EC_H
+#define WOLFCRYPT_TEST_OSSL_EC_H
+
+#include <tests/api/api_decl.h>
+
+#if defined(HAVE_ECC) && !defined(OPENSSL_NO_PK)
+
+int test_wolfSSL_EC_GROUP(void);
+int test_wolfSSL_PEM_read_bio_ECPKParameters(void);
+int test_wolfSSL_i2d_ECPKParameters(void);
+int test_wolfSSL_EC_POINT(void);
+int test_wolfSSL_SPAKE(void);
+int test_wolfSSL_EC_KEY_generate(void);
+int test_EC_i2d(void);
+int test_wolfSSL_EC_curve(void);
+int test_wolfSSL_EC_KEY_dup(void);
+int test_wolfSSL_EC_KEY_set_group(void);
+int test_wolfSSL_EC_KEY_set_conv_form(void);
+int test_wolfSSL_EC_KEY_private_key(void);
+int test_wolfSSL_EC_KEY_public_key(void);
+int test_wolfSSL_EC_KEY_print_fp(void);
+int test_wolfSSL_EC_get_builtin_curves(void);
+int test_wolfSSL_ECDSA_SIG(void);
+int test_ECDSA_size_sign(void);
+int test_ECDH_compute_key(void);
+
+
+#define TEST_OSSL_EC_DECLS                                                  \
+    TEST_DECL_GROUP("ossl_ec", test_wolfSSL_EC_GROUP),                      \
+    TEST_DECL_GROUP("ossl_ec", test_wolfSSL_PEM_read_bio_ECPKParameters),   \
+    TEST_DECL_GROUP("ossl_ec", test_wolfSSL_i2d_ECPKParameters),            \
+    TEST_DECL_GROUP("ossl_ec", test_wolfSSL_EC_POINT),                      \
+    TEST_DECL_GROUP("ossl_ec", test_wolfSSL_SPAKE),                         \
+    TEST_DECL_GROUP("ossl_ec", test_wolfSSL_EC_KEY_generate),               \
+    TEST_DECL_GROUP("ossl_ec", test_EC_i2d),                                \
+    TEST_DECL_GROUP("ossl_ec", test_wolfSSL_EC_curve),                      \
+    TEST_DECL_GROUP("ossl_ec", test_wolfSSL_EC_KEY_dup),                    \
+    TEST_DECL_GROUP("ossl_ec", test_wolfSSL_EC_KEY_set_group),              \
+    TEST_DECL_GROUP("ossl_ec", test_wolfSSL_EC_KEY_set_conv_form),          \
+    TEST_DECL_GROUP("ossl_ec", test_wolfSSL_EC_KEY_private_key),            \
+    TEST_DECL_GROUP("ossl_ec", test_wolfSSL_EC_KEY_public_key),             \
+    TEST_DECL_GROUP("ossl_ec", test_wolfSSL_EC_KEY_print_fp),               \
+    TEST_DECL_GROUP("ossl_ec", test_wolfSSL_EC_get_builtin_curves),         \
+    TEST_DECL_GROUP("ossl_ec", test_wolfSSL_ECDSA_SIG),                     \
+    TEST_DECL_GROUP("ossl_ec", test_ECDSA_size_sign),                       \
+    TEST_DECL_GROUP("ossl_ec", test_ECDH_compute_key)
+
+#endif
+
+#endif /* WOLFCRYPT_TEST_OSSL_EC_H */
+
diff --git a/tests/api/test_ossl_ecx.c b/tests/api/test_ossl_ecx.c
new file mode 100644
index 000000000..b86a09ce7
--- /dev/null
+++ b/tests/api/test_ossl_ecx.c
@@ -0,0 +1,445 @@
+/* test_ossl_ecx.c
+ *
+ * Copyright (C) 2006-2025 wolfSSL Inc.
+ *
+ * This file is part of wolfSSL.
+ *
+ * wolfSSL is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * wolfSSL is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA
+ */
+
+#include <tests/unit.h>
+
+#ifdef NO_INLINE
+    #include <wolfssl/wolfcrypt/misc.h>
+#else
+    #define WOLFSSL_MISC_INCLUDED
+    #include <wolfcrypt/src/misc.c>
+#endif
+
+#include <wolfssl/openssl/ec.h>
+#include <wolfssl/openssl/ec25519.h>
+#include <wolfssl/openssl/ed25519.h>
+#include <wolfssl/openssl/ec448.h>
+#include <wolfssl/openssl/ed448.h>
+#include <wolfssl/wolfcrypt/curve25519.h>
+#include <wolfssl/wolfcrypt/curve448.h>
+#include <wolfssl/wolfcrypt/types.h>
+#include <tests/api/api.h>
+#include <tests/api/test_ossl_ecx.h>
+
+/*******************************************************************************
+ * ECX OpenSSL compatibility API Testing
+ ******************************************************************************/
+
+#ifdef OPENSSL_EXTRA
+int test_EC25519(void)
+{
+    EXPECT_DECLS;
+#if defined(HAVE_CURVE25519) && defined(WOLFSSL_KEY_GEN)
+    byte         priv[CURVE25519_KEYSIZE];
+    unsigned int privSz = CURVE25519_KEYSIZE;
+    byte         pub[CURVE25519_KEYSIZE];
+    unsigned int pubSz = CURVE25519_KEYSIZE;
+    byte         priv2[CURVE25519_KEYSIZE];
+    unsigned int priv2Sz = CURVE25519_KEYSIZE;
+    byte         pub2[CURVE25519_KEYSIZE];
+    unsigned int pub2Sz = CURVE25519_KEYSIZE;
+    byte         shared[CURVE25519_KEYSIZE];
+    unsigned int sharedSz = CURVE25519_KEYSIZE;
+    byte         shared2[CURVE25519_KEYSIZE];
+    unsigned int shared2Sz = CURVE25519_KEYSIZE;
+
+    /* Bad parameter testing of key generation. */
+    ExpectIntEQ(wolfSSL_EC25519_generate_key(NULL,    NULL, NULL,   NULL), 0);
+    ExpectIntEQ(wolfSSL_EC25519_generate_key(NULL, &privSz, NULL, &pubSz), 0);
+    ExpectIntEQ(wolfSSL_EC25519_generate_key(NULL, &privSz,  pub, &pubSz), 0);
+    ExpectIntEQ(wolfSSL_EC25519_generate_key(priv,    NULL,  pub, &pubSz), 0);
+    ExpectIntEQ(wolfSSL_EC25519_generate_key(priv, &privSz, NULL, &pubSz), 0);
+    ExpectIntEQ(wolfSSL_EC25519_generate_key(priv, &privSz,  pub,   NULL), 0);
+    /*   Bad length */
+    privSz = 1;
+    ExpectIntEQ(wolfSSL_EC25519_generate_key(priv, &privSz, pub, &pubSz), 0);
+    privSz = CURVE25519_KEYSIZE;
+    pubSz = 1;
+    ExpectIntEQ(wolfSSL_EC25519_generate_key(priv, &privSz, pub, &pubSz), 0);
+    pubSz = CURVE25519_KEYSIZE;
+
+    /* Good case of generating key. */
+    ExpectIntEQ(wolfSSL_EC25519_generate_key(priv, &privSz, pub, &pubSz), 1);
+    ExpectIntEQ(wolfSSL_EC25519_generate_key(priv2, &priv2Sz, pub2, &pub2Sz),
+        1);
+    ExpectIntEQ(privSz, CURVE25519_KEYSIZE);
+    ExpectIntEQ(pubSz, CURVE25519_KEYSIZE);
+
+    /* Bad parameter testing of shared key. */
+    ExpectIntEQ(wolfSSL_EC25519_shared_key(  NULL,      NULL, NULL, privSz,
+        NULL,  pubSz), 0);
+    ExpectIntEQ(wolfSSL_EC25519_shared_key(  NULL, &sharedSz, NULL, privSz,
+        NULL, pubSz), 0);
+    ExpectIntEQ(wolfSSL_EC25519_shared_key(  NULL, &sharedSz, priv, privSz,
+         pub, pubSz), 0);
+    ExpectIntEQ(wolfSSL_EC25519_shared_key(shared, &sharedSz, NULL, privSz,
+         pub, pubSz), 0);
+    ExpectIntEQ(wolfSSL_EC25519_shared_key(shared, &sharedSz, priv, privSz,
+        NULL, pubSz), 0);
+    ExpectIntEQ(wolfSSL_EC25519_shared_key(  NULL, &sharedSz, priv, privSz,
+         pub, pubSz), 0);
+    ExpectIntEQ(wolfSSL_EC25519_shared_key(shared,      NULL, priv, privSz,
+         pub, pubSz), 0);
+    ExpectIntEQ(wolfSSL_EC25519_shared_key(shared, &sharedSz, NULL, privSz,
+         pub, pubSz), 0);
+    ExpectIntEQ(wolfSSL_EC25519_shared_key(shared, &sharedSz, priv, privSz,
+        NULL, pubSz), 0);
+    /*   Bad length. */
+    sharedSz = 1;
+    ExpectIntEQ(wolfSSL_EC25519_shared_key(shared, &sharedSz, priv, privSz,
+         pub, pubSz), 0);
+    sharedSz = CURVE25519_KEYSIZE;
+    privSz = 1;
+    ExpectIntEQ(wolfSSL_EC25519_shared_key(shared, &sharedSz, priv, privSz,
+         pub, pubSz), 0);
+    privSz = CURVE25519_KEYSIZE;
+    pubSz = 1;
+    ExpectIntEQ(wolfSSL_EC25519_shared_key(shared, &sharedSz, priv, privSz,
+         pub, pubSz), 0);
+    pubSz = CURVE25519_KEYSIZE;
+
+    /* Good case of shared key. */
+    ExpectIntEQ(wolfSSL_EC25519_shared_key(shared, &sharedSz, priv, privSz,
+        pub2, pub2Sz), 1);
+    ExpectIntEQ(wolfSSL_EC25519_shared_key(shared2, &shared2Sz, priv2, priv2Sz,
+        pub, pubSz), 1);
+    ExpectIntEQ(sharedSz, CURVE25519_KEYSIZE);
+    ExpectIntEQ(shared2Sz, CURVE25519_KEYSIZE);
+    ExpectIntEQ(XMEMCMP(shared, shared2, sharedSz), 0);
+#endif /* HAVE_CURVE25519 && WOLFSSL_KEY_GEN */
+    return EXPECT_RESULT();
+}
+
+int test_ED25519(void)
+{
+    EXPECT_DECLS;
+#if defined(HAVE_ED25519) && defined(HAVE_ED25519_KEY_EXPORT) && \
+    defined(WOLFSSL_KEY_GEN)
+    byte         priv[ED25519_PRV_KEY_SIZE];
+    unsigned int privSz = (unsigned int)sizeof(priv);
+    byte         pub[ED25519_PUB_KEY_SIZE];
+    unsigned int pubSz = (unsigned int)sizeof(pub);
+#if defined(HAVE_ED25519_SIGN) && defined(HAVE_ED25519_KEY_IMPORT)
+    const char*  msg = TEST_STRING;
+    unsigned int msglen = (unsigned int)TEST_STRING_SZ;
+    byte         sig[ED25519_SIG_SIZE];
+    unsigned int sigSz = (unsigned int)sizeof(sig);
+#endif /* HAVE_ED25519_SIGN && HAVE_ED25519_KEY_IMPORT */
+
+    /* Bad parameter testing of key generation. */
+    ExpectIntEQ(wolfSSL_ED25519_generate_key(NULL,    NULL, NULL,   NULL), 0);
+    ExpectIntEQ(wolfSSL_ED25519_generate_key(priv,    NULL, NULL,   NULL), 0);
+    ExpectIntEQ(wolfSSL_ED25519_generate_key(NULL, &privSz, NULL,   NULL), 0);
+    ExpectIntEQ(wolfSSL_ED25519_generate_key(NULL,    NULL,  pub,   NULL), 0);
+    ExpectIntEQ(wolfSSL_ED25519_generate_key(NULL,    NULL, NULL, &pubSz), 0);
+    ExpectIntEQ(wolfSSL_ED25519_generate_key(NULL, &privSz,  pub, &pubSz), 0);
+    ExpectIntEQ(wolfSSL_ED25519_generate_key(priv,    NULL,  pub, &pubSz), 0);
+    ExpectIntEQ(wolfSSL_ED25519_generate_key(priv, &privSz, NULL, &pubSz), 0);
+    ExpectIntEQ(wolfSSL_ED25519_generate_key(priv, &privSz,  pub,   NULL), 0);
+    /*   Bad length. */
+    privSz = 1;
+    ExpectIntEQ(wolfSSL_ED25519_generate_key(priv, &privSz, pub, &pubSz), 0);
+    privSz = ED25519_PRV_KEY_SIZE;
+    pubSz = 1;
+    ExpectIntEQ(wolfSSL_ED25519_generate_key(priv, &privSz, pub, &pubSz), 0);
+    pubSz = ED25519_PUB_KEY_SIZE;
+
+    /* Good case of generating key. */
+    ExpectIntEQ(wolfSSL_ED25519_generate_key(priv, &privSz, pub, &pubSz),
+        1);
+    ExpectIntEQ(privSz, ED25519_PRV_KEY_SIZE);
+    ExpectIntEQ(pubSz, ED25519_PUB_KEY_SIZE);
+
+#if defined(HAVE_ED25519_SIGN) && defined(HAVE_ED25519_KEY_IMPORT)
+    /* Bad parameter testing of signing. */
+    ExpectIntEQ(wolfSSL_ED25519_sign(      NULL, msglen, NULL, privSz, NULL,
+          NULL), 0);
+    ExpectIntEQ(wolfSSL_ED25519_sign((byte*)msg, msglen, NULL, privSz, NULL,
+          NULL), 0);
+    ExpectIntEQ(wolfSSL_ED25519_sign(      NULL, msglen, priv, privSz, NULL,
+          NULL), 0);
+    ExpectIntEQ(wolfSSL_ED25519_sign(      NULL, msglen, NULL, privSz, sig,
+          NULL), 0);
+    ExpectIntEQ(wolfSSL_ED25519_sign(      NULL, msglen, NULL, privSz, NULL,
+        &sigSz), 0);
+    ExpectIntEQ(wolfSSL_ED25519_sign(      NULL, msglen, priv, privSz,  sig,
+        &sigSz), 0);
+    ExpectIntEQ(wolfSSL_ED25519_sign((byte*)msg, msglen, NULL, privSz,  sig,
+        &sigSz), 0);
+    ExpectIntEQ(wolfSSL_ED25519_sign((byte*)msg, msglen, priv, privSz,  NULL,
+        &sigSz), 0);
+    ExpectIntEQ(wolfSSL_ED25519_sign((byte*)msg, msglen, priv, privSz,  sig,
+          NULL), 0);
+    /*   Bad length. */
+    privSz = 1;
+    ExpectIntEQ(wolfSSL_ED25519_sign((byte*)msg, msglen, priv, privSz, sig,
+        &sigSz), 0);
+    privSz = ED25519_PRV_KEY_SIZE;
+    sigSz = 1;
+    ExpectIntEQ(wolfSSL_ED25519_sign((byte*)msg, msglen, priv, privSz, sig,
+        &sigSz), 0);
+    sigSz = ED25519_SIG_SIZE;
+
+    /* Good case of signing. */
+    ExpectIntEQ(wolfSSL_ED25519_sign((byte*)msg, msglen, priv, privSz, sig,
+        &sigSz), 1);
+    ExpectIntEQ(sigSz, ED25519_SIG_SIZE);
+
+#ifdef HAVE_ED25519_VERIFY
+    /* Bad parameter testing of verification. */
+    ExpectIntEQ(wolfSSL_ED25519_verify(      NULL, msglen, NULL, pubSz, NULL,
+        sigSz), 0);
+    ExpectIntEQ(wolfSSL_ED25519_verify((byte*)msg, msglen, NULL, pubSz, NULL,
+        sigSz), 0);
+    ExpectIntEQ(wolfSSL_ED25519_verify(      NULL, msglen,  pub, pubSz, NULL,
+        sigSz), 0);
+    ExpectIntEQ(wolfSSL_ED25519_verify(      NULL, msglen, NULL, pubSz,  sig,
+        sigSz), 0);
+    ExpectIntEQ(wolfSSL_ED25519_verify(      NULL, msglen,  pub, pubSz,  sig,
+        sigSz), 0);
+    ExpectIntEQ(wolfSSL_ED25519_verify((byte*)msg, msglen, NULL, pubSz,  sig,
+        sigSz), 0);
+    ExpectIntEQ(wolfSSL_ED25519_verify((byte*)msg, msglen,  pub, pubSz, NULL,
+        sigSz), 0);
+    /*   Bad length. */
+    pubSz = 1;
+    ExpectIntEQ(wolfSSL_ED25519_verify((byte*)msg, msglen, pub, pubSz, sig,
+        sigSz), 0);
+    pubSz = ED25519_PUB_KEY_SIZE;
+    sigSz = 1;
+    ExpectIntEQ(wolfSSL_ED25519_verify((byte*)msg, msglen, pub, pubSz, sig,
+        sigSz), 0);
+    sigSz = ED25519_SIG_SIZE;
+
+    /* Good case of verification. */
+    ExpectIntEQ(wolfSSL_ED25519_verify((byte*)msg, msglen, pub, pubSz, sig,
+        sigSz), 1);
+    /* Bad signature. */
+    if (EXPECT_SUCCESS()) {
+        sig[1] ^= 0x80;
+    }
+    ExpectIntEQ(wolfSSL_ED25519_verify((byte*)msg, msglen, pub, pubSz, sig,
+        sigSz), 0);
+#endif /* HAVE_ED25519_VERIFY */
+#endif /* HAVE_ED25519_SIGN && HAVE_ED25519_KEY_IMPORT */
+#endif /* HAVE_ED25519 && HAVE_ED25519_KEY_EXPORT && WOLFSSL_KEY_GEN */
+    return EXPECT_RESULT();
+}
+
+int test_EC448(void)
+{
+    EXPECT_DECLS;
+#if defined(HAVE_CURVE448) && defined(WOLFSSL_KEY_GEN)
+    byte         priv[CURVE448_KEY_SIZE];
+    unsigned int privSz = CURVE448_KEY_SIZE;
+    byte         pub[CURVE448_KEY_SIZE];
+    unsigned int pubSz = CURVE448_KEY_SIZE;
+    byte         priv2[CURVE448_KEY_SIZE];
+    unsigned int priv2Sz = CURVE448_KEY_SIZE;
+    byte         pub2[CURVE448_KEY_SIZE];
+    unsigned int pub2Sz = CURVE448_KEY_SIZE;
+    byte         shared[CURVE448_KEY_SIZE];
+    unsigned int sharedSz = CURVE448_KEY_SIZE;
+    byte         shared2[CURVE448_KEY_SIZE];
+    unsigned int shared2Sz = CURVE448_KEY_SIZE;
+
+    /* Bad parameter testing of key generation. */
+    ExpectIntEQ(wolfSSL_EC448_generate_key(NULL,    NULL, NULL,   NULL), 0);
+    ExpectIntEQ(wolfSSL_EC448_generate_key(NULL, &privSz, NULL, &pubSz), 0);
+    ExpectIntEQ(wolfSSL_EC448_generate_key(NULL, &privSz,  pub, &pubSz), 0);
+    ExpectIntEQ(wolfSSL_EC448_generate_key(priv,    NULL,  pub, &pubSz), 0);
+    ExpectIntEQ(wolfSSL_EC448_generate_key(priv, &privSz, NULL, &pubSz), 0);
+    ExpectIntEQ(wolfSSL_EC448_generate_key(priv, &privSz,  pub,   NULL), 0);
+    /*   Bad length. */
+    privSz = 1;
+    ExpectIntEQ(wolfSSL_EC448_generate_key(priv, &privSz, pub, &pubSz), 0);
+    privSz = CURVE448_KEY_SIZE;
+    pubSz = 1;
+    ExpectIntEQ(wolfSSL_EC448_generate_key(priv, &privSz, pub, &pubSz), 0);
+    pubSz = CURVE448_KEY_SIZE;
+
+    /* Good case of generating key. */
+    ExpectIntEQ(wolfSSL_EC448_generate_key(priv, &privSz, pub, &pubSz), 1);
+    ExpectIntEQ(wolfSSL_EC448_generate_key(priv2, &priv2Sz, pub2, &pub2Sz), 1);
+    ExpectIntEQ(privSz, CURVE448_KEY_SIZE);
+    ExpectIntEQ(pubSz, CURVE448_KEY_SIZE);
+
+    /* Bad parameter testing of shared key. */
+    ExpectIntEQ(wolfSSL_EC448_shared_key(  NULL,      NULL, NULL, privSz,
+        NULL,  pubSz), 0);
+    ExpectIntEQ(wolfSSL_EC448_shared_key(  NULL, &sharedSz, NULL, privSz,
+        NULL, pubSz), 0);
+    ExpectIntEQ(wolfSSL_EC448_shared_key(  NULL, &sharedSz, priv, privSz,
+         pub, pubSz), 0);
+    ExpectIntEQ(wolfSSL_EC448_shared_key(shared, &sharedSz, NULL, privSz,
+         pub, pubSz), 0);
+    ExpectIntEQ(wolfSSL_EC448_shared_key(shared, &sharedSz, priv, privSz,
+        NULL, pubSz), 0);
+    ExpectIntEQ(wolfSSL_EC448_shared_key(  NULL, &sharedSz, priv, privSz,
+         pub, pubSz), 0);
+    ExpectIntEQ(wolfSSL_EC448_shared_key(shared,      NULL, priv, privSz,
+         pub, pubSz), 0);
+    ExpectIntEQ(wolfSSL_EC448_shared_key(shared, &sharedSz, NULL, privSz,
+         pub, pubSz), 0);
+    ExpectIntEQ(wolfSSL_EC448_shared_key(shared, &sharedSz, priv, privSz,
+        NULL, pubSz), 0);
+    /*   Bad length. */
+    sharedSz = 1;
+    ExpectIntEQ(wolfSSL_EC448_shared_key(shared, &sharedSz, priv, privSz,
+         pub, pubSz), 0);
+    sharedSz = CURVE448_KEY_SIZE;
+    privSz = 1;
+    ExpectIntEQ(wolfSSL_EC448_shared_key(shared, &sharedSz, priv, privSz,
+         pub, pubSz), 0);
+    privSz = CURVE448_KEY_SIZE;
+    pubSz = 1;
+    ExpectIntEQ(wolfSSL_EC448_shared_key(shared, &sharedSz, priv, privSz,
+         pub, pubSz), 0);
+    pubSz = CURVE448_KEY_SIZE;
+
+    /* Good case of shared key. */
+    ExpectIntEQ(wolfSSL_EC448_shared_key(shared, &sharedSz, priv, privSz,
+        pub2, pub2Sz), 1);
+    ExpectIntEQ(wolfSSL_EC448_shared_key(shared2, &shared2Sz, priv2, priv2Sz,
+        pub, pubSz), 1);
+    ExpectIntEQ(sharedSz, CURVE448_KEY_SIZE);
+    ExpectIntEQ(shared2Sz, CURVE448_KEY_SIZE);
+    ExpectIntEQ(XMEMCMP(shared, shared2, sharedSz), 0);
+#endif /* HAVE_CURVE448 && WOLFSSL_KEY_GEN */
+    return EXPECT_RESULT();
+}
+
+int test_ED448(void)
+{
+    EXPECT_DECLS;
+#if defined(HAVE_ED448) && defined(HAVE_ED448_KEY_EXPORT) && \
+    defined(WOLFSSL_KEY_GEN)
+    byte         priv[ED448_PRV_KEY_SIZE];
+    unsigned int privSz = (unsigned int)sizeof(priv);
+    byte         pub[ED448_PUB_KEY_SIZE];
+    unsigned int pubSz = (unsigned int)sizeof(pub);
+#if defined(HAVE_ED448_SIGN) && defined(HAVE_ED448_KEY_IMPORT)
+    const char*  msg = TEST_STRING;
+    unsigned int msglen = (unsigned int)TEST_STRING_SZ;
+    byte         sig[ED448_SIG_SIZE];
+    unsigned int sigSz = (unsigned int)sizeof(sig);
+#endif /* HAVE_ED448_SIGN && HAVE_ED448_KEY_IMPORT */
+
+    /* Bad parameter testing of key generation. */
+    ExpectIntEQ(wolfSSL_ED448_generate_key(NULL,    NULL, NULL,   NULL), 0);
+    ExpectIntEQ(wolfSSL_ED448_generate_key(priv,    NULL, NULL,   NULL), 0);
+    ExpectIntEQ(wolfSSL_ED448_generate_key(NULL, &privSz, NULL,   NULL), 0);
+    ExpectIntEQ(wolfSSL_ED448_generate_key(NULL,    NULL,  pub,   NULL), 0);
+    ExpectIntEQ(wolfSSL_ED448_generate_key(NULL,    NULL, NULL, &pubSz), 0);
+    ExpectIntEQ(wolfSSL_ED448_generate_key(NULL, &privSz,  pub, &pubSz), 0);
+    ExpectIntEQ(wolfSSL_ED448_generate_key(priv,    NULL,  pub, &pubSz), 0);
+    ExpectIntEQ(wolfSSL_ED448_generate_key(priv, &privSz, NULL, &pubSz), 0);
+    ExpectIntEQ(wolfSSL_ED448_generate_key(priv, &privSz,  pub,   NULL), 0);
+    /*   Bad length. */
+    privSz = 1;
+    ExpectIntEQ(wolfSSL_ED448_generate_key(priv, &privSz, pub, &pubSz), 0);
+    privSz = ED448_PRV_KEY_SIZE;
+    pubSz = 1;
+    ExpectIntEQ(wolfSSL_ED448_generate_key(priv, &privSz, pub, &pubSz), 0);
+    pubSz = ED448_PUB_KEY_SIZE;
+
+    /* Good case of generating key. */
+    ExpectIntEQ(wolfSSL_ED448_generate_key(priv, &privSz, pub, &pubSz), 1);
+    ExpectIntEQ(privSz, ED448_PRV_KEY_SIZE);
+    ExpectIntEQ(pubSz, ED448_PUB_KEY_SIZE);
+
+#if defined(HAVE_ED448_SIGN) && defined(HAVE_ED448_KEY_IMPORT)
+    /* Bad parameter testing of signing. */
+    ExpectIntEQ(wolfSSL_ED448_sign(      NULL, msglen, NULL, privSz, NULL,
+          NULL), 0);
+    ExpectIntEQ(wolfSSL_ED448_sign((byte*)msg, msglen, NULL, privSz, NULL,
+          NULL), 0);
+    ExpectIntEQ(wolfSSL_ED448_sign(      NULL, msglen, priv, privSz, NULL,
+          NULL), 0);
+    ExpectIntEQ(wolfSSL_ED448_sign(      NULL, msglen, NULL, privSz, sig,
+          NULL), 0);
+    ExpectIntEQ(wolfSSL_ED448_sign(      NULL, msglen, NULL, privSz, NULL,
+        &sigSz), 0);
+    ExpectIntEQ(wolfSSL_ED448_sign(      NULL, msglen, priv, privSz,  sig,
+        &sigSz), 0);
+    ExpectIntEQ(wolfSSL_ED448_sign((byte*)msg, msglen, NULL, privSz,  sig,
+        &sigSz), 0);
+    ExpectIntEQ(wolfSSL_ED448_sign((byte*)msg, msglen, priv, privSz,  NULL,
+        &sigSz), 0);
+    ExpectIntEQ(wolfSSL_ED448_sign((byte*)msg, msglen, priv, privSz,  sig,
+          NULL), 0);
+    /*   Bad length. */
+    privSz = 1;
+    ExpectIntEQ(wolfSSL_ED448_sign((byte*)msg, msglen, priv, privSz, sig,
+        &sigSz), 0);
+    privSz = ED448_PRV_KEY_SIZE;
+    sigSz = 1;
+    ExpectIntEQ(wolfSSL_ED448_sign((byte*)msg, msglen, priv, privSz, sig,
+        &sigSz), 0);
+    sigSz = ED448_SIG_SIZE;
+
+    /* Good case of signing. */
+    ExpectIntEQ(wolfSSL_ED448_sign((byte*)msg, msglen, priv, privSz, sig,
+        &sigSz), 1);
+    ExpectIntEQ(sigSz, ED448_SIG_SIZE);
+
+#ifdef HAVE_ED448_VERIFY
+   /* Bad parameter testing of verification. */
+    ExpectIntEQ(wolfSSL_ED448_verify(      NULL, msglen, NULL, pubSz, NULL,
+        sigSz), 0);
+    ExpectIntEQ(wolfSSL_ED448_verify((byte*)msg, msglen, NULL, pubSz, NULL,
+        sigSz), 0);
+    ExpectIntEQ(wolfSSL_ED448_verify(      NULL, msglen,  pub, pubSz, NULL,
+        sigSz), 0);
+    ExpectIntEQ(wolfSSL_ED448_verify(      NULL, msglen, NULL, pubSz,  sig,
+        sigSz), 0);
+    ExpectIntEQ(wolfSSL_ED448_verify(      NULL, msglen,  pub, pubSz,  sig,
+        sigSz), 0);
+    ExpectIntEQ(wolfSSL_ED448_verify((byte*)msg, msglen, NULL, pubSz,  sig,
+        sigSz), 0);
+    ExpectIntEQ(wolfSSL_ED448_verify((byte*)msg, msglen,  pub, pubSz, NULL,
+        sigSz), 0);
+    /*   Bad length. */
+    pubSz = 1;
+    ExpectIntEQ(wolfSSL_ED448_verify((byte*)msg, msglen, pub, pubSz, sig,
+        sigSz), 0);
+    pubSz = ED448_PUB_KEY_SIZE;
+    sigSz = 1;
+    ExpectIntEQ(wolfSSL_ED448_verify((byte*)msg, msglen, pub, pubSz, sig,
+        sigSz), 0);
+    sigSz = ED448_SIG_SIZE;
+
+    /* Good case of verification. */
+    ExpectIntEQ(wolfSSL_ED448_verify((byte*)msg, msglen, pub, pubSz, sig,
+        sigSz), 1);
+    /* Bad signature. */
+    if (EXPECT_SUCCESS()) {
+        sig[1] ^= 0x80;
+    }
+    ExpectIntEQ(wolfSSL_ED448_verify((byte*)msg, msglen, pub, pubSz, sig,
+        sigSz), 0);
+#endif /* HAVE_ED448_VERIFY */
+#endif /* HAVE_ED448_SIGN && HAVE_ED448_KEY_IMPORT */
+#endif /* HAVE_ED448 && HAVE_ED448_KEY_EXPORT && WOLFSSL_KEY_GEN */
+    return EXPECT_RESULT();
+}
+#endif /* OPENSSL_EXTRA */
+
diff --git a/tests/api/test_ossl_ecx.h b/tests/api/test_ossl_ecx.h
new file mode 100644
index 000000000..6187138f9
--- /dev/null
+++ b/tests/api/test_ossl_ecx.h
@@ -0,0 +1,43 @@
+/* test_ossl_ecx.h
+ *
+ * Copyright (C) 2006-2025 wolfSSL Inc.
+ *
+ * This file is part of wolfSSL.
+ *
+ * wolfSSL is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * wolfSSL is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA
+ */
+
+#ifndef WOLFCRYPT_TEST_OSSL_ECX_H
+#define WOLFCRYPT_TEST_OSSL_ECX_H
+
+#include <tests/api/api_decl.h>
+
+#ifdef OPENSSL_EXTRA
+
+int test_EC25519(void);
+int test_ED25519(void);
+int test_EC448(void);
+int test_ED448(void);
+
+#define TEST_OSSL_ECX_DECLS                     \
+    TEST_DECL_GROUP("ossl_ecx", test_EC25519),  \
+    TEST_DECL_GROUP("ossl_ecx", test_ED25519),  \
+    TEST_DECL_GROUP("ossl_ecx", test_EC448),    \
+    TEST_DECL_GROUP("ossl_ecx", test_ED448)
+
+#endif
+
+#endif /* WOLFCRYPT_TEST_OSSL_ECX_H */
+
diff --git a/tests/api/test_ossl_mac.c b/tests/api/test_ossl_mac.c
new file mode 100644
index 000000000..daba856d2
--- /dev/null
+++ b/tests/api/test_ossl_mac.c
@@ -0,0 +1,520 @@
+/* test_ossl_mac.c
+ *
+ * Copyright (C) 2006-2025 wolfSSL Inc.
+ *
+ * This file is part of wolfSSL.
+ *
+ * wolfSSL is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * wolfSSL is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA
+ */
+
+#include <tests/unit.h>
+
+#ifdef NO_INLINE
+    #include <wolfssl/wolfcrypt/misc.h>
+#else
+    #define WOLFSSL_MISC_INCLUDED
+    #include <wolfcrypt/src/misc.c>
+#endif
+
+#include <wolfssl/openssl/hmac.h>
+#include <wolfssl/openssl/cmac.h>
+#include <wolfssl/wolfcrypt/types.h>
+#include <tests/api/api.h>
+#include <tests/api/test_ossl_mac.h>
+
+/*******************************************************************************
+ * MAC OpenSSL compatibility API Testing
+ ******************************************************************************/
+
+#if defined(OPENSSL_EXTRA) && !defined(NO_HMAC)
+/* helper function for test_wolfSSL_HMAC_CTX, digest size is expected to be a
+ * buffer of 64 bytes.
+ *
+ * returns the size of the digest buffer on success and a negative value on
+ * failure.
+ */
+static int test_HMAC_CTX_helper(const EVP_MD* type, unsigned char* digest,
+    int* sz)
+{
+    EXPECT_DECLS;
+    HMAC_CTX ctx1;
+    HMAC_CTX ctx2;
+
+    unsigned char key[] = "\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b"
+                          "\x0b\x0b\x0b\x0b\x0b\x0b\x0b";
+    unsigned char long_key[] =
+        "0123456789012345678901234567890123456789"
+        "0123456789012345678901234567890123456789"
+        "0123456789012345678901234567890123456789"
+        "0123456789012345678901234567890123456789";
+
+    unsigned char msg[] = "message to hash";
+    unsigned int  digestSz = 64;
+    int keySz = sizeof(key);
+    int long_keySz = sizeof(long_key);
+    int msgSz = sizeof(msg);
+
+    unsigned char digest2[64];
+    unsigned int digestSz2 = 64;
+
+    HMAC_CTX_init(&ctx1);
+    HMAC_CTX_init(&ctx2);
+
+    ExpectIntEQ(HMAC_Init(&ctx1, (const void*)key, keySz, type), SSL_SUCCESS);
+    ExpectIntEQ(HMAC_Update(&ctx1, msg, msgSz), SSL_SUCCESS);
+    ExpectIntEQ(HMAC_CTX_copy(&ctx2, &ctx1), SSL_SUCCESS);
+
+    ExpectIntEQ(HMAC_Update(&ctx1, msg, msgSz), SSL_SUCCESS);
+    ExpectIntEQ(HMAC_Final(&ctx1, digest, &digestSz), SSL_SUCCESS);
+    HMAC_CTX_cleanup(&ctx1);
+
+    ExpectIntEQ(HMAC_Update(&ctx2, msg, msgSz), SSL_SUCCESS);
+    ExpectIntEQ(HMAC_Final(&ctx2, digest2, &digestSz2), SSL_SUCCESS);
+    HMAC_CTX_cleanup(&ctx2);
+
+    ExpectIntEQ(digestSz, digestSz2);
+    ExpectIntEQ(XMEMCMP(digest, digest2, digestSz), 0);
+
+    /* test HMAC_Init with NULL key */
+
+    /* init after copy */
+    HMAC_CTX_init(&ctx1);
+    ExpectIntEQ(HMAC_Init(&ctx1, (const void*)key, keySz, type), SSL_SUCCESS);
+    ExpectIntEQ(HMAC_Update(&ctx1, msg, msgSz), SSL_SUCCESS);
+    ExpectIntEQ(HMAC_CTX_copy(&ctx2, &ctx1), SSL_SUCCESS);
+
+    ExpectIntEQ(HMAC_Init(&ctx1, NULL, 0, NULL), SSL_SUCCESS);
+    ExpectIntEQ(HMAC_Update(&ctx1, msg, msgSz), SSL_SUCCESS);
+    ExpectIntEQ(HMAC_Update(&ctx1, msg, msgSz), SSL_SUCCESS);
+    ExpectIntEQ(HMAC_Final(&ctx1, digest, &digestSz), SSL_SUCCESS);
+    HMAC_CTX_cleanup(&ctx1);
+
+    ExpectIntEQ(HMAC_Init(&ctx2, NULL, 0, NULL), SSL_SUCCESS);
+    ExpectIntEQ(HMAC_Update(&ctx2, msg, msgSz), SSL_SUCCESS);
+    ExpectIntEQ(HMAC_Update(&ctx2, msg, msgSz), SSL_SUCCESS);
+    ExpectIntEQ(HMAC_Final(&ctx2, digest2, &digestSz), SSL_SUCCESS);
+    HMAC_CTX_cleanup(&ctx2);
+
+    ExpectIntEQ(digestSz, digestSz2);
+    ExpectIntEQ(XMEMCMP(digest, digest2, digestSz), 0);
+
+    /* long key */
+    HMAC_CTX_init(&ctx1);
+    ExpectIntEQ(HMAC_Init(&ctx1, (const void*)long_key, long_keySz, type),
+        SSL_SUCCESS);
+    ExpectIntEQ(HMAC_Update(&ctx1, msg, msgSz), SSL_SUCCESS);
+    ExpectIntEQ(HMAC_CTX_copy(&ctx2, &ctx1), SSL_SUCCESS);
+
+    ExpectIntEQ(HMAC_Init(&ctx1, NULL, 0, NULL), SSL_SUCCESS);
+    ExpectIntEQ(HMAC_Update(&ctx1, msg, msgSz), SSL_SUCCESS);
+    ExpectIntEQ(HMAC_Update(&ctx1, msg, msgSz), SSL_SUCCESS);
+    ExpectIntEQ(HMAC_Final(&ctx1, digest, &digestSz), SSL_SUCCESS);
+    HMAC_CTX_cleanup(&ctx1);
+
+    ExpectIntEQ(HMAC_Init(&ctx2, NULL, 0, NULL), SSL_SUCCESS);
+    ExpectIntEQ(HMAC_Update(&ctx2, msg, msgSz), SSL_SUCCESS);
+    ExpectIntEQ(HMAC_Update(&ctx2, msg, msgSz), SSL_SUCCESS);
+    ExpectIntEQ(HMAC_Final(&ctx2, digest2, &digestSz), SSL_SUCCESS);
+    HMAC_CTX_cleanup(&ctx2);
+
+    ExpectIntEQ(digestSz, digestSz2);
+    ExpectIntEQ(XMEMCMP(digest, digest2, digestSz), 0);
+
+    /* init before copy */
+    HMAC_CTX_init(&ctx1);
+    ExpectIntEQ(HMAC_Init(&ctx1, (const void*)key, keySz, type), SSL_SUCCESS);
+    ExpectIntEQ(HMAC_Update(&ctx1, msg, msgSz), SSL_SUCCESS);
+    ExpectIntEQ(HMAC_Init(&ctx1, NULL, 0, NULL), SSL_SUCCESS);
+    ExpectIntEQ(HMAC_CTX_copy(&ctx2, &ctx1), SSL_SUCCESS);
+
+    ExpectIntEQ(HMAC_Update(&ctx1, msg, msgSz), SSL_SUCCESS);
+    ExpectIntEQ(HMAC_Update(&ctx1, msg, msgSz), SSL_SUCCESS);
+    ExpectIntEQ(HMAC_Final(&ctx1, digest, &digestSz), SSL_SUCCESS);
+    HMAC_CTX_cleanup(&ctx1);
+
+    ExpectIntEQ(HMAC_Update(&ctx2, msg, msgSz), SSL_SUCCESS);
+    ExpectIntEQ(HMAC_Update(&ctx2, msg, msgSz), SSL_SUCCESS);
+    ExpectIntEQ(HMAC_Final(&ctx2, digest2, &digestSz), SSL_SUCCESS);
+    HMAC_CTX_cleanup(&ctx2);
+
+    ExpectIntEQ(digestSz, digestSz2);
+    ExpectIntEQ(XMEMCMP(digest, digest2, digestSz), 0);
+
+    *sz = (int)digestSz;
+    return EXPECT_RESULT();
+}
+#endif /* defined(OPENSSL_EXTRA) && !defined(NO_HMAC) */
+
+int test_wolfSSL_HMAC_CTX(void)
+{
+    EXPECT_DECLS;
+#if defined(OPENSSL_EXTRA) && !defined(NO_HMAC)
+    unsigned char digest[64];
+    int digestSz;
+    WOLFSSL_HMAC_CTX* hmac_ctx = NULL;
+    WOLFSSL_HMAC_CTX ctx1;
+    WOLFSSL_HMAC_CTX ctx2;
+
+    ExpectNotNull(hmac_ctx = wolfSSL_HMAC_CTX_new());
+    ExpectIntEQ(wolfSSL_HMAC_CTX_Init(NULL), 1);
+    ExpectIntEQ(wolfSSL_HMAC_CTX_Init(hmac_ctx), 1);
+    wolfSSL_HMAC_CTX_free(NULL);
+    wolfSSL_HMAC_CTX_free(hmac_ctx);
+
+    XMEMSET(&ctx2, 0, sizeof(WOLFSSL_HMAC_CTX));
+    ExpectIntEQ(HMAC_CTX_init(NULL), 1);
+    ExpectIntEQ(HMAC_CTX_init(&ctx2), 1);
+    ExpectIntEQ(HMAC_CTX_copy(NULL, NULL), 0);
+    ExpectIntEQ(HMAC_CTX_copy(NULL, &ctx2), 0);
+    ExpectIntEQ(HMAC_CTX_copy(&ctx2, NULL), 0);
+#if defined(HAVE_SELFTEST) || (defined(HAVE_FIPS) && \
+    ((! defined(HAVE_FIPS_VERSION)) || \
+     defined(HAVE_FIPS_VERSION) && (HAVE_FIPS_VERSION <= 2)))
+    /* Copy object that hasn't had a digest set - MD5. */
+    ExpectIntEQ(HMAC_CTX_copy(&ctx1, &ctx2), 1);
+#else
+    /* Copy object that hasn't had a digest set. */
+    ExpectIntEQ(HMAC_CTX_copy(&ctx1, &ctx2), 0);
+#endif
+    HMAC_CTX_cleanup(NULL);
+    HMAC_CTX_cleanup(&ctx2);
+
+    ExpectNull(HMAC_CTX_get_md(NULL));
+
+    #ifndef NO_SHA
+    ExpectIntEQ((test_HMAC_CTX_helper(EVP_sha1(), digest, &digestSz)),
+        TEST_SUCCESS);
+    ExpectIntEQ(digestSz, 20);
+    ExpectIntEQ(XMEMCMP("\xD9\x68\x77\x23\x70\xFB\x53\x70\x53\xBA\x0E\xDC\xDA"
+                          "\xBF\x03\x98\x31\x19\xB2\xCC", digest, digestSz), 0);
+    #endif /* !NO_SHA */
+    #ifdef WOLFSSL_SHA224
+    ExpectIntEQ((test_HMAC_CTX_helper(EVP_sha224(), digest, &digestSz)),
+        TEST_SUCCESS);
+    ExpectIntEQ(digestSz, 28);
+    ExpectIntEQ(XMEMCMP("\x57\xFD\xF4\xE1\x2D\xB0\x79\xD7\x4B\x25\x7E\xB1\x95"
+                          "\x9C\x11\xAC\x2D\x1E\x78\x94\x4F\x3A\x0F\xED\xF8\xAD"
+                          "\x02\x0E", digest, digestSz), 0);
+    #endif /* WOLFSSL_SHA224 */
+    #ifndef NO_SHA256
+    ExpectIntEQ((test_HMAC_CTX_helper(EVP_sha256(), digest, &digestSz)),
+        TEST_SUCCESS);
+    ExpectIntEQ(digestSz, 32);
+    ExpectIntEQ(XMEMCMP("\x13\xAB\x76\x91\x0C\x37\x86\x8D\xB3\x7E\x30\x0C\xFC"
+                          "\xB0\x2E\x8E\x4A\xD7\xD4\x25\xCC\x3A\xA9\x0F\xA2\xF2"
+                          "\x47\x1E\x62\x6F\x5D\xF2", digest, digestSz), 0);
+    #endif /* !NO_SHA256 */
+
+    #ifdef WOLFSSL_SHA384
+    ExpectIntEQ((test_HMAC_CTX_helper(EVP_sha384(), digest, &digestSz)),
+        TEST_SUCCESS);
+    ExpectIntEQ(digestSz, 48);
+    ExpectIntEQ(XMEMCMP("\x9E\xCB\x07\x0C\x11\x76\x3F\x23\xC3\x25\x0E\xC4\xB7"
+                          "\x28\x77\x95\x99\xD5\x9D\x7A\xBB\x1A\x9F\xB7\xFD\x25"
+                          "\xC9\x72\x47\x9F\x8F\x86\x76\xD6\x20\x57\x87\xB7\xE7"
+                          "\xCD\xFB\xC2\xCC\x9F\x2B\xC5\x41\xAB",
+                          digest, digestSz), 0);
+    #endif /* WOLFSSL_SHA384 */
+    #ifdef WOLFSSL_SHA512
+    ExpectIntEQ((test_HMAC_CTX_helper(EVP_sha512(), digest, &digestSz)),
+        TEST_SUCCESS);
+    ExpectIntEQ(digestSz, 64);
+    ExpectIntEQ(XMEMCMP("\xD4\x21\x0C\x8B\x60\x6F\xF4\xBF\x07\x2F\x26\xCC\xAD"
+                          "\xBC\x06\x0B\x34\x78\x8B\x4F\xD6\xC0\x42\xF1\x33\x10"
+                          "\x6C\x4F\x1E\x55\x59\xDD\x2A\x9F\x15\x88\x62\xF8\x60"
+                          "\xA3\x99\x91\xE2\x08\x7B\xF7\x95\x3A\xB0\x92\x48\x60"
+                          "\x88\x8B\x5B\xB8\x5F\xE9\xB6\xB1\x96\xE3\xB5\xF0",
+                          digest, digestSz), 0);
+    #endif /* WOLFSSL_SHA512 */
+
+#ifdef WOLFSSL_SHA3
+    #ifndef WOLFSSL_NOSHA3_224
+    ExpectIntEQ((test_HMAC_CTX_helper(EVP_sha3_224(), digest, &digestSz)),
+        TEST_SUCCESS);
+    ExpectIntEQ(digestSz, 28);
+    ExpectIntEQ(XMEMCMP("\xdc\x53\x25\x3f\xc0\x9d\x2b\x0c\x7f\x59\x11\x17\x08"
+                        "\x5c\xe8\x43\x31\x01\x5a\xb3\xe3\x08\x37\x71\x26\x0b"
+                        "\x29\x0f", digest, digestSz), 0);
+    #endif
+    #ifndef WOLFSSL_NOSHA3_256
+    ExpectIntEQ((test_HMAC_CTX_helper(EVP_sha3_256(), digest, &digestSz)),
+        TEST_SUCCESS);
+    ExpectIntEQ(digestSz, 32);
+    ExpectIntEQ(XMEMCMP("\x0f\x00\x89\x82\x15\xce\xd6\x45\x01\x83\xce\xc8\x35"
+                        "\xab\x71\x07\xc9\xfe\x61\x22\x38\xf9\x09\xad\x35\x65"
+                        "\x43\x77\x24\xd4\x1e\xf4", digest, digestSz), 0);
+    #endif
+    #ifndef WOLFSSL_NOSHA3_384
+    ExpectIntEQ((test_HMAC_CTX_helper(EVP_sha3_384(), digest, &digestSz)),
+        TEST_SUCCESS);
+    ExpectIntEQ(digestSz, 48);
+    ExpectIntEQ(XMEMCMP("\x0f\x6a\xc0\xfb\xc3\xf2\x80\xb1\xb4\x04\xb6\xc8\x45"
+                        "\x23\x3b\xb4\xbe\xc6\xea\x85\x07\xca\x8c\x71\xbb\x6e"
+                        "\x79\xf6\xf9\x2b\x98\xf5\xef\x11\x39\xd4\x5d\xd3\xca"
+                        "\xc0\xe6\x81\xf7\x73\xf9\x85\x5d\x4f",
+                          digest, digestSz), 0);
+    #endif
+    #ifndef WOLFSSL_NOSHA3_512
+    ExpectIntEQ((test_HMAC_CTX_helper(EVP_sha3_512(), digest, &digestSz)),
+        TEST_SUCCESS);
+    ExpectIntEQ(digestSz, 64);
+    ExpectIntEQ(XMEMCMP("\x3e\x77\xe3\x59\x42\x89\xed\xc3\xa4\x26\x3d\xa4\x75"
+                        "\xd2\x84\x8c\xb2\xf3\x25\x04\x47\x61\xce\x1c\x42\x86"
+                        "\xcd\xf4\x56\xaa\x2f\x84\xb1\x3b\x18\xed\xe6\xd6\x48"
+                        "\x15\xb0\x29\xc5\x9d\x32\xef\xdd\x3e\x09\xf6\xed\x9e"
+                        "\x70\xbc\x1c\x63\xf7\x3b\x3e\xe1\xdc\x84\x9c\x1c",
+                          digest, digestSz), 0);
+    #endif
+#endif
+
+    #if !defined(NO_MD5) && (!defined(HAVE_FIPS_VERSION) || \
+        HAVE_FIPS_VERSION <= 2)
+    ExpectIntEQ((test_HMAC_CTX_helper(EVP_md5(), digest, &digestSz)),
+        TEST_SUCCESS);
+    ExpectIntEQ(digestSz, 16);
+    ExpectIntEQ(XMEMCMP("\xB7\x27\xC4\x41\xE5\x2E\x62\xBA\x54\xED\x72\x70\x9F"
+                          "\xE4\x98\xDD", digest, digestSz), 0);
+    #endif /* !NO_MD5 */
+#endif
+    return EXPECT_RESULT();
+}
+
+#if defined(OPENSSL_EXTRA) && (!defined(NO_SHA256) || \
+    defined(WOLFSSL_SHA224) || defined(WOLFSSL_SHA384) || \
+    defined(WOLFSSL_SHA512) || defined(WOLFSSL_SHA3))
+static int test_openssl_hmac(const WOLFSSL_EVP_MD* md, int md_len)
+{
+    EXPECT_DECLS;
+    static const unsigned char key[] = "simple test key";
+    HMAC_CTX* hmac = NULL;
+    ENGINE* e = NULL;
+    unsigned char hash[WC_MAX_DIGEST_SIZE];
+    unsigned int len;
+
+    ExpectNotNull(hmac = HMAC_CTX_new());
+    HMAC_CTX_init(hmac);
+#if defined(HAVE_SELFTEST) || (defined(HAVE_FIPS) && \
+    ((! defined(HAVE_FIPS_VERSION)) || \
+     defined(HAVE_FIPS_VERSION) && (HAVE_FIPS_VERSION <= 2)))
+    /* Get size on object that hasn't had a digest set - MD5. */
+    ExpectIntEQ(HMAC_size(hmac), 16);
+    ExpectIntEQ(HMAC_Init(hmac, NULL, 0, NULL), 1);
+    ExpectIntEQ(HMAC_Init(hmac, (void*)key, (int)sizeof(key), NULL), 1);
+    ExpectIntEQ(HMAC_Init(hmac, NULL, 0, md), 1);
+#else
+    ExpectIntEQ(HMAC_size(hmac), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    ExpectIntEQ(HMAC_Init(hmac, NULL, 0, NULL), 0);
+    ExpectIntEQ(HMAC_Init(hmac, (void*)key, (int)sizeof(key), NULL), 0);
+    ExpectIntEQ(HMAC_Init(hmac, NULL, 0, md), 0);
+#endif
+    ExpectIntEQ(HMAC_Init_ex(NULL, (void*)key, (int)sizeof(key), md, e), 0);
+    ExpectIntEQ(HMAC_Init_ex(hmac, (void*)key, (int)sizeof(key), md, e), 1);
+
+    /* reusing test key as data to hash */
+    ExpectIntEQ(HMAC_Update(NULL, key, (int)sizeof(key)), 0);
+    ExpectIntEQ(HMAC_Update(hmac, key, (int)sizeof(key)), 1);
+    ExpectIntEQ(HMAC_Update(hmac, key, 0), 1);
+    ExpectIntEQ(HMAC_Update(hmac, NULL, 0), 1);
+    ExpectIntEQ(HMAC_Update(hmac, NULL, (int)sizeof(key)), 1);
+    ExpectIntEQ(HMAC_Final(NULL, NULL, &len), 0);
+    ExpectIntEQ(HMAC_Final(hmac, NULL, &len), 0);
+    ExpectIntEQ(HMAC_Final(NULL, hash, &len), 0);
+    ExpectIntEQ(HMAC_Final(hmac, hash, &len), 1);
+    ExpectIntEQ(HMAC_Final(hmac, hash, NULL), 1);
+    ExpectIntEQ(len, md_len);
+    ExpectIntEQ(HMAC_size(NULL), 0);
+    ExpectIntEQ(HMAC_size(hmac), md_len);
+    ExpectStrEQ(HMAC_CTX_get_md(hmac), md);
+
+    HMAC_cleanup(NULL);
+    HMAC_cleanup(hmac);
+    HMAC_CTX_free(hmac);
+
+    len = 0;
+    ExpectNull(HMAC(NULL, key, (int)sizeof(key), NULL, 0, hash, &len));
+    ExpectNull(HMAC(md, NULL, (int)sizeof(key), NULL, 0, hash, &len));
+    ExpectNull(HMAC(md, key, (int)sizeof(key), NULL, 0, NULL, &len));
+    ExpectNotNull(HMAC(md, key, (int)sizeof(key), NULL, 0, hash, &len));
+    ExpectIntEQ(len, md_len);
+    ExpectNotNull(HMAC(md, key, (int)sizeof(key), NULL, 0, hash, NULL));
+    /* With data. */
+    ExpectNotNull(HMAC(md, key, (int)sizeof(key), key, (int)sizeof(key), hash,
+        &len));
+    /* With NULL data. */
+    ExpectNull(HMAC(md, key, (int)sizeof(key), NULL, (int)sizeof(key), hash,
+        &len));
+    /* With zero length data. */
+    ExpectNotNull(HMAC(md, key, (int)sizeof(key), key, 0, hash, &len));
+
+    return EXPECT_RESULT();
+}
+#endif
+
+int test_wolfSSL_HMAC(void)
+{
+    EXPECT_DECLS;
+#if defined(OPENSSL_EXTRA) && (!defined(NO_SHA256) || \
+    defined(WOLFSSL_SHA224) || defined(WOLFSSL_SHA384) || \
+    defined(WOLFSSL_SHA512) || defined(WOLFSSL_SHA3))
+#ifndef NO_SHA256
+    ExpectIntEQ(test_openssl_hmac(EVP_sha256(), (int)WC_SHA256_DIGEST_SIZE),
+        TEST_SUCCESS);
+#endif
+#ifdef WOLFSSL_SHA224
+    ExpectIntEQ(test_openssl_hmac(EVP_sha224(), (int)WC_SHA224_DIGEST_SIZE),
+        TEST_SUCCESS);
+#endif
+#ifdef WOLFSSL_SHA384
+    ExpectIntEQ(test_openssl_hmac(EVP_sha384(), (int)WC_SHA384_DIGEST_SIZE),
+        TEST_SUCCESS);
+#endif
+#ifdef WOLFSSL_SHA512
+    ExpectIntEQ(test_openssl_hmac(EVP_sha512(), (int)WC_SHA512_DIGEST_SIZE),
+        TEST_SUCCESS);
+#endif
+#ifdef WOLFSSL_SHA3
+    #ifndef WOLFSSL_NOSHA3_224
+        ExpectIntEQ(test_openssl_hmac(EVP_sha3_224(),
+             (int)WC_SHA3_224_DIGEST_SIZE), TEST_SUCCESS);
+    #endif
+    #ifndef WOLFSSL_NOSHA3_256
+        ExpectIntEQ(test_openssl_hmac(EVP_sha3_256(),
+             (int)WC_SHA3_256_DIGEST_SIZE), TEST_SUCCESS);
+    #endif
+    #ifndef WOLFSSL_NOSHA3_384
+        ExpectIntEQ(test_openssl_hmac(EVP_sha3_384(),
+             (int)WC_SHA3_384_DIGEST_SIZE), TEST_SUCCESS);
+    #endif
+    #ifndef WOLFSSL_NOSHA3_512
+        ExpectIntEQ(test_openssl_hmac(EVP_sha3_512(),
+             (int)WC_SHA3_512_DIGEST_SIZE), TEST_SUCCESS);
+    #endif
+#endif
+#ifndef NO_SHA
+    ExpectIntEQ(test_openssl_hmac(EVP_sha1(), (int)WC_SHA_DIGEST_SIZE),
+        TEST_SUCCESS);
+#endif
+#endif
+    return EXPECT_RESULT();
+}
+
+int test_wolfSSL_CMAC(void)
+{
+    EXPECT_DECLS;
+#if defined(WOLFSSL_CMAC) && defined(OPENSSL_EXTRA) && \
+    defined(WOLFSSL_AES_DIRECT)
+    int i;
+    byte key[AES_256_KEY_SIZE];
+    CMAC_CTX* cmacCtx = NULL;
+    byte out[AES_BLOCK_SIZE];
+    size_t outLen = AES_BLOCK_SIZE;
+
+    for (i=0; i < AES_256_KEY_SIZE; ++i) {
+        key[i] = i;
+    }
+    ExpectNotNull(cmacCtx = CMAC_CTX_new());
+    /* Check CMAC_CTX_get0_cipher_ctx; return value not used. */
+    ExpectNotNull(CMAC_CTX_get0_cipher_ctx(cmacCtx));
+    ExpectIntEQ(CMAC_Init(cmacCtx, key, AES_128_KEY_SIZE, EVP_aes_128_cbc(),
+        NULL), 1);
+    /* reusing test key as data to hash */
+    ExpectIntEQ(CMAC_Update(cmacCtx, key, AES_128_KEY_SIZE), 1);
+    ExpectIntEQ(CMAC_Update(cmacCtx, NULL, 0), 1);
+    ExpectIntEQ(CMAC_Final(cmacCtx, out, &outLen), 1);
+    ExpectIntEQ(outLen, AES_BLOCK_SIZE);
+
+    /* No Update works. */
+    ExpectIntEQ(CMAC_Init(cmacCtx, key, AES_128_KEY_SIZE, EVP_aes_128_cbc(),
+        NULL), 1);
+    ExpectIntEQ(CMAC_Final(cmacCtx, out, NULL), 1);
+
+    ExpectIntEQ(CMAC_Init(cmacCtx, key, AES_128_KEY_SIZE, EVP_aes_128_cbc(),
+        NULL), 1);
+    /* Test parameters with CMAC_Update. */
+    ExpectIntEQ(CMAC_Update(NULL, NULL, 0), 0);
+    ExpectIntEQ(CMAC_Update(NULL, key, 0), 0);
+    ExpectIntEQ(CMAC_Update(NULL, NULL, AES_128_KEY_SIZE), 0);
+    ExpectIntEQ(CMAC_Update(NULL, key, AES_128_KEY_SIZE), 0);
+    ExpectIntEQ(CMAC_Update(cmacCtx, key, 0), 1);
+    ExpectIntEQ(CMAC_Update(cmacCtx, NULL, 0), 1);
+    ExpectIntEQ(CMAC_Update(cmacCtx, NULL, AES_128_KEY_SIZE), 1);
+    /* Test parameters with CMAC_Final. */
+    ExpectIntEQ(CMAC_Final(NULL, NULL, NULL), 0);
+    ExpectIntEQ(CMAC_Final(NULL, out, NULL), 0);
+    ExpectIntEQ(CMAC_Final(NULL, NULL, &outLen), 0);
+    ExpectIntEQ(CMAC_Final(NULL, out, &outLen), 0);
+    ExpectIntEQ(CMAC_Final(cmacCtx, NULL, NULL), 1);
+    ExpectIntEQ(CMAC_Final(cmacCtx, NULL, &outLen), 1);
+    ExpectIntEQ(CMAC_Final(cmacCtx, out, NULL), 1);
+    CMAC_CTX_free(cmacCtx);
+
+    /* Test parameters with CMAC Init. */
+    cmacCtx = NULL;
+    ExpectNotNull(cmacCtx = CMAC_CTX_new());
+    ExpectNotNull(CMAC_CTX_get0_cipher_ctx(cmacCtx));
+    ExpectIntEQ(CMAC_Init(NULL, NULL, 0, NULL, NULL), 0);
+    #ifdef WOLFSSL_AES_192
+    ExpectIntEQ(CMAC_Init(NULL, key, AES_192_KEY_SIZE, EVP_aes_192_cbc(),
+        NULL), 0);
+    ExpectIntEQ(CMAC_Init(cmacCtx, NULL, AES_192_KEY_SIZE, EVP_aes_192_cbc(),
+        NULL), 0);
+    /* give a key too small for the cipher, verify we get failure */
+    ExpectIntEQ(CMAC_Init(cmacCtx, key, AES_128_KEY_SIZE, EVP_aes_192_cbc(),
+        NULL), 0);
+    ExpectIntEQ(CMAC_Init(cmacCtx, key, AES_192_KEY_SIZE, NULL, NULL), 0);
+    #endif
+    #if defined(HAVE_AESGCM) && defined(WOLFSSL_AES_128)
+    /* Only AES-CBC supported. */
+    ExpectIntEQ(CMAC_Init(cmacCtx, key, AES_128_KEY_SIZE, EVP_aes_128_gcm(),
+        NULL), 0);
+    #endif
+    CMAC_CTX_free(cmacCtx);
+
+    ExpectNull(CMAC_CTX_get0_cipher_ctx(NULL));
+    cmacCtx = NULL;
+    ExpectNotNull(cmacCtx = CMAC_CTX_new());
+    /* No Init. */
+    ExpectIntEQ(CMAC_Final(cmacCtx, out, &outLen), 0);
+    CMAC_CTX_free(cmacCtx);
+
+    /* Test AES-256-CBC */
+#ifdef WOLFSSL_AES_256
+    cmacCtx = NULL;
+    ExpectNotNull(cmacCtx = CMAC_CTX_new());
+    ExpectIntEQ(CMAC_Init(cmacCtx, key, AES_256_KEY_SIZE, EVP_aes_256_cbc(),
+        NULL), 1);
+    ExpectIntEQ(CMAC_Update(cmacCtx, key, AES_128_KEY_SIZE), 1);
+    ExpectIntEQ(CMAC_Final(cmacCtx, out, NULL), 1);
+    CMAC_CTX_free(cmacCtx);
+#endif
+
+    /* Test AES-192-CBC */
+#ifdef WOLFSSL_AES_192
+    cmacCtx = NULL;
+    ExpectNotNull(cmacCtx = CMAC_CTX_new());
+    ExpectIntEQ(CMAC_Init(cmacCtx, key, AES_192_KEY_SIZE, EVP_aes_192_cbc(),
+        NULL), 1);
+    ExpectIntEQ(CMAC_Update(cmacCtx, key, AES_128_KEY_SIZE), 1);
+    ExpectIntEQ(CMAC_Final(cmacCtx, out, NULL), 1);
+    CMAC_CTX_free(cmacCtx);
+#endif
+
+    cmacCtx = NULL;
+    ExpectNotNull(cmacCtx = CMAC_CTX_new());
+    CMAC_CTX_free(cmacCtx);
+#endif /* WOLFSSL_CMAC && OPENSSL_EXTRA && WOLFSSL_AES_DIRECT */
+    return EXPECT_RESULT();
+}
+
diff --git a/linuxkm/pie_last.c b/tests/api/test_ossl_mac.h
similarity index 61%
rename from linuxkm/pie_last.c
rename to tests/api/test_ossl_mac.h
index 7a246d3da..8008354c6 100644
--- a/linuxkm/pie_last.c
+++ b/tests/api/test_ossl_mac.h
@@ -1,4 +1,4 @@
-/* linuxkm/pie_last.c -- memory fenceposts for checking binary image stability
+/* test_ossl_mac.h
  *
  * Copyright (C) 2006-2025 wolfSSL Inc.
  *
@@ -19,20 +19,19 @@
  * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA
  */
 
-#ifndef __PIE__
-    #error pie_last.c must be compiled -fPIE.
-#endif
+#ifndef WOLFCRYPT_TEST_OSSL_MAC_H
+#define WOLFCRYPT_TEST_OSSL_MAC_H
 
-#include <wolfssl/wolfcrypt/libwolfssl_sources.h>
+#include <tests/api/api_decl.h>
 
-#include <wolfssl/ssl.h>
+int test_wolfSSL_HMAC_CTX(void);
+int test_wolfSSL_HMAC(void);
+int test_wolfSSL_CMAC(void);
 
-int wolfCrypt_PIE_last_function(void);
-int wolfCrypt_PIE_last_function(void) {
-    return 1;
-}
+#define TEST_OSSL_MAC_DECLS                             \
+    TEST_DECL_GROUP("ossl_mac", test_wolfSSL_HMAC_CTX), \
+    TEST_DECL_GROUP("ossl_mac", test_wolfSSL_HMAC),     \
+    TEST_DECL_GROUP("ossl_mac", test_wolfSSL_CMAC)
+
+#endif /* WOLFCRYPT_TEST_OSSL_MAC_H */
 
-const unsigned int wolfCrypt_PIE_rodata_end[];
-const unsigned int wolfCrypt_PIE_rodata_end[] =
-/* random values, analogous to wolfCrypt_FIPS_ro_{start,end} */
-{ 0xa4aaaf71, 0x55c4b7d0 };
diff --git a/tests/api/test_ossl_rsa.c b/tests/api/test_ossl_rsa.c
new file mode 100644
index 000000000..1947ad7ee
--- /dev/null
+++ b/tests/api/test_ossl_rsa.c
@@ -0,0 +1,1646 @@
+/* test_ossl_rsa.c
+ *
+ * Copyright (C) 2006-2025 wolfSSL Inc.
+ *
+ * This file is part of wolfSSL.
+ *
+ * wolfSSL is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * wolfSSL is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA
+ */
+
+#include <tests/unit.h>
+
+#ifdef NO_INLINE
+    #include <wolfssl/wolfcrypt/misc.h>
+#else
+    #define WOLFSSL_MISC_INCLUDED
+    #include <wolfcrypt/src/misc.c>
+#endif
+
+#include <wolfssl/openssl/rsa.h>
+#include <wolfssl/openssl/pem.h>
+#include <wolfssl/internal.h>
+#include <wolfssl/wolfcrypt/types.h>
+#include <tests/api/api.h>
+#include <tests/api/test_ossl_rsa.h>
+
+/*******************************************************************************
+ * RSA OpenSSL compatibility API Testing
+ ******************************************************************************/
+
+int test_wolfSSL_RSA(void)
+{
+    EXPECT_DECLS;
+#if defined(OPENSSL_EXTRA) && !defined(NO_RSA) && defined(WOLFSSL_KEY_GEN)
+    RSA* rsa = NULL;
+    const BIGNUM *n = NULL;
+    const BIGNUM *e = NULL;
+    const BIGNUM *d = NULL;
+    const BIGNUM *p = NULL;
+    const BIGNUM *q = NULL;
+    const BIGNUM *dmp1 = NULL;
+    const BIGNUM *dmq1 = NULL;
+    const BIGNUM *iqmp = NULL;
+
+    ExpectNotNull(rsa = RSA_new());
+    ExpectIntEQ(RSA_size(NULL), 0);
+    ExpectIntEQ(RSA_size(rsa), 0);
+    ExpectIntEQ(RSA_set0_key(rsa, NULL, NULL, NULL), 0);
+    ExpectIntEQ(RSA_set0_crt_params(rsa, NULL, NULL, NULL), 0);
+    ExpectIntEQ(RSA_set0_factors(rsa, NULL, NULL), 0);
+#ifdef WOLFSSL_RSA_KEY_CHECK
+    ExpectIntEQ(RSA_check_key(rsa), 0);
+#endif
+
+    RSA_free(rsa);
+    rsa = NULL;
+    ExpectNotNull(rsa = RSA_generate_key(2048, 3, NULL, NULL));
+    ExpectIntEQ(RSA_size(rsa), 256);
+
+#if (!defined(HAVE_FIPS) || FIPS_VERSION3_GT(6,0,0)) && !defined(HAVE_SELFTEST)
+    {
+        /* Test setting only subset of parameters */
+        RSA *rsa2 = NULL;
+        unsigned char hash[SHA256_DIGEST_LENGTH];
+        unsigned char signature[2048/8];
+        unsigned int signatureLen = 0;
+        BIGNUM* n2 = NULL;
+        BIGNUM* e2 = NULL;
+        BIGNUM* d2 = NULL;
+        BIGNUM* p2 = NULL;
+        BIGNUM* q2 = NULL;
+        BIGNUM* dmp12 = NULL;
+        BIGNUM* dmq12 = NULL;
+        BIGNUM* iqmp2 = NULL;
+
+        XMEMSET(hash, 0, sizeof(hash));
+        RSA_get0_key(rsa, &n, &e, &d);
+        RSA_get0_factors(rsa, &p, &q);
+        RSA_get0_crt_params(rsa, &dmp1, &dmq1, &iqmp);
+
+        ExpectIntEQ(RSA_sign(NID_sha256, hash, sizeof(hash), signature,
+            &signatureLen, rsa), 1);
+        /* Quick sanity check */
+        ExpectIntEQ(RSA_verify(NID_sha256, hash, sizeof(hash), signature,
+            signatureLen, rsa), 1);
+
+        /* Verifying */
+        ExpectNotNull(n2 = BN_dup(n));
+        ExpectNotNull(e2 = BN_dup(e));
+        ExpectNotNull(p2 = BN_dup(p));
+        ExpectNotNull(q2 = BN_dup(q));
+        ExpectNotNull(dmp12 = BN_dup(dmp1));
+        ExpectNotNull(dmq12 = BN_dup(dmq1));
+        ExpectNotNull(iqmp2 = BN_dup(iqmp));
+
+        ExpectNotNull(rsa2 = RSA_new());
+        ExpectIntEQ(RSA_set0_key(rsa2, n2, e2, NULL), 1);
+        if (EXPECT_SUCCESS()) {
+            n2 = NULL;
+            e2 = NULL;
+        }
+        ExpectIntEQ(RSA_verify(NID_sha256, hash, sizeof(hash), signature,
+            signatureLen, rsa2), 1);
+        ExpectIntEQ(RSA_set0_factors(rsa2, p2, q2), 1);
+        if (EXPECT_SUCCESS()) {
+            p2 = NULL;
+            q2 = NULL;
+        }
+        ExpectIntEQ(RSA_verify(NID_sha256, hash, sizeof(hash), signature,
+            signatureLen, rsa2), 1);
+        ExpectIntEQ(RSA_set0_crt_params(rsa2, dmp12, dmq12, iqmp2), 1);
+        if (EXPECT_SUCCESS()) {
+            dmp12 = NULL;
+            dmq12 = NULL;
+            iqmp2 = NULL;
+        }
+        ExpectIntEQ(RSA_verify(NID_sha256, hash, sizeof(hash), signature,
+            signatureLen, rsa2), 1);
+        RSA_free(rsa2);
+        rsa2 = NULL;
+
+        BN_free(iqmp2);
+        iqmp2 = NULL;
+        BN_free(dmq12);
+        dmq12 = NULL;
+        BN_free(dmp12);
+        dmp12 = NULL;
+        BN_free(q2);
+        q2 = NULL;
+        BN_free(p2);
+        p2 = NULL;
+        BN_free(e2);
+        e2 = NULL;
+        BN_free(n2);
+        n2 = NULL;
+
+        ExpectNotNull(n2 = BN_dup(n));
+        ExpectNotNull(e2 = BN_dup(e));
+        ExpectNotNull(d2 = BN_dup(d));
+        ExpectNotNull(p2 = BN_dup(p));
+        ExpectNotNull(q2 = BN_dup(q));
+        ExpectNotNull(dmp12 = BN_dup(dmp1));
+        ExpectNotNull(dmq12 = BN_dup(dmq1));
+        ExpectNotNull(iqmp2 = BN_dup(iqmp));
+
+        /* Signing */
+        XMEMSET(signature, 0, sizeof(signature));
+        ExpectNotNull(rsa2 = RSA_new());
+        ExpectIntEQ(RSA_set0_key(rsa2, n2, e2, d2), 1);
+        if (EXPECT_SUCCESS()) {
+            n2 = NULL;
+            e2 = NULL;
+            d2 = NULL;
+        }
+#if defined(WOLFSSL_SP_MATH) && !defined(RSA_LOW_MEM)
+        /* SP is not support signing without CRT parameters. */
+        ExpectIntEQ(RSA_sign(NID_sha256, hash, sizeof(hash), signature,
+            &signatureLen, rsa2), 0);
+        ExpectIntEQ(RSA_set0_factors(rsa2, p2, q2), 1);
+        if (EXPECT_SUCCESS()) {
+            p2 = NULL;
+            q2 = NULL;
+        }
+        ExpectIntEQ(RSA_sign(NID_sha256, hash, sizeof(hash), signature,
+            &signatureLen, rsa2), 0);
+#else
+        ExpectIntEQ(RSA_sign(NID_sha256, hash, sizeof(hash), signature,
+            &signatureLen, rsa2), 1);
+        ExpectIntEQ(RSA_verify(NID_sha256, hash, sizeof(hash), signature,
+            signatureLen, rsa), 1);
+        ExpectIntEQ(RSA_set0_factors(rsa2, p2, q2), 1);
+        if (EXPECT_SUCCESS()) {
+            p2 = NULL;
+            q2 = NULL;
+        }
+        XMEMSET(signature, 0, sizeof(signature));
+        ExpectIntEQ(RSA_sign(NID_sha256, hash, sizeof(hash), signature,
+            &signatureLen, rsa2), 1);
+        ExpectIntEQ(RSA_verify(NID_sha256, hash, sizeof(hash), signature,
+            signatureLen, rsa), 1);
+#endif
+        ExpectIntEQ(RSA_set0_crt_params(rsa2, dmp12, dmq12, iqmp2), 1);
+        if (EXPECT_SUCCESS()) {
+            dmp12 = NULL;
+            dmq12 = NULL;
+            iqmp2 = NULL;
+        }
+        ExpectIntEQ(RSA_sign(NID_sha256, hash, sizeof(hash), signature,
+            &signatureLen, rsa2), 1);
+        ExpectIntEQ(RSA_verify(NID_sha256, hash, sizeof(hash), signature,
+            signatureLen, rsa), 1);
+        RSA_free(rsa2);
+        rsa2 = NULL;
+
+        BN_free(iqmp2);
+        BN_free(dmq12);
+        BN_free(dmp12);
+        BN_free(q2);
+        BN_free(p2);
+        BN_free(d2);
+        BN_free(e2);
+        BN_free(n2);
+    }
+#endif
+
+#ifdef WOLFSSL_RSA_KEY_CHECK
+    ExpectIntEQ(RSA_check_key(NULL), 0);
+    ExpectIntEQ(RSA_check_key(rsa), 1);
+#endif
+
+    /* sanity check */
+    ExpectIntEQ(RSA_bits(NULL), 0);
+
+    /* key */
+    ExpectIntEQ(RSA_bits(rsa), 2048);
+    RSA_get0_key(rsa, &n, &e, &d);
+    ExpectPtrEq(rsa->n, n);
+    ExpectPtrEq(rsa->e, e);
+    ExpectPtrEq(rsa->d, d);
+    n = NULL;
+    e = NULL;
+    d = NULL;
+    ExpectNotNull(n = BN_new());
+    ExpectNotNull(e = BN_new());
+    ExpectNotNull(d = BN_new());
+    ExpectIntEQ(RSA_set0_key(rsa, (BIGNUM*)n, (BIGNUM*)e, (BIGNUM*)d), 1);
+    if (EXPECT_FAIL()) {
+        BN_free((BIGNUM*)n);
+        BN_free((BIGNUM*)e);
+        BN_free((BIGNUM*)d);
+    }
+    ExpectPtrEq(rsa->n, n);
+    ExpectPtrEq(rsa->e, e);
+    ExpectPtrEq(rsa->d, d);
+    ExpectIntEQ(RSA_set0_key(rsa, NULL, NULL, NULL), 1);
+    ExpectIntEQ(RSA_set0_key(NULL, (BIGNUM*)n, (BIGNUM*)e, (BIGNUM*)d), 0);
+
+    /* crt_params */
+    RSA_get0_crt_params(rsa, &dmp1, &dmq1, &iqmp);
+    ExpectPtrEq(rsa->dmp1, dmp1);
+    ExpectPtrEq(rsa->dmq1, dmq1);
+    ExpectPtrEq(rsa->iqmp, iqmp);
+    dmp1 = NULL;
+    dmq1 = NULL;
+    iqmp = NULL;
+    ExpectNotNull(dmp1 = BN_new());
+    ExpectNotNull(dmq1 = BN_new());
+    ExpectNotNull(iqmp = BN_new());
+    ExpectIntEQ(RSA_set0_crt_params(rsa, (BIGNUM*)dmp1, (BIGNUM*)dmq1,
+        (BIGNUM*)iqmp), 1);
+    if (EXPECT_FAIL()) {
+        BN_free((BIGNUM*)dmp1);
+        BN_free((BIGNUM*)dmq1);
+        BN_free((BIGNUM*)iqmp);
+    }
+    ExpectPtrEq(rsa->dmp1, dmp1);
+    ExpectPtrEq(rsa->dmq1, dmq1);
+    ExpectPtrEq(rsa->iqmp, iqmp);
+    ExpectIntEQ(RSA_set0_crt_params(rsa, NULL, NULL, NULL), 1);
+    ExpectIntEQ(RSA_set0_crt_params(NULL, (BIGNUM*)dmp1, (BIGNUM*)dmq1,
+        (BIGNUM*)iqmp), 0);
+    RSA_get0_crt_params(NULL, NULL, NULL, NULL);
+    RSA_get0_crt_params(rsa, NULL, NULL, NULL);
+    RSA_get0_crt_params(NULL, &dmp1, &dmq1, &iqmp);
+    ExpectNull(dmp1);
+    ExpectNull(dmq1);
+    ExpectNull(iqmp);
+
+    /* factors */
+    RSA_get0_factors(rsa, NULL, NULL);
+    RSA_get0_factors(rsa, &p, &q);
+    ExpectPtrEq(rsa->p, p);
+    ExpectPtrEq(rsa->q, q);
+    p = NULL;
+    q = NULL;
+    ExpectNotNull(p = BN_new());
+    ExpectNotNull(q = BN_new());
+    ExpectIntEQ(RSA_set0_factors(rsa, (BIGNUM*)p, (BIGNUM*)q), 1);
+    if (EXPECT_FAIL()) {
+        BN_free((BIGNUM*)p);
+        BN_free((BIGNUM*)q);
+    }
+    ExpectPtrEq(rsa->p, p);
+    ExpectPtrEq(rsa->q, q);
+    ExpectIntEQ(RSA_set0_factors(rsa, NULL, NULL), 1);
+    ExpectIntEQ(RSA_set0_factors(NULL, (BIGNUM*)p, (BIGNUM*)q), 0);
+    RSA_get0_factors(NULL, NULL, NULL);
+    RSA_get0_factors(NULL, &p, &q);
+    ExpectNull(p);
+    ExpectNull(q);
+
+    ExpectIntEQ(BN_hex2bn(&rsa->n, "1FFFFF"), 1);
+    ExpectIntEQ(RSA_bits(rsa), 21);
+    RSA_free(rsa);
+    rsa = NULL;
+
+#if !defined(USE_FAST_MATH) || (FP_MAX_BITS >= (3072*2))
+    ExpectNotNull(rsa = RSA_generate_key(3072, 17, NULL, NULL));
+    ExpectIntEQ(RSA_size(rsa), 384);
+    ExpectIntEQ(RSA_bits(rsa), 3072);
+    RSA_free(rsa);
+    rsa = NULL;
+#endif
+
+    /* remove for now with odd key size until adjusting rsa key size check with
+       wc_MakeRsaKey()
+    ExpectNotNull(rsa = RSA_generate_key(2999, 65537, NULL, NULL));
+    RSA_free(rsa);
+    rsa = NULL;
+    */
+
+    ExpectNull(RSA_generate_key(-1, 3, NULL, NULL));
+    ExpectNull(RSA_generate_key(RSA_MIN_SIZE - 1, 3, NULL, NULL));
+    ExpectNull(RSA_generate_key(RSA_MAX_SIZE + 1, 3, NULL, NULL));
+    ExpectNull(RSA_generate_key(2048, 0, NULL, NULL));
+
+
+#if !defined(NO_FILESYSTEM) && !defined(NO_ASN)
+    {
+        byte buff[FOURK_BUF];
+        byte der[FOURK_BUF];
+        const char PrivKeyPemFile[] = "certs/client-keyEnc.pem";
+
+        XFILE f = XBADFILE;
+        int bytes = 0;
+
+        /* test loading encrypted RSA private pem w/o password */
+        ExpectTrue((f = XFOPEN(PrivKeyPemFile, "rb")) != XBADFILE);
+        ExpectIntGT(bytes = (int)XFREAD(buff, 1, sizeof(buff), f), 0);
+        if (f != XBADFILE)
+            XFCLOSE(f);
+        XMEMSET(der, 0, sizeof(der));
+        /* test that error value is returned with no password */
+        ExpectIntLT(wc_KeyPemToDer(buff, bytes, der, (word32)sizeof(der), ""),
+            0);
+    }
+#endif
+#endif
+    return EXPECT_RESULT();
+}
+
+int test_wolfSSL_RSA_DER(void)
+{
+    EXPECT_DECLS;
+#if defined(WOLFSSL_KEY_GEN) && !defined(NO_RSA) && defined(OPENSSL_EXTRA)
+    RSA *rsa = NULL;
+    int i;
+    const unsigned char *buff = NULL;
+    unsigned char *newBuff = NULL;
+
+    struct tbl_s
+    {
+        const unsigned char *der;
+        int sz;
+    } tbl[] = {
+
+#ifdef USE_CERT_BUFFERS_1024
+        {client_key_der_1024, sizeof_client_key_der_1024},
+        {server_key_der_1024, sizeof_server_key_der_1024},
+#endif
+#ifdef USE_CERT_BUFFERS_2048
+        {client_key_der_2048, sizeof_client_key_der_2048},
+        {server_key_der_2048, sizeof_server_key_der_2048},
+#endif
+        {NULL, 0}
+    };
+
+    /* Public Key DER */
+    struct tbl_s pub[] = {
+#ifdef USE_CERT_BUFFERS_1024
+        {client_keypub_der_1024, sizeof_client_keypub_der_1024},
+#endif
+#ifdef USE_CERT_BUFFERS_2048
+        {client_keypub_der_2048, sizeof_client_keypub_der_2048},
+#endif
+        {NULL, 0}
+    };
+
+    ExpectNull(d2i_RSAPublicKey(&rsa, NULL, pub[0].sz));
+    buff = pub[0].der;
+    ExpectNull(d2i_RSAPublicKey(&rsa, &buff, 1));
+    ExpectNull(d2i_RSAPrivateKey(&rsa, NULL, tbl[0].sz));
+    buff = tbl[0].der;
+    ExpectNull(d2i_RSAPrivateKey(&rsa, &buff, 1));
+
+    ExpectIntEQ(i2d_RSAPublicKey(NULL, NULL), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    rsa = RSA_new();
+    ExpectIntEQ(i2d_RSAPublicKey(rsa, NULL), 0);
+    RSA_free(rsa);
+    rsa = NULL;
+
+    for (i = 0; tbl[i].der != NULL; i++)
+    {
+        /* Passing in pointer results in pointer moving. */
+        buff = tbl[i].der;
+        ExpectNotNull(d2i_RSAPublicKey(&rsa, &buff, tbl[i].sz));
+        ExpectNotNull(rsa);
+        RSA_free(rsa);
+        rsa = NULL;
+    }
+    for (i = 0; tbl[i].der != NULL; i++)
+    {
+        /* Passing in pointer results in pointer moving. */
+        buff = tbl[i].der;
+        ExpectNotNull(d2i_RSAPrivateKey(&rsa, &buff, tbl[i].sz));
+        ExpectNotNull(rsa);
+        RSA_free(rsa);
+        rsa = NULL;
+    }
+
+    for (i = 0; pub[i].der != NULL; i++)
+    {
+        buff = pub[i].der;
+        ExpectNotNull(d2i_RSAPublicKey(&rsa, &buff, pub[i].sz));
+        ExpectNotNull(rsa);
+        ExpectIntEQ(i2d_RSAPublicKey(rsa, NULL), pub[i].sz);
+        newBuff = NULL;
+        ExpectIntEQ(i2d_RSAPublicKey(rsa, &newBuff), pub[i].sz);
+        ExpectNotNull(newBuff);
+        ExpectIntEQ(XMEMCMP((void *)newBuff, (void *)pub[i].der, pub[i].sz), 0);
+        XFREE((void *)newBuff, NULL, DYNAMIC_TYPE_TMP_BUFFER);
+        RSA_free(rsa);
+        rsa = NULL;
+    }
+#endif
+    return EXPECT_RESULT();
+}
+
+int test_wolfSSL_RSA_print(void)
+{
+    EXPECT_DECLS;
+#if defined(OPENSSL_EXTRA) && !defined(NO_FILESYSTEM) && \
+   !defined(NO_STDIO_FILESYSTEM) && \
+   !defined(NO_RSA) && defined(WOLFSSL_KEY_GEN) && \
+   !defined(NO_BIO) && defined(XFPRINTF)
+    BIO *bio = NULL;
+    WOLFSSL_RSA* rsa = NULL;
+
+    ExpectNotNull(bio = BIO_new_fd(STDERR_FILENO, BIO_NOCLOSE));
+    ExpectNotNull(rsa = RSA_new());
+
+    ExpectIntEQ(RSA_print(NULL, rsa, 0), -1);
+    ExpectIntEQ(RSA_print_fp(XBADFILE, rsa, 0), 0);
+    ExpectIntEQ(RSA_print(bio, NULL, 0), -1);
+    ExpectIntEQ(RSA_print_fp(stderr, NULL, 0), 0);
+    /* Some very large number of indent spaces. */
+    ExpectIntEQ(RSA_print(bio, rsa, 128), -1);
+    /* RSA is empty. */
+    ExpectIntEQ(RSA_print(bio, rsa, 0), 0);
+    ExpectIntEQ(RSA_print_fp(stderr, rsa, 0), 0);
+
+    RSA_free(rsa);
+    rsa = NULL;
+    ExpectNotNull(rsa = RSA_generate_key(2048, 3, NULL, NULL));
+
+    ExpectIntEQ(RSA_print(bio, rsa, 0), 1);
+    ExpectIntEQ(RSA_print(bio, rsa, 4), 1);
+    ExpectIntEQ(RSA_print(bio, rsa, -1), 1);
+    ExpectIntEQ(RSA_print_fp(stderr, rsa, 0), 1);
+    ExpectIntEQ(RSA_print_fp(stderr, rsa, 4), 1);
+    ExpectIntEQ(RSA_print_fp(stderr, rsa, -1), 1);
+
+    BIO_free(bio);
+    RSA_free(rsa);
+#endif
+    return EXPECT_RESULT();
+}
+
+int test_wolfSSL_RSA_padding_add_PKCS1_PSS(void)
+{
+    EXPECT_DECLS;
+#ifndef NO_RSA
+#if defined(OPENSSL_ALL) && defined(WC_RSA_PSS) && !defined(WC_NO_RNG)
+#if !defined(HAVE_FIPS) || (defined(HAVE_FIPS_VERSION) && (HAVE_FIPS_VERSION>2))
+    RSA *rsa = NULL;
+    const unsigned char *derBuf = client_key_der_2048;
+    unsigned char em[256] = {0}; /* len = 2048/8 */
+    /* Random data simulating a hash */
+    const unsigned char mHash[WC_SHA256_DIGEST_SIZE] = {
+        0x28, 0x6e, 0xfd, 0xf8, 0x76, 0xc7, 0x00, 0x3d, 0x91, 0x4e, 0x59, 0xe4,
+        0x8e, 0xb7, 0x40, 0x7b, 0xd1, 0x0c, 0x98, 0x4b, 0xe3, 0x3d, 0xb3, 0xeb,
+        0x6f, 0x8a, 0x3c, 0x42, 0xab, 0x21, 0xad, 0x28
+    };
+
+    ExpectNotNull(d2i_RSAPrivateKey(&rsa, &derBuf, sizeof_client_key_der_2048));
+    ExpectIntEQ(RSA_padding_add_PKCS1_PSS(NULL, em, mHash, EVP_sha256(),
+        RSA_PSS_SALTLEN_DIGEST), 0);
+    ExpectIntEQ(RSA_padding_add_PKCS1_PSS(rsa, NULL, mHash, EVP_sha256(),
+        RSA_PSS_SALTLEN_DIGEST), 0);
+    ExpectIntEQ(RSA_padding_add_PKCS1_PSS(rsa, em, NULL, EVP_sha256(),
+        RSA_PSS_SALTLEN_DIGEST), 0);
+    ExpectIntEQ(RSA_padding_add_PKCS1_PSS(rsa, em, mHash, NULL,
+        RSA_PSS_SALTLEN_DIGEST), 0);
+    ExpectIntEQ(RSA_padding_add_PKCS1_PSS(rsa, em, mHash, EVP_sha256(), -5), 0);
+
+    ExpectIntEQ(RSA_verify_PKCS1_PSS(NULL, mHash, EVP_sha256(), em,
+        RSA_PSS_SALTLEN_MAX_SIGN), 0);
+    ExpectIntEQ(RSA_verify_PKCS1_PSS(rsa, NULL, EVP_sha256(), em,
+        RSA_PSS_SALTLEN_MAX_SIGN), 0);
+    ExpectIntEQ(RSA_verify_PKCS1_PSS(rsa, mHash, NULL, em,
+        RSA_PSS_SALTLEN_MAX_SIGN), 0);
+    ExpectIntEQ(RSA_verify_PKCS1_PSS(rsa, mHash, EVP_sha256(), NULL,
+        RSA_PSS_SALTLEN_MAX_SIGN), 0);
+    ExpectIntEQ(RSA_verify_PKCS1_PSS(rsa, mHash, EVP_sha256(), em,
+        RSA_PSS_SALTLEN_MAX_SIGN), 0);
+    ExpectIntEQ(RSA_verify_PKCS1_PSS(rsa, mHash, EVP_sha256(), em, -5), 0);
+
+    ExpectIntEQ(RSA_padding_add_PKCS1_PSS(rsa, em, mHash, EVP_sha256(),
+        RSA_PSS_SALTLEN_DIGEST), 1);
+    ExpectIntEQ(RSA_verify_PKCS1_PSS(rsa, mHash, EVP_sha256(), em,
+        RSA_PSS_SALTLEN_DIGEST), 1);
+
+    ExpectIntEQ(RSA_padding_add_PKCS1_PSS(rsa, em, mHash, EVP_sha256(),
+        RSA_PSS_SALTLEN_MAX_SIGN), 1);
+    ExpectIntEQ(RSA_verify_PKCS1_PSS(rsa, mHash, EVP_sha256(), em,
+        RSA_PSS_SALTLEN_MAX_SIGN), 1);
+
+    ExpectIntEQ(RSA_padding_add_PKCS1_PSS(rsa, em, mHash, EVP_sha256(),
+        RSA_PSS_SALTLEN_MAX), 1);
+    ExpectIntEQ(RSA_verify_PKCS1_PSS(rsa, mHash, EVP_sha256(), em,
+        RSA_PSS_SALTLEN_MAX), 1);
+
+    ExpectIntEQ(RSA_padding_add_PKCS1_PSS(rsa, em, mHash, EVP_sha256(), 10), 1);
+    ExpectIntEQ(RSA_verify_PKCS1_PSS(rsa, mHash, EVP_sha256(), em, 10), 1);
+
+    RSA_free(rsa);
+#endif /* !HAVE_FIPS || HAVE_FIPS_VERSION > 2 */
+#endif /* OPENSSL_ALL && WC_RSA_PSS && !WC_NO_RNG*/
+#endif
+    return EXPECT_RESULT();
+}
+
+int test_wolfSSL_RSA_sign_sha3(void)
+{
+    EXPECT_DECLS;
+#if !defined(NO_RSA) && defined(WOLFSSL_SHA3) && !defined(WOLFSSL_NOSHA3_256)
+#if defined(OPENSSL_ALL) && defined(WC_RSA_PSS) && !defined(WC_NO_RNG)
+    RSA* rsa = NULL;
+    const unsigned char *derBuf = client_key_der_2048;
+    unsigned char sigRet[256] = {0};
+    unsigned int sigLen = sizeof(sigRet);
+    /* Random data simulating a hash */
+    const unsigned char mHash[WC_SHA3_256_DIGEST_SIZE] = {
+        0x28, 0x6e, 0xfd, 0xf8, 0x76, 0xc7, 0x00, 0x3d, 0x91, 0x4e, 0x59, 0xe4,
+        0x8e, 0xb7, 0x40, 0x7b, 0xd1, 0x0c, 0x98, 0x4b, 0xe3, 0x3d, 0xb3, 0xeb,
+        0x6f, 0x8a, 0x3c, 0x42, 0xab, 0x21, 0xad, 0x28
+    };
+
+    ExpectNotNull(d2i_RSAPrivateKey(&rsa, &derBuf, sizeof_client_key_der_2048));
+    ExpectIntEQ(RSA_sign(NID_sha3_256, mHash, sizeof(mHash), sigRet, &sigLen,
+        rsa), 1);
+
+    RSA_free(rsa);
+#endif /* OPENSSL_ALL && WC_RSA_PSS && !WC_NO_RNG*/
+#endif /* !NO_RSA && WOLFSSL_SHA3 && !WOLFSSL_NOSHA3_256*/
+    return EXPECT_RESULT();
+}
+
+int test_wolfSSL_RSA_get0_key(void)
+{
+    EXPECT_DECLS;
+#if defined(OPENSSL_EXTRA) && !defined(NO_RSA)
+    RSA *rsa = NULL;
+    const BIGNUM* n = NULL;
+    const BIGNUM* e = NULL;
+    const BIGNUM* d = NULL;
+
+    const unsigned char* der;
+    int derSz;
+
+#ifdef USE_CERT_BUFFERS_1024
+    der = client_key_der_1024;
+    derSz = sizeof_client_key_der_1024;
+#elif defined(USE_CERT_BUFFERS_2048)
+    der = client_key_der_2048;
+    derSz = sizeof_client_key_der_2048;
+#else
+    der = NULL;
+    derSz = 0;
+#endif
+
+    if (der != NULL) {
+        RSA_get0_key(NULL, NULL, NULL, NULL);
+        RSA_get0_key(rsa, NULL, NULL, NULL);
+        RSA_get0_key(NULL, &n, &e, &d);
+        ExpectNull(n);
+        ExpectNull(e);
+        ExpectNull(d);
+
+        ExpectNotNull(d2i_RSAPrivateKey(&rsa, &der, derSz));
+        ExpectNotNull(rsa);
+
+        RSA_get0_key(rsa, NULL, NULL, NULL);
+        RSA_get0_key(rsa, &n, NULL, NULL);
+        ExpectNotNull(n);
+        RSA_get0_key(rsa, NULL, &e, NULL);
+        ExpectNotNull(e);
+        RSA_get0_key(rsa, NULL, NULL, &d);
+        ExpectNotNull(d);
+        RSA_get0_key(rsa, &n, &e, &d);
+        ExpectNotNull(n);
+        ExpectNotNull(e);
+        ExpectNotNull(d);
+
+        RSA_free(rsa);
+    }
+#endif
+    return EXPECT_RESULT();
+}
+
+int test_wolfSSL_RSA_meth(void)
+{
+    EXPECT_DECLS;
+#if defined(OPENSSL_EXTRA) && !defined(NO_RSA)
+    RSA *rsa = NULL;
+    RSA_METHOD *rsa_meth = NULL;
+
+#ifdef WOLFSSL_KEY_GEN
+    ExpectNotNull(rsa = RSA_generate_key(2048, 3, NULL, NULL));
+    RSA_free(rsa);
+    rsa = NULL;
+#else
+    ExpectNull(rsa = RSA_generate_key(2048, 3, NULL, NULL));
+#endif
+
+    ExpectNotNull(RSA_get_default_method());
+
+    wolfSSL_RSA_meth_free(NULL);
+
+    ExpectNull(wolfSSL_RSA_meth_new(NULL, 0));
+
+    ExpectNotNull(rsa_meth = RSA_meth_new("placeholder RSA method",
+        RSA_METHOD_FLAG_NO_CHECK));
+
+#ifndef NO_WOLFSSL_STUB
+    ExpectIntEQ(RSA_meth_set_pub_enc(rsa_meth, NULL), 1);
+    ExpectIntEQ(RSA_meth_set_pub_dec(rsa_meth, NULL), 1);
+    ExpectIntEQ(RSA_meth_set_priv_enc(rsa_meth, NULL), 1);
+    ExpectIntEQ(RSA_meth_set_priv_dec(rsa_meth, NULL), 1);
+    ExpectIntEQ(RSA_meth_set_init(rsa_meth, NULL), 1);
+    ExpectIntEQ(RSA_meth_set_finish(rsa_meth, NULL), 1);
+    ExpectIntEQ(RSA_meth_set0_app_data(rsa_meth, NULL), 1);
+#endif
+
+    ExpectIntEQ(RSA_flags(NULL), 0);
+    RSA_set_flags(NULL, RSA_FLAG_CACHE_PUBLIC);
+    RSA_clear_flags(NULL, RSA_FLAG_CACHE_PUBLIC);
+    ExpectIntEQ(RSA_test_flags(NULL, RSA_FLAG_CACHE_PUBLIC), 0);
+
+    ExpectNotNull(rsa = RSA_new());
+    /* No method set. */
+    ExpectIntEQ(RSA_flags(rsa), 0);
+    RSA_set_flags(rsa, RSA_FLAG_CACHE_PUBLIC);
+    RSA_clear_flags(rsa, RSA_FLAG_CACHE_PUBLIC);
+    ExpectIntEQ(RSA_test_flags(rsa, RSA_FLAG_CACHE_PUBLIC), 0);
+
+    ExpectIntEQ(RSA_set_method(NULL, rsa_meth), 1);
+    ExpectIntEQ(RSA_set_method(rsa, rsa_meth), 1);
+    if (EXPECT_FAIL()) {
+        wolfSSL_RSA_meth_free(rsa_meth);
+    }
+    ExpectNull(RSA_get_method(NULL));
+    ExpectPtrEq(RSA_get_method(rsa), rsa_meth);
+    ExpectIntEQ(RSA_flags(rsa), RSA_METHOD_FLAG_NO_CHECK);
+    RSA_set_flags(rsa, RSA_FLAG_CACHE_PUBLIC);
+    ExpectIntNE(RSA_test_flags(rsa, RSA_FLAG_CACHE_PUBLIC), 0);
+    ExpectIntEQ(RSA_flags(rsa), RSA_FLAG_CACHE_PUBLIC |
+                                RSA_METHOD_FLAG_NO_CHECK);
+    RSA_clear_flags(rsa, RSA_FLAG_CACHE_PUBLIC);
+    ExpectIntEQ(RSA_test_flags(rsa, RSA_FLAG_CACHE_PUBLIC), 0);
+    ExpectIntNE(RSA_flags(rsa), RSA_FLAG_CACHE_PUBLIC);
+
+    /* rsa_meth is freed here */
+    RSA_free(rsa);
+#endif
+    return EXPECT_RESULT();
+}
+
+int test_wolfSSL_RSA_verify(void)
+{
+    EXPECT_DECLS;
+#if defined(OPENSSL_EXTRA) && !defined(NO_RSA) && !defined(NO_FILESYSTEM)
+#ifndef NO_BIO
+    XFILE fp = XBADFILE;
+    RSA *pKey = NULL;
+    RSA *pubKey = NULL;
+    X509 *cert = NULL;
+    const char *text = "Hello wolfSSL !";
+    unsigned char hash[SHA256_DIGEST_LENGTH];
+    unsigned char signature[2048/8];
+    unsigned int signatureLength;
+    byte *buf = NULL;
+    BIO *bio = NULL;
+    SHA256_CTX c;
+    EVP_PKEY *evpPkey = NULL;
+    EVP_PKEY *evpPubkey = NULL;
+    long lsz = 0;
+    size_t sz;
+
+    /* generate hash */
+    SHA256_Init(&c);
+    SHA256_Update(&c, text, strlen(text));
+    SHA256_Final(hash, &c);
+#ifdef WOLFSSL_SMALL_STACK_CACHE
+    /* workaround for small stack cache case */
+    wc_Sha256Free((wc_Sha256*)&c);
+#endif
+
+    /* read private key file */
+    ExpectTrue((fp = XFOPEN(svrKeyFile, "rb")) != XBADFILE);
+    ExpectIntEQ(XFSEEK(fp, 0, XSEEK_END), 0);
+    ExpectTrue((lsz = XFTELL(fp)) > 0);
+    sz = (size_t)lsz;
+    ExpectIntEQ(XFSEEK(fp, 0, XSEEK_SET), 0);
+    ExpectNotNull(buf = (byte*)XMALLOC(sz, NULL, DYNAMIC_TYPE_FILE));
+    ExpectIntEQ(XFREAD(buf, 1, sz, fp), sz);
+    if (fp != XBADFILE) {
+        XFCLOSE(fp);
+        fp = XBADFILE;
+    }
+
+    /* read private key and sign hash data */
+    ExpectNotNull(bio = BIO_new_mem_buf(buf, (int)sz));
+    ExpectNotNull(evpPkey = PEM_read_bio_PrivateKey(bio, NULL, NULL, NULL));
+    ExpectNotNull(pKey = EVP_PKEY_get1_RSA(evpPkey));
+    ExpectIntEQ(RSA_sign(NID_sha256, hash, SHA256_DIGEST_LENGTH,
+        signature, &signatureLength, pKey), SSL_SUCCESS);
+
+    /* read public key and verify signed data */
+    ExpectTrue((fp = XFOPEN(svrCertFile,"rb")) != XBADFILE);
+    ExpectNotNull(cert = PEM_read_X509(fp, 0, 0, 0 ));
+    if (fp != XBADFILE)
+        XFCLOSE(fp);
+    ExpectNull(X509_get_pubkey(NULL));
+    ExpectNotNull(evpPubkey = X509_get_pubkey(cert));
+    ExpectNotNull(pubKey = EVP_PKEY_get1_RSA(evpPubkey));
+    ExpectIntEQ(RSA_verify(NID_sha256, hash, SHA256_DIGEST_LENGTH, signature,
+        signatureLength, pubKey), SSL_SUCCESS);
+
+    ExpectIntEQ(RSA_verify(NID_sha256, NULL, SHA256_DIGEST_LENGTH, NULL,
+        signatureLength, NULL), WC_NO_ERR_TRACE(WOLFSSL_FAILURE));
+    ExpectIntEQ(RSA_verify(NID_sha256, NULL, SHA256_DIGEST_LENGTH, signature,
+        signatureLength, pubKey), WC_NO_ERR_TRACE(WOLFSSL_FAILURE));
+    ExpectIntEQ(RSA_verify(NID_sha256, hash, SHA256_DIGEST_LENGTH, NULL,
+        signatureLength, pubKey), WC_NO_ERR_TRACE(WOLFSSL_FAILURE));
+    ExpectIntEQ(RSA_verify(NID_sha256, hash, SHA256_DIGEST_LENGTH, signature,
+        signatureLength, NULL), WC_NO_ERR_TRACE(WOLFSSL_FAILURE));
+
+
+    RSA_free(pKey);
+    EVP_PKEY_free(evpPkey);
+    RSA_free(pubKey);
+    EVP_PKEY_free(evpPubkey);
+    X509_free(cert);
+    BIO_free(bio);
+    XFREE(buf, NULL, DYNAMIC_TYPE_FILE);
+#endif
+#endif
+    return EXPECT_RESULT();
+}
+
+int test_wolfSSL_RSA_sign(void)
+{
+    EXPECT_DECLS;
+#if defined(OPENSSL_EXTRA) && !defined(NO_RSA)
+    RSA *rsa;
+    unsigned char hash[SHA256_DIGEST_LENGTH];
+#ifdef USE_CERT_BUFFERS_1024
+    const unsigned char* privDer = client_key_der_1024;
+    size_t privDerSz = sizeof_client_key_der_1024;
+    const unsigned char* pubDer = client_keypub_der_1024;
+    size_t pubDerSz = sizeof_client_keypub_der_1024;
+    unsigned char signature[1024/8];
+#else
+    const unsigned char* privDer = client_key_der_2048;
+    size_t privDerSz = sizeof_client_key_der_2048;
+    const unsigned char* pubDer = client_keypub_der_2048;
+    size_t pubDerSz = sizeof_client_keypub_der_2048;
+    unsigned char signature[2048/8];
+#endif
+    unsigned int signatureLen;
+    const unsigned char* der;
+
+    XMEMSET(hash, 0, sizeof(hash));
+
+    der = privDer;
+    rsa = NULL;
+    ExpectNotNull(d2i_RSAPrivateKey(&rsa, &der, privDerSz));
+
+    /* Invalid parameters. */
+    ExpectIntEQ(RSA_sign(NID_rsaEncryption, NULL, 0, NULL, NULL, NULL), 0);
+    ExpectIntEQ(RSA_sign(NID_rsaEncryption, hash, sizeof(hash), signature,
+        &signatureLen, rsa), 0);
+    ExpectIntEQ(RSA_sign(NID_sha256, NULL, sizeof(hash), signature,
+        &signatureLen, rsa), 0);
+    ExpectIntEQ(RSA_sign(NID_sha256, hash, sizeof(hash), NULL,
+        &signatureLen, rsa), 0);
+    ExpectIntEQ(RSA_sign(NID_sha256, hash, sizeof(hash), signature,
+        NULL, rsa), 0);
+    ExpectIntEQ(RSA_sign(NID_sha256, hash, sizeof(hash), signature,
+        &signatureLen, NULL), 0);
+
+    ExpectIntEQ(RSA_sign(NID_sha256, hash, sizeof(hash), signature,
+        &signatureLen, rsa), 1);
+
+    RSA_free(rsa);
+    der = pubDer;
+    rsa = NULL;
+    ExpectNotNull(d2i_RSAPublicKey(&rsa, &der, pubDerSz));
+
+    ExpectIntEQ(RSA_verify(NID_sha256, hash, sizeof(hash), signature,
+        signatureLen, rsa), 1);
+
+    RSA_free(rsa);
+#endif
+    return EXPECT_RESULT();
+}
+
+int test_wolfSSL_RSA_sign_ex(void)
+{
+    EXPECT_DECLS;
+#if defined(OPENSSL_EXTRA) && !defined(NO_RSA)
+    RSA *rsa = NULL;
+    unsigned char hash[SHA256_DIGEST_LENGTH];
+#ifdef USE_CERT_BUFFERS_1024
+    const unsigned char* privDer = client_key_der_1024;
+    size_t privDerSz = sizeof_client_key_der_1024;
+    const unsigned char* pubDer = client_keypub_der_1024;
+    size_t pubDerSz = sizeof_client_keypub_der_1024;
+    unsigned char signature[1024/8];
+#else
+    const unsigned char* privDer = client_key_der_2048;
+    size_t privDerSz = sizeof_client_key_der_2048;
+    const unsigned char* pubDer = client_keypub_der_2048;
+    size_t pubDerSz = sizeof_client_keypub_der_2048;
+    unsigned char signature[2048/8];
+#endif
+    unsigned int signatureLen;
+    const unsigned char* der;
+    unsigned char encodedHash[51];
+    unsigned int encodedHashLen;
+    const unsigned char expEncHash[] = {
+        0x30, 0x31, 0x30, 0x0d, 0x06, 0x09, 0x60, 0x86,
+        0x48, 0x01, 0x65, 0x03, 0x04, 0x02, 0x01, 0x05,
+        0x00, 0x04, 0x20,
+        /* Hash data */
+        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+    };
+
+    XMEMSET(hash, 0, sizeof(hash));
+
+    ExpectNotNull(rsa = wolfSSL_RSA_new());
+    ExpectIntEQ(wolfSSL_RSA_sign_ex(NID_sha256, hash, sizeof(hash), signature,
+        &signatureLen, rsa, 1), 0);
+    wolfSSL_RSA_free(rsa);
+
+    der = privDer;
+    rsa = NULL;
+    ExpectNotNull(d2i_RSAPrivateKey(&rsa, &der, privDerSz));
+
+    ExpectIntEQ(wolfSSL_RSA_sign_ex(NID_rsaEncryption,NULL, 0, NULL, NULL, NULL,
+        -1), 0);
+    ExpectIntEQ(wolfSSL_RSA_sign_ex(NID_rsaEncryption, hash, sizeof(hash),
+        signature, &signatureLen, rsa, 1), 0);
+    ExpectIntEQ(wolfSSL_RSA_sign_ex(NID_sha256, NULL, sizeof(hash), signature,
+        &signatureLen, rsa, 1), 0);
+    ExpectIntEQ(wolfSSL_RSA_sign_ex(NID_sha256, hash, sizeof(hash), NULL,
+        &signatureLen, rsa, 1), 0);
+    ExpectIntEQ(wolfSSL_RSA_sign_ex(NID_sha256, hash, sizeof(hash), signature,
+        NULL, rsa, 1), 0);
+    ExpectIntEQ(wolfSSL_RSA_sign_ex(NID_sha256, hash, sizeof(hash), signature,
+        &signatureLen, NULL, 1), 0);
+    ExpectIntEQ(wolfSSL_RSA_sign_ex(NID_sha256, hash, sizeof(hash), signature,
+        &signatureLen, rsa, -1), 0);
+    ExpectIntEQ(wolfSSL_RSA_sign_ex(NID_sha256, NULL, sizeof(hash), signature,
+        &signatureLen, rsa, 0), 0);
+    ExpectIntEQ(wolfSSL_RSA_sign_ex(NID_sha256, hash, sizeof(hash), NULL,
+        &signatureLen, rsa, 0), 0);
+    ExpectIntEQ(wolfSSL_RSA_sign_ex(NID_sha256, hash, sizeof(hash), signature,
+        NULL, rsa, 0), 0);
+
+    ExpectIntEQ(wolfSSL_RSA_sign_ex(NID_sha256, hash, sizeof(hash), signature,
+        &signatureLen, rsa, 1), 1);
+    /* Test returning encoded hash. */
+    ExpectIntEQ(wolfSSL_RSA_sign_ex(NID_sha256, hash, sizeof(hash), encodedHash,
+        &encodedHashLen, rsa, 0), 1);
+    ExpectIntEQ(encodedHashLen, sizeof(expEncHash));
+    ExpectIntEQ(XMEMCMP(encodedHash, expEncHash, sizeof(expEncHash)), 0);
+
+    RSA_free(rsa);
+    der = pubDer;
+    rsa = NULL;
+    ExpectNotNull(d2i_RSAPublicKey(&rsa, &der, pubDerSz));
+
+    ExpectIntEQ(RSA_verify(NID_sha256, hash, sizeof(hash), signature,
+        signatureLen, rsa), 1);
+
+    RSA_free(rsa);
+#endif
+    return EXPECT_RESULT();
+}
+
+
+int test_wolfSSL_RSA_public_decrypt(void)
+{
+    EXPECT_DECLS;
+#if defined(OPENSSL_EXTRA) && !defined(NO_RSA)
+    RSA *rsa;
+    unsigned char msg[SHA256_DIGEST_LENGTH];
+#ifdef USE_CERT_BUFFERS_1024
+    const unsigned char* pubDer = client_keypub_der_1024;
+    size_t pubDerSz = sizeof_client_keypub_der_1024;
+    unsigned char decMsg[1024/8];
+    const unsigned char encMsg[] = {
+        0x45, 0x8e, 0x6e, 0x7a, 0x9c, 0xe1, 0x67, 0x36,
+        0x72, 0xfc, 0x9d, 0x05, 0xdf, 0xc2, 0xaf, 0x54,
+        0xc5, 0x2f, 0x94, 0xb8, 0xc7, 0x82, 0x40, 0xfa,
+        0xa7, 0x8c, 0xb1, 0x89, 0x40, 0xc3, 0x59, 0x5a,
+        0x77, 0x08, 0x54, 0x93, 0x43, 0x7f, 0xc4, 0xb7,
+        0xc4, 0x78, 0xf1, 0xf8, 0xab, 0xbf, 0xc2, 0x81,
+        0x5d, 0x97, 0xea, 0x7a, 0x60, 0x90, 0x51, 0xb7,
+        0x47, 0x78, 0x48, 0x1e, 0x88, 0x6b, 0x89, 0xde,
+        0xce, 0x41, 0x41, 0xae, 0x49, 0xf6, 0xfd, 0x2d,
+        0x2d, 0x9c, 0x70, 0x7d, 0xf9, 0xcf, 0x77, 0x5f,
+        0x06, 0xc7, 0x20, 0xe3, 0x57, 0xd4, 0xd8, 0x1a,
+        0x96, 0xa2, 0x39, 0xb0, 0x6e, 0x8e, 0x68, 0xf8,
+        0x57, 0x7b, 0x26, 0x88, 0x17, 0xc4, 0xb7, 0xf1,
+        0x59, 0xfa, 0xb6, 0x95, 0xdd, 0x1e, 0xe8, 0xd8,
+        0x4e, 0xbd, 0xcd, 0x41, 0xad, 0xc7, 0xe2, 0x39,
+        0xb8, 0x00, 0xca, 0xf5, 0x59, 0xdf, 0xf8, 0x43
+    };
+#if !defined(HAVE_SELFTEST) && (!defined(HAVE_FIPS) || \
+    (defined(HAVE_FIPS_VERSION) && HAVE_FIPS_VERSION > 2)) && \
+    defined(WC_RSA_NO_PADDING)
+    const unsigned char encMsgNoPad[] = {
+        0x0d, 0x41, 0x5a, 0xc7, 0x60, 0xd7, 0xbe, 0xb6,
+        0x42, 0xd1, 0x65, 0xb1, 0x7e, 0x59, 0x54, 0xcc,
+        0x76, 0x62, 0xd0, 0x2f, 0x4d, 0xe3, 0x23, 0x62,
+        0xc8, 0x14, 0xfe, 0x5e, 0xa1, 0xc7, 0x05, 0xee,
+        0x9e, 0x28, 0x2e, 0xf5, 0xfd, 0xa4, 0xc0, 0x43,
+        0x55, 0xa2, 0x6b, 0x6b, 0x16, 0xa7, 0x63, 0x06,
+        0xa7, 0x78, 0x4f, 0xda, 0xae, 0x10, 0x6d, 0xd1,
+        0x2e, 0x1d, 0xbb, 0xbc, 0xc4, 0x1d, 0x82, 0xe4,
+        0xc6, 0x76, 0x77, 0xa6, 0x0a, 0xef, 0xd2, 0x89,
+        0xff, 0x30, 0x85, 0x22, 0xa0, 0x68, 0x88, 0x54,
+        0xa3, 0xd1, 0x92, 0xd1, 0x3f, 0x57, 0xe4, 0xc7,
+        0x43, 0x5a, 0x8b, 0xb3, 0x86, 0xaf, 0xd5, 0x6d,
+        0x07, 0xe1, 0xa0, 0x5f, 0xe1, 0x9a, 0x06, 0xba,
+        0x56, 0xd2, 0xb0, 0x73, 0xf5, 0xb3, 0xd0, 0x5f,
+        0xc0, 0xbf, 0x22, 0x4c, 0x54, 0x4e, 0x11, 0xe2,
+        0xc5, 0xf8, 0x66, 0x39, 0x9d, 0x70, 0x90, 0x31
+    };
+#endif
+#else
+    const unsigned char* pubDer = client_keypub_der_2048;
+    size_t pubDerSz = sizeof_client_keypub_der_2048;
+    unsigned char decMsg[2048/8];
+    const unsigned char encMsg[] = {
+        0x16, 0x5d, 0xbb, 0x00, 0x38, 0x73, 0x01, 0x34,
+        0xca, 0x59, 0xc6, 0x8b, 0x64, 0x70, 0x89, 0xf5,
+        0x50, 0x2d, 0x1d, 0x69, 0x1f, 0x07, 0x1e, 0x31,
+        0xae, 0x9b, 0xa6, 0x6e, 0xee, 0x80, 0xd9, 0x9e,
+        0x59, 0x33, 0x70, 0x30, 0x28, 0x42, 0x7d, 0x24,
+        0x36, 0x95, 0x6b, 0xf9, 0x0a, 0x23, 0xcb, 0xce,
+        0x66, 0xa5, 0x07, 0x5e, 0x11, 0xa7, 0xdc, 0xfb,
+        0xd9, 0xc2, 0x51, 0xf0, 0x05, 0xc9, 0x39, 0xb3,
+        0xae, 0xff, 0xfb, 0xe9, 0xb1, 0x9a, 0x54, 0xac,
+        0x1d, 0xca, 0x42, 0x1a, 0xfd, 0x7c, 0x97, 0xa0,
+        0x60, 0x2b, 0xcd, 0xb6, 0x36, 0x33, 0xfc, 0x44,
+        0x69, 0xf7, 0x2e, 0x8c, 0x3b, 0x5f, 0xb4, 0x9f,
+        0xa7, 0x02, 0x8f, 0x6d, 0x6b, 0x79, 0x10, 0x32,
+        0x7d, 0xf4, 0x5d, 0xa1, 0x63, 0x22, 0x59, 0xc4,
+        0x44, 0x8e, 0x44, 0x24, 0x8b, 0x14, 0x9d, 0x2b,
+        0xb5, 0xd3, 0xad, 0x9a, 0x87, 0x0d, 0xe7, 0x70,
+        0x6d, 0xe9, 0xae, 0xaa, 0x52, 0xbf, 0x1a, 0x9b,
+        0xc8, 0x3d, 0x45, 0x7c, 0xd1, 0x90, 0xe3, 0xd9,
+        0x57, 0xcf, 0xc3, 0x29, 0x69, 0x05, 0x07, 0x96,
+        0x2e, 0x46, 0x74, 0x0a, 0xa7, 0x76, 0x8b, 0xc0,
+        0x1c, 0x04, 0x80, 0x08, 0xa0, 0x94, 0x7e, 0xbb,
+        0x2d, 0x99, 0xe9, 0xab, 0x18, 0x4d, 0x48, 0x2d,
+        0x94, 0x5e, 0x50, 0x21, 0x42, 0xdf, 0xf5, 0x61,
+        0x42, 0x7d, 0x86, 0x5d, 0x9e, 0x89, 0xc9, 0x5b,
+        0x24, 0xab, 0xa1, 0xd8, 0x20, 0x45, 0xcb, 0x81,
+        0xcf, 0xc5, 0x25, 0x7d, 0x11, 0x6e, 0xbd, 0x80,
+        0xac, 0xba, 0xdc, 0xef, 0xb9, 0x05, 0x9c, 0xd5,
+        0xc2, 0x26, 0x57, 0x69, 0x8b, 0x08, 0x27, 0xc7,
+        0xea, 0xbe, 0xaf, 0x52, 0x21, 0x95, 0x9f, 0xa0,
+        0x2f, 0x2f, 0x53, 0x7c, 0x2f, 0xa3, 0x0b, 0x79,
+        0x39, 0x01, 0xa3, 0x37, 0x46, 0xa8, 0xc4, 0x34,
+        0x41, 0x20, 0x7c, 0x3f, 0x70, 0x9a, 0x47, 0xe8
+    };
+#if !defined(HAVE_SELFTEST) && (!defined(HAVE_FIPS) || \
+    (defined(HAVE_FIPS_VERSION) && HAVE_FIPS_VERSION > 2)) && \
+    defined(WC_RSA_NO_PADDING)
+    const unsigned char encMsgNoPad[] = {
+        0x79, 0x69, 0xdc, 0x0d, 0xff, 0x09, 0xeb, 0x91,
+        0xbc, 0xda, 0xe4, 0xd3, 0xcd, 0xd5, 0xd3, 0x1c,
+        0xb9, 0x66, 0xa8, 0x02, 0xf3, 0x75, 0x40, 0xf1,
+        0x38, 0x4a, 0x37, 0x7b, 0x19, 0xc8, 0xcd, 0xea,
+        0x79, 0xa8, 0x51, 0x32, 0x00, 0x3f, 0x4c, 0xde,
+        0xaa, 0xe5, 0xe2, 0x7c, 0x10, 0xcd, 0x6e, 0x00,
+        0xc6, 0xc4, 0x63, 0x98, 0x58, 0x9b, 0x38, 0xca,
+        0xf0, 0x5d, 0xc8, 0xf0, 0x57, 0xf6, 0x21, 0x50,
+        0x3f, 0x63, 0x05, 0x9f, 0xbf, 0xb6, 0x3b, 0x50,
+        0x85, 0x06, 0x34, 0x08, 0x57, 0xb9, 0x44, 0xce,
+        0xe4, 0x66, 0xbf, 0x0c, 0xfe, 0x36, 0xa4, 0x5b,
+        0xed, 0x2d, 0x7d, 0xed, 0xf1, 0xbd, 0xda, 0x3e,
+        0x19, 0x1f, 0x99, 0xc8, 0xe4, 0xc2, 0xbb, 0xb5,
+        0x6c, 0x83, 0x22, 0xd1, 0xe7, 0x57, 0xcf, 0x1b,
+        0x91, 0x0c, 0xa5, 0x47, 0x06, 0x71, 0x8f, 0x93,
+        0xf3, 0xad, 0xdb, 0xe3, 0xf8, 0xa0, 0x0b, 0xcd,
+        0x89, 0x4e, 0xa5, 0xb5, 0x03, 0x68, 0x61, 0x89,
+        0x0b, 0xe2, 0x03, 0x8b, 0x1f, 0x54, 0xae, 0x0f,
+        0xfa, 0xf0, 0xb7, 0x0f, 0x8c, 0x84, 0x35, 0x13,
+        0x8d, 0x65, 0x1f, 0x2c, 0xd5, 0xce, 0xc4, 0x6c,
+        0x98, 0x67, 0xe4, 0x1a, 0x85, 0x67, 0x69, 0x17,
+        0x17, 0x5a, 0x5d, 0xfd, 0x23, 0xdd, 0x03, 0x3f,
+        0x6d, 0x7a, 0xb6, 0x8b, 0x99, 0xc0, 0xb6, 0x70,
+        0x86, 0xac, 0xf6, 0x02, 0xc2, 0x28, 0x42, 0xed,
+        0x06, 0xcf, 0xca, 0x3d, 0x07, 0x16, 0xf0, 0x0e,
+        0x04, 0x55, 0x1e, 0x59, 0x3f, 0x32, 0xc7, 0x12,
+        0xc5, 0x0d, 0x9d, 0x64, 0x7d, 0x2e, 0xd4, 0xbc,
+        0x8c, 0x24, 0x42, 0x94, 0x2b, 0xf6, 0x11, 0x7f,
+        0xb1, 0x1c, 0x09, 0x12, 0x6f, 0x5e, 0x2e, 0x7a,
+        0xc6, 0x01, 0xe0, 0x98, 0x31, 0xb7, 0x13, 0x03,
+        0xce, 0x29, 0xe1, 0xef, 0x9d, 0xdf, 0x9b, 0xa5,
+        0xba, 0x0b, 0xad, 0xf2, 0xeb, 0x2f, 0xf9, 0xd1
+    };
+#endif
+#endif
+    const unsigned char* der;
+#if !defined(HAVE_SELFTEST) && (!defined(HAVE_FIPS) || \
+    (defined(HAVE_FIPS_VERSION) && HAVE_FIPS_VERSION > 2)) && \
+    defined(WC_RSA_NO_PADDING)
+    int i;
+#endif
+
+    XMEMSET(msg, 0, sizeof(msg));
+
+    der = pubDer;
+    rsa = NULL;
+    ExpectNotNull(d2i_RSAPublicKey(&rsa, &der, pubDerSz));
+
+    ExpectIntEQ(RSA_public_decrypt(0, NULL, NULL, NULL, 0), -1);
+    ExpectIntEQ(RSA_public_decrypt(-1, encMsg, decMsg, rsa,
+        RSA_PKCS1_PADDING), -1);
+    ExpectIntEQ(RSA_public_decrypt(sizeof(encMsg), NULL, decMsg, rsa,
+        RSA_PKCS1_PADDING), -1);
+    ExpectIntEQ(RSA_public_decrypt(sizeof(encMsg), encMsg, NULL, rsa,
+        RSA_PKCS1_PADDING), -1);
+    ExpectIntEQ(RSA_public_decrypt(sizeof(encMsg), encMsg, decMsg, NULL,
+        RSA_PKCS1_PADDING), -1);
+    ExpectIntEQ(RSA_public_decrypt(sizeof(encMsg), encMsg, decMsg, rsa,
+        RSA_PKCS1_PSS_PADDING), -1);
+
+    ExpectIntEQ(RSA_public_decrypt(sizeof(encMsg), encMsg, decMsg, rsa,
+        RSA_PKCS1_PADDING), 32);
+    ExpectIntEQ(XMEMCMP(decMsg, msg, sizeof(msg)), 0);
+
+#if !defined(HAVE_SELFTEST) && (!defined(HAVE_FIPS) || \
+    (defined(HAVE_FIPS_VERSION) && HAVE_FIPS_VERSION > 2)) && \
+    defined(WC_RSA_NO_PADDING)
+    ExpectIntEQ(RSA_public_decrypt(sizeof(encMsgNoPad), encMsgNoPad, decMsg,
+        rsa, RSA_NO_PADDING), sizeof(decMsg));
+    /* Zeros before actual data. */
+    for (i = 0; i < (int)(sizeof(decMsg) - sizeof(msg)); i += sizeof(msg)) {
+        ExpectIntEQ(XMEMCMP(decMsg + i, msg, sizeof(msg)), 0);
+    }
+    /* Check actual data. */
+    XMEMSET(msg, 0x01, sizeof(msg));
+    ExpectIntEQ(XMEMCMP(decMsg + i, msg, sizeof(msg)), 0);
+#endif
+
+    RSA_free(rsa);
+#endif
+    return EXPECT_RESULT();
+}
+
+int test_wolfSSL_RSA_private_encrypt(void)
+{
+    EXPECT_DECLS;
+#if defined(OPENSSL_EXTRA) && !defined(NO_RSA)
+    RSA *rsa;
+    unsigned char msg[SHA256_DIGEST_LENGTH];
+#ifdef USE_CERT_BUFFERS_1024
+    const unsigned char* privDer = client_key_der_1024;
+    size_t privDerSz = sizeof_client_key_der_1024;
+    unsigned char encMsg[1024/8];
+    const unsigned char expEncMsg[] = {
+        0x45, 0x8e, 0x6e, 0x7a, 0x9c, 0xe1, 0x67, 0x36,
+        0x72, 0xfc, 0x9d, 0x05, 0xdf, 0xc2, 0xaf, 0x54,
+        0xc5, 0x2f, 0x94, 0xb8, 0xc7, 0x82, 0x40, 0xfa,
+        0xa7, 0x8c, 0xb1, 0x89, 0x40, 0xc3, 0x59, 0x5a,
+        0x77, 0x08, 0x54, 0x93, 0x43, 0x7f, 0xc4, 0xb7,
+        0xc4, 0x78, 0xf1, 0xf8, 0xab, 0xbf, 0xc2, 0x81,
+        0x5d, 0x97, 0xea, 0x7a, 0x60, 0x90, 0x51, 0xb7,
+        0x47, 0x78, 0x48, 0x1e, 0x88, 0x6b, 0x89, 0xde,
+        0xce, 0x41, 0x41, 0xae, 0x49, 0xf6, 0xfd, 0x2d,
+        0x2d, 0x9c, 0x70, 0x7d, 0xf9, 0xcf, 0x77, 0x5f,
+        0x06, 0xc7, 0x20, 0xe3, 0x57, 0xd4, 0xd8, 0x1a,
+        0x96, 0xa2, 0x39, 0xb0, 0x6e, 0x8e, 0x68, 0xf8,
+        0x57, 0x7b, 0x26, 0x88, 0x17, 0xc4, 0xb7, 0xf1,
+        0x59, 0xfa, 0xb6, 0x95, 0xdd, 0x1e, 0xe8, 0xd8,
+        0x4e, 0xbd, 0xcd, 0x41, 0xad, 0xc7, 0xe2, 0x39,
+        0xb8, 0x00, 0xca, 0xf5, 0x59, 0xdf, 0xf8, 0x43
+    };
+#ifdef WC_RSA_NO_PADDING
+    const unsigned char expEncMsgNoPad[] = {
+        0x0d, 0x41, 0x5a, 0xc7, 0x60, 0xd7, 0xbe, 0xb6,
+        0x42, 0xd1, 0x65, 0xb1, 0x7e, 0x59, 0x54, 0xcc,
+        0x76, 0x62, 0xd0, 0x2f, 0x4d, 0xe3, 0x23, 0x62,
+        0xc8, 0x14, 0xfe, 0x5e, 0xa1, 0xc7, 0x05, 0xee,
+        0x9e, 0x28, 0x2e, 0xf5, 0xfd, 0xa4, 0xc0, 0x43,
+        0x55, 0xa2, 0x6b, 0x6b, 0x16, 0xa7, 0x63, 0x06,
+        0xa7, 0x78, 0x4f, 0xda, 0xae, 0x10, 0x6d, 0xd1,
+        0x2e, 0x1d, 0xbb, 0xbc, 0xc4, 0x1d, 0x82, 0xe4,
+        0xc6, 0x76, 0x77, 0xa6, 0x0a, 0xef, 0xd2, 0x89,
+        0xff, 0x30, 0x85, 0x22, 0xa0, 0x68, 0x88, 0x54,
+        0xa3, 0xd1, 0x92, 0xd1, 0x3f, 0x57, 0xe4, 0xc7,
+        0x43, 0x5a, 0x8b, 0xb3, 0x86, 0xaf, 0xd5, 0x6d,
+        0x07, 0xe1, 0xa0, 0x5f, 0xe1, 0x9a, 0x06, 0xba,
+        0x56, 0xd2, 0xb0, 0x73, 0xf5, 0xb3, 0xd0, 0x5f,
+        0xc0, 0xbf, 0x22, 0x4c, 0x54, 0x4e, 0x11, 0xe2,
+        0xc5, 0xf8, 0x66, 0x39, 0x9d, 0x70, 0x90, 0x31
+    };
+#endif
+#else
+    const unsigned char* privDer = client_key_der_2048;
+    size_t privDerSz = sizeof_client_key_der_2048;
+    unsigned char encMsg[2048/8];
+    const unsigned char expEncMsg[] = {
+        0x16, 0x5d, 0xbb, 0x00, 0x38, 0x73, 0x01, 0x34,
+        0xca, 0x59, 0xc6, 0x8b, 0x64, 0x70, 0x89, 0xf5,
+        0x50, 0x2d, 0x1d, 0x69, 0x1f, 0x07, 0x1e, 0x31,
+        0xae, 0x9b, 0xa6, 0x6e, 0xee, 0x80, 0xd9, 0x9e,
+        0x59, 0x33, 0x70, 0x30, 0x28, 0x42, 0x7d, 0x24,
+        0x36, 0x95, 0x6b, 0xf9, 0x0a, 0x23, 0xcb, 0xce,
+        0x66, 0xa5, 0x07, 0x5e, 0x11, 0xa7, 0xdc, 0xfb,
+        0xd9, 0xc2, 0x51, 0xf0, 0x05, 0xc9, 0x39, 0xb3,
+        0xae, 0xff, 0xfb, 0xe9, 0xb1, 0x9a, 0x54, 0xac,
+        0x1d, 0xca, 0x42, 0x1a, 0xfd, 0x7c, 0x97, 0xa0,
+        0x60, 0x2b, 0xcd, 0xb6, 0x36, 0x33, 0xfc, 0x44,
+        0x69, 0xf7, 0x2e, 0x8c, 0x3b, 0x5f, 0xb4, 0x9f,
+        0xa7, 0x02, 0x8f, 0x6d, 0x6b, 0x79, 0x10, 0x32,
+        0x7d, 0xf4, 0x5d, 0xa1, 0x63, 0x22, 0x59, 0xc4,
+        0x44, 0x8e, 0x44, 0x24, 0x8b, 0x14, 0x9d, 0x2b,
+        0xb5, 0xd3, 0xad, 0x9a, 0x87, 0x0d, 0xe7, 0x70,
+        0x6d, 0xe9, 0xae, 0xaa, 0x52, 0xbf, 0x1a, 0x9b,
+        0xc8, 0x3d, 0x45, 0x7c, 0xd1, 0x90, 0xe3, 0xd9,
+        0x57, 0xcf, 0xc3, 0x29, 0x69, 0x05, 0x07, 0x96,
+        0x2e, 0x46, 0x74, 0x0a, 0xa7, 0x76, 0x8b, 0xc0,
+        0x1c, 0x04, 0x80, 0x08, 0xa0, 0x94, 0x7e, 0xbb,
+        0x2d, 0x99, 0xe9, 0xab, 0x18, 0x4d, 0x48, 0x2d,
+        0x94, 0x5e, 0x50, 0x21, 0x42, 0xdf, 0xf5, 0x61,
+        0x42, 0x7d, 0x86, 0x5d, 0x9e, 0x89, 0xc9, 0x5b,
+        0x24, 0xab, 0xa1, 0xd8, 0x20, 0x45, 0xcb, 0x81,
+        0xcf, 0xc5, 0x25, 0x7d, 0x11, 0x6e, 0xbd, 0x80,
+        0xac, 0xba, 0xdc, 0xef, 0xb9, 0x05, 0x9c, 0xd5,
+        0xc2, 0x26, 0x57, 0x69, 0x8b, 0x08, 0x27, 0xc7,
+        0xea, 0xbe, 0xaf, 0x52, 0x21, 0x95, 0x9f, 0xa0,
+        0x2f, 0x2f, 0x53, 0x7c, 0x2f, 0xa3, 0x0b, 0x79,
+        0x39, 0x01, 0xa3, 0x37, 0x46, 0xa8, 0xc4, 0x34,
+        0x41, 0x20, 0x7c, 0x3f, 0x70, 0x9a, 0x47, 0xe8
+    };
+#ifdef WC_RSA_NO_PADDING
+    const unsigned char expEncMsgNoPad[] = {
+        0x79, 0x69, 0xdc, 0x0d, 0xff, 0x09, 0xeb, 0x91,
+        0xbc, 0xda, 0xe4, 0xd3, 0xcd, 0xd5, 0xd3, 0x1c,
+        0xb9, 0x66, 0xa8, 0x02, 0xf3, 0x75, 0x40, 0xf1,
+        0x38, 0x4a, 0x37, 0x7b, 0x19, 0xc8, 0xcd, 0xea,
+        0x79, 0xa8, 0x51, 0x32, 0x00, 0x3f, 0x4c, 0xde,
+        0xaa, 0xe5, 0xe2, 0x7c, 0x10, 0xcd, 0x6e, 0x00,
+        0xc6, 0xc4, 0x63, 0x98, 0x58, 0x9b, 0x38, 0xca,
+        0xf0, 0x5d, 0xc8, 0xf0, 0x57, 0xf6, 0x21, 0x50,
+        0x3f, 0x63, 0x05, 0x9f, 0xbf, 0xb6, 0x3b, 0x50,
+        0x85, 0x06, 0x34, 0x08, 0x57, 0xb9, 0x44, 0xce,
+        0xe4, 0x66, 0xbf, 0x0c, 0xfe, 0x36, 0xa4, 0x5b,
+        0xed, 0x2d, 0x7d, 0xed, 0xf1, 0xbd, 0xda, 0x3e,
+        0x19, 0x1f, 0x99, 0xc8, 0xe4, 0xc2, 0xbb, 0xb5,
+        0x6c, 0x83, 0x22, 0xd1, 0xe7, 0x57, 0xcf, 0x1b,
+        0x91, 0x0c, 0xa5, 0x47, 0x06, 0x71, 0x8f, 0x93,
+        0xf3, 0xad, 0xdb, 0xe3, 0xf8, 0xa0, 0x0b, 0xcd,
+        0x89, 0x4e, 0xa5, 0xb5, 0x03, 0x68, 0x61, 0x89,
+        0x0b, 0xe2, 0x03, 0x8b, 0x1f, 0x54, 0xae, 0x0f,
+        0xfa, 0xf0, 0xb7, 0x0f, 0x8c, 0x84, 0x35, 0x13,
+        0x8d, 0x65, 0x1f, 0x2c, 0xd5, 0xce, 0xc4, 0x6c,
+        0x98, 0x67, 0xe4, 0x1a, 0x85, 0x67, 0x69, 0x17,
+        0x17, 0x5a, 0x5d, 0xfd, 0x23, 0xdd, 0x03, 0x3f,
+        0x6d, 0x7a, 0xb6, 0x8b, 0x99, 0xc0, 0xb6, 0x70,
+        0x86, 0xac, 0xf6, 0x02, 0xc2, 0x28, 0x42, 0xed,
+        0x06, 0xcf, 0xca, 0x3d, 0x07, 0x16, 0xf0, 0x0e,
+        0x04, 0x55, 0x1e, 0x59, 0x3f, 0x32, 0xc7, 0x12,
+        0xc5, 0x0d, 0x9d, 0x64, 0x7d, 0x2e, 0xd4, 0xbc,
+        0x8c, 0x24, 0x42, 0x94, 0x2b, 0xf6, 0x11, 0x7f,
+        0xb1, 0x1c, 0x09, 0x12, 0x6f, 0x5e, 0x2e, 0x7a,
+        0xc6, 0x01, 0xe0, 0x98, 0x31, 0xb7, 0x13, 0x03,
+        0xce, 0x29, 0xe1, 0xef, 0x9d, 0xdf, 0x9b, 0xa5,
+        0xba, 0x0b, 0xad, 0xf2, 0xeb, 0x2f, 0xf9, 0xd1
+    };
+#endif
+#endif
+    const unsigned char* der;
+
+    XMEMSET(msg, 0x00, sizeof(msg));
+
+    der = privDer;
+    rsa = NULL;
+    ExpectNotNull(d2i_RSAPrivateKey(&rsa, &der, privDerSz));
+
+    ExpectIntEQ(RSA_private_encrypt(0, NULL, NULL, NULL, 0), -1);
+    ExpectIntEQ(RSA_private_encrypt(0, msg, encMsg, rsa, RSA_PKCS1_PADDING),
+        -1);
+    ExpectIntEQ(RSA_private_encrypt(sizeof(msg), NULL, encMsg, rsa,
+        RSA_PKCS1_PADDING), -1);
+    ExpectIntEQ(RSA_private_encrypt(sizeof(msg), msg, NULL, rsa,
+        RSA_PKCS1_PADDING), -1);
+    ExpectIntEQ(RSA_private_encrypt(sizeof(msg), msg, encMsg, NULL,
+         RSA_PKCS1_PADDING), -1);
+    ExpectIntEQ(RSA_private_encrypt(sizeof(msg), msg, encMsg, rsa,
+         RSA_PKCS1_PSS_PADDING), -1);
+
+    ExpectIntEQ(RSA_private_encrypt(sizeof(msg), msg, encMsg, rsa,
+         RSA_PKCS1_PADDING), sizeof(encMsg));
+    ExpectIntEQ(XMEMCMP(encMsg, expEncMsg, sizeof(expEncMsg)), 0);
+
+#ifdef WC_RSA_NO_PADDING
+    /* Non-zero message. */
+    XMEMSET(msg, 0x01, sizeof(msg));
+    ExpectIntEQ(RSA_private_encrypt(sizeof(msg), msg, encMsg, rsa,
+         RSA_NO_PADDING), sizeof(encMsg));
+    ExpectIntEQ(XMEMCMP(encMsg, expEncMsgNoPad, sizeof(expEncMsgNoPad)), 0);
+#endif
+
+    RSA_free(rsa);
+#endif
+    return EXPECT_RESULT();
+}
+
+int test_wolfSSL_RSA_public_encrypt(void)
+{
+    EXPECT_DECLS;
+#if defined(OPENSSL_EXTRA) && !defined(NO_RSA)
+    RSA* rsa = NULL;
+    const unsigned char msg[2048/8] = { 0 };
+    unsigned char encMsg[2048/8];
+
+    ExpectNotNull(rsa = RSA_new());
+
+    ExpectIntEQ(RSA_public_encrypt(-1, msg, encMsg, rsa,
+        RSA_PKCS1_PADDING), -1);
+    ExpectIntEQ(RSA_public_encrypt(sizeof(msg), NULL, encMsg, rsa,
+        RSA_PKCS1_PADDING), -1);
+    ExpectIntEQ(RSA_public_encrypt(sizeof(msg), msg, NULL, rsa,
+        RSA_PKCS1_PADDING), -1);
+    ExpectIntEQ(RSA_public_encrypt(sizeof(msg), msg, encMsg, NULL,
+        RSA_PKCS1_PADDING), -1);
+    ExpectIntEQ(RSA_public_encrypt(sizeof(msg), msg, encMsg, rsa,
+        RSA_PKCS1_PSS_PADDING), -1);
+    /* Empty RSA key. */
+    ExpectIntEQ(RSA_public_encrypt(sizeof(msg), msg, encMsg, rsa,
+        RSA_PKCS1_PADDING), -1);
+
+    RSA_free(rsa);
+#endif
+    return EXPECT_RESULT();
+}
+
+int test_wolfSSL_RSA_private_decrypt(void)
+{
+    EXPECT_DECLS;
+#if defined(OPENSSL_EXTRA) && !defined(NO_RSA)
+    RSA* rsa = NULL;
+    unsigned char msg[2048/8];
+    const unsigned char encMsg[2048/8] = { 0 };
+
+    ExpectNotNull(rsa = RSA_new());
+
+    ExpectIntEQ(RSA_private_decrypt(-1, encMsg, msg, rsa,
+        RSA_PKCS1_PADDING), -1);
+    ExpectIntEQ(RSA_private_decrypt(sizeof(encMsg), NULL, msg, rsa,
+        RSA_PKCS1_PADDING), -1);
+    ExpectIntEQ(RSA_private_decrypt(sizeof(encMsg), encMsg, NULL, rsa,
+        RSA_PKCS1_PADDING), -1);
+    ExpectIntEQ(RSA_private_decrypt(sizeof(encMsg), encMsg, msg, NULL,
+        RSA_PKCS1_PADDING), -1);
+    ExpectIntEQ(RSA_private_decrypt(sizeof(encMsg), encMsg, msg, rsa,
+        RSA_PKCS1_PSS_PADDING), -1);
+    /* Empty RSA key. */
+    ExpectIntEQ(RSA_private_decrypt(sizeof(encMsg), encMsg, msg, rsa,
+        RSA_PKCS1_PADDING), -1);
+
+    RSA_free(rsa);
+#endif
+    return EXPECT_RESULT();
+}
+
+int test_wolfSSL_RSA_GenAdd(void)
+{
+    EXPECT_DECLS;
+#if defined(OPENSSL_EXTRA) && !defined(NO_RSA)
+    RSA *rsa;
+#ifdef USE_CERT_BUFFERS_1024
+    const unsigned char* privDer = client_key_der_1024;
+    size_t privDerSz = sizeof_client_key_der_1024;
+    const unsigned char* pubDer = client_keypub_der_1024;
+    size_t pubDerSz = sizeof_client_keypub_der_1024;
+#else
+    const unsigned char* privDer = client_key_der_2048;
+    size_t privDerSz = sizeof_client_key_der_2048;
+    const unsigned char* pubDer = client_keypub_der_2048;
+    size_t pubDerSz = sizeof_client_keypub_der_2048;
+#endif
+    const unsigned char* der;
+
+    der = privDer;
+    rsa = NULL;
+    ExpectNotNull(d2i_RSAPrivateKey(&rsa, &der, privDerSz));
+
+    ExpectIntEQ(wolfSSL_RSA_GenAdd(NULL), -1);
+#if defined(WOLFSSL_KEY_GEN) || defined(OPENSSL_EXTRA) || \
+    !defined(RSA_LOW_MEM)
+    ExpectIntEQ(wolfSSL_RSA_GenAdd(rsa), 1);
+#else
+    /* dmp1 and dmq1 are not set (allocated) in this config */
+    ExpectIntEQ(wolfSSL_RSA_GenAdd(rsa), -1);
+#endif
+
+    RSA_free(rsa);
+    der = pubDer;
+    rsa = NULL;
+    ExpectNotNull(d2i_RSAPublicKey(&rsa, &der, pubDerSz));
+    /* Need private values. */
+    ExpectIntEQ(wolfSSL_RSA_GenAdd(rsa), -1);
+
+    RSA_free(rsa);
+#endif
+    return EXPECT_RESULT();
+}
+
+int test_wolfSSL_RSA_blinding_on(void)
+{
+    EXPECT_DECLS;
+#if defined(OPENSSL_EXTRA) && !defined(NO_RSA) && !defined(NO_WOLFSSL_STUB)
+    RSA *rsa;
+    WOLFSSL_BN_CTX *bnCtx = NULL;
+#ifdef USE_CERT_BUFFERS_1024
+    const unsigned char* privDer = client_key_der_1024;
+    size_t privDerSz = sizeof_client_key_der_1024;
+#else
+    const unsigned char* privDer = client_key_der_2048;
+    size_t privDerSz = sizeof_client_key_der_2048;
+#endif
+    const unsigned char* der;
+
+    der = privDer;
+    rsa = NULL;
+    ExpectNotNull(d2i_RSAPrivateKey(&rsa, &der, privDerSz));
+    ExpectNotNull(bnCtx = wolfSSL_BN_CTX_new());
+
+    /* Does nothing so all parameters are valid. */
+    ExpectIntEQ(wolfSSL_RSA_blinding_on(NULL, NULL), 1);
+    ExpectIntEQ(wolfSSL_RSA_blinding_on(rsa, NULL), 1);
+    ExpectIntEQ(wolfSSL_RSA_blinding_on(NULL, bnCtx), 1);
+    ExpectIntEQ(wolfSSL_RSA_blinding_on(rsa, bnCtx), 1);
+
+    wolfSSL_BN_CTX_free(bnCtx);
+    RSA_free(rsa);
+#endif
+    return EXPECT_RESULT();
+}
+
+int test_wolfSSL_RSA_ex_data(void)
+{
+    EXPECT_DECLS;
+#if !defined(NO_RSA) && defined(OPENSSL_EXTRA)
+    RSA* rsa = NULL;
+    unsigned char data[1];
+
+    ExpectNotNull(rsa = RSA_new());
+
+    ExpectNull(wolfSSL_RSA_get_ex_data(NULL, 0));
+    ExpectNull(wolfSSL_RSA_get_ex_data(rsa, 0));
+#ifdef MAX_EX_DATA
+    ExpectNull(wolfSSL_RSA_get_ex_data(rsa, MAX_EX_DATA));
+    ExpectIntEQ(wolfSSL_RSA_set_ex_data(rsa, MAX_EX_DATA, data), 0);
+#endif
+    ExpectIntEQ(wolfSSL_RSA_set_ex_data(NULL, 0, NULL), 0);
+    ExpectIntEQ(wolfSSL_RSA_set_ex_data(NULL, 0, data), 0);
+
+#ifdef HAVE_EX_DATA
+    ExpectIntEQ(wolfSSL_RSA_set_ex_data(rsa, 0, NULL), 1);
+    ExpectIntEQ(wolfSSL_RSA_set_ex_data(rsa, 0, data), 1);
+    ExpectPtrEq(wolfSSL_RSA_get_ex_data(rsa, 0), data);
+#else
+    ExpectIntEQ(wolfSSL_RSA_set_ex_data(rsa, 0, NULL), 0);
+    ExpectIntEQ(wolfSSL_RSA_set_ex_data(rsa, 0, data), 0);
+    ExpectNull(wolfSSL_RSA_get_ex_data(rsa, 0));
+#endif
+
+    RSA_free(rsa);
+#endif /* !NO_RSA && OPENSSL_EXTRA */
+    return EXPECT_RESULT();
+}
+
+int test_wolfSSL_RSA_LoadDer(void)
+{
+    EXPECT_DECLS;
+#if !defined(NO_RSA) && (defined(OPENSSL_EXTRA) || \
+    defined(OPENSSL_EXTRA_X509_SMALL))
+    RSA *rsa = NULL;
+#ifdef USE_CERT_BUFFERS_1024
+    const unsigned char* privDer = client_key_der_1024;
+    size_t privDerSz = sizeof_client_key_der_1024;
+#else
+    const unsigned char* privDer = client_key_der_2048;
+    size_t privDerSz = sizeof_client_key_der_2048;
+#endif
+
+    ExpectNotNull(rsa = RSA_new());
+
+    ExpectIntEQ(wolfSSL_RSA_LoadDer(NULL, privDer, (int)privDerSz), -1);
+    ExpectIntEQ(wolfSSL_RSA_LoadDer(rsa, NULL, (int)privDerSz), -1);
+    ExpectIntEQ(wolfSSL_RSA_LoadDer(rsa, privDer, 0), -1);
+
+    ExpectIntEQ(wolfSSL_RSA_LoadDer(rsa, privDer, (int)privDerSz), 1);
+
+    RSA_free(rsa);
+#endif /* !NO_RSA && OPENSSL_EXTRA */
+    return EXPECT_RESULT();
+}
+
+/* Local API. */
+int test_wolfSSL_RSA_To_Der(void)
+{
+    EXPECT_DECLS;
+#ifdef WOLFSSL_TEST_STATIC_BUILD
+#if defined(WOLFSSL_KEY_GEN) && defined(OPENSSL_EXTRA) && !defined(NO_RSA)
+    RSA* rsa;
+#ifdef USE_CERT_BUFFERS_1024
+    const unsigned char* privDer = client_key_der_1024;
+    size_t privDerSz = sizeof_client_key_der_1024;
+    const unsigned char* pubDer = client_keypub_der_1024;
+    size_t pubDerSz = sizeof_client_keypub_der_1024;
+    unsigned char out[sizeof(client_key_der_1024)];
+#else
+    const unsigned char* privDer = client_key_der_2048;
+    size_t privDerSz = sizeof_client_key_der_2048;
+    const unsigned char* pubDer = client_keypub_der_2048;
+    size_t pubDerSz = sizeof_client_keypub_der_2048;
+    unsigned char out[sizeof(client_key_der_2048)];
+#endif
+    const unsigned char* der;
+    unsigned char* outDer = NULL;
+
+    der = privDer;
+    rsa = NULL;
+    ExpectNotNull(wolfSSL_d2i_RSAPrivateKey(&rsa, &der, privDerSz));
+
+    ExpectIntEQ(wolfSSL_RSA_To_Der(NULL, &outDer, 0, HEAP_HINT), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    ExpectIntEQ(wolfSSL_RSA_To_Der(rsa, &outDer, 2, HEAP_HINT), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+
+    ExpectIntEQ(wolfSSL_RSA_To_Der(rsa, NULL, 0, HEAP_HINT), privDerSz);
+    outDer = out;
+    ExpectIntEQ(wolfSSL_RSA_To_Der(rsa, &outDer, 0, HEAP_HINT), privDerSz);
+    ExpectIntEQ(XMEMCMP(out, privDer, privDerSz), 0);
+    outDer = NULL;
+    ExpectIntEQ(wolfSSL_RSA_To_Der(rsa, &outDer, 0, HEAP_HINT), privDerSz);
+    ExpectNotNull(outDer);
+    ExpectIntEQ(XMEMCMP(outDer, privDer, privDerSz), 0);
+    XFREE(outDer, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
+
+    ExpectIntEQ(wolfSSL_RSA_To_Der(rsa, NULL, 1, HEAP_HINT), pubDerSz);
+    outDer = out;
+    ExpectIntEQ(wolfSSL_RSA_To_Der(rsa, &outDer, 1, HEAP_HINT), pubDerSz);
+    ExpectIntEQ(XMEMCMP(out, pubDer, pubDerSz), 0);
+
+    RSA_free(rsa);
+
+    ExpectNotNull(rsa = RSA_new());
+    ExpectIntEQ(wolfSSL_RSA_To_Der(rsa, &outDer, 0, HEAP_HINT), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    ExpectIntEQ(wolfSSL_RSA_To_Der(rsa, &outDer, 1, HEAP_HINT), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    RSA_free(rsa);
+
+    der = pubDer;
+    rsa = NULL;
+    ExpectNotNull(wolfSSL_d2i_RSAPublicKey(&rsa, &der, pubDerSz));
+    ExpectIntEQ(wolfSSL_RSA_To_Der(rsa, &outDer, 0, HEAP_HINT), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    RSA_free(rsa);
+#endif
+#endif
+    return EXPECT_RESULT();
+}
+
+/* wolfSSL_PEM_read_RSAPublicKey is a stub function. */
+int test_wolfSSL_PEM_read_RSAPublicKey(void)
+{
+    EXPECT_DECLS;
+#if !defined(NO_RSA) && defined(OPENSSL_EXTRA) && !defined(NO_FILESYSTEM)
+    XFILE file = XBADFILE;
+    const char* fname = "./certs/server-keyPub.pem";
+    RSA *rsa = NULL;
+
+    ExpectNull(wolfSSL_PEM_read_RSAPublicKey(XBADFILE, NULL, NULL, NULL));
+
+    ExpectTrue((file = XFOPEN(fname, "rb")) != XBADFILE);
+    ExpectNotNull(rsa = PEM_read_RSA_PUBKEY(file, NULL, NULL, NULL));
+    ExpectIntEQ(RSA_size(rsa), 256);
+    RSA_free(rsa);
+    if (file != XBADFILE)
+        XFCLOSE(file);
+#endif
+    return EXPECT_RESULT();
+}
+
+/* wolfSSL_PEM_read_RSAPublicKey is a stub function. */
+int test_wolfSSL_PEM_write_RSA_PUBKEY(void)
+{
+    EXPECT_DECLS;
+#if !defined(NO_RSA) && defined(OPENSSL_EXTRA) && !defined(NO_FILESYSTEM) && \
+    defined(WOLFSSL_KEY_GEN)
+    RSA* rsa = NULL;
+
+    ExpectIntEQ(wolfSSL_PEM_write_RSA_PUBKEY(XBADFILE, NULL), 0);
+    ExpectIntEQ(wolfSSL_PEM_write_RSA_PUBKEY(stderr, NULL), 0);
+    /* Valid but stub so returns 0. */
+    ExpectIntEQ(wolfSSL_PEM_write_RSA_PUBKEY(stderr, rsa), 0);
+#endif
+    return EXPECT_RESULT();
+}
+
+int test_wolfSSL_PEM_write_RSAPrivateKey(void)
+{
+    EXPECT_DECLS;
+#if !defined(NO_RSA) && defined(OPENSSL_EXTRA) && defined(WOLFSSL_KEY_GEN) && \
+    (defined(WOLFSSL_PEM_TO_DER) || defined(WOLFSSL_DER_TO_PEM)) && \
+    !defined(NO_FILESYSTEM)
+    RSA* rsa = NULL;
+#ifdef USE_CERT_BUFFERS_1024
+    const unsigned char* privDer = client_key_der_1024;
+    size_t privDerSz = sizeof_client_key_der_1024;
+#else
+    const unsigned char* privDer = client_key_der_2048;
+    size_t privDerSz = sizeof_client_key_der_2048;
+#endif
+    const unsigned char* der;
+#ifndef NO_AES
+    unsigned char passwd[] = "password";
+#endif
+
+    ExpectNotNull(rsa = RSA_new());
+    ExpectIntEQ(wolfSSL_PEM_write_RSAPrivateKey(stderr, rsa, NULL, NULL, 0,
+        NULL, NULL), 0);
+    RSA_free(rsa);
+
+    der = privDer;
+    rsa = NULL;
+    ExpectNotNull(wolfSSL_d2i_RSAPrivateKey(&rsa, &der, privDerSz));
+
+    ExpectIntEQ(wolfSSL_PEM_write_RSAPrivateKey(XBADFILE, rsa, NULL, NULL, 0,
+        NULL, NULL), 0);
+    ExpectIntEQ(wolfSSL_PEM_write_RSAPrivateKey(stderr, NULL, NULL, NULL, 0,
+        NULL, NULL), 0);
+
+    ExpectIntEQ(wolfSSL_PEM_write_RSAPrivateKey(stderr, rsa, NULL, NULL, 0,
+        NULL, NULL), 1);
+#if !defined(NO_AES) && defined(HAVE_AES_CBC)
+    ExpectIntEQ(wolfSSL_PEM_write_RSAPrivateKey(stderr, rsa, EVP_aes_128_cbc(),
+        NULL, 0, NULL, NULL), 1);
+    ExpectIntEQ(wolfSSL_PEM_write_RSAPrivateKey(stderr, rsa, EVP_aes_128_cbc(),
+        passwd, sizeof(passwd) - 1, NULL, NULL), 1);
+#endif
+
+    RSA_free(rsa);
+#endif
+    return EXPECT_RESULT();
+}
+
+int test_wolfSSL_PEM_write_mem_RSAPrivateKey(void)
+{
+    EXPECT_DECLS;
+#if !defined(NO_RSA) && defined(OPENSSL_EXTRA) && defined(WOLFSSL_KEY_GEN) && \
+    (defined(WOLFSSL_PEM_TO_DER) || defined(WOLFSSL_DER_TO_PEM))
+    RSA* rsa = NULL;
+#ifdef USE_CERT_BUFFERS_1024
+    const unsigned char* privDer = client_key_der_1024;
+    size_t privDerSz = sizeof_client_key_der_1024;
+#else
+    const unsigned char* privDer = client_key_der_2048;
+    size_t privDerSz = sizeof_client_key_der_2048;
+#endif
+    const unsigned char* der;
+#ifndef NO_AES
+    unsigned char passwd[] = "password";
+#endif
+    unsigned char* pem = NULL;
+    int plen;
+
+    ExpectNotNull(rsa = RSA_new());
+    ExpectIntEQ(wolfSSL_PEM_write_mem_RSAPrivateKey(rsa, NULL, NULL, 0, &pem,
+        &plen), 0);
+    RSA_free(rsa);
+
+    der = privDer;
+    rsa = NULL;
+    ExpectNotNull(wolfSSL_d2i_RSAPrivateKey(&rsa, &der, privDerSz));
+
+    ExpectIntEQ(wolfSSL_PEM_write_mem_RSAPrivateKey(NULL, NULL, NULL, 0, &pem,
+        &plen), 0);
+    ExpectIntEQ(wolfSSL_PEM_write_mem_RSAPrivateKey(rsa, NULL, NULL, 0, NULL,
+        &plen), 0);
+    ExpectIntEQ(wolfSSL_PEM_write_mem_RSAPrivateKey(rsa, NULL, NULL, 0, &pem,
+        NULL), 0);
+
+    ExpectIntEQ(wolfSSL_PEM_write_mem_RSAPrivateKey(rsa, NULL, NULL, 0, &pem,
+        &plen), 1);
+    XFREE(pem, NULL, DYNAMIC_TYPE_KEY);
+    pem = NULL;
+#if !defined(NO_AES) && defined(HAVE_AES_CBC)
+    ExpectIntEQ(wolfSSL_PEM_write_mem_RSAPrivateKey(rsa, EVP_aes_128_cbc(),
+        NULL, 0, &pem, &plen), 1);
+    XFREE(pem, NULL, DYNAMIC_TYPE_KEY);
+    pem = NULL;
+    ExpectIntEQ(wolfSSL_PEM_write_mem_RSAPrivateKey(rsa, EVP_aes_128_cbc(),
+        passwd, sizeof(passwd) - 1, &pem, &plen), 1);
+    XFREE(pem, NULL, DYNAMIC_TYPE_KEY);
+#endif
+
+    RSA_free(rsa);
+#endif
+    return EXPECT_RESULT();
+}
+
diff --git a/tests/api/test_ossl_rsa.h b/tests/api/test_ossl_rsa.h
new file mode 100644
index 000000000..d6ce93630
--- /dev/null
+++ b/tests/api/test_ossl_rsa.h
@@ -0,0 +1,77 @@
+/* test_ossl_rsa.h
+ *
+ * Copyright (C) 2006-2025 wolfSSL Inc.
+ *
+ * This file is part of wolfSSL.
+ *
+ * wolfSSL is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * wolfSSL is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA
+ */
+
+#ifndef WOLFCRYPT_TEST_OSSL_RSA_H
+#define WOLFCRYPT_TEST_OSSL_RSA_H
+
+#include <tests/api/api_decl.h>
+
+int test_wolfSSL_RSA(void);
+int test_wolfSSL_RSA_DER(void);
+int test_wolfSSL_RSA_print(void);
+int test_wolfSSL_RSA_padding_add_PKCS1_PSS(void);
+int test_wolfSSL_RSA_sign_sha3(void);
+int test_wolfSSL_RSA_get0_key(void);
+int test_wolfSSL_RSA_meth(void);
+int test_wolfSSL_RSA_verify(void);
+int test_wolfSSL_RSA_sign(void);
+int test_wolfSSL_RSA_sign_ex(void);
+int test_wolfSSL_RSA_public_decrypt(void);
+int test_wolfSSL_RSA_private_encrypt(void);
+int test_wolfSSL_RSA_public_encrypt(void);
+int test_wolfSSL_RSA_private_decrypt(void);
+int test_wolfSSL_RSA_GenAdd(void);
+int test_wolfSSL_RSA_blinding_on(void);
+int test_wolfSSL_RSA_ex_data(void);
+int test_wolfSSL_RSA_LoadDer(void);
+int test_wolfSSL_RSA_To_Der(void);
+int test_wolfSSL_PEM_read_RSAPublicKey(void);
+int test_wolfSSL_PEM_write_RSA_PUBKEY(void);
+int test_wolfSSL_PEM_write_RSAPrivateKey(void);
+int test_wolfSSL_PEM_write_mem_RSAPrivateKey(void);
+
+#define TEST_OSSL_RSA_DECLS                                                 \
+    TEST_DECL_GROUP("ossl_rsa", test_wolfSSL_RSA),                          \
+    TEST_DECL_GROUP("ossl_rsa", test_wolfSSL_RSA_DER),                      \
+    TEST_DECL_GROUP("ossl_rsa", test_wolfSSL_RSA_print),                    \
+    TEST_DECL_GROUP("ossl_rsa", test_wolfSSL_RSA_padding_add_PKCS1_PSS),    \
+    TEST_DECL_GROUP("ossl_rsa", test_wolfSSL_RSA_sign_sha3),                \
+    TEST_DECL_GROUP("ossl_rsa", test_wolfSSL_RSA_get0_key),                 \
+    TEST_DECL_GROUP("ossl_rsa", test_wolfSSL_RSA_meth),                     \
+    TEST_DECL_GROUP("ossl_rsa", test_wolfSSL_RSA_verify),                   \
+    TEST_DECL_GROUP("ossl_rsa", test_wolfSSL_RSA_sign),                     \
+    TEST_DECL_GROUP("ossl_rsa", test_wolfSSL_RSA_sign_ex),                  \
+    TEST_DECL_GROUP("ossl_rsa", test_wolfSSL_RSA_public_decrypt),           \
+    TEST_DECL_GROUP("ossl_rsa", test_wolfSSL_RSA_private_encrypt),          \
+    TEST_DECL_GROUP("ossl_rsa", test_wolfSSL_RSA_public_encrypt),           \
+    TEST_DECL_GROUP("ossl_rsa", test_wolfSSL_RSA_private_decrypt),          \
+    TEST_DECL_GROUP("ossl_rsa", test_wolfSSL_RSA_GenAdd),                   \
+    TEST_DECL_GROUP("ossl_rsa", test_wolfSSL_RSA_blinding_on),              \
+    TEST_DECL_GROUP("ossl_rsa", test_wolfSSL_RSA_ex_data),                  \
+    TEST_DECL_GROUP("ossl_rsa", test_wolfSSL_RSA_LoadDer),                  \
+    TEST_DECL_GROUP("ossl_rsa", test_wolfSSL_RSA_To_Der),                   \
+    TEST_DECL_GROUP("ossl_rsa", test_wolfSSL_PEM_read_RSAPublicKey),        \
+    TEST_DECL_GROUP("ossl_rsa", test_wolfSSL_PEM_write_RSA_PUBKEY),         \
+    TEST_DECL_GROUP("ossl_rsa", test_wolfSSL_PEM_write_RSAPrivateKey),      \
+    TEST_DECL_GROUP("ossl_rsa", test_wolfSSL_PEM_write_mem_RSAPrivateKey)
+
+#endif /* WOLFCRYPT_TEST_OSSL_RSA_H */
+
diff --git a/tests/api/test_pkcs12.c b/tests/api/test_pkcs12.c
new file mode 100644
index 000000000..b71b2a166
--- /dev/null
+++ b/tests/api/test_pkcs12.c
@@ -0,0 +1,196 @@
+/* test_pkcs12.c
+ *
+ * Copyright (C) 2006-2025 wolfSSL Inc.
+ *
+ * This file is part of wolfSSL.
+ *
+ * wolfSSL is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * wolfSSL is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA
+ */
+
+#include <tests/unit.h>
+
+#ifdef NO_INLINE
+    #include <wolfssl/wolfcrypt/misc.h>
+#else
+    #define WOLFSSL_MISC_INCLUDED
+    #include <wolfcrypt/src/misc.c>
+#endif
+
+#include <wolfssl/wolfcrypt/pkcs12.h>
+#include <wolfssl/wolfcrypt/types.h>
+#include <tests/api/api.h>
+#include <tests/api/test_pkcs12.h>
+
+/*******************************************************************************
+ * PKCS#12
+ ******************************************************************************/
+
+int test_wc_i2d_PKCS12(void)
+{
+    EXPECT_DECLS;
+#if !defined(NO_ASN) && !defined(NO_PWDBASED) && defined(HAVE_PKCS12) \
+    && !defined(NO_FILESYSTEM) && !defined(NO_RSA) \
+    && !defined(NO_AES) && !defined(NO_SHA)
+    WC_PKCS12* pkcs12 = NULL;
+    unsigned char der[FOURK_BUF * 2];
+    unsigned char* pt;
+    int derSz = 0;
+    unsigned char out[FOURK_BUF * 2];
+    int outSz = FOURK_BUF * 2;
+    const char p12_f[] = "./certs/test-servercert.p12";
+    XFILE f = XBADFILE;
+
+    ExpectTrue((f =  XFOPEN(p12_f, "rb")) != XBADFILE);
+    ExpectIntGT(derSz = (int)XFREAD(der, 1, sizeof(der), f), 0);
+    if (f != XBADFILE)
+        XFCLOSE(f);
+
+    ExpectNotNull(pkcs12 = wc_PKCS12_new());
+    ExpectIntEQ(wc_d2i_PKCS12(der, (word32)derSz, pkcs12), 0);
+    ExpectIntEQ(wc_i2d_PKCS12(pkcs12, NULL, &outSz), WC_NO_ERR_TRACE(LENGTH_ONLY_E));
+    ExpectIntEQ(outSz, derSz);
+
+    outSz = derSz - 1;
+    pt = out;
+    ExpectIntLE(wc_i2d_PKCS12(pkcs12, &pt, &outSz), 0);
+
+    outSz = derSz;
+    ExpectIntEQ(wc_i2d_PKCS12(pkcs12, &pt, &outSz), derSz);
+    ExpectIntEQ((pt == out), 0);
+
+    pt = NULL;
+    ExpectIntEQ(wc_i2d_PKCS12(pkcs12, &pt, NULL), derSz);
+    XFREE(pt, NULL, DYNAMIC_TYPE_PKCS);
+    wc_PKCS12_free(pkcs12);
+    pkcs12 = NULL;
+
+    /* Run the same test but use wc_d2i_PKCS12_fp. */
+    ExpectNotNull(pkcs12 = wc_PKCS12_new());
+    ExpectIntEQ(wc_d2i_PKCS12_fp("./certs/test-servercert.p12", &pkcs12), 0);
+    ExpectIntEQ(wc_i2d_PKCS12(pkcs12, NULL, &outSz), WC_NO_ERR_TRACE(LENGTH_ONLY_E));
+    ExpectIntEQ(outSz, derSz);
+    wc_PKCS12_free(pkcs12);
+    pkcs12 = NULL;
+
+    /* wc_d2i_PKCS12_fp can also allocate the PKCS12 object for the caller. */
+    ExpectIntEQ(wc_d2i_PKCS12_fp("./certs/test-servercert.p12", &pkcs12), 0);
+    ExpectIntEQ(wc_i2d_PKCS12(pkcs12, NULL, &outSz), WC_NO_ERR_TRACE(LENGTH_ONLY_E));
+    ExpectIntEQ(outSz, derSz);
+    wc_PKCS12_free(pkcs12);
+    pkcs12 = NULL;
+#endif
+    return EXPECT_RESULT();
+}
+
+static int test_wc_PKCS12_create_once(int keyEncType, int certEncType)
+{
+    EXPECT_DECLS;
+#if !defined(NO_ASN) && defined(HAVE_PKCS12) && !defined(NO_PWDBASED) && \
+    !defined(NO_RSA) && !defined(NO_ASN_CRYPT) && \
+    !defined(NO_HMAC) && !defined(NO_CERTS) && defined(USE_CERT_BUFFERS_2048)
+
+    byte* inKey = (byte*) server_key_der_2048;
+    const word32 inKeySz= sizeof_server_key_der_2048;
+    byte* inCert = (byte*) server_cert_der_2048;
+    const word32 inCertSz = sizeof_server_cert_der_2048;
+    WC_DerCertList inCa = {
+        (byte*)ca_cert_der_2048, sizeof_ca_cert_der_2048, NULL
+    };
+    char pkcs12Passwd[] = "test_wc_PKCS12_create";
+
+    WC_PKCS12* pkcs12Export = NULL;
+    WC_PKCS12* pkcs12Import = NULL;
+    byte* pkcs12Der = NULL;
+    byte* outKey = NULL;
+    byte* outCert = NULL;
+    WC_DerCertList* outCaList = NULL;
+    word32 pkcs12DerSz = 0;
+    word32 outKeySz = 0;
+    word32 outCertSz = 0;
+
+    ExpectNotNull(pkcs12Export = wc_PKCS12_create(pkcs12Passwd,
+        sizeof(pkcs12Passwd) - 1,
+        (char*) "friendlyName" /* not used currently */,
+        inKey, inKeySz, inCert, inCertSz, &inCa, keyEncType, certEncType,
+        2048, 2048, 0 /* not used currently */, NULL));
+    pkcs12Der = NULL;
+    ExpectIntGE((pkcs12DerSz = wc_i2d_PKCS12(pkcs12Export, &pkcs12Der, NULL)),
+        0);
+
+    ExpectNotNull(pkcs12Import = wc_PKCS12_new_ex(NULL));
+    ExpectIntGE(wc_d2i_PKCS12(pkcs12Der, pkcs12DerSz, pkcs12Import), 0);
+    ExpectIntEQ(wc_PKCS12_parse(pkcs12Import, pkcs12Passwd, &outKey, &outKeySz,
+        &outCert, &outCertSz, &outCaList), 0);
+
+    ExpectIntEQ(outKeySz, inKeySz);
+    ExpectIntEQ(outCertSz, inCertSz);
+    ExpectNotNull(outCaList);
+    ExpectNotNull(outCaList->buffer);
+    ExpectIntEQ(outCaList->bufferSz, inCa.bufferSz);
+    ExpectNull(outCaList->next);
+
+    ExpectIntEQ(XMEMCMP(inKey, outKey, outKeySz), 0);
+    ExpectIntEQ(XMEMCMP(inCert, outCert, outCertSz), 0);
+    ExpectIntEQ(XMEMCMP(inCa.buffer, outCaList->buffer, outCaList->bufferSz),
+        0);
+
+    XFREE(outKey, NULL, DYNAMIC_TYPE_PUBLIC_KEY);
+    XFREE(outCert, NULL, DYNAMIC_TYPE_PKCS);
+    wc_FreeCertList(outCaList, NULL);
+    wc_PKCS12_free(pkcs12Import);
+    XFREE(pkcs12Der, NULL, DYNAMIC_TYPE_PKCS);
+    wc_PKCS12_free(pkcs12Export);
+#endif
+    (void) keyEncType;
+    (void) certEncType;
+
+    return EXPECT_RESULT();
+}
+
+int test_wc_PKCS12_create(void)
+{
+    EXPECT_DECLS;
+
+    EXPECT_TEST(test_wc_PKCS12_create_once(-1, -1));
+#if !defined(NO_RC4) && !defined(NO_SHA)
+    EXPECT_TEST(test_wc_PKCS12_create_once(PBE_SHA1_RC4_128, PBE_SHA1_RC4_128));
+#endif
+#if !defined(NO_DES3) && !defined(NO_SHA)
+    EXPECT_TEST(test_wc_PKCS12_create_once(PBE_SHA1_DES, PBE_SHA1_DES));
+#endif
+#if !defined(NO_DES3) && !defined(NO_SHA)
+    EXPECT_TEST(test_wc_PKCS12_create_once(PBE_SHA1_DES3, PBE_SHA1_DES3));
+#endif
+#if defined(HAVE_AES_CBC) && !defined(NO_AES) && !defined(NO_AES_256) && \
+    !defined(NO_SHA) && defined(WOLFSSL_ASN_TEMPLATE)
+    /* Encoding certificate with PBE_AES256_CBC needs WOLFSSL_ASN_TEMPLATE */
+    EXPECT_TEST(test_wc_PKCS12_create_once(PBE_AES256_CBC, PBE_AES256_CBC));
+#endif
+#if defined(HAVE_AES_CBC) && !defined(NO_AES) && !defined(NO_AES_128) && \
+    !defined(NO_SHA) && defined(WOLFSSL_ASN_TEMPLATE)
+    /* Encoding certificate with PBE_AES128_CBC needs WOLFSSL_ASN_TEMPLATE */
+    EXPECT_TEST(test_wc_PKCS12_create_once(PBE_AES128_CBC, PBE_AES128_CBC));
+#endif
+/* Testing a mixture of 2 algorithms */
+#if defined(HAVE_AES_CBC) && !defined(NO_AES) && !defined(NO_AES_256) && \
+    !defined(NO_SHA) && defined(WOLFSSL_ASN_TEMPLATE) && !defined(NO_DES3)
+    EXPECT_TEST(test_wc_PKCS12_create_once(PBE_AES256_CBC, PBE_SHA1_DES3));
+#endif
+
+    (void) test_wc_PKCS12_create_once;
+
+    return EXPECT_RESULT();
+}
+
diff --git a/linuxkm/pie_first.c b/tests/api/test_pkcs12.h
similarity index 60%
rename from linuxkm/pie_first.c
rename to tests/api/test_pkcs12.h
index e636bfe66..45823f0ed 100644
--- a/linuxkm/pie_first.c
+++ b/tests/api/test_pkcs12.h
@@ -1,4 +1,4 @@
-/* linuxkm/pie_first.c -- memory fenceposts for checking binary image stability
+/* test_pkcs12.h
  *
  * Copyright (C) 2006-2025 wolfSSL Inc.
  *
@@ -19,20 +19,16 @@
  * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA
  */
 
-#ifndef __PIE__
-    #error pie_first.c must be compiled -fPIE.
-#endif
+#ifndef WOLFCRYPT_TEST_PKCS12_H
+#define WOLFCRYPT_TEST_PKCS12_H
 
-#include <wolfssl/wolfcrypt/libwolfssl_sources.h>
+#include <tests/api/api_decl.h>
 
-#include <wolfssl/ssl.h>
+int test_wc_i2d_PKCS12(void);
+int test_wc_PKCS12_create(void);
 
-int wolfCrypt_PIE_first_function(void);
-int wolfCrypt_PIE_first_function(void) {
-    return 0;
-}
+#define TEST_PKCS12_DECLS                                       \
+    TEST_DECL_GROUP("pkcs12", test_wc_i2d_PKCS12),              \
+    TEST_DECL_GROUP("pkcs12", test_wc_PKCS12_create)
 
-const unsigned int wolfCrypt_PIE_rodata_start[];
-const unsigned int wolfCrypt_PIE_rodata_start[] =
-/* random values, analogous to wolfCrypt_FIPS_ro_{start,end} */
-{ 0x8208f9ca, 0x9daf4ac9 };
+#endif /* WOLFCRYPT_TEST_PKCS12_H */
diff --git a/tests/api/test_pkcs7.c b/tests/api/test_pkcs7.c
new file mode 100644
index 000000000..aeb4f630c
--- /dev/null
+++ b/tests/api/test_pkcs7.c
@@ -0,0 +1,4301 @@
+/* test_pkcs7.c
+ *
+ * Copyright (C) 2006-2025 wolfSSL Inc.
+ *
+ * This file is part of wolfSSL.
+ *
+ * wolfSSL is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * wolfSSL is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA
+ */
+
+#include <tests/unit.h>
+
+#ifdef NO_INLINE
+    #include <wolfssl/wolfcrypt/misc.h>
+#else
+    #define WOLFSSL_MISC_INCLUDED
+    #include <wolfcrypt/src/misc.c>
+#endif
+
+#include <wolfssl/wolfcrypt/pkcs7.h>
+#include <wolfssl/wolfcrypt/asn.h>
+#ifdef HAVE_LIBZ
+    #include <wolfssl/wolfcrypt/compress.h>
+#endif
+#include <wolfssl/wolfcrypt/types.h>
+#include <tests/api/api.h>
+#include <tests/api/test_pkcs7.h>
+
+/*******************************************************************************
+ * PKCS#7
+ ******************************************************************************/
+
+#if defined(HAVE_PKCS7)
+    typedef struct {
+        const byte* content;
+        word32      contentSz;
+        int         contentOID;
+        int         encryptOID;
+        int         keyWrapOID;
+        int         keyAgreeOID;
+        byte*       cert;
+        size_t      certSz;
+        byte*       privateKey;
+        word32      privateKeySz;
+    } pkcs7EnvelopedVector;
+
+    #ifndef NO_PKCS7_ENCRYPTED_DATA
+        typedef struct {
+            const byte*     content;
+            word32          contentSz;
+            int             contentOID;
+            int             encryptOID;
+            byte*           encryptionKey;
+            word32          encryptionKeySz;
+        } pkcs7EncryptedVector;
+    #endif
+#endif /* HAVE_PKCS7 */
+
+/*
+ * Testing wc_PKCS7_New()
+ */
+int test_wc_PKCS7_New(void)
+{
+    EXPECT_DECLS;
+#if defined(HAVE_PKCS7)
+    PKCS7* pkcs7 = NULL;
+
+    ExpectNotNull(pkcs7 = wc_PKCS7_New(NULL, testDevId));
+    wc_PKCS7_Free(pkcs7);
+#endif
+    return EXPECT_RESULT();
+} /* END test-wc_PKCS7_New */
+
+/*
+ * Testing wc_PKCS7_Init()
+ */
+int test_wc_PKCS7_Init(void)
+{
+    EXPECT_DECLS;
+#if defined(HAVE_PKCS7)
+    PKCS7* pkcs7 = NULL;
+    void*  heap = NULL;
+
+    ExpectNotNull(pkcs7 = wc_PKCS7_New(heap, testDevId));
+
+    ExpectIntEQ(wc_PKCS7_Init(pkcs7, heap, testDevId), 0);
+    /* Pass in bad args. */
+    ExpectIntEQ(wc_PKCS7_Init(NULL, heap, testDevId), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+
+    wc_PKCS7_Free(pkcs7);
+#endif
+    return EXPECT_RESULT();
+} /* END test-wc_PKCS7_Init */
+
+
+/*
+ * Testing wc_PKCS7_InitWithCert()
+ */
+int test_wc_PKCS7_InitWithCert(void)
+{
+    EXPECT_DECLS;
+#if defined(HAVE_PKCS7)
+    PKCS7* pkcs7 = NULL;
+
+#ifndef NO_RSA
+    #if defined(USE_CERT_BUFFERS_2048)
+        unsigned char    cert[sizeof(client_cert_der_2048)];
+        int              certSz = (int)sizeof(cert);
+
+        XMEMSET(cert, 0, certSz);
+        XMEMCPY(cert, client_cert_der_2048, sizeof(client_cert_der_2048));
+    #elif defined(USE_CERT_BUFFERS_1024)
+        unsigned char    cert[sizeof(client_cert_der_1024)];
+        int              certSz = (int)sizeof(cert);
+
+        XMEMSET(cert, 0, certSz);
+        XMEMCPY(cert, client_cert_der_1024, sizeof_client_cert_der_1024);
+    #else
+        unsigned char   cert[ONEK_BUF];
+        XFILE           fp = XBADFILE;
+        int             certSz;
+
+        ExpectTrue((fp = XFOPEN("./certs/1024/client-cert.der", "rb")) !=
+            XBADFILE);
+        ExpectIntGT(certSz = (int)XFREAD(cert, 1, sizeof_client_cert_der_1024,
+            fp), 0);
+        if (fp != XBADFILE)
+            XFCLOSE(fp);
+    #endif
+#elif defined(HAVE_ECC)
+    #if defined(USE_CERT_BUFFERS_256)
+        unsigned char    cert[sizeof(cliecc_cert_der_256)];
+        int              certSz = (int)sizeof(cert);
+
+        XMEMSET(cert, 0, certSz);
+        XMEMCPY(cert, cliecc_cert_der_256, sizeof(cliecc_cert_der_256));
+    #else
+        unsigned char   cert[ONEK_BUF];
+        XFILE           fp = XBADFILE;
+        int             certSz;
+
+        ExpectTrue((fp = XFOPEN("./certs/client-ecc-cert.der", "rb")) !=
+            XBADFILE);
+        ExpectIntGT(certSz = (int)XFREAD(cert, 1, sizeof(cliecc_cert_der_256),
+            fp), 0);
+        if (fp != XBADFILE)
+            XFCLOSE(fp);
+    #endif
+#else
+        #error PKCS7 requires ECC or RSA
+#endif
+
+#ifdef HAVE_ECC
+    {
+    /* bad test case from ZD 11011, malformed cert gives bad ECC key */
+        static unsigned char certWithInvalidEccKey[] = {
+        0x30, 0x82, 0x03, 0x5F, 0x30, 0x82, 0x03, 0x04, 0xA0, 0x03, 0x02, 0x01,
+        0x02, 0x02, 0x14, 0x61, 0xB3, 0x1E, 0x59, 0xF3, 0x68, 0x6C, 0xA4, 0x79,
+        0x42, 0x83, 0x2F, 0x1A, 0x50, 0x71, 0x03, 0xBE, 0x31, 0xAA, 0x2C, 0x30,
+        0x0A, 0x06, 0x08, 0x2A, 0x86, 0x48, 0xCE, 0x3D, 0x04, 0x03, 0x02, 0x30,
+        0x81, 0x8D, 0x31, 0x0B, 0x30, 0x09, 0x06, 0x03, 0x55, 0x04, 0x06, 0x13,
+        0x02, 0x55, 0x53, 0x31, 0x0F, 0x30, 0x0D, 0x06, 0x03, 0x55, 0x04, 0x08,
+        0x0C, 0x06, 0x4F, 0x72, 0x65, 0x67, 0x6F, 0x6E, 0x31, 0x0E, 0x30, 0x0C,
+        0x06, 0x03, 0x55, 0x04, 0x07, 0x0C, 0x05, 0x53, 0x61, 0x6C, 0x65, 0x6D,
+        0x31, 0x13, 0x30, 0x11, 0x06, 0x03, 0x55, 0x04, 0x0A, 0x0C, 0x0A, 0x43,
+        0x6C, 0x69, 0x65, 0x6E, 0x74, 0x20, 0x45, 0x43, 0x43, 0x31, 0x0D, 0x30,
+        0x0B, 0x06, 0x03, 0x55, 0x04, 0x0B, 0x0C, 0x04, 0x46, 0x61, 0x73, 0x74,
+        0x31, 0x18, 0x30, 0x16, 0x06, 0x03, 0x55, 0x04, 0x03, 0x0C, 0x0F, 0x77,
+        0x77, 0x77, 0x2E, 0x77, 0x6F, 0x6C, 0x66, 0x73, 0x73, 0x6C, 0x2E, 0x63,
+        0x6F, 0x6D, 0x31, 0x1F, 0x30, 0x1D, 0x06, 0x09, 0x2A, 0x86, 0x48, 0x86,
+        0xF7, 0x0D, 0x01, 0x09, 0x01, 0x16, 0x10, 0x69, 0x6E, 0x66, 0x6F, 0x40,
+        0x77, 0x6F, 0x6C, 0x66, 0x73, 0x73, 0x6C, 0x2E, 0x63, 0x6F, 0x6D, 0x30,
+        0x1E, 0x17, 0x0D, 0x32, 0x30, 0x30, 0x36, 0x31, 0x39, 0x31, 0x33, 0x32,
+        0x33, 0x34, 0x31, 0x5A, 0x17, 0x0D, 0x32, 0x33, 0x30, 0x33, 0x31, 0x36,
+        0x31, 0x33, 0x32, 0x33, 0x34, 0x31, 0x5A, 0x30, 0x81, 0x8D, 0x31, 0x0B,
+        0x30, 0x09, 0x06, 0x03, 0x55, 0x04, 0x06, 0x13, 0x02, 0x55, 0x53, 0x31,
+        0x0F, 0x30, 0x0D, 0x06, 0x03, 0x55, 0x04, 0x08, 0x0C, 0x06, 0x4F, 0x72,
+        0x65, 0x67, 0x6F, 0x6E, 0x31, 0x0E, 0x30, 0x0C, 0x06, 0x03, 0x55, 0x04,
+        0x07, 0x0C, 0x05, 0x53, 0x61, 0x6C, 0x65, 0x6D, 0x31, 0x13, 0x30, 0x11,
+        0x06, 0x03, 0x55, 0x04, 0x0A, 0x0C, 0x0A, 0x43, 0x6C, 0x69, 0x65, 0x6E,
+        0x74, 0x20, 0x45, 0x43, 0x43, 0x31, 0x0D, 0x30, 0x0B, 0x06, 0x03, 0x55,
+        0x04, 0x0B, 0x0C, 0x04, 0x46, 0x61, 0x73, 0x74, 0x31, 0x18, 0x30, 0x26,
+        0x06, 0x03, 0x55, 0x04, 0x03, 0x0C, 0x0F, 0x77, 0x77, 0x77, 0x2E, 0x77,
+        0x6F, 0x6C, 0x66, 0x73, 0x73, 0x6C, 0x2E, 0x63, 0x6F, 0x6D, 0x31, 0x1F,
+        0x30, 0x1D, 0x06, 0x09, 0x2A, 0x86, 0x48, 0x86, 0xF7, 0x0D, 0x01, 0x09,
+        0x01, 0x16, 0x10, 0x69, 0x6E, 0x66, 0x6F, 0x40, 0x77, 0x6F, 0x6C, 0x66,
+        0x73, 0x73, 0x6C, 0x2E, 0x63, 0x6F, 0x6D, 0x30, 0x59, 0x30, 0x13, 0x06,
+        0x07, 0x2A, 0x86, 0x48, 0xCE, 0x3D, 0x02, 0x01, 0x06, 0x08, 0x2A, 0x86,
+        0x48, 0xCE, 0x3D, 0x03, 0x01, 0x07, 0x03, 0x02, 0x00, 0x04, 0x55, 0xBF,
+        0xF4, 0x0F, 0x44, 0x50, 0x9A, 0x3D, 0xCE, 0x9B, 0xB7, 0xF0, 0xC5, 0x4D,
+        0xF5, 0x70, 0x7B, 0xD4, 0xEC, 0x24, 0x8E, 0x19, 0x80, 0xEC, 0x5A, 0x4C,
+        0xA2, 0x24, 0x03, 0x62, 0x2C, 0x9B, 0xDA, 0xEF, 0xA2, 0x35, 0x12, 0x43,
+        0x84, 0x76, 0x16, 0xC6, 0x56, 0x95, 0x06, 0xCC, 0x01, 0xA9, 0xBD, 0xF6,
+        0x75, 0x1A, 0x42, 0xF7, 0xBD, 0xA9, 0xB2, 0x36, 0x22, 0x5F, 0xC7, 0x5D,
+        0x7F, 0xB4, 0xA3, 0x82, 0x01, 0x3E, 0x30, 0x82, 0x01, 0x3A, 0x30, 0x1D,
+        0x06, 0x03, 0x55, 0x1D, 0x0E, 0x04, 0x16, 0x04, 0x14, 0xEB, 0xD4, 0x4B,
+        0x59, 0x6B, 0x95, 0x61, 0x3F, 0x51, 0x57, 0xB6, 0x04, 0x4D, 0x89, 0x41,
+        0x88, 0x44, 0x5C, 0xAB, 0xF2, 0x30, 0x81, 0xCD, 0x06, 0x03, 0x55, 0x1D,
+        0x23, 0x04, 0x81, 0xC5, 0x30, 0x81, 0xC2, 0x80, 0x14, 0xEB, 0xD4, 0x4B,
+        0x59, 0x72, 0x95, 0x61, 0x3F, 0x51, 0x57, 0xB6, 0x04, 0x4D, 0x89, 0x41,
+        0x88, 0x44, 0x5C, 0xAB, 0xF2, 0xA1, 0x81, 0x93, 0xA4, 0x81, 0x90, 0x30,
+        0x81, 0x8D, 0x31, 0x0B, 0x30, 0x09, 0x06, 0x03, 0x55, 0x04, 0x06, 0x13,
+        0x02, 0x55, 0x53, 0x31, 0x0F, 0x30, 0x0D, 0x06, 0x03, 0x55, 0x08, 0x08,
+        0x0C, 0x06, 0x4F, 0x72, 0x65, 0x67, 0x6F, 0x6E, 0x31, 0x0E, 0x30, 0x0C,
+        0x06, 0x03, 0x55, 0x04, 0x07, 0x0C, 0x05, 0x53, 0x61, 0x6C, 0x65, 0x6D,
+        0x31, 0x13, 0x30, 0x11, 0x06, 0x03, 0x55, 0x04, 0x0A, 0x0C, 0x0A, 0x43,
+        0x6C, 0x69, 0x65, 0x6E, 0x74, 0x20, 0x45, 0x43, 0x43, 0x31, 0x0D, 0x30,
+        0x0B, 0x06, 0x03, 0x55, 0x04, 0x0B, 0x0C, 0x04, 0x46, 0x61, 0x73, 0x74,
+        0x31, 0x18, 0x30, 0x16, 0x06, 0x03, 0x55, 0x04, 0x03, 0x0C, 0x0F, 0x77,
+        0x77, 0x77, 0x2E, 0x77, 0x6F, 0x6C, 0x66, 0x73, 0x73, 0x6C, 0x2E, 0x63,
+        0x6F, 0x6D, 0x30, 0x1F, 0x30, 0x1D, 0x06, 0x09, 0x2A, 0x86, 0x48, 0x86,
+        0xF7, 0x0D, 0x01, 0x09, 0x01, 0x16, 0x10, 0x69, 0x6E, 0x66, 0x6F, 0x40,
+        0x77, 0x6F, 0x6C, 0x66, 0x73, 0x73, 0x6C, 0x2E, 0x63, 0x6F, 0x6D, 0x82,
+        0x14, 0x61, 0xB3, 0x1E, 0x59, 0xF3, 0x68, 0x6C, 0xA4, 0x79, 0x42, 0x83,
+        0x2F, 0x1A, 0x50, 0x71, 0x03, 0xBE, 0x32, 0xAA, 0x2C, 0x30, 0x0C, 0x06,
+        0x03, 0x55, 0x1D, 0x13, 0x04, 0x05, 0x30, 0x03, 0x01, 0x01, 0xFF, 0x30,
+        0x1C, 0x06, 0x03, 0x55, 0x1D, 0x11, 0x04, 0x15, 0x30, 0x13, 0x82, 0x0B,
+        0x65, 0x78, 0x61, 0x6D, 0x70, 0x6C, 0x65, 0x2E, 0x63, 0x6F, 0x6D, 0x87,
+        0x04, 0x23, 0x00, 0x00, 0x01, 0x30, 0x1D, 0x06, 0x03, 0x55, 0x1D, 0x25,
+        0x04, 0x16, 0x30, 0x14, 0x06, 0x08, 0x2B, 0x06, 0x01, 0x05, 0x05, 0x07,
+        0x03, 0x01, 0x06, 0x08, 0x2B, 0x06, 0x01, 0x05, 0x05, 0x07, 0x03, 0x02,
+        0x30, 0x0A, 0x06, 0x08, 0x2A, 0x86, 0x48, 0xCE, 0x3D, 0x04, 0x03, 0x02,
+        0x03, 0x49, 0x00, 0x30, 0x46, 0x02, 0x21, 0x00, 0xE4, 0xA0, 0x23, 0x26,
+        0x2B, 0x0B, 0x42, 0x0F, 0x97, 0x37, 0x6D, 0xCB, 0x14, 0x23, 0xC3, 0xC3,
+        0xE6, 0x44, 0xCF, 0x5F, 0x4C, 0x26, 0xA3, 0x72, 0x64, 0x7A, 0x9C, 0xCB,
+        0x64, 0xAB, 0xA6, 0xBE, 0x02, 0x21, 0x00, 0xAA, 0xC5, 0xA3, 0x50, 0xF6,
+        0xF1, 0xA5, 0xDB, 0x05, 0xE0, 0x75, 0xD2, 0xF7, 0xBA, 0x49, 0x5F, 0x8F,
+        0x7D, 0x1C, 0x44, 0xB1, 0x6E, 0xDF, 0xC8, 0xDA, 0x10, 0x48, 0x2D, 0x53,
+        0x08, 0xA8, 0xB4
+        };
+#endif
+        ExpectNotNull(pkcs7 = wc_PKCS7_New(HEAP_HINT, testDevId));
+        /* If initialization is not successful, it's free'd in init func. */
+        ExpectIntEQ(wc_PKCS7_InitWithCert(pkcs7, (byte*)cert, (word32)certSz),
+            0);
+        wc_PKCS7_Free(pkcs7);
+        pkcs7 = NULL;
+
+        ExpectNotNull(pkcs7 = wc_PKCS7_New(HEAP_HINT, testDevId));
+        /* Valid initialization usage. */
+        ExpectIntEQ(wc_PKCS7_InitWithCert(pkcs7, NULL, 0), 0);
+
+        /* Pass in bad args. No need free for null checks, free at end.*/
+        ExpectIntEQ(wc_PKCS7_InitWithCert(NULL, (byte*)cert, (word32)certSz),
+            WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+        ExpectIntEQ(wc_PKCS7_InitWithCert(pkcs7, NULL, (word32)certSz),
+            WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+
+#ifdef HAVE_ECC
+        ExpectIntLT(wc_PKCS7_InitWithCert(pkcs7, certWithInvalidEccKey,
+            sizeof(certWithInvalidEccKey)), 0);
+    }
+#endif
+
+    wc_PKCS7_Free(pkcs7);
+#endif
+    return EXPECT_RESULT();
+} /* END test_wc_PKCS7_InitWithCert */
+
+
+/*
+ * Testing wc_PKCS7_EncodeData()
+ */
+int test_wc_PKCS7_EncodeData(void)
+{
+    EXPECT_DECLS;
+#if defined(HAVE_PKCS7)
+    PKCS7* pkcs7 = NULL;
+    byte   output[FOURK_BUF];
+    byte   data[] = "My encoded DER cert.";
+
+#ifndef NO_RSA
+    #if defined(USE_CERT_BUFFERS_2048)
+        unsigned char cert[sizeof(client_cert_der_2048)];
+        unsigned char key[sizeof(client_key_der_2048)];
+        int certSz = (int)sizeof(cert);
+        int keySz = (int)sizeof(key);
+
+        XMEMSET(cert, 0, certSz);
+        XMEMSET(key, 0, keySz);
+        XMEMCPY(cert, client_cert_der_2048, certSz);
+        XMEMCPY(key, client_key_der_2048, keySz);
+    #elif defined(USE_CERT_BUFFERS_1024)
+        unsigned char cert[sizeof(sizeof_client_cert_der_1024)];
+        unsigned char key[sizeof_client_key_der_1024];
+        int certSz = (int)sizeof(cert);
+        int keySz = (int)sizeof(key);
+
+        XMEMSET(cert, 0, certSz);
+        XMEMSET(key, 0, keySz);
+        XMEMCPY(cert, client_cert_der_1024, certSz);
+        XMEMCPY(key, client_key_der_1024, keySz);
+    #else
+        unsigned char cert[ONEK_BUF];
+        unsigned char key[ONEK_BUF];
+        XFILE         fp = XBADFILE;
+        int           certSz;
+        int           keySz;
+
+        ExpectTrue((fp = XFOPEN("./certs/1024/client-cert.der", "rb")) !=
+            XBADFILE);
+        ExpectIntGT(certSz = (int)XFREAD(cert, 1, sizeof_client_cert_der_1024,
+            fp), 0);
+        if (fp != XBADFILE) {
+            XFCLOSE(fp);
+            fp = XBADFILE;
+        }
+
+        ExpectTrue((fp = XFOPEN("./certs/1024/client-key.der", "rb")) !=
+            XBADFILE);
+        ExpectIntGT(keySz = (int)XFREAD(key, 1, sizeof_client_key_der_1024, fp),
+            0);
+        if (fp != XBADFILE)
+            XFCLOSE(fp);
+    #endif
+#elif defined(HAVE_ECC)
+    #if defined(USE_CERT_BUFFERS_256)
+        unsigned char    cert[sizeof(cliecc_cert_der_256)];
+        unsigned char    key[sizeof(ecc_clikey_der_256)];
+        int              certSz = (int)sizeof(cert);
+        int              keySz = (int)sizeof(key);
+        XMEMSET(cert, 0, certSz);
+        XMEMSET(key, 0, keySz);
+        XMEMCPY(cert, cliecc_cert_der_256, sizeof_cliecc_cert_der_256);
+        XMEMCPY(key, ecc_clikey_der_256, sizeof_ecc_clikey_der_256);
+    #else
+        unsigned char   cert[ONEK_BUF];
+        unsigned char   key[ONEK_BUF];
+        XFILE           fp = XBADFILE;
+        int             certSz, keySz;
+
+        ExpectTrue((fp = XFOPEN("./certs/client-ecc-cert.der", "rb")) !=
+            XBADFILE);
+        ExpectIntGT(certSz = (int)XFREAD(cert, 1, sizeof_cliecc_cert_der_256,
+            fp), 0);
+        if (fp != XBADFILE) {
+            XFCLOSE(fp);
+            fp = XBADFILE;
+        }
+
+        ExpectTrue((fp = XFOPEN("./certs/client-ecc-key.der", "rb")) !=
+            XBADFILE);
+        ExpectIntGT(keySz = (int)XFREAD(key, 1, sizeof_ecc_clikey_der_256, fp),
+            0);
+        if (fp != XBADFILE)
+            XFCLOSE(fp);
+    #endif
+#endif
+
+    XMEMSET(output, 0, sizeof(output));
+
+    ExpectNotNull(pkcs7 = wc_PKCS7_New(HEAP_HINT, testDevId));
+    ExpectIntEQ(wc_PKCS7_Init(pkcs7, HEAP_HINT, INVALID_DEVID), 0);
+
+    ExpectIntEQ(wc_PKCS7_InitWithCert(pkcs7, (byte*)cert, (word32)certSz), 0);
+
+    if (pkcs7 != NULL) {
+        pkcs7->content = data;
+        pkcs7->contentSz = sizeof(data);
+        pkcs7->privateKey = key;
+        pkcs7->privateKeySz = (word32)keySz;
+    }
+    ExpectIntGT(wc_PKCS7_EncodeData(pkcs7, output, (word32)sizeof(output)), 0);
+
+    /* Test bad args. */
+    ExpectIntEQ(wc_PKCS7_EncodeData(NULL, output, (word32)sizeof(output)),
+                                                            WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    ExpectIntEQ(wc_PKCS7_EncodeData(pkcs7, NULL, (word32)sizeof(output)),
+                                                            WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    ExpectIntEQ(wc_PKCS7_EncodeData(pkcs7, output, 5), WC_NO_ERR_TRACE(BUFFER_E));
+
+    wc_PKCS7_Free(pkcs7);
+#endif
+    return EXPECT_RESULT();
+}  /* END test_wc_PKCS7_EncodeData */
+
+
+#if defined(HAVE_PKCS7) && defined(HAVE_PKCS7_RSA_RAW_SIGN_CALLBACK) && \
+    !defined(NO_RSA) && !defined(NO_SHA256)
+/* RSA sign raw digest callback */
+static int rsaSignRawDigestCb(PKCS7* pkcs7, byte* digest, word32 digestSz,
+                              byte* out, word32 outSz, byte* privateKey,
+                              word32 privateKeySz, int devid, int hashOID)
+{
+    /* specific DigestInfo ASN.1 encoding prefix for a SHA2565 digest */
+    byte digInfoEncoding[] = {
+        0x30, 0x31, 0x30, 0x0d, 0x06, 0x09, 0x60, 0x86,
+        0x48, 0x01, 0x65, 0x03, 0x04, 0x02, 0x01, 0x05,
+        0x00, 0x04, 0x20
+    };
+
+    int ret;
+    byte digestInfo[ONEK_BUF];
+    byte sig[FOURK_BUF];
+    word32 digestInfoSz = 0;
+    word32 idx = 0;
+    RsaKey rsa;
+
+    /* SHA-256 required only for this example callback due to above
+     * digInfoEncoding[] */
+    if (pkcs7 == NULL || digest == NULL || out == NULL ||
+        (sizeof(digestInfo) < sizeof(digInfoEncoding) + digestSz) ||
+        (hashOID != SHA256h)) {
+        return -1;
+    }
+
+    /* build DigestInfo */
+    XMEMCPY(digestInfo, digInfoEncoding, sizeof(digInfoEncoding));
+    digestInfoSz += sizeof(digInfoEncoding);
+    XMEMCPY(digestInfo + digestInfoSz, digest, digestSz);
+    digestInfoSz += digestSz;
+
+    /* set up RSA key */
+    ret = wc_InitRsaKey_ex(&rsa, pkcs7->heap, devid);
+    if (ret != 0) {
+        return ret;
+    }
+
+    ret = wc_RsaPrivateKeyDecode(privateKey, &idx, &rsa, privateKeySz);
+
+    /* sign DigestInfo */
+    if (ret == 0) {
+        ret = wc_RsaSSL_Sign(digestInfo, digestInfoSz, sig, sizeof(sig),
+                             &rsa, pkcs7->rng);
+        if (ret > 0) {
+            if (ret > (int)outSz) {
+                /* output buffer too small */
+                ret = -1;
+            }
+            else {
+                /* success, ret holds sig size */
+                XMEMCPY(out, sig, ret);
+            }
+        }
+    }
+
+    wc_FreeRsaKey(&rsa);
+
+    return ret;
+}
+#endif
+
+#if defined(HAVE_PKCS7) && defined(ASN_BER_TO_DER)
+typedef struct encodeSignedDataStream {
+    byte out[FOURK_BUF*3];
+    int  idx;
+    word32 outIdx;
+    word32 chunkSz; /* max amount of data to be returned */
+} encodeSignedDataStream;
+
+
+/* content is 8k of partially created bundle */
+static int GetContentCB(PKCS7* pkcs7, byte** content, void* ctx)
+{
+    int ret = 0;
+    encodeSignedDataStream* strm = (encodeSignedDataStream*)ctx;
+
+    if (strm->outIdx  < pkcs7->contentSz) {
+        ret = (pkcs7->contentSz > strm->outIdx + strm->chunkSz)?
+                strm->chunkSz : pkcs7->contentSz - strm->outIdx;
+        *content = strm->out + strm->outIdx;
+        strm->outIdx += ret;
+    }
+
+    (void)pkcs7;
+    return ret;
+}
+
+static int StreamOutputCB(PKCS7* pkcs7, const byte* output, word32 outputSz,
+    void* ctx)
+{
+    encodeSignedDataStream* strm = (encodeSignedDataStream*)ctx;
+
+    XMEMCPY(strm->out + strm->idx, output, outputSz);
+    strm->idx += outputSz;
+    (void)pkcs7;
+    return 0;
+}
+#endif
+
+
+/*
+ * Testing wc_PKCS7_EncodeSignedData()
+ */
+int test_wc_PKCS7_EncodeSignedData(void)
+{
+    EXPECT_DECLS;
+#if defined(HAVE_PKCS7)
+    PKCS7* pkcs7 = NULL;
+    WC_RNG rng;
+    byte   output[FOURK_BUF];
+    byte   badOut[1];
+    word32 outputSz = (word32)sizeof(output);
+    word32 badOutSz = 0;
+    byte   data[] = "Test data to encode.";
+#ifndef NO_RSA
+    int    encryptOid = RSAk;
+    #if defined(USE_CERT_BUFFERS_2048)
+        byte        key[sizeof(client_key_der_2048)];
+        byte        cert[sizeof(client_cert_der_2048)];
+        word32      keySz = (word32)sizeof(key);
+        word32      certSz = (word32)sizeof(cert);
+        XMEMSET(key, 0, keySz);
+        XMEMSET(cert, 0, certSz);
+        XMEMCPY(key, client_key_der_2048, keySz);
+        XMEMCPY(cert, client_cert_der_2048, certSz);
+    #elif defined(USE_CERT_BUFFERS_1024)
+        byte        key[sizeof_client_key_der_1024];
+        byte        cert[sizeof(sizeof_client_cert_der_1024)];
+        word32      keySz = (word32)sizeof(key);
+        word32      certSz = (word32)sizeof(cert);
+        XMEMSET(key, 0, keySz);
+        XMEMSET(cert, 0, certSz);
+        XMEMCPY(key, client_key_der_1024, keySz);
+        XMEMCPY(cert, client_cert_der_1024, certSz);
+    #else
+        unsigned char   cert[ONEK_BUF];
+        unsigned char   key[ONEK_BUF];
+        XFILE           fp = XBADFILE;
+        int             certSz;
+        int             keySz;
+
+        ExpectTrue((fp = XFOPEN("./certs/1024/client-cert.der", "rb")) !=
+            XBADFILE);
+        ExpectIntGT(certSz = (int)XFREAD(cert, 1, sizeof_client_cert_der_1024,
+            fp), 0);
+        if (fp != XBADFILE) {
+            XFCLOSE(fp);
+            fp = XBADFILE;
+        }
+
+        ExpectTrue((fp = XFOPEN("./certs/1024/client-key.der", "rb")) !=
+            XBADFILE);
+        ExpectIntGT(keySz = (int)XFREAD(key, 1, sizeof_client_key_der_1024, fp),
+            0);
+        if (fp != XBADFILE)
+            XFCLOSE(fp);
+    #endif
+#elif defined(HAVE_ECC)
+    int    encryptOid = ECDSAk;
+    #if defined(USE_CERT_BUFFERS_256)
+        unsigned char    cert[sizeof(cliecc_cert_der_256)];
+        unsigned char    key[sizeof(ecc_clikey_der_256)];
+        int              certSz = (int)sizeof(cert);
+        int              keySz = (int)sizeof(key);
+        XMEMSET(cert, 0, certSz);
+        XMEMSET(key, 0, keySz);
+        XMEMCPY(cert, cliecc_cert_der_256, certSz);
+        XMEMCPY(key, ecc_clikey_der_256, keySz);
+    #else
+        unsigned char   cert[ONEK_BUF];
+        unsigned char   key[ONEK_BUF];
+        XFILE           fp = XBADFILE;
+        int             certSz;
+        int             keySz;
+
+        ExpectTrue((fp = XFOPEN("./certs/client-ecc-cert.der", "rb")) !=
+            XBADFILE);
+        ExpectIntGT(certSz = (int)XFREAD(cert, 1, ONEK_BUF, fp), 0);
+        if (fp != XBADFILE) {
+            XFCLOSE(fp);
+            fp = XBADFILE;
+        }
+
+        ExpectTrue((fp = XFOPEN("./certs/client-ecc-key.der", "rb")) !=
+            XBADFILE);
+        ExpectIntGT(keySz = (int)XFREAD(key, 1, ONEK_BUF, fp), 0);
+        if (fp != XBADFILE)
+            XFCLOSE(fp);
+    #endif
+#endif
+
+    XMEMSET(&rng, 0, sizeof(WC_RNG));
+
+    XMEMSET(output, 0, outputSz);
+    ExpectIntEQ(wc_InitRng(&rng), 0);
+
+    ExpectNotNull(pkcs7 = wc_PKCS7_New(HEAP_HINT, testDevId));
+    ExpectIntEQ(wc_PKCS7_Init(pkcs7, HEAP_HINT, INVALID_DEVID), 0);
+
+    ExpectIntEQ(wc_PKCS7_InitWithCert(pkcs7, cert, certSz), 0);
+
+    if (pkcs7 != NULL) {
+        pkcs7->content = data;
+        pkcs7->contentSz = (word32)sizeof(data);
+        pkcs7->privateKey = key;
+        pkcs7->privateKeySz = (word32)sizeof(key);
+        pkcs7->encryptOID = encryptOid;
+    #ifdef NO_SHA
+        pkcs7->hashOID = SHA256h;
+    #else
+        pkcs7->hashOID = SHAh;
+    #endif
+        pkcs7->rng = &rng;
+    }
+
+    ExpectIntGT(wc_PKCS7_EncodeSignedData(pkcs7, output, outputSz), 0);
+    wc_PKCS7_Free(pkcs7);
+    pkcs7 = NULL;
+
+    ExpectNotNull(pkcs7 = wc_PKCS7_New(HEAP_HINT, testDevId));
+    ExpectIntEQ(wc_PKCS7_InitWithCert(pkcs7, NULL, 0), 0);
+    ExpectIntEQ(wc_PKCS7_VerifySignedData(pkcs7, output, outputSz), 0);
+
+#if defined(ASN_BER_TO_DER) && !defined(NO_RSA)
+    wc_PKCS7_Free(pkcs7);
+    pkcs7 = NULL;
+
+    /* reinitialize and test setting stream mode */
+    {
+        int signedSz = 0, i;
+        encodeSignedDataStream strm;
+        static const int numberOfChunkSizes = 4;
+        static const word32 chunkSizes[] = { 4080, 4096, 5000, 9999 };
+        /* chunkSizes were chosen to test around the default 4096 octet string
+         * size used in pkcs7.c */
+
+        XMEMSET(&strm, 0, sizeof(strm));
+
+        ExpectNotNull(pkcs7 = wc_PKCS7_New(HEAP_HINT, testDevId));
+        ExpectIntEQ(wc_PKCS7_Init(pkcs7, HEAP_HINT, INVALID_DEVID), 0);
+
+        ExpectIntEQ(wc_PKCS7_InitWithCert(pkcs7, cert, certSz), 0);
+
+        if (pkcs7 != NULL) {
+            pkcs7->content = data;
+            pkcs7->contentSz = (word32)sizeof(data);
+            pkcs7->privateKey = key;
+            pkcs7->privateKeySz = (word32)sizeof(key);
+            pkcs7->encryptOID = encryptOid;
+        #ifdef NO_SHA
+            pkcs7->hashOID = SHA256h;
+        #else
+            pkcs7->hashOID = SHAh;
+        #endif
+            pkcs7->rng = &rng;
+        }
+        ExpectIntEQ(wc_PKCS7_GetStreamMode(pkcs7), 0);
+        ExpectIntEQ(wc_PKCS7_SetStreamMode(pkcs7, 1, NULL, NULL, NULL), 0);
+        ExpectIntEQ(wc_PKCS7_SetStreamMode(NULL, 1, NULL, NULL, NULL),
+            WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+        ExpectIntEQ(wc_PKCS7_GetStreamMode(pkcs7), 1);
+
+        ExpectIntGT(signedSz = wc_PKCS7_EncodeSignedData(pkcs7, output,
+            outputSz), 0);
+        wc_PKCS7_Free(pkcs7);
+        pkcs7 = NULL;
+
+        ExpectNotNull(pkcs7 = wc_PKCS7_New(HEAP_HINT, testDevId));
+        ExpectIntEQ(wc_PKCS7_InitWithCert(pkcs7, NULL, 0), 0);
+
+        /* use exact signed buffer size since BER encoded */
+        ExpectIntEQ(wc_PKCS7_VerifySignedData(pkcs7, output,
+            (word32)signedSz), 0);
+        wc_PKCS7_Free(pkcs7);
+
+        /* now try with using callbacks for IO */
+        for (i = 0; i < numberOfChunkSizes; i++) {
+            strm.idx    = 0;
+            strm.outIdx = 0;
+            strm.chunkSz = chunkSizes[i];
+
+            ExpectNotNull(pkcs7 = wc_PKCS7_New(HEAP_HINT, testDevId));
+            ExpectIntEQ(wc_PKCS7_Init(pkcs7, HEAP_HINT, INVALID_DEVID), 0);
+
+            ExpectIntEQ(wc_PKCS7_InitWithCert(pkcs7, cert, certSz), 0);
+
+            if (pkcs7 != NULL) {
+                pkcs7->contentSz  = 10000;
+                pkcs7->privateKey = key;
+                pkcs7->privateKeySz = (word32)sizeof(key);
+                pkcs7->encryptOID = encryptOid;
+            #ifdef NO_SHA
+                pkcs7->hashOID = SHA256h;
+            #else
+                pkcs7->hashOID = SHAh;
+            #endif
+                pkcs7->rng = &rng;
+            }
+            ExpectIntEQ(wc_PKCS7_SetStreamMode(pkcs7, 1, GetContentCB,
+                StreamOutputCB, (void*)&strm), 0);
+
+            ExpectIntGT(signedSz = wc_PKCS7_EncodeSignedData(pkcs7, NULL, 0),
+                0);
+            wc_PKCS7_Free(pkcs7);
+            pkcs7 = NULL;
+
+            ExpectNotNull(pkcs7 = wc_PKCS7_New(HEAP_HINT, testDevId));
+            ExpectIntEQ(wc_PKCS7_InitWithCert(pkcs7, NULL, 0), 0);
+
+            /* use exact signed buffer size since BER encoded */
+            ExpectIntEQ(wc_PKCS7_VerifySignedData(pkcs7, strm.out,
+                (word32)signedSz), 0);
+            wc_PKCS7_Free(pkcs7);
+            pkcs7 = NULL;
+        }
+    }
+#endif
+#ifndef NO_PKCS7_STREAM
+    wc_PKCS7_Free(pkcs7);
+    pkcs7 = NULL;
+
+    {
+        word32 z;
+        int ret;
+
+        ExpectNotNull(pkcs7 = wc_PKCS7_New(HEAP_HINT, testDevId));
+        ExpectIntEQ(wc_PKCS7_InitWithCert(pkcs7, NULL, 0), 0);
+
+        /* test for streaming mode */
+        ret = -1;
+        for (z = 0; z < outputSz && ret != 0; z++) {
+            ret = wc_PKCS7_VerifySignedData(pkcs7, output + z, 1);
+            if (ret < 0){
+                ExpectIntEQ(ret, WC_NO_ERR_TRACE(WC_PKCS7_WANT_READ_E));
+            }
+        }
+        ExpectIntEQ(ret, 0);
+        ExpectIntNE(pkcs7->contentSz, 0);
+        ExpectNotNull(pkcs7->contentDynamic);
+    }
+#endif /* !NO_PKCS7_STREAM */
+
+
+    /* Pass in bad args. */
+    ExpectIntEQ(wc_PKCS7_EncodeSignedData(NULL, output, outputSz),
+        WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    ExpectIntEQ(wc_PKCS7_EncodeSignedData(pkcs7, NULL, outputSz), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    ExpectIntEQ(wc_PKCS7_EncodeSignedData(pkcs7, badOut,
+                                badOutSz), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    if (pkcs7 != NULL) {
+        pkcs7->hashOID = 0; /* bad hashOID */
+    }
+    ExpectIntEQ(wc_PKCS7_EncodeSignedData(pkcs7, output, outputSz),
+        WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+
+#if defined(HAVE_PKCS7) && defined(HAVE_PKCS7_RSA_RAW_SIGN_CALLBACK) && \
+    !defined(NO_RSA) && !defined(NO_SHA256)
+    /* test RSA sign raw digest callback, if using RSA and compiled in.
+     * Example callback assumes SHA-256, so only run test if compiled in. */
+    wc_PKCS7_Free(pkcs7);
+    pkcs7 = NULL;
+    ExpectNotNull(pkcs7 = wc_PKCS7_New(HEAP_HINT, testDevId));
+    ExpectIntEQ(wc_PKCS7_InitWithCert(pkcs7, cert, certSz), 0);
+
+    if (pkcs7 != NULL) {
+        pkcs7->content = data;
+        pkcs7->contentSz = (word32)sizeof(data);
+        pkcs7->privateKey = key;
+        pkcs7->privateKeySz = (word32)sizeof(key);
+        pkcs7->encryptOID = RSAk;
+        pkcs7->hashOID = SHA256h;
+        pkcs7->rng = &rng;
+    }
+
+    ExpectIntEQ(wc_PKCS7_SetRsaSignRawDigestCb(pkcs7, rsaSignRawDigestCb), 0);
+
+    ExpectIntGT(wc_PKCS7_EncodeSignedData(pkcs7, output, outputSz), 0);
+#endif
+
+    wc_PKCS7_Free(pkcs7);
+    DoExpectIntEQ(wc_FreeRng(&rng), 0);
+
+#endif
+    return EXPECT_RESULT();
+} /* END test_wc_PKCS7_EncodeSignedData */
+
+
+/*
+ * Testing wc_PKCS7_EncodeSignedData_ex() and wc_PKCS7_VerifySignedData_ex()
+ */
+int test_wc_PKCS7_EncodeSignedData_ex(void)
+{
+    EXPECT_DECLS;
+#if defined(HAVE_PKCS7)
+    int        i;
+    PKCS7*     pkcs7 = NULL;
+    WC_RNG     rng;
+    byte       outputHead[FOURK_BUF/2];
+    byte       outputFoot[FOURK_BUF/2];
+    word32     outputHeadSz = (word32)sizeof(outputHead);
+    word32     outputFootSz = (word32)sizeof(outputFoot);
+    byte       data[FOURK_BUF];
+    wc_HashAlg hash;
+#ifdef NO_SHA
+    enum wc_HashType hashType = WC_HASH_TYPE_SHA256;
+#else
+    enum wc_HashType hashType = WC_HASH_TYPE_SHA;
+#endif
+    byte        hashBuf[WC_MAX_DIGEST_SIZE];
+    word32      hashSz = (word32)wc_HashGetDigestSize(hashType);
+
+#ifndef NO_RSA
+    #if defined(USE_CERT_BUFFERS_2048)
+        byte        key[sizeof(client_key_der_2048)];
+        byte        cert[sizeof(client_cert_der_2048)];
+        word32      keySz = (word32)sizeof(key);
+        word32      certSz = (word32)sizeof(cert);
+        XMEMSET(key, 0, keySz);
+        XMEMSET(cert, 0, certSz);
+        XMEMCPY(key, client_key_der_2048, keySz);
+        XMEMCPY(cert, client_cert_der_2048, certSz);
+    #elif defined(USE_CERT_BUFFERS_1024)
+        byte        key[sizeof_client_key_der_1024];
+        byte        cert[sizeof(sizeof_client_cert_der_1024)];
+        word32      keySz = (word32)sizeof(key);
+        word32      certSz = (word32)sizeof(cert);
+        XMEMSET(key, 0, keySz);
+        XMEMSET(cert, 0, certSz);
+        XMEMCPY(key, client_key_der_1024, keySz);
+        XMEMCPY(cert, client_cert_der_1024, certSz);
+    #else
+        unsigned char  cert[ONEK_BUF];
+        unsigned char  key[ONEK_BUF];
+        XFILE          fp = XBADFILE;
+        int            certSz;
+        int            keySz;
+
+        ExpectTure((fp = XFOPEN("./certs/1024/client-cert.der", "rb")) !=
+            XBADFILE);
+        ExpectIntGT(certSz = (int)XFREAD(cert, 1, sizeof_client_cert_der_1024,
+            fp), 0);
+        if (fp != XBADFILE) {
+            XFCLOSE(fp);
+            fp = XBADFILE;
+        }
+
+        ExpectTrue((fp = XFOPEN("./certs/1024/client-key.der", "rb")) !=
+            XBADFILE);
+        ExpectIntGT(keySz = (int)XFREAD(key, 1, sizeof_client_key_der_1024, fp),
+            0);
+        if (fp != XBADFILE)
+            XFCLOSE(fp);
+    #endif
+#elif defined(HAVE_ECC)
+    #if defined(USE_CERT_BUFFERS_256)
+        unsigned char   cert[sizeof(cliecc_cert_der_256)];
+        unsigned char   key[sizeof(ecc_clikey_der_256)];
+        int             certSz = (int)sizeof(cert);
+        int             keySz = (int)sizeof(key);
+
+        XMEMSET(cert, 0, certSz);
+        XMEMSET(key, 0, keySz);
+        XMEMCPY(cert, cliecc_cert_der_256, sizeof_cliecc_cert_der_256);
+        XMEMCPY(key, ecc_clikey_der_256, sizeof_ecc_clikey_der_256);
+    #else
+        unsigned char cert[ONEK_BUF];
+        unsigned char key[ONEK_BUF];
+        XFILE         fp = XBADFILE;
+        int           certSz;
+        int           keySz;
+
+        ExpectTrue((fp = XFOPEN("./certs/client-ecc-cert.der", "rb")) !=
+            XBADFILE);
+        ExpectIntGT(certSz = (int)XFREAD(cert, 1, sizeof_cliecc_cert_der_256,
+            fp), 0);
+        if (fp != XBADFILE) {
+            XFCLOSE(fp);
+            fp = XBADFILE;
+        }
+
+        ExpectTrue((fp = XFOPEN("./certs/client-ecc-key.der", "rb")) !=
+            XBADFILE);
+        ExpectIntGT(keySz = (int)XFREAD(key, 1, sizeof_ecc_clikey_der_256, fp),
+            0);
+        if (fp != XBADFILE)
+            XFCLOSE(fp);
+    #endif
+#endif
+
+    XMEMSET(&rng, 0, sizeof(WC_RNG));
+
+    /* initialize large data with sequence */
+    for (i=0; i<(int)sizeof(data); i++)
+        data[i] = i & 0xff;
+
+    XMEMSET(outputHead, 0, outputHeadSz);
+    XMEMSET(outputFoot, 0, outputFootSz);
+    ExpectIntEQ(wc_InitRng(&rng), 0);
+
+    ExpectNotNull(pkcs7 = wc_PKCS7_New(HEAP_HINT, testDevId));
+    ExpectIntEQ(wc_PKCS7_Init(pkcs7, HEAP_HINT, INVALID_DEVID), 0);
+
+    ExpectIntEQ(wc_PKCS7_InitWithCert(pkcs7, cert, certSz), 0);
+
+    if (pkcs7 != NULL) {
+        pkcs7->content = NULL; /* not used for ex */
+        pkcs7->contentSz = (word32)sizeof(data);
+        pkcs7->privateKey = key;
+        pkcs7->privateKeySz = (word32)sizeof(key);
+        pkcs7->encryptOID = RSAk;
+    #ifdef NO_SHA
+        pkcs7->hashOID = SHA256h;
+    #else
+        pkcs7->hashOID = SHAh;
+    #endif
+        pkcs7->rng = &rng;
+    }
+
+    /* calculate hash for content */
+    XMEMSET(&hash, 0, sizeof(wc_HashAlg));
+    ExpectIntEQ(wc_HashInit(&hash, hashType), 0);
+    ExpectIntEQ(wc_HashUpdate(&hash, hashType, data, sizeof(data)), 0);
+    ExpectIntEQ(wc_HashFinal(&hash, hashType, hashBuf), 0);
+    DoExpectIntEQ(wc_HashFree(&hash, hashType), 0);
+
+    /* Perform PKCS7 sign using hash directly */
+    ExpectIntEQ(wc_PKCS7_EncodeSignedData_ex(pkcs7, hashBuf, hashSz,
+        outputHead, &outputHeadSz, outputFoot, &outputFootSz), 0);
+    ExpectIntGT(outputHeadSz, 0);
+    ExpectIntGT(outputFootSz, 0);
+
+    wc_PKCS7_Free(pkcs7);
+    pkcs7 = NULL;
+    ExpectNotNull(pkcs7 = wc_PKCS7_New(HEAP_HINT, testDevId));
+    ExpectIntEQ(wc_PKCS7_InitWithCert(pkcs7, NULL, 0), 0);
+
+    /* required parameter even on verify when using _ex, if using outputHead
+     * and outputFoot */
+    if (pkcs7 != NULL) {
+        pkcs7->contentSz = (word32)sizeof(data);
+    }
+    ExpectIntEQ(wc_PKCS7_VerifySignedData_ex(pkcs7, hashBuf, hashSz,
+        outputHead, outputHeadSz, outputFoot, outputFootSz), 0);
+
+    wc_PKCS7_Free(pkcs7);
+    pkcs7 = NULL;
+
+    /* assembly complete PKCS7 sign and use normal verify */
+    {
+        byte* output = NULL;
+        word32 outputSz = 0;
+    #ifndef NO_PKCS7_STREAM
+        word32 z;
+        int ret;
+    #endif /* !NO_PKCS7_STREAM */
+
+        ExpectNotNull(output = (byte*)XMALLOC(
+            outputHeadSz + sizeof(data) + outputFootSz, HEAP_HINT,
+            DYNAMIC_TYPE_TMP_BUFFER));
+        if (output != NULL) {
+            XMEMCPY(&output[outputSz], outputHead, outputHeadSz);
+            outputSz += outputHeadSz;
+            XMEMCPY(&output[outputSz], data, sizeof(data));
+            outputSz += sizeof(data);
+            XMEMCPY(&output[outputSz], outputFoot, outputFootSz);
+            outputSz += outputFootSz;
+        }
+
+        ExpectNotNull(pkcs7 = wc_PKCS7_New(HEAP_HINT, testDevId));
+        ExpectIntEQ(wc_PKCS7_InitWithCert(pkcs7, NULL, 0), 0);
+        ExpectIntEQ(wc_PKCS7_VerifySignedData(pkcs7, output, outputSz), 0);
+
+    #ifndef NO_PKCS7_STREAM
+        wc_PKCS7_Free(pkcs7);
+        pkcs7 = NULL;
+
+        ExpectNotNull(pkcs7 = wc_PKCS7_New(HEAP_HINT, testDevId));
+        ExpectIntEQ(wc_PKCS7_InitWithCert(pkcs7, NULL, 0), 0);
+
+        /* test for streaming mode */
+        ret = -1;
+        for (z = 0; z < outputSz && ret != 0; z++) {
+            ret = wc_PKCS7_VerifySignedData(pkcs7, output + z, 1);
+            if (ret < 0){
+                ExpectIntEQ(ret, WC_NO_ERR_TRACE(WC_PKCS7_WANT_READ_E));
+            }
+        }
+        ExpectIntEQ(ret, 0);
+        ExpectIntNE(pkcs7->contentSz, 0);
+        ExpectNotNull(pkcs7->contentDynamic);
+
+        wc_PKCS7_Free(pkcs7);
+        pkcs7 = NULL;
+        ExpectNotNull(pkcs7 = wc_PKCS7_New(HEAP_HINT, testDevId));
+        ExpectIntEQ(wc_PKCS7_InitWithCert(pkcs7, NULL, 0), 0);
+    #endif /* !NO_PKCS7_STREAM */
+
+        XFREE(output, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
+    }
+
+    /* Pass in bad args. */
+    ExpectIntEQ(wc_PKCS7_EncodeSignedData_ex(NULL, hashBuf, hashSz, outputHead,
+        &outputHeadSz, outputFoot, &outputFootSz), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    ExpectIntEQ(wc_PKCS7_EncodeSignedData_ex(pkcs7, NULL, hashSz, outputHead,
+        &outputHeadSz, outputFoot, &outputFootSz), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    ExpectIntEQ(wc_PKCS7_EncodeSignedData_ex(pkcs7, hashBuf, 0, outputHead,
+        &outputHeadSz, outputFoot, &outputFootSz), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    ExpectIntEQ(wc_PKCS7_EncodeSignedData_ex(pkcs7, hashBuf, hashSz, NULL,
+        &outputHeadSz, outputFoot, &outputFootSz), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    ExpectIntEQ(wc_PKCS7_EncodeSignedData_ex(pkcs7, hashBuf, hashSz,
+        outputHead, NULL, outputFoot, &outputFootSz), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    ExpectIntEQ(wc_PKCS7_EncodeSignedData_ex(pkcs7, hashBuf, hashSz,
+        outputHead, &outputHeadSz, NULL, &outputFootSz), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    ExpectIntEQ(wc_PKCS7_EncodeSignedData_ex(pkcs7, hashBuf, hashSz,
+        outputHead, &outputHeadSz, outputFoot, NULL), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    if (pkcs7 != NULL) {
+        pkcs7->hashOID = 0; /* bad hashOID */
+    }
+    ExpectIntEQ(wc_PKCS7_EncodeSignedData_ex(pkcs7, hashBuf, hashSz,
+        outputHead, &outputHeadSz, outputFoot, &outputFootSz), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+
+    ExpectIntEQ(wc_PKCS7_VerifySignedData_ex(NULL, hashBuf, hashSz, outputHead,
+        outputHeadSz, outputFoot, outputFootSz), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+
+    ExpectIntEQ(wc_PKCS7_VerifySignedData_ex(pkcs7, NULL, hashSz, outputHead,
+        outputHeadSz, outputFoot, outputFootSz), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+#ifndef NO_PKCS7_STREAM
+    ExpectIntEQ(wc_PKCS7_VerifySignedData_ex(pkcs7, hashBuf, 0, outputHead,
+        outputHeadSz, outputFoot, outputFootSz), WC_NO_ERR_TRACE(WC_PKCS7_WANT_READ_E));
+#else
+    ExpectIntEQ(wc_PKCS7_VerifySignedData_ex(pkcs7, hashBuf, 0, outputHead,
+        outputHeadSz, outputFoot, outputFootSz), WC_NO_ERR_TRACE(BUFFER_E));
+#endif
+    ExpectIntEQ(wc_PKCS7_VerifySignedData_ex(pkcs7, hashBuf, hashSz, NULL,
+        outputHeadSz, outputFoot, outputFootSz), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+#ifndef NO_PKCS7_STREAM
+    /* can pass in 0 buffer length with streaming API */
+    ExpectIntEQ(wc_PKCS7_VerifySignedData_ex(pkcs7, hashBuf, hashSz,
+        outputHead, 0, outputFoot, outputFootSz), WC_NO_ERR_TRACE(WC_PKCS7_WANT_READ_E));
+#else
+    ExpectIntEQ(wc_PKCS7_VerifySignedData_ex(pkcs7, hashBuf, hashSz,
+        outputHead, 0, outputFoot, outputFootSz), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+#endif
+    ExpectIntEQ(wc_PKCS7_VerifySignedData_ex(pkcs7, hashBuf, hashSz,
+        outputHead, outputHeadSz, NULL, outputFootSz), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+#ifndef NO_PKCS7_STREAM
+    ExpectIntEQ(wc_PKCS7_VerifySignedData_ex(pkcs7, hashBuf, hashSz,
+        outputHead, outputHeadSz, outputFoot, 0), WC_NO_ERR_TRACE(WC_PKCS7_WANT_READ_E));
+#else
+    ExpectIntEQ(wc_PKCS7_VerifySignedData_ex(pkcs7, hashBuf, hashSz,
+        outputHead, outputHeadSz, outputFoot, 0), WC_NO_ERR_TRACE(BUFFER_E));
+#endif
+
+    wc_PKCS7_Free(pkcs7);
+    DoExpectIntEQ(wc_FreeRng(&rng), 0);
+#endif
+    return EXPECT_RESULT();
+} /* END test_wc_PKCS7_EncodeSignedData_ex */
+
+
+#if defined(HAVE_PKCS7) && !defined(NO_FILESYSTEM)
+
+/**
+ * Loads certs/keys from files or buffers into the argument buffers,
+ * helper function called by CreatePKCS7SignedData().
+ *
+ * Returns 0 on success, negative on error.
+ */
+static int LoadPKCS7SignedDataCerts(
+        int useIntermediateCertChain, int pkAlgoType,
+        byte* intCARoot, word32* intCARootSz,
+        byte* intCA1, word32* intCA1Sz,
+        byte* intCA2, word32* intCA2Sz,
+        byte* cert, word32* certSz,
+        byte* key, word32* keySz)
+{
+    EXPECT_DECLS;
+    int ret = 0;
+    XFILE fp = XBADFILE;
+
+#ifndef NO_RSA
+    const char* intCARootRSA   = "./certs/ca-cert.der";
+    const char* intCA1RSA      = "./certs/intermediate/ca-int-cert.der";
+    const char* intCA2RSA      = "./certs/intermediate/ca-int2-cert.der";
+    const char* intServCertRSA = "./certs/intermediate/server-int-cert.der";
+    const char* intServKeyRSA  = "./certs/server-key.der";
+
+    #if !defined(USE_CERT_BUFFERS_2048) && !defined(USE_CERT_BUFFERS_1024)
+        const char* cli1024Cert    = "./certs/1024/client-cert.der";
+        const char* cli1024Key     = "./certs/1024/client-key.der";
+    #endif
+#endif
+#ifdef HAVE_ECC
+    const char* intCARootECC   = "./certs/ca-ecc-cert.der";
+    const char* intCA1ECC      = "./certs/intermediate/ca-int-ecc-cert.der";
+    const char* intCA2ECC      = "./certs/intermediate/ca-int2-ecc-cert.der";
+    const char* intServCertECC = "./certs/intermediate/server-int-ecc-cert.der";
+    const char* intServKeyECC  = "./certs/ecc-key.der";
+
+    #ifndef USE_CERT_BUFFERS_256
+        const char* cliEccCert     = "./certs/client-ecc-cert.der";
+        const char* cliEccKey      = "./certs/client-ecc-key.der";
+    #endif
+#endif
+
+    if (cert == NULL || certSz == NULL || key == NULL || keySz == NULL ||
+        ((useIntermediateCertChain == 1) &&
+        (intCARoot == NULL || intCARootSz == NULL || intCA1 == NULL ||
+         intCA1Sz == NULL || intCA2 == NULL || intCA2Sz == NULL))) {
+        return BAD_FUNC_ARG;
+    }
+
+    /* Read/load certs and keys to use for signing based on PK type and chain */
+    switch (pkAlgoType) {
+#ifndef NO_RSA
+        case RSA_TYPE:
+            if (useIntermediateCertChain == 1) {
+                ExpectTrue((fp = XFOPEN(intCARootRSA, "rb")) != XBADFILE);
+                *intCARootSz = (word32)XFREAD(intCARoot, 1, *intCARootSz, fp);
+                if (fp != XBADFILE) {
+                    XFCLOSE(fp);
+                    fp = XBADFILE;
+                }
+                ExpectIntGT(*intCARootSz, 0);
+
+                ExpectTrue((fp = XFOPEN(intCA1RSA, "rb")) != XBADFILE);
+                if (fp != XBADFILE) {
+                    *intCA1Sz = (word32)XFREAD(intCA1, 1, *intCA1Sz, fp);
+                    XFCLOSE(fp);
+                    fp = XBADFILE;
+                }
+                ExpectIntGT(*intCA1Sz, 0);
+
+                ExpectTrue((fp = XFOPEN(intCA2RSA, "rb")) != XBADFILE);
+                if (fp != XBADFILE) {
+                    *intCA2Sz = (word32)XFREAD(intCA2, 1, *intCA2Sz, fp);
+                    XFCLOSE(fp);
+                    fp = XBADFILE;
+                }
+                ExpectIntGT(*intCA2Sz, 0);
+
+                ExpectTrue((fp = XFOPEN(intServCertRSA, "rb")) != XBADFILE);
+                if (fp != XBADFILE) {
+                    *certSz = (word32)XFREAD(cert, 1, *certSz, fp);
+                    XFCLOSE(fp);
+                    fp = XBADFILE;
+                }
+                ExpectIntGT(*certSz, 0);
+
+                ExpectTrue((fp = XFOPEN(intServKeyRSA, "rb")) != XBADFILE);
+                if (fp != XBADFILE) {
+                    *keySz = (word32)XFREAD(key, 1, *keySz, fp);
+                    XFCLOSE(fp);
+                    fp = XBADFILE;
+                }
+                ExpectIntGT(*keySz, 0);
+            }
+            else {
+            #if defined(USE_CERT_BUFFERS_2048)
+                *keySz  = sizeof_client_key_der_2048;
+                *certSz = sizeof_client_cert_der_2048;
+                XMEMCPY(key, client_key_der_2048, *keySz);
+                XMEMCPY(cert, client_cert_der_2048, *certSz);
+            #elif defined(USE_CERT_BUFFERS_1024)
+                *keySz  = sizeof_client_key_der_1024;
+                *certSz = sizeof_client_cert_der_1024;
+                XMEMCPY(key, client_key_der_1024, *keySz);
+                XMEMCPY(cert, client_cert_der_1024, *certSz);
+            #else
+                ExpectTrue((fp = XFOPEN(cli1024Key, "rb")) != XBADFILE);
+                if (fp != XBADFILE) {
+                    *keySz = (word32)XFREAD(key, 1, *keySz, fp);
+                    XFCLOSE(fp);
+                    fp = XBADFILE;
+                }
+                ExpectIntGT(*keySz, 0);
+
+                ExpectTrue((fp = XFOPEN(cli1024Cert, "rb")) != XBADFILE);
+                if (fp != XBADFILE) {
+                    *certSz = (word32)XFREAD(cert, 1, *certSz, fp);
+                    XFCLOSE(fp);
+                    fp = XBADFILE;
+                }
+                ExpectIntGT(*certSz, 0);
+            #endif /* USE_CERT_BUFFERS_2048 */
+            }
+            break;
+#endif /* !NO_RSA */
+#ifdef HAVE_ECC
+        case ECC_TYPE:
+            if (useIntermediateCertChain == 1) {
+                ExpectTrue((fp = XFOPEN(intCARootECC, "rb")) != XBADFILE);
+                if (fp != XBADFILE) {
+                    *intCARootSz = (word32)XFREAD(intCARoot, 1, *intCARootSz,
+                                                  fp);
+                    XFCLOSE(fp);
+                    fp = XBADFILE;
+                }
+                ExpectIntGT(*intCARootSz, 0);
+
+                ExpectTrue((fp = XFOPEN(intCA1ECC, "rb")) != XBADFILE);
+                if (fp != XBADFILE) {
+                    *intCA1Sz = (word32)XFREAD(intCA1, 1, *intCA1Sz, fp);
+                    XFCLOSE(fp);
+                    fp = XBADFILE;
+                }
+                ExpectIntGT(*intCA1Sz, 0);
+
+                ExpectTrue((fp = XFOPEN(intCA2ECC, "rb")) != XBADFILE);
+                if (fp != XBADFILE) {
+                    *intCA2Sz = (word32)XFREAD(intCA2, 1, *intCA2Sz, fp);
+                    XFCLOSE(fp);
+                    fp = XBADFILE;
+                }
+                ExpectIntGT(*intCA2Sz, 0);
+
+                ExpectTrue((fp = XFOPEN(intServCertECC, "rb")) != XBADFILE);
+                if (fp != XBADFILE) {
+                    *certSz = (word32)XFREAD(cert, 1, *certSz, fp);
+                    XFCLOSE(fp);
+                    fp = XBADFILE;
+                }
+                ExpectIntGT(*certSz, 0);
+
+                ExpectTrue((fp = XFOPEN(intServKeyECC, "rb")) != XBADFILE);
+                if (fp != XBADFILE) {
+                    *keySz = (word32)XFREAD(key, 1, *keySz, fp);
+                    XFCLOSE(fp);
+                    fp = XBADFILE;
+                }
+                ExpectIntGT(*keySz, 0);
+            }
+            else {
+            #if defined(USE_CERT_BUFFERS_256)
+                *keySz  = sizeof_ecc_clikey_der_256;
+                *certSz = sizeof_cliecc_cert_der_256;
+                XMEMCPY(key, ecc_clikey_der_256, *keySz);
+                XMEMCPY(cert, cliecc_cert_der_256, *certSz);
+            #else
+                ExpectTrue((fp = XFOPEN(cliEccKey, "rb")) != XBADFILE);
+                if (fp != XBADFILE) {
+                    *keySz = (word32)XFREAD(key, 1, *keySz, fp);
+                    XFCLOSE(fp);
+                    fp = XBADFILE;
+                }
+                ExpectIntGT(*keySz, 0);
+
+                ExpectTrue((fp = XFOPEN(cliEccCert, "rb")) != XBADFILE);
+                if (fp != XBADFILE) {
+                    *certSz = (word32)XFREAD(cert, 1, *certSz, fp);
+                    XFCLOSE(fp);
+                    fp = XBADFILE;
+                }
+                ExpectIntGT(*certSz, 0);
+            #endif /* USE_CERT_BUFFERS_256 */
+            }
+            break;
+#endif /* HAVE_ECC */
+        default:
+            WOLFSSL_MSG("Unsupported SignedData PK type");
+            ret = BAD_FUNC_ARG;
+            break;
+    }
+
+    if (EXPECT_FAIL() && (ret == 0)) {
+        ret = BAD_FUNC_ARG;
+    }
+    return ret;
+}
+
+/**
+ * Creates a PKCS7/CMS SignedData bundle to use for testing.
+ *
+ * output          output buffer to place SignedData
+ * outputSz        size of output buffer
+ * data            data buffer to be signed
+ * dataSz          size of data buffer
+ * withAttribs     [1/0] include attributes in SignedData message
+ * detachedSig     [1/0] create detached signature, no content
+ * useIntCertChain [1/0] use certificate chain and include intermediate and
+ *                 root CAs in bundle
+ * pkAlgoType      RSA_TYPE or ECC_TYPE, choose what key/cert type to use
+ *
+ * Return size of bundle created on success, negative on error */
+int CreatePKCS7SignedData(unsigned char* output, int outputSz,
+                          byte* data, word32 dataSz,
+                          int withAttribs, int detachedSig,
+                          int useIntermediateCertChain,
+                          int pkAlgoType)
+{
+    EXPECT_DECLS;
+    int ret = 0;
+    WC_RNG rng;
+    PKCS7* pkcs7 = NULL;
+
+    static byte messageTypeOid[] =
+               { 0x06, 0x0a, 0x60, 0x86, 0x48, 0x01, 0x86, 0xF8, 0x45, 0x01,
+                 0x09, 0x02 };
+    static byte messageType[] = { 0x13, 2, '1', '9' };
+
+    PKCS7Attrib attribs[] =
+    {
+        { messageTypeOid, sizeof(messageTypeOid), messageType,
+                                       sizeof(messageType) }
+    };
+
+    byte intCARoot[TWOK_BUF];
+    byte intCA1[TWOK_BUF];
+    byte intCA2[TWOK_BUF];
+    byte cert[TWOK_BUF];
+    byte key[TWOK_BUF];
+
+    word32 intCARootSz = sizeof(intCARoot);
+    word32 intCA1Sz    = sizeof(intCA1);
+    word32 intCA2Sz    = sizeof(intCA2);
+    word32 certSz      = sizeof(cert);
+    word32 keySz       = sizeof(key);
+
+    XMEMSET(intCARoot, 0, intCARootSz);
+    XMEMSET(intCA1, 0, intCA1Sz);
+    XMEMSET(intCA2, 0, intCA2Sz);
+    XMEMSET(cert, 0, certSz);
+    XMEMSET(key, 0, keySz);
+
+    ret = LoadPKCS7SignedDataCerts(useIntermediateCertChain, pkAlgoType,
+                intCARoot, &intCARootSz, intCA1, &intCA1Sz, intCA2, &intCA2Sz,
+                cert, &certSz, key, &keySz);
+    ExpectIntEQ(ret, 0);
+
+    XMEMSET(output, 0, outputSz);
+    ExpectIntEQ(wc_InitRng(&rng), 0);
+
+    ExpectNotNull(pkcs7 = wc_PKCS7_New(HEAP_HINT, testDevId));
+    ExpectIntEQ(wc_PKCS7_Init(pkcs7, HEAP_HINT, INVALID_DEVID), 0);
+    ExpectIntEQ(wc_PKCS7_InitWithCert(pkcs7, cert, certSz), 0);
+
+    if (useIntermediateCertChain == 1) {
+        /* Add intermediate and root CA certs into SignedData Certs SET */
+        ExpectIntEQ(wc_PKCS7_AddCertificate(pkcs7, intCA2, intCA2Sz), 0);
+        ExpectIntEQ(wc_PKCS7_AddCertificate(pkcs7, intCA1, intCA1Sz), 0);
+        ExpectIntEQ(wc_PKCS7_AddCertificate(pkcs7, intCARoot, intCARootSz), 0);
+    }
+
+    if (pkcs7 != NULL) {
+        pkcs7->content = data;
+        pkcs7->contentSz = dataSz;
+        pkcs7->privateKey = key;
+        pkcs7->privateKeySz = (word32)sizeof(key);
+        if (pkAlgoType == RSA_TYPE) {
+            pkcs7->encryptOID = RSAk;
+        }
+        else {
+            pkcs7->encryptOID = ECDSAk;
+        }
+    #ifdef NO_SHA
+        pkcs7->hashOID = SHA256h;
+    #else
+        pkcs7->hashOID = SHAh;
+    #endif
+        pkcs7->rng = &rng;
+        if (withAttribs) {
+            /* include a signed attribute */
+            pkcs7->signedAttribs   = attribs;
+            pkcs7->signedAttribsSz = (sizeof(attribs)/sizeof(PKCS7Attrib));
+        }
+    }
+
+    if (detachedSig) {
+        ExpectIntEQ(wc_PKCS7_SetDetached(pkcs7, 1), 0);
+    }
+
+    outputSz = wc_PKCS7_EncodeSignedData(pkcs7, output, (word32)outputSz);
+    ExpectIntGT(outputSz, 0);
+    wc_PKCS7_Free(pkcs7);
+    pkcs7 = NULL;
+    ExpectNotNull(pkcs7 = wc_PKCS7_New(HEAP_HINT, testDevId));
+    ExpectIntEQ(wc_PKCS7_InitWithCert(pkcs7, NULL, 0), 0);
+    if (detachedSig && (pkcs7 != NULL)) {
+        pkcs7->content = data;
+        pkcs7->contentSz = dataSz;
+    }
+    ExpectIntEQ(wc_PKCS7_VerifySignedData(pkcs7, output, (word32)outputSz), 0);
+
+    wc_PKCS7_Free(pkcs7);
+    wc_FreeRng(&rng);
+
+    if (EXPECT_FAIL()) {
+        outputSz = 0;
+    }
+    return outputSz;
+}
+#endif
+
+/*
+ * Testing wc_PKCS_VerifySignedData()
+ */
+int test_wc_PKCS7_VerifySignedData_RSA(void)
+{
+    EXPECT_DECLS;
+#if defined(HAVE_PKCS7) && !defined(NO_FILESYSTEM) && !defined(NO_RSA)
+    PKCS7* pkcs7 = NULL;
+    byte   output[6000]; /* Large size needed for bundles with int CA certs */
+    word32 outputSz = sizeof(output);
+    byte   data[] = "Test data to encode.";
+    byte   badOut[1];
+    word32 badOutSz = 0;
+    byte   badContent[] = "This is different content than was signed";
+    wc_HashAlg hash;
+#ifdef NO_SHA
+    enum wc_HashType hashType = WC_HASH_TYPE_SHA256;
+#else
+    enum wc_HashType hashType = WC_HASH_TYPE_SHA;
+#endif
+    byte        hashBuf[WC_MAX_DIGEST_SIZE];
+    word32      hashSz = (word32)wc_HashGetDigestSize(hashType);
+#ifndef NO_RSA
+    PKCS7DecodedAttrib* decodedAttrib = NULL;
+    /* contentType OID (1.2.840.113549.1.9.3) */
+    static const byte contentTypeOid[] =
+        { 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xF7, 0x0d, 0x01, 0x09, 0x03 };
+
+    /* PKCS#7 DATA content type (contentType defaults to DATA) */
+    static const byte dataType[] =
+        { 0x2A, 0x86, 0x48, 0x86, 0xF7, 0x0D, 0x01, 0x07, 0x01 };
+
+    /* messageDigest OID (1.2.840.113549.1.9.4) */
+    static const byte messageDigestOid[] =
+        { 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x09, 0x04 };
+#ifndef NO_ASN_TIME
+    /* signingTime OID () */
+    static const byte signingTimeOid[] =
+        { 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x09, 0x05};
+#endif
+#if !defined(NO_ASN) && !defined(NO_ASN_TIME)
+    int dateLength = 0;
+    byte dateFormat;
+    const byte* datePart = NULL;
+    struct tm timearg;
+    time_t now;
+    struct tm* nowTm = NULL;
+#ifdef NEED_TMP_TIME
+    struct tm tmpTimeStorage;
+    struct tm* tmpTime = &tmpTimeStorage;
+#endif
+#endif /* !NO_ASN && !NO_ASN_TIME */
+#ifndef NO_PKCS7_STREAM
+    word32 z;
+    int ret;
+#endif /* !NO_PKCS7_STREAM */
+
+    XMEMSET(&hash, 0, sizeof(wc_HashAlg));
+
+    /* Success test with RSA certs/key */
+    ExpectIntGT((outputSz = (word32)CreatePKCS7SignedData(output, (int)outputSz, data,
+        (word32)sizeof(data), 0, 0, 0, RSA_TYPE)), 0);
+
+    /* calculate hash for content, used later */
+    ExpectIntEQ(wc_HashInit(&hash, hashType), 0);
+    ExpectIntEQ(wc_HashUpdate(&hash, hashType, data, sizeof(data)), 0);
+    ExpectIntEQ(wc_HashFinal(&hash, hashType, hashBuf), 0);
+    DoExpectIntEQ(wc_HashFree(&hash, hashType), 0);
+
+    ExpectNotNull(pkcs7 = wc_PKCS7_New(HEAP_HINT, testDevId));
+    ExpectIntEQ(wc_PKCS7_Init(pkcs7, HEAP_HINT, INVALID_DEVID), 0);
+    ExpectIntEQ(wc_PKCS7_InitWithCert(pkcs7, NULL, 0), 0);
+    ExpectIntEQ(wc_PKCS7_VerifySignedData(pkcs7, output, outputSz), 0);
+
+#ifndef NO_PKCS7_STREAM
+    wc_PKCS7_Free(pkcs7);
+    pkcs7 = NULL;
+
+    ExpectNotNull(pkcs7 = wc_PKCS7_New(HEAP_HINT, testDevId));
+    ExpectIntEQ(wc_PKCS7_InitWithCert(pkcs7, NULL, 0), 0);
+
+    /* test for streaming */
+    ret = -1;
+    for (z = 0; z < outputSz && ret != 0; z++) {
+        ret = wc_PKCS7_VerifySignedData(pkcs7, output + z, 1);
+        if (ret < 0){
+            ExpectIntEQ(ret, WC_NO_ERR_TRACE(WC_PKCS7_WANT_READ_E));
+        }
+    }
+    ExpectIntEQ(ret, 0);
+    ExpectIntNE(pkcs7->contentSz, 0);
+    ExpectNotNull(pkcs7->contentDynamic);
+#endif /* !NO_PKCS7_STREAM */
+
+    /* Check that decoded signed attributes are correct */
+
+    /* messageDigest should be first */
+    if (pkcs7 != NULL) {
+        decodedAttrib = pkcs7->decodedAttrib;
+    }
+    ExpectNotNull(decodedAttrib);
+    ExpectIntEQ(decodedAttrib->oidSz, (word32)sizeof(messageDigestOid));
+    ExpectIntEQ(XMEMCMP(decodedAttrib->oid, messageDigestOid,
+        decodedAttrib->oidSz), 0);
+    /* + 2 for OCTET STRING and length bytes */
+    ExpectIntEQ(decodedAttrib->valueSz, hashSz + 2);
+    ExpectNotNull(decodedAttrib->value);
+    ExpectIntEQ(XMEMCMP(decodedAttrib->value + 2, hashBuf, hashSz), 0);
+
+#ifndef NO_ASN_TIME
+    /* signingTime should be second */
+    if (decodedAttrib != NULL) {
+        decodedAttrib = decodedAttrib->next;
+    }
+    ExpectNotNull(decodedAttrib);
+    ExpectIntEQ(decodedAttrib->oidSz, (word32)sizeof(signingTimeOid));
+    ExpectIntEQ(XMEMCMP(decodedAttrib->oid, signingTimeOid,
+        decodedAttrib->oidSz), 0);
+
+    ExpectIntGT(decodedAttrib->valueSz, 0);
+    ExpectNotNull(decodedAttrib->value);
+#endif
+
+    /* Verify signingTime if ASN and time are available */
+#if !defined(NO_ASN) && !defined(NO_ASN_TIME)
+    ExpectIntEQ(wc_GetDateInfo(decodedAttrib->value, decodedAttrib->valueSz,
+        &datePart, &dateFormat, &dateLength), 0);
+    ExpectNotNull(datePart);
+    ExpectIntGT(dateLength, 0);
+    XMEMSET(&timearg, 0, sizeof(timearg));
+    ExpectIntEQ(wc_GetDateAsCalendarTime(datePart, dateLength, dateFormat,
+         &timearg), 0);
+
+    /* Get current time and compare year/month/day against attribute value */
+    ExpectIntEQ(wc_GetTime(&now, sizeof(now)), 0);
+    nowTm = (struct tm*)XGMTIME((time_t*)&now, tmpTime);
+    ExpectNotNull(nowTm);
+
+    ExpectIntEQ(timearg.tm_year, nowTm->tm_year);
+    ExpectIntEQ(timearg.tm_mon, nowTm->tm_mon);
+    ExpectIntEQ(timearg.tm_mday, nowTm->tm_mday);
+#endif /* !NO_ASN && !NO_ASN_TIME */
+
+    /* contentType should be third */
+    if (decodedAttrib != NULL) {
+        decodedAttrib = decodedAttrib->next;
+    }
+    ExpectNotNull(decodedAttrib);
+    ExpectIntEQ(decodedAttrib->oidSz, (word32)sizeof(contentTypeOid));
+    ExpectIntEQ(XMEMCMP(decodedAttrib->oid, contentTypeOid,
+        decodedAttrib->oidSz), 0);
+    ExpectIntEQ(decodedAttrib->valueSz, (int)sizeof(dataType) + 2);
+    ExpectNotNull(decodedAttrib->value);
+    ExpectIntEQ(XMEMCMP(decodedAttrib->value + 2, dataType, sizeof(dataType)),
+        0);
+#endif /* !NO_RSA */
+
+    /* Test bad args. */
+    ExpectIntEQ(wc_PKCS7_VerifySignedData(NULL, output, outputSz),
+                                          WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    ExpectIntEQ(wc_PKCS7_VerifySignedData(pkcs7, NULL, outputSz),
+                                          WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    #ifndef NO_PKCS7_STREAM
+        /* can pass in 0 buffer length with streaming API */
+        ExpectIntEQ(wc_PKCS7_VerifySignedData(pkcs7, badOut,
+                                    badOutSz), WC_NO_ERR_TRACE(WC_PKCS7_WANT_READ_E));
+    #else
+        ExpectIntEQ(wc_PKCS7_VerifySignedData(pkcs7, badOut,
+                                    badOutSz), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    #endif
+    wc_PKCS7_Free(pkcs7);
+    pkcs7 = NULL;
+
+#ifndef NO_RSA
+    /* Try RSA certs/key/sig first */
+    outputSz = sizeof(output);
+    XMEMSET(output, 0, outputSz);
+    ExpectIntGT((outputSz = (word32)CreatePKCS7SignedData(output, (int)outputSz, data,
+                                                  (word32)sizeof(data),
+                                                  1, 1, 0, RSA_TYPE)), 0);
+    ExpectNotNull(pkcs7 = wc_PKCS7_New(HEAP_HINT, testDevId));
+    ExpectIntEQ(wc_PKCS7_InitWithCert(pkcs7, NULL, 0), 0);
+    if (pkcs7 != NULL) {
+        pkcs7->content = badContent;
+        pkcs7->contentSz = sizeof(badContent);
+    }
+    ExpectIntEQ(wc_PKCS7_VerifySignedData(pkcs7, output, outputSz),
+                WC_NO_ERR_TRACE(SIG_VERIFY_E));
+
+    wc_PKCS7_Free(pkcs7);
+    pkcs7 = NULL;
+
+#ifndef NO_PKCS7_STREAM
+    ExpectNotNull(pkcs7 = wc_PKCS7_New(HEAP_HINT, testDevId));
+    ExpectIntEQ(wc_PKCS7_InitWithCert(pkcs7, NULL, 0), 0);
+    if (pkcs7 != NULL) {
+        pkcs7->content = badContent;
+        pkcs7->contentSz = sizeof(badContent);
+    }
+    /* test for streaming */
+    ret = -1;
+    for (z = 0; z < outputSz && ret != 0; z++) {
+        ret = wc_PKCS7_VerifySignedData(pkcs7, output + z, 1);
+        if (ret == WC_NO_ERR_TRACE(WC_PKCS7_WANT_READ_E)){
+            continue;
+        }
+        else if (ret < 0) {
+            break;
+        }
+    }
+    ExpectIntEQ(ret, WC_NO_ERR_TRACE(SIG_VERIFY_E));
+    ExpectIntNE(pkcs7->contentSz, 0);
+    ExpectNotNull(pkcs7->contentDynamic);
+    wc_PKCS7_Free(pkcs7);
+    pkcs7 = NULL;
+#endif /* !NO_PKCS7_STREAM */
+
+
+    /* Test success case with detached signature and valid content */
+    ExpectNotNull(pkcs7 = wc_PKCS7_New(HEAP_HINT, testDevId));
+    ExpectIntEQ(wc_PKCS7_InitWithCert(pkcs7, NULL, 0), 0);
+    if (pkcs7 != NULL) {
+        pkcs7->content = data;
+        pkcs7->contentSz = sizeof(data);
+    }
+    ExpectIntEQ(wc_PKCS7_VerifySignedData(pkcs7, output, outputSz), 0);
+    wc_PKCS7_Free(pkcs7);
+    pkcs7 = NULL;
+
+#ifndef NO_PKCS7_STREAM
+    ExpectNotNull(pkcs7 = wc_PKCS7_New(HEAP_HINT, testDevId));
+    ExpectIntEQ(wc_PKCS7_InitWithCert(pkcs7, NULL, 0), 0);
+    if (pkcs7 != NULL) {
+        pkcs7->content = data;
+        pkcs7->contentSz = sizeof(data);
+    }
+
+    /* test for streaming */
+    ret = -1;
+    for (z = 0; z < outputSz && ret != 0; z++) {
+        ret = wc_PKCS7_VerifySignedData(pkcs7, output + z, 1);
+        if (ret < 0){
+            ExpectIntEQ(ret, WC_NO_ERR_TRACE(WC_PKCS7_WANT_READ_E));
+        }
+    }
+    ExpectIntEQ(ret, 0);
+    ExpectIntNE(pkcs7->contentSz, 0);
+    ExpectNotNull(pkcs7->contentDynamic);
+
+    wc_PKCS7_Free(pkcs7);
+    pkcs7 = NULL;
+#endif /* !NO_PKCS7_STREAM */
+
+    /* verify using pre-computed content digest only (no content) */
+    {
+        ExpectNotNull(pkcs7 = wc_PKCS7_New(HEAP_HINT, testDevId));
+        ExpectIntEQ(wc_PKCS7_Init(pkcs7, NULL, 0), 0);
+        ExpectIntEQ(wc_PKCS7_VerifySignedData_ex(pkcs7, hashBuf, hashSz,
+            output, outputSz, NULL, 0), 0);
+        wc_PKCS7_Free(pkcs7);
+        pkcs7 = NULL;
+    }
+#endif /* !NO_RSA */
+
+    /* Test verify on signedData containing intermediate/root CA certs */
+#ifndef NO_RSA
+    outputSz = sizeof(output);
+    XMEMSET(output, 0, outputSz);
+    ExpectIntGT((outputSz = (word32)CreatePKCS7SignedData(output, (int)outputSz, data,
+                                                  (word32)sizeof(data),
+                                                  0, 0, 1, RSA_TYPE)), 0);
+    ExpectNotNull(pkcs7 = wc_PKCS7_New(HEAP_HINT, testDevId));
+    ExpectIntEQ(wc_PKCS7_InitWithCert(pkcs7, NULL, 0), 0);
+    ExpectIntEQ(wc_PKCS7_VerifySignedData(pkcs7, output, outputSz), 0);
+    wc_PKCS7_Free(pkcs7);
+    pkcs7 = NULL;
+
+#ifndef NO_PKCS7_STREAM
+    ExpectNotNull(pkcs7 = wc_PKCS7_New(HEAP_HINT, testDevId));
+    ExpectIntEQ(wc_PKCS7_InitWithCert(pkcs7, NULL, 0), 0);
+
+    /* test for streaming */
+    ret = -1;
+    for (z = 0; z < outputSz && ret != 0; z++) {
+        ret = wc_PKCS7_VerifySignedData(pkcs7, output + z, 1);
+        if (ret < 0){
+            ExpectIntEQ(ret, WC_NO_ERR_TRACE(WC_PKCS7_WANT_READ_E));
+        }
+    }
+    ExpectIntEQ(ret, 0);
+    ExpectIntNE(pkcs7->contentSz, 0);
+    ExpectNotNull(pkcs7->contentDynamic);
+
+    wc_PKCS7_Free(pkcs7);
+    pkcs7 = NULL;
+#endif /* !NO_PKCS7_STREAM */
+
+#endif /* !NO_RSA */
+#if defined(ASN_BER_TO_DER) && !defined(NO_PKCS7_STREAM) && \
+        !defined(NO_FILESYSTEM)
+    {
+        XFILE signedBundle = XBADFILE;
+        int   signedBundleSz = 0;
+        int   chunkSz = 1;
+        int   i, rc = 0;
+        byte* buf = NULL;
+
+        ExpectTrue((signedBundle = XFOPEN("./certs/test-stream-sign.p7b",
+            "rb")) != XBADFILE);
+        ExpectTrue(XFSEEK(signedBundle, 0, XSEEK_END) == 0);
+        ExpectIntGT(signedBundleSz = (int)XFTELL(signedBundle), 0);
+        ExpectTrue(XFSEEK(signedBundle, 0, XSEEK_SET) == 0);
+        ExpectNotNull(buf = (byte*)XMALLOC(signedBundleSz, HEAP_HINT,
+            DYNAMIC_TYPE_FILE));
+        if (buf != NULL) {
+            ExpectIntEQ(XFREAD(buf, 1, (size_t)signedBundleSz, signedBundle),
+                signedBundleSz);
+        }
+        if (signedBundle != XBADFILE) {
+            XFCLOSE(signedBundle);
+            signedBundle = XBADFILE;
+        }
+
+        if (buf != NULL) {
+            ExpectNotNull(pkcs7 = wc_PKCS7_New(HEAP_HINT, testDevId));
+            ExpectIntEQ(wc_PKCS7_InitWithCert(pkcs7, NULL, 0), 0);
+            for (i = 0; i < signedBundleSz;) {
+                int sz = (i + chunkSz > signedBundleSz)? signedBundleSz - i :
+                    chunkSz;
+                rc = wc_PKCS7_VerifySignedData(pkcs7, buf + i, (word32)sz);
+                if (rc < 0 ) {
+                    if (rc == WC_NO_ERR_TRACE(WC_PKCS7_WANT_READ_E)) {
+                        i += sz;
+                        continue;
+                    }
+                    break;
+                }
+                else {
+                    break;
+                }
+            }
+            ExpectIntEQ(rc, WC_NO_ERR_TRACE(PKCS7_SIGNEEDS_CHECK));
+            wc_PKCS7_Free(pkcs7);
+            pkcs7 = NULL;
+        }
+
+        /* now try with malformed bundle */
+        if (buf != NULL) {
+            ExpectNotNull(pkcs7 = wc_PKCS7_New(HEAP_HINT, testDevId));
+            ExpectIntEQ(wc_PKCS7_InitWithCert(pkcs7, NULL, 0), 0);
+            buf[signedBundleSz - 2] = buf[signedBundleSz - 2] + 1;
+            for (i = 0; i < signedBundleSz;) {
+                int sz = (i + chunkSz > signedBundleSz)? signedBundleSz - i :
+                    chunkSz;
+                rc = wc_PKCS7_VerifySignedData(pkcs7, buf + i, (word32)sz);
+                if (rc < 0 ) {
+                    if (rc == WC_NO_ERR_TRACE(WC_PKCS7_WANT_READ_E)) {
+                        i += sz;
+                        continue;
+                    }
+                    break;
+                }
+                else {
+                    break;
+                }
+            }
+            ExpectIntEQ(rc, WC_NO_ERR_TRACE(ASN_PARSE_E));
+            wc_PKCS7_Free(pkcs7);
+            pkcs7 = NULL;
+        }
+
+        if (buf != NULL)
+            XFREE(buf, HEAP_HINT, DYNAMIC_TYPE_FILE);
+    }
+#endif /* BER and stream */
+#endif
+    return EXPECT_RESULT();
+} /* END test_wc_PKCS7_VerifySignedData()_RSA */
+
+/*
+ * Testing wc_PKCS_VerifySignedData()
+ */
+int test_wc_PKCS7_VerifySignedData_ECC(void)
+{
+    EXPECT_DECLS;
+#if defined(HAVE_PKCS7) && !defined(NO_FILESYSTEM) && defined(HAVE_ECC)
+    PKCS7* pkcs7 = NULL;
+    byte   output[6000]; /* Large size needed for bundles with int CA certs */
+    word32 outputSz = sizeof(output);
+    byte   data[] = "Test data to encode.";
+    byte   badContent[] = "This is different content than was signed";
+    wc_HashAlg hash;
+#ifndef NO_PKCS7_STREAM
+    word32 z;
+    int ret;
+#endif /* !NO_PKCS7_STREAM */
+#ifdef NO_SHA
+    enum wc_HashType hashType = WC_HASH_TYPE_SHA256;
+#else
+    enum wc_HashType hashType = WC_HASH_TYPE_SHA;
+#endif
+    byte        hashBuf[WC_MAX_DIGEST_SIZE];
+    word32      hashSz = (word32)wc_HashGetDigestSize(hashType);
+
+    XMEMSET(&hash, 0, sizeof(wc_HashAlg));
+
+    /* Success test with ECC certs/key */
+    outputSz = sizeof(output);
+    XMEMSET(output, 0, outputSz);
+    ExpectIntGT((outputSz = (word32)CreatePKCS7SignedData(output, (int)outputSz, data,
+        (word32)sizeof(data), 0, 0, 0, ECC_TYPE)), 0);
+
+    ExpectNotNull(pkcs7 = wc_PKCS7_New(HEAP_HINT, testDevId));
+    ExpectIntEQ(wc_PKCS7_Init(pkcs7, HEAP_HINT, INVALID_DEVID), 0);
+    ExpectIntEQ(wc_PKCS7_InitWithCert(pkcs7, NULL, 0), 0);
+    ExpectIntEQ(wc_PKCS7_VerifySignedData(pkcs7, output, outputSz), 0);
+    wc_PKCS7_Free(pkcs7);
+    pkcs7 = NULL;
+
+#ifndef NO_PKCS7_STREAM
+    ExpectNotNull(pkcs7 = wc_PKCS7_New(HEAP_HINT, testDevId));
+    ExpectIntEQ(wc_PKCS7_InitWithCert(pkcs7, NULL, 0), 0);
+
+    /* test for streaming */
+    ret = -1;
+    for (z = 0; z < outputSz && ret != 0; z++) {
+        ret = wc_PKCS7_VerifySignedData(pkcs7, output + z, 1);
+        if (ret < 0){
+            ExpectIntEQ(ret, WC_NO_ERR_TRACE(WC_PKCS7_WANT_READ_E));
+        }
+    }
+    ExpectIntEQ(ret, 0);
+    ExpectIntNE(pkcs7->contentSz, 0);
+    ExpectNotNull(pkcs7->contentDynamic);
+    wc_PKCS7_Free(pkcs7);
+    pkcs7 = NULL;
+#endif /* !NO_PKCS7_STREAM */
+
+    /* Invalid content should error, use detached signature so we can
+     * easily change content */
+    outputSz = sizeof(output);
+    XMEMSET(output, 0, outputSz);
+    ExpectIntGT((outputSz = (word32)CreatePKCS7SignedData(output, (int)outputSz, data,
+        (word32)sizeof(data), 1, 1, 0, ECC_TYPE)), 0);
+    ExpectNotNull(pkcs7 = wc_PKCS7_New(HEAP_HINT, testDevId));
+    ExpectIntEQ(wc_PKCS7_InitWithCert(pkcs7, NULL, 0), 0);
+    if (pkcs7 != NULL) {
+        pkcs7->content = badContent;
+        pkcs7->contentSz = sizeof(badContent);
+    }
+    ExpectIntEQ(wc_PKCS7_VerifySignedData(pkcs7, output, outputSz),
+        WC_NO_ERR_TRACE(SIG_VERIFY_E));
+    wc_PKCS7_Free(pkcs7);
+    pkcs7 = NULL;
+
+#ifndef NO_PKCS7_STREAM
+    ExpectNotNull(pkcs7 = wc_PKCS7_New(HEAP_HINT, testDevId));
+    ExpectIntEQ(wc_PKCS7_InitWithCert(pkcs7, NULL, 0), 0);
+    if (pkcs7 != NULL) {
+        pkcs7->content = badContent;
+        pkcs7->contentSz = sizeof(badContent);
+    }
+
+    /* test for streaming */
+    ret = -1;
+    for (z = 0; z < outputSz && ret != 0; z++) {
+        ret = wc_PKCS7_VerifySignedData(pkcs7, output + z, 1);
+        if (ret == WC_NO_ERR_TRACE(WC_PKCS7_WANT_READ_E)){
+            continue;
+        }
+        else if (ret < 0) {
+            break;
+        }
+    }
+    ExpectIntEQ(ret, WC_NO_ERR_TRACE(SIG_VERIFY_E));
+    ExpectIntNE(pkcs7->contentSz, 0);
+    ExpectNotNull(pkcs7->contentDynamic);
+    wc_PKCS7_Free(pkcs7);
+    pkcs7 = NULL;
+#endif /* !NO_PKCS7_STREAM */
+
+
+    /* Test success case with detached signature and valid content */
+    ExpectNotNull(pkcs7 = wc_PKCS7_New(HEAP_HINT, testDevId));
+    ExpectIntEQ(wc_PKCS7_InitWithCert(pkcs7, NULL, 0), 0);
+    if (pkcs7 != NULL) {
+        pkcs7->content = data;
+        pkcs7->contentSz = sizeof(data);
+    }
+    ExpectIntEQ(wc_PKCS7_VerifySignedData(pkcs7, output, outputSz), 0);
+    wc_PKCS7_Free(pkcs7);
+    pkcs7 = NULL;
+
+#ifndef NO_PKCS7_STREAM
+    ExpectNotNull(pkcs7 = wc_PKCS7_New(HEAP_HINT, testDevId));
+    ExpectIntEQ(wc_PKCS7_InitWithCert(pkcs7, NULL, 0), 0);
+    if (pkcs7 != NULL) {
+        pkcs7->content = data;
+        pkcs7->contentSz = sizeof(data);
+    }
+
+    /* test for streaming */
+    ret = -1;
+    for (z = 0; z < outputSz && ret != 0; z++) {
+        ret = wc_PKCS7_VerifySignedData(pkcs7, output + z, 1);
+        if (ret < 0){
+            ExpectIntEQ(ret, WC_NO_ERR_TRACE(WC_PKCS7_WANT_READ_E));
+        }
+    }
+    ExpectIntEQ(ret, 0);
+    ExpectIntNE(pkcs7->contentSz, 0);
+    ExpectNotNull(pkcs7->contentDynamic);
+
+    wc_PKCS7_Free(pkcs7);
+    pkcs7 = NULL;
+#endif /* !NO_PKCS7_STREAM */
+
+    /* verify using pre-computed content digest only (no content) */
+    {
+        /* calculate hash for content */
+        ExpectIntEQ(wc_HashInit(&hash, hashType), 0);
+        ExpectIntEQ(wc_HashUpdate(&hash, hashType, data, sizeof(data)), 0);
+        ExpectIntEQ(wc_HashFinal(&hash, hashType, hashBuf), 0);
+        ExpectIntEQ(wc_HashFree(&hash, hashType), 0);
+
+        ExpectNotNull(pkcs7 = wc_PKCS7_New(HEAP_HINT, testDevId));
+        ExpectIntEQ(wc_PKCS7_Init(pkcs7, NULL, 0), 0);
+        ExpectIntEQ(wc_PKCS7_VerifySignedData_ex(pkcs7, hashBuf, hashSz,
+            output, outputSz, NULL, 0), 0);
+        wc_PKCS7_Free(pkcs7);
+        pkcs7 = NULL;
+    }
+
+    /* Test verify on signedData containing intermediate/root CA certs */
+    outputSz = sizeof(output);
+    XMEMSET(output, 0, outputSz);
+    ExpectIntGT((outputSz = (word32)CreatePKCS7SignedData(output, (int)outputSz, data,
+        (word32)sizeof(data), 0, 0, 1, ECC_TYPE)), 0);
+    ExpectNotNull(pkcs7 = wc_PKCS7_New(HEAP_HINT, testDevId));
+    ExpectIntEQ(wc_PKCS7_InitWithCert(pkcs7, NULL, 0), 0);
+    ExpectIntEQ(wc_PKCS7_VerifySignedData(pkcs7, output, outputSz), 0);
+    wc_PKCS7_Free(pkcs7);
+    pkcs7 = NULL;
+
+#ifndef NO_PKCS7_STREAM
+    ExpectNotNull(pkcs7 = wc_PKCS7_New(HEAP_HINT, testDevId));
+    ExpectIntEQ(wc_PKCS7_InitWithCert(pkcs7, NULL, 0), 0);
+
+    /* test for streaming */
+    ret = -1;
+    for (z = 0; z < outputSz && ret != 0; z++) {
+        ret = wc_PKCS7_VerifySignedData(pkcs7, output + z, 1);
+        if (ret < 0){
+            ExpectIntEQ(ret, WC_NO_ERR_TRACE(WC_PKCS7_WANT_READ_E));
+        }
+    }
+    ExpectIntEQ(ret, 0);
+    ExpectIntNE(pkcs7->contentSz, 0);
+    ExpectNotNull(pkcs7->contentDynamic);
+
+    wc_PKCS7_Free(pkcs7);
+    pkcs7 = NULL;
+#endif /* !NO_PKCS7_STREAM */
+
+#endif
+    return EXPECT_RESULT();
+} /* END test_wc_PKCS7_VerifySignedData_ECC() */
+
+
+#if defined(HAVE_PKCS7) && !defined(NO_AES) && defined(HAVE_AES_CBC) && \
+    defined(WOLFSSL_AES_256) && defined(HAVE_AES_KEYWRAP)
+static const byte defKey[] = {
+    0x01,0x02,0x03,0x04,0x05,0x06,0x07,0x08,
+    0x01,0x02,0x03,0x04,0x05,0x06,0x07,0x08,
+    0x01,0x02,0x03,0x04,0x05,0x06,0x07,0x08,
+    0x01,0x02,0x03,0x04,0x05,0x06,0x07,0x08
+};
+static byte aesHandle[32]; /* simulated hardware key handle */
+
+
+/* return 0 on success */
+static int myDecryptionFunc(PKCS7* pkcs7, int encryptOID, byte* iv, int ivSz,
+        byte* aad, word32 aadSz, byte* authTag, word32 authTagSz,
+        byte* in, int inSz, byte* out, void* usrCtx)
+{
+    int ret;
+    Aes aes;
+
+    if (usrCtx == NULL) {
+        /* no simulated handle passed in */
+        return -1;
+    }
+
+    switch (encryptOID) {
+        case AES256CBCb:
+            if (ivSz  != AES_BLOCK_SIZE)
+                return BAD_FUNC_ARG;
+            break;
+
+        default:
+            WOLFSSL_MSG("Unsupported content cipher type for test");
+            return ALGO_ID_E;
+    };
+
+    /* simulate using handle to get key */
+    ret = wc_AesInit(&aes, HEAP_HINT, INVALID_DEVID);
+    if (ret == 0) {
+        ret = wc_AesSetKey(&aes, (byte*)usrCtx, 32, iv, AES_DECRYPTION);
+        if (ret == 0)
+            ret = wc_AesCbcDecrypt(&aes, out, in, (word32)inSz);
+        wc_AesFree(&aes);
+    }
+
+    (void)aad;
+    (void)aadSz;
+    (void)authTag;
+    (void)authTagSz;
+    (void)pkcs7;
+    return ret;
+}
+
+
+/* returns key size on success */
+static int myCEKwrapFunc(PKCS7* pkcs7, byte* cek, word32 cekSz, byte* keyId,
+        word32 keyIdSz, byte* orginKey, word32 orginKeySz,
+        byte* out, word32 outSz, int keyWrapAlgo, int type, int direction)
+{
+    int ret = -1;
+
+    (void)cekSz;
+    (void)cek;
+    (void)outSz;
+    (void)keyIdSz;
+    (void)direction;
+    (void)orginKey; /* used with KAKRI */
+    (void)orginKeySz;
+
+    if (out == NULL)
+        return BAD_FUNC_ARG;
+
+    if (keyId[0] != 0x00) {
+        return -1;
+    }
+
+    if (type != (int)PKCS7_KEKRI) {
+        return -1;
+    }
+
+    switch (keyWrapAlgo) {
+        case AES256_WRAP:
+            /* simulate setting a handle for later decryption but use key
+             * as handle in the test case here */
+            ret = wc_AesKeyUnWrap(defKey, sizeof(defKey), cek, cekSz,
+                                      aesHandle, sizeof(aesHandle), NULL);
+            if (ret < 0)
+                return ret;
+
+            ret = wc_PKCS7_SetDecodeEncryptedCtx(pkcs7, (void*)aesHandle);
+            if (ret < 0)
+                return ret;
+
+            /* return key size on success */
+            return sizeof(defKey);
+
+        default:
+            WOLFSSL_MSG("Unsupported key wrap algorithm in example");
+            return BAD_KEYWRAP_ALG_E;
+    };
+}
+#endif /* HAVE_PKCS7 && !NO_AES && HAVE_AES_CBC && WOLFSSL_AES_256 &&
+          HAVE_AES_KEYWRAP */
+
+
+#if defined(HAVE_PKCS7) && defined(ASN_BER_TO_DER)
+#define MAX_TEST_DECODE_SIZE 6000
+static int test_wc_PKCS7_DecodeEnvelopedData_stream_decrypt_cb(wc_PKCS7* pkcs7,
+    const byte* output, word32 outputSz, void* ctx) {
+     WOLFSSL_BUFFER_INFO* out = (WOLFSSL_BUFFER_INFO*)ctx;
+
+    if (out == NULL) {
+        return -1;
+    }
+
+    if (outputSz + out->length > MAX_TEST_DECODE_SIZE) {
+        printf("Example buffer size needs increased");
+    }
+
+    /* printf("Decoded in %d bytes\n", outputSz);
+     * for (word32 z = 0; z < outputSz; z++) printf("%02X", output[z]);
+     * printf("\n");
+    */
+
+    XMEMCPY(out->buffer + out->length, output, outputSz);
+    out->length += outputSz;
+
+    (void)pkcs7;
+    return 0;
+}
+#endif /* HAVE_PKCS7 && ASN_BER_TO_DER */
+
+/*
+ * Testing wc_PKCS7_DecodeEnvelopedData with streaming
+ */
+int test_wc_PKCS7_DecodeEnvelopedData_stream(void)
+{
+#if defined(HAVE_PKCS7) && defined(ASN_BER_TO_DER)
+    EXPECT_DECLS;
+    PKCS7*      pkcs7 = NULL;
+    int ret = 0;
+    XFILE f = XBADFILE;
+    const char* testStream = "./certs/test-stream-dec.p7b";
+    byte testStreamBuffer[100];
+    size_t testStreamBufferSz = 0;
+    byte decodedData[MAX_TEST_DECODE_SIZE]; /* large enough to hold result of decode, which is ca-cert.pem */
+    WOLFSSL_BUFFER_INFO out;
+
+    out.length = 0;
+    out.buffer = decodedData;
+
+    ExpectNotNull(pkcs7 = wc_PKCS7_New(HEAP_HINT, testDevId));
+    ExpectIntEQ(wc_PKCS7_InitWithCert(pkcs7, (byte*)client_cert_der_2048,
+        sizeof_client_cert_der_2048), 0);
+
+    ExpectIntEQ(wc_PKCS7_SetKey(pkcs7, (byte*)client_key_der_2048,
+        sizeof_client_key_der_2048), 0);
+    ExpectIntEQ(wc_PKCS7_SetStreamMode(pkcs7, 1, NULL,
+        test_wc_PKCS7_DecodeEnvelopedData_stream_decrypt_cb, (void*)&out), 0);
+
+    ExpectTrue((f = XFOPEN(testStream, "rb")) != XBADFILE);
+    if (EXPECT_SUCCESS()) {
+        do {
+            testStreamBufferSz = XFREAD(testStreamBuffer, 1,
+                sizeof(testStreamBuffer), f);
+            if (testStreamBufferSz == 0) {
+                break;
+            }
+
+            ret = wc_PKCS7_DecodeEnvelopedData(pkcs7, testStreamBuffer,
+                (word32)testStreamBufferSz, NULL, 0);
+            if (testStreamBufferSz < sizeof(testStreamBuffer)) {
+                break;
+            }
+        } while (ret == WC_NO_ERR_TRACE(WC_PKCS7_WANT_READ_E));
+    #ifdef NO_DES3
+        ExpectIntEQ(ret, ALGO_ID_E);
+    #else
+        ExpectIntGT(ret, 0);
+    #endif
+    }
+
+    if (f != XBADFILE) {
+        XFCLOSE(f);
+        f = XBADFILE;
+    }
+
+    wc_PKCS7_Free(pkcs7);
+    return EXPECT_RESULT();
+#else
+    return TEST_SKIPPED;
+#endif
+} /* END test_wc_PKCS7_DecodeEnvelopedData_stream() */
+
+/*
+ * Testing wc_PKCS7_EncodeEnvelopedData(), wc_PKCS7_DecodeEnvelopedData()
+ */
+int test_wc_PKCS7_EncodeDecodeEnvelopedData(void)
+{
+    EXPECT_DECLS;
+#if defined(HAVE_PKCS7)
+    PKCS7*      pkcs7 = NULL;
+#ifdef ASN_BER_TO_DER
+    int encodedSz = 0;
+#endif
+#ifdef ECC_TIMING_RESISTANT
+    WC_RNG      rng;
+#endif
+#ifdef HAVE_AES_KEYWRAP
+    word32      tempWrd32   = 0;
+    byte*       tmpBytePtr = NULL;
+#endif
+    const char  input[] = "Test data to encode.";
+    int         i;
+    int         testSz = 0;
+    #if !defined(NO_RSA) && (!defined(NO_AES) || (!defined(NO_SHA) || \
+        !defined(NO_SHA256) || defined(WOLFSSL_SHA512)))
+        byte*   rsaCert     = NULL;
+        byte*   rsaPrivKey  = NULL;
+        word32  rsaCertSz;
+        word32  rsaPrivKeySz;
+        #if !defined(NO_FILESYSTEM) && (!defined(USE_CERT_BUFFERS_1024) && \
+                                           !defined(USE_CERT_BUFFERS_2048) )
+            static const char* rsaClientCert = "./certs/client-cert.der";
+            static const char* rsaClientKey = "./certs/client-key.der";
+            rsaCertSz = (word32)sizeof(rsaClientCert);
+            rsaPrivKeySz = (word32)sizeof(rsaClientKey);
+        #endif
+    #endif
+    #if defined(HAVE_ECC) && defined(HAVE_X963_KDF) && (!defined(NO_AES) || \
+            !defined(NO_SHA) || !defined(NO_SHA256) || defined(WOLFSSL_SHA512))
+        byte*   eccCert     = NULL;
+        byte*   eccPrivKey  = NULL;
+        word32  eccCertSz;
+        word32  eccPrivKeySz;
+        #if !defined(NO_FILESYSTEM) && !defined(USE_CERT_BUFFERS_256)
+            static const char* eccClientCert = "./certs/client-ecc-cert.der";
+            static const char* eccClientKey = "./certs/ecc-client-key.der";
+        #endif
+    #endif
+    /* Generic buffer size. */
+    byte    output[ONEK_BUF];
+    byte    decoded[sizeof(input)/sizeof(char)];
+    int     decodedSz = 0;
+#ifndef NO_FILESYSTEM
+    XFILE certFile = XBADFILE;
+    XFILE keyFile = XBADFILE;
+#endif
+
+#ifdef ECC_TIMING_RESISTANT
+    XMEMSET(&rng, 0, sizeof(WC_RNG));
+#endif
+
+#if !defined(NO_RSA) && (!defined(NO_AES) || (!defined(NO_SHA) ||\
+    !defined(NO_SHA256) || defined(WOLFSSL_SHA512)))
+    /* RSA certs and keys. */
+    #if defined(USE_CERT_BUFFERS_1024)
+        rsaCertSz = (word32)sizeof_client_cert_der_1024;
+        /* Allocate buffer space. */
+        ExpectNotNull(rsaCert = (byte*)XMALLOC(rsaCertSz, HEAP_HINT,
+            DYNAMIC_TYPE_TMP_BUFFER));
+        /* Init buffer. */
+        if (rsaCert != NULL) {
+            XMEMCPY(rsaCert, client_cert_der_1024, rsaCertSz);
+        }
+        rsaPrivKeySz = (word32)sizeof_client_key_der_1024;
+        ExpectNotNull(rsaPrivKey = (byte*)XMALLOC(rsaPrivKeySz, HEAP_HINT,
+            DYNAMIC_TYPE_TMP_BUFFER));
+        if (rsaPrivKey != NULL) {
+            XMEMCPY(rsaPrivKey, client_key_der_1024, rsaPrivKeySz);
+        }
+    #elif defined(USE_CERT_BUFFERS_2048)
+        rsaCertSz = (word32)sizeof_client_cert_der_2048;
+        /* Allocate buffer */
+        ExpectNotNull(rsaCert = (byte*)XMALLOC(rsaCertSz, HEAP_HINT,
+            DYNAMIC_TYPE_TMP_BUFFER));
+        /* Init buffer. */
+        if (rsaCert != NULL) {
+            XMEMCPY(rsaCert, client_cert_der_2048, rsaCertSz);
+        }
+        rsaPrivKeySz = (word32)sizeof_client_key_der_2048;
+        ExpectNotNull(rsaPrivKey = (byte*)XMALLOC(rsaPrivKeySz, HEAP_HINT,
+            DYNAMIC_TYPE_TMP_BUFFER));
+        if (rsaPrivKey != NULL) {
+            XMEMCPY(rsaPrivKey, client_key_der_2048, rsaPrivKeySz);
+        }
+    #else
+        /* File system. */
+        ExpectTrue((certFile = XFOPEN(rsaClientCert, "rb")) != XBADFILE);
+        rsaCertSz = (word32)FOURK_BUF;
+        ExpectNotNull(rsaCert = (byte*)XMALLOC(FOURK_BUF, HEAP_HINT,
+            DYNAMIC_TYPE_TMP_BUFFER));
+        ExpectTrue((rsaCertSz = (word32)XFREAD(rsaCert, 1, rsaCertSz,
+            certFile)) > 0);
+        if (certFile != XBADFILE)
+            XFCLOSE(certFile);
+        ExpectTrue((keyFile = XFOPEN(rsaClientKey, "rb")) != XBADFILE);
+        ExpectNotNull(rsaPrivKey = (byte*)XMALLOC(FOURK_BUF, HEAP_HINT,
+            DYNAMIC_TYPE_TMP_BUFFER));
+        rsaPrivKeySz = (word32)FOURK_BUF;
+        ExpectTrue((rsaPrivKeySz = (word32)XFREAD(rsaPrivKey, 1, rsaPrivKeySz,
+            keyFile)) > 0);
+        if (keyFile != XBADFILE)
+            XFCLOSE(keyFile);
+    #endif /* USE_CERT_BUFFERS */
+#endif /* NO_RSA */
+
+/* ECC */
+#if defined(HAVE_ECC) && defined(HAVE_X963_KDF) && (!defined(NO_AES) || \
+        !defined(NO_SHA) || !defined(NO_SHA256) || defined(WOLFSSL_SHA512))
+
+    #ifdef USE_CERT_BUFFERS_256
+        ExpectNotNull(eccCert = (byte*)XMALLOC(TWOK_BUF, HEAP_HINT,
+            DYNAMIC_TYPE_TMP_BUFFER));
+        /* Init buffer. */
+        eccCertSz = (word32)sizeof_cliecc_cert_der_256;
+        if (eccCert != NULL) {
+            XMEMCPY(eccCert, cliecc_cert_der_256, eccCertSz);
+        }
+        ExpectNotNull(eccPrivKey = (byte*)XMALLOC(TWOK_BUF, HEAP_HINT,
+            DYNAMIC_TYPE_TMP_BUFFER));
+        eccPrivKeySz = (word32)sizeof_ecc_clikey_der_256;
+        if (eccPrivKey != NULL) {
+            XMEMCPY(eccPrivKey, ecc_clikey_der_256, eccPrivKeySz);
+        }
+    #else /* File system. */
+        ExpectTrue((certFile = XFOPEN(eccClientCert, "rb")) != XBADFILE);
+        eccCertSz = (word32)FOURK_BUF;
+        ExpectNotNull(eccCert = (byte*)XMALLOC(FOURK_BUF, HEAP_HINT,
+            DYNAMIC_TYPE_TMP_BUFFER));
+        ExpectTrue((eccCertSz = (word32)XFREAD(eccCert, 1, eccCertSz,
+            certFile)) > 0);
+        if (certFile != XBADFILE) {
+            XFCLOSE(certFile);
+        }
+        ExpectTrue((keyFile = XFOPEN(eccClientKey, "rb")) != XBADFILE);
+        eccPrivKeySz = (word32)FOURK_BUF;
+        ExpectNotNull(eccPrivKey = (byte*)XMALLOC(FOURK_BUF, HEAP_HINT,
+            DYNAMIC_TYPE_TMP_BUFFER));
+        ExpectTrue((eccPrivKeySz = (word32)XFREAD(eccPrivKey, 1, eccPrivKeySz,
+            keyFile)) > 0);
+        if (keyFile != XBADFILE) {
+            XFCLOSE(keyFile);
+        }
+    #endif /* USE_CERT_BUFFERS_256 */
+#endif /* END HAVE_ECC */
+
+#ifndef NO_FILESYSTEM
+    /* Silence. */
+    (void)keyFile;
+    (void)certFile;
+#endif
+
+    {
+    const pkcs7EnvelopedVector testVectors[] = {
+    /* DATA is a global variable defined in the makefile. */
+#if !defined(NO_RSA)
+    #ifndef NO_DES3
+        {(byte*)input, (word32)(sizeof(input)/sizeof(char)), DATA, DES3b, 0, 0,
+            rsaCert, rsaCertSz, rsaPrivKey, rsaPrivKeySz},
+    #endif /* NO_DES3 */
+    #if !defined(NO_AES) && defined(HAVE_AES_CBC) && defined(HAVE_AES_KEYWRAP)
+        #ifdef WOLFSSL_AES_128
+        {(byte*)input, (word32)(sizeof(input)/sizeof(char)), DATA, AES128CBCb,
+            0, 0, rsaCert, rsaCertSz, rsaPrivKey, rsaPrivKeySz},
+        #endif
+        #ifdef WOLFSSL_AES_192
+        {(byte*)input, (word32)(sizeof(input)/sizeof(char)), DATA, AES192CBCb,
+            0, 0, rsaCert, rsaCertSz, rsaPrivKey, rsaPrivKeySz},
+        #endif
+        #ifdef WOLFSSL_AES_256
+        {(byte*)input, (word32)(sizeof(input)/sizeof(char)), DATA, AES256CBCb,
+            0, 0, rsaCert, rsaCertSz, rsaPrivKey, rsaPrivKeySz},
+        #endif
+    #endif /* NO_AES && HAVE_AES_CBC */
+
+#endif /* NO_RSA */
+#if defined(HAVE_ECC) && defined(HAVE_X963_KDF)
+    #if !defined(NO_AES) && defined(HAVE_AES_CBC) && defined(HAVE_AES_KEYWRAP)
+        #if !defined(NO_SHA) && defined(WOLFSSL_AES_128)
+            {(byte*)input, (word32)(sizeof(input)/sizeof(char)), DATA,
+                AES128CBCb, AES128_WRAP, dhSinglePass_stdDH_sha1kdf_scheme,
+                eccCert, eccCertSz, eccPrivKey, eccPrivKeySz},
+        #endif
+        #if !defined(NO_SHA256) && defined(WOLFSSL_AES_256)
+            {(byte*)input, (word32)(sizeof(input)/sizeof(char)), DATA,
+                AES256CBCb, AES256_WRAP, dhSinglePass_stdDH_sha256kdf_scheme,
+                eccCert, eccCertSz, eccPrivKey, eccPrivKeySz},
+        #endif
+        #if defined(WOLFSSL_SHA512) && defined(WOLFSSL_AES_256)
+            {(byte*)input, (word32)(sizeof(input)/sizeof(char)), DATA,
+                AES256CBCb, AES256_WRAP, dhSinglePass_stdDH_sha512kdf_scheme,
+                eccCert, eccCertSz, eccPrivKey, eccPrivKeySz},
+        #endif
+    #endif /* NO_AES && HAVE_AES_CBC && HAVE_AES_KEYWRAP */
+#endif /* END HAVE_ECC */
+    }; /* END pkcs7EnvelopedVector */
+
+#ifdef ECC_TIMING_RESISTANT
+    ExpectIntEQ(wc_InitRng(&rng), 0);
+#endif
+
+    ExpectNotNull(pkcs7 = wc_PKCS7_New(HEAP_HINT, testDevId));
+    ExpectIntEQ(wc_PKCS7_Init(pkcs7, HEAP_HINT, testDevId), 0);
+
+    testSz = (int)sizeof(testVectors)/(int)sizeof(pkcs7EnvelopedVector);
+    for (i = 0; i < testSz; i++) {
+    #ifdef ASN_BER_TO_DER
+        encodeSignedDataStream strm;
+
+        /* test setting stream mode, the first one using IO callbacks */
+        ExpectIntEQ(wc_PKCS7_InitWithCert(pkcs7, (testVectors + i)->cert,
+                                    (word32)(testVectors + i)->certSz), 0);
+        if (pkcs7 != NULL) {
+        #ifdef ECC_TIMING_RESISTANT
+            pkcs7->rng = &rng;
+        #endif
+
+            if (i != 0)
+                pkcs7->content       = (byte*)(testVectors + i)->content;
+            pkcs7->contentSz     = (testVectors + i)->contentSz;
+            pkcs7->contentOID    = (testVectors + i)->contentOID;
+            pkcs7->encryptOID    = (testVectors + i)->encryptOID;
+            pkcs7->keyWrapOID    = (testVectors + i)->keyWrapOID;
+            pkcs7->keyAgreeOID   = (testVectors + i)->keyAgreeOID;
+            pkcs7->privateKey    = (testVectors + i)->privateKey;
+            pkcs7->privateKeySz  = (testVectors + i)->privateKeySz;
+        }
+
+        if (i == 0) {
+            XMEMSET(&strm, 0, sizeof(strm));
+            strm.chunkSz = FOURK_BUF;
+            ExpectIntEQ(wc_PKCS7_SetStreamMode(pkcs7, 1, GetContentCB,
+                StreamOutputCB, (void*)&strm), 0);
+            encodedSz = wc_PKCS7_EncodeEnvelopedData(pkcs7, NULL, 0);
+        }
+        else {
+            ExpectIntEQ(wc_PKCS7_SetStreamMode(pkcs7, 1, NULL, NULL, NULL), 0);
+            encodedSz = wc_PKCS7_EncodeEnvelopedData(pkcs7, output,
+                (word32)sizeof(output));
+        }
+
+        switch ((testVectors + i)->encryptOID) {
+        #ifndef NO_DES3
+            case DES3b:
+            case DESb:
+                ExpectIntEQ(encodedSz, WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+                break;
+        #endif
+        #ifdef HAVE_AESCCM
+        #ifdef WOLFSSL_AES_128
+            case AES128CCMb:
+                ExpectIntEQ(encodedSz, WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+                break;
+        #endif
+        #ifdef WOLFSSL_AES_192
+            case AES192CCMb:
+                ExpectIntEQ(encodedSz, WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+                break;
+        #endif
+        #ifdef WOLFSSL_AES_256
+            case AES256CCMb:
+                ExpectIntEQ(encodedSz, WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+                break;
+        #endif
+        #endif
+            default:
+                ExpectIntGE(encodedSz, 0);
+        }
+
+        if (encodedSz > 0) {
+            if (i == 0) {
+                decodedSz = wc_PKCS7_DecodeEnvelopedData(pkcs7,
+                    strm.out, (word32)encodedSz, decoded,
+                    (word32)sizeof(decoded));
+            }
+            else {
+                decodedSz = wc_PKCS7_DecodeEnvelopedData(pkcs7, output,
+                    (word32)encodedSz, decoded, (word32)sizeof(decoded));
+            }
+            ExpectIntGE(decodedSz, 0);
+            /* Verify the size of each buffer. */
+            ExpectIntEQ((word32)sizeof(input)/sizeof(char), decodedSz);
+        }
+        wc_PKCS7_Free(pkcs7);
+        pkcs7 = NULL;
+        ExpectNotNull(pkcs7 = wc_PKCS7_New(HEAP_HINT, testDevId));
+    #endif
+
+        ExpectIntEQ(wc_PKCS7_InitWithCert(pkcs7, (testVectors + i)->cert,
+                                    (word32)(testVectors + i)->certSz), 0);
+        if (pkcs7 != NULL) {
+#ifdef ECC_TIMING_RESISTANT
+            pkcs7->rng = &rng;
+#endif
+
+            pkcs7->content       = (byte*)(testVectors + i)->content;
+            pkcs7->contentSz     = (testVectors + i)->contentSz;
+            pkcs7->contentOID    = (testVectors + i)->contentOID;
+            pkcs7->encryptOID    = (testVectors + i)->encryptOID;
+            pkcs7->keyWrapOID    = (testVectors + i)->keyWrapOID;
+            pkcs7->keyAgreeOID   = (testVectors + i)->keyAgreeOID;
+            pkcs7->privateKey    = (testVectors + i)->privateKey;
+            pkcs7->privateKeySz  = (testVectors + i)->privateKeySz;
+        }
+
+    #ifdef ASN_BER_TO_DER
+        /* test without setting stream mode */
+        ExpectIntEQ(wc_PKCS7_GetStreamMode(pkcs7), 0);
+    #endif
+
+        ExpectIntGE(wc_PKCS7_EncodeEnvelopedData(pkcs7, output,
+            (word32)sizeof(output)), 0);
+
+        decodedSz = wc_PKCS7_DecodeEnvelopedData(pkcs7, output,
+            (word32)sizeof(output), decoded, (word32)sizeof(decoded));
+        ExpectIntGE(decodedSz, 0);
+        /* Verify the size of each buffer. */
+        ExpectIntEQ((word32)sizeof(input)/sizeof(char), decodedSz);
+
+        /* Don't free the last time through the loop. */
+        if (i < testSz - 1) {
+            wc_PKCS7_Free(pkcs7);
+            pkcs7 = NULL;
+            ExpectNotNull(pkcs7 = wc_PKCS7_New(HEAP_HINT, testDevId));
+        }
+    }  /* END test loop. */
+    }
+
+    /* Test bad args. */
+    ExpectIntEQ(wc_PKCS7_EncodeEnvelopedData(NULL, output,
+                    (word32)sizeof(output)), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    ExpectIntEQ(wc_PKCS7_EncodeEnvelopedData(pkcs7, NULL,
+                    (word32)sizeof(output)), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    ExpectIntEQ(wc_PKCS7_EncodeEnvelopedData(pkcs7, output, 0), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+
+    /* Decode.  */
+    ExpectIntEQ(wc_PKCS7_DecodeEnvelopedData(NULL, output,
+        (word32)sizeof(output), decoded, (word32)sizeof(decoded)),
+        WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    ExpectIntEQ(wc_PKCS7_DecodeEnvelopedData(pkcs7, output,
+        (word32)sizeof(output), NULL, (word32)sizeof(decoded)), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    ExpectIntEQ(wc_PKCS7_DecodeEnvelopedData(pkcs7, output,
+        (word32)sizeof(output), decoded, 0), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    ExpectIntEQ(wc_PKCS7_DecodeEnvelopedData(pkcs7, NULL,
+        (word32)sizeof(output), decoded, (word32)sizeof(decoded)),
+        WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    ExpectIntEQ(wc_PKCS7_DecodeEnvelopedData(pkcs7, output, 0, decoded,
+        (word32)sizeof(decoded)), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    /* Should get a return of BAD_FUNC_ARG with structure data. Order matters.*/
+#if defined(HAVE_ECC) && !defined(NO_AES) && defined(HAVE_AES_CBC) && \
+    defined(HAVE_AES_KEYWRAP) && defined(HAVE_X963_KDF)
+    /* only a failure for KARI test cases */
+    if (pkcs7 != NULL) {
+        tempWrd32 = pkcs7->singleCertSz;
+        pkcs7->singleCertSz = 0;
+    }
+    #if defined(WOLFSSL_ASN_TEMPLATE)
+    ExpectIntEQ(wc_PKCS7_DecodeEnvelopedData(pkcs7, output,
+        (word32)sizeof(output), decoded, (word32)sizeof(decoded)),
+        WC_NO_ERR_TRACE(BUFFER_E));
+    #else
+    ExpectIntEQ(wc_PKCS7_DecodeEnvelopedData(pkcs7, output,
+        (word32)sizeof(output), decoded, (word32)sizeof(decoded)),
+        WC_NO_ERR_TRACE(ASN_PARSE_E));
+    #endif
+    if (pkcs7 != NULL) {
+        pkcs7->singleCertSz = tempWrd32;
+
+        tmpBytePtr = pkcs7->singleCert;
+        pkcs7->singleCert = NULL;
+    }
+  #ifndef NO_RSA
+    #if defined(NO_PKCS7_STREAM)
+    /* when none streaming mode is used and PKCS7 is in bad state buffer error
+     * is returned from kari parse which gets set to bad func arg */
+    ExpectIntEQ(wc_PKCS7_DecodeEnvelopedData(pkcs7, output,
+        (word32)sizeof(output), decoded, (word32)sizeof(decoded)),
+        WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    #else
+    ExpectIntEQ(wc_PKCS7_DecodeEnvelopedData(pkcs7, output,
+        (word32)sizeof(output), decoded, (word32)sizeof(decoded)),
+        WC_NO_ERR_TRACE(ASN_PARSE_E));
+    #endif
+  #endif /* !NO_RSA */
+    if (pkcs7 != NULL) {
+        pkcs7->singleCert = tmpBytePtr;
+    }
+#endif
+#ifdef HAVE_AES_KEYWRAP
+    if (pkcs7 != NULL) {
+        tempWrd32 = pkcs7->privateKeySz;
+        pkcs7->privateKeySz = 0;
+    }
+    ExpectIntEQ(wc_PKCS7_DecodeEnvelopedData(pkcs7, output,
+        (word32)sizeof(output), decoded, (word32)sizeof(decoded)),
+        WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    if (pkcs7 != NULL) {
+        pkcs7->privateKeySz = tempWrd32;
+
+        tmpBytePtr = pkcs7->privateKey;
+        pkcs7->privateKey = NULL;
+    }
+    ExpectIntEQ(wc_PKCS7_DecodeEnvelopedData(pkcs7, output,
+        (word32)sizeof(output), decoded, (word32)sizeof(decoded)),
+        WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    if (pkcs7 != NULL) {
+        pkcs7->privateKey = tmpBytePtr;
+    }
+#endif
+
+    wc_PKCS7_Free(pkcs7);
+    pkcs7 = NULL;
+
+#if !defined(NO_AES) && defined(HAVE_AES_CBC) && defined(WOLFSSL_AES_256) && \
+    defined(HAVE_AES_KEYWRAP)
+    /* test of decrypt callback with KEKRI enveloped data */
+    {
+        int envelopedSz = 0;
+        const byte keyId[] = { 0x00 };
+
+        ExpectNotNull(pkcs7 = wc_PKCS7_New(HEAP_HINT, testDevId));
+        if (pkcs7 != NULL) {
+            pkcs7->content      = (byte*)input;
+            pkcs7->contentSz    = (word32)(sizeof(input)/sizeof(char));
+            pkcs7->contentOID   = DATA;
+            pkcs7->encryptOID   = AES256CBCb;
+        }
+        ExpectIntGT(wc_PKCS7_AddRecipient_KEKRI(pkcs7, AES256_WRAP,
+                    (byte*)defKey, sizeof(defKey), (byte*)keyId,
+                    sizeof(keyId), NULL, NULL, 0, NULL, 0, 0), 0);
+        ExpectIntEQ(wc_PKCS7_SetSignerIdentifierType(pkcs7, CMS_SKID), 0);
+        ExpectIntGT((envelopedSz = wc_PKCS7_EncodeEnvelopedData(pkcs7, output,
+                        (word32)sizeof(output))), 0);
+        wc_PKCS7_Free(pkcs7);
+        pkcs7 = NULL;
+
+        /* decode envelopedData */
+        ExpectNotNull(pkcs7 = wc_PKCS7_New(HEAP_HINT, testDevId));
+        ExpectIntEQ(wc_PKCS7_SetWrapCEKCb(pkcs7, myCEKwrapFunc), 0);
+        ExpectIntEQ(wc_PKCS7_SetDecodeEncryptedCb(pkcs7, myDecryptionFunc), 0);
+        ExpectIntGT((decodedSz = wc_PKCS7_DecodeEnvelopedData(pkcs7, output,
+                        (word32)envelopedSz, decoded, sizeof(decoded))), 0);
+        wc_PKCS7_Free(pkcs7);
+        pkcs7 = NULL;
+    }
+#endif /* !NO_AES && HAVE_AES_CBC && WOLFSSL_AES_256 && HAVE_AES_KEYWRAP */
+
+#ifndef NO_RSA
+    XFREE(rsaCert, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
+    XFREE(rsaPrivKey, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
+#endif /* NO_RSA */
+#if defined(HAVE_ECC) && defined(HAVE_X963_KDF)
+    XFREE(eccCert, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
+    XFREE(eccPrivKey, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
+#endif /* HAVE_ECC */
+
+#ifdef ECC_TIMING_RESISTANT
+    DoExpectIntEQ(wc_FreeRng(&rng), 0);
+#endif
+
+#if defined(USE_CERT_BUFFERS_2048) && !defined(NO_DES3) && \
+    !defined(NO_RSA) && !defined(NO_SHA)
+    {
+        byte   out[7];
+        byte   *cms = NULL;
+        word32 cmsSz;
+        XFILE  cmsFile = XBADFILE;
+
+        XMEMSET(out, 0, sizeof(out));
+        ExpectNotNull(pkcs7 = wc_PKCS7_New(HEAP_HINT, testDevId));
+        ExpectTrue((cmsFile = XFOPEN("./certs/test/ktri-keyid-cms.msg", "rb"))
+            != XBADFILE);
+        cmsSz = (word32)FOURK_BUF;
+        ExpectNotNull(cms = (byte*)XMALLOC(FOURK_BUF, HEAP_HINT,
+            DYNAMIC_TYPE_TMP_BUFFER));
+        ExpectTrue((cmsSz = (word32)XFREAD(cms, 1, cmsSz, cmsFile)) > 0);
+        if (cmsFile != XBADFILE)
+            XFCLOSE(cmsFile);
+
+        ExpectIntEQ(wc_PKCS7_InitWithCert(pkcs7, (byte*)client_cert_der_2048,
+            sizeof_client_cert_der_2048), 0);
+        if (pkcs7 != NULL) {
+            pkcs7->privateKey   = (byte*)client_key_der_2048;
+            pkcs7->privateKeySz = sizeof_client_key_der_2048;
+        }
+        ExpectIntLT(wc_PKCS7_DecodeEnvelopedData(pkcs7, cms, cmsSz, out,
+            2), 0);
+        ExpectIntGT(wc_PKCS7_DecodeEnvelopedData(pkcs7, cms, cmsSz, out,
+            sizeof(out)), 0);
+        XFREE(cms, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
+        ExpectIntEQ(XMEMCMP(out, "test", 4), 0);
+        wc_PKCS7_Free(pkcs7);
+        pkcs7 = NULL;
+    }
+#endif /* USE_CERT_BUFFERS_2048 && !NO_DES3 && !NO_RSA && !NO_SHA */
+#endif /* HAVE_PKCS7 */
+    return EXPECT_RESULT();
+} /* END test_wc_PKCS7_EncodeDecodeEnvelopedData() */
+
+
+#if defined(HAVE_PKCS7) && defined(HAVE_ECC) && defined(HAVE_X963_KDF) && \
+    !defined(NO_SHA256) && defined(WOLFSSL_AES_256)
+static int wasAESKeyWrapCbCalled = 0;
+static int wasAESKeyUnwrapCbCalled = 0;
+
+static int testAESKeyWrapUnwrapCb(const byte* key, word32 keySz,
+        const byte* in, word32 inSz, int wrap, byte* out, word32 outSz)
+{
+    (void)key;
+    (void)keySz;
+    (void)wrap;
+    if (wrap)
+        wasAESKeyWrapCbCalled = 1;
+    else
+        wasAESKeyUnwrapCbCalled = 1;
+    XMEMSET(out, 0xEE, outSz);
+    if (inSz <= outSz) {
+        XMEMCPY(out, in, inSz);
+    }
+    return inSz;
+}
+#endif
+
+
+/*
+ * Test custom AES key wrap/unwrap callback
+ */
+int test_wc_PKCS7_SetAESKeyWrapUnwrapCb(void)
+{
+    EXPECT_DECLS;
+#if defined(HAVE_PKCS7) && defined(HAVE_ECC) && defined(HAVE_X963_KDF) && \
+    !defined(NO_SHA256) && defined(WOLFSSL_AES_256)
+    static const char input[] = "Test input for AES key wrapping";
+    PKCS7 * pkcs7 = NULL;
+    byte * eccCert = NULL;
+    byte * eccPrivKey = NULL;
+    word32 eccCertSz = 0;
+    word32 eccPrivKeySz = 0;
+    byte output[ONEK_BUF];
+    byte decoded[sizeof(input)/sizeof(char)];
+    int decodedSz = 0;
+#ifdef ECC_TIMING_RESISTANT
+    WC_RNG rng;
+#endif
+
+#ifdef ECC_TIMING_RESISTANT
+    XMEMSET(&rng, 0, sizeof(WC_RNG));
+    ExpectIntEQ(wc_InitRng(&rng), 0);
+#endif
+
+/* Load test certs */
+#ifdef USE_CERT_BUFFERS_256
+    ExpectNotNull(eccCert = (byte*)XMALLOC(TWOK_BUF, HEAP_HINT,
+        DYNAMIC_TYPE_TMP_BUFFER));
+    /* Init buffer. */
+    eccCertSz = (word32)sizeof_cliecc_cert_der_256;
+    if (eccCert != NULL) {
+        XMEMCPY(eccCert, cliecc_cert_der_256, eccCertSz);
+    }
+    ExpectNotNull(eccPrivKey = (byte*)XMALLOC(TWOK_BUF, HEAP_HINT,
+        DYNAMIC_TYPE_TMP_BUFFER));
+    eccPrivKeySz = (word32)sizeof_ecc_clikey_der_256;
+    if (eccPrivKey != NULL) {
+        XMEMCPY(eccPrivKey, ecc_clikey_der_256, eccPrivKeySz);
+    }
+#else /* File system. */
+    ExpectTrue((certFile = XFOPEN(eccClientCert, "rb")) != XBADFILE);
+    eccCertSz = (word32)FOURK_BUF;
+    ExpectNotNull(eccCert = (byte*)XMALLOC(FOURK_BUF, HEAP_HINT,
+        DYNAMIC_TYPE_TMP_BUFFER));
+    ExpectTrue((eccCertSz = (word32)XFREAD(eccCert, 1, eccCertSz,
+        certFile)) > 0);
+    if (certFile != XBADFILE) {
+        XFCLOSE(certFile);
+    }
+    ExpectTrue((keyFile = XFOPEN(eccClientKey, "rb")) != XBADFILE);
+    eccPrivKeySz = (word32)FOURK_BUF;
+    ExpectNotNull(eccPrivKey = (byte*)XMALLOC(FOURK_BUF, HEAP_HINT,
+        DYNAMIC_TYPE_TMP_BUFFER));
+    ExpectTrue((eccPrivKeySz = (word32)XFREAD(eccPrivKey, 1, eccPrivKeySz,
+        keyFile)) > 0);
+    if (keyFile != XBADFILE) {
+        XFCLOSE(keyFile);
+    }
+#endif /* USE_CERT_BUFFERS_256 */
+
+    ExpectNotNull(pkcs7 = wc_PKCS7_New(HEAP_HINT, testDevId));
+    ExpectIntEQ(wc_PKCS7_InitWithCert(pkcs7, eccCert, eccCertSz), 0);
+    if (pkcs7 != NULL) {
+        pkcs7->content = (byte*)input;
+        pkcs7->contentSz = sizeof(input);
+        pkcs7->contentOID = DATA;
+        pkcs7->encryptOID = AES256CBCb;
+        pkcs7->keyWrapOID = AES256_WRAP;
+        pkcs7->keyAgreeOID = dhSinglePass_stdDH_sha256kdf_scheme;
+        pkcs7->privateKey = eccPrivKey;
+        pkcs7->privateKeySz = eccPrivKeySz;
+        pkcs7->singleCert = eccCert;
+        pkcs7->singleCertSz = (word32)eccCertSz;
+#ifdef ECC_TIMING_RESISTANT
+        pkcs7->rng = &rng;
+#endif
+    }
+
+    /* Test custom AES key wrap/unwrap callback */
+    ExpectIntEQ(wc_PKCS7_SetAESKeyWrapUnwrapCb(pkcs7, testAESKeyWrapUnwrapCb), 0);
+
+    ExpectIntGE(wc_PKCS7_EncodeEnvelopedData(pkcs7, output,
+        (word32)sizeof(output)), 0);
+
+    decodedSz = wc_PKCS7_DecodeEnvelopedData(pkcs7, output,
+        (word32)sizeof(output), decoded, (word32)sizeof(decoded));
+    ExpectIntGE(decodedSz, 0);
+    /* Verify the size of each buffer. */
+    ExpectIntEQ((word32)sizeof(input)/sizeof(char), decodedSz);
+
+    ExpectIntEQ(wasAESKeyWrapCbCalled, 1);
+    ExpectIntEQ(wasAESKeyUnwrapCbCalled, 1);
+
+    wc_PKCS7_Free(pkcs7);
+    pkcs7 = NULL;
+    XFREE(eccCert, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
+    XFREE(eccPrivKey, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
+#ifdef ECC_TIMING_RESISTANT
+    DoExpectIntEQ(wc_FreeRng(&rng), 0);
+#endif
+#endif
+    return EXPECT_RESULT();
+}
+
+/*
+ * Testing wc_PKCS7_GetEnvelopedDataKariRid().
+ */
+int test_wc_PKCS7_GetEnvelopedDataKariRid(void)
+{
+    EXPECT_DECLS;
+#if defined(HAVE_PKCS7)
+#if defined(HAVE_ECC) && defined(HAVE_X963_KDF) && (!defined(NO_AES) || \
+        !defined(NO_SHA) || !defined(NO_SHA256) || defined(WOLFSSL_SHA512))
+    /* The kari-keyid-cms.msg generated by openssl has a 68 byte RID structure.
+     * Reserve a bit more than that in case it might grow. */
+    byte rid[256];
+    byte cms[1024];
+    XFILE cmsFile = XBADFILE;
+    int ret;
+    word32 ridSz = sizeof(rid);
+    XFILE skiHexFile = XBADFILE;
+    byte skiHex[256];
+    word32 cmsSz = 0;
+    word32 skiHexSz = 0;
+    size_t i = 0;
+    const word32 ridKeyIdentifierOffset = 4;
+
+    ExpectTrue((cmsFile = XFOPEN("./certs/test/kari-keyid-cms.msg", "rb"))
+            != XBADFILE);
+    ExpectTrue((cmsSz = (word32)XFREAD(cms, 1, sizeof(cms), cmsFile)) > 0);
+    if (cmsFile != XBADFILE)
+        XFCLOSE(cmsFile);
+
+    ExpectTrue((skiHexFile = XFOPEN("./certs/test/client-ecc-cert-ski.hex",
+                    "rb")) != XBADFILE);
+    ExpectTrue((skiHexSz = (word32)XFREAD(skiHex, 1, sizeof(skiHex),
+                    skiHexFile)) > 0);
+    if (skiHexFile != XBADFILE)
+        XFCLOSE(skiHexFile);
+
+    if (EXPECT_SUCCESS()) {
+        ret = wc_PKCS7_GetEnvelopedDataKariRid(cms, cmsSz, rid, &ridSz);
+    }
+    ExpectIntEQ(ret, 0);
+    ExpectIntLT(ridSz, sizeof(rid));
+    ExpectIntGT(ridSz, ridKeyIdentifierOffset);
+    /* The Subject Key Identifier hex file should have 2 hex characters for each
+     * byte of the key identifier in the returned recipient ID (rid), plus a
+     * terminating new line character. */
+    ExpectIntGE(skiHexSz, ((ridSz - ridKeyIdentifierOffset) * 2) + 1);
+    if (EXPECT_SUCCESS()) {
+        for (i = 0; i < (ridSz - ridKeyIdentifierOffset); i++)
+        {
+            size_t j;
+            byte ridKeyIdByte = rid[ridKeyIdentifierOffset + i];
+            byte skiByte = 0;
+            for (j = 0; j <= 1; j++)
+            {
+                byte hexChar = skiHex[i * 2 + j];
+                skiByte = skiByte << 4;
+                if ('0' <= hexChar && hexChar <= '9')
+                    skiByte |= (hexChar - '0');
+                else if ('A' <= hexChar && hexChar <= 'F')
+                    skiByte |= (hexChar - 'A' + 10);
+                else
+                    ExpectTrue(0);
+            }
+            ExpectIntEQ(ridKeyIdByte, skiByte);
+        }
+    }
+#endif
+#endif /* HAVE_PKCS7 */
+    return EXPECT_RESULT();
+} /* END test_wc_PKCS7_GetEnvelopedDataKariRid() */
+
+
+/*
+ * Testing wc_PKCS7_EncodeEncryptedData()
+ */
+int test_wc_PKCS7_EncodeEncryptedData(void)
+{
+    EXPECT_DECLS;
+#if defined(HAVE_PKCS7) && !defined(NO_PKCS7_ENCRYPTED_DATA)
+    PKCS7*      pkcs7 = NULL;
+    byte*       tmpBytePtr = NULL;
+    byte        encrypted[TWOK_BUF];
+    byte        decoded[TWOK_BUF];
+    word32      tmpWrd32 = 0;
+    int         tmpInt = 0;
+    int         decodedSz = 0;
+    int         encryptedSz = 0;
+    int         testSz = 0;
+    int         i = 0;
+    const byte data[] = { /* Hello World */
+        0x48,0x65,0x6c,0x6c,0x6f,0x20,0x57,0x6f,
+        0x72,0x6c,0x64
+    };
+    #ifndef NO_DES3
+        byte desKey[] = {
+            0x01,0x23,0x45,0x67,0x89,0xab,0xcd,0xef
+        };
+        byte des3Key[] = {
+            0x01,0x23,0x45,0x67,0x89,0xab,0xcd,0xef,
+            0xfe,0xde,0xba,0x98,0x76,0x54,0x32,0x10,
+            0x89,0xab,0xcd,0xef,0x01,0x23,0x45,0x67
+        };
+    #endif
+    #if !defined(NO_AES) && defined(HAVE_AES_CBC)
+        #ifdef WOLFSSL_AES_128
+        byte aes128Key[] = {
+            0x01,0x02,0x03,0x04,0x05,0x06,0x07,0x08,
+            0x01,0x02,0x03,0x04,0x05,0x06,0x07,0x08
+        };
+        #endif
+        #ifdef WOLFSSL_AES_192
+        byte aes192Key[] = {
+            0x01,0x02,0x03,0x04,0x05,0x06,0x07,0x08,
+            0x01,0x02,0x03,0x04,0x05,0x06,0x07,0x08,
+            0x01,0x02,0x03,0x04,0x05,0x06,0x07,0x08
+        };
+        #endif
+        #ifdef WOLFSSL_AES_256
+        byte aes256Key[] = {
+            0x01,0x02,0x03,0x04,0x05,0x06,0x07,0x08,
+            0x01,0x02,0x03,0x04,0x05,0x06,0x07,0x08,
+            0x01,0x02,0x03,0x04,0x05,0x06,0x07,0x08,
+            0x01,0x02,0x03,0x04,0x05,0x06,0x07,0x08
+        };
+        #endif
+    #endif /* !NO_AES && HAVE_AES_CBC */
+    const pkcs7EncryptedVector testVectors[] =
+    {
+    #ifndef NO_DES3
+        {data, (word32)sizeof(data), DATA, DES3b, des3Key, sizeof(des3Key)},
+
+        {data, (word32)sizeof(data), DATA, DESb, desKey, sizeof(desKey)},
+    #endif /* !NO_DES3 */
+    #if !defined(NO_AES) && defined(HAVE_AES_CBC)
+        #ifdef WOLFSSL_AES_128
+        {data, (word32)sizeof(data), DATA, AES128CBCb, aes128Key,
+         sizeof(aes128Key)},
+        #endif
+
+        #ifdef WOLFSSL_AES_192
+        {data, (word32)sizeof(data), DATA, AES192CBCb, aes192Key,
+         sizeof(aes192Key)},
+        #endif
+
+        #ifdef WOLFSSL_AES_256
+        {data, (word32)sizeof(data), DATA, AES256CBCb, aes256Key,
+         sizeof(aes256Key)},
+        #endif
+
+    #endif /* !NO_AES && HAVE_AES_CBC */
+    };
+
+    testSz = sizeof(testVectors) / sizeof(pkcs7EncryptedVector);
+
+    for (i = 0; i < testSz; i++) {
+        ExpectNotNull(pkcs7 = wc_PKCS7_New(HEAP_HINT, testDevId));
+        ExpectIntEQ(wc_PKCS7_Init(pkcs7, HEAP_HINT, testDevId), 0);
+        if (pkcs7 != NULL) {
+            pkcs7->content              = (byte*)testVectors[i].content;
+            pkcs7->contentSz            = testVectors[i].contentSz;
+            pkcs7->contentOID           = testVectors[i].contentOID;
+            pkcs7->encryptOID           = testVectors[i].encryptOID;
+            pkcs7->encryptionKey        = testVectors[i].encryptionKey;
+            pkcs7->encryptionKeySz      = testVectors[i].encryptionKeySz;
+            pkcs7->heap                 = HEAP_HINT;
+        }
+
+        /* encode encryptedData */
+        ExpectIntGT(encryptedSz = wc_PKCS7_EncodeEncryptedData(pkcs7, encrypted,
+            sizeof(encrypted)), 0);
+
+        /* Decode encryptedData */
+        ExpectIntGT(decodedSz = wc_PKCS7_DecodeEncryptedData(pkcs7, encrypted,
+            (word32)encryptedSz, decoded, sizeof(decoded)), 0);
+
+        ExpectIntEQ(XMEMCMP(decoded, data, decodedSz), 0);
+        /* Keep values for last itr. */
+        if (i < testSz - 1) {
+            wc_PKCS7_Free(pkcs7);
+            pkcs7 = NULL;
+        }
+    }
+    if (pkcs7 == NULL || testSz == 0) {
+        ExpectNotNull(pkcs7 = wc_PKCS7_New(HEAP_HINT, testDevId));
+        ExpectIntEQ(wc_PKCS7_Init(pkcs7, HEAP_HINT, testDevId), 0);
+    }
+
+    ExpectIntEQ(wc_PKCS7_EncodeEncryptedData(NULL, encrypted,
+        sizeof(encrypted)),WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    ExpectIntEQ(wc_PKCS7_EncodeEncryptedData(pkcs7, NULL,
+        sizeof(encrypted)), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    ExpectIntEQ(wc_PKCS7_EncodeEncryptedData(pkcs7, encrypted,
+        0), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    /* Testing the struct. */
+    if (pkcs7 != NULL) {
+        tmpBytePtr = pkcs7->content;
+        pkcs7->content = NULL;
+    }
+    ExpectIntEQ(wc_PKCS7_EncodeEncryptedData(pkcs7, encrypted,
+        sizeof(encrypted)), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    if (pkcs7 != NULL) {
+        pkcs7->content = tmpBytePtr;
+        tmpWrd32 = pkcs7->contentSz;
+        pkcs7->contentSz = 0;
+    }
+    ExpectIntEQ(wc_PKCS7_EncodeEncryptedData(pkcs7, encrypted,
+        sizeof(encrypted)), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    if (pkcs7 != NULL) {
+        pkcs7->contentSz = tmpWrd32;
+        tmpInt = pkcs7->encryptOID;
+        pkcs7->encryptOID = 0;
+    }
+    ExpectIntEQ(wc_PKCS7_EncodeEncryptedData(pkcs7, encrypted,
+        sizeof(encrypted)), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    if (pkcs7 != NULL) {
+        pkcs7->encryptOID = tmpInt;
+        tmpBytePtr = pkcs7->encryptionKey;
+        pkcs7->encryptionKey = NULL;
+    }
+    ExpectIntEQ(wc_PKCS7_EncodeEncryptedData(pkcs7, encrypted,
+        sizeof(encrypted)), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    if (pkcs7 != NULL) {
+        pkcs7->encryptionKey = tmpBytePtr;
+        tmpWrd32 = pkcs7->encryptionKeySz;
+        pkcs7->encryptionKeySz = 0;
+    }
+    ExpectIntEQ(wc_PKCS7_EncodeEncryptedData(pkcs7, encrypted,
+        sizeof(encrypted)), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    if (pkcs7 != NULL) {
+        pkcs7->encryptionKeySz = tmpWrd32;
+    }
+
+    ExpectIntEQ(wc_PKCS7_DecodeEncryptedData(NULL, encrypted, (word32)encryptedSz,
+        decoded, sizeof(decoded)), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    ExpectIntEQ(wc_PKCS7_DecodeEncryptedData(pkcs7, NULL, (word32)encryptedSz,
+        decoded, sizeof(decoded)), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    ExpectIntEQ(wc_PKCS7_DecodeEncryptedData(pkcs7, encrypted, 0,
+        decoded, sizeof(decoded)), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    ExpectIntEQ(wc_PKCS7_DecodeEncryptedData(pkcs7, encrypted, (word32)encryptedSz,
+        NULL, sizeof(decoded)), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    ExpectIntEQ(wc_PKCS7_DecodeEncryptedData(pkcs7, encrypted, (word32)encryptedSz,
+        decoded, 0), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    /* Test struct fields */
+
+    if (pkcs7 != NULL) {
+        tmpBytePtr = pkcs7->encryptionKey;
+        pkcs7->encryptionKey = NULL;
+    }
+    ExpectIntEQ(wc_PKCS7_DecodeEncryptedData(pkcs7, encrypted, (word32)encryptedSz,
+        decoded, sizeof(decoded)), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    if (pkcs7 != NULL) {
+        pkcs7->encryptionKey = tmpBytePtr;
+        pkcs7->encryptionKeySz = 0;
+    }
+    ExpectIntEQ(wc_PKCS7_DecodeEncryptedData(pkcs7, encrypted, (word32)encryptedSz,
+        decoded, sizeof(decoded)), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+
+    wc_PKCS7_Free(pkcs7);
+#endif
+    return EXPECT_RESULT();
+} /* END test_wc_PKCS7_EncodeEncryptedData() */
+
+
+#if defined(HAVE_PKCS7) && defined(USE_CERT_BUFFERS_2048) && !defined(NO_DES3) && !defined(NO_RSA) && !defined(NO_SHA)
+static void build_test_EncryptedKeyPackage(byte * out, word32 * out_size, byte * in_data, word32 in_size, size_t in_content_type, size_t test_vector)
+{
+    /* EncryptedKeyPackage ContentType TLV DER */
+    static const byte ekp_oid_tlv[] = {0x06U, 10U,
+        0X60U, 0X86U, 0X48U, 0X01U, 0X65U, 0X02U, 0X01U, 0X02U, 0X4EU, 0X02U};
+    if (in_content_type == ENCRYPTED_DATA) {
+        /* EncryptedData subtype */
+        size_t ekp_content_der_size = 2U + in_size;
+        size_t ekp_content_info_size = sizeof(ekp_oid_tlv) + ekp_content_der_size;
+        /* EncryptedKeyPackage ContentType */
+        out[0] = 0x30U;
+        out[1] = ekp_content_info_size & 0x7FU;
+        /* EncryptedKeyPackage ContentInfo */
+        XMEMCPY(&out[2], ekp_oid_tlv, sizeof(ekp_oid_tlv));
+        /* EncryptedKeyPackage content [0] */
+        out[14] = 0xA0U;
+        out[15] = in_size & 0x7FU;
+        XMEMCPY(&out[16], in_data, in_size);
+        *out_size = 16U + in_size;
+        switch (test_vector)
+        {
+        case 1: out[0] = 0x20U; break;
+        case 2: out[2] = 0x01U; break;
+        case 3: out[7] = 0x42U; break;
+        case 4: out[14] = 0xA2U; break;
+        }
+    }
+    else if (in_content_type == ENVELOPED_DATA) {
+        /* EnvelopedData subtype */
+        size_t ekp_choice_der_size = 4U + in_size;
+        size_t ekp_content_der_size = 4U + ekp_choice_der_size;
+        size_t ekp_content_info_size = sizeof(ekp_oid_tlv) + ekp_content_der_size;
+        /* EncryptedKeyPackage ContentType */
+        out[0] = 0x30U;
+        out[1] = 0x82U;
+        out[2] = ekp_content_info_size >> 8U;
+        out[3] = ekp_content_info_size & 0xFFU;
+        /* EncryptedKeyPackage ContentInfo */
+        XMEMCPY(&out[4], ekp_oid_tlv, sizeof(ekp_oid_tlv));
+        /* EncryptedKeyPackage content [0] */
+        out[16] = 0xA0U;
+        out[17] = 0x82U;
+        out[18] = ekp_choice_der_size >> 8U;
+        out[19] = ekp_choice_der_size & 0xFFU;
+        /* EncryptedKeyPackage CHOICE [0] EnvelopedData */
+        out[20] = 0xA0U;
+        out[21] = 0x82U;
+        out[22] = in_size >> 8U;
+        out[23] = in_size & 0xFFU;
+        XMEMCPY(&out[24], in_data, in_size);
+        *out_size = 24U + in_size;
+        switch (test_vector)
+        {
+        case 1: out[0] = 0x20U; break;
+        case 2: out[4] = 0x01U; break;
+        case 3: out[9] = 0x42U; break;
+        case 4: out[16] = 0xA2U; break;
+        }
+    }
+}
+#endif /* HAVE_PKCS7 && USE_CERT_BUFFERS_2048 && !NO_DES3 && !NO_RSA && !NO_SHA */
+
+/*
+ * Test wc_PKCS7_DecodeEncryptedKeyPackage().
+ */
+int test_wc_PKCS7_DecodeEncryptedKeyPackage(void)
+{
+    EXPECT_DECLS;
+#if defined(HAVE_PKCS7) && defined(USE_CERT_BUFFERS_2048) && !defined(NO_DES3) && !defined(NO_RSA) && !defined(NO_SHA)
+    static const struct {
+        const char * msg_file_name;
+        word32 msg_content_type;
+    } test_messages[] = {
+        {"./certs/test/ktri-keyid-cms.msg", ENVELOPED_DATA},
+        {"./certs/test/encrypteddata.msg", ENCRYPTED_DATA},
+    };
+    static const int test_vectors[] = {
+        0,
+        WC_NO_ERR_TRACE(ASN_PARSE_E),
+        WC_NO_ERR_TRACE(ASN_PARSE_E),
+        WC_NO_ERR_TRACE(PKCS7_OID_E),
+        WC_NO_ERR_TRACE(ASN_PARSE_E),
+    };
+    static const byte key[] = {
+        0x01U, 0x23U, 0x45U, 0x67U, 0x89U, 0xABU, 0xCDU, 0xEFU,
+        0x00U, 0x11U, 0x22U, 0x33U, 0x44U, 0x55U, 0x66U, 0x77U,
+    };
+    size_t test_msg = 0U;
+    size_t test_vector = 0U;
+
+    for (test_msg = 0U; test_msg < (sizeof(test_messages)/sizeof(test_messages[0])); test_msg++)
+    {
+        for (test_vector = 0U; test_vector < (sizeof(test_vectors)/sizeof(test_vectors[0])); test_vector++)
+        {
+            byte * ekp_cms_der = NULL;
+            word32 ekp_cms_der_size = 0U;
+            byte * inner_cms_der = NULL;
+            word32 inner_cms_der_size = (word32)FOURK_BUF;
+            XFILE inner_cms_file = XBADFILE;
+            PKCS7 * pkcs7 = NULL;
+            byte out[15] = {0};
+            int result = 0;
+
+            ExpectNotNull(ekp_cms_der = (byte *)XMALLOC(FOURK_BUF, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER));
+            /* Check for possible previous test failure. */
+            if (ekp_cms_der == NULL) {
+                break;
+            }
+
+            ExpectNotNull(inner_cms_der = (byte *)XMALLOC(FOURK_BUF, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER));
+            ExpectTrue((inner_cms_file = XFOPEN(test_messages[test_msg].msg_file_name, "rb")) != XBADFILE);
+            ExpectTrue((inner_cms_der_size = (word32)XFREAD(inner_cms_der, 1, inner_cms_der_size, inner_cms_file)) > 0);
+            if (inner_cms_file != XBADFILE) {
+                XFCLOSE(inner_cms_file);
+            }
+            if (test_messages[test_msg].msg_content_type == ENVELOPED_DATA) {
+                /* Verify that the build_test_EncryptedKeyPackage can format as expected. */
+                ExpectIntGT(inner_cms_der_size, 127);
+            }
+            if (test_messages[test_msg].msg_content_type == ENCRYPTED_DATA) {
+                /* Verify that the build_test_EncryptedKeyPackage can format as expected. */
+                ExpectIntLT(inner_cms_der_size, 124);
+            }
+            build_test_EncryptedKeyPackage(ekp_cms_der, &ekp_cms_der_size, inner_cms_der, inner_cms_der_size, test_messages[test_msg].msg_content_type, test_vector);
+            XFREE(inner_cms_der, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
+
+            ExpectNotNull(pkcs7 = wc_PKCS7_New(HEAP_HINT, testDevId));
+            ExpectIntEQ(wc_PKCS7_InitWithCert(pkcs7, (byte *)client_cert_der_2048, sizeof_client_cert_der_2048), 0);
+            if (pkcs7 != NULL) {
+                if (test_messages[test_msg].msg_content_type == ENVELOPED_DATA) {
+                    /* To test EnvelopedData, set private key. */
+                    pkcs7->privateKey = (byte *)client_key_der_2048;
+                    pkcs7->privateKeySz = sizeof_client_key_der_2048;
+                }
+                if (test_messages[test_msg].msg_content_type == ENCRYPTED_DATA) {
+                    /* To test EncryptedData, set symmetric encryption key. */
+                    pkcs7->encryptionKey = (byte *)key;
+                    pkcs7->encryptionKeySz = sizeof(key);
+                }
+            }
+            ExpectIntEQ(wc_PKCS7_DecodeEncryptedKeyPackage(pkcs7, NULL, ekp_cms_der_size, out, sizeof(out)), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+            result = wc_PKCS7_DecodeEncryptedKeyPackage(pkcs7, ekp_cms_der, ekp_cms_der_size, out, sizeof(out));
+            if (result == WC_NO_ERR_TRACE(WC_PKCS7_WANT_READ_E)) {
+                result = wc_PKCS7_DecodeEncryptedKeyPackage(pkcs7, ekp_cms_der, ekp_cms_der_size, out, sizeof(out));
+            }
+            if (test_vectors[test_vector] == 0U) {
+                if (test_messages[test_msg].msg_content_type == ENVELOPED_DATA) {
+                    ExpectIntGT(result, 0);
+                    ExpectIntEQ(XMEMCMP(out, "test", 4), 0);
+                }
+                if (test_messages[test_msg].msg_content_type == ENCRYPTED_DATA) {
+#ifndef NO_PKCS7_ENCRYPTED_DATA
+                    ExpectIntGT(result, 0);
+                    ExpectIntEQ(XMEMCMP(out, "testencrypt", 11), 0);
+#else
+                    ExpectIntEQ(result, WC_NO_ERR_TRACE(ASN_PARSE_E));
+#endif
+                }
+            }
+            else {
+                ExpectIntEQ(result, test_vectors[test_vector]);
+            }
+            XFREE(ekp_cms_der, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
+            wc_PKCS7_Free(pkcs7);
+        }
+    }
+#endif /* HAVE_PKCS7 && USE_CERT_BUFFERS_2048 && !NO_DES3 && !NO_RSA && !NO_SHA */
+    return EXPECT_RESULT();
+} /* END test_wc_PKCS7_DecodeEncryptedKeyPackage() */
+
+
+/*
+ * Test wc_PKCS7_DecodeSymmetricKeyPackage().
+ */
+int test_wc_PKCS7_DecodeSymmetricKeyPackage(void)
+{
+    EXPECT_DECLS;
+#if defined(HAVE_PKCS7)
+    const byte * item;
+    word32 itemSz;
+    int ret;
+
+    {
+        const byte one_key[] = {
+            0x30, 0x08,             /* SymmetricKeyPackage SEQUENCE header  */
+              0x02, 0x01, 0x01,     /* version v1 */
+              0x30, 0x03,           /* sKeys SEQUENCE OF */
+                0x02, 0x01, 0x01,   /* INTEGER standin for OneSymmetricKey */
+        };
+        /* NULL input data pointer */
+        ret = wc_PKCS7_DecodeSymmetricKeyPackageKey(
+                NULL, sizeof(one_key), 0, &item, &itemSz);
+        ExpectIntEQ(ret, WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+
+        /* NULL output item pointer */
+        ret = wc_PKCS7_DecodeSymmetricKeyPackageKey(
+                one_key, sizeof(one_key), 0, NULL, &itemSz);
+        ExpectIntEQ(ret, WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+
+        /* NULL output size pointer */
+        ret = wc_PKCS7_DecodeSymmetricKeyPackageKey(
+                one_key, sizeof(one_key), 0, &item, NULL);
+        ExpectIntEQ(ret, WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+
+        /* Valid key index 0 extraction */
+        ret = wc_PKCS7_DecodeSymmetricKeyPackageKey(
+                one_key, sizeof(one_key), 0, &item, &itemSz);
+        ExpectIntEQ(ret, 0);
+        ExpectPtrEq(item, &one_key[7]);
+        ExpectIntEQ(itemSz, 3);
+
+        /* Key index 1 out of range */
+        ret = wc_PKCS7_DecodeSymmetricKeyPackageKey(
+                one_key, sizeof(one_key), 1, &item, &itemSz);
+        ExpectIntEQ(ret, WC_NO_ERR_TRACE(BAD_INDEX_E));
+
+        /* Attribute index 0 out of range */
+        ret = wc_PKCS7_DecodeSymmetricKeyPackageAttribute(
+                one_key, sizeof(one_key), 0, &item, &itemSz);
+        ExpectIntEQ(ret, WC_NO_ERR_TRACE(BAD_INDEX_E));
+
+        /* Attribute index 1 out of range */
+        ret = wc_PKCS7_DecodeSymmetricKeyPackageAttribute(
+                one_key, sizeof(one_key), 1, &item, &itemSz);
+        ExpectIntEQ(ret, WC_NO_ERR_TRACE(BAD_INDEX_E));
+    }
+
+    /* Invalid SKP SEQUENCE header. */
+    {
+        const byte bad_seq_header[] = {
+            0x02, 0x01, 0x42, /* Invalid SymmetricKeyPackage SEQUENCE header */
+        };
+        ret = wc_PKCS7_DecodeSymmetricKeyPackageKey(
+                bad_seq_header, sizeof(bad_seq_header), 0, &item, &itemSz);
+        ExpectIntEQ(ret, WC_NO_ERR_TRACE(ASN_PARSE_E));
+    }
+
+    /* Missing version object */
+    {
+        const byte missing_version[] = {
+            0x30, 0x05, /* SymmetricKeyPackage SEQUENCE header */
+              0x30, 0x03, /* sKeys SEQUENCE OF */
+                0x02, 0x01, 0x01, /* INTEGER standin for OneSymmetricKey */
+        };
+        ret = wc_PKCS7_DecodeSymmetricKeyPackageKey(
+                missing_version, sizeof(missing_version), 0, &item, &itemSz);
+        ExpectIntEQ(ret, WC_NO_ERR_TRACE(ASN_PARSE_E));
+    }
+
+    /* Invalid version number */
+    {
+        const byte bad_version[] = {
+            0x30, 0x08, /* SymmetricKeyPackage SEQUENCE header */
+              0x02, 0x01, 0x00, /* version 0 (invalid) */
+              0x30, 0x03, /* sKeys SEQUENCE OF */
+                0x02, 0x01, 0x01, /* INTEGER standin for OneSymmetricKey */
+        };
+        ret = wc_PKCS7_DecodeSymmetricKeyPackageKey(
+                bad_version, sizeof(bad_version), 0, &item, &itemSz);
+        ExpectIntEQ(ret, WC_NO_ERR_TRACE(ASN_PARSE_E));
+    }
+
+    {
+        const byte key3_attr2[] = {
+            0x30, 0x18, /* SymmetricKeyPackage SEQUENCE header */
+              0x02, 0x01, 0x01, /* version v1 */
+              0xA0, 0x08, /* sKeyPkgAttrs EXPLICIT [0] header */
+                0x30, 0x06, /* sKeyPkgAttrs SEQUENCE OF header */
+                  0x02, 0x01, 0x40, /* INTEGER standin for Attribute 0 */
+                  0x02, 0x01, 0x41, /* INTEGER standin for Attribute 1 */
+              0x30, 0x09, /* sKeys SEQUENCE OF header */
+                0x02, 0x01, 0x0A, /* INTEGER standin for OneSymmetricKey 0 */
+                0x02, 0x01, 0x0B, /* INTEGER standin for OneSymmetricKey 1 */
+                0x02, 0x01, 0x0C, /* INTEGER standin for OneSymmetricKey 2 */
+        };
+
+        /* Valid attribute index 0 extraction */
+        ret = wc_PKCS7_DecodeSymmetricKeyPackageAttribute(
+                key3_attr2, sizeof(key3_attr2), 0, &item, &itemSz);
+        ExpectIntEQ(ret, 0);
+        ExpectPtrEq(item, &key3_attr2[9]);
+        ExpectIntEQ(itemSz, 3);
+
+        /* Valid attribute index 1 extraction */
+        ret = wc_PKCS7_DecodeSymmetricKeyPackageAttribute(
+                key3_attr2, sizeof(key3_attr2), 1, &item, &itemSz);
+        ExpectIntEQ(ret, 0);
+        ExpectPtrEq(item, &key3_attr2[12]);
+        ExpectIntEQ(itemSz, 3);
+
+        /* Attribute index 2 out of range */
+        ret = wc_PKCS7_DecodeSymmetricKeyPackageAttribute(
+                key3_attr2, sizeof(key3_attr2), 2, &item, &itemSz);
+        ExpectIntEQ(ret, WC_NO_ERR_TRACE(BAD_INDEX_E));
+
+        /* Valid key index 0 extraction */
+        ret = wc_PKCS7_DecodeSymmetricKeyPackageKey(
+                key3_attr2, sizeof(key3_attr2), 0, &item, &itemSz);
+        ExpectIntEQ(ret, 0);
+        ExpectPtrEq(item, &key3_attr2[17]);
+        ExpectIntEQ(itemSz, 3);
+
+        /* Valid key index 1 extraction */
+        ret = wc_PKCS7_DecodeSymmetricKeyPackageKey(
+                key3_attr2, sizeof(key3_attr2), 1, &item, &itemSz);
+        ExpectIntEQ(ret, 0);
+        ExpectPtrEq(item, &key3_attr2[20]);
+        ExpectIntEQ(itemSz, 3);
+
+        /* Valid key index 2 extraction */
+        ret = wc_PKCS7_DecodeSymmetricKeyPackageKey(
+                key3_attr2, sizeof(key3_attr2), 2, &item, &itemSz);
+        ExpectIntEQ(ret, 0);
+        ExpectPtrEq(item, &key3_attr2[23]);
+        ExpectIntEQ(itemSz, 3);
+
+        /* Key index 3 out of range */
+        ret = wc_PKCS7_DecodeSymmetricKeyPackageKey(
+                key3_attr2, sizeof(key3_attr2), 3, &item, &itemSz);
+        ExpectIntEQ(ret, WC_NO_ERR_TRACE(BAD_INDEX_E));
+    }
+#endif
+    return EXPECT_RESULT();
+} /* END test_wc_PKCS7_DecodeSymmetricKeyPackage() */
+
+
+/*
+ * Test wc_PKCS7_DecodeOneSymmetricKey().
+ */
+int test_wc_PKCS7_DecodeOneSymmetricKey(void)
+{
+    EXPECT_DECLS;
+#if defined(HAVE_PKCS7)
+    const byte * item;
+    word32 itemSz;
+    int ret;
+
+    {
+        const byte key1_attr2[] = {
+            0x30, 0x0E, /* OneSymmetricKey SEQUENCE header */
+              0x30, 0x06, /* sKeyAttrs SEQUENCE OF header */
+                0x02, 0x01, 0x0A, /* INTEGER standin for Attribute 0 */
+                0x02, 0x01, 0x0B, /* INTEGER standin for Attribute 1 */
+              0x04, 0x04, 0xAA, 0xBB, 0xCC, 0xDD /* sKey OCTET STRING */
+        };
+
+        /* NULL input data pointer */
+        ret = wc_PKCS7_DecodeOneSymmetricKeyAttribute(
+                NULL, sizeof(key1_attr2), 0, &item, &itemSz);
+        ExpectIntEQ(ret, WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+
+        /* NULL output pointer */
+        ret = wc_PKCS7_DecodeOneSymmetricKeyAttribute(
+                key1_attr2, sizeof(key1_attr2), 0, NULL, &itemSz);
+        ExpectIntEQ(ret, WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+
+        /* NULL output size pointer */
+        ret = wc_PKCS7_DecodeOneSymmetricKeyAttribute(
+                key1_attr2, sizeof(key1_attr2), 0, &item, NULL);
+        ExpectIntEQ(ret, WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+
+        /* Valid attribute 0 access */
+        ret = wc_PKCS7_DecodeOneSymmetricKeyAttribute(
+                key1_attr2, sizeof(key1_attr2), 0, &item, &itemSz);
+        ExpectIntEQ(ret, 0);
+        ExpectPtrEq(item, &key1_attr2[4]);
+        ExpectIntEQ(itemSz, 3);
+
+        /* Valid attribute 1 access */
+        ret = wc_PKCS7_DecodeOneSymmetricKeyAttribute(
+                key1_attr2, sizeof(key1_attr2), 1, &item, &itemSz);
+        ExpectIntEQ(ret, 0);
+        ExpectPtrEq(item, &key1_attr2[7]);
+        ExpectIntEQ(itemSz, 3);
+
+        /* Attribute index 2 out of range */
+        ret = wc_PKCS7_DecodeOneSymmetricKeyAttribute(
+                key1_attr2, sizeof(key1_attr2), 2, &item, &itemSz);
+        ExpectIntEQ(ret, WC_NO_ERR_TRACE(BAD_INDEX_E));
+
+        /* Valid key access */
+        ret = wc_PKCS7_DecodeOneSymmetricKeyKey(
+                key1_attr2, sizeof(key1_attr2), &item, &itemSz);
+        ExpectIntEQ(ret, 0);
+        ExpectPtrEq(item, &key1_attr2[12]);
+        ExpectIntEQ(itemSz, 4);
+    }
+
+    {
+        const byte no_attrs[] = {
+            0x30, 0x06, /* OneSymmetricKey SEQUENCE header */
+              0x04, 0x04, 0xAA, 0xBB, 0xCC, 0xDD /* sKey OCTET STRING */
+        };
+
+        /* Attribute index 0 out of range */
+        ret = wc_PKCS7_DecodeOneSymmetricKeyAttribute(
+                no_attrs, sizeof(no_attrs), 0, &item, &itemSz);
+        ExpectIntEQ(ret, WC_NO_ERR_TRACE(BAD_INDEX_E));
+
+        /* Valid key access */
+        ret = wc_PKCS7_DecodeOneSymmetricKeyKey(
+                no_attrs, sizeof(no_attrs), &item, &itemSz);
+        ExpectIntEQ(ret, 0);
+        ExpectPtrEq(item, &no_attrs[4]);
+        ExpectIntEQ(itemSz, 4);
+    }
+
+    {
+        const byte key0_attr2[] = {
+            0x30, 0x08, /* OneSymmetricKey SEQUENCE header */
+              0x30, 0x06, /* sKeyAttrs SEQUENCE OF header */
+                0x02, 0x01, 0x0A, /* INTEGER standin for Attribute 0 */
+                0x02, 0x01, 0x0B, /* INTEGER standin for Attribute 1 */
+        };
+
+        /* Valid attribute 0 access */
+        ret = wc_PKCS7_DecodeOneSymmetricKeyAttribute(
+                key0_attr2, sizeof(key0_attr2), 0, &item, &itemSz);
+        ExpectIntEQ(ret, 0);
+        ExpectPtrEq(item, &key0_attr2[4]);
+        ExpectIntEQ(itemSz, 3);
+
+        /* Invalid key access */
+        ret = wc_PKCS7_DecodeOneSymmetricKeyKey(
+                key0_attr2, sizeof(key0_attr2), &item, &itemSz);
+        ExpectIntEQ(ret, WC_NO_ERR_TRACE(ASN_PARSE_E));
+    }
+
+#endif
+    return EXPECT_RESULT();
+} /* END test_wc_PKCS7_DecodeOneSymmetricKey() */
+
+
+/*
+ * Testing wc_PKCS7_Degenerate()
+ */
+int test_wc_PKCS7_Degenerate(void)
+{
+    EXPECT_DECLS;
+#if defined(HAVE_PKCS7) && !defined(NO_FILESYSTEM)
+    PKCS7* pkcs7 = NULL;
+    char   fName[] = "./certs/test-degenerate.p7b";
+    XFILE  f = XBADFILE;
+    byte   der[4096];
+    word32 derSz = 0;
+#ifndef NO_PKCS7_STREAM
+    word32 z;
+    int ret;
+#endif /* !NO_PKCS7_STREAM */
+    ExpectTrue((f = XFOPEN(fName, "rb")) != XBADFILE);
+    ExpectTrue((derSz = (word32)XFREAD(der, 1, sizeof(der), f)) > 0);
+    if (f != XBADFILE)
+        XFCLOSE(f);
+
+    /* test degenerate success */
+    ExpectNotNull(pkcs7 = wc_PKCS7_New(HEAP_HINT, testDevId));
+    ExpectIntEQ(wc_PKCS7_Init(pkcs7, HEAP_HINT, INVALID_DEVID), 0);
+    ExpectIntEQ(wc_PKCS7_InitWithCert(pkcs7, NULL, 0), 0);
+#ifndef NO_RSA
+    ExpectIntEQ(wc_PKCS7_VerifySignedData(pkcs7, der, derSz), 0);
+
+    #ifndef NO_PKCS7_STREAM
+    wc_PKCS7_Free(pkcs7);
+    pkcs7 = NULL;
+    ExpectNotNull(pkcs7 = wc_PKCS7_New(HEAP_HINT, testDevId));
+    ExpectIntEQ(wc_PKCS7_Init(pkcs7, HEAP_HINT, INVALID_DEVID), 0);
+    ExpectIntEQ(wc_PKCS7_InitWithCert(pkcs7, NULL, 0), 0);
+
+    /* test for streaming */
+    ret = -1;
+    for (z = 0; z < derSz && ret != 0; z++) {
+        ret = wc_PKCS7_VerifySignedData(pkcs7, der + z, 1);
+        if (ret < 0){
+            ExpectIntEQ(ret, WC_NO_ERR_TRACE(WC_PKCS7_WANT_READ_E));
+        }
+    }
+    ExpectIntEQ(ret, 0);
+    #endif /* !NO_PKCS7_STREAM */
+#else
+    ExpectIntNE(wc_PKCS7_VerifySignedData(pkcs7, der, derSz), 0);
+#endif /* NO_RSA */
+    wc_PKCS7_Free(pkcs7);
+    pkcs7 = NULL;
+
+    /* test with turning off degenerate cases */
+    ExpectNotNull(pkcs7 = wc_PKCS7_New(HEAP_HINT, testDevId));
+    ExpectIntEQ(wc_PKCS7_Init(pkcs7, HEAP_HINT, INVALID_DEVID), 0);
+    ExpectIntEQ(wc_PKCS7_InitWithCert(pkcs7, NULL, 0), 0);
+    wc_PKCS7_AllowDegenerate(pkcs7, 0); /* override allowing degenerate case */
+    ExpectIntEQ(wc_PKCS7_VerifySignedData(pkcs7, der, derSz),
+        WC_NO_ERR_TRACE(PKCS7_NO_SIGNER_E));
+
+    #ifndef NO_PKCS7_STREAM
+    wc_PKCS7_Free(pkcs7);
+    pkcs7 = NULL;
+    ExpectNotNull(pkcs7 = wc_PKCS7_New(HEAP_HINT, testDevId));
+    ExpectIntEQ(wc_PKCS7_Init(pkcs7, HEAP_HINT, INVALID_DEVID), 0);
+    ExpectIntEQ(wc_PKCS7_InitWithCert(pkcs7, NULL, 0), 0);
+    wc_PKCS7_AllowDegenerate(pkcs7, 0); /* override allowing degenerate case */
+
+    /* test for streaming */
+    ret = -1;
+    for (z = 0; z < derSz && ret != 0; z++) {
+        ret = wc_PKCS7_VerifySignedData(pkcs7, der + z, 1);
+        if (ret == WC_NO_ERR_TRACE(WC_PKCS7_WANT_READ_E)){
+            continue;
+        }
+        else
+            break;
+    }
+    ExpectIntEQ(ret, WC_NO_ERR_TRACE(PKCS7_NO_SIGNER_E));
+    #endif /* !NO_PKCS7_STREAM */
+
+    wc_PKCS7_Free(pkcs7);
+#endif
+    return EXPECT_RESULT();
+} /* END test_wc_PKCS7_Degenerate() */
+
+#if defined(HAVE_PKCS7) && !defined(NO_FILESYSTEM) && \
+    defined(ASN_BER_TO_DER) && !defined(NO_DES3) && !defined(NO_SHA)
+static byte berContent[] = {
+    0x30, 0x80, 0x06, 0x09, 0x2A, 0x86, 0x48, 0x86,
+    0xF7, 0x0D, 0x01, 0x07, 0x03, 0xA0, 0x80, 0x30,
+    0x80, 0x02, 0x01, 0x00, 0x31, 0x82, 0x01, 0x48,
+    0x30, 0x82, 0x01, 0x44, 0x02, 0x01, 0x00, 0x30,
+    0x81, 0xAC, 0x30, 0x81, 0x9E, 0x31, 0x0B, 0x30,
+    0x09, 0x06, 0x03, 0x55, 0x04, 0x06, 0x13, 0x02,
+    0x55, 0x53, 0x31, 0x10, 0x30, 0x0E, 0x06, 0x03,
+    0x55, 0x04, 0x08, 0x0C, 0x07, 0x4D, 0x6F, 0x6E,
+    0x74, 0x61, 0x6E, 0x61, 0x31, 0x10, 0x30, 0x0E,
+    0x06, 0x03, 0x55, 0x04, 0x07, 0x0C, 0x07, 0x42,
+    0x6F, 0x7A, 0x65, 0x6D, 0x61, 0x6E, 0x31, 0x15,
+    0x30, 0x13, 0x06, 0x03, 0x55, 0x04, 0x0A, 0x0C,
+    0x0C, 0x77, 0x6F, 0x6C, 0x66, 0x53, 0x53, 0x4C,
+    0x5F, 0x31, 0x30, 0x32, 0x34, 0x31, 0x19, 0x30,
+    0x17, 0x06, 0x03, 0x55, 0x04, 0x0B, 0x0C, 0x10,
+    0x50, 0x72, 0x6F, 0x67, 0x72, 0x61, 0x6D, 0x6D,
+    0x69, 0x6E, 0x67, 0x2D, 0x31, 0x30, 0x32, 0x34,
+    0x31, 0x18, 0x30, 0x16, 0x06, 0x03, 0x55, 0x04,
+    0x03, 0x0C, 0x0F, 0x77, 0x77, 0x77, 0x2E, 0x77,
+    0x6F, 0x6C, 0x66, 0x73, 0x73, 0x6C, 0x2E, 0x63,
+    0x6F, 0x6D, 0x31, 0x1F, 0x30, 0x1D, 0x06, 0x09,
+    0x2A, 0x86, 0x48, 0x86, 0xF7, 0x0D, 0x01, 0x09,
+    0x01, 0x16, 0x10, 0x69, 0x6E, 0x66, 0x6F, 0x40,
+    0x77, 0x6F, 0x6C, 0x66, 0x73, 0x73, 0x6C, 0x2E,
+    0x63, 0x6F, 0x6D, 0x02, 0x09, 0x00, 0xBB, 0xD3,
+    0x10, 0x03, 0xE6, 0x9D, 0x28, 0x03, 0x30, 0x0D,
+    0x06, 0x09, 0x2A, 0x86, 0x48, 0x86, 0xF7, 0x0D,
+    0x01, 0x01, 0x01, 0x05, 0x00, 0x04, 0x81, 0x80,
+    0x2F, 0xF9, 0x77, 0x4F, 0x04, 0x5C, 0x16, 0x62,
+    0xF0, 0x77, 0x8D, 0x95, 0x4C, 0xB1, 0x44, 0x9A,
+    0x8C, 0x3C, 0x8C, 0xE4, 0xD1, 0xC1, 0x14, 0x72,
+    0xD0, 0x4A, 0x1A, 0x94, 0x27, 0x0F, 0xAA, 0xE8,
+    0xD0, 0xA2, 0xE7, 0xED, 0x4C, 0x7F, 0x0F, 0xC7,
+    0x1B, 0xFB, 0x81, 0x0E, 0x76, 0x8F, 0xDD, 0x32,
+    0x11, 0x68, 0xA0, 0x13, 0xD2, 0x8D, 0x95, 0xEF,
+    0x80, 0x53, 0x81, 0x0E, 0x1F, 0xC8, 0xD6, 0x76,
+    0x5C, 0x31, 0xD3, 0x77, 0x33, 0x29, 0xA6, 0x1A,
+    0xD3, 0xC6, 0x14, 0x36, 0xCA, 0x8E, 0x7D, 0x72,
+    0xA0, 0x29, 0x4C, 0xC7, 0x3A, 0xAF, 0xFE, 0xF7,
+    0xFC, 0xD7, 0xE2, 0x8F, 0x6A, 0x20, 0x46, 0x09,
+    0x40, 0x22, 0x2D, 0x79, 0x38, 0x11, 0xB1, 0x4A,
+    0xE3, 0x48, 0xE8, 0x10, 0x37, 0xA0, 0x22, 0xF7,
+    0xB4, 0x79, 0xD1, 0xA9, 0x3D, 0xC2, 0xAB, 0x37,
+    0xAE, 0x82, 0x68, 0x1A, 0x16, 0xEF, 0x33, 0x0C,
+    0x30, 0x80, 0x06, 0x09, 0x2A, 0x86, 0x48, 0x86,
+    0xF7, 0x0D, 0x01, 0x07, 0x01, 0x30, 0x14, 0x06,
+    0x08, 0x2A, 0x86, 0x48, 0x86, 0xF7, 0x0D, 0x03,
+    0x07, 0x04, 0x08, 0xAD, 0xD0, 0x38, 0x9B, 0x16,
+    0x4B, 0x7F, 0x99, 0xA0, 0x80, 0x04, 0x82, 0x03,
+    0xE8, 0x6D, 0x48, 0xFB, 0x8A, 0xBD, 0xED, 0x6C,
+    0xCD, 0xC6, 0x48, 0xFD, 0xB7, 0xB0, 0x7C, 0x86,
+    0x2C, 0x8D, 0xF0, 0x23, 0x12, 0xD8, 0xA3, 0x2A,
+    0x21, 0x6F, 0x8B, 0x75, 0xBB, 0x47, 0x7F, 0xC9,
+    0xBA, 0xBA, 0xFF, 0x91, 0x09, 0x01, 0x7A, 0x5C,
+    0x96, 0x02, 0xB8, 0x8E, 0xF8, 0x67, 0x7E, 0x8F,
+    0xF9, 0x51, 0x0E, 0xFF, 0x8E, 0xE2, 0x61, 0xC0,
+    0xDF, 0xFA, 0xE2, 0x4C, 0x50, 0x90, 0xAE, 0xA1,
+    0x15, 0x38, 0x3D, 0xBE, 0x88, 0xD7, 0x57, 0xC0,
+    0x11, 0x44, 0xA2, 0x61, 0x05, 0x49, 0x6A, 0x94,
+    0x04, 0x10, 0xD9, 0xC2, 0x2D, 0x15, 0x20, 0x0D,
+    0xBD, 0xA2, 0xEF, 0xE4, 0x68, 0xFA, 0x39, 0x75,
+    0x7E, 0xD8, 0x64, 0x44, 0xCB, 0xE0, 0x00, 0x6D,
+    0x57, 0x4E, 0x8A, 0x17, 0xA9, 0x83, 0x6C, 0x7F,
+    0xFE, 0x01, 0xEE, 0xDE, 0x99, 0x3A, 0xB2, 0xFF,
+    0xD3, 0x72, 0x78, 0xBA, 0xF1, 0x23, 0x54, 0x48,
+    0x02, 0xD8, 0x38, 0xA9, 0x54, 0xE5, 0x4A, 0x81,
+    0xB9, 0xC0, 0x67, 0xB2, 0x7D, 0x3C, 0x6F, 0xCE,
+    0xA4, 0xDD, 0x34, 0x5F, 0x60, 0xB1, 0xA3, 0x7A,
+    0xE4, 0x43, 0xF2, 0x89, 0x64, 0x35, 0x09, 0x32,
+    0x51, 0xFB, 0x5C, 0x67, 0x0C, 0x3B, 0xFC, 0x36,
+    0x6B, 0x37, 0x43, 0x6C, 0x03, 0xCD, 0x44, 0xC7,
+    0x2B, 0x62, 0xD6, 0xD1, 0xF4, 0x07, 0x7B, 0x19,
+    0x91, 0xF0, 0xD7, 0xF5, 0x54, 0xBC, 0x0F, 0x42,
+    0x6B, 0x69, 0xF7, 0xA3, 0xC8, 0xEE, 0xB9, 0x7A,
+    0x9E, 0x3D, 0xDF, 0x53, 0x47, 0xF7, 0x50, 0x67,
+    0x00, 0xCF, 0x2B, 0x3B, 0xE9, 0x85, 0xEE, 0xBD,
+    0x4C, 0x64, 0x66, 0x0B, 0x77, 0x80, 0x9D, 0xEF,
+    0x11, 0x32, 0x77, 0xA8, 0xA4, 0x5F, 0xEE, 0x2D,
+    0xE0, 0x43, 0x87, 0x76, 0x87, 0x53, 0x4E, 0xD7,
+    0x1A, 0x04, 0x7B, 0xE1, 0xD1, 0xE1, 0xF5, 0x87,
+    0x51, 0x13, 0xE0, 0xC2, 0xAA, 0xA3, 0x4B, 0xAA,
+    0x9E, 0xB4, 0xA6, 0x1D, 0x4E, 0x28, 0x57, 0x0B,
+    0x80, 0x90, 0x81, 0x4E, 0x04, 0xF5, 0x30, 0x8D,
+    0x51, 0xCE, 0x57, 0x2F, 0x88, 0xC5, 0x70, 0xC4,
+    0x06, 0x8F, 0xDD, 0x37, 0xC1, 0x34, 0x1E, 0x0E,
+    0x15, 0x32, 0x23, 0x92, 0xAB, 0x40, 0xEA, 0xF7,
+    0x43, 0xE2, 0x1D, 0xE2, 0x4B, 0xC9, 0x91, 0xF4,
+    0x63, 0x21, 0x34, 0xDB, 0xE9, 0x86, 0x83, 0x1A,
+    0xD2, 0x52, 0xEF, 0x7A, 0xA2, 0xEE, 0xA4, 0x11,
+    0x56, 0xD3, 0x6C, 0xF5, 0x6D, 0xE4, 0xA5, 0x2D,
+    0x99, 0x02, 0x10, 0xDF, 0x29, 0xC5, 0xE3, 0x0B,
+    0xC4, 0xA1, 0xEE, 0x5F, 0x4A, 0x10, 0xEE, 0x85,
+    0x73, 0x2A, 0x92, 0x15, 0x2C, 0xC8, 0xF4, 0x8C,
+    0xD7, 0x3D, 0xBC, 0xAD, 0x18, 0xE0, 0x59, 0xD3,
+    0xEE, 0x75, 0x90, 0x1C, 0xCC, 0x76, 0xC6, 0x64,
+    0x17, 0xD2, 0xD0, 0x91, 0xA6, 0xD0, 0xC1, 0x4A,
+    0xAA, 0x58, 0x22, 0xEC, 0x45, 0x98, 0xF2, 0xCC,
+    0x4C, 0xE4, 0xBF, 0xED, 0xF6, 0x44, 0x72, 0x36,
+    0x65, 0x3F, 0xE3, 0xB5, 0x8B, 0x3E, 0x54, 0x9C,
+    0x82, 0x86, 0x5E, 0xB0, 0xF2, 0x12, 0xE5, 0x69,
+    0xFA, 0x46, 0xA2, 0x54, 0xFC, 0xF5, 0x4B, 0xE0,
+    0x24, 0x3B, 0x99, 0x04, 0x1A, 0x7A, 0xF7, 0xD1,
+    0xFF, 0x68, 0x97, 0xB2, 0x85, 0x82, 0x95, 0x27,
+    0x2B, 0xF4, 0xE7, 0x1A, 0x74, 0x19, 0xEC, 0x8C,
+    0x4E, 0xA7, 0x0F, 0xAD, 0x4F, 0x5A, 0x02, 0x80,
+    0xC1, 0x6A, 0x9E, 0x54, 0xE4, 0x8E, 0xA3, 0x41,
+    0x3F, 0x6F, 0x9C, 0x82, 0x9F, 0x83, 0xB0, 0x44,
+    0x01, 0x5F, 0x10, 0x9D, 0xD3, 0xB6, 0x33, 0x5B,
+    0xAF, 0xAC, 0x6B, 0x57, 0x2A, 0x01, 0xED, 0x0E,
+    0x17, 0xB9, 0x80, 0x76, 0x12, 0x1C, 0x51, 0x56,
+    0xDD, 0x6D, 0x94, 0xAB, 0xD2, 0xE5, 0x15, 0x2D,
+    0x3C, 0xC5, 0xE8, 0x62, 0x05, 0x8B, 0x40, 0xB1,
+    0xC2, 0x83, 0xCA, 0xAC, 0x4B, 0x8B, 0x39, 0xF7,
+    0xA0, 0x08, 0x43, 0x5C, 0xF7, 0xE8, 0xED, 0x40,
+    0x72, 0x73, 0xE3, 0x6B, 0x18, 0x67, 0xA0, 0xB6,
+    0x0F, 0xED, 0x8F, 0x9A, 0xE4, 0x27, 0x62, 0x23,
+    0xAA, 0x6D, 0x6C, 0x31, 0xC9, 0x9D, 0x6B, 0xE0,
+    0xBF, 0x9D, 0x7D, 0x2E, 0x76, 0x71, 0x06, 0x39,
+    0xAC, 0x96, 0x1C, 0xAF, 0x30, 0xF2, 0x62, 0x9C,
+    0x84, 0x3F, 0x43, 0x5E, 0x19, 0xA8, 0xE5, 0x3C,
+    0x9D, 0x43, 0x3C, 0x43, 0x41, 0xE8, 0x82, 0xE7,
+    0x5B, 0xF3, 0xE2, 0x15, 0xE3, 0x52, 0x20, 0xFD,
+    0x0D, 0xB2, 0x4D, 0x48, 0xAD, 0x53, 0x7E, 0x0C,
+    0xF0, 0xB9, 0xBE, 0xC9, 0x58, 0x4B, 0xC8, 0xA8,
+    0xA3, 0x36, 0xF1, 0x2C, 0xD2, 0xE1, 0xC8, 0xC4,
+    0x3C, 0x48, 0x70, 0xC2, 0x6D, 0x6C, 0x3D, 0x99,
+    0xAC, 0x43, 0x19, 0x69, 0xCA, 0x67, 0x1A, 0xC9,
+    0xE1, 0x47, 0xFA, 0x0A, 0xE6, 0x5B, 0x6F, 0x61,
+    0xD0, 0x03, 0xE4, 0x03, 0x4B, 0xFD, 0xE2, 0xA5,
+    0x8D, 0x83, 0x01, 0x7E, 0xC0, 0x7B, 0x2E, 0x0B,
+    0x29, 0xDD, 0xD6, 0xDC, 0x71, 0x46, 0xBD, 0x9A,
+    0x40, 0x46, 0x1E, 0x0A, 0xB1, 0x00, 0xE7, 0x71,
+    0x29, 0x77, 0xFC, 0x9A, 0x76, 0x8A, 0x5F, 0x66,
+    0x9B, 0x63, 0x91, 0x12, 0x78, 0xBF, 0x67, 0xAD,
+    0xA1, 0x72, 0x9E, 0xC5, 0x3E, 0xE5, 0xCB, 0xAF,
+    0xD6, 0x5A, 0x0D, 0xB6, 0x9B, 0xA3, 0x78, 0xE8,
+    0xB0, 0x8F, 0x69, 0xED, 0xC1, 0x73, 0xD5, 0xE5,
+    0x1C, 0x18, 0xA0, 0x58, 0x4C, 0x49, 0xBD, 0x91,
+    0xCE, 0x15, 0x0D, 0xAA, 0x5A, 0x07, 0xEA, 0x1C,
+    0xA7, 0x4B, 0x11, 0x31, 0x80, 0xAF, 0xA1, 0x0A,
+    0xED, 0x6C, 0x70, 0xE4, 0xDB, 0x75, 0x86, 0xAE,
+    0xBF, 0x4A, 0x05, 0x72, 0xDE, 0x84, 0x8C, 0x7B,
+    0x59, 0x81, 0x58, 0xE0, 0xC0, 0x15, 0xB5, 0xF3,
+    0xD5, 0x73, 0x78, 0x83, 0x53, 0xDA, 0x92, 0xC1,
+    0xE6, 0x71, 0x74, 0xC7, 0x7E, 0xAA, 0x36, 0x06,
+    0xF0, 0xDF, 0xBA, 0xFB, 0xEF, 0x54, 0xE8, 0x11,
+    0xB2, 0x33, 0xA3, 0x0B, 0x9E, 0x0C, 0x59, 0x75,
+    0x13, 0xFA, 0x7F, 0x88, 0xB9, 0x86, 0xBD, 0x1A,
+    0xDB, 0x52, 0x12, 0xFB, 0x6D, 0x1A, 0xCB, 0x49,
+    0x94, 0x94, 0xC4, 0xA9, 0x99, 0xC0, 0xA4, 0xB6,
+    0x60, 0x36, 0x09, 0x94, 0x2A, 0xD5, 0xC4, 0x26,
+    0xF4, 0xA3, 0x6A, 0x0E, 0x57, 0x8B, 0x7C, 0xA4,
+    0x1D, 0x75, 0xE8, 0x2A, 0xF3, 0xC4, 0x3C, 0x7D,
+    0x45, 0x6D, 0xD8, 0x24, 0xD1, 0x3B, 0xF7, 0xCF,
+    0xE4, 0x45, 0x2A, 0x55, 0xE5, 0xA9, 0x1F, 0x1C,
+    0x8F, 0x55, 0x8D, 0xC1, 0xF7, 0x74, 0xCC, 0x26,
+    0xC7, 0xBA, 0x2E, 0x5C, 0xC1, 0x71, 0x0A, 0xAA,
+    0xD9, 0x6D, 0x76, 0xA7, 0xF9, 0xD1, 0x18, 0xCB,
+    0x5A, 0x52, 0x98, 0xA8, 0x0D, 0x3F, 0x06, 0xFC,
+    0x49, 0x11, 0x21, 0x5F, 0x86, 0x19, 0x33, 0x81,
+    0xB5, 0x7A, 0xDA, 0xA1, 0x47, 0xBF, 0x7C, 0xD7,
+    0x05, 0x96, 0xC7, 0xF5, 0xC1, 0x61, 0xE5, 0x18,
+    0xA5, 0x38, 0x68, 0xED, 0xB4, 0x17, 0x62, 0x0D,
+    0x01, 0x5E, 0xC3, 0x04, 0xA6, 0xBA, 0xB1, 0x01,
+    0x60, 0x5C, 0xC1, 0x3A, 0x34, 0x97, 0xD6, 0xDB,
+    0x67, 0x73, 0x4D, 0x33, 0x96, 0x01, 0x67, 0x44,
+    0xEA, 0x47, 0x5E, 0x44, 0xB5, 0xE5, 0xD1, 0x6C,
+    0x20, 0xA9, 0x6D, 0x4D, 0xBC, 0x02, 0xF0, 0x70,
+    0xE4, 0xDD, 0xE9, 0xD5, 0x5C, 0x28, 0x29, 0x0B,
+    0xB4, 0x60, 0x2A, 0xF1, 0xF7, 0x1A, 0xF0, 0x36,
+    0xAE, 0x51, 0x3A, 0xAE, 0x6E, 0x48, 0x7D, 0xC7,
+    0x5C, 0xF3, 0xDC, 0xF6, 0xED, 0x27, 0x4E, 0x8E,
+    0x48, 0x18, 0x3E, 0x08, 0xF1, 0xD8, 0x3D, 0x0D,
+    0xE7, 0x2F, 0x65, 0x8A, 0x6F, 0xE2, 0x1E, 0x06,
+    0xC1, 0x04, 0x58, 0x7B, 0x4A, 0x75, 0x60, 0x92,
+    0x13, 0xC6, 0x40, 0x2D, 0x3A, 0x8A, 0xD1, 0x03,
+    0x05, 0x1F, 0x28, 0x66, 0xC2, 0x57, 0x2A, 0x4C,
+    0xE1, 0xA3, 0xCB, 0xA1, 0x95, 0x30, 0x10, 0xED,
+    0xDF, 0xAE, 0x70, 0x49, 0x4E, 0xF6, 0xB4, 0x5A,
+    0xB6, 0x22, 0x56, 0x37, 0x05, 0xE7, 0x3E, 0xB2,
+    0xE3, 0x96, 0x62, 0xEC, 0x09, 0x53, 0xC0, 0x50,
+    0x3D, 0xA7, 0xBC, 0x9B, 0x39, 0x02, 0x26, 0x16,
+    0xB5, 0x34, 0x17, 0xD4, 0xCA, 0xFE, 0x1D, 0xE4,
+    0x5A, 0xDA, 0x4C, 0xC2, 0xCA, 0x8E, 0x79, 0xBF,
+    0xD8, 0x4C, 0xBB, 0xFA, 0x30, 0x7B, 0xA9, 0x3E,
+    0x52, 0x19, 0xB1, 0x00, 0x00, 0x00, 0x00, 0x00,
+    0x00, 0x00, 0x00, 0x00, 0x00
+};
+#endif /* HAVE_PKCS7 && !NO_FILESYSTEM && ASN_BER_TO_DER &&
+        * !NO_DES3 && !NO_SHA
+        */
+
+/*
+ * Testing wc_PKCS7_BER()
+ */
+int test_wc_PKCS7_BER(void)
+{
+    EXPECT_DECLS;
+#if defined(HAVE_PKCS7) && !defined(NO_FILESYSTEM) && \
+    !defined(NO_SHA) && defined(ASN_BER_TO_DER)
+    PKCS7* pkcs7 = NULL;
+    char   fName[] = "./certs/test-ber-exp02-05-2022.p7b";
+    XFILE  f = XBADFILE;
+    byte   der[4096];
+#ifndef NO_DES3
+    byte   decoded[2048];
+#endif
+    word32 derSz = 0;
+#if !defined(NO_PKCS7_STREAM) && !defined(NO_RSA)
+    word32 z;
+    int ret;
+#endif /* !NO_PKCS7_STREAM && !NO_RSA */
+
+    ExpectTrue((f = XFOPEN(fName, "rb")) != XBADFILE);
+    ExpectTrue((derSz = (word32)XFREAD(der, 1, sizeof(der), f)) > 0);
+    if (f != XBADFILE) {
+        XFCLOSE(f);
+        f = XBADFILE;
+    }
+
+    ExpectNotNull(pkcs7 = wc_PKCS7_New(HEAP_HINT, testDevId));
+    ExpectIntEQ(wc_PKCS7_Init(pkcs7, HEAP_HINT, INVALID_DEVID), 0);
+    ExpectIntEQ(wc_PKCS7_InitWithCert(pkcs7, NULL, 0), 0);
+#ifndef NO_RSA
+    ExpectIntEQ(wc_PKCS7_VerifySignedData(pkcs7, der, derSz), 0);
+
+    #ifndef NO_PKCS7_STREAM
+    wc_PKCS7_Free(pkcs7);
+    pkcs7 = NULL;
+    ExpectNotNull(pkcs7 = wc_PKCS7_New(HEAP_HINT, testDevId));
+    ExpectIntEQ(wc_PKCS7_Init(pkcs7, HEAP_HINT, INVALID_DEVID), 0);
+    ExpectIntEQ(wc_PKCS7_InitWithCert(pkcs7, NULL, 0), 0);
+
+    /* test for streaming */
+    ret = -1;
+    for (z = 0; z < derSz && ret != 0; z++) {
+        ret = wc_PKCS7_VerifySignedData(pkcs7, der + z, 1);
+        if (ret < 0){
+            ExpectIntEQ(ret, WC_NO_ERR_TRACE(WC_PKCS7_WANT_READ_E));
+        }
+    }
+    ExpectIntEQ(ret, 0);
+    #endif /* !NO_PKCS7_STREAM */
+#else
+    ExpectIntNE(wc_PKCS7_VerifySignedData(pkcs7, der, derSz), 0);
+#endif
+    wc_PKCS7_Free(pkcs7);
+    pkcs7 = NULL;
+
+#ifndef NO_DES3
+    /* decode BER content */
+    ExpectTrue((f = XFOPEN("./certs/1024/client-cert.der", "rb")) != XBADFILE);
+    ExpectTrue((derSz = (word32)XFREAD(der, 1, sizeof(der), f)) > 0);
+    if (f != XBADFILE) {
+        XFCLOSE(f);
+        f = XBADFILE;
+    }
+    ExpectNotNull(pkcs7 = wc_PKCS7_New(HEAP_HINT, testDevId));
+#ifndef NO_RSA
+    ExpectIntEQ(wc_PKCS7_InitWithCert(pkcs7, der, derSz), 0);
+#else
+    ExpectIntNE(wc_PKCS7_InitWithCert(pkcs7, der, derSz), 0);
+#endif
+
+    ExpectTrue((f = XFOPEN("./certs/1024/client-key.der", "rb")) != XBADFILE);
+    ExpectTrue((derSz = (word32)XFREAD(der, 1, sizeof(der), f)) > 0);
+    if (f != XBADFILE) {
+        XFCLOSE(f);
+        f = XBADFILE;
+    }
+    if (pkcs7 != NULL) {
+        pkcs7->privateKey   = der;
+        pkcs7->privateKeySz = derSz;
+    }
+#ifndef NO_RSA
+#ifdef WOLFSSL_SP_MATH
+    ExpectIntEQ(wc_PKCS7_DecodeEnvelopedData(pkcs7, berContent,
+        sizeof(berContent), decoded, sizeof(decoded)), WC_NO_ERR_TRACE(WC_KEY_SIZE_E));
+#else
+    ExpectIntGT(wc_PKCS7_DecodeEnvelopedData(pkcs7, berContent,
+        sizeof(berContent), decoded, sizeof(decoded)), 0);
+#endif
+#else
+    ExpectIntEQ(wc_PKCS7_DecodeEnvelopedData(pkcs7, berContent,
+        sizeof(berContent), decoded, sizeof(decoded)), WC_NO_ERR_TRACE(NOT_COMPILED_IN));
+#endif
+    wc_PKCS7_Free(pkcs7);
+#endif /* !NO_DES3 */
+#endif
+    return EXPECT_RESULT();
+} /* END test_wc_PKCS7_BER() */
+
+int test_wc_PKCS7_signed_enveloped(void)
+{
+    EXPECT_DECLS;
+#if defined(HAVE_PKCS7) && !defined(NO_RSA) && !defined(NO_AES) && \
+    defined(WOLFSSL_AES_256) && !defined(NO_FILESYSTEM)
+    XFILE  f = XBADFILE;
+    PKCS7* pkcs7 = NULL;
+#ifdef HAVE_AES_CBC
+    PKCS7* inner = NULL;
+#endif
+    WC_RNG rng;
+    unsigned char key[FOURK_BUF/2];
+    unsigned char cert[FOURK_BUF/2];
+    unsigned char env[FOURK_BUF];
+    int envSz  = FOURK_BUF;
+    int keySz = 0;
+    int certSz = 0;
+    unsigned char sig[FOURK_BUF * 2];
+    int sigSz = FOURK_BUF * 2;
+#ifdef HAVE_AES_CBC
+    unsigned char decoded[FOURK_BUF];
+    int decodedSz = FOURK_BUF;
+#endif
+#ifndef NO_PKCS7_STREAM
+    int z;
+    int ret;
+#endif /* !NO_PKCS7_STREAM */
+
+    XMEMSET(&rng, 0, sizeof(WC_RNG));
+
+    /* load cert */
+    ExpectTrue((f = XFOPEN(cliCertDerFile, "rb")) != XBADFILE);
+    ExpectIntGT((certSz = (int)XFREAD(cert, 1, sizeof(cert), f)), 0);
+    if (f != XBADFILE) {
+        XFCLOSE(f);
+        f = XBADFILE;
+    }
+
+    /* load key */
+    ExpectTrue((f = XFOPEN(cliKeyFile, "rb")) != XBADFILE);
+    ExpectIntGT((keySz = (int)XFREAD(key, 1, sizeof(key), f)), 0);
+    if (f != XBADFILE) {
+        XFCLOSE(f);
+        f = XBADFILE;
+    }
+    ExpectIntGT(keySz = wolfSSL_KeyPemToDer(key, keySz, key, keySz, NULL), 0);
+
+    /* sign cert for envelope */
+    ExpectNotNull(pkcs7 = wc_PKCS7_New(NULL, 0));
+    ExpectIntEQ(wc_InitRng(&rng), 0);
+    ExpectIntEQ(wc_PKCS7_InitWithCert(pkcs7, cert, (word32)certSz), 0);
+    if (pkcs7 != NULL) {
+        pkcs7->content    = cert;
+        pkcs7->contentSz  = (word32)certSz;
+        pkcs7->contentOID = DATA;
+        pkcs7->privateKey   = key;
+        pkcs7->privateKeySz = (word32)keySz;
+        pkcs7->encryptOID   = RSAk;
+        pkcs7->hashOID      = SHA256h;
+        pkcs7->rng          = &rng;
+    }
+    ExpectIntGT((sigSz = wc_PKCS7_EncodeSignedData(pkcs7, sig, (word32)sigSz)), 0);
+    wc_PKCS7_Free(pkcs7);
+    pkcs7 = NULL;
+    DoExpectIntEQ(wc_FreeRng(&rng), 0);
+
+#if defined(HAVE_AES_CBC) && defined(WOLFSSL_AES_256)
+    /* create envelope */
+    ExpectNotNull(pkcs7 = wc_PKCS7_New(NULL, 0));
+    ExpectIntEQ(wc_PKCS7_InitWithCert(pkcs7, cert, (word32)certSz), 0);
+    if (pkcs7 != NULL) {
+        pkcs7->content   = sig;
+        pkcs7->contentSz = (word32)sigSz;
+        pkcs7->contentOID = DATA;
+        pkcs7->encryptOID = AES256CBCb;
+        pkcs7->privateKey   = key;
+        pkcs7->privateKeySz = (word32)keySz;
+    }
+    ExpectIntGT((envSz = wc_PKCS7_EncodeEnvelopedData(pkcs7, env, (word32)envSz)), 0);
+    ExpectIntLT(wc_PKCS7_EncodeEnvelopedData(pkcs7, env, 2), 0);
+    wc_PKCS7_Free(pkcs7);
+    pkcs7 = NULL;
+#endif
+
+    /* create bad signed enveloped data */
+    sigSz = FOURK_BUF * 2;
+    ExpectNotNull(pkcs7 = wc_PKCS7_New(NULL, 0));
+    ExpectIntEQ(wc_InitRng(&rng), 0);
+    ExpectIntEQ(wc_PKCS7_InitWithCert(pkcs7, cert, (word32)certSz), 0);
+    if (pkcs7 != NULL) {
+        pkcs7->content    = env;
+        pkcs7->contentSz  = (word32)envSz;
+        pkcs7->contentOID = DATA;
+        pkcs7->privateKey   = key;
+        pkcs7->privateKeySz = (word32)keySz;
+        pkcs7->encryptOID   = RSAk;
+        pkcs7->hashOID      = SHA256h;
+        pkcs7->rng = &rng;
+    }
+
+    /* Set no certs in bundle for this test. */
+    if (pkcs7 != NULL) {
+        ExpectIntEQ(wc_PKCS7_SetNoCerts(pkcs7, 1), 0);
+        ExpectIntEQ(wc_PKCS7_SetNoCerts(NULL, 1), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+        ExpectIntEQ(wc_PKCS7_GetNoCerts(pkcs7), 1);
+    }
+    ExpectIntGT((sigSz = wc_PKCS7_EncodeSignedData(pkcs7, sig, (word32)sigSz)), 0);
+    wc_PKCS7_Free(pkcs7);
+    pkcs7 = NULL;
+
+    /* check verify fails */
+    ExpectNotNull(pkcs7 = wc_PKCS7_New(NULL, 0));
+    ExpectIntEQ(wc_PKCS7_InitWithCert(pkcs7, NULL, 0), 0);
+    ExpectIntEQ(wc_PKCS7_VerifySignedData(pkcs7, sig, (word32)sigSz),
+            WC_NO_ERR_TRACE(PKCS7_SIGNEEDS_CHECK));
+
+    /* try verifying the signature manually */
+    {
+        RsaKey rKey;
+        word32 idx = 0;
+        byte digest[MAX_SEQ_SZ + MAX_ALGO_SZ + MAX_OCTET_STR_SZ +
+            WC_MAX_DIGEST_SIZE];
+        int  digestSz = 0;
+
+        ExpectIntEQ(wc_InitRsaKey(&rKey, HEAP_HINT), 0);
+        ExpectIntEQ(wc_RsaPrivateKeyDecode(key, &idx, &rKey, (word32)keySz), 0);
+        ExpectIntGT(digestSz = wc_RsaSSL_Verify(pkcs7->signature,
+            pkcs7->signatureSz, digest, sizeof(digest), &rKey), 0);
+        ExpectIntEQ(digestSz, pkcs7->pkcs7DigestSz);
+        ExpectIntEQ(XMEMCMP(digest, pkcs7->pkcs7Digest, digestSz), 0);
+        ExpectIntEQ(wc_FreeRsaKey(&rKey), 0);
+        /* verify was success */
+    }
+
+    wc_PKCS7_Free(pkcs7);
+    pkcs7 = NULL;
+
+    /* initializing the PKCS7 struct with the signing certificate should pass */
+    ExpectNotNull(pkcs7 = wc_PKCS7_New(NULL, 0));
+    ExpectIntEQ(wc_PKCS7_InitWithCert(pkcs7, cert, (word32)certSz), 0);
+    ExpectIntEQ(wc_PKCS7_VerifySignedData(pkcs7, sig, (word32)sigSz), 0);
+
+#ifndef NO_PKCS7_STREAM
+    wc_PKCS7_Free(pkcs7);
+    pkcs7 = NULL;
+    ExpectNotNull(pkcs7 = wc_PKCS7_New(HEAP_HINT, testDevId));
+    ExpectIntEQ(wc_PKCS7_InitWithCert(pkcs7, cert, (word32)certSz), 0);
+
+    /* test for streaming */
+    ret = -1;
+    for (z = 0; z < sigSz && ret != 0; z++) {
+        ret = wc_PKCS7_VerifySignedData(pkcs7, sig + z, 1);
+        if (ret < 0){
+            ExpectIntEQ(ret, WC_NO_ERR_TRACE(WC_PKCS7_WANT_READ_E));
+        }
+    }
+    ExpectIntEQ(ret, 0);
+#endif /* !NO_PKCS7_STREAM */
+
+    wc_PKCS7_Free(pkcs7);
+    pkcs7 = NULL;
+
+    /* create valid degenerate bundle */
+    sigSz = FOURK_BUF * 2;
+    ExpectNotNull(pkcs7 = wc_PKCS7_New(NULL, 0));
+    if (pkcs7 != NULL) {
+        pkcs7->content    = env;
+        pkcs7->contentSz  = (word32)envSz;
+        pkcs7->contentOID = DATA;
+        pkcs7->privateKey   = key;
+        pkcs7->privateKeySz = (word32)keySz;
+        pkcs7->encryptOID   = RSAk;
+        pkcs7->hashOID      = SHA256h;
+        pkcs7->rng = &rng;
+    }
+    ExpectIntEQ(wc_PKCS7_SetSignerIdentifierType(pkcs7, DEGENERATE_SID), 0);
+    ExpectIntGT((sigSz = wc_PKCS7_EncodeSignedData(pkcs7, sig, (word32)sigSz)), 0);
+    wc_PKCS7_Free(pkcs7);
+    pkcs7 = NULL;
+    wc_FreeRng(&rng);
+
+    /* check verify */
+    ExpectNotNull(pkcs7 = wc_PKCS7_New(NULL, 0));
+    ExpectIntEQ(wc_PKCS7_Init(pkcs7, HEAP_HINT, testDevId), 0);
+    ExpectIntEQ(wc_PKCS7_VerifySignedData(pkcs7, sig, (word32)sigSz), 0);
+    ExpectNotNull(pkcs7->content);
+
+#ifndef NO_PKCS7_STREAM
+    wc_PKCS7_Free(pkcs7);
+    pkcs7 = NULL;
+
+    /* create valid degenerate bundle */
+    sigSz = FOURK_BUF * 2;
+    ExpectNotNull(pkcs7 = wc_PKCS7_New(NULL, 0));
+    if (pkcs7 != NULL) {
+        pkcs7->content    = env;
+        pkcs7->contentSz  = (word32)envSz;
+        pkcs7->contentOID = DATA;
+        pkcs7->privateKey   = key;
+        pkcs7->privateKeySz = (word32)keySz;
+        pkcs7->encryptOID   = RSAk;
+        pkcs7->hashOID      = SHA256h;
+        pkcs7->rng = &rng;
+    }
+    ExpectIntEQ(wc_PKCS7_SetSignerIdentifierType(pkcs7, DEGENERATE_SID), 0);
+    ExpectIntGT((sigSz = wc_PKCS7_EncodeSignedData(pkcs7, sig, (word32)sigSz)), 0);
+    wc_PKCS7_Free(pkcs7);
+    pkcs7 = NULL;
+    wc_FreeRng(&rng);
+
+    /* check verify */
+    ExpectNotNull(pkcs7 = wc_PKCS7_New(NULL, 0));
+    ExpectIntEQ(wc_PKCS7_Init(pkcs7, HEAP_HINT, testDevId), 0);
+    /* test for streaming */
+    ret = -1;
+    for (z = 0; z < sigSz && ret != 0; z++) {
+        ret = wc_PKCS7_VerifySignedData(pkcs7, sig + z, 1);
+        if (ret < 0){
+            ExpectIntEQ(ret, WC_NO_ERR_TRACE(WC_PKCS7_WANT_READ_E));
+        }
+    }
+    ExpectIntEQ(ret, 0);
+#endif /* !NO_PKCS7_STREAM */
+
+#ifdef HAVE_AES_CBC
+    /* check decode */
+    ExpectNotNull(inner = wc_PKCS7_New(NULL, 0));
+    ExpectIntEQ(wc_PKCS7_InitWithCert(inner, cert, (word32)certSz), 0);
+    if (inner != NULL) {
+        inner->privateKey   = key;
+        inner->privateKeySz = (word32)keySz;
+    }
+    ExpectIntGT((decodedSz = wc_PKCS7_DecodeEnvelopedData(inner, pkcs7->content,
+                   pkcs7->contentSz, decoded, (word32)decodedSz)), 0);
+    wc_PKCS7_Free(inner);
+    inner = NULL;
+#endif
+    wc_PKCS7_Free(pkcs7);
+    pkcs7 = NULL;
+
+#ifdef HAVE_AES_CBC
+    /* check cert set */
+    ExpectNotNull(pkcs7 = wc_PKCS7_New(NULL, 0));
+    ExpectIntEQ(wc_PKCS7_InitWithCert(pkcs7, NULL, 0), 0);
+    ExpectIntEQ(wc_PKCS7_VerifySignedData(pkcs7, decoded, (word32)decodedSz), 0);
+    ExpectNotNull(pkcs7->singleCert);
+    ExpectIntNE(pkcs7->singleCertSz, 0);
+    wc_PKCS7_Free(pkcs7);
+    pkcs7 = NULL;
+
+#ifndef NO_PKCS7_STREAM
+    ExpectNotNull(pkcs7 = wc_PKCS7_New(NULL, 0));
+    ExpectIntEQ(wc_PKCS7_InitWithCert(pkcs7, NULL, 0), 0);
+    /* test for streaming */
+    ret = -1;
+    for (z = 0; z < decodedSz && ret != 0; z++) {
+        ret = wc_PKCS7_VerifySignedData(pkcs7, decoded + z, 1);
+        if (ret < 0){
+            ExpectIntEQ(ret, WC_NO_ERR_TRACE(WC_PKCS7_WANT_READ_E));
+        }
+    }
+    ExpectIntEQ(ret, 0);
+    ExpectNotNull(pkcs7->singleCert);
+    ExpectIntNE(pkcs7->singleCertSz, 0);
+    wc_PKCS7_Free(pkcs7);
+    pkcs7 = NULL;
+#endif /* !NO_PKCS7_STREAM */
+#endif
+
+    {
+        /* arbitrary custom SKID */
+        const byte customSKID[] = {
+            0x40, 0x25, 0x77, 0x56
+        };
+
+        ExpectIntEQ(wc_InitRng(&rng), 0);
+        sigSz = FOURK_BUF * 2;
+        ExpectNotNull(pkcs7 = wc_PKCS7_New(HEAP_HINT, testDevId));
+        if (pkcs7 != NULL) {
+            ExpectIntEQ(wc_PKCS7_InitWithCert(pkcs7, cert, (word32)certSz), 0);
+            pkcs7->content    = cert;
+            pkcs7->contentSz  = (word32)certSz;
+            pkcs7->contentOID = DATA;
+            pkcs7->privateKey   = key;
+            pkcs7->privateKeySz = (word32)keySz;
+            pkcs7->encryptOID   = RSAk;
+            pkcs7->hashOID      = SHA256h;
+            pkcs7->rng          = &rng;
+            ExpectIntEQ(wc_PKCS7_SetSignerIdentifierType(pkcs7, CMS_SKID), 0);
+            ExpectIntEQ(wc_PKCS7_SetCustomSKID(pkcs7, customSKID,
+                        sizeof(customSKID)), 0);
+            ExpectIntGT((sigSz = wc_PKCS7_EncodeSignedData(pkcs7, sig,
+                (word32)sigSz)), 0);
+        }
+        wc_PKCS7_Free(pkcs7);
+        pkcs7 = NULL;
+        wc_FreeRng(&rng);
+    }
+#endif /* HAVE_PKCS7 && !NO_RSA && !NO_AES */
+    return EXPECT_RESULT();
+}
+
+int test_wc_PKCS7_NoDefaultSignedAttribs(void)
+{
+    EXPECT_DECLS;
+#if defined(HAVE_PKCS7) && !defined(NO_FILESYSTEM) && !defined(NO_RSA) \
+    && !defined(NO_AES)
+    PKCS7* pkcs7 = NULL;
+    void*  heap = NULL;
+
+    ExpectNotNull(pkcs7 = wc_PKCS7_New(heap, testDevId));
+    ExpectIntEQ(wc_PKCS7_Init(pkcs7, heap, testDevId), 0);
+
+    ExpectIntEQ(wc_PKCS7_NoDefaultSignedAttribs(NULL), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    ExpectIntEQ(wc_PKCS7_NoDefaultSignedAttribs(pkcs7), 0);
+
+    wc_PKCS7_Free(pkcs7);
+#endif
+    return EXPECT_RESULT();
+}
+
+int test_wc_PKCS7_SetOriEncryptCtx(void)
+{
+    EXPECT_DECLS;
+#if defined(HAVE_PKCS7) && !defined(NO_FILESYSTEM) && !defined(NO_RSA) \
+    && !defined(NO_AES)
+    PKCS7*       pkcs7 = NULL;
+    void*        heap = NULL;
+    WOLFSSL_CTX* ctx = NULL;
+
+    ExpectNotNull(pkcs7 = wc_PKCS7_New(heap, testDevId));
+    ExpectIntEQ(wc_PKCS7_Init(pkcs7, heap, testDevId), 0);
+
+    ExpectIntEQ(wc_PKCS7_SetOriEncryptCtx(NULL, ctx), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    ExpectIntEQ(wc_PKCS7_SetOriEncryptCtx(pkcs7, ctx), 0);
+
+    wc_PKCS7_Free(pkcs7);
+#endif
+    return EXPECT_RESULT();
+}
+
+int test_wc_PKCS7_SetOriDecryptCtx(void)
+{
+    EXPECT_DECLS;
+#if defined(HAVE_PKCS7) && !defined(NO_FILESYSTEM) && !defined(NO_RSA) \
+    && !defined(NO_AES)
+    PKCS7*       pkcs7 = NULL;
+    void*        heap = NULL;
+    WOLFSSL_CTX* ctx = NULL;
+
+    ExpectNotNull(pkcs7 = wc_PKCS7_New(heap, testDevId));
+    ExpectIntEQ(wc_PKCS7_Init(pkcs7, heap, testDevId), 0);
+
+    ExpectIntEQ(wc_PKCS7_SetOriDecryptCtx(NULL, ctx), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    ExpectIntEQ(wc_PKCS7_SetOriDecryptCtx(pkcs7, ctx), 0);
+
+    wc_PKCS7_Free(pkcs7);
+#endif
+    return EXPECT_RESULT();
+}
+
+int test_wc_PKCS7_DecodeCompressedData(void)
+{
+    EXPECT_DECLS;
+#if defined(HAVE_PKCS7) && !defined(NO_FILESYSTEM) && !defined(NO_RSA) \
+    && !defined(NO_AES) && defined(HAVE_LIBZ)
+    PKCS7* pkcs7 = NULL;
+    void*  heap = NULL;
+    byte   out[4096];
+    byte*  decompressed = NULL;
+    int    outSz;
+    int    decompressedSz;
+    const char* cert = "./certs/client-cert.pem";
+    byte*  cert_buf = NULL;
+    size_t cert_sz = 0;
+
+    ExpectIntEQ(load_file(cert, &cert_buf, &cert_sz), 0);
+    ExpectNotNull((decompressed = (byte*)XMALLOC(cert_sz, heap,
+        DYNAMIC_TYPE_TMP_BUFFER)));
+    decompressedSz = (int)cert_sz;
+    ExpectNotNull((pkcs7 = wc_PKCS7_New(heap, testDevId)));
+
+    if (pkcs7 != NULL) {
+        pkcs7->content    = (byte*)cert_buf;
+        pkcs7->contentSz  = (word32)cert_sz;
+        pkcs7->contentOID = DATA;
+    }
+
+    ExpectIntGT((outSz = wc_PKCS7_EncodeCompressedData(pkcs7, out,
+        sizeof(out))), 0);
+    wc_PKCS7_Free(pkcs7);
+    pkcs7 = NULL;
+
+    /* compressed key should be smaller than when started */
+    ExpectIntLT(outSz, cert_sz);
+
+    /* test decompression */
+    ExpectNotNull((pkcs7 = wc_PKCS7_New(heap, testDevId)));
+    ExpectIntEQ(pkcs7->contentOID, 0);
+
+    /* fail case with out buffer too small */
+    ExpectIntLT(wc_PKCS7_DecodeCompressedData(pkcs7, out, outSz,
+        decompressed, outSz), 0);
+
+    /* success case */
+    ExpectIntEQ(wc_PKCS7_DecodeCompressedData(pkcs7, out, outSz,
+        decompressed, decompressedSz), cert_sz);
+    ExpectIntEQ(pkcs7->contentOID, DATA);
+    ExpectIntEQ(XMEMCMP(decompressed, cert_buf, cert_sz), 0);
+    XFREE(decompressed, heap, DYNAMIC_TYPE_TMP_BUFFER);
+    decompressed = NULL;
+
+    /* test decompression function with different 'max' inputs */
+    outSz = sizeof(out);
+    ExpectIntGT((outSz = wc_Compress(out, outSz, cert_buf, (word32)cert_sz, 0)),
+        0);
+    ExpectIntLT(wc_DeCompressDynamic(&decompressed, 1, DYNAMIC_TYPE_TMP_BUFFER,
+        out, outSz, 0, heap), 0);
+    ExpectNull(decompressed);
+    ExpectIntGT(wc_DeCompressDynamic(&decompressed, -1, DYNAMIC_TYPE_TMP_BUFFER,
+        out, outSz, 0, heap), 0);
+    ExpectNotNull(decompressed);
+    ExpectIntEQ(XMEMCMP(decompressed, cert_buf, cert_sz), 0);
+    XFREE(decompressed, heap, DYNAMIC_TYPE_TMP_BUFFER);
+    decompressed = NULL;
+
+    ExpectIntGT(wc_DeCompressDynamic(&decompressed, DYNAMIC_TYPE_TMP_BUFFER, 5,
+        out, outSz, 0, heap), 0);
+    ExpectNotNull(decompressed);
+    ExpectIntEQ(XMEMCMP(decompressed, cert_buf, cert_sz), 0);
+    XFREE(decompressed, heap, DYNAMIC_TYPE_TMP_BUFFER);
+
+    if (cert_buf != NULL)
+        free(cert_buf);
+    wc_PKCS7_Free(pkcs7);
+#endif
+    return EXPECT_RESULT();
+}
+
+
diff --git a/tests/api/test_pkcs7.h b/tests/api/test_pkcs7.h
new file mode 100644
index 000000000..b07825e92
--- /dev/null
+++ b/tests/api/test_pkcs7.h
@@ -0,0 +1,85 @@
+/* test_pkcs7.h
+ *
+ * Copyright (C) 2006-2025 wolfSSL Inc.
+ *
+ * This file is part of wolfSSL.
+ *
+ * wolfSSL is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * wolfSSL is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA
+ */
+
+#ifndef WOLFCRYPT_TEST_PKCS7_H
+#define WOLFCRYPT_TEST_PKCS7_H
+
+#include <tests/api/api_decl.h>
+
+int test_wc_PKCS7_New(void);
+int test_wc_PKCS7_Init(void);
+int test_wc_PKCS7_InitWithCert(void);
+int test_wc_PKCS7_EncodeData(void);
+int test_wc_PKCS7_EncodeSignedData(void);
+int test_wc_PKCS7_EncodeSignedData_ex(void);
+int test_wc_PKCS7_VerifySignedData_RSA(void);
+int test_wc_PKCS7_VerifySignedData_ECC(void);
+int test_wc_PKCS7_DecodeEnvelopedData_stream(void);
+int test_wc_PKCS7_EncodeDecodeEnvelopedData(void);
+int test_wc_PKCS7_SetAESKeyWrapUnwrapCb(void);
+int test_wc_PKCS7_GetEnvelopedDataKariRid(void);
+int test_wc_PKCS7_EncodeEncryptedData(void);
+int test_wc_PKCS7_DecodeEncryptedKeyPackage(void);
+int test_wc_PKCS7_DecodeSymmetricKeyPackage(void);
+int test_wc_PKCS7_DecodeOneSymmetricKey(void);
+int test_wc_PKCS7_Degenerate(void);
+int test_wc_PKCS7_BER(void);
+int test_wc_PKCS7_signed_enveloped(void);
+int test_wc_PKCS7_NoDefaultSignedAttribs(void);
+int test_wc_PKCS7_SetOriEncryptCtx(void);
+int test_wc_PKCS7_SetOriDecryptCtx(void);
+int test_wc_PKCS7_DecodeCompressedData(void);
+
+
+#define TEST_PKCS7_DECLS                                        \
+    TEST_DECL_GROUP("pkcs7", test_wc_PKCS7_New),                \
+    TEST_DECL_GROUP("pkcs7", test_wc_PKCS7_Init)
+
+#define TEST_PKCS7_SIGNED_DATA_DECLS                                    \
+    TEST_DECL_GROUP("pkcs7_sd", test_wc_PKCS7_InitWithCert),            \
+    TEST_DECL_GROUP("pkcs7_sd", test_wc_PKCS7_EncodeData),              \
+    TEST_DECL_GROUP("pkcs7_sd", test_wc_PKCS7_EncodeSignedData),        \
+    TEST_DECL_GROUP("pkcs7_sd", test_wc_PKCS7_EncodeSignedData_ex),     \
+    TEST_DECL_GROUP("pkcs7_sd", test_wc_PKCS7_VerifySignedData_RSA),    \
+    TEST_DECL_GROUP("pkcs7_sd", test_wc_PKCS7_VerifySignedData_ECC),    \
+    TEST_DECL_GROUP("pkcs7_sd", test_wc_PKCS7_Degenerate),              \
+    TEST_DECL_GROUP("pkcs7_sd", test_wc_PKCS7_BER),                     \
+    TEST_DECL_GROUP("pkcs7_sd", test_wc_PKCS7_NoDefaultSignedAttribs)
+
+#define TEST_PKCS7_ENCRYPTED_DATA_DECLS                                     \
+    TEST_DECL_GROUP("pkcs7_ed", test_wc_PKCS7_DecodeEnvelopedData_stream),  \
+    TEST_DECL_GROUP("pkcs7_ed", test_wc_PKCS7_EncodeDecodeEnvelopedData),   \
+    TEST_DECL_GROUP("pkcs7_ed", test_wc_PKCS7_SetAESKeyWrapUnwrapCb),       \
+    TEST_DECL_GROUP("pkcs7_ed", test_wc_PKCS7_GetEnvelopedDataKariRid),     \
+    TEST_DECL_GROUP("pkcs7_ed", test_wc_PKCS7_EncodeEncryptedData),         \
+    TEST_DECL_GROUP("pkcs7_ed", test_wc_PKCS7_DecodeEncryptedKeyPackage),   \
+    TEST_DECL_GROUP("pkcs7_ed", test_wc_PKCS7_DecodeSymmetricKeyPackage),   \
+    TEST_DECL_GROUP("pkcs7_ed", test_wc_PKCS7_DecodeOneSymmetricKey),       \
+    TEST_DECL_GROUP("pkcs7_ed", test_wc_PKCS7_SetOriEncryptCtx),            \
+    TEST_DECL_GROUP("pkcs7_ed", test_wc_PKCS7_SetOriDecryptCtx)
+
+#define TEST_PKCS7_SIGNED_ENCRYPTED_DATA_DECLS                              \
+    TEST_DECL_GROUP("pkcs7_sed", test_wc_PKCS7_signed_enveloped)
+
+#define TEST_PKCS7_COMPRESSED_DATA_DECLS                                    \
+    TEST_DECL_GROUP("pkcs7_cd", test_wc_PKCS7_DecodeCompressedData)
+
+#endif /* WOLFCRYPT_TEST_PKCS7_H */
diff --git a/tests/api/test_rsa.c b/tests/api/test_rsa.c
index 27b64d818..895ca78a7 100644
--- a/tests/api/test_rsa.c
+++ b/tests/api/test_rsa.c
@@ -616,53 +616,100 @@ int test_wc_RsaPSS_VerifyCheckInline(void)
 int test_wc_RsaKeyToDer(void)
 {
     EXPECT_DECLS;
-#if !defined(NO_RSA) && defined(WOLFSSL_KEY_GEN)
-    RsaKey genKey;
-    WC_RNG rng;
+#if !defined(NO_RSA) && \
+    (defined(WOLFSSL_KEY_GEN) || defined(WOLFSSL_KEY_TO_DER))
+    RsaKey key;
     byte*  der = NULL;
+    word32 derSz = 0;
+#if defined(WOLFSSL_KEY_GEN)
+    WC_RNG rng;
 #if (!defined(WOLFSSL_SP_MATH) || defined(WOLFSSL_SP_MATH_ALL)) && \
     (!defined(HAVE_FIPS_VERSION) || (HAVE_FIPS_VERSION < 4)) && \
     (defined(RSA_MIN_SIZE) && (RSA_MIN_SIZE <= 1024))
-    int     bits = 1024;
-    word32  derSz = 611;
-    /* (2 x 128) + 2 (possible leading 00) + (5 x 64) + 5 (possible leading 00)
-       + 3 (e) + 8 (ASN tag) + 10 (ASN length) + 4 seqSz + 3 version */
+    int    bits = 1024;
 #else
-    int     bits = 2048;
-    word32  derSz = 1196;
-    /* (2 x 256) + 2 (possible leading 00) + (5 x 128) + 5 (possible leading 00)
-       + 3 (e) + 8 (ASN tag) + 17 (ASN length) + 4 seqSz + 3 version */
+    int    bits = 2048;
+#endif
+#else
+    word32 idx = 0;
+    byte* key_der = NULL;
+#if !defined(NO_FILESYSTEM)
+    const char* key_fname = "./certs/client-key.der";
+    XFILE file = XBADFILE;
+#endif
+#endif /* WOLFSSL_KEY_GEN */
+
+#if defined(WOLFSSL_KEY_GEN)
+    XMEMSET(&rng, 0, sizeof(rng));
+#endif
+    XMEMSET(&key, 0, sizeof(key));
+
+    /* Init RSA structure */
+    ExpectIntEQ(wc_InitRsaKey(&key, HEAP_HINT), 0);
+
+#if defined(WOLFSSL_KEY_GEN)
+    /* Init RMG */
+    ExpectIntEQ(wc_InitRng(&rng), 0);
+    /* Make key */
+    ExpectIntEQ(MAKE_RSA_KEY(&key, bits, WC_RSA_EXPONENT, &rng), 0);
+#else
+    /* Import a key */
+#if !defined(NO_FILESYSTEM)
+    ExpectTrue((file = XFOPEN(key_fname, "rb")) != XBADFILE);
+    ExpectIntEQ(XFSEEK(file, 0, XSEEK_END), 0);
+    ExpectIntGT(derSz = (word32)XFTELL(file), 0);
+    ExpectIntEQ(XFSEEK(file, 0, XSEEK_SET), 0);
+    ExpectNotNull(key_der = (byte*)XMALLOC(derSz, NULL,
+        DYNAMIC_TYPE_TMP_BUFFER));
+    ExpectIntEQ((int)XFREAD(key_der, 1, derSz, file), derSz);
+    XFCLOSE(file);
+#elif defined(USE_CERT_BUFFERS_1024) && \
+    (defined(RSA_MIN_SIZE) && (RSA_MIN_SIZE <= 1024))
+    key_der = (byte*)client_key_der_1024;
+    derSz = (word32)sizeof_client_key_der_1024;
+#elif defined(USE_CERT_BUFFERS_2048)
+    key_der = (byte*)client_key_der_2048;
+    derSz = (word32)sizeof_client_key_der_2048;
+#elif defined(USE_CERT_BUFFERS_3072)
+    key_der = (byte*)client_key_der_3072;
+    derSz = (word32)sizeof_client_key_der_3072;
+#elif defined(USE_CERT_BUFFERS_4096)
+    key_der = (byte*)client_key_der_4096;
+    derSz = (word32)sizeof_client_key_der_4096;
 #endif
 
-    XMEMSET(&rng, 0, sizeof(rng));
-    XMEMSET(&genKey, 0, sizeof(genKey));
+    /* Import private key */
+    ExpectIntEQ(wc_RsaPrivateKeyDecode(key_der, &idx, &key, derSz), 0);
 
+#if !defined(NO_FILESYSTEM)
+    XFREE(key_der, NULL, DYNAMIC_TYPE_TMP_BUFFER);
+#endif
+#endif /* WOLFSSL_KEY_GEN */
+
+    /* Get output length */
+    ExpectIntGT((derSz = wc_RsaKeyToDer(&key, NULL, 0)), 0);
     ExpectNotNull(der = (byte*)XMALLOC(derSz, NULL, DYNAMIC_TYPE_TMP_BUFFER));
-    /* Init structures. */
-    ExpectIntEQ(wc_InitRsaKey(&genKey, HEAP_HINT), 0);
-    ExpectIntEQ(wc_InitRng(&rng), 0);
-    /* Make key. */
-    ExpectIntEQ(MAKE_RSA_KEY(&genKey, bits, WC_RSA_EXPONENT, &rng), 0);
 
-    ExpectIntGT(wc_RsaKeyToDer(&genKey, der, derSz), 0);
+    /* Test exporting private key to DER */
+    ExpectIntGT(wc_RsaKeyToDer(&key, der, derSz), 0);
 
     /* Pass good/bad args. */
-    ExpectIntEQ(wc_RsaKeyToDer(NULL, der, FOURK_BUF),
+    ExpectIntEQ(wc_RsaKeyToDer(NULL, der, derSz),
         WC_NO_ERR_TRACE(BAD_FUNC_ARG));
-    /* Get just the output length */
-    ExpectIntGT(wc_RsaKeyToDer(&genKey, NULL, 0), 0);
     /* Try Public Key. */
-    genKey.type = 0;
-    ExpectIntEQ(wc_RsaKeyToDer(&genKey, der, FOURK_BUF),
+    key.type = 0;
+    ExpectIntEQ(wc_RsaKeyToDer(&key, der, derSz),
         WC_NO_ERR_TRACE(BAD_FUNC_ARG));
     #ifdef WOLFSSL_CHECK_MEM_ZERO
         /* Put back to Private Key */
-        genKey.type = 1;
+        key.type = 1;
     #endif
 
     XFREE(der, NULL, DYNAMIC_TYPE_TMP_BUFFER);
-    DoExpectIntEQ(wc_FreeRsaKey(&genKey), 0);
-    DoExpectIntEQ(wc_FreeRng(&rng), 0);
+    DoExpectIntEQ(wc_FreeRsaKey(&key), 0);
+    #if defined(WOLFSSL_KEY_GEN)
+        DoExpectIntEQ(wc_FreeRng(&rng), 0);
+    #endif
 #endif
     return EXPECT_RESULT();
 } /* END test_wc_RsaKeyToDer */
@@ -724,7 +771,8 @@ int test_wc_RsaKeyToPublicDer(void)
 int test_wc_RsaPublicEncryptDecrypt(void)
 {
     EXPECT_DECLS;
-#if !defined(NO_RSA) && defined(WOLFSSL_KEY_GEN)
+#if !defined(NO_RSA) && defined(WOLFSSL_KEY_GEN) && \
+    !defined(WOLFSSL_RSA_PUBLIC_ONLY)
     RsaKey key;
     WC_RNG rng;
     const char inStr[] = TEST_STRING;
@@ -793,14 +841,16 @@ int test_wc_RsaPublicEncryptDecrypt_ex(void)
     WC_RNG  rng;
     const char inStr[] = TEST_STRING;
     const word32 inLen = (word32)TEST_STRING_SZ;
-    const word32 plainSz = (word32)TEST_STRING_SZ;
-    byte*   res = NULL;
     int     idx = 0;
     int          bits = TEST_RSA_BITS;
     const word32 cipherSz = TEST_RSA_BYTES;
+#ifndef WOLFSSL_RSA_PUBLIC_ONLY
+    const word32 plainSz = (word32)TEST_STRING_SZ;
+    byte*   res = NULL;
 
-    WC_DECLARE_VAR(in, byte, TEST_STRING_SZ, NULL);
     WC_DECLARE_VAR(plain, byte, TEST_STRING_SZ, NULL);
+#endif
+    WC_DECLARE_VAR(in, byte, TEST_STRING_SZ, NULL);
     WC_DECLARE_VAR(cipher, byte, TEST_RSA_BYTES, NULL);
 
     WC_ALLOC_VAR(in, byte, TEST_STRING_SZ, NULL);
diff --git a/tests/api/test_tls13.c b/tests/api/test_tls13.c
new file mode 100644
index 000000000..b63a2f02a
--- /dev/null
+++ b/tests/api/test_tls13.c
@@ -0,0 +1,2193 @@
+/* test_tls13.c
+ *
+ * Copyright (C) 2006-2025 wolfSSL Inc.
+ *
+ * This file is part of wolfSSL.
+ *
+ * wolfSSL is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * wolfSSL is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA
+ */
+
+#include <tests/unit.h>
+
+#ifdef NO_INLINE
+    #include <wolfssl/wolfcrypt/misc.h>
+#else
+    #define WOLFSSL_MISC_INCLUDED
+    #include <wolfcrypt/src/misc.c>
+#endif
+
+#include <wolfssl/ssl.h>
+#include <wolfssl/internal.h>
+#include <tests/api/api.h>
+#include <tests/utils.h>
+#include <tests/api/test_tls13.h>
+
+#if defined(WOLFSSL_SEND_HRR_COOKIE) && !defined(NO_WOLFSSL_SERVER)
+#ifdef WC_SHA384_DIGEST_SIZE
+    static byte fixedKey[WC_SHA384_DIGEST_SIZE] = { 0, };
+#else
+    static byte fixedKey[WC_SHA256_DIGEST_SIZE] = { 0, };
+#endif
+#endif
+#ifdef WOLFSSL_EARLY_DATA
+static const char earlyData[] = "Early Data";
+static       char earlyDataBuffer[1];
+#endif
+
+int test_tls13_apis(void)
+{
+    EXPECT_DECLS;
+#ifdef WOLFSSL_TLS13
+#if defined(HAVE_SUPPORTED_CURVES) && defined(HAVE_ECC) && \
+    (!defined(NO_WOLFSSL_SERVER) || !defined(NO_WOLFSSL_CLIENT))
+    int          ret;
+#endif
+#ifndef WOLFSSL_NO_TLS12
+#ifndef NO_WOLFSSL_CLIENT
+    WOLFSSL_CTX* clientTls12Ctx = NULL;
+    WOLFSSL*     clientTls12Ssl = NULL;
+#endif
+#ifndef NO_WOLFSSL_SERVER
+    WOLFSSL_CTX* serverTls12Ctx = NULL;
+    WOLFSSL*     serverTls12Ssl = NULL;
+#endif
+#endif
+#ifndef NO_WOLFSSL_CLIENT
+    WOLFSSL_CTX* clientCtx = NULL;
+    WOLFSSL*     clientSsl = NULL;
+#endif
+#ifndef NO_WOLFSSL_SERVER
+    WOLFSSL_CTX* serverCtx = NULL;
+    WOLFSSL*     serverSsl = NULL;
+#if !defined(NO_CERTS) && !defined(NO_FILESYSTEM)
+#ifndef NO_RSA
+    const char*  ourCert = svrCertFile;
+    const char*  ourKey  = svrKeyFile;
+#elif defined(HAVE_ECC)
+    const char*  ourCert = eccCertFile;
+    const char*  ourKey  = eccKeyFile;
+#elif defined(HAVE_ED25519)
+    const char*  ourCert = edCertFile;
+    const char*  ourKey  = edKeyFile;
+#elif defined(HAVE_ED448)
+    const char*  ourCert = ed448CertFile;
+    const char*  ourKey  = ed448KeyFile;
+#endif
+#endif
+#endif
+    int          required;
+#ifdef WOLFSSL_EARLY_DATA
+    int          outSz;
+#endif
+#if defined(HAVE_ECC) && defined(HAVE_SUPPORTED_CURVES)
+    int          groups[2] = { WOLFSSL_ECC_SECP256R1,
+#ifdef WOLFSSL_HAVE_MLKEM
+#ifdef WOLFSSL_MLKEM_KYBER
+    #ifndef WOLFSSL_NO_KYBER512
+                               WOLFSSL_KYBER_LEVEL1
+    #elif !defined(WOLFSSL_NO_KYBER768)
+                               WOLFSSL_KYBER_LEVEL3
+    #else
+                               WOLFSSL_KYBER_LEVEL5
+    #endif
+#else
+    #ifndef WOLFSSL_NO_ML_KEM_512
+                               WOLFSSL_ML_KEM_512
+    #elif !defined(WOLFSSL_NO_ML_KEM_768)
+                               WOLFSSL_ML_KEM_768
+    #else
+                               WOLFSSL_ML_KEM_1024
+    #endif
+#endif
+#else
+                               WOLFSSL_ECC_SECP256R1
+#endif
+                             };
+#if !defined(NO_WOLFSSL_SERVER) || !defined(NO_WOLFSSL_CLIENT)
+    int          bad_groups[2] = { 0xDEAD, 0xBEEF };
+#endif /* !NO_WOLFSSL_SERVER || !NO_WOLFSSL_CLIENT */
+    int          numGroups = 2;
+#endif
+#if defined(OPENSSL_EXTRA) && defined(HAVE_ECC)
+    char         groupList[] =
+#ifdef HAVE_CURVE25519
+            "X25519:"
+#endif
+#ifdef HAVE_CURVE448
+            "X448:"
+#endif
+#ifndef NO_ECC_SECP
+#if (defined(HAVE_ECC521) || defined(HAVE_ALL_CURVES)) && ECC_MIN_KEY_SZ <= 521
+            "P-521:secp521r1:"
+#endif
+#if (defined(HAVE_ECC384) || defined(HAVE_ALL_CURVES)) && ECC_MIN_KEY_SZ <= 384
+            "P-384:secp384r1:"
+#endif
+#if (!defined(NO_ECC256)  || defined(HAVE_ALL_CURVES)) && ECC_MIN_KEY_SZ <= 256
+            "P-256:secp256r1"
+#if defined(WOLFSSL_HAVE_MLKEM) && !defined(WOLFSSL_MLKEM_NO_MALLOC) && \
+    !defined(WOLFSSL_MLKEM_NO_MAKE_KEY) && \
+    !defined(WOLFSSL_MLKEM_NO_ENCAPSULATE) && \
+    !defined(WOLFSSL_MLKEM_NO_DECAPSULATE)
+#ifdef WOLFSSL_MLKEM_KYBER
+    #ifndef WOLFSSL_NO_KYBER512
+            ":P256_KYBER_LEVEL1"
+    #elif !defined(WOLFSSL_NO_KYBER768)
+            ":P256_KYBER_LEVEL3"
+    #else
+            ":P256_KYBER_LEVEL5"
+    #endif
+#else
+    #ifndef WOLFSSL_NO_KYBER512
+            ":SecP256r1MLKEM512"
+    #elif !defined(WOLFSSL_NO_KYBER768)
+            ":SecP384r1MLKEM768"
+    #else
+            ":SecP521r1MLKEM1024"
+    #endif
+#endif
+#endif
+#endif
+#endif /* !defined(NO_ECC_SECP) */
+#if defined(WOLFSSL_HAVE_MLKEM) && !defined(WOLFSSL_MLKEM_NO_MALLOC) && \
+    !defined(WOLFSSL_MLKEM_NO_MAKE_KEY) && \
+    !defined(WOLFSSL_MLKEM_NO_ENCAPSULATE) && \
+    !defined(WOLFSSL_MLKEM_NO_DECAPSULATE)
+#ifdef WOLFSSL_MLKEM_KYBER
+    #ifndef WOLFSSL_NO_KYBER512
+            ":KYBER_LEVEL1"
+    #elif !defined(WOLFSSL_NO_KYBER768)
+            ":KYBER_LEVEL3"
+    #else
+            ":KYBER_LEVEL5"
+    #endif
+#else
+    #ifndef WOLFSSL_NO_KYBER512
+            ":ML_KEM_512"
+    #elif !defined(WOLFSSL_NO_KYBER768)
+            ":ML_KEM_768"
+    #else
+            ":ML_KEM_1024"
+    #endif
+#endif
+#endif
+            "";
+#endif /* defined(OPENSSL_EXTRA) && defined(HAVE_ECC) */
+#if defined(WOLFSSL_HAVE_MLKEM) && !defined(WOLFSSL_MLKEM_NO_MALLOC) && \
+    !defined(WOLFSSL_MLKEM_NO_MAKE_KEY) && \
+    !defined(WOLFSSL_MLKEM_NO_ENCAPSULATE) && \
+    !defined(WOLFSSL_MLKEM_NO_DECAPSULATE)
+    int mlkemLevel;
+#endif
+
+#ifndef WOLFSSL_NO_TLS12
+#ifndef NO_WOLFSSL_CLIENT
+    clientTls12Ctx = wolfSSL_CTX_new(wolfTLSv1_2_client_method());
+    clientTls12Ssl = wolfSSL_new(clientTls12Ctx);
+#endif
+#ifndef NO_WOLFSSL_SERVER
+    serverTls12Ctx = wolfSSL_CTX_new(wolfTLSv1_2_server_method());
+#if !defined(NO_CERTS)
+    #if !defined(NO_FILESYSTEM)
+    wolfSSL_CTX_use_certificate_chain_file(serverTls12Ctx, ourCert);
+    wolfSSL_CTX_use_PrivateKey_file(serverTls12Ctx, ourKey,
+        CERT_FILETYPE);
+    #elif defined(USE_CERT_BUFFERS_2048)
+    wolfSSL_CTX_use_certificate_chain_buffer_format(serverTls12Ctx,
+        server_cert_der_2048, sizeof_server_cert_der_2048,
+        WOLFSSL_FILETYPE_ASN1);
+    wolfSSL_CTX_use_PrivateKey_buffer(serverTls12Ctx, server_key_der_2048,
+        sizeof_server_key_der_2048, WOLFSSL_FILETYPE_ASN1);
+    #elif defined(USE_CERT_BUFFERS_256)
+    wolfSSL_CTX_use_certificate_chain_buffer_format(serverTls12Ctx,
+        serv_ecc_der_256, sizeof_serv_ecc_der_256, WOLFSSL_FILETYPE_ASN1);
+    wolfSSL_CTX_use_PrivateKey_buffer(serverTls12Ctx, ecc_key_der_256,
+        sizeof_ecc_key_der_256, WOLFSSL_FILETYPE_ASN1);
+    #endif
+#endif
+    serverTls12Ssl = wolfSSL_new(serverTls12Ctx);
+#endif
+#endif
+
+#ifndef NO_WOLFSSL_CLIENT
+    clientCtx = wolfSSL_CTX_new(wolfTLSv1_3_client_method());
+    clientSsl = wolfSSL_new(clientCtx);
+#endif
+#ifndef NO_WOLFSSL_SERVER
+    serverCtx = wolfSSL_CTX_new(wolfTLSv1_3_server_method());
+#if !defined(NO_CERTS)
+    /* ignore load failures, since we just need the server to have a cert set */
+    #if !defined(NO_FILESYSTEM)
+    wolfSSL_CTX_use_certificate_chain_file(serverCtx, ourCert);
+    wolfSSL_CTX_use_PrivateKey_file(serverCtx, ourKey, CERT_FILETYPE);
+    #elif defined(USE_CERT_BUFFERS_2048)
+    wolfSSL_CTX_use_certificate_chain_buffer_format(serverCtx,
+        server_cert_der_2048, sizeof_server_cert_der_2048,
+        WOLFSSL_FILETYPE_ASN1);
+    wolfSSL_CTX_use_PrivateKey_buffer(serverCtx, server_key_der_2048,
+        sizeof_server_key_der_2048, WOLFSSL_FILETYPE_ASN1);
+    #elif defined(USE_CERT_BUFFERS_256)
+    wolfSSL_CTX_use_certificate_chain_buffer_format(serverCtx, serv_ecc_der_256,
+        sizeof_serv_ecc_der_256, WOLFSSL_FILETYPE_ASN1);
+    wolfSSL_CTX_use_PrivateKey_buffer(serverCtx, ecc_key_der_256,
+        sizeof_ecc_key_der_256, WOLFSSL_FILETYPE_ASN1);
+    #endif
+#endif
+    serverSsl = wolfSSL_new(serverCtx);
+    ExpectNotNull(serverSsl);
+#endif
+
+#ifdef WOLFSSL_SEND_HRR_COOKIE
+    ExpectIntEQ(wolfSSL_send_hrr_cookie(NULL, NULL, 0),
+        WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+#ifndef NO_WOLFSSL_CLIENT
+    ExpectIntEQ(wolfSSL_send_hrr_cookie(clientSsl, NULL, 0),
+        WC_NO_ERR_TRACE(SIDE_ERROR));
+#endif
+#ifndef NO_WOLFSSL_SERVER
+#ifndef WOLFSSL_NO_TLS12
+    ExpectIntEQ(wolfSSL_send_hrr_cookie(serverTls12Ssl, NULL, 0),
+        WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+#endif
+
+    ExpectIntEQ(wolfSSL_send_hrr_cookie(serverSsl, NULL, 0), WOLFSSL_SUCCESS);
+    ExpectIntEQ(wolfSSL_send_hrr_cookie(serverSsl, fixedKey, sizeof(fixedKey)),
+        WOLFSSL_SUCCESS);
+#endif
+#endif
+
+#ifdef HAVE_SUPPORTED_CURVES
+#ifdef HAVE_ECC
+    ExpectIntEQ(wolfSSL_UseKeyShare(NULL, WOLFSSL_ECC_SECP256R1),
+        WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+#ifndef NO_WOLFSSL_SERVER
+    do {
+        ret = wolfSSL_UseKeyShare(serverSsl, WOLFSSL_ECC_SECP256R1);
+    #ifdef WOLFSSL_ASYNC_CRYPT
+        if (ret == WC_NO_ERR_TRACE(WC_PENDING_E))
+            wolfSSL_AsyncPoll(serverSsl, WOLF_POLL_FLAG_CHECK_HW);
+    #endif
+    }
+    while (ret == WC_NO_ERR_TRACE(WC_PENDING_E));
+    ExpectIntEQ(ret, WOLFSSL_SUCCESS);
+#endif
+#ifndef NO_WOLFSSL_CLIENT
+#ifndef WOLFSSL_NO_TLS12
+    do {
+        ret = wolfSSL_UseKeyShare(clientTls12Ssl, WOLFSSL_ECC_SECP256R1);
+    #ifdef WOLFSSL_ASYNC_CRYPT
+        if (ret == WC_NO_ERR_TRACE(WC_PENDING_E))
+            wolfSSL_AsyncPoll(clientTls12Ssl, WOLF_POLL_FLAG_CHECK_HW);
+    #endif
+    }
+    while (ret == WC_NO_ERR_TRACE(WC_PENDING_E));
+    ExpectIntEQ(ret, WOLFSSL_SUCCESS);
+#endif
+    do {
+        ret = wolfSSL_UseKeyShare(clientSsl, WOLFSSL_ECC_SECP256R1);
+    #ifdef WOLFSSL_ASYNC_CRYPT
+        if (ret == WC_NO_ERR_TRACE(WC_PENDING_E))
+            wolfSSL_AsyncPoll(clientSsl, WOLF_POLL_FLAG_CHECK_HW);
+    #endif
+    }
+    while (ret == WC_NO_ERR_TRACE(WC_PENDING_E));
+    ExpectIntEQ(ret, WOLFSSL_SUCCESS);
+#endif
+#elif defined(HAVE_CURVE25519)
+    ExpectIntEQ(wolfSSL_UseKeyShare(NULL, WOLFSSL_ECC_X25519),
+        WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+#ifndef NO_WOLFSSL_SERVER
+    ExpectIntEQ(wolfSSL_UseKeyShare(serverSsl, WOLFSSL_ECC_X25519),
+        WOLFSSL_SUCCESS);
+#endif
+#ifndef NO_WOLFSSL_CLIENT
+#ifndef WOLFSSL_NO_TLS12
+    ExpectIntEQ(wolfSSL_UseKeyShare(clientTls12Ssl, WOLFSSL_ECC_X25519),
+        WOLFSSL_SUCCESS);
+#endif
+    ExpectIntEQ(wolfSSL_UseKeyShare(clientSsl, WOLFSSL_ECC_X25519),
+        WOLFSSL_SUCCESS);
+#endif
+#elif defined(HAVE_CURVE448)
+    ExpectIntEQ(wolfSSL_UseKeyShare(NULL, WOLFSSL_ECC_X448),
+        WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+#ifndef NO_WOLFSSL_SERVER
+    ExpectIntEQ(wolfSSL_UseKeyShare(serverSsl, WOLFSSL_ECC_X448),
+        WOLFSSL_SUCCESS);
+#endif
+#ifndef NO_WOLFSSL_CLIENT
+#ifndef WOLFSSL_NO_TLS12
+    ExpectIntEQ(wolfSSL_UseKeyShare(clientTls12Ssl, WOLFSSL_ECC_X448),
+        WOLFSSL_SUCCESS);
+#endif
+    ExpectIntEQ(wolfSSL_UseKeyShare(clientSsl, WOLFSSL_ECC_X448),
+        WOLFSSL_SUCCESS);
+#endif
+#else
+    ExpectIntEQ(wolfSSL_UseKeyShare(NULL, WOLFSSL_ECC_SECP256R1),
+        WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+#ifndef NO_WOLFSSL_CLIENT
+#ifndef WOLFSSL_NO_TLS12
+    ExpectIntEQ(wolfSSL_UseKeyShare(clientTls12Ssl, WOLFSSL_ECC_SECP256R1),
+        WC_NO_ERR_TRACE(NOT_COMPILED_IN));
+#endif
+    ExpectIntEQ(wolfSSL_UseKeyShare(clientSsl, WOLFSSL_ECC_SECP256R1),
+        WC_NO_ERR_TRACE(NOT_COMPILED_IN));
+#endif
+#endif
+
+#if defined(WOLFSSL_HAVE_MLKEM) && !defined(WOLFSSL_MLKEM_NO_MALLOC) && \
+    !defined(WOLFSSL_MLKEM_NO_MAKE_KEY) && \
+    !defined(WOLFSSL_MLKEM_NO_ENCAPSULATE) && \
+    !defined(WOLFSSL_MLKEM_NO_DECAPSULATE)
+#ifndef WOLFSSL_NO_ML_KEM
+#ifndef WOLFSSL_NO_ML_KEM_768
+    mlkemLevel = WOLFSSL_ML_KEM_768;
+#elif !defined(WOLFSSL_NO_ML_KEM_1024)
+    mlkemLevel = WOLFSSL_ML_KEM_1024;
+#else
+    mlkemLevel = WOLFSSL_ML_KEM_512;
+#endif
+#else
+#ifndef WOLFSSL_NO_KYBER768
+    mlkemLevel = WOLFSSL_KYBER_LEVEL3;
+#elif !defined(WOLFSSL_NO_KYBER1024)
+    mlkemLevel = WOLFSSL_KYBER_LEVEL5;
+#else
+    mlkemLevel = WOLFSSL_KYBER_LEVEL1;
+#endif
+#endif
+    ExpectIntEQ(wolfSSL_UseKeyShare(NULL, mlkemLevel),
+        WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+#ifndef NO_WOLFSSL_SERVER
+    ExpectIntEQ(wolfSSL_UseKeyShare(serverSsl, mlkemLevel),
+        WOLFSSL_SUCCESS);
+#endif
+#ifndef NO_WOLFSSL_CLIENT
+#ifndef WOLFSSL_NO_TLS12
+    ExpectIntEQ(wolfSSL_UseKeyShare(clientTls12Ssl, mlkemLevel),
+        WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+#endif
+    ExpectIntEQ(wolfSSL_UseKeyShare(clientSsl, mlkemLevel),
+        WOLFSSL_SUCCESS);
+#endif
+#endif
+
+    ExpectIntEQ(wolfSSL_NoKeyShares(NULL), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+#ifndef NO_WOLFSSL_SERVER
+    ExpectIntEQ(wolfSSL_NoKeyShares(serverSsl), WC_NO_ERR_TRACE(SIDE_ERROR));
+#endif
+#ifndef NO_WOLFSSL_CLIENT
+#ifndef WOLFSSL_NO_TLS12
+    ExpectIntEQ(wolfSSL_NoKeyShares(clientTls12Ssl), WOLFSSL_SUCCESS);
+#endif
+    ExpectIntEQ(wolfSSL_NoKeyShares(clientSsl), WOLFSSL_SUCCESS);
+#endif
+#endif /* HAVE_SUPPORTED_CURVES */
+
+    ExpectIntEQ(wolfSSL_CTX_no_ticket_TLSv13(NULL),
+        WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+#ifndef NO_WOLFSSL_CLIENT
+    ExpectIntEQ(wolfSSL_CTX_no_ticket_TLSv13(clientCtx),
+        WC_NO_ERR_TRACE(SIDE_ERROR));
+#endif
+#ifndef NO_WOLFSSL_SERVER
+#ifndef WOLFSSL_NO_TLS12
+    ExpectIntEQ(wolfSSL_CTX_no_ticket_TLSv13(serverTls12Ctx),
+        WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+#endif
+    ExpectIntEQ(wolfSSL_CTX_no_ticket_TLSv13(serverCtx), 0);
+#endif
+
+    ExpectIntEQ(wolfSSL_no_ticket_TLSv13(NULL), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+#ifndef NO_WOLFSSL_CLIENT
+    ExpectIntEQ(wolfSSL_no_ticket_TLSv13(clientSsl),
+        WC_NO_ERR_TRACE(SIDE_ERROR));
+#endif
+#ifndef NO_WOLFSSL_SERVER
+#ifndef WOLFSSL_NO_TLS12
+    ExpectIntEQ(wolfSSL_no_ticket_TLSv13(serverTls12Ssl),
+        WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+#endif
+    ExpectIntEQ(wolfSSL_no_ticket_TLSv13(serverSsl), 0);
+#endif
+
+    ExpectIntEQ(wolfSSL_CTX_no_dhe_psk(NULL), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+#ifndef NO_WOLFSSL_CLIENT
+#ifndef WOLFSSL_NO_TLS12
+    ExpectIntEQ(wolfSSL_CTX_no_dhe_psk(clientTls12Ctx),
+        WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+#endif
+    ExpectIntEQ(wolfSSL_CTX_no_dhe_psk(clientCtx), 0);
+#endif
+#ifndef NO_WOLFSSL_SERVER
+    ExpectIntEQ(wolfSSL_CTX_no_dhe_psk(serverCtx), 0);
+#endif
+
+    ExpectIntEQ(wolfSSL_no_dhe_psk(NULL), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+#ifndef NO_WOLFSSL_CLIENT
+#ifndef WOLFSSL_NO_TLS12
+    ExpectIntEQ(wolfSSL_no_dhe_psk(clientTls12Ssl),
+        WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+#endif
+    ExpectIntEQ(wolfSSL_no_dhe_psk(clientSsl), 0);
+#endif
+#ifndef NO_WOLFSSL_SERVER
+    ExpectIntEQ(wolfSSL_no_dhe_psk(serverSsl), 0);
+#endif
+
+    ExpectIntEQ(wolfSSL_update_keys(NULL), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+#ifndef NO_WOLFSSL_CLIENT
+#ifndef WOLFSSL_NO_TLS12
+    ExpectIntEQ(wolfSSL_update_keys(clientTls12Ssl),
+        WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+#endif
+    ExpectIntEQ(wolfSSL_update_keys(clientSsl),
+        WC_NO_ERR_TRACE(BUILD_MSG_ERROR));
+#endif
+#ifndef NO_WOLFSSL_SERVER
+    ExpectIntEQ(wolfSSL_update_keys(serverSsl),
+        WC_NO_ERR_TRACE(BUILD_MSG_ERROR));
+#endif
+
+    ExpectIntEQ(wolfSSL_key_update_response(NULL, NULL),
+        WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    ExpectIntEQ(wolfSSL_key_update_response(NULL, &required),
+        WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+#ifndef NO_WOLFSSL_CLIENT
+#ifndef WOLFSSL_NO_TLS12
+    ExpectIntEQ(wolfSSL_key_update_response(clientTls12Ssl, &required),
+        WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+#endif
+    ExpectIntEQ(wolfSSL_key_update_response(clientSsl, NULL),
+        WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+#endif
+#ifndef NO_WOLFSSL_SERVER
+    ExpectIntEQ(wolfSSL_key_update_response(serverSsl, NULL),
+        WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+#endif
+
+#if !defined(NO_CERTS) && defined(WOLFSSL_POST_HANDSHAKE_AUTH)
+    ExpectIntEQ(wolfSSL_CTX_allow_post_handshake_auth(NULL),
+        WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+#ifndef NO_WOLFSSL_SERVER
+    ExpectIntEQ(wolfSSL_CTX_allow_post_handshake_auth(serverCtx),
+        WC_NO_ERR_TRACE(SIDE_ERROR));
+#endif
+#ifndef NO_WOLFSSL_CLIENT
+#ifndef WOLFSSL_NO_TLS12
+    ExpectIntEQ(wolfSSL_CTX_allow_post_handshake_auth(clientTls12Ctx),
+        WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+#endif
+    ExpectIntEQ(wolfSSL_CTX_allow_post_handshake_auth(clientCtx), 0);
+#endif
+
+    ExpectIntEQ(wolfSSL_allow_post_handshake_auth(NULL),
+        WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+#ifndef NO_WOLFSSL_SERVER
+    ExpectIntEQ(wolfSSL_allow_post_handshake_auth(serverSsl),
+        WC_NO_ERR_TRACE(SIDE_ERROR));
+#endif
+#ifndef NO_WOLFSSL_CLIENT
+#ifndef WOLFSSL_NO_TLS12
+    ExpectIntEQ(wolfSSL_allow_post_handshake_auth(clientTls12Ssl),
+        WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+#endif
+    ExpectIntEQ(wolfSSL_allow_post_handshake_auth(clientSsl), 0);
+#endif
+
+    ExpectIntEQ(wolfSSL_request_certificate(NULL),
+        WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+#ifndef NO_WOLFSSL_CLIENT
+    ExpectIntEQ(wolfSSL_request_certificate(clientSsl),
+        WC_NO_ERR_TRACE(SIDE_ERROR));
+#endif
+#ifndef NO_WOLFSSL_SERVER
+#ifndef WOLFSSL_NO_TLS12
+    ExpectIntEQ(wolfSSL_request_certificate(serverTls12Ssl),
+        WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+#endif
+    ExpectIntEQ(wolfSSL_request_certificate(serverSsl),
+        WC_NO_ERR_TRACE(NOT_READY_ERROR));
+#endif
+#endif
+
+#ifdef HAVE_ECC
+#ifndef WOLFSSL_NO_SERVER_GROUPS_EXT
+    ExpectIntEQ(wolfSSL_preferred_group(NULL), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+#ifndef NO_WOLFSSL_SERVER
+    ExpectIntEQ(wolfSSL_preferred_group(serverSsl),
+        WC_NO_ERR_TRACE(SIDE_ERROR));
+#endif
+#ifndef NO_WOLFSSL_CLIENT
+#ifndef WOLFSSL_NO_TLS12
+    ExpectIntEQ(wolfSSL_preferred_group(clientTls12Ssl),
+        WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+#endif
+    ExpectIntEQ(wolfSSL_preferred_group(clientSsl),
+        WC_NO_ERR_TRACE(NOT_READY_ERROR));
+#endif
+#endif
+
+#ifdef HAVE_SUPPORTED_CURVES
+    ExpectIntEQ(wolfSSL_CTX_set_groups(NULL, NULL, 0),
+        WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+#ifndef NO_WOLFSSL_CLIENT
+    ExpectIntEQ(wolfSSL_CTX_set_groups(clientCtx, NULL, 0),
+        WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+#endif
+    ExpectIntEQ(wolfSSL_CTX_set_groups(NULL, groups, numGroups),
+        WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+#ifndef NO_WOLFSSL_CLIENT
+#ifndef WOLFSSL_NO_TLS12
+    ExpectIntEQ(wolfSSL_CTX_set_groups(clientTls12Ctx, groups, numGroups),
+        WOLFSSL_SUCCESS);
+#endif
+    ExpectIntEQ(wolfSSL_CTX_set_groups(clientCtx, groups,
+        WOLFSSL_MAX_GROUP_COUNT + 1), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    ExpectIntEQ(wolfSSL_CTX_set_groups(clientCtx, groups, numGroups),
+        WOLFSSL_SUCCESS);
+    ExpectIntEQ(wolfSSL_CTX_set_groups(clientCtx, bad_groups, numGroups),
+        WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+#endif
+#ifndef NO_WOLFSSL_SERVER
+    ExpectIntEQ(wolfSSL_CTX_set_groups(serverCtx, groups, numGroups),
+        WOLFSSL_SUCCESS);
+    ExpectIntEQ(wolfSSL_CTX_set_groups(serverCtx, bad_groups, numGroups),
+        WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+#endif
+
+    ExpectIntEQ(wolfSSL_set_groups(NULL, NULL, 0),
+        WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+#ifndef NO_WOLFSSL_CLIENT
+    ExpectIntEQ(wolfSSL_set_groups(clientSsl, NULL, 0),
+        WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+#endif
+    ExpectIntEQ(wolfSSL_set_groups(NULL, groups, numGroups),
+        WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+#ifndef NO_WOLFSSL_CLIENT
+#ifndef WOLFSSL_NO_TLS12
+    ExpectIntEQ(wolfSSL_set_groups(clientTls12Ssl, groups, numGroups),
+        WOLFSSL_SUCCESS);
+#endif
+    ExpectIntEQ(wolfSSL_set_groups(clientSsl, groups,
+        WOLFSSL_MAX_GROUP_COUNT + 1), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    ExpectIntEQ(wolfSSL_set_groups(clientSsl, groups, numGroups),
+        WOLFSSL_SUCCESS);
+    ExpectIntEQ(wolfSSL_set_groups(clientSsl, bad_groups, numGroups),
+        WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+#endif
+#ifndef NO_WOLFSSL_SERVER
+    ExpectIntEQ(wolfSSL_set_groups(serverSsl, groups, numGroups),
+        WOLFSSL_SUCCESS);
+    ExpectIntEQ(wolfSSL_set_groups(serverSsl, bad_groups, numGroups),
+        WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+#endif
+
+#ifdef OPENSSL_EXTRA
+    ExpectIntEQ(wolfSSL_CTX_set1_groups_list(NULL, NULL),
+        WC_NO_ERR_TRACE(WOLFSSL_FAILURE));
+#ifndef NO_WOLFSSL_CLIENT
+    ExpectIntEQ(wolfSSL_CTX_set1_groups_list(clientCtx, NULL),
+        WC_NO_ERR_TRACE(WOLFSSL_FAILURE));
+#endif
+    ExpectIntEQ(wolfSSL_CTX_set1_groups_list(NULL, groupList),
+        WC_NO_ERR_TRACE(WOLFSSL_FAILURE));
+#ifndef NO_WOLFSSL_CLIENT
+#ifndef WOLFSSL_NO_TLS12
+    ExpectIntEQ(wolfSSL_CTX_set1_groups_list(clientTls12Ctx, groupList),
+        WOLFSSL_SUCCESS);
+#endif
+    ExpectIntEQ(wolfSSL_CTX_set1_groups_list(clientCtx, groupList),
+        WOLFSSL_SUCCESS);
+#endif
+#ifndef NO_WOLFSSL_SERVER
+    ExpectIntEQ(wolfSSL_CTX_set1_groups_list(serverCtx, groupList),
+        WOLFSSL_SUCCESS);
+#endif
+
+    ExpectIntEQ(wolfSSL_set1_groups_list(NULL, NULL),
+        WC_NO_ERR_TRACE(WOLFSSL_FAILURE));
+#ifndef NO_WOLFSSL_CLIENT
+    ExpectIntEQ(wolfSSL_set1_groups_list(clientSsl, NULL),
+        WC_NO_ERR_TRACE(WOLFSSL_FAILURE));
+#endif
+    ExpectIntEQ(wolfSSL_set1_groups_list(NULL, groupList),
+        WC_NO_ERR_TRACE(WOLFSSL_FAILURE));
+#ifndef NO_WOLFSSL_CLIENT
+#ifndef WOLFSSL_NO_TLS12
+    ExpectIntEQ(wolfSSL_set1_groups_list(clientTls12Ssl, groupList),
+        WOLFSSL_SUCCESS);
+#endif
+    ExpectIntEQ(wolfSSL_set1_groups_list(clientSsl, groupList),
+        WOLFSSL_SUCCESS);
+#endif
+#ifndef NO_WOLFSSL_SERVER
+    ExpectIntEQ(wolfSSL_set1_groups_list(serverSsl, groupList),
+        WOLFSSL_SUCCESS);
+#endif
+#endif /* OPENSSL_EXTRA */
+#endif /* HAVE_SUPPORTED_CURVES */
+#endif /* HAVE_ECC */
+
+#ifdef WOLFSSL_EARLY_DATA
+#ifndef OPENSSL_EXTRA
+    ExpectIntEQ(wolfSSL_CTX_set_max_early_data(NULL, 0),
+        WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    ExpectIntEQ(wolfSSL_CTX_get_max_early_data(NULL),
+        WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+#else
+    ExpectIntEQ(SSL_CTX_set_max_early_data(NULL, 0),
+        WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    ExpectIntEQ(SSL_CTX_get_max_early_data(NULL),
+        WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+#endif
+#ifndef NO_WOLFSSL_CLIENT
+#ifndef OPENSSL_EXTRA
+    ExpectIntEQ(wolfSSL_CTX_set_max_early_data(clientCtx, 0),
+        WC_NO_ERR_TRACE(SIDE_ERROR));
+    ExpectIntEQ(wolfSSL_CTX_get_max_early_data(clientCtx),
+        WC_NO_ERR_TRACE(SIDE_ERROR));
+#else
+    ExpectIntEQ(SSL_CTX_set_max_early_data(clientCtx, 0),
+        WC_NO_ERR_TRACE(SIDE_ERROR));
+    ExpectIntEQ(SSL_CTX_get_max_early_data(clientCtx),
+        WC_NO_ERR_TRACE(SIDE_ERROR));
+#endif
+#endif
+#ifndef NO_WOLFSSL_SERVER
+#ifndef WOLFSSL_NO_TLS12
+#ifndef OPENSSL_EXTRA
+    ExpectIntEQ(wolfSSL_CTX_set_max_early_data(serverTls12Ctx, 0),
+        WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    ExpectIntEQ(wolfSSL_CTX_get_max_early_data(serverTls12Ctx),
+        WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+#else
+    ExpectIntEQ(SSL_CTX_set_max_early_data(serverTls12Ctx, 0),
+        WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    ExpectIntEQ(SSL_CTX_get_max_early_data(serverTls12Ctx),
+        WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+#endif
+#endif
+#ifndef OPENSSL_EXTRA
+#ifdef WOLFSSL_ERROR_CODE_OPENSSL
+    ExpectIntEQ(wolfSSL_CTX_set_max_early_data(serverCtx, 32),
+        WOLFSSL_SUCCESS);
+#else
+    ExpectIntEQ(wolfSSL_CTX_set_max_early_data(serverCtx, 32), 0);
+#endif
+    ExpectIntEQ(wolfSSL_CTX_get_max_early_data(serverCtx), 32);
+#else
+    ExpectIntEQ(SSL_CTX_set_max_early_data(serverCtx, 32), 1);
+    ExpectIntEQ(SSL_CTX_get_max_early_data(serverCtx), 32);
+#endif
+#endif
+
+#ifndef OPENSSL_EXTRA
+    ExpectIntEQ(wolfSSL_set_max_early_data(NULL, 0),
+        WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    ExpectIntEQ(wolfSSL_get_max_early_data(NULL),
+        WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+#else
+    ExpectIntEQ(SSL_set_max_early_data(NULL, 0), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    ExpectIntEQ(SSL_get_max_early_data(NULL), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+#endif
+#ifndef NO_WOLFSSL_CLIENT
+#ifndef OPENSSL_EXTRA
+#ifdef WOLFSSL_ERROR_CODE_OPENSSL
+    ExpectIntEQ(wolfSSL_set_max_early_data(clientSsl, 17), WOLFSSL_SUCCESS);
+#else
+    ExpectIntEQ(wolfSSL_set_max_early_data(clientSsl, 17), 0);
+#endif
+    ExpectIntEQ(wolfSSL_get_max_early_data(clientSsl), 17);
+#else
+    ExpectIntEQ(SSL_set_max_early_data(clientSsl, 17), WOLFSSL_SUCCESS);
+    ExpectIntEQ(SSL_get_max_early_data(clientSsl), 17);
+#endif
+#endif
+#ifndef NO_WOLFSSL_SERVER
+#ifndef WOLFSSL_NO_TLS12
+#ifndef OPENSSL_EXTRA
+    ExpectIntEQ(wolfSSL_set_max_early_data(serverTls12Ssl, 0),
+        WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    ExpectIntEQ(wolfSSL_get_max_early_data(serverTls12Ssl),
+        WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+#else
+    ExpectIntEQ(SSL_set_max_early_data(serverTls12Ssl, 0),
+        WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    ExpectIntEQ(SSL_get_max_early_data(serverTls12Ssl),
+        WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+#endif
+#endif
+#ifndef OPENSSL_EXTRA
+#ifdef WOLFSSL_ERROR_CODE_OPENSSL
+    ExpectIntEQ(wolfSSL_set_max_early_data(serverSsl, 16), WOLFSSL_SUCCESS);
+#else
+    ExpectIntEQ(wolfSSL_set_max_early_data(serverSsl, 16), 0);
+#endif
+    ExpectIntEQ(wolfSSL_get_max_early_data(serverSsl), 16);
+#else
+    ExpectIntEQ(SSL_set_max_early_data(serverSsl, 16), 1);
+    ExpectIntEQ(SSL_get_max_early_data(serverSsl), 16);
+#endif
+#endif
+
+
+    ExpectIntEQ(wolfSSL_write_early_data(NULL, earlyData, sizeof(earlyData),
+        &outSz), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+#ifndef NO_WOLFSSL_CLIENT
+    ExpectIntEQ(wolfSSL_write_early_data(clientSsl, NULL, sizeof(earlyData),
+        &outSz), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    ExpectIntEQ(wolfSSL_write_early_data(clientSsl, earlyData, -1, &outSz),
+        WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    ExpectIntEQ(wolfSSL_write_early_data(clientSsl, earlyData,
+        sizeof(earlyData), NULL), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+#endif
+#ifndef NO_WOLFSSL_SERVER
+    ExpectIntEQ(wolfSSL_write_early_data(serverSsl, earlyData,
+        sizeof(earlyData), &outSz), WC_NO_ERR_TRACE(SIDE_ERROR));
+#endif
+#ifndef NO_WOLFSSL_CLIENT
+#ifndef WOLFSSL_NO_TLS12
+    ExpectIntEQ(wolfSSL_write_early_data(clientTls12Ssl, earlyData,
+        sizeof(earlyData), &outSz), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+#endif
+    ExpectIntEQ(wolfSSL_write_early_data(clientSsl, earlyData,
+        sizeof(earlyData), &outSz), WC_NO_ERR_TRACE(WOLFSSL_FATAL_ERROR));
+#endif
+
+    ExpectIntEQ(wolfSSL_read_early_data(NULL, earlyDataBuffer,
+        sizeof(earlyDataBuffer), &outSz), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+#ifndef NO_WOLFSSL_SERVER
+    ExpectIntEQ(wolfSSL_read_early_data(serverSsl, NULL,
+        sizeof(earlyDataBuffer), &outSz), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    ExpectIntEQ(wolfSSL_read_early_data(serverSsl, earlyDataBuffer, -1,
+        &outSz), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+    ExpectIntEQ(wolfSSL_read_early_data(serverSsl, earlyDataBuffer,
+        sizeof(earlyDataBuffer), NULL), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+#endif
+#ifndef NO_WOLFSSL_CLIENT
+    ExpectIntEQ(wolfSSL_read_early_data(clientSsl, earlyDataBuffer,
+        sizeof(earlyDataBuffer), &outSz), WC_NO_ERR_TRACE(SIDE_ERROR));
+#endif
+#ifndef NO_WOLFSSL_SERVER
+#ifndef WOLFSSL_NO_TLS12
+    ExpectIntEQ(wolfSSL_read_early_data(serverTls12Ssl, earlyDataBuffer,
+        sizeof(earlyDataBuffer), &outSz), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
+#endif
+    ExpectIntEQ(wolfSSL_read_early_data(serverSsl, earlyDataBuffer,
+        sizeof(earlyDataBuffer), &outSz), WC_NO_ERR_TRACE(WOLFSSL_FATAL_ERROR));
+#endif
+#endif
+
+#if defined(OPENSSL_EXTRA) && defined(WOLFSSL_EARLY_DATA)
+    ExpectIntLT(SSL_get_early_data_status(NULL), 0);
+#endif
+
+
+#ifndef NO_WOLFSSL_SERVER
+    wolfSSL_free(serverSsl);
+    wolfSSL_CTX_free(serverCtx);
+#endif
+#ifndef NO_WOLFSSL_CLIENT
+    wolfSSL_free(clientSsl);
+    wolfSSL_CTX_free(clientCtx);
+#endif
+
+#ifndef WOLFSSL_NO_TLS12
+#ifndef NO_WOLFSSL_SERVER
+    wolfSSL_free(serverTls12Ssl);
+    wolfSSL_CTX_free(serverTls12Ctx);
+#endif
+#ifndef NO_WOLFSSL_CLIENT
+    wolfSSL_free(clientTls12Ssl);
+    wolfSSL_CTX_free(clientTls12Ctx);
+#endif
+#endif
+#endif /* WOLFSSL_TLS13 */
+
+    return EXPECT_RESULT();
+}
+
+#if defined(WOLFSSL_TLS13) && defined(HAVE_SESSION_TICKET) && \
+    !defined(NO_WOLFSSL_SERVER) && defined(HAVE_ECC) && \
+    defined(BUILD_TLS_AES_128_GCM_SHA256) && \
+    defined(BUILD_TLS_AES_256_GCM_SHA384)
+/* Called when writing. */
+static int CsSend(WOLFSSL* ssl, char* buf, int sz, void* ctx)
+{
+    (void)ssl;
+    (void)buf;
+    (void)sz;
+    (void)ctx;
+
+    /* Force error return from wolfSSL_accept_TLSv13(). */
+    return WANT_WRITE;
+}
+/* Called when reading. */
+static int CsRecv(WOLFSSL* ssl, char* buf, int sz, void* ctx)
+{
+    WOLFSSL_BUFFER_INFO* msg = (WOLFSSL_BUFFER_INFO*)ctx;
+    int len = (int)msg->length;
+
+    (void)ssl;
+    (void)sz;
+
+    /* Pass back as much of message as will fit in buffer. */
+    if (len > sz)
+        len = sz;
+    XMEMCPY(buf, msg->buffer, len);
+    /* Move over returned data. */
+    msg->buffer += len;
+    msg->length -= len;
+
+    /* Amount actually copied. */
+    return len;
+}
+#endif
+
+int test_tls13_cipher_suites(void)
+{
+    EXPECT_DECLS;
+#if defined(WOLFSSL_TLS13) && defined(HAVE_SESSION_TICKET) && \
+    !defined(NO_WOLFSSL_SERVER) && defined(HAVE_ECC) && \
+    defined(BUILD_TLS_AES_128_GCM_SHA256) && \
+    defined(BUILD_TLS_AES_256_GCM_SHA384)
+    WOLFSSL_CTX* ctx = NULL;
+    WOLFSSL *ssl = NULL;
+    int i;
+    byte clientHello[] = {
+        0x16, 0x03, 0x03, 0x01, 0x9b, 0x01, 0x00, 0x01,
+        0x97, 0x03, 0x03, 0xf4, 0x65, 0xbd, 0x22, 0xfe,
+        0x6e, 0xab, 0x66, 0xdd, 0xcf, 0xe9, 0x65, 0x55,
+        0xe8, 0xdf, 0xc3, 0x8e, 0x4b, 0x00, 0xbc, 0xf8,
+        0x23, 0x57, 0x1b, 0xa0, 0xc8, 0xa9, 0xe2, 0x8c,
+        0x91, 0x6e, 0xf9, 0x20, 0xf7, 0x5c, 0xc5, 0x5b,
+        0x75, 0x8c, 0x47, 0x0a, 0x0e, 0xc4, 0x1a, 0xda,
+        0xef, 0x75, 0xe5, 0x21, 0x00, 0x00, 0x00, 0x00,
+        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+        0x00, 0x00, 0x00, 0x00, 0x00, 0x04,
+        /* Cipher suites: 0x13, 0x01 = TLS13-AES128-GCM-SHA256, twice. */
+                                            0x13, 0x01,
+        0x13, 0x01, 0x01, 0x00, 0x01, 0x4a, 0x00, 0x2d,
+        0x00, 0x03, 0x02, 0x00, 0x01, 0x00, 0x33, 0x00,
+        0x47, 0x00, 0x45, 0x00, 0x17, 0x00, 0x41, 0x04,
+        0x90, 0xfc, 0xe2, 0x97, 0x05, 0x7c, 0xb5, 0x23,
+        0x5d, 0x5f, 0x5b, 0xcd, 0x0c, 0x1e, 0xe0, 0xe9,
+        0xab, 0x38, 0x6b, 0x1e, 0x20, 0x5c, 0x1c, 0x90,
+        0x2a, 0x9e, 0x68, 0x8e, 0x70, 0x05, 0x10, 0xa8,
+        0x02, 0x1b, 0xf9, 0x5c, 0xef, 0xc9, 0xaf, 0xca,
+        0x1a, 0x3b, 0x16, 0x8b, 0xe4, 0x1b, 0x3c, 0x15,
+        0xb8, 0x0d, 0xbd, 0xaf, 0x62, 0x8d, 0xa7, 0x13,
+        0xa0, 0x7c, 0xe0, 0x59, 0x0c, 0x4f, 0x8a, 0x6d,
+        0x00, 0x2b, 0x00, 0x03, 0x02, 0x03, 0x04, 0x00,
+        0x0d, 0x00, 0x20, 0x00, 0x1e, 0x06, 0x03, 0x05,
+        0x03, 0x04, 0x03, 0x02, 0x03, 0x08, 0x06, 0x08,
+        0x0b, 0x08, 0x05, 0x08, 0x0a, 0x08, 0x04, 0x08,
+        0x09, 0x06, 0x01, 0x05, 0x01, 0x04, 0x01, 0x03,
+        0x01, 0x02, 0x01, 0x00, 0x0a, 0x00, 0x04, 0x00,
+        0x02, 0x00, 0x17, 0x00, 0x16, 0x00, 0x00, 0x00,
+        0x23, 0x00, 0x00, 0x00, 0x29, 0x00, 0xb9, 0x00,
+        0x94, 0x00, 0x8e, 0x0f, 0x12, 0xfa, 0x84, 0x1f,
+        0x76, 0x94, 0xd7, 0x09, 0x5e, 0xad, 0x08, 0x51,
+        0xb6, 0x80, 0x28, 0x31, 0x8b, 0xfd, 0xc6, 0xbd,
+        0x9e, 0xf5, 0x3b, 0x4d, 0x02, 0xbe, 0x1d, 0x73,
+        0xea, 0x13, 0x68, 0x00, 0x4c, 0xfd, 0x3d, 0x48,
+        0x51, 0xf9, 0x06, 0xbb, 0x92, 0xed, 0x42, 0x9f,
+        0x7f, 0x2c, 0x73, 0x9f, 0xd9, 0xb4, 0xef, 0x05,
+        0x26, 0x5b, 0x60, 0x5c, 0x0a, 0xfc, 0xa3, 0xbd,
+        0x2d, 0x2d, 0x8b, 0xf9, 0xaa, 0x5c, 0x96, 0x3a,
+        0xf2, 0xec, 0xfa, 0xe5, 0x57, 0x2e, 0x87, 0xbe,
+        0x27, 0xc5, 0x3d, 0x4f, 0x5d, 0xdd, 0xde, 0x1c,
+        0x1b, 0xb3, 0xcc, 0x27, 0x27, 0x57, 0x5a, 0xd9,
+        0xea, 0x99, 0x27, 0x23, 0xa6, 0x0e, 0xea, 0x9c,
+        0x0d, 0x85, 0xcb, 0x72, 0xeb, 0xd7, 0x93, 0xe3,
+        0xfe, 0xf7, 0x5c, 0xc5, 0x5b, 0x75, 0x8c, 0x47,
+        0x0a, 0x0e, 0xc4, 0x1a, 0xda, 0xef, 0x75, 0xe5,
+        0x21, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+        0x00, 0xfb, 0x92, 0xce, 0xaa, 0x00, 0x21, 0x20,
+        0xcb, 0x73, 0x25, 0x80, 0x46, 0x78, 0x4f, 0xe5,
+        0x34, 0xf6, 0x91, 0x13, 0x7f, 0xc8, 0x8d, 0xdc,
+        0x81, 0x04, 0xb7, 0x0d, 0x49, 0x85, 0x2e, 0x12,
+        0x7a, 0x07, 0x23, 0xe9, 0x13, 0xa4, 0x6d, 0x8c
+    };
+    WOLFSSL_BUFFER_INFO msg;
+    /* Offset into ClientHello message data of first cipher suite. */
+    const int csOff = 78;
+    /* Server cipher list. */
+    const char* serverCs = "TLS13-AES256-GCM-SHA384:TLS13-AES128-GCM-SHA256";
+    /* Suite list with duplicates. */
+    const char* dupCs = "TLS13-AES128-GCM-SHA256:"
+                        "TLS13-AES128-GCM-SHA256:"
+                        "TLS13-AES256-GCM-SHA384:"
+                        "TLS13-AES256-GCM-SHA384:"
+                        "TLS13-AES128-GCM-SHA256";
+#if defined(OPENSSL_EXTRA) || defined(WOLFSSL_SET_CIPHER_BYTES)
+    const byte dupCsBytes[] = { TLS13_BYTE, TLS_AES_256_GCM_SHA384,
+                                TLS13_BYTE, TLS_AES_256_GCM_SHA384,
+                                TLS13_BYTE, TLS_AES_128_GCM_SHA256,
+                                TLS13_BYTE, TLS_AES_128_GCM_SHA256,
+                                TLS13_BYTE, TLS_AES_256_GCM_SHA384 };
+#endif
+
+    /* Set up wolfSSL context. */
+    ExpectNotNull(ctx = wolfSSL_CTX_new(wolfTLSv1_3_server_method()));
+    ExpectTrue(wolfSSL_CTX_use_certificate_file(ctx, eccCertFile,
+        CERT_FILETYPE));
+    ExpectTrue(wolfSSL_CTX_use_PrivateKey_file(ctx, eccKeyFile,
+        CERT_FILETYPE));
+    /* Read from 'msg'. */
+    wolfSSL_SetIORecv(ctx, CsRecv);
+    /* No where to send to - dummy sender. */
+    wolfSSL_SetIOSend(ctx, CsSend);
+
+    /* Test cipher suite list with many copies of a cipher suite. */
+    ExpectNotNull(ssl = wolfSSL_new(ctx));
+    msg.buffer = clientHello;
+    msg.length = (unsigned int)sizeof(clientHello);
+    wolfSSL_SetIOReadCtx(ssl, &msg);
+    /* Force server to have as many occurrences of same cipher suite as
+     * possible. */
+    if (ssl != NULL) {
+        Suites* suites = (Suites*)WOLFSSL_SUITES(ssl);
+        suites->suiteSz = WOLFSSL_MAX_SUITE_SZ;
+        for (i = 0; i < suites->suiteSz; i += 2) {
+            suites->suites[i + 0] = TLS13_BYTE;
+            suites->suites[i + 1] = TLS_AES_128_GCM_SHA256;
+        }
+    }
+    /* Test multiple occurrences of same cipher suite. */
+    ExpectIntEQ(wolfSSL_accept_TLSv13(ssl),
+        WC_NO_ERR_TRACE(WOLFSSL_FATAL_ERROR));
+    wolfSSL_free(ssl);
+    ssl = NULL;
+
+    /* Set client order opposite to server order:
+     *   TLS13-AES128-GCM-SHA256:TLS13-AES256-GCM-SHA384 */
+    clientHello[csOff + 0] = TLS13_BYTE;
+    clientHello[csOff + 1] = TLS_AES_128_GCM_SHA256;
+    clientHello[csOff + 2] = TLS13_BYTE;
+    clientHello[csOff + 3] = TLS_AES_256_GCM_SHA384;
+
+    /* Test server order negotiation. */
+    ExpectNotNull(ssl = wolfSSL_new(ctx));
+    msg.buffer = clientHello;
+    msg.length = (unsigned int)sizeof(clientHello);
+    wolfSSL_SetIOReadCtx(ssl, &msg);
+    /* Server order: TLS13-AES256-GCM-SHA384:TLS13-AES128-GCM-SHA256 */
+    ExpectIntEQ(wolfSSL_set_cipher_list(ssl, serverCs), WOLFSSL_SUCCESS);
+    /* Negotiate cipher suites in server order: TLS13-AES256-GCM-SHA384 */
+    ExpectIntEQ(wolfSSL_accept_TLSv13(ssl),
+        WC_NO_ERR_TRACE(WOLFSSL_FATAL_ERROR));
+    /* Check refined order - server order. */
+    ExpectIntEQ(ssl->suites->suiteSz, 4);
+    ExpectIntEQ(ssl->suites->suites[0], TLS13_BYTE);
+    ExpectIntEQ(ssl->suites->suites[1], TLS_AES_256_GCM_SHA384);
+    ExpectIntEQ(ssl->suites->suites[2], TLS13_BYTE);
+    ExpectIntEQ(ssl->suites->suites[3], TLS_AES_128_GCM_SHA256);
+    wolfSSL_free(ssl);
+    ssl = NULL;
+
+    /* Test client order negotiation. */
+    ExpectNotNull(ssl = wolfSSL_new(ctx));
+    msg.buffer = clientHello;
+    msg.length = (unsigned int)sizeof(clientHello);
+    wolfSSL_SetIOReadCtx(ssl, &msg);
+    /* Server order: TLS13-AES256-GCM-SHA384:TLS13-AES128-GCM-SHA256 */
+    ExpectIntEQ(wolfSSL_set_cipher_list(ssl, serverCs), WOLFSSL_SUCCESS);
+    ExpectIntEQ(wolfSSL_UseClientSuites(ssl), 0);
+    /* Negotiate cipher suites in client order: TLS13-AES128-GCM-SHA256 */
+    ExpectIntEQ(wolfSSL_accept_TLSv13(ssl),
+        WC_NO_ERR_TRACE(WOLFSSL_FATAL_ERROR));
+    /* Check refined order - client order. */
+    ExpectIntEQ(ssl->suites->suiteSz, 4);
+    ExpectIntEQ(ssl->suites->suites[0], TLS13_BYTE);
+    ExpectIntEQ(ssl->suites->suites[1], TLS_AES_128_GCM_SHA256);
+    ExpectIntEQ(ssl->suites->suites[2], TLS13_BYTE);
+    ExpectIntEQ(ssl->suites->suites[3], TLS_AES_256_GCM_SHA384);
+    wolfSSL_free(ssl);
+    ssl = NULL;
+
+    /* Check duplicate detection is working. */
+    ExpectIntEQ(wolfSSL_CTX_set_cipher_list(ctx, dupCs), WOLFSSL_SUCCESS);
+    ExpectIntEQ(ctx->suites->suiteSz, 4);
+    ExpectIntEQ(ctx->suites->suites[0], TLS13_BYTE);
+    ExpectIntEQ(ctx->suites->suites[1], TLS_AES_128_GCM_SHA256);
+    ExpectIntEQ(ctx->suites->suites[2], TLS13_BYTE);
+    ExpectIntEQ(ctx->suites->suites[3], TLS_AES_256_GCM_SHA384);
+
+#if defined(OPENSSL_EXTRA) || defined(WOLFSSL_SET_CIPHER_BYTES)
+    ExpectIntEQ(wolfSSL_CTX_set_cipher_list_bytes(ctx, dupCsBytes,
+        sizeof(dupCsBytes)), WOLFSSL_SUCCESS);
+    ExpectIntEQ(ctx->suites->suiteSz, 4);
+    ExpectIntEQ(ctx->suites->suites[0], TLS13_BYTE);
+    ExpectIntEQ(ctx->suites->suites[1], TLS_AES_256_GCM_SHA384);
+    ExpectIntEQ(ctx->suites->suites[2], TLS13_BYTE);
+    ExpectIntEQ(ctx->suites->suites[3], TLS_AES_128_GCM_SHA256);
+#endif
+
+    wolfSSL_CTX_free(ctx);
+#endif
+    return EXPECT_RESULT();
+}
+
+
+#if defined(WOLFSSL_TLS13) && defined(HAVE_MANUAL_MEMIO_TESTS_DEPENDENCIES)\
+    && !defined(NO_PSK)
+static unsigned int test_tls13_bad_psk_binder_client_cb(WOLFSSL* ssl,
+        const char* hint, char* identity, unsigned int id_max_len,
+        unsigned char* key, unsigned int key_max_len)
+{
+    (void)ssl;
+    (void)hint;
+    (void)key_max_len;
+
+    /* see internal.h MAX_PSK_ID_LEN for PSK identity limit */
+    XSTRNCPY(identity, "Client_identity", id_max_len);
+
+    key[0] = 0x20;
+    return 1;
+}
+
+static unsigned int test_tls13_bad_psk_binder_server_cb(WOLFSSL* ssl,
+        const char* id, unsigned char* key, unsigned int key_max_len)
+{
+    (void)ssl;
+    (void)id;
+    (void)key_max_len;
+    /* zero means error */
+    key[0] = 0x10;
+    return 1;
+}
+#endif
+
+int test_tls13_bad_psk_binder(void)
+{
+    EXPECT_DECLS;
+#if defined(WOLFSSL_TLS13) && defined(HAVE_MANUAL_MEMIO_TESTS_DEPENDENCIES)\
+    && !defined(NO_PSK)
+    WOLFSSL_CTX *ctx_c = NULL;
+    WOLFSSL_CTX *ctx_s = NULL;
+    WOLFSSL *ssl_c = NULL;
+    WOLFSSL *ssl_s = NULL;
+    struct test_memio_ctx test_ctx;
+    WOLFSSL_ALERT_HISTORY h;
+
+    XMEMSET(&test_ctx, 0, sizeof(test_ctx));
+    ExpectIntEQ(test_memio_setup(&test_ctx, &ctx_c, &ctx_s, &ssl_c, &ssl_s,
+        wolfTLSv1_3_client_method, wolfTLSv1_3_server_method), 0);
+
+    wolfSSL_set_psk_client_callback(ssl_c, test_tls13_bad_psk_binder_client_cb);
+    wolfSSL_set_psk_server_callback(ssl_s, test_tls13_bad_psk_binder_server_cb);
+
+    ExpectIntNE(wolfSSL_connect(ssl_c), WOLFSSL_SUCCESS);
+    ExpectIntEQ(wolfSSL_get_error(ssl_c, WC_NO_ERR_TRACE(WOLFSSL_FATAL_ERROR)),
+        WOLFSSL_ERROR_WANT_READ);
+
+    ExpectIntNE(wolfSSL_accept(ssl_s), WOLFSSL_SUCCESS);
+    ExpectIntEQ( wolfSSL_get_error(ssl_s, WC_NO_ERR_TRACE(WOLFSSL_FATAL_ERROR)),
+        WC_NO_ERR_TRACE(BAD_BINDER));
+
+    ExpectIntNE(wolfSSL_connect(ssl_c), WOLFSSL_SUCCESS);
+    ExpectIntEQ(wolfSSL_get_error(ssl_c, WC_NO_ERR_TRACE(WOLFSSL_FATAL_ERROR)),
+        WC_NO_ERR_TRACE(FATAL_ERROR));
+    ExpectIntEQ(wolfSSL_get_alert_history(ssl_c, &h), WOLFSSL_SUCCESS);
+    ExpectIntEQ(h.last_rx.code, illegal_parameter);
+    ExpectIntEQ(h.last_rx.level, alert_fatal);
+
+    wolfSSL_free(ssl_c);
+    wolfSSL_CTX_free(ctx_c);
+    wolfSSL_free(ssl_s);
+    wolfSSL_CTX_free(ctx_s);
+#endif
+    return EXPECT_RESULT();
+}
+
+
+#if defined(HAVE_RPK) && !defined(NO_TLS)
+
+#define svrRpkCertFile     "./certs/rpk/server-cert-rpk.der"
+#define clntRpkCertFile    "./certs/rpk/client-cert-rpk.der"
+
+#if defined(WOLFSSL_ALWAYS_VERIFY_CB) && defined(WOLFSSL_TLS13)
+static int MyRpkVerifyCb(int mode, WOLFSSL_X509_STORE_CTX* strctx)
+{
+    int ret = WOLFSSL_SUCCESS;
+    (void)mode;
+    (void)strctx;
+    WOLFSSL_ENTER("MyRpkVerifyCb");
+    return ret;
+}
+#endif /* WOLFSSL_ALWAYS_VERIFY_CB && WOLFSSL_TLS13 */
+
+static WC_INLINE int test_rpk_memio_setup(
+    struct test_memio_ctx *ctx,
+    WOLFSSL_CTX **ctx_c,
+    WOLFSSL_CTX **ctx_s,
+    WOLFSSL **ssl_c,
+    WOLFSSL **ssl_s,
+    method_provider method_c,
+    method_provider method_s,
+    const char* certfile_c, int fmt_cc, /* client cert file path and format */
+    const char* certfile_s, int fmt_cs, /* server cert file path and format */
+    const char* pkey_c,     int fmt_kc, /* client private key and format */
+    const char* pkey_s,     int fmt_ks  /* server private key and format */
+    )
+{
+    int ret;
+    if (ctx_c != NULL && *ctx_c == NULL) {
+        *ctx_c = wolfSSL_CTX_new(method_c());
+        if (*ctx_c == NULL) {
+            return -1;
+        }
+        wolfSSL_CTX_set_verify(*ctx_c, WOLFSSL_VERIFY_PEER, NULL);
+
+        ret = wolfSSL_CTX_load_verify_locations(*ctx_c, caCertFile, 0);
+        if (ret != WOLFSSL_SUCCESS) {
+            return -1;
+        }
+        wolfSSL_SetIORecv(*ctx_c, test_memio_read_cb);
+        wolfSSL_SetIOSend(*ctx_c, test_memio_write_cb);
+
+        ret = wolfSSL_CTX_use_certificate_file(*ctx_c, certfile_c, fmt_cc);
+        if (ret != WOLFSSL_SUCCESS) {
+            return -1;
+        }
+        ret = wolfSSL_CTX_use_PrivateKey_file(*ctx_c, pkey_c, fmt_kc);
+        if (ret != WOLFSSL_SUCCESS) {
+            return -1;
+        }
+    }
+
+    if (ctx_s != NULL && *ctx_s == NULL) {
+        *ctx_s = wolfSSL_CTX_new(method_s());
+        if (*ctx_s == NULL) {
+            return -1;
+        }
+        wolfSSL_CTX_set_verify(*ctx_s, WOLFSSL_VERIFY_PEER, NULL);
+
+        ret = wolfSSL_CTX_load_verify_locations(*ctx_s, cliCertFile, 0);
+        if (ret != WOLFSSL_SUCCESS) {
+            return -1;
+        }
+
+        ret = wolfSSL_CTX_use_PrivateKey_file(*ctx_s, pkey_s, fmt_ks);
+        if (ret != WOLFSSL_SUCCESS) {
+            return -1;
+        }
+        ret = wolfSSL_CTX_use_certificate_file(*ctx_s, certfile_s, fmt_cs);
+        if (ret != WOLFSSL_SUCCESS) {
+            return -1;
+        }
+        wolfSSL_SetIORecv(*ctx_s, test_memio_read_cb);
+        wolfSSL_SetIOSend(*ctx_s, test_memio_write_cb);
+        if (ctx->s_ciphers != NULL) {
+            ret = wolfSSL_CTX_set_cipher_list(*ctx_s, ctx->s_ciphers);
+            if (ret != WOLFSSL_SUCCESS) {
+                return -1;
+            }
+        }
+    }
+
+    if (ctx_c != NULL && ssl_c != NULL) {
+        *ssl_c = wolfSSL_new(*ctx_c);
+        if (*ssl_c == NULL) {
+            return -1;
+        }
+        wolfSSL_SetIOWriteCtx(*ssl_c, ctx);
+        wolfSSL_SetIOReadCtx(*ssl_c, ctx);
+    }
+    if (ctx_s != NULL && ssl_s != NULL) {
+        *ssl_s = wolfSSL_new(*ctx_s);
+        if (*ssl_s == NULL) {
+            return -1;
+        }
+        wolfSSL_SetIOWriteCtx(*ssl_s, ctx);
+        wolfSSL_SetIOReadCtx(*ssl_s, ctx);
+#if !defined(NO_DH)
+        SetDH(*ssl_s);
+#endif
+    }
+
+    return 0;
+}
+#endif /* HAVE_RPK && !NO_TLS */
+
+
+int test_tls13_rpk_handshake(void)
+{
+    EXPECT_DECLS;
+#if defined(HAVE_RPK) && (!defined(WOLFSSL_NO_TLS12) || defined(WOLFSSL_TLS13))
+#ifdef WOLFSSL_TLS13
+    int ret = 0;
+#endif
+    WOLFSSL_CTX *ctx_c = NULL, *ctx_s = NULL;
+    WOLFSSL *ssl_c = NULL, *ssl_s = NULL;
+    struct test_memio_ctx test_ctx;
+    int err;
+    char certType_c[MAX_CLIENT_CERT_TYPE_CNT];
+    char certType_s[MAX_CLIENT_CERT_TYPE_CNT];
+    int typeCnt_c;
+    int typeCnt_s;
+    int tp = 0;
+#if defined(WOLFSSL_ALWAYS_VERIFY_CB) && defined(WOLFSSL_TLS13)
+    int isServer;
+#endif
+
+    (void)err;
+    (void)typeCnt_c;
+    (void)typeCnt_s;
+    (void)certType_c;
+    (void)certType_s;
+
+#ifndef WOLFSSL_NO_TLS12
+    /*  TLS1.2
+     *  Both client and server load x509 cert and start handshaking.
+     *  Check no negotiation occurred.
+     */
+    XMEMSET(&test_ctx, 0, sizeof(test_ctx));
+
+    ExpectIntEQ(
+        test_rpk_memio_setup(
+            &test_ctx, &ctx_c, &ctx_s, &ssl_c, &ssl_s,
+            wolfTLSv1_2_client_method, wolfTLSv1_2_server_method,
+            cliCertFile,     CERT_FILETYPE,
+            svrCertFile,     CERT_FILETYPE,
+            cliKeyFile,      CERT_FILETYPE,
+            svrKeyFile,      CERT_FILETYPE)
+        , 0);
+
+
+    /* set client certificate type in client end */
+    certType_c[0] = WOLFSSL_CERT_TYPE_RPK;
+    certType_c[1] = WOLFSSL_CERT_TYPE_X509;
+    typeCnt_c = 2;
+
+    certType_s[0] = WOLFSSL_CERT_TYPE_RPK;
+    certType_s[1] = WOLFSSL_CERT_TYPE_X509;
+    typeCnt_s = 2;
+
+    /*  both client and server do not call client/server_cert_type APIs,
+     *  expecting default settings works and no negotiation performed.
+     */
+
+    ExpectIntEQ(test_memio_do_handshake(ssl_c, ssl_s, 10, NULL), 0);
+
+    /* confirm no negotiation occurred */
+    ExpectIntEQ(wolfSSL_get_negotiated_client_cert_type(ssl_c, &tp),
+                                                            WOLFSSL_SUCCESS);
+    ExpectIntEQ((int)tp, WOLFSSL_CERT_TYPE_UNKNOWN);
+    ExpectIntEQ(wolfSSL_get_negotiated_server_cert_type(ssl_c, &tp),
+                                                            WOLFSSL_SUCCESS);
+    ExpectIntEQ(tp, WOLFSSL_CERT_TYPE_UNKNOWN);
+    ExpectIntEQ(wolfSSL_get_negotiated_client_cert_type(ssl_s, &tp),
+                                                            WOLFSSL_SUCCESS);
+    ExpectIntEQ(tp, WOLFSSL_CERT_TYPE_UNKNOWN);
+
+    ExpectIntEQ(wolfSSL_get_negotiated_server_cert_type(ssl_s, &tp),
+                                                            WOLFSSL_SUCCESS);
+    ExpectIntEQ(tp, WOLFSSL_CERT_TYPE_UNKNOWN);
+
+    (void)typeCnt_c;
+    (void)typeCnt_s;
+
+    wolfSSL_free(ssl_c);
+    wolfSSL_CTX_free(ctx_c);
+    wolfSSL_free(ssl_s);
+    wolfSSL_CTX_free(ctx_s);
+    ssl_c = ssl_s = NULL;
+    ctx_c = ctx_s = NULL;
+#endif
+
+#ifdef WOLFSSL_TLS13
+    /*  Both client and server load x509 cert and start handshaking.
+     *  Check no negotiation occurred.
+     */
+    XMEMSET(&test_ctx, 0, sizeof(test_ctx));
+
+    ExpectIntEQ(
+        test_rpk_memio_setup(
+            &test_ctx, &ctx_c, &ctx_s, &ssl_c, &ssl_s,
+            wolfTLSv1_3_client_method, wolfTLSv1_3_server_method,
+            cliCertFile,     CERT_FILETYPE,
+            svrCertFile,     CERT_FILETYPE,
+            cliKeyFile,      CERT_FILETYPE,
+            svrKeyFile,      CERT_FILETYPE )
+        , 0);
+
+    /* set client certificate type in client end */
+    certType_c[0] = WOLFSSL_CERT_TYPE_RPK;
+    certType_c[1] = WOLFSSL_CERT_TYPE_X509;
+    typeCnt_c = 2;
+
+    certType_s[0] = WOLFSSL_CERT_TYPE_RPK;
+    certType_s[1] = WOLFSSL_CERT_TYPE_X509;
+    typeCnt_s = 2;
+
+    /*  both client and server do not call client/server_cert_type APIs,
+     *  expecting default settings works and no negotiation performed.
+     */
+
+    ExpectIntEQ(test_memio_do_handshake(ssl_c, ssl_s, 10, NULL), 0);
+
+    /* confirm no negotiation occurred */
+    ExpectIntEQ(wolfSSL_get_negotiated_client_cert_type(ssl_c, &tp),
+                                                        WOLFSSL_SUCCESS);
+    ExpectIntEQ((int)tp, WOLFSSL_CERT_TYPE_UNKNOWN);
+
+    ExpectIntEQ(wolfSSL_get_negotiated_server_cert_type(ssl_c, &tp),
+                                                        WOLFSSL_SUCCESS);
+    ExpectIntEQ(tp, WOLFSSL_CERT_TYPE_UNKNOWN);
+
+    ExpectIntEQ(wolfSSL_get_negotiated_client_cert_type(ssl_s, &tp),
+                                                        WOLFSSL_SUCCESS);
+    ExpectIntEQ(tp, WOLFSSL_CERT_TYPE_UNKNOWN);
+
+    ExpectIntEQ(wolfSSL_get_negotiated_server_cert_type(ssl_s, &tp),
+                                                        WOLFSSL_SUCCESS);
+    ExpectIntEQ(tp, WOLFSSL_CERT_TYPE_UNKNOWN);
+
+    (void)typeCnt_c;
+    (void)typeCnt_s;
+
+    wolfSSL_free(ssl_c);
+    wolfSSL_CTX_free(ctx_c);
+    wolfSSL_free(ssl_s);
+    wolfSSL_CTX_free(ctx_s);
+    ssl_c = ssl_s = NULL;
+    ctx_c = ctx_s = NULL;
+
+
+    /*  Both client and server load RPK cert and start handshaking.
+     *  Confirm negotiated cert types match as expected.
+     */
+    XMEMSET(&test_ctx, 0, sizeof(test_ctx));
+
+    ExpectIntEQ(
+        test_rpk_memio_setup(
+            &test_ctx, &ctx_c, &ctx_s, &ssl_c, &ssl_s,
+            wolfTLSv1_3_client_method, wolfTLSv1_3_server_method,
+            clntRpkCertFile, WOLFSSL_FILETYPE_ASN1,
+            svrRpkCertFile,  WOLFSSL_FILETYPE_ASN1,
+            cliKeyFile,      CERT_FILETYPE,
+            svrKeyFile,      CERT_FILETYPE )
+        , 0);
+
+    /* set client certificate type in client end */
+    certType_c[0] = WOLFSSL_CERT_TYPE_RPK;
+    certType_c[1] = WOLFSSL_CERT_TYPE_X509;
+    typeCnt_c = 2;
+
+    certType_s[0] = WOLFSSL_CERT_TYPE_RPK;
+    certType_s[1] = WOLFSSL_CERT_TYPE_X509;
+    typeCnt_s = 2;
+
+    ExpectIntEQ(wolfSSL_set_client_cert_type(ssl_c, certType_c, typeCnt_c),
+                                                        WOLFSSL_SUCCESS);
+
+    /* set server certificate type in client end */
+    ExpectIntEQ(wolfSSL_set_server_cert_type(ssl_c, certType_s, typeCnt_s),
+                                                        WOLFSSL_SUCCESS);
+
+    /* set client certificate type in server end */
+    ExpectIntEQ(wolfSSL_set_client_cert_type(ssl_s, certType_c, typeCnt_c),
+                                                        WOLFSSL_SUCCESS);
+
+    /* set server certificate type in server end */
+    ExpectIntEQ(wolfSSL_set_server_cert_type(ssl_s, certType_s, typeCnt_s),
+                                                        WOLFSSL_SUCCESS);
+
+    ExpectIntEQ(test_memio_do_handshake(ssl_c, ssl_s, 10, NULL), 0);
+
+    ExpectIntEQ(wolfSSL_get_negotiated_client_cert_type(ssl_c, &tp),
+                                                        WOLFSSL_SUCCESS);
+    ExpectIntEQ(tp, WOLFSSL_CERT_TYPE_RPK);
+
+    ExpectIntEQ(wolfSSL_get_negotiated_server_cert_type(ssl_c, &tp),
+                                                        WOLFSSL_SUCCESS);
+    ExpectIntEQ(tp, WOLFSSL_CERT_TYPE_RPK);
+
+    ExpectIntEQ(wolfSSL_get_negotiated_client_cert_type(ssl_s, &tp),
+                                                        WOLFSSL_SUCCESS);
+    ExpectIntEQ(tp, WOLFSSL_CERT_TYPE_RPK);
+
+    ExpectIntEQ(wolfSSL_get_negotiated_server_cert_type(ssl_s, &tp),
+                                                        WOLFSSL_SUCCESS);
+    ExpectIntEQ(tp, WOLFSSL_CERT_TYPE_RPK);
+
+    wolfSSL_free(ssl_c);
+    wolfSSL_CTX_free(ctx_c);
+    wolfSSL_free(ssl_s);
+    wolfSSL_CTX_free(ctx_s);
+    ssl_c = ssl_s = NULL;
+    ctx_c = ctx_s = NULL;
+#endif
+
+
+#ifndef WOLFSSL_NO_TLS12
+    /*  TLS1.2
+     *  Both client and server load RPK cert and start handshaking.
+     *  Confirm negotiated cert types match as expected.
+     */
+    XMEMSET(&test_ctx, 0, sizeof(test_ctx));
+
+    ExpectIntEQ(
+        test_rpk_memio_setup(
+            &test_ctx, &ctx_c, &ctx_s, &ssl_c, &ssl_s,
+            wolfTLSv1_2_client_method, wolfTLSv1_2_server_method,
+            clntRpkCertFile, WOLFSSL_FILETYPE_ASN1,
+            svrRpkCertFile,  WOLFSSL_FILETYPE_ASN1,
+            cliKeyFile,      CERT_FILETYPE,
+            svrKeyFile,      CERT_FILETYPE )
+        , 0);
+
+    /* set client certificate type in client end */
+    certType_c[0] = WOLFSSL_CERT_TYPE_RPK;
+    certType_c[1] = WOLFSSL_CERT_TYPE_X509;
+    typeCnt_c = 2;
+
+    certType_s[0] = WOLFSSL_CERT_TYPE_RPK;
+    certType_s[1] = WOLFSSL_CERT_TYPE_X509;
+    typeCnt_s = 2;
+
+    ExpectIntEQ(wolfSSL_set_client_cert_type(ssl_c, certType_c, typeCnt_c),
+                                                        WOLFSSL_SUCCESS);
+
+    /* set server certificate type in client end */
+    ExpectIntEQ(wolfSSL_set_server_cert_type(ssl_c, certType_s, typeCnt_s),
+                                                        WOLFSSL_SUCCESS);
+
+    /* set client certificate type in server end */
+    ExpectIntEQ(wolfSSL_set_client_cert_type(ssl_s, certType_c, typeCnt_c),
+                                                        WOLFSSL_SUCCESS);
+
+    /* set server certificate type in server end */
+    ExpectIntEQ(wolfSSL_set_server_cert_type(ssl_s, certType_s, typeCnt_s),
+                                                        WOLFSSL_SUCCESS);
+
+    if (test_memio_do_handshake(ssl_c, ssl_s, 10, NULL) != 0)
+        return TEST_FAIL;
+
+    ExpectIntEQ(wolfSSL_get_negotiated_client_cert_type(ssl_c, &tp),
+                                                        WOLFSSL_SUCCESS);
+    ExpectIntEQ(tp, WOLFSSL_CERT_TYPE_RPK);
+
+    ExpectIntEQ(wolfSSL_get_negotiated_server_cert_type(ssl_c, &tp),
+                                                        WOLFSSL_SUCCESS);
+    ExpectIntEQ(tp, WOLFSSL_CERT_TYPE_RPK);
+
+    ExpectIntEQ(wolfSSL_get_negotiated_client_cert_type(ssl_s, &tp),
+                                                        WOLFSSL_SUCCESS);
+    ExpectIntEQ(tp, WOLFSSL_CERT_TYPE_RPK);
+
+    ExpectIntEQ(wolfSSL_get_negotiated_server_cert_type(ssl_s, &tp),
+                                                        WOLFSSL_SUCCESS);
+    ExpectIntEQ(tp, WOLFSSL_CERT_TYPE_RPK);
+
+    wolfSSL_free(ssl_c);
+    wolfSSL_CTX_free(ctx_c);
+    wolfSSL_free(ssl_s);
+    wolfSSL_CTX_free(ctx_s);
+    ssl_c = ssl_s = NULL;
+    ctx_c = ctx_s = NULL;
+#endif
+
+
+#ifdef WOLFSSL_TLS13
+    /*  Both client and server load x509 cert.
+     *  Have client call set_client_cert_type with both RPK and x509.
+     *  This doesn't makes client add client cert type extension to ClientHello,
+     *  since it does not load RPK cert actually.
+     */
+    XMEMSET(&test_ctx, 0, sizeof(test_ctx));
+
+    ExpectIntEQ(
+        test_rpk_memio_setup(
+            &test_ctx, &ctx_c, &ctx_s, &ssl_c, &ssl_s,
+            wolfTLSv1_3_client_method, wolfTLSv1_3_server_method,
+            cliCertFile,     CERT_FILETYPE,
+            svrCertFile,     CERT_FILETYPE,
+            cliKeyFile,      CERT_FILETYPE,
+            svrKeyFile,      CERT_FILETYPE )
+        , 0);
+
+    /* set client certificate type in client end
+     *
+     * client indicates both RPK and x509 certs are available but loaded RPK
+     * cert only. It does not have client add client-cert-type extension in CH.
+     */
+    certType_c[0] = WOLFSSL_CERT_TYPE_RPK;
+    certType_c[1] = WOLFSSL_CERT_TYPE_X509;
+    typeCnt_c = 2;
+
+    ExpectIntEQ(wolfSSL_set_client_cert_type(ssl_c, certType_c, typeCnt_c),
+                                                        WOLFSSL_SUCCESS);
+
+    /* client indicates both RPK and x509 certs are acceptable */
+    certType_s[0] = WOLFSSL_CERT_TYPE_RPK;
+    certType_s[1] = WOLFSSL_CERT_TYPE_X509;
+    typeCnt_s = 2;
+
+    ExpectIntEQ(wolfSSL_set_server_cert_type(ssl_c, certType_s, typeCnt_s),
+                                                        WOLFSSL_SUCCESS);
+
+    /* server indicates both RPK and x509 certs are acceptable */
+    certType_c[0] = WOLFSSL_CERT_TYPE_RPK;
+    certType_c[1] = WOLFSSL_CERT_TYPE_X509;
+    typeCnt_c = 2;
+
+    ExpectIntEQ(wolfSSL_set_client_cert_type(ssl_s, certType_c, typeCnt_c),
+                                                        WOLFSSL_SUCCESS);
+
+    /* server should indicate only RPK cert is available */
+    certType_s[0] = WOLFSSL_CERT_TYPE_X509;
+    certType_s[1] = -1;
+    typeCnt_s = 1;
+
+    ExpectIntEQ(wolfSSL_set_server_cert_type(ssl_s, certType_s, typeCnt_s),
+                                                        WOLFSSL_SUCCESS);
+
+    if (test_memio_do_handshake(ssl_c, ssl_s, 10, NULL) != 0)
+        return TEST_FAIL;
+
+    /* Negotiation for client-cert-type should NOT happen. Therefore -1 should
+     * be returned as cert type.
+     */
+    ExpectIntEQ(wolfSSL_get_negotiated_client_cert_type(ssl_c, &tp),
+                                                        WOLFSSL_SUCCESS);
+    ExpectIntEQ(tp, WOLFSSL_CERT_TYPE_UNKNOWN);
+
+    ExpectIntEQ(wolfSSL_get_negotiated_server_cert_type(ssl_c, &tp),
+                                                        WOLFSSL_SUCCESS);
+    ExpectIntEQ(tp, WOLFSSL_CERT_TYPE_X509);
+
+    ExpectIntEQ(wolfSSL_get_negotiated_client_cert_type(ssl_s, &tp),
+                                                        WOLFSSL_SUCCESS);
+    ExpectIntEQ(tp, WOLFSSL_CERT_TYPE_UNKNOWN);
+
+    ExpectIntEQ(wolfSSL_get_negotiated_server_cert_type(ssl_s, &tp),
+                                                        WOLFSSL_SUCCESS);
+    ExpectIntEQ(tp, WOLFSSL_CERT_TYPE_X509);
+
+    wolfSSL_free(ssl_c);
+    wolfSSL_CTX_free(ctx_c);
+    wolfSSL_free(ssl_s);
+    wolfSSL_CTX_free(ctx_s);
+    ssl_c = ssl_s = NULL;
+    ctx_c = ctx_s = NULL;
+
+
+    /*  Have client load RPK cert and have server load x509 cert.
+     *  Check the negotiation result from both ends.
+     */
+    XMEMSET(&test_ctx, 0, sizeof(test_ctx));
+
+    ExpectIntEQ(
+        test_rpk_memio_setup(
+            &test_ctx, &ctx_c, &ctx_s, &ssl_c, &ssl_s,
+            wolfTLSv1_3_client_method, wolfTLSv1_3_server_method,
+            clntRpkCertFile, WOLFSSL_FILETYPE_ASN1,
+            svrCertFile,     CERT_FILETYPE,
+            cliKeyFile,      CERT_FILETYPE,
+            svrKeyFile,      CERT_FILETYPE )
+        , 0);
+
+    /* have client tell to use RPK cert */
+    certType_c[0] = WOLFSSL_CERT_TYPE_RPK;
+    certType_c[1] = -1;
+    typeCnt_c = 1;
+
+    ExpectIntEQ(wolfSSL_set_client_cert_type(ssl_c, certType_c, typeCnt_c),
+                                                        WOLFSSL_SUCCESS);
+
+    /* have client tell to accept both RPK and x509 cert */
+    certType_s[0] = WOLFSSL_CERT_TYPE_X509;
+    certType_s[1] = WOLFSSL_CERT_TYPE_RPK;
+    typeCnt_s = 2;
+
+    ExpectIntEQ(wolfSSL_set_server_cert_type(ssl_c, certType_s, typeCnt_s),
+                                                        WOLFSSL_SUCCESS);
+
+    /* have server accept to both RPK and x509 cert */
+    certType_c[0] = WOLFSSL_CERT_TYPE_X509;
+    certType_c[1] = WOLFSSL_CERT_TYPE_RPK;
+    typeCnt_c = 2;
+
+    ExpectIntEQ(wolfSSL_set_client_cert_type(ssl_s, certType_c, typeCnt_c),
+                                                        WOLFSSL_SUCCESS);
+
+    /* does not call wolfSSL_set_server_cert_type intentionally in sesrver
+     * end, expecting the default setting works.
+     */
+
+
+    if (test_memio_do_handshake(ssl_c, ssl_s, 10, NULL) != 0)
+        return TEST_FAIL;
+
+    ExpectIntEQ(wolfSSL_get_negotiated_client_cert_type(ssl_c, &tp),
+                                                        WOLFSSL_SUCCESS);
+    ExpectIntEQ(tp, WOLFSSL_CERT_TYPE_RPK);
+
+    ExpectIntEQ(wolfSSL_get_negotiated_server_cert_type(ssl_c, &tp),
+                                                        WOLFSSL_SUCCESS);
+    ExpectIntEQ(tp, WOLFSSL_CERT_TYPE_X509);
+
+    ExpectIntEQ(wolfSSL_get_negotiated_client_cert_type(ssl_s, &tp),
+                                                        WOLFSSL_SUCCESS);
+    ExpectIntEQ(tp, WOLFSSL_CERT_TYPE_RPK);
+
+    ExpectIntEQ(wolfSSL_get_negotiated_server_cert_type(ssl_s, &tp),
+                                                        WOLFSSL_SUCCESS);
+    ExpectIntEQ(tp, WOLFSSL_CERT_TYPE_X509);
+
+    wolfSSL_free(ssl_c);
+    wolfSSL_CTX_free(ctx_c);
+    wolfSSL_free(ssl_s);
+    wolfSSL_CTX_free(ctx_s);
+    ssl_c = ssl_s = NULL;
+    ctx_c = ctx_s = NULL;
+
+
+    /*  Have both client and server load RPK cert, however, have server
+     *  indicate its cert type x509.
+     *  Client is expected to detect the cert type mismatch then to send alert
+     *  with "unsupported_certificate".
+     */
+    XMEMSET(&test_ctx, 0, sizeof(test_ctx));
+
+    ExpectIntEQ(
+        test_rpk_memio_setup(
+            &test_ctx, &ctx_c, &ctx_s, &ssl_c, &ssl_s,
+            wolfTLSv1_3_client_method, wolfTLSv1_3_server_method,
+            clntRpkCertFile, WOLFSSL_FILETYPE_ASN1,
+            svrRpkCertFile,  WOLFSSL_FILETYPE_ASN1, /* server sends RPK cert */
+            cliKeyFile,      CERT_FILETYPE,
+            svrKeyFile,      CERT_FILETYPE )
+        , 0);
+
+    /* have client tell to use RPK cert */
+    certType_c[0] = WOLFSSL_CERT_TYPE_RPK;
+    certType_c[1] = -1;
+    typeCnt_c = 1;
+
+    ExpectIntEQ(wolfSSL_set_client_cert_type(ssl_c, certType_c, typeCnt_c),
+                                                        WOLFSSL_SUCCESS);
+
+    /* have client tell to accept both RPK and x509 cert */
+    certType_s[0] = WOLFSSL_CERT_TYPE_X509;
+    certType_s[1] = WOLFSSL_CERT_TYPE_RPK;
+    typeCnt_s = 2;
+
+    ExpectIntEQ(wolfSSL_set_server_cert_type(ssl_c, certType_s, typeCnt_s),
+                                                        WOLFSSL_SUCCESS);
+
+    /* have server accept to both RPK and x509 cert */
+    certType_c[0] = WOLFSSL_CERT_TYPE_X509;
+    certType_c[1] = WOLFSSL_CERT_TYPE_RPK;
+    typeCnt_c = 2;
+
+    ExpectIntEQ(wolfSSL_set_client_cert_type(ssl_s, certType_c, typeCnt_c),
+                                                        WOLFSSL_SUCCESS);
+
+    /* have server tell to use x509 cert intentionally. This will bring
+     * certificate type mismatch in client side.
+     */
+    certType_s[0] = WOLFSSL_CERT_TYPE_X509;
+    certType_s[1] = -1;
+    typeCnt_s = 1;
+
+    ExpectIntEQ(wolfSSL_set_server_cert_type(ssl_s, certType_s, typeCnt_s),
+                                                        WOLFSSL_SUCCESS);
+
+    /* expect client detect cert type mismatch then send Alert */
+    ret = test_memio_do_handshake(ssl_c, ssl_s, 10, NULL);
+    if (ret != -1)
+        return TEST_FAIL;
+
+    ExpectIntEQ(wolfSSL_get_error(ssl_c, ret),
+        WC_NO_ERR_TRACE(UNSUPPORTED_CERTIFICATE));
+
+    ExpectIntEQ(wolfSSL_get_negotiated_client_cert_type(ssl_c, &tp),
+                                                        WOLFSSL_SUCCESS);
+    ExpectIntEQ(tp, WOLFSSL_CERT_TYPE_RPK);
+
+    ExpectIntEQ(wolfSSL_get_negotiated_server_cert_type(ssl_c, &tp),
+                                                        WOLFSSL_SUCCESS);
+    ExpectIntEQ(tp, WOLFSSL_CERT_TYPE_X509);
+
+    ExpectIntEQ(wolfSSL_get_negotiated_client_cert_type(ssl_s, &tp),
+                                                        WOLFSSL_SUCCESS);
+    ExpectIntEQ(tp, WOLFSSL_CERT_TYPE_RPK);
+
+    ExpectIntEQ(wolfSSL_get_negotiated_server_cert_type(ssl_s, &tp),
+                                                        WOLFSSL_SUCCESS);
+    ExpectIntEQ(tp, WOLFSSL_CERT_TYPE_X509);
+
+    wolfSSL_free(ssl_c);
+    wolfSSL_CTX_free(ctx_c);
+    wolfSSL_free(ssl_s);
+    wolfSSL_CTX_free(ctx_s);
+    ssl_c = ssl_s = NULL;
+    ctx_c = ctx_s = NULL;
+
+
+    /*  Have client load x509 cert and server load RPK cert,
+     *  however, have client indicate its cert type RPK.
+     *  Server is expected to detect the cert type mismatch then to send alert
+     *  with "unsupported_certificate".
+     */
+    XMEMSET(&test_ctx, 0, sizeof(test_ctx));
+
+    ExpectIntEQ(
+        test_rpk_memio_setup(
+            &test_ctx, &ctx_c, &ctx_s, &ssl_c, &ssl_s,
+            wolfTLSv1_3_client_method, wolfTLSv1_3_server_method,
+            cliCertFile,     CERT_FILETYPE,
+            svrRpkCertFile,  WOLFSSL_FILETYPE_ASN1,
+            cliKeyFile,      CERT_FILETYPE,
+            svrKeyFile,      CERT_FILETYPE )
+        , 0);
+
+    /* have client tell to use RPK cert intentionally */
+    certType_c[0] = WOLFSSL_CERT_TYPE_RPK;
+    certType_c[1] = -1;
+    typeCnt_c = 1;
+
+    ExpectIntEQ(wolfSSL_set_client_cert_type(ssl_c, certType_c, typeCnt_c),
+                                                        WOLFSSL_SUCCESS);
+
+    /* have client tell to accept both RPK and x509 cert */
+    certType_s[0] = WOLFSSL_CERT_TYPE_X509;
+    certType_s[1] = WOLFSSL_CERT_TYPE_RPK;
+    typeCnt_s = 2;
+
+    ExpectIntEQ(wolfSSL_set_server_cert_type(ssl_c, certType_s, typeCnt_s),
+                                                        WOLFSSL_SUCCESS);
+
+    /* have server accept to both RPK and x509 cert */
+    certType_c[0] = WOLFSSL_CERT_TYPE_X509;
+    certType_c[1] = WOLFSSL_CERT_TYPE_RPK;
+    typeCnt_c = 2;
+
+    ExpectIntEQ(wolfSSL_set_client_cert_type(ssl_s, certType_c, typeCnt_c),
+                                                        WOLFSSL_SUCCESS);
+
+    /* have server tell to use x509 cert intentionally. This will bring
+     * certificate type mismatch in client side.
+     */
+    certType_s[0] = WOLFSSL_CERT_TYPE_X509;
+    certType_s[1] = -1;
+    typeCnt_s = 1;
+
+    ExpectIntEQ(wolfSSL_set_server_cert_type(ssl_s, certType_s, typeCnt_s),
+                                                        WOLFSSL_SUCCESS);
+
+    ret = test_memio_do_handshake(ssl_c, ssl_s, 10, NULL);
+
+    /* expect server detect cert type mismatch then send Alert */
+    ExpectIntNE(ret, 0);
+    err = wolfSSL_get_error(ssl_c, ret);
+    ExpectIntEQ(err, WC_NO_ERR_TRACE(UNSUPPORTED_CERTIFICATE));
+
+    /* client did not load RPK cert actually, so negotiation did not happen */
+    ExpectIntEQ(wolfSSL_get_negotiated_client_cert_type(ssl_c, &tp),
+                                                        WOLFSSL_SUCCESS);
+    ExpectIntEQ(tp, WOLFSSL_CERT_TYPE_UNKNOWN);
+
+    ExpectIntEQ(wolfSSL_get_negotiated_server_cert_type(ssl_c, &tp),
+                                                        WOLFSSL_SUCCESS);
+    ExpectIntEQ(tp, WOLFSSL_CERT_TYPE_X509);
+
+    /* client did not load RPK cert actually, so negotiation did not happen */
+    ExpectIntEQ(wolfSSL_get_negotiated_client_cert_type(ssl_s, &tp),
+                                                        WOLFSSL_SUCCESS);
+    ExpectIntEQ(tp, WOLFSSL_CERT_TYPE_UNKNOWN);
+
+    ExpectIntEQ(wolfSSL_get_negotiated_server_cert_type(ssl_s, &tp),
+                                                        WOLFSSL_SUCCESS);
+    ExpectIntEQ(tp, WOLFSSL_CERT_TYPE_X509);
+
+    wolfSSL_free(ssl_c);
+    wolfSSL_CTX_free(ctx_c);
+    wolfSSL_free(ssl_s);
+    wolfSSL_CTX_free(ctx_s);
+    ssl_c = ssl_s = NULL;
+    ctx_c = ctx_s = NULL;
+
+
+#if defined(WOLFSSL_ALWAYS_VERIFY_CB)
+    /*  Both client and server load RPK cert and set certificate verify
+     *  callbacks then start handshaking.
+     *  Confirm both side can refer the peer's cert.
+     */
+    XMEMSET(&test_ctx, 0, sizeof(test_ctx));
+
+    ExpectIntEQ(
+        test_rpk_memio_setup(
+            &test_ctx, &ctx_c, &ctx_s, &ssl_c, &ssl_s,
+            wolfTLSv1_3_client_method, wolfTLSv1_3_server_method,
+            clntRpkCertFile, WOLFSSL_FILETYPE_ASN1,
+            svrRpkCertFile,  WOLFSSL_FILETYPE_ASN1,
+            cliKeyFile,      CERT_FILETYPE,
+            svrKeyFile,      CERT_FILETYPE )
+        , 0);
+
+    /* set client certificate type in client end */
+    certType_c[0] = WOLFSSL_CERT_TYPE_RPK;
+    certType_c[1] = WOLFSSL_CERT_TYPE_X509;
+    typeCnt_c = 2;
+
+    certType_s[0] = WOLFSSL_CERT_TYPE_RPK;
+    certType_s[1] = WOLFSSL_CERT_TYPE_X509;
+    typeCnt_s = 2;
+
+    ExpectIntEQ(wolfSSL_set_client_cert_type(ssl_c, certType_c, typeCnt_c),
+                                                        WOLFSSL_SUCCESS);
+
+    /* set server certificate type in client end */
+    ExpectIntEQ(wolfSSL_set_server_cert_type(ssl_c, certType_s, typeCnt_s),
+                                                        WOLFSSL_SUCCESS);
+
+    /* set client certificate type in server end */
+    ExpectIntEQ(wolfSSL_set_client_cert_type(ssl_s, certType_c, typeCnt_c),
+                                                        WOLFSSL_SUCCESS);
+
+    /* set server certificate type in server end */
+    ExpectIntEQ(wolfSSL_set_server_cert_type(ssl_s, certType_s, typeCnt_s),
+                                                        WOLFSSL_SUCCESS);
+
+    /* set certificate verify callback to both client and server */
+    isServer = 0;
+    wolfSSL_SetCertCbCtx(ssl_c, &isServer);
+    wolfSSL_set_verify(ssl_c, SSL_VERIFY_PEER, MyRpkVerifyCb);
+
+    isServer = 1;
+    wolfSSL_SetCertCbCtx(ssl_c, &isServer);
+    wolfSSL_set_verify(ssl_s, SSL_VERIFY_PEER, MyRpkVerifyCb);
+
+    ret = test_memio_do_handshake(ssl_c, ssl_s, 10, NULL);
+    if (ret != 0)
+        return TEST_FAIL;
+
+    ExpectIntEQ(wolfSSL_get_negotiated_client_cert_type(ssl_c, &tp),
+                                                        WOLFSSL_SUCCESS);
+    ExpectIntEQ(tp, WOLFSSL_CERT_TYPE_RPK);
+
+    ExpectIntEQ(wolfSSL_get_negotiated_server_cert_type(ssl_c, &tp),
+                                                        WOLFSSL_SUCCESS);
+    ExpectIntEQ(tp, WOLFSSL_CERT_TYPE_RPK);
+
+    ExpectIntEQ(wolfSSL_get_negotiated_client_cert_type(ssl_s, &tp),
+                                                        WOLFSSL_SUCCESS);
+    ExpectIntEQ(tp, WOLFSSL_CERT_TYPE_RPK);
+
+    ExpectIntEQ(wolfSSL_get_negotiated_server_cert_type(ssl_s, &tp),
+                                                        WOLFSSL_SUCCESS);
+    ExpectIntEQ(tp, WOLFSSL_CERT_TYPE_RPK);
+
+    wolfSSL_free(ssl_c);
+    wolfSSL_CTX_free(ctx_c);
+    wolfSSL_free(ssl_s);
+    wolfSSL_CTX_free(ctx_s);
+    ssl_c = ssl_s = NULL;
+    ctx_c = ctx_s = NULL;
+#endif /* WOLFSSL_ALWAYS_VERIFY_CB */
+#endif /* WOLFSSL_TLS13 */
+
+#endif /* HAVE_RPK && (!WOLFSSL_NO_TLS12 || WOLFSSL_TLS13) */
+    return EXPECT_RESULT();
+}
+
+
+#if defined(HAVE_IO_TESTS_DEPENDENCIES) && defined(WOLFSSL_TLS13) && \
+    defined(WOLFSSL_HAVE_MLKEM)
+static void test_tls13_pq_groups_ctx_ready(WOLFSSL_CTX* ctx)
+{
+#ifdef WOLFSSL_MLKEM_KYBER
+    int group = WOLFSSL_KYBER_LEVEL5;
+#else
+    int group = WOLFSSL_ML_KEM_1024;
+#endif
+    AssertIntEQ(wolfSSL_CTX_set_groups(ctx, &group, 1), WOLFSSL_SUCCESS);
+}
+
+static void test_tls13_pq_groups_on_result(WOLFSSL* ssl)
+{
+#ifdef WOLFSSL_MLKEM_KYBER
+    AssertStrEQ(wolfSSL_get_curve_name(ssl), "KYBER_LEVEL5");
+#else
+    AssertStrEQ(wolfSSL_get_curve_name(ssl), "ML_KEM_1024");
+#endif
+}
+#endif
+
+int test_tls13_pq_groups(void)
+{
+    EXPECT_DECLS;
+#if defined(HAVE_IO_TESTS_DEPENDENCIES) && defined(WOLFSSL_TLS13) && \
+    defined(WOLFSSL_HAVE_MLKEM)
+    callback_functions func_cb_client;
+    callback_functions func_cb_server;
+
+    XMEMSET(&func_cb_client, 0, sizeof(callback_functions));
+    XMEMSET(&func_cb_server, 0, sizeof(callback_functions));
+
+    func_cb_client.method = wolfTLSv1_3_client_method;
+    func_cb_server.method = wolfTLSv1_3_server_method;
+    func_cb_client.ctx_ready = test_tls13_pq_groups_ctx_ready;
+    func_cb_client.on_result = test_tls13_pq_groups_on_result;
+    func_cb_server.on_result = test_tls13_pq_groups_on_result;
+
+    test_wolfSSL_client_server_nofail(&func_cb_client, &func_cb_server);
+
+    ExpectIntEQ(func_cb_client.return_code, TEST_SUCCESS);
+    ExpectIntEQ(func_cb_server.return_code, TEST_SUCCESS);
+#endif
+    return EXPECT_RESULT();
+}
+
+int test_tls13_early_data(void)
+{
+    EXPECT_DECLS;
+#if defined(HAVE_MANUAL_MEMIO_TESTS_DEPENDENCIES) && \
+    defined(WOLFSSL_EARLY_DATA) && defined(HAVE_SESSION_TICKET)
+    int written = 0;
+    int read = 0;
+    size_t i;
+    int splitEarlyData;
+    char msg[] = "This is early data";
+    char msg2[] = "This is client data";
+    char msg3[] = "This is server data";
+    char msg4[] = "This is server immediate data";
+    char msgBuf[50];
+    struct {
+        method_provider client_meth;
+        method_provider server_meth;
+        const char* tls_version;
+        int isUdp;
+    } params[] = {
+#ifdef WOLFSSL_TLS13
+        { wolfTLSv1_3_client_method, wolfTLSv1_3_server_method,
+                "TLS 1.3", 0 },
+#endif
+#ifdef WOLFSSL_DTLS13
+        { wolfDTLSv1_3_client_method, wolfDTLSv1_3_server_method,
+                "DTLS 1.3", 1 },
+#endif
+    };
+
+    for (i = 0; i < sizeof(params)/sizeof(*params) && !EXPECT_FAIL(); i++) {
+        for (splitEarlyData = 0; splitEarlyData < 2; splitEarlyData++) {
+            struct test_memio_ctx test_ctx;
+            WOLFSSL_CTX *ctx_c = NULL, *ctx_s = NULL;
+            WOLFSSL *ssl_c = NULL, *ssl_s = NULL;
+            WOLFSSL_SESSION *sess = NULL;
+
+            XMEMSET(&test_ctx, 0, sizeof(test_ctx));
+
+            fprintf(stderr, "\tEarly data with %s\n", params[i].tls_version);
+
+            ExpectIntEQ(test_memio_setup(&test_ctx, &ctx_c, &ctx_s, &ssl_c,
+                    &ssl_s, params[i].client_meth, params[i].server_meth), 0);
+
+            /* Get a ticket so that we can do 0-RTT on the next connection */
+            ExpectIntEQ(test_memio_do_handshake(ssl_c, ssl_s, 10, NULL), 0);
+            /* Make sure we read the ticket */
+            ExpectIntEQ(wolfSSL_read(ssl_c, msgBuf, sizeof(msgBuf)), -1);
+            ExpectIntEQ(wolfSSL_get_error(ssl_c, -1), WOLFSSL_ERROR_WANT_READ);
+            ExpectNotNull(sess = wolfSSL_get1_session(ssl_c));
+
+            wolfSSL_free(ssl_c);
+            ssl_c = NULL;
+            wolfSSL_free(ssl_s);
+            ssl_s = NULL;
+            XMEMSET(&test_ctx, 0, sizeof(test_ctx));
+            ExpectIntEQ(test_memio_setup(&test_ctx, &ctx_c, &ctx_s, &ssl_c,
+                &ssl_s, params[i].client_meth, params[i].server_meth), 0);
+            wolfSSL_SetLoggingPrefix("client");
+            ExpectIntEQ(wolfSSL_set_session(ssl_c, sess), WOLFSSL_SUCCESS);
+#ifdef WOLFSSL_DTLS13
+            if (params[i].isUdp) {
+                wolfSSL_SetLoggingPrefix("server");
+#ifdef WOLFSSL_DTLS13_NO_HRR_ON_RESUME
+                ExpectIntEQ(wolfSSL_dtls13_no_hrr_on_resume(ssl_s, 1),
+                    WOLFSSL_SUCCESS);
+#else
+                /* Let's test this but we generally don't recommend turning off
+                 * the cookie exchange */
+                ExpectIntEQ(wolfSSL_disable_hrr_cookie(ssl_s), WOLFSSL_SUCCESS);
+#endif
+            }
+#endif
+
+            /* Test 0-RTT data */
+            wolfSSL_SetLoggingPrefix("client");
+            ExpectIntEQ(wolfSSL_write_early_data(ssl_c, msg, sizeof(msg),
+                    &written), sizeof(msg));
+            ExpectIntEQ(written, sizeof(msg));
+
+            if (splitEarlyData) {
+                ExpectIntEQ(wolfSSL_write_early_data(ssl_c, msg, sizeof(msg),
+                        &written), sizeof(msg));
+                ExpectIntEQ(written, sizeof(msg));
+            }
+
+            /* Read first 0-RTT data (if split otherwise entire data) */
+            wolfSSL_SetLoggingPrefix("server");
+            ExpectIntEQ(wolfSSL_read_early_data(ssl_s, msgBuf, sizeof(msgBuf),
+                    &read), sizeof(msg));
+            ExpectIntEQ(read, sizeof(msg));
+            ExpectStrEQ(msg, msgBuf);
+
+            /* Test 0.5-RTT data */
+            ExpectIntEQ(wolfSSL_write(ssl_s, msg4, sizeof(msg4)), sizeof(msg4));
+
+            if (splitEarlyData) {
+                /* Read second 0-RTT data */
+                ExpectIntEQ(wolfSSL_read_early_data(ssl_s, msgBuf,
+                    sizeof(msgBuf), &read), sizeof(msg));
+                ExpectIntEQ(read, sizeof(msg));
+                ExpectStrEQ(msg, msgBuf);
+            }
+
+            if (params[i].isUdp) {
+                wolfSSL_SetLoggingPrefix("client");
+                ExpectIntEQ(wolfSSL_connect(ssl_c), -1);
+                ExpectIntEQ(wolfSSL_get_error(ssl_c, -1),
+                    WC_NO_ERR_TRACE(APP_DATA_READY));
+
+                /* Read server 0.5-RTT data */
+                ExpectIntEQ(wolfSSL_read(ssl_c, msgBuf, sizeof(msgBuf)),
+                    sizeof(msg4));
+                ExpectStrEQ(msg4, msgBuf);
+
+                /* Complete handshake */
+                ExpectIntEQ(wolfSSL_connect(ssl_c), -1);
+                ExpectIntEQ(wolfSSL_get_error(ssl_c, -1),
+                    WOLFSSL_ERROR_WANT_READ);
+                /* Use wolfSSL_is_init_finished to check if handshake is
+                 * complete. Normally a user would loop until it is true but
+                 * here we control both sides so we just assert the expected
+                 * value. wolfSSL_read_early_data does not provide handshake
+                 * status to us with non-blocking IO and we can't use
+                 * wolfSSL_accept as TLS layer may return ZERO_RETURN due to
+                 * early data parsing logic. */
+                wolfSSL_SetLoggingPrefix("server");
+                ExpectFalse(wolfSSL_is_init_finished(ssl_s));
+                ExpectIntEQ(wolfSSL_read_early_data(ssl_s, msgBuf,
+                    sizeof(msgBuf), &read), 0);
+                ExpectIntEQ(read, 0);
+                ExpectTrue(wolfSSL_is_init_finished(ssl_s));
+
+                wolfSSL_SetLoggingPrefix("client");
+                ExpectIntEQ(wolfSSL_connect(ssl_c), WOLFSSL_SUCCESS);
+            }
+            else {
+                wolfSSL_SetLoggingPrefix("client");
+                ExpectIntEQ(wolfSSL_connect(ssl_c), WOLFSSL_SUCCESS);
+
+                wolfSSL_SetLoggingPrefix("server");
+                ExpectFalse(wolfSSL_is_init_finished(ssl_s));
+                ExpectIntEQ(wolfSSL_read_early_data(ssl_s, msgBuf,
+                    sizeof(msgBuf), &read), 0);
+                ExpectIntEQ(read, 0);
+                ExpectTrue(wolfSSL_is_init_finished(ssl_s));
+
+                /* Read server 0.5-RTT data */
+                wolfSSL_SetLoggingPrefix("client");
+                ExpectIntEQ(wolfSSL_read(ssl_c, msgBuf, sizeof(msgBuf)),
+                    sizeof(msg4));
+                ExpectStrEQ(msg4, msgBuf);
+            }
+
+            /* Test bi-directional write */
+            wolfSSL_SetLoggingPrefix("client");
+            ExpectIntEQ(wolfSSL_write(ssl_c, msg2, sizeof(msg2)), sizeof(msg2));
+            wolfSSL_SetLoggingPrefix("server");
+            ExpectIntEQ(wolfSSL_read(ssl_s, msgBuf, sizeof(msgBuf)),
+                sizeof(msg2));
+            ExpectStrEQ(msg2, msgBuf);
+            ExpectIntEQ(wolfSSL_write(ssl_s, msg3, sizeof(msg3)), sizeof(msg3));
+            wolfSSL_SetLoggingPrefix("client");
+            ExpectIntEQ(wolfSSL_read(ssl_c, msgBuf, sizeof(msgBuf)),
+                sizeof(msg3));
+            ExpectStrEQ(msg3, msgBuf);
+
+            wolfSSL_SetLoggingPrefix(NULL);
+            ExpectTrue(wolfSSL_session_reused(ssl_c));
+            ExpectTrue(wolfSSL_session_reused(ssl_s));
+
+            wolfSSL_SESSION_free(sess);
+            wolfSSL_free(ssl_c);
+            wolfSSL_free(ssl_s);
+            wolfSSL_CTX_free(ctx_c);
+            wolfSSL_CTX_free(ctx_s);
+        }
+    }
+#endif
+    return EXPECT_RESULT();
+}
+
+
+/* Check that the client won't send the same CH after a HRR. An HRR without
+ * a KeyShare or a Cookie extension will trigger the error. */
+int test_tls13_same_ch(void)
+{
+    EXPECT_DECLS;
+#if defined(HAVE_MANUAL_MEMIO_TESTS_DEPENDENCIES) && \
+    defined(WOLFSSL_TLS13) && defined(WOLFSSL_AES_128) && \
+    defined(HAVE_AESGCM) && !defined(NO_SHA256) && \
+    /* middlebox compat requires that the session ID is echoed */ \
+    !defined(WOLFSSL_TLS13_MIDDLEBOX_COMPAT)
+    WOLFSSL_CTX *ctx_c = NULL;
+    WOLFSSL *ssl_c = NULL;
+    struct test_memio_ctx test_ctx;
+    /* Transport Layer Security
+     *     TLSv1.3 Record Layer: Handshake Protocol: Hello Retry Request
+     *         Content Type: Handshake (22)
+     *         Version: TLS 1.2 (0x0303)
+     *         Length: 50
+     *         Handshake Protocol: Hello Retry Request
+     *             Handshake Type: Server Hello (2)
+     *             Length: 46
+     *             Version: TLS 1.2 (0x0303)
+     *             Random: cf21ad74e59a6111be1d8c021e65b891c2a211167abb8c5e079e09e2c8a8339c (HelloRetryRequest magic)
+     *             Session ID Length: 0
+     *             Cipher Suite: TLS_AES_128_GCM_SHA256 (0x1301)
+     *             Compression Method: null (0)
+     *             Extensions Length: 6
+     *             Extension: supported_versions (len=2) TLS 1.3 */
+    unsigned char hrr[] = {
+      0x16, 0x03, 0x03, 0x00, 0x32, 0x02, 0x00, 0x00, 0x2e, 0x03, 0x03, 0xcf,
+      0x21, 0xad, 0x74, 0xe5, 0x9a, 0x61, 0x11, 0xbe, 0x1d, 0x8c, 0x02, 0x1e,
+      0x65, 0xb8, 0x91, 0xc2, 0xa2, 0x11, 0x16, 0x7a, 0xbb, 0x8c, 0x5e, 0x07,
+      0x9e, 0x09, 0xe2, 0xc8, 0xa8, 0x33, 0x9c, 0x00, 0x13, 0x01, 0x00, 0x00,
+      0x06, 0x00, 0x2b, 0x00, 0x02, 0x03, 0x04
+    };
+
+    XMEMSET(&test_ctx, 0, sizeof(test_ctx));
+    ExpectIntEQ(test_memio_setup(&test_ctx, &ctx_c, NULL, &ssl_c, NULL,
+            wolfTLSv1_3_client_method, NULL), 0);
+    ExpectIntEQ(test_memio_inject_message(&test_ctx, 1, (char*)hrr,
+            sizeof(hrr)), 0);
+    ExpectIntEQ(wolfSSL_connect(ssl_c), -1);
+    ExpectIntEQ(wolfSSL_get_error(ssl_c, -1), DUPLICATE_MSG_E);
+
+    wolfSSL_free(ssl_c);
+    wolfSSL_CTX_free(ctx_c);
+#endif
+    return EXPECT_RESULT();
+}
diff --git a/tests/api/test_tls13.h b/tests/api/test_tls13.h
new file mode 100644
index 000000000..fb46c404d
--- /dev/null
+++ b/tests/api/test_tls13.h
@@ -0,0 +1,44 @@
+/* test_tls13.h
+ *
+ * Copyright (C) 2006-2025 wolfSSL Inc.
+ *
+ * This file is part of wolfSSL.
+ *
+ * wolfSSL is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * wolfSSL is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA
+ */
+
+#ifndef WOLFCRYPT_TEST_TLS13_H
+#define WOLFCRYPT_TEST_TLS13_H
+
+#include <tests/api/api_decl.h>
+
+int test_tls13_apis(void);
+int test_tls13_cipher_suites(void);
+int test_tls13_bad_psk_binder(void);
+int test_tls13_rpk_handshake(void);
+int test_tls13_pq_groups(void);
+int test_tls13_early_data(void);
+int test_tls13_same_ch(void);
+
+#define TEST_TLS13_DECLS                                   \
+    TEST_DECL_GROUP("tls13", test_tls13_apis),             \
+    TEST_DECL_GROUP("tls13", test_tls13_cipher_suites),    \
+    TEST_DECL_GROUP("tls13", test_tls13_bad_psk_binder),   \
+    TEST_DECL_GROUP("tls13", test_tls13_rpk_handshake),    \
+    TEST_DECL_GROUP("tls13", test_tls13_pq_groups),        \
+    TEST_DECL_GROUP("tls13", test_tls13_early_data),       \
+    TEST_DECL_GROUP("tls13", test_tls13_same_ch)
+
+#endif /* WOLFCRYPT_TEST_TLS13_H */
diff --git a/tests/api/test_tls_ext.c b/tests/api/test_tls_ext.c
index 58a808b14..2d6248b2c 100644
--- a/tests/api/test_tls_ext.c
+++ b/tests/api/test_tls_ext.c
@@ -127,3 +127,282 @@ int test_wolfSSL_DisableExtendedMasterSecret(void)
 #endif
     return EXPECT_RESULT();
 }
+
+
+#if !defined(NO_WOLFSSL_CLIENT) && !defined(NO_WOLFSSL_SERVER) && \
+    !defined(WOLFSSL_NO_CA_NAMES) && !defined(NO_BIO) && \
+    !defined(NO_CERTS) && !defined(NO_TLS) && (defined(OPENSSL_EXTRA) || \
+    defined(OPENSSL_EXTRA_X509_SMALL)) && (defined(OPENSSL_ALL) || \
+    defined(WOLFSSL_NGINX) || defined(HAVE_LIGHTY)) && \
+    (defined(WOLFSSL_TLS13) || !defined(WOLFSSL_NO_TLS12))
+struct client_cb_arg {
+    WOLF_STACK_OF(X509_NAME) *names1;
+    WOLF_STACK_OF(X509_NAME) *names2;
+};
+
+static int certificate_authorities_client_cb(WOLFSSL *ssl, void *_arg) {
+    struct client_cb_arg *arg = (struct client_cb_arg *)_arg;
+    arg->names1 = wolfSSL_get_client_CA_list(ssl);
+    arg->names2 = wolfSSL_get0_peer_CA_list(ssl);
+
+    if (!wolfSSL_use_certificate_file(ssl, cliCertFile, SSL_FILETYPE_PEM))
+        return 0;
+    if (!wolfSSL_use_PrivateKey_file(ssl, cliKeyFile, SSL_FILETYPE_PEM))
+        return 0;
+    return 1;
+}
+#endif
+
+int test_certificate_authorities_certificate_request(void) {
+    EXPECT_DECLS;
+#if !defined(NO_WOLFSSL_CLIENT) && !defined(NO_WOLFSSL_SERVER) && \
+    !defined(WOLFSSL_NO_CA_NAMES) && !defined(NO_BIO) && \
+    !defined(NO_CERTS) && !defined(NO_TLS) && (defined(OPENSSL_EXTRA) || \
+    defined(OPENSSL_EXTRA_X509_SMALL)) && (defined(OPENSSL_ALL) || \
+    defined(WOLFSSL_NGINX) || defined(HAVE_LIGHTY)) && \
+    (defined(WOLFSSL_TLS13) || !defined(WOLFSSL_NO_TLS12))
+    struct test_params {
+        method_provider client_meth;
+        method_provider server_meth;
+        int             doUdp;
+    } params[] = {
+#ifdef WOLFSSL_TLS13
+        /* TLS 1.3 uses certificate_authorities extension */
+        {wolfTLSv1_3_client_method, wolfTLSv1_3_server_method, 0},
+#endif
+#if !defined(WOLFSSL_NO_TLS12) && (defined(OPENSSL_ALL) || \
+            defined(WOLFSSL_NGINX) || defined(HAVE_LIGHTY))
+        /* TLS 1.2 directly embeds CA names in CertificateRequest */
+        {wolfTLSv1_2_client_method, wolfTLSv1_2_server_method, 0},
+#endif
+#ifdef WOLFSSL_DTLS13
+        {wolfDTLSv1_3_client_method, wolfDTLSv1_3_server_method, 1},
+#endif
+#if defined(WOLFSSL_DTLS) && (defined(OPENSSL_ALL) || \
+            defined(WOLFSSL_NGINX) || defined(HAVE_LIGHTY))
+        {wolfDTLSv1_2_client_method, wolfDTLSv1_2_server_method, 1},
+#endif
+    };
+    size_t i;
+
+    for (i = 0; i < sizeof(params) / sizeof(*params); i++) {
+        struct test_memio_ctx test_ctx;
+        WOLFSSL_CTX *ctx_srv = NULL;
+        WOLFSSL *ssl_srv = NULL;
+        WOLFSSL_CTX *ctx_cli = NULL;
+        WOLFSSL *ssl_cli = NULL;
+        WOLF_STACK_OF(X509_NAME) *names1 = NULL, *names2 = NULL;
+        X509_NAME *name = NULL;
+        struct client_cb_arg cb_arg = { NULL, NULL };
+        const char *expected_names[] = {
+            "/C=US/ST=Montana/L=Bozeman/O=wolfSSL_2048/OU=Programming-2048"
+                "/CN=www.wolfssl.com/emailAddress=info@wolfssl.com",
+            "/C=US/ST=Montana/L=Bozeman/O=Sawtooth/OU=Consulting"
+                "/CN=www.wolfssl.com/emailAddress=info@wolfssl.com"
+        };
+
+        if (EXPECT_FAIL())
+            break;
+
+        XMEMSET(&test_ctx, 0, sizeof(test_ctx));
+
+        ExpectIntEQ(0, test_memio_setup(&test_ctx, &ctx_cli, &ctx_srv,
+                    &ssl_cli, NULL, params[i].client_meth,
+                    params[i].server_meth));
+
+        wolfSSL_CTX_set_verify(ctx_srv,
+                SSL_VERIFY_PEER | SSL_VERIFY_FAIL_IF_NO_PEER_CERT, NULL);
+        ExpectIntEQ(WOLFSSL_SUCCESS,
+                wolfSSL_CTX_load_verify_locations(ctx_srv, cliCertFile, NULL));
+
+        ExpectNotNull(ssl_srv = wolfSSL_new(ctx_srv));
+        wolfSSL_SetIOReadCtx(ssl_srv, &test_ctx);
+        wolfSSL_SetIOWriteCtx(ssl_srv, &test_ctx);
+
+        names1 = wolfSSL_load_client_CA_file(cliCertFile);
+        ExpectNotNull(names1);
+        names2 = wolfSSL_load_client_CA_file(caCertFile);
+        ExpectNotNull(names2);
+        ExpectNotNull(name = wolfSSL_sk_X509_NAME_value(names2, 0));
+        ExpectIntEQ(2, wolfSSL_sk_X509_NAME_push(names1, name));
+        if (EXPECT_FAIL()) {
+            wolfSSL_X509_NAME_free(name);
+            name = NULL;
+        }
+        wolfSSL_sk_X509_NAME_free(names2);
+        names2 = wolfSSL_load_client_CA_file(caCertFile);
+        ExpectNotNull(names2);
+
+        /* Check that client_CA_list and CA_list are separate internally */
+        wolfSSL_CTX_set_client_CA_list(ctx_srv, names1);
+        wolfSSL_CTX_set0_CA_list(ctx_srv, names2);
+        ExpectNotNull(names1 = wolfSSL_CTX_get_client_CA_list(ctx_srv));
+        ExpectNotNull(names2 = wolfSSL_CTX_get0_CA_list(ctx_srv));
+        ExpectIntEQ(2, wolfSSL_sk_X509_NAME_num(names1));
+        ExpectIntEQ(1, wolfSSL_sk_X509_NAME_num(names2));
+
+        /* Check that get_client_CA_list and get0_CA_list on ssl return same as
+         * ctx when not set */
+        ExpectNotNull(names1 = wolfSSL_get_client_CA_list(ssl_srv));
+        ExpectNotNull(names2 = wolfSSL_get0_CA_list(ssl_srv));
+        ExpectIntEQ(2, wolfSSL_sk_X509_NAME_num(names1));
+        ExpectIntEQ(1, wolfSSL_sk_X509_NAME_num(names2));
+
+        /* Same checks as before, but on ssl rather than ctx */
+        names1 = wolfSSL_load_client_CA_file(cliCertFile);
+        ExpectNotNull(names1);
+        names2 = wolfSSL_load_client_CA_file(caCertFile);
+        ExpectNotNull(names2);
+        ExpectNotNull(name = wolfSSL_sk_X509_NAME_value(names2, 0));
+        ExpectIntEQ(2, wolfSSL_sk_X509_NAME_push(names1, name));
+        if (EXPECT_FAIL()) {
+            wolfSSL_X509_NAME_free(name);
+            name = NULL;
+        }
+        wolfSSL_sk_X509_NAME_free(names2);
+        names2 = wolfSSL_load_client_CA_file(caCertFile);
+        ExpectNotNull(names2);
+
+        wolfSSL_set_client_CA_list(ssl_srv, names1);
+        wolfSSL_set0_CA_list(ssl_srv, names2);
+        ExpectNotNull(names1 = wolfSSL_get_client_CA_list(ssl_srv));
+        ExpectNotNull(names2 = wolfSSL_get0_CA_list(ssl_srv));
+        ExpectIntEQ(2, wolfSSL_sk_X509_NAME_num(names1));
+        ExpectIntEQ(1, wolfSSL_sk_X509_NAME_num(names2));
+
+
+        /* Certs will be loaded in callback */
+        wolfSSL_CTX_set_cert_cb(ctx_cli,
+                certificate_authorities_client_cb, &cb_arg);
+
+        ExpectIntEQ(0, test_memio_do_handshake(ssl_cli, ssl_srv, 10, NULL));
+
+        ExpectNotNull(cb_arg.names1);
+        ExpectNotNull(cb_arg.names2);
+        ExpectIntEQ(2, wolfSSL_sk_X509_NAME_num(cb_arg.names1));
+        ExpectIntEQ(2, wolfSSL_sk_X509_NAME_num(cb_arg.names2));
+
+        if (EXPECT_SUCCESS()) {
+            ExpectStrEQ(wolfSSL_sk_X509_NAME_value(cb_arg.names1, 0)->name,
+                    expected_names[0]);
+            ExpectStrEQ(wolfSSL_sk_X509_NAME_value(cb_arg.names1, 1)->name,
+                    expected_names[1]);
+        }
+
+        wolfSSL_shutdown(ssl_cli);
+        wolfSSL_free(ssl_cli);
+        wolfSSL_CTX_free(ctx_cli);
+        wolfSSL_free(ssl_srv);
+        wolfSSL_CTX_free(ctx_srv);
+    }
+#endif
+    return EXPECT_RESULT();
+}
+
+
+#if !defined(NO_WOLFSSL_CLIENT) && !defined(NO_WOLFSSL_SERVER) && \
+    !defined(WOLFSSL_NO_CA_NAMES) && !defined(NO_BIO) && \
+    !defined(NO_CERTS) && (defined(OPENSSL_EXTRA) || \
+    defined(OPENSSL_EXTRA_X509_SMALL)) && (defined(OPENSSL_ALL) || \
+    defined(WOLFSSL_NGINX) || defined(HAVE_LIGHTY)) && defined(WOLFSSL_TLS13)
+static int certificate_authorities_server_cb(WOLFSSL *ssl, void *_arg) {
+    WOLF_STACK_OF(X509_NAME) **names_out = (WOLF_STACK_OF(X509_NAME) **)_arg;
+    WOLF_STACK_OF(X509_NAME) *names = wolfSSL_get0_peer_CA_list(ssl);
+    *names_out = names;
+    if (!wolfSSL_use_certificate_file(ssl, svrCertFile, SSL_FILETYPE_PEM))
+        return 0;
+    if (!wolfSSL_use_PrivateKey_file(ssl, svrKeyFile, SSL_FILETYPE_PEM))
+        return 0;
+    return 1;
+}
+#endif
+
+int test_certificate_authorities_client_hello(void) {
+    EXPECT_DECLS;
+#if !defined(NO_WOLFSSL_CLIENT) && !defined(NO_WOLFSSL_SERVER) && \
+    !defined(WOLFSSL_NO_CA_NAMES) && !defined(NO_BIO) && \
+    !defined(NO_CERTS) && (defined(OPENSSL_EXTRA) || \
+    defined(OPENSSL_EXTRA_X509_SMALL)) && (defined(OPENSSL_ALL) || \
+    defined(WOLFSSL_NGINX) || defined(HAVE_LIGHTY)) && defined(WOLFSSL_TLS13)
+
+    struct test_params {
+        method_provider client_meth;
+        method_provider server_meth;
+        int             doUdp;
+    } params[] = {
+    /* TLS >= 1.3 only */
+#ifdef WOLFSSL_TLS13
+        {wolfTLSv1_3_client_method, wolfTLSv1_3_server_method, 0},
+#endif
+#ifdef WOLFSSL_DTLS13
+        {wolfDTLSv1_3_client_method, wolfDTLSv1_3_server_method, 1},
+#endif
+    };
+    size_t i;
+
+    for (i = 0; i < sizeof(params) / sizeof(*params); i++) {
+        struct test_memio_ctx test_ctx;
+        WOLFSSL_CTX *ctx_srv = NULL;
+        WOLFSSL *ssl_srv = NULL;
+        WOLFSSL_CTX *ctx_cli = NULL;
+        WOLFSSL *ssl_cli = NULL;
+        WOLF_STACK_OF(X509_NAME) *cb_arg = NULL;
+        WOLF_STACK_OF(X509_NAME) *names1 = NULL, *names2 = NULL;
+        X509_NAME *name = NULL;
+        const char *expected_names[] = {
+            "/C=US/ST=Montana/L=Bozeman/O=Sawtooth/OU=Consulting"
+                "/CN=www.wolfssl.com/emailAddress=info@wolfssl.com",
+            "/C=US/ST=Montana/L=Bozeman/O=wolfSSL_2048/OU=Programming-2048"
+                "/CN=www.wolfssl.com/emailAddress=info@wolfssl.com"
+        };
+
+        if (EXPECT_FAIL())
+            break;
+
+        XMEMSET(&test_ctx, 0, sizeof(test_ctx));
+
+        ExpectIntEQ(0, test_memio_setup(&test_ctx, &ctx_cli, &ctx_srv,
+                    &ssl_cli, &ssl_srv, params[i].client_meth,
+                    params[i].server_meth));
+
+        wolfSSL_CTX_set_cert_cb(ctx_srv, certificate_authorities_server_cb,
+                &cb_arg);
+
+        names1 = wolfSSL_load_client_CA_file(caCertFile);
+        ExpectNotNull(names1);
+        names2 = wolfSSL_load_client_CA_file(cliCertFile);
+        ExpectNotNull(names2);
+        ExpectNotNull(name = wolfSSL_sk_X509_NAME_value(names2, 0));
+        ExpectIntEQ(2, wolfSSL_sk_X509_NAME_push(names1, name));
+        if (EXPECT_FAIL()) {
+            wolfSSL_X509_NAME_free(name);
+            name = NULL;
+        }
+        wolfSSL_sk_X509_NAME_free(names2);
+        names2 = wolfSSL_load_client_CA_file(cliCertFile);
+        ExpectNotNull(names2);
+
+        /* verify that set0_CA_list takes precedence */
+        wolfSSL_set0_CA_list(ssl_cli, names1);
+        wolfSSL_CTX_set0_CA_list(ctx_cli, names2);
+
+        ExpectIntEQ(0, test_memio_do_handshake(ssl_cli, ssl_srv, 10, NULL));
+
+        ExpectIntEQ(wolfSSL_sk_X509_NAME_num(cb_arg), 2);
+
+        if (EXPECT_SUCCESS()) {
+            ExpectStrEQ(wolfSSL_sk_X509_NAME_value(cb_arg, 0)->name,
+                    expected_names[0]);
+            ExpectStrEQ(wolfSSL_sk_X509_NAME_value(cb_arg, 1)->name,
+                    expected_names[1]);
+        }
+
+        wolfSSL_shutdown(ssl_cli);
+        wolfSSL_free(ssl_cli);
+        wolfSSL_CTX_free(ctx_cli);
+        wolfSSL_free(ssl_srv);
+        wolfSSL_CTX_free(ctx_srv);
+    }
+#endif
+    return EXPECT_RESULT();
+}
diff --git a/tests/api/test_tls_ext.h b/tests/api/test_tls_ext.h
index a6d7287f2..3506d02e9 100644
--- a/tests/api/test_tls_ext.h
+++ b/tests/api/test_tls_ext.h
@@ -24,5 +24,7 @@
 
 int test_tls_ems_downgrade(void);
 int test_wolfSSL_DisableExtendedMasterSecret(void);
+int test_certificate_authorities_certificate_request(void);
+int test_certificate_authorities_client_hello(void);
 
 #endif /* TESTS_API_TEST_TLS_EMS_H */
diff --git a/tests/test-dtls13-pq-hybrid-frag.conf b/tests/test-dtls13-pq-hybrid-frag.conf
index c9edc6907..267468887 100644
--- a/tests/test-dtls13-pq-hybrid-frag.conf
+++ b/tests/test-dtls13-pq-hybrid-frag.conf
@@ -2,73 +2,73 @@
 -u
 -v 4
 -l TLS13-AES256-GCM-SHA384
---pqc P384_ML_KEM_768
+--pqc SecP384r1MLKEM768
 
 # client DTLSv1.3 with post-quantum hybrid group
 -u
 -v 4
 -l TLS13-AES256-GCM-SHA384
---pqc P384_ML_KEM_768
+--pqc SecP384r1MLKEM768
 
 # server DTLSv1.3 with post-quantum hybrid group
 -u
 -v 4
 -l TLS13-AES256-GCM-SHA384
---pqc P256_ML_KEM_768
+--pqc SecP256r1MLKEM768
 
 # client DTLSv1.3 with post-quantum hybrid group
 -u
 -v 4
 -l TLS13-AES256-GCM-SHA384
---pqc P256_ML_KEM_768
+--pqc SecP256r1MLKEM768
 
 # server DTLSv1.3 with post-quantum hybrid group
 -u
 -v 4
 -l TLS13-AES256-GCM-SHA384
---pqc P521_ML_KEM_1024
+--pqc SecP521r1MLKEM1024
 
 # client DTLSv1.3 with post-quantum hybrid group
 -u
 -v 4
 -l TLS13-AES256-GCM-SHA384
---pqc P521_ML_KEM_1024
+--pqc SecP521r1MLKEM1024
 
 # server DTLSv1.3 with post-quantum hybrid group
 -u
 -v 4
 -l TLS13-AES256-GCM-SHA384
---pqc P384_ML_KEM_1024
+--pqc SecP384r1MLKEM1024
 
 # client DTLSv1.3 with post-quantum hybrid group
 -u
 -v 4
 -l TLS13-AES256-GCM-SHA384
---pqc P384_ML_KEM_1024
+--pqc SecP384r1MLKEM1024
 
 # server DTLSv1.3 with post-quantum hybrid group
 -u
 -v 4
 -l TLS13-AES256-GCM-SHA384
---pqc X25519_ML_KEM_768
+--pqc X25519MLKEM768
 
 # client DTLSv1.3 with post-quantum hybrid group
 -u
 -v 4
 -l TLS13-AES256-GCM-SHA384
---pqc X25519_ML_KEM_768
+--pqc X25519MLKEM768
 
 # server DTLSv1.3 with post-quantum hybrid group
 -u
 -v 4
 -l TLS13-AES256-GCM-SHA384
---pqc X448_ML_KEM_768
+--pqc X448MLKEM768
 
 # client DTLSv1.3 with post-quantum hybrid group
 -u
 -v 4
 -l TLS13-AES256-GCM-SHA384
---pqc X448_ML_KEM_768
+--pqc X448MLKEM768
 
 # server DTLSv1.3 with post-quantum hybrid group
 -u
diff --git a/tests/test-tls13-pq-hybrid.conf b/tests/test-tls13-pq-hybrid.conf
index 242cd3089..76c8e5769 100644
--- a/tests/test-tls13-pq-hybrid.conf
+++ b/tests/test-tls13-pq-hybrid.conf
@@ -1,82 +1,82 @@
 # server TLSv1.3 with post-quantum hybrid group
 -v 4
 -l TLS13-AES256-GCM-SHA384
---pqc P256_ML_KEM_512
+--pqc SecP256r1MLKEM512
 
 # client TLSv1.3 with post-quantum hybrid group
 -v 4
 -l TLS13-AES256-GCM-SHA384
---pqc P256_ML_KEM_512
+--pqc SecP256r1MLKEM512
 
 # server TLSv1.3 with post-quantum hybrid group
 -v 4
 -l TLS13-AES256-GCM-SHA384
---pqc P384_ML_KEM_768
+--pqc SecP384r1MLKEM768
 
 # client TLSv1.3 with post-quantum hybrid group
 -v 4
 -l TLS13-AES256-GCM-SHA384
---pqc P384_ML_KEM_768
+--pqc SecP384r1MLKEM768
 
 # server TLSv1.3 with post-quantum hybrid group
 -v 4
 -l TLS13-AES256-GCM-SHA384
---pqc P256_ML_KEM_768
+--pqc SecP256r1MLKEM768
 
 # client TLSv1.3 with post-quantum hybrid group
 -v 4
 -l TLS13-AES256-GCM-SHA384
---pqc P256_ML_KEM_768
+--pqc SecP256r1MLKEM768
 
 # server TLSv1.3 with post-quantum hybrid group
 -v 4
 -l TLS13-AES256-GCM-SHA384
---pqc P521_ML_KEM_1024
+--pqc SecP521r1MLKEM1024
 
 # client TLSv1.3 with post-quantum hybrid group
 -v 4
 -l TLS13-AES256-GCM-SHA384
---pqc P521_ML_KEM_1024
+--pqc SecP521r1MLKEM1024
 
 # server TLSv1.3 with post-quantum hybrid group
 -v 4
 -l TLS13-AES256-GCM-SHA384
---pqc P384_ML_KEM_1024
+--pqc SecP384r1MLKEM1024
 
 # client TLSv1.3 with post-quantum hybrid group
 -v 4
 -l TLS13-AES256-GCM-SHA384
---pqc P384_ML_KEM_1024
+--pqc SecP384r1MLKEM1024
 
 # server TLSv1.3 with post-quantum hybrid group
 -v 4
 -l TLS13-AES256-GCM-SHA384
---pqc X25519_ML_KEM_512
+--pqc X25519MLKEM512
 
 # client TLSv1.3 with post-quantum hybrid group
 -v 4
 -l TLS13-AES256-GCM-SHA384
---pqc X25519_ML_KEM_512
+--pqc X25519MLKEM512
 
 # server TLSv1.3 with post-quantum hybrid group
 -v 4
 -l TLS13-AES256-GCM-SHA384
---pqc X25519_ML_KEM_768
+--pqc X25519MLKEM768
 
 # client TLSv1.3 with post-quantum hybrid group
 -v 4
 -l TLS13-AES256-GCM-SHA384
---pqc X25519_ML_KEM_768
+--pqc X25519MLKEM768
 
 # server TLSv1.3 with post-quantum hybrid group
 -v 4
 -l TLS13-AES256-GCM-SHA384
---pqc X448_ML_KEM_768
+--pqc X448MLKEM768
 
 # client TLSv1.3 with post-quantum hybrid group
 -v 4
 -l TLS13-AES256-GCM-SHA384
---pqc X448_ML_KEM_768
+--pqc X448MLKEM768
 
 # server TLSv1.3 with post-quantum hybrid group
 -v 4
diff --git a/tests/unit.c b/tests/unit.c
index a3281c29f..5ccb92ebf 100644
--- a/tests/unit.c
+++ b/tests/unit.c
@@ -89,7 +89,7 @@ int unit_test(int argc, char** argv)
 #endif
 
 #ifdef WC_RNG_SEED_CB
-    wc_SetSeed_Cb(wc_GenerateSeed);
+    wc_SetSeed_Cb(WC_GENERATE_SEED_DEFAULT);
 #endif
 #ifdef HAVE_WNR
     if (wc_InitNetRandom(wnrConfig, NULL, 5000) != 0)
@@ -310,7 +310,8 @@ int unit_test(int argc, char** argv)
 #if !defined(NO_WOLFSSL_CIPHER_SUITE_TEST) && \
     !defined(NO_WOLFSSL_CLIENT) && !defined(NO_WOLFSSL_SERVER) && \
     !defined(NO_TLS) && \
-    !defined(SINGLE_THREADED)
+    !defined(SINGLE_THREADED) && \
+    defined(WOLFSSL_PEM_TO_DER)
     if ((ret = SuiteTest(argc, argv)) != 0) {
         fprintf(stderr, "suite test failed with %d\n", ret);
         goto exit;
diff --git a/tests/unit.h b/tests/unit.h
index b9b3eacc1..3ac95c000 100644
--- a/tests/unit.h
+++ b/tests/unit.h
@@ -428,6 +428,29 @@ int test_wolfSSL_client_server_nofail_memio(test_ssl_cbf* client_cb,
     test_ssl_cbf* server_cb, test_cbType client_on_handshake);
 #endif /* HAVE_SSL_MEMIO_TESTS_DEPENDENCIES */
 
+#if !defined(NO_FILESYSTEM) && !defined(NO_CERTS) && !defined(NO_TLS) && \
+    !defined(NO_RSA)        && !defined(SINGLE_THREADED) && \
+    !defined(NO_WOLFSSL_SERVER) && !defined(NO_WOLFSSL_CLIENT)
+    #define HAVE_IO_TESTS_DEPENDENCIES
+#endif
+
+#ifdef HAVE_IO_TESTS_DEPENDENCIES
+THREAD_RETURN WOLFSSL_THREAD test_server_nofail(void* args);
+int test_client_nofail(void* args, cbType cb);
+#endif
+
+#if defined(OPENSSL_EXTRA) && !defined(NO_BIO)
+WOLFSSL_BIO_METHOD* wolfSSL_BIO_s_fixed_mem(void);
+#endif
+
+#if defined(HAVE_PKCS7) && !defined(NO_FILESYSTEM)
+int CreatePKCS7SignedData(unsigned char* output, int outputSz,
+                          byte* data, word32 dataSz,
+                          int withAttribs, int detachedSig,
+                          int useIntermediateCertChain,
+                          int pkAlgoType);
+#endif
+
 void ApiTest_StopOnFail(void);
 void ApiTest_PrintTestCases(void);
 void ApiTest_PrintGroups(void);
diff --git a/tests/utils.c b/tests/utils.c
index 7d42428d2..20eb4cbaa 100644
--- a/tests/utils.c
+++ b/tests/utils.c
@@ -260,7 +260,7 @@ int test_memio_setup_ex(struct test_memio_ctx *ctx,
 #ifndef NO_CERTS
         if (serverKey == NULL) {
             ret = wolfSSL_CTX_use_PrivateKey_file(*ctx_s, svrKeyFile,
-                WOLFSSL_FILETYPE_PEM);
+                CERT_FILETYPE);
         }
         else {
             ret = wolfSSL_CTX_use_PrivateKey_buffer(*ctx_s, serverKey,
@@ -280,7 +280,7 @@ int test_memio_setup_ex(struct test_memio_ctx *ctx,
 
         if (serverCert == NULL) {
             ret = wolfSSL_CTX_use_certificate_file(*ctx_s, svrCertFile,
-                                                   WOLFSSL_FILETYPE_PEM);
+                                                   CERT_FILETYPE);
         }
         else {
             ret = wolfSSL_CTX_use_certificate_chain_buffer_format(*ctx_s,
@@ -405,6 +405,38 @@ int test_memio_inject_message(struct test_memio_ctx* ctx, int client,
     return 0;
 }
 
+int test_memio_copy_message(const struct test_memio_ctx *ctx, int client,
+        char *out, int *out_sz, int msg_pos)
+{
+    int msg_count;
+    const int* msg_sizes;
+    int i;
+    const byte* buff;
+
+    if (client) {
+        buff = ctx->c_buff;
+        msg_count = ctx->c_msg_count;
+        msg_sizes = ctx->c_msg_sizes;
+    }
+    else {
+        buff = ctx->s_buff;
+        msg_count = ctx->s_msg_count;
+        msg_sizes = ctx->s_msg_sizes;
+    }
+    if (msg_pos < 0 || msg_pos >= msg_count) {
+        return -1;
+    }
+    if (*out_sz < msg_sizes[msg_pos]) {
+        return -1;
+    }
+    for (i = 0; i < msg_pos; i++) {
+        buff += msg_sizes[i];
+    }
+    XMEMCPY(out, buff, (size_t)msg_sizes[msg_pos]);
+    *out_sz = msg_sizes[msg_pos];
+    return 0;
+}
+
 int test_memio_drop_message(struct test_memio_ctx *ctx, int client, int msg_pos)
 {
     int *len;
diff --git a/tests/utils.h b/tests/utils.h
index bfedf4451..8d44172e1 100644
--- a/tests/utils.h
+++ b/tests/utils.h
@@ -66,6 +66,8 @@ int test_memio_setup_ex(struct test_memio_ctx *ctx,
     byte *serverKey, int serverKeySz);
 void test_memio_clear_buffer(struct test_memio_ctx *ctx, int is_client);
 int test_memio_inject_message(struct test_memio_ctx *ctx, int client, const char *data, int sz);
+int test_memio_copy_message(const struct test_memio_ctx *ctx, int client,
+        char *out, int *out_sz, int msg_pos);
 int test_memio_drop_message(struct test_memio_ctx *ctx, int client, int msg_pos);
 int test_memio_modify_message_len(struct test_memio_ctx *ctx, int client, int msg_pos, int new_len);
 int test_memio_remove_from_buffer(struct test_memio_ctx *ctx, int client, int off, int sz);
diff --git a/wolfcrypt/benchmark/benchmark.c b/wolfcrypt/benchmark/benchmark.c
index d248acbf9..1642489b4 100644
--- a/wolfcrypt/benchmark/benchmark.c
+++ b/wolfcrypt/benchmark/benchmark.c
@@ -620,8 +620,7 @@
 
 /* optional macro to add sleep between tests */
 #ifndef TEST_SLEEP
-    /* stub the sleep macro */
-    #define TEST_SLEEP() WC_DO_NOTHING
+    #define TEST_SLEEP() WC_RELAX_LONG_LOOP()
 #endif
 
 #define TEST_STRING    "Everyone gets Friday off."
@@ -2344,13 +2343,21 @@ static WC_INLINE void bench_stats_start(int* count, double* start)
 #endif
 }
 
-#ifdef WOLFSSL_LINUXKM_USE_SAVE_VECTOR_REGISTERS
+#ifdef WOLFSSL_USE_SAVE_VECTOR_REGISTERS
     #define bench_stats_start(count, start) do {                               \
         SAVE_VECTOR_REGISTERS(pr_err(                                          \
-            "SAVE_VECTOR_REGISTERS failed for benchmark run.");                \
+            "ERROR: SAVE_VECTOR_REGISTERS failed for benchmark run.");         \
                               return; );                                       \
         bench_stats_start(count, start);                                       \
     } while (0)
+#elif defined(WOLFSSL_LINUXKM)
+    /* we're using floating point to figure the statistics, so we need to
+     * FPU save+lock even without SIMD.
+     */
+    #define bench_stats_start(count, start) do {                               \
+        kernel_fpu_begin();                                                    \
+        bench_stats_start(count, start);                                       \
+    } while (0)
 #endif
 
 static WC_INLINE int bench_stats_check(double start)
@@ -2739,8 +2746,10 @@ static void bench_stats_sym_finish(const char* desc, int useDeviceID,
     (void)useDeviceID;
     (void)ret;
 
-#ifdef WOLFSSL_LINUXKM_USE_SAVE_VECTOR_REGISTERS
+#ifdef WOLFSSL_USE_SAVE_VECTOR_REGISTERS
     RESTORE_VECTOR_REGISTERS();
+#elif defined(WOLFSSL_LINUXKM)
+    kernel_fpu_end();
 #endif
 
     TEST_SLEEP();
@@ -3000,8 +3009,10 @@ static void bench_stats_asym_finish_ex(const char* algo, int strength,
     (void)useDeviceID;
     (void)ret;
 
-#ifdef WOLFSSL_LINUXKM_USE_SAVE_VECTOR_REGISTERS
+#ifdef WOLFSSL_USE_SAVE_VECTOR_REGISTERS
     RESTORE_VECTOR_REGISTERS();
+#elif defined(WOLFSSL_LINUXKM)
+    kernel_fpu_end();
 #endif
 
     TEST_SLEEP();
@@ -3645,7 +3656,7 @@ static void* benchmarks_do(void* args)
 
 #if !defined(NO_RSA) && !defined(WC_NO_RNG)
 #ifndef HAVE_RENESAS_SYNC
-    #if defined(WOLFSSL_KEY_GEN)
+    #if defined(WOLFSSL_KEY_GEN) && !defined(WOLFSSL_RSA_PUBLIC_ONLY)
         if (bench_all || (bench_asym_algs & BENCH_RSA_KEYGEN)) {
         #ifndef NO_SW_BENCH
             if (((word32)bench_asym_algs == 0xFFFFFFFFU) ||
@@ -3675,7 +3686,7 @@ static void* benchmarks_do(void* args)
     #endif
     }
 
-    #ifdef WOLFSSL_KEY_GEN
+    #if defined(WOLFSSL_KEY_GEN) && !defined(WOLFSSL_RSA_PUBLIC_ONLY)
     if (bench_asym_algs & BENCH_RSA_SZ) {
     #ifndef NO_SW_BENCH
         bench_rsa_key(0, bench_size);
@@ -4063,7 +4074,7 @@ int benchmark_init(void)
 #endif
 
 #ifdef WC_RNG_SEED_CB
-    wc_SetSeed_Cb(wc_GenerateSeed);
+    wc_SetSeed_Cb(WC_GENERATE_SEED_DEFAULT);
 #endif
 
     bench_stats_init();
@@ -5010,7 +5021,13 @@ static void bench_aesecb_internal(int useDeviceID,
                 if (bench_async_check(&ret, BENCH_ASYNC_GET_DEV(enc[i]), 0,
                                       &times, outer_loop_limit, &pending)) {
                 #ifdef HAVE_FIPS
+                    #if defined(WOLFSSL_KERNEL_MODE) || FIPS_VERSION_GE(6, 0)
+                    ret = wc_AesEncryptDirect(enc[i], bench_cipher, bench_plain);
+                    if (ret != 0)
+                        goto exit_aes_enc;
+                    #else
                     wc_AesEncryptDirect(enc[i], bench_cipher, bench_plain);
+                    #endif
                 #else
                     wc_AesEcbEncrypt(enc[i], bench_cipher, bench_plain,
                         benchSz);
@@ -5061,7 +5078,13 @@ exit_aes_enc:
                 if (bench_async_check(&ret, BENCH_ASYNC_GET_DEV(enc[i]), 0,
                                       &times, outer_loop_limit, &pending)) {
                 #ifdef HAVE_FIPS
+                    #if defined(WOLFSSL_KERNEL_MODE) || FIPS_VERSION_GE(6, 0)
+                    ret = wc_AesDecryptDirect(enc[i], bench_plain, bench_cipher);
+                    if (ret != 0)
+                        goto exit_aes_dec;
+                    #else
                     wc_AesDecryptDirect(enc[i], bench_plain, bench_cipher);
+                    #endif
                 #else
                     wc_AesEcbDecrypt(enc[i], bench_plain, bench_cipher,
                         benchSz);
@@ -8740,7 +8763,7 @@ void bench_srtpkdf(void)
 
 #ifndef NO_RSA
 
-#if defined(WOLFSSL_KEY_GEN)
+#if defined(WOLFSSL_KEY_GEN) && !defined(WOLFSSL_RSA_PUBLIC_ONLY)
 static void bench_rsaKeyGen_helper(int useDeviceID, word32 keySz)
 {
     WC_DECLARE_ARRAY(genKey, RsaKey, BENCH_MAX_PENDING,
@@ -8848,7 +8871,7 @@ void bench_rsaKeyGen_size(int useDeviceID, word32 keySz)
 {
     bench_rsaKeyGen_helper(useDeviceID, keySz);
 }
-#endif /* WOLFSSL_KEY_GEN */
+#endif /* WOLFSSL_KEY_GEN && !WOLFSSL_RSA_PUBLIC_ONLY */
 
 #if !defined(USE_CERT_BUFFERS_1024) && !defined(USE_CERT_BUFFERS_2048) && \
     !defined(USE_CERT_BUFFERS_3072) && !defined(USE_CERT_BUFFERS_4096)
@@ -9318,7 +9341,7 @@ exit:
 }
 
 
-#ifdef WOLFSSL_KEY_GEN
+#if defined(WOLFSSL_KEY_GEN) && !defined(WOLFSSL_RSA_PUBLIC_ONLY)
 /* bench any size of RSA key */
 void bench_rsa_key(int useDeviceID, word32 rsaKeySz)
 {
@@ -9814,8 +9837,13 @@ exit_decap:
 
 void bench_mlkem(int type)
 {
-    KyberKey key1;
-    KyberKey key2;
+#ifdef WOLFSSL_SMALL_STACK
+    KyberKey *key1 = NULL;
+    KyberKey *key2 = NULL;
+#else
+    KyberKey key1[1];
+    KyberKey key2[1];
+#endif
     const char* name = NULL;
     int keySize = 0;
 
@@ -9864,14 +9892,30 @@ void bench_mlkem(int type)
         return;
     }
 
-    bench_mlkem_keygen(type, name, keySize, &key1);
-#if !defined(WOLFSSL_MLKEM_NO_ENCAPSULATE) || \
-    !defined(WOLFSSL_MLKEM_NO_DECAPSULATE)
-    bench_mlkem_encap(type, name, keySize, &key1, &key2);
+#ifdef WOLFSSL_SMALL_STACK
+    key1 = (KyberKey *)XMALLOC(sizeof(*key1), HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
+    if (key1 == NULL)
+        return;
+    key2 = (KyberKey *)XMALLOC(sizeof(*key2), HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
+    if (key2 == NULL) {
+        XFREE(key1, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
+        return;
+    }
 #endif
 
-    wc_KyberKey_Free(&key2);
-    wc_KyberKey_Free(&key1);
+    bench_mlkem_keygen(type, name, keySize, key1);
+#if !defined(WOLFSSL_MLKEM_NO_ENCAPSULATE) || \
+    !defined(WOLFSSL_MLKEM_NO_DECAPSULATE)
+    bench_mlkem_encap(type, name, keySize, key1, key2);
+#endif
+
+    wc_KyberKey_Free(key2);
+    wc_KyberKey_Free(key1);
+
+#ifdef WOLFSSL_SMALL_STACK
+    XFREE(key1, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
+    XFREE(key2, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
+#endif
 }
 #endif
 
@@ -10079,7 +10123,7 @@ static void bench_lms_keygen(enum wc_LmsParm parm, byte* pub)
     ret = wc_InitRng(&rng);
 #endif
     if (ret != 0) {
-        fprintf(stderr, "error: wc_InitRng failed: %d\n", ret);
+        printf("error: wc_InitRng failed: %d\n", ret);
         return;
     }
 
@@ -10113,27 +10157,27 @@ static void bench_lms_keygen(enum wc_LmsParm parm, byte* pub)
 
             ret = wc_LmsKey_GetParameters(&key, &levels, &height, &winternitz);
             if (ret) {
-                fprintf(stderr, "error: wc_LmsKey_GetParameters failed: %d\n",
+                printf("error: wc_LmsKey_GetParameters failed: %d\n",
                     ret);
                 goto exit_lms_keygen;
             }
 
             ret = wc_LmsKey_SetWriteCb(&key, lms_write_key_mem);
             if (ret) {
-                fprintf(stderr, "error: wc_LmsKey_SetWriteCb failed: %d\n",
+                printf("error: wc_LmsKey_SetWriteCb failed: %d\n",
                     ret);
                 goto exit_lms_keygen;
             }
 
             ret = wc_LmsKey_SetReadCb(&key, lms_read_key_mem);
             if (ret) {
-                fprintf(stderr, "error: wc_LmsKey_SetReadCb failed: %d\n", ret);
+                printf("error: wc_LmsKey_SetReadCb failed: %d\n", ret);
                 goto exit_lms_keygen;
             }
 
             ret = wc_LmsKey_SetContext(&key, (void*)lms_priv);
             if (ret) {
-                fprintf(stderr, "error: wc_LmsKey_SetContext failed: %d\n",
+                printf("error: wc_LmsKey_SetContext failed: %d\n",
                     ret);
                 goto exit_lms_keygen;
             }
@@ -10162,7 +10206,7 @@ static void bench_lms_keygen(enum wc_LmsParm parm, byte* pub)
 
     ret = wc_LmsKey_ExportPubRaw(&key, pub, &pubLen);
     if (ret) {
-        fprintf(stderr, "error: wc_LmsKey_ExportPubRaw failed: %d\n", ret);
+        printf("error: wc_LmsKey_ExportPubRaw failed: %d\n", ret);
     }
 
 exit_lms_keygen:
@@ -10296,19 +10340,19 @@ static void bench_lms_sign_verify(enum wc_LmsParm parm, byte* pub)
 
     ret = wc_LmsKey_SetWriteCb(&key, lms_write_key_mem);
     if (ret) {
-        fprintf(stderr, "error: wc_LmsKey_SetWriteCb failed: %d\n", ret);
+        printf("error: wc_LmsKey_SetWriteCb failed: %d\n", ret);
         goto exit_lms_sign_verify;
     }
 
     ret = wc_LmsKey_SetReadCb(&key, lms_read_key_mem);
     if (ret) {
-        fprintf(stderr, "error: wc_LmsKey_SetReadCb failed: %d\n", ret);
+        printf("error: wc_LmsKey_SetReadCb failed: %d\n", ret);
         goto exit_lms_sign_verify;
     }
 
     ret = wc_LmsKey_SetContext(&key, (void*)lms_priv);
     if (ret) {
-        fprintf(stderr, "error: wc_LmsKey_SetContext failed: %d\n", ret);
+        printf("error: wc_LmsKey_SetContext failed: %d\n", ret);
         goto exit_lms_sign_verify;
     }
 
@@ -10609,7 +10653,7 @@ static void bench_xmss_sign_verify(const char * params)
     ret = wc_InitRng(&rng);
 #endif
     if (ret != 0) {
-        fprintf(stderr, "error: wc_InitRng failed: %d\n", ret);
+        printf("error: wc_InitRng failed: %d\n", ret);
         goto exit_xmss_sign_verify;
     }
 
@@ -10617,24 +10661,24 @@ static void bench_xmss_sign_verify(const char * params)
 
     ret = wc_XmssKey_Init(&key, NULL, INVALID_DEVID);
     if (ret != 0) {
-        fprintf(stderr, "wc_XmssKey_Init failed: %d\n", ret);
+        printf("wc_XmssKey_Init failed: %d\n", ret);
         goto exit_xmss_sign_verify;
     }
 
     ret = wc_XmssKey_SetParamStr(&key, params);
     if (ret != 0) {
-        fprintf(stderr, "wc_XmssKey_SetParamStr failed: %d\n", ret);
+        printf("wc_XmssKey_SetParamStr failed: %d\n", ret);
         goto exit_xmss_sign_verify;
     }
 
     ret = wc_XmssKey_GetPubLen(&key, &pkSz);
     if (ret != 0) {
-        fprintf(stderr, "wc_XmssKey_GetPubLen failed: %d\n", ret);
+        printf("wc_XmssKey_GetPubLen failed: %d\n", ret);
         goto exit_xmss_sign_verify;
     }
 #ifndef WOLFSSL_WC_XMSS
     if (pkSz != XMSS_SHA256_PUBLEN) {
-        fprintf(stderr, "error: xmss pub len: got %u, expected %d\n", pkSz,
+        printf("error: xmss pub len: got %u, expected %d\n", pkSz,
                 XMSS_SHA256_PUBLEN);
         goto exit_xmss_sign_verify;
     }
@@ -10642,53 +10686,53 @@ static void bench_xmss_sign_verify(const char * params)
 
     ret = wc_XmssKey_GetPrivLen(&key, &skSz);
     if (ret != 0 || skSz <= 0) {
-        fprintf(stderr, "error: wc_XmssKey_GetPrivLen failed\n");
+        printf("error: wc_XmssKey_GetPrivLen failed\n");
         goto exit_xmss_sign_verify;
     }
 
     ret = wc_XmssKey_GetSigLen(&key, &sigSz);
     if (ret != 0 || sigSz <= 0) {
-        fprintf(stderr, "error: wc_XmssKey_GetSigLen failed\n");
+        printf("error: wc_XmssKey_GetSigLen failed\n");
         goto exit_xmss_sign_verify;
     }
 
     /* Allocate secret keys.*/
     sk = (unsigned char *)XMALLOC(skSz, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
     if (sk == NULL) {
-        fprintf(stderr, "error: allocate xmss sk failed\n");
+        printf("error: allocate xmss sk failed\n");
         goto exit_xmss_sign_verify;
     }
 
     /* Allocate signature array. */
     sig = (byte *)XMALLOC(sigSz, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
     if (sig == NULL) {
-        fprintf(stderr, "error: allocate xmss sig failed\n");
+        printf("error: allocate xmss sig failed\n");
         goto exit_xmss_sign_verify;
     }
 
     ret = wc_XmssKey_SetWriteCb(&key, xmss_write_key_mem);
     if (ret != 0) {
-        fprintf(stderr, "error: wc_XmssKey_SetWriteCb failed: %d\n", ret);
+        printf("error: wc_XmssKey_SetWriteCb failed: %d\n", ret);
         goto exit_xmss_sign_verify;
     }
 
     ret = wc_XmssKey_SetReadCb(&key, xmss_read_key_mem);
     if (ret != 0) {
-        fprintf(stderr, "error: wc_XmssKey_SetReadCb failed: %d\n", ret);
+        printf("error: wc_XmssKey_SetReadCb failed: %d\n", ret);
         goto exit_xmss_sign_verify;
     }
 
     ret = wc_XmssKey_SetContext(&key, (void *)sk);
     if (ret != 0) {
-        fprintf(stderr, "error: wc_XmssKey_SetContext failed: %d\n", ret);
+        printf("error: wc_XmssKey_SetContext failed: %d\n", ret);
         goto exit_xmss_sign_verify;
     }
 
 #if defined(DEBUG_WOLFSSL) || defined(WOLFSSL_DEBUG_NONBLOCK)
-    fprintf(stderr, "params: %s\n", params);
-    fprintf(stderr, "pkSz:   %d\n", pkSz);
-    fprintf(stderr, "skSz:   %d\n", skSz);
-    fprintf(stderr, "sigSz:  %d\n", sigSz);
+    printf("params: %s\n", params);
+    printf("pkSz:   %d\n", pkSz);
+    printf("skSz:   %d\n", skSz);
+    printf("sigSz:  %d\n", sigSz);
 #endif
 
     /* Making the private key is the bottleneck for larger heights. */
@@ -14232,18 +14276,68 @@ static const int sizeof_bench_dilithium_level5_sig =
 void bench_dilithiumKeySign(byte level)
 {
     int    ret = 0;
-    dilithium_key key;
     double start;
     int    i, count;
 #if !defined(WOLFSSL_DILITHIUM_NO_SIGN) || !defined(WOLFSSL_DILITHIUM_NO_VERIFY)
-    byte   sig[DILITHIUM_MAX_SIG_SIZE];
-    byte   msg[512];
     word32 x = 0;
 #endif
+
+#define DILITHIUM_BENCH_MSG_SIZE 512
+#ifdef WOLFSSL_SMALL_STACK
+    dilithium_key *key = NULL;
+    #if !defined(WOLFSSL_DILITHIUM_NO_SIGN) || \
+        !defined(WOLFSSL_DILITHIUM_NO_VERIFY)
+    byte   *sig = NULL;
+    byte   *msg = NULL;
+    #endif
+#else
+    dilithium_key key[1];
+    #if !defined(WOLFSSL_DILITHIUM_NO_SIGN) || \
+        !defined(WOLFSSL_DILITHIUM_NO_VERIFY)
+    byte   sig[DILITHIUM_MAX_SIG_SIZE];
+    byte   msg[DILITHIUM_BENCH_MSG_SIZE];
+    #endif
+#endif
+
     const char**desc = bench_desc_words[lng_index];
     DECLARE_MULTI_VALUE_STATS_VARS()
     byte params = 0;
 
+#ifdef WOLFSSL_SMALL_STACK
+    key = (dilithium_key *)XMALLOC(sizeof(*key), HEAP_HINT,
+        DYNAMIC_TYPE_TMP_BUFFER);
+    #if !defined(WOLFSSL_DILITHIUM_NO_SIGN) || \
+        !defined(WOLFSSL_DILITHIUM_NO_VERIFY)
+    sig = (byte *)XMALLOC(DILITHIUM_MAX_SIG_SIZE, HEAP_HINT,
+        DYNAMIC_TYPE_TMP_BUFFER);
+    msg = (byte *)XMALLOC(DILITHIUM_BENCH_MSG_SIZE, HEAP_HINT,
+        DYNAMIC_TYPE_TMP_BUFFER);
+    #endif
+
+    if (key == NULL) {
+    #if !defined(WOLFSSL_DILITHIUM_NO_SIGN) || \
+        !defined(WOLFSSL_DILITHIUM_NO_VERIFY)
+        XFREE(sig, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
+        sig = NULL;
+        XFREE(msg, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
+        msg = NULL;
+    #endif
+        goto out;
+    }
+    #if !defined(WOLFSSL_DILITHIUM_NO_SIGN) || \
+        !defined(WOLFSSL_DILITHIUM_NO_VERIFY)
+    if ((sig == NULL) || (msg == NULL)) {
+        XFREE(key, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
+        key = NULL;
+        XFREE(sig, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
+        sig = NULL;
+        XFREE(msg, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
+        msg = NULL;
+        goto out;
+    }
+    #endif
+#endif /* WOLFSSL_SMALL_STACK */
+
     if (level == 2) {
         params = 44;
     }
@@ -14256,18 +14350,18 @@ void bench_dilithiumKeySign(byte level)
 
 #if !defined(WOLFSSL_DILITHIUM_NO_SIGN) || !defined(WOLFSSL_DILITHIUM_NO_VERIFY)
     /* make dummy msg */
-    for (i = 0; i < (int)sizeof(msg); i++) {
+    for (i = 0; i < DILITHIUM_BENCH_MSG_SIZE; i++) {
         msg[i] = (byte)i;
     }
 #endif
 
-    ret = wc_dilithium_init(&key);
+    ret = wc_dilithium_init(key);
     if (ret != 0) {
         printf("wc_dilithium_init failed %d\n", ret);
-        return;
+        goto out;
     }
 
-    ret = wc_dilithium_set_level(&key, level);
+    ret = wc_dilithium_set_level(key, level);
     if (ret != 0) {
         printf("wc_dilithium_set_level() failed %d\n", ret);
     }
@@ -14276,10 +14370,10 @@ void bench_dilithiumKeySign(byte level)
     bench_stats_start(&count, &start);
     do {
         for (i = 0; i < agreeTimes; i++) {
-            ret = wc_dilithium_make_key(&key, GLOBAL_RNG);
+            ret = wc_dilithium_make_key(key, GLOBAL_RNG);
             if (ret != 0) {
                 printf("wc_dilithium_import_private_key failed %d\n", ret);
-                return;
+                goto out;
             }
         }
         count += i;
@@ -14302,24 +14396,24 @@ void bench_dilithiumKeySign(byte level)
 #ifndef WOLFSSL_NO_ML_DSA_44
     if (level == 2) {
         ret = wc_dilithium_import_private(bench_dilithium_level2_key,
-            sizeof_bench_dilithium_level2_key, &key);
+            sizeof_bench_dilithium_level2_key, key);
     }
 #endif
 #ifndef WOLFSSL_NO_ML_DSA_65
     if (level == 3) {
         ret = wc_dilithium_import_private(bench_dilithium_level3_key,
-            sizeof_bench_dilithium_level3_key, &key);
+            sizeof_bench_dilithium_level3_key, key);
     }
 #endif
 #ifndef WOLFSSL_NO_ML_DSA_87
     if (level == 5) {
         ret = wc_dilithium_import_private(bench_dilithium_level5_key,
-            sizeof_bench_dilithium_level5_key, &key);
+            sizeof_bench_dilithium_level5_key, key);
     }
 #endif
     if (ret != 0) {
         printf("Failed to load private key\n");
-        return;
+        goto out;
     }
 
 #endif
@@ -14341,7 +14435,7 @@ void bench_dilithiumKeySign(byte level)
     do {
         for (i = 0; i < agreeTimes; i++) {
             if (ret == 0) {
-                ret = wc_dilithium_sign_msg(msg, sizeof(msg), sig, &x, &key,
+                ret = wc_dilithium_sign_msg(msg, DILITHIUM_BENCH_MSG_SIZE, sig, &x, key,
                                             GLOBAL_RNG);
                 if (ret != 0) {
                     printf("wc_dilithium_sign_msg failed\n");
@@ -14377,7 +14471,7 @@ void bench_dilithiumKeySign(byte level)
         XMEMCPY(sig, bench_dilithium_level2_sig, x);
     #endif
         ret = wc_dilithium_import_public(bench_dilithium_level2_pubkey,
-            sizeof_bench_dilithium_level2_pubkey, &key);
+            sizeof_bench_dilithium_level2_pubkey, key);
     }
 #endif
 #ifndef WOLFSSL_NO_ML_DSA_65
@@ -14387,7 +14481,7 @@ void bench_dilithiumKeySign(byte level)
         XMEMCPY(sig, bench_dilithium_level3_sig, x);
     #endif
         ret = wc_dilithium_import_public(bench_dilithium_level3_pubkey,
-            sizeof_bench_dilithium_level3_pubkey, &key);
+            sizeof_bench_dilithium_level3_pubkey, key);
     }
 #endif
 #ifndef WOLFSSL_NO_ML_DSA_87
@@ -14397,12 +14491,12 @@ void bench_dilithiumKeySign(byte level)
         XMEMCPY(sig, bench_dilithium_level5_sig, x);
     #endif
         ret = wc_dilithium_import_public(bench_dilithium_level5_pubkey,
-            sizeof_bench_dilithium_level5_pubkey, &key);
+            sizeof_bench_dilithium_level5_pubkey, key);
     }
 #endif
     if (ret != 0) {
         printf("Failed to load public key\n");
-        return;
+        goto out;
     }
 
 #endif
@@ -14415,8 +14509,8 @@ void bench_dilithiumKeySign(byte level)
         for (i = 0; i < agreeTimes; i++) {
             if (ret == 0) {
                 int verify = 0;
-                ret = wc_dilithium_verify_msg(sig, x, msg, sizeof(msg),
-                                              &verify, &key);
+                ret = wc_dilithium_verify_msg(sig, x, msg, DILITHIUM_BENCH_MSG_SIZE,
+                                              &verify, key);
 
                 if (ret != 0 || verify != 1) {
                     printf("wc_dilithium_verify_msg failed %d, verify %d\n",
@@ -14442,7 +14536,22 @@ void bench_dilithiumKeySign(byte level)
     }
 #endif
 
-    wc_dilithium_free(&key);
+out:
+
+#ifdef WOLFSSL_SMALL_STACK
+    if (key)
+#endif
+    {
+        wc_dilithium_free(key);
+    }
+
+#ifdef WOLFSSL_SMALL_STACK
+    XFREE(key, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
+    #if !defined(WOLFSSL_DILITHIUM_NO_SIGN) || !defined(WOLFSSL_DILITHIUM_NO_VERIFY)
+    XFREE(sig, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
+    XFREE(msg, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
+    #endif
+#endif
 }
 #endif /* HAVE_DILITHIUM */
 
diff --git a/wolfcrypt/src/aes.c b/wolfcrypt/src/aes.c
index de6a428c9..a6b88af38 100644
--- a/wolfcrypt/src/aes.c
+++ b/wolfcrypt/src/aes.c
@@ -150,8 +150,51 @@ block cipher mechanism that uses n-bit binary string parameter key with 128-bits
             return ret;
 #endif
 
-    #ifdef WOLFSSL_STM32_CUBEMX
-        ret = wc_Stm32_Aes_Init(aes, &hcryp);
+    #ifdef WOLFSSL_STM32U5_DHUK
+        ret = wolfSSL_CryptHwMutexLock();
+        if (ret != 0)
+            return ret;
+
+        /* Handle making use of wrapped key */
+        if (aes->devId == WOLFSSL_STM32U5_DHUK_WRAPPED_DEVID) {
+            CRYP_ConfigTypeDef Config = {0};
+
+            ret = wc_Stm32_Aes_UnWrap(aes, &hcryp, (const byte*)aes->key,
+                aes->keylen, aes->dhukIV, aes->dhukIVLen);
+            if (ret != HAL_OK) {
+                WOLFSSL_MSG("Error with DHUK key unwrap");
+                ret = BAD_FUNC_ARG;
+            }
+            /* reconfigure for using unwrapped key now */
+            HAL_CRYP_GetConfig(&hcryp, &Config);
+            Config.KeyMode   = CRYP_KEYMODE_NORMAL;
+            Config.KeySelect = CRYP_KEYSEL_NORMAL;
+            Config.Algorithm = CRYP_AES_ECB;
+            Config.DataType  = CRYP_DATATYPE_8B;
+            Config.DataWidthUnit = CRYP_DATAWIDTHUNIT_BYTE;
+            HAL_CRYP_SetConfig(&hcryp, &Config);
+        }
+        else {
+            ret = wc_Stm32_Aes_Init(aes, &hcryp, 1);
+            if (ret == 0) {
+                hcryp.Init.Algorithm  = CRYP_AES_ECB;
+                ret = HAL_CRYP_Init(&hcryp);
+                if (ret != HAL_OK) {
+                    ret = BAD_FUNC_ARG;
+                }
+            }
+        }
+
+        if (ret == HAL_OK) {
+            ret = HAL_CRYP_Encrypt(&hcryp, (uint32_t*)inBlock, WC_AES_BLOCK_SIZE,
+                    (uint32_t*)outBlock, STM32_HAL_TIMEOUT);
+            if (ret != HAL_OK) {
+                ret = WC_TIMEOUT_E;
+            }
+        }
+        HAL_CRYP_DeInit(&hcryp);
+    #elif defined(WOLFSSL_STM32_CUBEMX)
+        ret = wc_Stm32_Aes_Init(aes, &hcryp, 0);
         if (ret != 0)
             return ret;
 
@@ -166,22 +209,26 @@ block cipher mechanism that uses n-bit binary string parameter key with 128-bits
         hcryp.Init.ChainingMode  = CRYP_CHAINMODE_AES_ECB;
         hcryp.Init.KeyWriteFlag  = CRYP_KEY_WRITE_ENABLE;
     #endif
-        HAL_CRYP_Init(&hcryp);
-
-    #if defined(STM32_HAL_V2)
-        ret = HAL_CRYP_Encrypt(&hcryp, (uint32_t*)inBlock, WC_AES_BLOCK_SIZE,
-            (uint32_t*)outBlock, STM32_HAL_TIMEOUT);
-    #elif defined(STM32_CRYPTO_AES_ONLY)
-        ret = HAL_CRYPEx_AES(&hcryp, (uint8_t*)inBlock, WC_AES_BLOCK_SIZE,
-            outBlock, STM32_HAL_TIMEOUT);
-    #else
-        ret = HAL_CRYP_AESECB_Encrypt(&hcryp, (uint8_t*)inBlock, WC_AES_BLOCK_SIZE,
-            outBlock, STM32_HAL_TIMEOUT);
-    #endif
-        if (ret != HAL_OK) {
-            ret = WC_TIMEOUT_E;
+        if (HAL_CRYP_Init(&hcryp) != HAL_OK) {
+            ret = BAD_FUNC_ARG;
+        }
+
+        if (ret == 0) {
+        #if defined(STM32_HAL_V2)
+            ret = HAL_CRYP_Encrypt(&hcryp, (uint32_t*)inBlock, WC_AES_BLOCK_SIZE,
+                (uint32_t*)outBlock, STM32_HAL_TIMEOUT);
+        #elif defined(STM32_CRYPTO_AES_ONLY)
+            ret = HAL_CRYPEx_AES(&hcryp, (uint8_t*)inBlock, WC_AES_BLOCK_SIZE,
+                outBlock, STM32_HAL_TIMEOUT);
+        #else
+            ret = HAL_CRYP_AESECB_Encrypt(&hcryp, (uint8_t*)inBlock, WC_AES_BLOCK_SIZE,
+                outBlock, STM32_HAL_TIMEOUT);
+        #endif
+            if (ret != HAL_OK) {
+                ret = WC_TIMEOUT_E;
+            }
+            HAL_CRYP_DeInit(&hcryp);
         }
-        HAL_CRYP_DeInit(&hcryp);
 
     #else /* Standard Peripheral Library */
         ret = wc_Stm32_Aes_Init(aes, &cryptInit, &keyInit);
@@ -251,8 +298,52 @@ block cipher mechanism that uses n-bit binary string parameter key with 128-bits
             return ret;
 #endif
 
-    #ifdef WOLFSSL_STM32_CUBEMX
-        ret = wc_Stm32_Aes_Init(aes, &hcryp);
+    #ifdef WOLFSSL_STM32U5_DHUK
+        ret = wolfSSL_CryptHwMutexLock();
+        if (ret != 0)
+            return ret;
+
+        /* Handle making use of wrapped key */
+        if (aes->devId == WOLFSSL_STM32U5_DHUK_WRAPPED_DEVID) {
+            CRYP_ConfigTypeDef Config;
+
+            XMEMSET(&Config, 0, sizeof(Config));
+            ret = wc_Stm32_Aes_UnWrap(aes, &hcryp, (const byte*)aes->key,
+                aes->keylen, aes->dhukIV, aes->dhukIVLen);
+            if (ret != HAL_OK) {
+                WOLFSSL_MSG("Error with DHUK unwrap");
+                ret = BAD_FUNC_ARG;
+            }
+            /* reconfigure for using unwrapped key now */
+            HAL_CRYP_GetConfig(&hcryp, &Config);
+            Config.KeyMode   = CRYP_KEYMODE_NORMAL;
+            Config.KeySelect = CRYP_KEYSEL_NORMAL;
+            Config.Algorithm = CRYP_AES_ECB;
+            Config.DataType  = CRYP_DATATYPE_8B;
+            Config.DataWidthUnit = CRYP_DATAWIDTHUNIT_BYTE;
+            HAL_CRYP_SetConfig(&hcryp, &Config);
+        }
+        else {
+            ret = wc_Stm32_Aes_Init(aes, &hcryp, 1);
+            if (ret == 0) {
+                hcryp.Init.Algorithm  = CRYP_AES_ECB;
+                ret = HAL_CRYP_Init(&hcryp);
+                if (ret != HAL_OK) {
+                    ret = BAD_FUNC_ARG;
+                }
+            }
+        }
+
+        if (ret == HAL_OK) {
+            ret = HAL_CRYP_Decrypt(&hcryp, (uint32_t*)inBlock, WC_AES_BLOCK_SIZE,
+                    (uint32_t*)outBlock, STM32_HAL_TIMEOUT);
+            if (ret != HAL_OK) {
+                ret = WC_TIMEOUT_E;
+            }
+        }
+        HAL_CRYP_DeInit(&hcryp);
+    #elif defined(WOLFSSL_STM32_CUBEMX)
+        ret = wc_Stm32_Aes_Init(aes, &hcryp, 0);
         if (ret != 0)
             return ret;
 
@@ -624,11 +715,11 @@ block cipher mechanism that uses n-bit binary string parameter key with 128-bits
      */
     static int checkedAESNI = 0;
     static int haveAESNI  = 0;
-    static word32 intel_flags = 0;
+    static cpuid_flags_t intel_flags = WC_CPUID_INITIALIZER;
 
     static WARN_UNUSED_RESULT int Check_CPU_support_AES(void)
     {
-        intel_flags = cpuid_get_flags();
+        cpuid_get_flags_ex(&intel_flags);
 
         return IS_INTEL_AESNI(intel_flags) != 0;
     }
@@ -786,15 +877,11 @@ block cipher mechanism that uses n-bit binary string parameter key with 128-bits
 
     #define NEED_AES_TABLES
 
-    static int checkedCpuIdFlags = 0;
-    static word32 cpuid_flags = 0;
+    static cpuid_flags_t cpuid_flags = WC_CPUID_INITIALIZER;
 
     static void Check_CPU_support_HwCrypto(Aes* aes)
     {
-        if (checkedCpuIdFlags == 0) {
-            cpuid_flags = cpuid_get_flags();
-            checkedCpuIdFlags = 1;
-        }
+        cpuid_get_flags_ex(&cpuid_flags);
         aes->use_aes_hw_crypto = IS_AARCH64_AES(cpuid_flags);
     #ifdef HAVE_AESGCM
         aes->use_pmull_hw_crypto = IS_AARCH64_PMULL(cpuid_flags);
@@ -4595,12 +4682,12 @@ static void AesSetKey_C(Aes* aes, const byte* key, word32 keySz, int dir)
         * AES-NI is disabled, and a nonzero value if it's enabled.
         *
         * An additional, optional semantic is available via
-        * WC_FLAG_DONT_USE_AESNI, and is used in some kernel module builds to
-        * let the caller inhibit AES-NI.  When this macro is defined,
+        * WC_FLAG_DONT_USE_VECTOR_OPS, and is used in some kernel module builds
+        * to let the caller inhibit AES-NI.  When this macro is defined,
         * wc_AesInit() before wc_AesSetKey() is imperative, to avoid a read of
         * uninitialized data in aes->use_aesni.  That's why support for
-        * WC_FLAG_DONT_USE_AESNI must remain optional -- wc_AesInit() was only
-        * added in release 3.11.0, so legacy applications inevitably call
+        * WC_FLAG_DONT_USE_VECTOR_OPS must remain optional -- wc_AesInit() was
+        * only added in release 3.11.0, so legacy applications inevitably call
         * wc_AesSetKey() on uninitialized Aes contexts.  This must continue to
         * function correctly with default build settings.
         */
@@ -4610,25 +4697,28 @@ static void AesSetKey_C(Aes* aes, const byte* key, word32 keySz, int dir)
             checkedAESNI = 1;
         }
         if (haveAESNI
-#if defined(WC_FLAG_DONT_USE_AESNI) && !defined(WC_C_DYNAMIC_FALLBACK)
-            && (aes->use_aesni != WC_FLAG_DONT_USE_AESNI)
+#if defined(WC_FLAG_DONT_USE_VECTOR_OPS) && !defined(WC_C_DYNAMIC_FALLBACK)
+            && (aes->use_aesni != WC_FLAG_DONT_USE_VECTOR_OPS)
 #endif
             )
         {
-#if defined(WC_FLAG_DONT_USE_AESNI)
-            if (aes->use_aesni == WC_FLAG_DONT_USE_AESNI) {
+#if defined(WC_FLAG_DONT_USE_VECTOR_OPS)
+            if (aes->use_aesni == WC_FLAG_DONT_USE_VECTOR_OPS) {
                 aes->use_aesni = 0;
                 return 0;
             }
 #endif
             aes->use_aesni = 0;
-            #ifdef WOLFSSL_LINUXKM
+            #ifdef WOLFSSL_KERNEL_MODE
             /* runtime alignment check */
             if ((wc_ptr_t)&aes->key & (wc_ptr_t)0xf) {
-                return BAD_ALIGN_E;
+                ret = BAD_ALIGN_E;
+            }
+            else
+            #endif /* WOLFSSL_KERNEL_MODE */
+            {
+                ret = SAVE_VECTOR_REGISTERS2();
             }
-            #endif /* WOLFSSL_LINUXKM */
-            ret = SAVE_VECTOR_REGISTERS2();
             if (ret == 0) {
                 if (dir == AES_ENCRYPTION)
                     ret = AES_set_encrypt_key_AESNI(userKey, (int)keylen * 8, aes);
@@ -4963,7 +5053,7 @@ int wc_AesSetIV(Aes* aes, const byte* iv)
 #ifdef HAVE_AES_CBC
 #if defined(STM32_CRYPTO)
 
-#ifdef WOLFSSL_STM32_CUBEMX
+#ifdef WOLFSSL_STM32U5_DHUK
     int wc_AesCbcEncrypt(Aes* aes, byte* out, const byte* in, word32 sz)
     {
         int ret = 0;
@@ -4978,7 +5068,142 @@ int wc_AesSetIV(Aes* aes, const byte* iv)
         if (blocks == 0)
             return 0;
 
-        ret = wc_Stm32_Aes_Init(aes, &hcryp);
+        ret = wolfSSL_CryptHwMutexLock();
+        if (ret != 0) {
+            return ret;
+        }
+
+        if (aes->devId == WOLFSSL_STM32U5_DHUK_WRAPPED_DEVID) {
+            CRYP_ConfigTypeDef Config;
+
+            XMEMSET(&Config, 0, sizeof(Config));
+            ret = wc_Stm32_Aes_UnWrap(aes, &hcryp, (const byte*)aes->key, aes->keylen,
+                (const byte*)aes->dhukIV, aes->dhukIVLen);
+
+            /* reconfigure for using unwrapped key now */
+            HAL_CRYP_GetConfig(&hcryp, &Config);
+            Config.KeyMode   = CRYP_KEYMODE_NORMAL;
+            Config.KeySelect = CRYP_KEYSEL_NORMAL;
+            Config.Algorithm = CRYP_AES_CBC;
+            ByteReverseWords(aes->reg, aes->reg, WC_AES_BLOCK_SIZE);
+            Config.pInitVect = (STM_CRYPT_TYPE*)aes->reg;
+            HAL_CRYP_SetConfig(&hcryp, &Config);
+        }
+        else {
+            ret = wc_Stm32_Aes_Init(aes, &hcryp, 1);
+            if (ret != 0) {
+                wolfSSL_CryptHwMutexUnLock();
+                return ret;
+            }
+            hcryp.Init.Algorithm  = CRYP_AES_CBC;
+            ByteReverseWords(aes->reg, aes->reg, WC_AES_BLOCK_SIZE);
+            hcryp.Init.pInitVect = (STM_CRYPT_TYPE*)aes->reg;
+            ret = HAL_CRYP_Init(&hcryp);
+        }
+
+        if (ret == HAL_OK) {
+            ret = HAL_CRYP_Encrypt(&hcryp, (uint32_t*)in, blocks * WC_AES_BLOCK_SIZE,
+                (uint32_t*)out, STM32_HAL_TIMEOUT);
+            if (ret != HAL_OK) {
+                ret = WC_TIMEOUT_E;
+            }
+
+            /* store iv for next call */
+            XMEMCPY(aes->reg, out + sz - WC_AES_BLOCK_SIZE, WC_AES_BLOCK_SIZE);
+        }
+
+        HAL_CRYP_DeInit(&hcryp);
+
+        wolfSSL_CryptHwMutexUnLock();
+        wc_Stm32_Aes_Cleanup();
+
+        return ret;
+    }
+    #ifdef HAVE_AES_DECRYPT
+    int wc_AesCbcDecrypt(Aes* aes, byte* out, const byte* in, word32 sz)
+    {
+        int ret = 0;
+        CRYP_HandleTypeDef hcryp;
+        word32 blocks = (sz / WC_AES_BLOCK_SIZE);
+
+#ifdef WOLFSSL_AES_CBC_LENGTH_CHECKS
+        if (sz % WC_AES_BLOCK_SIZE) {
+            return BAD_LENGTH_E;
+        }
+#endif
+        if (blocks == 0)
+            return 0;
+
+        ret = wolfSSL_CryptHwMutexLock();
+        if (ret != 0) {
+            return ret;
+        }
+
+        if (aes->devId == WOLFSSL_STM32U5_DHUK_WRAPPED_DEVID) {
+            CRYP_ConfigTypeDef Config;
+
+            XMEMSET(&Config, 0, sizeof(Config));
+            ret = wc_Stm32_Aes_UnWrap(aes, &hcryp, (const byte*)aes->key, aes->keylen,
+                aes->dhukIV, aes->dhukIVLen);
+
+            /* reconfigure for using unwrapped key now */
+            HAL_CRYP_GetConfig(&hcryp, &Config);
+            Config.KeyMode   = CRYP_KEYMODE_NORMAL;
+            Config.KeySelect = CRYP_KEYSEL_NORMAL;
+            Config.Algorithm = CRYP_AES_CBC;
+            ByteReverseWords(aes->reg, aes->reg, WC_AES_BLOCK_SIZE);
+            Config.pInitVect = (STM_CRYPT_TYPE*)aes->reg;
+            HAL_CRYP_SetConfig(&hcryp, &Config);
+        }
+        else {
+            ret = wc_Stm32_Aes_Init(aes, &hcryp, 1);
+            if (ret != 0) {
+                wolfSSL_CryptHwMutexUnLock();
+                return ret;
+            }
+            hcryp.Init.Algorithm  = CRYP_AES_CBC;
+            ByteReverseWords(aes->reg, aes->reg, WC_AES_BLOCK_SIZE);
+            hcryp.Init.pInitVect = (STM_CRYPT_TYPE*)aes->reg;
+            ret = HAL_CRYP_Init(&hcryp);
+        }
+
+        if (ret == HAL_OK) {
+            /* if input and output same will overwrite input iv */
+            XMEMCPY(aes->tmp, in + sz - WC_AES_BLOCK_SIZE, WC_AES_BLOCK_SIZE);
+            ret = HAL_CRYP_Decrypt(&hcryp, (uint32_t*)in, blocks * WC_AES_BLOCK_SIZE,
+                (uint32_t*)out, STM32_HAL_TIMEOUT);
+            if (ret != HAL_OK) {
+                ret = WC_TIMEOUT_E;
+            }
+
+            /* store iv for next call */
+            XMEMCPY(aes->reg, aes->tmp, WC_AES_BLOCK_SIZE);
+        }
+
+        HAL_CRYP_DeInit(&hcryp);
+        wolfSSL_CryptHwMutexUnLock();
+        wc_Stm32_Aes_Cleanup();
+
+        return ret;
+    }
+    #endif /* HAVE_AES_DECRYPT */
+
+#elif defined(WOLFSSL_STM32_CUBEMX)
+    int wc_AesCbcEncrypt(Aes* aes, byte* out, const byte* in, word32 sz)
+    {
+        int ret = 0;
+        CRYP_HandleTypeDef hcryp;
+        word32 blocks = (sz / WC_AES_BLOCK_SIZE);
+
+#ifdef WOLFSSL_AES_CBC_LENGTH_CHECKS
+        if (sz % WC_AES_BLOCK_SIZE) {
+            return BAD_LENGTH_E;
+        }
+#endif
+        if (blocks == 0)
+            return 0;
+
+        ret = wc_Stm32_Aes_Init(aes, &hcryp, 0);
         if (ret != 0)
             return ret;
 
@@ -4996,19 +5221,21 @@ int wc_AesSetIV(Aes* aes, const byte* iv)
         hcryp.Init.KeyWriteFlag  = CRYP_KEY_WRITE_ENABLE;
     #endif
         hcryp.Init.pInitVect = (STM_CRYPT_TYPE*)aes->reg;
-        HAL_CRYP_Init(&hcryp);
+        ret = HAL_CRYP_Init(&hcryp);
 
-    #if defined(STM32_HAL_V2)
-        ret = HAL_CRYP_Encrypt(&hcryp, (uint32_t*)in, blocks * WC_AES_BLOCK_SIZE,
-            (uint32_t*)out, STM32_HAL_TIMEOUT);
-    #elif defined(STM32_CRYPTO_AES_ONLY)
-        ret = HAL_CRYPEx_AES(&hcryp, (uint8_t*)in, blocks * WC_AES_BLOCK_SIZE,
-            out, STM32_HAL_TIMEOUT);
-    #else
-        ret = HAL_CRYP_AESCBC_Encrypt(&hcryp, (uint8_t*)in,
-                                      blocks * WC_AES_BLOCK_SIZE,
-                                      out, STM32_HAL_TIMEOUT);
-    #endif
+        if (ret == HAL_OK) {
+        #if defined(STM32_HAL_V2)
+            ret = HAL_CRYP_Encrypt(&hcryp, (uint32_t*)in, blocks * WC_AES_BLOCK_SIZE,
+                (uint32_t*)out, STM32_HAL_TIMEOUT);
+        #elif defined(STM32_CRYPTO_AES_ONLY)
+            ret = HAL_CRYPEx_AES(&hcryp, (uint8_t*)in, blocks * WC_AES_BLOCK_SIZE,
+                out, STM32_HAL_TIMEOUT);
+        #else
+            ret = HAL_CRYP_AESCBC_Encrypt(&hcryp, (uint8_t*)in,
+                                        blocks * WC_AES_BLOCK_SIZE,
+                                        out, STM32_HAL_TIMEOUT);
+        #endif
+        }
         if (ret != HAL_OK) {
             ret = WC_TIMEOUT_E;
         }
@@ -5038,7 +5265,7 @@ int wc_AesSetIV(Aes* aes, const byte* iv)
         if (blocks == 0)
             return 0;
 
-        ret = wc_Stm32_Aes_Init(aes, &hcryp);
+        ret = wc_Stm32_Aes_Init(aes, &hcryp, 0);
         if (ret != 0)
             return ret;
 
@@ -5060,19 +5287,21 @@ int wc_AesSetIV(Aes* aes, const byte* iv)
     #endif
 
         hcryp.Init.pInitVect = (STM_CRYPT_TYPE*)aes->reg;
-        HAL_CRYP_Init(&hcryp);
+        ret = HAL_CRYP_Init(&hcryp);
 
-    #if defined(STM32_HAL_V2)
-        ret = HAL_CRYP_Decrypt(&hcryp, (uint32_t*)in, blocks * WC_AES_BLOCK_SIZE,
-            (uint32_t*)out, STM32_HAL_TIMEOUT);
-    #elif defined(STM32_CRYPTO_AES_ONLY)
-        ret = HAL_CRYPEx_AES(&hcryp, (uint8_t*)in, blocks * WC_AES_BLOCK_SIZE,
-            out, STM32_HAL_TIMEOUT);
-    #else
-        ret = HAL_CRYP_AESCBC_Decrypt(&hcryp, (uint8_t*)in,
-                                      blocks * WC_AES_BLOCK_SIZE,
-            out, STM32_HAL_TIMEOUT);
-    #endif
+        if (ret == HAL_OK) {
+        #if defined(STM32_HAL_V2)
+            ret = HAL_CRYP_Decrypt(&hcryp, (uint32_t*)in, blocks * WC_AES_BLOCK_SIZE,
+                (uint32_t*)out, STM32_HAL_TIMEOUT);
+        #elif defined(STM32_CRYPTO_AES_ONLY)
+            ret = HAL_CRYPEx_AES(&hcryp, (uint8_t*)in, blocks * WC_AES_BLOCK_SIZE,
+                out, STM32_HAL_TIMEOUT);
+        #else
+            ret = HAL_CRYP_AESCBC_Decrypt(&hcryp, (uint8_t*)in,
+                                        blocks * WC_AES_BLOCK_SIZE,
+                out, STM32_HAL_TIMEOUT);
+        #endif
+        }
         if (ret != HAL_OK) {
             ret = WC_TIMEOUT_E;
         }
@@ -6137,7 +6366,7 @@ int wc_AesCbcEncrypt(Aes* aes, byte* out, const byte* in, word32 sz)
         #endif
 
         #ifdef WOLFSSL_STM32_CUBEMX
-            ret = wc_Stm32_Aes_Init(aes, &hcryp);
+            ret = wc_Stm32_Aes_Init(aes, &hcryp, 0);
             if (ret != 0) {
                 return ret;
             }
@@ -6577,7 +6806,7 @@ static WC_INLINE void RIGHTSHIFTX(byte* x)
 {
     int i;
     int carryIn = 0;
-    byte borrow = (byte)((0x00U - (x[15] & 0x01U)) & 0xE1U);
+    volatile byte borrow = (byte)((0x00U - (x[15] & 0x01U)) & 0xE1U);
 
     for (i = 0; i < WC_AES_BLOCK_SIZE; i++) {
         int carryOut = (x[i] & 0x01) << 7;
@@ -8329,7 +8558,7 @@ static WARN_UNUSED_RESULT int wc_AesGcmEncrypt_STM32(
         return ret;
 
 #ifdef WOLFSSL_STM32_CUBEMX
-    ret = wc_Stm32_Aes_Init(aes, &hcryp);
+    ret = wc_Stm32_Aes_Init(aes, &hcryp, 0);
     if (ret != 0)
         return ret;
 #endif
@@ -8867,7 +9096,7 @@ static WARN_UNUSED_RESULT int wc_AesGcmDecrypt_STM32(
         return ret;
 
 #ifdef WOLFSSL_STM32_CUBEMX
-    ret = wc_Stm32_Aes_Init(aes, &hcryp);
+    ret = wc_Stm32_Aes_Init(aes, &hcryp, 0);
     if (ret != 0)
         return ret;
 #endif
@@ -9120,7 +9349,7 @@ int WARN_UNUSED_RESULT AES_GCM_decrypt_C(
     ALIGN16 byte scratch[WC_AES_BLOCK_SIZE];
     ALIGN16 byte Tprime[WC_AES_BLOCK_SIZE];
     ALIGN16 byte EKY0[WC_AES_BLOCK_SIZE];
-    sword32 res;
+    volatile sword32 res;
 
     if (ivSz == GCM_NONCE_MID_SZ) {
         /* Counter is IV with bottom 4 bytes set to: 0x00,0x00,0x00,0x01. */
@@ -11608,7 +11837,7 @@ int wc_AesInit(Aes* aes, void* heap, int devId)
 
     aes->heap = heap;
 
-#ifdef WOLF_CRYPTO_CB
+#if defined(WOLF_CRYPTO_CB) || defined(WOLFSSL_STM32U5_DHUK)
     aes->devId = devId;
 #else
     (void)devId;
diff --git a/wolfcrypt/src/aes_gcm_asm.asm b/wolfcrypt/src/aes_gcm_asm.asm
index a00fa449f..95423483b 100644
--- a/wolfcrypt/src/aes_gcm_asm.asm
+++ b/wolfcrypt/src/aes_gcm_asm.asm
@@ -1,6 +1,6 @@
 ; /* aes_gcm_asm.asm */
 ; /*
-; * Copyright (C) 2006-2025 wolfSSL Inc.
+;  * Copyright (C) 2006-2025 wolfSSL Inc.
 ;  *
 ;  * This file is part of wolfSSL.
 ;  *
diff --git a/wolfcrypt/src/aes_xts_asm.S b/wolfcrypt/src/aes_xts_asm.S
index 7092beae1..cdc84d868 100644
--- a/wolfcrypt/src/aes_xts_asm.S
+++ b/wolfcrypt/src/aes_xts_asm.S
@@ -108,7 +108,7 @@ L_AES_XTS_init_aesni_tweak_aes_enc_block_last:
 .section	__DATA,__data
 #endif /* __APPLE__ */
 L_aes_xts_gc_xts:
-.long	0x87,0x1,0x1,0x1
+.long	0x00000087,0x00000001,0x00000001,0x00000001
 #ifndef __APPLE__
 .text
 .globl	AES_XTS_encrypt_aesni
@@ -1492,7 +1492,7 @@ L_AES_XTS_init_avx1_tweak_aes_enc_block_last:
 .section	__DATA,__data
 #endif /* __APPLE__ */
 L_avx1_aes_xts_gc_xts:
-.long	0x87,0x1,0x1,0x1
+.long	0x00000087,0x00000001,0x00000001,0x00000001
 #ifndef __APPLE__
 .text
 .globl	AES_XTS_encrypt_avx1
diff --git a/wolfcrypt/src/aes_xts_asm.asm b/wolfcrypt/src/aes_xts_asm.asm
index 2330ea871..05f68a533 100644
--- a/wolfcrypt/src/aes_xts_asm.asm
+++ b/wolfcrypt/src/aes_xts_asm.asm
@@ -1,6 +1,6 @@
 ; /* aes_xts_asm.asm */
 ; /*
-; * Copyright (C) 2006-2025 wolfSSL Inc.
+;  * Copyright (C) 2006-2025 wolfSSL Inc.
 ;  *
 ;  * This file is part of wolfSSL.
 ;  *
diff --git a/wolfcrypt/src/asn.c b/wolfcrypt/src/asn.c
index ec34c9535..ae5bab5b0 100644
--- a/wolfcrypt/src/asn.c
+++ b/wolfcrypt/src/asn.c
@@ -715,6 +715,11 @@ int SizeASN_Items(const ASNItem* asn, ASNSetData *data, int count, int* encSz)
     WOLFSSL_ENTER("SizeASN_Items");
 #endif
 
+    if (asn == NULL || data == NULL || count <= 0 || encSz == NULL) {
+        WOLFSSL_MSG("bad arguments in SizeASN_Items");
+        return BAD_FUNC_ARG;
+    }
+
     for (i = count - 1; i >= 0; i--) {
         /* Skip this ASN.1 item when encoding. */
         if (data[i].noOut) {
@@ -1278,6 +1283,13 @@ static int GetASN_StoreData(const ASNItem* asn, ASNGetData* data,
             #endif
                 return ASN_PARSE_E;
             }
+            if ((asn->tag != ASN_BOOLEAN) && (!zeroPadded) &&
+                (input[idx] >= 0x80U)) {
+            #ifdef WOLFSSL_DEBUG_ASN_TEMPLATE
+                WOLFSSL_MSG_VSNPRINTF("Unexpected negative INTEGER value");
+            #endif
+                return ASN_EXPECT_0_E;
+            }
             /* Fill number with all of data. */
             *data->data.u8 = input[idx];
             break;
@@ -1289,6 +1301,12 @@ static int GetASN_StoreData(const ASNItem* asn, ASNGetData* data,
             #endif
                 return ASN_PARSE_E;
             }
+            if (!zeroPadded && (input[idx] >= 0x80U)) {
+            #ifdef WOLFSSL_DEBUG_ASN_TEMPLATE
+                WOLFSSL_MSG_VSNPRINTF("Unexpected negative INTEGER value");
+            #endif
+                return ASN_EXPECT_0_E;
+            }
             /* Fill number with all of data. */
             *data->data.u16 = 0;
             for (i = 0; i < len; i++) {
@@ -1304,6 +1322,12 @@ static int GetASN_StoreData(const ASNItem* asn, ASNGetData* data,
             #endif
                 return ASN_PARSE_E;
             }
+            if (!zeroPadded && (input[idx] >= 0x80U)) {
+            #ifdef WOLFSSL_DEBUG_ASN_TEMPLATE
+                WOLFSSL_MSG_VSNPRINTF("Unexpected negative INTEGER value");
+            #endif
+                return ASN_EXPECT_0_E;
+            }
             /* Fill number with all of data. */
             *data->data.u32 = 0;
             for (i = 0; i < len; i++) {
@@ -2570,6 +2594,73 @@ int GetSequence_ex(const byte* input, word32* inOutIdx, int* len,
                         maxIdx, check);
 }
 
+/**
+ * Index a SEQUENCE OF object to get to a specific element.
+ *
+ * @param[in] seqOf Buffer holding DER/BER SEQUENCE OF object.
+ * @param[in] seqOfSz Size of the seqOf SEQUENCE OF object.
+ * @param[in] seqIndex Index of the SEQUENCE OF element being requested.
+ * @param[out] out Buffer in which to store pointer to the <seqIndex>th element
+ * of the SEQUENCE OF object.
+ * @param[out] outSz Buffer in which to store the length of the <seqIndex>th
+ * element of the SEQUENCE OF object.
+ *
+ * @return 0 on success.
+ * @return BUFFER_E when there is not enough data to parse.
+ * @return BAD_INDEX_E when the given seqIndex is out of range.
+ * @return ASN_PARSE_E when the seqOf is not in the expected format.
+ */
+int wc_IndexSequenceOf(const byte * seqOf, word32 seqOfSz, size_t seqIndex,
+        const byte ** out, word32 * outSz)
+{
+    int length;
+    word32 seqOfIdx = 0U;
+    byte tagFound;
+    size_t i;
+    word32 elementIdx = 0U;
+    int ret = 0;
+
+    /* Validate the SEQUENCE OF header. */
+    if (GetSequence(seqOf, &seqOfIdx, &length, seqOfSz) < 0) {
+        ret = ASN_PARSE_E;
+    }
+    else {
+        seqOfSz = seqOfIdx + (word32)length;
+
+        for (i = 0U; i <= seqIndex; i++) {
+            if (seqOfIdx >= seqOfSz) {
+                ret = BAD_INDEX_E;
+                break;
+            }
+
+            elementIdx = seqOfIdx;
+
+            /* Validate the element tag. */
+            if (GetASNTag(seqOf, &seqOfIdx, &tagFound, seqOfSz) != 0) {
+                ret = ASN_PARSE_E;
+                break;
+            }
+
+            /* Validate and get the element's encoded length. */
+            if (GetLength(seqOf, &seqOfIdx, &length, seqOfSz) < 0) {
+                ret = ASN_PARSE_E;
+                break;
+            }
+
+            seqOfIdx += (word32)length;
+        }
+    }
+
+    /* If the tag and length checks above passed then we've found the requested
+     * element and validated it fits within seqOfSz. */
+    if (ret == 0) {
+        *out = &seqOf[elementIdx];
+        *outSz = (seqOfIdx - elementIdx);
+    }
+
+    return ret;
+}
+
 /* Decode the header of a BER/DER encoded SET.
  *
  * @param [in]      input     Buffer holding DER/BER encoded data.
@@ -2768,7 +2859,7 @@ int GetASNInt(const byte* input, word32* inOutIdx, int* len,
 }
 
 #ifndef WOLFSSL_ASN_TEMPLATE
-#ifndef NO_CERTS
+#if !defined(NO_CERTS) && defined(WOLFSSL_CUSTOM_CURVES)
 /* Get the DER/BER encoding of an ASN.1 INTEGER that has a value of no more than
  * 7 bits.
  *
@@ -2800,7 +2891,7 @@ static int GetInteger7Bit(const byte* input, word32* inOutIdx, word32 maxIdx)
 }
 #endif /* !NO_CERTS */
 
-#if defined(WC_RSA_PSS) && !defined(NO_RSA)
+#if ((defined(WC_RSA_PSS) && !defined(NO_RSA)) || !defined(NO_CERTS))
 /* Get the DER/BER encoding of an ASN.1 INTEGER that has a value of no more than
  * 16 bits.
  *
@@ -3199,7 +3290,7 @@ int GetMyVersion(const byte* input, word32* inOutIdx,
 
 
 #if !defined(NO_PWDBASED) || defined(WOLFSSL_ASN_EXTRA)
-/* Decode small integer, 32 bits or less.
+/* Decode small positive integer, 32 bits or less.
  *
  * @param [in]      input     Buffer of BER data.
  * @param [in, out] inOutIdx  On in, start of encoded INTEGER.
@@ -3237,6 +3328,11 @@ int GetShortInt(const byte* input, word32* inOutIdx, int* number, word32 maxIdx)
     if (len + idx > maxIdx)
         return ASN_PARSE_E;
 
+    if (input[idx] >= 0x80U) {
+        /* This function only expects positive INTEGER values. */
+        return ASN_EXPECT_0_E;
+    }
+
     while (len--) {
         *number  = *number << 8 | input[idx++];
     }
@@ -8954,9 +9050,8 @@ int wc_CheckPrivateKeyCert(const byte* key, word32 keySz, DecodedCert* der,
 #ifdef WOLFSSL_DUAL_ALG_CERTS
     if (checkAlt && der->sapkiDer != NULL) {
         /* We have to decode the public key first */
-        word32 idx = 0;
-        /* Dilithium has the largest public key at the moment */
-        word32 pubKeyLen = DILITHIUM_MAX_PUB_KEY_SIZE;
+        /* Default to max pub key size. */
+        word32 pubKeyLen = MAX_PUBLIC_KEY_SZ;
         byte* decodedPubKey = (byte*)XMALLOC(pubKeyLen, heap,
                                              DYNAMIC_TYPE_PUBLIC_KEY);
         if (decodedPubKey == NULL) {
@@ -8969,9 +9064,14 @@ int wc_CheckPrivateKeyCert(const byte* key, word32 keySz, DecodedCert* der,
                 pubKeyLen = der->sapkiLen;
             }
             else {
+            #if defined(WC_ENABLE_ASYM_KEY_IMPORT)
+                word32 idx = 0;
                 ret = DecodeAsymKeyPublic(der->sapkiDer, &idx, der->sapkiLen,
                                           decodedPubKey, &pubKeyLen,
                                           der->sapkiOID);
+            #else
+                ret = NOT_COMPILED_IN;
+            #endif /* WC_ENABLE_ASYM_KEY_IMPORT */
             }
         }
         if (ret == 0) {
@@ -9959,7 +10059,7 @@ enum {
 int DecryptContent(byte* input, word32 sz, const char* password, int passwordSz)
 {
 #ifndef WOLFSSL_ASN_TEMPLATE
-    word32 inOutIdx = 0, seqEnd, oid, shaOid = 0;
+    word32 inOutIdx = 0, seqEnd, oid, shaOid = 0, seqPkcs5End = sz;
     int    ret = 0, first, second, length = 0, version, saltSz, id = 0;
     int    iterations = 0, keySz = 0;
 #ifdef WOLFSSL_SMALL_STACK
@@ -9991,6 +10091,7 @@ int DecryptContent(byte* input, word32 sz, const char* password, int passwordSz)
         if (GetSequence(input, &inOutIdx, &length, sz) < 0) {
             ERROR_OUT(ASN_PARSE_E, exit_dc);
         }
+        seqPkcs5End = inOutIdx + length;
 
         if (GetAlgoId(input, &inOutIdx, &oid, oidKdfType, sz) < 0) {
             ERROR_OUT(ASN_PARSE_E, exit_dc);
@@ -10008,7 +10109,7 @@ int DecryptContent(byte* input, word32 sz, const char* password, int passwordSz)
      * DEFAULT items. */
     seqEnd = inOutIdx + (word32)length;
 
-    ret = GetOctetString(input, &inOutIdx, &saltSz, sz);
+    ret = GetOctetString(input, &inOutIdx, &saltSz, seqEnd);
     if (ret < 0)
         goto exit_dc;
 
@@ -10026,7 +10127,7 @@ int DecryptContent(byte* input, word32 sz, const char* password, int passwordSz)
     XMEMCPY(salt, &input[inOutIdx], (size_t)saltSz);
     inOutIdx += (word32)saltSz;
 
-    if (GetShortInt(input, &inOutIdx, &iterations, sz) < 0) {
+    if (GetShortInt(input, &inOutIdx, &iterations, seqEnd) < 0) {
         ERROR_OUT(ASN_PARSE_E, exit_dc);
     }
 
@@ -10034,19 +10135,19 @@ int DecryptContent(byte* input, word32 sz, const char* password, int passwordSz)
     if (seqEnd > inOutIdx) {
         word32 localIdx = inOutIdx;
 
-        if (GetASNTag(input, &localIdx, &tag, sz) < 0) {
+        if (GetASNTag(input, &localIdx, &tag, seqEnd) < 0) {
             ERROR_OUT(ASN_PARSE_E, exit_dc);
         }
 
         if (tag == ASN_INTEGER &&
-                GetShortInt(input, &inOutIdx, &keySz, sz) < 0) {
+                GetShortInt(input, &inOutIdx, &keySz, seqEnd) < 0) {
             ERROR_OUT(ASN_PARSE_E, exit_dc);
         }
     }
 
     /* DEFAULT HMAC is SHA-1 */
     if (seqEnd > inOutIdx) {
-        if (GetAlgoId(input, &inOutIdx, &oid, oidHmacType, sz) < 0) {
+        if (GetAlgoId(input, &inOutIdx, &oid, oidHmacType, seqEnd) < 0) {
             ERROR_OUT(ASN_PARSE_E, exit_dc);
         }
 
@@ -10062,7 +10163,7 @@ int DecryptContent(byte* input, word32 sz, const char* password, int passwordSz)
 
     if (version == PKCS5v2) {
         /* get encryption algo */
-        if (GetAlgoId(input, &inOutIdx, &oid, oidBlkType, sz) < 0) {
+        if (GetAlgoId(input, &inOutIdx, &oid, oidBlkType, seqPkcs5End) < 0) {
             ERROR_OUT(ASN_PARSE_E, exit_dc);
         }
 
@@ -10073,7 +10174,7 @@ int DecryptContent(byte* input, word32 sz, const char* password, int passwordSz)
         if (shaOid == 0)
             shaOid = oid;
 
-        ret = GetOctetString(input, &inOutIdx, &length, sz);
+        ret = GetOctetString(input, &inOutIdx, &length, seqPkcs5End);
         if (ret < 0)
             goto exit_dc;
 
@@ -10144,9 +10245,10 @@ exit_dc:
         idx = dataASN[PKCS8DECASN_IDX_ENCALGO_OID].data.oid.length;
         /* Second last byte: 1 (PKCS #12 PBE Id) or 5 (PKCS #5)
          * Last byte: Alg or PBES2 */
-        ret = CheckAlgo(dataASN[PKCS8DECASN_IDX_ENCALGO_OID].data.oid.data[idx - 2],
-                  dataASN[PKCS8DECASN_IDX_ENCALGO_OID].data.oid.data[idx - 1],
-                  &id, &version, NULL);
+        ret = CheckAlgo(
+            dataASN[PKCS8DECASN_IDX_ENCALGO_OID].data.oid.data[idx - 2],
+            dataASN[PKCS8DECASN_IDX_ENCALGO_OID].data.oid.data[idx - 1], &id,
+            &version, NULL);
     }
     if (ret == 0) {
         /* Get the parameters data. */
@@ -10170,7 +10272,8 @@ exit_dc:
                                0, params, &pIdx, sz);
             if (ret == 0) {
                 /* Get the salt data. */
-                GetASN_GetRef(&dataASN[PBES1PARAMSASN_IDX_SALT], &salt, &saltSz);
+                GetASN_GetRef(&dataASN[PBES1PARAMSASN_IDX_SALT], &salt,
+                    &saltSz);
             }
         }
         else {
@@ -10179,17 +10282,22 @@ exit_dc:
             /* Initialize for PBES2 parameters. Put iterations in var; match
              * KDF, HMAC and cipher, and copy CBC into buffer. */
             XMEMSET(dataASN, 0, sizeof(*dataASN) * pbes2ParamsASN_Length);
-            GetASN_ExpBuffer(&dataASN[PBES2PARAMSASN_IDX_KDF_OID], pbkdf2Oid, sizeof(pbkdf2Oid));
-            GetASN_Int32Bit(&dataASN[PBES2PARAMSASN_IDX_PBKDF2_PARAMS_ITER], &iterations);
-            GetASN_OID(&dataASN[PBES2PARAMSASN_IDX_PBKDF2_PARAMS_PRF_OID], oidHmacType);
+            GetASN_ExpBuffer(&dataASN[PBES2PARAMSASN_IDX_KDF_OID], pbkdf2Oid,
+                sizeof(pbkdf2Oid));
+            GetASN_Int32Bit(&dataASN[PBES2PARAMSASN_IDX_PBKDF2_PARAMS_ITER],
+                &iterations);
+            GetASN_OID(&dataASN[PBES2PARAMSASN_IDX_PBKDF2_PARAMS_PRF_OID],
+                oidHmacType);
             GetASN_OID(&dataASN[PBES2PARAMSASN_IDX_ENCS_OID], oidBlkType);
-            GetASN_Buffer(&dataASN[PBES2PARAMSASN_IDX_ENCS_PARAMS], cbcIv, &ivSz);
+            GetASN_Buffer(&dataASN[PBES2PARAMSASN_IDX_ENCS_PARAMS], cbcIv,
+                &ivSz);
             /* Parse the PBES2 parameters  */
             ret = GetASN_Items(pbes2ParamsASN, dataASN, pbes2ParamsASN_Length,
                                0, params, &pIdx, sz);
             if (ret == 0) {
                 /* Get the salt data. */
-                GetASN_GetRef(&dataASN[PBES2PARAMSASN_IDX_PBKDF2_PARAMS_SALT], &salt, &saltSz);
+                GetASN_GetRef(&dataASN[PBES2PARAMSASN_IDX_PBKDF2_PARAMS_SALT],
+                    &salt, &saltSz);
                 /* Get the digest and encryption algorithm id. */
                 shaOid = dataASN[PBES2PARAMSASN_IDX_PBKDF2_PARAMS_PRF_OID].data.oid.sum; /* Default HMAC-SHA1 */
                 id     = (int)dataASN[PBES2PARAMSASN_IDX_ENCS_OID].data.oid.sum;
@@ -14267,7 +14375,7 @@ int CalcHashId_ex(const byte* data, word32 len, byte* hash, int hashAlg)
  * @return  0 on success.
  * @return  MEMORY_E when dynamic memory allocation fails.
  */
-static int GetHashId(const byte* id, int length, byte* hash, int hashAlg)
+int GetHashId(const byte* id, int length, byte* hash, int hashAlg)
 {
     int ret;
 
@@ -16442,7 +16550,7 @@ static int ValidateGmtime(struct tm* inTime)
 #if !defined(NO_ASN_TIME) && !defined(USER_TIME) && \
     !defined(TIME_OVERRIDES) && (defined(OPENSSL_EXTRA) || defined(HAVE_PKCS7))
 /* Set current time string, either UTC or GeneralizedTime.
- * (void*) tm should be a pointer to time_t, output is placed in buf.
+ * (void*) currTime should be a pointer to time_t, output is placed in buf.
  *
  * Return time string length placed in buf on success, negative on error */
 int GetAsnTimeString(void* currTime, byte* buf, word32 len)
@@ -20580,13 +20688,15 @@ enum {
 #define basicConsASN_Length (sizeof(basicConsASN) / sizeof(ASNItem))
 #endif
 
-/* Decode basic constraints extension in a certificate.
+/* Decode basic constraints extension
  *
  * X.509: RFC 5280, 4.2.1.9 - BasicConstraints.
  *
- * @param [in]      input  Buffer holding data.
- * @param [in]      sz     Size of data in buffer.
- * @param [in, out] cert   Certificate object.
+ * @param [in]      input          Buffer holding data.
+ * @param [in]      sz             Size of data in buffer.
+ * @param [out]     isCa           Whether it is a CA.
+ * @param [out]     pathLength     CA path length.
+ * @param [out]     pathLengthSet  Whether pathLength is valid on return.
  * @return  0 on success.
  * @return  MEMORY_E on dynamic memory allocation failure.
  * @return  ASN_PARSE_E when CA boolean is present and false (default is false).
@@ -20599,7 +20709,8 @@ enum {
  * @return  ASN_EXPECT_0_E when the INTEGER has the MSB set or NULL has a
  *          non-zero length.
  */
-static int DecodeBasicCaConstraint(const byte* input, int sz, DecodedCert* cert)
+int DecodeBasicCaConstraint(const byte* input, int sz, byte *isCa,
+                            word16 *pathLength, byte *pathLengthSet)
 {
 #ifndef WOLFSSL_ASN_TEMPLATE
     word32 idx = 0;
@@ -20629,34 +20740,39 @@ static int DecodeBasicCaConstraint(const byte* input, int sz, DecodedCert* cert)
         ret = 0;
     }
 
-    cert->isCA = ret ? 1 : 0;
+    *isCa = ret ? 1 : 0;
 
     /* If there isn't any more data, return. */
     if (idx >= (word32)sz) {
         return 0;
     }
 
-    ret = GetInteger7Bit(input, &idx, (word32)sz);
+    ret = GetInteger16Bit(input, &idx, (word32)sz);
     if (ret < 0)
         return ret;
-    cert->pathLength = (byte)ret;
-    cert->pathLengthSet = 1;
+    else if (ret > WOLFSSL_MAX_PATH_LEN) {
+        WOLFSSL_ERROR_VERBOSE(ASN_PATHLEN_SIZE_E);
+        return ASN_PATHLEN_SIZE_E;
+    }
+
+    *pathLength = (word16)ret;
+    *pathLengthSet = 1;
 
     return 0;
 #else
     DECL_ASNGETDATA(dataASN, basicConsASN_Length);
     int ret = 0;
     word32 idx = 0;
-    byte isCA = 0;
+    byte innerIsCA = 0;
 
     WOLFSSL_ENTER("DecodeBasicCaConstraint");
 
-    CALLOC_ASNGETDATA(dataASN, basicConsASN_Length, ret, cert->heap);
+    CALLOC_ASNGETDATA(dataASN, basicConsASN_Length, ret, NULL);
 
     if (ret == 0) {
         /* Get the CA boolean and path length when present. */
-        GetASN_Boolean(&dataASN[BASICCONSASN_IDX_CA], &isCA);
-        GetASN_Int8Bit(&dataASN[BASICCONSASN_IDX_PLEN], &cert->pathLength);
+        GetASN_Boolean(&dataASN[BASICCONSASN_IDX_CA], &innerIsCA);
+        GetASN_Int16Bit(&dataASN[BASICCONSASN_IDX_PLEN], pathLength);
 
         ret = GetASN_Items(basicConsASN, dataASN, basicConsASN_Length, 1, input,
                            &idx, (word32)sz);
@@ -20668,31 +20784,72 @@ static int DecodeBasicCaConstraint(const byte* input, int sz, DecodedCert* cert)
          * (default when not present). */
 #if !defined(ASN_TEMPLATE_SKIP_ISCA_CHECK) && \
     !defined(WOLFSSL_ALLOW_ENCODING_CA_FALSE)
-        if ((dataASN[BASICCONSASN_IDX_CA].length != 0) && (!isCA)) {
+        if ((dataASN[BASICCONSASN_IDX_CA].length != 0) && (!innerIsCA)) {
             WOLFSSL_ERROR_VERBOSE(ASN_PARSE_E);
             ret = ASN_PARSE_E;
         }
 #endif
         /* Path length must be a 7-bit value. */
-        if ((ret == 0) && (cert->pathLength >= (1 << 7))) {
+        if ((ret == 0) && (*pathLength >= (1 << 7))) {
             WOLFSSL_ERROR_VERBOSE(ASN_PARSE_E);
             ret = ASN_PARSE_E;
         }
-        if ((ret == 0) && cert->pathLength > WOLFSSL_MAX_PATH_LEN) {
+        if ((ret == 0) && *pathLength > WOLFSSL_MAX_PATH_LEN) {
             WOLFSSL_ERROR_VERBOSE(ASN_PATHLEN_SIZE_E);
             ret = ASN_PATHLEN_SIZE_E;
         }
         /* Store CA boolean and whether a path length was seen. */
         if (ret == 0) {
             /* isCA in certificate is a 1 bit of a byte. */
-            cert->isCA = isCA ? 1 : 0;
-            cert->pathLengthSet = (dataASN[BASICCONSASN_IDX_PLEN].length > 0);
+            *isCa = innerIsCA ? 1 : 0;
+            *pathLengthSet = (dataASN[BASICCONSASN_IDX_PLEN].length > 0);
         }
     }
 
-    FREE_ASNGETDATA(dataASN, cert->heap);
+    FREE_ASNGETDATA(dataASN, NULL);
     return ret;
 #endif
+
+}
+
+/* Decode basic constraints extension in a certificate.
+ *
+ * X.509: RFC 5280, 4.2.1.9 - BasicConstraints.
+ *
+ * @param [in]      input  Buffer holding data.
+ * @param [in]      sz     Size of data in buffer.
+ * @param [in, out] cert   Certificate object.
+ * @return  0 on success.
+ * @return  MEMORY_E on dynamic memory allocation failure.
+ * @return  ASN_PARSE_E when CA boolean is present and false (default is false).
+ * @return  ASN_PARSE_E when CA boolean is not present unless
+ *          WOLFSSL_X509_BASICCONS_INT is defined. Only a CA extension.
+ * @return  ASN_PARSE_E when path length more than 7 bits.
+ * @return  ASN_PARSE_E when BER encoded data does not match ASN.1 items or
+ *          is invalid.
+ * @return  BUFFER_E when data in buffer is too small.
+ * @return  ASN_EXPECT_0_E when the INTEGER has the MSB set or NULL has a
+ *          non-zero length.
+ */
+static int DecodeBasicCaConstraintInternal(const byte* input, int sz,
+                                           DecodedCert* cert)
+{
+    int ret;
+    byte isCa = 0;
+    word16 pathLength = 0;
+    byte pathLengthSet = 0;
+    ret = DecodeBasicCaConstraint(input, sz, &isCa, &pathLength,
+                                  &pathLengthSet);
+    if (ret != 0)
+        return ret;
+
+    cert->isCA = isCa ? 1 : 0;
+    cert->pathLengthSet = pathLengthSet ? 1 : 0;
+    if (pathLengthSet) {
+        cert->pathLength = pathLength;
+    }
+
+    return 0;
 }
 
 
@@ -21126,20 +21283,34 @@ enum {
 #define authKeyIdASN_Length (sizeof(authKeyIdASN) / sizeof(ASNItem))
 #endif
 
-/* Decode authority key identifier extension in a certificate.
+/* Decode authority key identifier extension.
  *
  * X.509: RFC 5280, 4.2.1.1 - Authority Key Identifier.
  *
- * @param [in]      input  Buffer holding data.
- * @param [in]      sz     Size of data in buffer.
- * @param [in, out] cert   Certificate object.
+ * @param [in]   input                   Buffer holding data.
+ * @param [in]   sz                      Size of data in buffer.
+ * @param [out]  extAuthKeyId            Beginning of the ID. NULL if not
+ *                                       present.
+ * @param [out]  extAuthKeyIdSz          Size of data in extAuthKeyId. 0 if not
+ *                                       present.
+ * @param [out]  extAuthKeyIdIssuer      Beginning of the Issuer. NULL if not
+ *                                       present.
+ * @param [out]  extAuthKeyIdIssuerSz    Size of data in extAuthKeyIdIssuer. 0
+ *                                       if not present.
+ * @param [out]  extAuthKeyIdIssuerSN    Beginning of the Issuer Serial. NULL
+ *                                       if not present.
+ * @param [out]  extAuthKeyIdIssuerSNSz  Size of data in extAuthKeyIdIssuerSN.
+ *                                       0 if not present.
  * @return  0 on success.
  * @return  MEMORY_E on dynamic memory allocation failure.
  * @return  ASN_PARSE_E when BER encoded data does not match ASN.1 items or
  *          is invalid.
  * @return  BUFFER_E when data in buffer is too small.
  */
-static int DecodeAuthKeyId(const byte* input, word32 sz, DecodedCert* cert)
+int DecodeAuthKeyId(const byte* input, word32 sz, const byte **extAuthKeyId,
+        word32 *extAuthKeyIdSz, const byte **extAuthKeyIdIssuer,
+        word32 *extAuthKeyIdIssuerSz, const byte **extAuthKeyIdIssuerSN,
+        word32 *extAuthKeyIdIssuerSNSz)
 {
 #ifndef WOLFSSL_ASN_TEMPLATE
     word32 idx = 0;
@@ -21148,6 +21319,21 @@ static int DecodeAuthKeyId(const byte* input, word32 sz, DecodedCert* cert)
 
     WOLFSSL_ENTER("DecodeAuthKeyId");
 
+    if (extAuthKeyId)
+        *extAuthKeyId = NULL;
+    if (extAuthKeyIdSz)
+        *extAuthKeyIdSz = 0;
+
+    if (extAuthKeyIdIssuer)
+        *extAuthKeyIdIssuer = NULL;
+    if (extAuthKeyIdIssuerSz)
+        *extAuthKeyIdIssuerSz = 0;
+
+    if (extAuthKeyIdIssuerSN)
+        *extAuthKeyIdIssuerSN = NULL;
+    if (extAuthKeyIdIssuerSNSz)
+        *extAuthKeyIdIssuerSNSz = 0;
+
     if (GetSequence(input, &idx, &length, sz) < 0) {
         WOLFSSL_MSG("\tfail: should be a SEQUENCE");
         return ASN_PARSE_E;
@@ -21159,7 +21345,6 @@ static int DecodeAuthKeyId(const byte* input, word32 sz, DecodedCert* cert)
 
     if (tag != (ASN_CONTEXT_SPECIFIC | 0)) {
         WOLFSSL_MSG("\tinfo: OPTIONAL item 0, not available");
-        cert->extAuthKeyIdSet = 0;
         return 0;
     }
 
@@ -21168,25 +21353,34 @@ static int DecodeAuthKeyId(const byte* input, word32 sz, DecodedCert* cert)
         return ASN_PARSE_E;
     }
 
-    cert->extAuthKeyIdSz = length;
+    if (extAuthKeyIdSz)
+        *extAuthKeyIdSz = length;
+    if (extAuthKeyId)
+        *extAuthKeyId = &input[idx];
+    return 0;
 
-#if defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL)
-#ifdef WOLFSSL_AKID_NAME
-    cert->extRawAuthKeyIdSrc = input;
-    cert->extRawAuthKeyIdSz = sz;
-#endif
-    cert->extAuthKeyIdSrc = &input[idx];
-#endif /* OPENSSL_EXTRA */
-
-    return GetHashId(input + idx, length, cert->extAuthKeyId,
-        HashIdAlg(cert->signatureOID));
 #else
     DECL_ASNGETDATA(dataASN, authKeyIdASN_Length);
     int ret = 0;
 
     WOLFSSL_ENTER("DecodeAuthKeyId");
 
-    CALLOC_ASNGETDATA(dataASN, authKeyIdASN_Length, ret, cert->heap);
+    if (extAuthKeyId)
+        *extAuthKeyId = NULL;
+    if (extAuthKeyIdSz)
+        *extAuthKeyIdSz = 0;
+
+    if (extAuthKeyIdIssuer)
+        *extAuthKeyIdIssuer = NULL;
+    if (extAuthKeyIdIssuerSz)
+        *extAuthKeyIdIssuerSz = 0;
+
+    if (extAuthKeyIdIssuerSN)
+        *extAuthKeyIdIssuerSN = NULL;
+    if (extAuthKeyIdIssuerSNSz)
+        *extAuthKeyIdIssuerSNSz = 0;
+
+    CALLOC_ASNGETDATA(dataASN, authKeyIdASN_Length, ret, NULL);
 
     if (ret == 0) {
         /* Parse an authority key identifier. */
@@ -21195,15 +21389,10 @@ static int DecodeAuthKeyId(const byte* input, word32 sz, DecodedCert* cert)
                            &idx, sz);
     }
     /* Each field is optional */
-    if (ret == 0 && dataASN[AUTHKEYIDASN_IDX_KEYID].data.ref.data != NULL) {
-#ifdef OPENSSL_EXTRA
+    if (ret == 0 && extAuthKeyId && extAuthKeyIdSz &&
+            dataASN[AUTHKEYIDASN_IDX_KEYID].data.ref.data != NULL) {
         GetASN_GetConstRef(&dataASN[AUTHKEYIDASN_IDX_KEYID],
-                &cert->extAuthKeyIdSrc, &cert->extAuthKeyIdSz);
-#endif /* OPENSSL_EXTRA */
-        /* Get the hash or hash of the hash if wrong size. */
-        ret = GetHashId(dataASN[AUTHKEYIDASN_IDX_KEYID].data.ref.data,
-                    (int)dataASN[AUTHKEYIDASN_IDX_KEYID].data.ref.length,
-                    cert->extAuthKeyId, HashIdAlg(cert->signatureOID));
+                extAuthKeyId, extAuthKeyIdSz);
     }
 #ifdef WOLFSSL_AKID_NAME
     if (ret == 0 && dataASN[AUTHKEYIDASN_IDX_ISSUER].data.ref.data != NULL) {
@@ -21219,23 +21408,103 @@ static int DecodeAuthKeyId(const byte* input, word32 sz, DecodedCert* cert)
                 dataASN[AUTHKEYIDASN_IDX_ISSUER].data.ref.data, &idx,
                 dataASN[AUTHKEYIDASN_IDX_ISSUER].data.ref.length);
 
-        if (ret == 0) {
+        if (ret == 0 && extAuthKeyIdIssuer && extAuthKeyIdIssuerSz) {
             GetASN_GetConstRef(&nameASN[ALTNAMEASN_IDX_GN],
-                    &cert->extAuthKeyIdIssuer, &cert->extAuthKeyIdIssuerSz);
+                    extAuthKeyIdIssuer, extAuthKeyIdIssuerSz);
         }
     }
-    if (ret == 0 && dataASN[AUTHKEYIDASN_IDX_SERIAL].data.ref.data != NULL) {
+    if (ret == 0 && extAuthKeyIdIssuerSN && extAuthKeyIdIssuerSNSz &&
+            dataASN[AUTHKEYIDASN_IDX_SERIAL].data.ref.data != NULL) {
         GetASN_GetConstRef(&dataASN[AUTHKEYIDASN_IDX_SERIAL],
-                &cert->extAuthKeyIdIssuerSN, &cert->extAuthKeyIdIssuerSNSz);
+                extAuthKeyIdIssuerSN, extAuthKeyIdIssuerSNSz);
     }
-    if (ret == 0) {
-        if ((cert->extAuthKeyIdIssuerSz > 0) ^
-                (cert->extAuthKeyIdIssuerSNSz > 0)) {
+    if (ret == 0 && extAuthKeyIdIssuerSz && extAuthKeyIdIssuerSNSz) {
+        if ((*extAuthKeyIdIssuerSz > 0) ^
+                (*extAuthKeyIdIssuerSNSz > 0)) {
             WOLFSSL_MSG("authorityCertIssuer and authorityCertSerialNumber MUST"
                        " both be present or both be absent");
         }
     }
 #endif /* WOLFSSL_AKID_NAME */
+
+    FREE_ASNGETDATA(dataASN, NULL);
+    return ret;
+#endif /* WOLFSSL_ASN_TEMPLATE */
+}
+
+/* Decode authority key identifier extension in a certificate.
+ *
+ * X.509: RFC 5280, 4.2.1.1 - Authority Key Identifier.
+ *
+ * @param [in]      input  Buffer holding data.
+ * @param [in]      sz     Size of data in buffer.
+ * @param [in, out] cert   Certificate object.
+ * @return  0 on success.
+ * @return  MEMORY_E on dynamic memory allocation failure.
+ * @return  ASN_PARSE_E when BER encoded data does not match ASN.1 items or
+ *          is invalid.
+ * @return  BUFFER_E when data in buffer is too small.
+ */
+static int DecodeAuthKeyIdInternal(const byte* input, word32 sz,
+                                   DecodedCert* cert)
+{
+    int ret;
+    const byte *extAuthKeyId = NULL;
+    word32 extAuthKeyIdSz = 0;
+    const byte *extAuthKeyIdIssuer = NULL;
+    word32 extAuthKeyIdIssuerSz = 0;
+    const byte *extAuthKeyIdIssuerSN = NULL;
+    word32 extAuthKeyIdIssuerSNSz = 0;
+
+    ret = DecodeAuthKeyId(input, sz, &extAuthKeyId, &extAuthKeyIdSz,
+            &extAuthKeyIdIssuer, &extAuthKeyIdIssuerSz, &extAuthKeyIdIssuerSN,
+            &extAuthKeyIdIssuerSNSz);
+
+    if (ret != 0)
+        return ret;
+
+#ifndef WOLFSSL_ASN_TEMPLATE
+
+    if (extAuthKeyIdSz == 0)
+    {
+        cert->extAuthKeyIdSet = 0;
+        return 0;
+    }
+
+    cert->extAuthKeyIdSz = extAuthKeyIdSz;
+
+#if defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL)
+#ifdef WOLFSSL_AKID_NAME
+    cert->extRawAuthKeyIdSrc = input;
+    cert->extRawAuthKeyIdSz = sz;
+#endif
+    cert->extAuthKeyIdSrc = extAuthKeyId;
+#endif /* OPENSSL_EXTRA */
+
+    return GetHashId(extAuthKeyId, extAuthKeyIdSz, cert->extAuthKeyId,
+        HashIdAlg(cert->signatureOID));
+#else
+
+    /* Each field is optional */
+    if (extAuthKeyIdSz > 0) {
+#ifdef OPENSSL_EXTRA
+        cert->extAuthKeyIdSrc = extAuthKeyId;
+        cert->extAuthKeyIdSz = extAuthKeyIdSz;
+#endif /* OPENSSL_EXTRA */
+        /* Get the hash or hash of the hash if wrong size. */
+        ret = GetHashId(extAuthKeyId, (int)extAuthKeyIdSz, cert->extAuthKeyId,
+                        HashIdAlg(cert->signatureOID));
+    }
+#ifdef WOLFSSL_AKID_NAME
+    if (ret == 0 && extAuthKeyIdIssuerSz > 0) {
+        cert->extAuthKeyIdIssuer = extAuthKeyIdIssuer;
+        cert->extAuthKeyIdIssuerSz = extAuthKeyIdIssuerSz;
+    }
+    if (ret == 0 && extAuthKeyIdIssuerSNSz > 0) {
+        cert->extAuthKeyIdIssuerSN = extAuthKeyIdIssuerSN;
+        cert->extAuthKeyIdIssuerSNSz = extAuthKeyIdIssuerSNSz;
+    }
+#endif /* WOLFSSL_AKID_NAME */
     if (ret == 0) {
 #if defined(OPENSSL_EXTRA) && defined(WOLFSSL_AKID_NAME)
         /* Store the raw authority key id. */
@@ -21244,11 +21513,41 @@ static int DecodeAuthKeyId(const byte* input, word32 sz, DecodedCert* cert)
 #endif /* OPENSSL_EXTRA */
     }
 
-    FREE_ASNGETDATA(dataASN, cert->heap);
     return ret;
 #endif /* WOLFSSL_ASN_TEMPLATE */
 }
 
+/* Decode subject key id extension.
+ *
+ * X.509: RFC 5280, 4.2.1.2 - Subject Key Identifier.
+ *
+ * @param [in]   input          Buffer holding data.
+ * @param [in]   sz             Size of data in buffer.
+ * @param [out]  extSubjKeyId   Beginning of the ID.
+ * @param [out]  extSubjKeyIdSz Size of data in extSubjKeyId.
+ * @return  0 on success.
+ * @return  ASN_PARSE_E when the OCTET_STRING tag is not found or length is
+ *          invalid.
+ * @return  MEMORY_E on dynamic memory allocation failure.
+ */
+int DecodeSubjKeyId(const byte* input, word32 sz, const byte **extSubjKeyId,
+                    word32 *extSubjKeyIdSz)
+{
+    word32 idx = 0;
+    int length = 0;
+    int ret = 0;
+
+    WOLFSSL_ENTER("DecodeSubjKeyId");
+
+    ret = GetOctetString(input, &idx, &length, sz);
+    if (ret < 0)
+        return ret;
+
+    *extSubjKeyIdSz = (word32)length;
+    *extSubjKeyId = &input[idx];
+    return 0;
+}
+
 /* Decode subject key id extension in a certificate.
  *
  * X.509: RFC 5280, 4.2.1.2 - Subject Key Identifier.
@@ -21261,25 +21560,26 @@ static int DecodeAuthKeyId(const byte* input, word32 sz, DecodedCert* cert)
  *          invalid.
  * @return  MEMORY_E on dynamic memory allocation failure.
  */
-static int DecodeSubjKeyId(const byte* input, word32 sz, DecodedCert* cert)
+static int DecodeSubjKeyIdInternal(const byte* input, word32 sz,
+                                   DecodedCert* cert)
 {
-    word32 idx = 0;
-    int length = 0;
     int ret = 0;
+    const byte *extSubjKeyId = NULL;
+    word32 extSubjKeyIdSz = 0;
 
-    WOLFSSL_ENTER("DecodeSubjKeyId");
+    ret = DecodeSubjKeyId(input, sz, &extSubjKeyId, &extSubjKeyIdSz);
+    if (ret != 0)
+        return ret;
 
-    ret = GetOctetString(input, &idx, &length, sz);
-    if (ret > 0) {
-        cert->extSubjKeyIdSz = (word32)length;
-    #if defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL)
-        cert->extSubjKeyIdSrc = &input[idx];
-    #endif /* OPENSSL_EXTRA */
+    cert->extSubjKeyIdSz = extSubjKeyIdSz;
 
-        /* Get the hash or hash of the hash if wrong size. */
-        ret = GetHashId(input + idx, length, cert->extSubjKeyId,
-            HashIdAlg(cert->signatureOID));
-    }
+#if defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL)
+    cert->extSubjKeyIdSrc = extSubjKeyId;
+#endif /* OPENSSL_EXTRA */
+
+    /* Get the hash or hash of the hash if wrong size. */
+    ret = GetHashId(extSubjKeyId, (int)extSubjKeyIdSz, cert->extSubjKeyId,
+        HashIdAlg(cert->signatureOID));
 
     return ret;
 }
@@ -21303,16 +21603,16 @@ enum {
  *
  * X.509: RFC 5280, 4.2.1.3 - Key Usage.
  *
- * @param [in]      input  Buffer holding data.
- * @param [in]      sz     Size of data in buffer.
- * @param [in, out] cert   Certificate object.
+ * @param [in]      input        Buffer holding data.
+ * @param [in]      sz           Size of data in buffer.
+ * @param [out]     extKeyUsage  Key usage bitfield.
  * @return  0 on success.
  * @return  ASN_BITSTR_E when the expected BIT_STRING tag is not found.
  * @return  ASN_PARSE_E when BER encoded data does not match ASN.1 items or
  *          is invalid.
  * @return  MEMORY_E on dynamic memory allocation failure.
  */
-static int DecodeKeyUsage(const byte* input, word32 sz, DecodedCert* cert)
+int DecodeKeyUsage(const byte* input, word32 sz, word16 *extKeyUsage)
 {
 #ifndef WOLFSSL_ASN_TEMPLATE
     word32 idx = 0;
@@ -21327,9 +21627,9 @@ static int DecodeKeyUsage(const byte* input, word32 sz, DecodedCert* cert)
     if (length == 0 || length > 2)
         return ASN_PARSE_E;
 
-    cert->extKeyUsage = (word16)(input[idx]);
+    *extKeyUsage = (word16)(input[idx]);
     if (length == 2)
-        cert->extKeyUsage |= (word16)(input[idx+1] << 8);
+        *extKeyUsage |= (word16)(input[idx+1] << 8);
 
     return 0;
 #else
@@ -21349,14 +21649,33 @@ static int DecodeKeyUsage(const byte* input, word32 sz, DecodedCert* cert)
                         &idx, sz);
     if (ret == 0) {
         /* Decode the bit string number as LE */
-        cert->extKeyUsage = (word16)(keyUsage[0]);
+        *extKeyUsage = (word16)(keyUsage[0]);
         if (keyUsageSz == 2)
-            cert->extKeyUsage |= (word16)(keyUsage[1] << 8);
+            *extKeyUsage |= (word16)(keyUsage[1] << 8);
     }
     return ret;
 #endif /* WOLFSSL_ASN_TEMPLATE */
 }
 
+/* Decode key usage extension in a certificate.
+ *
+ * X.509: RFC 5280, 4.2.1.3 - Key Usage.
+ *
+ * @param [in]      input  Buffer holding data.
+ * @param [in]      sz     Size of data in buffer.
+ * @param [in, out] cert   Certificate object.
+ * @return  0 on success.
+ * @return  ASN_BITSTR_E when the expected BIT_STRING tag is not found.
+ * @return  ASN_PARSE_E when BER encoded data does not match ASN.1 items or
+ *          is invalid.
+ * @return  MEMORY_E on dynamic memory allocation failure.
+ */
+static int DecodeKeyUsageInternal(const byte* input, word32 sz,
+                                  DecodedCert* cert)
+{
+    return DecodeKeyUsage(input, sz, &cert->extKeyUsage);
+}
+
 #ifdef WOLFSSL_ASN_TEMPLATE
 /* ASN.1 template for KeyPurposeId.
  * X.509: RFC 5280, 4.2.1.12 - Extended Key Usage.
@@ -21372,20 +21691,27 @@ enum {
 #define keyPurposeIdASN_Length (sizeof(keyPurposeIdASN) / sizeof(ASNItem))
 #endif
 
-/* Decode extended key usage extension in a certificate.
+/* Decode extended key usage extension.
  *
  * X.509: RFC 5280, 4.2.1.12 - Extended Key Usage.
  *
- * @param [in]      input  Buffer holding data.
- * @param [in]      sz     Size of data in buffer.
- * @param [in, out] cert   Certificate object.
+ * @param [in]  input  Buffer holding data.
+ * @param [in]  sz     Size of data in buffer.
+ * @param [out] extExtKeyUsageSrc   Beginning of the OIDs.
+ * @param [out] extExtKeyUsageSz    Size of data in extExtKeyUsageSrc.
+ * @param [out] extExtKeyUsageCount Number of usages read.
+ * @param [out] extExtKeyUsage      Usages read.
+ * @param [out] extExtKeyUsageSsh   SSH usages read.
  * @return  0 on success.
  * @return  ASN_BITSTR_E when the expected BIT_STRING tag is not found.
  * @return  ASN_PARSE_E when BER encoded data does not match ASN.1 items or
  *          is invalid.
  * @return  MEMORY_E on dynamic memory allocation failure.
  */
-static int DecodeExtKeyUsage(const byte* input, word32 sz, DecodedCert* cert)
+int DecodeExtKeyUsage(const byte* input, word32 sz,
+        const byte **extExtKeyUsageSrc, word32 *extExtKeyUsageSz,
+        word32 *extExtKeyUsageCount, byte *extExtKeyUsage,
+        byte *extExtKeyUsageSsh)
 {
 #ifndef WOLFSSL_ASN_TEMPLATE
     word32 idx = 0, oid;
@@ -21393,14 +21719,29 @@ static int DecodeExtKeyUsage(const byte* input, word32 sz, DecodedCert* cert)
 
     WOLFSSL_ENTER("DecodeExtKeyUsage");
 
+    (void) extExtKeyUsageSrc;
+    (void) extExtKeyUsageSz;
+    (void) extExtKeyUsageCount;
+    (void) extExtKeyUsageSsh;
+
+#if defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL)
+    *extExtKeyUsageSrc = NULL;
+    *extExtKeyUsageSz = 0;
+    *extExtKeyUsageCount = 0;
+#endif
+    *extExtKeyUsage = 0;
+#ifdef WOLFSSL_WOLFSSH
+    *extExtKeyUsageSsh = 0;
+#endif
+
     if (GetSequence(input, &idx, &length, sz) < 0) {
         WOLFSSL_MSG("\tfail: should be a SEQUENCE");
         return ASN_PARSE_E;
     }
 
 #if defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL)
-    cert->extExtKeyUsageSrc = input + idx;
-    cert->extExtKeyUsageSz = length;
+    *extExtKeyUsageSrc = input + idx;
+    *extExtKeyUsageSz = length;
 #endif
 
     while (idx < (word32)sz) {
@@ -21412,35 +21753,35 @@ static int DecodeExtKeyUsage(const byte* input, word32 sz, DecodedCert* cert)
 
         switch (oid) {
             case EKU_ANY_OID:
-                cert->extExtKeyUsage |= EXTKEYUSE_ANY;
+                *extExtKeyUsage |= EXTKEYUSE_ANY;
                 break;
             case EKU_SERVER_AUTH_OID:
-                cert->extExtKeyUsage |= EXTKEYUSE_SERVER_AUTH;
+                *extExtKeyUsage |= EXTKEYUSE_SERVER_AUTH;
                 break;
             case EKU_CLIENT_AUTH_OID:
-                cert->extExtKeyUsage |= EXTKEYUSE_CLIENT_AUTH;
+                *extExtKeyUsage |= EXTKEYUSE_CLIENT_AUTH;
                 break;
             case EKU_CODESIGNING_OID:
-                cert->extExtKeyUsage |= EXTKEYUSE_CODESIGN;
+                *extExtKeyUsage |= EXTKEYUSE_CODESIGN;
                 break;
             case EKU_EMAILPROTECT_OID:
-                cert->extExtKeyUsage |= EXTKEYUSE_EMAILPROT;
+                *extExtKeyUsage |= EXTKEYUSE_EMAILPROT;
                 break;
             case EKU_TIMESTAMP_OID:
-                cert->extExtKeyUsage |= EXTKEYUSE_TIMESTAMP;
+                *extExtKeyUsage |= EXTKEYUSE_TIMESTAMP;
                 break;
             case EKU_OCSP_SIGN_OID:
-                cert->extExtKeyUsage |= EXTKEYUSE_OCSP_SIGN;
+                *extExtKeyUsage |= EXTKEYUSE_OCSP_SIGN;
                 break;
             #ifdef WOLFSSL_WOLFSSH
             case EKU_SSH_CLIENT_AUTH_OID:
-                cert->extExtKeyUsageSsh |= EXTKEYUSE_SSH_CLIENT_AUTH;
+                *extExtKeyUsageSsh |= EXTKEYUSE_SSH_CLIENT_AUTH;
                 break;
             case EKU_SSH_MSCL_OID:
-                cert->extExtKeyUsageSsh |= EXTKEYUSE_SSH_MSCL;
+                *extExtKeyUsageSsh |= EXTKEYUSE_SSH_MSCL;
                 break;
             case EKU_SSH_KP_CLIENT_AUTH_OID:
-                cert->extExtKeyUsageSsh |= EXTKEYUSE_SSH_KP_CLIENT_AUTH;
+                *extExtKeyUsageSsh |= EXTKEYUSE_SSH_KP_CLIENT_AUTH;
                 break;
             #endif /* WOLFSSL_WOLFSSH */
             default:
@@ -21448,7 +21789,7 @@ static int DecodeExtKeyUsage(const byte* input, word32 sz, DecodedCert* cert)
         }
 
     #if defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL)
-        cert->extExtKeyUsageCount++;
+        (*extExtKeyUsageCount)++;
     #endif
     }
 
@@ -21460,6 +21801,21 @@ static int DecodeExtKeyUsage(const byte* input, word32 sz, DecodedCert* cert)
 
     WOLFSSL_ENTER("DecodeExtKeyUsage");
 
+    (void) extExtKeyUsageSrc;
+    (void) extExtKeyUsageSz;
+    (void) extExtKeyUsageCount;
+    (void) extExtKeyUsageSsh;
+
+#if defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL)
+    *extExtKeyUsageSrc = NULL;
+    *extExtKeyUsageSz = 0;
+    *extExtKeyUsageCount = 0;
+#endif
+    *extExtKeyUsage = 0;
+#ifdef WOLFSSL_WOLFSSH
+    *extExtKeyUsageSsh = 0;
+#endif
+
     /* Strip SEQUENCE OF and expect to account for all the data. */
     if (GetASN_Sequence(input, &idx, &length, sz, 1) < 0) {
         WOLFSSL_MSG("\tfail: should be a SEQUENCE");
@@ -21469,8 +21825,8 @@ static int DecodeExtKeyUsage(const byte* input, word32 sz, DecodedCert* cert)
     if (ret == 0) {
     #if defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL)
         /* Keep reference for WOLFSSL_X509. */
-        cert->extExtKeyUsageSrc = input + idx;
-        cert->extExtKeyUsageSz = (word32)length;
+        *extExtKeyUsageSrc = input + idx;
+        *extExtKeyUsageSz = (word32)length;
     #endif
     }
 
@@ -21492,31 +21848,31 @@ static int DecodeExtKeyUsage(const byte* input, word32 sz, DecodedCert* cert)
             /* Store the bit for the OID. */
             switch (dataASN[KEYPURPOSEIDASN_IDX_OID].data.oid.sum) {
                 case EKU_ANY_OID:
-                    cert->extExtKeyUsage |= EXTKEYUSE_ANY;
+                    *extExtKeyUsage |= EXTKEYUSE_ANY;
                     break;
                 case EKU_SERVER_AUTH_OID:
-                    cert->extExtKeyUsage |= EXTKEYUSE_SERVER_AUTH;
+                    *extExtKeyUsage |= EXTKEYUSE_SERVER_AUTH;
                     break;
                 case EKU_CLIENT_AUTH_OID:
-                    cert->extExtKeyUsage |= EXTKEYUSE_CLIENT_AUTH;
+                    *extExtKeyUsage |= EXTKEYUSE_CLIENT_AUTH;
                     break;
                 case EKU_CODESIGNING_OID:
-                    cert->extExtKeyUsage |= EXTKEYUSE_CODESIGN;
+                    *extExtKeyUsage |= EXTKEYUSE_CODESIGN;
                     break;
                 case EKU_EMAILPROTECT_OID:
-                    cert->extExtKeyUsage |= EXTKEYUSE_EMAILPROT;
+                    *extExtKeyUsage |= EXTKEYUSE_EMAILPROT;
                     break;
                 case EKU_TIMESTAMP_OID:
-                    cert->extExtKeyUsage |= EXTKEYUSE_TIMESTAMP;
+                    *extExtKeyUsage |= EXTKEYUSE_TIMESTAMP;
                     break;
                 case EKU_OCSP_SIGN_OID:
-                    cert->extExtKeyUsage |= EXTKEYUSE_OCSP_SIGN;
+                    *extExtKeyUsage |= EXTKEYUSE_OCSP_SIGN;
                     break;
             }
 
         #if defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL)
             /* Keep count for WOLFSSL_X509. */
-            cert->extExtKeyUsageCount++;
+            (*extExtKeyUsageCount)++;
         #endif
         }
     }
@@ -21525,6 +21881,46 @@ static int DecodeExtKeyUsage(const byte* input, word32 sz, DecodedCert* cert)
 #endif /* WOLFSSL_ASN_TEMPLATE */
 }
 
+/* Decode extended key usage extension in a certificate.
+ *
+ * X.509: RFC 5280, 4.2.1.12 - Extended Key Usage.
+ *
+ * @param [in]      input  Buffer holding data.
+ * @param [in]      sz     Size of data in buffer.
+ * @param [in, out] cert   Certificate object.
+ * @return  0 on success.
+ * @return  ASN_BITSTR_E when the expected BIT_STRING tag is not found.
+ * @return  ASN_PARSE_E when BER encoded data does not match ASN.1 items or
+ *          is invalid.
+ * @return  MEMORY_E on dynamic memory allocation failure.
+ */
+static int DecodeExtKeyUsageInternal(const byte* input, word32 sz,
+                                     DecodedCert* cert)
+{
+    int ret = 0;
+
+
+    ret = DecodeExtKeyUsage(input, sz,
+#if defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL)
+            &cert->extExtKeyUsageSrc, &cert->extExtKeyUsageSz,
+            &cert->extExtKeyUsageCount,
+#else
+            NULL, NULL, NULL,
+#endif
+            &cert->extExtKeyUsage,
+#ifdef WOLFSSL_WOLFSSH
+            &cert->extExtKeyUsageSsh
+#else
+            NULL
+#endif
+            );
+
+    if (ret != 0)
+        return ret;
+
+    return 0;
+}
+
 #ifndef IGNORE_NETSCAPE_CERT_TYPE
 
 static int DecodeNsCertType(const byte* input, int sz, DecodedCert* cert)
@@ -22634,9 +23030,8 @@ static int DecodeAltSigVal(const byte* input, int sz, DecodedCert* cert)
  * @return  MEMORY_E on dynamic memory allocation failure.
  * @return  Other negative values on error.
  */
-static int DecodeExtensionType(const byte* input, word32 length, word32 oid,
-                               byte critical, DecodedCert* cert,
-                               int *isUnknownExt)
+int DecodeExtensionType(const byte* input, word32 length, word32 oid,
+                        byte critical, DecodedCert* cert, int *isUnknownExt)
 {
     int ret = 0;
     word32 idx = 0;
@@ -22649,7 +23044,7 @@ static int DecodeExtensionType(const byte* input, word32 length, word32 oid,
         case BASIC_CA_OID:
             VERIFY_AND_SET_OID(cert->extBasicConstSet);
             cert->extBasicConstCrit = critical ? 1 : 0;
-            if (DecodeBasicCaConstraint(input, (int)length, cert) < 0) {
+            if (DecodeBasicCaConstraintInternal(input, (int)length, cert) < 0) {
                 ret = ASN_PARSE_E;
             }
             break;
@@ -22706,7 +23101,8 @@ static int DecodeExtensionType(const byte* input, word32 length, word32 oid,
                 ret = ASN_CRIT_EXT_E;
             }
         #endif
-            if ((ret == 0) && (DecodeAuthKeyId(input, length, cert) < 0)) {
+            if ((ret == 0) &&
+                (DecodeAuthKeyIdInternal(input, length, cert) < 0)) {
                 ret = ASN_PARSE_E;
             }
             break;
@@ -22727,7 +23123,8 @@ static int DecodeExtensionType(const byte* input, word32 length, word32 oid,
             }
         #endif
 
-            if ((ret == 0) && (DecodeSubjKeyId(input, length, cert) < 0)) {
+            if ((ret == 0) &&
+                (DecodeSubjKeyIdInternal(input, length, cert) < 0)) {
                 ret = ASN_PARSE_E;
             }
             break;
@@ -22757,7 +23154,7 @@ static int DecodeExtensionType(const byte* input, word32 length, word32 oid,
         case KEY_USAGE_OID:
             VERIFY_AND_SET_OID(cert->extKeyUsageSet);
             cert->extKeyUsageCrit = critical ? 1 : 0;
-            if (DecodeKeyUsage(input, length, cert) < 0) {
+            if (DecodeKeyUsageInternal(input, length, cert) < 0) {
                 ret = ASN_PARSE_E;
             }
             break;
@@ -22766,7 +23163,7 @@ static int DecodeExtensionType(const byte* input, word32 length, word32 oid,
         case EXT_KEY_USAGE_OID:
             VERIFY_AND_SET_OID(cert->extExtKeyUsageSet);
             cert->extExtKeyUsageCrit = critical ? 1 : 0;
-            if (DecodeExtKeyUsage(input, length, cert) < 0) {
+            if (DecodeExtKeyUsageInternal(input, length, cert) < 0) {
                 ret = ASN_PARSE_E;
             }
             break;
@@ -24099,7 +24496,7 @@ static int DecodeCertReq(DecodedCert* cert, int* criticalExt)
 
 #endif /* WOLFSSL_CERT_REQ */
 
-#endif
+#endif /* WOLFSSL_ASN_TEMPLATE */
 
 int ParseCert(DecodedCert* cert, int type, int verify, void* cm)
 {
@@ -25014,7 +25411,7 @@ int wc_CertGetPubKey(const byte* cert, word32 certSz,
  * @return BAD_FUNC_ARG if certDer is NULL, certSz is 0, or pubKeyDerSz is NULL
  * @return BUFFER_E if the provided buffer is too small
  */
-WOLFSSL_API int wc_GetSubjectPubKeyInfoDerFromCert(const byte* certDer,
+int wc_GetSubjectPubKeyInfoDerFromCert(const byte* certDer,
                                                    word32 certDerSz,
                                                    byte* pubKeyDer,
                                                    word32* pubKeyDerSz)
@@ -25413,7 +25810,11 @@ int ParseCertRelative(DecodedCert* cert, int type, int verify, void* cm,
          *   If the cA boolean is not asserted, then the keyCertSign bit in the
          *   key usage extension MUST NOT be asserted. */
         if (!cert->isCA && cert->extKeyUsageSet &&
-                (cert->extKeyUsage & KEYUSE_KEY_CERT_SIGN) != 0) {
+                (cert->extKeyUsage & KEYUSE_KEY_CERT_SIGN) != 0
+        #ifdef ALLOW_SELFSIGNED_INVALID_CERTSIGN
+                && !cert->selfSigned
+        #endif
+        ) {
             WOLFSSL_ERROR_VERBOSE(KEYUSAGE_E);
             return KEYUSAGE_E;
         }
@@ -25670,7 +26071,7 @@ int ParseCertRelative(DecodedCert* cert, int type, int verify, void* cm,
                 }
             }
         #endif /* IGNORE_NAME_CONSTRAINTS */
-        }
+        } /* cert->ca */
 #ifdef WOLFSSL_CERT_REQ
         else if (type == CERTREQ_TYPE) {
             /* try to confirm/verify signature */
@@ -25734,7 +26135,7 @@ int ParseCertRelative(DecodedCert* cert, int type, int verify, void* cm,
 #endif
         else {
             /* no signer */
-            WOLFSSL_MSG("No CA signer to verify with");
+            WOLFSSL_MSG_CERT_LOG("No CA signer to verify with");
             /* If you end up here with error -188,
              * consider using WOLFSSL_ALT_CERT_CHAINS. */
 #if defined(OPENSSL_ALL) || defined(WOLFSSL_QT)
@@ -25747,10 +26148,11 @@ int ParseCertRelative(DecodedCert* cert, int type, int verify, void* cm,
 #endif
             {
                 WOLFSSL_ERROR_VERBOSE(ASN_NO_SIGNER_E);
+                WOLFSSL_MSG_CERT("Consider using WOLFSSL_ALT_CERT_CHAINS.");
                 return ASN_NO_SIGNER_E;
             }
         }
-    }
+    } /* verify != NO_VERIFY && type != CA_TYPE && type != TRUSTED_PEER_TYPE */
 
 #if defined(WOLFSSL_NO_TRUSTED_CERTS_VERIFY) && !defined(NO_SKID)
 exit_pcr:
@@ -25760,7 +26162,7 @@ exit_pcr:
         if (verify != VERIFY_SKIP_DATE) {
             return cert->badDate;
         }
-        WOLFSSL_MSG("Date error: Verify option is skipping");
+        WOLFSSL_MSG_CERT_LOG("Date error: Verify option is skipping");
     }
 
     if (cert->criticalExt != 0)
@@ -26233,11 +26635,11 @@ static wcchar END_ENC_PRIV_KEY     = "-----END ENCRYPTED PRIVATE KEY-----";
 static wcchar BEGIN_PKCS7          = "-----BEGIN PKCS7-----";
 static wcchar END_PKCS7            = "-----END PKCS7-----";
 #endif
-#if defined(HAVE_ECC) || !defined(NO_DSA)
+#if defined(HAVE_ECC) || !defined(NO_DSA) && defined(WOLFSSL_PEM_TO_DER)
     static wcchar BEGIN_DSA_PRIV   = "-----BEGIN DSA PRIVATE KEY-----";
     static wcchar END_DSA_PRIV     = "-----END DSA PRIVATE KEY-----";
 #endif
-#ifdef OPENSSL_EXTRA
+#if defined(OPENSSL_EXTRA) && defined(WOLFSSL_PEM_TO_DER)
     static wcchar BEGIN_PRIV_KEY_PREFIX = "-----BEGIN";
     static wcchar PRIV_KEY_SUFFIX = "PRIVATE KEY-----";
     static wcchar END_PRIV_KEY_PREFIX   = "-----END";
@@ -27847,9 +28249,8 @@ int wc_GetFASCNFromCert(struct DecodedCert* cert, byte* fascn, word32* fascnSz)
 }
 #endif /* WOLFSSL_FPKI */
 
-#if !defined(NO_RSA) && (defined(WOLFSSL_CERT_GEN) || \
-    defined(WOLFSSL_KCAPI_RSA) || \
-    ((defined(WOLFSSL_KEY_GEN) || defined(OPENSSL_EXTRA))))
+#if !defined(NO_RSA) && \
+    (defined(WOLFSSL_KEY_TO_DER) || defined(WOLFSSL_CERT_GEN))
 /* USER RSA ifdef portions used instead of refactor in consideration for
    possible fips build */
 /* Encode a public RSA key to output.
@@ -28031,13 +28432,10 @@ int wc_RsaKeyToPublicDer_ex(RsaKey* key, byte* output, word32 inLen,
     return SetRsaPublicKey(output, key, (int)inLen, with_header);
 }
 
-#endif /* !NO_RSA && (WOLFSSL_CERT_GEN || WOLFSSL_KCAPI_RSA ||
-            ((OPENSSL_EXTRA || WOLFSSL_KEY_GEN))) */
+#endif /* !NO_RSA && WOLFSSL_KEY_TO_DER */
 #endif /* NO_CERTS */
 
-#if (defined(WOLFSSL_KEY_GEN) || defined(OPENSSL_EXTRA) || \
-     defined(WOLFSSL_KCAPI_RSA) || defined(WOLFSSL_SE050)) && \
-     !defined(NO_RSA)
+#if !defined(NO_RSA) && defined(WOLFSSL_KEY_TO_DER)
 
 /* Encode private RSA key in DER format.
  *
@@ -28204,7 +28602,7 @@ int wc_RsaKeyToDer(RsaKey* key, byte* output, word32 inLen)
 #endif
 }
 
-#endif /* (WOLFSSL_KEY_GEN || OPENSSL_EXTRA) && !NO_RSA */
+#endif /* !NO_RSA && WOLFSSL_KEY_TO_DER */
 
 #ifndef NO_CERTS
 
@@ -36917,10 +37315,12 @@ int wc_EccKeyToPKCS8(ecc_key* key, byte* output,
 
 #ifdef WC_ENABLE_ASYM_KEY_IMPORT
 #ifdef WOLFSSL_ASN_TEMPLATE
-/* ASN.1 template for Ed25519 and Ed448 private key.
+/* ASN.1 template for a general asymmetric private key: Ed25519, Ed448,
+ * falcon, dilithium, etc.
  * RFC 8410, 7 - Private Key Format (but public value is EXPLICIT OCTET_STRING)
+ * Check draft-ietf-lamps-dilithium-certificates of draft RFC also.
  */
-static const ASNItem edKeyASN[] = {
+static const ASNItem privateKeyASN[] = {
 /* SEQ            */    { 0, ASN_SEQUENCE, 1, 1, 0 },
                                          /* Version */
 /* VER            */        { 1, ASN_INTEGER, 0, 0, 0 },
@@ -36929,29 +37329,36 @@ static const ASNItem edKeyASN[] = {
 /* PKEYALGO_OID   */            { 2, ASN_OBJECT_ID, 0, 0, 1 },
                                          /* privateKey */
 /* PKEY           */        { 1, ASN_OCTET_STRING, 0, 1, 0 },
-                                             /* CurvePrivateKey */
+                                         /* CurvePrivateKey */
 /* PKEY_CURVEPKEY */            { 2, ASN_OCTET_STRING, 0, 0, 2 },
-/* PKEY_MLDSASEQ  */            { 2, ASN_SEQUENCE, 1, 0, 2 },
+/* PKEY_SEED_ONLY */            { 2, ASN_CONTEXT_SPECIFIC | ASN_PKEY_SEED,
+                                    0, 0, 2 },
+/* PKEY_BOTH_SEQ  */            { 2, ASN_SEQUENCE, 1, 1, 2 },
+/* PKEY_BOTH_SEED */                { 3, ASN_OCTET_STRING, 0, 0, 0 },
+/* PKEY_BOTH_KEY  */                { 3, ASN_OCTET_STRING, 0, 0, 0 },
                                          /* attributes */
 /* ATTRS          */        { 1, ASN_CONTEXT_SPECIFIC | ASN_ASYMKEY_ATTRS, 1, 1, 1 },
                                          /* publicKey */
 /* PUBKEY         */        { 1, ASN_CONTEXT_SPECIFIC | ASN_ASYMKEY_PUBKEY, 0, 0, 1 },
 };
 enum {
-    EDKEYASN_IDX_SEQ = 0,
-    EDKEYASN_IDX_VER,
-    EDKEYASN_IDX_PKEYALGO_SEQ,
-    EDKEYASN_IDX_PKEYALGO_OID,
-    EDKEYASN_IDX_PKEY,
-    EDKEYASN_IDX_PKEY_CURVEPKEY,
-    EDKEYASN_IDX_PKEY_MLDSASEQ,
-    EDKEYASN_IDX_ATTRS,
-    EDKEYASN_IDX_PUBKEY
+    PRIVKEYASN_IDX_SEQ = 0,
+    PRIVKEYASN_IDX_VER,
+    PRIVKEYASN_IDX_PKEYALGO_SEQ,
+    PRIVKEYASN_IDX_PKEYALGO_OID,
+    PRIVKEYASN_IDX_PKEY,
+    PRIVKEYASN_IDX_PKEY_CURVEPKEY,
+    PRIVKEYASN_IDX_PKEY_SEED_ONLY,
+    PRIVKEYASN_IDX_PKEY_BOTH_SEQ,
+    PRIVKEYASN_IDX_PKEY_BOTH_SEED,
+    PRIVKEYASN_IDX_PKEY_BOTH_KEY,
+    PRIVKEYASN_IDX_ATTRS,
+    PRIVKEYASN_IDX_PUBKEY
 };
 
-/* Number of items in ASN.1 template for Ed25519 and Ed448 private key. */
-#define edKeyASN_Length (sizeof(edKeyASN) / sizeof(ASNItem))
-#endif
+/* Number of items in ASN.1 template for private key. */
+#define privateKeyASN_Length (sizeof(privateKeyASN) / sizeof(ASNItem))
+#endif /* WOLFSSL_ASN_TEMPLATE */
 
 #if ((defined(HAVE_ED25519) && defined(HAVE_ED25519_KEY_IMPORT)) \
     || (defined(HAVE_CURVE25519) && defined(HAVE_CURVE25519_KEY_IMPORT)) \
@@ -36961,9 +37368,11 @@ enum {
 
 
 int DecodeAsymKey_Assign(const byte* input, word32* inOutIdx, word32 inSz,
+    const byte** seed, word32* seedLen,
     const byte** privKey, word32* privKeyLen,
     const byte** pubKey, word32* pubKeyLen, int* inOutKeyType)
 {
+    int allowSeed = 0;
 #ifndef WOLFSSL_ASN_TEMPLATE
     word32 oid;
     int version, length, endKeyIdx, privSz, pubSz;
@@ -36971,19 +37380,30 @@ int DecodeAsymKey_Assign(const byte* input, word32* inOutIdx, word32 inSz,
     const byte* pub;
 #else
     int ret = 0;
-    DECL_ASNGETDATA(dataASN, edKeyASN_Length);
-    CALLOC_ASNGETDATA(dataASN, edKeyASN_Length, ret, NULL);
+    DECL_ASNGETDATA(dataASN, privateKeyASN_Length);
+    CALLOC_ASNGETDATA(dataASN, privateKeyASN_Length, ret, NULL);
 #endif
 
     if (input == NULL || inOutIdx == NULL || inSz == 0 ||
-        privKey == NULL || privKeyLen == NULL || inOutKeyType == NULL) {
+        (seed == NULL && seedLen != NULL) ||
+        (seed != NULL && seedLen == NULL) ||
+        privKey == NULL || privKeyLen == NULL ||
+        pubKey == NULL || pubKeyLen == NULL ||
+        inOutKeyType == NULL) {
     #ifdef WOLFSSL_ASN_TEMPLATE
         FREE_ASNGETDATA(dataASN, NULL);
     #endif
         return BAD_FUNC_ARG;
     }
 
+    allowSeed = (seed != NULL && seedLen != NULL);
+
 #ifndef WOLFSSL_ASN_TEMPLATE
+    /* The seed can't be parsed without WOLFSSL_ASN_TEMPLATE */
+    if (allowSeed) {
+        return ASN_PARSE_E;
+    }
+
     if (GetSequence(input, inOutIdx, &length, inSz) >= 0) {
         endKeyIdx = (int)*inOutIdx + length;
 
@@ -37011,13 +37431,7 @@ int DecodeAsymKey_Assign(const byte* input, word32* inOutIdx, word32 inSz,
             return ASN_PARSE_E;
 
         if (GetOctetString(input, inOutIdx, &privSz, inSz) < 0) {
-            if (oid != ML_DSA_LEVEL2k && oid != ML_DSA_LEVEL3k &&
-                    oid != ML_DSA_LEVEL5k) {
-                return ASN_PARSE_E;
-            }
-            if (GetSequence(input, inOutIdx, &privSz, inSz) < 0) {
-                return ASN_PARSE_E;
-            }
+            return ASN_PARSE_E;
         }
 
         priv = input + *inOutIdx;
@@ -37069,62 +37483,78 @@ int DecodeAsymKey_Assign(const byte* input, word32* inOutIdx, word32 inSz,
             /* Explicit OID check - use expected type */
             const byte* oidDerBytes = OidFromId((word32)*inOutKeyType,
                                                 oidKeyType, &oidSz);
-            GetASN_ExpBuffer(&dataASN[EDKEYASN_IDX_PKEYALGO_OID], oidDerBytes,
+            GetASN_ExpBuffer(&dataASN[PRIVKEYASN_IDX_PKEYALGO_OID], oidDerBytes,
                             oidSz);
         }
         else {
             /* Auto-detect OID using template */
-            GetASN_OID(&dataASN[EDKEYASN_IDX_PKEYALGO_OID], oidKeyType);
+            GetASN_OID(&dataASN[PRIVKEYASN_IDX_PKEYALGO_OID], oidKeyType);
         }
 
         /* Parse full private key. */
-        ret = GetASN_Items(edKeyASN, dataASN, edKeyASN_Length, 1, input,
-                inOutIdx, inSz);
-        if (ret != 0) {
-            /* Parse just the OCTET_STRING. */
-            ret = GetASN_Items(&edKeyASN[EDKEYASN_IDX_PKEY_CURVEPKEY],
-                    &dataASN[EDKEYASN_IDX_PKEY_CURVEPKEY], 1, 0, input,
-                    inOutIdx, inSz);
+        ret = GetASN_Items(privateKeyASN, dataASN, privateKeyASN_Length, 1,
+                input, inOutIdx, inSz);
+        if (ret == 0) {
+            /* Store detected OID if requested */
+            if (ret == 0 && *inOutKeyType == ANONk) {
+                *inOutKeyType =
+                    (int)dataASN[PRIVKEYASN_IDX_PKEYALGO_OID].data.oid.sum;
+            }
+        }
+        /* Parse traditional format (a part of full private key). */
+        else if (ret != 0) {
+            ret = GetASN_Items(&privateKeyASN[PRIVKEYASN_IDX_PKEY_CURVEPKEY],
+                    &dataASN[PRIVKEYASN_IDX_PKEY_CURVEPKEY],
+                    PRIVKEYASN_IDX_ATTRS - PRIVKEYASN_IDX_PKEY_CURVEPKEY, 0,
+                    input, inOutIdx, inSz);
             if (ret != 0) {
                 ret = ASN_PARSE_E;
             }
         }
-
-        /* Store detected OID if requested */
-        if (ret == 0 && *inOutKeyType == ANONk) {
-            *inOutKeyType =
-                (int)dataASN[EDKEYASN_IDX_PKEYALGO_OID].data.oid.sum;
+    }
+    if (ret == 0) {
+        /* priv-only */
+        if (dataASN[PRIVKEYASN_IDX_PKEY_CURVEPKEY].data.ref.length != 0) {
+            if (allowSeed) {
+               *seedLen = 0;
+               *seed = NULL;
+            }
+            *privKeyLen
+                = dataASN[PRIVKEYASN_IDX_PKEY_CURVEPKEY].data.ref.length;
+            *privKey = dataASN[PRIVKEYASN_IDX_PKEY_CURVEPKEY].data.ref.data;
         }
-    }
-    if (ret == 0 && dataASN[EDKEYASN_IDX_PKEY_CURVEPKEY].data.ref.length != 0) {
-        /* Import private value. */
-        *privKeyLen = dataASN[EDKEYASN_IDX_PKEY_CURVEPKEY].data.ref.length;
-        *privKey = dataASN[EDKEYASN_IDX_PKEY_CURVEPKEY].data.ref.data;
-    }
-    else if (ret == 0 &&
-             dataASN[EDKEYASN_IDX_PKEY_MLDSASEQ].data.ref.length != 0) {
-        if (*inOutKeyType != ML_DSA_LEVEL2k &&
-                *inOutKeyType != ML_DSA_LEVEL3k &&
-                *inOutKeyType != ML_DSA_LEVEL5k) {
-            ret = ASN_PARSE_E;
+        /* seed-only */
+        else if (allowSeed &&
+            dataASN[PRIVKEYASN_IDX_PKEY_SEED_ONLY].data.ref.length != 0) {
+            *seedLen = dataASN[PRIVKEYASN_IDX_PKEY_SEED_ONLY].data.ref.length;
+            *seed = dataASN[PRIVKEYASN_IDX_PKEY_SEED_ONLY].data.ref.data;
+            *privKeyLen = 0;
+            *privKey = NULL;
+        }
+        /* seed-priv */
+        else if (allowSeed &&
+            dataASN[PRIVKEYASN_IDX_PKEY_BOTH_SEQ].data.ref.length != 0) {
+            *seedLen = dataASN[PRIVKEYASN_IDX_PKEY_BOTH_SEED].data.ref.length;
+            *seed = dataASN[PRIVKEYASN_IDX_PKEY_BOTH_SEED].data.ref.data;
+            *privKeyLen = dataASN[PRIVKEYASN_IDX_PKEY_BOTH_KEY].data.ref.length;
+            *privKey = dataASN[PRIVKEYASN_IDX_PKEY_BOTH_KEY].data.ref.data;
         }
         else {
-            /* Import private value. */
-            *privKeyLen = dataASN[EDKEYASN_IDX_PKEY_MLDSASEQ].data.ref.length;
-            *privKey = dataASN[EDKEYASN_IDX_PKEY_MLDSASEQ].data.ref.data;
+            ret = ASN_PARSE_E;
         }
     }
-    if ((ret == 0) && dataASN[EDKEYASN_IDX_PUBKEY].tag == 0) {
-        /* Set public length to 0 as not seen. */
-        if (pubKeyLen != NULL)
+
+    if (ret == 0) {
+        if (dataASN[PRIVKEYASN_IDX_PUBKEY].data.ref.length != 0) {
+            /* Import public value. */
+            *pubKeyLen = dataASN[PRIVKEYASN_IDX_PUBKEY].data.ref.length;
+            *pubKey = dataASN[PRIVKEYASN_IDX_PUBKEY].data.ref.data;
+        }
+        else {
+            /* Set public length to 0 as not seen. */
             *pubKeyLen = 0;
-    }
-    else if (ret == 0) {
-        /* Import public value. */
-        if (pubKeyLen != NULL)
-            *pubKeyLen = dataASN[EDKEYASN_IDX_PUBKEY].data.ref.length;
-        if (pubKey != NULL && pubKeyLen != NULL)
-            *pubKey = dataASN[EDKEYASN_IDX_PUBKEY].data.ref.data;
+            *pubKey = NULL;
+        }
     }
 
     FREE_ASNGETDATA(dataASN, NULL);
@@ -37147,8 +37577,8 @@ int DecodeAsymKey(const byte* input, word32* inOutIdx, word32 inSz,
     }
 
     if (ret == 0) {
-        ret = DecodeAsymKey_Assign(input, inOutIdx, inSz, &privKeyPtr,
-            &privKeyPtrLen, &pubKeyPtr, &pubKeyPtrLen, &keyType);
+        ret = DecodeAsymKey_Assign(input, inOutIdx, inSz, NULL, NULL,
+            &privKeyPtr, &privKeyPtrLen, &pubKeyPtr, &pubKeyPtrLen, &keyType);
     }
     if ((ret == 0) && (privKeyPtrLen > *privKeyLen)) {
         ret = BUFFER_E;
@@ -37267,7 +37697,6 @@ int DecodeAsymKeyPublic_Assign(const byte* input, word32* inOutIdx, word32 inSz,
     FREE_ASNGETDATA(dataASN, NULL);
 #endif /* WOLFSSL_ASN_TEMPLATE */
     return ret;
-
 }
 
 int DecodeAsymKeyPublic(const byte* input, word32* inOutIdx, word32 inSz,
@@ -37295,7 +37724,7 @@ int DecodeAsymKeyPublic(const byte* input, word32* inOutIdx, word32 inSz,
 
     return ret;
 }
-#endif
+#endif /* HAVE_ED25519 || etc... ||  HAVE_DILITHIUM || HAVE_SPHINCS */
 #endif /* WC_ENABLE_ASYM_KEY_IMPORT */
 
 #if defined(HAVE_ED25519) && defined(HAVE_ED25519_KEY_IMPORT)
@@ -37464,9 +37893,9 @@ int SetAsymKeyDer(const byte* privKey, word32 privKeyLen,
 {
     int ret = 0;
 #ifndef WOLFSSL_ASN_TEMPLATE
-    word32 idx = 0, seqSz, verSz, algoSz, privSz, pubSz = 0, sz;
+    word32 idx = 0, seqSz, verSz, algoSz, tmpSz, privSz, pubSz = 0, sz;
 #else
-    DECL_ASNSETDATA(dataASN, edKeyASN_Length);
+    DECL_ASNSETDATA(dataASN, privateKeyASN_Length);
     int sz = 0;
 #endif
 
@@ -37481,9 +37910,13 @@ int SetAsymKeyDer(const byte* privKey, word32 privKeyLen,
 #ifndef WOLFSSL_ASN_TEMPLATE
     /* calculate size */
     if (pubKey) {
-        pubSz = 2 + pubKeyLen;
+        pubSz = SetHeader(ASN_CONTEXT_SPECIFIC | ASN_ASYMKEY_PUBKEY, pubKeyLen,
+            NULL, 0) + pubKeyLen;
     }
-    privSz = 2 + 2 + privKeyLen;
+
+    tmpSz  = SetOctetString(privKeyLen, NULL) + privKeyLen;
+
+    privSz = SetOctetString(tmpSz, NULL) + tmpSz;
     algoSz = SetAlgoID(keyType, NULL, oidKeyType, 0);
     verSz  = 3; /* version is 3 bytes (enum + id + version(byte)) */
     seqSz  = SetSequence(verSz + algoSz + privSz + pubSz, NULL);
@@ -37506,14 +37939,14 @@ int SetAsymKeyDer(const byte* privKey, word32 privKeyLen,
         algoSz = SetAlgoID(keyType, output + idx, oidKeyType, 0);
         idx += algoSz;
         /* privKey */
-        idx += SetOctetString(2 + privKeyLen, output + idx);
+        idx += SetOctetString(tmpSz, output + idx);
         idx += SetOctetString(privKeyLen, output + idx);
         XMEMCPY(output + idx, privKey, privKeyLen);
         idx += privKeyLen;
         /* pubKey */
         if (pubKey) {
-            idx += SetHeader(ASN_CONTEXT_SPECIFIC | ASN_ASYMKEY_PUBKEY |
-                             1, pubKeyLen, output + idx, 0);
+            idx += SetHeader(ASN_CONTEXT_SPECIFIC | ASN_ASYMKEY_PUBKEY,
+                pubKeyLen, output + idx, 0);
             XMEMCPY(output + idx, pubKey, pubKeyLen);
             idx += pubKeyLen;
         }
@@ -37525,32 +37958,33 @@ int SetAsymKeyDer(const byte* privKey, word32 privKeyLen,
     }
 #else
 
-    CALLOC_ASNSETDATA(dataASN, edKeyASN_Length, ret, NULL);
+    CALLOC_ASNSETDATA(dataASN, privateKeyASN_Length, ret, NULL);
 
     if (ret == 0) {
         /* Set version = 0 */
-        SetASN_Int8Bit(&dataASN[EDKEYASN_IDX_VER], 0);
+        SetASN_Int8Bit(&dataASN[PRIVKEYASN_IDX_VER], 0);
         /* Set OID. */
-        SetASN_OID(&dataASN[EDKEYASN_IDX_PKEYALGO_OID], (word32)keyType,
+        SetASN_OID(&dataASN[PRIVKEYASN_IDX_PKEYALGO_OID], (word32)keyType,
                    oidKeyType);
         /* Leave space for private key. */
-        SetASN_Buffer(&dataASN[EDKEYASN_IDX_PKEY_CURVEPKEY], NULL, privKeyLen);
+        SetASN_Buffer(&dataASN[PRIVKEYASN_IDX_PKEY_CURVEPKEY], NULL, privKeyLen);
+        /* Don't write ML-DSA specific things. */
+        SetASNItem_NoOut(dataASN, PRIVKEYASN_IDX_PKEY_SEED_ONLY,
+            PRIVKEYASN_IDX_ATTRS);
         /* Don't write out attributes. */
-        dataASN[EDKEYASN_IDX_ATTRS].noOut = 1;
-        /* Don't write sequence. */
-        dataASN[EDKEYASN_IDX_PKEY_MLDSASEQ].noOut = 1;
+        dataASN[PRIVKEYASN_IDX_ATTRS].noOut = 1;
         if (pubKey) {
             /* Leave space for public key. */
-            SetASN_Buffer(&dataASN[EDKEYASN_IDX_PUBKEY], NULL, pubKeyLen);
+            SetASN_Buffer(&dataASN[PRIVKEYASN_IDX_PUBKEY], NULL, pubKeyLen);
         }
         else {
             /* Don't put out public part. */
-            SetASNItem_NoOutNode(dataASN, edKeyASN, EDKEYASN_IDX_PUBKEY,
-                    edKeyASN_Length);
+            SetASNItem_NoOutNode(dataASN, privateKeyASN, PRIVKEYASN_IDX_PUBKEY,
+                    privateKeyASN_Length);
         }
 
         /* Calculate the size of encoding. */
-        ret = SizeASN_Items(edKeyASN, dataASN, edKeyASN_Length, &sz);
+        ret = SizeASN_Items(privateKeyASN, dataASN, privateKeyASN_Length, &sz);
     }
 
     /* Check buffer is big enough. */
@@ -37559,15 +37993,15 @@ int SetAsymKeyDer(const byte* privKey, word32 privKeyLen,
     }
     if ((ret == 0) && (output != NULL)) {
         /* Encode private key. */
-        SetASN_Items(edKeyASN, dataASN, edKeyASN_Length, output);
+        SetASN_Items(privateKeyASN, dataASN, privateKeyASN_Length, output);
 
         /* Put private value into space provided. */
-        XMEMCPY((byte*)dataASN[EDKEYASN_IDX_PKEY_CURVEPKEY].data.buffer.data,
+        XMEMCPY((byte*)dataASN[PRIVKEYASN_IDX_PKEY_CURVEPKEY].data.buffer.data,
                 privKey, privKeyLen);
 
         if (pubKey != NULL) {
             /* Put public value into space provided. */
-            XMEMCPY((byte*)dataASN[EDKEYASN_IDX_PUBKEY].data.buffer.data,
+            XMEMCPY((byte*)dataASN[PRIVKEYASN_IDX_PUBKEY].data.buffer.data,
                     pubKey, pubKeyLen);
         }
     }
@@ -41238,7 +41672,7 @@ int wc_ParseCertPIV(wc_CertPIV* piv, const byte* buf, word32 totalSz)
     DECL_ASNGETDATA(dataASN, pivCertASN_Length);
     int ret = 0;
     word32 idx;
-    byte info;
+    byte info = 0;
 
     WOLFSSL_ENTER("wc_ParseCertPIV");
 
diff --git a/wolfcrypt/src/chacha.c b/wolfcrypt/src/chacha.c
index d42186ec2..1ba0f25ce 100644
--- a/wolfcrypt/src/chacha.c
+++ b/wolfcrypt/src/chacha.c
@@ -109,8 +109,7 @@ Public domain.
         #define HAVE_INTEL_AVX2
     #endif
 
-    static int cpuidFlagsSet = 0;
-    static word32 cpuidFlags = 0;
+    static cpuid_flags_t cpuidFlags = WC_CPUID_INITIALIZER;
 #endif
 
 /**
@@ -332,10 +331,7 @@ int wc_Chacha_Process(ChaCha* ctx, byte* output, const byte* input,
         return 0;
     }
 
-    if (!cpuidFlagsSet) {
-        cpuidFlags = cpuid_get_flags();
-        cpuidFlagsSet = 1;
-    }
+    cpuid_get_flags_ex(&cpuidFlags);
 
     #ifdef HAVE_INTEL_AVX2
     if (IS_INTEL_AVX2(cpuidFlags)) {
diff --git a/wolfcrypt/src/chacha20_poly1305.c b/wolfcrypt/src/chacha20_poly1305.c
index d87325de4..0503726bf 100644
--- a/wolfcrypt/src/chacha20_poly1305.c
+++ b/wolfcrypt/src/chacha20_poly1305.c
@@ -401,7 +401,7 @@ static WC_INLINE int wc_XChaCha20Poly1305_crypt_oneshot(
         goto out;
     }
 
-    if ((long int)dst_space < dst_len) {
+    if (dst_len < 0 || (long int)dst_space < dst_len) {
         ret = BUFFER_E;
         goto out;
     }
diff --git a/wolfcrypt/src/chacha_asm.asm b/wolfcrypt/src/chacha_asm.asm
index e2fc41dd7..fa46ba112 100644
--- a/wolfcrypt/src/chacha_asm.asm
+++ b/wolfcrypt/src/chacha_asm.asm
@@ -1,6 +1,6 @@
 ; /* chacha_asm.asm */
 ; /*
-; * Copyright (C) 2006-2025 wolfSSL Inc.
+;  * Copyright (C) 2006-2025 wolfSSL Inc.
 ;  *
 ;  * This file is part of wolfSSL.
 ;  *
diff --git a/wolfcrypt/src/coding.c b/wolfcrypt/src/coding.c
index 2b0a4b212..adff99433 100644
--- a/wolfcrypt/src/coding.c
+++ b/wolfcrypt/src/coding.c
@@ -171,13 +171,9 @@ int Base64_Decode_nonCT(const byte* in, word32 inLen, byte* out, word32* outLen)
 {
     word32 i = 0;
     word32 j = 0;
-    word32 plainSz = inLen - ((inLen + (BASE64_LINE_SZ - 1)) / BASE64_LINE_SZ );
     int ret;
     const byte maxIdx = BASE64DECODE_TABLE_SZ + BASE64_MIN - 1;
 
-    plainSz = (plainSz * 3 + 3) / 4;
-    if (plainSz > *outLen) return BAD_FUNC_ARG;
-
     while (inLen > 3) {
         int pad3 = 0;
         int pad4 = 0;
@@ -233,7 +229,7 @@ int Base64_Decode_nonCT(const byte* in, word32 inLen, byte* out, word32* outLen)
 
         if (i + 1 + !pad3 + !pad4 > *outLen) {
             WOLFSSL_MSG("Bad Base64 Decode out buffer, too small");
-            return BAD_FUNC_ARG;
+            return BUFFER_E;
         }
 
         e1 = Base64_Char2Val_by_table(e1);
@@ -263,6 +259,7 @@ int Base64_Decode_nonCT(const byte* in, word32 inLen, byte* out, word32* outLen)
     if (out && *outLen > i)
         out[i]= '\0';
 
+    /* Note, *outLen won't reflect the optional terminating null. */
     *outLen = i;
 
     return 0;
@@ -274,12 +271,8 @@ int Base64_Decode(const byte* in, word32 inLen, byte* out, word32* outLen)
 {
     word32 i = 0;
     word32 j = 0;
-    word32 plainSz = inLen - ((inLen + (BASE64_LINE_SZ - 1)) / BASE64_LINE_SZ );
     int ret;
 
-    plainSz = (plainSz * 3 + 3) / 4;
-    if (plainSz > *outLen) return BAD_FUNC_ARG;
-
     while (inLen > 3) {
         int pad3 = 0;
         int pad4 = 0;
@@ -324,7 +317,7 @@ int Base64_Decode(const byte* in, word32 inLen, byte* out, word32* outLen)
 
         if (i + 1 + !pad3 + !pad4 > *outLen) {
             WOLFSSL_MSG("Bad Base64 Decode out buffer, too small");
-            return BAD_FUNC_ARG;
+            return BUFFER_E;
         }
 
         e1 = Base64_Char2Val_CT(e1);
@@ -354,6 +347,7 @@ int Base64_Decode(const byte* in, word32 inLen, byte* out, word32* outLen)
     if (out && *outLen > i)
         out[i]= '\0';
 
+    /* Note, *outLen won't reflect the optional terminating null. */
     *outLen = i;
 
     return 0;
@@ -630,7 +624,7 @@ int Base16_Decode(const byte* in, word32 inLen, byte* out, word32* outLen)
         return BAD_FUNC_ARG;
 
     if (*outLen < (inLen / 2))
-        return BAD_FUNC_ARG;
+        return BUFFER_E;
 
     while (inLen) {
         byte b  = (byte)(in[inIdx++] - BASE16_MIN);  /* 0 starts at 0x30 */
diff --git a/wolfcrypt/src/cpuid.c b/wolfcrypt/src/cpuid.c
index 978cbf536..5c3e333ff 100644
--- a/wolfcrypt/src/cpuid.c
+++ b/wolfcrypt/src/cpuid.c
@@ -25,11 +25,41 @@
 
 #if defined(HAVE_CPUID) || defined(HAVE_CPUID_INTEL) || \
     defined(HAVE_CPUID_AARCH64)
-    static word32 cpuid_check = 0;
-    static word32 cpuid_flags = 0;
+    static cpuid_flags_atomic_t cpuid_flags = WC_CPUID_ATOMIC_INITIALIZER;
 #endif
 
-#ifdef HAVE_CPUID_INTEL
+#if defined(HAVE_CPUID_INTEL) && defined(WOLFSSL_SGX)
+    /* @TODO calling cpuid from a trusted enclave needs additional hardening.
+     * For initial benchmarking, the cpu support is getting hard set.
+     * Another thing of note is cpuid calls cause a SIGILL signal, see
+     * github issue #5 on intel/intel-sgx-ssl */
+
+    /* For tying in an actual external call to cpuid this header and function
+     * call would be used :
+     * #include <sgx_cpuid.h>
+     * #define cpuid(reg, leaf, sub) sgx_cpuidex((reg),(leaf),(sub))
+     */
+    void cpuid_set_flags(void)
+    {
+        if (WOLFSSL_ATOMIC_LOAD(cpuid_flags) == WC_CPUID_INITIALIZER) {
+            cpuid_flags_t new_cpuid_flags = 0,
+                old_cpuid_flags = WC_CPUID_INITIALIZER;
+
+            new_cpuid_flags |= CPUID_AVX1;
+            new_cpuid_flags |= CPUID_AVX2;
+            new_cpuid_flags |= CPUID_BMI2;
+            new_cpuid_flags |= CPUID_RDSEED;
+            new_cpuid_flags |= CPUID_AESNI;
+            new_cpuid_flags |= CPUID_ADX;
+            new_cpuid_flags |= CPUID_MOVBE;
+            new_cpuid_flags |= CPUID_BMI1;
+
+            (void)wolfSSL_Atomic_Uint_CompareExchange
+                (&cpuid_flags, &old_cpuid_flags, new_cpuid_flags);
+        }
+    }
+
+#elif defined(HAVE_CPUID_INTEL)
     /* Each platform needs to query info type 1 from cpuid to see if aesni is
      * supported. Also, let's setup a macro for proper linkage w/o ABI conflicts
      */
@@ -50,7 +80,7 @@
     #define ECX 2
     #define EDX 3
 
-    static word32 cpuid_flag(word32 leaf, word32 sub, word32 num, word32 bit)
+    static cpuid_flags_t cpuid_flag(word32 leaf, word32 sub, word32 num, word32 bit)
     {
         int got_intel_cpu = 0;
         int got_amd_cpu = 0;
@@ -81,21 +111,23 @@
     }
 
 
-    void cpuid_set_flags(void)
+    static WC_INLINE void cpuid_set_flags(void)
     {
-        if (!cpuid_check) {
-            if (cpuid_flag(1, 0, ECX, 28)) { cpuid_flags |= CPUID_AVX1  ; }
-            if (cpuid_flag(7, 0, EBX,  5)) { cpuid_flags |= CPUID_AVX2  ; }
-            if (cpuid_flag(7, 0, EBX,  8)) { cpuid_flags |= CPUID_BMI2  ; }
-            if (cpuid_flag(1, 0, ECX, 30)) { cpuid_flags |= CPUID_RDRAND; }
-            if (cpuid_flag(7, 0, EBX, 18)) { cpuid_flags |= CPUID_RDSEED; }
-            if (cpuid_flag(1, 0, ECX, 25)) { cpuid_flags |= CPUID_AESNI ; }
-            if (cpuid_flag(7, 0, EBX, 19)) { cpuid_flags |= CPUID_ADX   ; }
-            if (cpuid_flag(1, 0, ECX, 22)) { cpuid_flags |= CPUID_MOVBE ; }
-            if (cpuid_flag(7, 0, EBX,  3)) { cpuid_flags |= CPUID_BMI1  ; }
-            if (cpuid_flag(7, 0, EBX, 29)) { cpuid_flags |= CPUID_SHA   ; }
-
-            cpuid_check = 1;
+        if (WOLFSSL_ATOMIC_LOAD(cpuid_flags) == WC_CPUID_INITIALIZER) {
+            cpuid_flags_t new_cpuid_flags = 0,
+                old_cpuid_flags = WC_CPUID_INITIALIZER;
+            if (cpuid_flag(1, 0, ECX, 28)) { new_cpuid_flags |= CPUID_AVX1  ; }
+            if (cpuid_flag(7, 0, EBX,  5)) { new_cpuid_flags |= CPUID_AVX2  ; }
+            if (cpuid_flag(7, 0, EBX,  8)) { new_cpuid_flags |= CPUID_BMI2  ; }
+            if (cpuid_flag(1, 0, ECX, 30)) { new_cpuid_flags |= CPUID_RDRAND; }
+            if (cpuid_flag(7, 0, EBX, 18)) { new_cpuid_flags |= CPUID_RDSEED; }
+            if (cpuid_flag(1, 0, ECX, 25)) { new_cpuid_flags |= CPUID_AESNI ; }
+            if (cpuid_flag(7, 0, EBX, 19)) { new_cpuid_flags |= CPUID_ADX   ; }
+            if (cpuid_flag(1, 0, ECX, 22)) { new_cpuid_flags |= CPUID_MOVBE ; }
+            if (cpuid_flag(7, 0, EBX,  3)) { new_cpuid_flags |= CPUID_BMI1  ; }
+            if (cpuid_flag(7, 0, EBX, 29)) { new_cpuid_flags |= CPUID_SHA   ; }
+            (void)wolfSSL_Atomic_Uint_CompareExchange
+                (&cpuid_flags, &old_cpuid_flags, new_cpuid_flags);
         }
     }
 #elif defined(HAVE_CPUID_AARCH64)
@@ -113,9 +145,11 @@
     /* https://developer.arm.com/documentation/ddi0601/2024-09/AArch64-Registers
      * /ID-AA64ISAR0-EL1--AArch64-Instruction-Set-Attribute-Register-0 */
 
-    void cpuid_set_flags(void)
+    static WC_INLINE void cpuid_set_flags(void)
     {
-        if (!cpuid_check) {
+        if (WOLFSSL_ATOMIC_LOAD(cpuid_flags) == WC_CPUID_INITIALIZER) {
+            cpuid_flags_t new_cpuid_flags = 0,
+                old_cpuid_flags = WC_CPUID_INITIALIZER;
             word64 features;
 
             __asm__ __volatile (
@@ -126,25 +160,26 @@
             );
 
             if (features & CPUID_AARCH64_FEAT_AES)
-                cpuid_flags |= CPUID_AES;
+                new_cpuid_flags |= CPUID_AES;
             if (features & CPUID_AARCH64_FEAT_AES_PMULL) {
-                cpuid_flags |= CPUID_AES;
-                cpuid_flags |= CPUID_PMULL;
+                new_cpuid_flags |= CPUID_AES;
+                new_cpuid_flags |= CPUID_PMULL;
             }
             if (features & CPUID_AARCH64_FEAT_SHA256)
-                cpuid_flags |= CPUID_SHA256;
+                new_cpuid_flags |= CPUID_SHA256;
             if (features & CPUID_AARCH64_FEAT_SHA256_512)
-                cpuid_flags |= CPUID_SHA256 | CPUID_SHA512;
+                new_cpuid_flags |= CPUID_SHA256 | CPUID_SHA512;
             if (features & CPUID_AARCH64_FEAT_RDM)
-                cpuid_flags |= CPUID_RDM;
+                new_cpuid_flags |= CPUID_RDM;
             if (features & CPUID_AARCH64_FEAT_SHA3)
-                cpuid_flags |= CPUID_SHA3;
+                new_cpuid_flags |= CPUID_SHA3;
             if (features & CPUID_AARCH64_FEAT_SM3)
-                cpuid_flags |= CPUID_SM3;
+                new_cpuid_flags |= CPUID_SM3;
             if (features & CPUID_AARCH64_FEAT_SM4)
-                cpuid_flags |= CPUID_SM4;
+                new_cpuid_flags |= CPUID_SM4;
 
-            cpuid_check = 1;
+            (void)wolfSSL_Atomic_Uint_CompareExchange
+                (&cpuid_flags, &old_cpuid_flags, new_cpuid_flags);
         }
     }
 #elif defined(__linux__)
@@ -154,42 +189,45 @@
     #include <sys/auxv.h>
     #include <asm/hwcap.h>
 
-    void cpuid_set_flags(void)
+    static WC_INLINE void cpuid_set_flags(void)
     {
-        if (!cpuid_check) {
+        if (WOLFSSL_ATOMIC_LOAD(cpuid_flags) == WC_CPUID_INITIALIZER) {
+            cpuid_flags_t new_cpuid_flags = 0,
+                old_cpuid_flags = WC_CPUID_INITIALIZER;
             word64 hwcaps = getauxval(AT_HWCAP);
 
         #ifndef WOLFSSL_ARMASM_NO_HW_CRYPTO
             if (hwcaps & HWCAP_AES)
-                cpuid_flags |= CPUID_AES;
+                new_cpuid_flags |= CPUID_AES;
             if (hwcaps & HWCAP_PMULL)
-                cpuid_flags |= CPUID_PMULL;
+                new_cpuid_flags |= CPUID_PMULL;
             if (hwcaps & HWCAP_SHA2)
-                cpuid_flags |= CPUID_SHA256;
+                new_cpuid_flags |= CPUID_SHA256;
         #endif
         #ifdef WOLFSSL_ARMASM_CRYPTO_SHA512
             if (hwcaps & HWCAP_SHA512)
-                cpuid_flags |= CPUID_SHA512;
+                new_cpuid_flags |= CPUID_SHA512;
         #endif
         #if defined(HWCAP_ASIMDRDM) && !defined(WOLFSSL_AARCH64_NO_SQRDMLSH)
             if (hwcaps & HWCAP_ASIMDRDM)
-                cpuid_flags |= CPUID_RDM;
+                new_cpuid_flags |= CPUID_RDM;
         #endif
         #ifdef WOLFSSL_ARMASM_CRYPTO_SHA3
             if (hwcaps & HWCAP_SHA3)
-                cpuid_flags |= CPUID_SHA3;
+                new_cpuid_flags |= CPUID_SHA3;
         #endif
         #ifdef WOLFSSL_ARMASM_CRYPTO_SM3
             if (hwcaps & HWCAP_SM3)
-                cpuid_flags |= CPUID_SM3;
+                new_cpuid_flags |= CPUID_SM3;
         #endif
         #ifdef WOLFSSL_ARMASM_CRYPTO_SM4
             if (hwcaps & HWCAP_SM4)
-                cpuid_flags |= CPUID_SM4;
+                new_cpuid_flags |= CPUID_SM4;
         #endif
 
             (void)hwcaps;
-            cpuid_check = 1;
+            (void)wolfSSL_Atomic_Uint_CompareExchange
+                (&cpuid_flags, &old_cpuid_flags, new_cpuid_flags);
         }
     }
 #elif defined(__ANDROID__) || defined(ANDROID)
@@ -198,19 +236,22 @@
 
     #include "cpu-features.h"
 
-    void cpuid_set_flags(void)
+    static WC_INLINE void cpuid_set_flags(void)
     {
-        if (!cpuid_check) {
+        if (WOLFSSL_ATOMIC_LOAD(cpuid_flags) == WC_CPUID_INITIALIZER) {
+            cpuid_flags_t new_cpuid_flags = 0,
+                old_cpuid_flags = WC_CPUID_INITIALIZER;
             word64 features = android_getCpuFeatures();
 
             if (features & ANDROID_CPU_ARM_FEATURE_AES)
-                cpuid_flags |= CPUID_AES;
+                new_cpuid_flags |= CPUID_AES;
             if (features & ANDROID_CPU_ARM_FEATURE_PMULL)
-                cpuid_flags |= CPUID_PMULL;
+                new_cpuid_flags |= CPUID_PMULL;
             if (features & ANDROID_CPU_ARM_FEATURE_SHA2)
-                cpuid_flags |= CPUID_SHA256;
+                new_cpuid_flags |= CPUID_SHA256;
 
-            cpuid_check = 1;
+            (void)wolfSSL_Atomic_Uint_CompareExchange
+                (&cpuid_flags, &old_cpuid_flags, new_cpuid_flags);
         }
     }
 #elif defined(__APPLE__)
@@ -229,29 +270,32 @@
         return ret;
     }
 
-    void cpuid_set_flags(void)
+    static WC_INLINE void cpuid_set_flags(void)
     {
-        if (!cpuid_check) {
+        if (WOLFSSL_ATOMIC_LOAD(cpuid_flags) == WC_CPUID_INITIALIZER) {
+            cpuid_flags_t new_cpuid_flags = 0,
+                old_cpuid_flags = WC_CPUID_INITIALIZER;
             if (cpuid_get_sysctlbyname("hw.optional.arm.FEAT_AES") != 0)
-                cpuid_flags |= CPUID_AES;
+                new_cpuid_flags |= CPUID_AES;
             if (cpuid_get_sysctlbyname("hw.optional.arm.FEAT_PMULL") != 0)
-                cpuid_flags |= CPUID_PMULL;
+                new_cpuid_flags |= CPUID_PMULL;
             if (cpuid_get_sysctlbyname("hw.optional.arm.FEAT_SHA256") != 0)
-                cpuid_flags |= CPUID_SHA256;
+                new_cpuid_flags |= CPUID_SHA256;
             if (cpuid_get_sysctlbyname("hw.optional.arm.FEAT_SHA512") != 0)
-                cpuid_flags |= CPUID_SHA512;
+                new_cpuid_flags |= CPUID_SHA512;
             if (cpuid_get_sysctlbyname("hw.optional.arm.FEAT_RDM") != 0)
-                cpuid_flags |= CPUID_RDM;
+                new_cpuid_flags |= CPUID_RDM;
             if (cpuid_get_sysctlbyname("hw.optional.arm.FEAT_SHA3") != 0)
-                cpuid_flags |= CPUID_SHA3;
+                new_cpuid_flags |= CPUID_SHA3;
         #ifdef WOLFSSL_ARMASM_CRYPTO_SM3
-            cpuid_flags |= CPUID_SM3;
+            new_cpuid_flags |= CPUID_SM3;
         #endif
         #ifdef WOLFSSL_ARMASM_CRYPTO_SM4
-            cpuid_flags |= CPUID_SM4;
+            new_cpuid_flags |= CPUID_SM4;
         #endif
 
-            cpuid_check = 1;
+            (void)wolfSSL_Atomic_Uint_CompareExchange
+                (&cpuid_flags, &old_cpuid_flags, new_cpuid_flags);
         }
     }
 #elif defined(__FreeBSD__) || defined(__OpenBSD__)
@@ -259,96 +303,109 @@
 
     #include <sys/auxv.h>
 
-    void cpuid_set_flags(void)
+    static WC_INLINE void cpuid_set_flags(void)
     {
-        if (!cpuid_check) {
+        if (WOLFSSL_ATOMIC_LOAD(cpuid_flags) == WC_CPUID_INITIALIZER) {
+            cpuid_flags_t new_cpuid_flags = 0,
+                old_cpuid_flags = WC_CPUID_INITIALIZER;
             word64 features = 0;
 
             elf_aux_info(AT_HWCAP, &features, sizeof(features));
 
             if (features & CPUID_AARCH64_FEAT_AES)
-                cpuid_flags |= CPUID_AES;
+                new_cpuid_flags |= CPUID_AES;
             if (features & CPUID_AARCH64_FEAT_AES_PMULL) {
-                cpuid_flags |= CPUID_AES;
-                cpuid_flags |= CPUID_PMULL;
+                new_cpuid_flags |= CPUID_AES;
+                new_cpuid_flags |= CPUID_PMULL;
             }
             if (features & CPUID_AARCH64_FEAT_SHA256)
-                cpuid_flags |= CPUID_SHA256;
+                new_cpuid_flags |= CPUID_SHA256;
             if (features & CPUID_AARCH64_FEAT_SHA256_512)
-                cpuid_flags |= CPUID_SHA256 | CPUID_SHA512;
+                new_cpuid_flags |= CPUID_SHA256 | CPUID_SHA512;
             if (features & CPUID_AARCH64_FEAT_RDM)
-                cpuid_flags |= CPUID_RDM;
+                new_cpuid_flags |= CPUID_RDM;
             if (features & CPUID_AARCH64_FEAT_SHA3)
-                cpuid_flags |= CPUID_SHA3;
+                new_cpuid_flags |= CPUID_SHA3;
             if (features & CPUID_AARCH64_FEAT_SM3)
-                cpuid_flags |= CPUID_SM3;
+                new_cpuid_flags |= CPUID_SM3;
             if (features & CPUID_AARCH64_FEAT_SM4)
-                cpuid_flags |= CPUID_SM4;
+                new_cpuid_flags |= CPUID_SM4;
 
-            cpuid_check = 1;
+            (void)wolfSSL_Atomic_Uint_CompareExchange
+                (&cpuid_flags, &old_cpuid_flags, new_cpuid_flags);
         }
     }
 #else
-    void cpuid_set_flags(void)
+    static WC_INLINE void cpuid_set_flags(void)
     {
-        if (!cpuid_check) {
+        if (WOLFSSL_ATOMIC_LOAD(cpuid_flags) == WC_CPUID_INITIALIZER) {
+            cpuid_flags_t new_cpuid_flags = 0,
+                old_cpuid_flags = WC_CPUID_INITIALIZER;
         #ifndef WOLFSSL_ARMASM_NO_HW_CRYPTO
-            cpuid_flags |= CPUID_AES;
-            cpuid_flags |= CPUID_PMULL;
-            cpuid_flags |= CPUID_SHA256;
+            new_cpuid_flags |= CPUID_AES;
+            new_cpuid_flags |= CPUID_PMULL;
+            new_cpuid_flags |= CPUID_SHA256;
         #endif
         #ifdef WOLFSSL_ARMASM_CRYPTO_SHA512
-            cpuid_flags |= CPUID_SHA512;
+            new_cpuid_flags |= CPUID_SHA512;
         #endif
         #ifndef WOLFSSL_AARCH64_NO_SQRDMLSH
-            cpuid_flags |= CPUID_RDM;
+            new_cpuid_flags |= CPUID_RDM;
         #endif
         #ifdef WOLFSSL_ARMASM_CRYPTO_SHA3
-            cpuid_flags |= CPUID_SHA3;
+            new_cpuid_flags |= CPUID_SHA3;
         #endif
         #ifdef WOLFSSL_ARMASM_CRYPTO_SM3
-            cpuid_flags |= CPUID_SM3;
+            new_cpuid_flags |= CPUID_SM3;
         #endif
         #ifdef WOLFSSL_ARMASM_CRYPTO_SM4
-            cpuid_flags |= CPUID_SM4;
+            new_cpuid_flags |= CPUID_SM4;
         #endif
 
-            cpuid_check = 1;
+            (void)wolfSSL_Atomic_Uint_CompareExchange
+                (&cpuid_flags, &old_cpuid_flags, new_cpuid_flags);
         }
     }
 #endif
 #elif defined(HAVE_CPUID)
-    void cpuid_set_flags(void)
+    static WC_INLINE void cpuid_set_flags(void)
     {
-        if (!cpuid_check) {
-            cpuid_flags = 0;
-            cpuid_check = 1;
+        if (WOLFSSL_ATOMIC_LOAD(cpuid_flags) == WC_CPUID_INITIALIZER) {
+            cpuid_flags_t new_cpuid_flags = 0,
+                old_cpuid_flags = WC_CPUID_INITIALIZER;
+            (void)wolfSSL_Atomic_Uint_CompareExchange
+                (&cpuid_flags, &old_cpuid_flags, new_cpuid_flags);
         }
     }
 #endif
 
 #ifdef HAVE_CPUID
 
-    word32 cpuid_get_flags(void)
+    cpuid_flags_t cpuid_get_flags(void)
     {
-        if (!cpuid_check)
-            cpuid_set_flags();
-        return cpuid_flags;
+        cpuid_set_flags();
+        return WOLFSSL_ATOMIC_LOAD(cpuid_flags);
     }
 
-    void cpuid_select_flags(word32 flags)
+    void cpuid_select_flags(cpuid_flags_t flags)
     {
-        cpuid_flags = flags;
+        WOLFSSL_ATOMIC_STORE(cpuid_flags, flags);
     }
 
-    void cpuid_set_flag(word32 flag)
+    void cpuid_set_flag(cpuid_flags_t flag)
     {
-        cpuid_flags |= flag;
+        cpuid_flags_t current_flags = WOLFSSL_ATOMIC_LOAD(cpuid_flags);
+        while (! wolfSSL_Atomic_Uint_CompareExchange
+               (&cpuid_flags, &current_flags, current_flags | flag))
+            WC_RELAX_LONG_LOOP();
     }
 
-    void cpuid_clear_flag(word32 flag)
+    void cpuid_clear_flag(cpuid_flags_t flag)
     {
-        cpuid_flags &= ~flag;
+        cpuid_flags_t current_flags = WOLFSSL_ATOMIC_LOAD(cpuid_flags);
+        while (! wolfSSL_Atomic_Uint_CompareExchange
+               (&cpuid_flags, &current_flags, current_flags & ~flag))
+            WC_RELAX_LONG_LOOP();
     }
 
 #endif /* HAVE_CPUID */
diff --git a/wolfcrypt/src/cryptocb.c b/wolfcrypt/src/cryptocb.c
index 801916e81..781af62a3 100644
--- a/wolfcrypt/src/cryptocb.c
+++ b/wolfcrypt/src/cryptocb.c
@@ -80,6 +80,8 @@ static const char* GetAlgoTypeStr(int algo)
         case WC_ALGO_TYPE_HMAC:   return "HMAC";
         case WC_ALGO_TYPE_CMAC:   return "CMAC";
         case WC_ALGO_TYPE_CERT:   return "Cert";
+        case WC_ALGO_TYPE_KDF:
+            return "KDF";
     }
     return NULL;
 }
@@ -172,7 +174,18 @@ static const char* GetCryptoCbCmdTypeStr(int type)
 }
 #endif
 
-WOLFSSL_API void wc_CryptoCb_InfoString(wc_CryptoInfo* info)
+#if defined(HAVE_HKDF) && !defined(NO_HMAC)
+static const char* GetKdfTypeStr(int type)
+{
+    switch (type) {
+        case WC_KDF_TYPE_HKDF:
+            return "HKDF";
+    }
+    return NULL;
+}
+#endif
+
+void wc_CryptoCb_InfoString(wc_CryptoInfo* info)
 {
     if (info == NULL)
         return;
@@ -237,6 +250,12 @@ WOLFSSL_API void wc_CryptoCb_InfoString(wc_CryptoInfo* info)
             GetAlgoTypeStr(info->algo_type),
             GetCryptoCbCmdTypeStr(info->cmd.type), info->cmd.type);
     }
+#endif
+#if defined(HAVE_HKDF) && !defined(NO_HMAC)
+    else if (info->algo_type == WC_ALGO_TYPE_KDF) {
+        printf("Crypto CB: %s %s (%d)\n", GetAlgoTypeStr(info->algo_type),
+               GetKdfTypeStr(info->kdf.type), info->kdf.type);
+    }
 #endif
     else {
         printf("CryptoCb: %s \n", GetAlgoTypeStr(info->algo_type));
@@ -1596,6 +1615,40 @@ int wc_CryptoCb_ShaHash(wc_Sha* sha, const byte* in,
 }
 #endif /* !NO_SHA */
 
+#ifdef WOLFSSL_SHA224
+int wc_CryptoCb_Sha224Hash(wc_Sha224* sha224, const byte* in,
+    word32 inSz, byte* digest)
+{
+    int ret = WC_NO_ERR_TRACE(CRYPTOCB_UNAVAILABLE);
+    CryptoCb* dev;
+
+    /* locate registered callback */
+    if (sha224) {
+        dev = wc_CryptoCb_FindDevice(sha224->devId, WC_ALGO_TYPE_HASH);
+    }
+    else {
+        /* locate first callback and try using it */
+        dev = wc_CryptoCb_FindDeviceByIndex(0);
+    }
+
+    if (dev && dev->cb) {
+        wc_CryptoInfo cryptoInfo;
+        XMEMSET(&cryptoInfo, 0, sizeof(cryptoInfo));
+        cryptoInfo.algo_type = WC_ALGO_TYPE_HASH;
+        cryptoInfo.hash.type = WC_HASH_TYPE_SHA224;
+        cryptoInfo.hash.sha224 = sha224;
+        cryptoInfo.hash.in = in;
+        cryptoInfo.hash.inSz = inSz;
+        cryptoInfo.hash.digest = digest;
+
+        ret = dev->cb(dev->devId, &cryptoInfo, dev->ctx);
+    }
+
+    return wc_CryptoCb_TranslateErrorCode(ret);
+}
+#endif /* WOLFSSL_SHA224 */
+
+
 #ifndef NO_SHA256
 int wc_CryptoCb_Sha256Hash(wc_Sha256* sha256, const byte* in,
     word32 inSz, byte* digest)
@@ -1911,4 +1964,38 @@ int wc_CryptoCb_DefaultDevID(void)
     return ret;
 }
 
+#if defined(HAVE_HKDF) && !defined(NO_HMAC)
+int wc_CryptoCb_Hkdf(int hashType, const byte* inKey, word32 inKeySz,
+                     const byte* salt, word32 saltSz, const byte* info,
+                     word32 infoSz, byte* out, word32 outSz, int devId)
+{
+    int       ret = WC_NO_ERR_TRACE(CRYPTOCB_UNAVAILABLE);
+    CryptoCb* dev;
+
+    /* Find registered callback device */
+    dev = wc_CryptoCb_FindDevice(devId, WC_ALGO_TYPE_KDF);
+
+    if (dev && dev->cb) {
+        wc_CryptoInfo cryptoInfo;
+        XMEMSET(&cryptoInfo, 0, sizeof(cryptoInfo));
+
+        cryptoInfo.algo_type         = WC_ALGO_TYPE_KDF;
+        cryptoInfo.kdf.type          = WC_KDF_TYPE_HKDF;
+        cryptoInfo.kdf.hkdf.hashType = hashType;
+        cryptoInfo.kdf.hkdf.inKey    = inKey;
+        cryptoInfo.kdf.hkdf.inKeySz  = inKeySz;
+        cryptoInfo.kdf.hkdf.salt     = salt;
+        cryptoInfo.kdf.hkdf.saltSz   = saltSz;
+        cryptoInfo.kdf.hkdf.info     = info;
+        cryptoInfo.kdf.hkdf.infoSz   = infoSz;
+        cryptoInfo.kdf.hkdf.out      = out;
+        cryptoInfo.kdf.hkdf.outSz    = outSz;
+
+        ret = dev->cb(dev->devId, &cryptoInfo, dev->ctx);
+    }
+
+    return wc_CryptoCb_TranslateErrorCode(ret);
+}
+#endif /* HAVE_HKDF && !NO_HMAC */
+
 #endif /* WOLF_CRYPTO_CB */
diff --git a/wolfcrypt/src/curve25519.c b/wolfcrypt/src/curve25519.c
index 1b383e7e6..cbd15ee09 100644
--- a/wolfcrypt/src/curve25519.c
+++ b/wolfcrypt/src/curve25519.c
@@ -57,12 +57,12 @@
     #endif
 #endif
 
-#if defined(WOLFSSL_LINUXKM) && !defined(USE_INTEL_SPEEDUP)
+#if defined(WOLFSSL_USE_SAVE_VECTOR_REGISTERS) && !defined(USE_INTEL_SPEEDUP)
     /* force off unneeded vector register save/restore. */
     #undef SAVE_VECTOR_REGISTERS
-    #define SAVE_VECTOR_REGISTERS(fail_clause) WC_DO_NOTHING
+    #define SAVE_VECTOR_REGISTERS(fail_clause) SAVE_NO_VECTOR_REGISTERS(fail_clause)
     #undef RESTORE_VECTOR_REGISTERS
-    #define RESTORE_VECTOR_REGISTERS() WC_DO_NOTHING
+    #define RESTORE_VECTOR_REGISTERS() RESTORE_NO_VECTOR_REGISTERS()
 #endif
 
 const curve25519_set_type curve25519_sets[] = {
diff --git a/wolfcrypt/src/dh.c b/wolfcrypt/src/dh.c
index a88259ef8..99c09a97b 100644
--- a/wolfcrypt/src/dh.c
+++ b/wolfcrypt/src/dh.c
@@ -57,12 +57,12 @@
     }
 #endif
 
-#if defined(WOLFSSL_LINUXKM) && !defined(WOLFSSL_SP_ASM)
+#if defined(WOLFSSL_USE_SAVE_VECTOR_REGISTERS) && !defined(WOLFSSL_SP_ASM)
     /* force off unneeded vector register save/restore. */
     #undef SAVE_VECTOR_REGISTERS
-    #define SAVE_VECTOR_REGISTERS(fail_clause) WC_DO_NOTHING
+    #define SAVE_VECTOR_REGISTERS(fail_clause) SAVE_NO_VECTOR_REGISTERS(fail_clause)
     #undef RESTORE_VECTOR_REGISTERS
-    #define RESTORE_VECTOR_REGISTERS() WC_DO_NOTHING
+    #define RESTORE_VECTOR_REGISTERS() RESTORE_NO_VECTOR_REGISTERS()
 #endif
 
 /*
@@ -1373,12 +1373,11 @@ static int GeneratePublicDh(DhKey* key, byte* priv, word32 privSz,
     return ret;
 }
 
-#if defined(WOLFSSL_DH_GEN_PUB)
 /**
  * Given a DhKey with set params and a priv key, generate the corresponding
  * public key. If fips, does pub key validation.
  * */
-WOLFSSL_API int wc_DhGeneratePublic(DhKey* key, byte* priv, word32 privSz,
+int wc_DhGeneratePublic(DhKey* key, byte* priv, word32 privSz,
     byte* pub, word32* pubSz)
 {
     int ret = 0;
@@ -1403,7 +1402,6 @@ WOLFSSL_API int wc_DhGeneratePublic(DhKey* key, byte* priv, word32 privSz,
 
     return ret;
 }
-#endif /* WOLFSSL_DH_GEN_PUB */
 
 static int wc_DhGenerateKeyPair_Sync(DhKey* key, WC_RNG* rng,
     byte* priv, word32* privSz, byte* pub, word32* pubSz)
@@ -2114,7 +2112,7 @@ static int wc_DhAgree_Sync(DhKey* key, byte* agree, word32* agreeSz,
         }
 
         if ((ret == 0) && ct) {
-            word16 mask = 0xff;
+            volatile word16 mask = 0xff;
             sword16 o = (sword16)(*agreeSz - 1);
 
             *agreeSz = (word32)(i + 1);
diff --git a/wolfcrypt/src/dilithium.c b/wolfcrypt/src/dilithium.c
index ac8e5d810..704bdd94c 100644
--- a/wolfcrypt/src/dilithium.c
+++ b/wolfcrypt/src/dilithium.c
@@ -145,6 +145,8 @@
 #include <wolfssl/wolfcrypt/dilithium.h>
 #include <wolfssl/wolfcrypt/hash.h>
 #include <wolfssl/wolfcrypt/sha3.h>
+#include <wolfssl/wolfcrypt/cpuid.h>
+#include <wolfssl/wolfcrypt/error-crypt.h>
 #ifdef NO_INLINE
     #include <wolfssl/wolfcrypt/misc.h>
 #else
@@ -160,12 +162,16 @@
         !defined(WOLFSSL_DILITHIUM_SIGN_SMALL_MEM)
     #define WOLFSSL_DILITHIUM_SIGN_SMALL_MEM
     #ifdef WOLFSSL_DILITHIUM_SIGN_SMALL_MEM_PRECALC
-        #error "PRECALC and PRECALC_A is equivalent to non small mem"
+        #error "PRECALC and PRECALC_A are equivalent to non small mem"
     #endif
 #endif
 
 #ifdef WOLFSSL_WC_DILITHIUM
 
+#if defined(USE_INTEL_SPEEDUP)
+static cpuid_flags_t cpuid_flags = WC_CPUID_INITIALIZER;
+#endif
+
 #ifdef DEBUG_DILITHIUM
 void print_polys(const char* name, const sword32* a, int d1, int d2);
 void print_polys(const char* name, const sword32* a, int d1, int d2)
@@ -174,7 +180,7 @@ void print_polys(const char* name, const sword32* a, int d1, int d2)
     int j;
     int k;
 
-    fprintf(stderr, "%s\n", name);
+    fprintf(stderr, "%s: %d %d\n", name, d1, d2);
     for (i = 0; i < d1; i++) {
         for (j = 0; j < d2; j++) {
             for (k = 0; k < 256; k++) {
@@ -185,7 +191,9 @@ void print_polys(const char* name, const sword32* a, int d1, int d2)
         }
     }
 }
+#endif
 
+#ifdef DEBUG_DILITHIUM
 void print_data(const char* name, const byte* d, int len);
 void print_data(const char* name, const byte* d, int len)
 {
@@ -237,11 +245,11 @@ void print_data(const char* name, const byte* d, int len)
  * ETA 4: Min req is 128 but reject rate is 7 in 16 so we need 227.6 on average.
  */
 #define DILITHIUM_GEN_S_NBLOCKS         2
-/* Number of bytes to generate with SHAKE-256 when generating s1 and s2. */
-#define DILITHIUM_GEN_S_BYTES           \
-    (DILITHIUM_GEN_S_NBLOCKS * WC_SHA3_256_COUNT * 8)
 /* Number of bytes to a block of SHAKE-256 when generating s1 and s2. */
 #define DILITHIUM_GEN_S_BLOCK_BYTES    (WC_SHA3_256_COUNT * 8)
+/* Number of bytes to generate with SHAKE-256 when generating s1 and s2. */
+#define DILITHIUM_GEN_S_BYTES           \
+    (DILITHIUM_GEN_S_NBLOCKS * DILITHIUM_GEN_S_BLOCK_BYTES)
 
 /* Length of the hash OID to include in pre-hash message. */
 #define DILITHIUM_HASH_OID_LEN         11
@@ -370,7 +378,89 @@ static int dilithium_shake256(wc_Shake* shake256, const byte* data,
     word32 dataLen, byte* hash, word32 hashLen)
 {
     int ret;
+#ifdef USE_INTEL_SPEEDUP
+    word64* state = shake256->s;
+    word8 *state8 = (word8*)state;
 
+    if (dataLen >= WC_SHA3_256_COUNT * 8) {
+        XMEMCPY(state, data,  WC_SHA3_256_COUNT * 8);
+        XMEMSET(state + WC_SHA3_256_COUNT, 0,
+            sizeof(shake256->s) - WC_SHA3_256_COUNT * 8);
+        dataLen -= WC_SHA3_256_COUNT * 8;
+        data    += WC_SHA3_256_COUNT * 8;
+#ifndef WC_SHA3_NO_ASM
+        if (IS_INTEL_AVX2(cpuid_flags) &&
+                 (SAVE_VECTOR_REGISTERS2() == 0)) {
+            sha3_block_avx2(state);
+            RESTORE_VECTOR_REGISTERS();
+        }
+        else if (IS_INTEL_BMI2(cpuid_flags)) {
+            sha3_block_bmi2(state);
+        }
+        else
+#endif
+        {
+            BlockSha3(state);
+        }
+        if (dataLen >= WC_SHA3_256_COUNT * 8) {
+#ifndef WC_SHA3_NO_ASM
+            word32 n = dataLen / (WC_SHA3_256_COUNT * 8);
+            if (IS_INTEL_AVX2(cpuid_flags) &&
+                     (SAVE_VECTOR_REGISTERS2() == 0)) {
+                sha3_block_n_avx2(state, data, n, WC_SHA3_256_COUNT * 8);
+                RESTORE_VECTOR_REGISTERS();
+                n *= WC_SHA3_256_COUNT * 8;
+                dataLen -= n;
+                data    += n;
+            }
+            else if (IS_INTEL_BMI2(cpuid_flags)) {
+                sha3_block_n_bmi2(state, data, n, WC_SHA3_256_COUNT * 8);
+                n *= WC_SHA3_256_COUNT * 8;
+                dataLen -= n;
+                data    += n;
+            }
+            else
+#endif
+            {
+                while (dataLen >= WC_SHA3_256_COUNT * 8) {
+                    xorbuf(state, data, WC_SHA3_256_COUNT * 8);
+                    dataLen -= WC_SHA3_256_COUNT * 8;
+                    data    += WC_SHA3_256_COUNT * 8;
+                    BlockSha3(state);
+                }
+            }
+        }
+        if (dataLen > 0) {
+            xorbuf(state, data, dataLen);
+        }
+        state8[dataLen] ^= 0x1f;
+        state8[WC_SHA3_256_COUNT * 8 - 1] ^= 0x80;
+    }
+    else {
+        XMEMCPY(state, data, dataLen);
+        state8[dataLen] = 0x1f;
+        XMEMSET(state8 + dataLen + 1, 0, sizeof(shake256->s) - (dataLen + 1));
+        state8[WC_SHA3_256_COUNT * 8 - 1] ^= 0x80;
+    }
+
+#ifndef WC_SHA3_NO_ASM
+    if (IS_INTEL_AVX2(cpuid_flags) && (SAVE_VECTOR_REGISTERS2() == 0)) {
+        sha3_block_avx2(state);
+        RESTORE_VECTOR_REGISTERS();
+    }
+    else if (IS_INTEL_BMI2(cpuid_flags)) {
+        sha3_block_bmi2(state);
+    }
+    else
+#endif
+    {
+        BlockSha3(state);
+    }
+    if (hash != (byte*)shake256->s) {
+        XMEMCPY(hash, shake256->s, hashLen);
+    }
+    ret = 0;
+#else
     /* Initialize SHAKE-256 operation. */
     ret = wc_InitShake256(shake256, NULL, INVALID_DEVID);
     if (ret == 0) {
@@ -381,6 +471,7 @@ static int dilithium_shake256(wc_Shake* shake256, const byte* data,
         /* Compute hash of data. */
         ret = wc_Shake256_Final(shake256, hash, hashLen);
     }
+#endif
 
     return ret;
 }
@@ -405,6 +496,92 @@ static int dilithium_hash256(wc_Shake* shake256, const byte* data1,
 {
     int ret;
 
+#ifdef USE_INTEL_SPEEDUP
+    word64* state = shake256->s;
+    word8 *state8 = (word8*)state;
+
+    if (data1Len + data2Len >= WC_SHA3_256_COUNT * 8) {
+        XMEMCPY(state8, data1, data1Len);
+        XMEMCPY(state8 + data1Len, data2,  WC_SHA3_256_COUNT * 8 - data1Len);
+        XMEMSET(state + WC_SHA3_256_COUNT, 0,
+            sizeof(shake256->s) - WC_SHA3_256_COUNT * 8);
+        data2Len -= WC_SHA3_256_COUNT * 8 - data1Len;
+        data2    += WC_SHA3_256_COUNT * 8 - data1Len;
+#ifndef WC_SHA3_NO_ASM
+        if (IS_INTEL_AVX2(cpuid_flags) &&
+                 (SAVE_VECTOR_REGISTERS2() == 0)) {
+            sha3_block_avx2(state);
+            RESTORE_VECTOR_REGISTERS();
+        }
+        else if (IS_INTEL_BMI2(cpuid_flags)) {
+            sha3_block_bmi2(state);
+        }
+        else
+#endif
+        {
+            BlockSha3(state);
+        }
+
+        if (data2Len >= WC_SHA3_256_COUNT * 8) {
+#ifndef WC_SHA3_NO_ASM
+            word32 n = data2Len / (WC_SHA3_256_COUNT * 8);
+            if (IS_INTEL_AVX2(cpuid_flags) && (SAVE_VECTOR_REGISTERS2() == 0)) {
+                sha3_block_n_avx2(state, data2, n, WC_SHA3_256_COUNT * 8);
+                RESTORE_VECTOR_REGISTERS();
+                n *= WC_SHA3_256_COUNT * 8;
+                data2Len -= n;
+                data2    += n;
+            }
+            else if (IS_INTEL_BMI2(cpuid_flags)) {
+                sha3_block_n_bmi2(state, data2, n, WC_SHA3_256_COUNT * 8);
+                n *= WC_SHA3_256_COUNT * 8;
+                data2Len -= n;
+                data2    += n;
+            }
+            else
+#endif
+            {
+                while (data2Len >= WC_SHA3_256_COUNT * 8) {
+                    xorbuf(state, data2, WC_SHA3_256_COUNT * 8);
+                    data2Len -= WC_SHA3_256_COUNT * 8;
+                    data2    += WC_SHA3_256_COUNT * 8;
+                    BlockSha3(state);
+                }
+            }
+        }
+
+        if (data2Len > 0) {
+            xorbuf(state, data2, data2Len);
+        }
+        state8[data2Len] ^= 0x1f;
+        state8[WC_SHA3_256_COUNT * 8 - 1] ^= 0x80;
+    }
+    else {
+        word32 dataLen = data1Len + data2Len;
+
+        XMEMCPY(state8, data1, data1Len);
+        XMEMCPY(state8 + data1Len, data2, data2Len);
+        state8[dataLen] = 0x1f;
+        XMEMSET(state8 + dataLen + 1, 0, sizeof(shake256->s) - (dataLen + 1));
+        state8[WC_SHA3_256_COUNT * 8 - 1] = 0x80;
+    }
+
+#ifndef WC_SHA3_NO_ASM
+    if (IS_INTEL_AVX2(cpuid_flags) && (SAVE_VECTOR_REGISTERS2() == 0)) {
+        sha3_block_avx2(state);
+        RESTORE_VECTOR_REGISTERS();
+    }
+    else if (IS_INTEL_BMI2(cpuid_flags)) {
+        sha3_block_bmi2(state);
+    }
+    else
+#endif
+    {
+        BlockSha3(state);
+    }
+    XMEMCPY(hash, shake256->s, hashLen);
+    ret = 0;
+#else
     /* Initialize SHAKE-256 operation. */
     ret = wc_InitShake256(shake256, NULL, INVALID_DEVID);
     if (ret == 0) {
@@ -419,6 +596,7 @@ static int dilithium_hash256(wc_Shake* shake256, const byte* data1,
         /* Compute hash of data. */
         ret = wc_Shake256_Final(shake256, hash, hashLen);
     }
+#endif
 
     return ret;
 }
@@ -667,7 +845,35 @@ static int dilithium_squeeze256(wc_Shake* shake256, const byte* in,
     word32 inLen, byte* out, word32 outBlocks)
 {
     int ret;
+#ifdef USE_INTEL_SPEEDUP
+    word64* state = shake256->s;
+    word8* state8 = (word8*)state;
 
+    XMEMCPY(state, in, inLen);
+    state8[inLen] = 0x1f;
+    XMEMSET(state8 + inLen + 1, 0, sizeof(shake256->s) - (inLen + 1));
+    state8[WC_SHA3_256_COUNT * 8 - 1] ^= 0x80;
+
+    for (; outBlocks > 0; outBlocks--) {
+#ifndef WC_SHA3_NO_ASM
+        if (IS_INTEL_AVX2(cpuid_flags) &&
+                 (SAVE_VECTOR_REGISTERS2() == 0)) {
+            sha3_block_avx2(state);
+            RESTORE_VECTOR_REGISTERS();
+        }
+        else if (IS_INTEL_BMI2(cpuid_flags)) {
+            sha3_block_bmi2(state);
+        }
+        else
+#endif
+        {
+            BlockSha3(state);
+        }
+        XMEMCPY(out, shake256->s, WC_SHA3_256_COUNT * 8);
+        out += WC_SHA3_256_COUNT * 8;
+    }
+    ret = 0;
+#else
     /* Initialize SHAKE-256 operation. */
     ret = wc_InitShake256(shake256, NULL, INVALID_DEVID);
     if (ret == 0) {
@@ -678,6 +884,7 @@ static int dilithium_squeeze256(wc_Shake* shake256, const byte* in,
         /* Squeeze out hash data. */
         ret = wc_Shake256_SqueezeBlocks(shake256, out, outBlocks);
     }
+#endif
 
     return ret;
 }
@@ -718,7 +925,7 @@ static int dilithium_squeeze256(wc_Shake* shake256, const byte* in,
  * @param [in]  eta  Range specifier of each value.
  * @param [out] p    Buffer to encode into.
  */
-static void dilthium_vec_encode_eta_bits(const sword32* s, byte d, byte eta,
+static void dilthium_vec_encode_eta_bits_c(const sword32* s, byte d, byte eta,
     byte* p)
 {
     unsigned int i;
@@ -754,7 +961,6 @@ static void dilthium_vec_encode_eta_bits(const sword32* s, byte d, byte eta,
             s += DILITHIUM_N;
         }
     }
-    else
 #endif
 #ifndef WOLFSSL_NO_ML_DSA_65
     /* -4..4 */
@@ -791,9 +997,38 @@ static void dilthium_vec_encode_eta_bits(const sword32* s, byte d, byte eta,
             s += DILITHIUM_N;
         }
     }
+#endif
+}
+
+/* Encode vector of polynomials with range -ETA..ETA.
+ *
+ * @param [in]  s    Vector of polynomials to encode.
+ * @param [in]  d    Dimension of vector.
+ * @param [in]  eta  Range specifier of each value.
+ * @param [out] p    Buffer to encode into.
+ */
+static void dilthium_vec_encode_eta_bits(const sword32* s, byte d, byte eta,
+    byte* p)
+{
+#ifdef USE_INTEL_SPEEDUP
+    if (IS_INTEL_AVX2(cpuid_flags) && (SAVE_VECTOR_REGISTERS2() == 0)) {
+    #if !defined(WOLFSSL_NO_ML_DSA_44) || !defined(WOLFSSL_NO_ML_DSA_87)
+        /* -2..2 */
+        if (eta == DILITHIUM_ETA_2) {
+            wc_mldsa_vec_encode_eta_2_avx2(s, d, p);
+        }
+    #endif
+    #ifndef WOLFSSL_NO_ML_DSA_65
+        if (eta == DILITHIUM_ETA_4) {
+            wc_mldsa_vec_encode_eta_4_avx2(s, p);
+        }
+    #endif
+        RESTORE_VECTOR_REGISTERS();
+    }
     else
 #endif
     {
+        dilthium_vec_encode_eta_bits_c(s, d, eta, p);
     }
 }
 #endif /* !WOLFSSL_DILITHIUM_NO_MAKE_KEY */
@@ -820,7 +1055,7 @@ static void dilthium_vec_encode_eta_bits(const sword32* s, byte d, byte eta,
  * @param [in]  p    Buffer of data to decode.
  * @param [in]  s    Vector of decoded polynomials.
  */
-static void dilithium_decode_eta_2_bits(const byte* p, sword32* s)
+static void dilithium_decode_eta_2_bits_c(const byte* p, sword32* s)
 {
     unsigned int j;
 
@@ -841,6 +1076,25 @@ static void dilithium_decode_eta_2_bits(const byte* p, sword32* s)
         p += DILITHIUM_ETA_2_BITS;
     }
 }
+
+/* Decode polynomial with range -2..2.
+ *
+ * @param [in]  p    Buffer of data to decode.
+ * @param [in]  s    Vector of decoded polynomials.
+ */
+static void dilithium_decode_eta_2_bits(const byte* p, sword32* s)
+{
+#ifdef USE_INTEL_SPEEDUP
+    if (IS_INTEL_AVX2(cpuid_flags) && (SAVE_VECTOR_REGISTERS2() == 0)) {
+        wc_mldsa_decode_eta_2_avx2(p, s);
+        RESTORE_VECTOR_REGISTERS();
+    }
+    else
+#endif
+    {
+        dilithium_decode_eta_2_bits_c(p, s);
+    }
+}
 #endif
 #ifndef WOLFSSL_NO_ML_DSA_65
 /* Decode polynomial with range -4..4.
@@ -862,7 +1116,7 @@ static void dilithium_decode_eta_2_bits(const byte* p, sword32* s)
  * @param [in]  p    Buffer of data to decode.
  * @param [in]  s    Vector of decoded polynomials.
  */
-static void dilithium_decode_eta_4_bits(const byte* p, sword32* s)
+static void dilithium_decode_eta_4_bits_c(const byte* p, sword32* s)
 {
     unsigned int j;
 
@@ -892,6 +1146,25 @@ static void dilithium_decode_eta_4_bits(const byte* p, sword32* s)
     }
 #endif /* WOLFSSL_DILITHIUM_SMALL */
 }
+
+/* Decode polynomial with range -4..4.
+ *
+ * @param [in]  p    Buffer of data to decode.
+ * @param [in]  s    Vector of decoded polynomials.
+ */
+static void dilithium_decode_eta_4_bits(const byte* p, sword32* s)
+{
+#ifdef USE_INTEL_SPEEDUP
+    if (IS_INTEL_AVX2(cpuid_flags) && (SAVE_VECTOR_REGISTERS2() == 0)) {
+        wc_mldsa_decode_eta_4_avx2(p, s);
+        RESTORE_VECTOR_REGISTERS();
+    }
+    else
+#endif
+    {
+        dilithium_decode_eta_4_bits_c(p, s);
+    }
+}
 #endif
 
 #if defined(WOLFSSL_DILITHIUM_CHECK_KEY) || \
@@ -936,7 +1209,6 @@ static void dilithium_vec_decode_eta_bits(const byte* p, byte eta, sword32* s,
             s += DILITHIUM_N;
         }
     }
-    else
 #endif
 #ifndef WOLFSSL_NO_ML_DSA_65
     /* -4..4 */
@@ -950,10 +1222,7 @@ static void dilithium_vec_decode_eta_bits(const byte* p, byte eta, sword32* s,
             s += DILITHIUM_N;
         }
     }
-    else
 #endif
-    {
-    }
 }
 #endif
 #endif /* !WOLFSSL_DILITHIUM_NO_SIGN || WOLFSSL_DILITHIUM_CHECK_KEY */
@@ -983,7 +1252,8 @@ static void dilithium_vec_decode_eta_bits(const byte* p, byte eta, sword32* s,
  * @param [out] t0   Buffer to encode bottom part of value of t into.
  * @param [out] t1   Buffer to encode top part of value of t into.
  */
-static void dilithium_vec_encode_t0_t1(sword32* t, byte d, byte* t0, byte* t1)
+static void dilithium_vec_encode_t0_t1_c(const sword32* t, byte d, byte* t0,
+    byte* t1)
 {
     unsigned int i;
     unsigned int j;
@@ -1085,6 +1355,28 @@ static void dilithium_vec_encode_t0_t1(sword32* t, byte d, byte* t0, byte* t1)
         t += DILITHIUM_N;
     }
 }
+
+/* Encode t into t0 and t1.
+ *
+ * @param [in]  t    Vector of polynomials.
+ * @param [in]  d    Dimension of vector.
+ * @param [out] t0   Buffer to encode bottom part of value of t into.
+ * @param [out] t1   Buffer to encode top part of value of t into.
+ */
+static void dilithium_vec_encode_t0_t1(const sword32* t, byte d, byte* t0,
+    byte* t1)
+{
+#ifdef USE_INTEL_SPEEDUP
+    if (IS_INTEL_AVX2(cpuid_flags) && (SAVE_VECTOR_REGISTERS2() == 0)) {
+        wc_mldsa_vec_encode_t0_t1_avx2(t, d, t0, t1);
+        RESTORE_VECTOR_REGISTERS();
+    }
+    else
+#endif
+    {
+        dilithium_vec_encode_t0_t1_c(t, d, t0, t1);
+    }
+}
 #endif /* !WOLFSSL_DILITHIUM_NO_MAKE_KEY */
 
 #if !defined(WOLFSSL_DILITHIUM_NO_SIGN) || defined(WOLFSSL_DILITHIUM_CHECK_KEY)
@@ -1099,7 +1391,7 @@ static void dilithium_vec_encode_t0_t1(sword32* t, byte d, byte* t0, byte* t1)
  * @param [in]  d   Dimensions of vector t0.
  * @param [out] t   Vector of polynomials.
  */
-static void dilithium_decode_t0(const byte* t0, sword32* t)
+static void dilithium_decode_t0_c(const byte* t0, sword32* t)
 {
     unsigned int j;
 
@@ -1164,6 +1456,26 @@ static void dilithium_decode_t0(const byte* t0, sword32* t)
     }
 }
 
+/* Decode bottom D bits of t as t0.
+ *
+ * @param [in]  t0  Encoded values of t0.
+ * @param [in]  d   Dimensions of vector t0.
+ * @param [out] t   Vector of polynomials.
+ */
+static void dilithium_decode_t0(const byte* t0, sword32* t)
+{
+#ifdef USE_INTEL_SPEEDUP
+    if (IS_INTEL_AVX2(cpuid_flags) && (SAVE_VECTOR_REGISTERS2() == 0)) {
+        wc_mldsa_decode_t0_avx2(t0, t);
+        RESTORE_VECTOR_REGISTERS();
+    }
+    else
+#endif
+    {
+        dilithium_decode_t0_c(t0, t);
+    }
+}
+
 #if defined(WOLFSSL_DILITHIUM_CHECK_KEY) || \
     (!defined(WOLFSSL_DILITHIUM_NO_SIGN) && \
      (defined(WC_DILITHIUM_CACHE_PRIV_VECTORS) || \
@@ -1208,7 +1520,7 @@ static void dilithium_vec_decode_t0(const byte* t0, byte d, sword32* t)
  * @param [in]  t1  Encoded values of t1.
  * @param [out] t   Polynomials.
  */
-static void dilithium_decode_t1(const byte* t1, sword32* t)
+static void dilithium_decode_t1_c(const byte* t1, sword32* t)
 {
     unsigned int j;
     /* Step 4. Get 10 bits as a number. */
@@ -1270,6 +1582,30 @@ static void dilithium_decode_t1(const byte* t1, sword32* t)
         t1 += DILITHIUM_U;
     }
 }
+
+/* Decode top bits of t as t1.
+ *
+ * FIPS 204. 8.2: Algorithm 17 pkDecode(pk)
+ *   ...
+ *   4:     t1[i] <- SimpleBitUnpack(zi, 2^(bitlen(q-1)-d) - 1)
+ *   ...
+ *
+ * @param [in]  t1  Encoded values of t1.
+ * @param [out] t   Polynomials.
+ */
+static void dilithium_decode_t1(const byte* t1, sword32* t)
+{
+#ifdef USE_INTEL_SPEEDUP
+    if (IS_INTEL_AVX2(cpuid_flags) && (SAVE_VECTOR_REGISTERS2() == 0)) {
+        wc_mldsa_decode_t1_avx2(t1, t);
+        RESTORE_VECTOR_REGISTERS();
+    }
+    else
+#endif
+    {
+        dilithium_decode_t1_c(t1, t);
+    }
+}
 #endif
 
 #if (!defined(WOLFSSL_DILITHIUM_NO_VERIFY) && \
@@ -1315,7 +1651,7 @@ static void dilithium_vec_decode_t1(const byte* t1, byte d, sword32* t)
  * @param [in]  z     Polynomial to encode.
  * @param [out] s     Buffer to encode into.
  */
-static void dilithium_encode_gamma1_17_bits(const sword32* z, byte* s)
+static void dilithium_encode_gamma1_17_bits_c(const sword32* z, byte* s)
 {
     unsigned int j;
 
@@ -1353,6 +1689,25 @@ static void dilithium_encode_gamma1_17_bits(const sword32* z, byte* s)
         s += DILITHIUM_GAMMA1_17_ENC_BITS / 2;
     }
 }
+
+/* Encode z with range of -(GAMMA1-1)...GAMMA1
+ *
+ * @param [in]  z     Polynomial to encode.
+ * @param [out] s     Buffer to encode into.
+ */
+static void dilithium_encode_gamma1_17_bits(const sword32* z, byte* s)
+{
+#ifdef USE_INTEL_SPEEDUP
+    if (IS_INTEL_AVX2(cpuid_flags) && (SAVE_VECTOR_REGISTERS2() == 0)) {
+        wc_mldsa_encode_gamma1_17_avx2(z, s);
+        RESTORE_VECTOR_REGISTERS();
+    }
+    else
+#endif
+    {
+        dilithium_encode_gamma1_17_bits_c(z, s);
+    }
+}
 #endif
 #if !defined(WOLFSSL_NO_ML_DSA_65) || !defined(WOLFSSL_NO_ML_DSA_87)
 /* Encode z with range of -(GAMMA1-1)...GAMMA1
@@ -1365,7 +1720,7 @@ static void dilithium_encode_gamma1_17_bits(const sword32* z, byte* s)
  * @param [in]  z     Polynomial to encode.
  * @param [out] s     Buffer to encode into.
  */
-static void dilithium_encode_gamma1_19_bits(const sword32* z, byte* s)
+static void dilithium_encode_gamma1_19_bits_c(const sword32* z, byte* s)
 {
     unsigned int j;
 
@@ -1406,6 +1761,25 @@ static void dilithium_encode_gamma1_19_bits(const sword32* z, byte* s)
         s += DILITHIUM_GAMMA1_19_ENC_BITS / 2;
     }
 }
+
+/* Encode z with range of -(GAMMA1-1)...GAMMA1
+ *
+ * @param [in]  z     Polynomial to encode.
+ * @param [out] s     Buffer to encode into.
+ */
+static void dilithium_encode_gamma1_19_bits(const sword32* z, byte* s)
+{
+#ifdef USE_INTEL_SPEEDUP
+    if (IS_INTEL_AVX2(cpuid_flags) && (SAVE_VECTOR_REGISTERS2() == 0)) {
+        wc_mldsa_encode_gamma1_19_avx2(z, s);
+        RESTORE_VECTOR_REGISTERS();
+    }
+    else
+#endif
+    {
+        dilithium_encode_gamma1_19_bits_c(z, s);
+    }
+}
 #endif
 
 #ifndef WOLFSSL_DILITHIUM_SIGN_SMALL_MEM
@@ -1441,7 +1815,6 @@ static void dilithium_vec_encode_gamma1(const sword32* z, byte l, int bits,
             z += DILITHIUM_N;
         }
     }
-    else
 #endif
 #if !defined(WOLFSSL_NO_ML_DSA_65) || !defined(WOLFSSL_NO_ML_DSA_87)
     if (bits == DILITHIUM_GAMMA1_BITS_19) {
@@ -1454,10 +1827,7 @@ static void dilithium_vec_encode_gamma1(const sword32* z, byte l, int bits,
             z += DILITHIUM_N;
         }
     }
-    else
 #endif
-    {
-    }
 }
 #endif /* WOLFSSL_DILITHIUM_SIGN_SMALL_MEM */
 
@@ -1475,7 +1845,7 @@ static void dilithium_vec_encode_gamma1(const sword32* z, byte l, int bits,
  * @param [in]  bits  Number of bits used in encoding - GAMMA1 bits.
  * @param [out] z     Polynomial to fill.
  */
-static void dilithium_decode_gamma1(const byte* s, int bits, sword32* z)
+static void dilithium_decode_gamma1_c(const byte* s, int bits, sword32* z)
 {
     unsigned int i;
 
@@ -1604,7 +1974,6 @@ static void dilithium_decode_gamma1(const byte* s, int bits, sword32* z)
         }
 #endif
     }
-    else
 #endif
 #if !defined(WOLFSSL_NO_ML_DSA_65) || !defined(WOLFSSL_NO_ML_DSA_87)
     if (bits == DILITHIUM_GAMMA1_BITS_19) {
@@ -1649,7 +2018,7 @@ static void dilithium_decode_gamma1(const byte* s, int bits, sword32* z)
         /* Step 4: Get 20 bits as a number. */
         for (i = 0; i < DILITHIUM_N; i += 8) {
             /* 20 bits per number.
-             * 8 numbers from 10 bytes. (8 * 20 bits = 20 * 8 bits) */
+             * 8 numbers from 20 bytes. (8 * 20 bits = 20 * 8 bits) */
     #if defined(LITTLE_ENDIAN_ORDER) && (WOLFSSL_DILITHIUM_ALIGNMENT <= 2)
             word16 s16_0 = ((const word16*)s)[4];
             word16 s16_1 = ((const word16*)s)[9];
@@ -1723,9 +2092,31 @@ static void dilithium_decode_gamma1(const byte* s, int bits, sword32* z)
         }
 #endif
     }
+#endif
+}
+
+/* Decode polynomial with range -(GAMMA1-1)..GAMMA1.
+ *
+ * @param [in]  s     Encoded values of z.
+ * @param [in]  bits  Number of bits used in encoding - GAMMA1 bits.
+ * @param [out] z     Polynomial to fill.
+ */
+static void dilithium_decode_gamma1(const byte* s, int bits, sword32* z)
+{
+#ifdef USE_INTEL_SPEEDUP
+    if (IS_INTEL_AVX2(cpuid_flags) && (SAVE_VECTOR_REGISTERS2() == 0)) {
+        if (bits == DILITHIUM_GAMMA1_BITS_17) {
+            wc_mldsa_decode_gamma1_17_avx2(s, z);
+        }
+        else {
+            wc_mldsa_decode_gamma1_19_avx2(s, z);
+        }
+        RESTORE_VECTOR_REGISTERS();
+    }
     else
 #endif
     {
+        dilithium_decode_gamma1_c(s, bits, z);
     }
 }
 #endif
@@ -1775,7 +2166,7 @@ static void dilithium_vec_decode_gamma1(const byte* x, byte l, int bits,
  * @param [in]  gamma2  Maximum value in range.
  * @param [out] w1e     Buffer to encode into.
  */
-static void dilithium_encode_w1_88(const sword32* w1, byte* w1e)
+static void dilithium_encode_w1_88_c(const sword32* w1, byte* w1e)
 {
     unsigned int j;
 
@@ -1812,6 +2203,26 @@ static void dilithium_encode_w1_88(const sword32* w1, byte* w1e)
         w1e += DILITHIUM_Q_HI_88_ENC_BITS * 2;
     }
 }
+
+/* Encode w1 with range of 0..((q-1)/(2*GAMMA2)-1).
+ *
+ * @param [in]  w1      Vector of polynomials to encode.
+ * @param [in]  gamma2  Maximum value in range.
+ * @param [out] w1e     Buffer to encode into.
+ */
+static void dilithium_encode_w1_88(const sword32* w1, byte* w1e)
+{
+#ifdef USE_INTEL_SPEEDUP
+    if (IS_INTEL_AVX2(cpuid_flags) && (SAVE_VECTOR_REGISTERS2() == 0)) {
+        wc_mldsa_encode_w1_88_avx2(w1, w1e);
+        RESTORE_VECTOR_REGISTERS();
+    }
+    else
+#endif
+    {
+        dilithium_encode_w1_88_c(w1, w1e);
+    }
+}
 #endif /* !WOLFSSL_NO_ML_DSA_44 */
 
 #if !defined(WOLFSSL_NO_ML_DSA_65) || !defined(WOLFSSL_NO_ML_DSA_87)
@@ -1827,7 +2238,7 @@ static void dilithium_encode_w1_88(const sword32* w1, byte* w1e)
  * @param [in]  gamma2  Maximum value in range.
  * @param [out] w1e     Buffer to encode into.
  */
-static void dilithium_encode_w1_32(const sword32* w1, byte* w1e)
+static void dilithium_encode_w1_32_c(const sword32* w1, byte* w1e)
 {
     unsigned int j;
 
@@ -1859,6 +2270,26 @@ static void dilithium_encode_w1_32(const sword32* w1, byte* w1e)
         w1e += DILITHIUM_Q_HI_32_ENC_BITS * 2;
     }
 }
+
+/* Encode w1 with range of 0..((q-1)/(2*GAMMA2)-1).
+ *
+ * @param [in]  w1      Vector of polynomials to encode.
+ * @param [in]  gamma2  Maximum value in range.
+ * @param [out] w1e     Buffer to encode into.
+ */
+static void dilithium_encode_w1_32(const sword32* w1, byte* w1e)
+{
+#ifdef USE_INTEL_SPEEDUP
+    if (IS_INTEL_AVX2(cpuid_flags) && (SAVE_VECTOR_REGISTERS2() == 0)) {
+        wc_mldsa_encode_w1_32_avx2(w1, w1e);
+        RESTORE_VECTOR_REGISTERS();
+    }
+    else
+#endif
+    {
+        dilithium_encode_w1_32_c(w1, w1e);
+    }
+}
 #endif
 #endif
 
@@ -2052,7 +2483,7 @@ static int dilithium_rej_ntt_poly_ex(wc_Shake* shake128, byte* seed, sword32* a,
             }
         }
     #else
-        /* Do 15 bytes at a time: 255 * 3 / 15 = 51 */
+        /* Do 24 bytes at a time: 256 * 3 / 24 = 32 */
         for (c = 0; c < DILITHIUM_N * 3; c += 24) {
         #if defined(LITTLE_ENDIAN_ORDER) && (WOLFSSL_DILITHIUM_ALIGNMENT == 0)
             /* Load 32-bit value and mask out 23 bits. */
@@ -2083,46 +2514,22 @@ static int dilithium_rej_ntt_poly_ex(wc_Shake* shake128, byte* seed, sword32* a,
             sword32 t7 = (h[c + 21] + ((sword32)h[c + 22] << 8) +
                           ((sword32)h[c + 23] << 16)) & 0x7fffff;
         #endif
-            /* Check if value is in valid range. */
-            if (t0 < DILITHIUM_Q) {
-                /* Store value in polynomial and increment count of values. */
-                a[j++] = t0;
-            }
-            /* Check if value is in valid range. */
-            if (t1 < DILITHIUM_Q) {
-                /* Store value in polynomial and increment count of values. */
-                a[j++] = t1;
-            }
-            /* Check if value is in valid range. */
-            if (t2 < DILITHIUM_Q) {
-                /* Store value in polynomial and increment count of values. */
-                a[j++] = t2;
-            }
-            /* Check if value is in valid range. */
-            if (t3 < DILITHIUM_Q) {
-                /* Store value in polynomial and increment count of values. */
-                a[j++] = t3;
-            }
-            /* Check if value is in valid range. */
-            if (t4 < DILITHIUM_Q) {
-                /* Store value in polynomial and increment count of values. */
-                a[j++] = t4;
-            }
-            /* Check if value is in valid range. */
-            if (t5 < DILITHIUM_Q) {
-                /* Store value in polynomial and increment count of values. */
-                a[j++] = t5;
-            }
-            /* Check if value is in valid range. */
-            if (t6 < DILITHIUM_Q) {
-                /* Store value in polynomial and increment count of values. */
-                a[j++] = t6;
-            }
-            /* Check if value is in valid range. */
-            if (t7 < DILITHIUM_Q) {
-                /* Store value in polynomial and increment count of values. */
-                a[j++] = t7;
-            }
+            a[j] = t0;
+            j += (t0 < DILITHIUM_Q);
+            a[j] = t1;
+            j += (t1 < DILITHIUM_Q);
+            a[j] = t2;
+            j += (t2 < DILITHIUM_Q);
+            a[j] = t3;
+            j += (t3 < DILITHIUM_Q);
+            a[j] = t4;
+            j += (t4 < DILITHIUM_Q);
+            a[j] = t5;
+            j += (t5 < DILITHIUM_Q);
+            a[j] = t6;
+            j += (t6 < DILITHIUM_Q);
+            a[j] = t7;
+            j += (t7 < DILITHIUM_Q);
         }
         if (j < DILITHIUM_N) {
             /* Use the remaining triplets, checking we have enough. */
@@ -2242,6 +2649,381 @@ static int dilithium_rej_ntt_poly(wc_Shake* shake128, byte* seed, sword32* a,
     (!defined(WOLFSSL_DILITHIUM_NO_SIGN) && \
      (!defined(WOLFSSL_DILITHIUM_SIGN_SMALL_MEM) || \
       defined(WC_DILITHIUM_CACHE_MATRIX_A)))
+#if defined(USE_INTEL_SPEEDUP) && !defined(WC_SHA3_NO_ASM)
+
+#define SHA3_128_BYTES   (WC_SHA3_128_COUNT * 8)
+/* Number of blocks to generate for matrix. */
+#define GEN_MATRIX_NBLOCKS  5
+/* Number of bytes to generate for matrix. */
+#define GEN_MATRIX_SIZE     GEN_MATRIX_NBLOCKS * SHA3_128_BYTES
+
+#ifndef WOLFSSL_NO_ML_DSA_44
+/* Deterministically generate a matrix (or transpose) of uniform integers mod q.
+ *
+ * Seed used with XOF to generate random bytes.
+ *
+ * @param  [out]  a           Matrix of uniform integers.
+ * @param  [in]   seed        Bytes to seed XOF generation.
+ * @return  0 on success.
+ * @return  MEMORY_E when dynamic memory allocation fails. Only possible when
+ * WOLFSSL_SMALL_STACK is defined.
+ */
+static int wc_mldsa_gen_matrix_4x4_avx2(sword32* a, byte* seed)
+{
+    int i;
+    int k;
+    int l;
+#ifdef WOLFSSL_SMALL_STACK
+    byte *rand = NULL;
+    word64 *state = NULL;
+#else
+    byte rand[4 * GEN_MATRIX_SIZE + 2];
+    word64 state[25 * 4];
+#endif
+    unsigned int ctr0;
+    unsigned int ctr1;
+    unsigned int ctr2;
+    unsigned int ctr3;
+    byte* p;
+
+#ifdef WOLFSSL_SMALL_STACK
+    rand = (byte*)XMALLOC(4 * GEN_MATRIX_SIZE + 2, NULL,
+                          DYNAMIC_TYPE_TMP_BUFFER);
+    state = (word64*)XMALLOC(sizeof(word64) * 25 * 4, NULL,
+                          DYNAMIC_TYPE_TMP_BUFFER);
+    if ((rand == NULL) || (state == NULL)) {
+        XFREE(rand, NULL, DYNAMIC_TYPE_TMP_BUFFER);
+        XFREE(state, NULL, DYNAMIC_TYPE_TMP_BUFFER);
+        return MEMORY_E;
+    }
+#endif
+
+    /* Loading 64 bits, only using 48 bits. Loading 2 bytes more than used. */
+    rand[4 * GEN_MATRIX_SIZE + 0] = 0xff;
+    rand[4 * GEN_MATRIX_SIZE + 1] = 0xff;
+
+    for (k = 0; k < 4; k++) {
+        for (l = 0; l < 4; l++) {
+            state[4*4 + l] = 0x1f0000 + (k << 8) + l;
+        }
+
+        sha3_128_blocksx4_seed_avx2(state, seed);
+        wc_mldsa_redistribute_21_rand_avx2(state,
+            rand + 0 * GEN_MATRIX_SIZE, rand + 1 * GEN_MATRIX_SIZE,
+            rand + 2 * GEN_MATRIX_SIZE, rand + 3 * GEN_MATRIX_SIZE);
+        for (i = SHA3_128_BYTES; i < GEN_MATRIX_SIZE; i += SHA3_128_BYTES) {
+            sha3_blocksx4_avx2(state);
+            wc_mldsa_redistribute_21_rand_avx2(state,
+                rand + i + 0 * GEN_MATRIX_SIZE, rand + i + 1 * GEN_MATRIX_SIZE,
+                rand + i + 2 * GEN_MATRIX_SIZE, rand + i + 3 * GEN_MATRIX_SIZE);
+        }
+
+        /* Sample random bytes to create a polynomial. */
+        p = rand;
+        ctr0 = wc_mldsa_rej_uniform_n_avx2(a + 0 * MLDSA_N, MLDSA_N, p,
+            GEN_MATRIX_SIZE);
+        p += GEN_MATRIX_SIZE;
+        ctr1 = wc_mldsa_rej_uniform_n_avx2(a + 1 * MLDSA_N, MLDSA_N, p,
+            GEN_MATRIX_SIZE);
+        p += GEN_MATRIX_SIZE;
+        ctr2 = wc_mldsa_rej_uniform_n_avx2(a + 2 * MLDSA_N, MLDSA_N, p,
+            GEN_MATRIX_SIZE);
+        p += GEN_MATRIX_SIZE;
+        ctr3 = wc_mldsa_rej_uniform_n_avx2(a + 3 * MLDSA_N, MLDSA_N, p,
+            GEN_MATRIX_SIZE);
+
+        /* Create more blocks if too many rejected. */
+        while ((ctr0 < MLDSA_N) || (ctr1 < MLDSA_N) || (ctr2 < MLDSA_N) ||
+               (ctr3 < MLDSA_N)) {
+            sha3_blocksx4_avx2(state);
+            wc_mldsa_redistribute_21_rand_avx2(state,
+                rand + 0 * GEN_MATRIX_SIZE, rand + 1 * GEN_MATRIX_SIZE,
+                rand + 2 * GEN_MATRIX_SIZE, rand + 3 * GEN_MATRIX_SIZE);
+
+            p = rand;
+            ctr0 += wc_mldsa_rej_uniform_avx2(a + 0 * MLDSA_N + ctr0,
+                MLDSA_N - ctr0, p, SHA3_128_BYTES);
+            p += GEN_MATRIX_SIZE;
+            ctr1 += wc_mldsa_rej_uniform_avx2(a + 1 * MLDSA_N + ctr1,
+                MLDSA_N - ctr1, p, SHA3_128_BYTES);
+            p += GEN_MATRIX_SIZE;
+            ctr2 += wc_mldsa_rej_uniform_avx2(a + 2 * MLDSA_N + ctr2,
+                MLDSA_N - ctr2, p, SHA3_128_BYTES);
+            p += GEN_MATRIX_SIZE;
+            ctr3 += wc_mldsa_rej_uniform_avx2(a + 3 * MLDSA_N + ctr3,
+                MLDSA_N - ctr3, p, SHA3_128_BYTES);
+        }
+
+        a += 4 * MLDSA_N;
+    }
+
+#ifdef WOLFSSL_SMALL_STACK
+    XFREE(rand, NULL, DYNAMIC_TYPE_TMP_BUFFER);
+    XFREE(state, NULL, DYNAMIC_TYPE_TMP_BUFFER);
+#endif
+
+    return 0;
+}
+#endif
+
+#ifndef WOLFSSL_NO_ML_DSA_65
+/* Deterministically generate a matrix (or transpose) of uniform integers mod q.
+ *
+ * Seed used with XOF to generate random bytes.
+ *
+ * @param  [out]  a           Matrix of uniform integers.
+ * @param  [in]   seed        Bytes to seed XOF generation.
+ * @return  0 on success.
+ * @return  MEMORY_E when dynamic memory allocation fails. Only possible when
+ * WOLFSSL_SMALL_STACK is defined.
+ */
+static int wc_mldsa_gen_matrix_6x5_avx2(sword32* a, byte* seed)
+{
+    int i;
+    int k;
+    int l;
+#ifdef WOLFSSL_SMALL_STACK
+    byte *rand = NULL;
+    word64 *state = NULL;
+#else
+    byte rand[4 * GEN_MATRIX_SIZE + 2];
+    word64 state[25 * 4];
+#endif
+    unsigned int ctr0;
+    unsigned int ctr1;
+    unsigned int ctr2;
+    unsigned int ctr3;
+    byte* p;
+
+#ifdef WOLFSSL_SMALL_STACK
+    rand = (byte*)XMALLOC(4 * GEN_MATRIX_SIZE + 2, NULL,
+                          DYNAMIC_TYPE_TMP_BUFFER);
+    state = (word64*)XMALLOC(sizeof(word64) * 25 * 4, NULL,
+                          DYNAMIC_TYPE_TMP_BUFFER);
+    if ((rand == NULL) || (state == NULL)) {
+        XFREE(rand, NULL, DYNAMIC_TYPE_TMP_BUFFER);
+        XFREE(state, NULL, DYNAMIC_TYPE_TMP_BUFFER);
+        return MEMORY_E;
+    }
+#endif
+
+    /* Loading 64 bits, only using 48 bits. Loading 2 bytes more than used. */
+    rand[4 * GEN_MATRIX_SIZE + 0] = 0xff;
+    rand[4 * GEN_MATRIX_SIZE + 1] = 0xff;
+
+    for (k = 0; k < 6 * 5 - 2; k += 4) {
+        for (l = 0; l < 4; l++) {
+            state[4*4 + l] = 0x1f0000 + (((k + l) / 5) << 8) + ((k + l) % 5);
+        }
+
+        sha3_128_blocksx4_seed_avx2(state, seed);
+        wc_mldsa_redistribute_21_rand_avx2(state,
+            rand + 0 * GEN_MATRIX_SIZE, rand + 1 * GEN_MATRIX_SIZE,
+            rand + 2 * GEN_MATRIX_SIZE, rand + 3 * GEN_MATRIX_SIZE);
+        for (i = SHA3_128_BYTES; i < GEN_MATRIX_SIZE; i += SHA3_128_BYTES) {
+            sha3_blocksx4_avx2(state);
+            wc_mldsa_redistribute_21_rand_avx2(state,
+                rand + i + 0 * GEN_MATRIX_SIZE, rand + i + 1 * GEN_MATRIX_SIZE,
+                rand + i + 2 * GEN_MATRIX_SIZE, rand + i + 3 * GEN_MATRIX_SIZE);
+        }
+
+        /* Sample random bytes to create a polynomial. */
+        p = rand;
+        ctr0 = wc_mldsa_rej_uniform_n_avx2(a + 0 * MLDSA_N, MLDSA_N, p,
+            GEN_MATRIX_SIZE);
+        p += GEN_MATRIX_SIZE;
+        ctr1 = wc_mldsa_rej_uniform_n_avx2(a + 1 * MLDSA_N, MLDSA_N, p,
+            GEN_MATRIX_SIZE);
+        p += GEN_MATRIX_SIZE;
+        ctr2 = wc_mldsa_rej_uniform_n_avx2(a + 2 * MLDSA_N, MLDSA_N, p,
+            GEN_MATRIX_SIZE);
+        p += GEN_MATRIX_SIZE;
+        ctr3 = wc_mldsa_rej_uniform_n_avx2(a + 3 * MLDSA_N, MLDSA_N, p,
+            GEN_MATRIX_SIZE);
+
+        /* Create more blocks if too many rejected. */
+        while ((ctr0 < MLDSA_N) || (ctr1 < MLDSA_N) || (ctr2 < MLDSA_N) ||
+               (ctr3 < MLDSA_N)) {
+            sha3_blocksx4_avx2(state);
+            wc_mldsa_redistribute_21_rand_avx2(state,
+                rand + 0 * GEN_MATRIX_SIZE, rand + 1 * GEN_MATRIX_SIZE,
+                rand + 2 * GEN_MATRIX_SIZE, rand + 3 * GEN_MATRIX_SIZE);
+
+            p = rand;
+            ctr0 += wc_mldsa_rej_uniform_avx2(a + 0 * MLDSA_N + ctr0,
+                MLDSA_N - ctr0, p, SHA3_128_BYTES);
+            p += GEN_MATRIX_SIZE;
+            ctr1 += wc_mldsa_rej_uniform_avx2(a + 1 * MLDSA_N + ctr1,
+                MLDSA_N - ctr1, p, SHA3_128_BYTES);
+            p += GEN_MATRIX_SIZE;
+            ctr2 += wc_mldsa_rej_uniform_avx2(a + 2 * MLDSA_N + ctr2,
+                MLDSA_N - ctr2, p, SHA3_128_BYTES);
+            p += GEN_MATRIX_SIZE;
+            ctr3 += wc_mldsa_rej_uniform_avx2(a + 3 * MLDSA_N + ctr3,
+                MLDSA_N - ctr3, p, SHA3_128_BYTES);
+        }
+
+        a += 4 * MLDSA_N;
+    }
+
+    for (l = 0; l < 2; l++) {
+        state[4*4 + l] = 0x1f0000 + (5 << 8) + (l + 3);
+    }
+
+    sha3_128_blocksx4_seed_avx2(state, seed);
+    wc_mldsa_redistribute_21_rand_avx2(state,
+        rand + 0 * GEN_MATRIX_SIZE, rand + 1 * GEN_MATRIX_SIZE,
+        rand + 2 * GEN_MATRIX_SIZE, rand + 3 * GEN_MATRIX_SIZE);
+    for (i = SHA3_128_BYTES; i < GEN_MATRIX_SIZE; i += SHA3_128_BYTES) {
+        sha3_blocksx4_avx2(state);
+        wc_mldsa_redistribute_21_rand_avx2(state,
+            rand + i + 0 * GEN_MATRIX_SIZE, rand + i + 1 * GEN_MATRIX_SIZE,
+            rand + i + 2 * GEN_MATRIX_SIZE, rand + i + 3 * GEN_MATRIX_SIZE);
+    }
+
+    /* Sample random bytes to create a polynomial. */
+    p = rand;
+    ctr0 = wc_mldsa_rej_uniform_n_avx2(a + 0 * MLDSA_N, MLDSA_N, p,
+        GEN_MATRIX_SIZE);
+    p += GEN_MATRIX_SIZE;
+    ctr1 = wc_mldsa_rej_uniform_n_avx2(a + 1 * MLDSA_N, MLDSA_N, p,
+        GEN_MATRIX_SIZE);
+
+    /* Create more blocks if too many rejected. */
+    while ((ctr0 < MLDSA_N) || (ctr1 < MLDSA_N)) {
+        sha3_blocksx4_avx2(state);
+        wc_mldsa_redistribute_21_rand_avx2(state, rand + 0 * GEN_MATRIX_SIZE,
+            rand + 1 * GEN_MATRIX_SIZE, rand + 2 * GEN_MATRIX_SIZE,
+            rand + 3 * GEN_MATRIX_SIZE);
+
+        p = rand;
+        ctr0 += wc_mldsa_rej_uniform_avx2(a + 0 * MLDSA_N + ctr0,
+            MLDSA_N - ctr0, p, SHA3_128_BYTES);
+        p += GEN_MATRIX_SIZE;
+        ctr1 += wc_mldsa_rej_uniform_avx2(a + 1 * MLDSA_N + ctr1,
+            MLDSA_N - ctr1, p, SHA3_128_BYTES);
+    }
+
+#ifdef WOLFSSL_SMALL_STACK
+    XFREE(rand, NULL, DYNAMIC_TYPE_TMP_BUFFER);
+    XFREE(state, NULL, DYNAMIC_TYPE_TMP_BUFFER);
+#endif
+
+    return 0;
+}
+#endif
+
+#ifndef WOLFSSL_NO_ML_DSA_87
+/* Deterministically generate a matrix (or transpose) of uniform integers mod q.
+ *
+ * Seed used with XOF to generate random bytes.
+ *
+ * @param  [out]  a           Matrix of uniform integers.
+ * @param  [in]   seed        Bytes to seed XOF generation.
+ * @return  0 on success.
+ * @return  MEMORY_E when dynamic memory allocation fails. Only possible when
+ * WOLFSSL_SMALL_STACK is defined.
+ */
+static int wc_mldsa_gen_matrix_8x7_avx2(sword32* a, byte* seed)
+{
+    int i;
+    int k;
+    int l;
+#ifdef WOLFSSL_SMALL_STACK
+    byte *rand = NULL;
+    word64 *state = NULL;
+#else
+    byte rand[4 * GEN_MATRIX_SIZE + 2];
+    word64 state[25 * 4];
+#endif
+    unsigned int ctr0;
+    unsigned int ctr1;
+    unsigned int ctr2;
+    unsigned int ctr3;
+    byte* p;
+
+#ifdef WOLFSSL_SMALL_STACK
+    rand = (byte*)XMALLOC(4 * GEN_MATRIX_SIZE + 2, NULL,
+                          DYNAMIC_TYPE_TMP_BUFFER);
+    state = (word64*)XMALLOC(sizeof(word64) * 25 * 4, NULL,
+                          DYNAMIC_TYPE_TMP_BUFFER);
+    if ((rand == NULL) || (state == NULL)) {
+        XFREE(rand, NULL, DYNAMIC_TYPE_TMP_BUFFER);
+        XFREE(state, NULL, DYNAMIC_TYPE_TMP_BUFFER);
+        return MEMORY_E;
+    }
+#endif
+
+    /* Loading 64 bits, only using 48 bits. Loading 2 bytes more than used. */
+    rand[4 * GEN_MATRIX_SIZE + 0] = 0xff;
+    rand[4 * GEN_MATRIX_SIZE + 1] = 0xff;
+
+    for (k = 0; k < 8 * 7; k += 4) {
+        for (l = 0; l < 4; l++) {
+            state[4*4 + l] = 0x1f0000 + (((k + l) / 7) << 8) + ((k + l) % 7);
+        }
+
+        sha3_128_blocksx4_seed_avx2(state, seed);
+        wc_mldsa_redistribute_21_rand_avx2(state,
+            rand + 0 * GEN_MATRIX_SIZE, rand + 1 * GEN_MATRIX_SIZE,
+            rand + 2 * GEN_MATRIX_SIZE, rand + 3 * GEN_MATRIX_SIZE);
+        for (i = SHA3_128_BYTES; i < GEN_MATRIX_SIZE; i += SHA3_128_BYTES) {
+            sha3_blocksx4_avx2(state);
+            wc_mldsa_redistribute_21_rand_avx2(state,
+                rand + i + 0 * GEN_MATRIX_SIZE, rand + i + 1 * GEN_MATRIX_SIZE,
+                rand + i + 2 * GEN_MATRIX_SIZE, rand + i + 3 * GEN_MATRIX_SIZE);
+        }
+
+        /* Sample random bytes to create a polynomial. */
+        p = rand;
+        ctr0 = wc_mldsa_rej_uniform_n_avx2(a + 0 * MLDSA_N, MLDSA_N, p,
+            GEN_MATRIX_SIZE);
+        p += GEN_MATRIX_SIZE;
+        ctr1 = wc_mldsa_rej_uniform_n_avx2(a + 1 * MLDSA_N, MLDSA_N, p,
+            GEN_MATRIX_SIZE);
+        p += GEN_MATRIX_SIZE;
+        ctr2 = wc_mldsa_rej_uniform_n_avx2(a + 2 * MLDSA_N, MLDSA_N, p,
+            GEN_MATRIX_SIZE);
+        p += GEN_MATRIX_SIZE;
+        ctr3 = wc_mldsa_rej_uniform_n_avx2(a + 3 * MLDSA_N, MLDSA_N, p,
+            GEN_MATRIX_SIZE);
+
+        /* Create more blocks if too many rejected. */
+        while ((ctr0 < MLDSA_N) || (ctr1 < MLDSA_N) || (ctr2 < MLDSA_N) ||
+               (ctr3 < MLDSA_N)) {
+            sha3_blocksx4_avx2(state);
+            wc_mldsa_redistribute_21_rand_avx2(state,
+                rand + 0 * GEN_MATRIX_SIZE, rand + 1 * GEN_MATRIX_SIZE,
+                rand + 2 * GEN_MATRIX_SIZE, rand + 3 * GEN_MATRIX_SIZE);
+
+            p = rand;
+            ctr0 += wc_mldsa_rej_uniform_avx2(a + 0 * MLDSA_N + ctr0,
+                MLDSA_N - ctr0, p, SHA3_128_BYTES);
+            p += GEN_MATRIX_SIZE;
+            ctr1 += wc_mldsa_rej_uniform_avx2(a + 1 * MLDSA_N + ctr1,
+                MLDSA_N - ctr1, p, SHA3_128_BYTES);
+            p += GEN_MATRIX_SIZE;
+            ctr2 += wc_mldsa_rej_uniform_avx2(a + 2 * MLDSA_N + ctr2,
+                MLDSA_N - ctr2, p, SHA3_128_BYTES);
+            p += GEN_MATRIX_SIZE;
+            ctr3 += wc_mldsa_rej_uniform_avx2(a + 3 * MLDSA_N + ctr3,
+                MLDSA_N - ctr3, p, SHA3_128_BYTES);
+        }
+
+        a += 4 * MLDSA_N;
+    }
+
+#ifdef WOLFSSL_SMALL_STACK
+    XFREE(rand, NULL, DYNAMIC_TYPE_TMP_BUFFER);
+    XFREE(state, NULL, DYNAMIC_TYPE_TMP_BUFFER);
+#endif
+
+    return 0;
+}
+#endif
+
+#endif
+
 /* Expand the seed to create matrix a.
  *
  * FIPS 204. 8.3: Algorithm 26 ExpandA(rho)
@@ -2262,8 +3044,8 @@ static int dilithium_rej_ntt_poly(wc_Shake* shake128, byte* seed, sword32* a,
  * @return  0 on success.
  * @return  Negative on hash error.
  */
-static int dilithium_expand_a(wc_Shake* shake128, const byte* pub_seed, byte k,
-    byte l, sword32* a, void* heap)
+static int dilithium_expand_a_c(wc_Shake* shake128, const byte* pub_seed,
+    byte k, byte l, sword32* a, void* heap)
 {
     int ret = 0;
     byte r;
@@ -2289,6 +3071,70 @@ static int dilithium_expand_a(wc_Shake* shake128, const byte* pub_seed, byte k,
 
     return ret;
 }
+
+/* Expand the seed to create matrix a.
+ *
+ * FIPS 204. 8.3: Algorithm 26 ExpandA(rho)
+ *   1: for r from 0 to k - 1 do
+ *   2:     for s from 0 to l - 1 do
+ *   3:         A_hat[r,s] <- RejNTTPoly(rho||IntegerToBits(s,8)||
+ *                                       IntegerToBits(r,8))
+ *   4:     end for
+ *   5: end for
+ *   6: return A_hat
+ *
+ * @param [in, out] shake128  SHAKE-128 object.
+ * @param [in]      pub_seed  Seed to generate stream of data.
+ * @param [in]      k         First dimension of matrix a.
+ * @param [in]      l         Second dimension of matrix a.
+ * @param [out]     a         Matrix of polynomials.
+ * @param [in]      heap      Dynamic memory hint.
+ * @return  0 on success.
+ * @return  Negative on hash error.
+ */
+static int dilithium_expand_a(wc_Shake* shake128, const byte* pub_seed,
+    byte k, byte l, sword32* a, void* heap)
+{
+    int ret;
+#if defined(USE_INTEL_SPEEDUP) && !defined(WC_SHA3_NO_ASM)
+    byte seed[DILITHIUM_GEN_A_SEED_SZ];
+#endif
+
+#if defined(USE_INTEL_SPEEDUP) && !defined(WC_SHA3_NO_ASM)
+#ifndef WOLFSSL_NO_ML_DSA_44
+    if ((k == 4) && (l == 4) && IS_INTEL_AVX2(cpuid_flags) &&
+            IS_INTEL_BMI2(cpuid_flags) && (SAVE_VECTOR_REGISTERS2() == 0)) {
+        XMEMCPY(seed, pub_seed, DILITHIUM_PUB_SEED_SZ);
+        ret = wc_mldsa_gen_matrix_4x4_avx2(a, seed);
+        RESTORE_VECTOR_REGISTERS();
+    }
+    else
+#endif
+#ifndef WOLFSSL_NO_ML_DSA_65
+    if ((k == 6) && (l == 5) && IS_INTEL_AVX2(cpuid_flags) &&
+            IS_INTEL_BMI2(cpuid_flags) && (SAVE_VECTOR_REGISTERS2() == 0)) {
+        XMEMCPY(seed, pub_seed, DILITHIUM_PUB_SEED_SZ);
+        ret = wc_mldsa_gen_matrix_6x5_avx2(a, seed);
+        RESTORE_VECTOR_REGISTERS();
+    }
+    else
+#endif
+#ifndef WOLFSSL_NO_ML_DSA_87
+    if ((k == 8) && (l == 7) && IS_INTEL_AVX2(cpuid_flags) &&
+            IS_INTEL_BMI2(cpuid_flags) && (SAVE_VECTOR_REGISTERS2() == 0)) {
+        XMEMCPY(seed, pub_seed, DILITHIUM_PUB_SEED_SZ);
+        ret = wc_mldsa_gen_matrix_8x7_avx2(a, seed);
+        RESTORE_VECTOR_REGISTERS();
+    }
+    else
+#endif
+#endif
+    {
+        ret = dilithium_expand_a_c(shake128, pub_seed, k, l, a, heap);
+    }
+
+    return ret;
+}
 #endif
 
 #ifndef WOLFSSL_DILITHIUM_NO_MAKE_KEY
@@ -2366,8 +3212,8 @@ static const signed char dilithium_coeff_eta2[] = {
  * @return  Value in range of -ETA..ETA on success.
  */
 #define DILITHIUM_COEFF_S_VALID(b, eta)                             \
-    (((eta) == DILITHIUM_ETA_2) ? DILITHIUM_COEFF_S_VALID_ETA2(b) : \
-                                  DILITHIUM_COEFF_S_VALID_ETA4(b))
+    (((eta) == DILITHIUM_ETA_2) ? DILITHIUM_COEFF_S_VALID_ETA2(b)   \
+                                : DILITHIUM_COEFF_S_VALID_ETA4(b))
 
 /* Convert random value 0..15 to a value in range of -ETA..ETA.
  *
@@ -2510,8 +3356,8 @@ static const signed char dilithium_coeff_eta2[] = {
  * @param [out]     s     Polynomial to fill with coefficients.
  * @param [in, out] cnt   Current count of coefficients in polynomial.
  */
-static void dilithium_extract_coeffs(byte* z, unsigned int zLen, byte eta,
-    sword32* s, unsigned int* cnt)
+static void dilithium_extract_coeffs(const byte* z, unsigned int zLen,
+    byte eta, sword32* s, unsigned int* cnt)
 {
 #ifdef WOLFSSL_DILITHIUM_NO_LARGE_CODE
     unsigned int j = *cnt;
@@ -2680,6 +3526,427 @@ static int dilithium_rej_bound_poly(wc_Shake* shake256, byte* seed, sword32* s,
 #endif
 }
 
+#if defined(USE_INTEL_SPEEDUP) && !defined(WC_SHA3_NO_ASM)
+#ifndef WOLFSSL_NO_ML_DSA_44
+/* Deterministically generate a matrix (or transpose) of uniform integers mod q.
+ *
+ * Seed used with XOF to generate random bytes.
+ *
+ * @param  [out]  a           Vectos of uniform integers.
+ * @param  [in]   seed        Bytes to seed XOF generation.
+ * @return  0 on success.
+ * @return  MEMORY_E when dynamic memory allocation fails. Only possible when
+ * WOLFSSL_SMALL_STACK is defined.
+ */
+static int wc_mldsa_gen_s_4_4_avx2(sword32* s[2], byte* seed)
+{
+    int k;
+    int l;
+#ifdef WOLFSSL_SMALL_STACK
+    byte *rand = NULL;
+    word64 *state = NULL;
+#else
+    byte rand[4 * DILITHIUM_GEN_S_BLOCK_BYTES];
+    word64 state[25 * 4];
+#endif
+    unsigned int ctr0;
+    unsigned int ctr1;
+    unsigned int ctr2;
+    unsigned int ctr3;
+    byte* p;
+
+#ifdef WOLFSSL_SMALL_STACK
+    rand = (byte*)XMALLOC(4 * DILITHIUM_GEN_S_BLOCK_BYTES, NULL,
+                          DYNAMIC_TYPE_TMP_BUFFER);
+    state = (word64*)XMALLOC(sizeof(word64) * 25 * 4, NULL,
+                          DYNAMIC_TYPE_TMP_BUFFER);
+    if ((rand == NULL) || (state == NULL)) {
+        XFREE(rand, NULL, DYNAMIC_TYPE_TMP_BUFFER);
+        XFREE(state, NULL, DYNAMIC_TYPE_TMP_BUFFER);
+        return MEMORY_E;
+    }
+#endif
+
+    for (k = 0; k < 2; k++) {
+        for (l = 0; l < 4; l++) {
+            state[8*4 + l] = 0x1f0000 + (k * 4 + l);
+        }
+
+        ctr0 = 0;
+        ctr1 = 0;
+        ctr2 = 0;
+        ctr3 = 0;
+
+        sha3_256_blocksx4_seed_64_avx2(state, seed);
+        wc_mldsa_redistribute_17_rand_avx2(state,
+            rand + 0 * DILITHIUM_GEN_S_BLOCK_BYTES,
+            rand + 1 * DILITHIUM_GEN_S_BLOCK_BYTES,
+            rand + 2 * DILITHIUM_GEN_S_BLOCK_BYTES,
+            rand + 3 * DILITHIUM_GEN_S_BLOCK_BYTES);
+
+        do {
+            p = rand;
+            if (ctr0 < MLDSA_N) {
+                wc_mldsa_extract_coeffs_eta2_avx2(p,
+                    DILITHIUM_GEN_S_BLOCK_BYTES, s[k] + 0 * MLDSA_N + ctr0,
+                    &ctr0);
+            }
+            p += DILITHIUM_GEN_S_BLOCK_BYTES;
+            if (ctr1 < MLDSA_N) {
+                wc_mldsa_extract_coeffs_eta2_avx2(p,
+                    DILITHIUM_GEN_S_BLOCK_BYTES, s[k] + 1 * MLDSA_N + ctr1,
+                    &ctr1);
+            }
+            p += DILITHIUM_GEN_S_BLOCK_BYTES;
+            if (ctr2 < MLDSA_N) {
+                wc_mldsa_extract_coeffs_eta2_avx2(p,
+                    DILITHIUM_GEN_S_BLOCK_BYTES, s[k] + 2 * MLDSA_N + ctr2,
+                    &ctr2);
+            }
+            p += DILITHIUM_GEN_S_BLOCK_BYTES;
+            if (ctr3 < MLDSA_N) {
+                wc_mldsa_extract_coeffs_eta2_avx2(p,
+                    DILITHIUM_GEN_S_BLOCK_BYTES, s[k] + 3 * MLDSA_N + ctr3,
+                    &ctr3);
+            }
+
+            if ((ctr0 < MLDSA_N) || (ctr1 < MLDSA_N) || (ctr2 < MLDSA_N) ||
+                   (ctr3 < MLDSA_N)) {
+                sha3_blocksx4_avx2(state);
+                wc_mldsa_redistribute_17_rand_avx2(state,
+                    rand + 0 * DILITHIUM_GEN_S_BLOCK_BYTES,
+                    rand + 1 * DILITHIUM_GEN_S_BLOCK_BYTES,
+                    rand + 2 * DILITHIUM_GEN_S_BLOCK_BYTES,
+                    rand + 3 * DILITHIUM_GEN_S_BLOCK_BYTES);
+            }
+        }
+        /* Create more blocks if too many rejected. */
+        while ((ctr0 < MLDSA_N) || (ctr1 < MLDSA_N) || (ctr2 < MLDSA_N) ||
+               (ctr3 < MLDSA_N));
+    }
+
+#ifdef WOLFSSL_SMALL_STACK
+    XFREE(rand, NULL, DYNAMIC_TYPE_TMP_BUFFER);
+    XFREE(state, NULL, DYNAMIC_TYPE_TMP_BUFFER);
+#endif
+
+    return 0;
+}
+#endif
+
+#ifndef WOLFSSL_NO_ML_DSA_65
+/* Deterministically generate a matrix (or transpose) of uniform integers mod q.
+ *
+ * Seed used with XOF to generate random bytes.
+ *
+ * @param  [out]  a           Vectos of uniform integers.
+ * @param  [in]   seed        Bytes to seed XOF generation.
+ * @return  0 on success.
+ * @return  MEMORY_E when dynamic memory allocation fails. Only possible when
+ * WOLFSSL_SMALL_STACK is defined.
+ */
+static int wc_mldsa_gen_s_5_6_avx2(sword32* s[2], byte* seed)
+{
+    int k;
+    int l;
+#ifdef WOLFSSL_SMALL_STACK
+    byte *rand = NULL;
+    word64 *state = NULL;
+#else
+    byte rand[4 * DILITHIUM_GEN_S_BLOCK_BYTES];
+    word64 state[25 * 4];
+#endif
+    unsigned int ctr0;
+    unsigned int ctr1;
+    unsigned int ctr2;
+    unsigned int ctr3;
+    byte* p;
+    sword32* sa[3][4] = {
+        { &s[0][0 * MLDSA_N], &s[0][1 * MLDSA_N],
+          &s[0][2 * MLDSA_N], &s[0][3 * MLDSA_N] },
+        { &s[0][4 * MLDSA_N], &s[1][0 * MLDSA_N],
+          &s[1][1 * MLDSA_N], &s[1][2 * MLDSA_N] },
+        { &s[1][3 * MLDSA_N], &s[1][4 * MLDSA_N],
+          &s[1][5 * MLDSA_N], NULL               }
+    };
+
+#ifdef WOLFSSL_SMALL_STACK
+    rand = (byte*)XMALLOC(4 * DILITHIUM_GEN_S_BLOCK_BYTES, NULL,
+                          DYNAMIC_TYPE_TMP_BUFFER);
+    state = (word64*)XMALLOC(sizeof(word64) * 25 * 4, NULL,
+                          DYNAMIC_TYPE_TMP_BUFFER);
+    if ((rand == NULL) || (state == NULL)) {
+        XFREE(rand, NULL, DYNAMIC_TYPE_TMP_BUFFER);
+        XFREE(state, NULL, DYNAMIC_TYPE_TMP_BUFFER);
+        return MEMORY_E;
+    }
+#endif
+
+    for (k = 0; k < 2; k++) {
+        for (l = 0; l < 4; l++) {
+            state[8*4 + l] = 0x1f0000 + (k * 4 + l);
+        }
+
+        ctr0 = 0;
+        ctr1 = 0;
+        ctr2 = 0;
+        ctr3 = 0;
+
+        sha3_256_blocksx4_seed_64_avx2(state, seed);
+        wc_mldsa_redistribute_17_rand_avx2(state,
+            rand + 0 * DILITHIUM_GEN_S_BLOCK_BYTES,
+            rand + 1 * DILITHIUM_GEN_S_BLOCK_BYTES,
+            rand + 2 * DILITHIUM_GEN_S_BLOCK_BYTES,
+            rand + 3 * DILITHIUM_GEN_S_BLOCK_BYTES);
+
+        do {
+            p = rand;
+            if (ctr0 < MLDSA_N) {
+                wc_mldsa_extract_coeffs_eta4_avx2(p,
+                    DILITHIUM_GEN_S_BLOCK_BYTES, sa[k][0] + ctr0, &ctr0);
+            }
+            p += DILITHIUM_GEN_S_BLOCK_BYTES;
+            if (ctr1 < MLDSA_N) {
+                wc_mldsa_extract_coeffs_eta4_avx2(p,
+                    DILITHIUM_GEN_S_BLOCK_BYTES, sa[k][1] + ctr1, &ctr1);
+            }
+            p += DILITHIUM_GEN_S_BLOCK_BYTES;
+            if (ctr2 < MLDSA_N) {
+                wc_mldsa_extract_coeffs_eta4_avx2(p,
+                    DILITHIUM_GEN_S_BLOCK_BYTES, sa[k][2] + ctr2, &ctr2);
+            }
+            p += DILITHIUM_GEN_S_BLOCK_BYTES;
+            if (ctr3 < MLDSA_N) {
+                wc_mldsa_extract_coeffs_eta4_avx2(p,
+                    DILITHIUM_GEN_S_BLOCK_BYTES, sa[k][3] + ctr3, &ctr3);
+            }
+
+            if ((ctr0 < MLDSA_N) || (ctr1 < MLDSA_N) || (ctr2 < MLDSA_N) ||
+                   (ctr3 < MLDSA_N)) {
+                sha3_blocksx4_avx2(state);
+                wc_mldsa_redistribute_17_rand_avx2(state,
+                    rand + 0 * DILITHIUM_GEN_S_BLOCK_BYTES,
+                    rand + 1 * DILITHIUM_GEN_S_BLOCK_BYTES,
+                    rand + 2 * DILITHIUM_GEN_S_BLOCK_BYTES,
+                    rand + 3 * DILITHIUM_GEN_S_BLOCK_BYTES);
+            }
+        }
+        /* Create more blocks if too many rejected. */
+        while ((ctr0 < MLDSA_N) || (ctr1 < MLDSA_N) || (ctr2 < MLDSA_N) ||
+               (ctr3 < MLDSA_N));
+    }
+
+    for (l = 0; l < 4; l++) {
+        state[8*4 + l] = 0x1f0000 + (8 + l);
+    }
+
+    ctr0 = 0;
+    ctr1 = 0;
+    ctr2 = 0;
+
+    sha3_256_blocksx4_seed_64_avx2(state, seed);
+    wc_mldsa_redistribute_17_rand_avx2(state,
+        rand + 0 * DILITHIUM_GEN_S_BLOCK_BYTES,
+        rand + 1 * DILITHIUM_GEN_S_BLOCK_BYTES,
+        rand + 2 * DILITHIUM_GEN_S_BLOCK_BYTES,
+        rand + 3 * DILITHIUM_GEN_S_BLOCK_BYTES);
+
+    do {
+        p = rand;
+        if (ctr0 < MLDSA_N) {
+            wc_mldsa_extract_coeffs_eta4_avx2(p, DILITHIUM_GEN_S_BLOCK_BYTES,
+                sa[k][0] + ctr0, &ctr0);
+        }
+        p += DILITHIUM_GEN_S_BLOCK_BYTES;
+        if (ctr1 < MLDSA_N) {
+            wc_mldsa_extract_coeffs_eta4_avx2(p, DILITHIUM_GEN_S_BLOCK_BYTES,
+                sa[k][1] + ctr1, &ctr1);
+        }
+        p += DILITHIUM_GEN_S_BLOCK_BYTES;
+        if (ctr2 < MLDSA_N) {
+            wc_mldsa_extract_coeffs_eta4_avx2(p, DILITHIUM_GEN_S_BLOCK_BYTES,
+                sa[k][2] + ctr2, &ctr2);
+        }
+
+        if ((ctr0 < MLDSA_N) || (ctr1 < MLDSA_N) || (ctr2 < MLDSA_N)) {
+            sha3_blocksx4_avx2(state);
+            wc_mldsa_redistribute_17_rand_avx2(state,
+                rand + 0 * DILITHIUM_GEN_S_BLOCK_BYTES,
+                rand + 1 * DILITHIUM_GEN_S_BLOCK_BYTES,
+                rand + 2 * DILITHIUM_GEN_S_BLOCK_BYTES,
+                rand + 3 * DILITHIUM_GEN_S_BLOCK_BYTES);
+        }
+    }
+    /* Create more blocks if too many rejected. */
+    while ((ctr0 < MLDSA_N) || (ctr1 < MLDSA_N) || (ctr2 < MLDSA_N));
+
+#ifdef WOLFSSL_SMALL_STACK
+    XFREE(rand, NULL, DYNAMIC_TYPE_TMP_BUFFER);
+    XFREE(state, NULL, DYNAMIC_TYPE_TMP_BUFFER);
+#endif
+
+    return 0;
+}
+#endif
+
+#ifndef WOLFSSL_NO_ML_DSA_87
+/* Deterministically generate a matrix (or transpose) of uniform integers mod q.
+ *
+ * Seed used with XOF to generate random bytes.
+ *
+ * @param  [out]  a           Vectos of uniform integers.
+ * @param  [in]   seed        Bytes to seed XOF generation.
+ * @return  0 on success.
+ * @return  MEMORY_E when dynamic memory allocation fails. Only possible when
+ * WOLFSSL_SMALL_STACK is defined.
+ */
+static int wc_mldsa_gen_s_7_8_avx2(sword32* s[2], byte* seed)
+{
+    int k;
+    int l;
+#ifdef WOLFSSL_SMALL_STACK
+    byte *rand = NULL;
+    word64 *state = NULL;
+#else
+    byte rand[4 * DILITHIUM_GEN_S_BLOCK_BYTES];
+    word64 state[25 * 4];
+#endif
+    unsigned int ctr0;
+    unsigned int ctr1;
+    unsigned int ctr2;
+    unsigned int ctr3;
+    byte* p;
+    sword32* sa[4][4] = {
+        { &s[0][0 * MLDSA_N], &s[0][1 * MLDSA_N],
+          &s[0][2 * MLDSA_N], &s[0][3 * MLDSA_N] },
+        { &s[0][4 * MLDSA_N], &s[0][5 * MLDSA_N],
+          &s[0][6 * MLDSA_N], &s[1][0 * MLDSA_N] },
+        { &s[1][1 * MLDSA_N], &s[1][2 * MLDSA_N],
+          &s[1][3 * MLDSA_N], &s[1][4 * MLDSA_N] },
+        { &s[1][5 * MLDSA_N], &s[1][6 * MLDSA_N],
+          &s[1][7 * MLDSA_N], NULL               }
+    };
+
+#ifdef WOLFSSL_SMALL_STACK
+    rand = (byte*)XMALLOC(4 * DILITHIUM_GEN_S_BLOCK_BYTES, NULL,
+                          DYNAMIC_TYPE_TMP_BUFFER);
+    state = (word64*)XMALLOC(sizeof(word64) * 25 * 4, NULL,
+                          DYNAMIC_TYPE_TMP_BUFFER);
+    if ((rand == NULL) || (state == NULL)) {
+        XFREE(rand, NULL, DYNAMIC_TYPE_TMP_BUFFER);
+        XFREE(state, NULL, DYNAMIC_TYPE_TMP_BUFFER);
+        return MEMORY_E;
+    }
+#endif
+
+    for (k = 0; k < 3; k++) {
+        for (l = 0; l < 4; l++) {
+            state[8*4 + l] = 0x1f0000 + (k * 4 + l);
+        }
+
+        ctr0 = 0;
+        ctr1 = 0;
+        ctr2 = 0;
+        ctr3 = 0;
+
+        sha3_256_blocksx4_seed_64_avx2(state, seed);
+        wc_mldsa_redistribute_17_rand_avx2(state,
+            rand + 0 * DILITHIUM_GEN_S_BLOCK_BYTES,
+            rand + 1 * DILITHIUM_GEN_S_BLOCK_BYTES,
+            rand + 2 * DILITHIUM_GEN_S_BLOCK_BYTES,
+            rand + 3 * DILITHIUM_GEN_S_BLOCK_BYTES);
+
+        do {
+            p = rand;
+            if (ctr0 < MLDSA_N) {
+                wc_mldsa_extract_coeffs_eta2_avx2(p,
+                    DILITHIUM_GEN_S_BLOCK_BYTES, sa[k][0] + ctr0, &ctr0);
+            }
+            p += DILITHIUM_GEN_S_BLOCK_BYTES;
+            if (ctr1 < MLDSA_N) {
+                wc_mldsa_extract_coeffs_eta2_avx2(p,
+                    DILITHIUM_GEN_S_BLOCK_BYTES, sa[k][1] + ctr1, &ctr1);
+            }
+            p += DILITHIUM_GEN_S_BLOCK_BYTES;
+            if (ctr2 < MLDSA_N) {
+                wc_mldsa_extract_coeffs_eta2_avx2(p,
+                    DILITHIUM_GEN_S_BLOCK_BYTES, sa[k][2] + ctr2, &ctr2);
+            }
+            p += DILITHIUM_GEN_S_BLOCK_BYTES;
+            if (ctr3 < MLDSA_N) {
+                wc_mldsa_extract_coeffs_eta2_avx2(p,
+                    DILITHIUM_GEN_S_BLOCK_BYTES, sa[k][3] + ctr3, &ctr3);
+            }
+
+            if ((ctr0 < MLDSA_N) || (ctr1 < MLDSA_N) || (ctr2 < MLDSA_N) ||
+                   (ctr3 < MLDSA_N)) {
+                sha3_blocksx4_avx2(state);
+                wc_mldsa_redistribute_17_rand_avx2(state,
+                    rand + 0 * DILITHIUM_GEN_S_BLOCK_BYTES,
+                    rand + 1 * DILITHIUM_GEN_S_BLOCK_BYTES,
+                    rand + 2 * DILITHIUM_GEN_S_BLOCK_BYTES,
+                    rand + 3 * DILITHIUM_GEN_S_BLOCK_BYTES);
+            }
+        }
+        /* Create more blocks if too many rejected. */
+        while ((ctr0 < MLDSA_N) || (ctr1 < MLDSA_N) || (ctr2 < MLDSA_N) ||
+               (ctr3 < MLDSA_N));
+    }
+
+    for (l = 0; l < 4; l++) {
+        state[8*4 + l] = 0x1f0000 + (12 + l);
+    }
+
+    ctr0 = 0;
+    ctr1 = 0;
+    ctr2 = 0;
+
+    sha3_256_blocksx4_seed_64_avx2(state, seed);
+    wc_mldsa_redistribute_17_rand_avx2(state,
+        rand + 0 * DILITHIUM_GEN_S_BLOCK_BYTES,
+        rand + 1 * DILITHIUM_GEN_S_BLOCK_BYTES,
+        rand + 2 * DILITHIUM_GEN_S_BLOCK_BYTES,
+        rand + 3 * DILITHIUM_GEN_S_BLOCK_BYTES);
+
+    do {
+        p = rand;
+        if (ctr0 < MLDSA_N) {
+            wc_mldsa_extract_coeffs_eta2_avx2(p, DILITHIUM_GEN_S_BLOCK_BYTES,
+                sa[k][0] + ctr0, &ctr0);
+        }
+        p += DILITHIUM_GEN_S_BLOCK_BYTES;
+        if (ctr1 < MLDSA_N) {
+            wc_mldsa_extract_coeffs_eta2_avx2(p, DILITHIUM_GEN_S_BLOCK_BYTES,
+                sa[k][1] + ctr1, &ctr1);
+        }
+        p += DILITHIUM_GEN_S_BLOCK_BYTES;
+        if (ctr2 < MLDSA_N) {
+            wc_mldsa_extract_coeffs_eta2_avx2(p, DILITHIUM_GEN_S_BLOCK_BYTES,
+                sa[k][2] + ctr2, &ctr2);
+        }
+
+        if ((ctr0 < MLDSA_N) || (ctr1 < MLDSA_N) || (ctr2 < MLDSA_N)) {
+            sha3_blocksx4_avx2(state);
+            wc_mldsa_redistribute_17_rand_avx2(state,
+                rand + 0 * DILITHIUM_GEN_S_BLOCK_BYTES,
+                rand + 1 * DILITHIUM_GEN_S_BLOCK_BYTES,
+                rand + 2 * DILITHIUM_GEN_S_BLOCK_BYTES,
+                rand + 3 * DILITHIUM_GEN_S_BLOCK_BYTES);
+        }
+    }
+    /* Create more blocks if too many rejected. */
+    while ((ctr0 < MLDSA_N) || (ctr1 < MLDSA_N) || (ctr2 < MLDSA_N));
+
+#ifdef WOLFSSL_SMALL_STACK
+    XFREE(rand, NULL, DYNAMIC_TYPE_TMP_BUFFER);
+    XFREE(state, NULL, DYNAMIC_TYPE_TMP_BUFFER);
+#endif
+
+    return 0;
+}
+#endif
+#endif
+
 /* Expand private seed into vectors s1 and s2.
  *
  * FIPS 204. 8.3: Algorithm 27 ExpandS(rho)
@@ -2701,7 +3968,7 @@ static int dilithium_rej_bound_poly(wc_Shake* shake256, byte* seed, sword32* s,
  * @return  0 on success.
  * @return  Negative on hash error.
  */
-static int dilithium_expand_s(wc_Shake* shake256, byte* priv_seed, byte eta,
+static int dilithium_expand_s_c(wc_Shake* shake256, byte* priv_seed, byte eta,
     sword32* s1, byte s1Len, sword32* s2, byte s2Len)
 {
     int ret = 0;
@@ -2735,9 +4002,317 @@ static int dilithium_expand_s(wc_Shake* shake256, byte* priv_seed, byte eta,
     return ret;
 }
 
+/* Expand private seed into vectors s1 and s2.
+ *
+ * @param [in, out] shake256   SHAKE-256 object.
+ * @param [in]      priv_seed  Private seed, rho, to expand.
+ * @param [in]      eta        Range specifier of each value.
+ * @param [out]     s1         First vector of polynomials.
+ * @param [in]      s1Len      Dimension of first vector.
+ * @param [out]     s2         Second vector of polynomials.
+ * @param [in]      s2Len      Dimension of second vector.
+ * @return  0 on success.
+ * @return  Negative on hash error.
+ */
+static int dilithium_expand_s(wc_Shake* shake256, byte* priv_seed, byte eta,
+    sword32* s1, byte s1Len, sword32* s2, byte s2Len)
+{
+    int ret = 0;
+
+#if defined(USE_INTEL_SPEEDUP) && !defined(WC_SHA3_NO_ASM)
+    #ifndef WOLFSSL_NO_ML_DSA_44
+    if ((s1Len == 4) && IS_INTEL_AVX2(cpuid_flags) &&
+        (SAVE_VECTOR_REGISTERS2() == 0))
+    {
+        sword32* s[2] = { s1, s2 };
+        ret = wc_mldsa_gen_s_4_4_avx2(s, priv_seed);
+        RESTORE_VECTOR_REGISTERS();
+    }
+    else
+    #endif
+    #ifndef WOLFSSL_NO_ML_DSA_65
+    if ((s1Len == 5) && IS_INTEL_AVX2(cpuid_flags) &&
+        (SAVE_VECTOR_REGISTERS2() == 0))
+    {
+        sword32* s[2] = { s1, s2 };
+        ret = wc_mldsa_gen_s_5_6_avx2(s, priv_seed);
+        RESTORE_VECTOR_REGISTERS();
+    }
+    else
+    #endif
+    #ifndef WOLFSSL_NO_ML_DSA_87
+    if ((s1Len == 7) && IS_INTEL_AVX2(cpuid_flags) &&
+        (SAVE_VECTOR_REGISTERS2() == 0))
+    {
+        sword32* s[2] = { s1, s2 };
+        ret = wc_mldsa_gen_s_7_8_avx2(s, priv_seed);
+        RESTORE_VECTOR_REGISTERS();
+    }
+    else
+    #endif
+#endif /* USE_INTEL_SPEEDUP && !WC_SHA3_NO_ASM */
+    {
+        ret = dilithium_expand_s_c(shake256, priv_seed, eta, s1, s1Len, s2,
+            s2Len);
+    }
+
+    return ret;
+}
 #endif /* !WOLFSSL_DILITHIUM_NO_MAKE_KEY */
 
 #ifndef WOLFSSL_DILITHIUM_NO_SIGN
+#if defined(USE_INTEL_SPEEDUP) && !defined(WC_SHA3_NO_ASM)
+#define SHA3_256_BYTES   (WC_SHA3_256_COUNT * 8)
+
+#ifndef WOLFSSL_NO_ML_DSA_44
+/* Deterministically generate a matrix (or transpose) of uniform integers mod q.
+ *
+ * Seed used with XOF to generate random bytes.
+ *
+ * @param  [out]  a           Vectos of uniform integers.
+ * @param  [in]   seed        Bytes to seed XOF generation.
+ * @return  0 on success.
+ * @return  MEMORY_E when dynamic memory allocation fails. Only possible when
+ * WOLFSSL_SMALL_STACK is defined.
+ */
+static int wc_mldsa_gen_y_4_avx2(sword32* y, byte* seed, word16 kappa)
+{
+    int l;
+#ifdef WOLFSSL_SMALL_STACK
+    byte *rand = NULL;
+    word64 *state = NULL;
+#else
+    byte rand[4 * DILITHIUM_MAX_V];
+    word64 state[25 * 4];
+#endif
+
+#ifdef WOLFSSL_SMALL_STACK
+    rand = (byte*)XMALLOC(4 * DILITHIUM_MAX_V, NULL,
+                          DYNAMIC_TYPE_TMP_BUFFER);
+    state = (word64*)XMALLOC(sizeof(word64) * 25 * 4, NULL,
+                          DYNAMIC_TYPE_TMP_BUFFER);
+    if ((rand == NULL) || (state == NULL)) {
+        XFREE(rand, NULL, DYNAMIC_TYPE_TMP_BUFFER);
+        XFREE(state, NULL, DYNAMIC_TYPE_TMP_BUFFER);
+        return MEMORY_E;
+    }
+#endif
+
+    for (l = 0; l < 4; l++) {
+        state[8*4 + l] = 0x1f0000 + (kappa + l);
+    }
+    sha3_256_blocksx4_seed_64_avx2(state, seed);
+    wc_mldsa_redistribute_17_rand_avx2(state,
+        rand + 0 * DILITHIUM_MAX_V,
+        rand + 1 * DILITHIUM_MAX_V,
+        rand + 2 * DILITHIUM_MAX_V,
+        rand + 3 * DILITHIUM_MAX_V);
+    for (l = 1; l < DILITHIUM_MAX_V_BLOCKS; l++) {
+        sha3_blocksx4_avx2(state);
+        wc_mldsa_redistribute_17_rand_avx2(state,
+            rand + 0 * DILITHIUM_MAX_V + l * SHA3_256_BYTES,
+            rand + 1 * DILITHIUM_MAX_V + l * SHA3_256_BYTES,
+            rand + 2 * DILITHIUM_MAX_V + l * SHA3_256_BYTES,
+            rand + 3 * DILITHIUM_MAX_V + l * SHA3_256_BYTES);
+    }
+    wc_mldsa_decode_gamma1_17_avx2(rand + 0 * DILITHIUM_MAX_V,
+        y + 0 * DILITHIUM_N);
+    wc_mldsa_decode_gamma1_17_avx2(rand + 1 * DILITHIUM_MAX_V,
+        y + 1 * DILITHIUM_N);
+    wc_mldsa_decode_gamma1_17_avx2(rand + 2 * DILITHIUM_MAX_V,
+        y + 2 * DILITHIUM_N);
+    wc_mldsa_decode_gamma1_17_avx2(rand + 3 * DILITHIUM_MAX_V,
+        y + 3 * DILITHIUM_N);
+
+#ifdef WOLFSSL_SMALL_STACK
+    XFREE(rand, NULL, DYNAMIC_TYPE_TMP_BUFFER);
+    XFREE(state, NULL, DYNAMIC_TYPE_TMP_BUFFER);
+#endif
+
+    return 0;
+}
+#endif
+
+#ifndef WOLFSSL_NO_ML_DSA_65
+/* Deterministically generate a matrix (or transpose) of uniform integers mod q.
+ *
+ * Seed used with XOF to generate random bytes.
+ *
+ * @param  [out]  a           Vectos of uniform integers.
+ * @param  [in]   seed        Bytes to seed XOF generation.
+ * @return  0 on success.
+ * @return  MEMORY_E when dynamic memory allocation fails. Only possible when
+ * WOLFSSL_SMALL_STACK is defined.
+ */
+static int wc_mldsa_gen_y_5_avx2(sword32* y, byte* seed, word16 kappa,
+    wc_Shake* shake256)
+{
+    int ret;
+    int l;
+#ifdef WOLFSSL_SMALL_STACK
+    byte *rand = NULL;
+    word64 *state = NULL;
+#else
+    byte rand[4 * DILITHIUM_MAX_V];
+    word64 state[25 * 4];
+#endif
+
+#ifdef WOLFSSL_SMALL_STACK
+    rand = (byte*)XMALLOC(4 * DILITHIUM_MAX_V, NULL,
+                          DYNAMIC_TYPE_TMP_BUFFER);
+    state = (word64*)XMALLOC(sizeof(word64) * 25 * 4, NULL,
+                          DYNAMIC_TYPE_TMP_BUFFER);
+    if ((rand == NULL) || (state == NULL)) {
+        XFREE(rand, NULL, DYNAMIC_TYPE_TMP_BUFFER);
+        XFREE(state, NULL, DYNAMIC_TYPE_TMP_BUFFER);
+        return MEMORY_E;
+    }
+#endif
+
+    /* Polynomials: 0-3 */
+    for (l = 0; l < 4; l++) {
+        state[8*4 + l] = 0x1f0000 + (kappa + l);
+    }
+    sha3_256_blocksx4_seed_64_avx2(state, seed);
+    wc_mldsa_redistribute_17_rand_avx2(state,
+        rand + 0 * DILITHIUM_MAX_V,
+        rand + 1 * DILITHIUM_MAX_V,
+        rand + 2 * DILITHIUM_MAX_V,
+        rand + 3 * DILITHIUM_MAX_V);
+    for (l = 1; l < DILITHIUM_MAX_V_BLOCKS; l++) {
+        sha3_blocksx4_avx2(state);
+        wc_mldsa_redistribute_17_rand_avx2(state,
+            rand + 0 * DILITHIUM_MAX_V + l * SHA3_256_BYTES,
+            rand + 1 * DILITHIUM_MAX_V + l * SHA3_256_BYTES,
+            rand + 2 * DILITHIUM_MAX_V + l * SHA3_256_BYTES,
+            rand + 3 * DILITHIUM_MAX_V + l * SHA3_256_BYTES);
+    }
+    wc_mldsa_decode_gamma1_19_avx2(rand + 0 * DILITHIUM_MAX_V,
+        y + 0 * DILITHIUM_N);
+    wc_mldsa_decode_gamma1_19_avx2(rand + 1 * DILITHIUM_MAX_V,
+        y + 1 * DILITHIUM_N);
+    wc_mldsa_decode_gamma1_19_avx2(rand + 2 * DILITHIUM_MAX_V,
+        y + 2 * DILITHIUM_N);
+    wc_mldsa_decode_gamma1_19_avx2(rand + 3 * DILITHIUM_MAX_V,
+        y + 3 * DILITHIUM_N);
+
+    kappa += 4;
+
+    seed[DILITHIUM_PRIV_RAND_SEED_SZ + 0] = (byte)kappa;
+    seed[DILITHIUM_PRIV_RAND_SEED_SZ + 1] = (byte)(kappa >> 8);
+    ret = dilithium_squeeze256(shake256, seed, DILITHIUM_Y_SEED_SZ, rand,
+        DILITHIUM_MAX_V_BLOCKS);
+    if (ret == 0) {
+        wc_mldsa_decode_gamma1_19_avx2(rand, y + 4 * DILITHIUM_N);
+    }
+
+#ifdef WOLFSSL_SMALL_STACK
+    XFREE(rand, NULL, DYNAMIC_TYPE_TMP_BUFFER);
+    XFREE(state, NULL, DYNAMIC_TYPE_TMP_BUFFER);
+#endif
+
+    return ret;
+}
+#endif
+
+#ifndef WOLFSSL_NO_ML_DSA_87
+/* Deterministically generate a matrix (or transpose) of uniform integers mod q.
+ *
+ * Seed used with XOF to generate random bytes.
+ *
+ * @param  [out]  a           Vectos of uniform integers.
+ * @param  [in]   seed        Bytes to seed XOF generation.
+ * @return  0 on success.
+ * @return  MEMORY_E when dynamic memory allocation fails. Only possible when
+ * WOLFSSL_SMALL_STACK is defined.
+ */
+static int wc_mldsa_gen_y_7_avx2(sword32* y, byte* seed, word16 kappa)
+{
+    int l;
+#ifdef WOLFSSL_SMALL_STACK
+    byte *rand = NULL;
+    word64 *state = NULL;
+#else
+    byte rand[4 * DILITHIUM_MAX_V];
+    word64 state[25 * 4];
+#endif
+
+#ifdef WOLFSSL_SMALL_STACK
+    rand = (byte*)XMALLOC(4 * DILITHIUM_MAX_V, NULL,
+                          DYNAMIC_TYPE_TMP_BUFFER);
+    state = (word64*)XMALLOC(sizeof(word64) * 25 * 4, NULL,
+                          DYNAMIC_TYPE_TMP_BUFFER);
+    if ((rand == NULL) || (state == NULL)) {
+        XFREE(rand, NULL, DYNAMIC_TYPE_TMP_BUFFER);
+        XFREE(state, NULL, DYNAMIC_TYPE_TMP_BUFFER);
+        return MEMORY_E;
+    }
+#endif
+
+    /* Polynomials: 0-3 */
+    for (l = 0; l < 4; l++) {
+        state[8*4 + l] = 0x1f0000 + (kappa + l);
+    }
+    sha3_256_blocksx4_seed_64_avx2(state, seed);
+    wc_mldsa_redistribute_17_rand_avx2(state,
+        rand + 0 * DILITHIUM_MAX_V,
+        rand + 1 * DILITHIUM_MAX_V,
+        rand + 2 * DILITHIUM_MAX_V,
+        rand + 3 * DILITHIUM_MAX_V);
+    for (l = 1; l < DILITHIUM_MAX_V_BLOCKS; l++) {
+        sha3_blocksx4_avx2(state);
+        wc_mldsa_redistribute_17_rand_avx2(state,
+            rand + 0 * DILITHIUM_MAX_V + l * SHA3_256_BYTES,
+            rand + 1 * DILITHIUM_MAX_V + l * SHA3_256_BYTES,
+            rand + 2 * DILITHIUM_MAX_V + l * SHA3_256_BYTES,
+            rand + 3 * DILITHIUM_MAX_V + l * SHA3_256_BYTES);
+    }
+    wc_mldsa_decode_gamma1_19_avx2(rand + 0 * DILITHIUM_MAX_V,
+        y + 0 * DILITHIUM_N);
+    wc_mldsa_decode_gamma1_19_avx2(rand + 1 * DILITHIUM_MAX_V,
+        y + 1 * DILITHIUM_N);
+    wc_mldsa_decode_gamma1_19_avx2(rand + 2 * DILITHIUM_MAX_V,
+        y + 2 * DILITHIUM_N);
+    wc_mldsa_decode_gamma1_19_avx2(rand + 3 * DILITHIUM_MAX_V,
+        y + 3 * DILITHIUM_N);
+
+    kappa += 4;
+
+    /* Polynomials: 4-7 */
+    for (l = 0; l < 3; l++) {
+        state[8*4 + l] = 0x1f0000 + (kappa + l);
+    }
+    sha3_256_blocksx4_seed_64_avx2(state, seed);
+    wc_mldsa_redistribute_17_rand_avx2(state,
+        rand + 0 * DILITHIUM_MAX_V,
+        rand + 1 * DILITHIUM_MAX_V,
+        rand + 2 * DILITHIUM_MAX_V,
+        rand + 3 * DILITHIUM_MAX_V);
+    for (l = 1; l < DILITHIUM_MAX_V_BLOCKS; l++) {
+        sha3_blocksx4_avx2(state);
+        wc_mldsa_redistribute_17_rand_avx2(state,
+            rand + 0 * DILITHIUM_MAX_V + l * SHA3_256_BYTES,
+            rand + 1 * DILITHIUM_MAX_V + l * SHA3_256_BYTES,
+            rand + 2 * DILITHIUM_MAX_V + l * SHA3_256_BYTES,
+            rand + 3 * DILITHIUM_MAX_V + l * SHA3_256_BYTES);
+    }
+    wc_mldsa_decode_gamma1_19_avx2(rand + 0 * DILITHIUM_MAX_V,
+        y + 4 * DILITHIUM_N);
+    wc_mldsa_decode_gamma1_19_avx2(rand + 1 * DILITHIUM_MAX_V,
+        y + 5 * DILITHIUM_N);
+    wc_mldsa_decode_gamma1_19_avx2(rand + 2 * DILITHIUM_MAX_V,
+        y + 6 * DILITHIUM_N);
+
+#ifdef WOLFSSL_SMALL_STACK
+    XFREE(rand, NULL, DYNAMIC_TYPE_TMP_BUFFER);
+    XFREE(state, NULL, DYNAMIC_TYPE_TMP_BUFFER);
+#endif
+
+    return 0;
+}
+#endif
+#endif
+
 /* Expand the private random seed into vector y.
  *
  * FIPS 204. 8.3: Algorithm 28 ExpandMask(rho, mu)
@@ -2760,7 +4335,7 @@ static int dilithium_expand_s(wc_Shake* shake256, byte* priv_seed, byte eta,
  * @return  0 on success.
  * @return  Negative on hash error.
  */
-static int dilithium_vec_expand_mask(wc_Shake* shake256, byte* seed,
+static int dilithium_vec_expand_mask_c(wc_Shake* shake256, byte* seed,
     word16 kappa, byte gamma1_bits, sword32* y, byte l)
 {
     int ret = 0;
@@ -2787,10 +4362,56 @@ static int dilithium_vec_expand_mask(wc_Shake* shake256, byte* seed,
 
     return ret;
 }
+
+/* Expand the private random seed into vector y.
+ *
+ * @param [in, out] shake256     SHAKE-256 object.
+ * @param [in, out] seed         Buffer containing seed to expand.
+ *                               Has space for two bytes to be appended.
+ * @param [in]      kappa        Base value to append to seed.
+ * @param [in]      gamma1_bits  Number of bits per value.
+ * @param [out]     y            Vector of polynomials.
+ * @param [in]      l            Dimension of vector.
+ * @return  0 on success.
+ * @return  Negative on hash error.
+ */
+static int dilithium_vec_expand_mask(wc_Shake* shake256, byte* seed,
+    word16 kappa, byte gamma1_bits, sword32* y, byte l)
+{
+    int ret = 0;
+
+#if defined(USE_INTEL_SPEEDUP) && !defined(WC_SHA3_NO_ASM)
+    if (IS_INTEL_AVX2(cpuid_flags) && IS_INTEL_BMI2(cpuid_flags) &&
+            (SAVE_VECTOR_REGISTERS2() == 0)) {
+    #ifndef WOLFSSL_NO_ML_DSA_44
+        if (l == 4) {
+            ret = wc_mldsa_gen_y_4_avx2(y, seed, kappa);
+        }
+    #endif
+    #ifndef WOLFSSL_NO_ML_DSA_65
+        if (l == 5) {
+            ret = wc_mldsa_gen_y_5_avx2(y, seed, kappa, shake256);
+        }
+    #endif
+    #ifndef WOLFSSL_NO_ML_DSA_87
+        if (l == 7) {
+            ret = wc_mldsa_gen_y_7_avx2(y, seed, kappa);
+        }
+    #endif
+        RESTORE_VECTOR_REGISTERS();
+    }
+    else
+#endif
+    {
+        ret = dilithium_vec_expand_mask_c(shake256, seed, kappa, gamma1_bits, y,
+            l);
+    }
+
+    return ret;
+}
 #endif
 
 #if !defined(WOLFSSL_DILITHIUM_NO_SIGN) || !defined(WOLFSSL_DILITHIUM_NO_VERIFY)
-
 /* Expand commit to a polynomial.
  *
  * FIPS 204. 8.3: Algorithm 23 SampleInBall(rho)
@@ -2819,6 +4440,7 @@ static int dilithium_vec_expand_mask(wc_Shake* shake256, byte* seed,
 static int dilithium_sample_in_ball_ex(int level, wc_Shake* shake256,
    const byte* seed, word32 seedLen, byte tau, sword32* c, byte* block)
 {
+#ifndef USE_INTEL_SPEEDUP
     int ret = 0;
     byte signs[DILITHIUM_SIGN_BYTES];
     unsigned int i;
@@ -2827,23 +4449,21 @@ static int dilithium_sample_in_ball_ex(int level, wc_Shake* shake256,
     /* Step 2: First 8 bytes are used for sign. */
     unsigned int k = DILITHIUM_SIGN_BYTES;
 
-    if (ret == 0) {
-        /* Set polynomial to all zeros. */
-        XMEMSET(c, 0, DILITHIUM_POLY_SIZE);
+    /* Set polynomial to all zeros. */
+    XMEMSET(c, 0, DILITHIUM_POLY_SIZE);
 
-        /* Generate a block of data from seed. */
+    /* Generate a block of data from seed. */
 #ifdef WOLFSSL_DILITHIUM_FIPS204_DRAFT
-        if (level >= WC_ML_DSA_DRAFT) {
-            ret = dilithium_shake256(shake256, seed, DILITHIUM_SEED_SZ, block,
-                DILITHIUM_GEN_C_BLOCK_BYTES);
-        }
-        else
+    if (level >= WC_ML_DSA_DRAFT) {
+        ret = dilithium_shake256(shake256, seed, DILITHIUM_SEED_SZ, block,
+            DILITHIUM_GEN_C_BLOCK_BYTES);
+    }
+    else
 #endif
-        {
-            (void)level;
-            ret = dilithium_shake256(shake256, seed, seedLen, block,
-                DILITHIUM_GEN_C_BLOCK_BYTES);
-        }
+    {
+        (void)level;
+        ret = dilithium_shake256(shake256, seed, seedLen, block,
+            DILITHIUM_GEN_C_BLOCK_BYTES);
     }
     if (ret == 0) {
         /* Copy first 8 bytes of first hash block as random sign bits. */
@@ -2858,6 +4478,7 @@ static int dilithium_sample_in_ball_ex(int level, wc_Shake* shake256,
             if (k == DILITHIUM_GEN_C_BLOCK_BYTES) {
                 /* Generate a new block. */
                 ret = wc_Shake256_SqueezeBlocks(shake256, block, 1);
+
                 /* Restart hash block index. */
                 k = 0;
             }
@@ -2878,6 +4499,83 @@ static int dilithium_sample_in_ball_ex(int level, wc_Shake* shake256,
     }
 
     return ret;
+#else
+    int ret = 0;
+    /* SHA-3 state. */
+    word64* state = shake256->s;
+    word64 signs;
+    unsigned int i;
+    /* Step 2: First 8 bytes are used for sign. */
+    unsigned int k = DILITHIUM_SIGN_BYTES;
+
+    block = (byte*)state;
+
+    /* Set polynomial to all zeros. */
+    XMEMSET(c, 0, DILITHIUM_POLY_SIZE);
+
+    /* Generate a block of data from seed. */
+#ifdef WOLFSSL_DILITHIUM_FIPS204_DRAFT
+    if (level >= WC_ML_DSA_DRAFT) {
+        ret = dilithium_shake256(shake256, seed, DILITHIUM_SEED_SZ, block,
+            DILITHIUM_GEN_C_BLOCK_BYTES);
+    }
+    else
+#endif
+    {
+        (void)level;
+        ret = dilithium_shake256(shake256, seed, seedLen, block,
+            DILITHIUM_GEN_C_BLOCK_BYTES);
+    }
+    if (ret == 0) {
+        /* Step 1: Initialize sign bit index. */
+        /* Copy first 8 bytes of first hash block as random sign bits. */
+        signs = *(word64*)block;
+
+        /* Step 3: Put in TAU +/- 1s. */
+        for (i = DILITHIUM_N - tau; i < DILITHIUM_N; i++) {
+            unsigned int j;
+            do {
+                /* Check whether block is exhausted. */
+                if (k == DILITHIUM_GEN_C_BLOCK_BYTES) {
+                    /* Generate a new block. */
+#ifndef WC_SHA3_NO_ASM
+                    if (IS_INTEL_AVX2(cpuid_flags) &&
+                             (SAVE_VECTOR_REGISTERS2() == 0)) {
+                        sha3_block_avx2(state);
+                        RESTORE_VECTOR_REGISTERS();
+                    }
+                    else if (IS_INTEL_BMI2(cpuid_flags)) {
+                        sha3_block_bmi2(state);
+                    }
+                    else
+#endif
+                    {
+                        BlockSha3(state);
+                    }
+
+                    /* Restart hash block index. */
+                    k = 0;
+                }
+                /* Step 7: Get random byte from block as index.
+                 * Step 5 and 10: Increment hash block index.
+                 */
+                j = block[k++];
+            }
+            /* Step 4: Get another random if random index is a future swap
+             * index. */
+            while (j > i);
+
+            /* Step 8: Move value from random index to current index. */
+            c[i] = c[j];
+            /* Step 9: Set value at random index to +/- 1. */
+            c[j] = (sword32)1 - (sword32)((sword32)(signs & 0x1) << 1);
+            /* Next sign bit index. */
+            signs >>= 1;
+        }
+    }
+
+    return ret;
+#endif
 }
 
 #if (!defined(WOLFSSL_DILITHIUM_NO_SIGN) && \
@@ -3058,18 +4756,16 @@ static void dilithium_decompose_q32(sword32 r, sword32* r0, sword32* r1)
  * @param [out] r0      Low parts in vector of polynomials.
  * @param [out] r1      High parts in vector of polynomials.
  */
-static void dilithium_vec_decompose(const sword32* r, byte k, sword32 gamma2,
+static void dilithium_vec_decompose_c(const sword32* r, byte k, sword32 gamma2,
     sword32* r0, sword32* r1)
 {
     unsigned int i;
     unsigned int j;
 
-    (void)k;
-
 #ifndef WOLFSSL_NO_ML_DSA_44
     if (gamma2 == DILITHIUM_Q_LOW_88) {
         /* For each polynomial of vector. */
-        for (i = 0; i < PARAMS_ML_DSA_44_K; i++) {
+        for (i = 0; i < k; i++) {
             /* For each value of polynomial. */
             for (j = 0; j < DILITHIUM_N; j++) {
                 /* Decompose value into two vectors. */
@@ -3081,7 +4777,6 @@ static void dilithium_vec_decompose(const sword32* r, byte k, sword32 gamma2,
             r1 += DILITHIUM_N;
         }
     }
-    else
 #endif
 #if !defined(WOLFSSL_NO_ML_DSA_65) || !defined(WOLFSSL_NO_ML_DSA_87)
     if (gamma2 == DILITHIUM_Q_LOW_32) {
@@ -3098,9 +4793,38 @@ static void dilithium_vec_decompose(const sword32* r, byte k, sword32 gamma2,
             r1 += DILITHIUM_N;
         }
     }
+#endif
+}
+
+/* Decompose vector of polynomials into high and low based on GAMMA2.
+ *
+ * @param [in]  r       Vector of polynomials to decompose.
+ * @param [in]  k       Dimension of vector.
+ * @param [in]  gamma2  Low-order rounding range, GAMMA2.
+ * @param [out] r0      Low parts in vector of polynomials.
+ * @param [out] r1      High parts in vector of polynomials.
+ */
+static void dilithium_vec_decompose(const sword32* r, byte k, sword32 gamma2,
+    sword32* r0, sword32* r1)
+{
+#ifdef USE_INTEL_SPEEDUP
+    if (IS_INTEL_AVX2(cpuid_flags) && (SAVE_VECTOR_REGISTERS2() == 0)) {
+    #ifndef WOLFSSL_NO_ML_DSA_44
+        if (gamma2 == DILITHIUM_Q_LOW_88) {
+            wc_mldsa_decompose_q88_avx2(r, r0, r1);
+        }
+    #endif
+    #if !defined(WOLFSSL_NO_ML_DSA_65) || !defined(WOLFSSL_NO_ML_DSA_87)
+        if (gamma2 == DILITHIUM_Q_LOW_32) {
+            wc_mldsa_decompose_q32_avx2(r, k, r0, r1);
+        }
+    #endif
+        RESTORE_VECTOR_REGISTERS();
+    }
     else
 #endif
     {
+        dilithium_vec_decompose_c(r, k, gamma2, r0, r1);
     }
 }
 #endif
@@ -3152,7 +4876,7 @@ static int dilithium_check_low(const sword32* a, sword32 hi)
  * @param [in] l   Dimension of vector.
  * @param [in] hi  Largest value in range.
  */
-static int dilithium_vec_check_low(const sword32* a, byte l, sword32 hi)
+static int dilithium_vec_check_low_c(const sword32* a, byte l, sword32 hi)
 {
     int ret = 1;
     unsigned int i;
@@ -3170,6 +4894,29 @@ static int dilithium_vec_check_low(const sword32* a, byte l, sword32 hi)
     return ret;
 }
 #endif
+
+/* Check that the values of the vector are in range.
+ *
+ * @param [in] a   Vector of polynomials.
+ * @param [in] l   Dimension of vector.
+ * @param [in] hi  Largest value in range.
+ */
+static int dilithium_vec_check_low(const sword32* a, byte l, sword32 hi)
+{
+    int ret;
+#ifdef USE_INTEL_SPEEDUP
+    if (IS_INTEL_AVX2(cpuid_flags) && (SAVE_VECTOR_REGISTERS2() == 0)) {
+        ret = wc_mldsa_vec_check_low_avx2(a, l, hi);
+        RESTORE_VECTOR_REGISTERS();
+    }
+    else
+#endif
+    {
+        ret = dilithium_vec_check_low_c(a, l, hi);
+    }
+
+    return ret;
+}
 #endif
 
 /******************************************************************************
@@ -3535,7 +5282,7 @@ static void dilithium_use_hint_88(sword32* w1, const byte* h, unsigned int i,
         dilithium_decompose_q88(r, &r0, &r1);
         /* Check for hint. */
         if ((o < h[PARAMS_ML_DSA_44_OMEGA + i]) && (h[o] == (byte)j)) {
-            /* Add or subtrac hint based on sign of r0. */
+            /* Add or subtract hint based on sign of r0. */
             r1 += 1 - (2 * (((word32)r0) >> 31));
             /* Go to next hint offset. */
             o++;
@@ -3643,26 +5390,40 @@ static void dilithium_vec_use_hint(sword32* w1, byte k, sword32 gamma2,
 
 #ifndef WOLFSSL_NO_ML_DSA_44
     if (gamma2 == DILITHIUM_Q_LOW_88) {
-        /* For each polynomial of vector. */
-        for (i = 0; i < PARAMS_ML_DSA_44_K; i++) {
-            dilithium_use_hint_88(w1, h, i, &o);
-            w1 += DILITHIUM_N;
+    #ifdef USE_INTEL_SPEEDUP
+        if (IS_INTEL_AVX2(cpuid_flags) && (SAVE_VECTOR_REGISTERS2() == 0)) {
+            wc_mldsa_use_hint_88_avx2(w1, h);
+            RESTORE_VECTOR_REGISTERS();
+        }
+        else
+    #endif
+        {
+            /* For each polynomial of vector. */
+            for (i = 0; i < PARAMS_ML_DSA_44_K; i++) {
+                dilithium_use_hint_88(w1, h, i, &o);
+                w1 += DILITHIUM_N;
+            }
         }
     }
-    else
 #endif
 #if !defined(WOLFSSL_NO_ML_DSA_65) || !defined(WOLFSSL_NO_ML_DSA_87)
     if (gamma2 == DILITHIUM_Q_LOW_32) {
-        /* For each polynomial of vector. */
-        for (i = 0; i < k; i++) {
-            dilithium_use_hint_32(w1, h, omega, i, &o);
-            w1 += DILITHIUM_N;
+    #ifdef USE_INTEL_SPEEDUP
+        if (IS_INTEL_AVX2(cpuid_flags) && (SAVE_VECTOR_REGISTERS2() == 0)) {
+            wc_mldsa_use_hint_32_avx2(w1, k, h);
+            RESTORE_VECTOR_REGISTERS();
+        }
+        else
+    #endif
+        {
+            /* For each polynomial of vector. */
+            for (i = 0; i < k; i++) {
+                dilithium_use_hint_32(w1, h, omega, i, &o);
+                w1 += DILITHIUM_N;
+            }
         }
     }
-    else
 #endif
-    {
-    }
 }
 #endif
 #endif /* !WOLFSSL_DILITHIUM_NO_VERIFY */
@@ -3697,6 +5458,8 @@ static sword32 dilithium_mont_red(sword64 a)
 #if !defined(WOLFSSL_DILITHIUM_SMALL) || !defined(WOLFSSL_DILITHIUM_NO_SIGN)
 
 /* Reduce 32-bit a modulo q. r = a mod q.
+ *
+ * Barrett reduction.
  *
  * @param  [in]  a  32-bit value to be reduced to range of q.
  * @return  Modulo result.
@@ -3814,7 +5577,7 @@ while (0)
  *
  * @param [in, out] r  Polynomial to transform.
  */
-static void dilithium_ntt(sword32* r)
+static void dilithium_ntt_c(sword32* r)
 {
 #ifdef WOLFSSL_DILITHIUM_SMALL
     unsigned int len;
@@ -4180,11 +5943,57 @@ static void dilithium_ntt(sword32* r)
 #endif
 }
 
+#if !defined(WOLFSSL_DILITHIUM_NO_SIGN) || \
+     defined(WC_DILITHIUM_CACHE_PRIV_VECTORS)
+/* Number-Theoretic Transform.
+ *
+ * @param [in, out] r  Polynomial to transform.
+ */
+static void dilithium_ntt(sword32* r)
+{
+#ifdef USE_INTEL_SPEEDUP
+    if (IS_INTEL_AVX2(cpuid_flags) && (SAVE_VECTOR_REGISTERS2() == 0)) {
+        wc_mldsa_ntt_avx2(r);
+        RESTORE_VECTOR_REGISTERS();
+    }
+    else
+#endif
+    {
+        dilithium_ntt_c(r);
+    }
+}
+#endif
+
 #if !defined(WOLFSSL_DILITHIUM_NO_VERIFY) || \
-     defined(WOLFSSL_DILITHIUM_CHECK_KEY) || \
     (!defined(WOLFSSL_DILITHIUM_NO_SIGN) && \
-     (defined(WC_DILITHIUM_CACHE_PRIV_VECTORS) || \
-      !defined(WOLFSSL_DILITHIUM_SIGN_SMALL_MEM)))
+     (!defined(WOLFSSL_DILITHIUM_SIGN_SMALL_MEM) || \
+      defined(WOLFSSL_DILITHIUM_SIGN_SMALL_MEM_PRECALC))) || \
+    (defined(WOLFSSL_DILITHIUM_SMALL) && \
+     (!defined(WOLFSSL_DILITHIUM_NO_MAKE_KEY) || \
+      defined(WOLFSSL_DILITHIUM_CHECK_KEY)))
+/* Number-Theoretic Transform.
+ *
+ * @param [in, out] r  Polynomial to transform.
+ */
+static void dilithium_ntt_full(sword32* r)
+{
+#ifdef USE_INTEL_SPEEDUP
+    if (IS_INTEL_AVX2(cpuid_flags) && (SAVE_VECTOR_REGISTERS2() == 0)) {
+        wc_mldsa_ntt_full_avx2(r);
+        RESTORE_VECTOR_REGISTERS();
+    }
+    else
+#endif
+    {
+        dilithium_ntt_c(r);
+    }
+}
+#endif
+
+#if !defined(WOLFSSL_DILITHIUM_NO_SIGN) && \
+    (!defined(WOLFSSL_DILITHIUM_SIGN_SMALL_MEM) || \
+     defined(WOLFSSL_DILITHIUM_SIGN_SMALL_MEM_PRECALC) || \
+     defined(WC_DILITHIUM_CACHE_PRIV_VECTORS))
 /* Number-Theoretic Transform.
  *
  * @param [in, out]  r  Vector of polynomials to transform.
@@ -4202,13 +6011,39 @@ static void dilithium_vec_ntt(sword32* r, byte l)
 #endif
 #endif
 
+#if (!defined(WOLFSSL_DILITHIUM_NO_VERIFY) || \
+     (!defined(WOLFSSL_DILITHIUM_NO_SIGN) && \
+      (!defined(WOLFSSL_DILITHIUM_SIGN_SMALL_MEM) || \
+       defined(WOLFSSL_DILITHIUM_SIGN_SMALL_MEM_PRECALC)))) || \
+    (defined(WOLFSSL_DILITHIUM_SMALL) && \
+     (!defined(WOLFSSL_DILITHIUM_NO_MAKE_KEY) || \
+      defined(WOLFSSL_DILITHIUM_CHECK_KEY)))
+/* Number-Theoretic Transform.
+ *
+ * @param [in, out]  r  Vector of polynomials to transform.
+ * @param [in]       l  Dimension of polynomial.
+ */
+static void dilithium_vec_ntt_full(sword32* r, byte l)
+{
+    unsigned int i;
+
+    for (i = 0; i < l; i++) {
+        dilithium_ntt_full(r);
+        r += DILITHIUM_N;
+    }
+}
+#endif
+
 #ifndef WOLFSSL_DILITHIUM_SMALL
 
+/* Zeta index value 1 not in montgomery form. */
+#define DILITHIUM_NTT_ZETA_1    ((sword32)-3572223)
+
 /* Number-Theoretic Transform with small initial values.
  *
  * @param [in, out] r  Polynomial to transform.
  */
-static void dilithium_ntt_small(sword32* r)
+static void dilithium_ntt_small_c(sword32* r)
 {
     unsigned int k;
     unsigned int j;
@@ -4217,7 +6052,8 @@ static void dilithium_ntt_small(sword32* r)
     sword32 zeta;
 
     for (j = 0; j < DILITHIUM_N / 2; ++j) {
-        sword32 t = dilithium_red((sword32)-3572223 * r[j + DILITHIUM_N / 2]);
+        sword32 t = dilithium_red(DILITHIUM_NTT_ZETA_1 *
+                                  r[j + DILITHIUM_N / 2]);
         sword32 rj = r[j];
         r[j + DILITHIUM_N / 2] = rj - t;
         r[j] = rj + t;
@@ -4249,8 +6085,8 @@ static void dilithium_ntt_small(sword32* r)
         sword32 r4 = r[j + 128];
         sword32 r6 = r[j + 192];
 
-        t0 = dilithium_red((sword32)-3572223 * r4);
-        t2 = dilithium_red((sword32)-3572223 * r6);
+        t0 = dilithium_red(DILITHIUM_NTT_ZETA_1 * r4);
+        t2 = dilithium_red(DILITHIUM_NTT_ZETA_1 * r6);
         r4 = r0 - t0;
         r6 = r2 - t2;
         r0 += t0;
@@ -4377,10 +6213,10 @@ static void dilithium_ntt_small(sword32* r)
         sword32 r6 = r[j + 192];
         sword32 r7 = r[j + 224];
 
-        t0 = dilithium_red((sword32)-3572223 * r4);
-        t1 = dilithium_red((sword32)-3572223 * r5);
-        t2 = dilithium_red((sword32)-3572223 * r6);
-        t3 = dilithium_red((sword32)-3572223 * r7);
+        t0 = dilithium_red(DILITHIUM_NTT_ZETA_1 * r4);
+        t1 = dilithium_red(DILITHIUM_NTT_ZETA_1 * r5);
+        t2 = dilithium_red(DILITHIUM_NTT_ZETA_1 * r6);
+        t3 = dilithium_red(DILITHIUM_NTT_ZETA_1 * r7);
         r4 = r0 - t0;
         r5 = r1 - t1;
         r6 = r2 - t2;
@@ -4547,11 +6383,53 @@ static void dilithium_ntt_small(sword32* r)
 #endif
 }
 
+#if !defined(WOLFSSL_DILITHIUM_NO_SIGN) || \
+     defined(WC_DILITHIUM_CACHE_PRIV_VECTORS)
+/* Number-Theoretic Transform.
+ *
+ * @param [in, out] r  Polynomial to transform.
+ */
+static void dilithium_ntt_small(sword32* r)
+{
+#ifdef USE_INTEL_SPEEDUP
+    if (IS_INTEL_AVX2(cpuid_flags) && (SAVE_VECTOR_REGISTERS2() == 0)) {
+        wc_mldsa_ntt_avx2(r);
+        RESTORE_VECTOR_REGISTERS();
+    }
+    else
+#endif
+    {
+        dilithium_ntt_small_c(r);
+    }
+}
+#endif
+
 #if !defined(WOLFSSL_DILITHIUM_NO_MAKE_KEY) || \
-     defined(WOLFSSL_DILITHIUM_CHECK_KEY) || \
-    (!defined(WOLFSSL_DILITHIUM_NO_SIGN) && \
-     (defined(WC_DILITHIUM_CACHE_PRIV_VECTORS) || \
-      !defined(WOLFSSL_DILITHIUM_SIGN_SMALL_MEM)))
+    !defined(WOLFSSL_DILITHIUM_NO_VERIFY) || \
+     defined(WOLFSSL_DILITHIUM_CHECK_KEY)
+/* Number-Theoretic Transform.
+ *
+ * @param [in, out] r  Polynomial to transform.
+ */
+static void dilithium_ntt_small_full(sword32* r)
+{
+#ifdef USE_INTEL_SPEEDUP
+    if (IS_INTEL_AVX2(cpuid_flags) && (SAVE_VECTOR_REGISTERS2() == 0)) {
+        wc_mldsa_ntt_full_avx2(r);
+        RESTORE_VECTOR_REGISTERS();
+    }
+    else
+#endif
+    {
+        dilithium_ntt_small_c(r);
+    }
+}
+#endif
+
+#if !defined(WOLFSSL_DILITHIUM_NO_SIGN) && \
+    (!defined(WOLFSSL_DILITHIUM_SIGN_SMALL_MEM) || \
+     defined(WOLFSSL_DILITHIUM_SIGN_SMALL_MEM_PRECALC) || \
+     defined(WC_DILITHIUM_CACHE_PRIV_VECTORS))
 /* Number-Theoretic Transform with small initial values.
  *
  * @param [in, out]  r  Vector of polynomials to transform.
@@ -4566,7 +6444,25 @@ static void dilithium_vec_ntt_small(sword32* r, byte l)
         r += DILITHIUM_N;
     }
 }
-#endif /* !WOLFSSL_DILITHIUM_VERIFY_ONLY */
+#endif
+
+#if !defined(WOLFSSL_DILITHIUM_NO_MAKE_KEY) || \
+     defined(WOLFSSL_DILITHIUM_CHECK_KEY)
+/* Number-Theoretic Transform with small initial values.
+ *
+ * @param [in, out]  r  Vector of polynomials to transform.
+ * @param [in]       l  Dimension of polynomial.
+ */
+static void dilithium_vec_ntt_small_full(sword32* r, byte l)
+{
+    unsigned int i;
+
+    for (i = 0; i < l; i++) {
+        dilithium_ntt_small_full(r);
+        r += DILITHIUM_N;
+    }
+}
+#endif
 
 #else
 
@@ -4575,12 +6471,24 @@ static void dilithium_vec_ntt_small(sword32* r, byte l)
  * @param [in, out] r  Polynomial to transform.
  */
 #define dilithium_ntt_small          dilithium_ntt
+/* Number-Theoretic Transform with small initial values.
+ *
+ * @param [in, out] r  Polynomial to transform.
+ */
+#define dilithium_ntt_small_full     dilithium_ntt_full
 /* Number-Theoretic Transform with small initial values.
  *
  * @param [in, out]  r  Vector of polynomials to transform.
  * @param [in]       l  Dimension of polynomial.
  */
 #define dilithium_vec_ntt_small      dilithium_vec_ntt
+/* Number-Theoretic Transform with small initial values.
+ *
+ * @param [in, out]  r  Vector of polynomials to transform.
+ * @param [in]       l  Dimension of polynomial.
+ */
+#define dilithium_vec_ntt_small_full dilithium_vec_ntt_full
+
 
 #endif /* WOLFSSL_DILITHIUM_SMALL */
 
@@ -4609,7 +6517,7 @@ while (0)
  *
  * @param [in, out] r  Polynomial to transform.
  */
-static void dilithium_invntt(sword32* r)
+static void dilithium_invntt_c(sword32* r)
 {
 #ifdef WOLFSSL_DILITHIUM_SMALL
     unsigned int len;
@@ -5003,6 +6911,43 @@ static void dilithium_invntt(sword32* r)
 #endif
 }
 
+#if !defined(WOLFSSL_DILITHIUM_NO_SIGN)
+/* Inverse Number-Theoretic Transform.
+ *
+ * @param [in, out] r  Polynomial to transform.
+ */
+static void dilithium_invntt(sword32* r)
+{
+#ifdef USE_INTEL_SPEEDUP
+    if (IS_INTEL_AVX2(cpuid_flags) && (SAVE_VECTOR_REGISTERS2() == 0)) {
+        wc_mldsa_invntt_avx2(r);
+        RESTORE_VECTOR_REGISTERS();
+    }
+    else
+#endif
+    {
+        dilithium_invntt_c(r);
+    }
+}
+#endif
+
+/* Inverse Number-Theoretic Transform.
+ *
+ * @param [in, out] r  Polynomial to transform.
+ */
+static void dilithium_invntt_full(sword32* r)
+{
+#ifdef USE_INTEL_SPEEDUP
+    if (IS_INTEL_AVX2(cpuid_flags) && (SAVE_VECTOR_REGISTERS2() == 0)) {
+        wc_mldsa_invntt_full_avx2(r);
+        RESTORE_VECTOR_REGISTERS();
+    }
+    else
+#endif
+    {
+        dilithium_invntt_c(r);
+    }
+}
 
 #if !defined(WOLFSSL_DILITHIUM_NO_MAKE_KEY) || \
      defined(WOLFSSL_DILITHIUM_CHECK_KEY) || \
@@ -5015,12 +6960,12 @@ static void dilithium_invntt(sword32* r)
  * @param [in, out]  r  Vector of polynomials to transform.
  * @param [in]       l  Dimension of polynomial.
  */
-static void dilithium_vec_invntt(sword32* r, byte l)
+static void dilithium_vec_invntt_full(sword32* r, byte l)
 {
     unsigned int i;
 
     for (i = 0; i < l; i++) {
-        dilithium_invntt(r);
+        dilithium_invntt_full(r);
         r += DILITHIUM_N;
     }
 }
@@ -5040,8 +6985,8 @@ static void dilithium_vec_invntt(sword32* r, byte l)
  * @param [in]  k  First dimension of matrix and dimension of result.
  * @param [in]  l  Second dimension of matrix and dimension of v.
  */
-static void dilithium_matrix_mul(sword32* r, const sword32* m, const sword32* v,
-     byte k, byte l)
+static void dilithium_matrix_mul_c(sword32* r, const sword32* m,
+    const sword32* v, byte k, byte l)
 {
     byte i;
 
@@ -5075,7 +7020,7 @@ static void dilithium_matrix_mul(sword32* r, const sword32* m, const sword32* v,
             }
             m += DILITHIUM_N * 4;
         }
-        else if (l == 5) {
+        if (l == 5) {
             for (e = 0; e < DILITHIUM_N; e++) {
                 sword64 t = ((sword64)m[e + 0 * 256] * vt[e + 0 * 256]) +
                             ((sword64)m[e + 1 * 256] * vt[e + 1 * 256]) +
@@ -5086,7 +7031,7 @@ static void dilithium_matrix_mul(sword32* r, const sword32* m, const sword32* v,
             }
             m += DILITHIUM_N * 5;
         }
-        else if (l == 7) {
+        if (l == 7) {
             for (e = 0; e < DILITHIUM_N; e++) {
                 sword64 t = ((sword64)m[e + 0 * 256] * vt[e + 0 * 256]) +
                             ((sword64)m[e + 1 * 256] * vt[e + 1 * 256]) +
@@ -5134,7 +7079,6 @@ static void dilithium_matrix_mul(sword32* r, const sword32* m, const sword32* v,
             }
             m += DILITHIUM_N * 4;
         }
-        else
 #endif
 #ifndef WOLFSSL_NO_ML_DSA_65
         if (l == 5) {
@@ -5166,7 +7110,6 @@ static void dilithium_matrix_mul(sword32* r, const sword32* m, const sword32* v,
             }
             m += DILITHIUM_N * 5;
         }
-        else
 #endif
 #ifndef WOLFSSL_NO_ML_DSA_87
         if (l == 7) {
@@ -5190,14 +7133,55 @@ static void dilithium_matrix_mul(sword32* r, const sword32* m, const sword32* v,
             }
             m += DILITHIUM_N * 7;
         }
-        else
 #endif
-        {
-        }
 #endif
         r += DILITHIUM_N;
     }
 }
+
+/* Matrix multiplication.
+ *
+ * @param [out] r  Vector of polynomials that is result.
+ * @param [in]  m  Matrix of polynomials.
+ * @param [in]  v  Vector of polynomials.
+ * @param [in]  k  First dimension of matrix and dimension of result.
+ * @param [in]  l  Second dimension of matrix and dimension of v.
+ */
+static void dilithium_matrix_mul(sword32* r, const sword32* m, const sword32* v,
+     byte k, byte l)
+{
+#ifdef USE_INTEL_SPEEDUP
+    if (IS_INTEL_AVX2(cpuid_flags) && (SAVE_VECTOR_REGISTERS2() == 0)) {
+        int i;
+        if (l == 4) {
+            for (i = 0; i < k; i++) {
+                wc_mldsa_mul_vec_4_avx2(r, m, v);
+                m += l * DILITHIUM_N;
+                r += DILITHIUM_N;
+            }
+        }
+        else if (l == 5) {
+            for (i = 0; i < k; i++) {
+                wc_mldsa_mul_vec_5_avx2(r, m, v);
+                m += l * DILITHIUM_N;
+                r += DILITHIUM_N;
+            }
+        }
+        else {
+            for (i = 0; i < k; i++) {
+                wc_mldsa_mul_vec_7_avx2(r, m, v);
+                m += l * DILITHIUM_N;
+                r += DILITHIUM_N;
+            }
+        }
+        RESTORE_VECTOR_REGISTERS();
+    }
+    else
+#endif
+    {
+        dilithium_matrix_mul_c(r, m, v, k, l);
+    }
+}
 #endif
 
 #if !defined(WOLFSSL_DILITHIUM_NO_SIGN) || \
@@ -5209,7 +7193,7 @@ static void dilithium_matrix_mul(sword32* r, const sword32* m, const sword32* v,
  * @param [in]  a  Polynomial
  * @param [in]  b  Polynomial.
  */
-static void dilithium_mul(sword32* r, sword32* a, sword32* b)
+static void dilithium_mul_c(sword32* r, sword32* a, sword32* b)
 {
     unsigned int e;
 #ifdef WOLFSSL_DILITHIUM_SMALL
@@ -5249,10 +7233,30 @@ static void dilithium_mul(sword32* r, sword32* a, sword32* b)
 #endif
 }
 
-#if (!defined(WOLFSSL_DILITHIUM_NO_SIGN) && \
-     !defined(WOLFSSL_DILITHIUM_SIGN_SMALL_MEM)) || \
-    (!defined(WOLFSSL_DILITHIUM_NO_VERIFY) && \
-     !defined(WOLFSSL_DILITHIUM_VERIFY_SMALL_MEM))
+#if !defined(WOLFSSL_DILITHIUM_NO_SIGN)
+/* Polynomial multiplication.
+ *
+ * @param [out] r  Polynomial result.
+ * @param [in]  a  Polynomial
+ * @param [in]  b  Polynomial.
+ */
+static void dilithium_mul(sword32* r, sword32* a, sword32* b)
+{
+#ifdef USE_INTEL_SPEEDUP
+    if (IS_INTEL_AVX2(cpuid_flags) && (SAVE_VECTOR_REGISTERS2() == 0)) {
+        wc_mldsa_mul_avx2(r, a, b);
+        RESTORE_VECTOR_REGISTERS();
+    }
+    else
+#endif
+    {
+        dilithium_mul_c(r, a, b);
+    }
+}
+#endif
+
+#if !defined(WOLFSSL_DILITHIUM_NO_VERIFY) && \
+    !defined(WOLFSSL_DILITHIUM_VERIFY_SMALL_MEM)
 /* Vector multiplication.
  *
  * @param [out] r  Vector of polynomials that is result.
@@ -5264,10 +7268,23 @@ static void dilithium_vec_mul(sword32* r, sword32* a, sword32* b, byte l)
 {
     byte i;
 
-    for (i = 0; i < l; i++) {
-        dilithium_mul(r, a, b);
-        r += DILITHIUM_N;
-        b += DILITHIUM_N;
+#ifdef USE_INTEL_SPEEDUP
+    if (IS_INTEL_AVX2(cpuid_flags) && (SAVE_VECTOR_REGISTERS2() == 0)) {
+        for (i = 0; i < l; i++) {
+            wc_mldsa_mul_avx2(r, a, b);
+            r += DILITHIUM_N;
+            b += DILITHIUM_N;
+        }
+        RESTORE_VECTOR_REGISTERS();
+    }
+    else
+#endif
+    {
+        for (i = 0; i < l; i++) {
+            dilithium_mul_c(r, a, b);
+            r += DILITHIUM_N;
+            b += DILITHIUM_N;
+        }
     }
 }
 #endif
@@ -5278,7 +7295,7 @@ static void dilithium_vec_mul(sword32* r, sword32* a, sword32* b, byte l)
  *
  * @param [in, out] a  Polynomial.
  */
-static void dilithium_poly_red(sword32* a)
+static void dilithium_poly_red_c(sword32* a)
 {
     word16 j;
 #ifdef WOLFSSL_DILITHIUM_SMALL
@@ -5299,6 +7316,24 @@ static void dilithium_poly_red(sword32* a)
 #endif
 }
 
+/* Modulo reduce values in polynomial. Range (-2^31)..(2^31-1).
+ *
+ * @param [in, out] a  Polynomial.
+ */
+static void dilithium_poly_red(sword32* a)
+{
+#ifdef USE_INTEL_SPEEDUP
+    if (IS_INTEL_AVX2(cpuid_flags) && (SAVE_VECTOR_REGISTERS2() == 0)) {
+        wc_mldsa_poly_red_avx2(a);
+        RESTORE_VECTOR_REGISTERS();
+    }
+    else
+#endif
+    {
+        dilithium_poly_red_c(a);
+    }
+}
+
 #ifndef WOLFSSL_DILITHIUM_SIGN_SMALL_MEM
 /* Modulo reduce values in polynomials of vector. Range (-2^31)..(2^31-1).
  *
@@ -5326,7 +7361,7 @@ static void dilithium_vec_red(sword32* a, byte l)
  * @param [out] r  Polynomial to subtract from.
  * @param [in]  a  Polynomial to subtract.
  */
-static void dilithium_sub(sword32* r, const sword32* a)
+static void dilithium_sub_c(sword32* r, const sword32* a)
 {
     word16 j;
 #ifdef WOLFSSL_DILITHIUM_SMALL
@@ -5347,11 +7382,28 @@ static void dilithium_sub(sword32* r, const sword32* a)
 #endif
 }
 
+/* Subtract polynomials a from r. r -= a.
+ *
+ * @param [out] r  Polynomial to subtract from.
+ * @param [in]  a  Polynomial to subtract.
+ */
+static void dilithium_sub(sword32* r, const sword32* a)
+{
+#ifdef USE_INTEL_SPEEDUP
+    if (IS_INTEL_AVX2(cpuid_flags) && (SAVE_VECTOR_REGISTERS2() == 0)) {
+        wc_mldsa_poly_sub_avx2(r, a);
+        RESTORE_VECTOR_REGISTERS();
+    }
+    else
+#endif
+    {
+        dilithium_sub_c(r, a);
+    }
+}
+
 #if defined(WOLFSSL_DILITHIUM_CHECK_KEY) || \
    (!defined(WOLFSSL_DILITHIUM_NO_VERIFY) && \
-    !defined(WOLFSSL_DILITHIUM_VERIFY_SMALL_MEM)) || \
-    (!defined(WOLFSSL_DILITHIUM_NO_SIGN) && \
-     !defined(WOLFSSL_DILITHIUM_SIGN_SMALL_MEM))
+    !defined(WOLFSSL_DILITHIUM_VERIFY_SMALL_MEM))
 /* Subtract vector a from r. r -= a.
  *
  * @param [out] r  Vector of polynomials that is result.
@@ -5377,7 +7429,7 @@ static void dilithium_vec_sub(sword32* r, const sword32* a, byte l)
  * @param [out] r  Polynomial to add to.
  * @param [in]  a  Polynomial to add.
  */
-static void dilithium_add(sword32* r, const sword32* a)
+static void dilithium_add_c(sword32* r, const sword32* a)
 {
     word16 j;
 #ifdef WOLFSSL_DILITHIUM_SMALL
@@ -5398,6 +7450,25 @@ static void dilithium_add(sword32* r, const sword32* a)
 #endif
 }
 
+/* Add polynomials a to r. r += a.
+ *
+ * @param [out] r  Polynomial to add to.
+ * @param [in]  a  Polynomial to add.
+ */
+static void dilithium_add(sword32* r, const sword32* a)
+{
+#ifdef USE_INTEL_SPEEDUP
+    if (IS_INTEL_AVX2(cpuid_flags) && (SAVE_VECTOR_REGISTERS2() == 0)) {
+        wc_mldsa_poly_add_avx2(r, a);
+        RESTORE_VECTOR_REGISTERS();
+    }
+    else
+#endif
+    {
+        dilithium_add_c(r, a);
+    }
+}
+
 #if !defined(WOLFSSL_DILITHIUM_NO_MAKE_KEY) || \
     defined(WOLFSSL_DILITHIUM_CHECK_KEY) || \
     (!defined(WOLFSSL_DILITHIUM_NO_SIGN) && \
@@ -5424,7 +7495,7 @@ static void dilithium_vec_add(sword32* r, const sword32* a, byte l)
  *
  * @param [in, out] a  Polynomial.
  */
-static void dilithium_make_pos(sword32* a)
+static void dilithium_make_pos_c(sword32* a)
 {
     word16 j;
 #ifdef WOLFSSL_DILITHIUM_SMALL
@@ -5445,6 +7516,24 @@ static void dilithium_make_pos(sword32* a)
 #endif
 }
 
+/* Make values in polynomial be in positive range.
+ *
+ * @param [in, out] a  Polynomial.
+ */
+static void dilithium_make_pos(sword32* a)
+{
+#ifdef USE_INTEL_SPEEDUP
+    if (IS_INTEL_AVX2(cpuid_flags) && (SAVE_VECTOR_REGISTERS2() == 0)) {
+        wc_mldsa_poly_make_pos_avx2(a);
+        RESTORE_VECTOR_REGISTERS();
+    }
+    else
+#endif
+    {
+        dilithium_make_pos_c(a);
+    }
+}
+
 #if !defined(WOLFSSL_DILITHIUM_NO_MAKE_KEY) || \
     defined(WOLFSSL_DILITHIUM_CHECK_KEY) || \
     (!defined(WOLFSSL_DILITHIUM_NO_SIGN) && \
@@ -5636,9 +7725,9 @@ static int dilithium_make_key_from_seed(dilithium_key* key, const byte* seed)
         dilthium_vec_encode_eta_bits(s2, params->k, params->eta, s2p);
 
         /* Step 5: t <- NTT-1(A_circum o NTT(s1)) + s2 */
-        dilithium_vec_ntt_small(s1, params->l);
+        dilithium_vec_ntt_small_full(s1, params->l);
         dilithium_matrix_mul(t, a, s1, params->k, params->l);
-        dilithium_vec_invntt(t, params->k);
+        dilithium_vec_invntt_full(t, params->k);
         dilithium_vec_add(t, s2, params->k);
 
         /* Make positive for decomposing. */
@@ -5765,7 +7854,7 @@ static int dilithium_make_key_from_seed(dilithium_key* key, const byte* seed)
         dilthium_vec_encode_eta_bits(s2, params->k, params->eta, s2p);
 
         /* Step 5: NTT(s1) */
-        dilithium_vec_ntt_small(s1, params->l);
+        dilithium_vec_ntt_small_full(s1, params->l);
         /* Step 5: t <- NTT-1(A_circum o NTT(s1)) + s2 */
         XMEMCPY(aseed, pub_seed, DILITHIUM_PUB_SEED_SZ);
         for (r = 0; (ret == 0) && (r < params->k); r++) {
@@ -5775,7 +7864,6 @@ static int dilithium_make_key_from_seed(dilithium_key* key, const byte* seed)
             /* Put r/i into buffer to be hashed. */
             aseed[DILITHIUM_PUB_SEED_SZ + 1] = r;
             for (s = 0; (ret == 0) && (s < params->l); s++) {
-
                 /* Put s into buffer to be hashed. */
                 aseed[DILITHIUM_PUB_SEED_SZ + 0] = s;
                 /* Step 3: Expand public seed into a matrix of polynomials. */
@@ -5867,7 +7955,7 @@ static int dilithium_make_key_from_seed(dilithium_key* key, const byte* seed)
                 tt[e] = dilithium_mont_red(t64[e]);
             }
         #endif
-            dilithium_invntt(tt);
+            dilithium_invntt_full(tt);
             dilithium_add(tt, s2t);
             /* Make positive for decomposing. */
             dilithium_make_pos(tt);
@@ -6189,9 +8277,9 @@ static int dilithium_sign_with_seed_mu(dilithium_key* key,
             {
                 /* Step 13: NTT-1(A o NTT(y)) */
                 XMEMCPY(y_ntt, y, params->s1Sz);
-                dilithium_vec_ntt(y_ntt, params->l);
+                dilithium_vec_ntt_full(y_ntt, params->l);
                 dilithium_matrix_mul(w, a, y_ntt, params->k, params->l);
-                dilithium_vec_invntt(w, params->k);
+                dilithium_vec_invntt_full(w, params->k);
                 /* Step 14, Step 22: Make values positive and decompose. */
                 dilithium_vec_make_pos(w, params->k);
                 dilithium_vec_decompose(w, params->k, params->gamma2, w0, w1);
@@ -6223,36 +8311,46 @@ static int dilithium_sign_with_seed_mu(dilithium_key* key,
                 }
                 if (ret == 0) {
                     sword32 hi;
+                    byte i;
 
+                    valid = 1;
                     /* Step 18: NTT(c). */
                     dilithium_ntt_small(c);
-                    /* Step 20: cs2 = NTT-1(c o s2) */
-                    dilithium_vec_mul(cs2, c, s2, params->k);
-                    dilithium_vec_invntt(cs2, params->k);
-                    /* Step 22: w0 - cs2 */
-                    dilithium_vec_sub(w0, cs2, params->k);
-                    dilithium_vec_red(w0, params->k);
-                    /* Step 23: Check w0 - cs2 has low enough values. */
                     hi = params->gamma2 - params->beta;
-                    valid = dilithium_vec_check_low(w0, params->k, hi);
-                    if (valid) {
-                        /* Step 19: cs1 = NTT-1(c o s1) */
-                        dilithium_vec_mul(z, c, s1, params->l);
-                        dilithium_vec_invntt(z, params->l);
-                        /* Step 21: z = y + cs1 */
-                        dilithium_vec_add(z, y, params->l);
-                        dilithium_vec_red(z, params->l);
-                        /* Step 23: Check z has low enough values. */
-                        hi = (1 << params->gamma1_bits) - params->beta;
-                        valid = dilithium_vec_check_low(z, params->l, hi);
+                    for (i = 0; valid && i < params->k; i++) {
+                        /* Step 20: cs2 = NTT-1(c o s2) */
+                        dilithium_mul(cs2 + i * DILITHIUM_N, c,
+                            s2 + i * DILITHIUM_N);
+                        dilithium_invntt(cs2 + i * DILITHIUM_N);
+                        /* Step 22: w0 - cs2 */
+                        dilithium_sub(w0 + i * DILITHIUM_N,
+                            cs2 + i * DILITHIUM_N);
+                        /* Step 23: Check w0 - cs2 has low enough values. */
+                        valid = dilithium_vec_check_low(w0 + i * DILITHIUM_N, 1,
+                            hi);
                     }
-                    if (valid) {
+                    hi = (1 << params->gamma1_bits) - params->beta;
+                    for (i = 0; valid && i < params->l; i++) {
+                        /* Step 19: cs1 = NTT-1(c o s1) */
+                        dilithium_mul(z + i * DILITHIUM_N, c,
+                            s1 + i * DILITHIUM_N);
+                        dilithium_invntt(z + i * DILITHIUM_N);
+                        /* Step 21: z = y + cs1 */
+                        dilithium_add(z + i * DILITHIUM_N, y + i * DILITHIUM_N);
+                        dilithium_poly_red(z + i * DILITHIUM_N);
+                        /* Step 23: Check z has low enough values. */
+                        valid = dilithium_vec_check_low(z + i * DILITHIUM_N, 1,
+                            hi);
+                    }
+                    for (i = 0; valid && i < params->k; i++) {
                         /* Step 25: ct0 = NTT-1(c o t0) */
-                        dilithium_vec_mul(ct0, c, t0, params->k);
-                        dilithium_vec_invntt(ct0, params->k);
+                        dilithium_mul(ct0 + i * DILITHIUM_N, c,
+                            t0 + i * DILITHIUM_N);
+                        dilithium_invntt(ct0 + i * DILITHIUM_N);
                         /* Step 27: Check ct0 has low enough values. */
                         hi = params->gamma2;
-                        valid = dilithium_vec_check_low(ct0, params->k, hi);
+                        valid = dilithium_vec_check_low(ct0 + i * DILITHIUM_N,
+                            1, hi);
                     }
                     if (valid) {
                         /* Step 26: ct0 = ct0 + w0 */
@@ -6448,9 +8546,9 @@ static int dilithium_sign_with_seed_mu(dilithium_key* key,
         #ifdef WOLFSSL_DILITHIUM_SIGN_SMALL_MEM_PRECALC_A
             /* Step 13: NTT-1(A o NTT(y)) */
             XMEMCPY(y_ntt, y, params->s1Sz);
-            dilithium_vec_ntt(y_ntt, params->l);
+            dilithium_vec_ntt_full(y_ntt, params->l);
             dilithium_matrix_mul(w, a, y_ntt, maxK, params->l);
-            dilithium_vec_invntt(w, maxK);
+            dilithium_vec_invntt_full(w, maxK);
             /* Step 14, Step 22: Make values positive and decompose. */
             dilithium_vec_make_pos(w, maxK);
             dilithium_vec_decompose(w, maxK, params->gamma2, w0, w1);
@@ -6486,7 +8584,7 @@ static int dilithium_sign_with_seed_mu(dilithium_key* key,
                         break;
                     }
                     XMEMCPY(y_ntt_t, yt, DILITHIUM_POLY_SIZE);
-                    dilithium_ntt(y_ntt_t);
+                    dilithium_ntt_full(y_ntt_t);
                     /* Matrix multiply. */
                 #ifndef WOLFSSL_DILITHIUM_SMALL_MEM_POLY64
                     if (s == 0) {
@@ -6589,7 +8687,7 @@ static int dilithium_sign_with_seed_mu(dilithium_key* key,
                     wt[e] = dilithium_mont_red(t64[e]);
                 }
             #endif
-                dilithium_invntt(wt);
+                dilithium_invntt_full(wt);
                 /* Step 14, Step 22: Make values positive and decompose. */
                 dilithium_make_pos(wt);
             #ifndef WOLFSSL_NO_ML_DSA_44
@@ -7173,7 +9271,7 @@ static void dilithium_make_pub_vec(dilithium_key* key, sword32* t1)
     const byte* t1p = key->p + DILITHIUM_PUB_SEED_SZ;
 
     dilithium_vec_decode_t1(t1p, params->k, t1);
-    dilithium_vec_ntt(t1, params->k);
+    dilithium_vec_ntt_full(t1, params->k);
 
 #ifdef WC_DILITHIUM_CACHE_PUB_VECTORS
     key->pubVecSet = 1;
@@ -7346,12 +9444,12 @@ static int dilithium_verify_mu(dilithium_key* key, const byte* mu,
     }
     if ((ret == 0) && valid) {
         /* Step 10: w = NTT-1(A o NTT(z) - NTT(c) o NTT(t1)) */
-        dilithium_vec_ntt(z, params->l);
+        dilithium_vec_ntt_full(z, params->l);
         dilithium_matrix_mul(w, a, z, params->k, params->l);
-        dilithium_ntt_small(c);
+        dilithium_ntt_small_full(c);
         dilithium_vec_mul(t1c, c, t1, params->k);
         dilithium_vec_sub(w, t1c, params->k);
-        dilithium_vec_invntt(w, params->k);
+        dilithium_vec_invntt_full(w, params->k);
         /* Step 11: Use hint to give full w1. */
         dilithium_vec_use_hint(w, params->k, params->gamma2, params->omega, h);
         /* Step 12: Encode w1. */
@@ -7456,7 +9554,7 @@ static int dilithium_verify_mu(dilithium_key* key, const byte* mu,
     }
     if ((ret == 0) && valid) {
         /* Step 10: NTT(z) */
-        dilithium_vec_ntt(z, params->l);
+        dilithium_vec_ntt_full(z, params->l);
 
          /* Step 9: Compute c from first 256 bits of commit. */
 #ifdef WOLFSSL_DILITHIUM_VERIFY_NO_MALLOC
@@ -7468,7 +9566,7 @@ static int dilithium_verify_mu(dilithium_key* key, const byte* mu,
 #endif
     }
     if ((ret == 0) && valid) {
-        dilithium_ntt_small(c);
+        dilithium_ntt_small_full(c);
 
         o = 0;
         encW1 = w1e;
@@ -7487,7 +9585,7 @@ static int dilithium_verify_mu(dilithium_key* key, const byte* mu,
             t1p += DILITHIUM_U * DILITHIUM_N / 8;
 
             /* Step 10: - NTT(c) o NTT(t1)) */
-            dilithium_ntt(w);
+            dilithium_ntt_full(w);
     #ifndef WOLFSSL_DILITHIUM_SMALL_MEM_POLY64
         #ifdef WOLFSSL_DILITHIUM_SMALL
             for (e = 0; e < DILITHIUM_N; e++) {
@@ -7583,7 +9681,7 @@ static int dilithium_verify_mu(dilithium_key* key, const byte* mu,
         #endif
 
             /* Step 10: w = NTT-1(A o NTT(z) - NTT(c) o NTT(t1)) */
-            dilithium_invntt(w);
+            dilithium_invntt_full(w);
 
         #ifndef WOLFSSL_NO_ML_DSA_44
             if (params->gamma2 == DILITHIUM_Q_LOW_88) {
@@ -8488,6 +10586,52 @@ int wc_dilithium_verify_ctx_hash(const byte* sig, word32 sigLen,
 }
 #endif /* WOLFSSL_DILITHIUM_NO_VERIFY */
 
+#ifndef WC_NO_CONSTRUCTORS
+/**
+ * Create a new dilithium key object.
+ *
+ * heap  [in]  Dynamic memory hint.
+ * devId [in]  Device Id.
+ * returns MEMORY_E when dynamic memory allocation fails
+ */
+
+dilithium_key* wc_dilithium_new(void* heap, int devId)
+{
+    int ret;
+    dilithium_key* key = (dilithium_key*)XMALLOC(sizeof(dilithium_key), heap,
+        DYNAMIC_TYPE_DILITHIUM);
+    if (key != NULL) {
+        ret = wc_dilithium_init_ex(key, heap, devId);
+        if (ret != 0) {
+            XFREE(key, heap, DYNAMIC_TYPE_DILITHIUM);
+            key = NULL;
+        }
+    }
+
+    return key;
+}
+
+/**
+ * Delete and free a dilithium key object.
+ *
+ * key   [in]       dilithium key object to delete.
+ * key_p [in, out]  Pointer to key pointer to set to NULL.
+ * returns BAD_FUNC_ARG when key is NULL
+ */
+
+int wc_dilithium_delete(dilithium_key* key, dilithium_key** key_p)
+{
+    if (key == NULL)
+        return BAD_FUNC_ARG;
+    wc_dilithium_free(key);
+    XFREE(key, key->heap, DYNAMIC_TYPE_DILITHIUM);
+    if (key_p != NULL)
+        *key_p = NULL;
+
+    return 0;
+}
+#endif /* !WC_NO_CONSTRUCTORS */
+
 /* Initialize the dilithium private/public key.
  *
  * key  [in]  Dilithium key.
@@ -8531,6 +10675,10 @@ int wc_dilithium_init_ex(dilithium_key* key, void* heap, int devId)
         key->heap = heap;
     }
 
+#if defined(WOLFSSL_WC_DILITHIUM) && defined(USE_INTEL_SPEEDUP)
+    cpuid_get_flags_ex(&cpuid_flags);
+#endif
+
     return ret;
 }
 
@@ -8704,8 +10852,11 @@ void wc_dilithium_free(dilithium_key* key)
         XFREE(key->a, key->heap, DYNAMIC_TYPE_DILITHIUM);
     #endif
 #endif
+        /* Intel speedup code manually manipulates the state. */
+#ifndef USE_INTEL_SPEEDUP
         /* Free the SHAKE-128/256 object. */
         wc_Shake256_Free(&key->shake);
+#endif
 #endif
         /* Ensure all private data is zeroized. */
         ForceZero(key, sizeof(*key));
@@ -9040,9 +11191,9 @@ int wc_dilithium_check_key(dilithium_key* key)
         dilithium_vec_decode_t1(t1p, params->k, t1);
 
         /* Calcaluate t = NTT-1(A o NTT(s1)) + s2 */
-        dilithium_vec_ntt_small(s1, params->l);
+        dilithium_vec_ntt_small_full(s1, params->l);
         dilithium_matrix_mul(t, a, s1, params->k, params->l);
-        dilithium_vec_invntt(t, params->k);
+        dilithium_vec_invntt_full(t, params->k);
         dilithium_vec_add(t, s2, params->k);
         /* Subtract t0 from t. */
         dilithium_vec_sub(t, t0, params->k);
@@ -9659,31 +11810,6 @@ int dilithium_get_oid_sum(dilithium_key* key, int* keyFormat) {
 
 #if defined(WOLFSSL_DILITHIUM_PRIVATE_KEY)
 
-/* OCT <seed of 32 bytes> OCT <private key data of more than 256 bytes> */
-#define ALT_PRIV_DER_PREFIX       (2 + 32 + 4)
-/* SEQ [ OCT <seed of 32 bytes> OCT <private key data> ] */
-#define ALT_PRIV_DER_PREFIX_SEQ   (4 + 2 + 32 + 4)
-
-/* Get the private only key size for the ML-DSA level/parameter id.
- *
- * @param [in] level  Level of the ML-DSA key.
- * @return  Private key only encoding size for key level on success.
- * @return  0 on failure.
- */
-static word32 dilithium_get_priv_size(int level)
-{
-    switch (level) {
-        case WC_ML_DSA_44:
-            return ML_DSA_LEVEL2_KEY_SIZE;
-        case WC_ML_DSA_65:
-            return ML_DSA_LEVEL3_KEY_SIZE;
-        case WC_ML_DSA_87:
-            return ML_DSA_LEVEL5_KEY_SIZE;
-        default:
-            return 0;
-    }
-}
-
 /* Decode the DER encoded Dilithium key.
  *
  * @param [in]      input     Array holding DER encoded data.
@@ -9708,11 +11834,14 @@ int wc_Dilithium_PrivateKeyDecode(const byte* input, word32* inOutIdx,
     dilithium_key* key, word32 inSz)
 {
     int ret = 0;
+    const byte* seed = NULL;
     const byte* privKey = NULL;
     const byte* pubKey = NULL;
+    word32 seedLen = 0;
     word32 privKeyLen = 0;
     word32 pubKeyLen = 0;
     int keyType = 0;
+    int autoKeyType = ANONk;
 
     /* Validate parameters. */
     if ((input == NULL) || (inOutIdx == NULL) || (key == NULL) || (inSz == 0)) {
@@ -9756,34 +11885,45 @@ int wc_Dilithium_PrivateKeyDecode(const byte* input, word32* inOutIdx,
 
     if (ret == 0) {
         /* Decode the asymmetric key and get out private and public key data. */
+#ifndef WOLFSSL_ASN_TEMPLATE
         ret = DecodeAsymKey_Assign(input, inOutIdx, inSz,
+                                   NULL, NULL,
                                    &privKey, &privKeyLen,
-                                   &pubKey, &pubKeyLen, &keyType);
-        if (ret == 0
-#ifdef WOLFSSL_WC_DILITHIUM
-            && key->params == NULL
-#endif
-        ) {
+                                   &pubKey, &pubKeyLen, &autoKeyType);
+#else
+        ret = DecodeAsymKey_Assign(input, inOutIdx, inSz,
+                                   &seed, &seedLen,
+                                   &privKey, &privKeyLen,
+                                   &pubKey, &pubKeyLen, &autoKeyType);
+#endif /* WOLFSSL_ASN_TEMPLATE */
+    }
+
+    if (ret == 0) {
+        if (keyType == ANONk && autoKeyType != ANONk) {
             /* Set the security level based on the decoded key. */
-            ret = mapOidToSecLevel(keyType);
+            ret = mapOidToSecLevel(autoKeyType);
             if (ret > 0) {
                 ret = wc_dilithium_set_level(key, (byte)ret);
             }
         }
-        /* If it failed to decode try alternative DER encoding. */
-        else if (ret != 0) {
-            word32 levelSize = dilithium_get_priv_size(key->level);
-            privKey = input + *inOutIdx;
-            privKeyLen = inSz - *inOutIdx;
-
-            /* Check for an alternative DER encoding. */
-            if (privKeyLen == ALT_PRIV_DER_PREFIX_SEQ + levelSize) {
-                privKey += ALT_PRIV_DER_PREFIX_SEQ;
-                privKeyLen -= ALT_PRIV_DER_PREFIX_SEQ;
+        else if (keyType != ANONk && autoKeyType != ANONk) {
+            if (keyType == autoKeyType)
                 ret = 0;
-            }
+            else
+                ret = ASN_PARSE_E;
+        }
+        else if (keyType != ANONk && autoKeyType == ANONk) {
+            ret = 0;
+        }
+        else { /* keyType == ANONk && autoKeyType == ANONk */
+            /*
+             * When decoding traditional format with not specifying a level will
+             * cause this error.
+             */
+            ret = ASN_PARSE_E;
         }
     }
+
     if ((ret == 0) && (pubKey == NULL) && (pubKeyLen == 0)) {
         /* Check if the public key is included in the private key. */
     #if defined(WOLFSSL_DILITHIUM_FIPS204_DRAFT)
@@ -9828,32 +11968,39 @@ int wc_Dilithium_PrivateKeyDecode(const byte* input, word32* inOutIdx,
             pubKeyLen = ML_DSA_LEVEL5_PUB_KEY_SIZE;
             privKeyLen -= ML_DSA_LEVEL5_PUB_KEY_SIZE;
         }
-        else {
-            word32 levelSize = dilithium_get_priv_size(key->level);
-
-            if (privKeyLen == ALT_PRIV_DER_PREFIX + levelSize) {
-                privKey += ALT_PRIV_DER_PREFIX;
-                privKeyLen -= ALT_PRIV_DER_PREFIX;
-            }
-        }
     }
 
     if (ret == 0) {
-        /* Check whether public key data was found. */
-#if defined(WOLFSSL_DILITHIUM_PUBLIC_KEY)
-        if (pubKeyLen == 0)
+        /* Generate a key pair if seed exists and decoded key pair is ignored */
+        if (seedLen != 0) {
+#if defined(WOLFSSL_WC_DILITHIUM) && !defined(WOLFSSL_DILITHIUM_NO_MAKE_KEY)
+            if (seedLen == DILITHIUM_SEED_SZ) {
+                ret = wc_dilithium_make_key_from_seed(key, seed);
+            }
+            else {
+                ret = ASN_PARSE_E;
+            }
+#else
+            ret = NOT_COMPILED_IN;
 #endif
-        {
-            /* No public key data, only import private key data. */
-            ret = wc_dilithium_import_private(privKey, privKeyLen, key);
         }
 #if defined(WOLFSSL_DILITHIUM_PUBLIC_KEY)
-        else {
+        /* Check whether public key data was found. */
+        else if (pubKeyLen != 0 && privKeyLen != 0) {
             /* Import private and public key data. */
             ret = wc_dilithium_import_key(privKey, privKeyLen, pubKey,
                 pubKeyLen, key);
         }
 #endif
+        else if (pubKeyLen == 0 && privKeyLen != 0)
+        {
+            /* No public key data, only import private key data. */
+            ret = wc_dilithium_import_private(privKey, privKeyLen, key);
+        }
+        else {
+            /* Not a problem of ASN.1 structure, but the contents is invalid */
+            ret = ASN_PARSE_E;
+        }
     }
 
     (void)pubKey;
diff --git a/wolfcrypt/src/dsa.c b/wolfcrypt/src/dsa.c
index cc455487e..13cc29f6a 100644
--- a/wolfcrypt/src/dsa.c
+++ b/wolfcrypt/src/dsa.c
@@ -35,12 +35,12 @@
     #include <wolfcrypt/src/misc.c>
 #endif
 
-#if defined(WOLFSSL_LINUXKM) && !defined(WOLFSSL_SP_ASM)
+#if defined(WOLFSSL_USE_SAVE_VECTOR_REGISTERS) && !defined(WOLFSSL_SP_ASM)
     /* force off unneeded vector register save/restore. */
     #undef SAVE_VECTOR_REGISTERS
-    #define SAVE_VECTOR_REGISTERS(fail_clause) WC_DO_NOTHING
+    #define SAVE_VECTOR_REGISTERS(fail_clause) SAVE_NO_VECTOR_REGISTERS(fail_clause)
     #undef RESTORE_VECTOR_REGISTERS
-    #define RESTORE_VECTOR_REGISTERS() WC_DO_NOTHING
+    #define RESTORE_VECTOR_REGISTERS() RESTORE_NO_VECTOR_REGISTERS()
 #endif
 
 #ifdef _MSC_VER
diff --git a/wolfcrypt/src/ecc.c b/wolfcrypt/src/ecc.c
index 03eaf138b..29a208605 100644
--- a/wolfcrypt/src/ecc.c
+++ b/wolfcrypt/src/ecc.c
@@ -221,12 +221,12 @@ ECC Curve Sizes:
     #include <wolfssl/wolfcrypt/hmac.h>
 #endif
 
-#if defined(WOLFSSL_LINUXKM) && !defined(WOLFSSL_SP_ASM)
+#if defined(WOLFSSL_USE_SAVE_VECTOR_REGISTERS) && !defined(WOLFSSL_SP_ASM)
     /* force off unneeded vector register save/restore. */
     #undef SAVE_VECTOR_REGISTERS
-    #define SAVE_VECTOR_REGISTERS(fail_clause) WC_DO_NOTHING
+    #define SAVE_VECTOR_REGISTERS(fail_clause) SAVE_NO_VECTOR_REGISTERS(fail_clause)
     #undef RESTORE_VECTOR_REGISTERS
-    #define RESTORE_VECTOR_REGISTERS() WC_DO_NOTHING
+    #define RESTORE_VECTOR_REGISTERS() RESTORE_NO_VECTOR_REGISTERS()
 #endif
 
 #if !defined(WOLFSSL_ATECC508A) && !defined(WOLFSSL_ATECC608A) && \
@@ -3166,7 +3166,7 @@ static int ecc_mulmod(const mp_int* k, ecc_point* P, ecc_point* Q,
     ecc_point** R, mp_int* a, mp_int* modulus, mp_digit mp, WC_RNG* rng)
 {
     int      err = MP_OKAY;
-    int      bytes = (mp_count_bits(modulus) + 7) / 8;
+    int      bytes = (mp_count_bits(modulus) + 7) >> 3;
     int      i;
     int      j = 1;
     int      cnt = DIGIT_BIT;
@@ -3404,7 +3404,7 @@ static int ecc_mulmod(const mp_int* k, ecc_point* P, ecc_point* Q,
     ecc_point** R, mp_int* a, mp_int* modulus, mp_digit mp, WC_RNG* rng)
 {
     int          err = MP_OKAY;
-    int          bytes = (mp_count_bits(modulus) + 7) / 8;
+    int          bytes = (mp_count_bits(modulus) + 7) >> 3;
     int          i;
     int          j = 1;
     int          cnt;
@@ -4452,7 +4452,7 @@ int wc_ecc_get_curve_id_from_params(int fieldSize,
         Gx == NULL || Gy == NULL)
         return BAD_FUNC_ARG;
 
-    curveSz = (fieldSize + 1) / 8;    /* round up */
+    curveSz = (fieldSize + 1) >> 3;    /* round up */
 
     for (idx = 0; ecc_sets[idx].size != 0; idx++) {
         if (curveSz == ecc_sets[idx].size) {
@@ -11929,7 +11929,7 @@ int wc_ecc_sig_size(const ecc_key* key)
     keySz = key->dp->size;
     orderBits = wc_ecc_get_curve_order_bit_count(key->dp);
     if (orderBits > keySz * 8) {
-        keySz = (orderBits + 7) / 8;
+        keySz = (orderBits + 7) >> 3;
     }
     /* maximum possible signature header size is 7 bytes */
     maxSigSz = (keySz * 2) + SIG_HEADER_SZ;
diff --git a/wolfcrypt/src/eccsi.c b/wolfcrypt/src/eccsi.c
index 2717607d3..d45f26a38 100644
--- a/wolfcrypt/src/eccsi.c
+++ b/wolfcrypt/src/eccsi.c
@@ -36,12 +36,12 @@
     #include <wolfssl/wolfcrypt/sp.h>
 #endif
 
-#if defined(WOLFSSL_LINUXKM) && !defined(WOLFSSL_SP_ASM)
+#if defined(WOLFSSL_USE_SAVE_VECTOR_REGISTERS) && !defined(WOLFSSL_SP_ASM)
     /* force off unneeded vector register save/restore. */
     #undef SAVE_VECTOR_REGISTERS
-    #define SAVE_VECTOR_REGISTERS(fail_clause) WC_DO_NOTHING
+    #define SAVE_VECTOR_REGISTERS(fail_clause) SAVE_NO_VECTOR_REGISTERS(fail_clause)
     #undef RESTORE_VECTOR_REGISTERS
-    #define RESTORE_VECTOR_REGISTERS() WC_DO_NOTHING
+    #define RESTORE_VECTOR_REGISTERS() RESTORE_NO_VECTOR_REGISTERS()
 #endif
 
 #ifndef WOLFSSL_HAVE_ECC_KEY_GET_PRIV
diff --git a/wolfcrypt/src/ed448.c b/wolfcrypt/src/ed448.c
index be8582f57..59b411005 100644
--- a/wolfcrypt/src/ed448.c
+++ b/wolfcrypt/src/ed448.c
@@ -1017,7 +1017,9 @@ int wc_ed448_import_public_ex(const byte* in, word32 inLen, ed448_key* key,
         ret = BAD_FUNC_ARG;
     }
 
-    if ((inLen != ED448_PUB_KEY_SIZE) && (inLen != ED448_PUB_KEY_SIZE + 1)) {
+    if ((inLen != ED448_PUB_KEY_SIZE) &&
+        (inLen != ED448_PUB_KEY_SIZE + 1) &&
+        (inLen != 2 * ED448_PUB_KEY_SIZE + 1)) {
         ret = BAD_FUNC_ARG;
     }
 
diff --git a/wolfcrypt/src/error.c b/wolfcrypt/src/error.c
index 014345a1a..1d5c90d10 100644
--- a/wolfcrypt/src/error.c
+++ b/wolfcrypt/src/error.c
@@ -650,6 +650,12 @@ const char* wc_GetErrorString(int error)
     case WC_ACCEL_INHIBIT_E:
         return "Crypto acceleration is currently inhibited";
 
+    case BAD_INDEX_E:
+        return "Bad index";
+
+    case INTERRUPTED_E:
+        return "Process interrupted";
+
     case MAX_CODE_E:
     case WC_SPAN1_MIN_CODE_E:
     case MIN_CODE_E:
diff --git a/wolfcrypt/src/evp.c b/wolfcrypt/src/evp.c
index 5c9ac3e8d..2840f2267 100644
--- a/wolfcrypt/src/evp.c
+++ b/wolfcrypt/src/evp.c
@@ -8902,7 +8902,7 @@ static void clearEVPPkeyKeys(WOLFSSL_EVP_PKEY *pkey)
 }
 
 #ifndef NO_RSA
-#if defined(WOLFSSL_KEY_GEN)
+#ifdef WOLFSSL_KEY_TO_DER
 static int PopulateRSAEvpPkeyDer(WOLFSSL_EVP_PKEY *pkey)
 {
     int ret = 0;
@@ -9008,7 +9008,7 @@ static int PopulateRSAEvpPkeyDer(WOLFSSL_EVP_PKEY *pkey)
         return WOLFSSL_SUCCESS;
     }
 }
-#endif
+#endif /* WOLFSSL_KEY_TO_DER */
 
 WOLFSSL_RSA* wolfSSL_EVP_PKEY_get0_RSA(WOLFSSL_EVP_PKEY *pkey)
 {
@@ -9060,12 +9060,12 @@ int wolfSSL_EVP_PKEY_set1_RSA(WOLFSSL_EVP_PKEY *pkey, WOLFSSL_RSA *key)
         }
     }
 
-#if defined(WOLFSSL_KEY_GEN)
+#ifdef WOLFSSL_KEY_TO_DER
     if (PopulateRSAEvpPkeyDer(pkey) != WOLFSSL_SUCCESS) {
         WOLFSSL_MSG("PopulateRSAEvpPkeyDer failed");
         return WOLFSSL_FAILURE;
     }
-#endif /* WOLFSSL_KEY_GEN */
+#endif
 
 #ifdef WC_RSA_BLINDING
     if (key->ownRng == 0) {
@@ -10045,7 +10045,7 @@ int wolfSSL_EVP_PKEY_up_ref(WOLFSSL_EVP_PKEY* pkey)
     return WOLFSSL_FAILURE;
 }
 
-#ifndef NO_RSA
+#if !defined(NO_RSA) && defined(WOLFSSL_KEY_TO_DER)
 int wolfSSL_EVP_PKEY_assign_RSA(WOLFSSL_EVP_PKEY* pkey, WOLFSSL_RSA* key)
 {
     if (pkey == NULL || key == NULL)
@@ -10080,7 +10080,7 @@ int wolfSSL_EVP_PKEY_assign_RSA(WOLFSSL_EVP_PKEY* pkey, WOLFSSL_RSA* key)
 
     return WOLFSSL_SUCCESS;
 }
-#endif /* !NO_RSA */
+#endif /* !NO_RSA && WOLFSSL_KEY_TO_DER */
 
 #ifndef NO_DSA
 int wolfSSL_EVP_PKEY_assign_DSA(WOLFSSL_EVP_PKEY* pkey, WOLFSSL_DSA* key)
@@ -11664,7 +11664,10 @@ static int PrintHexWithColon(WOLFSSL_BIO* out, const byte* input,
 
     for (in = 0; in < (word32)inlen && ret == WOLFSSL_SUCCESS; in +=
              WOLFSSL_EVP_PKEY_PRINT_DIGITS_PER_LINE ) {
-        Indent(out, indent);
+        if (Indent(out, indent) < 0) {
+            ret = WOLFSSL_FAILURE;
+            break;
+        }
         for (i = 0; (i < WOLFSSL_EVP_PKEY_PRINT_DIGITS_PER_LINE) &&
                                         (in + i < (word32)inlen); i++) {
 
diff --git a/wolfcrypt/src/fe_448.c b/wolfcrypt/src/fe_448.c
index 9d8308d51..5e8f8c6eb 100644
--- a/wolfcrypt/src/fe_448.c
+++ b/wolfcrypt/src/fe_448.c
@@ -569,7 +569,7 @@ void fe448_from_bytes(sword64* r, const unsigned char* b)
  */
 void fe448_to_bytes(unsigned char* b, const sword64* a)
 {
-    sword128 t;
+    sword64 t;
     /* Mod */
     sword64 in0 = a[0];
     sword64 in1 = a[1];
@@ -594,15 +594,15 @@ void fe448_to_bytes(unsigned char* b, const sword64* a)
     in0 += o;
     in4 += o;
     in7 -= o << 56;
-    o = (in0  >> 56); in1  += o; t = o << 56; in0  -= (sword64)t;
-    o = (in1  >> 56); in2  += o; t = o << 56; in1  -= (sword64)t;
-    o = (in2  >> 56); in3  += o; t = o << 56; in2  -= (sword64)t;
-    o = (in3  >> 56); in4  += o; t = o << 56; in3  -= (sword64)t;
-    o = (in4  >> 56); in5  += o; t = o << 56; in4  -= (sword64)t;
-    o = (in5  >> 56); in6  += o; t = o << 56; in5  -= (sword64)t;
-    o = (in6  >> 56); in7  += o; t = o << 56; in6  -= (sword64)t;
+    o = (in0  >> 56); in1  += o; t = o << 56; in0  -= t;
+    o = (in1  >> 56); in2  += o; t = o << 56; in1  -= t;
+    o = (in2  >> 56); in3  += o; t = o << 56; in2  -= t;
+    o = (in3  >> 56); in4  += o; t = o << 56; in3  -= t;
+    o = (in4  >> 56); in5  += o; t = o << 56; in4  -= t;
+    o = (in5  >> 56); in6  += o; t = o << 56; in5  -= t;
+    o = (in6  >> 56); in7  += o; t = o << 56; in6  -= t;
     o = (in7  >> 56); in0  += o;
-                      in4  += o; t = o << 56; in7  -= (sword64)t;
+                      in4  += o; t = o << 56; in7  -= t;
 
     /* Output as bytes */
     b[ 0] = (byte)(in0  >>  0);
@@ -1370,7 +1370,7 @@ void fe448_from_bytes(sword32* r, const unsigned char* b)
  */
 void fe448_to_bytes(unsigned char* b, const sword32* a)
 {
-    sword64 t;
+    sword32 t;
     /* Mod */
     sword32 in0 = a[0];
     sword32 in1 = a[1];
@@ -1411,23 +1411,23 @@ void fe448_to_bytes(unsigned char* b, const sword32* a)
     in0 += o;
     in8 += o;
     in15 -= o << 28;
-    o = (in0  >> 28); in1  += o; t = o << 28; in0  -= (sword32)t;
-    o = (in1  >> 28); in2  += o; t = o << 28; in1  -= (sword32)t;
-    o = (in2  >> 28); in3  += o; t = o << 28; in2  -= (sword32)t;
-    o = (in3  >> 28); in4  += o; t = o << 28; in3  -= (sword32)t;
-    o = (in4  >> 28); in5  += o; t = o << 28; in4  -= (sword32)t;
-    o = (in5  >> 28); in6  += o; t = o << 28; in5  -= (sword32)t;
-    o = (in6  >> 28); in7  += o; t = o << 28; in6  -= (sword32)t;
-    o = (in7  >> 28); in8  += o; t = o << 28; in7  -= (sword32)t;
-    o = (in8  >> 28); in9  += o; t = o << 28; in8  -= (sword32)t;
-    o = (in9  >> 28); in10 += o; t = o << 28; in9  -= (sword32)t;
-    o = (in10 >> 28); in11 += o; t = o << 28; in10 -= (sword32)t;
-    o = (in11 >> 28); in12 += o; t = o << 28; in11 -= (sword32)t;
-    o = (in12 >> 28); in13 += o; t = o << 28; in12 -= (sword32)t;
-    o = (in13 >> 28); in14 += o; t = o << 28; in13 -= (sword32)t;
-    o = (in14 >> 28); in15 += o; t = o << 28; in14 -= (sword32)t;
+    o = (in0  >> 28); in1  += o; t = o << 28; in0  -= t;
+    o = (in1  >> 28); in2  += o; t = o << 28; in1  -= t;
+    o = (in2  >> 28); in3  += o; t = o << 28; in2  -= t;
+    o = (in3  >> 28); in4  += o; t = o << 28; in3  -= t;
+    o = (in4  >> 28); in5  += o; t = o << 28; in4  -= t;
+    o = (in5  >> 28); in6  += o; t = o << 28; in5  -= t;
+    o = (in6  >> 28); in7  += o; t = o << 28; in6  -= t;
+    o = (in7  >> 28); in8  += o; t = o << 28; in7  -= t;
+    o = (in8  >> 28); in9  += o; t = o << 28; in8  -= t;
+    o = (in9  >> 28); in10 += o; t = o << 28; in9  -= t;
+    o = (in10 >> 28); in11 += o; t = o << 28; in10 -= t;
+    o = (in11 >> 28); in12 += o; t = o << 28; in11 -= t;
+    o = (in12 >> 28); in13 += o; t = o << 28; in12 -= t;
+    o = (in13 >> 28); in14 += o; t = o << 28; in13 -= t;
+    o = (in14 >> 28); in15 += o; t = o << 28; in14 -= t;
     o = (in15 >> 28); in0  += o;
-                      in8  += o; t = o << 28; in15 -= (sword32)t;
+                      in8  += o; t = o << 28; in15 -= t;
 
     /* Output as bytes */
     b[ 0] = (byte)(in0  >>  0);
diff --git a/wolfcrypt/src/fe_operations.c b/wolfcrypt/src/fe_operations.c
index 6ae70e7a2..192c02d60 100644
--- a/wolfcrypt/src/fe_operations.c
+++ b/wolfcrypt/src/fe_operations.c
@@ -24,7 +24,7 @@
  /* Based On Daniel J Bernstein's curve25519 Public Domain ref10 work. */
 
 #if defined(HAVE_CURVE25519) || defined(HAVE_ED25519)
-#if !defined(CURVE25519_SMALL) || !defined(ED25519_SMALL) /* run when not defined to use small memory math */
+#if !defined(CURVE25519_SMALL) && !defined(ED25519_SMALL)
 
 #include <wolfssl/wolfcrypt/fe_operations.h>
 
@@ -697,11 +697,11 @@ void fe_invert(fe out,const fe z)
   int i = 0;
 
   /* pow225521 */
-  fe_sq(t0,z); for (i = 1;i < 1;++i) fe_sq(t0,t0);
+  fe_sq(t0,z);
   fe_sq(t1,t0); for (i = 1;i < 2;++i) fe_sq(t1,t1);
   fe_mul(t1,z,t1);
   fe_mul(t0,t0,t1);
-  fe_sq(t2,t0); for (i = 1;i < 1;++i) fe_sq(t2,t2);
+  fe_sq(t2,t0);
   fe_mul(t1,t1,t2);
   fe_sq(t2,t1); for (i = 1;i < 5;++i) fe_sq(t2,t2);
   fe_mul(t1,t2,t1);
@@ -1313,11 +1313,11 @@ void fe_pow22523(fe out,const fe z)
   fe t2 = {0};
   int i = 0;
 
-  fe_sq(t0,z); for (i = 1;i < 1;++i) fe_sq(t0,t0);
+  fe_sq(t0,z);
   fe_sq(t1,t0); for (i = 1;i < 2;++i) fe_sq(t1,t1);
   fe_mul(t1,z,t1);
   fe_mul(t0,t0,t1);
-  fe_sq(t0,t0); for (i = 1;i < 1;++i) fe_sq(t0,t0);
+  fe_sq(t0,t0);
   fe_mul(t0,t1,t0);
   fe_sq(t1,t0); for (i = 1;i < 5;++i) fe_sq(t1,t1);
   fe_mul(t0,t1,t0);
@@ -1479,5 +1479,5 @@ void fe_cmov(fe f, const fe g, int b)
 }
 #endif
 
-#endif /* !CURVE25519_SMALL || !ED25519_SMALL */
+#endif /* !CURVE25519_SMALL && !ED25519_SMALL */
 #endif /* HAVE_CURVE25519 || HAVE_ED25519 */
diff --git a/wolfcrypt/src/ge_448.c b/wolfcrypt/src/ge_448.c
index 3e3ba9deb..efc8f7231 100644
--- a/wolfcrypt/src/ge_448.c
+++ b/wolfcrypt/src/ge_448.c
@@ -24,6 +24,11 @@
  * Reworked for ed448 by Sean Parkinson.
  */
 
+/* Generated using (from wolfssl):
+ *   cd ../scripts/curve448
+ *   ./gen-curve448.sh
+ */
+
 #include <wolfssl/wolfcrypt/libwolfssl_sources.h>
 
 #ifdef HAVE_ED448
@@ -458,125 +463,150 @@ void sc448_reduce(byte* b)
     word128 c;
     word64 o;
 
-    /* Load from bytes */
-    t[ 0] =  (word64)((sword64) (b[ 0]) <<  0)
-          |  (word64)((sword64) (b[ 1]) <<  8)
-          |  (word64)((sword64) (b[ 2]) << 16)
-          |  (word64)((sword64) (b[ 3]) << 24)
-          |  (word64)((sword64) (b[ 4]) << 32)
-          |  (word64)((sword64) (b[ 5]) << 40)
-          |  (word64)((sword64) (b[ 6]) << 48);
-    t[ 1] =  (word64)((sword64) (b[ 7]) <<  0)
-          |  (word64)((sword64) (b[ 8]) <<  8)
-          |  (word64)((sword64) (b[ 9]) << 16)
-          |  (word64)((sword64) (b[10]) << 24)
-          |  (word64)((sword64) (b[11]) << 32)
-          |  (word64)((sword64) (b[12]) << 40)
-          |  (word64)((sword64) (b[13]) << 48);
-    t[ 2] =  (word64)((sword64) (b[14]) <<  0)
-          |  (word64)((sword64) (b[15]) <<  8)
-          |  (word64)((sword64) (b[16]) << 16)
-          |  (word64)((sword64) (b[17]) << 24)
-          |  (word64)((sword64) (b[18]) << 32)
-          |  (word64)((sword64) (b[19]) << 40)
-          |  (word64)((sword64) (b[20]) << 48);
-    t[ 3] =  (word64)((sword64) (b[21]) <<  0)
-          |  (word64)((sword64) (b[22]) <<  8)
-          |  (word64)((sword64) (b[23]) << 16)
-          |  (word64)((sword64) (b[24]) << 24)
-          |  (word64)((sword64) (b[25]) << 32)
-          |  (word64)((sword64) (b[26]) << 40)
-          |  (word64)((sword64) (b[27]) << 48);
-    t[ 4] =  (word64)((sword64) (b[28]) <<  0)
-          |  (word64)((sword64) (b[29]) <<  8)
-          |  (word64)((sword64) (b[30]) << 16)
-          |  (word64)((sword64) (b[31]) << 24)
-          |  (word64)((sword64) (b[32]) << 32)
-          |  (word64)((sword64) (b[33]) << 40)
-          |  (word64)((sword64) (b[34]) << 48);
-    t[ 5] =  (word64)((sword64) (b[35]) <<  0)
-          |  (word64)((sword64) (b[36]) <<  8)
-          |  (word64)((sword64) (b[37]) << 16)
-          |  (word64)((sword64) (b[38]) << 24)
-          |  (word64)((sword64) (b[39]) << 32)
-          |  (word64)((sword64) (b[40]) << 40)
-          |  (word64)((sword64) (b[41]) << 48);
-    t[ 6] =  (word64)((sword64) (b[42]) <<  0)
-          |  (word64)((sword64) (b[43]) <<  8)
-          |  (word64)((sword64) (b[44]) << 16)
-          |  (word64)((sword64) (b[45]) << 24)
-          |  (word64)((sword64) (b[46]) << 32)
-          |  (word64)((sword64) (b[47]) << 40)
-          |  (word64)((sword64) (b[48]) << 48);
-    t[ 7] =  (word64)((sword64) (b[49]) <<  0)
-          |  (word64)((sword64) (b[50]) <<  8)
-          |  (word64)((sword64) (b[51]) << 16)
-          |  (word64)((sword64) (b[52]) << 24)
-          |  (word64)((sword64) (b[53]) << 32)
-          |  (word64)((sword64) (b[54]) << 40)
-          |  (word64)((sword64) (b[55]) << 48);
-    t[ 8] =  (word64)((sword64) (b[56]) <<  0)
-          |  (word64)((sword64) (b[57]) <<  8)
-          |  (word64)((sword64) (b[58]) << 16)
-          |  (word64)((sword64) (b[59]) << 24)
-          |  (word64)((sword64) (b[60]) << 32)
-          |  (word64)((sword64) (b[61]) << 40)
-          |  (word64)((sword64) (b[62]) << 48);
-    t[ 9] =  (word64)((sword64) (b[63]) <<  0)
-          |  (word64)((sword64) (b[64]) <<  8)
-          |  (word64)((sword64) (b[65]) << 16)
-          |  (word64)((sword64) (b[66]) << 24)
-          |  (word64)((sword64) (b[67]) << 32)
-          |  (word64)((sword64) (b[68]) << 40)
-          |  (word64)((sword64) (b[69]) << 48);
-    t[10] =  (word64)((sword64) (b[70]) <<  0)
-          |  (word64)((sword64) (b[71]) <<  8)
-          |  (word64)((sword64) (b[72]) << 16)
-          |  (word64)((sword64) (b[73]) << 24)
-          |  (word64)((sword64) (b[74]) << 32)
-          |  (word64)((sword64) (b[75]) << 40)
-          |  (word64)((sword64) (b[76]) << 48);
-    t[11] =  (word64)((sword64) (b[77]) <<  0)
-          |  (word64)((sword64) (b[78]) <<  8)
-          |  (word64)((sword64) (b[79]) << 16)
-          |  (word64)((sword64) (b[80]) << 24)
-          |  (word64)((sword64) (b[81]) << 32)
-          |  (word64)((sword64) (b[82]) << 40)
-          |  (word64)((sword64) (b[83]) << 48);
-    t[12] =  (word64)((sword64) (b[84]) <<  0)
-          |  (word64)((sword64) (b[85]) <<  8)
-          |  (word64)((sword64) (b[86]) << 16)
-          |  (word64)((sword64) (b[87]) << 24)
-          |  (word64)((sword64) (b[88]) << 32)
-          |  (word64)((sword64) (b[89]) << 40)
-          |  (word64)((sword64) (b[90]) << 48);
-    t[13] =  (word64)((sword64) (b[91]) <<  0)
-          |  (word64)((sword64) (b[92]) <<  8)
-          |  (word64)((sword64) (b[93]) << 16)
-          |  (word64)((sword64) (b[94]) << 24)
-          |  (word64)((sword64) (b[95]) << 32)
-          |  (word64)((sword64) (b[96]) << 40)
-          |  (word64)((sword64) (b[97]) << 48);
-    t[14] =  (word64)((sword64) (b[98]) <<  0)
-          |  (word64)((sword64) (b[99]) <<  8)
-          |  (word64)((sword64) (b[100]) << 16)
-          |  (word64)((sword64) (b[101]) << 24)
-          |  (word64)((sword64) (b[102]) << 32)
-          |  (word64)((sword64) (b[103]) << 40)
-          |  (word64)((sword64) (b[104]) << 48);
-    t[15] =  (word64)((sword64) (b[105]) <<  0)
-          |  (word64)((sword64) (b[106]) <<  8)
-          |  (word64)((sword64) (b[107]) << 16)
-          |  (word64)((sword64) (b[108]) << 24)
-          |  (word64)((sword64) (b[109]) << 32)
-          |  (word64)((sword64) (b[110]) << 40)
-          |  (word64)((sword64) (b[111]) << 48);
-    t[16] =  (word64)((sword64) (b[112]) <<  0)
-          |  (word64)((sword64) (b[113]) <<  8);
+    /* Load from bytes: 114 bytes */
+#ifdef WOLFSSL_ED448_NO_LARGE_CODE
+    for (o = 0; o < 16; o++) {
+        t[o] = (word64)(
+                (((sword64)b[o * 7 + 0]) <<  0)
+              | (((sword64)b[o * 7 + 1]) <<  8)
+              | (((sword64)b[o * 7 + 2]) << 16)
+              | (((sword64)b[o * 7 + 3]) << 24)
+              | (((sword64)b[o * 7 + 4]) << 32)
+              | (((sword64)b[o * 7 + 5]) << 40)
+              | (((sword64)b[o * 7 + 6]) << 48));
+    }
+    t[16] = (word64)(
+            (((sword64)b[o * 7 + 0]) <<  0)
+          | (((sword64)b[o * 7 + 1]) <<  8));
+#else
+    t[ 0] = (word64) ((sword64) (b[ 0]) <<  0)
+          | (word64) ((sword64) (b[ 1]) <<  8)
+          | (word64) ((sword64) (b[ 2]) << 16)
+          | (word64) ((sword64) (b[ 3]) << 24)
+          | (word64) ((sword64) (b[ 4]) << 32)
+          | (word64) ((sword64) (b[ 5]) << 40)
+          | (word64) ((sword64) (b[ 6]) << 48);
+    t[ 1] = (word64) ((sword64) (b[ 7]) <<  0)
+          | (word64) ((sword64) (b[ 8]) <<  8)
+          | (word64) ((sword64) (b[ 9]) << 16)
+          | (word64) ((sword64) (b[10]) << 24)
+          | (word64) ((sword64) (b[11]) << 32)
+          | (word64) ((sword64) (b[12]) << 40)
+          | (word64) ((sword64) (b[13]) << 48);
+    t[ 2] = (word64) ((sword64) (b[14]) <<  0)
+          | (word64) ((sword64) (b[15]) <<  8)
+          | (word64) ((sword64) (b[16]) << 16)
+          | (word64) ((sword64) (b[17]) << 24)
+          | (word64) ((sword64) (b[18]) << 32)
+          | (word64) ((sword64) (b[19]) << 40)
+          | (word64) ((sword64) (b[20]) << 48);
+    t[ 3] = (word64) ((sword64) (b[21]) <<  0)
+          | (word64) ((sword64) (b[22]) <<  8)
+          | (word64) ((sword64) (b[23]) << 16)
+          | (word64) ((sword64) (b[24]) << 24)
+          | (word64) ((sword64) (b[25]) << 32)
+          | (word64) ((sword64) (b[26]) << 40)
+          | (word64) ((sword64) (b[27]) << 48);
+    t[ 4] = (word64) ((sword64) (b[28]) <<  0)
+          | (word64) ((sword64) (b[29]) <<  8)
+          | (word64) ((sword64) (b[30]) << 16)
+          | (word64) ((sword64) (b[31]) << 24)
+          | (word64) ((sword64) (b[32]) << 32)
+          | (word64) ((sword64) (b[33]) << 40)
+          | (word64) ((sword64) (b[34]) << 48);
+    t[ 5] = (word64) ((sword64) (b[35]) <<  0)
+          | (word64) ((sword64) (b[36]) <<  8)
+          | (word64) ((sword64) (b[37]) << 16)
+          | (word64) ((sword64) (b[38]) << 24)
+          | (word64) ((sword64) (b[39]) << 32)
+          | (word64) ((sword64) (b[40]) << 40)
+          | (word64) ((sword64) (b[41]) << 48);
+    t[ 6] = (word64) ((sword64) (b[42]) <<  0)
+          | (word64) ((sword64) (b[43]) <<  8)
+          | (word64) ((sword64) (b[44]) << 16)
+          | (word64) ((sword64) (b[45]) << 24)
+          | (word64) ((sword64) (b[46]) << 32)
+          | (word64) ((sword64) (b[47]) << 40)
+          | (word64) ((sword64) (b[48]) << 48);
+    t[ 7] = (word64) ((sword64) (b[49]) <<  0)
+          | (word64) ((sword64) (b[50]) <<  8)
+          | (word64) ((sword64) (b[51]) << 16)
+          | (word64) ((sword64) (b[52]) << 24)
+          | (word64) ((sword64) (b[53]) << 32)
+          | (word64) ((sword64) (b[54]) << 40)
+          | (word64) ((sword64) (b[55]) << 48);
+    t[ 8] = (word64) ((sword64) (b[56]) <<  0)
+          | (word64) ((sword64) (b[57]) <<  8)
+          | (word64) ((sword64) (b[58]) << 16)
+          | (word64) ((sword64) (b[59]) << 24)
+          | (word64) ((sword64) (b[60]) << 32)
+          | (word64) ((sword64) (b[61]) << 40)
+          | (word64) ((sword64) (b[62]) << 48);
+    t[ 9] = (word64) ((sword64) (b[63]) <<  0)
+          | (word64) ((sword64) (b[64]) <<  8)
+          | (word64) ((sword64) (b[65]) << 16)
+          | (word64) ((sword64) (b[66]) << 24)
+          | (word64) ((sword64) (b[67]) << 32)
+          | (word64) ((sword64) (b[68]) << 40)
+          | (word64) ((sword64) (b[69]) << 48);
+    t[10] = (word64) ((sword64) (b[70]) <<  0)
+          | (word64) ((sword64) (b[71]) <<  8)
+          | (word64) ((sword64) (b[72]) << 16)
+          | (word64) ((sword64) (b[73]) << 24)
+          | (word64) ((sword64) (b[74]) << 32)
+          | (word64) ((sword64) (b[75]) << 40)
+          | (word64) ((sword64) (b[76]) << 48);
+    t[11] = (word64) ((sword64) (b[77]) <<  0)
+          | (word64) ((sword64) (b[78]) <<  8)
+          | (word64) ((sword64) (b[79]) << 16)
+          | (word64) ((sword64) (b[80]) << 24)
+          | (word64) ((sword64) (b[81]) << 32)
+          | (word64) ((sword64) (b[82]) << 40)
+          | (word64) ((sword64) (b[83]) << 48);
+    t[12] = (word64) ((sword64) (b[84]) <<  0)
+          | (word64) ((sword64) (b[85]) <<  8)
+          | (word64) ((sword64) (b[86]) << 16)
+          | (word64) ((sword64) (b[87]) << 24)
+          | (word64) ((sword64) (b[88]) << 32)
+          | (word64) ((sword64) (b[89]) << 40)
+          | (word64) ((sword64) (b[90]) << 48);
+    t[13] = (word64) ((sword64) (b[91]) <<  0)
+          | (word64) ((sword64) (b[92]) <<  8)
+          | (word64) ((sword64) (b[93]) << 16)
+          | (word64) ((sword64) (b[94]) << 24)
+          | (word64) ((sword64) (b[95]) << 32)
+          | (word64) ((sword64) (b[96]) << 40)
+          | (word64) ((sword64) (b[97]) << 48);
+    t[14] = (word64) ((sword64) (b[98]) <<  0)
+          | (word64) ((sword64) (b[99]) <<  8)
+          | (word64) ((sword64) (b[100]) << 16)
+          | (word64) ((sword64) (b[101]) << 24)
+          | (word64) ((sword64) (b[102]) << 32)
+          | (word64) ((sword64) (b[103]) << 40)
+          | (word64) ((sword64) (b[104]) << 48);
+    t[15] = (word64) ((sword64) (b[105]) <<  0)
+          | (word64) ((sword64) (b[106]) <<  8)
+          | (word64) ((sword64) (b[107]) << 16)
+          | (word64) ((sword64) (b[108]) << 24)
+          | (word64) ((sword64) (b[109]) << 32)
+          | (word64) ((sword64) (b[110]) << 40)
+          | (word64) ((sword64) (b[111]) << 48);
+    t[16] = (word64) ((sword64) (b[112]) <<  0)
+          | (word64) ((sword64) (b[113]) <<  8);
+#endif /* WOLFSSL_ED448_NO_LARGE_CODE */
 
     /* Mod curve order */
     /* 2^446 - 0x8335dc163bb124b65129c96fde933d8d723a70aadc873d6d54a7bb0d */
     /* Mod top half of extra words */
+#ifdef WOLFSSL_ED448_NO_LARGE_CODE
+    for (o = 0; o < 5; o++) {
+        t[ 4 + o] += (sword128)0x21cf5b5529eec34L * t[12 + o];
+        t[ 5 + o] += (sword128)0x0f635c8e9c2ab70L * t[12 + o];
+        t[ 6 + o] += (sword128)0x2d944a725bf7a4cL * t[12 + o];
+        t[ 7 + o] += (sword128)0x20cd77058eec490L * t[12 + o];
+    }
+    t[12]  = 0;
+#else
     t[ 4] += (sword128)0x21cf5b5529eec34L * t[12];
     t[ 5] += (sword128)0x0f635c8e9c2ab70L * t[12];
     t[ 6] += (sword128)0x2d944a725bf7a4cL * t[12];
@@ -598,6 +628,7 @@ void sc448_reduce(byte* b)
     t[10] += (sword128)0x2d944a725bf7a4cL * t[16];
     t[11] += (sword128)0x20cd77058eec490L * t[16];
     t[12]  = 0;
+#endif /* WOLFSSL_ED448_NO_LARGE_CODE */
     /* Propagate carries */
     c = t[ 4] >> 56; t[ 5] += c; t[ 4] = t[ 4] & 0xffffffffffffff;
     c = t[ 5] >> 56; t[ 6] += c; t[ 5] = t[ 5] & 0xffffffffffffff;
@@ -608,6 +639,15 @@ void sc448_reduce(byte* b)
     c = t[10] >> 56; t[11] += c; t[10] = t[10] & 0xffffffffffffff;
     c = t[11] >> 56; t[12] += c; t[11] = t[11] & 0xffffffffffffff;
     /* Mod bottom half of extra words */
+#ifdef WOLFSSL_ED448_NO_LARGE_CODE
+    for (o = 0; o < 5; o++) {
+        t[ 0 + o] += (sword128)0x21cf5b5529eec34L * t[ 8 + o];
+        t[ 1 + o] += (sword128)0x0f635c8e9c2ab70L * t[ 8 + o];
+        t[ 2 + o] += (sword128)0x2d944a725bf7a4cL * t[ 8 + o];
+        t[ 3 + o] += (sword128)0x20cd77058eec490L * t[ 8 + o];
+    }
+    t[ 8]  = 0;
+#else
     t[ 0] += (sword128)0x21cf5b5529eec34L * t[ 8];
     t[ 1] += (sword128)0x0f635c8e9c2ab70L * t[ 8];
     t[ 2] += (sword128)0x2d944a725bf7a4cL * t[ 8];
@@ -629,6 +669,7 @@ void sc448_reduce(byte* b)
     t[ 6] += (sword128)0x2d944a725bf7a4cL * t[12];
     t[ 7] += (sword128)0x20cd77058eec490L * t[12];
     t[ 8]  = 0;
+#endif /* WOLFSSL_ED448_NO_LARGE_CODE */
     /* Propagate carries */
     c = t[ 0] >> 56; t[ 1] += c; t[ 0] = t[ 0] & 0xffffffffffffff;
     c = t[ 1] >> 56; t[ 2] += c; t[ 1] = t[ 1] & 0xffffffffffffff;
@@ -667,6 +708,22 @@ void sc448_reduce(byte* b)
     o = d[ 6] >> 56; d[ 7] += o; d[ 6] = d[ 6] & 0xffffffffffffff;
 
     /* Convert to bytes */
+#ifdef WOLFSSL_ED448_NO_LARGE_CODE
+    {
+        word64 ow = 0;
+        for (o = 0; o < 56; o += 7) {
+            b[o + 0] = (byte)(d[ow] >>  0);
+            b[o + 1] = (byte)(d[ow] >>  8);
+            b[o + 2] = (byte)(d[ow] >> 16);
+            b[o + 3] = (byte)(d[ow] >> 24);
+            b[o + 4] = (byte)(d[ow] >> 32);
+            b[o + 5] = (byte)(d[ow] >> 40);
+            b[o + 6] = (byte)(d[ow] >> 48);
+            ow++;
+        }
+        b[56] = 0;
+    }
+#else
     b[ 0] = (byte)(d[0 ] >>  0);
     b[ 1] = (byte)(d[0 ] >>  8);
     b[ 2] = (byte)(d[0 ] >> 16);
@@ -724,6 +781,7 @@ void sc448_reduce(byte* b)
     b[54] = (byte)(d[7 ] >> 40);
     b[55] = (byte)(d[7 ] >> 48);
     b[56] = 0;
+#endif /* WOLFSSL_ED448_NO_LARGE_CODE */
 }
 
 /* Multiply a by b and add d. r = (a * b + d) mod order
@@ -741,177 +799,216 @@ void sc448_muladd(byte* r, const byte* a, const byte* b, const byte* d)
     word64 o;
     sword64 u;
 
-    /* Load from bytes */
-    ad[ 0] =  (word64)((sword64) (a[ 0]) <<  0)
-           |  (word64)((sword64) (a[ 1]) <<  8)
-           |  (word64)((sword64) (a[ 2]) << 16)
-           |  (word64)((sword64) (a[ 3]) << 24)
-           |  (word64)((sword64) (a[ 4]) << 32)
-           |  (word64)((sword64) (a[ 5]) << 40)
-           |  (word64)((sword64) (a[ 6]) << 48);
-    ad[ 1] =  (word64)((sword64) (a[ 7]) <<  0)
-           |  (word64)((sword64) (a[ 8]) <<  8)
-           |  (word64)((sword64) (a[ 9]) << 16)
-           |  (word64)((sword64) (a[10]) << 24)
-           |  (word64)((sword64) (a[11]) << 32)
-           |  (word64)((sword64) (a[12]) << 40)
-           |  (word64)((sword64) (a[13]) << 48);
-    ad[ 2] =  (word64)((sword64) (a[14]) <<  0)
-           |  (word64)((sword64) (a[15]) <<  8)
-           |  (word64)((sword64) (a[16]) << 16)
-           |  (word64)((sword64) (a[17]) << 24)
-           |  (word64)((sword64) (a[18]) << 32)
-           |  (word64)((sword64) (a[19]) << 40)
-           |  (word64)((sword64) (a[20]) << 48);
-    ad[ 3] =  (word64)((sword64) (a[21]) <<  0)
-           |  (word64)((sword64) (a[22]) <<  8)
-           |  (word64)((sword64) (a[23]) << 16)
-           |  (word64)((sword64) (a[24]) << 24)
-           |  (word64)((sword64) (a[25]) << 32)
-           |  (word64)((sword64) (a[26]) << 40)
-           |  (word64)((sword64) (a[27]) << 48);
-    ad[ 4] =  (word64)((sword64) (a[28]) <<  0)
-           |  (word64)((sword64) (a[29]) <<  8)
-           |  (word64)((sword64) (a[30]) << 16)
-           |  (word64)((sword64) (a[31]) << 24)
-           |  (word64)((sword64) (a[32]) << 32)
-           |  (word64)((sword64) (a[33]) << 40)
-           |  (word64)((sword64) (a[34]) << 48);
-    ad[ 5] =  (word64)((sword64) (a[35]) <<  0)
-           |  (word64)((sword64) (a[36]) <<  8)
-           |  (word64)((sword64) (a[37]) << 16)
-           |  (word64)((sword64) (a[38]) << 24)
-           |  (word64)((sword64) (a[39]) << 32)
-           |  (word64)((sword64) (a[40]) << 40)
-           |  (word64)((sword64) (a[41]) << 48);
-    ad[ 6] =  (word64)((sword64) (a[42]) <<  0)
-           |  (word64)((sword64) (a[43]) <<  8)
-           |  (word64)((sword64) (a[44]) << 16)
-           |  (word64)((sword64) (a[45]) << 24)
-           |  (word64)((sword64) (a[46]) << 32)
-           |  (word64)((sword64) (a[47]) << 40)
-           |  (word64)((sword64) (a[48]) << 48);
-    ad[ 7] =  (word64)((sword64) (a[49]) <<  0)
-           |  (word64)((sword64) (a[50]) <<  8)
-           |  (word64)((sword64) (a[51]) << 16)
-           |  (word64)((sword64) (a[52]) << 24)
-           |  (word64)((sword64) (a[53]) << 32)
-           |  (word64)((sword64) (a[54]) << 40)
-           |  (word64)((sword64) (a[55]) << 48);
-    /* Load from bytes */
-    bd[ 0] =  (word64)((sword64) (b[ 0]) <<  0)
-           |  (word64)((sword64) (b[ 1]) <<  8)
-           |  (word64)((sword64) (b[ 2]) << 16)
-           |  (word64)((sword64) (b[ 3]) << 24)
-           |  (word64)((sword64) (b[ 4]) << 32)
-           |  (word64)((sword64) (b[ 5]) << 40)
-           |  (word64)((sword64) (b[ 6]) << 48);
-    bd[ 1] =  (word64)((sword64) (b[ 7]) <<  0)
-           |  (word64)((sword64) (b[ 8]) <<  8)
-           |  (word64)((sword64) (b[ 9]) << 16)
-           |  (word64)((sword64) (b[10]) << 24)
-           |  (word64)((sword64) (b[11]) << 32)
-           |  (word64)((sword64) (b[12]) << 40)
-           |  (word64)((sword64) (b[13]) << 48);
-    bd[ 2] =  (word64)((sword64) (b[14]) <<  0)
-           |  (word64)((sword64) (b[15]) <<  8)
-           |  (word64)((sword64) (b[16]) << 16)
-           |  (word64)((sword64) (b[17]) << 24)
-           |  (word64)((sword64) (b[18]) << 32)
-           |  (word64)((sword64) (b[19]) << 40)
-           |  (word64)((sword64) (b[20]) << 48);
-    bd[ 3] =  (word64)((sword64) (b[21]) <<  0)
-           |  (word64)((sword64) (b[22]) <<  8)
-           |  (word64)((sword64) (b[23]) << 16)
-           |  (word64)((sword64) (b[24]) << 24)
-           |  (word64)((sword64) (b[25]) << 32)
-           |  (word64)((sword64) (b[26]) << 40)
-           |  (word64)((sword64) (b[27]) << 48);
-    bd[ 4] =  (word64)((sword64) (b[28]) <<  0)
-           |  (word64)((sword64) (b[29]) <<  8)
-           |  (word64)((sword64) (b[30]) << 16)
-           |  (word64)((sword64) (b[31]) << 24)
-           |  (word64)((sword64) (b[32]) << 32)
-           |  (word64)((sword64) (b[33]) << 40)
-           |  (word64)((sword64) (b[34]) << 48);
-    bd[ 5] =  (word64)((sword64) (b[35]) <<  0)
-           |  (word64)((sword64) (b[36]) <<  8)
-           |  (word64)((sword64) (b[37]) << 16)
-           |  (word64)((sword64) (b[38]) << 24)
-           |  (word64)((sword64) (b[39]) << 32)
-           |  (word64)((sword64) (b[40]) << 40)
-           |  (word64)((sword64) (b[41]) << 48);
-    bd[ 6] =  (word64)((sword64) (b[42]) <<  0)
-           |  (word64)((sword64) (b[43]) <<  8)
-           |  (word64)((sword64) (b[44]) << 16)
-           |  (word64)((sword64) (b[45]) << 24)
-           |  (word64)((sword64) (b[46]) << 32)
-           |  (word64)((sword64) (b[47]) << 40)
-           |  (word64)((sword64) (b[48]) << 48);
-    bd[ 7] =  (word64)((sword64) (b[49]) <<  0)
-           |  (word64)((sword64) (b[50]) <<  8)
-           |  (word64)((sword64) (b[51]) << 16)
-           |  (word64)((sword64) (b[52]) << 24)
-           |  (word64)((sword64) (b[53]) << 32)
-           |  (word64)((sword64) (b[54]) << 40)
-           |  (word64)((sword64) (b[55]) << 48);
-    /* Load from bytes */
-    dd[ 0] =  (word64)((sword64) (d[ 0]) <<  0)
-           |  (word64)((sword64) (d[ 1]) <<  8)
-           |  (word64)((sword64) (d[ 2]) << 16)
-           |  (word64)((sword64) (d[ 3]) << 24)
-           |  (word64)((sword64) (d[ 4]) << 32)
-           |  (word64)((sword64) (d[ 5]) << 40)
-           |  (word64)((sword64) (d[ 6]) << 48);
-    dd[ 1] =  (word64)((sword64) (d[ 7]) <<  0)
-           |  (word64)((sword64) (d[ 8]) <<  8)
-           |  (word64)((sword64) (d[ 9]) << 16)
-           |  (word64)((sword64) (d[10]) << 24)
-           |  (word64)((sword64) (d[11]) << 32)
-           |  (word64)((sword64) (d[12]) << 40)
-           |  (word64)((sword64) (d[13]) << 48);
-    dd[ 2] =  (word64)((sword64) (d[14]) <<  0)
-           |  (word64)((sword64) (d[15]) <<  8)
-           |  (word64)((sword64) (d[16]) << 16)
-           |  (word64)((sword64) (d[17]) << 24)
-           |  (word64)((sword64) (d[18]) << 32)
-           |  (word64)((sword64) (d[19]) << 40)
-           |  (word64)((sword64) (d[20]) << 48);
-    dd[ 3] =  (word64)((sword64) (d[21]) <<  0)
-           |  (word64)((sword64) (d[22]) <<  8)
-           |  (word64)((sword64) (d[23]) << 16)
-           |  (word64)((sword64) (d[24]) << 24)
-           |  (word64)((sword64) (d[25]) << 32)
-           |  (word64)((sword64) (d[26]) << 40)
-           |  (word64)((sword64) (d[27]) << 48);
-    dd[ 4] =  (word64)((sword64) (d[28]) <<  0)
-           |  (word64)((sword64) (d[29]) <<  8)
-           |  (word64)((sword64) (d[30]) << 16)
-           |  (word64)((sword64) (d[31]) << 24)
-           |  (word64)((sword64) (d[32]) << 32)
-           |  (word64)((sword64) (d[33]) << 40)
-           |  (word64)((sword64) (d[34]) << 48);
-    dd[ 5] =  (word64)((sword64) (d[35]) <<  0)
-           |  (word64)((sword64) (d[36]) <<  8)
-           |  (word64)((sword64) (d[37]) << 16)
-           |  (word64)((sword64) (d[38]) << 24)
-           |  (word64)((sword64) (d[39]) << 32)
-           |  (word64)((sword64) (d[40]) << 40)
-           |  (word64)((sword64) (d[41]) << 48);
-    dd[ 6] =  (word64)((sword64) (d[42]) <<  0)
-           |  (word64)((sword64) (d[43]) <<  8)
-           |  (word64)((sword64) (d[44]) << 16)
-           |  (word64)((sword64) (d[45]) << 24)
-           |  (word64)((sword64) (d[46]) << 32)
-           |  (word64)((sword64) (d[47]) << 40)
-           |  (word64)((sword64) (d[48]) << 48);
-    dd[ 7] =  (word64)((sword64) (d[49]) <<  0)
-           |  (word64)((sword64) (d[50]) <<  8)
-           |  (word64)((sword64) (d[51]) << 16)
-           |  (word64)((sword64) (d[52]) << 24)
-           |  (word64)((sword64) (d[53]) << 32)
-           |  (word64)((sword64) (d[54]) << 40)
-           |  (word64)((sword64) (d[55]) << 48);
+    /* Load from bytes: 56 bytes */
+#ifdef WOLFSSL_ED448_NO_LARGE_CODE
+    for (o = 0; o < 8; o++) {
+        ad[o] = (word64)(
+                (((sword64)a[o * 7 + 0]) <<  0)
+              | (((sword64)a[o * 7 + 1]) <<  8)
+              | (((sword64)a[o * 7 + 2]) << 16)
+              | (((sword64)a[o * 7 + 3]) << 24)
+              | (((sword64)a[o * 7 + 4]) << 32)
+              | (((sword64)a[o * 7 + 5]) << 40)
+              | (((sword64)a[o * 7 + 6]) << 48));
+    }
+#else
+    ad[ 0] = (word64) ((sword64) (a[ 0]) <<  0)
+           | (word64) ((sword64) (a[ 1]) <<  8)
+           | (word64) ((sword64) (a[ 2]) << 16)
+           | (word64) ((sword64) (a[ 3]) << 24)
+           | (word64) ((sword64) (a[ 4]) << 32)
+           | (word64) ((sword64) (a[ 5]) << 40)
+           | (word64) ((sword64) (a[ 6]) << 48);
+    ad[ 1] = (word64) ((sword64) (a[ 7]) <<  0)
+           | (word64) ((sword64) (a[ 8]) <<  8)
+           | (word64) ((sword64) (a[ 9]) << 16)
+           | (word64) ((sword64) (a[10]) << 24)
+           | (word64) ((sword64) (a[11]) << 32)
+           | (word64) ((sword64) (a[12]) << 40)
+           | (word64) ((sword64) (a[13]) << 48);
+    ad[ 2] = (word64) ((sword64) (a[14]) <<  0)
+           | (word64) ((sword64) (a[15]) <<  8)
+           | (word64) ((sword64) (a[16]) << 16)
+           | (word64) ((sword64) (a[17]) << 24)
+           | (word64) ((sword64) (a[18]) << 32)
+           | (word64) ((sword64) (a[19]) << 40)
+           | (word64) ((sword64) (a[20]) << 48);
+    ad[ 3] = (word64) ((sword64) (a[21]) <<  0)
+           | (word64) ((sword64) (a[22]) <<  8)
+           | (word64) ((sword64) (a[23]) << 16)
+           | (word64) ((sword64) (a[24]) << 24)
+           | (word64) ((sword64) (a[25]) << 32)
+           | (word64) ((sword64) (a[26]) << 40)
+           | (word64) ((sword64) (a[27]) << 48);
+    ad[ 4] = (word64) ((sword64) (a[28]) <<  0)
+           | (word64) ((sword64) (a[29]) <<  8)
+           | (word64) ((sword64) (a[30]) << 16)
+           | (word64) ((sword64) (a[31]) << 24)
+           | (word64) ((sword64) (a[32]) << 32)
+           | (word64) ((sword64) (a[33]) << 40)
+           | (word64) ((sword64) (a[34]) << 48);
+    ad[ 5] = (word64) ((sword64) (a[35]) <<  0)
+           | (word64) ((sword64) (a[36]) <<  8)
+           | (word64) ((sword64) (a[37]) << 16)
+           | (word64) ((sword64) (a[38]) << 24)
+           | (word64) ((sword64) (a[39]) << 32)
+           | (word64) ((sword64) (a[40]) << 40)
+           | (word64) ((sword64) (a[41]) << 48);
+    ad[ 6] = (word64) ((sword64) (a[42]) <<  0)
+           | (word64) ((sword64) (a[43]) <<  8)
+           | (word64) ((sword64) (a[44]) << 16)
+           | (word64) ((sword64) (a[45]) << 24)
+           | (word64) ((sword64) (a[46]) << 32)
+           | (word64) ((sword64) (a[47]) << 40)
+           | (word64) ((sword64) (a[48]) << 48);
+    ad[ 7] = (word64) ((sword64) (a[49]) <<  0)
+           | (word64) ((sword64) (a[50]) <<  8)
+           | (word64) ((sword64) (a[51]) << 16)
+           | (word64) ((sword64) (a[52]) << 24)
+           | (word64) ((sword64) (a[53]) << 32)
+           | (word64) ((sword64) (a[54]) << 40)
+           | (word64) ((sword64) (a[55]) << 48);
+#endif /* WOLFSSL_ED448_NO_LARGE_CODE */
+    /* Load from bytes: 56 bytes */
+#ifdef WOLFSSL_ED448_NO_LARGE_CODE
+    for (o = 0; o < 8; o++) {
+        bd[o] = (word64)(
+                (((sword64)b[o * 7 + 0]) <<  0)
+              | (((sword64)b[o * 7 + 1]) <<  8)
+              | (((sword64)b[o * 7 + 2]) << 16)
+              | (((sword64)b[o * 7 + 3]) << 24)
+              | (((sword64)b[o * 7 + 4]) << 32)
+              | (((sword64)b[o * 7 + 5]) << 40)
+              | (((sword64)b[o * 7 + 6]) << 48));
+    }
+#else
+    bd[ 0] = (word64) ((sword64) (b[ 0]) <<  0)
+           | (word64) ((sword64) (b[ 1]) <<  8)
+           | (word64) ((sword64) (b[ 2]) << 16)
+           | (word64) ((sword64) (b[ 3]) << 24)
+           | (word64) ((sword64) (b[ 4]) << 32)
+           | (word64) ((sword64) (b[ 5]) << 40)
+           | (word64) ((sword64) (b[ 6]) << 48);
+    bd[ 1] = (word64) ((sword64) (b[ 7]) <<  0)
+           | (word64) ((sword64) (b[ 8]) <<  8)
+           | (word64) ((sword64) (b[ 9]) << 16)
+           | (word64) ((sword64) (b[10]) << 24)
+           | (word64) ((sword64) (b[11]) << 32)
+           | (word64) ((sword64) (b[12]) << 40)
+           | (word64) ((sword64) (b[13]) << 48);
+    bd[ 2] = (word64) ((sword64) (b[14]) <<  0)
+           | (word64) ((sword64) (b[15]) <<  8)
+           | (word64) ((sword64) (b[16]) << 16)
+           | (word64) ((sword64) (b[17]) << 24)
+           | (word64) ((sword64) (b[18]) << 32)
+           | (word64) ((sword64) (b[19]) << 40)
+           | (word64) ((sword64) (b[20]) << 48);
+    bd[ 3] = (word64) ((sword64) (b[21]) <<  0)
+           | (word64) ((sword64) (b[22]) <<  8)
+           | (word64) ((sword64) (b[23]) << 16)
+           | (word64) ((sword64) (b[24]) << 24)
+           | (word64) ((sword64) (b[25]) << 32)
+           | (word64) ((sword64) (b[26]) << 40)
+           | (word64) ((sword64) (b[27]) << 48);
+    bd[ 4] = (word64) ((sword64) (b[28]) <<  0)
+           | (word64) ((sword64) (b[29]) <<  8)
+           | (word64) ((sword64) (b[30]) << 16)
+           | (word64) ((sword64) (b[31]) << 24)
+           | (word64) ((sword64) (b[32]) << 32)
+           | (word64) ((sword64) (b[33]) << 40)
+           | (word64) ((sword64) (b[34]) << 48);
+    bd[ 5] = (word64) ((sword64) (b[35]) <<  0)
+           | (word64) ((sword64) (b[36]) <<  8)
+           | (word64) ((sword64) (b[37]) << 16)
+           | (word64) ((sword64) (b[38]) << 24)
+           | (word64) ((sword64) (b[39]) << 32)
+           | (word64) ((sword64) (b[40]) << 40)
+           | (word64) ((sword64) (b[41]) << 48);
+    bd[ 6] = (word64) ((sword64) (b[42]) <<  0)
+           | (word64) ((sword64) (b[43]) <<  8)
+           | (word64) ((sword64) (b[44]) << 16)
+           | (word64) ((sword64) (b[45]) << 24)
+           | (word64) ((sword64) (b[46]) << 32)
+           | (word64) ((sword64) (b[47]) << 40)
+           | (word64) ((sword64) (b[48]) << 48);
+    bd[ 7] = (word64) ((sword64) (b[49]) <<  0)
+           | (word64) ((sword64) (b[50]) <<  8)
+           | (word64) ((sword64) (b[51]) << 16)
+           | (word64) ((sword64) (b[52]) << 24)
+           | (word64) ((sword64) (b[53]) << 32)
+           | (word64) ((sword64) (b[54]) << 40)
+           | (word64) ((sword64) (b[55]) << 48);
+#endif /* WOLFSSL_ED448_NO_LARGE_CODE */
+    /* Load from bytes: 56 bytes */
+#ifdef WOLFSSL_ED448_NO_LARGE_CODE
+    for (o = 0; o < 8; o++) {
+        dd[o] = (word64)(
+                (((sword64)d[o * 7 + 0]) <<  0)
+              | (((sword64)d[o * 7 + 1]) <<  8)
+              | (((sword64)d[o * 7 + 2]) << 16)
+              | (((sword64)d[o * 7 + 3]) << 24)
+              | (((sword64)d[o * 7 + 4]) << 32)
+              | (((sword64)d[o * 7 + 5]) << 40)
+              | (((sword64)d[o * 7 + 6]) << 48));
+    }
+#else
+    dd[ 0] = (word64) ((sword64) (d[ 0]) <<  0)
+           | (word64) ((sword64) (d[ 1]) <<  8)
+           | (word64) ((sword64) (d[ 2]) << 16)
+           | (word64) ((sword64) (d[ 3]) << 24)
+           | (word64) ((sword64) (d[ 4]) << 32)
+           | (word64) ((sword64) (d[ 5]) << 40)
+           | (word64) ((sword64) (d[ 6]) << 48);
+    dd[ 1] = (word64) ((sword64) (d[ 7]) <<  0)
+           | (word64) ((sword64) (d[ 8]) <<  8)
+           | (word64) ((sword64) (d[ 9]) << 16)
+           | (word64) ((sword64) (d[10]) << 24)
+           | (word64) ((sword64) (d[11]) << 32)
+           | (word64) ((sword64) (d[12]) << 40)
+           | (word64) ((sword64) (d[13]) << 48);
+    dd[ 2] = (word64) ((sword64) (d[14]) <<  0)
+           | (word64) ((sword64) (d[15]) <<  8)
+           | (word64) ((sword64) (d[16]) << 16)
+           | (word64) ((sword64) (d[17]) << 24)
+           | (word64) ((sword64) (d[18]) << 32)
+           | (word64) ((sword64) (d[19]) << 40)
+           | (word64) ((sword64) (d[20]) << 48);
+    dd[ 3] = (word64) ((sword64) (d[21]) <<  0)
+           | (word64) ((sword64) (d[22]) <<  8)
+           | (word64) ((sword64) (d[23]) << 16)
+           | (word64) ((sword64) (d[24]) << 24)
+           | (word64) ((sword64) (d[25]) << 32)
+           | (word64) ((sword64) (d[26]) << 40)
+           | (word64) ((sword64) (d[27]) << 48);
+    dd[ 4] = (word64) ((sword64) (d[28]) <<  0)
+           | (word64) ((sword64) (d[29]) <<  8)
+           | (word64) ((sword64) (d[30]) << 16)
+           | (word64) ((sword64) (d[31]) << 24)
+           | (word64) ((sword64) (d[32]) << 32)
+           | (word64) ((sword64) (d[33]) << 40)
+           | (word64) ((sword64) (d[34]) << 48);
+    dd[ 5] = (word64) ((sword64) (d[35]) <<  0)
+           | (word64) ((sword64) (d[36]) <<  8)
+           | (word64) ((sword64) (d[37]) << 16)
+           | (word64) ((sword64) (d[38]) << 24)
+           | (word64) ((sword64) (d[39]) << 32)
+           | (word64) ((sword64) (d[40]) << 40)
+           | (word64) ((sword64) (d[41]) << 48);
+    dd[ 6] = (word64) ((sword64) (d[42]) <<  0)
+           | (word64) ((sword64) (d[43]) <<  8)
+           | (word64) ((sword64) (d[44]) << 16)
+           | (word64) ((sword64) (d[45]) << 24)
+           | (word64) ((sword64) (d[46]) << 32)
+           | (word64) ((sword64) (d[47]) << 40)
+           | (word64) ((sword64) (d[48]) << 48);
+    dd[ 7] = (word64) ((sword64) (d[49]) <<  0)
+           | (word64) ((sword64) (d[50]) <<  8)
+           | (word64) ((sword64) (d[51]) << 16)
+           | (word64) ((sword64) (d[52]) << 24)
+           | (word64) ((sword64) (d[53]) << 32)
+           | (word64) ((sword64) (d[54]) << 40)
+           | (word64) ((sword64) (d[55]) << 48);
+#endif /* WOLFSSL_ED448_NO_LARGE_CODE */
 
     /* a * b + d */
     t[ 0] = (word128)(dd[ 0] + (word128)((sword128)ad[ 0] * bd[ 0]));
@@ -999,6 +1096,14 @@ void sc448_muladd(byte* r, const byte* a, const byte* b, const byte* d)
     c = t[13] >> 56; t[14] += c; t[13] = t[13] & 0xffffffffffffff;
     c = t[14] >> 56; t[15] += c; t[14] = t[14] & 0xffffffffffffff;
     /* Mod top half of extra words */
+#ifdef WOLFSSL_ED448_NO_LARGE_CODE
+    for (o = 0; o < 4; o++) {
+        t[ 4 + o] += (sword128)0x21cf5b5529eec34L * t[12 + o];
+        t[ 5 + o] += (sword128)0x0f635c8e9c2ab70L * t[12 + o];
+        t[ 6 + o] += (sword128)0x2d944a725bf7a4cL * t[12 + o];
+        t[ 7 + o] += (sword128)0x20cd77058eec490L * t[12 + o];
+    }
+#else
     t[ 4] += (sword128)0x21cf5b5529eec34L * t[12];
     t[ 5] += (sword128)0x0f635c8e9c2ab70L * t[12];
     t[ 6] += (sword128)0x2d944a725bf7a4cL * t[12];
@@ -1015,6 +1120,7 @@ void sc448_muladd(byte* r, const byte* a, const byte* b, const byte* d)
     t[ 8] += (sword128)0x0f635c8e9c2ab70L * t[15];
     t[ 9] += (sword128)0x2d944a725bf7a4cL * t[15];
     t[10] += (sword128)0x20cd77058eec490L * t[15];
+#endif /* WOLFSSL_ED448_NO_LARGE_CODE */
     /* Propagate carries */
     c = t[ 4] >> 56; t[ 5] += c; t[ 4] = t[ 4] & 0xffffffffffffff;
     c = t[ 5] >> 56; t[ 6] += c; t[ 5] = t[ 5] & 0xffffffffffffff;
@@ -1024,6 +1130,14 @@ void sc448_muladd(byte* r, const byte* a, const byte* b, const byte* d)
     c = t[ 9] >> 56; t[10] += c; t[ 9] = t[ 9] & 0xffffffffffffff;
     c = t[10] >> 56; t[11] += c; t[10] = t[10] & 0xffffffffffffff;
     /* Mod bottom half of extra words */
+#ifdef WOLFSSL_ED448_NO_LARGE_CODE
+    for (o = 0; o < 4; o++) {
+        t[ 0 + o] += (sword128)0x21cf5b5529eec34L * t[ 8 + o];
+        t[ 1 + o] += (sword128)0x0f635c8e9c2ab70L * t[ 8 + o];
+        t[ 2 + o] += (sword128)0x2d944a725bf7a4cL * t[ 8 + o];
+        t[ 3 + o] += (sword128)0x20cd77058eec490L * t[ 8 + o];
+    }
+#else
     t[ 0] += (sword128)0x21cf5b5529eec34L * t[ 8];
     t[ 1] += (sword128)0x0f635c8e9c2ab70L * t[ 8];
     t[ 2] += (sword128)0x2d944a725bf7a4cL * t[ 8];
@@ -1040,6 +1154,7 @@ void sc448_muladd(byte* r, const byte* a, const byte* b, const byte* d)
     t[ 4] += (sword128)0x0f635c8e9c2ab70L * t[11];
     t[ 5] += (sword128)0x2d944a725bf7a4cL * t[11];
     t[ 6] += (sword128)0x20cd77058eec490L * t[11];
+#endif /* WOLFSSL_ED448_NO_LARGE_CODE */
     /* Propagate carries */
     c = t[ 0] >> 56; t[ 1] += c; rd[ 0] = (sword64)(t[ 0] & 0xffffffffffffff);
     c = t[ 1] >> 56; t[ 2] += c; rd[ 1] = (sword64)(t[ 1] & 0xffffffffffffff);
@@ -1100,6 +1215,22 @@ void sc448_muladd(byte* r, const byte* a, const byte* b, const byte* d)
     rd[7] = u & 0xffffffffffffff;
 
     /* Convert to bytes */
+#ifdef WOLFSSL_ED448_NO_LARGE_CODE
+    {
+        word64 ow = 0;
+        for (o = 0; o < 56; o += 7) {
+            r[o + 0] = (byte)(rd[ow] >>  0);
+            r[o + 1] = (byte)(rd[ow] >>  8);
+            r[o + 2] = (byte)(rd[ow] >> 16);
+            r[o + 3] = (byte)(rd[ow] >> 24);
+            r[o + 4] = (byte)(rd[ow] >> 32);
+            r[o + 5] = (byte)(rd[ow] >> 40);
+            r[o + 6] = (byte)(rd[ow] >> 48);
+            ow++;
+        }
+        r[56] = 0;
+    }
+#else
     r[ 0] = (byte)(rd[0 ] >>  0);
     r[ 1] = (byte)(rd[0 ] >>  8);
     r[ 2] = (byte)(rd[0 ] >> 16);
@@ -1157,6 +1288,7 @@ void sc448_muladd(byte* r, const byte* a, const byte* b, const byte* d)
     r[54] = (byte)(rd[7 ] >> 40);
     r[55] = (byte)(rd[7 ] >> 48);
     r[56] = 0;
+#endif /* WOLFSSL_ED448_NO_LARGE_CODE */
 }
 
 /* Precomputed multiples of the base point. */
@@ -5137,174 +5269,172 @@ void sc448_reduce(byte* b)
     word64 c;
     word32 o;
 
-    /* Load from bytes */
-    t[ 0] = (word64)(
-             (((sword32)((b[ 0]        ) >>  0)) <<  0)
-          |  (((sword32)((b[ 1]        ) >>  0)) <<  8)
-          |  (((sword32)((b[ 2]        ) >>  0)) << 16)
-          | ((((sword32)((b[ 3] & 0xf )) >>  0)) << 24));
-    t[ 1] = (word64)(
-             (((sword32)((b[ 3]        ) >>  4)) <<  0)
-          |  (((sword32)((b[ 4]        ) >>  0)) <<  4)
-          |  (((sword32)((b[ 5]        ) >>  0)) << 12)
-          |  (((sword32)((b[ 6]        ) >>  0)) << 20));
-    t[ 2] = (word64)(
-             (((sword32)((b[ 7]        ) >>  0)) <<  0)
-          |  (((sword32)((b[ 8]        ) >>  0)) <<  8)
-          |  (((sword32)((b[ 9]        ) >>  0)) << 16)
-          | ((((sword32)((b[10] & 0xf )) >>  0)) << 24));
-    t[ 3] = (word64)(
-             (((sword32)((b[10]        ) >>  4)) <<  0)
-          |  (((sword32)((b[11]        ) >>  0)) <<  4)
-          |  (((sword32)((b[12]        ) >>  0)) << 12)
-          |  (((sword32)((b[13]        ) >>  0)) << 20));
-    t[ 4] = (word64)(
-             (((sword32)((b[14]        ) >>  0)) <<  0)
-          |  (((sword32)((b[15]        ) >>  0)) <<  8)
-          |  (((sword32)((b[16]        ) >>  0)) << 16)
-          | ((((sword32)((b[17] & 0xf )) >>  0)) << 24));
-    t[ 5] = (word64)(
-             (((sword32)((b[17]        ) >>  4)) <<  0)
-          |  (((sword32)((b[18]        ) >>  0)) <<  4)
-          |  (((sword32)((b[19]        ) >>  0)) << 12)
-          |  (((sword32)((b[20]        ) >>  0)) << 20));
-    t[ 6] = (word64)(
-             (((sword32)((b[21]        ) >>  0)) <<  0)
-          |  (((sword32)((b[22]        ) >>  0)) <<  8)
-          |  (((sword32)((b[23]        ) >>  0)) << 16)
-          | ((((sword32)((b[24] & 0xf )) >>  0)) << 24));
-    t[ 7] = (word64)(
-             (((sword32)((b[24]        ) >>  4)) <<  0)
-          |  (((sword32)((b[25]        ) >>  0)) <<  4)
-          |  (((sword32)((b[26]        ) >>  0)) << 12)
-          |  (((sword32)((b[27]        ) >>  0)) << 20));
-    t[ 8] = (word64)(
-             (((sword32)((b[28]        ) >>  0)) <<  0)
-          |  (((sword32)((b[29]        ) >>  0)) <<  8)
-          |  (((sword32)((b[30]        ) >>  0)) << 16)
-          | ((((sword32)((b[31] & 0xf )) >>  0)) << 24));
-    t[ 9] = (word64)(
-             (((sword32)((b[31]        ) >>  4)) <<  0)
-          |  (((sword32)((b[32]        ) >>  0)) <<  4)
-          |  (((sword32)((b[33]        ) >>  0)) << 12)
-          |  (((sword32)((b[34]        ) >>  0)) << 20));
-    t[10] = (word64)(
-             (((sword32)((b[35]        ) >>  0)) <<  0)
-          |  (((sword32)((b[36]        ) >>  0)) <<  8)
-          |  (((sword32)((b[37]        ) >>  0)) << 16)
-          | ((((sword32)((b[38] & 0xf )) >>  0)) << 24));
-    t[11] = (word64)(
-             (((sword32)((b[38]        ) >>  4)) <<  0)
-          |  (((sword32)((b[39]        ) >>  0)) <<  4)
-          |  (((sword32)((b[40]        ) >>  0)) << 12)
-          |  (((sword32)((b[41]        ) >>  0)) << 20));
-    t[12] = (word64)(
-             (((sword32)((b[42]        ) >>  0)) <<  0)
-          |  (((sword32)((b[43]        ) >>  0)) <<  8)
-          |  (((sword32)((b[44]        ) >>  0)) << 16)
-          | ((((sword32)((b[45] & 0xf )) >>  0)) << 24));
-    t[13] = (word64)(
-             (((sword32)((b[45]        ) >>  4)) <<  0)
-          |  (((sword32)((b[46]        ) >>  0)) <<  4)
-          |  (((sword32)((b[47]        ) >>  0)) << 12)
-          |  (((sword32)((b[48]        ) >>  0)) << 20));
-    t[14] = (word64)(
-             (((sword32)((b[49]        ) >>  0)) <<  0)
-          |  (((sword32)((b[50]        ) >>  0)) <<  8)
-          |  (((sword32)((b[51]        ) >>  0)) << 16)
-          | ((((sword32)((b[52] & 0xf )) >>  0)) << 24));
-    t[15] = (word64)(
-             (((sword32)((b[52]        ) >>  4)) <<  0)
-          |  (((sword32)((b[53]        ) >>  0)) <<  4)
-          |  (((sword32)((b[54]        ) >>  0)) << 12)
-          |  (((sword32)((b[55]        ) >>  0)) << 20));
-    t[16] = (word64)(
-             (((sword32)((b[56]        ) >>  0)) <<  0)
-          |  (((sword32)((b[57]        ) >>  0)) <<  8)
-          |  (((sword32)((b[58]        ) >>  0)) << 16)
-          | ((((sword32)((b[59] & 0xf )) >>  0)) << 24));
-    t[17] = (word64)(
-             (((sword32)((b[59]        ) >>  4)) <<  0)
-          |  (((sword32)((b[60]        ) >>  0)) <<  4)
-          |  (((sword32)((b[61]        ) >>  0)) << 12)
-          |  (((sword32)((b[62]        ) >>  0)) << 20));
-    t[18] = (word64)(
-             (((sword32)((b[63]        ) >>  0)) <<  0)
-          |  (((sword32)((b[64]        ) >>  0)) <<  8)
-          |  (((sword32)((b[65]        ) >>  0)) << 16)
-          | ((((sword32)((b[66] & 0xf )) >>  0)) << 24));
-    t[19] = (word64)(
-             (((sword32)((b[66]        ) >>  4)) <<  0)
-          |  (((sword32)((b[67]        ) >>  0)) <<  4)
-          |  (((sword32)((b[68]        ) >>  0)) << 12)
-          |  (((sword32)((b[69]        ) >>  0)) << 20));
-    t[20] = (word64)(
-             (((sword32)((b[70]        ) >>  0)) <<  0)
-          |  (((sword32)((b[71]        ) >>  0)) <<  8)
-          |  (((sword32)((b[72]        ) >>  0)) << 16)
-          | ((((sword32)((b[73] & 0xf )) >>  0)) << 24));
-    t[21] = (word64)(
-             (((sword32)((b[73]        ) >>  4)) <<  0)
-          |  (((sword32)((b[74]        ) >>  0)) <<  4)
-          |  (((sword32)((b[75]        ) >>  0)) << 12)
-          |  (((sword32)((b[76]        ) >>  0)) << 20));
-    t[22] = (word64)(
-             (((sword32)((b[77]        ) >>  0)) <<  0)
-          |  (((sword32)((b[78]        ) >>  0)) <<  8)
-          |  (((sword32)((b[79]        ) >>  0)) << 16)
-          | ((((sword32)((b[80] & 0xf )) >>  0)) << 24));
-    t[23] = (word64)(
-             (((sword32)((b[80]        ) >>  4)) <<  0)
-          |  (((sword32)((b[81]        ) >>  0)) <<  4)
-          |  (((sword32)((b[82]        ) >>  0)) << 12)
-          |  (((sword32)((b[83]        ) >>  0)) << 20));
-    t[24] = (word64)(
-             (((sword32)((b[84]        ) >>  0)) <<  0)
-          |  (((sword32)((b[85]        ) >>  0)) <<  8)
-          |  (((sword32)((b[86]        ) >>  0)) << 16)
-          | ((((sword32)((b[87] & 0xf )) >>  0)) << 24));
-    t[25] = (word64)(
-             (((sword32)((b[87]        ) >>  4)) <<  0)
-          |  (((sword32)((b[88]        ) >>  0)) <<  4)
-          |  (((sword32)((b[89]        ) >>  0)) << 12)
-          |  (((sword32)((b[90]        ) >>  0)) << 20));
-    t[26] = (word64)(
-             (((sword32)((b[91]        ) >>  0)) <<  0)
-          |  (((sword32)((b[92]        ) >>  0)) <<  8)
-          |  (((sword32)((b[93]        ) >>  0)) << 16)
-          | ((((sword32)((b[94] & 0xf )) >>  0)) << 24));
-    t[27] = (word64)(
-             (((sword32)((b[94]        ) >>  4)) <<  0)
-          |  (((sword32)((b[95]        ) >>  0)) <<  4)
-          |  (((sword32)((b[96]        ) >>  0)) << 12)
-          |  (((sword32)((b[97]        ) >>  0)) << 20));
-    t[28] = (word64)(
-             (((sword32)((b[98]        ) >>  0)) <<  0)
-          |  (((sword32)((b[99]        ) >>  0)) <<  8)
-          |  (((sword32)((b[100]        ) >>  0)) << 16)
-          | ((((sword32)((b[101] & 0xf )) >>  0)) << 24));
-    t[29] = (word64)(
-             (((sword32)((b[101]        ) >>  4)) <<  0)
-          |  (((sword32)((b[102]        ) >>  0)) <<  4)
-          |  (((sword32)((b[103]        ) >>  0)) << 12)
-          |  (((sword32)((b[104]        ) >>  0)) << 20));
-    t[30] = (word64)(
-             (((sword32)((b[105]        ) >>  0)) <<  0)
-          |  (((sword32)((b[106]        ) >>  0)) <<  8)
-          |  (((sword32)((b[107]        ) >>  0)) << 16)
-          | ((((sword32)((b[108] & 0xf )) >>  0)) << 24));
-    t[31] = (word64)(
-             (((sword32)((b[108]        ) >>  4)) <<  0)
-          |  (((sword32)((b[109]        ) >>  0)) <<  4)
-          |  (((sword32)((b[110]        ) >>  0)) << 12)
-          |  (((sword32)((b[111]        ) >>  0)) << 20));
-    t[32] = (word64)(
+    /* Load from bytes: 114 bytes */
+#ifdef WOLFSSL_ED448_NO_LARGE_CODE
+    for (o = 0; o < 31; o += 2) {
+        t[o + 0] = (word32)(
+                     (((sword32)((b[o / 2 * 7 + 0]        ) >>  0)) <<  0)
+                  |  (((sword32)((b[o / 2 * 7 + 1]        ) >>  0)) <<  8)
+                  |  (((sword32)((b[o / 2 * 7 + 2]        ) >>  0)) << 16)
+                  | ((((sword32)((b[o / 2 * 7 + 3] & 0xf )) >>  0)) << 24));
+        t[o + 1] = (word32)(
+                     (((sword32)((b[o / 2 * 7 + 3]        ) >>  4)) <<  0)
+                  |  (((sword32)((b[o / 2 * 7 + 4]        ) >>  0)) <<  4)
+                  |  (((sword32)((b[o / 2 * 7 + 5]        ) >>  0)) << 12)
+                  |  (((sword32)((b[o / 2 * 7 + 6]        ) >>  0)) << 20));
+    }
+    t[32] = (word32)(
              (((sword32)((b[112]        ) >>  0)) <<  0)
           |  (((sword32)((b[113]        ) >>  0)) <<  8));
+#else
+    t[ 0] =  (word32) (((sword32)((b[ 0]        ) >>  0)) <<  0)
+          |  (word32) (((sword32)((b[ 1]        ) >>  0)) <<  8)
+          |  (word32) (((sword32)((b[ 2]        ) >>  0)) << 16)
+          |  (word32)((((sword32)((b[ 3] & 0xf )) >>  0)) << 24);
+    t[ 1] =  (word32) (((sword32)((b[ 3]        ) >>  4)) <<  0)
+          |  (word32) (((sword32)((b[ 4]        ) >>  0)) <<  4)
+          |  (word32) (((sword32)((b[ 5]        ) >>  0)) << 12)
+          |  (word32) (((sword32)((b[ 6]        ) >>  0)) << 20);
+    t[ 2] =  (word32) (((sword32)((b[ 7]        ) >>  0)) <<  0)
+          |  (word32) (((sword32)((b[ 8]        ) >>  0)) <<  8)
+          |  (word32) (((sword32)((b[ 9]        ) >>  0)) << 16)
+          |  (word32)((((sword32)((b[10] & 0xf )) >>  0)) << 24);
+    t[ 3] =  (word32) (((sword32)((b[10]        ) >>  4)) <<  0)
+          |  (word32) (((sword32)((b[11]        ) >>  0)) <<  4)
+          |  (word32) (((sword32)((b[12]        ) >>  0)) << 12)
+          |  (word32) (((sword32)((b[13]        ) >>  0)) << 20);
+    t[ 4] =  (word32) (((sword32)((b[14]        ) >>  0)) <<  0)
+          |  (word32) (((sword32)((b[15]        ) >>  0)) <<  8)
+          |  (word32) (((sword32)((b[16]        ) >>  0)) << 16)
+          |  (word32)((((sword32)((b[17] & 0xf )) >>  0)) << 24);
+    t[ 5] =  (word32) (((sword32)((b[17]        ) >>  4)) <<  0)
+          |  (word32) (((sword32)((b[18]        ) >>  0)) <<  4)
+          |  (word32) (((sword32)((b[19]        ) >>  0)) << 12)
+          |  (word32) (((sword32)((b[20]        ) >>  0)) << 20);
+    t[ 6] =  (word32) (((sword32)((b[21]        ) >>  0)) <<  0)
+          |  (word32) (((sword32)((b[22]        ) >>  0)) <<  8)
+          |  (word32) (((sword32)((b[23]        ) >>  0)) << 16)
+          |  (word32)((((sword32)((b[24] & 0xf )) >>  0)) << 24);
+    t[ 7] =  (word32) (((sword32)((b[24]        ) >>  4)) <<  0)
+          |  (word32) (((sword32)((b[25]        ) >>  0)) <<  4)
+          |  (word32) (((sword32)((b[26]        ) >>  0)) << 12)
+          |  (word32) (((sword32)((b[27]        ) >>  0)) << 20);
+    t[ 8] =  (word32) (((sword32)((b[28]        ) >>  0)) <<  0)
+          |  (word32) (((sword32)((b[29]        ) >>  0)) <<  8)
+          |  (word32) (((sword32)((b[30]        ) >>  0)) << 16)
+          |  (word32)((((sword32)((b[31] & 0xf )) >>  0)) << 24);
+    t[ 9] =  (word32) (((sword32)((b[31]        ) >>  4)) <<  0)
+          |  (word32) (((sword32)((b[32]        ) >>  0)) <<  4)
+          |  (word32) (((sword32)((b[33]        ) >>  0)) << 12)
+          |  (word32) (((sword32)((b[34]        ) >>  0)) << 20);
+    t[10] =  (word32) (((sword32)((b[35]        ) >>  0)) <<  0)
+          |  (word32) (((sword32)((b[36]        ) >>  0)) <<  8)
+          |  (word32) (((sword32)((b[37]        ) >>  0)) << 16)
+          |  (word32)((((sword32)((b[38] & 0xf )) >>  0)) << 24);
+    t[11] =  (word32) (((sword32)((b[38]        ) >>  4)) <<  0)
+          |  (word32) (((sword32)((b[39]        ) >>  0)) <<  4)
+          |  (word32) (((sword32)((b[40]        ) >>  0)) << 12)
+          |  (word32) (((sword32)((b[41]        ) >>  0)) << 20);
+    t[12] =  (word32) (((sword32)((b[42]        ) >>  0)) <<  0)
+          |  (word32) (((sword32)((b[43]        ) >>  0)) <<  8)
+          |  (word32) (((sword32)((b[44]        ) >>  0)) << 16)
+          |  (word32)((((sword32)((b[45] & 0xf )) >>  0)) << 24);
+    t[13] =  (word32) (((sword32)((b[45]        ) >>  4)) <<  0)
+          |  (word32) (((sword32)((b[46]        ) >>  0)) <<  4)
+          |  (word32) (((sword32)((b[47]        ) >>  0)) << 12)
+          |  (word32) (((sword32)((b[48]        ) >>  0)) << 20);
+    t[14] =  (word32) (((sword32)((b[49]        ) >>  0)) <<  0)
+          |  (word32) (((sword32)((b[50]        ) >>  0)) <<  8)
+          |  (word32) (((sword32)((b[51]        ) >>  0)) << 16)
+          |  (word32)((((sword32)((b[52] & 0xf )) >>  0)) << 24);
+    t[15] =  (word32) (((sword32)((b[52]        ) >>  4)) <<  0)
+          |  (word32) (((sword32)((b[53]        ) >>  0)) <<  4)
+          |  (word32) (((sword32)((b[54]        ) >>  0)) << 12)
+          |  (word32) (((sword32)((b[55]        ) >>  0)) << 20);
+    t[16] =  (word32) (((sword32)((b[56]        ) >>  0)) <<  0)
+          |  (word32) (((sword32)((b[57]        ) >>  0)) <<  8)
+          |  (word32) (((sword32)((b[58]        ) >>  0)) << 16)
+          |  (word32)((((sword32)((b[59] & 0xf )) >>  0)) << 24);
+    t[17] =  (word32) (((sword32)((b[59]        ) >>  4)) <<  0)
+          |  (word32) (((sword32)((b[60]        ) >>  0)) <<  4)
+          |  (word32) (((sword32)((b[61]        ) >>  0)) << 12)
+          |  (word32) (((sword32)((b[62]        ) >>  0)) << 20);
+    t[18] =  (word32) (((sword32)((b[63]        ) >>  0)) <<  0)
+          |  (word32) (((sword32)((b[64]        ) >>  0)) <<  8)
+          |  (word32) (((sword32)((b[65]        ) >>  0)) << 16)
+          |  (word32)((((sword32)((b[66] & 0xf )) >>  0)) << 24);
+    t[19] =  (word32) (((sword32)((b[66]        ) >>  4)) <<  0)
+          |  (word32) (((sword32)((b[67]        ) >>  0)) <<  4)
+          |  (word32) (((sword32)((b[68]        ) >>  0)) << 12)
+          |  (word32) (((sword32)((b[69]        ) >>  0)) << 20);
+    t[20] =  (word32) (((sword32)((b[70]        ) >>  0)) <<  0)
+          |  (word32) (((sword32)((b[71]        ) >>  0)) <<  8)
+          |  (word32) (((sword32)((b[72]        ) >>  0)) << 16)
+          |  (word32)((((sword32)((b[73] & 0xf )) >>  0)) << 24);
+    t[21] =  (word32) (((sword32)((b[73]        ) >>  4)) <<  0)
+          |  (word32) (((sword32)((b[74]        ) >>  0)) <<  4)
+          |  (word32) (((sword32)((b[75]        ) >>  0)) << 12)
+          |  (word32) (((sword32)((b[76]        ) >>  0)) << 20);
+    t[22] =  (word32) (((sword32)((b[77]        ) >>  0)) <<  0)
+          |  (word32) (((sword32)((b[78]        ) >>  0)) <<  8)
+          |  (word32) (((sword32)((b[79]        ) >>  0)) << 16)
+          |  (word32)((((sword32)((b[80] & 0xf )) >>  0)) << 24);
+    t[23] =  (word32) (((sword32)((b[80]        ) >>  4)) <<  0)
+          |  (word32) (((sword32)((b[81]        ) >>  0)) <<  4)
+          |  (word32) (((sword32)((b[82]        ) >>  0)) << 12)
+          |  (word32) (((sword32)((b[83]        ) >>  0)) << 20);
+    t[24] =  (word32) (((sword32)((b[84]        ) >>  0)) <<  0)
+          |  (word32) (((sword32)((b[85]        ) >>  0)) <<  8)
+          |  (word32) (((sword32)((b[86]        ) >>  0)) << 16)
+          |  (word32)((((sword32)((b[87] & 0xf )) >>  0)) << 24);
+    t[25] =  (word32) (((sword32)((b[87]        ) >>  4)) <<  0)
+          |  (word32) (((sword32)((b[88]        ) >>  0)) <<  4)
+          |  (word32) (((sword32)((b[89]        ) >>  0)) << 12)
+          |  (word32) (((sword32)((b[90]        ) >>  0)) << 20);
+    t[26] =  (word32) (((sword32)((b[91]        ) >>  0)) <<  0)
+          |  (word32) (((sword32)((b[92]        ) >>  0)) <<  8)
+          |  (word32) (((sword32)((b[93]        ) >>  0)) << 16)
+          |  (word32)((((sword32)((b[94] & 0xf )) >>  0)) << 24);
+    t[27] =  (word32) (((sword32)((b[94]        ) >>  4)) <<  0)
+          |  (word32) (((sword32)((b[95]        ) >>  0)) <<  4)
+          |  (word32) (((sword32)((b[96]        ) >>  0)) << 12)
+          |  (word32) (((sword32)((b[97]        ) >>  0)) << 20);
+    t[28] =  (word32) (((sword32)((b[98]        ) >>  0)) <<  0)
+          |  (word32) (((sword32)((b[99]        ) >>  0)) <<  8)
+          |  (word32) (((sword32)((b[100]        ) >>  0)) << 16)
+          |  (word32)((((sword32)((b[101] & 0xf )) >>  0)) << 24);
+    t[29] =  (word32) (((sword32)((b[101]        ) >>  4)) <<  0)
+          |  (word32) (((sword32)((b[102]        ) >>  0)) <<  4)
+          |  (word32) (((sword32)((b[103]        ) >>  0)) << 12)
+          |  (word32) (((sword32)((b[104]        ) >>  0)) << 20);
+    t[30] =  (word32) (((sword32)((b[105]        ) >>  0)) <<  0)
+          |  (word32) (((sword32)((b[106]        ) >>  0)) <<  8)
+          |  (word32) (((sword32)((b[107]        ) >>  0)) << 16)
+          |  (word32)((((sword32)((b[108] & 0xf )) >>  0)) << 24);
+    t[31] =  (word32) (((sword32)((b[108]        ) >>  4)) <<  0)
+          |  (word32) (((sword32)((b[109]        ) >>  0)) <<  4)
+          |  (word32) (((sword32)((b[110]        ) >>  0)) << 12)
+          |  (word32) (((sword32)((b[111]        ) >>  0)) << 20);
+    t[32] =  (word32) (((sword32)((b[112]        ) >>  0)) <<  0)
+          |  (word32) (((sword32)((b[113]        ) >>  0)) <<  8);
+#endif /* WOLFSSL_ED448_NO_LARGE_CODE */
 
     /* Mod curve order */
     /* 2^446 - 0x8335dc163bb124b65129c96fde933d8d723a70aadc873d6d54a7bb0d */
     /* Mod top half of extra words */
+#ifdef WOLFSSL_ED448_NO_LARGE_CODE
+    for (o = 0; o < 9; o++) {
+        t[ 8 + o] += (sword64)0x129eec34 * t[24 + o];
+        t[ 9 + o] += (sword64)0x21cf5b54 * t[24 + o];
+        t[10 + o] += (sword64)0x29c2ab70 * t[24 + o];
+        t[11 + o] += (sword64)0x0f635c8c * t[24 + o];
+        t[12 + o] += (sword64)0x25bf7a4c * t[24 + o];
+        t[13 + o] += (sword64)0x2d944a70 * t[24 + o];
+        t[14 + o] += (sword64)0x18eec490 * t[24 + o];
+        t[15 + o] += (sword64)0x20cd7704 * t[24 + o];
+    }
+    t[24]  = 0;
+#else
     t[ 8] += (sword64)0x129eec34 * t[24];
     t[ 9] += (sword64)0x21cf5b54 * t[24];
     t[10] += (sword64)0x29c2ab70 * t[24];
@@ -5378,6 +5508,7 @@ void sc448_reduce(byte* b)
     t[22] += (sword64)0x18eec490 * t[32];
     t[23] += (sword64)0x20cd7704 * t[32];
     t[24]  = 0;
+#endif /* WOLFSSL_ED448_NO_LARGE_CODE */
     /* Propagate carries */
     c = t[ 8] >> 28; t[ 9] += c; t[ 8] = t[ 8] & 0xfffffff;
     c = t[ 9] >> 28; t[10] += c; t[ 9] = t[ 9] & 0xfffffff;
@@ -5396,6 +5527,19 @@ void sc448_reduce(byte* b)
     c = t[22] >> 28; t[23] += c; t[22] = t[22] & 0xfffffff;
     c = t[23] >> 28; t[24] += c; t[23] = t[23] & 0xfffffff;
     /* Mod bottom half of extra words */
+#ifdef WOLFSSL_ED448_NO_LARGE_CODE
+    for (o = 0; o < 9; o++) {
+        t[ 0 + o] += (sword64)0x129eec34 * t[16 + o];
+        t[ 1 + o] += (sword64)0x21cf5b54 * t[16 + o];
+        t[ 2 + o] += (sword64)0x29c2ab70 * t[16 + o];
+        t[ 3 + o] += (sword64)0x0f635c8c * t[16 + o];
+        t[ 4 + o] += (sword64)0x25bf7a4c * t[16 + o];
+        t[ 5 + o] += (sword64)0x2d944a70 * t[16 + o];
+        t[ 6 + o] += (sword64)0x18eec490 * t[16 + o];
+        t[ 7 + o] += (sword64)0x20cd7704 * t[16 + o];
+    }
+    t[16]  = 0;
+#else
     t[ 0] += (sword64)0x129eec34 * t[16];
     t[ 1] += (sword64)0x21cf5b54 * t[16];
     t[ 2] += (sword64)0x29c2ab70 * t[16];
@@ -5469,6 +5613,7 @@ void sc448_reduce(byte* b)
     t[14] += (sword64)0x18eec490 * t[24];
     t[15] += (sword64)0x20cd7704 * t[24];
     t[16]  = 0;
+#endif /* WOLFSSL_ED448_NO_LARGE_CODE */
     /* Propagate carries */
     c = t[ 0] >> 28; t[ 1] += c; t[ 0] = t[ 0] & 0xfffffff;
     c = t[ 1] >> 28; t[ 2] += c; t[ 1] = t[ 1] & 0xfffffff;
@@ -5539,6 +5684,24 @@ void sc448_reduce(byte* b)
     o = d[14] >> 28; d[15] += o; d[14] = d[14] & 0xfffffff;
 
     /* Convert to bytes */
+#ifdef WOLFSSL_ED448_NO_LARGE_CODE
+    {
+        word32 ow = 0;
+        for (o = 0; o < 56; o += 7) {
+            b[o + 0]  = (byte)(d[ow] >>  0);
+            b[o + 1]  = (byte)(d[ow] >>  8);
+            b[o + 2]  = (byte)(d[ow] >> 16);
+            b[o + 3]  = (byte)(d[ow] >> 24);
+            ow++;
+            b[o + 3] += (byte)((d[ow] >>  0) << 4);
+            b[o + 4]  = (byte)(d[ow] >>  4);
+            b[o + 5]  = (byte)(d[ow] >> 12);
+            b[o + 6]  = (byte)(d[ow] >> 20);
+            ow++;
+        }
+        b[56] = 0;
+    }
+#else
     b[ 0] = (byte)(d[0 ] >>  0);
     b[ 1] = (byte)(d[0 ] >>  8);
     b[ 2] = (byte)(d[0 ] >> 16);
@@ -5596,6 +5759,7 @@ void sc448_reduce(byte* b)
     b[54] = (byte)(d[15] >> 12);
     b[55] = (byte)(d[15] >> 20);
     b[56] = 0;
+#endif /* WOLFSSL_ED448_NO_LARGE_CODE */
 }
 
 /* Multiply a by b and add d. r = (a * b + d) mod order
@@ -5613,249 +5777,246 @@ void sc448_muladd(byte* r, const byte* a, const byte* b, const byte* d)
     word32 o;
     sword32 u;
 
-    /* Load from bytes */
-    ad[ 0] = (word32)(
-              (((sword32)((a[ 0]        ) >>  0)) <<  0)
-           |  (((sword32)((a[ 1]        ) >>  0)) <<  8)
-           |  (((sword32)((a[ 2]        ) >>  0)) << 16)
-           | ((((sword32)((a[ 3] & 0xf )) >>  0)) << 24));
-    ad[ 1] = (word32)(
-              (((sword32)((a[ 3]        ) >>  4)) <<  0)
-           |  (((sword32)((a[ 4]        ) >>  0)) <<  4)
-           |  (((sword32)((a[ 5]        ) >>  0)) << 12)
-           |  (((sword32)((a[ 6]        ) >>  0)) << 20));
-    ad[ 2] = (word32)(
-              (((sword32)((a[ 7]        ) >>  0)) <<  0)
-           |  (((sword32)((a[ 8]        ) >>  0)) <<  8)
-           |  (((sword32)((a[ 9]        ) >>  0)) << 16)
-           | ((((sword32)((a[10] & 0xf )) >>  0)) << 24));
-    ad[ 3] = (word32)(
-              (((sword32)((a[10]        ) >>  4)) <<  0)
-           |  (((sword32)((a[11]        ) >>  0)) <<  4)
-           |  (((sword32)((a[12]        ) >>  0)) << 12)
-           |  (((sword32)((a[13]        ) >>  0)) << 20));
-    ad[ 4] = (word32)(
-              (((sword32)((a[14]        ) >>  0)) <<  0)
-           |  (((sword32)((a[15]        ) >>  0)) <<  8)
-           |  (((sword32)((a[16]        ) >>  0)) << 16)
-           | ((((sword32)((a[17] & 0xf )) >>  0)) << 24));
-    ad[ 5] = (word32)(
-              (((sword32)((a[17]        ) >>  4)) <<  0)
-           |  (((sword32)((a[18]        ) >>  0)) <<  4)
-           |  (((sword32)((a[19]        ) >>  0)) << 12)
-           |  (((sword32)((a[20]        ) >>  0)) << 20));
-    ad[ 6] = (word32)(
-              (((sword32)((a[21]        ) >>  0)) <<  0)
-           |  (((sword32)((a[22]        ) >>  0)) <<  8)
-           |  (((sword32)((a[23]        ) >>  0)) << 16)
-           | ((((sword32)((a[24] & 0xf )) >>  0)) << 24));
-    ad[ 7] = (word32)(
-              (((sword32)((a[24]        ) >>  4)) <<  0)
-           |  (((sword32)((a[25]        ) >>  0)) <<  4)
-           |  (((sword32)((a[26]        ) >>  0)) << 12)
-           |  (((sword32)((a[27]        ) >>  0)) << 20));
-    ad[ 8] = (word32)(
-              (((sword32)((a[28]        ) >>  0)) <<  0)
-           |  (((sword32)((a[29]        ) >>  0)) <<  8)
-           |  (((sword32)((a[30]        ) >>  0)) << 16)
-           | ((((sword32)((a[31] & 0xf )) >>  0)) << 24));
-    ad[ 9] = (word32)(
-              (((sword32)((a[31]        ) >>  4)) <<  0)
-           |  (((sword32)((a[32]        ) >>  0)) <<  4)
-           |  (((sword32)((a[33]        ) >>  0)) << 12)
-           |  (((sword32)((a[34]        ) >>  0)) << 20));
-    ad[10] = (word32)(
-              (((sword32)((a[35]        ) >>  0)) <<  0)
-           |  (((sword32)((a[36]        ) >>  0)) <<  8)
-           |  (((sword32)((a[37]        ) >>  0)) << 16)
-           | ((((sword32)((a[38] & 0xf )) >>  0)) << 24));
-    ad[11] = (word32)(
-              (((sword32)((a[38]        ) >>  4)) <<  0)
-           |  (((sword32)((a[39]        ) >>  0)) <<  4)
-           |  (((sword32)((a[40]        ) >>  0)) << 12)
-           |  (((sword32)((a[41]        ) >>  0)) << 20));
-    ad[12] = (word32)(
-              (((sword32)((a[42]        ) >>  0)) <<  0)
-           |  (((sword32)((a[43]        ) >>  0)) <<  8)
-           |  (((sword32)((a[44]        ) >>  0)) << 16)
-           | ((((sword32)((a[45] & 0xf )) >>  0)) << 24));
-    ad[13] = (word32)(
-              (((sword32)((a[45]        ) >>  4)) <<  0)
-           |  (((sword32)((a[46]        ) >>  0)) <<  4)
-           |  (((sword32)((a[47]        ) >>  0)) << 12)
-           |  (((sword32)((a[48]        ) >>  0)) << 20));
-    ad[14] = (word32)(
-              (((sword32)((a[49]        ) >>  0)) <<  0)
-           |  (((sword32)((a[50]        ) >>  0)) <<  8)
-           |  (((sword32)((a[51]        ) >>  0)) << 16)
-           | ((((sword32)((a[52] & 0xf )) >>  0)) << 24));
-    ad[15] = (word32)(
-              (((sword32)((a[52]        ) >>  4)) <<  0)
-           |  (((sword32)((a[53]        ) >>  0)) <<  4)
-           |  (((sword32)((a[54]        ) >>  0)) << 12)
-           |  (((sword32)((a[55]        ) >>  0)) << 20));
-    /* Load from bytes */
-    bd[ 0] = (word32)(
-              (((sword32)((b[ 0]        ) >>  0)) <<  0)
-           |  (((sword32)((b[ 1]        ) >>  0)) <<  8)
-           |  (((sword32)((b[ 2]        ) >>  0)) << 16)
-           | ((((sword32)((b[ 3] & 0xf )) >>  0)) << 24));
-    bd[ 1] = (word32)(
-              (((sword32)((b[ 3]        ) >>  4)) <<  0)
-           |  (((sword32)((b[ 4]        ) >>  0)) <<  4)
-           |  (((sword32)((b[ 5]        ) >>  0)) << 12)
-           |  (((sword32)((b[ 6]        ) >>  0)) << 20));
-    bd[ 2] = (word32)(
-              (((sword32)((b[ 7]        ) >>  0)) <<  0)
-           |  (((sword32)((b[ 8]        ) >>  0)) <<  8)
-           |  (((sword32)((b[ 9]        ) >>  0)) << 16)
-           | ((((sword32)((b[10] & 0xf )) >>  0)) << 24));
-    bd[ 3] = (word32)(
-              (((sword32)((b[10]        ) >>  4)) <<  0)
-           |  (((sword32)((b[11]        ) >>  0)) <<  4)
-           |  (((sword32)((b[12]        ) >>  0)) << 12)
-           |  (((sword32)((b[13]        ) >>  0)) << 20));
-    bd[ 4] = (word32)(
-              (((sword32)((b[14]        ) >>  0)) <<  0)
-           |  (((sword32)((b[15]        ) >>  0)) <<  8)
-           |  (((sword32)((b[16]        ) >>  0)) << 16)
-           | ((((sword32)((b[17] & 0xf )) >>  0)) << 24));
-    bd[ 5] = (word32)(
-              (((sword32)((b[17]        ) >>  4)) <<  0)
-           |  (((sword32)((b[18]        ) >>  0)) <<  4)
-           |  (((sword32)((b[19]        ) >>  0)) << 12)
-           |  (((sword32)((b[20]        ) >>  0)) << 20));
-    bd[ 6] = (word32)(
-              (((sword32)((b[21]        ) >>  0)) <<  0)
-           |  (((sword32)((b[22]        ) >>  0)) <<  8)
-           |  (((sword32)((b[23]        ) >>  0)) << 16)
-           | ((((sword32)((b[24] & 0xf )) >>  0)) << 24));
-    bd[ 7] = (word32)(
-              (((sword32)((b[24]        ) >>  4)) <<  0)
-           |  (((sword32)((b[25]        ) >>  0)) <<  4)
-           |  (((sword32)((b[26]        ) >>  0)) << 12)
-           |  (((sword32)((b[27]        ) >>  0)) << 20));
-    bd[ 8] = (word32)(
-              (((sword32)((b[28]        ) >>  0)) <<  0)
-           |  (((sword32)((b[29]        ) >>  0)) <<  8)
-           |  (((sword32)((b[30]        ) >>  0)) << 16)
-           | ((((sword32)((b[31] & 0xf )) >>  0)) << 24));
-    bd[ 9] = (word32)(
-              (((sword32)((b[31]        ) >>  4)) <<  0)
-           |  (((sword32)((b[32]        ) >>  0)) <<  4)
-           |  (((sword32)((b[33]        ) >>  0)) << 12)
-           |  (((sword32)((b[34]        ) >>  0)) << 20));
-    bd[10] = (word32)(
-              (((sword32)((b[35]        ) >>  0)) <<  0)
-           |  (((sword32)((b[36]        ) >>  0)) <<  8)
-           |  (((sword32)((b[37]        ) >>  0)) << 16)
-           | ((((sword32)((b[38] & 0xf )) >>  0)) << 24));
-    bd[11] = (word32)(
-              (((sword32)((b[38]        ) >>  4)) <<  0)
-           |  (((sword32)((b[39]        ) >>  0)) <<  4)
-           |  (((sword32)((b[40]        ) >>  0)) << 12)
-           |  (((sword32)((b[41]        ) >>  0)) << 20));
-    bd[12] = (word32)(
-              (((sword32)((b[42]        ) >>  0)) <<  0)
-           |  (((sword32)((b[43]        ) >>  0)) <<  8)
-           |  (((sword32)((b[44]        ) >>  0)) << 16)
-           | ((((sword32)((b[45] & 0xf )) >>  0)) << 24));
-    bd[13] = (word32)(
-              (((sword32)((b[45]        ) >>  4)) <<  0)
-           |  (((sword32)((b[46]        ) >>  0)) <<  4)
-           |  (((sword32)((b[47]        ) >>  0)) << 12)
-           |  (((sword32)((b[48]        ) >>  0)) << 20));
-    bd[14] = (word32)(
-              (((sword32)((b[49]        ) >>  0)) <<  0)
-           |  (((sword32)((b[50]        ) >>  0)) <<  8)
-           |  (((sword32)((b[51]        ) >>  0)) << 16)
-           | ((((sword32)((b[52] & 0xf )) >>  0)) << 24));
-    bd[15] = (word32)(
-              (((sword32)((b[52]        ) >>  4)) <<  0)
-           |  (((sword32)((b[53]        ) >>  0)) <<  4)
-           |  (((sword32)((b[54]        ) >>  0)) << 12)
-           |  (((sword32)((b[55]        ) >>  0)) << 20));
-    /* Load from bytes */
-    dd[ 0] = (word32)(
-              (((sword32)((d[ 0]        ) >>  0)) <<  0)
-           |  (((sword32)((d[ 1]        ) >>  0)) <<  8)
-           |  (((sword32)((d[ 2]        ) >>  0)) << 16)
-           | ((((sword32)((d[ 3] & 0xf )) >>  0)) << 24));
-    dd[ 1] = (word32)(
-              (((sword32)((d[ 3]        ) >>  4)) <<  0)
-           |  (((sword32)((d[ 4]        ) >>  0)) <<  4)
-           |  (((sword32)((d[ 5]        ) >>  0)) << 12)
-           |  (((sword32)((d[ 6]        ) >>  0)) << 20));
-    dd[ 2] = (word32)(
-              (((sword32)((d[ 7]        ) >>  0)) <<  0)
-           |  (((sword32)((d[ 8]        ) >>  0)) <<  8)
-           |  (((sword32)((d[ 9]        ) >>  0)) << 16)
-           | ((((sword32)((d[10] & 0xf )) >>  0)) << 24));
-    dd[ 3] = (word32)(
-              (((sword32)((d[10]        ) >>  4)) <<  0)
-           |  (((sword32)((d[11]        ) >>  0)) <<  4)
-           |  (((sword32)((d[12]        ) >>  0)) << 12)
-           |  (((sword32)((d[13]        ) >>  0)) << 20));
-    dd[ 4] = (word32)(
-              (((sword32)((d[14]        ) >>  0)) <<  0)
-           |  (((sword32)((d[15]        ) >>  0)) <<  8)
-           |  (((sword32)((d[16]        ) >>  0)) << 16)
-           | ((((sword32)((d[17] & 0xf )) >>  0)) << 24));
-    dd[ 5] = (word32)(
-              (((sword32)((d[17]        ) >>  4)) <<  0)
-           |  (((sword32)((d[18]        ) >>  0)) <<  4)
-           |  (((sword32)((d[19]        ) >>  0)) << 12)
-           |  (((sword32)((d[20]        ) >>  0)) << 20));
-    dd[ 6] = (word32)(
-              (((sword32)((d[21]        ) >>  0)) <<  0)
-           |  (((sword32)((d[22]        ) >>  0)) <<  8)
-           |  (((sword32)((d[23]        ) >>  0)) << 16)
-           | ((((sword32)((d[24] & 0xf )) >>  0)) << 24));
-    dd[ 7] = (word32)(
-              (((sword32)((d[24]        ) >>  4)) <<  0)
-           |  (((sword32)((d[25]        ) >>  0)) <<  4)
-           |  (((sword32)((d[26]        ) >>  0)) << 12)
-           |  (((sword32)((d[27]        ) >>  0)) << 20));
-    dd[ 8] = (word32)(
-              (((sword32)((d[28]        ) >>  0)) <<  0)
-           |  (((sword32)((d[29]        ) >>  0)) <<  8)
-           |  (((sword32)((d[30]        ) >>  0)) << 16)
-           | ((((sword32)((d[31] & 0xf )) >>  0)) << 24));
-    dd[ 9] = (word32)(
-              (((sword32)((d[31]        ) >>  4)) <<  0)
-           |  (((sword32)((d[32]        ) >>  0)) <<  4)
-           |  (((sword32)((d[33]        ) >>  0)) << 12)
-           |  (((sword32)((d[34]        ) >>  0)) << 20));
-    dd[10] = (word32)(
-              (((sword32)((d[35]        ) >>  0)) <<  0)
-           |  (((sword32)((d[36]        ) >>  0)) <<  8)
-           |  (((sword32)((d[37]        ) >>  0)) << 16)
-           | ((((sword32)((d[38] & 0xf )) >>  0)) << 24));
-    dd[11] = (word32)(
-              (((sword32)((d[38]        ) >>  4)) <<  0)
-           |  (((sword32)((d[39]        ) >>  0)) <<  4)
-           |  (((sword32)((d[40]        ) >>  0)) << 12)
-           |  (((sword32)((d[41]        ) >>  0)) << 20));
-    dd[12] = (word32)(
-              (((sword32)((d[42]        ) >>  0)) <<  0)
-           |  (((sword32)((d[43]        ) >>  0)) <<  8)
-           |  (((sword32)((d[44]        ) >>  0)) << 16)
-           | ((((sword32)((d[45] & 0xf )) >>  0)) << 24));
-    dd[13] = (word32)(
-              (((sword32)((d[45]        ) >>  4)) <<  0)
-           |  (((sword32)((d[46]        ) >>  0)) <<  4)
-           |  (((sword32)((d[47]        ) >>  0)) << 12)
-           |  (((sword32)((d[48]        ) >>  0)) << 20));
-    dd[14] = (word32)(
-              (((sword32)((d[49]        ) >>  0)) <<  0)
-           |  (((sword32)((d[50]        ) >>  0)) <<  8)
-           |  (((sword32)((d[51]        ) >>  0)) << 16)
-           | ((((sword32)((d[52] & 0xf )) >>  0)) << 24));
-    dd[15] = (word32)(
-              (((sword32)((d[52]        ) >>  4)) <<  0)
-           |  (((sword32)((d[53]        ) >>  0)) <<  4)
-           |  (((sword32)((d[54]        ) >>  0)) << 12)
-           |  (((sword32)((d[55]        ) >>  0)) << 20));
+    /* Load from bytes: 56 bytes */
+#ifdef WOLFSSL_ED448_NO_LARGE_CODE
+    for (o = 0; o < 15; o += 2) {
+        ad[o + 0] = (word32)(
+                     (((sword32)((a[o / 2 * 7 + 0]        ) >>  0)) <<  0)
+                  |  (((sword32)((a[o / 2 * 7 + 1]        ) >>  0)) <<  8)
+                  |  (((sword32)((a[o / 2 * 7 + 2]        ) >>  0)) << 16)
+                  | ((((sword32)((a[o / 2 * 7 + 3] & 0xf )) >>  0)) << 24));
+        ad[o + 1] = (word32)(
+                     (((sword32)((a[o / 2 * 7 + 3]        ) >>  4)) <<  0)
+                  |  (((sword32)((a[o / 2 * 7 + 4]        ) >>  0)) <<  4)
+                  |  (((sword32)((a[o / 2 * 7 + 5]        ) >>  0)) << 12)
+                  |  (((sword32)((a[o / 2 * 7 + 6]        ) >>  0)) << 20));
+    }
+#else
+    ad[ 0] =  (word32) (((sword32)((a[ 0]        ) >>  0)) <<  0)
+           |  (word32) (((sword32)((a[ 1]        ) >>  0)) <<  8)
+           |  (word32) (((sword32)((a[ 2]        ) >>  0)) << 16)
+           |  (word32)((((sword32)((a[ 3] & 0xf )) >>  0)) << 24);
+    ad[ 1] =  (word32) (((sword32)((a[ 3]        ) >>  4)) <<  0)
+           |  (word32) (((sword32)((a[ 4]        ) >>  0)) <<  4)
+           |  (word32) (((sword32)((a[ 5]        ) >>  0)) << 12)
+           |  (word32) (((sword32)((a[ 6]        ) >>  0)) << 20);
+    ad[ 2] =  (word32) (((sword32)((a[ 7]        ) >>  0)) <<  0)
+           |  (word32) (((sword32)((a[ 8]        ) >>  0)) <<  8)
+           |  (word32) (((sword32)((a[ 9]        ) >>  0)) << 16)
+           |  (word32)((((sword32)((a[10] & 0xf )) >>  0)) << 24);
+    ad[ 3] =  (word32) (((sword32)((a[10]        ) >>  4)) <<  0)
+           |  (word32) (((sword32)((a[11]        ) >>  0)) <<  4)
+           |  (word32) (((sword32)((a[12]        ) >>  0)) << 12)
+           |  (word32) (((sword32)((a[13]        ) >>  0)) << 20);
+    ad[ 4] =  (word32) (((sword32)((a[14]        ) >>  0)) <<  0)
+           |  (word32) (((sword32)((a[15]        ) >>  0)) <<  8)
+           |  (word32) (((sword32)((a[16]        ) >>  0)) << 16)
+           |  (word32)((((sword32)((a[17] & 0xf )) >>  0)) << 24);
+    ad[ 5] =  (word32) (((sword32)((a[17]        ) >>  4)) <<  0)
+           |  (word32) (((sword32)((a[18]        ) >>  0)) <<  4)
+           |  (word32) (((sword32)((a[19]        ) >>  0)) << 12)
+           |  (word32) (((sword32)((a[20]        ) >>  0)) << 20);
+    ad[ 6] =  (word32) (((sword32)((a[21]        ) >>  0)) <<  0)
+           |  (word32) (((sword32)((a[22]        ) >>  0)) <<  8)
+           |  (word32) (((sword32)((a[23]        ) >>  0)) << 16)
+           |  (word32)((((sword32)((a[24] & 0xf )) >>  0)) << 24);
+    ad[ 7] =  (word32) (((sword32)((a[24]        ) >>  4)) <<  0)
+           |  (word32) (((sword32)((a[25]        ) >>  0)) <<  4)
+           |  (word32) (((sword32)((a[26]        ) >>  0)) << 12)
+           |  (word32) (((sword32)((a[27]        ) >>  0)) << 20);
+    ad[ 8] =  (word32) (((sword32)((a[28]        ) >>  0)) <<  0)
+           |  (word32) (((sword32)((a[29]        ) >>  0)) <<  8)
+           |  (word32) (((sword32)((a[30]        ) >>  0)) << 16)
+           |  (word32)((((sword32)((a[31] & 0xf )) >>  0)) << 24);
+    ad[ 9] =  (word32) (((sword32)((a[31]        ) >>  4)) <<  0)
+           |  (word32) (((sword32)((a[32]        ) >>  0)) <<  4)
+           |  (word32) (((sword32)((a[33]        ) >>  0)) << 12)
+           |  (word32) (((sword32)((a[34]        ) >>  0)) << 20);
+    ad[10] =  (word32) (((sword32)((a[35]        ) >>  0)) <<  0)
+           |  (word32) (((sword32)((a[36]        ) >>  0)) <<  8)
+           |  (word32) (((sword32)((a[37]        ) >>  0)) << 16)
+           |  (word32)((((sword32)((a[38] & 0xf )) >>  0)) << 24);
+    ad[11] =  (word32) (((sword32)((a[38]        ) >>  4)) <<  0)
+           |  (word32) (((sword32)((a[39]        ) >>  0)) <<  4)
+           |  (word32) (((sword32)((a[40]        ) >>  0)) << 12)
+           |  (word32) (((sword32)((a[41]        ) >>  0)) << 20);
+    ad[12] =  (word32) (((sword32)((a[42]        ) >>  0)) <<  0)
+           |  (word32) (((sword32)((a[43]        ) >>  0)) <<  8)
+           |  (word32) (((sword32)((a[44]        ) >>  0)) << 16)
+           |  (word32)((((sword32)((a[45] & 0xf )) >>  0)) << 24);
+    ad[13] =  (word32) (((sword32)((a[45]        ) >>  4)) <<  0)
+           |  (word32) (((sword32)((a[46]        ) >>  0)) <<  4)
+           |  (word32) (((sword32)((a[47]        ) >>  0)) << 12)
+           |  (word32) (((sword32)((a[48]        ) >>  0)) << 20);
+    ad[14] =  (word32) (((sword32)((a[49]        ) >>  0)) <<  0)
+           |  (word32) (((sword32)((a[50]        ) >>  0)) <<  8)
+           |  (word32) (((sword32)((a[51]        ) >>  0)) << 16)
+           |  (word32)((((sword32)((a[52] & 0xf )) >>  0)) << 24);
+    ad[15] =  (word32) (((sword32)((a[52]        ) >>  4)) <<  0)
+           |  (word32) (((sword32)((a[53]        ) >>  0)) <<  4)
+           |  (word32) (((sword32)((a[54]        ) >>  0)) << 12)
+           |  (word32) (((sword32)((a[55]        ) >>  0)) << 20);
+#endif /* WOLFSSL_ED448_NO_LARGE_CODE */
+    /* Load from bytes: 56 bytes */
+#ifdef WOLFSSL_ED448_NO_LARGE_CODE
+    for (o = 0; o < 15; o += 2) {
+        bd[o + 0] = (word32)(
+                     (((sword32)((b[o / 2 * 7 + 0]        ) >>  0)) <<  0)
+                  |  (((sword32)((b[o / 2 * 7 + 1]        ) >>  0)) <<  8)
+                  |  (((sword32)((b[o / 2 * 7 + 2]        ) >>  0)) << 16)
+                  | ((((sword32)((b[o / 2 * 7 + 3] & 0xf )) >>  0)) << 24));
+        bd[o + 1] = (word32)(
+                     (((sword32)((b[o / 2 * 7 + 3]        ) >>  4)) <<  0)
+                  |  (((sword32)((b[o / 2 * 7 + 4]        ) >>  0)) <<  4)
+                  |  (((sword32)((b[o / 2 * 7 + 5]        ) >>  0)) << 12)
+                  |  (((sword32)((b[o / 2 * 7 + 6]        ) >>  0)) << 20));
+    }
+#else
+    bd[ 0] =  (word32) (((sword32)((b[ 0]        ) >>  0)) <<  0)
+           |  (word32) (((sword32)((b[ 1]        ) >>  0)) <<  8)
+           |  (word32) (((sword32)((b[ 2]        ) >>  0)) << 16)
+           |  (word32)((((sword32)((b[ 3] & 0xf )) >>  0)) << 24);
+    bd[ 1] =  (word32) (((sword32)((b[ 3]        ) >>  4)) <<  0)
+           |  (word32) (((sword32)((b[ 4]        ) >>  0)) <<  4)
+           |  (word32) (((sword32)((b[ 5]        ) >>  0)) << 12)
+           |  (word32) (((sword32)((b[ 6]        ) >>  0)) << 20);
+    bd[ 2] =  (word32) (((sword32)((b[ 7]        ) >>  0)) <<  0)
+           |  (word32) (((sword32)((b[ 8]        ) >>  0)) <<  8)
+           |  (word32) (((sword32)((b[ 9]        ) >>  0)) << 16)
+           |  (word32)((((sword32)((b[10] & 0xf )) >>  0)) << 24);
+    bd[ 3] =  (word32) (((sword32)((b[10]        ) >>  4)) <<  0)
+           |  (word32) (((sword32)((b[11]        ) >>  0)) <<  4)
+           |  (word32) (((sword32)((b[12]        ) >>  0)) << 12)
+           |  (word32) (((sword32)((b[13]        ) >>  0)) << 20);
+    bd[ 4] =  (word32) (((sword32)((b[14]        ) >>  0)) <<  0)
+           |  (word32) (((sword32)((b[15]        ) >>  0)) <<  8)
+           |  (word32) (((sword32)((b[16]        ) >>  0)) << 16)
+           |  (word32)((((sword32)((b[17] & 0xf )) >>  0)) << 24);
+    bd[ 5] =  (word32) (((sword32)((b[17]        ) >>  4)) <<  0)
+           |  (word32) (((sword32)((b[18]        ) >>  0)) <<  4)
+           |  (word32) (((sword32)((b[19]        ) >>  0)) << 12)
+           |  (word32) (((sword32)((b[20]        ) >>  0)) << 20);
+    bd[ 6] =  (word32) (((sword32)((b[21]        ) >>  0)) <<  0)
+           |  (word32) (((sword32)((b[22]        ) >>  0)) <<  8)
+           |  (word32) (((sword32)((b[23]        ) >>  0)) << 16)
+           |  (word32)((((sword32)((b[24] & 0xf )) >>  0)) << 24);
+    bd[ 7] =  (word32) (((sword32)((b[24]        ) >>  4)) <<  0)
+           |  (word32) (((sword32)((b[25]        ) >>  0)) <<  4)
+           |  (word32) (((sword32)((b[26]        ) >>  0)) << 12)
+           |  (word32) (((sword32)((b[27]        ) >>  0)) << 20);
+    bd[ 8] =  (word32) (((sword32)((b[28]        ) >>  0)) <<  0)
+           |  (word32) (((sword32)((b[29]        ) >>  0)) <<  8)
+           |  (word32) (((sword32)((b[30]        ) >>  0)) << 16)
+           |  (word32)((((sword32)((b[31] & 0xf )) >>  0)) << 24);
+    bd[ 9] =  (word32) (((sword32)((b[31]        ) >>  4)) <<  0)
+           |  (word32) (((sword32)((b[32]        ) >>  0)) <<  4)
+           |  (word32) (((sword32)((b[33]        ) >>  0)) << 12)
+           |  (word32) (((sword32)((b[34]        ) >>  0)) << 20);
+    bd[10] =  (word32) (((sword32)((b[35]        ) >>  0)) <<  0)
+           |  (word32) (((sword32)((b[36]        ) >>  0)) <<  8)
+           |  (word32) (((sword32)((b[37]        ) >>  0)) << 16)
+           |  (word32)((((sword32)((b[38] & 0xf )) >>  0)) << 24);
+    bd[11] =  (word32) (((sword32)((b[38]        ) >>  4)) <<  0)
+           |  (word32) (((sword32)((b[39]        ) >>  0)) <<  4)
+           |  (word32) (((sword32)((b[40]        ) >>  0)) << 12)
+           |  (word32) (((sword32)((b[41]        ) >>  0)) << 20);
+    bd[12] =  (word32) (((sword32)((b[42]        ) >>  0)) <<  0)
+           |  (word32) (((sword32)((b[43]        ) >>  0)) <<  8)
+           |  (word32) (((sword32)((b[44]        ) >>  0)) << 16)
+           |  (word32)((((sword32)((b[45] & 0xf )) >>  0)) << 24);
+    bd[13] =  (word32) (((sword32)((b[45]        ) >>  4)) <<  0)
+           |  (word32) (((sword32)((b[46]        ) >>  0)) <<  4)
+           |  (word32) (((sword32)((b[47]        ) >>  0)) << 12)
+           |  (word32) (((sword32)((b[48]        ) >>  0)) << 20);
+    bd[14] =  (word32) (((sword32)((b[49]        ) >>  0)) <<  0)
+           |  (word32) (((sword32)((b[50]        ) >>  0)) <<  8)
+           |  (word32) (((sword32)((b[51]        ) >>  0)) << 16)
+           |  (word32)((((sword32)((b[52] & 0xf )) >>  0)) << 24);
+    bd[15] =  (word32) (((sword32)((b[52]        ) >>  4)) <<  0)
+           |  (word32) (((sword32)((b[53]        ) >>  0)) <<  4)
+           |  (word32) (((sword32)((b[54]        ) >>  0)) << 12)
+           |  (word32) (((sword32)((b[55]        ) >>  0)) << 20);
+#endif /* WOLFSSL_ED448_NO_LARGE_CODE */
+    /* Load from bytes: 56 bytes */
+#ifdef WOLFSSL_ED448_NO_LARGE_CODE
+    for (o = 0; o < 15; o += 2) {
+        dd[o + 0] = (word32)(
+                     (((sword32)((d[o / 2 * 7 + 0]        ) >>  0)) <<  0)
+                  |  (((sword32)((d[o / 2 * 7 + 1]        ) >>  0)) <<  8)
+                  |  (((sword32)((d[o / 2 * 7 + 2]        ) >>  0)) << 16)
+                  | ((((sword32)((d[o / 2 * 7 + 3] & 0xf )) >>  0)) << 24));
+        dd[o + 1] = (word32)(
+                     (((sword32)((d[o / 2 * 7 + 3]        ) >>  4)) <<  0)
+                  |  (((sword32)((d[o / 2 * 7 + 4]        ) >>  0)) <<  4)
+                  |  (((sword32)((d[o / 2 * 7 + 5]        ) >>  0)) << 12)
+                  |  (((sword32)((d[o / 2 * 7 + 6]        ) >>  0)) << 20));
+    }
+#else
+    dd[ 0] =  (word32) (((sword32)((d[ 0]        ) >>  0)) <<  0)
+           |  (word32) (((sword32)((d[ 1]        ) >>  0)) <<  8)
+           |  (word32) (((sword32)((d[ 2]        ) >>  0)) << 16)
+           |  (word32)((((sword32)((d[ 3] & 0xf )) >>  0)) << 24);
+    dd[ 1] =  (word32) (((sword32)((d[ 3]        ) >>  4)) <<  0)
+           |  (word32) (((sword32)((d[ 4]        ) >>  0)) <<  4)
+           |  (word32) (((sword32)((d[ 5]        ) >>  0)) << 12)
+           |  (word32) (((sword32)((d[ 6]        ) >>  0)) << 20);
+    dd[ 2] =  (word32) (((sword32)((d[ 7]        ) >>  0)) <<  0)
+           |  (word32) (((sword32)((d[ 8]        ) >>  0)) <<  8)
+           |  (word32) (((sword32)((d[ 9]        ) >>  0)) << 16)
+           |  (word32)((((sword32)((d[10] & 0xf )) >>  0)) << 24);
+    dd[ 3] =  (word32) (((sword32)((d[10]        ) >>  4)) <<  0)
+           |  (word32) (((sword32)((d[11]        ) >>  0)) <<  4)
+           |  (word32) (((sword32)((d[12]        ) >>  0)) << 12)
+           |  (word32) (((sword32)((d[13]        ) >>  0)) << 20);
+    dd[ 4] =  (word32) (((sword32)((d[14]        ) >>  0)) <<  0)
+           |  (word32) (((sword32)((d[15]        ) >>  0)) <<  8)
+           |  (word32) (((sword32)((d[16]        ) >>  0)) << 16)
+           |  (word32)((((sword32)((d[17] & 0xf )) >>  0)) << 24);
+    dd[ 5] =  (word32) (((sword32)((d[17]        ) >>  4)) <<  0)
+           |  (word32) (((sword32)((d[18]        ) >>  0)) <<  4)
+           |  (word32) (((sword32)((d[19]        ) >>  0)) << 12)
+           |  (word32) (((sword32)((d[20]        ) >>  0)) << 20);
+    dd[ 6] =  (word32) (((sword32)((d[21]        ) >>  0)) <<  0)
+           |  (word32) (((sword32)((d[22]        ) >>  0)) <<  8)
+           |  (word32) (((sword32)((d[23]        ) >>  0)) << 16)
+           |  (word32)((((sword32)((d[24] & 0xf )) >>  0)) << 24);
+    dd[ 7] =  (word32) (((sword32)((d[24]        ) >>  4)) <<  0)
+           |  (word32) (((sword32)((d[25]        ) >>  0)) <<  4)
+           |  (word32) (((sword32)((d[26]        ) >>  0)) << 12)
+           |  (word32) (((sword32)((d[27]        ) >>  0)) << 20);
+    dd[ 8] =  (word32) (((sword32)((d[28]        ) >>  0)) <<  0)
+           |  (word32) (((sword32)((d[29]        ) >>  0)) <<  8)
+           |  (word32) (((sword32)((d[30]        ) >>  0)) << 16)
+           |  (word32)((((sword32)((d[31] & 0xf )) >>  0)) << 24);
+    dd[ 9] =  (word32) (((sword32)((d[31]        ) >>  4)) <<  0)
+           |  (word32) (((sword32)((d[32]        ) >>  0)) <<  4)
+           |  (word32) (((sword32)((d[33]        ) >>  0)) << 12)
+           |  (word32) (((sword32)((d[34]        ) >>  0)) << 20);
+    dd[10] =  (word32) (((sword32)((d[35]        ) >>  0)) <<  0)
+           |  (word32) (((sword32)((d[36]        ) >>  0)) <<  8)
+           |  (word32) (((sword32)((d[37]        ) >>  0)) << 16)
+           |  (word32)((((sword32)((d[38] & 0xf )) >>  0)) << 24);
+    dd[11] =  (word32) (((sword32)((d[38]        ) >>  4)) <<  0)
+           |  (word32) (((sword32)((d[39]        ) >>  0)) <<  4)
+           |  (word32) (((sword32)((d[40]        ) >>  0)) << 12)
+           |  (word32) (((sword32)((d[41]        ) >>  0)) << 20);
+    dd[12] =  (word32) (((sword32)((d[42]        ) >>  0)) <<  0)
+           |  (word32) (((sword32)((d[43]        ) >>  0)) <<  8)
+           |  (word32) (((sword32)((d[44]        ) >>  0)) << 16)
+           |  (word32)((((sword32)((d[45] & 0xf )) >>  0)) << 24);
+    dd[13] =  (word32) (((sword32)((d[45]        ) >>  4)) <<  0)
+           |  (word32) (((sword32)((d[46]        ) >>  0)) <<  4)
+           |  (word32) (((sword32)((d[47]        ) >>  0)) << 12)
+           |  (word32) (((sword32)((d[48]        ) >>  0)) << 20);
+    dd[14] =  (word32) (((sword32)((d[49]        ) >>  0)) <<  0)
+           |  (word32) (((sword32)((d[50]        ) >>  0)) <<  8)
+           |  (word32) (((sword32)((d[51]        ) >>  0)) << 16)
+           |  (word32)((((sword32)((d[52] & 0xf )) >>  0)) << 24);
+    dd[15] =  (word32) (((sword32)((d[52]        ) >>  4)) <<  0)
+           |  (word32) (((sword32)((d[53]        ) >>  0)) <<  4)
+           |  (word32) (((sword32)((d[54]        ) >>  0)) << 12)
+           |  (word32) (((sword32)((d[55]        ) >>  0)) << 20);
+#endif /* WOLFSSL_ED448_NO_LARGE_CODE */
 
     /* a * b + d */
     t[ 0] = (word64)(dd[ 0] + (word64)((sword64)ad[ 0] * bd[ 0]));
@@ -6151,6 +6312,18 @@ void sc448_muladd(byte* r, const byte* a, const byte* b, const byte* d)
     c = t[29] >> 28; t[30] += c; t[29] = t[29] & 0xfffffff;
     c = t[30] >> 28; t[31] += c; t[30] = t[30] & 0xfffffff;
     /* Mod top half of extra words */
+#ifdef WOLFSSL_ED448_NO_LARGE_CODE
+    for (o = 0; o < 8; o++) {
+        t[ 8 + o] += (sword64)0x129eec34 * t[24 + o];
+        t[ 9 + o] += (sword64)0x21cf5b54 * t[24 + o];
+        t[10 + o] += (sword64)0x29c2ab70 * t[24 + o];
+        t[11 + o] += (sword64)0x0f635c8c * t[24 + o];
+        t[12 + o] += (sword64)0x25bf7a4c * t[24 + o];
+        t[13 + o] += (sword64)0x2d944a70 * t[24 + o];
+        t[14 + o] += (sword64)0x18eec490 * t[24 + o];
+        t[15 + o] += (sword64)0x20cd7704 * t[24 + o];
+    }
+#else
     t[ 8] += (sword64)0x129eec34 * t[24];
     t[ 9] += (sword64)0x21cf5b54 * t[24];
     t[10] += (sword64)0x29c2ab70 * t[24];
@@ -6215,6 +6388,7 @@ void sc448_muladd(byte* r, const byte* a, const byte* b, const byte* d)
     t[20] += (sword64)0x2d944a70 * t[31];
     t[21] += (sword64)0x18eec490 * t[31];
     t[22] += (sword64)0x20cd7704 * t[31];
+#endif /* WOLFSSL_ED448_NO_LARGE_CODE */
     /* Propagate carries */
     c = t[ 8] >> 28; t[ 9] += c; t[ 8] = t[ 8] & 0xfffffff;
     c = t[ 9] >> 28; t[10] += c; t[ 9] = t[ 9] & 0xfffffff;
@@ -6232,6 +6406,18 @@ void sc448_muladd(byte* r, const byte* a, const byte* b, const byte* d)
     c = t[21] >> 28; t[22] += c; t[21] = t[21] & 0xfffffff;
     c = t[22] >> 28; t[23] += c; t[22] = t[22] & 0xfffffff;
     /* Mod bottom half of extra words */
+#ifdef WOLFSSL_ED448_NO_LARGE_CODE
+    for (o = 0; o < 8; o++) {
+        t[ 0 + o] += (sword64)0x129eec34 * t[16 + o];
+        t[ 1 + o] += (sword64)0x21cf5b54 * t[16 + o];
+        t[ 2 + o] += (sword64)0x29c2ab70 * t[16 + o];
+        t[ 3 + o] += (sword64)0x0f635c8c * t[16 + o];
+        t[ 4 + o] += (sword64)0x25bf7a4c * t[16 + o];
+        t[ 5 + o] += (sword64)0x2d944a70 * t[16 + o];
+        t[ 6 + o] += (sword64)0x18eec490 * t[16 + o];
+        t[ 7 + o] += (sword64)0x20cd7704 * t[16 + o];
+    }
+#else
     t[ 0] += (sword64)0x129eec34 * t[16];
     t[ 1] += (sword64)0x21cf5b54 * t[16];
     t[ 2] += (sword64)0x29c2ab70 * t[16];
@@ -6296,6 +6482,7 @@ void sc448_muladd(byte* r, const byte* a, const byte* b, const byte* d)
     t[12] += (sword64)0x2d944a70 * t[23];
     t[13] += (sword64)0x18eec490 * t[23];
     t[14] += (sword64)0x20cd7704 * t[23];
+#endif /* WOLFSSL_ED448_NO_LARGE_CODE */
     /* Propagate carries */
     c = t[ 0] >> 28; t[ 1] += c; rd[ 0] = (sword32)(t[ 0] & 0xfffffff);
     c = t[ 1] >> 28; t[ 2] += c; rd[ 1] = (sword32)(t[ 1] & 0xfffffff);
@@ -6408,6 +6595,24 @@ void sc448_muladd(byte* r, const byte* a, const byte* b, const byte* d)
     rd[15] = u & 0xfffffff;
 
     /* Convert to bytes */
+#ifdef WOLFSSL_ED448_NO_LARGE_CODE
+    {
+        word32 ow = 0;
+        for (o = 0; o < 56; o += 7) {
+            r[o + 0]  = (byte)(rd[ow] >>  0);
+            r[o + 1]  = (byte)(rd[ow] >>  8);
+            r[o + 2]  = (byte)(rd[ow] >> 16);
+            r[o + 3]  = (byte)(rd[ow] >> 24);
+            ow++;
+            r[o + 3] += (byte)((rd[ow] >>  0) << 4);
+            r[o + 4]  = (byte)(rd[ow] >>  4);
+            r[o + 5]  = (byte)(rd[ow] >> 12);
+            r[o + 6]  = (byte)(rd[ow] >> 20);
+            ow++;
+        }
+        r[56] = 0;
+    }
+#else
     r[ 0] = (byte)(rd[0 ] >>  0);
     r[ 1] = (byte)(rd[0 ] >>  8);
     r[ 2] = (byte)(rd[0 ] >> 16);
@@ -6465,6 +6670,7 @@ void sc448_muladd(byte* r, const byte* a, const byte* b, const byte* d)
     r[54] = (byte)(rd[15] >> 12);
     r[55] = (byte)(rd[15] >> 20);
     r[56] = 0;
+#endif /* WOLFSSL_ED448_NO_LARGE_CODE */
 }
 
 /* Precomputed multiples of the base point. */
diff --git a/wolfcrypt/src/hmac.c b/wolfcrypt/src/hmac.c
index fdbe30ff1..e96d4efb6 100644
--- a/wolfcrypt/src/hmac.c
+++ b/wolfcrypt/src/hmac.c
@@ -1622,26 +1622,48 @@ int wolfSSL_GetHmacMaxSize(void)
      * out      The output keying material.
      * returns 0 on success, otherwise failure.
      */
-    int wc_HKDF(int type, const byte* inKey, word32 inKeySz,
-                       const byte* salt,  word32 saltSz,
-                       const byte* info,  word32 infoSz,
-                       byte* out,         word32 outSz)
+    int wc_HKDF_ex(int type, const byte* inKey, word32 inKeySz,
+                   const byte* salt, word32 saltSz, const byte* info,
+                   word32 infoSz, byte* out, word32 outSz, void* heap,
+                   int devId)
     {
         byte   prk[WC_MAX_DIGEST_SIZE];
         word32 hashSz;
         int    ret;
 
+        (void)devId; /* suppress unused parameter warning */
+
+#ifdef WOLF_CRYPTO_CB
+        /* Try crypto callback first for complete operation */
+        if (devId != INVALID_DEVID) {
+             ret = wc_CryptoCb_Hkdf(type, inKey, inKeySz, salt, saltSz, info,
+                                   infoSz, out, outSz, devId);
+            if (ret != WC_NO_ERR_TRACE(CRYPTOCB_UNAVAILABLE))
+                return ret;
+        }
+#endif
+
         ret = wc_HmacSizeByType(type);
         if (ret < 0) {
             return ret;
         }
         hashSz = (word32)ret;
 
-        ret = wc_HKDF_Extract(type, salt, saltSz, inKey, inKeySz, prk);
+        ret = wc_HKDF_Extract_ex(type, salt, saltSz, inKey, inKeySz, prk, heap,
+                                 devId);
         if (ret != 0)
             return ret;
 
-        return wc_HKDF_Expand(type, prk, hashSz, info, infoSz, out, outSz);
+        return wc_HKDF_Expand_ex(type, prk, hashSz, info, infoSz, out, outSz,
+                                 heap, devId);
+    }
+
+    int wc_HKDF(int type, const byte* inKey, word32 inKeySz, const byte* salt,
+                word32 saltSz, const byte* info, word32 infoSz, byte* out,
+                word32 outSz)
+    {
+        return wc_HKDF_ex(type, inKey, inKeySz, salt, saltSz, info, infoSz, out,
+                          outSz, NULL, INVALID_DEVID);
     }
 
 #endif /* HAVE_HKDF */
diff --git a/wolfcrypt/src/logging.c b/wolfcrypt/src/logging.c
index 98fcb3565..68729fe6d 100644
--- a/wolfcrypt/src/logging.c
+++ b/wolfcrypt/src/logging.c
@@ -115,31 +115,76 @@ THREAD_LS_T void *StackSizeCheck_stackOffsetPointer = 0;
 
 #endif /* HAVE_STACK_SIZE_VERBOSE */
 
-#ifdef DEBUG_WOLFSSL
+#if defined(DEBUG_WOLFSSL) || \
+    (defined(WOLFSSL_DEBUG_CERTS) && !defined(NO_WOLFSSL_DEBUG_CERTS))
 
 /* Set these to default values initially. */
-static wolfSSL_Logging_cb log_function = NULL;
+static wolfSSL_Logging_cb LogFunction = NULL;
 #ifndef WOLFSSL_LOGGINGENABLED_DEFAULT
 #define WOLFSSL_LOGGINGENABLED_DEFAULT 0
 #endif
 static int loggingEnabled = WOLFSSL_LOGGINGENABLED_DEFAULT;
+#ifndef WOLFSSL_CERT_LOG_ENABLED_DEFAULT
+#define WOLFSSL_CERT_LOG_ENABLED_DEFAULT 0
+#endif
+#ifndef NO_WOLFSSL_DEBUG_CERTS
+static int loggingCertEnabled = WOLFSSL_CERT_LOG_ENABLED_DEFAULT;
+#endif
 THREAD_LS_T const char* log_prefix = NULL;
 
 #if defined(WOLFSSL_APACHE_MYNEWT)
 #include "log/log.h"
 static struct log mynewt_log;
+#define WOLFSSL_APACHE_MYNEWT_NOT_INITALIZED 0
+#define WOLFSSL_APACHE_MYNEWT_INITALIZED     1
+static int loggingApacheNewtRegistered = WOLFSSL_APACHE_MYNEWT_NOT_INITALIZED;
 #endif /* WOLFSSL_APACHE_MYNEWT */
+#endif /* DEBUG_WOLFSSL || WOLFSSL_DEBUG_CERTS */
 
-#endif /* DEBUG_WOLFSSL */
-
-/* allow this to be set to NULL, so logs can be redirected to default output */
-int wolfSSL_SetLoggingCb(wolfSSL_Logging_cb f)
+int wolfSSL_CertDebugging_ON(void)
 {
-#ifdef DEBUG_WOLFSSL
-    log_function = f;
+    /* Certificate debugging is also a subset of full debugging */
+#if defined(WOLFSSL_DEBUG_CERTS) || defined(DEBUG_WOLFSSL)
+    #if defined(NO_WOLFSSL_DEBUG_CERTS)
+        return NOT_COMPILED_IN;
+    #else
+        loggingCertEnabled = 1;
+    #endif
+    #if defined(WOLFSSL_APACHE_MYNEWT)
+        if (loggingApacheNewtRegistered != WOLFSSL_APACHE_MYNEWT_INITALIZED) {
+            log_register("wolfcrypt", &mynewt_log, &log_console_handler,
+                                      NULL, LOG_SYSLEVEL);
+            loggingApacheNewtRegistered = WOLFSSL_APACHE_MYNEWT_INITALIZED;
+        }
+    #endif /* WOLFSSL_APACHE_MYNEWT */
     return 0;
 #else
-    (void)f;
+    return NOT_COMPILED_IN;
+#endif
+}
+
+int wolfSSL_CertDebugging_OFF(void)
+{
+#if defined(WOLFSSL_DEBUG_CERTS) || defined(DEBUG_WOLFSSL)
+    #if defined(NO_WOLFSSL_DEBUG_CERTS)
+        return NOT_COMPILED_IN;
+    #else
+        loggingCertEnabled = 0;
+    #endif
+    return 0;
+#else
+    return NOT_COMPILED_IN;
+#endif
+}
+
+/* allow this to be set to NULL, so logs can be redirected to default output */
+int wolfSSL_SetLoggingCb(wolfSSL_Logging_cb log_function)
+{
+#ifdef DEBUG_WOLFSSL
+    LogFunction = log_function;
+    return 0;
+#else
+    (void)log_function;
     return NOT_COMPILED_IN;
 #endif
 }
@@ -148,7 +193,7 @@ int wolfSSL_SetLoggingCb(wolfSSL_Logging_cb f)
 wolfSSL_Logging_cb wolfSSL_GetLoggingCb(void)
 {
 #ifdef DEBUG_WOLFSSL
-    return log_function;
+    return LogFunction;
 #else
     return NULL;
 #endif
@@ -159,13 +204,22 @@ int wolfSSL_Debugging_ON(void)
 {
 #ifdef DEBUG_WOLFSSL
     loggingEnabled = 1;
-#if defined(WOLFSSL_APACHE_MYNEWT)
-    log_register("wolfcrypt", &mynewt_log, &log_console_handler, NULL, LOG_SYSLEVEL);
-#endif /* WOLFSSL_APACHE_MYNEWT */
+    #ifndef NO_WOLFSSL_DEBUG_CERTS
+        /* Certificate debugging is enabled by default during DEBUG_WOLFSSL,
+         * unless explicitly disabled with NO_WOLFSSL_DEBUG_CERTS */
+        loggingCertEnabled = 1;
+    #endif
+    #if defined(WOLFSSL_APACHE_MYNEWT)
+        if (loggingApacheNewtRegistered != WOLFSSL_APACHE_MYNEWT_INITALIZED) {
+            log_register("wolfcrypt", &mynewt_log, &log_console_handler,
+                                      NULL, LOG_SYSLEVEL);
+            loggingApacheNewtRegistered = WOLFSSL_APACHE_MYNEWT_INITALIZED;
+        }
+    #endif /* WOLFSSL_APACHE_MYNEWT */
     return 0;
 #else
     return NOT_COMPILED_IN;
-#endif
+#endif /* DEBUG_WOLFSSL */
 }
 
 
@@ -173,12 +227,16 @@ void wolfSSL_Debugging_OFF(void)
 {
 #ifdef DEBUG_WOLFSSL
     loggingEnabled = 0;
+    #ifndef NO_WOLFSSL_DEBUG_CERTS
+        loggingCertEnabled = 0;
+    #endif
 #endif
 }
 
-WOLFSSL_API void wolfSSL_SetLoggingPrefix(const char* prefix)
+void wolfSSL_SetLoggingPrefix(const char* prefix)
 {
-#ifdef DEBUG_WOLFSSL
+#if defined(DEBUG_WOLFSSL) || \
+   (defined(WOLFSSL_DEBUG_CERTS) && !defined(NO_WOLFSSL_DEBUG_CERTS))
     log_prefix = prefix;
 #else
     (void)prefix;
@@ -195,7 +253,8 @@ void WOLFSSL_START(int funcNum)
     if (funcNum < WC_FUNC_COUNT) {
         double now = current_time(0) * 1000.0;
     #ifdef WOLFSSL_FUNC_TIME_LOG
-        fprintf(stderr, "%17.3f: START - %s\n", now, wc_func_name[funcNum]);
+        WOLFSSL_DEBUG_PRINTF("%17.3f: START - %s\n",
+                             now, wc_func_name[funcNum]);
     #endif
         wc_func_start[funcNum] = now;
     }
@@ -207,7 +266,8 @@ void WOLFSSL_END(int funcNum)
         double now = current_time(0) * 1000.0;
         wc_func_time[funcNum] += now - wc_func_start[funcNum];
     #ifdef WOLFSSL_FUNC_TIME_LOG
-        fprintf(stderr, "%17.3f: END   - %s\n", now, wc_func_name[funcNum]);
+        WOLFSSL_DEBUG_PRINTF("%17.3f: END   - %s\n",
+                             now, wc_func_name[funcNum]);
     #endif
     }
 }
@@ -220,16 +280,16 @@ void WOLFSSL_TIME(int count)
     for (i = 0; i < WC_FUNC_COUNT; i++) {
         if (wc_func_time[i] > 0) {
             avg = wc_func_time[i] / count;
-            fprintf(stderr, "%8.3f ms: %s\n", avg, wc_func_name[i]);
+            WOLFSSL_DEBUG_PRINTF("%8.3f ms: %s\n", avg, wc_func_name[i]);
             total += avg;
         }
     }
-    fprintf(stderr, "%8.3f ms\n", total);
+    WOLFSSL_DEBUG_PRINTF("%8.3f ms\n", total);
 }
 #endif
 
-#ifdef DEBUG_WOLFSSL
-
+#if defined(DEBUG_WOLFSSL) || \
+    (defined(WOLFSSL_DEBUG_CERTS) && !defined(NO_WOLFSSL_DEBUG_CERTS))
 
 #ifdef HAVE_STACK_SIZE_VERBOSE
 #include <wolfssl/wolfcrypt/mem_track.h>
@@ -240,32 +300,41 @@ static void wolfssl_log(const int logLevel, const char* const file_name,
 {
     (void)file_name;
     (void)line_number;
-    if (log_function)
-        log_function(logLevel, logMessage);
+    if (LogFunction)
+        LogFunction(logLevel, logMessage);
     else {
 #if defined(WOLFSSL_USER_LOG)
         WOLFSSL_USER_LOG(logMessage);
 #elif defined(WOLFSSL_DEBUG_PRINTF_FN)
     #ifdef WOLFSSL_MDK_ARM
         fflush(stdout);
+    #endif
+    /* see settings.h for platform-specific line endings */
+    #ifndef WOLFSSL_DEBUG_LINE_ENDING
+        #define WOLFSSL_DEBUG_LINE_ENDING "\n"
     #endif
         if (log_prefix != NULL) {
-            if (file_name != NULL)
+            if (file_name != NULL) {
                 WOLFSSL_DEBUG_PRINTF_FN(WOLFSSL_DEBUG_PRINTF_FIRST_ARGS
-                        "[%s]: [%s L %d] %s\n",
+                        "[%s]: [%s L %d] %s" WOLFSSL_DEBUG_LINE_ENDING,
                         log_prefix, file_name, line_number, logMessage);
-            else
+            }
+            else {
                 WOLFSSL_DEBUG_PRINTF_FN(WOLFSSL_DEBUG_PRINTF_FIRST_ARGS
-                        "[%s]: %s\n", log_prefix, logMessage);
-        } else {
-            if (file_name != NULL)
-                WOLFSSL_DEBUG_PRINTF_FN(WOLFSSL_DEBUG_PRINTF_FIRST_ARGS
-                        "[%s L %d] %s\n",
-                        file_name, line_number, logMessage);
-            else
-                WOLFSSL_DEBUG_PRINTF_FN(WOLFSSL_DEBUG_PRINTF_FIRST_ARGS
-                        "%s\n", logMessage);
+                   "[%s]: %s" WOLFSSL_DEBUG_LINE_ENDING, log_prefix, logMessage);
+            } /* file_name check */
         }
+        else {
+            if (file_name != NULL) {
+                WOLFSSL_DEBUG_PRINTF_FN(WOLFSSL_DEBUG_PRINTF_FIRST_ARGS
+                        "[%s L %d] %s" WOLFSSL_DEBUG_LINE_ENDING,
+                        file_name, line_number, logMessage);
+            }
+            else {
+                WOLFSSL_DEBUG_PRINTF_FN(WOLFSSL_DEBUG_PRINTF_FIRST_ARGS
+                        "%s" WOLFSSL_DEBUG_LINE_ENDING, logMessage);
+            } /* file_name check */
+        } /* log_prefix check */
     #ifdef WOLFSSL_MDK_ARM
         fflush(stdout);
     #endif
@@ -285,12 +354,91 @@ static void wolfssl_log(const int logLevel, const char* const file_name,
 
 #ifndef WOLFSSL_DEBUG_ERRORS_ONLY
 
+/* Certificate debugging available with either regular debugging
+ * DEBUG_WOLFSSL or just certificate debugging: WOLFSSL_DEBUG_CERTS */
+#if (defined(WOLFSSL_DEBUG_CERTS) || defined(DEBUG_WOLFSSL)) && \
+    !defined(NO_WOLFSSL_DEBUG_CERTS)
+    #include <stdarg.h> /* for var args */
+
+    #ifndef WOLFSSL_MSG_CERT_BUF_SZ
+        #define WOLFSSL_MSG_CERT_BUF_SZ 140
+    #endif
+
+    int WOLFSSL_MSG_CERT(const char* msg)
+    {
+        /* Regular debug may have been compiled out */
+        (void)loggingEnabled;
+
+        if ((msg != NULL) && (loggingCertEnabled != 0)) {
+            wolfssl_log(CERT_LOG, NULL, 0, msg);
+        }
+        return 0;
+    }
+
+    #ifdef XVSNPRINTF
+    #ifdef __clang__
+    /* tell clang argument 1 is format */
+    __attribute__((__format__ (__printf__, 1, 0)))
+    #endif
+    int WOLFSSL_MSG_CERT_EX(const char* fmt, ...)
+    {
+        /* Certificate logging output may have large messages */
+    #ifdef WOLFSSL_SMALL_STACK
+        char*  msg;
+        msg = (char*)XMALLOC(WOLFSSL_MSG_CERT_BUF_SZ, NULL,
+                             DYNAMIC_TYPE_TMP_BUFFER);
+        if (msg == NULL) {
+            return MEMORY_E;
+        }
+    #else
+        char msg[WOLFSSL_MSG_CERT_BUF_SZ];
+    #endif
+        int written;
+        va_list args;
+        va_start(args, fmt);
+        /* Assume zero-terminated msg, len less than WOLFSSL_MSG_CERT_BUF_SZ */
+        written = XVSNPRINTF(msg, WOLFSSL_MSG_CERT_BUF_SZ, fmt, args);
+        va_end(args);
+        if ((written > 0) && (loggingCertEnabled != 0)) {
+            wolfssl_log(INFO_LOG, NULL, 0, msg);
+        }
+#ifdef WOLFSSL_SMALL_STACK
+    XFREE(msg, NULL, DYNAMIC_TYPE_TMP_BUFFER);
+#endif
+        return 0;
+    } /* WOLFSSL_MSG_CERT_EX */
+    #endif /* XVSNPRINTF */
+
+#else /* (!WOLFSSL_DEBUG_CERTS && !DEBUG_WOLFSSL) || NO_WOLFSSL_DEBUG_CERTS */
+
+    #ifdef WOLF_NO_VARIADIC_MACROS
+        #ifdef  __WATCOMC__
+            /* Do-nothing implementation in header for OW Open Watcom V2 */
+        #else
+            int WOLFSSL_MSG_CERT(const char* msg)
+            {
+                (void)msg;
+                return NOT_COMPILED_IN;
+            }
+           int WOLFSSL_MSG_CERT_EX(const char* fmt, ...)
+           {
+               (void)fmt;
+               return NOT_COMPILED_IN;
+           }
+        #endif
+    #else
+        /* using a macro, see logging.h */
+    #endif
+#endif /* (!WOLFSSL_DEBUG_CERTS && !DEBUG_WOLFSSL) || NO_WOLFSSL_DEBUG_CERTS */
+
 #if defined(XVSNPRINTF) && !defined(NO_WOLFSSL_MSG_EX)
 #include <stdarg.h> /* for var args */
+
 #ifndef WOLFSSL_MSG_EX_BUF_SZ
 #define WOLFSSL_MSG_EX_BUF_SZ 100
 #endif
-#undef WOLFSSL_MSG_EX /* undo WOLFSSL_DEBUG_CODEPOINTS wrapper */
+
+#if !defined(WOLFSSL_MSG_EX) && defined(DEBUG_WOLFSSL)
 #ifdef __clang__
 /* tell clang argument 1 is format */
 __attribute__((__format__ (__printf__, 1, 0)))
@@ -308,6 +456,7 @@ void WOLFSSL_MSG_EX(const char* fmt, ...)
             wolfssl_log(INFO_LOG, NULL, 0, msg);
     }
 }
+#endif
 
 #ifdef WOLFSSL_DEBUG_CODEPOINTS
 void WOLFSSL_MSG_EX2(const char *file, int line, const char* fmt, ...)
@@ -323,16 +472,24 @@ void WOLFSSL_MSG_EX2(const char *file, int line, const char* fmt, ...)
             wolfssl_log(INFO_LOG, file, line, msg);
     }
 }
-#endif
+#endif /* WOLFSSL_DEBUG_CODEPOINTS */
 
-#endif
+#else
+    /* We need a do-nothing function when variadic macros not available */
+    #ifdef WOLF_NO_VARIADIC_MACROS
+        /* See header for same-name, do nothing functions */
+    #else
+        /* See header for same-name, do nothing macros */
+    #endif
+#endif /* XVSNPRINTF && !NO_WOLFSSL_MSG_EX */
 
-#undef WOLFSSL_MSG /* undo WOLFSSL_DEBUG_CODEPOINTS wrapper */
+#ifndef WOLFSSL_MSG
 void WOLFSSL_MSG(const char* msg)
 {
     if (loggingEnabled)
         wolfssl_log(INFO_LOG, NULL, 0, msg);
 }
+#endif
 
 #ifdef WOLFSSL_DEBUG_CODEPOINTS
 void WOLFSSL_MSG2(const char *file, int line, const char* msg)
@@ -342,6 +499,7 @@ void WOLFSSL_MSG2(const char *file, int line, const char* msg)
 }
 #endif
 
+#ifndef WOLFSSL_BUFFER
 #ifndef LINE_LEN
 #define LINE_LEN 16
 #endif
@@ -418,8 +576,9 @@ errout:
 
     wolfssl_log(INFO_LOG, NULL, 0, "\t[Buffer error while rendering]");
 }
+#endif /* WOLFSSL_BUFFER */
 
-#undef WOLFSSL_ENTER /* undo WOLFSSL_DEBUG_CODEPOINTS wrapper */
+#ifndef WOLFSSL_ENTER
 void WOLFSSL_ENTER(const char* msg)
 {
     if (loggingEnabled) {
@@ -432,6 +591,7 @@ void WOLFSSL_ENTER(const char* msg)
         wolfssl_log(ENTER_LOG, NULL, 0, buffer);
     }
 }
+#endif /* WOLFSSL_ENTER */
 
 #ifdef WOLFSSL_DEBUG_CODEPOINTS
 void WOLFSSL_ENTER2(const char *file, int line, const char* msg)
@@ -446,9 +606,9 @@ void WOLFSSL_ENTER2(const char *file, int line, const char* msg)
         wolfssl_log(ENTER_LOG, file, line, buffer);
     }
 }
-#endif
+#endif /* WOLFSSL_DEBUG_CODEPOINTS */
 
-#undef WOLFSSL_LEAVE /* undo WOLFSSL_DEBUG_CODEPOINTS wrapper */
+#ifndef WOLFSSL_LEAVE
 void WOLFSSL_LEAVE(const char* msg, int ret)
 {
     if (loggingEnabled) {
@@ -462,6 +622,7 @@ void WOLFSSL_LEAVE(const char* msg, int ret)
         wolfssl_log(LEAVE_LOG, NULL, 0, buffer);
     }
 }
+#endif /* WOLFSSL_LEAVE */
 
 #ifdef WOLFSSL_DEBUG_CODEPOINTS
 void WOLFSSL_LEAVE2(const char *file, int line, const char* msg, int ret)
@@ -485,17 +646,67 @@ void WOLFSSL_LEAVE2(const char *file, int line, const char* msg, int ret)
     #define WOLFSSL_ENTER(msg) WOLFSSL_ENTER2(__FILE__, __LINE__, msg)
     #define WOLFSSL_LEAVE(msg, ret) WOLFSSL_LEAVE2(__FILE__, __LINE__, msg, ret)
     #ifdef XVSNPRINTF
-        #define WOLFSSL_MSG_EX(fmt, args...) \
+/*        #define WOLFSSL_MSG_EX(fmt, args...) \
                 WOLFSSL_MSG_EX2(__FILE__, __LINE__, fmt, ## args)
+    */
     #endif
 #endif
 
-WOLFSSL_API int WOLFSSL_IS_DEBUG_ON(void)
+#ifndef WOLFSSL_IS_DEBUG_ON
+int WOLFSSL_IS_DEBUG_ON(void)
 {
     return loggingEnabled;
 }
+#endif /* WOLFSSL_IS_DEBUG_ON */
 #endif /* !WOLFSSL_DEBUG_ERRORS_ONLY */
-#endif /* DEBUG_WOLFSSL */
+
+#else
+    /* !(DEBUG_WOLFSSL || (WOLFSSL_DEBUG_CERTS && !NO_WOLFSSL_DEBUG_CERTS)) */
+    /*
+     * Create some no-op functions for compilers without variadic macros,
+     * other than Open Watcom V2.
+     */
+    #ifdef WOLF_NO_VARIADIC_MACROS
+        /* no debug and cannot use variadic macros */
+        #ifdef __WATCOMC__
+            /* see logging.h for no-op Watcom implementation */
+        #else
+            int WOLFSSL_MSG_CERT(const char* msg)
+            {
+                (void)msg;
+                return NOT_COMPILED_IN;
+            }
+
+            int WOLFSSL_MSG_CERT_EX(const char* fmt, ...)
+            {
+                (void)fmt;
+                return NOT_COMPILED_IN;
+            }
+        #endif
+    #else
+        /* see logging.h for variadic macros */
+    #endif
+#endif /* DEBUG_WOLFSSL || (WOLFSSL_DEBUG_CERTS && !NO_WOLFSSL_DEBUG_CERTS) */
+
+/* Final catch for no-op WOLFSSL_MSG_EX needing implementation */
+#ifdef __WATCOMC__
+    /* See no-op implementation as needed in logging.h */
+#else
+    #ifdef DEBUG_WOLFSSL
+        /* The empty no-op function is not needed when debugging */
+    #else
+        #if defined(HAVE_WOLFSSL_MSG_EX) || defined(WOLF_NO_VARIADIC_MACROS)
+            void WOLFSSL_MSG_EX(const char* fmt, ...)
+            {
+                (void)fmt;
+            }
+        #else
+            /* See macro in header */
+        #endif
+    #endif
+#endif
+
+
 
 #if defined(OPENSSL_EXTRA) || defined(DEBUG_WOLFSSL_VERBOSE) || defined(HAVE_MEMCACHED)
 
@@ -1641,36 +1852,21 @@ static int backtrace_callback(void *data, uintptr_t pc, const char *filename,
         *(int *)data = 1;
         return 0;
     }
-#ifdef NO_STDIO_FILESYSTEM
-    printf("    #%d %p in %s %s:%d\n", (*(int *)data)++, (void *)pc,
-           function, filename, lineno);
-#else
-    fprintf(stderr, "    #%d %p in %s %s:%d\n", (*(int *)data)++, (void *)pc,
-            function, filename, lineno);
-#endif
+    WOLFSSL_DEBUG_PRINTF("    #%d %p in %s %s:%d\n", (*(int *)data)++,
+                         (void *)pc, function, filename, lineno);
     return 0;
 }
 
 static void backtrace_error(void *data, const char *msg, int errnum) {
     (void)data;
-#ifdef NO_STDIO_FILESYSTEM
-    printf("ERR TRACE: error %d while backtracing: %s", errnum, msg);
-#else
-    fprintf(stderr, "ERR TRACE: error %d while backtracing: %s", errnum, msg);
-#endif
+    WOLFSSL_DEBUG_PRINTF("ERR TRACE: error %d while backtracing: %s",
+                         errnum, msg);
 }
 
 static void backtrace_creation_error(void *data, const char *msg, int errnum) {
     (void)data;
-#ifdef NO_STDIO_FILESYSTEM
-    printf("ERR TRACE: internal error %d "
+    WOLFSSL_DEBUG_PRINTF("ERR TRACE: internal error %d "
             "while initializing backtrace facility: %s", errnum, msg);
-    printf("ERR TRACE: internal error "
-           "while initializing backtrace facility");
-#else
-    fprintf(stderr, "ERR TRACE: internal error %d "
-            "while initializing backtrace facility: %s", errnum, msg);
-#endif
 }
 
 static int backtrace_init(struct backtrace_state **backtrace_state) {
diff --git a/wolfcrypt/src/memory.c b/wolfcrypt/src/memory.c
index 17663b3e0..b8570f3f6 100644
--- a/wolfcrypt/src/memory.c
+++ b/wolfcrypt/src/memory.c
@@ -22,10 +22,19 @@
 /* inhibit "#undef current" in linuxkm_wc_port.h, included from wc_port.h,
  * because needed in linuxkm_memory.c, included below.
  */
-#define WOLFSSL_LINUXKM_NEED_LINUX_CURRENT
+#ifdef WOLFSSL_LINUXKM
+    #define WOLFSSL_LINUXKM_NEED_LINUX_CURRENT
+#endif
 
 #include <wolfssl/wolfcrypt/libwolfssl_sources.h>
 
+#ifdef NO_INLINE
+    #include <wolfssl/wolfcrypt/misc.h>
+#else
+    #define WOLFSSL_MISC_INCLUDED
+    #include <wolfcrypt/src/misc.c>
+#endif
+
 /*
 Possible memory options:
  * NO_WOLFSSL_MEMORY:               Disables wolf memory callback support. When not defined settings.h defines USE_WOLFSSL_MEMORY.
@@ -205,7 +214,7 @@ static wolfSSL_Mutex zeroMutex WOLFSSL_MUTEX_INITIALIZER_CLAUSE(zeroMutex);
 
 /* Initialize the table of addresses and the mutex.
  */
-void wc_MemZero_Init()
+void wc_MemZero_Init(void)
 {
     /* Clear the table to more easily see what is valid. */
     XMEMSET(memZero, 0, sizeof(memZero));
@@ -219,7 +228,7 @@ void wc_MemZero_Init()
 
 /* Free the mutex and check we have not any uncheck addresses.
  */
-void wc_MemZero_Free()
+void wc_MemZero_Free(void)
 {
     /* Free mutex. */
 #ifndef WOLFSSL_MUTEX_INITIALIZER
@@ -295,7 +304,9 @@ void wc_MemZero_Check(void* addr, size_t len)
                 fprintf(stderr, "\n[MEM_ZERO] %s:%p + %ld is not zero\n",
                     memZero[i].name, memZero[i].addr, j);
                 fprintf(stderr, "[MEM_ZERO] Checking %p:%ld\n", addr, len);
+            #ifndef TEST_ALWAYS_RUN_TO_END
                 abort();
+            #endif
             }
         }
         /* Update next index to write to. */
@@ -542,7 +553,7 @@ void wolfSSL_SetDebugMemoryCb(DebugMemoryCb cb)
    wc_Memory** list is the list that new buckets are prepended to
  */
 static int wc_create_memory_buckets(byte* buffer, word32 bufSz,
-                              word32 buckSz, byte buckNum, wc_Memory** list) {
+                              word32 buckSz, word32 buckNum, wc_Memory** list) {
     byte*  pt  = buffer;
     int    ret = 0;
     byte memSz   = (byte)sizeof(wc_Memory);
@@ -1015,13 +1026,13 @@ void* wolfSSL_Malloc(size_t size, void* heap, int type)
             #endif
 
             #ifdef WOLFSSL_DEBUG_MEMORY
-                fprintf(stderr, "[HEAP %p] Alloc: %p -> %u at %s:%d\n", heap,
+                fprintf(stderr, "[HEAP %p] Alloc: %p -> %u at %s:%u\n", heap,
                     res, (word32)size, func, line);
             #endif
         #else
             WOLFSSL_MSG("No heap hint found to use and no malloc");
             #ifdef WOLFSSL_DEBUG_MEMORY
-            fprintf(stderr, "ERROR: at %s:%d\n", func, line);
+            fprintf(stderr, "ERROR: at %s:%u\n", func, line);
             #endif
         #endif /* WOLFSSL_NO_MALLOC */
         #endif /* WOLFSSL_HEAP_TEST */
@@ -1100,7 +1111,7 @@ void* wolfSSL_Malloc(size_t size, void* heap, int type)
 
         #ifdef WOLFSSL_DEBUG_MEMORY
             pt->szUsed = size;
-            fprintf(stderr, "[HEAP %p] Alloc: %p -> %lu at %s:%d\n", heap,
+            fprintf(stderr, "[HEAP %p] Alloc: %p -> %lu at %s:%u\n", heap,
                 pt->buffer, size, func, line);
         #endif
         #ifdef WOLFSSL_STATIC_MEMORY_DEBUG_CALLBACK
@@ -1130,7 +1141,7 @@ void* wolfSSL_Malloc(size_t size, void* heap, int type)
             WOLFSSL_MSG("ERROR ran out of static memory");
             res = NULL;
             #ifdef WOLFSSL_DEBUG_MEMORY
-                fprintf(stderr, "Looking for %lu bytes at %s:%d\n",
+                fprintf(stderr, "Looking for %lu bytes at %s:%u\n",
                     (unsigned long) size, func, line);
             #endif
             #ifdef WOLFSSL_STATIC_MEMORY_DEBUG_CALLBACK
@@ -1167,14 +1178,14 @@ void wolfSSL_Free(void *ptr, void* heap, int type)
 #endif
 {
     int i;
-    wc_Memory* pt;
+    wc_Memory* pt = NULL;
 
     if (ptr) {
         /* check for testing heap hint was set */
     #ifdef WOLFSSL_HEAP_TEST
         if (heap == (void*)WOLFSSL_HEAP_TEST) {
         #ifdef WOLFSSL_DEBUG_MEMORY
-            fprintf(stderr, "[HEAP %p] Free: %p at %s:%d\n", heap, pt, func,
+            fprintf(stderr, "[HEAP %p] Free: %p at %s:%u\n", heap, pt, func,
                 line);
         #endif
             return free(ptr); /* native heap */
@@ -1194,7 +1205,7 @@ void wolfSSL_Free(void *ptr, void* heap, int type)
         #endif
         #ifndef WOLFSSL_NO_MALLOC
             #ifdef WOLFSSL_DEBUG_MEMORY
-            fprintf(stderr, "[HEAP %p] Free: %p at %s:%d\n", heap, pt, func,
+            fprintf(stderr, "[HEAP %p] Free: %p at %s:%u\n", heap, pt, func,
                 line);
             #endif
             #ifdef FREERTOS
@@ -1275,7 +1286,7 @@ void wolfSSL_Free(void *ptr, void* heap, int type)
         #endif
 
         #ifdef WOLFSSL_DEBUG_MEMORY
-            fprintf(stderr, "[HEAP %p] Free: %p -> %u at %s:%d\n", heap,
+            fprintf(stderr, "[HEAP %p] Free: %p -> %u at %s:%u\n", heap,
                 pt->buffer, pt->szUsed, func, line);
         #endif
 
@@ -1376,7 +1387,9 @@ void* wolfSSL_Realloc(void *ptr, size_t size, void* heap, int type)
                 WOLFSSL_MSG("Error IO memory was not large enough");
                 res = NULL; /* return NULL in error case */
             }
-            res = pt->buffer;
+            else {
+                res = pt->buffer;
+            }
         }
         else
     #endif
@@ -1658,6 +1671,14 @@ void __attribute__((no_instrument_function))
 }
 #endif
 
+#ifndef WOLFSSL_NO_FORCE_ZERO
+/* Exported version of ForceZero(). */
+void wc_ForceZero(void *mem, size_t len)
+{
+    ForceZero(mem, len);
+}
+#endif
+
 #ifdef WC_DEBUG_CIPHER_LIFECYCLE
 static const byte wc_debug_cipher_lifecycle_tag_value[] =
     { 'W', 'o', 'l', 'f' };
diff --git a/wolfcrypt/src/misc.c b/wolfcrypt/src/misc.c
index e681d2bbd..655c11672 100644
--- a/wolfcrypt/src/misc.c
+++ b/wolfcrypt/src/misc.c
@@ -587,32 +587,36 @@ WC_MISC_STATIC WC_INLINE void xorbuf(void* buf, const void* mask, word32 count)
 
 #ifndef WOLFSSL_NO_FORCE_ZERO
 /* This routine fills the first len bytes of the memory area pointed by mem
-   with zeros. It ensures compiler optimization doesn't skip it  */
-WC_MISC_STATIC WC_INLINE void ForceZero(void* mem, word32 len)
+   with zeros. It ensures compiler optimization doesn't skip it. */
+WC_MISC_STATIC WC_INLINE void ForceZero(void* mem, size_t len)
 {
-    volatile byte* z = (volatile byte*)mem;
+    byte *zb = (byte *)mem;
+    unsigned long *zl;
 
-#if (defined(WOLFSSL_X86_64_BUILD) || defined(WOLFSSL_AARCH64_BUILD)) \
-            && defined(WORD64_AVAILABLE)
-    volatile word64* w;
-    #ifndef WOLFSSL_UNALIGNED_64BIT_ACCESS
-        word32 l = (sizeof(word64) - ((size_t)z & (sizeof(word64)-1))) &
-                                                             (sizeof(word64)-1);
+    XFENCE();
 
-        if (len < l) l = len;
-        len -= l;
-        while (l--) *z++ = 0;
-    #endif
-        for (w = (volatile word64*)z;
-             len >= sizeof(*w);
-             len -= (word32)sizeof(*w))
-        {
-            *w++ = 0;
-        }
-    z = (volatile byte*)w;
-#endif
+    while ((wc_ptr_t)zb & (wc_ptr_t)(sizeof(unsigned long) - 1U)) {
+        if (len == 0)
+            return;
+        *zb++ = 0;
+        --len;
+    }
 
-    while (len--) *z++ = 0;
+    zl = (unsigned long *)zb;
+
+    while (len >= sizeof(unsigned long)) {
+        *zl++ = 0;
+        len -= sizeof(unsigned long);
+    }
+
+    zb = (byte *)zl;
+
+    while (len) {
+        *zb++ = 0;
+        --len;
+    }
+
+    XFENCE();
 }
 #endif
 
@@ -634,7 +638,8 @@ WC_MISC_STATIC WC_INLINE int ConstantCompare(const byte* a, const byte* b,
 #endif
 
 
-#if defined(WOLFSSL_NO_CT_OPS) && (!defined(NO_RSA) || !defined(WOLFCRYPT_ONLY))
+#if defined(WOLFSSL_NO_CT_OPS) && (!defined(NO_RSA) || !defined(WOLFCRYPT_ONLY)) \
+    && (!defined(WOLFSSL_RSA_VERIFY_ONLY))
 /* constant time operations with mask are required for RSA and TLS operations */
 #warning constant time operations required unless using NO_RSA & WOLFCRYPT_ONLY
 #endif
@@ -769,7 +774,7 @@ WC_MISC_STATIC WC_INLINE void ctMaskCopy(byte mask, byte* dst, byte* src,
     {
 #if !defined(WOLFSSL_NO_CT_OPS) && !defined(WOLFSSL_NO_CT_MAX_MIN) && \
     defined(WORD64_AVAILABLE)
-        word32 gte_mask = (word32)ctMaskWord32GTE(a, b);
+        volatile word32 gte_mask = (word32)ctMaskWord32GTE(a, b);
         return (a & ~gte_mask) | (b & gte_mask);
 #else /* WOLFSSL_NO_CT_OPS */
         return a > b ? b : a;
@@ -786,7 +791,7 @@ WC_MISC_STATIC WC_INLINE void ctMaskCopy(byte mask, byte* dst, byte* src,
     {
 #if !defined(WOLFSSL_NO_CT_OPS) && !defined(WOLFSSL_NO_CT_MAX_MIN) && \
     defined(WORD64_AVAILABLE)
-        word32 gte_mask = (word32)ctMaskWord32GTE(a, b);
+        volatile word32 gte_mask = (word32)ctMaskWord32GTE(a, b);
         return (a & gte_mask) | (b & ~gte_mask);
 #else /* WOLFSSL_NO_CT_OPS */
         return a > b ? a : b;
diff --git a/wolfcrypt/src/pkcs7.c b/wolfcrypt/src/pkcs7.c
index 1b4fcf687..686d06856 100644
--- a/wolfcrypt/src/pkcs7.c
+++ b/wolfcrypt/src/pkcs7.c
@@ -6814,14 +6814,15 @@ static int PKCS7_GenerateContentEncryptionKey(wc_PKCS7* pkcs7, word32 len)
 }
 
 
-/* wrap CEK (content encryption key) with KEK, 0 on success, < 0 on error */
-static int wc_PKCS7_KeyWrap(byte* cek, word32 cekSz, byte* kek,
-                            word32 kekSz, byte* out, word32 outSz,
-                            int keyWrapAlgo, int direction)
+/* wrap CEK (content encryption key) with KEK, returns output size (> 0) on
+ * success, < 0 on error */
+static int wc_PKCS7_KeyWrap(const wc_PKCS7 * pkcs7, const byte * cek,
+        word32 cekSz, const byte * kek, word32 kekSz, byte * out, word32 outSz,
+        int keyWrapAlgo, int direction)
 {
     int ret = 0;
 
-    if (cek == NULL || kek == NULL || out == NULL)
+    if (pkcs7 == NULL || cek == NULL || kek == NULL || out == NULL)
         return BAD_FUNC_ARG;
 
     switch (keyWrapAlgo) {
@@ -6837,14 +6838,32 @@ static int wc_PKCS7_KeyWrap(byte* cek, word32 cekSz, byte* kek,
     #endif
 
             if (direction == AES_ENCRYPTION) {
-
-                ret = wc_AesKeyWrap(kek, kekSz, cek, cekSz,
-                                    out, outSz, NULL);
+                if (pkcs7->aesKeyWrapUnwrapCb != NULL) {
+                    ret = pkcs7->aesKeyWrapUnwrapCb(kek, kekSz, cek, cekSz, 1,
+                                                    out, outSz);
+                }
+                else {
+                #ifdef HAVE_AES_KEYWRAP
+                    ret = wc_AesKeyWrap(kek, kekSz, cek, cekSz,
+                                        out, outSz, NULL);
+                #else
+                    ret = NOT_COMPILED_IN;
+                #endif
+                }
 
             } else if (direction == AES_DECRYPTION) {
-
-                ret = wc_AesKeyUnWrap(kek, kekSz, cek, cekSz,
-                                      out, outSz, NULL);
+                if (pkcs7->aesKeyWrapUnwrapCb != NULL) {
+                    ret = pkcs7->aesKeyWrapUnwrapCb(kek, kekSz, cek, cekSz, 0,
+                                                    out, outSz);
+                }
+                else {
+                #ifdef HAVE_AES_KEYWRAP
+                    ret = wc_AesKeyUnWrap(kek, kekSz, cek, cekSz,
+                                          out, outSz, NULL);
+                #else
+                    ret = NOT_COMPILED_IN;
+                #endif
+                }
             } else {
                 WOLFSSL_MSG("Bad key un/wrap direction");
                 return BAD_FUNC_ARG;
@@ -7353,16 +7372,16 @@ static int wc_PKCS7_KariGenerateKEK(WC_PKCS7_KARI* kari, WC_RNG* rng,
             return BAD_FUNC_ARG;
     };
 
+#ifdef HAVE_X963_KDF
     ret = wc_X963_KDF(kdfType, secret, secretSz, kari->sharedInfo,
                       kari->sharedInfoSz, kari->kek, kari->kekSz);
-    if (ret != 0) {
-        XFREE(secret, kari->heap, DYNAMIC_TYPE_PKCS7);
-        return ret;
-    }
+#else
+    (void)kdfType;
+    ret = NOT_COMPILED_IN;
+#endif
 
     XFREE(secret, kari->heap, DYNAMIC_TYPE_PKCS7);
-
-    return 0;
+    return ret;
 }
 
 
@@ -7548,7 +7567,7 @@ int wc_PKCS7_AddRecipient_KARI(wc_PKCS7* pkcs7, const byte* cert, word32 certSz,
     }
 
     /* encrypt CEK with KEK */
-    keySz = wc_PKCS7_KeyWrap(pkcs7->cek, pkcs7->cekSz, kari->kek,
+    keySz = wc_PKCS7_KeyWrap(pkcs7, pkcs7->cek, pkcs7->cekSz, kari->kek,
                              kari->kekSz, encryptedKey, encryptedKeySz,
                              keyWrapOID, direction);
     if (keySz <= 0) {
@@ -9630,9 +9649,8 @@ int wc_PKCS7_AddRecipient_KEKRI(wc_PKCS7* pkcs7, int keyWrapOID, byte* kek,
         direction = DES_ENCRYPTION;
     #endif
 
-    encryptedKeySz = wc_PKCS7_KeyWrap(pkcs7->cek, pkcs7->cekSz, kek, kekSz,
-                               encryptedKey, (word32)encryptedKeySz, keyWrapOID,
-                               direction);
+    encryptedKeySz = wc_PKCS7_KeyWrap(pkcs7, pkcs7->cek, pkcs7->cekSz, kek,
+            kekSz, encryptedKey, (word32)encryptedKeySz, keyWrapOID, direction);
     if (encryptedKeySz < 0) {
     #ifdef WOLFSSL_SMALL_STACK
         XFREE(encryptedKey, pkcs7->heap, DYNAMIC_TYPE_PKCS7);
@@ -11082,6 +11100,19 @@ int wc_PKCS7_SetWrapCEKCb(wc_PKCS7* pkcs7, CallbackWrapCEK cb)
     return 0;
 }
 
+
+/* return 0 on success */
+int wc_PKCS7_SetAESKeyWrapUnwrapCb(wc_PKCS7* pkcs7, CallbackAESKeyWrapUnwrap aesKeyWrapUnwrapCb)
+{
+    if (pkcs7 == NULL)
+        return BAD_FUNC_ARG;
+
+    pkcs7->aesKeyWrapUnwrapCb = aesKeyWrapUnwrapCb;
+
+    return 0;
+}
+
+
 /* Decrypt ASN.1 OtherRecipientInfo (ori), as defined by:
  *
  *   OtherRecipientInfo ::= SEQUENCE {
@@ -11529,10 +11560,9 @@ static int wc_PKCS7_DecryptKekri(wc_PKCS7* pkcs7, byte* in, word32 inSz,
                                     (int)PKCS7_KEKRI, direction);
             }
             else {
-                keySz = wc_PKCS7_KeyWrap(pkiMsg + *idx, (word32)length,
-                                    pkcs7->privateKey, pkcs7->privateKeySz,
-                                    decryptedKey, *decryptedKeySz,
-                                    (int)keyWrapOID, direction);
+                keySz = wc_PKCS7_KeyWrap(pkcs7, pkiMsg + *idx, (word32)length,
+                        pkcs7->privateKey, pkcs7->privateKeySz, decryptedKey,
+                        *decryptedKeySz, (int)keyWrapOID, direction);
             }
             if (keySz <= 0)
                 return keySz;
@@ -11795,9 +11825,10 @@ static int wc_PKCS7_DecryptKari(wc_PKCS7* pkcs7, byte* in, word32 inSz,
                 }
 
                 /* decrypt CEK with KEK */
-                keySz = wc_PKCS7_KeyWrap(encryptedKey, (word32)encryptedKeySz,
-                    kari->kek, kari->kekSz, decryptedKey, *decryptedKeySz,
-                    (int)keyWrapOID, direction);
+                keySz = wc_PKCS7_KeyWrap(pkcs7, encryptedKey,
+                        (word32)encryptedKeySz, kari->kek, kari->kekSz,
+                        decryptedKey, *decryptedKeySz, (int)keyWrapOID,
+                        direction);
             }
             if (keySz <= 0) {
                 wc_PKCS7_KariFree(kari);
@@ -12308,7 +12339,7 @@ static int wc_PKCS7_ParseToRecipientInfoSet(wc_PKCS7* pkcs7, byte* in,
  * the secret key for decryption a EnvelopedData KEKRI RecipientInfo.
  *
  * Returns 0 on success, negative upon error */
-WOLFSSL_API int wc_PKCS7_SetKey(wc_PKCS7* pkcs7, byte* key, word32 keySz)
+int wc_PKCS7_SetKey(wc_PKCS7* pkcs7, byte* key, word32 keySz)
 {
     if (pkcs7 == NULL || key == NULL || keySz == 0)
         return BAD_FUNC_ARG;
@@ -12358,7 +12389,7 @@ static int PKCS7_CacheEncryptedContent(wc_PKCS7* pkcs7, byte* in, word32 inSz)
 
 
 /* unwrap and decrypt PKCS#7 envelopedData object, return decoded size */
-WOLFSSL_API int wc_PKCS7_DecodeEnvelopedData(wc_PKCS7* pkcs7, byte* in,
+int wc_PKCS7_DecodeEnvelopedData(wc_PKCS7* pkcs7, byte* in,
                                          word32 inSz, byte* output,
                                          word32 outputSz)
 {
@@ -12934,6 +12965,116 @@ WOLFSSL_API int wc_PKCS7_DecodeEnvelopedData(wc_PKCS7* pkcs7, byte* in,
 }
 
 
+int wc_PKCS7_GetEnvelopedDataKariRid(const byte * in, word32 inSz,
+        byte * out, word32 * outSz)
+{
+    int ret = 0;
+    word32 idx = 0;
+    int length = 0;
+    word32 contentType = 0;
+    word32 ridIdx = 0;
+    byte ridTag = 0;
+
+    if (in == NULL || inSz == 0 || out == NULL || outSz == NULL) {
+        ret = BAD_FUNC_ARG;
+    }
+    /* Consume ContentInfo SEQUENCE header. */
+    else if (GetSequence(in, &idx, &length, inSz) < 0) {
+        ret = ASN_PARSE_E;
+    }
+    /* Validate the EnvelopedData OBJECT IDENTIFIER. */
+    else if (wc_GetContentType(in, &idx, &contentType, inSz) < 0) {
+        ret = ASN_PARSE_E;
+    }
+    else if (contentType != ENVELOPED_DATA) {
+        WOLFSSL_MSG("PKCS#7 input not of type EnvelopedData");
+        ret = PKCS7_OID_E;
+    }
+    /* Consume EXPLICIT content [0] header. */
+    else if (GetASNHeader(in, ASN_CONTEXT_SPECIFIC | ASN_CONSTRUCTED, &idx,
+                &length, inSz) < 0) {
+        ret = ASN_PARSE_E;
+    }
+    /* Consume EnvelopedData SEQUENCE header. */
+    else if (GetSequence(in, &idx, &length, inSz) < 0) {
+        ret = ASN_PARSE_E;
+    }
+    /* Consume version. */
+    else if (GetMyVersion(in, &idx, &length, inSz) < 0) {
+        ret = ASN_PARSE_E;
+    }
+    /* Consume originatorInfo if present. */
+    else if (GetASNHeader(in, ASN_CONTEXT_SPECIFIC | ASN_CONSTRUCTED, &idx,
+                &length, inSz) >= 0) {
+        idx += (word32)length;
+    }
+    /* Consume recipientInfos SET OF header. */
+    if (ret == 0 && GetSet(in, &idx, &length, inSz) < 0) {
+        ret = ASN_PARSE_E;
+    }
+    /* Consume kari [1] header. */
+    if (ret == 0 && GetASNHeader(in, ASN_CONTEXT_SPECIFIC | ASN_CONSTRUCTED | 1,
+                &idx, &length, inSz) < 0) {
+        ret = ASN_PARSE_E;
+    }
+    /* Consume KARI version. */
+    if (ret == 0 && GetMyVersion(in, &idx, &length, inSz) < 0) {
+        ret = ASN_PARSE_E;
+    }
+    /* Consume KARI originator [0] header. */
+    if (ret == 0 && GetASNHeader(in, ASN_CONTEXT_SPECIFIC | ASN_CONSTRUCTED,
+                &idx, &length, inSz) < 0) {
+        ret = ASN_PARSE_E;
+    }
+    /* Skip originator [0] content. */
+    if (ret == 0)
+        idx += (word32)length;
+    /* Consume KARI ukm [1] if present. */
+    if (ret == 0 && GetASNHeader(in, ASN_CONTEXT_SPECIFIC | ASN_CONSTRUCTED | 1,
+                &idx, &length, inSz) >= 0) {
+        idx += (word32) length;
+    }
+    /* Consume KARI keyEncryptionAlgorithm. */
+    if (ret == 0 && GetSequence(in, &idx, &length, inSz) < 0) {
+        ret = ASN_PARSE_E;
+    }
+    /* Skip keyEncryptionAlgorithm content. */
+    if (ret == 0)
+        idx += (word32)length;
+    /* Consume RecipientEncryptedKeys SEQUENCE OF header. */
+    if (ret == 0 && GetSequence(in, &idx, &length, inSz) < 0) {
+        ret = ASN_PARSE_E;
+    }
+    /* Consume RecipientEncryptedKey SEQUENCE header. */
+    if (ret == 0 && GetSequence(in, &idx, &length, inSz) < 0) {
+        ret = ASN_PARSE_E;
+    }
+    if (ret == 0)
+        ridIdx = idx;
+    /* Consume KeyAgreeRecipientIdentifier tag. */
+    if (ret == 0 && GetASNTag(in, &idx, &ridTag, inSz) < 0) {
+        ret = ASN_PARSE_E;
+    }
+    /* Consume KeyAgreeRecipientIdentifier length. */
+    if (ret == 0 && GetLength(in, &idx, &length, inSz) < 0) {
+        ret = ASN_PARSE_E;
+    }
+    if (ret == 0) {
+        word32 ridSz = (idx + (word32)length) - ridIdx;
+        if (ridSz > *outSz) {
+            /* Not enough room in output buffer. */
+            ret = BUFFER_E;
+        }
+        else {
+            /* Copy KeyAgreeRecipientIdentifier to output buffer. */
+            XMEMCPY(out, &in[ridIdx], ridSz);
+            *outSz = ridSz;
+        }
+    }
+    return ret;
+}
+
+
 /* build PKCS#7 authEnvelopedData content type, return enveloped size */
 int wc_PKCS7_EncodeAuthEnvelopedData(wc_PKCS7* pkcs7, byte* output,
                                      word32 outputSz)
@@ -13486,7 +13627,7 @@ int wc_PKCS7_EncodeAuthEnvelopedData(wc_PKCS7* pkcs7, byte* output,
 
 
 /* unwrap and decrypt PKCS#7 AuthEnvelopedData object, return decoded size */
-WOLFSSL_API int wc_PKCS7_DecodeAuthEnvelopedData(wc_PKCS7* pkcs7, byte* in,
+int wc_PKCS7_DecodeAuthEnvelopedData(wc_PKCS7* pkcs7, byte* in,
                                                  word32 inSz, byte* output,
                                                  word32 outputSz)
 {
@@ -15305,6 +15446,129 @@ int wc_PKCS7_DecodeCompressedData(wc_PKCS7* pkcs7, byte* pkiMsg,
 
 #endif /* HAVE_LIBZ && !NO_PKCS7_COMPRESSED_DATA */
 
+static int wc_PKCS7_DecodeSymmetricKeyPackage(const byte * skp, word32 skpSz,
+        size_t index, const byte ** out, word32 * outSz, int getKey)
+{
+    word32 skpIndex = 0;
+    int length = 0;
+    int version = 0;
+    int ret = 0;
+
+    if (skp == NULL || out == NULL || outSz == NULL)
+        ret = BAD_FUNC_ARG;
+
+    /* Expect a SEQUENCE header to start the SymmetricKeyPackage object. */
+    if (ret == 0 && GetSequence(skp, &skpIndex, &length, skpSz) < 0)
+        ret = ASN_PARSE_E;
+
+    /* Expect version v1 */
+    if (ret == 0 && GetMyVersion(skp, &skpIndex, &version, skpSz) < 0)
+        ret = ASN_PARSE_E;
+
+    if (ret == 0 && version != 1)
+        ret = ASN_PARSE_E;
+
+    if (ret == 0 && GetASNHeader(skp, ASN_CONTEXT_SPECIFIC | ASN_CONSTRUCTED,
+            &skpIndex, &length, skpSz) >= 0) {
+        /* sKeyPkgAttrs [0] tag found so there are attributes present. */
+        if (getKey != 0) {
+            /* Key was requested, not attribute, so skip the attributes. */
+            skpIndex += (word32)length;
+        }
+        else {
+            /* sKeyPkgAttrs is present at &skp[skpIndex], length in length */
+            ret = wc_IndexSequenceOf(&skp[skpIndex], (word32)length, index,
+                    out, outSz);
+        }
+    }
+    else if (ret == 0 && getKey == 0) {
+        /* An attribute was requested, but none are present. */
+        ret = BAD_INDEX_E;
+    }
+
+    if (ret == 0 && getKey != 0) {
+        /* sKeys is present at &skp[skpIndex]. */
+        ret = wc_IndexSequenceOf(&skp[skpIndex], skpSz - skpIndex, index,
+                out, outSz);
+    }
+
+    return ret;
+}
+
+int wc_PKCS7_DecodeSymmetricKeyPackageAttribute(const byte * skp,
+        word32 skpSz, size_t index, const byte ** attr, word32 * attrSz)
+{
+    return wc_PKCS7_DecodeSymmetricKeyPackage(skp, skpSz, index, attr, attrSz,
+            0);
+}
+
+int wc_PKCS7_DecodeSymmetricKeyPackageKey(const byte * skp,
+        word32 skpSz, size_t index, const byte ** key, word32 * keySz)
+{
+    return wc_PKCS7_DecodeSymmetricKeyPackage(skp, skpSz, index, key, keySz, 1);
+}
+
+int wc_PKCS7_DecodeOneSymmetricKeyAttribute(const byte * osk,
+        word32 oskSz, size_t index, const byte ** attr, word32 * attrSz)
+{
+    word32 oskIndex = 0;
+    word32 tmpIndex;
+    int length = 0;
+    int ret = 0;
+
+    if (osk == NULL || attr == NULL || attrSz == NULL)
+        ret = BAD_FUNC_ARG;
+
+    /* Expect a SEQUENCE header to start the OneSymmetricKey object. */
+    if (ret == 0 && GetSequence(osk, &oskIndex, &length, oskSz) < 0)
+        ret = ASN_PARSE_E;
+
+    tmpIndex = oskIndex;
+
+    if (ret == 0 && GetSequence(osk, &tmpIndex, &length, oskSz) < 0) {
+        /* sKeyAttrs is not present. */
+        ret = BAD_INDEX_E;
+    }
+
+    /* Index the sKeyAttrs SEQUENCE OF object with the given index. */
+    if (ret == 0)
+        ret = wc_IndexSequenceOf(&osk[oskIndex], oskSz - oskIndex, index, attr,
+            attrSz);
+
+    return ret;
+}
+
+int wc_PKCS7_DecodeOneSymmetricKeyKey(const byte * osk,
+        word32 oskSz, const byte ** key, word32 * keySz)
+{
+    word32 oskIndex = 0;
+    int length = 0;
+    int ret = 0;
+
+    if (osk == NULL || key == NULL || keySz == NULL)
+        ret = BAD_FUNC_ARG;
+
+    /* Expect a SEQUENCE header to start the OneSymmetricKey object. */
+    if (ret == 0 && GetSequence(osk, &oskIndex, &length, oskSz) < 0)
+        ret = ASN_PARSE_E;
+
+    if (ret == 0 && GetSequence(osk, &oskIndex, &length, oskSz) >= 0) {
+        /* sKeyAttrs is present. Skip it. */
+        oskIndex += (word32)length;
+    }
+
+    if (ret == 0 && GetASNHeader(osk, ASN_OCTET_STRING, &oskIndex, &length,
+                oskSz) < 0)
+        ret = ASN_PARSE_E;
+
+    if (ret == 0) {
+        *key = &osk[oskIndex];
+        *keySz = (word32)length;
+    }
+
+    return ret;
+}
+
 #else  /* HAVE_PKCS7 */
 
 
@@ -15315,4 +15579,3 @@ int wc_PKCS7_DecodeCompressedData(wc_PKCS7* pkcs7, byte* pkiMsg,
 
 
 #endif /* HAVE_PKCS7 */
-
diff --git a/wolfcrypt/src/poly1305.c b/wolfcrypt/src/poly1305.c
index f8e230f4c..80286eb97 100644
--- a/wolfcrypt/src/poly1305.c
+++ b/wolfcrypt/src/poly1305.c
@@ -83,12 +83,13 @@ and Daniel J. Bernstein
 #endif
 
 #ifdef USE_INTEL_POLY1305_SPEEDUP
-static word32 intel_flags = 0;
-static word32 cpu_flags_set = 0;
+static cpuid_flags_t intel_flags = WC_CPUID_INITIALIZER;
 #endif
 
 #if defined(USE_INTEL_POLY1305_SPEEDUP) || defined(POLY130564)
-    #if defined(_MSC_VER)
+    #if defined(__WATCOMC__)
+        #error "POLY130564 || USE_INTEL_POLY1305_SPEEDUP Watcom not supported"
+    #elif defined(_MSC_VER)
         #define POLY1305_NOINLINE __declspec(noinline)
     #elif defined(__GNUC__)
         #define POLY1305_NOINLINE __attribute__((noinline))
@@ -96,7 +97,7 @@ static word32 cpu_flags_set = 0;
         #define POLY1305_NOINLINE
     #endif
 
-    #if defined(_MSC_VER)
+    #if defined(_MSC_VER) && !(__WATCOMC__)
         #include <intrin.h>
 
         typedef struct word128 {
@@ -511,10 +512,7 @@ int wc_Poly1305SetKey(Poly1305* ctx, const byte* key, word32 keySz)
         return BAD_FUNC_ARG;
 
 #ifdef USE_INTEL_POLY1305_SPEEDUP
-    if (!cpu_flags_set) {
-        intel_flags = cpuid_get_flags();
-        cpu_flags_set = 1;
-    }
+    cpuid_get_flags_ex(&intel_flags);
     SAVE_VECTOR_REGISTERS(return _svr_ret;);
     #ifdef HAVE_INTEL_AVX2
     if (IS_INTEL_AVX2(intel_flags))
diff --git a/wolfcrypt/src/poly1305_asm.asm b/wolfcrypt/src/poly1305_asm.asm
index e43830073..f36d8ac03 100644
--- a/wolfcrypt/src/poly1305_asm.asm
+++ b/wolfcrypt/src/poly1305_asm.asm
@@ -1,6 +1,6 @@
 ; /* poly1305_asm.asm */
 ; /*
-; * Copyright (C) 2006-2025 wolfSSL Inc.
+;  * Copyright (C) 2006-2025 wolfSSL Inc.
 ;  *
 ;  * This file is part of wolfSSL.
 ;  *
diff --git a/wolfcrypt/src/port/Espressif/esp32_mp.c b/wolfcrypt/src/port/Espressif/esp32_mp.c
index 9092f7778..c40998ac7 100644
--- a/wolfcrypt/src/port/Espressif/esp32_mp.c
+++ b/wolfcrypt/src/port/Espressif/esp32_mp.c
@@ -2154,7 +2154,7 @@ int esp_mp_mulmod(MATH_INT_T* X, MATH_INT_T* Y, MATH_INT_T* M, MATH_INT_T* Z)
         DPORT_REG_WRITE(RSA_MULT_MODE_REG, (mph->hwWords_sz >> 4) - 1);
 #if defined(DEBUG_WOLFSSL)
         ESP_LOGV(TAG, "RSA_MULT_MODE_REG = %d", (mph->hwWords_sz >> 4) - 1);
-#endif /* WOLFSSL_DEBUG */
+#endif /* DEBUG_WOLFSSL */
 
         /* step.2 write X, M, and r_inv into memory.
          * The capacity of each memory block is 128 words.
diff --git a/wolfcrypt/src/port/Espressif/esp32_sha.c b/wolfcrypt/src/port/Espressif/esp32_sha.c
index 6722a9308..474a0c571 100644
--- a/wolfcrypt/src/port/Espressif/esp32_sha.c
+++ b/wolfcrypt/src/port/Espressif/esp32_sha.c
@@ -1311,7 +1311,8 @@ int esp_sha_try_hw_lock(WC_ESP32SHA* ctx)
         }
     }
 
-#ifdef ESP_MONITOR_HW_TASK_LOCK
+#if defined(ESP_MONITOR_HW_TASK_LOCK) || \
+   (defined(WOLFSSL_DEBUG_MUTEX) && WOLFSSL_DEBUG_MUTEX)
     /* Nothing happening here other than messages based on mutex states */
     if (mutex_ctx_task == 0 || mutex_ctx_owner == 0) {
         /* no known stray mutex task owner */
@@ -1347,13 +1348,15 @@ int esp_sha_try_hw_lock(WC_ESP32SHA* ctx)
             } /* mutex owner ESP32_SHA_FREED check */
         } /* mutex_ctx_task is current task */
         else {
+#ifdef WOLFSSL_ESP32_HW_LOCK_DEBUG
             ESP_LOGW(TAG, "Warning: sha mutex unlock from unexpected task.");
             ESP_LOGW(TAG, "Locking task: 0x%x", (word32)mutex_ctx_task);
             ESP_LOGW(TAG, "This xTaskGetCurrentTaskHandle: 0x%x",
                           (word32)xTaskGetCurrentTaskHandle());
+#endif
         }
     }
-#endif /* ESP_MONITOR_HW_TASK_LOCK */
+#endif /* ESP_MONITOR_HW_TASK_LOCK || WOLFSSL_DEBUG_MUTEX */
 
     /* check if this SHA has been operated as SW or HW, or not yet init */
     if (ctx->mode == ESP32_SHA_INIT) {
diff --git a/wolfcrypt/src/port/Espressif/esp32_util.c b/wolfcrypt/src/port/Espressif/esp32_util.c
index c7db477b4..c7f44b120 100644
--- a/wolfcrypt/src/port/Espressif/esp32_util.c
+++ b/wolfcrypt/src/port/Espressif/esp32_util.c
@@ -557,6 +557,11 @@ esp_err_t ShowExtendedSystemInfo_config(void)
     show_macro("WOLFSSL_NO_CURRDIR",        STR_IFNDEF(WOLFSSL_NO_CURRDIR));
     show_macro("WOLFSSL_LWIP",              STR_IFNDEF(WOLFSSL_LWIP));
 
+    show_macro("DEBUG_WOLFSSL",             STR_IFNDEF(DEBUG_WOLFSSL));
+    show_macro("WOLFSSL_DEBUG_CERTS",       STR_IFNDEF(WOLFSSL_DEBUG_CERTS));
+    show_macro("NO_WOLFSSL_DEBUG_CERTS",    STR_IFNDEF(NO_WOLFSSL_DEBUG_CERTS));
+    show_macro("WOLFSSL_DEBUG_ERRORS_ONLY", STR_IFNDEF(WOLFSSL_DEBUG_ERRORS_ONLY));
+
     ESP_LOGI(TAG, WOLFSSL_ESPIDF_BLANKLINE_MESSAGE);
 #if defined(CONFIG_COMPILER_OPTIMIZATION_DEFAULT)
     ESP_LOGI(TAG, "Compiler Optimization: Default");
diff --git a/wolfcrypt/src/port/Espressif/esp_sdk_mem_lib.c b/wolfcrypt/src/port/Espressif/esp_sdk_mem_lib.c
index d1e51a5f0..8478e57a0 100644
--- a/wolfcrypt/src/port/Espressif/esp_sdk_mem_lib.c
+++ b/wolfcrypt/src/port/Espressif/esp_sdk_mem_lib.c
@@ -119,6 +119,9 @@ extern wc_ptr_t _heap_end[];
 #define IRAMF2_START      ((void*)(0x4010C000))
 #define IRAMF2_END        ((void*)(0x4010C000 + 0x4000))
 
+#if defined(ESP_IDF_VERSION) && (ESP_IDF_VERSION >= ESP_IDF_VERSION_VAL(6, 0, 0))
+    /* Skipping for ESP-IDF v6.0 */
+#else
 enum sdk_memory_segment
 {
     /* Ensure this list exactly matches order in sdk_memory_segment_text */
@@ -187,9 +190,14 @@ int sdk_log_meminfo(enum sdk_memory_segment m, void* start, void* end)
     }
     return ESP_OK;
 }
+#endif
 
 /* Show all known linker memory segment names, starting & ending addresses. */
-int sdk_init_meminfo(void) {
+int sdk_init_meminfo(void)
+{
+#if defined(ESP_IDF_VERSION) && (ESP_IDF_VERSION >= ESP_IDF_VERSION_VAL(6, 0, 0))
+    ESP_LOGI(TAG, "sdk_init_meminfo not available for ESP-IDF V6.0");
+#else
     void* sample_heap_var;
     int sample_stack_var = 0;
 
@@ -237,12 +245,17 @@ int sdk_init_meminfo(void) {
         sdk_var_whereis("sample_heap_var", sample_heap_var);
         free(sample_heap_var);
     }
+#endif
     return ESP_OK;
 }
 
 /* Returns ESP_OK if found in known memory map, ESP_FAIL otherwise */
-esp_err_t sdk_var_whereis(const char* v_name, void* v) {
+esp_err_t sdk_var_whereis(const char* v_name, void* v)
+{
     esp_err_t ret = ESP_FAIL;
+#if defined(ESP_IDF_VERSION) && (ESP_IDF_VERSION >= ESP_IDF_VERSION_VAL(6, 0, 0))
+    ESP_LOGI(TAG, "sdk_var_whereis not available for ESP-IDF V6.0");
+#else
 
     for (enum sdk_memory_segment m = 0 ;m < SDK_MEMORY_SEGMENT_COUNT; m++) {
         if (v >= sdk_memory_segment_start[m] &&
@@ -255,6 +268,7 @@ esp_err_t sdk_var_whereis(const char* v_name, void* v) {
                 }
             }
     }
+#endif
 
     if (ret == ESP_FAIL) {
         ESP_LOGW(TAG, "%s not found in known memory map: %p", v_name, v);
@@ -289,15 +303,110 @@ esp_err_t esp_sdk_mem_lib_init(void)
     return ret;
 }
 
+#if defined(DEBUG_WOLFSSL_MALLOC) || defined(DEBUG_WOLFSSL)
 void* wc_debug_pvPortMalloc(size_t size,
-                           const char* file, int line, const char* fname) {
+                           const char* file, int line, const char* fname)
+#else
+void* wc_pvPortMalloc(size_t size)
+#endif
+{
     void* ret = NULL;
-    ret = pvPortMalloc(size);
+    wolfSSL_Malloc_cb  mc;
+    wolfSSL_Free_cb    fc;
+    wolfSSL_Realloc_cb rc;
+    wolfSSL_GetAllocators(&mc, &fc, &rc);
+
+    if (mc == NULL) {
+        ret = pvPortMalloc(size);
+    }
+    else {
+#if defined(USE_WOLFSSL_MEMORY) && !defined(NO_WOLFSSL_MEMORY)
+        ret = mc(size);
+#else
+        ret = pvPortMalloc(size);
+#endif
+    }
+
+#if defined(DEBUG_WOLFSSL_MALLOC) || defined(DEBUG_WOLFSSL)
     if (ret == NULL) {
         ESP_LOGE("malloc", "%s:%d (%s)", file, line, fname);
         ESP_LOGE("malloc", "Failed Allocating memory of size: %d bytes", size);
     }
+#endif
     return ret;
-}
+} /* wc_debug_pvPortMalloc */
+
+#if defined(DEBUG_WOLFSSL_MALLOC) || defined(DEBUG_WOLFSSL)
+void wc_debug_pvPortFree(void *ptr,
+                        const char* file, int line, const char* fname)
+#else
+void wc_pvPortFree(void *ptr)
+#endif
+{
+    wolfSSL_Malloc_cb  mc;
+    wolfSSL_Free_cb    fc;
+    wolfSSL_Realloc_cb rc;
+    if (ptr == NULL) {
+#ifdef DEBUG_WOLFSSL_MALLOC
+        /* It's ok to free a null pointer, and that happens quite frequently */
+#endif
+    }
+    else {
+        wolfSSL_GetAllocators(&mc, &fc, &rc);
+
+        if (fc == NULL) {
+            vPortFree(ptr);
+        }
+        else {
+#if defined(USE_WOLFSSL_MEMORY) && !defined(NO_WOLFSSL_MEMORY)
+            fc(ptr);
+#else
+            vPortFree(ptr);
+#endif
+        }
+    }
+} /* wc_debug_pvPortFree */
+
+#ifndef WOLFSSL_NO_REALLOC
+/* see XREALLOC(p, n, h, t) */
+#if defined(DEBUG_WOLFSSL_MALLOC) || defined(DEBUG_WOLFSSL)
+void* wc_debug_pvPortRealloc(void* ptr, size_t size,
+                             const char* file, int line, const char* fname)
+#else
+void* wc_pvPortRealloc(void* ptr, size_t size)
+#endif
+{
+    void* ret = NULL;
+    wolfSSL_Malloc_cb  mc;
+    wolfSSL_Free_cb    fc;
+    wolfSSL_Realloc_cb rc;
+    wolfSSL_GetAllocators(&mc, &fc, &rc);
+
+    if (mc == NULL) {
+        ret = realloc(ptr, size);
+    }
+    else {
+#if defined(USE_WOLFSSL_MEMORY) && !defined(NO_WOLFSSL_MEMORY)
+        if (rc != NULL) {
+            ret = rc(ptr, size); /* (void *ptr, size_t size) */
+        }
+        else {
+            ret = realloc(ptr, size);
+        }
+#else
+        ret = realloc(ptr, size);
+#endif
+    }
+
+#if defined(DEBUG_WOLFSSL_MALLOC) || defined(DEBUG_WOLFSSL)
+    if (ret == NULL) {
+        ESP_LOGE("realloc", "%s:%d (%s)", file, line, fname);
+        ESP_LOGE("realloc", "Failed Re-allocating memory of size: %d bytes",
+                                                                  size);
+    }
+#endif
+    return ret;
+} /* wc_debug_pvPortRealloc */
+#endif /* WOLFSSL_NO_REALLOC */
 
 #endif
diff --git a/wolfcrypt/src/port/Renesas/renesas_common.c b/wolfcrypt/src/port/Renesas/renesas_common.c
index 941ab123a..cf325ceca 100644
--- a/wolfcrypt/src/port/Renesas/renesas_common.c
+++ b/wolfcrypt/src/port/Renesas/renesas_common.c
@@ -33,27 +33,32 @@
 #if defined(WOLFSSL_RENESAS_FSPSM_TLS) || \
     defined(WOLFSSL_RENESAS_FSPSM_CRYPTONLY)
 
-    #include <wolfssl/wolfcrypt/port/Renesas/renesas-fspsm-crypt.h>
+    #include <wolfssl/wolfcrypt/port/Renesas/renesas_fspsm_internal.h>
     #define cmn_hw_lock    wc_fspsm_hw_lock
     #define cmn_hw_unlock  wc_fspsm_hw_unlock
 
 #elif defined(WOLFSSL_RENESAS_TSIP_TLS) || \
       defined(WOLFSSL_RENESAS_TSIP_CRYPTONLY)
 
-    #include <wolfssl/wolfcrypt/port/Renesas/renesas-tsip-crypt.h>
+    #include <wolfssl/wolfcrypt/port/Renesas/renesas_tsip_internal.h>
     #define cmn_hw_lock    tsip_hw_lock
     #define cmn_hw_unlock  tsip_hw_unlock
 
-    #define FSPSM_ST       TsipUserCtx;
-    #define MAX_FSPSM_CBINDEX 5
+    #define FSPSM_ST            TsipUserCtx
+    #define FSPSM_ST_Internal   TsipUserCtx_Internal
+
 #endif
 
 #include <wolfssl/wolfcrypt/wc_port.h>
 #include <wolfssl/wolfcrypt/types.h>
 #include <wolfssl/wolfcrypt/asn.h>
-#ifndef WOLFSSL_RENESAS_TSIP_CRYPTONLY
-#include <wolfssl/internal.h>
+#ifdef NO_INLINE
+    #include <wolfssl/wolfcrypt/misc.h>
+#else
+    #define WOLFSSL_MISC_INCLUDED
+    #include <wolfcrypt/src/misc.c>
 #endif
+#include <wolfssl/internal.h>
 #include <wolfssl/error-ssl.h>
 #include <wolfssl/wolfcrypt/error-crypt.h>
 #include <wolfssl/wolfcrypt/logging.h>
@@ -65,16 +70,9 @@ uint32_t   g_CAscm_Idx = (uint32_t)-1; /* index of CM table    */
 static int gdevId = INITIAL_DEVID;     /* initial dev Id for Crypt Callback */
 
 #ifdef WOLF_CRYPTO_CB
-/* store callback ctx by devId */
-#if defined(WOLFSSL_RENESAS_FSPSM_TLS) || \
-    defined(WOLFSSL_RENESAS_FSPSM_CRYPTONLY)
+
+#define     MAX_FSPSM_CBINDEX 5
 FSPSM_ST    *gCbCtx[MAX_FSPSM_CBINDEX];
-#elif defined(WOLFSSL_RENESAS_TSIP_TLS) || \
-      defined(WOLFSSL_RENESAS_TSIP_CRYPTONLY)
-#define FSPSM_ST       TsipUserCtx;
-#define MAX_FSPSM_CBINDEX 5
-TsipUserCtx *gCbCtx[MAX_FSPSM_CBINDEX];
-#endif
 
 #include <wolfssl/wolfcrypt/cryptocb.h>
 
@@ -87,6 +85,8 @@ WOLFSSL_LOCAL int Renesas_cmn_Cleanup(struct WOLFSSL* ssl)
 
 #if defined(WOLFSSL_RENESAS_TSIP_TLS)
     ret = tsip_TlsCleanup(ssl);
+#elif defined(WOLFSSL_RENESAS_FSPSM_TLS)
+    ret = wc_fspsm_TlsCleanup(ssl);
 #endif
 
     WOLFSSL_LEAVE("Renesas_cmn_Cleanup", ret);
@@ -166,6 +166,7 @@ static int Renesas_cmn_CryptoDevCb(int devIdArg, wc_CryptoInfo* info, void* ctx)
 #elif defined(WOLFSSL_RENESAS_FSPSM_TLS) || \
       defined(WOLFSSL_RENESAS_FSPSM_CRYPTONLY)
     FSPSM_ST* cbInfo = (FSPSM_ST*)ctx;
+    (void)cbInfo;
 #endif
 
     if (info == NULL || ctx == NULL)
@@ -271,93 +272,39 @@ static int Renesas_cmn_CryptoDevCb(int devIdArg, wc_CryptoInfo* info, void* ctx)
     #endif /* HAVE_ECC */
     }
 
-#elif defined(WOLFSSL_RENESAS_FSPSM_TLS) || \
-      defined(WOLFSSL_RENESAS_FSPSM_CRYPTONLY)
+#elif (defined(WOLFSSL_RENESAS_FSPSM_TLS) || \
+      defined(WOLFSSL_RENESAS_FSPSM_CRYPTONLY))\
+    && !defined(NO_WOLFSSL_RENESAS_FSPSM_AES)
 
     if (info->algo_type == WC_ALGO_TYPE_CIPHER) {
     #if !defined(NO_AES)
-    #ifdef HAVE_AESGCM
-        if (info->cipher.type == WC_CIPHER_AES_GCM) {
-
-            if (info->cipher.enc &&
-                (cbInfo->keyflgs_tls.bits.session_key_set == 1 ||
-                 (cbInfo->keyflgs_crypt.bits.aes256_installedkey_set == 1 &&
-                  info->cipher.aesgcm_enc.aes->keylen == 32) ||
-                 (cbInfo->keyflgs_crypt.bits.aes128_installedkey_set == 1 &&
-                  info->cipher.aesgcm_enc.aes->keylen == 16))) {
-
-                ret = wc_fspsm_AesGcmEncrypt(
-                        info->cipher.aesgcm_enc.aes,
-                        (byte*)info->cipher.aesgcm_enc.out,
-                        (byte*)info->cipher.aesgcm_enc.in,
-                        info->cipher.aesgcm_enc.sz,
-                        (byte*)info->cipher.aesgcm_enc.iv,
-                        info->cipher.aesgcm_enc.ivSz,
-                        (byte*)info->cipher.aesgcm_enc.authTag,
-                        info->cipher.aesgcm_enc.authTagSz,
-                        (byte*)info->cipher.aesgcm_enc.authIn,
-                        info->cipher.aesgcm_enc.authInSz,
-                        (void*)ctx);
-
-            }
-            else if (cbInfo->keyflgs_tls.bits.session_key_set == 1 ||
-                    (cbInfo->keyflgs_crypt.bits.aes256_installedkey_set == 1 &&
-                       info->cipher.aesgcm_dec.aes->keylen == 32) ||
-                    (cbInfo->keyflgs_crypt.bits.aes128_installedkey_set == 1 &&
-                       info->cipher.aesgcm_dec.aes->keylen == 16)) {
-
-                ret = wc_fspsm_AesGcmDecrypt(
-                        info->cipher.aesgcm_dec.aes,
-                        (byte*)info->cipher.aesgcm_dec.out,
-                        (byte*)info->cipher.aesgcm_dec.in,
-                        info->cipher.aesgcm_dec.sz,
-                        (byte*)info->cipher.aesgcm_dec.iv,
-                        info->cipher.aesgcm_dec.ivSz,
-                        (byte*)info->cipher.aesgcm_dec.authTag,
-                        info->cipher.aesgcm_dec.authTagSz,
-                        (byte*)info->cipher.aesgcm_dec.authIn,
-                        info->cipher.aesgcm_dec.authInSz,
-                        (void*)ctx);
-            }
-        }
-    #endif /* HAVE_AESGCM */
-    #ifdef HAVE_AES_CBC
-        if ((info->cipher.type == WC_CIPHER_AES_CBC) &&
-            (cbInfo->keyflgs_tls.bits.session_key_set == 1 ||
-            (cbInfo->keyflgs_crypt.bits.aes256_installedkey_set == 1 &&
-                info->cipher.aescbc.aes->keylen == 32) ||
-            (cbInfo->keyflgs_crypt.bits.aes128_installedkey_set == 1 &&
-                info->cipher.aescbc.aes->keylen == 16))) {
-                if (info->cipher.enc) {
-                    ret = wc_fspsm_AesCbcEncrypt(
-                        info->cipher.aescbc.aes,
-                        (byte*)info->cipher.aescbc.out,
-                        (byte*)info->cipher.aescbc.in,
-                        info->cipher.aescbc.sz);
-                }
-                else {
-                    ret = wc_fspsm_AesCbcDecrypt(
-                        info->cipher.aescbc.aes,
-                        (byte*)info->cipher.aescbc.out,
-                        (byte*)info->cipher.aescbc.in,
-                        info->cipher.aescbc.sz);
-                }
-        }
-    #endif /* HAVE_AES_CBC */
+         ret = wc_fspsm_AesCipher(devIdArg, info, ctx);
     #endif /* !NO_AES */
     }
 
 #if !defined(NO_RSA) && defined(WOLFSSL_RENESAS_FSPSM_CRYPTONLY)
     else if (info->algo_type == WC_ALGO_TYPE_PK) {
+        if (info->pk.type == WC_PK_TYPE_RSA_GET_SIZE) {
+            if (cbInfo->keyflgs_crypt.bits.rsapri2048_installedkey_set ||
+                cbInfo->keyflgs_crypt.bits.rsapub2048_installedkey_set )
+            {
+               *info->pk.rsa_get_size.keySize = 256;
+               ret = 0;
+            } else if (
+                cbInfo->keyflgs_crypt.bits.rsapri1024_installedkey_set ||
+                cbInfo->keyflgs_crypt.bits.rsapub1024_installedkey_set )
+            {
+                *info->pk.rsa_get_size.keySize = 128;
+                ret = 0;
+            }
+        }
     #if defined(WOLFSSL_KEY_GEN)
-        if (info->pk.type == WC_PK_TYPE_RSA_KEYGEN &&
-            (info->pk.rsakg.size == 1024 ||
-             info->pk.rsakg.size == 2048)) {
+        if (info->pk.type == WC_PK_TYPE_RSA_KEYGEN) {
             ret = wc_fspsm_MakeRsaKey(info->pk.rsakg.key,
                     info->pk.rsakg.size, (void*)ctx);
         }
     #endif
-        if (info->pk.type == WC_PK_TYPE_RSA) {
+        if (info->pk.type == WC_PK_TYPE_RSA_PKCS) {
             /* to perform RSA on SCE, wrapped keys should be installed
              * in advance. SCE supports 1024 or 2048 bits key size.
              * otherwise, falls-through happens.
@@ -367,10 +314,6 @@ static int Renesas_cmn_CryptoDevCb(int devIdArg, wc_CryptoInfo* info, void* ctx)
                 cbInfo->keyflgs_crypt.bits.rsapri1024_installedkey_set ||
                 cbInfo->keyflgs_crypt.bits.rsapub1024_installedkey_set ) {
 
-                ret = wc_fspsm_MakeRsaKey(info->pk.rsa.key, 0, cbInfo);
-                if (ret == WC_NO_ERR_TRACE(CRYPTOCB_UNAVAILABLE))
-                    return ret;
-
                 if (info->pk.rsa.type == RSA_PRIVATE_DECRYPT ||
                     info->pk.rsa.type == RSA_PUBLIC_ENCRYPT  )
                     {
@@ -470,13 +413,8 @@ int wc_CryptoCb_CryptInitRenesasCmn(struct WOLFSSL* ssl, void* ctx)
     (void)ssl;
     (void)ctx;
 
- #if defined(WOLFSSL_RENESAS_TSIP_TLS) || \
-     defined(WOLFSSL_RENESAS_TSIP_CRYPTONLY)
-    TsipUserCtx* cbInfo = (TsipUserCtx*)ctx;
- #elif defined(WOLFSSL_RENESAS_FSPSM_TLS) || \
-       defined(WOLFSSL_RENESAS_FSPSM_CRYPTONLY)
     FSPSM_ST* cbInfo = (FSPSM_ST*)ctx;
- #endif
+    size_t internal_sz = sizeof(FSPSM_ST_Internal);
 
     if (cbInfo == NULL
    #if (!defined(WOLFSSL_RENESAS_FSPSM_CRYPTONLY) && \
@@ -488,6 +426,27 @@ int wc_CryptoCb_CryptInitRenesasCmn(struct WOLFSSL* ssl, void* ctx)
         WOLFSSL_MSG("Invalid devId\n");
         return INVALID_DEVID;
     }
+    /* On Crypt Only mode, it is possible to call this method
+     * first. On that time, internal instance has not yet been allocated.
+     */
+    if (cbInfo->internal == NULL) {
+        if (ssl)
+            cbInfo->internal =
+                (FSPSM_ST_Internal*)XMALLOC(internal_sz, ssl->heap,
+                                        DYNAMIC_TYPE_TMP_BUFFER);
+        else
+            cbInfo->internal = (FSPSM_ST_Internal*)XMALLOC(internal_sz, NULL,
+                                        DYNAMIC_TYPE_TMP_BUFFER);
+        if (cbInfo->internal == NULL) {
+            return MEMORY_E;
+        }
+       #if defined(WOLFSSL_RENESAS_FSPSM_TLS) ||\
+            defined(WOLFSSL_RENESAS_TSIP_TLS)
+        if (ssl)
+            cbInfo->internal->heap = ssl->heap;
+       #endif
+        ForceZero(cbInfo->internal, internal_sz);
+    }
     /* need exclusive control because of static variable */
     if ((cmn_hw_lock()) == 0) {
         /* sanity check for overflow */
@@ -529,8 +488,26 @@ int wc_CryptoCb_CryptInitRenesasCmn(struct WOLFSSL* ssl, void* ctx)
  */
 void wc_CryptoCb_CleanupRenesasCmn(int* id)
 {
+
+    FSPSM_ST* cbInfo = NULL;
+
+    if (*id < INITIAL_DEVID ||
+       (*id  - INITIAL_DEVID) > MAX_FSPSM_CBINDEX)
+        return;
+    /* retrieve internal instance */
+    cbInfo = (FSPSM_ST*)gCbCtx[*id - INITIAL_DEVID];
+
+    if (cbInfo != NULL && cbInfo->internal != NULL) {
+     #if defined(WOLFSSL_RENESAS_FSPSM_TLS) && \
+        !defined(WOLFSSL_RENESAS_FSPSM_CRYPTONLY)
+        XFREE(cbInfo->internal, cbInfo->internal->heap,
+                                        DYNAMIC_TYPE_TMP_BUFFER);
+     #else
+        XFREE(cbInfo->internal, NULL, DYNAMIC_TYPE_TMP_BUFFER);
+     #endif
+        cbInfo->internal = NULL;
+    }
     wc_CryptoCb_UnRegisterDevice(*id);
-    *id = INVALID_DEVID;
 }
 
 #endif /* WOLF_CRYPTO_CB */
@@ -764,13 +741,14 @@ static int Renesas_cmn_EncryptKeys(WOLFSSL* ssl, void* ctx)
  #if defined(WOLFSSL_RENESAS_TSIP_TLS)
     TsipUserCtx* cbInfo = (TsipUserCtx*)ctx;
 
-    if (cbInfo->session_key_set == 1) {
-        switch(cbInfo->key_side) {
+    if (cbInfo->internal->session_key_set == 1) {
+        switch(cbInfo->internal->key_side) {
  #elif defined(WOLFSSL_RENESAS_FSPSM_TLS)
     FSPSM_ST* cbInfo = (FSPSM_ST*)ctx;
 
-    if (cbInfo->keyflgs_tls.bits.session_key_set == 1) {
-        switch(cbInfo->side) {
+    if (cbInfo != NULL && cbInfo->internal != NULL &&
+        cbInfo->internal->keyflgs_tls.bits.session_key_set == 1) {
+        switch(cbInfo->internal->side) {
  #endif
             case 1:/* ENCRYPT_SIDE_ONLY */
                 ssl->encrypt.setup = 1;
@@ -820,7 +798,8 @@ WOLFSSL_LOCAL int Renesas_cmn_generateSessionKey(WOLFSSL* ssl, void* ctx)
     WOLFSSL_ENTER("Renesas_cmn_generateSessionKey");
     if (Renesas_cmn_usable(ssl, 0)) {
 #if defined(WOLFSSL_RENESAS_TSIP_TLS)
-        ret = wc_tsip_generateSessionKey(ssl, cbInfo, cbInfo->devId);
+        ret = wc_tsip_generateSessionKey(ssl, cbInfo,
+                                                cbInfo->devId);
 #elif defined(WOLFSSL_RENESAS_FSPSM_TLS)
         ret = wc_fspsm_generateSessionKey(ssl, ctx, cbInfo->devId);
 #endif
diff --git a/wolfcrypt/src/port/Renesas/renesas_fspsm_aes.c b/wolfcrypt/src/port/Renesas/renesas_fspsm_aes.c
index c01ff6dba..b096da39d 100644
--- a/wolfcrypt/src/port/Renesas/renesas_fspsm_aes.c
+++ b/wolfcrypt/src/port/Renesas/renesas_fspsm_aes.c
@@ -30,6 +30,8 @@
      defined(WOLFSSL_RENESAS_FSPSM_CRYPTONLY)) && \
     !defined(NO_WOLFSSL_RENESAS_FSPSM_AES)
 
+#include "wolfssl/wolfcrypt/port/Renesas/renesas_fspsm_internal.h"
+
 #include <wolfssl/wolfcrypt/wc_port.h>
 #include <wolfssl/wolfcrypt/error-crypt.h>
 #include <wolfssl/internal.h>
@@ -37,7 +39,6 @@
 #ifdef WOLF_CRYPTO_CB
     #include <wolfssl/wolfcrypt/cryptocb.h>
 #endif
-#include "wolfssl/wolfcrypt/port/Renesas/renesas-fspsm-crypt.h"
 
 #ifdef NO_INLINE
     #include <wolfssl/wolfcrypt/misc.h>
@@ -48,7 +49,7 @@
 
 struct Aes;
 
-WOLFSSL_LOCAL void *Renesas_cmn_GetCbCtxBydevId(int devId);
+void *Renesas_cmn_GetCbCtxBydevId(int devId);
 
 #define SCE_AES_GCM_AUTH_TAG_SIZE  16
 
@@ -59,14 +60,16 @@ extern FSPSM_INSTANCE   gFSPSM_ctrl;
 typedef fsp_err_t (*aesGcmEncInitFn)
         (FSPSM_AESGCM_HANDLE*, FSPSM_AES_PWKEY, uint8_t*, uint32_t);
 typedef fsp_err_t (*aesGcmEncUpdateFn)
-        (FSPSM_AESGCM_HANDLE*,uint8_t*, uint8_t*, uint32_t, uint8_t*, uint32_t);
+        (FSPSM_AESGCM_HANDLE*,uint8_t*, uint8_t*, uint32_t, uint8_t*, uint32_t,
+        uint32_t*);
 typedef fsp_err_t (*aesGcmEncFinalFn)
         (FSPSM_AESGCM_HANDLE*, uint8_t*, uint32_t*, uint8_t*);
 
 typedef fsp_err_t (*aesGcmDecInitFn)
         (FSPSM_AESGCM_HANDLE*, FSPSM_AES_PWKEY, uint8_t*, uint32_t);
 typedef fsp_err_t (*aesGcmDecUpdateFn)
-        (FSPSM_AESGCM_HANDLE*,uint8_t*, uint8_t*, uint32_t, uint8_t*, uint32_t);
+        (FSPSM_AESGCM_HANDLE*,uint8_t*, uint8_t*, uint32_t, uint8_t*, uint32_t,
+        uint32_t*);
 typedef fsp_err_t (*aesGcmDecFinalFn)
         (FSPSM_AESGCM_HANDLE*, uint8_t*, uint32_t*, uint8_t*, uint32_t);
 
@@ -76,72 +79,136 @@ static fsp_err_t _R_RSIP_AES_GCM_EncryptInit(FSPSM_AESGCM_HANDLE* h,
                                         FSPSM_AES_PWKEY k, uint8_t* iv,
                                         uint32_t iv_l)
 {
+   #if (WOLFSSL_RENESAS_RZFSP_VER >= 220)
+    (void)h;
+    return R_RSIP_AES_AEAD_Init(&gFSPSM_ctrl, RSIP_AES_AEAD_MODE_GCM_ENC,
+                                (FSPSM_AES_PWKEY const)k,
+                                (uint8_t* const)iv, iv_l);
+   #else
     (void) h;
     return R_RSIP_AES_GCM_EncryptInit(&gFSPSM_ctrl, (FSPSM_AES_PWKEY const)k,
                                             (uint8_t* const)iv, iv_l);
+   #endif
 }
+
+/* wrapper for Gcm encrypt/decript ADD update */
+#if (WOLFSSL_RENESAS_RZFSP_VER >= 220)
+static fsp_err_t _R_RSIP_AES_GCM_ADDUpdate(uint8_t* p_add, uint32_t add_len)
+{
+    return R_RSIP_AES_AEAD_AADUpdate(&gFSPSM_ctrl, p_add, add_len);
+}
+#endif
 /* wrapper for Gcm encrypt update */
 static fsp_err_t _R_RSIP_AES_GCM_EncryptUpdate(FSPSM_AESGCM_HANDLE* h,
         uint8_t* p_plain, uint8_t* p_cipher, uint32_t plain_length,
-        uint8_t* p_add, uint32_t add_len)
+        uint8_t* p_add, uint32_t add_len, uint32_t* out_len)
 {
+   #if (WOLFSSL_RENESAS_RZFSP_VER >= 220)
+    (void) h;
+    (void) p_add;
+    (void) add_len;
+    return R_RSIP_AES_AEAD_Update(&gFSPSM_ctrl, (uint8_t* const) p_plain,
+                                      (uint32_t const) plain_length,
+                                      (uint8_t* const) p_cipher,
+                                      (uint32_t* const) out_len);
+   #else
     (void) h;
     return R_RSIP_AES_GCM_EncryptUpdate(&gFSPSM_ctrl, (uint8_t* const) p_plain,
                                       (uint8_t* const) p_cipher,
                                       (uint32_t const) plain_length,
                                       (uint8_t* const) p_add,
                                       (uint32_t const) add_len);
+   #endif
 }
 /* wrapper for Gcm encrypt final */
 static fsp_err_t _R_RSIP_AES_GCM_EncryptFinal(FSPSM_AESGCM_HANDLE* h,
                                         uint8_t* p_cipher, uint32_t* c_len,
                                         uint8_t* p_atag)
 {
+   #if (WOLFSSL_RENESAS_RZFSP_VER >= 220)
+    (void) h;
+    return R_RSIP_AES_AEAD_Finish(&gFSPSM_ctrl, (uint8_t* const) p_cipher,
+                                    (uint32_t* const) c_len,
+                                    (uint8_t* const) p_atag);
+   #else
     (void) h;
     return R_RSIP_AES_GCM_EncryptFinal(&gFSPSM_ctrl, (uint8_t* const) p_cipher,
                                       (uint32_t* const) c_len,
                                       (uint8_t* const) p_atag);
+   #endif
 }
 /* wrapper for Gcm decrypt init */
 static fsp_err_t _R_RSIP_AES_GCM_DecryptInit(FSPSM_AESGCM_HANDLE* h,
                                 FSPSM_AES_PWKEY k, uint8_t* iv, uint32_t iv_l)
 {
+   #if (WOLFSSL_RENESAS_RZFSP_VER >= 220)
+    (void)h;
+    return R_RSIP_AES_AEAD_Init(&gFSPSM_ctrl, RSIP_AES_AEAD_MODE_GCM_DEC,
+                                (FSPSM_AES_PWKEY const)k,
+                                (uint8_t* const)iv, iv_l);
+   #else
     (void) h;
     return R_RSIP_AES_GCM_DecryptInit(&gFSPSM_ctrl, (FSPSM_AES_PWKEY const)k,
                                                     (uint8_t* const)iv, iv_l);
+   #endif
 }
 /* wrapper for Gcm decrypt update */
 static fsp_err_t _R_RSIP_AES_GCM_DecryptUpdate(FSPSM_AESGCM_HANDLE* h,
         uint8_t* p_cipher, uint8_t* p_plain, uint32_t c_length,
-        uint8_t* p_add, uint32_t add_len)
+        uint8_t* p_add, uint32_t add_len, uint32_t* out_len)
 {
+   #if (WOLFSSL_RENESAS_RZFSP_VER >= 220)
+    (void) h;
+    (void) p_add;
+    (void) add_len;
+    return R_RSIP_AES_AEAD_Update(&gFSPSM_ctrl, (uint8_t* const) p_cipher,
+                                      (uint32_t const) c_length,
+                                      (uint8_t* const) p_plain,
+                                      (uint32_t* const) out_len);
+   #else
     (void) h;
     return R_RSIP_AES_GCM_DecryptUpdate(&gFSPSM_ctrl, (uint8_t* const) p_cipher,
                                       (uint8_t* const) p_plain,
                                       (uint32_t const) c_length,
                                       (uint8_t* const) p_add,
                                       (uint32_t const) add_len);
+   #endif
 }
 /* wrapper for Gcm decrypt final */
 static fsp_err_t _R_RSIP_AES_GCM_DecryptFinal(FSPSM_AESGCM_HANDLE* h,
                                         uint8_t* p_plain, uint32_t* plain_len,
                                         uint8_t* p_atag, uint32_t atag_len)
 {
+   #if (WOLFSSL_RENESAS_RZFSP_VER >= 220)
+    (void) h;
+    return R_RSIP_AES_AEAD_Verify(&gFSPSM_ctrl, (uint8_t* const) p_plain,
+                                      (uint32_t* const) plain_len,
+                                      (uint8_t* const) p_atag,
+                                      (uint32_t const) atag_len);
+   #else
     (void) h;
     return R_RSIP_AES_GCM_DecryptFinal(&gFSPSM_ctrl, (uint8_t* const) p_plain,
                                       (uint32_t* const) plain_len,
                                       (uint8_t* const) p_atag,
                                       (uint32_t const) atag_len);
+   #endif
 }
 /* wrapper for aes cbc encrypt init */
 static fsp_err_t _R_RSIP_AESCBC_Cipher_EncryptInit(FSPSM_AES_HANDLE* h,
                                       FSPSM_AES_PWKEY k,
                                       uint8_t* iv)
 {
+   #if (WOLFSSL_RENESAS_RZFSP_VER >= 220)
+    (void) h;
+    return R_RSIP_AES_Cipher_Init(&gFSPSM_ctrl,
+                                        RSIP_AES_CIPHER_MODE_CBC_ENC,
+                                        k, iv);
+   #else
     (void) h;
     return R_RSIP_AES_Cipher_EncryptInit(&gFSPSM_ctrl,
                                         RSIP_AES_MODE_CBC,
                                         k, iv);
+   #endif
 }
 /* wrapper for aes cbc encrypt update */
 static fsp_err_t _R_RSIP_AESCBC_Cipher_EncryptUpdate(FSPSM_AES_HANDLE* h,
@@ -149,31 +216,53 @@ static fsp_err_t _R_RSIP_AESCBC_Cipher_EncryptUpdate(FSPSM_AES_HANDLE* h,
                                       uint8_t* p_cipher,
                                       uint32_t plain_length)
 {
+   #if (WOLFSSL_RENESAS_RZFSP_VER >= 220)
+    (void) h;
+    return R_RSIP_AES_Cipher_Update(&gFSPSM_ctrl,
+                                        (const uint8_t* const)p_plain,
+                                        (uint8_t* const)p_cipher,
+                                        (const uint32_t)plain_length);
+   #else
     (void) h;
     return R_RSIP_AES_Cipher_EncryptUpdate(&gFSPSM_ctrl,
                                         (const uint8_t* const)p_plain,
                                         (uint8_t* const)p_cipher,
                                         (const uint32_t)plain_length);
+   #endif
 }
 /* wrapper for aes cbc encrypt final */
 static fsp_err_t _R_RSIP_AESCBC_Cipher_EncryptFinal(FSPSM_AES_HANDLE* h,
                                       uint8_t* p_cipher,
-                                      uint32_t* cipher_lengh)
+                                      uint32_t* cipher_length)
 {
+   #if (WOLFSSL_RENESAS_RZFSP_VER >= 220)
+    (void) h;
+    (void) p_cipher;
+    (void) cipher_length;
+    return R_RSIP_AES_Cipher_Finish(&gFSPSM_ctrl);
+   #else
     (void) h;
     return R_RSIP_AES_Cipher_EncryptFinal(&gFSPSM_ctrl,
                                         (uint8_t* const)p_cipher,
-                                        (uint32_t* const)cipher_lengh);
+                                        (uint32_t* const)cipher_length);
+   #endif
 }
 /* wrapper for aes cbc decrypt init */
 static fsp_err_t _R_RSIP_AESCBC_Cipher_DecryptInit(FSPSM_AES_HANDLE* h,
                                       FSPSM_AES_PWKEY k,
                                       uint8_t* iv)
 {
+   #if (WOLFSSL_RENESAS_RZFSP_VER >= 220)
+    (void) h;
+    return R_RSIP_AES_Cipher_Init(&gFSPSM_ctrl,
+                                        RSIP_AES_CIPHER_MODE_CBC_DEC,
+                                        k, iv);
+   #else
     (void) h;
     return R_RSIP_AES_Cipher_DecryptInit(&gFSPSM_ctrl,
                                         RSIP_AES_MODE_CBC,
                                         k, iv);
+   #endif
 }
 /* wrapper for aes cbc decrypt update */
 static fsp_err_t _R_RSIP_AESCBC_Cipher_DecryptUpdate(FSPSM_AES_HANDLE* h,
@@ -181,21 +270,36 @@ static fsp_err_t _R_RSIP_AESCBC_Cipher_DecryptUpdate(FSPSM_AES_HANDLE* h,
                                       uint8_t* p_plain,
                                       uint32_t cipher_lengh)
 {
+   #if (WOLFSSL_RENESAS_RZFSP_VER >= 220)
+    (void) h;
+    return R_RSIP_AES_Cipher_Update(&gFSPSM_ctrl,
+                                        (const uint8_t* const)p_cipher,
+                                        (uint8_t* const)p_plain,
+                                        (const uint32_t)cipher_lengh);
+   #else
     (void) h;
     return R_RSIP_AES_Cipher_DecryptUpdate(&gFSPSM_ctrl,
                                         (const uint8_t* const)p_cipher,
                                         (uint8_t* const)p_plain,
                                         (const uint32_t)cipher_lengh);
+   #endif
 }
 /* wrapper for aes cbc encrypt final */
 static fsp_err_t _R_RSIP_AESCBC_Cipher_DecryptFinal(FSPSM_AES_HANDLE* h,
                                       uint8_t* p_plain,
                                       uint32_t* plain_lengh)
 {
+   #if (WOLFSSL_RENESAS_RZFSP_VER >= 220)
+    (void) h;
+    (void) p_plain;
+    (void) plain_lengh;
+    return R_RSIP_AES_Cipher_Finish(&gFSPSM_ctrl);
+   #else
     (void) h;
     return R_RSIP_AES_Cipher_DecryptFinal(&gFSPSM_ctrl,
                                         (uint8_t* const)p_plain,
                                         (uint32_t* const)plain_lengh);
+   #endif
 }
 #endif
 /* Perform Aes Gcm encryption by FSP SM
@@ -211,7 +315,7 @@ static fsp_err_t _R_RSIP_AESCBC_Cipher_DecryptFinal(FSPSM_AES_HANDLE* h,
  * ctx    The callback context
  * return FSP_SUCCESS(0) on Success, otherwise negative value
  */
-WOLFSSL_LOCAL int  wc_fspsm_AesGcmEncrypt(struct Aes* aes, byte* out,
+int  wc_fspsm_AesGcmEncrypt(struct Aes* aes, byte* out,
                               const byte* in, word32 sz,
                               byte* iv, word32 ivSz,
                               byte* authTag, word32 authTagSz,
@@ -221,6 +325,8 @@ WOLFSSL_LOCAL int  wc_fspsm_AesGcmEncrypt(struct Aes* aes, byte* out,
     int ret;
     FSPSM_AESGCM_HANDLE _handle;
     uint32_t            dataLen = sz;
+    uint32_t            out_len = 0;
+    uint32_t            out_len_tmp = 0;
     FSPSM_ST    *info = (FSPSM_ST*)ctx;
 
     aesGcmEncInitFn     initFn;
@@ -243,7 +349,8 @@ WOLFSSL_LOCAL int  wc_fspsm_AesGcmEncrypt(struct Aes* aes, byte* out,
     (void) key_server_aes;
 
     /* sanity check */
-    if (aes == NULL || authTagSz > WC_AES_BLOCK_SIZE || ivSz == 0 || ctx == NULL) {
+    if (aes == NULL || authTagSz > WC_AES_BLOCK_SIZE || ivSz == 0 ||
+        info == NULL) {
         return BAD_FUNC_ARG;
     }
 
@@ -296,7 +403,7 @@ WOLFSSL_LOCAL int  wc_fspsm_AesGcmEncrypt(struct Aes* aes, byte* out,
 
       #if defined(WOLFSSL_RENESAS_FSPSM_TLS)
        if (ret == 0 &&
-           info->keyflgs_tls.bits.session_key_set == 1) {
+           info->internal->keyflgs_tls.bits.session_key_set == 1) {
             /* generate AES-GCM session key. The key stored in
              * Aes.ctx.tsip_keyIdx is not used here.
              */
@@ -312,10 +419,10 @@ WOLFSSL_LOCAL int  wc_fspsm_AesGcmEncrypt(struct Aes* aes, byte* out,
             }
 
             ret = FSPSM_SESSIONKEY_GEN_FUNC(
-                    info->cipher,
-                    (uint32_t*)info->masterSecret,
-                    (uint8_t*) info->clientRandom,
-                    (uint8_t*) info->serverRandom,
+                    info->internal->cipher,
+                    (uint32_t*)info->internal->masterSecret,
+                    (uint8_t*) info->internal->clientRandom,
+                    (uint8_t*) info->internal->serverRandom,
                     &iv[AESGCM_IMP_IV_SZ], /* use exp_IV */
                     &key_client_mac,
                     &key_server_mac,
@@ -352,11 +459,22 @@ WOLFSSL_LOCAL int  wc_fspsm_AesGcmEncrypt(struct Aes* aes, byte* out,
             ret = initFn(&_handle, key_client_aes, (uint8_t*)iv_l, ivSz_l);
 
             if (ret == FSP_SUCCESS) {
+                /* pass only AAD and it's size before passing cipher text */
+               #if defined(WOLFSSL_RENESAS_RSIP) &&\
+                                    (WOLFSSL_RENESAS_RZFSP_VER >= 220)
+                ret = _R_RSIP_AES_GCM_ADDUpdate((uint8_t*)authIn, authInSz);
+               #else
                 ret = updateFn(&_handle, NULL, NULL, 0UL, (uint8_t*)authIn,
-                                                                    authInSz);
+                                                                authInSz,
+                                                                &out_len_tmp);
+               #endif
             }
+
             if (ret == FSP_SUCCESS) {
-                ret = updateFn(&_handle, plainBuf, cipherBuf, sz, NULL, 0UL);
+                out_len_tmp = 0;
+                ret = updateFn(&_handle, plainBuf, cipherBuf, sz, NULL, 0UL,
+                                                                &out_len_tmp);
+                out_len += out_len_tmp;
             }
             if (ret != FSP_SUCCESS) {
                 WOLFSSL_MSG("R_XXXX_AesXXXGcmEncryptUpdate2: failed");
@@ -370,12 +488,21 @@ WOLFSSL_LOCAL int  wc_fspsm_AesGcmEncrypt(struct Aes* aes, byte* out,
                 * from its error state and all the trailing APIs will fail.
                 */
                 dataLen = 0;
+                out_len_tmp = 0;
                 ret = finalFn(&_handle,
                            cipherBuf + (sz + delta - WC_AES_BLOCK_SIZE),
+                #if (WOLFSSL_RENESAS_RZFSP_VER >= 220)
+                              &out_len_tmp,
+                #else
                               &dataLen,
+                #endif
                               aTagBuf);
 
                 if (ret == FSP_SUCCESS) {
+                #if (WOLFSSL_RENESAS_RZFSP_VER >= 220)
+                    out_len += out_len_tmp;
+                    dataLen = out_len;
+                #endif
                    /* copy encrypted data to out */
                     if (sz != dataLen) {
                         WOLFSSL_MSG("sz is not equal to dataLen!!!!");
@@ -397,10 +524,10 @@ WOLFSSL_LOCAL int  wc_fspsm_AesGcmEncrypt(struct Aes* aes, byte* out,
         XFREE(plainBuf,  aes->heap, DYNAMIC_TYPE_AES);
         XFREE(cipherBuf, aes->heap, DYNAMIC_TYPE_AES);
         XFREE(aTagBuf,   aes->heap, DYNAMIC_TYPE_AES);
-        if (info->keyflgs_tls.bits.session_key_set == 1 &&
+        if (info->internal->keyflgs_tls.bits.session_key_set == 1 &&
             key_client_aes != NULL)
             XFREE(key_client_aes, aes->heap, DYNAMIC_TYPE_AES);
-        if (info->keyflgs_tls.bits.session_key_set == 1 &&
+        if (info->internal->keyflgs_tls.bits.session_key_set == 1 &&
             key_server_aes != NULL)
             XFREE(key_server_aes, aes->heap, DYNAMIC_TYPE_AES);
         wc_fspsm_hw_unlock();
@@ -421,7 +548,7 @@ WOLFSSL_LOCAL int  wc_fspsm_AesGcmEncrypt(struct Aes* aes, byte* out,
  * ctx    The Callback context
  * return FSP_SUCCESS(0) on Success, otherwise negative value
  */
-WOLFSSL_LOCAL int  wc_fspsm_AesGcmDecrypt(struct Aes* aes, byte* out,
+int  wc_fspsm_AesGcmDecrypt(struct Aes* aes, byte* out,
                           const byte* in, word32 sz,
                           const byte* iv, word32 ivSz,
                           const byte* authTag, word32 authTagSz,
@@ -431,6 +558,8 @@ WOLFSSL_LOCAL int  wc_fspsm_AesGcmDecrypt(struct Aes* aes, byte* out,
     int ret;
     FSPSM_AESGCM_HANDLE _handle;
     uint32_t            dataLen = sz;
+    uint32_t            out_len = 0;
+    uint32_t            out_len_tmp = 0;
     FSPSM_ST    *info = (FSPSM_ST*)ctx;
 
     aesGcmDecInitFn     initFn;
@@ -452,7 +581,8 @@ WOLFSSL_LOCAL int  wc_fspsm_AesGcmDecrypt(struct Aes* aes, byte* out,
     FSPSM_AES_PWKEY      key_server_aes = NULL;
     (void) key_client_aes;
     /* sanity check */
-    if (aes == NULL || authTagSz > WC_AES_BLOCK_SIZE || ivSz == 0 || ctx == NULL) {
+    if (aes == NULL || authTagSz > WC_AES_BLOCK_SIZE || ivSz == 0 ||
+        info == NULL) {
         return BAD_FUNC_ARG;
     }
 
@@ -500,7 +630,7 @@ WOLFSSL_LOCAL int  wc_fspsm_AesGcmDecrypt(struct Aes* aes, byte* out,
         }
        #if defined(WOLFSSL_RENESAS_FSPSM_TLS)
         if (ret == 0 &&
-            info->keyflgs_tls.bits.session_key_set == 1) {
+            info->internal->keyflgs_tls.bits.session_key_set == 1) {
             /* generate AES-GCM session key. The key stored in
              * Aes.ctx.tsip_keyIdx is not used here.
              */
@@ -516,10 +646,10 @@ WOLFSSL_LOCAL int  wc_fspsm_AesGcmDecrypt(struct Aes* aes, byte* out,
             }
 
             ret = FSPSM_SESSIONKEY_GEN_FUNC(
-                    info->cipher,
-                    (uint32_t*)info->masterSecret,
-                    (uint8_t*) info->clientRandom,
-                    (uint8_t*) info->serverRandom,
+                    info->internal->cipher,
+                    (uint32_t*)info->internal->masterSecret,
+                    (uint8_t*) info->internal->clientRandom,
+                    (uint8_t*) info->internal->serverRandom,
                     (uint8_t*)&iv[AESGCM_IMP_IV_SZ], /* use exp_IV */
                     &key_client_mac,
                     &key_server_mac,
@@ -537,7 +667,6 @@ WOLFSSL_LOCAL int  wc_fspsm_AesGcmDecrypt(struct Aes* aes, byte* out,
        #endif
             if (info->keyflgs_crypt.bits.aes256_installedkey_set == 1 ||
                 info->keyflgs_crypt.bits.aes128_installedkey_set == 1) {
-
                 key_server_aes = aes->ctx.wrapped_key;
                 iv_l = iv;
                 ivSz_l = ivSz;
@@ -557,11 +686,19 @@ WOLFSSL_LOCAL int  wc_fspsm_AesGcmDecrypt(struct Aes* aes, byte* out,
 
             if (ret == FSP_SUCCESS) {
                 /* pass only AAD and it's size before passing cipher text */
+               #if defined(WOLFSSL_RENESAS_RSIP) &&\
+                                        (WOLFSSL_RENESAS_RZFSP_VER >= 220)
+                ret = _R_RSIP_AES_GCM_ADDUpdate((uint8_t*)authIn, authInSz);
+               #else
                 ret = updateFn(&_handle, NULL, NULL, 0UL, (uint8_t*)authIn,
-                                                                    authInSz);
+                                                        authInSz, &out_len_tmp);
+               #endif
             }
             if (ret == FSP_SUCCESS) {
-                ret = updateFn(&_handle, cipherBuf, plainBuf, sz, NULL, 0UL);
+                out_len_tmp = 0;
+                ret = updateFn(&_handle, cipherBuf,
+                                        plainBuf, sz, NULL, 0UL, &out_len_tmp);
+                out_len += out_len_tmp;
             }
             if (ret != FSP_SUCCESS) {
                 WOLFSSL_MSG("R_XXXX_AesXXXGcmDecryptUpdate: failed in decrypt");
@@ -570,13 +707,22 @@ WOLFSSL_LOCAL int  wc_fspsm_AesGcmDecrypt(struct Aes* aes, byte* out,
 
             if (ret == FSP_SUCCESS) {
                 dataLen = 0;
+                out_len_tmp = 0;
                 ret = finalFn(&_handle,
                                   plainBuf + (sz + delta - WC_AES_BLOCK_SIZE),
+                #if (WOLFSSL_RENESAS_RZFSP_VER >= 220)
+                            &out_len_tmp,
+                #else
                             &dataLen,
+                #endif
                             aTagBuf,
                             min(16, authTagSz));
 
                 if (ret == FSP_SUCCESS) {
+                #if (WOLFSSL_RENESAS_RZFSP_VER >= 220)
+                    out_len += out_len_tmp;
+                    dataLen = out_len;
+                #endif
                     /* copy plain data to out */
                     if (sz != dataLen) {
                         WOLFSSL_MSG("sz is not equal to dataLen!!!!");
@@ -596,10 +742,10 @@ WOLFSSL_LOCAL int  wc_fspsm_AesGcmDecrypt(struct Aes* aes, byte* out,
         XFREE(aTagBuf,   aes->heap, DYNAMIC_TYPE_AES);
         XFREE(plainBuf,  aes->heap, DYNAMIC_TYPE_AES);
         XFREE(cipherBuf, aes->heap, DYNAMIC_TYPE_AES);
-        if (info->keyflgs_tls.bits.session_key_set == 1 &&
+        if (info->internal->keyflgs_tls.bits.session_key_set == 1 &&
             key_client_aes != NULL)
             XFREE(key_client_aes, aes->heap, DYNAMIC_TYPE_AES);
-        if (info->keyflgs_tls.bits.session_key_set == 1 &&
+        if (info->internal->keyflgs_tls.bits.session_key_set == 1 &&
             key_server_aes != NULL)
             XFREE(key_server_aes, aes->heap, DYNAMIC_TYPE_AES);
         wc_fspsm_hw_unlock();
@@ -615,7 +761,7 @@ WOLFSSL_LOCAL int  wc_fspsm_AesGcmDecrypt(struct Aes* aes, byte* out,
  * sz     Length of cipher text/plaintext in bytes
  * return FSP_SUCCESS(0) on Success, otherwise negative value
  */
-WOLFSSL_LOCAL int wc_fspsm_AesCbcEncrypt(struct Aes* aes, byte* out,
+int wc_fspsm_AesCbcEncrypt(struct Aes* aes, byte* out,
                                                 const byte* in, word32 sz)
 {
     FSPSM_AES_HANDLE _handle;
@@ -689,7 +835,7 @@ WOLFSSL_LOCAL int wc_fspsm_AesCbcEncrypt(struct Aes* aes, byte* out,
  * sz     Length of cipher text/plaintext in bytes
  * return FSP_SUCCESS(0) on Success, otherwise negative value
  */
-WOLFSSL_LOCAL int wc_fspsm_AesCbcDecrypt(struct Aes* aes, byte* out,
+int wc_fspsm_AesCbcDecrypt(struct Aes* aes, byte* out,
                                                     const byte* in, word32 sz)
 {
     FSPSM_AES_HANDLE _handle;
@@ -757,7 +903,7 @@ WOLFSSL_LOCAL int wc_fspsm_AesCbcDecrypt(struct Aes* aes, byte* out,
  * aes    The AES object.
  * return none
  */
-WOLFSSL_LOCAL void wc_fspsm_Aesfree(Aes* aes)
+void wc_fspsm_Aesfree(Aes* aes)
 {
 #if defined(WOLFSSL_RENESAS_FSPSM_TLS)
     /* In the case of session key, memory is allocated
@@ -811,6 +957,93 @@ int wc_AesSetKey(Aes* aes, const byte* userKey, word32 keylen,
     return wc_AesSetIV(aes, iv);
 }
 #endif
+
+int wc_fspsm_AesCipher(int devIdArg, wc_CryptoInfo* info,
+                                                                    void* ctx)
+{
+    int ret = WC_NO_ERR_TRACE(NOT_COMPILED_IN);
+    FSPSM_ST* cbInfo = (FSPSM_ST*)ctx;
+    (void)devIdArg;
+
+    WOLFSSL_ENTER("wc_fspsm_AesCipher");
+
+    if (info == NULL || cbInfo == NULL || cbInfo->internal == NULL) {
+        return BAD_FUNC_ARG;
+    }
+
+    #if !defined(NO_AES)
+    #ifdef HAVE_AESGCM
+        if (info->cipher.type == WC_CIPHER_AES_GCM) {
+            if (info->cipher.enc &&
+                (cbInfo->internal->keyflgs_tls.bits.session_key_set == 1 ||
+                 (cbInfo->keyflgs_crypt.bits.aes256_installedkey_set == 1 &&
+                  info->cipher.aesgcm_enc.aes->keylen == 32) ||
+                 (cbInfo->keyflgs_crypt.bits.aes128_installedkey_set == 1 &&
+                  info->cipher.aesgcm_enc.aes->keylen == 16))) {
+
+                ret = wc_fspsm_AesGcmEncrypt(
+                        info->cipher.aesgcm_enc.aes,
+                        (byte*)info->cipher.aesgcm_enc.out,
+                        (byte*)info->cipher.aesgcm_enc.in,
+                        info->cipher.aesgcm_enc.sz,
+                        (byte*)info->cipher.aesgcm_enc.iv,
+                        info->cipher.aesgcm_enc.ivSz,
+                        (byte*)info->cipher.aesgcm_enc.authTag,
+                        info->cipher.aesgcm_enc.authTagSz,
+                        (byte*)info->cipher.aesgcm_enc.authIn,
+                        info->cipher.aesgcm_enc.authInSz,
+                        (void*)ctx);
+
+            }
+            else if (cbInfo->internal->keyflgs_tls.bits.session_key_set == 1 ||
+                    (cbInfo->keyflgs_crypt.bits.aes256_installedkey_set == 1 &&
+                       info->cipher.aesgcm_dec.aes->keylen == 32) ||
+                    (cbInfo->keyflgs_crypt.bits.aes128_installedkey_set == 1 &&
+                       info->cipher.aesgcm_dec.aes->keylen == 16)) {
+
+                ret = wc_fspsm_AesGcmDecrypt(
+                        info->cipher.aesgcm_dec.aes,
+                        (byte*)info->cipher.aesgcm_dec.out,
+                        (byte*)info->cipher.aesgcm_dec.in,
+                        info->cipher.aesgcm_dec.sz,
+                        (byte*)info->cipher.aesgcm_dec.iv,
+                        info->cipher.aesgcm_dec.ivSz,
+                        (byte*)info->cipher.aesgcm_dec.authTag,
+                        info->cipher.aesgcm_dec.authTagSz,
+                        (byte*)info->cipher.aesgcm_dec.authIn,
+                        info->cipher.aesgcm_dec.authInSz,
+                        (void*)ctx);
+            }
+        }
+    #endif /* HAVE_AESGCM */
+    #ifdef HAVE_AES_CBC
+        if ((info->cipher.type == WC_CIPHER_AES_CBC) &&
+            (cbInfo->internal->keyflgs_tls.bits.session_key_set == 1 ||
+            (cbInfo->keyflgs_crypt.bits.aes256_installedkey_set == 1 &&
+                info->cipher.aescbc.aes->keylen == 32) ||
+            (cbInfo->keyflgs_crypt.bits.aes128_installedkey_set == 1 &&
+                info->cipher.aescbc.aes->keylen == 16))) {
+                if (info->cipher.enc) {
+                    ret = wc_fspsm_AesCbcEncrypt(
+                        info->cipher.aescbc.aes,
+                        (byte*)info->cipher.aescbc.out,
+                        (byte*)info->cipher.aescbc.in,
+                        info->cipher.aescbc.sz);
+                }
+                else {
+                    ret = wc_fspsm_AesCbcDecrypt(
+                        info->cipher.aescbc.aes,
+                        (byte*)info->cipher.aescbc.out,
+                        (byte*)info->cipher.aescbc.in,
+                        info->cipher.aescbc.sz);
+                }
+        }
+    #endif /* HAVE_AES_CBC */
+    #endif /* !NO_AES */
+    (void)cbInfo;
+    WOLFSSL_LEAVE("wc_fspsm_AesCipher", ret);
+    return ret;
+}
 #endif /* WOLFSSL_RENESAS_FSPSM_TLS
           WOLFSSL_RENESAS_FSPSM_CRYPTONLY
           NO_WOLFSSL_RENESAS_FSPSM_AES */
diff --git a/wolfcrypt/src/port/Renesas/renesas_fspsm_rsa.c b/wolfcrypt/src/port/Renesas/renesas_fspsm_rsa.c
index 5110dc2a4..553cb7dca 100644
--- a/wolfcrypt/src/port/Renesas/renesas_fspsm_rsa.c
+++ b/wolfcrypt/src/port/Renesas/renesas_fspsm_rsa.c
@@ -34,7 +34,7 @@
 #include <wolfssl/wolfcrypt/logging.h>
 #include <wolfssl/wolfcrypt/error-crypt.h>
 #include <wolfssl/wolfcrypt/rsa.h>
-#include <wolfssl/wolfcrypt/port/Renesas/renesas-fspsm-crypt.h>
+#include <wolfssl/wolfcrypt/port/Renesas/renesas_fspsm_internal.h>
 
 #if defined(WOLFSSL_RENESAS_RSIP)
 extern FSPSM_INSTANCE   gFSPSM_ctrl;
diff --git a/wolfcrypt/src/port/Renesas/renesas_fspsm_sha.c b/wolfcrypt/src/port/Renesas/renesas_fspsm_sha.c
index 8b0ade139..69549ef62 100644
--- a/wolfcrypt/src/port/Renesas/renesas_fspsm_sha.c
+++ b/wolfcrypt/src/port/Renesas/renesas_fspsm_sha.c
@@ -35,7 +35,7 @@
     !defined(NO_WOLFSSL_RENESAS_TSIP_CRYPT_HASH)
 
 #include <wolfssl/wolfcrypt/error-crypt.h>
-#include <wolfssl/wolfcrypt/port/Renesas/renesas-fspsm-crypt.h>
+#include <wolfssl/wolfcrypt/port/Renesas/renesas_fspsm_internal.h>
 
 #if defined(WOLFSSL_RENESAS_RSIP)
 extern FSPSM_INSTANCE   gFSPSM_ctrl;
@@ -43,52 +43,148 @@ extern FSPSM_INSTANCE   gFSPSM_ctrl;
 /* wrapper for RSIP SHA1 Init */
 static fsp_err_t _R_RSIP_SHA1_GenerateInit(FSPSM_SHA_HANDLE* h)
 {
+   #if (WOLFSSL_RENESAS_RZFSP_VER >= 220)
+    (void)h;
+    return R_RSIP_SHA_Init(&gFSPSM_ctrl, RSIP_HASH_TYPE_SHA1);
+   #else
     return R_RSIP_SHA_GenerateInit(&gFSPSM_ctrl, h, RSIP_HASH_TYPE_SHA1 );
+   #endif
 }
 /* wrapper for RSIP SHA224 Init */
 static fsp_err_t _R_RSIP_SHA224_GenerateInit(FSPSM_SHA_HANDLE* h)
 {
+   #if (WOLFSSL_RENESAS_RZFSP_VER >= 220)
+    (void)h;
+    return R_RSIP_SHA_Init(&gFSPSM_ctrl, RSIP_HASH_TYPE_SHA224);
+   #else
     return R_RSIP_SHA_GenerateInit(&gFSPSM_ctrl, h, RSIP_HASH_TYPE_SHA224 );
+   #endif
 }
 /* wrapper for RSIP SHA256 Init */
 static fsp_err_t _R_RSIP_SHA256_GenerateInit(FSPSM_SHA_HANDLE* h)
 {
+   #if (WOLFSSL_RENESAS_RZFSP_VER >= 220)
+    (void)h;
+    return R_RSIP_SHA_Init(&gFSPSM_ctrl, RSIP_HASH_TYPE_SHA256);
+   #else
     return R_RSIP_SHA_GenerateInit(&gFSPSM_ctrl, h, RSIP_HASH_TYPE_SHA256 );
+   #endif
 }
 /* wrapper for RSIP SHA384 Init */
 static fsp_err_t _R_RSIP_SHA384_GenerateInit(FSPSM_SHA_HANDLE* h)
 {
+   #if (WOLFSSL_RENESAS_RZFSP_VER >= 220)
+    (void)h;
+    return R_RSIP_SHA_Init(&gFSPSM_ctrl, RSIP_HASH_TYPE_SHA384);
+   #else
     return R_RSIP_SHA_GenerateInit(&gFSPSM_ctrl, h, RSIP_HASH_TYPE_SHA384 );
+   #endif
 }
 /* wrapper for RSIP SHA512 Init */
 static fsp_err_t _R_RSIP_SHA512_GenerateInit(FSPSM_SHA_HANDLE* h)
 {
+   #if (WOLFSSL_RENESAS_RZFSP_VER >= 220)
+    (void)h;
+    return R_RSIP_SHA_Init(&gFSPSM_ctrl, RSIP_HASH_TYPE_SHA512);
+   #else
     return R_RSIP_SHA_GenerateInit(&gFSPSM_ctrl, h, RSIP_HASH_TYPE_SHA512 );
+   #endif
 }
 /* wrapper for RSIP SHA512_224 Init */
 static fsp_err_t _R_RSIP_SHA512_224_GenerateInit(FSPSM_SHA_HANDLE* h)
 {
+   #if (WOLFSSL_RENESAS_RZFSP_VER >= 220)
+    (void)h;
+    return R_RSIP_SHA_Init(&gFSPSM_ctrl, RSIP_HASH_TYPE_SHA512_224);
+   #else
     return R_RSIP_SHA_GenerateInit(&gFSPSM_ctrl, h, RSIP_HASH_TYPE_SHA512_224 );
+   #endif
 }
 /* wrapper for RSIP SHA512_256 Init */
 static fsp_err_t _R_RSIP_SHA512_256_GenerateInit(FSPSM_SHA_HANDLE* h)
 {
+   #if (WOLFSSL_RENESAS_RZFSP_VER >= 220)
+    (void)h;
+    return R_RSIP_SHA_Init(&gFSPSM_ctrl, RSIP_HASH_TYPE_SHA512_256);
+   #else
     return R_RSIP_SHA_GenerateInit(&gFSPSM_ctrl, h, RSIP_HASH_TYPE_SHA512_256 );
+   #endif
 }
 /* wrapper for RSIP SHA Update */
 static fsp_err_t _R_RSIP_SHA_GenerateUpdate(FSPSM_SHA_HANDLE* h,
                                             uint8_t* m, uint32_t len)
 {
+   #if (WOLFSSL_RENESAS_RZFSP_VER >= 220)
+    (void)h;
+    return R_RSIP_SHA_Update(&gFSPSM_ctrl, m, len);
+   #else
     return R_RSIP_SHA_GenerateUpdate(&gFSPSM_ctrl, h, m, len );
+   #endif
 }
 /* wrapper for RSIP SHA Final */
 static fsp_err_t _R_RSIP_SHA_GenerateFinal(FSPSM_SHA_HANDLE* h,
                                                 uint8_t* d, uint32_t *sz)
 {
     (void) sz;
+   #if (WOLFSSL_RENESAS_RZFSP_VER >= 220)
+    (void)h;
+    return R_RSIP_SHA_Finish(&gFSPSM_ctrl, d);
+   #else
     return R_RSIP_SHA_GenerateFinal(&gFSPSM_ctrl, h, d);
+   #endif
 }
 #endif /* WOLFSSL_RENESAS_RSIP */
+
+#if defined(WOLFSSL_RENESAS_RSIP) && (WOLFSSL_RENESAS_RZFSP_VER >= 220)
+static int FSPSM_FuncGet(uint32_t sha_type, void** Init,
+                                        void** Update, void** Final)
+{
+    (void)Init;
+    (void)Update;
+    (void)Final;
+
+    switch(sha_type) {
+    case FSPSM_SHA1:
+        *Init = FSPSM_SHA1_Init;
+        *Update = FSPSM_SHA1_Up;
+        *Final = FSPSM_SHA1_Final;
+        break;
+    case FSPSM_SHA256:
+        *Init = FSPSM_SHA256_Init;
+        *Update = FSPSM_SHA256_Up;
+        *Final = FSPSM_SHA256_Final;
+        break;
+    case FSPSM_SHA224:
+        *Init = FSPSM_SHA224_Init;
+        *Update = FSPSM_SHA224_Up;
+        *Final = FSPSM_SHA224_Final;
+        break;
+    case FSPSM_SHA384:
+        *Init = FSPSM_SHA384_Init;
+        *Update = FSPSM_SHA384_Up;
+        *Final = FSPSM_SHA384_Final;
+        break;
+    case FSPSM_SHA512:
+        *Init = FSPSM_SHA512_Init;
+        *Update = FSPSM_SHA512_Up;
+        *Final = FSPSM_SHA512_Final;
+        break;
+    case FSPSM_SHA512_224:
+        *Init = FSPSM_SHA512_224_Init;
+        *Update = FSPSM_SHA512_224_Up;
+        *Final = FSPSM_SHA512_224_Final;
+        break;
+    case FSPSM_SHA512_256:
+        *Init = FSPSM_SHA512_256_Init;
+        *Update = FSPSM_SHA512_256_Up;
+        *Final = FSPSM_SHA512_256_Final;
+        break;
+    default:
+        return BAD_FUNC_ARG;
+    }
+    return 0;
+}
+#endif
 /* Free up allocation for msg
  *
  * hash    The FSPSM Hash object.
@@ -99,7 +195,8 @@ static void FSPSM_HashFree(wolfssl_FSPSM_Hash* hash)
     if (hash == NULL)
         return;
 
-#if defined(WOLFSSL_RENESAS_SCEPROTECT)
+#if defined(WOLFSSL_RENESAS_SCEPROTECT) || \
+    (defined(WOLFSSL_RENESAS_RSIP) && (WOLFSSL_RENESAS_RZFSP_VER >= 220))
     XFREE(hash->msg, hash->heap, DYNAMIC_TYPE_TMP_BUFFER);
     hash->msg = NULL;
 #endif
@@ -114,7 +211,8 @@ static int FSPSM_HashCopy(wolfssl_FSPSM_Hash* src, wolfssl_FSPSM_Hash* dst)
 
     XMEMCPY(dst, src, sizeof(wolfssl_FSPSM_Hash));
 
-#if defined(WOLFSSL_RENESAS_SCEPROTECT)
+#if defined(WOLFSSL_RENESAS_SCEPROTECT) || \
+    (defined(WOLFSSL_RENESAS_RSIP) && (WOLFSSL_RENESAS_RZFSP_VER >= 220))
     if (src->len > 0 && src->msg != NULL) {
         dst->msg = (byte*)XMALLOC(src->len, dst->heap, DYNAMIC_TYPE_TMP_BUFFER);
         if (dst->msg == NULL) {
@@ -135,7 +233,7 @@ static int FSPSM_HashCopy(wolfssl_FSPSM_Hash* src, wolfssl_FSPSM_Hash* dst)
 static int FSPSM_HashInit(wolfssl_FSPSM_Hash* hash, void* heap, int devId,
     word32 sha_type)
 {
-#if defined(WOLFSSL_RENESAS_RSIP)
+#if defined(WOLFSSL_RENESAS_RSIP) && (WOLFSSL_RENESAS_RZFSP_VER < 220)
     int ret;
     fsp_err_t (*Init)(FSPSM_SHA_HANDLE*);
 #endif
@@ -148,7 +246,8 @@ static int FSPSM_HashInit(wolfssl_FSPSM_Hash* hash, void* heap, int devId,
     hash->sha_type = sha_type;
     hash->heap = heap;
 
-#if defined(WOLFSSL_RENESAS_SCEPROTECT)
+#if defined(WOLFSSL_RENESAS_SCEPROTECT) || \
+    (defined(WOLFSSL_RENESAS_RSIP) && (WOLFSSL_RENESAS_RZFSP_VER >= 220))
     hash->len  = 0;
     hash->used = 0;
     hash->msg  = NULL;
@@ -199,7 +298,7 @@ static int FSPSM_HashInit(wolfssl_FSPSM_Hash* hash, void* heap, int devId,
 static int FSPSM_HashUpdate(wolfssl_FSPSM_Hash* hash,
                                                 const byte* data, word32 sz)
 {
-#if defined(WOLFSSL_RENESAS_RSIP)
+#if defined(WOLFSSL_RENESAS_RSIP) && (WOLFSSL_RENESAS_RZFSP_VER < 220)
     int ret;
     fsp_err_t (*Update)(FSPSM_SHA_HANDLE*, uint8_t*, uint32_t);
 #endif
@@ -208,7 +307,8 @@ static int FSPSM_HashUpdate(wolfssl_FSPSM_Hash* hash,
         return BAD_FUNC_ARG;
     }
 
-#if defined(WOLFSSL_RENESAS_SCEPROTECT)
+#if defined(WOLFSSL_RENESAS_SCEPROTECT) || \
+    (defined(WOLFSSL_RENESAS_RSIP) && (WOLFSSL_RENESAS_RZFSP_VER >= 220))
     if (hash->len < hash->used + sz) {
         if (hash->msg == NULL) {
             hash->msg = (byte*)XMALLOC(hash->used + sz, hash->heap,
@@ -292,7 +392,8 @@ static int FSPSM_HashFinal(wolfssl_FSPSM_Hash* hash, byte* out, word32 outSz)
     void* heap;
     (void) outSz;
 
-#if defined(WOLFSSL_RENESAS_SCEPROTECT)
+#if defined(WOLFSSL_RENESAS_SCEPROTECT) || \
+    (defined(WOLFSSL_RENESAS_RSIP) && (WOLFSSL_RENESAS_RZFSP_VER >= 220))
     FSPSM_SHA_HANDLE handle;
     fsp_err_t (*Init)(FSPSM_SHA_HANDLE*);
     fsp_err_t (*Update)(FSPSM_SHA_HANDLE*, uint8_t*, uint32_t);
@@ -300,14 +401,21 @@ static int FSPSM_HashFinal(wolfssl_FSPSM_Hash* hash, byte* out, word32 outSz)
     if (hash == NULL || out == NULL) {
         return BAD_FUNC_ARG;
     }
-
+ #if defined(WOLFSSL_RENESAS_SCEPROTECT)
     if (hash->sha_type == FSPSM_SHA256) {
         Init = FSPSM_SHA256_Init;
         Update = FSPSM_SHA256_Up;
         Final = FSPSM_SHA256_Final;
     } else
         return BAD_FUNC_ARG;
-
+ #else
+    Init = NULL;
+    Update = NULL;
+    Final = NULL;
+    ret = FSPSM_FuncGet(hash->sha_type, (void**)&Init,
+                            (void**)&Update, (void**)&Final);
+    if (ret != 0) return ret;
+ #endif
     wc_fspsm_hw_lock();
 
     if (Init(&handle) == FSP_SUCCESS) {
@@ -379,7 +487,8 @@ static int FSPSM_HashGet(wolfssl_FSPSM_Hash* hash, byte* out, word32 outSz)
     uint32_t sz = 0;
     (void) outSz;
 
-#if defined(WOLFSSL_RENESAS_SCEPROTECT)
+#if defined(WOLFSSL_RENESAS_SCEPROTECT) || \
+    (defined(WOLFSSL_RENESAS_RSIP) && (WOLFSSL_RENESAS_RZFSP_VER >= 220))
     FSPSM_SHA_HANDLE handle;
     fsp_err_t (*Init)(FSPSM_SHA_HANDLE*);
     fsp_err_t (*Update)(FSPSM_SHA_HANDLE*, uint8_t*, uint32_t);
@@ -392,14 +501,23 @@ static int FSPSM_HashGet(wolfssl_FSPSM_Hash* hash, byte* out, word32 outSz)
         return BAD_FUNC_ARG;
     }
 
-#if defined(WOLFSSL_RENESAS_SCEPROTECT)
+#if defined(WOLFSSL_RENESAS_SCEPROTECT) || \
+    (defined(WOLFSSL_RENESAS_RSIP) && (WOLFSSL_RENESAS_RZFSP_VER >= 220))
+ #if defined(WOLFSSL_RENESAS_SCEPROTECT)
     if (hash->sha_type == FSPSM_SHA256) {
         Init = FSPSM_SHA256_Init;
         Update = FSPSM_SHA256_Up;
         Final = FSPSM_SHA256_Final;
     } else
         return BAD_FUNC_ARG;
-
+ #else
+    Init = NULL;
+    Update = NULL;
+    Final = NULL;
+    ret = FSPSM_FuncGet(hash->sha_type, (void**)&Init,
+                            (void**)&Update, (void**)&Final);
+    if (ret != 0) return ret;
+ #endif
     wc_fspsm_hw_lock();
     if (Init(&handle) == FSP_SUCCESS) {
         ret = Update(&handle, (uint8_t*)hash->msg, hash->used);
diff --git a/wolfcrypt/src/port/Renesas/renesas_fspsm_util.c b/wolfcrypt/src/port/Renesas/renesas_fspsm_util.c
index 84554e2e0..885f8bb19 100644
--- a/wolfcrypt/src/port/Renesas/renesas_fspsm_util.c
+++ b/wolfcrypt/src/port/Renesas/renesas_fspsm_util.c
@@ -39,13 +39,19 @@ extern FSPSM_CONFIG     gFSPSM_cfg;
 #include <wolfssl/wolfcrypt/wc_port.h>
 #include <wolfssl/wolfcrypt/error-crypt.h>
 
-#include <wolfssl/wolfcrypt/port/Renesas/renesas-fspsm-crypt.h>
+#include <wolfssl/wolfcrypt/port/Renesas/renesas_fspsm_internal.h>
 #include <wolfssl/wolfcrypt/port/Renesas/renesas_cmn.h>
 #include <wolfssl/wolfcrypt/memory.h>
 #include <wolfssl/wolfcrypt/error-crypt.h>
 #include <wolfssl/wolfcrypt/aes.h>
 #include <wolfssl/ssl.h>
 #include <wolfssl/internal.h>
+#ifdef NO_INLINE
+    #include <wolfssl/wolfcrypt/misc.h>
+#else
+    #define WOLFSSL_MISC_INCLUDED
+    #include <wolfcrypt/src/misc.c>
+#endif
 
 #include <stdio.h>
 
@@ -55,18 +61,12 @@ extern FSPSM_CONFIG     gFSPSM_cfg;
     #define WOLFSSL_PKMSG(_f_, ...) WC_DO_NOTHING
 #endif
 
-#if defined(WOLFSSL_RENESAS_FSPSM_ECC)
-WC_THREADSHARED FSPSM_ST_PKC gPKCbInfo;
-#endif
-
-
 #ifdef WOLFSSL_RENESAS_FSPSM_TLS
 static const byte*  ca_cert_sig;
 static fspsm_key_data g_user_key_info;
 
 static uint32_t     g_encrypted_publicCA_key[HW_SCE_SINST_WORD_SIZE];
 extern uint32_t     g_CAscm_Idx;          /* index of CM table    */
-static uint32_t     fspsm_sess_idx = 0;
 #endif
 
 #endif /* WOLFSSL_RENESAS_FSPSM*/
@@ -95,7 +95,7 @@ static int fspsm_CryptHwMutexUnLock(wolfSSL_Mutex* mutex)
 * lock hw engine
 * this should be called before using engine.
 */
-WOLFSSL_LOCAL int wc_fspsm_hw_lock()
+int wc_fspsm_hw_lock()
 {
     int ret = 0;
 
@@ -122,13 +122,13 @@ WOLFSSL_LOCAL int wc_fspsm_hw_lock()
 /*
 * release hw engine
 */
-WOLFSSL_LOCAL void wc_fspsm_hw_unlock(void)
+void wc_fspsm_hw_unlock(void)
 {
     fspsm_CryptHwMutexUnLock(&fspsm_mutex);
 }
 
 /* Open sce driver for use */
-WOLFSSL_LOCAL int wc_fspsm_Open()
+int wc_fspsm_Open()
 {
     WOLFSSL_ENTER("wc_fspsm_Open");
     int ret;
@@ -167,7 +167,7 @@ WOLFSSL_LOCAL int wc_fspsm_Open()
 }
 
 /* close SCE driver */
-WOLFSSL_LOCAL void wc_fspsm_Close()
+void wc_fspsm_Close()
 {
     WOLFSSL_ENTER("sce Close");
     int ret;
@@ -188,11 +188,11 @@ WOLFSSL_LOCAL void wc_fspsm_Close()
 }
 
 #define RANDGEN_WORDS  4
-WOLFSSL_LOCAL int wc_fspsm_GenerateRandBlock(byte* output, word32 sz)
+int wc_fspsm_GenerateRandBlock(byte* output, word32 sz)
 {
     /* Generate PRNG based on NIST SP800-90A AES CTR-DRBG */
     int ret = 0;
-    word32 fspbuf[RANDGEN_WORDS];
+    uint32_t fspbuf[RANDGEN_WORDS];
 
     while (sz > 0) {
         word32 len = sizeof(buffer);
@@ -201,8 +201,8 @@ WOLFSSL_LOCAL int wc_fspsm_GenerateRandBlock(byte* output, word32 sz)
             len = sz;
         }
         /* return 4 words random number*/
-        ret = R_RANDOM_GEN((uint8_t* const)fspbuf);
-        if(ret == FSP_SUCCESS) {
+        ret = R_RANDOM_GEN(fspbuf);
+        if (ret == FSP_SUCCESS) {
             XMEMCPY(output, &fspbuf, len);
             output += len;
             sz -= len;
@@ -224,7 +224,7 @@ static int fspsm_ServerKeyExVerify(uint32_t type, WOLFSSL* ssl,
                                    uint32_t sigSz, void* ctx)
 {
     int ret = WOLFSSL_FAILURE;
-    FSPSM_ST* cbInfo;
+    FSPSM_ST* cbInfo = (FSPSM_ST*)ctx;
     byte qx[MAX_ECC_BYTES], qy[MAX_ECC_BYTES];
     byte *peerkey = NULL;
 
@@ -232,11 +232,10 @@ static int fspsm_ServerKeyExVerify(uint32_t type, WOLFSSL* ssl,
     (void) sigSz;
 
     /* sanity check */
-    if (ssl == NULL || sig == NULL || ctx == NULL)
+    if (ssl == NULL || sig == NULL || cbInfo == NULL ||
+            cbInfo->internal == NULL)
         return ret;
 
-    cbInfo = (FSPSM_ST*)ctx;
-
     /* export public peer public key */
     ret = wc_ecc_export_public_raw(ssl->peerEccKey, qx, &qxLen, qy, &qyLen);
     WOLFSSL_PKMSG("qxLen %d qyLen %d\n", qxLen, qyLen);
@@ -246,7 +245,8 @@ static int fspsm_ServerKeyExVerify(uint32_t type, WOLFSSL* ssl,
     }
     /* make peer ecc key data for SCE */
     /* 0padding(24bit) || 04(8bit) || Qx(256bit) || Qy(256bit) */
-    peerkey = (byte*)XMALLOC((3 + 1 + qxLen + qyLen), NULL, DYNAMIC_TYPE_TMP_BUFFER);
+    peerkey = (byte*)XMALLOC((3 + 1 + qxLen + qyLen), NULL,
+                                                    DYNAMIC_TYPE_TMP_BUFFER);
     if (peerkey == NULL) {
         WOLFSSL_MSG("failed to malloc ecc key");
         return WOLFSSL_FAILURE;
@@ -266,15 +266,15 @@ static int fspsm_ServerKeyExVerify(uint32_t type, WOLFSSL* ssl,
             (uint8_t*) peerkey,
             (uint8_t*) sig,
             (uint32_t*)ssl->peerSceTsipEncRsaKeyIndex,
-            (uint32_t*)cbInfo->encrypted_ephemeral_ecdh_public_key);
+            (uint32_t*)cbInfo->internal->encrypted_ephemeral_ecdh_public_key);
 
         if (ret != FSP_SUCCESS) {
             WOLFSSL_MSG("failed R_fspsm_TLS_ServerKeyExchangeVerify");
-            cbInfo->keyflgs_tls.bits.pk_key_set = 0;
+            cbInfo->internal->keyflgs_tls.bits.pk_key_set = 0;
         }
         else {
             ret = WOLFSSL_SUCCESS;
-            cbInfo->keyflgs_tls.bits.pk_key_set = 1;
+            cbInfo->internal->keyflgs_tls.bits.pk_key_set = 1;
         }
     }
     else {
@@ -288,7 +288,7 @@ static int fspsm_ServerKeyExVerify(uint32_t type, WOLFSSL* ssl,
     return ret;
 }
 /* Callback for Rsa Verify */
-WOLFSSL_LOCAL int wc_fspsm_RsaVerifyTLS(WOLFSSL* ssl, byte* sig, uint32_t sigSz,
+int wc_fspsm_RsaVerifyTLS(WOLFSSL* ssl, byte* sig, uint32_t sigSz,
         uint8_t** out, const byte* key, uint32_t keySz, void* ctx)
 {
     int ret = WOLFSSL_FAILURE;
@@ -311,7 +311,7 @@ WOLFSSL_LOCAL int wc_fspsm_RsaVerifyTLS(WOLFSSL* ssl, byte* sig, uint32_t sigSz,
     return ret;
 }
 /* Callback for Ecc Verify */
-WOLFSSL_LOCAL int wc_fspsm_EccVerifyTLS(WOLFSSL* ssl, const uint8_t* sig,
+int wc_fspsm_EccVerifyTLS(WOLFSSL* ssl, const uint8_t* sig,
         uint32_t sigSz,  const uint8_t* hash, uint32_t hashSz,
         const uint8_t* key, uint32_t keySz, int* result, void* ctx)
 {
@@ -389,7 +389,7 @@ WOLFSSL_LOCAL int wc_fspsm_EccVerifyTLS(WOLFSSL* ssl, const uint8_t* sig,
     defined(WOLFSSL_RENESAS_FSPSM_CRYPTONLY)
 
 /* Callback for ECC shared secret */
-WOLFSSL_LOCAL int fspsm_EccSharedSecret(WOLFSSL* ssl, ecc_key* otherKey,
+int fspsm_EccSharedSecret(WOLFSSL* ssl, ecc_key* otherKey,
         uint8_t* pubKeyDer, unsigned int* pubKeySz,
         uint8_t* out, unsigned int* outlen, int side, void* ctx)
 {
@@ -404,41 +404,46 @@ WOLFSSL_LOCAL int fspsm_EccSharedSecret(WOLFSSL* ssl, ecc_key* otherKey,
 
     /* sanity check */
     if (ssl == NULL || pubKeyDer == NULL || pubKeySz == NULL ||
-        out == NULL || outlen == NULL || ctx == NULL)
+        out == NULL || outlen == NULL || cbInfo == NULL ||
+        cbInfo->internal == NULL)
       return WOLFSSL_FAILURE;
 
     WOLFSSL_PKMSG("PK ECC PMS: Side %s, Peer Curve %d\n",
         side == WOLFSSL_CLIENT_END ? "client" : "server", otherKey->dp->id);
 
-    if (cbInfo->keyflgs_tls.bits.pk_key_set == 1) {
+    if (cbInfo->internal->keyflgs_tls.bits.pk_key_set == 1) {
         if ((ret = wc_fspsm_hw_lock()) == 0) {
             /* Generate ECC PUblic key pair */
             ret = FSPSM_TLS_ECCS256R1_KPG(
-                &cbInfo->ecc_p256_wrapped_key,
-                (uint8_t*)&cbInfo->ecc_ecdh_public_key/* Qx 32 bytes and Qy 32 bytes*/ );
+                &cbInfo->internal->ecc_p256_wrapped_key,
+                /* Qx 32 bytes and Qy 32 bytes*/
+                (uint8_t*)&cbInfo->internal->ecc_ecdh_public_key );
             if (ret != FSP_SUCCESS) {
-                WOLFSSL_PKMSG("Failed secp256r1_EphemeralWrappedKeyPairGenerate %d\n", ret);
+                WOLFSSL_PKMSG("Failed secp256r1_EphemeralWrappedKeyPairGenerate"
+                                " %d\n", ret);
                 return ret;
             }
 
             /* copy generated ecdh public key into buffer */
             pubKeyDer[0] = ECC_POINT_UNCOMP;
-            *pubKeySz = 1 + sizeof(cbInfo->ecc_ecdh_public_key);
-            XMEMCPY(&pubKeyDer[1], &cbInfo->ecc_ecdh_public_key,
-                        sizeof(cbInfo->ecc_ecdh_public_key));
+            *pubKeySz = 1 + sizeof(cbInfo->internal->ecc_ecdh_public_key);
+            XMEMCPY(&pubKeyDer[1], &cbInfo->internal->ecc_ecdh_public_key,
+                        sizeof(cbInfo->internal->ecc_ecdh_public_key));
 
             /* Generate Premaster Secret */
             ret = FSPSM_TLS_PREMASTERGEN(
-                        (uint32_t*)&cbInfo->encrypted_ephemeral_ecdh_public_key,
-                        &cbInfo->ecc_p256_wrapped_key,
-                        (uint32_t*)out/* pre-master secret 64 bytes */);
+                (uint32_t*)
+                    &cbInfo->internal->encrypted_ephemeral_ecdh_public_key,
+                    &cbInfo->internal->ecc_p256_wrapped_key,
+                    (uint32_t*)out/* pre-master secret 64 bytes */);
             if (ret != FSP_SUCCESS) {
                 WOLFSSL_PKMSG("Failed PreMasterSecretGenerateForECC_secp256r1 %d\n", ret);
                 return ret;
             }
             else {
                 /* set master secret generation callback for use */
-                wolfSSL_CTX_SetGenMasterSecretCb(ssl->ctx, Renesas_cmn_genMasterSecret);
+                wolfSSL_CTX_SetGenMasterSecretCb(ssl->ctx,
+                                                Renesas_cmn_genMasterSecret);
                 wolfSSL_SetGenMasterSecretCtx(ssl, cbInfo);
             }
         }
@@ -450,7 +455,8 @@ WOLFSSL_LOCAL int fspsm_EccSharedSecret(WOLFSSL* ssl, ecc_key* otherKey,
         wc_fspsm_hw_unlock();
 
         *outlen = 64;
-        WOLFSSL_PKMSG("PK ECC PMS: ret %d, PubKeySz %d, OutLen %d\n", ret, *pubKeySz, *outlen);
+        WOLFSSL_PKMSG("PK ECC PMS: ret %d, PubKeySz %d, OutLen %d\n",
+                                                ret, *pubKeySz, *outlen);
     }
 
     return ret;
@@ -523,7 +529,7 @@ static uint32_t GetSceCipherSuite(
 /* ssl     : a pointer to WOLFSSL object                       */
 /* session_key_generated : if session key has been generated   */
 /* return  1 for usable, 0 for unusable                        */
-WOLFSSL_LOCAL int wc_fspsm_usable(const WOLFSSL *ssl,
+int wc_fspsm_usable(const WOLFSSL *ssl,
                                                 uint8_t session_key_generated)
 {
     WOLFSSL_ENTER("fspsm_usable");
@@ -575,7 +581,7 @@ WOLFSSL_LOCAL int wc_fspsm_usable(const WOLFSSL *ssl,
 }
 
 /* Generate Hmac by sha256*/
-WOLFSSL_LOCAL int wc_fspsm_Sha256GenerateHmac(const WOLFSSL *ssl,
+int wc_fspsm_Sha256GenerateHmac(const WOLFSSL *ssl,
                 const uint8_t* myInner, uint32_t innerSz,const uint8_t* in,
                 uint32_t sz, byte* digest)
 {
@@ -627,7 +633,7 @@ WOLFSSL_LOCAL int wc_fspsm_Sha256GenerateHmac(const WOLFSSL *ssl,
 }
 
 /* Verify hmac */
-WOLFSSL_LOCAL int wc_fspsm_Sha256VerifyHmac(const WOLFSSL *ssl,
+int wc_fspsm_Sha256VerifyHmac(const WOLFSSL *ssl,
         const uint8_t* message, uint32_t messageSz,
         uint32_t macSz, uint32_t content)
 {
@@ -649,7 +655,7 @@ WOLFSSL_LOCAL int wc_fspsm_Sha256VerifyHmac(const WOLFSSL *ssl,
     }
 
     wolfSSL_SetTlsHmacInner((WOLFSSL*)ssl, myInner,
-                                                        (word32)messageSz, (int)content, 1);
+                        (word32)messageSz, (int)content, 1);
 
     ret = FSPSM_S256HMAC_VInt(
                 &_handle,
@@ -684,7 +690,7 @@ WOLFSSL_LOCAL int wc_fspsm_Sha256VerifyHmac(const WOLFSSL *ssl,
 }
 
 /* generate Verify Data based on master secret */
-WOLFSSL_LOCAL int wc_fspsm_generateVerifyData(
+int wc_fspsm_generateVerifyData(
                             const uint8_t *ms, /* master secret */
                             const uint8_t *side, const uint8_t *handshake_hash,
                             uint8_t *hashes /* out */)
@@ -717,7 +723,7 @@ WOLFSSL_LOCAL int wc_fspsm_generateVerifyData(
 }
 
 /* generate keys for TLS communication */
-WOLFSSL_LOCAL int wc_fspsm_generateSessionKey(WOLFSSL *ssl,
+int wc_fspsm_generateSessionKey(WOLFSSL *ssl,
                 FSPSM_ST* cbInfo, int devId)
 {
     WOLFSSL_MSG("fspsm_generateSessionKey()");
@@ -733,7 +739,7 @@ WOLFSSL_LOCAL int wc_fspsm_generateSessionKey(WOLFSSL *ssl,
     uint32_t sceCS = GetSceCipherSuite(ssl->options.cipherSuite0,
                                          ssl->options.cipherSuite);
 
-    if (ssl== NULL || cbInfo == NULL)
+    if (ssl== NULL || cbInfo == NULL || cbInfo->internal == NULL)
       return BAD_FUNC_ARG;
 
 
@@ -843,8 +849,10 @@ WOLFSSL_LOCAL int wc_fspsm_generateSessionKey(WOLFSSL *ssl,
                 /* ready-for-use flag will be set when SetKeySide() is called */
             }
 
-            if (cbInfo->cipher == SCE_TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 ||
-               cbInfo->cipher == SCE_TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256) {
+            if (cbInfo->internal->cipher ==
+                    SCE_TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 ||
+                cbInfo->internal->cipher ==
+                    SCE_TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256) {
                 enc->aes->nonceSz = AEAD_MAX_IMP_SZ;
                 dec->aes->nonceSz = AEAD_MAX_IMP_SZ;
              }
@@ -852,7 +860,7 @@ WOLFSSL_LOCAL int wc_fspsm_generateSessionKey(WOLFSSL *ssl,
              dec->aes->devId = devId;
 
             /* marked as session key is set */
-            cbInfo->keyflgs_tls.bits.session_key_set = 1;
+            cbInfo->internal->keyflgs_tls.bits.session_key_set = 1;
         }
 
         XFREE(key_client_aes, ssl->heap, DYNAMIC_TYPE_AES);
@@ -871,7 +879,7 @@ WOLFSSL_LOCAL int wc_fspsm_generateSessionKey(WOLFSSL *ssl,
 }
 
 /* generate master secret based on pre-master which is generated by SCE */
-WOLFSSL_LOCAL int wc_fspsm_generateMasterSecret(
+int wc_fspsm_generateMasterSecret(
         uint8_t        cipherSuiteFirst,
         uint8_t        cipherSuite,
         const uint8_t *pr, /* pre-master    */
@@ -909,7 +917,7 @@ WOLFSSL_LOCAL int wc_fspsm_generateMasterSecret(
 }
 
 /* generate pre-Master secrete by SCE */
-WOLFSSL_LOCAL int wc_fspsm_generatePremasterSecret(uint8_t *premaster,
+int wc_fspsm_generatePremasterSecret(uint8_t *premaster,
                                                         uint32_t preSz)
 {
     WOLFSSL_ENTER("fspsm_generatePremasterSecret");
@@ -940,7 +948,7 @@ WOLFSSL_LOCAL int wc_fspsm_generatePremasterSecret(uint8_t *premaster,
 /*
 * generate encrypted pre-Master secrete by SCE
 */
-WOLFSSL_LOCAL int wc_fspsm_generateEncryptPreMasterSecret(
+int wc_fspsm_generateEncryptPreMasterSecret(
         WOLFSSL*    ssl,
         uint8_t*       out,
         uint32_t*     outSz)
@@ -983,7 +991,7 @@ WOLFSSL_LOCAL int wc_fspsm_generateEncryptPreMasterSecret(
 
 
 /* Certificate verification by SCE */
-WOLFSSL_LOCAL int wc_fspsm_tls_CertVerify(
+int wc_fspsm_tls_CertVerify(
         const uint8_t* cert,       uint32_t certSz,
         const uint8_t* signature,  uint32_t sigSz,
         uint32_t      key_n_start,uint32_t key_n_len,
@@ -1080,7 +1088,7 @@ WOLFSSL_LOCAL int wc_fspsm_tls_CertVerify(
 }
 
 /* Root Certificate verification */
-WOLFSSL_LOCAL int wc_fspsm_tls_RootCertVerify(
+int wc_fspsm_tls_RootCertVerify(
         const uint8_t* cert,        uint32_t cert_len,
         uint32_t      key_n_start,    uint32_t key_n_len,
         uint32_t      key_e_start,    uint32_t key_e_len,
@@ -1130,23 +1138,27 @@ WOLFSSL_LOCAL int wc_fspsm_tls_RootCertVerify(
 /*  store elements for session key generation into ssl->keys.
  *  return 0 on success, negative value on failure
  */
-WOLFSSL_LOCAL int wc_fspsm_storeKeyCtx(WOLFSSL* ssl, FSPSM_ST* info)
+int wc_fspsm_storeKeyCtx(WOLFSSL* ssl, FSPSM_ST* info)
 {
     int ret = 0;
 
     WOLFSSL_ENTER("fspsm_storeKeyCtx");
 
-    if (ssl == NULL || info == NULL)
+    if (ssl == NULL || info == NULL || info->internal == NULL)
         ret = BAD_FUNC_ARG;
 
     if (ret == 0) {
-        XMEMCPY(info->masterSecret, ssl->arrays->fspsm_masterSecret,
-                                                FSPSM_TLS_MASTERSECRET_SIZE);
-        XMEMCPY(info->clientRandom, ssl->arrays->clientRandom, 32);
-        XMEMCPY(info->serverRandom, ssl->arrays->serverRandom, 32);
+        XMEMCPY(info->internal->masterSecret,
+                        ssl->arrays->fspsm_masterSecret,
+                        FSPSM_TLS_MASTERSECRET_SIZE);
+        XMEMCPY(info->internal->clientRandom,
+                        ssl->arrays->clientRandom, 32);
+        XMEMCPY(info->internal->serverRandom,
+                        ssl->arrays->serverRandom, 32);
 
-        info->cipher = (uint8_t)GetSceCipherSuite(ssl->options.cipherSuite0,
-                               ssl->options.cipherSuite);
+        info->internal->cipher = (uint8_t)GetSceCipherSuite(
+                                ssl->options.cipherSuite0,
+                                ssl->options.cipherSuite);
     }
     WOLFSSL_LEAVE("fspsm_storeKeyCtx", ret);
     return ret;
@@ -1213,6 +1225,35 @@ WOLFSSL_API void wc_fspsm_set_callbacks(WOLFSSL_CTX* ctx)
     /* reset callbacks */
     wolfSSL_CTX_SetEccSharedSecretCb(ctx, NULL);
 }
+/*
+* Clean up Renesas Ctx
+* ssl WOLFSSL object
+* return 0 successful
+*/
+int wc_fspsm_TlsCleanup(WOLFSSL* ssl)
+{
+    int ret = 0;
+    FSPSM_ST* tuc = NULL;
+
+    if (ssl == NULL)
+        return ret;
+
+    tuc = ssl->RenesasUserCtx;
+
+    if (tuc == NULL)
+        return ret;
+    /* free internal structure */
+    if (tuc->internal) {
+        XFREE(tuc->internal, ssl->heap, DYNAMIC_TYPE_TMP_BUFFER);
+        tuc->internal = NULL;
+    }
+
+    /* zero clear */
+    ForceZero(tuc, sizeof(FSPSM_ST));
+    ssl->RenesasUserCtx = NULL;
+
+    return ret;
+}
 /* Set callback contexts needed for sce TLS api handling */
 #if defined(WOLFSSL_RENESAS_SCEPROTECT)
 WOLFSSL_API int wc_sce_set_callback_ctx(WOLFSSL* ssl, void* user_ctx)
@@ -1220,14 +1261,29 @@ WOLFSSL_API int wc_sce_set_callback_ctx(WOLFSSL* ssl, void* user_ctx)
 WOLFSSL_API int wc_fspsm_set_callback_ctx(WOLFSSL* ssl, void* user_ctx)
 #endif
 {
-    if (fspsm_sess_idx > MAX_FSPSM_CBINDEX) {
-        WOLFSSL_MSG("exceeds maximum session index");
-        return -1;
+    FSPSM_ST* uCtx = (FSPSM_ST*)user_ctx;
+
+    if (ssl == NULL || user_ctx == NULL) {
+        return BAD_FUNC_ARG;
     }
-    gPKCbInfo.user_PKCbInfo[fspsm_sess_idx] = (FSPSM_ST*)user_ctx;
-    gPKCbInfo.user_PKCbInfo[fspsm_sess_idx]->keyflgs_tls.bits.pk_key_set = 0;
-    gPKCbInfo.user_PKCbInfo[fspsm_sess_idx]->keyflgs_tls.bits.session_key_set
-                                                                            = 0;
+
+    ForceZero(uCtx, sizeof(FSPSM_ST));
+    uCtx->internal = (FSPSM_ST_Internal*)XMALLOC(sizeof(FSPSM_ST_Internal),
+                                        ssl->heap,
+                                        DYNAMIC_TYPE_TMP_BUFFER);
+    if (!uCtx->internal) {
+        WOLFSSL_MSG("Failed to allocate memory for user ctx internal");
+        return MEMORY_E;
+    }
+
+    ForceZero(uCtx->internal, sizeof(FSPSM_ST_Internal));
+
+    uCtx->internal->ssl  = ssl;
+    uCtx->internal->ctx  = ssl->ctx;
+    uCtx->internal->heap = ssl->heap;
+    uCtx->internal->side = ssl->ctx->method->side;
+
+    ssl->RenesasUserCtx = user_ctx;     /* ssl doesn't own user_ctx */
 
     wolfSSL_SetEccVerifyCtx(ssl, user_ctx);
     wolfSSL_SetRsaEncCtx(ssl, user_ctx);
@@ -1239,8 +1295,6 @@ WOLFSSL_API int wc_fspsm_set_callback_ctx(WOLFSSL* ssl, void* user_ctx)
     /* set up crypt callback */
     wc_CryptoCb_CryptInitRenesasCmn(ssl, user_ctx);
 
-    gPKCbInfo.num_session = ++fspsm_sess_idx;
-
     return 0;
 }
 #endif /*  !WOLFSSL_RENESAS_FSPSM_CRYPTONLY */
diff --git a/wolfcrypt/src/port/Renesas/renesas_tsip_aes.c b/wolfcrypt/src/port/Renesas/renesas_tsip_aes.c
index d5d061c1c..f158b9221 100644
--- a/wolfcrypt/src/port/Renesas/renesas_tsip_aes.c
+++ b/wolfcrypt/src/port/Renesas/renesas_tsip_aes.c
@@ -40,7 +40,7 @@
 #include <wolfssl/internal.h>
 #endif
 #include <wolfssl/wolfcrypt/aes.h>
-#include "wolfssl/wolfcrypt/port/Renesas/renesas-tsip-crypt.h"
+#include "wolfssl/wolfcrypt/port/Renesas/renesas_tsip_internal.h"
 #ifdef NO_INLINE
     #include <wolfssl/wolfcrypt/misc.h>
 #else
@@ -100,7 +100,7 @@ WOLFSSL_LOCAL int tsip_Tls13AesEncrypt(
 {
     int ret = 0;
     e_tsip_err_t    err = TSIP_SUCCESS;
-    TsipUserCtx*    tuc = NULL;
+    TsipUserCtx_Internal* tuc = NULL;
     e_tsip_tls13_cipher_suite_t cs;
     word32  cipher[(WC_AES_BLOCK_SIZE + TSIP_AES_GCM_AUTH_TAG_SIZE) /
                                                              sizeof(word32)];
@@ -113,7 +113,8 @@ WOLFSSL_LOCAL int tsip_Tls13AesEncrypt(
 
     WOLFSSL_ENTER("tsip_Tls13AesEncrypt");
 
-    if ((ssl == NULL) || (input == NULL) || (output == NULL) || (sz == 0)) {
+    if ((ssl == NULL) || (input == NULL) || (output == NULL) || (sz == 0) ||
+        (ssl->RenesasUserCtx == NULL)) {
         return BAD_FUNC_ARG;
     }
 
@@ -122,7 +123,7 @@ WOLFSSL_LOCAL int tsip_Tls13AesEncrypt(
     }
 
     /* get user context for TSIP */
-    tuc = ssl->RenesasUserCtx;
+    tuc = (TsipUserCtx_Internal*)((TsipUserCtx*)ssl->RenesasUserCtx)->internal;
     if (tuc == NULL) {
         WOLFSSL_MSG("TsipUserCtx hasn't been set to ssl.");
         return CRYPTOCB_UNAVAILABLE;
@@ -247,7 +248,7 @@ WOLFSSL_LOCAL int tsip_Tls13AesDecrypt(
 {
     int ret = 0;
     e_tsip_err_t    err = TSIP_SUCCESS;
-    TsipUserCtx*    tuc = NULL;
+    TsipUserCtx_Internal* tuc = NULL;
     e_tsip_tls13_cipher_suite_t cs;
     word32          cipher[WC_AES_BLOCK_SIZE / sizeof(word32)];
     word32          plain[WC_AES_BLOCK_SIZE / sizeof(word32)];
@@ -260,7 +261,8 @@ WOLFSSL_LOCAL int tsip_Tls13AesDecrypt(
 
     WOLFSSL_ENTER("tsip_Tls13AesDecrypt");
 
-    if ((ssl == NULL) || (input == NULL) || (output == NULL) || (sz == 0)) {
+    if ((ssl == NULL) || (input == NULL) || (output == NULL) || (sz == 0) ||
+        (ssl->RenesasUserCtx == NULL)) {
         return BAD_FUNC_ARG;
     }
 
@@ -269,7 +271,8 @@ WOLFSSL_LOCAL int tsip_Tls13AesDecrypt(
     }
 
     /* get user context for TSIP */
-    tuc = ssl->RenesasUserCtx;
+    tuc = (TsipUserCtx_Internal*)
+            ((TsipUserCtx*)(ssl->RenesasUserCtx))->internal;
     if (tuc == NULL) {
         WOLFSSL_MSG("TsipUserCtx hasn't been set to ssl.");
         return CRYPTOCB_UNAVAILABLE;
@@ -414,11 +417,11 @@ static int _tsip_cpAesKeyIndex2AesCtx(wc_CryptoInfo* info, TsipUserCtx* cb)
     }
 
     if (aes && cb->user_aes256_key_set == 1) {
-        XMEMCPY(&aes->ctx.tsip_keyIdx,&cb->user_aes256_key_index,
+        XMEMCPY(&aes->ctx.tsip_keyIdx, &cb->user_aes256_key_index,
                     sizeof(tsip_aes_key_index_t));
             aes->ctx.keySize = 32;
     }else if (aes && cb->user_aes128_key_set == 1) {
-        XMEMCPY(&aes->ctx.tsip_keyIdx,&cb->user_aes128_key_index,
+        XMEMCPY(&aes->ctx.tsip_keyIdx, &cb->user_aes128_key_index,
                     sizeof(tsip_aes_key_index_t));
         aes->ctx.keySize = 16;
     } else
@@ -439,16 +442,26 @@ int wc_tsip_AesCipher(int devIdArg, wc_CryptoInfo* info, void* ctx)
     }
 
     (void)devIdArg;
-
+    (void)_tsip_cpAesKeyIndex2AesCtx;
     if (info->algo_type == WC_ALGO_TYPE_CIPHER) {
 #if !defined(NO_AES)
 #ifdef HAVE_AESGCM
         if (info->cipher.type == WC_CIPHER_AES_GCM
         #ifdef WOLFSSL_RENESAS_TSIP_TLS
-            && cbInfo != NULL && cbInfo->session_key_set == 1
+            && cbInfo != NULL &&
+                        cbInfo->internal->session_key_set == 1
         #endif
             ) {
-            ret = _tsip_cpAesKeyIndex2AesCtx(info, cbInfo);
+            /* prioritize TLS Session Key than User TSIP Aes Key */
+            /* TODO : identify if Aes API is called through      */
+            /* while doing TLS handshake or Crypt API            */
+        #ifdef WOLFSSL_RENESAS_TSIP_TLS
+            if (cbInfo->internal->session_key_set == 1)
+                ret = 0;
+            else
+        #else
+                ret = _tsip_cpAesKeyIndex2AesCtx(info, cbInfo);
+        #endif
             if (ret != 0) {
                 WOLFSSL_MSG("Failed to copy Aes Key Index from "
                             "UserCtx to AES Ctx");
@@ -489,12 +502,18 @@ int wc_tsip_AesCipher(int devIdArg, wc_CryptoInfo* info, void* ctx)
     #ifdef WOLFSSL_AES_COUNTER
         if (info->cipher.type == WC_CIPHER_AES_CTR
         #ifdef WOLFSSL_RENESAS_TSIP_TLS
-            && cbInfo != NULL && cbInfo->session_key_set == 1
+            && cbInfo != NULL && cbInfo->internal->session_key_set == 1
         #endif
             ) {
             int remain = (int)(info->cipher.aesctr.sz % WC_AES_BLOCK_SIZE);
             if (remain == 0) {
-                ret = _tsip_cpAesKeyIndex2AesCtx(info, cbInfo);
+            #ifdef WOLFSSL_RENESAS_TSIP_TLS
+                if (cbInfo->internal->session_key_set == 1)
+                    ret = 0;
+                else
+            #else
+                    ret = _tsip_cpAesKeyIndex2AesCtx(info, cbInfo);
+            #endif
                 if (ret != 0) {
                     WOLFSSL_MSG("Failed to copy Aes Key Index from "
                                 "UserCtx to AES Ctx");
@@ -513,10 +532,16 @@ int wc_tsip_AesCipher(int devIdArg, wc_CryptoInfo* info, void* ctx)
     #ifdef HAVE_AES_CBC
         if (info->cipher.type == WC_CIPHER_AES_CBC
         #ifdef WOLFSSL_RENESAS_TSIP_TLS
-            && cbInfo != NULL && cbInfo->session_key_set == 1
+            && cbInfo != NULL && cbInfo->internal->session_key_set == 1
         #endif
             ) {
-            ret = _tsip_cpAesKeyIndex2AesCtx(info, cbInfo);
+        #ifdef WOLFSSL_RENESAS_TSIP_TLS
+            if (cbInfo->internal->session_key_set == 1)
+                ret = 0;
+            else
+        #else
+                ret = _tsip_cpAesKeyIndex2AesCtx(info, cbInfo);
+        #endif
             if (ret != 0) {
                 WOLFSSL_MSG("Failed to copy Aes Key Index from "
                             "UserCtx to AES Ctx");
@@ -790,7 +815,7 @@ int wc_tsip_AesGcmEncrypt(
     uint32_t ivSz_l = 0;
 
     tsip_aes_key_index_t key_client_aes;
-    TsipUserCtx *userCtx;
+    TsipUserCtx* userCtx;
 
     WOLFSSL_ENTER("wc_tsip_AesGcmEncrypt");
 
@@ -819,7 +844,7 @@ int wc_tsip_AesGcmEncrypt(
         finalFn  = R_TSIP_Aes256GcmEncryptFinal;
     }
 
-    userCtx = (TsipUserCtx*)ctx;
+    userCtx = ((TsipUserCtx*)ctx);
 
     /* buffer for cipher data output must be multiple of WC_AES_BLOCK_SIZE */
     cipherBufSz = ((sz / WC_AES_BLOCK_SIZE) + 1) * WC_AES_BLOCK_SIZE;
@@ -850,15 +875,15 @@ int wc_tsip_AesGcmEncrypt(
 
     #if defined(WOLFSSL_RENESAS_TSIP_TLS)
         if (ret == 0 &&
-            userCtx->session_key_set == 1) {
+            userCtx->internal->session_key_set == 1) {
             /* generate AES-GCM session key. The key stored in
              * Aes.ctx.tsip_keyIdx is not used here.
              */
             err = R_TSIP_TlsGenerateSessionKey(
-                    userCtx->tsip_cipher,
-                    (uint32_t*)userCtx->tsip_masterSecret,
-                    (uint8_t*) userCtx->tsip_clientRandom,
-                    (uint8_t*) userCtx->tsip_serverRandom,
+                    userCtx->internal->tsip_cipher,
+                    (uint32_t*)userCtx->internal->tsip_masterSecret,
+                    (uint8_t*) userCtx->internal->tsip_clientRandom,
+                    (uint8_t*) userCtx->internal->tsip_serverRandom,
                     &iv[AESGCM_IMP_IV_SZ], /* use exp_IV */
                     NULL,
                     NULL,
@@ -988,7 +1013,7 @@ int wc_tsip_AesGcmDecrypt(
     uint32_t ivSz_l = 0;
 
     tsip_aes_key_index_t key_server_aes;
-    TsipUserCtx *userCtx;
+    TsipUserCtx* userCtx;
 
     WOLFSSL_ENTER("wc_tsip_AesGcmDecrypt");
 
@@ -1018,7 +1043,7 @@ int wc_tsip_AesGcmDecrypt(
         finalFn  = R_TSIP_Aes256GcmDecryptFinal;
     }
 
-    userCtx = (TsipUserCtx *)ctx;
+    userCtx = ((TsipUserCtx *)ctx);
 
     /* buffer for plain data output must be multiple of WC_AES_BLOCK_SIZE */
     plainBufSz = ((sz / WC_AES_BLOCK_SIZE) + 1) * WC_AES_BLOCK_SIZE;
@@ -1049,15 +1074,15 @@ int wc_tsip_AesGcmDecrypt(
 
     #if defined(WOLFSSL_RENESAS_TSIP_TLS)
         if (ret == 0 &&
-            userCtx->session_key_set == 1) {
+            userCtx->internal->session_key_set == 1) {
             /* generate AES-GCM session key. The key stored in
              * Aes.ctx.tsip_keyIdx is not used here.
              */
             err = R_TSIP_TlsGenerateSessionKey(
-                    userCtx->tsip_cipher,
-                    (uint32_t*)userCtx->tsip_masterSecret,
-                    (uint8_t*) userCtx->tsip_clientRandom,
-                    (uint8_t*) userCtx->tsip_serverRandom,
+                    userCtx->internal->tsip_cipher,
+                    (uint32_t*)userCtx->internal->tsip_masterSecret,
+                    (uint8_t*) userCtx->internal->tsip_clientRandom,
+                    (uint8_t*) userCtx->internal->tsip_serverRandom,
                     (uint8_t*)&iv[AESGCM_IMP_IV_SZ], /* use exp_IV */
                     NULL,
                     NULL,
diff --git a/wolfcrypt/src/port/Renesas/renesas_tsip_sha.c b/wolfcrypt/src/port/Renesas/renesas_tsip_sha.c
index b0aa5d1f9..58edd6ad8 100644
--- a/wolfcrypt/src/port/Renesas/renesas_tsip_sha.c
+++ b/wolfcrypt/src/port/Renesas/renesas_tsip_sha.c
@@ -43,7 +43,7 @@
 
 #include <wolfssl/wolfcrypt/memory.h>
 #include <wolfssl/wolfcrypt/error-crypt.h>
-#include <wolfssl/wolfcrypt/port/Renesas/renesas-tsip-crypt.h>
+#include <wolfssl/wolfcrypt/port/Renesas/renesas_tsip_internal.h>
 
 extern struct WOLFSSL_HEAP_HINT* tsip_heap_hint;
 
@@ -82,7 +82,7 @@ WOLFSSL_LOCAL int tsip_Tls13GetHmacMessages(struct WOLFSSL* ssl, byte* mac)
         if (tuc == NULL) {
             ret = CRYPTOCB_UNAVAILABLE;
         }
-        else if (!tuc->HandshakeClientTrafficKey_set) {
+        else if (!tuc->internal->HandshakeClientTrafficKey_set) {
             WOLFSSL_MSG("Client handshake traffic keys aren't created by TSIP");
             ret = CRYPTOCB_UNAVAILABLE;
         }
@@ -97,8 +97,9 @@ WOLFSSL_LOCAL int tsip_Tls13GetHmacMessages(struct WOLFSSL* ssl, byte* mac)
     if (ret == 0) {
         if ((ret = tsip_hw_lock()) == 0) {
 
-            err = R_TSIP_Sha256HmacGenerateInit(&(tuc->hmacFinished13Handle),
-                                                &(tuc->clientFinished13Idx));
+            err = R_TSIP_Sha256HmacGenerateInit(
+                    &(tuc->internal->hmacFinished13Handle),
+                    &(tuc->internal->clientFinished13Idx));
 
             if (err != TSIP_SUCCESS) {
                 WOLFSSL_MSG("R_TSIP_Sha256HmacGenerateInit failed");
@@ -108,9 +109,9 @@ WOLFSSL_LOCAL int tsip_Tls13GetHmacMessages(struct WOLFSSL* ssl, byte* mac)
             if (ret == 0) {
 
                 err = R_TSIP_Sha256HmacGenerateUpdate(
-                                                &(tuc->hmacFinished13Handle),
-                                                (uint8_t*)hash,
-                                                WC_SHA256_DIGEST_SIZE);
+                                        &(tuc->internal->hmacFinished13Handle),
+                                        (uint8_t*)hash,
+                                        WC_SHA256_DIGEST_SIZE);
 
                 if (err != TSIP_SUCCESS) {
                     WOLFSSL_MSG("R_TSIP_Sha256HmacGenerateUpdate failed");
@@ -120,7 +121,7 @@ WOLFSSL_LOCAL int tsip_Tls13GetHmacMessages(struct WOLFSSL* ssl, byte* mac)
 
             if (ret == 0) {
                 err = R_TSIP_Sha256HmacGenerateFinal(
-                                            &(tuc->hmacFinished13Handle), mac);
+                                &(tuc->internal->hmacFinished13Handle), mac);
                 if (err != TSIP_SUCCESS) {
                     WOLFSSL_MSG("R_TSIP_Sha256HmacGenerateFinal failed");
                     ret = WC_HW_E;
@@ -185,7 +186,7 @@ WOLFSSL_LOCAL int tsip_StoreMessage(struct WOLFSSL* ssl, const byte* data,
 
     /* check if TSIP is used for this session */
     if (ret == 0) {
-        if (!tuc->Dhe_key_set) {
+        if (!tuc->internal->Dhe_key_set) {
             WOLFSSL_MSG("DH key not set.");
             ret = CRYPTOCB_UNAVAILABLE;
         }
@@ -195,7 +196,7 @@ WOLFSSL_LOCAL int tsip_StoreMessage(struct WOLFSSL* ssl, const byte* data,
     if (ret == 0) {
         c24to32(&data[1], &messageSz);
 
-        bag = &(tuc->messageBag);
+        bag = &(tuc->internal->messageBag);
 
         if (bag->msgIdx +1 > MAX_MSGBAG_MESSAGES ||
             bag->buffIdx + sz > MSGBAG_SIZE) {
@@ -246,7 +247,7 @@ WOLFSSL_LOCAL int tsip_GetMessageSha256(struct WOLFSSL* ssl, byte* hash,
         if (tuc == NULL) {
             ret = CRYPTOCB_UNAVAILABLE;
         }
-        bag = &(tuc->messageBag);
+        bag = &(tuc->internal->messageBag);
     }
 
     if (ret == 0) {
diff --git a/wolfcrypt/src/port/Renesas/renesas_tsip_util.c b/wolfcrypt/src/port/Renesas/renesas_tsip_util.c
index e92b3bfeb..33fa22a9b 100644
--- a/wolfcrypt/src/port/Renesas/renesas_tsip_util.c
+++ b/wolfcrypt/src/port/Renesas/renesas_tsip_util.c
@@ -45,7 +45,7 @@
     #include <wolfssl/internal.h>
     #include <wolfssl/error-ssl.h>
 #endif
-#include <wolfssl/wolfcrypt/port/Renesas/renesas-tsip-crypt.h>
+#include <wolfssl/wolfcrypt/port/Renesas/renesas_tsip_internal.h>
 #include <wolfssl/wolfcrypt/port/Renesas/renesas_cmn.h>
 
 #include <stdio.h>
@@ -132,13 +132,13 @@ WOLFSSL_API int tsip_use_PublicKey_buffer_TLS(WOLFSSL* ssl,
     WOLFSSL_ENTER("tsip_use_PublicKey_buffer_TLS");
 
     if (ssl == NULL
-    || keyBuf == NULL || keyBufLen == 0) {
+    || keyBuf == NULL || keyBufLen == 0 || ssl->RenesasUserCtx == NULL) {
         ret = BAD_FUNC_ARG;
     }
 
     if (ret == 0){
         tuc = ssl->RenesasUserCtx;
-        tuc->wrappedPublicKey  = (uint8_t*)keyBuf;
+        tuc->internal->wrappedPublicKey  = (uint8_t*)keyBuf;
         tuc->wrappedKeyType    = keyType;
     }
 
@@ -161,18 +161,20 @@ WOLFSSL_API int tsip_use_PrivateKey_buffer_TLS(struct WOLFSSL* ssl,
 
     WOLFSSL_ENTER("tsip_use_PrivateKey_buffer_TLS");
 
-    if (ssl == NULL || keyBuf == NULL || keyBufLen == 0 ) {
+    if (ssl == NULL || keyBuf == NULL || keyBufLen == 0 ||
+                                ssl->RenesasUserCtx == NULL) {
         ret = BAD_FUNC_ARG;
     }
     if (ret == 0){
         tuc = ssl->RenesasUserCtx;
 
-        tuc->wrappedPrivateKey = (uint8_t*)keyBuf;
+        tuc->internal->wrappedPrivateKey = (uint8_t*)keyBuf;
         tuc->wrappedKeyType    = keyType;
 
         /* store keyType as Id since Id capacity is 32 bytes */
         ret = wolfSSL_use_PrivateKey_Id(ssl,
-                                (const unsigned char*)keyBuf, 32, tuc->devId);
+                                (const unsigned char*)keyBuf, 32,
+                                                tuc->devId);
         if (ret == WOLFSSL_SUCCESS) {
             ret = 0;
         }
@@ -197,7 +199,6 @@ WOLFSSL_API int tsip_use_PublicKey_buffer_crypt(TsipUserCtx *uc,
                                 const char* keyBuf, int keyBufLen, int keyType)
 {
     int ret = 0;
-    TsipUserCtx* tuc = NULL;
 
     WOLFSSL_ENTER("tsip_use_PublicKey_buffer_crypt");
 
@@ -206,9 +207,8 @@ WOLFSSL_API int tsip_use_PublicKey_buffer_crypt(TsipUserCtx *uc,
     }
 
     if (ret == 0){
-        tuc = uc;
-        tuc->wrappedPublicKey  = (uint8_t*)keyBuf;
-        tuc->wrappedKeyType    = keyType;
+        uc->internal->wrappedPublicKey  = (uint8_t*)keyBuf;
+        uc->wrappedKeyType    = keyType;
     }
 
     WOLFSSL_LEAVE("tsip_use_PublicKey_buffer_crypt", ret);
@@ -226,7 +226,6 @@ WOLFSSL_API int tsip_use_PrivateKey_buffer_crypt(TsipUserCtx *uc,
                                 const char* keyBuf, int keyBufLen, int keyType)
 {
     int ret = 0;
-    TsipUserCtx* tuc = NULL;
 
     WOLFSSL_ENTER("tsip_use_PrivateKey_buffer_crypt");
 
@@ -234,10 +233,8 @@ WOLFSSL_API int tsip_use_PrivateKey_buffer_crypt(TsipUserCtx *uc,
         ret = BAD_FUNC_ARG;
     }
     if (ret == 0){
-        tuc = uc;
-
-        tuc->wrappedPrivateKey = (uint8_t*)keyBuf;
-        tuc->wrappedKeyType    = keyType;
+        uc->internal->wrappedPrivateKey = (uint8_t*)keyBuf;
+        uc->wrappedKeyType    = keyType;
     }
 
     WOLFSSL_LEAVE("tsip_use_PrivateKey_buffer_crypt", ret);
@@ -287,7 +284,7 @@ static void tsipFlushMessages(struct WOLFSSL* ssl)
         return;
     }
 
-    bag = &(tuc->messageBag);
+    bag = &(tuc->internal->messageBag);
 
     ForceZero(bag, sizeof(MsgBag));
 
@@ -310,6 +307,14 @@ int tsip_TlsCleanup(struct WOLFSSL* ssl)
 
     /* free stored messages */
     tsipFlushMessages(ssl);
+    /* free internal structure */
+    if (tuc->internal) {
+        XFREE(tuc->internal, ssl->heap, DYNAMIC_TYPE_TMP_BUFFER);
+        tuc->internal = NULL;
+    }
+
+    /* zero clear */
+    ForceZero(tuc, sizeof(TsipUserCtx));
 
     return ret;
 }
@@ -401,19 +406,19 @@ int tsip_Tls13GenEccKeyPair(WOLFSSL* ssl, KeyShareEntry* kse)
     if (ret == 0) {
         if ((ret = tsip_hw_lock()) == 0) {
 
-            tuc->Dhe_key_set  =0;
+            tuc->internal->Dhe_key_set  =0;
 
             err = R_TSIP_GenerateTls13P256EccKeyIndex(
-                            &(tuc->handle13),
-                            TSIP_TLS13_MODE_FULL_HANDSHAKE,
-                            &(tuc->EcdhPrivKey13Idx),    /* private key index */
-                            &(kse->pubKey[1]));       /* generated public key */
+                    &(tuc->internal->handle13),
+                    TSIP_TLS13_MODE_FULL_HANDSHAKE,
+                    &(tuc->internal->EcdhPrivKey13Idx),/* private key index */
+                    &(kse->pubKey[1]));              /* generated public key */
 
             if (err != TSIP_SUCCESS){ret = WC_HW_E;}
 
             if (ret == 0) {
                 WOLFSSL_MSG("ECDH private key-index is stored by TSIP");
-                tuc->Dhe_key_set  =1;
+                tuc->internal->Dhe_key_set  =1;
             }
 
             tsip_hw_unlock();
@@ -483,7 +488,7 @@ int tsip_Tls13GenSharedSecret(struct WOLFSSL* ssl,
     }
 
     if (ret == 0) {
-        if (!tuc->Dhe_key_set) {
+        if (!tuc->internal->Dhe_key_set) {
             WOLFSSL_MSG("TSIP wasn't involved in the key-exchange.");
             ret = CRYPTOCB_UNAVAILABLE;
         }
@@ -492,15 +497,15 @@ int tsip_Tls13GenSharedSecret(struct WOLFSSL* ssl,
     if (ret == 0) {
         if ((ret = tsip_hw_lock()) == 0) {
 
-            tuc->SharedSecret_set = 0;
+            tuc->internal->SharedSecret_set = 0;
             pubkeyraw = kse->ke + 1;        /* peer's raw public key data */
 
             /* derive shared secret */
             err = R_TSIP_Tls13GenerateEcdheSharedSecret(
-                        TSIP_TLS13_MODE_FULL_HANDSHAKE,
-                        pubkeyraw,                 /* peer's ECDHE public key */
-                        &(tuc->EcdhPrivKey13Idx),  /*(out) own ECDHE priv key */
-                        &(tuc->sharedSecret13Idx));   /*(out) PreMasterSecret */
+                TSIP_TLS13_MODE_FULL_HANDSHAKE,
+                pubkeyraw,                 /* peer's ECDHE public key */
+                &(tuc->internal->EcdhPrivKey13Idx),/*(out) own ECDHE priv key */
+                &(tuc->internal->sharedSecret13Idx)); /*(out) PreMasterSecret */
 
             if (err != TSIP_SUCCESS) {
                 WOLFSSL_MSG("R_TSIP_Tls13GenerateEcdheSharedSecret error");
@@ -508,7 +513,7 @@ int tsip_Tls13GenSharedSecret(struct WOLFSSL* ssl,
             }
             if (ret == 0) {
                 /* set flag for later tsip operations */
-                tuc->SharedSecret_set = 1;
+                tuc->internal->SharedSecret_set = 1;
             }
 
             tsip_hw_unlock();
@@ -539,7 +544,7 @@ int tsip_Tls13DeriveEarlySecret(struct WOLFSSL* ssl)
             ret = CRYPTOCB_UNAVAILABLE;
         }
         else {
-            tuc->EarlySecret_set = 1;
+            tuc->internal->EarlySecret_set = 1;
         }
     }
 
@@ -588,7 +593,7 @@ int tsip_Tls13DeriveHandshakeSecret(struct WOLFSSL* ssl)
 
     if (ret == 0) {
         /* check if pre-master secret is generated by tsip */
-        if (!tuc->SharedSecret_set) {
+        if (!tuc->internal->SharedSecret_set) {
             WOLFSSL_MSG("TSIP wasn't involved in the key-exchange.");
             ret = CRYPTOCB_UNAVAILABLE;
         }
@@ -597,18 +602,18 @@ int tsip_Tls13DeriveHandshakeSecret(struct WOLFSSL* ssl)
     if (ret == 0) {
         if ((ret = tsip_hw_lock()) == 0) {
 
-            tuc->HandshakeSecret_set = 0;
+            tuc->internal->HandshakeSecret_set = 0;
 
             err = R_TSIP_Tls13GenerateHandshakeSecret(
-                        &(tuc->sharedSecret13Idx),
-                        &(tuc->handshakeSecret13Idx));
+                        &(tuc->internal->sharedSecret13Idx),
+                        &(tuc->internal->handshakeSecret13Idx));
 
             if (err != TSIP_SUCCESS) {
                 WOLFSSL_MSG("R_TSIP_Tls13GenerateHandshakeSecret error");
                 ret = WC_HW_E;
             }
             if (ret == 0) {
-                tuc->HandshakeSecret_set = 1;
+                tuc->internal->HandshakeSecret_set = 1;
             }
             tsip_hw_unlock();
         }
@@ -655,7 +660,7 @@ static int tsipTls13DeriveClientHandshakeKeys(struct WOLFSSL* ssl)
 
     if (ret == 0) {
         /* make sure client handshake secret is generated by tsip */
-        if (!tuc->HandshakeSecret_set) {
+        if (!tuc->internal->HandshakeSecret_set) {
             WOLFSSL_MSG("TSIP wasn't involved in the key-exchange.");
             ret = CRYPTOCB_UNAVAILABLE;
         }
@@ -669,15 +674,15 @@ static int tsipTls13DeriveClientHandshakeKeys(struct WOLFSSL* ssl)
     if (ret == 0) {
         if ((ret = tsip_hw_lock()) == 0) {
 
-            tuc->HandshakeClientTrafficKey_set = 0;
+            tuc->internal->HandshakeClientTrafficKey_set = 0;
 
             err = R_TSIP_Tls13GenerateClientHandshakeTrafficKey(
-                    &(tuc->handle13),
+                    &(tuc->internal->handle13),
                     TSIP_TLS13_MODE_FULL_HANDSHAKE,
-                    &(tuc->handshakeSecret13Idx),
+                    &(tuc->internal->handshakeSecret13Idx),
                     hash,
-                    &(tuc->clientWriteKey13Idx),
-                    &(tuc->clientFinished13Idx));
+                    &(tuc->internal->clientWriteKey13Idx),
+                    &(tuc->internal->clientFinished13Idx));
 
             if (err != TSIP_SUCCESS) {
                 WOLFSSL_MSG(
@@ -687,7 +692,7 @@ static int tsipTls13DeriveClientHandshakeKeys(struct WOLFSSL* ssl)
 
             /* key derivation succeeded */
             if (ret == 0) {
-                tuc->HandshakeClientTrafficKey_set = 1;
+                tuc->internal->HandshakeClientTrafficKey_set = 1;
             }
 
             tsip_hw_unlock();
@@ -735,7 +740,7 @@ static int tsipTls13DeriveServerHandshakeKeys(struct WOLFSSL* ssl)
 
     if (ret == 0) {
         /* make sure client handshake secret is generated by tsip */
-        if (!tuc->HandshakeSecret_set) {
+        if (!tuc->internal->HandshakeSecret_set) {
             WOLFSSL_MSG("TSIP wasn't involved in the key-exchange.");
             ret = CRYPTOCB_UNAVAILABLE;
         }
@@ -749,15 +754,15 @@ static int tsipTls13DeriveServerHandshakeKeys(struct WOLFSSL* ssl)
     if (ret == 0) {
         if ((ret = tsip_hw_lock()) == 0) {
 
-            tuc->HandshakeServerTrafficKey_set = 0;
+            tuc->internal->HandshakeServerTrafficKey_set = 0;
 
             err = R_TSIP_Tls13GenerateServerHandshakeTrafficKey(
-                        &(tuc->handle13),
+                        &(tuc->internal->handle13),
                         TSIP_TLS13_MODE_FULL_HANDSHAKE,
-                        &(tuc->handshakeSecret13Idx),
+                        &(tuc->internal->handshakeSecret13Idx),
                         hash,
-                        &(tuc->serverWriteKey13Idx),
-                        &(tuc->serverFinished13Idx));
+                        &(tuc->internal->serverWriteKey13Idx),
+                        &(tuc->internal->serverFinished13Idx));
 
             if (err != TSIP_SUCCESS) {
                 WOLFSSL_MSG(
@@ -767,7 +772,7 @@ static int tsipTls13DeriveServerHandshakeKeys(struct WOLFSSL* ssl)
 
             /* key derivation succeeded */
             if (ret == 0) {
-                tuc->HandshakeServerTrafficKey_set = 1;
+                tuc->internal->HandshakeServerTrafficKey_set = 1;
             }
 
             tsip_hw_unlock();
@@ -815,7 +820,7 @@ static int tsipTls13DeriveTrafficKeys(struct WOLFSSL* ssl)
 
     if (ret == 0) {
         /* make sure master secret is generated by tsip */
-        if (!tuc->MasterSecret_set) {
+        if (!tuc->internal->MasterSecret_set) {
             WOLFSSL_MSG("TSIP wasn't involved in the key-exchange.");
             ret = CRYPTOCB_UNAVAILABLE;
         }
@@ -829,20 +834,20 @@ static int tsipTls13DeriveTrafficKeys(struct WOLFSSL* ssl)
     if (ret == 0) {
         if ((ret = tsip_hw_lock()) == 0) {
 
-            tuc->ServerTrafficSecret_set   = 0;
-            tuc->ClientTrafficSecret_set   = 0;
-            tuc->ServerWriteTrafficKey_set = 0;
-            tuc->ClientWriteTrafficKey_set = 0;
+            tuc->internal->ServerTrafficSecret_set   = 0;
+            tuc->internal->ClientTrafficSecret_set   = 0;
+            tuc->internal->ServerWriteTrafficKey_set = 0;
+            tuc->internal->ClientWriteTrafficKey_set = 0;
 
             err = R_TSIP_Tls13GenerateApplicationTrafficKey(
-                        &(tuc->handle13),
+                        &(tuc->internal->handle13),
                         TSIP_TLS13_MODE_FULL_HANDSHAKE,
-                        &(tuc->masterSecret13Idx),
+                        &(tuc->internal->masterSecret13Idx),
                         (uint8_t*)hash,
-                        &(tuc->serverAppTraffic13Secret),
-                        &(tuc->clientAppTraffic13Secret),
-                        &(tuc->serverAppWriteKey13Idx),
-                        &(tuc->clientAppWriteKey13Idx));
+                        &(tuc->internal->serverAppTraffic13Secret),
+                        &(tuc->internal->clientAppTraffic13Secret),
+                        &(tuc->internal->serverAppWriteKey13Idx),
+                        &(tuc->internal->clientAppWriteKey13Idx));
 
             if (err != TSIP_SUCCESS) {
                 WOLFSSL_MSG(
@@ -852,10 +857,10 @@ static int tsipTls13DeriveTrafficKeys(struct WOLFSSL* ssl)
 
             /* key derivation succeeded */
             if (ret == 0) {
-                tuc->ServerTrafficSecret_set   = 1;
-                tuc->ClientTrafficSecret_set   = 1;
-                tuc->ServerWriteTrafficKey_set = 1;
-                tuc->ClientWriteTrafficKey_set = 1;
+                tuc->internal->ServerTrafficSecret_set   = 1;
+                tuc->internal->ClientTrafficSecret_set   = 1;
+                tuc->internal->ServerWriteTrafficKey_set = 1;
+                tuc->internal->ClientWriteTrafficKey_set = 1;
             }
 
             tsip_hw_unlock();
@@ -902,7 +907,7 @@ static int tsipTls13UpdateClientTrafficKeys(struct WOLFSSL* ssl)
 
     if (ret == 0) {
         /* make sure application secret is generated by tsip */
-        if (!tuc->ClientTrafficSecret_set) {
+        if (!tuc->internal->ClientTrafficSecret_set) {
             WOLFSSL_MSG("TSIP wasn't involved in the key-exchange.");
             ret = CRYPTOCB_UNAVAILABLE;
         }
@@ -910,21 +915,21 @@ static int tsipTls13UpdateClientTrafficKeys(struct WOLFSSL* ssl)
     if (ret == 0) {
         if ((ret = tsip_hw_lock()) == 0) {
 
-            tuc->ClientWriteTrafficKey_set = 0;
+            tuc->internal->ClientWriteTrafficKey_set = 0;
 
             err = R_TSIP_Tls13UpdateApplicationTrafficKey(
-                        &(tuc->handle13),
+                        &(tuc->internal->handle13),
                         TSIP_TLS13_MODE_FULL_HANDSHAKE,
                         TSIP_TLS13_UPDATE_CLIENT_KEY,
-                        &(tuc->clientAppTraffic13Secret),
-                        &(tuc->clientAppTraffic13Secret),
-                        &(tuc->clientAppWriteKey13Idx));
+                        &(tuc->internal->clientAppTraffic13Secret),
+                        &(tuc->internal->clientAppTraffic13Secret),
+                        &(tuc->internal->clientAppWriteKey13Idx));
             if (err != TSIP_SUCCESS) {
                 WOLFSSL_MSG("R_TSIP_Tls13UpdateApplicationTrafficKey error");
                 ret = WC_HW_E;
             }
             else {
-                tuc->ClientWriteTrafficKey_set = 1;
+                tuc->internal->ClientWriteTrafficKey_set = 1;
             }
             tsip_hw_unlock();
         }
@@ -970,7 +975,7 @@ static int tsipTls13UpdateServerTrafficKeys(struct WOLFSSL* ssl)
 
     if (ret == 0) {
         /* make sure application secret is generated by tsip */
-        if (!tuc->ServerTrafficSecret_set) {
+        if (!tuc->internal->ServerTrafficSecret_set) {
             WOLFSSL_MSG("TSIP wasn't involved in the key-exchange.");
             ret = CRYPTOCB_UNAVAILABLE;
         }
@@ -978,21 +983,21 @@ static int tsipTls13UpdateServerTrafficKeys(struct WOLFSSL* ssl)
     if (ret == 0) {
         if ((ret = tsip_hw_lock()) == 0) {
 
-            tuc->ServerWriteTrafficKey_set = 0;
+            tuc->internal->ServerWriteTrafficKey_set = 0;
 
             err = R_TSIP_Tls13UpdateApplicationTrafficKey(
-                        &(tuc->handle13),
+                        &(tuc->internal->handle13),
                         TSIP_TLS13_MODE_FULL_HANDSHAKE,
                         TSIP_TLS13_UPDATE_SERVER_KEY,
-                        &(tuc->serverAppTraffic13Secret),
-                        &(tuc->serverAppTraffic13Secret),
-                        &(tuc->serverAppWriteKey13Idx));
+                        &(tuc->internal->serverAppTraffic13Secret),
+                        &(tuc->internal->serverAppTraffic13Secret),
+                        &(tuc->internal->serverAppWriteKey13Idx));
             if (err != TSIP_SUCCESS) {
                 WOLFSSL_MSG("R_TSIP_Tls13UpdateApplicationTrafficKey error");
                 ret = WC_HW_E;
             }
             else {
-                tuc->ServerWriteTrafficKey_set = 1;
+                tuc->internal->ServerWriteTrafficKey_set = 1;
             }
             tsip_hw_unlock();
         }
@@ -1131,8 +1136,8 @@ int tsip_Tls13DeriveMasterSecret(struct WOLFSSL* ssl)
     }
     if (ret == 0) {
         /* make sure handshake secret and verify data has been set by TSIP */
-        if (!tuc->HandshakeSecret_set ||
-            !tuc->HandshakeVerifiedData_set) {
+        if (!tuc->internal->HandshakeSecret_set ||
+            !tuc->internal->HandshakeVerifiedData_set) {
             WOLFSSL_MSG("TSIP wasn't involved in the key-exchange.");
             ret = CRYPTOCB_UNAVAILABLE;
         }
@@ -1140,14 +1145,14 @@ int tsip_Tls13DeriveMasterSecret(struct WOLFSSL* ssl)
     if (ret == 0) {
         if ((ret = tsip_hw_lock()) == 0) {
 
-            tuc->MasterSecret_set = 0;
+            tuc->internal->MasterSecret_set = 0;
 
             err = R_TSIP_Tls13GenerateMasterSecret(
-                        &(tuc->handle13),
+                        &(tuc->internal->handle13),
                         TSIP_TLS13_MODE_FULL_HANDSHAKE,
-                        &(tuc->handshakeSecret13Idx),
-                        (uint32_t*)tuc->verifyData13Idx,
-                        &(tuc->masterSecret13Idx));
+                        &(tuc->internal->handshakeSecret13Idx),
+                        (uint32_t*)tuc->internal->verifyData13Idx,
+                        &(tuc->internal->masterSecret13Idx));
 
             if (err != TSIP_SUCCESS) {
                 WOLFSSL_MSG(
@@ -1156,7 +1161,7 @@ int tsip_Tls13DeriveMasterSecret(struct WOLFSSL* ssl)
             }
 
             if (ret == 0) {
-                tuc->MasterSecret_set = 1;
+                tuc->internal->MasterSecret_set = 1;
             }
 
             tsip_hw_unlock();
@@ -1210,7 +1215,7 @@ static int tsipTls13VerifyHandshake(struct WOLFSSL* ssl,
 
     if (ret == 0) {
         /* make sure handshake secret is generated by tsip */
-        if (!tuc->HandshakeServerTrafficKey_set) {
+        if (!tuc->internal->HandshakeServerTrafficKey_set) {
             WOLFSSL_MSG("TSIP wasn't involved in the key-exchange.");
             ret = CRYPTOCB_UNAVAILABLE;
         }
@@ -1223,14 +1228,14 @@ static int tsipTls13VerifyHandshake(struct WOLFSSL* ssl,
     if (ret == 0) {
         if ((ret = tsip_hw_lock()) == 0) {
 
-            tuc->HandshakeVerifiedData_set = 0;
+            tuc->internal->HandshakeVerifiedData_set = 0;
 
             err = R_TSIP_Tls13ServerHandshakeVerification(
-                                        TSIP_TLS13_MODE_FULL_HANDSHAKE,
-                                        &(tuc->serverFinished13Idx),
-                                        (uint8_t*)msgHash,
-                                        (uint8_t*)hash,
-                                        (uint32_t*)(tuc->verifyData13Idx));
+                                TSIP_TLS13_MODE_FULL_HANDSHAKE,
+                                &(tuc->internal->serverFinished13Idx),
+                                (uint8_t*)msgHash,
+                                (uint8_t*)hash,
+                                (uint32_t*)(tuc->internal->verifyData13Idx));
 
             if (err == TSIP_ERR_VERIFICATION_FAIL) {
                 WOLFSSL_MSG("Handshake verification error");
@@ -1242,7 +1247,7 @@ static int tsipTls13VerifyHandshake(struct WOLFSSL* ssl,
             }
             if (ret == 0) {
                 WOLFSSL_MSG("Verified handshake");
-                tuc->HandshakeVerifiedData_set = 1;
+                tuc->internal->HandshakeVerifiedData_set = 1;
             }
 
             tsip_hw_unlock();
@@ -1545,10 +1550,10 @@ int tsip_Tls13CertificateVerify(struct WOLFSSL* ssl,
 
     if (ret == 0) {
         /* create sign data */
-        sigData = tuc->sigDataCertVerify;
+        sigData = tuc->internal->sigDataCertVerify;
 
         idx = 0;
-        ForceZero(sigData, sizeof(tuc->sigDataCertVerify));
+        ForceZero(sigData, sizeof(tuc->internal->sigDataCertVerify));
         XMEMSET(sigData, TSIP_SIGNING_DATA_PREFIX_BYTE,
                                                 TSIP_SIGNING_DATA_PREFIX_SZ);
 
@@ -1686,12 +1691,12 @@ int tsip_Tls13SendCertVerify(WOLFSSL* ssl)
 
     if (ret == 0) {
         if (isRsa) {
-            if (!tuc->ClientRsa2048PrivKey_set) {
+            if (!tuc->internal->ClientRsa2048PrivKey_set) {
                 ret = NO_PRIVATE_KEY;
             }
         }
         else {
-            if (!tuc->ClientEccPrivKey_set) {
+            if (!tuc->internal->ClientEccPrivKey_set) {
                 ret = NO_PRIVATE_KEY;
             }
         }
@@ -1724,7 +1729,7 @@ int tsip_Tls13SendCertVerify(WOLFSSL* ssl)
         if ((ret = tsip_hw_lock()) == 0) {
             if (isRsa) {
                 err = R_TSIP_Tls13CertificateVerifyGenerate(
-                            (uint32_t*)&(tuc->Rsa2048PrivateKeyIdx),
+                            (uint32_t*)&(tuc->internal->Rsa2048PrivateKeyIdx),
                             TSIP_TLS13_SIGNATURE_SCHEME_RSA_PSS_RSAE_SHA256,
                                                 hash,
                                                 message + HANDSHAKE_HEADER_SZ,
@@ -1732,7 +1737,7 @@ int tsip_Tls13SendCertVerify(WOLFSSL* ssl)
             }
             else {
                 err = R_TSIP_Tls13CertificateVerifyGenerate(
-                            (uint32_t*)&(tuc->EcdsaPrivateKeyIdx),
+                            (uint32_t*)&(tuc->internal->EcdsaPrivateKeyIdx),
                             TSIP_TLS13_SIGNATURE_SCHEME_ECDSA_SECP256R1_SHA256,
                                                 hash,
                                                 message + HANDSHAKE_HEADER_SZ,
@@ -1762,7 +1767,7 @@ int tsip_Tls13SendCertVerify(WOLFSSL* ssl)
 
     if (ret == 0) {
         if (isRsa) {
-            if (!tuc->ClientRsa2048PubKey_set) {
+            if (!tuc->internal->ClientRsa2048PubKey_set) {
                 ret = NO_PRIVATE_KEY;
             }
         }
@@ -1776,10 +1781,10 @@ int tsip_Tls13SendCertVerify(WOLFSSL* ssl)
     }
 
     if (ret == 0) {
-        sigData = tuc->sigDataCertVerify;
+        sigData = tuc->internal->sigDataCertVerify;
 
         idx = 0;
-        ForceZero(sigData, sizeof(tuc->sigDataCertVerify));
+        ForceZero(sigData, sizeof(tuc->internal->sigDataCertVerify));
         XMEMSET(sigData, TSIP_SIGNING_DATA_PREFIX_BYTE,
                                                 TSIP_SIGNING_DATA_PREFIX_SZ);
 
@@ -1822,7 +1827,7 @@ int tsip_Tls13SendCertVerify(WOLFSSL* ssl)
 
                 err = R_TSIP_RsassaPss2048SignatureVerification(
                             &rsa_sig, &rsa_hash,
-                            &tuc->Rsa2048PublicKeyIdx,
+                            &(tuc->internal)->Rsa2048PublicKeyIdx,
                             R_TSIP_RSA_HASH_SHA256);
                 WOLFSSL_MSG("Perform self-verify for rsa signature");
             }
@@ -2009,7 +2014,7 @@ static int tsip_ServerKeyExVerify(
             (uint8_t*) peerkey,
             (uint8_t*) sig,
             (uint32_t*)ssl->peerSceTsipEncRsaKeyIndex,
-            (uint32_t*)userCtx->encrypted_ephemeral_ecdh_public_key);
+            (uint32_t*)userCtx->internal->encrypted_ephemeral_ecdh_public_key);
 
         if (ret !=TSIP_SUCCESS) {
             WOLFSSL_MSG("R_TSIP_TlsServersEphemeralEcdhPublicKeyRetrieves failed");
@@ -2166,22 +2171,22 @@ int wc_tsip_EccSharedSecret(
     if ((ret = tsip_hw_lock()) == 0) {
         /* Generate ECC public key for key exchange */
         ret = R_TSIP_GenerateTlsP256EccKeyIndex(
-                    &usrCtx->ecc_p256_wrapped_key,
-                    (uint8_t*)&usrCtx->ecc_ecdh_public_key);
+                    &(usrCtx->internal->ecc_p256_wrapped_key),
+                    (uint8_t*)&(usrCtx->internal->ecc_ecdh_public_key));
 
         if (ret == TSIP_SUCCESS) {
 
             /* copy generated ecdh public key into buffer */
             pubKeyDer[0] = ECC_POINT_UNCOMP;
-            *pubKeySz = 1 + sizeof(usrCtx->ecc_ecdh_public_key);
-            XMEMCPY(&pubKeyDer[1], &usrCtx->ecc_ecdh_public_key,
-                        sizeof(usrCtx->ecc_ecdh_public_key));
+            *pubKeySz = 1 + sizeof(usrCtx->internal->ecc_ecdh_public_key);
+            XMEMCPY(&pubKeyDer[1], &(usrCtx->internal->ecc_ecdh_public_key),
+                        sizeof(usrCtx->internal->ecc_ecdh_public_key));
 
             /* Generate Premaster Secret */
             ret = R_TSIP_TlsGeneratePreMasterSecretWithEccP256Key(
-                        (uint32_t*)&usrCtx->encrypted_ephemeral_ecdh_public_key,
-                        &usrCtx->ecc_p256_wrapped_key,
-                        (uint32_t*)out/* pre-master secret 64 bytes */);
+            (uint32_t*)&(usrCtx->internal->encrypted_ephemeral_ecdh_public_key),
+            &(usrCtx->internal->ecc_p256_wrapped_key),
+            (uint32_t*)out/* pre-master secret 64 bytes */);
         }
         if (ret == TSIP_SUCCESS) {
             *outlen = 64;
@@ -2241,15 +2246,29 @@ WOLFSSL_API int tsip_set_callback_ctx(WOLFSSL* ssl, void* user_ctx)
     WOLFSSL_ENTER("tsip_set_callback_ctx");
 
     TsipUserCtx* uCtx = (TsipUserCtx*)user_ctx;
-    if (user_ctx == NULL) {
-        WOLFSSL_LEAVE("tsip_set_callback_ctx", 0);
-        return 0;
+    if (user_ctx == NULL || ssl == NULL) {
+        WOLFSSL_MSG("user ctx is null");
+        return BAD_FUNC_ARG;
     }
+
     ForceZero(uCtx, sizeof(TsipUserCtx));
-    uCtx->ssl  = ssl;
-    uCtx->ctx  = ssl->ctx;
-    uCtx->heap = ssl->heap;
-    uCtx->side = ssl->ctx->method->side;
+
+    uCtx->internal =
+        (TsipUserCtx_Internal*)XMALLOC(sizeof(TsipUserCtx_Internal),
+                                        ssl->heap,
+                                        DYNAMIC_TYPE_TMP_BUFFER);
+
+    if (!uCtx->internal) {
+        printf("Failed to allocate memory for user ctx internal");
+        return MEMORY_E;
+    }
+
+    ForceZero(uCtx->internal, sizeof(TsipUserCtx_Internal));
+
+    uCtx->internal->ssl  = ssl;
+    uCtx->internal->ctx  = ssl->ctx;
+    uCtx->internal->heap = ssl->heap;
+    uCtx->internal->side = ssl->ctx->method->side;
 
     ssl->RenesasUserCtx = user_ctx;     /* ssl doesn't own user_ctx */
 
@@ -2316,7 +2335,7 @@ int tsip_ImportPrivateKey(TsipUserCtx* tuc, int keyType)
     if (tuc == NULL)
         return BAD_FUNC_ARG;
 
-    encPrivKey = tuc->wrappedPrivateKey;
+    encPrivKey = tuc->internal->wrappedPrivateKey;
 
     if (encPrivKey == NULL || provisioning_key == NULL || iv == NULL) {
         WOLFSSL_MSG("Missing some key materials used for import" );
@@ -2336,12 +2355,12 @@ int tsip_ImportPrivateKey(TsipUserCtx* tuc, int keyType)
             #if !defined(NO_RSA)
             case TSIP_KEY_TYPE_RSA2048:
 
-                tuc->ClientRsa2048PrivKey_set = 0;
+                tuc->internal->ClientRsa2048PrivKey_set = 0;
                 err = R_TSIP_GenerateRsa2048PrivateKeyIndex(
                                     provisioning_key, iv, (uint8_t*)encPrivKey,
-                                    &(tuc->Rsa2048PrivateKeyIdx));
+                                    &(tuc->internal->Rsa2048PrivateKeyIdx));
                 if (err == TSIP_SUCCESS) {
-                    tuc->ClientRsa2048PrivKey_set = 1;
+                    tuc->internal->ClientRsa2048PrivKey_set = 1;
                 }
                 else {
                     ret = WC_HW_E;
@@ -2357,12 +2376,12 @@ int tsip_ImportPrivateKey(TsipUserCtx* tuc, int keyType)
             #if defined(HAVE_ECC)
             case TSIP_KEY_TYPE_ECDSAP256:
 
-                tuc->ClientEccPrivKey_set = 0;
+                tuc->internal->ClientEccPrivKey_set = 0;
                 err = R_TSIP_GenerateEccP256PrivateKeyIndex(
                                     provisioning_key, iv, (uint8_t*)encPrivKey,
-                                    &(tuc->EcdsaPrivateKeyIdx));
+                                    &(tuc->internal->EcdsaPrivateKeyIdx));
                 if (err == TSIP_SUCCESS) {
-                    tuc->ClientEccPrivKey_set = 1;
+                    tuc->internal->ClientEccPrivKey_set = 1;
                 }
                 else {
                     ret = WC_HW_E;
@@ -2409,7 +2428,7 @@ int tsip_ImportPublicKey(TsipUserCtx* tuc, int keyType)
         return BAD_FUNC_ARG;
     }
 
-    encPubKey = tuc->wrappedPublicKey;
+    encPubKey = tuc->internal->wrappedPublicKey;
 
     if (encPubKey == NULL || provisioning_key == NULL || iv == NULL) {
         WOLFSSL_MSG("Missing some key materials used for import" );
@@ -2431,7 +2450,7 @@ int tsip_ImportPublicKey(TsipUserCtx* tuc, int keyType)
             (defined(TSIP_RSASSA_2048) && TSIP_RSASSA_2048 == 1))
             case TSIP_KEY_TYPE_RSA2048:
             #if defined(WOLFSSL_RENESAS_TSIP_TLS)
-                tuc->ClientRsa2048PubKey_set = 0;
+                tuc->internal->ClientRsa2048PubKey_set = 0;
             #elif defined(WOLFSSL_RENESAS_TSIP_CRYPTONLY)
                 XFREE(tuc->rsa2048pub_keyIdx, NULL, DYNAMIC_TYPE_RSA_BUFFER);
                 tuc->keyflgs_crypt.bits.rsapub2048_key_set = 0;
@@ -2446,14 +2465,14 @@ int tsip_ImportPublicKey(TsipUserCtx* tuc, int keyType)
                 err = R_TSIP_GenerateRsa2048PublicKeyIndex(
                                     provisioning_key, iv, (uint8_t*)encPubKey,
                                 #if defined(WOLFSSL_RENESAS_TSIP_TLS)
-                                     &(tuc->Rsa2048PublicKeyIdx)
+                                     &(tuc->internal->Rsa2048PublicKeyIdx)
                                 #elif defined(WOLFSSL_RENESAS_TSIP_CRYPTONLY)
                                      tuc->rsa2048pub_keyIdx
                                 #endif
                                     );
                 if (err == TSIP_SUCCESS) {
                 #if defined(WOLFSSL_RENESAS_TSIP_TLS)
-                    tuc->ClientRsa2048PubKey_set = 1;
+                    tuc->internal->ClientRsa2048PubKey_set = 1;
                 #elif defined(WOLFSSL_RENESAS_TSIP_CRYPTONLY)
                     tuc->keyflgs_crypt.bits.rsapub2048_key_set = 1;
                 #endif
@@ -2473,7 +2492,7 @@ int tsip_ImportPublicKey(TsipUserCtx* tuc, int keyType)
             case TSIP_KEY_TYPE_ECDSAP256:
             case TSIP_KEY_TYPE_ECDSAP384:
             #if defined(WOLFSSL_RENESAS_TSIP_TLS)
-                tuc->ClientEccPubKey_set = 0;
+                tuc->internal->ClientEccPubKey_set = 0;
             #elif defined(WOLFSSL_RENESAS_TSIP_CRYPTONLY)
                 tuc->keyflgs_crypt.bits.eccpub_key_set = 0;
             #endif
@@ -2482,7 +2501,7 @@ int tsip_ImportPublicKey(TsipUserCtx* tuc, int keyType)
                     err = R_TSIP_GenerateEccP256PublicKeyIndex(
                                     provisioning_key, iv, (uint8_t*)encPubKey,
                             #if defined(WOLFSSL_RENESAS_TSIP_TLS)
-                                    &(tuc->EcdsaPublicKeyIdx)
+                                    &(tuc->internal->EcdsaPublicKeyIdx)
                             #elif defined(WOLFSSL_RENESAS_TSIP_CRYPTONLY)
                                     &tuc->eccpub_keyIdx
                             #endif
@@ -2496,7 +2515,7 @@ int tsip_ImportPublicKey(TsipUserCtx* tuc, int keyType)
                     err = R_TSIP_GenerateEccP384PublicKeyIndex(
                                     provisioning_key, iv, (uint8_t*)encPubKey,
                             #if defined(WOLFSSL_RENESAS_TSIP_TLS)
-                                    &(tuc->EcdsaPublicKeyIdx)
+                                    &(tuc->internal->EcdsaPublicKeyIdx)
                             #elif defined(WOLFSSL_RENESAS_TSIP_CRYPTONLY)
                                     &tuc->eccpub_keyIdx
                             #endif
@@ -2507,7 +2526,7 @@ int tsip_ImportPublicKey(TsipUserCtx* tuc, int keyType)
                 }
                 if (err == TSIP_SUCCESS) {
                 #if defined(WOLFSSL_RENESAS_TSIP_TLS)
-                    tuc->ClientEccPubKey_set = 1;
+                    tuc->internal->ClientEccPubKey_set = 1;
                 #elif defined(WOLFSSL_RENESAS_TSIP_CRYPTONLY)
                     tuc->keyflgs_crypt.bits.eccpub_key_set = 1;
                 #endif
@@ -3253,9 +3272,9 @@ int wc_tsip_generateSessionKey(
                 /* ready-for-use flag will be set when SetKeySide() is called */
             }
 
-            if (ctx->tsip_cipher ==
+            if (ctx->internal->tsip_cipher ==
                             R_TSIP_TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 ||
-                ctx->tsip_cipher ==
+                ctx->internal->tsip_cipher ==
                             R_TSIP_TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256) {
                 enc->aes->nonceSz = AEAD_MAX_IMP_SZ;
                 dec->aes->nonceSz = AEAD_MAX_IMP_SZ;
@@ -3264,7 +3283,7 @@ int wc_tsip_generateSessionKey(
             enc->aes->devId = devId;
             dec->aes->devId = devId;
 
-            ctx->session_key_set = 1;
+            ctx->internal->session_key_set = 1;
         }
         /* unlock hw */
         tsip_hw_unlock();
@@ -3367,14 +3386,15 @@ int wc_tsip_storeKeyCtx(WOLFSSL* ssl, TsipUserCtx* userCtx)
         ret = BAD_FUNC_ARG;
 
     if (ret == 0) {
-        XMEMCPY(userCtx->tsip_masterSecret, ssl->arrays->tsip_masterSecret,
-                                                TSIP_TLS_MASTERSECRET_SIZE);
-        XMEMCPY(userCtx->tsip_clientRandom, ssl->arrays->clientRandom,
-                                                TSIP_TLS_CLIENTRANDOM_SZ);
-        XMEMCPY(userCtx->tsip_serverRandom, ssl->arrays->serverRandom,
-                                                TSIP_TLS_SERVERRANDOM_SZ);
-        userCtx->tsip_cipher = GetTsipCipherSuite(ssl->options.cipherSuite0,
-                                                ssl->options.cipherSuite);
+        XMEMCPY(userCtx->internal->tsip_masterSecret,
+                ssl->arrays->tsip_masterSecret, TSIP_TLS_MASTERSECRET_SIZE);
+        XMEMCPY(userCtx->internal->tsip_clientRandom,
+                ssl->arrays->clientRandom, TSIP_TLS_CLIENTRANDOM_SZ);
+        XMEMCPY(userCtx->internal->tsip_serverRandom,
+                ssl->arrays->serverRandom, TSIP_TLS_SERVERRANDOM_SZ);
+        userCtx->internal->tsip_cipher = GetTsipCipherSuite(
+                                ssl->options.cipherSuite0,
+                                ssl->options.cipherSuite);
     }
 
     WOLFSSL_LEAVE("tsip_storeKeyCtx", ret);
@@ -3671,7 +3691,7 @@ int tsip_SignRsaPkcs(wc_CryptoInfo* info, TsipUserCtx* tuc)
 
     if (info == NULL || tuc == NULL
     #ifndef WOLFSSL_RENESAS_TSIP_CRYPTONLY
-    || tuc->ssl == NULL
+    || tuc->internal->ssl == NULL
     #endif
     ) {
             ret = BAD_FUNC_ARG;
@@ -3679,7 +3699,7 @@ int tsip_SignRsaPkcs(wc_CryptoInfo* info, TsipUserCtx* tuc)
 
 #ifdef WOLFSSL_RENESAS_TSIP_TLS
     if (ret == 0) {
-        ssl = tuc->ssl;
+        ssl = tuc->internal->ssl;
 
         if (ssl->version.major == SSLv3_MAJOR &&
             ssl->version.minor == TLSv1_3_MINOR) {
@@ -3776,9 +3796,9 @@ int tsip_SignRsaPkcs(wc_CryptoInfo* info, TsipUserCtx* tuc)
                     err = R_TSIP_RsassaPkcs2048SignatureGenerate(
                                                 &hashData, &sigData,
                                    #ifdef WOLFSSL_RENESAS_TSIP_TLS
-                                                &tuc->Rsa2048PrivateKeyIdx,
+                                    &(tuc->internal->Rsa2048PrivateKeyIdx),
                                    #else
-                                       (tsip_rsa2048_private_key_index_t*)
+                                    (tsip_rsa2048_private_key_index_t*)
                                                 tuc->rsa2048pri_keyIdx,
                                    #endif
                                                 tsip_hash_type);
@@ -3876,9 +3896,9 @@ int tsip_VerifyRsaPkcsCb(
 #if defined(TSIP_RSASSA_2048) && TSIP_RSASSA_2048 == 1
                 case TSIP_KEY_TYPE_RSA2048:
                     err = R_TSIP_RsassaPkcs2048SignatureVerification(
-                                                &sigData, &hashData,
-                                                &tuc->Rsa2048PublicKeyIdx,
-                                                tsip_hash_type);
+                                        &sigData, &hashData,
+                                        &(tuc->internal->Rsa2048PublicKeyIdx),
+                                        tsip_hash_type);
 
                     if (err == TSIP_ERR_AUTHENTICATION) {
                         ret = VERIFY_CERT_ERROR;
@@ -3949,7 +3969,7 @@ int tsip_SignEcdsa(wc_CryptoInfo* info, TsipUserCtx* tuc)
     }
 
     if (ret == 0) {
-        ssl = tuc->ssl;
+        ssl = tuc->internal->ssl;
 
         if (ssl->version.major == SSLv3_MAJOR &&
             ssl->version.minor == TLSv1_3_MINOR) {
@@ -3983,8 +4003,8 @@ int tsip_SignEcdsa(wc_CryptoInfo* info, TsipUserCtx* tuc)
                     sigData.pdata = (uint8_t*)info->pk.eccsign.out +
                                                             offsetForWork;
                     err = R_TSIP_EcdsaP256SignatureGenerate(
-                                                &hashData, &sigData,
-                                                &tuc->EcdsaPrivateKeyIdx);
+                                        &hashData, &sigData,
+                                        &(tuc->internal->EcdsaPrivateKeyIdx));
                     if (err != TSIP_SUCCESS) {
                         ret = WC_HW_E;
                         break;
diff --git a/wolfcrypt/src/port/arm/armv8-sha256.c b/wolfcrypt/src/port/arm/armv8-sha256.c
index cbd4ee6dc..e9f0f1e32 100644
--- a/wolfcrypt/src/port/arm/armv8-sha256.c
+++ b/wolfcrypt/src/port/arm/armv8-sha256.c
@@ -274,8 +274,7 @@ static void Transform_Sha256_Len(wc_Sha256* sha256, const byte* data,
 #endif
 
 #if defined(__aarch64__) && !defined(WOLFSSL_ARMASM_NO_HW_CRYPTO)
-static word32 cpuid_flags = 0;
-static int cpuid_flags_set = 0;
+static cpuid_flags_t cpuid_flags = WC_CPUID_INITIALIZER;
 #endif
 
 static int InitSha256(wc_Sha256* sha256)
@@ -1763,10 +1762,7 @@ int wc_InitSha256_ex(wc_Sha256* sha256, void* heap, int devId)
 #endif
 
 #if defined(__aarch64__) && !defined(WOLFSSL_ARMASM_NO_HW_CRYPTO)
-    if (!cpuid_flags_set) {
-        cpuid_flags = cpuid_get_flags();
-        cpuid_flags_set = 1;
-    }
+    cpuid_get_flags_ex(&cpuid_flags);
 #endif
 
     (void)devId;
@@ -2048,10 +2044,7 @@ int wc_Sha256HashBlock(wc_Sha256* sha256, const unsigned char* data,
         sha224->heap = heap;
 
     #if defined(__aarch64__) && !defined(WOLFSSL_ARMASM_NO_HW_CRYPTO)
-        if (!cpuid_flags_set) {
-            cpuid_flags = cpuid_get_flags();
-            cpuid_flags_set = 1;
-        }
+        cpuid_get_flags_ex(&cpuid_flags);
     #endif
 
         (void)devId;
diff --git a/wolfcrypt/src/port/arm/armv8-sha512.c b/wolfcrypt/src/port/arm/armv8-sha512.c
index cc51c900d..57020f01c 100644
--- a/wolfcrypt/src/port/arm/armv8-sha512.c
+++ b/wolfcrypt/src/port/arm/armv8-sha512.c
@@ -57,8 +57,7 @@
 #endif
 
 #if defined(__aarch64__) && defined(WOLFSSL_ARMASM_CRYPTO_SHA512)
-static word32 cpuid_flags = 0;
-static int cpuid_flags_set = 0;
+static cpuid_flags_t cpuid_flags = WC_CPUID_INITIALIZER;
 #endif
 
 #ifdef WOLFSSL_SHA512
@@ -198,10 +197,7 @@ static int InitSha512_Family(wc_Sha512* sha512, void* heap, int devId,
         return ret;
 
 #if defined(__aarch64__) && defined(WOLFSSL_ARMASM_CRYPTO_SHA512)
-    if (!cpuid_flags_set) {
-        cpuid_flags = cpuid_get_flags();
-        cpuid_flags_set = 1;
-    }
+    cpuid_get_flags_ex(&cpuid_flags);
 #endif
 
     (void)devId;
@@ -884,10 +880,7 @@ int wc_InitSha384_ex(wc_Sha384* sha384, void* heap, int devId)
 #endif
 
 #if defined(__aarch64__) && defined(WOLFSSL_ARMASM_CRYPTO_SHA512)
-    if (!cpuid_flags_set) {
-        cpuid_flags = cpuid_get_flags();
-        cpuid_flags_set = 1;
-    }
+    cpuid_get_flags_ex(&cpuid_flags);
 #endif
 
     (void)devId;
diff --git a/wolfcrypt/src/port/caam/wolfcaam_fsl_nxp.c b/wolfcrypt/src/port/caam/wolfcaam_fsl_nxp.c
index d96824052..c894f84c4 100644
--- a/wolfcrypt/src/port/caam/wolfcaam_fsl_nxp.c
+++ b/wolfcrypt/src/port/caam/wolfcaam_fsl_nxp.c
@@ -849,8 +849,8 @@ int SynchronousSendRequest(int type, unsigned int args[4], CAAM_BUFFER *buf,
 #endif
 
     default:
-        WOLFSSL_MSG("Unknown/unsupported type");
-        return -1;
+        WOLFSSL_MSG("Unknown/unsupported type. Returning unavailable");
+        return CRYPTOCB_UNAVAILABLE;
     }
 
     if (ret != 0) {
diff --git a/wolfcrypt/src/port/caam/wolfcaam_init.c b/wolfcrypt/src/port/caam/wolfcaam_init.c
index ddb41b136..5ea1723d4 100644
--- a/wolfcrypt/src/port/caam/wolfcaam_init.c
+++ b/wolfcrypt/src/port/caam/wolfcaam_init.c
@@ -501,6 +501,11 @@ int wc_caamAddAndWait(CAAM_BUFFER* buf, int sz, word32 arg[4], word32 type)
             return RAN_BLOCK_E;
         }
 
+        if (ret == CRYPTOCB_UNAVAILABLE) {
+            WOLFSSL_MSG("Driver does not support requested operation");
+            return ret;
+        }
+
         if (ret == ResourceNotAvailable) {
             WOLFSSL_MSG("Waiting on CAAM driver");
             return WC_HW_WAIT_E;
diff --git a/wolfcrypt/src/port/devcrypto/devcrypto_aes.c b/wolfcrypt/src/port/devcrypto/devcrypto_aes.c
index 0a946ffa7..0cfd50955 100644
--- a/wolfcrypt/src/port/devcrypto/devcrypto_aes.c
+++ b/wolfcrypt/src/port/devcrypto/devcrypto_aes.c
@@ -317,7 +317,7 @@ static int wc_DevCrypto_AesGcm(Aes* aes, byte* out, byte* in, word32 sz,
                       dir, (byte*)authIn, authInSz, authTag, authTagSz);
     ret = ioctl(aes->ctx.cfd, CIOCAUTHCRYPT, &crt);
     if (ret != 0) {
-        #ifdef WOLFSSL_DEBUG
+        #ifdef DEBUG_WOLFSSL
         if (authInSz > sysconf(_SC_PAGESIZE)) {
             WOLFSSL_MSG("authIn Buffer greater than System Page Size");
         }
diff --git a/wolfcrypt/src/port/rpi_pico/README.md b/wolfcrypt/src/port/rpi_pico/README.md
index 240cc9782..2a5a638a7 100644
--- a/wolfcrypt/src/port/rpi_pico/README.md
+++ b/wolfcrypt/src/port/rpi_pico/README.md
@@ -38,7 +38,10 @@ To enable the RNG acceleration add the following:
 ```c
 #define WC_NO_HASHDRBG
 #define CUSTOM_RAND_GENERATE_BLOCK wc_pico_rng_gen_block
+#define WC_RESEED_INTERVAL (1000000)
 ```
+NOTE: the value for `WC_RESEED_INTERVAL` here is just an example. You should find what is
+most appropriate for your application and use case.
 
 In CMake you should add the following linking to both wolfSSL and the end
 application:
diff --git a/wolfcrypt/src/port/st/stm32.c b/wolfcrypt/src/port/st/stm32.c
index 3d4ed3930..a0d141454 100644
--- a/wolfcrypt/src/port/st/stm32.c
+++ b/wolfcrypt/src/port/st/stm32.c
@@ -448,7 +448,100 @@ int wc_Stm32_Hash_Final(STM32_HASH_Context* stmCtx, word32 algo,
 
 #ifndef NO_AES
 #ifdef WOLFSSL_STM32_CUBEMX
-int wc_Stm32_Aes_Init(Aes* aes, CRYP_HandleTypeDef* hcryp)
+
+#if defined(WOLFSSL_STM32U5_DHUK)
+/* Set the DHUK IV to be used when unwrapping an AES key
+ * return 0 on success */
+int wc_Stm32_Aes_SetDHUK_IV(struct Aes* aes, const byte* iv, int ivSz)
+{
+    if (ivSz != sizeof(aes->dhukIV)) {
+        return BAD_FUNC_ARG;
+    }
+
+    XMEMCPY(aes->dhukIV, iv, ivSz);
+    aes->dhukIVLen = ivSz;
+    return 0;
+}
+
+/* Wrap an AES key using the DHUK */
+int wc_Stm32_Aes_Wrap(struct Aes* aes, const byte* in, word32 inSz, byte* out,
+    word32* outSz, const byte* iv, int ivSz)
+{
+    CRYP_HandleTypeDef hcryp;
+    int ret = 0;
+    byte key[AES_256_KEY_SIZE];
+
+    /* SAES requires use of the RNG -- HAL_RNG_DeInit() calls from random.c
+        turn off the RNG clock -- re-enable the clock here */
+    __HAL_RCC_RNG_CLK_ENABLE();
+    ByteReverseWords((word32*)key, (word32*)in, inSz);
+    XMEMSET(&hcryp, 0, sizeof(CRYP_HandleTypeDef));
+    if (ret == 0) {
+        hcryp.Instance       = SAES;
+        hcryp.Init.DataType  = CRYP_DATATYPE_8B;
+        hcryp.Init.KeySize   = CRYP_KEYSIZE_256B;
+        hcryp.Init.DataWidthUnit = CRYP_DATAWIDTHUNIT_BYTE;
+        hcryp.Init.KeySelect = CRYP_KEYSEL_HW; /* use DHUK to unwrap with use */
+        hcryp.Init.KeyMode   = CRYP_KEYMODE_WRAPPED;
+        if (iv != NULL) {
+            hcryp.Init.pInitVect = (uint32_t *)iv;
+            hcryp.Init.Algorithm = CRYP_AES_CBC;
+        }
+        else {
+            hcryp.Init.Algorithm = CRYP_AES_ECB;
+        }
+        ret = HAL_CRYP_Init(&hcryp);
+    }
+
+    if (ret == HAL_OK) {
+        ret = HAL_CRYPEx_WrapKey(&hcryp, (uint32_t*)key, (uint32_t*)out, 100);
+        HAL_CRYP_DeInit(&hcryp);
+    }
+
+    ByteReverseWords((word32*)out, (word32*)out, inSz);
+    *outSz = inSz;
+    (void)aes;
+    return ret;
+}
+
+
+int wc_Stm32_Aes_UnWrap(struct Aes* aes, CRYP_HandleTypeDef* hcryp,
+        const byte* in, word32 inSz, const byte* iv, int ivSz)
+{
+    int ret = 0;
+
+    /* SAES requires use of the RNG -- HAL_RNG_DeInit() calls from random.c
+    turn off the RNG clock -- re-enable the clock here */
+    __HAL_RCC_RNG_CLK_ENABLE();
+
+    /* setup for key unwrapping */
+    XMEMSET(hcryp, 0, sizeof(CRYP_HandleTypeDef));
+    hcryp->Instance       = SAES;
+    hcryp->Init.DataType  = CRYP_DATATYPE_8B;
+    hcryp->Init.KeySize   = CRYP_KEYSIZE_256B;
+    hcryp->Init.DataWidthUnit = CRYP_DATAWIDTHUNIT_BYTE;
+    if (ivSz > 0 && iv != NULL) {
+        hcryp->Init.pInitVect = (uint32_t *)iv;
+        hcryp->Init.Algorithm = CRYP_AES_CBC;
+    }
+    else {
+        hcryp->Init.Algorithm = CRYP_AES_ECB;
+    }
+    hcryp->Init.KeyIVConfigSkip = CRYP_KEYIVCONFIG_ALWAYS;
+    hcryp->Init.KeySelect = CRYP_KEYSEL_HW; /* use DHUK to unwrap with use */
+    hcryp->Init.KeyMode   = CRYP_KEYMODE_WRAPPED;
+    ret = HAL_CRYP_Init(hcryp);
+    if (ret == HAL_OK) {
+        /* On success the key is placed into a location where the next encrypt/decrypt
+         * calls using hcryp make use of the key */
+        ret = HAL_CRYPEx_UnwrapKey(hcryp, (uint32_t*)in, 100);
+    }
+    return ret;
+}
+
+#endif
+
+int wc_Stm32_Aes_Init(Aes* aes, CRYP_HandleTypeDef* hcryp, int useSaes)
 {
     int ret;
     word32 keySize;
@@ -477,9 +570,35 @@ int wc_Stm32_Aes_Init(Aes* aes, CRYP_HandleTypeDef* hcryp)
         default:
             break;
     }
-    hcryp->Instance = CRYP;
-    hcryp->Init.DataType = CRYP_DATATYPE_8B;
-    hcryp->Init.pKey = (STM_CRYPT_TYPE*)aes->key;
+
+#ifdef WOLFSSL_STM32U5_DHUK
+    /* Use hardware key */
+    if (useSaes && (aes->devId == WOLFSSL_STM32U5_DHUK_DEVID ||
+            aes->devId == WOLFSSL_STM32U5_SAES_DEVID)) {
+
+            /* SAES requires use of the RNG -- HAL_RNG_DeInit() calls from
+               random.c turn off the RNG clock -- re-enable the clock here */
+            __HAL_RCC_RNG_CLK_ENABLE();
+
+            hcryp->Instance       = SAES;
+            hcryp->Init.DataType  = CRYP_DATATYPE_8B;
+
+            /* Key select (HW, or Normal) */
+            if (aes->devId == WOLFSSL_STM32U5_DHUK_DEVID) {
+                hcryp->Init.KeySelect = CRYP_KEYSEL_HW;
+            }
+            else {
+                hcryp->Init.KeySelect = CRYP_KEYSEL_NORMAL;
+                hcryp->Init.KeyMode   = CRYP_KEYMODE_NORMAL;
+                hcryp->Init.pKey      = (uint32_t*)aes->key;
+            }
+    } else
+#endif
+    {
+        hcryp->Instance = CRYP;
+        hcryp->Init.DataType = CRYP_DATATYPE_8B;
+        hcryp->Init.pKey = (STM_CRYPT_TYPE*)aes->key;
+    }
 #ifdef STM32_HAL_V2
     hcryp->Init.DataWidthUnit = CRYP_DATAWIDTHUNIT_BYTE;
     #if defined(CRYP_HEADERWIDTHUNIT_BYTE) && defined(STM_CRYPT_HEADER_WIDTH)
diff --git a/wolfcrypt/src/port/st/stsafe.c b/wolfcrypt/src/port/st/stsafe.c
index 8f197d363..832b70214 100644
--- a/wolfcrypt/src/port/st/stsafe.c
+++ b/wolfcrypt/src/port/st/stsafe.c
@@ -120,7 +120,7 @@ int SSL_STSAFE_VerifyPeerCertCb(WOLFSSL* ssl,
 {
     int err;
     byte sigRS[STSAFE_MAX_SIG_LEN];
-    byte *r, *s;
+    byte *r = NULL, *s = NULL;
     word32 r_len = STSAFE_MAX_SIG_LEN/2, s_len = STSAFE_MAX_SIG_LEN/2;
     byte pubKeyX[STSAFE_MAX_PUBKEY_RAW_LEN/2];
     byte pubKeyY[STSAFE_MAX_PUBKEY_RAW_LEN/2];
@@ -130,6 +130,7 @@ int SSL_STSAFE_VerifyPeerCertCb(WOLFSSL* ssl,
     word32 inOutIdx = 0;
     StSafeA_CurveId curve_id = STSAFE_A_NIST_P_256;
     int ecc_curve;
+    int key_sz = 0;
 
     (void)ssl;
     (void)ctx;
@@ -151,23 +152,34 @@ int SSL_STSAFE_VerifyPeerCertCb(WOLFSSL* ssl,
             pubKeyY, &pubKeyY_len);
     }
     if (err == 0) {
-        int key_sz;
-
         /* determine curve */
         ecc_curve = key.dp->id;
         curve_id = stsafe_get_ecc_curve_id(ecc_curve);
         key_sz = stsafe_get_key_size(curve_id);
-
+        if (key_sz <= 0 || key_sz > STSAFE_MAX_KEY_LEN) {
+            err = BAD_FUNC_ARG;
+        }
+    }
+    if (err == 0) {
         /* Extract R and S from signature */
         XMEMSET(sigRS, 0, sizeof(sigRS));
         r = &sigRS[0];
         s = &sigRS[key_sz];
         err = wc_ecc_sig_to_rs(sig, sigSz, r, &r_len, s, &s_len);
-        (void)r_len;
-        (void)s_len;
     }
-
     if (err == 0) {
+        /* make sure R and S are not too large */
+        if (r_len > key_sz || s_len > key_sz) {
+            err = BAD_FUNC_ARG;
+        }
+    }
+    if (err == 0) {
+        /* make sure R and S are zero padded on front */
+        XMEMMOVE(&sigRS[key_sz-r_len], r, r_len);
+        XMEMSET(&sigRS[0], 0, key_sz-r_len);
+        XMEMMOVE(&sigRS[key_sz + (key_sz-s_len)], s, s_len);
+        XMEMSET(&sigRS[key_sz], 0, key_sz-s_len);
+
         /* Verify signature */
         err = stsafe_interface_verify(curve_id, (uint8_t*)hash, sigRS,
             pubKeyX, pubKeyY, (int32_t*)result);
@@ -474,7 +486,7 @@ int wolfSSL_STSAFE_CryptoDevCb(int devId, wc_CryptoInfo* info, void* ctx)
         }
         else if (info->pk.type == WC_PK_TYPE_ECDSA_VERIFY) {
             byte sigRS[STSAFE_MAX_SIG_LEN];
-            byte *r, *s;
+            byte *r = NULL, *s = NULL;
             word32 r_len = STSAFE_MAX_SIG_LEN/2, s_len = STSAFE_MAX_SIG_LEN/2;
             byte pubKeyX[STSAFE_MAX_PUBKEY_RAW_LEN/2];
             byte pubKeyY[STSAFE_MAX_PUBKEY_RAW_LEN/2];
@@ -485,13 +497,18 @@ int wolfSSL_STSAFE_CryptoDevCb(int devId, wc_CryptoInfo* info, void* ctx)
 
             WOLFSSL_MSG("STSAFE: ECC Verify");
 
-            if (info->pk.eccverify.key == NULL)
+            if (info->pk.eccverify.key == NULL ||
+                info->pk.eccverify.key->dp == NULL) {
                 return BAD_FUNC_ARG;
+            }
 
             /* determine curve */
             ecc_curve = info->pk.eccverify.key->dp->id;
             curve_id = stsafe_get_ecc_curve_id(ecc_curve);
             key_sz = stsafe_get_key_size(curve_id);
+            if (key_sz <= 0 || key_sz > STSAFE_MAX_KEY_LEN) {
+                return BAD_FUNC_ARG;
+            }
 
             /* Extract Raw X and Y coordinates of the public key */
             rc = wc_ecc_export_public_raw(info->pk.eccverify.key,
@@ -504,10 +521,20 @@ int wolfSSL_STSAFE_CryptoDevCb(int devId, wc_CryptoInfo* info, void* ctx)
                 s = &sigRS[key_sz];
                 rc = wc_ecc_sig_to_rs(info->pk.eccverify.sig,
                     info->pk.eccverify.siglen, r, &r_len, s, &s_len);
-                (void)r_len;
-                (void)s_len;
             }
             if (rc == 0) {
+                /* make sure R and S are not too large */
+                if (r_len > key_sz || s_len > key_sz) {
+                    rc = BAD_FUNC_ARG;
+                }
+            }
+            if (rc == 0) {
+                /* make sure R and S are zero padded on front */
+                XMEMMOVE(&sigRS[key_sz-r_len], r, r_len);
+                XMEMSET(&sigRS[0], 0, key_sz-r_len);
+                XMEMMOVE(&sigRS[key_sz + (key_sz-s_len)], s, s_len);
+                XMEMSET(&sigRS[key_sz], 0, key_sz-s_len);
+
                 /* Verify signature */
                 rc = stsafe_interface_verify(curve_id,
                     (uint8_t*)info->pk.eccverify.hash, sigRS, pubKeyX, pubKeyY,
diff --git a/wolfcrypt/src/pwdbased.c b/wolfcrypt/src/pwdbased.c
index 8c7c64cae..9a255874c 100644
--- a/wolfcrypt/src/pwdbased.c
+++ b/wolfcrypt/src/pwdbased.c
@@ -816,9 +816,16 @@ int wc_scrypt(byte* output, const byte* passwd, int passLen,
         ret = MEMORY_E;
         goto end;
     }
+
+    /* Check that (1 << cost) * bSz won't overflow or exceed allowed max */
+    if (((size_t)1 << cost) * (size_t)bSz > SCRYPT_WORD32_MAX) {
+        ret = BAD_FUNC_ARG;
+        goto end;
+    }
+
     /* Temporary for scryptROMix. */
-    v = (byte*)XMALLOC((size_t)((1U << cost) * bSz), NULL,
-                       DYNAMIC_TYPE_TMP_BUFFER);
+    v = (byte*)XMALLOC(((size_t)1 << cost) * (size_t)bSz, NULL,
+                         DYNAMIC_TYPE_TMP_BUFFER);
     if (v == NULL) {
         ret = MEMORY_E;
         goto end;
@@ -841,7 +848,8 @@ int wc_scrypt(byte* output, const byte* passwd, int passLen,
 
     /* Step 2. */
     for (i = 0; i < parallel; i++)
-        scryptROMix(blocks + i * (int)bSz, v, y, (int)blockSize, 1U << cost);
+        scryptROMix(blocks + i * (int)bSz, v, y, (int)blockSize,
+                    (word32)((size_t)1 << cost));
 
     /* Step 3. */
     ret = wc_PBKDF2(output, passwd, passLen, blocks, (int)blocksSz, 1, dkLen,
diff --git a/wolfcrypt/src/random.c b/wolfcrypt/src/random.c
index f8107d036..b2cdf26df 100644
--- a/wolfcrypt/src/random.c
+++ b/wolfcrypt/src/random.c
@@ -142,7 +142,7 @@ This library contains implementation for the random number generator.
 #elif defined(WOLFSSL_TELIT_M2MB)
 #elif defined(WOLFSSL_RENESAS_TSIP)
     /* for wc_tsip_GenerateRandBlock */
-    #include "wolfssl/wolfcrypt/port/Renesas/renesas-tsip-crypt.h"
+    #include "wolfssl/wolfcrypt/port/Renesas/renesas_tsip_internal.h"
 #elif defined(WOLFSSL_SCE) && !defined(WOLFSSL_SCE_NO_TRNG)
 #elif defined(WOLFSSL_IMXRT1170_CAAM)
 #elif defined(CY_USING_HAL) && defined(COMPONENT_WOLFSSL)
@@ -184,10 +184,10 @@ This library contains implementation for the random number generator.
 
 #if defined(HAVE_INTEL_RDRAND) || defined(HAVE_INTEL_RDSEED) || \
     defined(HAVE_AMD_RDSEED)
-    static word32 intel_flags = 0;
+    static cpuid_flags_t intel_flags = WC_CPUID_INITIALIZER;
     static void wc_InitRng_IntelRD(void)
     {
-        intel_flags = cpuid_get_flags();
+        cpuid_get_flags_ex(&intel_flags);
     }
     #if defined(HAVE_INTEL_RDSEED) || defined(HAVE_AMD_RDSEED)
     static int wc_GenerateSeed_IntelRD(OS_Seed* os, byte* output, word32 sz);
@@ -373,7 +373,7 @@ static int Hash_df(DRBG_internal* drbg, byte* out, word32 outSz, byte type,
 #else
     wc_Sha256 sha[1];
 #endif
-#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_LINUXKM)
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_KERNEL_MODE)
     byte* digest;
 #else
     byte digest[WC_SHA256_DIGEST_SIZE];
@@ -383,7 +383,7 @@ static int Hash_df(DRBG_internal* drbg, byte* out, word32 outSz, byte type,
         return DRBG_FAILURE;
     }
 
-#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_LINUXKM)
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_KERNEL_MODE)
     digest = (byte*)XMALLOC(WC_SHA256_DIGEST_SIZE, drbg->heap,
         DYNAMIC_TYPE_DIGEST);
     if (digest == NULL)
@@ -444,7 +444,7 @@ static int Hash_df(DRBG_internal* drbg, byte* out, word32 outSz, byte type,
 
     ForceZero(digest, WC_SHA256_DIGEST_SIZE);
 
-#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_LINUXKM)
+#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_KERNEL_MODE)
     XFREE(digest, drbg->heap, DYNAMIC_TYPE_DIGEST);
 #endif
 
@@ -660,7 +660,7 @@ static int Hash_DRBG_Generate(DRBG_internal* drbg, byte* out, word32 outSz)
         return DRBG_NEED_RESEED;
     }
     else {
-    #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_LINUXKM)
+    #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_KERNEL_MODE)
         byte* digest = (byte*)XMALLOC(WC_SHA256_DIGEST_SIZE, drbg->heap,
             DYNAMIC_TYPE_DIGEST);
         if (digest == NULL)
@@ -709,7 +709,7 @@ static int Hash_DRBG_Generate(DRBG_internal* drbg, byte* out, word32 outSz)
             drbg->reseedCtr++;
         }
         ForceZero(digest, WC_SHA256_DIGEST_SIZE);
-    #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_LINUXKM)
+    #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_KERNEL_MODE)
         XFREE(digest, drbg->heap, DYNAMIC_TYPE_DIGEST);
     #endif
     }
diff --git a/wolfcrypt/src/rsa.c b/wolfcrypt/src/rsa.c
index 78c0c9ec4..d5d124901 100644
--- a/wolfcrypt/src/rsa.c
+++ b/wolfcrypt/src/rsa.c
@@ -42,6 +42,7 @@ RSA keys can be used to encrypt, decrypt, sign and verify data.
 #endif
 
 #include <wolfssl/wolfcrypt/rsa.h>
+#include <wolfssl/wolfcrypt/logging.h>
 
 #ifdef WOLFSSL_AFALG_XILINX_RSA
 #include <wolfssl/wolfcrypt/port/af_alg/wc_afalg.h>
@@ -56,12 +57,12 @@ RSA keys can be used to encrypt, decrypt, sign and verify data.
 #include <wolfssl/wolfcrypt/sp.h>
 #endif
 
-#if defined(WOLFSSL_LINUXKM) && !defined(WOLFSSL_SP_ASM)
+#if defined(WOLFSSL_USE_SAVE_VECTOR_REGISTERS) && !defined(WOLFSSL_SP_ASM)
     /* force off unneeded vector register save/restore. */
     #undef SAVE_VECTOR_REGISTERS
-    #define SAVE_VECTOR_REGISTERS(fail_clause) WC_DO_NOTHING
+    #define SAVE_VECTOR_REGISTERS(fail_clause) SAVE_NO_VECTOR_REGISTERS(fail_clause)
     #undef RESTORE_VECTOR_REGISTERS
-    #define RESTORE_VECTOR_REGISTERS() WC_DO_NOTHING
+    #define RESTORE_VECTOR_REGISTERS() RESTORE_NO_VECTOR_REGISTERS()
 #endif
 
 /*
@@ -1561,11 +1562,11 @@ static int RsaUnPad_OAEP(byte *pkcsBlock, unsigned int pkcsBlockLen,
                             byte* optLabel, word32 labelLen, void* heap)
 {
     word32 hLen;
-    int ret;
+    volatile int ret;
     byte h[WC_MAX_DIGEST_SIZE]; /* max digest size */
     word32 idx;
     word32 i;
-    word32 inc;
+    volatile word32 inc;
 
 #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC)
     byte* tmp  = NULL;
@@ -1850,9 +1851,11 @@ static int RsaUnPad(const byte *pkcsBlock, unsigned int pkcsBlockLen,
     }
 #ifndef WOLFSSL_RSA_VERIFY_ONLY
     else {
-        unsigned int j;
-        word16 pastSep = 0;
-        byte   invalid = 0;
+        unsigned int    j;
+        volatile word16 pastSep = 0;
+        volatile byte   invalid = 0;
+        volatile byte   minPad;
+        volatile int    invalidMask;
 
         i = 0;
         /* Decrypted with private key - unpad must be constant time. */
@@ -1864,7 +1867,8 @@ static int RsaUnPad(const byte *pkcsBlock, unsigned int pkcsBlockLen,
         }
 
         /* Minimum of 11 bytes of pre-message data - including leading 0x00. */
-        invalid |= ctMaskLT(i, RSA_MIN_PAD_SZ);
+        minPad = ctMaskLT(i, RSA_MIN_PAD_SZ);
+        invalid |= minPad;
         /* Must have seen separator. */
         invalid |= (byte)~pastSep;
         /* First byte must be 0x00. */
@@ -1873,7 +1877,8 @@ static int RsaUnPad(const byte *pkcsBlock, unsigned int pkcsBlockLen,
         invalid |= ctMaskNotEq(pkcsBlock[1], padValue);
 
         *output = (byte *)(pkcsBlock + i);
-        ret = ((int)-1 + (int)(invalid >> 7)) & ((int)pkcsBlockLen - i);
+        invalidMask = (int)-1 + (int)(invalid >> 7);
+        ret = invalidMask & ((int)pkcsBlockLen - i);
     }
 #endif
 
@@ -2593,7 +2598,7 @@ static int RsaFunctionPrivate(mp_int* tmp, RsaKey* key, WC_RNG* rng)
     }
 #else
     if (ret == 0 && (mp_iszero(&key->p) || mp_iszero(&key->q) ||
-            mp_iszero(&key->dP) || mp_iszero(&key->dQ))) {
+            mp_iszero(&key->dP) || mp_iszero(&key->dQ) || mp_iszero(&key->u))) {
         if (mp_exptmod(tmp, &key->d, &key->n, tmp) != MP_OKAY) {
             ret = MP_EXPTMOD_E;
         }
@@ -2748,7 +2753,7 @@ static int RsaFunctionSync(const byte* in, word32 inLen, byte* out,
         case RSA_PUBLIC_ENCRYPT:
         case RSA_PUBLIC_DECRYPT:
             if (mp_exptmod_nct(tmp, &key->e, &key->n, tmp) != MP_OKAY) {
-                WOLFSSL_MSG("mp_exptmod_nct failed");
+                WOLFSSL_MSG_CERT_LOG("mp_exptmod_nct failed");
                 ret = MP_EXPTMOD_E;
             }
             break;
@@ -2845,7 +2850,7 @@ static int wc_RsaFunctionSync(const byte* in, word32 inLen, byte* out,
     *outLen = keyLen;
     return RsaFunctionSync(in, inLen, out, outLen, type, key, rng);
 #endif /* WOLFSSL_SP_MATH */
-}
+} /* wc_RsaFunctionSync */
 #endif /* WOLF_CRYPTO_CB_ONLY_RSA */
 #endif
 
@@ -3601,6 +3606,9 @@ static int RsaPrivateDecryptEx(const byte* in, word32 inLen, byte* out,
         ret = wc_CryptoCb_RsaPad(in, inLen, out,
                             &outLen, rsa_type, key, rng, &padding);
         if (ret != WC_NO_ERR_TRACE(CRYPTOCB_UNAVAILABLE)) {
+            if (outPtr != NULL) {
+                *outPtr = out;
+            }
             if (ret == 0) {
                 ret = (int)outLen;
             }
@@ -4465,7 +4473,7 @@ int wc_RsaExportKey(RsaKey* key,
 #endif
 
 
-#ifdef WOLFSSL_KEY_GEN
+#if defined(WOLFSSL_KEY_GEN) && !defined(WOLFSSL_RSA_PUBLIC_ONLY)
 
 /* Check that |p-q| > 2^((size/2)-100) */
 static int wc_CompareDiffPQ(mp_int* p, mp_int* q, int size, int* valid)
@@ -4759,12 +4767,11 @@ int wc_CheckProbablePrime_ex(const byte* pRaw, word32 pRawSz,
     if (ret == MP_OKAY)
         ret = mp_read_unsigned_bin(e, eRaw, eRawSz);
 
-    if (ret == MP_OKAY) {
+    if (ret == MP_OKAY)
         SAVE_VECTOR_REGISTERS(ret = _svr_ret;);
 
-        if (ret == MP_OKAY)
-            ret = _CheckProbablePrime(p, Q, e, nlen, isPrime, rng);
-
+    if (ret == 0) {
+        ret = _CheckProbablePrime(p, Q, e, nlen, isPrime, rng);
         RESTORE_VECTOR_REGISTERS();
     }
 
@@ -5169,7 +5176,8 @@ int wc_MakeRsaKey(RsaKey* key, int size, long e, WC_RNG* rng)
     }
 #endif
 
-    RESTORE_VECTOR_REGISTERS();
+    if (err != WC_NO_ERR_TRACE(WC_ACCEL_INHIBIT_E))
+        RESTORE_VECTOR_REGISTERS();
 
     /* Last value p - 1. */
     mp_forcezero(tmp1);
diff --git a/wolfcrypt/src/sakke.c b/wolfcrypt/src/sakke.c
index 3e8db9231..155c8c5d4 100644
--- a/wolfcrypt/src/sakke.c
+++ b/wolfcrypt/src/sakke.c
@@ -37,12 +37,12 @@
 #include <wolfssl/wolfcrypt/sakke.h>
 #include <wolfssl/wolfcrypt/asn_public.h>
 
-#if defined(WOLFSSL_LINUXKM) && !defined(WOLFSSL_SP_ASM)
+#if defined(WOLFSSL_USE_SAVE_VECTOR_REGISTERS) && !defined(WOLFSSL_SP_ASM)
     /* force off unneeded vector register save/restore. */
     #undef SAVE_VECTOR_REGISTERS
-    #define SAVE_VECTOR_REGISTERS(fail_clause) WC_DO_NOTHING
+    #define SAVE_VECTOR_REGISTERS(fail_clause) SAVE_NO_VECTOR_REGISTERS(fail_clause)
     #undef RESTORE_VECTOR_REGISTERS
-    #define RESTORE_VECTOR_REGISTERS() WC_DO_NOTHING
+    #define RESTORE_VECTOR_REGISTERS() RESTORE_NO_VECTOR_REGISTERS()
 #endif
 
 #ifndef WOLFSSL_HAVE_ECC_KEY_GET_PRIV
diff --git a/wolfcrypt/src/sha.c b/wolfcrypt/src/sha.c
index 8dc96625c..618a6deb2 100644
--- a/wolfcrypt/src/sha.c
+++ b/wolfcrypt/src/sha.c
@@ -403,6 +403,7 @@
         sha->digest[4] = 0xC3D2E1F0L;
 
         sha->buffLen = 0;
+        XMEMSET(sha->buffer, 0, sizeof(sha->buffer));
         sha->loLen   = 0;
         sha->hiLen   = 0;
     #ifdef WOLFSSL_HASH_FLAGS
@@ -1065,6 +1066,7 @@ void wc_ShaFree(wc_Sha* sha)
 #if (defined(WOLFSSL_RENESAS_TSIP_TLS) || \
      defined(WOLFSSL_RENESAS_TSIP_CRYPTONLY)) && \
     !defined(NO_WOLFSSL_RENESAS_TSIP_CRYPT_HASH) || \
+    (defined(WOLFSSL_RENESAS_RSIP) && (WOLFSSL_RENESAS_RZFSP_VER >= 220)) ||\
     defined(WOLFSSL_RENESAS_RX64_HASH)
     XFREE(sha->msg, sha->heap, DYNAMIC_TYPE_TMP_BUFFER);
     sha->msg = NULL;
diff --git a/wolfcrypt/src/sha256.c b/wolfcrypt/src/sha256.c
index 08434c90e..07a5e29c2 100644
--- a/wolfcrypt/src/sha256.c
+++ b/wolfcrypt/src/sha256.c
@@ -388,7 +388,7 @@ static int InitSha256(wc_Sha256* sha256)
     }  /* extern "C" */
 #endif
 
-    static word32 intel_flags = 0;
+    static cpuid_flags_t intel_flags = WC_CPUID_INITIALIZER;
 
 #if defined(WC_C_DYNAMIC_FALLBACK) && !defined(WC_NO_INTERNAL_FUNCTION_POINTERS)
     #define WC_NO_INTERNAL_FUNCTION_POINTERS
@@ -425,8 +425,7 @@ static int InitSha256(wc_Sha256* sha256)
         }
     #endif
 
-        if (intel_flags == 0)
-            intel_flags = cpuid_get_flags();
+        cpuid_get_flags_ex(&intel_flags);
 
         if (IS_INTEL_SHA(intel_flags)) {
         #ifdef HAVE_INTEL_AVX1
@@ -567,12 +566,12 @@ static int InitSha256(wc_Sha256* sha256)
 
     static WC_INLINE int inline_XTRANSFORM(wc_Sha256* S, const byte* D) {
         int ret;
-    #ifdef WOLFSSL_LINUXKM
+    #ifdef WOLFSSL_USE_SAVE_VECTOR_REGISTERS
         if (Transform_Sha256_is_vectorized)
             SAVE_VECTOR_REGISTERS(return _svr_ret;);
     #endif
         ret = (*Transform_Sha256_p)(S, D);
-    #ifdef WOLFSSL_LINUXKM
+    #ifdef WOLFSSL_USE_SAVE_VECTOR_REGISTERS
         if (Transform_Sha256_is_vectorized)
             RESTORE_VECTOR_REGISTERS();
     #endif
@@ -582,12 +581,12 @@ static int InitSha256(wc_Sha256* sha256)
 
     static WC_INLINE int inline_XTRANSFORM_LEN(wc_Sha256* S, const byte* D, word32 L) {
         int ret;
-    #ifdef WOLFSSL_LINUXKM
+    #ifdef WOLFSSL_USE_SAVE_VECTOR_REGISTERS
         if (Transform_Sha256_is_vectorized)
             SAVE_VECTOR_REGISTERS(return _svr_ret;);
     #endif
         ret = (*Transform_Sha256_Len_p)(S, D, L);
-    #ifdef WOLFSSL_LINUXKM
+    #ifdef WOLFSSL_USE_SAVE_VECTOR_REGISTERS
         if (Transform_Sha256_is_vectorized)
             RESTORE_VECTOR_REGISTERS();
     #endif
@@ -601,7 +600,7 @@ static int InitSha256(wc_Sha256* sha256)
         if (transform_check)
             return;
 
-        intel_flags = cpuid_get_flags();
+        cpuid_get_flags_ex(&intel_flags);
 
         if (IS_INTEL_SHA(intel_flags)) {
         #ifdef HAVE_INTEL_AVX1
@@ -2074,7 +2073,10 @@ static int Transform_Sha256(wc_Sha256* sha256, const byte* data)
     #ifdef WOLFSSL_SMALL_STACK_CACHE
         sha224->W = NULL;
     #endif
-
+    #ifdef WOLF_CRYPTO_CB
+        sha224->devId = devId;
+        sha224->devCtx = NULL;
+    #endif
     #if defined(WOLFSSL_USE_ESP32_CRYPT_HASH_HW)
         #if defined(NO_WOLFSSL_ESP32_CRYPT_HASH_SHA224)
         /* We know this is a fresh, uninitialized item, so set to INIT */
@@ -2133,7 +2135,17 @@ static int Transform_Sha256(wc_Sha256* sha256, const byte* data)
         if (data == NULL) {
             return BAD_FUNC_ARG;
         }
-
+    #ifdef WOLF_CRYPTO_CB
+        #ifndef WOLF_CRYPTO_CB_FIND
+        if (sha224->devId != INVALID_DEVID)
+        #endif
+        {
+            ret = wc_CryptoCb_Sha224Hash(sha224, data, len, NULL);
+            if (ret != WC_NO_ERR_TRACE(CRYPTOCB_UNAVAILABLE))
+                return ret;
+            /* fall-through when unavailable */
+        }
+    #endif
     #if defined(WOLFSSL_ASYNC_CRYPT) && defined(WC_ASYNC_ENABLE_SHA224)
         if (sha224->asyncDev.marker == WOLFSSL_ASYNC_MARKER_SHA224) {
         #if defined(HAVE_INTEL_QA)
@@ -2160,7 +2172,17 @@ static int Transform_Sha256(wc_Sha256* sha256, const byte* data)
         if (sha224 == NULL || hash == NULL) {
             return BAD_FUNC_ARG;
         }
-
+    #ifdef WOLF_CRYPTO_CB
+        #ifndef WOLF_CRYPTO_CB_FIND
+        if (sha224->devId != INVALID_DEVID)
+        #endif
+        {
+            ret = wc_CryptoCb_Sha224Hash(sha224, NULL, 0, hash);
+            if (ret != WC_NO_ERR_TRACE(CRYPTOCB_UNAVAILABLE))
+                return ret;
+            /* fall-through when unavailable */
+        }
+    #endif
     #if defined(WOLFSSL_ASYNC_CRYPT) && defined(WC_ASYNC_ENABLE_SHA224)
         if (sha224->asyncDev.marker == WOLFSSL_ASYNC_MARKER_SHA224) {
         #if defined(HAVE_INTEL_QA)
@@ -2303,7 +2325,8 @@ void wc_Sha256Free(wc_Sha256* sha256)
     ((defined(WOLFSSL_RENESAS_TSIP_TLS) || \
       defined(WOLFSSL_RENESAS_TSIP_CRYPTONLY)) && \
     !defined(NO_WOLFSSL_RENESAS_TSIP_CRYPT_HASH)) || \
-    (defined(WOLFSSL_RENESAS_SCEPROTECT) && \
+    ((defined(WOLFSSL_RENESAS_SCEPROTECT) || \
+    (defined(WOLFSSL_RENESAS_RSIP) && (WOLFSSL_RENESAS_RZFSP_VER >= 220))) && \
     !defined(NO_WOLFSSL_RENESAS_FSPSM_HASH)) || \
     defined(WOLFSSL_RENESAS_RX64_HASH) || \
     defined(WOLFSSL_HASH_KEEP)
diff --git a/wolfcrypt/src/sha256_asm.S b/wolfcrypt/src/sha256_asm.S
index 04daa884b..3559a4cef 100644
--- a/wolfcrypt/src/sha256_asm.S
+++ b/wolfcrypt/src/sha256_asm.S
@@ -58,10 +58,10 @@ L_sse2_sha256_sha_k:
 .long	0x3956c25b,0x59f111f1,0x923f82a4,0xab1c5ed5
 .long	0xd807aa98,0x12835b01,0x243185be,0x550c7dc3
 .long	0x72be5d74,0x80deb1fe,0x9bdc06a7,0xc19bf174
-.long	0xe49b69c1,0xefbe4786,0xfc19dc6,0x240ca1cc
+.long	0xe49b69c1,0xefbe4786,0x0fc19dc6,0x240ca1cc
 .long	0x2de92c6f,0x4a7484aa,0x5cb0a9dc,0x76f988da
 .long	0x983e5152,0xa831c66d,0xb00327c8,0xbf597fc7
-.long	0xc6e00bf3,0xd5a79147,0x6ca6351,0x14292967
+.long	0xc6e00bf3,0xd5a79147,0x06ca6351,0x14292967
 .long	0x27b70a85,0x2e1b2138,0x4d2c6dfc,0x53380d13
 .long	0x650a7354,0x766a0abb,0x81c2c92e,0x92722c85
 .long	0xa2bfe8a1,0xa81a664b,0xc24b8b70,0xc76c51a3
@@ -492,10 +492,10 @@ L_avx1_sha256_k:
 .long	0x3956c25b,0x59f111f1,0x923f82a4,0xab1c5ed5
 .long	0xd807aa98,0x12835b01,0x243185be,0x550c7dc3
 .long	0x72be5d74,0x80deb1fe,0x9bdc06a7,0xc19bf174
-.long	0xe49b69c1,0xefbe4786,0xfc19dc6,0x240ca1cc
+.long	0xe49b69c1,0xefbe4786,0x0fc19dc6,0x240ca1cc
 .long	0x2de92c6f,0x4a7484aa,0x5cb0a9dc,0x76f988da
 .long	0x983e5152,0xa831c66d,0xb00327c8,0xbf597fc7
-.long	0xc6e00bf3,0xd5a79147,0x6ca6351,0x14292967
+.long	0xc6e00bf3,0xd5a79147,0x06ca6351,0x14292967
 .long	0x27b70a85,0x2e1b2138,0x4d2c6dfc,0x53380d13
 .long	0x650a7354,0x766a0abb,0x81c2c92e,0x92722c85
 .long	0xa2bfe8a1,0xa81a664b,0xc24b8b70,0xc76c51a3
@@ -5347,10 +5347,10 @@ L_avx1_rorx_sha256_k:
 .long	0x3956c25b,0x59f111f1,0x923f82a4,0xab1c5ed5
 .long	0xd807aa98,0x12835b01,0x243185be,0x550c7dc3
 .long	0x72be5d74,0x80deb1fe,0x9bdc06a7,0xc19bf174
-.long	0xe49b69c1,0xefbe4786,0xfc19dc6,0x240ca1cc
+.long	0xe49b69c1,0xefbe4786,0x0fc19dc6,0x240ca1cc
 .long	0x2de92c6f,0x4a7484aa,0x5cb0a9dc,0x76f988da
 .long	0x983e5152,0xa831c66d,0xb00327c8,0xbf597fc7
-.long	0xc6e00bf3,0xd5a79147,0x6ca6351,0x14292967
+.long	0xc6e00bf3,0xd5a79147,0x06ca6351,0x14292967
 .long	0x27b70a85,0x2e1b2138,0x4d2c6dfc,0x53380d13
 .long	0x650a7354,0x766a0abb,0x81c2c92e,0x92722c85
 .long	0xa2bfe8a1,0xa81a664b,0xc24b8b70,0xc76c51a3
@@ -10119,10 +10119,10 @@ L_avx1_sha256_sha_k:
 .long	0x3956c25b,0x59f111f1,0x923f82a4,0xab1c5ed5
 .long	0xd807aa98,0x12835b01,0x243185be,0x550c7dc3
 .long	0x72be5d74,0x80deb1fe,0x9bdc06a7,0xc19bf174
-.long	0xe49b69c1,0xefbe4786,0xfc19dc6,0x240ca1cc
+.long	0xe49b69c1,0xefbe4786,0x0fc19dc6,0x240ca1cc
 .long	0x2de92c6f,0x4a7484aa,0x5cb0a9dc,0x76f988da
 .long	0x983e5152,0xa831c66d,0xb00327c8,0xbf597fc7
-.long	0xc6e00bf3,0xd5a79147,0x6ca6351,0x14292967
+.long	0xc6e00bf3,0xd5a79147,0x06ca6351,0x14292967
 .long	0x27b70a85,0x2e1b2138,0x4d2c6dfc,0x53380d13
 .long	0x650a7354,0x766a0abb,0x81c2c92e,0x92722c85
 .long	0xa2bfe8a1,0xa81a664b,0xc24b8b70,0xc76c51a3
@@ -10502,14 +10502,14 @@ L_avx2_sha256_k:
 .long	0xd807aa98,0x12835b01,0x243185be,0x550c7dc3
 .long	0x72be5d74,0x80deb1fe,0x9bdc06a7,0xc19bf174
 .long	0x72be5d74,0x80deb1fe,0x9bdc06a7,0xc19bf174
-.long	0xe49b69c1,0xefbe4786,0xfc19dc6,0x240ca1cc
-.long	0xe49b69c1,0xefbe4786,0xfc19dc6,0x240ca1cc
+.long	0xe49b69c1,0xefbe4786,0x0fc19dc6,0x240ca1cc
+.long	0xe49b69c1,0xefbe4786,0x0fc19dc6,0x240ca1cc
 .long	0x2de92c6f,0x4a7484aa,0x5cb0a9dc,0x76f988da
 .long	0x2de92c6f,0x4a7484aa,0x5cb0a9dc,0x76f988da
 .long	0x983e5152,0xa831c66d,0xb00327c8,0xbf597fc7
 .long	0x983e5152,0xa831c66d,0xb00327c8,0xbf597fc7
-.long	0xc6e00bf3,0xd5a79147,0x6ca6351,0x14292967
-.long	0xc6e00bf3,0xd5a79147,0x6ca6351,0x14292967
+.long	0xc6e00bf3,0xd5a79147,0x06ca6351,0x14292967
+.long	0xc6e00bf3,0xd5a79147,0x06ca6351,0x14292967
 .long	0x27b70a85,0x2e1b2138,0x4d2c6dfc,0x53380d13
 .long	0x27b70a85,0x2e1b2138,0x4d2c6dfc,0x53380d13
 .long	0x650a7354,0x766a0abb,0x81c2c92e,0x92722c85
@@ -17101,14 +17101,14 @@ L_avx2_rorx_sha256_k:
 .long	0xd807aa98,0x12835b01,0x243185be,0x550c7dc3
 .long	0x72be5d74,0x80deb1fe,0x9bdc06a7,0xc19bf174
 .long	0x72be5d74,0x80deb1fe,0x9bdc06a7,0xc19bf174
-.long	0xe49b69c1,0xefbe4786,0xfc19dc6,0x240ca1cc
-.long	0xe49b69c1,0xefbe4786,0xfc19dc6,0x240ca1cc
+.long	0xe49b69c1,0xefbe4786,0x0fc19dc6,0x240ca1cc
+.long	0xe49b69c1,0xefbe4786,0x0fc19dc6,0x240ca1cc
 .long	0x2de92c6f,0x4a7484aa,0x5cb0a9dc,0x76f988da
 .long	0x2de92c6f,0x4a7484aa,0x5cb0a9dc,0x76f988da
 .long	0x983e5152,0xa831c66d,0xb00327c8,0xbf597fc7
 .long	0x983e5152,0xa831c66d,0xb00327c8,0xbf597fc7
-.long	0xc6e00bf3,0xd5a79147,0x6ca6351,0x14292967
-.long	0xc6e00bf3,0xd5a79147,0x6ca6351,0x14292967
+.long	0xc6e00bf3,0xd5a79147,0x06ca6351,0x14292967
+.long	0xc6e00bf3,0xd5a79147,0x06ca6351,0x14292967
 .long	0x27b70a85,0x2e1b2138,0x4d2c6dfc,0x53380d13
 .long	0x27b70a85,0x2e1b2138,0x4d2c6dfc,0x53380d13
 .long	0x650a7354,0x766a0abb,0x81c2c92e,0x92722c85
diff --git a/wolfcrypt/src/sha3.c b/wolfcrypt/src/sha3.c
index 145c66683..03a3a2c08 100644
--- a/wolfcrypt/src/sha3.c
+++ b/wolfcrypt/src/sha3.c
@@ -67,8 +67,7 @@
         defined(WOLFSSL_ARMASM))
     #include <wolfssl/wolfcrypt/cpuid.h>
 
-    word32 cpuid_flags;
-    int cpuid_flags_set = 0;
+    static cpuid_flags_t cpuid_flags = WC_CPUID_INITIALIZER;
 #ifdef WC_C_DYNAMIC_FALLBACK
     #define SHA3_BLOCK (sha3->sha3_block)
     #define SHA3_BLOCK_N (sha3->sha3_block_n)
@@ -564,6 +563,7 @@ void BlockSha3(word64* s)
 #endif /* !WOLFSSL_ARMASM && !WOLFSSL_RISCV_ASM */
 
 #if !defined(STM32_HASH_SHA3)
+#if defined(BIG_ENDIAN_ORDER)
 static WC_INLINE word64 Load64Unaligned(const unsigned char *a)
 {
     return ((word64)a[0] <<  0) |
@@ -583,7 +583,6 @@ static WC_INLINE word64 Load64Unaligned(const unsigned char *a)
  */
 static word64 Load64BitBigEndian(const byte* a)
 {
-#if defined(BIG_ENDIAN_ORDER) || (WOLFSSL_GENERAL_ALIGNMENT == 1)
     word64 n = 0;
     int i;
 
@@ -591,26 +590,8 @@ static word64 Load64BitBigEndian(const byte* a)
         n |= (word64)a[i] << (8 * i);
 
     return n;
-#elif ((WOLFSSL_GENERAL_ALIGNMENT > 0) && (WOLFSSL_GENERAL_ALIGNMENT == 4))
-    word64 n;
-
-    n  =          *(word32*) a;
-    n |= ((word64)*(word32*)(a + 4)) << 32;
-
-    return n;
-#elif ((WOLFSSL_GENERAL_ALIGNMENT > 0) && (WOLFSSL_GENERAL_ALIGNMENT == 2))
-    word64 n;
-
-    n  =          *(word16*) a;
-    n |= ((word64)*(word16*)(a + 2)) << 16;
-    n |= ((word64)*(word16*)(a + 4)) << 32;
-    n |= ((word64)*(word16*)(a + 6)) << 48;
-
-    return n;
-#else
-    return *(const word64*)a;
-#endif
 }
+#endif
 
 /* Initialize the state for a SHA3-224 hash operation.
  *
@@ -630,37 +611,41 @@ static int InitSha3(wc_Sha3* sha3)
 #endif
 
 #ifdef USE_INTEL_SPEEDUP
-    if (!cpuid_flags_set) {
-        cpuid_flags = cpuid_get_flags();
-        cpuid_flags_set = 1;
-#ifdef WC_C_DYNAMIC_FALLBACK
-    }
     {
+        int cpuid_flags_were_updated = cpuid_get_flags_ex(&cpuid_flags);
+#ifdef WC_C_DYNAMIC_FALLBACK
+        (void)cpuid_flags_were_updated;
         if (! CAN_SAVE_VECTOR_REGISTERS()) {
             SHA3_BLOCK = BlockSha3;
             SHA3_BLOCK_N = NULL;
         }
         else
+#else
+        if ((! cpuid_flags_were_updated) && (SHA3_BLOCK != NULL)) {
+        }
+        else
 #endif
-        if (IS_INTEL_BMI1(cpuid_flags) && IS_INTEL_BMI2(cpuid_flags)) {
+        if (IS_INTEL_AVX2(cpuid_flags)) {
+            SHA3_BLOCK = sha3_block_avx2;
+            SHA3_BLOCK_N = sha3_block_n_avx2;
+        }
+        else if (IS_INTEL_BMI1(cpuid_flags) && IS_INTEL_BMI2(cpuid_flags)) {
             SHA3_BLOCK = sha3_block_bmi2;
             SHA3_BLOCK_N = sha3_block_n_bmi2;
         }
-        else if (IS_INTEL_AVX2(cpuid_flags)) {
-            SHA3_BLOCK = sha3_block_avx2;
-            SHA3_BLOCK_N = NULL;
-        }
         else {
             SHA3_BLOCK = BlockSha3;
             SHA3_BLOCK_N = NULL;
         }
     }
 #define SHA3_FUNC_PTR
-#endif
+#endif /* USE_INTEL_SPEEDUP */
 #if defined(__aarch64__) && defined(WOLFSSL_ARMASM)
-    if (!cpuid_flags_set) {
-        cpuid_flags = cpuid_get_flags();
-        cpuid_flags_set = 1;
+    {
+        int cpuid_flags_were_updated = cpuid_get_flags_ex(&cpuid_flags);
+        if ((! cpuid_flags_were_updated) && (SHA3_BLOCK != NULL)) {
+        }
+        else
     #ifdef WOLFSSL_ARMASM_CRYPTO_SHA3
         if (IS_AARCH64_SHA3(cpuid_flags)) {
             SHA3_BLOCK = BlockSha3_crypto;
@@ -699,9 +684,10 @@ static int Sha3Update(wc_Sha3* sha3, const byte* data, word32 len, byte p)
     word32 i;
     word32 blocks;
 
-#if defined(WOLFSSL_LINUXKM) && defined(USE_INTEL_SPEEDUP)
-    if (SHA3_BLOCK == sha3_block_avx2)
+#if defined(WOLFSSL_USE_SAVE_VECTOR_REGISTERS) && defined(USE_INTEL_SPEEDUP)
+    if (SHA3_BLOCK == sha3_block_avx2) {
         SAVE_VECTOR_REGISTERS(return _svr_ret;);
+    }
 #endif
     if (sha3->i > 0) {
         byte *t;
@@ -719,9 +705,13 @@ static int Sha3Update(wc_Sha3* sha3, const byte* data, word32 len, byte p)
         sha3->i = (byte)(sha3->i + i);
 
         if (sha3->i == p * 8) {
+        #if !defined(BIG_ENDIAN_ORDER)
+            xorbuf(sha3->s, sha3->t, (word32)(p * 8));
+        #else
             for (i = 0; i < p; i++) {
                 sha3->s[i] ^= Load64BitBigEndian(sha3->t + 8 * i);
             }
+        #endif
         #ifdef SHA3_FUNC_PTR
             (*SHA3_BLOCK)(sha3->s);
         #else
@@ -740,9 +730,13 @@ static int Sha3Update(wc_Sha3* sha3, const byte* data, word32 len, byte p)
     }
     #endif
     for (; blocks > 0; blocks--) {
+    #if !defined(BIG_ENDIAN_ORDER)
+        xorbuf(sha3->s, data, (word32)(p * 8));
+    #else
         for (i = 0; i < p; i++) {
             sha3->s[i] ^= Load64Unaligned(data + 8 * i);
         }
+    #endif
     #ifdef SHA3_FUNC_PTR
         (*SHA3_BLOCK)(sha3->s);
     #else
@@ -751,9 +745,10 @@ static int Sha3Update(wc_Sha3* sha3, const byte* data, word32 len, byte p)
         len -= p * 8U;
         data += p * 8U;
     }
-#if defined(WOLFSSL_LINUXKM) && defined(USE_INTEL_SPEEDUP)
-    if (SHA3_BLOCK == sha3_block_avx2)
+#if defined(WOLFSSL_USE_SAVE_VECTOR_REGISTERS) && defined(USE_INTEL_SPEEDUP)
+    if (SHA3_BLOCK == sha3_block_avx2) {
         RESTORE_VECTOR_REGISTERS();
+    }
 #endif
     if (len > 0) {
         XMEMCPY(sha3->t, data, len);
@@ -775,12 +770,25 @@ static int Sha3Final(wc_Sha3* sha3, byte padChar, byte* hash, byte p, word32 l)
 {
     word32 rate = p * 8U;
     word32 j;
+#if defined(BIG_ENDIAN_ORDER)
     word32 i;
+#endif
 
+#if !defined(BIG_ENDIAN_ORDER)
+    xorbuf(sha3->s, sha3->t, sha3->i);
+#ifdef WOLFSSL_HASH_FLAGS
+    if ((p == WC_SHA3_256_COUNT) && (sha3->flags & WC_HASH_SHA3_KECCAK256)) {
+        padChar = 0x01;
+    }
+#endif
+    ((byte*)sha3->s)[sha3->i ] ^= padChar;
+    ((byte*)sha3->s)[rate - 1] ^= 0x80;
+#else
     sha3->t[rate - 1]  = 0x00;
 #ifdef WOLFSSL_HASH_FLAGS
-    if ((p == WC_SHA3_256_COUNT) && (sha3->flags & WC_HASH_SHA3_KECCAK256))
+    if ((p == WC_SHA3_256_COUNT) && (sha3->flags & WC_HASH_SHA3_KECCAK256)) {
         padChar = 0x01;
+    }
 #endif
     sha3->t[sha3->i ]  = padChar;
     sha3->t[rate - 1] |= 0x80;
@@ -790,8 +798,9 @@ static int Sha3Final(wc_Sha3* sha3, byte padChar, byte* hash, byte p, word32 l)
     for (i = 0; i < p; i++) {
         sha3->s[i] ^= Load64BitBigEndian(sha3->t + 8 * i);
     }
+#endif
 
-#if defined(WOLFSSL_LINUXKM) && defined(USE_INTEL_SPEEDUP)
+#if defined(WOLFSSL_USE_SAVE_VECTOR_REGISTERS) && defined(USE_INTEL_SPEEDUP)
     if (SHA3_BLOCK == sha3_block_avx2)
         SAVE_VECTOR_REGISTERS(return _svr_ret;);
 #endif
@@ -819,9 +828,10 @@ static int Sha3Final(wc_Sha3* sha3, byte padChar, byte* hash, byte p, word32 l)
     #endif
         XMEMCPY(hash + j, sha3->s, l - j);
     }
-#if defined(WOLFSSL_LINUXKM) && defined(USE_INTEL_SPEEDUP)
-    if (SHA3_BLOCK == sha3_block_avx2)
+#if defined(WOLFSSL_USE_SAVE_VECTOR_REGISTERS) && defined(USE_INTEL_SPEEDUP)
+    if (SHA3_BLOCK == sha3_block_avx2) {
         RESTORE_VECTOR_REGISTERS();
+    }
 #endif
 
     return 0;
@@ -1529,7 +1539,7 @@ int wc_Shake128_SqueezeBlocks(wc_Shake* shake, byte* out, word32 blockCnt)
     if ((shake == NULL) || (out == NULL && blockCnt != 0)) {
         return BAD_FUNC_ARG;
     }
-#if defined(WOLFSSL_LINUXKM) && defined(USE_INTEL_SPEEDUP)
+#if defined(WOLFSSL_USE_SAVE_VECTOR_REGISTERS) && defined(USE_INTEL_SPEEDUP)
     if (SHA3_BLOCK == sha3_block_avx2)
         SAVE_VECTOR_REGISTERS(return _svr_ret;);
 #endif
@@ -1546,7 +1556,7 @@ int wc_Shake128_SqueezeBlocks(wc_Shake* shake, byte* out, word32 blockCnt)
     #endif
         out += WC_SHA3_128_COUNT * 8;
     }
-#if defined(WOLFSSL_LINUXKM) && defined(USE_INTEL_SPEEDUP)
+#if defined(WOLFSSL_USE_SAVE_VECTOR_REGISTERS) && defined(USE_INTEL_SPEEDUP)
     if (SHA3_BLOCK == sha3_block_avx2)
         RESTORE_VECTOR_REGISTERS();
 #endif
@@ -1674,7 +1684,7 @@ int wc_Shake256_SqueezeBlocks(wc_Shake* shake, byte* out, word32 blockCnt)
     if ((shake == NULL) || (out == NULL && blockCnt != 0)) {
         return BAD_FUNC_ARG;
     }
-#if defined(WOLFSSL_LINUXKM) && defined(USE_INTEL_SPEEDUP)
+#if defined(WOLFSSL_USE_SAVE_VECTOR_REGISTERS) && defined(USE_INTEL_SPEEDUP)
     if (SHA3_BLOCK == sha3_block_avx2)
         SAVE_VECTOR_REGISTERS(return _svr_ret;);
 #endif
@@ -1691,7 +1701,7 @@ int wc_Shake256_SqueezeBlocks(wc_Shake* shake, byte* out, word32 blockCnt)
     #endif
         out += WC_SHA3_256_COUNT * 8;
     }
-#if defined(WOLFSSL_LINUXKM) && defined(USE_INTEL_SPEEDUP)
+#if defined(WOLFSSL_USE_SAVE_VECTOR_REGISTERS) && defined(USE_INTEL_SPEEDUP)
     if (SHA3_BLOCK == sha3_block_avx2)
         RESTORE_VECTOR_REGISTERS();
 #endif
diff --git a/wolfcrypt/src/sha3_asm.S b/wolfcrypt/src/sha3_asm.S
index fef286160..d28fd046e 100644
--- a/wolfcrypt/src/sha3_asm.S
+++ b/wolfcrypt/src/sha3_asm.S
@@ -58,32 +58,32 @@
 .p2align	4
 #endif /* __APPLE__ */
 L_sha3_avx2_r:
-.quad	0x1,0x1
-.quad	0x1,0x1
-.quad	0x8082,0x8082
-.quad	0x8082,0x8082
+.quad	0x0000000000000001,0x0000000000000001
+.quad	0x0000000000000001,0x0000000000000001
+.quad	0x0000000000008082,0x0000000000008082
+.quad	0x0000000000008082,0x0000000000008082
 .quad	0x800000000000808a,0x800000000000808a
 .quad	0x800000000000808a,0x800000000000808a
 .quad	0x8000000080008000,0x8000000080008000
 .quad	0x8000000080008000,0x8000000080008000
-.quad	0x808b,0x808b
-.quad	0x808b,0x808b
-.quad	0x80000001,0x80000001
-.quad	0x80000001,0x80000001
+.quad	0x000000000000808b,0x000000000000808b
+.quad	0x000000000000808b,0x000000000000808b
+.quad	0x0000000080000001,0x0000000080000001
+.quad	0x0000000080000001,0x0000000080000001
 .quad	0x8000000080008081,0x8000000080008081
 .quad	0x8000000080008081,0x8000000080008081
 .quad	0x8000000000008009,0x8000000000008009
 .quad	0x8000000000008009,0x8000000000008009
-.quad	0x8a,0x8a
-.quad	0x8a,0x8a
-.quad	0x88,0x88
-.quad	0x88,0x88
-.quad	0x80008009,0x80008009
-.quad	0x80008009,0x80008009
-.quad	0x8000000a,0x8000000a
-.quad	0x8000000a,0x8000000a
-.quad	0x8000808b,0x8000808b
-.quad	0x8000808b,0x8000808b
+.quad	0x000000000000008a,0x000000000000008a
+.quad	0x000000000000008a,0x000000000000008a
+.quad	0x0000000000000088,0x0000000000000088
+.quad	0x0000000000000088,0x0000000000000088
+.quad	0x0000000080008009,0x0000000080008009
+.quad	0x0000000080008009,0x0000000080008009
+.quad	0x000000008000000a,0x000000008000000a
+.quad	0x000000008000000a,0x000000008000000a
+.quad	0x000000008000808b,0x000000008000808b
+.quad	0x000000008000808b,0x000000008000808b
 .quad	0x800000000000008b,0x800000000000008b
 .quad	0x800000000000008b,0x800000000000008b
 .quad	0x8000000000008089,0x8000000000008089
@@ -94,16 +94,16 @@ L_sha3_avx2_r:
 .quad	0x8000000000008002,0x8000000000008002
 .quad	0x8000000000000080,0x8000000000000080
 .quad	0x8000000000000080,0x8000000000000080
-.quad	0x800a,0x800a
-.quad	0x800a,0x800a
+.quad	0x000000000000800a,0x000000000000800a
+.quad	0x000000000000800a,0x000000000000800a
 .quad	0x800000008000000a,0x800000008000000a
 .quad	0x800000008000000a,0x800000008000000a
 .quad	0x8000000080008081,0x8000000080008081
 .quad	0x8000000080008081,0x8000000080008081
 .quad	0x8000000000008080,0x8000000000008080
 .quad	0x8000000000008080,0x8000000000008080
-.quad	0x80000001,0x80000001
-.quad	0x80000001,0x80000001
+.quad	0x0000000080000001,0x0000000080000001
+.quad	0x0000000080000001,0x0000000080000001
 .quad	0x8000000080008008,0x8000000080008008
 .quad	0x8000000080008008,0x8000000080008008
 #ifndef __APPLE__
@@ -117,32 +117,32 @@ L_sha3_avx2_r:
 .p2align	4
 #endif /* __APPLE__ */
 L_sha3_x4_avx2_r:
-.quad	0x1,0x1
-.quad	0x1,0x1
-.quad	0x8082,0x8082
-.quad	0x8082,0x8082
+.quad	0x0000000000000001,0x0000000000000001
+.quad	0x0000000000000001,0x0000000000000001
+.quad	0x0000000000008082,0x0000000000008082
+.quad	0x0000000000008082,0x0000000000008082
 .quad	0x800000000000808a,0x800000000000808a
 .quad	0x800000000000808a,0x800000000000808a
 .quad	0x8000000080008000,0x8000000080008000
 .quad	0x8000000080008000,0x8000000080008000
-.quad	0x808b,0x808b
-.quad	0x808b,0x808b
-.quad	0x80000001,0x80000001
-.quad	0x80000001,0x80000001
+.quad	0x000000000000808b,0x000000000000808b
+.quad	0x000000000000808b,0x000000000000808b
+.quad	0x0000000080000001,0x0000000080000001
+.quad	0x0000000080000001,0x0000000080000001
 .quad	0x8000000080008081,0x8000000080008081
 .quad	0x8000000080008081,0x8000000080008081
 .quad	0x8000000000008009,0x8000000000008009
 .quad	0x8000000000008009,0x8000000000008009
-.quad	0x8a,0x8a
-.quad	0x8a,0x8a
-.quad	0x88,0x88
-.quad	0x88,0x88
-.quad	0x80008009,0x80008009
-.quad	0x80008009,0x80008009
-.quad	0x8000000a,0x8000000a
-.quad	0x8000000a,0x8000000a
-.quad	0x8000808b,0x8000808b
-.quad	0x8000808b,0x8000808b
+.quad	0x000000000000008a,0x000000000000008a
+.quad	0x000000000000008a,0x000000000000008a
+.quad	0x0000000000000088,0x0000000000000088
+.quad	0x0000000000000088,0x0000000000000088
+.quad	0x0000000080008009,0x0000000080008009
+.quad	0x0000000080008009,0x0000000080008009
+.quad	0x000000008000000a,0x000000008000000a
+.quad	0x000000008000000a,0x000000008000000a
+.quad	0x000000008000808b,0x000000008000808b
+.quad	0x000000008000808b,0x000000008000808b
 .quad	0x800000000000008b,0x800000000000008b
 .quad	0x800000000000008b,0x800000000000008b
 .quad	0x8000000000008089,0x8000000000008089
@@ -153,16 +153,16 @@ L_sha3_x4_avx2_r:
 .quad	0x8000000000008002,0x8000000000008002
 .quad	0x8000000000000080,0x8000000000000080
 .quad	0x8000000000000080,0x8000000000000080
-.quad	0x800a,0x800a
-.quad	0x800a,0x800a
+.quad	0x000000000000800a,0x000000000000800a
+.quad	0x000000000000800a,0x000000000000800a
 .quad	0x800000008000000a,0x800000008000000a
 .quad	0x800000008000000a,0x800000008000000a
 .quad	0x8000000080008081,0x8000000080008081
 .quad	0x8000000080008081,0x8000000080008081
 .quad	0x8000000000008080,0x8000000000008080
 .quad	0x8000000000008080,0x8000000000008080
-.quad	0x80000001,0x80000001
-.quad	0x80000001,0x80000001
+.quad	0x0000000080000001,0x0000000080000001
+.quad	0x0000000080000001,0x0000000080000001
 .quad	0x8000000080008008,0x8000000080008008
 .quad	0x8000000080008008,0x8000000080008008
 #ifdef HAVE_INTEL_AVX2
@@ -9319,18 +9319,18 @@ L_sha3_block_n_bmi2_rounds:
 .p2align	4
 #endif /* __APPLE__ */
 L_sha3_block_avx2_rotl:
-.quad	0x1,0x3e
-.quad	0x1c,0x1b
-.quad	0x2c,0x6
-.quad	0x37,0x14
-.quad	0xa,0x2b
-.quad	0x19,0x27
-.quad	0x2d,0xf
-.quad	0x15,0x8
-.quad	0x24,0x3
-.quad	0x29,0x12
-.quad	0x2,0x3d
-.quad	0x38,0xe
+.quad	0x0000000000000001,0x000000000000003e
+.quad	0x000000000000001c,0x000000000000001b
+.quad	0x000000000000002c,0x0000000000000006
+.quad	0x0000000000000037,0x0000000000000014
+.quad	0x000000000000000a,0x000000000000002b
+.quad	0x0000000000000019,0x0000000000000027
+.quad	0x000000000000002d,0x000000000000000f
+.quad	0x0000000000000015,0x0000000000000008
+.quad	0x0000000000000024,0x0000000000000003
+.quad	0x0000000000000029,0x0000000000000012
+.quad	0x0000000000000002,0x000000000000003d
+.quad	0x0000000000000038,0x000000000000000e
 #ifndef __APPLE__
 .data
 #else
@@ -9342,18 +9342,18 @@ L_sha3_block_avx2_rotl:
 .p2align	4
 #endif /* __APPLE__ */
 L_sha3_block_avx2_rotr:
-.quad	0x3f,0x2
-.quad	0x24,0x25
-.quad	0x14,0x3a
-.quad	0x9,0x2c
-.quad	0x36,0x15
-.quad	0x27,0x19
-.quad	0x13,0x31
-.quad	0x2b,0x38
-.quad	0x1c,0x3d
-.quad	0x17,0x2e
-.quad	0x3e,0x3
-.quad	0x8,0x32
+.quad	0x000000000000003f,0x0000000000000002
+.quad	0x0000000000000024,0x0000000000000025
+.quad	0x0000000000000014,0x000000000000003a
+.quad	0x0000000000000009,0x000000000000002c
+.quad	0x0000000000000036,0x0000000000000015
+.quad	0x0000000000000027,0x0000000000000019
+.quad	0x0000000000000013,0x0000000000000031
+.quad	0x000000000000002b,0x0000000000000038
+.quad	0x000000000000001c,0x000000000000003d
+.quad	0x0000000000000017,0x000000000000002e
+.quad	0x000000000000003e,0x0000000000000003
+.quad	0x0000000000000008,0x0000000000000032
 #ifndef __APPLE__
 .text
 .globl	sha3_block_avx2
@@ -9392,36 +9392,31 @@ _sha3_block_avx2:
 L_sha3_block_avx2_start:
         # Calc b[0..4]
         vpshufd	$0xee, %ymm5, %ymm7
-        vpxor	%ymm7, %ymm5, %ymm14
         vpxor	%ymm2, %ymm1, %ymm15
+        vpxor	%ymm7, %ymm5, %ymm14
+        vpxor	%ymm4, %ymm3, %ymm12
         vpermq	$0xaa, %ymm14, %ymm7
         vpxor	%ymm0, %ymm14, %ymm14
-        vpxor	%ymm4, %ymm3, %ymm12
         vpxor	%ymm7, %ymm14, %ymm14
-        vpermq	$0x00, %ymm14, %ymm14
         vpxor	%ymm6, %ymm15, %ymm15
         vpxor	%ymm12, %ymm15, %ymm15
+        vpermq	$0x00, %ymm14, %ymm14
         # XOR in b[x+4]
         vpermq	$0x93, %ymm15, %ymm7
         vpermq	$57, %ymm15, %ymm9
-        vpermq	$0xff, %ymm15, %ymm8
         vpermq	$0x00, %ymm15, %ymm10
-        vpblendd	$3, %ymm14, %ymm7, %ymm7
+        vpermq	$0xff, %ymm15, %ymm15
         vpblendd	$0xc0, %ymm14, %ymm9, %ymm9
-        vpxor	%ymm8, %ymm0, %ymm0
-        vpxor	%ymm7, %ymm1, %ymm1
-        vpxor	%ymm7, %ymm2, %ymm2
-        vpxor	%ymm7, %ymm3, %ymm3
-        vpxor	%ymm7, %ymm4, %ymm4
-        vpxor	%ymm8, %ymm5, %ymm5
-        vpxor	%ymm7, %ymm6, %ymm6
+        vpblendd	$3, %ymm14, %ymm7, %ymm14
         # Rotate left 1
-        vpsrlq	$63, %ymm9, %ymm7
         vpsrlq	$63, %ymm10, %ymm8
-        vpaddq	%ymm9, %ymm9, %ymm9
         vpaddq	%ymm10, %ymm10, %ymm10
-        vpor	%ymm7, %ymm9, %ymm9
+        vpsrlq	$63, %ymm9, %ymm7
+        vpaddq	%ymm9, %ymm9, %ymm9
         vpor	%ymm8, %ymm10, %ymm10
+        vpor	%ymm7, %ymm9, %ymm9
+        vpxor	%ymm15, %ymm10, %ymm10
+        vpxor	%ymm14, %ymm9, %ymm9
         # XOR in ROTL64(b[x+1])
         vpxor	%ymm10, %ymm0, %ymm0
         vpxor	%ymm9, %ymm1, %ymm1
@@ -9431,24 +9426,36 @@ L_sha3_block_avx2_start:
         vpxor	%ymm10, %ymm5, %ymm5
         vpxor	%ymm9, %ymm6, %ymm6
         # Shuffle - Rotate
-        vpsrlvq	-64(%rcx), %ymm1, %ymm8
-        vpsrlvq	-32(%rcx), %ymm2, %ymm9
-        vpsrlvq	(%rcx), %ymm3, %ymm10
-        vpsrlvq	32(%rcx), %ymm4, %ymm11
-        vpsrlvq	64(%rcx), %ymm5, %ymm12
-        vpsrlvq	96(%rcx), %ymm6, %ymm13
-        vpsllvq	-64(%rax), %ymm1, %ymm1
-        vpsllvq	-32(%rax), %ymm2, %ymm2
-        vpsllvq	(%rax), %ymm3, %ymm3
-        vpsllvq	32(%rax), %ymm4, %ymm4
-        vpsllvq	64(%rax), %ymm5, %ymm5
-        vpsllvq	96(%rax), %ymm6, %ymm6
-        vpor	%ymm8, %ymm1, %ymm1
+        vmovdqu	-64(%rcx), %ymm7
+        vmovdqu	-32(%rcx), %ymm9
+        vmovdqu	(%rcx), %ymm11
+        vmovdqu	-64(%rax), %ymm8
+        vmovdqu	-32(%rax), %ymm10
+        vmovdqu	(%rax), %ymm12
+        vpsrlvq	%ymm7, %ymm1, %ymm7
+        vpsrlvq	%ymm9, %ymm2, %ymm9
+        vpsrlvq	%ymm11, %ymm3, %ymm11
+        vpsllvq	%ymm8, %ymm1, %ymm1
+        vpsllvq	%ymm10, %ymm2, %ymm2
+        vpsllvq	%ymm12, %ymm3, %ymm3
+        vpor	%ymm7, %ymm1, %ymm1
         vpor	%ymm9, %ymm2, %ymm2
-        vpor	%ymm10, %ymm3, %ymm3
-        vpor	%ymm11, %ymm4, %ymm4
-        vpor	%ymm12, %ymm5, %ymm5
-        vpor	%ymm13, %ymm6, %ymm6
+        vpor	%ymm11, %ymm3, %ymm3
+        vmovdqu	32(%rcx), %ymm7
+        vmovdqu	64(%rcx), %ymm9
+        vmovdqu	96(%rcx), %ymm11
+        vmovdqu	32(%rax), %ymm8
+        vmovdqu	64(%rax), %ymm10
+        vmovdqu	96(%rax), %ymm12
+        vpsrlvq	%ymm7, %ymm4, %ymm7
+        vpsrlvq	%ymm9, %ymm5, %ymm9
+        vpsrlvq	%ymm11, %ymm6, %ymm11
+        vpsllvq	%ymm8, %ymm4, %ymm4
+        vpsllvq	%ymm10, %ymm5, %ymm5
+        vpsllvq	%ymm12, %ymm6, %ymm6
+        vpor	%ymm7, %ymm4, %ymm4
+        vpor	%ymm9, %ymm5, %ymm5
+        vpor	%ymm11, %ymm6, %ymm6
         # Row Mix
         vpermq	$0x00, %ymm2, %ymm12
         vpermq	$0x55, %ymm3, %ymm13
@@ -9487,14 +9494,14 @@ L_sha3_block_avx2_start:
         vpxor	%ymm2, %ymm13, %ymm13
         vpxor	%ymm3, %ymm14, %ymm14
         vpxor	%ymm4, %ymm15, %ymm15
-        vpunpcklqdq	%ymm13, %ymm12, %ymm2
-        vpunpckhqdq	%ymm13, %ymm12, %ymm3
-        vpunpcklqdq	%ymm15, %ymm14, %ymm7
-        vpunpckhqdq	%ymm15, %ymm14, %ymm8
-        vperm2i128	$49, %ymm7, %ymm2, %ymm4
-        vperm2i128	$49, %ymm8, %ymm3, %ymm6
-        vperm2i128	$32, %ymm7, %ymm2, %ymm2
-        vperm2i128	$32, %ymm8, %ymm3, %ymm3
+        vperm2i128	$32, %ymm14, %ymm12, %ymm3
+        vperm2i128	$32, %ymm15, %ymm13, %ymm7
+        vperm2i128	$49, %ymm14, %ymm12, %ymm6
+        vperm2i128	$49, %ymm15, %ymm13, %ymm8
+        vpunpcklqdq	%ymm7, %ymm3, %ymm2
+        vpunpckhqdq	%ymm7, %ymm3, %ymm3
+        vpunpcklqdq	%ymm8, %ymm6, %ymm4
+        vpunpckhqdq	%ymm8, %ymm6, %ymm6
         vpxor	(%rdx), %ymm0, %ymm0
         addq	$32, %rdx
         subq	$0x01, %r8
@@ -9521,6 +9528,408 @@ L_sha3_block_avx2_start:
 .size	sha3_block_avx2,.-sha3_block_avx2
 #endif /* __APPLE__ */
 #ifndef __APPLE__
+.data
+#else
+.section	__DATA,__data
+#endif /* __APPLE__ */
+#ifndef __APPLE__
+.align	16
+#else
+.p2align	4
+#endif /* __APPLE__ */
+L_sha3_block_n_avx2_rotl:
+.quad	0x0000000000000001,0x000000000000003e
+.quad	0x000000000000001c,0x000000000000001b
+.quad	0x000000000000002c,0x0000000000000006
+.quad	0x0000000000000037,0x0000000000000014
+.quad	0x000000000000000a,0x000000000000002b
+.quad	0x0000000000000019,0x0000000000000027
+.quad	0x000000000000002d,0x000000000000000f
+.quad	0x0000000000000015,0x0000000000000008
+.quad	0x0000000000000024,0x0000000000000003
+.quad	0x0000000000000029,0x0000000000000012
+.quad	0x0000000000000002,0x000000000000003d
+.quad	0x0000000000000038,0x000000000000000e
+#ifndef __APPLE__
+.data
+#else
+.section	__DATA,__data
+#endif /* __APPLE__ */
+#ifndef __APPLE__
+.align	16
+#else
+.p2align	4
+#endif /* __APPLE__ */
+L_sha3_block_n_avx2_rotr:
+.quad	0x000000000000003f,0x0000000000000002
+.quad	0x0000000000000024,0x0000000000000025
+.quad	0x0000000000000014,0x000000000000003a
+.quad	0x0000000000000009,0x000000000000002c
+.quad	0x0000000000000036,0x0000000000000015
+.quad	0x0000000000000027,0x0000000000000019
+.quad	0x0000000000000013,0x0000000000000031
+.quad	0x000000000000002b,0x0000000000000038
+.quad	0x000000000000001c,0x000000000000003d
+.quad	0x0000000000000017,0x000000000000002e
+.quad	0x000000000000003e,0x0000000000000003
+.quad	0x0000000000000008,0x0000000000000032
+#ifndef __APPLE__
+.text
+.globl	sha3_block_n_avx2
+.type	sha3_block_n_avx2,@function
+.align	16
+sha3_block_n_avx2:
+#else
+.section	__TEXT,__text
+.globl	_sha3_block_n_avx2
+.p2align	4
+_sha3_block_n_avx2:
+#endif /* __APPLE__ */
+        leaq	L_sha3_avx2_r(%rip), %rax
+        leaq	L_sha3_block_n_avx2_rotl(%rip), %r8
+        addq	$0x40, %r8
+        leaq	L_sha3_block_n_avx2_rotr(%rip), %r9
+        addq	$0x40, %r9
+        vpbroadcastq	(%rdi), %ymm0
+        vmovdqu	8(%rdi), %ymm1
+        vmovdqu	40(%rdi), %ymm2
+        vmovdqu	72(%rdi), %ymm3
+        vmovdqu	104(%rdi), %ymm4
+        vmovdqu	136(%rdi), %ymm5
+        vmovdqu	168(%rdi), %ymm6
+        movq	$24, %r10
+        cmpq	$0x88, %rcx
+        je	L_sha3_block_n_avx2_load_256_1
+        cmpq	$0xa8, %rcx
+        je	L_sha3_block_n_avx2_load_128_1
+        cmpq	$0x90, %rcx
+        je	L_sha3_block_n_avx2_load_224_1
+        cmpq	$0x68, %rcx
+        je	L_sha3_block_n_avx2_load_384_1
+        vpbroadcastq	(%rsi), %ymm7
+        vmovdqu	8(%rsi), %ymm8
+        vmovdqu	40(%rsi), %ymm9
+        vpxor	%ymm7, %ymm0, %ymm0
+        vpxor	%ymm8, %ymm1, %ymm1
+        vpxor	%ymm9, %ymm2, %ymm2
+        jmp	L_sha3_block_n_avx2_start_1
+L_sha3_block_n_avx2_load_128_1:
+        vpbroadcastq	(%rsi), %ymm7
+        vmovdqu	8(%rsi), %ymm8
+        vmovdqu	40(%rsi), %ymm9
+        vmovdqu	72(%rsi), %ymm10
+        vmovdqu	104(%rsi), %ymm11
+        vmovdqu	136(%rsi), %ymm12
+        vpxor	%ymm7, %ymm0, %ymm0
+        vpxor	%ymm8, %ymm1, %ymm1
+        vpxor	%ymm9, %ymm2, %ymm2
+        vpxor	%ymm10, %ymm3, %ymm3
+        vpxor	%ymm11, %ymm4, %ymm4
+        vpxor	%ymm12, %ymm5, %ymm5
+        jmp	L_sha3_block_n_avx2_start_1
+L_sha3_block_n_avx2_load_224_1:
+        vpxor	%ymm12, %ymm12, %ymm12
+        vpbroadcastq	(%rsi), %ymm7
+        vmovdqu	8(%rsi), %ymm8
+        vmovdqu	40(%rsi), %ymm9
+        vmovdqu	72(%rsi), %ymm10
+        vmovdqu	104(%rsi), %ymm11
+        vmovq	136(%rsi), %xmm12
+        vpxor	%ymm7, %ymm0, %ymm0
+        vpxor	%ymm8, %ymm1, %ymm1
+        vpxor	%ymm9, %ymm2, %ymm2
+        vpxor	%ymm10, %ymm3, %ymm3
+        vpxor	%ymm11, %ymm4, %ymm4
+        vpxor	%ymm12, %ymm5, %ymm5
+        jmp	L_sha3_block_n_avx2_start_1
+L_sha3_block_n_avx2_load_384_1:
+        vpbroadcastq	(%rsi), %ymm7
+        vmovdqu	8(%rsi), %ymm8
+        vmovdqu	40(%rsi), %ymm9
+        vmovdqu	72(%rsi), %ymm10
+        vpxor	%ymm7, %ymm0, %ymm0
+        vpxor	%ymm8, %ymm1, %ymm1
+        vpxor	%ymm9, %ymm2, %ymm2
+        vpxor	%ymm10, %ymm3, %ymm3
+        jmp	L_sha3_block_n_avx2_start_1
+L_sha3_block_n_avx2_load_256_1:
+        vpbroadcastq	(%rsi), %ymm7
+        vmovdqu	8(%rsi), %ymm8
+        vmovdqu	40(%rsi), %ymm9
+        vmovdqu	72(%rsi), %ymm10
+        vmovdqu	104(%rsi), %ymm11
+        vpxor	%ymm7, %ymm0, %ymm0
+        vpxor	%ymm8, %ymm1, %ymm1
+        vpxor	%ymm9, %ymm2, %ymm2
+        vpxor	%ymm10, %ymm3, %ymm3
+        vpxor	%ymm11, %ymm4, %ymm4
+L_sha3_block_n_avx2_start_1:
+        vpermq	$57, %ymm2, %ymm7
+        vpermq	$30, %ymm3, %ymm8
+        vpermq	$0x4b, %ymm4, %ymm9
+        vpermq	$0x93, %ymm5, %ymm10
+        vpblendd	$12, %ymm3, %ymm2, %ymm11
+        vpblendd	$0xc0, %ymm5, %ymm4, %ymm12
+        vpblendd	$0xc0, %ymm8, %ymm7, %ymm2
+        vpblendd	$0xf0, %ymm9, %ymm8, %ymm3
+        vpblendd	$3, %ymm9, %ymm10, %ymm4
+        vpblendd	$0xf0, %ymm12, %ymm11, %ymm5
+        jmp	L_sha3_block_n_avx2_rounds
+L_sha3_block_n_avx2_start:
+        movq	$24, %r10
+        cmpq	$0x88, %rcx
+        je	L_sha3_block_n_avx2_load_256
+        cmpq	$0xa8, %rcx
+        je	L_sha3_block_n_avx2_load_128
+        cmpq	$0x90, %rcx
+        je	L_sha3_block_n_avx2_load_224
+        cmpq	$0x68, %rcx
+        je	L_sha3_block_n_avx2_load_384
+        vpbroadcastq	(%rsi), %ymm7
+        vmovdqu	8(%rsi), %ymm8
+        vmovdqu	40(%rsi), %ymm9
+        vpxor	%ymm12, %ymm12, %ymm12
+        vpxor	%ymm7, %ymm0, %ymm0
+        vpxor	%ymm8, %ymm1, %ymm1
+        vpermq	$57, %ymm9, %ymm7
+        vpblendd	$0xfc, %ymm12, %ymm9, %ymm15
+        vpblendd	$0xc0, %ymm12, %ymm7, %ymm7
+        vpxor	%ymm7, %ymm2, %ymm2
+        vpxor	%ymm15, %ymm5, %ymm5
+        jmp	L_sha3_block_n_avx2_rounds
+L_sha3_block_n_avx2_load_128:
+        vpbroadcastq	(%rsi), %ymm7
+        vmovdqu	8(%rsi), %ymm8
+        vmovdqu	40(%rsi), %ymm9
+        vmovdqu	72(%rsi), %ymm10
+        vmovdqu	104(%rsi), %ymm11
+        vmovdqu	136(%rsi), %ymm12
+        vpxor	%ymm7, %ymm0, %ymm0
+        vpxor	%ymm8, %ymm1, %ymm1
+        vpermq	$57, %ymm9, %ymm7
+        vpermq	$30, %ymm10, %ymm8
+        vpermq	$0x4b, %ymm11, %ymm13
+        vpermq	$0x93, %ymm12, %ymm14
+        vpblendd	$12, %ymm10, %ymm9, %ymm15
+        vpblendd	$0xc0, %ymm12, %ymm11, %ymm11
+        vpblendd	$0xc0, %ymm8, %ymm7, %ymm7
+        vpblendd	$0xf0, %ymm13, %ymm8, %ymm8
+        vpblendd	$3, %ymm13, %ymm14, %ymm13
+        vpblendd	$0xf0, %ymm11, %ymm15, %ymm11
+        vpxor	%ymm7, %ymm2, %ymm2
+        vpxor	%ymm8, %ymm3, %ymm3
+        vpxor	%ymm13, %ymm4, %ymm4
+        vpxor	%ymm11, %ymm5, %ymm5
+        jmp	L_sha3_block_n_avx2_rounds
+L_sha3_block_n_avx2_load_224:
+        vpxor	%ymm12, %ymm12, %ymm12
+        vpbroadcastq	(%rsi), %ymm7
+        vmovdqu	8(%rsi), %ymm8
+        vmovdqu	40(%rsi), %ymm9
+        vmovdqu	72(%rsi), %ymm10
+        vmovdqu	104(%rsi), %ymm11
+        vmovq	136(%rsi), %xmm12
+        vpxor	%ymm7, %ymm0, %ymm0
+        vpxor	%ymm8, %ymm1, %ymm1
+        vpermq	$57, %ymm9, %ymm7
+        vpermq	$30, %ymm10, %ymm8
+        vpermq	$0x4b, %ymm11, %ymm13
+        vpermq	$0x93, %ymm12, %ymm14
+        vpblendd	$12, %ymm10, %ymm9, %ymm15
+        vpblendd	$0xc0, %ymm12, %ymm11, %ymm11
+        vpblendd	$0xc0, %ymm8, %ymm7, %ymm7
+        vpblendd	$0xf0, %ymm13, %ymm8, %ymm8
+        vpblendd	$3, %ymm13, %ymm14, %ymm13
+        vpblendd	$0xf0, %ymm11, %ymm15, %ymm11
+        vpxor	%ymm7, %ymm2, %ymm2
+        vpxor	%ymm8, %ymm3, %ymm3
+        vpxor	%ymm13, %ymm4, %ymm4
+        vpxor	%ymm11, %ymm5, %ymm5
+        jmp	L_sha3_block_n_avx2_rounds
+L_sha3_block_n_avx2_load_384:
+        vpbroadcastq	(%rsi), %ymm7
+        vmovdqu	8(%rsi), %ymm8
+        vmovdqu	40(%rsi), %ymm9
+        vmovdqu	72(%rsi), %ymm10
+        vpxor	%ymm12, %ymm12, %ymm12
+        vpxor	%ymm7, %ymm0, %ymm0
+        vpxor	%ymm8, %ymm1, %ymm1
+        vpermq	$57, %ymm9, %ymm7
+        vpermq	$30, %ymm10, %ymm8
+        vpblendd	$0xf3, %ymm12, %ymm10, %ymm13
+        vpblendd	$0xfc, %ymm13, %ymm9, %ymm15
+        vpblendd	$0xc0, %ymm8, %ymm7, %ymm7
+        vpblendd	$0xf0, %ymm12, %ymm8, %ymm8
+        vpxor	%ymm7, %ymm2, %ymm2
+        vpxor	%ymm8, %ymm3, %ymm3
+        vpxor	%ymm15, %ymm5, %ymm5
+        jmp	L_sha3_block_n_avx2_rounds
+L_sha3_block_n_avx2_load_256:
+        vpbroadcastq	(%rsi), %ymm7
+        vmovdqu	8(%rsi), %ymm8
+        vmovdqu	40(%rsi), %ymm9
+        vmovdqu	72(%rsi), %ymm10
+        vmovdqu	104(%rsi), %ymm11
+        vpxor	%ymm12, %ymm12, %ymm12
+        vpxor	%ymm7, %ymm0, %ymm0
+        vpxor	%ymm8, %ymm1, %ymm1
+        vpermq	$57, %ymm9, %ymm7
+        vpermq	$30, %ymm10, %ymm8
+        vpermq	$0x4b, %ymm11, %ymm13
+        vpblendd	$12, %ymm10, %ymm9, %ymm15
+        vpblendd	$0xcf, %ymm12, %ymm11, %ymm11
+        vpblendd	$0xc0, %ymm8, %ymm7, %ymm7
+        vpblendd	$0xf0, %ymm13, %ymm8, %ymm8
+        vpblendd	$0xfc, %ymm12, %ymm13, %ymm13
+        vpblendd	$0xf0, %ymm11, %ymm15, %ymm11
+        vpxor	%ymm7, %ymm2, %ymm2
+        vpxor	%ymm8, %ymm3, %ymm3
+        vpxor	%ymm13, %ymm4, %ymm4
+        vpxor	%ymm11, %ymm5, %ymm5
+L_sha3_block_n_avx2_rounds:
+        # Calc b[0..4]
+        vpshufd	$0xee, %ymm5, %ymm7
+        vpxor	%ymm2, %ymm1, %ymm15
+        vpxor	%ymm7, %ymm5, %ymm14
+        vpxor	%ymm4, %ymm3, %ymm12
+        vpermq	$0xaa, %ymm14, %ymm7
+        vpxor	%ymm0, %ymm14, %ymm14
+        vpxor	%ymm7, %ymm14, %ymm14
+        vpxor	%ymm6, %ymm15, %ymm15
+        vpxor	%ymm12, %ymm15, %ymm15
+        vpermq	$0x00, %ymm14, %ymm14
+        # XOR in b[x+4]
+        vpermq	$0x93, %ymm15, %ymm7
+        vpermq	$57, %ymm15, %ymm9
+        vpermq	$0x00, %ymm15, %ymm10
+        vpermq	$0xff, %ymm15, %ymm15
+        vpblendd	$0xc0, %ymm14, %ymm9, %ymm9
+        vpblendd	$3, %ymm14, %ymm7, %ymm14
+        # Rotate left 1
+        vpsrlq	$63, %ymm10, %ymm8
+        vpaddq	%ymm10, %ymm10, %ymm10
+        vpsrlq	$63, %ymm9, %ymm7
+        vpaddq	%ymm9, %ymm9, %ymm9
+        vpor	%ymm8, %ymm10, %ymm10
+        vpor	%ymm7, %ymm9, %ymm9
+        vpxor	%ymm15, %ymm10, %ymm10
+        vpxor	%ymm14, %ymm9, %ymm9
+        # XOR in ROTL64(b[x+1])
+        vpxor	%ymm10, %ymm0, %ymm0
+        vpxor	%ymm9, %ymm1, %ymm1
+        vpxor	%ymm9, %ymm2, %ymm2
+        vpxor	%ymm9, %ymm3, %ymm3
+        vpxor	%ymm9, %ymm4, %ymm4
+        vpxor	%ymm10, %ymm5, %ymm5
+        vpxor	%ymm9, %ymm6, %ymm6
+        # Shuffle - Rotate
+        vmovdqu	-64(%r9), %ymm7
+        vmovdqu	-32(%r9), %ymm9
+        vmovdqu	(%r9), %ymm11
+        vmovdqu	-64(%r8), %ymm8
+        vmovdqu	-32(%r8), %ymm10
+        vmovdqu	(%r8), %ymm12
+        vpsrlvq	%ymm7, %ymm1, %ymm7
+        vpsrlvq	%ymm9, %ymm2, %ymm9
+        vpsrlvq	%ymm11, %ymm3, %ymm11
+        vpsllvq	%ymm8, %ymm1, %ymm1
+        vpsllvq	%ymm10, %ymm2, %ymm2
+        vpsllvq	%ymm12, %ymm3, %ymm3
+        vpor	%ymm7, %ymm1, %ymm1
+        vpor	%ymm9, %ymm2, %ymm2
+        vpor	%ymm11, %ymm3, %ymm3
+        vmovdqu	32(%r9), %ymm7
+        vmovdqu	64(%r9), %ymm9
+        vmovdqu	96(%r9), %ymm11
+        vmovdqu	32(%r8), %ymm8
+        vmovdqu	64(%r8), %ymm10
+        vmovdqu	96(%r8), %ymm12
+        vpsrlvq	%ymm7, %ymm4, %ymm7
+        vpsrlvq	%ymm9, %ymm5, %ymm9
+        vpsrlvq	%ymm11, %ymm6, %ymm11
+        vpsllvq	%ymm8, %ymm4, %ymm4
+        vpsllvq	%ymm10, %ymm5, %ymm5
+        vpsllvq	%ymm12, %ymm6, %ymm6
+        vpor	%ymm7, %ymm4, %ymm4
+        vpor	%ymm9, %ymm5, %ymm5
+        vpor	%ymm11, %ymm6, %ymm6
+        # Row Mix
+        vpermq	$0x00, %ymm2, %ymm12
+        vpermq	$0x55, %ymm3, %ymm13
+        vpermq	$0xaa, %ymm4, %ymm14
+        vpermq	$0xff, %ymm6, %ymm15
+        vpandn	%ymm14, %ymm13, %ymm7
+        vpandn	%ymm15, %ymm14, %ymm8
+        vpandn	%ymm0, %ymm15, %ymm9
+        vpandn	%ymm12, %ymm0, %ymm10
+        vpandn	%ymm13, %ymm12, %ymm11
+        vpxor	%ymm7, %ymm12, %ymm12
+        vpxor	%ymm8, %ymm13, %ymm13
+        vpxor	%ymm9, %ymm14, %ymm14
+        vpxor	%ymm10, %ymm15, %ymm15
+        vpxor	%ymm11, %ymm0, %ymm0
+        vpermq	$0x8d, %ymm5, %ymm7
+        vpblendd	$12, %ymm13, %ymm12, %ymm10
+        vpermq	$0x72, %ymm1, %ymm11
+        vpblendd	$0xc0, %ymm15, %ymm14, %ymm9
+        vpermq	$0x87, %ymm2, %ymm12
+        vpblendd	$0xf0, %ymm9, %ymm10, %ymm1
+        vpermq	$0xc9, %ymm3, %ymm13
+        vpermq	$0x9c, %ymm4, %ymm14
+        vpermq	$45, %ymm6, %ymm15
+        vpblendd	$48, %ymm7, %ymm12, %ymm12
+        vpblendd	$3, %ymm7, %ymm13, %ymm13
+        vpblendd	$0xc0, %ymm7, %ymm14, %ymm14
+        vpblendd	$12, %ymm7, %ymm15, %ymm15
+        vpandn	%ymm13, %ymm12, %ymm5
+        vpandn	%ymm14, %ymm13, %ymm7
+        vpandn	%ymm15, %ymm14, %ymm2
+        vpandn	%ymm11, %ymm15, %ymm3
+        vpandn	%ymm12, %ymm11, %ymm4
+        vpxor	%ymm5, %ymm11, %ymm5
+        vpxor	%ymm7, %ymm12, %ymm12
+        vpxor	%ymm2, %ymm13, %ymm13
+        vpxor	%ymm3, %ymm14, %ymm14
+        vpxor	%ymm4, %ymm15, %ymm15
+        vperm2i128	$32, %ymm14, %ymm12, %ymm3
+        vperm2i128	$32, %ymm15, %ymm13, %ymm7
+        vperm2i128	$49, %ymm14, %ymm12, %ymm6
+        vperm2i128	$49, %ymm15, %ymm13, %ymm8
+        vpunpcklqdq	%ymm7, %ymm3, %ymm2
+        vpunpckhqdq	%ymm7, %ymm3, %ymm3
+        vpunpcklqdq	%ymm8, %ymm6, %ymm4
+        vpunpckhqdq	%ymm8, %ymm6, %ymm6
+        vpxor	(%rax), %ymm0, %ymm0
+        addq	$32, %rax
+        subq	$0x01, %r10
+        jnz	L_sha3_block_n_avx2_rounds
+        subq	$0x300, %rax
+        addq	%rcx, %rsi
+        subl	$0x01, %edx
+        jnz	L_sha3_block_n_avx2_start
+        vpermq	$0x93, %ymm2, %ymm7
+        vpermq	$0x4e, %ymm3, %ymm8
+        vpermq	$57, %ymm4, %ymm9
+        vpblendd	$3, %ymm5, %ymm7, %ymm2
+        vpblendd	$3, %ymm7, %ymm8, %ymm3
+        vpblendd	$12, %ymm5, %ymm3, %ymm3
+        vpblendd	$0xc0, %ymm9, %ymm8, %ymm4
+        vpblendd	$48, %ymm5, %ymm4, %ymm4
+        vpblendd	$0xc0, %ymm5, %ymm9, %ymm5
+        vmovq	%xmm0, (%rdi)
+        vmovdqu	%ymm1, 8(%rdi)
+        vmovdqu	%ymm2, 40(%rdi)
+        vmovdqu	%ymm3, 72(%rdi)
+        vmovdqu	%ymm4, 104(%rdi)
+        vmovdqu	%ymm5, 136(%rdi)
+        vmovdqu	%ymm6, 168(%rdi)
+        vzeroupper
+        repz retq
+#ifndef __APPLE__
+.size	sha3_block_n_avx2,.-sha3_block_n_avx2
+#endif /* __APPLE__ */
+#if defined(WOLFSSL_WC_MLKEM) || defined(WOLFSSL_WC_DILITHIUM)
+#ifndef __APPLE__
 .text
 .globl	sha3_blocksx4_avx2
 .type	sha3_blocksx4_avx2,@function
@@ -14878,6 +15287,16168 @@ _sha3_blocksx4_avx2:
 #ifndef __APPLE__
 .size	sha3_blocksx4_avx2,.-sha3_blocksx4_avx2
 #endif /* __APPLE__ */
+#ifndef __APPLE__
+.data
+#else
+.section	__DATA,__data
+#endif /* __APPLE__ */
+#ifndef __APPLE__
+.align	32
+#else
+.p2align	5
+#endif /* __APPLE__ */
+L_sha3_128_blockx4_seed_avx2_end_mark:
+.quad	0x8000000000000000, 0x8000000000000000
+.quad	0x8000000000000000, 0x8000000000000000
+#ifndef __APPLE__
+.text
+.globl	sha3_128_blocksx4_seed_avx2
+.type	sha3_128_blocksx4_seed_avx2,@function
+.align	16
+sha3_128_blocksx4_seed_avx2:
+#else
+.section	__TEXT,__text
+.globl	_sha3_128_blocksx4_seed_avx2
+.p2align	4
+_sha3_128_blocksx4_seed_avx2:
+#endif /* __APPLE__ */
+        leaq	L_sha3_x4_avx2_r(%rip), %rdx
+        movq	%rdi, %rax
+        movq	%rdi, %rcx
+        vpbroadcastq	(%rsi), %ymm15
+        addq	$0x80, %rdi
+        vpbroadcastq	8(%rsi), %ymm11
+        addq	$0x180, %rax
+        vpbroadcastq	16(%rsi), %ymm12
+        addq	$0x280, %rcx
+        vpbroadcastq	24(%rsi), %ymm13
+        vmovdqu	L_sha3_128_blockx4_seed_avx2_end_mark(%rip), %ymm5
+        vpxor	%ymm6, %ymm6, %ymm6
+        vmovdqu	%ymm11, -96(%rdi)
+        vmovdqu	%ymm12, -64(%rdi)
+        vmovdqu	%ymm13, -32(%rdi)
+        vmovdqu	(%rdi), %ymm14
+        vmovdqu	%ymm6, 32(%rdi)
+        vmovdqu	%ymm6, 64(%rdi)
+        vmovdqu	%ymm6, 96(%rdi)
+        vmovdqu	%ymm6, 128(%rdi)
+        vmovdqu	%ymm6, -96(%rax)
+        vmovdqu	%ymm6, -64(%rax)
+        vmovdqu	%ymm6, -32(%rax)
+        vmovdqu	%ymm6, (%rax)
+        vmovdqu	%ymm6, 32(%rax)
+        vmovdqu	%ymm6, 64(%rax)
+        vmovdqu	%ymm6, 96(%rax)
+        vmovdqu	%ymm6, 128(%rax)
+        vmovdqu	%ymm6, -96(%rcx)
+        vmovdqu	%ymm6, -64(%rcx)
+        vmovdqu	%ymm6, -32(%rcx)
+        vmovdqu	%ymm5, (%rcx)
+        vmovdqu	%ymm6, 32(%rcx)
+        vmovdqu	%ymm6, 64(%rcx)
+        vmovdqu	%ymm6, 96(%rcx)
+        vmovdqu	%ymm6, 128(%rcx)
+        vpxor	%ymm5, %ymm15, %ymm10
+        # Round 0
+        # Calc b[0..4]
+        # Calc t[0..4]
+        vpsrlq	$63, %ymm11, %ymm0
+        vpsrlq	$63, %ymm12, %ymm1
+        vpsrlq	$63, %ymm13, %ymm2
+        vpsrlq	$63, %ymm14, %ymm3
+        vpsrlq	$63, %ymm10, %ymm4
+        vpaddq	%ymm11, %ymm11, %ymm5
+        vpaddq	%ymm12, %ymm12, %ymm6
+        vpaddq	%ymm13, %ymm13, %ymm7
+        vpaddq	%ymm14, %ymm14, %ymm8
+        vpaddq	%ymm10, %ymm10, %ymm9
+        vpor	%ymm0, %ymm5, %ymm5
+        vpor	%ymm1, %ymm6, %ymm6
+        vpor	%ymm2, %ymm7, %ymm7
+        vpor	%ymm3, %ymm8, %ymm8
+        vpor	%ymm4, %ymm9, %ymm9
+        vpxor	%ymm14, %ymm5, %ymm5
+        vpxor	%ymm10, %ymm6, %ymm6
+        vpxor	%ymm11, %ymm7, %ymm7
+        vpxor	%ymm12, %ymm8, %ymm8
+        vpxor	%ymm13, %ymm9, %ymm9
+        # Row Mix
+        # Row 0
+        vpxor	%ymm15, %ymm5, %ymm10
+        vpxor	64(%rdi), %ymm6, %ymm11
+        vpxor	(%rax), %ymm7, %ymm12
+        vpxor	-64(%rcx), %ymm8, %ymm13
+        vpxor	128(%rcx), %ymm9, %ymm14
+        vpsrlq	$20, %ymm11, %ymm0
+        vpsrlq	$21, %ymm12, %ymm1
+        vpsrlq	$43, %ymm13, %ymm2
+        vpsrlq	$50, %ymm14, %ymm3
+        vpsllq	$44, %ymm11, %ymm11
+        vpsllq	$43, %ymm12, %ymm12
+        vpsllq	$21, %ymm13, %ymm13
+        vpsllq	$14, %ymm14, %ymm14
+        vpor	%ymm0, %ymm11, %ymm11
+        vpor	%ymm1, %ymm12, %ymm12
+        vpor	%ymm2, %ymm13, %ymm13
+        vpor	%ymm3, %ymm14, %ymm14
+        vpandn	%ymm12, %ymm11, %ymm15
+        vpandn	%ymm13, %ymm12, %ymm1
+        vpandn	%ymm14, %ymm13, %ymm2
+        vpandn	%ymm10, %ymm14, %ymm3
+        vpandn	%ymm11, %ymm10, %ymm4
+        vpxor	%ymm10, %ymm15, %ymm15
+        vpxor	%ymm11, %ymm1, %ymm1
+        vpxor	%ymm12, %ymm2, %ymm2
+        # XOR in constant
+        vpxor	(%rdx), %ymm15, %ymm15
+        vpxor	%ymm13, %ymm3, %ymm3
+        vpxor	%ymm14, %ymm4, %ymm4
+        vmovdqu	%ymm1, 64(%rdi)
+        vmovdqu	%ymm2, (%rax)
+        vmovdqu	%ymm3, -64(%rcx)
+        vmovdqu	%ymm4, 128(%rcx)
+        # Row 1
+        vpxor	-32(%rdi), %ymm8, %ymm10
+        vpxor	-96(%rax), %ymm9, %ymm11
+        vpxor	-64(%rax), %ymm5, %ymm12
+        vpxor	128(%rax), %ymm6, %ymm13
+        vpxor	64(%rcx), %ymm7, %ymm14
+        vpsrlq	$36, %ymm10, %ymm0
+        vpsrlq	$44, %ymm11, %ymm1
+        vpsrlq	$61, %ymm12, %ymm2
+        vpsrlq	$19, %ymm13, %ymm3
+        vpsrlq	$3, %ymm14, %ymm4
+        vpsllq	$28, %ymm10, %ymm10
+        vpsllq	$20, %ymm11, %ymm11
+        vpsllq	$3, %ymm12, %ymm12
+        vpsllq	$45, %ymm13, %ymm13
+        vpsllq	$61, %ymm14, %ymm14
+        vpor	%ymm0, %ymm10, %ymm10
+        vpor	%ymm1, %ymm11, %ymm11
+        vpor	%ymm2, %ymm12, %ymm12
+        vpor	%ymm3, %ymm13, %ymm13
+        vpor	%ymm4, %ymm14, %ymm14
+        vpandn	%ymm12, %ymm11, %ymm0
+        vpandn	%ymm13, %ymm12, %ymm1
+        vpandn	%ymm14, %ymm13, %ymm2
+        vpandn	%ymm10, %ymm14, %ymm3
+        vpandn	%ymm11, %ymm10, %ymm4
+        vpxor	%ymm10, %ymm0, %ymm0
+        vpxor	%ymm11, %ymm1, %ymm1
+        vpxor	%ymm12, %ymm2, %ymm2
+        vpxor	%ymm13, %ymm3, %ymm3
+        vpxor	%ymm14, %ymm4, %ymm4
+        vmovdqu	%ymm0, -32(%rdi)
+        vmovdqu	%ymm1, -96(%rax)
+        vmovdqu	%ymm2, -64(%rax)
+        vmovdqu	%ymm3, 128(%rax)
+        vmovdqu	%ymm4, 64(%rcx)
+        # Row 2
+        vpxor	-96(%rdi), %ymm6, %ymm10
+        vpxor	96(%rdi), %ymm7, %ymm11
+        vpxor	32(%rax), %ymm8, %ymm12
+        vpxor	-32(%rcx), %ymm9, %ymm13
+        vpxor	(%rcx), %ymm5, %ymm14
+        vpsrlq	$63, %ymm10, %ymm0
+        vpsrlq	$58, %ymm11, %ymm1
+        vpsrlq	$39, %ymm12, %ymm2
+        vpsrlq	$56, %ymm13, %ymm3
+        vpsrlq	$46, %ymm14, %ymm4
+        vpaddq	%ymm10, %ymm10, %ymm10
+        vpsllq	$6, %ymm11, %ymm11
+        vpsllq	$25, %ymm12, %ymm12
+        vpsllq	$8, %ymm13, %ymm13
+        vpsllq	$18, %ymm14, %ymm14
+        vpor	%ymm0, %ymm10, %ymm10
+        vpor	%ymm1, %ymm11, %ymm11
+        vpor	%ymm2, %ymm12, %ymm12
+        vpor	%ymm3, %ymm13, %ymm13
+        vpor	%ymm4, %ymm14, %ymm14
+        vpandn	%ymm12, %ymm11, %ymm0
+        vpandn	%ymm13, %ymm12, %ymm1
+        vpandn	%ymm14, %ymm13, %ymm2
+        vpandn	%ymm10, %ymm14, %ymm3
+        vpandn	%ymm11, %ymm10, %ymm4
+        vpxor	%ymm10, %ymm0, %ymm0
+        vpxor	%ymm11, %ymm1, %ymm1
+        vpxor	%ymm12, %ymm2, %ymm2
+        vpxor	%ymm13, %ymm3, %ymm3
+        vpxor	%ymm14, %ymm4, %ymm4
+        vmovdqu	%ymm0, -96(%rdi)
+        vmovdqu	%ymm1, 96(%rdi)
+        vmovdqu	%ymm2, 32(%rax)
+        vmovdqu	%ymm3, -32(%rcx)
+        vmovdqu	%ymm4, (%rcx)
+        # Row 3
+        vpxor	(%rdi), %ymm9, %ymm10
+        vpxor	32(%rdi), %ymm5, %ymm11
+        vpxor	-32(%rax), %ymm6, %ymm12
+        vpxor	-96(%rcx), %ymm7, %ymm13
+        vpxor	96(%rcx), %ymm8, %ymm14
+        vpsrlq	$37, %ymm10, %ymm0
+        vpsrlq	$28, %ymm11, %ymm1
+        vpsrlq	$54, %ymm12, %ymm2
+        vpsrlq	$49, %ymm13, %ymm3
+        vpsrlq	$8, %ymm14, %ymm4
+        vpsllq	$27, %ymm10, %ymm10
+        vpsllq	$36, %ymm11, %ymm11
+        vpsllq	$10, %ymm12, %ymm12
+        vpsllq	$15, %ymm13, %ymm13
+        vpsllq	$56, %ymm14, %ymm14
+        vpor	%ymm0, %ymm10, %ymm10
+        vpor	%ymm1, %ymm11, %ymm11
+        vpor	%ymm2, %ymm12, %ymm12
+        vpor	%ymm3, %ymm13, %ymm13
+        vpor	%ymm4, %ymm14, %ymm14
+        vpandn	%ymm12, %ymm11, %ymm0
+        vpandn	%ymm13, %ymm12, %ymm1
+        vpandn	%ymm14, %ymm13, %ymm2
+        vpandn	%ymm10, %ymm14, %ymm3
+        vpandn	%ymm11, %ymm10, %ymm4
+        vpxor	%ymm10, %ymm0, %ymm0
+        vpxor	%ymm11, %ymm1, %ymm1
+        vpxor	%ymm12, %ymm2, %ymm2
+        vpxor	%ymm13, %ymm3, %ymm3
+        vpxor	%ymm14, %ymm4, %ymm4
+        vmovdqu	%ymm0, (%rdi)
+        vmovdqu	%ymm1, 32(%rdi)
+        vmovdqu	%ymm2, -32(%rax)
+        vmovdqu	%ymm3, -96(%rcx)
+        vmovdqu	%ymm4, 96(%rcx)
+        # Row 4
+        vpxor	-64(%rdi), %ymm7, %ymm10
+        vpxor	128(%rdi), %ymm8, %ymm11
+        vpxor	64(%rax), %ymm9, %ymm12
+        vpxor	96(%rax), %ymm5, %ymm13
+        vpxor	32(%rcx), %ymm6, %ymm14
+        vpsrlq	$2, %ymm10, %ymm0
+        vpsrlq	$9, %ymm11, %ymm1
+        vpsrlq	$25, %ymm12, %ymm2
+        vpsrlq	$23, %ymm13, %ymm3
+        vpsrlq	$62, %ymm14, %ymm4
+        vpsllq	$62, %ymm10, %ymm10
+        vpsllq	$55, %ymm11, %ymm11
+        vpsllq	$39, %ymm12, %ymm12
+        vpsllq	$41, %ymm13, %ymm13
+        vpsllq	$2, %ymm14, %ymm14
+        vpor	%ymm0, %ymm10, %ymm10
+        vpor	%ymm1, %ymm11, %ymm11
+        vpor	%ymm2, %ymm12, %ymm12
+        vpor	%ymm3, %ymm13, %ymm13
+        vpor	%ymm4, %ymm14, %ymm14
+        vpandn	%ymm12, %ymm11, %ymm0
+        vpandn	%ymm13, %ymm12, %ymm1
+        vpandn	%ymm14, %ymm13, %ymm2
+        vpandn	%ymm10, %ymm14, %ymm3
+        vpandn	%ymm11, %ymm10, %ymm4
+        vpxor	%ymm10, %ymm0, %ymm0
+        vpxor	%ymm11, %ymm1, %ymm1
+        vpxor	%ymm12, %ymm2, %ymm2
+        vpxor	%ymm13, %ymm3, %ymm3
+        vpxor	%ymm14, %ymm4, %ymm4
+        vmovdqu	%ymm0, -64(%rdi)
+        vmovdqu	%ymm1, 128(%rdi)
+        vmovdqu	%ymm2, 64(%rax)
+        vmovdqu	%ymm3, 96(%rax)
+        vmovdqu	%ymm4, 32(%rcx)
+        # Round 1
+        # Calc b[0..4]
+        vpxor	%ymm15, %ymm0, %ymm10
+        vpxor	-96(%rdi), %ymm10, %ymm10
+        vpxor	-32(%rdi), %ymm10, %ymm10
+        vpxor	(%rdi), %ymm10, %ymm10
+        vpxor	32(%rdi), %ymm1, %ymm11
+        vpxor	64(%rdi), %ymm11, %ymm11
+        vpxor	96(%rdi), %ymm11, %ymm11
+        vpxor	-96(%rax), %ymm11, %ymm11
+        vpxor	-64(%rax), %ymm2, %ymm12
+        vpxor	-32(%rax), %ymm12, %ymm12
+        vpxor	(%rax), %ymm12, %ymm12
+        vpxor	32(%rax), %ymm12, %ymm12
+        vpxor	128(%rax), %ymm3, %ymm13
+        vpxor	-96(%rcx), %ymm13, %ymm13
+        vpxor	-64(%rcx), %ymm13, %ymm13
+        vpxor	-32(%rcx), %ymm13, %ymm13
+        vpxor	(%rcx), %ymm4, %ymm14
+        vpxor	64(%rcx), %ymm14, %ymm14
+        vpxor	96(%rcx), %ymm14, %ymm14
+        vpxor	128(%rcx), %ymm14, %ymm14
+        # Calc t[0..4]
+        vpsrlq	$63, %ymm11, %ymm0
+        vpsrlq	$63, %ymm12, %ymm1
+        vpsrlq	$63, %ymm13, %ymm2
+        vpsrlq	$63, %ymm14, %ymm3
+        vpsrlq	$63, %ymm10, %ymm4
+        vpaddq	%ymm11, %ymm11, %ymm5
+        vpaddq	%ymm12, %ymm12, %ymm6
+        vpaddq	%ymm13, %ymm13, %ymm7
+        vpaddq	%ymm14, %ymm14, %ymm8
+        vpaddq	%ymm10, %ymm10, %ymm9
+        vpor	%ymm0, %ymm5, %ymm5
+        vpor	%ymm1, %ymm6, %ymm6
+        vpor	%ymm2, %ymm7, %ymm7
+        vpor	%ymm3, %ymm8, %ymm8
+        vpor	%ymm4, %ymm9, %ymm9
+        vpxor	%ymm14, %ymm5, %ymm5
+        vpxor	%ymm10, %ymm6, %ymm6
+        vpxor	%ymm11, %ymm7, %ymm7
+        vpxor	%ymm12, %ymm8, %ymm8
+        vpxor	%ymm13, %ymm9, %ymm9
+        # Row Mix
+        # Row 0
+        vpxor	%ymm15, %ymm5, %ymm10
+        vpxor	-96(%rax), %ymm6, %ymm11
+        vpxor	32(%rax), %ymm7, %ymm12
+        vpxor	-96(%rcx), %ymm8, %ymm13
+        vpxor	32(%rcx), %ymm9, %ymm14
+        vpsrlq	$20, %ymm11, %ymm0
+        vpsrlq	$21, %ymm12, %ymm1
+        vpsrlq	$43, %ymm13, %ymm2
+        vpsrlq	$50, %ymm14, %ymm3
+        vpsllq	$44, %ymm11, %ymm11
+        vpsllq	$43, %ymm12, %ymm12
+        vpsllq	$21, %ymm13, %ymm13
+        vpsllq	$14, %ymm14, %ymm14
+        vpor	%ymm0, %ymm11, %ymm11
+        vpor	%ymm1, %ymm12, %ymm12
+        vpor	%ymm2, %ymm13, %ymm13
+        vpor	%ymm3, %ymm14, %ymm14
+        vpandn	%ymm12, %ymm11, %ymm15
+        vpandn	%ymm13, %ymm12, %ymm1
+        vpandn	%ymm14, %ymm13, %ymm2
+        vpandn	%ymm10, %ymm14, %ymm3
+        vpandn	%ymm11, %ymm10, %ymm4
+        vpxor	%ymm10, %ymm15, %ymm15
+        vpxor	%ymm11, %ymm1, %ymm1
+        vpxor	%ymm12, %ymm2, %ymm2
+        # XOR in constant
+        vpxor	32(%rdx), %ymm15, %ymm15
+        vpxor	%ymm13, %ymm3, %ymm3
+        vpxor	%ymm14, %ymm4, %ymm4
+        vmovdqu	%ymm1, -96(%rax)
+        vmovdqu	%ymm2, 32(%rax)
+        vmovdqu	%ymm3, -96(%rcx)
+        vmovdqu	%ymm4, 32(%rcx)
+        # Row 1
+        vpxor	-64(%rcx), %ymm8, %ymm10
+        vpxor	64(%rcx), %ymm9, %ymm11
+        vpxor	-96(%rdi), %ymm5, %ymm12
+        vpxor	32(%rdi), %ymm6, %ymm13
+        vpxor	64(%rax), %ymm7, %ymm14
+        vpsrlq	$36, %ymm10, %ymm0
+        vpsrlq	$44, %ymm11, %ymm1
+        vpsrlq	$61, %ymm12, %ymm2
+        vpsrlq	$19, %ymm13, %ymm3
+        vpsrlq	$3, %ymm14, %ymm4
+        vpsllq	$28, %ymm10, %ymm10
+        vpsllq	$20, %ymm11, %ymm11
+        vpsllq	$3, %ymm12, %ymm12
+        vpsllq	$45, %ymm13, %ymm13
+        vpsllq	$61, %ymm14, %ymm14
+        vpor	%ymm0, %ymm10, %ymm10
+        vpor	%ymm1, %ymm11, %ymm11
+        vpor	%ymm2, %ymm12, %ymm12
+        vpor	%ymm3, %ymm13, %ymm13
+        vpor	%ymm4, %ymm14, %ymm14
+        vpandn	%ymm12, %ymm11, %ymm0
+        vpandn	%ymm13, %ymm12, %ymm1
+        vpandn	%ymm14, %ymm13, %ymm2
+        vpandn	%ymm10, %ymm14, %ymm3
+        vpandn	%ymm11, %ymm10, %ymm4
+        vpxor	%ymm10, %ymm0, %ymm0
+        vpxor	%ymm11, %ymm1, %ymm1
+        vpxor	%ymm12, %ymm2, %ymm2
+        vpxor	%ymm13, %ymm3, %ymm3
+        vpxor	%ymm14, %ymm4, %ymm4
+        vmovdqu	%ymm0, -64(%rcx)
+        vmovdqu	%ymm1, 64(%rcx)
+        vmovdqu	%ymm2, -96(%rdi)
+        vmovdqu	%ymm3, 32(%rdi)
+        vmovdqu	%ymm4, 64(%rax)
+        # Row 2
+        vpxor	64(%rdi), %ymm6, %ymm10
+        vpxor	-64(%rax), %ymm7, %ymm11
+        vpxor	-32(%rcx), %ymm8, %ymm12
+        vpxor	96(%rcx), %ymm9, %ymm13
+        vpxor	-64(%rdi), %ymm5, %ymm14
+        vpsrlq	$63, %ymm10, %ymm0
+        vpsrlq	$58, %ymm11, %ymm1
+        vpsrlq	$39, %ymm12, %ymm2
+        vpsrlq	$56, %ymm13, %ymm3
+        vpsrlq	$46, %ymm14, %ymm4
+        vpaddq	%ymm10, %ymm10, %ymm10
+        vpsllq	$6, %ymm11, %ymm11
+        vpsllq	$25, %ymm12, %ymm12
+        vpsllq	$8, %ymm13, %ymm13
+        vpsllq	$18, %ymm14, %ymm14
+        vpor	%ymm0, %ymm10, %ymm10
+        vpor	%ymm1, %ymm11, %ymm11
+        vpor	%ymm2, %ymm12, %ymm12
+        vpor	%ymm3, %ymm13, %ymm13
+        vpor	%ymm4, %ymm14, %ymm14
+        vpandn	%ymm12, %ymm11, %ymm0
+        vpandn	%ymm13, %ymm12, %ymm1
+        vpandn	%ymm14, %ymm13, %ymm2
+        vpandn	%ymm10, %ymm14, %ymm3
+        vpandn	%ymm11, %ymm10, %ymm4
+        vpxor	%ymm10, %ymm0, %ymm0
+        vpxor	%ymm11, %ymm1, %ymm1
+        vpxor	%ymm12, %ymm2, %ymm2
+        vpxor	%ymm13, %ymm3, %ymm3
+        vpxor	%ymm14, %ymm4, %ymm4
+        vmovdqu	%ymm0, 64(%rdi)
+        vmovdqu	%ymm1, -64(%rax)
+        vmovdqu	%ymm2, -32(%rcx)
+        vmovdqu	%ymm3, 96(%rcx)
+        vmovdqu	%ymm4, -64(%rdi)
+        # Row 3
+        vpxor	128(%rcx), %ymm9, %ymm10
+        vpxor	-32(%rdi), %ymm5, %ymm11
+        vpxor	96(%rdi), %ymm6, %ymm12
+        vpxor	-32(%rax), %ymm7, %ymm13
+        vpxor	96(%rax), %ymm8, %ymm14
+        vpsrlq	$37, %ymm10, %ymm0
+        vpsrlq	$28, %ymm11, %ymm1
+        vpsrlq	$54, %ymm12, %ymm2
+        vpsrlq	$49, %ymm13, %ymm3
+        vpsrlq	$8, %ymm14, %ymm4
+        vpsllq	$27, %ymm10, %ymm10
+        vpsllq	$36, %ymm11, %ymm11
+        vpsllq	$10, %ymm12, %ymm12
+        vpsllq	$15, %ymm13, %ymm13
+        vpsllq	$56, %ymm14, %ymm14
+        vpor	%ymm0, %ymm10, %ymm10
+        vpor	%ymm1, %ymm11, %ymm11
+        vpor	%ymm2, %ymm12, %ymm12
+        vpor	%ymm3, %ymm13, %ymm13
+        vpor	%ymm4, %ymm14, %ymm14
+        vpandn	%ymm12, %ymm11, %ymm0
+        vpandn	%ymm13, %ymm12, %ymm1
+        vpandn	%ymm14, %ymm13, %ymm2
+        vpandn	%ymm10, %ymm14, %ymm3
+        vpandn	%ymm11, %ymm10, %ymm4
+        vpxor	%ymm10, %ymm0, %ymm0
+        vpxor	%ymm11, %ymm1, %ymm1
+        vpxor	%ymm12, %ymm2, %ymm2
+        vpxor	%ymm13, %ymm3, %ymm3
+        vpxor	%ymm14, %ymm4, %ymm4
+        vmovdqu	%ymm0, 128(%rcx)
+        vmovdqu	%ymm1, -32(%rdi)
+        vmovdqu	%ymm2, 96(%rdi)
+        vmovdqu	%ymm3, -32(%rax)
+        vmovdqu	%ymm4, 96(%rax)
+        # Row 4
+        vpxor	(%rax), %ymm7, %ymm10
+        vpxor	128(%rax), %ymm8, %ymm11
+        vpxor	(%rcx), %ymm9, %ymm12
+        vpxor	(%rdi), %ymm5, %ymm13
+        vpxor	128(%rdi), %ymm6, %ymm14
+        vpsrlq	$2, %ymm10, %ymm0
+        vpsrlq	$9, %ymm11, %ymm1
+        vpsrlq	$25, %ymm12, %ymm2
+        vpsrlq	$23, %ymm13, %ymm3
+        vpsrlq	$62, %ymm14, %ymm4
+        vpsllq	$62, %ymm10, %ymm10
+        vpsllq	$55, %ymm11, %ymm11
+        vpsllq	$39, %ymm12, %ymm12
+        vpsllq	$41, %ymm13, %ymm13
+        vpsllq	$2, %ymm14, %ymm14
+        vpor	%ymm0, %ymm10, %ymm10
+        vpor	%ymm1, %ymm11, %ymm11
+        vpor	%ymm2, %ymm12, %ymm12
+        vpor	%ymm3, %ymm13, %ymm13
+        vpor	%ymm4, %ymm14, %ymm14
+        vpandn	%ymm12, %ymm11, %ymm0
+        vpandn	%ymm13, %ymm12, %ymm1
+        vpandn	%ymm14, %ymm13, %ymm2
+        vpandn	%ymm10, %ymm14, %ymm3
+        vpandn	%ymm11, %ymm10, %ymm4
+        vpxor	%ymm10, %ymm0, %ymm0
+        vpxor	%ymm11, %ymm1, %ymm1
+        vpxor	%ymm12, %ymm2, %ymm2
+        vpxor	%ymm13, %ymm3, %ymm3
+        vpxor	%ymm14, %ymm4, %ymm4
+        vmovdqu	%ymm0, (%rax)
+        vmovdqu	%ymm1, 128(%rax)
+        vmovdqu	%ymm2, (%rcx)
+        vmovdqu	%ymm3, (%rdi)
+        vmovdqu	%ymm4, 128(%rdi)
+        # Round 2
+        # Calc b[0..4]
+        vpxor	%ymm15, %ymm0, %ymm10
+        vpxor	-96(%rdi), %ymm2, %ymm12
+        vpxor	-64(%rdi), %ymm4, %ymm14
+        vpxor	-32(%rdi), %ymm1, %ymm11
+        vpxor	32(%rdi), %ymm3, %ymm13
+        vpxor	64(%rdi), %ymm10, %ymm10
+        vpxor	96(%rdi), %ymm12, %ymm12
+        vpxor	-96(%rax), %ymm11, %ymm11
+        vpxor	-64(%rax), %ymm11, %ymm11
+        vpxor	-32(%rax), %ymm13, %ymm13
+        vpxor	32(%rax), %ymm12, %ymm12
+        vpxor	64(%rax), %ymm14, %ymm14
+        vpxor	96(%rax), %ymm14, %ymm14
+        vpxor	-96(%rcx), %ymm13, %ymm13
+        vpxor	-64(%rcx), %ymm10, %ymm10
+        vpxor	-32(%rcx), %ymm12, %ymm12
+        vpxor	32(%rcx), %ymm14, %ymm14
+        vpxor	64(%rcx), %ymm11, %ymm11
+        vpxor	96(%rcx), %ymm13, %ymm13
+        vpxor	128(%rcx), %ymm10, %ymm10
+        # Calc t[0..4]
+        vpsrlq	$63, %ymm11, %ymm0
+        vpsrlq	$63, %ymm12, %ymm1
+        vpsrlq	$63, %ymm13, %ymm2
+        vpsrlq	$63, %ymm14, %ymm3
+        vpsrlq	$63, %ymm10, %ymm4
+        vpaddq	%ymm11, %ymm11, %ymm5
+        vpaddq	%ymm12, %ymm12, %ymm6
+        vpaddq	%ymm13, %ymm13, %ymm7
+        vpaddq	%ymm14, %ymm14, %ymm8
+        vpaddq	%ymm10, %ymm10, %ymm9
+        vpor	%ymm0, %ymm5, %ymm5
+        vpor	%ymm1, %ymm6, %ymm6
+        vpor	%ymm2, %ymm7, %ymm7
+        vpor	%ymm3, %ymm8, %ymm8
+        vpor	%ymm4, %ymm9, %ymm9
+        vpxor	%ymm14, %ymm5, %ymm5
+        vpxor	%ymm10, %ymm6, %ymm6
+        vpxor	%ymm11, %ymm7, %ymm7
+        vpxor	%ymm12, %ymm8, %ymm8
+        vpxor	%ymm13, %ymm9, %ymm9
+        # Row Mix
+        # Row 0
+        vpxor	%ymm15, %ymm5, %ymm10
+        vpxor	64(%rcx), %ymm6, %ymm11
+        vpxor	-32(%rcx), %ymm7, %ymm12
+        vpxor	-32(%rax), %ymm8, %ymm13
+        vpxor	128(%rdi), %ymm9, %ymm14
+        vpsrlq	$20, %ymm11, %ymm0
+        vpsrlq	$21, %ymm12, %ymm1
+        vpsrlq	$43, %ymm13, %ymm2
+        vpsrlq	$50, %ymm14, %ymm3
+        vpsllq	$44, %ymm11, %ymm11
+        vpsllq	$43, %ymm12, %ymm12
+        vpsllq	$21, %ymm13, %ymm13
+        vpsllq	$14, %ymm14, %ymm14
+        vpor	%ymm0, %ymm11, %ymm11
+        vpor	%ymm1, %ymm12, %ymm12
+        vpor	%ymm2, %ymm13, %ymm13
+        vpor	%ymm3, %ymm14, %ymm14
+        vpandn	%ymm12, %ymm11, %ymm15
+        vpandn	%ymm13, %ymm12, %ymm1
+        vpandn	%ymm14, %ymm13, %ymm2
+        vpandn	%ymm10, %ymm14, %ymm3
+        vpandn	%ymm11, %ymm10, %ymm4
+        vpxor	%ymm10, %ymm15, %ymm15
+        vpxor	%ymm11, %ymm1, %ymm1
+        vpxor	%ymm12, %ymm2, %ymm2
+        # XOR in constant
+        vpxor	64(%rdx), %ymm15, %ymm15
+        vpxor	%ymm13, %ymm3, %ymm3
+        vpxor	%ymm14, %ymm4, %ymm4
+        vmovdqu	%ymm1, 64(%rcx)
+        vmovdqu	%ymm2, -32(%rcx)
+        vmovdqu	%ymm3, -32(%rax)
+        vmovdqu	%ymm4, 128(%rdi)
+        # Row 1
+        vpxor	-96(%rcx), %ymm8, %ymm10
+        vpxor	64(%rax), %ymm9, %ymm11
+        vpxor	64(%rdi), %ymm5, %ymm12
+        vpxor	-32(%rdi), %ymm6, %ymm13
+        vpxor	(%rcx), %ymm7, %ymm14
+        vpsrlq	$36, %ymm10, %ymm0
+        vpsrlq	$44, %ymm11, %ymm1
+        vpsrlq	$61, %ymm12, %ymm2
+        vpsrlq	$19, %ymm13, %ymm3
+        vpsrlq	$3, %ymm14, %ymm4
+        vpsllq	$28, %ymm10, %ymm10
+        vpsllq	$20, %ymm11, %ymm11
+        vpsllq	$3, %ymm12, %ymm12
+        vpsllq	$45, %ymm13, %ymm13
+        vpsllq	$61, %ymm14, %ymm14
+        vpor	%ymm0, %ymm10, %ymm10
+        vpor	%ymm1, %ymm11, %ymm11
+        vpor	%ymm2, %ymm12, %ymm12
+        vpor	%ymm3, %ymm13, %ymm13
+        vpor	%ymm4, %ymm14, %ymm14
+        vpandn	%ymm12, %ymm11, %ymm0
+        vpandn	%ymm13, %ymm12, %ymm1
+        vpandn	%ymm14, %ymm13, %ymm2
+        vpandn	%ymm10, %ymm14, %ymm3
+        vpandn	%ymm11, %ymm10, %ymm4
+        vpxor	%ymm10, %ymm0, %ymm0
+        vpxor	%ymm11, %ymm1, %ymm1
+        vpxor	%ymm12, %ymm2, %ymm2
+        vpxor	%ymm13, %ymm3, %ymm3
+        vpxor	%ymm14, %ymm4, %ymm4
+        vmovdqu	%ymm0, -96(%rcx)
+        vmovdqu	%ymm1, 64(%rax)
+        vmovdqu	%ymm2, 64(%rdi)
+        vmovdqu	%ymm3, -32(%rdi)
+        vmovdqu	%ymm4, (%rcx)
+        # Row 2
+        vpxor	-96(%rax), %ymm6, %ymm10
+        vpxor	-96(%rdi), %ymm7, %ymm11
+        vpxor	96(%rcx), %ymm8, %ymm12
+        vpxor	96(%rax), %ymm9, %ymm13
+        vpxor	(%rax), %ymm5, %ymm14
+        vpsrlq	$63, %ymm10, %ymm0
+        vpsrlq	$58, %ymm11, %ymm1
+        vpsrlq	$39, %ymm12, %ymm2
+        vpsrlq	$56, %ymm13, %ymm3
+        vpsrlq	$46, %ymm14, %ymm4
+        vpaddq	%ymm10, %ymm10, %ymm10
+        vpsllq	$6, %ymm11, %ymm11
+        vpsllq	$25, %ymm12, %ymm12
+        vpsllq	$8, %ymm13, %ymm13
+        vpsllq	$18, %ymm14, %ymm14
+        vpor	%ymm0, %ymm10, %ymm10
+        vpor	%ymm1, %ymm11, %ymm11
+        vpor	%ymm2, %ymm12, %ymm12
+        vpor	%ymm3, %ymm13, %ymm13
+        vpor	%ymm4, %ymm14, %ymm14
+        vpandn	%ymm12, %ymm11, %ymm0
+        vpandn	%ymm13, %ymm12, %ymm1
+        vpandn	%ymm14, %ymm13, %ymm2
+        vpandn	%ymm10, %ymm14, %ymm3
+        vpandn	%ymm11, %ymm10, %ymm4
+        vpxor	%ymm10, %ymm0, %ymm0
+        vpxor	%ymm11, %ymm1, %ymm1
+        vpxor	%ymm12, %ymm2, %ymm2
+        vpxor	%ymm13, %ymm3, %ymm3
+        vpxor	%ymm14, %ymm4, %ymm4
+        vmovdqu	%ymm0, -96(%rax)
+        vmovdqu	%ymm1, -96(%rdi)
+        vmovdqu	%ymm2, 96(%rcx)
+        vmovdqu	%ymm3, 96(%rax)
+        vmovdqu	%ymm4, (%rax)
+        # Row 3
+        vpxor	32(%rcx), %ymm9, %ymm10
+        vpxor	-64(%rcx), %ymm5, %ymm11
+        vpxor	-64(%rax), %ymm6, %ymm12
+        vpxor	96(%rdi), %ymm7, %ymm13
+        vpxor	(%rdi), %ymm8, %ymm14
+        vpsrlq	$37, %ymm10, %ymm0
+        vpsrlq	$28, %ymm11, %ymm1
+        vpsrlq	$54, %ymm12, %ymm2
+        vpsrlq	$49, %ymm13, %ymm3
+        vpsrlq	$8, %ymm14, %ymm4
+        vpsllq	$27, %ymm10, %ymm10
+        vpsllq	$36, %ymm11, %ymm11
+        vpsllq	$10, %ymm12, %ymm12
+        vpsllq	$15, %ymm13, %ymm13
+        vpsllq	$56, %ymm14, %ymm14
+        vpor	%ymm0, %ymm10, %ymm10
+        vpor	%ymm1, %ymm11, %ymm11
+        vpor	%ymm2, %ymm12, %ymm12
+        vpor	%ymm3, %ymm13, %ymm13
+        vpor	%ymm4, %ymm14, %ymm14
+        vpandn	%ymm12, %ymm11, %ymm0
+        vpandn	%ymm13, %ymm12, %ymm1
+        vpandn	%ymm14, %ymm13, %ymm2
+        vpandn	%ymm10, %ymm14, %ymm3
+        vpandn	%ymm11, %ymm10, %ymm4
+        vpxor	%ymm10, %ymm0, %ymm0
+        vpxor	%ymm11, %ymm1, %ymm1
+        vpxor	%ymm12, %ymm2, %ymm2
+        vpxor	%ymm13, %ymm3, %ymm3
+        vpxor	%ymm14, %ymm4, %ymm4
+        vmovdqu	%ymm0, 32(%rcx)
+        vmovdqu	%ymm1, -64(%rcx)
+        vmovdqu	%ymm2, -64(%rax)
+        vmovdqu	%ymm3, 96(%rdi)
+        vmovdqu	%ymm4, (%rdi)
+        # Row 4
+        vpxor	32(%rax), %ymm7, %ymm10
+        vpxor	32(%rdi), %ymm8, %ymm11
+        vpxor	-64(%rdi), %ymm9, %ymm12
+        vpxor	128(%rcx), %ymm5, %ymm13
+        vpxor	128(%rax), %ymm6, %ymm14
+        vpsrlq	$2, %ymm10, %ymm0
+        vpsrlq	$9, %ymm11, %ymm1
+        vpsrlq	$25, %ymm12, %ymm2
+        vpsrlq	$23, %ymm13, %ymm3
+        vpsrlq	$62, %ymm14, %ymm4
+        vpsllq	$62, %ymm10, %ymm10
+        vpsllq	$55, %ymm11, %ymm11
+        vpsllq	$39, %ymm12, %ymm12
+        vpsllq	$41, %ymm13, %ymm13
+        vpsllq	$2, %ymm14, %ymm14
+        vpor	%ymm0, %ymm10, %ymm10
+        vpor	%ymm1, %ymm11, %ymm11
+        vpor	%ymm2, %ymm12, %ymm12
+        vpor	%ymm3, %ymm13, %ymm13
+        vpor	%ymm4, %ymm14, %ymm14
+        vpandn	%ymm12, %ymm11, %ymm0
+        vpandn	%ymm13, %ymm12, %ymm1
+        vpandn	%ymm14, %ymm13, %ymm2
+        vpandn	%ymm10, %ymm14, %ymm3
+        vpandn	%ymm11, %ymm10, %ymm4
+        vpxor	%ymm10, %ymm0, %ymm0
+        vpxor	%ymm11, %ymm1, %ymm1
+        vpxor	%ymm12, %ymm2, %ymm2
+        vpxor	%ymm13, %ymm3, %ymm3
+        vpxor	%ymm14, %ymm4, %ymm4
+        vmovdqu	%ymm0, 32(%rax)
+        vmovdqu	%ymm1, 32(%rdi)
+        vmovdqu	%ymm2, -64(%rdi)
+        vmovdqu	%ymm3, 128(%rcx)
+        vmovdqu	%ymm4, 128(%rax)
+        # Round 3
+        # Calc b[0..4]
+        vpxor	%ymm15, %ymm0, %ymm10
+        vpxor	-96(%rdi), %ymm1, %ymm11
+        vpxor	-32(%rdi), %ymm3, %ymm13
+        vpxor	(%rdi), %ymm4, %ymm14
+        vpxor	64(%rdi), %ymm2, %ymm12
+        vpxor	96(%rdi), %ymm13, %ymm13
+        vpxor	128(%rdi), %ymm14, %ymm14
+        vpxor	-96(%rax), %ymm10, %ymm10
+        vpxor	-64(%rax), %ymm12, %ymm12
+        vpxor	-32(%rax), %ymm13, %ymm13
+        vpxor	(%rax), %ymm14, %ymm14
+        vpxor	64(%rax), %ymm11, %ymm11
+        vpxor	96(%rax), %ymm13, %ymm13
+        vpxor	-96(%rcx), %ymm10, %ymm10
+        vpxor	-64(%rcx), %ymm11, %ymm11
+        vpxor	-32(%rcx), %ymm12, %ymm12
+        vpxor	(%rcx), %ymm14, %ymm14
+        vpxor	32(%rcx), %ymm10, %ymm10
+        vpxor	64(%rcx), %ymm11, %ymm11
+        vpxor	96(%rcx), %ymm12, %ymm12
+        # Calc t[0..4]
+        vpsrlq	$63, %ymm11, %ymm0
+        vpsrlq	$63, %ymm12, %ymm1
+        vpsrlq	$63, %ymm13, %ymm2
+        vpsrlq	$63, %ymm14, %ymm3
+        vpsrlq	$63, %ymm10, %ymm4
+        vpaddq	%ymm11, %ymm11, %ymm5
+        vpaddq	%ymm12, %ymm12, %ymm6
+        vpaddq	%ymm13, %ymm13, %ymm7
+        vpaddq	%ymm14, %ymm14, %ymm8
+        vpaddq	%ymm10, %ymm10, %ymm9
+        vpor	%ymm0, %ymm5, %ymm5
+        vpor	%ymm1, %ymm6, %ymm6
+        vpor	%ymm2, %ymm7, %ymm7
+        vpor	%ymm3, %ymm8, %ymm8
+        vpor	%ymm4, %ymm9, %ymm9
+        vpxor	%ymm14, %ymm5, %ymm5
+        vpxor	%ymm10, %ymm6, %ymm6
+        vpxor	%ymm11, %ymm7, %ymm7
+        vpxor	%ymm12, %ymm8, %ymm8
+        vpxor	%ymm13, %ymm9, %ymm9
+        # Row Mix
+        # Row 0
+        vpxor	%ymm15, %ymm5, %ymm10
+        vpxor	64(%rax), %ymm6, %ymm11
+        vpxor	96(%rcx), %ymm7, %ymm12
+        vpxor	96(%rdi), %ymm8, %ymm13
+        vpxor	128(%rax), %ymm9, %ymm14
+        vpsrlq	$20, %ymm11, %ymm0
+        vpsrlq	$21, %ymm12, %ymm1
+        vpsrlq	$43, %ymm13, %ymm2
+        vpsrlq	$50, %ymm14, %ymm3
+        vpsllq	$44, %ymm11, %ymm11
+        vpsllq	$43, %ymm12, %ymm12
+        vpsllq	$21, %ymm13, %ymm13
+        vpsllq	$14, %ymm14, %ymm14
+        vpor	%ymm0, %ymm11, %ymm11
+        vpor	%ymm1, %ymm12, %ymm12
+        vpor	%ymm2, %ymm13, %ymm13
+        vpor	%ymm3, %ymm14, %ymm14
+        vpandn	%ymm12, %ymm11, %ymm15
+        vpandn	%ymm13, %ymm12, %ymm1
+        vpandn	%ymm14, %ymm13, %ymm2
+        vpandn	%ymm10, %ymm14, %ymm3
+        vpandn	%ymm11, %ymm10, %ymm4
+        vpxor	%ymm10, %ymm15, %ymm15
+        vpxor	%ymm11, %ymm1, %ymm1
+        vpxor	%ymm12, %ymm2, %ymm2
+        # XOR in constant
+        vpxor	96(%rdx), %ymm15, %ymm15
+        vpxor	%ymm13, %ymm3, %ymm3
+        vpxor	%ymm14, %ymm4, %ymm4
+        vmovdqu	%ymm1, 64(%rax)
+        vmovdqu	%ymm2, 96(%rcx)
+        vmovdqu	%ymm3, 96(%rdi)
+        vmovdqu	%ymm4, 128(%rax)
+        # Row 1
+        vpxor	-32(%rax), %ymm8, %ymm10
+        vpxor	(%rcx), %ymm9, %ymm11
+        vpxor	-96(%rax), %ymm5, %ymm12
+        vpxor	-64(%rcx), %ymm6, %ymm13
+        vpxor	-64(%rdi), %ymm7, %ymm14
+        vpsrlq	$36, %ymm10, %ymm0
+        vpsrlq	$44, %ymm11, %ymm1
+        vpsrlq	$61, %ymm12, %ymm2
+        vpsrlq	$19, %ymm13, %ymm3
+        vpsrlq	$3, %ymm14, %ymm4
+        vpsllq	$28, %ymm10, %ymm10
+        vpsllq	$20, %ymm11, %ymm11
+        vpsllq	$3, %ymm12, %ymm12
+        vpsllq	$45, %ymm13, %ymm13
+        vpsllq	$61, %ymm14, %ymm14
+        vpor	%ymm0, %ymm10, %ymm10
+        vpor	%ymm1, %ymm11, %ymm11
+        vpor	%ymm2, %ymm12, %ymm12
+        vpor	%ymm3, %ymm13, %ymm13
+        vpor	%ymm4, %ymm14, %ymm14
+        vpandn	%ymm12, %ymm11, %ymm0
+        vpandn	%ymm13, %ymm12, %ymm1
+        vpandn	%ymm14, %ymm13, %ymm2
+        vpandn	%ymm10, %ymm14, %ymm3
+        vpandn	%ymm11, %ymm10, %ymm4
+        vpxor	%ymm10, %ymm0, %ymm0
+        vpxor	%ymm11, %ymm1, %ymm1
+        vpxor	%ymm12, %ymm2, %ymm2
+        vpxor	%ymm13, %ymm3, %ymm3
+        vpxor	%ymm14, %ymm4, %ymm4
+        vmovdqu	%ymm0, -32(%rax)
+        vmovdqu	%ymm1, (%rcx)
+        vmovdqu	%ymm2, -96(%rax)
+        vmovdqu	%ymm3, -64(%rcx)
+        vmovdqu	%ymm4, -64(%rdi)
+        # Row 2
+        vpxor	64(%rcx), %ymm6, %ymm10
+        vpxor	64(%rdi), %ymm7, %ymm11
+        vpxor	96(%rax), %ymm8, %ymm12
+        vpxor	(%rdi), %ymm9, %ymm13
+        vpxor	32(%rax), %ymm5, %ymm14
+        vpsrlq	$63, %ymm10, %ymm0
+        vpsrlq	$58, %ymm11, %ymm1
+        vpsrlq	$39, %ymm12, %ymm2
+        vpsrlq	$56, %ymm13, %ymm3
+        vpsrlq	$46, %ymm14, %ymm4
+        vpaddq	%ymm10, %ymm10, %ymm10
+        vpsllq	$6, %ymm11, %ymm11
+        vpsllq	$25, %ymm12, %ymm12
+        vpsllq	$8, %ymm13, %ymm13
+        vpsllq	$18, %ymm14, %ymm14
+        vpor	%ymm0, %ymm10, %ymm10
+        vpor	%ymm1, %ymm11, %ymm11
+        vpor	%ymm2, %ymm12, %ymm12
+        vpor	%ymm3, %ymm13, %ymm13
+        vpor	%ymm4, %ymm14, %ymm14
+        vpandn	%ymm12, %ymm11, %ymm0
+        vpandn	%ymm13, %ymm12, %ymm1
+        vpandn	%ymm14, %ymm13, %ymm2
+        vpandn	%ymm10, %ymm14, %ymm3
+        vpandn	%ymm11, %ymm10, %ymm4
+        vpxor	%ymm10, %ymm0, %ymm0
+        vpxor	%ymm11, %ymm1, %ymm1
+        vpxor	%ymm12, %ymm2, %ymm2
+        vpxor	%ymm13, %ymm3, %ymm3
+        vpxor	%ymm14, %ymm4, %ymm4
+        vmovdqu	%ymm0, 64(%rcx)
+        vmovdqu	%ymm1, 64(%rdi)
+        vmovdqu	%ymm2, 96(%rax)
+        vmovdqu	%ymm3, (%rdi)
+        vmovdqu	%ymm4, 32(%rax)
+        # Row 3
+        vpxor	128(%rdi), %ymm9, %ymm10
+        vpxor	-96(%rcx), %ymm5, %ymm11
+        vpxor	-96(%rdi), %ymm6, %ymm12
+        vpxor	-64(%rax), %ymm7, %ymm13
+        vpxor	128(%rcx), %ymm8, %ymm14
+        vpsrlq	$37, %ymm10, %ymm0
+        vpsrlq	$28, %ymm11, %ymm1
+        vpsrlq	$54, %ymm12, %ymm2
+        vpsrlq	$49, %ymm13, %ymm3
+        vpsrlq	$8, %ymm14, %ymm4
+        vpsllq	$27, %ymm10, %ymm10
+        vpsllq	$36, %ymm11, %ymm11
+        vpsllq	$10, %ymm12, %ymm12
+        vpsllq	$15, %ymm13, %ymm13
+        vpsllq	$56, %ymm14, %ymm14
+        vpor	%ymm0, %ymm10, %ymm10
+        vpor	%ymm1, %ymm11, %ymm11
+        vpor	%ymm2, %ymm12, %ymm12
+        vpor	%ymm3, %ymm13, %ymm13
+        vpor	%ymm4, %ymm14, %ymm14
+        vpandn	%ymm12, %ymm11, %ymm0
+        vpandn	%ymm13, %ymm12, %ymm1
+        vpandn	%ymm14, %ymm13, %ymm2
+        vpandn	%ymm10, %ymm14, %ymm3
+        vpandn	%ymm11, %ymm10, %ymm4
+        vpxor	%ymm10, %ymm0, %ymm0
+        vpxor	%ymm11, %ymm1, %ymm1
+        vpxor	%ymm12, %ymm2, %ymm2
+        vpxor	%ymm13, %ymm3, %ymm3
+        vpxor	%ymm14, %ymm4, %ymm4
+        vmovdqu	%ymm0, 128(%rdi)
+        vmovdqu	%ymm1, -96(%rcx)
+        vmovdqu	%ymm2, -96(%rdi)
+        vmovdqu	%ymm3, -64(%rax)
+        vmovdqu	%ymm4, 128(%rcx)
+        # Row 4
+        vpxor	-32(%rcx), %ymm7, %ymm10
+        vpxor	-32(%rdi), %ymm8, %ymm11
+        vpxor	(%rax), %ymm9, %ymm12
+        vpxor	32(%rcx), %ymm5, %ymm13
+        vpxor	32(%rdi), %ymm6, %ymm14
+        vpsrlq	$2, %ymm10, %ymm0
+        vpsrlq	$9, %ymm11, %ymm1
+        vpsrlq	$25, %ymm12, %ymm2
+        vpsrlq	$23, %ymm13, %ymm3
+        vpsrlq	$62, %ymm14, %ymm4
+        vpsllq	$62, %ymm10, %ymm10
+        vpsllq	$55, %ymm11, %ymm11
+        vpsllq	$39, %ymm12, %ymm12
+        vpsllq	$41, %ymm13, %ymm13
+        vpsllq	$2, %ymm14, %ymm14
+        vpor	%ymm0, %ymm10, %ymm10
+        vpor	%ymm1, %ymm11, %ymm11
+        vpor	%ymm2, %ymm12, %ymm12
+        vpor	%ymm3, %ymm13, %ymm13
+        vpor	%ymm4, %ymm14, %ymm14
+        vpandn	%ymm12, %ymm11, %ymm0
+        vpandn	%ymm13, %ymm12, %ymm1
+        vpandn	%ymm14, %ymm13, %ymm2
+        vpandn	%ymm10, %ymm14, %ymm3
+        vpandn	%ymm11, %ymm10, %ymm4
+        vpxor	%ymm10, %ymm0, %ymm0
+        vpxor	%ymm11, %ymm1, %ymm1
+        vpxor	%ymm12, %ymm2, %ymm2
+        vpxor	%ymm13, %ymm3, %ymm3
+        vpxor	%ymm14, %ymm4, %ymm4
+        vmovdqu	%ymm0, -32(%rcx)
+        vmovdqu	%ymm1, -32(%rdi)
+        vmovdqu	%ymm2, (%rax)
+        vmovdqu	%ymm3, 32(%rcx)
+        vmovdqu	%ymm4, 32(%rdi)
+        # Round 4
+        # Calc b[0..4]
+        vpxor	%ymm15, %ymm0, %ymm10
+        vpxor	-96(%rdi), %ymm2, %ymm12
+        vpxor	-64(%rdi), %ymm4, %ymm14
+        vpxor	(%rdi), %ymm3, %ymm13
+        vpxor	64(%rdi), %ymm1, %ymm11
+        vpxor	96(%rdi), %ymm13, %ymm13
+        vpxor	128(%rdi), %ymm10, %ymm10
+        vpxor	-96(%rax), %ymm12, %ymm12
+        vpxor	-64(%rax), %ymm13, %ymm13
+        vpxor	-32(%rax), %ymm10, %ymm10
+        vpxor	32(%rax), %ymm14, %ymm14
+        vpxor	64(%rax), %ymm11, %ymm11
+        vpxor	96(%rax), %ymm12, %ymm12
+        vpxor	128(%rax), %ymm14, %ymm14
+        vpxor	-96(%rcx), %ymm11, %ymm11
+        vpxor	-64(%rcx), %ymm13, %ymm13
+        vpxor	(%rcx), %ymm11, %ymm11
+        vpxor	64(%rcx), %ymm10, %ymm10
+        vpxor	96(%rcx), %ymm12, %ymm12
+        vpxor	128(%rcx), %ymm14, %ymm14
+        # Calc t[0..4]
+        vpsrlq	$63, %ymm11, %ymm0
+        vpsrlq	$63, %ymm12, %ymm1
+        vpsrlq	$63, %ymm13, %ymm2
+        vpsrlq	$63, %ymm14, %ymm3
+        vpsrlq	$63, %ymm10, %ymm4
+        vpaddq	%ymm11, %ymm11, %ymm5
+        vpaddq	%ymm12, %ymm12, %ymm6
+        vpaddq	%ymm13, %ymm13, %ymm7
+        vpaddq	%ymm14, %ymm14, %ymm8
+        vpaddq	%ymm10, %ymm10, %ymm9
+        vpor	%ymm0, %ymm5, %ymm5
+        vpor	%ymm1, %ymm6, %ymm6
+        vpor	%ymm2, %ymm7, %ymm7
+        vpor	%ymm3, %ymm8, %ymm8
+        vpor	%ymm4, %ymm9, %ymm9
+        vpxor	%ymm14, %ymm5, %ymm5
+        vpxor	%ymm10, %ymm6, %ymm6
+        vpxor	%ymm11, %ymm7, %ymm7
+        vpxor	%ymm12, %ymm8, %ymm8
+        vpxor	%ymm13, %ymm9, %ymm9
+        # Row Mix
+        # Row 0
+        vpxor	%ymm15, %ymm5, %ymm10
+        vpxor	(%rcx), %ymm6, %ymm11
+        vpxor	96(%rax), %ymm7, %ymm12
+        vpxor	-64(%rax), %ymm8, %ymm13
+        vpxor	32(%rdi), %ymm9, %ymm14
+        vpsrlq	$20, %ymm11, %ymm0
+        vpsrlq	$21, %ymm12, %ymm1
+        vpsrlq	$43, %ymm13, %ymm2
+        vpsrlq	$50, %ymm14, %ymm3
+        vpsllq	$44, %ymm11, %ymm11
+        vpsllq	$43, %ymm12, %ymm12
+        vpsllq	$21, %ymm13, %ymm13
+        vpsllq	$14, %ymm14, %ymm14
+        vpor	%ymm0, %ymm11, %ymm11
+        vpor	%ymm1, %ymm12, %ymm12
+        vpor	%ymm2, %ymm13, %ymm13
+        vpor	%ymm3, %ymm14, %ymm14
+        vpandn	%ymm12, %ymm11, %ymm15
+        vpandn	%ymm13, %ymm12, %ymm1
+        vpandn	%ymm14, %ymm13, %ymm2
+        vpandn	%ymm10, %ymm14, %ymm3
+        vpandn	%ymm11, %ymm10, %ymm4
+        vpxor	%ymm10, %ymm15, %ymm15
+        vpxor	%ymm11, %ymm1, %ymm1
+        vpxor	%ymm12, %ymm2, %ymm2
+        # XOR in constant
+        vpxor	128(%rdx), %ymm15, %ymm15
+        vpxor	%ymm13, %ymm3, %ymm3
+        vpxor	%ymm14, %ymm4, %ymm4
+        vmovdqu	%ymm1, (%rcx)
+        vmovdqu	%ymm2, 96(%rax)
+        vmovdqu	%ymm3, -64(%rax)
+        vmovdqu	%ymm4, 32(%rdi)
+        # Row 1
+        vpxor	96(%rdi), %ymm8, %ymm10
+        vpxor	-64(%rdi), %ymm9, %ymm11
+        vpxor	64(%rcx), %ymm5, %ymm12
+        vpxor	-96(%rcx), %ymm6, %ymm13
+        vpxor	(%rax), %ymm7, %ymm14
+        vpsrlq	$36, %ymm10, %ymm0
+        vpsrlq	$44, %ymm11, %ymm1
+        vpsrlq	$61, %ymm12, %ymm2
+        vpsrlq	$19, %ymm13, %ymm3
+        vpsrlq	$3, %ymm14, %ymm4
+        vpsllq	$28, %ymm10, %ymm10
+        vpsllq	$20, %ymm11, %ymm11
+        vpsllq	$3, %ymm12, %ymm12
+        vpsllq	$45, %ymm13, %ymm13
+        vpsllq	$61, %ymm14, %ymm14
+        vpor	%ymm0, %ymm10, %ymm10
+        vpor	%ymm1, %ymm11, %ymm11
+        vpor	%ymm2, %ymm12, %ymm12
+        vpor	%ymm3, %ymm13, %ymm13
+        vpor	%ymm4, %ymm14, %ymm14
+        vpandn	%ymm12, %ymm11, %ymm0
+        vpandn	%ymm13, %ymm12, %ymm1
+        vpandn	%ymm14, %ymm13, %ymm2
+        vpandn	%ymm10, %ymm14, %ymm3
+        vpandn	%ymm11, %ymm10, %ymm4
+        vpxor	%ymm10, %ymm0, %ymm0
+        vpxor	%ymm11, %ymm1, %ymm1
+        vpxor	%ymm12, %ymm2, %ymm2
+        vpxor	%ymm13, %ymm3, %ymm3
+        vpxor	%ymm14, %ymm4, %ymm4
+        vmovdqu	%ymm0, 96(%rdi)
+        vmovdqu	%ymm1, -64(%rdi)
+        vmovdqu	%ymm2, 64(%rcx)
+        vmovdqu	%ymm3, -96(%rcx)
+        vmovdqu	%ymm4, (%rax)
+        # Row 2
+        vpxor	64(%rax), %ymm6, %ymm10
+        vpxor	-96(%rax), %ymm7, %ymm11
+        vpxor	(%rdi), %ymm8, %ymm12
+        vpxor	128(%rcx), %ymm9, %ymm13
+        vpxor	-32(%rcx), %ymm5, %ymm14
+        vpsrlq	$63, %ymm10, %ymm0
+        vpsrlq	$58, %ymm11, %ymm1
+        vpsrlq	$39, %ymm12, %ymm2
+        vpsrlq	$56, %ymm13, %ymm3
+        vpsrlq	$46, %ymm14, %ymm4
+        vpaddq	%ymm10, %ymm10, %ymm10
+        vpsllq	$6, %ymm11, %ymm11
+        vpsllq	$25, %ymm12, %ymm12
+        vpsllq	$8, %ymm13, %ymm13
+        vpsllq	$18, %ymm14, %ymm14
+        vpor	%ymm0, %ymm10, %ymm10
+        vpor	%ymm1, %ymm11, %ymm11
+        vpor	%ymm2, %ymm12, %ymm12
+        vpor	%ymm3, %ymm13, %ymm13
+        vpor	%ymm4, %ymm14, %ymm14
+        vpandn	%ymm12, %ymm11, %ymm0
+        vpandn	%ymm13, %ymm12, %ymm1
+        vpandn	%ymm14, %ymm13, %ymm2
+        vpandn	%ymm10, %ymm14, %ymm3
+        vpandn	%ymm11, %ymm10, %ymm4
+        vpxor	%ymm10, %ymm0, %ymm0
+        vpxor	%ymm11, %ymm1, %ymm1
+        vpxor	%ymm12, %ymm2, %ymm2
+        vpxor	%ymm13, %ymm3, %ymm3
+        vpxor	%ymm14, %ymm4, %ymm4
+        vmovdqu	%ymm0, 64(%rax)
+        vmovdqu	%ymm1, -96(%rax)
+        vmovdqu	%ymm2, (%rdi)
+        vmovdqu	%ymm3, 128(%rcx)
+        vmovdqu	%ymm4, -32(%rcx)
+        # Row 3
+        vpxor	128(%rax), %ymm9, %ymm10
+        vpxor	-32(%rax), %ymm5, %ymm11
+        vpxor	64(%rdi), %ymm6, %ymm12
+        vpxor	-96(%rdi), %ymm7, %ymm13
+        vpxor	32(%rcx), %ymm8, %ymm14
+        vpsrlq	$37, %ymm10, %ymm0
+        vpsrlq	$28, %ymm11, %ymm1
+        vpsrlq	$54, %ymm12, %ymm2
+        vpsrlq	$49, %ymm13, %ymm3
+        vpsrlq	$8, %ymm14, %ymm4
+        vpsllq	$27, %ymm10, %ymm10
+        vpsllq	$36, %ymm11, %ymm11
+        vpsllq	$10, %ymm12, %ymm12
+        vpsllq	$15, %ymm13, %ymm13
+        vpsllq	$56, %ymm14, %ymm14
+        vpor	%ymm0, %ymm10, %ymm10
+        vpor	%ymm1, %ymm11, %ymm11
+        vpor	%ymm2, %ymm12, %ymm12
+        vpor	%ymm3, %ymm13, %ymm13
+        vpor	%ymm4, %ymm14, %ymm14
+        vpandn	%ymm12, %ymm11, %ymm0
+        vpandn	%ymm13, %ymm12, %ymm1
+        vpandn	%ymm14, %ymm13, %ymm2
+        vpandn	%ymm10, %ymm14, %ymm3
+        vpandn	%ymm11, %ymm10, %ymm4
+        vpxor	%ymm10, %ymm0, %ymm0
+        vpxor	%ymm11, %ymm1, %ymm1
+        vpxor	%ymm12, %ymm2, %ymm2
+        vpxor	%ymm13, %ymm3, %ymm3
+        vpxor	%ymm14, %ymm4, %ymm4
+        vmovdqu	%ymm0, 128(%rax)
+        vmovdqu	%ymm1, -32(%rax)
+        vmovdqu	%ymm2, 64(%rdi)
+        vmovdqu	%ymm3, -96(%rdi)
+        vmovdqu	%ymm4, 32(%rcx)
+        # Row 4
+        vpxor	96(%rcx), %ymm7, %ymm10
+        vpxor	-64(%rcx), %ymm8, %ymm11
+        vpxor	32(%rax), %ymm9, %ymm12
+        vpxor	128(%rdi), %ymm5, %ymm13
+        vpxor	-32(%rdi), %ymm6, %ymm14
+        vpsrlq	$2, %ymm10, %ymm0
+        vpsrlq	$9, %ymm11, %ymm1
+        vpsrlq	$25, %ymm12, %ymm2
+        vpsrlq	$23, %ymm13, %ymm3
+        vpsrlq	$62, %ymm14, %ymm4
+        vpsllq	$62, %ymm10, %ymm10
+        vpsllq	$55, %ymm11, %ymm11
+        vpsllq	$39, %ymm12, %ymm12
+        vpsllq	$41, %ymm13, %ymm13
+        vpsllq	$2, %ymm14, %ymm14
+        vpor	%ymm0, %ymm10, %ymm10
+        vpor	%ymm1, %ymm11, %ymm11
+        vpor	%ymm2, %ymm12, %ymm12
+        vpor	%ymm3, %ymm13, %ymm13
+        vpor	%ymm4, %ymm14, %ymm14
+        vpandn	%ymm12, %ymm11, %ymm0
+        vpandn	%ymm13, %ymm12, %ymm1
+        vpandn	%ymm14, %ymm13, %ymm2
+        vpandn	%ymm10, %ymm14, %ymm3
+        vpandn	%ymm11, %ymm10, %ymm4
+        vpxor	%ymm10, %ymm0, %ymm0
+        vpxor	%ymm11, %ymm1, %ymm1
+        vpxor	%ymm12, %ymm2, %ymm2
+        vpxor	%ymm13, %ymm3, %ymm3
+        vpxor	%ymm14, %ymm4, %ymm4
+        vmovdqu	%ymm0, 96(%rcx)
+        vmovdqu	%ymm1, -64(%rcx)
+        vmovdqu	%ymm2, 32(%rax)
+        vmovdqu	%ymm3, 128(%rdi)
+        vmovdqu	%ymm4, -32(%rdi)
+        # Round 5
+        # Calc b[0..4]
+        vpxor	%ymm15, %ymm0, %ymm10
+        vpxor	-96(%rdi), %ymm3, %ymm13
+        vpxor	-64(%rdi), %ymm1, %ymm11
+        vpxor	(%rdi), %ymm2, %ymm12
+        vpxor	32(%rdi), %ymm4, %ymm14
+        vpxor	64(%rdi), %ymm12, %ymm12
+        vpxor	96(%rdi), %ymm10, %ymm10
+        vpxor	-96(%rax), %ymm11, %ymm11
+        vpxor	-64(%rax), %ymm13, %ymm13
+        vpxor	-32(%rax), %ymm11, %ymm11
+        vpxor	(%rax), %ymm14, %ymm14
+        vpxor	64(%rax), %ymm10, %ymm10
+        vpxor	96(%rax), %ymm12, %ymm12
+        vpxor	128(%rax), %ymm10, %ymm10
+        vpxor	-96(%rcx), %ymm13, %ymm13
+        vpxor	-32(%rcx), %ymm14, %ymm14
+        vpxor	(%rcx), %ymm11, %ymm11
+        vpxor	32(%rcx), %ymm14, %ymm14
+        vpxor	64(%rcx), %ymm12, %ymm12
+        vpxor	128(%rcx), %ymm13, %ymm13
+        # Calc t[0..4]
+        vpsrlq	$63, %ymm11, %ymm0
+        vpsrlq	$63, %ymm12, %ymm1
+        vpsrlq	$63, %ymm13, %ymm2
+        vpsrlq	$63, %ymm14, %ymm3
+        vpsrlq	$63, %ymm10, %ymm4
+        vpaddq	%ymm11, %ymm11, %ymm5
+        vpaddq	%ymm12, %ymm12, %ymm6
+        vpaddq	%ymm13, %ymm13, %ymm7
+        vpaddq	%ymm14, %ymm14, %ymm8
+        vpaddq	%ymm10, %ymm10, %ymm9
+        vpor	%ymm0, %ymm5, %ymm5
+        vpor	%ymm1, %ymm6, %ymm6
+        vpor	%ymm2, %ymm7, %ymm7
+        vpor	%ymm3, %ymm8, %ymm8
+        vpor	%ymm4, %ymm9, %ymm9
+        vpxor	%ymm14, %ymm5, %ymm5
+        vpxor	%ymm10, %ymm6, %ymm6
+        vpxor	%ymm11, %ymm7, %ymm7
+        vpxor	%ymm12, %ymm8, %ymm8
+        vpxor	%ymm13, %ymm9, %ymm9
+        # Row Mix
+        # Row 0
+        vpxor	%ymm15, %ymm5, %ymm10
+        vpxor	-64(%rdi), %ymm6, %ymm11
+        vpxor	(%rdi), %ymm7, %ymm12
+        vpxor	-96(%rdi), %ymm8, %ymm13
+        vpxor	-32(%rdi), %ymm9, %ymm14
+        vpsrlq	$20, %ymm11, %ymm0
+        vpsrlq	$21, %ymm12, %ymm1
+        vpsrlq	$43, %ymm13, %ymm2
+        vpsrlq	$50, %ymm14, %ymm3
+        vpsllq	$44, %ymm11, %ymm11
+        vpsllq	$43, %ymm12, %ymm12
+        vpsllq	$21, %ymm13, %ymm13
+        vpsllq	$14, %ymm14, %ymm14
+        vpor	%ymm0, %ymm11, %ymm11
+        vpor	%ymm1, %ymm12, %ymm12
+        vpor	%ymm2, %ymm13, %ymm13
+        vpor	%ymm3, %ymm14, %ymm14
+        vpandn	%ymm12, %ymm11, %ymm15
+        vpandn	%ymm13, %ymm12, %ymm1
+        vpandn	%ymm14, %ymm13, %ymm2
+        vpandn	%ymm10, %ymm14, %ymm3
+        vpandn	%ymm11, %ymm10, %ymm4
+        vpxor	%ymm10, %ymm15, %ymm15
+        vpxor	%ymm11, %ymm1, %ymm1
+        vpxor	%ymm12, %ymm2, %ymm2
+        # XOR in constant
+        vpxor	160(%rdx), %ymm15, %ymm15
+        vpxor	%ymm13, %ymm3, %ymm3
+        vpxor	%ymm14, %ymm4, %ymm4
+        vmovdqu	%ymm1, -64(%rdi)
+        vmovdqu	%ymm2, (%rdi)
+        vmovdqu	%ymm3, -96(%rdi)
+        vmovdqu	%ymm4, -32(%rdi)
+        # Row 1
+        vpxor	-64(%rax), %ymm8, %ymm10
+        vpxor	(%rax), %ymm9, %ymm11
+        vpxor	64(%rax), %ymm5, %ymm12
+        vpxor	-32(%rax), %ymm6, %ymm13
+        vpxor	32(%rax), %ymm7, %ymm14
+        vpsrlq	$36, %ymm10, %ymm0
+        vpsrlq	$44, %ymm11, %ymm1
+        vpsrlq	$61, %ymm12, %ymm2
+        vpsrlq	$19, %ymm13, %ymm3
+        vpsrlq	$3, %ymm14, %ymm4
+        vpsllq	$28, %ymm10, %ymm10
+        vpsllq	$20, %ymm11, %ymm11
+        vpsllq	$3, %ymm12, %ymm12
+        vpsllq	$45, %ymm13, %ymm13
+        vpsllq	$61, %ymm14, %ymm14
+        vpor	%ymm0, %ymm10, %ymm10
+        vpor	%ymm1, %ymm11, %ymm11
+        vpor	%ymm2, %ymm12, %ymm12
+        vpor	%ymm3, %ymm13, %ymm13
+        vpor	%ymm4, %ymm14, %ymm14
+        vpandn	%ymm12, %ymm11, %ymm0
+        vpandn	%ymm13, %ymm12, %ymm1
+        vpandn	%ymm14, %ymm13, %ymm2
+        vpandn	%ymm10, %ymm14, %ymm3
+        vpandn	%ymm11, %ymm10, %ymm4
+        vpxor	%ymm10, %ymm0, %ymm0
+        vpxor	%ymm11, %ymm1, %ymm1
+        vpxor	%ymm12, %ymm2, %ymm2
+        vpxor	%ymm13, %ymm3, %ymm3
+        vpxor	%ymm14, %ymm4, %ymm4
+        vmovdqu	%ymm0, -64(%rax)
+        vmovdqu	%ymm1, (%rax)
+        vmovdqu	%ymm2, 64(%rax)
+        vmovdqu	%ymm3, -32(%rax)
+        vmovdqu	%ymm4, 32(%rax)
+        # Row 2
+        vpxor	(%rcx), %ymm6, %ymm10
+        vpxor	64(%rcx), %ymm7, %ymm11
+        vpxor	128(%rcx), %ymm8, %ymm12
+        vpxor	32(%rcx), %ymm9, %ymm13
+        vpxor	96(%rcx), %ymm5, %ymm14
+        vpsrlq	$63, %ymm10, %ymm0
+        vpsrlq	$58, %ymm11, %ymm1
+        vpsrlq	$39, %ymm12, %ymm2
+        vpsrlq	$56, %ymm13, %ymm3
+        vpsrlq	$46, %ymm14, %ymm4
+        vpaddq	%ymm10, %ymm10, %ymm10
+        vpsllq	$6, %ymm11, %ymm11
+        vpsllq	$25, %ymm12, %ymm12
+        vpsllq	$8, %ymm13, %ymm13
+        vpsllq	$18, %ymm14, %ymm14
+        vpor	%ymm0, %ymm10, %ymm10
+        vpor	%ymm1, %ymm11, %ymm11
+        vpor	%ymm2, %ymm12, %ymm12
+        vpor	%ymm3, %ymm13, %ymm13
+        vpor	%ymm4, %ymm14, %ymm14
+        vpandn	%ymm12, %ymm11, %ymm0
+        vpandn	%ymm13, %ymm12, %ymm1
+        vpandn	%ymm14, %ymm13, %ymm2
+        vpandn	%ymm10, %ymm14, %ymm3
+        vpandn	%ymm11, %ymm10, %ymm4
+        vpxor	%ymm10, %ymm0, %ymm0
+        vpxor	%ymm11, %ymm1, %ymm1
+        vpxor	%ymm12, %ymm2, %ymm2
+        vpxor	%ymm13, %ymm3, %ymm3
+        vpxor	%ymm14, %ymm4, %ymm4
+        vmovdqu	%ymm0, (%rcx)
+        vmovdqu	%ymm1, 64(%rcx)
+        vmovdqu	%ymm2, 128(%rcx)
+        vmovdqu	%ymm3, 32(%rcx)
+        vmovdqu	%ymm4, 96(%rcx)
+        # Row 3
+        vpxor	32(%rdi), %ymm9, %ymm10
+        vpxor	96(%rdi), %ymm5, %ymm11
+        vpxor	-96(%rax), %ymm6, %ymm12
+        vpxor	64(%rdi), %ymm7, %ymm13
+        vpxor	128(%rdi), %ymm8, %ymm14
+        vpsrlq	$37, %ymm10, %ymm0
+        vpsrlq	$28, %ymm11, %ymm1
+        vpsrlq	$54, %ymm12, %ymm2
+        vpsrlq	$49, %ymm13, %ymm3
+        vpsrlq	$8, %ymm14, %ymm4
+        vpsllq	$27, %ymm10, %ymm10
+        vpsllq	$36, %ymm11, %ymm11
+        vpsllq	$10, %ymm12, %ymm12
+        vpsllq	$15, %ymm13, %ymm13
+        vpsllq	$56, %ymm14, %ymm14
+        vpor	%ymm0, %ymm10, %ymm10
+        vpor	%ymm1, %ymm11, %ymm11
+        vpor	%ymm2, %ymm12, %ymm12
+        vpor	%ymm3, %ymm13, %ymm13
+        vpor	%ymm4, %ymm14, %ymm14
+        vpandn	%ymm12, %ymm11, %ymm0
+        vpandn	%ymm13, %ymm12, %ymm1
+        vpandn	%ymm14, %ymm13, %ymm2
+        vpandn	%ymm10, %ymm14, %ymm3
+        vpandn	%ymm11, %ymm10, %ymm4
+        vpxor	%ymm10, %ymm0, %ymm0
+        vpxor	%ymm11, %ymm1, %ymm1
+        vpxor	%ymm12, %ymm2, %ymm2
+        vpxor	%ymm13, %ymm3, %ymm3
+        vpxor	%ymm14, %ymm4, %ymm4
+        vmovdqu	%ymm0, 32(%rdi)
+        vmovdqu	%ymm1, 96(%rdi)
+        vmovdqu	%ymm2, -96(%rax)
+        vmovdqu	%ymm3, 64(%rdi)
+        vmovdqu	%ymm4, 128(%rdi)
+        # Row 4
+        vpxor	96(%rax), %ymm7, %ymm10
+        vpxor	-96(%rcx), %ymm8, %ymm11
+        vpxor	-32(%rcx), %ymm9, %ymm12
+        vpxor	128(%rax), %ymm5, %ymm13
+        vpxor	-64(%rcx), %ymm6, %ymm14
+        vpsrlq	$2, %ymm10, %ymm0
+        vpsrlq	$9, %ymm11, %ymm1
+        vpsrlq	$25, %ymm12, %ymm2
+        vpsrlq	$23, %ymm13, %ymm3
+        vpsrlq	$62, %ymm14, %ymm4
+        vpsllq	$62, %ymm10, %ymm10
+        vpsllq	$55, %ymm11, %ymm11
+        vpsllq	$39, %ymm12, %ymm12
+        vpsllq	$41, %ymm13, %ymm13
+        vpsllq	$2, %ymm14, %ymm14
+        vpor	%ymm0, %ymm10, %ymm10
+        vpor	%ymm1, %ymm11, %ymm11
+        vpor	%ymm2, %ymm12, %ymm12
+        vpor	%ymm3, %ymm13, %ymm13
+        vpor	%ymm4, %ymm14, %ymm14
+        vpandn	%ymm12, %ymm11, %ymm0
+        vpandn	%ymm13, %ymm12, %ymm1
+        vpandn	%ymm14, %ymm13, %ymm2
+        vpandn	%ymm10, %ymm14, %ymm3
+        vpandn	%ymm11, %ymm10, %ymm4
+        vpxor	%ymm10, %ymm0, %ymm0
+        vpxor	%ymm11, %ymm1, %ymm1
+        vpxor	%ymm12, %ymm2, %ymm2
+        vpxor	%ymm13, %ymm3, %ymm3
+        vpxor	%ymm14, %ymm4, %ymm4
+        vmovdqu	%ymm0, 96(%rax)
+        vmovdqu	%ymm1, -96(%rcx)
+        vmovdqu	%ymm2, -32(%rcx)
+        vmovdqu	%ymm3, 128(%rax)
+        vmovdqu	%ymm4, -64(%rcx)
+        # Round 6
+        # Calc b[0..4]
+        vpxor	%ymm15, %ymm0, %ymm10
+        vpxor	-96(%rdi), %ymm3, %ymm13
+        vpxor	-64(%rdi), %ymm1, %ymm11
+        vpxor	-32(%rdi), %ymm4, %ymm14
+        vpxor	(%rdi), %ymm2, %ymm12
+        vpxor	32(%rdi), %ymm10, %ymm10
+        vpxor	64(%rdi), %ymm13, %ymm13
+        vpxor	96(%rdi), %ymm11, %ymm11
+        vpxor	128(%rdi), %ymm14, %ymm14
+        vpxor	-96(%rax), %ymm12, %ymm12
+        vpxor	-64(%rax), %ymm10, %ymm10
+        vpxor	-32(%rax), %ymm13, %ymm13
+        vpxor	(%rax), %ymm11, %ymm11
+        vpxor	32(%rax), %ymm14, %ymm14
+        vpxor	64(%rax), %ymm12, %ymm12
+        vpxor	(%rcx), %ymm10, %ymm10
+        vpxor	32(%rcx), %ymm13, %ymm13
+        vpxor	64(%rcx), %ymm11, %ymm11
+        vpxor	96(%rcx), %ymm14, %ymm14
+        vpxor	128(%rcx), %ymm12, %ymm12
+        # Calc t[0..4]
+        vpsrlq	$63, %ymm11, %ymm0
+        vpsrlq	$63, %ymm12, %ymm1
+        vpsrlq	$63, %ymm13, %ymm2
+        vpsrlq	$63, %ymm14, %ymm3
+        vpsrlq	$63, %ymm10, %ymm4
+        vpaddq	%ymm11, %ymm11, %ymm5
+        vpaddq	%ymm12, %ymm12, %ymm6
+        vpaddq	%ymm13, %ymm13, %ymm7
+        vpaddq	%ymm14, %ymm14, %ymm8
+        vpaddq	%ymm10, %ymm10, %ymm9
+        vpor	%ymm0, %ymm5, %ymm5
+        vpor	%ymm1, %ymm6, %ymm6
+        vpor	%ymm2, %ymm7, %ymm7
+        vpor	%ymm3, %ymm8, %ymm8
+        vpor	%ymm4, %ymm9, %ymm9
+        vpxor	%ymm14, %ymm5, %ymm5
+        vpxor	%ymm10, %ymm6, %ymm6
+        vpxor	%ymm11, %ymm7, %ymm7
+        vpxor	%ymm12, %ymm8, %ymm8
+        vpxor	%ymm13, %ymm9, %ymm9
+        # Row Mix
+        # Row 0
+        vpxor	%ymm15, %ymm5, %ymm10
+        vpxor	(%rax), %ymm6, %ymm11
+        vpxor	128(%rcx), %ymm7, %ymm12
+        vpxor	64(%rdi), %ymm8, %ymm13
+        vpxor	-64(%rcx), %ymm9, %ymm14
+        vpsrlq	$20, %ymm11, %ymm0
+        vpsrlq	$21, %ymm12, %ymm1
+        vpsrlq	$43, %ymm13, %ymm2
+        vpsrlq	$50, %ymm14, %ymm3
+        vpsllq	$44, %ymm11, %ymm11
+        vpsllq	$43, %ymm12, %ymm12
+        vpsllq	$21, %ymm13, %ymm13
+        vpsllq	$14, %ymm14, %ymm14
+        vpor	%ymm0, %ymm11, %ymm11
+        vpor	%ymm1, %ymm12, %ymm12
+        vpor	%ymm2, %ymm13, %ymm13
+        vpor	%ymm3, %ymm14, %ymm14
+        vpandn	%ymm12, %ymm11, %ymm15
+        vpandn	%ymm13, %ymm12, %ymm1
+        vpandn	%ymm14, %ymm13, %ymm2
+        vpandn	%ymm10, %ymm14, %ymm3
+        vpandn	%ymm11, %ymm10, %ymm4
+        vpxor	%ymm10, %ymm15, %ymm15
+        vpxor	%ymm11, %ymm1, %ymm1
+        vpxor	%ymm12, %ymm2, %ymm2
+        # XOR in constant
+        vpxor	192(%rdx), %ymm15, %ymm15
+        vpxor	%ymm13, %ymm3, %ymm3
+        vpxor	%ymm14, %ymm4, %ymm4
+        vmovdqu	%ymm1, (%rax)
+        vmovdqu	%ymm2, 128(%rcx)
+        vmovdqu	%ymm3, 64(%rdi)
+        vmovdqu	%ymm4, -64(%rcx)
+        # Row 1
+        vpxor	-96(%rdi), %ymm8, %ymm10
+        vpxor	32(%rax), %ymm9, %ymm11
+        vpxor	(%rcx), %ymm5, %ymm12
+        vpxor	96(%rdi), %ymm6, %ymm13
+        vpxor	-32(%rcx), %ymm7, %ymm14
+        vpsrlq	$36, %ymm10, %ymm0
+        vpsrlq	$44, %ymm11, %ymm1
+        vpsrlq	$61, %ymm12, %ymm2
+        vpsrlq	$19, %ymm13, %ymm3
+        vpsrlq	$3, %ymm14, %ymm4
+        vpsllq	$28, %ymm10, %ymm10
+        vpsllq	$20, %ymm11, %ymm11
+        vpsllq	$3, %ymm12, %ymm12
+        vpsllq	$45, %ymm13, %ymm13
+        vpsllq	$61, %ymm14, %ymm14
+        vpor	%ymm0, %ymm10, %ymm10
+        vpor	%ymm1, %ymm11, %ymm11
+        vpor	%ymm2, %ymm12, %ymm12
+        vpor	%ymm3, %ymm13, %ymm13
+        vpor	%ymm4, %ymm14, %ymm14
+        vpandn	%ymm12, %ymm11, %ymm0
+        vpandn	%ymm13, %ymm12, %ymm1
+        vpandn	%ymm14, %ymm13, %ymm2
+        vpandn	%ymm10, %ymm14, %ymm3
+        vpandn	%ymm11, %ymm10, %ymm4
+        vpxor	%ymm10, %ymm0, %ymm0
+        vpxor	%ymm11, %ymm1, %ymm1
+        vpxor	%ymm12, %ymm2, %ymm2
+        vpxor	%ymm13, %ymm3, %ymm3
+        vpxor	%ymm14, %ymm4, %ymm4
+        vmovdqu	%ymm0, -96(%rdi)
+        vmovdqu	%ymm1, 32(%rax)
+        vmovdqu	%ymm2, (%rcx)
+        vmovdqu	%ymm3, 96(%rdi)
+        vmovdqu	%ymm4, -32(%rcx)
+        # Row 2
+        vpxor	-64(%rdi), %ymm6, %ymm10
+        vpxor	64(%rax), %ymm7, %ymm11
+        vpxor	32(%rcx), %ymm8, %ymm12
+        vpxor	128(%rdi), %ymm9, %ymm13
+        vpxor	96(%rax), %ymm5, %ymm14
+        vpsrlq	$63, %ymm10, %ymm0
+        vpsrlq	$58, %ymm11, %ymm1
+        vpsrlq	$39, %ymm12, %ymm2
+        vpsrlq	$56, %ymm13, %ymm3
+        vpsrlq	$46, %ymm14, %ymm4
+        vpaddq	%ymm10, %ymm10, %ymm10
+        vpsllq	$6, %ymm11, %ymm11
+        vpsllq	$25, %ymm12, %ymm12
+        vpsllq	$8, %ymm13, %ymm13
+        vpsllq	$18, %ymm14, %ymm14
+        vpor	%ymm0, %ymm10, %ymm10
+        vpor	%ymm1, %ymm11, %ymm11
+        vpor	%ymm2, %ymm12, %ymm12
+        vpor	%ymm3, %ymm13, %ymm13
+        vpor	%ymm4, %ymm14, %ymm14
+        vpandn	%ymm12, %ymm11, %ymm0
+        vpandn	%ymm13, %ymm12, %ymm1
+        vpandn	%ymm14, %ymm13, %ymm2
+        vpandn	%ymm10, %ymm14, %ymm3
+        vpandn	%ymm11, %ymm10, %ymm4
+        vpxor	%ymm10, %ymm0, %ymm0
+        vpxor	%ymm11, %ymm1, %ymm1
+        vpxor	%ymm12, %ymm2, %ymm2
+        vpxor	%ymm13, %ymm3, %ymm3
+        vpxor	%ymm14, %ymm4, %ymm4
+        vmovdqu	%ymm0, -64(%rdi)
+        vmovdqu	%ymm1, 64(%rax)
+        vmovdqu	%ymm2, 32(%rcx)
+        vmovdqu	%ymm3, 128(%rdi)
+        vmovdqu	%ymm4, 96(%rax)
+        # Row 3
+        vpxor	-32(%rdi), %ymm9, %ymm10
+        vpxor	-64(%rax), %ymm5, %ymm11
+        vpxor	64(%rcx), %ymm6, %ymm12
+        vpxor	-96(%rax), %ymm7, %ymm13
+        vpxor	128(%rax), %ymm8, %ymm14
+        vpsrlq	$37, %ymm10, %ymm0
+        vpsrlq	$28, %ymm11, %ymm1
+        vpsrlq	$54, %ymm12, %ymm2
+        vpsrlq	$49, %ymm13, %ymm3
+        vpsrlq	$8, %ymm14, %ymm4
+        vpsllq	$27, %ymm10, %ymm10
+        vpsllq	$36, %ymm11, %ymm11
+        vpsllq	$10, %ymm12, %ymm12
+        vpsllq	$15, %ymm13, %ymm13
+        vpsllq	$56, %ymm14, %ymm14
+        vpor	%ymm0, %ymm10, %ymm10
+        vpor	%ymm1, %ymm11, %ymm11
+        vpor	%ymm2, %ymm12, %ymm12
+        vpor	%ymm3, %ymm13, %ymm13
+        vpor	%ymm4, %ymm14, %ymm14
+        vpandn	%ymm12, %ymm11, %ymm0
+        vpandn	%ymm13, %ymm12, %ymm1
+        vpandn	%ymm14, %ymm13, %ymm2
+        vpandn	%ymm10, %ymm14, %ymm3
+        vpandn	%ymm11, %ymm10, %ymm4
+        vpxor	%ymm10, %ymm0, %ymm0
+        vpxor	%ymm11, %ymm1, %ymm1
+        vpxor	%ymm12, %ymm2, %ymm2
+        vpxor	%ymm13, %ymm3, %ymm3
+        vpxor	%ymm14, %ymm4, %ymm4
+        vmovdqu	%ymm0, -32(%rdi)
+        vmovdqu	%ymm1, -64(%rax)
+        vmovdqu	%ymm2, 64(%rcx)
+        vmovdqu	%ymm3, -96(%rax)
+        vmovdqu	%ymm4, 128(%rax)
+        # Row 4
+        vpxor	(%rdi), %ymm7, %ymm10
+        vpxor	-32(%rax), %ymm8, %ymm11
+        vpxor	96(%rcx), %ymm9, %ymm12
+        vpxor	32(%rdi), %ymm5, %ymm13
+        vpxor	-96(%rcx), %ymm6, %ymm14
+        vpsrlq	$2, %ymm10, %ymm0
+        vpsrlq	$9, %ymm11, %ymm1
+        vpsrlq	$25, %ymm12, %ymm2
+        vpsrlq	$23, %ymm13, %ymm3
+        vpsrlq	$62, %ymm14, %ymm4
+        vpsllq	$62, %ymm10, %ymm10
+        vpsllq	$55, %ymm11, %ymm11
+        vpsllq	$39, %ymm12, %ymm12
+        vpsllq	$41, %ymm13, %ymm13
+        vpsllq	$2, %ymm14, %ymm14
+        vpor	%ymm0, %ymm10, %ymm10
+        vpor	%ymm1, %ymm11, %ymm11
+        vpor	%ymm2, %ymm12, %ymm12
+        vpor	%ymm3, %ymm13, %ymm13
+        vpor	%ymm4, %ymm14, %ymm14
+        vpandn	%ymm12, %ymm11, %ymm0
+        vpandn	%ymm13, %ymm12, %ymm1
+        vpandn	%ymm14, %ymm13, %ymm2
+        vpandn	%ymm10, %ymm14, %ymm3
+        vpandn	%ymm11, %ymm10, %ymm4
+        vpxor	%ymm10, %ymm0, %ymm0
+        vpxor	%ymm11, %ymm1, %ymm1
+        vpxor	%ymm12, %ymm2, %ymm2
+        vpxor	%ymm13, %ymm3, %ymm3
+        vpxor	%ymm14, %ymm4, %ymm4
+        vmovdqu	%ymm0, (%rdi)
+        vmovdqu	%ymm1, -32(%rax)
+        vmovdqu	%ymm2, 96(%rcx)
+        vmovdqu	%ymm3, 32(%rdi)
+        vmovdqu	%ymm4, -96(%rcx)
+        # Round 7
+        # Calc b[0..4]
+        vpxor	%ymm15, %ymm0, %ymm10
+        vpxor	-96(%rdi), %ymm10, %ymm10
+        vpxor	-64(%rdi), %ymm10, %ymm10
+        vpxor	-32(%rdi), %ymm10, %ymm10
+        vpxor	64(%rdi), %ymm3, %ymm13
+        vpxor	96(%rdi), %ymm13, %ymm13
+        vpxor	128(%rdi), %ymm13, %ymm13
+        vpxor	-96(%rax), %ymm13, %ymm13
+        vpxor	-64(%rax), %ymm1, %ymm11
+        vpxor	(%rax), %ymm11, %ymm11
+        vpxor	32(%rax), %ymm11, %ymm11
+        vpxor	64(%rax), %ymm11, %ymm11
+        vpxor	96(%rax), %ymm4, %ymm14
+        vpxor	128(%rax), %ymm14, %ymm14
+        vpxor	-64(%rcx), %ymm14, %ymm14
+        vpxor	-32(%rcx), %ymm14, %ymm14
+        vpxor	(%rcx), %ymm2, %ymm12
+        vpxor	32(%rcx), %ymm12, %ymm12
+        vpxor	64(%rcx), %ymm12, %ymm12
+        vpxor	128(%rcx), %ymm12, %ymm12
+        # Calc t[0..4]
+        vpsrlq	$63, %ymm11, %ymm0
+        vpsrlq	$63, %ymm12, %ymm1
+        vpsrlq	$63, %ymm13, %ymm2
+        vpsrlq	$63, %ymm14, %ymm3
+        vpsrlq	$63, %ymm10, %ymm4
+        vpaddq	%ymm11, %ymm11, %ymm5
+        vpaddq	%ymm12, %ymm12, %ymm6
+        vpaddq	%ymm13, %ymm13, %ymm7
+        vpaddq	%ymm14, %ymm14, %ymm8
+        vpaddq	%ymm10, %ymm10, %ymm9
+        vpor	%ymm0, %ymm5, %ymm5
+        vpor	%ymm1, %ymm6, %ymm6
+        vpor	%ymm2, %ymm7, %ymm7
+        vpor	%ymm3, %ymm8, %ymm8
+        vpor	%ymm4, %ymm9, %ymm9
+        vpxor	%ymm14, %ymm5, %ymm5
+        vpxor	%ymm10, %ymm6, %ymm6
+        vpxor	%ymm11, %ymm7, %ymm7
+        vpxor	%ymm12, %ymm8, %ymm8
+        vpxor	%ymm13, %ymm9, %ymm9
+        # Row Mix
+        # Row 0
+        vpxor	%ymm15, %ymm5, %ymm10
+        vpxor	32(%rax), %ymm6, %ymm11
+        vpxor	32(%rcx), %ymm7, %ymm12
+        vpxor	-96(%rax), %ymm8, %ymm13
+        vpxor	-96(%rcx), %ymm9, %ymm14
+        vpsrlq	$20, %ymm11, %ymm0
+        vpsrlq	$21, %ymm12, %ymm1
+        vpsrlq	$43, %ymm13, %ymm2
+        vpsrlq	$50, %ymm14, %ymm3
+        vpsllq	$44, %ymm11, %ymm11
+        vpsllq	$43, %ymm12, %ymm12
+        vpsllq	$21, %ymm13, %ymm13
+        vpsllq	$14, %ymm14, %ymm14
+        vpor	%ymm0, %ymm11, %ymm11
+        vpor	%ymm1, %ymm12, %ymm12
+        vpor	%ymm2, %ymm13, %ymm13
+        vpor	%ymm3, %ymm14, %ymm14
+        vpandn	%ymm12, %ymm11, %ymm15
+        vpandn	%ymm13, %ymm12, %ymm1
+        vpandn	%ymm14, %ymm13, %ymm2
+        vpandn	%ymm10, %ymm14, %ymm3
+        vpandn	%ymm11, %ymm10, %ymm4
+        vpxor	%ymm10, %ymm15, %ymm15
+        vpxor	%ymm11, %ymm1, %ymm1
+        vpxor	%ymm12, %ymm2, %ymm2
+        # XOR in constant
+        vpxor	224(%rdx), %ymm15, %ymm15
+        vpxor	%ymm13, %ymm3, %ymm3
+        vpxor	%ymm14, %ymm4, %ymm4
+        vmovdqu	%ymm1, 32(%rax)
+        vmovdqu	%ymm2, 32(%rcx)
+        vmovdqu	%ymm3, -96(%rax)
+        vmovdqu	%ymm4, -96(%rcx)
+        # Row 1
+        vpxor	64(%rdi), %ymm8, %ymm10
+        vpxor	-32(%rcx), %ymm9, %ymm11
+        vpxor	-64(%rdi), %ymm5, %ymm12
+        vpxor	-64(%rax), %ymm6, %ymm13
+        vpxor	96(%rcx), %ymm7, %ymm14
+        vpsrlq	$36, %ymm10, %ymm0
+        vpsrlq	$44, %ymm11, %ymm1
+        vpsrlq	$61, %ymm12, %ymm2
+        vpsrlq	$19, %ymm13, %ymm3
+        vpsrlq	$3, %ymm14, %ymm4
+        vpsllq	$28, %ymm10, %ymm10
+        vpsllq	$20, %ymm11, %ymm11
+        vpsllq	$3, %ymm12, %ymm12
+        vpsllq	$45, %ymm13, %ymm13
+        vpsllq	$61, %ymm14, %ymm14
+        vpor	%ymm0, %ymm10, %ymm10
+        vpor	%ymm1, %ymm11, %ymm11
+        vpor	%ymm2, %ymm12, %ymm12
+        vpor	%ymm3, %ymm13, %ymm13
+        vpor	%ymm4, %ymm14, %ymm14
+        vpandn	%ymm12, %ymm11, %ymm0
+        vpandn	%ymm13, %ymm12, %ymm1
+        vpandn	%ymm14, %ymm13, %ymm2
+        vpandn	%ymm10, %ymm14, %ymm3
+        vpandn	%ymm11, %ymm10, %ymm4
+        vpxor	%ymm10, %ymm0, %ymm0
+        vpxor	%ymm11, %ymm1, %ymm1
+        vpxor	%ymm12, %ymm2, %ymm2
+        vpxor	%ymm13, %ymm3, %ymm3
+        vpxor	%ymm14, %ymm4, %ymm4
+        vmovdqu	%ymm0, 64(%rdi)
+        vmovdqu	%ymm1, -32(%rcx)
+        vmovdqu	%ymm2, -64(%rdi)
+        vmovdqu	%ymm3, -64(%rax)
+        vmovdqu	%ymm4, 96(%rcx)
+        # Row 2
+        vpxor	(%rax), %ymm6, %ymm10
+        vpxor	(%rcx), %ymm7, %ymm11
+        vpxor	128(%rdi), %ymm8, %ymm12
+        vpxor	128(%rax), %ymm9, %ymm13
+        vpxor	(%rdi), %ymm5, %ymm14
+        vpsrlq	$63, %ymm10, %ymm0
+        vpsrlq	$58, %ymm11, %ymm1
+        vpsrlq	$39, %ymm12, %ymm2
+        vpsrlq	$56, %ymm13, %ymm3
+        vpsrlq	$46, %ymm14, %ymm4
+        vpaddq	%ymm10, %ymm10, %ymm10
+        vpsllq	$6, %ymm11, %ymm11
+        vpsllq	$25, %ymm12, %ymm12
+        vpsllq	$8, %ymm13, %ymm13
+        vpsllq	$18, %ymm14, %ymm14
+        vpor	%ymm0, %ymm10, %ymm10
+        vpor	%ymm1, %ymm11, %ymm11
+        vpor	%ymm2, %ymm12, %ymm12
+        vpor	%ymm3, %ymm13, %ymm13
+        vpor	%ymm4, %ymm14, %ymm14
+        vpandn	%ymm12, %ymm11, %ymm0
+        vpandn	%ymm13, %ymm12, %ymm1
+        vpandn	%ymm14, %ymm13, %ymm2
+        vpandn	%ymm10, %ymm14, %ymm3
+        vpandn	%ymm11, %ymm10, %ymm4
+        vpxor	%ymm10, %ymm0, %ymm0
+        vpxor	%ymm11, %ymm1, %ymm1
+        vpxor	%ymm12, %ymm2, %ymm2
+        vpxor	%ymm13, %ymm3, %ymm3
+        vpxor	%ymm14, %ymm4, %ymm4
+        vmovdqu	%ymm0, (%rax)
+        vmovdqu	%ymm1, (%rcx)
+        vmovdqu	%ymm2, 128(%rdi)
+        vmovdqu	%ymm3, 128(%rax)
+        vmovdqu	%ymm4, (%rdi)
+        # Row 3
+        vpxor	-64(%rcx), %ymm9, %ymm10
+        vpxor	-96(%rdi), %ymm5, %ymm11
+        vpxor	64(%rax), %ymm6, %ymm12
+        vpxor	64(%rcx), %ymm7, %ymm13
+        vpxor	32(%rdi), %ymm8, %ymm14
+        vpsrlq	$37, %ymm10, %ymm0
+        vpsrlq	$28, %ymm11, %ymm1
+        vpsrlq	$54, %ymm12, %ymm2
+        vpsrlq	$49, %ymm13, %ymm3
+        vpsrlq	$8, %ymm14, %ymm4
+        vpsllq	$27, %ymm10, %ymm10
+        vpsllq	$36, %ymm11, %ymm11
+        vpsllq	$10, %ymm12, %ymm12
+        vpsllq	$15, %ymm13, %ymm13
+        vpsllq	$56, %ymm14, %ymm14
+        vpor	%ymm0, %ymm10, %ymm10
+        vpor	%ymm1, %ymm11, %ymm11
+        vpor	%ymm2, %ymm12, %ymm12
+        vpor	%ymm3, %ymm13, %ymm13
+        vpor	%ymm4, %ymm14, %ymm14
+        vpandn	%ymm12, %ymm11, %ymm0
+        vpandn	%ymm13, %ymm12, %ymm1
+        vpandn	%ymm14, %ymm13, %ymm2
+        vpandn	%ymm10, %ymm14, %ymm3
+        vpandn	%ymm11, %ymm10, %ymm4
+        vpxor	%ymm10, %ymm0, %ymm0
+        vpxor	%ymm11, %ymm1, %ymm1
+        vpxor	%ymm12, %ymm2, %ymm2
+        vpxor	%ymm13, %ymm3, %ymm3
+        vpxor	%ymm14, %ymm4, %ymm4
+        vmovdqu	%ymm0, -64(%rcx)
+        vmovdqu	%ymm1, -96(%rdi)
+        vmovdqu	%ymm2, 64(%rax)
+        vmovdqu	%ymm3, 64(%rcx)
+        vmovdqu	%ymm4, 32(%rdi)
+        # Row 4
+        vpxor	128(%rcx), %ymm7, %ymm10
+        vpxor	96(%rdi), %ymm8, %ymm11
+        vpxor	96(%rax), %ymm9, %ymm12
+        vpxor	-32(%rdi), %ymm5, %ymm13
+        vpxor	-32(%rax), %ymm6, %ymm14
+        vpsrlq	$2, %ymm10, %ymm0
+        vpsrlq	$9, %ymm11, %ymm1
+        vpsrlq	$25, %ymm12, %ymm2
+        vpsrlq	$23, %ymm13, %ymm3
+        vpsrlq	$62, %ymm14, %ymm4
+        vpsllq	$62, %ymm10, %ymm10
+        vpsllq	$55, %ymm11, %ymm11
+        vpsllq	$39, %ymm12, %ymm12
+        vpsllq	$41, %ymm13, %ymm13
+        vpsllq	$2, %ymm14, %ymm14
+        vpor	%ymm0, %ymm10, %ymm10
+        vpor	%ymm1, %ymm11, %ymm11
+        vpor	%ymm2, %ymm12, %ymm12
+        vpor	%ymm3, %ymm13, %ymm13
+        vpor	%ymm4, %ymm14, %ymm14
+        vpandn	%ymm12, %ymm11, %ymm0
+        vpandn	%ymm13, %ymm12, %ymm1
+        vpandn	%ymm14, %ymm13, %ymm2
+        vpandn	%ymm10, %ymm14, %ymm3
+        vpandn	%ymm11, %ymm10, %ymm4
+        vpxor	%ymm10, %ymm0, %ymm0
+        vpxor	%ymm11, %ymm1, %ymm1
+        vpxor	%ymm12, %ymm2, %ymm2
+        vpxor	%ymm13, %ymm3, %ymm3
+        vpxor	%ymm14, %ymm4, %ymm4
+        vmovdqu	%ymm0, 128(%rcx)
+        vmovdqu	%ymm1, 96(%rdi)
+        vmovdqu	%ymm2, 96(%rax)
+        vmovdqu	%ymm3, -32(%rdi)
+        vmovdqu	%ymm4, -32(%rax)
+        # Round 8
+        # Calc b[0..4]
+        vpxor	%ymm15, %ymm0, %ymm10
+        vpxor	-96(%rdi), %ymm1, %ymm11
+        vpxor	-64(%rdi), %ymm2, %ymm12
+        vpxor	(%rdi), %ymm4, %ymm14
+        vpxor	32(%rdi), %ymm14, %ymm14
+        vpxor	64(%rdi), %ymm10, %ymm10
+        vpxor	128(%rdi), %ymm12, %ymm12
+        vpxor	-96(%rax), %ymm3, %ymm13
+        vpxor	-64(%rax), %ymm13, %ymm13
+        vpxor	(%rax), %ymm10, %ymm10
+        vpxor	32(%rax), %ymm11, %ymm11
+        vpxor	64(%rax), %ymm12, %ymm12
+        vpxor	128(%rax), %ymm13, %ymm13
+        vpxor	-96(%rcx), %ymm14, %ymm14
+        vpxor	-64(%rcx), %ymm10, %ymm10
+        vpxor	-32(%rcx), %ymm11, %ymm11
+        vpxor	(%rcx), %ymm11, %ymm11
+        vpxor	32(%rcx), %ymm12, %ymm12
+        vpxor	64(%rcx), %ymm13, %ymm13
+        vpxor	96(%rcx), %ymm14, %ymm14
+        # Calc t[0..4]
+        vpsrlq	$63, %ymm11, %ymm0
+        vpsrlq	$63, %ymm12, %ymm1
+        vpsrlq	$63, %ymm13, %ymm2
+        vpsrlq	$63, %ymm14, %ymm3
+        vpsrlq	$63, %ymm10, %ymm4
+        vpaddq	%ymm11, %ymm11, %ymm5
+        vpaddq	%ymm12, %ymm12, %ymm6
+        vpaddq	%ymm13, %ymm13, %ymm7
+        vpaddq	%ymm14, %ymm14, %ymm8
+        vpaddq	%ymm10, %ymm10, %ymm9
+        vpor	%ymm0, %ymm5, %ymm5
+        vpor	%ymm1, %ymm6, %ymm6
+        vpor	%ymm2, %ymm7, %ymm7
+        vpor	%ymm3, %ymm8, %ymm8
+        vpor	%ymm4, %ymm9, %ymm9
+        vpxor	%ymm14, %ymm5, %ymm5
+        vpxor	%ymm10, %ymm6, %ymm6
+        vpxor	%ymm11, %ymm7, %ymm7
+        vpxor	%ymm12, %ymm8, %ymm8
+        vpxor	%ymm13, %ymm9, %ymm9
+        # Row Mix
+        # Row 0
+        vpxor	%ymm15, %ymm5, %ymm10
+        vpxor	-32(%rcx), %ymm6, %ymm11
+        vpxor	128(%rdi), %ymm7, %ymm12
+        vpxor	64(%rcx), %ymm8, %ymm13
+        vpxor	-32(%rax), %ymm9, %ymm14
+        vpsrlq	$20, %ymm11, %ymm0
+        vpsrlq	$21, %ymm12, %ymm1
+        vpsrlq	$43, %ymm13, %ymm2
+        vpsrlq	$50, %ymm14, %ymm3
+        vpsllq	$44, %ymm11, %ymm11
+        vpsllq	$43, %ymm12, %ymm12
+        vpsllq	$21, %ymm13, %ymm13
+        vpsllq	$14, %ymm14, %ymm14
+        vpor	%ymm0, %ymm11, %ymm11
+        vpor	%ymm1, %ymm12, %ymm12
+        vpor	%ymm2, %ymm13, %ymm13
+        vpor	%ymm3, %ymm14, %ymm14
+        vpandn	%ymm12, %ymm11, %ymm15
+        vpandn	%ymm13, %ymm12, %ymm1
+        vpandn	%ymm14, %ymm13, %ymm2
+        vpandn	%ymm10, %ymm14, %ymm3
+        vpandn	%ymm11, %ymm10, %ymm4
+        vpxor	%ymm10, %ymm15, %ymm15
+        vpxor	%ymm11, %ymm1, %ymm1
+        vpxor	%ymm12, %ymm2, %ymm2
+        # XOR in constant
+        vpxor	256(%rdx), %ymm15, %ymm15
+        vpxor	%ymm13, %ymm3, %ymm3
+        vpxor	%ymm14, %ymm4, %ymm4
+        vmovdqu	%ymm1, -32(%rcx)
+        vmovdqu	%ymm2, 128(%rdi)
+        vmovdqu	%ymm3, 64(%rcx)
+        vmovdqu	%ymm4, -32(%rax)
+        # Row 1
+        vpxor	-96(%rax), %ymm8, %ymm10
+        vpxor	96(%rcx), %ymm9, %ymm11
+        vpxor	(%rax), %ymm5, %ymm12
+        vpxor	-96(%rdi), %ymm6, %ymm13
+        vpxor	96(%rax), %ymm7, %ymm14
+        vpsrlq	$36, %ymm10, %ymm0
+        vpsrlq	$44, %ymm11, %ymm1
+        vpsrlq	$61, %ymm12, %ymm2
+        vpsrlq	$19, %ymm13, %ymm3
+        vpsrlq	$3, %ymm14, %ymm4
+        vpsllq	$28, %ymm10, %ymm10
+        vpsllq	$20, %ymm11, %ymm11
+        vpsllq	$3, %ymm12, %ymm12
+        vpsllq	$45, %ymm13, %ymm13
+        vpsllq	$61, %ymm14, %ymm14
+        vpor	%ymm0, %ymm10, %ymm10
+        vpor	%ymm1, %ymm11, %ymm11
+        vpor	%ymm2, %ymm12, %ymm12
+        vpor	%ymm3, %ymm13, %ymm13
+        vpor	%ymm4, %ymm14, %ymm14
+        vpandn	%ymm12, %ymm11, %ymm0
+        vpandn	%ymm13, %ymm12, %ymm1
+        vpandn	%ymm14, %ymm13, %ymm2
+        vpandn	%ymm10, %ymm14, %ymm3
+        vpandn	%ymm11, %ymm10, %ymm4
+        vpxor	%ymm10, %ymm0, %ymm0
+        vpxor	%ymm11, %ymm1, %ymm1
+        vpxor	%ymm12, %ymm2, %ymm2
+        vpxor	%ymm13, %ymm3, %ymm3
+        vpxor	%ymm14, %ymm4, %ymm4
+        vmovdqu	%ymm0, -96(%rax)
+        vmovdqu	%ymm1, 96(%rcx)
+        vmovdqu	%ymm2, (%rax)
+        vmovdqu	%ymm3, -96(%rdi)
+        vmovdqu	%ymm4, 96(%rax)
+        # Row 2
+        vpxor	32(%rax), %ymm6, %ymm10
+        vpxor	-64(%rdi), %ymm7, %ymm11
+        vpxor	128(%rax), %ymm8, %ymm12
+        vpxor	32(%rdi), %ymm9, %ymm13
+        vpxor	128(%rcx), %ymm5, %ymm14
+        vpsrlq	$63, %ymm10, %ymm0
+        vpsrlq	$58, %ymm11, %ymm1
+        vpsrlq	$39, %ymm12, %ymm2
+        vpsrlq	$56, %ymm13, %ymm3
+        vpsrlq	$46, %ymm14, %ymm4
+        vpaddq	%ymm10, %ymm10, %ymm10
+        vpsllq	$6, %ymm11, %ymm11
+        vpsllq	$25, %ymm12, %ymm12
+        vpsllq	$8, %ymm13, %ymm13
+        vpsllq	$18, %ymm14, %ymm14
+        vpor	%ymm0, %ymm10, %ymm10
+        vpor	%ymm1, %ymm11, %ymm11
+        vpor	%ymm2, %ymm12, %ymm12
+        vpor	%ymm3, %ymm13, %ymm13
+        vpor	%ymm4, %ymm14, %ymm14
+        vpandn	%ymm12, %ymm11, %ymm0
+        vpandn	%ymm13, %ymm12, %ymm1
+        vpandn	%ymm14, %ymm13, %ymm2
+        vpandn	%ymm10, %ymm14, %ymm3
+        vpandn	%ymm11, %ymm10, %ymm4
+        vpxor	%ymm10, %ymm0, %ymm0
+        vpxor	%ymm11, %ymm1, %ymm1
+        vpxor	%ymm12, %ymm2, %ymm2
+        vpxor	%ymm13, %ymm3, %ymm3
+        vpxor	%ymm14, %ymm4, %ymm4
+        vmovdqu	%ymm0, 32(%rax)
+        vmovdqu	%ymm1, -64(%rdi)
+        vmovdqu	%ymm2, 128(%rax)
+        vmovdqu	%ymm3, 32(%rdi)
+        vmovdqu	%ymm4, 128(%rcx)
+        # Row 3
+        vpxor	-96(%rcx), %ymm9, %ymm10
+        vpxor	64(%rdi), %ymm5, %ymm11
+        vpxor	(%rcx), %ymm6, %ymm12
+        vpxor	64(%rax), %ymm7, %ymm13
+        vpxor	-32(%rdi), %ymm8, %ymm14
+        vpsrlq	$37, %ymm10, %ymm0
+        vpsrlq	$28, %ymm11, %ymm1
+        vpsrlq	$54, %ymm12, %ymm2
+        vpsrlq	$49, %ymm13, %ymm3
+        vpsrlq	$8, %ymm14, %ymm4
+        vpsllq	$27, %ymm10, %ymm10
+        vpsllq	$36, %ymm11, %ymm11
+        vpsllq	$10, %ymm12, %ymm12
+        vpsllq	$15, %ymm13, %ymm13
+        vpsllq	$56, %ymm14, %ymm14
+        vpor	%ymm0, %ymm10, %ymm10
+        vpor	%ymm1, %ymm11, %ymm11
+        vpor	%ymm2, %ymm12, %ymm12
+        vpor	%ymm3, %ymm13, %ymm13
+        vpor	%ymm4, %ymm14, %ymm14
+        vpandn	%ymm12, %ymm11, %ymm0
+        vpandn	%ymm13, %ymm12, %ymm1
+        vpandn	%ymm14, %ymm13, %ymm2
+        vpandn	%ymm10, %ymm14, %ymm3
+        vpandn	%ymm11, %ymm10, %ymm4
+        vpxor	%ymm10, %ymm0, %ymm0
+        vpxor	%ymm11, %ymm1, %ymm1
+        vpxor	%ymm12, %ymm2, %ymm2
+        vpxor	%ymm13, %ymm3, %ymm3
+        vpxor	%ymm14, %ymm4, %ymm4
+        vmovdqu	%ymm0, -96(%rcx)
+        vmovdqu	%ymm1, 64(%rdi)
+        vmovdqu	%ymm2, (%rcx)
+        vmovdqu	%ymm3, 64(%rax)
+        vmovdqu	%ymm4, -32(%rdi)
+        # Row 4
+        vpxor	32(%rcx), %ymm7, %ymm10
+        vpxor	-64(%rax), %ymm8, %ymm11
+        vpxor	(%rdi), %ymm9, %ymm12
+        vpxor	-64(%rcx), %ymm5, %ymm13
+        vpxor	96(%rdi), %ymm6, %ymm14
+        vpsrlq	$2, %ymm10, %ymm0
+        vpsrlq	$9, %ymm11, %ymm1
+        vpsrlq	$25, %ymm12, %ymm2
+        vpsrlq	$23, %ymm13, %ymm3
+        vpsrlq	$62, %ymm14, %ymm4
+        vpsllq	$62, %ymm10, %ymm10
+        vpsllq	$55, %ymm11, %ymm11
+        vpsllq	$39, %ymm12, %ymm12
+        vpsllq	$41, %ymm13, %ymm13
+        vpsllq	$2, %ymm14, %ymm14
+        vpor	%ymm0, %ymm10, %ymm10
+        vpor	%ymm1, %ymm11, %ymm11
+        vpor	%ymm2, %ymm12, %ymm12
+        vpor	%ymm3, %ymm13, %ymm13
+        vpor	%ymm4, %ymm14, %ymm14
+        vpandn	%ymm12, %ymm11, %ymm0
+        vpandn	%ymm13, %ymm12, %ymm1
+        vpandn	%ymm14, %ymm13, %ymm2
+        vpandn	%ymm10, %ymm14, %ymm3
+        vpandn	%ymm11, %ymm10, %ymm4
+        vpxor	%ymm10, %ymm0, %ymm0
+        vpxor	%ymm11, %ymm1, %ymm1
+        vpxor	%ymm12, %ymm2, %ymm2
+        vpxor	%ymm13, %ymm3, %ymm3
+        vpxor	%ymm14, %ymm4, %ymm4
+        vmovdqu	%ymm0, 32(%rcx)
+        vmovdqu	%ymm1, -64(%rax)
+        vmovdqu	%ymm2, (%rdi)
+        vmovdqu	%ymm3, -64(%rcx)
+        vmovdqu	%ymm4, 96(%rdi)
+        # Round 9
+        # Calc b[0..4]
+        vpxor	%ymm15, %ymm0, %ymm10
+        vpxor	-96(%rdi), %ymm3, %ymm13
+        vpxor	-64(%rdi), %ymm1, %ymm11
+        vpxor	-32(%rdi), %ymm4, %ymm14
+        vpxor	32(%rdi), %ymm13, %ymm13
+        vpxor	64(%rdi), %ymm11, %ymm11
+        vpxor	128(%rdi), %ymm2, %ymm12
+        vpxor	-96(%rax), %ymm10, %ymm10
+        vpxor	-32(%rax), %ymm14, %ymm14
+        vpxor	(%rax), %ymm12, %ymm12
+        vpxor	32(%rax), %ymm10, %ymm10
+        vpxor	64(%rax), %ymm13, %ymm13
+        vpxor	96(%rax), %ymm14, %ymm14
+        vpxor	128(%rax), %ymm12, %ymm12
+        vpxor	-96(%rcx), %ymm10, %ymm10
+        vpxor	-32(%rcx), %ymm11, %ymm11
+        vpxor	(%rcx), %ymm12, %ymm12
+        vpxor	64(%rcx), %ymm13, %ymm13
+        vpxor	96(%rcx), %ymm11, %ymm11
+        vpxor	128(%rcx), %ymm14, %ymm14
+        # Calc t[0..4]
+        vpsrlq	$63, %ymm11, %ymm0
+        vpsrlq	$63, %ymm12, %ymm1
+        vpsrlq	$63, %ymm13, %ymm2
+        vpsrlq	$63, %ymm14, %ymm3
+        vpsrlq	$63, %ymm10, %ymm4
+        vpaddq	%ymm11, %ymm11, %ymm5
+        vpaddq	%ymm12, %ymm12, %ymm6
+        vpaddq	%ymm13, %ymm13, %ymm7
+        vpaddq	%ymm14, %ymm14, %ymm8
+        vpaddq	%ymm10, %ymm10, %ymm9
+        vpor	%ymm0, %ymm5, %ymm5
+        vpor	%ymm1, %ymm6, %ymm6
+        vpor	%ymm2, %ymm7, %ymm7
+        vpor	%ymm3, %ymm8, %ymm8
+        vpor	%ymm4, %ymm9, %ymm9
+        vpxor	%ymm14, %ymm5, %ymm5
+        vpxor	%ymm10, %ymm6, %ymm6
+        vpxor	%ymm11, %ymm7, %ymm7
+        vpxor	%ymm12, %ymm8, %ymm8
+        vpxor	%ymm13, %ymm9, %ymm9
+        # Row Mix
+        # Row 0
+        vpxor	%ymm15, %ymm5, %ymm10
+        vpxor	96(%rcx), %ymm6, %ymm11
+        vpxor	128(%rax), %ymm7, %ymm12
+        vpxor	64(%rax), %ymm8, %ymm13
+        vpxor	96(%rdi), %ymm9, %ymm14
+        vpsrlq	$20, %ymm11, %ymm0
+        vpsrlq	$21, %ymm12, %ymm1
+        vpsrlq	$43, %ymm13, %ymm2
+        vpsrlq	$50, %ymm14, %ymm3
+        vpsllq	$44, %ymm11, %ymm11
+        vpsllq	$43, %ymm12, %ymm12
+        vpsllq	$21, %ymm13, %ymm13
+        vpsllq	$14, %ymm14, %ymm14
+        vpor	%ymm0, %ymm11, %ymm11
+        vpor	%ymm1, %ymm12, %ymm12
+        vpor	%ymm2, %ymm13, %ymm13
+        vpor	%ymm3, %ymm14, %ymm14
+        vpandn	%ymm12, %ymm11, %ymm15
+        vpandn	%ymm13, %ymm12, %ymm1
+        vpandn	%ymm14, %ymm13, %ymm2
+        vpandn	%ymm10, %ymm14, %ymm3
+        vpandn	%ymm11, %ymm10, %ymm4
+        vpxor	%ymm10, %ymm15, %ymm15
+        vpxor	%ymm11, %ymm1, %ymm1
+        vpxor	%ymm12, %ymm2, %ymm2
+        # XOR in constant
+        vpxor	288(%rdx), %ymm15, %ymm15
+        vpxor	%ymm13, %ymm3, %ymm3
+        vpxor	%ymm14, %ymm4, %ymm4
+        vmovdqu	%ymm1, 96(%rcx)
+        vmovdqu	%ymm2, 128(%rax)
+        vmovdqu	%ymm3, 64(%rax)
+        vmovdqu	%ymm4, 96(%rdi)
+        # Row 1
+        vpxor	64(%rcx), %ymm8, %ymm10
+        vpxor	96(%rax), %ymm9, %ymm11
+        vpxor	32(%rax), %ymm5, %ymm12
+        vpxor	64(%rdi), %ymm6, %ymm13
+        vpxor	(%rdi), %ymm7, %ymm14
+        vpsrlq	$36, %ymm10, %ymm0
+        vpsrlq	$44, %ymm11, %ymm1
+        vpsrlq	$61, %ymm12, %ymm2
+        vpsrlq	$19, %ymm13, %ymm3
+        vpsrlq	$3, %ymm14, %ymm4
+        vpsllq	$28, %ymm10, %ymm10
+        vpsllq	$20, %ymm11, %ymm11
+        vpsllq	$3, %ymm12, %ymm12
+        vpsllq	$45, %ymm13, %ymm13
+        vpsllq	$61, %ymm14, %ymm14
+        vpor	%ymm0, %ymm10, %ymm10
+        vpor	%ymm1, %ymm11, %ymm11
+        vpor	%ymm2, %ymm12, %ymm12
+        vpor	%ymm3, %ymm13, %ymm13
+        vpor	%ymm4, %ymm14, %ymm14
+        vpandn	%ymm12, %ymm11, %ymm0
+        vpandn	%ymm13, %ymm12, %ymm1
+        vpandn	%ymm14, %ymm13, %ymm2
+        vpandn	%ymm10, %ymm14, %ymm3
+        vpandn	%ymm11, %ymm10, %ymm4
+        vpxor	%ymm10, %ymm0, %ymm0
+        vpxor	%ymm11, %ymm1, %ymm1
+        vpxor	%ymm12, %ymm2, %ymm2
+        vpxor	%ymm13, %ymm3, %ymm3
+        vpxor	%ymm14, %ymm4, %ymm4
+        vmovdqu	%ymm0, 64(%rcx)
+        vmovdqu	%ymm1, 96(%rax)
+        vmovdqu	%ymm2, 32(%rax)
+        vmovdqu	%ymm3, 64(%rdi)
+        vmovdqu	%ymm4, (%rdi)
+        # Row 2
+        vpxor	-32(%rcx), %ymm6, %ymm10
+        vpxor	(%rax), %ymm7, %ymm11
+        vpxor	32(%rdi), %ymm8, %ymm12
+        vpxor	-32(%rdi), %ymm9, %ymm13
+        vpxor	32(%rcx), %ymm5, %ymm14
+        vpsrlq	$63, %ymm10, %ymm0
+        vpsrlq	$58, %ymm11, %ymm1
+        vpsrlq	$39, %ymm12, %ymm2
+        vpsrlq	$56, %ymm13, %ymm3
+        vpsrlq	$46, %ymm14, %ymm4
+        vpaddq	%ymm10, %ymm10, %ymm10
+        vpsllq	$6, %ymm11, %ymm11
+        vpsllq	$25, %ymm12, %ymm12
+        vpsllq	$8, %ymm13, %ymm13
+        vpsllq	$18, %ymm14, %ymm14
+        vpor	%ymm0, %ymm10, %ymm10
+        vpor	%ymm1, %ymm11, %ymm11
+        vpor	%ymm2, %ymm12, %ymm12
+        vpor	%ymm3, %ymm13, %ymm13
+        vpor	%ymm4, %ymm14, %ymm14
+        vpandn	%ymm12, %ymm11, %ymm0
+        vpandn	%ymm13, %ymm12, %ymm1
+        vpandn	%ymm14, %ymm13, %ymm2
+        vpandn	%ymm10, %ymm14, %ymm3
+        vpandn	%ymm11, %ymm10, %ymm4
+        vpxor	%ymm10, %ymm0, %ymm0
+        vpxor	%ymm11, %ymm1, %ymm1
+        vpxor	%ymm12, %ymm2, %ymm2
+        vpxor	%ymm13, %ymm3, %ymm3
+        vpxor	%ymm14, %ymm4, %ymm4
+        vmovdqu	%ymm0, -32(%rcx)
+        vmovdqu	%ymm1, (%rax)
+        vmovdqu	%ymm2, 32(%rdi)
+        vmovdqu	%ymm3, -32(%rdi)
+        vmovdqu	%ymm4, 32(%rcx)
+        # Row 3
+        vpxor	-32(%rax), %ymm9, %ymm10
+        vpxor	-96(%rax), %ymm5, %ymm11
+        vpxor	-64(%rdi), %ymm6, %ymm12
+        vpxor	(%rcx), %ymm7, %ymm13
+        vpxor	-64(%rcx), %ymm8, %ymm14
+        vpsrlq	$37, %ymm10, %ymm0
+        vpsrlq	$28, %ymm11, %ymm1
+        vpsrlq	$54, %ymm12, %ymm2
+        vpsrlq	$49, %ymm13, %ymm3
+        vpsrlq	$8, %ymm14, %ymm4
+        vpsllq	$27, %ymm10, %ymm10
+        vpsllq	$36, %ymm11, %ymm11
+        vpsllq	$10, %ymm12, %ymm12
+        vpsllq	$15, %ymm13, %ymm13
+        vpsllq	$56, %ymm14, %ymm14
+        vpor	%ymm0, %ymm10, %ymm10
+        vpor	%ymm1, %ymm11, %ymm11
+        vpor	%ymm2, %ymm12, %ymm12
+        vpor	%ymm3, %ymm13, %ymm13
+        vpor	%ymm4, %ymm14, %ymm14
+        vpandn	%ymm12, %ymm11, %ymm0
+        vpandn	%ymm13, %ymm12, %ymm1
+        vpandn	%ymm14, %ymm13, %ymm2
+        vpandn	%ymm10, %ymm14, %ymm3
+        vpandn	%ymm11, %ymm10, %ymm4
+        vpxor	%ymm10, %ymm0, %ymm0
+        vpxor	%ymm11, %ymm1, %ymm1
+        vpxor	%ymm12, %ymm2, %ymm2
+        vpxor	%ymm13, %ymm3, %ymm3
+        vpxor	%ymm14, %ymm4, %ymm4
+        vmovdqu	%ymm0, -32(%rax)
+        vmovdqu	%ymm1, -96(%rax)
+        vmovdqu	%ymm2, -64(%rdi)
+        vmovdqu	%ymm3, (%rcx)
+        vmovdqu	%ymm4, -64(%rcx)
+        # Row 4
+        vpxor	128(%rdi), %ymm7, %ymm10
+        vpxor	-96(%rdi), %ymm8, %ymm11
+        vpxor	128(%rcx), %ymm9, %ymm12
+        vpxor	-96(%rcx), %ymm5, %ymm13
+        vpxor	-64(%rax), %ymm6, %ymm14
+        vpsrlq	$2, %ymm10, %ymm0
+        vpsrlq	$9, %ymm11, %ymm1
+        vpsrlq	$25, %ymm12, %ymm2
+        vpsrlq	$23, %ymm13, %ymm3
+        vpsrlq	$62, %ymm14, %ymm4
+        vpsllq	$62, %ymm10, %ymm10
+        vpsllq	$55, %ymm11, %ymm11
+        vpsllq	$39, %ymm12, %ymm12
+        vpsllq	$41, %ymm13, %ymm13
+        vpsllq	$2, %ymm14, %ymm14
+        vpor	%ymm0, %ymm10, %ymm10
+        vpor	%ymm1, %ymm11, %ymm11
+        vpor	%ymm2, %ymm12, %ymm12
+        vpor	%ymm3, %ymm13, %ymm13
+        vpor	%ymm4, %ymm14, %ymm14
+        vpandn	%ymm12, %ymm11, %ymm0
+        vpandn	%ymm13, %ymm12, %ymm1
+        vpandn	%ymm14, %ymm13, %ymm2
+        vpandn	%ymm10, %ymm14, %ymm3
+        vpandn	%ymm11, %ymm10, %ymm4
+        vpxor	%ymm10, %ymm0, %ymm0
+        vpxor	%ymm11, %ymm1, %ymm1
+        vpxor	%ymm12, %ymm2, %ymm2
+        vpxor	%ymm13, %ymm3, %ymm3
+        vpxor	%ymm14, %ymm4, %ymm4
+        vmovdqu	%ymm0, 128(%rdi)
+        vmovdqu	%ymm1, -96(%rdi)
+        vmovdqu	%ymm2, 128(%rcx)
+        vmovdqu	%ymm3, -96(%rcx)
+        vmovdqu	%ymm4, -64(%rax)
+        # Round 10
+        # Calc b[0..4]
+        vpxor	%ymm15, %ymm0, %ymm10
+        vpxor	-64(%rdi), %ymm2, %ymm12
+        vpxor	-32(%rdi), %ymm3, %ymm13
+        vpxor	(%rdi), %ymm4, %ymm14
+        vpxor	32(%rdi), %ymm12, %ymm12
+        vpxor	64(%rdi), %ymm13, %ymm13
+        vpxor	96(%rdi), %ymm14, %ymm14
+        vpxor	-96(%rax), %ymm1, %ymm11
+        vpxor	-32(%rax), %ymm10, %ymm10
+        vpxor	(%rax), %ymm11, %ymm11
+        vpxor	32(%rax), %ymm12, %ymm12
+        vpxor	64(%rax), %ymm13, %ymm13
+        vpxor	96(%rax), %ymm11, %ymm11
+        vpxor	128(%rax), %ymm12, %ymm12
+        vpxor	-64(%rcx), %ymm14, %ymm14
+        vpxor	-32(%rcx), %ymm10, %ymm10
+        vpxor	(%rcx), %ymm13, %ymm13
+        vpxor	32(%rcx), %ymm14, %ymm14
+        vpxor	64(%rcx), %ymm10, %ymm10
+        vpxor	96(%rcx), %ymm11, %ymm11
+        # Calc t[0..4]
+        vpsrlq	$63, %ymm11, %ymm0
+        vpsrlq	$63, %ymm12, %ymm1
+        vpsrlq	$63, %ymm13, %ymm2
+        vpsrlq	$63, %ymm14, %ymm3
+        vpsrlq	$63, %ymm10, %ymm4
+        vpaddq	%ymm11, %ymm11, %ymm5
+        vpaddq	%ymm12, %ymm12, %ymm6
+        vpaddq	%ymm13, %ymm13, %ymm7
+        vpaddq	%ymm14, %ymm14, %ymm8
+        vpaddq	%ymm10, %ymm10, %ymm9
+        vpor	%ymm0, %ymm5, %ymm5
+        vpor	%ymm1, %ymm6, %ymm6
+        vpor	%ymm2, %ymm7, %ymm7
+        vpor	%ymm3, %ymm8, %ymm8
+        vpor	%ymm4, %ymm9, %ymm9
+        vpxor	%ymm14, %ymm5, %ymm5
+        vpxor	%ymm10, %ymm6, %ymm6
+        vpxor	%ymm11, %ymm7, %ymm7
+        vpxor	%ymm12, %ymm8, %ymm8
+        vpxor	%ymm13, %ymm9, %ymm9
+        # Row Mix
+        # Row 0
+        vpxor	%ymm15, %ymm5, %ymm10
+        vpxor	96(%rax), %ymm6, %ymm11
+        vpxor	32(%rdi), %ymm7, %ymm12
+        vpxor	(%rcx), %ymm8, %ymm13
+        vpxor	-64(%rax), %ymm9, %ymm14
+        vpsrlq	$20, %ymm11, %ymm0
+        vpsrlq	$21, %ymm12, %ymm1
+        vpsrlq	$43, %ymm13, %ymm2
+        vpsrlq	$50, %ymm14, %ymm3
+        vpsllq	$44, %ymm11, %ymm11
+        vpsllq	$43, %ymm12, %ymm12
+        vpsllq	$21, %ymm13, %ymm13
+        vpsllq	$14, %ymm14, %ymm14
+        vpor	%ymm0, %ymm11, %ymm11
+        vpor	%ymm1, %ymm12, %ymm12
+        vpor	%ymm2, %ymm13, %ymm13
+        vpor	%ymm3, %ymm14, %ymm14
+        vpandn	%ymm12, %ymm11, %ymm15
+        vpandn	%ymm13, %ymm12, %ymm1
+        vpandn	%ymm14, %ymm13, %ymm2
+        vpandn	%ymm10, %ymm14, %ymm3
+        vpandn	%ymm11, %ymm10, %ymm4
+        vpxor	%ymm10, %ymm15, %ymm15
+        vpxor	%ymm11, %ymm1, %ymm1
+        vpxor	%ymm12, %ymm2, %ymm2
+        # XOR in constant
+        vpxor	320(%rdx), %ymm15, %ymm15
+        vpxor	%ymm13, %ymm3, %ymm3
+        vpxor	%ymm14, %ymm4, %ymm4
+        vmovdqu	%ymm1, 96(%rax)
+        vmovdqu	%ymm2, 32(%rdi)
+        vmovdqu	%ymm3, (%rcx)
+        vmovdqu	%ymm4, -64(%rax)
+        # Row 1
+        vpxor	64(%rax), %ymm8, %ymm10
+        vpxor	(%rdi), %ymm9, %ymm11
+        vpxor	-32(%rcx), %ymm5, %ymm12
+        vpxor	-96(%rax), %ymm6, %ymm13
+        vpxor	128(%rcx), %ymm7, %ymm14
+        vpsrlq	$36, %ymm10, %ymm0
+        vpsrlq	$44, %ymm11, %ymm1
+        vpsrlq	$61, %ymm12, %ymm2
+        vpsrlq	$19, %ymm13, %ymm3
+        vpsrlq	$3, %ymm14, %ymm4
+        vpsllq	$28, %ymm10, %ymm10
+        vpsllq	$20, %ymm11, %ymm11
+        vpsllq	$3, %ymm12, %ymm12
+        vpsllq	$45, %ymm13, %ymm13
+        vpsllq	$61, %ymm14, %ymm14
+        vpor	%ymm0, %ymm10, %ymm10
+        vpor	%ymm1, %ymm11, %ymm11
+        vpor	%ymm2, %ymm12, %ymm12
+        vpor	%ymm3, %ymm13, %ymm13
+        vpor	%ymm4, %ymm14, %ymm14
+        vpandn	%ymm12, %ymm11, %ymm0
+        vpandn	%ymm13, %ymm12, %ymm1
+        vpandn	%ymm14, %ymm13, %ymm2
+        vpandn	%ymm10, %ymm14, %ymm3
+        vpandn	%ymm11, %ymm10, %ymm4
+        vpxor	%ymm10, %ymm0, %ymm0
+        vpxor	%ymm11, %ymm1, %ymm1
+        vpxor	%ymm12, %ymm2, %ymm2
+        vpxor	%ymm13, %ymm3, %ymm3
+        vpxor	%ymm14, %ymm4, %ymm4
+        vmovdqu	%ymm0, 64(%rax)
+        vmovdqu	%ymm1, (%rdi)
+        vmovdqu	%ymm2, -32(%rcx)
+        vmovdqu	%ymm3, -96(%rax)
+        vmovdqu	%ymm4, 128(%rcx)
+        # Row 2
+        vpxor	96(%rcx), %ymm6, %ymm10
+        vpxor	32(%rax), %ymm7, %ymm11
+        vpxor	-32(%rdi), %ymm8, %ymm12
+        vpxor	-64(%rcx), %ymm9, %ymm13
+        vpxor	128(%rdi), %ymm5, %ymm14
+        vpsrlq	$63, %ymm10, %ymm0
+        vpsrlq	$58, %ymm11, %ymm1
+        vpsrlq	$39, %ymm12, %ymm2
+        vpsrlq	$56, %ymm13, %ymm3
+        vpsrlq	$46, %ymm14, %ymm4
+        vpaddq	%ymm10, %ymm10, %ymm10
+        vpsllq	$6, %ymm11, %ymm11
+        vpsllq	$25, %ymm12, %ymm12
+        vpsllq	$8, %ymm13, %ymm13
+        vpsllq	$18, %ymm14, %ymm14
+        vpor	%ymm0, %ymm10, %ymm10
+        vpor	%ymm1, %ymm11, %ymm11
+        vpor	%ymm2, %ymm12, %ymm12
+        vpor	%ymm3, %ymm13, %ymm13
+        vpor	%ymm4, %ymm14, %ymm14
+        vpandn	%ymm12, %ymm11, %ymm0
+        vpandn	%ymm13, %ymm12, %ymm1
+        vpandn	%ymm14, %ymm13, %ymm2
+        vpandn	%ymm10, %ymm14, %ymm3
+        vpandn	%ymm11, %ymm10, %ymm4
+        vpxor	%ymm10, %ymm0, %ymm0
+        vpxor	%ymm11, %ymm1, %ymm1
+        vpxor	%ymm12, %ymm2, %ymm2
+        vpxor	%ymm13, %ymm3, %ymm3
+        vpxor	%ymm14, %ymm4, %ymm4
+        vmovdqu	%ymm0, 96(%rcx)
+        vmovdqu	%ymm1, 32(%rax)
+        vmovdqu	%ymm2, -32(%rdi)
+        vmovdqu	%ymm3, -64(%rcx)
+        vmovdqu	%ymm4, 128(%rdi)
+        # Row 3
+        vpxor	96(%rdi), %ymm9, %ymm10
+        vpxor	64(%rcx), %ymm5, %ymm11
+        vpxor	(%rax), %ymm6, %ymm12
+        vpxor	-64(%rdi), %ymm7, %ymm13
+        vpxor	-96(%rcx), %ymm8, %ymm14
+        vpsrlq	$37, %ymm10, %ymm0
+        vpsrlq	$28, %ymm11, %ymm1
+        vpsrlq	$54, %ymm12, %ymm2
+        vpsrlq	$49, %ymm13, %ymm3
+        vpsrlq	$8, %ymm14, %ymm4
+        vpsllq	$27, %ymm10, %ymm10
+        vpsllq	$36, %ymm11, %ymm11
+        vpsllq	$10, %ymm12, %ymm12
+        vpsllq	$15, %ymm13, %ymm13
+        vpsllq	$56, %ymm14, %ymm14
+        vpor	%ymm0, %ymm10, %ymm10
+        vpor	%ymm1, %ymm11, %ymm11
+        vpor	%ymm2, %ymm12, %ymm12
+        vpor	%ymm3, %ymm13, %ymm13
+        vpor	%ymm4, %ymm14, %ymm14
+        vpandn	%ymm12, %ymm11, %ymm0
+        vpandn	%ymm13, %ymm12, %ymm1
+        vpandn	%ymm14, %ymm13, %ymm2
+        vpandn	%ymm10, %ymm14, %ymm3
+        vpandn	%ymm11, %ymm10, %ymm4
+        vpxor	%ymm10, %ymm0, %ymm0
+        vpxor	%ymm11, %ymm1, %ymm1
+        vpxor	%ymm12, %ymm2, %ymm2
+        vpxor	%ymm13, %ymm3, %ymm3
+        vpxor	%ymm14, %ymm4, %ymm4
+        vmovdqu	%ymm0, 96(%rdi)
+        vmovdqu	%ymm1, 64(%rcx)
+        vmovdqu	%ymm2, (%rax)
+        vmovdqu	%ymm3, -64(%rdi)
+        vmovdqu	%ymm4, -96(%rcx)
+        # Row 4
+        vpxor	128(%rax), %ymm7, %ymm10
+        vpxor	64(%rdi), %ymm8, %ymm11
+        vpxor	32(%rcx), %ymm9, %ymm12
+        vpxor	-32(%rax), %ymm5, %ymm13
+        vpxor	-96(%rdi), %ymm6, %ymm14
+        vpsrlq	$2, %ymm10, %ymm0
+        vpsrlq	$9, %ymm11, %ymm1
+        vpsrlq	$25, %ymm12, %ymm2
+        vpsrlq	$23, %ymm13, %ymm3
+        vpsrlq	$62, %ymm14, %ymm4
+        vpsllq	$62, %ymm10, %ymm10
+        vpsllq	$55, %ymm11, %ymm11
+        vpsllq	$39, %ymm12, %ymm12
+        vpsllq	$41, %ymm13, %ymm13
+        vpsllq	$2, %ymm14, %ymm14
+        vpor	%ymm0, %ymm10, %ymm10
+        vpor	%ymm1, %ymm11, %ymm11
+        vpor	%ymm2, %ymm12, %ymm12
+        vpor	%ymm3, %ymm13, %ymm13
+        vpor	%ymm4, %ymm14, %ymm14
+        vpandn	%ymm12, %ymm11, %ymm0
+        vpandn	%ymm13, %ymm12, %ymm1
+        vpandn	%ymm14, %ymm13, %ymm2
+        vpandn	%ymm10, %ymm14, %ymm3
+        vpandn	%ymm11, %ymm10, %ymm4
+        vpxor	%ymm10, %ymm0, %ymm0
+        vpxor	%ymm11, %ymm1, %ymm1
+        vpxor	%ymm12, %ymm2, %ymm2
+        vpxor	%ymm13, %ymm3, %ymm3
+        vpxor	%ymm14, %ymm4, %ymm4
+        vmovdqu	%ymm0, 128(%rax)
+        vmovdqu	%ymm1, 64(%rdi)
+        vmovdqu	%ymm2, 32(%rcx)
+        vmovdqu	%ymm3, -32(%rax)
+        vmovdqu	%ymm4, -96(%rdi)
+        # Round 11
+        # Calc b[0..4]
+        vpxor	%ymm15, %ymm0, %ymm10
+        vpxor	-64(%rdi), %ymm3, %ymm13
+        vpxor	-32(%rdi), %ymm2, %ymm12
+        vpxor	(%rdi), %ymm1, %ymm11
+        vpxor	32(%rdi), %ymm12, %ymm12
+        vpxor	96(%rdi), %ymm10, %ymm10
+        vpxor	128(%rdi), %ymm4, %ymm14
+        vpxor	-96(%rax), %ymm13, %ymm13
+        vpxor	-64(%rax), %ymm14, %ymm14
+        vpxor	(%rax), %ymm12, %ymm12
+        vpxor	32(%rax), %ymm11, %ymm11
+        vpxor	64(%rax), %ymm10, %ymm10
+        vpxor	96(%rax), %ymm11, %ymm11
+        vpxor	-96(%rcx), %ymm14, %ymm14
+        vpxor	-64(%rcx), %ymm13, %ymm13
+        vpxor	-32(%rcx), %ymm12, %ymm12
+        vpxor	(%rcx), %ymm13, %ymm13
+        vpxor	64(%rcx), %ymm11, %ymm11
+        vpxor	96(%rcx), %ymm10, %ymm10
+        vpxor	128(%rcx), %ymm14, %ymm14
+        # Calc t[0..4]
+        vpsrlq	$63, %ymm11, %ymm0
+        vpsrlq	$63, %ymm12, %ymm1
+        vpsrlq	$63, %ymm13, %ymm2
+        vpsrlq	$63, %ymm14, %ymm3
+        vpsrlq	$63, %ymm10, %ymm4
+        vpaddq	%ymm11, %ymm11, %ymm5
+        vpaddq	%ymm12, %ymm12, %ymm6
+        vpaddq	%ymm13, %ymm13, %ymm7
+        vpaddq	%ymm14, %ymm14, %ymm8
+        vpaddq	%ymm10, %ymm10, %ymm9
+        vpor	%ymm0, %ymm5, %ymm5
+        vpor	%ymm1, %ymm6, %ymm6
+        vpor	%ymm2, %ymm7, %ymm7
+        vpor	%ymm3, %ymm8, %ymm8
+        vpor	%ymm4, %ymm9, %ymm9
+        vpxor	%ymm14, %ymm5, %ymm5
+        vpxor	%ymm10, %ymm6, %ymm6
+        vpxor	%ymm11, %ymm7, %ymm7
+        vpxor	%ymm12, %ymm8, %ymm8
+        vpxor	%ymm13, %ymm9, %ymm9
+        # Row Mix
+        # Row 0
+        vpxor	%ymm15, %ymm5, %ymm10
+        vpxor	(%rdi), %ymm6, %ymm11
+        vpxor	-32(%rdi), %ymm7, %ymm12
+        vpxor	-64(%rdi), %ymm8, %ymm13
+        vpxor	-96(%rdi), %ymm9, %ymm14
+        vpsrlq	$20, %ymm11, %ymm0
+        vpsrlq	$21, %ymm12, %ymm1
+        vpsrlq	$43, %ymm13, %ymm2
+        vpsrlq	$50, %ymm14, %ymm3
+        vpsllq	$44, %ymm11, %ymm11
+        vpsllq	$43, %ymm12, %ymm12
+        vpsllq	$21, %ymm13, %ymm13
+        vpsllq	$14, %ymm14, %ymm14
+        vpor	%ymm0, %ymm11, %ymm11
+        vpor	%ymm1, %ymm12, %ymm12
+        vpor	%ymm2, %ymm13, %ymm13
+        vpor	%ymm3, %ymm14, %ymm14
+        vpandn	%ymm12, %ymm11, %ymm15
+        vpandn	%ymm13, %ymm12, %ymm1
+        vpandn	%ymm14, %ymm13, %ymm2
+        vpandn	%ymm10, %ymm14, %ymm3
+        vpandn	%ymm11, %ymm10, %ymm4
+        vpxor	%ymm10, %ymm15, %ymm15
+        vpxor	%ymm11, %ymm1, %ymm1
+        vpxor	%ymm12, %ymm2, %ymm2
+        # XOR in constant
+        vpxor	352(%rdx), %ymm15, %ymm15
+        vpxor	%ymm13, %ymm3, %ymm3
+        vpxor	%ymm14, %ymm4, %ymm4
+        vmovdqu	%ymm1, (%rdi)
+        vmovdqu	%ymm2, -32(%rdi)
+        vmovdqu	%ymm3, -64(%rdi)
+        vmovdqu	%ymm4, -96(%rdi)
+        # Row 1
+        vpxor	(%rcx), %ymm8, %ymm10
+        vpxor	128(%rcx), %ymm9, %ymm11
+        vpxor	96(%rcx), %ymm5, %ymm12
+        vpxor	64(%rcx), %ymm6, %ymm13
+        vpxor	32(%rcx), %ymm7, %ymm14
+        vpsrlq	$36, %ymm10, %ymm0
+        vpsrlq	$44, %ymm11, %ymm1
+        vpsrlq	$61, %ymm12, %ymm2
+        vpsrlq	$19, %ymm13, %ymm3
+        vpsrlq	$3, %ymm14, %ymm4
+        vpsllq	$28, %ymm10, %ymm10
+        vpsllq	$20, %ymm11, %ymm11
+        vpsllq	$3, %ymm12, %ymm12
+        vpsllq	$45, %ymm13, %ymm13
+        vpsllq	$61, %ymm14, %ymm14
+        vpor	%ymm0, %ymm10, %ymm10
+        vpor	%ymm1, %ymm11, %ymm11
+        vpor	%ymm2, %ymm12, %ymm12
+        vpor	%ymm3, %ymm13, %ymm13
+        vpor	%ymm4, %ymm14, %ymm14
+        vpandn	%ymm12, %ymm11, %ymm0
+        vpandn	%ymm13, %ymm12, %ymm1
+        vpandn	%ymm14, %ymm13, %ymm2
+        vpandn	%ymm10, %ymm14, %ymm3
+        vpandn	%ymm11, %ymm10, %ymm4
+        vpxor	%ymm10, %ymm0, %ymm0
+        vpxor	%ymm11, %ymm1, %ymm1
+        vpxor	%ymm12, %ymm2, %ymm2
+        vpxor	%ymm13, %ymm3, %ymm3
+        vpxor	%ymm14, %ymm4, %ymm4
+        vmovdqu	%ymm0, (%rcx)
+        vmovdqu	%ymm1, 128(%rcx)
+        vmovdqu	%ymm2, 96(%rcx)
+        vmovdqu	%ymm3, 64(%rcx)
+        vmovdqu	%ymm4, 32(%rcx)
+        # Row 2
+        vpxor	96(%rax), %ymm6, %ymm10
+        vpxor	-32(%rcx), %ymm7, %ymm11
+        vpxor	-64(%rcx), %ymm8, %ymm12
+        vpxor	-96(%rcx), %ymm9, %ymm13
+        vpxor	128(%rax), %ymm5, %ymm14
+        vpsrlq	$63, %ymm10, %ymm0
+        vpsrlq	$58, %ymm11, %ymm1
+        vpsrlq	$39, %ymm12, %ymm2
+        vpsrlq	$56, %ymm13, %ymm3
+        vpsrlq	$46, %ymm14, %ymm4
+        vpaddq	%ymm10, %ymm10, %ymm10
+        vpsllq	$6, %ymm11, %ymm11
+        vpsllq	$25, %ymm12, %ymm12
+        vpsllq	$8, %ymm13, %ymm13
+        vpsllq	$18, %ymm14, %ymm14
+        vpor	%ymm0, %ymm10, %ymm10
+        vpor	%ymm1, %ymm11, %ymm11
+        vpor	%ymm2, %ymm12, %ymm12
+        vpor	%ymm3, %ymm13, %ymm13
+        vpor	%ymm4, %ymm14, %ymm14
+        vpandn	%ymm12, %ymm11, %ymm0
+        vpandn	%ymm13, %ymm12, %ymm1
+        vpandn	%ymm14, %ymm13, %ymm2
+        vpandn	%ymm10, %ymm14, %ymm3
+        vpandn	%ymm11, %ymm10, %ymm4
+        vpxor	%ymm10, %ymm0, %ymm0
+        vpxor	%ymm11, %ymm1, %ymm1
+        vpxor	%ymm12, %ymm2, %ymm2
+        vpxor	%ymm13, %ymm3, %ymm3
+        vpxor	%ymm14, %ymm4, %ymm4
+        vmovdqu	%ymm0, 96(%rax)
+        vmovdqu	%ymm1, -32(%rcx)
+        vmovdqu	%ymm2, -64(%rcx)
+        vmovdqu	%ymm3, -96(%rcx)
+        vmovdqu	%ymm4, 128(%rax)
+        # Row 3
+        vpxor	-64(%rax), %ymm9, %ymm10
+        vpxor	64(%rax), %ymm5, %ymm11
+        vpxor	32(%rax), %ymm6, %ymm12
+        vpxor	(%rax), %ymm7, %ymm13
+        vpxor	-32(%rax), %ymm8, %ymm14
+        vpsrlq	$37, %ymm10, %ymm0
+        vpsrlq	$28, %ymm11, %ymm1
+        vpsrlq	$54, %ymm12, %ymm2
+        vpsrlq	$49, %ymm13, %ymm3
+        vpsrlq	$8, %ymm14, %ymm4
+        vpsllq	$27, %ymm10, %ymm10
+        vpsllq	$36, %ymm11, %ymm11
+        vpsllq	$10, %ymm12, %ymm12
+        vpsllq	$15, %ymm13, %ymm13
+        vpsllq	$56, %ymm14, %ymm14
+        vpor	%ymm0, %ymm10, %ymm10
+        vpor	%ymm1, %ymm11, %ymm11
+        vpor	%ymm2, %ymm12, %ymm12
+        vpor	%ymm3, %ymm13, %ymm13
+        vpor	%ymm4, %ymm14, %ymm14
+        vpandn	%ymm12, %ymm11, %ymm0
+        vpandn	%ymm13, %ymm12, %ymm1
+        vpandn	%ymm14, %ymm13, %ymm2
+        vpandn	%ymm10, %ymm14, %ymm3
+        vpandn	%ymm11, %ymm10, %ymm4
+        vpxor	%ymm10, %ymm0, %ymm0
+        vpxor	%ymm11, %ymm1, %ymm1
+        vpxor	%ymm12, %ymm2, %ymm2
+        vpxor	%ymm13, %ymm3, %ymm3
+        vpxor	%ymm14, %ymm4, %ymm4
+        vmovdqu	%ymm0, -64(%rax)
+        vmovdqu	%ymm1, 64(%rax)
+        vmovdqu	%ymm2, 32(%rax)
+        vmovdqu	%ymm3, (%rax)
+        vmovdqu	%ymm4, -32(%rax)
+        # Row 4
+        vpxor	32(%rdi), %ymm7, %ymm10
+        vpxor	-96(%rax), %ymm8, %ymm11
+        vpxor	128(%rdi), %ymm9, %ymm12
+        vpxor	96(%rdi), %ymm5, %ymm13
+        vpxor	64(%rdi), %ymm6, %ymm14
+        vpsrlq	$2, %ymm10, %ymm0
+        vpsrlq	$9, %ymm11, %ymm1
+        vpsrlq	$25, %ymm12, %ymm2
+        vpsrlq	$23, %ymm13, %ymm3
+        vpsrlq	$62, %ymm14, %ymm4
+        vpsllq	$62, %ymm10, %ymm10
+        vpsllq	$55, %ymm11, %ymm11
+        vpsllq	$39, %ymm12, %ymm12
+        vpsllq	$41, %ymm13, %ymm13
+        vpsllq	$2, %ymm14, %ymm14
+        vpor	%ymm0, %ymm10, %ymm10
+        vpor	%ymm1, %ymm11, %ymm11
+        vpor	%ymm2, %ymm12, %ymm12
+        vpor	%ymm3, %ymm13, %ymm13
+        vpor	%ymm4, %ymm14, %ymm14
+        vpandn	%ymm12, %ymm11, %ymm0
+        vpandn	%ymm13, %ymm12, %ymm1
+        vpandn	%ymm14, %ymm13, %ymm2
+        vpandn	%ymm10, %ymm14, %ymm3
+        vpandn	%ymm11, %ymm10, %ymm4
+        vpxor	%ymm10, %ymm0, %ymm0
+        vpxor	%ymm11, %ymm1, %ymm1
+        vpxor	%ymm12, %ymm2, %ymm2
+        vpxor	%ymm13, %ymm3, %ymm3
+        vpxor	%ymm14, %ymm4, %ymm4
+        vmovdqu	%ymm0, 32(%rdi)
+        vmovdqu	%ymm1, -96(%rax)
+        vmovdqu	%ymm2, 128(%rdi)
+        vmovdqu	%ymm3, 96(%rdi)
+        vmovdqu	%ymm4, 64(%rdi)
+        # Round 12
+        # Calc b[0..4]
+        vpxor	%ymm15, %ymm0, %ymm10
+        vpxor	-96(%rdi), %ymm4, %ymm14
+        vpxor	-64(%rdi), %ymm3, %ymm13
+        vpxor	-32(%rdi), %ymm2, %ymm12
+        vpxor	(%rdi), %ymm1, %ymm11
+        vpxor	-64(%rax), %ymm10, %ymm10
+        vpxor	-32(%rax), %ymm14, %ymm14
+        vpxor	(%rax), %ymm13, %ymm13
+        vpxor	32(%rax), %ymm12, %ymm12
+        vpxor	64(%rax), %ymm11, %ymm11
+        vpxor	96(%rax), %ymm10, %ymm10
+        vpxor	128(%rax), %ymm14, %ymm14
+        vpxor	-96(%rcx), %ymm13, %ymm13
+        vpxor	-64(%rcx), %ymm12, %ymm12
+        vpxor	-32(%rcx), %ymm11, %ymm11
+        vpxor	(%rcx), %ymm10, %ymm10
+        vpxor	32(%rcx), %ymm14, %ymm14
+        vpxor	64(%rcx), %ymm13, %ymm13
+        vpxor	96(%rcx), %ymm12, %ymm12
+        vpxor	128(%rcx), %ymm11, %ymm11
+        # Calc t[0..4]
+        vpsrlq	$63, %ymm11, %ymm0
+        vpsrlq	$63, %ymm12, %ymm1
+        vpsrlq	$63, %ymm13, %ymm2
+        vpsrlq	$63, %ymm14, %ymm3
+        vpsrlq	$63, %ymm10, %ymm4
+        vpaddq	%ymm11, %ymm11, %ymm5
+        vpaddq	%ymm12, %ymm12, %ymm6
+        vpaddq	%ymm13, %ymm13, %ymm7
+        vpaddq	%ymm14, %ymm14, %ymm8
+        vpaddq	%ymm10, %ymm10, %ymm9
+        vpor	%ymm0, %ymm5, %ymm5
+        vpor	%ymm1, %ymm6, %ymm6
+        vpor	%ymm2, %ymm7, %ymm7
+        vpor	%ymm3, %ymm8, %ymm8
+        vpor	%ymm4, %ymm9, %ymm9
+        vpxor	%ymm14, %ymm5, %ymm5
+        vpxor	%ymm10, %ymm6, %ymm6
+        vpxor	%ymm11, %ymm7, %ymm7
+        vpxor	%ymm12, %ymm8, %ymm8
+        vpxor	%ymm13, %ymm9, %ymm9
+        # Row Mix
+        # Row 0
+        vpxor	%ymm15, %ymm5, %ymm10
+        vpxor	128(%rcx), %ymm6, %ymm11
+        vpxor	-64(%rcx), %ymm7, %ymm12
+        vpxor	(%rax), %ymm8, %ymm13
+        vpxor	64(%rdi), %ymm9, %ymm14
+        vpsrlq	$20, %ymm11, %ymm0
+        vpsrlq	$21, %ymm12, %ymm1
+        vpsrlq	$43, %ymm13, %ymm2
+        vpsrlq	$50, %ymm14, %ymm3
+        vpsllq	$44, %ymm11, %ymm11
+        vpsllq	$43, %ymm12, %ymm12
+        vpsllq	$21, %ymm13, %ymm13
+        vpsllq	$14, %ymm14, %ymm14
+        vpor	%ymm0, %ymm11, %ymm11
+        vpor	%ymm1, %ymm12, %ymm12
+        vpor	%ymm2, %ymm13, %ymm13
+        vpor	%ymm3, %ymm14, %ymm14
+        vpandn	%ymm12, %ymm11, %ymm15
+        vpandn	%ymm13, %ymm12, %ymm1
+        vpandn	%ymm14, %ymm13, %ymm2
+        vpandn	%ymm10, %ymm14, %ymm3
+        vpandn	%ymm11, %ymm10, %ymm4
+        vpxor	%ymm10, %ymm15, %ymm15
+        vpxor	%ymm11, %ymm1, %ymm1
+        vpxor	%ymm12, %ymm2, %ymm2
+        # XOR in constant
+        vpxor	384(%rdx), %ymm15, %ymm15
+        vpxor	%ymm13, %ymm3, %ymm3
+        vpxor	%ymm14, %ymm4, %ymm4
+        vmovdqu	%ymm1, 128(%rcx)
+        vmovdqu	%ymm2, -64(%rcx)
+        vmovdqu	%ymm3, (%rax)
+        vmovdqu	%ymm4, 64(%rdi)
+        # Row 1
+        vpxor	-64(%rdi), %ymm8, %ymm10
+        vpxor	32(%rcx), %ymm9, %ymm11
+        vpxor	96(%rax), %ymm5, %ymm12
+        vpxor	64(%rax), %ymm6, %ymm13
+        vpxor	128(%rdi), %ymm7, %ymm14
+        vpsrlq	$36, %ymm10, %ymm0
+        vpsrlq	$44, %ymm11, %ymm1
+        vpsrlq	$61, %ymm12, %ymm2
+        vpsrlq	$19, %ymm13, %ymm3
+        vpsrlq	$3, %ymm14, %ymm4
+        vpsllq	$28, %ymm10, %ymm10
+        vpsllq	$20, %ymm11, %ymm11
+        vpsllq	$3, %ymm12, %ymm12
+        vpsllq	$45, %ymm13, %ymm13
+        vpsllq	$61, %ymm14, %ymm14
+        vpor	%ymm0, %ymm10, %ymm10
+        vpor	%ymm1, %ymm11, %ymm11
+        vpor	%ymm2, %ymm12, %ymm12
+        vpor	%ymm3, %ymm13, %ymm13
+        vpor	%ymm4, %ymm14, %ymm14
+        vpandn	%ymm12, %ymm11, %ymm0
+        vpandn	%ymm13, %ymm12, %ymm1
+        vpandn	%ymm14, %ymm13, %ymm2
+        vpandn	%ymm10, %ymm14, %ymm3
+        vpandn	%ymm11, %ymm10, %ymm4
+        vpxor	%ymm10, %ymm0, %ymm0
+        vpxor	%ymm11, %ymm1, %ymm1
+        vpxor	%ymm12, %ymm2, %ymm2
+        vpxor	%ymm13, %ymm3, %ymm3
+        vpxor	%ymm14, %ymm4, %ymm4
+        vmovdqu	%ymm0, -64(%rdi)
+        vmovdqu	%ymm1, 32(%rcx)
+        vmovdqu	%ymm2, 96(%rax)
+        vmovdqu	%ymm3, 64(%rax)
+        vmovdqu	%ymm4, 128(%rdi)
+        # Row 2
+        vpxor	(%rdi), %ymm6, %ymm10
+        vpxor	96(%rcx), %ymm7, %ymm11
+        vpxor	-96(%rcx), %ymm8, %ymm12
+        vpxor	-32(%rax), %ymm9, %ymm13
+        vpxor	32(%rdi), %ymm5, %ymm14
+        vpsrlq	$63, %ymm10, %ymm0
+        vpsrlq	$58, %ymm11, %ymm1
+        vpsrlq	$39, %ymm12, %ymm2
+        vpsrlq	$56, %ymm13, %ymm3
+        vpsrlq	$46, %ymm14, %ymm4
+        vpaddq	%ymm10, %ymm10, %ymm10
+        vpsllq	$6, %ymm11, %ymm11
+        vpsllq	$25, %ymm12, %ymm12
+        vpsllq	$8, %ymm13, %ymm13
+        vpsllq	$18, %ymm14, %ymm14
+        vpor	%ymm0, %ymm10, %ymm10
+        vpor	%ymm1, %ymm11, %ymm11
+        vpor	%ymm2, %ymm12, %ymm12
+        vpor	%ymm3, %ymm13, %ymm13
+        vpor	%ymm4, %ymm14, %ymm14
+        vpandn	%ymm12, %ymm11, %ymm0
+        vpandn	%ymm13, %ymm12, %ymm1
+        vpandn	%ymm14, %ymm13, %ymm2
+        vpandn	%ymm10, %ymm14, %ymm3
+        vpandn	%ymm11, %ymm10, %ymm4
+        vpxor	%ymm10, %ymm0, %ymm0
+        vpxor	%ymm11, %ymm1, %ymm1
+        vpxor	%ymm12, %ymm2, %ymm2
+        vpxor	%ymm13, %ymm3, %ymm3
+        vpxor	%ymm14, %ymm4, %ymm4
+        vmovdqu	%ymm0, (%rdi)
+        vmovdqu	%ymm1, 96(%rcx)
+        vmovdqu	%ymm2, -96(%rcx)
+        vmovdqu	%ymm3, -32(%rax)
+        vmovdqu	%ymm4, 32(%rdi)
+        # Row 3
+        vpxor	-96(%rdi), %ymm9, %ymm10
+        vpxor	(%rcx), %ymm5, %ymm11
+        vpxor	-32(%rcx), %ymm6, %ymm12
+        vpxor	32(%rax), %ymm7, %ymm13
+        vpxor	96(%rdi), %ymm8, %ymm14
+        vpsrlq	$37, %ymm10, %ymm0
+        vpsrlq	$28, %ymm11, %ymm1
+        vpsrlq	$54, %ymm12, %ymm2
+        vpsrlq	$49, %ymm13, %ymm3
+        vpsrlq	$8, %ymm14, %ymm4
+        vpsllq	$27, %ymm10, %ymm10
+        vpsllq	$36, %ymm11, %ymm11
+        vpsllq	$10, %ymm12, %ymm12
+        vpsllq	$15, %ymm13, %ymm13
+        vpsllq	$56, %ymm14, %ymm14
+        vpor	%ymm0, %ymm10, %ymm10
+        vpor	%ymm1, %ymm11, %ymm11
+        vpor	%ymm2, %ymm12, %ymm12
+        vpor	%ymm3, %ymm13, %ymm13
+        vpor	%ymm4, %ymm14, %ymm14
+        vpandn	%ymm12, %ymm11, %ymm0
+        vpandn	%ymm13, %ymm12, %ymm1
+        vpandn	%ymm14, %ymm13, %ymm2
+        vpandn	%ymm10, %ymm14, %ymm3
+        vpandn	%ymm11, %ymm10, %ymm4
+        vpxor	%ymm10, %ymm0, %ymm0
+        vpxor	%ymm11, %ymm1, %ymm1
+        vpxor	%ymm12, %ymm2, %ymm2
+        vpxor	%ymm13, %ymm3, %ymm3
+        vpxor	%ymm14, %ymm4, %ymm4
+        vmovdqu	%ymm0, -96(%rdi)
+        vmovdqu	%ymm1, (%rcx)
+        vmovdqu	%ymm2, -32(%rcx)
+        vmovdqu	%ymm3, 32(%rax)
+        vmovdqu	%ymm4, 96(%rdi)
+        # Row 4
+        vpxor	-32(%rdi), %ymm7, %ymm10
+        vpxor	64(%rcx), %ymm8, %ymm11
+        vpxor	128(%rax), %ymm9, %ymm12
+        vpxor	-64(%rax), %ymm5, %ymm13
+        vpxor	-96(%rax), %ymm6, %ymm14
+        vpsrlq	$2, %ymm10, %ymm0
+        vpsrlq	$9, %ymm11, %ymm1
+        vpsrlq	$25, %ymm12, %ymm2
+        vpsrlq	$23, %ymm13, %ymm3
+        vpsrlq	$62, %ymm14, %ymm4
+        vpsllq	$62, %ymm10, %ymm10
+        vpsllq	$55, %ymm11, %ymm11
+        vpsllq	$39, %ymm12, %ymm12
+        vpsllq	$41, %ymm13, %ymm13
+        vpsllq	$2, %ymm14, %ymm14
+        vpor	%ymm0, %ymm10, %ymm10
+        vpor	%ymm1, %ymm11, %ymm11
+        vpor	%ymm2, %ymm12, %ymm12
+        vpor	%ymm3, %ymm13, %ymm13
+        vpor	%ymm4, %ymm14, %ymm14
+        vpandn	%ymm12, %ymm11, %ymm0
+        vpandn	%ymm13, %ymm12, %ymm1
+        vpandn	%ymm14, %ymm13, %ymm2
+        vpandn	%ymm10, %ymm14, %ymm3
+        vpandn	%ymm11, %ymm10, %ymm4
+        vpxor	%ymm10, %ymm0, %ymm0
+        vpxor	%ymm11, %ymm1, %ymm1
+        vpxor	%ymm12, %ymm2, %ymm2
+        vpxor	%ymm13, %ymm3, %ymm3
+        vpxor	%ymm14, %ymm4, %ymm4
+        vmovdqu	%ymm0, -32(%rdi)
+        vmovdqu	%ymm1, 64(%rcx)
+        vmovdqu	%ymm2, 128(%rax)
+        vmovdqu	%ymm3, -64(%rax)
+        vmovdqu	%ymm4, -96(%rax)
+        # Round 13
+        # Calc b[0..4]
+        vpxor	%ymm15, %ymm0, %ymm10
+        vpxor	-96(%rdi), %ymm10, %ymm10
+        vpxor	-64(%rdi), %ymm10, %ymm10
+        vpxor	(%rdi), %ymm10, %ymm10
+        vpxor	32(%rdi), %ymm4, %ymm14
+        vpxor	64(%rdi), %ymm14, %ymm14
+        vpxor	96(%rdi), %ymm14, %ymm14
+        vpxor	128(%rdi), %ymm14, %ymm14
+        vpxor	-32(%rax), %ymm3, %ymm13
+        vpxor	(%rax), %ymm13, %ymm13
+        vpxor	32(%rax), %ymm13, %ymm13
+        vpxor	64(%rax), %ymm13, %ymm13
+        vpxor	96(%rax), %ymm2, %ymm12
+        vpxor	-96(%rcx), %ymm12, %ymm12
+        vpxor	-64(%rcx), %ymm12, %ymm12
+        vpxor	-32(%rcx), %ymm12, %ymm12
+        vpxor	(%rcx), %ymm1, %ymm11
+        vpxor	32(%rcx), %ymm11, %ymm11
+        vpxor	96(%rcx), %ymm11, %ymm11
+        vpxor	128(%rcx), %ymm11, %ymm11
+        # Calc t[0..4]
+        vpsrlq	$63, %ymm11, %ymm0
+        vpsrlq	$63, %ymm12, %ymm1
+        vpsrlq	$63, %ymm13, %ymm2
+        vpsrlq	$63, %ymm14, %ymm3
+        vpsrlq	$63, %ymm10, %ymm4
+        vpaddq	%ymm11, %ymm11, %ymm5
+        vpaddq	%ymm12, %ymm12, %ymm6
+        vpaddq	%ymm13, %ymm13, %ymm7
+        vpaddq	%ymm14, %ymm14, %ymm8
+        vpaddq	%ymm10, %ymm10, %ymm9
+        vpor	%ymm0, %ymm5, %ymm5
+        vpor	%ymm1, %ymm6, %ymm6
+        vpor	%ymm2, %ymm7, %ymm7
+        vpor	%ymm3, %ymm8, %ymm8
+        vpor	%ymm4, %ymm9, %ymm9
+        vpxor	%ymm14, %ymm5, %ymm5
+        vpxor	%ymm10, %ymm6, %ymm6
+        vpxor	%ymm11, %ymm7, %ymm7
+        vpxor	%ymm12, %ymm8, %ymm8
+        vpxor	%ymm13, %ymm9, %ymm9
+        # Row Mix
+        # Row 0
+        vpxor	%ymm15, %ymm5, %ymm10
+        vpxor	32(%rcx), %ymm6, %ymm11
+        vpxor	-96(%rcx), %ymm7, %ymm12
+        vpxor	32(%rax), %ymm8, %ymm13
+        vpxor	-96(%rax), %ymm9, %ymm14
+        vpsrlq	$20, %ymm11, %ymm0
+        vpsrlq	$21, %ymm12, %ymm1
+        vpsrlq	$43, %ymm13, %ymm2
+        vpsrlq	$50, %ymm14, %ymm3
+        vpsllq	$44, %ymm11, %ymm11
+        vpsllq	$43, %ymm12, %ymm12
+        vpsllq	$21, %ymm13, %ymm13
+        vpsllq	$14, %ymm14, %ymm14
+        vpor	%ymm0, %ymm11, %ymm11
+        vpor	%ymm1, %ymm12, %ymm12
+        vpor	%ymm2, %ymm13, %ymm13
+        vpor	%ymm3, %ymm14, %ymm14
+        vpandn	%ymm12, %ymm11, %ymm15
+        vpandn	%ymm13, %ymm12, %ymm1
+        vpandn	%ymm14, %ymm13, %ymm2
+        vpandn	%ymm10, %ymm14, %ymm3
+        vpandn	%ymm11, %ymm10, %ymm4
+        vpxor	%ymm10, %ymm15, %ymm15
+        vpxor	%ymm11, %ymm1, %ymm1
+        vpxor	%ymm12, %ymm2, %ymm2
+        # XOR in constant
+        vpxor	416(%rdx), %ymm15, %ymm15
+        vpxor	%ymm13, %ymm3, %ymm3
+        vpxor	%ymm14, %ymm4, %ymm4
+        vmovdqu	%ymm1, 32(%rcx)
+        vmovdqu	%ymm2, -96(%rcx)
+        vmovdqu	%ymm3, 32(%rax)
+        vmovdqu	%ymm4, -96(%rax)
+        # Row 1
+        vpxor	(%rax), %ymm8, %ymm10
+        vpxor	128(%rdi), %ymm9, %ymm11
+        vpxor	(%rdi), %ymm5, %ymm12
+        vpxor	(%rcx), %ymm6, %ymm13
+        vpxor	128(%rax), %ymm7, %ymm14
+        vpsrlq	$36, %ymm10, %ymm0
+        vpsrlq	$44, %ymm11, %ymm1
+        vpsrlq	$61, %ymm12, %ymm2
+        vpsrlq	$19, %ymm13, %ymm3
+        vpsrlq	$3, %ymm14, %ymm4
+        vpsllq	$28, %ymm10, %ymm10
+        vpsllq	$20, %ymm11, %ymm11
+        vpsllq	$3, %ymm12, %ymm12
+        vpsllq	$45, %ymm13, %ymm13
+        vpsllq	$61, %ymm14, %ymm14
+        vpor	%ymm0, %ymm10, %ymm10
+        vpor	%ymm1, %ymm11, %ymm11
+        vpor	%ymm2, %ymm12, %ymm12
+        vpor	%ymm3, %ymm13, %ymm13
+        vpor	%ymm4, %ymm14, %ymm14
+        vpandn	%ymm12, %ymm11, %ymm0
+        vpandn	%ymm13, %ymm12, %ymm1
+        vpandn	%ymm14, %ymm13, %ymm2
+        vpandn	%ymm10, %ymm14, %ymm3
+        vpandn	%ymm11, %ymm10, %ymm4
+        vpxor	%ymm10, %ymm0, %ymm0
+        vpxor	%ymm11, %ymm1, %ymm1
+        vpxor	%ymm12, %ymm2, %ymm2
+        vpxor	%ymm13, %ymm3, %ymm3
+        vpxor	%ymm14, %ymm4, %ymm4
+        vmovdqu	%ymm0, (%rax)
+        vmovdqu	%ymm1, 128(%rdi)
+        vmovdqu	%ymm2, (%rdi)
+        vmovdqu	%ymm3, (%rcx)
+        vmovdqu	%ymm4, 128(%rax)
+        # Row 2
+        vpxor	128(%rcx), %ymm6, %ymm10
+        vpxor	96(%rax), %ymm7, %ymm11
+        vpxor	-32(%rax), %ymm8, %ymm12
+        vpxor	96(%rdi), %ymm9, %ymm13
+        vpxor	-32(%rdi), %ymm5, %ymm14
+        vpsrlq	$63, %ymm10, %ymm0
+        vpsrlq	$58, %ymm11, %ymm1
+        vpsrlq	$39, %ymm12, %ymm2
+        vpsrlq	$56, %ymm13, %ymm3
+        vpsrlq	$46, %ymm14, %ymm4
+        vpaddq	%ymm10, %ymm10, %ymm10
+        vpsllq	$6, %ymm11, %ymm11
+        vpsllq	$25, %ymm12, %ymm12
+        vpsllq	$8, %ymm13, %ymm13
+        vpsllq	$18, %ymm14, %ymm14
+        vpor	%ymm0, %ymm10, %ymm10
+        vpor	%ymm1, %ymm11, %ymm11
+        vpor	%ymm2, %ymm12, %ymm12
+        vpor	%ymm3, %ymm13, %ymm13
+        vpor	%ymm4, %ymm14, %ymm14
+        vpandn	%ymm12, %ymm11, %ymm0
+        vpandn	%ymm13, %ymm12, %ymm1
+        vpandn	%ymm14, %ymm13, %ymm2
+        vpandn	%ymm10, %ymm14, %ymm3
+        vpandn	%ymm11, %ymm10, %ymm4
+        vpxor	%ymm10, %ymm0, %ymm0
+        vpxor	%ymm11, %ymm1, %ymm1
+        vpxor	%ymm12, %ymm2, %ymm2
+        vpxor	%ymm13, %ymm3, %ymm3
+        vpxor	%ymm14, %ymm4, %ymm4
+        vmovdqu	%ymm0, 128(%rcx)
+        vmovdqu	%ymm1, 96(%rax)
+        vmovdqu	%ymm2, -32(%rax)
+        vmovdqu	%ymm3, 96(%rdi)
+        vmovdqu	%ymm4, -32(%rdi)
+        # Row 3
+        vpxor	64(%rdi), %ymm9, %ymm10
+        vpxor	-64(%rdi), %ymm5, %ymm11
+        vpxor	96(%rcx), %ymm6, %ymm12
+        vpxor	-32(%rcx), %ymm7, %ymm13
+        vpxor	-64(%rax), %ymm8, %ymm14
+        vpsrlq	$37, %ymm10, %ymm0
+        vpsrlq	$28, %ymm11, %ymm1
+        vpsrlq	$54, %ymm12, %ymm2
+        vpsrlq	$49, %ymm13, %ymm3
+        vpsrlq	$8, %ymm14, %ymm4
+        vpsllq	$27, %ymm10, %ymm10
+        vpsllq	$36, %ymm11, %ymm11
+        vpsllq	$10, %ymm12, %ymm12
+        vpsllq	$15, %ymm13, %ymm13
+        vpsllq	$56, %ymm14, %ymm14
+        vpor	%ymm0, %ymm10, %ymm10
+        vpor	%ymm1, %ymm11, %ymm11
+        vpor	%ymm2, %ymm12, %ymm12
+        vpor	%ymm3, %ymm13, %ymm13
+        vpor	%ymm4, %ymm14, %ymm14
+        vpandn	%ymm12, %ymm11, %ymm0
+        vpandn	%ymm13, %ymm12, %ymm1
+        vpandn	%ymm14, %ymm13, %ymm2
+        vpandn	%ymm10, %ymm14, %ymm3
+        vpandn	%ymm11, %ymm10, %ymm4
+        vpxor	%ymm10, %ymm0, %ymm0
+        vpxor	%ymm11, %ymm1, %ymm1
+        vpxor	%ymm12, %ymm2, %ymm2
+        vpxor	%ymm13, %ymm3, %ymm3
+        vpxor	%ymm14, %ymm4, %ymm4
+        vmovdqu	%ymm0, 64(%rdi)
+        vmovdqu	%ymm1, -64(%rdi)
+        vmovdqu	%ymm2, 96(%rcx)
+        vmovdqu	%ymm3, -32(%rcx)
+        vmovdqu	%ymm4, -64(%rax)
+        # Row 4
+        vpxor	-64(%rcx), %ymm7, %ymm10
+        vpxor	64(%rax), %ymm8, %ymm11
+        vpxor	32(%rdi), %ymm9, %ymm12
+        vpxor	-96(%rdi), %ymm5, %ymm13
+        vpxor	64(%rcx), %ymm6, %ymm14
+        vpsrlq	$2, %ymm10, %ymm0
+        vpsrlq	$9, %ymm11, %ymm1
+        vpsrlq	$25, %ymm12, %ymm2
+        vpsrlq	$23, %ymm13, %ymm3
+        vpsrlq	$62, %ymm14, %ymm4
+        vpsllq	$62, %ymm10, %ymm10
+        vpsllq	$55, %ymm11, %ymm11
+        vpsllq	$39, %ymm12, %ymm12
+        vpsllq	$41, %ymm13, %ymm13
+        vpsllq	$2, %ymm14, %ymm14
+        vpor	%ymm0, %ymm10, %ymm10
+        vpor	%ymm1, %ymm11, %ymm11
+        vpor	%ymm2, %ymm12, %ymm12
+        vpor	%ymm3, %ymm13, %ymm13
+        vpor	%ymm4, %ymm14, %ymm14
+        vpandn	%ymm12, %ymm11, %ymm0
+        vpandn	%ymm13, %ymm12, %ymm1
+        vpandn	%ymm14, %ymm13, %ymm2
+        vpandn	%ymm10, %ymm14, %ymm3
+        vpandn	%ymm11, %ymm10, %ymm4
+        vpxor	%ymm10, %ymm0, %ymm0
+        vpxor	%ymm11, %ymm1, %ymm1
+        vpxor	%ymm12, %ymm2, %ymm2
+        vpxor	%ymm13, %ymm3, %ymm3
+        vpxor	%ymm14, %ymm4, %ymm4
+        vmovdqu	%ymm0, -64(%rcx)
+        vmovdqu	%ymm1, 64(%rax)
+        vmovdqu	%ymm2, 32(%rdi)
+        vmovdqu	%ymm3, -96(%rdi)
+        vmovdqu	%ymm4, 64(%rcx)
+        # Round 14
+        # Calc b[0..4]
+        vpxor	%ymm15, %ymm0, %ymm10
+        vpxor	-64(%rdi), %ymm1, %ymm11
+        vpxor	-32(%rdi), %ymm4, %ymm14
+        vpxor	(%rdi), %ymm2, %ymm12
+        vpxor	64(%rdi), %ymm10, %ymm10
+        vpxor	96(%rdi), %ymm3, %ymm13
+        vpxor	128(%rdi), %ymm11, %ymm11
+        vpxor	-96(%rax), %ymm14, %ymm14
+        vpxor	-64(%rax), %ymm14, %ymm14
+        vpxor	-32(%rax), %ymm12, %ymm12
+        vpxor	(%rax), %ymm10, %ymm10
+        vpxor	32(%rax), %ymm13, %ymm13
+        vpxor	96(%rax), %ymm11, %ymm11
+        vpxor	128(%rax), %ymm14, %ymm14
+        vpxor	-96(%rcx), %ymm12, %ymm12
+        vpxor	-32(%rcx), %ymm13, %ymm13
+        vpxor	(%rcx), %ymm13, %ymm13
+        vpxor	32(%rcx), %ymm11, %ymm11
+        vpxor	96(%rcx), %ymm12, %ymm12
+        vpxor	128(%rcx), %ymm10, %ymm10
+        # Calc t[0..4]
+        vpsrlq	$63, %ymm11, %ymm0
+        vpsrlq	$63, %ymm12, %ymm1
+        vpsrlq	$63, %ymm13, %ymm2
+        vpsrlq	$63, %ymm14, %ymm3
+        vpsrlq	$63, %ymm10, %ymm4
+        vpaddq	%ymm11, %ymm11, %ymm5
+        vpaddq	%ymm12, %ymm12, %ymm6
+        vpaddq	%ymm13, %ymm13, %ymm7
+        vpaddq	%ymm14, %ymm14, %ymm8
+        vpaddq	%ymm10, %ymm10, %ymm9
+        vpor	%ymm0, %ymm5, %ymm5
+        vpor	%ymm1, %ymm6, %ymm6
+        vpor	%ymm2, %ymm7, %ymm7
+        vpor	%ymm3, %ymm8, %ymm8
+        vpor	%ymm4, %ymm9, %ymm9
+        vpxor	%ymm14, %ymm5, %ymm5
+        vpxor	%ymm10, %ymm6, %ymm6
+        vpxor	%ymm11, %ymm7, %ymm7
+        vpxor	%ymm12, %ymm8, %ymm8
+        vpxor	%ymm13, %ymm9, %ymm9
+        # Row Mix
+        # Row 0
+        vpxor	%ymm15, %ymm5, %ymm10
+        vpxor	128(%rdi), %ymm6, %ymm11
+        vpxor	-32(%rax), %ymm7, %ymm12
+        vpxor	-32(%rcx), %ymm8, %ymm13
+        vpxor	64(%rcx), %ymm9, %ymm14
+        vpsrlq	$20, %ymm11, %ymm0
+        vpsrlq	$21, %ymm12, %ymm1
+        vpsrlq	$43, %ymm13, %ymm2
+        vpsrlq	$50, %ymm14, %ymm3
+        vpsllq	$44, %ymm11, %ymm11
+        vpsllq	$43, %ymm12, %ymm12
+        vpsllq	$21, %ymm13, %ymm13
+        vpsllq	$14, %ymm14, %ymm14
+        vpor	%ymm0, %ymm11, %ymm11
+        vpor	%ymm1, %ymm12, %ymm12
+        vpor	%ymm2, %ymm13, %ymm13
+        vpor	%ymm3, %ymm14, %ymm14
+        vpandn	%ymm12, %ymm11, %ymm15
+        vpandn	%ymm13, %ymm12, %ymm1
+        vpandn	%ymm14, %ymm13, %ymm2
+        vpandn	%ymm10, %ymm14, %ymm3
+        vpandn	%ymm11, %ymm10, %ymm4
+        vpxor	%ymm10, %ymm15, %ymm15
+        vpxor	%ymm11, %ymm1, %ymm1
+        vpxor	%ymm12, %ymm2, %ymm2
+        # XOR in constant
+        vpxor	448(%rdx), %ymm15, %ymm15
+        vpxor	%ymm13, %ymm3, %ymm3
+        vpxor	%ymm14, %ymm4, %ymm4
+        vmovdqu	%ymm1, 128(%rdi)
+        vmovdqu	%ymm2, -32(%rax)
+        vmovdqu	%ymm3, -32(%rcx)
+        vmovdqu	%ymm4, 64(%rcx)
+        # Row 1
+        vpxor	32(%rax), %ymm8, %ymm10
+        vpxor	128(%rax), %ymm9, %ymm11
+        vpxor	128(%rcx), %ymm5, %ymm12
+        vpxor	-64(%rdi), %ymm6, %ymm13
+        vpxor	32(%rdi), %ymm7, %ymm14
+        vpsrlq	$36, %ymm10, %ymm0
+        vpsrlq	$44, %ymm11, %ymm1
+        vpsrlq	$61, %ymm12, %ymm2
+        vpsrlq	$19, %ymm13, %ymm3
+        vpsrlq	$3, %ymm14, %ymm4
+        vpsllq	$28, %ymm10, %ymm10
+        vpsllq	$20, %ymm11, %ymm11
+        vpsllq	$3, %ymm12, %ymm12
+        vpsllq	$45, %ymm13, %ymm13
+        vpsllq	$61, %ymm14, %ymm14
+        vpor	%ymm0, %ymm10, %ymm10
+        vpor	%ymm1, %ymm11, %ymm11
+        vpor	%ymm2, %ymm12, %ymm12
+        vpor	%ymm3, %ymm13, %ymm13
+        vpor	%ymm4, %ymm14, %ymm14
+        vpandn	%ymm12, %ymm11, %ymm0
+        vpandn	%ymm13, %ymm12, %ymm1
+        vpandn	%ymm14, %ymm13, %ymm2
+        vpandn	%ymm10, %ymm14, %ymm3
+        vpandn	%ymm11, %ymm10, %ymm4
+        vpxor	%ymm10, %ymm0, %ymm0
+        vpxor	%ymm11, %ymm1, %ymm1
+        vpxor	%ymm12, %ymm2, %ymm2
+        vpxor	%ymm13, %ymm3, %ymm3
+        vpxor	%ymm14, %ymm4, %ymm4
+        vmovdqu	%ymm0, 32(%rax)
+        vmovdqu	%ymm1, 128(%rax)
+        vmovdqu	%ymm2, 128(%rcx)
+        vmovdqu	%ymm3, -64(%rdi)
+        vmovdqu	%ymm4, 32(%rdi)
+        # Row 2
+        vpxor	32(%rcx), %ymm6, %ymm10
+        vpxor	(%rdi), %ymm7, %ymm11
+        vpxor	96(%rdi), %ymm8, %ymm12
+        vpxor	-64(%rax), %ymm9, %ymm13
+        vpxor	-64(%rcx), %ymm5, %ymm14
+        vpsrlq	$63, %ymm10, %ymm0
+        vpsrlq	$58, %ymm11, %ymm1
+        vpsrlq	$39, %ymm12, %ymm2
+        vpsrlq	$56, %ymm13, %ymm3
+        vpsrlq	$46, %ymm14, %ymm4
+        vpaddq	%ymm10, %ymm10, %ymm10
+        vpsllq	$6, %ymm11, %ymm11
+        vpsllq	$25, %ymm12, %ymm12
+        vpsllq	$8, %ymm13, %ymm13
+        vpsllq	$18, %ymm14, %ymm14
+        vpor	%ymm0, %ymm10, %ymm10
+        vpor	%ymm1, %ymm11, %ymm11
+        vpor	%ymm2, %ymm12, %ymm12
+        vpor	%ymm3, %ymm13, %ymm13
+        vpor	%ymm4, %ymm14, %ymm14
+        vpandn	%ymm12, %ymm11, %ymm0
+        vpandn	%ymm13, %ymm12, %ymm1
+        vpandn	%ymm14, %ymm13, %ymm2
+        vpandn	%ymm10, %ymm14, %ymm3
+        vpandn	%ymm11, %ymm10, %ymm4
+        vpxor	%ymm10, %ymm0, %ymm0
+        vpxor	%ymm11, %ymm1, %ymm1
+        vpxor	%ymm12, %ymm2, %ymm2
+        vpxor	%ymm13, %ymm3, %ymm3
+        vpxor	%ymm14, %ymm4, %ymm4
+        vmovdqu	%ymm0, 32(%rcx)
+        vmovdqu	%ymm1, (%rdi)
+        vmovdqu	%ymm2, 96(%rdi)
+        vmovdqu	%ymm3, -64(%rax)
+        vmovdqu	%ymm4, -64(%rcx)
+        # Row 3
+        vpxor	-96(%rax), %ymm9, %ymm10
+        vpxor	(%rax), %ymm5, %ymm11
+        vpxor	96(%rax), %ymm6, %ymm12
+        vpxor	96(%rcx), %ymm7, %ymm13
+        vpxor	-96(%rdi), %ymm8, %ymm14
+        vpsrlq	$37, %ymm10, %ymm0
+        vpsrlq	$28, %ymm11, %ymm1
+        vpsrlq	$54, %ymm12, %ymm2
+        vpsrlq	$49, %ymm13, %ymm3
+        vpsrlq	$8, %ymm14, %ymm4
+        vpsllq	$27, %ymm10, %ymm10
+        vpsllq	$36, %ymm11, %ymm11
+        vpsllq	$10, %ymm12, %ymm12
+        vpsllq	$15, %ymm13, %ymm13
+        vpsllq	$56, %ymm14, %ymm14
+        vpor	%ymm0, %ymm10, %ymm10
+        vpor	%ymm1, %ymm11, %ymm11
+        vpor	%ymm2, %ymm12, %ymm12
+        vpor	%ymm3, %ymm13, %ymm13
+        vpor	%ymm4, %ymm14, %ymm14
+        vpandn	%ymm12, %ymm11, %ymm0
+        vpandn	%ymm13, %ymm12, %ymm1
+        vpandn	%ymm14, %ymm13, %ymm2
+        vpandn	%ymm10, %ymm14, %ymm3
+        vpandn	%ymm11, %ymm10, %ymm4
+        vpxor	%ymm10, %ymm0, %ymm0
+        vpxor	%ymm11, %ymm1, %ymm1
+        vpxor	%ymm12, %ymm2, %ymm2
+        vpxor	%ymm13, %ymm3, %ymm3
+        vpxor	%ymm14, %ymm4, %ymm4
+        vmovdqu	%ymm0, -96(%rax)
+        vmovdqu	%ymm1, (%rax)
+        vmovdqu	%ymm2, 96(%rax)
+        vmovdqu	%ymm3, 96(%rcx)
+        vmovdqu	%ymm4, -96(%rdi)
+        # Row 4
+        vpxor	-96(%rcx), %ymm7, %ymm10
+        vpxor	(%rcx), %ymm8, %ymm11
+        vpxor	-32(%rdi), %ymm9, %ymm12
+        vpxor	64(%rdi), %ymm5, %ymm13
+        vpxor	64(%rax), %ymm6, %ymm14
+        vpsrlq	$2, %ymm10, %ymm0
+        vpsrlq	$9, %ymm11, %ymm1
+        vpsrlq	$25, %ymm12, %ymm2
+        vpsrlq	$23, %ymm13, %ymm3
+        vpsrlq	$62, %ymm14, %ymm4
+        vpsllq	$62, %ymm10, %ymm10
+        vpsllq	$55, %ymm11, %ymm11
+        vpsllq	$39, %ymm12, %ymm12
+        vpsllq	$41, %ymm13, %ymm13
+        vpsllq	$2, %ymm14, %ymm14
+        vpor	%ymm0, %ymm10, %ymm10
+        vpor	%ymm1, %ymm11, %ymm11
+        vpor	%ymm2, %ymm12, %ymm12
+        vpor	%ymm3, %ymm13, %ymm13
+        vpor	%ymm4, %ymm14, %ymm14
+        vpandn	%ymm12, %ymm11, %ymm0
+        vpandn	%ymm13, %ymm12, %ymm1
+        vpandn	%ymm14, %ymm13, %ymm2
+        vpandn	%ymm10, %ymm14, %ymm3
+        vpandn	%ymm11, %ymm10, %ymm4
+        vpxor	%ymm10, %ymm0, %ymm0
+        vpxor	%ymm11, %ymm1, %ymm1
+        vpxor	%ymm12, %ymm2, %ymm2
+        vpxor	%ymm13, %ymm3, %ymm3
+        vpxor	%ymm14, %ymm4, %ymm4
+        vmovdqu	%ymm0, -96(%rcx)
+        vmovdqu	%ymm1, (%rcx)
+        vmovdqu	%ymm2, -32(%rdi)
+        vmovdqu	%ymm3, 64(%rdi)
+        vmovdqu	%ymm4, 64(%rax)
+        # Round 15
+        # Calc b[0..4]
+        vpxor	%ymm15, %ymm0, %ymm10
+        vpxor	-96(%rdi), %ymm4, %ymm14
+        vpxor	-64(%rdi), %ymm3, %ymm13
+        vpxor	(%rdi), %ymm1, %ymm11
+        vpxor	32(%rdi), %ymm14, %ymm14
+        vpxor	96(%rdi), %ymm2, %ymm12
+        vpxor	128(%rdi), %ymm11, %ymm11
+        vpxor	-96(%rax), %ymm10, %ymm10
+        vpxor	-64(%rax), %ymm13, %ymm13
+        vpxor	-32(%rax), %ymm12, %ymm12
+        vpxor	(%rax), %ymm11, %ymm11
+        vpxor	32(%rax), %ymm10, %ymm10
+        vpxor	96(%rax), %ymm12, %ymm12
+        vpxor	128(%rax), %ymm11, %ymm11
+        vpxor	-64(%rcx), %ymm14, %ymm14
+        vpxor	-32(%rcx), %ymm13, %ymm13
+        vpxor	32(%rcx), %ymm10, %ymm10
+        vpxor	64(%rcx), %ymm14, %ymm14
+        vpxor	96(%rcx), %ymm13, %ymm13
+        vpxor	128(%rcx), %ymm12, %ymm12
+        # Calc t[0..4]
+        vpsrlq	$63, %ymm11, %ymm0
+        vpsrlq	$63, %ymm12, %ymm1
+        vpsrlq	$63, %ymm13, %ymm2
+        vpsrlq	$63, %ymm14, %ymm3
+        vpsrlq	$63, %ymm10, %ymm4
+        vpaddq	%ymm11, %ymm11, %ymm5
+        vpaddq	%ymm12, %ymm12, %ymm6
+        vpaddq	%ymm13, %ymm13, %ymm7
+        vpaddq	%ymm14, %ymm14, %ymm8
+        vpaddq	%ymm10, %ymm10, %ymm9
+        vpor	%ymm0, %ymm5, %ymm5
+        vpor	%ymm1, %ymm6, %ymm6
+        vpor	%ymm2, %ymm7, %ymm7
+        vpor	%ymm3, %ymm8, %ymm8
+        vpor	%ymm4, %ymm9, %ymm9
+        vpxor	%ymm14, %ymm5, %ymm5
+        vpxor	%ymm10, %ymm6, %ymm6
+        vpxor	%ymm11, %ymm7, %ymm7
+        vpxor	%ymm12, %ymm8, %ymm8
+        vpxor	%ymm13, %ymm9, %ymm9
+        # Row Mix
+        # Row 0
+        vpxor	%ymm15, %ymm5, %ymm10
+        vpxor	128(%rax), %ymm6, %ymm11
+        vpxor	96(%rdi), %ymm7, %ymm12
+        vpxor	96(%rcx), %ymm8, %ymm13
+        vpxor	64(%rax), %ymm9, %ymm14
+        vpsrlq	$20, %ymm11, %ymm0
+        vpsrlq	$21, %ymm12, %ymm1
+        vpsrlq	$43, %ymm13, %ymm2
+        vpsrlq	$50, %ymm14, %ymm3
+        vpsllq	$44, %ymm11, %ymm11
+        vpsllq	$43, %ymm12, %ymm12
+        vpsllq	$21, %ymm13, %ymm13
+        vpsllq	$14, %ymm14, %ymm14
+        vpor	%ymm0, %ymm11, %ymm11
+        vpor	%ymm1, %ymm12, %ymm12
+        vpor	%ymm2, %ymm13, %ymm13
+        vpor	%ymm3, %ymm14, %ymm14
+        vpandn	%ymm12, %ymm11, %ymm15
+        vpandn	%ymm13, %ymm12, %ymm1
+        vpandn	%ymm14, %ymm13, %ymm2
+        vpandn	%ymm10, %ymm14, %ymm3
+        vpandn	%ymm11, %ymm10, %ymm4
+        vpxor	%ymm10, %ymm15, %ymm15
+        vpxor	%ymm11, %ymm1, %ymm1
+        vpxor	%ymm12, %ymm2, %ymm2
+        # XOR in constant
+        vpxor	480(%rdx), %ymm15, %ymm15
+        vpxor	%ymm13, %ymm3, %ymm3
+        vpxor	%ymm14, %ymm4, %ymm4
+        vmovdqu	%ymm1, 128(%rax)
+        vmovdqu	%ymm2, 96(%rdi)
+        vmovdqu	%ymm3, 96(%rcx)
+        vmovdqu	%ymm4, 64(%rax)
+        # Row 1
+        vpxor	-32(%rcx), %ymm8, %ymm10
+        vpxor	32(%rdi), %ymm9, %ymm11
+        vpxor	32(%rcx), %ymm5, %ymm12
+        vpxor	(%rax), %ymm6, %ymm13
+        vpxor	-32(%rdi), %ymm7, %ymm14
+        vpsrlq	$36, %ymm10, %ymm0
+        vpsrlq	$44, %ymm11, %ymm1
+        vpsrlq	$61, %ymm12, %ymm2
+        vpsrlq	$19, %ymm13, %ymm3
+        vpsrlq	$3, %ymm14, %ymm4
+        vpsllq	$28, %ymm10, %ymm10
+        vpsllq	$20, %ymm11, %ymm11
+        vpsllq	$3, %ymm12, %ymm12
+        vpsllq	$45, %ymm13, %ymm13
+        vpsllq	$61, %ymm14, %ymm14
+        vpor	%ymm0, %ymm10, %ymm10
+        vpor	%ymm1, %ymm11, %ymm11
+        vpor	%ymm2, %ymm12, %ymm12
+        vpor	%ymm3, %ymm13, %ymm13
+        vpor	%ymm4, %ymm14, %ymm14
+        vpandn	%ymm12, %ymm11, %ymm0
+        vpandn	%ymm13, %ymm12, %ymm1
+        vpandn	%ymm14, %ymm13, %ymm2
+        vpandn	%ymm10, %ymm14, %ymm3
+        vpandn	%ymm11, %ymm10, %ymm4
+        vpxor	%ymm10, %ymm0, %ymm0
+        vpxor	%ymm11, %ymm1, %ymm1
+        vpxor	%ymm12, %ymm2, %ymm2
+        vpxor	%ymm13, %ymm3, %ymm3
+        vpxor	%ymm14, %ymm4, %ymm4
+        vmovdqu	%ymm0, -32(%rcx)
+        vmovdqu	%ymm1, 32(%rdi)
+        vmovdqu	%ymm2, 32(%rcx)
+        vmovdqu	%ymm3, (%rax)
+        vmovdqu	%ymm4, -32(%rdi)
+        # Row 2
+        vpxor	128(%rdi), %ymm6, %ymm10
+        vpxor	128(%rcx), %ymm7, %ymm11
+        vpxor	-64(%rax), %ymm8, %ymm12
+        vpxor	-96(%rdi), %ymm9, %ymm13
+        vpxor	-96(%rcx), %ymm5, %ymm14
+        vpsrlq	$63, %ymm10, %ymm0
+        vpsrlq	$58, %ymm11, %ymm1
+        vpsrlq	$39, %ymm12, %ymm2
+        vpsrlq	$56, %ymm13, %ymm3
+        vpsrlq	$46, %ymm14, %ymm4
+        vpaddq	%ymm10, %ymm10, %ymm10
+        vpsllq	$6, %ymm11, %ymm11
+        vpsllq	$25, %ymm12, %ymm12
+        vpsllq	$8, %ymm13, %ymm13
+        vpsllq	$18, %ymm14, %ymm14
+        vpor	%ymm0, %ymm10, %ymm10
+        vpor	%ymm1, %ymm11, %ymm11
+        vpor	%ymm2, %ymm12, %ymm12
+        vpor	%ymm3, %ymm13, %ymm13
+        vpor	%ymm4, %ymm14, %ymm14
+        vpandn	%ymm12, %ymm11, %ymm0
+        vpandn	%ymm13, %ymm12, %ymm1
+        vpandn	%ymm14, %ymm13, %ymm2
+        vpandn	%ymm10, %ymm14, %ymm3
+        vpandn	%ymm11, %ymm10, %ymm4
+        vpxor	%ymm10, %ymm0, %ymm0
+        vpxor	%ymm11, %ymm1, %ymm1
+        vpxor	%ymm12, %ymm2, %ymm2
+        vpxor	%ymm13, %ymm3, %ymm3
+        vpxor	%ymm14, %ymm4, %ymm4
+        vmovdqu	%ymm0, 128(%rdi)
+        vmovdqu	%ymm1, 128(%rcx)
+        vmovdqu	%ymm2, -64(%rax)
+        vmovdqu	%ymm3, -96(%rdi)
+        vmovdqu	%ymm4, -96(%rcx)
+        # Row 3
+        vpxor	64(%rcx), %ymm9, %ymm10
+        vpxor	32(%rax), %ymm5, %ymm11
+        vpxor	(%rdi), %ymm6, %ymm12
+        vpxor	96(%rax), %ymm7, %ymm13
+        vpxor	64(%rdi), %ymm8, %ymm14
+        vpsrlq	$37, %ymm10, %ymm0
+        vpsrlq	$28, %ymm11, %ymm1
+        vpsrlq	$54, %ymm12, %ymm2
+        vpsrlq	$49, %ymm13, %ymm3
+        vpsrlq	$8, %ymm14, %ymm4
+        vpsllq	$27, %ymm10, %ymm10
+        vpsllq	$36, %ymm11, %ymm11
+        vpsllq	$10, %ymm12, %ymm12
+        vpsllq	$15, %ymm13, %ymm13
+        vpsllq	$56, %ymm14, %ymm14
+        vpor	%ymm0, %ymm10, %ymm10
+        vpor	%ymm1, %ymm11, %ymm11
+        vpor	%ymm2, %ymm12, %ymm12
+        vpor	%ymm3, %ymm13, %ymm13
+        vpor	%ymm4, %ymm14, %ymm14
+        vpandn	%ymm12, %ymm11, %ymm0
+        vpandn	%ymm13, %ymm12, %ymm1
+        vpandn	%ymm14, %ymm13, %ymm2
+        vpandn	%ymm10, %ymm14, %ymm3
+        vpandn	%ymm11, %ymm10, %ymm4
+        vpxor	%ymm10, %ymm0, %ymm0
+        vpxor	%ymm11, %ymm1, %ymm1
+        vpxor	%ymm12, %ymm2, %ymm2
+        vpxor	%ymm13, %ymm3, %ymm3
+        vpxor	%ymm14, %ymm4, %ymm4
+        vmovdqu	%ymm0, 64(%rcx)
+        vmovdqu	%ymm1, 32(%rax)
+        vmovdqu	%ymm2, (%rdi)
+        vmovdqu	%ymm3, 96(%rax)
+        vmovdqu	%ymm4, 64(%rdi)
+        # Row 4
+        vpxor	-32(%rax), %ymm7, %ymm10
+        vpxor	-64(%rdi), %ymm8, %ymm11
+        vpxor	-64(%rcx), %ymm9, %ymm12
+        vpxor	-96(%rax), %ymm5, %ymm13
+        vpxor	(%rcx), %ymm6, %ymm14
+        vpsrlq	$2, %ymm10, %ymm0
+        vpsrlq	$9, %ymm11, %ymm1
+        vpsrlq	$25, %ymm12, %ymm2
+        vpsrlq	$23, %ymm13, %ymm3
+        vpsrlq	$62, %ymm14, %ymm4
+        vpsllq	$62, %ymm10, %ymm10
+        vpsllq	$55, %ymm11, %ymm11
+        vpsllq	$39, %ymm12, %ymm12
+        vpsllq	$41, %ymm13, %ymm13
+        vpsllq	$2, %ymm14, %ymm14
+        vpor	%ymm0, %ymm10, %ymm10
+        vpor	%ymm1, %ymm11, %ymm11
+        vpor	%ymm2, %ymm12, %ymm12
+        vpor	%ymm3, %ymm13, %ymm13
+        vpor	%ymm4, %ymm14, %ymm14
+        vpandn	%ymm12, %ymm11, %ymm0
+        vpandn	%ymm13, %ymm12, %ymm1
+        vpandn	%ymm14, %ymm13, %ymm2
+        vpandn	%ymm10, %ymm14, %ymm3
+        vpandn	%ymm11, %ymm10, %ymm4
+        vpxor	%ymm10, %ymm0, %ymm0
+        vpxor	%ymm11, %ymm1, %ymm1
+        vpxor	%ymm12, %ymm2, %ymm2
+        vpxor	%ymm13, %ymm3, %ymm3
+        vpxor	%ymm14, %ymm4, %ymm4
+        vmovdqu	%ymm0, -32(%rax)
+        vmovdqu	%ymm1, -64(%rdi)
+        vmovdqu	%ymm2, -64(%rcx)
+        vmovdqu	%ymm3, -96(%rax)
+        vmovdqu	%ymm4, (%rcx)
+        # Round 16
+        # Calc b[0..4]
+        vpxor	%ymm15, %ymm0, %ymm10
+        vpxor	-96(%rdi), %ymm3, %ymm13
+        vpxor	-32(%rdi), %ymm4, %ymm14
+        vpxor	(%rdi), %ymm2, %ymm12
+        vpxor	32(%rdi), %ymm1, %ymm11
+        vpxor	64(%rdi), %ymm14, %ymm14
+        vpxor	96(%rdi), %ymm12, %ymm12
+        vpxor	128(%rdi), %ymm10, %ymm10
+        vpxor	-64(%rax), %ymm12, %ymm12
+        vpxor	(%rax), %ymm13, %ymm13
+        vpxor	32(%rax), %ymm11, %ymm11
+        vpxor	64(%rax), %ymm14, %ymm14
+        vpxor	96(%rax), %ymm13, %ymm13
+        vpxor	128(%rax), %ymm11, %ymm11
+        vpxor	-96(%rcx), %ymm14, %ymm14
+        vpxor	-32(%rcx), %ymm10, %ymm10
+        vpxor	32(%rcx), %ymm12, %ymm12
+        vpxor	64(%rcx), %ymm10, %ymm10
+        vpxor	96(%rcx), %ymm13, %ymm13
+        vpxor	128(%rcx), %ymm11, %ymm11
+        # Calc t[0..4]
+        vpsrlq	$63, %ymm11, %ymm0
+        vpsrlq	$63, %ymm12, %ymm1
+        vpsrlq	$63, %ymm13, %ymm2
+        vpsrlq	$63, %ymm14, %ymm3
+        vpsrlq	$63, %ymm10, %ymm4
+        vpaddq	%ymm11, %ymm11, %ymm5
+        vpaddq	%ymm12, %ymm12, %ymm6
+        vpaddq	%ymm13, %ymm13, %ymm7
+        vpaddq	%ymm14, %ymm14, %ymm8
+        vpaddq	%ymm10, %ymm10, %ymm9
+        vpor	%ymm0, %ymm5, %ymm5
+        vpor	%ymm1, %ymm6, %ymm6
+        vpor	%ymm2, %ymm7, %ymm7
+        vpor	%ymm3, %ymm8, %ymm8
+        vpor	%ymm4, %ymm9, %ymm9
+        vpxor	%ymm14, %ymm5, %ymm5
+        vpxor	%ymm10, %ymm6, %ymm6
+        vpxor	%ymm11, %ymm7, %ymm7
+        vpxor	%ymm12, %ymm8, %ymm8
+        vpxor	%ymm13, %ymm9, %ymm9
+        # Row Mix
+        # Row 0
+        vpxor	%ymm15, %ymm5, %ymm10
+        vpxor	32(%rdi), %ymm6, %ymm11
+        vpxor	-64(%rax), %ymm7, %ymm12
+        vpxor	96(%rax), %ymm8, %ymm13
+        vpxor	(%rcx), %ymm9, %ymm14
+        vpsrlq	$20, %ymm11, %ymm0
+        vpsrlq	$21, %ymm12, %ymm1
+        vpsrlq	$43, %ymm13, %ymm2
+        vpsrlq	$50, %ymm14, %ymm3
+        vpsllq	$44, %ymm11, %ymm11
+        vpsllq	$43, %ymm12, %ymm12
+        vpsllq	$21, %ymm13, %ymm13
+        vpsllq	$14, %ymm14, %ymm14
+        vpor	%ymm0, %ymm11, %ymm11
+        vpor	%ymm1, %ymm12, %ymm12
+        vpor	%ymm2, %ymm13, %ymm13
+        vpor	%ymm3, %ymm14, %ymm14
+        vpandn	%ymm12, %ymm11, %ymm15
+        vpandn	%ymm13, %ymm12, %ymm1
+        vpandn	%ymm14, %ymm13, %ymm2
+        vpandn	%ymm10, %ymm14, %ymm3
+        vpandn	%ymm11, %ymm10, %ymm4
+        vpxor	%ymm10, %ymm15, %ymm15
+        vpxor	%ymm11, %ymm1, %ymm1
+        vpxor	%ymm12, %ymm2, %ymm2
+        # XOR in constant
+        vpxor	512(%rdx), %ymm15, %ymm15
+        vpxor	%ymm13, %ymm3, %ymm3
+        vpxor	%ymm14, %ymm4, %ymm4
+        vmovdqu	%ymm1, 32(%rdi)
+        vmovdqu	%ymm2, -64(%rax)
+        vmovdqu	%ymm3, 96(%rax)
+        vmovdqu	%ymm4, (%rcx)
+        # Row 1
+        vpxor	96(%rcx), %ymm8, %ymm10
+        vpxor	-32(%rdi), %ymm9, %ymm11
+        vpxor	128(%rdi), %ymm5, %ymm12
+        vpxor	32(%rax), %ymm6, %ymm13
+        vpxor	-64(%rcx), %ymm7, %ymm14
+        vpsrlq	$36, %ymm10, %ymm0
+        vpsrlq	$44, %ymm11, %ymm1
+        vpsrlq	$61, %ymm12, %ymm2
+        vpsrlq	$19, %ymm13, %ymm3
+        vpsrlq	$3, %ymm14, %ymm4
+        vpsllq	$28, %ymm10, %ymm10
+        vpsllq	$20, %ymm11, %ymm11
+        vpsllq	$3, %ymm12, %ymm12
+        vpsllq	$45, %ymm13, %ymm13
+        vpsllq	$61, %ymm14, %ymm14
+        vpor	%ymm0, %ymm10, %ymm10
+        vpor	%ymm1, %ymm11, %ymm11
+        vpor	%ymm2, %ymm12, %ymm12
+        vpor	%ymm3, %ymm13, %ymm13
+        vpor	%ymm4, %ymm14, %ymm14
+        vpandn	%ymm12, %ymm11, %ymm0
+        vpandn	%ymm13, %ymm12, %ymm1
+        vpandn	%ymm14, %ymm13, %ymm2
+        vpandn	%ymm10, %ymm14, %ymm3
+        vpandn	%ymm11, %ymm10, %ymm4
+        vpxor	%ymm10, %ymm0, %ymm0
+        vpxor	%ymm11, %ymm1, %ymm1
+        vpxor	%ymm12, %ymm2, %ymm2
+        vpxor	%ymm13, %ymm3, %ymm3
+        vpxor	%ymm14, %ymm4, %ymm4
+        vmovdqu	%ymm0, 96(%rcx)
+        vmovdqu	%ymm1, -32(%rdi)
+        vmovdqu	%ymm2, 128(%rdi)
+        vmovdqu	%ymm3, 32(%rax)
+        vmovdqu	%ymm4, -64(%rcx)
+        # Row 2
+        vpxor	128(%rax), %ymm6, %ymm10
+        vpxor	32(%rcx), %ymm7, %ymm11
+        vpxor	-96(%rdi), %ymm8, %ymm12
+        vpxor	64(%rdi), %ymm9, %ymm13
+        vpxor	-32(%rax), %ymm5, %ymm14
+        vpsrlq	$63, %ymm10, %ymm0
+        vpsrlq	$58, %ymm11, %ymm1
+        vpsrlq	$39, %ymm12, %ymm2
+        vpsrlq	$56, %ymm13, %ymm3
+        vpsrlq	$46, %ymm14, %ymm4
+        vpaddq	%ymm10, %ymm10, %ymm10
+        vpsllq	$6, %ymm11, %ymm11
+        vpsllq	$25, %ymm12, %ymm12
+        vpsllq	$8, %ymm13, %ymm13
+        vpsllq	$18, %ymm14, %ymm14
+        vpor	%ymm0, %ymm10, %ymm10
+        vpor	%ymm1, %ymm11, %ymm11
+        vpor	%ymm2, %ymm12, %ymm12
+        vpor	%ymm3, %ymm13, %ymm13
+        vpor	%ymm4, %ymm14, %ymm14
+        vpandn	%ymm12, %ymm11, %ymm0
+        vpandn	%ymm13, %ymm12, %ymm1
+        vpandn	%ymm14, %ymm13, %ymm2
+        vpandn	%ymm10, %ymm14, %ymm3
+        vpandn	%ymm11, %ymm10, %ymm4
+        vpxor	%ymm10, %ymm0, %ymm0
+        vpxor	%ymm11, %ymm1, %ymm1
+        vpxor	%ymm12, %ymm2, %ymm2
+        vpxor	%ymm13, %ymm3, %ymm3
+        vpxor	%ymm14, %ymm4, %ymm4
+        vmovdqu	%ymm0, 128(%rax)
+        vmovdqu	%ymm1, 32(%rcx)
+        vmovdqu	%ymm2, -96(%rdi)
+        vmovdqu	%ymm3, 64(%rdi)
+        vmovdqu	%ymm4, -32(%rax)
+        # Row 3
+        vpxor	64(%rax), %ymm9, %ymm10
+        vpxor	-32(%rcx), %ymm5, %ymm11
+        vpxor	128(%rcx), %ymm6, %ymm12
+        vpxor	(%rdi), %ymm7, %ymm13
+        vpxor	-96(%rax), %ymm8, %ymm14
+        vpsrlq	$37, %ymm10, %ymm0
+        vpsrlq	$28, %ymm11, %ymm1
+        vpsrlq	$54, %ymm12, %ymm2
+        vpsrlq	$49, %ymm13, %ymm3
+        vpsrlq	$8, %ymm14, %ymm4
+        vpsllq	$27, %ymm10, %ymm10
+        vpsllq	$36, %ymm11, %ymm11
+        vpsllq	$10, %ymm12, %ymm12
+        vpsllq	$15, %ymm13, %ymm13
+        vpsllq	$56, %ymm14, %ymm14
+        vpor	%ymm0, %ymm10, %ymm10
+        vpor	%ymm1, %ymm11, %ymm11
+        vpor	%ymm2, %ymm12, %ymm12
+        vpor	%ymm3, %ymm13, %ymm13
+        vpor	%ymm4, %ymm14, %ymm14
+        vpandn	%ymm12, %ymm11, %ymm0
+        vpandn	%ymm13, %ymm12, %ymm1
+        vpandn	%ymm14, %ymm13, %ymm2
+        vpandn	%ymm10, %ymm14, %ymm3
+        vpandn	%ymm11, %ymm10, %ymm4
+        vpxor	%ymm10, %ymm0, %ymm0
+        vpxor	%ymm11, %ymm1, %ymm1
+        vpxor	%ymm12, %ymm2, %ymm2
+        vpxor	%ymm13, %ymm3, %ymm3
+        vpxor	%ymm14, %ymm4, %ymm4
+        vmovdqu	%ymm0, 64(%rax)
+        vmovdqu	%ymm1, -32(%rcx)
+        vmovdqu	%ymm2, 128(%rcx)
+        vmovdqu	%ymm3, (%rdi)
+        vmovdqu	%ymm4, -96(%rax)
+        # Row 4
+        vpxor	96(%rdi), %ymm7, %ymm10
+        vpxor	(%rax), %ymm8, %ymm11
+        vpxor	-96(%rcx), %ymm9, %ymm12
+        vpxor	64(%rcx), %ymm5, %ymm13
+        vpxor	-64(%rdi), %ymm6, %ymm14
+        vpsrlq	$2, %ymm10, %ymm0
+        vpsrlq	$9, %ymm11, %ymm1
+        vpsrlq	$25, %ymm12, %ymm2
+        vpsrlq	$23, %ymm13, %ymm3
+        vpsrlq	$62, %ymm14, %ymm4
+        vpsllq	$62, %ymm10, %ymm10
+        vpsllq	$55, %ymm11, %ymm11
+        vpsllq	$39, %ymm12, %ymm12
+        vpsllq	$41, %ymm13, %ymm13
+        vpsllq	$2, %ymm14, %ymm14
+        vpor	%ymm0, %ymm10, %ymm10
+        vpor	%ymm1, %ymm11, %ymm11
+        vpor	%ymm2, %ymm12, %ymm12
+        vpor	%ymm3, %ymm13, %ymm13
+        vpor	%ymm4, %ymm14, %ymm14
+        vpandn	%ymm12, %ymm11, %ymm0
+        vpandn	%ymm13, %ymm12, %ymm1
+        vpandn	%ymm14, %ymm13, %ymm2
+        vpandn	%ymm10, %ymm14, %ymm3
+        vpandn	%ymm11, %ymm10, %ymm4
+        vpxor	%ymm10, %ymm0, %ymm0
+        vpxor	%ymm11, %ymm1, %ymm1
+        vpxor	%ymm12, %ymm2, %ymm2
+        vpxor	%ymm13, %ymm3, %ymm3
+        vpxor	%ymm14, %ymm4, %ymm4
+        vmovdqu	%ymm0, 96(%rdi)
+        vmovdqu	%ymm1, (%rax)
+        vmovdqu	%ymm2, -96(%rcx)
+        vmovdqu	%ymm3, 64(%rcx)
+        vmovdqu	%ymm4, -64(%rdi)
+        # Round 17
+        # Calc b[0..4]
+        vpxor	%ymm15, %ymm0, %ymm10
+        vpxor	-96(%rdi), %ymm2, %ymm12
+        vpxor	-32(%rdi), %ymm1, %ymm11
+        vpxor	(%rdi), %ymm3, %ymm13
+        vpxor	32(%rdi), %ymm11, %ymm11
+        vpxor	64(%rdi), %ymm13, %ymm13
+        vpxor	128(%rdi), %ymm12, %ymm12
+        vpxor	-96(%rax), %ymm4, %ymm14
+        vpxor	-64(%rax), %ymm12, %ymm12
+        vpxor	-32(%rax), %ymm14, %ymm14
+        vpxor	32(%rax), %ymm13, %ymm13
+        vpxor	64(%rax), %ymm10, %ymm10
+        vpxor	96(%rax), %ymm13, %ymm13
+        vpxor	128(%rax), %ymm10, %ymm10
+        vpxor	-64(%rcx), %ymm14, %ymm14
+        vpxor	-32(%rcx), %ymm11, %ymm11
+        vpxor	(%rcx), %ymm14, %ymm14
+        vpxor	32(%rcx), %ymm11, %ymm11
+        vpxor	96(%rcx), %ymm10, %ymm10
+        vpxor	128(%rcx), %ymm12, %ymm12
+        # Calc t[0..4]
+        vpsrlq	$63, %ymm11, %ymm0
+        vpsrlq	$63, %ymm12, %ymm1
+        vpsrlq	$63, %ymm13, %ymm2
+        vpsrlq	$63, %ymm14, %ymm3
+        vpsrlq	$63, %ymm10, %ymm4
+        vpaddq	%ymm11, %ymm11, %ymm5
+        vpaddq	%ymm12, %ymm12, %ymm6
+        vpaddq	%ymm13, %ymm13, %ymm7
+        vpaddq	%ymm14, %ymm14, %ymm8
+        vpaddq	%ymm10, %ymm10, %ymm9
+        vpor	%ymm0, %ymm5, %ymm5
+        vpor	%ymm1, %ymm6, %ymm6
+        vpor	%ymm2, %ymm7, %ymm7
+        vpor	%ymm3, %ymm8, %ymm8
+        vpor	%ymm4, %ymm9, %ymm9
+        vpxor	%ymm14, %ymm5, %ymm5
+        vpxor	%ymm10, %ymm6, %ymm6
+        vpxor	%ymm11, %ymm7, %ymm7
+        vpxor	%ymm12, %ymm8, %ymm8
+        vpxor	%ymm13, %ymm9, %ymm9
+        # Row Mix
+        # Row 0
+        vpxor	%ymm15, %ymm5, %ymm10
+        vpxor	-32(%rdi), %ymm6, %ymm11
+        vpxor	-96(%rdi), %ymm7, %ymm12
+        vpxor	(%rdi), %ymm8, %ymm13
+        vpxor	-64(%rdi), %ymm9, %ymm14
+        vpsrlq	$20, %ymm11, %ymm0
+        vpsrlq	$21, %ymm12, %ymm1
+        vpsrlq	$43, %ymm13, %ymm2
+        vpsrlq	$50, %ymm14, %ymm3
+        vpsllq	$44, %ymm11, %ymm11
+        vpsllq	$43, %ymm12, %ymm12
+        vpsllq	$21, %ymm13, %ymm13
+        vpsllq	$14, %ymm14, %ymm14
+        vpor	%ymm0, %ymm11, %ymm11
+        vpor	%ymm1, %ymm12, %ymm12
+        vpor	%ymm2, %ymm13, %ymm13
+        vpor	%ymm3, %ymm14, %ymm14
+        vpandn	%ymm12, %ymm11, %ymm15
+        vpandn	%ymm13, %ymm12, %ymm1
+        vpandn	%ymm14, %ymm13, %ymm2
+        vpandn	%ymm10, %ymm14, %ymm3
+        vpandn	%ymm11, %ymm10, %ymm4
+        vpxor	%ymm10, %ymm15, %ymm15
+        vpxor	%ymm11, %ymm1, %ymm1
+        vpxor	%ymm12, %ymm2, %ymm2
+        # XOR in constant
+        vpxor	544(%rdx), %ymm15, %ymm15
+        vpxor	%ymm13, %ymm3, %ymm3
+        vpxor	%ymm14, %ymm4, %ymm4
+        vmovdqu	%ymm1, -32(%rdi)
+        vmovdqu	%ymm2, -96(%rdi)
+        vmovdqu	%ymm3, (%rdi)
+        vmovdqu	%ymm4, -64(%rdi)
+        # Row 1
+        vpxor	96(%rax), %ymm8, %ymm10
+        vpxor	-64(%rcx), %ymm9, %ymm11
+        vpxor	128(%rax), %ymm5, %ymm12
+        vpxor	-32(%rcx), %ymm6, %ymm13
+        vpxor	-96(%rcx), %ymm7, %ymm14
+        vpsrlq	$36, %ymm10, %ymm0
+        vpsrlq	$44, %ymm11, %ymm1
+        vpsrlq	$61, %ymm12, %ymm2
+        vpsrlq	$19, %ymm13, %ymm3
+        vpsrlq	$3, %ymm14, %ymm4
+        vpsllq	$28, %ymm10, %ymm10
+        vpsllq	$20, %ymm11, %ymm11
+        vpsllq	$3, %ymm12, %ymm12
+        vpsllq	$45, %ymm13, %ymm13
+        vpsllq	$61, %ymm14, %ymm14
+        vpor	%ymm0, %ymm10, %ymm10
+        vpor	%ymm1, %ymm11, %ymm11
+        vpor	%ymm2, %ymm12, %ymm12
+        vpor	%ymm3, %ymm13, %ymm13
+        vpor	%ymm4, %ymm14, %ymm14
+        vpandn	%ymm12, %ymm11, %ymm0
+        vpandn	%ymm13, %ymm12, %ymm1
+        vpandn	%ymm14, %ymm13, %ymm2
+        vpandn	%ymm10, %ymm14, %ymm3
+        vpandn	%ymm11, %ymm10, %ymm4
+        vpxor	%ymm10, %ymm0, %ymm0
+        vpxor	%ymm11, %ymm1, %ymm1
+        vpxor	%ymm12, %ymm2, %ymm2
+        vpxor	%ymm13, %ymm3, %ymm3
+        vpxor	%ymm14, %ymm4, %ymm4
+        vmovdqu	%ymm0, 96(%rax)
+        vmovdqu	%ymm1, -64(%rcx)
+        vmovdqu	%ymm2, 128(%rax)
+        vmovdqu	%ymm3, -32(%rcx)
+        vmovdqu	%ymm4, -96(%rcx)
+        # Row 2
+        vpxor	32(%rdi), %ymm6, %ymm10
+        vpxor	128(%rdi), %ymm7, %ymm11
+        vpxor	64(%rdi), %ymm8, %ymm12
+        vpxor	-96(%rax), %ymm9, %ymm13
+        vpxor	96(%rdi), %ymm5, %ymm14
+        vpsrlq	$63, %ymm10, %ymm0
+        vpsrlq	$58, %ymm11, %ymm1
+        vpsrlq	$39, %ymm12, %ymm2
+        vpsrlq	$56, %ymm13, %ymm3
+        vpsrlq	$46, %ymm14, %ymm4
+        vpaddq	%ymm10, %ymm10, %ymm10
+        vpsllq	$6, %ymm11, %ymm11
+        vpsllq	$25, %ymm12, %ymm12
+        vpsllq	$8, %ymm13, %ymm13
+        vpsllq	$18, %ymm14, %ymm14
+        vpor	%ymm0, %ymm10, %ymm10
+        vpor	%ymm1, %ymm11, %ymm11
+        vpor	%ymm2, %ymm12, %ymm12
+        vpor	%ymm3, %ymm13, %ymm13
+        vpor	%ymm4, %ymm14, %ymm14
+        vpandn	%ymm12, %ymm11, %ymm0
+        vpandn	%ymm13, %ymm12, %ymm1
+        vpandn	%ymm14, %ymm13, %ymm2
+        vpandn	%ymm10, %ymm14, %ymm3
+        vpandn	%ymm11, %ymm10, %ymm4
+        vpxor	%ymm10, %ymm0, %ymm0
+        vpxor	%ymm11, %ymm1, %ymm1
+        vpxor	%ymm12, %ymm2, %ymm2
+        vpxor	%ymm13, %ymm3, %ymm3
+        vpxor	%ymm14, %ymm4, %ymm4
+        vmovdqu	%ymm0, 32(%rdi)
+        vmovdqu	%ymm1, 128(%rdi)
+        vmovdqu	%ymm2, 64(%rdi)
+        vmovdqu	%ymm3, -96(%rax)
+        vmovdqu	%ymm4, 96(%rdi)
+        # Row 3
+        vpxor	(%rcx), %ymm9, %ymm10
+        vpxor	96(%rcx), %ymm5, %ymm11
+        vpxor	32(%rcx), %ymm6, %ymm12
+        vpxor	128(%rcx), %ymm7, %ymm13
+        vpxor	64(%rcx), %ymm8, %ymm14
+        vpsrlq	$37, %ymm10, %ymm0
+        vpsrlq	$28, %ymm11, %ymm1
+        vpsrlq	$54, %ymm12, %ymm2
+        vpsrlq	$49, %ymm13, %ymm3
+        vpsrlq	$8, %ymm14, %ymm4
+        vpsllq	$27, %ymm10, %ymm10
+        vpsllq	$36, %ymm11, %ymm11
+        vpsllq	$10, %ymm12, %ymm12
+        vpsllq	$15, %ymm13, %ymm13
+        vpsllq	$56, %ymm14, %ymm14
+        vpor	%ymm0, %ymm10, %ymm10
+        vpor	%ymm1, %ymm11, %ymm11
+        vpor	%ymm2, %ymm12, %ymm12
+        vpor	%ymm3, %ymm13, %ymm13
+        vpor	%ymm4, %ymm14, %ymm14
+        vpandn	%ymm12, %ymm11, %ymm0
+        vpandn	%ymm13, %ymm12, %ymm1
+        vpandn	%ymm14, %ymm13, %ymm2
+        vpandn	%ymm10, %ymm14, %ymm3
+        vpandn	%ymm11, %ymm10, %ymm4
+        vpxor	%ymm10, %ymm0, %ymm0
+        vpxor	%ymm11, %ymm1, %ymm1
+        vpxor	%ymm12, %ymm2, %ymm2
+        vpxor	%ymm13, %ymm3, %ymm3
+        vpxor	%ymm14, %ymm4, %ymm4
+        vmovdqu	%ymm0, (%rcx)
+        vmovdqu	%ymm1, 96(%rcx)
+        vmovdqu	%ymm2, 32(%rcx)
+        vmovdqu	%ymm3, 128(%rcx)
+        vmovdqu	%ymm4, 64(%rcx)
+        # Row 4
+        vpxor	-64(%rax), %ymm7, %ymm10
+        vpxor	32(%rax), %ymm8, %ymm11
+        vpxor	-32(%rax), %ymm9, %ymm12
+        vpxor	64(%rax), %ymm5, %ymm13
+        vpxor	(%rax), %ymm6, %ymm14
+        vpsrlq	$2, %ymm10, %ymm0
+        vpsrlq	$9, %ymm11, %ymm1
+        vpsrlq	$25, %ymm12, %ymm2
+        vpsrlq	$23, %ymm13, %ymm3
+        vpsrlq	$62, %ymm14, %ymm4
+        vpsllq	$62, %ymm10, %ymm10
+        vpsllq	$55, %ymm11, %ymm11
+        vpsllq	$39, %ymm12, %ymm12
+        vpsllq	$41, %ymm13, %ymm13
+        vpsllq	$2, %ymm14, %ymm14
+        vpor	%ymm0, %ymm10, %ymm10
+        vpor	%ymm1, %ymm11, %ymm11
+        vpor	%ymm2, %ymm12, %ymm12
+        vpor	%ymm3, %ymm13, %ymm13
+        vpor	%ymm4, %ymm14, %ymm14
+        vpandn	%ymm12, %ymm11, %ymm0
+        vpandn	%ymm13, %ymm12, %ymm1
+        vpandn	%ymm14, %ymm13, %ymm2
+        vpandn	%ymm10, %ymm14, %ymm3
+        vpandn	%ymm11, %ymm10, %ymm4
+        vpxor	%ymm10, %ymm0, %ymm0
+        vpxor	%ymm11, %ymm1, %ymm1
+        vpxor	%ymm12, %ymm2, %ymm2
+        vpxor	%ymm13, %ymm3, %ymm3
+        vpxor	%ymm14, %ymm4, %ymm4
+        vmovdqu	%ymm0, -64(%rax)
+        vmovdqu	%ymm1, 32(%rax)
+        vmovdqu	%ymm2, -32(%rax)
+        vmovdqu	%ymm3, 64(%rax)
+        vmovdqu	%ymm4, (%rax)
+        # Round 18
+        # Calc b[0..4]
+        vpxor	%ymm15, %ymm0, %ymm10
+        vpxor	-96(%rdi), %ymm2, %ymm12
+        vpxor	-64(%rdi), %ymm4, %ymm14
+        vpxor	-32(%rdi), %ymm1, %ymm11
+        vpxor	(%rdi), %ymm3, %ymm13
+        vpxor	32(%rdi), %ymm10, %ymm10
+        vpxor	64(%rdi), %ymm12, %ymm12
+        vpxor	96(%rdi), %ymm14, %ymm14
+        vpxor	128(%rdi), %ymm11, %ymm11
+        vpxor	-96(%rax), %ymm13, %ymm13
+        vpxor	96(%rax), %ymm10, %ymm10
+        vpxor	128(%rax), %ymm12, %ymm12
+        vpxor	-96(%rcx), %ymm14, %ymm14
+        vpxor	-64(%rcx), %ymm11, %ymm11
+        vpxor	-32(%rcx), %ymm13, %ymm13
+        vpxor	(%rcx), %ymm10, %ymm10
+        vpxor	32(%rcx), %ymm12, %ymm12
+        vpxor	64(%rcx), %ymm14, %ymm14
+        vpxor	96(%rcx), %ymm11, %ymm11
+        vpxor	128(%rcx), %ymm13, %ymm13
+        # Calc t[0..4]
+        vpsrlq	$63, %ymm11, %ymm0
+        vpsrlq	$63, %ymm12, %ymm1
+        vpsrlq	$63, %ymm13, %ymm2
+        vpsrlq	$63, %ymm14, %ymm3
+        vpsrlq	$63, %ymm10, %ymm4
+        vpaddq	%ymm11, %ymm11, %ymm5
+        vpaddq	%ymm12, %ymm12, %ymm6
+        vpaddq	%ymm13, %ymm13, %ymm7
+        vpaddq	%ymm14, %ymm14, %ymm8
+        vpaddq	%ymm10, %ymm10, %ymm9
+        vpor	%ymm0, %ymm5, %ymm5
+        vpor	%ymm1, %ymm6, %ymm6
+        vpor	%ymm2, %ymm7, %ymm7
+        vpor	%ymm3, %ymm8, %ymm8
+        vpor	%ymm4, %ymm9, %ymm9
+        vpxor	%ymm14, %ymm5, %ymm5
+        vpxor	%ymm10, %ymm6, %ymm6
+        vpxor	%ymm11, %ymm7, %ymm7
+        vpxor	%ymm12, %ymm8, %ymm8
+        vpxor	%ymm13, %ymm9, %ymm9
+        # Row Mix
+        # Row 0
+        vpxor	%ymm15, %ymm5, %ymm10
+        vpxor	-64(%rcx), %ymm6, %ymm11
+        vpxor	64(%rdi), %ymm7, %ymm12
+        vpxor	128(%rcx), %ymm8, %ymm13
+        vpxor	(%rax), %ymm9, %ymm14
+        vpsrlq	$20, %ymm11, %ymm0
+        vpsrlq	$21, %ymm12, %ymm1
+        vpsrlq	$43, %ymm13, %ymm2
+        vpsrlq	$50, %ymm14, %ymm3
+        vpsllq	$44, %ymm11, %ymm11
+        vpsllq	$43, %ymm12, %ymm12
+        vpsllq	$21, %ymm13, %ymm13
+        vpsllq	$14, %ymm14, %ymm14
+        vpor	%ymm0, %ymm11, %ymm11
+        vpor	%ymm1, %ymm12, %ymm12
+        vpor	%ymm2, %ymm13, %ymm13
+        vpor	%ymm3, %ymm14, %ymm14
+        vpandn	%ymm12, %ymm11, %ymm15
+        vpandn	%ymm13, %ymm12, %ymm1
+        vpandn	%ymm14, %ymm13, %ymm2
+        vpandn	%ymm10, %ymm14, %ymm3
+        vpandn	%ymm11, %ymm10, %ymm4
+        vpxor	%ymm10, %ymm15, %ymm15
+        vpxor	%ymm11, %ymm1, %ymm1
+        vpxor	%ymm12, %ymm2, %ymm2
+        # XOR in constant
+        vpxor	576(%rdx), %ymm15, %ymm15
+        vpxor	%ymm13, %ymm3, %ymm3
+        vpxor	%ymm14, %ymm4, %ymm4
+        vmovdqu	%ymm1, -64(%rcx)
+        vmovdqu	%ymm2, 64(%rdi)
+        vmovdqu	%ymm3, 128(%rcx)
+        vmovdqu	%ymm4, (%rax)
+        # Row 1
+        vpxor	(%rdi), %ymm8, %ymm10
+        vpxor	-96(%rcx), %ymm9, %ymm11
+        vpxor	32(%rdi), %ymm5, %ymm12
+        vpxor	96(%rcx), %ymm6, %ymm13
+        vpxor	-32(%rax), %ymm7, %ymm14
+        vpsrlq	$36, %ymm10, %ymm0
+        vpsrlq	$44, %ymm11, %ymm1
+        vpsrlq	$61, %ymm12, %ymm2
+        vpsrlq	$19, %ymm13, %ymm3
+        vpsrlq	$3, %ymm14, %ymm4
+        vpsllq	$28, %ymm10, %ymm10
+        vpsllq	$20, %ymm11, %ymm11
+        vpsllq	$3, %ymm12, %ymm12
+        vpsllq	$45, %ymm13, %ymm13
+        vpsllq	$61, %ymm14, %ymm14
+        vpor	%ymm0, %ymm10, %ymm10
+        vpor	%ymm1, %ymm11, %ymm11
+        vpor	%ymm2, %ymm12, %ymm12
+        vpor	%ymm3, %ymm13, %ymm13
+        vpor	%ymm4, %ymm14, %ymm14
+        vpandn	%ymm12, %ymm11, %ymm0
+        vpandn	%ymm13, %ymm12, %ymm1
+        vpandn	%ymm14, %ymm13, %ymm2
+        vpandn	%ymm10, %ymm14, %ymm3
+        vpandn	%ymm11, %ymm10, %ymm4
+        vpxor	%ymm10, %ymm0, %ymm0
+        vpxor	%ymm11, %ymm1, %ymm1
+        vpxor	%ymm12, %ymm2, %ymm2
+        vpxor	%ymm13, %ymm3, %ymm3
+        vpxor	%ymm14, %ymm4, %ymm4
+        vmovdqu	%ymm0, (%rdi)
+        vmovdqu	%ymm1, -96(%rcx)
+        vmovdqu	%ymm2, 32(%rdi)
+        vmovdqu	%ymm3, 96(%rcx)
+        vmovdqu	%ymm4, -32(%rax)
+        # Row 2
+        vpxor	-32(%rdi), %ymm6, %ymm10
+        vpxor	128(%rax), %ymm7, %ymm11
+        vpxor	-96(%rax), %ymm8, %ymm12
+        vpxor	64(%rcx), %ymm9, %ymm13
+        vpxor	-64(%rax), %ymm5, %ymm14
+        vpsrlq	$63, %ymm10, %ymm0
+        vpsrlq	$58, %ymm11, %ymm1
+        vpsrlq	$39, %ymm12, %ymm2
+        vpsrlq	$56, %ymm13, %ymm3
+        vpsrlq	$46, %ymm14, %ymm4
+        vpaddq	%ymm10, %ymm10, %ymm10
+        vpsllq	$6, %ymm11, %ymm11
+        vpsllq	$25, %ymm12, %ymm12
+        vpsllq	$8, %ymm13, %ymm13
+        vpsllq	$18, %ymm14, %ymm14
+        vpor	%ymm0, %ymm10, %ymm10
+        vpor	%ymm1, %ymm11, %ymm11
+        vpor	%ymm2, %ymm12, %ymm12
+        vpor	%ymm3, %ymm13, %ymm13
+        vpor	%ymm4, %ymm14, %ymm14
+        vpandn	%ymm12, %ymm11, %ymm0
+        vpandn	%ymm13, %ymm12, %ymm1
+        vpandn	%ymm14, %ymm13, %ymm2
+        vpandn	%ymm10, %ymm14, %ymm3
+        vpandn	%ymm11, %ymm10, %ymm4
+        vpxor	%ymm10, %ymm0, %ymm0
+        vpxor	%ymm11, %ymm1, %ymm1
+        vpxor	%ymm12, %ymm2, %ymm2
+        vpxor	%ymm13, %ymm3, %ymm3
+        vpxor	%ymm14, %ymm4, %ymm4
+        vmovdqu	%ymm0, -32(%rdi)
+        vmovdqu	%ymm1, 128(%rax)
+        vmovdqu	%ymm2, -96(%rax)
+        vmovdqu	%ymm3, 64(%rcx)
+        vmovdqu	%ymm4, -64(%rax)
+        # Row 3
+        vpxor	-64(%rdi), %ymm9, %ymm10
+        vpxor	96(%rax), %ymm5, %ymm11
+        vpxor	128(%rdi), %ymm6, %ymm12
+        vpxor	32(%rcx), %ymm7, %ymm13
+        vpxor	64(%rax), %ymm8, %ymm14
+        vpsrlq	$37, %ymm10, %ymm0
+        vpsrlq	$28, %ymm11, %ymm1
+        vpsrlq	$54, %ymm12, %ymm2
+        vpsrlq	$49, %ymm13, %ymm3
+        vpsrlq	$8, %ymm14, %ymm4
+        vpsllq	$27, %ymm10, %ymm10
+        vpsllq	$36, %ymm11, %ymm11
+        vpsllq	$10, %ymm12, %ymm12
+        vpsllq	$15, %ymm13, %ymm13
+        vpsllq	$56, %ymm14, %ymm14
+        vpor	%ymm0, %ymm10, %ymm10
+        vpor	%ymm1, %ymm11, %ymm11
+        vpor	%ymm2, %ymm12, %ymm12
+        vpor	%ymm3, %ymm13, %ymm13
+        vpor	%ymm4, %ymm14, %ymm14
+        vpandn	%ymm12, %ymm11, %ymm0
+        vpandn	%ymm13, %ymm12, %ymm1
+        vpandn	%ymm14, %ymm13, %ymm2
+        vpandn	%ymm10, %ymm14, %ymm3
+        vpandn	%ymm11, %ymm10, %ymm4
+        vpxor	%ymm10, %ymm0, %ymm0
+        vpxor	%ymm11, %ymm1, %ymm1
+        vpxor	%ymm12, %ymm2, %ymm2
+        vpxor	%ymm13, %ymm3, %ymm3
+        vpxor	%ymm14, %ymm4, %ymm4
+        vmovdqu	%ymm0, -64(%rdi)
+        vmovdqu	%ymm1, 96(%rax)
+        vmovdqu	%ymm2, 128(%rdi)
+        vmovdqu	%ymm3, 32(%rcx)
+        vmovdqu	%ymm4, 64(%rax)
+        # Row 4
+        vpxor	-96(%rdi), %ymm7, %ymm10
+        vpxor	-32(%rcx), %ymm8, %ymm11
+        vpxor	96(%rdi), %ymm9, %ymm12
+        vpxor	(%rcx), %ymm5, %ymm13
+        vpxor	32(%rax), %ymm6, %ymm14
+        vpsrlq	$2, %ymm10, %ymm0
+        vpsrlq	$9, %ymm11, %ymm1
+        vpsrlq	$25, %ymm12, %ymm2
+        vpsrlq	$23, %ymm13, %ymm3
+        vpsrlq	$62, %ymm14, %ymm4
+        vpsllq	$62, %ymm10, %ymm10
+        vpsllq	$55, %ymm11, %ymm11
+        vpsllq	$39, %ymm12, %ymm12
+        vpsllq	$41, %ymm13, %ymm13
+        vpsllq	$2, %ymm14, %ymm14
+        vpor	%ymm0, %ymm10, %ymm10
+        vpor	%ymm1, %ymm11, %ymm11
+        vpor	%ymm2, %ymm12, %ymm12
+        vpor	%ymm3, %ymm13, %ymm13
+        vpor	%ymm4, %ymm14, %ymm14
+        vpandn	%ymm12, %ymm11, %ymm0
+        vpandn	%ymm13, %ymm12, %ymm1
+        vpandn	%ymm14, %ymm13, %ymm2
+        vpandn	%ymm10, %ymm14, %ymm3
+        vpandn	%ymm11, %ymm10, %ymm4
+        vpxor	%ymm10, %ymm0, %ymm0
+        vpxor	%ymm11, %ymm1, %ymm1
+        vpxor	%ymm12, %ymm2, %ymm2
+        vpxor	%ymm13, %ymm3, %ymm3
+        vpxor	%ymm14, %ymm4, %ymm4
+        vmovdqu	%ymm0, -96(%rdi)
+        vmovdqu	%ymm1, -32(%rcx)
+        vmovdqu	%ymm2, 96(%rdi)
+        vmovdqu	%ymm3, (%rcx)
+        vmovdqu	%ymm4, 32(%rax)
+        # Round 19
+        # Calc b[0..4]
+        vpxor	%ymm15, %ymm0, %ymm10
+        vpxor	-64(%rdi), %ymm10, %ymm10
+        vpxor	-32(%rdi), %ymm10, %ymm10
+        vpxor	(%rdi), %ymm10, %ymm10
+        vpxor	32(%rdi), %ymm2, %ymm12
+        vpxor	64(%rdi), %ymm12, %ymm12
+        vpxor	128(%rdi), %ymm12, %ymm12
+        vpxor	-96(%rax), %ymm12, %ymm12
+        vpxor	-64(%rax), %ymm4, %ymm14
+        vpxor	-32(%rax), %ymm14, %ymm14
+        vpxor	(%rax), %ymm14, %ymm14
+        vpxor	64(%rax), %ymm14, %ymm14
+        vpxor	96(%rax), %ymm1, %ymm11
+        vpxor	128(%rax), %ymm11, %ymm11
+        vpxor	-96(%rcx), %ymm11, %ymm11
+        vpxor	-64(%rcx), %ymm11, %ymm11
+        vpxor	32(%rcx), %ymm3, %ymm13
+        vpxor	64(%rcx), %ymm13, %ymm13
+        vpxor	96(%rcx), %ymm13, %ymm13
+        vpxor	128(%rcx), %ymm13, %ymm13
+        # Calc t[0..4]
+        vpsrlq	$63, %ymm11, %ymm0
+        vpsrlq	$63, %ymm12, %ymm1
+        vpsrlq	$63, %ymm13, %ymm2
+        vpsrlq	$63, %ymm14, %ymm3
+        vpsrlq	$63, %ymm10, %ymm4
+        vpaddq	%ymm11, %ymm11, %ymm5
+        vpaddq	%ymm12, %ymm12, %ymm6
+        vpaddq	%ymm13, %ymm13, %ymm7
+        vpaddq	%ymm14, %ymm14, %ymm8
+        vpaddq	%ymm10, %ymm10, %ymm9
+        vpor	%ymm0, %ymm5, %ymm5
+        vpor	%ymm1, %ymm6, %ymm6
+        vpor	%ymm2, %ymm7, %ymm7
+        vpor	%ymm3, %ymm8, %ymm8
+        vpor	%ymm4, %ymm9, %ymm9
+        vpxor	%ymm14, %ymm5, %ymm5
+        vpxor	%ymm10, %ymm6, %ymm6
+        vpxor	%ymm11, %ymm7, %ymm7
+        vpxor	%ymm12, %ymm8, %ymm8
+        vpxor	%ymm13, %ymm9, %ymm9
+        # Row Mix
+        # Row 0
+        vpxor	%ymm15, %ymm5, %ymm10
+        vpxor	-96(%rcx), %ymm6, %ymm11
+        vpxor	-96(%rax), %ymm7, %ymm12
+        vpxor	32(%rcx), %ymm8, %ymm13
+        vpxor	32(%rax), %ymm9, %ymm14
+        vpsrlq	$20, %ymm11, %ymm0
+        vpsrlq	$21, %ymm12, %ymm1
+        vpsrlq	$43, %ymm13, %ymm2
+        vpsrlq	$50, %ymm14, %ymm3
+        vpsllq	$44, %ymm11, %ymm11
+        vpsllq	$43, %ymm12, %ymm12
+        vpsllq	$21, %ymm13, %ymm13
+        vpsllq	$14, %ymm14, %ymm14
+        vpor	%ymm0, %ymm11, %ymm11
+        vpor	%ymm1, %ymm12, %ymm12
+        vpor	%ymm2, %ymm13, %ymm13
+        vpor	%ymm3, %ymm14, %ymm14
+        vpandn	%ymm12, %ymm11, %ymm15
+        vpandn	%ymm13, %ymm12, %ymm1
+        vpandn	%ymm14, %ymm13, %ymm2
+        vpandn	%ymm10, %ymm14, %ymm3
+        vpandn	%ymm11, %ymm10, %ymm4
+        vpxor	%ymm10, %ymm15, %ymm15
+        vpxor	%ymm11, %ymm1, %ymm1
+        vpxor	%ymm12, %ymm2, %ymm2
+        # XOR in constant
+        vpxor	608(%rdx), %ymm15, %ymm15
+        vpxor	%ymm13, %ymm3, %ymm3
+        vpxor	%ymm14, %ymm4, %ymm4
+        vmovdqu	%ymm1, -96(%rcx)
+        vmovdqu	%ymm2, -96(%rax)
+        vmovdqu	%ymm3, 32(%rcx)
+        vmovdqu	%ymm4, 32(%rax)
+        # Row 1
+        vpxor	128(%rcx), %ymm8, %ymm10
+        vpxor	-32(%rax), %ymm9, %ymm11
+        vpxor	-32(%rdi), %ymm5, %ymm12
+        vpxor	96(%rax), %ymm6, %ymm13
+        vpxor	96(%rdi), %ymm7, %ymm14
+        vpsrlq	$36, %ymm10, %ymm0
+        vpsrlq	$44, %ymm11, %ymm1
+        vpsrlq	$61, %ymm12, %ymm2
+        vpsrlq	$19, %ymm13, %ymm3
+        vpsrlq	$3, %ymm14, %ymm4
+        vpsllq	$28, %ymm10, %ymm10
+        vpsllq	$20, %ymm11, %ymm11
+        vpsllq	$3, %ymm12, %ymm12
+        vpsllq	$45, %ymm13, %ymm13
+        vpsllq	$61, %ymm14, %ymm14
+        vpor	%ymm0, %ymm10, %ymm10
+        vpor	%ymm1, %ymm11, %ymm11
+        vpor	%ymm2, %ymm12, %ymm12
+        vpor	%ymm3, %ymm13, %ymm13
+        vpor	%ymm4, %ymm14, %ymm14
+        vpandn	%ymm12, %ymm11, %ymm0
+        vpandn	%ymm13, %ymm12, %ymm1
+        vpandn	%ymm14, %ymm13, %ymm2
+        vpandn	%ymm10, %ymm14, %ymm3
+        vpandn	%ymm11, %ymm10, %ymm4
+        vpxor	%ymm10, %ymm0, %ymm0
+        vpxor	%ymm11, %ymm1, %ymm1
+        vpxor	%ymm12, %ymm2, %ymm2
+        vpxor	%ymm13, %ymm3, %ymm3
+        vpxor	%ymm14, %ymm4, %ymm4
+        vmovdqu	%ymm0, 128(%rcx)
+        vmovdqu	%ymm1, -32(%rax)
+        vmovdqu	%ymm2, -32(%rdi)
+        vmovdqu	%ymm3, 96(%rax)
+        vmovdqu	%ymm4, 96(%rdi)
+        # Row 2
+        vpxor	-64(%rcx), %ymm6, %ymm10
+        vpxor	32(%rdi), %ymm7, %ymm11
+        vpxor	64(%rcx), %ymm8, %ymm12
+        vpxor	64(%rax), %ymm9, %ymm13
+        vpxor	-96(%rdi), %ymm5, %ymm14
+        vpsrlq	$63, %ymm10, %ymm0
+        vpsrlq	$58, %ymm11, %ymm1
+        vpsrlq	$39, %ymm12, %ymm2
+        vpsrlq	$56, %ymm13, %ymm3
+        vpsrlq	$46, %ymm14, %ymm4
+        vpaddq	%ymm10, %ymm10, %ymm10
+        vpsllq	$6, %ymm11, %ymm11
+        vpsllq	$25, %ymm12, %ymm12
+        vpsllq	$8, %ymm13, %ymm13
+        vpsllq	$18, %ymm14, %ymm14
+        vpor	%ymm0, %ymm10, %ymm10
+        vpor	%ymm1, %ymm11, %ymm11
+        vpor	%ymm2, %ymm12, %ymm12
+        vpor	%ymm3, %ymm13, %ymm13
+        vpor	%ymm4, %ymm14, %ymm14
+        vpandn	%ymm12, %ymm11, %ymm0
+        vpandn	%ymm13, %ymm12, %ymm1
+        vpandn	%ymm14, %ymm13, %ymm2
+        vpandn	%ymm10, %ymm14, %ymm3
+        vpandn	%ymm11, %ymm10, %ymm4
+        vpxor	%ymm10, %ymm0, %ymm0
+        vpxor	%ymm11, %ymm1, %ymm1
+        vpxor	%ymm12, %ymm2, %ymm2
+        vpxor	%ymm13, %ymm3, %ymm3
+        vpxor	%ymm14, %ymm4, %ymm4
+        vmovdqu	%ymm0, -64(%rcx)
+        vmovdqu	%ymm1, 32(%rdi)
+        vmovdqu	%ymm2, 64(%rcx)
+        vmovdqu	%ymm3, 64(%rax)
+        vmovdqu	%ymm4, -96(%rdi)
+        # Row 3
+        vpxor	(%rax), %ymm9, %ymm10
+        vpxor	(%rdi), %ymm5, %ymm11
+        vpxor	128(%rax), %ymm6, %ymm12
+        vpxor	128(%rdi), %ymm7, %ymm13
+        vpxor	(%rcx), %ymm8, %ymm14
+        vpsrlq	$37, %ymm10, %ymm0
+        vpsrlq	$28, %ymm11, %ymm1
+        vpsrlq	$54, %ymm12, %ymm2
+        vpsrlq	$49, %ymm13, %ymm3
+        vpsrlq	$8, %ymm14, %ymm4
+        vpsllq	$27, %ymm10, %ymm10
+        vpsllq	$36, %ymm11, %ymm11
+        vpsllq	$10, %ymm12, %ymm12
+        vpsllq	$15, %ymm13, %ymm13
+        vpsllq	$56, %ymm14, %ymm14
+        vpor	%ymm0, %ymm10, %ymm10
+        vpor	%ymm1, %ymm11, %ymm11
+        vpor	%ymm2, %ymm12, %ymm12
+        vpor	%ymm3, %ymm13, %ymm13
+        vpor	%ymm4, %ymm14, %ymm14
+        vpandn	%ymm12, %ymm11, %ymm0
+        vpandn	%ymm13, %ymm12, %ymm1
+        vpandn	%ymm14, %ymm13, %ymm2
+        vpandn	%ymm10, %ymm14, %ymm3
+        vpandn	%ymm11, %ymm10, %ymm4
+        vpxor	%ymm10, %ymm0, %ymm0
+        vpxor	%ymm11, %ymm1, %ymm1
+        vpxor	%ymm12, %ymm2, %ymm2
+        vpxor	%ymm13, %ymm3, %ymm3
+        vpxor	%ymm14, %ymm4, %ymm4
+        vmovdqu	%ymm0, (%rax)
+        vmovdqu	%ymm1, (%rdi)
+        vmovdqu	%ymm2, 128(%rax)
+        vmovdqu	%ymm3, 128(%rdi)
+        vmovdqu	%ymm4, (%rcx)
+        # Row 4
+        vpxor	64(%rdi), %ymm7, %ymm10
+        vpxor	96(%rcx), %ymm8, %ymm11
+        vpxor	-64(%rax), %ymm9, %ymm12
+        vpxor	-64(%rdi), %ymm5, %ymm13
+        vpxor	-32(%rcx), %ymm6, %ymm14
+        vpsrlq	$2, %ymm10, %ymm0
+        vpsrlq	$9, %ymm11, %ymm1
+        vpsrlq	$25, %ymm12, %ymm2
+        vpsrlq	$23, %ymm13, %ymm3
+        vpsrlq	$62, %ymm14, %ymm4
+        vpsllq	$62, %ymm10, %ymm10
+        vpsllq	$55, %ymm11, %ymm11
+        vpsllq	$39, %ymm12, %ymm12
+        vpsllq	$41, %ymm13, %ymm13
+        vpsllq	$2, %ymm14, %ymm14
+        vpor	%ymm0, %ymm10, %ymm10
+        vpor	%ymm1, %ymm11, %ymm11
+        vpor	%ymm2, %ymm12, %ymm12
+        vpor	%ymm3, %ymm13, %ymm13
+        vpor	%ymm4, %ymm14, %ymm14
+        vpandn	%ymm12, %ymm11, %ymm0
+        vpandn	%ymm13, %ymm12, %ymm1
+        vpandn	%ymm14, %ymm13, %ymm2
+        vpandn	%ymm10, %ymm14, %ymm3
+        vpandn	%ymm11, %ymm10, %ymm4
+        vpxor	%ymm10, %ymm0, %ymm0
+        vpxor	%ymm11, %ymm1, %ymm1
+        vpxor	%ymm12, %ymm2, %ymm2
+        vpxor	%ymm13, %ymm3, %ymm3
+        vpxor	%ymm14, %ymm4, %ymm4
+        vmovdqu	%ymm0, 64(%rdi)
+        vmovdqu	%ymm1, 96(%rcx)
+        vmovdqu	%ymm2, -64(%rax)
+        vmovdqu	%ymm3, -64(%rdi)
+        vmovdqu	%ymm4, -32(%rcx)
+        # Round 20
+        # Calc b[0..4]
+        vpxor	%ymm15, %ymm0, %ymm10
+        vpxor	-96(%rdi), %ymm4, %ymm14
+        vpxor	-32(%rdi), %ymm2, %ymm12
+        vpxor	(%rdi), %ymm1, %ymm11
+        vpxor	32(%rdi), %ymm11, %ymm11
+        vpxor	96(%rdi), %ymm14, %ymm14
+        vpxor	128(%rdi), %ymm3, %ymm13
+        vpxor	-96(%rax), %ymm12, %ymm12
+        vpxor	-32(%rax), %ymm11, %ymm11
+        vpxor	(%rax), %ymm10, %ymm10
+        vpxor	32(%rax), %ymm14, %ymm14
+        vpxor	64(%rax), %ymm13, %ymm13
+        vpxor	96(%rax), %ymm13, %ymm13
+        vpxor	128(%rax), %ymm12, %ymm12
+        vpxor	-96(%rcx), %ymm11, %ymm11
+        vpxor	-64(%rcx), %ymm10, %ymm10
+        vpxor	(%rcx), %ymm14, %ymm14
+        vpxor	32(%rcx), %ymm13, %ymm13
+        vpxor	64(%rcx), %ymm12, %ymm12
+        vpxor	128(%rcx), %ymm10, %ymm10
+        # Calc t[0..4]
+        vpsrlq	$63, %ymm11, %ymm0
+        vpsrlq	$63, %ymm12, %ymm1
+        vpsrlq	$63, %ymm13, %ymm2
+        vpsrlq	$63, %ymm14, %ymm3
+        vpsrlq	$63, %ymm10, %ymm4
+        vpaddq	%ymm11, %ymm11, %ymm5
+        vpaddq	%ymm12, %ymm12, %ymm6
+        vpaddq	%ymm13, %ymm13, %ymm7
+        vpaddq	%ymm14, %ymm14, %ymm8
+        vpaddq	%ymm10, %ymm10, %ymm9
+        vpor	%ymm0, %ymm5, %ymm5
+        vpor	%ymm1, %ymm6, %ymm6
+        vpor	%ymm2, %ymm7, %ymm7
+        vpor	%ymm3, %ymm8, %ymm8
+        vpor	%ymm4, %ymm9, %ymm9
+        vpxor	%ymm14, %ymm5, %ymm5
+        vpxor	%ymm10, %ymm6, %ymm6
+        vpxor	%ymm11, %ymm7, %ymm7
+        vpxor	%ymm12, %ymm8, %ymm8
+        vpxor	%ymm13, %ymm9, %ymm9
+        # Row Mix
+        # Row 0
+        vpxor	%ymm15, %ymm5, %ymm10
+        vpxor	-32(%rax), %ymm6, %ymm11
+        vpxor	64(%rcx), %ymm7, %ymm12
+        vpxor	128(%rdi), %ymm8, %ymm13
+        vpxor	-32(%rcx), %ymm9, %ymm14
+        vpsrlq	$20, %ymm11, %ymm0
+        vpsrlq	$21, %ymm12, %ymm1
+        vpsrlq	$43, %ymm13, %ymm2
+        vpsrlq	$50, %ymm14, %ymm3
+        vpsllq	$44, %ymm11, %ymm11
+        vpsllq	$43, %ymm12, %ymm12
+        vpsllq	$21, %ymm13, %ymm13
+        vpsllq	$14, %ymm14, %ymm14
+        vpor	%ymm0, %ymm11, %ymm11
+        vpor	%ymm1, %ymm12, %ymm12
+        vpor	%ymm2, %ymm13, %ymm13
+        vpor	%ymm3, %ymm14, %ymm14
+        vpandn	%ymm12, %ymm11, %ymm15
+        vpandn	%ymm13, %ymm12, %ymm1
+        vpandn	%ymm14, %ymm13, %ymm2
+        vpandn	%ymm10, %ymm14, %ymm3
+        vpandn	%ymm11, %ymm10, %ymm4
+        vpxor	%ymm10, %ymm15, %ymm15
+        vpxor	%ymm11, %ymm1, %ymm1
+        vpxor	%ymm12, %ymm2, %ymm2
+        # XOR in constant
+        vpxor	640(%rdx), %ymm15, %ymm15
+        vpxor	%ymm13, %ymm3, %ymm3
+        vpxor	%ymm14, %ymm4, %ymm4
+        vmovdqu	%ymm1, -32(%rax)
+        vmovdqu	%ymm2, 64(%rcx)
+        vmovdqu	%ymm3, 128(%rdi)
+        vmovdqu	%ymm4, -32(%rcx)
+        # Row 1
+        vpxor	32(%rcx), %ymm8, %ymm10
+        vpxor	96(%rdi), %ymm9, %ymm11
+        vpxor	-64(%rcx), %ymm5, %ymm12
+        vpxor	(%rdi), %ymm6, %ymm13
+        vpxor	-64(%rax), %ymm7, %ymm14
+        vpsrlq	$36, %ymm10, %ymm0
+        vpsrlq	$44, %ymm11, %ymm1
+        vpsrlq	$61, %ymm12, %ymm2
+        vpsrlq	$19, %ymm13, %ymm3
+        vpsrlq	$3, %ymm14, %ymm4
+        vpsllq	$28, %ymm10, %ymm10
+        vpsllq	$20, %ymm11, %ymm11
+        vpsllq	$3, %ymm12, %ymm12
+        vpsllq	$45, %ymm13, %ymm13
+        vpsllq	$61, %ymm14, %ymm14
+        vpor	%ymm0, %ymm10, %ymm10
+        vpor	%ymm1, %ymm11, %ymm11
+        vpor	%ymm2, %ymm12, %ymm12
+        vpor	%ymm3, %ymm13, %ymm13
+        vpor	%ymm4, %ymm14, %ymm14
+        vpandn	%ymm12, %ymm11, %ymm0
+        vpandn	%ymm13, %ymm12, %ymm1
+        vpandn	%ymm14, %ymm13, %ymm2
+        vpandn	%ymm10, %ymm14, %ymm3
+        vpandn	%ymm11, %ymm10, %ymm4
+        vpxor	%ymm10, %ymm0, %ymm0
+        vpxor	%ymm11, %ymm1, %ymm1
+        vpxor	%ymm12, %ymm2, %ymm2
+        vpxor	%ymm13, %ymm3, %ymm3
+        vpxor	%ymm14, %ymm4, %ymm4
+        vmovdqu	%ymm0, 32(%rcx)
+        vmovdqu	%ymm1, 96(%rdi)
+        vmovdqu	%ymm2, -64(%rcx)
+        vmovdqu	%ymm3, (%rdi)
+        vmovdqu	%ymm4, -64(%rax)
+        # Row 2
+        vpxor	-96(%rcx), %ymm6, %ymm10
+        vpxor	-32(%rdi), %ymm7, %ymm11
+        vpxor	64(%rax), %ymm8, %ymm12
+        vpxor	(%rcx), %ymm9, %ymm13
+        vpxor	64(%rdi), %ymm5, %ymm14
+        vpsrlq	$63, %ymm10, %ymm0
+        vpsrlq	$58, %ymm11, %ymm1
+        vpsrlq	$39, %ymm12, %ymm2
+        vpsrlq	$56, %ymm13, %ymm3
+        vpsrlq	$46, %ymm14, %ymm4
+        vpaddq	%ymm10, %ymm10, %ymm10
+        vpsllq	$6, %ymm11, %ymm11
+        vpsllq	$25, %ymm12, %ymm12
+        vpsllq	$8, %ymm13, %ymm13
+        vpsllq	$18, %ymm14, %ymm14
+        vpor	%ymm0, %ymm10, %ymm10
+        vpor	%ymm1, %ymm11, %ymm11
+        vpor	%ymm2, %ymm12, %ymm12
+        vpor	%ymm3, %ymm13, %ymm13
+        vpor	%ymm4, %ymm14, %ymm14
+        vpandn	%ymm12, %ymm11, %ymm0
+        vpandn	%ymm13, %ymm12, %ymm1
+        vpandn	%ymm14, %ymm13, %ymm2
+        vpandn	%ymm10, %ymm14, %ymm3
+        vpandn	%ymm11, %ymm10, %ymm4
+        vpxor	%ymm10, %ymm0, %ymm0
+        vpxor	%ymm11, %ymm1, %ymm1
+        vpxor	%ymm12, %ymm2, %ymm2
+        vpxor	%ymm13, %ymm3, %ymm3
+        vpxor	%ymm14, %ymm4, %ymm4
+        vmovdqu	%ymm0, -96(%rcx)
+        vmovdqu	%ymm1, -32(%rdi)
+        vmovdqu	%ymm2, 64(%rax)
+        vmovdqu	%ymm3, (%rcx)
+        vmovdqu	%ymm4, 64(%rdi)
+        # Row 3
+        vpxor	32(%rax), %ymm9, %ymm10
+        vpxor	128(%rcx), %ymm5, %ymm11
+        vpxor	32(%rdi), %ymm6, %ymm12
+        vpxor	128(%rax), %ymm7, %ymm13
+        vpxor	-64(%rdi), %ymm8, %ymm14
+        vpsrlq	$37, %ymm10, %ymm0
+        vpsrlq	$28, %ymm11, %ymm1
+        vpsrlq	$54, %ymm12, %ymm2
+        vpsrlq	$49, %ymm13, %ymm3
+        vpsrlq	$8, %ymm14, %ymm4
+        vpsllq	$27, %ymm10, %ymm10
+        vpsllq	$36, %ymm11, %ymm11
+        vpsllq	$10, %ymm12, %ymm12
+        vpsllq	$15, %ymm13, %ymm13
+        vpsllq	$56, %ymm14, %ymm14
+        vpor	%ymm0, %ymm10, %ymm10
+        vpor	%ymm1, %ymm11, %ymm11
+        vpor	%ymm2, %ymm12, %ymm12
+        vpor	%ymm3, %ymm13, %ymm13
+        vpor	%ymm4, %ymm14, %ymm14
+        vpandn	%ymm12, %ymm11, %ymm0
+        vpandn	%ymm13, %ymm12, %ymm1
+        vpandn	%ymm14, %ymm13, %ymm2
+        vpandn	%ymm10, %ymm14, %ymm3
+        vpandn	%ymm11, %ymm10, %ymm4
+        vpxor	%ymm10, %ymm0, %ymm0
+        vpxor	%ymm11, %ymm1, %ymm1
+        vpxor	%ymm12, %ymm2, %ymm2
+        vpxor	%ymm13, %ymm3, %ymm3
+        vpxor	%ymm14, %ymm4, %ymm4
+        vmovdqu	%ymm0, 32(%rax)
+        vmovdqu	%ymm1, 128(%rcx)
+        vmovdqu	%ymm2, 32(%rdi)
+        vmovdqu	%ymm3, 128(%rax)
+        vmovdqu	%ymm4, -64(%rdi)
+        # Row 4
+        vpxor	-96(%rax), %ymm7, %ymm10
+        vpxor	96(%rax), %ymm8, %ymm11
+        vpxor	-96(%rdi), %ymm9, %ymm12
+        vpxor	(%rax), %ymm5, %ymm13
+        vpxor	96(%rcx), %ymm6, %ymm14
+        vpsrlq	$2, %ymm10, %ymm0
+        vpsrlq	$9, %ymm11, %ymm1
+        vpsrlq	$25, %ymm12, %ymm2
+        vpsrlq	$23, %ymm13, %ymm3
+        vpsrlq	$62, %ymm14, %ymm4
+        vpsllq	$62, %ymm10, %ymm10
+        vpsllq	$55, %ymm11, %ymm11
+        vpsllq	$39, %ymm12, %ymm12
+        vpsllq	$41, %ymm13, %ymm13
+        vpsllq	$2, %ymm14, %ymm14
+        vpor	%ymm0, %ymm10, %ymm10
+        vpor	%ymm1, %ymm11, %ymm11
+        vpor	%ymm2, %ymm12, %ymm12
+        vpor	%ymm3, %ymm13, %ymm13
+        vpor	%ymm4, %ymm14, %ymm14
+        vpandn	%ymm12, %ymm11, %ymm0
+        vpandn	%ymm13, %ymm12, %ymm1
+        vpandn	%ymm14, %ymm13, %ymm2
+        vpandn	%ymm10, %ymm14, %ymm3
+        vpandn	%ymm11, %ymm10, %ymm4
+        vpxor	%ymm10, %ymm0, %ymm0
+        vpxor	%ymm11, %ymm1, %ymm1
+        vpxor	%ymm12, %ymm2, %ymm2
+        vpxor	%ymm13, %ymm3, %ymm3
+        vpxor	%ymm14, %ymm4, %ymm4
+        vmovdqu	%ymm0, -96(%rax)
+        vmovdqu	%ymm1, 96(%rax)
+        vmovdqu	%ymm2, -96(%rdi)
+        vmovdqu	%ymm3, (%rax)
+        vmovdqu	%ymm4, 96(%rcx)
+        # Round 21
+        # Calc b[0..4]
+        vpxor	%ymm15, %ymm0, %ymm10
+        vpxor	-64(%rdi), %ymm4, %ymm14
+        vpxor	-32(%rdi), %ymm1, %ymm11
+        vpxor	(%rdi), %ymm3, %ymm13
+        vpxor	32(%rdi), %ymm2, %ymm12
+        vpxor	64(%rdi), %ymm14, %ymm14
+        vpxor	96(%rdi), %ymm11, %ymm11
+        vpxor	128(%rdi), %ymm13, %ymm13
+        vpxor	-64(%rax), %ymm14, %ymm14
+        vpxor	-32(%rax), %ymm11, %ymm11
+        vpxor	32(%rax), %ymm10, %ymm10
+        vpxor	64(%rax), %ymm12, %ymm12
+        vpxor	128(%rax), %ymm13, %ymm13
+        vpxor	-96(%rcx), %ymm10, %ymm10
+        vpxor	-64(%rcx), %ymm12, %ymm12
+        vpxor	-32(%rcx), %ymm14, %ymm14
+        vpxor	(%rcx), %ymm13, %ymm13
+        vpxor	32(%rcx), %ymm10, %ymm10
+        vpxor	64(%rcx), %ymm12, %ymm12
+        vpxor	128(%rcx), %ymm11, %ymm11
+        # Calc t[0..4]
+        vpsrlq	$63, %ymm11, %ymm0
+        vpsrlq	$63, %ymm12, %ymm1
+        vpsrlq	$63, %ymm13, %ymm2
+        vpsrlq	$63, %ymm14, %ymm3
+        vpsrlq	$63, %ymm10, %ymm4
+        vpaddq	%ymm11, %ymm11, %ymm5
+        vpaddq	%ymm12, %ymm12, %ymm6
+        vpaddq	%ymm13, %ymm13, %ymm7
+        vpaddq	%ymm14, %ymm14, %ymm8
+        vpaddq	%ymm10, %ymm10, %ymm9
+        vpor	%ymm0, %ymm5, %ymm5
+        vpor	%ymm1, %ymm6, %ymm6
+        vpor	%ymm2, %ymm7, %ymm7
+        vpor	%ymm3, %ymm8, %ymm8
+        vpor	%ymm4, %ymm9, %ymm9
+        vpxor	%ymm14, %ymm5, %ymm5
+        vpxor	%ymm10, %ymm6, %ymm6
+        vpxor	%ymm11, %ymm7, %ymm7
+        vpxor	%ymm12, %ymm8, %ymm8
+        vpxor	%ymm13, %ymm9, %ymm9
+        # Row Mix
+        # Row 0
+        vpxor	%ymm15, %ymm5, %ymm10
+        vpxor	96(%rdi), %ymm6, %ymm11
+        vpxor	64(%rax), %ymm7, %ymm12
+        vpxor	128(%rax), %ymm8, %ymm13
+        vpxor	96(%rcx), %ymm9, %ymm14
+        vpsrlq	$20, %ymm11, %ymm0
+        vpsrlq	$21, %ymm12, %ymm1
+        vpsrlq	$43, %ymm13, %ymm2
+        vpsrlq	$50, %ymm14, %ymm3
+        vpsllq	$44, %ymm11, %ymm11
+        vpsllq	$43, %ymm12, %ymm12
+        vpsllq	$21, %ymm13, %ymm13
+        vpsllq	$14, %ymm14, %ymm14
+        vpor	%ymm0, %ymm11, %ymm11
+        vpor	%ymm1, %ymm12, %ymm12
+        vpor	%ymm2, %ymm13, %ymm13
+        vpor	%ymm3, %ymm14, %ymm14
+        vpandn	%ymm12, %ymm11, %ymm15
+        vpandn	%ymm13, %ymm12, %ymm1
+        vpandn	%ymm14, %ymm13, %ymm2
+        vpandn	%ymm10, %ymm14, %ymm3
+        vpandn	%ymm11, %ymm10, %ymm4
+        vpxor	%ymm10, %ymm15, %ymm15
+        vpxor	%ymm11, %ymm1, %ymm1
+        vpxor	%ymm12, %ymm2, %ymm2
+        # XOR in constant
+        vpxor	672(%rdx), %ymm15, %ymm15
+        vpxor	%ymm13, %ymm3, %ymm3
+        vpxor	%ymm14, %ymm4, %ymm4
+        vmovdqu	%ymm1, 96(%rdi)
+        vmovdqu	%ymm2, 64(%rax)
+        vmovdqu	%ymm3, 128(%rax)
+        vmovdqu	%ymm4, 96(%rcx)
+        # Row 1
+        vpxor	128(%rdi), %ymm8, %ymm10
+        vpxor	-64(%rax), %ymm9, %ymm11
+        vpxor	-96(%rcx), %ymm5, %ymm12
+        vpxor	128(%rcx), %ymm6, %ymm13
+        vpxor	-96(%rdi), %ymm7, %ymm14
+        vpsrlq	$36, %ymm10, %ymm0
+        vpsrlq	$44, %ymm11, %ymm1
+        vpsrlq	$61, %ymm12, %ymm2
+        vpsrlq	$19, %ymm13, %ymm3
+        vpsrlq	$3, %ymm14, %ymm4
+        vpsllq	$28, %ymm10, %ymm10
+        vpsllq	$20, %ymm11, %ymm11
+        vpsllq	$3, %ymm12, %ymm12
+        vpsllq	$45, %ymm13, %ymm13
+        vpsllq	$61, %ymm14, %ymm14
+        vpor	%ymm0, %ymm10, %ymm10
+        vpor	%ymm1, %ymm11, %ymm11
+        vpor	%ymm2, %ymm12, %ymm12
+        vpor	%ymm3, %ymm13, %ymm13
+        vpor	%ymm4, %ymm14, %ymm14
+        vpandn	%ymm12, %ymm11, %ymm0
+        vpandn	%ymm13, %ymm12, %ymm1
+        vpandn	%ymm14, %ymm13, %ymm2
+        vpandn	%ymm10, %ymm14, %ymm3
+        vpandn	%ymm11, %ymm10, %ymm4
+        vpxor	%ymm10, %ymm0, %ymm0
+        vpxor	%ymm11, %ymm1, %ymm1
+        vpxor	%ymm12, %ymm2, %ymm2
+        vpxor	%ymm13, %ymm3, %ymm3
+        vpxor	%ymm14, %ymm4, %ymm4
+        vmovdqu	%ymm0, 128(%rdi)
+        vmovdqu	%ymm1, -64(%rax)
+        vmovdqu	%ymm2, -96(%rcx)
+        vmovdqu	%ymm3, 128(%rcx)
+        vmovdqu	%ymm4, -96(%rdi)
+        # Row 2
+        vpxor	-32(%rax), %ymm6, %ymm10
+        vpxor	-64(%rcx), %ymm7, %ymm11
+        vpxor	(%rcx), %ymm8, %ymm12
+        vpxor	-64(%rdi), %ymm9, %ymm13
+        vpxor	-96(%rax), %ymm5, %ymm14
+        vpsrlq	$63, %ymm10, %ymm0
+        vpsrlq	$58, %ymm11, %ymm1
+        vpsrlq	$39, %ymm12, %ymm2
+        vpsrlq	$56, %ymm13, %ymm3
+        vpsrlq	$46, %ymm14, %ymm4
+        vpaddq	%ymm10, %ymm10, %ymm10
+        vpsllq	$6, %ymm11, %ymm11
+        vpsllq	$25, %ymm12, %ymm12
+        vpsllq	$8, %ymm13, %ymm13
+        vpsllq	$18, %ymm14, %ymm14
+        vpor	%ymm0, %ymm10, %ymm10
+        vpor	%ymm1, %ymm11, %ymm11
+        vpor	%ymm2, %ymm12, %ymm12
+        vpor	%ymm3, %ymm13, %ymm13
+        vpor	%ymm4, %ymm14, %ymm14
+        vpandn	%ymm12, %ymm11, %ymm0
+        vpandn	%ymm13, %ymm12, %ymm1
+        vpandn	%ymm14, %ymm13, %ymm2
+        vpandn	%ymm10, %ymm14, %ymm3
+        vpandn	%ymm11, %ymm10, %ymm4
+        vpxor	%ymm10, %ymm0, %ymm0
+        vpxor	%ymm11, %ymm1, %ymm1
+        vpxor	%ymm12, %ymm2, %ymm2
+        vpxor	%ymm13, %ymm3, %ymm3
+        vpxor	%ymm14, %ymm4, %ymm4
+        vmovdqu	%ymm0, -32(%rax)
+        vmovdqu	%ymm1, -64(%rcx)
+        vmovdqu	%ymm2, (%rcx)
+        vmovdqu	%ymm3, -64(%rdi)
+        vmovdqu	%ymm4, -96(%rax)
+        # Row 3
+        vpxor	-32(%rcx), %ymm9, %ymm10
+        vpxor	32(%rcx), %ymm5, %ymm11
+        vpxor	-32(%rdi), %ymm6, %ymm12
+        vpxor	32(%rdi), %ymm7, %ymm13
+        vpxor	(%rax), %ymm8, %ymm14
+        vpsrlq	$37, %ymm10, %ymm0
+        vpsrlq	$28, %ymm11, %ymm1
+        vpsrlq	$54, %ymm12, %ymm2
+        vpsrlq	$49, %ymm13, %ymm3
+        vpsrlq	$8, %ymm14, %ymm4
+        vpsllq	$27, %ymm10, %ymm10
+        vpsllq	$36, %ymm11, %ymm11
+        vpsllq	$10, %ymm12, %ymm12
+        vpsllq	$15, %ymm13, %ymm13
+        vpsllq	$56, %ymm14, %ymm14
+        vpor	%ymm0, %ymm10, %ymm10
+        vpor	%ymm1, %ymm11, %ymm11
+        vpor	%ymm2, %ymm12, %ymm12
+        vpor	%ymm3, %ymm13, %ymm13
+        vpor	%ymm4, %ymm14, %ymm14
+        vpandn	%ymm12, %ymm11, %ymm0
+        vpandn	%ymm13, %ymm12, %ymm1
+        vpandn	%ymm14, %ymm13, %ymm2
+        vpandn	%ymm10, %ymm14, %ymm3
+        vpandn	%ymm11, %ymm10, %ymm4
+        vpxor	%ymm10, %ymm0, %ymm0
+        vpxor	%ymm11, %ymm1, %ymm1
+        vpxor	%ymm12, %ymm2, %ymm2
+        vpxor	%ymm13, %ymm3, %ymm3
+        vpxor	%ymm14, %ymm4, %ymm4
+        vmovdqu	%ymm0, -32(%rcx)
+        vmovdqu	%ymm1, 32(%rcx)
+        vmovdqu	%ymm2, -32(%rdi)
+        vmovdqu	%ymm3, 32(%rdi)
+        vmovdqu	%ymm4, (%rax)
+        # Row 4
+        vpxor	64(%rcx), %ymm7, %ymm10
+        vpxor	(%rdi), %ymm8, %ymm11
+        vpxor	64(%rdi), %ymm9, %ymm12
+        vpxor	32(%rax), %ymm5, %ymm13
+        vpxor	96(%rax), %ymm6, %ymm14
+        vpsrlq	$2, %ymm10, %ymm0
+        vpsrlq	$9, %ymm11, %ymm1
+        vpsrlq	$25, %ymm12, %ymm2
+        vpsrlq	$23, %ymm13, %ymm3
+        vpsrlq	$62, %ymm14, %ymm4
+        vpsllq	$62, %ymm10, %ymm10
+        vpsllq	$55, %ymm11, %ymm11
+        vpsllq	$39, %ymm12, %ymm12
+        vpsllq	$41, %ymm13, %ymm13
+        vpsllq	$2, %ymm14, %ymm14
+        vpor	%ymm0, %ymm10, %ymm10
+        vpor	%ymm1, %ymm11, %ymm11
+        vpor	%ymm2, %ymm12, %ymm12
+        vpor	%ymm3, %ymm13, %ymm13
+        vpor	%ymm4, %ymm14, %ymm14
+        vpandn	%ymm12, %ymm11, %ymm0
+        vpandn	%ymm13, %ymm12, %ymm1
+        vpandn	%ymm14, %ymm13, %ymm2
+        vpandn	%ymm10, %ymm14, %ymm3
+        vpandn	%ymm11, %ymm10, %ymm4
+        vpxor	%ymm10, %ymm0, %ymm0
+        vpxor	%ymm11, %ymm1, %ymm1
+        vpxor	%ymm12, %ymm2, %ymm2
+        vpxor	%ymm13, %ymm3, %ymm3
+        vpxor	%ymm14, %ymm4, %ymm4
+        vmovdqu	%ymm0, 64(%rcx)
+        vmovdqu	%ymm1, (%rdi)
+        vmovdqu	%ymm2, 64(%rdi)
+        vmovdqu	%ymm3, 32(%rax)
+        vmovdqu	%ymm4, 96(%rax)
+        # Round 22
+        # Calc b[0..4]
+        vpxor	%ymm15, %ymm0, %ymm10
+        vpxor	-96(%rdi), %ymm4, %ymm14
+        vpxor	-64(%rdi), %ymm3, %ymm13
+        vpxor	-32(%rdi), %ymm2, %ymm12
+        vpxor	32(%rdi), %ymm13, %ymm13
+        vpxor	96(%rdi), %ymm1, %ymm11
+        vpxor	128(%rdi), %ymm10, %ymm10
+        vpxor	-96(%rax), %ymm14, %ymm14
+        vpxor	-64(%rax), %ymm11, %ymm11
+        vpxor	-32(%rax), %ymm10, %ymm10
+        vpxor	(%rax), %ymm14, %ymm14
+        vpxor	64(%rax), %ymm12, %ymm12
+        vpxor	128(%rax), %ymm13, %ymm13
+        vpxor	-96(%rcx), %ymm12, %ymm12
+        vpxor	-64(%rcx), %ymm11, %ymm11
+        vpxor	-32(%rcx), %ymm10, %ymm10
+        vpxor	(%rcx), %ymm12, %ymm12
+        vpxor	32(%rcx), %ymm11, %ymm11
+        vpxor	96(%rcx), %ymm14, %ymm14
+        vpxor	128(%rcx), %ymm13, %ymm13
+        # Calc t[0..4]
+        vpsrlq	$63, %ymm11, %ymm0
+        vpsrlq	$63, %ymm12, %ymm1
+        vpsrlq	$63, %ymm13, %ymm2
+        vpsrlq	$63, %ymm14, %ymm3
+        vpsrlq	$63, %ymm10, %ymm4
+        vpaddq	%ymm11, %ymm11, %ymm5
+        vpaddq	%ymm12, %ymm12, %ymm6
+        vpaddq	%ymm13, %ymm13, %ymm7
+        vpaddq	%ymm14, %ymm14, %ymm8
+        vpaddq	%ymm10, %ymm10, %ymm9
+        vpor	%ymm0, %ymm5, %ymm5
+        vpor	%ymm1, %ymm6, %ymm6
+        vpor	%ymm2, %ymm7, %ymm7
+        vpor	%ymm3, %ymm8, %ymm8
+        vpor	%ymm4, %ymm9, %ymm9
+        vpxor	%ymm14, %ymm5, %ymm5
+        vpxor	%ymm10, %ymm6, %ymm6
+        vpxor	%ymm11, %ymm7, %ymm7
+        vpxor	%ymm12, %ymm8, %ymm8
+        vpxor	%ymm13, %ymm9, %ymm9
+        # Row Mix
+        # Row 0
+        vpxor	%ymm15, %ymm5, %ymm10
+        vpxor	-64(%rax), %ymm6, %ymm11
+        vpxor	(%rcx), %ymm7, %ymm12
+        vpxor	32(%rdi), %ymm8, %ymm13
+        vpxor	96(%rax), %ymm9, %ymm14
+        vpsrlq	$20, %ymm11, %ymm0
+        vpsrlq	$21, %ymm12, %ymm1
+        vpsrlq	$43, %ymm13, %ymm2
+        vpsrlq	$50, %ymm14, %ymm3
+        vpsllq	$44, %ymm11, %ymm11
+        vpsllq	$43, %ymm12, %ymm12
+        vpsllq	$21, %ymm13, %ymm13
+        vpsllq	$14, %ymm14, %ymm14
+        vpor	%ymm0, %ymm11, %ymm11
+        vpor	%ymm1, %ymm12, %ymm12
+        vpor	%ymm2, %ymm13, %ymm13
+        vpor	%ymm3, %ymm14, %ymm14
+        vpandn	%ymm12, %ymm11, %ymm15
+        vpandn	%ymm13, %ymm12, %ymm1
+        vpandn	%ymm14, %ymm13, %ymm2
+        vpandn	%ymm10, %ymm14, %ymm3
+        vpandn	%ymm11, %ymm10, %ymm4
+        vpxor	%ymm10, %ymm15, %ymm15
+        vpxor	%ymm11, %ymm1, %ymm1
+        vpxor	%ymm12, %ymm2, %ymm2
+        # XOR in constant
+        vpxor	704(%rdx), %ymm15, %ymm15
+        vpxor	%ymm13, %ymm3, %ymm3
+        vpxor	%ymm14, %ymm4, %ymm4
+        vmovdqu	%ymm1, -64(%rax)
+        vmovdqu	%ymm2, (%rcx)
+        vmovdqu	%ymm3, 32(%rdi)
+        vmovdqu	%ymm4, 96(%rax)
+        # Row 1
+        vpxor	128(%rax), %ymm8, %ymm10
+        vpxor	-96(%rdi), %ymm9, %ymm11
+        vpxor	-32(%rax), %ymm5, %ymm12
+        vpxor	32(%rcx), %ymm6, %ymm13
+        vpxor	64(%rdi), %ymm7, %ymm14
+        vpsrlq	$36, %ymm10, %ymm0
+        vpsrlq	$44, %ymm11, %ymm1
+        vpsrlq	$61, %ymm12, %ymm2
+        vpsrlq	$19, %ymm13, %ymm3
+        vpsrlq	$3, %ymm14, %ymm4
+        vpsllq	$28, %ymm10, %ymm10
+        vpsllq	$20, %ymm11, %ymm11
+        vpsllq	$3, %ymm12, %ymm12
+        vpsllq	$45, %ymm13, %ymm13
+        vpsllq	$61, %ymm14, %ymm14
+        vpor	%ymm0, %ymm10, %ymm10
+        vpor	%ymm1, %ymm11, %ymm11
+        vpor	%ymm2, %ymm12, %ymm12
+        vpor	%ymm3, %ymm13, %ymm13
+        vpor	%ymm4, %ymm14, %ymm14
+        vpandn	%ymm12, %ymm11, %ymm0
+        vpandn	%ymm13, %ymm12, %ymm1
+        vpandn	%ymm14, %ymm13, %ymm2
+        vpandn	%ymm10, %ymm14, %ymm3
+        vpandn	%ymm11, %ymm10, %ymm4
+        vpxor	%ymm10, %ymm0, %ymm0
+        vpxor	%ymm11, %ymm1, %ymm1
+        vpxor	%ymm12, %ymm2, %ymm2
+        vpxor	%ymm13, %ymm3, %ymm3
+        vpxor	%ymm14, %ymm4, %ymm4
+        vmovdqu	%ymm0, 128(%rax)
+        vmovdqu	%ymm1, -96(%rdi)
+        vmovdqu	%ymm2, -32(%rax)
+        vmovdqu	%ymm3, 32(%rcx)
+        vmovdqu	%ymm4, 64(%rdi)
+        # Row 2
+        vpxor	96(%rdi), %ymm6, %ymm10
+        vpxor	-96(%rcx), %ymm7, %ymm11
+        vpxor	-64(%rdi), %ymm8, %ymm12
+        vpxor	(%rax), %ymm9, %ymm13
+        vpxor	64(%rcx), %ymm5, %ymm14
+        vpsrlq	$63, %ymm10, %ymm0
+        vpsrlq	$58, %ymm11, %ymm1
+        vpsrlq	$39, %ymm12, %ymm2
+        vpsrlq	$56, %ymm13, %ymm3
+        vpsrlq	$46, %ymm14, %ymm4
+        vpaddq	%ymm10, %ymm10, %ymm10
+        vpsllq	$6, %ymm11, %ymm11
+        vpsllq	$25, %ymm12, %ymm12
+        vpsllq	$8, %ymm13, %ymm13
+        vpsllq	$18, %ymm14, %ymm14
+        vpor	%ymm0, %ymm10, %ymm10
+        vpor	%ymm1, %ymm11, %ymm11
+        vpor	%ymm2, %ymm12, %ymm12
+        vpor	%ymm3, %ymm13, %ymm13
+        vpor	%ymm4, %ymm14, %ymm14
+        vpandn	%ymm12, %ymm11, %ymm0
+        vpandn	%ymm13, %ymm12, %ymm1
+        vpandn	%ymm14, %ymm13, %ymm2
+        vpandn	%ymm10, %ymm14, %ymm3
+        vpandn	%ymm11, %ymm10, %ymm4
+        vpxor	%ymm10, %ymm0, %ymm0
+        vpxor	%ymm11, %ymm1, %ymm1
+        vpxor	%ymm12, %ymm2, %ymm2
+        vpxor	%ymm13, %ymm3, %ymm3
+        vpxor	%ymm14, %ymm4, %ymm4
+        vmovdqu	%ymm0, 96(%rdi)
+        vmovdqu	%ymm1, -96(%rcx)
+        vmovdqu	%ymm2, -64(%rdi)
+        vmovdqu	%ymm3, (%rax)
+        vmovdqu	%ymm4, 64(%rcx)
+        # Row 3
+        vpxor	96(%rcx), %ymm9, %ymm10
+        vpxor	128(%rdi), %ymm5, %ymm11
+        vpxor	-64(%rcx), %ymm6, %ymm12
+        vpxor	-32(%rdi), %ymm7, %ymm13
+        vpxor	32(%rax), %ymm8, %ymm14
+        vpsrlq	$37, %ymm10, %ymm0
+        vpsrlq	$28, %ymm11, %ymm1
+        vpsrlq	$54, %ymm12, %ymm2
+        vpsrlq	$49, %ymm13, %ymm3
+        vpsrlq	$8, %ymm14, %ymm4
+        vpsllq	$27, %ymm10, %ymm10
+        vpsllq	$36, %ymm11, %ymm11
+        vpsllq	$10, %ymm12, %ymm12
+        vpsllq	$15, %ymm13, %ymm13
+        vpsllq	$56, %ymm14, %ymm14
+        vpor	%ymm0, %ymm10, %ymm10
+        vpor	%ymm1, %ymm11, %ymm11
+        vpor	%ymm2, %ymm12, %ymm12
+        vpor	%ymm3, %ymm13, %ymm13
+        vpor	%ymm4, %ymm14, %ymm14
+        vpandn	%ymm12, %ymm11, %ymm0
+        vpandn	%ymm13, %ymm12, %ymm1
+        vpandn	%ymm14, %ymm13, %ymm2
+        vpandn	%ymm10, %ymm14, %ymm3
+        vpandn	%ymm11, %ymm10, %ymm4
+        vpxor	%ymm10, %ymm0, %ymm0
+        vpxor	%ymm11, %ymm1, %ymm1
+        vpxor	%ymm12, %ymm2, %ymm2
+        vpxor	%ymm13, %ymm3, %ymm3
+        vpxor	%ymm14, %ymm4, %ymm4
+        vmovdqu	%ymm0, 96(%rcx)
+        vmovdqu	%ymm1, 128(%rdi)
+        vmovdqu	%ymm2, -64(%rcx)
+        vmovdqu	%ymm3, -32(%rdi)
+        vmovdqu	%ymm4, 32(%rax)
+        # Row 4
+        vpxor	64(%rax), %ymm7, %ymm10
+        vpxor	128(%rcx), %ymm8, %ymm11
+        vpxor	-96(%rax), %ymm9, %ymm12
+        vpxor	-32(%rcx), %ymm5, %ymm13
+        vpxor	(%rdi), %ymm6, %ymm14
+        vpsrlq	$2, %ymm10, %ymm0
+        vpsrlq	$9, %ymm11, %ymm1
+        vpsrlq	$25, %ymm12, %ymm2
+        vpsrlq	$23, %ymm13, %ymm3
+        vpsrlq	$62, %ymm14, %ymm4
+        vpsllq	$62, %ymm10, %ymm10
+        vpsllq	$55, %ymm11, %ymm11
+        vpsllq	$39, %ymm12, %ymm12
+        vpsllq	$41, %ymm13, %ymm13
+        vpsllq	$2, %ymm14, %ymm14
+        vpor	%ymm0, %ymm10, %ymm10
+        vpor	%ymm1, %ymm11, %ymm11
+        vpor	%ymm2, %ymm12, %ymm12
+        vpor	%ymm3, %ymm13, %ymm13
+        vpor	%ymm4, %ymm14, %ymm14
+        vpandn	%ymm12, %ymm11, %ymm0
+        vpandn	%ymm13, %ymm12, %ymm1
+        vpandn	%ymm14, %ymm13, %ymm2
+        vpandn	%ymm10, %ymm14, %ymm3
+        vpandn	%ymm11, %ymm10, %ymm4
+        vpxor	%ymm10, %ymm0, %ymm0
+        vpxor	%ymm11, %ymm1, %ymm1
+        vpxor	%ymm12, %ymm2, %ymm2
+        vpxor	%ymm13, %ymm3, %ymm3
+        vpxor	%ymm14, %ymm4, %ymm4
+        vmovdqu	%ymm0, 64(%rax)
+        vmovdqu	%ymm1, 128(%rcx)
+        vmovdqu	%ymm2, -96(%rax)
+        vmovdqu	%ymm3, -32(%rcx)
+        vmovdqu	%ymm4, (%rdi)
+        # Round 23
+        # Calc b[0..4]
+        vpxor	%ymm15, %ymm0, %ymm10
+        vpxor	-96(%rdi), %ymm1, %ymm11
+        vpxor	-64(%rdi), %ymm2, %ymm12
+        vpxor	-32(%rdi), %ymm3, %ymm13
+        vpxor	32(%rdi), %ymm13, %ymm13
+        vpxor	64(%rdi), %ymm4, %ymm14
+        vpxor	96(%rdi), %ymm10, %ymm10
+        vpxor	128(%rdi), %ymm11, %ymm11
+        vpxor	-64(%rax), %ymm11, %ymm11
+        vpxor	-32(%rax), %ymm12, %ymm12
+        vpxor	(%rax), %ymm13, %ymm13
+        vpxor	32(%rax), %ymm14, %ymm14
+        vpxor	96(%rax), %ymm14, %ymm14
+        vpxor	128(%rax), %ymm10, %ymm10
+        vpxor	-96(%rcx), %ymm11, %ymm11
+        vpxor	-64(%rcx), %ymm12, %ymm12
+        vpxor	(%rcx), %ymm12, %ymm12
+        vpxor	32(%rcx), %ymm13, %ymm13
+        vpxor	64(%rcx), %ymm14, %ymm14
+        vpxor	96(%rcx), %ymm10, %ymm10
+        # Calc t[0..4]
+        vpsrlq	$63, %ymm11, %ymm0
+        vpsrlq	$63, %ymm12, %ymm1
+        vpsrlq	$63, %ymm13, %ymm2
+        vpsrlq	$63, %ymm14, %ymm3
+        vpsrlq	$63, %ymm10, %ymm4
+        vpaddq	%ymm11, %ymm11, %ymm5
+        vpaddq	%ymm12, %ymm12, %ymm6
+        vpaddq	%ymm13, %ymm13, %ymm7
+        vpaddq	%ymm14, %ymm14, %ymm8
+        vpaddq	%ymm10, %ymm10, %ymm9
+        vpor	%ymm0, %ymm5, %ymm5
+        vpor	%ymm1, %ymm6, %ymm6
+        vpor	%ymm2, %ymm7, %ymm7
+        vpor	%ymm3, %ymm8, %ymm8
+        vpor	%ymm4, %ymm9, %ymm9
+        vpxor	%ymm14, %ymm5, %ymm5
+        vpxor	%ymm10, %ymm6, %ymm6
+        vpxor	%ymm11, %ymm7, %ymm7
+        vpxor	%ymm12, %ymm8, %ymm8
+        vpxor	%ymm13, %ymm9, %ymm9
+        # Row Mix
+        # Row 0
+        vpxor	%ymm15, %ymm5, %ymm10
+        vpxor	-96(%rdi), %ymm6, %ymm11
+        vpxor	-64(%rdi), %ymm7, %ymm12
+        vpxor	-32(%rdi), %ymm8, %ymm13
+        vpxor	(%rdi), %ymm9, %ymm14
+        vpsrlq	$20, %ymm11, %ymm0
+        vpsrlq	$21, %ymm12, %ymm1
+        vpsrlq	$43, %ymm13, %ymm2
+        vpsrlq	$50, %ymm14, %ymm3
+        vpsllq	$44, %ymm11, %ymm11
+        vpsllq	$43, %ymm12, %ymm12
+        vpsllq	$21, %ymm13, %ymm13
+        vpsllq	$14, %ymm14, %ymm14
+        vpor	%ymm0, %ymm11, %ymm11
+        vpor	%ymm1, %ymm12, %ymm12
+        vpor	%ymm2, %ymm13, %ymm13
+        vpor	%ymm3, %ymm14, %ymm14
+        vpandn	%ymm12, %ymm11, %ymm15
+        vpandn	%ymm13, %ymm12, %ymm1
+        vpandn	%ymm14, %ymm13, %ymm2
+        vpandn	%ymm10, %ymm14, %ymm3
+        vpandn	%ymm11, %ymm10, %ymm4
+        vpxor	%ymm10, %ymm15, %ymm15
+        vpxor	%ymm11, %ymm1, %ymm1
+        vpxor	%ymm12, %ymm2, %ymm2
+        # XOR in constant
+        vpxor	736(%rdx), %ymm15, %ymm15
+        vpxor	%ymm13, %ymm3, %ymm3
+        vpxor	%ymm14, %ymm4, %ymm4
+        vmovdqu	%ymm1, -96(%rdi)
+        vmovdqu	%ymm2, -64(%rdi)
+        vmovdqu	%ymm3, -32(%rdi)
+        vmovdqu	%ymm4, (%rdi)
+        # Row 1
+        vpxor	32(%rdi), %ymm8, %ymm10
+        vpxor	64(%rdi), %ymm9, %ymm11
+        vpxor	96(%rdi), %ymm5, %ymm12
+        vpxor	128(%rdi), %ymm6, %ymm13
+        vpxor	-96(%rax), %ymm7, %ymm14
+        vpsrlq	$36, %ymm10, %ymm0
+        vpsrlq	$44, %ymm11, %ymm1
+        vpsrlq	$61, %ymm12, %ymm2
+        vpsrlq	$19, %ymm13, %ymm3
+        vpsrlq	$3, %ymm14, %ymm4
+        vpsllq	$28, %ymm10, %ymm10
+        vpsllq	$20, %ymm11, %ymm11
+        vpsllq	$3, %ymm12, %ymm12
+        vpsllq	$45, %ymm13, %ymm13
+        vpsllq	$61, %ymm14, %ymm14
+        vpor	%ymm0, %ymm10, %ymm10
+        vpor	%ymm1, %ymm11, %ymm11
+        vpor	%ymm2, %ymm12, %ymm12
+        vpor	%ymm3, %ymm13, %ymm13
+        vpor	%ymm4, %ymm14, %ymm14
+        vpandn	%ymm12, %ymm11, %ymm0
+        vpandn	%ymm13, %ymm12, %ymm1
+        vpandn	%ymm14, %ymm13, %ymm2
+        vpandn	%ymm10, %ymm14, %ymm3
+        vpandn	%ymm11, %ymm10, %ymm4
+        vpxor	%ymm10, %ymm0, %ymm0
+        vpxor	%ymm11, %ymm1, %ymm1
+        vpxor	%ymm12, %ymm2, %ymm2
+        vpxor	%ymm13, %ymm3, %ymm3
+        vpxor	%ymm14, %ymm4, %ymm4
+        vmovdqu	%ymm0, 32(%rdi)
+        vmovdqu	%ymm1, 64(%rdi)
+        vmovdqu	%ymm2, 96(%rdi)
+        vmovdqu	%ymm3, 128(%rdi)
+        vmovdqu	%ymm4, -96(%rax)
+        # Row 2
+        vpxor	-64(%rax), %ymm6, %ymm10
+        vpxor	-32(%rax), %ymm7, %ymm11
+        vpxor	(%rax), %ymm8, %ymm12
+        vpxor	32(%rax), %ymm9, %ymm13
+        vpxor	64(%rax), %ymm5, %ymm14
+        vpsrlq	$63, %ymm10, %ymm0
+        vpsrlq	$58, %ymm11, %ymm1
+        vpsrlq	$39, %ymm12, %ymm2
+        vpsrlq	$56, %ymm13, %ymm3
+        vpsrlq	$46, %ymm14, %ymm4
+        vpaddq	%ymm10, %ymm10, %ymm10
+        vpsllq	$6, %ymm11, %ymm11
+        vpsllq	$25, %ymm12, %ymm12
+        vpsllq	$8, %ymm13, %ymm13
+        vpsllq	$18, %ymm14, %ymm14
+        vpor	%ymm0, %ymm10, %ymm10
+        vpor	%ymm1, %ymm11, %ymm11
+        vpor	%ymm2, %ymm12, %ymm12
+        vpor	%ymm3, %ymm13, %ymm13
+        vpor	%ymm4, %ymm14, %ymm14
+        vpandn	%ymm12, %ymm11, %ymm0
+        vpandn	%ymm13, %ymm12, %ymm1
+        vpandn	%ymm14, %ymm13, %ymm2
+        vpandn	%ymm10, %ymm14, %ymm3
+        vpandn	%ymm11, %ymm10, %ymm4
+        vpxor	%ymm10, %ymm0, %ymm0
+        vpxor	%ymm11, %ymm1, %ymm1
+        vpxor	%ymm12, %ymm2, %ymm2
+        vpxor	%ymm13, %ymm3, %ymm3
+        vpxor	%ymm14, %ymm4, %ymm4
+        vmovdqu	%ymm0, -64(%rax)
+        vmovdqu	%ymm1, -32(%rax)
+        vmovdqu	%ymm2, (%rax)
+        vmovdqu	%ymm3, 32(%rax)
+        vmovdqu	%ymm4, 64(%rax)
+        # Row 3
+        vpxor	96(%rax), %ymm9, %ymm10
+        vpxor	128(%rax), %ymm5, %ymm11
+        vpxor	-96(%rcx), %ymm6, %ymm12
+        vpxor	-64(%rcx), %ymm7, %ymm13
+        vpxor	-32(%rcx), %ymm8, %ymm14
+        vpsrlq	$37, %ymm10, %ymm0
+        vpsrlq	$28, %ymm11, %ymm1
+        vpsrlq	$54, %ymm12, %ymm2
+        vpsrlq	$49, %ymm13, %ymm3
+        vpsrlq	$8, %ymm14, %ymm4
+        vpsllq	$27, %ymm10, %ymm10
+        vpsllq	$36, %ymm11, %ymm11
+        vpsllq	$10, %ymm12, %ymm12
+        vpsllq	$15, %ymm13, %ymm13
+        vpsllq	$56, %ymm14, %ymm14
+        vpor	%ymm0, %ymm10, %ymm10
+        vpor	%ymm1, %ymm11, %ymm11
+        vpor	%ymm2, %ymm12, %ymm12
+        vpor	%ymm3, %ymm13, %ymm13
+        vpor	%ymm4, %ymm14, %ymm14
+        vpandn	%ymm12, %ymm11, %ymm0
+        vpandn	%ymm13, %ymm12, %ymm1
+        vpandn	%ymm14, %ymm13, %ymm2
+        vpandn	%ymm10, %ymm14, %ymm3
+        vpandn	%ymm11, %ymm10, %ymm4
+        vpxor	%ymm10, %ymm0, %ymm0
+        vpxor	%ymm11, %ymm1, %ymm1
+        vpxor	%ymm12, %ymm2, %ymm2
+        vpxor	%ymm13, %ymm3, %ymm3
+        vpxor	%ymm14, %ymm4, %ymm4
+        vmovdqu	%ymm0, 96(%rax)
+        vmovdqu	%ymm1, 128(%rax)
+        vmovdqu	%ymm2, -96(%rcx)
+        vmovdqu	%ymm3, -64(%rcx)
+        vmovdqu	%ymm4, -32(%rcx)
+        # Row 4
+        vpxor	(%rcx), %ymm7, %ymm10
+        vpxor	32(%rcx), %ymm8, %ymm11
+        vpxor	64(%rcx), %ymm9, %ymm12
+        vpxor	96(%rcx), %ymm5, %ymm13
+        vpxor	128(%rcx), %ymm6, %ymm14
+        vpsrlq	$2, %ymm10, %ymm0
+        vpsrlq	$9, %ymm11, %ymm1
+        vpsrlq	$25, %ymm12, %ymm2
+        vpsrlq	$23, %ymm13, %ymm3
+        vpsrlq	$62, %ymm14, %ymm4
+        vpsllq	$62, %ymm10, %ymm10
+        vpsllq	$55, %ymm11, %ymm11
+        vpsllq	$39, %ymm12, %ymm12
+        vpsllq	$41, %ymm13, %ymm13
+        vpsllq	$2, %ymm14, %ymm14
+        vpor	%ymm0, %ymm10, %ymm10
+        vpor	%ymm1, %ymm11, %ymm11
+        vpor	%ymm2, %ymm12, %ymm12
+        vpor	%ymm3, %ymm13, %ymm13
+        vpor	%ymm4, %ymm14, %ymm14
+        vpandn	%ymm12, %ymm11, %ymm0
+        vpandn	%ymm13, %ymm12, %ymm1
+        vpandn	%ymm14, %ymm13, %ymm2
+        vpandn	%ymm10, %ymm14, %ymm3
+        vpandn	%ymm11, %ymm10, %ymm4
+        vpxor	%ymm10, %ymm0, %ymm0
+        vpxor	%ymm11, %ymm1, %ymm1
+        vpxor	%ymm12, %ymm2, %ymm2
+        vpxor	%ymm13, %ymm3, %ymm3
+        vpxor	%ymm14, %ymm4, %ymm4
+        vmovdqu	%ymm0, (%rcx)
+        vmovdqu	%ymm1, 32(%rcx)
+        vmovdqu	%ymm2, 64(%rcx)
+        vmovdqu	%ymm3, 96(%rcx)
+        vmovdqu	%ymm4, 128(%rcx)
+        subq	$0x80, %rdi
+        vmovdqu	%ymm15, (%rdi)
+        vzeroupper
+        repz retq
+#ifndef __APPLE__
+.size	sha3_128_blocksx4_seed_avx2,.-sha3_128_blocksx4_seed_avx2
+#endif /* __APPLE__ */
+#endif /* defined(WOLFSSL_WC_MLKEM) || defined(WOLFSSL_WC_DILITHIUM) */
+#ifdef WOLFSSL_WC_MLKEM
+#ifndef __APPLE__
+.data
+#else
+.section	__DATA,__data
+#endif /* __APPLE__ */
+#ifndef __APPLE__
+.align	32
+#else
+.p2align	5
+#endif /* __APPLE__ */
+L_sha3_256_blockx4_seed_avx2_end_mark:
+.quad	0x8000000000000000, 0x8000000000000000
+.quad	0x8000000000000000, 0x8000000000000000
+#ifndef __APPLE__
+.text
+.globl	sha3_256_blocksx4_seed_avx2
+.type	sha3_256_blocksx4_seed_avx2,@function
+.align	16
+sha3_256_blocksx4_seed_avx2:
+#else
+.section	__TEXT,__text
+.globl	_sha3_256_blocksx4_seed_avx2
+.p2align	4
+_sha3_256_blocksx4_seed_avx2:
+#endif /* __APPLE__ */
+        leaq	L_sha3_x4_avx2_r(%rip), %rdx
+        movq	%rdi, %rax
+        movq	%rdi, %rcx
+        vpbroadcastq	(%rsi), %ymm15
+        addq	$0x80, %rdi
+        vpbroadcastq	8(%rsi), %ymm11
+        addq	$0x180, %rax
+        vpbroadcastq	16(%rsi), %ymm12
+        addq	$0x280, %rcx
+        vpbroadcastq	24(%rsi), %ymm13
+        vmovdqu	L_sha3_256_blockx4_seed_avx2_end_mark(%rip), %ymm5
+        vpxor	%ymm6, %ymm6, %ymm6
+        vmovdqu	%ymm11, -96(%rdi)
+        vmovdqu	%ymm12, -64(%rdi)
+        vmovdqu	%ymm13, -32(%rdi)
+        vmovdqu	(%rdi), %ymm14
+        vmovdqu	%ymm6, 32(%rdi)
+        vmovdqu	%ymm6, 64(%rdi)
+        vmovdqu	%ymm6, 96(%rdi)
+        vmovdqu	%ymm6, 128(%rdi)
+        vmovdqu	%ymm6, -96(%rax)
+        vmovdqu	%ymm6, -64(%rax)
+        vmovdqu	%ymm6, -32(%rax)
+        vmovdqu	%ymm6, (%rax)
+        vmovdqu	%ymm6, 32(%rax)
+        vmovdqu	%ymm6, 64(%rax)
+        vmovdqu	%ymm6, 96(%rax)
+        vmovdqu	%ymm5, 128(%rax)
+        vmovdqu	%ymm6, -96(%rcx)
+        vmovdqu	%ymm6, -64(%rcx)
+        vmovdqu	%ymm6, -32(%rcx)
+        vmovdqu	%ymm6, (%rcx)
+        vmovdqu	%ymm6, 32(%rcx)
+        vmovdqu	%ymm6, 64(%rcx)
+        vmovdqu	%ymm6, 96(%rcx)
+        vmovdqu	%ymm6, 128(%rcx)
+        vmovdqu	%ymm15, %ymm10
+        vpxor	%ymm5, %ymm11, %ymm11
+        # Round 0
+        # Calc b[0..4]
+        # Calc t[0..4]
+        vpsrlq	$63, %ymm11, %ymm0
+        vpsrlq	$63, %ymm12, %ymm1
+        vpsrlq	$63, %ymm13, %ymm2
+        vpsrlq	$63, %ymm14, %ymm3
+        vpsrlq	$63, %ymm10, %ymm4
+        vpaddq	%ymm11, %ymm11, %ymm5
+        vpaddq	%ymm12, %ymm12, %ymm6
+        vpaddq	%ymm13, %ymm13, %ymm7
+        vpaddq	%ymm14, %ymm14, %ymm8
+        vpaddq	%ymm10, %ymm10, %ymm9
+        vpor	%ymm0, %ymm5, %ymm5
+        vpor	%ymm1, %ymm6, %ymm6
+        vpor	%ymm2, %ymm7, %ymm7
+        vpor	%ymm3, %ymm8, %ymm8
+        vpor	%ymm4, %ymm9, %ymm9
+        vpxor	%ymm14, %ymm5, %ymm5
+        vpxor	%ymm10, %ymm6, %ymm6
+        vpxor	%ymm11, %ymm7, %ymm7
+        vpxor	%ymm12, %ymm8, %ymm8
+        vpxor	%ymm13, %ymm9, %ymm9
+        # Row Mix
+        # Row 0
+        vpxor	%ymm15, %ymm5, %ymm10
+        vpxor	64(%rdi), %ymm6, %ymm11
+        vpxor	(%rax), %ymm7, %ymm12
+        vpxor	-64(%rcx), %ymm8, %ymm13
+        vpxor	128(%rcx), %ymm9, %ymm14
+        vpsrlq	$20, %ymm11, %ymm0
+        vpsrlq	$21, %ymm12, %ymm1
+        vpsrlq	$43, %ymm13, %ymm2
+        vpsrlq	$50, %ymm14, %ymm3
+        vpsllq	$44, %ymm11, %ymm11
+        vpsllq	$43, %ymm12, %ymm12
+        vpsllq	$21, %ymm13, %ymm13
+        vpsllq	$14, %ymm14, %ymm14
+        vpor	%ymm0, %ymm11, %ymm11
+        vpor	%ymm1, %ymm12, %ymm12
+        vpor	%ymm2, %ymm13, %ymm13
+        vpor	%ymm3, %ymm14, %ymm14
+        vpandn	%ymm12, %ymm11, %ymm15
+        vpandn	%ymm13, %ymm12, %ymm1
+        vpandn	%ymm14, %ymm13, %ymm2
+        vpandn	%ymm10, %ymm14, %ymm3
+        vpandn	%ymm11, %ymm10, %ymm4
+        vpxor	%ymm10, %ymm15, %ymm15
+        vpxor	%ymm11, %ymm1, %ymm1
+        vpxor	%ymm12, %ymm2, %ymm2
+        # XOR in constant
+        vpxor	(%rdx), %ymm15, %ymm15
+        vpxor	%ymm13, %ymm3, %ymm3
+        vpxor	%ymm14, %ymm4, %ymm4
+        vmovdqu	%ymm1, 64(%rdi)
+        vmovdqu	%ymm2, (%rax)
+        vmovdqu	%ymm3, -64(%rcx)
+        vmovdqu	%ymm4, 128(%rcx)
+        # Row 1
+        vpxor	-32(%rdi), %ymm8, %ymm10
+        vpxor	-96(%rax), %ymm9, %ymm11
+        vpxor	-64(%rax), %ymm5, %ymm12
+        vpxor	128(%rax), %ymm6, %ymm13
+        vpxor	64(%rcx), %ymm7, %ymm14
+        vpsrlq	$36, %ymm10, %ymm0
+        vpsrlq	$44, %ymm11, %ymm1
+        vpsrlq	$61, %ymm12, %ymm2
+        vpsrlq	$19, %ymm13, %ymm3
+        vpsrlq	$3, %ymm14, %ymm4
+        vpsllq	$28, %ymm10, %ymm10
+        vpsllq	$20, %ymm11, %ymm11
+        vpsllq	$3, %ymm12, %ymm12
+        vpsllq	$45, %ymm13, %ymm13
+        vpsllq	$61, %ymm14, %ymm14
+        vpor	%ymm0, %ymm10, %ymm10
+        vpor	%ymm1, %ymm11, %ymm11
+        vpor	%ymm2, %ymm12, %ymm12
+        vpor	%ymm3, %ymm13, %ymm13
+        vpor	%ymm4, %ymm14, %ymm14
+        vpandn	%ymm12, %ymm11, %ymm0
+        vpandn	%ymm13, %ymm12, %ymm1
+        vpandn	%ymm14, %ymm13, %ymm2
+        vpandn	%ymm10, %ymm14, %ymm3
+        vpandn	%ymm11, %ymm10, %ymm4
+        vpxor	%ymm10, %ymm0, %ymm0
+        vpxor	%ymm11, %ymm1, %ymm1
+        vpxor	%ymm12, %ymm2, %ymm2
+        vpxor	%ymm13, %ymm3, %ymm3
+        vpxor	%ymm14, %ymm4, %ymm4
+        vmovdqu	%ymm0, -32(%rdi)
+        vmovdqu	%ymm1, -96(%rax)
+        vmovdqu	%ymm2, -64(%rax)
+        vmovdqu	%ymm3, 128(%rax)
+        vmovdqu	%ymm4, 64(%rcx)
+        # Row 2
+        vpxor	-96(%rdi), %ymm6, %ymm10
+        vpxor	96(%rdi), %ymm7, %ymm11
+        vpxor	32(%rax), %ymm8, %ymm12
+        vpxor	-32(%rcx), %ymm9, %ymm13
+        vpxor	(%rcx), %ymm5, %ymm14
+        vpsrlq	$63, %ymm10, %ymm0
+        vpsrlq	$58, %ymm11, %ymm1
+        vpsrlq	$39, %ymm12, %ymm2
+        vpsrlq	$56, %ymm13, %ymm3
+        vpsrlq	$46, %ymm14, %ymm4
+        vpaddq	%ymm10, %ymm10, %ymm10
+        vpsllq	$6, %ymm11, %ymm11
+        vpsllq	$25, %ymm12, %ymm12
+        vpsllq	$8, %ymm13, %ymm13
+        vpsllq	$18, %ymm14, %ymm14
+        vpor	%ymm0, %ymm10, %ymm10
+        vpor	%ymm1, %ymm11, %ymm11
+        vpor	%ymm2, %ymm12, %ymm12
+        vpor	%ymm3, %ymm13, %ymm13
+        vpor	%ymm4, %ymm14, %ymm14
+        vpandn	%ymm12, %ymm11, %ymm0
+        vpandn	%ymm13, %ymm12, %ymm1
+        vpandn	%ymm14, %ymm13, %ymm2
+        vpandn	%ymm10, %ymm14, %ymm3
+        vpandn	%ymm11, %ymm10, %ymm4
+        vpxor	%ymm10, %ymm0, %ymm0
+        vpxor	%ymm11, %ymm1, %ymm1
+        vpxor	%ymm12, %ymm2, %ymm2
+        vpxor	%ymm13, %ymm3, %ymm3
+        vpxor	%ymm14, %ymm4, %ymm4
+        vmovdqu	%ymm0, -96(%rdi)
+        vmovdqu	%ymm1, 96(%rdi)
+        vmovdqu	%ymm2, 32(%rax)
+        vmovdqu	%ymm3, -32(%rcx)
+        vmovdqu	%ymm4, (%rcx)
+        # Row 3
+        vpxor	(%rdi), %ymm9, %ymm10
+        vpxor	32(%rdi), %ymm5, %ymm11
+        vpxor	-32(%rax), %ymm6, %ymm12
+        vpxor	-96(%rcx), %ymm7, %ymm13
+        vpxor	96(%rcx), %ymm8, %ymm14
+        vpsrlq	$37, %ymm10, %ymm0
+        vpsrlq	$28, %ymm11, %ymm1
+        vpsrlq	$54, %ymm12, %ymm2
+        vpsrlq	$49, %ymm13, %ymm3
+        vpsrlq	$8, %ymm14, %ymm4
+        vpsllq	$27, %ymm10, %ymm10
+        vpsllq	$36, %ymm11, %ymm11
+        vpsllq	$10, %ymm12, %ymm12
+        vpsllq	$15, %ymm13, %ymm13
+        vpsllq	$56, %ymm14, %ymm14
+        vpor	%ymm0, %ymm10, %ymm10
+        vpor	%ymm1, %ymm11, %ymm11
+        vpor	%ymm2, %ymm12, %ymm12
+        vpor	%ymm3, %ymm13, %ymm13
+        vpor	%ymm4, %ymm14, %ymm14
+        vpandn	%ymm12, %ymm11, %ymm0
+        vpandn	%ymm13, %ymm12, %ymm1
+        vpandn	%ymm14, %ymm13, %ymm2
+        vpandn	%ymm10, %ymm14, %ymm3
+        vpandn	%ymm11, %ymm10, %ymm4
+        vpxor	%ymm10, %ymm0, %ymm0
+        vpxor	%ymm11, %ymm1, %ymm1
+        vpxor	%ymm12, %ymm2, %ymm2
+        vpxor	%ymm13, %ymm3, %ymm3
+        vpxor	%ymm14, %ymm4, %ymm4
+        vmovdqu	%ymm0, (%rdi)
+        vmovdqu	%ymm1, 32(%rdi)
+        vmovdqu	%ymm2, -32(%rax)
+        vmovdqu	%ymm3, -96(%rcx)
+        vmovdqu	%ymm4, 96(%rcx)
+        # Row 4
+        vpxor	-64(%rdi), %ymm7, %ymm10
+        vpxor	128(%rdi), %ymm8, %ymm11
+        vpxor	64(%rax), %ymm9, %ymm12
+        vpxor	96(%rax), %ymm5, %ymm13
+        vpxor	32(%rcx), %ymm6, %ymm14
+        vpsrlq	$2, %ymm10, %ymm0
+        vpsrlq	$9, %ymm11, %ymm1
+        vpsrlq	$25, %ymm12, %ymm2
+        vpsrlq	$23, %ymm13, %ymm3
+        vpsrlq	$62, %ymm14, %ymm4
+        vpsllq	$62, %ymm10, %ymm10
+        vpsllq	$55, %ymm11, %ymm11
+        vpsllq	$39, %ymm12, %ymm12
+        vpsllq	$41, %ymm13, %ymm13
+        vpsllq	$2, %ymm14, %ymm14
+        vpor	%ymm0, %ymm10, %ymm10
+        vpor	%ymm1, %ymm11, %ymm11
+        vpor	%ymm2, %ymm12, %ymm12
+        vpor	%ymm3, %ymm13, %ymm13
+        vpor	%ymm4, %ymm14, %ymm14
+        vpandn	%ymm12, %ymm11, %ymm0
+        vpandn	%ymm13, %ymm12, %ymm1
+        vpandn	%ymm14, %ymm13, %ymm2
+        vpandn	%ymm10, %ymm14, %ymm3
+        vpandn	%ymm11, %ymm10, %ymm4
+        vpxor	%ymm10, %ymm0, %ymm0
+        vpxor	%ymm11, %ymm1, %ymm1
+        vpxor	%ymm12, %ymm2, %ymm2
+        vpxor	%ymm13, %ymm3, %ymm3
+        vpxor	%ymm14, %ymm4, %ymm4
+        vmovdqu	%ymm0, -64(%rdi)
+        vmovdqu	%ymm1, 128(%rdi)
+        vmovdqu	%ymm2, 64(%rax)
+        vmovdqu	%ymm3, 96(%rax)
+        vmovdqu	%ymm4, 32(%rcx)
+        # Round 1
+        # Calc b[0..4]
+        vpxor	%ymm15, %ymm0, %ymm10
+        vpxor	-96(%rdi), %ymm10, %ymm10
+        vpxor	-32(%rdi), %ymm10, %ymm10
+        vpxor	(%rdi), %ymm10, %ymm10
+        vpxor	32(%rdi), %ymm1, %ymm11
+        vpxor	64(%rdi), %ymm11, %ymm11
+        vpxor	96(%rdi), %ymm11, %ymm11
+        vpxor	-96(%rax), %ymm11, %ymm11
+        vpxor	-64(%rax), %ymm2, %ymm12
+        vpxor	-32(%rax), %ymm12, %ymm12
+        vpxor	(%rax), %ymm12, %ymm12
+        vpxor	32(%rax), %ymm12, %ymm12
+        vpxor	128(%rax), %ymm3, %ymm13
+        vpxor	-96(%rcx), %ymm13, %ymm13
+        vpxor	-64(%rcx), %ymm13, %ymm13
+        vpxor	-32(%rcx), %ymm13, %ymm13
+        vpxor	(%rcx), %ymm4, %ymm14
+        vpxor	64(%rcx), %ymm14, %ymm14
+        vpxor	96(%rcx), %ymm14, %ymm14
+        vpxor	128(%rcx), %ymm14, %ymm14
+        # Calc t[0..4]
+        vpsrlq	$63, %ymm11, %ymm0
+        vpsrlq	$63, %ymm12, %ymm1
+        vpsrlq	$63, %ymm13, %ymm2
+        vpsrlq	$63, %ymm14, %ymm3
+        vpsrlq	$63, %ymm10, %ymm4
+        vpaddq	%ymm11, %ymm11, %ymm5
+        vpaddq	%ymm12, %ymm12, %ymm6
+        vpaddq	%ymm13, %ymm13, %ymm7
+        vpaddq	%ymm14, %ymm14, %ymm8
+        vpaddq	%ymm10, %ymm10, %ymm9
+        vpor	%ymm0, %ymm5, %ymm5
+        vpor	%ymm1, %ymm6, %ymm6
+        vpor	%ymm2, %ymm7, %ymm7
+        vpor	%ymm3, %ymm8, %ymm8
+        vpor	%ymm4, %ymm9, %ymm9
+        vpxor	%ymm14, %ymm5, %ymm5
+        vpxor	%ymm10, %ymm6, %ymm6
+        vpxor	%ymm11, %ymm7, %ymm7
+        vpxor	%ymm12, %ymm8, %ymm8
+        vpxor	%ymm13, %ymm9, %ymm9
+        # Row Mix
+        # Row 0
+        vpxor	%ymm15, %ymm5, %ymm10
+        vpxor	-96(%rax), %ymm6, %ymm11
+        vpxor	32(%rax), %ymm7, %ymm12
+        vpxor	-96(%rcx), %ymm8, %ymm13
+        vpxor	32(%rcx), %ymm9, %ymm14
+        vpsrlq	$20, %ymm11, %ymm0
+        vpsrlq	$21, %ymm12, %ymm1
+        vpsrlq	$43, %ymm13, %ymm2
+        vpsrlq	$50, %ymm14, %ymm3
+        vpsllq	$44, %ymm11, %ymm11
+        vpsllq	$43, %ymm12, %ymm12
+        vpsllq	$21, %ymm13, %ymm13
+        vpsllq	$14, %ymm14, %ymm14
+        vpor	%ymm0, %ymm11, %ymm11
+        vpor	%ymm1, %ymm12, %ymm12
+        vpor	%ymm2, %ymm13, %ymm13
+        vpor	%ymm3, %ymm14, %ymm14
+        vpandn	%ymm12, %ymm11, %ymm15
+        vpandn	%ymm13, %ymm12, %ymm1
+        vpandn	%ymm14, %ymm13, %ymm2
+        vpandn	%ymm10, %ymm14, %ymm3
+        vpandn	%ymm11, %ymm10, %ymm4
+        vpxor	%ymm10, %ymm15, %ymm15
+        vpxor	%ymm11, %ymm1, %ymm1
+        vpxor	%ymm12, %ymm2, %ymm2
+        # XOR in constant
+        vpxor	32(%rdx), %ymm15, %ymm15
+        vpxor	%ymm13, %ymm3, %ymm3
+        vpxor	%ymm14, %ymm4, %ymm4
+        vmovdqu	%ymm1, -96(%rax)
+        vmovdqu	%ymm2, 32(%rax)
+        vmovdqu	%ymm3, -96(%rcx)
+        vmovdqu	%ymm4, 32(%rcx)
+        # Row 1
+        vpxor	-64(%rcx), %ymm8, %ymm10
+        vpxor	64(%rcx), %ymm9, %ymm11
+        vpxor	-96(%rdi), %ymm5, %ymm12
+        vpxor	32(%rdi), %ymm6, %ymm13
+        vpxor	64(%rax), %ymm7, %ymm14
+        vpsrlq	$36, %ymm10, %ymm0
+        vpsrlq	$44, %ymm11, %ymm1
+        vpsrlq	$61, %ymm12, %ymm2
+        vpsrlq	$19, %ymm13, %ymm3
+        vpsrlq	$3, %ymm14, %ymm4
+        vpsllq	$28, %ymm10, %ymm10
+        vpsllq	$20, %ymm11, %ymm11
+        vpsllq	$3, %ymm12, %ymm12
+        vpsllq	$45, %ymm13, %ymm13
+        vpsllq	$61, %ymm14, %ymm14
+        vpor	%ymm0, %ymm10, %ymm10
+        vpor	%ymm1, %ymm11, %ymm11
+        vpor	%ymm2, %ymm12, %ymm12
+        vpor	%ymm3, %ymm13, %ymm13
+        vpor	%ymm4, %ymm14, %ymm14
+        vpandn	%ymm12, %ymm11, %ymm0
+        vpandn	%ymm13, %ymm12, %ymm1
+        vpandn	%ymm14, %ymm13, %ymm2
+        vpandn	%ymm10, %ymm14, %ymm3
+        vpandn	%ymm11, %ymm10, %ymm4
+        vpxor	%ymm10, %ymm0, %ymm0
+        vpxor	%ymm11, %ymm1, %ymm1
+        vpxor	%ymm12, %ymm2, %ymm2
+        vpxor	%ymm13, %ymm3, %ymm3
+        vpxor	%ymm14, %ymm4, %ymm4
+        vmovdqu	%ymm0, -64(%rcx)
+        vmovdqu	%ymm1, 64(%rcx)
+        vmovdqu	%ymm2, -96(%rdi)
+        vmovdqu	%ymm3, 32(%rdi)
+        vmovdqu	%ymm4, 64(%rax)
+        # Row 2
+        vpxor	64(%rdi), %ymm6, %ymm10
+        vpxor	-64(%rax), %ymm7, %ymm11
+        vpxor	-32(%rcx), %ymm8, %ymm12
+        vpxor	96(%rcx), %ymm9, %ymm13
+        vpxor	-64(%rdi), %ymm5, %ymm14
+        vpsrlq	$63, %ymm10, %ymm0
+        vpsrlq	$58, %ymm11, %ymm1
+        vpsrlq	$39, %ymm12, %ymm2
+        vpsrlq	$56, %ymm13, %ymm3
+        vpsrlq	$46, %ymm14, %ymm4
+        vpaddq	%ymm10, %ymm10, %ymm10
+        vpsllq	$6, %ymm11, %ymm11
+        vpsllq	$25, %ymm12, %ymm12
+        vpsllq	$8, %ymm13, %ymm13
+        vpsllq	$18, %ymm14, %ymm14
+        vpor	%ymm0, %ymm10, %ymm10
+        vpor	%ymm1, %ymm11, %ymm11
+        vpor	%ymm2, %ymm12, %ymm12
+        vpor	%ymm3, %ymm13, %ymm13
+        vpor	%ymm4, %ymm14, %ymm14
+        vpandn	%ymm12, %ymm11, %ymm0
+        vpandn	%ymm13, %ymm12, %ymm1
+        vpandn	%ymm14, %ymm13, %ymm2
+        vpandn	%ymm10, %ymm14, %ymm3
+        vpandn	%ymm11, %ymm10, %ymm4
+        vpxor	%ymm10, %ymm0, %ymm0
+        vpxor	%ymm11, %ymm1, %ymm1
+        vpxor	%ymm12, %ymm2, %ymm2
+        vpxor	%ymm13, %ymm3, %ymm3
+        vpxor	%ymm14, %ymm4, %ymm4
+        vmovdqu	%ymm0, 64(%rdi)
+        vmovdqu	%ymm1, -64(%rax)
+        vmovdqu	%ymm2, -32(%rcx)
+        vmovdqu	%ymm3, 96(%rcx)
+        vmovdqu	%ymm4, -64(%rdi)
+        # Row 3
+        vpxor	128(%rcx), %ymm9, %ymm10
+        vpxor	-32(%rdi), %ymm5, %ymm11
+        vpxor	96(%rdi), %ymm6, %ymm12
+        vpxor	-32(%rax), %ymm7, %ymm13
+        vpxor	96(%rax), %ymm8, %ymm14
+        vpsrlq	$37, %ymm10, %ymm0
+        vpsrlq	$28, %ymm11, %ymm1
+        vpsrlq	$54, %ymm12, %ymm2
+        vpsrlq	$49, %ymm13, %ymm3
+        vpsrlq	$8, %ymm14, %ymm4
+        vpsllq	$27, %ymm10, %ymm10
+        vpsllq	$36, %ymm11, %ymm11
+        vpsllq	$10, %ymm12, %ymm12
+        vpsllq	$15, %ymm13, %ymm13
+        vpsllq	$56, %ymm14, %ymm14
+        vpor	%ymm0, %ymm10, %ymm10
+        vpor	%ymm1, %ymm11, %ymm11
+        vpor	%ymm2, %ymm12, %ymm12
+        vpor	%ymm3, %ymm13, %ymm13
+        vpor	%ymm4, %ymm14, %ymm14
+        vpandn	%ymm12, %ymm11, %ymm0
+        vpandn	%ymm13, %ymm12, %ymm1
+        vpandn	%ymm14, %ymm13, %ymm2
+        vpandn	%ymm10, %ymm14, %ymm3
+        vpandn	%ymm11, %ymm10, %ymm4
+        vpxor	%ymm10, %ymm0, %ymm0
+        vpxor	%ymm11, %ymm1, %ymm1
+        vpxor	%ymm12, %ymm2, %ymm2
+        vpxor	%ymm13, %ymm3, %ymm3
+        vpxor	%ymm14, %ymm4, %ymm4
+        vmovdqu	%ymm0, 128(%rcx)
+        vmovdqu	%ymm1, -32(%rdi)
+        vmovdqu	%ymm2, 96(%rdi)
+        vmovdqu	%ymm3, -32(%rax)
+        vmovdqu	%ymm4, 96(%rax)
+        # Row 4
+        vpxor	(%rax), %ymm7, %ymm10
+        vpxor	128(%rax), %ymm8, %ymm11
+        vpxor	(%rcx), %ymm9, %ymm12
+        vpxor	(%rdi), %ymm5, %ymm13
+        vpxor	128(%rdi), %ymm6, %ymm14
+        vpsrlq	$2, %ymm10, %ymm0
+        vpsrlq	$9, %ymm11, %ymm1
+        vpsrlq	$25, %ymm12, %ymm2
+        vpsrlq	$23, %ymm13, %ymm3
+        vpsrlq	$62, %ymm14, %ymm4
+        vpsllq	$62, %ymm10, %ymm10
+        vpsllq	$55, %ymm11, %ymm11
+        vpsllq	$39, %ymm12, %ymm12
+        vpsllq	$41, %ymm13, %ymm13
+        vpsllq	$2, %ymm14, %ymm14
+        vpor	%ymm0, %ymm10, %ymm10
+        vpor	%ymm1, %ymm11, %ymm11
+        vpor	%ymm2, %ymm12, %ymm12
+        vpor	%ymm3, %ymm13, %ymm13
+        vpor	%ymm4, %ymm14, %ymm14
+        vpandn	%ymm12, %ymm11, %ymm0
+        vpandn	%ymm13, %ymm12, %ymm1
+        vpandn	%ymm14, %ymm13, %ymm2
+        vpandn	%ymm10, %ymm14, %ymm3
+        vpandn	%ymm11, %ymm10, %ymm4
+        vpxor	%ymm10, %ymm0, %ymm0
+        vpxor	%ymm11, %ymm1, %ymm1
+        vpxor	%ymm12, %ymm2, %ymm2
+        vpxor	%ymm13, %ymm3, %ymm3
+        vpxor	%ymm14, %ymm4, %ymm4
+        vmovdqu	%ymm0, (%rax)
+        vmovdqu	%ymm1, 128(%rax)
+        vmovdqu	%ymm2, (%rcx)
+        vmovdqu	%ymm3, (%rdi)
+        vmovdqu	%ymm4, 128(%rdi)
+        # Round 2
+        # Calc b[0..4]
+        vpxor	%ymm15, %ymm0, %ymm10
+        vpxor	-96(%rdi), %ymm2, %ymm12
+        vpxor	-64(%rdi), %ymm4, %ymm14
+        vpxor	-32(%rdi), %ymm1, %ymm11
+        vpxor	32(%rdi), %ymm3, %ymm13
+        vpxor	64(%rdi), %ymm10, %ymm10
+        vpxor	96(%rdi), %ymm12, %ymm12
+        vpxor	-96(%rax), %ymm11, %ymm11
+        vpxor	-64(%rax), %ymm11, %ymm11
+        vpxor	-32(%rax), %ymm13, %ymm13
+        vpxor	32(%rax), %ymm12, %ymm12
+        vpxor	64(%rax), %ymm14, %ymm14
+        vpxor	96(%rax), %ymm14, %ymm14
+        vpxor	-96(%rcx), %ymm13, %ymm13
+        vpxor	-64(%rcx), %ymm10, %ymm10
+        vpxor	-32(%rcx), %ymm12, %ymm12
+        vpxor	32(%rcx), %ymm14, %ymm14
+        vpxor	64(%rcx), %ymm11, %ymm11
+        vpxor	96(%rcx), %ymm13, %ymm13
+        vpxor	128(%rcx), %ymm10, %ymm10
+        # Calc t[0..4]
+        vpsrlq	$63, %ymm11, %ymm0
+        vpsrlq	$63, %ymm12, %ymm1
+        vpsrlq	$63, %ymm13, %ymm2
+        vpsrlq	$63, %ymm14, %ymm3
+        vpsrlq	$63, %ymm10, %ymm4
+        vpaddq	%ymm11, %ymm11, %ymm5
+        vpaddq	%ymm12, %ymm12, %ymm6
+        vpaddq	%ymm13, %ymm13, %ymm7
+        vpaddq	%ymm14, %ymm14, %ymm8
+        vpaddq	%ymm10, %ymm10, %ymm9
+        vpor	%ymm0, %ymm5, %ymm5
+        vpor	%ymm1, %ymm6, %ymm6
+        vpor	%ymm2, %ymm7, %ymm7
+        vpor	%ymm3, %ymm8, %ymm8
+        vpor	%ymm4, %ymm9, %ymm9
+        vpxor	%ymm14, %ymm5, %ymm5
+        vpxor	%ymm10, %ymm6, %ymm6
+        vpxor	%ymm11, %ymm7, %ymm7
+        vpxor	%ymm12, %ymm8, %ymm8
+        vpxor	%ymm13, %ymm9, %ymm9
+        # Row Mix
+        # Row 0
+        vpxor	%ymm15, %ymm5, %ymm10
+        vpxor	64(%rcx), %ymm6, %ymm11
+        vpxor	-32(%rcx), %ymm7, %ymm12
+        vpxor	-32(%rax), %ymm8, %ymm13
+        vpxor	128(%rdi), %ymm9, %ymm14
+        vpsrlq	$20, %ymm11, %ymm0
+        vpsrlq	$21, %ymm12, %ymm1
+        vpsrlq	$43, %ymm13, %ymm2
+        vpsrlq	$50, %ymm14, %ymm3
+        vpsllq	$44, %ymm11, %ymm11
+        vpsllq	$43, %ymm12, %ymm12
+        vpsllq	$21, %ymm13, %ymm13
+        vpsllq	$14, %ymm14, %ymm14
+        vpor	%ymm0, %ymm11, %ymm11
+        vpor	%ymm1, %ymm12, %ymm12
+        vpor	%ymm2, %ymm13, %ymm13
+        vpor	%ymm3, %ymm14, %ymm14
+        vpandn	%ymm12, %ymm11, %ymm15
+        vpandn	%ymm13, %ymm12, %ymm1
+        vpandn	%ymm14, %ymm13, %ymm2
+        vpandn	%ymm10, %ymm14, %ymm3
+        vpandn	%ymm11, %ymm10, %ymm4
+        vpxor	%ymm10, %ymm15, %ymm15
+        vpxor	%ymm11, %ymm1, %ymm1
+        vpxor	%ymm12, %ymm2, %ymm2
+        # XOR in constant
+        vpxor	64(%rdx), %ymm15, %ymm15
+        vpxor	%ymm13, %ymm3, %ymm3
+        vpxor	%ymm14, %ymm4, %ymm4
+        vmovdqu	%ymm1, 64(%rcx)
+        vmovdqu	%ymm2, -32(%rcx)
+        vmovdqu	%ymm3, -32(%rax)
+        vmovdqu	%ymm4, 128(%rdi)
+        # Row 1
+        vpxor	-96(%rcx), %ymm8, %ymm10
+        vpxor	64(%rax), %ymm9, %ymm11
+        vpxor	64(%rdi), %ymm5, %ymm12
+        vpxor	-32(%rdi), %ymm6, %ymm13
+        vpxor	(%rcx), %ymm7, %ymm14
+        vpsrlq	$36, %ymm10, %ymm0
+        vpsrlq	$44, %ymm11, %ymm1
+        vpsrlq	$61, %ymm12, %ymm2
+        vpsrlq	$19, %ymm13, %ymm3
+        vpsrlq	$3, %ymm14, %ymm4
+        vpsllq	$28, %ymm10, %ymm10
+        vpsllq	$20, %ymm11, %ymm11
+        vpsllq	$3, %ymm12, %ymm12
+        vpsllq	$45, %ymm13, %ymm13
+        vpsllq	$61, %ymm14, %ymm14
+        vpor	%ymm0, %ymm10, %ymm10
+        vpor	%ymm1, %ymm11, %ymm11
+        vpor	%ymm2, %ymm12, %ymm12
+        vpor	%ymm3, %ymm13, %ymm13
+        vpor	%ymm4, %ymm14, %ymm14
+        vpandn	%ymm12, %ymm11, %ymm0
+        vpandn	%ymm13, %ymm12, %ymm1
+        vpandn	%ymm14, %ymm13, %ymm2
+        vpandn	%ymm10, %ymm14, %ymm3
+        vpandn	%ymm11, %ymm10, %ymm4
+        vpxor	%ymm10, %ymm0, %ymm0
+        vpxor	%ymm11, %ymm1, %ymm1
+        vpxor	%ymm12, %ymm2, %ymm2
+        vpxor	%ymm13, %ymm3, %ymm3
+        vpxor	%ymm14, %ymm4, %ymm4
+        vmovdqu	%ymm0, -96(%rcx)
+        vmovdqu	%ymm1, 64(%rax)
+        vmovdqu	%ymm2, 64(%rdi)
+        vmovdqu	%ymm3, -32(%rdi)
+        vmovdqu	%ymm4, (%rcx)
+        # Row 2
+        vpxor	-96(%rax), %ymm6, %ymm10
+        vpxor	-96(%rdi), %ymm7, %ymm11
+        vpxor	96(%rcx), %ymm8, %ymm12
+        vpxor	96(%rax), %ymm9, %ymm13
+        vpxor	(%rax), %ymm5, %ymm14
+        vpsrlq	$63, %ymm10, %ymm0
+        vpsrlq	$58, %ymm11, %ymm1
+        vpsrlq	$39, %ymm12, %ymm2
+        vpsrlq	$56, %ymm13, %ymm3
+        vpsrlq	$46, %ymm14, %ymm4
+        vpaddq	%ymm10, %ymm10, %ymm10
+        vpsllq	$6, %ymm11, %ymm11
+        vpsllq	$25, %ymm12, %ymm12
+        vpsllq	$8, %ymm13, %ymm13
+        vpsllq	$18, %ymm14, %ymm14
+        vpor	%ymm0, %ymm10, %ymm10
+        vpor	%ymm1, %ymm11, %ymm11
+        vpor	%ymm2, %ymm12, %ymm12
+        vpor	%ymm3, %ymm13, %ymm13
+        vpor	%ymm4, %ymm14, %ymm14
+        vpandn	%ymm12, %ymm11, %ymm0
+        vpandn	%ymm13, %ymm12, %ymm1
+        vpandn	%ymm14, %ymm13, %ymm2
+        vpandn	%ymm10, %ymm14, %ymm3
+        vpandn	%ymm11, %ymm10, %ymm4
+        vpxor	%ymm10, %ymm0, %ymm0
+        vpxor	%ymm11, %ymm1, %ymm1
+        vpxor	%ymm12, %ymm2, %ymm2
+        vpxor	%ymm13, %ymm3, %ymm3
+        vpxor	%ymm14, %ymm4, %ymm4
+        vmovdqu	%ymm0, -96(%rax)
+        vmovdqu	%ymm1, -96(%rdi)
+        vmovdqu	%ymm2, 96(%rcx)
+        vmovdqu	%ymm3, 96(%rax)
+        vmovdqu	%ymm4, (%rax)
+        # Row 3
+        vpxor	32(%rcx), %ymm9, %ymm10
+        vpxor	-64(%rcx), %ymm5, %ymm11
+        vpxor	-64(%rax), %ymm6, %ymm12
+        vpxor	96(%rdi), %ymm7, %ymm13
+        vpxor	(%rdi), %ymm8, %ymm14
+        vpsrlq	$37, %ymm10, %ymm0
+        vpsrlq	$28, %ymm11, %ymm1
+        vpsrlq	$54, %ymm12, %ymm2
+        vpsrlq	$49, %ymm13, %ymm3
+        vpsrlq	$8, %ymm14, %ymm4
+        vpsllq	$27, %ymm10, %ymm10
+        vpsllq	$36, %ymm11, %ymm11
+        vpsllq	$10, %ymm12, %ymm12
+        vpsllq	$15, %ymm13, %ymm13
+        vpsllq	$56, %ymm14, %ymm14
+        vpor	%ymm0, %ymm10, %ymm10
+        vpor	%ymm1, %ymm11, %ymm11
+        vpor	%ymm2, %ymm12, %ymm12
+        vpor	%ymm3, %ymm13, %ymm13
+        vpor	%ymm4, %ymm14, %ymm14
+        vpandn	%ymm12, %ymm11, %ymm0
+        vpandn	%ymm13, %ymm12, %ymm1
+        vpandn	%ymm14, %ymm13, %ymm2
+        vpandn	%ymm10, %ymm14, %ymm3
+        vpandn	%ymm11, %ymm10, %ymm4
+        vpxor	%ymm10, %ymm0, %ymm0
+        vpxor	%ymm11, %ymm1, %ymm1
+        vpxor	%ymm12, %ymm2, %ymm2
+        vpxor	%ymm13, %ymm3, %ymm3
+        vpxor	%ymm14, %ymm4, %ymm4
+        vmovdqu	%ymm0, 32(%rcx)
+        vmovdqu	%ymm1, -64(%rcx)
+        vmovdqu	%ymm2, -64(%rax)
+        vmovdqu	%ymm3, 96(%rdi)
+        vmovdqu	%ymm4, (%rdi)
+        # Row 4
+        vpxor	32(%rax), %ymm7, %ymm10
+        vpxor	32(%rdi), %ymm8, %ymm11
+        vpxor	-64(%rdi), %ymm9, %ymm12
+        vpxor	128(%rcx), %ymm5, %ymm13
+        vpxor	128(%rax), %ymm6, %ymm14
+        vpsrlq	$2, %ymm10, %ymm0
+        vpsrlq	$9, %ymm11, %ymm1
+        vpsrlq	$25, %ymm12, %ymm2
+        vpsrlq	$23, %ymm13, %ymm3
+        vpsrlq	$62, %ymm14, %ymm4
+        vpsllq	$62, %ymm10, %ymm10
+        vpsllq	$55, %ymm11, %ymm11
+        vpsllq	$39, %ymm12, %ymm12
+        vpsllq	$41, %ymm13, %ymm13
+        vpsllq	$2, %ymm14, %ymm14
+        vpor	%ymm0, %ymm10, %ymm10
+        vpor	%ymm1, %ymm11, %ymm11
+        vpor	%ymm2, %ymm12, %ymm12
+        vpor	%ymm3, %ymm13, %ymm13
+        vpor	%ymm4, %ymm14, %ymm14
+        vpandn	%ymm12, %ymm11, %ymm0
+        vpandn	%ymm13, %ymm12, %ymm1
+        vpandn	%ymm14, %ymm13, %ymm2
+        vpandn	%ymm10, %ymm14, %ymm3
+        vpandn	%ymm11, %ymm10, %ymm4
+        vpxor	%ymm10, %ymm0, %ymm0
+        vpxor	%ymm11, %ymm1, %ymm1
+        vpxor	%ymm12, %ymm2, %ymm2
+        vpxor	%ymm13, %ymm3, %ymm3
+        vpxor	%ymm14, %ymm4, %ymm4
+        vmovdqu	%ymm0, 32(%rax)
+        vmovdqu	%ymm1, 32(%rdi)
+        vmovdqu	%ymm2, -64(%rdi)
+        vmovdqu	%ymm3, 128(%rcx)
+        vmovdqu	%ymm4, 128(%rax)
+        # Round 3
+        # Calc b[0..4]
+        vpxor	%ymm15, %ymm0, %ymm10
+        vpxor	-96(%rdi), %ymm1, %ymm11
+        vpxor	-32(%rdi), %ymm3, %ymm13
+        vpxor	(%rdi), %ymm4, %ymm14
+        vpxor	64(%rdi), %ymm2, %ymm12
+        vpxor	96(%rdi), %ymm13, %ymm13
+        vpxor	128(%rdi), %ymm14, %ymm14
+        vpxor	-96(%rax), %ymm10, %ymm10
+        vpxor	-64(%rax), %ymm12, %ymm12
+        vpxor	-32(%rax), %ymm13, %ymm13
+        vpxor	(%rax), %ymm14, %ymm14
+        vpxor	64(%rax), %ymm11, %ymm11
+        vpxor	96(%rax), %ymm13, %ymm13
+        vpxor	-96(%rcx), %ymm10, %ymm10
+        vpxor	-64(%rcx), %ymm11, %ymm11
+        vpxor	-32(%rcx), %ymm12, %ymm12
+        vpxor	(%rcx), %ymm14, %ymm14
+        vpxor	32(%rcx), %ymm10, %ymm10
+        vpxor	64(%rcx), %ymm11, %ymm11
+        vpxor	96(%rcx), %ymm12, %ymm12
+        # Calc t[0..4]
+        vpsrlq	$63, %ymm11, %ymm0
+        vpsrlq	$63, %ymm12, %ymm1
+        vpsrlq	$63, %ymm13, %ymm2
+        vpsrlq	$63, %ymm14, %ymm3
+        vpsrlq	$63, %ymm10, %ymm4
+        vpaddq	%ymm11, %ymm11, %ymm5
+        vpaddq	%ymm12, %ymm12, %ymm6
+        vpaddq	%ymm13, %ymm13, %ymm7
+        vpaddq	%ymm14, %ymm14, %ymm8
+        vpaddq	%ymm10, %ymm10, %ymm9
+        vpor	%ymm0, %ymm5, %ymm5
+        vpor	%ymm1, %ymm6, %ymm6
+        vpor	%ymm2, %ymm7, %ymm7
+        vpor	%ymm3, %ymm8, %ymm8
+        vpor	%ymm4, %ymm9, %ymm9
+        vpxor	%ymm14, %ymm5, %ymm5
+        vpxor	%ymm10, %ymm6, %ymm6
+        vpxor	%ymm11, %ymm7, %ymm7
+        vpxor	%ymm12, %ymm8, %ymm8
+        vpxor	%ymm13, %ymm9, %ymm9
+        # Row Mix
+        # Row 0
+        vpxor	%ymm15, %ymm5, %ymm10
+        vpxor	64(%rax), %ymm6, %ymm11
+        vpxor	96(%rcx), %ymm7, %ymm12
+        vpxor	96(%rdi), %ymm8, %ymm13
+        vpxor	128(%rax), %ymm9, %ymm14
+        vpsrlq	$20, %ymm11, %ymm0
+        vpsrlq	$21, %ymm12, %ymm1
+        vpsrlq	$43, %ymm13, %ymm2
+        vpsrlq	$50, %ymm14, %ymm3
+        vpsllq	$44, %ymm11, %ymm11
+        vpsllq	$43, %ymm12, %ymm12
+        vpsllq	$21, %ymm13, %ymm13
+        vpsllq	$14, %ymm14, %ymm14
+        vpor	%ymm0, %ymm11, %ymm11
+        vpor	%ymm1, %ymm12, %ymm12
+        vpor	%ymm2, %ymm13, %ymm13
+        vpor	%ymm3, %ymm14, %ymm14
+        vpandn	%ymm12, %ymm11, %ymm15
+        vpandn	%ymm13, %ymm12, %ymm1
+        vpandn	%ymm14, %ymm13, %ymm2
+        vpandn	%ymm10, %ymm14, %ymm3
+        vpandn	%ymm11, %ymm10, %ymm4
+        vpxor	%ymm10, %ymm15, %ymm15
+        vpxor	%ymm11, %ymm1, %ymm1
+        vpxor	%ymm12, %ymm2, %ymm2
+        # XOR in constant
+        vpxor	96(%rdx), %ymm15, %ymm15
+        vpxor	%ymm13, %ymm3, %ymm3
+        vpxor	%ymm14, %ymm4, %ymm4
+        vmovdqu	%ymm1, 64(%rax)
+        vmovdqu	%ymm2, 96(%rcx)
+        vmovdqu	%ymm3, 96(%rdi)
+        vmovdqu	%ymm4, 128(%rax)
+        # Row 1
+        vpxor	-32(%rax), %ymm8, %ymm10
+        vpxor	(%rcx), %ymm9, %ymm11
+        vpxor	-96(%rax), %ymm5, %ymm12
+        vpxor	-64(%rcx), %ymm6, %ymm13
+        vpxor	-64(%rdi), %ymm7, %ymm14
+        vpsrlq	$36, %ymm10, %ymm0
+        vpsrlq	$44, %ymm11, %ymm1
+        vpsrlq	$61, %ymm12, %ymm2
+        vpsrlq	$19, %ymm13, %ymm3
+        vpsrlq	$3, %ymm14, %ymm4
+        vpsllq	$28, %ymm10, %ymm10
+        vpsllq	$20, %ymm11, %ymm11
+        vpsllq	$3, %ymm12, %ymm12
+        vpsllq	$45, %ymm13, %ymm13
+        vpsllq	$61, %ymm14, %ymm14
+        vpor	%ymm0, %ymm10, %ymm10
+        vpor	%ymm1, %ymm11, %ymm11
+        vpor	%ymm2, %ymm12, %ymm12
+        vpor	%ymm3, %ymm13, %ymm13
+        vpor	%ymm4, %ymm14, %ymm14
+        vpandn	%ymm12, %ymm11, %ymm0
+        vpandn	%ymm13, %ymm12, %ymm1
+        vpandn	%ymm14, %ymm13, %ymm2
+        vpandn	%ymm10, %ymm14, %ymm3
+        vpandn	%ymm11, %ymm10, %ymm4
+        vpxor	%ymm10, %ymm0, %ymm0
+        vpxor	%ymm11, %ymm1, %ymm1
+        vpxor	%ymm12, %ymm2, %ymm2
+        vpxor	%ymm13, %ymm3, %ymm3
+        vpxor	%ymm14, %ymm4, %ymm4
+        vmovdqu	%ymm0, -32(%rax)
+        vmovdqu	%ymm1, (%rcx)
+        vmovdqu	%ymm2, -96(%rax)
+        vmovdqu	%ymm3, -64(%rcx)
+        vmovdqu	%ymm4, -64(%rdi)
+        # Row 2
+        vpxor	64(%rcx), %ymm6, %ymm10
+        vpxor	64(%rdi), %ymm7, %ymm11
+        vpxor	96(%rax), %ymm8, %ymm12
+        vpxor	(%rdi), %ymm9, %ymm13
+        vpxor	32(%rax), %ymm5, %ymm14
+        vpsrlq	$63, %ymm10, %ymm0
+        vpsrlq	$58, %ymm11, %ymm1
+        vpsrlq	$39, %ymm12, %ymm2
+        vpsrlq	$56, %ymm13, %ymm3
+        vpsrlq	$46, %ymm14, %ymm4
+        vpaddq	%ymm10, %ymm10, %ymm10
+        vpsllq	$6, %ymm11, %ymm11
+        vpsllq	$25, %ymm12, %ymm12
+        vpsllq	$8, %ymm13, %ymm13
+        vpsllq	$18, %ymm14, %ymm14
+        vpor	%ymm0, %ymm10, %ymm10
+        vpor	%ymm1, %ymm11, %ymm11
+        vpor	%ymm2, %ymm12, %ymm12
+        vpor	%ymm3, %ymm13, %ymm13
+        vpor	%ymm4, %ymm14, %ymm14
+        vpandn	%ymm12, %ymm11, %ymm0
+        vpandn	%ymm13, %ymm12, %ymm1
+        vpandn	%ymm14, %ymm13, %ymm2
+        vpandn	%ymm10, %ymm14, %ymm3
+        vpandn	%ymm11, %ymm10, %ymm4
+        vpxor	%ymm10, %ymm0, %ymm0
+        vpxor	%ymm11, %ymm1, %ymm1
+        vpxor	%ymm12, %ymm2, %ymm2
+        vpxor	%ymm13, %ymm3, %ymm3
+        vpxor	%ymm14, %ymm4, %ymm4
+        vmovdqu	%ymm0, 64(%rcx)
+        vmovdqu	%ymm1, 64(%rdi)
+        vmovdqu	%ymm2, 96(%rax)
+        vmovdqu	%ymm3, (%rdi)
+        vmovdqu	%ymm4, 32(%rax)
+        # Row 3
+        vpxor	128(%rdi), %ymm9, %ymm10
+        vpxor	-96(%rcx), %ymm5, %ymm11
+        vpxor	-96(%rdi), %ymm6, %ymm12
+        vpxor	-64(%rax), %ymm7, %ymm13
+        vpxor	128(%rcx), %ymm8, %ymm14
+        vpsrlq	$37, %ymm10, %ymm0
+        vpsrlq	$28, %ymm11, %ymm1
+        vpsrlq	$54, %ymm12, %ymm2
+        vpsrlq	$49, %ymm13, %ymm3
+        vpsrlq	$8, %ymm14, %ymm4
+        vpsllq	$27, %ymm10, %ymm10
+        vpsllq	$36, %ymm11, %ymm11
+        vpsllq	$10, %ymm12, %ymm12
+        vpsllq	$15, %ymm13, %ymm13
+        vpsllq	$56, %ymm14, %ymm14
+        vpor	%ymm0, %ymm10, %ymm10
+        vpor	%ymm1, %ymm11, %ymm11
+        vpor	%ymm2, %ymm12, %ymm12
+        vpor	%ymm3, %ymm13, %ymm13
+        vpor	%ymm4, %ymm14, %ymm14
+        vpandn	%ymm12, %ymm11, %ymm0
+        vpandn	%ymm13, %ymm12, %ymm1
+        vpandn	%ymm14, %ymm13, %ymm2
+        vpandn	%ymm10, %ymm14, %ymm3
+        vpandn	%ymm11, %ymm10, %ymm4
+        vpxor	%ymm10, %ymm0, %ymm0
+        vpxor	%ymm11, %ymm1, %ymm1
+        vpxor	%ymm12, %ymm2, %ymm2
+        vpxor	%ymm13, %ymm3, %ymm3
+        vpxor	%ymm14, %ymm4, %ymm4
+        vmovdqu	%ymm0, 128(%rdi)
+        vmovdqu	%ymm1, -96(%rcx)
+        vmovdqu	%ymm2, -96(%rdi)
+        vmovdqu	%ymm3, -64(%rax)
+        vmovdqu	%ymm4, 128(%rcx)
+        # Row 4
+        vpxor	-32(%rcx), %ymm7, %ymm10
+        vpxor	-32(%rdi), %ymm8, %ymm11
+        vpxor	(%rax), %ymm9, %ymm12
+        vpxor	32(%rcx), %ymm5, %ymm13
+        vpxor	32(%rdi), %ymm6, %ymm14
+        vpsrlq	$2, %ymm10, %ymm0
+        vpsrlq	$9, %ymm11, %ymm1
+        vpsrlq	$25, %ymm12, %ymm2
+        vpsrlq	$23, %ymm13, %ymm3
+        vpsrlq	$62, %ymm14, %ymm4
+        vpsllq	$62, %ymm10, %ymm10
+        vpsllq	$55, %ymm11, %ymm11
+        vpsllq	$39, %ymm12, %ymm12
+        vpsllq	$41, %ymm13, %ymm13
+        vpsllq	$2, %ymm14, %ymm14
+        vpor	%ymm0, %ymm10, %ymm10
+        vpor	%ymm1, %ymm11, %ymm11
+        vpor	%ymm2, %ymm12, %ymm12
+        vpor	%ymm3, %ymm13, %ymm13
+        vpor	%ymm4, %ymm14, %ymm14
+        vpandn	%ymm12, %ymm11, %ymm0
+        vpandn	%ymm13, %ymm12, %ymm1
+        vpandn	%ymm14, %ymm13, %ymm2
+        vpandn	%ymm10, %ymm14, %ymm3
+        vpandn	%ymm11, %ymm10, %ymm4
+        vpxor	%ymm10, %ymm0, %ymm0
+        vpxor	%ymm11, %ymm1, %ymm1
+        vpxor	%ymm12, %ymm2, %ymm2
+        vpxor	%ymm13, %ymm3, %ymm3
+        vpxor	%ymm14, %ymm4, %ymm4
+        vmovdqu	%ymm0, -32(%rcx)
+        vmovdqu	%ymm1, -32(%rdi)
+        vmovdqu	%ymm2, (%rax)
+        vmovdqu	%ymm3, 32(%rcx)
+        vmovdqu	%ymm4, 32(%rdi)
+        # Round 4
+        # Calc b[0..4]
+        vpxor	%ymm15, %ymm0, %ymm10
+        vpxor	-96(%rdi), %ymm2, %ymm12
+        vpxor	-64(%rdi), %ymm4, %ymm14
+        vpxor	(%rdi), %ymm3, %ymm13
+        vpxor	64(%rdi), %ymm1, %ymm11
+        vpxor	96(%rdi), %ymm13, %ymm13
+        vpxor	128(%rdi), %ymm10, %ymm10
+        vpxor	-96(%rax), %ymm12, %ymm12
+        vpxor	-64(%rax), %ymm13, %ymm13
+        vpxor	-32(%rax), %ymm10, %ymm10
+        vpxor	32(%rax), %ymm14, %ymm14
+        vpxor	64(%rax), %ymm11, %ymm11
+        vpxor	96(%rax), %ymm12, %ymm12
+        vpxor	128(%rax), %ymm14, %ymm14
+        vpxor	-96(%rcx), %ymm11, %ymm11
+        vpxor	-64(%rcx), %ymm13, %ymm13
+        vpxor	(%rcx), %ymm11, %ymm11
+        vpxor	64(%rcx), %ymm10, %ymm10
+        vpxor	96(%rcx), %ymm12, %ymm12
+        vpxor	128(%rcx), %ymm14, %ymm14
+        # Calc t[0..4]
+        vpsrlq	$63, %ymm11, %ymm0
+        vpsrlq	$63, %ymm12, %ymm1
+        vpsrlq	$63, %ymm13, %ymm2
+        vpsrlq	$63, %ymm14, %ymm3
+        vpsrlq	$63, %ymm10, %ymm4
+        vpaddq	%ymm11, %ymm11, %ymm5
+        vpaddq	%ymm12, %ymm12, %ymm6
+        vpaddq	%ymm13, %ymm13, %ymm7
+        vpaddq	%ymm14, %ymm14, %ymm8
+        vpaddq	%ymm10, %ymm10, %ymm9
+        vpor	%ymm0, %ymm5, %ymm5
+        vpor	%ymm1, %ymm6, %ymm6
+        vpor	%ymm2, %ymm7, %ymm7
+        vpor	%ymm3, %ymm8, %ymm8
+        vpor	%ymm4, %ymm9, %ymm9
+        vpxor	%ymm14, %ymm5, %ymm5
+        vpxor	%ymm10, %ymm6, %ymm6
+        vpxor	%ymm11, %ymm7, %ymm7
+        vpxor	%ymm12, %ymm8, %ymm8
+        vpxor	%ymm13, %ymm9, %ymm9
+        # Row Mix
+        # Row 0
+        vpxor	%ymm15, %ymm5, %ymm10
+        vpxor	(%rcx), %ymm6, %ymm11
+        vpxor	96(%rax), %ymm7, %ymm12
+        vpxor	-64(%rax), %ymm8, %ymm13
+        vpxor	32(%rdi), %ymm9, %ymm14
+        vpsrlq	$20, %ymm11, %ymm0
+        vpsrlq	$21, %ymm12, %ymm1
+        vpsrlq	$43, %ymm13, %ymm2
+        vpsrlq	$50, %ymm14, %ymm3
+        vpsllq	$44, %ymm11, %ymm11
+        vpsllq	$43, %ymm12, %ymm12
+        vpsllq	$21, %ymm13, %ymm13
+        vpsllq	$14, %ymm14, %ymm14
+        vpor	%ymm0, %ymm11, %ymm11
+        vpor	%ymm1, %ymm12, %ymm12
+        vpor	%ymm2, %ymm13, %ymm13
+        vpor	%ymm3, %ymm14, %ymm14
+        vpandn	%ymm12, %ymm11, %ymm15
+        vpandn	%ymm13, %ymm12, %ymm1
+        vpandn	%ymm14, %ymm13, %ymm2
+        vpandn	%ymm10, %ymm14, %ymm3
+        vpandn	%ymm11, %ymm10, %ymm4
+        vpxor	%ymm10, %ymm15, %ymm15
+        vpxor	%ymm11, %ymm1, %ymm1
+        vpxor	%ymm12, %ymm2, %ymm2
+        # XOR in constant
+        vpxor	128(%rdx), %ymm15, %ymm15
+        vpxor	%ymm13, %ymm3, %ymm3
+        vpxor	%ymm14, %ymm4, %ymm4
+        vmovdqu	%ymm1, (%rcx)
+        vmovdqu	%ymm2, 96(%rax)
+        vmovdqu	%ymm3, -64(%rax)
+        vmovdqu	%ymm4, 32(%rdi)
+        # Row 1
+        vpxor	96(%rdi), %ymm8, %ymm10
+        vpxor	-64(%rdi), %ymm9, %ymm11
+        vpxor	64(%rcx), %ymm5, %ymm12
+        vpxor	-96(%rcx), %ymm6, %ymm13
+        vpxor	(%rax), %ymm7, %ymm14
+        vpsrlq	$36, %ymm10, %ymm0
+        vpsrlq	$44, %ymm11, %ymm1
+        vpsrlq	$61, %ymm12, %ymm2
+        vpsrlq	$19, %ymm13, %ymm3
+        vpsrlq	$3, %ymm14, %ymm4
+        vpsllq	$28, %ymm10, %ymm10
+        vpsllq	$20, %ymm11, %ymm11
+        vpsllq	$3, %ymm12, %ymm12
+        vpsllq	$45, %ymm13, %ymm13
+        vpsllq	$61, %ymm14, %ymm14
+        vpor	%ymm0, %ymm10, %ymm10
+        vpor	%ymm1, %ymm11, %ymm11
+        vpor	%ymm2, %ymm12, %ymm12
+        vpor	%ymm3, %ymm13, %ymm13
+        vpor	%ymm4, %ymm14, %ymm14
+        vpandn	%ymm12, %ymm11, %ymm0
+        vpandn	%ymm13, %ymm12, %ymm1
+        vpandn	%ymm14, %ymm13, %ymm2
+        vpandn	%ymm10, %ymm14, %ymm3
+        vpandn	%ymm11, %ymm10, %ymm4
+        vpxor	%ymm10, %ymm0, %ymm0
+        vpxor	%ymm11, %ymm1, %ymm1
+        vpxor	%ymm12, %ymm2, %ymm2
+        vpxor	%ymm13, %ymm3, %ymm3
+        vpxor	%ymm14, %ymm4, %ymm4
+        vmovdqu	%ymm0, 96(%rdi)
+        vmovdqu	%ymm1, -64(%rdi)
+        vmovdqu	%ymm2, 64(%rcx)
+        vmovdqu	%ymm3, -96(%rcx)
+        vmovdqu	%ymm4, (%rax)
+        # Row 2
+        vpxor	64(%rax), %ymm6, %ymm10
+        vpxor	-96(%rax), %ymm7, %ymm11
+        vpxor	(%rdi), %ymm8, %ymm12
+        vpxor	128(%rcx), %ymm9, %ymm13
+        vpxor	-32(%rcx), %ymm5, %ymm14
+        vpsrlq	$63, %ymm10, %ymm0
+        vpsrlq	$58, %ymm11, %ymm1
+        vpsrlq	$39, %ymm12, %ymm2
+        vpsrlq	$56, %ymm13, %ymm3
+        vpsrlq	$46, %ymm14, %ymm4
+        vpaddq	%ymm10, %ymm10, %ymm10
+        vpsllq	$6, %ymm11, %ymm11
+        vpsllq	$25, %ymm12, %ymm12
+        vpsllq	$8, %ymm13, %ymm13
+        vpsllq	$18, %ymm14, %ymm14
+        vpor	%ymm0, %ymm10, %ymm10
+        vpor	%ymm1, %ymm11, %ymm11
+        vpor	%ymm2, %ymm12, %ymm12
+        vpor	%ymm3, %ymm13, %ymm13
+        vpor	%ymm4, %ymm14, %ymm14
+        vpandn	%ymm12, %ymm11, %ymm0
+        vpandn	%ymm13, %ymm12, %ymm1
+        vpandn	%ymm14, %ymm13, %ymm2
+        vpandn	%ymm10, %ymm14, %ymm3
+        vpandn	%ymm11, %ymm10, %ymm4
+        vpxor	%ymm10, %ymm0, %ymm0
+        vpxor	%ymm11, %ymm1, %ymm1
+        vpxor	%ymm12, %ymm2, %ymm2
+        vpxor	%ymm13, %ymm3, %ymm3
+        vpxor	%ymm14, %ymm4, %ymm4
+        vmovdqu	%ymm0, 64(%rax)
+        vmovdqu	%ymm1, -96(%rax)
+        vmovdqu	%ymm2, (%rdi)
+        vmovdqu	%ymm3, 128(%rcx)
+        vmovdqu	%ymm4, -32(%rcx)
+        # Row 3
+        vpxor	128(%rax), %ymm9, %ymm10
+        vpxor	-32(%rax), %ymm5, %ymm11
+        vpxor	64(%rdi), %ymm6, %ymm12
+        vpxor	-96(%rdi), %ymm7, %ymm13
+        vpxor	32(%rcx), %ymm8, %ymm14
+        vpsrlq	$37, %ymm10, %ymm0
+        vpsrlq	$28, %ymm11, %ymm1
+        vpsrlq	$54, %ymm12, %ymm2
+        vpsrlq	$49, %ymm13, %ymm3
+        vpsrlq	$8, %ymm14, %ymm4
+        vpsllq	$27, %ymm10, %ymm10
+        vpsllq	$36, %ymm11, %ymm11
+        vpsllq	$10, %ymm12, %ymm12
+        vpsllq	$15, %ymm13, %ymm13
+        vpsllq	$56, %ymm14, %ymm14
+        vpor	%ymm0, %ymm10, %ymm10
+        vpor	%ymm1, %ymm11, %ymm11
+        vpor	%ymm2, %ymm12, %ymm12
+        vpor	%ymm3, %ymm13, %ymm13
+        vpor	%ymm4, %ymm14, %ymm14
+        vpandn	%ymm12, %ymm11, %ymm0
+        vpandn	%ymm13, %ymm12, %ymm1
+        vpandn	%ymm14, %ymm13, %ymm2
+        vpandn	%ymm10, %ymm14, %ymm3
+        vpandn	%ymm11, %ymm10, %ymm4
+        vpxor	%ymm10, %ymm0, %ymm0
+        vpxor	%ymm11, %ymm1, %ymm1
+        vpxor	%ymm12, %ymm2, %ymm2
+        vpxor	%ymm13, %ymm3, %ymm3
+        vpxor	%ymm14, %ymm4, %ymm4
+        vmovdqu	%ymm0, 128(%rax)
+        vmovdqu	%ymm1, -32(%rax)
+        vmovdqu	%ymm2, 64(%rdi)
+        vmovdqu	%ymm3, -96(%rdi)
+        vmovdqu	%ymm4, 32(%rcx)
+        # Row 4
+        vpxor	96(%rcx), %ymm7, %ymm10
+        vpxor	-64(%rcx), %ymm8, %ymm11
+        vpxor	32(%rax), %ymm9, %ymm12
+        vpxor	128(%rdi), %ymm5, %ymm13
+        vpxor	-32(%rdi), %ymm6, %ymm14
+        vpsrlq	$2, %ymm10, %ymm0
+        vpsrlq	$9, %ymm11, %ymm1
+        vpsrlq	$25, %ymm12, %ymm2
+        vpsrlq	$23, %ymm13, %ymm3
+        vpsrlq	$62, %ymm14, %ymm4
+        vpsllq	$62, %ymm10, %ymm10
+        vpsllq	$55, %ymm11, %ymm11
+        vpsllq	$39, %ymm12, %ymm12
+        vpsllq	$41, %ymm13, %ymm13
+        vpsllq	$2, %ymm14, %ymm14
+        vpor	%ymm0, %ymm10, %ymm10
+        vpor	%ymm1, %ymm11, %ymm11
+        vpor	%ymm2, %ymm12, %ymm12
+        vpor	%ymm3, %ymm13, %ymm13
+        vpor	%ymm4, %ymm14, %ymm14
+        vpandn	%ymm12, %ymm11, %ymm0
+        vpandn	%ymm13, %ymm12, %ymm1
+        vpandn	%ymm14, %ymm13, %ymm2
+        vpandn	%ymm10, %ymm14, %ymm3
+        vpandn	%ymm11, %ymm10, %ymm4
+        vpxor	%ymm10, %ymm0, %ymm0
+        vpxor	%ymm11, %ymm1, %ymm1
+        vpxor	%ymm12, %ymm2, %ymm2
+        vpxor	%ymm13, %ymm3, %ymm3
+        vpxor	%ymm14, %ymm4, %ymm4
+        vmovdqu	%ymm0, 96(%rcx)
+        vmovdqu	%ymm1, -64(%rcx)
+        vmovdqu	%ymm2, 32(%rax)
+        vmovdqu	%ymm3, 128(%rdi)
+        vmovdqu	%ymm4, -32(%rdi)
+        # Round 5
+        # Calc b[0..4]
+        vpxor	%ymm15, %ymm0, %ymm10
+        vpxor	-96(%rdi), %ymm3, %ymm13
+        vpxor	-64(%rdi), %ymm1, %ymm11
+        vpxor	(%rdi), %ymm2, %ymm12
+        vpxor	32(%rdi), %ymm4, %ymm14
+        vpxor	64(%rdi), %ymm12, %ymm12
+        vpxor	96(%rdi), %ymm10, %ymm10
+        vpxor	-96(%rax), %ymm11, %ymm11
+        vpxor	-64(%rax), %ymm13, %ymm13
+        vpxor	-32(%rax), %ymm11, %ymm11
+        vpxor	(%rax), %ymm14, %ymm14
+        vpxor	64(%rax), %ymm10, %ymm10
+        vpxor	96(%rax), %ymm12, %ymm12
+        vpxor	128(%rax), %ymm10, %ymm10
+        vpxor	-96(%rcx), %ymm13, %ymm13
+        vpxor	-32(%rcx), %ymm14, %ymm14
+        vpxor	(%rcx), %ymm11, %ymm11
+        vpxor	32(%rcx), %ymm14, %ymm14
+        vpxor	64(%rcx), %ymm12, %ymm12
+        vpxor	128(%rcx), %ymm13, %ymm13
+        # Calc t[0..4]
+        vpsrlq	$63, %ymm11, %ymm0
+        vpsrlq	$63, %ymm12, %ymm1
+        vpsrlq	$63, %ymm13, %ymm2
+        vpsrlq	$63, %ymm14, %ymm3
+        vpsrlq	$63, %ymm10, %ymm4
+        vpaddq	%ymm11, %ymm11, %ymm5
+        vpaddq	%ymm12, %ymm12, %ymm6
+        vpaddq	%ymm13, %ymm13, %ymm7
+        vpaddq	%ymm14, %ymm14, %ymm8
+        vpaddq	%ymm10, %ymm10, %ymm9
+        vpor	%ymm0, %ymm5, %ymm5
+        vpor	%ymm1, %ymm6, %ymm6
+        vpor	%ymm2, %ymm7, %ymm7
+        vpor	%ymm3, %ymm8, %ymm8
+        vpor	%ymm4, %ymm9, %ymm9
+        vpxor	%ymm14, %ymm5, %ymm5
+        vpxor	%ymm10, %ymm6, %ymm6
+        vpxor	%ymm11, %ymm7, %ymm7
+        vpxor	%ymm12, %ymm8, %ymm8
+        vpxor	%ymm13, %ymm9, %ymm9
+        # Row Mix
+        # Row 0
+        vpxor	%ymm15, %ymm5, %ymm10
+        vpxor	-64(%rdi), %ymm6, %ymm11
+        vpxor	(%rdi), %ymm7, %ymm12
+        vpxor	-96(%rdi), %ymm8, %ymm13
+        vpxor	-32(%rdi), %ymm9, %ymm14
+        vpsrlq	$20, %ymm11, %ymm0
+        vpsrlq	$21, %ymm12, %ymm1
+        vpsrlq	$43, %ymm13, %ymm2
+        vpsrlq	$50, %ymm14, %ymm3
+        vpsllq	$44, %ymm11, %ymm11
+        vpsllq	$43, %ymm12, %ymm12
+        vpsllq	$21, %ymm13, %ymm13
+        vpsllq	$14, %ymm14, %ymm14
+        vpor	%ymm0, %ymm11, %ymm11
+        vpor	%ymm1, %ymm12, %ymm12
+        vpor	%ymm2, %ymm13, %ymm13
+        vpor	%ymm3, %ymm14, %ymm14
+        vpandn	%ymm12, %ymm11, %ymm15
+        vpandn	%ymm13, %ymm12, %ymm1
+        vpandn	%ymm14, %ymm13, %ymm2
+        vpandn	%ymm10, %ymm14, %ymm3
+        vpandn	%ymm11, %ymm10, %ymm4
+        vpxor	%ymm10, %ymm15, %ymm15
+        vpxor	%ymm11, %ymm1, %ymm1
+        vpxor	%ymm12, %ymm2, %ymm2
+        # XOR in constant
+        vpxor	160(%rdx), %ymm15, %ymm15
+        vpxor	%ymm13, %ymm3, %ymm3
+        vpxor	%ymm14, %ymm4, %ymm4
+        vmovdqu	%ymm1, -64(%rdi)
+        vmovdqu	%ymm2, (%rdi)
+        vmovdqu	%ymm3, -96(%rdi)
+        vmovdqu	%ymm4, -32(%rdi)
+        # Row 1
+        vpxor	-64(%rax), %ymm8, %ymm10
+        vpxor	(%rax), %ymm9, %ymm11
+        vpxor	64(%rax), %ymm5, %ymm12
+        vpxor	-32(%rax), %ymm6, %ymm13
+        vpxor	32(%rax), %ymm7, %ymm14
+        vpsrlq	$36, %ymm10, %ymm0
+        vpsrlq	$44, %ymm11, %ymm1
+        vpsrlq	$61, %ymm12, %ymm2
+        vpsrlq	$19, %ymm13, %ymm3
+        vpsrlq	$3, %ymm14, %ymm4
+        vpsllq	$28, %ymm10, %ymm10
+        vpsllq	$20, %ymm11, %ymm11
+        vpsllq	$3, %ymm12, %ymm12
+        vpsllq	$45, %ymm13, %ymm13
+        vpsllq	$61, %ymm14, %ymm14
+        vpor	%ymm0, %ymm10, %ymm10
+        vpor	%ymm1, %ymm11, %ymm11
+        vpor	%ymm2, %ymm12, %ymm12
+        vpor	%ymm3, %ymm13, %ymm13
+        vpor	%ymm4, %ymm14, %ymm14
+        vpandn	%ymm12, %ymm11, %ymm0
+        vpandn	%ymm13, %ymm12, %ymm1
+        vpandn	%ymm14, %ymm13, %ymm2
+        vpandn	%ymm10, %ymm14, %ymm3
+        vpandn	%ymm11, %ymm10, %ymm4
+        vpxor	%ymm10, %ymm0, %ymm0
+        vpxor	%ymm11, %ymm1, %ymm1
+        vpxor	%ymm12, %ymm2, %ymm2
+        vpxor	%ymm13, %ymm3, %ymm3
+        vpxor	%ymm14, %ymm4, %ymm4
+        vmovdqu	%ymm0, -64(%rax)
+        vmovdqu	%ymm1, (%rax)
+        vmovdqu	%ymm2, 64(%rax)
+        vmovdqu	%ymm3, -32(%rax)
+        vmovdqu	%ymm4, 32(%rax)
+        # Row 2
+        vpxor	(%rcx), %ymm6, %ymm10
+        vpxor	64(%rcx), %ymm7, %ymm11
+        vpxor	128(%rcx), %ymm8, %ymm12
+        vpxor	32(%rcx), %ymm9, %ymm13
+        vpxor	96(%rcx), %ymm5, %ymm14
+        vpsrlq	$63, %ymm10, %ymm0
+        vpsrlq	$58, %ymm11, %ymm1
+        vpsrlq	$39, %ymm12, %ymm2
+        vpsrlq	$56, %ymm13, %ymm3
+        vpsrlq	$46, %ymm14, %ymm4
+        vpaddq	%ymm10, %ymm10, %ymm10
+        vpsllq	$6, %ymm11, %ymm11
+        vpsllq	$25, %ymm12, %ymm12
+        vpsllq	$8, %ymm13, %ymm13
+        vpsllq	$18, %ymm14, %ymm14
+        vpor	%ymm0, %ymm10, %ymm10
+        vpor	%ymm1, %ymm11, %ymm11
+        vpor	%ymm2, %ymm12, %ymm12
+        vpor	%ymm3, %ymm13, %ymm13
+        vpor	%ymm4, %ymm14, %ymm14
+        vpandn	%ymm12, %ymm11, %ymm0
+        vpandn	%ymm13, %ymm12, %ymm1
+        vpandn	%ymm14, %ymm13, %ymm2
+        vpandn	%ymm10, %ymm14, %ymm3
+        vpandn	%ymm11, %ymm10, %ymm4
+        vpxor	%ymm10, %ymm0, %ymm0
+        vpxor	%ymm11, %ymm1, %ymm1
+        vpxor	%ymm12, %ymm2, %ymm2
+        vpxor	%ymm13, %ymm3, %ymm3
+        vpxor	%ymm14, %ymm4, %ymm4
+        vmovdqu	%ymm0, (%rcx)
+        vmovdqu	%ymm1, 64(%rcx)
+        vmovdqu	%ymm2, 128(%rcx)
+        vmovdqu	%ymm3, 32(%rcx)
+        vmovdqu	%ymm4, 96(%rcx)
+        # Row 3
+        vpxor	32(%rdi), %ymm9, %ymm10
+        vpxor	96(%rdi), %ymm5, %ymm11
+        vpxor	-96(%rax), %ymm6, %ymm12
+        vpxor	64(%rdi), %ymm7, %ymm13
+        vpxor	128(%rdi), %ymm8, %ymm14
+        vpsrlq	$37, %ymm10, %ymm0
+        vpsrlq	$28, %ymm11, %ymm1
+        vpsrlq	$54, %ymm12, %ymm2
+        vpsrlq	$49, %ymm13, %ymm3
+        vpsrlq	$8, %ymm14, %ymm4
+        vpsllq	$27, %ymm10, %ymm10
+        vpsllq	$36, %ymm11, %ymm11
+        vpsllq	$10, %ymm12, %ymm12
+        vpsllq	$15, %ymm13, %ymm13
+        vpsllq	$56, %ymm14, %ymm14
+        vpor	%ymm0, %ymm10, %ymm10
+        vpor	%ymm1, %ymm11, %ymm11
+        vpor	%ymm2, %ymm12, %ymm12
+        vpor	%ymm3, %ymm13, %ymm13
+        vpor	%ymm4, %ymm14, %ymm14
+        vpandn	%ymm12, %ymm11, %ymm0
+        vpandn	%ymm13, %ymm12, %ymm1
+        vpandn	%ymm14, %ymm13, %ymm2
+        vpandn	%ymm10, %ymm14, %ymm3
+        vpandn	%ymm11, %ymm10, %ymm4
+        vpxor	%ymm10, %ymm0, %ymm0
+        vpxor	%ymm11, %ymm1, %ymm1
+        vpxor	%ymm12, %ymm2, %ymm2
+        vpxor	%ymm13, %ymm3, %ymm3
+        vpxor	%ymm14, %ymm4, %ymm4
+        vmovdqu	%ymm0, 32(%rdi)
+        vmovdqu	%ymm1, 96(%rdi)
+        vmovdqu	%ymm2, -96(%rax)
+        vmovdqu	%ymm3, 64(%rdi)
+        vmovdqu	%ymm4, 128(%rdi)
+        # Row 4
+        vpxor	96(%rax), %ymm7, %ymm10
+        vpxor	-96(%rcx), %ymm8, %ymm11
+        vpxor	-32(%rcx), %ymm9, %ymm12
+        vpxor	128(%rax), %ymm5, %ymm13
+        vpxor	-64(%rcx), %ymm6, %ymm14
+        vpsrlq	$2, %ymm10, %ymm0
+        vpsrlq	$9, %ymm11, %ymm1
+        vpsrlq	$25, %ymm12, %ymm2
+        vpsrlq	$23, %ymm13, %ymm3
+        vpsrlq	$62, %ymm14, %ymm4
+        vpsllq	$62, %ymm10, %ymm10
+        vpsllq	$55, %ymm11, %ymm11
+        vpsllq	$39, %ymm12, %ymm12
+        vpsllq	$41, %ymm13, %ymm13
+        vpsllq	$2, %ymm14, %ymm14
+        vpor	%ymm0, %ymm10, %ymm10
+        vpor	%ymm1, %ymm11, %ymm11
+        vpor	%ymm2, %ymm12, %ymm12
+        vpor	%ymm3, %ymm13, %ymm13
+        vpor	%ymm4, %ymm14, %ymm14
+        vpandn	%ymm12, %ymm11, %ymm0
+        vpandn	%ymm13, %ymm12, %ymm1
+        vpandn	%ymm14, %ymm13, %ymm2
+        vpandn	%ymm10, %ymm14, %ymm3
+        vpandn	%ymm11, %ymm10, %ymm4
+        vpxor	%ymm10, %ymm0, %ymm0
+        vpxor	%ymm11, %ymm1, %ymm1
+        vpxor	%ymm12, %ymm2, %ymm2
+        vpxor	%ymm13, %ymm3, %ymm3
+        vpxor	%ymm14, %ymm4, %ymm4
+        vmovdqu	%ymm0, 96(%rax)
+        vmovdqu	%ymm1, -96(%rcx)
+        vmovdqu	%ymm2, -32(%rcx)
+        vmovdqu	%ymm3, 128(%rax)
+        vmovdqu	%ymm4, -64(%rcx)
+        # Round 6
+        # Calc b[0..4]
+        vpxor	%ymm15, %ymm0, %ymm10
+        vpxor	-96(%rdi), %ymm3, %ymm13
+        vpxor	-64(%rdi), %ymm1, %ymm11
+        vpxor	-32(%rdi), %ymm4, %ymm14
+        vpxor	(%rdi), %ymm2, %ymm12
+        vpxor	32(%rdi), %ymm10, %ymm10
+        vpxor	64(%rdi), %ymm13, %ymm13
+        vpxor	96(%rdi), %ymm11, %ymm11
+        vpxor	128(%rdi), %ymm14, %ymm14
+        vpxor	-96(%rax), %ymm12, %ymm12
+        vpxor	-64(%rax), %ymm10, %ymm10
+        vpxor	-32(%rax), %ymm13, %ymm13
+        vpxor	(%rax), %ymm11, %ymm11
+        vpxor	32(%rax), %ymm14, %ymm14
+        vpxor	64(%rax), %ymm12, %ymm12
+        vpxor	(%rcx), %ymm10, %ymm10
+        vpxor	32(%rcx), %ymm13, %ymm13
+        vpxor	64(%rcx), %ymm11, %ymm11
+        vpxor	96(%rcx), %ymm14, %ymm14
+        vpxor	128(%rcx), %ymm12, %ymm12
+        # Calc t[0..4]
+        vpsrlq	$63, %ymm11, %ymm0
+        vpsrlq	$63, %ymm12, %ymm1
+        vpsrlq	$63, %ymm13, %ymm2
+        vpsrlq	$63, %ymm14, %ymm3
+        vpsrlq	$63, %ymm10, %ymm4
+        vpaddq	%ymm11, %ymm11, %ymm5
+        vpaddq	%ymm12, %ymm12, %ymm6
+        vpaddq	%ymm13, %ymm13, %ymm7
+        vpaddq	%ymm14, %ymm14, %ymm8
+        vpaddq	%ymm10, %ymm10, %ymm9
+        vpor	%ymm0, %ymm5, %ymm5
+        vpor	%ymm1, %ymm6, %ymm6
+        vpor	%ymm2, %ymm7, %ymm7
+        vpor	%ymm3, %ymm8, %ymm8
+        vpor	%ymm4, %ymm9, %ymm9
+        vpxor	%ymm14, %ymm5, %ymm5
+        vpxor	%ymm10, %ymm6, %ymm6
+        vpxor	%ymm11, %ymm7, %ymm7
+        vpxor	%ymm12, %ymm8, %ymm8
+        vpxor	%ymm13, %ymm9, %ymm9
+        # Row Mix
+        # Row 0
+        vpxor	%ymm15, %ymm5, %ymm10
+        vpxor	(%rax), %ymm6, %ymm11
+        vpxor	128(%rcx), %ymm7, %ymm12
+        vpxor	64(%rdi), %ymm8, %ymm13
+        vpxor	-64(%rcx), %ymm9, %ymm14
+        vpsrlq	$20, %ymm11, %ymm0
+        vpsrlq	$21, %ymm12, %ymm1
+        vpsrlq	$43, %ymm13, %ymm2
+        vpsrlq	$50, %ymm14, %ymm3
+        vpsllq	$44, %ymm11, %ymm11
+        vpsllq	$43, %ymm12, %ymm12
+        vpsllq	$21, %ymm13, %ymm13
+        vpsllq	$14, %ymm14, %ymm14
+        vpor	%ymm0, %ymm11, %ymm11
+        vpor	%ymm1, %ymm12, %ymm12
+        vpor	%ymm2, %ymm13, %ymm13
+        vpor	%ymm3, %ymm14, %ymm14
+        vpandn	%ymm12, %ymm11, %ymm15
+        vpandn	%ymm13, %ymm12, %ymm1
+        vpandn	%ymm14, %ymm13, %ymm2
+        vpandn	%ymm10, %ymm14, %ymm3
+        vpandn	%ymm11, %ymm10, %ymm4
+        vpxor	%ymm10, %ymm15, %ymm15
+        vpxor	%ymm11, %ymm1, %ymm1
+        vpxor	%ymm12, %ymm2, %ymm2
+        # XOR in constant
+        vpxor	192(%rdx), %ymm15, %ymm15
+        vpxor	%ymm13, %ymm3, %ymm3
+        vpxor	%ymm14, %ymm4, %ymm4
+        vmovdqu	%ymm1, (%rax)
+        vmovdqu	%ymm2, 128(%rcx)
+        vmovdqu	%ymm3, 64(%rdi)
+        vmovdqu	%ymm4, -64(%rcx)
+        # Row 1
+        vpxor	-96(%rdi), %ymm8, %ymm10
+        vpxor	32(%rax), %ymm9, %ymm11
+        vpxor	(%rcx), %ymm5, %ymm12
+        vpxor	96(%rdi), %ymm6, %ymm13
+        vpxor	-32(%rcx), %ymm7, %ymm14
+        vpsrlq	$36, %ymm10, %ymm0
+        vpsrlq	$44, %ymm11, %ymm1
+        vpsrlq	$61, %ymm12, %ymm2
+        vpsrlq	$19, %ymm13, %ymm3
+        vpsrlq	$3, %ymm14, %ymm4
+        vpsllq	$28, %ymm10, %ymm10
+        vpsllq	$20, %ymm11, %ymm11
+        vpsllq	$3, %ymm12, %ymm12
+        vpsllq	$45, %ymm13, %ymm13
+        vpsllq	$61, %ymm14, %ymm14
+        vpor	%ymm0, %ymm10, %ymm10
+        vpor	%ymm1, %ymm11, %ymm11
+        vpor	%ymm2, %ymm12, %ymm12
+        vpor	%ymm3, %ymm13, %ymm13
+        vpor	%ymm4, %ymm14, %ymm14
+        vpandn	%ymm12, %ymm11, %ymm0
+        vpandn	%ymm13, %ymm12, %ymm1
+        vpandn	%ymm14, %ymm13, %ymm2
+        vpandn	%ymm10, %ymm14, %ymm3
+        vpandn	%ymm11, %ymm10, %ymm4
+        vpxor	%ymm10, %ymm0, %ymm0
+        vpxor	%ymm11, %ymm1, %ymm1
+        vpxor	%ymm12, %ymm2, %ymm2
+        vpxor	%ymm13, %ymm3, %ymm3
+        vpxor	%ymm14, %ymm4, %ymm4
+        vmovdqu	%ymm0, -96(%rdi)
+        vmovdqu	%ymm1, 32(%rax)
+        vmovdqu	%ymm2, (%rcx)
+        vmovdqu	%ymm3, 96(%rdi)
+        vmovdqu	%ymm4, -32(%rcx)
+        # Row 2
+        vpxor	-64(%rdi), %ymm6, %ymm10
+        vpxor	64(%rax), %ymm7, %ymm11
+        vpxor	32(%rcx), %ymm8, %ymm12
+        vpxor	128(%rdi), %ymm9, %ymm13
+        vpxor	96(%rax), %ymm5, %ymm14
+        vpsrlq	$63, %ymm10, %ymm0
+        vpsrlq	$58, %ymm11, %ymm1
+        vpsrlq	$39, %ymm12, %ymm2
+        vpsrlq	$56, %ymm13, %ymm3
+        vpsrlq	$46, %ymm14, %ymm4
+        vpaddq	%ymm10, %ymm10, %ymm10
+        vpsllq	$6, %ymm11, %ymm11
+        vpsllq	$25, %ymm12, %ymm12
+        vpsllq	$8, %ymm13, %ymm13
+        vpsllq	$18, %ymm14, %ymm14
+        vpor	%ymm0, %ymm10, %ymm10
+        vpor	%ymm1, %ymm11, %ymm11
+        vpor	%ymm2, %ymm12, %ymm12
+        vpor	%ymm3, %ymm13, %ymm13
+        vpor	%ymm4, %ymm14, %ymm14
+        vpandn	%ymm12, %ymm11, %ymm0
+        vpandn	%ymm13, %ymm12, %ymm1
+        vpandn	%ymm14, %ymm13, %ymm2
+        vpandn	%ymm10, %ymm14, %ymm3
+        vpandn	%ymm11, %ymm10, %ymm4
+        vpxor	%ymm10, %ymm0, %ymm0
+        vpxor	%ymm11, %ymm1, %ymm1
+        vpxor	%ymm12, %ymm2, %ymm2
+        vpxor	%ymm13, %ymm3, %ymm3
+        vpxor	%ymm14, %ymm4, %ymm4
+        vmovdqu	%ymm0, -64(%rdi)
+        vmovdqu	%ymm1, 64(%rax)
+        vmovdqu	%ymm2, 32(%rcx)
+        vmovdqu	%ymm3, 128(%rdi)
+        vmovdqu	%ymm4, 96(%rax)
+        # Row 3
+        vpxor	-32(%rdi), %ymm9, %ymm10
+        vpxor	-64(%rax), %ymm5, %ymm11
+        vpxor	64(%rcx), %ymm6, %ymm12
+        vpxor	-96(%rax), %ymm7, %ymm13
+        vpxor	128(%rax), %ymm8, %ymm14
+        vpsrlq	$37, %ymm10, %ymm0
+        vpsrlq	$28, %ymm11, %ymm1
+        vpsrlq	$54, %ymm12, %ymm2
+        vpsrlq	$49, %ymm13, %ymm3
+        vpsrlq	$8, %ymm14, %ymm4
+        vpsllq	$27, %ymm10, %ymm10
+        vpsllq	$36, %ymm11, %ymm11
+        vpsllq	$10, %ymm12, %ymm12
+        vpsllq	$15, %ymm13, %ymm13
+        vpsllq	$56, %ymm14, %ymm14
+        vpor	%ymm0, %ymm10, %ymm10
+        vpor	%ymm1, %ymm11, %ymm11
+        vpor	%ymm2, %ymm12, %ymm12
+        vpor	%ymm3, %ymm13, %ymm13
+        vpor	%ymm4, %ymm14, %ymm14
+        vpandn	%ymm12, %ymm11, %ymm0
+        vpandn	%ymm13, %ymm12, %ymm1
+        vpandn	%ymm14, %ymm13, %ymm2
+        vpandn	%ymm10, %ymm14, %ymm3
+        vpandn	%ymm11, %ymm10, %ymm4
+        vpxor	%ymm10, %ymm0, %ymm0
+        vpxor	%ymm11, %ymm1, %ymm1
+        vpxor	%ymm12, %ymm2, %ymm2
+        vpxor	%ymm13, %ymm3, %ymm3
+        vpxor	%ymm14, %ymm4, %ymm4
+        vmovdqu	%ymm0, -32(%rdi)
+        vmovdqu	%ymm1, -64(%rax)
+        vmovdqu	%ymm2, 64(%rcx)
+        vmovdqu	%ymm3, -96(%rax)
+        vmovdqu	%ymm4, 128(%rax)
+        # Row 4
+        vpxor	(%rdi), %ymm7, %ymm10
+        vpxor	-32(%rax), %ymm8, %ymm11
+        vpxor	96(%rcx), %ymm9, %ymm12
+        vpxor	32(%rdi), %ymm5, %ymm13
+        vpxor	-96(%rcx), %ymm6, %ymm14
+        vpsrlq	$2, %ymm10, %ymm0
+        vpsrlq	$9, %ymm11, %ymm1
+        vpsrlq	$25, %ymm12, %ymm2
+        vpsrlq	$23, %ymm13, %ymm3
+        vpsrlq	$62, %ymm14, %ymm4
+        vpsllq	$62, %ymm10, %ymm10
+        vpsllq	$55, %ymm11, %ymm11
+        vpsllq	$39, %ymm12, %ymm12
+        vpsllq	$41, %ymm13, %ymm13
+        vpsllq	$2, %ymm14, %ymm14
+        vpor	%ymm0, %ymm10, %ymm10
+        vpor	%ymm1, %ymm11, %ymm11
+        vpor	%ymm2, %ymm12, %ymm12
+        vpor	%ymm3, %ymm13, %ymm13
+        vpor	%ymm4, %ymm14, %ymm14
+        vpandn	%ymm12, %ymm11, %ymm0
+        vpandn	%ymm13, %ymm12, %ymm1
+        vpandn	%ymm14, %ymm13, %ymm2
+        vpandn	%ymm10, %ymm14, %ymm3
+        vpandn	%ymm11, %ymm10, %ymm4
+        vpxor	%ymm10, %ymm0, %ymm0
+        vpxor	%ymm11, %ymm1, %ymm1
+        vpxor	%ymm12, %ymm2, %ymm2
+        vpxor	%ymm13, %ymm3, %ymm3
+        vpxor	%ymm14, %ymm4, %ymm4
+        vmovdqu	%ymm0, (%rdi)
+        vmovdqu	%ymm1, -32(%rax)
+        vmovdqu	%ymm2, 96(%rcx)
+        vmovdqu	%ymm3, 32(%rdi)
+        vmovdqu	%ymm4, -96(%rcx)
+        # Round 7
+        # Calc b[0..4]
+        vpxor	%ymm15, %ymm0, %ymm10
+        vpxor	-96(%rdi), %ymm10, %ymm10
+        vpxor	-64(%rdi), %ymm10, %ymm10
+        vpxor	-32(%rdi), %ymm10, %ymm10
+        vpxor	64(%rdi), %ymm3, %ymm13
+        vpxor	96(%rdi), %ymm13, %ymm13
+        vpxor	128(%rdi), %ymm13, %ymm13
+        vpxor	-96(%rax), %ymm13, %ymm13
+        vpxor	-64(%rax), %ymm1, %ymm11
+        vpxor	(%rax), %ymm11, %ymm11
+        vpxor	32(%rax), %ymm11, %ymm11
+        vpxor	64(%rax), %ymm11, %ymm11
+        vpxor	96(%rax), %ymm4, %ymm14
+        vpxor	128(%rax), %ymm14, %ymm14
+        vpxor	-64(%rcx), %ymm14, %ymm14
+        vpxor	-32(%rcx), %ymm14, %ymm14
+        vpxor	(%rcx), %ymm2, %ymm12
+        vpxor	32(%rcx), %ymm12, %ymm12
+        vpxor	64(%rcx), %ymm12, %ymm12
+        vpxor	128(%rcx), %ymm12, %ymm12
+        # Calc t[0..4]
+        vpsrlq	$63, %ymm11, %ymm0
+        vpsrlq	$63, %ymm12, %ymm1
+        vpsrlq	$63, %ymm13, %ymm2
+        vpsrlq	$63, %ymm14, %ymm3
+        vpsrlq	$63, %ymm10, %ymm4
+        vpaddq	%ymm11, %ymm11, %ymm5
+        vpaddq	%ymm12, %ymm12, %ymm6
+        vpaddq	%ymm13, %ymm13, %ymm7
+        vpaddq	%ymm14, %ymm14, %ymm8
+        vpaddq	%ymm10, %ymm10, %ymm9
+        vpor	%ymm0, %ymm5, %ymm5
+        vpor	%ymm1, %ymm6, %ymm6
+        vpor	%ymm2, %ymm7, %ymm7
+        vpor	%ymm3, %ymm8, %ymm8
+        vpor	%ymm4, %ymm9, %ymm9
+        vpxor	%ymm14, %ymm5, %ymm5
+        vpxor	%ymm10, %ymm6, %ymm6
+        vpxor	%ymm11, %ymm7, %ymm7
+        vpxor	%ymm12, %ymm8, %ymm8
+        vpxor	%ymm13, %ymm9, %ymm9
+        # Row Mix
+        # Row 0
+        vpxor	%ymm15, %ymm5, %ymm10
+        vpxor	32(%rax), %ymm6, %ymm11
+        vpxor	32(%rcx), %ymm7, %ymm12
+        vpxor	-96(%rax), %ymm8, %ymm13
+        vpxor	-96(%rcx), %ymm9, %ymm14
+        vpsrlq	$20, %ymm11, %ymm0
+        vpsrlq	$21, %ymm12, %ymm1
+        vpsrlq	$43, %ymm13, %ymm2
+        vpsrlq	$50, %ymm14, %ymm3
+        vpsllq	$44, %ymm11, %ymm11
+        vpsllq	$43, %ymm12, %ymm12
+        vpsllq	$21, %ymm13, %ymm13
+        vpsllq	$14, %ymm14, %ymm14
+        vpor	%ymm0, %ymm11, %ymm11
+        vpor	%ymm1, %ymm12, %ymm12
+        vpor	%ymm2, %ymm13, %ymm13
+        vpor	%ymm3, %ymm14, %ymm14
+        vpandn	%ymm12, %ymm11, %ymm15
+        vpandn	%ymm13, %ymm12, %ymm1
+        vpandn	%ymm14, %ymm13, %ymm2
+        vpandn	%ymm10, %ymm14, %ymm3
+        vpandn	%ymm11, %ymm10, %ymm4
+        vpxor	%ymm10, %ymm15, %ymm15
+        vpxor	%ymm11, %ymm1, %ymm1
+        vpxor	%ymm12, %ymm2, %ymm2
+        # XOR in constant
+        vpxor	224(%rdx), %ymm15, %ymm15
+        vpxor	%ymm13, %ymm3, %ymm3
+        vpxor	%ymm14, %ymm4, %ymm4
+        vmovdqu	%ymm1, 32(%rax)
+        vmovdqu	%ymm2, 32(%rcx)
+        vmovdqu	%ymm3, -96(%rax)
+        vmovdqu	%ymm4, -96(%rcx)
+        # Row 1
+        vpxor	64(%rdi), %ymm8, %ymm10
+        vpxor	-32(%rcx), %ymm9, %ymm11
+        vpxor	-64(%rdi), %ymm5, %ymm12
+        vpxor	-64(%rax), %ymm6, %ymm13
+        vpxor	96(%rcx), %ymm7, %ymm14
+        vpsrlq	$36, %ymm10, %ymm0
+        vpsrlq	$44, %ymm11, %ymm1
+        vpsrlq	$61, %ymm12, %ymm2
+        vpsrlq	$19, %ymm13, %ymm3
+        vpsrlq	$3, %ymm14, %ymm4
+        vpsllq	$28, %ymm10, %ymm10
+        vpsllq	$20, %ymm11, %ymm11
+        vpsllq	$3, %ymm12, %ymm12
+        vpsllq	$45, %ymm13, %ymm13
+        vpsllq	$61, %ymm14, %ymm14
+        vpor	%ymm0, %ymm10, %ymm10
+        vpor	%ymm1, %ymm11, %ymm11
+        vpor	%ymm2, %ymm12, %ymm12
+        vpor	%ymm3, %ymm13, %ymm13
+        vpor	%ymm4, %ymm14, %ymm14
+        vpandn	%ymm12, %ymm11, %ymm0
+        vpandn	%ymm13, %ymm12, %ymm1
+        vpandn	%ymm14, %ymm13, %ymm2
+        vpandn	%ymm10, %ymm14, %ymm3
+        vpandn	%ymm11, %ymm10, %ymm4
+        vpxor	%ymm10, %ymm0, %ymm0
+        vpxor	%ymm11, %ymm1, %ymm1
+        vpxor	%ymm12, %ymm2, %ymm2
+        vpxor	%ymm13, %ymm3, %ymm3
+        vpxor	%ymm14, %ymm4, %ymm4
+        vmovdqu	%ymm0, 64(%rdi)
+        vmovdqu	%ymm1, -32(%rcx)
+        vmovdqu	%ymm2, -64(%rdi)
+        vmovdqu	%ymm3, -64(%rax)
+        vmovdqu	%ymm4, 96(%rcx)
+        # Row 2
+        vpxor	(%rax), %ymm6, %ymm10
+        vpxor	(%rcx), %ymm7, %ymm11
+        vpxor	128(%rdi), %ymm8, %ymm12
+        vpxor	128(%rax), %ymm9, %ymm13
+        vpxor	(%rdi), %ymm5, %ymm14
+        vpsrlq	$63, %ymm10, %ymm0
+        vpsrlq	$58, %ymm11, %ymm1
+        vpsrlq	$39, %ymm12, %ymm2
+        vpsrlq	$56, %ymm13, %ymm3
+        vpsrlq	$46, %ymm14, %ymm4
+        vpaddq	%ymm10, %ymm10, %ymm10
+        vpsllq	$6, %ymm11, %ymm11
+        vpsllq	$25, %ymm12, %ymm12
+        vpsllq	$8, %ymm13, %ymm13
+        vpsllq	$18, %ymm14, %ymm14
+        vpor	%ymm0, %ymm10, %ymm10
+        vpor	%ymm1, %ymm11, %ymm11
+        vpor	%ymm2, %ymm12, %ymm12
+        vpor	%ymm3, %ymm13, %ymm13
+        vpor	%ymm4, %ymm14, %ymm14
+        vpandn	%ymm12, %ymm11, %ymm0
+        vpandn	%ymm13, %ymm12, %ymm1
+        vpandn	%ymm14, %ymm13, %ymm2
+        vpandn	%ymm10, %ymm14, %ymm3
+        vpandn	%ymm11, %ymm10, %ymm4
+        vpxor	%ymm10, %ymm0, %ymm0
+        vpxor	%ymm11, %ymm1, %ymm1
+        vpxor	%ymm12, %ymm2, %ymm2
+        vpxor	%ymm13, %ymm3, %ymm3
+        vpxor	%ymm14, %ymm4, %ymm4
+        vmovdqu	%ymm0, (%rax)
+        vmovdqu	%ymm1, (%rcx)
+        vmovdqu	%ymm2, 128(%rdi)
+        vmovdqu	%ymm3, 128(%rax)
+        vmovdqu	%ymm4, (%rdi)
+        # Row 3
+        vpxor	-64(%rcx), %ymm9, %ymm10
+        vpxor	-96(%rdi), %ymm5, %ymm11
+        vpxor	64(%rax), %ymm6, %ymm12
+        vpxor	64(%rcx), %ymm7, %ymm13
+        vpxor	32(%rdi), %ymm8, %ymm14
+        vpsrlq	$37, %ymm10, %ymm0
+        vpsrlq	$28, %ymm11, %ymm1
+        vpsrlq	$54, %ymm12, %ymm2
+        vpsrlq	$49, %ymm13, %ymm3
+        vpsrlq	$8, %ymm14, %ymm4
+        vpsllq	$27, %ymm10, %ymm10
+        vpsllq	$36, %ymm11, %ymm11
+        vpsllq	$10, %ymm12, %ymm12
+        vpsllq	$15, %ymm13, %ymm13
+        vpsllq	$56, %ymm14, %ymm14
+        vpor	%ymm0, %ymm10, %ymm10
+        vpor	%ymm1, %ymm11, %ymm11
+        vpor	%ymm2, %ymm12, %ymm12
+        vpor	%ymm3, %ymm13, %ymm13
+        vpor	%ymm4, %ymm14, %ymm14
+        vpandn	%ymm12, %ymm11, %ymm0
+        vpandn	%ymm13, %ymm12, %ymm1
+        vpandn	%ymm14, %ymm13, %ymm2
+        vpandn	%ymm10, %ymm14, %ymm3
+        vpandn	%ymm11, %ymm10, %ymm4
+        vpxor	%ymm10, %ymm0, %ymm0
+        vpxor	%ymm11, %ymm1, %ymm1
+        vpxor	%ymm12, %ymm2, %ymm2
+        vpxor	%ymm13, %ymm3, %ymm3
+        vpxor	%ymm14, %ymm4, %ymm4
+        vmovdqu	%ymm0, -64(%rcx)
+        vmovdqu	%ymm1, -96(%rdi)
+        vmovdqu	%ymm2, 64(%rax)
+        vmovdqu	%ymm3, 64(%rcx)
+        vmovdqu	%ymm4, 32(%rdi)
+        # Row 4
+        vpxor	128(%rcx), %ymm7, %ymm10
+        vpxor	96(%rdi), %ymm8, %ymm11
+        vpxor	96(%rax), %ymm9, %ymm12
+        vpxor	-32(%rdi), %ymm5, %ymm13
+        vpxor	-32(%rax), %ymm6, %ymm14
+        vpsrlq	$2, %ymm10, %ymm0
+        vpsrlq	$9, %ymm11, %ymm1
+        vpsrlq	$25, %ymm12, %ymm2
+        vpsrlq	$23, %ymm13, %ymm3
+        vpsrlq	$62, %ymm14, %ymm4
+        vpsllq	$62, %ymm10, %ymm10
+        vpsllq	$55, %ymm11, %ymm11
+        vpsllq	$39, %ymm12, %ymm12
+        vpsllq	$41, %ymm13, %ymm13
+        vpsllq	$2, %ymm14, %ymm14
+        vpor	%ymm0, %ymm10, %ymm10
+        vpor	%ymm1, %ymm11, %ymm11
+        vpor	%ymm2, %ymm12, %ymm12
+        vpor	%ymm3, %ymm13, %ymm13
+        vpor	%ymm4, %ymm14, %ymm14
+        vpandn	%ymm12, %ymm11, %ymm0
+        vpandn	%ymm13, %ymm12, %ymm1
+        vpandn	%ymm14, %ymm13, %ymm2
+        vpandn	%ymm10, %ymm14, %ymm3
+        vpandn	%ymm11, %ymm10, %ymm4
+        vpxor	%ymm10, %ymm0, %ymm0
+        vpxor	%ymm11, %ymm1, %ymm1
+        vpxor	%ymm12, %ymm2, %ymm2
+        vpxor	%ymm13, %ymm3, %ymm3
+        vpxor	%ymm14, %ymm4, %ymm4
+        vmovdqu	%ymm0, 128(%rcx)
+        vmovdqu	%ymm1, 96(%rdi)
+        vmovdqu	%ymm2, 96(%rax)
+        vmovdqu	%ymm3, -32(%rdi)
+        vmovdqu	%ymm4, -32(%rax)
+        # Round 8
+        # Calc b[0..4]
+        vpxor	%ymm15, %ymm0, %ymm10
+        vpxor	-96(%rdi), %ymm1, %ymm11
+        vpxor	-64(%rdi), %ymm2, %ymm12
+        vpxor	(%rdi), %ymm4, %ymm14
+        vpxor	32(%rdi), %ymm14, %ymm14
+        vpxor	64(%rdi), %ymm10, %ymm10
+        vpxor	128(%rdi), %ymm12, %ymm12
+        vpxor	-96(%rax), %ymm3, %ymm13
+        vpxor	-64(%rax), %ymm13, %ymm13
+        vpxor	(%rax), %ymm10, %ymm10
+        vpxor	32(%rax), %ymm11, %ymm11
+        vpxor	64(%rax), %ymm12, %ymm12
+        vpxor	128(%rax), %ymm13, %ymm13
+        vpxor	-96(%rcx), %ymm14, %ymm14
+        vpxor	-64(%rcx), %ymm10, %ymm10
+        vpxor	-32(%rcx), %ymm11, %ymm11
+        vpxor	(%rcx), %ymm11, %ymm11
+        vpxor	32(%rcx), %ymm12, %ymm12
+        vpxor	64(%rcx), %ymm13, %ymm13
+        vpxor	96(%rcx), %ymm14, %ymm14
+        # Calc t[0..4]
+        vpsrlq	$63, %ymm11, %ymm0
+        vpsrlq	$63, %ymm12, %ymm1
+        vpsrlq	$63, %ymm13, %ymm2
+        vpsrlq	$63, %ymm14, %ymm3
+        vpsrlq	$63, %ymm10, %ymm4
+        vpaddq	%ymm11, %ymm11, %ymm5
+        vpaddq	%ymm12, %ymm12, %ymm6
+        vpaddq	%ymm13, %ymm13, %ymm7
+        vpaddq	%ymm14, %ymm14, %ymm8
+        vpaddq	%ymm10, %ymm10, %ymm9
+        vpor	%ymm0, %ymm5, %ymm5
+        vpor	%ymm1, %ymm6, %ymm6
+        vpor	%ymm2, %ymm7, %ymm7
+        vpor	%ymm3, %ymm8, %ymm8
+        vpor	%ymm4, %ymm9, %ymm9
+        vpxor	%ymm14, %ymm5, %ymm5
+        vpxor	%ymm10, %ymm6, %ymm6
+        vpxor	%ymm11, %ymm7, %ymm7
+        vpxor	%ymm12, %ymm8, %ymm8
+        vpxor	%ymm13, %ymm9, %ymm9
+        # Row Mix
+        # Row 0
+        vpxor	%ymm15, %ymm5, %ymm10
+        vpxor	-32(%rcx), %ymm6, %ymm11
+        vpxor	128(%rdi), %ymm7, %ymm12
+        vpxor	64(%rcx), %ymm8, %ymm13
+        vpxor	-32(%rax), %ymm9, %ymm14
+        vpsrlq	$20, %ymm11, %ymm0
+        vpsrlq	$21, %ymm12, %ymm1
+        vpsrlq	$43, %ymm13, %ymm2
+        vpsrlq	$50, %ymm14, %ymm3
+        vpsllq	$44, %ymm11, %ymm11
+        vpsllq	$43, %ymm12, %ymm12
+        vpsllq	$21, %ymm13, %ymm13
+        vpsllq	$14, %ymm14, %ymm14
+        vpor	%ymm0, %ymm11, %ymm11
+        vpor	%ymm1, %ymm12, %ymm12
+        vpor	%ymm2, %ymm13, %ymm13
+        vpor	%ymm3, %ymm14, %ymm14
+        vpandn	%ymm12, %ymm11, %ymm15
+        vpandn	%ymm13, %ymm12, %ymm1
+        vpandn	%ymm14, %ymm13, %ymm2
+        vpandn	%ymm10, %ymm14, %ymm3
+        vpandn	%ymm11, %ymm10, %ymm4
+        vpxor	%ymm10, %ymm15, %ymm15
+        vpxor	%ymm11, %ymm1, %ymm1
+        vpxor	%ymm12, %ymm2, %ymm2
+        # XOR in constant
+        vpxor	256(%rdx), %ymm15, %ymm15
+        vpxor	%ymm13, %ymm3, %ymm3
+        vpxor	%ymm14, %ymm4, %ymm4
+        vmovdqu	%ymm1, -32(%rcx)
+        vmovdqu	%ymm2, 128(%rdi)
+        vmovdqu	%ymm3, 64(%rcx)
+        vmovdqu	%ymm4, -32(%rax)
+        # Row 1
+        vpxor	-96(%rax), %ymm8, %ymm10
+        vpxor	96(%rcx), %ymm9, %ymm11
+        vpxor	(%rax), %ymm5, %ymm12
+        vpxor	-96(%rdi), %ymm6, %ymm13
+        vpxor	96(%rax), %ymm7, %ymm14
+        vpsrlq	$36, %ymm10, %ymm0
+        vpsrlq	$44, %ymm11, %ymm1
+        vpsrlq	$61, %ymm12, %ymm2
+        vpsrlq	$19, %ymm13, %ymm3
+        vpsrlq	$3, %ymm14, %ymm4
+        vpsllq	$28, %ymm10, %ymm10
+        vpsllq	$20, %ymm11, %ymm11
+        vpsllq	$3, %ymm12, %ymm12
+        vpsllq	$45, %ymm13, %ymm13
+        vpsllq	$61, %ymm14, %ymm14
+        vpor	%ymm0, %ymm10, %ymm10
+        vpor	%ymm1, %ymm11, %ymm11
+        vpor	%ymm2, %ymm12, %ymm12
+        vpor	%ymm3, %ymm13, %ymm13
+        vpor	%ymm4, %ymm14, %ymm14
+        vpandn	%ymm12, %ymm11, %ymm0
+        vpandn	%ymm13, %ymm12, %ymm1
+        vpandn	%ymm14, %ymm13, %ymm2
+        vpandn	%ymm10, %ymm14, %ymm3
+        vpandn	%ymm11, %ymm10, %ymm4
+        vpxor	%ymm10, %ymm0, %ymm0
+        vpxor	%ymm11, %ymm1, %ymm1
+        vpxor	%ymm12, %ymm2, %ymm2
+        vpxor	%ymm13, %ymm3, %ymm3
+        vpxor	%ymm14, %ymm4, %ymm4
+        vmovdqu	%ymm0, -96(%rax)
+        vmovdqu	%ymm1, 96(%rcx)
+        vmovdqu	%ymm2, (%rax)
+        vmovdqu	%ymm3, -96(%rdi)
+        vmovdqu	%ymm4, 96(%rax)
+        # Row 2
+        vpxor	32(%rax), %ymm6, %ymm10
+        vpxor	-64(%rdi), %ymm7, %ymm11
+        vpxor	128(%rax), %ymm8, %ymm12
+        vpxor	32(%rdi), %ymm9, %ymm13
+        vpxor	128(%rcx), %ymm5, %ymm14
+        vpsrlq	$63, %ymm10, %ymm0
+        vpsrlq	$58, %ymm11, %ymm1
+        vpsrlq	$39, %ymm12, %ymm2
+        vpsrlq	$56, %ymm13, %ymm3
+        vpsrlq	$46, %ymm14, %ymm4
+        vpaddq	%ymm10, %ymm10, %ymm10
+        vpsllq	$6, %ymm11, %ymm11
+        vpsllq	$25, %ymm12, %ymm12
+        vpsllq	$8, %ymm13, %ymm13
+        vpsllq	$18, %ymm14, %ymm14
+        vpor	%ymm0, %ymm10, %ymm10
+        vpor	%ymm1, %ymm11, %ymm11
+        vpor	%ymm2, %ymm12, %ymm12
+        vpor	%ymm3, %ymm13, %ymm13
+        vpor	%ymm4, %ymm14, %ymm14
+        vpandn	%ymm12, %ymm11, %ymm0
+        vpandn	%ymm13, %ymm12, %ymm1
+        vpandn	%ymm14, %ymm13, %ymm2
+        vpandn	%ymm10, %ymm14, %ymm3
+        vpandn	%ymm11, %ymm10, %ymm4
+        vpxor	%ymm10, %ymm0, %ymm0
+        vpxor	%ymm11, %ymm1, %ymm1
+        vpxor	%ymm12, %ymm2, %ymm2
+        vpxor	%ymm13, %ymm3, %ymm3
+        vpxor	%ymm14, %ymm4, %ymm4
+        vmovdqu	%ymm0, 32(%rax)
+        vmovdqu	%ymm1, -64(%rdi)
+        vmovdqu	%ymm2, 128(%rax)
+        vmovdqu	%ymm3, 32(%rdi)
+        vmovdqu	%ymm4, 128(%rcx)
+        # Row 3
+        vpxor	-96(%rcx), %ymm9, %ymm10
+        vpxor	64(%rdi), %ymm5, %ymm11
+        vpxor	(%rcx), %ymm6, %ymm12
+        vpxor	64(%rax), %ymm7, %ymm13
+        vpxor	-32(%rdi), %ymm8, %ymm14
+        vpsrlq	$37, %ymm10, %ymm0
+        vpsrlq	$28, %ymm11, %ymm1
+        vpsrlq	$54, %ymm12, %ymm2
+        vpsrlq	$49, %ymm13, %ymm3
+        vpsrlq	$8, %ymm14, %ymm4
+        vpsllq	$27, %ymm10, %ymm10
+        vpsllq	$36, %ymm11, %ymm11
+        vpsllq	$10, %ymm12, %ymm12
+        vpsllq	$15, %ymm13, %ymm13
+        vpsllq	$56, %ymm14, %ymm14
+        vpor	%ymm0, %ymm10, %ymm10
+        vpor	%ymm1, %ymm11, %ymm11
+        vpor	%ymm2, %ymm12, %ymm12
+        vpor	%ymm3, %ymm13, %ymm13
+        vpor	%ymm4, %ymm14, %ymm14
+        vpandn	%ymm12, %ymm11, %ymm0
+        vpandn	%ymm13, %ymm12, %ymm1
+        vpandn	%ymm14, %ymm13, %ymm2
+        vpandn	%ymm10, %ymm14, %ymm3
+        vpandn	%ymm11, %ymm10, %ymm4
+        vpxor	%ymm10, %ymm0, %ymm0
+        vpxor	%ymm11, %ymm1, %ymm1
+        vpxor	%ymm12, %ymm2, %ymm2
+        vpxor	%ymm13, %ymm3, %ymm3
+        vpxor	%ymm14, %ymm4, %ymm4
+        vmovdqu	%ymm0, -96(%rcx)
+        vmovdqu	%ymm1, 64(%rdi)
+        vmovdqu	%ymm2, (%rcx)
+        vmovdqu	%ymm3, 64(%rax)
+        vmovdqu	%ymm4, -32(%rdi)
+        # Row 4
+        vpxor	32(%rcx), %ymm7, %ymm10
+        vpxor	-64(%rax), %ymm8, %ymm11
+        vpxor	(%rdi), %ymm9, %ymm12
+        vpxor	-64(%rcx), %ymm5, %ymm13
+        vpxor	96(%rdi), %ymm6, %ymm14
+        vpsrlq	$2, %ymm10, %ymm0
+        vpsrlq	$9, %ymm11, %ymm1
+        vpsrlq	$25, %ymm12, %ymm2
+        vpsrlq	$23, %ymm13, %ymm3
+        vpsrlq	$62, %ymm14, %ymm4
+        vpsllq	$62, %ymm10, %ymm10
+        vpsllq	$55, %ymm11, %ymm11
+        vpsllq	$39, %ymm12, %ymm12
+        vpsllq	$41, %ymm13, %ymm13
+        vpsllq	$2, %ymm14, %ymm14
+        vpor	%ymm0, %ymm10, %ymm10
+        vpor	%ymm1, %ymm11, %ymm11
+        vpor	%ymm2, %ymm12, %ymm12
+        vpor	%ymm3, %ymm13, %ymm13
+        vpor	%ymm4, %ymm14, %ymm14
+        vpandn	%ymm12, %ymm11, %ymm0
+        vpandn	%ymm13, %ymm12, %ymm1
+        vpandn	%ymm14, %ymm13, %ymm2
+        vpandn	%ymm10, %ymm14, %ymm3
+        vpandn	%ymm11, %ymm10, %ymm4
+        vpxor	%ymm10, %ymm0, %ymm0
+        vpxor	%ymm11, %ymm1, %ymm1
+        vpxor	%ymm12, %ymm2, %ymm2
+        vpxor	%ymm13, %ymm3, %ymm3
+        vpxor	%ymm14, %ymm4, %ymm4
+        vmovdqu	%ymm0, 32(%rcx)
+        vmovdqu	%ymm1, -64(%rax)
+        vmovdqu	%ymm2, (%rdi)
+        vmovdqu	%ymm3, -64(%rcx)
+        vmovdqu	%ymm4, 96(%rdi)
+        # Round 9
+        # Calc b[0..4]
+        vpxor	%ymm15, %ymm0, %ymm10
+        vpxor	-96(%rdi), %ymm3, %ymm13
+        vpxor	-64(%rdi), %ymm1, %ymm11
+        vpxor	-32(%rdi), %ymm4, %ymm14
+        vpxor	32(%rdi), %ymm13, %ymm13
+        vpxor	64(%rdi), %ymm11, %ymm11
+        vpxor	128(%rdi), %ymm2, %ymm12
+        vpxor	-96(%rax), %ymm10, %ymm10
+        vpxor	-32(%rax), %ymm14, %ymm14
+        vpxor	(%rax), %ymm12, %ymm12
+        vpxor	32(%rax), %ymm10, %ymm10
+        vpxor	64(%rax), %ymm13, %ymm13
+        vpxor	96(%rax), %ymm14, %ymm14
+        vpxor	128(%rax), %ymm12, %ymm12
+        vpxor	-96(%rcx), %ymm10, %ymm10
+        vpxor	-32(%rcx), %ymm11, %ymm11
+        vpxor	(%rcx), %ymm12, %ymm12
+        vpxor	64(%rcx), %ymm13, %ymm13
+        vpxor	96(%rcx), %ymm11, %ymm11
+        vpxor	128(%rcx), %ymm14, %ymm14
+        # Calc t[0..4]
+        vpsrlq	$63, %ymm11, %ymm0
+        vpsrlq	$63, %ymm12, %ymm1
+        vpsrlq	$63, %ymm13, %ymm2
+        vpsrlq	$63, %ymm14, %ymm3
+        vpsrlq	$63, %ymm10, %ymm4
+        vpaddq	%ymm11, %ymm11, %ymm5
+        vpaddq	%ymm12, %ymm12, %ymm6
+        vpaddq	%ymm13, %ymm13, %ymm7
+        vpaddq	%ymm14, %ymm14, %ymm8
+        vpaddq	%ymm10, %ymm10, %ymm9
+        vpor	%ymm0, %ymm5, %ymm5
+        vpor	%ymm1, %ymm6, %ymm6
+        vpor	%ymm2, %ymm7, %ymm7
+        vpor	%ymm3, %ymm8, %ymm8
+        vpor	%ymm4, %ymm9, %ymm9
+        vpxor	%ymm14, %ymm5, %ymm5
+        vpxor	%ymm10, %ymm6, %ymm6
+        vpxor	%ymm11, %ymm7, %ymm7
+        vpxor	%ymm12, %ymm8, %ymm8
+        vpxor	%ymm13, %ymm9, %ymm9
+        # Row Mix
+        # Row 0
+        vpxor	%ymm15, %ymm5, %ymm10
+        vpxor	96(%rcx), %ymm6, %ymm11
+        vpxor	128(%rax), %ymm7, %ymm12
+        vpxor	64(%rax), %ymm8, %ymm13
+        vpxor	96(%rdi), %ymm9, %ymm14
+        vpsrlq	$20, %ymm11, %ymm0
+        vpsrlq	$21, %ymm12, %ymm1
+        vpsrlq	$43, %ymm13, %ymm2
+        vpsrlq	$50, %ymm14, %ymm3
+        vpsllq	$44, %ymm11, %ymm11
+        vpsllq	$43, %ymm12, %ymm12
+        vpsllq	$21, %ymm13, %ymm13
+        vpsllq	$14, %ymm14, %ymm14
+        vpor	%ymm0, %ymm11, %ymm11
+        vpor	%ymm1, %ymm12, %ymm12
+        vpor	%ymm2, %ymm13, %ymm13
+        vpor	%ymm3, %ymm14, %ymm14
+        vpandn	%ymm12, %ymm11, %ymm15
+        vpandn	%ymm13, %ymm12, %ymm1
+        vpandn	%ymm14, %ymm13, %ymm2
+        vpandn	%ymm10, %ymm14, %ymm3
+        vpandn	%ymm11, %ymm10, %ymm4
+        vpxor	%ymm10, %ymm15, %ymm15
+        vpxor	%ymm11, %ymm1, %ymm1
+        vpxor	%ymm12, %ymm2, %ymm2
+        # XOR in constant
+        vpxor	288(%rdx), %ymm15, %ymm15
+        vpxor	%ymm13, %ymm3, %ymm3
+        vpxor	%ymm14, %ymm4, %ymm4
+        vmovdqu	%ymm1, 96(%rcx)
+        vmovdqu	%ymm2, 128(%rax)
+        vmovdqu	%ymm3, 64(%rax)
+        vmovdqu	%ymm4, 96(%rdi)
+        # Row 1
+        vpxor	64(%rcx), %ymm8, %ymm10
+        vpxor	96(%rax), %ymm9, %ymm11
+        vpxor	32(%rax), %ymm5, %ymm12
+        vpxor	64(%rdi), %ymm6, %ymm13
+        vpxor	(%rdi), %ymm7, %ymm14
+        vpsrlq	$36, %ymm10, %ymm0
+        vpsrlq	$44, %ymm11, %ymm1
+        vpsrlq	$61, %ymm12, %ymm2
+        vpsrlq	$19, %ymm13, %ymm3
+        vpsrlq	$3, %ymm14, %ymm4
+        vpsllq	$28, %ymm10, %ymm10
+        vpsllq	$20, %ymm11, %ymm11
+        vpsllq	$3, %ymm12, %ymm12
+        vpsllq	$45, %ymm13, %ymm13
+        vpsllq	$61, %ymm14, %ymm14
+        vpor	%ymm0, %ymm10, %ymm10
+        vpor	%ymm1, %ymm11, %ymm11
+        vpor	%ymm2, %ymm12, %ymm12
+        vpor	%ymm3, %ymm13, %ymm13
+        vpor	%ymm4, %ymm14, %ymm14
+        vpandn	%ymm12, %ymm11, %ymm0
+        vpandn	%ymm13, %ymm12, %ymm1
+        vpandn	%ymm14, %ymm13, %ymm2
+        vpandn	%ymm10, %ymm14, %ymm3
+        vpandn	%ymm11, %ymm10, %ymm4
+        vpxor	%ymm10, %ymm0, %ymm0
+        vpxor	%ymm11, %ymm1, %ymm1
+        vpxor	%ymm12, %ymm2, %ymm2
+        vpxor	%ymm13, %ymm3, %ymm3
+        vpxor	%ymm14, %ymm4, %ymm4
+        vmovdqu	%ymm0, 64(%rcx)
+        vmovdqu	%ymm1, 96(%rax)
+        vmovdqu	%ymm2, 32(%rax)
+        vmovdqu	%ymm3, 64(%rdi)
+        vmovdqu	%ymm4, (%rdi)
+        # Row 2
+        vpxor	-32(%rcx), %ymm6, %ymm10
+        vpxor	(%rax), %ymm7, %ymm11
+        vpxor	32(%rdi), %ymm8, %ymm12
+        vpxor	-32(%rdi), %ymm9, %ymm13
+        vpxor	32(%rcx), %ymm5, %ymm14
+        vpsrlq	$63, %ymm10, %ymm0
+        vpsrlq	$58, %ymm11, %ymm1
+        vpsrlq	$39, %ymm12, %ymm2
+        vpsrlq	$56, %ymm13, %ymm3
+        vpsrlq	$46, %ymm14, %ymm4
+        vpaddq	%ymm10, %ymm10, %ymm10
+        vpsllq	$6, %ymm11, %ymm11
+        vpsllq	$25, %ymm12, %ymm12
+        vpsllq	$8, %ymm13, %ymm13
+        vpsllq	$18, %ymm14, %ymm14
+        vpor	%ymm0, %ymm10, %ymm10
+        vpor	%ymm1, %ymm11, %ymm11
+        vpor	%ymm2, %ymm12, %ymm12
+        vpor	%ymm3, %ymm13, %ymm13
+        vpor	%ymm4, %ymm14, %ymm14
+        vpandn	%ymm12, %ymm11, %ymm0
+        vpandn	%ymm13, %ymm12, %ymm1
+        vpandn	%ymm14, %ymm13, %ymm2
+        vpandn	%ymm10, %ymm14, %ymm3
+        vpandn	%ymm11, %ymm10, %ymm4
+        vpxor	%ymm10, %ymm0, %ymm0
+        vpxor	%ymm11, %ymm1, %ymm1
+        vpxor	%ymm12, %ymm2, %ymm2
+        vpxor	%ymm13, %ymm3, %ymm3
+        vpxor	%ymm14, %ymm4, %ymm4
+        vmovdqu	%ymm0, -32(%rcx)
+        vmovdqu	%ymm1, (%rax)
+        vmovdqu	%ymm2, 32(%rdi)
+        vmovdqu	%ymm3, -32(%rdi)
+        vmovdqu	%ymm4, 32(%rcx)
+        # Row 3
+        vpxor	-32(%rax), %ymm9, %ymm10
+        vpxor	-96(%rax), %ymm5, %ymm11
+        vpxor	-64(%rdi), %ymm6, %ymm12
+        vpxor	(%rcx), %ymm7, %ymm13
+        vpxor	-64(%rcx), %ymm8, %ymm14
+        vpsrlq	$37, %ymm10, %ymm0
+        vpsrlq	$28, %ymm11, %ymm1
+        vpsrlq	$54, %ymm12, %ymm2
+        vpsrlq	$49, %ymm13, %ymm3
+        vpsrlq	$8, %ymm14, %ymm4
+        vpsllq	$27, %ymm10, %ymm10
+        vpsllq	$36, %ymm11, %ymm11
+        vpsllq	$10, %ymm12, %ymm12
+        vpsllq	$15, %ymm13, %ymm13
+        vpsllq	$56, %ymm14, %ymm14
+        vpor	%ymm0, %ymm10, %ymm10
+        vpor	%ymm1, %ymm11, %ymm11
+        vpor	%ymm2, %ymm12, %ymm12
+        vpor	%ymm3, %ymm13, %ymm13
+        vpor	%ymm4, %ymm14, %ymm14
+        vpandn	%ymm12, %ymm11, %ymm0
+        vpandn	%ymm13, %ymm12, %ymm1
+        vpandn	%ymm14, %ymm13, %ymm2
+        vpandn	%ymm10, %ymm14, %ymm3
+        vpandn	%ymm11, %ymm10, %ymm4
+        vpxor	%ymm10, %ymm0, %ymm0
+        vpxor	%ymm11, %ymm1, %ymm1
+        vpxor	%ymm12, %ymm2, %ymm2
+        vpxor	%ymm13, %ymm3, %ymm3
+        vpxor	%ymm14, %ymm4, %ymm4
+        vmovdqu	%ymm0, -32(%rax)
+        vmovdqu	%ymm1, -96(%rax)
+        vmovdqu	%ymm2, -64(%rdi)
+        vmovdqu	%ymm3, (%rcx)
+        vmovdqu	%ymm4, -64(%rcx)
+        # Row 4
+        vpxor	128(%rdi), %ymm7, %ymm10
+        vpxor	-96(%rdi), %ymm8, %ymm11
+        vpxor	128(%rcx), %ymm9, %ymm12
+        vpxor	-96(%rcx), %ymm5, %ymm13
+        vpxor	-64(%rax), %ymm6, %ymm14
+        vpsrlq	$2, %ymm10, %ymm0
+        vpsrlq	$9, %ymm11, %ymm1
+        vpsrlq	$25, %ymm12, %ymm2
+        vpsrlq	$23, %ymm13, %ymm3
+        vpsrlq	$62, %ymm14, %ymm4
+        vpsllq	$62, %ymm10, %ymm10
+        vpsllq	$55, %ymm11, %ymm11
+        vpsllq	$39, %ymm12, %ymm12
+        vpsllq	$41, %ymm13, %ymm13
+        vpsllq	$2, %ymm14, %ymm14
+        vpor	%ymm0, %ymm10, %ymm10
+        vpor	%ymm1, %ymm11, %ymm11
+        vpor	%ymm2, %ymm12, %ymm12
+        vpor	%ymm3, %ymm13, %ymm13
+        vpor	%ymm4, %ymm14, %ymm14
+        vpandn	%ymm12, %ymm11, %ymm0
+        vpandn	%ymm13, %ymm12, %ymm1
+        vpandn	%ymm14, %ymm13, %ymm2
+        vpandn	%ymm10, %ymm14, %ymm3
+        vpandn	%ymm11, %ymm10, %ymm4
+        vpxor	%ymm10, %ymm0, %ymm0
+        vpxor	%ymm11, %ymm1, %ymm1
+        vpxor	%ymm12, %ymm2, %ymm2
+        vpxor	%ymm13, %ymm3, %ymm3
+        vpxor	%ymm14, %ymm4, %ymm4
+        vmovdqu	%ymm0, 128(%rdi)
+        vmovdqu	%ymm1, -96(%rdi)
+        vmovdqu	%ymm2, 128(%rcx)
+        vmovdqu	%ymm3, -96(%rcx)
+        vmovdqu	%ymm4, -64(%rax)
+        # Round 10
+        # Calc b[0..4]
+        vpxor	%ymm15, %ymm0, %ymm10
+        vpxor	-64(%rdi), %ymm2, %ymm12
+        vpxor	-32(%rdi), %ymm3, %ymm13
+        vpxor	(%rdi), %ymm4, %ymm14
+        vpxor	32(%rdi), %ymm12, %ymm12
+        vpxor	64(%rdi), %ymm13, %ymm13
+        vpxor	96(%rdi), %ymm14, %ymm14
+        vpxor	-96(%rax), %ymm1, %ymm11
+        vpxor	-32(%rax), %ymm10, %ymm10
+        vpxor	(%rax), %ymm11, %ymm11
+        vpxor	32(%rax), %ymm12, %ymm12
+        vpxor	64(%rax), %ymm13, %ymm13
+        vpxor	96(%rax), %ymm11, %ymm11
+        vpxor	128(%rax), %ymm12, %ymm12
+        vpxor	-64(%rcx), %ymm14, %ymm14
+        vpxor	-32(%rcx), %ymm10, %ymm10
+        vpxor	(%rcx), %ymm13, %ymm13
+        vpxor	32(%rcx), %ymm14, %ymm14
+        vpxor	64(%rcx), %ymm10, %ymm10
+        vpxor	96(%rcx), %ymm11, %ymm11
+        # Calc t[0..4]
+        vpsrlq	$63, %ymm11, %ymm0
+        vpsrlq	$63, %ymm12, %ymm1
+        vpsrlq	$63, %ymm13, %ymm2
+        vpsrlq	$63, %ymm14, %ymm3
+        vpsrlq	$63, %ymm10, %ymm4
+        vpaddq	%ymm11, %ymm11, %ymm5
+        vpaddq	%ymm12, %ymm12, %ymm6
+        vpaddq	%ymm13, %ymm13, %ymm7
+        vpaddq	%ymm14, %ymm14, %ymm8
+        vpaddq	%ymm10, %ymm10, %ymm9
+        vpor	%ymm0, %ymm5, %ymm5
+        vpor	%ymm1, %ymm6, %ymm6
+        vpor	%ymm2, %ymm7, %ymm7
+        vpor	%ymm3, %ymm8, %ymm8
+        vpor	%ymm4, %ymm9, %ymm9
+        vpxor	%ymm14, %ymm5, %ymm5
+        vpxor	%ymm10, %ymm6, %ymm6
+        vpxor	%ymm11, %ymm7, %ymm7
+        vpxor	%ymm12, %ymm8, %ymm8
+        vpxor	%ymm13, %ymm9, %ymm9
+        # Row Mix
+        # Row 0
+        vpxor	%ymm15, %ymm5, %ymm10
+        vpxor	96(%rax), %ymm6, %ymm11
+        vpxor	32(%rdi), %ymm7, %ymm12
+        vpxor	(%rcx), %ymm8, %ymm13
+        vpxor	-64(%rax), %ymm9, %ymm14
+        vpsrlq	$20, %ymm11, %ymm0
+        vpsrlq	$21, %ymm12, %ymm1
+        vpsrlq	$43, %ymm13, %ymm2
+        vpsrlq	$50, %ymm14, %ymm3
+        vpsllq	$44, %ymm11, %ymm11
+        vpsllq	$43, %ymm12, %ymm12
+        vpsllq	$21, %ymm13, %ymm13
+        vpsllq	$14, %ymm14, %ymm14
+        vpor	%ymm0, %ymm11, %ymm11
+        vpor	%ymm1, %ymm12, %ymm12
+        vpor	%ymm2, %ymm13, %ymm13
+        vpor	%ymm3, %ymm14, %ymm14
+        vpandn	%ymm12, %ymm11, %ymm15
+        vpandn	%ymm13, %ymm12, %ymm1
+        vpandn	%ymm14, %ymm13, %ymm2
+        vpandn	%ymm10, %ymm14, %ymm3
+        vpandn	%ymm11, %ymm10, %ymm4
+        vpxor	%ymm10, %ymm15, %ymm15
+        vpxor	%ymm11, %ymm1, %ymm1
+        vpxor	%ymm12, %ymm2, %ymm2
+        # XOR in constant
+        vpxor	320(%rdx), %ymm15, %ymm15
+        vpxor	%ymm13, %ymm3, %ymm3
+        vpxor	%ymm14, %ymm4, %ymm4
+        vmovdqu	%ymm1, 96(%rax)
+        vmovdqu	%ymm2, 32(%rdi)
+        vmovdqu	%ymm3, (%rcx)
+        vmovdqu	%ymm4, -64(%rax)
+        # Row 1
+        vpxor	64(%rax), %ymm8, %ymm10
+        vpxor	(%rdi), %ymm9, %ymm11
+        vpxor	-32(%rcx), %ymm5, %ymm12
+        vpxor	-96(%rax), %ymm6, %ymm13
+        vpxor	128(%rcx), %ymm7, %ymm14
+        vpsrlq	$36, %ymm10, %ymm0
+        vpsrlq	$44, %ymm11, %ymm1
+        vpsrlq	$61, %ymm12, %ymm2
+        vpsrlq	$19, %ymm13, %ymm3
+        vpsrlq	$3, %ymm14, %ymm4
+        vpsllq	$28, %ymm10, %ymm10
+        vpsllq	$20, %ymm11, %ymm11
+        vpsllq	$3, %ymm12, %ymm12
+        vpsllq	$45, %ymm13, %ymm13
+        vpsllq	$61, %ymm14, %ymm14
+        vpor	%ymm0, %ymm10, %ymm10
+        vpor	%ymm1, %ymm11, %ymm11
+        vpor	%ymm2, %ymm12, %ymm12
+        vpor	%ymm3, %ymm13, %ymm13
+        vpor	%ymm4, %ymm14, %ymm14
+        vpandn	%ymm12, %ymm11, %ymm0
+        vpandn	%ymm13, %ymm12, %ymm1
+        vpandn	%ymm14, %ymm13, %ymm2
+        vpandn	%ymm10, %ymm14, %ymm3
+        vpandn	%ymm11, %ymm10, %ymm4
+        vpxor	%ymm10, %ymm0, %ymm0
+        vpxor	%ymm11, %ymm1, %ymm1
+        vpxor	%ymm12, %ymm2, %ymm2
+        vpxor	%ymm13, %ymm3, %ymm3
+        vpxor	%ymm14, %ymm4, %ymm4
+        vmovdqu	%ymm0, 64(%rax)
+        vmovdqu	%ymm1, (%rdi)
+        vmovdqu	%ymm2, -32(%rcx)
+        vmovdqu	%ymm3, -96(%rax)
+        vmovdqu	%ymm4, 128(%rcx)
+        # Row 2
+        vpxor	96(%rcx), %ymm6, %ymm10
+        vpxor	32(%rax), %ymm7, %ymm11
+        vpxor	-32(%rdi), %ymm8, %ymm12
+        vpxor	-64(%rcx), %ymm9, %ymm13
+        vpxor	128(%rdi), %ymm5, %ymm14
+        vpsrlq	$63, %ymm10, %ymm0
+        vpsrlq	$58, %ymm11, %ymm1
+        vpsrlq	$39, %ymm12, %ymm2
+        vpsrlq	$56, %ymm13, %ymm3
+        vpsrlq	$46, %ymm14, %ymm4
+        vpaddq	%ymm10, %ymm10, %ymm10
+        vpsllq	$6, %ymm11, %ymm11
+        vpsllq	$25, %ymm12, %ymm12
+        vpsllq	$8, %ymm13, %ymm13
+        vpsllq	$18, %ymm14, %ymm14
+        vpor	%ymm0, %ymm10, %ymm10
+        vpor	%ymm1, %ymm11, %ymm11
+        vpor	%ymm2, %ymm12, %ymm12
+        vpor	%ymm3, %ymm13, %ymm13
+        vpor	%ymm4, %ymm14, %ymm14
+        vpandn	%ymm12, %ymm11, %ymm0
+        vpandn	%ymm13, %ymm12, %ymm1
+        vpandn	%ymm14, %ymm13, %ymm2
+        vpandn	%ymm10, %ymm14, %ymm3
+        vpandn	%ymm11, %ymm10, %ymm4
+        vpxor	%ymm10, %ymm0, %ymm0
+        vpxor	%ymm11, %ymm1, %ymm1
+        vpxor	%ymm12, %ymm2, %ymm2
+        vpxor	%ymm13, %ymm3, %ymm3
+        vpxor	%ymm14, %ymm4, %ymm4
+        vmovdqu	%ymm0, 96(%rcx)
+        vmovdqu	%ymm1, 32(%rax)
+        vmovdqu	%ymm2, -32(%rdi)
+        vmovdqu	%ymm3, -64(%rcx)
+        vmovdqu	%ymm4, 128(%rdi)
+        # Row 3
+        vpxor	96(%rdi), %ymm9, %ymm10
+        vpxor	64(%rcx), %ymm5, %ymm11
+        vpxor	(%rax), %ymm6, %ymm12
+        vpxor	-64(%rdi), %ymm7, %ymm13
+        vpxor	-96(%rcx), %ymm8, %ymm14
+        vpsrlq	$37, %ymm10, %ymm0
+        vpsrlq	$28, %ymm11, %ymm1
+        vpsrlq	$54, %ymm12, %ymm2
+        vpsrlq	$49, %ymm13, %ymm3
+        vpsrlq	$8, %ymm14, %ymm4
+        vpsllq	$27, %ymm10, %ymm10
+        vpsllq	$36, %ymm11, %ymm11
+        vpsllq	$10, %ymm12, %ymm12
+        vpsllq	$15, %ymm13, %ymm13
+        vpsllq	$56, %ymm14, %ymm14
+        vpor	%ymm0, %ymm10, %ymm10
+        vpor	%ymm1, %ymm11, %ymm11
+        vpor	%ymm2, %ymm12, %ymm12
+        vpor	%ymm3, %ymm13, %ymm13
+        vpor	%ymm4, %ymm14, %ymm14
+        vpandn	%ymm12, %ymm11, %ymm0
+        vpandn	%ymm13, %ymm12, %ymm1
+        vpandn	%ymm14, %ymm13, %ymm2
+        vpandn	%ymm10, %ymm14, %ymm3
+        vpandn	%ymm11, %ymm10, %ymm4
+        vpxor	%ymm10, %ymm0, %ymm0
+        vpxor	%ymm11, %ymm1, %ymm1
+        vpxor	%ymm12, %ymm2, %ymm2
+        vpxor	%ymm13, %ymm3, %ymm3
+        vpxor	%ymm14, %ymm4, %ymm4
+        vmovdqu	%ymm0, 96(%rdi)
+        vmovdqu	%ymm1, 64(%rcx)
+        vmovdqu	%ymm2, (%rax)
+        vmovdqu	%ymm3, -64(%rdi)
+        vmovdqu	%ymm4, -96(%rcx)
+        # Row 4
+        vpxor	128(%rax), %ymm7, %ymm10
+        vpxor	64(%rdi), %ymm8, %ymm11
+        vpxor	32(%rcx), %ymm9, %ymm12
+        vpxor	-32(%rax), %ymm5, %ymm13
+        vpxor	-96(%rdi), %ymm6, %ymm14
+        vpsrlq	$2, %ymm10, %ymm0
+        vpsrlq	$9, %ymm11, %ymm1
+        vpsrlq	$25, %ymm12, %ymm2
+        vpsrlq	$23, %ymm13, %ymm3
+        vpsrlq	$62, %ymm14, %ymm4
+        vpsllq	$62, %ymm10, %ymm10
+        vpsllq	$55, %ymm11, %ymm11
+        vpsllq	$39, %ymm12, %ymm12
+        vpsllq	$41, %ymm13, %ymm13
+        vpsllq	$2, %ymm14, %ymm14
+        vpor	%ymm0, %ymm10, %ymm10
+        vpor	%ymm1, %ymm11, %ymm11
+        vpor	%ymm2, %ymm12, %ymm12
+        vpor	%ymm3, %ymm13, %ymm13
+        vpor	%ymm4, %ymm14, %ymm14
+        vpandn	%ymm12, %ymm11, %ymm0
+        vpandn	%ymm13, %ymm12, %ymm1
+        vpandn	%ymm14, %ymm13, %ymm2
+        vpandn	%ymm10, %ymm14, %ymm3
+        vpandn	%ymm11, %ymm10, %ymm4
+        vpxor	%ymm10, %ymm0, %ymm0
+        vpxor	%ymm11, %ymm1, %ymm1
+        vpxor	%ymm12, %ymm2, %ymm2
+        vpxor	%ymm13, %ymm3, %ymm3
+        vpxor	%ymm14, %ymm4, %ymm4
+        vmovdqu	%ymm0, 128(%rax)
+        vmovdqu	%ymm1, 64(%rdi)
+        vmovdqu	%ymm2, 32(%rcx)
+        vmovdqu	%ymm3, -32(%rax)
+        vmovdqu	%ymm4, -96(%rdi)
+        # Round 11
+        # Calc b[0..4]
+        vpxor	%ymm15, %ymm0, %ymm10
+        vpxor	-64(%rdi), %ymm3, %ymm13
+        vpxor	-32(%rdi), %ymm2, %ymm12
+        vpxor	(%rdi), %ymm1, %ymm11
+        vpxor	32(%rdi), %ymm12, %ymm12
+        vpxor	96(%rdi), %ymm10, %ymm10
+        vpxor	128(%rdi), %ymm4, %ymm14
+        vpxor	-96(%rax), %ymm13, %ymm13
+        vpxor	-64(%rax), %ymm14, %ymm14
+        vpxor	(%rax), %ymm12, %ymm12
+        vpxor	32(%rax), %ymm11, %ymm11
+        vpxor	64(%rax), %ymm10, %ymm10
+        vpxor	96(%rax), %ymm11, %ymm11
+        vpxor	-96(%rcx), %ymm14, %ymm14
+        vpxor	-64(%rcx), %ymm13, %ymm13
+        vpxor	-32(%rcx), %ymm12, %ymm12
+        vpxor	(%rcx), %ymm13, %ymm13
+        vpxor	64(%rcx), %ymm11, %ymm11
+        vpxor	96(%rcx), %ymm10, %ymm10
+        vpxor	128(%rcx), %ymm14, %ymm14
+        # Calc t[0..4]
+        vpsrlq	$63, %ymm11, %ymm0
+        vpsrlq	$63, %ymm12, %ymm1
+        vpsrlq	$63, %ymm13, %ymm2
+        vpsrlq	$63, %ymm14, %ymm3
+        vpsrlq	$63, %ymm10, %ymm4
+        vpaddq	%ymm11, %ymm11, %ymm5
+        vpaddq	%ymm12, %ymm12, %ymm6
+        vpaddq	%ymm13, %ymm13, %ymm7
+        vpaddq	%ymm14, %ymm14, %ymm8
+        vpaddq	%ymm10, %ymm10, %ymm9
+        vpor	%ymm0, %ymm5, %ymm5
+        vpor	%ymm1, %ymm6, %ymm6
+        vpor	%ymm2, %ymm7, %ymm7
+        vpor	%ymm3, %ymm8, %ymm8
+        vpor	%ymm4, %ymm9, %ymm9
+        vpxor	%ymm14, %ymm5, %ymm5
+        vpxor	%ymm10, %ymm6, %ymm6
+        vpxor	%ymm11, %ymm7, %ymm7
+        vpxor	%ymm12, %ymm8, %ymm8
+        vpxor	%ymm13, %ymm9, %ymm9
+        # Row Mix
+        # Row 0
+        vpxor	%ymm15, %ymm5, %ymm10
+        vpxor	(%rdi), %ymm6, %ymm11
+        vpxor	-32(%rdi), %ymm7, %ymm12
+        vpxor	-64(%rdi), %ymm8, %ymm13
+        vpxor	-96(%rdi), %ymm9, %ymm14
+        vpsrlq	$20, %ymm11, %ymm0
+        vpsrlq	$21, %ymm12, %ymm1
+        vpsrlq	$43, %ymm13, %ymm2
+        vpsrlq	$50, %ymm14, %ymm3
+        vpsllq	$44, %ymm11, %ymm11
+        vpsllq	$43, %ymm12, %ymm12
+        vpsllq	$21, %ymm13, %ymm13
+        vpsllq	$14, %ymm14, %ymm14
+        vpor	%ymm0, %ymm11, %ymm11
+        vpor	%ymm1, %ymm12, %ymm12
+        vpor	%ymm2, %ymm13, %ymm13
+        vpor	%ymm3, %ymm14, %ymm14
+        vpandn	%ymm12, %ymm11, %ymm15
+        vpandn	%ymm13, %ymm12, %ymm1
+        vpandn	%ymm14, %ymm13, %ymm2
+        vpandn	%ymm10, %ymm14, %ymm3
+        vpandn	%ymm11, %ymm10, %ymm4
+        vpxor	%ymm10, %ymm15, %ymm15
+        vpxor	%ymm11, %ymm1, %ymm1
+        vpxor	%ymm12, %ymm2, %ymm2
+        # XOR in constant
+        vpxor	352(%rdx), %ymm15, %ymm15
+        vpxor	%ymm13, %ymm3, %ymm3
+        vpxor	%ymm14, %ymm4, %ymm4
+        vmovdqu	%ymm1, (%rdi)
+        vmovdqu	%ymm2, -32(%rdi)
+        vmovdqu	%ymm3, -64(%rdi)
+        vmovdqu	%ymm4, -96(%rdi)
+        # Row 1
+        vpxor	(%rcx), %ymm8, %ymm10
+        vpxor	128(%rcx), %ymm9, %ymm11
+        vpxor	96(%rcx), %ymm5, %ymm12
+        vpxor	64(%rcx), %ymm6, %ymm13
+        vpxor	32(%rcx), %ymm7, %ymm14
+        vpsrlq	$36, %ymm10, %ymm0
+        vpsrlq	$44, %ymm11, %ymm1
+        vpsrlq	$61, %ymm12, %ymm2
+        vpsrlq	$19, %ymm13, %ymm3
+        vpsrlq	$3, %ymm14, %ymm4
+        vpsllq	$28, %ymm10, %ymm10
+        vpsllq	$20, %ymm11, %ymm11
+        vpsllq	$3, %ymm12, %ymm12
+        vpsllq	$45, %ymm13, %ymm13
+        vpsllq	$61, %ymm14, %ymm14
+        vpor	%ymm0, %ymm10, %ymm10
+        vpor	%ymm1, %ymm11, %ymm11
+        vpor	%ymm2, %ymm12, %ymm12
+        vpor	%ymm3, %ymm13, %ymm13
+        vpor	%ymm4, %ymm14, %ymm14
+        vpandn	%ymm12, %ymm11, %ymm0
+        vpandn	%ymm13, %ymm12, %ymm1
+        vpandn	%ymm14, %ymm13, %ymm2
+        vpandn	%ymm10, %ymm14, %ymm3
+        vpandn	%ymm11, %ymm10, %ymm4
+        vpxor	%ymm10, %ymm0, %ymm0
+        vpxor	%ymm11, %ymm1, %ymm1
+        vpxor	%ymm12, %ymm2, %ymm2
+        vpxor	%ymm13, %ymm3, %ymm3
+        vpxor	%ymm14, %ymm4, %ymm4
+        vmovdqu	%ymm0, (%rcx)
+        vmovdqu	%ymm1, 128(%rcx)
+        vmovdqu	%ymm2, 96(%rcx)
+        vmovdqu	%ymm3, 64(%rcx)
+        vmovdqu	%ymm4, 32(%rcx)
+        # Row 2
+        vpxor	96(%rax), %ymm6, %ymm10
+        vpxor	-32(%rcx), %ymm7, %ymm11
+        vpxor	-64(%rcx), %ymm8, %ymm12
+        vpxor	-96(%rcx), %ymm9, %ymm13
+        vpxor	128(%rax), %ymm5, %ymm14
+        vpsrlq	$63, %ymm10, %ymm0
+        vpsrlq	$58, %ymm11, %ymm1
+        vpsrlq	$39, %ymm12, %ymm2
+        vpsrlq	$56, %ymm13, %ymm3
+        vpsrlq	$46, %ymm14, %ymm4
+        vpaddq	%ymm10, %ymm10, %ymm10
+        vpsllq	$6, %ymm11, %ymm11
+        vpsllq	$25, %ymm12, %ymm12
+        vpsllq	$8, %ymm13, %ymm13
+        vpsllq	$18, %ymm14, %ymm14
+        vpor	%ymm0, %ymm10, %ymm10
+        vpor	%ymm1, %ymm11, %ymm11
+        vpor	%ymm2, %ymm12, %ymm12
+        vpor	%ymm3, %ymm13, %ymm13
+        vpor	%ymm4, %ymm14, %ymm14
+        vpandn	%ymm12, %ymm11, %ymm0
+        vpandn	%ymm13, %ymm12, %ymm1
+        vpandn	%ymm14, %ymm13, %ymm2
+        vpandn	%ymm10, %ymm14, %ymm3
+        vpandn	%ymm11, %ymm10, %ymm4
+        vpxor	%ymm10, %ymm0, %ymm0
+        vpxor	%ymm11, %ymm1, %ymm1
+        vpxor	%ymm12, %ymm2, %ymm2
+        vpxor	%ymm13, %ymm3, %ymm3
+        vpxor	%ymm14, %ymm4, %ymm4
+        vmovdqu	%ymm0, 96(%rax)
+        vmovdqu	%ymm1, -32(%rcx)
+        vmovdqu	%ymm2, -64(%rcx)
+        vmovdqu	%ymm3, -96(%rcx)
+        vmovdqu	%ymm4, 128(%rax)
+        # Row 3
+        vpxor	-64(%rax), %ymm9, %ymm10
+        vpxor	64(%rax), %ymm5, %ymm11
+        vpxor	32(%rax), %ymm6, %ymm12
+        vpxor	(%rax), %ymm7, %ymm13
+        vpxor	-32(%rax), %ymm8, %ymm14
+        vpsrlq	$37, %ymm10, %ymm0
+        vpsrlq	$28, %ymm11, %ymm1
+        vpsrlq	$54, %ymm12, %ymm2
+        vpsrlq	$49, %ymm13, %ymm3
+        vpsrlq	$8, %ymm14, %ymm4
+        vpsllq	$27, %ymm10, %ymm10
+        vpsllq	$36, %ymm11, %ymm11
+        vpsllq	$10, %ymm12, %ymm12
+        vpsllq	$15, %ymm13, %ymm13
+        vpsllq	$56, %ymm14, %ymm14
+        vpor	%ymm0, %ymm10, %ymm10
+        vpor	%ymm1, %ymm11, %ymm11
+        vpor	%ymm2, %ymm12, %ymm12
+        vpor	%ymm3, %ymm13, %ymm13
+        vpor	%ymm4, %ymm14, %ymm14
+        vpandn	%ymm12, %ymm11, %ymm0
+        vpandn	%ymm13, %ymm12, %ymm1
+        vpandn	%ymm14, %ymm13, %ymm2
+        vpandn	%ymm10, %ymm14, %ymm3
+        vpandn	%ymm11, %ymm10, %ymm4
+        vpxor	%ymm10, %ymm0, %ymm0
+        vpxor	%ymm11, %ymm1, %ymm1
+        vpxor	%ymm12, %ymm2, %ymm2
+        vpxor	%ymm13, %ymm3, %ymm3
+        vpxor	%ymm14, %ymm4, %ymm4
+        vmovdqu	%ymm0, -64(%rax)
+        vmovdqu	%ymm1, 64(%rax)
+        vmovdqu	%ymm2, 32(%rax)
+        vmovdqu	%ymm3, (%rax)
+        vmovdqu	%ymm4, -32(%rax)
+        # Row 4
+        vpxor	32(%rdi), %ymm7, %ymm10
+        vpxor	-96(%rax), %ymm8, %ymm11
+        vpxor	128(%rdi), %ymm9, %ymm12
+        vpxor	96(%rdi), %ymm5, %ymm13
+        vpxor	64(%rdi), %ymm6, %ymm14
+        vpsrlq	$2, %ymm10, %ymm0
+        vpsrlq	$9, %ymm11, %ymm1
+        vpsrlq	$25, %ymm12, %ymm2
+        vpsrlq	$23, %ymm13, %ymm3
+        vpsrlq	$62, %ymm14, %ymm4
+        vpsllq	$62, %ymm10, %ymm10
+        vpsllq	$55, %ymm11, %ymm11
+        vpsllq	$39, %ymm12, %ymm12
+        vpsllq	$41, %ymm13, %ymm13
+        vpsllq	$2, %ymm14, %ymm14
+        vpor	%ymm0, %ymm10, %ymm10
+        vpor	%ymm1, %ymm11, %ymm11
+        vpor	%ymm2, %ymm12, %ymm12
+        vpor	%ymm3, %ymm13, %ymm13
+        vpor	%ymm4, %ymm14, %ymm14
+        vpandn	%ymm12, %ymm11, %ymm0
+        vpandn	%ymm13, %ymm12, %ymm1
+        vpandn	%ymm14, %ymm13, %ymm2
+        vpandn	%ymm10, %ymm14, %ymm3
+        vpandn	%ymm11, %ymm10, %ymm4
+        vpxor	%ymm10, %ymm0, %ymm0
+        vpxor	%ymm11, %ymm1, %ymm1
+        vpxor	%ymm12, %ymm2, %ymm2
+        vpxor	%ymm13, %ymm3, %ymm3
+        vpxor	%ymm14, %ymm4, %ymm4
+        vmovdqu	%ymm0, 32(%rdi)
+        vmovdqu	%ymm1, -96(%rax)
+        vmovdqu	%ymm2, 128(%rdi)
+        vmovdqu	%ymm3, 96(%rdi)
+        vmovdqu	%ymm4, 64(%rdi)
+        # Round 12
+        # Calc b[0..4]
+        vpxor	%ymm15, %ymm0, %ymm10
+        vpxor	-96(%rdi), %ymm4, %ymm14
+        vpxor	-64(%rdi), %ymm3, %ymm13
+        vpxor	-32(%rdi), %ymm2, %ymm12
+        vpxor	(%rdi), %ymm1, %ymm11
+        vpxor	-64(%rax), %ymm10, %ymm10
+        vpxor	-32(%rax), %ymm14, %ymm14
+        vpxor	(%rax), %ymm13, %ymm13
+        vpxor	32(%rax), %ymm12, %ymm12
+        vpxor	64(%rax), %ymm11, %ymm11
+        vpxor	96(%rax), %ymm10, %ymm10
+        vpxor	128(%rax), %ymm14, %ymm14
+        vpxor	-96(%rcx), %ymm13, %ymm13
+        vpxor	-64(%rcx), %ymm12, %ymm12
+        vpxor	-32(%rcx), %ymm11, %ymm11
+        vpxor	(%rcx), %ymm10, %ymm10
+        vpxor	32(%rcx), %ymm14, %ymm14
+        vpxor	64(%rcx), %ymm13, %ymm13
+        vpxor	96(%rcx), %ymm12, %ymm12
+        vpxor	128(%rcx), %ymm11, %ymm11
+        # Calc t[0..4]
+        vpsrlq	$63, %ymm11, %ymm0
+        vpsrlq	$63, %ymm12, %ymm1
+        vpsrlq	$63, %ymm13, %ymm2
+        vpsrlq	$63, %ymm14, %ymm3
+        vpsrlq	$63, %ymm10, %ymm4
+        vpaddq	%ymm11, %ymm11, %ymm5
+        vpaddq	%ymm12, %ymm12, %ymm6
+        vpaddq	%ymm13, %ymm13, %ymm7
+        vpaddq	%ymm14, %ymm14, %ymm8
+        vpaddq	%ymm10, %ymm10, %ymm9
+        vpor	%ymm0, %ymm5, %ymm5
+        vpor	%ymm1, %ymm6, %ymm6
+        vpor	%ymm2, %ymm7, %ymm7
+        vpor	%ymm3, %ymm8, %ymm8
+        vpor	%ymm4, %ymm9, %ymm9
+        vpxor	%ymm14, %ymm5, %ymm5
+        vpxor	%ymm10, %ymm6, %ymm6
+        vpxor	%ymm11, %ymm7, %ymm7
+        vpxor	%ymm12, %ymm8, %ymm8
+        vpxor	%ymm13, %ymm9, %ymm9
+        # Row Mix
+        # Row 0
+        vpxor	%ymm15, %ymm5, %ymm10
+        vpxor	128(%rcx), %ymm6, %ymm11
+        vpxor	-64(%rcx), %ymm7, %ymm12
+        vpxor	(%rax), %ymm8, %ymm13
+        vpxor	64(%rdi), %ymm9, %ymm14
+        vpsrlq	$20, %ymm11, %ymm0
+        vpsrlq	$21, %ymm12, %ymm1
+        vpsrlq	$43, %ymm13, %ymm2
+        vpsrlq	$50, %ymm14, %ymm3
+        vpsllq	$44, %ymm11, %ymm11
+        vpsllq	$43, %ymm12, %ymm12
+        vpsllq	$21, %ymm13, %ymm13
+        vpsllq	$14, %ymm14, %ymm14
+        vpor	%ymm0, %ymm11, %ymm11
+        vpor	%ymm1, %ymm12, %ymm12
+        vpor	%ymm2, %ymm13, %ymm13
+        vpor	%ymm3, %ymm14, %ymm14
+        vpandn	%ymm12, %ymm11, %ymm15
+        vpandn	%ymm13, %ymm12, %ymm1
+        vpandn	%ymm14, %ymm13, %ymm2
+        vpandn	%ymm10, %ymm14, %ymm3
+        vpandn	%ymm11, %ymm10, %ymm4
+        vpxor	%ymm10, %ymm15, %ymm15
+        vpxor	%ymm11, %ymm1, %ymm1
+        vpxor	%ymm12, %ymm2, %ymm2
+        # XOR in constant
+        vpxor	384(%rdx), %ymm15, %ymm15
+        vpxor	%ymm13, %ymm3, %ymm3
+        vpxor	%ymm14, %ymm4, %ymm4
+        vmovdqu	%ymm1, 128(%rcx)
+        vmovdqu	%ymm2, -64(%rcx)
+        vmovdqu	%ymm3, (%rax)
+        vmovdqu	%ymm4, 64(%rdi)
+        # Row 1
+        vpxor	-64(%rdi), %ymm8, %ymm10
+        vpxor	32(%rcx), %ymm9, %ymm11
+        vpxor	96(%rax), %ymm5, %ymm12
+        vpxor	64(%rax), %ymm6, %ymm13
+        vpxor	128(%rdi), %ymm7, %ymm14
+        vpsrlq	$36, %ymm10, %ymm0
+        vpsrlq	$44, %ymm11, %ymm1
+        vpsrlq	$61, %ymm12, %ymm2
+        vpsrlq	$19, %ymm13, %ymm3
+        vpsrlq	$3, %ymm14, %ymm4
+        vpsllq	$28, %ymm10, %ymm10
+        vpsllq	$20, %ymm11, %ymm11
+        vpsllq	$3, %ymm12, %ymm12
+        vpsllq	$45, %ymm13, %ymm13
+        vpsllq	$61, %ymm14, %ymm14
+        vpor	%ymm0, %ymm10, %ymm10
+        vpor	%ymm1, %ymm11, %ymm11
+        vpor	%ymm2, %ymm12, %ymm12
+        vpor	%ymm3, %ymm13, %ymm13
+        vpor	%ymm4, %ymm14, %ymm14
+        vpandn	%ymm12, %ymm11, %ymm0
+        vpandn	%ymm13, %ymm12, %ymm1
+        vpandn	%ymm14, %ymm13, %ymm2
+        vpandn	%ymm10, %ymm14, %ymm3
+        vpandn	%ymm11, %ymm10, %ymm4
+        vpxor	%ymm10, %ymm0, %ymm0
+        vpxor	%ymm11, %ymm1, %ymm1
+        vpxor	%ymm12, %ymm2, %ymm2
+        vpxor	%ymm13, %ymm3, %ymm3
+        vpxor	%ymm14, %ymm4, %ymm4
+        vmovdqu	%ymm0, -64(%rdi)
+        vmovdqu	%ymm1, 32(%rcx)
+        vmovdqu	%ymm2, 96(%rax)
+        vmovdqu	%ymm3, 64(%rax)
+        vmovdqu	%ymm4, 128(%rdi)
+        # Row 2
+        vpxor	(%rdi), %ymm6, %ymm10
+        vpxor	96(%rcx), %ymm7, %ymm11
+        vpxor	-96(%rcx), %ymm8, %ymm12
+        vpxor	-32(%rax), %ymm9, %ymm13
+        vpxor	32(%rdi), %ymm5, %ymm14
+        vpsrlq	$63, %ymm10, %ymm0
+        vpsrlq	$58, %ymm11, %ymm1
+        vpsrlq	$39, %ymm12, %ymm2
+        vpsrlq	$56, %ymm13, %ymm3
+        vpsrlq	$46, %ymm14, %ymm4
+        vpaddq	%ymm10, %ymm10, %ymm10
+        vpsllq	$6, %ymm11, %ymm11
+        vpsllq	$25, %ymm12, %ymm12
+        vpsllq	$8, %ymm13, %ymm13
+        vpsllq	$18, %ymm14, %ymm14
+        vpor	%ymm0, %ymm10, %ymm10
+        vpor	%ymm1, %ymm11, %ymm11
+        vpor	%ymm2, %ymm12, %ymm12
+        vpor	%ymm3, %ymm13, %ymm13
+        vpor	%ymm4, %ymm14, %ymm14
+        vpandn	%ymm12, %ymm11, %ymm0
+        vpandn	%ymm13, %ymm12, %ymm1
+        vpandn	%ymm14, %ymm13, %ymm2
+        vpandn	%ymm10, %ymm14, %ymm3
+        vpandn	%ymm11, %ymm10, %ymm4
+        vpxor	%ymm10, %ymm0, %ymm0
+        vpxor	%ymm11, %ymm1, %ymm1
+        vpxor	%ymm12, %ymm2, %ymm2
+        vpxor	%ymm13, %ymm3, %ymm3
+        vpxor	%ymm14, %ymm4, %ymm4
+        vmovdqu	%ymm0, (%rdi)
+        vmovdqu	%ymm1, 96(%rcx)
+        vmovdqu	%ymm2, -96(%rcx)
+        vmovdqu	%ymm3, -32(%rax)
+        vmovdqu	%ymm4, 32(%rdi)
+        # Row 3
+        vpxor	-96(%rdi), %ymm9, %ymm10
+        vpxor	(%rcx), %ymm5, %ymm11
+        vpxor	-32(%rcx), %ymm6, %ymm12
+        vpxor	32(%rax), %ymm7, %ymm13
+        vpxor	96(%rdi), %ymm8, %ymm14
+        vpsrlq	$37, %ymm10, %ymm0
+        vpsrlq	$28, %ymm11, %ymm1
+        vpsrlq	$54, %ymm12, %ymm2
+        vpsrlq	$49, %ymm13, %ymm3
+        vpsrlq	$8, %ymm14, %ymm4
+        vpsllq	$27, %ymm10, %ymm10
+        vpsllq	$36, %ymm11, %ymm11
+        vpsllq	$10, %ymm12, %ymm12
+        vpsllq	$15, %ymm13, %ymm13
+        vpsllq	$56, %ymm14, %ymm14
+        vpor	%ymm0, %ymm10, %ymm10
+        vpor	%ymm1, %ymm11, %ymm11
+        vpor	%ymm2, %ymm12, %ymm12
+        vpor	%ymm3, %ymm13, %ymm13
+        vpor	%ymm4, %ymm14, %ymm14
+        vpandn	%ymm12, %ymm11, %ymm0
+        vpandn	%ymm13, %ymm12, %ymm1
+        vpandn	%ymm14, %ymm13, %ymm2
+        vpandn	%ymm10, %ymm14, %ymm3
+        vpandn	%ymm11, %ymm10, %ymm4
+        vpxor	%ymm10, %ymm0, %ymm0
+        vpxor	%ymm11, %ymm1, %ymm1
+        vpxor	%ymm12, %ymm2, %ymm2
+        vpxor	%ymm13, %ymm3, %ymm3
+        vpxor	%ymm14, %ymm4, %ymm4
+        vmovdqu	%ymm0, -96(%rdi)
+        vmovdqu	%ymm1, (%rcx)
+        vmovdqu	%ymm2, -32(%rcx)
+        vmovdqu	%ymm3, 32(%rax)
+        vmovdqu	%ymm4, 96(%rdi)
+        # Row 4
+        vpxor	-32(%rdi), %ymm7, %ymm10
+        vpxor	64(%rcx), %ymm8, %ymm11
+        vpxor	128(%rax), %ymm9, %ymm12
+        vpxor	-64(%rax), %ymm5, %ymm13
+        vpxor	-96(%rax), %ymm6, %ymm14
+        vpsrlq	$2, %ymm10, %ymm0
+        vpsrlq	$9, %ymm11, %ymm1
+        vpsrlq	$25, %ymm12, %ymm2
+        vpsrlq	$23, %ymm13, %ymm3
+        vpsrlq	$62, %ymm14, %ymm4
+        vpsllq	$62, %ymm10, %ymm10
+        vpsllq	$55, %ymm11, %ymm11
+        vpsllq	$39, %ymm12, %ymm12
+        vpsllq	$41, %ymm13, %ymm13
+        vpsllq	$2, %ymm14, %ymm14
+        vpor	%ymm0, %ymm10, %ymm10
+        vpor	%ymm1, %ymm11, %ymm11
+        vpor	%ymm2, %ymm12, %ymm12
+        vpor	%ymm3, %ymm13, %ymm13
+        vpor	%ymm4, %ymm14, %ymm14
+        vpandn	%ymm12, %ymm11, %ymm0
+        vpandn	%ymm13, %ymm12, %ymm1
+        vpandn	%ymm14, %ymm13, %ymm2
+        vpandn	%ymm10, %ymm14, %ymm3
+        vpandn	%ymm11, %ymm10, %ymm4
+        vpxor	%ymm10, %ymm0, %ymm0
+        vpxor	%ymm11, %ymm1, %ymm1
+        vpxor	%ymm12, %ymm2, %ymm2
+        vpxor	%ymm13, %ymm3, %ymm3
+        vpxor	%ymm14, %ymm4, %ymm4
+        vmovdqu	%ymm0, -32(%rdi)
+        vmovdqu	%ymm1, 64(%rcx)
+        vmovdqu	%ymm2, 128(%rax)
+        vmovdqu	%ymm3, -64(%rax)
+        vmovdqu	%ymm4, -96(%rax)
+        # Round 13
+        # Calc b[0..4]
+        vpxor	%ymm15, %ymm0, %ymm10
+        vpxor	-96(%rdi), %ymm10, %ymm10
+        vpxor	-64(%rdi), %ymm10, %ymm10
+        vpxor	(%rdi), %ymm10, %ymm10
+        vpxor	32(%rdi), %ymm4, %ymm14
+        vpxor	64(%rdi), %ymm14, %ymm14
+        vpxor	96(%rdi), %ymm14, %ymm14
+        vpxor	128(%rdi), %ymm14, %ymm14
+        vpxor	-32(%rax), %ymm3, %ymm13
+        vpxor	(%rax), %ymm13, %ymm13
+        vpxor	32(%rax), %ymm13, %ymm13
+        vpxor	64(%rax), %ymm13, %ymm13
+        vpxor	96(%rax), %ymm2, %ymm12
+        vpxor	-96(%rcx), %ymm12, %ymm12
+        vpxor	-64(%rcx), %ymm12, %ymm12
+        vpxor	-32(%rcx), %ymm12, %ymm12
+        vpxor	(%rcx), %ymm1, %ymm11
+        vpxor	32(%rcx), %ymm11, %ymm11
+        vpxor	96(%rcx), %ymm11, %ymm11
+        vpxor	128(%rcx), %ymm11, %ymm11
+        # Calc t[0..4]
+        vpsrlq	$63, %ymm11, %ymm0
+        vpsrlq	$63, %ymm12, %ymm1
+        vpsrlq	$63, %ymm13, %ymm2
+        vpsrlq	$63, %ymm14, %ymm3
+        vpsrlq	$63, %ymm10, %ymm4
+        vpaddq	%ymm11, %ymm11, %ymm5
+        vpaddq	%ymm12, %ymm12, %ymm6
+        vpaddq	%ymm13, %ymm13, %ymm7
+        vpaddq	%ymm14, %ymm14, %ymm8
+        vpaddq	%ymm10, %ymm10, %ymm9
+        vpor	%ymm0, %ymm5, %ymm5
+        vpor	%ymm1, %ymm6, %ymm6
+        vpor	%ymm2, %ymm7, %ymm7
+        vpor	%ymm3, %ymm8, %ymm8
+        vpor	%ymm4, %ymm9, %ymm9
+        vpxor	%ymm14, %ymm5, %ymm5
+        vpxor	%ymm10, %ymm6, %ymm6
+        vpxor	%ymm11, %ymm7, %ymm7
+        vpxor	%ymm12, %ymm8, %ymm8
+        vpxor	%ymm13, %ymm9, %ymm9
+        # Row Mix
+        # Row 0
+        vpxor	%ymm15, %ymm5, %ymm10
+        vpxor	32(%rcx), %ymm6, %ymm11
+        vpxor	-96(%rcx), %ymm7, %ymm12
+        vpxor	32(%rax), %ymm8, %ymm13
+        vpxor	-96(%rax), %ymm9, %ymm14
+        vpsrlq	$20, %ymm11, %ymm0
+        vpsrlq	$21, %ymm12, %ymm1
+        vpsrlq	$43, %ymm13, %ymm2
+        vpsrlq	$50, %ymm14, %ymm3
+        vpsllq	$44, %ymm11, %ymm11
+        vpsllq	$43, %ymm12, %ymm12
+        vpsllq	$21, %ymm13, %ymm13
+        vpsllq	$14, %ymm14, %ymm14
+        vpor	%ymm0, %ymm11, %ymm11
+        vpor	%ymm1, %ymm12, %ymm12
+        vpor	%ymm2, %ymm13, %ymm13
+        vpor	%ymm3, %ymm14, %ymm14
+        vpandn	%ymm12, %ymm11, %ymm15
+        vpandn	%ymm13, %ymm12, %ymm1
+        vpandn	%ymm14, %ymm13, %ymm2
+        vpandn	%ymm10, %ymm14, %ymm3
+        vpandn	%ymm11, %ymm10, %ymm4
+        vpxor	%ymm10, %ymm15, %ymm15
+        vpxor	%ymm11, %ymm1, %ymm1
+        vpxor	%ymm12, %ymm2, %ymm2
+        # XOR in constant
+        vpxor	416(%rdx), %ymm15, %ymm15
+        vpxor	%ymm13, %ymm3, %ymm3
+        vpxor	%ymm14, %ymm4, %ymm4
+        vmovdqu	%ymm1, 32(%rcx)
+        vmovdqu	%ymm2, -96(%rcx)
+        vmovdqu	%ymm3, 32(%rax)
+        vmovdqu	%ymm4, -96(%rax)
+        # Row 1
+        vpxor	(%rax), %ymm8, %ymm10
+        vpxor	128(%rdi), %ymm9, %ymm11
+        vpxor	(%rdi), %ymm5, %ymm12
+        vpxor	(%rcx), %ymm6, %ymm13
+        vpxor	128(%rax), %ymm7, %ymm14
+        vpsrlq	$36, %ymm10, %ymm0
+        vpsrlq	$44, %ymm11, %ymm1
+        vpsrlq	$61, %ymm12, %ymm2
+        vpsrlq	$19, %ymm13, %ymm3
+        vpsrlq	$3, %ymm14, %ymm4
+        vpsllq	$28, %ymm10, %ymm10
+        vpsllq	$20, %ymm11, %ymm11
+        vpsllq	$3, %ymm12, %ymm12
+        vpsllq	$45, %ymm13, %ymm13
+        vpsllq	$61, %ymm14, %ymm14
+        vpor	%ymm0, %ymm10, %ymm10
+        vpor	%ymm1, %ymm11, %ymm11
+        vpor	%ymm2, %ymm12, %ymm12
+        vpor	%ymm3, %ymm13, %ymm13
+        vpor	%ymm4, %ymm14, %ymm14
+        vpandn	%ymm12, %ymm11, %ymm0
+        vpandn	%ymm13, %ymm12, %ymm1
+        vpandn	%ymm14, %ymm13, %ymm2
+        vpandn	%ymm10, %ymm14, %ymm3
+        vpandn	%ymm11, %ymm10, %ymm4
+        vpxor	%ymm10, %ymm0, %ymm0
+        vpxor	%ymm11, %ymm1, %ymm1
+        vpxor	%ymm12, %ymm2, %ymm2
+        vpxor	%ymm13, %ymm3, %ymm3
+        vpxor	%ymm14, %ymm4, %ymm4
+        vmovdqu	%ymm0, (%rax)
+        vmovdqu	%ymm1, 128(%rdi)
+        vmovdqu	%ymm2, (%rdi)
+        vmovdqu	%ymm3, (%rcx)
+        vmovdqu	%ymm4, 128(%rax)
+        # Row 2
+        vpxor	128(%rcx), %ymm6, %ymm10
+        vpxor	96(%rax), %ymm7, %ymm11
+        vpxor	-32(%rax), %ymm8, %ymm12
+        vpxor	96(%rdi), %ymm9, %ymm13
+        vpxor	-32(%rdi), %ymm5, %ymm14
+        vpsrlq	$63, %ymm10, %ymm0
+        vpsrlq	$58, %ymm11, %ymm1
+        vpsrlq	$39, %ymm12, %ymm2
+        vpsrlq	$56, %ymm13, %ymm3
+        vpsrlq	$46, %ymm14, %ymm4
+        vpaddq	%ymm10, %ymm10, %ymm10
+        vpsllq	$6, %ymm11, %ymm11
+        vpsllq	$25, %ymm12, %ymm12
+        vpsllq	$8, %ymm13, %ymm13
+        vpsllq	$18, %ymm14, %ymm14
+        vpor	%ymm0, %ymm10, %ymm10
+        vpor	%ymm1, %ymm11, %ymm11
+        vpor	%ymm2, %ymm12, %ymm12
+        vpor	%ymm3, %ymm13, %ymm13
+        vpor	%ymm4, %ymm14, %ymm14
+        vpandn	%ymm12, %ymm11, %ymm0
+        vpandn	%ymm13, %ymm12, %ymm1
+        vpandn	%ymm14, %ymm13, %ymm2
+        vpandn	%ymm10, %ymm14, %ymm3
+        vpandn	%ymm11, %ymm10, %ymm4
+        vpxor	%ymm10, %ymm0, %ymm0
+        vpxor	%ymm11, %ymm1, %ymm1
+        vpxor	%ymm12, %ymm2, %ymm2
+        vpxor	%ymm13, %ymm3, %ymm3
+        vpxor	%ymm14, %ymm4, %ymm4
+        vmovdqu	%ymm0, 128(%rcx)
+        vmovdqu	%ymm1, 96(%rax)
+        vmovdqu	%ymm2, -32(%rax)
+        vmovdqu	%ymm3, 96(%rdi)
+        vmovdqu	%ymm4, -32(%rdi)
+        # Row 3
+        vpxor	64(%rdi), %ymm9, %ymm10
+        vpxor	-64(%rdi), %ymm5, %ymm11
+        vpxor	96(%rcx), %ymm6, %ymm12
+        vpxor	-32(%rcx), %ymm7, %ymm13
+        vpxor	-64(%rax), %ymm8, %ymm14
+        vpsrlq	$37, %ymm10, %ymm0
+        vpsrlq	$28, %ymm11, %ymm1
+        vpsrlq	$54, %ymm12, %ymm2
+        vpsrlq	$49, %ymm13, %ymm3
+        vpsrlq	$8, %ymm14, %ymm4
+        vpsllq	$27, %ymm10, %ymm10
+        vpsllq	$36, %ymm11, %ymm11
+        vpsllq	$10, %ymm12, %ymm12
+        vpsllq	$15, %ymm13, %ymm13
+        vpsllq	$56, %ymm14, %ymm14
+        vpor	%ymm0, %ymm10, %ymm10
+        vpor	%ymm1, %ymm11, %ymm11
+        vpor	%ymm2, %ymm12, %ymm12
+        vpor	%ymm3, %ymm13, %ymm13
+        vpor	%ymm4, %ymm14, %ymm14
+        vpandn	%ymm12, %ymm11, %ymm0
+        vpandn	%ymm13, %ymm12, %ymm1
+        vpandn	%ymm14, %ymm13, %ymm2
+        vpandn	%ymm10, %ymm14, %ymm3
+        vpandn	%ymm11, %ymm10, %ymm4
+        vpxor	%ymm10, %ymm0, %ymm0
+        vpxor	%ymm11, %ymm1, %ymm1
+        vpxor	%ymm12, %ymm2, %ymm2
+        vpxor	%ymm13, %ymm3, %ymm3
+        vpxor	%ymm14, %ymm4, %ymm4
+        vmovdqu	%ymm0, 64(%rdi)
+        vmovdqu	%ymm1, -64(%rdi)
+        vmovdqu	%ymm2, 96(%rcx)
+        vmovdqu	%ymm3, -32(%rcx)
+        vmovdqu	%ymm4, -64(%rax)
+        # Row 4
+        vpxor	-64(%rcx), %ymm7, %ymm10
+        vpxor	64(%rax), %ymm8, %ymm11
+        vpxor	32(%rdi), %ymm9, %ymm12
+        vpxor	-96(%rdi), %ymm5, %ymm13
+        vpxor	64(%rcx), %ymm6, %ymm14
+        vpsrlq	$2, %ymm10, %ymm0
+        vpsrlq	$9, %ymm11, %ymm1
+        vpsrlq	$25, %ymm12, %ymm2
+        vpsrlq	$23, %ymm13, %ymm3
+        vpsrlq	$62, %ymm14, %ymm4
+        vpsllq	$62, %ymm10, %ymm10
+        vpsllq	$55, %ymm11, %ymm11
+        vpsllq	$39, %ymm12, %ymm12
+        vpsllq	$41, %ymm13, %ymm13
+        vpsllq	$2, %ymm14, %ymm14
+        vpor	%ymm0, %ymm10, %ymm10
+        vpor	%ymm1, %ymm11, %ymm11
+        vpor	%ymm2, %ymm12, %ymm12
+        vpor	%ymm3, %ymm13, %ymm13
+        vpor	%ymm4, %ymm14, %ymm14
+        vpandn	%ymm12, %ymm11, %ymm0
+        vpandn	%ymm13, %ymm12, %ymm1
+        vpandn	%ymm14, %ymm13, %ymm2
+        vpandn	%ymm10, %ymm14, %ymm3
+        vpandn	%ymm11, %ymm10, %ymm4
+        vpxor	%ymm10, %ymm0, %ymm0
+        vpxor	%ymm11, %ymm1, %ymm1
+        vpxor	%ymm12, %ymm2, %ymm2
+        vpxor	%ymm13, %ymm3, %ymm3
+        vpxor	%ymm14, %ymm4, %ymm4
+        vmovdqu	%ymm0, -64(%rcx)
+        vmovdqu	%ymm1, 64(%rax)
+        vmovdqu	%ymm2, 32(%rdi)
+        vmovdqu	%ymm3, -96(%rdi)
+        vmovdqu	%ymm4, 64(%rcx)
+        # Round 14
+        # Calc b[0..4]
+        vpxor	%ymm15, %ymm0, %ymm10
+        vpxor	-64(%rdi), %ymm1, %ymm11
+        vpxor	-32(%rdi), %ymm4, %ymm14
+        vpxor	(%rdi), %ymm2, %ymm12
+        vpxor	64(%rdi), %ymm10, %ymm10
+        vpxor	96(%rdi), %ymm3, %ymm13
+        vpxor	128(%rdi), %ymm11, %ymm11
+        vpxor	-96(%rax), %ymm14, %ymm14
+        vpxor	-64(%rax), %ymm14, %ymm14
+        vpxor	-32(%rax), %ymm12, %ymm12
+        vpxor	(%rax), %ymm10, %ymm10
+        vpxor	32(%rax), %ymm13, %ymm13
+        vpxor	96(%rax), %ymm11, %ymm11
+        vpxor	128(%rax), %ymm14, %ymm14
+        vpxor	-96(%rcx), %ymm12, %ymm12
+        vpxor	-32(%rcx), %ymm13, %ymm13
+        vpxor	(%rcx), %ymm13, %ymm13
+        vpxor	32(%rcx), %ymm11, %ymm11
+        vpxor	96(%rcx), %ymm12, %ymm12
+        vpxor	128(%rcx), %ymm10, %ymm10
+        # Calc t[0..4]
+        vpsrlq	$63, %ymm11, %ymm0
+        vpsrlq	$63, %ymm12, %ymm1
+        vpsrlq	$63, %ymm13, %ymm2
+        vpsrlq	$63, %ymm14, %ymm3
+        vpsrlq	$63, %ymm10, %ymm4
+        vpaddq	%ymm11, %ymm11, %ymm5
+        vpaddq	%ymm12, %ymm12, %ymm6
+        vpaddq	%ymm13, %ymm13, %ymm7
+        vpaddq	%ymm14, %ymm14, %ymm8
+        vpaddq	%ymm10, %ymm10, %ymm9
+        vpor	%ymm0, %ymm5, %ymm5
+        vpor	%ymm1, %ymm6, %ymm6
+        vpor	%ymm2, %ymm7, %ymm7
+        vpor	%ymm3, %ymm8, %ymm8
+        vpor	%ymm4, %ymm9, %ymm9
+        vpxor	%ymm14, %ymm5, %ymm5
+        vpxor	%ymm10, %ymm6, %ymm6
+        vpxor	%ymm11, %ymm7, %ymm7
+        vpxor	%ymm12, %ymm8, %ymm8
+        vpxor	%ymm13, %ymm9, %ymm9
+        # Row Mix
+        # Row 0
+        vpxor	%ymm15, %ymm5, %ymm10
+        vpxor	128(%rdi), %ymm6, %ymm11
+        vpxor	-32(%rax), %ymm7, %ymm12
+        vpxor	-32(%rcx), %ymm8, %ymm13
+        vpxor	64(%rcx), %ymm9, %ymm14
+        vpsrlq	$20, %ymm11, %ymm0
+        vpsrlq	$21, %ymm12, %ymm1
+        vpsrlq	$43, %ymm13, %ymm2
+        vpsrlq	$50, %ymm14, %ymm3
+        vpsllq	$44, %ymm11, %ymm11
+        vpsllq	$43, %ymm12, %ymm12
+        vpsllq	$21, %ymm13, %ymm13
+        vpsllq	$14, %ymm14, %ymm14
+        vpor	%ymm0, %ymm11, %ymm11
+        vpor	%ymm1, %ymm12, %ymm12
+        vpor	%ymm2, %ymm13, %ymm13
+        vpor	%ymm3, %ymm14, %ymm14
+        vpandn	%ymm12, %ymm11, %ymm15
+        vpandn	%ymm13, %ymm12, %ymm1
+        vpandn	%ymm14, %ymm13, %ymm2
+        vpandn	%ymm10, %ymm14, %ymm3
+        vpandn	%ymm11, %ymm10, %ymm4
+        vpxor	%ymm10, %ymm15, %ymm15
+        vpxor	%ymm11, %ymm1, %ymm1
+        vpxor	%ymm12, %ymm2, %ymm2
+        # XOR in constant
+        vpxor	448(%rdx), %ymm15, %ymm15
+        vpxor	%ymm13, %ymm3, %ymm3
+        vpxor	%ymm14, %ymm4, %ymm4
+        vmovdqu	%ymm1, 128(%rdi)
+        vmovdqu	%ymm2, -32(%rax)
+        vmovdqu	%ymm3, -32(%rcx)
+        vmovdqu	%ymm4, 64(%rcx)
+        # Row 1
+        vpxor	32(%rax), %ymm8, %ymm10
+        vpxor	128(%rax), %ymm9, %ymm11
+        vpxor	128(%rcx), %ymm5, %ymm12
+        vpxor	-64(%rdi), %ymm6, %ymm13
+        vpxor	32(%rdi), %ymm7, %ymm14
+        vpsrlq	$36, %ymm10, %ymm0
+        vpsrlq	$44, %ymm11, %ymm1
+        vpsrlq	$61, %ymm12, %ymm2
+        vpsrlq	$19, %ymm13, %ymm3
+        vpsrlq	$3, %ymm14, %ymm4
+        vpsllq	$28, %ymm10, %ymm10
+        vpsllq	$20, %ymm11, %ymm11
+        vpsllq	$3, %ymm12, %ymm12
+        vpsllq	$45, %ymm13, %ymm13
+        vpsllq	$61, %ymm14, %ymm14
+        vpor	%ymm0, %ymm10, %ymm10
+        vpor	%ymm1, %ymm11, %ymm11
+        vpor	%ymm2, %ymm12, %ymm12
+        vpor	%ymm3, %ymm13, %ymm13
+        vpor	%ymm4, %ymm14, %ymm14
+        vpandn	%ymm12, %ymm11, %ymm0
+        vpandn	%ymm13, %ymm12, %ymm1
+        vpandn	%ymm14, %ymm13, %ymm2
+        vpandn	%ymm10, %ymm14, %ymm3
+        vpandn	%ymm11, %ymm10, %ymm4
+        vpxor	%ymm10, %ymm0, %ymm0
+        vpxor	%ymm11, %ymm1, %ymm1
+        vpxor	%ymm12, %ymm2, %ymm2
+        vpxor	%ymm13, %ymm3, %ymm3
+        vpxor	%ymm14, %ymm4, %ymm4
+        vmovdqu	%ymm0, 32(%rax)
+        vmovdqu	%ymm1, 128(%rax)
+        vmovdqu	%ymm2, 128(%rcx)
+        vmovdqu	%ymm3, -64(%rdi)
+        vmovdqu	%ymm4, 32(%rdi)
+        # Row 2
+        vpxor	32(%rcx), %ymm6, %ymm10
+        vpxor	(%rdi), %ymm7, %ymm11
+        vpxor	96(%rdi), %ymm8, %ymm12
+        vpxor	-64(%rax), %ymm9, %ymm13
+        vpxor	-64(%rcx), %ymm5, %ymm14
+        vpsrlq	$63, %ymm10, %ymm0
+        vpsrlq	$58, %ymm11, %ymm1
+        vpsrlq	$39, %ymm12, %ymm2
+        vpsrlq	$56, %ymm13, %ymm3
+        vpsrlq	$46, %ymm14, %ymm4
+        vpaddq	%ymm10, %ymm10, %ymm10
+        vpsllq	$6, %ymm11, %ymm11
+        vpsllq	$25, %ymm12, %ymm12
+        vpsllq	$8, %ymm13, %ymm13
+        vpsllq	$18, %ymm14, %ymm14
+        vpor	%ymm0, %ymm10, %ymm10
+        vpor	%ymm1, %ymm11, %ymm11
+        vpor	%ymm2, %ymm12, %ymm12
+        vpor	%ymm3, %ymm13, %ymm13
+        vpor	%ymm4, %ymm14, %ymm14
+        vpandn	%ymm12, %ymm11, %ymm0
+        vpandn	%ymm13, %ymm12, %ymm1
+        vpandn	%ymm14, %ymm13, %ymm2
+        vpandn	%ymm10, %ymm14, %ymm3
+        vpandn	%ymm11, %ymm10, %ymm4
+        vpxor	%ymm10, %ymm0, %ymm0
+        vpxor	%ymm11, %ymm1, %ymm1
+        vpxor	%ymm12, %ymm2, %ymm2
+        vpxor	%ymm13, %ymm3, %ymm3
+        vpxor	%ymm14, %ymm4, %ymm4
+        vmovdqu	%ymm0, 32(%rcx)
+        vmovdqu	%ymm1, (%rdi)
+        vmovdqu	%ymm2, 96(%rdi)
+        vmovdqu	%ymm3, -64(%rax)
+        vmovdqu	%ymm4, -64(%rcx)
+        # Row 3
+        vpxor	-96(%rax), %ymm9, %ymm10
+        vpxor	(%rax), %ymm5, %ymm11
+        vpxor	96(%rax), %ymm6, %ymm12
+        vpxor	96(%rcx), %ymm7, %ymm13
+        vpxor	-96(%rdi), %ymm8, %ymm14
+        vpsrlq	$37, %ymm10, %ymm0
+        vpsrlq	$28, %ymm11, %ymm1
+        vpsrlq	$54, %ymm12, %ymm2
+        vpsrlq	$49, %ymm13, %ymm3
+        vpsrlq	$8, %ymm14, %ymm4
+        vpsllq	$27, %ymm10, %ymm10
+        vpsllq	$36, %ymm11, %ymm11
+        vpsllq	$10, %ymm12, %ymm12
+        vpsllq	$15, %ymm13, %ymm13
+        vpsllq	$56, %ymm14, %ymm14
+        vpor	%ymm0, %ymm10, %ymm10
+        vpor	%ymm1, %ymm11, %ymm11
+        vpor	%ymm2, %ymm12, %ymm12
+        vpor	%ymm3, %ymm13, %ymm13
+        vpor	%ymm4, %ymm14, %ymm14
+        vpandn	%ymm12, %ymm11, %ymm0
+        vpandn	%ymm13, %ymm12, %ymm1
+        vpandn	%ymm14, %ymm13, %ymm2
+        vpandn	%ymm10, %ymm14, %ymm3
+        vpandn	%ymm11, %ymm10, %ymm4
+        vpxor	%ymm10, %ymm0, %ymm0
+        vpxor	%ymm11, %ymm1, %ymm1
+        vpxor	%ymm12, %ymm2, %ymm2
+        vpxor	%ymm13, %ymm3, %ymm3
+        vpxor	%ymm14, %ymm4, %ymm4
+        vmovdqu	%ymm0, -96(%rax)
+        vmovdqu	%ymm1, (%rax)
+        vmovdqu	%ymm2, 96(%rax)
+        vmovdqu	%ymm3, 96(%rcx)
+        vmovdqu	%ymm4, -96(%rdi)
+        # Row 4
+        vpxor	-96(%rcx), %ymm7, %ymm10
+        vpxor	(%rcx), %ymm8, %ymm11
+        vpxor	-32(%rdi), %ymm9, %ymm12
+        vpxor	64(%rdi), %ymm5, %ymm13
+        vpxor	64(%rax), %ymm6, %ymm14
+        vpsrlq	$2, %ymm10, %ymm0
+        vpsrlq	$9, %ymm11, %ymm1
+        vpsrlq	$25, %ymm12, %ymm2
+        vpsrlq	$23, %ymm13, %ymm3
+        vpsrlq	$62, %ymm14, %ymm4
+        vpsllq	$62, %ymm10, %ymm10
+        vpsllq	$55, %ymm11, %ymm11
+        vpsllq	$39, %ymm12, %ymm12
+        vpsllq	$41, %ymm13, %ymm13
+        vpsllq	$2, %ymm14, %ymm14
+        vpor	%ymm0, %ymm10, %ymm10
+        vpor	%ymm1, %ymm11, %ymm11
+        vpor	%ymm2, %ymm12, %ymm12
+        vpor	%ymm3, %ymm13, %ymm13
+        vpor	%ymm4, %ymm14, %ymm14
+        vpandn	%ymm12, %ymm11, %ymm0
+        vpandn	%ymm13, %ymm12, %ymm1
+        vpandn	%ymm14, %ymm13, %ymm2
+        vpandn	%ymm10, %ymm14, %ymm3
+        vpandn	%ymm11, %ymm10, %ymm4
+        vpxor	%ymm10, %ymm0, %ymm0
+        vpxor	%ymm11, %ymm1, %ymm1
+        vpxor	%ymm12, %ymm2, %ymm2
+        vpxor	%ymm13, %ymm3, %ymm3
+        vpxor	%ymm14, %ymm4, %ymm4
+        vmovdqu	%ymm0, -96(%rcx)
+        vmovdqu	%ymm1, (%rcx)
+        vmovdqu	%ymm2, -32(%rdi)
+        vmovdqu	%ymm3, 64(%rdi)
+        vmovdqu	%ymm4, 64(%rax)
+        # Round 15
+        # Calc b[0..4]
+        vpxor	%ymm15, %ymm0, %ymm10
+        vpxor	-96(%rdi), %ymm4, %ymm14
+        vpxor	-64(%rdi), %ymm3, %ymm13
+        vpxor	(%rdi), %ymm1, %ymm11
+        vpxor	32(%rdi), %ymm14, %ymm14
+        vpxor	96(%rdi), %ymm2, %ymm12
+        vpxor	128(%rdi), %ymm11, %ymm11
+        vpxor	-96(%rax), %ymm10, %ymm10
+        vpxor	-64(%rax), %ymm13, %ymm13
+        vpxor	-32(%rax), %ymm12, %ymm12
+        vpxor	(%rax), %ymm11, %ymm11
+        vpxor	32(%rax), %ymm10, %ymm10
+        vpxor	96(%rax), %ymm12, %ymm12
+        vpxor	128(%rax), %ymm11, %ymm11
+        vpxor	-64(%rcx), %ymm14, %ymm14
+        vpxor	-32(%rcx), %ymm13, %ymm13
+        vpxor	32(%rcx), %ymm10, %ymm10
+        vpxor	64(%rcx), %ymm14, %ymm14
+        vpxor	96(%rcx), %ymm13, %ymm13
+        vpxor	128(%rcx), %ymm12, %ymm12
+        # Calc t[0..4]
+        vpsrlq	$63, %ymm11, %ymm0
+        vpsrlq	$63, %ymm12, %ymm1
+        vpsrlq	$63, %ymm13, %ymm2
+        vpsrlq	$63, %ymm14, %ymm3
+        vpsrlq	$63, %ymm10, %ymm4
+        vpaddq	%ymm11, %ymm11, %ymm5
+        vpaddq	%ymm12, %ymm12, %ymm6
+        vpaddq	%ymm13, %ymm13, %ymm7
+        vpaddq	%ymm14, %ymm14, %ymm8
+        vpaddq	%ymm10, %ymm10, %ymm9
+        vpor	%ymm0, %ymm5, %ymm5
+        vpor	%ymm1, %ymm6, %ymm6
+        vpor	%ymm2, %ymm7, %ymm7
+        vpor	%ymm3, %ymm8, %ymm8
+        vpor	%ymm4, %ymm9, %ymm9
+        vpxor	%ymm14, %ymm5, %ymm5
+        vpxor	%ymm10, %ymm6, %ymm6
+        vpxor	%ymm11, %ymm7, %ymm7
+        vpxor	%ymm12, %ymm8, %ymm8
+        vpxor	%ymm13, %ymm9, %ymm9
+        # Row Mix
+        # Row 0
+        vpxor	%ymm15, %ymm5, %ymm10
+        vpxor	128(%rax), %ymm6, %ymm11
+        vpxor	96(%rdi), %ymm7, %ymm12
+        vpxor	96(%rcx), %ymm8, %ymm13
+        vpxor	64(%rax), %ymm9, %ymm14
+        vpsrlq	$20, %ymm11, %ymm0
+        vpsrlq	$21, %ymm12, %ymm1
+        vpsrlq	$43, %ymm13, %ymm2
+        vpsrlq	$50, %ymm14, %ymm3
+        vpsllq	$44, %ymm11, %ymm11
+        vpsllq	$43, %ymm12, %ymm12
+        vpsllq	$21, %ymm13, %ymm13
+        vpsllq	$14, %ymm14, %ymm14
+        vpor	%ymm0, %ymm11, %ymm11
+        vpor	%ymm1, %ymm12, %ymm12
+        vpor	%ymm2, %ymm13, %ymm13
+        vpor	%ymm3, %ymm14, %ymm14
+        vpandn	%ymm12, %ymm11, %ymm15
+        vpandn	%ymm13, %ymm12, %ymm1
+        vpandn	%ymm14, %ymm13, %ymm2
+        vpandn	%ymm10, %ymm14, %ymm3
+        vpandn	%ymm11, %ymm10, %ymm4
+        vpxor	%ymm10, %ymm15, %ymm15
+        vpxor	%ymm11, %ymm1, %ymm1
+        vpxor	%ymm12, %ymm2, %ymm2
+        # XOR in constant
+        vpxor	480(%rdx), %ymm15, %ymm15
+        vpxor	%ymm13, %ymm3, %ymm3
+        vpxor	%ymm14, %ymm4, %ymm4
+        vmovdqu	%ymm1, 128(%rax)
+        vmovdqu	%ymm2, 96(%rdi)
+        vmovdqu	%ymm3, 96(%rcx)
+        vmovdqu	%ymm4, 64(%rax)
+        # Row 1
+        vpxor	-32(%rcx), %ymm8, %ymm10
+        vpxor	32(%rdi), %ymm9, %ymm11
+        vpxor	32(%rcx), %ymm5, %ymm12
+        vpxor	(%rax), %ymm6, %ymm13
+        vpxor	-32(%rdi), %ymm7, %ymm14
+        vpsrlq	$36, %ymm10, %ymm0
+        vpsrlq	$44, %ymm11, %ymm1
+        vpsrlq	$61, %ymm12, %ymm2
+        vpsrlq	$19, %ymm13, %ymm3
+        vpsrlq	$3, %ymm14, %ymm4
+        vpsllq	$28, %ymm10, %ymm10
+        vpsllq	$20, %ymm11, %ymm11
+        vpsllq	$3, %ymm12, %ymm12
+        vpsllq	$45, %ymm13, %ymm13
+        vpsllq	$61, %ymm14, %ymm14
+        vpor	%ymm0, %ymm10, %ymm10
+        vpor	%ymm1, %ymm11, %ymm11
+        vpor	%ymm2, %ymm12, %ymm12
+        vpor	%ymm3, %ymm13, %ymm13
+        vpor	%ymm4, %ymm14, %ymm14
+        vpandn	%ymm12, %ymm11, %ymm0
+        vpandn	%ymm13, %ymm12, %ymm1
+        vpandn	%ymm14, %ymm13, %ymm2
+        vpandn	%ymm10, %ymm14, %ymm3
+        vpandn	%ymm11, %ymm10, %ymm4
+        vpxor	%ymm10, %ymm0, %ymm0
+        vpxor	%ymm11, %ymm1, %ymm1
+        vpxor	%ymm12, %ymm2, %ymm2
+        vpxor	%ymm13, %ymm3, %ymm3
+        vpxor	%ymm14, %ymm4, %ymm4
+        vmovdqu	%ymm0, -32(%rcx)
+        vmovdqu	%ymm1, 32(%rdi)
+        vmovdqu	%ymm2, 32(%rcx)
+        vmovdqu	%ymm3, (%rax)
+        vmovdqu	%ymm4, -32(%rdi)
+        # Row 2
+        vpxor	128(%rdi), %ymm6, %ymm10
+        vpxor	128(%rcx), %ymm7, %ymm11
+        vpxor	-64(%rax), %ymm8, %ymm12
+        vpxor	-96(%rdi), %ymm9, %ymm13
+        vpxor	-96(%rcx), %ymm5, %ymm14
+        vpsrlq	$63, %ymm10, %ymm0
+        vpsrlq	$58, %ymm11, %ymm1
+        vpsrlq	$39, %ymm12, %ymm2
+        vpsrlq	$56, %ymm13, %ymm3
+        vpsrlq	$46, %ymm14, %ymm4
+        vpaddq	%ymm10, %ymm10, %ymm10
+        vpsllq	$6, %ymm11, %ymm11
+        vpsllq	$25, %ymm12, %ymm12
+        vpsllq	$8, %ymm13, %ymm13
+        vpsllq	$18, %ymm14, %ymm14
+        vpor	%ymm0, %ymm10, %ymm10
+        vpor	%ymm1, %ymm11, %ymm11
+        vpor	%ymm2, %ymm12, %ymm12
+        vpor	%ymm3, %ymm13, %ymm13
+        vpor	%ymm4, %ymm14, %ymm14
+        vpandn	%ymm12, %ymm11, %ymm0
+        vpandn	%ymm13, %ymm12, %ymm1
+        vpandn	%ymm14, %ymm13, %ymm2
+        vpandn	%ymm10, %ymm14, %ymm3
+        vpandn	%ymm11, %ymm10, %ymm4
+        vpxor	%ymm10, %ymm0, %ymm0
+        vpxor	%ymm11, %ymm1, %ymm1
+        vpxor	%ymm12, %ymm2, %ymm2
+        vpxor	%ymm13, %ymm3, %ymm3
+        vpxor	%ymm14, %ymm4, %ymm4
+        vmovdqu	%ymm0, 128(%rdi)
+        vmovdqu	%ymm1, 128(%rcx)
+        vmovdqu	%ymm2, -64(%rax)
+        vmovdqu	%ymm3, -96(%rdi)
+        vmovdqu	%ymm4, -96(%rcx)
+        # Row 3
+        vpxor	64(%rcx), %ymm9, %ymm10
+        vpxor	32(%rax), %ymm5, %ymm11
+        vpxor	(%rdi), %ymm6, %ymm12
+        vpxor	96(%rax), %ymm7, %ymm13
+        vpxor	64(%rdi), %ymm8, %ymm14
+        vpsrlq	$37, %ymm10, %ymm0
+        vpsrlq	$28, %ymm11, %ymm1
+        vpsrlq	$54, %ymm12, %ymm2
+        vpsrlq	$49, %ymm13, %ymm3
+        vpsrlq	$8, %ymm14, %ymm4
+        vpsllq	$27, %ymm10, %ymm10
+        vpsllq	$36, %ymm11, %ymm11
+        vpsllq	$10, %ymm12, %ymm12
+        vpsllq	$15, %ymm13, %ymm13
+        vpsllq	$56, %ymm14, %ymm14
+        vpor	%ymm0, %ymm10, %ymm10
+        vpor	%ymm1, %ymm11, %ymm11
+        vpor	%ymm2, %ymm12, %ymm12
+        vpor	%ymm3, %ymm13, %ymm13
+        vpor	%ymm4, %ymm14, %ymm14
+        vpandn	%ymm12, %ymm11, %ymm0
+        vpandn	%ymm13, %ymm12, %ymm1
+        vpandn	%ymm14, %ymm13, %ymm2
+        vpandn	%ymm10, %ymm14, %ymm3
+        vpandn	%ymm11, %ymm10, %ymm4
+        vpxor	%ymm10, %ymm0, %ymm0
+        vpxor	%ymm11, %ymm1, %ymm1
+        vpxor	%ymm12, %ymm2, %ymm2
+        vpxor	%ymm13, %ymm3, %ymm3
+        vpxor	%ymm14, %ymm4, %ymm4
+        vmovdqu	%ymm0, 64(%rcx)
+        vmovdqu	%ymm1, 32(%rax)
+        vmovdqu	%ymm2, (%rdi)
+        vmovdqu	%ymm3, 96(%rax)
+        vmovdqu	%ymm4, 64(%rdi)
+        # Row 4
+        vpxor	-32(%rax), %ymm7, %ymm10
+        vpxor	-64(%rdi), %ymm8, %ymm11
+        vpxor	-64(%rcx), %ymm9, %ymm12
+        vpxor	-96(%rax), %ymm5, %ymm13
+        vpxor	(%rcx), %ymm6, %ymm14
+        vpsrlq	$2, %ymm10, %ymm0
+        vpsrlq	$9, %ymm11, %ymm1
+        vpsrlq	$25, %ymm12, %ymm2
+        vpsrlq	$23, %ymm13, %ymm3
+        vpsrlq	$62, %ymm14, %ymm4
+        vpsllq	$62, %ymm10, %ymm10
+        vpsllq	$55, %ymm11, %ymm11
+        vpsllq	$39, %ymm12, %ymm12
+        vpsllq	$41, %ymm13, %ymm13
+        vpsllq	$2, %ymm14, %ymm14
+        vpor	%ymm0, %ymm10, %ymm10
+        vpor	%ymm1, %ymm11, %ymm11
+        vpor	%ymm2, %ymm12, %ymm12
+        vpor	%ymm3, %ymm13, %ymm13
+        vpor	%ymm4, %ymm14, %ymm14
+        vpandn	%ymm12, %ymm11, %ymm0
+        vpandn	%ymm13, %ymm12, %ymm1
+        vpandn	%ymm14, %ymm13, %ymm2
+        vpandn	%ymm10, %ymm14, %ymm3
+        vpandn	%ymm11, %ymm10, %ymm4
+        vpxor	%ymm10, %ymm0, %ymm0
+        vpxor	%ymm11, %ymm1, %ymm1
+        vpxor	%ymm12, %ymm2, %ymm2
+        vpxor	%ymm13, %ymm3, %ymm3
+        vpxor	%ymm14, %ymm4, %ymm4
+        vmovdqu	%ymm0, -32(%rax)
+        vmovdqu	%ymm1, -64(%rdi)
+        vmovdqu	%ymm2, -64(%rcx)
+        vmovdqu	%ymm3, -96(%rax)
+        vmovdqu	%ymm4, (%rcx)
+        # Round 16
+        # Calc b[0..4]
+        vpxor	%ymm15, %ymm0, %ymm10
+        vpxor	-96(%rdi), %ymm3, %ymm13
+        vpxor	-32(%rdi), %ymm4, %ymm14
+        vpxor	(%rdi), %ymm2, %ymm12
+        vpxor	32(%rdi), %ymm1, %ymm11
+        vpxor	64(%rdi), %ymm14, %ymm14
+        vpxor	96(%rdi), %ymm12, %ymm12
+        vpxor	128(%rdi), %ymm10, %ymm10
+        vpxor	-64(%rax), %ymm12, %ymm12
+        vpxor	(%rax), %ymm13, %ymm13
+        vpxor	32(%rax), %ymm11, %ymm11
+        vpxor	64(%rax), %ymm14, %ymm14
+        vpxor	96(%rax), %ymm13, %ymm13
+        vpxor	128(%rax), %ymm11, %ymm11
+        vpxor	-96(%rcx), %ymm14, %ymm14
+        vpxor	-32(%rcx), %ymm10, %ymm10
+        vpxor	32(%rcx), %ymm12, %ymm12
+        vpxor	64(%rcx), %ymm10, %ymm10
+        vpxor	96(%rcx), %ymm13, %ymm13
+        vpxor	128(%rcx), %ymm11, %ymm11
+        # Calc t[0..4]
+        vpsrlq	$63, %ymm11, %ymm0
+        vpsrlq	$63, %ymm12, %ymm1
+        vpsrlq	$63, %ymm13, %ymm2
+        vpsrlq	$63, %ymm14, %ymm3
+        vpsrlq	$63, %ymm10, %ymm4
+        vpaddq	%ymm11, %ymm11, %ymm5
+        vpaddq	%ymm12, %ymm12, %ymm6
+        vpaddq	%ymm13, %ymm13, %ymm7
+        vpaddq	%ymm14, %ymm14, %ymm8
+        vpaddq	%ymm10, %ymm10, %ymm9
+        vpor	%ymm0, %ymm5, %ymm5
+        vpor	%ymm1, %ymm6, %ymm6
+        vpor	%ymm2, %ymm7, %ymm7
+        vpor	%ymm3, %ymm8, %ymm8
+        vpor	%ymm4, %ymm9, %ymm9
+        vpxor	%ymm14, %ymm5, %ymm5
+        vpxor	%ymm10, %ymm6, %ymm6
+        vpxor	%ymm11, %ymm7, %ymm7
+        vpxor	%ymm12, %ymm8, %ymm8
+        vpxor	%ymm13, %ymm9, %ymm9
+        # Row Mix
+        # Row 0
+        vpxor	%ymm15, %ymm5, %ymm10
+        vpxor	32(%rdi), %ymm6, %ymm11
+        vpxor	-64(%rax), %ymm7, %ymm12
+        vpxor	96(%rax), %ymm8, %ymm13
+        vpxor	(%rcx), %ymm9, %ymm14
+        vpsrlq	$20, %ymm11, %ymm0
+        vpsrlq	$21, %ymm12, %ymm1
+        vpsrlq	$43, %ymm13, %ymm2
+        vpsrlq	$50, %ymm14, %ymm3
+        vpsllq	$44, %ymm11, %ymm11
+        vpsllq	$43, %ymm12, %ymm12
+        vpsllq	$21, %ymm13, %ymm13
+        vpsllq	$14, %ymm14, %ymm14
+        vpor	%ymm0, %ymm11, %ymm11
+        vpor	%ymm1, %ymm12, %ymm12
+        vpor	%ymm2, %ymm13, %ymm13
+        vpor	%ymm3, %ymm14, %ymm14
+        vpandn	%ymm12, %ymm11, %ymm15
+        vpandn	%ymm13, %ymm12, %ymm1
+        vpandn	%ymm14, %ymm13, %ymm2
+        vpandn	%ymm10, %ymm14, %ymm3
+        vpandn	%ymm11, %ymm10, %ymm4
+        vpxor	%ymm10, %ymm15, %ymm15
+        vpxor	%ymm11, %ymm1, %ymm1
+        vpxor	%ymm12, %ymm2, %ymm2
+        # XOR in constant
+        vpxor	512(%rdx), %ymm15, %ymm15
+        vpxor	%ymm13, %ymm3, %ymm3
+        vpxor	%ymm14, %ymm4, %ymm4
+        vmovdqu	%ymm1, 32(%rdi)
+        vmovdqu	%ymm2, -64(%rax)
+        vmovdqu	%ymm3, 96(%rax)
+        vmovdqu	%ymm4, (%rcx)
+        # Row 1
+        vpxor	96(%rcx), %ymm8, %ymm10
+        vpxor	-32(%rdi), %ymm9, %ymm11
+        vpxor	128(%rdi), %ymm5, %ymm12
+        vpxor	32(%rax), %ymm6, %ymm13
+        vpxor	-64(%rcx), %ymm7, %ymm14
+        vpsrlq	$36, %ymm10, %ymm0
+        vpsrlq	$44, %ymm11, %ymm1
+        vpsrlq	$61, %ymm12, %ymm2
+        vpsrlq	$19, %ymm13, %ymm3
+        vpsrlq	$3, %ymm14, %ymm4
+        vpsllq	$28, %ymm10, %ymm10
+        vpsllq	$20, %ymm11, %ymm11
+        vpsllq	$3, %ymm12, %ymm12
+        vpsllq	$45, %ymm13, %ymm13
+        vpsllq	$61, %ymm14, %ymm14
+        vpor	%ymm0, %ymm10, %ymm10
+        vpor	%ymm1, %ymm11, %ymm11
+        vpor	%ymm2, %ymm12, %ymm12
+        vpor	%ymm3, %ymm13, %ymm13
+        vpor	%ymm4, %ymm14, %ymm14
+        vpandn	%ymm12, %ymm11, %ymm0
+        vpandn	%ymm13, %ymm12, %ymm1
+        vpandn	%ymm14, %ymm13, %ymm2
+        vpandn	%ymm10, %ymm14, %ymm3
+        vpandn	%ymm11, %ymm10, %ymm4
+        vpxor	%ymm10, %ymm0, %ymm0
+        vpxor	%ymm11, %ymm1, %ymm1
+        vpxor	%ymm12, %ymm2, %ymm2
+        vpxor	%ymm13, %ymm3, %ymm3
+        vpxor	%ymm14, %ymm4, %ymm4
+        vmovdqu	%ymm0, 96(%rcx)
+        vmovdqu	%ymm1, -32(%rdi)
+        vmovdqu	%ymm2, 128(%rdi)
+        vmovdqu	%ymm3, 32(%rax)
+        vmovdqu	%ymm4, -64(%rcx)
+        # Row 2
+        vpxor	128(%rax), %ymm6, %ymm10
+        vpxor	32(%rcx), %ymm7, %ymm11
+        vpxor	-96(%rdi), %ymm8, %ymm12
+        vpxor	64(%rdi), %ymm9, %ymm13
+        vpxor	-32(%rax), %ymm5, %ymm14
+        vpsrlq	$63, %ymm10, %ymm0
+        vpsrlq	$58, %ymm11, %ymm1
+        vpsrlq	$39, %ymm12, %ymm2
+        vpsrlq	$56, %ymm13, %ymm3
+        vpsrlq	$46, %ymm14, %ymm4
+        vpaddq	%ymm10, %ymm10, %ymm10
+        vpsllq	$6, %ymm11, %ymm11
+        vpsllq	$25, %ymm12, %ymm12
+        vpsllq	$8, %ymm13, %ymm13
+        vpsllq	$18, %ymm14, %ymm14
+        vpor	%ymm0, %ymm10, %ymm10
+        vpor	%ymm1, %ymm11, %ymm11
+        vpor	%ymm2, %ymm12, %ymm12
+        vpor	%ymm3, %ymm13, %ymm13
+        vpor	%ymm4, %ymm14, %ymm14
+        vpandn	%ymm12, %ymm11, %ymm0
+        vpandn	%ymm13, %ymm12, %ymm1
+        vpandn	%ymm14, %ymm13, %ymm2
+        vpandn	%ymm10, %ymm14, %ymm3
+        vpandn	%ymm11, %ymm10, %ymm4
+        vpxor	%ymm10, %ymm0, %ymm0
+        vpxor	%ymm11, %ymm1, %ymm1
+        vpxor	%ymm12, %ymm2, %ymm2
+        vpxor	%ymm13, %ymm3, %ymm3
+        vpxor	%ymm14, %ymm4, %ymm4
+        vmovdqu	%ymm0, 128(%rax)
+        vmovdqu	%ymm1, 32(%rcx)
+        vmovdqu	%ymm2, -96(%rdi)
+        vmovdqu	%ymm3, 64(%rdi)
+        vmovdqu	%ymm4, -32(%rax)
+        # Row 3
+        vpxor	64(%rax), %ymm9, %ymm10
+        vpxor	-32(%rcx), %ymm5, %ymm11
+        vpxor	128(%rcx), %ymm6, %ymm12
+        vpxor	(%rdi), %ymm7, %ymm13
+        vpxor	-96(%rax), %ymm8, %ymm14
+        vpsrlq	$37, %ymm10, %ymm0
+        vpsrlq	$28, %ymm11, %ymm1
+        vpsrlq	$54, %ymm12, %ymm2
+        vpsrlq	$49, %ymm13, %ymm3
+        vpsrlq	$8, %ymm14, %ymm4
+        vpsllq	$27, %ymm10, %ymm10
+        vpsllq	$36, %ymm11, %ymm11
+        vpsllq	$10, %ymm12, %ymm12
+        vpsllq	$15, %ymm13, %ymm13
+        vpsllq	$56, %ymm14, %ymm14
+        vpor	%ymm0, %ymm10, %ymm10
+        vpor	%ymm1, %ymm11, %ymm11
+        vpor	%ymm2, %ymm12, %ymm12
+        vpor	%ymm3, %ymm13, %ymm13
+        vpor	%ymm4, %ymm14, %ymm14
+        vpandn	%ymm12, %ymm11, %ymm0
+        vpandn	%ymm13, %ymm12, %ymm1
+        vpandn	%ymm14, %ymm13, %ymm2
+        vpandn	%ymm10, %ymm14, %ymm3
+        vpandn	%ymm11, %ymm10, %ymm4
+        vpxor	%ymm10, %ymm0, %ymm0
+        vpxor	%ymm11, %ymm1, %ymm1
+        vpxor	%ymm12, %ymm2, %ymm2
+        vpxor	%ymm13, %ymm3, %ymm3
+        vpxor	%ymm14, %ymm4, %ymm4
+        vmovdqu	%ymm0, 64(%rax)
+        vmovdqu	%ymm1, -32(%rcx)
+        vmovdqu	%ymm2, 128(%rcx)
+        vmovdqu	%ymm3, (%rdi)
+        vmovdqu	%ymm4, -96(%rax)
+        # Row 4
+        vpxor	96(%rdi), %ymm7, %ymm10
+        vpxor	(%rax), %ymm8, %ymm11
+        vpxor	-96(%rcx), %ymm9, %ymm12
+        vpxor	64(%rcx), %ymm5, %ymm13
+        vpxor	-64(%rdi), %ymm6, %ymm14
+        vpsrlq	$2, %ymm10, %ymm0
+        vpsrlq	$9, %ymm11, %ymm1
+        vpsrlq	$25, %ymm12, %ymm2
+        vpsrlq	$23, %ymm13, %ymm3
+        vpsrlq	$62, %ymm14, %ymm4
+        vpsllq	$62, %ymm10, %ymm10
+        vpsllq	$55, %ymm11, %ymm11
+        vpsllq	$39, %ymm12, %ymm12
+        vpsllq	$41, %ymm13, %ymm13
+        vpsllq	$2, %ymm14, %ymm14
+        vpor	%ymm0, %ymm10, %ymm10
+        vpor	%ymm1, %ymm11, %ymm11
+        vpor	%ymm2, %ymm12, %ymm12
+        vpor	%ymm3, %ymm13, %ymm13
+        vpor	%ymm4, %ymm14, %ymm14
+        vpandn	%ymm12, %ymm11, %ymm0
+        vpandn	%ymm13, %ymm12, %ymm1
+        vpandn	%ymm14, %ymm13, %ymm2
+        vpandn	%ymm10, %ymm14, %ymm3
+        vpandn	%ymm11, %ymm10, %ymm4
+        vpxor	%ymm10, %ymm0, %ymm0
+        vpxor	%ymm11, %ymm1, %ymm1
+        vpxor	%ymm12, %ymm2, %ymm2
+        vpxor	%ymm13, %ymm3, %ymm3
+        vpxor	%ymm14, %ymm4, %ymm4
+        vmovdqu	%ymm0, 96(%rdi)
+        vmovdqu	%ymm1, (%rax)
+        vmovdqu	%ymm2, -96(%rcx)
+        vmovdqu	%ymm3, 64(%rcx)
+        vmovdqu	%ymm4, -64(%rdi)
+        # Round 17
+        # Calc b[0..4]
+        vpxor	%ymm15, %ymm0, %ymm10
+        vpxor	-96(%rdi), %ymm2, %ymm12
+        vpxor	-32(%rdi), %ymm1, %ymm11
+        vpxor	(%rdi), %ymm3, %ymm13
+        vpxor	32(%rdi), %ymm11, %ymm11
+        vpxor	64(%rdi), %ymm13, %ymm13
+        vpxor	128(%rdi), %ymm12, %ymm12
+        vpxor	-96(%rax), %ymm4, %ymm14
+        vpxor	-64(%rax), %ymm12, %ymm12
+        vpxor	-32(%rax), %ymm14, %ymm14
+        vpxor	32(%rax), %ymm13, %ymm13
+        vpxor	64(%rax), %ymm10, %ymm10
+        vpxor	96(%rax), %ymm13, %ymm13
+        vpxor	128(%rax), %ymm10, %ymm10
+        vpxor	-64(%rcx), %ymm14, %ymm14
+        vpxor	-32(%rcx), %ymm11, %ymm11
+        vpxor	(%rcx), %ymm14, %ymm14
+        vpxor	32(%rcx), %ymm11, %ymm11
+        vpxor	96(%rcx), %ymm10, %ymm10
+        vpxor	128(%rcx), %ymm12, %ymm12
+        # Calc t[0..4]
+        vpsrlq	$63, %ymm11, %ymm0
+        vpsrlq	$63, %ymm12, %ymm1
+        vpsrlq	$63, %ymm13, %ymm2
+        vpsrlq	$63, %ymm14, %ymm3
+        vpsrlq	$63, %ymm10, %ymm4
+        vpaddq	%ymm11, %ymm11, %ymm5
+        vpaddq	%ymm12, %ymm12, %ymm6
+        vpaddq	%ymm13, %ymm13, %ymm7
+        vpaddq	%ymm14, %ymm14, %ymm8
+        vpaddq	%ymm10, %ymm10, %ymm9
+        vpor	%ymm0, %ymm5, %ymm5
+        vpor	%ymm1, %ymm6, %ymm6
+        vpor	%ymm2, %ymm7, %ymm7
+        vpor	%ymm3, %ymm8, %ymm8
+        vpor	%ymm4, %ymm9, %ymm9
+        vpxor	%ymm14, %ymm5, %ymm5
+        vpxor	%ymm10, %ymm6, %ymm6
+        vpxor	%ymm11, %ymm7, %ymm7
+        vpxor	%ymm12, %ymm8, %ymm8
+        vpxor	%ymm13, %ymm9, %ymm9
+        # Row Mix
+        # Row 0
+        vpxor	%ymm15, %ymm5, %ymm10
+        vpxor	-32(%rdi), %ymm6, %ymm11
+        vpxor	-96(%rdi), %ymm7, %ymm12
+        vpxor	(%rdi), %ymm8, %ymm13
+        vpxor	-64(%rdi), %ymm9, %ymm14
+        vpsrlq	$20, %ymm11, %ymm0
+        vpsrlq	$21, %ymm12, %ymm1
+        vpsrlq	$43, %ymm13, %ymm2
+        vpsrlq	$50, %ymm14, %ymm3
+        vpsllq	$44, %ymm11, %ymm11
+        vpsllq	$43, %ymm12, %ymm12
+        vpsllq	$21, %ymm13, %ymm13
+        vpsllq	$14, %ymm14, %ymm14
+        vpor	%ymm0, %ymm11, %ymm11
+        vpor	%ymm1, %ymm12, %ymm12
+        vpor	%ymm2, %ymm13, %ymm13
+        vpor	%ymm3, %ymm14, %ymm14
+        vpandn	%ymm12, %ymm11, %ymm15
+        vpandn	%ymm13, %ymm12, %ymm1
+        vpandn	%ymm14, %ymm13, %ymm2
+        vpandn	%ymm10, %ymm14, %ymm3
+        vpandn	%ymm11, %ymm10, %ymm4
+        vpxor	%ymm10, %ymm15, %ymm15
+        vpxor	%ymm11, %ymm1, %ymm1
+        vpxor	%ymm12, %ymm2, %ymm2
+        # XOR in constant
+        vpxor	544(%rdx), %ymm15, %ymm15
+        vpxor	%ymm13, %ymm3, %ymm3
+        vpxor	%ymm14, %ymm4, %ymm4
+        vmovdqu	%ymm1, -32(%rdi)
+        vmovdqu	%ymm2, -96(%rdi)
+        vmovdqu	%ymm3, (%rdi)
+        vmovdqu	%ymm4, -64(%rdi)
+        # Row 1
+        vpxor	96(%rax), %ymm8, %ymm10
+        vpxor	-64(%rcx), %ymm9, %ymm11
+        vpxor	128(%rax), %ymm5, %ymm12
+        vpxor	-32(%rcx), %ymm6, %ymm13
+        vpxor	-96(%rcx), %ymm7, %ymm14
+        vpsrlq	$36, %ymm10, %ymm0
+        vpsrlq	$44, %ymm11, %ymm1
+        vpsrlq	$61, %ymm12, %ymm2
+        vpsrlq	$19, %ymm13, %ymm3
+        vpsrlq	$3, %ymm14, %ymm4
+        vpsllq	$28, %ymm10, %ymm10
+        vpsllq	$20, %ymm11, %ymm11
+        vpsllq	$3, %ymm12, %ymm12
+        vpsllq	$45, %ymm13, %ymm13
+        vpsllq	$61, %ymm14, %ymm14
+        vpor	%ymm0, %ymm10, %ymm10
+        vpor	%ymm1, %ymm11, %ymm11
+        vpor	%ymm2, %ymm12, %ymm12
+        vpor	%ymm3, %ymm13, %ymm13
+        vpor	%ymm4, %ymm14, %ymm14
+        vpandn	%ymm12, %ymm11, %ymm0
+        vpandn	%ymm13, %ymm12, %ymm1
+        vpandn	%ymm14, %ymm13, %ymm2
+        vpandn	%ymm10, %ymm14, %ymm3
+        vpandn	%ymm11, %ymm10, %ymm4
+        vpxor	%ymm10, %ymm0, %ymm0
+        vpxor	%ymm11, %ymm1, %ymm1
+        vpxor	%ymm12, %ymm2, %ymm2
+        vpxor	%ymm13, %ymm3, %ymm3
+        vpxor	%ymm14, %ymm4, %ymm4
+        vmovdqu	%ymm0, 96(%rax)
+        vmovdqu	%ymm1, -64(%rcx)
+        vmovdqu	%ymm2, 128(%rax)
+        vmovdqu	%ymm3, -32(%rcx)
+        vmovdqu	%ymm4, -96(%rcx)
+        # Row 2
+        vpxor	32(%rdi), %ymm6, %ymm10
+        vpxor	128(%rdi), %ymm7, %ymm11
+        vpxor	64(%rdi), %ymm8, %ymm12
+        vpxor	-96(%rax), %ymm9, %ymm13
+        vpxor	96(%rdi), %ymm5, %ymm14
+        vpsrlq	$63, %ymm10, %ymm0
+        vpsrlq	$58, %ymm11, %ymm1
+        vpsrlq	$39, %ymm12, %ymm2
+        vpsrlq	$56, %ymm13, %ymm3
+        vpsrlq	$46, %ymm14, %ymm4
+        vpaddq	%ymm10, %ymm10, %ymm10
+        vpsllq	$6, %ymm11, %ymm11
+        vpsllq	$25, %ymm12, %ymm12
+        vpsllq	$8, %ymm13, %ymm13
+        vpsllq	$18, %ymm14, %ymm14
+        vpor	%ymm0, %ymm10, %ymm10
+        vpor	%ymm1, %ymm11, %ymm11
+        vpor	%ymm2, %ymm12, %ymm12
+        vpor	%ymm3, %ymm13, %ymm13
+        vpor	%ymm4, %ymm14, %ymm14
+        vpandn	%ymm12, %ymm11, %ymm0
+        vpandn	%ymm13, %ymm12, %ymm1
+        vpandn	%ymm14, %ymm13, %ymm2
+        vpandn	%ymm10, %ymm14, %ymm3
+        vpandn	%ymm11, %ymm10, %ymm4
+        vpxor	%ymm10, %ymm0, %ymm0
+        vpxor	%ymm11, %ymm1, %ymm1
+        vpxor	%ymm12, %ymm2, %ymm2
+        vpxor	%ymm13, %ymm3, %ymm3
+        vpxor	%ymm14, %ymm4, %ymm4
+        vmovdqu	%ymm0, 32(%rdi)
+        vmovdqu	%ymm1, 128(%rdi)
+        vmovdqu	%ymm2, 64(%rdi)
+        vmovdqu	%ymm3, -96(%rax)
+        vmovdqu	%ymm4, 96(%rdi)
+        # Row 3
+        vpxor	(%rcx), %ymm9, %ymm10
+        vpxor	96(%rcx), %ymm5, %ymm11
+        vpxor	32(%rcx), %ymm6, %ymm12
+        vpxor	128(%rcx), %ymm7, %ymm13
+        vpxor	64(%rcx), %ymm8, %ymm14
+        vpsrlq	$37, %ymm10, %ymm0
+        vpsrlq	$28, %ymm11, %ymm1
+        vpsrlq	$54, %ymm12, %ymm2
+        vpsrlq	$49, %ymm13, %ymm3
+        vpsrlq	$8, %ymm14, %ymm4
+        vpsllq	$27, %ymm10, %ymm10
+        vpsllq	$36, %ymm11, %ymm11
+        vpsllq	$10, %ymm12, %ymm12
+        vpsllq	$15, %ymm13, %ymm13
+        vpsllq	$56, %ymm14, %ymm14
+        vpor	%ymm0, %ymm10, %ymm10
+        vpor	%ymm1, %ymm11, %ymm11
+        vpor	%ymm2, %ymm12, %ymm12
+        vpor	%ymm3, %ymm13, %ymm13
+        vpor	%ymm4, %ymm14, %ymm14
+        vpandn	%ymm12, %ymm11, %ymm0
+        vpandn	%ymm13, %ymm12, %ymm1
+        vpandn	%ymm14, %ymm13, %ymm2
+        vpandn	%ymm10, %ymm14, %ymm3
+        vpandn	%ymm11, %ymm10, %ymm4
+        vpxor	%ymm10, %ymm0, %ymm0
+        vpxor	%ymm11, %ymm1, %ymm1
+        vpxor	%ymm12, %ymm2, %ymm2
+        vpxor	%ymm13, %ymm3, %ymm3
+        vpxor	%ymm14, %ymm4, %ymm4
+        vmovdqu	%ymm0, (%rcx)
+        vmovdqu	%ymm1, 96(%rcx)
+        vmovdqu	%ymm2, 32(%rcx)
+        vmovdqu	%ymm3, 128(%rcx)
+        vmovdqu	%ymm4, 64(%rcx)
+        # Row 4
+        vpxor	-64(%rax), %ymm7, %ymm10
+        vpxor	32(%rax), %ymm8, %ymm11
+        vpxor	-32(%rax), %ymm9, %ymm12
+        vpxor	64(%rax), %ymm5, %ymm13
+        vpxor	(%rax), %ymm6, %ymm14
+        vpsrlq	$2, %ymm10, %ymm0
+        vpsrlq	$9, %ymm11, %ymm1
+        vpsrlq	$25, %ymm12, %ymm2
+        vpsrlq	$23, %ymm13, %ymm3
+        vpsrlq	$62, %ymm14, %ymm4
+        vpsllq	$62, %ymm10, %ymm10
+        vpsllq	$55, %ymm11, %ymm11
+        vpsllq	$39, %ymm12, %ymm12
+        vpsllq	$41, %ymm13, %ymm13
+        vpsllq	$2, %ymm14, %ymm14
+        vpor	%ymm0, %ymm10, %ymm10
+        vpor	%ymm1, %ymm11, %ymm11
+        vpor	%ymm2, %ymm12, %ymm12
+        vpor	%ymm3, %ymm13, %ymm13
+        vpor	%ymm4, %ymm14, %ymm14
+        vpandn	%ymm12, %ymm11, %ymm0
+        vpandn	%ymm13, %ymm12, %ymm1
+        vpandn	%ymm14, %ymm13, %ymm2
+        vpandn	%ymm10, %ymm14, %ymm3
+        vpandn	%ymm11, %ymm10, %ymm4
+        vpxor	%ymm10, %ymm0, %ymm0
+        vpxor	%ymm11, %ymm1, %ymm1
+        vpxor	%ymm12, %ymm2, %ymm2
+        vpxor	%ymm13, %ymm3, %ymm3
+        vpxor	%ymm14, %ymm4, %ymm4
+        vmovdqu	%ymm0, -64(%rax)
+        vmovdqu	%ymm1, 32(%rax)
+        vmovdqu	%ymm2, -32(%rax)
+        vmovdqu	%ymm3, 64(%rax)
+        vmovdqu	%ymm4, (%rax)
+        # Round 18
+        # Calc b[0..4]
+        vpxor	%ymm15, %ymm0, %ymm10
+        vpxor	-96(%rdi), %ymm2, %ymm12
+        vpxor	-64(%rdi), %ymm4, %ymm14
+        vpxor	-32(%rdi), %ymm1, %ymm11
+        vpxor	(%rdi), %ymm3, %ymm13
+        vpxor	32(%rdi), %ymm10, %ymm10
+        vpxor	64(%rdi), %ymm12, %ymm12
+        vpxor	96(%rdi), %ymm14, %ymm14
+        vpxor	128(%rdi), %ymm11, %ymm11
+        vpxor	-96(%rax), %ymm13, %ymm13
+        vpxor	96(%rax), %ymm10, %ymm10
+        vpxor	128(%rax), %ymm12, %ymm12
+        vpxor	-96(%rcx), %ymm14, %ymm14
+        vpxor	-64(%rcx), %ymm11, %ymm11
+        vpxor	-32(%rcx), %ymm13, %ymm13
+        vpxor	(%rcx), %ymm10, %ymm10
+        vpxor	32(%rcx), %ymm12, %ymm12
+        vpxor	64(%rcx), %ymm14, %ymm14
+        vpxor	96(%rcx), %ymm11, %ymm11
+        vpxor	128(%rcx), %ymm13, %ymm13
+        # Calc t[0..4]
+        vpsrlq	$63, %ymm11, %ymm0
+        vpsrlq	$63, %ymm12, %ymm1
+        vpsrlq	$63, %ymm13, %ymm2
+        vpsrlq	$63, %ymm14, %ymm3
+        vpsrlq	$63, %ymm10, %ymm4
+        vpaddq	%ymm11, %ymm11, %ymm5
+        vpaddq	%ymm12, %ymm12, %ymm6
+        vpaddq	%ymm13, %ymm13, %ymm7
+        vpaddq	%ymm14, %ymm14, %ymm8
+        vpaddq	%ymm10, %ymm10, %ymm9
+        vpor	%ymm0, %ymm5, %ymm5
+        vpor	%ymm1, %ymm6, %ymm6
+        vpor	%ymm2, %ymm7, %ymm7
+        vpor	%ymm3, %ymm8, %ymm8
+        vpor	%ymm4, %ymm9, %ymm9
+        vpxor	%ymm14, %ymm5, %ymm5
+        vpxor	%ymm10, %ymm6, %ymm6
+        vpxor	%ymm11, %ymm7, %ymm7
+        vpxor	%ymm12, %ymm8, %ymm8
+        vpxor	%ymm13, %ymm9, %ymm9
+        # Row Mix
+        # Row 0
+        vpxor	%ymm15, %ymm5, %ymm10
+        vpxor	-64(%rcx), %ymm6, %ymm11
+        vpxor	64(%rdi), %ymm7, %ymm12
+        vpxor	128(%rcx), %ymm8, %ymm13
+        vpxor	(%rax), %ymm9, %ymm14
+        vpsrlq	$20, %ymm11, %ymm0
+        vpsrlq	$21, %ymm12, %ymm1
+        vpsrlq	$43, %ymm13, %ymm2
+        vpsrlq	$50, %ymm14, %ymm3
+        vpsllq	$44, %ymm11, %ymm11
+        vpsllq	$43, %ymm12, %ymm12
+        vpsllq	$21, %ymm13, %ymm13
+        vpsllq	$14, %ymm14, %ymm14
+        vpor	%ymm0, %ymm11, %ymm11
+        vpor	%ymm1, %ymm12, %ymm12
+        vpor	%ymm2, %ymm13, %ymm13
+        vpor	%ymm3, %ymm14, %ymm14
+        vpandn	%ymm12, %ymm11, %ymm15
+        vpandn	%ymm13, %ymm12, %ymm1
+        vpandn	%ymm14, %ymm13, %ymm2
+        vpandn	%ymm10, %ymm14, %ymm3
+        vpandn	%ymm11, %ymm10, %ymm4
+        vpxor	%ymm10, %ymm15, %ymm15
+        vpxor	%ymm11, %ymm1, %ymm1
+        vpxor	%ymm12, %ymm2, %ymm2
+        # XOR in constant
+        vpxor	576(%rdx), %ymm15, %ymm15
+        vpxor	%ymm13, %ymm3, %ymm3
+        vpxor	%ymm14, %ymm4, %ymm4
+        vmovdqu	%ymm1, -64(%rcx)
+        vmovdqu	%ymm2, 64(%rdi)
+        vmovdqu	%ymm3, 128(%rcx)
+        vmovdqu	%ymm4, (%rax)
+        # Row 1
+        vpxor	(%rdi), %ymm8, %ymm10
+        vpxor	-96(%rcx), %ymm9, %ymm11
+        vpxor	32(%rdi), %ymm5, %ymm12
+        vpxor	96(%rcx), %ymm6, %ymm13
+        vpxor	-32(%rax), %ymm7, %ymm14
+        vpsrlq	$36, %ymm10, %ymm0
+        vpsrlq	$44, %ymm11, %ymm1
+        vpsrlq	$61, %ymm12, %ymm2
+        vpsrlq	$19, %ymm13, %ymm3
+        vpsrlq	$3, %ymm14, %ymm4
+        vpsllq	$28, %ymm10, %ymm10
+        vpsllq	$20, %ymm11, %ymm11
+        vpsllq	$3, %ymm12, %ymm12
+        vpsllq	$45, %ymm13, %ymm13
+        vpsllq	$61, %ymm14, %ymm14
+        vpor	%ymm0, %ymm10, %ymm10
+        vpor	%ymm1, %ymm11, %ymm11
+        vpor	%ymm2, %ymm12, %ymm12
+        vpor	%ymm3, %ymm13, %ymm13
+        vpor	%ymm4, %ymm14, %ymm14
+        vpandn	%ymm12, %ymm11, %ymm0
+        vpandn	%ymm13, %ymm12, %ymm1
+        vpandn	%ymm14, %ymm13, %ymm2
+        vpandn	%ymm10, %ymm14, %ymm3
+        vpandn	%ymm11, %ymm10, %ymm4
+        vpxor	%ymm10, %ymm0, %ymm0
+        vpxor	%ymm11, %ymm1, %ymm1
+        vpxor	%ymm12, %ymm2, %ymm2
+        vpxor	%ymm13, %ymm3, %ymm3
+        vpxor	%ymm14, %ymm4, %ymm4
+        vmovdqu	%ymm0, (%rdi)
+        vmovdqu	%ymm1, -96(%rcx)
+        vmovdqu	%ymm2, 32(%rdi)
+        vmovdqu	%ymm3, 96(%rcx)
+        vmovdqu	%ymm4, -32(%rax)
+        # Row 2
+        vpxor	-32(%rdi), %ymm6, %ymm10
+        vpxor	128(%rax), %ymm7, %ymm11
+        vpxor	-96(%rax), %ymm8, %ymm12
+        vpxor	64(%rcx), %ymm9, %ymm13
+        vpxor	-64(%rax), %ymm5, %ymm14
+        vpsrlq	$63, %ymm10, %ymm0
+        vpsrlq	$58, %ymm11, %ymm1
+        vpsrlq	$39, %ymm12, %ymm2
+        vpsrlq	$56, %ymm13, %ymm3
+        vpsrlq	$46, %ymm14, %ymm4
+        vpaddq	%ymm10, %ymm10, %ymm10
+        vpsllq	$6, %ymm11, %ymm11
+        vpsllq	$25, %ymm12, %ymm12
+        vpsllq	$8, %ymm13, %ymm13
+        vpsllq	$18, %ymm14, %ymm14
+        vpor	%ymm0, %ymm10, %ymm10
+        vpor	%ymm1, %ymm11, %ymm11
+        vpor	%ymm2, %ymm12, %ymm12
+        vpor	%ymm3, %ymm13, %ymm13
+        vpor	%ymm4, %ymm14, %ymm14
+        vpandn	%ymm12, %ymm11, %ymm0
+        vpandn	%ymm13, %ymm12, %ymm1
+        vpandn	%ymm14, %ymm13, %ymm2
+        vpandn	%ymm10, %ymm14, %ymm3
+        vpandn	%ymm11, %ymm10, %ymm4
+        vpxor	%ymm10, %ymm0, %ymm0
+        vpxor	%ymm11, %ymm1, %ymm1
+        vpxor	%ymm12, %ymm2, %ymm2
+        vpxor	%ymm13, %ymm3, %ymm3
+        vpxor	%ymm14, %ymm4, %ymm4
+        vmovdqu	%ymm0, -32(%rdi)
+        vmovdqu	%ymm1, 128(%rax)
+        vmovdqu	%ymm2, -96(%rax)
+        vmovdqu	%ymm3, 64(%rcx)
+        vmovdqu	%ymm4, -64(%rax)
+        # Row 3
+        vpxor	-64(%rdi), %ymm9, %ymm10
+        vpxor	96(%rax), %ymm5, %ymm11
+        vpxor	128(%rdi), %ymm6, %ymm12
+        vpxor	32(%rcx), %ymm7, %ymm13
+        vpxor	64(%rax), %ymm8, %ymm14
+        vpsrlq	$37, %ymm10, %ymm0
+        vpsrlq	$28, %ymm11, %ymm1
+        vpsrlq	$54, %ymm12, %ymm2
+        vpsrlq	$49, %ymm13, %ymm3
+        vpsrlq	$8, %ymm14, %ymm4
+        vpsllq	$27, %ymm10, %ymm10
+        vpsllq	$36, %ymm11, %ymm11
+        vpsllq	$10, %ymm12, %ymm12
+        vpsllq	$15, %ymm13, %ymm13
+        vpsllq	$56, %ymm14, %ymm14
+        vpor	%ymm0, %ymm10, %ymm10
+        vpor	%ymm1, %ymm11, %ymm11
+        vpor	%ymm2, %ymm12, %ymm12
+        vpor	%ymm3, %ymm13, %ymm13
+        vpor	%ymm4, %ymm14, %ymm14
+        vpandn	%ymm12, %ymm11, %ymm0
+        vpandn	%ymm13, %ymm12, %ymm1
+        vpandn	%ymm14, %ymm13, %ymm2
+        vpandn	%ymm10, %ymm14, %ymm3
+        vpandn	%ymm11, %ymm10, %ymm4
+        vpxor	%ymm10, %ymm0, %ymm0
+        vpxor	%ymm11, %ymm1, %ymm1
+        vpxor	%ymm12, %ymm2, %ymm2
+        vpxor	%ymm13, %ymm3, %ymm3
+        vpxor	%ymm14, %ymm4, %ymm4
+        vmovdqu	%ymm0, -64(%rdi)
+        vmovdqu	%ymm1, 96(%rax)
+        vmovdqu	%ymm2, 128(%rdi)
+        vmovdqu	%ymm3, 32(%rcx)
+        vmovdqu	%ymm4, 64(%rax)
+        # Row 4
+        vpxor	-96(%rdi), %ymm7, %ymm10
+        vpxor	-32(%rcx), %ymm8, %ymm11
+        vpxor	96(%rdi), %ymm9, %ymm12
+        vpxor	(%rcx), %ymm5, %ymm13
+        vpxor	32(%rax), %ymm6, %ymm14
+        vpsrlq	$2, %ymm10, %ymm0
+        vpsrlq	$9, %ymm11, %ymm1
+        vpsrlq	$25, %ymm12, %ymm2
+        vpsrlq	$23, %ymm13, %ymm3
+        vpsrlq	$62, %ymm14, %ymm4
+        vpsllq	$62, %ymm10, %ymm10
+        vpsllq	$55, %ymm11, %ymm11
+        vpsllq	$39, %ymm12, %ymm12
+        vpsllq	$41, %ymm13, %ymm13
+        vpsllq	$2, %ymm14, %ymm14
+        vpor	%ymm0, %ymm10, %ymm10
+        vpor	%ymm1, %ymm11, %ymm11
+        vpor	%ymm2, %ymm12, %ymm12
+        vpor	%ymm3, %ymm13, %ymm13
+        vpor	%ymm4, %ymm14, %ymm14
+        vpandn	%ymm12, %ymm11, %ymm0
+        vpandn	%ymm13, %ymm12, %ymm1
+        vpandn	%ymm14, %ymm13, %ymm2
+        vpandn	%ymm10, %ymm14, %ymm3
+        vpandn	%ymm11, %ymm10, %ymm4
+        vpxor	%ymm10, %ymm0, %ymm0
+        vpxor	%ymm11, %ymm1, %ymm1
+        vpxor	%ymm12, %ymm2, %ymm2
+        vpxor	%ymm13, %ymm3, %ymm3
+        vpxor	%ymm14, %ymm4, %ymm4
+        vmovdqu	%ymm0, -96(%rdi)
+        vmovdqu	%ymm1, -32(%rcx)
+        vmovdqu	%ymm2, 96(%rdi)
+        vmovdqu	%ymm3, (%rcx)
+        vmovdqu	%ymm4, 32(%rax)
+        # Round 19
+        # Calc b[0..4]
+        vpxor	%ymm15, %ymm0, %ymm10
+        vpxor	-64(%rdi), %ymm10, %ymm10
+        vpxor	-32(%rdi), %ymm10, %ymm10
+        vpxor	(%rdi), %ymm10, %ymm10
+        vpxor	32(%rdi), %ymm2, %ymm12
+        vpxor	64(%rdi), %ymm12, %ymm12
+        vpxor	128(%rdi), %ymm12, %ymm12
+        vpxor	-96(%rax), %ymm12, %ymm12
+        vpxor	-64(%rax), %ymm4, %ymm14
+        vpxor	-32(%rax), %ymm14, %ymm14
+        vpxor	(%rax), %ymm14, %ymm14
+        vpxor	64(%rax), %ymm14, %ymm14
+        vpxor	96(%rax), %ymm1, %ymm11
+        vpxor	128(%rax), %ymm11, %ymm11
+        vpxor	-96(%rcx), %ymm11, %ymm11
+        vpxor	-64(%rcx), %ymm11, %ymm11
+        vpxor	32(%rcx), %ymm3, %ymm13
+        vpxor	64(%rcx), %ymm13, %ymm13
+        vpxor	96(%rcx), %ymm13, %ymm13
+        vpxor	128(%rcx), %ymm13, %ymm13
+        # Calc t[0..4]
+        vpsrlq	$63, %ymm11, %ymm0
+        vpsrlq	$63, %ymm12, %ymm1
+        vpsrlq	$63, %ymm13, %ymm2
+        vpsrlq	$63, %ymm14, %ymm3
+        vpsrlq	$63, %ymm10, %ymm4
+        vpaddq	%ymm11, %ymm11, %ymm5
+        vpaddq	%ymm12, %ymm12, %ymm6
+        vpaddq	%ymm13, %ymm13, %ymm7
+        vpaddq	%ymm14, %ymm14, %ymm8
+        vpaddq	%ymm10, %ymm10, %ymm9
+        vpor	%ymm0, %ymm5, %ymm5
+        vpor	%ymm1, %ymm6, %ymm6
+        vpor	%ymm2, %ymm7, %ymm7
+        vpor	%ymm3, %ymm8, %ymm8
+        vpor	%ymm4, %ymm9, %ymm9
+        vpxor	%ymm14, %ymm5, %ymm5
+        vpxor	%ymm10, %ymm6, %ymm6
+        vpxor	%ymm11, %ymm7, %ymm7
+        vpxor	%ymm12, %ymm8, %ymm8
+        vpxor	%ymm13, %ymm9, %ymm9
+        # Row Mix
+        # Row 0
+        vpxor	%ymm15, %ymm5, %ymm10
+        vpxor	-96(%rcx), %ymm6, %ymm11
+        vpxor	-96(%rax), %ymm7, %ymm12
+        vpxor	32(%rcx), %ymm8, %ymm13
+        vpxor	32(%rax), %ymm9, %ymm14
+        vpsrlq	$20, %ymm11, %ymm0
+        vpsrlq	$21, %ymm12, %ymm1
+        vpsrlq	$43, %ymm13, %ymm2
+        vpsrlq	$50, %ymm14, %ymm3
+        vpsllq	$44, %ymm11, %ymm11
+        vpsllq	$43, %ymm12, %ymm12
+        vpsllq	$21, %ymm13, %ymm13
+        vpsllq	$14, %ymm14, %ymm14
+        vpor	%ymm0, %ymm11, %ymm11
+        vpor	%ymm1, %ymm12, %ymm12
+        vpor	%ymm2, %ymm13, %ymm13
+        vpor	%ymm3, %ymm14, %ymm14
+        vpandn	%ymm12, %ymm11, %ymm15
+        vpandn	%ymm13, %ymm12, %ymm1
+        vpandn	%ymm14, %ymm13, %ymm2
+        vpandn	%ymm10, %ymm14, %ymm3
+        vpandn	%ymm11, %ymm10, %ymm4
+        vpxor	%ymm10, %ymm15, %ymm15
+        vpxor	%ymm11, %ymm1, %ymm1
+        vpxor	%ymm12, %ymm2, %ymm2
+        # XOR in constant
+        vpxor	608(%rdx), %ymm15, %ymm15
+        vpxor	%ymm13, %ymm3, %ymm3
+        vpxor	%ymm14, %ymm4, %ymm4
+        vmovdqu	%ymm1, -96(%rcx)
+        vmovdqu	%ymm2, -96(%rax)
+        vmovdqu	%ymm3, 32(%rcx)
+        vmovdqu	%ymm4, 32(%rax)
+        # Row 1
+        vpxor	128(%rcx), %ymm8, %ymm10
+        vpxor	-32(%rax), %ymm9, %ymm11
+        vpxor	-32(%rdi), %ymm5, %ymm12
+        vpxor	96(%rax), %ymm6, %ymm13
+        vpxor	96(%rdi), %ymm7, %ymm14
+        vpsrlq	$36, %ymm10, %ymm0
+        vpsrlq	$44, %ymm11, %ymm1
+        vpsrlq	$61, %ymm12, %ymm2
+        vpsrlq	$19, %ymm13, %ymm3
+        vpsrlq	$3, %ymm14, %ymm4
+        vpsllq	$28, %ymm10, %ymm10
+        vpsllq	$20, %ymm11, %ymm11
+        vpsllq	$3, %ymm12, %ymm12
+        vpsllq	$45, %ymm13, %ymm13
+        vpsllq	$61, %ymm14, %ymm14
+        vpor	%ymm0, %ymm10, %ymm10
+        vpor	%ymm1, %ymm11, %ymm11
+        vpor	%ymm2, %ymm12, %ymm12
+        vpor	%ymm3, %ymm13, %ymm13
+        vpor	%ymm4, %ymm14, %ymm14
+        vpandn	%ymm12, %ymm11, %ymm0
+        vpandn	%ymm13, %ymm12, %ymm1
+        vpandn	%ymm14, %ymm13, %ymm2
+        vpandn	%ymm10, %ymm14, %ymm3
+        vpandn	%ymm11, %ymm10, %ymm4
+        vpxor	%ymm10, %ymm0, %ymm0
+        vpxor	%ymm11, %ymm1, %ymm1
+        vpxor	%ymm12, %ymm2, %ymm2
+        vpxor	%ymm13, %ymm3, %ymm3
+        vpxor	%ymm14, %ymm4, %ymm4
+        vmovdqu	%ymm0, 128(%rcx)
+        vmovdqu	%ymm1, -32(%rax)
+        vmovdqu	%ymm2, -32(%rdi)
+        vmovdqu	%ymm3, 96(%rax)
+        vmovdqu	%ymm4, 96(%rdi)
+        # Row 2
+        vpxor	-64(%rcx), %ymm6, %ymm10
+        vpxor	32(%rdi), %ymm7, %ymm11
+        vpxor	64(%rcx), %ymm8, %ymm12
+        vpxor	64(%rax), %ymm9, %ymm13
+        vpxor	-96(%rdi), %ymm5, %ymm14
+        vpsrlq	$63, %ymm10, %ymm0
+        vpsrlq	$58, %ymm11, %ymm1
+        vpsrlq	$39, %ymm12, %ymm2
+        vpsrlq	$56, %ymm13, %ymm3
+        vpsrlq	$46, %ymm14, %ymm4
+        vpaddq	%ymm10, %ymm10, %ymm10
+        vpsllq	$6, %ymm11, %ymm11
+        vpsllq	$25, %ymm12, %ymm12
+        vpsllq	$8, %ymm13, %ymm13
+        vpsllq	$18, %ymm14, %ymm14
+        vpor	%ymm0, %ymm10, %ymm10
+        vpor	%ymm1, %ymm11, %ymm11
+        vpor	%ymm2, %ymm12, %ymm12
+        vpor	%ymm3, %ymm13, %ymm13
+        vpor	%ymm4, %ymm14, %ymm14
+        vpandn	%ymm12, %ymm11, %ymm0
+        vpandn	%ymm13, %ymm12, %ymm1
+        vpandn	%ymm14, %ymm13, %ymm2
+        vpandn	%ymm10, %ymm14, %ymm3
+        vpandn	%ymm11, %ymm10, %ymm4
+        vpxor	%ymm10, %ymm0, %ymm0
+        vpxor	%ymm11, %ymm1, %ymm1
+        vpxor	%ymm12, %ymm2, %ymm2
+        vpxor	%ymm13, %ymm3, %ymm3
+        vpxor	%ymm14, %ymm4, %ymm4
+        vmovdqu	%ymm0, -64(%rcx)
+        vmovdqu	%ymm1, 32(%rdi)
+        vmovdqu	%ymm2, 64(%rcx)
+        vmovdqu	%ymm3, 64(%rax)
+        vmovdqu	%ymm4, -96(%rdi)
+        # Row 3
+        vpxor	(%rax), %ymm9, %ymm10
+        vpxor	(%rdi), %ymm5, %ymm11
+        vpxor	128(%rax), %ymm6, %ymm12
+        vpxor	128(%rdi), %ymm7, %ymm13
+        vpxor	(%rcx), %ymm8, %ymm14
+        vpsrlq	$37, %ymm10, %ymm0
+        vpsrlq	$28, %ymm11, %ymm1
+        vpsrlq	$54, %ymm12, %ymm2
+        vpsrlq	$49, %ymm13, %ymm3
+        vpsrlq	$8, %ymm14, %ymm4
+        vpsllq	$27, %ymm10, %ymm10
+        vpsllq	$36, %ymm11, %ymm11
+        vpsllq	$10, %ymm12, %ymm12
+        vpsllq	$15, %ymm13, %ymm13
+        vpsllq	$56, %ymm14, %ymm14
+        vpor	%ymm0, %ymm10, %ymm10
+        vpor	%ymm1, %ymm11, %ymm11
+        vpor	%ymm2, %ymm12, %ymm12
+        vpor	%ymm3, %ymm13, %ymm13
+        vpor	%ymm4, %ymm14, %ymm14
+        vpandn	%ymm12, %ymm11, %ymm0
+        vpandn	%ymm13, %ymm12, %ymm1
+        vpandn	%ymm14, %ymm13, %ymm2
+        vpandn	%ymm10, %ymm14, %ymm3
+        vpandn	%ymm11, %ymm10, %ymm4
+        vpxor	%ymm10, %ymm0, %ymm0
+        vpxor	%ymm11, %ymm1, %ymm1
+        vpxor	%ymm12, %ymm2, %ymm2
+        vpxor	%ymm13, %ymm3, %ymm3
+        vpxor	%ymm14, %ymm4, %ymm4
+        vmovdqu	%ymm0, (%rax)
+        vmovdqu	%ymm1, (%rdi)
+        vmovdqu	%ymm2, 128(%rax)
+        vmovdqu	%ymm3, 128(%rdi)
+        vmovdqu	%ymm4, (%rcx)
+        # Row 4
+        vpxor	64(%rdi), %ymm7, %ymm10
+        vpxor	96(%rcx), %ymm8, %ymm11
+        vpxor	-64(%rax), %ymm9, %ymm12
+        vpxor	-64(%rdi), %ymm5, %ymm13
+        vpxor	-32(%rcx), %ymm6, %ymm14
+        vpsrlq	$2, %ymm10, %ymm0
+        vpsrlq	$9, %ymm11, %ymm1
+        vpsrlq	$25, %ymm12, %ymm2
+        vpsrlq	$23, %ymm13, %ymm3
+        vpsrlq	$62, %ymm14, %ymm4
+        vpsllq	$62, %ymm10, %ymm10
+        vpsllq	$55, %ymm11, %ymm11
+        vpsllq	$39, %ymm12, %ymm12
+        vpsllq	$41, %ymm13, %ymm13
+        vpsllq	$2, %ymm14, %ymm14
+        vpor	%ymm0, %ymm10, %ymm10
+        vpor	%ymm1, %ymm11, %ymm11
+        vpor	%ymm2, %ymm12, %ymm12
+        vpor	%ymm3, %ymm13, %ymm13
+        vpor	%ymm4, %ymm14, %ymm14
+        vpandn	%ymm12, %ymm11, %ymm0
+        vpandn	%ymm13, %ymm12, %ymm1
+        vpandn	%ymm14, %ymm13, %ymm2
+        vpandn	%ymm10, %ymm14, %ymm3
+        vpandn	%ymm11, %ymm10, %ymm4
+        vpxor	%ymm10, %ymm0, %ymm0
+        vpxor	%ymm11, %ymm1, %ymm1
+        vpxor	%ymm12, %ymm2, %ymm2
+        vpxor	%ymm13, %ymm3, %ymm3
+        vpxor	%ymm14, %ymm4, %ymm4
+        vmovdqu	%ymm0, 64(%rdi)
+        vmovdqu	%ymm1, 96(%rcx)
+        vmovdqu	%ymm2, -64(%rax)
+        vmovdqu	%ymm3, -64(%rdi)
+        vmovdqu	%ymm4, -32(%rcx)
+        # Round 20
+        # Calc b[0..4]
+        vpxor	%ymm15, %ymm0, %ymm10
+        vpxor	-96(%rdi), %ymm4, %ymm14
+        vpxor	-32(%rdi), %ymm2, %ymm12
+        vpxor	(%rdi), %ymm1, %ymm11
+        vpxor	32(%rdi), %ymm11, %ymm11
+        vpxor	96(%rdi), %ymm14, %ymm14
+        vpxor	128(%rdi), %ymm3, %ymm13
+        vpxor	-96(%rax), %ymm12, %ymm12
+        vpxor	-32(%rax), %ymm11, %ymm11
+        vpxor	(%rax), %ymm10, %ymm10
+        vpxor	32(%rax), %ymm14, %ymm14
+        vpxor	64(%rax), %ymm13, %ymm13
+        vpxor	96(%rax), %ymm13, %ymm13
+        vpxor	128(%rax), %ymm12, %ymm12
+        vpxor	-96(%rcx), %ymm11, %ymm11
+        vpxor	-64(%rcx), %ymm10, %ymm10
+        vpxor	(%rcx), %ymm14, %ymm14
+        vpxor	32(%rcx), %ymm13, %ymm13
+        vpxor	64(%rcx), %ymm12, %ymm12
+        vpxor	128(%rcx), %ymm10, %ymm10
+        # Calc t[0..4]
+        vpsrlq	$63, %ymm11, %ymm0
+        vpsrlq	$63, %ymm12, %ymm1
+        vpsrlq	$63, %ymm13, %ymm2
+        vpsrlq	$63, %ymm14, %ymm3
+        vpsrlq	$63, %ymm10, %ymm4
+        vpaddq	%ymm11, %ymm11, %ymm5
+        vpaddq	%ymm12, %ymm12, %ymm6
+        vpaddq	%ymm13, %ymm13, %ymm7
+        vpaddq	%ymm14, %ymm14, %ymm8
+        vpaddq	%ymm10, %ymm10, %ymm9
+        vpor	%ymm0, %ymm5, %ymm5
+        vpor	%ymm1, %ymm6, %ymm6
+        vpor	%ymm2, %ymm7, %ymm7
+        vpor	%ymm3, %ymm8, %ymm8
+        vpor	%ymm4, %ymm9, %ymm9
+        vpxor	%ymm14, %ymm5, %ymm5
+        vpxor	%ymm10, %ymm6, %ymm6
+        vpxor	%ymm11, %ymm7, %ymm7
+        vpxor	%ymm12, %ymm8, %ymm8
+        vpxor	%ymm13, %ymm9, %ymm9
+        # Row Mix
+        # Row 0
+        vpxor	%ymm15, %ymm5, %ymm10
+        vpxor	-32(%rax), %ymm6, %ymm11
+        vpxor	64(%rcx), %ymm7, %ymm12
+        vpxor	128(%rdi), %ymm8, %ymm13
+        vpxor	-32(%rcx), %ymm9, %ymm14
+        vpsrlq	$20, %ymm11, %ymm0
+        vpsrlq	$21, %ymm12, %ymm1
+        vpsrlq	$43, %ymm13, %ymm2
+        vpsrlq	$50, %ymm14, %ymm3
+        vpsllq	$44, %ymm11, %ymm11
+        vpsllq	$43, %ymm12, %ymm12
+        vpsllq	$21, %ymm13, %ymm13
+        vpsllq	$14, %ymm14, %ymm14
+        vpor	%ymm0, %ymm11, %ymm11
+        vpor	%ymm1, %ymm12, %ymm12
+        vpor	%ymm2, %ymm13, %ymm13
+        vpor	%ymm3, %ymm14, %ymm14
+        vpandn	%ymm12, %ymm11, %ymm15
+        vpandn	%ymm13, %ymm12, %ymm1
+        vpandn	%ymm14, %ymm13, %ymm2
+        vpandn	%ymm10, %ymm14, %ymm3
+        vpandn	%ymm11, %ymm10, %ymm4
+        vpxor	%ymm10, %ymm15, %ymm15
+        vpxor	%ymm11, %ymm1, %ymm1
+        vpxor	%ymm12, %ymm2, %ymm2
+        # XOR in constant
+        vpxor	640(%rdx), %ymm15, %ymm15
+        vpxor	%ymm13, %ymm3, %ymm3
+        vpxor	%ymm14, %ymm4, %ymm4
+        vmovdqu	%ymm1, -32(%rax)
+        vmovdqu	%ymm2, 64(%rcx)
+        vmovdqu	%ymm3, 128(%rdi)
+        vmovdqu	%ymm4, -32(%rcx)
+        # Row 1
+        vpxor	32(%rcx), %ymm8, %ymm10
+        vpxor	96(%rdi), %ymm9, %ymm11
+        vpxor	-64(%rcx), %ymm5, %ymm12
+        vpxor	(%rdi), %ymm6, %ymm13
+        vpxor	-64(%rax), %ymm7, %ymm14
+        vpsrlq	$36, %ymm10, %ymm0
+        vpsrlq	$44, %ymm11, %ymm1
+        vpsrlq	$61, %ymm12, %ymm2
+        vpsrlq	$19, %ymm13, %ymm3
+        vpsrlq	$3, %ymm14, %ymm4
+        vpsllq	$28, %ymm10, %ymm10
+        vpsllq	$20, %ymm11, %ymm11
+        vpsllq	$3, %ymm12, %ymm12
+        vpsllq	$45, %ymm13, %ymm13
+        vpsllq	$61, %ymm14, %ymm14
+        vpor	%ymm0, %ymm10, %ymm10
+        vpor	%ymm1, %ymm11, %ymm11
+        vpor	%ymm2, %ymm12, %ymm12
+        vpor	%ymm3, %ymm13, %ymm13
+        vpor	%ymm4, %ymm14, %ymm14
+        vpandn	%ymm12, %ymm11, %ymm0
+        vpandn	%ymm13, %ymm12, %ymm1
+        vpandn	%ymm14, %ymm13, %ymm2
+        vpandn	%ymm10, %ymm14, %ymm3
+        vpandn	%ymm11, %ymm10, %ymm4
+        vpxor	%ymm10, %ymm0, %ymm0
+        vpxor	%ymm11, %ymm1, %ymm1
+        vpxor	%ymm12, %ymm2, %ymm2
+        vpxor	%ymm13, %ymm3, %ymm3
+        vpxor	%ymm14, %ymm4, %ymm4
+        vmovdqu	%ymm0, 32(%rcx)
+        vmovdqu	%ymm1, 96(%rdi)
+        vmovdqu	%ymm2, -64(%rcx)
+        vmovdqu	%ymm3, (%rdi)
+        vmovdqu	%ymm4, -64(%rax)
+        # Row 2
+        vpxor	-96(%rcx), %ymm6, %ymm10
+        vpxor	-32(%rdi), %ymm7, %ymm11
+        vpxor	64(%rax), %ymm8, %ymm12
+        vpxor	(%rcx), %ymm9, %ymm13
+        vpxor	64(%rdi), %ymm5, %ymm14
+        vpsrlq	$63, %ymm10, %ymm0
+        vpsrlq	$58, %ymm11, %ymm1
+        vpsrlq	$39, %ymm12, %ymm2
+        vpsrlq	$56, %ymm13, %ymm3
+        vpsrlq	$46, %ymm14, %ymm4
+        vpaddq	%ymm10, %ymm10, %ymm10
+        vpsllq	$6, %ymm11, %ymm11
+        vpsllq	$25, %ymm12, %ymm12
+        vpsllq	$8, %ymm13, %ymm13
+        vpsllq	$18, %ymm14, %ymm14
+        vpor	%ymm0, %ymm10, %ymm10
+        vpor	%ymm1, %ymm11, %ymm11
+        vpor	%ymm2, %ymm12, %ymm12
+        vpor	%ymm3, %ymm13, %ymm13
+        vpor	%ymm4, %ymm14, %ymm14
+        vpandn	%ymm12, %ymm11, %ymm0
+        vpandn	%ymm13, %ymm12, %ymm1
+        vpandn	%ymm14, %ymm13, %ymm2
+        vpandn	%ymm10, %ymm14, %ymm3
+        vpandn	%ymm11, %ymm10, %ymm4
+        vpxor	%ymm10, %ymm0, %ymm0
+        vpxor	%ymm11, %ymm1, %ymm1
+        vpxor	%ymm12, %ymm2, %ymm2
+        vpxor	%ymm13, %ymm3, %ymm3
+        vpxor	%ymm14, %ymm4, %ymm4
+        vmovdqu	%ymm0, -96(%rcx)
+        vmovdqu	%ymm1, -32(%rdi)
+        vmovdqu	%ymm2, 64(%rax)
+        vmovdqu	%ymm3, (%rcx)
+        vmovdqu	%ymm4, 64(%rdi)
+        # Row 3
+        vpxor	32(%rax), %ymm9, %ymm10
+        vpxor	128(%rcx), %ymm5, %ymm11
+        vpxor	32(%rdi), %ymm6, %ymm12
+        vpxor	128(%rax), %ymm7, %ymm13
+        vpxor	-64(%rdi), %ymm8, %ymm14
+        vpsrlq	$37, %ymm10, %ymm0
+        vpsrlq	$28, %ymm11, %ymm1
+        vpsrlq	$54, %ymm12, %ymm2
+        vpsrlq	$49, %ymm13, %ymm3
+        vpsrlq	$8, %ymm14, %ymm4
+        vpsllq	$27, %ymm10, %ymm10
+        vpsllq	$36, %ymm11, %ymm11
+        vpsllq	$10, %ymm12, %ymm12
+        vpsllq	$15, %ymm13, %ymm13
+        vpsllq	$56, %ymm14, %ymm14
+        vpor	%ymm0, %ymm10, %ymm10
+        vpor	%ymm1, %ymm11, %ymm11
+        vpor	%ymm2, %ymm12, %ymm12
+        vpor	%ymm3, %ymm13, %ymm13
+        vpor	%ymm4, %ymm14, %ymm14
+        vpandn	%ymm12, %ymm11, %ymm0
+        vpandn	%ymm13, %ymm12, %ymm1
+        vpandn	%ymm14, %ymm13, %ymm2
+        vpandn	%ymm10, %ymm14, %ymm3
+        vpandn	%ymm11, %ymm10, %ymm4
+        vpxor	%ymm10, %ymm0, %ymm0
+        vpxor	%ymm11, %ymm1, %ymm1
+        vpxor	%ymm12, %ymm2, %ymm2
+        vpxor	%ymm13, %ymm3, %ymm3
+        vpxor	%ymm14, %ymm4, %ymm4
+        vmovdqu	%ymm0, 32(%rax)
+        vmovdqu	%ymm1, 128(%rcx)
+        vmovdqu	%ymm2, 32(%rdi)
+        vmovdqu	%ymm3, 128(%rax)
+        vmovdqu	%ymm4, -64(%rdi)
+        # Row 4
+        vpxor	-96(%rax), %ymm7, %ymm10
+        vpxor	96(%rax), %ymm8, %ymm11
+        vpxor	-96(%rdi), %ymm9, %ymm12
+        vpxor	(%rax), %ymm5, %ymm13
+        vpxor	96(%rcx), %ymm6, %ymm14
+        vpsrlq	$2, %ymm10, %ymm0
+        vpsrlq	$9, %ymm11, %ymm1
+        vpsrlq	$25, %ymm12, %ymm2
+        vpsrlq	$23, %ymm13, %ymm3
+        vpsrlq	$62, %ymm14, %ymm4
+        vpsllq	$62, %ymm10, %ymm10
+        vpsllq	$55, %ymm11, %ymm11
+        vpsllq	$39, %ymm12, %ymm12
+        vpsllq	$41, %ymm13, %ymm13
+        vpsllq	$2, %ymm14, %ymm14
+        vpor	%ymm0, %ymm10, %ymm10
+        vpor	%ymm1, %ymm11, %ymm11
+        vpor	%ymm2, %ymm12, %ymm12
+        vpor	%ymm3, %ymm13, %ymm13
+        vpor	%ymm4, %ymm14, %ymm14
+        vpandn	%ymm12, %ymm11, %ymm0
+        vpandn	%ymm13, %ymm12, %ymm1
+        vpandn	%ymm14, %ymm13, %ymm2
+        vpandn	%ymm10, %ymm14, %ymm3
+        vpandn	%ymm11, %ymm10, %ymm4
+        vpxor	%ymm10, %ymm0, %ymm0
+        vpxor	%ymm11, %ymm1, %ymm1
+        vpxor	%ymm12, %ymm2, %ymm2
+        vpxor	%ymm13, %ymm3, %ymm3
+        vpxor	%ymm14, %ymm4, %ymm4
+        vmovdqu	%ymm0, -96(%rax)
+        vmovdqu	%ymm1, 96(%rax)
+        vmovdqu	%ymm2, -96(%rdi)
+        vmovdqu	%ymm3, (%rax)
+        vmovdqu	%ymm4, 96(%rcx)
+        # Round 21
+        # Calc b[0..4]
+        vpxor	%ymm15, %ymm0, %ymm10
+        vpxor	-64(%rdi), %ymm4, %ymm14
+        vpxor	-32(%rdi), %ymm1, %ymm11
+        vpxor	(%rdi), %ymm3, %ymm13
+        vpxor	32(%rdi), %ymm2, %ymm12
+        vpxor	64(%rdi), %ymm14, %ymm14
+        vpxor	96(%rdi), %ymm11, %ymm11
+        vpxor	128(%rdi), %ymm13, %ymm13
+        vpxor	-64(%rax), %ymm14, %ymm14
+        vpxor	-32(%rax), %ymm11, %ymm11
+        vpxor	32(%rax), %ymm10, %ymm10
+        vpxor	64(%rax), %ymm12, %ymm12
+        vpxor	128(%rax), %ymm13, %ymm13
+        vpxor	-96(%rcx), %ymm10, %ymm10
+        vpxor	-64(%rcx), %ymm12, %ymm12
+        vpxor	-32(%rcx), %ymm14, %ymm14
+        vpxor	(%rcx), %ymm13, %ymm13
+        vpxor	32(%rcx), %ymm10, %ymm10
+        vpxor	64(%rcx), %ymm12, %ymm12
+        vpxor	128(%rcx), %ymm11, %ymm11
+        # Calc t[0..4]
+        vpsrlq	$63, %ymm11, %ymm0
+        vpsrlq	$63, %ymm12, %ymm1
+        vpsrlq	$63, %ymm13, %ymm2
+        vpsrlq	$63, %ymm14, %ymm3
+        vpsrlq	$63, %ymm10, %ymm4
+        vpaddq	%ymm11, %ymm11, %ymm5
+        vpaddq	%ymm12, %ymm12, %ymm6
+        vpaddq	%ymm13, %ymm13, %ymm7
+        vpaddq	%ymm14, %ymm14, %ymm8
+        vpaddq	%ymm10, %ymm10, %ymm9
+        vpor	%ymm0, %ymm5, %ymm5
+        vpor	%ymm1, %ymm6, %ymm6
+        vpor	%ymm2, %ymm7, %ymm7
+        vpor	%ymm3, %ymm8, %ymm8
+        vpor	%ymm4, %ymm9, %ymm9
+        vpxor	%ymm14, %ymm5, %ymm5
+        vpxor	%ymm10, %ymm6, %ymm6
+        vpxor	%ymm11, %ymm7, %ymm7
+        vpxor	%ymm12, %ymm8, %ymm8
+        vpxor	%ymm13, %ymm9, %ymm9
+        # Row Mix
+        # Row 0
+        vpxor	%ymm15, %ymm5, %ymm10
+        vpxor	96(%rdi), %ymm6, %ymm11
+        vpxor	64(%rax), %ymm7, %ymm12
+        vpxor	128(%rax), %ymm8, %ymm13
+        vpxor	96(%rcx), %ymm9, %ymm14
+        vpsrlq	$20, %ymm11, %ymm0
+        vpsrlq	$21, %ymm12, %ymm1
+        vpsrlq	$43, %ymm13, %ymm2
+        vpsrlq	$50, %ymm14, %ymm3
+        vpsllq	$44, %ymm11, %ymm11
+        vpsllq	$43, %ymm12, %ymm12
+        vpsllq	$21, %ymm13, %ymm13
+        vpsllq	$14, %ymm14, %ymm14
+        vpor	%ymm0, %ymm11, %ymm11
+        vpor	%ymm1, %ymm12, %ymm12
+        vpor	%ymm2, %ymm13, %ymm13
+        vpor	%ymm3, %ymm14, %ymm14
+        vpandn	%ymm12, %ymm11, %ymm15
+        vpandn	%ymm13, %ymm12, %ymm1
+        vpandn	%ymm14, %ymm13, %ymm2
+        vpandn	%ymm10, %ymm14, %ymm3
+        vpandn	%ymm11, %ymm10, %ymm4
+        vpxor	%ymm10, %ymm15, %ymm15
+        vpxor	%ymm11, %ymm1, %ymm1
+        vpxor	%ymm12, %ymm2, %ymm2
+        # XOR in constant
+        vpxor	672(%rdx), %ymm15, %ymm15
+        vpxor	%ymm13, %ymm3, %ymm3
+        vpxor	%ymm14, %ymm4, %ymm4
+        vmovdqu	%ymm1, 96(%rdi)
+        vmovdqu	%ymm2, 64(%rax)
+        vmovdqu	%ymm3, 128(%rax)
+        vmovdqu	%ymm4, 96(%rcx)
+        # Row 1
+        vpxor	128(%rdi), %ymm8, %ymm10
+        vpxor	-64(%rax), %ymm9, %ymm11
+        vpxor	-96(%rcx), %ymm5, %ymm12
+        vpxor	128(%rcx), %ymm6, %ymm13
+        vpxor	-96(%rdi), %ymm7, %ymm14
+        vpsrlq	$36, %ymm10, %ymm0
+        vpsrlq	$44, %ymm11, %ymm1
+        vpsrlq	$61, %ymm12, %ymm2
+        vpsrlq	$19, %ymm13, %ymm3
+        vpsrlq	$3, %ymm14, %ymm4
+        vpsllq	$28, %ymm10, %ymm10
+        vpsllq	$20, %ymm11, %ymm11
+        vpsllq	$3, %ymm12, %ymm12
+        vpsllq	$45, %ymm13, %ymm13
+        vpsllq	$61, %ymm14, %ymm14
+        vpor	%ymm0, %ymm10, %ymm10
+        vpor	%ymm1, %ymm11, %ymm11
+        vpor	%ymm2, %ymm12, %ymm12
+        vpor	%ymm3, %ymm13, %ymm13
+        vpor	%ymm4, %ymm14, %ymm14
+        vpandn	%ymm12, %ymm11, %ymm0
+        vpandn	%ymm13, %ymm12, %ymm1
+        vpandn	%ymm14, %ymm13, %ymm2
+        vpandn	%ymm10, %ymm14, %ymm3
+        vpandn	%ymm11, %ymm10, %ymm4
+        vpxor	%ymm10, %ymm0, %ymm0
+        vpxor	%ymm11, %ymm1, %ymm1
+        vpxor	%ymm12, %ymm2, %ymm2
+        vpxor	%ymm13, %ymm3, %ymm3
+        vpxor	%ymm14, %ymm4, %ymm4
+        vmovdqu	%ymm0, 128(%rdi)
+        vmovdqu	%ymm1, -64(%rax)
+        vmovdqu	%ymm2, -96(%rcx)
+        vmovdqu	%ymm3, 128(%rcx)
+        vmovdqu	%ymm4, -96(%rdi)
+        # Row 2
+        vpxor	-32(%rax), %ymm6, %ymm10
+        vpxor	-64(%rcx), %ymm7, %ymm11
+        vpxor	(%rcx), %ymm8, %ymm12
+        vpxor	-64(%rdi), %ymm9, %ymm13
+        vpxor	-96(%rax), %ymm5, %ymm14
+        vpsrlq	$63, %ymm10, %ymm0
+        vpsrlq	$58, %ymm11, %ymm1
+        vpsrlq	$39, %ymm12, %ymm2
+        vpsrlq	$56, %ymm13, %ymm3
+        vpsrlq	$46, %ymm14, %ymm4
+        vpaddq	%ymm10, %ymm10, %ymm10
+        vpsllq	$6, %ymm11, %ymm11
+        vpsllq	$25, %ymm12, %ymm12
+        vpsllq	$8, %ymm13, %ymm13
+        vpsllq	$18, %ymm14, %ymm14
+        vpor	%ymm0, %ymm10, %ymm10
+        vpor	%ymm1, %ymm11, %ymm11
+        vpor	%ymm2, %ymm12, %ymm12
+        vpor	%ymm3, %ymm13, %ymm13
+        vpor	%ymm4, %ymm14, %ymm14
+        vpandn	%ymm12, %ymm11, %ymm0
+        vpandn	%ymm13, %ymm12, %ymm1
+        vpandn	%ymm14, %ymm13, %ymm2
+        vpandn	%ymm10, %ymm14, %ymm3
+        vpandn	%ymm11, %ymm10, %ymm4
+        vpxor	%ymm10, %ymm0, %ymm0
+        vpxor	%ymm11, %ymm1, %ymm1
+        vpxor	%ymm12, %ymm2, %ymm2
+        vpxor	%ymm13, %ymm3, %ymm3
+        vpxor	%ymm14, %ymm4, %ymm4
+        vmovdqu	%ymm0, -32(%rax)
+        vmovdqu	%ymm1, -64(%rcx)
+        vmovdqu	%ymm2, (%rcx)
+        vmovdqu	%ymm3, -64(%rdi)
+        vmovdqu	%ymm4, -96(%rax)
+        # Row 3
+        vpxor	-32(%rcx), %ymm9, %ymm10
+        vpxor	32(%rcx), %ymm5, %ymm11
+        vpxor	-32(%rdi), %ymm6, %ymm12
+        vpxor	32(%rdi), %ymm7, %ymm13
+        vpxor	(%rax), %ymm8, %ymm14
+        vpsrlq	$37, %ymm10, %ymm0
+        vpsrlq	$28, %ymm11, %ymm1
+        vpsrlq	$54, %ymm12, %ymm2
+        vpsrlq	$49, %ymm13, %ymm3
+        vpsrlq	$8, %ymm14, %ymm4
+        vpsllq	$27, %ymm10, %ymm10
+        vpsllq	$36, %ymm11, %ymm11
+        vpsllq	$10, %ymm12, %ymm12
+        vpsllq	$15, %ymm13, %ymm13
+        vpsllq	$56, %ymm14, %ymm14
+        vpor	%ymm0, %ymm10, %ymm10
+        vpor	%ymm1, %ymm11, %ymm11
+        vpor	%ymm2, %ymm12, %ymm12
+        vpor	%ymm3, %ymm13, %ymm13
+        vpor	%ymm4, %ymm14, %ymm14
+        vpandn	%ymm12, %ymm11, %ymm0
+        vpandn	%ymm13, %ymm12, %ymm1
+        vpandn	%ymm14, %ymm13, %ymm2
+        vpandn	%ymm10, %ymm14, %ymm3
+        vpandn	%ymm11, %ymm10, %ymm4
+        vpxor	%ymm10, %ymm0, %ymm0
+        vpxor	%ymm11, %ymm1, %ymm1
+        vpxor	%ymm12, %ymm2, %ymm2
+        vpxor	%ymm13, %ymm3, %ymm3
+        vpxor	%ymm14, %ymm4, %ymm4
+        vmovdqu	%ymm0, -32(%rcx)
+        vmovdqu	%ymm1, 32(%rcx)
+        vmovdqu	%ymm2, -32(%rdi)
+        vmovdqu	%ymm3, 32(%rdi)
+        vmovdqu	%ymm4, (%rax)
+        # Row 4
+        vpxor	64(%rcx), %ymm7, %ymm10
+        vpxor	(%rdi), %ymm8, %ymm11
+        vpxor	64(%rdi), %ymm9, %ymm12
+        vpxor	32(%rax), %ymm5, %ymm13
+        vpxor	96(%rax), %ymm6, %ymm14
+        vpsrlq	$2, %ymm10, %ymm0
+        vpsrlq	$9, %ymm11, %ymm1
+        vpsrlq	$25, %ymm12, %ymm2
+        vpsrlq	$23, %ymm13, %ymm3
+        vpsrlq	$62, %ymm14, %ymm4
+        vpsllq	$62, %ymm10, %ymm10
+        vpsllq	$55, %ymm11, %ymm11
+        vpsllq	$39, %ymm12, %ymm12
+        vpsllq	$41, %ymm13, %ymm13
+        vpsllq	$2, %ymm14, %ymm14
+        vpor	%ymm0, %ymm10, %ymm10
+        vpor	%ymm1, %ymm11, %ymm11
+        vpor	%ymm2, %ymm12, %ymm12
+        vpor	%ymm3, %ymm13, %ymm13
+        vpor	%ymm4, %ymm14, %ymm14
+        vpandn	%ymm12, %ymm11, %ymm0
+        vpandn	%ymm13, %ymm12, %ymm1
+        vpandn	%ymm14, %ymm13, %ymm2
+        vpandn	%ymm10, %ymm14, %ymm3
+        vpandn	%ymm11, %ymm10, %ymm4
+        vpxor	%ymm10, %ymm0, %ymm0
+        vpxor	%ymm11, %ymm1, %ymm1
+        vpxor	%ymm12, %ymm2, %ymm2
+        vpxor	%ymm13, %ymm3, %ymm3
+        vpxor	%ymm14, %ymm4, %ymm4
+        vmovdqu	%ymm0, 64(%rcx)
+        vmovdqu	%ymm1, (%rdi)
+        vmovdqu	%ymm2, 64(%rdi)
+        vmovdqu	%ymm3, 32(%rax)
+        vmovdqu	%ymm4, 96(%rax)
+        # Round 22
+        # Calc b[0..4]
+        vpxor	%ymm15, %ymm0, %ymm10
+        vpxor	-96(%rdi), %ymm4, %ymm14
+        vpxor	-64(%rdi), %ymm3, %ymm13
+        vpxor	-32(%rdi), %ymm2, %ymm12
+        vpxor	32(%rdi), %ymm13, %ymm13
+        vpxor	96(%rdi), %ymm1, %ymm11
+        vpxor	128(%rdi), %ymm10, %ymm10
+        vpxor	-96(%rax), %ymm14, %ymm14
+        vpxor	-64(%rax), %ymm11, %ymm11
+        vpxor	-32(%rax), %ymm10, %ymm10
+        vpxor	(%rax), %ymm14, %ymm14
+        vpxor	64(%rax), %ymm12, %ymm12
+        vpxor	128(%rax), %ymm13, %ymm13
+        vpxor	-96(%rcx), %ymm12, %ymm12
+        vpxor	-64(%rcx), %ymm11, %ymm11
+        vpxor	-32(%rcx), %ymm10, %ymm10
+        vpxor	(%rcx), %ymm12, %ymm12
+        vpxor	32(%rcx), %ymm11, %ymm11
+        vpxor	96(%rcx), %ymm14, %ymm14
+        vpxor	128(%rcx), %ymm13, %ymm13
+        # Calc t[0..4]
+        vpsrlq	$63, %ymm11, %ymm0
+        vpsrlq	$63, %ymm12, %ymm1
+        vpsrlq	$63, %ymm13, %ymm2
+        vpsrlq	$63, %ymm14, %ymm3
+        vpsrlq	$63, %ymm10, %ymm4
+        vpaddq	%ymm11, %ymm11, %ymm5
+        vpaddq	%ymm12, %ymm12, %ymm6
+        vpaddq	%ymm13, %ymm13, %ymm7
+        vpaddq	%ymm14, %ymm14, %ymm8
+        vpaddq	%ymm10, %ymm10, %ymm9
+        vpor	%ymm0, %ymm5, %ymm5
+        vpor	%ymm1, %ymm6, %ymm6
+        vpor	%ymm2, %ymm7, %ymm7
+        vpor	%ymm3, %ymm8, %ymm8
+        vpor	%ymm4, %ymm9, %ymm9
+        vpxor	%ymm14, %ymm5, %ymm5
+        vpxor	%ymm10, %ymm6, %ymm6
+        vpxor	%ymm11, %ymm7, %ymm7
+        vpxor	%ymm12, %ymm8, %ymm8
+        vpxor	%ymm13, %ymm9, %ymm9
+        # Row Mix
+        # Row 0
+        vpxor	%ymm15, %ymm5, %ymm10
+        vpxor	-64(%rax), %ymm6, %ymm11
+        vpxor	(%rcx), %ymm7, %ymm12
+        vpxor	32(%rdi), %ymm8, %ymm13
+        vpxor	96(%rax), %ymm9, %ymm14
+        vpsrlq	$20, %ymm11, %ymm0
+        vpsrlq	$21, %ymm12, %ymm1
+        vpsrlq	$43, %ymm13, %ymm2
+        vpsrlq	$50, %ymm14, %ymm3
+        vpsllq	$44, %ymm11, %ymm11
+        vpsllq	$43, %ymm12, %ymm12
+        vpsllq	$21, %ymm13, %ymm13
+        vpsllq	$14, %ymm14, %ymm14
+        vpor	%ymm0, %ymm11, %ymm11
+        vpor	%ymm1, %ymm12, %ymm12
+        vpor	%ymm2, %ymm13, %ymm13
+        vpor	%ymm3, %ymm14, %ymm14
+        vpandn	%ymm12, %ymm11, %ymm15
+        vpandn	%ymm13, %ymm12, %ymm1
+        vpandn	%ymm14, %ymm13, %ymm2
+        vpandn	%ymm10, %ymm14, %ymm3
+        vpandn	%ymm11, %ymm10, %ymm4
+        vpxor	%ymm10, %ymm15, %ymm15
+        vpxor	%ymm11, %ymm1, %ymm1
+        vpxor	%ymm12, %ymm2, %ymm2
+        # XOR in constant
+        vpxor	704(%rdx), %ymm15, %ymm15
+        vpxor	%ymm13, %ymm3, %ymm3
+        vpxor	%ymm14, %ymm4, %ymm4
+        vmovdqu	%ymm1, -64(%rax)
+        vmovdqu	%ymm2, (%rcx)
+        vmovdqu	%ymm3, 32(%rdi)
+        vmovdqu	%ymm4, 96(%rax)
+        # Row 1
+        vpxor	128(%rax), %ymm8, %ymm10
+        vpxor	-96(%rdi), %ymm9, %ymm11
+        vpxor	-32(%rax), %ymm5, %ymm12
+        vpxor	32(%rcx), %ymm6, %ymm13
+        vpxor	64(%rdi), %ymm7, %ymm14
+        vpsrlq	$36, %ymm10, %ymm0
+        vpsrlq	$44, %ymm11, %ymm1
+        vpsrlq	$61, %ymm12, %ymm2
+        vpsrlq	$19, %ymm13, %ymm3
+        vpsrlq	$3, %ymm14, %ymm4
+        vpsllq	$28, %ymm10, %ymm10
+        vpsllq	$20, %ymm11, %ymm11
+        vpsllq	$3, %ymm12, %ymm12
+        vpsllq	$45, %ymm13, %ymm13
+        vpsllq	$61, %ymm14, %ymm14
+        vpor	%ymm0, %ymm10, %ymm10
+        vpor	%ymm1, %ymm11, %ymm11
+        vpor	%ymm2, %ymm12, %ymm12
+        vpor	%ymm3, %ymm13, %ymm13
+        vpor	%ymm4, %ymm14, %ymm14
+        vpandn	%ymm12, %ymm11, %ymm0
+        vpandn	%ymm13, %ymm12, %ymm1
+        vpandn	%ymm14, %ymm13, %ymm2
+        vpandn	%ymm10, %ymm14, %ymm3
+        vpandn	%ymm11, %ymm10, %ymm4
+        vpxor	%ymm10, %ymm0, %ymm0
+        vpxor	%ymm11, %ymm1, %ymm1
+        vpxor	%ymm12, %ymm2, %ymm2
+        vpxor	%ymm13, %ymm3, %ymm3
+        vpxor	%ymm14, %ymm4, %ymm4
+        vmovdqu	%ymm0, 128(%rax)
+        vmovdqu	%ymm1, -96(%rdi)
+        vmovdqu	%ymm2, -32(%rax)
+        vmovdqu	%ymm3, 32(%rcx)
+        vmovdqu	%ymm4, 64(%rdi)
+        # Row 2
+        vpxor	96(%rdi), %ymm6, %ymm10
+        vpxor	-96(%rcx), %ymm7, %ymm11
+        vpxor	-64(%rdi), %ymm8, %ymm12
+        vpxor	(%rax), %ymm9, %ymm13
+        vpxor	64(%rcx), %ymm5, %ymm14
+        vpsrlq	$63, %ymm10, %ymm0
+        vpsrlq	$58, %ymm11, %ymm1
+        vpsrlq	$39, %ymm12, %ymm2
+        vpsrlq	$56, %ymm13, %ymm3
+        vpsrlq	$46, %ymm14, %ymm4
+        vpaddq	%ymm10, %ymm10, %ymm10
+        vpsllq	$6, %ymm11, %ymm11
+        vpsllq	$25, %ymm12, %ymm12
+        vpsllq	$8, %ymm13, %ymm13
+        vpsllq	$18, %ymm14, %ymm14
+        vpor	%ymm0, %ymm10, %ymm10
+        vpor	%ymm1, %ymm11, %ymm11
+        vpor	%ymm2, %ymm12, %ymm12
+        vpor	%ymm3, %ymm13, %ymm13
+        vpor	%ymm4, %ymm14, %ymm14
+        vpandn	%ymm12, %ymm11, %ymm0
+        vpandn	%ymm13, %ymm12, %ymm1
+        vpandn	%ymm14, %ymm13, %ymm2
+        vpandn	%ymm10, %ymm14, %ymm3
+        vpandn	%ymm11, %ymm10, %ymm4
+        vpxor	%ymm10, %ymm0, %ymm0
+        vpxor	%ymm11, %ymm1, %ymm1
+        vpxor	%ymm12, %ymm2, %ymm2
+        vpxor	%ymm13, %ymm3, %ymm3
+        vpxor	%ymm14, %ymm4, %ymm4
+        vmovdqu	%ymm0, 96(%rdi)
+        vmovdqu	%ymm1, -96(%rcx)
+        vmovdqu	%ymm2, -64(%rdi)
+        vmovdqu	%ymm3, (%rax)
+        vmovdqu	%ymm4, 64(%rcx)
+        # Row 3
+        vpxor	96(%rcx), %ymm9, %ymm10
+        vpxor	128(%rdi), %ymm5, %ymm11
+        vpxor	-64(%rcx), %ymm6, %ymm12
+        vpxor	-32(%rdi), %ymm7, %ymm13
+        vpxor	32(%rax), %ymm8, %ymm14
+        vpsrlq	$37, %ymm10, %ymm0
+        vpsrlq	$28, %ymm11, %ymm1
+        vpsrlq	$54, %ymm12, %ymm2
+        vpsrlq	$49, %ymm13, %ymm3
+        vpsrlq	$8, %ymm14, %ymm4
+        vpsllq	$27, %ymm10, %ymm10
+        vpsllq	$36, %ymm11, %ymm11
+        vpsllq	$10, %ymm12, %ymm12
+        vpsllq	$15, %ymm13, %ymm13
+        vpsllq	$56, %ymm14, %ymm14
+        vpor	%ymm0, %ymm10, %ymm10
+        vpor	%ymm1, %ymm11, %ymm11
+        vpor	%ymm2, %ymm12, %ymm12
+        vpor	%ymm3, %ymm13, %ymm13
+        vpor	%ymm4, %ymm14, %ymm14
+        vpandn	%ymm12, %ymm11, %ymm0
+        vpandn	%ymm13, %ymm12, %ymm1
+        vpandn	%ymm14, %ymm13, %ymm2
+        vpandn	%ymm10, %ymm14, %ymm3
+        vpandn	%ymm11, %ymm10, %ymm4
+        vpxor	%ymm10, %ymm0, %ymm0
+        vpxor	%ymm11, %ymm1, %ymm1
+        vpxor	%ymm12, %ymm2, %ymm2
+        vpxor	%ymm13, %ymm3, %ymm3
+        vpxor	%ymm14, %ymm4, %ymm4
+        vmovdqu	%ymm0, 96(%rcx)
+        vmovdqu	%ymm1, 128(%rdi)
+        vmovdqu	%ymm2, -64(%rcx)
+        vmovdqu	%ymm3, -32(%rdi)
+        vmovdqu	%ymm4, 32(%rax)
+        # Row 4
+        vpxor	64(%rax), %ymm7, %ymm10
+        vpxor	128(%rcx), %ymm8, %ymm11
+        vpxor	-96(%rax), %ymm9, %ymm12
+        vpxor	-32(%rcx), %ymm5, %ymm13
+        vpxor	(%rdi), %ymm6, %ymm14
+        vpsrlq	$2, %ymm10, %ymm0
+        vpsrlq	$9, %ymm11, %ymm1
+        vpsrlq	$25, %ymm12, %ymm2
+        vpsrlq	$23, %ymm13, %ymm3
+        vpsrlq	$62, %ymm14, %ymm4
+        vpsllq	$62, %ymm10, %ymm10
+        vpsllq	$55, %ymm11, %ymm11
+        vpsllq	$39, %ymm12, %ymm12
+        vpsllq	$41, %ymm13, %ymm13
+        vpsllq	$2, %ymm14, %ymm14
+        vpor	%ymm0, %ymm10, %ymm10
+        vpor	%ymm1, %ymm11, %ymm11
+        vpor	%ymm2, %ymm12, %ymm12
+        vpor	%ymm3, %ymm13, %ymm13
+        vpor	%ymm4, %ymm14, %ymm14
+        vpandn	%ymm12, %ymm11, %ymm0
+        vpandn	%ymm13, %ymm12, %ymm1
+        vpandn	%ymm14, %ymm13, %ymm2
+        vpandn	%ymm10, %ymm14, %ymm3
+        vpandn	%ymm11, %ymm10, %ymm4
+        vpxor	%ymm10, %ymm0, %ymm0
+        vpxor	%ymm11, %ymm1, %ymm1
+        vpxor	%ymm12, %ymm2, %ymm2
+        vpxor	%ymm13, %ymm3, %ymm3
+        vpxor	%ymm14, %ymm4, %ymm4
+        vmovdqu	%ymm0, 64(%rax)
+        vmovdqu	%ymm1, 128(%rcx)
+        vmovdqu	%ymm2, -96(%rax)
+        vmovdqu	%ymm3, -32(%rcx)
+        vmovdqu	%ymm4, (%rdi)
+        # Round 23
+        # Calc b[0..4]
+        vpxor	%ymm15, %ymm0, %ymm10
+        vpxor	-96(%rdi), %ymm1, %ymm11
+        vpxor	-64(%rdi), %ymm2, %ymm12
+        vpxor	-32(%rdi), %ymm3, %ymm13
+        vpxor	32(%rdi), %ymm13, %ymm13
+        vpxor	64(%rdi), %ymm4, %ymm14
+        vpxor	96(%rdi), %ymm10, %ymm10
+        vpxor	128(%rdi), %ymm11, %ymm11
+        vpxor	-64(%rax), %ymm11, %ymm11
+        vpxor	-32(%rax), %ymm12, %ymm12
+        vpxor	(%rax), %ymm13, %ymm13
+        vpxor	32(%rax), %ymm14, %ymm14
+        vpxor	96(%rax), %ymm14, %ymm14
+        vpxor	128(%rax), %ymm10, %ymm10
+        vpxor	-96(%rcx), %ymm11, %ymm11
+        vpxor	-64(%rcx), %ymm12, %ymm12
+        vpxor	(%rcx), %ymm12, %ymm12
+        vpxor	32(%rcx), %ymm13, %ymm13
+        vpxor	64(%rcx), %ymm14, %ymm14
+        vpxor	96(%rcx), %ymm10, %ymm10
+        # Calc t[0..4]
+        vpsrlq	$63, %ymm11, %ymm0
+        vpsrlq	$63, %ymm12, %ymm1
+        vpsrlq	$63, %ymm13, %ymm2
+        vpsrlq	$63, %ymm14, %ymm3
+        vpsrlq	$63, %ymm10, %ymm4
+        vpaddq	%ymm11, %ymm11, %ymm5
+        vpaddq	%ymm12, %ymm12, %ymm6
+        vpaddq	%ymm13, %ymm13, %ymm7
+        vpaddq	%ymm14, %ymm14, %ymm8
+        vpaddq	%ymm10, %ymm10, %ymm9
+        vpor	%ymm0, %ymm5, %ymm5
+        vpor	%ymm1, %ymm6, %ymm6
+        vpor	%ymm2, %ymm7, %ymm7
+        vpor	%ymm3, %ymm8, %ymm8
+        vpor	%ymm4, %ymm9, %ymm9
+        vpxor	%ymm14, %ymm5, %ymm5
+        vpxor	%ymm10, %ymm6, %ymm6
+        vpxor	%ymm11, %ymm7, %ymm7
+        vpxor	%ymm12, %ymm8, %ymm8
+        vpxor	%ymm13, %ymm9, %ymm9
+        # Row Mix
+        # Row 0
+        vpxor	%ymm15, %ymm5, %ymm10
+        vpxor	-96(%rdi), %ymm6, %ymm11
+        vpxor	-64(%rdi), %ymm7, %ymm12
+        vpxor	-32(%rdi), %ymm8, %ymm13
+        vpxor	(%rdi), %ymm9, %ymm14
+        vpsrlq	$20, %ymm11, %ymm0
+        vpsrlq	$21, %ymm12, %ymm1
+        vpsrlq	$43, %ymm13, %ymm2
+        vpsrlq	$50, %ymm14, %ymm3
+        vpsllq	$44, %ymm11, %ymm11
+        vpsllq	$43, %ymm12, %ymm12
+        vpsllq	$21, %ymm13, %ymm13
+        vpsllq	$14, %ymm14, %ymm14
+        vpor	%ymm0, %ymm11, %ymm11
+        vpor	%ymm1, %ymm12, %ymm12
+        vpor	%ymm2, %ymm13, %ymm13
+        vpor	%ymm3, %ymm14, %ymm14
+        vpandn	%ymm12, %ymm11, %ymm15
+        vpandn	%ymm13, %ymm12, %ymm1
+        vpandn	%ymm14, %ymm13, %ymm2
+        vpandn	%ymm10, %ymm14, %ymm3
+        vpandn	%ymm11, %ymm10, %ymm4
+        vpxor	%ymm10, %ymm15, %ymm15
+        vpxor	%ymm11, %ymm1, %ymm1
+        vpxor	%ymm12, %ymm2, %ymm2
+        # XOR in constant
+        vpxor	736(%rdx), %ymm15, %ymm15
+        vpxor	%ymm13, %ymm3, %ymm3
+        vpxor	%ymm14, %ymm4, %ymm4
+        vmovdqu	%ymm1, -96(%rdi)
+        vmovdqu	%ymm2, -64(%rdi)
+        vmovdqu	%ymm3, -32(%rdi)
+        vmovdqu	%ymm4, (%rdi)
+        # Row 1
+        vpxor	32(%rdi), %ymm8, %ymm10
+        vpxor	64(%rdi), %ymm9, %ymm11
+        vpxor	96(%rdi), %ymm5, %ymm12
+        vpxor	128(%rdi), %ymm6, %ymm13
+        vpxor	-96(%rax), %ymm7, %ymm14
+        vpsrlq	$36, %ymm10, %ymm0
+        vpsrlq	$44, %ymm11, %ymm1
+        vpsrlq	$61, %ymm12, %ymm2
+        vpsrlq	$19, %ymm13, %ymm3
+        vpsrlq	$3, %ymm14, %ymm4
+        vpsllq	$28, %ymm10, %ymm10
+        vpsllq	$20, %ymm11, %ymm11
+        vpsllq	$3, %ymm12, %ymm12
+        vpsllq	$45, %ymm13, %ymm13
+        vpsllq	$61, %ymm14, %ymm14
+        vpor	%ymm0, %ymm10, %ymm10
+        vpor	%ymm1, %ymm11, %ymm11
+        vpor	%ymm2, %ymm12, %ymm12
+        vpor	%ymm3, %ymm13, %ymm13
+        vpor	%ymm4, %ymm14, %ymm14
+        vpandn	%ymm12, %ymm11, %ymm0
+        vpandn	%ymm13, %ymm12, %ymm1
+        vpandn	%ymm14, %ymm13, %ymm2
+        vpandn	%ymm10, %ymm14, %ymm3
+        vpandn	%ymm11, %ymm10, %ymm4
+        vpxor	%ymm10, %ymm0, %ymm0
+        vpxor	%ymm11, %ymm1, %ymm1
+        vpxor	%ymm12, %ymm2, %ymm2
+        vpxor	%ymm13, %ymm3, %ymm3
+        vpxor	%ymm14, %ymm4, %ymm4
+        vmovdqu	%ymm0, 32(%rdi)
+        vmovdqu	%ymm1, 64(%rdi)
+        vmovdqu	%ymm2, 96(%rdi)
+        vmovdqu	%ymm3, 128(%rdi)
+        vmovdqu	%ymm4, -96(%rax)
+        # Row 2
+        vpxor	-64(%rax), %ymm6, %ymm10
+        vpxor	-32(%rax), %ymm7, %ymm11
+        vpxor	(%rax), %ymm8, %ymm12
+        vpxor	32(%rax), %ymm9, %ymm13
+        vpxor	64(%rax), %ymm5, %ymm14
+        vpsrlq	$63, %ymm10, %ymm0
+        vpsrlq	$58, %ymm11, %ymm1
+        vpsrlq	$39, %ymm12, %ymm2
+        vpsrlq	$56, %ymm13, %ymm3
+        vpsrlq	$46, %ymm14, %ymm4
+        vpaddq	%ymm10, %ymm10, %ymm10
+        vpsllq	$6, %ymm11, %ymm11
+        vpsllq	$25, %ymm12, %ymm12
+        vpsllq	$8, %ymm13, %ymm13
+        vpsllq	$18, %ymm14, %ymm14
+        vpor	%ymm0, %ymm10, %ymm10
+        vpor	%ymm1, %ymm11, %ymm11
+        vpor	%ymm2, %ymm12, %ymm12
+        vpor	%ymm3, %ymm13, %ymm13
+        vpor	%ymm4, %ymm14, %ymm14
+        vpandn	%ymm12, %ymm11, %ymm0
+        vpandn	%ymm13, %ymm12, %ymm1
+        vpandn	%ymm14, %ymm13, %ymm2
+        vpandn	%ymm10, %ymm14, %ymm3
+        vpandn	%ymm11, %ymm10, %ymm4
+        vpxor	%ymm10, %ymm0, %ymm0
+        vpxor	%ymm11, %ymm1, %ymm1
+        vpxor	%ymm12, %ymm2, %ymm2
+        vpxor	%ymm13, %ymm3, %ymm3
+        vpxor	%ymm14, %ymm4, %ymm4
+        vmovdqu	%ymm0, -64(%rax)
+        vmovdqu	%ymm1, -32(%rax)
+        vmovdqu	%ymm2, (%rax)
+        vmovdqu	%ymm3, 32(%rax)
+        vmovdqu	%ymm4, 64(%rax)
+        # Row 3
+        vpxor	96(%rax), %ymm9, %ymm10
+        vpxor	128(%rax), %ymm5, %ymm11
+        vpxor	-96(%rcx), %ymm6, %ymm12
+        vpxor	-64(%rcx), %ymm7, %ymm13
+        vpxor	-32(%rcx), %ymm8, %ymm14
+        vpsrlq	$37, %ymm10, %ymm0
+        vpsrlq	$28, %ymm11, %ymm1
+        vpsrlq	$54, %ymm12, %ymm2
+        vpsrlq	$49, %ymm13, %ymm3
+        vpsrlq	$8, %ymm14, %ymm4
+        vpsllq	$27, %ymm10, %ymm10
+        vpsllq	$36, %ymm11, %ymm11
+        vpsllq	$10, %ymm12, %ymm12
+        vpsllq	$15, %ymm13, %ymm13
+        vpsllq	$56, %ymm14, %ymm14
+        vpor	%ymm0, %ymm10, %ymm10
+        vpor	%ymm1, %ymm11, %ymm11
+        vpor	%ymm2, %ymm12, %ymm12
+        vpor	%ymm3, %ymm13, %ymm13
+        vpor	%ymm4, %ymm14, %ymm14
+        vpandn	%ymm12, %ymm11, %ymm0
+        vpandn	%ymm13, %ymm12, %ymm1
+        vpandn	%ymm14, %ymm13, %ymm2
+        vpandn	%ymm10, %ymm14, %ymm3
+        vpandn	%ymm11, %ymm10, %ymm4
+        vpxor	%ymm10, %ymm0, %ymm0
+        vpxor	%ymm11, %ymm1, %ymm1
+        vpxor	%ymm12, %ymm2, %ymm2
+        vpxor	%ymm13, %ymm3, %ymm3
+        vpxor	%ymm14, %ymm4, %ymm4
+        vmovdqu	%ymm0, 96(%rax)
+        vmovdqu	%ymm1, 128(%rax)
+        vmovdqu	%ymm2, -96(%rcx)
+        vmovdqu	%ymm3, -64(%rcx)
+        vmovdqu	%ymm4, -32(%rcx)
+        # Row 4
+        vpxor	(%rcx), %ymm7, %ymm10
+        vpxor	32(%rcx), %ymm8, %ymm11
+        vpxor	64(%rcx), %ymm9, %ymm12
+        vpxor	96(%rcx), %ymm5, %ymm13
+        vpxor	128(%rcx), %ymm6, %ymm14
+        vpsrlq	$2, %ymm10, %ymm0
+        vpsrlq	$9, %ymm11, %ymm1
+        vpsrlq	$25, %ymm12, %ymm2
+        vpsrlq	$23, %ymm13, %ymm3
+        vpsrlq	$62, %ymm14, %ymm4
+        vpsllq	$62, %ymm10, %ymm10
+        vpsllq	$55, %ymm11, %ymm11
+        vpsllq	$39, %ymm12, %ymm12
+        vpsllq	$41, %ymm13, %ymm13
+        vpsllq	$2, %ymm14, %ymm14
+        vpor	%ymm0, %ymm10, %ymm10
+        vpor	%ymm1, %ymm11, %ymm11
+        vpor	%ymm2, %ymm12, %ymm12
+        vpor	%ymm3, %ymm13, %ymm13
+        vpor	%ymm4, %ymm14, %ymm14
+        vpandn	%ymm12, %ymm11, %ymm0
+        vpandn	%ymm13, %ymm12, %ymm1
+        vpandn	%ymm14, %ymm13, %ymm2
+        vpandn	%ymm10, %ymm14, %ymm3
+        vpandn	%ymm11, %ymm10, %ymm4
+        vpxor	%ymm10, %ymm0, %ymm0
+        vpxor	%ymm11, %ymm1, %ymm1
+        vpxor	%ymm12, %ymm2, %ymm2
+        vpxor	%ymm13, %ymm3, %ymm3
+        vpxor	%ymm14, %ymm4, %ymm4
+        vmovdqu	%ymm0, (%rcx)
+        vmovdqu	%ymm1, 32(%rcx)
+        vmovdqu	%ymm2, 64(%rcx)
+        vmovdqu	%ymm3, 96(%rcx)
+        vmovdqu	%ymm4, 128(%rcx)
+        subq	$0x80, %rdi
+        vmovdqu	%ymm15, (%rdi)
+        vzeroupper
+        repz retq
+#ifndef __APPLE__
+.size	sha3_256_blocksx4_seed_avx2,.-sha3_256_blocksx4_seed_avx2
+#endif /* __APPLE__ */
+#endif /* WOLFSSL_WC_MLKEM */
+#ifdef WOLFSSL_WC_DILITHIUM
+#ifndef __APPLE__
+.data
+#else
+.section	__DATA,__data
+#endif /* __APPLE__ */
+#ifndef __APPLE__
+.align	32
+#else
+.p2align	5
+#endif /* __APPLE__ */
+L_sha3_256_blockx4_seed_64_avx2_end_mark:
+.quad	0x8000000000000000, 0x8000000000000000
+.quad	0x8000000000000000, 0x8000000000000000
+#ifndef __APPLE__
+.text
+.globl	sha3_256_blocksx4_seed_64_avx2
+.type	sha3_256_blocksx4_seed_64_avx2,@function
+.align	16
+sha3_256_blocksx4_seed_64_avx2:
+#else
+.section	__TEXT,__text
+.globl	_sha3_256_blocksx4_seed_64_avx2
+.p2align	4
+_sha3_256_blocksx4_seed_64_avx2:
+#endif /* __APPLE__ */
+        leaq	L_sha3_x4_avx2_r(%rip), %rdx
+        movq	%rdi, %rax
+        movq	%rdi, %rcx
+        vpbroadcastq	(%rsi), %ymm15
+        addq	$0x80, %rdi
+        vpbroadcastq	8(%rsi), %ymm11
+        addq	$0x180, %rax
+        vpbroadcastq	16(%rsi), %ymm12
+        addq	$0x280, %rcx
+        vpbroadcastq	24(%rsi), %ymm13
+        vpbroadcastq	32(%rsi), %ymm14
+        vpbroadcastq	40(%rsi), %ymm0
+        vpbroadcastq	48(%rsi), %ymm1
+        vpbroadcastq	56(%rsi), %ymm2
+        vmovdqu	128(%rdi), %ymm3
+        vmovdqu	%ymm11, -96(%rdi)
+        vmovdqu	%ymm12, -64(%rdi)
+        vmovdqu	%ymm13, -32(%rdi)
+        vmovdqu	%ymm14, (%rdi)
+        vmovdqu	%ymm0, 32(%rdi)
+        vmovdqu	%ymm1, 64(%rdi)
+        vmovdqu	%ymm2, 96(%rdi)
+        vpxor	%ymm4, %ymm4, %ymm4
+        vpxor	%ymm6, %ymm6, %ymm6
+        vmovdqu	L_sha3_256_blockx4_seed_64_avx2_end_mark(%rip), %ymm5
+        vmovdqu	%ymm6, -96(%rax)
+        vmovdqu	%ymm6, -64(%rax)
+        vmovdqu	%ymm6, -32(%rax)
+        vmovdqu	%ymm6, (%rax)
+        vmovdqu	%ymm6, 32(%rax)
+        vmovdqu	%ymm6, 64(%rax)
+        vmovdqu	%ymm6, 96(%rax)
+        vmovdqu	%ymm5, 128(%rax)
+        vmovdqu	%ymm6, -96(%rcx)
+        vmovdqu	%ymm6, -64(%rcx)
+        vmovdqu	%ymm6, -32(%rcx)
+        vmovdqu	%ymm6, (%rcx)
+        vmovdqu	%ymm6, 32(%rcx)
+        vmovdqu	%ymm6, 64(%rcx)
+        vmovdqu	%ymm6, 96(%rcx)
+        vmovdqu	%ymm6, 128(%rcx)
+        vmovdqu	%ymm15, %ymm10
+        # Round 0
+        # Calc b[0..4]
+        vpxor	%ymm0, %ymm15, %ymm10
+        vpxor	%ymm1, %ymm11, %ymm11
+        vpxor	%ymm2, %ymm12, %ymm12
+        vpxor	%ymm3, %ymm13, %ymm13
+        vpxor	%ymm4, %ymm14, %ymm14
+        vpxor	-64(%rax), %ymm10, %ymm10
+        vpxor	-32(%rax), %ymm11, %ymm11
+        vpxor	(%rax), %ymm12, %ymm12
+        vpxor	32(%rax), %ymm13, %ymm13
+        vpxor	64(%rax), %ymm14, %ymm14
+        vpxor	96(%rax), %ymm10, %ymm10
+        vpxor	128(%rax), %ymm11, %ymm11
+        vpxor	-96(%rcx), %ymm12, %ymm12
+        vpxor	-64(%rcx), %ymm13, %ymm13
+        vpxor	-32(%rcx), %ymm14, %ymm14
+        vpxor	(%rcx), %ymm10, %ymm10
+        vpxor	32(%rcx), %ymm11, %ymm11
+        vpxor	64(%rcx), %ymm12, %ymm12
+        vpxor	96(%rcx), %ymm13, %ymm13
+        vpxor	128(%rcx), %ymm14, %ymm14
+        # Calc t[0..4]
+        vpsrlq	$63, %ymm11, %ymm0
+        vpsrlq	$63, %ymm12, %ymm1
+        vpsrlq	$63, %ymm13, %ymm2
+        vpsrlq	$63, %ymm14, %ymm3
+        vpsrlq	$63, %ymm10, %ymm4
+        vpaddq	%ymm11, %ymm11, %ymm5
+        vpaddq	%ymm12, %ymm12, %ymm6
+        vpaddq	%ymm13, %ymm13, %ymm7
+        vpaddq	%ymm14, %ymm14, %ymm8
+        vpaddq	%ymm10, %ymm10, %ymm9
+        vpor	%ymm0, %ymm5, %ymm5
+        vpor	%ymm1, %ymm6, %ymm6
+        vpor	%ymm2, %ymm7, %ymm7
+        vpor	%ymm3, %ymm8, %ymm8
+        vpor	%ymm4, %ymm9, %ymm9
+        vpxor	%ymm14, %ymm5, %ymm5
+        vpxor	%ymm10, %ymm6, %ymm6
+        vpxor	%ymm11, %ymm7, %ymm7
+        vpxor	%ymm12, %ymm8, %ymm8
+        vpxor	%ymm13, %ymm9, %ymm9
+        # Row Mix
+        # Row 0
+        vpxor	%ymm15, %ymm5, %ymm10
+        vpxor	64(%rdi), %ymm6, %ymm11
+        vpxor	(%rax), %ymm7, %ymm12
+        vpxor	-64(%rcx), %ymm8, %ymm13
+        vpxor	128(%rcx), %ymm9, %ymm14
+        vpsrlq	$20, %ymm11, %ymm0
+        vpsrlq	$21, %ymm12, %ymm1
+        vpsrlq	$43, %ymm13, %ymm2
+        vpsrlq	$50, %ymm14, %ymm3
+        vpsllq	$44, %ymm11, %ymm11
+        vpsllq	$43, %ymm12, %ymm12
+        vpsllq	$21, %ymm13, %ymm13
+        vpsllq	$14, %ymm14, %ymm14
+        vpor	%ymm0, %ymm11, %ymm11
+        vpor	%ymm1, %ymm12, %ymm12
+        vpor	%ymm2, %ymm13, %ymm13
+        vpor	%ymm3, %ymm14, %ymm14
+        vpandn	%ymm12, %ymm11, %ymm15
+        vpandn	%ymm13, %ymm12, %ymm1
+        vpandn	%ymm14, %ymm13, %ymm2
+        vpandn	%ymm10, %ymm14, %ymm3
+        vpandn	%ymm11, %ymm10, %ymm4
+        vpxor	%ymm10, %ymm15, %ymm15
+        vpxor	%ymm11, %ymm1, %ymm1
+        vpxor	%ymm12, %ymm2, %ymm2
+        # XOR in constant
+        vpxor	(%rdx), %ymm15, %ymm15
+        vpxor	%ymm13, %ymm3, %ymm3
+        vpxor	%ymm14, %ymm4, %ymm4
+        vmovdqu	%ymm1, 64(%rdi)
+        vmovdqu	%ymm2, (%rax)
+        vmovdqu	%ymm3, -64(%rcx)
+        vmovdqu	%ymm4, 128(%rcx)
+        # Row 1
+        vpxor	-32(%rdi), %ymm8, %ymm10
+        vpxor	-96(%rax), %ymm9, %ymm11
+        vpxor	-64(%rax), %ymm5, %ymm12
+        vpxor	128(%rax), %ymm6, %ymm13
+        vpxor	64(%rcx), %ymm7, %ymm14
+        vpsrlq	$36, %ymm10, %ymm0
+        vpsrlq	$44, %ymm11, %ymm1
+        vpsrlq	$61, %ymm12, %ymm2
+        vpsrlq	$19, %ymm13, %ymm3
+        vpsrlq	$3, %ymm14, %ymm4
+        vpsllq	$28, %ymm10, %ymm10
+        vpsllq	$20, %ymm11, %ymm11
+        vpsllq	$3, %ymm12, %ymm12
+        vpsllq	$45, %ymm13, %ymm13
+        vpsllq	$61, %ymm14, %ymm14
+        vpor	%ymm0, %ymm10, %ymm10
+        vpor	%ymm1, %ymm11, %ymm11
+        vpor	%ymm2, %ymm12, %ymm12
+        vpor	%ymm3, %ymm13, %ymm13
+        vpor	%ymm4, %ymm14, %ymm14
+        vpandn	%ymm12, %ymm11, %ymm0
+        vpandn	%ymm13, %ymm12, %ymm1
+        vpandn	%ymm14, %ymm13, %ymm2
+        vpandn	%ymm10, %ymm14, %ymm3
+        vpandn	%ymm11, %ymm10, %ymm4
+        vpxor	%ymm10, %ymm0, %ymm0
+        vpxor	%ymm11, %ymm1, %ymm1
+        vpxor	%ymm12, %ymm2, %ymm2
+        vpxor	%ymm13, %ymm3, %ymm3
+        vpxor	%ymm14, %ymm4, %ymm4
+        vmovdqu	%ymm0, -32(%rdi)
+        vmovdqu	%ymm1, -96(%rax)
+        vmovdqu	%ymm2, -64(%rax)
+        vmovdqu	%ymm3, 128(%rax)
+        vmovdqu	%ymm4, 64(%rcx)
+        # Row 2
+        vpxor	-96(%rdi), %ymm6, %ymm10
+        vpxor	96(%rdi), %ymm7, %ymm11
+        vpxor	32(%rax), %ymm8, %ymm12
+        vpxor	-32(%rcx), %ymm9, %ymm13
+        vpxor	(%rcx), %ymm5, %ymm14
+        vpsrlq	$63, %ymm10, %ymm0
+        vpsrlq	$58, %ymm11, %ymm1
+        vpsrlq	$39, %ymm12, %ymm2
+        vpsrlq	$56, %ymm13, %ymm3
+        vpsrlq	$46, %ymm14, %ymm4
+        vpaddq	%ymm10, %ymm10, %ymm10
+        vpsllq	$6, %ymm11, %ymm11
+        vpsllq	$25, %ymm12, %ymm12
+        vpsllq	$8, %ymm13, %ymm13
+        vpsllq	$18, %ymm14, %ymm14
+        vpor	%ymm0, %ymm10, %ymm10
+        vpor	%ymm1, %ymm11, %ymm11
+        vpor	%ymm2, %ymm12, %ymm12
+        vpor	%ymm3, %ymm13, %ymm13
+        vpor	%ymm4, %ymm14, %ymm14
+        vpandn	%ymm12, %ymm11, %ymm0
+        vpandn	%ymm13, %ymm12, %ymm1
+        vpandn	%ymm14, %ymm13, %ymm2
+        vpandn	%ymm10, %ymm14, %ymm3
+        vpandn	%ymm11, %ymm10, %ymm4
+        vpxor	%ymm10, %ymm0, %ymm0
+        vpxor	%ymm11, %ymm1, %ymm1
+        vpxor	%ymm12, %ymm2, %ymm2
+        vpxor	%ymm13, %ymm3, %ymm3
+        vpxor	%ymm14, %ymm4, %ymm4
+        vmovdqu	%ymm0, -96(%rdi)
+        vmovdqu	%ymm1, 96(%rdi)
+        vmovdqu	%ymm2, 32(%rax)
+        vmovdqu	%ymm3, -32(%rcx)
+        vmovdqu	%ymm4, (%rcx)
+        # Row 3
+        vpxor	(%rdi), %ymm9, %ymm10
+        vpxor	32(%rdi), %ymm5, %ymm11
+        vpxor	-32(%rax), %ymm6, %ymm12
+        vpxor	-96(%rcx), %ymm7, %ymm13
+        vpxor	96(%rcx), %ymm8, %ymm14
+        vpsrlq	$37, %ymm10, %ymm0
+        vpsrlq	$28, %ymm11, %ymm1
+        vpsrlq	$54, %ymm12, %ymm2
+        vpsrlq	$49, %ymm13, %ymm3
+        vpsrlq	$8, %ymm14, %ymm4
+        vpsllq	$27, %ymm10, %ymm10
+        vpsllq	$36, %ymm11, %ymm11
+        vpsllq	$10, %ymm12, %ymm12
+        vpsllq	$15, %ymm13, %ymm13
+        vpsllq	$56, %ymm14, %ymm14
+        vpor	%ymm0, %ymm10, %ymm10
+        vpor	%ymm1, %ymm11, %ymm11
+        vpor	%ymm2, %ymm12, %ymm12
+        vpor	%ymm3, %ymm13, %ymm13
+        vpor	%ymm4, %ymm14, %ymm14
+        vpandn	%ymm12, %ymm11, %ymm0
+        vpandn	%ymm13, %ymm12, %ymm1
+        vpandn	%ymm14, %ymm13, %ymm2
+        vpandn	%ymm10, %ymm14, %ymm3
+        vpandn	%ymm11, %ymm10, %ymm4
+        vpxor	%ymm10, %ymm0, %ymm0
+        vpxor	%ymm11, %ymm1, %ymm1
+        vpxor	%ymm12, %ymm2, %ymm2
+        vpxor	%ymm13, %ymm3, %ymm3
+        vpxor	%ymm14, %ymm4, %ymm4
+        vmovdqu	%ymm0, (%rdi)
+        vmovdqu	%ymm1, 32(%rdi)
+        vmovdqu	%ymm2, -32(%rax)
+        vmovdqu	%ymm3, -96(%rcx)
+        vmovdqu	%ymm4, 96(%rcx)
+        # Row 4
+        vpxor	-64(%rdi), %ymm7, %ymm10
+        vpxor	128(%rdi), %ymm8, %ymm11
+        vpxor	64(%rax), %ymm9, %ymm12
+        vpxor	96(%rax), %ymm5, %ymm13
+        vpxor	32(%rcx), %ymm6, %ymm14
+        vpsrlq	$2, %ymm10, %ymm0
+        vpsrlq	$9, %ymm11, %ymm1
+        vpsrlq	$25, %ymm12, %ymm2
+        vpsrlq	$23, %ymm13, %ymm3
+        vpsrlq	$62, %ymm14, %ymm4
+        vpsllq	$62, %ymm10, %ymm10
+        vpsllq	$55, %ymm11, %ymm11
+        vpsllq	$39, %ymm12, %ymm12
+        vpsllq	$41, %ymm13, %ymm13
+        vpsllq	$2, %ymm14, %ymm14
+        vpor	%ymm0, %ymm10, %ymm10
+        vpor	%ymm1, %ymm11, %ymm11
+        vpor	%ymm2, %ymm12, %ymm12
+        vpor	%ymm3, %ymm13, %ymm13
+        vpor	%ymm4, %ymm14, %ymm14
+        vpandn	%ymm12, %ymm11, %ymm0
+        vpandn	%ymm13, %ymm12, %ymm1
+        vpandn	%ymm14, %ymm13, %ymm2
+        vpandn	%ymm10, %ymm14, %ymm3
+        vpandn	%ymm11, %ymm10, %ymm4
+        vpxor	%ymm10, %ymm0, %ymm0
+        vpxor	%ymm11, %ymm1, %ymm1
+        vpxor	%ymm12, %ymm2, %ymm2
+        vpxor	%ymm13, %ymm3, %ymm3
+        vpxor	%ymm14, %ymm4, %ymm4
+        vmovdqu	%ymm0, -64(%rdi)
+        vmovdqu	%ymm1, 128(%rdi)
+        vmovdqu	%ymm2, 64(%rax)
+        vmovdqu	%ymm3, 96(%rax)
+        vmovdqu	%ymm4, 32(%rcx)
+        # Round 1
+        # Calc b[0..4]
+        vpxor	%ymm15, %ymm0, %ymm10
+        vpxor	-96(%rdi), %ymm10, %ymm10
+        vpxor	-32(%rdi), %ymm10, %ymm10
+        vpxor	(%rdi), %ymm10, %ymm10
+        vpxor	32(%rdi), %ymm1, %ymm11
+        vpxor	64(%rdi), %ymm11, %ymm11
+        vpxor	96(%rdi), %ymm11, %ymm11
+        vpxor	-96(%rax), %ymm11, %ymm11
+        vpxor	-64(%rax), %ymm2, %ymm12
+        vpxor	-32(%rax), %ymm12, %ymm12
+        vpxor	(%rax), %ymm12, %ymm12
+        vpxor	32(%rax), %ymm12, %ymm12
+        vpxor	128(%rax), %ymm3, %ymm13
+        vpxor	-96(%rcx), %ymm13, %ymm13
+        vpxor	-64(%rcx), %ymm13, %ymm13
+        vpxor	-32(%rcx), %ymm13, %ymm13
+        vpxor	(%rcx), %ymm4, %ymm14
+        vpxor	64(%rcx), %ymm14, %ymm14
+        vpxor	96(%rcx), %ymm14, %ymm14
+        vpxor	128(%rcx), %ymm14, %ymm14
+        # Calc t[0..4]
+        vpsrlq	$63, %ymm11, %ymm0
+        vpsrlq	$63, %ymm12, %ymm1
+        vpsrlq	$63, %ymm13, %ymm2
+        vpsrlq	$63, %ymm14, %ymm3
+        vpsrlq	$63, %ymm10, %ymm4
+        vpaddq	%ymm11, %ymm11, %ymm5
+        vpaddq	%ymm12, %ymm12, %ymm6
+        vpaddq	%ymm13, %ymm13, %ymm7
+        vpaddq	%ymm14, %ymm14, %ymm8
+        vpaddq	%ymm10, %ymm10, %ymm9
+        vpor	%ymm0, %ymm5, %ymm5
+        vpor	%ymm1, %ymm6, %ymm6
+        vpor	%ymm2, %ymm7, %ymm7
+        vpor	%ymm3, %ymm8, %ymm8
+        vpor	%ymm4, %ymm9, %ymm9
+        vpxor	%ymm14, %ymm5, %ymm5
+        vpxor	%ymm10, %ymm6, %ymm6
+        vpxor	%ymm11, %ymm7, %ymm7
+        vpxor	%ymm12, %ymm8, %ymm8
+        vpxor	%ymm13, %ymm9, %ymm9
+        # Row Mix
+        # Row 0
+        vpxor	%ymm15, %ymm5, %ymm10
+        vpxor	-96(%rax), %ymm6, %ymm11
+        vpxor	32(%rax), %ymm7, %ymm12
+        vpxor	-96(%rcx), %ymm8, %ymm13
+        vpxor	32(%rcx), %ymm9, %ymm14
+        vpsrlq	$20, %ymm11, %ymm0
+        vpsrlq	$21, %ymm12, %ymm1
+        vpsrlq	$43, %ymm13, %ymm2
+        vpsrlq	$50, %ymm14, %ymm3
+        vpsllq	$44, %ymm11, %ymm11
+        vpsllq	$43, %ymm12, %ymm12
+        vpsllq	$21, %ymm13, %ymm13
+        vpsllq	$14, %ymm14, %ymm14
+        vpor	%ymm0, %ymm11, %ymm11
+        vpor	%ymm1, %ymm12, %ymm12
+        vpor	%ymm2, %ymm13, %ymm13
+        vpor	%ymm3, %ymm14, %ymm14
+        vpandn	%ymm12, %ymm11, %ymm15
+        vpandn	%ymm13, %ymm12, %ymm1
+        vpandn	%ymm14, %ymm13, %ymm2
+        vpandn	%ymm10, %ymm14, %ymm3
+        vpandn	%ymm11, %ymm10, %ymm4
+        vpxor	%ymm10, %ymm15, %ymm15
+        vpxor	%ymm11, %ymm1, %ymm1
+        vpxor	%ymm12, %ymm2, %ymm2
+        # XOR in constant
+        vpxor	32(%rdx), %ymm15, %ymm15
+        vpxor	%ymm13, %ymm3, %ymm3
+        vpxor	%ymm14, %ymm4, %ymm4
+        vmovdqu	%ymm1, -96(%rax)
+        vmovdqu	%ymm2, 32(%rax)
+        vmovdqu	%ymm3, -96(%rcx)
+        vmovdqu	%ymm4, 32(%rcx)
+        # Row 1
+        vpxor	-64(%rcx), %ymm8, %ymm10
+        vpxor	64(%rcx), %ymm9, %ymm11
+        vpxor	-96(%rdi), %ymm5, %ymm12
+        vpxor	32(%rdi), %ymm6, %ymm13
+        vpxor	64(%rax), %ymm7, %ymm14
+        vpsrlq	$36, %ymm10, %ymm0
+        vpsrlq	$44, %ymm11, %ymm1
+        vpsrlq	$61, %ymm12, %ymm2
+        vpsrlq	$19, %ymm13, %ymm3
+        vpsrlq	$3, %ymm14, %ymm4
+        vpsllq	$28, %ymm10, %ymm10
+        vpsllq	$20, %ymm11, %ymm11
+        vpsllq	$3, %ymm12, %ymm12
+        vpsllq	$45, %ymm13, %ymm13
+        vpsllq	$61, %ymm14, %ymm14
+        vpor	%ymm0, %ymm10, %ymm10
+        vpor	%ymm1, %ymm11, %ymm11
+        vpor	%ymm2, %ymm12, %ymm12
+        vpor	%ymm3, %ymm13, %ymm13
+        vpor	%ymm4, %ymm14, %ymm14
+        vpandn	%ymm12, %ymm11, %ymm0
+        vpandn	%ymm13, %ymm12, %ymm1
+        vpandn	%ymm14, %ymm13, %ymm2
+        vpandn	%ymm10, %ymm14, %ymm3
+        vpandn	%ymm11, %ymm10, %ymm4
+        vpxor	%ymm10, %ymm0, %ymm0
+        vpxor	%ymm11, %ymm1, %ymm1
+        vpxor	%ymm12, %ymm2, %ymm2
+        vpxor	%ymm13, %ymm3, %ymm3
+        vpxor	%ymm14, %ymm4, %ymm4
+        vmovdqu	%ymm0, -64(%rcx)
+        vmovdqu	%ymm1, 64(%rcx)
+        vmovdqu	%ymm2, -96(%rdi)
+        vmovdqu	%ymm3, 32(%rdi)
+        vmovdqu	%ymm4, 64(%rax)
+        # Row 2
+        vpxor	64(%rdi), %ymm6, %ymm10
+        vpxor	-64(%rax), %ymm7, %ymm11
+        vpxor	-32(%rcx), %ymm8, %ymm12
+        vpxor	96(%rcx), %ymm9, %ymm13
+        vpxor	-64(%rdi), %ymm5, %ymm14
+        vpsrlq	$63, %ymm10, %ymm0
+        vpsrlq	$58, %ymm11, %ymm1
+        vpsrlq	$39, %ymm12, %ymm2
+        vpsrlq	$56, %ymm13, %ymm3
+        vpsrlq	$46, %ymm14, %ymm4
+        vpaddq	%ymm10, %ymm10, %ymm10
+        vpsllq	$6, %ymm11, %ymm11
+        vpsllq	$25, %ymm12, %ymm12
+        vpsllq	$8, %ymm13, %ymm13
+        vpsllq	$18, %ymm14, %ymm14
+        vpor	%ymm0, %ymm10, %ymm10
+        vpor	%ymm1, %ymm11, %ymm11
+        vpor	%ymm2, %ymm12, %ymm12
+        vpor	%ymm3, %ymm13, %ymm13
+        vpor	%ymm4, %ymm14, %ymm14
+        vpandn	%ymm12, %ymm11, %ymm0
+        vpandn	%ymm13, %ymm12, %ymm1
+        vpandn	%ymm14, %ymm13, %ymm2
+        vpandn	%ymm10, %ymm14, %ymm3
+        vpandn	%ymm11, %ymm10, %ymm4
+        vpxor	%ymm10, %ymm0, %ymm0
+        vpxor	%ymm11, %ymm1, %ymm1
+        vpxor	%ymm12, %ymm2, %ymm2
+        vpxor	%ymm13, %ymm3, %ymm3
+        vpxor	%ymm14, %ymm4, %ymm4
+        vmovdqu	%ymm0, 64(%rdi)
+        vmovdqu	%ymm1, -64(%rax)
+        vmovdqu	%ymm2, -32(%rcx)
+        vmovdqu	%ymm3, 96(%rcx)
+        vmovdqu	%ymm4, -64(%rdi)
+        # Row 3
+        vpxor	128(%rcx), %ymm9, %ymm10
+        vpxor	-32(%rdi), %ymm5, %ymm11
+        vpxor	96(%rdi), %ymm6, %ymm12
+        vpxor	-32(%rax), %ymm7, %ymm13
+        vpxor	96(%rax), %ymm8, %ymm14
+        vpsrlq	$37, %ymm10, %ymm0
+        vpsrlq	$28, %ymm11, %ymm1
+        vpsrlq	$54, %ymm12, %ymm2
+        vpsrlq	$49, %ymm13, %ymm3
+        vpsrlq	$8, %ymm14, %ymm4
+        vpsllq	$27, %ymm10, %ymm10
+        vpsllq	$36, %ymm11, %ymm11
+        vpsllq	$10, %ymm12, %ymm12
+        vpsllq	$15, %ymm13, %ymm13
+        vpsllq	$56, %ymm14, %ymm14
+        vpor	%ymm0, %ymm10, %ymm10
+        vpor	%ymm1, %ymm11, %ymm11
+        vpor	%ymm2, %ymm12, %ymm12
+        vpor	%ymm3, %ymm13, %ymm13
+        vpor	%ymm4, %ymm14, %ymm14
+        vpandn	%ymm12, %ymm11, %ymm0
+        vpandn	%ymm13, %ymm12, %ymm1
+        vpandn	%ymm14, %ymm13, %ymm2
+        vpandn	%ymm10, %ymm14, %ymm3
+        vpandn	%ymm11, %ymm10, %ymm4
+        vpxor	%ymm10, %ymm0, %ymm0
+        vpxor	%ymm11, %ymm1, %ymm1
+        vpxor	%ymm12, %ymm2, %ymm2
+        vpxor	%ymm13, %ymm3, %ymm3
+        vpxor	%ymm14, %ymm4, %ymm4
+        vmovdqu	%ymm0, 128(%rcx)
+        vmovdqu	%ymm1, -32(%rdi)
+        vmovdqu	%ymm2, 96(%rdi)
+        vmovdqu	%ymm3, -32(%rax)
+        vmovdqu	%ymm4, 96(%rax)
+        # Row 4
+        vpxor	(%rax), %ymm7, %ymm10
+        vpxor	128(%rax), %ymm8, %ymm11
+        vpxor	(%rcx), %ymm9, %ymm12
+        vpxor	(%rdi), %ymm5, %ymm13
+        vpxor	128(%rdi), %ymm6, %ymm14
+        vpsrlq	$2, %ymm10, %ymm0
+        vpsrlq	$9, %ymm11, %ymm1
+        vpsrlq	$25, %ymm12, %ymm2
+        vpsrlq	$23, %ymm13, %ymm3
+        vpsrlq	$62, %ymm14, %ymm4
+        vpsllq	$62, %ymm10, %ymm10
+        vpsllq	$55, %ymm11, %ymm11
+        vpsllq	$39, %ymm12, %ymm12
+        vpsllq	$41, %ymm13, %ymm13
+        vpsllq	$2, %ymm14, %ymm14
+        vpor	%ymm0, %ymm10, %ymm10
+        vpor	%ymm1, %ymm11, %ymm11
+        vpor	%ymm2, %ymm12, %ymm12
+        vpor	%ymm3, %ymm13, %ymm13
+        vpor	%ymm4, %ymm14, %ymm14
+        vpandn	%ymm12, %ymm11, %ymm0
+        vpandn	%ymm13, %ymm12, %ymm1
+        vpandn	%ymm14, %ymm13, %ymm2
+        vpandn	%ymm10, %ymm14, %ymm3
+        vpandn	%ymm11, %ymm10, %ymm4
+        vpxor	%ymm10, %ymm0, %ymm0
+        vpxor	%ymm11, %ymm1, %ymm1
+        vpxor	%ymm12, %ymm2, %ymm2
+        vpxor	%ymm13, %ymm3, %ymm3
+        vpxor	%ymm14, %ymm4, %ymm4
+        vmovdqu	%ymm0, (%rax)
+        vmovdqu	%ymm1, 128(%rax)
+        vmovdqu	%ymm2, (%rcx)
+        vmovdqu	%ymm3, (%rdi)
+        vmovdqu	%ymm4, 128(%rdi)
+        # Round 2
+        # Calc b[0..4]
+        vpxor	%ymm15, %ymm0, %ymm10
+        vpxor	-96(%rdi), %ymm2, %ymm12
+        vpxor	-64(%rdi), %ymm4, %ymm14
+        vpxor	-32(%rdi), %ymm1, %ymm11
+        vpxor	32(%rdi), %ymm3, %ymm13
+        vpxor	64(%rdi), %ymm10, %ymm10
+        vpxor	96(%rdi), %ymm12, %ymm12
+        vpxor	-96(%rax), %ymm11, %ymm11
+        vpxor	-64(%rax), %ymm11, %ymm11
+        vpxor	-32(%rax), %ymm13, %ymm13
+        vpxor	32(%rax), %ymm12, %ymm12
+        vpxor	64(%rax), %ymm14, %ymm14
+        vpxor	96(%rax), %ymm14, %ymm14
+        vpxor	-96(%rcx), %ymm13, %ymm13
+        vpxor	-64(%rcx), %ymm10, %ymm10
+        vpxor	-32(%rcx), %ymm12, %ymm12
+        vpxor	32(%rcx), %ymm14, %ymm14
+        vpxor	64(%rcx), %ymm11, %ymm11
+        vpxor	96(%rcx), %ymm13, %ymm13
+        vpxor	128(%rcx), %ymm10, %ymm10
+        # Calc t[0..4]
+        vpsrlq	$63, %ymm11, %ymm0
+        vpsrlq	$63, %ymm12, %ymm1
+        vpsrlq	$63, %ymm13, %ymm2
+        vpsrlq	$63, %ymm14, %ymm3
+        vpsrlq	$63, %ymm10, %ymm4
+        vpaddq	%ymm11, %ymm11, %ymm5
+        vpaddq	%ymm12, %ymm12, %ymm6
+        vpaddq	%ymm13, %ymm13, %ymm7
+        vpaddq	%ymm14, %ymm14, %ymm8
+        vpaddq	%ymm10, %ymm10, %ymm9
+        vpor	%ymm0, %ymm5, %ymm5
+        vpor	%ymm1, %ymm6, %ymm6
+        vpor	%ymm2, %ymm7, %ymm7
+        vpor	%ymm3, %ymm8, %ymm8
+        vpor	%ymm4, %ymm9, %ymm9
+        vpxor	%ymm14, %ymm5, %ymm5
+        vpxor	%ymm10, %ymm6, %ymm6
+        vpxor	%ymm11, %ymm7, %ymm7
+        vpxor	%ymm12, %ymm8, %ymm8
+        vpxor	%ymm13, %ymm9, %ymm9
+        # Row Mix
+        # Row 0
+        vpxor	%ymm15, %ymm5, %ymm10
+        vpxor	64(%rcx), %ymm6, %ymm11
+        vpxor	-32(%rcx), %ymm7, %ymm12
+        vpxor	-32(%rax), %ymm8, %ymm13
+        vpxor	128(%rdi), %ymm9, %ymm14
+        vpsrlq	$20, %ymm11, %ymm0
+        vpsrlq	$21, %ymm12, %ymm1
+        vpsrlq	$43, %ymm13, %ymm2
+        vpsrlq	$50, %ymm14, %ymm3
+        vpsllq	$44, %ymm11, %ymm11
+        vpsllq	$43, %ymm12, %ymm12
+        vpsllq	$21, %ymm13, %ymm13
+        vpsllq	$14, %ymm14, %ymm14
+        vpor	%ymm0, %ymm11, %ymm11
+        vpor	%ymm1, %ymm12, %ymm12
+        vpor	%ymm2, %ymm13, %ymm13
+        vpor	%ymm3, %ymm14, %ymm14
+        vpandn	%ymm12, %ymm11, %ymm15
+        vpandn	%ymm13, %ymm12, %ymm1
+        vpandn	%ymm14, %ymm13, %ymm2
+        vpandn	%ymm10, %ymm14, %ymm3
+        vpandn	%ymm11, %ymm10, %ymm4
+        vpxor	%ymm10, %ymm15, %ymm15
+        vpxor	%ymm11, %ymm1, %ymm1
+        vpxor	%ymm12, %ymm2, %ymm2
+        # XOR in constant
+        vpxor	64(%rdx), %ymm15, %ymm15
+        vpxor	%ymm13, %ymm3, %ymm3
+        vpxor	%ymm14, %ymm4, %ymm4
+        vmovdqu	%ymm1, 64(%rcx)
+        vmovdqu	%ymm2, -32(%rcx)
+        vmovdqu	%ymm3, -32(%rax)
+        vmovdqu	%ymm4, 128(%rdi)
+        # Row 1
+        vpxor	-96(%rcx), %ymm8, %ymm10
+        vpxor	64(%rax), %ymm9, %ymm11
+        vpxor	64(%rdi), %ymm5, %ymm12
+        vpxor	-32(%rdi), %ymm6, %ymm13
+        vpxor	(%rcx), %ymm7, %ymm14
+        vpsrlq	$36, %ymm10, %ymm0
+        vpsrlq	$44, %ymm11, %ymm1
+        vpsrlq	$61, %ymm12, %ymm2
+        vpsrlq	$19, %ymm13, %ymm3
+        vpsrlq	$3, %ymm14, %ymm4
+        vpsllq	$28, %ymm10, %ymm10
+        vpsllq	$20, %ymm11, %ymm11
+        vpsllq	$3, %ymm12, %ymm12
+        vpsllq	$45, %ymm13, %ymm13
+        vpsllq	$61, %ymm14, %ymm14
+        vpor	%ymm0, %ymm10, %ymm10
+        vpor	%ymm1, %ymm11, %ymm11
+        vpor	%ymm2, %ymm12, %ymm12
+        vpor	%ymm3, %ymm13, %ymm13
+        vpor	%ymm4, %ymm14, %ymm14
+        vpandn	%ymm12, %ymm11, %ymm0
+        vpandn	%ymm13, %ymm12, %ymm1
+        vpandn	%ymm14, %ymm13, %ymm2
+        vpandn	%ymm10, %ymm14, %ymm3
+        vpandn	%ymm11, %ymm10, %ymm4
+        vpxor	%ymm10, %ymm0, %ymm0
+        vpxor	%ymm11, %ymm1, %ymm1
+        vpxor	%ymm12, %ymm2, %ymm2
+        vpxor	%ymm13, %ymm3, %ymm3
+        vpxor	%ymm14, %ymm4, %ymm4
+        vmovdqu	%ymm0, -96(%rcx)
+        vmovdqu	%ymm1, 64(%rax)
+        vmovdqu	%ymm2, 64(%rdi)
+        vmovdqu	%ymm3, -32(%rdi)
+        vmovdqu	%ymm4, (%rcx)
+        # Row 2
+        vpxor	-96(%rax), %ymm6, %ymm10
+        vpxor	-96(%rdi), %ymm7, %ymm11
+        vpxor	96(%rcx), %ymm8, %ymm12
+        vpxor	96(%rax), %ymm9, %ymm13
+        vpxor	(%rax), %ymm5, %ymm14
+        vpsrlq	$63, %ymm10, %ymm0
+        vpsrlq	$58, %ymm11, %ymm1
+        vpsrlq	$39, %ymm12, %ymm2
+        vpsrlq	$56, %ymm13, %ymm3
+        vpsrlq	$46, %ymm14, %ymm4
+        vpaddq	%ymm10, %ymm10, %ymm10
+        vpsllq	$6, %ymm11, %ymm11
+        vpsllq	$25, %ymm12, %ymm12
+        vpsllq	$8, %ymm13, %ymm13
+        vpsllq	$18, %ymm14, %ymm14
+        vpor	%ymm0, %ymm10, %ymm10
+        vpor	%ymm1, %ymm11, %ymm11
+        vpor	%ymm2, %ymm12, %ymm12
+        vpor	%ymm3, %ymm13, %ymm13
+        vpor	%ymm4, %ymm14, %ymm14
+        vpandn	%ymm12, %ymm11, %ymm0
+        vpandn	%ymm13, %ymm12, %ymm1
+        vpandn	%ymm14, %ymm13, %ymm2
+        vpandn	%ymm10, %ymm14, %ymm3
+        vpandn	%ymm11, %ymm10, %ymm4
+        vpxor	%ymm10, %ymm0, %ymm0
+        vpxor	%ymm11, %ymm1, %ymm1
+        vpxor	%ymm12, %ymm2, %ymm2
+        vpxor	%ymm13, %ymm3, %ymm3
+        vpxor	%ymm14, %ymm4, %ymm4
+        vmovdqu	%ymm0, -96(%rax)
+        vmovdqu	%ymm1, -96(%rdi)
+        vmovdqu	%ymm2, 96(%rcx)
+        vmovdqu	%ymm3, 96(%rax)
+        vmovdqu	%ymm4, (%rax)
+        # Row 3
+        vpxor	32(%rcx), %ymm9, %ymm10
+        vpxor	-64(%rcx), %ymm5, %ymm11
+        vpxor	-64(%rax), %ymm6, %ymm12
+        vpxor	96(%rdi), %ymm7, %ymm13
+        vpxor	(%rdi), %ymm8, %ymm14
+        vpsrlq	$37, %ymm10, %ymm0
+        vpsrlq	$28, %ymm11, %ymm1
+        vpsrlq	$54, %ymm12, %ymm2
+        vpsrlq	$49, %ymm13, %ymm3
+        vpsrlq	$8, %ymm14, %ymm4
+        vpsllq	$27, %ymm10, %ymm10
+        vpsllq	$36, %ymm11, %ymm11
+        vpsllq	$10, %ymm12, %ymm12
+        vpsllq	$15, %ymm13, %ymm13
+        vpsllq	$56, %ymm14, %ymm14
+        vpor	%ymm0, %ymm10, %ymm10
+        vpor	%ymm1, %ymm11, %ymm11
+        vpor	%ymm2, %ymm12, %ymm12
+        vpor	%ymm3, %ymm13, %ymm13
+        vpor	%ymm4, %ymm14, %ymm14
+        vpandn	%ymm12, %ymm11, %ymm0
+        vpandn	%ymm13, %ymm12, %ymm1
+        vpandn	%ymm14, %ymm13, %ymm2
+        vpandn	%ymm10, %ymm14, %ymm3
+        vpandn	%ymm11, %ymm10, %ymm4
+        vpxor	%ymm10, %ymm0, %ymm0
+        vpxor	%ymm11, %ymm1, %ymm1
+        vpxor	%ymm12, %ymm2, %ymm2
+        vpxor	%ymm13, %ymm3, %ymm3
+        vpxor	%ymm14, %ymm4, %ymm4
+        vmovdqu	%ymm0, 32(%rcx)
+        vmovdqu	%ymm1, -64(%rcx)
+        vmovdqu	%ymm2, -64(%rax)
+        vmovdqu	%ymm3, 96(%rdi)
+        vmovdqu	%ymm4, (%rdi)
+        # Row 4
+        vpxor	32(%rax), %ymm7, %ymm10
+        vpxor	32(%rdi), %ymm8, %ymm11
+        vpxor	-64(%rdi), %ymm9, %ymm12
+        vpxor	128(%rcx), %ymm5, %ymm13
+        vpxor	128(%rax), %ymm6, %ymm14
+        vpsrlq	$2, %ymm10, %ymm0
+        vpsrlq	$9, %ymm11, %ymm1
+        vpsrlq	$25, %ymm12, %ymm2
+        vpsrlq	$23, %ymm13, %ymm3
+        vpsrlq	$62, %ymm14, %ymm4
+        vpsllq	$62, %ymm10, %ymm10
+        vpsllq	$55, %ymm11, %ymm11
+        vpsllq	$39, %ymm12, %ymm12
+        vpsllq	$41, %ymm13, %ymm13
+        vpsllq	$2, %ymm14, %ymm14
+        vpor	%ymm0, %ymm10, %ymm10
+        vpor	%ymm1, %ymm11, %ymm11
+        vpor	%ymm2, %ymm12, %ymm12
+        vpor	%ymm3, %ymm13, %ymm13
+        vpor	%ymm4, %ymm14, %ymm14
+        vpandn	%ymm12, %ymm11, %ymm0
+        vpandn	%ymm13, %ymm12, %ymm1
+        vpandn	%ymm14, %ymm13, %ymm2
+        vpandn	%ymm10, %ymm14, %ymm3
+        vpandn	%ymm11, %ymm10, %ymm4
+        vpxor	%ymm10, %ymm0, %ymm0
+        vpxor	%ymm11, %ymm1, %ymm1
+        vpxor	%ymm12, %ymm2, %ymm2
+        vpxor	%ymm13, %ymm3, %ymm3
+        vpxor	%ymm14, %ymm4, %ymm4
+        vmovdqu	%ymm0, 32(%rax)
+        vmovdqu	%ymm1, 32(%rdi)
+        vmovdqu	%ymm2, -64(%rdi)
+        vmovdqu	%ymm3, 128(%rcx)
+        vmovdqu	%ymm4, 128(%rax)
+        # Round 3
+        # Calc b[0..4]
+        vpxor	%ymm15, %ymm0, %ymm10
+        vpxor	-96(%rdi), %ymm1, %ymm11
+        vpxor	-32(%rdi), %ymm3, %ymm13
+        vpxor	(%rdi), %ymm4, %ymm14
+        vpxor	64(%rdi), %ymm2, %ymm12
+        vpxor	96(%rdi), %ymm13, %ymm13
+        vpxor	128(%rdi), %ymm14, %ymm14
+        vpxor	-96(%rax), %ymm10, %ymm10
+        vpxor	-64(%rax), %ymm12, %ymm12
+        vpxor	-32(%rax), %ymm13, %ymm13
+        vpxor	(%rax), %ymm14, %ymm14
+        vpxor	64(%rax), %ymm11, %ymm11
+        vpxor	96(%rax), %ymm13, %ymm13
+        vpxor	-96(%rcx), %ymm10, %ymm10
+        vpxor	-64(%rcx), %ymm11, %ymm11
+        vpxor	-32(%rcx), %ymm12, %ymm12
+        vpxor	(%rcx), %ymm14, %ymm14
+        vpxor	32(%rcx), %ymm10, %ymm10
+        vpxor	64(%rcx), %ymm11, %ymm11
+        vpxor	96(%rcx), %ymm12, %ymm12
+        # Calc t[0..4]
+        vpsrlq	$63, %ymm11, %ymm0
+        vpsrlq	$63, %ymm12, %ymm1
+        vpsrlq	$63, %ymm13, %ymm2
+        vpsrlq	$63, %ymm14, %ymm3
+        vpsrlq	$63, %ymm10, %ymm4
+        vpaddq	%ymm11, %ymm11, %ymm5
+        vpaddq	%ymm12, %ymm12, %ymm6
+        vpaddq	%ymm13, %ymm13, %ymm7
+        vpaddq	%ymm14, %ymm14, %ymm8
+        vpaddq	%ymm10, %ymm10, %ymm9
+        vpor	%ymm0, %ymm5, %ymm5
+        vpor	%ymm1, %ymm6, %ymm6
+        vpor	%ymm2, %ymm7, %ymm7
+        vpor	%ymm3, %ymm8, %ymm8
+        vpor	%ymm4, %ymm9, %ymm9
+        vpxor	%ymm14, %ymm5, %ymm5
+        vpxor	%ymm10, %ymm6, %ymm6
+        vpxor	%ymm11, %ymm7, %ymm7
+        vpxor	%ymm12, %ymm8, %ymm8
+        vpxor	%ymm13, %ymm9, %ymm9
+        # Row Mix
+        # Row 0
+        vpxor	%ymm15, %ymm5, %ymm10
+        vpxor	64(%rax), %ymm6, %ymm11
+        vpxor	96(%rcx), %ymm7, %ymm12
+        vpxor	96(%rdi), %ymm8, %ymm13
+        vpxor	128(%rax), %ymm9, %ymm14
+        vpsrlq	$20, %ymm11, %ymm0
+        vpsrlq	$21, %ymm12, %ymm1
+        vpsrlq	$43, %ymm13, %ymm2
+        vpsrlq	$50, %ymm14, %ymm3
+        vpsllq	$44, %ymm11, %ymm11
+        vpsllq	$43, %ymm12, %ymm12
+        vpsllq	$21, %ymm13, %ymm13
+        vpsllq	$14, %ymm14, %ymm14
+        vpor	%ymm0, %ymm11, %ymm11
+        vpor	%ymm1, %ymm12, %ymm12
+        vpor	%ymm2, %ymm13, %ymm13
+        vpor	%ymm3, %ymm14, %ymm14
+        vpandn	%ymm12, %ymm11, %ymm15
+        vpandn	%ymm13, %ymm12, %ymm1
+        vpandn	%ymm14, %ymm13, %ymm2
+        vpandn	%ymm10, %ymm14, %ymm3
+        vpandn	%ymm11, %ymm10, %ymm4
+        vpxor	%ymm10, %ymm15, %ymm15
+        vpxor	%ymm11, %ymm1, %ymm1
+        vpxor	%ymm12, %ymm2, %ymm2
+        # XOR in constant
+        vpxor	96(%rdx), %ymm15, %ymm15
+        vpxor	%ymm13, %ymm3, %ymm3
+        vpxor	%ymm14, %ymm4, %ymm4
+        vmovdqu	%ymm1, 64(%rax)
+        vmovdqu	%ymm2, 96(%rcx)
+        vmovdqu	%ymm3, 96(%rdi)
+        vmovdqu	%ymm4, 128(%rax)
+        # Row 1
+        vpxor	-32(%rax), %ymm8, %ymm10
+        vpxor	(%rcx), %ymm9, %ymm11
+        vpxor	-96(%rax), %ymm5, %ymm12
+        vpxor	-64(%rcx), %ymm6, %ymm13
+        vpxor	-64(%rdi), %ymm7, %ymm14
+        vpsrlq	$36, %ymm10, %ymm0
+        vpsrlq	$44, %ymm11, %ymm1
+        vpsrlq	$61, %ymm12, %ymm2
+        vpsrlq	$19, %ymm13, %ymm3
+        vpsrlq	$3, %ymm14, %ymm4
+        vpsllq	$28, %ymm10, %ymm10
+        vpsllq	$20, %ymm11, %ymm11
+        vpsllq	$3, %ymm12, %ymm12
+        vpsllq	$45, %ymm13, %ymm13
+        vpsllq	$61, %ymm14, %ymm14
+        vpor	%ymm0, %ymm10, %ymm10
+        vpor	%ymm1, %ymm11, %ymm11
+        vpor	%ymm2, %ymm12, %ymm12
+        vpor	%ymm3, %ymm13, %ymm13
+        vpor	%ymm4, %ymm14, %ymm14
+        vpandn	%ymm12, %ymm11, %ymm0
+        vpandn	%ymm13, %ymm12, %ymm1
+        vpandn	%ymm14, %ymm13, %ymm2
+        vpandn	%ymm10, %ymm14, %ymm3
+        vpandn	%ymm11, %ymm10, %ymm4
+        vpxor	%ymm10, %ymm0, %ymm0
+        vpxor	%ymm11, %ymm1, %ymm1
+        vpxor	%ymm12, %ymm2, %ymm2
+        vpxor	%ymm13, %ymm3, %ymm3
+        vpxor	%ymm14, %ymm4, %ymm4
+        vmovdqu	%ymm0, -32(%rax)
+        vmovdqu	%ymm1, (%rcx)
+        vmovdqu	%ymm2, -96(%rax)
+        vmovdqu	%ymm3, -64(%rcx)
+        vmovdqu	%ymm4, -64(%rdi)
+        # Row 2
+        vpxor	64(%rcx), %ymm6, %ymm10
+        vpxor	64(%rdi), %ymm7, %ymm11
+        vpxor	96(%rax), %ymm8, %ymm12
+        vpxor	(%rdi), %ymm9, %ymm13
+        vpxor	32(%rax), %ymm5, %ymm14
+        vpsrlq	$63, %ymm10, %ymm0
+        vpsrlq	$58, %ymm11, %ymm1
+        vpsrlq	$39, %ymm12, %ymm2
+        vpsrlq	$56, %ymm13, %ymm3
+        vpsrlq	$46, %ymm14, %ymm4
+        vpaddq	%ymm10, %ymm10, %ymm10
+        vpsllq	$6, %ymm11, %ymm11
+        vpsllq	$25, %ymm12, %ymm12
+        vpsllq	$8, %ymm13, %ymm13
+        vpsllq	$18, %ymm14, %ymm14
+        vpor	%ymm0, %ymm10, %ymm10
+        vpor	%ymm1, %ymm11, %ymm11
+        vpor	%ymm2, %ymm12, %ymm12
+        vpor	%ymm3, %ymm13, %ymm13
+        vpor	%ymm4, %ymm14, %ymm14
+        vpandn	%ymm12, %ymm11, %ymm0
+        vpandn	%ymm13, %ymm12, %ymm1
+        vpandn	%ymm14, %ymm13, %ymm2
+        vpandn	%ymm10, %ymm14, %ymm3
+        vpandn	%ymm11, %ymm10, %ymm4
+        vpxor	%ymm10, %ymm0, %ymm0
+        vpxor	%ymm11, %ymm1, %ymm1
+        vpxor	%ymm12, %ymm2, %ymm2
+        vpxor	%ymm13, %ymm3, %ymm3
+        vpxor	%ymm14, %ymm4, %ymm4
+        vmovdqu	%ymm0, 64(%rcx)
+        vmovdqu	%ymm1, 64(%rdi)
+        vmovdqu	%ymm2, 96(%rax)
+        vmovdqu	%ymm3, (%rdi)
+        vmovdqu	%ymm4, 32(%rax)
+        # Row 3
+        vpxor	128(%rdi), %ymm9, %ymm10
+        vpxor	-96(%rcx), %ymm5, %ymm11
+        vpxor	-96(%rdi), %ymm6, %ymm12
+        vpxor	-64(%rax), %ymm7, %ymm13
+        vpxor	128(%rcx), %ymm8, %ymm14
+        vpsrlq	$37, %ymm10, %ymm0
+        vpsrlq	$28, %ymm11, %ymm1
+        vpsrlq	$54, %ymm12, %ymm2
+        vpsrlq	$49, %ymm13, %ymm3
+        vpsrlq	$8, %ymm14, %ymm4
+        vpsllq	$27, %ymm10, %ymm10
+        vpsllq	$36, %ymm11, %ymm11
+        vpsllq	$10, %ymm12, %ymm12
+        vpsllq	$15, %ymm13, %ymm13
+        vpsllq	$56, %ymm14, %ymm14
+        vpor	%ymm0, %ymm10, %ymm10
+        vpor	%ymm1, %ymm11, %ymm11
+        vpor	%ymm2, %ymm12, %ymm12
+        vpor	%ymm3, %ymm13, %ymm13
+        vpor	%ymm4, %ymm14, %ymm14
+        vpandn	%ymm12, %ymm11, %ymm0
+        vpandn	%ymm13, %ymm12, %ymm1
+        vpandn	%ymm14, %ymm13, %ymm2
+        vpandn	%ymm10, %ymm14, %ymm3
+        vpandn	%ymm11, %ymm10, %ymm4
+        vpxor	%ymm10, %ymm0, %ymm0
+        vpxor	%ymm11, %ymm1, %ymm1
+        vpxor	%ymm12, %ymm2, %ymm2
+        vpxor	%ymm13, %ymm3, %ymm3
+        vpxor	%ymm14, %ymm4, %ymm4
+        vmovdqu	%ymm0, 128(%rdi)
+        vmovdqu	%ymm1, -96(%rcx)
+        vmovdqu	%ymm2, -96(%rdi)
+        vmovdqu	%ymm3, -64(%rax)
+        vmovdqu	%ymm4, 128(%rcx)
+        # Row 4
+        vpxor	-32(%rcx), %ymm7, %ymm10
+        vpxor	-32(%rdi), %ymm8, %ymm11
+        vpxor	(%rax), %ymm9, %ymm12
+        vpxor	32(%rcx), %ymm5, %ymm13
+        vpxor	32(%rdi), %ymm6, %ymm14
+        vpsrlq	$2, %ymm10, %ymm0
+        vpsrlq	$9, %ymm11, %ymm1
+        vpsrlq	$25, %ymm12, %ymm2
+        vpsrlq	$23, %ymm13, %ymm3
+        vpsrlq	$62, %ymm14, %ymm4
+        vpsllq	$62, %ymm10, %ymm10
+        vpsllq	$55, %ymm11, %ymm11
+        vpsllq	$39, %ymm12, %ymm12
+        vpsllq	$41, %ymm13, %ymm13
+        vpsllq	$2, %ymm14, %ymm14
+        vpor	%ymm0, %ymm10, %ymm10
+        vpor	%ymm1, %ymm11, %ymm11
+        vpor	%ymm2, %ymm12, %ymm12
+        vpor	%ymm3, %ymm13, %ymm13
+        vpor	%ymm4, %ymm14, %ymm14
+        vpandn	%ymm12, %ymm11, %ymm0
+        vpandn	%ymm13, %ymm12, %ymm1
+        vpandn	%ymm14, %ymm13, %ymm2
+        vpandn	%ymm10, %ymm14, %ymm3
+        vpandn	%ymm11, %ymm10, %ymm4
+        vpxor	%ymm10, %ymm0, %ymm0
+        vpxor	%ymm11, %ymm1, %ymm1
+        vpxor	%ymm12, %ymm2, %ymm2
+        vpxor	%ymm13, %ymm3, %ymm3
+        vpxor	%ymm14, %ymm4, %ymm4
+        vmovdqu	%ymm0, -32(%rcx)
+        vmovdqu	%ymm1, -32(%rdi)
+        vmovdqu	%ymm2, (%rax)
+        vmovdqu	%ymm3, 32(%rcx)
+        vmovdqu	%ymm4, 32(%rdi)
+        # Round 4
+        # Calc b[0..4]
+        vpxor	%ymm15, %ymm0, %ymm10
+        vpxor	-96(%rdi), %ymm2, %ymm12
+        vpxor	-64(%rdi), %ymm4, %ymm14
+        vpxor	(%rdi), %ymm3, %ymm13
+        vpxor	64(%rdi), %ymm1, %ymm11
+        vpxor	96(%rdi), %ymm13, %ymm13
+        vpxor	128(%rdi), %ymm10, %ymm10
+        vpxor	-96(%rax), %ymm12, %ymm12
+        vpxor	-64(%rax), %ymm13, %ymm13
+        vpxor	-32(%rax), %ymm10, %ymm10
+        vpxor	32(%rax), %ymm14, %ymm14
+        vpxor	64(%rax), %ymm11, %ymm11
+        vpxor	96(%rax), %ymm12, %ymm12
+        vpxor	128(%rax), %ymm14, %ymm14
+        vpxor	-96(%rcx), %ymm11, %ymm11
+        vpxor	-64(%rcx), %ymm13, %ymm13
+        vpxor	(%rcx), %ymm11, %ymm11
+        vpxor	64(%rcx), %ymm10, %ymm10
+        vpxor	96(%rcx), %ymm12, %ymm12
+        vpxor	128(%rcx), %ymm14, %ymm14
+        # Calc t[0..4]
+        vpsrlq	$63, %ymm11, %ymm0
+        vpsrlq	$63, %ymm12, %ymm1
+        vpsrlq	$63, %ymm13, %ymm2
+        vpsrlq	$63, %ymm14, %ymm3
+        vpsrlq	$63, %ymm10, %ymm4
+        vpaddq	%ymm11, %ymm11, %ymm5
+        vpaddq	%ymm12, %ymm12, %ymm6
+        vpaddq	%ymm13, %ymm13, %ymm7
+        vpaddq	%ymm14, %ymm14, %ymm8
+        vpaddq	%ymm10, %ymm10, %ymm9
+        vpor	%ymm0, %ymm5, %ymm5
+        vpor	%ymm1, %ymm6, %ymm6
+        vpor	%ymm2, %ymm7, %ymm7
+        vpor	%ymm3, %ymm8, %ymm8
+        vpor	%ymm4, %ymm9, %ymm9
+        vpxor	%ymm14, %ymm5, %ymm5
+        vpxor	%ymm10, %ymm6, %ymm6
+        vpxor	%ymm11, %ymm7, %ymm7
+        vpxor	%ymm12, %ymm8, %ymm8
+        vpxor	%ymm13, %ymm9, %ymm9
+        # Row Mix
+        # Row 0
+        vpxor	%ymm15, %ymm5, %ymm10
+        vpxor	(%rcx), %ymm6, %ymm11
+        vpxor	96(%rax), %ymm7, %ymm12
+        vpxor	-64(%rax), %ymm8, %ymm13
+        vpxor	32(%rdi), %ymm9, %ymm14
+        vpsrlq	$20, %ymm11, %ymm0
+        vpsrlq	$21, %ymm12, %ymm1
+        vpsrlq	$43, %ymm13, %ymm2
+        vpsrlq	$50, %ymm14, %ymm3
+        vpsllq	$44, %ymm11, %ymm11
+        vpsllq	$43, %ymm12, %ymm12
+        vpsllq	$21, %ymm13, %ymm13
+        vpsllq	$14, %ymm14, %ymm14
+        vpor	%ymm0, %ymm11, %ymm11
+        vpor	%ymm1, %ymm12, %ymm12
+        vpor	%ymm2, %ymm13, %ymm13
+        vpor	%ymm3, %ymm14, %ymm14
+        vpandn	%ymm12, %ymm11, %ymm15
+        vpandn	%ymm13, %ymm12, %ymm1
+        vpandn	%ymm14, %ymm13, %ymm2
+        vpandn	%ymm10, %ymm14, %ymm3
+        vpandn	%ymm11, %ymm10, %ymm4
+        vpxor	%ymm10, %ymm15, %ymm15
+        vpxor	%ymm11, %ymm1, %ymm1
+        vpxor	%ymm12, %ymm2, %ymm2
+        # XOR in constant
+        vpxor	128(%rdx), %ymm15, %ymm15
+        vpxor	%ymm13, %ymm3, %ymm3
+        vpxor	%ymm14, %ymm4, %ymm4
+        vmovdqu	%ymm1, (%rcx)
+        vmovdqu	%ymm2, 96(%rax)
+        vmovdqu	%ymm3, -64(%rax)
+        vmovdqu	%ymm4, 32(%rdi)
+        # Row 1
+        vpxor	96(%rdi), %ymm8, %ymm10
+        vpxor	-64(%rdi), %ymm9, %ymm11
+        vpxor	64(%rcx), %ymm5, %ymm12
+        vpxor	-96(%rcx), %ymm6, %ymm13
+        vpxor	(%rax), %ymm7, %ymm14
+        vpsrlq	$36, %ymm10, %ymm0
+        vpsrlq	$44, %ymm11, %ymm1
+        vpsrlq	$61, %ymm12, %ymm2
+        vpsrlq	$19, %ymm13, %ymm3
+        vpsrlq	$3, %ymm14, %ymm4
+        vpsllq	$28, %ymm10, %ymm10
+        vpsllq	$20, %ymm11, %ymm11
+        vpsllq	$3, %ymm12, %ymm12
+        vpsllq	$45, %ymm13, %ymm13
+        vpsllq	$61, %ymm14, %ymm14
+        vpor	%ymm0, %ymm10, %ymm10
+        vpor	%ymm1, %ymm11, %ymm11
+        vpor	%ymm2, %ymm12, %ymm12
+        vpor	%ymm3, %ymm13, %ymm13
+        vpor	%ymm4, %ymm14, %ymm14
+        vpandn	%ymm12, %ymm11, %ymm0
+        vpandn	%ymm13, %ymm12, %ymm1
+        vpandn	%ymm14, %ymm13, %ymm2
+        vpandn	%ymm10, %ymm14, %ymm3
+        vpandn	%ymm11, %ymm10, %ymm4
+        vpxor	%ymm10, %ymm0, %ymm0
+        vpxor	%ymm11, %ymm1, %ymm1
+        vpxor	%ymm12, %ymm2, %ymm2
+        vpxor	%ymm13, %ymm3, %ymm3
+        vpxor	%ymm14, %ymm4, %ymm4
+        vmovdqu	%ymm0, 96(%rdi)
+        vmovdqu	%ymm1, -64(%rdi)
+        vmovdqu	%ymm2, 64(%rcx)
+        vmovdqu	%ymm3, -96(%rcx)
+        vmovdqu	%ymm4, (%rax)
+        # Row 2
+        vpxor	64(%rax), %ymm6, %ymm10
+        vpxor	-96(%rax), %ymm7, %ymm11
+        vpxor	(%rdi), %ymm8, %ymm12
+        vpxor	128(%rcx), %ymm9, %ymm13
+        vpxor	-32(%rcx), %ymm5, %ymm14
+        vpsrlq	$63, %ymm10, %ymm0
+        vpsrlq	$58, %ymm11, %ymm1
+        vpsrlq	$39, %ymm12, %ymm2
+        vpsrlq	$56, %ymm13, %ymm3
+        vpsrlq	$46, %ymm14, %ymm4
+        vpaddq	%ymm10, %ymm10, %ymm10
+        vpsllq	$6, %ymm11, %ymm11
+        vpsllq	$25, %ymm12, %ymm12
+        vpsllq	$8, %ymm13, %ymm13
+        vpsllq	$18, %ymm14, %ymm14
+        vpor	%ymm0, %ymm10, %ymm10
+        vpor	%ymm1, %ymm11, %ymm11
+        vpor	%ymm2, %ymm12, %ymm12
+        vpor	%ymm3, %ymm13, %ymm13
+        vpor	%ymm4, %ymm14, %ymm14
+        vpandn	%ymm12, %ymm11, %ymm0
+        vpandn	%ymm13, %ymm12, %ymm1
+        vpandn	%ymm14, %ymm13, %ymm2
+        vpandn	%ymm10, %ymm14, %ymm3
+        vpandn	%ymm11, %ymm10, %ymm4
+        vpxor	%ymm10, %ymm0, %ymm0
+        vpxor	%ymm11, %ymm1, %ymm1
+        vpxor	%ymm12, %ymm2, %ymm2
+        vpxor	%ymm13, %ymm3, %ymm3
+        vpxor	%ymm14, %ymm4, %ymm4
+        vmovdqu	%ymm0, 64(%rax)
+        vmovdqu	%ymm1, -96(%rax)
+        vmovdqu	%ymm2, (%rdi)
+        vmovdqu	%ymm3, 128(%rcx)
+        vmovdqu	%ymm4, -32(%rcx)
+        # Row 3
+        vpxor	128(%rax), %ymm9, %ymm10
+        vpxor	-32(%rax), %ymm5, %ymm11
+        vpxor	64(%rdi), %ymm6, %ymm12
+        vpxor	-96(%rdi), %ymm7, %ymm13
+        vpxor	32(%rcx), %ymm8, %ymm14
+        vpsrlq	$37, %ymm10, %ymm0
+        vpsrlq	$28, %ymm11, %ymm1
+        vpsrlq	$54, %ymm12, %ymm2
+        vpsrlq	$49, %ymm13, %ymm3
+        vpsrlq	$8, %ymm14, %ymm4
+        vpsllq	$27, %ymm10, %ymm10
+        vpsllq	$36, %ymm11, %ymm11
+        vpsllq	$10, %ymm12, %ymm12
+        vpsllq	$15, %ymm13, %ymm13
+        vpsllq	$56, %ymm14, %ymm14
+        vpor	%ymm0, %ymm10, %ymm10
+        vpor	%ymm1, %ymm11, %ymm11
+        vpor	%ymm2, %ymm12, %ymm12
+        vpor	%ymm3, %ymm13, %ymm13
+        vpor	%ymm4, %ymm14, %ymm14
+        vpandn	%ymm12, %ymm11, %ymm0
+        vpandn	%ymm13, %ymm12, %ymm1
+        vpandn	%ymm14, %ymm13, %ymm2
+        vpandn	%ymm10, %ymm14, %ymm3
+        vpandn	%ymm11, %ymm10, %ymm4
+        vpxor	%ymm10, %ymm0, %ymm0
+        vpxor	%ymm11, %ymm1, %ymm1
+        vpxor	%ymm12, %ymm2, %ymm2
+        vpxor	%ymm13, %ymm3, %ymm3
+        vpxor	%ymm14, %ymm4, %ymm4
+        vmovdqu	%ymm0, 128(%rax)
+        vmovdqu	%ymm1, -32(%rax)
+        vmovdqu	%ymm2, 64(%rdi)
+        vmovdqu	%ymm3, -96(%rdi)
+        vmovdqu	%ymm4, 32(%rcx)
+        # Row 4
+        vpxor	96(%rcx), %ymm7, %ymm10
+        vpxor	-64(%rcx), %ymm8, %ymm11
+        vpxor	32(%rax), %ymm9, %ymm12
+        vpxor	128(%rdi), %ymm5, %ymm13
+        vpxor	-32(%rdi), %ymm6, %ymm14
+        vpsrlq	$2, %ymm10, %ymm0
+        vpsrlq	$9, %ymm11, %ymm1
+        vpsrlq	$25, %ymm12, %ymm2
+        vpsrlq	$23, %ymm13, %ymm3
+        vpsrlq	$62, %ymm14, %ymm4
+        vpsllq	$62, %ymm10, %ymm10
+        vpsllq	$55, %ymm11, %ymm11
+        vpsllq	$39, %ymm12, %ymm12
+        vpsllq	$41, %ymm13, %ymm13
+        vpsllq	$2, %ymm14, %ymm14
+        vpor	%ymm0, %ymm10, %ymm10
+        vpor	%ymm1, %ymm11, %ymm11
+        vpor	%ymm2, %ymm12, %ymm12
+        vpor	%ymm3, %ymm13, %ymm13
+        vpor	%ymm4, %ymm14, %ymm14
+        vpandn	%ymm12, %ymm11, %ymm0
+        vpandn	%ymm13, %ymm12, %ymm1
+        vpandn	%ymm14, %ymm13, %ymm2
+        vpandn	%ymm10, %ymm14, %ymm3
+        vpandn	%ymm11, %ymm10, %ymm4
+        vpxor	%ymm10, %ymm0, %ymm0
+        vpxor	%ymm11, %ymm1, %ymm1
+        vpxor	%ymm12, %ymm2, %ymm2
+        vpxor	%ymm13, %ymm3, %ymm3
+        vpxor	%ymm14, %ymm4, %ymm4
+        vmovdqu	%ymm0, 96(%rcx)
+        vmovdqu	%ymm1, -64(%rcx)
+        vmovdqu	%ymm2, 32(%rax)
+        vmovdqu	%ymm3, 128(%rdi)
+        vmovdqu	%ymm4, -32(%rdi)
+        # Round 5
+        # Calc b[0..4]
+        vpxor	%ymm15, %ymm0, %ymm10
+        vpxor	-96(%rdi), %ymm3, %ymm13
+        vpxor	-64(%rdi), %ymm1, %ymm11
+        vpxor	(%rdi), %ymm2, %ymm12
+        vpxor	32(%rdi), %ymm4, %ymm14
+        vpxor	64(%rdi), %ymm12, %ymm12
+        vpxor	96(%rdi), %ymm10, %ymm10
+        vpxor	-96(%rax), %ymm11, %ymm11
+        vpxor	-64(%rax), %ymm13, %ymm13
+        vpxor	-32(%rax), %ymm11, %ymm11
+        vpxor	(%rax), %ymm14, %ymm14
+        vpxor	64(%rax), %ymm10, %ymm10
+        vpxor	96(%rax), %ymm12, %ymm12
+        vpxor	128(%rax), %ymm10, %ymm10
+        vpxor	-96(%rcx), %ymm13, %ymm13
+        vpxor	-32(%rcx), %ymm14, %ymm14
+        vpxor	(%rcx), %ymm11, %ymm11
+        vpxor	32(%rcx), %ymm14, %ymm14
+        vpxor	64(%rcx), %ymm12, %ymm12
+        vpxor	128(%rcx), %ymm13, %ymm13
+        # Calc t[0..4]
+        vpsrlq	$63, %ymm11, %ymm0
+        vpsrlq	$63, %ymm12, %ymm1
+        vpsrlq	$63, %ymm13, %ymm2
+        vpsrlq	$63, %ymm14, %ymm3
+        vpsrlq	$63, %ymm10, %ymm4
+        vpaddq	%ymm11, %ymm11, %ymm5
+        vpaddq	%ymm12, %ymm12, %ymm6
+        vpaddq	%ymm13, %ymm13, %ymm7
+        vpaddq	%ymm14, %ymm14, %ymm8
+        vpaddq	%ymm10, %ymm10, %ymm9
+        vpor	%ymm0, %ymm5, %ymm5
+        vpor	%ymm1, %ymm6, %ymm6
+        vpor	%ymm2, %ymm7, %ymm7
+        vpor	%ymm3, %ymm8, %ymm8
+        vpor	%ymm4, %ymm9, %ymm9
+        vpxor	%ymm14, %ymm5, %ymm5
+        vpxor	%ymm10, %ymm6, %ymm6
+        vpxor	%ymm11, %ymm7, %ymm7
+        vpxor	%ymm12, %ymm8, %ymm8
+        vpxor	%ymm13, %ymm9, %ymm9
+        # Row Mix
+        # Row 0
+        vpxor	%ymm15, %ymm5, %ymm10
+        vpxor	-64(%rdi), %ymm6, %ymm11
+        vpxor	(%rdi), %ymm7, %ymm12
+        vpxor	-96(%rdi), %ymm8, %ymm13
+        vpxor	-32(%rdi), %ymm9, %ymm14
+        vpsrlq	$20, %ymm11, %ymm0
+        vpsrlq	$21, %ymm12, %ymm1
+        vpsrlq	$43, %ymm13, %ymm2
+        vpsrlq	$50, %ymm14, %ymm3
+        vpsllq	$44, %ymm11, %ymm11
+        vpsllq	$43, %ymm12, %ymm12
+        vpsllq	$21, %ymm13, %ymm13
+        vpsllq	$14, %ymm14, %ymm14
+        vpor	%ymm0, %ymm11, %ymm11
+        vpor	%ymm1, %ymm12, %ymm12
+        vpor	%ymm2, %ymm13, %ymm13
+        vpor	%ymm3, %ymm14, %ymm14
+        vpandn	%ymm12, %ymm11, %ymm15
+        vpandn	%ymm13, %ymm12, %ymm1
+        vpandn	%ymm14, %ymm13, %ymm2
+        vpandn	%ymm10, %ymm14, %ymm3
+        vpandn	%ymm11, %ymm10, %ymm4
+        vpxor	%ymm10, %ymm15, %ymm15
+        vpxor	%ymm11, %ymm1, %ymm1
+        vpxor	%ymm12, %ymm2, %ymm2
+        # XOR in constant
+        vpxor	160(%rdx), %ymm15, %ymm15
+        vpxor	%ymm13, %ymm3, %ymm3
+        vpxor	%ymm14, %ymm4, %ymm4
+        vmovdqu	%ymm1, -64(%rdi)
+        vmovdqu	%ymm2, (%rdi)
+        vmovdqu	%ymm3, -96(%rdi)
+        vmovdqu	%ymm4, -32(%rdi)
+        # Row 1
+        vpxor	-64(%rax), %ymm8, %ymm10
+        vpxor	(%rax), %ymm9, %ymm11
+        vpxor	64(%rax), %ymm5, %ymm12
+        vpxor	-32(%rax), %ymm6, %ymm13
+        vpxor	32(%rax), %ymm7, %ymm14
+        vpsrlq	$36, %ymm10, %ymm0
+        vpsrlq	$44, %ymm11, %ymm1
+        vpsrlq	$61, %ymm12, %ymm2
+        vpsrlq	$19, %ymm13, %ymm3
+        vpsrlq	$3, %ymm14, %ymm4
+        vpsllq	$28, %ymm10, %ymm10
+        vpsllq	$20, %ymm11, %ymm11
+        vpsllq	$3, %ymm12, %ymm12
+        vpsllq	$45, %ymm13, %ymm13
+        vpsllq	$61, %ymm14, %ymm14
+        vpor	%ymm0, %ymm10, %ymm10
+        vpor	%ymm1, %ymm11, %ymm11
+        vpor	%ymm2, %ymm12, %ymm12
+        vpor	%ymm3, %ymm13, %ymm13
+        vpor	%ymm4, %ymm14, %ymm14
+        vpandn	%ymm12, %ymm11, %ymm0
+        vpandn	%ymm13, %ymm12, %ymm1
+        vpandn	%ymm14, %ymm13, %ymm2
+        vpandn	%ymm10, %ymm14, %ymm3
+        vpandn	%ymm11, %ymm10, %ymm4
+        vpxor	%ymm10, %ymm0, %ymm0
+        vpxor	%ymm11, %ymm1, %ymm1
+        vpxor	%ymm12, %ymm2, %ymm2
+        vpxor	%ymm13, %ymm3, %ymm3
+        vpxor	%ymm14, %ymm4, %ymm4
+        vmovdqu	%ymm0, -64(%rax)
+        vmovdqu	%ymm1, (%rax)
+        vmovdqu	%ymm2, 64(%rax)
+        vmovdqu	%ymm3, -32(%rax)
+        vmovdqu	%ymm4, 32(%rax)
+        # Row 2
+        vpxor	(%rcx), %ymm6, %ymm10
+        vpxor	64(%rcx), %ymm7, %ymm11
+        vpxor	128(%rcx), %ymm8, %ymm12
+        vpxor	32(%rcx), %ymm9, %ymm13
+        vpxor	96(%rcx), %ymm5, %ymm14
+        vpsrlq	$63, %ymm10, %ymm0
+        vpsrlq	$58, %ymm11, %ymm1
+        vpsrlq	$39, %ymm12, %ymm2
+        vpsrlq	$56, %ymm13, %ymm3
+        vpsrlq	$46, %ymm14, %ymm4
+        vpaddq	%ymm10, %ymm10, %ymm10
+        vpsllq	$6, %ymm11, %ymm11
+        vpsllq	$25, %ymm12, %ymm12
+        vpsllq	$8, %ymm13, %ymm13
+        vpsllq	$18, %ymm14, %ymm14
+        vpor	%ymm0, %ymm10, %ymm10
+        vpor	%ymm1, %ymm11, %ymm11
+        vpor	%ymm2, %ymm12, %ymm12
+        vpor	%ymm3, %ymm13, %ymm13
+        vpor	%ymm4, %ymm14, %ymm14
+        vpandn	%ymm12, %ymm11, %ymm0
+        vpandn	%ymm13, %ymm12, %ymm1
+        vpandn	%ymm14, %ymm13, %ymm2
+        vpandn	%ymm10, %ymm14, %ymm3
+        vpandn	%ymm11, %ymm10, %ymm4
+        vpxor	%ymm10, %ymm0, %ymm0
+        vpxor	%ymm11, %ymm1, %ymm1
+        vpxor	%ymm12, %ymm2, %ymm2
+        vpxor	%ymm13, %ymm3, %ymm3
+        vpxor	%ymm14, %ymm4, %ymm4
+        vmovdqu	%ymm0, (%rcx)
+        vmovdqu	%ymm1, 64(%rcx)
+        vmovdqu	%ymm2, 128(%rcx)
+        vmovdqu	%ymm3, 32(%rcx)
+        vmovdqu	%ymm4, 96(%rcx)
+        # Row 3
+        vpxor	32(%rdi), %ymm9, %ymm10
+        vpxor	96(%rdi), %ymm5, %ymm11
+        vpxor	-96(%rax), %ymm6, %ymm12
+        vpxor	64(%rdi), %ymm7, %ymm13
+        vpxor	128(%rdi), %ymm8, %ymm14
+        vpsrlq	$37, %ymm10, %ymm0
+        vpsrlq	$28, %ymm11, %ymm1
+        vpsrlq	$54, %ymm12, %ymm2
+        vpsrlq	$49, %ymm13, %ymm3
+        vpsrlq	$8, %ymm14, %ymm4
+        vpsllq	$27, %ymm10, %ymm10
+        vpsllq	$36, %ymm11, %ymm11
+        vpsllq	$10, %ymm12, %ymm12
+        vpsllq	$15, %ymm13, %ymm13
+        vpsllq	$56, %ymm14, %ymm14
+        vpor	%ymm0, %ymm10, %ymm10
+        vpor	%ymm1, %ymm11, %ymm11
+        vpor	%ymm2, %ymm12, %ymm12
+        vpor	%ymm3, %ymm13, %ymm13
+        vpor	%ymm4, %ymm14, %ymm14
+        vpandn	%ymm12, %ymm11, %ymm0
+        vpandn	%ymm13, %ymm12, %ymm1
+        vpandn	%ymm14, %ymm13, %ymm2
+        vpandn	%ymm10, %ymm14, %ymm3
+        vpandn	%ymm11, %ymm10, %ymm4
+        vpxor	%ymm10, %ymm0, %ymm0
+        vpxor	%ymm11, %ymm1, %ymm1
+        vpxor	%ymm12, %ymm2, %ymm2
+        vpxor	%ymm13, %ymm3, %ymm3
+        vpxor	%ymm14, %ymm4, %ymm4
+        vmovdqu	%ymm0, 32(%rdi)
+        vmovdqu	%ymm1, 96(%rdi)
+        vmovdqu	%ymm2, -96(%rax)
+        vmovdqu	%ymm3, 64(%rdi)
+        vmovdqu	%ymm4, 128(%rdi)
+        # Row 4
+        vpxor	96(%rax), %ymm7, %ymm10
+        vpxor	-96(%rcx), %ymm8, %ymm11
+        vpxor	-32(%rcx), %ymm9, %ymm12
+        vpxor	128(%rax), %ymm5, %ymm13
+        vpxor	-64(%rcx), %ymm6, %ymm14
+        vpsrlq	$2, %ymm10, %ymm0
+        vpsrlq	$9, %ymm11, %ymm1
+        vpsrlq	$25, %ymm12, %ymm2
+        vpsrlq	$23, %ymm13, %ymm3
+        vpsrlq	$62, %ymm14, %ymm4
+        vpsllq	$62, %ymm10, %ymm10
+        vpsllq	$55, %ymm11, %ymm11
+        vpsllq	$39, %ymm12, %ymm12
+        vpsllq	$41, %ymm13, %ymm13
+        vpsllq	$2, %ymm14, %ymm14
+        vpor	%ymm0, %ymm10, %ymm10
+        vpor	%ymm1, %ymm11, %ymm11
+        vpor	%ymm2, %ymm12, %ymm12
+        vpor	%ymm3, %ymm13, %ymm13
+        vpor	%ymm4, %ymm14, %ymm14
+        vpandn	%ymm12, %ymm11, %ymm0
+        vpandn	%ymm13, %ymm12, %ymm1
+        vpandn	%ymm14, %ymm13, %ymm2
+        vpandn	%ymm10, %ymm14, %ymm3
+        vpandn	%ymm11, %ymm10, %ymm4
+        vpxor	%ymm10, %ymm0, %ymm0
+        vpxor	%ymm11, %ymm1, %ymm1
+        vpxor	%ymm12, %ymm2, %ymm2
+        vpxor	%ymm13, %ymm3, %ymm3
+        vpxor	%ymm14, %ymm4, %ymm4
+        vmovdqu	%ymm0, 96(%rax)
+        vmovdqu	%ymm1, -96(%rcx)
+        vmovdqu	%ymm2, -32(%rcx)
+        vmovdqu	%ymm3, 128(%rax)
+        vmovdqu	%ymm4, -64(%rcx)
+        # Round 6
+        # Calc b[0..4]
+        vpxor	%ymm15, %ymm0, %ymm10
+        vpxor	-96(%rdi), %ymm3, %ymm13
+        vpxor	-64(%rdi), %ymm1, %ymm11
+        vpxor	-32(%rdi), %ymm4, %ymm14
+        vpxor	(%rdi), %ymm2, %ymm12
+        vpxor	32(%rdi), %ymm10, %ymm10
+        vpxor	64(%rdi), %ymm13, %ymm13
+        vpxor	96(%rdi), %ymm11, %ymm11
+        vpxor	128(%rdi), %ymm14, %ymm14
+        vpxor	-96(%rax), %ymm12, %ymm12
+        vpxor	-64(%rax), %ymm10, %ymm10
+        vpxor	-32(%rax), %ymm13, %ymm13
+        vpxor	(%rax), %ymm11, %ymm11
+        vpxor	32(%rax), %ymm14, %ymm14
+        vpxor	64(%rax), %ymm12, %ymm12
+        vpxor	(%rcx), %ymm10, %ymm10
+        vpxor	32(%rcx), %ymm13, %ymm13
+        vpxor	64(%rcx), %ymm11, %ymm11
+        vpxor	96(%rcx), %ymm14, %ymm14
+        vpxor	128(%rcx), %ymm12, %ymm12
+        # Calc t[0..4]
+        vpsrlq	$63, %ymm11, %ymm0
+        vpsrlq	$63, %ymm12, %ymm1
+        vpsrlq	$63, %ymm13, %ymm2
+        vpsrlq	$63, %ymm14, %ymm3
+        vpsrlq	$63, %ymm10, %ymm4
+        vpaddq	%ymm11, %ymm11, %ymm5
+        vpaddq	%ymm12, %ymm12, %ymm6
+        vpaddq	%ymm13, %ymm13, %ymm7
+        vpaddq	%ymm14, %ymm14, %ymm8
+        vpaddq	%ymm10, %ymm10, %ymm9
+        vpor	%ymm0, %ymm5, %ymm5
+        vpor	%ymm1, %ymm6, %ymm6
+        vpor	%ymm2, %ymm7, %ymm7
+        vpor	%ymm3, %ymm8, %ymm8
+        vpor	%ymm4, %ymm9, %ymm9
+        vpxor	%ymm14, %ymm5, %ymm5
+        vpxor	%ymm10, %ymm6, %ymm6
+        vpxor	%ymm11, %ymm7, %ymm7
+        vpxor	%ymm12, %ymm8, %ymm8
+        vpxor	%ymm13, %ymm9, %ymm9
+        # Row Mix
+        # Row 0
+        vpxor	%ymm15, %ymm5, %ymm10
+        vpxor	(%rax), %ymm6, %ymm11
+        vpxor	128(%rcx), %ymm7, %ymm12
+        vpxor	64(%rdi), %ymm8, %ymm13
+        vpxor	-64(%rcx), %ymm9, %ymm14
+        vpsrlq	$20, %ymm11, %ymm0
+        vpsrlq	$21, %ymm12, %ymm1
+        vpsrlq	$43, %ymm13, %ymm2
+        vpsrlq	$50, %ymm14, %ymm3
+        vpsllq	$44, %ymm11, %ymm11
+        vpsllq	$43, %ymm12, %ymm12
+        vpsllq	$21, %ymm13, %ymm13
+        vpsllq	$14, %ymm14, %ymm14
+        vpor	%ymm0, %ymm11, %ymm11
+        vpor	%ymm1, %ymm12, %ymm12
+        vpor	%ymm2, %ymm13, %ymm13
+        vpor	%ymm3, %ymm14, %ymm14
+        vpandn	%ymm12, %ymm11, %ymm15
+        vpandn	%ymm13, %ymm12, %ymm1
+        vpandn	%ymm14, %ymm13, %ymm2
+        vpandn	%ymm10, %ymm14, %ymm3
+        vpandn	%ymm11, %ymm10, %ymm4
+        vpxor	%ymm10, %ymm15, %ymm15
+        vpxor	%ymm11, %ymm1, %ymm1
+        vpxor	%ymm12, %ymm2, %ymm2
+        # XOR in constant
+        vpxor	192(%rdx), %ymm15, %ymm15
+        vpxor	%ymm13, %ymm3, %ymm3
+        vpxor	%ymm14, %ymm4, %ymm4
+        vmovdqu	%ymm1, (%rax)
+        vmovdqu	%ymm2, 128(%rcx)
+        vmovdqu	%ymm3, 64(%rdi)
+        vmovdqu	%ymm4, -64(%rcx)
+        # Row 1
+        vpxor	-96(%rdi), %ymm8, %ymm10
+        vpxor	32(%rax), %ymm9, %ymm11
+        vpxor	(%rcx), %ymm5, %ymm12
+        vpxor	96(%rdi), %ymm6, %ymm13
+        vpxor	-32(%rcx), %ymm7, %ymm14
+        vpsrlq	$36, %ymm10, %ymm0
+        vpsrlq	$44, %ymm11, %ymm1
+        vpsrlq	$61, %ymm12, %ymm2
+        vpsrlq	$19, %ymm13, %ymm3
+        vpsrlq	$3, %ymm14, %ymm4
+        vpsllq	$28, %ymm10, %ymm10
+        vpsllq	$20, %ymm11, %ymm11
+        vpsllq	$3, %ymm12, %ymm12
+        vpsllq	$45, %ymm13, %ymm13
+        vpsllq	$61, %ymm14, %ymm14
+        vpor	%ymm0, %ymm10, %ymm10
+        vpor	%ymm1, %ymm11, %ymm11
+        vpor	%ymm2, %ymm12, %ymm12
+        vpor	%ymm3, %ymm13, %ymm13
+        vpor	%ymm4, %ymm14, %ymm14
+        vpandn	%ymm12, %ymm11, %ymm0
+        vpandn	%ymm13, %ymm12, %ymm1
+        vpandn	%ymm14, %ymm13, %ymm2
+        vpandn	%ymm10, %ymm14, %ymm3
+        vpandn	%ymm11, %ymm10, %ymm4
+        vpxor	%ymm10, %ymm0, %ymm0
+        vpxor	%ymm11, %ymm1, %ymm1
+        vpxor	%ymm12, %ymm2, %ymm2
+        vpxor	%ymm13, %ymm3, %ymm3
+        vpxor	%ymm14, %ymm4, %ymm4
+        vmovdqu	%ymm0, -96(%rdi)
+        vmovdqu	%ymm1, 32(%rax)
+        vmovdqu	%ymm2, (%rcx)
+        vmovdqu	%ymm3, 96(%rdi)
+        vmovdqu	%ymm4, -32(%rcx)
+        # Row 2
+        vpxor	-64(%rdi), %ymm6, %ymm10
+        vpxor	64(%rax), %ymm7, %ymm11
+        vpxor	32(%rcx), %ymm8, %ymm12
+        vpxor	128(%rdi), %ymm9, %ymm13
+        vpxor	96(%rax), %ymm5, %ymm14
+        vpsrlq	$63, %ymm10, %ymm0
+        vpsrlq	$58, %ymm11, %ymm1
+        vpsrlq	$39, %ymm12, %ymm2
+        vpsrlq	$56, %ymm13, %ymm3
+        vpsrlq	$46, %ymm14, %ymm4
+        vpaddq	%ymm10, %ymm10, %ymm10
+        vpsllq	$6, %ymm11, %ymm11
+        vpsllq	$25, %ymm12, %ymm12
+        vpsllq	$8, %ymm13, %ymm13
+        vpsllq	$18, %ymm14, %ymm14
+        vpor	%ymm0, %ymm10, %ymm10
+        vpor	%ymm1, %ymm11, %ymm11
+        vpor	%ymm2, %ymm12, %ymm12
+        vpor	%ymm3, %ymm13, %ymm13
+        vpor	%ymm4, %ymm14, %ymm14
+        vpandn	%ymm12, %ymm11, %ymm0
+        vpandn	%ymm13, %ymm12, %ymm1
+        vpandn	%ymm14, %ymm13, %ymm2
+        vpandn	%ymm10, %ymm14, %ymm3
+        vpandn	%ymm11, %ymm10, %ymm4
+        vpxor	%ymm10, %ymm0, %ymm0
+        vpxor	%ymm11, %ymm1, %ymm1
+        vpxor	%ymm12, %ymm2, %ymm2
+        vpxor	%ymm13, %ymm3, %ymm3
+        vpxor	%ymm14, %ymm4, %ymm4
+        vmovdqu	%ymm0, -64(%rdi)
+        vmovdqu	%ymm1, 64(%rax)
+        vmovdqu	%ymm2, 32(%rcx)
+        vmovdqu	%ymm3, 128(%rdi)
+        vmovdqu	%ymm4, 96(%rax)
+        # Row 3
+        vpxor	-32(%rdi), %ymm9, %ymm10
+        vpxor	-64(%rax), %ymm5, %ymm11
+        vpxor	64(%rcx), %ymm6, %ymm12
+        vpxor	-96(%rax), %ymm7, %ymm13
+        vpxor	128(%rax), %ymm8, %ymm14
+        vpsrlq	$37, %ymm10, %ymm0
+        vpsrlq	$28, %ymm11, %ymm1
+        vpsrlq	$54, %ymm12, %ymm2
+        vpsrlq	$49, %ymm13, %ymm3
+        vpsrlq	$8, %ymm14, %ymm4
+        vpsllq	$27, %ymm10, %ymm10
+        vpsllq	$36, %ymm11, %ymm11
+        vpsllq	$10, %ymm12, %ymm12
+        vpsllq	$15, %ymm13, %ymm13
+        vpsllq	$56, %ymm14, %ymm14
+        vpor	%ymm0, %ymm10, %ymm10
+        vpor	%ymm1, %ymm11, %ymm11
+        vpor	%ymm2, %ymm12, %ymm12
+        vpor	%ymm3, %ymm13, %ymm13
+        vpor	%ymm4, %ymm14, %ymm14
+        vpandn	%ymm12, %ymm11, %ymm0
+        vpandn	%ymm13, %ymm12, %ymm1
+        vpandn	%ymm14, %ymm13, %ymm2
+        vpandn	%ymm10, %ymm14, %ymm3
+        vpandn	%ymm11, %ymm10, %ymm4
+        vpxor	%ymm10, %ymm0, %ymm0
+        vpxor	%ymm11, %ymm1, %ymm1
+        vpxor	%ymm12, %ymm2, %ymm2
+        vpxor	%ymm13, %ymm3, %ymm3
+        vpxor	%ymm14, %ymm4, %ymm4
+        vmovdqu	%ymm0, -32(%rdi)
+        vmovdqu	%ymm1, -64(%rax)
+        vmovdqu	%ymm2, 64(%rcx)
+        vmovdqu	%ymm3, -96(%rax)
+        vmovdqu	%ymm4, 128(%rax)
+        # Row 4
+        vpxor	(%rdi), %ymm7, %ymm10
+        vpxor	-32(%rax), %ymm8, %ymm11
+        vpxor	96(%rcx), %ymm9, %ymm12
+        vpxor	32(%rdi), %ymm5, %ymm13
+        vpxor	-96(%rcx), %ymm6, %ymm14
+        vpsrlq	$2, %ymm10, %ymm0
+        vpsrlq	$9, %ymm11, %ymm1
+        vpsrlq	$25, %ymm12, %ymm2
+        vpsrlq	$23, %ymm13, %ymm3
+        vpsrlq	$62, %ymm14, %ymm4
+        vpsllq	$62, %ymm10, %ymm10
+        vpsllq	$55, %ymm11, %ymm11
+        vpsllq	$39, %ymm12, %ymm12
+        vpsllq	$41, %ymm13, %ymm13
+        vpsllq	$2, %ymm14, %ymm14
+        vpor	%ymm0, %ymm10, %ymm10
+        vpor	%ymm1, %ymm11, %ymm11
+        vpor	%ymm2, %ymm12, %ymm12
+        vpor	%ymm3, %ymm13, %ymm13
+        vpor	%ymm4, %ymm14, %ymm14
+        vpandn	%ymm12, %ymm11, %ymm0
+        vpandn	%ymm13, %ymm12, %ymm1
+        vpandn	%ymm14, %ymm13, %ymm2
+        vpandn	%ymm10, %ymm14, %ymm3
+        vpandn	%ymm11, %ymm10, %ymm4
+        vpxor	%ymm10, %ymm0, %ymm0
+        vpxor	%ymm11, %ymm1, %ymm1
+        vpxor	%ymm12, %ymm2, %ymm2
+        vpxor	%ymm13, %ymm3, %ymm3
+        vpxor	%ymm14, %ymm4, %ymm4
+        vmovdqu	%ymm0, (%rdi)
+        vmovdqu	%ymm1, -32(%rax)
+        vmovdqu	%ymm2, 96(%rcx)
+        vmovdqu	%ymm3, 32(%rdi)
+        vmovdqu	%ymm4, -96(%rcx)
+        # Round 7
+        # Calc b[0..4]
+        vpxor	%ymm15, %ymm0, %ymm10
+        vpxor	-96(%rdi), %ymm10, %ymm10
+        vpxor	-64(%rdi), %ymm10, %ymm10
+        vpxor	-32(%rdi), %ymm10, %ymm10
+        vpxor	64(%rdi), %ymm3, %ymm13
+        vpxor	96(%rdi), %ymm13, %ymm13
+        vpxor	128(%rdi), %ymm13, %ymm13
+        vpxor	-96(%rax), %ymm13, %ymm13
+        vpxor	-64(%rax), %ymm1, %ymm11
+        vpxor	(%rax), %ymm11, %ymm11
+        vpxor	32(%rax), %ymm11, %ymm11
+        vpxor	64(%rax), %ymm11, %ymm11
+        vpxor	96(%rax), %ymm4, %ymm14
+        vpxor	128(%rax), %ymm14, %ymm14
+        vpxor	-64(%rcx), %ymm14, %ymm14
+        vpxor	-32(%rcx), %ymm14, %ymm14
+        vpxor	(%rcx), %ymm2, %ymm12
+        vpxor	32(%rcx), %ymm12, %ymm12
+        vpxor	64(%rcx), %ymm12, %ymm12
+        vpxor	128(%rcx), %ymm12, %ymm12
+        # Calc t[0..4]
+        vpsrlq	$63, %ymm11, %ymm0
+        vpsrlq	$63, %ymm12, %ymm1
+        vpsrlq	$63, %ymm13, %ymm2
+        vpsrlq	$63, %ymm14, %ymm3
+        vpsrlq	$63, %ymm10, %ymm4
+        vpaddq	%ymm11, %ymm11, %ymm5
+        vpaddq	%ymm12, %ymm12, %ymm6
+        vpaddq	%ymm13, %ymm13, %ymm7
+        vpaddq	%ymm14, %ymm14, %ymm8
+        vpaddq	%ymm10, %ymm10, %ymm9
+        vpor	%ymm0, %ymm5, %ymm5
+        vpor	%ymm1, %ymm6, %ymm6
+        vpor	%ymm2, %ymm7, %ymm7
+        vpor	%ymm3, %ymm8, %ymm8
+        vpor	%ymm4, %ymm9, %ymm9
+        vpxor	%ymm14, %ymm5, %ymm5
+        vpxor	%ymm10, %ymm6, %ymm6
+        vpxor	%ymm11, %ymm7, %ymm7
+        vpxor	%ymm12, %ymm8, %ymm8
+        vpxor	%ymm13, %ymm9, %ymm9
+        # Row Mix
+        # Row 0
+        vpxor	%ymm15, %ymm5, %ymm10
+        vpxor	32(%rax), %ymm6, %ymm11
+        vpxor	32(%rcx), %ymm7, %ymm12
+        vpxor	-96(%rax), %ymm8, %ymm13
+        vpxor	-96(%rcx), %ymm9, %ymm14
+        vpsrlq	$20, %ymm11, %ymm0
+        vpsrlq	$21, %ymm12, %ymm1
+        vpsrlq	$43, %ymm13, %ymm2
+        vpsrlq	$50, %ymm14, %ymm3
+        vpsllq	$44, %ymm11, %ymm11
+        vpsllq	$43, %ymm12, %ymm12
+        vpsllq	$21, %ymm13, %ymm13
+        vpsllq	$14, %ymm14, %ymm14
+        vpor	%ymm0, %ymm11, %ymm11
+        vpor	%ymm1, %ymm12, %ymm12
+        vpor	%ymm2, %ymm13, %ymm13
+        vpor	%ymm3, %ymm14, %ymm14
+        vpandn	%ymm12, %ymm11, %ymm15
+        vpandn	%ymm13, %ymm12, %ymm1
+        vpandn	%ymm14, %ymm13, %ymm2
+        vpandn	%ymm10, %ymm14, %ymm3
+        vpandn	%ymm11, %ymm10, %ymm4
+        vpxor	%ymm10, %ymm15, %ymm15
+        vpxor	%ymm11, %ymm1, %ymm1
+        vpxor	%ymm12, %ymm2, %ymm2
+        # XOR in constant
+        vpxor	224(%rdx), %ymm15, %ymm15
+        vpxor	%ymm13, %ymm3, %ymm3
+        vpxor	%ymm14, %ymm4, %ymm4
+        vmovdqu	%ymm1, 32(%rax)
+        vmovdqu	%ymm2, 32(%rcx)
+        vmovdqu	%ymm3, -96(%rax)
+        vmovdqu	%ymm4, -96(%rcx)
+        # Row 1
+        vpxor	64(%rdi), %ymm8, %ymm10
+        vpxor	-32(%rcx), %ymm9, %ymm11
+        vpxor	-64(%rdi), %ymm5, %ymm12
+        vpxor	-64(%rax), %ymm6, %ymm13
+        vpxor	96(%rcx), %ymm7, %ymm14
+        vpsrlq	$36, %ymm10, %ymm0
+        vpsrlq	$44, %ymm11, %ymm1
+        vpsrlq	$61, %ymm12, %ymm2
+        vpsrlq	$19, %ymm13, %ymm3
+        vpsrlq	$3, %ymm14, %ymm4
+        vpsllq	$28, %ymm10, %ymm10
+        vpsllq	$20, %ymm11, %ymm11
+        vpsllq	$3, %ymm12, %ymm12
+        vpsllq	$45, %ymm13, %ymm13
+        vpsllq	$61, %ymm14, %ymm14
+        vpor	%ymm0, %ymm10, %ymm10
+        vpor	%ymm1, %ymm11, %ymm11
+        vpor	%ymm2, %ymm12, %ymm12
+        vpor	%ymm3, %ymm13, %ymm13
+        vpor	%ymm4, %ymm14, %ymm14
+        vpandn	%ymm12, %ymm11, %ymm0
+        vpandn	%ymm13, %ymm12, %ymm1
+        vpandn	%ymm14, %ymm13, %ymm2
+        vpandn	%ymm10, %ymm14, %ymm3
+        vpandn	%ymm11, %ymm10, %ymm4
+        vpxor	%ymm10, %ymm0, %ymm0
+        vpxor	%ymm11, %ymm1, %ymm1
+        vpxor	%ymm12, %ymm2, %ymm2
+        vpxor	%ymm13, %ymm3, %ymm3
+        vpxor	%ymm14, %ymm4, %ymm4
+        vmovdqu	%ymm0, 64(%rdi)
+        vmovdqu	%ymm1, -32(%rcx)
+        vmovdqu	%ymm2, -64(%rdi)
+        vmovdqu	%ymm3, -64(%rax)
+        vmovdqu	%ymm4, 96(%rcx)
+        # Row 2
+        vpxor	(%rax), %ymm6, %ymm10
+        vpxor	(%rcx), %ymm7, %ymm11
+        vpxor	128(%rdi), %ymm8, %ymm12
+        vpxor	128(%rax), %ymm9, %ymm13
+        vpxor	(%rdi), %ymm5, %ymm14
+        vpsrlq	$63, %ymm10, %ymm0
+        vpsrlq	$58, %ymm11, %ymm1
+        vpsrlq	$39, %ymm12, %ymm2
+        vpsrlq	$56, %ymm13, %ymm3
+        vpsrlq	$46, %ymm14, %ymm4
+        vpaddq	%ymm10, %ymm10, %ymm10
+        vpsllq	$6, %ymm11, %ymm11
+        vpsllq	$25, %ymm12, %ymm12
+        vpsllq	$8, %ymm13, %ymm13
+        vpsllq	$18, %ymm14, %ymm14
+        vpor	%ymm0, %ymm10, %ymm10
+        vpor	%ymm1, %ymm11, %ymm11
+        vpor	%ymm2, %ymm12, %ymm12
+        vpor	%ymm3, %ymm13, %ymm13
+        vpor	%ymm4, %ymm14, %ymm14
+        vpandn	%ymm12, %ymm11, %ymm0
+        vpandn	%ymm13, %ymm12, %ymm1
+        vpandn	%ymm14, %ymm13, %ymm2
+        vpandn	%ymm10, %ymm14, %ymm3
+        vpandn	%ymm11, %ymm10, %ymm4
+        vpxor	%ymm10, %ymm0, %ymm0
+        vpxor	%ymm11, %ymm1, %ymm1
+        vpxor	%ymm12, %ymm2, %ymm2
+        vpxor	%ymm13, %ymm3, %ymm3
+        vpxor	%ymm14, %ymm4, %ymm4
+        vmovdqu	%ymm0, (%rax)
+        vmovdqu	%ymm1, (%rcx)
+        vmovdqu	%ymm2, 128(%rdi)
+        vmovdqu	%ymm3, 128(%rax)
+        vmovdqu	%ymm4, (%rdi)
+        # Row 3
+        vpxor	-64(%rcx), %ymm9, %ymm10
+        vpxor	-96(%rdi), %ymm5, %ymm11
+        vpxor	64(%rax), %ymm6, %ymm12
+        vpxor	64(%rcx), %ymm7, %ymm13
+        vpxor	32(%rdi), %ymm8, %ymm14
+        vpsrlq	$37, %ymm10, %ymm0
+        vpsrlq	$28, %ymm11, %ymm1
+        vpsrlq	$54, %ymm12, %ymm2
+        vpsrlq	$49, %ymm13, %ymm3
+        vpsrlq	$8, %ymm14, %ymm4
+        vpsllq	$27, %ymm10, %ymm10
+        vpsllq	$36, %ymm11, %ymm11
+        vpsllq	$10, %ymm12, %ymm12
+        vpsllq	$15, %ymm13, %ymm13
+        vpsllq	$56, %ymm14, %ymm14
+        vpor	%ymm0, %ymm10, %ymm10
+        vpor	%ymm1, %ymm11, %ymm11
+        vpor	%ymm2, %ymm12, %ymm12
+        vpor	%ymm3, %ymm13, %ymm13
+        vpor	%ymm4, %ymm14, %ymm14
+        vpandn	%ymm12, %ymm11, %ymm0
+        vpandn	%ymm13, %ymm12, %ymm1
+        vpandn	%ymm14, %ymm13, %ymm2
+        vpandn	%ymm10, %ymm14, %ymm3
+        vpandn	%ymm11, %ymm10, %ymm4
+        vpxor	%ymm10, %ymm0, %ymm0
+        vpxor	%ymm11, %ymm1, %ymm1
+        vpxor	%ymm12, %ymm2, %ymm2
+        vpxor	%ymm13, %ymm3, %ymm3
+        vpxor	%ymm14, %ymm4, %ymm4
+        vmovdqu	%ymm0, -64(%rcx)
+        vmovdqu	%ymm1, -96(%rdi)
+        vmovdqu	%ymm2, 64(%rax)
+        vmovdqu	%ymm3, 64(%rcx)
+        vmovdqu	%ymm4, 32(%rdi)
+        # Row 4
+        vpxor	128(%rcx), %ymm7, %ymm10
+        vpxor	96(%rdi), %ymm8, %ymm11
+        vpxor	96(%rax), %ymm9, %ymm12
+        vpxor	-32(%rdi), %ymm5, %ymm13
+        vpxor	-32(%rax), %ymm6, %ymm14
+        vpsrlq	$2, %ymm10, %ymm0
+        vpsrlq	$9, %ymm11, %ymm1
+        vpsrlq	$25, %ymm12, %ymm2
+        vpsrlq	$23, %ymm13, %ymm3
+        vpsrlq	$62, %ymm14, %ymm4
+        vpsllq	$62, %ymm10, %ymm10
+        vpsllq	$55, %ymm11, %ymm11
+        vpsllq	$39, %ymm12, %ymm12
+        vpsllq	$41, %ymm13, %ymm13
+        vpsllq	$2, %ymm14, %ymm14
+        vpor	%ymm0, %ymm10, %ymm10
+        vpor	%ymm1, %ymm11, %ymm11
+        vpor	%ymm2, %ymm12, %ymm12
+        vpor	%ymm3, %ymm13, %ymm13
+        vpor	%ymm4, %ymm14, %ymm14
+        vpandn	%ymm12, %ymm11, %ymm0
+        vpandn	%ymm13, %ymm12, %ymm1
+        vpandn	%ymm14, %ymm13, %ymm2
+        vpandn	%ymm10, %ymm14, %ymm3
+        vpandn	%ymm11, %ymm10, %ymm4
+        vpxor	%ymm10, %ymm0, %ymm0
+        vpxor	%ymm11, %ymm1, %ymm1
+        vpxor	%ymm12, %ymm2, %ymm2
+        vpxor	%ymm13, %ymm3, %ymm3
+        vpxor	%ymm14, %ymm4, %ymm4
+        vmovdqu	%ymm0, 128(%rcx)
+        vmovdqu	%ymm1, 96(%rdi)
+        vmovdqu	%ymm2, 96(%rax)
+        vmovdqu	%ymm3, -32(%rdi)
+        vmovdqu	%ymm4, -32(%rax)
+        # Round 8
+        # Calc b[0..4]
+        vpxor	%ymm15, %ymm0, %ymm10
+        vpxor	-96(%rdi), %ymm1, %ymm11
+        vpxor	-64(%rdi), %ymm2, %ymm12
+        vpxor	(%rdi), %ymm4, %ymm14
+        vpxor	32(%rdi), %ymm14, %ymm14
+        vpxor	64(%rdi), %ymm10, %ymm10
+        vpxor	128(%rdi), %ymm12, %ymm12
+        vpxor	-96(%rax), %ymm3, %ymm13
+        vpxor	-64(%rax), %ymm13, %ymm13
+        vpxor	(%rax), %ymm10, %ymm10
+        vpxor	32(%rax), %ymm11, %ymm11
+        vpxor	64(%rax), %ymm12, %ymm12
+        vpxor	128(%rax), %ymm13, %ymm13
+        vpxor	-96(%rcx), %ymm14, %ymm14
+        vpxor	-64(%rcx), %ymm10, %ymm10
+        vpxor	-32(%rcx), %ymm11, %ymm11
+        vpxor	(%rcx), %ymm11, %ymm11
+        vpxor	32(%rcx), %ymm12, %ymm12
+        vpxor	64(%rcx), %ymm13, %ymm13
+        vpxor	96(%rcx), %ymm14, %ymm14
+        # Calc t[0..4]
+        vpsrlq	$63, %ymm11, %ymm0
+        vpsrlq	$63, %ymm12, %ymm1
+        vpsrlq	$63, %ymm13, %ymm2
+        vpsrlq	$63, %ymm14, %ymm3
+        vpsrlq	$63, %ymm10, %ymm4
+        vpaddq	%ymm11, %ymm11, %ymm5
+        vpaddq	%ymm12, %ymm12, %ymm6
+        vpaddq	%ymm13, %ymm13, %ymm7
+        vpaddq	%ymm14, %ymm14, %ymm8
+        vpaddq	%ymm10, %ymm10, %ymm9
+        vpor	%ymm0, %ymm5, %ymm5
+        vpor	%ymm1, %ymm6, %ymm6
+        vpor	%ymm2, %ymm7, %ymm7
+        vpor	%ymm3, %ymm8, %ymm8
+        vpor	%ymm4, %ymm9, %ymm9
+        vpxor	%ymm14, %ymm5, %ymm5
+        vpxor	%ymm10, %ymm6, %ymm6
+        vpxor	%ymm11, %ymm7, %ymm7
+        vpxor	%ymm12, %ymm8, %ymm8
+        vpxor	%ymm13, %ymm9, %ymm9
+        # Row Mix
+        # Row 0
+        vpxor	%ymm15, %ymm5, %ymm10
+        vpxor	-32(%rcx), %ymm6, %ymm11
+        vpxor	128(%rdi), %ymm7, %ymm12
+        vpxor	64(%rcx), %ymm8, %ymm13
+        vpxor	-32(%rax), %ymm9, %ymm14
+        vpsrlq	$20, %ymm11, %ymm0
+        vpsrlq	$21, %ymm12, %ymm1
+        vpsrlq	$43, %ymm13, %ymm2
+        vpsrlq	$50, %ymm14, %ymm3
+        vpsllq	$44, %ymm11, %ymm11
+        vpsllq	$43, %ymm12, %ymm12
+        vpsllq	$21, %ymm13, %ymm13
+        vpsllq	$14, %ymm14, %ymm14
+        vpor	%ymm0, %ymm11, %ymm11
+        vpor	%ymm1, %ymm12, %ymm12
+        vpor	%ymm2, %ymm13, %ymm13
+        vpor	%ymm3, %ymm14, %ymm14
+        vpandn	%ymm12, %ymm11, %ymm15
+        vpandn	%ymm13, %ymm12, %ymm1
+        vpandn	%ymm14, %ymm13, %ymm2
+        vpandn	%ymm10, %ymm14, %ymm3
+        vpandn	%ymm11, %ymm10, %ymm4
+        vpxor	%ymm10, %ymm15, %ymm15
+        vpxor	%ymm11, %ymm1, %ymm1
+        vpxor	%ymm12, %ymm2, %ymm2
+        # XOR in constant
+        vpxor	256(%rdx), %ymm15, %ymm15
+        vpxor	%ymm13, %ymm3, %ymm3
+        vpxor	%ymm14, %ymm4, %ymm4
+        vmovdqu	%ymm1, -32(%rcx)
+        vmovdqu	%ymm2, 128(%rdi)
+        vmovdqu	%ymm3, 64(%rcx)
+        vmovdqu	%ymm4, -32(%rax)
+        # Row 1
+        vpxor	-96(%rax), %ymm8, %ymm10
+        vpxor	96(%rcx), %ymm9, %ymm11
+        vpxor	(%rax), %ymm5, %ymm12
+        vpxor	-96(%rdi), %ymm6, %ymm13
+        vpxor	96(%rax), %ymm7, %ymm14
+        vpsrlq	$36, %ymm10, %ymm0
+        vpsrlq	$44, %ymm11, %ymm1
+        vpsrlq	$61, %ymm12, %ymm2
+        vpsrlq	$19, %ymm13, %ymm3
+        vpsrlq	$3, %ymm14, %ymm4
+        vpsllq	$28, %ymm10, %ymm10
+        vpsllq	$20, %ymm11, %ymm11
+        vpsllq	$3, %ymm12, %ymm12
+        vpsllq	$45, %ymm13, %ymm13
+        vpsllq	$61, %ymm14, %ymm14
+        vpor	%ymm0, %ymm10, %ymm10
+        vpor	%ymm1, %ymm11, %ymm11
+        vpor	%ymm2, %ymm12, %ymm12
+        vpor	%ymm3, %ymm13, %ymm13
+        vpor	%ymm4, %ymm14, %ymm14
+        vpandn	%ymm12, %ymm11, %ymm0
+        vpandn	%ymm13, %ymm12, %ymm1
+        vpandn	%ymm14, %ymm13, %ymm2
+        vpandn	%ymm10, %ymm14, %ymm3
+        vpandn	%ymm11, %ymm10, %ymm4
+        vpxor	%ymm10, %ymm0, %ymm0
+        vpxor	%ymm11, %ymm1, %ymm1
+        vpxor	%ymm12, %ymm2, %ymm2
+        vpxor	%ymm13, %ymm3, %ymm3
+        vpxor	%ymm14, %ymm4, %ymm4
+        vmovdqu	%ymm0, -96(%rax)
+        vmovdqu	%ymm1, 96(%rcx)
+        vmovdqu	%ymm2, (%rax)
+        vmovdqu	%ymm3, -96(%rdi)
+        vmovdqu	%ymm4, 96(%rax)
+        # Row 2
+        vpxor	32(%rax), %ymm6, %ymm10
+        vpxor	-64(%rdi), %ymm7, %ymm11
+        vpxor	128(%rax), %ymm8, %ymm12
+        vpxor	32(%rdi), %ymm9, %ymm13
+        vpxor	128(%rcx), %ymm5, %ymm14
+        vpsrlq	$63, %ymm10, %ymm0
+        vpsrlq	$58, %ymm11, %ymm1
+        vpsrlq	$39, %ymm12, %ymm2
+        vpsrlq	$56, %ymm13, %ymm3
+        vpsrlq	$46, %ymm14, %ymm4
+        vpaddq	%ymm10, %ymm10, %ymm10
+        vpsllq	$6, %ymm11, %ymm11
+        vpsllq	$25, %ymm12, %ymm12
+        vpsllq	$8, %ymm13, %ymm13
+        vpsllq	$18, %ymm14, %ymm14
+        vpor	%ymm0, %ymm10, %ymm10
+        vpor	%ymm1, %ymm11, %ymm11
+        vpor	%ymm2, %ymm12, %ymm12
+        vpor	%ymm3, %ymm13, %ymm13
+        vpor	%ymm4, %ymm14, %ymm14
+        vpandn	%ymm12, %ymm11, %ymm0
+        vpandn	%ymm13, %ymm12, %ymm1
+        vpandn	%ymm14, %ymm13, %ymm2
+        vpandn	%ymm10, %ymm14, %ymm3
+        vpandn	%ymm11, %ymm10, %ymm4
+        vpxor	%ymm10, %ymm0, %ymm0
+        vpxor	%ymm11, %ymm1, %ymm1
+        vpxor	%ymm12, %ymm2, %ymm2
+        vpxor	%ymm13, %ymm3, %ymm3
+        vpxor	%ymm14, %ymm4, %ymm4
+        vmovdqu	%ymm0, 32(%rax)
+        vmovdqu	%ymm1, -64(%rdi)
+        vmovdqu	%ymm2, 128(%rax)
+        vmovdqu	%ymm3, 32(%rdi)
+        vmovdqu	%ymm4, 128(%rcx)
+        # Row 3
+        vpxor	-96(%rcx), %ymm9, %ymm10
+        vpxor	64(%rdi), %ymm5, %ymm11
+        vpxor	(%rcx), %ymm6, %ymm12
+        vpxor	64(%rax), %ymm7, %ymm13
+        vpxor	-32(%rdi), %ymm8, %ymm14
+        vpsrlq	$37, %ymm10, %ymm0
+        vpsrlq	$28, %ymm11, %ymm1
+        vpsrlq	$54, %ymm12, %ymm2
+        vpsrlq	$49, %ymm13, %ymm3
+        vpsrlq	$8, %ymm14, %ymm4
+        vpsllq	$27, %ymm10, %ymm10
+        vpsllq	$36, %ymm11, %ymm11
+        vpsllq	$10, %ymm12, %ymm12
+        vpsllq	$15, %ymm13, %ymm13
+        vpsllq	$56, %ymm14, %ymm14
+        vpor	%ymm0, %ymm10, %ymm10
+        vpor	%ymm1, %ymm11, %ymm11
+        vpor	%ymm2, %ymm12, %ymm12
+        vpor	%ymm3, %ymm13, %ymm13
+        vpor	%ymm4, %ymm14, %ymm14
+        vpandn	%ymm12, %ymm11, %ymm0
+        vpandn	%ymm13, %ymm12, %ymm1
+        vpandn	%ymm14, %ymm13, %ymm2
+        vpandn	%ymm10, %ymm14, %ymm3
+        vpandn	%ymm11, %ymm10, %ymm4
+        vpxor	%ymm10, %ymm0, %ymm0
+        vpxor	%ymm11, %ymm1, %ymm1
+        vpxor	%ymm12, %ymm2, %ymm2
+        vpxor	%ymm13, %ymm3, %ymm3
+        vpxor	%ymm14, %ymm4, %ymm4
+        vmovdqu	%ymm0, -96(%rcx)
+        vmovdqu	%ymm1, 64(%rdi)
+        vmovdqu	%ymm2, (%rcx)
+        vmovdqu	%ymm3, 64(%rax)
+        vmovdqu	%ymm4, -32(%rdi)
+        # Row 4
+        vpxor	32(%rcx), %ymm7, %ymm10
+        vpxor	-64(%rax), %ymm8, %ymm11
+        vpxor	(%rdi), %ymm9, %ymm12
+        vpxor	-64(%rcx), %ymm5, %ymm13
+        vpxor	96(%rdi), %ymm6, %ymm14
+        vpsrlq	$2, %ymm10, %ymm0
+        vpsrlq	$9, %ymm11, %ymm1
+        vpsrlq	$25, %ymm12, %ymm2
+        vpsrlq	$23, %ymm13, %ymm3
+        vpsrlq	$62, %ymm14, %ymm4
+        vpsllq	$62, %ymm10, %ymm10
+        vpsllq	$55, %ymm11, %ymm11
+        vpsllq	$39, %ymm12, %ymm12
+        vpsllq	$41, %ymm13, %ymm13
+        vpsllq	$2, %ymm14, %ymm14
+        vpor	%ymm0, %ymm10, %ymm10
+        vpor	%ymm1, %ymm11, %ymm11
+        vpor	%ymm2, %ymm12, %ymm12
+        vpor	%ymm3, %ymm13, %ymm13
+        vpor	%ymm4, %ymm14, %ymm14
+        vpandn	%ymm12, %ymm11, %ymm0
+        vpandn	%ymm13, %ymm12, %ymm1
+        vpandn	%ymm14, %ymm13, %ymm2
+        vpandn	%ymm10, %ymm14, %ymm3
+        vpandn	%ymm11, %ymm10, %ymm4
+        vpxor	%ymm10, %ymm0, %ymm0
+        vpxor	%ymm11, %ymm1, %ymm1
+        vpxor	%ymm12, %ymm2, %ymm2
+        vpxor	%ymm13, %ymm3, %ymm3
+        vpxor	%ymm14, %ymm4, %ymm4
+        vmovdqu	%ymm0, 32(%rcx)
+        vmovdqu	%ymm1, -64(%rax)
+        vmovdqu	%ymm2, (%rdi)
+        vmovdqu	%ymm3, -64(%rcx)
+        vmovdqu	%ymm4, 96(%rdi)
+        # Round 9
+        # Calc b[0..4]
+        vpxor	%ymm15, %ymm0, %ymm10
+        vpxor	-96(%rdi), %ymm3, %ymm13
+        vpxor	-64(%rdi), %ymm1, %ymm11
+        vpxor	-32(%rdi), %ymm4, %ymm14
+        vpxor	32(%rdi), %ymm13, %ymm13
+        vpxor	64(%rdi), %ymm11, %ymm11
+        vpxor	128(%rdi), %ymm2, %ymm12
+        vpxor	-96(%rax), %ymm10, %ymm10
+        vpxor	-32(%rax), %ymm14, %ymm14
+        vpxor	(%rax), %ymm12, %ymm12
+        vpxor	32(%rax), %ymm10, %ymm10
+        vpxor	64(%rax), %ymm13, %ymm13
+        vpxor	96(%rax), %ymm14, %ymm14
+        vpxor	128(%rax), %ymm12, %ymm12
+        vpxor	-96(%rcx), %ymm10, %ymm10
+        vpxor	-32(%rcx), %ymm11, %ymm11
+        vpxor	(%rcx), %ymm12, %ymm12
+        vpxor	64(%rcx), %ymm13, %ymm13
+        vpxor	96(%rcx), %ymm11, %ymm11
+        vpxor	128(%rcx), %ymm14, %ymm14
+        # Calc t[0..4]
+        vpsrlq	$63, %ymm11, %ymm0
+        vpsrlq	$63, %ymm12, %ymm1
+        vpsrlq	$63, %ymm13, %ymm2
+        vpsrlq	$63, %ymm14, %ymm3
+        vpsrlq	$63, %ymm10, %ymm4
+        vpaddq	%ymm11, %ymm11, %ymm5
+        vpaddq	%ymm12, %ymm12, %ymm6
+        vpaddq	%ymm13, %ymm13, %ymm7
+        vpaddq	%ymm14, %ymm14, %ymm8
+        vpaddq	%ymm10, %ymm10, %ymm9
+        vpor	%ymm0, %ymm5, %ymm5
+        vpor	%ymm1, %ymm6, %ymm6
+        vpor	%ymm2, %ymm7, %ymm7
+        vpor	%ymm3, %ymm8, %ymm8
+        vpor	%ymm4, %ymm9, %ymm9
+        vpxor	%ymm14, %ymm5, %ymm5
+        vpxor	%ymm10, %ymm6, %ymm6
+        vpxor	%ymm11, %ymm7, %ymm7
+        vpxor	%ymm12, %ymm8, %ymm8
+        vpxor	%ymm13, %ymm9, %ymm9
+        # Row Mix
+        # Row 0
+        vpxor	%ymm15, %ymm5, %ymm10
+        vpxor	96(%rcx), %ymm6, %ymm11
+        vpxor	128(%rax), %ymm7, %ymm12
+        vpxor	64(%rax), %ymm8, %ymm13
+        vpxor	96(%rdi), %ymm9, %ymm14
+        vpsrlq	$20, %ymm11, %ymm0
+        vpsrlq	$21, %ymm12, %ymm1
+        vpsrlq	$43, %ymm13, %ymm2
+        vpsrlq	$50, %ymm14, %ymm3
+        vpsllq	$44, %ymm11, %ymm11
+        vpsllq	$43, %ymm12, %ymm12
+        vpsllq	$21, %ymm13, %ymm13
+        vpsllq	$14, %ymm14, %ymm14
+        vpor	%ymm0, %ymm11, %ymm11
+        vpor	%ymm1, %ymm12, %ymm12
+        vpor	%ymm2, %ymm13, %ymm13
+        vpor	%ymm3, %ymm14, %ymm14
+        vpandn	%ymm12, %ymm11, %ymm15
+        vpandn	%ymm13, %ymm12, %ymm1
+        vpandn	%ymm14, %ymm13, %ymm2
+        vpandn	%ymm10, %ymm14, %ymm3
+        vpandn	%ymm11, %ymm10, %ymm4
+        vpxor	%ymm10, %ymm15, %ymm15
+        vpxor	%ymm11, %ymm1, %ymm1
+        vpxor	%ymm12, %ymm2, %ymm2
+        # XOR in constant
+        vpxor	288(%rdx), %ymm15, %ymm15
+        vpxor	%ymm13, %ymm3, %ymm3
+        vpxor	%ymm14, %ymm4, %ymm4
+        vmovdqu	%ymm1, 96(%rcx)
+        vmovdqu	%ymm2, 128(%rax)
+        vmovdqu	%ymm3, 64(%rax)
+        vmovdqu	%ymm4, 96(%rdi)
+        # Row 1
+        vpxor	64(%rcx), %ymm8, %ymm10
+        vpxor	96(%rax), %ymm9, %ymm11
+        vpxor	32(%rax), %ymm5, %ymm12
+        vpxor	64(%rdi), %ymm6, %ymm13
+        vpxor	(%rdi), %ymm7, %ymm14
+        vpsrlq	$36, %ymm10, %ymm0
+        vpsrlq	$44, %ymm11, %ymm1
+        vpsrlq	$61, %ymm12, %ymm2
+        vpsrlq	$19, %ymm13, %ymm3
+        vpsrlq	$3, %ymm14, %ymm4
+        vpsllq	$28, %ymm10, %ymm10
+        vpsllq	$20, %ymm11, %ymm11
+        vpsllq	$3, %ymm12, %ymm12
+        vpsllq	$45, %ymm13, %ymm13
+        vpsllq	$61, %ymm14, %ymm14
+        vpor	%ymm0, %ymm10, %ymm10
+        vpor	%ymm1, %ymm11, %ymm11
+        vpor	%ymm2, %ymm12, %ymm12
+        vpor	%ymm3, %ymm13, %ymm13
+        vpor	%ymm4, %ymm14, %ymm14
+        vpandn	%ymm12, %ymm11, %ymm0
+        vpandn	%ymm13, %ymm12, %ymm1
+        vpandn	%ymm14, %ymm13, %ymm2
+        vpandn	%ymm10, %ymm14, %ymm3
+        vpandn	%ymm11, %ymm10, %ymm4
+        vpxor	%ymm10, %ymm0, %ymm0
+        vpxor	%ymm11, %ymm1, %ymm1
+        vpxor	%ymm12, %ymm2, %ymm2
+        vpxor	%ymm13, %ymm3, %ymm3
+        vpxor	%ymm14, %ymm4, %ymm4
+        vmovdqu	%ymm0, 64(%rcx)
+        vmovdqu	%ymm1, 96(%rax)
+        vmovdqu	%ymm2, 32(%rax)
+        vmovdqu	%ymm3, 64(%rdi)
+        vmovdqu	%ymm4, (%rdi)
+        # Row 2
+        vpxor	-32(%rcx), %ymm6, %ymm10
+        vpxor	(%rax), %ymm7, %ymm11
+        vpxor	32(%rdi), %ymm8, %ymm12
+        vpxor	-32(%rdi), %ymm9, %ymm13
+        vpxor	32(%rcx), %ymm5, %ymm14
+        vpsrlq	$63, %ymm10, %ymm0
+        vpsrlq	$58, %ymm11, %ymm1
+        vpsrlq	$39, %ymm12, %ymm2
+        vpsrlq	$56, %ymm13, %ymm3
+        vpsrlq	$46, %ymm14, %ymm4
+        vpaddq	%ymm10, %ymm10, %ymm10
+        vpsllq	$6, %ymm11, %ymm11
+        vpsllq	$25, %ymm12, %ymm12
+        vpsllq	$8, %ymm13, %ymm13
+        vpsllq	$18, %ymm14, %ymm14
+        vpor	%ymm0, %ymm10, %ymm10
+        vpor	%ymm1, %ymm11, %ymm11
+        vpor	%ymm2, %ymm12, %ymm12
+        vpor	%ymm3, %ymm13, %ymm13
+        vpor	%ymm4, %ymm14, %ymm14
+        vpandn	%ymm12, %ymm11, %ymm0
+        vpandn	%ymm13, %ymm12, %ymm1
+        vpandn	%ymm14, %ymm13, %ymm2
+        vpandn	%ymm10, %ymm14, %ymm3
+        vpandn	%ymm11, %ymm10, %ymm4
+        vpxor	%ymm10, %ymm0, %ymm0
+        vpxor	%ymm11, %ymm1, %ymm1
+        vpxor	%ymm12, %ymm2, %ymm2
+        vpxor	%ymm13, %ymm3, %ymm3
+        vpxor	%ymm14, %ymm4, %ymm4
+        vmovdqu	%ymm0, -32(%rcx)
+        vmovdqu	%ymm1, (%rax)
+        vmovdqu	%ymm2, 32(%rdi)
+        vmovdqu	%ymm3, -32(%rdi)
+        vmovdqu	%ymm4, 32(%rcx)
+        # Row 3
+        vpxor	-32(%rax), %ymm9, %ymm10
+        vpxor	-96(%rax), %ymm5, %ymm11
+        vpxor	-64(%rdi), %ymm6, %ymm12
+        vpxor	(%rcx), %ymm7, %ymm13
+        vpxor	-64(%rcx), %ymm8, %ymm14
+        vpsrlq	$37, %ymm10, %ymm0
+        vpsrlq	$28, %ymm11, %ymm1
+        vpsrlq	$54, %ymm12, %ymm2
+        vpsrlq	$49, %ymm13, %ymm3
+        vpsrlq	$8, %ymm14, %ymm4
+        vpsllq	$27, %ymm10, %ymm10
+        vpsllq	$36, %ymm11, %ymm11
+        vpsllq	$10, %ymm12, %ymm12
+        vpsllq	$15, %ymm13, %ymm13
+        vpsllq	$56, %ymm14, %ymm14
+        vpor	%ymm0, %ymm10, %ymm10
+        vpor	%ymm1, %ymm11, %ymm11
+        vpor	%ymm2, %ymm12, %ymm12
+        vpor	%ymm3, %ymm13, %ymm13
+        vpor	%ymm4, %ymm14, %ymm14
+        vpandn	%ymm12, %ymm11, %ymm0
+        vpandn	%ymm13, %ymm12, %ymm1
+        vpandn	%ymm14, %ymm13, %ymm2
+        vpandn	%ymm10, %ymm14, %ymm3
+        vpandn	%ymm11, %ymm10, %ymm4
+        vpxor	%ymm10, %ymm0, %ymm0
+        vpxor	%ymm11, %ymm1, %ymm1
+        vpxor	%ymm12, %ymm2, %ymm2
+        vpxor	%ymm13, %ymm3, %ymm3
+        vpxor	%ymm14, %ymm4, %ymm4
+        vmovdqu	%ymm0, -32(%rax)
+        vmovdqu	%ymm1, -96(%rax)
+        vmovdqu	%ymm2, -64(%rdi)
+        vmovdqu	%ymm3, (%rcx)
+        vmovdqu	%ymm4, -64(%rcx)
+        # Row 4
+        vpxor	128(%rdi), %ymm7, %ymm10
+        vpxor	-96(%rdi), %ymm8, %ymm11
+        vpxor	128(%rcx), %ymm9, %ymm12
+        vpxor	-96(%rcx), %ymm5, %ymm13
+        vpxor	-64(%rax), %ymm6, %ymm14
+        vpsrlq	$2, %ymm10, %ymm0
+        vpsrlq	$9, %ymm11, %ymm1
+        vpsrlq	$25, %ymm12, %ymm2
+        vpsrlq	$23, %ymm13, %ymm3
+        vpsrlq	$62, %ymm14, %ymm4
+        vpsllq	$62, %ymm10, %ymm10
+        vpsllq	$55, %ymm11, %ymm11
+        vpsllq	$39, %ymm12, %ymm12
+        vpsllq	$41, %ymm13, %ymm13
+        vpsllq	$2, %ymm14, %ymm14
+        vpor	%ymm0, %ymm10, %ymm10
+        vpor	%ymm1, %ymm11, %ymm11
+        vpor	%ymm2, %ymm12, %ymm12
+        vpor	%ymm3, %ymm13, %ymm13
+        vpor	%ymm4, %ymm14, %ymm14
+        vpandn	%ymm12, %ymm11, %ymm0
+        vpandn	%ymm13, %ymm12, %ymm1
+        vpandn	%ymm14, %ymm13, %ymm2
+        vpandn	%ymm10, %ymm14, %ymm3
+        vpandn	%ymm11, %ymm10, %ymm4
+        vpxor	%ymm10, %ymm0, %ymm0
+        vpxor	%ymm11, %ymm1, %ymm1
+        vpxor	%ymm12, %ymm2, %ymm2
+        vpxor	%ymm13, %ymm3, %ymm3
+        vpxor	%ymm14, %ymm4, %ymm4
+        vmovdqu	%ymm0, 128(%rdi)
+        vmovdqu	%ymm1, -96(%rdi)
+        vmovdqu	%ymm2, 128(%rcx)
+        vmovdqu	%ymm3, -96(%rcx)
+        vmovdqu	%ymm4, -64(%rax)
+        # Round 10
+        # Calc b[0..4]
+        vpxor	%ymm15, %ymm0, %ymm10
+        vpxor	-64(%rdi), %ymm2, %ymm12
+        vpxor	-32(%rdi), %ymm3, %ymm13
+        vpxor	(%rdi), %ymm4, %ymm14
+        vpxor	32(%rdi), %ymm12, %ymm12
+        vpxor	64(%rdi), %ymm13, %ymm13
+        vpxor	96(%rdi), %ymm14, %ymm14
+        vpxor	-96(%rax), %ymm1, %ymm11
+        vpxor	-32(%rax), %ymm10, %ymm10
+        vpxor	(%rax), %ymm11, %ymm11
+        vpxor	32(%rax), %ymm12, %ymm12
+        vpxor	64(%rax), %ymm13, %ymm13
+        vpxor	96(%rax), %ymm11, %ymm11
+        vpxor	128(%rax), %ymm12, %ymm12
+        vpxor	-64(%rcx), %ymm14, %ymm14
+        vpxor	-32(%rcx), %ymm10, %ymm10
+        vpxor	(%rcx), %ymm13, %ymm13
+        vpxor	32(%rcx), %ymm14, %ymm14
+        vpxor	64(%rcx), %ymm10, %ymm10
+        vpxor	96(%rcx), %ymm11, %ymm11
+        # Calc t[0..4]
+        vpsrlq	$63, %ymm11, %ymm0
+        vpsrlq	$63, %ymm12, %ymm1
+        vpsrlq	$63, %ymm13, %ymm2
+        vpsrlq	$63, %ymm14, %ymm3
+        vpsrlq	$63, %ymm10, %ymm4
+        vpaddq	%ymm11, %ymm11, %ymm5
+        vpaddq	%ymm12, %ymm12, %ymm6
+        vpaddq	%ymm13, %ymm13, %ymm7
+        vpaddq	%ymm14, %ymm14, %ymm8
+        vpaddq	%ymm10, %ymm10, %ymm9
+        vpor	%ymm0, %ymm5, %ymm5
+        vpor	%ymm1, %ymm6, %ymm6
+        vpor	%ymm2, %ymm7, %ymm7
+        vpor	%ymm3, %ymm8, %ymm8
+        vpor	%ymm4, %ymm9, %ymm9
+        vpxor	%ymm14, %ymm5, %ymm5
+        vpxor	%ymm10, %ymm6, %ymm6
+        vpxor	%ymm11, %ymm7, %ymm7
+        vpxor	%ymm12, %ymm8, %ymm8
+        vpxor	%ymm13, %ymm9, %ymm9
+        # Row Mix
+        # Row 0
+        vpxor	%ymm15, %ymm5, %ymm10
+        vpxor	96(%rax), %ymm6, %ymm11
+        vpxor	32(%rdi), %ymm7, %ymm12
+        vpxor	(%rcx), %ymm8, %ymm13
+        vpxor	-64(%rax), %ymm9, %ymm14
+        vpsrlq	$20, %ymm11, %ymm0
+        vpsrlq	$21, %ymm12, %ymm1
+        vpsrlq	$43, %ymm13, %ymm2
+        vpsrlq	$50, %ymm14, %ymm3
+        vpsllq	$44, %ymm11, %ymm11
+        vpsllq	$43, %ymm12, %ymm12
+        vpsllq	$21, %ymm13, %ymm13
+        vpsllq	$14, %ymm14, %ymm14
+        vpor	%ymm0, %ymm11, %ymm11
+        vpor	%ymm1, %ymm12, %ymm12
+        vpor	%ymm2, %ymm13, %ymm13
+        vpor	%ymm3, %ymm14, %ymm14
+        vpandn	%ymm12, %ymm11, %ymm15
+        vpandn	%ymm13, %ymm12, %ymm1
+        vpandn	%ymm14, %ymm13, %ymm2
+        vpandn	%ymm10, %ymm14, %ymm3
+        vpandn	%ymm11, %ymm10, %ymm4
+        vpxor	%ymm10, %ymm15, %ymm15
+        vpxor	%ymm11, %ymm1, %ymm1
+        vpxor	%ymm12, %ymm2, %ymm2
+        # XOR in constant
+        vpxor	320(%rdx), %ymm15, %ymm15
+        vpxor	%ymm13, %ymm3, %ymm3
+        vpxor	%ymm14, %ymm4, %ymm4
+        vmovdqu	%ymm1, 96(%rax)
+        vmovdqu	%ymm2, 32(%rdi)
+        vmovdqu	%ymm3, (%rcx)
+        vmovdqu	%ymm4, -64(%rax)
+        # Row 1
+        vpxor	64(%rax), %ymm8, %ymm10
+        vpxor	(%rdi), %ymm9, %ymm11
+        vpxor	-32(%rcx), %ymm5, %ymm12
+        vpxor	-96(%rax), %ymm6, %ymm13
+        vpxor	128(%rcx), %ymm7, %ymm14
+        vpsrlq	$36, %ymm10, %ymm0
+        vpsrlq	$44, %ymm11, %ymm1
+        vpsrlq	$61, %ymm12, %ymm2
+        vpsrlq	$19, %ymm13, %ymm3
+        vpsrlq	$3, %ymm14, %ymm4
+        vpsllq	$28, %ymm10, %ymm10
+        vpsllq	$20, %ymm11, %ymm11
+        vpsllq	$3, %ymm12, %ymm12
+        vpsllq	$45, %ymm13, %ymm13
+        vpsllq	$61, %ymm14, %ymm14
+        vpor	%ymm0, %ymm10, %ymm10
+        vpor	%ymm1, %ymm11, %ymm11
+        vpor	%ymm2, %ymm12, %ymm12
+        vpor	%ymm3, %ymm13, %ymm13
+        vpor	%ymm4, %ymm14, %ymm14
+        vpandn	%ymm12, %ymm11, %ymm0
+        vpandn	%ymm13, %ymm12, %ymm1
+        vpandn	%ymm14, %ymm13, %ymm2
+        vpandn	%ymm10, %ymm14, %ymm3
+        vpandn	%ymm11, %ymm10, %ymm4
+        vpxor	%ymm10, %ymm0, %ymm0
+        vpxor	%ymm11, %ymm1, %ymm1
+        vpxor	%ymm12, %ymm2, %ymm2
+        vpxor	%ymm13, %ymm3, %ymm3
+        vpxor	%ymm14, %ymm4, %ymm4
+        vmovdqu	%ymm0, 64(%rax)
+        vmovdqu	%ymm1, (%rdi)
+        vmovdqu	%ymm2, -32(%rcx)
+        vmovdqu	%ymm3, -96(%rax)
+        vmovdqu	%ymm4, 128(%rcx)
+        # Row 2
+        vpxor	96(%rcx), %ymm6, %ymm10
+        vpxor	32(%rax), %ymm7, %ymm11
+        vpxor	-32(%rdi), %ymm8, %ymm12
+        vpxor	-64(%rcx), %ymm9, %ymm13
+        vpxor	128(%rdi), %ymm5, %ymm14
+        vpsrlq	$63, %ymm10, %ymm0
+        vpsrlq	$58, %ymm11, %ymm1
+        vpsrlq	$39, %ymm12, %ymm2
+        vpsrlq	$56, %ymm13, %ymm3
+        vpsrlq	$46, %ymm14, %ymm4
+        vpaddq	%ymm10, %ymm10, %ymm10
+        vpsllq	$6, %ymm11, %ymm11
+        vpsllq	$25, %ymm12, %ymm12
+        vpsllq	$8, %ymm13, %ymm13
+        vpsllq	$18, %ymm14, %ymm14
+        vpor	%ymm0, %ymm10, %ymm10
+        vpor	%ymm1, %ymm11, %ymm11
+        vpor	%ymm2, %ymm12, %ymm12
+        vpor	%ymm3, %ymm13, %ymm13
+        vpor	%ymm4, %ymm14, %ymm14
+        vpandn	%ymm12, %ymm11, %ymm0
+        vpandn	%ymm13, %ymm12, %ymm1
+        vpandn	%ymm14, %ymm13, %ymm2
+        vpandn	%ymm10, %ymm14, %ymm3
+        vpandn	%ymm11, %ymm10, %ymm4
+        vpxor	%ymm10, %ymm0, %ymm0
+        vpxor	%ymm11, %ymm1, %ymm1
+        vpxor	%ymm12, %ymm2, %ymm2
+        vpxor	%ymm13, %ymm3, %ymm3
+        vpxor	%ymm14, %ymm4, %ymm4
+        vmovdqu	%ymm0, 96(%rcx)
+        vmovdqu	%ymm1, 32(%rax)
+        vmovdqu	%ymm2, -32(%rdi)
+        vmovdqu	%ymm3, -64(%rcx)
+        vmovdqu	%ymm4, 128(%rdi)
+        # Row 3
+        vpxor	96(%rdi), %ymm9, %ymm10
+        vpxor	64(%rcx), %ymm5, %ymm11
+        vpxor	(%rax), %ymm6, %ymm12
+        vpxor	-64(%rdi), %ymm7, %ymm13
+        vpxor	-96(%rcx), %ymm8, %ymm14
+        vpsrlq	$37, %ymm10, %ymm0
+        vpsrlq	$28, %ymm11, %ymm1
+        vpsrlq	$54, %ymm12, %ymm2
+        vpsrlq	$49, %ymm13, %ymm3
+        vpsrlq	$8, %ymm14, %ymm4
+        vpsllq	$27, %ymm10, %ymm10
+        vpsllq	$36, %ymm11, %ymm11
+        vpsllq	$10, %ymm12, %ymm12
+        vpsllq	$15, %ymm13, %ymm13
+        vpsllq	$56, %ymm14, %ymm14
+        vpor	%ymm0, %ymm10, %ymm10
+        vpor	%ymm1, %ymm11, %ymm11
+        vpor	%ymm2, %ymm12, %ymm12
+        vpor	%ymm3, %ymm13, %ymm13
+        vpor	%ymm4, %ymm14, %ymm14
+        vpandn	%ymm12, %ymm11, %ymm0
+        vpandn	%ymm13, %ymm12, %ymm1
+        vpandn	%ymm14, %ymm13, %ymm2
+        vpandn	%ymm10, %ymm14, %ymm3
+        vpandn	%ymm11, %ymm10, %ymm4
+        vpxor	%ymm10, %ymm0, %ymm0
+        vpxor	%ymm11, %ymm1, %ymm1
+        vpxor	%ymm12, %ymm2, %ymm2
+        vpxor	%ymm13, %ymm3, %ymm3
+        vpxor	%ymm14, %ymm4, %ymm4
+        vmovdqu	%ymm0, 96(%rdi)
+        vmovdqu	%ymm1, 64(%rcx)
+        vmovdqu	%ymm2, (%rax)
+        vmovdqu	%ymm3, -64(%rdi)
+        vmovdqu	%ymm4, -96(%rcx)
+        # Row 4
+        vpxor	128(%rax), %ymm7, %ymm10
+        vpxor	64(%rdi), %ymm8, %ymm11
+        vpxor	32(%rcx), %ymm9, %ymm12
+        vpxor	-32(%rax), %ymm5, %ymm13
+        vpxor	-96(%rdi), %ymm6, %ymm14
+        vpsrlq	$2, %ymm10, %ymm0
+        vpsrlq	$9, %ymm11, %ymm1
+        vpsrlq	$25, %ymm12, %ymm2
+        vpsrlq	$23, %ymm13, %ymm3
+        vpsrlq	$62, %ymm14, %ymm4
+        vpsllq	$62, %ymm10, %ymm10
+        vpsllq	$55, %ymm11, %ymm11
+        vpsllq	$39, %ymm12, %ymm12
+        vpsllq	$41, %ymm13, %ymm13
+        vpsllq	$2, %ymm14, %ymm14
+        vpor	%ymm0, %ymm10, %ymm10
+        vpor	%ymm1, %ymm11, %ymm11
+        vpor	%ymm2, %ymm12, %ymm12
+        vpor	%ymm3, %ymm13, %ymm13
+        vpor	%ymm4, %ymm14, %ymm14
+        vpandn	%ymm12, %ymm11, %ymm0
+        vpandn	%ymm13, %ymm12, %ymm1
+        vpandn	%ymm14, %ymm13, %ymm2
+        vpandn	%ymm10, %ymm14, %ymm3
+        vpandn	%ymm11, %ymm10, %ymm4
+        vpxor	%ymm10, %ymm0, %ymm0
+        vpxor	%ymm11, %ymm1, %ymm1
+        vpxor	%ymm12, %ymm2, %ymm2
+        vpxor	%ymm13, %ymm3, %ymm3
+        vpxor	%ymm14, %ymm4, %ymm4
+        vmovdqu	%ymm0, 128(%rax)
+        vmovdqu	%ymm1, 64(%rdi)
+        vmovdqu	%ymm2, 32(%rcx)
+        vmovdqu	%ymm3, -32(%rax)
+        vmovdqu	%ymm4, -96(%rdi)
+        # Round 11
+        # Calc b[0..4]
+        vpxor	%ymm15, %ymm0, %ymm10
+        vpxor	-64(%rdi), %ymm3, %ymm13
+        vpxor	-32(%rdi), %ymm2, %ymm12
+        vpxor	(%rdi), %ymm1, %ymm11
+        vpxor	32(%rdi), %ymm12, %ymm12
+        vpxor	96(%rdi), %ymm10, %ymm10
+        vpxor	128(%rdi), %ymm4, %ymm14
+        vpxor	-96(%rax), %ymm13, %ymm13
+        vpxor	-64(%rax), %ymm14, %ymm14
+        vpxor	(%rax), %ymm12, %ymm12
+        vpxor	32(%rax), %ymm11, %ymm11
+        vpxor	64(%rax), %ymm10, %ymm10
+        vpxor	96(%rax), %ymm11, %ymm11
+        vpxor	-96(%rcx), %ymm14, %ymm14
+        vpxor	-64(%rcx), %ymm13, %ymm13
+        vpxor	-32(%rcx), %ymm12, %ymm12
+        vpxor	(%rcx), %ymm13, %ymm13
+        vpxor	64(%rcx), %ymm11, %ymm11
+        vpxor	96(%rcx), %ymm10, %ymm10
+        vpxor	128(%rcx), %ymm14, %ymm14
+        # Calc t[0..4]
+        vpsrlq	$63, %ymm11, %ymm0
+        vpsrlq	$63, %ymm12, %ymm1
+        vpsrlq	$63, %ymm13, %ymm2
+        vpsrlq	$63, %ymm14, %ymm3
+        vpsrlq	$63, %ymm10, %ymm4
+        vpaddq	%ymm11, %ymm11, %ymm5
+        vpaddq	%ymm12, %ymm12, %ymm6
+        vpaddq	%ymm13, %ymm13, %ymm7
+        vpaddq	%ymm14, %ymm14, %ymm8
+        vpaddq	%ymm10, %ymm10, %ymm9
+        vpor	%ymm0, %ymm5, %ymm5
+        vpor	%ymm1, %ymm6, %ymm6
+        vpor	%ymm2, %ymm7, %ymm7
+        vpor	%ymm3, %ymm8, %ymm8
+        vpor	%ymm4, %ymm9, %ymm9
+        vpxor	%ymm14, %ymm5, %ymm5
+        vpxor	%ymm10, %ymm6, %ymm6
+        vpxor	%ymm11, %ymm7, %ymm7
+        vpxor	%ymm12, %ymm8, %ymm8
+        vpxor	%ymm13, %ymm9, %ymm9
+        # Row Mix
+        # Row 0
+        vpxor	%ymm15, %ymm5, %ymm10
+        vpxor	(%rdi), %ymm6, %ymm11
+        vpxor	-32(%rdi), %ymm7, %ymm12
+        vpxor	-64(%rdi), %ymm8, %ymm13
+        vpxor	-96(%rdi), %ymm9, %ymm14
+        vpsrlq	$20, %ymm11, %ymm0
+        vpsrlq	$21, %ymm12, %ymm1
+        vpsrlq	$43, %ymm13, %ymm2
+        vpsrlq	$50, %ymm14, %ymm3
+        vpsllq	$44, %ymm11, %ymm11
+        vpsllq	$43, %ymm12, %ymm12
+        vpsllq	$21, %ymm13, %ymm13
+        vpsllq	$14, %ymm14, %ymm14
+        vpor	%ymm0, %ymm11, %ymm11
+        vpor	%ymm1, %ymm12, %ymm12
+        vpor	%ymm2, %ymm13, %ymm13
+        vpor	%ymm3, %ymm14, %ymm14
+        vpandn	%ymm12, %ymm11, %ymm15
+        vpandn	%ymm13, %ymm12, %ymm1
+        vpandn	%ymm14, %ymm13, %ymm2
+        vpandn	%ymm10, %ymm14, %ymm3
+        vpandn	%ymm11, %ymm10, %ymm4
+        vpxor	%ymm10, %ymm15, %ymm15
+        vpxor	%ymm11, %ymm1, %ymm1
+        vpxor	%ymm12, %ymm2, %ymm2
+        # XOR in constant
+        vpxor	352(%rdx), %ymm15, %ymm15
+        vpxor	%ymm13, %ymm3, %ymm3
+        vpxor	%ymm14, %ymm4, %ymm4
+        vmovdqu	%ymm1, (%rdi)
+        vmovdqu	%ymm2, -32(%rdi)
+        vmovdqu	%ymm3, -64(%rdi)
+        vmovdqu	%ymm4, -96(%rdi)
+        # Row 1
+        vpxor	(%rcx), %ymm8, %ymm10
+        vpxor	128(%rcx), %ymm9, %ymm11
+        vpxor	96(%rcx), %ymm5, %ymm12
+        vpxor	64(%rcx), %ymm6, %ymm13
+        vpxor	32(%rcx), %ymm7, %ymm14
+        vpsrlq	$36, %ymm10, %ymm0
+        vpsrlq	$44, %ymm11, %ymm1
+        vpsrlq	$61, %ymm12, %ymm2
+        vpsrlq	$19, %ymm13, %ymm3
+        vpsrlq	$3, %ymm14, %ymm4
+        vpsllq	$28, %ymm10, %ymm10
+        vpsllq	$20, %ymm11, %ymm11
+        vpsllq	$3, %ymm12, %ymm12
+        vpsllq	$45, %ymm13, %ymm13
+        vpsllq	$61, %ymm14, %ymm14
+        vpor	%ymm0, %ymm10, %ymm10
+        vpor	%ymm1, %ymm11, %ymm11
+        vpor	%ymm2, %ymm12, %ymm12
+        vpor	%ymm3, %ymm13, %ymm13
+        vpor	%ymm4, %ymm14, %ymm14
+        vpandn	%ymm12, %ymm11, %ymm0
+        vpandn	%ymm13, %ymm12, %ymm1
+        vpandn	%ymm14, %ymm13, %ymm2
+        vpandn	%ymm10, %ymm14, %ymm3
+        vpandn	%ymm11, %ymm10, %ymm4
+        vpxor	%ymm10, %ymm0, %ymm0
+        vpxor	%ymm11, %ymm1, %ymm1
+        vpxor	%ymm12, %ymm2, %ymm2
+        vpxor	%ymm13, %ymm3, %ymm3
+        vpxor	%ymm14, %ymm4, %ymm4
+        vmovdqu	%ymm0, (%rcx)
+        vmovdqu	%ymm1, 128(%rcx)
+        vmovdqu	%ymm2, 96(%rcx)
+        vmovdqu	%ymm3, 64(%rcx)
+        vmovdqu	%ymm4, 32(%rcx)
+        # Row 2
+        vpxor	96(%rax), %ymm6, %ymm10
+        vpxor	-32(%rcx), %ymm7, %ymm11
+        vpxor	-64(%rcx), %ymm8, %ymm12
+        vpxor	-96(%rcx), %ymm9, %ymm13
+        vpxor	128(%rax), %ymm5, %ymm14
+        vpsrlq	$63, %ymm10, %ymm0
+        vpsrlq	$58, %ymm11, %ymm1
+        vpsrlq	$39, %ymm12, %ymm2
+        vpsrlq	$56, %ymm13, %ymm3
+        vpsrlq	$46, %ymm14, %ymm4
+        vpaddq	%ymm10, %ymm10, %ymm10
+        vpsllq	$6, %ymm11, %ymm11
+        vpsllq	$25, %ymm12, %ymm12
+        vpsllq	$8, %ymm13, %ymm13
+        vpsllq	$18, %ymm14, %ymm14
+        vpor	%ymm0, %ymm10, %ymm10
+        vpor	%ymm1, %ymm11, %ymm11
+        vpor	%ymm2, %ymm12, %ymm12
+        vpor	%ymm3, %ymm13, %ymm13
+        vpor	%ymm4, %ymm14, %ymm14
+        vpandn	%ymm12, %ymm11, %ymm0
+        vpandn	%ymm13, %ymm12, %ymm1
+        vpandn	%ymm14, %ymm13, %ymm2
+        vpandn	%ymm10, %ymm14, %ymm3
+        vpandn	%ymm11, %ymm10, %ymm4
+        vpxor	%ymm10, %ymm0, %ymm0
+        vpxor	%ymm11, %ymm1, %ymm1
+        vpxor	%ymm12, %ymm2, %ymm2
+        vpxor	%ymm13, %ymm3, %ymm3
+        vpxor	%ymm14, %ymm4, %ymm4
+        vmovdqu	%ymm0, 96(%rax)
+        vmovdqu	%ymm1, -32(%rcx)
+        vmovdqu	%ymm2, -64(%rcx)
+        vmovdqu	%ymm3, -96(%rcx)
+        vmovdqu	%ymm4, 128(%rax)
+        # Row 3
+        vpxor	-64(%rax), %ymm9, %ymm10
+        vpxor	64(%rax), %ymm5, %ymm11
+        vpxor	32(%rax), %ymm6, %ymm12
+        vpxor	(%rax), %ymm7, %ymm13
+        vpxor	-32(%rax), %ymm8, %ymm14
+        vpsrlq	$37, %ymm10, %ymm0
+        vpsrlq	$28, %ymm11, %ymm1
+        vpsrlq	$54, %ymm12, %ymm2
+        vpsrlq	$49, %ymm13, %ymm3
+        vpsrlq	$8, %ymm14, %ymm4
+        vpsllq	$27, %ymm10, %ymm10
+        vpsllq	$36, %ymm11, %ymm11
+        vpsllq	$10, %ymm12, %ymm12
+        vpsllq	$15, %ymm13, %ymm13
+        vpsllq	$56, %ymm14, %ymm14
+        vpor	%ymm0, %ymm10, %ymm10
+        vpor	%ymm1, %ymm11, %ymm11
+        vpor	%ymm2, %ymm12, %ymm12
+        vpor	%ymm3, %ymm13, %ymm13
+        vpor	%ymm4, %ymm14, %ymm14
+        vpandn	%ymm12, %ymm11, %ymm0
+        vpandn	%ymm13, %ymm12, %ymm1
+        vpandn	%ymm14, %ymm13, %ymm2
+        vpandn	%ymm10, %ymm14, %ymm3
+        vpandn	%ymm11, %ymm10, %ymm4
+        vpxor	%ymm10, %ymm0, %ymm0
+        vpxor	%ymm11, %ymm1, %ymm1
+        vpxor	%ymm12, %ymm2, %ymm2
+        vpxor	%ymm13, %ymm3, %ymm3
+        vpxor	%ymm14, %ymm4, %ymm4
+        vmovdqu	%ymm0, -64(%rax)
+        vmovdqu	%ymm1, 64(%rax)
+        vmovdqu	%ymm2, 32(%rax)
+        vmovdqu	%ymm3, (%rax)
+        vmovdqu	%ymm4, -32(%rax)
+        # Row 4
+        vpxor	32(%rdi), %ymm7, %ymm10
+        vpxor	-96(%rax), %ymm8, %ymm11
+        vpxor	128(%rdi), %ymm9, %ymm12
+        vpxor	96(%rdi), %ymm5, %ymm13
+        vpxor	64(%rdi), %ymm6, %ymm14
+        vpsrlq	$2, %ymm10, %ymm0
+        vpsrlq	$9, %ymm11, %ymm1
+        vpsrlq	$25, %ymm12, %ymm2
+        vpsrlq	$23, %ymm13, %ymm3
+        vpsrlq	$62, %ymm14, %ymm4
+        vpsllq	$62, %ymm10, %ymm10
+        vpsllq	$55, %ymm11, %ymm11
+        vpsllq	$39, %ymm12, %ymm12
+        vpsllq	$41, %ymm13, %ymm13
+        vpsllq	$2, %ymm14, %ymm14
+        vpor	%ymm0, %ymm10, %ymm10
+        vpor	%ymm1, %ymm11, %ymm11
+        vpor	%ymm2, %ymm12, %ymm12
+        vpor	%ymm3, %ymm13, %ymm13
+        vpor	%ymm4, %ymm14, %ymm14
+        vpandn	%ymm12, %ymm11, %ymm0
+        vpandn	%ymm13, %ymm12, %ymm1
+        vpandn	%ymm14, %ymm13, %ymm2
+        vpandn	%ymm10, %ymm14, %ymm3
+        vpandn	%ymm11, %ymm10, %ymm4
+        vpxor	%ymm10, %ymm0, %ymm0
+        vpxor	%ymm11, %ymm1, %ymm1
+        vpxor	%ymm12, %ymm2, %ymm2
+        vpxor	%ymm13, %ymm3, %ymm3
+        vpxor	%ymm14, %ymm4, %ymm4
+        vmovdqu	%ymm0, 32(%rdi)
+        vmovdqu	%ymm1, -96(%rax)
+        vmovdqu	%ymm2, 128(%rdi)
+        vmovdqu	%ymm3, 96(%rdi)
+        vmovdqu	%ymm4, 64(%rdi)
+        # Round 12
+        # Calc b[0..4]
+        vpxor	%ymm15, %ymm0, %ymm10
+        vpxor	-96(%rdi), %ymm4, %ymm14
+        vpxor	-64(%rdi), %ymm3, %ymm13
+        vpxor	-32(%rdi), %ymm2, %ymm12
+        vpxor	(%rdi), %ymm1, %ymm11
+        vpxor	-64(%rax), %ymm10, %ymm10
+        vpxor	-32(%rax), %ymm14, %ymm14
+        vpxor	(%rax), %ymm13, %ymm13
+        vpxor	32(%rax), %ymm12, %ymm12
+        vpxor	64(%rax), %ymm11, %ymm11
+        vpxor	96(%rax), %ymm10, %ymm10
+        vpxor	128(%rax), %ymm14, %ymm14
+        vpxor	-96(%rcx), %ymm13, %ymm13
+        vpxor	-64(%rcx), %ymm12, %ymm12
+        vpxor	-32(%rcx), %ymm11, %ymm11
+        vpxor	(%rcx), %ymm10, %ymm10
+        vpxor	32(%rcx), %ymm14, %ymm14
+        vpxor	64(%rcx), %ymm13, %ymm13
+        vpxor	96(%rcx), %ymm12, %ymm12
+        vpxor	128(%rcx), %ymm11, %ymm11
+        # Calc t[0..4]
+        vpsrlq	$63, %ymm11, %ymm0
+        vpsrlq	$63, %ymm12, %ymm1
+        vpsrlq	$63, %ymm13, %ymm2
+        vpsrlq	$63, %ymm14, %ymm3
+        vpsrlq	$63, %ymm10, %ymm4
+        vpaddq	%ymm11, %ymm11, %ymm5
+        vpaddq	%ymm12, %ymm12, %ymm6
+        vpaddq	%ymm13, %ymm13, %ymm7
+        vpaddq	%ymm14, %ymm14, %ymm8
+        vpaddq	%ymm10, %ymm10, %ymm9
+        vpor	%ymm0, %ymm5, %ymm5
+        vpor	%ymm1, %ymm6, %ymm6
+        vpor	%ymm2, %ymm7, %ymm7
+        vpor	%ymm3, %ymm8, %ymm8
+        vpor	%ymm4, %ymm9, %ymm9
+        vpxor	%ymm14, %ymm5, %ymm5
+        vpxor	%ymm10, %ymm6, %ymm6
+        vpxor	%ymm11, %ymm7, %ymm7
+        vpxor	%ymm12, %ymm8, %ymm8
+        vpxor	%ymm13, %ymm9, %ymm9
+        # Row Mix
+        # Row 0
+        vpxor	%ymm15, %ymm5, %ymm10
+        vpxor	128(%rcx), %ymm6, %ymm11
+        vpxor	-64(%rcx), %ymm7, %ymm12
+        vpxor	(%rax), %ymm8, %ymm13
+        vpxor	64(%rdi), %ymm9, %ymm14
+        vpsrlq	$20, %ymm11, %ymm0
+        vpsrlq	$21, %ymm12, %ymm1
+        vpsrlq	$43, %ymm13, %ymm2
+        vpsrlq	$50, %ymm14, %ymm3
+        vpsllq	$44, %ymm11, %ymm11
+        vpsllq	$43, %ymm12, %ymm12
+        vpsllq	$21, %ymm13, %ymm13
+        vpsllq	$14, %ymm14, %ymm14
+        vpor	%ymm0, %ymm11, %ymm11
+        vpor	%ymm1, %ymm12, %ymm12
+        vpor	%ymm2, %ymm13, %ymm13
+        vpor	%ymm3, %ymm14, %ymm14
+        vpandn	%ymm12, %ymm11, %ymm15
+        vpandn	%ymm13, %ymm12, %ymm1
+        vpandn	%ymm14, %ymm13, %ymm2
+        vpandn	%ymm10, %ymm14, %ymm3
+        vpandn	%ymm11, %ymm10, %ymm4
+        vpxor	%ymm10, %ymm15, %ymm15
+        vpxor	%ymm11, %ymm1, %ymm1
+        vpxor	%ymm12, %ymm2, %ymm2
+        # XOR in constant
+        vpxor	384(%rdx), %ymm15, %ymm15
+        vpxor	%ymm13, %ymm3, %ymm3
+        vpxor	%ymm14, %ymm4, %ymm4
+        vmovdqu	%ymm1, 128(%rcx)
+        vmovdqu	%ymm2, -64(%rcx)
+        vmovdqu	%ymm3, (%rax)
+        vmovdqu	%ymm4, 64(%rdi)
+        # Row 1
+        vpxor	-64(%rdi), %ymm8, %ymm10
+        vpxor	32(%rcx), %ymm9, %ymm11
+        vpxor	96(%rax), %ymm5, %ymm12
+        vpxor	64(%rax), %ymm6, %ymm13
+        vpxor	128(%rdi), %ymm7, %ymm14
+        vpsrlq	$36, %ymm10, %ymm0
+        vpsrlq	$44, %ymm11, %ymm1
+        vpsrlq	$61, %ymm12, %ymm2
+        vpsrlq	$19, %ymm13, %ymm3
+        vpsrlq	$3, %ymm14, %ymm4
+        vpsllq	$28, %ymm10, %ymm10
+        vpsllq	$20, %ymm11, %ymm11
+        vpsllq	$3, %ymm12, %ymm12
+        vpsllq	$45, %ymm13, %ymm13
+        vpsllq	$61, %ymm14, %ymm14
+        vpor	%ymm0, %ymm10, %ymm10
+        vpor	%ymm1, %ymm11, %ymm11
+        vpor	%ymm2, %ymm12, %ymm12
+        vpor	%ymm3, %ymm13, %ymm13
+        vpor	%ymm4, %ymm14, %ymm14
+        vpandn	%ymm12, %ymm11, %ymm0
+        vpandn	%ymm13, %ymm12, %ymm1
+        vpandn	%ymm14, %ymm13, %ymm2
+        vpandn	%ymm10, %ymm14, %ymm3
+        vpandn	%ymm11, %ymm10, %ymm4
+        vpxor	%ymm10, %ymm0, %ymm0
+        vpxor	%ymm11, %ymm1, %ymm1
+        vpxor	%ymm12, %ymm2, %ymm2
+        vpxor	%ymm13, %ymm3, %ymm3
+        vpxor	%ymm14, %ymm4, %ymm4
+        vmovdqu	%ymm0, -64(%rdi)
+        vmovdqu	%ymm1, 32(%rcx)
+        vmovdqu	%ymm2, 96(%rax)
+        vmovdqu	%ymm3, 64(%rax)
+        vmovdqu	%ymm4, 128(%rdi)
+        # Row 2
+        vpxor	(%rdi), %ymm6, %ymm10
+        vpxor	96(%rcx), %ymm7, %ymm11
+        vpxor	-96(%rcx), %ymm8, %ymm12
+        vpxor	-32(%rax), %ymm9, %ymm13
+        vpxor	32(%rdi), %ymm5, %ymm14
+        vpsrlq	$63, %ymm10, %ymm0
+        vpsrlq	$58, %ymm11, %ymm1
+        vpsrlq	$39, %ymm12, %ymm2
+        vpsrlq	$56, %ymm13, %ymm3
+        vpsrlq	$46, %ymm14, %ymm4
+        vpaddq	%ymm10, %ymm10, %ymm10
+        vpsllq	$6, %ymm11, %ymm11
+        vpsllq	$25, %ymm12, %ymm12
+        vpsllq	$8, %ymm13, %ymm13
+        vpsllq	$18, %ymm14, %ymm14
+        vpor	%ymm0, %ymm10, %ymm10
+        vpor	%ymm1, %ymm11, %ymm11
+        vpor	%ymm2, %ymm12, %ymm12
+        vpor	%ymm3, %ymm13, %ymm13
+        vpor	%ymm4, %ymm14, %ymm14
+        vpandn	%ymm12, %ymm11, %ymm0
+        vpandn	%ymm13, %ymm12, %ymm1
+        vpandn	%ymm14, %ymm13, %ymm2
+        vpandn	%ymm10, %ymm14, %ymm3
+        vpandn	%ymm11, %ymm10, %ymm4
+        vpxor	%ymm10, %ymm0, %ymm0
+        vpxor	%ymm11, %ymm1, %ymm1
+        vpxor	%ymm12, %ymm2, %ymm2
+        vpxor	%ymm13, %ymm3, %ymm3
+        vpxor	%ymm14, %ymm4, %ymm4
+        vmovdqu	%ymm0, (%rdi)
+        vmovdqu	%ymm1, 96(%rcx)
+        vmovdqu	%ymm2, -96(%rcx)
+        vmovdqu	%ymm3, -32(%rax)
+        vmovdqu	%ymm4, 32(%rdi)
+        # Row 3
+        vpxor	-96(%rdi), %ymm9, %ymm10
+        vpxor	(%rcx), %ymm5, %ymm11
+        vpxor	-32(%rcx), %ymm6, %ymm12
+        vpxor	32(%rax), %ymm7, %ymm13
+        vpxor	96(%rdi), %ymm8, %ymm14
+        vpsrlq	$37, %ymm10, %ymm0
+        vpsrlq	$28, %ymm11, %ymm1
+        vpsrlq	$54, %ymm12, %ymm2
+        vpsrlq	$49, %ymm13, %ymm3
+        vpsrlq	$8, %ymm14, %ymm4
+        vpsllq	$27, %ymm10, %ymm10
+        vpsllq	$36, %ymm11, %ymm11
+        vpsllq	$10, %ymm12, %ymm12
+        vpsllq	$15, %ymm13, %ymm13
+        vpsllq	$56, %ymm14, %ymm14
+        vpor	%ymm0, %ymm10, %ymm10
+        vpor	%ymm1, %ymm11, %ymm11
+        vpor	%ymm2, %ymm12, %ymm12
+        vpor	%ymm3, %ymm13, %ymm13
+        vpor	%ymm4, %ymm14, %ymm14
+        vpandn	%ymm12, %ymm11, %ymm0
+        vpandn	%ymm13, %ymm12, %ymm1
+        vpandn	%ymm14, %ymm13, %ymm2
+        vpandn	%ymm10, %ymm14, %ymm3
+        vpandn	%ymm11, %ymm10, %ymm4
+        vpxor	%ymm10, %ymm0, %ymm0
+        vpxor	%ymm11, %ymm1, %ymm1
+        vpxor	%ymm12, %ymm2, %ymm2
+        vpxor	%ymm13, %ymm3, %ymm3
+        vpxor	%ymm14, %ymm4, %ymm4
+        vmovdqu	%ymm0, -96(%rdi)
+        vmovdqu	%ymm1, (%rcx)
+        vmovdqu	%ymm2, -32(%rcx)
+        vmovdqu	%ymm3, 32(%rax)
+        vmovdqu	%ymm4, 96(%rdi)
+        # Row 4
+        vpxor	-32(%rdi), %ymm7, %ymm10
+        vpxor	64(%rcx), %ymm8, %ymm11
+        vpxor	128(%rax), %ymm9, %ymm12
+        vpxor	-64(%rax), %ymm5, %ymm13
+        vpxor	-96(%rax), %ymm6, %ymm14
+        vpsrlq	$2, %ymm10, %ymm0
+        vpsrlq	$9, %ymm11, %ymm1
+        vpsrlq	$25, %ymm12, %ymm2
+        vpsrlq	$23, %ymm13, %ymm3
+        vpsrlq	$62, %ymm14, %ymm4
+        vpsllq	$62, %ymm10, %ymm10
+        vpsllq	$55, %ymm11, %ymm11
+        vpsllq	$39, %ymm12, %ymm12
+        vpsllq	$41, %ymm13, %ymm13
+        vpsllq	$2, %ymm14, %ymm14
+        vpor	%ymm0, %ymm10, %ymm10
+        vpor	%ymm1, %ymm11, %ymm11
+        vpor	%ymm2, %ymm12, %ymm12
+        vpor	%ymm3, %ymm13, %ymm13
+        vpor	%ymm4, %ymm14, %ymm14
+        vpandn	%ymm12, %ymm11, %ymm0
+        vpandn	%ymm13, %ymm12, %ymm1
+        vpandn	%ymm14, %ymm13, %ymm2
+        vpandn	%ymm10, %ymm14, %ymm3
+        vpandn	%ymm11, %ymm10, %ymm4
+        vpxor	%ymm10, %ymm0, %ymm0
+        vpxor	%ymm11, %ymm1, %ymm1
+        vpxor	%ymm12, %ymm2, %ymm2
+        vpxor	%ymm13, %ymm3, %ymm3
+        vpxor	%ymm14, %ymm4, %ymm4
+        vmovdqu	%ymm0, -32(%rdi)
+        vmovdqu	%ymm1, 64(%rcx)
+        vmovdqu	%ymm2, 128(%rax)
+        vmovdqu	%ymm3, -64(%rax)
+        vmovdqu	%ymm4, -96(%rax)
+        # Round 13
+        # Calc b[0..4]
+        vpxor	%ymm15, %ymm0, %ymm10
+        vpxor	-96(%rdi), %ymm10, %ymm10
+        vpxor	-64(%rdi), %ymm10, %ymm10
+        vpxor	(%rdi), %ymm10, %ymm10
+        vpxor	32(%rdi), %ymm4, %ymm14
+        vpxor	64(%rdi), %ymm14, %ymm14
+        vpxor	96(%rdi), %ymm14, %ymm14
+        vpxor	128(%rdi), %ymm14, %ymm14
+        vpxor	-32(%rax), %ymm3, %ymm13
+        vpxor	(%rax), %ymm13, %ymm13
+        vpxor	32(%rax), %ymm13, %ymm13
+        vpxor	64(%rax), %ymm13, %ymm13
+        vpxor	96(%rax), %ymm2, %ymm12
+        vpxor	-96(%rcx), %ymm12, %ymm12
+        vpxor	-64(%rcx), %ymm12, %ymm12
+        vpxor	-32(%rcx), %ymm12, %ymm12
+        vpxor	(%rcx), %ymm1, %ymm11
+        vpxor	32(%rcx), %ymm11, %ymm11
+        vpxor	96(%rcx), %ymm11, %ymm11
+        vpxor	128(%rcx), %ymm11, %ymm11
+        # Calc t[0..4]
+        vpsrlq	$63, %ymm11, %ymm0
+        vpsrlq	$63, %ymm12, %ymm1
+        vpsrlq	$63, %ymm13, %ymm2
+        vpsrlq	$63, %ymm14, %ymm3
+        vpsrlq	$63, %ymm10, %ymm4
+        vpaddq	%ymm11, %ymm11, %ymm5
+        vpaddq	%ymm12, %ymm12, %ymm6
+        vpaddq	%ymm13, %ymm13, %ymm7
+        vpaddq	%ymm14, %ymm14, %ymm8
+        vpaddq	%ymm10, %ymm10, %ymm9
+        vpor	%ymm0, %ymm5, %ymm5
+        vpor	%ymm1, %ymm6, %ymm6
+        vpor	%ymm2, %ymm7, %ymm7
+        vpor	%ymm3, %ymm8, %ymm8
+        vpor	%ymm4, %ymm9, %ymm9
+        vpxor	%ymm14, %ymm5, %ymm5
+        vpxor	%ymm10, %ymm6, %ymm6
+        vpxor	%ymm11, %ymm7, %ymm7
+        vpxor	%ymm12, %ymm8, %ymm8
+        vpxor	%ymm13, %ymm9, %ymm9
+        # Row Mix
+        # Row 0
+        vpxor	%ymm15, %ymm5, %ymm10
+        vpxor	32(%rcx), %ymm6, %ymm11
+        vpxor	-96(%rcx), %ymm7, %ymm12
+        vpxor	32(%rax), %ymm8, %ymm13
+        vpxor	-96(%rax), %ymm9, %ymm14
+        vpsrlq	$20, %ymm11, %ymm0
+        vpsrlq	$21, %ymm12, %ymm1
+        vpsrlq	$43, %ymm13, %ymm2
+        vpsrlq	$50, %ymm14, %ymm3
+        vpsllq	$44, %ymm11, %ymm11
+        vpsllq	$43, %ymm12, %ymm12
+        vpsllq	$21, %ymm13, %ymm13
+        vpsllq	$14, %ymm14, %ymm14
+        vpor	%ymm0, %ymm11, %ymm11
+        vpor	%ymm1, %ymm12, %ymm12
+        vpor	%ymm2, %ymm13, %ymm13
+        vpor	%ymm3, %ymm14, %ymm14
+        vpandn	%ymm12, %ymm11, %ymm15
+        vpandn	%ymm13, %ymm12, %ymm1
+        vpandn	%ymm14, %ymm13, %ymm2
+        vpandn	%ymm10, %ymm14, %ymm3
+        vpandn	%ymm11, %ymm10, %ymm4
+        vpxor	%ymm10, %ymm15, %ymm15
+        vpxor	%ymm11, %ymm1, %ymm1
+        vpxor	%ymm12, %ymm2, %ymm2
+        # XOR in constant
+        vpxor	416(%rdx), %ymm15, %ymm15
+        vpxor	%ymm13, %ymm3, %ymm3
+        vpxor	%ymm14, %ymm4, %ymm4
+        vmovdqu	%ymm1, 32(%rcx)
+        vmovdqu	%ymm2, -96(%rcx)
+        vmovdqu	%ymm3, 32(%rax)
+        vmovdqu	%ymm4, -96(%rax)
+        # Row 1
+        vpxor	(%rax), %ymm8, %ymm10
+        vpxor	128(%rdi), %ymm9, %ymm11
+        vpxor	(%rdi), %ymm5, %ymm12
+        vpxor	(%rcx), %ymm6, %ymm13
+        vpxor	128(%rax), %ymm7, %ymm14
+        vpsrlq	$36, %ymm10, %ymm0
+        vpsrlq	$44, %ymm11, %ymm1
+        vpsrlq	$61, %ymm12, %ymm2
+        vpsrlq	$19, %ymm13, %ymm3
+        vpsrlq	$3, %ymm14, %ymm4
+        vpsllq	$28, %ymm10, %ymm10
+        vpsllq	$20, %ymm11, %ymm11
+        vpsllq	$3, %ymm12, %ymm12
+        vpsllq	$45, %ymm13, %ymm13
+        vpsllq	$61, %ymm14, %ymm14
+        vpor	%ymm0, %ymm10, %ymm10
+        vpor	%ymm1, %ymm11, %ymm11
+        vpor	%ymm2, %ymm12, %ymm12
+        vpor	%ymm3, %ymm13, %ymm13
+        vpor	%ymm4, %ymm14, %ymm14
+        vpandn	%ymm12, %ymm11, %ymm0
+        vpandn	%ymm13, %ymm12, %ymm1
+        vpandn	%ymm14, %ymm13, %ymm2
+        vpandn	%ymm10, %ymm14, %ymm3
+        vpandn	%ymm11, %ymm10, %ymm4
+        vpxor	%ymm10, %ymm0, %ymm0
+        vpxor	%ymm11, %ymm1, %ymm1
+        vpxor	%ymm12, %ymm2, %ymm2
+        vpxor	%ymm13, %ymm3, %ymm3
+        vpxor	%ymm14, %ymm4, %ymm4
+        vmovdqu	%ymm0, (%rax)
+        vmovdqu	%ymm1, 128(%rdi)
+        vmovdqu	%ymm2, (%rdi)
+        vmovdqu	%ymm3, (%rcx)
+        vmovdqu	%ymm4, 128(%rax)
+        # Row 2
+        vpxor	128(%rcx), %ymm6, %ymm10
+        vpxor	96(%rax), %ymm7, %ymm11
+        vpxor	-32(%rax), %ymm8, %ymm12
+        vpxor	96(%rdi), %ymm9, %ymm13
+        vpxor	-32(%rdi), %ymm5, %ymm14
+        vpsrlq	$63, %ymm10, %ymm0
+        vpsrlq	$58, %ymm11, %ymm1
+        vpsrlq	$39, %ymm12, %ymm2
+        vpsrlq	$56, %ymm13, %ymm3
+        vpsrlq	$46, %ymm14, %ymm4
+        vpaddq	%ymm10, %ymm10, %ymm10
+        vpsllq	$6, %ymm11, %ymm11
+        vpsllq	$25, %ymm12, %ymm12
+        vpsllq	$8, %ymm13, %ymm13
+        vpsllq	$18, %ymm14, %ymm14
+        vpor	%ymm0, %ymm10, %ymm10
+        vpor	%ymm1, %ymm11, %ymm11
+        vpor	%ymm2, %ymm12, %ymm12
+        vpor	%ymm3, %ymm13, %ymm13
+        vpor	%ymm4, %ymm14, %ymm14
+        vpandn	%ymm12, %ymm11, %ymm0
+        vpandn	%ymm13, %ymm12, %ymm1
+        vpandn	%ymm14, %ymm13, %ymm2
+        vpandn	%ymm10, %ymm14, %ymm3
+        vpandn	%ymm11, %ymm10, %ymm4
+        vpxor	%ymm10, %ymm0, %ymm0
+        vpxor	%ymm11, %ymm1, %ymm1
+        vpxor	%ymm12, %ymm2, %ymm2
+        vpxor	%ymm13, %ymm3, %ymm3
+        vpxor	%ymm14, %ymm4, %ymm4
+        vmovdqu	%ymm0, 128(%rcx)
+        vmovdqu	%ymm1, 96(%rax)
+        vmovdqu	%ymm2, -32(%rax)
+        vmovdqu	%ymm3, 96(%rdi)
+        vmovdqu	%ymm4, -32(%rdi)
+        # Row 3
+        vpxor	64(%rdi), %ymm9, %ymm10
+        vpxor	-64(%rdi), %ymm5, %ymm11
+        vpxor	96(%rcx), %ymm6, %ymm12
+        vpxor	-32(%rcx), %ymm7, %ymm13
+        vpxor	-64(%rax), %ymm8, %ymm14
+        vpsrlq	$37, %ymm10, %ymm0
+        vpsrlq	$28, %ymm11, %ymm1
+        vpsrlq	$54, %ymm12, %ymm2
+        vpsrlq	$49, %ymm13, %ymm3
+        vpsrlq	$8, %ymm14, %ymm4
+        vpsllq	$27, %ymm10, %ymm10
+        vpsllq	$36, %ymm11, %ymm11
+        vpsllq	$10, %ymm12, %ymm12
+        vpsllq	$15, %ymm13, %ymm13
+        vpsllq	$56, %ymm14, %ymm14
+        vpor	%ymm0, %ymm10, %ymm10
+        vpor	%ymm1, %ymm11, %ymm11
+        vpor	%ymm2, %ymm12, %ymm12
+        vpor	%ymm3, %ymm13, %ymm13
+        vpor	%ymm4, %ymm14, %ymm14
+        vpandn	%ymm12, %ymm11, %ymm0
+        vpandn	%ymm13, %ymm12, %ymm1
+        vpandn	%ymm14, %ymm13, %ymm2
+        vpandn	%ymm10, %ymm14, %ymm3
+        vpandn	%ymm11, %ymm10, %ymm4
+        vpxor	%ymm10, %ymm0, %ymm0
+        vpxor	%ymm11, %ymm1, %ymm1
+        vpxor	%ymm12, %ymm2, %ymm2
+        vpxor	%ymm13, %ymm3, %ymm3
+        vpxor	%ymm14, %ymm4, %ymm4
+        vmovdqu	%ymm0, 64(%rdi)
+        vmovdqu	%ymm1, -64(%rdi)
+        vmovdqu	%ymm2, 96(%rcx)
+        vmovdqu	%ymm3, -32(%rcx)
+        vmovdqu	%ymm4, -64(%rax)
+        # Row 4
+        vpxor	-64(%rcx), %ymm7, %ymm10
+        vpxor	64(%rax), %ymm8, %ymm11
+        vpxor	32(%rdi), %ymm9, %ymm12
+        vpxor	-96(%rdi), %ymm5, %ymm13
+        vpxor	64(%rcx), %ymm6, %ymm14
+        vpsrlq	$2, %ymm10, %ymm0
+        vpsrlq	$9, %ymm11, %ymm1
+        vpsrlq	$25, %ymm12, %ymm2
+        vpsrlq	$23, %ymm13, %ymm3
+        vpsrlq	$62, %ymm14, %ymm4
+        vpsllq	$62, %ymm10, %ymm10
+        vpsllq	$55, %ymm11, %ymm11
+        vpsllq	$39, %ymm12, %ymm12
+        vpsllq	$41, %ymm13, %ymm13
+        vpsllq	$2, %ymm14, %ymm14
+        vpor	%ymm0, %ymm10, %ymm10
+        vpor	%ymm1, %ymm11, %ymm11
+        vpor	%ymm2, %ymm12, %ymm12
+        vpor	%ymm3, %ymm13, %ymm13
+        vpor	%ymm4, %ymm14, %ymm14
+        vpandn	%ymm12, %ymm11, %ymm0
+        vpandn	%ymm13, %ymm12, %ymm1
+        vpandn	%ymm14, %ymm13, %ymm2
+        vpandn	%ymm10, %ymm14, %ymm3
+        vpandn	%ymm11, %ymm10, %ymm4
+        vpxor	%ymm10, %ymm0, %ymm0
+        vpxor	%ymm11, %ymm1, %ymm1
+        vpxor	%ymm12, %ymm2, %ymm2
+        vpxor	%ymm13, %ymm3, %ymm3
+        vpxor	%ymm14, %ymm4, %ymm4
+        vmovdqu	%ymm0, -64(%rcx)
+        vmovdqu	%ymm1, 64(%rax)
+        vmovdqu	%ymm2, 32(%rdi)
+        vmovdqu	%ymm3, -96(%rdi)
+        vmovdqu	%ymm4, 64(%rcx)
+        # Round 14
+        # Calc b[0..4]
+        vpxor	%ymm15, %ymm0, %ymm10
+        vpxor	-64(%rdi), %ymm1, %ymm11
+        vpxor	-32(%rdi), %ymm4, %ymm14
+        vpxor	(%rdi), %ymm2, %ymm12
+        vpxor	64(%rdi), %ymm10, %ymm10
+        vpxor	96(%rdi), %ymm3, %ymm13
+        vpxor	128(%rdi), %ymm11, %ymm11
+        vpxor	-96(%rax), %ymm14, %ymm14
+        vpxor	-64(%rax), %ymm14, %ymm14
+        vpxor	-32(%rax), %ymm12, %ymm12
+        vpxor	(%rax), %ymm10, %ymm10
+        vpxor	32(%rax), %ymm13, %ymm13
+        vpxor	96(%rax), %ymm11, %ymm11
+        vpxor	128(%rax), %ymm14, %ymm14
+        vpxor	-96(%rcx), %ymm12, %ymm12
+        vpxor	-32(%rcx), %ymm13, %ymm13
+        vpxor	(%rcx), %ymm13, %ymm13
+        vpxor	32(%rcx), %ymm11, %ymm11
+        vpxor	96(%rcx), %ymm12, %ymm12
+        vpxor	128(%rcx), %ymm10, %ymm10
+        # Calc t[0..4]
+        vpsrlq	$63, %ymm11, %ymm0
+        vpsrlq	$63, %ymm12, %ymm1
+        vpsrlq	$63, %ymm13, %ymm2
+        vpsrlq	$63, %ymm14, %ymm3
+        vpsrlq	$63, %ymm10, %ymm4
+        vpaddq	%ymm11, %ymm11, %ymm5
+        vpaddq	%ymm12, %ymm12, %ymm6
+        vpaddq	%ymm13, %ymm13, %ymm7
+        vpaddq	%ymm14, %ymm14, %ymm8
+        vpaddq	%ymm10, %ymm10, %ymm9
+        vpor	%ymm0, %ymm5, %ymm5
+        vpor	%ymm1, %ymm6, %ymm6
+        vpor	%ymm2, %ymm7, %ymm7
+        vpor	%ymm3, %ymm8, %ymm8
+        vpor	%ymm4, %ymm9, %ymm9
+        vpxor	%ymm14, %ymm5, %ymm5
+        vpxor	%ymm10, %ymm6, %ymm6
+        vpxor	%ymm11, %ymm7, %ymm7
+        vpxor	%ymm12, %ymm8, %ymm8
+        vpxor	%ymm13, %ymm9, %ymm9
+        # Row Mix
+        # Row 0
+        vpxor	%ymm15, %ymm5, %ymm10
+        vpxor	128(%rdi), %ymm6, %ymm11
+        vpxor	-32(%rax), %ymm7, %ymm12
+        vpxor	-32(%rcx), %ymm8, %ymm13
+        vpxor	64(%rcx), %ymm9, %ymm14
+        vpsrlq	$20, %ymm11, %ymm0
+        vpsrlq	$21, %ymm12, %ymm1
+        vpsrlq	$43, %ymm13, %ymm2
+        vpsrlq	$50, %ymm14, %ymm3
+        vpsllq	$44, %ymm11, %ymm11
+        vpsllq	$43, %ymm12, %ymm12
+        vpsllq	$21, %ymm13, %ymm13
+        vpsllq	$14, %ymm14, %ymm14
+        vpor	%ymm0, %ymm11, %ymm11
+        vpor	%ymm1, %ymm12, %ymm12
+        vpor	%ymm2, %ymm13, %ymm13
+        vpor	%ymm3, %ymm14, %ymm14
+        vpandn	%ymm12, %ymm11, %ymm15
+        vpandn	%ymm13, %ymm12, %ymm1
+        vpandn	%ymm14, %ymm13, %ymm2
+        vpandn	%ymm10, %ymm14, %ymm3
+        vpandn	%ymm11, %ymm10, %ymm4
+        vpxor	%ymm10, %ymm15, %ymm15
+        vpxor	%ymm11, %ymm1, %ymm1
+        vpxor	%ymm12, %ymm2, %ymm2
+        # XOR in constant
+        vpxor	448(%rdx), %ymm15, %ymm15
+        vpxor	%ymm13, %ymm3, %ymm3
+        vpxor	%ymm14, %ymm4, %ymm4
+        vmovdqu	%ymm1, 128(%rdi)
+        vmovdqu	%ymm2, -32(%rax)
+        vmovdqu	%ymm3, -32(%rcx)
+        vmovdqu	%ymm4, 64(%rcx)
+        # Row 1
+        vpxor	32(%rax), %ymm8, %ymm10
+        vpxor	128(%rax), %ymm9, %ymm11
+        vpxor	128(%rcx), %ymm5, %ymm12
+        vpxor	-64(%rdi), %ymm6, %ymm13
+        vpxor	32(%rdi), %ymm7, %ymm14
+        vpsrlq	$36, %ymm10, %ymm0
+        vpsrlq	$44, %ymm11, %ymm1
+        vpsrlq	$61, %ymm12, %ymm2
+        vpsrlq	$19, %ymm13, %ymm3
+        vpsrlq	$3, %ymm14, %ymm4
+        vpsllq	$28, %ymm10, %ymm10
+        vpsllq	$20, %ymm11, %ymm11
+        vpsllq	$3, %ymm12, %ymm12
+        vpsllq	$45, %ymm13, %ymm13
+        vpsllq	$61, %ymm14, %ymm14
+        vpor	%ymm0, %ymm10, %ymm10
+        vpor	%ymm1, %ymm11, %ymm11
+        vpor	%ymm2, %ymm12, %ymm12
+        vpor	%ymm3, %ymm13, %ymm13
+        vpor	%ymm4, %ymm14, %ymm14
+        vpandn	%ymm12, %ymm11, %ymm0
+        vpandn	%ymm13, %ymm12, %ymm1
+        vpandn	%ymm14, %ymm13, %ymm2
+        vpandn	%ymm10, %ymm14, %ymm3
+        vpandn	%ymm11, %ymm10, %ymm4
+        vpxor	%ymm10, %ymm0, %ymm0
+        vpxor	%ymm11, %ymm1, %ymm1
+        vpxor	%ymm12, %ymm2, %ymm2
+        vpxor	%ymm13, %ymm3, %ymm3
+        vpxor	%ymm14, %ymm4, %ymm4
+        vmovdqu	%ymm0, 32(%rax)
+        vmovdqu	%ymm1, 128(%rax)
+        vmovdqu	%ymm2, 128(%rcx)
+        vmovdqu	%ymm3, -64(%rdi)
+        vmovdqu	%ymm4, 32(%rdi)
+        # Row 2
+        vpxor	32(%rcx), %ymm6, %ymm10
+        vpxor	(%rdi), %ymm7, %ymm11
+        vpxor	96(%rdi), %ymm8, %ymm12
+        vpxor	-64(%rax), %ymm9, %ymm13
+        vpxor	-64(%rcx), %ymm5, %ymm14
+        vpsrlq	$63, %ymm10, %ymm0
+        vpsrlq	$58, %ymm11, %ymm1
+        vpsrlq	$39, %ymm12, %ymm2
+        vpsrlq	$56, %ymm13, %ymm3
+        vpsrlq	$46, %ymm14, %ymm4
+        vpaddq	%ymm10, %ymm10, %ymm10
+        vpsllq	$6, %ymm11, %ymm11
+        vpsllq	$25, %ymm12, %ymm12
+        vpsllq	$8, %ymm13, %ymm13
+        vpsllq	$18, %ymm14, %ymm14
+        vpor	%ymm0, %ymm10, %ymm10
+        vpor	%ymm1, %ymm11, %ymm11
+        vpor	%ymm2, %ymm12, %ymm12
+        vpor	%ymm3, %ymm13, %ymm13
+        vpor	%ymm4, %ymm14, %ymm14
+        vpandn	%ymm12, %ymm11, %ymm0
+        vpandn	%ymm13, %ymm12, %ymm1
+        vpandn	%ymm14, %ymm13, %ymm2
+        vpandn	%ymm10, %ymm14, %ymm3
+        vpandn	%ymm11, %ymm10, %ymm4
+        vpxor	%ymm10, %ymm0, %ymm0
+        vpxor	%ymm11, %ymm1, %ymm1
+        vpxor	%ymm12, %ymm2, %ymm2
+        vpxor	%ymm13, %ymm3, %ymm3
+        vpxor	%ymm14, %ymm4, %ymm4
+        vmovdqu	%ymm0, 32(%rcx)
+        vmovdqu	%ymm1, (%rdi)
+        vmovdqu	%ymm2, 96(%rdi)
+        vmovdqu	%ymm3, -64(%rax)
+        vmovdqu	%ymm4, -64(%rcx)
+        # Row 3
+        vpxor	-96(%rax), %ymm9, %ymm10
+        vpxor	(%rax), %ymm5, %ymm11
+        vpxor	96(%rax), %ymm6, %ymm12
+        vpxor	96(%rcx), %ymm7, %ymm13
+        vpxor	-96(%rdi), %ymm8, %ymm14
+        vpsrlq	$37, %ymm10, %ymm0
+        vpsrlq	$28, %ymm11, %ymm1
+        vpsrlq	$54, %ymm12, %ymm2
+        vpsrlq	$49, %ymm13, %ymm3
+        vpsrlq	$8, %ymm14, %ymm4
+        vpsllq	$27, %ymm10, %ymm10
+        vpsllq	$36, %ymm11, %ymm11
+        vpsllq	$10, %ymm12, %ymm12
+        vpsllq	$15, %ymm13, %ymm13
+        vpsllq	$56, %ymm14, %ymm14
+        vpor	%ymm0, %ymm10, %ymm10
+        vpor	%ymm1, %ymm11, %ymm11
+        vpor	%ymm2, %ymm12, %ymm12
+        vpor	%ymm3, %ymm13, %ymm13
+        vpor	%ymm4, %ymm14, %ymm14
+        vpandn	%ymm12, %ymm11, %ymm0
+        vpandn	%ymm13, %ymm12, %ymm1
+        vpandn	%ymm14, %ymm13, %ymm2
+        vpandn	%ymm10, %ymm14, %ymm3
+        vpandn	%ymm11, %ymm10, %ymm4
+        vpxor	%ymm10, %ymm0, %ymm0
+        vpxor	%ymm11, %ymm1, %ymm1
+        vpxor	%ymm12, %ymm2, %ymm2
+        vpxor	%ymm13, %ymm3, %ymm3
+        vpxor	%ymm14, %ymm4, %ymm4
+        vmovdqu	%ymm0, -96(%rax)
+        vmovdqu	%ymm1, (%rax)
+        vmovdqu	%ymm2, 96(%rax)
+        vmovdqu	%ymm3, 96(%rcx)
+        vmovdqu	%ymm4, -96(%rdi)
+        # Row 4
+        vpxor	-96(%rcx), %ymm7, %ymm10
+        vpxor	(%rcx), %ymm8, %ymm11
+        vpxor	-32(%rdi), %ymm9, %ymm12
+        vpxor	64(%rdi), %ymm5, %ymm13
+        vpxor	64(%rax), %ymm6, %ymm14
+        vpsrlq	$2, %ymm10, %ymm0
+        vpsrlq	$9, %ymm11, %ymm1
+        vpsrlq	$25, %ymm12, %ymm2
+        vpsrlq	$23, %ymm13, %ymm3
+        vpsrlq	$62, %ymm14, %ymm4
+        vpsllq	$62, %ymm10, %ymm10
+        vpsllq	$55, %ymm11, %ymm11
+        vpsllq	$39, %ymm12, %ymm12
+        vpsllq	$41, %ymm13, %ymm13
+        vpsllq	$2, %ymm14, %ymm14
+        vpor	%ymm0, %ymm10, %ymm10
+        vpor	%ymm1, %ymm11, %ymm11
+        vpor	%ymm2, %ymm12, %ymm12
+        vpor	%ymm3, %ymm13, %ymm13
+        vpor	%ymm4, %ymm14, %ymm14
+        vpandn	%ymm12, %ymm11, %ymm0
+        vpandn	%ymm13, %ymm12, %ymm1
+        vpandn	%ymm14, %ymm13, %ymm2
+        vpandn	%ymm10, %ymm14, %ymm3
+        vpandn	%ymm11, %ymm10, %ymm4
+        vpxor	%ymm10, %ymm0, %ymm0
+        vpxor	%ymm11, %ymm1, %ymm1
+        vpxor	%ymm12, %ymm2, %ymm2
+        vpxor	%ymm13, %ymm3, %ymm3
+        vpxor	%ymm14, %ymm4, %ymm4
+        vmovdqu	%ymm0, -96(%rcx)
+        vmovdqu	%ymm1, (%rcx)
+        vmovdqu	%ymm2, -32(%rdi)
+        vmovdqu	%ymm3, 64(%rdi)
+        vmovdqu	%ymm4, 64(%rax)
+        # Round 15
+        # Calc b[0..4]
+        vpxor	%ymm15, %ymm0, %ymm10
+        vpxor	-96(%rdi), %ymm4, %ymm14
+        vpxor	-64(%rdi), %ymm3, %ymm13
+        vpxor	(%rdi), %ymm1, %ymm11
+        vpxor	32(%rdi), %ymm14, %ymm14
+        vpxor	96(%rdi), %ymm2, %ymm12
+        vpxor	128(%rdi), %ymm11, %ymm11
+        vpxor	-96(%rax), %ymm10, %ymm10
+        vpxor	-64(%rax), %ymm13, %ymm13
+        vpxor	-32(%rax), %ymm12, %ymm12
+        vpxor	(%rax), %ymm11, %ymm11
+        vpxor	32(%rax), %ymm10, %ymm10
+        vpxor	96(%rax), %ymm12, %ymm12
+        vpxor	128(%rax), %ymm11, %ymm11
+        vpxor	-64(%rcx), %ymm14, %ymm14
+        vpxor	-32(%rcx), %ymm13, %ymm13
+        vpxor	32(%rcx), %ymm10, %ymm10
+        vpxor	64(%rcx), %ymm14, %ymm14
+        vpxor	96(%rcx), %ymm13, %ymm13
+        vpxor	128(%rcx), %ymm12, %ymm12
+        # Calc t[0..4]
+        vpsrlq	$63, %ymm11, %ymm0
+        vpsrlq	$63, %ymm12, %ymm1
+        vpsrlq	$63, %ymm13, %ymm2
+        vpsrlq	$63, %ymm14, %ymm3
+        vpsrlq	$63, %ymm10, %ymm4
+        vpaddq	%ymm11, %ymm11, %ymm5
+        vpaddq	%ymm12, %ymm12, %ymm6
+        vpaddq	%ymm13, %ymm13, %ymm7
+        vpaddq	%ymm14, %ymm14, %ymm8
+        vpaddq	%ymm10, %ymm10, %ymm9
+        vpor	%ymm0, %ymm5, %ymm5
+        vpor	%ymm1, %ymm6, %ymm6
+        vpor	%ymm2, %ymm7, %ymm7
+        vpor	%ymm3, %ymm8, %ymm8
+        vpor	%ymm4, %ymm9, %ymm9
+        vpxor	%ymm14, %ymm5, %ymm5
+        vpxor	%ymm10, %ymm6, %ymm6
+        vpxor	%ymm11, %ymm7, %ymm7
+        vpxor	%ymm12, %ymm8, %ymm8
+        vpxor	%ymm13, %ymm9, %ymm9
+        # Row Mix
+        # Row 0
+        vpxor	%ymm15, %ymm5, %ymm10
+        vpxor	128(%rax), %ymm6, %ymm11
+        vpxor	96(%rdi), %ymm7, %ymm12
+        vpxor	96(%rcx), %ymm8, %ymm13
+        vpxor	64(%rax), %ymm9, %ymm14
+        vpsrlq	$20, %ymm11, %ymm0
+        vpsrlq	$21, %ymm12, %ymm1
+        vpsrlq	$43, %ymm13, %ymm2
+        vpsrlq	$50, %ymm14, %ymm3
+        vpsllq	$44, %ymm11, %ymm11
+        vpsllq	$43, %ymm12, %ymm12
+        vpsllq	$21, %ymm13, %ymm13
+        vpsllq	$14, %ymm14, %ymm14
+        vpor	%ymm0, %ymm11, %ymm11
+        vpor	%ymm1, %ymm12, %ymm12
+        vpor	%ymm2, %ymm13, %ymm13
+        vpor	%ymm3, %ymm14, %ymm14
+        vpandn	%ymm12, %ymm11, %ymm15
+        vpandn	%ymm13, %ymm12, %ymm1
+        vpandn	%ymm14, %ymm13, %ymm2
+        vpandn	%ymm10, %ymm14, %ymm3
+        vpandn	%ymm11, %ymm10, %ymm4
+        vpxor	%ymm10, %ymm15, %ymm15
+        vpxor	%ymm11, %ymm1, %ymm1
+        vpxor	%ymm12, %ymm2, %ymm2
+        # XOR in constant
+        vpxor	480(%rdx), %ymm15, %ymm15
+        vpxor	%ymm13, %ymm3, %ymm3
+        vpxor	%ymm14, %ymm4, %ymm4
+        vmovdqu	%ymm1, 128(%rax)
+        vmovdqu	%ymm2, 96(%rdi)
+        vmovdqu	%ymm3, 96(%rcx)
+        vmovdqu	%ymm4, 64(%rax)
+        # Row 1
+        vpxor	-32(%rcx), %ymm8, %ymm10
+        vpxor	32(%rdi), %ymm9, %ymm11
+        vpxor	32(%rcx), %ymm5, %ymm12
+        vpxor	(%rax), %ymm6, %ymm13
+        vpxor	-32(%rdi), %ymm7, %ymm14
+        vpsrlq	$36, %ymm10, %ymm0
+        vpsrlq	$44, %ymm11, %ymm1
+        vpsrlq	$61, %ymm12, %ymm2
+        vpsrlq	$19, %ymm13, %ymm3
+        vpsrlq	$3, %ymm14, %ymm4
+        vpsllq	$28, %ymm10, %ymm10
+        vpsllq	$20, %ymm11, %ymm11
+        vpsllq	$3, %ymm12, %ymm12
+        vpsllq	$45, %ymm13, %ymm13
+        vpsllq	$61, %ymm14, %ymm14
+        vpor	%ymm0, %ymm10, %ymm10
+        vpor	%ymm1, %ymm11, %ymm11
+        vpor	%ymm2, %ymm12, %ymm12
+        vpor	%ymm3, %ymm13, %ymm13
+        vpor	%ymm4, %ymm14, %ymm14
+        vpandn	%ymm12, %ymm11, %ymm0
+        vpandn	%ymm13, %ymm12, %ymm1
+        vpandn	%ymm14, %ymm13, %ymm2
+        vpandn	%ymm10, %ymm14, %ymm3
+        vpandn	%ymm11, %ymm10, %ymm4
+        vpxor	%ymm10, %ymm0, %ymm0
+        vpxor	%ymm11, %ymm1, %ymm1
+        vpxor	%ymm12, %ymm2, %ymm2
+        vpxor	%ymm13, %ymm3, %ymm3
+        vpxor	%ymm14, %ymm4, %ymm4
+        vmovdqu	%ymm0, -32(%rcx)
+        vmovdqu	%ymm1, 32(%rdi)
+        vmovdqu	%ymm2, 32(%rcx)
+        vmovdqu	%ymm3, (%rax)
+        vmovdqu	%ymm4, -32(%rdi)
+        # Row 2
+        vpxor	128(%rdi), %ymm6, %ymm10
+        vpxor	128(%rcx), %ymm7, %ymm11
+        vpxor	-64(%rax), %ymm8, %ymm12
+        vpxor	-96(%rdi), %ymm9, %ymm13
+        vpxor	-96(%rcx), %ymm5, %ymm14
+        vpsrlq	$63, %ymm10, %ymm0
+        vpsrlq	$58, %ymm11, %ymm1
+        vpsrlq	$39, %ymm12, %ymm2
+        vpsrlq	$56, %ymm13, %ymm3
+        vpsrlq	$46, %ymm14, %ymm4
+        vpaddq	%ymm10, %ymm10, %ymm10
+        vpsllq	$6, %ymm11, %ymm11
+        vpsllq	$25, %ymm12, %ymm12
+        vpsllq	$8, %ymm13, %ymm13
+        vpsllq	$18, %ymm14, %ymm14
+        vpor	%ymm0, %ymm10, %ymm10
+        vpor	%ymm1, %ymm11, %ymm11
+        vpor	%ymm2, %ymm12, %ymm12
+        vpor	%ymm3, %ymm13, %ymm13
+        vpor	%ymm4, %ymm14, %ymm14
+        vpandn	%ymm12, %ymm11, %ymm0
+        vpandn	%ymm13, %ymm12, %ymm1
+        vpandn	%ymm14, %ymm13, %ymm2
+        vpandn	%ymm10, %ymm14, %ymm3
+        vpandn	%ymm11, %ymm10, %ymm4
+        vpxor	%ymm10, %ymm0, %ymm0
+        vpxor	%ymm11, %ymm1, %ymm1
+        vpxor	%ymm12, %ymm2, %ymm2
+        vpxor	%ymm13, %ymm3, %ymm3
+        vpxor	%ymm14, %ymm4, %ymm4
+        vmovdqu	%ymm0, 128(%rdi)
+        vmovdqu	%ymm1, 128(%rcx)
+        vmovdqu	%ymm2, -64(%rax)
+        vmovdqu	%ymm3, -96(%rdi)
+        vmovdqu	%ymm4, -96(%rcx)
+        # Row 3
+        vpxor	64(%rcx), %ymm9, %ymm10
+        vpxor	32(%rax), %ymm5, %ymm11
+        vpxor	(%rdi), %ymm6, %ymm12
+        vpxor	96(%rax), %ymm7, %ymm13
+        vpxor	64(%rdi), %ymm8, %ymm14
+        vpsrlq	$37, %ymm10, %ymm0
+        vpsrlq	$28, %ymm11, %ymm1
+        vpsrlq	$54, %ymm12, %ymm2
+        vpsrlq	$49, %ymm13, %ymm3
+        vpsrlq	$8, %ymm14, %ymm4
+        vpsllq	$27, %ymm10, %ymm10
+        vpsllq	$36, %ymm11, %ymm11
+        vpsllq	$10, %ymm12, %ymm12
+        vpsllq	$15, %ymm13, %ymm13
+        vpsllq	$56, %ymm14, %ymm14
+        vpor	%ymm0, %ymm10, %ymm10
+        vpor	%ymm1, %ymm11, %ymm11
+        vpor	%ymm2, %ymm12, %ymm12
+        vpor	%ymm3, %ymm13, %ymm13
+        vpor	%ymm4, %ymm14, %ymm14
+        vpandn	%ymm12, %ymm11, %ymm0
+        vpandn	%ymm13, %ymm12, %ymm1
+        vpandn	%ymm14, %ymm13, %ymm2
+        vpandn	%ymm10, %ymm14, %ymm3
+        vpandn	%ymm11, %ymm10, %ymm4
+        vpxor	%ymm10, %ymm0, %ymm0
+        vpxor	%ymm11, %ymm1, %ymm1
+        vpxor	%ymm12, %ymm2, %ymm2
+        vpxor	%ymm13, %ymm3, %ymm3
+        vpxor	%ymm14, %ymm4, %ymm4
+        vmovdqu	%ymm0, 64(%rcx)
+        vmovdqu	%ymm1, 32(%rax)
+        vmovdqu	%ymm2, (%rdi)
+        vmovdqu	%ymm3, 96(%rax)
+        vmovdqu	%ymm4, 64(%rdi)
+        # Row 4
+        vpxor	-32(%rax), %ymm7, %ymm10
+        vpxor	-64(%rdi), %ymm8, %ymm11
+        vpxor	-64(%rcx), %ymm9, %ymm12
+        vpxor	-96(%rax), %ymm5, %ymm13
+        vpxor	(%rcx), %ymm6, %ymm14
+        vpsrlq	$2, %ymm10, %ymm0
+        vpsrlq	$9, %ymm11, %ymm1
+        vpsrlq	$25, %ymm12, %ymm2
+        vpsrlq	$23, %ymm13, %ymm3
+        vpsrlq	$62, %ymm14, %ymm4
+        vpsllq	$62, %ymm10, %ymm10
+        vpsllq	$55, %ymm11, %ymm11
+        vpsllq	$39, %ymm12, %ymm12
+        vpsllq	$41, %ymm13, %ymm13
+        vpsllq	$2, %ymm14, %ymm14
+        vpor	%ymm0, %ymm10, %ymm10
+        vpor	%ymm1, %ymm11, %ymm11
+        vpor	%ymm2, %ymm12, %ymm12
+        vpor	%ymm3, %ymm13, %ymm13
+        vpor	%ymm4, %ymm14, %ymm14
+        vpandn	%ymm12, %ymm11, %ymm0
+        vpandn	%ymm13, %ymm12, %ymm1
+        vpandn	%ymm14, %ymm13, %ymm2
+        vpandn	%ymm10, %ymm14, %ymm3
+        vpandn	%ymm11, %ymm10, %ymm4
+        vpxor	%ymm10, %ymm0, %ymm0
+        vpxor	%ymm11, %ymm1, %ymm1
+        vpxor	%ymm12, %ymm2, %ymm2
+        vpxor	%ymm13, %ymm3, %ymm3
+        vpxor	%ymm14, %ymm4, %ymm4
+        vmovdqu	%ymm0, -32(%rax)
+        vmovdqu	%ymm1, -64(%rdi)
+        vmovdqu	%ymm2, -64(%rcx)
+        vmovdqu	%ymm3, -96(%rax)
+        vmovdqu	%ymm4, (%rcx)
+        # Round 16
+        # Calc b[0..4]
+        vpxor	%ymm15, %ymm0, %ymm10
+        vpxor	-96(%rdi), %ymm3, %ymm13
+        vpxor	-32(%rdi), %ymm4, %ymm14
+        vpxor	(%rdi), %ymm2, %ymm12
+        vpxor	32(%rdi), %ymm1, %ymm11
+        vpxor	64(%rdi), %ymm14, %ymm14
+        vpxor	96(%rdi), %ymm12, %ymm12
+        vpxor	128(%rdi), %ymm10, %ymm10
+        vpxor	-64(%rax), %ymm12, %ymm12
+        vpxor	(%rax), %ymm13, %ymm13
+        vpxor	32(%rax), %ymm11, %ymm11
+        vpxor	64(%rax), %ymm14, %ymm14
+        vpxor	96(%rax), %ymm13, %ymm13
+        vpxor	128(%rax), %ymm11, %ymm11
+        vpxor	-96(%rcx), %ymm14, %ymm14
+        vpxor	-32(%rcx), %ymm10, %ymm10
+        vpxor	32(%rcx), %ymm12, %ymm12
+        vpxor	64(%rcx), %ymm10, %ymm10
+        vpxor	96(%rcx), %ymm13, %ymm13
+        vpxor	128(%rcx), %ymm11, %ymm11
+        # Calc t[0..4]
+        vpsrlq	$63, %ymm11, %ymm0
+        vpsrlq	$63, %ymm12, %ymm1
+        vpsrlq	$63, %ymm13, %ymm2
+        vpsrlq	$63, %ymm14, %ymm3
+        vpsrlq	$63, %ymm10, %ymm4
+        vpaddq	%ymm11, %ymm11, %ymm5
+        vpaddq	%ymm12, %ymm12, %ymm6
+        vpaddq	%ymm13, %ymm13, %ymm7
+        vpaddq	%ymm14, %ymm14, %ymm8
+        vpaddq	%ymm10, %ymm10, %ymm9
+        vpor	%ymm0, %ymm5, %ymm5
+        vpor	%ymm1, %ymm6, %ymm6
+        vpor	%ymm2, %ymm7, %ymm7
+        vpor	%ymm3, %ymm8, %ymm8
+        vpor	%ymm4, %ymm9, %ymm9
+        vpxor	%ymm14, %ymm5, %ymm5
+        vpxor	%ymm10, %ymm6, %ymm6
+        vpxor	%ymm11, %ymm7, %ymm7
+        vpxor	%ymm12, %ymm8, %ymm8
+        vpxor	%ymm13, %ymm9, %ymm9
+        # Row Mix
+        # Row 0
+        vpxor	%ymm15, %ymm5, %ymm10
+        vpxor	32(%rdi), %ymm6, %ymm11
+        vpxor	-64(%rax), %ymm7, %ymm12
+        vpxor	96(%rax), %ymm8, %ymm13
+        vpxor	(%rcx), %ymm9, %ymm14
+        vpsrlq	$20, %ymm11, %ymm0
+        vpsrlq	$21, %ymm12, %ymm1
+        vpsrlq	$43, %ymm13, %ymm2
+        vpsrlq	$50, %ymm14, %ymm3
+        vpsllq	$44, %ymm11, %ymm11
+        vpsllq	$43, %ymm12, %ymm12
+        vpsllq	$21, %ymm13, %ymm13
+        vpsllq	$14, %ymm14, %ymm14
+        vpor	%ymm0, %ymm11, %ymm11
+        vpor	%ymm1, %ymm12, %ymm12
+        vpor	%ymm2, %ymm13, %ymm13
+        vpor	%ymm3, %ymm14, %ymm14
+        vpandn	%ymm12, %ymm11, %ymm15
+        vpandn	%ymm13, %ymm12, %ymm1
+        vpandn	%ymm14, %ymm13, %ymm2
+        vpandn	%ymm10, %ymm14, %ymm3
+        vpandn	%ymm11, %ymm10, %ymm4
+        vpxor	%ymm10, %ymm15, %ymm15
+        vpxor	%ymm11, %ymm1, %ymm1
+        vpxor	%ymm12, %ymm2, %ymm2
+        # XOR in constant
+        vpxor	512(%rdx), %ymm15, %ymm15
+        vpxor	%ymm13, %ymm3, %ymm3
+        vpxor	%ymm14, %ymm4, %ymm4
+        vmovdqu	%ymm1, 32(%rdi)
+        vmovdqu	%ymm2, -64(%rax)
+        vmovdqu	%ymm3, 96(%rax)
+        vmovdqu	%ymm4, (%rcx)
+        # Row 1
+        vpxor	96(%rcx), %ymm8, %ymm10
+        vpxor	-32(%rdi), %ymm9, %ymm11
+        vpxor	128(%rdi), %ymm5, %ymm12
+        vpxor	32(%rax), %ymm6, %ymm13
+        vpxor	-64(%rcx), %ymm7, %ymm14
+        vpsrlq	$36, %ymm10, %ymm0
+        vpsrlq	$44, %ymm11, %ymm1
+        vpsrlq	$61, %ymm12, %ymm2
+        vpsrlq	$19, %ymm13, %ymm3
+        vpsrlq	$3, %ymm14, %ymm4
+        vpsllq	$28, %ymm10, %ymm10
+        vpsllq	$20, %ymm11, %ymm11
+        vpsllq	$3, %ymm12, %ymm12
+        vpsllq	$45, %ymm13, %ymm13
+        vpsllq	$61, %ymm14, %ymm14
+        vpor	%ymm0, %ymm10, %ymm10
+        vpor	%ymm1, %ymm11, %ymm11
+        vpor	%ymm2, %ymm12, %ymm12
+        vpor	%ymm3, %ymm13, %ymm13
+        vpor	%ymm4, %ymm14, %ymm14
+        vpandn	%ymm12, %ymm11, %ymm0
+        vpandn	%ymm13, %ymm12, %ymm1
+        vpandn	%ymm14, %ymm13, %ymm2
+        vpandn	%ymm10, %ymm14, %ymm3
+        vpandn	%ymm11, %ymm10, %ymm4
+        vpxor	%ymm10, %ymm0, %ymm0
+        vpxor	%ymm11, %ymm1, %ymm1
+        vpxor	%ymm12, %ymm2, %ymm2
+        vpxor	%ymm13, %ymm3, %ymm3
+        vpxor	%ymm14, %ymm4, %ymm4
+        vmovdqu	%ymm0, 96(%rcx)
+        vmovdqu	%ymm1, -32(%rdi)
+        vmovdqu	%ymm2, 128(%rdi)
+        vmovdqu	%ymm3, 32(%rax)
+        vmovdqu	%ymm4, -64(%rcx)
+        # Row 2
+        vpxor	128(%rax), %ymm6, %ymm10
+        vpxor	32(%rcx), %ymm7, %ymm11
+        vpxor	-96(%rdi), %ymm8, %ymm12
+        vpxor	64(%rdi), %ymm9, %ymm13
+        vpxor	-32(%rax), %ymm5, %ymm14
+        vpsrlq	$63, %ymm10, %ymm0
+        vpsrlq	$58, %ymm11, %ymm1
+        vpsrlq	$39, %ymm12, %ymm2
+        vpsrlq	$56, %ymm13, %ymm3
+        vpsrlq	$46, %ymm14, %ymm4
+        vpaddq	%ymm10, %ymm10, %ymm10
+        vpsllq	$6, %ymm11, %ymm11
+        vpsllq	$25, %ymm12, %ymm12
+        vpsllq	$8, %ymm13, %ymm13
+        vpsllq	$18, %ymm14, %ymm14
+        vpor	%ymm0, %ymm10, %ymm10
+        vpor	%ymm1, %ymm11, %ymm11
+        vpor	%ymm2, %ymm12, %ymm12
+        vpor	%ymm3, %ymm13, %ymm13
+        vpor	%ymm4, %ymm14, %ymm14
+        vpandn	%ymm12, %ymm11, %ymm0
+        vpandn	%ymm13, %ymm12, %ymm1
+        vpandn	%ymm14, %ymm13, %ymm2
+        vpandn	%ymm10, %ymm14, %ymm3
+        vpandn	%ymm11, %ymm10, %ymm4
+        vpxor	%ymm10, %ymm0, %ymm0
+        vpxor	%ymm11, %ymm1, %ymm1
+        vpxor	%ymm12, %ymm2, %ymm2
+        vpxor	%ymm13, %ymm3, %ymm3
+        vpxor	%ymm14, %ymm4, %ymm4
+        vmovdqu	%ymm0, 128(%rax)
+        vmovdqu	%ymm1, 32(%rcx)
+        vmovdqu	%ymm2, -96(%rdi)
+        vmovdqu	%ymm3, 64(%rdi)
+        vmovdqu	%ymm4, -32(%rax)
+        # Row 3
+        vpxor	64(%rax), %ymm9, %ymm10
+        vpxor	-32(%rcx), %ymm5, %ymm11
+        vpxor	128(%rcx), %ymm6, %ymm12
+        vpxor	(%rdi), %ymm7, %ymm13
+        vpxor	-96(%rax), %ymm8, %ymm14
+        vpsrlq	$37, %ymm10, %ymm0
+        vpsrlq	$28, %ymm11, %ymm1
+        vpsrlq	$54, %ymm12, %ymm2
+        vpsrlq	$49, %ymm13, %ymm3
+        vpsrlq	$8, %ymm14, %ymm4
+        vpsllq	$27, %ymm10, %ymm10
+        vpsllq	$36, %ymm11, %ymm11
+        vpsllq	$10, %ymm12, %ymm12
+        vpsllq	$15, %ymm13, %ymm13
+        vpsllq	$56, %ymm14, %ymm14
+        vpor	%ymm0, %ymm10, %ymm10
+        vpor	%ymm1, %ymm11, %ymm11
+        vpor	%ymm2, %ymm12, %ymm12
+        vpor	%ymm3, %ymm13, %ymm13
+        vpor	%ymm4, %ymm14, %ymm14
+        vpandn	%ymm12, %ymm11, %ymm0
+        vpandn	%ymm13, %ymm12, %ymm1
+        vpandn	%ymm14, %ymm13, %ymm2
+        vpandn	%ymm10, %ymm14, %ymm3
+        vpandn	%ymm11, %ymm10, %ymm4
+        vpxor	%ymm10, %ymm0, %ymm0
+        vpxor	%ymm11, %ymm1, %ymm1
+        vpxor	%ymm12, %ymm2, %ymm2
+        vpxor	%ymm13, %ymm3, %ymm3
+        vpxor	%ymm14, %ymm4, %ymm4
+        vmovdqu	%ymm0, 64(%rax)
+        vmovdqu	%ymm1, -32(%rcx)
+        vmovdqu	%ymm2, 128(%rcx)
+        vmovdqu	%ymm3, (%rdi)
+        vmovdqu	%ymm4, -96(%rax)
+        # Row 4
+        vpxor	96(%rdi), %ymm7, %ymm10
+        vpxor	(%rax), %ymm8, %ymm11
+        vpxor	-96(%rcx), %ymm9, %ymm12
+        vpxor	64(%rcx), %ymm5, %ymm13
+        vpxor	-64(%rdi), %ymm6, %ymm14
+        vpsrlq	$2, %ymm10, %ymm0
+        vpsrlq	$9, %ymm11, %ymm1
+        vpsrlq	$25, %ymm12, %ymm2
+        vpsrlq	$23, %ymm13, %ymm3
+        vpsrlq	$62, %ymm14, %ymm4
+        vpsllq	$62, %ymm10, %ymm10
+        vpsllq	$55, %ymm11, %ymm11
+        vpsllq	$39, %ymm12, %ymm12
+        vpsllq	$41, %ymm13, %ymm13
+        vpsllq	$2, %ymm14, %ymm14
+        vpor	%ymm0, %ymm10, %ymm10
+        vpor	%ymm1, %ymm11, %ymm11
+        vpor	%ymm2, %ymm12, %ymm12
+        vpor	%ymm3, %ymm13, %ymm13
+        vpor	%ymm4, %ymm14, %ymm14
+        vpandn	%ymm12, %ymm11, %ymm0
+        vpandn	%ymm13, %ymm12, %ymm1
+        vpandn	%ymm14, %ymm13, %ymm2
+        vpandn	%ymm10, %ymm14, %ymm3
+        vpandn	%ymm11, %ymm10, %ymm4
+        vpxor	%ymm10, %ymm0, %ymm0
+        vpxor	%ymm11, %ymm1, %ymm1
+        vpxor	%ymm12, %ymm2, %ymm2
+        vpxor	%ymm13, %ymm3, %ymm3
+        vpxor	%ymm14, %ymm4, %ymm4
+        vmovdqu	%ymm0, 96(%rdi)
+        vmovdqu	%ymm1, (%rax)
+        vmovdqu	%ymm2, -96(%rcx)
+        vmovdqu	%ymm3, 64(%rcx)
+        vmovdqu	%ymm4, -64(%rdi)
+        # Round 17
+        # Calc b[0..4]
+        vpxor	%ymm15, %ymm0, %ymm10
+        vpxor	-96(%rdi), %ymm2, %ymm12
+        vpxor	-32(%rdi), %ymm1, %ymm11
+        vpxor	(%rdi), %ymm3, %ymm13
+        vpxor	32(%rdi), %ymm11, %ymm11
+        vpxor	64(%rdi), %ymm13, %ymm13
+        vpxor	128(%rdi), %ymm12, %ymm12
+        vpxor	-96(%rax), %ymm4, %ymm14
+        vpxor	-64(%rax), %ymm12, %ymm12
+        vpxor	-32(%rax), %ymm14, %ymm14
+        vpxor	32(%rax), %ymm13, %ymm13
+        vpxor	64(%rax), %ymm10, %ymm10
+        vpxor	96(%rax), %ymm13, %ymm13
+        vpxor	128(%rax), %ymm10, %ymm10
+        vpxor	-64(%rcx), %ymm14, %ymm14
+        vpxor	-32(%rcx), %ymm11, %ymm11
+        vpxor	(%rcx), %ymm14, %ymm14
+        vpxor	32(%rcx), %ymm11, %ymm11
+        vpxor	96(%rcx), %ymm10, %ymm10
+        vpxor	128(%rcx), %ymm12, %ymm12
+        # Calc t[0..4]
+        vpsrlq	$63, %ymm11, %ymm0
+        vpsrlq	$63, %ymm12, %ymm1
+        vpsrlq	$63, %ymm13, %ymm2
+        vpsrlq	$63, %ymm14, %ymm3
+        vpsrlq	$63, %ymm10, %ymm4
+        vpaddq	%ymm11, %ymm11, %ymm5
+        vpaddq	%ymm12, %ymm12, %ymm6
+        vpaddq	%ymm13, %ymm13, %ymm7
+        vpaddq	%ymm14, %ymm14, %ymm8
+        vpaddq	%ymm10, %ymm10, %ymm9
+        vpor	%ymm0, %ymm5, %ymm5
+        vpor	%ymm1, %ymm6, %ymm6
+        vpor	%ymm2, %ymm7, %ymm7
+        vpor	%ymm3, %ymm8, %ymm8
+        vpor	%ymm4, %ymm9, %ymm9
+        vpxor	%ymm14, %ymm5, %ymm5
+        vpxor	%ymm10, %ymm6, %ymm6
+        vpxor	%ymm11, %ymm7, %ymm7
+        vpxor	%ymm12, %ymm8, %ymm8
+        vpxor	%ymm13, %ymm9, %ymm9
+        # Row Mix
+        # Row 0
+        vpxor	%ymm15, %ymm5, %ymm10
+        vpxor	-32(%rdi), %ymm6, %ymm11
+        vpxor	-96(%rdi), %ymm7, %ymm12
+        vpxor	(%rdi), %ymm8, %ymm13
+        vpxor	-64(%rdi), %ymm9, %ymm14
+        vpsrlq	$20, %ymm11, %ymm0
+        vpsrlq	$21, %ymm12, %ymm1
+        vpsrlq	$43, %ymm13, %ymm2
+        vpsrlq	$50, %ymm14, %ymm3
+        vpsllq	$44, %ymm11, %ymm11
+        vpsllq	$43, %ymm12, %ymm12
+        vpsllq	$21, %ymm13, %ymm13
+        vpsllq	$14, %ymm14, %ymm14
+        vpor	%ymm0, %ymm11, %ymm11
+        vpor	%ymm1, %ymm12, %ymm12
+        vpor	%ymm2, %ymm13, %ymm13
+        vpor	%ymm3, %ymm14, %ymm14
+        vpandn	%ymm12, %ymm11, %ymm15
+        vpandn	%ymm13, %ymm12, %ymm1
+        vpandn	%ymm14, %ymm13, %ymm2
+        vpandn	%ymm10, %ymm14, %ymm3
+        vpandn	%ymm11, %ymm10, %ymm4
+        vpxor	%ymm10, %ymm15, %ymm15
+        vpxor	%ymm11, %ymm1, %ymm1
+        vpxor	%ymm12, %ymm2, %ymm2
+        # XOR in constant
+        vpxor	544(%rdx), %ymm15, %ymm15
+        vpxor	%ymm13, %ymm3, %ymm3
+        vpxor	%ymm14, %ymm4, %ymm4
+        vmovdqu	%ymm1, -32(%rdi)
+        vmovdqu	%ymm2, -96(%rdi)
+        vmovdqu	%ymm3, (%rdi)
+        vmovdqu	%ymm4, -64(%rdi)
+        # Row 1
+        vpxor	96(%rax), %ymm8, %ymm10
+        vpxor	-64(%rcx), %ymm9, %ymm11
+        vpxor	128(%rax), %ymm5, %ymm12
+        vpxor	-32(%rcx), %ymm6, %ymm13
+        vpxor	-96(%rcx), %ymm7, %ymm14
+        vpsrlq	$36, %ymm10, %ymm0
+        vpsrlq	$44, %ymm11, %ymm1
+        vpsrlq	$61, %ymm12, %ymm2
+        vpsrlq	$19, %ymm13, %ymm3
+        vpsrlq	$3, %ymm14, %ymm4
+        vpsllq	$28, %ymm10, %ymm10
+        vpsllq	$20, %ymm11, %ymm11
+        vpsllq	$3, %ymm12, %ymm12
+        vpsllq	$45, %ymm13, %ymm13
+        vpsllq	$61, %ymm14, %ymm14
+        vpor	%ymm0, %ymm10, %ymm10
+        vpor	%ymm1, %ymm11, %ymm11
+        vpor	%ymm2, %ymm12, %ymm12
+        vpor	%ymm3, %ymm13, %ymm13
+        vpor	%ymm4, %ymm14, %ymm14
+        vpandn	%ymm12, %ymm11, %ymm0
+        vpandn	%ymm13, %ymm12, %ymm1
+        vpandn	%ymm14, %ymm13, %ymm2
+        vpandn	%ymm10, %ymm14, %ymm3
+        vpandn	%ymm11, %ymm10, %ymm4
+        vpxor	%ymm10, %ymm0, %ymm0
+        vpxor	%ymm11, %ymm1, %ymm1
+        vpxor	%ymm12, %ymm2, %ymm2
+        vpxor	%ymm13, %ymm3, %ymm3
+        vpxor	%ymm14, %ymm4, %ymm4
+        vmovdqu	%ymm0, 96(%rax)
+        vmovdqu	%ymm1, -64(%rcx)
+        vmovdqu	%ymm2, 128(%rax)
+        vmovdqu	%ymm3, -32(%rcx)
+        vmovdqu	%ymm4, -96(%rcx)
+        # Row 2
+        vpxor	32(%rdi), %ymm6, %ymm10
+        vpxor	128(%rdi), %ymm7, %ymm11
+        vpxor	64(%rdi), %ymm8, %ymm12
+        vpxor	-96(%rax), %ymm9, %ymm13
+        vpxor	96(%rdi), %ymm5, %ymm14
+        vpsrlq	$63, %ymm10, %ymm0
+        vpsrlq	$58, %ymm11, %ymm1
+        vpsrlq	$39, %ymm12, %ymm2
+        vpsrlq	$56, %ymm13, %ymm3
+        vpsrlq	$46, %ymm14, %ymm4
+        vpaddq	%ymm10, %ymm10, %ymm10
+        vpsllq	$6, %ymm11, %ymm11
+        vpsllq	$25, %ymm12, %ymm12
+        vpsllq	$8, %ymm13, %ymm13
+        vpsllq	$18, %ymm14, %ymm14
+        vpor	%ymm0, %ymm10, %ymm10
+        vpor	%ymm1, %ymm11, %ymm11
+        vpor	%ymm2, %ymm12, %ymm12
+        vpor	%ymm3, %ymm13, %ymm13
+        vpor	%ymm4, %ymm14, %ymm14
+        vpandn	%ymm12, %ymm11, %ymm0
+        vpandn	%ymm13, %ymm12, %ymm1
+        vpandn	%ymm14, %ymm13, %ymm2
+        vpandn	%ymm10, %ymm14, %ymm3
+        vpandn	%ymm11, %ymm10, %ymm4
+        vpxor	%ymm10, %ymm0, %ymm0
+        vpxor	%ymm11, %ymm1, %ymm1
+        vpxor	%ymm12, %ymm2, %ymm2
+        vpxor	%ymm13, %ymm3, %ymm3
+        vpxor	%ymm14, %ymm4, %ymm4
+        vmovdqu	%ymm0, 32(%rdi)
+        vmovdqu	%ymm1, 128(%rdi)
+        vmovdqu	%ymm2, 64(%rdi)
+        vmovdqu	%ymm3, -96(%rax)
+        vmovdqu	%ymm4, 96(%rdi)
+        # Row 3
+        vpxor	(%rcx), %ymm9, %ymm10
+        vpxor	96(%rcx), %ymm5, %ymm11
+        vpxor	32(%rcx), %ymm6, %ymm12
+        vpxor	128(%rcx), %ymm7, %ymm13
+        vpxor	64(%rcx), %ymm8, %ymm14
+        vpsrlq	$37, %ymm10, %ymm0
+        vpsrlq	$28, %ymm11, %ymm1
+        vpsrlq	$54, %ymm12, %ymm2
+        vpsrlq	$49, %ymm13, %ymm3
+        vpsrlq	$8, %ymm14, %ymm4
+        vpsllq	$27, %ymm10, %ymm10
+        vpsllq	$36, %ymm11, %ymm11
+        vpsllq	$10, %ymm12, %ymm12
+        vpsllq	$15, %ymm13, %ymm13
+        vpsllq	$56, %ymm14, %ymm14
+        vpor	%ymm0, %ymm10, %ymm10
+        vpor	%ymm1, %ymm11, %ymm11
+        vpor	%ymm2, %ymm12, %ymm12
+        vpor	%ymm3, %ymm13, %ymm13
+        vpor	%ymm4, %ymm14, %ymm14
+        vpandn	%ymm12, %ymm11, %ymm0
+        vpandn	%ymm13, %ymm12, %ymm1
+        vpandn	%ymm14, %ymm13, %ymm2
+        vpandn	%ymm10, %ymm14, %ymm3
+        vpandn	%ymm11, %ymm10, %ymm4
+        vpxor	%ymm10, %ymm0, %ymm0
+        vpxor	%ymm11, %ymm1, %ymm1
+        vpxor	%ymm12, %ymm2, %ymm2
+        vpxor	%ymm13, %ymm3, %ymm3
+        vpxor	%ymm14, %ymm4, %ymm4
+        vmovdqu	%ymm0, (%rcx)
+        vmovdqu	%ymm1, 96(%rcx)
+        vmovdqu	%ymm2, 32(%rcx)
+        vmovdqu	%ymm3, 128(%rcx)
+        vmovdqu	%ymm4, 64(%rcx)
+        # Row 4
+        vpxor	-64(%rax), %ymm7, %ymm10
+        vpxor	32(%rax), %ymm8, %ymm11
+        vpxor	-32(%rax), %ymm9, %ymm12
+        vpxor	64(%rax), %ymm5, %ymm13
+        vpxor	(%rax), %ymm6, %ymm14
+        vpsrlq	$2, %ymm10, %ymm0
+        vpsrlq	$9, %ymm11, %ymm1
+        vpsrlq	$25, %ymm12, %ymm2
+        vpsrlq	$23, %ymm13, %ymm3
+        vpsrlq	$62, %ymm14, %ymm4
+        vpsllq	$62, %ymm10, %ymm10
+        vpsllq	$55, %ymm11, %ymm11
+        vpsllq	$39, %ymm12, %ymm12
+        vpsllq	$41, %ymm13, %ymm13
+        vpsllq	$2, %ymm14, %ymm14
+        vpor	%ymm0, %ymm10, %ymm10
+        vpor	%ymm1, %ymm11, %ymm11
+        vpor	%ymm2, %ymm12, %ymm12
+        vpor	%ymm3, %ymm13, %ymm13
+        vpor	%ymm4, %ymm14, %ymm14
+        vpandn	%ymm12, %ymm11, %ymm0
+        vpandn	%ymm13, %ymm12, %ymm1
+        vpandn	%ymm14, %ymm13, %ymm2
+        vpandn	%ymm10, %ymm14, %ymm3
+        vpandn	%ymm11, %ymm10, %ymm4
+        vpxor	%ymm10, %ymm0, %ymm0
+        vpxor	%ymm11, %ymm1, %ymm1
+        vpxor	%ymm12, %ymm2, %ymm2
+        vpxor	%ymm13, %ymm3, %ymm3
+        vpxor	%ymm14, %ymm4, %ymm4
+        vmovdqu	%ymm0, -64(%rax)
+        vmovdqu	%ymm1, 32(%rax)
+        vmovdqu	%ymm2, -32(%rax)
+        vmovdqu	%ymm3, 64(%rax)
+        vmovdqu	%ymm4, (%rax)
+        # Round 18
+        # Calc b[0..4]
+        vpxor	%ymm15, %ymm0, %ymm10
+        vpxor	-96(%rdi), %ymm2, %ymm12
+        vpxor	-64(%rdi), %ymm4, %ymm14
+        vpxor	-32(%rdi), %ymm1, %ymm11
+        vpxor	(%rdi), %ymm3, %ymm13
+        vpxor	32(%rdi), %ymm10, %ymm10
+        vpxor	64(%rdi), %ymm12, %ymm12
+        vpxor	96(%rdi), %ymm14, %ymm14
+        vpxor	128(%rdi), %ymm11, %ymm11
+        vpxor	-96(%rax), %ymm13, %ymm13
+        vpxor	96(%rax), %ymm10, %ymm10
+        vpxor	128(%rax), %ymm12, %ymm12
+        vpxor	-96(%rcx), %ymm14, %ymm14
+        vpxor	-64(%rcx), %ymm11, %ymm11
+        vpxor	-32(%rcx), %ymm13, %ymm13
+        vpxor	(%rcx), %ymm10, %ymm10
+        vpxor	32(%rcx), %ymm12, %ymm12
+        vpxor	64(%rcx), %ymm14, %ymm14
+        vpxor	96(%rcx), %ymm11, %ymm11
+        vpxor	128(%rcx), %ymm13, %ymm13
+        # Calc t[0..4]
+        vpsrlq	$63, %ymm11, %ymm0
+        vpsrlq	$63, %ymm12, %ymm1
+        vpsrlq	$63, %ymm13, %ymm2
+        vpsrlq	$63, %ymm14, %ymm3
+        vpsrlq	$63, %ymm10, %ymm4
+        vpaddq	%ymm11, %ymm11, %ymm5
+        vpaddq	%ymm12, %ymm12, %ymm6
+        vpaddq	%ymm13, %ymm13, %ymm7
+        vpaddq	%ymm14, %ymm14, %ymm8
+        vpaddq	%ymm10, %ymm10, %ymm9
+        vpor	%ymm0, %ymm5, %ymm5
+        vpor	%ymm1, %ymm6, %ymm6
+        vpor	%ymm2, %ymm7, %ymm7
+        vpor	%ymm3, %ymm8, %ymm8
+        vpor	%ymm4, %ymm9, %ymm9
+        vpxor	%ymm14, %ymm5, %ymm5
+        vpxor	%ymm10, %ymm6, %ymm6
+        vpxor	%ymm11, %ymm7, %ymm7
+        vpxor	%ymm12, %ymm8, %ymm8
+        vpxor	%ymm13, %ymm9, %ymm9
+        # Row Mix
+        # Row 0
+        vpxor	%ymm15, %ymm5, %ymm10
+        vpxor	-64(%rcx), %ymm6, %ymm11
+        vpxor	64(%rdi), %ymm7, %ymm12
+        vpxor	128(%rcx), %ymm8, %ymm13
+        vpxor	(%rax), %ymm9, %ymm14
+        vpsrlq	$20, %ymm11, %ymm0
+        vpsrlq	$21, %ymm12, %ymm1
+        vpsrlq	$43, %ymm13, %ymm2
+        vpsrlq	$50, %ymm14, %ymm3
+        vpsllq	$44, %ymm11, %ymm11
+        vpsllq	$43, %ymm12, %ymm12
+        vpsllq	$21, %ymm13, %ymm13
+        vpsllq	$14, %ymm14, %ymm14
+        vpor	%ymm0, %ymm11, %ymm11
+        vpor	%ymm1, %ymm12, %ymm12
+        vpor	%ymm2, %ymm13, %ymm13
+        vpor	%ymm3, %ymm14, %ymm14
+        vpandn	%ymm12, %ymm11, %ymm15
+        vpandn	%ymm13, %ymm12, %ymm1
+        vpandn	%ymm14, %ymm13, %ymm2
+        vpandn	%ymm10, %ymm14, %ymm3
+        vpandn	%ymm11, %ymm10, %ymm4
+        vpxor	%ymm10, %ymm15, %ymm15
+        vpxor	%ymm11, %ymm1, %ymm1
+        vpxor	%ymm12, %ymm2, %ymm2
+        # XOR in constant
+        vpxor	576(%rdx), %ymm15, %ymm15
+        vpxor	%ymm13, %ymm3, %ymm3
+        vpxor	%ymm14, %ymm4, %ymm4
+        vmovdqu	%ymm1, -64(%rcx)
+        vmovdqu	%ymm2, 64(%rdi)
+        vmovdqu	%ymm3, 128(%rcx)
+        vmovdqu	%ymm4, (%rax)
+        # Row 1
+        vpxor	(%rdi), %ymm8, %ymm10
+        vpxor	-96(%rcx), %ymm9, %ymm11
+        vpxor	32(%rdi), %ymm5, %ymm12
+        vpxor	96(%rcx), %ymm6, %ymm13
+        vpxor	-32(%rax), %ymm7, %ymm14
+        vpsrlq	$36, %ymm10, %ymm0
+        vpsrlq	$44, %ymm11, %ymm1
+        vpsrlq	$61, %ymm12, %ymm2
+        vpsrlq	$19, %ymm13, %ymm3
+        vpsrlq	$3, %ymm14, %ymm4
+        vpsllq	$28, %ymm10, %ymm10
+        vpsllq	$20, %ymm11, %ymm11
+        vpsllq	$3, %ymm12, %ymm12
+        vpsllq	$45, %ymm13, %ymm13
+        vpsllq	$61, %ymm14, %ymm14
+        vpor	%ymm0, %ymm10, %ymm10
+        vpor	%ymm1, %ymm11, %ymm11
+        vpor	%ymm2, %ymm12, %ymm12
+        vpor	%ymm3, %ymm13, %ymm13
+        vpor	%ymm4, %ymm14, %ymm14
+        vpandn	%ymm12, %ymm11, %ymm0
+        vpandn	%ymm13, %ymm12, %ymm1
+        vpandn	%ymm14, %ymm13, %ymm2
+        vpandn	%ymm10, %ymm14, %ymm3
+        vpandn	%ymm11, %ymm10, %ymm4
+        vpxor	%ymm10, %ymm0, %ymm0
+        vpxor	%ymm11, %ymm1, %ymm1
+        vpxor	%ymm12, %ymm2, %ymm2
+        vpxor	%ymm13, %ymm3, %ymm3
+        vpxor	%ymm14, %ymm4, %ymm4
+        vmovdqu	%ymm0, (%rdi)
+        vmovdqu	%ymm1, -96(%rcx)
+        vmovdqu	%ymm2, 32(%rdi)
+        vmovdqu	%ymm3, 96(%rcx)
+        vmovdqu	%ymm4, -32(%rax)
+        # Row 2
+        vpxor	-32(%rdi), %ymm6, %ymm10
+        vpxor	128(%rax), %ymm7, %ymm11
+        vpxor	-96(%rax), %ymm8, %ymm12
+        vpxor	64(%rcx), %ymm9, %ymm13
+        vpxor	-64(%rax), %ymm5, %ymm14
+        vpsrlq	$63, %ymm10, %ymm0
+        vpsrlq	$58, %ymm11, %ymm1
+        vpsrlq	$39, %ymm12, %ymm2
+        vpsrlq	$56, %ymm13, %ymm3
+        vpsrlq	$46, %ymm14, %ymm4
+        vpaddq	%ymm10, %ymm10, %ymm10
+        vpsllq	$6, %ymm11, %ymm11
+        vpsllq	$25, %ymm12, %ymm12
+        vpsllq	$8, %ymm13, %ymm13
+        vpsllq	$18, %ymm14, %ymm14
+        vpor	%ymm0, %ymm10, %ymm10
+        vpor	%ymm1, %ymm11, %ymm11
+        vpor	%ymm2, %ymm12, %ymm12
+        vpor	%ymm3, %ymm13, %ymm13
+        vpor	%ymm4, %ymm14, %ymm14
+        vpandn	%ymm12, %ymm11, %ymm0
+        vpandn	%ymm13, %ymm12, %ymm1
+        vpandn	%ymm14, %ymm13, %ymm2
+        vpandn	%ymm10, %ymm14, %ymm3
+        vpandn	%ymm11, %ymm10, %ymm4
+        vpxor	%ymm10, %ymm0, %ymm0
+        vpxor	%ymm11, %ymm1, %ymm1
+        vpxor	%ymm12, %ymm2, %ymm2
+        vpxor	%ymm13, %ymm3, %ymm3
+        vpxor	%ymm14, %ymm4, %ymm4
+        vmovdqu	%ymm0, -32(%rdi)
+        vmovdqu	%ymm1, 128(%rax)
+        vmovdqu	%ymm2, -96(%rax)
+        vmovdqu	%ymm3, 64(%rcx)
+        vmovdqu	%ymm4, -64(%rax)
+        # Row 3
+        vpxor	-64(%rdi), %ymm9, %ymm10
+        vpxor	96(%rax), %ymm5, %ymm11
+        vpxor	128(%rdi), %ymm6, %ymm12
+        vpxor	32(%rcx), %ymm7, %ymm13
+        vpxor	64(%rax), %ymm8, %ymm14
+        vpsrlq	$37, %ymm10, %ymm0
+        vpsrlq	$28, %ymm11, %ymm1
+        vpsrlq	$54, %ymm12, %ymm2
+        vpsrlq	$49, %ymm13, %ymm3
+        vpsrlq	$8, %ymm14, %ymm4
+        vpsllq	$27, %ymm10, %ymm10
+        vpsllq	$36, %ymm11, %ymm11
+        vpsllq	$10, %ymm12, %ymm12
+        vpsllq	$15, %ymm13, %ymm13
+        vpsllq	$56, %ymm14, %ymm14
+        vpor	%ymm0, %ymm10, %ymm10
+        vpor	%ymm1, %ymm11, %ymm11
+        vpor	%ymm2, %ymm12, %ymm12
+        vpor	%ymm3, %ymm13, %ymm13
+        vpor	%ymm4, %ymm14, %ymm14
+        vpandn	%ymm12, %ymm11, %ymm0
+        vpandn	%ymm13, %ymm12, %ymm1
+        vpandn	%ymm14, %ymm13, %ymm2
+        vpandn	%ymm10, %ymm14, %ymm3
+        vpandn	%ymm11, %ymm10, %ymm4
+        vpxor	%ymm10, %ymm0, %ymm0
+        vpxor	%ymm11, %ymm1, %ymm1
+        vpxor	%ymm12, %ymm2, %ymm2
+        vpxor	%ymm13, %ymm3, %ymm3
+        vpxor	%ymm14, %ymm4, %ymm4
+        vmovdqu	%ymm0, -64(%rdi)
+        vmovdqu	%ymm1, 96(%rax)
+        vmovdqu	%ymm2, 128(%rdi)
+        vmovdqu	%ymm3, 32(%rcx)
+        vmovdqu	%ymm4, 64(%rax)
+        # Row 4
+        vpxor	-96(%rdi), %ymm7, %ymm10
+        vpxor	-32(%rcx), %ymm8, %ymm11
+        vpxor	96(%rdi), %ymm9, %ymm12
+        vpxor	(%rcx), %ymm5, %ymm13
+        vpxor	32(%rax), %ymm6, %ymm14
+        vpsrlq	$2, %ymm10, %ymm0
+        vpsrlq	$9, %ymm11, %ymm1
+        vpsrlq	$25, %ymm12, %ymm2
+        vpsrlq	$23, %ymm13, %ymm3
+        vpsrlq	$62, %ymm14, %ymm4
+        vpsllq	$62, %ymm10, %ymm10
+        vpsllq	$55, %ymm11, %ymm11
+        vpsllq	$39, %ymm12, %ymm12
+        vpsllq	$41, %ymm13, %ymm13
+        vpsllq	$2, %ymm14, %ymm14
+        vpor	%ymm0, %ymm10, %ymm10
+        vpor	%ymm1, %ymm11, %ymm11
+        vpor	%ymm2, %ymm12, %ymm12
+        vpor	%ymm3, %ymm13, %ymm13
+        vpor	%ymm4, %ymm14, %ymm14
+        vpandn	%ymm12, %ymm11, %ymm0
+        vpandn	%ymm13, %ymm12, %ymm1
+        vpandn	%ymm14, %ymm13, %ymm2
+        vpandn	%ymm10, %ymm14, %ymm3
+        vpandn	%ymm11, %ymm10, %ymm4
+        vpxor	%ymm10, %ymm0, %ymm0
+        vpxor	%ymm11, %ymm1, %ymm1
+        vpxor	%ymm12, %ymm2, %ymm2
+        vpxor	%ymm13, %ymm3, %ymm3
+        vpxor	%ymm14, %ymm4, %ymm4
+        vmovdqu	%ymm0, -96(%rdi)
+        vmovdqu	%ymm1, -32(%rcx)
+        vmovdqu	%ymm2, 96(%rdi)
+        vmovdqu	%ymm3, (%rcx)
+        vmovdqu	%ymm4, 32(%rax)
+        # Round 19
+        # Calc b[0..4]
+        vpxor	%ymm15, %ymm0, %ymm10
+        vpxor	-64(%rdi), %ymm10, %ymm10
+        vpxor	-32(%rdi), %ymm10, %ymm10
+        vpxor	(%rdi), %ymm10, %ymm10
+        vpxor	32(%rdi), %ymm2, %ymm12
+        vpxor	64(%rdi), %ymm12, %ymm12
+        vpxor	128(%rdi), %ymm12, %ymm12
+        vpxor	-96(%rax), %ymm12, %ymm12
+        vpxor	-64(%rax), %ymm4, %ymm14
+        vpxor	-32(%rax), %ymm14, %ymm14
+        vpxor	(%rax), %ymm14, %ymm14
+        vpxor	64(%rax), %ymm14, %ymm14
+        vpxor	96(%rax), %ymm1, %ymm11
+        vpxor	128(%rax), %ymm11, %ymm11
+        vpxor	-96(%rcx), %ymm11, %ymm11
+        vpxor	-64(%rcx), %ymm11, %ymm11
+        vpxor	32(%rcx), %ymm3, %ymm13
+        vpxor	64(%rcx), %ymm13, %ymm13
+        vpxor	96(%rcx), %ymm13, %ymm13
+        vpxor	128(%rcx), %ymm13, %ymm13
+        # Calc t[0..4]
+        vpsrlq	$63, %ymm11, %ymm0
+        vpsrlq	$63, %ymm12, %ymm1
+        vpsrlq	$63, %ymm13, %ymm2
+        vpsrlq	$63, %ymm14, %ymm3
+        vpsrlq	$63, %ymm10, %ymm4
+        vpaddq	%ymm11, %ymm11, %ymm5
+        vpaddq	%ymm12, %ymm12, %ymm6
+        vpaddq	%ymm13, %ymm13, %ymm7
+        vpaddq	%ymm14, %ymm14, %ymm8
+        vpaddq	%ymm10, %ymm10, %ymm9
+        vpor	%ymm0, %ymm5, %ymm5
+        vpor	%ymm1, %ymm6, %ymm6
+        vpor	%ymm2, %ymm7, %ymm7
+        vpor	%ymm3, %ymm8, %ymm8
+        vpor	%ymm4, %ymm9, %ymm9
+        vpxor	%ymm14, %ymm5, %ymm5
+        vpxor	%ymm10, %ymm6, %ymm6
+        vpxor	%ymm11, %ymm7, %ymm7
+        vpxor	%ymm12, %ymm8, %ymm8
+        vpxor	%ymm13, %ymm9, %ymm9
+        # Row Mix
+        # Row 0
+        vpxor	%ymm15, %ymm5, %ymm10
+        vpxor	-96(%rcx), %ymm6, %ymm11
+        vpxor	-96(%rax), %ymm7, %ymm12
+        vpxor	32(%rcx), %ymm8, %ymm13
+        vpxor	32(%rax), %ymm9, %ymm14
+        vpsrlq	$20, %ymm11, %ymm0
+        vpsrlq	$21, %ymm12, %ymm1
+        vpsrlq	$43, %ymm13, %ymm2
+        vpsrlq	$50, %ymm14, %ymm3
+        vpsllq	$44, %ymm11, %ymm11
+        vpsllq	$43, %ymm12, %ymm12
+        vpsllq	$21, %ymm13, %ymm13
+        vpsllq	$14, %ymm14, %ymm14
+        vpor	%ymm0, %ymm11, %ymm11
+        vpor	%ymm1, %ymm12, %ymm12
+        vpor	%ymm2, %ymm13, %ymm13
+        vpor	%ymm3, %ymm14, %ymm14
+        vpandn	%ymm12, %ymm11, %ymm15
+        vpandn	%ymm13, %ymm12, %ymm1
+        vpandn	%ymm14, %ymm13, %ymm2
+        vpandn	%ymm10, %ymm14, %ymm3
+        vpandn	%ymm11, %ymm10, %ymm4
+        vpxor	%ymm10, %ymm15, %ymm15
+        vpxor	%ymm11, %ymm1, %ymm1
+        vpxor	%ymm12, %ymm2, %ymm2
+        # XOR in constant
+        vpxor	608(%rdx), %ymm15, %ymm15
+        vpxor	%ymm13, %ymm3, %ymm3
+        vpxor	%ymm14, %ymm4, %ymm4
+        vmovdqu	%ymm1, -96(%rcx)
+        vmovdqu	%ymm2, -96(%rax)
+        vmovdqu	%ymm3, 32(%rcx)
+        vmovdqu	%ymm4, 32(%rax)
+        # Row 1
+        vpxor	128(%rcx), %ymm8, %ymm10
+        vpxor	-32(%rax), %ymm9, %ymm11
+        vpxor	-32(%rdi), %ymm5, %ymm12
+        vpxor	96(%rax), %ymm6, %ymm13
+        vpxor	96(%rdi), %ymm7, %ymm14
+        vpsrlq	$36, %ymm10, %ymm0
+        vpsrlq	$44, %ymm11, %ymm1
+        vpsrlq	$61, %ymm12, %ymm2
+        vpsrlq	$19, %ymm13, %ymm3
+        vpsrlq	$3, %ymm14, %ymm4
+        vpsllq	$28, %ymm10, %ymm10
+        vpsllq	$20, %ymm11, %ymm11
+        vpsllq	$3, %ymm12, %ymm12
+        vpsllq	$45, %ymm13, %ymm13
+        vpsllq	$61, %ymm14, %ymm14
+        vpor	%ymm0, %ymm10, %ymm10
+        vpor	%ymm1, %ymm11, %ymm11
+        vpor	%ymm2, %ymm12, %ymm12
+        vpor	%ymm3, %ymm13, %ymm13
+        vpor	%ymm4, %ymm14, %ymm14
+        vpandn	%ymm12, %ymm11, %ymm0
+        vpandn	%ymm13, %ymm12, %ymm1
+        vpandn	%ymm14, %ymm13, %ymm2
+        vpandn	%ymm10, %ymm14, %ymm3
+        vpandn	%ymm11, %ymm10, %ymm4
+        vpxor	%ymm10, %ymm0, %ymm0
+        vpxor	%ymm11, %ymm1, %ymm1
+        vpxor	%ymm12, %ymm2, %ymm2
+        vpxor	%ymm13, %ymm3, %ymm3
+        vpxor	%ymm14, %ymm4, %ymm4
+        vmovdqu	%ymm0, 128(%rcx)
+        vmovdqu	%ymm1, -32(%rax)
+        vmovdqu	%ymm2, -32(%rdi)
+        vmovdqu	%ymm3, 96(%rax)
+        vmovdqu	%ymm4, 96(%rdi)
+        # Row 2
+        vpxor	-64(%rcx), %ymm6, %ymm10
+        vpxor	32(%rdi), %ymm7, %ymm11
+        vpxor	64(%rcx), %ymm8, %ymm12
+        vpxor	64(%rax), %ymm9, %ymm13
+        vpxor	-96(%rdi), %ymm5, %ymm14
+        vpsrlq	$63, %ymm10, %ymm0
+        vpsrlq	$58, %ymm11, %ymm1
+        vpsrlq	$39, %ymm12, %ymm2
+        vpsrlq	$56, %ymm13, %ymm3
+        vpsrlq	$46, %ymm14, %ymm4
+        vpaddq	%ymm10, %ymm10, %ymm10
+        vpsllq	$6, %ymm11, %ymm11
+        vpsllq	$25, %ymm12, %ymm12
+        vpsllq	$8, %ymm13, %ymm13
+        vpsllq	$18, %ymm14, %ymm14
+        vpor	%ymm0, %ymm10, %ymm10
+        vpor	%ymm1, %ymm11, %ymm11
+        vpor	%ymm2, %ymm12, %ymm12
+        vpor	%ymm3, %ymm13, %ymm13
+        vpor	%ymm4, %ymm14, %ymm14
+        vpandn	%ymm12, %ymm11, %ymm0
+        vpandn	%ymm13, %ymm12, %ymm1
+        vpandn	%ymm14, %ymm13, %ymm2
+        vpandn	%ymm10, %ymm14, %ymm3
+        vpandn	%ymm11, %ymm10, %ymm4
+        vpxor	%ymm10, %ymm0, %ymm0
+        vpxor	%ymm11, %ymm1, %ymm1
+        vpxor	%ymm12, %ymm2, %ymm2
+        vpxor	%ymm13, %ymm3, %ymm3
+        vpxor	%ymm14, %ymm4, %ymm4
+        vmovdqu	%ymm0, -64(%rcx)
+        vmovdqu	%ymm1, 32(%rdi)
+        vmovdqu	%ymm2, 64(%rcx)
+        vmovdqu	%ymm3, 64(%rax)
+        vmovdqu	%ymm4, -96(%rdi)
+        # Row 3
+        vpxor	(%rax), %ymm9, %ymm10
+        vpxor	(%rdi), %ymm5, %ymm11
+        vpxor	128(%rax), %ymm6, %ymm12
+        vpxor	128(%rdi), %ymm7, %ymm13
+        vpxor	(%rcx), %ymm8, %ymm14
+        vpsrlq	$37, %ymm10, %ymm0
+        vpsrlq	$28, %ymm11, %ymm1
+        vpsrlq	$54, %ymm12, %ymm2
+        vpsrlq	$49, %ymm13, %ymm3
+        vpsrlq	$8, %ymm14, %ymm4
+        vpsllq	$27, %ymm10, %ymm10
+        vpsllq	$36, %ymm11, %ymm11
+        vpsllq	$10, %ymm12, %ymm12
+        vpsllq	$15, %ymm13, %ymm13
+        vpsllq	$56, %ymm14, %ymm14
+        vpor	%ymm0, %ymm10, %ymm10
+        vpor	%ymm1, %ymm11, %ymm11
+        vpor	%ymm2, %ymm12, %ymm12
+        vpor	%ymm3, %ymm13, %ymm13
+        vpor	%ymm4, %ymm14, %ymm14
+        vpandn	%ymm12, %ymm11, %ymm0
+        vpandn	%ymm13, %ymm12, %ymm1
+        vpandn	%ymm14, %ymm13, %ymm2
+        vpandn	%ymm10, %ymm14, %ymm3
+        vpandn	%ymm11, %ymm10, %ymm4
+        vpxor	%ymm10, %ymm0, %ymm0
+        vpxor	%ymm11, %ymm1, %ymm1
+        vpxor	%ymm12, %ymm2, %ymm2
+        vpxor	%ymm13, %ymm3, %ymm3
+        vpxor	%ymm14, %ymm4, %ymm4
+        vmovdqu	%ymm0, (%rax)
+        vmovdqu	%ymm1, (%rdi)
+        vmovdqu	%ymm2, 128(%rax)
+        vmovdqu	%ymm3, 128(%rdi)
+        vmovdqu	%ymm4, (%rcx)
+        # Row 4
+        vpxor	64(%rdi), %ymm7, %ymm10
+        vpxor	96(%rcx), %ymm8, %ymm11
+        vpxor	-64(%rax), %ymm9, %ymm12
+        vpxor	-64(%rdi), %ymm5, %ymm13
+        vpxor	-32(%rcx), %ymm6, %ymm14
+        vpsrlq	$2, %ymm10, %ymm0
+        vpsrlq	$9, %ymm11, %ymm1
+        vpsrlq	$25, %ymm12, %ymm2
+        vpsrlq	$23, %ymm13, %ymm3
+        vpsrlq	$62, %ymm14, %ymm4
+        vpsllq	$62, %ymm10, %ymm10
+        vpsllq	$55, %ymm11, %ymm11
+        vpsllq	$39, %ymm12, %ymm12
+        vpsllq	$41, %ymm13, %ymm13
+        vpsllq	$2, %ymm14, %ymm14
+        vpor	%ymm0, %ymm10, %ymm10
+        vpor	%ymm1, %ymm11, %ymm11
+        vpor	%ymm2, %ymm12, %ymm12
+        vpor	%ymm3, %ymm13, %ymm13
+        vpor	%ymm4, %ymm14, %ymm14
+        vpandn	%ymm12, %ymm11, %ymm0
+        vpandn	%ymm13, %ymm12, %ymm1
+        vpandn	%ymm14, %ymm13, %ymm2
+        vpandn	%ymm10, %ymm14, %ymm3
+        vpandn	%ymm11, %ymm10, %ymm4
+        vpxor	%ymm10, %ymm0, %ymm0
+        vpxor	%ymm11, %ymm1, %ymm1
+        vpxor	%ymm12, %ymm2, %ymm2
+        vpxor	%ymm13, %ymm3, %ymm3
+        vpxor	%ymm14, %ymm4, %ymm4
+        vmovdqu	%ymm0, 64(%rdi)
+        vmovdqu	%ymm1, 96(%rcx)
+        vmovdqu	%ymm2, -64(%rax)
+        vmovdqu	%ymm3, -64(%rdi)
+        vmovdqu	%ymm4, -32(%rcx)
+        # Round 20
+        # Calc b[0..4]
+        vpxor	%ymm15, %ymm0, %ymm10
+        vpxor	-96(%rdi), %ymm4, %ymm14
+        vpxor	-32(%rdi), %ymm2, %ymm12
+        vpxor	(%rdi), %ymm1, %ymm11
+        vpxor	32(%rdi), %ymm11, %ymm11
+        vpxor	96(%rdi), %ymm14, %ymm14
+        vpxor	128(%rdi), %ymm3, %ymm13
+        vpxor	-96(%rax), %ymm12, %ymm12
+        vpxor	-32(%rax), %ymm11, %ymm11
+        vpxor	(%rax), %ymm10, %ymm10
+        vpxor	32(%rax), %ymm14, %ymm14
+        vpxor	64(%rax), %ymm13, %ymm13
+        vpxor	96(%rax), %ymm13, %ymm13
+        vpxor	128(%rax), %ymm12, %ymm12
+        vpxor	-96(%rcx), %ymm11, %ymm11
+        vpxor	-64(%rcx), %ymm10, %ymm10
+        vpxor	(%rcx), %ymm14, %ymm14
+        vpxor	32(%rcx), %ymm13, %ymm13
+        vpxor	64(%rcx), %ymm12, %ymm12
+        vpxor	128(%rcx), %ymm10, %ymm10
+        # Calc t[0..4]
+        vpsrlq	$63, %ymm11, %ymm0
+        vpsrlq	$63, %ymm12, %ymm1
+        vpsrlq	$63, %ymm13, %ymm2
+        vpsrlq	$63, %ymm14, %ymm3
+        vpsrlq	$63, %ymm10, %ymm4
+        vpaddq	%ymm11, %ymm11, %ymm5
+        vpaddq	%ymm12, %ymm12, %ymm6
+        vpaddq	%ymm13, %ymm13, %ymm7
+        vpaddq	%ymm14, %ymm14, %ymm8
+        vpaddq	%ymm10, %ymm10, %ymm9
+        vpor	%ymm0, %ymm5, %ymm5
+        vpor	%ymm1, %ymm6, %ymm6
+        vpor	%ymm2, %ymm7, %ymm7
+        vpor	%ymm3, %ymm8, %ymm8
+        vpor	%ymm4, %ymm9, %ymm9
+        vpxor	%ymm14, %ymm5, %ymm5
+        vpxor	%ymm10, %ymm6, %ymm6
+        vpxor	%ymm11, %ymm7, %ymm7
+        vpxor	%ymm12, %ymm8, %ymm8
+        vpxor	%ymm13, %ymm9, %ymm9
+        # Row Mix
+        # Row 0
+        vpxor	%ymm15, %ymm5, %ymm10
+        vpxor	-32(%rax), %ymm6, %ymm11
+        vpxor	64(%rcx), %ymm7, %ymm12
+        vpxor	128(%rdi), %ymm8, %ymm13
+        vpxor	-32(%rcx), %ymm9, %ymm14
+        vpsrlq	$20, %ymm11, %ymm0
+        vpsrlq	$21, %ymm12, %ymm1
+        vpsrlq	$43, %ymm13, %ymm2
+        vpsrlq	$50, %ymm14, %ymm3
+        vpsllq	$44, %ymm11, %ymm11
+        vpsllq	$43, %ymm12, %ymm12
+        vpsllq	$21, %ymm13, %ymm13
+        vpsllq	$14, %ymm14, %ymm14
+        vpor	%ymm0, %ymm11, %ymm11
+        vpor	%ymm1, %ymm12, %ymm12
+        vpor	%ymm2, %ymm13, %ymm13
+        vpor	%ymm3, %ymm14, %ymm14
+        vpandn	%ymm12, %ymm11, %ymm15
+        vpandn	%ymm13, %ymm12, %ymm1
+        vpandn	%ymm14, %ymm13, %ymm2
+        vpandn	%ymm10, %ymm14, %ymm3
+        vpandn	%ymm11, %ymm10, %ymm4
+        vpxor	%ymm10, %ymm15, %ymm15
+        vpxor	%ymm11, %ymm1, %ymm1
+        vpxor	%ymm12, %ymm2, %ymm2
+        # XOR in constant
+        vpxor	640(%rdx), %ymm15, %ymm15
+        vpxor	%ymm13, %ymm3, %ymm3
+        vpxor	%ymm14, %ymm4, %ymm4
+        vmovdqu	%ymm1, -32(%rax)
+        vmovdqu	%ymm2, 64(%rcx)
+        vmovdqu	%ymm3, 128(%rdi)
+        vmovdqu	%ymm4, -32(%rcx)
+        # Row 1
+        vpxor	32(%rcx), %ymm8, %ymm10
+        vpxor	96(%rdi), %ymm9, %ymm11
+        vpxor	-64(%rcx), %ymm5, %ymm12
+        vpxor	(%rdi), %ymm6, %ymm13
+        vpxor	-64(%rax), %ymm7, %ymm14
+        vpsrlq	$36, %ymm10, %ymm0
+        vpsrlq	$44, %ymm11, %ymm1
+        vpsrlq	$61, %ymm12, %ymm2
+        vpsrlq	$19, %ymm13, %ymm3
+        vpsrlq	$3, %ymm14, %ymm4
+        vpsllq	$28, %ymm10, %ymm10
+        vpsllq	$20, %ymm11, %ymm11
+        vpsllq	$3, %ymm12, %ymm12
+        vpsllq	$45, %ymm13, %ymm13
+        vpsllq	$61, %ymm14, %ymm14
+        vpor	%ymm0, %ymm10, %ymm10
+        vpor	%ymm1, %ymm11, %ymm11
+        vpor	%ymm2, %ymm12, %ymm12
+        vpor	%ymm3, %ymm13, %ymm13
+        vpor	%ymm4, %ymm14, %ymm14
+        vpandn	%ymm12, %ymm11, %ymm0
+        vpandn	%ymm13, %ymm12, %ymm1
+        vpandn	%ymm14, %ymm13, %ymm2
+        vpandn	%ymm10, %ymm14, %ymm3
+        vpandn	%ymm11, %ymm10, %ymm4
+        vpxor	%ymm10, %ymm0, %ymm0
+        vpxor	%ymm11, %ymm1, %ymm1
+        vpxor	%ymm12, %ymm2, %ymm2
+        vpxor	%ymm13, %ymm3, %ymm3
+        vpxor	%ymm14, %ymm4, %ymm4
+        vmovdqu	%ymm0, 32(%rcx)
+        vmovdqu	%ymm1, 96(%rdi)
+        vmovdqu	%ymm2, -64(%rcx)
+        vmovdqu	%ymm3, (%rdi)
+        vmovdqu	%ymm4, -64(%rax)
+        # Row 2
+        vpxor	-96(%rcx), %ymm6, %ymm10
+        vpxor	-32(%rdi), %ymm7, %ymm11
+        vpxor	64(%rax), %ymm8, %ymm12
+        vpxor	(%rcx), %ymm9, %ymm13
+        vpxor	64(%rdi), %ymm5, %ymm14
+        vpsrlq	$63, %ymm10, %ymm0
+        vpsrlq	$58, %ymm11, %ymm1
+        vpsrlq	$39, %ymm12, %ymm2
+        vpsrlq	$56, %ymm13, %ymm3
+        vpsrlq	$46, %ymm14, %ymm4
+        vpaddq	%ymm10, %ymm10, %ymm10
+        vpsllq	$6, %ymm11, %ymm11
+        vpsllq	$25, %ymm12, %ymm12
+        vpsllq	$8, %ymm13, %ymm13
+        vpsllq	$18, %ymm14, %ymm14
+        vpor	%ymm0, %ymm10, %ymm10
+        vpor	%ymm1, %ymm11, %ymm11
+        vpor	%ymm2, %ymm12, %ymm12
+        vpor	%ymm3, %ymm13, %ymm13
+        vpor	%ymm4, %ymm14, %ymm14
+        vpandn	%ymm12, %ymm11, %ymm0
+        vpandn	%ymm13, %ymm12, %ymm1
+        vpandn	%ymm14, %ymm13, %ymm2
+        vpandn	%ymm10, %ymm14, %ymm3
+        vpandn	%ymm11, %ymm10, %ymm4
+        vpxor	%ymm10, %ymm0, %ymm0
+        vpxor	%ymm11, %ymm1, %ymm1
+        vpxor	%ymm12, %ymm2, %ymm2
+        vpxor	%ymm13, %ymm3, %ymm3
+        vpxor	%ymm14, %ymm4, %ymm4
+        vmovdqu	%ymm0, -96(%rcx)
+        vmovdqu	%ymm1, -32(%rdi)
+        vmovdqu	%ymm2, 64(%rax)
+        vmovdqu	%ymm3, (%rcx)
+        vmovdqu	%ymm4, 64(%rdi)
+        # Row 3
+        vpxor	32(%rax), %ymm9, %ymm10
+        vpxor	128(%rcx), %ymm5, %ymm11
+        vpxor	32(%rdi), %ymm6, %ymm12
+        vpxor	128(%rax), %ymm7, %ymm13
+        vpxor	-64(%rdi), %ymm8, %ymm14
+        vpsrlq	$37, %ymm10, %ymm0
+        vpsrlq	$28, %ymm11, %ymm1
+        vpsrlq	$54, %ymm12, %ymm2
+        vpsrlq	$49, %ymm13, %ymm3
+        vpsrlq	$8, %ymm14, %ymm4
+        vpsllq	$27, %ymm10, %ymm10
+        vpsllq	$36, %ymm11, %ymm11
+        vpsllq	$10, %ymm12, %ymm12
+        vpsllq	$15, %ymm13, %ymm13
+        vpsllq	$56, %ymm14, %ymm14
+        vpor	%ymm0, %ymm10, %ymm10
+        vpor	%ymm1, %ymm11, %ymm11
+        vpor	%ymm2, %ymm12, %ymm12
+        vpor	%ymm3, %ymm13, %ymm13
+        vpor	%ymm4, %ymm14, %ymm14
+        vpandn	%ymm12, %ymm11, %ymm0
+        vpandn	%ymm13, %ymm12, %ymm1
+        vpandn	%ymm14, %ymm13, %ymm2
+        vpandn	%ymm10, %ymm14, %ymm3
+        vpandn	%ymm11, %ymm10, %ymm4
+        vpxor	%ymm10, %ymm0, %ymm0
+        vpxor	%ymm11, %ymm1, %ymm1
+        vpxor	%ymm12, %ymm2, %ymm2
+        vpxor	%ymm13, %ymm3, %ymm3
+        vpxor	%ymm14, %ymm4, %ymm4
+        vmovdqu	%ymm0, 32(%rax)
+        vmovdqu	%ymm1, 128(%rcx)
+        vmovdqu	%ymm2, 32(%rdi)
+        vmovdqu	%ymm3, 128(%rax)
+        vmovdqu	%ymm4, -64(%rdi)
+        # Row 4
+        vpxor	-96(%rax), %ymm7, %ymm10
+        vpxor	96(%rax), %ymm8, %ymm11
+        vpxor	-96(%rdi), %ymm9, %ymm12
+        vpxor	(%rax), %ymm5, %ymm13
+        vpxor	96(%rcx), %ymm6, %ymm14
+        vpsrlq	$2, %ymm10, %ymm0
+        vpsrlq	$9, %ymm11, %ymm1
+        vpsrlq	$25, %ymm12, %ymm2
+        vpsrlq	$23, %ymm13, %ymm3
+        vpsrlq	$62, %ymm14, %ymm4
+        vpsllq	$62, %ymm10, %ymm10
+        vpsllq	$55, %ymm11, %ymm11
+        vpsllq	$39, %ymm12, %ymm12
+        vpsllq	$41, %ymm13, %ymm13
+        vpsllq	$2, %ymm14, %ymm14
+        vpor	%ymm0, %ymm10, %ymm10
+        vpor	%ymm1, %ymm11, %ymm11
+        vpor	%ymm2, %ymm12, %ymm12
+        vpor	%ymm3, %ymm13, %ymm13
+        vpor	%ymm4, %ymm14, %ymm14
+        vpandn	%ymm12, %ymm11, %ymm0
+        vpandn	%ymm13, %ymm12, %ymm1
+        vpandn	%ymm14, %ymm13, %ymm2
+        vpandn	%ymm10, %ymm14, %ymm3
+        vpandn	%ymm11, %ymm10, %ymm4
+        vpxor	%ymm10, %ymm0, %ymm0
+        vpxor	%ymm11, %ymm1, %ymm1
+        vpxor	%ymm12, %ymm2, %ymm2
+        vpxor	%ymm13, %ymm3, %ymm3
+        vpxor	%ymm14, %ymm4, %ymm4
+        vmovdqu	%ymm0, -96(%rax)
+        vmovdqu	%ymm1, 96(%rax)
+        vmovdqu	%ymm2, -96(%rdi)
+        vmovdqu	%ymm3, (%rax)
+        vmovdqu	%ymm4, 96(%rcx)
+        # Round 21
+        # Calc b[0..4]
+        vpxor	%ymm15, %ymm0, %ymm10
+        vpxor	-64(%rdi), %ymm4, %ymm14
+        vpxor	-32(%rdi), %ymm1, %ymm11
+        vpxor	(%rdi), %ymm3, %ymm13
+        vpxor	32(%rdi), %ymm2, %ymm12
+        vpxor	64(%rdi), %ymm14, %ymm14
+        vpxor	96(%rdi), %ymm11, %ymm11
+        vpxor	128(%rdi), %ymm13, %ymm13
+        vpxor	-64(%rax), %ymm14, %ymm14
+        vpxor	-32(%rax), %ymm11, %ymm11
+        vpxor	32(%rax), %ymm10, %ymm10
+        vpxor	64(%rax), %ymm12, %ymm12
+        vpxor	128(%rax), %ymm13, %ymm13
+        vpxor	-96(%rcx), %ymm10, %ymm10
+        vpxor	-64(%rcx), %ymm12, %ymm12
+        vpxor	-32(%rcx), %ymm14, %ymm14
+        vpxor	(%rcx), %ymm13, %ymm13
+        vpxor	32(%rcx), %ymm10, %ymm10
+        vpxor	64(%rcx), %ymm12, %ymm12
+        vpxor	128(%rcx), %ymm11, %ymm11
+        # Calc t[0..4]
+        vpsrlq	$63, %ymm11, %ymm0
+        vpsrlq	$63, %ymm12, %ymm1
+        vpsrlq	$63, %ymm13, %ymm2
+        vpsrlq	$63, %ymm14, %ymm3
+        vpsrlq	$63, %ymm10, %ymm4
+        vpaddq	%ymm11, %ymm11, %ymm5
+        vpaddq	%ymm12, %ymm12, %ymm6
+        vpaddq	%ymm13, %ymm13, %ymm7
+        vpaddq	%ymm14, %ymm14, %ymm8
+        vpaddq	%ymm10, %ymm10, %ymm9
+        vpor	%ymm0, %ymm5, %ymm5
+        vpor	%ymm1, %ymm6, %ymm6
+        vpor	%ymm2, %ymm7, %ymm7
+        vpor	%ymm3, %ymm8, %ymm8
+        vpor	%ymm4, %ymm9, %ymm9
+        vpxor	%ymm14, %ymm5, %ymm5
+        vpxor	%ymm10, %ymm6, %ymm6
+        vpxor	%ymm11, %ymm7, %ymm7
+        vpxor	%ymm12, %ymm8, %ymm8
+        vpxor	%ymm13, %ymm9, %ymm9
+        # Row Mix
+        # Row 0
+        vpxor	%ymm15, %ymm5, %ymm10
+        vpxor	96(%rdi), %ymm6, %ymm11
+        vpxor	64(%rax), %ymm7, %ymm12
+        vpxor	128(%rax), %ymm8, %ymm13
+        vpxor	96(%rcx), %ymm9, %ymm14
+        vpsrlq	$20, %ymm11, %ymm0
+        vpsrlq	$21, %ymm12, %ymm1
+        vpsrlq	$43, %ymm13, %ymm2
+        vpsrlq	$50, %ymm14, %ymm3
+        vpsllq	$44, %ymm11, %ymm11
+        vpsllq	$43, %ymm12, %ymm12
+        vpsllq	$21, %ymm13, %ymm13
+        vpsllq	$14, %ymm14, %ymm14
+        vpor	%ymm0, %ymm11, %ymm11
+        vpor	%ymm1, %ymm12, %ymm12
+        vpor	%ymm2, %ymm13, %ymm13
+        vpor	%ymm3, %ymm14, %ymm14
+        vpandn	%ymm12, %ymm11, %ymm15
+        vpandn	%ymm13, %ymm12, %ymm1
+        vpandn	%ymm14, %ymm13, %ymm2
+        vpandn	%ymm10, %ymm14, %ymm3
+        vpandn	%ymm11, %ymm10, %ymm4
+        vpxor	%ymm10, %ymm15, %ymm15
+        vpxor	%ymm11, %ymm1, %ymm1
+        vpxor	%ymm12, %ymm2, %ymm2
+        # XOR in constant
+        vpxor	672(%rdx), %ymm15, %ymm15
+        vpxor	%ymm13, %ymm3, %ymm3
+        vpxor	%ymm14, %ymm4, %ymm4
+        vmovdqu	%ymm1, 96(%rdi)
+        vmovdqu	%ymm2, 64(%rax)
+        vmovdqu	%ymm3, 128(%rax)
+        vmovdqu	%ymm4, 96(%rcx)
+        # Row 1
+        vpxor	128(%rdi), %ymm8, %ymm10
+        vpxor	-64(%rax), %ymm9, %ymm11
+        vpxor	-96(%rcx), %ymm5, %ymm12
+        vpxor	128(%rcx), %ymm6, %ymm13
+        vpxor	-96(%rdi), %ymm7, %ymm14
+        vpsrlq	$36, %ymm10, %ymm0
+        vpsrlq	$44, %ymm11, %ymm1
+        vpsrlq	$61, %ymm12, %ymm2
+        vpsrlq	$19, %ymm13, %ymm3
+        vpsrlq	$3, %ymm14, %ymm4
+        vpsllq	$28, %ymm10, %ymm10
+        vpsllq	$20, %ymm11, %ymm11
+        vpsllq	$3, %ymm12, %ymm12
+        vpsllq	$45, %ymm13, %ymm13
+        vpsllq	$61, %ymm14, %ymm14
+        vpor	%ymm0, %ymm10, %ymm10
+        vpor	%ymm1, %ymm11, %ymm11
+        vpor	%ymm2, %ymm12, %ymm12
+        vpor	%ymm3, %ymm13, %ymm13
+        vpor	%ymm4, %ymm14, %ymm14
+        vpandn	%ymm12, %ymm11, %ymm0
+        vpandn	%ymm13, %ymm12, %ymm1
+        vpandn	%ymm14, %ymm13, %ymm2
+        vpandn	%ymm10, %ymm14, %ymm3
+        vpandn	%ymm11, %ymm10, %ymm4
+        vpxor	%ymm10, %ymm0, %ymm0
+        vpxor	%ymm11, %ymm1, %ymm1
+        vpxor	%ymm12, %ymm2, %ymm2
+        vpxor	%ymm13, %ymm3, %ymm3
+        vpxor	%ymm14, %ymm4, %ymm4
+        vmovdqu	%ymm0, 128(%rdi)
+        vmovdqu	%ymm1, -64(%rax)
+        vmovdqu	%ymm2, -96(%rcx)
+        vmovdqu	%ymm3, 128(%rcx)
+        vmovdqu	%ymm4, -96(%rdi)
+        # Row 2
+        vpxor	-32(%rax), %ymm6, %ymm10
+        vpxor	-64(%rcx), %ymm7, %ymm11
+        vpxor	(%rcx), %ymm8, %ymm12
+        vpxor	-64(%rdi), %ymm9, %ymm13
+        vpxor	-96(%rax), %ymm5, %ymm14
+        vpsrlq	$63, %ymm10, %ymm0
+        vpsrlq	$58, %ymm11, %ymm1
+        vpsrlq	$39, %ymm12, %ymm2
+        vpsrlq	$56, %ymm13, %ymm3
+        vpsrlq	$46, %ymm14, %ymm4
+        vpaddq	%ymm10, %ymm10, %ymm10
+        vpsllq	$6, %ymm11, %ymm11
+        vpsllq	$25, %ymm12, %ymm12
+        vpsllq	$8, %ymm13, %ymm13
+        vpsllq	$18, %ymm14, %ymm14
+        vpor	%ymm0, %ymm10, %ymm10
+        vpor	%ymm1, %ymm11, %ymm11
+        vpor	%ymm2, %ymm12, %ymm12
+        vpor	%ymm3, %ymm13, %ymm13
+        vpor	%ymm4, %ymm14, %ymm14
+        vpandn	%ymm12, %ymm11, %ymm0
+        vpandn	%ymm13, %ymm12, %ymm1
+        vpandn	%ymm14, %ymm13, %ymm2
+        vpandn	%ymm10, %ymm14, %ymm3
+        vpandn	%ymm11, %ymm10, %ymm4
+        vpxor	%ymm10, %ymm0, %ymm0
+        vpxor	%ymm11, %ymm1, %ymm1
+        vpxor	%ymm12, %ymm2, %ymm2
+        vpxor	%ymm13, %ymm3, %ymm3
+        vpxor	%ymm14, %ymm4, %ymm4
+        vmovdqu	%ymm0, -32(%rax)
+        vmovdqu	%ymm1, -64(%rcx)
+        vmovdqu	%ymm2, (%rcx)
+        vmovdqu	%ymm3, -64(%rdi)
+        vmovdqu	%ymm4, -96(%rax)
+        # Row 3
+        vpxor	-32(%rcx), %ymm9, %ymm10
+        vpxor	32(%rcx), %ymm5, %ymm11
+        vpxor	-32(%rdi), %ymm6, %ymm12
+        vpxor	32(%rdi), %ymm7, %ymm13
+        vpxor	(%rax), %ymm8, %ymm14
+        vpsrlq	$37, %ymm10, %ymm0
+        vpsrlq	$28, %ymm11, %ymm1
+        vpsrlq	$54, %ymm12, %ymm2
+        vpsrlq	$49, %ymm13, %ymm3
+        vpsrlq	$8, %ymm14, %ymm4
+        vpsllq	$27, %ymm10, %ymm10
+        vpsllq	$36, %ymm11, %ymm11
+        vpsllq	$10, %ymm12, %ymm12
+        vpsllq	$15, %ymm13, %ymm13
+        vpsllq	$56, %ymm14, %ymm14
+        vpor	%ymm0, %ymm10, %ymm10
+        vpor	%ymm1, %ymm11, %ymm11
+        vpor	%ymm2, %ymm12, %ymm12
+        vpor	%ymm3, %ymm13, %ymm13
+        vpor	%ymm4, %ymm14, %ymm14
+        vpandn	%ymm12, %ymm11, %ymm0
+        vpandn	%ymm13, %ymm12, %ymm1
+        vpandn	%ymm14, %ymm13, %ymm2
+        vpandn	%ymm10, %ymm14, %ymm3
+        vpandn	%ymm11, %ymm10, %ymm4
+        vpxor	%ymm10, %ymm0, %ymm0
+        vpxor	%ymm11, %ymm1, %ymm1
+        vpxor	%ymm12, %ymm2, %ymm2
+        vpxor	%ymm13, %ymm3, %ymm3
+        vpxor	%ymm14, %ymm4, %ymm4
+        vmovdqu	%ymm0, -32(%rcx)
+        vmovdqu	%ymm1, 32(%rcx)
+        vmovdqu	%ymm2, -32(%rdi)
+        vmovdqu	%ymm3, 32(%rdi)
+        vmovdqu	%ymm4, (%rax)
+        # Row 4
+        vpxor	64(%rcx), %ymm7, %ymm10
+        vpxor	(%rdi), %ymm8, %ymm11
+        vpxor	64(%rdi), %ymm9, %ymm12
+        vpxor	32(%rax), %ymm5, %ymm13
+        vpxor	96(%rax), %ymm6, %ymm14
+        vpsrlq	$2, %ymm10, %ymm0
+        vpsrlq	$9, %ymm11, %ymm1
+        vpsrlq	$25, %ymm12, %ymm2
+        vpsrlq	$23, %ymm13, %ymm3
+        vpsrlq	$62, %ymm14, %ymm4
+        vpsllq	$62, %ymm10, %ymm10
+        vpsllq	$55, %ymm11, %ymm11
+        vpsllq	$39, %ymm12, %ymm12
+        vpsllq	$41, %ymm13, %ymm13
+        vpsllq	$2, %ymm14, %ymm14
+        vpor	%ymm0, %ymm10, %ymm10
+        vpor	%ymm1, %ymm11, %ymm11
+        vpor	%ymm2, %ymm12, %ymm12
+        vpor	%ymm3, %ymm13, %ymm13
+        vpor	%ymm4, %ymm14, %ymm14
+        vpandn	%ymm12, %ymm11, %ymm0
+        vpandn	%ymm13, %ymm12, %ymm1
+        vpandn	%ymm14, %ymm13, %ymm2
+        vpandn	%ymm10, %ymm14, %ymm3
+        vpandn	%ymm11, %ymm10, %ymm4
+        vpxor	%ymm10, %ymm0, %ymm0
+        vpxor	%ymm11, %ymm1, %ymm1
+        vpxor	%ymm12, %ymm2, %ymm2
+        vpxor	%ymm13, %ymm3, %ymm3
+        vpxor	%ymm14, %ymm4, %ymm4
+        vmovdqu	%ymm0, 64(%rcx)
+        vmovdqu	%ymm1, (%rdi)
+        vmovdqu	%ymm2, 64(%rdi)
+        vmovdqu	%ymm3, 32(%rax)
+        vmovdqu	%ymm4, 96(%rax)
+        # Round 22
+        # Calc b[0..4]
+        vpxor	%ymm15, %ymm0, %ymm10
+        vpxor	-96(%rdi), %ymm4, %ymm14
+        vpxor	-64(%rdi), %ymm3, %ymm13
+        vpxor	-32(%rdi), %ymm2, %ymm12
+        vpxor	32(%rdi), %ymm13, %ymm13
+        vpxor	96(%rdi), %ymm1, %ymm11
+        vpxor	128(%rdi), %ymm10, %ymm10
+        vpxor	-96(%rax), %ymm14, %ymm14
+        vpxor	-64(%rax), %ymm11, %ymm11
+        vpxor	-32(%rax), %ymm10, %ymm10
+        vpxor	(%rax), %ymm14, %ymm14
+        vpxor	64(%rax), %ymm12, %ymm12
+        vpxor	128(%rax), %ymm13, %ymm13
+        vpxor	-96(%rcx), %ymm12, %ymm12
+        vpxor	-64(%rcx), %ymm11, %ymm11
+        vpxor	-32(%rcx), %ymm10, %ymm10
+        vpxor	(%rcx), %ymm12, %ymm12
+        vpxor	32(%rcx), %ymm11, %ymm11
+        vpxor	96(%rcx), %ymm14, %ymm14
+        vpxor	128(%rcx), %ymm13, %ymm13
+        # Calc t[0..4]
+        vpsrlq	$63, %ymm11, %ymm0
+        vpsrlq	$63, %ymm12, %ymm1
+        vpsrlq	$63, %ymm13, %ymm2
+        vpsrlq	$63, %ymm14, %ymm3
+        vpsrlq	$63, %ymm10, %ymm4
+        vpaddq	%ymm11, %ymm11, %ymm5
+        vpaddq	%ymm12, %ymm12, %ymm6
+        vpaddq	%ymm13, %ymm13, %ymm7
+        vpaddq	%ymm14, %ymm14, %ymm8
+        vpaddq	%ymm10, %ymm10, %ymm9
+        vpor	%ymm0, %ymm5, %ymm5
+        vpor	%ymm1, %ymm6, %ymm6
+        vpor	%ymm2, %ymm7, %ymm7
+        vpor	%ymm3, %ymm8, %ymm8
+        vpor	%ymm4, %ymm9, %ymm9
+        vpxor	%ymm14, %ymm5, %ymm5
+        vpxor	%ymm10, %ymm6, %ymm6
+        vpxor	%ymm11, %ymm7, %ymm7
+        vpxor	%ymm12, %ymm8, %ymm8
+        vpxor	%ymm13, %ymm9, %ymm9
+        # Row Mix
+        # Row 0
+        vpxor	%ymm15, %ymm5, %ymm10
+        vpxor	-64(%rax), %ymm6, %ymm11
+        vpxor	(%rcx), %ymm7, %ymm12
+        vpxor	32(%rdi), %ymm8, %ymm13
+        vpxor	96(%rax), %ymm9, %ymm14
+        vpsrlq	$20, %ymm11, %ymm0
+        vpsrlq	$21, %ymm12, %ymm1
+        vpsrlq	$43, %ymm13, %ymm2
+        vpsrlq	$50, %ymm14, %ymm3
+        vpsllq	$44, %ymm11, %ymm11
+        vpsllq	$43, %ymm12, %ymm12
+        vpsllq	$21, %ymm13, %ymm13
+        vpsllq	$14, %ymm14, %ymm14
+        vpor	%ymm0, %ymm11, %ymm11
+        vpor	%ymm1, %ymm12, %ymm12
+        vpor	%ymm2, %ymm13, %ymm13
+        vpor	%ymm3, %ymm14, %ymm14
+        vpandn	%ymm12, %ymm11, %ymm15
+        vpandn	%ymm13, %ymm12, %ymm1
+        vpandn	%ymm14, %ymm13, %ymm2
+        vpandn	%ymm10, %ymm14, %ymm3
+        vpandn	%ymm11, %ymm10, %ymm4
+        vpxor	%ymm10, %ymm15, %ymm15
+        vpxor	%ymm11, %ymm1, %ymm1
+        vpxor	%ymm12, %ymm2, %ymm2
+        # XOR in constant
+        vpxor	704(%rdx), %ymm15, %ymm15
+        vpxor	%ymm13, %ymm3, %ymm3
+        vpxor	%ymm14, %ymm4, %ymm4
+        vmovdqu	%ymm1, -64(%rax)
+        vmovdqu	%ymm2, (%rcx)
+        vmovdqu	%ymm3, 32(%rdi)
+        vmovdqu	%ymm4, 96(%rax)
+        # Row 1
+        vpxor	128(%rax), %ymm8, %ymm10
+        vpxor	-96(%rdi), %ymm9, %ymm11
+        vpxor	-32(%rax), %ymm5, %ymm12
+        vpxor	32(%rcx), %ymm6, %ymm13
+        vpxor	64(%rdi), %ymm7, %ymm14
+        vpsrlq	$36, %ymm10, %ymm0
+        vpsrlq	$44, %ymm11, %ymm1
+        vpsrlq	$61, %ymm12, %ymm2
+        vpsrlq	$19, %ymm13, %ymm3
+        vpsrlq	$3, %ymm14, %ymm4
+        vpsllq	$28, %ymm10, %ymm10
+        vpsllq	$20, %ymm11, %ymm11
+        vpsllq	$3, %ymm12, %ymm12
+        vpsllq	$45, %ymm13, %ymm13
+        vpsllq	$61, %ymm14, %ymm14
+        vpor	%ymm0, %ymm10, %ymm10
+        vpor	%ymm1, %ymm11, %ymm11
+        vpor	%ymm2, %ymm12, %ymm12
+        vpor	%ymm3, %ymm13, %ymm13
+        vpor	%ymm4, %ymm14, %ymm14
+        vpandn	%ymm12, %ymm11, %ymm0
+        vpandn	%ymm13, %ymm12, %ymm1
+        vpandn	%ymm14, %ymm13, %ymm2
+        vpandn	%ymm10, %ymm14, %ymm3
+        vpandn	%ymm11, %ymm10, %ymm4
+        vpxor	%ymm10, %ymm0, %ymm0
+        vpxor	%ymm11, %ymm1, %ymm1
+        vpxor	%ymm12, %ymm2, %ymm2
+        vpxor	%ymm13, %ymm3, %ymm3
+        vpxor	%ymm14, %ymm4, %ymm4
+        vmovdqu	%ymm0, 128(%rax)
+        vmovdqu	%ymm1, -96(%rdi)
+        vmovdqu	%ymm2, -32(%rax)
+        vmovdqu	%ymm3, 32(%rcx)
+        vmovdqu	%ymm4, 64(%rdi)
+        # Row 2
+        vpxor	96(%rdi), %ymm6, %ymm10
+        vpxor	-96(%rcx), %ymm7, %ymm11
+        vpxor	-64(%rdi), %ymm8, %ymm12
+        vpxor	(%rax), %ymm9, %ymm13
+        vpxor	64(%rcx), %ymm5, %ymm14
+        vpsrlq	$63, %ymm10, %ymm0
+        vpsrlq	$58, %ymm11, %ymm1
+        vpsrlq	$39, %ymm12, %ymm2
+        vpsrlq	$56, %ymm13, %ymm3
+        vpsrlq	$46, %ymm14, %ymm4
+        vpaddq	%ymm10, %ymm10, %ymm10
+        vpsllq	$6, %ymm11, %ymm11
+        vpsllq	$25, %ymm12, %ymm12
+        vpsllq	$8, %ymm13, %ymm13
+        vpsllq	$18, %ymm14, %ymm14
+        vpor	%ymm0, %ymm10, %ymm10
+        vpor	%ymm1, %ymm11, %ymm11
+        vpor	%ymm2, %ymm12, %ymm12
+        vpor	%ymm3, %ymm13, %ymm13
+        vpor	%ymm4, %ymm14, %ymm14
+        vpandn	%ymm12, %ymm11, %ymm0
+        vpandn	%ymm13, %ymm12, %ymm1
+        vpandn	%ymm14, %ymm13, %ymm2
+        vpandn	%ymm10, %ymm14, %ymm3
+        vpandn	%ymm11, %ymm10, %ymm4
+        vpxor	%ymm10, %ymm0, %ymm0
+        vpxor	%ymm11, %ymm1, %ymm1
+        vpxor	%ymm12, %ymm2, %ymm2
+        vpxor	%ymm13, %ymm3, %ymm3
+        vpxor	%ymm14, %ymm4, %ymm4
+        vmovdqu	%ymm0, 96(%rdi)
+        vmovdqu	%ymm1, -96(%rcx)
+        vmovdqu	%ymm2, -64(%rdi)
+        vmovdqu	%ymm3, (%rax)
+        vmovdqu	%ymm4, 64(%rcx)
+        # Row 3
+        vpxor	96(%rcx), %ymm9, %ymm10
+        vpxor	128(%rdi), %ymm5, %ymm11
+        vpxor	-64(%rcx), %ymm6, %ymm12
+        vpxor	-32(%rdi), %ymm7, %ymm13
+        vpxor	32(%rax), %ymm8, %ymm14
+        vpsrlq	$37, %ymm10, %ymm0
+        vpsrlq	$28, %ymm11, %ymm1
+        vpsrlq	$54, %ymm12, %ymm2
+        vpsrlq	$49, %ymm13, %ymm3
+        vpsrlq	$8, %ymm14, %ymm4
+        vpsllq	$27, %ymm10, %ymm10
+        vpsllq	$36, %ymm11, %ymm11
+        vpsllq	$10, %ymm12, %ymm12
+        vpsllq	$15, %ymm13, %ymm13
+        vpsllq	$56, %ymm14, %ymm14
+        vpor	%ymm0, %ymm10, %ymm10
+        vpor	%ymm1, %ymm11, %ymm11
+        vpor	%ymm2, %ymm12, %ymm12
+        vpor	%ymm3, %ymm13, %ymm13
+        vpor	%ymm4, %ymm14, %ymm14
+        vpandn	%ymm12, %ymm11, %ymm0
+        vpandn	%ymm13, %ymm12, %ymm1
+        vpandn	%ymm14, %ymm13, %ymm2
+        vpandn	%ymm10, %ymm14, %ymm3
+        vpandn	%ymm11, %ymm10, %ymm4
+        vpxor	%ymm10, %ymm0, %ymm0
+        vpxor	%ymm11, %ymm1, %ymm1
+        vpxor	%ymm12, %ymm2, %ymm2
+        vpxor	%ymm13, %ymm3, %ymm3
+        vpxor	%ymm14, %ymm4, %ymm4
+        vmovdqu	%ymm0, 96(%rcx)
+        vmovdqu	%ymm1, 128(%rdi)
+        vmovdqu	%ymm2, -64(%rcx)
+        vmovdqu	%ymm3, -32(%rdi)
+        vmovdqu	%ymm4, 32(%rax)
+        # Row 4
+        vpxor	64(%rax), %ymm7, %ymm10
+        vpxor	128(%rcx), %ymm8, %ymm11
+        vpxor	-96(%rax), %ymm9, %ymm12
+        vpxor	-32(%rcx), %ymm5, %ymm13
+        vpxor	(%rdi), %ymm6, %ymm14
+        vpsrlq	$2, %ymm10, %ymm0
+        vpsrlq	$9, %ymm11, %ymm1
+        vpsrlq	$25, %ymm12, %ymm2
+        vpsrlq	$23, %ymm13, %ymm3
+        vpsrlq	$62, %ymm14, %ymm4
+        vpsllq	$62, %ymm10, %ymm10
+        vpsllq	$55, %ymm11, %ymm11
+        vpsllq	$39, %ymm12, %ymm12
+        vpsllq	$41, %ymm13, %ymm13
+        vpsllq	$2, %ymm14, %ymm14
+        vpor	%ymm0, %ymm10, %ymm10
+        vpor	%ymm1, %ymm11, %ymm11
+        vpor	%ymm2, %ymm12, %ymm12
+        vpor	%ymm3, %ymm13, %ymm13
+        vpor	%ymm4, %ymm14, %ymm14
+        vpandn	%ymm12, %ymm11, %ymm0
+        vpandn	%ymm13, %ymm12, %ymm1
+        vpandn	%ymm14, %ymm13, %ymm2
+        vpandn	%ymm10, %ymm14, %ymm3
+        vpandn	%ymm11, %ymm10, %ymm4
+        vpxor	%ymm10, %ymm0, %ymm0
+        vpxor	%ymm11, %ymm1, %ymm1
+        vpxor	%ymm12, %ymm2, %ymm2
+        vpxor	%ymm13, %ymm3, %ymm3
+        vpxor	%ymm14, %ymm4, %ymm4
+        vmovdqu	%ymm0, 64(%rax)
+        vmovdqu	%ymm1, 128(%rcx)
+        vmovdqu	%ymm2, -96(%rax)
+        vmovdqu	%ymm3, -32(%rcx)
+        vmovdqu	%ymm4, (%rdi)
+        # Round 23
+        # Calc b[0..4]
+        vpxor	%ymm15, %ymm0, %ymm10
+        vpxor	-96(%rdi), %ymm1, %ymm11
+        vpxor	-64(%rdi), %ymm2, %ymm12
+        vpxor	-32(%rdi), %ymm3, %ymm13
+        vpxor	32(%rdi), %ymm13, %ymm13
+        vpxor	64(%rdi), %ymm4, %ymm14
+        vpxor	96(%rdi), %ymm10, %ymm10
+        vpxor	128(%rdi), %ymm11, %ymm11
+        vpxor	-64(%rax), %ymm11, %ymm11
+        vpxor	-32(%rax), %ymm12, %ymm12
+        vpxor	(%rax), %ymm13, %ymm13
+        vpxor	32(%rax), %ymm14, %ymm14
+        vpxor	96(%rax), %ymm14, %ymm14
+        vpxor	128(%rax), %ymm10, %ymm10
+        vpxor	-96(%rcx), %ymm11, %ymm11
+        vpxor	-64(%rcx), %ymm12, %ymm12
+        vpxor	(%rcx), %ymm12, %ymm12
+        vpxor	32(%rcx), %ymm13, %ymm13
+        vpxor	64(%rcx), %ymm14, %ymm14
+        vpxor	96(%rcx), %ymm10, %ymm10
+        # Calc t[0..4]
+        vpsrlq	$63, %ymm11, %ymm0
+        vpsrlq	$63, %ymm12, %ymm1
+        vpsrlq	$63, %ymm13, %ymm2
+        vpsrlq	$63, %ymm14, %ymm3
+        vpsrlq	$63, %ymm10, %ymm4
+        vpaddq	%ymm11, %ymm11, %ymm5
+        vpaddq	%ymm12, %ymm12, %ymm6
+        vpaddq	%ymm13, %ymm13, %ymm7
+        vpaddq	%ymm14, %ymm14, %ymm8
+        vpaddq	%ymm10, %ymm10, %ymm9
+        vpor	%ymm0, %ymm5, %ymm5
+        vpor	%ymm1, %ymm6, %ymm6
+        vpor	%ymm2, %ymm7, %ymm7
+        vpor	%ymm3, %ymm8, %ymm8
+        vpor	%ymm4, %ymm9, %ymm9
+        vpxor	%ymm14, %ymm5, %ymm5
+        vpxor	%ymm10, %ymm6, %ymm6
+        vpxor	%ymm11, %ymm7, %ymm7
+        vpxor	%ymm12, %ymm8, %ymm8
+        vpxor	%ymm13, %ymm9, %ymm9
+        # Row Mix
+        # Row 0
+        vpxor	%ymm15, %ymm5, %ymm10
+        vpxor	-96(%rdi), %ymm6, %ymm11
+        vpxor	-64(%rdi), %ymm7, %ymm12
+        vpxor	-32(%rdi), %ymm8, %ymm13
+        vpxor	(%rdi), %ymm9, %ymm14
+        vpsrlq	$20, %ymm11, %ymm0
+        vpsrlq	$21, %ymm12, %ymm1
+        vpsrlq	$43, %ymm13, %ymm2
+        vpsrlq	$50, %ymm14, %ymm3
+        vpsllq	$44, %ymm11, %ymm11
+        vpsllq	$43, %ymm12, %ymm12
+        vpsllq	$21, %ymm13, %ymm13
+        vpsllq	$14, %ymm14, %ymm14
+        vpor	%ymm0, %ymm11, %ymm11
+        vpor	%ymm1, %ymm12, %ymm12
+        vpor	%ymm2, %ymm13, %ymm13
+        vpor	%ymm3, %ymm14, %ymm14
+        vpandn	%ymm12, %ymm11, %ymm15
+        vpandn	%ymm13, %ymm12, %ymm1
+        vpandn	%ymm14, %ymm13, %ymm2
+        vpandn	%ymm10, %ymm14, %ymm3
+        vpandn	%ymm11, %ymm10, %ymm4
+        vpxor	%ymm10, %ymm15, %ymm15
+        vpxor	%ymm11, %ymm1, %ymm1
+        vpxor	%ymm12, %ymm2, %ymm2
+        # XOR in constant
+        vpxor	736(%rdx), %ymm15, %ymm15
+        vpxor	%ymm13, %ymm3, %ymm3
+        vpxor	%ymm14, %ymm4, %ymm4
+        vmovdqu	%ymm1, -96(%rdi)
+        vmovdqu	%ymm2, -64(%rdi)
+        vmovdqu	%ymm3, -32(%rdi)
+        vmovdqu	%ymm4, (%rdi)
+        # Row 1
+        vpxor	32(%rdi), %ymm8, %ymm10
+        vpxor	64(%rdi), %ymm9, %ymm11
+        vpxor	96(%rdi), %ymm5, %ymm12
+        vpxor	128(%rdi), %ymm6, %ymm13
+        vpxor	-96(%rax), %ymm7, %ymm14
+        vpsrlq	$36, %ymm10, %ymm0
+        vpsrlq	$44, %ymm11, %ymm1
+        vpsrlq	$61, %ymm12, %ymm2
+        vpsrlq	$19, %ymm13, %ymm3
+        vpsrlq	$3, %ymm14, %ymm4
+        vpsllq	$28, %ymm10, %ymm10
+        vpsllq	$20, %ymm11, %ymm11
+        vpsllq	$3, %ymm12, %ymm12
+        vpsllq	$45, %ymm13, %ymm13
+        vpsllq	$61, %ymm14, %ymm14
+        vpor	%ymm0, %ymm10, %ymm10
+        vpor	%ymm1, %ymm11, %ymm11
+        vpor	%ymm2, %ymm12, %ymm12
+        vpor	%ymm3, %ymm13, %ymm13
+        vpor	%ymm4, %ymm14, %ymm14
+        vpandn	%ymm12, %ymm11, %ymm0
+        vpandn	%ymm13, %ymm12, %ymm1
+        vpandn	%ymm14, %ymm13, %ymm2
+        vpandn	%ymm10, %ymm14, %ymm3
+        vpandn	%ymm11, %ymm10, %ymm4
+        vpxor	%ymm10, %ymm0, %ymm0
+        vpxor	%ymm11, %ymm1, %ymm1
+        vpxor	%ymm12, %ymm2, %ymm2
+        vpxor	%ymm13, %ymm3, %ymm3
+        vpxor	%ymm14, %ymm4, %ymm4
+        vmovdqu	%ymm0, 32(%rdi)
+        vmovdqu	%ymm1, 64(%rdi)
+        vmovdqu	%ymm2, 96(%rdi)
+        vmovdqu	%ymm3, 128(%rdi)
+        vmovdqu	%ymm4, -96(%rax)
+        # Row 2
+        vpxor	-64(%rax), %ymm6, %ymm10
+        vpxor	-32(%rax), %ymm7, %ymm11
+        vpxor	(%rax), %ymm8, %ymm12
+        vpxor	32(%rax), %ymm9, %ymm13
+        vpxor	64(%rax), %ymm5, %ymm14
+        vpsrlq	$63, %ymm10, %ymm0
+        vpsrlq	$58, %ymm11, %ymm1
+        vpsrlq	$39, %ymm12, %ymm2
+        vpsrlq	$56, %ymm13, %ymm3
+        vpsrlq	$46, %ymm14, %ymm4
+        vpaddq	%ymm10, %ymm10, %ymm10
+        vpsllq	$6, %ymm11, %ymm11
+        vpsllq	$25, %ymm12, %ymm12
+        vpsllq	$8, %ymm13, %ymm13
+        vpsllq	$18, %ymm14, %ymm14
+        vpor	%ymm0, %ymm10, %ymm10
+        vpor	%ymm1, %ymm11, %ymm11
+        vpor	%ymm2, %ymm12, %ymm12
+        vpor	%ymm3, %ymm13, %ymm13
+        vpor	%ymm4, %ymm14, %ymm14
+        vpandn	%ymm12, %ymm11, %ymm0
+        vpandn	%ymm13, %ymm12, %ymm1
+        vpandn	%ymm14, %ymm13, %ymm2
+        vpandn	%ymm10, %ymm14, %ymm3
+        vpandn	%ymm11, %ymm10, %ymm4
+        vpxor	%ymm10, %ymm0, %ymm0
+        vpxor	%ymm11, %ymm1, %ymm1
+        vpxor	%ymm12, %ymm2, %ymm2
+        vpxor	%ymm13, %ymm3, %ymm3
+        vpxor	%ymm14, %ymm4, %ymm4
+        vmovdqu	%ymm0, -64(%rax)
+        vmovdqu	%ymm1, -32(%rax)
+        vmovdqu	%ymm2, (%rax)
+        vmovdqu	%ymm3, 32(%rax)
+        vmovdqu	%ymm4, 64(%rax)
+        # Row 3
+        vpxor	96(%rax), %ymm9, %ymm10
+        vpxor	128(%rax), %ymm5, %ymm11
+        vpxor	-96(%rcx), %ymm6, %ymm12
+        vpxor	-64(%rcx), %ymm7, %ymm13
+        vpxor	-32(%rcx), %ymm8, %ymm14
+        vpsrlq	$37, %ymm10, %ymm0
+        vpsrlq	$28, %ymm11, %ymm1
+        vpsrlq	$54, %ymm12, %ymm2
+        vpsrlq	$49, %ymm13, %ymm3
+        vpsrlq	$8, %ymm14, %ymm4
+        vpsllq	$27, %ymm10, %ymm10
+        vpsllq	$36, %ymm11, %ymm11
+        vpsllq	$10, %ymm12, %ymm12
+        vpsllq	$15, %ymm13, %ymm13
+        vpsllq	$56, %ymm14, %ymm14
+        vpor	%ymm0, %ymm10, %ymm10
+        vpor	%ymm1, %ymm11, %ymm11
+        vpor	%ymm2, %ymm12, %ymm12
+        vpor	%ymm3, %ymm13, %ymm13
+        vpor	%ymm4, %ymm14, %ymm14
+        vpandn	%ymm12, %ymm11, %ymm0
+        vpandn	%ymm13, %ymm12, %ymm1
+        vpandn	%ymm14, %ymm13, %ymm2
+        vpandn	%ymm10, %ymm14, %ymm3
+        vpandn	%ymm11, %ymm10, %ymm4
+        vpxor	%ymm10, %ymm0, %ymm0
+        vpxor	%ymm11, %ymm1, %ymm1
+        vpxor	%ymm12, %ymm2, %ymm2
+        vpxor	%ymm13, %ymm3, %ymm3
+        vpxor	%ymm14, %ymm4, %ymm4
+        vmovdqu	%ymm0, 96(%rax)
+        vmovdqu	%ymm1, 128(%rax)
+        vmovdqu	%ymm2, -96(%rcx)
+        vmovdqu	%ymm3, -64(%rcx)
+        vmovdqu	%ymm4, -32(%rcx)
+        # Row 4
+        vpxor	(%rcx), %ymm7, %ymm10
+        vpxor	32(%rcx), %ymm8, %ymm11
+        vpxor	64(%rcx), %ymm9, %ymm12
+        vpxor	96(%rcx), %ymm5, %ymm13
+        vpxor	128(%rcx), %ymm6, %ymm14
+        vpsrlq	$2, %ymm10, %ymm0
+        vpsrlq	$9, %ymm11, %ymm1
+        vpsrlq	$25, %ymm12, %ymm2
+        vpsrlq	$23, %ymm13, %ymm3
+        vpsrlq	$62, %ymm14, %ymm4
+        vpsllq	$62, %ymm10, %ymm10
+        vpsllq	$55, %ymm11, %ymm11
+        vpsllq	$39, %ymm12, %ymm12
+        vpsllq	$41, %ymm13, %ymm13
+        vpsllq	$2, %ymm14, %ymm14
+        vpor	%ymm0, %ymm10, %ymm10
+        vpor	%ymm1, %ymm11, %ymm11
+        vpor	%ymm2, %ymm12, %ymm12
+        vpor	%ymm3, %ymm13, %ymm13
+        vpor	%ymm4, %ymm14, %ymm14
+        vpandn	%ymm12, %ymm11, %ymm0
+        vpandn	%ymm13, %ymm12, %ymm1
+        vpandn	%ymm14, %ymm13, %ymm2
+        vpandn	%ymm10, %ymm14, %ymm3
+        vpandn	%ymm11, %ymm10, %ymm4
+        vpxor	%ymm10, %ymm0, %ymm0
+        vpxor	%ymm11, %ymm1, %ymm1
+        vpxor	%ymm12, %ymm2, %ymm2
+        vpxor	%ymm13, %ymm3, %ymm3
+        vpxor	%ymm14, %ymm4, %ymm4
+        vmovdqu	%ymm0, (%rcx)
+        vmovdqu	%ymm1, 32(%rcx)
+        vmovdqu	%ymm2, 64(%rcx)
+        vmovdqu	%ymm3, 96(%rcx)
+        vmovdqu	%ymm4, 128(%rcx)
+        subq	$0x80, %rdi
+        vmovdqu	%ymm15, (%rdi)
+        vzeroupper
+        repz retq
+#ifndef __APPLE__
+.size	sha3_256_blocksx4_seed_64_avx2,.-sha3_256_blocksx4_seed_64_avx2
+#endif /* __APPLE__ */
+#endif /* WOLFSSL_WC_DILITHIUM */
 #endif /* HAVE_INTEL_AVX2 */
 
 #if defined(__linux__) && defined(__ELF__)
diff --git a/wolfcrypt/src/sha512.c b/wolfcrypt/src/sha512.c
index b0ca4c201..0454ab62f 100644
--- a/wolfcrypt/src/sha512.c
+++ b/wolfcrypt/src/sha512.c
@@ -121,17 +121,6 @@
     /* #define DEBUG_YMM  */
 #endif
 
-#if defined(HAVE_BYTEREVERSE64) && \
-        !defined(HAVE_INTEL_AVX1) && !defined(HAVE_INTEL_AVX2)
-    #define ByteReverseWords64(out, in, size) ByteReverseWords64_1(out, size)
-    #define ByteReverseWords64_1(buf, size) \
-        { unsigned int i ;\
-            for(i=0; i< size/sizeof(word64); i++){\
-                __asm__ volatile("bswapq %0":"+r"(buf[i])::) ;\
-            }\
-        }
-#endif
-
 #if defined(WOLFSSL_IMX6_CAAM) && !defined(NO_IMX6_CAAM_HASH) && \
     !defined(WOLFSSL_QNX_CAAM)
     /* functions defined in wolfcrypt/src/port/caam/caam_sha.c */
@@ -325,6 +314,9 @@ static int InitSha512(wc_Sha512* sha512)
 #ifdef WOLFSSL_HASH_FLAGS
     sha512->flags = 0;
 #endif
+#if defined(WOLFSSL_SHA512_HASHTYPE)
+    sha512->hashType = WC_HASH_TYPE_SHA512;
+#endif /* WOLFSSL_SHA512_HASHTYPE */
     return 0;
 }
 
@@ -378,6 +370,9 @@ static int InitSha512_224(wc_Sha512* sha512)
 #ifdef WOLFSSL_HASH_FLAGS
     sha512->flags = 0;
 #endif
+#if defined(WOLFSSL_SHA512_HASHTYPE)
+    sha512->hashType = WC_HASH_TYPE_SHA512_224;
+#endif /* WOLFSSL_SHA512_HASHTYPE */
     return 0;
 }
 #endif /* !WOLFSSL_NOSHA512_224 && !FIPS ... */
@@ -431,6 +426,9 @@ static int InitSha512_256(wc_Sha512* sha512)
 #ifdef WOLFSSL_HASH_FLAGS
     sha512->flags = 0;
 #endif
+#if defined(WOLFSSL_SHA512_HASHTYPE)
+    sha512->hashType = WC_HASH_TYPE_SHA512_256;
+#endif /* WOLFSSL_SHA512_HASHTYPE */
     return 0;
 }
 #endif /* !WOLFSSL_NOSHA512_256 && !FIPS... */
@@ -535,7 +533,7 @@ static int InitSha512_256(wc_Sha512* sha512)
     }  /* extern "C" */
 #endif
 
-    static word32 intel_flags = 0;
+    static cpuid_flags_t intel_flags = WC_CPUID_INITIALIZER;
 
 #if defined(WC_C_DYNAMIC_FALLBACK) && !defined(WC_NO_INTERNAL_FUNCTION_POINTERS)
     #define WC_NO_INTERNAL_FUNCTION_POINTERS
@@ -573,8 +571,7 @@ static int InitSha512_256(wc_Sha512* sha512)
         }
     #endif
 
-        if (intel_flags == 0)
-            intel_flags = cpuid_get_flags();
+        cpuid_get_flags_ex(&intel_flags);
 
     #if defined(HAVE_INTEL_AVX2)
         if (IS_INTEL_AVX2(intel_flags)) {
@@ -685,12 +682,12 @@ static int InitSha512_256(wc_Sha512* sha512)
 
     static WC_INLINE int Transform_Sha512(wc_Sha512 *sha512) {
         int ret;
-    #ifdef WOLFSSL_LINUXKM
+    #ifdef WOLFSSL_USE_SAVE_VECTOR_REGISTERS
         if (Transform_Sha512_is_vectorized)
             SAVE_VECTOR_REGISTERS(return _svr_ret;);
     #endif
         ret = (*Transform_Sha512_p)(sha512);
-    #ifdef WOLFSSL_LINUXKM
+    #ifdef WOLFSSL_USE_SAVE_VECTOR_REGISTERS
         if (Transform_Sha512_is_vectorized)
             RESTORE_VECTOR_REGISTERS();
     #endif
@@ -698,12 +695,12 @@ static int InitSha512_256(wc_Sha512* sha512)
     }
     static WC_INLINE int Transform_Sha512_Len(wc_Sha512 *sha512, word32 len) {
         int ret;
-    #ifdef WOLFSSL_LINUXKM
+    #ifdef WOLFSSL_USE_SAVE_VECTOR_REGISTERS
         if (Transform_Sha512_is_vectorized)
             SAVE_VECTOR_REGISTERS(return _svr_ret;);
     #endif
         ret = (*Transform_Sha512_Len_p)(sha512, len);
-    #ifdef WOLFSSL_LINUXKM
+    #ifdef WOLFSSL_USE_SAVE_VECTOR_REGISTERS
         if (Transform_Sha512_is_vectorized)
             RESTORE_VECTOR_REGISTERS();
     #endif
@@ -715,7 +712,7 @@ static int InitSha512_256(wc_Sha512* sha512)
         if (transform_check)
             return;
 
-        intel_flags = cpuid_get_flags();
+        cpuid_get_flags_ex(&intel_flags);
 
     #if defined(HAVE_INTEL_AVX2)
         if (IS_INTEL_AVX2(intel_flags)) {
@@ -1392,17 +1389,23 @@ static WC_INLINE int Sha512Final(wc_Sha512* sha512)
 #elif defined(STM32_HASH_SHA512)
 #else
 
-static int Sha512FinalRaw(wc_Sha512* sha512, byte* hash, size_t digestSz)
+static int Sha512FinalRaw(wc_Sha512* sha512, byte* hash, word32 digestSz)
 {
     if (sha512 == NULL || hash == NULL) {
         return BAD_FUNC_ARG;
     }
 
 #ifdef LITTLE_ENDIAN_ORDER
-    ByteReverseWords64(sha512->digest, sha512->digest, WC_SHA512_DIGEST_SIZE);
-#endif
-
+    if ((digestSz & 0x7) == 0)
+        ByteReverseWords64((word64 *)hash, sha512->digest, digestSz);
+    else {
+        ByteReverseWords64(sha512->digest, sha512->digest,
+                           WC_SHA512_DIGEST_SIZE);
+        XMEMCPY(hash, sha512->digest, digestSz);
+    }
+#else
     XMEMCPY(hash, sha512->digest, digestSz);
+#endif
 
     return 0;
 }
@@ -1500,7 +1503,8 @@ void wc_Sha512Free(wc_Sha512* sha512)
     KcapiHashFree(&sha512->kcapi);
 #endif
 
-#if defined(WOLFSSL_HASH_KEEP)
+#if defined(WOLFSSL_HASH_KEEP) ||\
+   (defined(WOLFSSL_RENESAS_RSIP) && (WOLFSSL_RENESAS_RZFSP_VER >= 220))
     if (sha512->msg != NULL) {
         ForceZero(sha512->msg, sha512->len);
         XFREE(sha512->msg, sha512->heap, DYNAMIC_TYPE_TMP_BUFFER);
@@ -1798,10 +1802,10 @@ int wc_Sha384FinalRaw(wc_Sha384* sha384, byte* hash)
     }
 
 #ifdef LITTLE_ENDIAN_ORDER
-    ByteReverseWords64(sha384->digest, sha384->digest, WC_SHA384_DIGEST_SIZE);
-#endif
-
+    ByteReverseWords64((word64 *)hash, sha384->digest, WC_SHA384_DIGEST_SIZE);
+#else
     XMEMCPY(hash, sha384->digest, WC_SHA384_DIGEST_SIZE);
+#endif
 
     return 0;
 }
@@ -1931,7 +1935,8 @@ void wc_Sha384Free(wc_Sha384* sha384)
     KcapiHashFree(&sha384->kcapi);
 #endif
 
-#if defined(WOLFSSL_HASH_KEEP)
+#if defined(WOLFSSL_HASH_KEEP) || \
+   (defined(WOLFSSL_RENESAS_RSIP) && (WOLFSSL_RENESAS_RZFSP_VER >= 220))
     if (sha384->msg != NULL) {
         ForceZero(sha384->msg, sha384->len);
         XFREE(sha384->msg, sha384->heap, DYNAMIC_TYPE_TMP_BUFFER);
diff --git a/wolfcrypt/src/sha512_asm.S b/wolfcrypt/src/sha512_asm.S
index bb5455fda..05496e3ce 100644
--- a/wolfcrypt/src/sha512_asm.S
+++ b/wolfcrypt/src/sha512_asm.S
@@ -68,13 +68,13 @@ L_avx1_sha512_k:
 .quad	0x72be5d74f27b896f,0x80deb1fe3b1696b1
 .quad	0x9bdc06a725c71235,0xc19bf174cf692694
 .quad	0xe49b69c19ef14ad2,0xefbe4786384f25e3
-.quad	0xfc19dc68b8cd5b5,0x240ca1cc77ac9c65
+.quad	0x0fc19dc68b8cd5b5,0x240ca1cc77ac9c65
 .quad	0x2de92c6f592b0275,0x4a7484aa6ea6e483
 .quad	0x5cb0a9dcbd41fbd4,0x76f988da831153b5
 .quad	0x983e5152ee66dfab,0xa831c66d2db43210
 .quad	0xb00327c898fb213f,0xbf597fc7beef0ee4
 .quad	0xc6e00bf33da88fc2,0xd5a79147930aa725
-.quad	0x6ca6351e003826f,0x142929670a0e6e70
+.quad	0x06ca6351e003826f,0x142929670a0e6e70
 .quad	0x27b70a8546d22ffc,0x2e1b21385c26c926
 .quad	0x4d2c6dfc5ac42aed,0x53380d139d95b3df
 .quad	0x650a73548baf63de,0x766a0abb3c77b2a8
@@ -93,7 +93,7 @@ L_avx1_sha512_k:
 .quad	0xbef9a3f7b2c67915,0xc67178f2e372532b
 .quad	0xca273eceea26619c,0xd186b8c721c0c207
 .quad	0xeada7dd6cde0eb1e,0xf57d4f7fee6ed178
-.quad	0x6f067aa72176fba,0xa637dc5a2c898a6
+.quad	0x06f067aa72176fba,0x0a637dc5a2c898a6
 .quad	0x113f9804bef90dae,0x1b710b35131c471b
 .quad	0x28db77f523047d84,0x32caab7b40c72493
 .quad	0x3c9ebe0a15c9bebc,0x431d67c49c100d4c
@@ -2696,13 +2696,13 @@ L_avx1_rorx_sha512_k:
 .quad	0x72be5d74f27b896f,0x80deb1fe3b1696b1
 .quad	0x9bdc06a725c71235,0xc19bf174cf692694
 .quad	0xe49b69c19ef14ad2,0xefbe4786384f25e3
-.quad	0xfc19dc68b8cd5b5,0x240ca1cc77ac9c65
+.quad	0x0fc19dc68b8cd5b5,0x240ca1cc77ac9c65
 .quad	0x2de92c6f592b0275,0x4a7484aa6ea6e483
 .quad	0x5cb0a9dcbd41fbd4,0x76f988da831153b5
 .quad	0x983e5152ee66dfab,0xa831c66d2db43210
 .quad	0xb00327c898fb213f,0xbf597fc7beef0ee4
 .quad	0xc6e00bf33da88fc2,0xd5a79147930aa725
-.quad	0x6ca6351e003826f,0x142929670a0e6e70
+.quad	0x06ca6351e003826f,0x142929670a0e6e70
 .quad	0x27b70a8546d22ffc,0x2e1b21385c26c926
 .quad	0x4d2c6dfc5ac42aed,0x53380d139d95b3df
 .quad	0x650a73548baf63de,0x766a0abb3c77b2a8
@@ -2721,7 +2721,7 @@ L_avx1_rorx_sha512_k:
 .quad	0xbef9a3f7b2c67915,0xc67178f2e372532b
 .quad	0xca273eceea26619c,0xd186b8c721c0c207
 .quad	0xeada7dd6cde0eb1e,0xf57d4f7fee6ed178
-.quad	0x6f067aa72176fba,0xa637dc5a2c898a6
+.quad	0x06f067aa72176fba,0x0a637dc5a2c898a6
 .quad	0x113f9804bef90dae,0x1b710b35131c471b
 .quad	0x28db77f523047d84,0x32caab7b40c72493
 .quad	0x3c9ebe0a15c9bebc,0x431d67c49c100d4c
@@ -5200,13 +5200,13 @@ L_avx2_sha512_k:
 .quad	0x72be5d74f27b896f,0x80deb1fe3b1696b1
 .quad	0x9bdc06a725c71235,0xc19bf174cf692694
 .quad	0xe49b69c19ef14ad2,0xefbe4786384f25e3
-.quad	0xfc19dc68b8cd5b5,0x240ca1cc77ac9c65
+.quad	0x0fc19dc68b8cd5b5,0x240ca1cc77ac9c65
 .quad	0x2de92c6f592b0275,0x4a7484aa6ea6e483
 .quad	0x5cb0a9dcbd41fbd4,0x76f988da831153b5
 .quad	0x983e5152ee66dfab,0xa831c66d2db43210
 .quad	0xb00327c898fb213f,0xbf597fc7beef0ee4
 .quad	0xc6e00bf33da88fc2,0xd5a79147930aa725
-.quad	0x6ca6351e003826f,0x142929670a0e6e70
+.quad	0x06ca6351e003826f,0x142929670a0e6e70
 .quad	0x27b70a8546d22ffc,0x2e1b21385c26c926
 .quad	0x4d2c6dfc5ac42aed,0x53380d139d95b3df
 .quad	0x650a73548baf63de,0x766a0abb3c77b2a8
@@ -5225,7 +5225,7 @@ L_avx2_sha512_k:
 .quad	0xbef9a3f7b2c67915,0xc67178f2e372532b
 .quad	0xca273eceea26619c,0xd186b8c721c0c207
 .quad	0xeada7dd6cde0eb1e,0xf57d4f7fee6ed178
-.quad	0x6f067aa72176fba,0xa637dc5a2c898a6
+.quad	0x06f067aa72176fba,0x0a637dc5a2c898a6
 .quad	0x113f9804bef90dae,0x1b710b35131c471b
 .quad	0x28db77f523047d84,0x32caab7b40c72493
 .quad	0x3c9ebe0a15c9bebc,0x431d67c49c100d4c
@@ -5260,8 +5260,8 @@ L_avx2_sha512_k_2:
 .quad	0x9bdc06a725c71235,0xc19bf174cf692694
 .quad	0xe49b69c19ef14ad2,0xefbe4786384f25e3
 .quad	0xe49b69c19ef14ad2,0xefbe4786384f25e3
-.quad	0xfc19dc68b8cd5b5,0x240ca1cc77ac9c65
-.quad	0xfc19dc68b8cd5b5,0x240ca1cc77ac9c65
+.quad	0x0fc19dc68b8cd5b5,0x240ca1cc77ac9c65
+.quad	0x0fc19dc68b8cd5b5,0x240ca1cc77ac9c65
 .quad	0x2de92c6f592b0275,0x4a7484aa6ea6e483
 .quad	0x2de92c6f592b0275,0x4a7484aa6ea6e483
 .quad	0x5cb0a9dcbd41fbd4,0x76f988da831153b5
@@ -5272,8 +5272,8 @@ L_avx2_sha512_k_2:
 .quad	0xb00327c898fb213f,0xbf597fc7beef0ee4
 .quad	0xc6e00bf33da88fc2,0xd5a79147930aa725
 .quad	0xc6e00bf33da88fc2,0xd5a79147930aa725
-.quad	0x6ca6351e003826f,0x142929670a0e6e70
-.quad	0x6ca6351e003826f,0x142929670a0e6e70
+.quad	0x06ca6351e003826f,0x142929670a0e6e70
+.quad	0x06ca6351e003826f,0x142929670a0e6e70
 .quad	0x27b70a8546d22ffc,0x2e1b21385c26c926
 .quad	0x27b70a8546d22ffc,0x2e1b21385c26c926
 .quad	0x4d2c6dfc5ac42aed,0x53380d139d95b3df
@@ -5310,8 +5310,8 @@ L_avx2_sha512_k_2:
 .quad	0xca273eceea26619c,0xd186b8c721c0c207
 .quad	0xeada7dd6cde0eb1e,0xf57d4f7fee6ed178
 .quad	0xeada7dd6cde0eb1e,0xf57d4f7fee6ed178
-.quad	0x6f067aa72176fba,0xa637dc5a2c898a6
-.quad	0x6f067aa72176fba,0xa637dc5a2c898a6
+.quad	0x06f067aa72176fba,0x0a637dc5a2c898a6
+.quad	0x06f067aa72176fba,0x0a637dc5a2c898a6
 .quad	0x113f9804bef90dae,0x1b710b35131c471b
 .quad	0x113f9804bef90dae,0x1b710b35131c471b
 .quad	0x28db77f523047d84,0x32caab7b40c72493
@@ -8057,13 +8057,13 @@ L_avx2_rorx_sha512_k:
 .quad	0x72be5d74f27b896f,0x80deb1fe3b1696b1
 .quad	0x9bdc06a725c71235,0xc19bf174cf692694
 .quad	0xe49b69c19ef14ad2,0xefbe4786384f25e3
-.quad	0xfc19dc68b8cd5b5,0x240ca1cc77ac9c65
+.quad	0x0fc19dc68b8cd5b5,0x240ca1cc77ac9c65
 .quad	0x2de92c6f592b0275,0x4a7484aa6ea6e483
 .quad	0x5cb0a9dcbd41fbd4,0x76f988da831153b5
 .quad	0x983e5152ee66dfab,0xa831c66d2db43210
 .quad	0xb00327c898fb213f,0xbf597fc7beef0ee4
 .quad	0xc6e00bf33da88fc2,0xd5a79147930aa725
-.quad	0x6ca6351e003826f,0x142929670a0e6e70
+.quad	0x06ca6351e003826f,0x142929670a0e6e70
 .quad	0x27b70a8546d22ffc,0x2e1b21385c26c926
 .quad	0x4d2c6dfc5ac42aed,0x53380d139d95b3df
 .quad	0x650a73548baf63de,0x766a0abb3c77b2a8
@@ -8082,7 +8082,7 @@ L_avx2_rorx_sha512_k:
 .quad	0xbef9a3f7b2c67915,0xc67178f2e372532b
 .quad	0xca273eceea26619c,0xd186b8c721c0c207
 .quad	0xeada7dd6cde0eb1e,0xf57d4f7fee6ed178
-.quad	0x6f067aa72176fba,0xa637dc5a2c898a6
+.quad	0x06f067aa72176fba,0x0a637dc5a2c898a6
 .quad	0x113f9804bef90dae,0x1b710b35131c471b
 .quad	0x28db77f523047d84,0x32caab7b40c72493
 .quad	0x3c9ebe0a15c9bebc,0x431d67c49c100d4c
@@ -8117,8 +8117,8 @@ L_avx2_rorx_sha512_k_2:
 .quad	0x9bdc06a725c71235,0xc19bf174cf692694
 .quad	0xe49b69c19ef14ad2,0xefbe4786384f25e3
 .quad	0xe49b69c19ef14ad2,0xefbe4786384f25e3
-.quad	0xfc19dc68b8cd5b5,0x240ca1cc77ac9c65
-.quad	0xfc19dc68b8cd5b5,0x240ca1cc77ac9c65
+.quad	0x0fc19dc68b8cd5b5,0x240ca1cc77ac9c65
+.quad	0x0fc19dc68b8cd5b5,0x240ca1cc77ac9c65
 .quad	0x2de92c6f592b0275,0x4a7484aa6ea6e483
 .quad	0x2de92c6f592b0275,0x4a7484aa6ea6e483
 .quad	0x5cb0a9dcbd41fbd4,0x76f988da831153b5
@@ -8129,8 +8129,8 @@ L_avx2_rorx_sha512_k_2:
 .quad	0xb00327c898fb213f,0xbf597fc7beef0ee4
 .quad	0xc6e00bf33da88fc2,0xd5a79147930aa725
 .quad	0xc6e00bf33da88fc2,0xd5a79147930aa725
-.quad	0x6ca6351e003826f,0x142929670a0e6e70
-.quad	0x6ca6351e003826f,0x142929670a0e6e70
+.quad	0x06ca6351e003826f,0x142929670a0e6e70
+.quad	0x06ca6351e003826f,0x142929670a0e6e70
 .quad	0x27b70a8546d22ffc,0x2e1b21385c26c926
 .quad	0x27b70a8546d22ffc,0x2e1b21385c26c926
 .quad	0x4d2c6dfc5ac42aed,0x53380d139d95b3df
@@ -8167,8 +8167,8 @@ L_avx2_rorx_sha512_k_2:
 .quad	0xca273eceea26619c,0xd186b8c721c0c207
 .quad	0xeada7dd6cde0eb1e,0xf57d4f7fee6ed178
 .quad	0xeada7dd6cde0eb1e,0xf57d4f7fee6ed178
-.quad	0x6f067aa72176fba,0xa637dc5a2c898a6
-.quad	0x6f067aa72176fba,0xa637dc5a2c898a6
+.quad	0x06f067aa72176fba,0x0a637dc5a2c898a6
+.quad	0x06f067aa72176fba,0x0a637dc5a2c898a6
 .quad	0x113f9804bef90dae,0x1b710b35131c471b
 .quad	0x113f9804bef90dae,0x1b710b35131c471b
 .quad	0x28db77f523047d84,0x32caab7b40c72493
diff --git a/wolfcrypt/src/sp_int.c b/wolfcrypt/src/sp_int.c
index ebccf39f2..17865c5b2 100644
--- a/wolfcrypt/src/sp_int.c
+++ b/wolfcrypt/src/sp_int.c
@@ -108,12 +108,12 @@ This library provides single precision (SP) integer math functions.
     PRAGMA_GCC("GCC diagnostic ignored \"-Warray-bounds\"")
 #endif
 
-#if defined(WOLFSSL_LINUXKM) && !defined(WOLFSSL_SP_ASM)
+#if defined(WOLFSSL_USE_SAVE_VECTOR_REGISTERS) && !defined(WOLFSSL_SP_ASM)
     /* force off unneeded vector register save/restore. */
     #undef SAVE_VECTOR_REGISTERS
-    #define SAVE_VECTOR_REGISTERS(fail_clause) WC_DO_NOTHING
+    #define SAVE_VECTOR_REGISTERS(fail_clause) SAVE_NO_VECTOR_REGISTERS(fail_clause)
     #undef RESTORE_VECTOR_REGISTERS
-    #define RESTORE_VECTOR_REGISTERS() WC_DO_NOTHING
+    #define RESTORE_VECTOR_REGISTERS() RESTORE_NO_VECTOR_REGISTERS()
 #endif
 
 /* DECL_SP_INT: Declare one variable of type 'sp_int'. */
@@ -5495,7 +5495,7 @@ int sp_exch(sp_int* a, sp_int* b)
 int sp_cond_swap_ct_ex(sp_int* a, sp_int* b, int cnt, int swap, sp_int* t)
 {
     unsigned int i;
-    sp_int_digit mask = (sp_int_digit)0 - (sp_int_digit)swap;
+    volatile sp_int_digit mask = (sp_int_digit)0 - (sp_int_digit)swap;
 
     /* XOR other fields in sp_int into temp - mask set when swapping. */
     t->used = (a->used ^ b->used) & (sp_size_t)mask;
@@ -5765,7 +5765,7 @@ static int _sp_cmp_ct(const sp_int* a, const sp_int* b, unsigned int n)
 {
     int ret = MP_EQ;
     int i;
-    int mask = -1;
+    volatile int mask = -1;
 
     for (i = n - 1; i >= 0; i--) {
         sp_int_digit ad = a->dp[i] & ((sp_int_digit)0 - (i < (int)a->used));
@@ -7298,7 +7298,8 @@ static void _sp_div_2(const sp_int* a, sp_int* r)
 
     /* Shift down each word by 1 and include bottom bit of next at top. */
     for (i = 0; i < (int)a->used - 1; i++) {
-        r->dp[i] = (a->dp[i] >> 1) | (a->dp[i+1] << (SP_WORD_SIZE - 1));
+        r->dp[i]  = a->dp[i] >> 1;
+        r->dp[i] |= a->dp[i+1] << (SP_WORD_SIZE - 1);
     }
     /* Last word only needs to be shifted down. */
     r->dp[i] = a->dp[i] >> 1;
@@ -7378,7 +7379,7 @@ int sp_div_2_mod_ct(const sp_int* a, const sp_int* m, sp_int* r)
         sp_int_digit t;
     #endif
         /* Mask to apply to modulus. */
-        sp_int_digit mask = (sp_int_digit)0 - (a->dp[0] & 1);
+        volatile sp_int_digit mask = (sp_int_digit)0 - (a->dp[0] & 1);
         sp_size_t i;
 
     #if 0
@@ -7389,7 +7390,7 @@ int sp_div_2_mod_ct(const sp_int* a, const sp_int* m, sp_int* r)
         /* Add a to m, if a is odd, into r in constant time. */
         for (i = 0; i < m->used; i++) {
             /* Mask to apply to a - set when used value at index. */
-            sp_int_digit mask_a = (sp_int_digit)0 - (i < a->used);
+            volatile sp_int_digit mask_a = (sp_int_digit)0 - (i < a->used);
 
         #ifndef SQR_MUL_ASM
             /* Conditionally add modulus. */
@@ -8013,7 +8014,7 @@ static void sp_clamp_ct(sp_int* a)
 {
     int i;
     sp_size_t used = a->used;
-    sp_size_t mask = (sp_size_t)-1;
+    volatile sp_size_t mask = (sp_size_t)-1;
 
     for (i = (int)a->used - 1; i >= 0; i--) {
 #if ((SP_WORD_SIZE == 64) && \
@@ -8062,9 +8063,9 @@ int sp_addmod_ct(const sp_int* a, const sp_int* b, const sp_int* m, sp_int* r)
     sp_int_digit sh;
     sp_int_digit t;
 #endif
-    sp_int_digit mask;
-    sp_int_digit mask_a = (sp_int_digit)-1;
-    sp_int_digit mask_b = (sp_int_digit)-1;
+    volatile sp_int_digit mask;
+    volatile sp_int_digit mask_a = (sp_int_digit)-1;
+    volatile sp_int_digit mask_b = (sp_int_digit)-1;
     sp_size_t i;
 
     /* Check result is as big as modulus. */
@@ -8226,9 +8227,9 @@ static void _sp_submod_ct(const sp_int* a, const sp_int* b, const sp_int* m,
     sp_int_digit h;
     sp_int_digit t;
 #endif
-    sp_int_digit mask;
-    sp_int_digit mask_a = (sp_int_digit)-1;
-    sp_int_digit mask_b = (sp_int_digit)-1;
+    volatile sp_int_digit mask;
+    volatile sp_int_digit mask_a = (sp_int_digit)-1;
+    volatile sp_int_digit mask_b = (sp_int_digit)-1;
     unsigned int i;
 
     /* In constant time, subtract b from a putting result in r. */
@@ -14208,7 +14209,7 @@ static int _sp_exptmod_nct(const sp_int* b, const sp_int* e, const sp_int* m,
         winBits = 6;
     }
     else if (bits <= 21) {
-        winBits = 1;
+        winBits = 2;
     }
     else if (bits <= 36) {
         winBits = 3;
@@ -17449,7 +17450,7 @@ static int _sp_mont_red(sp_int* a, const sp_int* m, sp_int_digit mp, int ct)
         /* 1. mask = (1 << (NumBits(m) % WORD_SIZE)) - 1
          *    Mask when last digit of modulus doesn't have highest bit set.
          */
-        sp_int_digit mask = (sp_int_digit)
+        volatile sp_int_digit mask = (sp_int_digit)
             (((sp_int_digit)1 << (bits & (SP_WORD_SIZE - 1))) - 1);
         /* Overflow. */
         sp_int_word o = 0;
@@ -17530,7 +17531,7 @@ static int _sp_mont_red(sp_int* a, const sp_int* m, sp_int_digit mp, int ct)
     int bits;
     sp_int_digit mu;
     sp_int_digit o;
-    sp_int_digit mask;
+    volatile sp_int_digit mask;
 
 #if 0
     sp_print(a, "a");
@@ -18032,7 +18033,7 @@ int sp_unsigned_bin_size(const sp_int* a)
     int cnt = 0;
 
     if (a != NULL) {
-        cnt = (sp_count_bits(a) + 7) / 8;
+        cnt = (sp_count_bits(a) + 7) >> 3;
     }
 
     return cnt;
@@ -18256,20 +18257,22 @@ int sp_to_unsigned_bin_len_ct(const sp_int* a, byte* out, int outSz)
         /* Start at the end of the buffer - least significant byte. */
         int j;
         unsigned int i;
-        sp_int_digit mask = (sp_int_digit)-1;
+        volatile sp_int_digit mask = (sp_int_digit)-1;
         sp_int_digit d;
 
         /* Put each digit in. */
         i = 0;
         for (j = outSz - 1; j >= 0; ) {
             unsigned int b;
+            volatile unsigned int notFull = (i < (unsigned int)a->used - 1);
+
             d = a->dp[i];
             /* Place each byte of a digit into the buffer. */
             for (b = 0; (j >= 0) && (b < SP_WORD_SIZEOF); b++) {
                 out[j--] = (byte)(d & mask);
                 d >>= 8;
             }
-            mask &= (sp_int_digit)0 - (i < (unsigned int)a->used - 1);
+            mask &= (sp_int_digit)0 - notFull;
             i += (unsigned int)(1 & mask);
         }
     }
@@ -18280,7 +18283,7 @@ int sp_to_unsigned_bin_len_ct(const sp_int* a, byte* out, int outSz)
     if (err == MP_OKAY) {
         unsigned int i;
         int j;
-        sp_int_digit mask = (sp_int_digit)-1;
+        volatile sp_int_digit mask = (sp_int_digit)-1;
 
         i = 0;
         for (j = outSz - 1; j >= 0; j--) {
@@ -18351,11 +18354,12 @@ static int _sp_read_radix_16(sp_int* a, const char* in)
     /* Step through string a character at a time starting at end - least
      * significant byte. */
     for (i = (int)(XSTRLEN(in) - 1); i >= 0; i--) {
+        volatile char c = in[i];
         /* Convert character from hex. */
-        int ch = (int)HexCharToByte(in[i]);
+        int ch = (int)HexCharToByte(c);
         /* Check for invalid character. */
         if (ch < 0) {
-            if (!eol_done && CharIsWhiteSpace(in[i]))
+            if (!eol_done && CharIsWhiteSpace(c))
                 continue;
             err = MP_VAL;
             break;
@@ -18415,7 +18419,6 @@ static int _sp_read_radix_10(sp_int* a, const char* in)
 {
     int  err = MP_OKAY;
     int  i;
-    char ch;
 
     /* Start with a being zero. */
     _sp_zero(a);
@@ -18423,7 +18426,7 @@ static int _sp_read_radix_10(sp_int* a, const char* in)
     /* Process all characters. */
     for (i = 0; in[i] != '\0'; i++) {
         /* Get character. */
-        ch = in[i];
+        volatile char ch = in[i];
         /* Check character is valid. */
         if ((ch >= '0') && (ch <= '9')) {
             /* Assume '0'..'9' are continuous values as characters. */
@@ -18785,7 +18788,7 @@ int sp_radix_size(const sp_int* a, int radix, int* size)
         }
         else {
             /* Count of nibbles. */
-            int cnt = (sp_count_bits(a) + 3) / 4;
+            int cnt = (sp_count_bits(a) + 3) >> 2;
         #ifndef WC_DISABLE_RADIX_ZERO_PAD
             /* Must have even number of nibbles to have complete bytes. */
             if (cnt & 1) {
@@ -19393,7 +19396,7 @@ static int _sp_prime_random_trials(const sp_int* a, int trials, int* result,
 {
     int err = MP_OKAY;
     int bits = sp_count_bits(a);
-    word32 baseSz = ((word32)bits + 7) / 8;
+    word32 baseSz = ((word32)bits + 7) >> 3;
     DECL_SP_INT_ARRAY(ds, a->used + 1, 2);
     DECL_SP_INT_ARRAY(d, a->used * 2 + 1, 2);
 
diff --git a/wolfcrypt/src/sp_x86_64.c b/wolfcrypt/src/sp_x86_64.c
index f8bf5419c..f3035cbee 100644
--- a/wolfcrypt/src/sp_x86_64.c
+++ b/wolfcrypt/src/sp_x86_64.c
@@ -487,7 +487,7 @@ static WC_INLINE sp_digit div_2048_word_16(sp_digit d1, sp_digit d0,
 static WC_INLINE sp_digit div_2048_word_16(sp_digit d1, sp_digit d0,
         sp_digit div)
 {
-    register sp_digit r asm("rax");
+    register sp_digit r __asm__("rax");
     ASSERT_SAVED_VECTOR_REGISTERS();
     __asm__ __volatile__ (
         "divq %3"
@@ -1169,7 +1169,7 @@ static WC_INLINE sp_digit div_2048_word_32(sp_digit d1, sp_digit d0,
 static WC_INLINE sp_digit div_2048_word_32(sp_digit d1, sp_digit d0,
         sp_digit div)
 {
-    register sp_digit r asm("rax");
+    register sp_digit r __asm__("rax");
     ASSERT_SAVED_VECTOR_REGISTERS();
     __asm__ __volatile__ (
         "divq %3"
@@ -3494,7 +3494,7 @@ static WC_INLINE sp_digit div_3072_word_24(sp_digit d1, sp_digit d0,
 static WC_INLINE sp_digit div_3072_word_24(sp_digit d1, sp_digit d0,
         sp_digit div)
 {
-    register sp_digit r asm("rax");
+    register sp_digit r __asm__("rax");
     ASSERT_SAVED_VECTOR_REGISTERS();
     __asm__ __volatile__ (
         "divq %3"
@@ -4176,7 +4176,7 @@ static WC_INLINE sp_digit div_3072_word_48(sp_digit d1, sp_digit d0,
 static WC_INLINE sp_digit div_3072_word_48(sp_digit d1, sp_digit d0,
         sp_digit div)
 {
-    register sp_digit r asm("rax");
+    register sp_digit r __asm__("rax");
     ASSERT_SAVED_VECTOR_REGISTERS();
     __asm__ __volatile__ (
         "divq %3"
@@ -6307,7 +6307,7 @@ static WC_INLINE sp_digit div_4096_word_64(sp_digit d1, sp_digit d0,
 static WC_INLINE sp_digit div_4096_word_64(sp_digit d1, sp_digit d0,
         sp_digit div)
 {
-    register sp_digit r asm("rax");
+    register sp_digit r __asm__("rax");
     ASSERT_SAVED_VECTOR_REGISTERS();
     __asm__ __volatile__ (
         "divq %3"
@@ -24991,7 +24991,7 @@ static WC_INLINE sp_digit div_256_word_4(sp_digit d1, sp_digit d0,
 static WC_INLINE sp_digit div_256_word_4(sp_digit d1, sp_digit d0,
         sp_digit div)
 {
-    register sp_digit r asm("rax");
+    register sp_digit r __asm__("rax");
     ASSERT_SAVED_VECTOR_REGISTERS();
     __asm__ __volatile__ (
         "divq %3"
@@ -50030,7 +50030,7 @@ static WC_INLINE sp_digit div_384_word_6(sp_digit d1, sp_digit d0,
 static WC_INLINE sp_digit div_384_word_6(sp_digit d1, sp_digit d0,
         sp_digit div)
 {
-    register sp_digit r asm("rax");
+    register sp_digit r __asm__("rax");
     ASSERT_SAVED_VECTOR_REGISTERS();
     __asm__ __volatile__ (
         "divq %3"
@@ -91150,7 +91150,7 @@ static WC_INLINE sp_digit div_521_word_9(sp_digit d1, sp_digit d0,
 static WC_INLINE sp_digit div_521_word_9(sp_digit d1, sp_digit d0,
         sp_digit div)
 {
-    register sp_digit r asm("rax");
+    register sp_digit r __asm__("rax");
     ASSERT_SAVED_VECTOR_REGISTERS();
     __asm__ __volatile__ (
         "divq %3"
@@ -93393,7 +93393,7 @@ static WC_INLINE sp_digit div_1024_word_16(sp_digit d1, sp_digit d0,
 static WC_INLINE sp_digit div_1024_word_16(sp_digit d1, sp_digit d0,
         sp_digit div)
 {
-    register sp_digit r asm("rax");
+    register sp_digit r __asm__("rax");
     ASSERT_SAVED_VECTOR_REGISTERS();
     __asm__ __volatile__ (
         "divq %3"
diff --git a/wolfcrypt/src/tfm.c b/wolfcrypt/src/tfm.c
index 1f07d8ecf..9941c44b7 100644
--- a/wolfcrypt/src/tfm.c
+++ b/wolfcrypt/src/tfm.c
@@ -44,6 +44,7 @@
 #include <wolfssl/wolfcrypt/tfm.h>
 #include <wolfcrypt/src/asm.c>  /* will define asm MACROS or C ones */
 #include <wolfssl/wolfcrypt/wolfmath.h> /* common functions */
+#include <wolfssl/wolfcrypt/logging.h>
 
 #ifdef WOLFSSL_ESPIDF
     #include <esp_log.h>
@@ -3297,7 +3298,18 @@ int fp_exptmod_nct(fp_int * G, fp_int * X, fp_int * P, fp_int * Y)
 #endif
 
    /* handle modulus of zero and prevent overflows */
-   if (fp_iszero(P) || (P->used > (FP_SIZE/2))) {
+   if  (fp_iszero(P)) {
+      return FP_VAL;
+   }
+   if (P->used > (FP_SIZE/2)) {
+      /* FP_MAX_BITS too small is a common cert failure cause */
+#ifdef WOLFSSL_DEBUG_CERTS
+      WOLFSSL_MSG_CERT_EX("TFM fp_exptmod_nct failed: P.used (%d) > (FP_SIZE/2)"
+                       "; FP_SIZE: %d; FP_MAX_SIZE: %d",
+                       P->used, FP_SIZE, FP_MAX_BITS, FP_MAX_SIZE);
+      WOLFSSL_MSG_CERT_EX("Consider adjusting current FP_MAX_BITS: %d",
+                       FP_MAX_BITS);
+#endif
       return FP_VAL;
    }
    if (fp_isone(P)) {
diff --git a/wolfcrypt/src/wc_mldsa_asm.S b/wolfcrypt/src/wc_mldsa_asm.S
new file mode 100644
index 000000000..5d13fb085
--- /dev/null
+++ b/wolfcrypt/src/wc_mldsa_asm.S
@@ -0,0 +1,35223 @@
+/* wc_mldsa_asm.S */
+/*
+ * Copyright (C) 2006-2025 wolfSSL Inc.
+ *
+ * This file is part of wolfSSL.
+ *
+ * wolfSSL is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * wolfSSL is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA
+ */
+
+#ifdef WOLFSSL_USER_SETTINGS
+#ifdef WOLFSSL_USER_SETTINGS_ASM
+/*
+ * user_settings_asm.h is a file generated by the script user_settings_asm.sh.
+ * The script takes in a user_settings.h and produces user_settings_asm.h, which
+ * is a stripped down version of user_settings.h containing only preprocessor
+ * directives. This makes the header safe to include in assembly (.S) files.
+ */
+#include "user_settings_asm.h"
+#else
+/*
+ * Note: if user_settings.h contains any C code (e.g. a typedef or function
+ * prototype), including it here in an assembly (.S) file will cause an
+ * assembler failure. See user_settings_asm.h above.
+ */
+#include "user_settings.h"
+#endif /* WOLFSSL_USER_SETTINGS_ASM */
+#endif /* WOLFSSL_USER_SETTINGS */
+
+#ifndef HAVE_INTEL_AVX1
+#define HAVE_INTEL_AVX1
+#endif /* HAVE_INTEL_AVX1 */
+#ifndef NO_AVX2_SUPPORT
+#ifndef HAVE_INTEL_AVX2
+#define HAVE_INTEL_AVX2
+#endif /* HAVE_INTEL_AVX2 */
+#endif /* NO_AVX2_SUPPORT */
+
+#ifdef WOLFSSL_WC_DILITHIUM
+#ifdef HAVE_INTEL_AVX2
+#ifndef __APPLE__
+.data
+#else
+.section	__DATA,__data
+#endif /* __APPLE__ */
+mldsa_q:
+.long	0x007fe001,0x007fe001,0x007fe001,0x007fe001
+.long	0x007fe001,0x007fe001,0x007fe001,0x007fe001
+#ifndef __APPLE__
+.data
+#else
+.section	__DATA,__data
+#endif /* __APPLE__ */
+mldsa_qinv:
+.long	0x03802001,0x03802001,0x03802001,0x03802001
+.long	0x03802001,0x03802001,0x03802001,0x03802001
+#ifndef __APPLE__
+.data
+#else
+.section	__DATA,__data
+#endif /* __APPLE__ */
+mldsa_v:
+.long	0x00400000,0x00400000,0x00400000,0x00400000
+.long	0x00400000,0x00400000,0x00400000,0x00400000
+#ifndef __APPLE__
+.data
+#else
+.section	__DATA,__data
+#endif /* __APPLE__ */
+L_mldsa_avx2_zetas:
+.long	0x000064f7,0x000064f7,0x000064f7,0x000064f7
+.long	0x000064f7,0x000064f7,0x000064f7,0x000064f7
+.long	0x6d1f44f7,0x6d1f44f7,0x6d1f44f7,0x6d1f44f7
+.long	0x6d1f44f7,0x6d1f44f7,0x6d1f44f7,0x6d1f44f7
+.long	0xffd83102,0xffd83102,0xffd83102,0xffd83102
+.long	0xffd83102,0xffd83102,0xffd83102,0xffd83102
+.long	0x8cf87102,0x8cf87102,0x8cf87102,0x8cf87102
+.long	0x8cf87102,0x8cf87102,0x8cf87102,0x8cf87102
+.long	0xfff81503,0xfff81503,0xfff81503,0xfff81503
+.long	0xfff81503,0xfff81503,0xfff81503,0xfff81503
+.long	0x8d187503,0x8d187503,0x8d187503,0x8d187503
+.long	0x8d187503,0x8d187503,0x8d187503,0x8d187503
+.long	0x00039e44,0x00039e44,0x00039e44,0x00039e44
+.long	0x00039e44,0x00039e44,0x00039e44,0x00039e44
+.long	0x61cc1e44,0x61cc1e44,0x61cc1e44,0x61cc1e44
+.long	0x61cc1e44,0x61cc1e44,0x61cc1e44,0x61cc1e44
+.long	0x001bde2b,0x001bde2b,0x001bde2b,0x001bde2b
+.long	0x001bde2b,0x001bde2b,0x001bde2b,0x001bde2b
+.long	0x12613e2b,0x12613e2b,0x12613e2b,0x12613e2b
+.long	0x12613e2b,0x12613e2b,0x12613e2b,0x12613e2b
+.long	0x0023e92b,0x0023e92b,0x0023e92b,0x0023e92b
+.long	0x0023e92b,0x0023e92b,0x0023e92b,0x0023e92b
+.long	0x93c9492b,0x93c9492b,0x93c9492b,0x93c9492b
+.long	0x93c9492b,0x93c9492b,0x93c9492b,0x93c9492b
+.long	0x00299658,0x00299658,0x00299658,0x00299658
+.long	0x00299658,0x00299658,0x00299658,0x00299658
+.long	0x66f49658,0x66f49658,0x66f49658,0x66f49658
+.long	0x66f49658,0x66f49658,0x66f49658,0x66f49658
+.long	0x000fa070,0x000fa070,0x000fa070,0x000fa070
+.long	0x000fa070,0x000fa070,0x000fa070,0x000fa070
+.long	0x7c1da070,0x7c1da070,0x7c1da070,0x7c1da070
+.long	0x7c1da070,0x7c1da070,0x7c1da070,0x7c1da070
+.long	0xffef85a4,0xffef85a4,0xffef85a4,0xffef85a4
+.long	0xffef85a4,0xffef85a4,0xffef85a4,0xffef85a4
+.long	0xaea405a4,0xaea405a4,0xaea405a4,0xaea405a4
+.long	0xaea405a4,0xaea405a4,0xaea405a4,0xaea405a4
+.long	0x0036b788,0x0036b788,0x0036b788,0x0036b788
+.long	0x0036b788,0x0036b788,0x0036b788,0x0036b788
+.long	0x3327b788,0x3327b788,0x3327b788,0x3327b788
+.long	0x3327b788,0x3327b788,0x3327b788,0x3327b788
+.long	0x00294a67,0x00294a67,0x00294a67,0x00294a67
+.long	0x00017620,0x00017620,0x00017620,0x00017620
+.long	0x91f62a67,0x91f62a67,0x91f62a67,0x91f62a67
+.long	0x9ec57620,0x9ec57620,0x9ec57620,0x9ec57620
+.long	0x002ef4cd,0x002ef4cd,0x002ef4cd,0x002ef4cd
+.long	0x0035dec5,0x0035dec5,0x0035dec5,0x0035dec5
+.long	0xac4894cd,0xac4894cd,0xac4894cd,0xac4894cd
+.long	0x6d8e7ec5,0x6d8e7ec5,0x6d8e7ec5,0x6d8e7ec5
+.long	0xffc406e5,0xffc406e5,0xffe8ac81,0xffe8ac81
+.long	0xffc7e1cf,0xffc7e1cf,0xffd19819,0xffd19819
+.long	0xa220a6e5,0xa220a6e5,0xd8f8cc81,0xd8f8cc81
+.long	0x5081c1cf,0x5081c1cf,0x8a54b819,0x8a54b819
+.long	0xffe9d65d,0xffe9d65d,0x003509ee,0x003509ee
+.long	0x002135c7,0x002135c7,0xffe7cfbb,0xffe7cfbb
+.long	0x8035765d,0x8035765d,0x6272c9ee,0x6272c9ee
+.long	0x5f5a15c7,0x5f5a15c7,0x085f2fbb,0x085f2fbb
+.long	0xffe6a503,0xffe6a503,0xffe6a503,0xffe6a503
+.long	0xffc9302c,0xffc9302c,0xffc9302c,0xffc9302c
+.long	0x5f070503,0x5f070503,0x5f070503,0x5f070503
+.long	0xbfceb02c,0xbfceb02c,0xbfceb02c,0xbfceb02c
+.long	0xffd947d4,0xffd947d4,0xffd947d4,0xffd947d4
+.long	0x003bbeaf,0x003bbeaf,0x003bbeaf,0x003bbeaf
+.long	0x8ed3c7d4,0x8ed3c7d4,0x8ed3c7d4,0x8ed3c7d4
+.long	0xdc919eaf,0xdc919eaf,0xdc919eaf,0xdc919eaf
+.long	0xffeccf75,0xffeccf75,0x001d9772,0x001d9772
+.long	0xffc1b072,0xffc1b072,0xfff0bcf6,0xfff0bcf6
+.long	0xb35b6f75,0xb35b6f75,0xc20bd772,0xc20bd772
+.long	0xc4cff072,0xc4cff072,0x748f7cf6,0x748f7cf6
+.long	0xffcf5280,0xffcf5280,0xffcfd2ae,0xffcfd2ae
+.long	0xffc890e0,0xffc890e0,0x0001efca,0x0001efca
+.long	0xaa1f5280,0xaa1f5280,0x5b2592ae,0x5b2592ae
+.long	0x21e490e0,0x21e490e0,0x80fb2fca,0x80fb2fca
+.long	0x001fea93,0x0033ff5a,0x002358d4,0x003a41f8
+.long	0xffccff72,0x00223dfb,0xffdaab9f,0xffc9a422
+.long	0xfff24a93,0x3b1f3f5a,0x513dd8d4,0x2c7941f8
+.long	0xaebb3f72,0x36619dfb,0x01ce8b9f,0xab4de422
+.long	0x000412f5,0x00252587,0xffed24f0,0x00359b5d
+.long	0xffca48a0,0xffc6a2fc,0xffedbb56,0xffcf45de
+.long	0xdbe2b2f5,0xfd560587,0xec8b24f0,0x79213b5d
+.long	0x78de48a0,0x462622fc,0x64587b56,0x718b05de
+.long	0x000dbe5e,0x001c5e1a,0x000de0e6,0x000c7f5a
+.long	0x00078f83,0xffe7628a,0xffff5704,0xfff806fc
+.long	0x00d97e5e,0xe6df9e1a,0xe12aa0e6,0x4af7bf5a
+.long	0x3c77ef83,0xcf38a28a,0x78dfd704,0x72d786fc
+.long	0xfff60021,0xffd05af6,0x001f0084,0x0030ef86
+.long	0xffc9b97d,0xfff7fcd6,0xfff44592,0xffc921c2
+.long	0x337a2021,0x682f1af6,0xae2f8084,0x7321af86
+.long	0x6c79597d,0xec92bcd6,0x07a68592,0x4b0161c2
+.long	0xfff42118,0xfff42118,0xfff42118,0xfff42118
+.long	0xfff42118,0xfff42118,0xfff42118,0xfff42118
+.long	0x58172118,0x58172118,0x58172118,0x58172118
+.long	0x58172118,0x58172118,0x58172118,0x58172118
+.long	0xfffa84ad,0xfffa84ad,0xfffa84ad,0xfffa84ad
+.long	0xfffa84ad,0xfffa84ad,0xfffa84ad,0xfffa84ad
+.long	0xae1024ad,0xae1024ad,0xae1024ad,0xae1024ad
+.long	0xae1024ad,0xae1024ad,0xae1024ad,0xae1024ad
+.long	0xffe0147f,0xffe0147f,0xffe0147f,0xffe0147f
+.long	0xffe0147f,0xffe0147f,0xffe0147f,0xffe0147f
+.long	0xbeeff47f,0xbeeff47f,0xbeeff47f,0xbeeff47f
+.long	0xbeeff47f,0xbeeff47f,0xbeeff47f,0xbeeff47f
+.long	0xfff79d90,0xfff79d90,0xfff79d90,0xfff79d90
+.long	0xfff79d90,0xfff79d90,0xfff79d90,0xfff79d90
+.long	0x6ba99d90,0x6ba99d90,0x6ba99d90,0x6ba99d90
+.long	0x6ba99d90,0x6ba99d90,0x6ba99d90,0x6ba99d90
+.long	0xffeeeaa0,0xffeeeaa0,0xffeeeaa0,0xffeeeaa0
+.long	0xffeeeaa0,0xffeeeaa0,0xffeeeaa0,0xffeeeaa0
+.long	0x0d42eaa0,0x0d42eaa0,0x0d42eaa0,0x0d42eaa0
+.long	0x0d42eaa0,0x0d42eaa0,0x0d42eaa0,0x0d42eaa0
+.long	0x0027f968,0x0027f968,0x0027f968,0x0027f968
+.long	0x0027f968,0x0027f968,0x0027f968,0x0027f968
+.long	0xeb54f968,0xeb54f968,0xeb54f968,0xeb54f968
+.long	0xeb54f968,0xeb54f968,0xeb54f968,0xeb54f968
+.long	0xffdfd37b,0xffdfd37b,0xffdfd37b,0xffdfd37b
+.long	0xffdfd37b,0xffdfd37b,0xffdfd37b,0xffdfd37b
+.long	0x28cf337b,0x28cf337b,0x28cf337b,0x28cf337b
+.long	0x28cf337b,0x28cf337b,0x28cf337b,0x28cf337b
+.long	0xffc51585,0xffc51585,0xffc51585,0xffc51585
+.long	0xffd18e7c,0xffd18e7c,0xffd18e7c,0xffd18e7c
+.long	0xf3f5b585,0xf3f5b585,0xf3f5b585,0xf3f5b585
+.long	0xe3a10e7c,0xe3a10e7c,0xe3a10e7c,0xe3a10e7c
+.long	0x00368a96,0x00368a96,0x00368a96,0x00368a96
+.long	0xffd43e41,0xffd43e41,0xffd43e41,0xffd43e41
+.long	0xde894a96,0xde894a96,0xde894a96,0xde894a96
+.long	0x6b1c5e41,0x6b1c5e41,0x6b1c5e41,0x6b1c5e41
+.long	0x003410f2,0x003410f2,0xfff0fe85,0xfff0fe85
+.long	0x0020c638,0x0020c638,0x00296e9f,0x00296e9f
+.long	0xd15250f2,0xd15250f2,0xf1419e85,0xf1419e85
+.long	0xdce7c638,0xdce7c638,0x5a7d4e9f,0x5a7d4e9f
+.long	0xffd2b7a3,0xffd2b7a3,0xffc7a44b,0xffc7a44b
+.long	0xfff9ba6d,0xfff9ba6d,0xffda3409,0xffda3409
+.long	0x114717a3,0x114717a3,0xfad1044b,0xfad1044b
+.long	0xb4c75a6d,0xb4c75a6d,0x65db5409,0x65db5409
+.long	0x00360400,0x00360400,0x00360400,0x00360400
+.long	0xfffb6a4d,0xfffb6a4d,0xfffb6a4d,0xfffb6a4d
+.long	0xc0b60400,0xc0b60400,0xc0b60400,0xc0b60400
+.long	0x7ac50a4d,0x7ac50a4d,0x7ac50a4d,0x7ac50a4d
+.long	0x0023d69c,0x0023d69c,0x0023d69c,0x0023d69c
+.long	0xfff7c55d,0xfff7c55d,0xfff7c55d,0xfff7c55d
+.long	0x9cf7569c,0x9cf7569c,0x9cf7569c,0x9cf7569c
+.long	0xbe23655d,0xbe23655d,0xbe23655d,0xbe23655d
+.long	0xfff5c282,0xfff5c282,0xffed4113,0xffed4113
+.long	0xffffa63b,0xffffa63b,0xffec09f7,0xffec09f7
+.long	0x7f460282,0x7f460282,0x6a8fa113,0x6a8fa113
+.long	0xc347063b,0xc347063b,0x61aae9f7,0x61aae9f7
+.long	0xfffa2bdd,0xfffa2bdd,0x001495d4,0x001495d4
+.long	0x001c4563,0x001c4563,0xffea2c62,0xffea2c62
+.long	0xcaf5cbdd,0xcaf5cbdd,0xf8cf15d4,0xf8cf15d4
+.long	0x6348a563,0x6348a563,0x9c766c62,0x9c766c62
+.long	0x00053919,0x0004610c,0xffdacd41,0x003eb01b
+.long	0x003472e7,0xffcd003b,0x001a7cc7,0x00031924
+.long	0x7ea85919,0x3625e10c,0xbd02ed41,0x34c2101b
+.long	0xb71152e7,0x6e54603b,0x08335cc7,0x61279924
+.long	0x002b5ee5,0x00291199,0xffd87a3a,0x00134d71
+.long	0x003de11c,0x00130984,0x0025f051,0x00185a46
+.long	0x8d87fee5,0xb9dc3199,0xda1fba3a,0x75416d71
+.long	0x9e61611c,0xaf438984,0xd9b01051,0x00611a46
+.long	0xffc68518,0x001314be,0x00283891,0xffc9db90
+.long	0xffd25089,0x001c853f,0x001d0b4b,0xffeff6a6
+.long	0xa4698518,0xfbaad4be,0x02ba5891,0xb33bdb90
+.long	0x29637089,0xed44653f,0x28066b4b,0x43c4b6a6
+.long	0xffeba8be,0x0012e11b,0xffcd5e3e,0xffea2d2f
+.long	0xfff91de4,0x001406c7,0x00327283,0xffe20d6e
+.long	0x0e0368be,0x3ab6411b,0x84951e3e,0x6a100d2f
+.long	0xc1b59de4,0x396ce6c7,0x1902d283,0x428fcd6e
+.long	0xfff2a128,0xfff2a128,0xfff2a128,0xfff2a128
+.long	0xfff2a128,0xfff2a128,0xfff2a128,0xfff2a128
+.long	0x6017a128,0x6017a128,0x6017a128,0x6017a128
+.long	0x6017a128,0x6017a128,0x6017a128,0x6017a128
+.long	0x002f9a75,0x002f9a75,0x002f9a75,0x002f9a75
+.long	0x002f9a75,0x002f9a75,0x002f9a75,0x002f9a75
+.long	0x8cfe3a75,0x8cfe3a75,0x8cfe3a75,0x8cfe3a75
+.long	0x8cfe3a75,0x8cfe3a75,0x8cfe3a75,0x8cfe3a75
+.long	0xffd3fb09,0xffd3fb09,0xffd3fb09,0xffd3fb09
+.long	0xffd3fb09,0xffd3fb09,0xffd3fb09,0xffd3fb09
+.long	0x1eb51b09,0x1eb51b09,0x1eb51b09,0x1eb51b09
+.long	0x1eb51b09,0x1eb51b09,0x1eb51b09,0x1eb51b09
+.long	0xffdfadd6,0xffdfadd6,0xffdfadd6,0xffdfadd6
+.long	0xffdfadd6,0xffdfadd6,0xffdfadd6,0xffdfadd6
+.long	0x629a6dd6,0x629a6dd6,0x629a6dd6,0x629a6dd6
+.long	0x629a6dd6,0x629a6dd6,0x629a6dd6,0x629a6dd6
+.long	0xffc51ae7,0xffc51ae7,0xffc51ae7,0xffc51ae7
+.long	0xffc51ae7,0xffc51ae7,0xffc51ae7,0xffc51ae7
+.long	0xcba1fae7,0xcba1fae7,0xcba1fae7,0xcba1fae7
+.long	0xcba1fae7,0xcba1fae7,0xcba1fae7,0xcba1fae7
+.long	0xffeaa4f7,0xffeaa4f7,0xffeaa4f7,0xffeaa4f7
+.long	0xffeaa4f7,0xffeaa4f7,0xffeaa4f7,0xffeaa4f7
+.long	0xb50984f7,0xb50984f7,0xb50984f7,0xb50984f7
+.long	0xb50984f7,0xb50984f7,0xb50984f7,0xb50984f7
+.long	0xffcdfc98,0xffcdfc98,0xffcdfc98,0xffcdfc98
+.long	0xffcdfc98,0xffcdfc98,0xffcdfc98,0xffcdfc98
+.long	0xd360fc98,0xd360fc98,0xd360fc98,0xd360fc98
+.long	0xd360fc98,0xd360fc98,0xd360fc98,0xd360fc98
+.long	0xffe6123d,0xffe6123d,0xffe6123d,0xffe6123d
+.long	0xffe6ead6,0xffe6ead6,0xffe6ead6,0xffe6ead6
+.long	0x97adb23d,0x97adb23d,0x97adb23d,0x97adb23d
+.long	0xca41aad6,0xca41aad6,0xca41aad6,0xca41aad6
+.long	0x00357e1e,0x00357e1e,0x00357e1e,0x00357e1e
+.long	0xffc5af59,0xffc5af59,0xffc5af59,0xffc5af59
+.long	0x18f93e1e,0x18f93e1e,0x18f93e1e,0x18f93e1e
+.long	0x6d30cf59,0x6d30cf59,0x6d30cf59,0x6d30cf59
+.long	0xffccfbe9,0xffccfbe9,0x00040af0,0x00040af0
+.long	0x0007c417,0x0007c417,0x002f4588,0x002f4588
+.long	0x4eca1be9,0x4eca1be9,0xc9620af0,0xc9620af0
+.long	0x490aa417,0x490aa417,0x44e04588,0x44e04588
+.long	0x0000ad00,0x0000ad00,0xffef36be,0xffef36be
+.long	0x000dcd44,0x000dcd44,0x003c675a,0x003c675a
+.long	0x95a0ad00,0x95a0ad00,0x7fc6f6be,0x7fc6f6be
+.long	0x27b64d44,0x27b64d44,0x4827a75a,0x4827a75a
+.long	0x0035843f,0x0035843f,0x0035843f,0x0035843f
+.long	0xffdf5617,0xffdf5617,0xffdf5617,0xffdf5617
+.long	0x8d3d643f,0x8d3d643f,0x8d3d643f,0x8d3d643f
+.long	0x3b223617,0x3b223617,0x3b223617,0x3b223617
+.long	0xffe7945c,0xffe7945c,0xffe7945c,0xffe7945c
+.long	0x0038738c,0x0038738c,0x0038738c,0x0038738c
+.long	0x3473145c,0x3473145c,0x3473145c,0x3473145c
+.long	0x78a9f38c,0x78a9f38c,0x78a9f38c,0x78a9f38c
+.long	0xffc72bca,0xffc72bca,0xffffde7e,0xffffde7e
+.long	0x00193948,0x00193948,0xffce69c0,0xffce69c0
+.long	0x28406bca,0x28406bca,0xb4cf9e7e,0xb4cf9e7e
+.long	0xa3423948,0xa3423948,0xed0669c0,0xed0669c0
+.long	0x0024756c,0x0024756c,0xfffcc7df,0xfffcc7df
+.long	0x000b98a1,0x000b98a1,0xffebe808,0xffebe808
+.long	0x88d1f56c,0x88d1f56c,0x2578a7df,0x2578a7df
+.long	0xa69fb8a1,0xa69fb8a1,0x98ece808,0x98ece808
+.long	0xffec7953,0x001d4099,0xffd92578,0xffeb05ad
+.long	0x0016e405,0x000bdbe7,0x00221de8,0x0033f8cf
+.long	0x3196d953,0xbfb06099,0x48882578,0x3e20a5ad
+.long	0xee178405,0x2408bbe7,0xefdf1de8,0x53cdd8cf
+.long	0xfff7b934,0xffd4ca0c,0xffe67ff8,0xffe3d157
+.long	0xffd8911b,0xffc72c12,0x000910d8,0xffc65e1f
+.long	0x2d1e3934,0xc3164a0c,0xb3e57ff8,0x2a8eb157
+.long	0xf07bf11b,0x24496c12,0x162410d8,0x380a3e1f
+.long	0xffe14658,0x00251d8b,0x002573b7,0xfffd7c8f
+.long	0x001ddd98,0x00336898,0x0002d4bb,0xffed93a7
+.long	0x5cac4658,0x0a567d8b,0xaf1c53b7,0xa40f5c8f
+.long	0x4fd0dd98,0x81466898,0xe91a34bb,0x7ae273a7
+.long	0xffcf6cbe,0x00027c1c,0x0018aa08,0x002dfd71
+.long	0x000c5ca5,0x0019379a,0xffc7a167,0xffe48c3d
+.long	0x86672cbe,0xb185fc1c,0x3159aa08,0xcb5c1d71
+.long	0xcd20fca5,0xc20c779a,0xdc748167,0x66ec2c3d
+.long	0x00071e24,0x00071e24,0x00071e24,0x00071e24
+.long	0x00071e24,0x00071e24,0x00071e24,0x00071e24
+.long	0x61cb9e24,0x61cb9e24,0x61cb9e24,0x61cb9e24
+.long	0x61cb9e24,0x61cb9e24,0x61cb9e24,0x61cb9e24
+.long	0x002f7a49,0x002f7a49,0x002f7a49,0x002f7a49
+.long	0x002f7a49,0x002f7a49,0x002f7a49,0x002f7a49
+.long	0xeef89a49,0xeef89a49,0xeef89a49,0xeef89a49
+.long	0xeef89a49,0xeef89a49,0xeef89a49,0xeef89a49
+.long	0x0028e527,0x0028e527,0x0028e527,0x0028e527
+.long	0x0028e527,0x0028e527,0x0028e527,0x0028e527
+.long	0x254dc527,0x254dc527,0x254dc527,0x254dc527
+.long	0x254dc527,0x254dc527,0x254dc527,0x254dc527
+.long	0x001ad035,0x001ad035,0x001ad035,0x001ad035
+.long	0x001ad035,0x001ad035,0x001ad035,0x001ad035
+.long	0x13a17035,0x13a17035,0x13a17035,0x13a17035
+.long	0x13a17035,0x13a17035,0x13a17035,0x13a17035
+.long	0xffffb422,0xffffb422,0xffffb422,0xffffb422
+.long	0xffffb422,0xffffb422,0xffffb422,0xffffb422
+.long	0x6d83f422,0x6d83f422,0x6d83f422,0x6d83f422
+.long	0x6d83f422,0x6d83f422,0x6d83f422,0x6d83f422
+.long	0x003d3201,0x003d3201,0x003d3201,0x003d3201
+.long	0x003d3201,0x003d3201,0x003d3201,0x003d3201
+.long	0xa9fd5201,0xa9fd5201,0xa9fd5201,0xa9fd5201
+.long	0xa9fd5201,0xa9fd5201,0xa9fd5201,0xa9fd5201
+.long	0x000445c5,0x000445c5,0x000445c5,0x000445c5
+.long	0x000445c5,0x000445c5,0x000445c5,0x000445c5
+.long	0xba3ce5c5,0xba3ce5c5,0xba3ce5c5,0xba3ce5c5
+.long	0xba3ce5c5,0xba3ce5c5,0xba3ce5c5,0xba3ce5c5
+.long	0x000c63a8,0x000c63a8,0x000c63a8,0x000c63a8
+.long	0x00081b9a,0x00081b9a,0x00081b9a,0x00081b9a
+.long	0x588163a8,0x588163a8,0x588163a8,0x588163a8
+.long	0x9e7b5b9a,0x9e7b5b9a,0x9e7b5b9a,0x9e7b5b9a
+.long	0x000e8f76,0x000e8f76,0x000e8f76,0x000e8f76
+.long	0x003b3853,0x003b3853,0x003b3853,0x003b3853
+.long	0xeefd4f76,0xeefd4f76,0xeefd4f76,0xeefd4f76
+.long	0x89c59853,0x89c59853,0x89c59853,0x89c59853
+.long	0x0002e46c,0x0002e46c,0xffc9c808,0xffc9c808
+.long	0x003036c2,0x003036c2,0xffe3bff6,0xffe3bff6
+.long	0xd690646c,0xd690646c,0x54cac808,0x54cac808
+.long	0xae0876c2,0xae0876c2,0x54e27ff6,0x54e27ff6
+.long	0xffdb3c93,0xffdb3c93,0xfffd4ae0,0xfffd4ae0
+.long	0x00141305,0x00141305,0x00147792,0x00147792
+.long	0x69ed9c93,0x69ed9c93,0xb9594ae0,0xb9594ae0
+.long	0x13f4b305,0x13f4b305,0x0e06b792,0x0e06b792
+.long	0x003b8534,0x003b8534,0x003b8534,0x003b8534
+.long	0xffd8fc30,0xffd8fc30,0xffd8fc30,0xffd8fc30
+.long	0xa6e20534,0xa6e20534,0xa6e20534,0xa6e20534
+.long	0xc75efc30,0xc75efc30,0xc75efc30,0xc75efc30
+.long	0x001f9d54,0x001f9d54,0x001f9d54,0x001f9d54
+.long	0xffd54f2d,0xffd54f2d,0xffd54f2d,0xffd54f2d
+.long	0x99ca1d54,0x99ca1d54,0x99ca1d54,0x99ca1d54
+.long	0xc73aef2d,0xc73aef2d,0xc73aef2d,0xc73aef2d
+.long	0x00139e25,0x00139e25,0xffe7d0e0,0xffe7d0e0
+.long	0xfff39944,0xfff39944,0xffea0802,0xffea0802
+.long	0xf5583e25,0xf5583e25,0x0a03d0e0,0x0a03d0e0
+.long	0xe11c1944,0xe11c1944,0x47ea4802,0x47ea4802
+.long	0xffd1eea2,0xffd1eea2,0xffc4c79c,0xffc4c79c
+.long	0xffc8a057,0xffc8a057,0x003a97d9,0x003a97d9
+.long	0x74a62ea2,0x74a62ea2,0x3ab8479c,0x3ab8479c
+.long	0x44538057,0x44538057,0xcab5b7d9,0xcab5b7d9
+.long	0xffd1a13c,0x0035c539,0x003b0115,0x00041dc0
+.long	0x0021c4f7,0xfff11bf4,0x001a35e7,0x0007340e
+.long	0x85f9213c,0x005ce539,0x29dda115,0xa3bc1dc0
+.long	0x9940a4f7,0xf96f9bf4,0xef5715e7,0x1788f40e
+.long	0xfff97d45,0x001a4cd0,0xffe47cae,0x001d2668
+.long	0xffe68e98,0xffef2633,0xfffc05da,0xffc57fdb
+.long	0xa1221d45,0x21b44cd0,0xf07a3cae,0x10ea2668
+.long	0xe5b98e98,0x97358633,0xfbb745da,0x2e40dfdb
+.long	0xffd32764,0xffdde1af,0xfff993dd,0xffdd1d09
+.long	0x0002cc93,0xfff11805,0x00189c2a,0xffc9e5a9
+.long	0x42bfa764,0xa093c1af,0xb7f533dd,0x42fe3d09
+.long	0x5c152c93,0x3471b805,0xa69ddc2a,0x0bff05a9
+.long	0xfff78a50,0x003bcf2c,0xffff434e,0xffeb36df
+.long	0x003c15ca,0x00155e68,0xfff316b6,0x001e29ce
+.long	0x09418a50,0x94214f2c,0x7969034e,0x734716df
+.long	0xc5f555ca,0x17e25e68,0xdfc9d6b6,0x1657e9ce
+#ifndef __APPLE__
+.data
+#else
+.section	__DATA,__data
+#endif /* __APPLE__ */
+L_mldsa_avx2_zetas_basemul:
+.long	0xffc406e5,0xffe9d65d,0x003cf91b,0x001729a3
+.long	0xffe8ac81,0x003509ee,0x0018537f,0xffcbf612
+.long	0xffc7e1cf,0x002135c7,0x00391e31,0xffdfca39
+.long	0xffd19819,0xffe7cfbb,0x002f67e7,0x00193045
+.long	0x0000a6e5,0x0000765d,0x0000591b,0x000089a3
+.long	0x0000cc81,0x0000c9ee,0x0000337f,0x00003612
+.long	0x0000c1cf,0x000015c7,0x00003e31,0x0000ea39
+.long	0x0000b819,0x00002fbb,0x000047e7,0x0000d045
+.long	0xffeccf75,0xffcf5280,0x0014308b,0x0031ad80
+.long	0x001d9772,0xffcfd2ae,0xffe3688e,0x00312d52
+.long	0xffc1b072,0xffc890e0,0x003f4f8e,0x00386f20
+.long	0xfff0bcf6,0x0001efca,0x0010430a,0xffff1036
+.long	0x00006f75,0x00005280,0x0000908b,0x0000ad80
+.long	0x0000d772,0x000092ae,0x0000288e,0x00006d52
+.long	0x0000f072,0x000090e0,0x00000f8e,0x00006f20
+.long	0x00007cf6,0x00002fca,0x0000830a,0x0000d036
+.long	0x003410f2,0xffd2b7a3,0xffccef0e,0x002e485d
+.long	0xfff0fe85,0xffc7a44b,0x0010017b,0x00395bb5
+.long	0x0020c638,0xfff9ba6d,0xffe039c8,0x00074593
+.long	0x00296e9f,0xffda3409,0xffd79161,0x0026cbf7
+.long	0x000050f2,0x000017a3,0x0000af0e,0x0000e85d
+.long	0x00009e85,0x0000044b,0x0000617b,0x0000fbb5
+.long	0x0000c638,0x00005a6d,0x000039c8,0x0000a593
+.long	0x00004e9f,0x00005409,0x0000b161,0x0000abf7
+.long	0xfff5c282,0xfffa2bdd,0x000b3d7e,0x0006d423
+.long	0xffed4113,0x001495d4,0x0013beed,0xffec6a2c
+.long	0xffffa63b,0x001c4563,0x000159c5,0xffe4ba9d
+.long	0xffec09f7,0xffea2c62,0x0014f609,0x0016d39e
+.long	0x00000282,0x0000cbdd,0x0000fd7e,0x00003423
+.long	0x0000a113,0x000015d4,0x00005eed,0x0000ea2c
+.long	0x0000063b,0x0000a563,0x0000f9c5,0x00005a9d
+.long	0x0000e9f7,0x00006c62,0x00001609,0x0000939e
+.long	0xffccfbe9,0x0000ad00,0x00340417,0x00005300
+.long	0x00040af0,0xffef36be,0xfffcf510,0x0011c942
+.long	0x0007c417,0x000dcd44,0xfff93be9,0xfff332bc
+.long	0x002f4588,0x003c675a,0xffd1ba78,0xffc498a6
+.long	0x00001be9,0x0000ad00,0x0000e417,0x00005300
+.long	0x00000af0,0x0000f6be,0x0000f510,0x00000942
+.long	0x0000a417,0x00004d44,0x00005be9,0x0000b2bc
+.long	0x00004588,0x0000a75a,0x0000ba78,0x000058a6
+.long	0xffc72bca,0x0024756c,0x0039d436,0xffdc8a94
+.long	0xffffde7e,0xfffcc7df,0x00012182,0x00043821
+.long	0x00193948,0x000b98a1,0xffe7c6b8,0xfff5675f
+.long	0xffce69c0,0xffebe808,0x00329640,0x001517f8
+.long	0x00006bca,0x0000f56c,0x00009436,0x00000a94
+.long	0x00009e7e,0x0000a7df,0x00006182,0x00005821
+.long	0x00003948,0x0000b8a1,0x0000c6b8,0x0000475f
+.long	0x000069c0,0x0000e808,0x00009640,0x000017f8
+.long	0x0002e46c,0xffdb3c93,0xfffe1b94,0x0025c36d
+.long	0xffc9c808,0xfffd4ae0,0x003737f8,0x0003b520
+.long	0x003036c2,0x00141305,0xffd0c93e,0xffececfb
+.long	0xffe3bff6,0x00147792,0x001d400a,0xffec886e
+.long	0x0000646c,0x00009c93,0x00009b94,0x0000636d
+.long	0x0000c808,0x00004ae0,0x000037f8,0x0000b520
+.long	0x000076c2,0x0000b305,0x0000893e,0x00004cfb
+.long	0x00007ff6,0x0000b792,0x0000800a,0x0000486e
+.long	0x00139e25,0xffd1eea2,0xffed61db,0x002f115e
+.long	0xffe7d0e0,0xffc4c79c,0x00192f20,0x003c3864
+.long	0xfff39944,0xffc8a057,0x000d66bc,0x00385fa9
+.long	0xffea0802,0x003a97d9,0x0016f7fe,0xffc66827
+.long	0x00003e25,0x00002ea2,0x0000c1db,0x0000d15e
+.long	0x0000d0e0,0x0000479c,0x00002f20,0x0000b864
+.long	0x00001944,0x00008057,0x0000e6bc,0x00007fa9
+.long	0x00004802,0x0000b7d9,0x0000b7fe,0x00004827
+#ifndef __APPLE__
+.data
+#else
+.section	__DATA,__data
+#endif /* __APPLE__ */
+L_mldsa_avx2_zetas_1:
+.long	0xffc97e01,0xffc97e01,0xffc97e01,0xffc97e01
+.long	0xffc97e01,0xffc97e01,0xffc97e01,0xffc97e01
+#ifndef __APPLE__
+.data
+#else
+.section	__DATA,__data
+#endif /* __APPLE__ */
+L_mldsa_avx2_zetas_inv:
+.long	0xffe1d632,0x000ce94a,0xffeaa198,0xffc3ea36
+.long	0x0014c921,0x0000bcb2,0xffc430d4,0x000875b0
+.long	0xe9a81632,0x2036294a,0xe81da198,0x3a0aaa36
+.long	0x8cb8e921,0x8696fcb2,0x6bdeb0d4,0xf6be75b0
+.long	0x00361a57,0xffe763d6,0x000ee7fb,0xfffd336d
+.long	0x0022e2f7,0x00066c23,0x00221e51,0x002cd89c
+.long	0xf400fa57,0x596223d6,0xcb8e47fb,0xa3ead36d
+.long	0xbd01c2f7,0x480acc23,0x5f6c3e51,0xbd40589c
+.long	0xffc56827,0xffc56827,0x00375fa9,0x00375fa9
+.long	0x003b3864,0x003b3864,0x002e115e,0x002e115e
+.long	0x354a4827,0x354a4827,0xbbac7fa9,0xbbac7fa9
+.long	0xc547b864,0xc547b864,0x8b59d15e,0x8b59d15e
+.long	0x0015f7fe,0x0015f7fe,0x000c66bc,0x000c66bc
+.long	0x00182f20,0x00182f20,0xffec61db,0xffec61db
+.long	0xb815b7fe,0xb815b7fe,0x1ee3e6bc,0x1ee3e6bc
+.long	0xf5fc2f20,0xf5fc2f20,0x0aa7c1db,0x0aa7c1db
+.long	0x002ab0d3,0x002ab0d3,0x002ab0d3,0x002ab0d3
+.long	0xffe062ac,0xffe062ac,0xffe062ac,0xffe062ac
+.long	0x38c510d3,0x38c510d3,0x38c510d3,0x38c510d3
+.long	0x6635e2ac,0x6635e2ac,0x6635e2ac,0x6635e2ac
+.long	0x002703d0,0x002703d0,0x002703d0,0x002703d0
+.long	0xffc47acc,0xffc47acc,0xffc47acc,0xffc47acc
+.long	0x38a103d0,0x38a103d0,0x38a103d0,0x38a103d0
+.long	0x591dfacc,0x591dfacc,0x591dfacc,0x591dfacc
+.long	0xfffbba3b,0xfffbba3b,0xfffbba3b,0xfffbba3b
+.long	0xfffbba3b,0xfffbba3b,0xfffbba3b,0xfffbba3b
+.long	0x45c31a3b,0x45c31a3b,0x45c31a3b,0x45c31a3b
+.long	0x45c31a3b,0x45c31a3b,0x45c31a3b,0x45c31a3b
+.long	0xffc2cdff,0xffc2cdff,0xffc2cdff,0xffc2cdff
+.long	0xffc2cdff,0xffc2cdff,0xffc2cdff,0xffc2cdff
+.long	0x5602adff,0x5602adff,0x5602adff,0x5602adff
+.long	0x5602adff,0x5602adff,0x5602adff,0x5602adff
+.long	0xffd71ad9,0xffd71ad9,0xffd71ad9,0xffd71ad9
+.long	0xffd71ad9,0xffd71ad9,0xffd71ad9,0xffd71ad9
+.long	0xdab23ad9,0xdab23ad9,0xdab23ad9,0xdab23ad9
+.long	0xdab23ad9,0xdab23ad9,0xdab23ad9,0xdab23ad9
+.long	0x003a8025,0x0003fa26,0x0010d9cd,0x00197168
+.long	0xffe2d998,0x001b8352,0xffe5b330,0x000682bb
+.long	0xd1bf2025,0x0448ba26,0x68ca79cd,0x1a467168
+.long	0xef15d998,0x0f85c352,0xde4bb330,0x5edde2bb
+.long	0xfff8cbf2,0xffe5ca19,0x000ee40c,0xffde3b09
+.long	0xfffbe240,0xffc4feeb,0xffca3ac7,0x002e5ec4
+.long	0xe8770bf2,0x10a8ea19,0x0690640c,0x66bf5b09
+.long	0x5c43e240,0xd6225eeb,0xffa31ac7,0x7a06dec4
+.long	0xffeb886e,0xffeb886e,0xffebecfb,0xffebecfb
+.long	0x0002b520,0x0002b520,0x0024c36d,0x0024c36d
+.long	0xf1f9486e,0xf1f9486e,0xec0b4cfb,0xec0b4cfb
+.long	0x46a6b520,0x46a6b520,0x9612636d,0x9612636d
+.long	0x001c400a,0x001c400a,0xffcfc93e,0xffcfc93e
+.long	0x003637f8,0x003637f8,0xfffd1b94,0xfffd1b94
+.long	0xab1d800a,0xab1d800a,0x51f7893e,0x51f7893e
+.long	0xab3537f8,0xab3537f8,0x296f9b94,0x296f9b94
+.long	0xffc4c7ad,0xffc4c7ad,0xffc4c7ad,0xffc4c7ad
+.long	0xfff1708a,0xfff1708a,0xfff1708a,0xfff1708a
+.long	0x763a67ad,0x763a67ad,0x763a67ad,0x763a67ad
+.long	0x1102b08a,0x1102b08a,0x1102b08a,0x1102b08a
+.long	0xfff7e466,0xfff7e466,0xfff7e466,0xfff7e466
+.long	0xfff39c58,0xfff39c58,0xfff39c58,0xfff39c58
+.long	0x6184a466,0x6184a466,0x6184a466,0x6184a466
+.long	0xa77e9c58,0xa77e9c58,0xa77e9c58,0xa77e9c58
+.long	0x00004bde,0x00004bde,0x00004bde,0x00004bde
+.long	0x00004bde,0x00004bde,0x00004bde,0x00004bde
+.long	0x927c0bde,0x927c0bde,0x927c0bde,0x927c0bde
+.long	0x927c0bde,0x927c0bde,0x927c0bde,0x927c0bde
+.long	0xffe52fcb,0xffe52fcb,0xffe52fcb,0xffe52fcb
+.long	0xffe52fcb,0xffe52fcb,0xffe52fcb,0xffe52fcb
+.long	0xec5e8fcb,0xec5e8fcb,0xec5e8fcb,0xec5e8fcb
+.long	0xec5e8fcb,0xec5e8fcb,0xec5e8fcb,0xec5e8fcb
+.long	0xffd085b7,0xffd085b7,0xffd085b7,0xffd085b7
+.long	0xffd085b7,0xffd085b7,0xffd085b7,0xffd085b7
+.long	0x110765b7,0x110765b7,0x110765b7,0x110765b7
+.long	0x110765b7,0x110765b7,0x110765b7,0x110765b7
+.long	0xfff8e1dc,0xfff8e1dc,0xfff8e1dc,0xfff8e1dc
+.long	0xfff8e1dc,0xfff8e1dc,0xfff8e1dc,0xfff8e1dc
+.long	0x9e3461dc,0x9e3461dc,0x9e3461dc,0x9e3461dc
+.long	0x9e3461dc,0x9e3461dc,0x9e3461dc,0x9e3461dc
+.long	0x001b73c3,0x00385e99,0xffe6c866,0xfff3a35b
+.long	0xffd2028f,0xffe755f8,0xfffd83e4,0x00309342
+.long	0x9913d3c3,0x238b7e99,0x3df38866,0x32df035b
+.long	0x34a3e28f,0xcea655f8,0x4e7a03e4,0x7998d342
+.long	0x00126c59,0xfffd2b45,0xffcc9768,0xffe22268
+.long	0x00028371,0xffda8c49,0xffdae275,0x001eb9a8
+.long	0x851d8c59,0x16e5cb45,0x7eb99768,0xb02f2268
+.long	0x5bf0a371,0x50e3ac49,0xf5a98275,0xa353b9a8
+.long	0x001417f8,0x001417f8,0xfff4675f,0xfff4675f
+.long	0x00033821,0x00033821,0xffdb8a94,0xffdb8a94
+.long	0x671317f8,0x671317f8,0x5960475f,0x5960475f
+.long	0xda875821,0xda875821,0x772e0a94,0x772e0a94
+.long	0x00319640,0x00319640,0xffe6c6b8,0xffe6c6b8
+.long	0x00002182,0x00002182,0x0038d436,0x0038d436
+.long	0x12f99640,0x12f99640,0x5cbdc6b8,0x5cbdc6b8
+.long	0x4b306182,0x4b306182,0xd7bf9436,0xd7bf9436
+.long	0xffc78c74,0xffc78c74,0xffc78c74,0xffc78c74
+.long	0x00186ba4,0x00186ba4,0x00186ba4,0x00186ba4
+.long	0x87560c74,0x87560c74,0x87560c74,0x87560c74
+.long	0xcb8ceba4,0xcb8ceba4,0xcb8ceba4,0xcb8ceba4
+.long	0x0020a9e9,0x0020a9e9,0x0020a9e9,0x0020a9e9
+.long	0xffca7bc1,0xffca7bc1,0xffca7bc1,0xffca7bc1
+.long	0xc4ddc9e9,0xc4ddc9e9,0xc4ddc9e9,0xc4ddc9e9
+.long	0x72c29bc1,0x72c29bc1,0x72c29bc1,0x72c29bc1
+.long	0x00320368,0x00320368,0x00320368,0x00320368
+.long	0x00320368,0x00320368,0x00320368,0x00320368
+.long	0x2c9f0368,0x2c9f0368,0x2c9f0368,0x2c9f0368
+.long	0x2c9f0368,0x2c9f0368,0x2c9f0368,0x2c9f0368
+.long	0x00155b09,0x00155b09,0x00155b09,0x00155b09
+.long	0x00155b09,0x00155b09,0x00155b09,0x00155b09
+.long	0x4af67b09,0x4af67b09,0x4af67b09,0x4af67b09
+.long	0x4af67b09,0x4af67b09,0x4af67b09,0x4af67b09
+.long	0x002c04f7,0x002c04f7,0x002c04f7,0x002c04f7
+.long	0x002c04f7,0x002c04f7,0x002c04f7,0x002c04f7
+.long	0xe14ae4f7,0xe14ae4f7,0xe14ae4f7,0xe14ae4f7
+.long	0xe14ae4f7,0xe14ae4f7,0xe14ae4f7,0xe14ae4f7
+.long	0x0039a1e1,0xfff6ef28,0x0038d3ee,0x00276ee5
+.long	0x001c2ea9,0x00198008,0x002b35f4,0x000846cc
+.long	0xc7f5c1e1,0xe9dbef28,0xdbb693ee,0x0f840ee5
+.long	0xd5714ea9,0x4c1a8008,0x3ce9b5f4,0xd2e1c6cc
+.long	0xffcc0731,0xffdde218,0xfff42419,0xffe91bfb
+.long	0x0014fa53,0x0026da88,0xffe2bf67,0x001386ad
+.long	0xac322731,0x1020e218,0xdbf74419,0x11e87bfb
+.long	0xc1df5a53,0xb777da88,0x404f9f67,0xce6926ad
+.long	0xffc398a6,0xffc398a6,0xfff232bc,0xfff232bc
+.long	0x0010c942,0x0010c942,0xffff5300,0xffff5300
+.long	0xb7d858a6,0xb7d858a6,0xd849b2bc,0xd849b2bc
+.long	0x80390942,0x80390942,0x6a5f5300,0x6a5f5300
+.long	0xffd0ba78,0xffd0ba78,0xfff83be9,0xfff83be9
+.long	0xfffbf510,0xfffbf510,0x00330417,0x00330417
+.long	0xbb1fba78,0xbb1fba78,0xb6f55be9,0xb6f55be9
+.long	0x369df510,0x369df510,0xb135e417,0xb135e417
+.long	0x003a50a7,0x003a50a7,0x003a50a7,0x003a50a7
+.long	0xffca81e2,0xffca81e2,0xffca81e2,0xffca81e2
+.long	0x92cf30a7,0x92cf30a7,0x92cf30a7,0x92cf30a7
+.long	0xe706c1e2,0xe706c1e2,0xe706c1e2,0xe706c1e2
+.long	0x0019152a,0x0019152a,0x0019152a,0x0019152a
+.long	0x0019edc3,0x0019edc3,0x0019edc3,0x0019edc3
+.long	0x35be552a,0x35be552a,0x35be552a,0x35be552a
+.long	0x68524dc3,0x68524dc3,0x68524dc3,0x68524dc3
+.long	0x003ae519,0x003ae519,0x003ae519,0x003ae519
+.long	0x003ae519,0x003ae519,0x003ae519,0x003ae519
+.long	0x345e0519,0x345e0519,0x345e0519,0x345e0519
+.long	0x345e0519,0x345e0519,0x345e0519,0x345e0519
+.long	0x0020522a,0x0020522a,0x0020522a,0x0020522a
+.long	0x0020522a,0x0020522a,0x0020522a,0x0020522a
+.long	0x9d65922a,0x9d65922a,0x9d65922a,0x9d65922a
+.long	0x9d65922a,0x9d65922a,0x9d65922a,0x9d65922a
+.long	0xffd0658b,0xffd0658b,0xffd0658b,0xffd0658b
+.long	0xffd0658b,0xffd0658b,0xffd0658b,0xffd0658b
+.long	0x7301c58b,0x7301c58b,0x7301c58b,0x7301c58b
+.long	0x7301c58b,0x7301c58b,0x7301c58b,0x7301c58b
+.long	0x000d5ed8,0x000d5ed8,0x000d5ed8,0x000d5ed8
+.long	0x000d5ed8,0x000d5ed8,0x000d5ed8,0x000d5ed8
+.long	0x9fe85ed8,0x9fe85ed8,0x9fe85ed8,0x9fe85ed8
+.long	0x9fe85ed8,0x9fe85ed8,0x9fe85ed8,0x9fe85ed8
+.long	0x001df292,0xffcd8d7d,0xffebf939,0x0006e21c
+.long	0x0015d2d1,0x0032a1c2,0xffed1ee5,0x00145742
+.long	0xbd703292,0xe6fd2d7d,0xc6931939,0x3e4a621c
+.long	0x95eff2d1,0x7b6ae1c2,0xc549bee5,0xf1fc9742
+.long	0x0010095a,0xffe2f4b5,0xffe37ac1,0x002daf77
+.long	0x00362470,0xffd7c76f,0xffeceb42,0x00397ae8
+.long	0xbc3b495a,0xd7f994b5,0x12bb9ac1,0xd69c8f77
+.long	0x4cc42470,0xfd45a76f,0x04552b42,0x5b967ae8
+.long	0x0015d39e,0x0015d39e,0xffe3ba9d,0xffe3ba9d
+.long	0xffeb6a2c,0xffeb6a2c,0x0005d423,0x0005d423
+.long	0x6389939e,0x6389939e,0x9cb75a9d,0x9cb75a9d
+.long	0x0730ea2c,0x0730ea2c,0x350a3423,0x350a3423
+.long	0x0013f609,0x0013f609,0x000059c5,0x000059c5
+.long	0x0012beed,0x0012beed,0x000a3d7e,0x000a3d7e
+.long	0x9e551609,0x9e551609,0x3cb8f9c5,0x3cb8f9c5
+.long	0x95705eed,0x95705eed,0x80b9fd7e,0x80b9fd7e
+.long	0x00083aa3,0x00083aa3,0x00083aa3,0x00083aa3
+.long	0xffdc2964,0xffdc2964,0xffdc2964,0xffdc2964
+.long	0x41dc9aa3,0x41dc9aa3,0x41dc9aa3,0x41dc9aa3
+.long	0x6308a964,0x6308a964,0x6308a964,0x6308a964
+.long	0x000495b3,0x000495b3,0x000495b3,0x000495b3
+.long	0xffc9fc00,0xffc9fc00,0xffc9fc00,0xffc9fc00
+.long	0x853af5b3,0x853af5b3,0x853af5b3,0x853af5b3
+.long	0x3f49fc00,0x3f49fc00,0x3f49fc00,0x3f49fc00
+.long	0x00202c85,0x00202c85,0x00202c85,0x00202c85
+.long	0x00202c85,0x00202c85,0x00202c85,0x00202c85
+.long	0xd730cc85,0xd730cc85,0xd730cc85,0xd730cc85
+.long	0xd730cc85,0xd730cc85,0xd730cc85,0xd730cc85
+.long	0xffd80698,0xffd80698,0xffd80698,0xffd80698
+.long	0xffd80698,0xffd80698,0xffd80698,0xffd80698
+.long	0x14ab0698,0x14ab0698,0x14ab0698,0x14ab0698
+.long	0x14ab0698,0x14ab0698,0x14ab0698,0x14ab0698
+.long	0x001feb81,0x001feb81,0x001feb81,0x001feb81
+.long	0x001feb81,0x001feb81,0x001feb81,0x001feb81
+.long	0x41100b81,0x41100b81,0x41100b81,0x41100b81
+.long	0x41100b81,0x41100b81,0x41100b81,0x41100b81
+.long	0xffe7a5ba,0xffda0faf,0xffecf67c,0xffc21ee4
+.long	0xffecb28f,0x002785c6,0xffd6ee67,0xffd4a11b
+.long	0xff9ee5ba,0x264fefaf,0x50bc767c,0x619e9ee4
+.long	0x8abe928f,0x25e045c6,0x4623ce67,0x7278011b
+.long	0xfffce6dc,0xffe58339,0x0032ffc5,0xffcb8d19
+.long	0xffc14fe5,0x002532bf,0xfffb9ef4,0xfffac6e7
+.long	0x9ed866dc,0xf7cca339,0x91ab9fc5,0x48eead19
+.long	0xcb3defe5,0x42fd12bf,0xc9da1ef4,0x8157a6e7
+.long	0x0025cbf7,0x0025cbf7,0x00064593,0x00064593
+.long	0x00385bb5,0x00385bb5,0x002d485d,0x002d485d
+.long	0x9a24abf7,0x9a24abf7,0x4b38a593,0x4b38a593
+.long	0x052efbb5,0x052efbb5,0xeeb8e85d,0xeeb8e85d
+.long	0xffd69161,0xffd69161,0xffdf39c8,0xffdf39c8
+.long	0x000f017b,0x000f017b,0xffcbef0e,0xffcbef0e
+.long	0xa582b161,0xa582b161,0x231839c8,0x231839c8
+.long	0x0ebe617b,0x0ebe617b,0x2eadaf0e,0x2eadaf0e
+.long	0x002bc1bf,0x002bc1bf,0x002bc1bf,0x002bc1bf
+.long	0xffc9756a,0xffc9756a,0xffc9756a,0xffc9756a
+.long	0x94e3a1bf,0x94e3a1bf,0x94e3a1bf,0x94e3a1bf
+.long	0x2176b56a,0x2176b56a,0x2176b56a,0x2176b56a
+.long	0x002e7184,0x002e7184,0x002e7184,0x002e7184
+.long	0x003aea7b,0x003aea7b,0x003aea7b,0x003aea7b
+.long	0x1c5ef184,0x1c5ef184,0x1c5ef184,0x1c5ef184
+.long	0x0c0a4a7b,0x0c0a4a7b,0x0c0a4a7b,0x0c0a4a7b
+.long	0x00111560,0x00111560,0x00111560,0x00111560
+.long	0x00111560,0x00111560,0x00111560,0x00111560
+.long	0xf2bd1560,0xf2bd1560,0xf2bd1560,0xf2bd1560
+.long	0xf2bd1560,0xf2bd1560,0xf2bd1560,0xf2bd1560
+.long	0x00086270,0x00086270,0x00086270,0x00086270
+.long	0x00086270,0x00086270,0x00086270,0x00086270
+.long	0x94566270,0x94566270,0x94566270,0x94566270
+.long	0x94566270,0x94566270,0x94566270,0x94566270
+.long	0x00057b53,0x00057b53,0x00057b53,0x00057b53
+.long	0x00057b53,0x00057b53,0x00057b53,0x00057b53
+.long	0x51efdb53,0x51efdb53,0x51efdb53,0x51efdb53
+.long	0x51efdb53,0x51efdb53,0x51efdb53,0x51efdb53
+.long	0x000bdee8,0x000bdee8,0x000bdee8,0x000bdee8
+.long	0x000bdee8,0x000bdee8,0x000bdee8,0x000bdee8
+.long	0xa7e8dee8,0xa7e8dee8,0xa7e8dee8,0xa7e8dee8
+.long	0xa7e8dee8,0xa7e8dee8,0xa7e8dee8,0xa7e8dee8
+.long	0x0036de3e,0x000bba6e,0x0008032a,0x00364683
+.long	0xffcf107a,0xffe0ff7c,0x002fa50a,0x0009ffdf
+.long	0xb4fe9e3e,0xf8597a6e,0x136d432a,0x9386a683
+.long	0x8cde507a,0x51d07f7c,0x97d0e50a,0xcc85dfdf
+.long	0x0007f904,0x0000a8fc,0x00189d76,0xfff8707d
+.long	0xfff380a6,0xfff21f1a,0xffe3a1e6,0xfff241a2
+.long	0x8d287904,0x872028fc,0x30c75d76,0xc388107d
+.long	0xb50840a6,0x1ed55f1a,0x192061e6,0xff2681a2
+.long	0xfffe1036,0xfffe1036,0x00376f20,0x00376f20
+.long	0x00302d52,0x00302d52,0x0030ad80,0x0030ad80
+.long	0x7f04d036,0x7f04d036,0xde1b6f20,0xde1b6f20
+.long	0xa4da6d52,0xa4da6d52,0x55e0ad80,0x55e0ad80
+.long	0x000f430a,0x000f430a,0x003e4f8e,0x003e4f8e
+.long	0xffe2688e,0xffe2688e,0x0013308b,0x0013308b
+.long	0x8b70830a,0x8b70830a,0x3b300f8e,0x3b300f8e
+.long	0x3df4288e,0x3df4288e,0x4ca4908b,0x4ca4908b
+.long	0xffc44151,0xffc44151,0xffc44151,0xffc44151
+.long	0x0026b82c,0x0026b82c,0x0026b82c,0x0026b82c
+.long	0x236e6151,0x236e6151,0x236e6151,0x236e6151
+.long	0x712c382c,0x712c382c,0x712c382c,0x712c382c
+.long	0x0036cfd4,0x0036cfd4,0x0036cfd4,0x0036cfd4
+.long	0x00195afd,0x00195afd,0x00195afd,0x00195afd
+.long	0x40314fd4,0x40314fd4,0x40314fd4,0x40314fd4
+.long	0xa0f8fafd,0xa0f8fafd,0xa0f8fafd,0xa0f8fafd
+.long	0xffc94878,0xffc94878,0xffc94878,0xffc94878
+.long	0xffc94878,0xffc94878,0xffc94878,0xffc94878
+.long	0xccd84878,0xccd84878,0xccd84878,0xccd84878
+.long	0xccd84878,0xccd84878,0xccd84878,0xccd84878
+.long	0x00107a5c,0x00107a5c,0x00107a5c,0x00107a5c
+.long	0x00107a5c,0x00107a5c,0x00107a5c,0x00107a5c
+.long	0x515bfa5c,0x515bfa5c,0x515bfa5c,0x515bfa5c
+.long	0x515bfa5c,0x515bfa5c,0x515bfa5c,0x515bfa5c
+.long	0xffdc16d5,0xffdc16d5,0xffdc16d5,0xffdc16d5
+.long	0xffdc16d5,0xffdc16d5,0xffdc16d5,0xffdc16d5
+.long	0x6c36b6d5,0x6c36b6d5,0x6c36b6d5,0x6c36b6d5
+.long	0x6c36b6d5,0x6c36b6d5,0x6c36b6d5,0x6c36b6d5
+.long	0x0030ba22,0x001244aa,0x00395d04,0x0035b760
+.long	0xffca64a3,0x0012db10,0xffdada79,0xfffbed0b
+.long	0x8e74fa22,0x9ba784aa,0xb9d9dd04,0x8721b760
+.long	0x86dec4a3,0x1374db10,0x02a9fa79,0x241d4d0b
+.long	0x00365bde,0x00255461,0xffddc205,0x0033008e
+.long	0xffc5be08,0xffdca72c,0xffcc00a6,0xffe0156d
+.long	0x54b21bde,0xfe317461,0xc99e6205,0x5144c08e
+.long	0xd386be08,0xaec2272c,0xc4e0c0a6,0x000db56d
+.long	0x00183045,0x00183045,0xffdeca39,0xffdeca39
+.long	0xffcaf612,0xffcaf612,0x001629a3,0x001629a3
+.long	0xf7a0d045,0xf7a0d045,0xa0a5ea39,0xa0a5ea39
+.long	0x9d8d3612,0x9d8d3612,0x7fca89a3,0x7fca89a3
+.long	0x002e67e7,0x002e67e7,0x00381e31,0x00381e31
+.long	0x0017537f,0x0017537f,0x003bf91b,0x003bf91b
+.long	0x75ab47e7,0x75ab47e7,0xaf7e3e31,0xaf7e3e31
+.long	0x2707337f,0x2707337f,0x5ddf591b,0x5ddf591b
+.long	0xffca213b,0xffca213b,0xffca213b,0xffca213b
+.long	0xffd10b33,0xffd10b33,0xffd10b33,0xffd10b33
+.long	0x9271813b,0x9271813b,0x9271813b,0x9271813b
+.long	0x53b76b33,0x53b76b33,0x53b76b33,0x53b76b33
+.long	0xfffe89e0,0xfffe89e0,0xfffe89e0,0xfffe89e0
+.long	0xffd6b599,0xffd6b599,0xffd6b599,0xffd6b599
+.long	0x613a89e0,0x613a89e0,0x613a89e0,0x613a89e0
+.long	0x6e09d599,0x6e09d599,0x6e09d599,0x6e09d599
+.long	0xfff05f90,0xfff05f90,0xfff05f90,0xfff05f90
+.long	0xfff05f90,0xfff05f90,0xfff05f90,0xfff05f90
+.long	0x83e25f90,0x83e25f90,0x83e25f90,0x83e25f90
+.long	0x83e25f90,0x83e25f90,0x83e25f90,0x83e25f90
+.long	0xffd669a8,0xffd669a8,0xffd669a8,0xffd669a8
+.long	0xffd669a8,0xffd669a8,0xffd669a8,0xffd669a8
+.long	0x990b69a8,0x990b69a8,0x990b69a8,0x990b69a8
+.long	0x990b69a8,0x990b69a8,0x990b69a8,0x990b69a8
+.long	0xffe421d5,0xffe421d5,0xffe421d5,0xffe421d5
+.long	0xffe421d5,0xffe421d5,0xffe421d5,0xffe421d5
+.long	0xed9ec1d5,0xed9ec1d5,0xed9ec1d5,0xed9ec1d5
+.long	0xed9ec1d5,0xed9ec1d5,0xed9ec1d5,0xed9ec1d5
+.long	0xfffc61bc,0xfffc61bc,0xfffc61bc,0xfffc61bc
+.long	0xfffc61bc,0xfffc61bc,0xfffc61bc,0xfffc61bc
+.long	0x9e33e1bc,0x9e33e1bc,0x9e33e1bc,0x9e33e1bc
+.long	0x9e33e1bc,0x9e33e1bc,0x9e33e1bc,0x9e33e1bc
+.long	0x0007eafd,0x0007eafd,0x0007eafd,0x0007eafd
+.long	0x0007eafd,0x0007eafd,0x0007eafd,0x0007eafd
+.long	0x72e78afd,0x72e78afd,0x72e78afd,0x72e78afd
+.long	0x72e78afd,0x72e78afd,0x72e78afd,0x72e78afd
+.long	0x0027cefe,0x0027cefe,0x0027cefe,0x0027cefe
+.long	0x0027cefe,0x0027cefe,0x0027cefe,0x0027cefe
+.long	0x73078efe,0x73078efe,0x73078efe,0x73078efe
+.long	0x73078efe,0x73078efe,0x73078efe,0x73078efe
+.long	0xffff9b09,0xffff9b09,0xffff9b09,0xffff9b09
+.long	0xffff9b09,0xffff9b09,0xffff9b09,0xffff9b09
+.long	0x92e0bb09,0x92e0bb09,0x92e0bb09,0x92e0bb09
+.long	0x92e0bb09,0x92e0bb09,0x92e0bb09,0x92e0bb09
+.long	0x0000a3fa,0x0000a3fa,0x0000a3fa,0x0000a3fa
+.long	0x0000a3fa,0x0000a3fa,0x0000a3fa,0x0000a3fa
+.long	0xff7fe3fa,0xff7fe3fa,0xff7fe3fa,0xff7fe3fa
+.long	0xff7fe3fa,0xff7fe3fa,0xff7fe3fa,0xff7fe3fa
+#ifndef __APPLE__
+.text
+.globl	wc_mldsa_poly_red_avx2
+.type	wc_mldsa_poly_red_avx2,@function
+.align	16
+wc_mldsa_poly_red_avx2:
+#else
+.section	__TEXT,__text
+.globl	_wc_mldsa_poly_red_avx2
+.p2align	4
+_wc_mldsa_poly_red_avx2:
+#endif /* __APPLE__ */
+        vpxor	%ymm10, %ymm10, %ymm10
+        vmovdqu	mldsa_q(%rip), %ymm10
+        vmovdqu	mldsa_v(%rip), %ymm11
+        vmovdqu	(%rdi), %ymm0
+        vmovdqu	32(%rdi), %ymm1
+        vmovdqu	64(%rdi), %ymm2
+        vmovdqu	96(%rdi), %ymm3
+        vmovdqu	128(%rdi), %ymm4
+        vmovdqu	160(%rdi), %ymm5
+        vmovdqu	192(%rdi), %ymm6
+        vmovdqu	224(%rdi), %ymm7
+        vpaddd	%ymm11, %ymm0, %ymm8
+        vpaddd	%ymm11, %ymm1, %ymm9
+        vpsrad	$23, %ymm8, %ymm8
+        vpsrad	$23, %ymm9, %ymm9
+        vpmulld	%ymm10, %ymm8, %ymm8
+        vpmulld	%ymm10, %ymm9, %ymm9
+        vpsubd	%ymm8, %ymm0, %ymm0
+        vpsubd	%ymm9, %ymm1, %ymm1
+        vpaddd	%ymm11, %ymm2, %ymm8
+        vpaddd	%ymm11, %ymm3, %ymm9
+        vpsrad	$23, %ymm8, %ymm8
+        vpsrad	$23, %ymm9, %ymm9
+        vpmulld	%ymm10, %ymm8, %ymm8
+        vpmulld	%ymm10, %ymm9, %ymm9
+        vpsubd	%ymm8, %ymm2, %ymm2
+        vpsubd	%ymm9, %ymm3, %ymm3
+        vpaddd	%ymm11, %ymm4, %ymm8
+        vpaddd	%ymm11, %ymm5, %ymm9
+        vpsrad	$23, %ymm8, %ymm8
+        vpsrad	$23, %ymm9, %ymm9
+        vpmulld	%ymm10, %ymm8, %ymm8
+        vpmulld	%ymm10, %ymm9, %ymm9
+        vpsubd	%ymm8, %ymm4, %ymm4
+        vpsubd	%ymm9, %ymm5, %ymm5
+        vpaddd	%ymm11, %ymm6, %ymm8
+        vpaddd	%ymm11, %ymm7, %ymm9
+        vpsrad	$23, %ymm8, %ymm8
+        vpsrad	$23, %ymm9, %ymm9
+        vpmulld	%ymm10, %ymm8, %ymm8
+        vpmulld	%ymm10, %ymm9, %ymm9
+        vpsubd	%ymm8, %ymm6, %ymm6
+        vpsubd	%ymm9, %ymm7, %ymm7
+        vmovdqu	%ymm0, (%rdi)
+        vmovdqu	%ymm1, 32(%rdi)
+        vmovdqu	%ymm2, 64(%rdi)
+        vmovdqu	%ymm3, 96(%rdi)
+        vmovdqu	%ymm4, 128(%rdi)
+        vmovdqu	%ymm5, 160(%rdi)
+        vmovdqu	%ymm6, 192(%rdi)
+        vmovdqu	%ymm7, 224(%rdi)
+        vmovdqu	256(%rdi), %ymm0
+        vmovdqu	288(%rdi), %ymm1
+        vmovdqu	320(%rdi), %ymm2
+        vmovdqu	352(%rdi), %ymm3
+        vmovdqu	384(%rdi), %ymm4
+        vmovdqu	416(%rdi), %ymm5
+        vmovdqu	448(%rdi), %ymm6
+        vmovdqu	480(%rdi), %ymm7
+        vpaddd	%ymm11, %ymm0, %ymm8
+        vpaddd	%ymm11, %ymm1, %ymm9
+        vpsrad	$23, %ymm8, %ymm8
+        vpsrad	$23, %ymm9, %ymm9
+        vpmulld	%ymm10, %ymm8, %ymm8
+        vpmulld	%ymm10, %ymm9, %ymm9
+        vpsubd	%ymm8, %ymm0, %ymm0
+        vpsubd	%ymm9, %ymm1, %ymm1
+        vpaddd	%ymm11, %ymm2, %ymm8
+        vpaddd	%ymm11, %ymm3, %ymm9
+        vpsrad	$23, %ymm8, %ymm8
+        vpsrad	$23, %ymm9, %ymm9
+        vpmulld	%ymm10, %ymm8, %ymm8
+        vpmulld	%ymm10, %ymm9, %ymm9
+        vpsubd	%ymm8, %ymm2, %ymm2
+        vpsubd	%ymm9, %ymm3, %ymm3
+        vpaddd	%ymm11, %ymm4, %ymm8
+        vpaddd	%ymm11, %ymm5, %ymm9
+        vpsrad	$23, %ymm8, %ymm8
+        vpsrad	$23, %ymm9, %ymm9
+        vpmulld	%ymm10, %ymm8, %ymm8
+        vpmulld	%ymm10, %ymm9, %ymm9
+        vpsubd	%ymm8, %ymm4, %ymm4
+        vpsubd	%ymm9, %ymm5, %ymm5
+        vpaddd	%ymm11, %ymm6, %ymm8
+        vpaddd	%ymm11, %ymm7, %ymm9
+        vpsrad	$23, %ymm8, %ymm8
+        vpsrad	$23, %ymm9, %ymm9
+        vpmulld	%ymm10, %ymm8, %ymm8
+        vpmulld	%ymm10, %ymm9, %ymm9
+        vpsubd	%ymm8, %ymm6, %ymm6
+        vpsubd	%ymm9, %ymm7, %ymm7
+        vmovdqu	%ymm0, 256(%rdi)
+        vmovdqu	%ymm1, 288(%rdi)
+        vmovdqu	%ymm2, 320(%rdi)
+        vmovdqu	%ymm3, 352(%rdi)
+        vmovdqu	%ymm4, 384(%rdi)
+        vmovdqu	%ymm5, 416(%rdi)
+        vmovdqu	%ymm6, 448(%rdi)
+        vmovdqu	%ymm7, 480(%rdi)
+        vmovdqu	512(%rdi), %ymm0
+        vmovdqu	544(%rdi), %ymm1
+        vmovdqu	576(%rdi), %ymm2
+        vmovdqu	608(%rdi), %ymm3
+        vmovdqu	640(%rdi), %ymm4
+        vmovdqu	672(%rdi), %ymm5
+        vmovdqu	704(%rdi), %ymm6
+        vmovdqu	736(%rdi), %ymm7
+        vpaddd	%ymm11, %ymm0, %ymm8
+        vpaddd	%ymm11, %ymm1, %ymm9
+        vpsrad	$23, %ymm8, %ymm8
+        vpsrad	$23, %ymm9, %ymm9
+        vpmulld	%ymm10, %ymm8, %ymm8
+        vpmulld	%ymm10, %ymm9, %ymm9
+        vpsubd	%ymm8, %ymm0, %ymm0
+        vpsubd	%ymm9, %ymm1, %ymm1
+        vpaddd	%ymm11, %ymm2, %ymm8
+        vpaddd	%ymm11, %ymm3, %ymm9
+        vpsrad	$23, %ymm8, %ymm8
+        vpsrad	$23, %ymm9, %ymm9
+        vpmulld	%ymm10, %ymm8, %ymm8
+        vpmulld	%ymm10, %ymm9, %ymm9
+        vpsubd	%ymm8, %ymm2, %ymm2
+        vpsubd	%ymm9, %ymm3, %ymm3
+        vpaddd	%ymm11, %ymm4, %ymm8
+        vpaddd	%ymm11, %ymm5, %ymm9
+        vpsrad	$23, %ymm8, %ymm8
+        vpsrad	$23, %ymm9, %ymm9
+        vpmulld	%ymm10, %ymm8, %ymm8
+        vpmulld	%ymm10, %ymm9, %ymm9
+        vpsubd	%ymm8, %ymm4, %ymm4
+        vpsubd	%ymm9, %ymm5, %ymm5
+        vpaddd	%ymm11, %ymm6, %ymm8
+        vpaddd	%ymm11, %ymm7, %ymm9
+        vpsrad	$23, %ymm8, %ymm8
+        vpsrad	$23, %ymm9, %ymm9
+        vpmulld	%ymm10, %ymm8, %ymm8
+        vpmulld	%ymm10, %ymm9, %ymm9
+        vpsubd	%ymm8, %ymm6, %ymm6
+        vpsubd	%ymm9, %ymm7, %ymm7
+        vmovdqu	%ymm0, 512(%rdi)
+        vmovdqu	%ymm1, 544(%rdi)
+        vmovdqu	%ymm2, 576(%rdi)
+        vmovdqu	%ymm3, 608(%rdi)
+        vmovdqu	%ymm4, 640(%rdi)
+        vmovdqu	%ymm5, 672(%rdi)
+        vmovdqu	%ymm6, 704(%rdi)
+        vmovdqu	%ymm7, 736(%rdi)
+        vmovdqu	768(%rdi), %ymm0
+        vmovdqu	800(%rdi), %ymm1
+        vmovdqu	832(%rdi), %ymm2
+        vmovdqu	864(%rdi), %ymm3
+        vmovdqu	896(%rdi), %ymm4
+        vmovdqu	928(%rdi), %ymm5
+        vmovdqu	960(%rdi), %ymm6
+        vmovdqu	992(%rdi), %ymm7
+        vpaddd	%ymm11, %ymm0, %ymm8
+        vpaddd	%ymm11, %ymm1, %ymm9
+        vpsrad	$23, %ymm8, %ymm8
+        vpsrad	$23, %ymm9, %ymm9
+        vpmulld	%ymm10, %ymm8, %ymm8
+        vpmulld	%ymm10, %ymm9, %ymm9
+        vpsubd	%ymm8, %ymm0, %ymm0
+        vpsubd	%ymm9, %ymm1, %ymm1
+        vpaddd	%ymm11, %ymm2, %ymm8
+        vpaddd	%ymm11, %ymm3, %ymm9
+        vpsrad	$23, %ymm8, %ymm8
+        vpsrad	$23, %ymm9, %ymm9
+        vpmulld	%ymm10, %ymm8, %ymm8
+        vpmulld	%ymm10, %ymm9, %ymm9
+        vpsubd	%ymm8, %ymm2, %ymm2
+        vpsubd	%ymm9, %ymm3, %ymm3
+        vpaddd	%ymm11, %ymm4, %ymm8
+        vpaddd	%ymm11, %ymm5, %ymm9
+        vpsrad	$23, %ymm8, %ymm8
+        vpsrad	$23, %ymm9, %ymm9
+        vpmulld	%ymm10, %ymm8, %ymm8
+        vpmulld	%ymm10, %ymm9, %ymm9
+        vpsubd	%ymm8, %ymm4, %ymm4
+        vpsubd	%ymm9, %ymm5, %ymm5
+        vpaddd	%ymm11, %ymm6, %ymm8
+        vpaddd	%ymm11, %ymm7, %ymm9
+        vpsrad	$23, %ymm8, %ymm8
+        vpsrad	$23, %ymm9, %ymm9
+        vpmulld	%ymm10, %ymm8, %ymm8
+        vpmulld	%ymm10, %ymm9, %ymm9
+        vpsubd	%ymm8, %ymm6, %ymm6
+        vpsubd	%ymm9, %ymm7, %ymm7
+        vmovdqu	%ymm0, 768(%rdi)
+        vmovdqu	%ymm1, 800(%rdi)
+        vmovdqu	%ymm2, 832(%rdi)
+        vmovdqu	%ymm3, 864(%rdi)
+        vmovdqu	%ymm4, 896(%rdi)
+        vmovdqu	%ymm5, 928(%rdi)
+        vmovdqu	%ymm6, 960(%rdi)
+        vmovdqu	%ymm7, 992(%rdi)
+        vzeroupper
+        repz retq
+#ifndef __APPLE__
+.size	wc_mldsa_poly_red_avx2,.-wc_mldsa_poly_red_avx2
+#endif /* __APPLE__ */
+#ifndef __APPLE__
+.text
+.globl	wc_mldsa_ntt_avx2
+.type	wc_mldsa_ntt_avx2,@function
+.align	16
+wc_mldsa_ntt_avx2:
+#else
+.section	__TEXT,__text
+.globl	_wc_mldsa_ntt_avx2
+.p2align	4
+_wc_mldsa_ntt_avx2:
+#endif /* __APPLE__ */
+        vpxor	%ymm14, %ymm14, %ymm14
+        vmovdqu	mldsa_q(%rip), %ymm14
+        # ntt
+        leaq	L_mldsa_avx2_zetas(%rip), %rdx
+        vmovdqu	64(%rdx), %ymm11
+        vmovdqu	96(%rdx), %ymm13
+        # 128: 4/4
+        vmovdqu	(%rdx), %ymm10
+        vmovdqu	32(%rdx), %ymm12
+        vmovdqu	96(%rdi), %ymm0
+        vmovdqu	224(%rdi), %ymm1
+        vmovdqu	352(%rdi), %ymm2
+        vmovdqu	480(%rdi), %ymm3
+        vmovdqu	608(%rdi), %ymm4
+        vmovdqu	736(%rdi), %ymm5
+        vmovdqu	864(%rdi), %ymm6
+        vmovdqu	992(%rdi), %ymm7
+        vpmulld	%ymm12, %ymm4, %ymm8
+        vmovshdup	%ymm4, %ymm9
+        vpmuldq	%ymm10, %ymm4, %ymm4
+        vpmuldq	%ymm10, %ymm9, %ymm9
+        vmovshdup	%ymm8, %ymm15
+        vpmuldq	%ymm14, %ymm8, %ymm8
+        vpmuldq	%ymm14, %ymm15, %ymm15
+        vpsubq	%ymm8, %ymm4, %ymm8
+        vpsubq	%ymm15, %ymm9, %ymm15
+        vmovshdup	%ymm8, %ymm8
+        vpblendd	$0xaa, %ymm15, %ymm8, %ymm8
+        vpsubd	%ymm8, %ymm0, %ymm4
+        vpaddd	%ymm8, %ymm0, %ymm0
+        vpmulld	%ymm12, %ymm5, %ymm8
+        vmovshdup	%ymm5, %ymm9
+        vpmuldq	%ymm10, %ymm5, %ymm5
+        vpmuldq	%ymm10, %ymm9, %ymm9
+        vmovshdup	%ymm8, %ymm15
+        vpmuldq	%ymm14, %ymm8, %ymm8
+        vpmuldq	%ymm14, %ymm15, %ymm15
+        vpsubq	%ymm8, %ymm5, %ymm8
+        vpsubq	%ymm15, %ymm9, %ymm15
+        vmovshdup	%ymm8, %ymm8
+        vpblendd	$0xaa, %ymm15, %ymm8, %ymm8
+        vpsubd	%ymm8, %ymm1, %ymm5
+        vpaddd	%ymm8, %ymm1, %ymm1
+        vpmulld	%ymm12, %ymm6, %ymm8
+        vmovshdup	%ymm6, %ymm9
+        vpmuldq	%ymm10, %ymm6, %ymm6
+        vpmuldq	%ymm10, %ymm9, %ymm9
+        vmovshdup	%ymm8, %ymm15
+        vpmuldq	%ymm14, %ymm8, %ymm8
+        vpmuldq	%ymm14, %ymm15, %ymm15
+        vpsubq	%ymm8, %ymm6, %ymm8
+        vpsubq	%ymm15, %ymm9, %ymm15
+        vmovshdup	%ymm8, %ymm8
+        vpblendd	$0xaa, %ymm15, %ymm8, %ymm8
+        vpsubd	%ymm8, %ymm2, %ymm6
+        vpaddd	%ymm8, %ymm2, %ymm2
+        vpmulld	%ymm12, %ymm7, %ymm8
+        vmovshdup	%ymm7, %ymm9
+        vpmuldq	%ymm10, %ymm7, %ymm7
+        vpmuldq	%ymm10, %ymm9, %ymm9
+        vmovshdup	%ymm8, %ymm15
+        vpmuldq	%ymm14, %ymm8, %ymm8
+        vpmuldq	%ymm14, %ymm15, %ymm15
+        vpsubq	%ymm8, %ymm7, %ymm8
+        vpsubq	%ymm15, %ymm9, %ymm15
+        vmovshdup	%ymm8, %ymm8
+        vpblendd	$0xaa, %ymm15, %ymm8, %ymm8
+        vpsubd	%ymm8, %ymm3, %ymm7
+        vpaddd	%ymm8, %ymm3, %ymm3
+        # 64: 4/4
+        vmovdqu	128(%rdx), %ymm10
+        vmovdqu	160(%rdx), %ymm12
+        vpmulld	%ymm13, %ymm2, %ymm8
+        vmovshdup	%ymm2, %ymm9
+        vpmuldq	%ymm11, %ymm2, %ymm2
+        vpmuldq	%ymm11, %ymm9, %ymm9
+        vmovshdup	%ymm8, %ymm15
+        vpmuldq	%ymm14, %ymm8, %ymm8
+        vpmuldq	%ymm14, %ymm15, %ymm15
+        vpsubq	%ymm8, %ymm2, %ymm8
+        vpsubq	%ymm15, %ymm9, %ymm15
+        vmovshdup	%ymm8, %ymm8
+        vpblendd	$0xaa, %ymm15, %ymm8, %ymm8
+        vpsubd	%ymm8, %ymm0, %ymm2
+        vpaddd	%ymm8, %ymm0, %ymm0
+        vpmulld	%ymm13, %ymm3, %ymm8
+        vmovshdup	%ymm3, %ymm9
+        vpmuldq	%ymm11, %ymm3, %ymm3
+        vpmuldq	%ymm11, %ymm9, %ymm9
+        vmovshdup	%ymm8, %ymm15
+        vpmuldq	%ymm14, %ymm8, %ymm8
+        vpmuldq	%ymm14, %ymm15, %ymm15
+        vpsubq	%ymm8, %ymm3, %ymm8
+        vpsubq	%ymm15, %ymm9, %ymm15
+        vmovshdup	%ymm8, %ymm8
+        vpblendd	$0xaa, %ymm15, %ymm8, %ymm8
+        vpsubd	%ymm8, %ymm1, %ymm3
+        vpaddd	%ymm8, %ymm1, %ymm1
+        vpmulld	%ymm12, %ymm6, %ymm8
+        vmovshdup	%ymm6, %ymm9
+        vpmuldq	%ymm10, %ymm6, %ymm6
+        vpmuldq	%ymm10, %ymm9, %ymm9
+        vmovshdup	%ymm8, %ymm15
+        vpmuldq	%ymm14, %ymm8, %ymm8
+        vpmuldq	%ymm14, %ymm15, %ymm15
+        vpsubq	%ymm8, %ymm6, %ymm8
+        vpsubq	%ymm15, %ymm9, %ymm15
+        vmovshdup	%ymm8, %ymm8
+        vpblendd	$0xaa, %ymm15, %ymm8, %ymm8
+        vpsubd	%ymm8, %ymm4, %ymm6
+        vpaddd	%ymm8, %ymm4, %ymm4
+        vpmulld	%ymm12, %ymm7, %ymm8
+        vmovshdup	%ymm7, %ymm9
+        vpmuldq	%ymm10, %ymm7, %ymm7
+        vpmuldq	%ymm10, %ymm9, %ymm9
+        vmovshdup	%ymm8, %ymm15
+        vpmuldq	%ymm14, %ymm8, %ymm8
+        vpmuldq	%ymm14, %ymm15, %ymm15
+        vpsubq	%ymm8, %ymm7, %ymm8
+        vpsubq	%ymm15, %ymm9, %ymm15
+        vmovshdup	%ymm8, %ymm8
+        vpblendd	$0xaa, %ymm15, %ymm8, %ymm8
+        vpsubd	%ymm8, %ymm5, %ymm7
+        vpaddd	%ymm8, %ymm5, %ymm5
+        vmovdqu	%ymm0, 96(%rdi)
+        vmovdqu	%ymm1, 224(%rdi)
+        vmovdqu	%ymm2, 352(%rdi)
+        vmovdqu	%ymm3, 480(%rdi)
+        vmovdqu	%ymm4, 608(%rdi)
+        vmovdqu	%ymm5, 736(%rdi)
+        vmovdqu	%ymm6, 864(%rdi)
+        vmovdqu	%ymm7, 992(%rdi)
+        # 128: 3/4
+        vmovdqu	(%rdx), %ymm10
+        vmovdqu	32(%rdx), %ymm12
+        vmovdqu	64(%rdi), %ymm0
+        vmovdqu	192(%rdi), %ymm1
+        vmovdqu	320(%rdi), %ymm2
+        vmovdqu	448(%rdi), %ymm3
+        vmovdqu	576(%rdi), %ymm4
+        vmovdqu	704(%rdi), %ymm5
+        vmovdqu	832(%rdi), %ymm6
+        vmovdqu	960(%rdi), %ymm7
+        vpmulld	%ymm12, %ymm4, %ymm8
+        vmovshdup	%ymm4, %ymm9
+        vpmuldq	%ymm10, %ymm4, %ymm4
+        vpmuldq	%ymm10, %ymm9, %ymm9
+        vmovshdup	%ymm8, %ymm15
+        vpmuldq	%ymm14, %ymm8, %ymm8
+        vpmuldq	%ymm14, %ymm15, %ymm15
+        vpsubq	%ymm8, %ymm4, %ymm8
+        vpsubq	%ymm15, %ymm9, %ymm15
+        vmovshdup	%ymm8, %ymm8
+        vpblendd	$0xaa, %ymm15, %ymm8, %ymm8
+        vpsubd	%ymm8, %ymm0, %ymm4
+        vpaddd	%ymm8, %ymm0, %ymm0
+        vpmulld	%ymm12, %ymm5, %ymm8
+        vmovshdup	%ymm5, %ymm9
+        vpmuldq	%ymm10, %ymm5, %ymm5
+        vpmuldq	%ymm10, %ymm9, %ymm9
+        vmovshdup	%ymm8, %ymm15
+        vpmuldq	%ymm14, %ymm8, %ymm8
+        vpmuldq	%ymm14, %ymm15, %ymm15
+        vpsubq	%ymm8, %ymm5, %ymm8
+        vpsubq	%ymm15, %ymm9, %ymm15
+        vmovshdup	%ymm8, %ymm8
+        vpblendd	$0xaa, %ymm15, %ymm8, %ymm8
+        vpsubd	%ymm8, %ymm1, %ymm5
+        vpaddd	%ymm8, %ymm1, %ymm1
+        vpmulld	%ymm12, %ymm6, %ymm8
+        vmovshdup	%ymm6, %ymm9
+        vpmuldq	%ymm10, %ymm6, %ymm6
+        vpmuldq	%ymm10, %ymm9, %ymm9
+        vmovshdup	%ymm8, %ymm15
+        vpmuldq	%ymm14, %ymm8, %ymm8
+        vpmuldq	%ymm14, %ymm15, %ymm15
+        vpsubq	%ymm8, %ymm6, %ymm8
+        vpsubq	%ymm15, %ymm9, %ymm15
+        vmovshdup	%ymm8, %ymm8
+        vpblendd	$0xaa, %ymm15, %ymm8, %ymm8
+        vpsubd	%ymm8, %ymm2, %ymm6
+        vpaddd	%ymm8, %ymm2, %ymm2
+        vpmulld	%ymm12, %ymm7, %ymm8
+        vmovshdup	%ymm7, %ymm9
+        vpmuldq	%ymm10, %ymm7, %ymm7
+        vpmuldq	%ymm10, %ymm9, %ymm9
+        vmovshdup	%ymm8, %ymm15
+        vpmuldq	%ymm14, %ymm8, %ymm8
+        vpmuldq	%ymm14, %ymm15, %ymm15
+        vpsubq	%ymm8, %ymm7, %ymm8
+        vpsubq	%ymm15, %ymm9, %ymm15
+        vmovshdup	%ymm8, %ymm8
+        vpblendd	$0xaa, %ymm15, %ymm8, %ymm8
+        vpsubd	%ymm8, %ymm3, %ymm7
+        vpaddd	%ymm8, %ymm3, %ymm3
+        # 64: 3/4
+        vmovdqu	128(%rdx), %ymm10
+        vmovdqu	160(%rdx), %ymm12
+        vpmulld	%ymm13, %ymm2, %ymm8
+        vmovshdup	%ymm2, %ymm9
+        vpmuldq	%ymm11, %ymm2, %ymm2
+        vpmuldq	%ymm11, %ymm9, %ymm9
+        vmovshdup	%ymm8, %ymm15
+        vpmuldq	%ymm14, %ymm8, %ymm8
+        vpmuldq	%ymm14, %ymm15, %ymm15
+        vpsubq	%ymm8, %ymm2, %ymm8
+        vpsubq	%ymm15, %ymm9, %ymm15
+        vmovshdup	%ymm8, %ymm8
+        vpblendd	$0xaa, %ymm15, %ymm8, %ymm8
+        vpsubd	%ymm8, %ymm0, %ymm2
+        vpaddd	%ymm8, %ymm0, %ymm0
+        vpmulld	%ymm13, %ymm3, %ymm8
+        vmovshdup	%ymm3, %ymm9
+        vpmuldq	%ymm11, %ymm3, %ymm3
+        vpmuldq	%ymm11, %ymm9, %ymm9
+        vmovshdup	%ymm8, %ymm15
+        vpmuldq	%ymm14, %ymm8, %ymm8
+        vpmuldq	%ymm14, %ymm15, %ymm15
+        vpsubq	%ymm8, %ymm3, %ymm8
+        vpsubq	%ymm15, %ymm9, %ymm15
+        vmovshdup	%ymm8, %ymm8
+        vpblendd	$0xaa, %ymm15, %ymm8, %ymm8
+        vpsubd	%ymm8, %ymm1, %ymm3
+        vpaddd	%ymm8, %ymm1, %ymm1
+        vpmulld	%ymm12, %ymm6, %ymm8
+        vmovshdup	%ymm6, %ymm9
+        vpmuldq	%ymm10, %ymm6, %ymm6
+        vpmuldq	%ymm10, %ymm9, %ymm9
+        vmovshdup	%ymm8, %ymm15
+        vpmuldq	%ymm14, %ymm8, %ymm8
+        vpmuldq	%ymm14, %ymm15, %ymm15
+        vpsubq	%ymm8, %ymm6, %ymm8
+        vpsubq	%ymm15, %ymm9, %ymm15
+        vmovshdup	%ymm8, %ymm8
+        vpblendd	$0xaa, %ymm15, %ymm8, %ymm8
+        vpsubd	%ymm8, %ymm4, %ymm6
+        vpaddd	%ymm8, %ymm4, %ymm4
+        vpmulld	%ymm12, %ymm7, %ymm8
+        vmovshdup	%ymm7, %ymm9
+        vpmuldq	%ymm10, %ymm7, %ymm7
+        vpmuldq	%ymm10, %ymm9, %ymm9
+        vmovshdup	%ymm8, %ymm15
+        vpmuldq	%ymm14, %ymm8, %ymm8
+        vpmuldq	%ymm14, %ymm15, %ymm15
+        vpsubq	%ymm8, %ymm7, %ymm8
+        vpsubq	%ymm15, %ymm9, %ymm15
+        vmovshdup	%ymm8, %ymm8
+        vpblendd	$0xaa, %ymm15, %ymm8, %ymm8
+        vpsubd	%ymm8, %ymm5, %ymm7
+        vpaddd	%ymm8, %ymm5, %ymm5
+        vmovdqu	%ymm0, 64(%rdi)
+        vmovdqu	%ymm1, 192(%rdi)
+        vmovdqu	%ymm2, 320(%rdi)
+        vmovdqu	%ymm3, 448(%rdi)
+        vmovdqu	%ymm4, 576(%rdi)
+        vmovdqu	%ymm5, 704(%rdi)
+        vmovdqu	%ymm6, 832(%rdi)
+        vmovdqu	%ymm7, 960(%rdi)
+        # 128: 2/4
+        vmovdqu	(%rdx), %ymm10
+        vmovdqu	32(%rdx), %ymm12
+        vmovdqu	32(%rdi), %ymm0
+        vmovdqu	160(%rdi), %ymm1
+        vmovdqu	288(%rdi), %ymm2
+        vmovdqu	416(%rdi), %ymm3
+        vmovdqu	544(%rdi), %ymm4
+        vmovdqu	672(%rdi), %ymm5
+        vmovdqu	800(%rdi), %ymm6
+        vmovdqu	928(%rdi), %ymm7
+        vpmulld	%ymm12, %ymm4, %ymm8
+        vmovshdup	%ymm4, %ymm9
+        vpmuldq	%ymm10, %ymm4, %ymm4
+        vpmuldq	%ymm10, %ymm9, %ymm9
+        vmovshdup	%ymm8, %ymm15
+        vpmuldq	%ymm14, %ymm8, %ymm8
+        vpmuldq	%ymm14, %ymm15, %ymm15
+        vpsubq	%ymm8, %ymm4, %ymm8
+        vpsubq	%ymm15, %ymm9, %ymm15
+        vmovshdup	%ymm8, %ymm8
+        vpblendd	$0xaa, %ymm15, %ymm8, %ymm8
+        vpsubd	%ymm8, %ymm0, %ymm4
+        vpaddd	%ymm8, %ymm0, %ymm0
+        vpmulld	%ymm12, %ymm5, %ymm8
+        vmovshdup	%ymm5, %ymm9
+        vpmuldq	%ymm10, %ymm5, %ymm5
+        vpmuldq	%ymm10, %ymm9, %ymm9
+        vmovshdup	%ymm8, %ymm15
+        vpmuldq	%ymm14, %ymm8, %ymm8
+        vpmuldq	%ymm14, %ymm15, %ymm15
+        vpsubq	%ymm8, %ymm5, %ymm8
+        vpsubq	%ymm15, %ymm9, %ymm15
+        vmovshdup	%ymm8, %ymm8
+        vpblendd	$0xaa, %ymm15, %ymm8, %ymm8
+        vpsubd	%ymm8, %ymm1, %ymm5
+        vpaddd	%ymm8, %ymm1, %ymm1
+        vpmulld	%ymm12, %ymm6, %ymm8
+        vmovshdup	%ymm6, %ymm9
+        vpmuldq	%ymm10, %ymm6, %ymm6
+        vpmuldq	%ymm10, %ymm9, %ymm9
+        vmovshdup	%ymm8, %ymm15
+        vpmuldq	%ymm14, %ymm8, %ymm8
+        vpmuldq	%ymm14, %ymm15, %ymm15
+        vpsubq	%ymm8, %ymm6, %ymm8
+        vpsubq	%ymm15, %ymm9, %ymm15
+        vmovshdup	%ymm8, %ymm8
+        vpblendd	$0xaa, %ymm15, %ymm8, %ymm8
+        vpsubd	%ymm8, %ymm2, %ymm6
+        vpaddd	%ymm8, %ymm2, %ymm2
+        vpmulld	%ymm12, %ymm7, %ymm8
+        vmovshdup	%ymm7, %ymm9
+        vpmuldq	%ymm10, %ymm7, %ymm7
+        vpmuldq	%ymm10, %ymm9, %ymm9
+        vmovshdup	%ymm8, %ymm15
+        vpmuldq	%ymm14, %ymm8, %ymm8
+        vpmuldq	%ymm14, %ymm15, %ymm15
+        vpsubq	%ymm8, %ymm7, %ymm8
+        vpsubq	%ymm15, %ymm9, %ymm15
+        vmovshdup	%ymm8, %ymm8
+        vpblendd	$0xaa, %ymm15, %ymm8, %ymm8
+        vpsubd	%ymm8, %ymm3, %ymm7
+        vpaddd	%ymm8, %ymm3, %ymm3
+        # 64: 2/4
+        vmovdqu	128(%rdx), %ymm10
+        vmovdqu	160(%rdx), %ymm12
+        vpmulld	%ymm13, %ymm2, %ymm8
+        vmovshdup	%ymm2, %ymm9
+        vpmuldq	%ymm11, %ymm2, %ymm2
+        vpmuldq	%ymm11, %ymm9, %ymm9
+        vmovshdup	%ymm8, %ymm15
+        vpmuldq	%ymm14, %ymm8, %ymm8
+        vpmuldq	%ymm14, %ymm15, %ymm15
+        vpsubq	%ymm8, %ymm2, %ymm8
+        vpsubq	%ymm15, %ymm9, %ymm15
+        vmovshdup	%ymm8, %ymm8
+        vpblendd	$0xaa, %ymm15, %ymm8, %ymm8
+        vpsubd	%ymm8, %ymm0, %ymm2
+        vpaddd	%ymm8, %ymm0, %ymm0
+        vpmulld	%ymm13, %ymm3, %ymm8
+        vmovshdup	%ymm3, %ymm9
+        vpmuldq	%ymm11, %ymm3, %ymm3
+        vpmuldq	%ymm11, %ymm9, %ymm9
+        vmovshdup	%ymm8, %ymm15
+        vpmuldq	%ymm14, %ymm8, %ymm8
+        vpmuldq	%ymm14, %ymm15, %ymm15
+        vpsubq	%ymm8, %ymm3, %ymm8
+        vpsubq	%ymm15, %ymm9, %ymm15
+        vmovshdup	%ymm8, %ymm8
+        vpblendd	$0xaa, %ymm15, %ymm8, %ymm8
+        vpsubd	%ymm8, %ymm1, %ymm3
+        vpaddd	%ymm8, %ymm1, %ymm1
+        vpmulld	%ymm12, %ymm6, %ymm8
+        vmovshdup	%ymm6, %ymm9
+        vpmuldq	%ymm10, %ymm6, %ymm6
+        vpmuldq	%ymm10, %ymm9, %ymm9
+        vmovshdup	%ymm8, %ymm15
+        vpmuldq	%ymm14, %ymm8, %ymm8
+        vpmuldq	%ymm14, %ymm15, %ymm15
+        vpsubq	%ymm8, %ymm6, %ymm8
+        vpsubq	%ymm15, %ymm9, %ymm15
+        vmovshdup	%ymm8, %ymm8
+        vpblendd	$0xaa, %ymm15, %ymm8, %ymm8
+        vpsubd	%ymm8, %ymm4, %ymm6
+        vpaddd	%ymm8, %ymm4, %ymm4
+        vpmulld	%ymm12, %ymm7, %ymm8
+        vmovshdup	%ymm7, %ymm9
+        vpmuldq	%ymm10, %ymm7, %ymm7
+        vpmuldq	%ymm10, %ymm9, %ymm9
+        vmovshdup	%ymm8, %ymm15
+        vpmuldq	%ymm14, %ymm8, %ymm8
+        vpmuldq	%ymm14, %ymm15, %ymm15
+        vpsubq	%ymm8, %ymm7, %ymm8
+        vpsubq	%ymm15, %ymm9, %ymm15
+        vmovshdup	%ymm8, %ymm8
+        vpblendd	$0xaa, %ymm15, %ymm8, %ymm8
+        vpsubd	%ymm8, %ymm5, %ymm7
+        vpaddd	%ymm8, %ymm5, %ymm5
+        vmovdqu	%ymm0, 32(%rdi)
+        vmovdqu	%ymm1, 160(%rdi)
+        vmovdqu	%ymm2, 288(%rdi)
+        vmovdqu	%ymm3, 416(%rdi)
+        vmovdqu	%ymm4, 544(%rdi)
+        vmovdqu	%ymm5, 672(%rdi)
+        vmovdqu	%ymm6, 800(%rdi)
+        vmovdqu	%ymm7, 928(%rdi)
+        # 128: 1/4
+        vmovdqu	(%rdx), %ymm10
+        vmovdqu	32(%rdx), %ymm12
+        vmovdqu	(%rdi), %ymm0
+        vmovdqu	128(%rdi), %ymm1
+        vmovdqu	256(%rdi), %ymm2
+        vmovdqu	384(%rdi), %ymm3
+        vmovdqu	512(%rdi), %ymm4
+        vmovdqu	640(%rdi), %ymm5
+        vmovdqu	768(%rdi), %ymm6
+        vmovdqu	896(%rdi), %ymm7
+        vpmulld	%ymm12, %ymm4, %ymm8
+        vmovshdup	%ymm4, %ymm9
+        vpmuldq	%ymm10, %ymm4, %ymm4
+        vpmuldq	%ymm10, %ymm9, %ymm9
+        vmovshdup	%ymm8, %ymm15
+        vpmuldq	%ymm14, %ymm8, %ymm8
+        vpmuldq	%ymm14, %ymm15, %ymm15
+        vpsubq	%ymm8, %ymm4, %ymm8
+        vpsubq	%ymm15, %ymm9, %ymm15
+        vmovshdup	%ymm8, %ymm8
+        vpblendd	$0xaa, %ymm15, %ymm8, %ymm8
+        vpsubd	%ymm8, %ymm0, %ymm4
+        vpaddd	%ymm8, %ymm0, %ymm0
+        vpmulld	%ymm12, %ymm5, %ymm8
+        vmovshdup	%ymm5, %ymm9
+        vpmuldq	%ymm10, %ymm5, %ymm5
+        vpmuldq	%ymm10, %ymm9, %ymm9
+        vmovshdup	%ymm8, %ymm15
+        vpmuldq	%ymm14, %ymm8, %ymm8
+        vpmuldq	%ymm14, %ymm15, %ymm15
+        vpsubq	%ymm8, %ymm5, %ymm8
+        vpsubq	%ymm15, %ymm9, %ymm15
+        vmovshdup	%ymm8, %ymm8
+        vpblendd	$0xaa, %ymm15, %ymm8, %ymm8
+        vpsubd	%ymm8, %ymm1, %ymm5
+        vpaddd	%ymm8, %ymm1, %ymm1
+        vpmulld	%ymm12, %ymm6, %ymm8
+        vmovshdup	%ymm6, %ymm9
+        vpmuldq	%ymm10, %ymm6, %ymm6
+        vpmuldq	%ymm10, %ymm9, %ymm9
+        vmovshdup	%ymm8, %ymm15
+        vpmuldq	%ymm14, %ymm8, %ymm8
+        vpmuldq	%ymm14, %ymm15, %ymm15
+        vpsubq	%ymm8, %ymm6, %ymm8
+        vpsubq	%ymm15, %ymm9, %ymm15
+        vmovshdup	%ymm8, %ymm8
+        vpblendd	$0xaa, %ymm15, %ymm8, %ymm8
+        vpsubd	%ymm8, %ymm2, %ymm6
+        vpaddd	%ymm8, %ymm2, %ymm2
+        vpmulld	%ymm12, %ymm7, %ymm8
+        vmovshdup	%ymm7, %ymm9
+        vpmuldq	%ymm10, %ymm7, %ymm7
+        vpmuldq	%ymm10, %ymm9, %ymm9
+        vmovshdup	%ymm8, %ymm15
+        vpmuldq	%ymm14, %ymm8, %ymm8
+        vpmuldq	%ymm14, %ymm15, %ymm15
+        vpsubq	%ymm8, %ymm7, %ymm8
+        vpsubq	%ymm15, %ymm9, %ymm15
+        vmovshdup	%ymm8, %ymm8
+        vpblendd	$0xaa, %ymm15, %ymm8, %ymm8
+        vpsubd	%ymm8, %ymm3, %ymm7
+        vpaddd	%ymm8, %ymm3, %ymm3
+        # 64: 1/4
+        vmovdqu	128(%rdx), %ymm10
+        vmovdqu	160(%rdx), %ymm12
+        vpmulld	%ymm13, %ymm2, %ymm8
+        vmovshdup	%ymm2, %ymm9
+        vpmuldq	%ymm11, %ymm2, %ymm2
+        vpmuldq	%ymm11, %ymm9, %ymm9
+        vmovshdup	%ymm8, %ymm15
+        vpmuldq	%ymm14, %ymm8, %ymm8
+        vpmuldq	%ymm14, %ymm15, %ymm15
+        vpsubq	%ymm8, %ymm2, %ymm8
+        vpsubq	%ymm15, %ymm9, %ymm15
+        vmovshdup	%ymm8, %ymm8
+        vpblendd	$0xaa, %ymm15, %ymm8, %ymm8
+        vpsubd	%ymm8, %ymm0, %ymm2
+        vpaddd	%ymm8, %ymm0, %ymm0
+        vpmulld	%ymm13, %ymm3, %ymm8
+        vmovshdup	%ymm3, %ymm9
+        vpmuldq	%ymm11, %ymm3, %ymm3
+        vpmuldq	%ymm11, %ymm9, %ymm9
+        vmovshdup	%ymm8, %ymm15
+        vpmuldq	%ymm14, %ymm8, %ymm8
+        vpmuldq	%ymm14, %ymm15, %ymm15
+        vpsubq	%ymm8, %ymm3, %ymm8
+        vpsubq	%ymm15, %ymm9, %ymm15
+        vmovshdup	%ymm8, %ymm8
+        vpblendd	$0xaa, %ymm15, %ymm8, %ymm8
+        vpsubd	%ymm8, %ymm1, %ymm3
+        vpaddd	%ymm8, %ymm1, %ymm1
+        vpmulld	%ymm12, %ymm6, %ymm8
+        vmovshdup	%ymm6, %ymm9
+        vpmuldq	%ymm10, %ymm6, %ymm6
+        vpmuldq	%ymm10, %ymm9, %ymm9
+        vmovshdup	%ymm8, %ymm15
+        vpmuldq	%ymm14, %ymm8, %ymm8
+        vpmuldq	%ymm14, %ymm15, %ymm15
+        vpsubq	%ymm8, %ymm6, %ymm8
+        vpsubq	%ymm15, %ymm9, %ymm15
+        vmovshdup	%ymm8, %ymm8
+        vpblendd	$0xaa, %ymm15, %ymm8, %ymm8
+        vpsubd	%ymm8, %ymm4, %ymm6
+        vpaddd	%ymm8, %ymm4, %ymm4
+        vpmulld	%ymm12, %ymm7, %ymm8
+        vmovshdup	%ymm7, %ymm9
+        vpmuldq	%ymm10, %ymm7, %ymm7
+        vpmuldq	%ymm10, %ymm9, %ymm9
+        vmovshdup	%ymm8, %ymm15
+        vpmuldq	%ymm14, %ymm8, %ymm8
+        vpmuldq	%ymm14, %ymm15, %ymm15
+        vpsubq	%ymm8, %ymm7, %ymm8
+        vpsubq	%ymm15, %ymm9, %ymm15
+        vmovshdup	%ymm8, %ymm8
+        vpblendd	$0xaa, %ymm15, %ymm8, %ymm8
+        vpsubd	%ymm8, %ymm5, %ymm7
+        vpaddd	%ymm8, %ymm5, %ymm5
+        vmovdqu	%ymm2, 256(%rdi)
+        vmovdqu	%ymm3, 384(%rdi)
+        vmovdqu	%ymm4, 512(%rdi)
+        vmovdqu	%ymm5, 640(%rdi)
+        vmovdqu	%ymm6, 768(%rdi)
+        vmovdqu	%ymm7, 896(%rdi)
+        vmovdqu	%ymm1, %ymm4
+        vmovdqu	32(%rdi), %ymm1
+        vmovdqu	64(%rdi), %ymm2
+        vmovdqu	96(%rdi), %ymm3
+        vmovdqu	160(%rdi), %ymm5
+        vmovdqu	192(%rdi), %ymm6
+        vmovdqu	224(%rdi), %ymm7
+        # 32: 1/4
+        vmovdqu	192(%rdx), %ymm10
+        vmovdqu	224(%rdx), %ymm12
+        vpmulld	%ymm12, %ymm4, %ymm8
+        vmovshdup	%ymm4, %ymm9
+        vpmuldq	%ymm10, %ymm4, %ymm4
+        vpmuldq	%ymm10, %ymm9, %ymm9
+        vmovshdup	%ymm8, %ymm15
+        vpmuldq	%ymm14, %ymm8, %ymm8
+        vpmuldq	%ymm14, %ymm15, %ymm15
+        vpsubq	%ymm8, %ymm4, %ymm8
+        vpsubq	%ymm15, %ymm9, %ymm15
+        vmovshdup	%ymm8, %ymm8
+        vpblendd	$0xaa, %ymm15, %ymm8, %ymm8
+        vpsubd	%ymm8, %ymm0, %ymm4
+        vpaddd	%ymm8, %ymm0, %ymm0
+        vpmulld	%ymm12, %ymm5, %ymm8
+        vmovshdup	%ymm5, %ymm9
+        vpmuldq	%ymm10, %ymm5, %ymm5
+        vpmuldq	%ymm10, %ymm9, %ymm9
+        vmovshdup	%ymm8, %ymm15
+        vpmuldq	%ymm14, %ymm8, %ymm8
+        vpmuldq	%ymm14, %ymm15, %ymm15
+        vpsubq	%ymm8, %ymm5, %ymm8
+        vpsubq	%ymm15, %ymm9, %ymm15
+        vmovshdup	%ymm8, %ymm8
+        vpblendd	$0xaa, %ymm15, %ymm8, %ymm8
+        vpsubd	%ymm8, %ymm1, %ymm5
+        vpaddd	%ymm8, %ymm1, %ymm1
+        vpmulld	%ymm12, %ymm6, %ymm8
+        vmovshdup	%ymm6, %ymm9
+        vpmuldq	%ymm10, %ymm6, %ymm6
+        vpmuldq	%ymm10, %ymm9, %ymm9
+        vmovshdup	%ymm8, %ymm15
+        vpmuldq	%ymm14, %ymm8, %ymm8
+        vpmuldq	%ymm14, %ymm15, %ymm15
+        vpsubq	%ymm8, %ymm6, %ymm8
+        vpsubq	%ymm15, %ymm9, %ymm15
+        vmovshdup	%ymm8, %ymm8
+        vpblendd	$0xaa, %ymm15, %ymm8, %ymm8
+        vpsubd	%ymm8, %ymm2, %ymm6
+        vpaddd	%ymm8, %ymm2, %ymm2
+        vpmulld	%ymm12, %ymm7, %ymm8
+        vmovshdup	%ymm7, %ymm9
+        vpmuldq	%ymm10, %ymm7, %ymm7
+        vpmuldq	%ymm10, %ymm9, %ymm9
+        vmovshdup	%ymm8, %ymm15
+        vpmuldq	%ymm14, %ymm8, %ymm8
+        vpmuldq	%ymm14, %ymm15, %ymm15
+        vpsubq	%ymm8, %ymm7, %ymm8
+        vpsubq	%ymm15, %ymm9, %ymm15
+        vmovshdup	%ymm8, %ymm8
+        vpblendd	$0xaa, %ymm15, %ymm8, %ymm8
+        vpsubd	%ymm8, %ymm3, %ymm7
+        vpaddd	%ymm8, %ymm3, %ymm3
+        # 16: 1/4
+        vmovdqu	256(%rdx), %ymm10
+        vmovdqu	288(%rdx), %ymm12
+        vmovdqu	320(%rdx), %ymm11
+        vmovdqu	352(%rdx), %ymm13
+        vpmulld	%ymm12, %ymm2, %ymm8
+        vmovshdup	%ymm2, %ymm9
+        vpmuldq	%ymm10, %ymm2, %ymm2
+        vpmuldq	%ymm10, %ymm9, %ymm9
+        vmovshdup	%ymm8, %ymm15
+        vpmuldq	%ymm14, %ymm8, %ymm8
+        vpmuldq	%ymm14, %ymm15, %ymm15
+        vpsubq	%ymm8, %ymm2, %ymm8
+        vpsubq	%ymm15, %ymm9, %ymm15
+        vmovshdup	%ymm8, %ymm8
+        vpblendd	$0xaa, %ymm15, %ymm8, %ymm8
+        vpsubd	%ymm8, %ymm0, %ymm2
+        vpaddd	%ymm8, %ymm0, %ymm0
+        vpmulld	%ymm12, %ymm3, %ymm8
+        vmovshdup	%ymm3, %ymm9
+        vpmuldq	%ymm10, %ymm3, %ymm3
+        vpmuldq	%ymm10, %ymm9, %ymm9
+        vmovshdup	%ymm8, %ymm15
+        vpmuldq	%ymm14, %ymm8, %ymm8
+        vpmuldq	%ymm14, %ymm15, %ymm15
+        vpsubq	%ymm8, %ymm3, %ymm8
+        vpsubq	%ymm15, %ymm9, %ymm15
+        vmovshdup	%ymm8, %ymm8
+        vpblendd	$0xaa, %ymm15, %ymm8, %ymm8
+        vpsubd	%ymm8, %ymm1, %ymm3
+        vpaddd	%ymm8, %ymm1, %ymm1
+        vpmulld	%ymm13, %ymm6, %ymm8
+        vmovshdup	%ymm6, %ymm9
+        vpmuldq	%ymm11, %ymm6, %ymm6
+        vpmuldq	%ymm11, %ymm9, %ymm9
+        vmovshdup	%ymm8, %ymm15
+        vpmuldq	%ymm14, %ymm8, %ymm8
+        vpmuldq	%ymm14, %ymm15, %ymm15
+        vpsubq	%ymm8, %ymm6, %ymm8
+        vpsubq	%ymm15, %ymm9, %ymm15
+        vmovshdup	%ymm8, %ymm8
+        vpblendd	$0xaa, %ymm15, %ymm8, %ymm8
+        vpsubd	%ymm8, %ymm4, %ymm6
+        vpaddd	%ymm8, %ymm4, %ymm4
+        vpmulld	%ymm13, %ymm7, %ymm8
+        vmovshdup	%ymm7, %ymm9
+        vpmuldq	%ymm11, %ymm7, %ymm7
+        vpmuldq	%ymm11, %ymm9, %ymm9
+        vmovshdup	%ymm8, %ymm15
+        vpmuldq	%ymm14, %ymm8, %ymm8
+        vpmuldq	%ymm14, %ymm15, %ymm15
+        vpsubq	%ymm8, %ymm7, %ymm8
+        vpsubq	%ymm15, %ymm9, %ymm15
+        vmovshdup	%ymm8, %ymm8
+        vpblendd	$0xaa, %ymm15, %ymm8, %ymm8
+        vpsubd	%ymm8, %ymm5, %ymm7
+        vpaddd	%ymm8, %ymm5, %ymm5
+        # 8: 1/4
+        vmovdqu	384(%rdx), %ymm10
+        vmovdqu	416(%rdx), %ymm12
+        vmovdqu	448(%rdx), %ymm11
+        vmovdqu	480(%rdx), %ymm13
+        vpmulld	%ymm12, %ymm1, %ymm8
+        vmovshdup	%ymm1, %ymm9
+        vpmuldq	%ymm10, %ymm1, %ymm1
+        vpmuldq	%ymm10, %ymm9, %ymm9
+        vmovshdup	%ymm8, %ymm15
+        vpmuldq	%ymm14, %ymm8, %ymm8
+        vpmuldq	%ymm14, %ymm15, %ymm15
+        vpsubq	%ymm8, %ymm1, %ymm8
+        vpsubq	%ymm15, %ymm9, %ymm15
+        vmovshdup	%ymm8, %ymm8
+        vpblendd	$0xaa, %ymm15, %ymm8, %ymm8
+        vpsubd	%ymm8, %ymm0, %ymm1
+        vpaddd	%ymm8, %ymm0, %ymm0
+        vpmulld	%ymm13, %ymm3, %ymm8
+        vmovshdup	%ymm3, %ymm9
+        vpmuldq	%ymm11, %ymm3, %ymm3
+        vpmuldq	%ymm11, %ymm9, %ymm9
+        vmovshdup	%ymm8, %ymm15
+        vpmuldq	%ymm14, %ymm8, %ymm8
+        vpmuldq	%ymm14, %ymm15, %ymm15
+        vpsubq	%ymm8, %ymm3, %ymm8
+        vpsubq	%ymm15, %ymm9, %ymm15
+        vmovshdup	%ymm8, %ymm8
+        vpblendd	$0xaa, %ymm15, %ymm8, %ymm8
+        vpsubd	%ymm8, %ymm2, %ymm3
+        vpaddd	%ymm8, %ymm2, %ymm2
+        vmovdqu	512(%rdx), %ymm10
+        vmovdqu	544(%rdx), %ymm12
+        vmovdqu	576(%rdx), %ymm11
+        vmovdqu	608(%rdx), %ymm13
+        vpmulld	%ymm12, %ymm5, %ymm8
+        vmovshdup	%ymm5, %ymm9
+        vpmuldq	%ymm10, %ymm5, %ymm5
+        vpmuldq	%ymm10, %ymm9, %ymm9
+        vmovshdup	%ymm8, %ymm15
+        vpmuldq	%ymm14, %ymm8, %ymm8
+        vpmuldq	%ymm14, %ymm15, %ymm15
+        vpsubq	%ymm8, %ymm5, %ymm8
+        vpsubq	%ymm15, %ymm9, %ymm15
+        vmovshdup	%ymm8, %ymm8
+        vpblendd	$0xaa, %ymm15, %ymm8, %ymm8
+        vpsubd	%ymm8, %ymm4, %ymm5
+        vpaddd	%ymm8, %ymm4, %ymm4
+        vpmulld	%ymm13, %ymm7, %ymm8
+        vmovshdup	%ymm7, %ymm9
+        vpmuldq	%ymm11, %ymm7, %ymm7
+        vpmuldq	%ymm11, %ymm9, %ymm9
+        vmovshdup	%ymm8, %ymm15
+        vpmuldq	%ymm14, %ymm8, %ymm8
+        vpmuldq	%ymm14, %ymm15, %ymm15
+        vpsubq	%ymm8, %ymm7, %ymm8
+        vpsubq	%ymm15, %ymm9, %ymm15
+        vmovshdup	%ymm8, %ymm8
+        vpblendd	$0xaa, %ymm15, %ymm8, %ymm8
+        vpsubd	%ymm8, %ymm6, %ymm7
+        vpaddd	%ymm8, %ymm6, %ymm6
+        # 4: 1/4
+        vperm2i128	$32, %ymm1, %ymm0, %ymm8
+        vmovdqu	640(%rdx), %ymm10
+        vperm2i128	$49, %ymm1, %ymm0, %ymm1
+        vmovdqu	672(%rdx), %ymm12
+        vperm2i128	$32, %ymm3, %ymm2, %ymm9
+        vmovdqu	704(%rdx), %ymm11
+        vperm2i128	$49, %ymm3, %ymm2, %ymm3
+        vmovdqu	736(%rdx), %ymm13
+        vpmulld	%ymm12, %ymm1, %ymm0
+        vmovshdup	%ymm1, %ymm2
+        vpmuldq	%ymm10, %ymm1, %ymm1
+        vpmuldq	%ymm10, %ymm2, %ymm2
+        vmovshdup	%ymm0, %ymm15
+        vpmuldq	%ymm14, %ymm0, %ymm0
+        vpmuldq	%ymm14, %ymm15, %ymm15
+        vpsubq	%ymm0, %ymm1, %ymm0
+        vpsubq	%ymm15, %ymm2, %ymm15
+        vmovshdup	%ymm0, %ymm0
+        vpblendd	$0xaa, %ymm15, %ymm0, %ymm0
+        vpsubd	%ymm0, %ymm8, %ymm1
+        vpaddd	%ymm0, %ymm8, %ymm8
+        vpmulld	%ymm13, %ymm3, %ymm0
+        vmovshdup	%ymm3, %ymm2
+        vpmuldq	%ymm11, %ymm3, %ymm3
+        vpmuldq	%ymm11, %ymm2, %ymm2
+        vmovshdup	%ymm0, %ymm15
+        vpmuldq	%ymm14, %ymm0, %ymm0
+        vpmuldq	%ymm14, %ymm15, %ymm15
+        vpsubq	%ymm0, %ymm3, %ymm0
+        vpsubq	%ymm15, %ymm2, %ymm15
+        vmovshdup	%ymm0, %ymm0
+        vpblendd	$0xaa, %ymm15, %ymm0, %ymm0
+        vpsubd	%ymm0, %ymm9, %ymm3
+        vpaddd	%ymm0, %ymm9, %ymm9
+        # 2: 1/4
+        vmovdqu	768(%rdx), %ymm10
+        vmovdqu	800(%rdx), %ymm12
+        vmovdqu	832(%rdx), %ymm11
+        vmovdqu	864(%rdx), %ymm13
+        vpunpcklqdq	%ymm1, %ymm8, %ymm0
+        vpunpckhqdq	%ymm1, %ymm8, %ymm1
+        vpunpcklqdq	%ymm3, %ymm9, %ymm2
+        vpunpckhqdq	%ymm3, %ymm9, %ymm3
+        vpmulld	%ymm12, %ymm1, %ymm8
+        vmovshdup	%ymm1, %ymm9
+        vpmuldq	%ymm10, %ymm1, %ymm1
+        vpmuldq	%ymm10, %ymm9, %ymm9
+        vmovshdup	%ymm8, %ymm15
+        vpmuldq	%ymm14, %ymm8, %ymm8
+        vpmuldq	%ymm14, %ymm15, %ymm15
+        vpsubq	%ymm8, %ymm1, %ymm8
+        vpsubq	%ymm15, %ymm9, %ymm15
+        vmovshdup	%ymm8, %ymm8
+        vpblendd	$0xaa, %ymm15, %ymm8, %ymm8
+        vpsubd	%ymm8, %ymm0, %ymm1
+        vpaddd	%ymm8, %ymm0, %ymm0
+        vpmulld	%ymm13, %ymm3, %ymm8
+        vmovshdup	%ymm3, %ymm9
+        vpmuldq	%ymm11, %ymm3, %ymm3
+        vpmuldq	%ymm11, %ymm9, %ymm9
+        vmovshdup	%ymm8, %ymm15
+        vpmuldq	%ymm14, %ymm8, %ymm8
+        vpmuldq	%ymm14, %ymm15, %ymm15
+        vpsubq	%ymm8, %ymm3, %ymm8
+        vpsubq	%ymm15, %ymm9, %ymm15
+        vmovshdup	%ymm8, %ymm8
+        vpblendd	$0xaa, %ymm15, %ymm8, %ymm8
+        vpsubd	%ymm8, %ymm2, %ymm3
+        vpaddd	%ymm8, %ymm2, %ymm2
+        # 4: 1/4
+        vperm2i128	$32, %ymm5, %ymm4, %ymm8
+        vmovdqu	896(%rdx), %ymm10
+        vperm2i128	$49, %ymm5, %ymm4, %ymm5
+        vmovdqu	928(%rdx), %ymm12
+        vperm2i128	$32, %ymm7, %ymm6, %ymm9
+        vmovdqu	960(%rdx), %ymm11
+        vperm2i128	$49, %ymm7, %ymm6, %ymm7
+        vmovdqu	992(%rdx), %ymm13
+        vpmulld	%ymm12, %ymm5, %ymm4
+        vmovshdup	%ymm5, %ymm6
+        vpmuldq	%ymm10, %ymm5, %ymm5
+        vpmuldq	%ymm10, %ymm6, %ymm6
+        vmovshdup	%ymm4, %ymm15
+        vpmuldq	%ymm14, %ymm4, %ymm4
+        vpmuldq	%ymm14, %ymm15, %ymm15
+        vpsubq	%ymm4, %ymm5, %ymm4
+        vpsubq	%ymm15, %ymm6, %ymm15
+        vmovshdup	%ymm4, %ymm4
+        vpblendd	$0xaa, %ymm15, %ymm4, %ymm4
+        vpsubd	%ymm4, %ymm8, %ymm5
+        vpaddd	%ymm4, %ymm8, %ymm8
+        vpmulld	%ymm13, %ymm7, %ymm4
+        vmovshdup	%ymm7, %ymm6
+        vpmuldq	%ymm11, %ymm7, %ymm7
+        vpmuldq	%ymm11, %ymm6, %ymm6
+        vmovshdup	%ymm4, %ymm15
+        vpmuldq	%ymm14, %ymm4, %ymm4
+        vpmuldq	%ymm14, %ymm15, %ymm15
+        vpsubq	%ymm4, %ymm7, %ymm4
+        vpsubq	%ymm15, %ymm6, %ymm15
+        vmovshdup	%ymm4, %ymm4
+        vpblendd	$0xaa, %ymm15, %ymm4, %ymm4
+        vpsubd	%ymm4, %ymm9, %ymm7
+        vpaddd	%ymm4, %ymm9, %ymm9
+        # 2: 1/4
+        vmovdqu	1024(%rdx), %ymm10
+        vmovdqu	1056(%rdx), %ymm12
+        vmovdqu	1088(%rdx), %ymm11
+        vmovdqu	1120(%rdx), %ymm13
+        vpunpcklqdq	%ymm5, %ymm8, %ymm4
+        vpunpckhqdq	%ymm5, %ymm8, %ymm5
+        vpunpcklqdq	%ymm7, %ymm9, %ymm6
+        vpunpckhqdq	%ymm7, %ymm9, %ymm7
+        vpmulld	%ymm12, %ymm5, %ymm8
+        vmovshdup	%ymm5, %ymm9
+        vpmuldq	%ymm10, %ymm5, %ymm5
+        vpmuldq	%ymm10, %ymm9, %ymm9
+        vmovshdup	%ymm8, %ymm15
+        vpmuldq	%ymm14, %ymm8, %ymm8
+        vpmuldq	%ymm14, %ymm15, %ymm15
+        vpsubq	%ymm8, %ymm5, %ymm8
+        vpsubq	%ymm15, %ymm9, %ymm15
+        vmovshdup	%ymm8, %ymm8
+        vpblendd	$0xaa, %ymm15, %ymm8, %ymm8
+        vpsubd	%ymm8, %ymm4, %ymm5
+        vpaddd	%ymm8, %ymm4, %ymm4
+        vpmulld	%ymm13, %ymm7, %ymm8
+        vmovshdup	%ymm7, %ymm9
+        vpmuldq	%ymm11, %ymm7, %ymm7
+        vpmuldq	%ymm11, %ymm9, %ymm9
+        vmovshdup	%ymm8, %ymm15
+        vpmuldq	%ymm14, %ymm8, %ymm8
+        vpmuldq	%ymm14, %ymm15, %ymm15
+        vpsubq	%ymm8, %ymm7, %ymm8
+        vpsubq	%ymm15, %ymm9, %ymm15
+        vmovshdup	%ymm8, %ymm8
+        vpblendd	$0xaa, %ymm15, %ymm8, %ymm8
+        vpsubd	%ymm8, %ymm6, %ymm7
+        vpaddd	%ymm8, %ymm6, %ymm6
+        # 1: 1/4
+        vmovdqu	1152(%rdx), %ymm10
+        vmovdqu	1184(%rdx), %ymm12
+        vmovdqu	1216(%rdx), %ymm11
+        vmovdqu	1248(%rdx), %ymm13
+        vpsllq	$32, %ymm1, %ymm8
+        vpsrlq	$32, %ymm0, %ymm9
+        vpblendd	$0xaa, %ymm8, %ymm0, %ymm0
+        vpblendd	$0x55, %ymm9, %ymm1, %ymm1
+        vpsllq	$32, %ymm3, %ymm8
+        vpsrlq	$32, %ymm2, %ymm9
+        vpblendd	$0xaa, %ymm8, %ymm2, %ymm2
+        vpblendd	$0x55, %ymm9, %ymm3, %ymm3
+        vpmulld	%ymm12, %ymm1, %ymm8
+        vmovshdup	%ymm1, %ymm9
+        vpmuldq	%ymm10, %ymm1, %ymm1
+        vmovshdup	%ymm10, %ymm10
+        vpmuldq	%ymm10, %ymm9, %ymm9
+        vmovshdup	%ymm8, %ymm15
+        vpmuldq	%ymm14, %ymm8, %ymm8
+        vpmuldq	%ymm14, %ymm15, %ymm15
+        vpsubq	%ymm8, %ymm1, %ymm8
+        vpsubq	%ymm15, %ymm9, %ymm15
+        vmovshdup	%ymm8, %ymm8
+        vpblendd	$0xaa, %ymm15, %ymm8, %ymm8
+        vpsubd	%ymm8, %ymm0, %ymm1
+        vpaddd	%ymm8, %ymm0, %ymm0
+        vpmulld	%ymm13, %ymm3, %ymm8
+        vmovshdup	%ymm3, %ymm9
+        vpmuldq	%ymm11, %ymm3, %ymm3
+        vmovshdup	%ymm11, %ymm11
+        vpmuldq	%ymm11, %ymm9, %ymm9
+        vmovshdup	%ymm8, %ymm15
+        vpmuldq	%ymm14, %ymm8, %ymm8
+        vpmuldq	%ymm14, %ymm15, %ymm15
+        vpsubq	%ymm8, %ymm3, %ymm8
+        vpsubq	%ymm15, %ymm9, %ymm15
+        vmovshdup	%ymm8, %ymm8
+        vpblendd	$0xaa, %ymm15, %ymm8, %ymm8
+        vpsubd	%ymm8, %ymm2, %ymm3
+        vpaddd	%ymm8, %ymm2, %ymm2
+        # 1: 1/4
+        vmovdqu	1280(%rdx), %ymm10
+        vmovdqu	1312(%rdx), %ymm12
+        vmovdqu	1344(%rdx), %ymm11
+        vmovdqu	1376(%rdx), %ymm13
+        vpsllq	$32, %ymm5, %ymm8
+        vpsrlq	$32, %ymm4, %ymm9
+        vpblendd	$0xaa, %ymm8, %ymm4, %ymm4
+        vpblendd	$0x55, %ymm9, %ymm5, %ymm5
+        vpsllq	$32, %ymm7, %ymm8
+        vpsrlq	$32, %ymm6, %ymm9
+        vpblendd	$0xaa, %ymm8, %ymm6, %ymm6
+        vpblendd	$0x55, %ymm9, %ymm7, %ymm7
+        vpmulld	%ymm12, %ymm5, %ymm8
+        vmovshdup	%ymm5, %ymm9
+        vpmuldq	%ymm10, %ymm5, %ymm5
+        vmovshdup	%ymm10, %ymm10
+        vpmuldq	%ymm10, %ymm9, %ymm9
+        vmovshdup	%ymm8, %ymm15
+        vpmuldq	%ymm14, %ymm8, %ymm8
+        vpmuldq	%ymm14, %ymm15, %ymm15
+        vpsubq	%ymm8, %ymm5, %ymm8
+        vpsubq	%ymm15, %ymm9, %ymm15
+        vmovshdup	%ymm8, %ymm8
+        vpblendd	$0xaa, %ymm15, %ymm8, %ymm8
+        vpsubd	%ymm8, %ymm4, %ymm5
+        vpaddd	%ymm8, %ymm4, %ymm4
+        vpmulld	%ymm13, %ymm7, %ymm8
+        vmovshdup	%ymm7, %ymm9
+        vpmuldq	%ymm11, %ymm7, %ymm7
+        vmovshdup	%ymm11, %ymm11
+        vpmuldq	%ymm11, %ymm9, %ymm9
+        vmovshdup	%ymm8, %ymm15
+        vpmuldq	%ymm14, %ymm8, %ymm8
+        vpmuldq	%ymm14, %ymm15, %ymm15
+        vpsubq	%ymm8, %ymm7, %ymm8
+        vpsubq	%ymm15, %ymm9, %ymm15
+        vmovshdup	%ymm8, %ymm8
+        vpblendd	$0xaa, %ymm15, %ymm8, %ymm8
+        vpsubd	%ymm8, %ymm6, %ymm7
+        vpaddd	%ymm8, %ymm6, %ymm6
+        vmovdqu	%ymm0, (%rdi)
+        vmovdqu	%ymm1, 32(%rdi)
+        vmovdqu	%ymm2, 64(%rdi)
+        vmovdqu	%ymm3, 96(%rdi)
+        vmovdqu	%ymm4, 128(%rdi)
+        vmovdqu	%ymm5, 160(%rdi)
+        vmovdqu	%ymm6, 192(%rdi)
+        vmovdqu	%ymm7, 224(%rdi)
+        vmovdqu	256(%rdi), %ymm0
+        vmovdqu	288(%rdi), %ymm1
+        vmovdqu	320(%rdi), %ymm2
+        vmovdqu	352(%rdi), %ymm3
+        vmovdqu	384(%rdi), %ymm4
+        vmovdqu	416(%rdi), %ymm5
+        vmovdqu	448(%rdi), %ymm6
+        vmovdqu	480(%rdi), %ymm7
+        # 32: 2/4
+        vmovdqu	1408(%rdx), %ymm10
+        vmovdqu	1440(%rdx), %ymm12
+        vpmulld	%ymm12, %ymm4, %ymm8
+        vmovshdup	%ymm4, %ymm9
+        vpmuldq	%ymm10, %ymm4, %ymm4
+        vpmuldq	%ymm10, %ymm9, %ymm9
+        vmovshdup	%ymm8, %ymm15
+        vpmuldq	%ymm14, %ymm8, %ymm8
+        vpmuldq	%ymm14, %ymm15, %ymm15
+        vpsubq	%ymm8, %ymm4, %ymm8
+        vpsubq	%ymm15, %ymm9, %ymm15
+        vmovshdup	%ymm8, %ymm8
+        vpblendd	$0xaa, %ymm15, %ymm8, %ymm8
+        vpsubd	%ymm8, %ymm0, %ymm4
+        vpaddd	%ymm8, %ymm0, %ymm0
+        vpmulld	%ymm12, %ymm5, %ymm8
+        vmovshdup	%ymm5, %ymm9
+        vpmuldq	%ymm10, %ymm5, %ymm5
+        vpmuldq	%ymm10, %ymm9, %ymm9
+        vmovshdup	%ymm8, %ymm15
+        vpmuldq	%ymm14, %ymm8, %ymm8
+        vpmuldq	%ymm14, %ymm15, %ymm15
+        vpsubq	%ymm8, %ymm5, %ymm8
+        vpsubq	%ymm15, %ymm9, %ymm15
+        vmovshdup	%ymm8, %ymm8
+        vpblendd	$0xaa, %ymm15, %ymm8, %ymm8
+        vpsubd	%ymm8, %ymm1, %ymm5
+        vpaddd	%ymm8, %ymm1, %ymm1
+        vpmulld	%ymm12, %ymm6, %ymm8
+        vmovshdup	%ymm6, %ymm9
+        vpmuldq	%ymm10, %ymm6, %ymm6
+        vpmuldq	%ymm10, %ymm9, %ymm9
+        vmovshdup	%ymm8, %ymm15
+        vpmuldq	%ymm14, %ymm8, %ymm8
+        vpmuldq	%ymm14, %ymm15, %ymm15
+        vpsubq	%ymm8, %ymm6, %ymm8
+        vpsubq	%ymm15, %ymm9, %ymm15
+        vmovshdup	%ymm8, %ymm8
+        vpblendd	$0xaa, %ymm15, %ymm8, %ymm8
+        vpsubd	%ymm8, %ymm2, %ymm6
+        vpaddd	%ymm8, %ymm2, %ymm2
+        vpmulld	%ymm12, %ymm7, %ymm8
+        vmovshdup	%ymm7, %ymm9
+        vpmuldq	%ymm10, %ymm7, %ymm7
+        vpmuldq	%ymm10, %ymm9, %ymm9
+        vmovshdup	%ymm8, %ymm15
+        vpmuldq	%ymm14, %ymm8, %ymm8
+        vpmuldq	%ymm14, %ymm15, %ymm15
+        vpsubq	%ymm8, %ymm7, %ymm8
+        vpsubq	%ymm15, %ymm9, %ymm15
+        vmovshdup	%ymm8, %ymm8
+        vpblendd	$0xaa, %ymm15, %ymm8, %ymm8
+        vpsubd	%ymm8, %ymm3, %ymm7
+        vpaddd	%ymm8, %ymm3, %ymm3
+        # 16: 2/4
+        vmovdqu	1472(%rdx), %ymm10
+        vmovdqu	1504(%rdx), %ymm12
+        vmovdqu	1536(%rdx), %ymm11
+        vmovdqu	1568(%rdx), %ymm13
+        vpmulld	%ymm12, %ymm2, %ymm8
+        vmovshdup	%ymm2, %ymm9
+        vpmuldq	%ymm10, %ymm2, %ymm2
+        vpmuldq	%ymm10, %ymm9, %ymm9
+        vmovshdup	%ymm8, %ymm15
+        vpmuldq	%ymm14, %ymm8, %ymm8
+        vpmuldq	%ymm14, %ymm15, %ymm15
+        vpsubq	%ymm8, %ymm2, %ymm8
+        vpsubq	%ymm15, %ymm9, %ymm15
+        vmovshdup	%ymm8, %ymm8
+        vpblendd	$0xaa, %ymm15, %ymm8, %ymm8
+        vpsubd	%ymm8, %ymm0, %ymm2
+        vpaddd	%ymm8, %ymm0, %ymm0
+        vpmulld	%ymm12, %ymm3, %ymm8
+        vmovshdup	%ymm3, %ymm9
+        vpmuldq	%ymm10, %ymm3, %ymm3
+        vpmuldq	%ymm10, %ymm9, %ymm9
+        vmovshdup	%ymm8, %ymm15
+        vpmuldq	%ymm14, %ymm8, %ymm8
+        vpmuldq	%ymm14, %ymm15, %ymm15
+        vpsubq	%ymm8, %ymm3, %ymm8
+        vpsubq	%ymm15, %ymm9, %ymm15
+        vmovshdup	%ymm8, %ymm8
+        vpblendd	$0xaa, %ymm15, %ymm8, %ymm8
+        vpsubd	%ymm8, %ymm1, %ymm3
+        vpaddd	%ymm8, %ymm1, %ymm1
+        vpmulld	%ymm13, %ymm6, %ymm8
+        vmovshdup	%ymm6, %ymm9
+        vpmuldq	%ymm11, %ymm6, %ymm6
+        vpmuldq	%ymm11, %ymm9, %ymm9
+        vmovshdup	%ymm8, %ymm15
+        vpmuldq	%ymm14, %ymm8, %ymm8
+        vpmuldq	%ymm14, %ymm15, %ymm15
+        vpsubq	%ymm8, %ymm6, %ymm8
+        vpsubq	%ymm15, %ymm9, %ymm15
+        vmovshdup	%ymm8, %ymm8
+        vpblendd	$0xaa, %ymm15, %ymm8, %ymm8
+        vpsubd	%ymm8, %ymm4, %ymm6
+        vpaddd	%ymm8, %ymm4, %ymm4
+        vpmulld	%ymm13, %ymm7, %ymm8
+        vmovshdup	%ymm7, %ymm9
+        vpmuldq	%ymm11, %ymm7, %ymm7
+        vpmuldq	%ymm11, %ymm9, %ymm9
+        vmovshdup	%ymm8, %ymm15
+        vpmuldq	%ymm14, %ymm8, %ymm8
+        vpmuldq	%ymm14, %ymm15, %ymm15
+        vpsubq	%ymm8, %ymm7, %ymm8
+        vpsubq	%ymm15, %ymm9, %ymm15
+        vmovshdup	%ymm8, %ymm8
+        vpblendd	$0xaa, %ymm15, %ymm8, %ymm8
+        vpsubd	%ymm8, %ymm5, %ymm7
+        vpaddd	%ymm8, %ymm5, %ymm5
+        # 8: 2/4
+        vmovdqu	1600(%rdx), %ymm10
+        vmovdqu	1632(%rdx), %ymm12
+        vmovdqu	1664(%rdx), %ymm11
+        vmovdqu	1696(%rdx), %ymm13
+        vpmulld	%ymm12, %ymm1, %ymm8
+        vmovshdup	%ymm1, %ymm9
+        vpmuldq	%ymm10, %ymm1, %ymm1
+        vpmuldq	%ymm10, %ymm9, %ymm9
+        vmovshdup	%ymm8, %ymm15
+        vpmuldq	%ymm14, %ymm8, %ymm8
+        vpmuldq	%ymm14, %ymm15, %ymm15
+        vpsubq	%ymm8, %ymm1, %ymm8
+        vpsubq	%ymm15, %ymm9, %ymm15
+        vmovshdup	%ymm8, %ymm8
+        vpblendd	$0xaa, %ymm15, %ymm8, %ymm8
+        vpsubd	%ymm8, %ymm0, %ymm1
+        vpaddd	%ymm8, %ymm0, %ymm0
+        vpmulld	%ymm13, %ymm3, %ymm8
+        vmovshdup	%ymm3, %ymm9
+        vpmuldq	%ymm11, %ymm3, %ymm3
+        vpmuldq	%ymm11, %ymm9, %ymm9
+        vmovshdup	%ymm8, %ymm15
+        vpmuldq	%ymm14, %ymm8, %ymm8
+        vpmuldq	%ymm14, %ymm15, %ymm15
+        vpsubq	%ymm8, %ymm3, %ymm8
+        vpsubq	%ymm15, %ymm9, %ymm15
+        vmovshdup	%ymm8, %ymm8
+        vpblendd	$0xaa, %ymm15, %ymm8, %ymm8
+        vpsubd	%ymm8, %ymm2, %ymm3
+        vpaddd	%ymm8, %ymm2, %ymm2
+        vmovdqu	1728(%rdx), %ymm10
+        vmovdqu	1760(%rdx), %ymm12
+        vmovdqu	1792(%rdx), %ymm11
+        vmovdqu	1824(%rdx), %ymm13
+        vpmulld	%ymm12, %ymm5, %ymm8
+        vmovshdup	%ymm5, %ymm9
+        vpmuldq	%ymm10, %ymm5, %ymm5
+        vpmuldq	%ymm10, %ymm9, %ymm9
+        vmovshdup	%ymm8, %ymm15
+        vpmuldq	%ymm14, %ymm8, %ymm8
+        vpmuldq	%ymm14, %ymm15, %ymm15
+        vpsubq	%ymm8, %ymm5, %ymm8
+        vpsubq	%ymm15, %ymm9, %ymm15
+        vmovshdup	%ymm8, %ymm8
+        vpblendd	$0xaa, %ymm15, %ymm8, %ymm8
+        vpsubd	%ymm8, %ymm4, %ymm5
+        vpaddd	%ymm8, %ymm4, %ymm4
+        vpmulld	%ymm13, %ymm7, %ymm8
+        vmovshdup	%ymm7, %ymm9
+        vpmuldq	%ymm11, %ymm7, %ymm7
+        vpmuldq	%ymm11, %ymm9, %ymm9
+        vmovshdup	%ymm8, %ymm15
+        vpmuldq	%ymm14, %ymm8, %ymm8
+        vpmuldq	%ymm14, %ymm15, %ymm15
+        vpsubq	%ymm8, %ymm7, %ymm8
+        vpsubq	%ymm15, %ymm9, %ymm15
+        vmovshdup	%ymm8, %ymm8
+        vpblendd	$0xaa, %ymm15, %ymm8, %ymm8
+        vpsubd	%ymm8, %ymm6, %ymm7
+        vpaddd	%ymm8, %ymm6, %ymm6
+        # 4: 2/4
+        vperm2i128	$32, %ymm1, %ymm0, %ymm8
+        vmovdqu	1856(%rdx), %ymm10
+        vperm2i128	$49, %ymm1, %ymm0, %ymm1
+        vmovdqu	1888(%rdx), %ymm12
+        vperm2i128	$32, %ymm3, %ymm2, %ymm9
+        vmovdqu	1920(%rdx), %ymm11
+        vperm2i128	$49, %ymm3, %ymm2, %ymm3
+        vmovdqu	1952(%rdx), %ymm13
+        vpmulld	%ymm12, %ymm1, %ymm0
+        vmovshdup	%ymm1, %ymm2
+        vpmuldq	%ymm10, %ymm1, %ymm1
+        vpmuldq	%ymm10, %ymm2, %ymm2
+        vmovshdup	%ymm0, %ymm15
+        vpmuldq	%ymm14, %ymm0, %ymm0
+        vpmuldq	%ymm14, %ymm15, %ymm15
+        vpsubq	%ymm0, %ymm1, %ymm0
+        vpsubq	%ymm15, %ymm2, %ymm15
+        vmovshdup	%ymm0, %ymm0
+        vpblendd	$0xaa, %ymm15, %ymm0, %ymm0
+        vpsubd	%ymm0, %ymm8, %ymm1
+        vpaddd	%ymm0, %ymm8, %ymm8
+        vpmulld	%ymm13, %ymm3, %ymm0
+        vmovshdup	%ymm3, %ymm2
+        vpmuldq	%ymm11, %ymm3, %ymm3
+        vpmuldq	%ymm11, %ymm2, %ymm2
+        vmovshdup	%ymm0, %ymm15
+        vpmuldq	%ymm14, %ymm0, %ymm0
+        vpmuldq	%ymm14, %ymm15, %ymm15
+        vpsubq	%ymm0, %ymm3, %ymm0
+        vpsubq	%ymm15, %ymm2, %ymm15
+        vmovshdup	%ymm0, %ymm0
+        vpblendd	$0xaa, %ymm15, %ymm0, %ymm0
+        vpsubd	%ymm0, %ymm9, %ymm3
+        vpaddd	%ymm0, %ymm9, %ymm9
+        # 2: 2/4
+        vmovdqu	1984(%rdx), %ymm10
+        vmovdqu	2016(%rdx), %ymm12
+        vmovdqu	2048(%rdx), %ymm11
+        vmovdqu	2080(%rdx), %ymm13
+        vpunpcklqdq	%ymm1, %ymm8, %ymm0
+        vpunpckhqdq	%ymm1, %ymm8, %ymm1
+        vpunpcklqdq	%ymm3, %ymm9, %ymm2
+        vpunpckhqdq	%ymm3, %ymm9, %ymm3
+        vpmulld	%ymm12, %ymm1, %ymm8
+        vmovshdup	%ymm1, %ymm9
+        vpmuldq	%ymm10, %ymm1, %ymm1
+        vpmuldq	%ymm10, %ymm9, %ymm9
+        vmovshdup	%ymm8, %ymm15
+        vpmuldq	%ymm14, %ymm8, %ymm8
+        vpmuldq	%ymm14, %ymm15, %ymm15
+        vpsubq	%ymm8, %ymm1, %ymm8
+        vpsubq	%ymm15, %ymm9, %ymm15
+        vmovshdup	%ymm8, %ymm8
+        vpblendd	$0xaa, %ymm15, %ymm8, %ymm8
+        vpsubd	%ymm8, %ymm0, %ymm1
+        vpaddd	%ymm8, %ymm0, %ymm0
+        vpmulld	%ymm13, %ymm3, %ymm8
+        vmovshdup	%ymm3, %ymm9
+        vpmuldq	%ymm11, %ymm3, %ymm3
+        vpmuldq	%ymm11, %ymm9, %ymm9
+        vmovshdup	%ymm8, %ymm15
+        vpmuldq	%ymm14, %ymm8, %ymm8
+        vpmuldq	%ymm14, %ymm15, %ymm15
+        vpsubq	%ymm8, %ymm3, %ymm8
+        vpsubq	%ymm15, %ymm9, %ymm15
+        vmovshdup	%ymm8, %ymm8
+        vpblendd	$0xaa, %ymm15, %ymm8, %ymm8
+        vpsubd	%ymm8, %ymm2, %ymm3
+        vpaddd	%ymm8, %ymm2, %ymm2
+        # 4: 2/4
+        vperm2i128	$32, %ymm5, %ymm4, %ymm8
+        vmovdqu	2112(%rdx), %ymm10
+        vperm2i128	$49, %ymm5, %ymm4, %ymm5
+        vmovdqu	2144(%rdx), %ymm12
+        vperm2i128	$32, %ymm7, %ymm6, %ymm9
+        vmovdqu	2176(%rdx), %ymm11
+        vperm2i128	$49, %ymm7, %ymm6, %ymm7
+        vmovdqu	2208(%rdx), %ymm13
+        vpmulld	%ymm12, %ymm5, %ymm4
+        vmovshdup	%ymm5, %ymm6
+        vpmuldq	%ymm10, %ymm5, %ymm5
+        vpmuldq	%ymm10, %ymm6, %ymm6
+        vmovshdup	%ymm4, %ymm15
+        vpmuldq	%ymm14, %ymm4, %ymm4
+        vpmuldq	%ymm14, %ymm15, %ymm15
+        vpsubq	%ymm4, %ymm5, %ymm4
+        vpsubq	%ymm15, %ymm6, %ymm15
+        vmovshdup	%ymm4, %ymm4
+        vpblendd	$0xaa, %ymm15, %ymm4, %ymm4
+        vpsubd	%ymm4, %ymm8, %ymm5
+        vpaddd	%ymm4, %ymm8, %ymm8
+        vpmulld	%ymm13, %ymm7, %ymm4
+        vmovshdup	%ymm7, %ymm6
+        vpmuldq	%ymm11, %ymm7, %ymm7
+        vpmuldq	%ymm11, %ymm6, %ymm6
+        vmovshdup	%ymm4, %ymm15
+        vpmuldq	%ymm14, %ymm4, %ymm4
+        vpmuldq	%ymm14, %ymm15, %ymm15
+        vpsubq	%ymm4, %ymm7, %ymm4
+        vpsubq	%ymm15, %ymm6, %ymm15
+        vmovshdup	%ymm4, %ymm4
+        vpblendd	$0xaa, %ymm15, %ymm4, %ymm4
+        vpsubd	%ymm4, %ymm9, %ymm7
+        vpaddd	%ymm4, %ymm9, %ymm9
+        # 2: 2/4
+        vmovdqu	2240(%rdx), %ymm10
+        vmovdqu	2272(%rdx), %ymm12
+        vmovdqu	2304(%rdx), %ymm11
+        vmovdqu	2336(%rdx), %ymm13
+        vpunpcklqdq	%ymm5, %ymm8, %ymm4
+        vpunpckhqdq	%ymm5, %ymm8, %ymm5
+        vpunpcklqdq	%ymm7, %ymm9, %ymm6
+        vpunpckhqdq	%ymm7, %ymm9, %ymm7
+        vpmulld	%ymm12, %ymm5, %ymm8
+        vmovshdup	%ymm5, %ymm9
+        vpmuldq	%ymm10, %ymm5, %ymm5
+        vpmuldq	%ymm10, %ymm9, %ymm9
+        vmovshdup	%ymm8, %ymm15
+        vpmuldq	%ymm14, %ymm8, %ymm8
+        vpmuldq	%ymm14, %ymm15, %ymm15
+        vpsubq	%ymm8, %ymm5, %ymm8
+        vpsubq	%ymm15, %ymm9, %ymm15
+        vmovshdup	%ymm8, %ymm8
+        vpblendd	$0xaa, %ymm15, %ymm8, %ymm8
+        vpsubd	%ymm8, %ymm4, %ymm5
+        vpaddd	%ymm8, %ymm4, %ymm4
+        vpmulld	%ymm13, %ymm7, %ymm8
+        vmovshdup	%ymm7, %ymm9
+        vpmuldq	%ymm11, %ymm7, %ymm7
+        vpmuldq	%ymm11, %ymm9, %ymm9
+        vmovshdup	%ymm8, %ymm15
+        vpmuldq	%ymm14, %ymm8, %ymm8
+        vpmuldq	%ymm14, %ymm15, %ymm15
+        vpsubq	%ymm8, %ymm7, %ymm8
+        vpsubq	%ymm15, %ymm9, %ymm15
+        vmovshdup	%ymm8, %ymm8
+        vpblendd	$0xaa, %ymm15, %ymm8, %ymm8
+        vpsubd	%ymm8, %ymm6, %ymm7
+        vpaddd	%ymm8, %ymm6, %ymm6
+        # 1: 2/4
+        vmovdqu	2368(%rdx), %ymm10
+        vmovdqu	2400(%rdx), %ymm12
+        vmovdqu	2432(%rdx), %ymm11
+        vmovdqu	2464(%rdx), %ymm13
+        vpsllq	$32, %ymm1, %ymm8
+        vpsrlq	$32, %ymm0, %ymm9
+        vpblendd	$0xaa, %ymm8, %ymm0, %ymm0
+        vpblendd	$0x55, %ymm9, %ymm1, %ymm1
+        vpsllq	$32, %ymm3, %ymm8
+        vpsrlq	$32, %ymm2, %ymm9
+        vpblendd	$0xaa, %ymm8, %ymm2, %ymm2
+        vpblendd	$0x55, %ymm9, %ymm3, %ymm3
+        vpmulld	%ymm12, %ymm1, %ymm8
+        vmovshdup	%ymm1, %ymm9
+        vpmuldq	%ymm10, %ymm1, %ymm1
+        vmovshdup	%ymm10, %ymm10
+        vpmuldq	%ymm10, %ymm9, %ymm9
+        vmovshdup	%ymm8, %ymm15
+        vpmuldq	%ymm14, %ymm8, %ymm8
+        vpmuldq	%ymm14, %ymm15, %ymm15
+        vpsubq	%ymm8, %ymm1, %ymm8
+        vpsubq	%ymm15, %ymm9, %ymm15
+        vmovshdup	%ymm8, %ymm8
+        vpblendd	$0xaa, %ymm15, %ymm8, %ymm8
+        vpsubd	%ymm8, %ymm0, %ymm1
+        vpaddd	%ymm8, %ymm0, %ymm0
+        vpmulld	%ymm13, %ymm3, %ymm8
+        vmovshdup	%ymm3, %ymm9
+        vpmuldq	%ymm11, %ymm3, %ymm3
+        vmovshdup	%ymm11, %ymm11
+        vpmuldq	%ymm11, %ymm9, %ymm9
+        vmovshdup	%ymm8, %ymm15
+        vpmuldq	%ymm14, %ymm8, %ymm8
+        vpmuldq	%ymm14, %ymm15, %ymm15
+        vpsubq	%ymm8, %ymm3, %ymm8
+        vpsubq	%ymm15, %ymm9, %ymm15
+        vmovshdup	%ymm8, %ymm8
+        vpblendd	$0xaa, %ymm15, %ymm8, %ymm8
+        vpsubd	%ymm8, %ymm2, %ymm3
+        vpaddd	%ymm8, %ymm2, %ymm2
+        # 1: 2/4
+        vmovdqu	2496(%rdx), %ymm10
+        vmovdqu	2528(%rdx), %ymm12
+        vmovdqu	2560(%rdx), %ymm11
+        vmovdqu	2592(%rdx), %ymm13
+        vpsllq	$32, %ymm5, %ymm8
+        vpsrlq	$32, %ymm4, %ymm9
+        vpblendd	$0xaa, %ymm8, %ymm4, %ymm4
+        vpblendd	$0x55, %ymm9, %ymm5, %ymm5
+        vpsllq	$32, %ymm7, %ymm8
+        vpsrlq	$32, %ymm6, %ymm9
+        vpblendd	$0xaa, %ymm8, %ymm6, %ymm6
+        vpblendd	$0x55, %ymm9, %ymm7, %ymm7
+        vpmulld	%ymm12, %ymm5, %ymm8
+        vmovshdup	%ymm5, %ymm9
+        vpmuldq	%ymm10, %ymm5, %ymm5
+        vmovshdup	%ymm10, %ymm10
+        vpmuldq	%ymm10, %ymm9, %ymm9
+        vmovshdup	%ymm8, %ymm15
+        vpmuldq	%ymm14, %ymm8, %ymm8
+        vpmuldq	%ymm14, %ymm15, %ymm15
+        vpsubq	%ymm8, %ymm5, %ymm8
+        vpsubq	%ymm15, %ymm9, %ymm15
+        vmovshdup	%ymm8, %ymm8
+        vpblendd	$0xaa, %ymm15, %ymm8, %ymm8
+        vpsubd	%ymm8, %ymm4, %ymm5
+        vpaddd	%ymm8, %ymm4, %ymm4
+        vpmulld	%ymm13, %ymm7, %ymm8
+        vmovshdup	%ymm7, %ymm9
+        vpmuldq	%ymm11, %ymm7, %ymm7
+        vmovshdup	%ymm11, %ymm11
+        vpmuldq	%ymm11, %ymm9, %ymm9
+        vmovshdup	%ymm8, %ymm15
+        vpmuldq	%ymm14, %ymm8, %ymm8
+        vpmuldq	%ymm14, %ymm15, %ymm15
+        vpsubq	%ymm8, %ymm7, %ymm8
+        vpsubq	%ymm15, %ymm9, %ymm15
+        vmovshdup	%ymm8, %ymm8
+        vpblendd	$0xaa, %ymm15, %ymm8, %ymm8
+        vpsubd	%ymm8, %ymm6, %ymm7
+        vpaddd	%ymm8, %ymm6, %ymm6
+        vmovdqu	%ymm0, 256(%rdi)
+        vmovdqu	%ymm1, 288(%rdi)
+        vmovdqu	%ymm2, 320(%rdi)
+        vmovdqu	%ymm3, 352(%rdi)
+        vmovdqu	%ymm4, 384(%rdi)
+        vmovdqu	%ymm5, 416(%rdi)
+        vmovdqu	%ymm6, 448(%rdi)
+        vmovdqu	%ymm7, 480(%rdi)
+        vmovdqu	512(%rdi), %ymm0
+        vmovdqu	544(%rdi), %ymm1
+        vmovdqu	576(%rdi), %ymm2
+        vmovdqu	608(%rdi), %ymm3
+        vmovdqu	640(%rdi), %ymm4
+        vmovdqu	672(%rdi), %ymm5
+        vmovdqu	704(%rdi), %ymm6
+        vmovdqu	736(%rdi), %ymm7
+        # 32: 3/4
+        vmovdqu	2624(%rdx), %ymm10
+        vmovdqu	2656(%rdx), %ymm12
+        vpmulld	%ymm12, %ymm4, %ymm8
+        vmovshdup	%ymm4, %ymm9
+        vpmuldq	%ymm10, %ymm4, %ymm4
+        vpmuldq	%ymm10, %ymm9, %ymm9
+        vmovshdup	%ymm8, %ymm15
+        vpmuldq	%ymm14, %ymm8, %ymm8
+        vpmuldq	%ymm14, %ymm15, %ymm15
+        vpsubq	%ymm8, %ymm4, %ymm8
+        vpsubq	%ymm15, %ymm9, %ymm15
+        vmovshdup	%ymm8, %ymm8
+        vpblendd	$0xaa, %ymm15, %ymm8, %ymm8
+        vpsubd	%ymm8, %ymm0, %ymm4
+        vpaddd	%ymm8, %ymm0, %ymm0
+        vpmulld	%ymm12, %ymm5, %ymm8
+        vmovshdup	%ymm5, %ymm9
+        vpmuldq	%ymm10, %ymm5, %ymm5
+        vpmuldq	%ymm10, %ymm9, %ymm9
+        vmovshdup	%ymm8, %ymm15
+        vpmuldq	%ymm14, %ymm8, %ymm8
+        vpmuldq	%ymm14, %ymm15, %ymm15
+        vpsubq	%ymm8, %ymm5, %ymm8
+        vpsubq	%ymm15, %ymm9, %ymm15
+        vmovshdup	%ymm8, %ymm8
+        vpblendd	$0xaa, %ymm15, %ymm8, %ymm8
+        vpsubd	%ymm8, %ymm1, %ymm5
+        vpaddd	%ymm8, %ymm1, %ymm1
+        vpmulld	%ymm12, %ymm6, %ymm8
+        vmovshdup	%ymm6, %ymm9
+        vpmuldq	%ymm10, %ymm6, %ymm6
+        vpmuldq	%ymm10, %ymm9, %ymm9
+        vmovshdup	%ymm8, %ymm15
+        vpmuldq	%ymm14, %ymm8, %ymm8
+        vpmuldq	%ymm14, %ymm15, %ymm15
+        vpsubq	%ymm8, %ymm6, %ymm8
+        vpsubq	%ymm15, %ymm9, %ymm15
+        vmovshdup	%ymm8, %ymm8
+        vpblendd	$0xaa, %ymm15, %ymm8, %ymm8
+        vpsubd	%ymm8, %ymm2, %ymm6
+        vpaddd	%ymm8, %ymm2, %ymm2
+        vpmulld	%ymm12, %ymm7, %ymm8
+        vmovshdup	%ymm7, %ymm9
+        vpmuldq	%ymm10, %ymm7, %ymm7
+        vpmuldq	%ymm10, %ymm9, %ymm9
+        vmovshdup	%ymm8, %ymm15
+        vpmuldq	%ymm14, %ymm8, %ymm8
+        vpmuldq	%ymm14, %ymm15, %ymm15
+        vpsubq	%ymm8, %ymm7, %ymm8
+        vpsubq	%ymm15, %ymm9, %ymm15
+        vmovshdup	%ymm8, %ymm8
+        vpblendd	$0xaa, %ymm15, %ymm8, %ymm8
+        vpsubd	%ymm8, %ymm3, %ymm7
+        vpaddd	%ymm8, %ymm3, %ymm3
+        # 16: 3/4
+        vmovdqu	2688(%rdx), %ymm10
+        vmovdqu	2720(%rdx), %ymm12
+        vmovdqu	2752(%rdx), %ymm11
+        vmovdqu	2784(%rdx), %ymm13
+        vpmulld	%ymm12, %ymm2, %ymm8
+        vmovshdup	%ymm2, %ymm9
+        vpmuldq	%ymm10, %ymm2, %ymm2
+        vpmuldq	%ymm10, %ymm9, %ymm9
+        vmovshdup	%ymm8, %ymm15
+        vpmuldq	%ymm14, %ymm8, %ymm8
+        vpmuldq	%ymm14, %ymm15, %ymm15
+        vpsubq	%ymm8, %ymm2, %ymm8
+        vpsubq	%ymm15, %ymm9, %ymm15
+        vmovshdup	%ymm8, %ymm8
+        vpblendd	$0xaa, %ymm15, %ymm8, %ymm8
+        vpsubd	%ymm8, %ymm0, %ymm2
+        vpaddd	%ymm8, %ymm0, %ymm0
+        vpmulld	%ymm12, %ymm3, %ymm8
+        vmovshdup	%ymm3, %ymm9
+        vpmuldq	%ymm10, %ymm3, %ymm3
+        vpmuldq	%ymm10, %ymm9, %ymm9
+        vmovshdup	%ymm8, %ymm15
+        vpmuldq	%ymm14, %ymm8, %ymm8
+        vpmuldq	%ymm14, %ymm15, %ymm15
+        vpsubq	%ymm8, %ymm3, %ymm8
+        vpsubq	%ymm15, %ymm9, %ymm15
+        vmovshdup	%ymm8, %ymm8
+        vpblendd	$0xaa, %ymm15, %ymm8, %ymm8
+        vpsubd	%ymm8, %ymm1, %ymm3
+        vpaddd	%ymm8, %ymm1, %ymm1
+        vpmulld	%ymm13, %ymm6, %ymm8
+        vmovshdup	%ymm6, %ymm9
+        vpmuldq	%ymm11, %ymm6, %ymm6
+        vpmuldq	%ymm11, %ymm9, %ymm9
+        vmovshdup	%ymm8, %ymm15
+        vpmuldq	%ymm14, %ymm8, %ymm8
+        vpmuldq	%ymm14, %ymm15, %ymm15
+        vpsubq	%ymm8, %ymm6, %ymm8
+        vpsubq	%ymm15, %ymm9, %ymm15
+        vmovshdup	%ymm8, %ymm8
+        vpblendd	$0xaa, %ymm15, %ymm8, %ymm8
+        vpsubd	%ymm8, %ymm4, %ymm6
+        vpaddd	%ymm8, %ymm4, %ymm4
+        vpmulld	%ymm13, %ymm7, %ymm8
+        vmovshdup	%ymm7, %ymm9
+        vpmuldq	%ymm11, %ymm7, %ymm7
+        vpmuldq	%ymm11, %ymm9, %ymm9
+        vmovshdup	%ymm8, %ymm15
+        vpmuldq	%ymm14, %ymm8, %ymm8
+        vpmuldq	%ymm14, %ymm15, %ymm15
+        vpsubq	%ymm8, %ymm7, %ymm8
+        vpsubq	%ymm15, %ymm9, %ymm15
+        vmovshdup	%ymm8, %ymm8
+        vpblendd	$0xaa, %ymm15, %ymm8, %ymm8
+        vpsubd	%ymm8, %ymm5, %ymm7
+        vpaddd	%ymm8, %ymm5, %ymm5
+        # 8: 3/4
+        vmovdqu	2816(%rdx), %ymm10
+        vmovdqu	2848(%rdx), %ymm12
+        vmovdqu	2880(%rdx), %ymm11
+        vmovdqu	2912(%rdx), %ymm13
+        vpmulld	%ymm12, %ymm1, %ymm8
+        vmovshdup	%ymm1, %ymm9
+        vpmuldq	%ymm10, %ymm1, %ymm1
+        vpmuldq	%ymm10, %ymm9, %ymm9
+        vmovshdup	%ymm8, %ymm15
+        vpmuldq	%ymm14, %ymm8, %ymm8
+        vpmuldq	%ymm14, %ymm15, %ymm15
+        vpsubq	%ymm8, %ymm1, %ymm8
+        vpsubq	%ymm15, %ymm9, %ymm15
+        vmovshdup	%ymm8, %ymm8
+        vpblendd	$0xaa, %ymm15, %ymm8, %ymm8
+        vpsubd	%ymm8, %ymm0, %ymm1
+        vpaddd	%ymm8, %ymm0, %ymm0
+        vpmulld	%ymm13, %ymm3, %ymm8
+        vmovshdup	%ymm3, %ymm9
+        vpmuldq	%ymm11, %ymm3, %ymm3
+        vpmuldq	%ymm11, %ymm9, %ymm9
+        vmovshdup	%ymm8, %ymm15
+        vpmuldq	%ymm14, %ymm8, %ymm8
+        vpmuldq	%ymm14, %ymm15, %ymm15
+        vpsubq	%ymm8, %ymm3, %ymm8
+        vpsubq	%ymm15, %ymm9, %ymm15
+        vmovshdup	%ymm8, %ymm8
+        vpblendd	$0xaa, %ymm15, %ymm8, %ymm8
+        vpsubd	%ymm8, %ymm2, %ymm3
+        vpaddd	%ymm8, %ymm2, %ymm2
+        vmovdqu	2944(%rdx), %ymm10
+        vmovdqu	2976(%rdx), %ymm12
+        vmovdqu	3008(%rdx), %ymm11
+        vmovdqu	3040(%rdx), %ymm13
+        vpmulld	%ymm12, %ymm5, %ymm8
+        vmovshdup	%ymm5, %ymm9
+        vpmuldq	%ymm10, %ymm5, %ymm5
+        vpmuldq	%ymm10, %ymm9, %ymm9
+        vmovshdup	%ymm8, %ymm15
+        vpmuldq	%ymm14, %ymm8, %ymm8
+        vpmuldq	%ymm14, %ymm15, %ymm15
+        vpsubq	%ymm8, %ymm5, %ymm8
+        vpsubq	%ymm15, %ymm9, %ymm15
+        vmovshdup	%ymm8, %ymm8
+        vpblendd	$0xaa, %ymm15, %ymm8, %ymm8
+        vpsubd	%ymm8, %ymm4, %ymm5
+        vpaddd	%ymm8, %ymm4, %ymm4
+        vpmulld	%ymm13, %ymm7, %ymm8
+        vmovshdup	%ymm7, %ymm9
+        vpmuldq	%ymm11, %ymm7, %ymm7
+        vpmuldq	%ymm11, %ymm9, %ymm9
+        vmovshdup	%ymm8, %ymm15
+        vpmuldq	%ymm14, %ymm8, %ymm8
+        vpmuldq	%ymm14, %ymm15, %ymm15
+        vpsubq	%ymm8, %ymm7, %ymm8
+        vpsubq	%ymm15, %ymm9, %ymm15
+        vmovshdup	%ymm8, %ymm8
+        vpblendd	$0xaa, %ymm15, %ymm8, %ymm8
+        vpsubd	%ymm8, %ymm6, %ymm7
+        vpaddd	%ymm8, %ymm6, %ymm6
+        # 4: 3/4
+        vperm2i128	$32, %ymm1, %ymm0, %ymm8
+        vmovdqu	3072(%rdx), %ymm10
+        vperm2i128	$49, %ymm1, %ymm0, %ymm1
+        vmovdqu	3104(%rdx), %ymm12
+        vperm2i128	$32, %ymm3, %ymm2, %ymm9
+        vmovdqu	3136(%rdx), %ymm11
+        vperm2i128	$49, %ymm3, %ymm2, %ymm3
+        vmovdqu	3168(%rdx), %ymm13
+        vpmulld	%ymm12, %ymm1, %ymm0
+        vmovshdup	%ymm1, %ymm2
+        vpmuldq	%ymm10, %ymm1, %ymm1
+        vpmuldq	%ymm10, %ymm2, %ymm2
+        vmovshdup	%ymm0, %ymm15
+        vpmuldq	%ymm14, %ymm0, %ymm0
+        vpmuldq	%ymm14, %ymm15, %ymm15
+        vpsubq	%ymm0, %ymm1, %ymm0
+        vpsubq	%ymm15, %ymm2, %ymm15
+        vmovshdup	%ymm0, %ymm0
+        vpblendd	$0xaa, %ymm15, %ymm0, %ymm0
+        vpsubd	%ymm0, %ymm8, %ymm1
+        vpaddd	%ymm0, %ymm8, %ymm8
+        vpmulld	%ymm13, %ymm3, %ymm0
+        vmovshdup	%ymm3, %ymm2
+        vpmuldq	%ymm11, %ymm3, %ymm3
+        vpmuldq	%ymm11, %ymm2, %ymm2
+        vmovshdup	%ymm0, %ymm15
+        vpmuldq	%ymm14, %ymm0, %ymm0
+        vpmuldq	%ymm14, %ymm15, %ymm15
+        vpsubq	%ymm0, %ymm3, %ymm0
+        vpsubq	%ymm15, %ymm2, %ymm15
+        vmovshdup	%ymm0, %ymm0
+        vpblendd	$0xaa, %ymm15, %ymm0, %ymm0
+        vpsubd	%ymm0, %ymm9, %ymm3
+        vpaddd	%ymm0, %ymm9, %ymm9
+        # 2: 3/4
+        vmovdqu	3200(%rdx), %ymm10
+        vmovdqu	3232(%rdx), %ymm12
+        vmovdqu	3264(%rdx), %ymm11
+        vmovdqu	3296(%rdx), %ymm13
+        vpunpcklqdq	%ymm1, %ymm8, %ymm0
+        vpunpckhqdq	%ymm1, %ymm8, %ymm1
+        vpunpcklqdq	%ymm3, %ymm9, %ymm2
+        vpunpckhqdq	%ymm3, %ymm9, %ymm3
+        vpmulld	%ymm12, %ymm1, %ymm8
+        vmovshdup	%ymm1, %ymm9
+        vpmuldq	%ymm10, %ymm1, %ymm1
+        vpmuldq	%ymm10, %ymm9, %ymm9
+        vmovshdup	%ymm8, %ymm15
+        vpmuldq	%ymm14, %ymm8, %ymm8
+        vpmuldq	%ymm14, %ymm15, %ymm15
+        vpsubq	%ymm8, %ymm1, %ymm8
+        vpsubq	%ymm15, %ymm9, %ymm15
+        vmovshdup	%ymm8, %ymm8
+        vpblendd	$0xaa, %ymm15, %ymm8, %ymm8
+        vpsubd	%ymm8, %ymm0, %ymm1
+        vpaddd	%ymm8, %ymm0, %ymm0
+        vpmulld	%ymm13, %ymm3, %ymm8
+        vmovshdup	%ymm3, %ymm9
+        vpmuldq	%ymm11, %ymm3, %ymm3
+        vpmuldq	%ymm11, %ymm9, %ymm9
+        vmovshdup	%ymm8, %ymm15
+        vpmuldq	%ymm14, %ymm8, %ymm8
+        vpmuldq	%ymm14, %ymm15, %ymm15
+        vpsubq	%ymm8, %ymm3, %ymm8
+        vpsubq	%ymm15, %ymm9, %ymm15
+        vmovshdup	%ymm8, %ymm8
+        vpblendd	$0xaa, %ymm15, %ymm8, %ymm8
+        vpsubd	%ymm8, %ymm2, %ymm3
+        vpaddd	%ymm8, %ymm2, %ymm2
+        # 4: 3/4
+        vperm2i128	$32, %ymm5, %ymm4, %ymm8
+        vmovdqu	3328(%rdx), %ymm10
+        vperm2i128	$49, %ymm5, %ymm4, %ymm5
+        vmovdqu	3360(%rdx), %ymm12
+        vperm2i128	$32, %ymm7, %ymm6, %ymm9
+        vmovdqu	3392(%rdx), %ymm11
+        vperm2i128	$49, %ymm7, %ymm6, %ymm7
+        vmovdqu	3424(%rdx), %ymm13
+        vpmulld	%ymm12, %ymm5, %ymm4
+        vmovshdup	%ymm5, %ymm6
+        vpmuldq	%ymm10, %ymm5, %ymm5
+        vpmuldq	%ymm10, %ymm6, %ymm6
+        vmovshdup	%ymm4, %ymm15
+        vpmuldq	%ymm14, %ymm4, %ymm4
+        vpmuldq	%ymm14, %ymm15, %ymm15
+        vpsubq	%ymm4, %ymm5, %ymm4
+        vpsubq	%ymm15, %ymm6, %ymm15
+        vmovshdup	%ymm4, %ymm4
+        vpblendd	$0xaa, %ymm15, %ymm4, %ymm4
+        vpsubd	%ymm4, %ymm8, %ymm5
+        vpaddd	%ymm4, %ymm8, %ymm8
+        vpmulld	%ymm13, %ymm7, %ymm4
+        vmovshdup	%ymm7, %ymm6
+        vpmuldq	%ymm11, %ymm7, %ymm7
+        vpmuldq	%ymm11, %ymm6, %ymm6
+        vmovshdup	%ymm4, %ymm15
+        vpmuldq	%ymm14, %ymm4, %ymm4
+        vpmuldq	%ymm14, %ymm15, %ymm15
+        vpsubq	%ymm4, %ymm7, %ymm4
+        vpsubq	%ymm15, %ymm6, %ymm15
+        vmovshdup	%ymm4, %ymm4
+        vpblendd	$0xaa, %ymm15, %ymm4, %ymm4
+        vpsubd	%ymm4, %ymm9, %ymm7
+        vpaddd	%ymm4, %ymm9, %ymm9
+        # 2: 3/4
+        vmovdqu	3456(%rdx), %ymm10
+        vmovdqu	3488(%rdx), %ymm12
+        vmovdqu	3520(%rdx), %ymm11
+        vmovdqu	3552(%rdx), %ymm13
+        vpunpcklqdq	%ymm5, %ymm8, %ymm4
+        vpunpckhqdq	%ymm5, %ymm8, %ymm5
+        vpunpcklqdq	%ymm7, %ymm9, %ymm6
+        vpunpckhqdq	%ymm7, %ymm9, %ymm7
+        vpmulld	%ymm12, %ymm5, %ymm8
+        vmovshdup	%ymm5, %ymm9
+        vpmuldq	%ymm10, %ymm5, %ymm5
+        vpmuldq	%ymm10, %ymm9, %ymm9
+        vmovshdup	%ymm8, %ymm15
+        vpmuldq	%ymm14, %ymm8, %ymm8
+        vpmuldq	%ymm14, %ymm15, %ymm15
+        vpsubq	%ymm8, %ymm5, %ymm8
+        vpsubq	%ymm15, %ymm9, %ymm15
+        vmovshdup	%ymm8, %ymm8
+        vpblendd	$0xaa, %ymm15, %ymm8, %ymm8
+        vpsubd	%ymm8, %ymm4, %ymm5
+        vpaddd	%ymm8, %ymm4, %ymm4
+        vpmulld	%ymm13, %ymm7, %ymm8
+        vmovshdup	%ymm7, %ymm9
+        vpmuldq	%ymm11, %ymm7, %ymm7
+        vpmuldq	%ymm11, %ymm9, %ymm9
+        vmovshdup	%ymm8, %ymm15
+        vpmuldq	%ymm14, %ymm8, %ymm8
+        vpmuldq	%ymm14, %ymm15, %ymm15
+        vpsubq	%ymm8, %ymm7, %ymm8
+        vpsubq	%ymm15, %ymm9, %ymm15
+        vmovshdup	%ymm8, %ymm8
+        vpblendd	$0xaa, %ymm15, %ymm8, %ymm8
+        vpsubd	%ymm8, %ymm6, %ymm7
+        vpaddd	%ymm8, %ymm6, %ymm6
+        # 1: 3/4
+        vmovdqu	3584(%rdx), %ymm10
+        vmovdqu	3616(%rdx), %ymm12
+        vmovdqu	3648(%rdx), %ymm11
+        vmovdqu	3680(%rdx), %ymm13
+        vpsllq	$32, %ymm1, %ymm8
+        vpsrlq	$32, %ymm0, %ymm9
+        vpblendd	$0xaa, %ymm8, %ymm0, %ymm0
+        vpblendd	$0x55, %ymm9, %ymm1, %ymm1
+        vpsllq	$32, %ymm3, %ymm8
+        vpsrlq	$32, %ymm2, %ymm9
+        vpblendd	$0xaa, %ymm8, %ymm2, %ymm2
+        vpblendd	$0x55, %ymm9, %ymm3, %ymm3
+        vpmulld	%ymm12, %ymm1, %ymm8
+        vmovshdup	%ymm1, %ymm9
+        vpmuldq	%ymm10, %ymm1, %ymm1
+        vmovshdup	%ymm10, %ymm10
+        vpmuldq	%ymm10, %ymm9, %ymm9
+        vmovshdup	%ymm8, %ymm15
+        vpmuldq	%ymm14, %ymm8, %ymm8
+        vpmuldq	%ymm14, %ymm15, %ymm15
+        vpsubq	%ymm8, %ymm1, %ymm8
+        vpsubq	%ymm15, %ymm9, %ymm15
+        vmovshdup	%ymm8, %ymm8
+        vpblendd	$0xaa, %ymm15, %ymm8, %ymm8
+        vpsubd	%ymm8, %ymm0, %ymm1
+        vpaddd	%ymm8, %ymm0, %ymm0
+        vpmulld	%ymm13, %ymm3, %ymm8
+        vmovshdup	%ymm3, %ymm9
+        vpmuldq	%ymm11, %ymm3, %ymm3
+        vmovshdup	%ymm11, %ymm11
+        vpmuldq	%ymm11, %ymm9, %ymm9
+        vmovshdup	%ymm8, %ymm15
+        vpmuldq	%ymm14, %ymm8, %ymm8
+        vpmuldq	%ymm14, %ymm15, %ymm15
+        vpsubq	%ymm8, %ymm3, %ymm8
+        vpsubq	%ymm15, %ymm9, %ymm15
+        vmovshdup	%ymm8, %ymm8
+        vpblendd	$0xaa, %ymm15, %ymm8, %ymm8
+        vpsubd	%ymm8, %ymm2, %ymm3
+        vpaddd	%ymm8, %ymm2, %ymm2
+        # 1: 3/4
+        vmovdqu	3712(%rdx), %ymm10
+        vmovdqu	3744(%rdx), %ymm12
+        vmovdqu	3776(%rdx), %ymm11
+        vmovdqu	3808(%rdx), %ymm13
+        vpsllq	$32, %ymm5, %ymm8
+        vpsrlq	$32, %ymm4, %ymm9
+        vpblendd	$0xaa, %ymm8, %ymm4, %ymm4
+        vpblendd	$0x55, %ymm9, %ymm5, %ymm5
+        vpsllq	$32, %ymm7, %ymm8
+        vpsrlq	$32, %ymm6, %ymm9
+        vpblendd	$0xaa, %ymm8, %ymm6, %ymm6
+        vpblendd	$0x55, %ymm9, %ymm7, %ymm7
+        vpmulld	%ymm12, %ymm5, %ymm8
+        vmovshdup	%ymm5, %ymm9
+        vpmuldq	%ymm10, %ymm5, %ymm5
+        vmovshdup	%ymm10, %ymm10
+        vpmuldq	%ymm10, %ymm9, %ymm9
+        vmovshdup	%ymm8, %ymm15
+        vpmuldq	%ymm14, %ymm8, %ymm8
+        vpmuldq	%ymm14, %ymm15, %ymm15
+        vpsubq	%ymm8, %ymm5, %ymm8
+        vpsubq	%ymm15, %ymm9, %ymm15
+        vmovshdup	%ymm8, %ymm8
+        vpblendd	$0xaa, %ymm15, %ymm8, %ymm8
+        vpsubd	%ymm8, %ymm4, %ymm5
+        vpaddd	%ymm8, %ymm4, %ymm4
+        vpmulld	%ymm13, %ymm7, %ymm8
+        vmovshdup	%ymm7, %ymm9
+        vpmuldq	%ymm11, %ymm7, %ymm7
+        vmovshdup	%ymm11, %ymm11
+        vpmuldq	%ymm11, %ymm9, %ymm9
+        vmovshdup	%ymm8, %ymm15
+        vpmuldq	%ymm14, %ymm8, %ymm8
+        vpmuldq	%ymm14, %ymm15, %ymm15
+        vpsubq	%ymm8, %ymm7, %ymm8
+        vpsubq	%ymm15, %ymm9, %ymm15
+        vmovshdup	%ymm8, %ymm8
+        vpblendd	$0xaa, %ymm15, %ymm8, %ymm8
+        vpsubd	%ymm8, %ymm6, %ymm7
+        vpaddd	%ymm8, %ymm6, %ymm6
+        vmovdqu	%ymm0, 512(%rdi)
+        vmovdqu	%ymm1, 544(%rdi)
+        vmovdqu	%ymm2, 576(%rdi)
+        vmovdqu	%ymm3, 608(%rdi)
+        vmovdqu	%ymm4, 640(%rdi)
+        vmovdqu	%ymm5, 672(%rdi)
+        vmovdqu	%ymm6, 704(%rdi)
+        vmovdqu	%ymm7, 736(%rdi)
+        vmovdqu	768(%rdi), %ymm0
+        vmovdqu	800(%rdi), %ymm1
+        vmovdqu	832(%rdi), %ymm2
+        vmovdqu	864(%rdi), %ymm3
+        vmovdqu	896(%rdi), %ymm4
+        vmovdqu	928(%rdi), %ymm5
+        vmovdqu	960(%rdi), %ymm6
+        vmovdqu	992(%rdi), %ymm7
+        # 32: 4/4
+        vmovdqu	3840(%rdx), %ymm10
+        vmovdqu	3872(%rdx), %ymm12
+        vpmulld	%ymm12, %ymm4, %ymm8
+        vmovshdup	%ymm4, %ymm9
+        vpmuldq	%ymm10, %ymm4, %ymm4
+        vpmuldq	%ymm10, %ymm9, %ymm9
+        vmovshdup	%ymm8, %ymm15
+        vpmuldq	%ymm14, %ymm8, %ymm8
+        vpmuldq	%ymm14, %ymm15, %ymm15
+        vpsubq	%ymm8, %ymm4, %ymm8
+        vpsubq	%ymm15, %ymm9, %ymm15
+        vmovshdup	%ymm8, %ymm8
+        vpblendd	$0xaa, %ymm15, %ymm8, %ymm8
+        vpsubd	%ymm8, %ymm0, %ymm4
+        vpaddd	%ymm8, %ymm0, %ymm0
+        vpmulld	%ymm12, %ymm5, %ymm8
+        vmovshdup	%ymm5, %ymm9
+        vpmuldq	%ymm10, %ymm5, %ymm5
+        vpmuldq	%ymm10, %ymm9, %ymm9
+        vmovshdup	%ymm8, %ymm15
+        vpmuldq	%ymm14, %ymm8, %ymm8
+        vpmuldq	%ymm14, %ymm15, %ymm15
+        vpsubq	%ymm8, %ymm5, %ymm8
+        vpsubq	%ymm15, %ymm9, %ymm15
+        vmovshdup	%ymm8, %ymm8
+        vpblendd	$0xaa, %ymm15, %ymm8, %ymm8
+        vpsubd	%ymm8, %ymm1, %ymm5
+        vpaddd	%ymm8, %ymm1, %ymm1
+        vpmulld	%ymm12, %ymm6, %ymm8
+        vmovshdup	%ymm6, %ymm9
+        vpmuldq	%ymm10, %ymm6, %ymm6
+        vpmuldq	%ymm10, %ymm9, %ymm9
+        vmovshdup	%ymm8, %ymm15
+        vpmuldq	%ymm14, %ymm8, %ymm8
+        vpmuldq	%ymm14, %ymm15, %ymm15
+        vpsubq	%ymm8, %ymm6, %ymm8
+        vpsubq	%ymm15, %ymm9, %ymm15
+        vmovshdup	%ymm8, %ymm8
+        vpblendd	$0xaa, %ymm15, %ymm8, %ymm8
+        vpsubd	%ymm8, %ymm2, %ymm6
+        vpaddd	%ymm8, %ymm2, %ymm2
+        vpmulld	%ymm12, %ymm7, %ymm8
+        vmovshdup	%ymm7, %ymm9
+        vpmuldq	%ymm10, %ymm7, %ymm7
+        vpmuldq	%ymm10, %ymm9, %ymm9
+        vmovshdup	%ymm8, %ymm15
+        vpmuldq	%ymm14, %ymm8, %ymm8
+        vpmuldq	%ymm14, %ymm15, %ymm15
+        vpsubq	%ymm8, %ymm7, %ymm8
+        vpsubq	%ymm15, %ymm9, %ymm15
+        vmovshdup	%ymm8, %ymm8
+        vpblendd	$0xaa, %ymm15, %ymm8, %ymm8
+        vpsubd	%ymm8, %ymm3, %ymm7
+        vpaddd	%ymm8, %ymm3, %ymm3
+        # 16: 4/4
+        vmovdqu	3904(%rdx), %ymm10
+        vmovdqu	3936(%rdx), %ymm12
+        vmovdqu	3968(%rdx), %ymm11
+        vmovdqu	4000(%rdx), %ymm13
+        vpmulld	%ymm12, %ymm2, %ymm8
+        vmovshdup	%ymm2, %ymm9
+        vpmuldq	%ymm10, %ymm2, %ymm2
+        vpmuldq	%ymm10, %ymm9, %ymm9
+        vmovshdup	%ymm8, %ymm15
+        vpmuldq	%ymm14, %ymm8, %ymm8
+        vpmuldq	%ymm14, %ymm15, %ymm15
+        vpsubq	%ymm8, %ymm2, %ymm8
+        vpsubq	%ymm15, %ymm9, %ymm15
+        vmovshdup	%ymm8, %ymm8
+        vpblendd	$0xaa, %ymm15, %ymm8, %ymm8
+        vpsubd	%ymm8, %ymm0, %ymm2
+        vpaddd	%ymm8, %ymm0, %ymm0
+        vpmulld	%ymm12, %ymm3, %ymm8
+        vmovshdup	%ymm3, %ymm9
+        vpmuldq	%ymm10, %ymm3, %ymm3
+        vpmuldq	%ymm10, %ymm9, %ymm9
+        vmovshdup	%ymm8, %ymm15
+        vpmuldq	%ymm14, %ymm8, %ymm8
+        vpmuldq	%ymm14, %ymm15, %ymm15
+        vpsubq	%ymm8, %ymm3, %ymm8
+        vpsubq	%ymm15, %ymm9, %ymm15
+        vmovshdup	%ymm8, %ymm8
+        vpblendd	$0xaa, %ymm15, %ymm8, %ymm8
+        vpsubd	%ymm8, %ymm1, %ymm3
+        vpaddd	%ymm8, %ymm1, %ymm1
+        vpmulld	%ymm13, %ymm6, %ymm8
+        vmovshdup	%ymm6, %ymm9
+        vpmuldq	%ymm11, %ymm6, %ymm6
+        vpmuldq	%ymm11, %ymm9, %ymm9
+        vmovshdup	%ymm8, %ymm15
+        vpmuldq	%ymm14, %ymm8, %ymm8
+        vpmuldq	%ymm14, %ymm15, %ymm15
+        vpsubq	%ymm8, %ymm6, %ymm8
+        vpsubq	%ymm15, %ymm9, %ymm15
+        vmovshdup	%ymm8, %ymm8
+        vpblendd	$0xaa, %ymm15, %ymm8, %ymm8
+        vpsubd	%ymm8, %ymm4, %ymm6
+        vpaddd	%ymm8, %ymm4, %ymm4
+        vpmulld	%ymm13, %ymm7, %ymm8
+        vmovshdup	%ymm7, %ymm9
+        vpmuldq	%ymm11, %ymm7, %ymm7
+        vpmuldq	%ymm11, %ymm9, %ymm9
+        vmovshdup	%ymm8, %ymm15
+        vpmuldq	%ymm14, %ymm8, %ymm8
+        vpmuldq	%ymm14, %ymm15, %ymm15
+        vpsubq	%ymm8, %ymm7, %ymm8
+        vpsubq	%ymm15, %ymm9, %ymm15
+        vmovshdup	%ymm8, %ymm8
+        vpblendd	$0xaa, %ymm15, %ymm8, %ymm8
+        vpsubd	%ymm8, %ymm5, %ymm7
+        vpaddd	%ymm8, %ymm5, %ymm5
+        # 8: 4/4
+        vmovdqu	4032(%rdx), %ymm10
+        vmovdqu	4064(%rdx), %ymm12
+        vmovdqu	4096(%rdx), %ymm11
+        vmovdqu	4128(%rdx), %ymm13
+        vpmulld	%ymm12, %ymm1, %ymm8
+        vmovshdup	%ymm1, %ymm9
+        vpmuldq	%ymm10, %ymm1, %ymm1
+        vpmuldq	%ymm10, %ymm9, %ymm9
+        vmovshdup	%ymm8, %ymm15
+        vpmuldq	%ymm14, %ymm8, %ymm8
+        vpmuldq	%ymm14, %ymm15, %ymm15
+        vpsubq	%ymm8, %ymm1, %ymm8
+        vpsubq	%ymm15, %ymm9, %ymm15
+        vmovshdup	%ymm8, %ymm8
+        vpblendd	$0xaa, %ymm15, %ymm8, %ymm8
+        vpsubd	%ymm8, %ymm0, %ymm1
+        vpaddd	%ymm8, %ymm0, %ymm0
+        vpmulld	%ymm13, %ymm3, %ymm8
+        vmovshdup	%ymm3, %ymm9
+        vpmuldq	%ymm11, %ymm3, %ymm3
+        vpmuldq	%ymm11, %ymm9, %ymm9
+        vmovshdup	%ymm8, %ymm15
+        vpmuldq	%ymm14, %ymm8, %ymm8
+        vpmuldq	%ymm14, %ymm15, %ymm15
+        vpsubq	%ymm8, %ymm3, %ymm8
+        vpsubq	%ymm15, %ymm9, %ymm15
+        vmovshdup	%ymm8, %ymm8
+        vpblendd	$0xaa, %ymm15, %ymm8, %ymm8
+        vpsubd	%ymm8, %ymm2, %ymm3
+        vpaddd	%ymm8, %ymm2, %ymm2
+        vmovdqu	4160(%rdx), %ymm10
+        vmovdqu	4192(%rdx), %ymm12
+        vmovdqu	4224(%rdx), %ymm11
+        vmovdqu	4256(%rdx), %ymm13
+        vpmulld	%ymm12, %ymm5, %ymm8
+        vmovshdup	%ymm5, %ymm9
+        vpmuldq	%ymm10, %ymm5, %ymm5
+        vpmuldq	%ymm10, %ymm9, %ymm9
+        vmovshdup	%ymm8, %ymm15
+        vpmuldq	%ymm14, %ymm8, %ymm8
+        vpmuldq	%ymm14, %ymm15, %ymm15
+        vpsubq	%ymm8, %ymm5, %ymm8
+        vpsubq	%ymm15, %ymm9, %ymm15
+        vmovshdup	%ymm8, %ymm8
+        vpblendd	$0xaa, %ymm15, %ymm8, %ymm8
+        vpsubd	%ymm8, %ymm4, %ymm5
+        vpaddd	%ymm8, %ymm4, %ymm4
+        vpmulld	%ymm13, %ymm7, %ymm8
+        vmovshdup	%ymm7, %ymm9
+        vpmuldq	%ymm11, %ymm7, %ymm7
+        vpmuldq	%ymm11, %ymm9, %ymm9
+        vmovshdup	%ymm8, %ymm15
+        vpmuldq	%ymm14, %ymm8, %ymm8
+        vpmuldq	%ymm14, %ymm15, %ymm15
+        vpsubq	%ymm8, %ymm7, %ymm8
+        vpsubq	%ymm15, %ymm9, %ymm15
+        vmovshdup	%ymm8, %ymm8
+        vpblendd	$0xaa, %ymm15, %ymm8, %ymm8
+        vpsubd	%ymm8, %ymm6, %ymm7
+        vpaddd	%ymm8, %ymm6, %ymm6
+        # 4: 4/4
+        vperm2i128	$32, %ymm1, %ymm0, %ymm8
+        vmovdqu	4288(%rdx), %ymm10
+        vperm2i128	$49, %ymm1, %ymm0, %ymm1
+        vmovdqu	4320(%rdx), %ymm12
+        vperm2i128	$32, %ymm3, %ymm2, %ymm9
+        vmovdqu	4352(%rdx), %ymm11
+        vperm2i128	$49, %ymm3, %ymm2, %ymm3
+        vmovdqu	4384(%rdx), %ymm13
+        vpmulld	%ymm12, %ymm1, %ymm0
+        vmovshdup	%ymm1, %ymm2
+        vpmuldq	%ymm10, %ymm1, %ymm1
+        vpmuldq	%ymm10, %ymm2, %ymm2
+        vmovshdup	%ymm0, %ymm15
+        vpmuldq	%ymm14, %ymm0, %ymm0
+        vpmuldq	%ymm14, %ymm15, %ymm15
+        vpsubq	%ymm0, %ymm1, %ymm0
+        vpsubq	%ymm15, %ymm2, %ymm15
+        vmovshdup	%ymm0, %ymm0
+        vpblendd	$0xaa, %ymm15, %ymm0, %ymm0
+        vpsubd	%ymm0, %ymm8, %ymm1
+        vpaddd	%ymm0, %ymm8, %ymm8
+        vpmulld	%ymm13, %ymm3, %ymm0
+        vmovshdup	%ymm3, %ymm2
+        vpmuldq	%ymm11, %ymm3, %ymm3
+        vpmuldq	%ymm11, %ymm2, %ymm2
+        vmovshdup	%ymm0, %ymm15
+        vpmuldq	%ymm14, %ymm0, %ymm0
+        vpmuldq	%ymm14, %ymm15, %ymm15
+        vpsubq	%ymm0, %ymm3, %ymm0
+        vpsubq	%ymm15, %ymm2, %ymm15
+        vmovshdup	%ymm0, %ymm0
+        vpblendd	$0xaa, %ymm15, %ymm0, %ymm0
+        vpsubd	%ymm0, %ymm9, %ymm3
+        vpaddd	%ymm0, %ymm9, %ymm9
+        # 2: 4/4
+        vmovdqu	4416(%rdx), %ymm10
+        vmovdqu	4448(%rdx), %ymm12
+        vmovdqu	4480(%rdx), %ymm11
+        vmovdqu	4512(%rdx), %ymm13
+        vpunpcklqdq	%ymm1, %ymm8, %ymm0
+        vpunpckhqdq	%ymm1, %ymm8, %ymm1
+        vpunpcklqdq	%ymm3, %ymm9, %ymm2
+        vpunpckhqdq	%ymm3, %ymm9, %ymm3
+        vpmulld	%ymm12, %ymm1, %ymm8
+        vmovshdup	%ymm1, %ymm9
+        vpmuldq	%ymm10, %ymm1, %ymm1
+        vpmuldq	%ymm10, %ymm9, %ymm9
+        vmovshdup	%ymm8, %ymm15
+        vpmuldq	%ymm14, %ymm8, %ymm8
+        vpmuldq	%ymm14, %ymm15, %ymm15
+        vpsubq	%ymm8, %ymm1, %ymm8
+        vpsubq	%ymm15, %ymm9, %ymm15
+        vmovshdup	%ymm8, %ymm8
+        vpblendd	$0xaa, %ymm15, %ymm8, %ymm8
+        vpsubd	%ymm8, %ymm0, %ymm1
+        vpaddd	%ymm8, %ymm0, %ymm0
+        vpmulld	%ymm13, %ymm3, %ymm8
+        vmovshdup	%ymm3, %ymm9
+        vpmuldq	%ymm11, %ymm3, %ymm3
+        vpmuldq	%ymm11, %ymm9, %ymm9
+        vmovshdup	%ymm8, %ymm15
+        vpmuldq	%ymm14, %ymm8, %ymm8
+        vpmuldq	%ymm14, %ymm15, %ymm15
+        vpsubq	%ymm8, %ymm3, %ymm8
+        vpsubq	%ymm15, %ymm9, %ymm15
+        vmovshdup	%ymm8, %ymm8
+        vpblendd	$0xaa, %ymm15, %ymm8, %ymm8
+        vpsubd	%ymm8, %ymm2, %ymm3
+        vpaddd	%ymm8, %ymm2, %ymm2
+        # 4: 4/4
+        vperm2i128	$32, %ymm5, %ymm4, %ymm8
+        vmovdqu	4544(%rdx), %ymm10
+        vperm2i128	$49, %ymm5, %ymm4, %ymm5
+        vmovdqu	4576(%rdx), %ymm12
+        vperm2i128	$32, %ymm7, %ymm6, %ymm9
+        vmovdqu	4608(%rdx), %ymm11
+        vperm2i128	$49, %ymm7, %ymm6, %ymm7
+        vmovdqu	4640(%rdx), %ymm13
+        vpmulld	%ymm12, %ymm5, %ymm4
+        vmovshdup	%ymm5, %ymm6
+        vpmuldq	%ymm10, %ymm5, %ymm5
+        vpmuldq	%ymm10, %ymm6, %ymm6
+        vmovshdup	%ymm4, %ymm15
+        vpmuldq	%ymm14, %ymm4, %ymm4
+        vpmuldq	%ymm14, %ymm15, %ymm15
+        vpsubq	%ymm4, %ymm5, %ymm4
+        vpsubq	%ymm15, %ymm6, %ymm15
+        vmovshdup	%ymm4, %ymm4
+        vpblendd	$0xaa, %ymm15, %ymm4, %ymm4
+        vpsubd	%ymm4, %ymm8, %ymm5
+        vpaddd	%ymm4, %ymm8, %ymm8
+        vpmulld	%ymm13, %ymm7, %ymm4
+        vmovshdup	%ymm7, %ymm6
+        vpmuldq	%ymm11, %ymm7, %ymm7
+        vpmuldq	%ymm11, %ymm6, %ymm6
+        vmovshdup	%ymm4, %ymm15
+        vpmuldq	%ymm14, %ymm4, %ymm4
+        vpmuldq	%ymm14, %ymm15, %ymm15
+        vpsubq	%ymm4, %ymm7, %ymm4
+        vpsubq	%ymm15, %ymm6, %ymm15
+        vmovshdup	%ymm4, %ymm4
+        vpblendd	$0xaa, %ymm15, %ymm4, %ymm4
+        vpsubd	%ymm4, %ymm9, %ymm7
+        vpaddd	%ymm4, %ymm9, %ymm9
+        # 2: 4/4
+        vmovdqu	4672(%rdx), %ymm10
+        vmovdqu	4704(%rdx), %ymm12
+        vmovdqu	4736(%rdx), %ymm11
+        vmovdqu	4768(%rdx), %ymm13
+        vpunpcklqdq	%ymm5, %ymm8, %ymm4
+        vpunpckhqdq	%ymm5, %ymm8, %ymm5
+        vpunpcklqdq	%ymm7, %ymm9, %ymm6
+        vpunpckhqdq	%ymm7, %ymm9, %ymm7
+        vpmulld	%ymm12, %ymm5, %ymm8
+        vmovshdup	%ymm5, %ymm9
+        vpmuldq	%ymm10, %ymm5, %ymm5
+        vpmuldq	%ymm10, %ymm9, %ymm9
+        vmovshdup	%ymm8, %ymm15
+        vpmuldq	%ymm14, %ymm8, %ymm8
+        vpmuldq	%ymm14, %ymm15, %ymm15
+        vpsubq	%ymm8, %ymm5, %ymm8
+        vpsubq	%ymm15, %ymm9, %ymm15
+        vmovshdup	%ymm8, %ymm8
+        vpblendd	$0xaa, %ymm15, %ymm8, %ymm8
+        vpsubd	%ymm8, %ymm4, %ymm5
+        vpaddd	%ymm8, %ymm4, %ymm4
+        vpmulld	%ymm13, %ymm7, %ymm8
+        vmovshdup	%ymm7, %ymm9
+        vpmuldq	%ymm11, %ymm7, %ymm7
+        vpmuldq	%ymm11, %ymm9, %ymm9
+        vmovshdup	%ymm8, %ymm15
+        vpmuldq	%ymm14, %ymm8, %ymm8
+        vpmuldq	%ymm14, %ymm15, %ymm15
+        vpsubq	%ymm8, %ymm7, %ymm8
+        vpsubq	%ymm15, %ymm9, %ymm15
+        vmovshdup	%ymm8, %ymm8
+        vpblendd	$0xaa, %ymm15, %ymm8, %ymm8
+        vpsubd	%ymm8, %ymm6, %ymm7
+        vpaddd	%ymm8, %ymm6, %ymm6
+        # 1: 4/4
+        vmovdqu	4800(%rdx), %ymm10
+        vmovdqu	4832(%rdx), %ymm12
+        vmovdqu	4864(%rdx), %ymm11
+        vmovdqu	4896(%rdx), %ymm13
+        vpsllq	$32, %ymm1, %ymm8
+        vpsrlq	$32, %ymm0, %ymm9
+        vpblendd	$0xaa, %ymm8, %ymm0, %ymm0
+        vpblendd	$0x55, %ymm9, %ymm1, %ymm1
+        vpsllq	$32, %ymm3, %ymm8
+        vpsrlq	$32, %ymm2, %ymm9
+        vpblendd	$0xaa, %ymm8, %ymm2, %ymm2
+        vpblendd	$0x55, %ymm9, %ymm3, %ymm3
+        vpmulld	%ymm12, %ymm1, %ymm8
+        vmovshdup	%ymm1, %ymm9
+        vpmuldq	%ymm10, %ymm1, %ymm1
+        vmovshdup	%ymm10, %ymm10
+        vpmuldq	%ymm10, %ymm9, %ymm9
+        vmovshdup	%ymm8, %ymm15
+        vpmuldq	%ymm14, %ymm8, %ymm8
+        vpmuldq	%ymm14, %ymm15, %ymm15
+        vpsubq	%ymm8, %ymm1, %ymm8
+        vpsubq	%ymm15, %ymm9, %ymm15
+        vmovshdup	%ymm8, %ymm8
+        vpblendd	$0xaa, %ymm15, %ymm8, %ymm8
+        vpsubd	%ymm8, %ymm0, %ymm1
+        vpaddd	%ymm8, %ymm0, %ymm0
+        vpmulld	%ymm13, %ymm3, %ymm8
+        vmovshdup	%ymm3, %ymm9
+        vpmuldq	%ymm11, %ymm3, %ymm3
+        vmovshdup	%ymm11, %ymm11
+        vpmuldq	%ymm11, %ymm9, %ymm9
+        vmovshdup	%ymm8, %ymm15
+        vpmuldq	%ymm14, %ymm8, %ymm8
+        vpmuldq	%ymm14, %ymm15, %ymm15
+        vpsubq	%ymm8, %ymm3, %ymm8
+        vpsubq	%ymm15, %ymm9, %ymm15
+        vmovshdup	%ymm8, %ymm8
+        vpblendd	$0xaa, %ymm15, %ymm8, %ymm8
+        vpsubd	%ymm8, %ymm2, %ymm3
+        vpaddd	%ymm8, %ymm2, %ymm2
+        # 1: 4/4
+        vmovdqu	4928(%rdx), %ymm10
+        vmovdqu	4960(%rdx), %ymm12
+        vmovdqu	4992(%rdx), %ymm11
+        vmovdqu	5024(%rdx), %ymm13
+        vpsllq	$32, %ymm5, %ymm8
+        vpsrlq	$32, %ymm4, %ymm9
+        vpblendd	$0xaa, %ymm8, %ymm4, %ymm4
+        vpblendd	$0x55, %ymm9, %ymm5, %ymm5
+        vpsllq	$32, %ymm7, %ymm8
+        vpsrlq	$32, %ymm6, %ymm9
+        vpblendd	$0xaa, %ymm8, %ymm6, %ymm6
+        vpblendd	$0x55, %ymm9, %ymm7, %ymm7
+        vpmulld	%ymm12, %ymm5, %ymm8
+        vmovshdup	%ymm5, %ymm9
+        vpmuldq	%ymm10, %ymm5, %ymm5
+        vmovshdup	%ymm10, %ymm10
+        vpmuldq	%ymm10, %ymm9, %ymm9
+        vmovshdup	%ymm8, %ymm15
+        vpmuldq	%ymm14, %ymm8, %ymm8
+        vpmuldq	%ymm14, %ymm15, %ymm15
+        vpsubq	%ymm8, %ymm5, %ymm8
+        vpsubq	%ymm15, %ymm9, %ymm15
+        vmovshdup	%ymm8, %ymm8
+        vpblendd	$0xaa, %ymm15, %ymm8, %ymm8
+        vpsubd	%ymm8, %ymm4, %ymm5
+        vpaddd	%ymm8, %ymm4, %ymm4
+        vpmulld	%ymm13, %ymm7, %ymm8
+        vmovshdup	%ymm7, %ymm9
+        vpmuldq	%ymm11, %ymm7, %ymm7
+        vmovshdup	%ymm11, %ymm11
+        vpmuldq	%ymm11, %ymm9, %ymm9
+        vmovshdup	%ymm8, %ymm15
+        vpmuldq	%ymm14, %ymm8, %ymm8
+        vpmuldq	%ymm14, %ymm15, %ymm15
+        vpsubq	%ymm8, %ymm7, %ymm8
+        vpsubq	%ymm15, %ymm9, %ymm15
+        vmovshdup	%ymm8, %ymm8
+        vpblendd	$0xaa, %ymm15, %ymm8, %ymm8
+        vpsubd	%ymm8, %ymm6, %ymm7
+        vpaddd	%ymm8, %ymm6, %ymm6
+        vmovdqu	%ymm0, 768(%rdi)
+        vmovdqu	%ymm1, 800(%rdi)
+        vmovdqu	%ymm2, 832(%rdi)
+        vmovdqu	%ymm3, 864(%rdi)
+        vmovdqu	%ymm4, 896(%rdi)
+        vmovdqu	%ymm5, 928(%rdi)
+        vmovdqu	%ymm6, 960(%rdi)
+        vmovdqu	%ymm7, 992(%rdi)
+        vzeroupper
+        repz retq
+#ifndef __APPLE__
+.size	wc_mldsa_ntt_avx2,.-wc_mldsa_ntt_avx2
+#endif /* __APPLE__ */
+#ifndef __APPLE__
+.text
+.globl	wc_mldsa_ntt_full_avx2
+.type	wc_mldsa_ntt_full_avx2,@function
+.align	16
+wc_mldsa_ntt_full_avx2:
+#else
+.section	__TEXT,__text
+.globl	_wc_mldsa_ntt_full_avx2
+.p2align	4
+_wc_mldsa_ntt_full_avx2:
+#endif /* __APPLE__ */
+        vpxor	%ymm14, %ymm14, %ymm14
+        vmovdqu	mldsa_q(%rip), %ymm14
+        # ntt
+        leaq	L_mldsa_avx2_zetas(%rip), %rdx
+        vmovdqu	64(%rdx), %ymm11
+        vmovdqu	96(%rdx), %ymm13
+        # 128: 4/4
+        vmovdqu	(%rdx), %ymm10
+        vmovdqu	32(%rdx), %ymm12
+        vmovdqu	96(%rdi), %ymm0
+        vmovdqu	224(%rdi), %ymm1
+        vmovdqu	352(%rdi), %ymm2
+        vmovdqu	480(%rdi), %ymm3
+        vmovdqu	608(%rdi), %ymm4
+        vmovdqu	736(%rdi), %ymm5
+        vmovdqu	864(%rdi), %ymm6
+        vmovdqu	992(%rdi), %ymm7
+        vpmulld	%ymm12, %ymm4, %ymm8
+        vmovshdup	%ymm4, %ymm9
+        vpmuldq	%ymm10, %ymm4, %ymm4
+        vpmuldq	%ymm10, %ymm9, %ymm9
+        vmovshdup	%ymm8, %ymm15
+        vpmuldq	%ymm14, %ymm8, %ymm8
+        vpmuldq	%ymm14, %ymm15, %ymm15
+        vpsubq	%ymm8, %ymm4, %ymm8
+        vpsubq	%ymm15, %ymm9, %ymm15
+        vmovshdup	%ymm8, %ymm8
+        vpblendd	$0xaa, %ymm15, %ymm8, %ymm8
+        vpsubd	%ymm8, %ymm0, %ymm4
+        vpaddd	%ymm8, %ymm0, %ymm0
+        vpmulld	%ymm12, %ymm5, %ymm8
+        vmovshdup	%ymm5, %ymm9
+        vpmuldq	%ymm10, %ymm5, %ymm5
+        vpmuldq	%ymm10, %ymm9, %ymm9
+        vmovshdup	%ymm8, %ymm15
+        vpmuldq	%ymm14, %ymm8, %ymm8
+        vpmuldq	%ymm14, %ymm15, %ymm15
+        vpsubq	%ymm8, %ymm5, %ymm8
+        vpsubq	%ymm15, %ymm9, %ymm15
+        vmovshdup	%ymm8, %ymm8
+        vpblendd	$0xaa, %ymm15, %ymm8, %ymm8
+        vpsubd	%ymm8, %ymm1, %ymm5
+        vpaddd	%ymm8, %ymm1, %ymm1
+        vpmulld	%ymm12, %ymm6, %ymm8
+        vmovshdup	%ymm6, %ymm9
+        vpmuldq	%ymm10, %ymm6, %ymm6
+        vpmuldq	%ymm10, %ymm9, %ymm9
+        vmovshdup	%ymm8, %ymm15
+        vpmuldq	%ymm14, %ymm8, %ymm8
+        vpmuldq	%ymm14, %ymm15, %ymm15
+        vpsubq	%ymm8, %ymm6, %ymm8
+        vpsubq	%ymm15, %ymm9, %ymm15
+        vmovshdup	%ymm8, %ymm8
+        vpblendd	$0xaa, %ymm15, %ymm8, %ymm8
+        vpsubd	%ymm8, %ymm2, %ymm6
+        vpaddd	%ymm8, %ymm2, %ymm2
+        vpmulld	%ymm12, %ymm7, %ymm8
+        vmovshdup	%ymm7, %ymm9
+        vpmuldq	%ymm10, %ymm7, %ymm7
+        vpmuldq	%ymm10, %ymm9, %ymm9
+        vmovshdup	%ymm8, %ymm15
+        vpmuldq	%ymm14, %ymm8, %ymm8
+        vpmuldq	%ymm14, %ymm15, %ymm15
+        vpsubq	%ymm8, %ymm7, %ymm8
+        vpsubq	%ymm15, %ymm9, %ymm15
+        vmovshdup	%ymm8, %ymm8
+        vpblendd	$0xaa, %ymm15, %ymm8, %ymm8
+        vpsubd	%ymm8, %ymm3, %ymm7
+        vpaddd	%ymm8, %ymm3, %ymm3
+        # 64: 4/4
+        vmovdqu	128(%rdx), %ymm10
+        vmovdqu	160(%rdx), %ymm12
+        vpmulld	%ymm13, %ymm2, %ymm8
+        vmovshdup	%ymm2, %ymm9
+        vpmuldq	%ymm11, %ymm2, %ymm2
+        vpmuldq	%ymm11, %ymm9, %ymm9
+        vmovshdup	%ymm8, %ymm15
+        vpmuldq	%ymm14, %ymm8, %ymm8
+        vpmuldq	%ymm14, %ymm15, %ymm15
+        vpsubq	%ymm8, %ymm2, %ymm8
+        vpsubq	%ymm15, %ymm9, %ymm15
+        vmovshdup	%ymm8, %ymm8
+        vpblendd	$0xaa, %ymm15, %ymm8, %ymm8
+        vpsubd	%ymm8, %ymm0, %ymm2
+        vpaddd	%ymm8, %ymm0, %ymm0
+        vpmulld	%ymm13, %ymm3, %ymm8
+        vmovshdup	%ymm3, %ymm9
+        vpmuldq	%ymm11, %ymm3, %ymm3
+        vpmuldq	%ymm11, %ymm9, %ymm9
+        vmovshdup	%ymm8, %ymm15
+        vpmuldq	%ymm14, %ymm8, %ymm8
+        vpmuldq	%ymm14, %ymm15, %ymm15
+        vpsubq	%ymm8, %ymm3, %ymm8
+        vpsubq	%ymm15, %ymm9, %ymm15
+        vmovshdup	%ymm8, %ymm8
+        vpblendd	$0xaa, %ymm15, %ymm8, %ymm8
+        vpsubd	%ymm8, %ymm1, %ymm3
+        vpaddd	%ymm8, %ymm1, %ymm1
+        vpmulld	%ymm12, %ymm6, %ymm8
+        vmovshdup	%ymm6, %ymm9
+        vpmuldq	%ymm10, %ymm6, %ymm6
+        vpmuldq	%ymm10, %ymm9, %ymm9
+        vmovshdup	%ymm8, %ymm15
+        vpmuldq	%ymm14, %ymm8, %ymm8
+        vpmuldq	%ymm14, %ymm15, %ymm15
+        vpsubq	%ymm8, %ymm6, %ymm8
+        vpsubq	%ymm15, %ymm9, %ymm15
+        vmovshdup	%ymm8, %ymm8
+        vpblendd	$0xaa, %ymm15, %ymm8, %ymm8
+        vpsubd	%ymm8, %ymm4, %ymm6
+        vpaddd	%ymm8, %ymm4, %ymm4
+        vpmulld	%ymm12, %ymm7, %ymm8
+        vmovshdup	%ymm7, %ymm9
+        vpmuldq	%ymm10, %ymm7, %ymm7
+        vpmuldq	%ymm10, %ymm9, %ymm9
+        vmovshdup	%ymm8, %ymm15
+        vpmuldq	%ymm14, %ymm8, %ymm8
+        vpmuldq	%ymm14, %ymm15, %ymm15
+        vpsubq	%ymm8, %ymm7, %ymm8
+        vpsubq	%ymm15, %ymm9, %ymm15
+        vmovshdup	%ymm8, %ymm8
+        vpblendd	$0xaa, %ymm15, %ymm8, %ymm8
+        vpsubd	%ymm8, %ymm5, %ymm7
+        vpaddd	%ymm8, %ymm5, %ymm5
+        vmovdqu	%ymm0, 96(%rdi)
+        vmovdqu	%ymm1, 224(%rdi)
+        vmovdqu	%ymm2, 352(%rdi)
+        vmovdqu	%ymm3, 480(%rdi)
+        vmovdqu	%ymm4, 608(%rdi)
+        vmovdqu	%ymm5, 736(%rdi)
+        vmovdqu	%ymm6, 864(%rdi)
+        vmovdqu	%ymm7, 992(%rdi)
+        # 128: 3/4
+        vmovdqu	(%rdx), %ymm10
+        vmovdqu	32(%rdx), %ymm12
+        vmovdqu	64(%rdi), %ymm0
+        vmovdqu	192(%rdi), %ymm1
+        vmovdqu	320(%rdi), %ymm2
+        vmovdqu	448(%rdi), %ymm3
+        vmovdqu	576(%rdi), %ymm4
+        vmovdqu	704(%rdi), %ymm5
+        vmovdqu	832(%rdi), %ymm6
+        vmovdqu	960(%rdi), %ymm7
+        vpmulld	%ymm12, %ymm4, %ymm8
+        vmovshdup	%ymm4, %ymm9
+        vpmuldq	%ymm10, %ymm4, %ymm4
+        vpmuldq	%ymm10, %ymm9, %ymm9
+        vmovshdup	%ymm8, %ymm15
+        vpmuldq	%ymm14, %ymm8, %ymm8
+        vpmuldq	%ymm14, %ymm15, %ymm15
+        vpsubq	%ymm8, %ymm4, %ymm8
+        vpsubq	%ymm15, %ymm9, %ymm15
+        vmovshdup	%ymm8, %ymm8
+        vpblendd	$0xaa, %ymm15, %ymm8, %ymm8
+        vpsubd	%ymm8, %ymm0, %ymm4
+        vpaddd	%ymm8, %ymm0, %ymm0
+        vpmulld	%ymm12, %ymm5, %ymm8
+        vmovshdup	%ymm5, %ymm9
+        vpmuldq	%ymm10, %ymm5, %ymm5
+        vpmuldq	%ymm10, %ymm9, %ymm9
+        vmovshdup	%ymm8, %ymm15
+        vpmuldq	%ymm14, %ymm8, %ymm8
+        vpmuldq	%ymm14, %ymm15, %ymm15
+        vpsubq	%ymm8, %ymm5, %ymm8
+        vpsubq	%ymm15, %ymm9, %ymm15
+        vmovshdup	%ymm8, %ymm8
+        vpblendd	$0xaa, %ymm15, %ymm8, %ymm8
+        vpsubd	%ymm8, %ymm1, %ymm5
+        vpaddd	%ymm8, %ymm1, %ymm1
+        vpmulld	%ymm12, %ymm6, %ymm8
+        vmovshdup	%ymm6, %ymm9
+        vpmuldq	%ymm10, %ymm6, %ymm6
+        vpmuldq	%ymm10, %ymm9, %ymm9
+        vmovshdup	%ymm8, %ymm15
+        vpmuldq	%ymm14, %ymm8, %ymm8
+        vpmuldq	%ymm14, %ymm15, %ymm15
+        vpsubq	%ymm8, %ymm6, %ymm8
+        vpsubq	%ymm15, %ymm9, %ymm15
+        vmovshdup	%ymm8, %ymm8
+        vpblendd	$0xaa, %ymm15, %ymm8, %ymm8
+        vpsubd	%ymm8, %ymm2, %ymm6
+        vpaddd	%ymm8, %ymm2, %ymm2
+        vpmulld	%ymm12, %ymm7, %ymm8
+        vmovshdup	%ymm7, %ymm9
+        vpmuldq	%ymm10, %ymm7, %ymm7
+        vpmuldq	%ymm10, %ymm9, %ymm9
+        vmovshdup	%ymm8, %ymm15
+        vpmuldq	%ymm14, %ymm8, %ymm8
+        vpmuldq	%ymm14, %ymm15, %ymm15
+        vpsubq	%ymm8, %ymm7, %ymm8
+        vpsubq	%ymm15, %ymm9, %ymm15
+        vmovshdup	%ymm8, %ymm8
+        vpblendd	$0xaa, %ymm15, %ymm8, %ymm8
+        vpsubd	%ymm8, %ymm3, %ymm7
+        vpaddd	%ymm8, %ymm3, %ymm3
+        # 64: 3/4
+        vmovdqu	128(%rdx), %ymm10
+        vmovdqu	160(%rdx), %ymm12
+        vpmulld	%ymm13, %ymm2, %ymm8
+        vmovshdup	%ymm2, %ymm9
+        vpmuldq	%ymm11, %ymm2, %ymm2
+        vpmuldq	%ymm11, %ymm9, %ymm9
+        vmovshdup	%ymm8, %ymm15
+        vpmuldq	%ymm14, %ymm8, %ymm8
+        vpmuldq	%ymm14, %ymm15, %ymm15
+        vpsubq	%ymm8, %ymm2, %ymm8
+        vpsubq	%ymm15, %ymm9, %ymm15
+        vmovshdup	%ymm8, %ymm8
+        vpblendd	$0xaa, %ymm15, %ymm8, %ymm8
+        vpsubd	%ymm8, %ymm0, %ymm2
+        vpaddd	%ymm8, %ymm0, %ymm0
+        vpmulld	%ymm13, %ymm3, %ymm8
+        vmovshdup	%ymm3, %ymm9
+        vpmuldq	%ymm11, %ymm3, %ymm3
+        vpmuldq	%ymm11, %ymm9, %ymm9
+        vmovshdup	%ymm8, %ymm15
+        vpmuldq	%ymm14, %ymm8, %ymm8
+        vpmuldq	%ymm14, %ymm15, %ymm15
+        vpsubq	%ymm8, %ymm3, %ymm8
+        vpsubq	%ymm15, %ymm9, %ymm15
+        vmovshdup	%ymm8, %ymm8
+        vpblendd	$0xaa, %ymm15, %ymm8, %ymm8
+        vpsubd	%ymm8, %ymm1, %ymm3
+        vpaddd	%ymm8, %ymm1, %ymm1
+        vpmulld	%ymm12, %ymm6, %ymm8
+        vmovshdup	%ymm6, %ymm9
+        vpmuldq	%ymm10, %ymm6, %ymm6
+        vpmuldq	%ymm10, %ymm9, %ymm9
+        vmovshdup	%ymm8, %ymm15
+        vpmuldq	%ymm14, %ymm8, %ymm8
+        vpmuldq	%ymm14, %ymm15, %ymm15
+        vpsubq	%ymm8, %ymm6, %ymm8
+        vpsubq	%ymm15, %ymm9, %ymm15
+        vmovshdup	%ymm8, %ymm8
+        vpblendd	$0xaa, %ymm15, %ymm8, %ymm8
+        vpsubd	%ymm8, %ymm4, %ymm6
+        vpaddd	%ymm8, %ymm4, %ymm4
+        vpmulld	%ymm12, %ymm7, %ymm8
+        vmovshdup	%ymm7, %ymm9
+        vpmuldq	%ymm10, %ymm7, %ymm7
+        vpmuldq	%ymm10, %ymm9, %ymm9
+        vmovshdup	%ymm8, %ymm15
+        vpmuldq	%ymm14, %ymm8, %ymm8
+        vpmuldq	%ymm14, %ymm15, %ymm15
+        vpsubq	%ymm8, %ymm7, %ymm8
+        vpsubq	%ymm15, %ymm9, %ymm15
+        vmovshdup	%ymm8, %ymm8
+        vpblendd	$0xaa, %ymm15, %ymm8, %ymm8
+        vpsubd	%ymm8, %ymm5, %ymm7
+        vpaddd	%ymm8, %ymm5, %ymm5
+        vmovdqu	%ymm0, 64(%rdi)
+        vmovdqu	%ymm1, 192(%rdi)
+        vmovdqu	%ymm2, 320(%rdi)
+        vmovdqu	%ymm3, 448(%rdi)
+        vmovdqu	%ymm4, 576(%rdi)
+        vmovdqu	%ymm5, 704(%rdi)
+        vmovdqu	%ymm6, 832(%rdi)
+        vmovdqu	%ymm7, 960(%rdi)
+        # 128: 2/4
+        vmovdqu	(%rdx), %ymm10
+        vmovdqu	32(%rdx), %ymm12
+        vmovdqu	32(%rdi), %ymm0
+        vmovdqu	160(%rdi), %ymm1
+        vmovdqu	288(%rdi), %ymm2
+        vmovdqu	416(%rdi), %ymm3
+        vmovdqu	544(%rdi), %ymm4
+        vmovdqu	672(%rdi), %ymm5
+        vmovdqu	800(%rdi), %ymm6
+        vmovdqu	928(%rdi), %ymm7
+        vpmulld	%ymm12, %ymm4, %ymm8
+        vmovshdup	%ymm4, %ymm9
+        vpmuldq	%ymm10, %ymm4, %ymm4
+        vpmuldq	%ymm10, %ymm9, %ymm9
+        vmovshdup	%ymm8, %ymm15
+        vpmuldq	%ymm14, %ymm8, %ymm8
+        vpmuldq	%ymm14, %ymm15, %ymm15
+        vpsubq	%ymm8, %ymm4, %ymm8
+        vpsubq	%ymm15, %ymm9, %ymm15
+        vmovshdup	%ymm8, %ymm8
+        vpblendd	$0xaa, %ymm15, %ymm8, %ymm8
+        vpsubd	%ymm8, %ymm0, %ymm4
+        vpaddd	%ymm8, %ymm0, %ymm0
+        vpmulld	%ymm12, %ymm5, %ymm8
+        vmovshdup	%ymm5, %ymm9
+        vpmuldq	%ymm10, %ymm5, %ymm5
+        vpmuldq	%ymm10, %ymm9, %ymm9
+        vmovshdup	%ymm8, %ymm15
+        vpmuldq	%ymm14, %ymm8, %ymm8
+        vpmuldq	%ymm14, %ymm15, %ymm15
+        vpsubq	%ymm8, %ymm5, %ymm8
+        vpsubq	%ymm15, %ymm9, %ymm15
+        vmovshdup	%ymm8, %ymm8
+        vpblendd	$0xaa, %ymm15, %ymm8, %ymm8
+        vpsubd	%ymm8, %ymm1, %ymm5
+        vpaddd	%ymm8, %ymm1, %ymm1
+        vpmulld	%ymm12, %ymm6, %ymm8
+        vmovshdup	%ymm6, %ymm9
+        vpmuldq	%ymm10, %ymm6, %ymm6
+        vpmuldq	%ymm10, %ymm9, %ymm9
+        vmovshdup	%ymm8, %ymm15
+        vpmuldq	%ymm14, %ymm8, %ymm8
+        vpmuldq	%ymm14, %ymm15, %ymm15
+        vpsubq	%ymm8, %ymm6, %ymm8
+        vpsubq	%ymm15, %ymm9, %ymm15
+        vmovshdup	%ymm8, %ymm8
+        vpblendd	$0xaa, %ymm15, %ymm8, %ymm8
+        vpsubd	%ymm8, %ymm2, %ymm6
+        vpaddd	%ymm8, %ymm2, %ymm2
+        vpmulld	%ymm12, %ymm7, %ymm8
+        vmovshdup	%ymm7, %ymm9
+        vpmuldq	%ymm10, %ymm7, %ymm7
+        vpmuldq	%ymm10, %ymm9, %ymm9
+        vmovshdup	%ymm8, %ymm15
+        vpmuldq	%ymm14, %ymm8, %ymm8
+        vpmuldq	%ymm14, %ymm15, %ymm15
+        vpsubq	%ymm8, %ymm7, %ymm8
+        vpsubq	%ymm15, %ymm9, %ymm15
+        vmovshdup	%ymm8, %ymm8
+        vpblendd	$0xaa, %ymm15, %ymm8, %ymm8
+        vpsubd	%ymm8, %ymm3, %ymm7
+        vpaddd	%ymm8, %ymm3, %ymm3
+        # 64: 2/4
+        vmovdqu	128(%rdx), %ymm10
+        vmovdqu	160(%rdx), %ymm12
+        vpmulld	%ymm13, %ymm2, %ymm8
+        vmovshdup	%ymm2, %ymm9
+        vpmuldq	%ymm11, %ymm2, %ymm2
+        vpmuldq	%ymm11, %ymm9, %ymm9
+        vmovshdup	%ymm8, %ymm15
+        vpmuldq	%ymm14, %ymm8, %ymm8
+        vpmuldq	%ymm14, %ymm15, %ymm15
+        vpsubq	%ymm8, %ymm2, %ymm8
+        vpsubq	%ymm15, %ymm9, %ymm15
+        vmovshdup	%ymm8, %ymm8
+        vpblendd	$0xaa, %ymm15, %ymm8, %ymm8
+        vpsubd	%ymm8, %ymm0, %ymm2
+        vpaddd	%ymm8, %ymm0, %ymm0
+        vpmulld	%ymm13, %ymm3, %ymm8
+        vmovshdup	%ymm3, %ymm9
+        vpmuldq	%ymm11, %ymm3, %ymm3
+        vpmuldq	%ymm11, %ymm9, %ymm9
+        vmovshdup	%ymm8, %ymm15
+        vpmuldq	%ymm14, %ymm8, %ymm8
+        vpmuldq	%ymm14, %ymm15, %ymm15
+        vpsubq	%ymm8, %ymm3, %ymm8
+        vpsubq	%ymm15, %ymm9, %ymm15
+        vmovshdup	%ymm8, %ymm8
+        vpblendd	$0xaa, %ymm15, %ymm8, %ymm8
+        vpsubd	%ymm8, %ymm1, %ymm3
+        vpaddd	%ymm8, %ymm1, %ymm1
+        vpmulld	%ymm12, %ymm6, %ymm8
+        vmovshdup	%ymm6, %ymm9
+        vpmuldq	%ymm10, %ymm6, %ymm6
+        vpmuldq	%ymm10, %ymm9, %ymm9
+        vmovshdup	%ymm8, %ymm15
+        vpmuldq	%ymm14, %ymm8, %ymm8
+        vpmuldq	%ymm14, %ymm15, %ymm15
+        vpsubq	%ymm8, %ymm6, %ymm8
+        vpsubq	%ymm15, %ymm9, %ymm15
+        vmovshdup	%ymm8, %ymm8
+        vpblendd	$0xaa, %ymm15, %ymm8, %ymm8
+        vpsubd	%ymm8, %ymm4, %ymm6
+        vpaddd	%ymm8, %ymm4, %ymm4
+        vpmulld	%ymm12, %ymm7, %ymm8
+        vmovshdup	%ymm7, %ymm9
+        vpmuldq	%ymm10, %ymm7, %ymm7
+        vpmuldq	%ymm10, %ymm9, %ymm9
+        vmovshdup	%ymm8, %ymm15
+        vpmuldq	%ymm14, %ymm8, %ymm8
+        vpmuldq	%ymm14, %ymm15, %ymm15
+        vpsubq	%ymm8, %ymm7, %ymm8
+        vpsubq	%ymm15, %ymm9, %ymm15
+        vmovshdup	%ymm8, %ymm8
+        vpblendd	$0xaa, %ymm15, %ymm8, %ymm8
+        vpsubd	%ymm8, %ymm5, %ymm7
+        vpaddd	%ymm8, %ymm5, %ymm5
+        vmovdqu	%ymm0, 32(%rdi)
+        vmovdqu	%ymm1, 160(%rdi)
+        vmovdqu	%ymm2, 288(%rdi)
+        vmovdqu	%ymm3, 416(%rdi)
+        vmovdqu	%ymm4, 544(%rdi)
+        vmovdqu	%ymm5, 672(%rdi)
+        vmovdqu	%ymm6, 800(%rdi)
+        vmovdqu	%ymm7, 928(%rdi)
+        # 128: 1/4
+        vmovdqu	(%rdx), %ymm10
+        vmovdqu	32(%rdx), %ymm12
+        vmovdqu	(%rdi), %ymm0
+        vmovdqu	128(%rdi), %ymm1
+        vmovdqu	256(%rdi), %ymm2
+        vmovdqu	384(%rdi), %ymm3
+        vmovdqu	512(%rdi), %ymm4
+        vmovdqu	640(%rdi), %ymm5
+        vmovdqu	768(%rdi), %ymm6
+        vmovdqu	896(%rdi), %ymm7
+        vpmulld	%ymm12, %ymm4, %ymm8
+        vmovshdup	%ymm4, %ymm9
+        vpmuldq	%ymm10, %ymm4, %ymm4
+        vpmuldq	%ymm10, %ymm9, %ymm9
+        vmovshdup	%ymm8, %ymm15
+        vpmuldq	%ymm14, %ymm8, %ymm8
+        vpmuldq	%ymm14, %ymm15, %ymm15
+        vpsubq	%ymm8, %ymm4, %ymm8
+        vpsubq	%ymm15, %ymm9, %ymm15
+        vmovshdup	%ymm8, %ymm8
+        vpblendd	$0xaa, %ymm15, %ymm8, %ymm8
+        vpsubd	%ymm8, %ymm0, %ymm4
+        vpaddd	%ymm8, %ymm0, %ymm0
+        vpmulld	%ymm12, %ymm5, %ymm8
+        vmovshdup	%ymm5, %ymm9
+        vpmuldq	%ymm10, %ymm5, %ymm5
+        vpmuldq	%ymm10, %ymm9, %ymm9
+        vmovshdup	%ymm8, %ymm15
+        vpmuldq	%ymm14, %ymm8, %ymm8
+        vpmuldq	%ymm14, %ymm15, %ymm15
+        vpsubq	%ymm8, %ymm5, %ymm8
+        vpsubq	%ymm15, %ymm9, %ymm15
+        vmovshdup	%ymm8, %ymm8
+        vpblendd	$0xaa, %ymm15, %ymm8, %ymm8
+        vpsubd	%ymm8, %ymm1, %ymm5
+        vpaddd	%ymm8, %ymm1, %ymm1
+        vpmulld	%ymm12, %ymm6, %ymm8
+        vmovshdup	%ymm6, %ymm9
+        vpmuldq	%ymm10, %ymm6, %ymm6
+        vpmuldq	%ymm10, %ymm9, %ymm9
+        vmovshdup	%ymm8, %ymm15
+        vpmuldq	%ymm14, %ymm8, %ymm8
+        vpmuldq	%ymm14, %ymm15, %ymm15
+        vpsubq	%ymm8, %ymm6, %ymm8
+        vpsubq	%ymm15, %ymm9, %ymm15
+        vmovshdup	%ymm8, %ymm8
+        vpblendd	$0xaa, %ymm15, %ymm8, %ymm8
+        vpsubd	%ymm8, %ymm2, %ymm6
+        vpaddd	%ymm8, %ymm2, %ymm2
+        vpmulld	%ymm12, %ymm7, %ymm8
+        vmovshdup	%ymm7, %ymm9
+        vpmuldq	%ymm10, %ymm7, %ymm7
+        vpmuldq	%ymm10, %ymm9, %ymm9
+        vmovshdup	%ymm8, %ymm15
+        vpmuldq	%ymm14, %ymm8, %ymm8
+        vpmuldq	%ymm14, %ymm15, %ymm15
+        vpsubq	%ymm8, %ymm7, %ymm8
+        vpsubq	%ymm15, %ymm9, %ymm15
+        vmovshdup	%ymm8, %ymm8
+        vpblendd	$0xaa, %ymm15, %ymm8, %ymm8
+        vpsubd	%ymm8, %ymm3, %ymm7
+        vpaddd	%ymm8, %ymm3, %ymm3
+        # 64: 1/4
+        vmovdqu	128(%rdx), %ymm10
+        vmovdqu	160(%rdx), %ymm12
+        vpmulld	%ymm13, %ymm2, %ymm8
+        vmovshdup	%ymm2, %ymm9
+        vpmuldq	%ymm11, %ymm2, %ymm2
+        vpmuldq	%ymm11, %ymm9, %ymm9
+        vmovshdup	%ymm8, %ymm15
+        vpmuldq	%ymm14, %ymm8, %ymm8
+        vpmuldq	%ymm14, %ymm15, %ymm15
+        vpsubq	%ymm8, %ymm2, %ymm8
+        vpsubq	%ymm15, %ymm9, %ymm15
+        vmovshdup	%ymm8, %ymm8
+        vpblendd	$0xaa, %ymm15, %ymm8, %ymm8
+        vpsubd	%ymm8, %ymm0, %ymm2
+        vpaddd	%ymm8, %ymm0, %ymm0
+        vpmulld	%ymm13, %ymm3, %ymm8
+        vmovshdup	%ymm3, %ymm9
+        vpmuldq	%ymm11, %ymm3, %ymm3
+        vpmuldq	%ymm11, %ymm9, %ymm9
+        vmovshdup	%ymm8, %ymm15
+        vpmuldq	%ymm14, %ymm8, %ymm8
+        vpmuldq	%ymm14, %ymm15, %ymm15
+        vpsubq	%ymm8, %ymm3, %ymm8
+        vpsubq	%ymm15, %ymm9, %ymm15
+        vmovshdup	%ymm8, %ymm8
+        vpblendd	$0xaa, %ymm15, %ymm8, %ymm8
+        vpsubd	%ymm8, %ymm1, %ymm3
+        vpaddd	%ymm8, %ymm1, %ymm1
+        vpmulld	%ymm12, %ymm6, %ymm8
+        vmovshdup	%ymm6, %ymm9
+        vpmuldq	%ymm10, %ymm6, %ymm6
+        vpmuldq	%ymm10, %ymm9, %ymm9
+        vmovshdup	%ymm8, %ymm15
+        vpmuldq	%ymm14, %ymm8, %ymm8
+        vpmuldq	%ymm14, %ymm15, %ymm15
+        vpsubq	%ymm8, %ymm6, %ymm8
+        vpsubq	%ymm15, %ymm9, %ymm15
+        vmovshdup	%ymm8, %ymm8
+        vpblendd	$0xaa, %ymm15, %ymm8, %ymm8
+        vpsubd	%ymm8, %ymm4, %ymm6
+        vpaddd	%ymm8, %ymm4, %ymm4
+        vpmulld	%ymm12, %ymm7, %ymm8
+        vmovshdup	%ymm7, %ymm9
+        vpmuldq	%ymm10, %ymm7, %ymm7
+        vpmuldq	%ymm10, %ymm9, %ymm9
+        vmovshdup	%ymm8, %ymm15
+        vpmuldq	%ymm14, %ymm8, %ymm8
+        vpmuldq	%ymm14, %ymm15, %ymm15
+        vpsubq	%ymm8, %ymm7, %ymm8
+        vpsubq	%ymm15, %ymm9, %ymm15
+        vmovshdup	%ymm8, %ymm8
+        vpblendd	$0xaa, %ymm15, %ymm8, %ymm8
+        vpsubd	%ymm8, %ymm5, %ymm7
+        vpaddd	%ymm8, %ymm5, %ymm5
+        vmovdqu	%ymm2, 256(%rdi)
+        vmovdqu	%ymm3, 384(%rdi)
+        vmovdqu	%ymm4, 512(%rdi)
+        vmovdqu	%ymm5, 640(%rdi)
+        vmovdqu	%ymm6, 768(%rdi)
+        vmovdqu	%ymm7, 896(%rdi)
+        vmovdqu	%ymm1, %ymm4
+        vmovdqu	32(%rdi), %ymm1
+        vmovdqu	64(%rdi), %ymm2
+        vmovdqu	96(%rdi), %ymm3
+        vmovdqu	160(%rdi), %ymm5
+        vmovdqu	192(%rdi), %ymm6
+        vmovdqu	224(%rdi), %ymm7
+        # 32: 1/4
+        vmovdqu	192(%rdx), %ymm10
+        vmovdqu	224(%rdx), %ymm12
+        vpmulld	%ymm12, %ymm4, %ymm8
+        vmovshdup	%ymm4, %ymm9
+        vpmuldq	%ymm10, %ymm4, %ymm4
+        vpmuldq	%ymm10, %ymm9, %ymm9
+        vmovshdup	%ymm8, %ymm15
+        vpmuldq	%ymm14, %ymm8, %ymm8
+        vpmuldq	%ymm14, %ymm15, %ymm15
+        vpsubq	%ymm8, %ymm4, %ymm8
+        vpsubq	%ymm15, %ymm9, %ymm15
+        vmovshdup	%ymm8, %ymm8
+        vpblendd	$0xaa, %ymm15, %ymm8, %ymm8
+        vpsubd	%ymm8, %ymm0, %ymm4
+        vpaddd	%ymm8, %ymm0, %ymm0
+        vpmulld	%ymm12, %ymm5, %ymm8
+        vmovshdup	%ymm5, %ymm9
+        vpmuldq	%ymm10, %ymm5, %ymm5
+        vpmuldq	%ymm10, %ymm9, %ymm9
+        vmovshdup	%ymm8, %ymm15
+        vpmuldq	%ymm14, %ymm8, %ymm8
+        vpmuldq	%ymm14, %ymm15, %ymm15
+        vpsubq	%ymm8, %ymm5, %ymm8
+        vpsubq	%ymm15, %ymm9, %ymm15
+        vmovshdup	%ymm8, %ymm8
+        vpblendd	$0xaa, %ymm15, %ymm8, %ymm8
+        vpsubd	%ymm8, %ymm1, %ymm5
+        vpaddd	%ymm8, %ymm1, %ymm1
+        vpmulld	%ymm12, %ymm6, %ymm8
+        vmovshdup	%ymm6, %ymm9
+        vpmuldq	%ymm10, %ymm6, %ymm6
+        vpmuldq	%ymm10, %ymm9, %ymm9
+        vmovshdup	%ymm8, %ymm15
+        vpmuldq	%ymm14, %ymm8, %ymm8
+        vpmuldq	%ymm14, %ymm15, %ymm15
+        vpsubq	%ymm8, %ymm6, %ymm8
+        vpsubq	%ymm15, %ymm9, %ymm15
+        vmovshdup	%ymm8, %ymm8
+        vpblendd	$0xaa, %ymm15, %ymm8, %ymm8
+        vpsubd	%ymm8, %ymm2, %ymm6
+        vpaddd	%ymm8, %ymm2, %ymm2
+        vpmulld	%ymm12, %ymm7, %ymm8
+        vmovshdup	%ymm7, %ymm9
+        vpmuldq	%ymm10, %ymm7, %ymm7
+        vpmuldq	%ymm10, %ymm9, %ymm9
+        vmovshdup	%ymm8, %ymm15
+        vpmuldq	%ymm14, %ymm8, %ymm8
+        vpmuldq	%ymm14, %ymm15, %ymm15
+        vpsubq	%ymm8, %ymm7, %ymm8
+        vpsubq	%ymm15, %ymm9, %ymm15
+        vmovshdup	%ymm8, %ymm8
+        vpblendd	$0xaa, %ymm15, %ymm8, %ymm8
+        vpsubd	%ymm8, %ymm3, %ymm7
+        vpaddd	%ymm8, %ymm3, %ymm3
+        # 16: 1/4
+        vmovdqu	256(%rdx), %ymm10
+        vmovdqu	288(%rdx), %ymm12
+        vmovdqu	320(%rdx), %ymm11
+        vmovdqu	352(%rdx), %ymm13
+        vpmulld	%ymm12, %ymm2, %ymm8
+        vmovshdup	%ymm2, %ymm9
+        vpmuldq	%ymm10, %ymm2, %ymm2
+        vpmuldq	%ymm10, %ymm9, %ymm9
+        vmovshdup	%ymm8, %ymm15
+        vpmuldq	%ymm14, %ymm8, %ymm8
+        vpmuldq	%ymm14, %ymm15, %ymm15
+        vpsubq	%ymm8, %ymm2, %ymm8
+        vpsubq	%ymm15, %ymm9, %ymm15
+        vmovshdup	%ymm8, %ymm8
+        vpblendd	$0xaa, %ymm15, %ymm8, %ymm8
+        vpsubd	%ymm8, %ymm0, %ymm2
+        vpaddd	%ymm8, %ymm0, %ymm0
+        vpmulld	%ymm12, %ymm3, %ymm8
+        vmovshdup	%ymm3, %ymm9
+        vpmuldq	%ymm10, %ymm3, %ymm3
+        vpmuldq	%ymm10, %ymm9, %ymm9
+        vmovshdup	%ymm8, %ymm15
+        vpmuldq	%ymm14, %ymm8, %ymm8
+        vpmuldq	%ymm14, %ymm15, %ymm15
+        vpsubq	%ymm8, %ymm3, %ymm8
+        vpsubq	%ymm15, %ymm9, %ymm15
+        vmovshdup	%ymm8, %ymm8
+        vpblendd	$0xaa, %ymm15, %ymm8, %ymm8
+        vpsubd	%ymm8, %ymm1, %ymm3
+        vpaddd	%ymm8, %ymm1, %ymm1
+        vpmulld	%ymm13, %ymm6, %ymm8
+        vmovshdup	%ymm6, %ymm9
+        vpmuldq	%ymm11, %ymm6, %ymm6
+        vpmuldq	%ymm11, %ymm9, %ymm9
+        vmovshdup	%ymm8, %ymm15
+        vpmuldq	%ymm14, %ymm8, %ymm8
+        vpmuldq	%ymm14, %ymm15, %ymm15
+        vpsubq	%ymm8, %ymm6, %ymm8
+        vpsubq	%ymm15, %ymm9, %ymm15
+        vmovshdup	%ymm8, %ymm8
+        vpblendd	$0xaa, %ymm15, %ymm8, %ymm8
+        vpsubd	%ymm8, %ymm4, %ymm6
+        vpaddd	%ymm8, %ymm4, %ymm4
+        vpmulld	%ymm13, %ymm7, %ymm8
+        vmovshdup	%ymm7, %ymm9
+        vpmuldq	%ymm11, %ymm7, %ymm7
+        vpmuldq	%ymm11, %ymm9, %ymm9
+        vmovshdup	%ymm8, %ymm15
+        vpmuldq	%ymm14, %ymm8, %ymm8
+        vpmuldq	%ymm14, %ymm15, %ymm15
+        vpsubq	%ymm8, %ymm7, %ymm8
+        vpsubq	%ymm15, %ymm9, %ymm15
+        vmovshdup	%ymm8, %ymm8
+        vpblendd	$0xaa, %ymm15, %ymm8, %ymm8
+        vpsubd	%ymm8, %ymm5, %ymm7
+        vpaddd	%ymm8, %ymm5, %ymm5
+        # 8: 1/4
+        vmovdqu	384(%rdx), %ymm10
+        vmovdqu	416(%rdx), %ymm12
+        vmovdqu	448(%rdx), %ymm11
+        vmovdqu	480(%rdx), %ymm13
+        vpmulld	%ymm12, %ymm1, %ymm8
+        vmovshdup	%ymm1, %ymm9
+        vpmuldq	%ymm10, %ymm1, %ymm1
+        vpmuldq	%ymm10, %ymm9, %ymm9
+        vmovshdup	%ymm8, %ymm15
+        vpmuldq	%ymm14, %ymm8, %ymm8
+        vpmuldq	%ymm14, %ymm15, %ymm15
+        vpsubq	%ymm8, %ymm1, %ymm8
+        vpsubq	%ymm15, %ymm9, %ymm15
+        vmovshdup	%ymm8, %ymm8
+        vpblendd	$0xaa, %ymm15, %ymm8, %ymm8
+        vpsubd	%ymm8, %ymm0, %ymm1
+        vpaddd	%ymm8, %ymm0, %ymm0
+        vpmulld	%ymm13, %ymm3, %ymm8
+        vmovshdup	%ymm3, %ymm9
+        vpmuldq	%ymm11, %ymm3, %ymm3
+        vpmuldq	%ymm11, %ymm9, %ymm9
+        vmovshdup	%ymm8, %ymm15
+        vpmuldq	%ymm14, %ymm8, %ymm8
+        vpmuldq	%ymm14, %ymm15, %ymm15
+        vpsubq	%ymm8, %ymm3, %ymm8
+        vpsubq	%ymm15, %ymm9, %ymm15
+        vmovshdup	%ymm8, %ymm8
+        vpblendd	$0xaa, %ymm15, %ymm8, %ymm8
+        vpsubd	%ymm8, %ymm2, %ymm3
+        vpaddd	%ymm8, %ymm2, %ymm2
+        vmovdqu	512(%rdx), %ymm10
+        vmovdqu	544(%rdx), %ymm12
+        vmovdqu	576(%rdx), %ymm11
+        vmovdqu	608(%rdx), %ymm13
+        vpmulld	%ymm12, %ymm5, %ymm8
+        vmovshdup	%ymm5, %ymm9
+        vpmuldq	%ymm10, %ymm5, %ymm5
+        vpmuldq	%ymm10, %ymm9, %ymm9
+        vmovshdup	%ymm8, %ymm15
+        vpmuldq	%ymm14, %ymm8, %ymm8
+        vpmuldq	%ymm14, %ymm15, %ymm15
+        vpsubq	%ymm8, %ymm5, %ymm8
+        vpsubq	%ymm15, %ymm9, %ymm15
+        vmovshdup	%ymm8, %ymm8
+        vpblendd	$0xaa, %ymm15, %ymm8, %ymm8
+        vpsubd	%ymm8, %ymm4, %ymm5
+        vpaddd	%ymm8, %ymm4, %ymm4
+        vpmulld	%ymm13, %ymm7, %ymm8
+        vmovshdup	%ymm7, %ymm9
+        vpmuldq	%ymm11, %ymm7, %ymm7
+        vpmuldq	%ymm11, %ymm9, %ymm9
+        vmovshdup	%ymm8, %ymm15
+        vpmuldq	%ymm14, %ymm8, %ymm8
+        vpmuldq	%ymm14, %ymm15, %ymm15
+        vpsubq	%ymm8, %ymm7, %ymm8
+        vpsubq	%ymm15, %ymm9, %ymm15
+        vmovshdup	%ymm8, %ymm8
+        vpblendd	$0xaa, %ymm15, %ymm8, %ymm8
+        vpsubd	%ymm8, %ymm6, %ymm7
+        vpaddd	%ymm8, %ymm6, %ymm6
+        # 4: 1/4
+        vperm2i128	$32, %ymm1, %ymm0, %ymm8
+        vmovdqu	640(%rdx), %ymm10
+        vperm2i128	$49, %ymm1, %ymm0, %ymm1
+        vmovdqu	672(%rdx), %ymm12
+        vperm2i128	$32, %ymm3, %ymm2, %ymm9
+        vmovdqu	704(%rdx), %ymm11
+        vperm2i128	$49, %ymm3, %ymm2, %ymm3
+        vmovdqu	736(%rdx), %ymm13
+        vpmulld	%ymm12, %ymm1, %ymm0
+        vmovshdup	%ymm1, %ymm2
+        vpmuldq	%ymm10, %ymm1, %ymm1
+        vpmuldq	%ymm10, %ymm2, %ymm2
+        vmovshdup	%ymm0, %ymm15
+        vpmuldq	%ymm14, %ymm0, %ymm0
+        vpmuldq	%ymm14, %ymm15, %ymm15
+        vpsubq	%ymm0, %ymm1, %ymm0
+        vpsubq	%ymm15, %ymm2, %ymm15
+        vmovshdup	%ymm0, %ymm0
+        vpblendd	$0xaa, %ymm15, %ymm0, %ymm0
+        vpsubd	%ymm0, %ymm8, %ymm1
+        vpaddd	%ymm0, %ymm8, %ymm8
+        vpmulld	%ymm13, %ymm3, %ymm0
+        vmovshdup	%ymm3, %ymm2
+        vpmuldq	%ymm11, %ymm3, %ymm3
+        vpmuldq	%ymm11, %ymm2, %ymm2
+        vmovshdup	%ymm0, %ymm15
+        vpmuldq	%ymm14, %ymm0, %ymm0
+        vpmuldq	%ymm14, %ymm15, %ymm15
+        vpsubq	%ymm0, %ymm3, %ymm0
+        vpsubq	%ymm15, %ymm2, %ymm15
+        vmovshdup	%ymm0, %ymm0
+        vpblendd	$0xaa, %ymm15, %ymm0, %ymm0
+        vpsubd	%ymm0, %ymm9, %ymm3
+        vpaddd	%ymm0, %ymm9, %ymm9
+        # 2: 1/4
+        vmovdqu	768(%rdx), %ymm10
+        vmovdqu	800(%rdx), %ymm12
+        vmovdqu	832(%rdx), %ymm11
+        vmovdqu	864(%rdx), %ymm13
+        vpunpcklqdq	%ymm1, %ymm8, %ymm0
+        vpunpckhqdq	%ymm1, %ymm8, %ymm1
+        vpunpcklqdq	%ymm3, %ymm9, %ymm2
+        vpunpckhqdq	%ymm3, %ymm9, %ymm3
+        vpmulld	%ymm12, %ymm1, %ymm8
+        vmovshdup	%ymm1, %ymm9
+        vpmuldq	%ymm10, %ymm1, %ymm1
+        vpmuldq	%ymm10, %ymm9, %ymm9
+        vmovshdup	%ymm8, %ymm15
+        vpmuldq	%ymm14, %ymm8, %ymm8
+        vpmuldq	%ymm14, %ymm15, %ymm15
+        vpsubq	%ymm8, %ymm1, %ymm8
+        vpsubq	%ymm15, %ymm9, %ymm15
+        vmovshdup	%ymm8, %ymm8
+        vpblendd	$0xaa, %ymm15, %ymm8, %ymm8
+        vpsubd	%ymm8, %ymm0, %ymm1
+        vpaddd	%ymm8, %ymm0, %ymm0
+        vpmulld	%ymm13, %ymm3, %ymm8
+        vmovshdup	%ymm3, %ymm9
+        vpmuldq	%ymm11, %ymm3, %ymm3
+        vpmuldq	%ymm11, %ymm9, %ymm9
+        vmovshdup	%ymm8, %ymm15
+        vpmuldq	%ymm14, %ymm8, %ymm8
+        vpmuldq	%ymm14, %ymm15, %ymm15
+        vpsubq	%ymm8, %ymm3, %ymm8
+        vpsubq	%ymm15, %ymm9, %ymm15
+        vmovshdup	%ymm8, %ymm8
+        vpblendd	$0xaa, %ymm15, %ymm8, %ymm8
+        vpsubd	%ymm8, %ymm2, %ymm3
+        vpaddd	%ymm8, %ymm2, %ymm2
+        # 4: 1/4
+        vperm2i128	$32, %ymm5, %ymm4, %ymm8
+        vmovdqu	896(%rdx), %ymm10
+        vperm2i128	$49, %ymm5, %ymm4, %ymm5
+        vmovdqu	928(%rdx), %ymm12
+        vperm2i128	$32, %ymm7, %ymm6, %ymm9
+        vmovdqu	960(%rdx), %ymm11
+        vperm2i128	$49, %ymm7, %ymm6, %ymm7
+        vmovdqu	992(%rdx), %ymm13
+        vpmulld	%ymm12, %ymm5, %ymm4
+        vmovshdup	%ymm5, %ymm6
+        vpmuldq	%ymm10, %ymm5, %ymm5
+        vpmuldq	%ymm10, %ymm6, %ymm6
+        vmovshdup	%ymm4, %ymm15
+        vpmuldq	%ymm14, %ymm4, %ymm4
+        vpmuldq	%ymm14, %ymm15, %ymm15
+        vpsubq	%ymm4, %ymm5, %ymm4
+        vpsubq	%ymm15, %ymm6, %ymm15
+        vmovshdup	%ymm4, %ymm4
+        vpblendd	$0xaa, %ymm15, %ymm4, %ymm4
+        vpsubd	%ymm4, %ymm8, %ymm5
+        vpaddd	%ymm4, %ymm8, %ymm8
+        vpmulld	%ymm13, %ymm7, %ymm4
+        vmovshdup	%ymm7, %ymm6
+        vpmuldq	%ymm11, %ymm7, %ymm7
+        vpmuldq	%ymm11, %ymm6, %ymm6
+        vmovshdup	%ymm4, %ymm15
+        vpmuldq	%ymm14, %ymm4, %ymm4
+        vpmuldq	%ymm14, %ymm15, %ymm15
+        vpsubq	%ymm4, %ymm7, %ymm4
+        vpsubq	%ymm15, %ymm6, %ymm15
+        vmovshdup	%ymm4, %ymm4
+        vpblendd	$0xaa, %ymm15, %ymm4, %ymm4
+        vpsubd	%ymm4, %ymm9, %ymm7
+        vpaddd	%ymm4, %ymm9, %ymm9
+        # 2: 1/4
+        vmovdqu	1024(%rdx), %ymm10
+        vmovdqu	1056(%rdx), %ymm12
+        vmovdqu	1088(%rdx), %ymm11
+        vmovdqu	1120(%rdx), %ymm13
+        vpunpcklqdq	%ymm5, %ymm8, %ymm4
+        vpunpckhqdq	%ymm5, %ymm8, %ymm5
+        vpunpcklqdq	%ymm7, %ymm9, %ymm6
+        vpunpckhqdq	%ymm7, %ymm9, %ymm7
+        vpmulld	%ymm12, %ymm5, %ymm8
+        vmovshdup	%ymm5, %ymm9
+        vpmuldq	%ymm10, %ymm5, %ymm5
+        vpmuldq	%ymm10, %ymm9, %ymm9
+        vmovshdup	%ymm8, %ymm15
+        vpmuldq	%ymm14, %ymm8, %ymm8
+        vpmuldq	%ymm14, %ymm15, %ymm15
+        vpsubq	%ymm8, %ymm5, %ymm8
+        vpsubq	%ymm15, %ymm9, %ymm15
+        vmovshdup	%ymm8, %ymm8
+        vpblendd	$0xaa, %ymm15, %ymm8, %ymm8
+        vpsubd	%ymm8, %ymm4, %ymm5
+        vpaddd	%ymm8, %ymm4, %ymm4
+        vpmulld	%ymm13, %ymm7, %ymm8
+        vmovshdup	%ymm7, %ymm9
+        vpmuldq	%ymm11, %ymm7, %ymm7
+        vpmuldq	%ymm11, %ymm9, %ymm9
+        vmovshdup	%ymm8, %ymm15
+        vpmuldq	%ymm14, %ymm8, %ymm8
+        vpmuldq	%ymm14, %ymm15, %ymm15
+        vpsubq	%ymm8, %ymm7, %ymm8
+        vpsubq	%ymm15, %ymm9, %ymm15
+        vmovshdup	%ymm8, %ymm8
+        vpblendd	$0xaa, %ymm15, %ymm8, %ymm8
+        vpsubd	%ymm8, %ymm6, %ymm7
+        vpaddd	%ymm8, %ymm6, %ymm6
+        # 1: 1/4
+        vmovdqu	1152(%rdx), %ymm10
+        vmovdqu	1184(%rdx), %ymm12
+        vmovdqu	1216(%rdx), %ymm11
+        vmovdqu	1248(%rdx), %ymm13
+        vpsllq	$32, %ymm1, %ymm8
+        vpsrlq	$32, %ymm0, %ymm9
+        vpblendd	$0xaa, %ymm8, %ymm0, %ymm0
+        vpblendd	$0x55, %ymm9, %ymm1, %ymm1
+        vpsllq	$32, %ymm3, %ymm8
+        vpsrlq	$32, %ymm2, %ymm9
+        vpblendd	$0xaa, %ymm8, %ymm2, %ymm2
+        vpblendd	$0x55, %ymm9, %ymm3, %ymm3
+        vpmulld	%ymm12, %ymm1, %ymm8
+        vmovshdup	%ymm1, %ymm9
+        vpmuldq	%ymm10, %ymm1, %ymm1
+        vmovshdup	%ymm10, %ymm10
+        vpmuldq	%ymm10, %ymm9, %ymm9
+        vmovshdup	%ymm8, %ymm15
+        vpmuldq	%ymm14, %ymm8, %ymm8
+        vpmuldq	%ymm14, %ymm15, %ymm15
+        vpsubq	%ymm8, %ymm1, %ymm8
+        vpsubq	%ymm15, %ymm9, %ymm15
+        vmovshdup	%ymm8, %ymm8
+        vpblendd	$0xaa, %ymm15, %ymm8, %ymm8
+        vpsubd	%ymm8, %ymm0, %ymm1
+        vpaddd	%ymm8, %ymm0, %ymm0
+        vpmulld	%ymm13, %ymm3, %ymm8
+        vmovshdup	%ymm3, %ymm9
+        vpmuldq	%ymm11, %ymm3, %ymm3
+        vmovshdup	%ymm11, %ymm11
+        vpmuldq	%ymm11, %ymm9, %ymm9
+        vmovshdup	%ymm8, %ymm15
+        vpmuldq	%ymm14, %ymm8, %ymm8
+        vpmuldq	%ymm14, %ymm15, %ymm15
+        vpsubq	%ymm8, %ymm3, %ymm8
+        vpsubq	%ymm15, %ymm9, %ymm15
+        vmovshdup	%ymm8, %ymm8
+        vpblendd	$0xaa, %ymm15, %ymm8, %ymm8
+        vpsubd	%ymm8, %ymm2, %ymm3
+        vpaddd	%ymm8, %ymm2, %ymm2
+        # 1: 1/4
+        vmovdqu	1280(%rdx), %ymm10
+        vmovdqu	1312(%rdx), %ymm12
+        vmovdqu	1344(%rdx), %ymm11
+        vmovdqu	1376(%rdx), %ymm13
+        vpsllq	$32, %ymm5, %ymm8
+        vpsrlq	$32, %ymm4, %ymm9
+        vpblendd	$0xaa, %ymm8, %ymm4, %ymm4
+        vpblendd	$0x55, %ymm9, %ymm5, %ymm5
+        vpsllq	$32, %ymm7, %ymm8
+        vpsrlq	$32, %ymm6, %ymm9
+        vpblendd	$0xaa, %ymm8, %ymm6, %ymm6
+        vpblendd	$0x55, %ymm9, %ymm7, %ymm7
+        vpmulld	%ymm12, %ymm5, %ymm8
+        vmovshdup	%ymm5, %ymm9
+        vpmuldq	%ymm10, %ymm5, %ymm5
+        vmovshdup	%ymm10, %ymm10
+        vpmuldq	%ymm10, %ymm9, %ymm9
+        vmovshdup	%ymm8, %ymm15
+        vpmuldq	%ymm14, %ymm8, %ymm8
+        vpmuldq	%ymm14, %ymm15, %ymm15
+        vpsubq	%ymm8, %ymm5, %ymm8
+        vpsubq	%ymm15, %ymm9, %ymm15
+        vmovshdup	%ymm8, %ymm8
+        vpblendd	$0xaa, %ymm15, %ymm8, %ymm8
+        vpsubd	%ymm8, %ymm4, %ymm5
+        vpaddd	%ymm8, %ymm4, %ymm4
+        vpmulld	%ymm13, %ymm7, %ymm8
+        vmovshdup	%ymm7, %ymm9
+        vpmuldq	%ymm11, %ymm7, %ymm7
+        vmovshdup	%ymm11, %ymm11
+        vpmuldq	%ymm11, %ymm9, %ymm9
+        vmovshdup	%ymm8, %ymm15
+        vpmuldq	%ymm14, %ymm8, %ymm8
+        vpmuldq	%ymm14, %ymm15, %ymm15
+        vpsubq	%ymm8, %ymm7, %ymm8
+        vpsubq	%ymm15, %ymm9, %ymm15
+        vmovshdup	%ymm8, %ymm8
+        vpblendd	$0xaa, %ymm15, %ymm8, %ymm8
+        vpsubd	%ymm8, %ymm6, %ymm7
+        vpaddd	%ymm8, %ymm6, %ymm6
+        vpunpckldq	%ymm1, %ymm0, %ymm8
+        vpunpckhdq	%ymm1, %ymm0, %ymm9
+        vperm2i128	$32, %ymm9, %ymm8, %ymm0
+        vperm2i128	$49, %ymm9, %ymm8, %ymm1
+        vpunpckldq	%ymm3, %ymm2, %ymm8
+        vpunpckhdq	%ymm3, %ymm2, %ymm9
+        vperm2i128	$32, %ymm9, %ymm8, %ymm2
+        vperm2i128	$49, %ymm9, %ymm8, %ymm3
+        vpunpckldq	%ymm5, %ymm4, %ymm8
+        vpunpckhdq	%ymm5, %ymm4, %ymm9
+        vperm2i128	$32, %ymm9, %ymm8, %ymm4
+        vperm2i128	$49, %ymm9, %ymm8, %ymm5
+        vpunpckldq	%ymm7, %ymm6, %ymm8
+        vpunpckhdq	%ymm7, %ymm6, %ymm9
+        vperm2i128	$32, %ymm9, %ymm8, %ymm6
+        vperm2i128	$49, %ymm9, %ymm8, %ymm7
+        vmovdqu	%ymm0, (%rdi)
+        vmovdqu	%ymm1, 32(%rdi)
+        vmovdqu	%ymm2, 64(%rdi)
+        vmovdqu	%ymm3, 96(%rdi)
+        vmovdqu	%ymm4, 128(%rdi)
+        vmovdqu	%ymm5, 160(%rdi)
+        vmovdqu	%ymm6, 192(%rdi)
+        vmovdqu	%ymm7, 224(%rdi)
+        vmovdqu	256(%rdi), %ymm0
+        vmovdqu	288(%rdi), %ymm1
+        vmovdqu	320(%rdi), %ymm2
+        vmovdqu	352(%rdi), %ymm3
+        vmovdqu	384(%rdi), %ymm4
+        vmovdqu	416(%rdi), %ymm5
+        vmovdqu	448(%rdi), %ymm6
+        vmovdqu	480(%rdi), %ymm7
+        # 32: 2/4
+        vmovdqu	1408(%rdx), %ymm10
+        vmovdqu	1440(%rdx), %ymm12
+        vpmulld	%ymm12, %ymm4, %ymm8
+        vmovshdup	%ymm4, %ymm9
+        vpmuldq	%ymm10, %ymm4, %ymm4
+        vpmuldq	%ymm10, %ymm9, %ymm9
+        vmovshdup	%ymm8, %ymm15
+        vpmuldq	%ymm14, %ymm8, %ymm8
+        vpmuldq	%ymm14, %ymm15, %ymm15
+        vpsubq	%ymm8, %ymm4, %ymm8
+        vpsubq	%ymm15, %ymm9, %ymm15
+        vmovshdup	%ymm8, %ymm8
+        vpblendd	$0xaa, %ymm15, %ymm8, %ymm8
+        vpsubd	%ymm8, %ymm0, %ymm4
+        vpaddd	%ymm8, %ymm0, %ymm0
+        vpmulld	%ymm12, %ymm5, %ymm8
+        vmovshdup	%ymm5, %ymm9
+        vpmuldq	%ymm10, %ymm5, %ymm5
+        vpmuldq	%ymm10, %ymm9, %ymm9
+        vmovshdup	%ymm8, %ymm15
+        vpmuldq	%ymm14, %ymm8, %ymm8
+        vpmuldq	%ymm14, %ymm15, %ymm15
+        vpsubq	%ymm8, %ymm5, %ymm8
+        vpsubq	%ymm15, %ymm9, %ymm15
+        vmovshdup	%ymm8, %ymm8
+        vpblendd	$0xaa, %ymm15, %ymm8, %ymm8
+        vpsubd	%ymm8, %ymm1, %ymm5
+        vpaddd	%ymm8, %ymm1, %ymm1
+        vpmulld	%ymm12, %ymm6, %ymm8
+        vmovshdup	%ymm6, %ymm9
+        vpmuldq	%ymm10, %ymm6, %ymm6
+        vpmuldq	%ymm10, %ymm9, %ymm9
+        vmovshdup	%ymm8, %ymm15
+        vpmuldq	%ymm14, %ymm8, %ymm8
+        vpmuldq	%ymm14, %ymm15, %ymm15
+        vpsubq	%ymm8, %ymm6, %ymm8
+        vpsubq	%ymm15, %ymm9, %ymm15
+        vmovshdup	%ymm8, %ymm8
+        vpblendd	$0xaa, %ymm15, %ymm8, %ymm8
+        vpsubd	%ymm8, %ymm2, %ymm6
+        vpaddd	%ymm8, %ymm2, %ymm2
+        vpmulld	%ymm12, %ymm7, %ymm8
+        vmovshdup	%ymm7, %ymm9
+        vpmuldq	%ymm10, %ymm7, %ymm7
+        vpmuldq	%ymm10, %ymm9, %ymm9
+        vmovshdup	%ymm8, %ymm15
+        vpmuldq	%ymm14, %ymm8, %ymm8
+        vpmuldq	%ymm14, %ymm15, %ymm15
+        vpsubq	%ymm8, %ymm7, %ymm8
+        vpsubq	%ymm15, %ymm9, %ymm15
+        vmovshdup	%ymm8, %ymm8
+        vpblendd	$0xaa, %ymm15, %ymm8, %ymm8
+        vpsubd	%ymm8, %ymm3, %ymm7
+        vpaddd	%ymm8, %ymm3, %ymm3
+        # 16: 2/4
+        vmovdqu	1472(%rdx), %ymm10
+        vmovdqu	1504(%rdx), %ymm12
+        vmovdqu	1536(%rdx), %ymm11
+        vmovdqu	1568(%rdx), %ymm13
+        vpmulld	%ymm12, %ymm2, %ymm8
+        vmovshdup	%ymm2, %ymm9
+        vpmuldq	%ymm10, %ymm2, %ymm2
+        vpmuldq	%ymm10, %ymm9, %ymm9
+        vmovshdup	%ymm8, %ymm15
+        vpmuldq	%ymm14, %ymm8, %ymm8
+        vpmuldq	%ymm14, %ymm15, %ymm15
+        vpsubq	%ymm8, %ymm2, %ymm8
+        vpsubq	%ymm15, %ymm9, %ymm15
+        vmovshdup	%ymm8, %ymm8
+        vpblendd	$0xaa, %ymm15, %ymm8, %ymm8
+        vpsubd	%ymm8, %ymm0, %ymm2
+        vpaddd	%ymm8, %ymm0, %ymm0
+        vpmulld	%ymm12, %ymm3, %ymm8
+        vmovshdup	%ymm3, %ymm9
+        vpmuldq	%ymm10, %ymm3, %ymm3
+        vpmuldq	%ymm10, %ymm9, %ymm9
+        vmovshdup	%ymm8, %ymm15
+        vpmuldq	%ymm14, %ymm8, %ymm8
+        vpmuldq	%ymm14, %ymm15, %ymm15
+        vpsubq	%ymm8, %ymm3, %ymm8
+        vpsubq	%ymm15, %ymm9, %ymm15
+        vmovshdup	%ymm8, %ymm8
+        vpblendd	$0xaa, %ymm15, %ymm8, %ymm8
+        vpsubd	%ymm8, %ymm1, %ymm3
+        vpaddd	%ymm8, %ymm1, %ymm1
+        vpmulld	%ymm13, %ymm6, %ymm8
+        vmovshdup	%ymm6, %ymm9
+        vpmuldq	%ymm11, %ymm6, %ymm6
+        vpmuldq	%ymm11, %ymm9, %ymm9
+        vmovshdup	%ymm8, %ymm15
+        vpmuldq	%ymm14, %ymm8, %ymm8
+        vpmuldq	%ymm14, %ymm15, %ymm15
+        vpsubq	%ymm8, %ymm6, %ymm8
+        vpsubq	%ymm15, %ymm9, %ymm15
+        vmovshdup	%ymm8, %ymm8
+        vpblendd	$0xaa, %ymm15, %ymm8, %ymm8
+        vpsubd	%ymm8, %ymm4, %ymm6
+        vpaddd	%ymm8, %ymm4, %ymm4
+        vpmulld	%ymm13, %ymm7, %ymm8
+        vmovshdup	%ymm7, %ymm9
+        vpmuldq	%ymm11, %ymm7, %ymm7
+        vpmuldq	%ymm11, %ymm9, %ymm9
+        vmovshdup	%ymm8, %ymm15
+        vpmuldq	%ymm14, %ymm8, %ymm8
+        vpmuldq	%ymm14, %ymm15, %ymm15
+        vpsubq	%ymm8, %ymm7, %ymm8
+        vpsubq	%ymm15, %ymm9, %ymm15
+        vmovshdup	%ymm8, %ymm8
+        vpblendd	$0xaa, %ymm15, %ymm8, %ymm8
+        vpsubd	%ymm8, %ymm5, %ymm7
+        vpaddd	%ymm8, %ymm5, %ymm5
+        # 8: 2/4
+        vmovdqu	1600(%rdx), %ymm10
+        vmovdqu	1632(%rdx), %ymm12
+        vmovdqu	1664(%rdx), %ymm11
+        vmovdqu	1696(%rdx), %ymm13
+        vpmulld	%ymm12, %ymm1, %ymm8
+        vmovshdup	%ymm1, %ymm9
+        vpmuldq	%ymm10, %ymm1, %ymm1
+        vpmuldq	%ymm10, %ymm9, %ymm9
+        vmovshdup	%ymm8, %ymm15
+        vpmuldq	%ymm14, %ymm8, %ymm8
+        vpmuldq	%ymm14, %ymm15, %ymm15
+        vpsubq	%ymm8, %ymm1, %ymm8
+        vpsubq	%ymm15, %ymm9, %ymm15
+        vmovshdup	%ymm8, %ymm8
+        vpblendd	$0xaa, %ymm15, %ymm8, %ymm8
+        vpsubd	%ymm8, %ymm0, %ymm1
+        vpaddd	%ymm8, %ymm0, %ymm0
+        vpmulld	%ymm13, %ymm3, %ymm8
+        vmovshdup	%ymm3, %ymm9
+        vpmuldq	%ymm11, %ymm3, %ymm3
+        vpmuldq	%ymm11, %ymm9, %ymm9
+        vmovshdup	%ymm8, %ymm15
+        vpmuldq	%ymm14, %ymm8, %ymm8
+        vpmuldq	%ymm14, %ymm15, %ymm15
+        vpsubq	%ymm8, %ymm3, %ymm8
+        vpsubq	%ymm15, %ymm9, %ymm15
+        vmovshdup	%ymm8, %ymm8
+        vpblendd	$0xaa, %ymm15, %ymm8, %ymm8
+        vpsubd	%ymm8, %ymm2, %ymm3
+        vpaddd	%ymm8, %ymm2, %ymm2
+        vmovdqu	1728(%rdx), %ymm10
+        vmovdqu	1760(%rdx), %ymm12
+        vmovdqu	1792(%rdx), %ymm11
+        vmovdqu	1824(%rdx), %ymm13
+        vpmulld	%ymm12, %ymm5, %ymm8
+        vmovshdup	%ymm5, %ymm9
+        vpmuldq	%ymm10, %ymm5, %ymm5
+        vpmuldq	%ymm10, %ymm9, %ymm9
+        vmovshdup	%ymm8, %ymm15
+        vpmuldq	%ymm14, %ymm8, %ymm8
+        vpmuldq	%ymm14, %ymm15, %ymm15
+        vpsubq	%ymm8, %ymm5, %ymm8
+        vpsubq	%ymm15, %ymm9, %ymm15
+        vmovshdup	%ymm8, %ymm8
+        vpblendd	$0xaa, %ymm15, %ymm8, %ymm8
+        vpsubd	%ymm8, %ymm4, %ymm5
+        vpaddd	%ymm8, %ymm4, %ymm4
+        vpmulld	%ymm13, %ymm7, %ymm8
+        vmovshdup	%ymm7, %ymm9
+        vpmuldq	%ymm11, %ymm7, %ymm7
+        vpmuldq	%ymm11, %ymm9, %ymm9
+        vmovshdup	%ymm8, %ymm15
+        vpmuldq	%ymm14, %ymm8, %ymm8
+        vpmuldq	%ymm14, %ymm15, %ymm15
+        vpsubq	%ymm8, %ymm7, %ymm8
+        vpsubq	%ymm15, %ymm9, %ymm15
+        vmovshdup	%ymm8, %ymm8
+        vpblendd	$0xaa, %ymm15, %ymm8, %ymm8
+        vpsubd	%ymm8, %ymm6, %ymm7
+        vpaddd	%ymm8, %ymm6, %ymm6
+        # 4: 2/4
+        vperm2i128	$32, %ymm1, %ymm0, %ymm8
+        vmovdqu	1856(%rdx), %ymm10
+        vperm2i128	$49, %ymm1, %ymm0, %ymm1
+        vmovdqu	1888(%rdx), %ymm12
+        vperm2i128	$32, %ymm3, %ymm2, %ymm9
+        vmovdqu	1920(%rdx), %ymm11
+        vperm2i128	$49, %ymm3, %ymm2, %ymm3
+        vmovdqu	1952(%rdx), %ymm13
+        vpmulld	%ymm12, %ymm1, %ymm0
+        vmovshdup	%ymm1, %ymm2
+        vpmuldq	%ymm10, %ymm1, %ymm1
+        vpmuldq	%ymm10, %ymm2, %ymm2
+        vmovshdup	%ymm0, %ymm15
+        vpmuldq	%ymm14, %ymm0, %ymm0
+        vpmuldq	%ymm14, %ymm15, %ymm15
+        vpsubq	%ymm0, %ymm1, %ymm0
+        vpsubq	%ymm15, %ymm2, %ymm15
+        vmovshdup	%ymm0, %ymm0
+        vpblendd	$0xaa, %ymm15, %ymm0, %ymm0
+        vpsubd	%ymm0, %ymm8, %ymm1
+        vpaddd	%ymm0, %ymm8, %ymm8
+        vpmulld	%ymm13, %ymm3, %ymm0
+        vmovshdup	%ymm3, %ymm2
+        vpmuldq	%ymm11, %ymm3, %ymm3
+        vpmuldq	%ymm11, %ymm2, %ymm2
+        vmovshdup	%ymm0, %ymm15
+        vpmuldq	%ymm14, %ymm0, %ymm0
+        vpmuldq	%ymm14, %ymm15, %ymm15
+        vpsubq	%ymm0, %ymm3, %ymm0
+        vpsubq	%ymm15, %ymm2, %ymm15
+        vmovshdup	%ymm0, %ymm0
+        vpblendd	$0xaa, %ymm15, %ymm0, %ymm0
+        vpsubd	%ymm0, %ymm9, %ymm3
+        vpaddd	%ymm0, %ymm9, %ymm9
+        # 2: 2/4
+        vmovdqu	1984(%rdx), %ymm10
+        vmovdqu	2016(%rdx), %ymm12
+        vmovdqu	2048(%rdx), %ymm11
+        vmovdqu	2080(%rdx), %ymm13
+        vpunpcklqdq	%ymm1, %ymm8, %ymm0
+        vpunpckhqdq	%ymm1, %ymm8, %ymm1
+        vpunpcklqdq	%ymm3, %ymm9, %ymm2
+        vpunpckhqdq	%ymm3, %ymm9, %ymm3
+        vpmulld	%ymm12, %ymm1, %ymm8
+        vmovshdup	%ymm1, %ymm9
+        vpmuldq	%ymm10, %ymm1, %ymm1
+        vpmuldq	%ymm10, %ymm9, %ymm9
+        vmovshdup	%ymm8, %ymm15
+        vpmuldq	%ymm14, %ymm8, %ymm8
+        vpmuldq	%ymm14, %ymm15, %ymm15
+        vpsubq	%ymm8, %ymm1, %ymm8
+        vpsubq	%ymm15, %ymm9, %ymm15
+        vmovshdup	%ymm8, %ymm8
+        vpblendd	$0xaa, %ymm15, %ymm8, %ymm8
+        vpsubd	%ymm8, %ymm0, %ymm1
+        vpaddd	%ymm8, %ymm0, %ymm0
+        vpmulld	%ymm13, %ymm3, %ymm8
+        vmovshdup	%ymm3, %ymm9
+        vpmuldq	%ymm11, %ymm3, %ymm3
+        vpmuldq	%ymm11, %ymm9, %ymm9
+        vmovshdup	%ymm8, %ymm15
+        vpmuldq	%ymm14, %ymm8, %ymm8
+        vpmuldq	%ymm14, %ymm15, %ymm15
+        vpsubq	%ymm8, %ymm3, %ymm8
+        vpsubq	%ymm15, %ymm9, %ymm15
+        vmovshdup	%ymm8, %ymm8
+        vpblendd	$0xaa, %ymm15, %ymm8, %ymm8
+        vpsubd	%ymm8, %ymm2, %ymm3
+        vpaddd	%ymm8, %ymm2, %ymm2
+        # 4: 2/4
+        vperm2i128	$32, %ymm5, %ymm4, %ymm8
+        vmovdqu	2112(%rdx), %ymm10
+        vperm2i128	$49, %ymm5, %ymm4, %ymm5
+        vmovdqu	2144(%rdx), %ymm12
+        vperm2i128	$32, %ymm7, %ymm6, %ymm9
+        vmovdqu	2176(%rdx), %ymm11
+        vperm2i128	$49, %ymm7, %ymm6, %ymm7
+        vmovdqu	2208(%rdx), %ymm13
+        vpmulld	%ymm12, %ymm5, %ymm4
+        vmovshdup	%ymm5, %ymm6
+        vpmuldq	%ymm10, %ymm5, %ymm5
+        vpmuldq	%ymm10, %ymm6, %ymm6
+        vmovshdup	%ymm4, %ymm15
+        vpmuldq	%ymm14, %ymm4, %ymm4
+        vpmuldq	%ymm14, %ymm15, %ymm15
+        vpsubq	%ymm4, %ymm5, %ymm4
+        vpsubq	%ymm15, %ymm6, %ymm15
+        vmovshdup	%ymm4, %ymm4
+        vpblendd	$0xaa, %ymm15, %ymm4, %ymm4
+        vpsubd	%ymm4, %ymm8, %ymm5
+        vpaddd	%ymm4, %ymm8, %ymm8
+        vpmulld	%ymm13, %ymm7, %ymm4
+        vmovshdup	%ymm7, %ymm6
+        vpmuldq	%ymm11, %ymm7, %ymm7
+        vpmuldq	%ymm11, %ymm6, %ymm6
+        vmovshdup	%ymm4, %ymm15
+        vpmuldq	%ymm14, %ymm4, %ymm4
+        vpmuldq	%ymm14, %ymm15, %ymm15
+        vpsubq	%ymm4, %ymm7, %ymm4
+        vpsubq	%ymm15, %ymm6, %ymm15
+        vmovshdup	%ymm4, %ymm4
+        vpblendd	$0xaa, %ymm15, %ymm4, %ymm4
+        vpsubd	%ymm4, %ymm9, %ymm7
+        vpaddd	%ymm4, %ymm9, %ymm9
+        # 2: 2/4
+        vmovdqu	2240(%rdx), %ymm10
+        vmovdqu	2272(%rdx), %ymm12
+        vmovdqu	2304(%rdx), %ymm11
+        vmovdqu	2336(%rdx), %ymm13
+        vpunpcklqdq	%ymm5, %ymm8, %ymm4
+        vpunpckhqdq	%ymm5, %ymm8, %ymm5
+        vpunpcklqdq	%ymm7, %ymm9, %ymm6
+        vpunpckhqdq	%ymm7, %ymm9, %ymm7
+        vpmulld	%ymm12, %ymm5, %ymm8
+        vmovshdup	%ymm5, %ymm9
+        vpmuldq	%ymm10, %ymm5, %ymm5
+        vpmuldq	%ymm10, %ymm9, %ymm9
+        vmovshdup	%ymm8, %ymm15
+        vpmuldq	%ymm14, %ymm8, %ymm8
+        vpmuldq	%ymm14, %ymm15, %ymm15
+        vpsubq	%ymm8, %ymm5, %ymm8
+        vpsubq	%ymm15, %ymm9, %ymm15
+        vmovshdup	%ymm8, %ymm8
+        vpblendd	$0xaa, %ymm15, %ymm8, %ymm8
+        vpsubd	%ymm8, %ymm4, %ymm5
+        vpaddd	%ymm8, %ymm4, %ymm4
+        vpmulld	%ymm13, %ymm7, %ymm8
+        vmovshdup	%ymm7, %ymm9
+        vpmuldq	%ymm11, %ymm7, %ymm7
+        vpmuldq	%ymm11, %ymm9, %ymm9
+        vmovshdup	%ymm8, %ymm15
+        vpmuldq	%ymm14, %ymm8, %ymm8
+        vpmuldq	%ymm14, %ymm15, %ymm15
+        vpsubq	%ymm8, %ymm7, %ymm8
+        vpsubq	%ymm15, %ymm9, %ymm15
+        vmovshdup	%ymm8, %ymm8
+        vpblendd	$0xaa, %ymm15, %ymm8, %ymm8
+        vpsubd	%ymm8, %ymm6, %ymm7
+        vpaddd	%ymm8, %ymm6, %ymm6
+        # 1: 2/4
+        vmovdqu	2368(%rdx), %ymm10
+        vmovdqu	2400(%rdx), %ymm12
+        vmovdqu	2432(%rdx), %ymm11
+        vmovdqu	2464(%rdx), %ymm13
+        vpsllq	$32, %ymm1, %ymm8
+        vpsrlq	$32, %ymm0, %ymm9
+        vpblendd	$0xaa, %ymm8, %ymm0, %ymm0
+        vpblendd	$0x55, %ymm9, %ymm1, %ymm1
+        vpsllq	$32, %ymm3, %ymm8
+        vpsrlq	$32, %ymm2, %ymm9
+        vpblendd	$0xaa, %ymm8, %ymm2, %ymm2
+        vpblendd	$0x55, %ymm9, %ymm3, %ymm3
+        vpmulld	%ymm12, %ymm1, %ymm8
+        vmovshdup	%ymm1, %ymm9
+        vpmuldq	%ymm10, %ymm1, %ymm1
+        vmovshdup	%ymm10, %ymm10
+        vpmuldq	%ymm10, %ymm9, %ymm9
+        vmovshdup	%ymm8, %ymm15
+        vpmuldq	%ymm14, %ymm8, %ymm8
+        vpmuldq	%ymm14, %ymm15, %ymm15
+        vpsubq	%ymm8, %ymm1, %ymm8
+        vpsubq	%ymm15, %ymm9, %ymm15
+        vmovshdup	%ymm8, %ymm8
+        vpblendd	$0xaa, %ymm15, %ymm8, %ymm8
+        vpsubd	%ymm8, %ymm0, %ymm1
+        vpaddd	%ymm8, %ymm0, %ymm0
+        vpmulld	%ymm13, %ymm3, %ymm8
+        vmovshdup	%ymm3, %ymm9
+        vpmuldq	%ymm11, %ymm3, %ymm3
+        vmovshdup	%ymm11, %ymm11
+        vpmuldq	%ymm11, %ymm9, %ymm9
+        vmovshdup	%ymm8, %ymm15
+        vpmuldq	%ymm14, %ymm8, %ymm8
+        vpmuldq	%ymm14, %ymm15, %ymm15
+        vpsubq	%ymm8, %ymm3, %ymm8
+        vpsubq	%ymm15, %ymm9, %ymm15
+        vmovshdup	%ymm8, %ymm8
+        vpblendd	$0xaa, %ymm15, %ymm8, %ymm8
+        vpsubd	%ymm8, %ymm2, %ymm3
+        vpaddd	%ymm8, %ymm2, %ymm2
+        # 1: 2/4
+        vmovdqu	2496(%rdx), %ymm10
+        vmovdqu	2528(%rdx), %ymm12
+        vmovdqu	2560(%rdx), %ymm11
+        vmovdqu	2592(%rdx), %ymm13
+        vpsllq	$32, %ymm5, %ymm8
+        vpsrlq	$32, %ymm4, %ymm9
+        vpblendd	$0xaa, %ymm8, %ymm4, %ymm4
+        vpblendd	$0x55, %ymm9, %ymm5, %ymm5
+        vpsllq	$32, %ymm7, %ymm8
+        vpsrlq	$32, %ymm6, %ymm9
+        vpblendd	$0xaa, %ymm8, %ymm6, %ymm6
+        vpblendd	$0x55, %ymm9, %ymm7, %ymm7
+        vpmulld	%ymm12, %ymm5, %ymm8
+        vmovshdup	%ymm5, %ymm9
+        vpmuldq	%ymm10, %ymm5, %ymm5
+        vmovshdup	%ymm10, %ymm10
+        vpmuldq	%ymm10, %ymm9, %ymm9
+        vmovshdup	%ymm8, %ymm15
+        vpmuldq	%ymm14, %ymm8, %ymm8
+        vpmuldq	%ymm14, %ymm15, %ymm15
+        vpsubq	%ymm8, %ymm5, %ymm8
+        vpsubq	%ymm15, %ymm9, %ymm15
+        vmovshdup	%ymm8, %ymm8
+        vpblendd	$0xaa, %ymm15, %ymm8, %ymm8
+        vpsubd	%ymm8, %ymm4, %ymm5
+        vpaddd	%ymm8, %ymm4, %ymm4
+        vpmulld	%ymm13, %ymm7, %ymm8
+        vmovshdup	%ymm7, %ymm9
+        vpmuldq	%ymm11, %ymm7, %ymm7
+        vmovshdup	%ymm11, %ymm11
+        vpmuldq	%ymm11, %ymm9, %ymm9
+        vmovshdup	%ymm8, %ymm15
+        vpmuldq	%ymm14, %ymm8, %ymm8
+        vpmuldq	%ymm14, %ymm15, %ymm15
+        vpsubq	%ymm8, %ymm7, %ymm8
+        vpsubq	%ymm15, %ymm9, %ymm15
+        vmovshdup	%ymm8, %ymm8
+        vpblendd	$0xaa, %ymm15, %ymm8, %ymm8
+        vpsubd	%ymm8, %ymm6, %ymm7
+        vpaddd	%ymm8, %ymm6, %ymm6
+        vpunpckldq	%ymm1, %ymm0, %ymm8
+        vpunpckhdq	%ymm1, %ymm0, %ymm9
+        vperm2i128	$32, %ymm9, %ymm8, %ymm0
+        vperm2i128	$49, %ymm9, %ymm8, %ymm1
+        vpunpckldq	%ymm3, %ymm2, %ymm8
+        vpunpckhdq	%ymm3, %ymm2, %ymm9
+        vperm2i128	$32, %ymm9, %ymm8, %ymm2
+        vperm2i128	$49, %ymm9, %ymm8, %ymm3
+        vpunpckldq	%ymm5, %ymm4, %ymm8
+        vpunpckhdq	%ymm5, %ymm4, %ymm9
+        vperm2i128	$32, %ymm9, %ymm8, %ymm4
+        vperm2i128	$49, %ymm9, %ymm8, %ymm5
+        vpunpckldq	%ymm7, %ymm6, %ymm8
+        vpunpckhdq	%ymm7, %ymm6, %ymm9
+        vperm2i128	$32, %ymm9, %ymm8, %ymm6
+        vperm2i128	$49, %ymm9, %ymm8, %ymm7
+        vmovdqu	%ymm0, 256(%rdi)
+        vmovdqu	%ymm1, 288(%rdi)
+        vmovdqu	%ymm2, 320(%rdi)
+        vmovdqu	%ymm3, 352(%rdi)
+        vmovdqu	%ymm4, 384(%rdi)
+        vmovdqu	%ymm5, 416(%rdi)
+        vmovdqu	%ymm6, 448(%rdi)
+        vmovdqu	%ymm7, 480(%rdi)
+        vmovdqu	512(%rdi), %ymm0
+        vmovdqu	544(%rdi), %ymm1
+        vmovdqu	576(%rdi), %ymm2
+        vmovdqu	608(%rdi), %ymm3
+        vmovdqu	640(%rdi), %ymm4
+        vmovdqu	672(%rdi), %ymm5
+        vmovdqu	704(%rdi), %ymm6
+        vmovdqu	736(%rdi), %ymm7
+        # 32: 3/4
+        vmovdqu	2624(%rdx), %ymm10
+        vmovdqu	2656(%rdx), %ymm12
+        vpmulld	%ymm12, %ymm4, %ymm8
+        vmovshdup	%ymm4, %ymm9
+        vpmuldq	%ymm10, %ymm4, %ymm4
+        vpmuldq	%ymm10, %ymm9, %ymm9
+        vmovshdup	%ymm8, %ymm15
+        vpmuldq	%ymm14, %ymm8, %ymm8
+        vpmuldq	%ymm14, %ymm15, %ymm15
+        vpsubq	%ymm8, %ymm4, %ymm8
+        vpsubq	%ymm15, %ymm9, %ymm15
+        vmovshdup	%ymm8, %ymm8
+        vpblendd	$0xaa, %ymm15, %ymm8, %ymm8
+        vpsubd	%ymm8, %ymm0, %ymm4
+        vpaddd	%ymm8, %ymm0, %ymm0
+        vpmulld	%ymm12, %ymm5, %ymm8
+        vmovshdup	%ymm5, %ymm9
+        vpmuldq	%ymm10, %ymm5, %ymm5
+        vpmuldq	%ymm10, %ymm9, %ymm9
+        vmovshdup	%ymm8, %ymm15
+        vpmuldq	%ymm14, %ymm8, %ymm8
+        vpmuldq	%ymm14, %ymm15, %ymm15
+        vpsubq	%ymm8, %ymm5, %ymm8
+        vpsubq	%ymm15, %ymm9, %ymm15
+        vmovshdup	%ymm8, %ymm8
+        vpblendd	$0xaa, %ymm15, %ymm8, %ymm8
+        vpsubd	%ymm8, %ymm1, %ymm5
+        vpaddd	%ymm8, %ymm1, %ymm1
+        vpmulld	%ymm12, %ymm6, %ymm8
+        vmovshdup	%ymm6, %ymm9
+        vpmuldq	%ymm10, %ymm6, %ymm6
+        vpmuldq	%ymm10, %ymm9, %ymm9
+        vmovshdup	%ymm8, %ymm15
+        vpmuldq	%ymm14, %ymm8, %ymm8
+        vpmuldq	%ymm14, %ymm15, %ymm15
+        vpsubq	%ymm8, %ymm6, %ymm8
+        vpsubq	%ymm15, %ymm9, %ymm15
+        vmovshdup	%ymm8, %ymm8
+        vpblendd	$0xaa, %ymm15, %ymm8, %ymm8
+        vpsubd	%ymm8, %ymm2, %ymm6
+        vpaddd	%ymm8, %ymm2, %ymm2
+        vpmulld	%ymm12, %ymm7, %ymm8
+        vmovshdup	%ymm7, %ymm9
+        vpmuldq	%ymm10, %ymm7, %ymm7
+        vpmuldq	%ymm10, %ymm9, %ymm9
+        vmovshdup	%ymm8, %ymm15
+        vpmuldq	%ymm14, %ymm8, %ymm8
+        vpmuldq	%ymm14, %ymm15, %ymm15
+        vpsubq	%ymm8, %ymm7, %ymm8
+        vpsubq	%ymm15, %ymm9, %ymm15
+        vmovshdup	%ymm8, %ymm8
+        vpblendd	$0xaa, %ymm15, %ymm8, %ymm8
+        vpsubd	%ymm8, %ymm3, %ymm7
+        vpaddd	%ymm8, %ymm3, %ymm3
+        # 16: 3/4
+        vmovdqu	2688(%rdx), %ymm10
+        vmovdqu	2720(%rdx), %ymm12
+        vmovdqu	2752(%rdx), %ymm11
+        vmovdqu	2784(%rdx), %ymm13
+        vpmulld	%ymm12, %ymm2, %ymm8
+        vmovshdup	%ymm2, %ymm9
+        vpmuldq	%ymm10, %ymm2, %ymm2
+        vpmuldq	%ymm10, %ymm9, %ymm9
+        vmovshdup	%ymm8, %ymm15
+        vpmuldq	%ymm14, %ymm8, %ymm8
+        vpmuldq	%ymm14, %ymm15, %ymm15
+        vpsubq	%ymm8, %ymm2, %ymm8
+        vpsubq	%ymm15, %ymm9, %ymm15
+        vmovshdup	%ymm8, %ymm8
+        vpblendd	$0xaa, %ymm15, %ymm8, %ymm8
+        vpsubd	%ymm8, %ymm0, %ymm2
+        vpaddd	%ymm8, %ymm0, %ymm0
+        vpmulld	%ymm12, %ymm3, %ymm8
+        vmovshdup	%ymm3, %ymm9
+        vpmuldq	%ymm10, %ymm3, %ymm3
+        vpmuldq	%ymm10, %ymm9, %ymm9
+        vmovshdup	%ymm8, %ymm15
+        vpmuldq	%ymm14, %ymm8, %ymm8
+        vpmuldq	%ymm14, %ymm15, %ymm15
+        vpsubq	%ymm8, %ymm3, %ymm8
+        vpsubq	%ymm15, %ymm9, %ymm15
+        vmovshdup	%ymm8, %ymm8
+        vpblendd	$0xaa, %ymm15, %ymm8, %ymm8
+        vpsubd	%ymm8, %ymm1, %ymm3
+        vpaddd	%ymm8, %ymm1, %ymm1
+        vpmulld	%ymm13, %ymm6, %ymm8
+        vmovshdup	%ymm6, %ymm9
+        vpmuldq	%ymm11, %ymm6, %ymm6
+        vpmuldq	%ymm11, %ymm9, %ymm9
+        vmovshdup	%ymm8, %ymm15
+        vpmuldq	%ymm14, %ymm8, %ymm8
+        vpmuldq	%ymm14, %ymm15, %ymm15
+        vpsubq	%ymm8, %ymm6, %ymm8
+        vpsubq	%ymm15, %ymm9, %ymm15
+        vmovshdup	%ymm8, %ymm8
+        vpblendd	$0xaa, %ymm15, %ymm8, %ymm8
+        vpsubd	%ymm8, %ymm4, %ymm6
+        vpaddd	%ymm8, %ymm4, %ymm4
+        vpmulld	%ymm13, %ymm7, %ymm8
+        vmovshdup	%ymm7, %ymm9
+        vpmuldq	%ymm11, %ymm7, %ymm7
+        vpmuldq	%ymm11, %ymm9, %ymm9
+        vmovshdup	%ymm8, %ymm15
+        vpmuldq	%ymm14, %ymm8, %ymm8
+        vpmuldq	%ymm14, %ymm15, %ymm15
+        vpsubq	%ymm8, %ymm7, %ymm8
+        vpsubq	%ymm15, %ymm9, %ymm15
+        vmovshdup	%ymm8, %ymm8
+        vpblendd	$0xaa, %ymm15, %ymm8, %ymm8
+        vpsubd	%ymm8, %ymm5, %ymm7
+        vpaddd	%ymm8, %ymm5, %ymm5
+        # 8: 3/4
+        vmovdqu	2816(%rdx), %ymm10
+        vmovdqu	2848(%rdx), %ymm12
+        vmovdqu	2880(%rdx), %ymm11
+        vmovdqu	2912(%rdx), %ymm13
+        vpmulld	%ymm12, %ymm1, %ymm8
+        vmovshdup	%ymm1, %ymm9
+        vpmuldq	%ymm10, %ymm1, %ymm1
+        vpmuldq	%ymm10, %ymm9, %ymm9
+        vmovshdup	%ymm8, %ymm15
+        vpmuldq	%ymm14, %ymm8, %ymm8
+        vpmuldq	%ymm14, %ymm15, %ymm15
+        vpsubq	%ymm8, %ymm1, %ymm8
+        vpsubq	%ymm15, %ymm9, %ymm15
+        vmovshdup	%ymm8, %ymm8
+        vpblendd	$0xaa, %ymm15, %ymm8, %ymm8
+        vpsubd	%ymm8, %ymm0, %ymm1
+        vpaddd	%ymm8, %ymm0, %ymm0
+        vpmulld	%ymm13, %ymm3, %ymm8
+        vmovshdup	%ymm3, %ymm9
+        vpmuldq	%ymm11, %ymm3, %ymm3
+        vpmuldq	%ymm11, %ymm9, %ymm9
+        vmovshdup	%ymm8, %ymm15
+        vpmuldq	%ymm14, %ymm8, %ymm8
+        vpmuldq	%ymm14, %ymm15, %ymm15
+        vpsubq	%ymm8, %ymm3, %ymm8
+        vpsubq	%ymm15, %ymm9, %ymm15
+        vmovshdup	%ymm8, %ymm8
+        vpblendd	$0xaa, %ymm15, %ymm8, %ymm8
+        vpsubd	%ymm8, %ymm2, %ymm3
+        vpaddd	%ymm8, %ymm2, %ymm2
+        vmovdqu	2944(%rdx), %ymm10
+        vmovdqu	2976(%rdx), %ymm12
+        vmovdqu	3008(%rdx), %ymm11
+        vmovdqu	3040(%rdx), %ymm13
+        vpmulld	%ymm12, %ymm5, %ymm8
+        vmovshdup	%ymm5, %ymm9
+        vpmuldq	%ymm10, %ymm5, %ymm5
+        vpmuldq	%ymm10, %ymm9, %ymm9
+        vmovshdup	%ymm8, %ymm15
+        vpmuldq	%ymm14, %ymm8, %ymm8
+        vpmuldq	%ymm14, %ymm15, %ymm15
+        vpsubq	%ymm8, %ymm5, %ymm8
+        vpsubq	%ymm15, %ymm9, %ymm15
+        vmovshdup	%ymm8, %ymm8
+        vpblendd	$0xaa, %ymm15, %ymm8, %ymm8
+        vpsubd	%ymm8, %ymm4, %ymm5
+        vpaddd	%ymm8, %ymm4, %ymm4
+        vpmulld	%ymm13, %ymm7, %ymm8
+        vmovshdup	%ymm7, %ymm9
+        vpmuldq	%ymm11, %ymm7, %ymm7
+        vpmuldq	%ymm11, %ymm9, %ymm9
+        vmovshdup	%ymm8, %ymm15
+        vpmuldq	%ymm14, %ymm8, %ymm8
+        vpmuldq	%ymm14, %ymm15, %ymm15
+        vpsubq	%ymm8, %ymm7, %ymm8
+        vpsubq	%ymm15, %ymm9, %ymm15
+        vmovshdup	%ymm8, %ymm8
+        vpblendd	$0xaa, %ymm15, %ymm8, %ymm8
+        vpsubd	%ymm8, %ymm6, %ymm7
+        vpaddd	%ymm8, %ymm6, %ymm6
+        # 4: 3/4
+        vperm2i128	$32, %ymm1, %ymm0, %ymm8
+        vmovdqu	3072(%rdx), %ymm10
+        vperm2i128	$49, %ymm1, %ymm0, %ymm1
+        vmovdqu	3104(%rdx), %ymm12
+        vperm2i128	$32, %ymm3, %ymm2, %ymm9
+        vmovdqu	3136(%rdx), %ymm11
+        vperm2i128	$49, %ymm3, %ymm2, %ymm3
+        vmovdqu	3168(%rdx), %ymm13
+        vpmulld	%ymm12, %ymm1, %ymm0
+        vmovshdup	%ymm1, %ymm2
+        vpmuldq	%ymm10, %ymm1, %ymm1
+        vpmuldq	%ymm10, %ymm2, %ymm2
+        vmovshdup	%ymm0, %ymm15
+        vpmuldq	%ymm14, %ymm0, %ymm0
+        vpmuldq	%ymm14, %ymm15, %ymm15
+        vpsubq	%ymm0, %ymm1, %ymm0
+        vpsubq	%ymm15, %ymm2, %ymm15
+        vmovshdup	%ymm0, %ymm0
+        vpblendd	$0xaa, %ymm15, %ymm0, %ymm0
+        vpsubd	%ymm0, %ymm8, %ymm1
+        vpaddd	%ymm0, %ymm8, %ymm8
+        vpmulld	%ymm13, %ymm3, %ymm0
+        vmovshdup	%ymm3, %ymm2
+        vpmuldq	%ymm11, %ymm3, %ymm3
+        vpmuldq	%ymm11, %ymm2, %ymm2
+        vmovshdup	%ymm0, %ymm15
+        vpmuldq	%ymm14, %ymm0, %ymm0
+        vpmuldq	%ymm14, %ymm15, %ymm15
+        vpsubq	%ymm0, %ymm3, %ymm0
+        vpsubq	%ymm15, %ymm2, %ymm15
+        vmovshdup	%ymm0, %ymm0
+        vpblendd	$0xaa, %ymm15, %ymm0, %ymm0
+        vpsubd	%ymm0, %ymm9, %ymm3
+        vpaddd	%ymm0, %ymm9, %ymm9
+        # 2: 3/4
+        vmovdqu	3200(%rdx), %ymm10
+        vmovdqu	3232(%rdx), %ymm12
+        vmovdqu	3264(%rdx), %ymm11
+        vmovdqu	3296(%rdx), %ymm13
+        vpunpcklqdq	%ymm1, %ymm8, %ymm0
+        vpunpckhqdq	%ymm1, %ymm8, %ymm1
+        vpunpcklqdq	%ymm3, %ymm9, %ymm2
+        vpunpckhqdq	%ymm3, %ymm9, %ymm3
+        vpmulld	%ymm12, %ymm1, %ymm8
+        vmovshdup	%ymm1, %ymm9
+        vpmuldq	%ymm10, %ymm1, %ymm1
+        vpmuldq	%ymm10, %ymm9, %ymm9
+        vmovshdup	%ymm8, %ymm15
+        vpmuldq	%ymm14, %ymm8, %ymm8
+        vpmuldq	%ymm14, %ymm15, %ymm15
+        vpsubq	%ymm8, %ymm1, %ymm8
+        vpsubq	%ymm15, %ymm9, %ymm15
+        vmovshdup	%ymm8, %ymm8
+        vpblendd	$0xaa, %ymm15, %ymm8, %ymm8
+        vpsubd	%ymm8, %ymm0, %ymm1
+        vpaddd	%ymm8, %ymm0, %ymm0
+        vpmulld	%ymm13, %ymm3, %ymm8
+        vmovshdup	%ymm3, %ymm9
+        vpmuldq	%ymm11, %ymm3, %ymm3
+        vpmuldq	%ymm11, %ymm9, %ymm9
+        vmovshdup	%ymm8, %ymm15
+        vpmuldq	%ymm14, %ymm8, %ymm8
+        vpmuldq	%ymm14, %ymm15, %ymm15
+        vpsubq	%ymm8, %ymm3, %ymm8
+        vpsubq	%ymm15, %ymm9, %ymm15
+        vmovshdup	%ymm8, %ymm8
+        vpblendd	$0xaa, %ymm15, %ymm8, %ymm8
+        vpsubd	%ymm8, %ymm2, %ymm3
+        vpaddd	%ymm8, %ymm2, %ymm2
+        # 4: 3/4
+        vperm2i128	$32, %ymm5, %ymm4, %ymm8
+        vmovdqu	3328(%rdx), %ymm10
+        vperm2i128	$49, %ymm5, %ymm4, %ymm5
+        vmovdqu	3360(%rdx), %ymm12
+        vperm2i128	$32, %ymm7, %ymm6, %ymm9
+        vmovdqu	3392(%rdx), %ymm11
+        vperm2i128	$49, %ymm7, %ymm6, %ymm7
+        vmovdqu	3424(%rdx), %ymm13
+        vpmulld	%ymm12, %ymm5, %ymm4
+        vmovshdup	%ymm5, %ymm6
+        vpmuldq	%ymm10, %ymm5, %ymm5
+        vpmuldq	%ymm10, %ymm6, %ymm6
+        vmovshdup	%ymm4, %ymm15
+        vpmuldq	%ymm14, %ymm4, %ymm4
+        vpmuldq	%ymm14, %ymm15, %ymm15
+        vpsubq	%ymm4, %ymm5, %ymm4
+        vpsubq	%ymm15, %ymm6, %ymm15
+        vmovshdup	%ymm4, %ymm4
+        vpblendd	$0xaa, %ymm15, %ymm4, %ymm4
+        vpsubd	%ymm4, %ymm8, %ymm5
+        vpaddd	%ymm4, %ymm8, %ymm8
+        vpmulld	%ymm13, %ymm7, %ymm4
+        vmovshdup	%ymm7, %ymm6
+        vpmuldq	%ymm11, %ymm7, %ymm7
+        vpmuldq	%ymm11, %ymm6, %ymm6
+        vmovshdup	%ymm4, %ymm15
+        vpmuldq	%ymm14, %ymm4, %ymm4
+        vpmuldq	%ymm14, %ymm15, %ymm15
+        vpsubq	%ymm4, %ymm7, %ymm4
+        vpsubq	%ymm15, %ymm6, %ymm15
+        vmovshdup	%ymm4, %ymm4
+        vpblendd	$0xaa, %ymm15, %ymm4, %ymm4
+        vpsubd	%ymm4, %ymm9, %ymm7
+        vpaddd	%ymm4, %ymm9, %ymm9
+        # 2: 3/4
+        vmovdqu	3456(%rdx), %ymm10
+        vmovdqu	3488(%rdx), %ymm12
+        vmovdqu	3520(%rdx), %ymm11
+        vmovdqu	3552(%rdx), %ymm13
+        vpunpcklqdq	%ymm5, %ymm8, %ymm4
+        vpunpckhqdq	%ymm5, %ymm8, %ymm5
+        vpunpcklqdq	%ymm7, %ymm9, %ymm6
+        vpunpckhqdq	%ymm7, %ymm9, %ymm7
+        vpmulld	%ymm12, %ymm5, %ymm8
+        vmovshdup	%ymm5, %ymm9
+        vpmuldq	%ymm10, %ymm5, %ymm5
+        vpmuldq	%ymm10, %ymm9, %ymm9
+        vmovshdup	%ymm8, %ymm15
+        vpmuldq	%ymm14, %ymm8, %ymm8
+        vpmuldq	%ymm14, %ymm15, %ymm15
+        vpsubq	%ymm8, %ymm5, %ymm8
+        vpsubq	%ymm15, %ymm9, %ymm15
+        vmovshdup	%ymm8, %ymm8
+        vpblendd	$0xaa, %ymm15, %ymm8, %ymm8
+        vpsubd	%ymm8, %ymm4, %ymm5
+        vpaddd	%ymm8, %ymm4, %ymm4
+        vpmulld	%ymm13, %ymm7, %ymm8
+        vmovshdup	%ymm7, %ymm9
+        vpmuldq	%ymm11, %ymm7, %ymm7
+        vpmuldq	%ymm11, %ymm9, %ymm9
+        vmovshdup	%ymm8, %ymm15
+        vpmuldq	%ymm14, %ymm8, %ymm8
+        vpmuldq	%ymm14, %ymm15, %ymm15
+        vpsubq	%ymm8, %ymm7, %ymm8
+        vpsubq	%ymm15, %ymm9, %ymm15
+        vmovshdup	%ymm8, %ymm8
+        vpblendd	$0xaa, %ymm15, %ymm8, %ymm8
+        vpsubd	%ymm8, %ymm6, %ymm7
+        vpaddd	%ymm8, %ymm6, %ymm6
+        # 1: 3/4
+        vmovdqu	3584(%rdx), %ymm10
+        vmovdqu	3616(%rdx), %ymm12
+        vmovdqu	3648(%rdx), %ymm11
+        vmovdqu	3680(%rdx), %ymm13
+        vpsllq	$32, %ymm1, %ymm8
+        vpsrlq	$32, %ymm0, %ymm9
+        vpblendd	$0xaa, %ymm8, %ymm0, %ymm0
+        vpblendd	$0x55, %ymm9, %ymm1, %ymm1
+        vpsllq	$32, %ymm3, %ymm8
+        vpsrlq	$32, %ymm2, %ymm9
+        vpblendd	$0xaa, %ymm8, %ymm2, %ymm2
+        vpblendd	$0x55, %ymm9, %ymm3, %ymm3
+        vpmulld	%ymm12, %ymm1, %ymm8
+        vmovshdup	%ymm1, %ymm9
+        vpmuldq	%ymm10, %ymm1, %ymm1
+        vmovshdup	%ymm10, %ymm10
+        vpmuldq	%ymm10, %ymm9, %ymm9
+        vmovshdup	%ymm8, %ymm15
+        vpmuldq	%ymm14, %ymm8, %ymm8
+        vpmuldq	%ymm14, %ymm15, %ymm15
+        vpsubq	%ymm8, %ymm1, %ymm8
+        vpsubq	%ymm15, %ymm9, %ymm15
+        vmovshdup	%ymm8, %ymm8
+        vpblendd	$0xaa, %ymm15, %ymm8, %ymm8
+        vpsubd	%ymm8, %ymm0, %ymm1
+        vpaddd	%ymm8, %ymm0, %ymm0
+        vpmulld	%ymm13, %ymm3, %ymm8
+        vmovshdup	%ymm3, %ymm9
+        vpmuldq	%ymm11, %ymm3, %ymm3
+        vmovshdup	%ymm11, %ymm11
+        vpmuldq	%ymm11, %ymm9, %ymm9
+        vmovshdup	%ymm8, %ymm15
+        vpmuldq	%ymm14, %ymm8, %ymm8
+        vpmuldq	%ymm14, %ymm15, %ymm15
+        vpsubq	%ymm8, %ymm3, %ymm8
+        vpsubq	%ymm15, %ymm9, %ymm15
+        vmovshdup	%ymm8, %ymm8
+        vpblendd	$0xaa, %ymm15, %ymm8, %ymm8
+        vpsubd	%ymm8, %ymm2, %ymm3
+        vpaddd	%ymm8, %ymm2, %ymm2
+        # 1: 3/4
+        vmovdqu	3712(%rdx), %ymm10
+        vmovdqu	3744(%rdx), %ymm12
+        vmovdqu	3776(%rdx), %ymm11
+        vmovdqu	3808(%rdx), %ymm13
+        vpsllq	$32, %ymm5, %ymm8
+        vpsrlq	$32, %ymm4, %ymm9
+        vpblendd	$0xaa, %ymm8, %ymm4, %ymm4
+        vpblendd	$0x55, %ymm9, %ymm5, %ymm5
+        vpsllq	$32, %ymm7, %ymm8
+        vpsrlq	$32, %ymm6, %ymm9
+        vpblendd	$0xaa, %ymm8, %ymm6, %ymm6
+        vpblendd	$0x55, %ymm9, %ymm7, %ymm7
+        vpmulld	%ymm12, %ymm5, %ymm8
+        vmovshdup	%ymm5, %ymm9
+        vpmuldq	%ymm10, %ymm5, %ymm5
+        vmovshdup	%ymm10, %ymm10
+        vpmuldq	%ymm10, %ymm9, %ymm9
+        vmovshdup	%ymm8, %ymm15
+        vpmuldq	%ymm14, %ymm8, %ymm8
+        vpmuldq	%ymm14, %ymm15, %ymm15
+        vpsubq	%ymm8, %ymm5, %ymm8
+        vpsubq	%ymm15, %ymm9, %ymm15
+        vmovshdup	%ymm8, %ymm8
+        vpblendd	$0xaa, %ymm15, %ymm8, %ymm8
+        vpsubd	%ymm8, %ymm4, %ymm5
+        vpaddd	%ymm8, %ymm4, %ymm4
+        vpmulld	%ymm13, %ymm7, %ymm8
+        vmovshdup	%ymm7, %ymm9
+        vpmuldq	%ymm11, %ymm7, %ymm7
+        vmovshdup	%ymm11, %ymm11
+        vpmuldq	%ymm11, %ymm9, %ymm9
+        vmovshdup	%ymm8, %ymm15
+        vpmuldq	%ymm14, %ymm8, %ymm8
+        vpmuldq	%ymm14, %ymm15, %ymm15
+        vpsubq	%ymm8, %ymm7, %ymm8
+        vpsubq	%ymm15, %ymm9, %ymm15
+        vmovshdup	%ymm8, %ymm8
+        vpblendd	$0xaa, %ymm15, %ymm8, %ymm8
+        vpsubd	%ymm8, %ymm6, %ymm7
+        vpaddd	%ymm8, %ymm6, %ymm6
+        vpunpckldq	%ymm1, %ymm0, %ymm8
+        vpunpckhdq	%ymm1, %ymm0, %ymm9
+        vperm2i128	$32, %ymm9, %ymm8, %ymm0
+        vperm2i128	$49, %ymm9, %ymm8, %ymm1
+        vpunpckldq	%ymm3, %ymm2, %ymm8
+        vpunpckhdq	%ymm3, %ymm2, %ymm9
+        vperm2i128	$32, %ymm9, %ymm8, %ymm2
+        vperm2i128	$49, %ymm9, %ymm8, %ymm3
+        vpunpckldq	%ymm5, %ymm4, %ymm8
+        vpunpckhdq	%ymm5, %ymm4, %ymm9
+        vperm2i128	$32, %ymm9, %ymm8, %ymm4
+        vperm2i128	$49, %ymm9, %ymm8, %ymm5
+        vpunpckldq	%ymm7, %ymm6, %ymm8
+        vpunpckhdq	%ymm7, %ymm6, %ymm9
+        vperm2i128	$32, %ymm9, %ymm8, %ymm6
+        vperm2i128	$49, %ymm9, %ymm8, %ymm7
+        vmovdqu	%ymm0, 512(%rdi)
+        vmovdqu	%ymm1, 544(%rdi)
+        vmovdqu	%ymm2, 576(%rdi)
+        vmovdqu	%ymm3, 608(%rdi)
+        vmovdqu	%ymm4, 640(%rdi)
+        vmovdqu	%ymm5, 672(%rdi)
+        vmovdqu	%ymm6, 704(%rdi)
+        vmovdqu	%ymm7, 736(%rdi)
+        vmovdqu	768(%rdi), %ymm0
+        vmovdqu	800(%rdi), %ymm1
+        vmovdqu	832(%rdi), %ymm2
+        vmovdqu	864(%rdi), %ymm3
+        vmovdqu	896(%rdi), %ymm4
+        vmovdqu	928(%rdi), %ymm5
+        vmovdqu	960(%rdi), %ymm6
+        vmovdqu	992(%rdi), %ymm7
+        # 32: 4/4
+        vmovdqu	3840(%rdx), %ymm10
+        vmovdqu	3872(%rdx), %ymm12
+        vpmulld	%ymm12, %ymm4, %ymm8
+        vmovshdup	%ymm4, %ymm9
+        vpmuldq	%ymm10, %ymm4, %ymm4
+        vpmuldq	%ymm10, %ymm9, %ymm9
+        vmovshdup	%ymm8, %ymm15
+        vpmuldq	%ymm14, %ymm8, %ymm8
+        vpmuldq	%ymm14, %ymm15, %ymm15
+        vpsubq	%ymm8, %ymm4, %ymm8
+        vpsubq	%ymm15, %ymm9, %ymm15
+        vmovshdup	%ymm8, %ymm8
+        vpblendd	$0xaa, %ymm15, %ymm8, %ymm8
+        vpsubd	%ymm8, %ymm0, %ymm4
+        vpaddd	%ymm8, %ymm0, %ymm0
+        vpmulld	%ymm12, %ymm5, %ymm8
+        vmovshdup	%ymm5, %ymm9
+        vpmuldq	%ymm10, %ymm5, %ymm5
+        vpmuldq	%ymm10, %ymm9, %ymm9
+        vmovshdup	%ymm8, %ymm15
+        vpmuldq	%ymm14, %ymm8, %ymm8
+        vpmuldq	%ymm14, %ymm15, %ymm15
+        vpsubq	%ymm8, %ymm5, %ymm8
+        vpsubq	%ymm15, %ymm9, %ymm15
+        vmovshdup	%ymm8, %ymm8
+        vpblendd	$0xaa, %ymm15, %ymm8, %ymm8
+        vpsubd	%ymm8, %ymm1, %ymm5
+        vpaddd	%ymm8, %ymm1, %ymm1
+        vpmulld	%ymm12, %ymm6, %ymm8
+        vmovshdup	%ymm6, %ymm9
+        vpmuldq	%ymm10, %ymm6, %ymm6
+        vpmuldq	%ymm10, %ymm9, %ymm9
+        vmovshdup	%ymm8, %ymm15
+        vpmuldq	%ymm14, %ymm8, %ymm8
+        vpmuldq	%ymm14, %ymm15, %ymm15
+        vpsubq	%ymm8, %ymm6, %ymm8
+        vpsubq	%ymm15, %ymm9, %ymm15
+        vmovshdup	%ymm8, %ymm8
+        vpblendd	$0xaa, %ymm15, %ymm8, %ymm8
+        vpsubd	%ymm8, %ymm2, %ymm6
+        vpaddd	%ymm8, %ymm2, %ymm2
+        vpmulld	%ymm12, %ymm7, %ymm8
+        vmovshdup	%ymm7, %ymm9
+        vpmuldq	%ymm10, %ymm7, %ymm7
+        vpmuldq	%ymm10, %ymm9, %ymm9
+        vmovshdup	%ymm8, %ymm15
+        vpmuldq	%ymm14, %ymm8, %ymm8
+        vpmuldq	%ymm14, %ymm15, %ymm15
+        vpsubq	%ymm8, %ymm7, %ymm8
+        vpsubq	%ymm15, %ymm9, %ymm15
+        vmovshdup	%ymm8, %ymm8
+        vpblendd	$0xaa, %ymm15, %ymm8, %ymm8
+        vpsubd	%ymm8, %ymm3, %ymm7
+        vpaddd	%ymm8, %ymm3, %ymm3
+        # 16: 4/4
+        vmovdqu	3904(%rdx), %ymm10
+        vmovdqu	3936(%rdx), %ymm12
+        vmovdqu	3968(%rdx), %ymm11
+        vmovdqu	4000(%rdx), %ymm13
+        vpmulld	%ymm12, %ymm2, %ymm8
+        vmovshdup	%ymm2, %ymm9
+        vpmuldq	%ymm10, %ymm2, %ymm2
+        vpmuldq	%ymm10, %ymm9, %ymm9
+        vmovshdup	%ymm8, %ymm15
+        vpmuldq	%ymm14, %ymm8, %ymm8
+        vpmuldq	%ymm14, %ymm15, %ymm15
+        vpsubq	%ymm8, %ymm2, %ymm8
+        vpsubq	%ymm15, %ymm9, %ymm15
+        vmovshdup	%ymm8, %ymm8
+        vpblendd	$0xaa, %ymm15, %ymm8, %ymm8
+        vpsubd	%ymm8, %ymm0, %ymm2
+        vpaddd	%ymm8, %ymm0, %ymm0
+        vpmulld	%ymm12, %ymm3, %ymm8
+        vmovshdup	%ymm3, %ymm9
+        vpmuldq	%ymm10, %ymm3, %ymm3
+        vpmuldq	%ymm10, %ymm9, %ymm9
+        vmovshdup	%ymm8, %ymm15
+        vpmuldq	%ymm14, %ymm8, %ymm8
+        vpmuldq	%ymm14, %ymm15, %ymm15
+        vpsubq	%ymm8, %ymm3, %ymm8
+        vpsubq	%ymm15, %ymm9, %ymm15
+        vmovshdup	%ymm8, %ymm8
+        vpblendd	$0xaa, %ymm15, %ymm8, %ymm8
+        vpsubd	%ymm8, %ymm1, %ymm3
+        vpaddd	%ymm8, %ymm1, %ymm1
+        vpmulld	%ymm13, %ymm6, %ymm8
+        vmovshdup	%ymm6, %ymm9
+        vpmuldq	%ymm11, %ymm6, %ymm6
+        vpmuldq	%ymm11, %ymm9, %ymm9
+        vmovshdup	%ymm8, %ymm15
+        vpmuldq	%ymm14, %ymm8, %ymm8
+        vpmuldq	%ymm14, %ymm15, %ymm15
+        vpsubq	%ymm8, %ymm6, %ymm8
+        vpsubq	%ymm15, %ymm9, %ymm15
+        vmovshdup	%ymm8, %ymm8
+        vpblendd	$0xaa, %ymm15, %ymm8, %ymm8
+        vpsubd	%ymm8, %ymm4, %ymm6
+        vpaddd	%ymm8, %ymm4, %ymm4
+        vpmulld	%ymm13, %ymm7, %ymm8
+        vmovshdup	%ymm7, %ymm9
+        vpmuldq	%ymm11, %ymm7, %ymm7
+        vpmuldq	%ymm11, %ymm9, %ymm9
+        vmovshdup	%ymm8, %ymm15
+        vpmuldq	%ymm14, %ymm8, %ymm8
+        vpmuldq	%ymm14, %ymm15, %ymm15
+        vpsubq	%ymm8, %ymm7, %ymm8
+        vpsubq	%ymm15, %ymm9, %ymm15
+        vmovshdup	%ymm8, %ymm8
+        vpblendd	$0xaa, %ymm15, %ymm8, %ymm8
+        vpsubd	%ymm8, %ymm5, %ymm7
+        vpaddd	%ymm8, %ymm5, %ymm5
+        # 8: 4/4
+        vmovdqu	4032(%rdx), %ymm10
+        vmovdqu	4064(%rdx), %ymm12
+        vmovdqu	4096(%rdx), %ymm11
+        vmovdqu	4128(%rdx), %ymm13
+        vpmulld	%ymm12, %ymm1, %ymm8
+        vmovshdup	%ymm1, %ymm9
+        vpmuldq	%ymm10, %ymm1, %ymm1
+        vpmuldq	%ymm10, %ymm9, %ymm9
+        vmovshdup	%ymm8, %ymm15
+        vpmuldq	%ymm14, %ymm8, %ymm8
+        vpmuldq	%ymm14, %ymm15, %ymm15
+        vpsubq	%ymm8, %ymm1, %ymm8
+        vpsubq	%ymm15, %ymm9, %ymm15
+        vmovshdup	%ymm8, %ymm8
+        vpblendd	$0xaa, %ymm15, %ymm8, %ymm8
+        vpsubd	%ymm8, %ymm0, %ymm1
+        vpaddd	%ymm8, %ymm0, %ymm0
+        vpmulld	%ymm13, %ymm3, %ymm8
+        vmovshdup	%ymm3, %ymm9
+        vpmuldq	%ymm11, %ymm3, %ymm3
+        vpmuldq	%ymm11, %ymm9, %ymm9
+        vmovshdup	%ymm8, %ymm15
+        vpmuldq	%ymm14, %ymm8, %ymm8
+        vpmuldq	%ymm14, %ymm15, %ymm15
+        vpsubq	%ymm8, %ymm3, %ymm8
+        vpsubq	%ymm15, %ymm9, %ymm15
+        vmovshdup	%ymm8, %ymm8
+        vpblendd	$0xaa, %ymm15, %ymm8, %ymm8
+        vpsubd	%ymm8, %ymm2, %ymm3
+        vpaddd	%ymm8, %ymm2, %ymm2
+        vmovdqu	4160(%rdx), %ymm10
+        vmovdqu	4192(%rdx), %ymm12
+        vmovdqu	4224(%rdx), %ymm11
+        vmovdqu	4256(%rdx), %ymm13
+        vpmulld	%ymm12, %ymm5, %ymm8
+        vmovshdup	%ymm5, %ymm9
+        vpmuldq	%ymm10, %ymm5, %ymm5
+        vpmuldq	%ymm10, %ymm9, %ymm9
+        vmovshdup	%ymm8, %ymm15
+        vpmuldq	%ymm14, %ymm8, %ymm8
+        vpmuldq	%ymm14, %ymm15, %ymm15
+        vpsubq	%ymm8, %ymm5, %ymm8
+        vpsubq	%ymm15, %ymm9, %ymm15
+        vmovshdup	%ymm8, %ymm8
+        vpblendd	$0xaa, %ymm15, %ymm8, %ymm8
+        vpsubd	%ymm8, %ymm4, %ymm5
+        vpaddd	%ymm8, %ymm4, %ymm4
+        vpmulld	%ymm13, %ymm7, %ymm8
+        vmovshdup	%ymm7, %ymm9
+        vpmuldq	%ymm11, %ymm7, %ymm7
+        vpmuldq	%ymm11, %ymm9, %ymm9
+        vmovshdup	%ymm8, %ymm15
+        vpmuldq	%ymm14, %ymm8, %ymm8
+        vpmuldq	%ymm14, %ymm15, %ymm15
+        vpsubq	%ymm8, %ymm7, %ymm8
+        vpsubq	%ymm15, %ymm9, %ymm15
+        vmovshdup	%ymm8, %ymm8
+        vpblendd	$0xaa, %ymm15, %ymm8, %ymm8
+        vpsubd	%ymm8, %ymm6, %ymm7
+        vpaddd	%ymm8, %ymm6, %ymm6
+        # 4: 4/4
+        vperm2i128	$32, %ymm1, %ymm0, %ymm8
+        vmovdqu	4288(%rdx), %ymm10
+        vperm2i128	$49, %ymm1, %ymm0, %ymm1
+        vmovdqu	4320(%rdx), %ymm12
+        vperm2i128	$32, %ymm3, %ymm2, %ymm9
+        vmovdqu	4352(%rdx), %ymm11
+        vperm2i128	$49, %ymm3, %ymm2, %ymm3
+        vmovdqu	4384(%rdx), %ymm13
+        vpmulld	%ymm12, %ymm1, %ymm0
+        vmovshdup	%ymm1, %ymm2
+        vpmuldq	%ymm10, %ymm1, %ymm1
+        vpmuldq	%ymm10, %ymm2, %ymm2
+        vmovshdup	%ymm0, %ymm15
+        vpmuldq	%ymm14, %ymm0, %ymm0
+        vpmuldq	%ymm14, %ymm15, %ymm15
+        vpsubq	%ymm0, %ymm1, %ymm0
+        vpsubq	%ymm15, %ymm2, %ymm15
+        vmovshdup	%ymm0, %ymm0
+        vpblendd	$0xaa, %ymm15, %ymm0, %ymm0
+        vpsubd	%ymm0, %ymm8, %ymm1
+        vpaddd	%ymm0, %ymm8, %ymm8
+        vpmulld	%ymm13, %ymm3, %ymm0
+        vmovshdup	%ymm3, %ymm2
+        vpmuldq	%ymm11, %ymm3, %ymm3
+        vpmuldq	%ymm11, %ymm2, %ymm2
+        vmovshdup	%ymm0, %ymm15
+        vpmuldq	%ymm14, %ymm0, %ymm0
+        vpmuldq	%ymm14, %ymm15, %ymm15
+        vpsubq	%ymm0, %ymm3, %ymm0
+        vpsubq	%ymm15, %ymm2, %ymm15
+        vmovshdup	%ymm0, %ymm0
+        vpblendd	$0xaa, %ymm15, %ymm0, %ymm0
+        vpsubd	%ymm0, %ymm9, %ymm3
+        vpaddd	%ymm0, %ymm9, %ymm9
+        # 2: 4/4
+        vmovdqu	4416(%rdx), %ymm10
+        vmovdqu	4448(%rdx), %ymm12
+        vmovdqu	4480(%rdx), %ymm11
+        vmovdqu	4512(%rdx), %ymm13
+        vpunpcklqdq	%ymm1, %ymm8, %ymm0
+        vpunpckhqdq	%ymm1, %ymm8, %ymm1
+        vpunpcklqdq	%ymm3, %ymm9, %ymm2
+        vpunpckhqdq	%ymm3, %ymm9, %ymm3
+        vpmulld	%ymm12, %ymm1, %ymm8
+        vmovshdup	%ymm1, %ymm9
+        vpmuldq	%ymm10, %ymm1, %ymm1
+        vpmuldq	%ymm10, %ymm9, %ymm9
+        vmovshdup	%ymm8, %ymm15
+        vpmuldq	%ymm14, %ymm8, %ymm8
+        vpmuldq	%ymm14, %ymm15, %ymm15
+        vpsubq	%ymm8, %ymm1, %ymm8
+        vpsubq	%ymm15, %ymm9, %ymm15
+        vmovshdup	%ymm8, %ymm8
+        vpblendd	$0xaa, %ymm15, %ymm8, %ymm8
+        vpsubd	%ymm8, %ymm0, %ymm1
+        vpaddd	%ymm8, %ymm0, %ymm0
+        vpmulld	%ymm13, %ymm3, %ymm8
+        vmovshdup	%ymm3, %ymm9
+        vpmuldq	%ymm11, %ymm3, %ymm3
+        vpmuldq	%ymm11, %ymm9, %ymm9
+        vmovshdup	%ymm8, %ymm15
+        vpmuldq	%ymm14, %ymm8, %ymm8
+        vpmuldq	%ymm14, %ymm15, %ymm15
+        vpsubq	%ymm8, %ymm3, %ymm8
+        vpsubq	%ymm15, %ymm9, %ymm15
+        vmovshdup	%ymm8, %ymm8
+        vpblendd	$0xaa, %ymm15, %ymm8, %ymm8
+        vpsubd	%ymm8, %ymm2, %ymm3
+        vpaddd	%ymm8, %ymm2, %ymm2
+        # 4: 4/4
+        vperm2i128	$32, %ymm5, %ymm4, %ymm8
+        vmovdqu	4544(%rdx), %ymm10
+        vperm2i128	$49, %ymm5, %ymm4, %ymm5
+        vmovdqu	4576(%rdx), %ymm12
+        vperm2i128	$32, %ymm7, %ymm6, %ymm9
+        vmovdqu	4608(%rdx), %ymm11
+        vperm2i128	$49, %ymm7, %ymm6, %ymm7
+        vmovdqu	4640(%rdx), %ymm13
+        vpmulld	%ymm12, %ymm5, %ymm4
+        vmovshdup	%ymm5, %ymm6
+        vpmuldq	%ymm10, %ymm5, %ymm5
+        vpmuldq	%ymm10, %ymm6, %ymm6
+        vmovshdup	%ymm4, %ymm15
+        vpmuldq	%ymm14, %ymm4, %ymm4
+        vpmuldq	%ymm14, %ymm15, %ymm15
+        vpsubq	%ymm4, %ymm5, %ymm4
+        vpsubq	%ymm15, %ymm6, %ymm15
+        vmovshdup	%ymm4, %ymm4
+        vpblendd	$0xaa, %ymm15, %ymm4, %ymm4
+        vpsubd	%ymm4, %ymm8, %ymm5
+        vpaddd	%ymm4, %ymm8, %ymm8
+        vpmulld	%ymm13, %ymm7, %ymm4
+        vmovshdup	%ymm7, %ymm6
+        vpmuldq	%ymm11, %ymm7, %ymm7
+        vpmuldq	%ymm11, %ymm6, %ymm6
+        vmovshdup	%ymm4, %ymm15
+        vpmuldq	%ymm14, %ymm4, %ymm4
+        vpmuldq	%ymm14, %ymm15, %ymm15
+        vpsubq	%ymm4, %ymm7, %ymm4
+        vpsubq	%ymm15, %ymm6, %ymm15
+        vmovshdup	%ymm4, %ymm4
+        vpblendd	$0xaa, %ymm15, %ymm4, %ymm4
+        vpsubd	%ymm4, %ymm9, %ymm7
+        vpaddd	%ymm4, %ymm9, %ymm9
+        # 2: 4/4
+        vmovdqu	4672(%rdx), %ymm10
+        vmovdqu	4704(%rdx), %ymm12
+        vmovdqu	4736(%rdx), %ymm11
+        vmovdqu	4768(%rdx), %ymm13
+        vpunpcklqdq	%ymm5, %ymm8, %ymm4
+        vpunpckhqdq	%ymm5, %ymm8, %ymm5
+        vpunpcklqdq	%ymm7, %ymm9, %ymm6
+        vpunpckhqdq	%ymm7, %ymm9, %ymm7
+        vpmulld	%ymm12, %ymm5, %ymm8
+        vmovshdup	%ymm5, %ymm9
+        vpmuldq	%ymm10, %ymm5, %ymm5
+        vpmuldq	%ymm10, %ymm9, %ymm9
+        vmovshdup	%ymm8, %ymm15
+        vpmuldq	%ymm14, %ymm8, %ymm8
+        vpmuldq	%ymm14, %ymm15, %ymm15
+        vpsubq	%ymm8, %ymm5, %ymm8
+        vpsubq	%ymm15, %ymm9, %ymm15
+        vmovshdup	%ymm8, %ymm8
+        vpblendd	$0xaa, %ymm15, %ymm8, %ymm8
+        vpsubd	%ymm8, %ymm4, %ymm5
+        vpaddd	%ymm8, %ymm4, %ymm4
+        vpmulld	%ymm13, %ymm7, %ymm8
+        vmovshdup	%ymm7, %ymm9
+        vpmuldq	%ymm11, %ymm7, %ymm7
+        vpmuldq	%ymm11, %ymm9, %ymm9
+        vmovshdup	%ymm8, %ymm15
+        vpmuldq	%ymm14, %ymm8, %ymm8
+        vpmuldq	%ymm14, %ymm15, %ymm15
+        vpsubq	%ymm8, %ymm7, %ymm8
+        vpsubq	%ymm15, %ymm9, %ymm15
+        vmovshdup	%ymm8, %ymm8
+        vpblendd	$0xaa, %ymm15, %ymm8, %ymm8
+        vpsubd	%ymm8, %ymm6, %ymm7
+        vpaddd	%ymm8, %ymm6, %ymm6
+        # 1: 4/4
+        vmovdqu	4800(%rdx), %ymm10
+        vmovdqu	4832(%rdx), %ymm12
+        vmovdqu	4864(%rdx), %ymm11
+        vmovdqu	4896(%rdx), %ymm13
+        vpsllq	$32, %ymm1, %ymm8
+        vpsrlq	$32, %ymm0, %ymm9
+        vpblendd	$0xaa, %ymm8, %ymm0, %ymm0
+        vpblendd	$0x55, %ymm9, %ymm1, %ymm1
+        vpsllq	$32, %ymm3, %ymm8
+        vpsrlq	$32, %ymm2, %ymm9
+        vpblendd	$0xaa, %ymm8, %ymm2, %ymm2
+        vpblendd	$0x55, %ymm9, %ymm3, %ymm3
+        vpmulld	%ymm12, %ymm1, %ymm8
+        vmovshdup	%ymm1, %ymm9
+        vpmuldq	%ymm10, %ymm1, %ymm1
+        vmovshdup	%ymm10, %ymm10
+        vpmuldq	%ymm10, %ymm9, %ymm9
+        vmovshdup	%ymm8, %ymm15
+        vpmuldq	%ymm14, %ymm8, %ymm8
+        vpmuldq	%ymm14, %ymm15, %ymm15
+        vpsubq	%ymm8, %ymm1, %ymm8
+        vpsubq	%ymm15, %ymm9, %ymm15
+        vmovshdup	%ymm8, %ymm8
+        vpblendd	$0xaa, %ymm15, %ymm8, %ymm8
+        vpsubd	%ymm8, %ymm0, %ymm1
+        vpaddd	%ymm8, %ymm0, %ymm0
+        vpmulld	%ymm13, %ymm3, %ymm8
+        vmovshdup	%ymm3, %ymm9
+        vpmuldq	%ymm11, %ymm3, %ymm3
+        vmovshdup	%ymm11, %ymm11
+        vpmuldq	%ymm11, %ymm9, %ymm9
+        vmovshdup	%ymm8, %ymm15
+        vpmuldq	%ymm14, %ymm8, %ymm8
+        vpmuldq	%ymm14, %ymm15, %ymm15
+        vpsubq	%ymm8, %ymm3, %ymm8
+        vpsubq	%ymm15, %ymm9, %ymm15
+        vmovshdup	%ymm8, %ymm8
+        vpblendd	$0xaa, %ymm15, %ymm8, %ymm8
+        vpsubd	%ymm8, %ymm2, %ymm3
+        vpaddd	%ymm8, %ymm2, %ymm2
+        # 1: 4/4
+        vmovdqu	4928(%rdx), %ymm10
+        vmovdqu	4960(%rdx), %ymm12
+        vmovdqu	4992(%rdx), %ymm11
+        vmovdqu	5024(%rdx), %ymm13
+        vpsllq	$32, %ymm5, %ymm8
+        vpsrlq	$32, %ymm4, %ymm9
+        vpblendd	$0xaa, %ymm8, %ymm4, %ymm4
+        vpblendd	$0x55, %ymm9, %ymm5, %ymm5
+        vpsllq	$32, %ymm7, %ymm8
+        vpsrlq	$32, %ymm6, %ymm9
+        vpblendd	$0xaa, %ymm8, %ymm6, %ymm6
+        vpblendd	$0x55, %ymm9, %ymm7, %ymm7
+        vpmulld	%ymm12, %ymm5, %ymm8
+        vmovshdup	%ymm5, %ymm9
+        vpmuldq	%ymm10, %ymm5, %ymm5
+        vmovshdup	%ymm10, %ymm10
+        vpmuldq	%ymm10, %ymm9, %ymm9
+        vmovshdup	%ymm8, %ymm15
+        vpmuldq	%ymm14, %ymm8, %ymm8
+        vpmuldq	%ymm14, %ymm15, %ymm15
+        vpsubq	%ymm8, %ymm5, %ymm8
+        vpsubq	%ymm15, %ymm9, %ymm15
+        vmovshdup	%ymm8, %ymm8
+        vpblendd	$0xaa, %ymm15, %ymm8, %ymm8
+        vpsubd	%ymm8, %ymm4, %ymm5
+        vpaddd	%ymm8, %ymm4, %ymm4
+        vpmulld	%ymm13, %ymm7, %ymm8
+        vmovshdup	%ymm7, %ymm9
+        vpmuldq	%ymm11, %ymm7, %ymm7
+        vmovshdup	%ymm11, %ymm11
+        vpmuldq	%ymm11, %ymm9, %ymm9
+        vmovshdup	%ymm8, %ymm15
+        vpmuldq	%ymm14, %ymm8, %ymm8
+        vpmuldq	%ymm14, %ymm15, %ymm15
+        vpsubq	%ymm8, %ymm7, %ymm8
+        vpsubq	%ymm15, %ymm9, %ymm15
+        vmovshdup	%ymm8, %ymm8
+        vpblendd	$0xaa, %ymm15, %ymm8, %ymm8
+        vpsubd	%ymm8, %ymm6, %ymm7
+        vpaddd	%ymm8, %ymm6, %ymm6
+        vpunpckldq	%ymm1, %ymm0, %ymm8
+        vpunpckhdq	%ymm1, %ymm0, %ymm9
+        vperm2i128	$32, %ymm9, %ymm8, %ymm0
+        vperm2i128	$49, %ymm9, %ymm8, %ymm1
+        vpunpckldq	%ymm3, %ymm2, %ymm8
+        vpunpckhdq	%ymm3, %ymm2, %ymm9
+        vperm2i128	$32, %ymm9, %ymm8, %ymm2
+        vperm2i128	$49, %ymm9, %ymm8, %ymm3
+        vpunpckldq	%ymm5, %ymm4, %ymm8
+        vpunpckhdq	%ymm5, %ymm4, %ymm9
+        vperm2i128	$32, %ymm9, %ymm8, %ymm4
+        vperm2i128	$49, %ymm9, %ymm8, %ymm5
+        vpunpckldq	%ymm7, %ymm6, %ymm8
+        vpunpckhdq	%ymm7, %ymm6, %ymm9
+        vperm2i128	$32, %ymm9, %ymm8, %ymm6
+        vperm2i128	$49, %ymm9, %ymm8, %ymm7
+        vmovdqu	%ymm0, 768(%rdi)
+        vmovdqu	%ymm1, 800(%rdi)
+        vmovdqu	%ymm2, 832(%rdi)
+        vmovdqu	%ymm3, 864(%rdi)
+        vmovdqu	%ymm4, 896(%rdi)
+        vmovdqu	%ymm5, 928(%rdi)
+        vmovdqu	%ymm6, 960(%rdi)
+        vmovdqu	%ymm7, 992(%rdi)
+        vzeroupper
+        repz retq
+#ifndef __APPLE__
+.size	wc_mldsa_ntt_full_avx2,.-wc_mldsa_ntt_full_avx2
+#endif /* __APPLE__ */
+#ifndef __APPLE__
+.text
+.globl	wc_mldsa_invntt_avx2
+.type	wc_mldsa_invntt_avx2,@function
+.align	16
+wc_mldsa_invntt_avx2:
+#else
+.section	__TEXT,__text
+.globl	_wc_mldsa_invntt_avx2
+.p2align	4
+_wc_mldsa_invntt_avx2:
+#endif /* __APPLE__ */
+        vpxor	%ymm14, %ymm14, %ymm14
+        vmovdqu	mldsa_q(%rip), %ymm14
+        # invntt
+        leaq	L_mldsa_avx2_zetas_inv(%rip), %rdx
+        vmovdqu	(%rdi), %ymm0
+        vmovdqu	32(%rdi), %ymm1
+        vmovdqu	64(%rdi), %ymm2
+        vmovdqu	96(%rdi), %ymm3
+        vmovdqu	128(%rdi), %ymm4
+        vmovdqu	160(%rdi), %ymm5
+        vmovdqu	192(%rdi), %ymm6
+        vmovdqu	224(%rdi), %ymm7
+        # 1: 1/4
+        vmovdqu	(%rdx), %ymm10
+        vmovdqu	32(%rdx), %ymm12
+        vmovdqu	64(%rdx), %ymm11
+        vmovdqu	96(%rdx), %ymm13
+        vpsubd	%ymm1, %ymm0, %ymm8
+        vpaddd	%ymm1, %ymm0, %ymm0
+        vpmulld	%ymm12, %ymm8, %ymm1
+        vmovshdup	%ymm8, %ymm9
+        vpmuldq	%ymm10, %ymm8, %ymm8
+        vmovshdup	%ymm10, %ymm10
+        vpmuldq	%ymm10, %ymm9, %ymm9
+        vmovshdup	%ymm1, %ymm15
+        vpmuldq	%ymm14, %ymm1, %ymm1
+        vpmuldq	%ymm14, %ymm15, %ymm15
+        vpsubq	%ymm1, %ymm8, %ymm1
+        vpsubq	%ymm15, %ymm9, %ymm15
+        vmovshdup	%ymm1, %ymm1
+        vpblendd	$0xaa, %ymm15, %ymm1, %ymm1
+        vpsubd	%ymm3, %ymm2, %ymm8
+        vpaddd	%ymm3, %ymm2, %ymm2
+        vpmulld	%ymm13, %ymm8, %ymm3
+        vmovshdup	%ymm8, %ymm9
+        vpmuldq	%ymm11, %ymm8, %ymm8
+        vmovshdup	%ymm11, %ymm11
+        vpmuldq	%ymm11, %ymm9, %ymm9
+        vmovshdup	%ymm3, %ymm15
+        vpmuldq	%ymm14, %ymm3, %ymm3
+        vpmuldq	%ymm14, %ymm15, %ymm15
+        vpsubq	%ymm3, %ymm8, %ymm3
+        vpsubq	%ymm15, %ymm9, %ymm15
+        vmovshdup	%ymm3, %ymm3
+        vpblendd	$0xaa, %ymm15, %ymm3, %ymm3
+        # 2: 1/4
+        vmovdqu	128(%rdx), %ymm10
+        vmovdqu	160(%rdx), %ymm12
+        vmovdqu	192(%rdx), %ymm11
+        vmovdqu	224(%rdx), %ymm13
+        vpshufd	$0xd8, %ymm0, %ymm8
+        vpshufd	$0xd8, %ymm1, %ymm9
+        vpunpckldq	%ymm9, %ymm8, %ymm0
+        vpunpckhdq	%ymm9, %ymm8, %ymm1
+        vpshufd	$0xd8, %ymm2, %ymm8
+        vpshufd	$0xd8, %ymm3, %ymm9
+        vpunpckldq	%ymm9, %ymm8, %ymm2
+        vpunpckhdq	%ymm9, %ymm8, %ymm3
+        vpsubd	%ymm1, %ymm0, %ymm8
+        vpaddd	%ymm1, %ymm0, %ymm0
+        vpmulld	%ymm12, %ymm8, %ymm1
+        vmovshdup	%ymm8, %ymm9
+        vpmuldq	%ymm10, %ymm8, %ymm8
+        vpmuldq	%ymm10, %ymm9, %ymm9
+        vmovshdup	%ymm1, %ymm15
+        vpmuldq	%ymm14, %ymm1, %ymm1
+        vpmuldq	%ymm14, %ymm15, %ymm15
+        vpsubq	%ymm1, %ymm8, %ymm1
+        vpsubq	%ymm15, %ymm9, %ymm15
+        vmovshdup	%ymm1, %ymm1
+        vpblendd	$0xaa, %ymm15, %ymm1, %ymm1
+        vpsubd	%ymm3, %ymm2, %ymm8
+        vpaddd	%ymm3, %ymm2, %ymm2
+        vpmulld	%ymm13, %ymm8, %ymm3
+        vmovshdup	%ymm8, %ymm9
+        vpmuldq	%ymm11, %ymm8, %ymm8
+        vpmuldq	%ymm11, %ymm9, %ymm9
+        vmovshdup	%ymm3, %ymm15
+        vpmuldq	%ymm14, %ymm3, %ymm3
+        vpmuldq	%ymm14, %ymm15, %ymm15
+        vpsubq	%ymm3, %ymm8, %ymm3
+        vpsubq	%ymm15, %ymm9, %ymm15
+        vmovshdup	%ymm3, %ymm3
+        vpblendd	$0xaa, %ymm15, %ymm3, %ymm3
+        # 4: 1/4
+        vmovdqu	256(%rdx), %ymm10
+        vmovdqu	288(%rdx), %ymm12
+        vmovdqu	320(%rdx), %ymm11
+        vmovdqu	352(%rdx), %ymm13
+        vpunpcklqdq	%ymm1, %ymm0, %ymm8
+        vpunpckhqdq	%ymm1, %ymm0, %ymm1
+        vpunpcklqdq	%ymm3, %ymm2, %ymm9
+        vpunpckhqdq	%ymm3, %ymm2, %ymm3
+        vpsubd	%ymm1, %ymm8, %ymm0
+        vpaddd	%ymm1, %ymm8, %ymm8
+        vpmulld	%ymm12, %ymm0, %ymm1
+        vmovshdup	%ymm0, %ymm2
+        vpmuldq	%ymm10, %ymm0, %ymm0
+        vpmuldq	%ymm10, %ymm2, %ymm2
+        vmovshdup	%ymm1, %ymm15
+        vpmuldq	%ymm14, %ymm1, %ymm1
+        vpmuldq	%ymm14, %ymm15, %ymm15
+        vpsubq	%ymm1, %ymm0, %ymm1
+        vpsubq	%ymm15, %ymm2, %ymm15
+        vmovshdup	%ymm1, %ymm1
+        vpblendd	$0xaa, %ymm15, %ymm1, %ymm1
+        vpsubd	%ymm3, %ymm9, %ymm0
+        vpaddd	%ymm3, %ymm9, %ymm9
+        vpmulld	%ymm13, %ymm0, %ymm3
+        vmovshdup	%ymm0, %ymm2
+        vpmuldq	%ymm11, %ymm0, %ymm0
+        vpmuldq	%ymm11, %ymm2, %ymm2
+        vmovshdup	%ymm3, %ymm15
+        vpmuldq	%ymm14, %ymm3, %ymm3
+        vpmuldq	%ymm14, %ymm15, %ymm15
+        vpsubq	%ymm3, %ymm0, %ymm3
+        vpsubq	%ymm15, %ymm2, %ymm15
+        vmovshdup	%ymm3, %ymm3
+        vpblendd	$0xaa, %ymm15, %ymm3, %ymm3
+        # 8: 1/4
+        vperm2i128	$32, %ymm1, %ymm8, %ymm0
+        vmovdqu	384(%rdx), %ymm10
+        vperm2i128	$49, %ymm1, %ymm8, %ymm1
+        vmovdqu	416(%rdx), %ymm12
+        vperm2i128	$32, %ymm3, %ymm9, %ymm2
+        vmovdqu	448(%rdx), %ymm11
+        vperm2i128	$49, %ymm3, %ymm9, %ymm3
+        vmovdqu	480(%rdx), %ymm13
+        vpsubd	%ymm1, %ymm0, %ymm8
+        vpaddd	%ymm1, %ymm0, %ymm0
+        vpmulld	%ymm12, %ymm8, %ymm1
+        vmovshdup	%ymm8, %ymm9
+        vpmuldq	%ymm10, %ymm8, %ymm8
+        vpmuldq	%ymm10, %ymm9, %ymm9
+        vmovshdup	%ymm1, %ymm15
+        vpmuldq	%ymm14, %ymm1, %ymm1
+        vpmuldq	%ymm14, %ymm15, %ymm15
+        vpsubq	%ymm1, %ymm8, %ymm1
+        vpsubq	%ymm15, %ymm9, %ymm15
+        vmovshdup	%ymm1, %ymm1
+        vpblendd	$0xaa, %ymm15, %ymm1, %ymm1
+        vpsubd	%ymm3, %ymm2, %ymm8
+        vpaddd	%ymm3, %ymm2, %ymm2
+        vpmulld	%ymm13, %ymm8, %ymm3
+        vmovshdup	%ymm8, %ymm9
+        vpmuldq	%ymm11, %ymm8, %ymm8
+        vpmuldq	%ymm11, %ymm9, %ymm9
+        vmovshdup	%ymm3, %ymm15
+        vpmuldq	%ymm14, %ymm3, %ymm3
+        vpmuldq	%ymm14, %ymm15, %ymm15
+        vpsubq	%ymm3, %ymm8, %ymm3
+        vpsubq	%ymm15, %ymm9, %ymm15
+        vmovshdup	%ymm3, %ymm3
+        vpblendd	$0xaa, %ymm15, %ymm3, %ymm3
+        # 16: 1/4
+        vmovdqu	512(%rdx), %ymm10
+        vmovdqu	544(%rdx), %ymm12
+        vpsubd	%ymm2, %ymm0, %ymm8
+        vpaddd	%ymm2, %ymm0, %ymm0
+        vpmulld	%ymm12, %ymm8, %ymm2
+        vmovshdup	%ymm8, %ymm9
+        vpmuldq	%ymm10, %ymm8, %ymm8
+        vpmuldq	%ymm10, %ymm9, %ymm9
+        vmovshdup	%ymm2, %ymm15
+        vpmuldq	%ymm14, %ymm2, %ymm2
+        vpmuldq	%ymm14, %ymm15, %ymm15
+        vpsubq	%ymm2, %ymm8, %ymm2
+        vpsubq	%ymm15, %ymm9, %ymm15
+        vmovshdup	%ymm2, %ymm2
+        vpblendd	$0xaa, %ymm15, %ymm2, %ymm2
+        vpsubd	%ymm3, %ymm1, %ymm8
+        vpaddd	%ymm3, %ymm1, %ymm1
+        vpmulld	%ymm12, %ymm8, %ymm3
+        vmovshdup	%ymm8, %ymm9
+        vpmuldq	%ymm10, %ymm8, %ymm8
+        vpmuldq	%ymm10, %ymm9, %ymm9
+        vmovshdup	%ymm3, %ymm15
+        vpmuldq	%ymm14, %ymm3, %ymm3
+        vpmuldq	%ymm14, %ymm15, %ymm15
+        vpsubq	%ymm3, %ymm8, %ymm3
+        vpsubq	%ymm15, %ymm9, %ymm15
+        vmovshdup	%ymm3, %ymm3
+        vpblendd	$0xaa, %ymm15, %ymm3, %ymm3
+        # 1: 1/4
+        vmovdqu	576(%rdx), %ymm10
+        vmovdqu	608(%rdx), %ymm12
+        vmovdqu	640(%rdx), %ymm11
+        vmovdqu	672(%rdx), %ymm13
+        vpsubd	%ymm5, %ymm4, %ymm8
+        vpaddd	%ymm5, %ymm4, %ymm4
+        vpmulld	%ymm12, %ymm8, %ymm5
+        vmovshdup	%ymm8, %ymm9
+        vpmuldq	%ymm10, %ymm8, %ymm8
+        vmovshdup	%ymm10, %ymm10
+        vpmuldq	%ymm10, %ymm9, %ymm9
+        vmovshdup	%ymm5, %ymm15
+        vpmuldq	%ymm14, %ymm5, %ymm5
+        vpmuldq	%ymm14, %ymm15, %ymm15
+        vpsubq	%ymm5, %ymm8, %ymm5
+        vpsubq	%ymm15, %ymm9, %ymm15
+        vmovshdup	%ymm5, %ymm5
+        vpblendd	$0xaa, %ymm15, %ymm5, %ymm5
+        vpsubd	%ymm7, %ymm6, %ymm8
+        vpaddd	%ymm7, %ymm6, %ymm6
+        vpmulld	%ymm13, %ymm8, %ymm7
+        vmovshdup	%ymm8, %ymm9
+        vpmuldq	%ymm11, %ymm8, %ymm8
+        vmovshdup	%ymm11, %ymm11
+        vpmuldq	%ymm11, %ymm9, %ymm9
+        vmovshdup	%ymm7, %ymm15
+        vpmuldq	%ymm14, %ymm7, %ymm7
+        vpmuldq	%ymm14, %ymm15, %ymm15
+        vpsubq	%ymm7, %ymm8, %ymm7
+        vpsubq	%ymm15, %ymm9, %ymm15
+        vmovshdup	%ymm7, %ymm7
+        vpblendd	$0xaa, %ymm15, %ymm7, %ymm7
+        # 2: 1/4
+        vmovdqu	704(%rdx), %ymm10
+        vmovdqu	736(%rdx), %ymm12
+        vmovdqu	768(%rdx), %ymm11
+        vmovdqu	800(%rdx), %ymm13
+        vpshufd	$0xd8, %ymm4, %ymm8
+        vpshufd	$0xd8, %ymm5, %ymm9
+        vpunpckldq	%ymm9, %ymm8, %ymm4
+        vpunpckhdq	%ymm9, %ymm8, %ymm5
+        vpshufd	$0xd8, %ymm6, %ymm8
+        vpshufd	$0xd8, %ymm7, %ymm9
+        vpunpckldq	%ymm9, %ymm8, %ymm6
+        vpunpckhdq	%ymm9, %ymm8, %ymm7
+        vpsubd	%ymm5, %ymm4, %ymm8
+        vpaddd	%ymm5, %ymm4, %ymm4
+        vpmulld	%ymm12, %ymm8, %ymm5
+        vmovshdup	%ymm8, %ymm9
+        vpmuldq	%ymm10, %ymm8, %ymm8
+        vpmuldq	%ymm10, %ymm9, %ymm9
+        vmovshdup	%ymm5, %ymm15
+        vpmuldq	%ymm14, %ymm5, %ymm5
+        vpmuldq	%ymm14, %ymm15, %ymm15
+        vpsubq	%ymm5, %ymm8, %ymm5
+        vpsubq	%ymm15, %ymm9, %ymm15
+        vmovshdup	%ymm5, %ymm5
+        vpblendd	$0xaa, %ymm15, %ymm5, %ymm5
+        vpsubd	%ymm7, %ymm6, %ymm8
+        vpaddd	%ymm7, %ymm6, %ymm6
+        vpmulld	%ymm13, %ymm8, %ymm7
+        vmovshdup	%ymm8, %ymm9
+        vpmuldq	%ymm11, %ymm8, %ymm8
+        vpmuldq	%ymm11, %ymm9, %ymm9
+        vmovshdup	%ymm7, %ymm15
+        vpmuldq	%ymm14, %ymm7, %ymm7
+        vpmuldq	%ymm14, %ymm15, %ymm15
+        vpsubq	%ymm7, %ymm8, %ymm7
+        vpsubq	%ymm15, %ymm9, %ymm15
+        vmovshdup	%ymm7, %ymm7
+        vpblendd	$0xaa, %ymm15, %ymm7, %ymm7
+        # 4: 1/4
+        vmovdqu	832(%rdx), %ymm10
+        vmovdqu	864(%rdx), %ymm12
+        vmovdqu	896(%rdx), %ymm11
+        vmovdqu	928(%rdx), %ymm13
+        vpunpcklqdq	%ymm5, %ymm4, %ymm8
+        vpunpckhqdq	%ymm5, %ymm4, %ymm5
+        vpunpcklqdq	%ymm7, %ymm6, %ymm9
+        vpunpckhqdq	%ymm7, %ymm6, %ymm7
+        vpsubd	%ymm5, %ymm8, %ymm4
+        vpaddd	%ymm5, %ymm8, %ymm8
+        vpmulld	%ymm12, %ymm4, %ymm5
+        vmovshdup	%ymm4, %ymm6
+        vpmuldq	%ymm10, %ymm4, %ymm4
+        vpmuldq	%ymm10, %ymm6, %ymm6
+        vmovshdup	%ymm5, %ymm15
+        vpmuldq	%ymm14, %ymm5, %ymm5
+        vpmuldq	%ymm14, %ymm15, %ymm15
+        vpsubq	%ymm5, %ymm4, %ymm5
+        vpsubq	%ymm15, %ymm6, %ymm15
+        vmovshdup	%ymm5, %ymm5
+        vpblendd	$0xaa, %ymm15, %ymm5, %ymm5
+        vpsubd	%ymm7, %ymm9, %ymm4
+        vpaddd	%ymm7, %ymm9, %ymm9
+        vpmulld	%ymm13, %ymm4, %ymm7
+        vmovshdup	%ymm4, %ymm6
+        vpmuldq	%ymm11, %ymm4, %ymm4
+        vpmuldq	%ymm11, %ymm6, %ymm6
+        vmovshdup	%ymm7, %ymm15
+        vpmuldq	%ymm14, %ymm7, %ymm7
+        vpmuldq	%ymm14, %ymm15, %ymm15
+        vpsubq	%ymm7, %ymm4, %ymm7
+        vpsubq	%ymm15, %ymm6, %ymm15
+        vmovshdup	%ymm7, %ymm7
+        vpblendd	$0xaa, %ymm15, %ymm7, %ymm7
+        # 8: 1/4
+        vperm2i128	$32, %ymm5, %ymm8, %ymm4
+        vmovdqu	960(%rdx), %ymm10
+        vperm2i128	$49, %ymm5, %ymm8, %ymm5
+        vmovdqu	992(%rdx), %ymm12
+        vperm2i128	$32, %ymm7, %ymm9, %ymm6
+        vmovdqu	1024(%rdx), %ymm11
+        vperm2i128	$49, %ymm7, %ymm9, %ymm7
+        vmovdqu	1056(%rdx), %ymm13
+        vpsubd	%ymm5, %ymm4, %ymm8
+        vpaddd	%ymm5, %ymm4, %ymm4
+        vpmulld	%ymm12, %ymm8, %ymm5
+        vmovshdup	%ymm8, %ymm9
+        vpmuldq	%ymm10, %ymm8, %ymm8
+        vpmuldq	%ymm10, %ymm9, %ymm9
+        vmovshdup	%ymm5, %ymm15
+        vpmuldq	%ymm14, %ymm5, %ymm5
+        vpmuldq	%ymm14, %ymm15, %ymm15
+        vpsubq	%ymm5, %ymm8, %ymm5
+        vpsubq	%ymm15, %ymm9, %ymm15
+        vmovshdup	%ymm5, %ymm5
+        vpblendd	$0xaa, %ymm15, %ymm5, %ymm5
+        vpsubd	%ymm7, %ymm6, %ymm8
+        vpaddd	%ymm7, %ymm6, %ymm6
+        vpmulld	%ymm13, %ymm8, %ymm7
+        vmovshdup	%ymm8, %ymm9
+        vpmuldq	%ymm11, %ymm8, %ymm8
+        vpmuldq	%ymm11, %ymm9, %ymm9
+        vmovshdup	%ymm7, %ymm15
+        vpmuldq	%ymm14, %ymm7, %ymm7
+        vpmuldq	%ymm14, %ymm15, %ymm15
+        vpsubq	%ymm7, %ymm8, %ymm7
+        vpsubq	%ymm15, %ymm9, %ymm15
+        vmovshdup	%ymm7, %ymm7
+        vpblendd	$0xaa, %ymm15, %ymm7, %ymm7
+        # 16: 1/4
+        vmovdqu	1088(%rdx), %ymm10
+        vmovdqu	1120(%rdx), %ymm12
+        vpsubd	%ymm6, %ymm4, %ymm8
+        vpaddd	%ymm6, %ymm4, %ymm4
+        vpmulld	%ymm12, %ymm8, %ymm6
+        vmovshdup	%ymm8, %ymm9
+        vpmuldq	%ymm10, %ymm8, %ymm8
+        vpmuldq	%ymm10, %ymm9, %ymm9
+        vmovshdup	%ymm6, %ymm15
+        vpmuldq	%ymm14, %ymm6, %ymm6
+        vpmuldq	%ymm14, %ymm15, %ymm15
+        vpsubq	%ymm6, %ymm8, %ymm6
+        vpsubq	%ymm15, %ymm9, %ymm15
+        vmovshdup	%ymm6, %ymm6
+        vpblendd	$0xaa, %ymm15, %ymm6, %ymm6
+        vpsubd	%ymm7, %ymm5, %ymm8
+        vpaddd	%ymm7, %ymm5, %ymm5
+        vpmulld	%ymm12, %ymm8, %ymm7
+        vmovshdup	%ymm8, %ymm9
+        vpmuldq	%ymm10, %ymm8, %ymm8
+        vpmuldq	%ymm10, %ymm9, %ymm9
+        vmovshdup	%ymm7, %ymm15
+        vpmuldq	%ymm14, %ymm7, %ymm7
+        vpmuldq	%ymm14, %ymm15, %ymm15
+        vpsubq	%ymm7, %ymm8, %ymm7
+        vpsubq	%ymm15, %ymm9, %ymm15
+        vmovshdup	%ymm7, %ymm7
+        vpblendd	$0xaa, %ymm15, %ymm7, %ymm7
+        # 32: 1/4
+        vmovdqu	1152(%rdx), %ymm10
+        vmovdqu	1184(%rdx), %ymm12
+        vpsubd	%ymm4, %ymm0, %ymm8
+        vpaddd	%ymm4, %ymm0, %ymm0
+        vpmulld	%ymm12, %ymm8, %ymm4
+        vmovshdup	%ymm8, %ymm9
+        vpmuldq	%ymm10, %ymm8, %ymm8
+        vpmuldq	%ymm10, %ymm9, %ymm9
+        vmovshdup	%ymm4, %ymm15
+        vpmuldq	%ymm14, %ymm4, %ymm4
+        vpmuldq	%ymm14, %ymm15, %ymm15
+        vpsubq	%ymm4, %ymm8, %ymm4
+        vpsubq	%ymm15, %ymm9, %ymm15
+        vmovshdup	%ymm4, %ymm4
+        vpblendd	$0xaa, %ymm15, %ymm4, %ymm4
+        vpsubd	%ymm5, %ymm1, %ymm8
+        vpaddd	%ymm5, %ymm1, %ymm1
+        vpmulld	%ymm12, %ymm8, %ymm5
+        vmovshdup	%ymm8, %ymm9
+        vpmuldq	%ymm10, %ymm8, %ymm8
+        vpmuldq	%ymm10, %ymm9, %ymm9
+        vmovshdup	%ymm5, %ymm15
+        vpmuldq	%ymm14, %ymm5, %ymm5
+        vpmuldq	%ymm14, %ymm15, %ymm15
+        vpsubq	%ymm5, %ymm8, %ymm5
+        vpsubq	%ymm15, %ymm9, %ymm15
+        vmovshdup	%ymm5, %ymm5
+        vpblendd	$0xaa, %ymm15, %ymm5, %ymm5
+        vpsubd	%ymm6, %ymm2, %ymm8
+        vpaddd	%ymm6, %ymm2, %ymm2
+        vpmulld	%ymm12, %ymm8, %ymm6
+        vmovshdup	%ymm8, %ymm9
+        vpmuldq	%ymm10, %ymm8, %ymm8
+        vpmuldq	%ymm10, %ymm9, %ymm9
+        vmovshdup	%ymm6, %ymm15
+        vpmuldq	%ymm14, %ymm6, %ymm6
+        vpmuldq	%ymm14, %ymm15, %ymm15
+        vpsubq	%ymm6, %ymm8, %ymm6
+        vpsubq	%ymm15, %ymm9, %ymm15
+        vmovshdup	%ymm6, %ymm6
+        vpblendd	$0xaa, %ymm15, %ymm6, %ymm6
+        vpsubd	%ymm7, %ymm3, %ymm8
+        vpaddd	%ymm7, %ymm3, %ymm3
+        vpmulld	%ymm12, %ymm8, %ymm7
+        vmovshdup	%ymm8, %ymm9
+        vpmuldq	%ymm10, %ymm8, %ymm8
+        vpmuldq	%ymm10, %ymm9, %ymm9
+        vmovshdup	%ymm7, %ymm15
+        vpmuldq	%ymm14, %ymm7, %ymm7
+        vpmuldq	%ymm14, %ymm15, %ymm15
+        vpsubq	%ymm7, %ymm8, %ymm7
+        vpsubq	%ymm15, %ymm9, %ymm15
+        vmovshdup	%ymm7, %ymm7
+        vpblendd	$0xaa, %ymm15, %ymm7, %ymm7
+        vmovdqu	%ymm0, (%rdi)
+        vmovdqu	%ymm1, 32(%rdi)
+        vmovdqu	%ymm2, 64(%rdi)
+        vmovdqu	%ymm3, 96(%rdi)
+        vmovdqu	%ymm4, 128(%rdi)
+        vmovdqu	%ymm5, 160(%rdi)
+        vmovdqu	%ymm6, 192(%rdi)
+        vmovdqu	%ymm7, 224(%rdi)
+        vmovdqu	256(%rdi), %ymm0
+        vmovdqu	288(%rdi), %ymm1
+        vmovdqu	320(%rdi), %ymm2
+        vmovdqu	352(%rdi), %ymm3
+        vmovdqu	384(%rdi), %ymm4
+        vmovdqu	416(%rdi), %ymm5
+        vmovdqu	448(%rdi), %ymm6
+        vmovdqu	480(%rdi), %ymm7
+        # 1: 2/4
+        vmovdqu	1216(%rdx), %ymm10
+        vmovdqu	1248(%rdx), %ymm12
+        vmovdqu	1280(%rdx), %ymm11
+        vmovdqu	1312(%rdx), %ymm13
+        vpsubd	%ymm1, %ymm0, %ymm8
+        vpaddd	%ymm1, %ymm0, %ymm0
+        vpmulld	%ymm12, %ymm8, %ymm1
+        vmovshdup	%ymm8, %ymm9
+        vpmuldq	%ymm10, %ymm8, %ymm8
+        vmovshdup	%ymm10, %ymm10
+        vpmuldq	%ymm10, %ymm9, %ymm9
+        vmovshdup	%ymm1, %ymm15
+        vpmuldq	%ymm14, %ymm1, %ymm1
+        vpmuldq	%ymm14, %ymm15, %ymm15
+        vpsubq	%ymm1, %ymm8, %ymm1
+        vpsubq	%ymm15, %ymm9, %ymm15
+        vmovshdup	%ymm1, %ymm1
+        vpblendd	$0xaa, %ymm15, %ymm1, %ymm1
+        vpsubd	%ymm3, %ymm2, %ymm8
+        vpaddd	%ymm3, %ymm2, %ymm2
+        vpmulld	%ymm13, %ymm8, %ymm3
+        vmovshdup	%ymm8, %ymm9
+        vpmuldq	%ymm11, %ymm8, %ymm8
+        vmovshdup	%ymm11, %ymm11
+        vpmuldq	%ymm11, %ymm9, %ymm9
+        vmovshdup	%ymm3, %ymm15
+        vpmuldq	%ymm14, %ymm3, %ymm3
+        vpmuldq	%ymm14, %ymm15, %ymm15
+        vpsubq	%ymm3, %ymm8, %ymm3
+        vpsubq	%ymm15, %ymm9, %ymm15
+        vmovshdup	%ymm3, %ymm3
+        vpblendd	$0xaa, %ymm15, %ymm3, %ymm3
+        # 2: 2/4
+        vmovdqu	1344(%rdx), %ymm10
+        vmovdqu	1376(%rdx), %ymm12
+        vmovdqu	1408(%rdx), %ymm11
+        vmovdqu	1440(%rdx), %ymm13
+        vpshufd	$0xd8, %ymm0, %ymm8
+        vpshufd	$0xd8, %ymm1, %ymm9
+        vpunpckldq	%ymm9, %ymm8, %ymm0
+        vpunpckhdq	%ymm9, %ymm8, %ymm1
+        vpshufd	$0xd8, %ymm2, %ymm8
+        vpshufd	$0xd8, %ymm3, %ymm9
+        vpunpckldq	%ymm9, %ymm8, %ymm2
+        vpunpckhdq	%ymm9, %ymm8, %ymm3
+        vpsubd	%ymm1, %ymm0, %ymm8
+        vpaddd	%ymm1, %ymm0, %ymm0
+        vpmulld	%ymm12, %ymm8, %ymm1
+        vmovshdup	%ymm8, %ymm9
+        vpmuldq	%ymm10, %ymm8, %ymm8
+        vpmuldq	%ymm10, %ymm9, %ymm9
+        vmovshdup	%ymm1, %ymm15
+        vpmuldq	%ymm14, %ymm1, %ymm1
+        vpmuldq	%ymm14, %ymm15, %ymm15
+        vpsubq	%ymm1, %ymm8, %ymm1
+        vpsubq	%ymm15, %ymm9, %ymm15
+        vmovshdup	%ymm1, %ymm1
+        vpblendd	$0xaa, %ymm15, %ymm1, %ymm1
+        vpsubd	%ymm3, %ymm2, %ymm8
+        vpaddd	%ymm3, %ymm2, %ymm2
+        vpmulld	%ymm13, %ymm8, %ymm3
+        vmovshdup	%ymm8, %ymm9
+        vpmuldq	%ymm11, %ymm8, %ymm8
+        vpmuldq	%ymm11, %ymm9, %ymm9
+        vmovshdup	%ymm3, %ymm15
+        vpmuldq	%ymm14, %ymm3, %ymm3
+        vpmuldq	%ymm14, %ymm15, %ymm15
+        vpsubq	%ymm3, %ymm8, %ymm3
+        vpsubq	%ymm15, %ymm9, %ymm15
+        vmovshdup	%ymm3, %ymm3
+        vpblendd	$0xaa, %ymm15, %ymm3, %ymm3
+        # 4: 2/4
+        vmovdqu	1472(%rdx), %ymm10
+        vmovdqu	1504(%rdx), %ymm12
+        vmovdqu	1536(%rdx), %ymm11
+        vmovdqu	1568(%rdx), %ymm13
+        vpunpcklqdq	%ymm1, %ymm0, %ymm8
+        vpunpckhqdq	%ymm1, %ymm0, %ymm1
+        vpunpcklqdq	%ymm3, %ymm2, %ymm9
+        vpunpckhqdq	%ymm3, %ymm2, %ymm3
+        vpsubd	%ymm1, %ymm8, %ymm0
+        vpaddd	%ymm1, %ymm8, %ymm8
+        vpmulld	%ymm12, %ymm0, %ymm1
+        vmovshdup	%ymm0, %ymm2
+        vpmuldq	%ymm10, %ymm0, %ymm0
+        vpmuldq	%ymm10, %ymm2, %ymm2
+        vmovshdup	%ymm1, %ymm15
+        vpmuldq	%ymm14, %ymm1, %ymm1
+        vpmuldq	%ymm14, %ymm15, %ymm15
+        vpsubq	%ymm1, %ymm0, %ymm1
+        vpsubq	%ymm15, %ymm2, %ymm15
+        vmovshdup	%ymm1, %ymm1
+        vpblendd	$0xaa, %ymm15, %ymm1, %ymm1
+        vpsubd	%ymm3, %ymm9, %ymm0
+        vpaddd	%ymm3, %ymm9, %ymm9
+        vpmulld	%ymm13, %ymm0, %ymm3
+        vmovshdup	%ymm0, %ymm2
+        vpmuldq	%ymm11, %ymm0, %ymm0
+        vpmuldq	%ymm11, %ymm2, %ymm2
+        vmovshdup	%ymm3, %ymm15
+        vpmuldq	%ymm14, %ymm3, %ymm3
+        vpmuldq	%ymm14, %ymm15, %ymm15
+        vpsubq	%ymm3, %ymm0, %ymm3
+        vpsubq	%ymm15, %ymm2, %ymm15
+        vmovshdup	%ymm3, %ymm3
+        vpblendd	$0xaa, %ymm15, %ymm3, %ymm3
+        # 8: 2/4
+        vperm2i128	$32, %ymm1, %ymm8, %ymm0
+        vmovdqu	1600(%rdx), %ymm10
+        vperm2i128	$49, %ymm1, %ymm8, %ymm1
+        vmovdqu	1632(%rdx), %ymm12
+        vperm2i128	$32, %ymm3, %ymm9, %ymm2
+        vmovdqu	1664(%rdx), %ymm11
+        vperm2i128	$49, %ymm3, %ymm9, %ymm3
+        vmovdqu	1696(%rdx), %ymm13
+        vpsubd	%ymm1, %ymm0, %ymm8
+        vpaddd	%ymm1, %ymm0, %ymm0
+        vpmulld	%ymm12, %ymm8, %ymm1
+        vmovshdup	%ymm8, %ymm9
+        vpmuldq	%ymm10, %ymm8, %ymm8
+        vpmuldq	%ymm10, %ymm9, %ymm9
+        vmovshdup	%ymm1, %ymm15
+        vpmuldq	%ymm14, %ymm1, %ymm1
+        vpmuldq	%ymm14, %ymm15, %ymm15
+        vpsubq	%ymm1, %ymm8, %ymm1
+        vpsubq	%ymm15, %ymm9, %ymm15
+        vmovshdup	%ymm1, %ymm1
+        vpblendd	$0xaa, %ymm15, %ymm1, %ymm1
+        vpsubd	%ymm3, %ymm2, %ymm8
+        vpaddd	%ymm3, %ymm2, %ymm2
+        vpmulld	%ymm13, %ymm8, %ymm3
+        vmovshdup	%ymm8, %ymm9
+        vpmuldq	%ymm11, %ymm8, %ymm8
+        vpmuldq	%ymm11, %ymm9, %ymm9
+        vmovshdup	%ymm3, %ymm15
+        vpmuldq	%ymm14, %ymm3, %ymm3
+        vpmuldq	%ymm14, %ymm15, %ymm15
+        vpsubq	%ymm3, %ymm8, %ymm3
+        vpsubq	%ymm15, %ymm9, %ymm15
+        vmovshdup	%ymm3, %ymm3
+        vpblendd	$0xaa, %ymm15, %ymm3, %ymm3
+        # 16: 2/4
+        vmovdqu	1728(%rdx), %ymm10
+        vmovdqu	1760(%rdx), %ymm12
+        vpsubd	%ymm2, %ymm0, %ymm8
+        vpaddd	%ymm2, %ymm0, %ymm0
+        vpmulld	%ymm12, %ymm8, %ymm2
+        vmovshdup	%ymm8, %ymm9
+        vpmuldq	%ymm10, %ymm8, %ymm8
+        vpmuldq	%ymm10, %ymm9, %ymm9
+        vmovshdup	%ymm2, %ymm15
+        vpmuldq	%ymm14, %ymm2, %ymm2
+        vpmuldq	%ymm14, %ymm15, %ymm15
+        vpsubq	%ymm2, %ymm8, %ymm2
+        vpsubq	%ymm15, %ymm9, %ymm15
+        vmovshdup	%ymm2, %ymm2
+        vpblendd	$0xaa, %ymm15, %ymm2, %ymm2
+        vpsubd	%ymm3, %ymm1, %ymm8
+        vpaddd	%ymm3, %ymm1, %ymm1
+        vpmulld	%ymm12, %ymm8, %ymm3
+        vmovshdup	%ymm8, %ymm9
+        vpmuldq	%ymm10, %ymm8, %ymm8
+        vpmuldq	%ymm10, %ymm9, %ymm9
+        vmovshdup	%ymm3, %ymm15
+        vpmuldq	%ymm14, %ymm3, %ymm3
+        vpmuldq	%ymm14, %ymm15, %ymm15
+        vpsubq	%ymm3, %ymm8, %ymm3
+        vpsubq	%ymm15, %ymm9, %ymm15
+        vmovshdup	%ymm3, %ymm3
+        vpblendd	$0xaa, %ymm15, %ymm3, %ymm3
+        # 1: 2/4
+        vmovdqu	1792(%rdx), %ymm10
+        vmovdqu	1824(%rdx), %ymm12
+        vmovdqu	1856(%rdx), %ymm11
+        vmovdqu	1888(%rdx), %ymm13
+        vpsubd	%ymm5, %ymm4, %ymm8
+        vpaddd	%ymm5, %ymm4, %ymm4
+        vpmulld	%ymm12, %ymm8, %ymm5
+        vmovshdup	%ymm8, %ymm9
+        vpmuldq	%ymm10, %ymm8, %ymm8
+        vmovshdup	%ymm10, %ymm10
+        vpmuldq	%ymm10, %ymm9, %ymm9
+        vmovshdup	%ymm5, %ymm15
+        vpmuldq	%ymm14, %ymm5, %ymm5
+        vpmuldq	%ymm14, %ymm15, %ymm15
+        vpsubq	%ymm5, %ymm8, %ymm5
+        vpsubq	%ymm15, %ymm9, %ymm15
+        vmovshdup	%ymm5, %ymm5
+        vpblendd	$0xaa, %ymm15, %ymm5, %ymm5
+        vpsubd	%ymm7, %ymm6, %ymm8
+        vpaddd	%ymm7, %ymm6, %ymm6
+        vpmulld	%ymm13, %ymm8, %ymm7
+        vmovshdup	%ymm8, %ymm9
+        vpmuldq	%ymm11, %ymm8, %ymm8
+        vmovshdup	%ymm11, %ymm11
+        vpmuldq	%ymm11, %ymm9, %ymm9
+        vmovshdup	%ymm7, %ymm15
+        vpmuldq	%ymm14, %ymm7, %ymm7
+        vpmuldq	%ymm14, %ymm15, %ymm15
+        vpsubq	%ymm7, %ymm8, %ymm7
+        vpsubq	%ymm15, %ymm9, %ymm15
+        vmovshdup	%ymm7, %ymm7
+        vpblendd	$0xaa, %ymm15, %ymm7, %ymm7
+        # 2: 2/4
+        vmovdqu	1920(%rdx), %ymm10
+        vmovdqu	1952(%rdx), %ymm12
+        vmovdqu	1984(%rdx), %ymm11
+        vmovdqu	2016(%rdx), %ymm13
+        vpshufd	$0xd8, %ymm4, %ymm8
+        vpshufd	$0xd8, %ymm5, %ymm9
+        vpunpckldq	%ymm9, %ymm8, %ymm4
+        vpunpckhdq	%ymm9, %ymm8, %ymm5
+        vpshufd	$0xd8, %ymm6, %ymm8
+        vpshufd	$0xd8, %ymm7, %ymm9
+        vpunpckldq	%ymm9, %ymm8, %ymm6
+        vpunpckhdq	%ymm9, %ymm8, %ymm7
+        vpsubd	%ymm5, %ymm4, %ymm8
+        vpaddd	%ymm5, %ymm4, %ymm4
+        vpmulld	%ymm12, %ymm8, %ymm5
+        vmovshdup	%ymm8, %ymm9
+        vpmuldq	%ymm10, %ymm8, %ymm8
+        vpmuldq	%ymm10, %ymm9, %ymm9
+        vmovshdup	%ymm5, %ymm15
+        vpmuldq	%ymm14, %ymm5, %ymm5
+        vpmuldq	%ymm14, %ymm15, %ymm15
+        vpsubq	%ymm5, %ymm8, %ymm5
+        vpsubq	%ymm15, %ymm9, %ymm15
+        vmovshdup	%ymm5, %ymm5
+        vpblendd	$0xaa, %ymm15, %ymm5, %ymm5
+        vpsubd	%ymm7, %ymm6, %ymm8
+        vpaddd	%ymm7, %ymm6, %ymm6
+        vpmulld	%ymm13, %ymm8, %ymm7
+        vmovshdup	%ymm8, %ymm9
+        vpmuldq	%ymm11, %ymm8, %ymm8
+        vpmuldq	%ymm11, %ymm9, %ymm9
+        vmovshdup	%ymm7, %ymm15
+        vpmuldq	%ymm14, %ymm7, %ymm7
+        vpmuldq	%ymm14, %ymm15, %ymm15
+        vpsubq	%ymm7, %ymm8, %ymm7
+        vpsubq	%ymm15, %ymm9, %ymm15
+        vmovshdup	%ymm7, %ymm7
+        vpblendd	$0xaa, %ymm15, %ymm7, %ymm7
+        # 4: 2/4
+        vmovdqu	2048(%rdx), %ymm10
+        vmovdqu	2080(%rdx), %ymm12
+        vmovdqu	2112(%rdx), %ymm11
+        vmovdqu	2144(%rdx), %ymm13
+        vpunpcklqdq	%ymm5, %ymm4, %ymm8
+        vpunpckhqdq	%ymm5, %ymm4, %ymm5
+        vpunpcklqdq	%ymm7, %ymm6, %ymm9
+        vpunpckhqdq	%ymm7, %ymm6, %ymm7
+        vpsubd	%ymm5, %ymm8, %ymm4
+        vpaddd	%ymm5, %ymm8, %ymm8
+        vpmulld	%ymm12, %ymm4, %ymm5
+        vmovshdup	%ymm4, %ymm6
+        vpmuldq	%ymm10, %ymm4, %ymm4
+        vpmuldq	%ymm10, %ymm6, %ymm6
+        vmovshdup	%ymm5, %ymm15
+        vpmuldq	%ymm14, %ymm5, %ymm5
+        vpmuldq	%ymm14, %ymm15, %ymm15
+        vpsubq	%ymm5, %ymm4, %ymm5
+        vpsubq	%ymm15, %ymm6, %ymm15
+        vmovshdup	%ymm5, %ymm5
+        vpblendd	$0xaa, %ymm15, %ymm5, %ymm5
+        vpsubd	%ymm7, %ymm9, %ymm4
+        vpaddd	%ymm7, %ymm9, %ymm9
+        vpmulld	%ymm13, %ymm4, %ymm7
+        vmovshdup	%ymm4, %ymm6
+        vpmuldq	%ymm11, %ymm4, %ymm4
+        vpmuldq	%ymm11, %ymm6, %ymm6
+        vmovshdup	%ymm7, %ymm15
+        vpmuldq	%ymm14, %ymm7, %ymm7
+        vpmuldq	%ymm14, %ymm15, %ymm15
+        vpsubq	%ymm7, %ymm4, %ymm7
+        vpsubq	%ymm15, %ymm6, %ymm15
+        vmovshdup	%ymm7, %ymm7
+        vpblendd	$0xaa, %ymm15, %ymm7, %ymm7
+        # 8: 2/4
+        vperm2i128	$32, %ymm5, %ymm8, %ymm4
+        vmovdqu	2176(%rdx), %ymm10
+        vperm2i128	$49, %ymm5, %ymm8, %ymm5
+        vmovdqu	2208(%rdx), %ymm12
+        vperm2i128	$32, %ymm7, %ymm9, %ymm6
+        vmovdqu	2240(%rdx), %ymm11
+        vperm2i128	$49, %ymm7, %ymm9, %ymm7
+        vmovdqu	2272(%rdx), %ymm13
+        vpsubd	%ymm5, %ymm4, %ymm8
+        vpaddd	%ymm5, %ymm4, %ymm4
+        vpmulld	%ymm12, %ymm8, %ymm5
+        vmovshdup	%ymm8, %ymm9
+        vpmuldq	%ymm10, %ymm8, %ymm8
+        vpmuldq	%ymm10, %ymm9, %ymm9
+        vmovshdup	%ymm5, %ymm15
+        vpmuldq	%ymm14, %ymm5, %ymm5
+        vpmuldq	%ymm14, %ymm15, %ymm15
+        vpsubq	%ymm5, %ymm8, %ymm5
+        vpsubq	%ymm15, %ymm9, %ymm15
+        vmovshdup	%ymm5, %ymm5
+        vpblendd	$0xaa, %ymm15, %ymm5, %ymm5
+        vpsubd	%ymm7, %ymm6, %ymm8
+        vpaddd	%ymm7, %ymm6, %ymm6
+        vpmulld	%ymm13, %ymm8, %ymm7
+        vmovshdup	%ymm8, %ymm9
+        vpmuldq	%ymm11, %ymm8, %ymm8
+        vpmuldq	%ymm11, %ymm9, %ymm9
+        vmovshdup	%ymm7, %ymm15
+        vpmuldq	%ymm14, %ymm7, %ymm7
+        vpmuldq	%ymm14, %ymm15, %ymm15
+        vpsubq	%ymm7, %ymm8, %ymm7
+        vpsubq	%ymm15, %ymm9, %ymm15
+        vmovshdup	%ymm7, %ymm7
+        vpblendd	$0xaa, %ymm15, %ymm7, %ymm7
+        # 16: 2/4
+        vmovdqu	2304(%rdx), %ymm10
+        vmovdqu	2336(%rdx), %ymm12
+        vpsubd	%ymm6, %ymm4, %ymm8
+        vpaddd	%ymm6, %ymm4, %ymm4
+        vpmulld	%ymm12, %ymm8, %ymm6
+        vmovshdup	%ymm8, %ymm9
+        vpmuldq	%ymm10, %ymm8, %ymm8
+        vpmuldq	%ymm10, %ymm9, %ymm9
+        vmovshdup	%ymm6, %ymm15
+        vpmuldq	%ymm14, %ymm6, %ymm6
+        vpmuldq	%ymm14, %ymm15, %ymm15
+        vpsubq	%ymm6, %ymm8, %ymm6
+        vpsubq	%ymm15, %ymm9, %ymm15
+        vmovshdup	%ymm6, %ymm6
+        vpblendd	$0xaa, %ymm15, %ymm6, %ymm6
+        vpsubd	%ymm7, %ymm5, %ymm8
+        vpaddd	%ymm7, %ymm5, %ymm5
+        vpmulld	%ymm12, %ymm8, %ymm7
+        vmovshdup	%ymm8, %ymm9
+        vpmuldq	%ymm10, %ymm8, %ymm8
+        vpmuldq	%ymm10, %ymm9, %ymm9
+        vmovshdup	%ymm7, %ymm15
+        vpmuldq	%ymm14, %ymm7, %ymm7
+        vpmuldq	%ymm14, %ymm15, %ymm15
+        vpsubq	%ymm7, %ymm8, %ymm7
+        vpsubq	%ymm15, %ymm9, %ymm15
+        vmovshdup	%ymm7, %ymm7
+        vpblendd	$0xaa, %ymm15, %ymm7, %ymm7
+        # 32: 2/4
+        vmovdqu	2368(%rdx), %ymm10
+        vmovdqu	2400(%rdx), %ymm12
+        vpsubd	%ymm4, %ymm0, %ymm8
+        vpaddd	%ymm4, %ymm0, %ymm0
+        vpmulld	%ymm12, %ymm8, %ymm4
+        vmovshdup	%ymm8, %ymm9
+        vpmuldq	%ymm10, %ymm8, %ymm8
+        vpmuldq	%ymm10, %ymm9, %ymm9
+        vmovshdup	%ymm4, %ymm15
+        vpmuldq	%ymm14, %ymm4, %ymm4
+        vpmuldq	%ymm14, %ymm15, %ymm15
+        vpsubq	%ymm4, %ymm8, %ymm4
+        vpsubq	%ymm15, %ymm9, %ymm15
+        vmovshdup	%ymm4, %ymm4
+        vpblendd	$0xaa, %ymm15, %ymm4, %ymm4
+        vpsubd	%ymm5, %ymm1, %ymm8
+        vpaddd	%ymm5, %ymm1, %ymm1
+        vpmulld	%ymm12, %ymm8, %ymm5
+        vmovshdup	%ymm8, %ymm9
+        vpmuldq	%ymm10, %ymm8, %ymm8
+        vpmuldq	%ymm10, %ymm9, %ymm9
+        vmovshdup	%ymm5, %ymm15
+        vpmuldq	%ymm14, %ymm5, %ymm5
+        vpmuldq	%ymm14, %ymm15, %ymm15
+        vpsubq	%ymm5, %ymm8, %ymm5
+        vpsubq	%ymm15, %ymm9, %ymm15
+        vmovshdup	%ymm5, %ymm5
+        vpblendd	$0xaa, %ymm15, %ymm5, %ymm5
+        vpsubd	%ymm6, %ymm2, %ymm8
+        vpaddd	%ymm6, %ymm2, %ymm2
+        vpmulld	%ymm12, %ymm8, %ymm6
+        vmovshdup	%ymm8, %ymm9
+        vpmuldq	%ymm10, %ymm8, %ymm8
+        vpmuldq	%ymm10, %ymm9, %ymm9
+        vmovshdup	%ymm6, %ymm15
+        vpmuldq	%ymm14, %ymm6, %ymm6
+        vpmuldq	%ymm14, %ymm15, %ymm15
+        vpsubq	%ymm6, %ymm8, %ymm6
+        vpsubq	%ymm15, %ymm9, %ymm15
+        vmovshdup	%ymm6, %ymm6
+        vpblendd	$0xaa, %ymm15, %ymm6, %ymm6
+        vpsubd	%ymm7, %ymm3, %ymm8
+        vpaddd	%ymm7, %ymm3, %ymm3
+        vpmulld	%ymm12, %ymm8, %ymm7
+        vmovshdup	%ymm8, %ymm9
+        vpmuldq	%ymm10, %ymm8, %ymm8
+        vpmuldq	%ymm10, %ymm9, %ymm9
+        vmovshdup	%ymm7, %ymm15
+        vpmuldq	%ymm14, %ymm7, %ymm7
+        vpmuldq	%ymm14, %ymm15, %ymm15
+        vpsubq	%ymm7, %ymm8, %ymm7
+        vpsubq	%ymm15, %ymm9, %ymm15
+        vmovshdup	%ymm7, %ymm7
+        vpblendd	$0xaa, %ymm15, %ymm7, %ymm7
+        vmovdqu	%ymm0, 256(%rdi)
+        vmovdqu	%ymm1, 288(%rdi)
+        vmovdqu	%ymm2, 320(%rdi)
+        vmovdqu	%ymm3, 352(%rdi)
+        vmovdqu	%ymm4, 384(%rdi)
+        vmovdqu	%ymm5, 416(%rdi)
+        vmovdqu	%ymm6, 448(%rdi)
+        vmovdqu	%ymm7, 480(%rdi)
+        vmovdqu	512(%rdi), %ymm0
+        vmovdqu	544(%rdi), %ymm1
+        vmovdqu	576(%rdi), %ymm2
+        vmovdqu	608(%rdi), %ymm3
+        vmovdqu	640(%rdi), %ymm4
+        vmovdqu	672(%rdi), %ymm5
+        vmovdqu	704(%rdi), %ymm6
+        vmovdqu	736(%rdi), %ymm7
+        # 1: 3/4
+        vmovdqu	2432(%rdx), %ymm10
+        vmovdqu	2464(%rdx), %ymm12
+        vmovdqu	2496(%rdx), %ymm11
+        vmovdqu	2528(%rdx), %ymm13
+        vpsubd	%ymm1, %ymm0, %ymm8
+        vpaddd	%ymm1, %ymm0, %ymm0
+        vpmulld	%ymm12, %ymm8, %ymm1
+        vmovshdup	%ymm8, %ymm9
+        vpmuldq	%ymm10, %ymm8, %ymm8
+        vmovshdup	%ymm10, %ymm10
+        vpmuldq	%ymm10, %ymm9, %ymm9
+        vmovshdup	%ymm1, %ymm15
+        vpmuldq	%ymm14, %ymm1, %ymm1
+        vpmuldq	%ymm14, %ymm15, %ymm15
+        vpsubq	%ymm1, %ymm8, %ymm1
+        vpsubq	%ymm15, %ymm9, %ymm15
+        vmovshdup	%ymm1, %ymm1
+        vpblendd	$0xaa, %ymm15, %ymm1, %ymm1
+        vpsubd	%ymm3, %ymm2, %ymm8
+        vpaddd	%ymm3, %ymm2, %ymm2
+        vpmulld	%ymm13, %ymm8, %ymm3
+        vmovshdup	%ymm8, %ymm9
+        vpmuldq	%ymm11, %ymm8, %ymm8
+        vmovshdup	%ymm11, %ymm11
+        vpmuldq	%ymm11, %ymm9, %ymm9
+        vmovshdup	%ymm3, %ymm15
+        vpmuldq	%ymm14, %ymm3, %ymm3
+        vpmuldq	%ymm14, %ymm15, %ymm15
+        vpsubq	%ymm3, %ymm8, %ymm3
+        vpsubq	%ymm15, %ymm9, %ymm15
+        vmovshdup	%ymm3, %ymm3
+        vpblendd	$0xaa, %ymm15, %ymm3, %ymm3
+        # 2: 3/4
+        vmovdqu	2560(%rdx), %ymm10
+        vmovdqu	2592(%rdx), %ymm12
+        vmovdqu	2624(%rdx), %ymm11
+        vmovdqu	2656(%rdx), %ymm13
+        vpshufd	$0xd8, %ymm0, %ymm8
+        vpshufd	$0xd8, %ymm1, %ymm9
+        vpunpckldq	%ymm9, %ymm8, %ymm0
+        vpunpckhdq	%ymm9, %ymm8, %ymm1
+        vpshufd	$0xd8, %ymm2, %ymm8
+        vpshufd	$0xd8, %ymm3, %ymm9
+        vpunpckldq	%ymm9, %ymm8, %ymm2
+        vpunpckhdq	%ymm9, %ymm8, %ymm3
+        vpsubd	%ymm1, %ymm0, %ymm8
+        vpaddd	%ymm1, %ymm0, %ymm0
+        vpmulld	%ymm12, %ymm8, %ymm1
+        vmovshdup	%ymm8, %ymm9
+        vpmuldq	%ymm10, %ymm8, %ymm8
+        vpmuldq	%ymm10, %ymm9, %ymm9
+        vmovshdup	%ymm1, %ymm15
+        vpmuldq	%ymm14, %ymm1, %ymm1
+        vpmuldq	%ymm14, %ymm15, %ymm15
+        vpsubq	%ymm1, %ymm8, %ymm1
+        vpsubq	%ymm15, %ymm9, %ymm15
+        vmovshdup	%ymm1, %ymm1
+        vpblendd	$0xaa, %ymm15, %ymm1, %ymm1
+        vpsubd	%ymm3, %ymm2, %ymm8
+        vpaddd	%ymm3, %ymm2, %ymm2
+        vpmulld	%ymm13, %ymm8, %ymm3
+        vmovshdup	%ymm8, %ymm9
+        vpmuldq	%ymm11, %ymm8, %ymm8
+        vpmuldq	%ymm11, %ymm9, %ymm9
+        vmovshdup	%ymm3, %ymm15
+        vpmuldq	%ymm14, %ymm3, %ymm3
+        vpmuldq	%ymm14, %ymm15, %ymm15
+        vpsubq	%ymm3, %ymm8, %ymm3
+        vpsubq	%ymm15, %ymm9, %ymm15
+        vmovshdup	%ymm3, %ymm3
+        vpblendd	$0xaa, %ymm15, %ymm3, %ymm3
+        # 4: 3/4
+        vmovdqu	2688(%rdx), %ymm10
+        vmovdqu	2720(%rdx), %ymm12
+        vmovdqu	2752(%rdx), %ymm11
+        vmovdqu	2784(%rdx), %ymm13
+        vpunpcklqdq	%ymm1, %ymm0, %ymm8
+        vpunpckhqdq	%ymm1, %ymm0, %ymm1
+        vpunpcklqdq	%ymm3, %ymm2, %ymm9
+        vpunpckhqdq	%ymm3, %ymm2, %ymm3
+        vpsubd	%ymm1, %ymm8, %ymm0
+        vpaddd	%ymm1, %ymm8, %ymm8
+        vpmulld	%ymm12, %ymm0, %ymm1
+        vmovshdup	%ymm0, %ymm2
+        vpmuldq	%ymm10, %ymm0, %ymm0
+        vpmuldq	%ymm10, %ymm2, %ymm2
+        vmovshdup	%ymm1, %ymm15
+        vpmuldq	%ymm14, %ymm1, %ymm1
+        vpmuldq	%ymm14, %ymm15, %ymm15
+        vpsubq	%ymm1, %ymm0, %ymm1
+        vpsubq	%ymm15, %ymm2, %ymm15
+        vmovshdup	%ymm1, %ymm1
+        vpblendd	$0xaa, %ymm15, %ymm1, %ymm1
+        vpsubd	%ymm3, %ymm9, %ymm0
+        vpaddd	%ymm3, %ymm9, %ymm9
+        vpmulld	%ymm13, %ymm0, %ymm3
+        vmovshdup	%ymm0, %ymm2
+        vpmuldq	%ymm11, %ymm0, %ymm0
+        vpmuldq	%ymm11, %ymm2, %ymm2
+        vmovshdup	%ymm3, %ymm15
+        vpmuldq	%ymm14, %ymm3, %ymm3
+        vpmuldq	%ymm14, %ymm15, %ymm15
+        vpsubq	%ymm3, %ymm0, %ymm3
+        vpsubq	%ymm15, %ymm2, %ymm15
+        vmovshdup	%ymm3, %ymm3
+        vpblendd	$0xaa, %ymm15, %ymm3, %ymm3
+        # 8: 3/4
+        vperm2i128	$32, %ymm1, %ymm8, %ymm0
+        vmovdqu	2816(%rdx), %ymm10
+        vperm2i128	$49, %ymm1, %ymm8, %ymm1
+        vmovdqu	2848(%rdx), %ymm12
+        vperm2i128	$32, %ymm3, %ymm9, %ymm2
+        vmovdqu	2880(%rdx), %ymm11
+        vperm2i128	$49, %ymm3, %ymm9, %ymm3
+        vmovdqu	2912(%rdx), %ymm13
+        vpsubd	%ymm1, %ymm0, %ymm8
+        vpaddd	%ymm1, %ymm0, %ymm0
+        vpmulld	%ymm12, %ymm8, %ymm1
+        vmovshdup	%ymm8, %ymm9
+        vpmuldq	%ymm10, %ymm8, %ymm8
+        vpmuldq	%ymm10, %ymm9, %ymm9
+        vmovshdup	%ymm1, %ymm15
+        vpmuldq	%ymm14, %ymm1, %ymm1
+        vpmuldq	%ymm14, %ymm15, %ymm15
+        vpsubq	%ymm1, %ymm8, %ymm1
+        vpsubq	%ymm15, %ymm9, %ymm15
+        vmovshdup	%ymm1, %ymm1
+        vpblendd	$0xaa, %ymm15, %ymm1, %ymm1
+        vpsubd	%ymm3, %ymm2, %ymm8
+        vpaddd	%ymm3, %ymm2, %ymm2
+        vpmulld	%ymm13, %ymm8, %ymm3
+        vmovshdup	%ymm8, %ymm9
+        vpmuldq	%ymm11, %ymm8, %ymm8
+        vpmuldq	%ymm11, %ymm9, %ymm9
+        vmovshdup	%ymm3, %ymm15
+        vpmuldq	%ymm14, %ymm3, %ymm3
+        vpmuldq	%ymm14, %ymm15, %ymm15
+        vpsubq	%ymm3, %ymm8, %ymm3
+        vpsubq	%ymm15, %ymm9, %ymm15
+        vmovshdup	%ymm3, %ymm3
+        vpblendd	$0xaa, %ymm15, %ymm3, %ymm3
+        # 16: 3/4
+        vmovdqu	2944(%rdx), %ymm10
+        vmovdqu	2976(%rdx), %ymm12
+        vpsubd	%ymm2, %ymm0, %ymm8
+        vpaddd	%ymm2, %ymm0, %ymm0
+        vpmulld	%ymm12, %ymm8, %ymm2
+        vmovshdup	%ymm8, %ymm9
+        vpmuldq	%ymm10, %ymm8, %ymm8
+        vpmuldq	%ymm10, %ymm9, %ymm9
+        vmovshdup	%ymm2, %ymm15
+        vpmuldq	%ymm14, %ymm2, %ymm2
+        vpmuldq	%ymm14, %ymm15, %ymm15
+        vpsubq	%ymm2, %ymm8, %ymm2
+        vpsubq	%ymm15, %ymm9, %ymm15
+        vmovshdup	%ymm2, %ymm2
+        vpblendd	$0xaa, %ymm15, %ymm2, %ymm2
+        vpsubd	%ymm3, %ymm1, %ymm8
+        vpaddd	%ymm3, %ymm1, %ymm1
+        vpmulld	%ymm12, %ymm8, %ymm3
+        vmovshdup	%ymm8, %ymm9
+        vpmuldq	%ymm10, %ymm8, %ymm8
+        vpmuldq	%ymm10, %ymm9, %ymm9
+        vmovshdup	%ymm3, %ymm15
+        vpmuldq	%ymm14, %ymm3, %ymm3
+        vpmuldq	%ymm14, %ymm15, %ymm15
+        vpsubq	%ymm3, %ymm8, %ymm3
+        vpsubq	%ymm15, %ymm9, %ymm15
+        vmovshdup	%ymm3, %ymm3
+        vpblendd	$0xaa, %ymm15, %ymm3, %ymm3
+        # 1: 3/4
+        vmovdqu	3008(%rdx), %ymm10
+        vmovdqu	3040(%rdx), %ymm12
+        vmovdqu	3072(%rdx), %ymm11
+        vmovdqu	3104(%rdx), %ymm13
+        vpsubd	%ymm5, %ymm4, %ymm8
+        vpaddd	%ymm5, %ymm4, %ymm4
+        vpmulld	%ymm12, %ymm8, %ymm5
+        vmovshdup	%ymm8, %ymm9
+        vpmuldq	%ymm10, %ymm8, %ymm8
+        vmovshdup	%ymm10, %ymm10
+        vpmuldq	%ymm10, %ymm9, %ymm9
+        vmovshdup	%ymm5, %ymm15
+        vpmuldq	%ymm14, %ymm5, %ymm5
+        vpmuldq	%ymm14, %ymm15, %ymm15
+        vpsubq	%ymm5, %ymm8, %ymm5
+        vpsubq	%ymm15, %ymm9, %ymm15
+        vmovshdup	%ymm5, %ymm5
+        vpblendd	$0xaa, %ymm15, %ymm5, %ymm5
+        vpsubd	%ymm7, %ymm6, %ymm8
+        vpaddd	%ymm7, %ymm6, %ymm6
+        vpmulld	%ymm13, %ymm8, %ymm7
+        vmovshdup	%ymm8, %ymm9
+        vpmuldq	%ymm11, %ymm8, %ymm8
+        vmovshdup	%ymm11, %ymm11
+        vpmuldq	%ymm11, %ymm9, %ymm9
+        vmovshdup	%ymm7, %ymm15
+        vpmuldq	%ymm14, %ymm7, %ymm7
+        vpmuldq	%ymm14, %ymm15, %ymm15
+        vpsubq	%ymm7, %ymm8, %ymm7
+        vpsubq	%ymm15, %ymm9, %ymm15
+        vmovshdup	%ymm7, %ymm7
+        vpblendd	$0xaa, %ymm15, %ymm7, %ymm7
+        # 2: 3/4
+        vmovdqu	3136(%rdx), %ymm10
+        vmovdqu	3168(%rdx), %ymm12
+        vmovdqu	3200(%rdx), %ymm11
+        vmovdqu	3232(%rdx), %ymm13
+        vpshufd	$0xd8, %ymm4, %ymm8
+        vpshufd	$0xd8, %ymm5, %ymm9
+        vpunpckldq	%ymm9, %ymm8, %ymm4
+        vpunpckhdq	%ymm9, %ymm8, %ymm5
+        vpshufd	$0xd8, %ymm6, %ymm8
+        vpshufd	$0xd8, %ymm7, %ymm9
+        vpunpckldq	%ymm9, %ymm8, %ymm6
+        vpunpckhdq	%ymm9, %ymm8, %ymm7
+        vpsubd	%ymm5, %ymm4, %ymm8
+        vpaddd	%ymm5, %ymm4, %ymm4
+        vpmulld	%ymm12, %ymm8, %ymm5
+        vmovshdup	%ymm8, %ymm9
+        vpmuldq	%ymm10, %ymm8, %ymm8
+        vpmuldq	%ymm10, %ymm9, %ymm9
+        vmovshdup	%ymm5, %ymm15
+        vpmuldq	%ymm14, %ymm5, %ymm5
+        vpmuldq	%ymm14, %ymm15, %ymm15
+        vpsubq	%ymm5, %ymm8, %ymm5
+        vpsubq	%ymm15, %ymm9, %ymm15
+        vmovshdup	%ymm5, %ymm5
+        vpblendd	$0xaa, %ymm15, %ymm5, %ymm5
+        vpsubd	%ymm7, %ymm6, %ymm8
+        vpaddd	%ymm7, %ymm6, %ymm6
+        vpmulld	%ymm13, %ymm8, %ymm7
+        vmovshdup	%ymm8, %ymm9
+        vpmuldq	%ymm11, %ymm8, %ymm8
+        vpmuldq	%ymm11, %ymm9, %ymm9
+        vmovshdup	%ymm7, %ymm15
+        vpmuldq	%ymm14, %ymm7, %ymm7
+        vpmuldq	%ymm14, %ymm15, %ymm15
+        vpsubq	%ymm7, %ymm8, %ymm7
+        vpsubq	%ymm15, %ymm9, %ymm15
+        vmovshdup	%ymm7, %ymm7
+        vpblendd	$0xaa, %ymm15, %ymm7, %ymm7
+        # 4: 3/4
+        vmovdqu	3264(%rdx), %ymm10
+        vmovdqu	3296(%rdx), %ymm12
+        vmovdqu	3328(%rdx), %ymm11
+        vmovdqu	3360(%rdx), %ymm13
+        vpunpcklqdq	%ymm5, %ymm4, %ymm8
+        vpunpckhqdq	%ymm5, %ymm4, %ymm5
+        vpunpcklqdq	%ymm7, %ymm6, %ymm9
+        vpunpckhqdq	%ymm7, %ymm6, %ymm7
+        vpsubd	%ymm5, %ymm8, %ymm4
+        vpaddd	%ymm5, %ymm8, %ymm8
+        vpmulld	%ymm12, %ymm4, %ymm5
+        vmovshdup	%ymm4, %ymm6
+        vpmuldq	%ymm10, %ymm4, %ymm4
+        vpmuldq	%ymm10, %ymm6, %ymm6
+        vmovshdup	%ymm5, %ymm15
+        vpmuldq	%ymm14, %ymm5, %ymm5
+        vpmuldq	%ymm14, %ymm15, %ymm15
+        vpsubq	%ymm5, %ymm4, %ymm5
+        vpsubq	%ymm15, %ymm6, %ymm15
+        vmovshdup	%ymm5, %ymm5
+        vpblendd	$0xaa, %ymm15, %ymm5, %ymm5
+        vpsubd	%ymm7, %ymm9, %ymm4
+        vpaddd	%ymm7, %ymm9, %ymm9
+        vpmulld	%ymm13, %ymm4, %ymm7
+        vmovshdup	%ymm4, %ymm6
+        vpmuldq	%ymm11, %ymm4, %ymm4
+        vpmuldq	%ymm11, %ymm6, %ymm6
+        vmovshdup	%ymm7, %ymm15
+        vpmuldq	%ymm14, %ymm7, %ymm7
+        vpmuldq	%ymm14, %ymm15, %ymm15
+        vpsubq	%ymm7, %ymm4, %ymm7
+        vpsubq	%ymm15, %ymm6, %ymm15
+        vmovshdup	%ymm7, %ymm7
+        vpblendd	$0xaa, %ymm15, %ymm7, %ymm7
+        # 8: 3/4
+        vperm2i128	$32, %ymm5, %ymm8, %ymm4
+        vmovdqu	3392(%rdx), %ymm10
+        vperm2i128	$49, %ymm5, %ymm8, %ymm5
+        vmovdqu	3424(%rdx), %ymm12
+        vperm2i128	$32, %ymm7, %ymm9, %ymm6
+        vmovdqu	3456(%rdx), %ymm11
+        vperm2i128	$49, %ymm7, %ymm9, %ymm7
+        vmovdqu	3488(%rdx), %ymm13
+        vpsubd	%ymm5, %ymm4, %ymm8
+        vpaddd	%ymm5, %ymm4, %ymm4
+        vpmulld	%ymm12, %ymm8, %ymm5
+        vmovshdup	%ymm8, %ymm9
+        vpmuldq	%ymm10, %ymm8, %ymm8
+        vpmuldq	%ymm10, %ymm9, %ymm9
+        vmovshdup	%ymm5, %ymm15
+        vpmuldq	%ymm14, %ymm5, %ymm5
+        vpmuldq	%ymm14, %ymm15, %ymm15
+        vpsubq	%ymm5, %ymm8, %ymm5
+        vpsubq	%ymm15, %ymm9, %ymm15
+        vmovshdup	%ymm5, %ymm5
+        vpblendd	$0xaa, %ymm15, %ymm5, %ymm5
+        vpsubd	%ymm7, %ymm6, %ymm8
+        vpaddd	%ymm7, %ymm6, %ymm6
+        vpmulld	%ymm13, %ymm8, %ymm7
+        vmovshdup	%ymm8, %ymm9
+        vpmuldq	%ymm11, %ymm8, %ymm8
+        vpmuldq	%ymm11, %ymm9, %ymm9
+        vmovshdup	%ymm7, %ymm15
+        vpmuldq	%ymm14, %ymm7, %ymm7
+        vpmuldq	%ymm14, %ymm15, %ymm15
+        vpsubq	%ymm7, %ymm8, %ymm7
+        vpsubq	%ymm15, %ymm9, %ymm15
+        vmovshdup	%ymm7, %ymm7
+        vpblendd	$0xaa, %ymm15, %ymm7, %ymm7
+        # 16: 3/4
+        vmovdqu	3520(%rdx), %ymm10
+        vmovdqu	3552(%rdx), %ymm12
+        vpsubd	%ymm6, %ymm4, %ymm8
+        vpaddd	%ymm6, %ymm4, %ymm4
+        vpmulld	%ymm12, %ymm8, %ymm6
+        vmovshdup	%ymm8, %ymm9
+        vpmuldq	%ymm10, %ymm8, %ymm8
+        vpmuldq	%ymm10, %ymm9, %ymm9
+        vmovshdup	%ymm6, %ymm15
+        vpmuldq	%ymm14, %ymm6, %ymm6
+        vpmuldq	%ymm14, %ymm15, %ymm15
+        vpsubq	%ymm6, %ymm8, %ymm6
+        vpsubq	%ymm15, %ymm9, %ymm15
+        vmovshdup	%ymm6, %ymm6
+        vpblendd	$0xaa, %ymm15, %ymm6, %ymm6
+        vpsubd	%ymm7, %ymm5, %ymm8
+        vpaddd	%ymm7, %ymm5, %ymm5
+        vpmulld	%ymm12, %ymm8, %ymm7
+        vmovshdup	%ymm8, %ymm9
+        vpmuldq	%ymm10, %ymm8, %ymm8
+        vpmuldq	%ymm10, %ymm9, %ymm9
+        vmovshdup	%ymm7, %ymm15
+        vpmuldq	%ymm14, %ymm7, %ymm7
+        vpmuldq	%ymm14, %ymm15, %ymm15
+        vpsubq	%ymm7, %ymm8, %ymm7
+        vpsubq	%ymm15, %ymm9, %ymm15
+        vmovshdup	%ymm7, %ymm7
+        vpblendd	$0xaa, %ymm15, %ymm7, %ymm7
+        # 32: 3/4
+        vmovdqu	3584(%rdx), %ymm10
+        vmovdqu	3616(%rdx), %ymm12
+        vpsubd	%ymm4, %ymm0, %ymm8
+        vpaddd	%ymm4, %ymm0, %ymm0
+        vpmulld	%ymm12, %ymm8, %ymm4
+        vmovshdup	%ymm8, %ymm9
+        vpmuldq	%ymm10, %ymm8, %ymm8
+        vpmuldq	%ymm10, %ymm9, %ymm9
+        vmovshdup	%ymm4, %ymm15
+        vpmuldq	%ymm14, %ymm4, %ymm4
+        vpmuldq	%ymm14, %ymm15, %ymm15
+        vpsubq	%ymm4, %ymm8, %ymm4
+        vpsubq	%ymm15, %ymm9, %ymm15
+        vmovshdup	%ymm4, %ymm4
+        vpblendd	$0xaa, %ymm15, %ymm4, %ymm4
+        vpsubd	%ymm5, %ymm1, %ymm8
+        vpaddd	%ymm5, %ymm1, %ymm1
+        vpmulld	%ymm12, %ymm8, %ymm5
+        vmovshdup	%ymm8, %ymm9
+        vpmuldq	%ymm10, %ymm8, %ymm8
+        vpmuldq	%ymm10, %ymm9, %ymm9
+        vmovshdup	%ymm5, %ymm15
+        vpmuldq	%ymm14, %ymm5, %ymm5
+        vpmuldq	%ymm14, %ymm15, %ymm15
+        vpsubq	%ymm5, %ymm8, %ymm5
+        vpsubq	%ymm15, %ymm9, %ymm15
+        vmovshdup	%ymm5, %ymm5
+        vpblendd	$0xaa, %ymm15, %ymm5, %ymm5
+        vpsubd	%ymm6, %ymm2, %ymm8
+        vpaddd	%ymm6, %ymm2, %ymm2
+        vpmulld	%ymm12, %ymm8, %ymm6
+        vmovshdup	%ymm8, %ymm9
+        vpmuldq	%ymm10, %ymm8, %ymm8
+        vpmuldq	%ymm10, %ymm9, %ymm9
+        vmovshdup	%ymm6, %ymm15
+        vpmuldq	%ymm14, %ymm6, %ymm6
+        vpmuldq	%ymm14, %ymm15, %ymm15
+        vpsubq	%ymm6, %ymm8, %ymm6
+        vpsubq	%ymm15, %ymm9, %ymm15
+        vmovshdup	%ymm6, %ymm6
+        vpblendd	$0xaa, %ymm15, %ymm6, %ymm6
+        vpsubd	%ymm7, %ymm3, %ymm8
+        vpaddd	%ymm7, %ymm3, %ymm3
+        vpmulld	%ymm12, %ymm8, %ymm7
+        vmovshdup	%ymm8, %ymm9
+        vpmuldq	%ymm10, %ymm8, %ymm8
+        vpmuldq	%ymm10, %ymm9, %ymm9
+        vmovshdup	%ymm7, %ymm15
+        vpmuldq	%ymm14, %ymm7, %ymm7
+        vpmuldq	%ymm14, %ymm15, %ymm15
+        vpsubq	%ymm7, %ymm8, %ymm7
+        vpsubq	%ymm15, %ymm9, %ymm15
+        vmovshdup	%ymm7, %ymm7
+        vpblendd	$0xaa, %ymm15, %ymm7, %ymm7
+        vmovdqu	%ymm0, 512(%rdi)
+        vmovdqu	%ymm1, 544(%rdi)
+        vmovdqu	%ymm2, 576(%rdi)
+        vmovdqu	%ymm3, 608(%rdi)
+        vmovdqu	%ymm4, 640(%rdi)
+        vmovdqu	%ymm5, 672(%rdi)
+        vmovdqu	%ymm6, 704(%rdi)
+        vmovdqu	%ymm7, 736(%rdi)
+        vmovdqu	768(%rdi), %ymm0
+        vmovdqu	800(%rdi), %ymm1
+        vmovdqu	832(%rdi), %ymm2
+        vmovdqu	864(%rdi), %ymm3
+        vmovdqu	896(%rdi), %ymm4
+        vmovdqu	928(%rdi), %ymm5
+        vmovdqu	960(%rdi), %ymm6
+        vmovdqu	992(%rdi), %ymm7
+        # 1: 4/4
+        vmovdqu	3648(%rdx), %ymm10
+        vmovdqu	3680(%rdx), %ymm12
+        vmovdqu	3712(%rdx), %ymm11
+        vmovdqu	3744(%rdx), %ymm13
+        vpsubd	%ymm1, %ymm0, %ymm8
+        vpaddd	%ymm1, %ymm0, %ymm0
+        vpmulld	%ymm12, %ymm8, %ymm1
+        vmovshdup	%ymm8, %ymm9
+        vpmuldq	%ymm10, %ymm8, %ymm8
+        vmovshdup	%ymm10, %ymm10
+        vpmuldq	%ymm10, %ymm9, %ymm9
+        vmovshdup	%ymm1, %ymm15
+        vpmuldq	%ymm14, %ymm1, %ymm1
+        vpmuldq	%ymm14, %ymm15, %ymm15
+        vpsubq	%ymm1, %ymm8, %ymm1
+        vpsubq	%ymm15, %ymm9, %ymm15
+        vmovshdup	%ymm1, %ymm1
+        vpblendd	$0xaa, %ymm15, %ymm1, %ymm1
+        vpsubd	%ymm3, %ymm2, %ymm8
+        vpaddd	%ymm3, %ymm2, %ymm2
+        vpmulld	%ymm13, %ymm8, %ymm3
+        vmovshdup	%ymm8, %ymm9
+        vpmuldq	%ymm11, %ymm8, %ymm8
+        vmovshdup	%ymm11, %ymm11
+        vpmuldq	%ymm11, %ymm9, %ymm9
+        vmovshdup	%ymm3, %ymm15
+        vpmuldq	%ymm14, %ymm3, %ymm3
+        vpmuldq	%ymm14, %ymm15, %ymm15
+        vpsubq	%ymm3, %ymm8, %ymm3
+        vpsubq	%ymm15, %ymm9, %ymm15
+        vmovshdup	%ymm3, %ymm3
+        vpblendd	$0xaa, %ymm15, %ymm3, %ymm3
+        # 2: 4/4
+        vmovdqu	3776(%rdx), %ymm10
+        vmovdqu	3808(%rdx), %ymm12
+        vmovdqu	3840(%rdx), %ymm11
+        vmovdqu	3872(%rdx), %ymm13
+        vpshufd	$0xd8, %ymm0, %ymm8
+        vpshufd	$0xd8, %ymm1, %ymm9
+        vpunpckldq	%ymm9, %ymm8, %ymm0
+        vpunpckhdq	%ymm9, %ymm8, %ymm1
+        vpshufd	$0xd8, %ymm2, %ymm8
+        vpshufd	$0xd8, %ymm3, %ymm9
+        vpunpckldq	%ymm9, %ymm8, %ymm2
+        vpunpckhdq	%ymm9, %ymm8, %ymm3
+        vpsubd	%ymm1, %ymm0, %ymm8
+        vpaddd	%ymm1, %ymm0, %ymm0
+        vpmulld	%ymm12, %ymm8, %ymm1
+        vmovshdup	%ymm8, %ymm9
+        vpmuldq	%ymm10, %ymm8, %ymm8
+        vpmuldq	%ymm10, %ymm9, %ymm9
+        vmovshdup	%ymm1, %ymm15
+        vpmuldq	%ymm14, %ymm1, %ymm1
+        vpmuldq	%ymm14, %ymm15, %ymm15
+        vpsubq	%ymm1, %ymm8, %ymm1
+        vpsubq	%ymm15, %ymm9, %ymm15
+        vmovshdup	%ymm1, %ymm1
+        vpblendd	$0xaa, %ymm15, %ymm1, %ymm1
+        vpsubd	%ymm3, %ymm2, %ymm8
+        vpaddd	%ymm3, %ymm2, %ymm2
+        vpmulld	%ymm13, %ymm8, %ymm3
+        vmovshdup	%ymm8, %ymm9
+        vpmuldq	%ymm11, %ymm8, %ymm8
+        vpmuldq	%ymm11, %ymm9, %ymm9
+        vmovshdup	%ymm3, %ymm15
+        vpmuldq	%ymm14, %ymm3, %ymm3
+        vpmuldq	%ymm14, %ymm15, %ymm15
+        vpsubq	%ymm3, %ymm8, %ymm3
+        vpsubq	%ymm15, %ymm9, %ymm15
+        vmovshdup	%ymm3, %ymm3
+        vpblendd	$0xaa, %ymm15, %ymm3, %ymm3
+        # 4: 4/4
+        vmovdqu	3904(%rdx), %ymm10
+        vmovdqu	3936(%rdx), %ymm12
+        vmovdqu	3968(%rdx), %ymm11
+        vmovdqu	4000(%rdx), %ymm13
+        vpunpcklqdq	%ymm1, %ymm0, %ymm8
+        vpunpckhqdq	%ymm1, %ymm0, %ymm1
+        vpunpcklqdq	%ymm3, %ymm2, %ymm9
+        vpunpckhqdq	%ymm3, %ymm2, %ymm3
+        vpsubd	%ymm1, %ymm8, %ymm0
+        vpaddd	%ymm1, %ymm8, %ymm8
+        vpmulld	%ymm12, %ymm0, %ymm1
+        vmovshdup	%ymm0, %ymm2
+        vpmuldq	%ymm10, %ymm0, %ymm0
+        vpmuldq	%ymm10, %ymm2, %ymm2
+        vmovshdup	%ymm1, %ymm15
+        vpmuldq	%ymm14, %ymm1, %ymm1
+        vpmuldq	%ymm14, %ymm15, %ymm15
+        vpsubq	%ymm1, %ymm0, %ymm1
+        vpsubq	%ymm15, %ymm2, %ymm15
+        vmovshdup	%ymm1, %ymm1
+        vpblendd	$0xaa, %ymm15, %ymm1, %ymm1
+        vpsubd	%ymm3, %ymm9, %ymm0
+        vpaddd	%ymm3, %ymm9, %ymm9
+        vpmulld	%ymm13, %ymm0, %ymm3
+        vmovshdup	%ymm0, %ymm2
+        vpmuldq	%ymm11, %ymm0, %ymm0
+        vpmuldq	%ymm11, %ymm2, %ymm2
+        vmovshdup	%ymm3, %ymm15
+        vpmuldq	%ymm14, %ymm3, %ymm3
+        vpmuldq	%ymm14, %ymm15, %ymm15
+        vpsubq	%ymm3, %ymm0, %ymm3
+        vpsubq	%ymm15, %ymm2, %ymm15
+        vmovshdup	%ymm3, %ymm3
+        vpblendd	$0xaa, %ymm15, %ymm3, %ymm3
+        # 8: 4/4
+        vperm2i128	$32, %ymm1, %ymm8, %ymm0
+        vmovdqu	4032(%rdx), %ymm10
+        vperm2i128	$49, %ymm1, %ymm8, %ymm1
+        vmovdqu	4064(%rdx), %ymm12
+        vperm2i128	$32, %ymm3, %ymm9, %ymm2
+        vmovdqu	4096(%rdx), %ymm11
+        vperm2i128	$49, %ymm3, %ymm9, %ymm3
+        vmovdqu	4128(%rdx), %ymm13
+        vpsubd	%ymm1, %ymm0, %ymm8
+        vpaddd	%ymm1, %ymm0, %ymm0
+        vpmulld	%ymm12, %ymm8, %ymm1
+        vmovshdup	%ymm8, %ymm9
+        vpmuldq	%ymm10, %ymm8, %ymm8
+        vpmuldq	%ymm10, %ymm9, %ymm9
+        vmovshdup	%ymm1, %ymm15
+        vpmuldq	%ymm14, %ymm1, %ymm1
+        vpmuldq	%ymm14, %ymm15, %ymm15
+        vpsubq	%ymm1, %ymm8, %ymm1
+        vpsubq	%ymm15, %ymm9, %ymm15
+        vmovshdup	%ymm1, %ymm1
+        vpblendd	$0xaa, %ymm15, %ymm1, %ymm1
+        vpsubd	%ymm3, %ymm2, %ymm8
+        vpaddd	%ymm3, %ymm2, %ymm2
+        vpmulld	%ymm13, %ymm8, %ymm3
+        vmovshdup	%ymm8, %ymm9
+        vpmuldq	%ymm11, %ymm8, %ymm8
+        vpmuldq	%ymm11, %ymm9, %ymm9
+        vmovshdup	%ymm3, %ymm15
+        vpmuldq	%ymm14, %ymm3, %ymm3
+        vpmuldq	%ymm14, %ymm15, %ymm15
+        vpsubq	%ymm3, %ymm8, %ymm3
+        vpsubq	%ymm15, %ymm9, %ymm15
+        vmovshdup	%ymm3, %ymm3
+        vpblendd	$0xaa, %ymm15, %ymm3, %ymm3
+        # 16: 4/4
+        vmovdqu	4160(%rdx), %ymm10
+        vmovdqu	4192(%rdx), %ymm12
+        vpsubd	%ymm2, %ymm0, %ymm8
+        vpaddd	%ymm2, %ymm0, %ymm0
+        vpmulld	%ymm12, %ymm8, %ymm2
+        vmovshdup	%ymm8, %ymm9
+        vpmuldq	%ymm10, %ymm8, %ymm8
+        vpmuldq	%ymm10, %ymm9, %ymm9
+        vmovshdup	%ymm2, %ymm15
+        vpmuldq	%ymm14, %ymm2, %ymm2
+        vpmuldq	%ymm14, %ymm15, %ymm15
+        vpsubq	%ymm2, %ymm8, %ymm2
+        vpsubq	%ymm15, %ymm9, %ymm15
+        vmovshdup	%ymm2, %ymm2
+        vpblendd	$0xaa, %ymm15, %ymm2, %ymm2
+        vpsubd	%ymm3, %ymm1, %ymm8
+        vpaddd	%ymm3, %ymm1, %ymm1
+        vpmulld	%ymm12, %ymm8, %ymm3
+        vmovshdup	%ymm8, %ymm9
+        vpmuldq	%ymm10, %ymm8, %ymm8
+        vpmuldq	%ymm10, %ymm9, %ymm9
+        vmovshdup	%ymm3, %ymm15
+        vpmuldq	%ymm14, %ymm3, %ymm3
+        vpmuldq	%ymm14, %ymm15, %ymm15
+        vpsubq	%ymm3, %ymm8, %ymm3
+        vpsubq	%ymm15, %ymm9, %ymm15
+        vmovshdup	%ymm3, %ymm3
+        vpblendd	$0xaa, %ymm15, %ymm3, %ymm3
+        # 1: 4/4
+        vmovdqu	4224(%rdx), %ymm10
+        vmovdqu	4256(%rdx), %ymm12
+        vmovdqu	4288(%rdx), %ymm11
+        vmovdqu	4320(%rdx), %ymm13
+        vpsubd	%ymm5, %ymm4, %ymm8
+        vpaddd	%ymm5, %ymm4, %ymm4
+        vpmulld	%ymm12, %ymm8, %ymm5
+        vmovshdup	%ymm8, %ymm9
+        vpmuldq	%ymm10, %ymm8, %ymm8
+        vmovshdup	%ymm10, %ymm10
+        vpmuldq	%ymm10, %ymm9, %ymm9
+        vmovshdup	%ymm5, %ymm15
+        vpmuldq	%ymm14, %ymm5, %ymm5
+        vpmuldq	%ymm14, %ymm15, %ymm15
+        vpsubq	%ymm5, %ymm8, %ymm5
+        vpsubq	%ymm15, %ymm9, %ymm15
+        vmovshdup	%ymm5, %ymm5
+        vpblendd	$0xaa, %ymm15, %ymm5, %ymm5
+        vpsubd	%ymm7, %ymm6, %ymm8
+        vpaddd	%ymm7, %ymm6, %ymm6
+        vpmulld	%ymm13, %ymm8, %ymm7
+        vmovshdup	%ymm8, %ymm9
+        vpmuldq	%ymm11, %ymm8, %ymm8
+        vmovshdup	%ymm11, %ymm11
+        vpmuldq	%ymm11, %ymm9, %ymm9
+        vmovshdup	%ymm7, %ymm15
+        vpmuldq	%ymm14, %ymm7, %ymm7
+        vpmuldq	%ymm14, %ymm15, %ymm15
+        vpsubq	%ymm7, %ymm8, %ymm7
+        vpsubq	%ymm15, %ymm9, %ymm15
+        vmovshdup	%ymm7, %ymm7
+        vpblendd	$0xaa, %ymm15, %ymm7, %ymm7
+        # 2: 4/4
+        vmovdqu	4352(%rdx), %ymm10
+        vmovdqu	4384(%rdx), %ymm12
+        vmovdqu	4416(%rdx), %ymm11
+        vmovdqu	4448(%rdx), %ymm13
+        vpshufd	$0xd8, %ymm4, %ymm8
+        vpshufd	$0xd8, %ymm5, %ymm9
+        vpunpckldq	%ymm9, %ymm8, %ymm4
+        vpunpckhdq	%ymm9, %ymm8, %ymm5
+        vpshufd	$0xd8, %ymm6, %ymm8
+        vpshufd	$0xd8, %ymm7, %ymm9
+        vpunpckldq	%ymm9, %ymm8, %ymm6
+        vpunpckhdq	%ymm9, %ymm8, %ymm7
+        vpsubd	%ymm5, %ymm4, %ymm8
+        vpaddd	%ymm5, %ymm4, %ymm4
+        vpmulld	%ymm12, %ymm8, %ymm5
+        vmovshdup	%ymm8, %ymm9
+        vpmuldq	%ymm10, %ymm8, %ymm8
+        vpmuldq	%ymm10, %ymm9, %ymm9
+        vmovshdup	%ymm5, %ymm15
+        vpmuldq	%ymm14, %ymm5, %ymm5
+        vpmuldq	%ymm14, %ymm15, %ymm15
+        vpsubq	%ymm5, %ymm8, %ymm5
+        vpsubq	%ymm15, %ymm9, %ymm15
+        vmovshdup	%ymm5, %ymm5
+        vpblendd	$0xaa, %ymm15, %ymm5, %ymm5
+        vpsubd	%ymm7, %ymm6, %ymm8
+        vpaddd	%ymm7, %ymm6, %ymm6
+        vpmulld	%ymm13, %ymm8, %ymm7
+        vmovshdup	%ymm8, %ymm9
+        vpmuldq	%ymm11, %ymm8, %ymm8
+        vpmuldq	%ymm11, %ymm9, %ymm9
+        vmovshdup	%ymm7, %ymm15
+        vpmuldq	%ymm14, %ymm7, %ymm7
+        vpmuldq	%ymm14, %ymm15, %ymm15
+        vpsubq	%ymm7, %ymm8, %ymm7
+        vpsubq	%ymm15, %ymm9, %ymm15
+        vmovshdup	%ymm7, %ymm7
+        vpblendd	$0xaa, %ymm15, %ymm7, %ymm7
+        # 4: 4/4
+        vmovdqu	4480(%rdx), %ymm10
+        vmovdqu	4512(%rdx), %ymm12
+        vmovdqu	4544(%rdx), %ymm11
+        vmovdqu	4576(%rdx), %ymm13
+        vpunpcklqdq	%ymm5, %ymm4, %ymm8
+        vpunpckhqdq	%ymm5, %ymm4, %ymm5
+        vpunpcklqdq	%ymm7, %ymm6, %ymm9
+        vpunpckhqdq	%ymm7, %ymm6, %ymm7
+        vpsubd	%ymm5, %ymm8, %ymm4
+        vpaddd	%ymm5, %ymm8, %ymm8
+        vpmulld	%ymm12, %ymm4, %ymm5
+        vmovshdup	%ymm4, %ymm6
+        vpmuldq	%ymm10, %ymm4, %ymm4
+        vpmuldq	%ymm10, %ymm6, %ymm6
+        vmovshdup	%ymm5, %ymm15
+        vpmuldq	%ymm14, %ymm5, %ymm5
+        vpmuldq	%ymm14, %ymm15, %ymm15
+        vpsubq	%ymm5, %ymm4, %ymm5
+        vpsubq	%ymm15, %ymm6, %ymm15
+        vmovshdup	%ymm5, %ymm5
+        vpblendd	$0xaa, %ymm15, %ymm5, %ymm5
+        vpsubd	%ymm7, %ymm9, %ymm4
+        vpaddd	%ymm7, %ymm9, %ymm9
+        vpmulld	%ymm13, %ymm4, %ymm7
+        vmovshdup	%ymm4, %ymm6
+        vpmuldq	%ymm11, %ymm4, %ymm4
+        vpmuldq	%ymm11, %ymm6, %ymm6
+        vmovshdup	%ymm7, %ymm15
+        vpmuldq	%ymm14, %ymm7, %ymm7
+        vpmuldq	%ymm14, %ymm15, %ymm15
+        vpsubq	%ymm7, %ymm4, %ymm7
+        vpsubq	%ymm15, %ymm6, %ymm15
+        vmovshdup	%ymm7, %ymm7
+        vpblendd	$0xaa, %ymm15, %ymm7, %ymm7
+        # 8: 4/4
+        vperm2i128	$32, %ymm5, %ymm8, %ymm4
+        vmovdqu	4608(%rdx), %ymm10
+        vperm2i128	$49, %ymm5, %ymm8, %ymm5
+        vmovdqu	4640(%rdx), %ymm12
+        vperm2i128	$32, %ymm7, %ymm9, %ymm6
+        vmovdqu	4672(%rdx), %ymm11
+        vperm2i128	$49, %ymm7, %ymm9, %ymm7
+        vmovdqu	4704(%rdx), %ymm13
+        vpsubd	%ymm5, %ymm4, %ymm8
+        vpaddd	%ymm5, %ymm4, %ymm4
+        vpmulld	%ymm12, %ymm8, %ymm5
+        vmovshdup	%ymm8, %ymm9
+        vpmuldq	%ymm10, %ymm8, %ymm8
+        vpmuldq	%ymm10, %ymm9, %ymm9
+        vmovshdup	%ymm5, %ymm15
+        vpmuldq	%ymm14, %ymm5, %ymm5
+        vpmuldq	%ymm14, %ymm15, %ymm15
+        vpsubq	%ymm5, %ymm8, %ymm5
+        vpsubq	%ymm15, %ymm9, %ymm15
+        vmovshdup	%ymm5, %ymm5
+        vpblendd	$0xaa, %ymm15, %ymm5, %ymm5
+        vpsubd	%ymm7, %ymm6, %ymm8
+        vpaddd	%ymm7, %ymm6, %ymm6
+        vpmulld	%ymm13, %ymm8, %ymm7
+        vmovshdup	%ymm8, %ymm9
+        vpmuldq	%ymm11, %ymm8, %ymm8
+        vpmuldq	%ymm11, %ymm9, %ymm9
+        vmovshdup	%ymm7, %ymm15
+        vpmuldq	%ymm14, %ymm7, %ymm7
+        vpmuldq	%ymm14, %ymm15, %ymm15
+        vpsubq	%ymm7, %ymm8, %ymm7
+        vpsubq	%ymm15, %ymm9, %ymm15
+        vmovshdup	%ymm7, %ymm7
+        vpblendd	$0xaa, %ymm15, %ymm7, %ymm7
+        # 16: 4/4
+        vmovdqu	4736(%rdx), %ymm10
+        vmovdqu	4768(%rdx), %ymm12
+        vpsubd	%ymm6, %ymm4, %ymm8
+        vpaddd	%ymm6, %ymm4, %ymm4
+        vpmulld	%ymm12, %ymm8, %ymm6
+        vmovshdup	%ymm8, %ymm9
+        vpmuldq	%ymm10, %ymm8, %ymm8
+        vpmuldq	%ymm10, %ymm9, %ymm9
+        vmovshdup	%ymm6, %ymm15
+        vpmuldq	%ymm14, %ymm6, %ymm6
+        vpmuldq	%ymm14, %ymm15, %ymm15
+        vpsubq	%ymm6, %ymm8, %ymm6
+        vpsubq	%ymm15, %ymm9, %ymm15
+        vmovshdup	%ymm6, %ymm6
+        vpblendd	$0xaa, %ymm15, %ymm6, %ymm6
+        vpsubd	%ymm7, %ymm5, %ymm8
+        vpaddd	%ymm7, %ymm5, %ymm5
+        vpmulld	%ymm12, %ymm8, %ymm7
+        vmovshdup	%ymm8, %ymm9
+        vpmuldq	%ymm10, %ymm8, %ymm8
+        vpmuldq	%ymm10, %ymm9, %ymm9
+        vmovshdup	%ymm7, %ymm15
+        vpmuldq	%ymm14, %ymm7, %ymm7
+        vpmuldq	%ymm14, %ymm15, %ymm15
+        vpsubq	%ymm7, %ymm8, %ymm7
+        vpsubq	%ymm15, %ymm9, %ymm15
+        vmovshdup	%ymm7, %ymm7
+        vpblendd	$0xaa, %ymm15, %ymm7, %ymm7
+        # 32: 4/4
+        vmovdqu	4800(%rdx), %ymm10
+        vmovdqu	4832(%rdx), %ymm12
+        vpsubd	%ymm4, %ymm0, %ymm8
+        vpaddd	%ymm4, %ymm0, %ymm0
+        vpmulld	%ymm12, %ymm8, %ymm4
+        vmovshdup	%ymm8, %ymm9
+        vpmuldq	%ymm10, %ymm8, %ymm8
+        vpmuldq	%ymm10, %ymm9, %ymm9
+        vmovshdup	%ymm4, %ymm15
+        vpmuldq	%ymm14, %ymm4, %ymm4
+        vpmuldq	%ymm14, %ymm15, %ymm15
+        vpsubq	%ymm4, %ymm8, %ymm4
+        vpsubq	%ymm15, %ymm9, %ymm15
+        vmovshdup	%ymm4, %ymm4
+        vpblendd	$0xaa, %ymm15, %ymm4, %ymm4
+        vpsubd	%ymm5, %ymm1, %ymm8
+        vpaddd	%ymm5, %ymm1, %ymm1
+        vpmulld	%ymm12, %ymm8, %ymm5
+        vmovshdup	%ymm8, %ymm9
+        vpmuldq	%ymm10, %ymm8, %ymm8
+        vpmuldq	%ymm10, %ymm9, %ymm9
+        vmovshdup	%ymm5, %ymm15
+        vpmuldq	%ymm14, %ymm5, %ymm5
+        vpmuldq	%ymm14, %ymm15, %ymm15
+        vpsubq	%ymm5, %ymm8, %ymm5
+        vpsubq	%ymm15, %ymm9, %ymm15
+        vmovshdup	%ymm5, %ymm5
+        vpblendd	$0xaa, %ymm15, %ymm5, %ymm5
+        vpsubd	%ymm6, %ymm2, %ymm8
+        vpaddd	%ymm6, %ymm2, %ymm2
+        vpmulld	%ymm12, %ymm8, %ymm6
+        vmovshdup	%ymm8, %ymm9
+        vpmuldq	%ymm10, %ymm8, %ymm8
+        vpmuldq	%ymm10, %ymm9, %ymm9
+        vmovshdup	%ymm6, %ymm15
+        vpmuldq	%ymm14, %ymm6, %ymm6
+        vpmuldq	%ymm14, %ymm15, %ymm15
+        vpsubq	%ymm6, %ymm8, %ymm6
+        vpsubq	%ymm15, %ymm9, %ymm15
+        vmovshdup	%ymm6, %ymm6
+        vpblendd	$0xaa, %ymm15, %ymm6, %ymm6
+        vpsubd	%ymm7, %ymm3, %ymm8
+        vpaddd	%ymm7, %ymm3, %ymm3
+        vpmulld	%ymm12, %ymm8, %ymm7
+        vmovshdup	%ymm8, %ymm9
+        vpmuldq	%ymm10, %ymm8, %ymm8
+        vpmuldq	%ymm10, %ymm9, %ymm9
+        vmovshdup	%ymm7, %ymm15
+        vpmuldq	%ymm14, %ymm7, %ymm7
+        vpmuldq	%ymm14, %ymm15, %ymm15
+        vpsubq	%ymm7, %ymm8, %ymm7
+        vpsubq	%ymm15, %ymm9, %ymm15
+        vmovshdup	%ymm7, %ymm7
+        vpblendd	$0xaa, %ymm15, %ymm7, %ymm7
+        vmovdqu	%ymm0, 768(%rdi)
+        vmovdqu	%ymm1, 800(%rdi)
+        vmovdqu	%ymm2, 832(%rdi)
+        vmovdqu	%ymm4, 896(%rdi)
+        vmovdqu	%ymm5, 928(%rdi)
+        vmovdqu	%ymm6, 960(%rdi)
+        vmovdqu	4864(%rdx), %ymm10
+        vmovdqu	4896(%rdx), %ymm12
+        vmovdqu	4928(%rdx), %ymm11
+        vmovdqu	4960(%rdx), %ymm13
+        vmovdqu	%ymm3, %ymm6
+        vmovdqu	96(%rdi), %ymm0
+        vmovdqu	224(%rdi), %ymm1
+        vmovdqu	352(%rdi), %ymm2
+        vmovdqu	480(%rdi), %ymm3
+        vmovdqu	608(%rdi), %ymm4
+        vmovdqu	736(%rdi), %ymm5
+        # 64: 4/4
+        vpsubd	%ymm2, %ymm0, %ymm8
+        vpaddd	%ymm2, %ymm0, %ymm0
+        vpmulld	%ymm12, %ymm8, %ymm2
+        vmovshdup	%ymm8, %ymm9
+        vpmuldq	%ymm10, %ymm8, %ymm8
+        vpmuldq	%ymm10, %ymm9, %ymm9
+        vmovshdup	%ymm2, %ymm15
+        vpmuldq	%ymm14, %ymm2, %ymm2
+        vpmuldq	%ymm14, %ymm15, %ymm15
+        vpsubq	%ymm2, %ymm8, %ymm2
+        vpsubq	%ymm15, %ymm9, %ymm15
+        vmovshdup	%ymm2, %ymm2
+        vpblendd	$0xaa, %ymm15, %ymm2, %ymm2
+        vpsubd	%ymm3, %ymm1, %ymm8
+        vpaddd	%ymm3, %ymm1, %ymm1
+        vpmulld	%ymm12, %ymm8, %ymm3
+        vmovshdup	%ymm8, %ymm9
+        vpmuldq	%ymm10, %ymm8, %ymm8
+        vpmuldq	%ymm10, %ymm9, %ymm9
+        vmovshdup	%ymm3, %ymm15
+        vpmuldq	%ymm14, %ymm3, %ymm3
+        vpmuldq	%ymm14, %ymm15, %ymm15
+        vpsubq	%ymm3, %ymm8, %ymm3
+        vpsubq	%ymm15, %ymm9, %ymm15
+        vmovshdup	%ymm3, %ymm3
+        vpblendd	$0xaa, %ymm15, %ymm3, %ymm3
+        vmovdqu	4992(%rdx), %ymm10
+        vmovdqu	5024(%rdx), %ymm12
+        vpsubd	%ymm6, %ymm4, %ymm8
+        vpaddd	%ymm6, %ymm4, %ymm4
+        vpmulld	%ymm13, %ymm8, %ymm6
+        vmovshdup	%ymm8, %ymm9
+        vpmuldq	%ymm11, %ymm8, %ymm8
+        vpmuldq	%ymm11, %ymm9, %ymm9
+        vmovshdup	%ymm6, %ymm15
+        vpmuldq	%ymm14, %ymm6, %ymm6
+        vpmuldq	%ymm14, %ymm15, %ymm15
+        vpsubq	%ymm6, %ymm8, %ymm6
+        vpsubq	%ymm15, %ymm9, %ymm15
+        vmovshdup	%ymm6, %ymm6
+        vpblendd	$0xaa, %ymm15, %ymm6, %ymm6
+        vpsubd	%ymm7, %ymm5, %ymm8
+        vpaddd	%ymm7, %ymm5, %ymm5
+        vpmulld	%ymm13, %ymm8, %ymm7
+        vmovshdup	%ymm8, %ymm9
+        vpmuldq	%ymm11, %ymm8, %ymm8
+        vpmuldq	%ymm11, %ymm9, %ymm9
+        vmovshdup	%ymm7, %ymm15
+        vpmuldq	%ymm14, %ymm7, %ymm7
+        vpmuldq	%ymm14, %ymm15, %ymm15
+        vpsubq	%ymm7, %ymm8, %ymm7
+        vpsubq	%ymm15, %ymm9, %ymm15
+        vmovshdup	%ymm7, %ymm7
+        vpblendd	$0xaa, %ymm15, %ymm7, %ymm7
+        # 128: 4/4
+        vpsubd	%ymm4, %ymm0, %ymm8
+        vpaddd	%ymm4, %ymm0, %ymm0
+        vpmulld	%ymm12, %ymm8, %ymm4
+        vmovshdup	%ymm8, %ymm9
+        vpmuldq	%ymm10, %ymm8, %ymm8
+        vpmuldq	%ymm10, %ymm9, %ymm9
+        vmovshdup	%ymm4, %ymm15
+        vpmuldq	%ymm14, %ymm4, %ymm4
+        vpmuldq	%ymm14, %ymm15, %ymm15
+        vpsubq	%ymm4, %ymm8, %ymm4
+        vpsubq	%ymm15, %ymm9, %ymm15
+        vmovshdup	%ymm4, %ymm4
+        vpblendd	$0xaa, %ymm15, %ymm4, %ymm4
+        vpsubd	%ymm5, %ymm1, %ymm8
+        vpaddd	%ymm5, %ymm1, %ymm1
+        vpmulld	%ymm12, %ymm8, %ymm5
+        vmovshdup	%ymm8, %ymm9
+        vpmuldq	%ymm10, %ymm8, %ymm8
+        vpmuldq	%ymm10, %ymm9, %ymm9
+        vmovshdup	%ymm5, %ymm15
+        vpmuldq	%ymm14, %ymm5, %ymm5
+        vpmuldq	%ymm14, %ymm15, %ymm15
+        vpsubq	%ymm5, %ymm8, %ymm5
+        vpsubq	%ymm15, %ymm9, %ymm15
+        vmovshdup	%ymm5, %ymm5
+        vpblendd	$0xaa, %ymm15, %ymm5, %ymm5
+        vmovdqu	5056(%rdx), %ymm11
+        vmovdqu	5088(%rdx), %ymm13
+        vpsubd	%ymm6, %ymm2, %ymm8
+        vpaddd	%ymm6, %ymm2, %ymm2
+        vpmulld	%ymm12, %ymm8, %ymm6
+        vmovshdup	%ymm8, %ymm9
+        vpmuldq	%ymm10, %ymm8, %ymm8
+        vpmuldq	%ymm10, %ymm9, %ymm9
+        vmovshdup	%ymm6, %ymm15
+        vpmuldq	%ymm14, %ymm6, %ymm6
+        vpmuldq	%ymm14, %ymm15, %ymm15
+        vpsubq	%ymm6, %ymm8, %ymm6
+        vpsubq	%ymm15, %ymm9, %ymm15
+        vmovshdup	%ymm6, %ymm6
+        vpblendd	$0xaa, %ymm15, %ymm6, %ymm6
+        vpsubd	%ymm7, %ymm3, %ymm8
+        vpaddd	%ymm7, %ymm3, %ymm3
+        vpmulld	%ymm12, %ymm8, %ymm7
+        vmovshdup	%ymm8, %ymm9
+        vpmuldq	%ymm10, %ymm8, %ymm8
+        vpmuldq	%ymm10, %ymm9, %ymm9
+        vmovshdup	%ymm7, %ymm15
+        vpmuldq	%ymm14, %ymm7, %ymm7
+        vpmuldq	%ymm14, %ymm15, %ymm15
+        vpsubq	%ymm7, %ymm8, %ymm7
+        vpsubq	%ymm15, %ymm9, %ymm15
+        vmovshdup	%ymm7, %ymm7
+        vpblendd	$0xaa, %ymm15, %ymm7, %ymm7
+        vpmulld	%ymm13, %ymm0, %ymm8
+        vpmulld	%ymm13, %ymm1, %ymm10
+        vmovshdup	%ymm0, %ymm9
+        vmovshdup	%ymm1, %ymm12
+        vpmuldq	%ymm11, %ymm0, %ymm0
+        vpmuldq	%ymm11, %ymm1, %ymm1
+        vpmuldq	%ymm11, %ymm9, %ymm9
+        vpmuldq	%ymm11, %ymm12, %ymm12
+        vmovshdup	%ymm8, %ymm15
+        vpmuldq	%ymm14, %ymm8, %ymm8
+        vpmuldq	%ymm14, %ymm15, %ymm15
+        vpsubq	%ymm8, %ymm0, %ymm8
+        vpsubq	%ymm15, %ymm9, %ymm15
+        vmovshdup	%ymm10, %ymm9
+        vpmuldq	%ymm14, %ymm10, %ymm10
+        vpmuldq	%ymm14, %ymm9, %ymm9
+        vpsubq	%ymm10, %ymm1, %ymm10
+        vpsubq	%ymm9, %ymm12, %ymm9
+        vmovshdup	%ymm8, %ymm8
+        vmovshdup	%ymm10, %ymm10
+        vpblendd	$0xaa, %ymm15, %ymm8, %ymm0
+        vpblendd	$0xaa, %ymm9, %ymm10, %ymm1
+        vpmulld	%ymm13, %ymm2, %ymm8
+        vpmulld	%ymm13, %ymm3, %ymm10
+        vmovshdup	%ymm2, %ymm9
+        vmovshdup	%ymm3, %ymm12
+        vpmuldq	%ymm11, %ymm2, %ymm2
+        vpmuldq	%ymm11, %ymm3, %ymm3
+        vpmuldq	%ymm11, %ymm9, %ymm9
+        vpmuldq	%ymm11, %ymm12, %ymm12
+        vmovshdup	%ymm8, %ymm15
+        vpmuldq	%ymm14, %ymm8, %ymm8
+        vpmuldq	%ymm14, %ymm15, %ymm15
+        vpsubq	%ymm8, %ymm2, %ymm8
+        vpsubq	%ymm15, %ymm9, %ymm15
+        vmovshdup	%ymm10, %ymm9
+        vpmuldq	%ymm14, %ymm10, %ymm10
+        vpmuldq	%ymm14, %ymm9, %ymm9
+        vpsubq	%ymm10, %ymm3, %ymm10
+        vpsubq	%ymm9, %ymm12, %ymm9
+        vmovshdup	%ymm8, %ymm8
+        vmovshdup	%ymm10, %ymm10
+        vpblendd	$0xaa, %ymm15, %ymm8, %ymm2
+        vpblendd	$0xaa, %ymm9, %ymm10, %ymm3
+        vpmulld	%ymm13, %ymm4, %ymm8
+        vpmulld	%ymm13, %ymm5, %ymm10
+        vmovshdup	%ymm4, %ymm9
+        vmovshdup	%ymm5, %ymm12
+        vpmuldq	%ymm11, %ymm4, %ymm4
+        vpmuldq	%ymm11, %ymm5, %ymm5
+        vpmuldq	%ymm11, %ymm9, %ymm9
+        vpmuldq	%ymm11, %ymm12, %ymm12
+        vmovshdup	%ymm8, %ymm15
+        vpmuldq	%ymm14, %ymm8, %ymm8
+        vpmuldq	%ymm14, %ymm15, %ymm15
+        vpsubq	%ymm8, %ymm4, %ymm8
+        vpsubq	%ymm15, %ymm9, %ymm15
+        vmovshdup	%ymm10, %ymm9
+        vpmuldq	%ymm14, %ymm10, %ymm10
+        vpmuldq	%ymm14, %ymm9, %ymm9
+        vpsubq	%ymm10, %ymm5, %ymm10
+        vpsubq	%ymm9, %ymm12, %ymm9
+        vmovshdup	%ymm8, %ymm8
+        vmovshdup	%ymm10, %ymm10
+        vpblendd	$0xaa, %ymm15, %ymm8, %ymm4
+        vpblendd	$0xaa, %ymm9, %ymm10, %ymm5
+        vpmulld	%ymm13, %ymm6, %ymm8
+        vpmulld	%ymm13, %ymm7, %ymm10
+        vmovshdup	%ymm6, %ymm9
+        vmovshdup	%ymm7, %ymm12
+        vpmuldq	%ymm11, %ymm6, %ymm6
+        vpmuldq	%ymm11, %ymm7, %ymm7
+        vpmuldq	%ymm11, %ymm9, %ymm9
+        vpmuldq	%ymm11, %ymm12, %ymm12
+        vmovshdup	%ymm8, %ymm15
+        vpmuldq	%ymm14, %ymm8, %ymm8
+        vpmuldq	%ymm14, %ymm15, %ymm15
+        vpsubq	%ymm8, %ymm6, %ymm8
+        vpsubq	%ymm15, %ymm9, %ymm15
+        vmovshdup	%ymm10, %ymm9
+        vpmuldq	%ymm14, %ymm10, %ymm10
+        vpmuldq	%ymm14, %ymm9, %ymm9
+        vpsubq	%ymm10, %ymm7, %ymm10
+        vpsubq	%ymm9, %ymm12, %ymm9
+        vmovshdup	%ymm8, %ymm8
+        vmovshdup	%ymm10, %ymm10
+        vpblendd	$0xaa, %ymm15, %ymm8, %ymm6
+        vpblendd	$0xaa, %ymm9, %ymm10, %ymm7
+        vmovdqu	%ymm0, 96(%rdi)
+        vmovdqu	%ymm1, 224(%rdi)
+        vmovdqu	%ymm2, 352(%rdi)
+        vmovdqu	%ymm3, 480(%rdi)
+        vmovdqu	%ymm4, 608(%rdi)
+        vmovdqu	%ymm5, 736(%rdi)
+        vmovdqu	%ymm6, 864(%rdi)
+        vmovdqu	%ymm7, 992(%rdi)
+        vmovdqu	4864(%rdx), %ymm10
+        vmovdqu	4896(%rdx), %ymm12
+        vmovdqu	4928(%rdx), %ymm11
+        vmovdqu	4960(%rdx), %ymm13
+        vmovdqu	64(%rdi), %ymm0
+        vmovdqu	192(%rdi), %ymm1
+        vmovdqu	320(%rdi), %ymm2
+        vmovdqu	448(%rdi), %ymm3
+        vmovdqu	576(%rdi), %ymm4
+        vmovdqu	704(%rdi), %ymm5
+        vmovdqu	832(%rdi), %ymm6
+        vmovdqu	960(%rdi), %ymm7
+        # 64: 3/4
+        vpsubd	%ymm2, %ymm0, %ymm8
+        vpaddd	%ymm2, %ymm0, %ymm0
+        vpmulld	%ymm12, %ymm8, %ymm2
+        vmovshdup	%ymm8, %ymm9
+        vpmuldq	%ymm10, %ymm8, %ymm8
+        vpmuldq	%ymm10, %ymm9, %ymm9
+        vmovshdup	%ymm2, %ymm15
+        vpmuldq	%ymm14, %ymm2, %ymm2
+        vpmuldq	%ymm14, %ymm15, %ymm15
+        vpsubq	%ymm2, %ymm8, %ymm2
+        vpsubq	%ymm15, %ymm9, %ymm15
+        vmovshdup	%ymm2, %ymm2
+        vpblendd	$0xaa, %ymm15, %ymm2, %ymm2
+        vpsubd	%ymm3, %ymm1, %ymm8
+        vpaddd	%ymm3, %ymm1, %ymm1
+        vpmulld	%ymm12, %ymm8, %ymm3
+        vmovshdup	%ymm8, %ymm9
+        vpmuldq	%ymm10, %ymm8, %ymm8
+        vpmuldq	%ymm10, %ymm9, %ymm9
+        vmovshdup	%ymm3, %ymm15
+        vpmuldq	%ymm14, %ymm3, %ymm3
+        vpmuldq	%ymm14, %ymm15, %ymm15
+        vpsubq	%ymm3, %ymm8, %ymm3
+        vpsubq	%ymm15, %ymm9, %ymm15
+        vmovshdup	%ymm3, %ymm3
+        vpblendd	$0xaa, %ymm15, %ymm3, %ymm3
+        vmovdqu	4992(%rdx), %ymm10
+        vmovdqu	5024(%rdx), %ymm12
+        vpsubd	%ymm6, %ymm4, %ymm8
+        vpaddd	%ymm6, %ymm4, %ymm4
+        vpmulld	%ymm13, %ymm8, %ymm6
+        vmovshdup	%ymm8, %ymm9
+        vpmuldq	%ymm11, %ymm8, %ymm8
+        vpmuldq	%ymm11, %ymm9, %ymm9
+        vmovshdup	%ymm6, %ymm15
+        vpmuldq	%ymm14, %ymm6, %ymm6
+        vpmuldq	%ymm14, %ymm15, %ymm15
+        vpsubq	%ymm6, %ymm8, %ymm6
+        vpsubq	%ymm15, %ymm9, %ymm15
+        vmovshdup	%ymm6, %ymm6
+        vpblendd	$0xaa, %ymm15, %ymm6, %ymm6
+        vpsubd	%ymm7, %ymm5, %ymm8
+        vpaddd	%ymm7, %ymm5, %ymm5
+        vpmulld	%ymm13, %ymm8, %ymm7
+        vmovshdup	%ymm8, %ymm9
+        vpmuldq	%ymm11, %ymm8, %ymm8
+        vpmuldq	%ymm11, %ymm9, %ymm9
+        vmovshdup	%ymm7, %ymm15
+        vpmuldq	%ymm14, %ymm7, %ymm7
+        vpmuldq	%ymm14, %ymm15, %ymm15
+        vpsubq	%ymm7, %ymm8, %ymm7
+        vpsubq	%ymm15, %ymm9, %ymm15
+        vmovshdup	%ymm7, %ymm7
+        vpblendd	$0xaa, %ymm15, %ymm7, %ymm7
+        # 128: 3/4
+        vpsubd	%ymm4, %ymm0, %ymm8
+        vpaddd	%ymm4, %ymm0, %ymm0
+        vpmulld	%ymm12, %ymm8, %ymm4
+        vmovshdup	%ymm8, %ymm9
+        vpmuldq	%ymm10, %ymm8, %ymm8
+        vpmuldq	%ymm10, %ymm9, %ymm9
+        vmovshdup	%ymm4, %ymm15
+        vpmuldq	%ymm14, %ymm4, %ymm4
+        vpmuldq	%ymm14, %ymm15, %ymm15
+        vpsubq	%ymm4, %ymm8, %ymm4
+        vpsubq	%ymm15, %ymm9, %ymm15
+        vmovshdup	%ymm4, %ymm4
+        vpblendd	$0xaa, %ymm15, %ymm4, %ymm4
+        vpsubd	%ymm5, %ymm1, %ymm8
+        vpaddd	%ymm5, %ymm1, %ymm1
+        vpmulld	%ymm12, %ymm8, %ymm5
+        vmovshdup	%ymm8, %ymm9
+        vpmuldq	%ymm10, %ymm8, %ymm8
+        vpmuldq	%ymm10, %ymm9, %ymm9
+        vmovshdup	%ymm5, %ymm15
+        vpmuldq	%ymm14, %ymm5, %ymm5
+        vpmuldq	%ymm14, %ymm15, %ymm15
+        vpsubq	%ymm5, %ymm8, %ymm5
+        vpsubq	%ymm15, %ymm9, %ymm15
+        vmovshdup	%ymm5, %ymm5
+        vpblendd	$0xaa, %ymm15, %ymm5, %ymm5
+        vmovdqu	5056(%rdx), %ymm11
+        vmovdqu	5088(%rdx), %ymm13
+        vpsubd	%ymm6, %ymm2, %ymm8
+        vpaddd	%ymm6, %ymm2, %ymm2
+        vpmulld	%ymm12, %ymm8, %ymm6
+        vmovshdup	%ymm8, %ymm9
+        vpmuldq	%ymm10, %ymm8, %ymm8
+        vpmuldq	%ymm10, %ymm9, %ymm9
+        vmovshdup	%ymm6, %ymm15
+        vpmuldq	%ymm14, %ymm6, %ymm6
+        vpmuldq	%ymm14, %ymm15, %ymm15
+        vpsubq	%ymm6, %ymm8, %ymm6
+        vpsubq	%ymm15, %ymm9, %ymm15
+        vmovshdup	%ymm6, %ymm6
+        vpblendd	$0xaa, %ymm15, %ymm6, %ymm6
+        vpsubd	%ymm7, %ymm3, %ymm8
+        vpaddd	%ymm7, %ymm3, %ymm3
+        vpmulld	%ymm12, %ymm8, %ymm7
+        vmovshdup	%ymm8, %ymm9
+        vpmuldq	%ymm10, %ymm8, %ymm8
+        vpmuldq	%ymm10, %ymm9, %ymm9
+        vmovshdup	%ymm7, %ymm15
+        vpmuldq	%ymm14, %ymm7, %ymm7
+        vpmuldq	%ymm14, %ymm15, %ymm15
+        vpsubq	%ymm7, %ymm8, %ymm7
+        vpsubq	%ymm15, %ymm9, %ymm15
+        vmovshdup	%ymm7, %ymm7
+        vpblendd	$0xaa, %ymm15, %ymm7, %ymm7
+        vpmulld	%ymm13, %ymm0, %ymm8
+        vpmulld	%ymm13, %ymm1, %ymm10
+        vmovshdup	%ymm0, %ymm9
+        vmovshdup	%ymm1, %ymm12
+        vpmuldq	%ymm11, %ymm0, %ymm0
+        vpmuldq	%ymm11, %ymm1, %ymm1
+        vpmuldq	%ymm11, %ymm9, %ymm9
+        vpmuldq	%ymm11, %ymm12, %ymm12
+        vmovshdup	%ymm8, %ymm15
+        vpmuldq	%ymm14, %ymm8, %ymm8
+        vpmuldq	%ymm14, %ymm15, %ymm15
+        vpsubq	%ymm8, %ymm0, %ymm8
+        vpsubq	%ymm15, %ymm9, %ymm15
+        vmovshdup	%ymm10, %ymm9
+        vpmuldq	%ymm14, %ymm10, %ymm10
+        vpmuldq	%ymm14, %ymm9, %ymm9
+        vpsubq	%ymm10, %ymm1, %ymm10
+        vpsubq	%ymm9, %ymm12, %ymm9
+        vmovshdup	%ymm8, %ymm8
+        vmovshdup	%ymm10, %ymm10
+        vpblendd	$0xaa, %ymm15, %ymm8, %ymm0
+        vpblendd	$0xaa, %ymm9, %ymm10, %ymm1
+        vpmulld	%ymm13, %ymm2, %ymm8
+        vpmulld	%ymm13, %ymm3, %ymm10
+        vmovshdup	%ymm2, %ymm9
+        vmovshdup	%ymm3, %ymm12
+        vpmuldq	%ymm11, %ymm2, %ymm2
+        vpmuldq	%ymm11, %ymm3, %ymm3
+        vpmuldq	%ymm11, %ymm9, %ymm9
+        vpmuldq	%ymm11, %ymm12, %ymm12
+        vmovshdup	%ymm8, %ymm15
+        vpmuldq	%ymm14, %ymm8, %ymm8
+        vpmuldq	%ymm14, %ymm15, %ymm15
+        vpsubq	%ymm8, %ymm2, %ymm8
+        vpsubq	%ymm15, %ymm9, %ymm15
+        vmovshdup	%ymm10, %ymm9
+        vpmuldq	%ymm14, %ymm10, %ymm10
+        vpmuldq	%ymm14, %ymm9, %ymm9
+        vpsubq	%ymm10, %ymm3, %ymm10
+        vpsubq	%ymm9, %ymm12, %ymm9
+        vmovshdup	%ymm8, %ymm8
+        vmovshdup	%ymm10, %ymm10
+        vpblendd	$0xaa, %ymm15, %ymm8, %ymm2
+        vpblendd	$0xaa, %ymm9, %ymm10, %ymm3
+        vpmulld	%ymm13, %ymm4, %ymm8
+        vpmulld	%ymm13, %ymm5, %ymm10
+        vmovshdup	%ymm4, %ymm9
+        vmovshdup	%ymm5, %ymm12
+        vpmuldq	%ymm11, %ymm4, %ymm4
+        vpmuldq	%ymm11, %ymm5, %ymm5
+        vpmuldq	%ymm11, %ymm9, %ymm9
+        vpmuldq	%ymm11, %ymm12, %ymm12
+        vmovshdup	%ymm8, %ymm15
+        vpmuldq	%ymm14, %ymm8, %ymm8
+        vpmuldq	%ymm14, %ymm15, %ymm15
+        vpsubq	%ymm8, %ymm4, %ymm8
+        vpsubq	%ymm15, %ymm9, %ymm15
+        vmovshdup	%ymm10, %ymm9
+        vpmuldq	%ymm14, %ymm10, %ymm10
+        vpmuldq	%ymm14, %ymm9, %ymm9
+        vpsubq	%ymm10, %ymm5, %ymm10
+        vpsubq	%ymm9, %ymm12, %ymm9
+        vmovshdup	%ymm8, %ymm8
+        vmovshdup	%ymm10, %ymm10
+        vpblendd	$0xaa, %ymm15, %ymm8, %ymm4
+        vpblendd	$0xaa, %ymm9, %ymm10, %ymm5
+        vpmulld	%ymm13, %ymm6, %ymm8
+        vpmulld	%ymm13, %ymm7, %ymm10
+        vmovshdup	%ymm6, %ymm9
+        vmovshdup	%ymm7, %ymm12
+        vpmuldq	%ymm11, %ymm6, %ymm6
+        vpmuldq	%ymm11, %ymm7, %ymm7
+        vpmuldq	%ymm11, %ymm9, %ymm9
+        vpmuldq	%ymm11, %ymm12, %ymm12
+        vmovshdup	%ymm8, %ymm15
+        vpmuldq	%ymm14, %ymm8, %ymm8
+        vpmuldq	%ymm14, %ymm15, %ymm15
+        vpsubq	%ymm8, %ymm6, %ymm8
+        vpsubq	%ymm15, %ymm9, %ymm15
+        vmovshdup	%ymm10, %ymm9
+        vpmuldq	%ymm14, %ymm10, %ymm10
+        vpmuldq	%ymm14, %ymm9, %ymm9
+        vpsubq	%ymm10, %ymm7, %ymm10
+        vpsubq	%ymm9, %ymm12, %ymm9
+        vmovshdup	%ymm8, %ymm8
+        vmovshdup	%ymm10, %ymm10
+        vpblendd	$0xaa, %ymm15, %ymm8, %ymm6
+        vpblendd	$0xaa, %ymm9, %ymm10, %ymm7
+        vmovdqu	%ymm0, 64(%rdi)
+        vmovdqu	%ymm1, 192(%rdi)
+        vmovdqu	%ymm2, 320(%rdi)
+        vmovdqu	%ymm3, 448(%rdi)
+        vmovdqu	%ymm4, 576(%rdi)
+        vmovdqu	%ymm5, 704(%rdi)
+        vmovdqu	%ymm6, 832(%rdi)
+        vmovdqu	%ymm7, 960(%rdi)
+        vmovdqu	4864(%rdx), %ymm10
+        vmovdqu	4896(%rdx), %ymm12
+        vmovdqu	4928(%rdx), %ymm11
+        vmovdqu	4960(%rdx), %ymm13
+        vmovdqu	32(%rdi), %ymm0
+        vmovdqu	160(%rdi), %ymm1
+        vmovdqu	288(%rdi), %ymm2
+        vmovdqu	416(%rdi), %ymm3
+        vmovdqu	544(%rdi), %ymm4
+        vmovdqu	672(%rdi), %ymm5
+        vmovdqu	800(%rdi), %ymm6
+        vmovdqu	928(%rdi), %ymm7
+        # 64: 2/4
+        vpsubd	%ymm2, %ymm0, %ymm8
+        vpaddd	%ymm2, %ymm0, %ymm0
+        vpmulld	%ymm12, %ymm8, %ymm2
+        vmovshdup	%ymm8, %ymm9
+        vpmuldq	%ymm10, %ymm8, %ymm8
+        vpmuldq	%ymm10, %ymm9, %ymm9
+        vmovshdup	%ymm2, %ymm15
+        vpmuldq	%ymm14, %ymm2, %ymm2
+        vpmuldq	%ymm14, %ymm15, %ymm15
+        vpsubq	%ymm2, %ymm8, %ymm2
+        vpsubq	%ymm15, %ymm9, %ymm15
+        vmovshdup	%ymm2, %ymm2
+        vpblendd	$0xaa, %ymm15, %ymm2, %ymm2
+        vpsubd	%ymm3, %ymm1, %ymm8
+        vpaddd	%ymm3, %ymm1, %ymm1
+        vpmulld	%ymm12, %ymm8, %ymm3
+        vmovshdup	%ymm8, %ymm9
+        vpmuldq	%ymm10, %ymm8, %ymm8
+        vpmuldq	%ymm10, %ymm9, %ymm9
+        vmovshdup	%ymm3, %ymm15
+        vpmuldq	%ymm14, %ymm3, %ymm3
+        vpmuldq	%ymm14, %ymm15, %ymm15
+        vpsubq	%ymm3, %ymm8, %ymm3
+        vpsubq	%ymm15, %ymm9, %ymm15
+        vmovshdup	%ymm3, %ymm3
+        vpblendd	$0xaa, %ymm15, %ymm3, %ymm3
+        vmovdqu	4992(%rdx), %ymm10
+        vmovdqu	5024(%rdx), %ymm12
+        vpsubd	%ymm6, %ymm4, %ymm8
+        vpaddd	%ymm6, %ymm4, %ymm4
+        vpmulld	%ymm13, %ymm8, %ymm6
+        vmovshdup	%ymm8, %ymm9
+        vpmuldq	%ymm11, %ymm8, %ymm8
+        vpmuldq	%ymm11, %ymm9, %ymm9
+        vmovshdup	%ymm6, %ymm15
+        vpmuldq	%ymm14, %ymm6, %ymm6
+        vpmuldq	%ymm14, %ymm15, %ymm15
+        vpsubq	%ymm6, %ymm8, %ymm6
+        vpsubq	%ymm15, %ymm9, %ymm15
+        vmovshdup	%ymm6, %ymm6
+        vpblendd	$0xaa, %ymm15, %ymm6, %ymm6
+        vpsubd	%ymm7, %ymm5, %ymm8
+        vpaddd	%ymm7, %ymm5, %ymm5
+        vpmulld	%ymm13, %ymm8, %ymm7
+        vmovshdup	%ymm8, %ymm9
+        vpmuldq	%ymm11, %ymm8, %ymm8
+        vpmuldq	%ymm11, %ymm9, %ymm9
+        vmovshdup	%ymm7, %ymm15
+        vpmuldq	%ymm14, %ymm7, %ymm7
+        vpmuldq	%ymm14, %ymm15, %ymm15
+        vpsubq	%ymm7, %ymm8, %ymm7
+        vpsubq	%ymm15, %ymm9, %ymm15
+        vmovshdup	%ymm7, %ymm7
+        vpblendd	$0xaa, %ymm15, %ymm7, %ymm7
+        # 128: 2/4
+        vpsubd	%ymm4, %ymm0, %ymm8
+        vpaddd	%ymm4, %ymm0, %ymm0
+        vpmulld	%ymm12, %ymm8, %ymm4
+        vmovshdup	%ymm8, %ymm9
+        vpmuldq	%ymm10, %ymm8, %ymm8
+        vpmuldq	%ymm10, %ymm9, %ymm9
+        vmovshdup	%ymm4, %ymm15
+        vpmuldq	%ymm14, %ymm4, %ymm4
+        vpmuldq	%ymm14, %ymm15, %ymm15
+        vpsubq	%ymm4, %ymm8, %ymm4
+        vpsubq	%ymm15, %ymm9, %ymm15
+        vmovshdup	%ymm4, %ymm4
+        vpblendd	$0xaa, %ymm15, %ymm4, %ymm4
+        vpsubd	%ymm5, %ymm1, %ymm8
+        vpaddd	%ymm5, %ymm1, %ymm1
+        vpmulld	%ymm12, %ymm8, %ymm5
+        vmovshdup	%ymm8, %ymm9
+        vpmuldq	%ymm10, %ymm8, %ymm8
+        vpmuldq	%ymm10, %ymm9, %ymm9
+        vmovshdup	%ymm5, %ymm15
+        vpmuldq	%ymm14, %ymm5, %ymm5
+        vpmuldq	%ymm14, %ymm15, %ymm15
+        vpsubq	%ymm5, %ymm8, %ymm5
+        vpsubq	%ymm15, %ymm9, %ymm15
+        vmovshdup	%ymm5, %ymm5
+        vpblendd	$0xaa, %ymm15, %ymm5, %ymm5
+        vmovdqu	5056(%rdx), %ymm11
+        vmovdqu	5088(%rdx), %ymm13
+        vpsubd	%ymm6, %ymm2, %ymm8
+        vpaddd	%ymm6, %ymm2, %ymm2
+        vpmulld	%ymm12, %ymm8, %ymm6
+        vmovshdup	%ymm8, %ymm9
+        vpmuldq	%ymm10, %ymm8, %ymm8
+        vpmuldq	%ymm10, %ymm9, %ymm9
+        vmovshdup	%ymm6, %ymm15
+        vpmuldq	%ymm14, %ymm6, %ymm6
+        vpmuldq	%ymm14, %ymm15, %ymm15
+        vpsubq	%ymm6, %ymm8, %ymm6
+        vpsubq	%ymm15, %ymm9, %ymm15
+        vmovshdup	%ymm6, %ymm6
+        vpblendd	$0xaa, %ymm15, %ymm6, %ymm6
+        vpsubd	%ymm7, %ymm3, %ymm8
+        vpaddd	%ymm7, %ymm3, %ymm3
+        vpmulld	%ymm12, %ymm8, %ymm7
+        vmovshdup	%ymm8, %ymm9
+        vpmuldq	%ymm10, %ymm8, %ymm8
+        vpmuldq	%ymm10, %ymm9, %ymm9
+        vmovshdup	%ymm7, %ymm15
+        vpmuldq	%ymm14, %ymm7, %ymm7
+        vpmuldq	%ymm14, %ymm15, %ymm15
+        vpsubq	%ymm7, %ymm8, %ymm7
+        vpsubq	%ymm15, %ymm9, %ymm15
+        vmovshdup	%ymm7, %ymm7
+        vpblendd	$0xaa, %ymm15, %ymm7, %ymm7
+        vpmulld	%ymm13, %ymm0, %ymm8
+        vpmulld	%ymm13, %ymm1, %ymm10
+        vmovshdup	%ymm0, %ymm9
+        vmovshdup	%ymm1, %ymm12
+        vpmuldq	%ymm11, %ymm0, %ymm0
+        vpmuldq	%ymm11, %ymm1, %ymm1
+        vpmuldq	%ymm11, %ymm9, %ymm9
+        vpmuldq	%ymm11, %ymm12, %ymm12
+        vmovshdup	%ymm8, %ymm15
+        vpmuldq	%ymm14, %ymm8, %ymm8
+        vpmuldq	%ymm14, %ymm15, %ymm15
+        vpsubq	%ymm8, %ymm0, %ymm8
+        vpsubq	%ymm15, %ymm9, %ymm15
+        vmovshdup	%ymm10, %ymm9
+        vpmuldq	%ymm14, %ymm10, %ymm10
+        vpmuldq	%ymm14, %ymm9, %ymm9
+        vpsubq	%ymm10, %ymm1, %ymm10
+        vpsubq	%ymm9, %ymm12, %ymm9
+        vmovshdup	%ymm8, %ymm8
+        vmovshdup	%ymm10, %ymm10
+        vpblendd	$0xaa, %ymm15, %ymm8, %ymm0
+        vpblendd	$0xaa, %ymm9, %ymm10, %ymm1
+        vpmulld	%ymm13, %ymm2, %ymm8
+        vpmulld	%ymm13, %ymm3, %ymm10
+        vmovshdup	%ymm2, %ymm9
+        vmovshdup	%ymm3, %ymm12
+        vpmuldq	%ymm11, %ymm2, %ymm2
+        vpmuldq	%ymm11, %ymm3, %ymm3
+        vpmuldq	%ymm11, %ymm9, %ymm9
+        vpmuldq	%ymm11, %ymm12, %ymm12
+        vmovshdup	%ymm8, %ymm15
+        vpmuldq	%ymm14, %ymm8, %ymm8
+        vpmuldq	%ymm14, %ymm15, %ymm15
+        vpsubq	%ymm8, %ymm2, %ymm8
+        vpsubq	%ymm15, %ymm9, %ymm15
+        vmovshdup	%ymm10, %ymm9
+        vpmuldq	%ymm14, %ymm10, %ymm10
+        vpmuldq	%ymm14, %ymm9, %ymm9
+        vpsubq	%ymm10, %ymm3, %ymm10
+        vpsubq	%ymm9, %ymm12, %ymm9
+        vmovshdup	%ymm8, %ymm8
+        vmovshdup	%ymm10, %ymm10
+        vpblendd	$0xaa, %ymm15, %ymm8, %ymm2
+        vpblendd	$0xaa, %ymm9, %ymm10, %ymm3
+        vpmulld	%ymm13, %ymm4, %ymm8
+        vpmulld	%ymm13, %ymm5, %ymm10
+        vmovshdup	%ymm4, %ymm9
+        vmovshdup	%ymm5, %ymm12
+        vpmuldq	%ymm11, %ymm4, %ymm4
+        vpmuldq	%ymm11, %ymm5, %ymm5
+        vpmuldq	%ymm11, %ymm9, %ymm9
+        vpmuldq	%ymm11, %ymm12, %ymm12
+        vmovshdup	%ymm8, %ymm15
+        vpmuldq	%ymm14, %ymm8, %ymm8
+        vpmuldq	%ymm14, %ymm15, %ymm15
+        vpsubq	%ymm8, %ymm4, %ymm8
+        vpsubq	%ymm15, %ymm9, %ymm15
+        vmovshdup	%ymm10, %ymm9
+        vpmuldq	%ymm14, %ymm10, %ymm10
+        vpmuldq	%ymm14, %ymm9, %ymm9
+        vpsubq	%ymm10, %ymm5, %ymm10
+        vpsubq	%ymm9, %ymm12, %ymm9
+        vmovshdup	%ymm8, %ymm8
+        vmovshdup	%ymm10, %ymm10
+        vpblendd	$0xaa, %ymm15, %ymm8, %ymm4
+        vpblendd	$0xaa, %ymm9, %ymm10, %ymm5
+        vpmulld	%ymm13, %ymm6, %ymm8
+        vpmulld	%ymm13, %ymm7, %ymm10
+        vmovshdup	%ymm6, %ymm9
+        vmovshdup	%ymm7, %ymm12
+        vpmuldq	%ymm11, %ymm6, %ymm6
+        vpmuldq	%ymm11, %ymm7, %ymm7
+        vpmuldq	%ymm11, %ymm9, %ymm9
+        vpmuldq	%ymm11, %ymm12, %ymm12
+        vmovshdup	%ymm8, %ymm15
+        vpmuldq	%ymm14, %ymm8, %ymm8
+        vpmuldq	%ymm14, %ymm15, %ymm15
+        vpsubq	%ymm8, %ymm6, %ymm8
+        vpsubq	%ymm15, %ymm9, %ymm15
+        vmovshdup	%ymm10, %ymm9
+        vpmuldq	%ymm14, %ymm10, %ymm10
+        vpmuldq	%ymm14, %ymm9, %ymm9
+        vpsubq	%ymm10, %ymm7, %ymm10
+        vpsubq	%ymm9, %ymm12, %ymm9
+        vmovshdup	%ymm8, %ymm8
+        vmovshdup	%ymm10, %ymm10
+        vpblendd	$0xaa, %ymm15, %ymm8, %ymm6
+        vpblendd	$0xaa, %ymm9, %ymm10, %ymm7
+        vmovdqu	%ymm0, 32(%rdi)
+        vmovdqu	%ymm1, 160(%rdi)
+        vmovdqu	%ymm2, 288(%rdi)
+        vmovdqu	%ymm3, 416(%rdi)
+        vmovdqu	%ymm4, 544(%rdi)
+        vmovdqu	%ymm5, 672(%rdi)
+        vmovdqu	%ymm6, 800(%rdi)
+        vmovdqu	%ymm7, 928(%rdi)
+        vmovdqu	4864(%rdx), %ymm10
+        vmovdqu	4896(%rdx), %ymm12
+        vmovdqu	4928(%rdx), %ymm11
+        vmovdqu	4960(%rdx), %ymm13
+        vmovdqu	(%rdi), %ymm0
+        vmovdqu	128(%rdi), %ymm1
+        vmovdqu	256(%rdi), %ymm2
+        vmovdqu	384(%rdi), %ymm3
+        vmovdqu	512(%rdi), %ymm4
+        vmovdqu	640(%rdi), %ymm5
+        vmovdqu	768(%rdi), %ymm6
+        vmovdqu	896(%rdi), %ymm7
+        # 64: 1/4
+        vpsubd	%ymm2, %ymm0, %ymm8
+        vpaddd	%ymm2, %ymm0, %ymm0
+        vpmulld	%ymm12, %ymm8, %ymm2
+        vmovshdup	%ymm8, %ymm9
+        vpmuldq	%ymm10, %ymm8, %ymm8
+        vpmuldq	%ymm10, %ymm9, %ymm9
+        vmovshdup	%ymm2, %ymm15
+        vpmuldq	%ymm14, %ymm2, %ymm2
+        vpmuldq	%ymm14, %ymm15, %ymm15
+        vpsubq	%ymm2, %ymm8, %ymm2
+        vpsubq	%ymm15, %ymm9, %ymm15
+        vmovshdup	%ymm2, %ymm2
+        vpblendd	$0xaa, %ymm15, %ymm2, %ymm2
+        vpsubd	%ymm3, %ymm1, %ymm8
+        vpaddd	%ymm3, %ymm1, %ymm1
+        vpmulld	%ymm12, %ymm8, %ymm3
+        vmovshdup	%ymm8, %ymm9
+        vpmuldq	%ymm10, %ymm8, %ymm8
+        vpmuldq	%ymm10, %ymm9, %ymm9
+        vmovshdup	%ymm3, %ymm15
+        vpmuldq	%ymm14, %ymm3, %ymm3
+        vpmuldq	%ymm14, %ymm15, %ymm15
+        vpsubq	%ymm3, %ymm8, %ymm3
+        vpsubq	%ymm15, %ymm9, %ymm15
+        vmovshdup	%ymm3, %ymm3
+        vpblendd	$0xaa, %ymm15, %ymm3, %ymm3
+        vmovdqu	4992(%rdx), %ymm10
+        vmovdqu	5024(%rdx), %ymm12
+        vpsubd	%ymm6, %ymm4, %ymm8
+        vpaddd	%ymm6, %ymm4, %ymm4
+        vpmulld	%ymm13, %ymm8, %ymm6
+        vmovshdup	%ymm8, %ymm9
+        vpmuldq	%ymm11, %ymm8, %ymm8
+        vpmuldq	%ymm11, %ymm9, %ymm9
+        vmovshdup	%ymm6, %ymm15
+        vpmuldq	%ymm14, %ymm6, %ymm6
+        vpmuldq	%ymm14, %ymm15, %ymm15
+        vpsubq	%ymm6, %ymm8, %ymm6
+        vpsubq	%ymm15, %ymm9, %ymm15
+        vmovshdup	%ymm6, %ymm6
+        vpblendd	$0xaa, %ymm15, %ymm6, %ymm6
+        vpsubd	%ymm7, %ymm5, %ymm8
+        vpaddd	%ymm7, %ymm5, %ymm5
+        vpmulld	%ymm13, %ymm8, %ymm7
+        vmovshdup	%ymm8, %ymm9
+        vpmuldq	%ymm11, %ymm8, %ymm8
+        vpmuldq	%ymm11, %ymm9, %ymm9
+        vmovshdup	%ymm7, %ymm15
+        vpmuldq	%ymm14, %ymm7, %ymm7
+        vpmuldq	%ymm14, %ymm15, %ymm15
+        vpsubq	%ymm7, %ymm8, %ymm7
+        vpsubq	%ymm15, %ymm9, %ymm15
+        vmovshdup	%ymm7, %ymm7
+        vpblendd	$0xaa, %ymm15, %ymm7, %ymm7
+        # 128: 1/4
+        vpsubd	%ymm4, %ymm0, %ymm8
+        vpaddd	%ymm4, %ymm0, %ymm0
+        vpmulld	%ymm12, %ymm8, %ymm4
+        vmovshdup	%ymm8, %ymm9
+        vpmuldq	%ymm10, %ymm8, %ymm8
+        vpmuldq	%ymm10, %ymm9, %ymm9
+        vmovshdup	%ymm4, %ymm15
+        vpmuldq	%ymm14, %ymm4, %ymm4
+        vpmuldq	%ymm14, %ymm15, %ymm15
+        vpsubq	%ymm4, %ymm8, %ymm4
+        vpsubq	%ymm15, %ymm9, %ymm15
+        vmovshdup	%ymm4, %ymm4
+        vpblendd	$0xaa, %ymm15, %ymm4, %ymm4
+        vpsubd	%ymm5, %ymm1, %ymm8
+        vpaddd	%ymm5, %ymm1, %ymm1
+        vpmulld	%ymm12, %ymm8, %ymm5
+        vmovshdup	%ymm8, %ymm9
+        vpmuldq	%ymm10, %ymm8, %ymm8
+        vpmuldq	%ymm10, %ymm9, %ymm9
+        vmovshdup	%ymm5, %ymm15
+        vpmuldq	%ymm14, %ymm5, %ymm5
+        vpmuldq	%ymm14, %ymm15, %ymm15
+        vpsubq	%ymm5, %ymm8, %ymm5
+        vpsubq	%ymm15, %ymm9, %ymm15
+        vmovshdup	%ymm5, %ymm5
+        vpblendd	$0xaa, %ymm15, %ymm5, %ymm5
+        vmovdqu	5056(%rdx), %ymm11
+        vmovdqu	5088(%rdx), %ymm13
+        vpsubd	%ymm6, %ymm2, %ymm8
+        vpaddd	%ymm6, %ymm2, %ymm2
+        vpmulld	%ymm12, %ymm8, %ymm6
+        vmovshdup	%ymm8, %ymm9
+        vpmuldq	%ymm10, %ymm8, %ymm8
+        vpmuldq	%ymm10, %ymm9, %ymm9
+        vmovshdup	%ymm6, %ymm15
+        vpmuldq	%ymm14, %ymm6, %ymm6
+        vpmuldq	%ymm14, %ymm15, %ymm15
+        vpsubq	%ymm6, %ymm8, %ymm6
+        vpsubq	%ymm15, %ymm9, %ymm15
+        vmovshdup	%ymm6, %ymm6
+        vpblendd	$0xaa, %ymm15, %ymm6, %ymm6
+        vpsubd	%ymm7, %ymm3, %ymm8
+        vpaddd	%ymm7, %ymm3, %ymm3
+        vpmulld	%ymm12, %ymm8, %ymm7
+        vmovshdup	%ymm8, %ymm9
+        vpmuldq	%ymm10, %ymm8, %ymm8
+        vpmuldq	%ymm10, %ymm9, %ymm9
+        vmovshdup	%ymm7, %ymm15
+        vpmuldq	%ymm14, %ymm7, %ymm7
+        vpmuldq	%ymm14, %ymm15, %ymm15
+        vpsubq	%ymm7, %ymm8, %ymm7
+        vpsubq	%ymm15, %ymm9, %ymm15
+        vmovshdup	%ymm7, %ymm7
+        vpblendd	$0xaa, %ymm15, %ymm7, %ymm7
+        vpmulld	%ymm13, %ymm0, %ymm8
+        vpmulld	%ymm13, %ymm1, %ymm10
+        vmovshdup	%ymm0, %ymm9
+        vmovshdup	%ymm1, %ymm12
+        vpmuldq	%ymm11, %ymm0, %ymm0
+        vpmuldq	%ymm11, %ymm1, %ymm1
+        vpmuldq	%ymm11, %ymm9, %ymm9
+        vpmuldq	%ymm11, %ymm12, %ymm12
+        vmovshdup	%ymm8, %ymm15
+        vpmuldq	%ymm14, %ymm8, %ymm8
+        vpmuldq	%ymm14, %ymm15, %ymm15
+        vpsubq	%ymm8, %ymm0, %ymm8
+        vpsubq	%ymm15, %ymm9, %ymm15
+        vmovshdup	%ymm10, %ymm9
+        vpmuldq	%ymm14, %ymm10, %ymm10
+        vpmuldq	%ymm14, %ymm9, %ymm9
+        vpsubq	%ymm10, %ymm1, %ymm10
+        vpsubq	%ymm9, %ymm12, %ymm9
+        vmovshdup	%ymm8, %ymm8
+        vmovshdup	%ymm10, %ymm10
+        vpblendd	$0xaa, %ymm15, %ymm8, %ymm0
+        vpblendd	$0xaa, %ymm9, %ymm10, %ymm1
+        vpmulld	%ymm13, %ymm2, %ymm8
+        vpmulld	%ymm13, %ymm3, %ymm10
+        vmovshdup	%ymm2, %ymm9
+        vmovshdup	%ymm3, %ymm12
+        vpmuldq	%ymm11, %ymm2, %ymm2
+        vpmuldq	%ymm11, %ymm3, %ymm3
+        vpmuldq	%ymm11, %ymm9, %ymm9
+        vpmuldq	%ymm11, %ymm12, %ymm12
+        vmovshdup	%ymm8, %ymm15
+        vpmuldq	%ymm14, %ymm8, %ymm8
+        vpmuldq	%ymm14, %ymm15, %ymm15
+        vpsubq	%ymm8, %ymm2, %ymm8
+        vpsubq	%ymm15, %ymm9, %ymm15
+        vmovshdup	%ymm10, %ymm9
+        vpmuldq	%ymm14, %ymm10, %ymm10
+        vpmuldq	%ymm14, %ymm9, %ymm9
+        vpsubq	%ymm10, %ymm3, %ymm10
+        vpsubq	%ymm9, %ymm12, %ymm9
+        vmovshdup	%ymm8, %ymm8
+        vmovshdup	%ymm10, %ymm10
+        vpblendd	$0xaa, %ymm15, %ymm8, %ymm2
+        vpblendd	$0xaa, %ymm9, %ymm10, %ymm3
+        vpmulld	%ymm13, %ymm4, %ymm8
+        vpmulld	%ymm13, %ymm5, %ymm10
+        vmovshdup	%ymm4, %ymm9
+        vmovshdup	%ymm5, %ymm12
+        vpmuldq	%ymm11, %ymm4, %ymm4
+        vpmuldq	%ymm11, %ymm5, %ymm5
+        vpmuldq	%ymm11, %ymm9, %ymm9
+        vpmuldq	%ymm11, %ymm12, %ymm12
+        vmovshdup	%ymm8, %ymm15
+        vpmuldq	%ymm14, %ymm8, %ymm8
+        vpmuldq	%ymm14, %ymm15, %ymm15
+        vpsubq	%ymm8, %ymm4, %ymm8
+        vpsubq	%ymm15, %ymm9, %ymm15
+        vmovshdup	%ymm10, %ymm9
+        vpmuldq	%ymm14, %ymm10, %ymm10
+        vpmuldq	%ymm14, %ymm9, %ymm9
+        vpsubq	%ymm10, %ymm5, %ymm10
+        vpsubq	%ymm9, %ymm12, %ymm9
+        vmovshdup	%ymm8, %ymm8
+        vmovshdup	%ymm10, %ymm10
+        vpblendd	$0xaa, %ymm15, %ymm8, %ymm4
+        vpblendd	$0xaa, %ymm9, %ymm10, %ymm5
+        vpmulld	%ymm13, %ymm6, %ymm8
+        vpmulld	%ymm13, %ymm7, %ymm10
+        vmovshdup	%ymm6, %ymm9
+        vmovshdup	%ymm7, %ymm12
+        vpmuldq	%ymm11, %ymm6, %ymm6
+        vpmuldq	%ymm11, %ymm7, %ymm7
+        vpmuldq	%ymm11, %ymm9, %ymm9
+        vpmuldq	%ymm11, %ymm12, %ymm12
+        vmovshdup	%ymm8, %ymm15
+        vpmuldq	%ymm14, %ymm8, %ymm8
+        vpmuldq	%ymm14, %ymm15, %ymm15
+        vpsubq	%ymm8, %ymm6, %ymm8
+        vpsubq	%ymm15, %ymm9, %ymm15
+        vmovshdup	%ymm10, %ymm9
+        vpmuldq	%ymm14, %ymm10, %ymm10
+        vpmuldq	%ymm14, %ymm9, %ymm9
+        vpsubq	%ymm10, %ymm7, %ymm10
+        vpsubq	%ymm9, %ymm12, %ymm9
+        vmovshdup	%ymm8, %ymm8
+        vmovshdup	%ymm10, %ymm10
+        vpblendd	$0xaa, %ymm15, %ymm8, %ymm6
+        vpblendd	$0xaa, %ymm9, %ymm10, %ymm7
+        vmovdqu	%ymm0, (%rdi)
+        vmovdqu	%ymm1, 128(%rdi)
+        vmovdqu	%ymm2, 256(%rdi)
+        vmovdqu	%ymm3, 384(%rdi)
+        vmovdqu	%ymm4, 512(%rdi)
+        vmovdqu	%ymm5, 640(%rdi)
+        vmovdqu	%ymm6, 768(%rdi)
+        vmovdqu	%ymm7, 896(%rdi)
+        vzeroupper
+        repz retq
+#ifndef __APPLE__
+.size	wc_mldsa_invntt_avx2,.-wc_mldsa_invntt_avx2
+#endif /* __APPLE__ */
+#ifndef __APPLE__
+.text
+.globl	wc_mldsa_invntt_full_avx2
+.type	wc_mldsa_invntt_full_avx2,@function
+.align	16
+wc_mldsa_invntt_full_avx2:
+#else
+.section	__TEXT,__text
+.globl	_wc_mldsa_invntt_full_avx2
+.p2align	4
+_wc_mldsa_invntt_full_avx2:
+#endif /* __APPLE__ */
+        vpxor	%ymm14, %ymm14, %ymm14
+        vmovdqu	mldsa_q(%rip), %ymm14
+        # invntt
+        leaq	L_mldsa_avx2_zetas_inv(%rip), %rdx
+        vmovdqu	(%rdi), %ymm0
+        vmovdqu	32(%rdi), %ymm1
+        vmovdqu	64(%rdi), %ymm2
+        vmovdqu	96(%rdi), %ymm3
+        vmovdqu	128(%rdi), %ymm4
+        vmovdqu	160(%rdi), %ymm5
+        vmovdqu	192(%rdi), %ymm6
+        vmovdqu	224(%rdi), %ymm7
+        vpunpckldq	%ymm1, %ymm0, %ymm8
+        vpunpckhdq	%ymm1, %ymm0, %ymm9
+        vpunpckldq	%ymm9, %ymm8, %ymm0
+        vpunpckhdq	%ymm9, %ymm8, %ymm1
+        vpermq	$0xd8, %ymm0, %ymm0
+        vpermq	$0xd8, %ymm1, %ymm1
+        vpunpckldq	%ymm3, %ymm2, %ymm8
+        vpunpckhdq	%ymm3, %ymm2, %ymm9
+        vpunpckldq	%ymm9, %ymm8, %ymm2
+        vpunpckhdq	%ymm9, %ymm8, %ymm3
+        vpermq	$0xd8, %ymm2, %ymm2
+        vpermq	$0xd8, %ymm3, %ymm3
+        # 1: 1/4
+        vmovdqu	(%rdx), %ymm10
+        vmovdqu	32(%rdx), %ymm12
+        vmovdqu	64(%rdx), %ymm11
+        vmovdqu	96(%rdx), %ymm13
+        vpsubd	%ymm1, %ymm0, %ymm8
+        vpaddd	%ymm1, %ymm0, %ymm0
+        vpmulld	%ymm12, %ymm8, %ymm1
+        vmovshdup	%ymm8, %ymm9
+        vpmuldq	%ymm10, %ymm8, %ymm8
+        vmovshdup	%ymm10, %ymm10
+        vpmuldq	%ymm10, %ymm9, %ymm9
+        vmovshdup	%ymm1, %ymm15
+        vpmuldq	%ymm14, %ymm1, %ymm1
+        vpmuldq	%ymm14, %ymm15, %ymm15
+        vpsubq	%ymm1, %ymm8, %ymm1
+        vpsubq	%ymm15, %ymm9, %ymm15
+        vmovshdup	%ymm1, %ymm1
+        vpblendd	$0xaa, %ymm15, %ymm1, %ymm1
+        vpsubd	%ymm3, %ymm2, %ymm8
+        vpaddd	%ymm3, %ymm2, %ymm2
+        vpmulld	%ymm13, %ymm8, %ymm3
+        vmovshdup	%ymm8, %ymm9
+        vpmuldq	%ymm11, %ymm8, %ymm8
+        vmovshdup	%ymm11, %ymm11
+        vpmuldq	%ymm11, %ymm9, %ymm9
+        vmovshdup	%ymm3, %ymm15
+        vpmuldq	%ymm14, %ymm3, %ymm3
+        vpmuldq	%ymm14, %ymm15, %ymm15
+        vpsubq	%ymm3, %ymm8, %ymm3
+        vpsubq	%ymm15, %ymm9, %ymm15
+        vmovshdup	%ymm3, %ymm3
+        vpblendd	$0xaa, %ymm15, %ymm3, %ymm3
+        # 2: 1/4
+        vmovdqu	128(%rdx), %ymm10
+        vmovdqu	160(%rdx), %ymm12
+        vmovdqu	192(%rdx), %ymm11
+        vmovdqu	224(%rdx), %ymm13
+        vpshufd	$0xd8, %ymm0, %ymm8
+        vpshufd	$0xd8, %ymm1, %ymm9
+        vpunpckldq	%ymm9, %ymm8, %ymm0
+        vpunpckhdq	%ymm9, %ymm8, %ymm1
+        vpshufd	$0xd8, %ymm2, %ymm8
+        vpshufd	$0xd8, %ymm3, %ymm9
+        vpunpckldq	%ymm9, %ymm8, %ymm2
+        vpunpckhdq	%ymm9, %ymm8, %ymm3
+        vpsubd	%ymm1, %ymm0, %ymm8
+        vpaddd	%ymm1, %ymm0, %ymm0
+        vpmulld	%ymm12, %ymm8, %ymm1
+        vmovshdup	%ymm8, %ymm9
+        vpmuldq	%ymm10, %ymm8, %ymm8
+        vpmuldq	%ymm10, %ymm9, %ymm9
+        vmovshdup	%ymm1, %ymm15
+        vpmuldq	%ymm14, %ymm1, %ymm1
+        vpmuldq	%ymm14, %ymm15, %ymm15
+        vpsubq	%ymm1, %ymm8, %ymm1
+        vpsubq	%ymm15, %ymm9, %ymm15
+        vmovshdup	%ymm1, %ymm1
+        vpblendd	$0xaa, %ymm15, %ymm1, %ymm1
+        vpsubd	%ymm3, %ymm2, %ymm8
+        vpaddd	%ymm3, %ymm2, %ymm2
+        vpmulld	%ymm13, %ymm8, %ymm3
+        vmovshdup	%ymm8, %ymm9
+        vpmuldq	%ymm11, %ymm8, %ymm8
+        vpmuldq	%ymm11, %ymm9, %ymm9
+        vmovshdup	%ymm3, %ymm15
+        vpmuldq	%ymm14, %ymm3, %ymm3
+        vpmuldq	%ymm14, %ymm15, %ymm15
+        vpsubq	%ymm3, %ymm8, %ymm3
+        vpsubq	%ymm15, %ymm9, %ymm15
+        vmovshdup	%ymm3, %ymm3
+        vpblendd	$0xaa, %ymm15, %ymm3, %ymm3
+        # 4: 1/4
+        vmovdqu	256(%rdx), %ymm10
+        vmovdqu	288(%rdx), %ymm12
+        vmovdqu	320(%rdx), %ymm11
+        vmovdqu	352(%rdx), %ymm13
+        vpunpcklqdq	%ymm1, %ymm0, %ymm8
+        vpunpckhqdq	%ymm1, %ymm0, %ymm1
+        vpunpcklqdq	%ymm3, %ymm2, %ymm9
+        vpunpckhqdq	%ymm3, %ymm2, %ymm3
+        vpsubd	%ymm1, %ymm8, %ymm0
+        vpaddd	%ymm1, %ymm8, %ymm8
+        vpmulld	%ymm12, %ymm0, %ymm1
+        vmovshdup	%ymm0, %ymm2
+        vpmuldq	%ymm10, %ymm0, %ymm0
+        vpmuldq	%ymm10, %ymm2, %ymm2
+        vmovshdup	%ymm1, %ymm15
+        vpmuldq	%ymm14, %ymm1, %ymm1
+        vpmuldq	%ymm14, %ymm15, %ymm15
+        vpsubq	%ymm1, %ymm0, %ymm1
+        vpsubq	%ymm15, %ymm2, %ymm15
+        vmovshdup	%ymm1, %ymm1
+        vpblendd	$0xaa, %ymm15, %ymm1, %ymm1
+        vpsubd	%ymm3, %ymm9, %ymm0
+        vpaddd	%ymm3, %ymm9, %ymm9
+        vpmulld	%ymm13, %ymm0, %ymm3
+        vmovshdup	%ymm0, %ymm2
+        vpmuldq	%ymm11, %ymm0, %ymm0
+        vpmuldq	%ymm11, %ymm2, %ymm2
+        vmovshdup	%ymm3, %ymm15
+        vpmuldq	%ymm14, %ymm3, %ymm3
+        vpmuldq	%ymm14, %ymm15, %ymm15
+        vpsubq	%ymm3, %ymm0, %ymm3
+        vpsubq	%ymm15, %ymm2, %ymm15
+        vmovshdup	%ymm3, %ymm3
+        vpblendd	$0xaa, %ymm15, %ymm3, %ymm3
+        # 8: 1/4
+        vperm2i128	$32, %ymm1, %ymm8, %ymm0
+        vmovdqu	384(%rdx), %ymm10
+        vperm2i128	$49, %ymm1, %ymm8, %ymm1
+        vmovdqu	416(%rdx), %ymm12
+        vperm2i128	$32, %ymm3, %ymm9, %ymm2
+        vmovdqu	448(%rdx), %ymm11
+        vperm2i128	$49, %ymm3, %ymm9, %ymm3
+        vmovdqu	480(%rdx), %ymm13
+        vpsubd	%ymm1, %ymm0, %ymm8
+        vpaddd	%ymm1, %ymm0, %ymm0
+        vpmulld	%ymm12, %ymm8, %ymm1
+        vmovshdup	%ymm8, %ymm9
+        vpmuldq	%ymm10, %ymm8, %ymm8
+        vpmuldq	%ymm10, %ymm9, %ymm9
+        vmovshdup	%ymm1, %ymm15
+        vpmuldq	%ymm14, %ymm1, %ymm1
+        vpmuldq	%ymm14, %ymm15, %ymm15
+        vpsubq	%ymm1, %ymm8, %ymm1
+        vpsubq	%ymm15, %ymm9, %ymm15
+        vmovshdup	%ymm1, %ymm1
+        vpblendd	$0xaa, %ymm15, %ymm1, %ymm1
+        vpsubd	%ymm3, %ymm2, %ymm8
+        vpaddd	%ymm3, %ymm2, %ymm2
+        vpmulld	%ymm13, %ymm8, %ymm3
+        vmovshdup	%ymm8, %ymm9
+        vpmuldq	%ymm11, %ymm8, %ymm8
+        vpmuldq	%ymm11, %ymm9, %ymm9
+        vmovshdup	%ymm3, %ymm15
+        vpmuldq	%ymm14, %ymm3, %ymm3
+        vpmuldq	%ymm14, %ymm15, %ymm15
+        vpsubq	%ymm3, %ymm8, %ymm3
+        vpsubq	%ymm15, %ymm9, %ymm15
+        vmovshdup	%ymm3, %ymm3
+        vpblendd	$0xaa, %ymm15, %ymm3, %ymm3
+        # 16: 1/4
+        vmovdqu	512(%rdx), %ymm10
+        vmovdqu	544(%rdx), %ymm12
+        vpsubd	%ymm2, %ymm0, %ymm8
+        vpaddd	%ymm2, %ymm0, %ymm0
+        vpmulld	%ymm12, %ymm8, %ymm2
+        vmovshdup	%ymm8, %ymm9
+        vpmuldq	%ymm10, %ymm8, %ymm8
+        vpmuldq	%ymm10, %ymm9, %ymm9
+        vmovshdup	%ymm2, %ymm15
+        vpmuldq	%ymm14, %ymm2, %ymm2
+        vpmuldq	%ymm14, %ymm15, %ymm15
+        vpsubq	%ymm2, %ymm8, %ymm2
+        vpsubq	%ymm15, %ymm9, %ymm15
+        vmovshdup	%ymm2, %ymm2
+        vpblendd	$0xaa, %ymm15, %ymm2, %ymm2
+        vpsubd	%ymm3, %ymm1, %ymm8
+        vpaddd	%ymm3, %ymm1, %ymm1
+        vpmulld	%ymm12, %ymm8, %ymm3
+        vmovshdup	%ymm8, %ymm9
+        vpmuldq	%ymm10, %ymm8, %ymm8
+        vpmuldq	%ymm10, %ymm9, %ymm9
+        vmovshdup	%ymm3, %ymm15
+        vpmuldq	%ymm14, %ymm3, %ymm3
+        vpmuldq	%ymm14, %ymm15, %ymm15
+        vpsubq	%ymm3, %ymm8, %ymm3
+        vpsubq	%ymm15, %ymm9, %ymm15
+        vmovshdup	%ymm3, %ymm3
+        vpblendd	$0xaa, %ymm15, %ymm3, %ymm3
+        vpunpckldq	%ymm5, %ymm4, %ymm8
+        vpunpckhdq	%ymm5, %ymm4, %ymm9
+        vpunpckldq	%ymm9, %ymm8, %ymm4
+        vpunpckhdq	%ymm9, %ymm8, %ymm5
+        vpermq	$0xd8, %ymm4, %ymm4
+        vpermq	$0xd8, %ymm5, %ymm5
+        vpunpckldq	%ymm7, %ymm6, %ymm8
+        vpunpckhdq	%ymm7, %ymm6, %ymm9
+        vpunpckldq	%ymm9, %ymm8, %ymm6
+        vpunpckhdq	%ymm9, %ymm8, %ymm7
+        vpermq	$0xd8, %ymm6, %ymm6
+        vpermq	$0xd8, %ymm7, %ymm7
+        # 1: 1/4
+        vmovdqu	576(%rdx), %ymm10
+        vmovdqu	608(%rdx), %ymm12
+        vmovdqu	640(%rdx), %ymm11
+        vmovdqu	672(%rdx), %ymm13
+        vpsubd	%ymm5, %ymm4, %ymm8
+        vpaddd	%ymm5, %ymm4, %ymm4
+        vpmulld	%ymm12, %ymm8, %ymm5
+        vmovshdup	%ymm8, %ymm9
+        vpmuldq	%ymm10, %ymm8, %ymm8
+        vmovshdup	%ymm10, %ymm10
+        vpmuldq	%ymm10, %ymm9, %ymm9
+        vmovshdup	%ymm5, %ymm15
+        vpmuldq	%ymm14, %ymm5, %ymm5
+        vpmuldq	%ymm14, %ymm15, %ymm15
+        vpsubq	%ymm5, %ymm8, %ymm5
+        vpsubq	%ymm15, %ymm9, %ymm15
+        vmovshdup	%ymm5, %ymm5
+        vpblendd	$0xaa, %ymm15, %ymm5, %ymm5
+        vpsubd	%ymm7, %ymm6, %ymm8
+        vpaddd	%ymm7, %ymm6, %ymm6
+        vpmulld	%ymm13, %ymm8, %ymm7
+        vmovshdup	%ymm8, %ymm9
+        vpmuldq	%ymm11, %ymm8, %ymm8
+        vmovshdup	%ymm11, %ymm11
+        vpmuldq	%ymm11, %ymm9, %ymm9
+        vmovshdup	%ymm7, %ymm15
+        vpmuldq	%ymm14, %ymm7, %ymm7
+        vpmuldq	%ymm14, %ymm15, %ymm15
+        vpsubq	%ymm7, %ymm8, %ymm7
+        vpsubq	%ymm15, %ymm9, %ymm15
+        vmovshdup	%ymm7, %ymm7
+        vpblendd	$0xaa, %ymm15, %ymm7, %ymm7
+        # 2: 1/4
+        vmovdqu	704(%rdx), %ymm10
+        vmovdqu	736(%rdx), %ymm12
+        vmovdqu	768(%rdx), %ymm11
+        vmovdqu	800(%rdx), %ymm13
+        vpshufd	$0xd8, %ymm4, %ymm8
+        vpshufd	$0xd8, %ymm5, %ymm9
+        vpunpckldq	%ymm9, %ymm8, %ymm4
+        vpunpckhdq	%ymm9, %ymm8, %ymm5
+        vpshufd	$0xd8, %ymm6, %ymm8
+        vpshufd	$0xd8, %ymm7, %ymm9
+        vpunpckldq	%ymm9, %ymm8, %ymm6
+        vpunpckhdq	%ymm9, %ymm8, %ymm7
+        vpsubd	%ymm5, %ymm4, %ymm8
+        vpaddd	%ymm5, %ymm4, %ymm4
+        vpmulld	%ymm12, %ymm8, %ymm5
+        vmovshdup	%ymm8, %ymm9
+        vpmuldq	%ymm10, %ymm8, %ymm8
+        vpmuldq	%ymm10, %ymm9, %ymm9
+        vmovshdup	%ymm5, %ymm15
+        vpmuldq	%ymm14, %ymm5, %ymm5
+        vpmuldq	%ymm14, %ymm15, %ymm15
+        vpsubq	%ymm5, %ymm8, %ymm5
+        vpsubq	%ymm15, %ymm9, %ymm15
+        vmovshdup	%ymm5, %ymm5
+        vpblendd	$0xaa, %ymm15, %ymm5, %ymm5
+        vpsubd	%ymm7, %ymm6, %ymm8
+        vpaddd	%ymm7, %ymm6, %ymm6
+        vpmulld	%ymm13, %ymm8, %ymm7
+        vmovshdup	%ymm8, %ymm9
+        vpmuldq	%ymm11, %ymm8, %ymm8
+        vpmuldq	%ymm11, %ymm9, %ymm9
+        vmovshdup	%ymm7, %ymm15
+        vpmuldq	%ymm14, %ymm7, %ymm7
+        vpmuldq	%ymm14, %ymm15, %ymm15
+        vpsubq	%ymm7, %ymm8, %ymm7
+        vpsubq	%ymm15, %ymm9, %ymm15
+        vmovshdup	%ymm7, %ymm7
+        vpblendd	$0xaa, %ymm15, %ymm7, %ymm7
+        # 4: 1/4
+        vmovdqu	832(%rdx), %ymm10
+        vmovdqu	864(%rdx), %ymm12
+        vmovdqu	896(%rdx), %ymm11
+        vmovdqu	928(%rdx), %ymm13
+        vpunpcklqdq	%ymm5, %ymm4, %ymm8
+        vpunpckhqdq	%ymm5, %ymm4, %ymm5
+        vpunpcklqdq	%ymm7, %ymm6, %ymm9
+        vpunpckhqdq	%ymm7, %ymm6, %ymm7
+        vpsubd	%ymm5, %ymm8, %ymm4
+        vpaddd	%ymm5, %ymm8, %ymm8
+        vpmulld	%ymm12, %ymm4, %ymm5
+        vmovshdup	%ymm4, %ymm6
+        vpmuldq	%ymm10, %ymm4, %ymm4
+        vpmuldq	%ymm10, %ymm6, %ymm6
+        vmovshdup	%ymm5, %ymm15
+        vpmuldq	%ymm14, %ymm5, %ymm5
+        vpmuldq	%ymm14, %ymm15, %ymm15
+        vpsubq	%ymm5, %ymm4, %ymm5
+        vpsubq	%ymm15, %ymm6, %ymm15
+        vmovshdup	%ymm5, %ymm5
+        vpblendd	$0xaa, %ymm15, %ymm5, %ymm5
+        vpsubd	%ymm7, %ymm9, %ymm4
+        vpaddd	%ymm7, %ymm9, %ymm9
+        vpmulld	%ymm13, %ymm4, %ymm7
+        vmovshdup	%ymm4, %ymm6
+        vpmuldq	%ymm11, %ymm4, %ymm4
+        vpmuldq	%ymm11, %ymm6, %ymm6
+        vmovshdup	%ymm7, %ymm15
+        vpmuldq	%ymm14, %ymm7, %ymm7
+        vpmuldq	%ymm14, %ymm15, %ymm15
+        vpsubq	%ymm7, %ymm4, %ymm7
+        vpsubq	%ymm15, %ymm6, %ymm15
+        vmovshdup	%ymm7, %ymm7
+        vpblendd	$0xaa, %ymm15, %ymm7, %ymm7
+        # 8: 1/4
+        vperm2i128	$32, %ymm5, %ymm8, %ymm4
+        vmovdqu	960(%rdx), %ymm10
+        vperm2i128	$49, %ymm5, %ymm8, %ymm5
+        vmovdqu	992(%rdx), %ymm12
+        vperm2i128	$32, %ymm7, %ymm9, %ymm6
+        vmovdqu	1024(%rdx), %ymm11
+        vperm2i128	$49, %ymm7, %ymm9, %ymm7
+        vmovdqu	1056(%rdx), %ymm13
+        vpsubd	%ymm5, %ymm4, %ymm8
+        vpaddd	%ymm5, %ymm4, %ymm4
+        vpmulld	%ymm12, %ymm8, %ymm5
+        vmovshdup	%ymm8, %ymm9
+        vpmuldq	%ymm10, %ymm8, %ymm8
+        vpmuldq	%ymm10, %ymm9, %ymm9
+        vmovshdup	%ymm5, %ymm15
+        vpmuldq	%ymm14, %ymm5, %ymm5
+        vpmuldq	%ymm14, %ymm15, %ymm15
+        vpsubq	%ymm5, %ymm8, %ymm5
+        vpsubq	%ymm15, %ymm9, %ymm15
+        vmovshdup	%ymm5, %ymm5
+        vpblendd	$0xaa, %ymm15, %ymm5, %ymm5
+        vpsubd	%ymm7, %ymm6, %ymm8
+        vpaddd	%ymm7, %ymm6, %ymm6
+        vpmulld	%ymm13, %ymm8, %ymm7
+        vmovshdup	%ymm8, %ymm9
+        vpmuldq	%ymm11, %ymm8, %ymm8
+        vpmuldq	%ymm11, %ymm9, %ymm9
+        vmovshdup	%ymm7, %ymm15
+        vpmuldq	%ymm14, %ymm7, %ymm7
+        vpmuldq	%ymm14, %ymm15, %ymm15
+        vpsubq	%ymm7, %ymm8, %ymm7
+        vpsubq	%ymm15, %ymm9, %ymm15
+        vmovshdup	%ymm7, %ymm7
+        vpblendd	$0xaa, %ymm15, %ymm7, %ymm7
+        # 16: 1/4
+        vmovdqu	1088(%rdx), %ymm10
+        vmovdqu	1120(%rdx), %ymm12
+        vpsubd	%ymm6, %ymm4, %ymm8
+        vpaddd	%ymm6, %ymm4, %ymm4
+        vpmulld	%ymm12, %ymm8, %ymm6
+        vmovshdup	%ymm8, %ymm9
+        vpmuldq	%ymm10, %ymm8, %ymm8
+        vpmuldq	%ymm10, %ymm9, %ymm9
+        vmovshdup	%ymm6, %ymm15
+        vpmuldq	%ymm14, %ymm6, %ymm6
+        vpmuldq	%ymm14, %ymm15, %ymm15
+        vpsubq	%ymm6, %ymm8, %ymm6
+        vpsubq	%ymm15, %ymm9, %ymm15
+        vmovshdup	%ymm6, %ymm6
+        vpblendd	$0xaa, %ymm15, %ymm6, %ymm6
+        vpsubd	%ymm7, %ymm5, %ymm8
+        vpaddd	%ymm7, %ymm5, %ymm5
+        vpmulld	%ymm12, %ymm8, %ymm7
+        vmovshdup	%ymm8, %ymm9
+        vpmuldq	%ymm10, %ymm8, %ymm8
+        vpmuldq	%ymm10, %ymm9, %ymm9
+        vmovshdup	%ymm7, %ymm15
+        vpmuldq	%ymm14, %ymm7, %ymm7
+        vpmuldq	%ymm14, %ymm15, %ymm15
+        vpsubq	%ymm7, %ymm8, %ymm7
+        vpsubq	%ymm15, %ymm9, %ymm15
+        vmovshdup	%ymm7, %ymm7
+        vpblendd	$0xaa, %ymm15, %ymm7, %ymm7
+        # 32: 1/4
+        vmovdqu	1152(%rdx), %ymm10
+        vmovdqu	1184(%rdx), %ymm12
+        vpsubd	%ymm4, %ymm0, %ymm8
+        vpaddd	%ymm4, %ymm0, %ymm0
+        vpmulld	%ymm12, %ymm8, %ymm4
+        vmovshdup	%ymm8, %ymm9
+        vpmuldq	%ymm10, %ymm8, %ymm8
+        vpmuldq	%ymm10, %ymm9, %ymm9
+        vmovshdup	%ymm4, %ymm15
+        vpmuldq	%ymm14, %ymm4, %ymm4
+        vpmuldq	%ymm14, %ymm15, %ymm15
+        vpsubq	%ymm4, %ymm8, %ymm4
+        vpsubq	%ymm15, %ymm9, %ymm15
+        vmovshdup	%ymm4, %ymm4
+        vpblendd	$0xaa, %ymm15, %ymm4, %ymm4
+        vpsubd	%ymm5, %ymm1, %ymm8
+        vpaddd	%ymm5, %ymm1, %ymm1
+        vpmulld	%ymm12, %ymm8, %ymm5
+        vmovshdup	%ymm8, %ymm9
+        vpmuldq	%ymm10, %ymm8, %ymm8
+        vpmuldq	%ymm10, %ymm9, %ymm9
+        vmovshdup	%ymm5, %ymm15
+        vpmuldq	%ymm14, %ymm5, %ymm5
+        vpmuldq	%ymm14, %ymm15, %ymm15
+        vpsubq	%ymm5, %ymm8, %ymm5
+        vpsubq	%ymm15, %ymm9, %ymm15
+        vmovshdup	%ymm5, %ymm5
+        vpblendd	$0xaa, %ymm15, %ymm5, %ymm5
+        vpsubd	%ymm6, %ymm2, %ymm8
+        vpaddd	%ymm6, %ymm2, %ymm2
+        vpmulld	%ymm12, %ymm8, %ymm6
+        vmovshdup	%ymm8, %ymm9
+        vpmuldq	%ymm10, %ymm8, %ymm8
+        vpmuldq	%ymm10, %ymm9, %ymm9
+        vmovshdup	%ymm6, %ymm15
+        vpmuldq	%ymm14, %ymm6, %ymm6
+        vpmuldq	%ymm14, %ymm15, %ymm15
+        vpsubq	%ymm6, %ymm8, %ymm6
+        vpsubq	%ymm15, %ymm9, %ymm15
+        vmovshdup	%ymm6, %ymm6
+        vpblendd	$0xaa, %ymm15, %ymm6, %ymm6
+        vpsubd	%ymm7, %ymm3, %ymm8
+        vpaddd	%ymm7, %ymm3, %ymm3
+        vpmulld	%ymm12, %ymm8, %ymm7
+        vmovshdup	%ymm8, %ymm9
+        vpmuldq	%ymm10, %ymm8, %ymm8
+        vpmuldq	%ymm10, %ymm9, %ymm9
+        vmovshdup	%ymm7, %ymm15
+        vpmuldq	%ymm14, %ymm7, %ymm7
+        vpmuldq	%ymm14, %ymm15, %ymm15
+        vpsubq	%ymm7, %ymm8, %ymm7
+        vpsubq	%ymm15, %ymm9, %ymm15
+        vmovshdup	%ymm7, %ymm7
+        vpblendd	$0xaa, %ymm15, %ymm7, %ymm7
+        vmovdqu	%ymm0, (%rdi)
+        vmovdqu	%ymm1, 32(%rdi)
+        vmovdqu	%ymm2, 64(%rdi)
+        vmovdqu	%ymm3, 96(%rdi)
+        vmovdqu	%ymm4, 128(%rdi)
+        vmovdqu	%ymm5, 160(%rdi)
+        vmovdqu	%ymm6, 192(%rdi)
+        vmovdqu	%ymm7, 224(%rdi)
+        vmovdqu	256(%rdi), %ymm0
+        vmovdqu	288(%rdi), %ymm1
+        vmovdqu	320(%rdi), %ymm2
+        vmovdqu	352(%rdi), %ymm3
+        vmovdqu	384(%rdi), %ymm4
+        vmovdqu	416(%rdi), %ymm5
+        vmovdqu	448(%rdi), %ymm6
+        vmovdqu	480(%rdi), %ymm7
+        vpunpckldq	%ymm1, %ymm0, %ymm8
+        vpunpckhdq	%ymm1, %ymm0, %ymm9
+        vpunpckldq	%ymm9, %ymm8, %ymm0
+        vpunpckhdq	%ymm9, %ymm8, %ymm1
+        vpermq	$0xd8, %ymm0, %ymm0
+        vpermq	$0xd8, %ymm1, %ymm1
+        vpunpckldq	%ymm3, %ymm2, %ymm8
+        vpunpckhdq	%ymm3, %ymm2, %ymm9
+        vpunpckldq	%ymm9, %ymm8, %ymm2
+        vpunpckhdq	%ymm9, %ymm8, %ymm3
+        vpermq	$0xd8, %ymm2, %ymm2
+        vpermq	$0xd8, %ymm3, %ymm3
+        # 1: 2/4
+        vmovdqu	1216(%rdx), %ymm10
+        vmovdqu	1248(%rdx), %ymm12
+        vmovdqu	1280(%rdx), %ymm11
+        vmovdqu	1312(%rdx), %ymm13
+        vpsubd	%ymm1, %ymm0, %ymm8
+        vpaddd	%ymm1, %ymm0, %ymm0
+        vpmulld	%ymm12, %ymm8, %ymm1
+        vmovshdup	%ymm8, %ymm9
+        vpmuldq	%ymm10, %ymm8, %ymm8
+        vmovshdup	%ymm10, %ymm10
+        vpmuldq	%ymm10, %ymm9, %ymm9
+        vmovshdup	%ymm1, %ymm15
+        vpmuldq	%ymm14, %ymm1, %ymm1
+        vpmuldq	%ymm14, %ymm15, %ymm15
+        vpsubq	%ymm1, %ymm8, %ymm1
+        vpsubq	%ymm15, %ymm9, %ymm15
+        vmovshdup	%ymm1, %ymm1
+        vpblendd	$0xaa, %ymm15, %ymm1, %ymm1
+        vpsubd	%ymm3, %ymm2, %ymm8
+        vpaddd	%ymm3, %ymm2, %ymm2
+        vpmulld	%ymm13, %ymm8, %ymm3
+        vmovshdup	%ymm8, %ymm9
+        vpmuldq	%ymm11, %ymm8, %ymm8
+        vmovshdup	%ymm11, %ymm11
+        vpmuldq	%ymm11, %ymm9, %ymm9
+        vmovshdup	%ymm3, %ymm15
+        vpmuldq	%ymm14, %ymm3, %ymm3
+        vpmuldq	%ymm14, %ymm15, %ymm15
+        vpsubq	%ymm3, %ymm8, %ymm3
+        vpsubq	%ymm15, %ymm9, %ymm15
+        vmovshdup	%ymm3, %ymm3
+        vpblendd	$0xaa, %ymm15, %ymm3, %ymm3
+        # 2: 2/4
+        vmovdqu	1344(%rdx), %ymm10
+        vmovdqu	1376(%rdx), %ymm12
+        vmovdqu	1408(%rdx), %ymm11
+        vmovdqu	1440(%rdx), %ymm13
+        vpshufd	$0xd8, %ymm0, %ymm8
+        vpshufd	$0xd8, %ymm1, %ymm9
+        vpunpckldq	%ymm9, %ymm8, %ymm0
+        vpunpckhdq	%ymm9, %ymm8, %ymm1
+        vpshufd	$0xd8, %ymm2, %ymm8
+        vpshufd	$0xd8, %ymm3, %ymm9
+        vpunpckldq	%ymm9, %ymm8, %ymm2
+        vpunpckhdq	%ymm9, %ymm8, %ymm3
+        vpsubd	%ymm1, %ymm0, %ymm8
+        vpaddd	%ymm1, %ymm0, %ymm0
+        vpmulld	%ymm12, %ymm8, %ymm1
+        vmovshdup	%ymm8, %ymm9
+        vpmuldq	%ymm10, %ymm8, %ymm8
+        vpmuldq	%ymm10, %ymm9, %ymm9
+        vmovshdup	%ymm1, %ymm15
+        vpmuldq	%ymm14, %ymm1, %ymm1
+        vpmuldq	%ymm14, %ymm15, %ymm15
+        vpsubq	%ymm1, %ymm8, %ymm1
+        vpsubq	%ymm15, %ymm9, %ymm15
+        vmovshdup	%ymm1, %ymm1
+        vpblendd	$0xaa, %ymm15, %ymm1, %ymm1
+        vpsubd	%ymm3, %ymm2, %ymm8
+        vpaddd	%ymm3, %ymm2, %ymm2
+        vpmulld	%ymm13, %ymm8, %ymm3
+        vmovshdup	%ymm8, %ymm9
+        vpmuldq	%ymm11, %ymm8, %ymm8
+        vpmuldq	%ymm11, %ymm9, %ymm9
+        vmovshdup	%ymm3, %ymm15
+        vpmuldq	%ymm14, %ymm3, %ymm3
+        vpmuldq	%ymm14, %ymm15, %ymm15
+        vpsubq	%ymm3, %ymm8, %ymm3
+        vpsubq	%ymm15, %ymm9, %ymm15
+        vmovshdup	%ymm3, %ymm3
+        vpblendd	$0xaa, %ymm15, %ymm3, %ymm3
+        # 4: 2/4
+        vmovdqu	1472(%rdx), %ymm10
+        vmovdqu	1504(%rdx), %ymm12
+        vmovdqu	1536(%rdx), %ymm11
+        vmovdqu	1568(%rdx), %ymm13
+        vpunpcklqdq	%ymm1, %ymm0, %ymm8
+        vpunpckhqdq	%ymm1, %ymm0, %ymm1
+        vpunpcklqdq	%ymm3, %ymm2, %ymm9
+        vpunpckhqdq	%ymm3, %ymm2, %ymm3
+        vpsubd	%ymm1, %ymm8, %ymm0
+        vpaddd	%ymm1, %ymm8, %ymm8
+        vpmulld	%ymm12, %ymm0, %ymm1
+        vmovshdup	%ymm0, %ymm2
+        vpmuldq	%ymm10, %ymm0, %ymm0
+        vpmuldq	%ymm10, %ymm2, %ymm2
+        vmovshdup	%ymm1, %ymm15
+        vpmuldq	%ymm14, %ymm1, %ymm1
+        vpmuldq	%ymm14, %ymm15, %ymm15
+        vpsubq	%ymm1, %ymm0, %ymm1
+        vpsubq	%ymm15, %ymm2, %ymm15
+        vmovshdup	%ymm1, %ymm1
+        vpblendd	$0xaa, %ymm15, %ymm1, %ymm1
+        vpsubd	%ymm3, %ymm9, %ymm0
+        vpaddd	%ymm3, %ymm9, %ymm9
+        vpmulld	%ymm13, %ymm0, %ymm3
+        vmovshdup	%ymm0, %ymm2
+        vpmuldq	%ymm11, %ymm0, %ymm0
+        vpmuldq	%ymm11, %ymm2, %ymm2
+        vmovshdup	%ymm3, %ymm15
+        vpmuldq	%ymm14, %ymm3, %ymm3
+        vpmuldq	%ymm14, %ymm15, %ymm15
+        vpsubq	%ymm3, %ymm0, %ymm3
+        vpsubq	%ymm15, %ymm2, %ymm15
+        vmovshdup	%ymm3, %ymm3
+        vpblendd	$0xaa, %ymm15, %ymm3, %ymm3
+        # 8: 2/4
+        vperm2i128	$32, %ymm1, %ymm8, %ymm0
+        vmovdqu	1600(%rdx), %ymm10
+        vperm2i128	$49, %ymm1, %ymm8, %ymm1
+        vmovdqu	1632(%rdx), %ymm12
+        vperm2i128	$32, %ymm3, %ymm9, %ymm2
+        vmovdqu	1664(%rdx), %ymm11
+        vperm2i128	$49, %ymm3, %ymm9, %ymm3
+        vmovdqu	1696(%rdx), %ymm13
+        vpsubd	%ymm1, %ymm0, %ymm8
+        vpaddd	%ymm1, %ymm0, %ymm0
+        vpmulld	%ymm12, %ymm8, %ymm1
+        vmovshdup	%ymm8, %ymm9
+        vpmuldq	%ymm10, %ymm8, %ymm8
+        vpmuldq	%ymm10, %ymm9, %ymm9
+        vmovshdup	%ymm1, %ymm15
+        vpmuldq	%ymm14, %ymm1, %ymm1
+        vpmuldq	%ymm14, %ymm15, %ymm15
+        vpsubq	%ymm1, %ymm8, %ymm1
+        vpsubq	%ymm15, %ymm9, %ymm15
+        vmovshdup	%ymm1, %ymm1
+        vpblendd	$0xaa, %ymm15, %ymm1, %ymm1
+        vpsubd	%ymm3, %ymm2, %ymm8
+        vpaddd	%ymm3, %ymm2, %ymm2
+        vpmulld	%ymm13, %ymm8, %ymm3
+        vmovshdup	%ymm8, %ymm9
+        vpmuldq	%ymm11, %ymm8, %ymm8
+        vpmuldq	%ymm11, %ymm9, %ymm9
+        vmovshdup	%ymm3, %ymm15
+        vpmuldq	%ymm14, %ymm3, %ymm3
+        vpmuldq	%ymm14, %ymm15, %ymm15
+        vpsubq	%ymm3, %ymm8, %ymm3
+        vpsubq	%ymm15, %ymm9, %ymm15
+        vmovshdup	%ymm3, %ymm3
+        vpblendd	$0xaa, %ymm15, %ymm3, %ymm3
+        # 16: 2/4
+        vmovdqu	1728(%rdx), %ymm10
+        vmovdqu	1760(%rdx), %ymm12
+        vpsubd	%ymm2, %ymm0, %ymm8
+        vpaddd	%ymm2, %ymm0, %ymm0
+        vpmulld	%ymm12, %ymm8, %ymm2
+        vmovshdup	%ymm8, %ymm9
+        vpmuldq	%ymm10, %ymm8, %ymm8
+        vpmuldq	%ymm10, %ymm9, %ymm9
+        vmovshdup	%ymm2, %ymm15
+        vpmuldq	%ymm14, %ymm2, %ymm2
+        vpmuldq	%ymm14, %ymm15, %ymm15
+        vpsubq	%ymm2, %ymm8, %ymm2
+        vpsubq	%ymm15, %ymm9, %ymm15
+        vmovshdup	%ymm2, %ymm2
+        vpblendd	$0xaa, %ymm15, %ymm2, %ymm2
+        vpsubd	%ymm3, %ymm1, %ymm8
+        vpaddd	%ymm3, %ymm1, %ymm1
+        vpmulld	%ymm12, %ymm8, %ymm3
+        vmovshdup	%ymm8, %ymm9
+        vpmuldq	%ymm10, %ymm8, %ymm8
+        vpmuldq	%ymm10, %ymm9, %ymm9
+        vmovshdup	%ymm3, %ymm15
+        vpmuldq	%ymm14, %ymm3, %ymm3
+        vpmuldq	%ymm14, %ymm15, %ymm15
+        vpsubq	%ymm3, %ymm8, %ymm3
+        vpsubq	%ymm15, %ymm9, %ymm15
+        vmovshdup	%ymm3, %ymm3
+        vpblendd	$0xaa, %ymm15, %ymm3, %ymm3
+        vpunpckldq	%ymm5, %ymm4, %ymm8
+        vpunpckhdq	%ymm5, %ymm4, %ymm9
+        vpunpckldq	%ymm9, %ymm8, %ymm4
+        vpunpckhdq	%ymm9, %ymm8, %ymm5
+        vpermq	$0xd8, %ymm4, %ymm4
+        vpermq	$0xd8, %ymm5, %ymm5
+        vpunpckldq	%ymm7, %ymm6, %ymm8
+        vpunpckhdq	%ymm7, %ymm6, %ymm9
+        vpunpckldq	%ymm9, %ymm8, %ymm6
+        vpunpckhdq	%ymm9, %ymm8, %ymm7
+        vpermq	$0xd8, %ymm6, %ymm6
+        vpermq	$0xd8, %ymm7, %ymm7
+        # 1: 2/4
+        vmovdqu	1792(%rdx), %ymm10
+        vmovdqu	1824(%rdx), %ymm12
+        vmovdqu	1856(%rdx), %ymm11
+        vmovdqu	1888(%rdx), %ymm13
+        vpsubd	%ymm5, %ymm4, %ymm8
+        vpaddd	%ymm5, %ymm4, %ymm4
+        vpmulld	%ymm12, %ymm8, %ymm5
+        vmovshdup	%ymm8, %ymm9
+        vpmuldq	%ymm10, %ymm8, %ymm8
+        vmovshdup	%ymm10, %ymm10
+        vpmuldq	%ymm10, %ymm9, %ymm9
+        vmovshdup	%ymm5, %ymm15
+        vpmuldq	%ymm14, %ymm5, %ymm5
+        vpmuldq	%ymm14, %ymm15, %ymm15
+        vpsubq	%ymm5, %ymm8, %ymm5
+        vpsubq	%ymm15, %ymm9, %ymm15
+        vmovshdup	%ymm5, %ymm5
+        vpblendd	$0xaa, %ymm15, %ymm5, %ymm5
+        vpsubd	%ymm7, %ymm6, %ymm8
+        vpaddd	%ymm7, %ymm6, %ymm6
+        vpmulld	%ymm13, %ymm8, %ymm7
+        vmovshdup	%ymm8, %ymm9
+        vpmuldq	%ymm11, %ymm8, %ymm8
+        vmovshdup	%ymm11, %ymm11
+        vpmuldq	%ymm11, %ymm9, %ymm9
+        vmovshdup	%ymm7, %ymm15
+        vpmuldq	%ymm14, %ymm7, %ymm7
+        vpmuldq	%ymm14, %ymm15, %ymm15
+        vpsubq	%ymm7, %ymm8, %ymm7
+        vpsubq	%ymm15, %ymm9, %ymm15
+        vmovshdup	%ymm7, %ymm7
+        vpblendd	$0xaa, %ymm15, %ymm7, %ymm7
+        # 2: 2/4
+        vmovdqu	1920(%rdx), %ymm10
+        vmovdqu	1952(%rdx), %ymm12
+        vmovdqu	1984(%rdx), %ymm11
+        vmovdqu	2016(%rdx), %ymm13
+        vpshufd	$0xd8, %ymm4, %ymm8
+        vpshufd	$0xd8, %ymm5, %ymm9
+        vpunpckldq	%ymm9, %ymm8, %ymm4
+        vpunpckhdq	%ymm9, %ymm8, %ymm5
+        vpshufd	$0xd8, %ymm6, %ymm8
+        vpshufd	$0xd8, %ymm7, %ymm9
+        vpunpckldq	%ymm9, %ymm8, %ymm6
+        vpunpckhdq	%ymm9, %ymm8, %ymm7
+        vpsubd	%ymm5, %ymm4, %ymm8
+        vpaddd	%ymm5, %ymm4, %ymm4
+        vpmulld	%ymm12, %ymm8, %ymm5
+        vmovshdup	%ymm8, %ymm9
+        vpmuldq	%ymm10, %ymm8, %ymm8
+        vpmuldq	%ymm10, %ymm9, %ymm9
+        vmovshdup	%ymm5, %ymm15
+        vpmuldq	%ymm14, %ymm5, %ymm5
+        vpmuldq	%ymm14, %ymm15, %ymm15
+        vpsubq	%ymm5, %ymm8, %ymm5
+        vpsubq	%ymm15, %ymm9, %ymm15
+        vmovshdup	%ymm5, %ymm5
+        vpblendd	$0xaa, %ymm15, %ymm5, %ymm5
+        vpsubd	%ymm7, %ymm6, %ymm8
+        vpaddd	%ymm7, %ymm6, %ymm6
+        vpmulld	%ymm13, %ymm8, %ymm7
+        vmovshdup	%ymm8, %ymm9
+        vpmuldq	%ymm11, %ymm8, %ymm8
+        vpmuldq	%ymm11, %ymm9, %ymm9
+        vmovshdup	%ymm7, %ymm15
+        vpmuldq	%ymm14, %ymm7, %ymm7
+        vpmuldq	%ymm14, %ymm15, %ymm15
+        vpsubq	%ymm7, %ymm8, %ymm7
+        vpsubq	%ymm15, %ymm9, %ymm15
+        vmovshdup	%ymm7, %ymm7
+        vpblendd	$0xaa, %ymm15, %ymm7, %ymm7
+        # 4: 2/4
+        vmovdqu	2048(%rdx), %ymm10
+        vmovdqu	2080(%rdx), %ymm12
+        vmovdqu	2112(%rdx), %ymm11
+        vmovdqu	2144(%rdx), %ymm13
+        vpunpcklqdq	%ymm5, %ymm4, %ymm8
+        vpunpckhqdq	%ymm5, %ymm4, %ymm5
+        vpunpcklqdq	%ymm7, %ymm6, %ymm9
+        vpunpckhqdq	%ymm7, %ymm6, %ymm7
+        vpsubd	%ymm5, %ymm8, %ymm4
+        vpaddd	%ymm5, %ymm8, %ymm8
+        vpmulld	%ymm12, %ymm4, %ymm5
+        vmovshdup	%ymm4, %ymm6
+        vpmuldq	%ymm10, %ymm4, %ymm4
+        vpmuldq	%ymm10, %ymm6, %ymm6
+        vmovshdup	%ymm5, %ymm15
+        vpmuldq	%ymm14, %ymm5, %ymm5
+        vpmuldq	%ymm14, %ymm15, %ymm15
+        vpsubq	%ymm5, %ymm4, %ymm5
+        vpsubq	%ymm15, %ymm6, %ymm15
+        vmovshdup	%ymm5, %ymm5
+        vpblendd	$0xaa, %ymm15, %ymm5, %ymm5
+        vpsubd	%ymm7, %ymm9, %ymm4
+        vpaddd	%ymm7, %ymm9, %ymm9
+        vpmulld	%ymm13, %ymm4, %ymm7
+        vmovshdup	%ymm4, %ymm6
+        vpmuldq	%ymm11, %ymm4, %ymm4
+        vpmuldq	%ymm11, %ymm6, %ymm6
+        vmovshdup	%ymm7, %ymm15
+        vpmuldq	%ymm14, %ymm7, %ymm7
+        vpmuldq	%ymm14, %ymm15, %ymm15
+        vpsubq	%ymm7, %ymm4, %ymm7
+        vpsubq	%ymm15, %ymm6, %ymm15
+        vmovshdup	%ymm7, %ymm7
+        vpblendd	$0xaa, %ymm15, %ymm7, %ymm7
+        # 8: 2/4
+        vperm2i128	$32, %ymm5, %ymm8, %ymm4
+        vmovdqu	2176(%rdx), %ymm10
+        vperm2i128	$49, %ymm5, %ymm8, %ymm5
+        vmovdqu	2208(%rdx), %ymm12
+        vperm2i128	$32, %ymm7, %ymm9, %ymm6
+        vmovdqu	2240(%rdx), %ymm11
+        vperm2i128	$49, %ymm7, %ymm9, %ymm7
+        vmovdqu	2272(%rdx), %ymm13
+        vpsubd	%ymm5, %ymm4, %ymm8
+        vpaddd	%ymm5, %ymm4, %ymm4
+        vpmulld	%ymm12, %ymm8, %ymm5
+        vmovshdup	%ymm8, %ymm9
+        vpmuldq	%ymm10, %ymm8, %ymm8
+        vpmuldq	%ymm10, %ymm9, %ymm9
+        vmovshdup	%ymm5, %ymm15
+        vpmuldq	%ymm14, %ymm5, %ymm5
+        vpmuldq	%ymm14, %ymm15, %ymm15
+        vpsubq	%ymm5, %ymm8, %ymm5
+        vpsubq	%ymm15, %ymm9, %ymm15
+        vmovshdup	%ymm5, %ymm5
+        vpblendd	$0xaa, %ymm15, %ymm5, %ymm5
+        vpsubd	%ymm7, %ymm6, %ymm8
+        vpaddd	%ymm7, %ymm6, %ymm6
+        vpmulld	%ymm13, %ymm8, %ymm7
+        vmovshdup	%ymm8, %ymm9
+        vpmuldq	%ymm11, %ymm8, %ymm8
+        vpmuldq	%ymm11, %ymm9, %ymm9
+        vmovshdup	%ymm7, %ymm15
+        vpmuldq	%ymm14, %ymm7, %ymm7
+        vpmuldq	%ymm14, %ymm15, %ymm15
+        vpsubq	%ymm7, %ymm8, %ymm7
+        vpsubq	%ymm15, %ymm9, %ymm15
+        vmovshdup	%ymm7, %ymm7
+        vpblendd	$0xaa, %ymm15, %ymm7, %ymm7
+        # 16: 2/4
+        vmovdqu	2304(%rdx), %ymm10
+        vmovdqu	2336(%rdx), %ymm12
+        vpsubd	%ymm6, %ymm4, %ymm8
+        vpaddd	%ymm6, %ymm4, %ymm4
+        vpmulld	%ymm12, %ymm8, %ymm6
+        vmovshdup	%ymm8, %ymm9
+        vpmuldq	%ymm10, %ymm8, %ymm8
+        vpmuldq	%ymm10, %ymm9, %ymm9
+        vmovshdup	%ymm6, %ymm15
+        vpmuldq	%ymm14, %ymm6, %ymm6
+        vpmuldq	%ymm14, %ymm15, %ymm15
+        vpsubq	%ymm6, %ymm8, %ymm6
+        vpsubq	%ymm15, %ymm9, %ymm15
+        vmovshdup	%ymm6, %ymm6
+        vpblendd	$0xaa, %ymm15, %ymm6, %ymm6
+        vpsubd	%ymm7, %ymm5, %ymm8
+        vpaddd	%ymm7, %ymm5, %ymm5
+        vpmulld	%ymm12, %ymm8, %ymm7
+        vmovshdup	%ymm8, %ymm9
+        vpmuldq	%ymm10, %ymm8, %ymm8
+        vpmuldq	%ymm10, %ymm9, %ymm9
+        vmovshdup	%ymm7, %ymm15
+        vpmuldq	%ymm14, %ymm7, %ymm7
+        vpmuldq	%ymm14, %ymm15, %ymm15
+        vpsubq	%ymm7, %ymm8, %ymm7
+        vpsubq	%ymm15, %ymm9, %ymm15
+        vmovshdup	%ymm7, %ymm7
+        vpblendd	$0xaa, %ymm15, %ymm7, %ymm7
+        # 32: 2/4
+        vmovdqu	2368(%rdx), %ymm10
+        vmovdqu	2400(%rdx), %ymm12
+        vpsubd	%ymm4, %ymm0, %ymm8
+        vpaddd	%ymm4, %ymm0, %ymm0
+        vpmulld	%ymm12, %ymm8, %ymm4
+        vmovshdup	%ymm8, %ymm9
+        vpmuldq	%ymm10, %ymm8, %ymm8
+        vpmuldq	%ymm10, %ymm9, %ymm9
+        vmovshdup	%ymm4, %ymm15
+        vpmuldq	%ymm14, %ymm4, %ymm4
+        vpmuldq	%ymm14, %ymm15, %ymm15
+        vpsubq	%ymm4, %ymm8, %ymm4
+        vpsubq	%ymm15, %ymm9, %ymm15
+        vmovshdup	%ymm4, %ymm4
+        vpblendd	$0xaa, %ymm15, %ymm4, %ymm4
+        vpsubd	%ymm5, %ymm1, %ymm8
+        vpaddd	%ymm5, %ymm1, %ymm1
+        vpmulld	%ymm12, %ymm8, %ymm5
+        vmovshdup	%ymm8, %ymm9
+        vpmuldq	%ymm10, %ymm8, %ymm8
+        vpmuldq	%ymm10, %ymm9, %ymm9
+        vmovshdup	%ymm5, %ymm15
+        vpmuldq	%ymm14, %ymm5, %ymm5
+        vpmuldq	%ymm14, %ymm15, %ymm15
+        vpsubq	%ymm5, %ymm8, %ymm5
+        vpsubq	%ymm15, %ymm9, %ymm15
+        vmovshdup	%ymm5, %ymm5
+        vpblendd	$0xaa, %ymm15, %ymm5, %ymm5
+        vpsubd	%ymm6, %ymm2, %ymm8
+        vpaddd	%ymm6, %ymm2, %ymm2
+        vpmulld	%ymm12, %ymm8, %ymm6
+        vmovshdup	%ymm8, %ymm9
+        vpmuldq	%ymm10, %ymm8, %ymm8
+        vpmuldq	%ymm10, %ymm9, %ymm9
+        vmovshdup	%ymm6, %ymm15
+        vpmuldq	%ymm14, %ymm6, %ymm6
+        vpmuldq	%ymm14, %ymm15, %ymm15
+        vpsubq	%ymm6, %ymm8, %ymm6
+        vpsubq	%ymm15, %ymm9, %ymm15
+        vmovshdup	%ymm6, %ymm6
+        vpblendd	$0xaa, %ymm15, %ymm6, %ymm6
+        vpsubd	%ymm7, %ymm3, %ymm8
+        vpaddd	%ymm7, %ymm3, %ymm3
+        vpmulld	%ymm12, %ymm8, %ymm7
+        vmovshdup	%ymm8, %ymm9
+        vpmuldq	%ymm10, %ymm8, %ymm8
+        vpmuldq	%ymm10, %ymm9, %ymm9
+        vmovshdup	%ymm7, %ymm15
+        vpmuldq	%ymm14, %ymm7, %ymm7
+        vpmuldq	%ymm14, %ymm15, %ymm15
+        vpsubq	%ymm7, %ymm8, %ymm7
+        vpsubq	%ymm15, %ymm9, %ymm15
+        vmovshdup	%ymm7, %ymm7
+        vpblendd	$0xaa, %ymm15, %ymm7, %ymm7
+        vmovdqu	%ymm0, 256(%rdi)
+        vmovdqu	%ymm1, 288(%rdi)
+        vmovdqu	%ymm2, 320(%rdi)
+        vmovdqu	%ymm3, 352(%rdi)
+        vmovdqu	%ymm4, 384(%rdi)
+        vmovdqu	%ymm5, 416(%rdi)
+        vmovdqu	%ymm6, 448(%rdi)
+        vmovdqu	%ymm7, 480(%rdi)
+        vmovdqu	512(%rdi), %ymm0
+        vmovdqu	544(%rdi), %ymm1
+        vmovdqu	576(%rdi), %ymm2
+        vmovdqu	608(%rdi), %ymm3
+        vmovdqu	640(%rdi), %ymm4
+        vmovdqu	672(%rdi), %ymm5
+        vmovdqu	704(%rdi), %ymm6
+        vmovdqu	736(%rdi), %ymm7
+        vpunpckldq	%ymm1, %ymm0, %ymm8
+        vpunpckhdq	%ymm1, %ymm0, %ymm9
+        vpunpckldq	%ymm9, %ymm8, %ymm0
+        vpunpckhdq	%ymm9, %ymm8, %ymm1
+        vpermq	$0xd8, %ymm0, %ymm0
+        vpermq	$0xd8, %ymm1, %ymm1
+        vpunpckldq	%ymm3, %ymm2, %ymm8
+        vpunpckhdq	%ymm3, %ymm2, %ymm9
+        vpunpckldq	%ymm9, %ymm8, %ymm2
+        vpunpckhdq	%ymm9, %ymm8, %ymm3
+        vpermq	$0xd8, %ymm2, %ymm2
+        vpermq	$0xd8, %ymm3, %ymm3
+        # 1: 3/4
+        vmovdqu	2432(%rdx), %ymm10
+        vmovdqu	2464(%rdx), %ymm12
+        vmovdqu	2496(%rdx), %ymm11
+        vmovdqu	2528(%rdx), %ymm13
+        vpsubd	%ymm1, %ymm0, %ymm8
+        vpaddd	%ymm1, %ymm0, %ymm0
+        vpmulld	%ymm12, %ymm8, %ymm1
+        vmovshdup	%ymm8, %ymm9
+        vpmuldq	%ymm10, %ymm8, %ymm8
+        vmovshdup	%ymm10, %ymm10
+        vpmuldq	%ymm10, %ymm9, %ymm9
+        vmovshdup	%ymm1, %ymm15
+        vpmuldq	%ymm14, %ymm1, %ymm1
+        vpmuldq	%ymm14, %ymm15, %ymm15
+        vpsubq	%ymm1, %ymm8, %ymm1
+        vpsubq	%ymm15, %ymm9, %ymm15
+        vmovshdup	%ymm1, %ymm1
+        vpblendd	$0xaa, %ymm15, %ymm1, %ymm1
+        vpsubd	%ymm3, %ymm2, %ymm8
+        vpaddd	%ymm3, %ymm2, %ymm2
+        vpmulld	%ymm13, %ymm8, %ymm3
+        vmovshdup	%ymm8, %ymm9
+        vpmuldq	%ymm11, %ymm8, %ymm8
+        vmovshdup	%ymm11, %ymm11
+        vpmuldq	%ymm11, %ymm9, %ymm9
+        vmovshdup	%ymm3, %ymm15
+        vpmuldq	%ymm14, %ymm3, %ymm3
+        vpmuldq	%ymm14, %ymm15, %ymm15
+        vpsubq	%ymm3, %ymm8, %ymm3
+        vpsubq	%ymm15, %ymm9, %ymm15
+        vmovshdup	%ymm3, %ymm3
+        vpblendd	$0xaa, %ymm15, %ymm3, %ymm3
+        # 2: 3/4
+        vmovdqu	2560(%rdx), %ymm10
+        vmovdqu	2592(%rdx), %ymm12
+        vmovdqu	2624(%rdx), %ymm11
+        vmovdqu	2656(%rdx), %ymm13
+        vpshufd	$0xd8, %ymm0, %ymm8
+        vpshufd	$0xd8, %ymm1, %ymm9
+        vpunpckldq	%ymm9, %ymm8, %ymm0
+        vpunpckhdq	%ymm9, %ymm8, %ymm1
+        vpshufd	$0xd8, %ymm2, %ymm8
+        vpshufd	$0xd8, %ymm3, %ymm9
+        vpunpckldq	%ymm9, %ymm8, %ymm2
+        vpunpckhdq	%ymm9, %ymm8, %ymm3
+        vpsubd	%ymm1, %ymm0, %ymm8
+        vpaddd	%ymm1, %ymm0, %ymm0
+        vpmulld	%ymm12, %ymm8, %ymm1
+        vmovshdup	%ymm8, %ymm9
+        vpmuldq	%ymm10, %ymm8, %ymm8
+        vpmuldq	%ymm10, %ymm9, %ymm9
+        vmovshdup	%ymm1, %ymm15
+        vpmuldq	%ymm14, %ymm1, %ymm1
+        vpmuldq	%ymm14, %ymm15, %ymm15
+        vpsubq	%ymm1, %ymm8, %ymm1
+        vpsubq	%ymm15, %ymm9, %ymm15
+        vmovshdup	%ymm1, %ymm1
+        vpblendd	$0xaa, %ymm15, %ymm1, %ymm1
+        vpsubd	%ymm3, %ymm2, %ymm8
+        vpaddd	%ymm3, %ymm2, %ymm2
+        vpmulld	%ymm13, %ymm8, %ymm3
+        vmovshdup	%ymm8, %ymm9
+        vpmuldq	%ymm11, %ymm8, %ymm8
+        vpmuldq	%ymm11, %ymm9, %ymm9
+        vmovshdup	%ymm3, %ymm15
+        vpmuldq	%ymm14, %ymm3, %ymm3
+        vpmuldq	%ymm14, %ymm15, %ymm15
+        vpsubq	%ymm3, %ymm8, %ymm3
+        vpsubq	%ymm15, %ymm9, %ymm15
+        vmovshdup	%ymm3, %ymm3
+        vpblendd	$0xaa, %ymm15, %ymm3, %ymm3
+        # 4: 3/4
+        vmovdqu	2688(%rdx), %ymm10
+        vmovdqu	2720(%rdx), %ymm12
+        vmovdqu	2752(%rdx), %ymm11
+        vmovdqu	2784(%rdx), %ymm13
+        vpunpcklqdq	%ymm1, %ymm0, %ymm8
+        vpunpckhqdq	%ymm1, %ymm0, %ymm1
+        vpunpcklqdq	%ymm3, %ymm2, %ymm9
+        vpunpckhqdq	%ymm3, %ymm2, %ymm3
+        vpsubd	%ymm1, %ymm8, %ymm0
+        vpaddd	%ymm1, %ymm8, %ymm8
+        vpmulld	%ymm12, %ymm0, %ymm1
+        vmovshdup	%ymm0, %ymm2
+        vpmuldq	%ymm10, %ymm0, %ymm0
+        vpmuldq	%ymm10, %ymm2, %ymm2
+        vmovshdup	%ymm1, %ymm15
+        vpmuldq	%ymm14, %ymm1, %ymm1
+        vpmuldq	%ymm14, %ymm15, %ymm15
+        vpsubq	%ymm1, %ymm0, %ymm1
+        vpsubq	%ymm15, %ymm2, %ymm15
+        vmovshdup	%ymm1, %ymm1
+        vpblendd	$0xaa, %ymm15, %ymm1, %ymm1
+        vpsubd	%ymm3, %ymm9, %ymm0
+        vpaddd	%ymm3, %ymm9, %ymm9
+        vpmulld	%ymm13, %ymm0, %ymm3
+        vmovshdup	%ymm0, %ymm2
+        vpmuldq	%ymm11, %ymm0, %ymm0
+        vpmuldq	%ymm11, %ymm2, %ymm2
+        vmovshdup	%ymm3, %ymm15
+        vpmuldq	%ymm14, %ymm3, %ymm3
+        vpmuldq	%ymm14, %ymm15, %ymm15
+        vpsubq	%ymm3, %ymm0, %ymm3
+        vpsubq	%ymm15, %ymm2, %ymm15
+        vmovshdup	%ymm3, %ymm3
+        vpblendd	$0xaa, %ymm15, %ymm3, %ymm3
+        # 8: 3/4
+        vperm2i128	$32, %ymm1, %ymm8, %ymm0
+        vmovdqu	2816(%rdx), %ymm10
+        vperm2i128	$49, %ymm1, %ymm8, %ymm1
+        vmovdqu	2848(%rdx), %ymm12
+        vperm2i128	$32, %ymm3, %ymm9, %ymm2
+        vmovdqu	2880(%rdx), %ymm11
+        vperm2i128	$49, %ymm3, %ymm9, %ymm3
+        vmovdqu	2912(%rdx), %ymm13
+        vpsubd	%ymm1, %ymm0, %ymm8
+        vpaddd	%ymm1, %ymm0, %ymm0
+        vpmulld	%ymm12, %ymm8, %ymm1
+        vmovshdup	%ymm8, %ymm9
+        vpmuldq	%ymm10, %ymm8, %ymm8
+        vpmuldq	%ymm10, %ymm9, %ymm9
+        vmovshdup	%ymm1, %ymm15
+        vpmuldq	%ymm14, %ymm1, %ymm1
+        vpmuldq	%ymm14, %ymm15, %ymm15
+        vpsubq	%ymm1, %ymm8, %ymm1
+        vpsubq	%ymm15, %ymm9, %ymm15
+        vmovshdup	%ymm1, %ymm1
+        vpblendd	$0xaa, %ymm15, %ymm1, %ymm1
+        vpsubd	%ymm3, %ymm2, %ymm8
+        vpaddd	%ymm3, %ymm2, %ymm2
+        vpmulld	%ymm13, %ymm8, %ymm3
+        vmovshdup	%ymm8, %ymm9
+        vpmuldq	%ymm11, %ymm8, %ymm8
+        vpmuldq	%ymm11, %ymm9, %ymm9
+        vmovshdup	%ymm3, %ymm15
+        vpmuldq	%ymm14, %ymm3, %ymm3
+        vpmuldq	%ymm14, %ymm15, %ymm15
+        vpsubq	%ymm3, %ymm8, %ymm3
+        vpsubq	%ymm15, %ymm9, %ymm15
+        vmovshdup	%ymm3, %ymm3
+        vpblendd	$0xaa, %ymm15, %ymm3, %ymm3
+        # 16: 3/4
+        vmovdqu	2944(%rdx), %ymm10
+        vmovdqu	2976(%rdx), %ymm12
+        vpsubd	%ymm2, %ymm0, %ymm8
+        vpaddd	%ymm2, %ymm0, %ymm0
+        vpmulld	%ymm12, %ymm8, %ymm2
+        vmovshdup	%ymm8, %ymm9
+        vpmuldq	%ymm10, %ymm8, %ymm8
+        vpmuldq	%ymm10, %ymm9, %ymm9
+        vmovshdup	%ymm2, %ymm15
+        vpmuldq	%ymm14, %ymm2, %ymm2
+        vpmuldq	%ymm14, %ymm15, %ymm15
+        vpsubq	%ymm2, %ymm8, %ymm2
+        vpsubq	%ymm15, %ymm9, %ymm15
+        vmovshdup	%ymm2, %ymm2
+        vpblendd	$0xaa, %ymm15, %ymm2, %ymm2
+        vpsubd	%ymm3, %ymm1, %ymm8
+        vpaddd	%ymm3, %ymm1, %ymm1
+        vpmulld	%ymm12, %ymm8, %ymm3
+        vmovshdup	%ymm8, %ymm9
+        vpmuldq	%ymm10, %ymm8, %ymm8
+        vpmuldq	%ymm10, %ymm9, %ymm9
+        vmovshdup	%ymm3, %ymm15
+        vpmuldq	%ymm14, %ymm3, %ymm3
+        vpmuldq	%ymm14, %ymm15, %ymm15
+        vpsubq	%ymm3, %ymm8, %ymm3
+        vpsubq	%ymm15, %ymm9, %ymm15
+        vmovshdup	%ymm3, %ymm3
+        vpblendd	$0xaa, %ymm15, %ymm3, %ymm3
+        vpunpckldq	%ymm5, %ymm4, %ymm8
+        vpunpckhdq	%ymm5, %ymm4, %ymm9
+        vpunpckldq	%ymm9, %ymm8, %ymm4
+        vpunpckhdq	%ymm9, %ymm8, %ymm5
+        vpermq	$0xd8, %ymm4, %ymm4
+        vpermq	$0xd8, %ymm5, %ymm5
+        vpunpckldq	%ymm7, %ymm6, %ymm8
+        vpunpckhdq	%ymm7, %ymm6, %ymm9
+        vpunpckldq	%ymm9, %ymm8, %ymm6
+        vpunpckhdq	%ymm9, %ymm8, %ymm7
+        vpermq	$0xd8, %ymm6, %ymm6
+        vpermq	$0xd8, %ymm7, %ymm7
+        # 1: 3/4
+        vmovdqu	3008(%rdx), %ymm10
+        vmovdqu	3040(%rdx), %ymm12
+        vmovdqu	3072(%rdx), %ymm11
+        vmovdqu	3104(%rdx), %ymm13
+        vpsubd	%ymm5, %ymm4, %ymm8
+        vpaddd	%ymm5, %ymm4, %ymm4
+        vpmulld	%ymm12, %ymm8, %ymm5
+        vmovshdup	%ymm8, %ymm9
+        vpmuldq	%ymm10, %ymm8, %ymm8
+        vmovshdup	%ymm10, %ymm10
+        vpmuldq	%ymm10, %ymm9, %ymm9
+        vmovshdup	%ymm5, %ymm15
+        vpmuldq	%ymm14, %ymm5, %ymm5
+        vpmuldq	%ymm14, %ymm15, %ymm15
+        vpsubq	%ymm5, %ymm8, %ymm5
+        vpsubq	%ymm15, %ymm9, %ymm15
+        vmovshdup	%ymm5, %ymm5
+        vpblendd	$0xaa, %ymm15, %ymm5, %ymm5
+        vpsubd	%ymm7, %ymm6, %ymm8
+        vpaddd	%ymm7, %ymm6, %ymm6
+        vpmulld	%ymm13, %ymm8, %ymm7
+        vmovshdup	%ymm8, %ymm9
+        vpmuldq	%ymm11, %ymm8, %ymm8
+        vmovshdup	%ymm11, %ymm11
+        vpmuldq	%ymm11, %ymm9, %ymm9
+        vmovshdup	%ymm7, %ymm15
+        vpmuldq	%ymm14, %ymm7, %ymm7
+        vpmuldq	%ymm14, %ymm15, %ymm15
+        vpsubq	%ymm7, %ymm8, %ymm7
+        vpsubq	%ymm15, %ymm9, %ymm15
+        vmovshdup	%ymm7, %ymm7
+        vpblendd	$0xaa, %ymm15, %ymm7, %ymm7
+        # 2: 3/4
+        vmovdqu	3136(%rdx), %ymm10
+        vmovdqu	3168(%rdx), %ymm12
+        vmovdqu	3200(%rdx), %ymm11
+        vmovdqu	3232(%rdx), %ymm13
+        vpshufd	$0xd8, %ymm4, %ymm8
+        vpshufd	$0xd8, %ymm5, %ymm9
+        vpunpckldq	%ymm9, %ymm8, %ymm4
+        vpunpckhdq	%ymm9, %ymm8, %ymm5
+        vpshufd	$0xd8, %ymm6, %ymm8
+        vpshufd	$0xd8, %ymm7, %ymm9
+        vpunpckldq	%ymm9, %ymm8, %ymm6
+        vpunpckhdq	%ymm9, %ymm8, %ymm7
+        vpsubd	%ymm5, %ymm4, %ymm8
+        vpaddd	%ymm5, %ymm4, %ymm4
+        vpmulld	%ymm12, %ymm8, %ymm5
+        vmovshdup	%ymm8, %ymm9
+        vpmuldq	%ymm10, %ymm8, %ymm8
+        vpmuldq	%ymm10, %ymm9, %ymm9
+        vmovshdup	%ymm5, %ymm15
+        vpmuldq	%ymm14, %ymm5, %ymm5
+        vpmuldq	%ymm14, %ymm15, %ymm15
+        vpsubq	%ymm5, %ymm8, %ymm5
+        vpsubq	%ymm15, %ymm9, %ymm15
+        vmovshdup	%ymm5, %ymm5
+        vpblendd	$0xaa, %ymm15, %ymm5, %ymm5
+        vpsubd	%ymm7, %ymm6, %ymm8
+        vpaddd	%ymm7, %ymm6, %ymm6
+        vpmulld	%ymm13, %ymm8, %ymm7
+        vmovshdup	%ymm8, %ymm9
+        vpmuldq	%ymm11, %ymm8, %ymm8
+        vpmuldq	%ymm11, %ymm9, %ymm9
+        vmovshdup	%ymm7, %ymm15
+        vpmuldq	%ymm14, %ymm7, %ymm7
+        vpmuldq	%ymm14, %ymm15, %ymm15
+        vpsubq	%ymm7, %ymm8, %ymm7
+        vpsubq	%ymm15, %ymm9, %ymm15
+        vmovshdup	%ymm7, %ymm7
+        vpblendd	$0xaa, %ymm15, %ymm7, %ymm7
+        # 4: 3/4
+        vmovdqu	3264(%rdx), %ymm10
+        vmovdqu	3296(%rdx), %ymm12
+        vmovdqu	3328(%rdx), %ymm11
+        vmovdqu	3360(%rdx), %ymm13
+        vpunpcklqdq	%ymm5, %ymm4, %ymm8
+        vpunpckhqdq	%ymm5, %ymm4, %ymm5
+        vpunpcklqdq	%ymm7, %ymm6, %ymm9
+        vpunpckhqdq	%ymm7, %ymm6, %ymm7
+        vpsubd	%ymm5, %ymm8, %ymm4
+        vpaddd	%ymm5, %ymm8, %ymm8
+        vpmulld	%ymm12, %ymm4, %ymm5
+        vmovshdup	%ymm4, %ymm6
+        vpmuldq	%ymm10, %ymm4, %ymm4
+        vpmuldq	%ymm10, %ymm6, %ymm6
+        vmovshdup	%ymm5, %ymm15
+        vpmuldq	%ymm14, %ymm5, %ymm5
+        vpmuldq	%ymm14, %ymm15, %ymm15
+        vpsubq	%ymm5, %ymm4, %ymm5
+        vpsubq	%ymm15, %ymm6, %ymm15
+        vmovshdup	%ymm5, %ymm5
+        vpblendd	$0xaa, %ymm15, %ymm5, %ymm5
+        vpsubd	%ymm7, %ymm9, %ymm4
+        vpaddd	%ymm7, %ymm9, %ymm9
+        vpmulld	%ymm13, %ymm4, %ymm7
+        vmovshdup	%ymm4, %ymm6
+        vpmuldq	%ymm11, %ymm4, %ymm4
+        vpmuldq	%ymm11, %ymm6, %ymm6
+        vmovshdup	%ymm7, %ymm15
+        vpmuldq	%ymm14, %ymm7, %ymm7
+        vpmuldq	%ymm14, %ymm15, %ymm15
+        vpsubq	%ymm7, %ymm4, %ymm7
+        vpsubq	%ymm15, %ymm6, %ymm15
+        vmovshdup	%ymm7, %ymm7
+        vpblendd	$0xaa, %ymm15, %ymm7, %ymm7
+        # 8: 3/4
+        vperm2i128	$32, %ymm5, %ymm8, %ymm4
+        vmovdqu	3392(%rdx), %ymm10
+        vperm2i128	$49, %ymm5, %ymm8, %ymm5
+        vmovdqu	3424(%rdx), %ymm12
+        vperm2i128	$32, %ymm7, %ymm9, %ymm6
+        vmovdqu	3456(%rdx), %ymm11
+        vperm2i128	$49, %ymm7, %ymm9, %ymm7
+        vmovdqu	3488(%rdx), %ymm13
+        vpsubd	%ymm5, %ymm4, %ymm8
+        vpaddd	%ymm5, %ymm4, %ymm4
+        vpmulld	%ymm12, %ymm8, %ymm5
+        vmovshdup	%ymm8, %ymm9
+        vpmuldq	%ymm10, %ymm8, %ymm8
+        vpmuldq	%ymm10, %ymm9, %ymm9
+        vmovshdup	%ymm5, %ymm15
+        vpmuldq	%ymm14, %ymm5, %ymm5
+        vpmuldq	%ymm14, %ymm15, %ymm15
+        vpsubq	%ymm5, %ymm8, %ymm5
+        vpsubq	%ymm15, %ymm9, %ymm15
+        vmovshdup	%ymm5, %ymm5
+        vpblendd	$0xaa, %ymm15, %ymm5, %ymm5
+        vpsubd	%ymm7, %ymm6, %ymm8
+        vpaddd	%ymm7, %ymm6, %ymm6
+        vpmulld	%ymm13, %ymm8, %ymm7
+        vmovshdup	%ymm8, %ymm9
+        vpmuldq	%ymm11, %ymm8, %ymm8
+        vpmuldq	%ymm11, %ymm9, %ymm9
+        vmovshdup	%ymm7, %ymm15
+        vpmuldq	%ymm14, %ymm7, %ymm7
+        vpmuldq	%ymm14, %ymm15, %ymm15
+        vpsubq	%ymm7, %ymm8, %ymm7
+        vpsubq	%ymm15, %ymm9, %ymm15
+        vmovshdup	%ymm7, %ymm7
+        vpblendd	$0xaa, %ymm15, %ymm7, %ymm7
+        # 16: 3/4
+        vmovdqu	3520(%rdx), %ymm10
+        vmovdqu	3552(%rdx), %ymm12
+        vpsubd	%ymm6, %ymm4, %ymm8
+        vpaddd	%ymm6, %ymm4, %ymm4
+        vpmulld	%ymm12, %ymm8, %ymm6
+        vmovshdup	%ymm8, %ymm9
+        vpmuldq	%ymm10, %ymm8, %ymm8
+        vpmuldq	%ymm10, %ymm9, %ymm9
+        vmovshdup	%ymm6, %ymm15
+        vpmuldq	%ymm14, %ymm6, %ymm6
+        vpmuldq	%ymm14, %ymm15, %ymm15
+        vpsubq	%ymm6, %ymm8, %ymm6
+        vpsubq	%ymm15, %ymm9, %ymm15
+        vmovshdup	%ymm6, %ymm6
+        vpblendd	$0xaa, %ymm15, %ymm6, %ymm6
+        vpsubd	%ymm7, %ymm5, %ymm8
+        vpaddd	%ymm7, %ymm5, %ymm5
+        vpmulld	%ymm12, %ymm8, %ymm7
+        vmovshdup	%ymm8, %ymm9
+        vpmuldq	%ymm10, %ymm8, %ymm8
+        vpmuldq	%ymm10, %ymm9, %ymm9
+        vmovshdup	%ymm7, %ymm15
+        vpmuldq	%ymm14, %ymm7, %ymm7
+        vpmuldq	%ymm14, %ymm15, %ymm15
+        vpsubq	%ymm7, %ymm8, %ymm7
+        vpsubq	%ymm15, %ymm9, %ymm15
+        vmovshdup	%ymm7, %ymm7
+        vpblendd	$0xaa, %ymm15, %ymm7, %ymm7
+        # 32: 3/4
+        vmovdqu	3584(%rdx), %ymm10
+        vmovdqu	3616(%rdx), %ymm12
+        vpsubd	%ymm4, %ymm0, %ymm8
+        vpaddd	%ymm4, %ymm0, %ymm0
+        vpmulld	%ymm12, %ymm8, %ymm4
+        vmovshdup	%ymm8, %ymm9
+        vpmuldq	%ymm10, %ymm8, %ymm8
+        vpmuldq	%ymm10, %ymm9, %ymm9
+        vmovshdup	%ymm4, %ymm15
+        vpmuldq	%ymm14, %ymm4, %ymm4
+        vpmuldq	%ymm14, %ymm15, %ymm15
+        vpsubq	%ymm4, %ymm8, %ymm4
+        vpsubq	%ymm15, %ymm9, %ymm15
+        vmovshdup	%ymm4, %ymm4
+        vpblendd	$0xaa, %ymm15, %ymm4, %ymm4
+        vpsubd	%ymm5, %ymm1, %ymm8
+        vpaddd	%ymm5, %ymm1, %ymm1
+        vpmulld	%ymm12, %ymm8, %ymm5
+        vmovshdup	%ymm8, %ymm9
+        vpmuldq	%ymm10, %ymm8, %ymm8
+        vpmuldq	%ymm10, %ymm9, %ymm9
+        vmovshdup	%ymm5, %ymm15
+        vpmuldq	%ymm14, %ymm5, %ymm5
+        vpmuldq	%ymm14, %ymm15, %ymm15
+        vpsubq	%ymm5, %ymm8, %ymm5
+        vpsubq	%ymm15, %ymm9, %ymm15
+        vmovshdup	%ymm5, %ymm5
+        vpblendd	$0xaa, %ymm15, %ymm5, %ymm5
+        vpsubd	%ymm6, %ymm2, %ymm8
+        vpaddd	%ymm6, %ymm2, %ymm2
+        vpmulld	%ymm12, %ymm8, %ymm6
+        vmovshdup	%ymm8, %ymm9
+        vpmuldq	%ymm10, %ymm8, %ymm8
+        vpmuldq	%ymm10, %ymm9, %ymm9
+        vmovshdup	%ymm6, %ymm15
+        vpmuldq	%ymm14, %ymm6, %ymm6
+        vpmuldq	%ymm14, %ymm15, %ymm15
+        vpsubq	%ymm6, %ymm8, %ymm6
+        vpsubq	%ymm15, %ymm9, %ymm15
+        vmovshdup	%ymm6, %ymm6
+        vpblendd	$0xaa, %ymm15, %ymm6, %ymm6
+        vpsubd	%ymm7, %ymm3, %ymm8
+        vpaddd	%ymm7, %ymm3, %ymm3
+        vpmulld	%ymm12, %ymm8, %ymm7
+        vmovshdup	%ymm8, %ymm9
+        vpmuldq	%ymm10, %ymm8, %ymm8
+        vpmuldq	%ymm10, %ymm9, %ymm9
+        vmovshdup	%ymm7, %ymm15
+        vpmuldq	%ymm14, %ymm7, %ymm7
+        vpmuldq	%ymm14, %ymm15, %ymm15
+        vpsubq	%ymm7, %ymm8, %ymm7
+        vpsubq	%ymm15, %ymm9, %ymm15
+        vmovshdup	%ymm7, %ymm7
+        vpblendd	$0xaa, %ymm15, %ymm7, %ymm7
+        vmovdqu	%ymm0, 512(%rdi)
+        vmovdqu	%ymm1, 544(%rdi)
+        vmovdqu	%ymm2, 576(%rdi)
+        vmovdqu	%ymm3, 608(%rdi)
+        vmovdqu	%ymm4, 640(%rdi)
+        vmovdqu	%ymm5, 672(%rdi)
+        vmovdqu	%ymm6, 704(%rdi)
+        vmovdqu	%ymm7, 736(%rdi)
+        vmovdqu	768(%rdi), %ymm0
+        vmovdqu	800(%rdi), %ymm1
+        vmovdqu	832(%rdi), %ymm2
+        vmovdqu	864(%rdi), %ymm3
+        vmovdqu	896(%rdi), %ymm4
+        vmovdqu	928(%rdi), %ymm5
+        vmovdqu	960(%rdi), %ymm6
+        vmovdqu	992(%rdi), %ymm7
+        vpunpckldq	%ymm1, %ymm0, %ymm8
+        vpunpckhdq	%ymm1, %ymm0, %ymm9
+        vpunpckldq	%ymm9, %ymm8, %ymm0
+        vpunpckhdq	%ymm9, %ymm8, %ymm1
+        vpermq	$0xd8, %ymm0, %ymm0
+        vpermq	$0xd8, %ymm1, %ymm1
+        vpunpckldq	%ymm3, %ymm2, %ymm8
+        vpunpckhdq	%ymm3, %ymm2, %ymm9
+        vpunpckldq	%ymm9, %ymm8, %ymm2
+        vpunpckhdq	%ymm9, %ymm8, %ymm3
+        vpermq	$0xd8, %ymm2, %ymm2
+        vpermq	$0xd8, %ymm3, %ymm3
+        # 1: 4/4
+        vmovdqu	3648(%rdx), %ymm10
+        vmovdqu	3680(%rdx), %ymm12
+        vmovdqu	3712(%rdx), %ymm11
+        vmovdqu	3744(%rdx), %ymm13
+        vpsubd	%ymm1, %ymm0, %ymm8
+        vpaddd	%ymm1, %ymm0, %ymm0
+        vpmulld	%ymm12, %ymm8, %ymm1
+        vmovshdup	%ymm8, %ymm9
+        vpmuldq	%ymm10, %ymm8, %ymm8
+        vmovshdup	%ymm10, %ymm10
+        vpmuldq	%ymm10, %ymm9, %ymm9
+        vmovshdup	%ymm1, %ymm15
+        vpmuldq	%ymm14, %ymm1, %ymm1
+        vpmuldq	%ymm14, %ymm15, %ymm15
+        vpsubq	%ymm1, %ymm8, %ymm1
+        vpsubq	%ymm15, %ymm9, %ymm15
+        vmovshdup	%ymm1, %ymm1
+        vpblendd	$0xaa, %ymm15, %ymm1, %ymm1
+        vpsubd	%ymm3, %ymm2, %ymm8
+        vpaddd	%ymm3, %ymm2, %ymm2
+        vpmulld	%ymm13, %ymm8, %ymm3
+        vmovshdup	%ymm8, %ymm9
+        vpmuldq	%ymm11, %ymm8, %ymm8
+        vmovshdup	%ymm11, %ymm11
+        vpmuldq	%ymm11, %ymm9, %ymm9
+        vmovshdup	%ymm3, %ymm15
+        vpmuldq	%ymm14, %ymm3, %ymm3
+        vpmuldq	%ymm14, %ymm15, %ymm15
+        vpsubq	%ymm3, %ymm8, %ymm3
+        vpsubq	%ymm15, %ymm9, %ymm15
+        vmovshdup	%ymm3, %ymm3
+        vpblendd	$0xaa, %ymm15, %ymm3, %ymm3
+        # 2: 4/4
+        vmovdqu	3776(%rdx), %ymm10
+        vmovdqu	3808(%rdx), %ymm12
+        vmovdqu	3840(%rdx), %ymm11
+        vmovdqu	3872(%rdx), %ymm13
+        vpshufd	$0xd8, %ymm0, %ymm8
+        vpshufd	$0xd8, %ymm1, %ymm9
+        vpunpckldq	%ymm9, %ymm8, %ymm0
+        vpunpckhdq	%ymm9, %ymm8, %ymm1
+        vpshufd	$0xd8, %ymm2, %ymm8
+        vpshufd	$0xd8, %ymm3, %ymm9
+        vpunpckldq	%ymm9, %ymm8, %ymm2
+        vpunpckhdq	%ymm9, %ymm8, %ymm3
+        vpsubd	%ymm1, %ymm0, %ymm8
+        vpaddd	%ymm1, %ymm0, %ymm0
+        vpmulld	%ymm12, %ymm8, %ymm1
+        vmovshdup	%ymm8, %ymm9
+        vpmuldq	%ymm10, %ymm8, %ymm8
+        vpmuldq	%ymm10, %ymm9, %ymm9
+        vmovshdup	%ymm1, %ymm15
+        vpmuldq	%ymm14, %ymm1, %ymm1
+        vpmuldq	%ymm14, %ymm15, %ymm15
+        vpsubq	%ymm1, %ymm8, %ymm1
+        vpsubq	%ymm15, %ymm9, %ymm15
+        vmovshdup	%ymm1, %ymm1
+        vpblendd	$0xaa, %ymm15, %ymm1, %ymm1
+        vpsubd	%ymm3, %ymm2, %ymm8
+        vpaddd	%ymm3, %ymm2, %ymm2
+        vpmulld	%ymm13, %ymm8, %ymm3
+        vmovshdup	%ymm8, %ymm9
+        vpmuldq	%ymm11, %ymm8, %ymm8
+        vpmuldq	%ymm11, %ymm9, %ymm9
+        vmovshdup	%ymm3, %ymm15
+        vpmuldq	%ymm14, %ymm3, %ymm3
+        vpmuldq	%ymm14, %ymm15, %ymm15
+        vpsubq	%ymm3, %ymm8, %ymm3
+        vpsubq	%ymm15, %ymm9, %ymm15
+        vmovshdup	%ymm3, %ymm3
+        vpblendd	$0xaa, %ymm15, %ymm3, %ymm3
+        # 4: 4/4
+        vmovdqu	3904(%rdx), %ymm10
+        vmovdqu	3936(%rdx), %ymm12
+        vmovdqu	3968(%rdx), %ymm11
+        vmovdqu	4000(%rdx), %ymm13
+        vpunpcklqdq	%ymm1, %ymm0, %ymm8
+        vpunpckhqdq	%ymm1, %ymm0, %ymm1
+        vpunpcklqdq	%ymm3, %ymm2, %ymm9
+        vpunpckhqdq	%ymm3, %ymm2, %ymm3
+        vpsubd	%ymm1, %ymm8, %ymm0
+        vpaddd	%ymm1, %ymm8, %ymm8
+        vpmulld	%ymm12, %ymm0, %ymm1
+        vmovshdup	%ymm0, %ymm2
+        vpmuldq	%ymm10, %ymm0, %ymm0
+        vpmuldq	%ymm10, %ymm2, %ymm2
+        vmovshdup	%ymm1, %ymm15
+        vpmuldq	%ymm14, %ymm1, %ymm1
+        vpmuldq	%ymm14, %ymm15, %ymm15
+        vpsubq	%ymm1, %ymm0, %ymm1
+        vpsubq	%ymm15, %ymm2, %ymm15
+        vmovshdup	%ymm1, %ymm1
+        vpblendd	$0xaa, %ymm15, %ymm1, %ymm1
+        vpsubd	%ymm3, %ymm9, %ymm0
+        vpaddd	%ymm3, %ymm9, %ymm9
+        vpmulld	%ymm13, %ymm0, %ymm3
+        vmovshdup	%ymm0, %ymm2
+        vpmuldq	%ymm11, %ymm0, %ymm0
+        vpmuldq	%ymm11, %ymm2, %ymm2
+        vmovshdup	%ymm3, %ymm15
+        vpmuldq	%ymm14, %ymm3, %ymm3
+        vpmuldq	%ymm14, %ymm15, %ymm15
+        vpsubq	%ymm3, %ymm0, %ymm3
+        vpsubq	%ymm15, %ymm2, %ymm15
+        vmovshdup	%ymm3, %ymm3
+        vpblendd	$0xaa, %ymm15, %ymm3, %ymm3
+        # 8: 4/4
+        vperm2i128	$32, %ymm1, %ymm8, %ymm0
+        vmovdqu	4032(%rdx), %ymm10
+        vperm2i128	$49, %ymm1, %ymm8, %ymm1
+        vmovdqu	4064(%rdx), %ymm12
+        vperm2i128	$32, %ymm3, %ymm9, %ymm2
+        vmovdqu	4096(%rdx), %ymm11
+        vperm2i128	$49, %ymm3, %ymm9, %ymm3
+        vmovdqu	4128(%rdx), %ymm13
+        vpsubd	%ymm1, %ymm0, %ymm8
+        vpaddd	%ymm1, %ymm0, %ymm0
+        vpmulld	%ymm12, %ymm8, %ymm1
+        vmovshdup	%ymm8, %ymm9
+        vpmuldq	%ymm10, %ymm8, %ymm8
+        vpmuldq	%ymm10, %ymm9, %ymm9
+        vmovshdup	%ymm1, %ymm15
+        vpmuldq	%ymm14, %ymm1, %ymm1
+        vpmuldq	%ymm14, %ymm15, %ymm15
+        vpsubq	%ymm1, %ymm8, %ymm1
+        vpsubq	%ymm15, %ymm9, %ymm15
+        vmovshdup	%ymm1, %ymm1
+        vpblendd	$0xaa, %ymm15, %ymm1, %ymm1
+        vpsubd	%ymm3, %ymm2, %ymm8
+        vpaddd	%ymm3, %ymm2, %ymm2
+        vpmulld	%ymm13, %ymm8, %ymm3
+        vmovshdup	%ymm8, %ymm9
+        vpmuldq	%ymm11, %ymm8, %ymm8
+        vpmuldq	%ymm11, %ymm9, %ymm9
+        vmovshdup	%ymm3, %ymm15
+        vpmuldq	%ymm14, %ymm3, %ymm3
+        vpmuldq	%ymm14, %ymm15, %ymm15
+        vpsubq	%ymm3, %ymm8, %ymm3
+        vpsubq	%ymm15, %ymm9, %ymm15
+        vmovshdup	%ymm3, %ymm3
+        vpblendd	$0xaa, %ymm15, %ymm3, %ymm3
+        # 16: 4/4
+        vmovdqu	4160(%rdx), %ymm10
+        vmovdqu	4192(%rdx), %ymm12
+        vpsubd	%ymm2, %ymm0, %ymm8
+        vpaddd	%ymm2, %ymm0, %ymm0
+        vpmulld	%ymm12, %ymm8, %ymm2
+        vmovshdup	%ymm8, %ymm9
+        vpmuldq	%ymm10, %ymm8, %ymm8
+        vpmuldq	%ymm10, %ymm9, %ymm9
+        vmovshdup	%ymm2, %ymm15
+        vpmuldq	%ymm14, %ymm2, %ymm2
+        vpmuldq	%ymm14, %ymm15, %ymm15
+        vpsubq	%ymm2, %ymm8, %ymm2
+        vpsubq	%ymm15, %ymm9, %ymm15
+        vmovshdup	%ymm2, %ymm2
+        vpblendd	$0xaa, %ymm15, %ymm2, %ymm2
+        vpsubd	%ymm3, %ymm1, %ymm8
+        vpaddd	%ymm3, %ymm1, %ymm1
+        vpmulld	%ymm12, %ymm8, %ymm3
+        vmovshdup	%ymm8, %ymm9
+        vpmuldq	%ymm10, %ymm8, %ymm8
+        vpmuldq	%ymm10, %ymm9, %ymm9
+        vmovshdup	%ymm3, %ymm15
+        vpmuldq	%ymm14, %ymm3, %ymm3
+        vpmuldq	%ymm14, %ymm15, %ymm15
+        vpsubq	%ymm3, %ymm8, %ymm3
+        vpsubq	%ymm15, %ymm9, %ymm15
+        vmovshdup	%ymm3, %ymm3
+        vpblendd	$0xaa, %ymm15, %ymm3, %ymm3
+        vpunpckldq	%ymm5, %ymm4, %ymm8
+        vpunpckhdq	%ymm5, %ymm4, %ymm9
+        vpunpckldq	%ymm9, %ymm8, %ymm4
+        vpunpckhdq	%ymm9, %ymm8, %ymm5
+        vpermq	$0xd8, %ymm4, %ymm4
+        vpermq	$0xd8, %ymm5, %ymm5
+        vpunpckldq	%ymm7, %ymm6, %ymm8
+        vpunpckhdq	%ymm7, %ymm6, %ymm9
+        vpunpckldq	%ymm9, %ymm8, %ymm6
+        vpunpckhdq	%ymm9, %ymm8, %ymm7
+        vpermq	$0xd8, %ymm6, %ymm6
+        vpermq	$0xd8, %ymm7, %ymm7
+        # 1: 4/4
+        vmovdqu	4224(%rdx), %ymm10
+        vmovdqu	4256(%rdx), %ymm12
+        vmovdqu	4288(%rdx), %ymm11
+        vmovdqu	4320(%rdx), %ymm13
+        vpsubd	%ymm5, %ymm4, %ymm8
+        vpaddd	%ymm5, %ymm4, %ymm4
+        vpmulld	%ymm12, %ymm8, %ymm5
+        vmovshdup	%ymm8, %ymm9
+        vpmuldq	%ymm10, %ymm8, %ymm8
+        vmovshdup	%ymm10, %ymm10
+        vpmuldq	%ymm10, %ymm9, %ymm9
+        vmovshdup	%ymm5, %ymm15
+        vpmuldq	%ymm14, %ymm5, %ymm5
+        vpmuldq	%ymm14, %ymm15, %ymm15
+        vpsubq	%ymm5, %ymm8, %ymm5
+        vpsubq	%ymm15, %ymm9, %ymm15
+        vmovshdup	%ymm5, %ymm5
+        vpblendd	$0xaa, %ymm15, %ymm5, %ymm5
+        vpsubd	%ymm7, %ymm6, %ymm8
+        vpaddd	%ymm7, %ymm6, %ymm6
+        vpmulld	%ymm13, %ymm8, %ymm7
+        vmovshdup	%ymm8, %ymm9
+        vpmuldq	%ymm11, %ymm8, %ymm8
+        vmovshdup	%ymm11, %ymm11
+        vpmuldq	%ymm11, %ymm9, %ymm9
+        vmovshdup	%ymm7, %ymm15
+        vpmuldq	%ymm14, %ymm7, %ymm7
+        vpmuldq	%ymm14, %ymm15, %ymm15
+        vpsubq	%ymm7, %ymm8, %ymm7
+        vpsubq	%ymm15, %ymm9, %ymm15
+        vmovshdup	%ymm7, %ymm7
+        vpblendd	$0xaa, %ymm15, %ymm7, %ymm7
+        # 2: 4/4
+        vmovdqu	4352(%rdx), %ymm10
+        vmovdqu	4384(%rdx), %ymm12
+        vmovdqu	4416(%rdx), %ymm11
+        vmovdqu	4448(%rdx), %ymm13
+        vpshufd	$0xd8, %ymm4, %ymm8
+        vpshufd	$0xd8, %ymm5, %ymm9
+        vpunpckldq	%ymm9, %ymm8, %ymm4
+        vpunpckhdq	%ymm9, %ymm8, %ymm5
+        vpshufd	$0xd8, %ymm6, %ymm8
+        vpshufd	$0xd8, %ymm7, %ymm9
+        vpunpckldq	%ymm9, %ymm8, %ymm6
+        vpunpckhdq	%ymm9, %ymm8, %ymm7
+        vpsubd	%ymm5, %ymm4, %ymm8
+        vpaddd	%ymm5, %ymm4, %ymm4
+        vpmulld	%ymm12, %ymm8, %ymm5
+        vmovshdup	%ymm8, %ymm9
+        vpmuldq	%ymm10, %ymm8, %ymm8
+        vpmuldq	%ymm10, %ymm9, %ymm9
+        vmovshdup	%ymm5, %ymm15
+        vpmuldq	%ymm14, %ymm5, %ymm5
+        vpmuldq	%ymm14, %ymm15, %ymm15
+        vpsubq	%ymm5, %ymm8, %ymm5
+        vpsubq	%ymm15, %ymm9, %ymm15
+        vmovshdup	%ymm5, %ymm5
+        vpblendd	$0xaa, %ymm15, %ymm5, %ymm5
+        vpsubd	%ymm7, %ymm6, %ymm8
+        vpaddd	%ymm7, %ymm6, %ymm6
+        vpmulld	%ymm13, %ymm8, %ymm7
+        vmovshdup	%ymm8, %ymm9
+        vpmuldq	%ymm11, %ymm8, %ymm8
+        vpmuldq	%ymm11, %ymm9, %ymm9
+        vmovshdup	%ymm7, %ymm15
+        vpmuldq	%ymm14, %ymm7, %ymm7
+        vpmuldq	%ymm14, %ymm15, %ymm15
+        vpsubq	%ymm7, %ymm8, %ymm7
+        vpsubq	%ymm15, %ymm9, %ymm15
+        vmovshdup	%ymm7, %ymm7
+        vpblendd	$0xaa, %ymm15, %ymm7, %ymm7
+        # 4: 4/4
+        vmovdqu	4480(%rdx), %ymm10
+        vmovdqu	4512(%rdx), %ymm12
+        vmovdqu	4544(%rdx), %ymm11
+        vmovdqu	4576(%rdx), %ymm13
+        vpunpcklqdq	%ymm5, %ymm4, %ymm8
+        vpunpckhqdq	%ymm5, %ymm4, %ymm5
+        vpunpcklqdq	%ymm7, %ymm6, %ymm9
+        vpunpckhqdq	%ymm7, %ymm6, %ymm7
+        vpsubd	%ymm5, %ymm8, %ymm4
+        vpaddd	%ymm5, %ymm8, %ymm8
+        vpmulld	%ymm12, %ymm4, %ymm5
+        vmovshdup	%ymm4, %ymm6
+        vpmuldq	%ymm10, %ymm4, %ymm4
+        vpmuldq	%ymm10, %ymm6, %ymm6
+        vmovshdup	%ymm5, %ymm15
+        vpmuldq	%ymm14, %ymm5, %ymm5
+        vpmuldq	%ymm14, %ymm15, %ymm15
+        vpsubq	%ymm5, %ymm4, %ymm5
+        vpsubq	%ymm15, %ymm6, %ymm15
+        vmovshdup	%ymm5, %ymm5
+        vpblendd	$0xaa, %ymm15, %ymm5, %ymm5
+        vpsubd	%ymm7, %ymm9, %ymm4
+        vpaddd	%ymm7, %ymm9, %ymm9
+        vpmulld	%ymm13, %ymm4, %ymm7
+        vmovshdup	%ymm4, %ymm6
+        vpmuldq	%ymm11, %ymm4, %ymm4
+        vpmuldq	%ymm11, %ymm6, %ymm6
+        vmovshdup	%ymm7, %ymm15
+        vpmuldq	%ymm14, %ymm7, %ymm7
+        vpmuldq	%ymm14, %ymm15, %ymm15
+        vpsubq	%ymm7, %ymm4, %ymm7
+        vpsubq	%ymm15, %ymm6, %ymm15
+        vmovshdup	%ymm7, %ymm7
+        vpblendd	$0xaa, %ymm15, %ymm7, %ymm7
+        # 8: 4/4
+        vperm2i128	$32, %ymm5, %ymm8, %ymm4
+        vmovdqu	4608(%rdx), %ymm10
+        vperm2i128	$49, %ymm5, %ymm8, %ymm5
+        vmovdqu	4640(%rdx), %ymm12
+        vperm2i128	$32, %ymm7, %ymm9, %ymm6
+        vmovdqu	4672(%rdx), %ymm11
+        vperm2i128	$49, %ymm7, %ymm9, %ymm7
+        vmovdqu	4704(%rdx), %ymm13
+        vpsubd	%ymm5, %ymm4, %ymm8
+        vpaddd	%ymm5, %ymm4, %ymm4
+        vpmulld	%ymm12, %ymm8, %ymm5
+        vmovshdup	%ymm8, %ymm9
+        vpmuldq	%ymm10, %ymm8, %ymm8
+        vpmuldq	%ymm10, %ymm9, %ymm9
+        vmovshdup	%ymm5, %ymm15
+        vpmuldq	%ymm14, %ymm5, %ymm5
+        vpmuldq	%ymm14, %ymm15, %ymm15
+        vpsubq	%ymm5, %ymm8, %ymm5
+        vpsubq	%ymm15, %ymm9, %ymm15
+        vmovshdup	%ymm5, %ymm5
+        vpblendd	$0xaa, %ymm15, %ymm5, %ymm5
+        vpsubd	%ymm7, %ymm6, %ymm8
+        vpaddd	%ymm7, %ymm6, %ymm6
+        vpmulld	%ymm13, %ymm8, %ymm7
+        vmovshdup	%ymm8, %ymm9
+        vpmuldq	%ymm11, %ymm8, %ymm8
+        vpmuldq	%ymm11, %ymm9, %ymm9
+        vmovshdup	%ymm7, %ymm15
+        vpmuldq	%ymm14, %ymm7, %ymm7
+        vpmuldq	%ymm14, %ymm15, %ymm15
+        vpsubq	%ymm7, %ymm8, %ymm7
+        vpsubq	%ymm15, %ymm9, %ymm15
+        vmovshdup	%ymm7, %ymm7
+        vpblendd	$0xaa, %ymm15, %ymm7, %ymm7
+        # 16: 4/4
+        vmovdqu	4736(%rdx), %ymm10
+        vmovdqu	4768(%rdx), %ymm12
+        vpsubd	%ymm6, %ymm4, %ymm8
+        vpaddd	%ymm6, %ymm4, %ymm4
+        vpmulld	%ymm12, %ymm8, %ymm6
+        vmovshdup	%ymm8, %ymm9
+        vpmuldq	%ymm10, %ymm8, %ymm8
+        vpmuldq	%ymm10, %ymm9, %ymm9
+        vmovshdup	%ymm6, %ymm15
+        vpmuldq	%ymm14, %ymm6, %ymm6
+        vpmuldq	%ymm14, %ymm15, %ymm15
+        vpsubq	%ymm6, %ymm8, %ymm6
+        vpsubq	%ymm15, %ymm9, %ymm15
+        vmovshdup	%ymm6, %ymm6
+        vpblendd	$0xaa, %ymm15, %ymm6, %ymm6
+        vpsubd	%ymm7, %ymm5, %ymm8
+        vpaddd	%ymm7, %ymm5, %ymm5
+        vpmulld	%ymm12, %ymm8, %ymm7
+        vmovshdup	%ymm8, %ymm9
+        vpmuldq	%ymm10, %ymm8, %ymm8
+        vpmuldq	%ymm10, %ymm9, %ymm9
+        vmovshdup	%ymm7, %ymm15
+        vpmuldq	%ymm14, %ymm7, %ymm7
+        vpmuldq	%ymm14, %ymm15, %ymm15
+        vpsubq	%ymm7, %ymm8, %ymm7
+        vpsubq	%ymm15, %ymm9, %ymm15
+        vmovshdup	%ymm7, %ymm7
+        vpblendd	$0xaa, %ymm15, %ymm7, %ymm7
+        # 32: 4/4
+        vmovdqu	4800(%rdx), %ymm10
+        vmovdqu	4832(%rdx), %ymm12
+        vpsubd	%ymm4, %ymm0, %ymm8
+        vpaddd	%ymm4, %ymm0, %ymm0
+        vpmulld	%ymm12, %ymm8, %ymm4
+        vmovshdup	%ymm8, %ymm9
+        vpmuldq	%ymm10, %ymm8, %ymm8
+        vpmuldq	%ymm10, %ymm9, %ymm9
+        vmovshdup	%ymm4, %ymm15
+        vpmuldq	%ymm14, %ymm4, %ymm4
+        vpmuldq	%ymm14, %ymm15, %ymm15
+        vpsubq	%ymm4, %ymm8, %ymm4
+        vpsubq	%ymm15, %ymm9, %ymm15
+        vmovshdup	%ymm4, %ymm4
+        vpblendd	$0xaa, %ymm15, %ymm4, %ymm4
+        vpsubd	%ymm5, %ymm1, %ymm8
+        vpaddd	%ymm5, %ymm1, %ymm1
+        vpmulld	%ymm12, %ymm8, %ymm5
+        vmovshdup	%ymm8, %ymm9
+        vpmuldq	%ymm10, %ymm8, %ymm8
+        vpmuldq	%ymm10, %ymm9, %ymm9
+        vmovshdup	%ymm5, %ymm15
+        vpmuldq	%ymm14, %ymm5, %ymm5
+        vpmuldq	%ymm14, %ymm15, %ymm15
+        vpsubq	%ymm5, %ymm8, %ymm5
+        vpsubq	%ymm15, %ymm9, %ymm15
+        vmovshdup	%ymm5, %ymm5
+        vpblendd	$0xaa, %ymm15, %ymm5, %ymm5
+        vpsubd	%ymm6, %ymm2, %ymm8
+        vpaddd	%ymm6, %ymm2, %ymm2
+        vpmulld	%ymm12, %ymm8, %ymm6
+        vmovshdup	%ymm8, %ymm9
+        vpmuldq	%ymm10, %ymm8, %ymm8
+        vpmuldq	%ymm10, %ymm9, %ymm9
+        vmovshdup	%ymm6, %ymm15
+        vpmuldq	%ymm14, %ymm6, %ymm6
+        vpmuldq	%ymm14, %ymm15, %ymm15
+        vpsubq	%ymm6, %ymm8, %ymm6
+        vpsubq	%ymm15, %ymm9, %ymm15
+        vmovshdup	%ymm6, %ymm6
+        vpblendd	$0xaa, %ymm15, %ymm6, %ymm6
+        vpsubd	%ymm7, %ymm3, %ymm8
+        vpaddd	%ymm7, %ymm3, %ymm3
+        vpmulld	%ymm12, %ymm8, %ymm7
+        vmovshdup	%ymm8, %ymm9
+        vpmuldq	%ymm10, %ymm8, %ymm8
+        vpmuldq	%ymm10, %ymm9, %ymm9
+        vmovshdup	%ymm7, %ymm15
+        vpmuldq	%ymm14, %ymm7, %ymm7
+        vpmuldq	%ymm14, %ymm15, %ymm15
+        vpsubq	%ymm7, %ymm8, %ymm7
+        vpsubq	%ymm15, %ymm9, %ymm15
+        vmovshdup	%ymm7, %ymm7
+        vpblendd	$0xaa, %ymm15, %ymm7, %ymm7
+        vmovdqu	%ymm0, 768(%rdi)
+        vmovdqu	%ymm1, 800(%rdi)
+        vmovdqu	%ymm2, 832(%rdi)
+        vmovdqu	%ymm4, 896(%rdi)
+        vmovdqu	%ymm5, 928(%rdi)
+        vmovdqu	%ymm6, 960(%rdi)
+        vmovdqu	4864(%rdx), %ymm10
+        vmovdqu	4896(%rdx), %ymm12
+        vmovdqu	4928(%rdx), %ymm11
+        vmovdqu	4960(%rdx), %ymm13
+        vmovdqu	%ymm3, %ymm6
+        vmovdqu	96(%rdi), %ymm0
+        vmovdqu	224(%rdi), %ymm1
+        vmovdqu	352(%rdi), %ymm2
+        vmovdqu	480(%rdi), %ymm3
+        vmovdqu	608(%rdi), %ymm4
+        vmovdqu	736(%rdi), %ymm5
+        # 64: 4/4
+        vpsubd	%ymm2, %ymm0, %ymm8
+        vpaddd	%ymm2, %ymm0, %ymm0
+        vpmulld	%ymm12, %ymm8, %ymm2
+        vmovshdup	%ymm8, %ymm9
+        vpmuldq	%ymm10, %ymm8, %ymm8
+        vpmuldq	%ymm10, %ymm9, %ymm9
+        vmovshdup	%ymm2, %ymm15
+        vpmuldq	%ymm14, %ymm2, %ymm2
+        vpmuldq	%ymm14, %ymm15, %ymm15
+        vpsubq	%ymm2, %ymm8, %ymm2
+        vpsubq	%ymm15, %ymm9, %ymm15
+        vmovshdup	%ymm2, %ymm2
+        vpblendd	$0xaa, %ymm15, %ymm2, %ymm2
+        vpsubd	%ymm3, %ymm1, %ymm8
+        vpaddd	%ymm3, %ymm1, %ymm1
+        vpmulld	%ymm12, %ymm8, %ymm3
+        vmovshdup	%ymm8, %ymm9
+        vpmuldq	%ymm10, %ymm8, %ymm8
+        vpmuldq	%ymm10, %ymm9, %ymm9
+        vmovshdup	%ymm3, %ymm15
+        vpmuldq	%ymm14, %ymm3, %ymm3
+        vpmuldq	%ymm14, %ymm15, %ymm15
+        vpsubq	%ymm3, %ymm8, %ymm3
+        vpsubq	%ymm15, %ymm9, %ymm15
+        vmovshdup	%ymm3, %ymm3
+        vpblendd	$0xaa, %ymm15, %ymm3, %ymm3
+        vmovdqu	4992(%rdx), %ymm10
+        vmovdqu	5024(%rdx), %ymm12
+        vpsubd	%ymm6, %ymm4, %ymm8
+        vpaddd	%ymm6, %ymm4, %ymm4
+        vpmulld	%ymm13, %ymm8, %ymm6
+        vmovshdup	%ymm8, %ymm9
+        vpmuldq	%ymm11, %ymm8, %ymm8
+        vpmuldq	%ymm11, %ymm9, %ymm9
+        vmovshdup	%ymm6, %ymm15
+        vpmuldq	%ymm14, %ymm6, %ymm6
+        vpmuldq	%ymm14, %ymm15, %ymm15
+        vpsubq	%ymm6, %ymm8, %ymm6
+        vpsubq	%ymm15, %ymm9, %ymm15
+        vmovshdup	%ymm6, %ymm6
+        vpblendd	$0xaa, %ymm15, %ymm6, %ymm6
+        vpsubd	%ymm7, %ymm5, %ymm8
+        vpaddd	%ymm7, %ymm5, %ymm5
+        vpmulld	%ymm13, %ymm8, %ymm7
+        vmovshdup	%ymm8, %ymm9
+        vpmuldq	%ymm11, %ymm8, %ymm8
+        vpmuldq	%ymm11, %ymm9, %ymm9
+        vmovshdup	%ymm7, %ymm15
+        vpmuldq	%ymm14, %ymm7, %ymm7
+        vpmuldq	%ymm14, %ymm15, %ymm15
+        vpsubq	%ymm7, %ymm8, %ymm7
+        vpsubq	%ymm15, %ymm9, %ymm15
+        vmovshdup	%ymm7, %ymm7
+        vpblendd	$0xaa, %ymm15, %ymm7, %ymm7
+        # 128: 4/4
+        vpsubd	%ymm4, %ymm0, %ymm8
+        vpaddd	%ymm4, %ymm0, %ymm0
+        vpmulld	%ymm12, %ymm8, %ymm4
+        vmovshdup	%ymm8, %ymm9
+        vpmuldq	%ymm10, %ymm8, %ymm8
+        vpmuldq	%ymm10, %ymm9, %ymm9
+        vmovshdup	%ymm4, %ymm15
+        vpmuldq	%ymm14, %ymm4, %ymm4
+        vpmuldq	%ymm14, %ymm15, %ymm15
+        vpsubq	%ymm4, %ymm8, %ymm4
+        vpsubq	%ymm15, %ymm9, %ymm15
+        vmovshdup	%ymm4, %ymm4
+        vpblendd	$0xaa, %ymm15, %ymm4, %ymm4
+        vpsubd	%ymm5, %ymm1, %ymm8
+        vpaddd	%ymm5, %ymm1, %ymm1
+        vpmulld	%ymm12, %ymm8, %ymm5
+        vmovshdup	%ymm8, %ymm9
+        vpmuldq	%ymm10, %ymm8, %ymm8
+        vpmuldq	%ymm10, %ymm9, %ymm9
+        vmovshdup	%ymm5, %ymm15
+        vpmuldq	%ymm14, %ymm5, %ymm5
+        vpmuldq	%ymm14, %ymm15, %ymm15
+        vpsubq	%ymm5, %ymm8, %ymm5
+        vpsubq	%ymm15, %ymm9, %ymm15
+        vmovshdup	%ymm5, %ymm5
+        vpblendd	$0xaa, %ymm15, %ymm5, %ymm5
+        vmovdqu	5056(%rdx), %ymm11
+        vmovdqu	5088(%rdx), %ymm13
+        vpsubd	%ymm6, %ymm2, %ymm8
+        vpaddd	%ymm6, %ymm2, %ymm2
+        vpmulld	%ymm12, %ymm8, %ymm6
+        vmovshdup	%ymm8, %ymm9
+        vpmuldq	%ymm10, %ymm8, %ymm8
+        vpmuldq	%ymm10, %ymm9, %ymm9
+        vmovshdup	%ymm6, %ymm15
+        vpmuldq	%ymm14, %ymm6, %ymm6
+        vpmuldq	%ymm14, %ymm15, %ymm15
+        vpsubq	%ymm6, %ymm8, %ymm6
+        vpsubq	%ymm15, %ymm9, %ymm15
+        vmovshdup	%ymm6, %ymm6
+        vpblendd	$0xaa, %ymm15, %ymm6, %ymm6
+        vpsubd	%ymm7, %ymm3, %ymm8
+        vpaddd	%ymm7, %ymm3, %ymm3
+        vpmulld	%ymm12, %ymm8, %ymm7
+        vmovshdup	%ymm8, %ymm9
+        vpmuldq	%ymm10, %ymm8, %ymm8
+        vpmuldq	%ymm10, %ymm9, %ymm9
+        vmovshdup	%ymm7, %ymm15
+        vpmuldq	%ymm14, %ymm7, %ymm7
+        vpmuldq	%ymm14, %ymm15, %ymm15
+        vpsubq	%ymm7, %ymm8, %ymm7
+        vpsubq	%ymm15, %ymm9, %ymm15
+        vmovshdup	%ymm7, %ymm7
+        vpblendd	$0xaa, %ymm15, %ymm7, %ymm7
+        vpmulld	%ymm13, %ymm0, %ymm8
+        vpmulld	%ymm13, %ymm1, %ymm10
+        vmovshdup	%ymm0, %ymm9
+        vmovshdup	%ymm1, %ymm12
+        vpmuldq	%ymm11, %ymm0, %ymm0
+        vpmuldq	%ymm11, %ymm1, %ymm1
+        vpmuldq	%ymm11, %ymm9, %ymm9
+        vpmuldq	%ymm11, %ymm12, %ymm12
+        vmovshdup	%ymm8, %ymm15
+        vpmuldq	%ymm14, %ymm8, %ymm8
+        vpmuldq	%ymm14, %ymm15, %ymm15
+        vpsubq	%ymm8, %ymm0, %ymm8
+        vpsubq	%ymm15, %ymm9, %ymm15
+        vmovshdup	%ymm10, %ymm9
+        vpmuldq	%ymm14, %ymm10, %ymm10
+        vpmuldq	%ymm14, %ymm9, %ymm9
+        vpsubq	%ymm10, %ymm1, %ymm10
+        vpsubq	%ymm9, %ymm12, %ymm9
+        vmovshdup	%ymm8, %ymm8
+        vmovshdup	%ymm10, %ymm10
+        vpblendd	$0xaa, %ymm15, %ymm8, %ymm0
+        vpblendd	$0xaa, %ymm9, %ymm10, %ymm1
+        vpmulld	%ymm13, %ymm2, %ymm8
+        vpmulld	%ymm13, %ymm3, %ymm10
+        vmovshdup	%ymm2, %ymm9
+        vmovshdup	%ymm3, %ymm12
+        vpmuldq	%ymm11, %ymm2, %ymm2
+        vpmuldq	%ymm11, %ymm3, %ymm3
+        vpmuldq	%ymm11, %ymm9, %ymm9
+        vpmuldq	%ymm11, %ymm12, %ymm12
+        vmovshdup	%ymm8, %ymm15
+        vpmuldq	%ymm14, %ymm8, %ymm8
+        vpmuldq	%ymm14, %ymm15, %ymm15
+        vpsubq	%ymm8, %ymm2, %ymm8
+        vpsubq	%ymm15, %ymm9, %ymm15
+        vmovshdup	%ymm10, %ymm9
+        vpmuldq	%ymm14, %ymm10, %ymm10
+        vpmuldq	%ymm14, %ymm9, %ymm9
+        vpsubq	%ymm10, %ymm3, %ymm10
+        vpsubq	%ymm9, %ymm12, %ymm9
+        vmovshdup	%ymm8, %ymm8
+        vmovshdup	%ymm10, %ymm10
+        vpblendd	$0xaa, %ymm15, %ymm8, %ymm2
+        vpblendd	$0xaa, %ymm9, %ymm10, %ymm3
+        vpmulld	%ymm13, %ymm4, %ymm8
+        vpmulld	%ymm13, %ymm5, %ymm10
+        vmovshdup	%ymm4, %ymm9
+        vmovshdup	%ymm5, %ymm12
+        vpmuldq	%ymm11, %ymm4, %ymm4
+        vpmuldq	%ymm11, %ymm5, %ymm5
+        vpmuldq	%ymm11, %ymm9, %ymm9
+        vpmuldq	%ymm11, %ymm12, %ymm12
+        vmovshdup	%ymm8, %ymm15
+        vpmuldq	%ymm14, %ymm8, %ymm8
+        vpmuldq	%ymm14, %ymm15, %ymm15
+        vpsubq	%ymm8, %ymm4, %ymm8
+        vpsubq	%ymm15, %ymm9, %ymm15
+        vmovshdup	%ymm10, %ymm9
+        vpmuldq	%ymm14, %ymm10, %ymm10
+        vpmuldq	%ymm14, %ymm9, %ymm9
+        vpsubq	%ymm10, %ymm5, %ymm10
+        vpsubq	%ymm9, %ymm12, %ymm9
+        vmovshdup	%ymm8, %ymm8
+        vmovshdup	%ymm10, %ymm10
+        vpblendd	$0xaa, %ymm15, %ymm8, %ymm4
+        vpblendd	$0xaa, %ymm9, %ymm10, %ymm5
+        vpmulld	%ymm13, %ymm6, %ymm8
+        vpmulld	%ymm13, %ymm7, %ymm10
+        vmovshdup	%ymm6, %ymm9
+        vmovshdup	%ymm7, %ymm12
+        vpmuldq	%ymm11, %ymm6, %ymm6
+        vpmuldq	%ymm11, %ymm7, %ymm7
+        vpmuldq	%ymm11, %ymm9, %ymm9
+        vpmuldq	%ymm11, %ymm12, %ymm12
+        vmovshdup	%ymm8, %ymm15
+        vpmuldq	%ymm14, %ymm8, %ymm8
+        vpmuldq	%ymm14, %ymm15, %ymm15
+        vpsubq	%ymm8, %ymm6, %ymm8
+        vpsubq	%ymm15, %ymm9, %ymm15
+        vmovshdup	%ymm10, %ymm9
+        vpmuldq	%ymm14, %ymm10, %ymm10
+        vpmuldq	%ymm14, %ymm9, %ymm9
+        vpsubq	%ymm10, %ymm7, %ymm10
+        vpsubq	%ymm9, %ymm12, %ymm9
+        vmovshdup	%ymm8, %ymm8
+        vmovshdup	%ymm10, %ymm10
+        vpblendd	$0xaa, %ymm15, %ymm8, %ymm6
+        vpblendd	$0xaa, %ymm9, %ymm10, %ymm7
+        vmovdqu	%ymm0, 96(%rdi)
+        vmovdqu	%ymm1, 224(%rdi)
+        vmovdqu	%ymm2, 352(%rdi)
+        vmovdqu	%ymm3, 480(%rdi)
+        vmovdqu	%ymm4, 608(%rdi)
+        vmovdqu	%ymm5, 736(%rdi)
+        vmovdqu	%ymm6, 864(%rdi)
+        vmovdqu	%ymm7, 992(%rdi)
+        vmovdqu	4864(%rdx), %ymm10
+        vmovdqu	4896(%rdx), %ymm12
+        vmovdqu	4928(%rdx), %ymm11
+        vmovdqu	4960(%rdx), %ymm13
+        vmovdqu	64(%rdi), %ymm0
+        vmovdqu	192(%rdi), %ymm1
+        vmovdqu	320(%rdi), %ymm2
+        vmovdqu	448(%rdi), %ymm3
+        vmovdqu	576(%rdi), %ymm4
+        vmovdqu	704(%rdi), %ymm5
+        vmovdqu	832(%rdi), %ymm6
+        vmovdqu	960(%rdi), %ymm7
+        # 64: 3/4
+        vpsubd	%ymm2, %ymm0, %ymm8
+        vpaddd	%ymm2, %ymm0, %ymm0
+        vpmulld	%ymm12, %ymm8, %ymm2
+        vmovshdup	%ymm8, %ymm9
+        vpmuldq	%ymm10, %ymm8, %ymm8
+        vpmuldq	%ymm10, %ymm9, %ymm9
+        vmovshdup	%ymm2, %ymm15
+        vpmuldq	%ymm14, %ymm2, %ymm2
+        vpmuldq	%ymm14, %ymm15, %ymm15
+        vpsubq	%ymm2, %ymm8, %ymm2
+        vpsubq	%ymm15, %ymm9, %ymm15
+        vmovshdup	%ymm2, %ymm2
+        vpblendd	$0xaa, %ymm15, %ymm2, %ymm2
+        vpsubd	%ymm3, %ymm1, %ymm8
+        vpaddd	%ymm3, %ymm1, %ymm1
+        vpmulld	%ymm12, %ymm8, %ymm3
+        vmovshdup	%ymm8, %ymm9
+        vpmuldq	%ymm10, %ymm8, %ymm8
+        vpmuldq	%ymm10, %ymm9, %ymm9
+        vmovshdup	%ymm3, %ymm15
+        vpmuldq	%ymm14, %ymm3, %ymm3
+        vpmuldq	%ymm14, %ymm15, %ymm15
+        vpsubq	%ymm3, %ymm8, %ymm3
+        vpsubq	%ymm15, %ymm9, %ymm15
+        vmovshdup	%ymm3, %ymm3
+        vpblendd	$0xaa, %ymm15, %ymm3, %ymm3
+        vmovdqu	4992(%rdx), %ymm10
+        vmovdqu	5024(%rdx), %ymm12
+        vpsubd	%ymm6, %ymm4, %ymm8
+        vpaddd	%ymm6, %ymm4, %ymm4
+        vpmulld	%ymm13, %ymm8, %ymm6
+        vmovshdup	%ymm8, %ymm9
+        vpmuldq	%ymm11, %ymm8, %ymm8
+        vpmuldq	%ymm11, %ymm9, %ymm9
+        vmovshdup	%ymm6, %ymm15
+        vpmuldq	%ymm14, %ymm6, %ymm6
+        vpmuldq	%ymm14, %ymm15, %ymm15
+        vpsubq	%ymm6, %ymm8, %ymm6
+        vpsubq	%ymm15, %ymm9, %ymm15
+        vmovshdup	%ymm6, %ymm6
+        vpblendd	$0xaa, %ymm15, %ymm6, %ymm6
+        vpsubd	%ymm7, %ymm5, %ymm8
+        vpaddd	%ymm7, %ymm5, %ymm5
+        vpmulld	%ymm13, %ymm8, %ymm7
+        vmovshdup	%ymm8, %ymm9
+        vpmuldq	%ymm11, %ymm8, %ymm8
+        vpmuldq	%ymm11, %ymm9, %ymm9
+        vmovshdup	%ymm7, %ymm15
+        vpmuldq	%ymm14, %ymm7, %ymm7
+        vpmuldq	%ymm14, %ymm15, %ymm15
+        vpsubq	%ymm7, %ymm8, %ymm7
+        vpsubq	%ymm15, %ymm9, %ymm15
+        vmovshdup	%ymm7, %ymm7
+        vpblendd	$0xaa, %ymm15, %ymm7, %ymm7
+        # 128: 3/4
+        vpsubd	%ymm4, %ymm0, %ymm8
+        vpaddd	%ymm4, %ymm0, %ymm0
+        vpmulld	%ymm12, %ymm8, %ymm4
+        vmovshdup	%ymm8, %ymm9
+        vpmuldq	%ymm10, %ymm8, %ymm8
+        vpmuldq	%ymm10, %ymm9, %ymm9
+        vmovshdup	%ymm4, %ymm15
+        vpmuldq	%ymm14, %ymm4, %ymm4
+        vpmuldq	%ymm14, %ymm15, %ymm15
+        vpsubq	%ymm4, %ymm8, %ymm4
+        vpsubq	%ymm15, %ymm9, %ymm15
+        vmovshdup	%ymm4, %ymm4
+        vpblendd	$0xaa, %ymm15, %ymm4, %ymm4
+        vpsubd	%ymm5, %ymm1, %ymm8
+        vpaddd	%ymm5, %ymm1, %ymm1
+        vpmulld	%ymm12, %ymm8, %ymm5
+        vmovshdup	%ymm8, %ymm9
+        vpmuldq	%ymm10, %ymm8, %ymm8
+        vpmuldq	%ymm10, %ymm9, %ymm9
+        vmovshdup	%ymm5, %ymm15
+        vpmuldq	%ymm14, %ymm5, %ymm5
+        vpmuldq	%ymm14, %ymm15, %ymm15
+        vpsubq	%ymm5, %ymm8, %ymm5
+        vpsubq	%ymm15, %ymm9, %ymm15
+        vmovshdup	%ymm5, %ymm5
+        vpblendd	$0xaa, %ymm15, %ymm5, %ymm5
+        vmovdqu	5056(%rdx), %ymm11
+        vmovdqu	5088(%rdx), %ymm13
+        vpsubd	%ymm6, %ymm2, %ymm8
+        vpaddd	%ymm6, %ymm2, %ymm2
+        vpmulld	%ymm12, %ymm8, %ymm6
+        vmovshdup	%ymm8, %ymm9
+        vpmuldq	%ymm10, %ymm8, %ymm8
+        vpmuldq	%ymm10, %ymm9, %ymm9
+        vmovshdup	%ymm6, %ymm15
+        vpmuldq	%ymm14, %ymm6, %ymm6
+        vpmuldq	%ymm14, %ymm15, %ymm15
+        vpsubq	%ymm6, %ymm8, %ymm6
+        vpsubq	%ymm15, %ymm9, %ymm15
+        vmovshdup	%ymm6, %ymm6
+        vpblendd	$0xaa, %ymm15, %ymm6, %ymm6
+        vpsubd	%ymm7, %ymm3, %ymm8
+        vpaddd	%ymm7, %ymm3, %ymm3
+        vpmulld	%ymm12, %ymm8, %ymm7
+        vmovshdup	%ymm8, %ymm9
+        vpmuldq	%ymm10, %ymm8, %ymm8
+        vpmuldq	%ymm10, %ymm9, %ymm9
+        vmovshdup	%ymm7, %ymm15
+        vpmuldq	%ymm14, %ymm7, %ymm7
+        vpmuldq	%ymm14, %ymm15, %ymm15
+        vpsubq	%ymm7, %ymm8, %ymm7
+        vpsubq	%ymm15, %ymm9, %ymm15
+        vmovshdup	%ymm7, %ymm7
+        vpblendd	$0xaa, %ymm15, %ymm7, %ymm7
+        vpmulld	%ymm13, %ymm0, %ymm8
+        vpmulld	%ymm13, %ymm1, %ymm10
+        vmovshdup	%ymm0, %ymm9
+        vmovshdup	%ymm1, %ymm12
+        vpmuldq	%ymm11, %ymm0, %ymm0
+        vpmuldq	%ymm11, %ymm1, %ymm1
+        vpmuldq	%ymm11, %ymm9, %ymm9
+        vpmuldq	%ymm11, %ymm12, %ymm12
+        vmovshdup	%ymm8, %ymm15
+        vpmuldq	%ymm14, %ymm8, %ymm8
+        vpmuldq	%ymm14, %ymm15, %ymm15
+        vpsubq	%ymm8, %ymm0, %ymm8
+        vpsubq	%ymm15, %ymm9, %ymm15
+        vmovshdup	%ymm10, %ymm9
+        vpmuldq	%ymm14, %ymm10, %ymm10
+        vpmuldq	%ymm14, %ymm9, %ymm9
+        vpsubq	%ymm10, %ymm1, %ymm10
+        vpsubq	%ymm9, %ymm12, %ymm9
+        vmovshdup	%ymm8, %ymm8
+        vmovshdup	%ymm10, %ymm10
+        vpblendd	$0xaa, %ymm15, %ymm8, %ymm0
+        vpblendd	$0xaa, %ymm9, %ymm10, %ymm1
+        vpmulld	%ymm13, %ymm2, %ymm8
+        vpmulld	%ymm13, %ymm3, %ymm10
+        vmovshdup	%ymm2, %ymm9
+        vmovshdup	%ymm3, %ymm12
+        vpmuldq	%ymm11, %ymm2, %ymm2
+        vpmuldq	%ymm11, %ymm3, %ymm3
+        vpmuldq	%ymm11, %ymm9, %ymm9
+        vpmuldq	%ymm11, %ymm12, %ymm12
+        vmovshdup	%ymm8, %ymm15
+        vpmuldq	%ymm14, %ymm8, %ymm8
+        vpmuldq	%ymm14, %ymm15, %ymm15
+        vpsubq	%ymm8, %ymm2, %ymm8
+        vpsubq	%ymm15, %ymm9, %ymm15
+        vmovshdup	%ymm10, %ymm9
+        vpmuldq	%ymm14, %ymm10, %ymm10
+        vpmuldq	%ymm14, %ymm9, %ymm9
+        vpsubq	%ymm10, %ymm3, %ymm10
+        vpsubq	%ymm9, %ymm12, %ymm9
+        vmovshdup	%ymm8, %ymm8
+        vmovshdup	%ymm10, %ymm10
+        vpblendd	$0xaa, %ymm15, %ymm8, %ymm2
+        vpblendd	$0xaa, %ymm9, %ymm10, %ymm3
+        vpmulld	%ymm13, %ymm4, %ymm8
+        vpmulld	%ymm13, %ymm5, %ymm10
+        vmovshdup	%ymm4, %ymm9
+        vmovshdup	%ymm5, %ymm12
+        vpmuldq	%ymm11, %ymm4, %ymm4
+        vpmuldq	%ymm11, %ymm5, %ymm5
+        vpmuldq	%ymm11, %ymm9, %ymm9
+        vpmuldq	%ymm11, %ymm12, %ymm12
+        vmovshdup	%ymm8, %ymm15
+        vpmuldq	%ymm14, %ymm8, %ymm8
+        vpmuldq	%ymm14, %ymm15, %ymm15
+        vpsubq	%ymm8, %ymm4, %ymm8
+        vpsubq	%ymm15, %ymm9, %ymm15
+        vmovshdup	%ymm10, %ymm9
+        vpmuldq	%ymm14, %ymm10, %ymm10
+        vpmuldq	%ymm14, %ymm9, %ymm9
+        vpsubq	%ymm10, %ymm5, %ymm10
+        vpsubq	%ymm9, %ymm12, %ymm9
+        vmovshdup	%ymm8, %ymm8
+        vmovshdup	%ymm10, %ymm10
+        vpblendd	$0xaa, %ymm15, %ymm8, %ymm4
+        vpblendd	$0xaa, %ymm9, %ymm10, %ymm5
+        vpmulld	%ymm13, %ymm6, %ymm8
+        vpmulld	%ymm13, %ymm7, %ymm10
+        vmovshdup	%ymm6, %ymm9
+        vmovshdup	%ymm7, %ymm12
+        vpmuldq	%ymm11, %ymm6, %ymm6
+        vpmuldq	%ymm11, %ymm7, %ymm7
+        vpmuldq	%ymm11, %ymm9, %ymm9
+        vpmuldq	%ymm11, %ymm12, %ymm12
+        vmovshdup	%ymm8, %ymm15
+        vpmuldq	%ymm14, %ymm8, %ymm8
+        vpmuldq	%ymm14, %ymm15, %ymm15
+        vpsubq	%ymm8, %ymm6, %ymm8
+        vpsubq	%ymm15, %ymm9, %ymm15
+        vmovshdup	%ymm10, %ymm9
+        vpmuldq	%ymm14, %ymm10, %ymm10
+        vpmuldq	%ymm14, %ymm9, %ymm9
+        vpsubq	%ymm10, %ymm7, %ymm10
+        vpsubq	%ymm9, %ymm12, %ymm9
+        vmovshdup	%ymm8, %ymm8
+        vmovshdup	%ymm10, %ymm10
+        vpblendd	$0xaa, %ymm15, %ymm8, %ymm6
+        vpblendd	$0xaa, %ymm9, %ymm10, %ymm7
+        vmovdqu	%ymm0, 64(%rdi)
+        vmovdqu	%ymm1, 192(%rdi)
+        vmovdqu	%ymm2, 320(%rdi)
+        vmovdqu	%ymm3, 448(%rdi)
+        vmovdqu	%ymm4, 576(%rdi)
+        vmovdqu	%ymm5, 704(%rdi)
+        vmovdqu	%ymm6, 832(%rdi)
+        vmovdqu	%ymm7, 960(%rdi)
+        vmovdqu	4864(%rdx), %ymm10
+        vmovdqu	4896(%rdx), %ymm12
+        vmovdqu	4928(%rdx), %ymm11
+        vmovdqu	4960(%rdx), %ymm13
+        vmovdqu	32(%rdi), %ymm0
+        vmovdqu	160(%rdi), %ymm1
+        vmovdqu	288(%rdi), %ymm2
+        vmovdqu	416(%rdi), %ymm3
+        vmovdqu	544(%rdi), %ymm4
+        vmovdqu	672(%rdi), %ymm5
+        vmovdqu	800(%rdi), %ymm6
+        vmovdqu	928(%rdi), %ymm7
+        # 64: 2/4
+        vpsubd	%ymm2, %ymm0, %ymm8
+        vpaddd	%ymm2, %ymm0, %ymm0
+        vpmulld	%ymm12, %ymm8, %ymm2
+        vmovshdup	%ymm8, %ymm9
+        vpmuldq	%ymm10, %ymm8, %ymm8
+        vpmuldq	%ymm10, %ymm9, %ymm9
+        vmovshdup	%ymm2, %ymm15
+        vpmuldq	%ymm14, %ymm2, %ymm2
+        vpmuldq	%ymm14, %ymm15, %ymm15
+        vpsubq	%ymm2, %ymm8, %ymm2
+        vpsubq	%ymm15, %ymm9, %ymm15
+        vmovshdup	%ymm2, %ymm2
+        vpblendd	$0xaa, %ymm15, %ymm2, %ymm2
+        vpsubd	%ymm3, %ymm1, %ymm8
+        vpaddd	%ymm3, %ymm1, %ymm1
+        vpmulld	%ymm12, %ymm8, %ymm3
+        vmovshdup	%ymm8, %ymm9
+        vpmuldq	%ymm10, %ymm8, %ymm8
+        vpmuldq	%ymm10, %ymm9, %ymm9
+        vmovshdup	%ymm3, %ymm15
+        vpmuldq	%ymm14, %ymm3, %ymm3
+        vpmuldq	%ymm14, %ymm15, %ymm15
+        vpsubq	%ymm3, %ymm8, %ymm3
+        vpsubq	%ymm15, %ymm9, %ymm15
+        vmovshdup	%ymm3, %ymm3
+        vpblendd	$0xaa, %ymm15, %ymm3, %ymm3
+        vmovdqu	4992(%rdx), %ymm10
+        vmovdqu	5024(%rdx), %ymm12
+        vpsubd	%ymm6, %ymm4, %ymm8
+        vpaddd	%ymm6, %ymm4, %ymm4
+        vpmulld	%ymm13, %ymm8, %ymm6
+        vmovshdup	%ymm8, %ymm9
+        vpmuldq	%ymm11, %ymm8, %ymm8
+        vpmuldq	%ymm11, %ymm9, %ymm9
+        vmovshdup	%ymm6, %ymm15
+        vpmuldq	%ymm14, %ymm6, %ymm6
+        vpmuldq	%ymm14, %ymm15, %ymm15
+        vpsubq	%ymm6, %ymm8, %ymm6
+        vpsubq	%ymm15, %ymm9, %ymm15
+        vmovshdup	%ymm6, %ymm6
+        vpblendd	$0xaa, %ymm15, %ymm6, %ymm6
+        vpsubd	%ymm7, %ymm5, %ymm8
+        vpaddd	%ymm7, %ymm5, %ymm5
+        vpmulld	%ymm13, %ymm8, %ymm7
+        vmovshdup	%ymm8, %ymm9
+        vpmuldq	%ymm11, %ymm8, %ymm8
+        vpmuldq	%ymm11, %ymm9, %ymm9
+        vmovshdup	%ymm7, %ymm15
+        vpmuldq	%ymm14, %ymm7, %ymm7
+        vpmuldq	%ymm14, %ymm15, %ymm15
+        vpsubq	%ymm7, %ymm8, %ymm7
+        vpsubq	%ymm15, %ymm9, %ymm15
+        vmovshdup	%ymm7, %ymm7
+        vpblendd	$0xaa, %ymm15, %ymm7, %ymm7
+        # 128: 2/4
+        vpsubd	%ymm4, %ymm0, %ymm8
+        vpaddd	%ymm4, %ymm0, %ymm0
+        vpmulld	%ymm12, %ymm8, %ymm4
+        vmovshdup	%ymm8, %ymm9
+        vpmuldq	%ymm10, %ymm8, %ymm8
+        vpmuldq	%ymm10, %ymm9, %ymm9
+        vmovshdup	%ymm4, %ymm15
+        vpmuldq	%ymm14, %ymm4, %ymm4
+        vpmuldq	%ymm14, %ymm15, %ymm15
+        vpsubq	%ymm4, %ymm8, %ymm4
+        vpsubq	%ymm15, %ymm9, %ymm15
+        vmovshdup	%ymm4, %ymm4
+        vpblendd	$0xaa, %ymm15, %ymm4, %ymm4
+        vpsubd	%ymm5, %ymm1, %ymm8
+        vpaddd	%ymm5, %ymm1, %ymm1
+        vpmulld	%ymm12, %ymm8, %ymm5
+        vmovshdup	%ymm8, %ymm9
+        vpmuldq	%ymm10, %ymm8, %ymm8
+        vpmuldq	%ymm10, %ymm9, %ymm9
+        vmovshdup	%ymm5, %ymm15
+        vpmuldq	%ymm14, %ymm5, %ymm5
+        vpmuldq	%ymm14, %ymm15, %ymm15
+        vpsubq	%ymm5, %ymm8, %ymm5
+        vpsubq	%ymm15, %ymm9, %ymm15
+        vmovshdup	%ymm5, %ymm5
+        vpblendd	$0xaa, %ymm15, %ymm5, %ymm5
+        vmovdqu	5056(%rdx), %ymm11
+        vmovdqu	5088(%rdx), %ymm13
+        vpsubd	%ymm6, %ymm2, %ymm8
+        vpaddd	%ymm6, %ymm2, %ymm2
+        vpmulld	%ymm12, %ymm8, %ymm6
+        vmovshdup	%ymm8, %ymm9
+        vpmuldq	%ymm10, %ymm8, %ymm8
+        vpmuldq	%ymm10, %ymm9, %ymm9
+        vmovshdup	%ymm6, %ymm15
+        vpmuldq	%ymm14, %ymm6, %ymm6
+        vpmuldq	%ymm14, %ymm15, %ymm15
+        vpsubq	%ymm6, %ymm8, %ymm6
+        vpsubq	%ymm15, %ymm9, %ymm15
+        vmovshdup	%ymm6, %ymm6
+        vpblendd	$0xaa, %ymm15, %ymm6, %ymm6
+        vpsubd	%ymm7, %ymm3, %ymm8
+        vpaddd	%ymm7, %ymm3, %ymm3
+        vpmulld	%ymm12, %ymm8, %ymm7
+        vmovshdup	%ymm8, %ymm9
+        vpmuldq	%ymm10, %ymm8, %ymm8
+        vpmuldq	%ymm10, %ymm9, %ymm9
+        vmovshdup	%ymm7, %ymm15
+        vpmuldq	%ymm14, %ymm7, %ymm7
+        vpmuldq	%ymm14, %ymm15, %ymm15
+        vpsubq	%ymm7, %ymm8, %ymm7
+        vpsubq	%ymm15, %ymm9, %ymm15
+        vmovshdup	%ymm7, %ymm7
+        vpblendd	$0xaa, %ymm15, %ymm7, %ymm7
+        vpmulld	%ymm13, %ymm0, %ymm8
+        vpmulld	%ymm13, %ymm1, %ymm10
+        vmovshdup	%ymm0, %ymm9
+        vmovshdup	%ymm1, %ymm12
+        vpmuldq	%ymm11, %ymm0, %ymm0
+        vpmuldq	%ymm11, %ymm1, %ymm1
+        vpmuldq	%ymm11, %ymm9, %ymm9
+        vpmuldq	%ymm11, %ymm12, %ymm12
+        vmovshdup	%ymm8, %ymm15
+        vpmuldq	%ymm14, %ymm8, %ymm8
+        vpmuldq	%ymm14, %ymm15, %ymm15
+        vpsubq	%ymm8, %ymm0, %ymm8
+        vpsubq	%ymm15, %ymm9, %ymm15
+        vmovshdup	%ymm10, %ymm9
+        vpmuldq	%ymm14, %ymm10, %ymm10
+        vpmuldq	%ymm14, %ymm9, %ymm9
+        vpsubq	%ymm10, %ymm1, %ymm10
+        vpsubq	%ymm9, %ymm12, %ymm9
+        vmovshdup	%ymm8, %ymm8
+        vmovshdup	%ymm10, %ymm10
+        vpblendd	$0xaa, %ymm15, %ymm8, %ymm0
+        vpblendd	$0xaa, %ymm9, %ymm10, %ymm1
+        vpmulld	%ymm13, %ymm2, %ymm8
+        vpmulld	%ymm13, %ymm3, %ymm10
+        vmovshdup	%ymm2, %ymm9
+        vmovshdup	%ymm3, %ymm12
+        vpmuldq	%ymm11, %ymm2, %ymm2
+        vpmuldq	%ymm11, %ymm3, %ymm3
+        vpmuldq	%ymm11, %ymm9, %ymm9
+        vpmuldq	%ymm11, %ymm12, %ymm12
+        vmovshdup	%ymm8, %ymm15
+        vpmuldq	%ymm14, %ymm8, %ymm8
+        vpmuldq	%ymm14, %ymm15, %ymm15
+        vpsubq	%ymm8, %ymm2, %ymm8
+        vpsubq	%ymm15, %ymm9, %ymm15
+        vmovshdup	%ymm10, %ymm9
+        vpmuldq	%ymm14, %ymm10, %ymm10
+        vpmuldq	%ymm14, %ymm9, %ymm9
+        vpsubq	%ymm10, %ymm3, %ymm10
+        vpsubq	%ymm9, %ymm12, %ymm9
+        vmovshdup	%ymm8, %ymm8
+        vmovshdup	%ymm10, %ymm10
+        vpblendd	$0xaa, %ymm15, %ymm8, %ymm2
+        vpblendd	$0xaa, %ymm9, %ymm10, %ymm3
+        vpmulld	%ymm13, %ymm4, %ymm8
+        vpmulld	%ymm13, %ymm5, %ymm10
+        vmovshdup	%ymm4, %ymm9
+        vmovshdup	%ymm5, %ymm12
+        vpmuldq	%ymm11, %ymm4, %ymm4
+        vpmuldq	%ymm11, %ymm5, %ymm5
+        vpmuldq	%ymm11, %ymm9, %ymm9
+        vpmuldq	%ymm11, %ymm12, %ymm12
+        vmovshdup	%ymm8, %ymm15
+        vpmuldq	%ymm14, %ymm8, %ymm8
+        vpmuldq	%ymm14, %ymm15, %ymm15
+        vpsubq	%ymm8, %ymm4, %ymm8
+        vpsubq	%ymm15, %ymm9, %ymm15
+        vmovshdup	%ymm10, %ymm9
+        vpmuldq	%ymm14, %ymm10, %ymm10
+        vpmuldq	%ymm14, %ymm9, %ymm9
+        vpsubq	%ymm10, %ymm5, %ymm10
+        vpsubq	%ymm9, %ymm12, %ymm9
+        vmovshdup	%ymm8, %ymm8
+        vmovshdup	%ymm10, %ymm10
+        vpblendd	$0xaa, %ymm15, %ymm8, %ymm4
+        vpblendd	$0xaa, %ymm9, %ymm10, %ymm5
+        vpmulld	%ymm13, %ymm6, %ymm8
+        vpmulld	%ymm13, %ymm7, %ymm10
+        vmovshdup	%ymm6, %ymm9
+        vmovshdup	%ymm7, %ymm12
+        vpmuldq	%ymm11, %ymm6, %ymm6
+        vpmuldq	%ymm11, %ymm7, %ymm7
+        vpmuldq	%ymm11, %ymm9, %ymm9
+        vpmuldq	%ymm11, %ymm12, %ymm12
+        vmovshdup	%ymm8, %ymm15
+        vpmuldq	%ymm14, %ymm8, %ymm8
+        vpmuldq	%ymm14, %ymm15, %ymm15
+        vpsubq	%ymm8, %ymm6, %ymm8
+        vpsubq	%ymm15, %ymm9, %ymm15
+        vmovshdup	%ymm10, %ymm9
+        vpmuldq	%ymm14, %ymm10, %ymm10
+        vpmuldq	%ymm14, %ymm9, %ymm9
+        vpsubq	%ymm10, %ymm7, %ymm10
+        vpsubq	%ymm9, %ymm12, %ymm9
+        vmovshdup	%ymm8, %ymm8
+        vmovshdup	%ymm10, %ymm10
+        vpblendd	$0xaa, %ymm15, %ymm8, %ymm6
+        vpblendd	$0xaa, %ymm9, %ymm10, %ymm7
+        vmovdqu	%ymm0, 32(%rdi)
+        vmovdqu	%ymm1, 160(%rdi)
+        vmovdqu	%ymm2, 288(%rdi)
+        vmovdqu	%ymm3, 416(%rdi)
+        vmovdqu	%ymm4, 544(%rdi)
+        vmovdqu	%ymm5, 672(%rdi)
+        vmovdqu	%ymm6, 800(%rdi)
+        vmovdqu	%ymm7, 928(%rdi)
+        vmovdqu	4864(%rdx), %ymm10
+        vmovdqu	4896(%rdx), %ymm12
+        vmovdqu	4928(%rdx), %ymm11
+        vmovdqu	4960(%rdx), %ymm13
+        vmovdqu	(%rdi), %ymm0
+        vmovdqu	128(%rdi), %ymm1
+        vmovdqu	256(%rdi), %ymm2
+        vmovdqu	384(%rdi), %ymm3
+        vmovdqu	512(%rdi), %ymm4
+        vmovdqu	640(%rdi), %ymm5
+        vmovdqu	768(%rdi), %ymm6
+        vmovdqu	896(%rdi), %ymm7
+        # 64: 1/4
+        vpsubd	%ymm2, %ymm0, %ymm8
+        vpaddd	%ymm2, %ymm0, %ymm0
+        vpmulld	%ymm12, %ymm8, %ymm2
+        vmovshdup	%ymm8, %ymm9
+        vpmuldq	%ymm10, %ymm8, %ymm8
+        vpmuldq	%ymm10, %ymm9, %ymm9
+        vmovshdup	%ymm2, %ymm15
+        vpmuldq	%ymm14, %ymm2, %ymm2
+        vpmuldq	%ymm14, %ymm15, %ymm15
+        vpsubq	%ymm2, %ymm8, %ymm2
+        vpsubq	%ymm15, %ymm9, %ymm15
+        vmovshdup	%ymm2, %ymm2
+        vpblendd	$0xaa, %ymm15, %ymm2, %ymm2
+        vpsubd	%ymm3, %ymm1, %ymm8
+        vpaddd	%ymm3, %ymm1, %ymm1
+        vpmulld	%ymm12, %ymm8, %ymm3
+        vmovshdup	%ymm8, %ymm9
+        vpmuldq	%ymm10, %ymm8, %ymm8
+        vpmuldq	%ymm10, %ymm9, %ymm9
+        vmovshdup	%ymm3, %ymm15
+        vpmuldq	%ymm14, %ymm3, %ymm3
+        vpmuldq	%ymm14, %ymm15, %ymm15
+        vpsubq	%ymm3, %ymm8, %ymm3
+        vpsubq	%ymm15, %ymm9, %ymm15
+        vmovshdup	%ymm3, %ymm3
+        vpblendd	$0xaa, %ymm15, %ymm3, %ymm3
+        vmovdqu	4992(%rdx), %ymm10
+        vmovdqu	5024(%rdx), %ymm12
+        vpsubd	%ymm6, %ymm4, %ymm8
+        vpaddd	%ymm6, %ymm4, %ymm4
+        vpmulld	%ymm13, %ymm8, %ymm6
+        vmovshdup	%ymm8, %ymm9
+        vpmuldq	%ymm11, %ymm8, %ymm8
+        vpmuldq	%ymm11, %ymm9, %ymm9
+        vmovshdup	%ymm6, %ymm15
+        vpmuldq	%ymm14, %ymm6, %ymm6
+        vpmuldq	%ymm14, %ymm15, %ymm15
+        vpsubq	%ymm6, %ymm8, %ymm6
+        vpsubq	%ymm15, %ymm9, %ymm15
+        vmovshdup	%ymm6, %ymm6
+        vpblendd	$0xaa, %ymm15, %ymm6, %ymm6
+        vpsubd	%ymm7, %ymm5, %ymm8
+        vpaddd	%ymm7, %ymm5, %ymm5
+        vpmulld	%ymm13, %ymm8, %ymm7
+        vmovshdup	%ymm8, %ymm9
+        vpmuldq	%ymm11, %ymm8, %ymm8
+        vpmuldq	%ymm11, %ymm9, %ymm9
+        vmovshdup	%ymm7, %ymm15
+        vpmuldq	%ymm14, %ymm7, %ymm7
+        vpmuldq	%ymm14, %ymm15, %ymm15
+        vpsubq	%ymm7, %ymm8, %ymm7
+        vpsubq	%ymm15, %ymm9, %ymm15
+        vmovshdup	%ymm7, %ymm7
+        vpblendd	$0xaa, %ymm15, %ymm7, %ymm7
+        # 128: 1/4
+        vpsubd	%ymm4, %ymm0, %ymm8
+        vpaddd	%ymm4, %ymm0, %ymm0
+        vpmulld	%ymm12, %ymm8, %ymm4
+        vmovshdup	%ymm8, %ymm9
+        vpmuldq	%ymm10, %ymm8, %ymm8
+        vpmuldq	%ymm10, %ymm9, %ymm9
+        vmovshdup	%ymm4, %ymm15
+        vpmuldq	%ymm14, %ymm4, %ymm4
+        vpmuldq	%ymm14, %ymm15, %ymm15
+        vpsubq	%ymm4, %ymm8, %ymm4
+        vpsubq	%ymm15, %ymm9, %ymm15
+        vmovshdup	%ymm4, %ymm4
+        vpblendd	$0xaa, %ymm15, %ymm4, %ymm4
+        vpsubd	%ymm5, %ymm1, %ymm8
+        vpaddd	%ymm5, %ymm1, %ymm1
+        vpmulld	%ymm12, %ymm8, %ymm5
+        vmovshdup	%ymm8, %ymm9
+        vpmuldq	%ymm10, %ymm8, %ymm8
+        vpmuldq	%ymm10, %ymm9, %ymm9
+        vmovshdup	%ymm5, %ymm15
+        vpmuldq	%ymm14, %ymm5, %ymm5
+        vpmuldq	%ymm14, %ymm15, %ymm15
+        vpsubq	%ymm5, %ymm8, %ymm5
+        vpsubq	%ymm15, %ymm9, %ymm15
+        vmovshdup	%ymm5, %ymm5
+        vpblendd	$0xaa, %ymm15, %ymm5, %ymm5
+        vmovdqu	5056(%rdx), %ymm11
+        vmovdqu	5088(%rdx), %ymm13
+        vpsubd	%ymm6, %ymm2, %ymm8
+        vpaddd	%ymm6, %ymm2, %ymm2
+        vpmulld	%ymm12, %ymm8, %ymm6
+        vmovshdup	%ymm8, %ymm9
+        vpmuldq	%ymm10, %ymm8, %ymm8
+        vpmuldq	%ymm10, %ymm9, %ymm9
+        vmovshdup	%ymm6, %ymm15
+        vpmuldq	%ymm14, %ymm6, %ymm6
+        vpmuldq	%ymm14, %ymm15, %ymm15
+        vpsubq	%ymm6, %ymm8, %ymm6
+        vpsubq	%ymm15, %ymm9, %ymm15
+        vmovshdup	%ymm6, %ymm6
+        vpblendd	$0xaa, %ymm15, %ymm6, %ymm6
+        vpsubd	%ymm7, %ymm3, %ymm8
+        vpaddd	%ymm7, %ymm3, %ymm3
+        vpmulld	%ymm12, %ymm8, %ymm7
+        vmovshdup	%ymm8, %ymm9
+        vpmuldq	%ymm10, %ymm8, %ymm8
+        vpmuldq	%ymm10, %ymm9, %ymm9
+        vmovshdup	%ymm7, %ymm15
+        vpmuldq	%ymm14, %ymm7, %ymm7
+        vpmuldq	%ymm14, %ymm15, %ymm15
+        vpsubq	%ymm7, %ymm8, %ymm7
+        vpsubq	%ymm15, %ymm9, %ymm15
+        vmovshdup	%ymm7, %ymm7
+        vpblendd	$0xaa, %ymm15, %ymm7, %ymm7
+        vpmulld	%ymm13, %ymm0, %ymm8
+        vpmulld	%ymm13, %ymm1, %ymm10
+        vmovshdup	%ymm0, %ymm9
+        vmovshdup	%ymm1, %ymm12
+        vpmuldq	%ymm11, %ymm0, %ymm0
+        vpmuldq	%ymm11, %ymm1, %ymm1
+        vpmuldq	%ymm11, %ymm9, %ymm9
+        vpmuldq	%ymm11, %ymm12, %ymm12
+        vmovshdup	%ymm8, %ymm15
+        vpmuldq	%ymm14, %ymm8, %ymm8
+        vpmuldq	%ymm14, %ymm15, %ymm15
+        vpsubq	%ymm8, %ymm0, %ymm8
+        vpsubq	%ymm15, %ymm9, %ymm15
+        vmovshdup	%ymm10, %ymm9
+        vpmuldq	%ymm14, %ymm10, %ymm10
+        vpmuldq	%ymm14, %ymm9, %ymm9
+        vpsubq	%ymm10, %ymm1, %ymm10
+        vpsubq	%ymm9, %ymm12, %ymm9
+        vmovshdup	%ymm8, %ymm8
+        vmovshdup	%ymm10, %ymm10
+        vpblendd	$0xaa, %ymm15, %ymm8, %ymm0
+        vpblendd	$0xaa, %ymm9, %ymm10, %ymm1
+        vpmulld	%ymm13, %ymm2, %ymm8
+        vpmulld	%ymm13, %ymm3, %ymm10
+        vmovshdup	%ymm2, %ymm9
+        vmovshdup	%ymm3, %ymm12
+        vpmuldq	%ymm11, %ymm2, %ymm2
+        vpmuldq	%ymm11, %ymm3, %ymm3
+        vpmuldq	%ymm11, %ymm9, %ymm9
+        vpmuldq	%ymm11, %ymm12, %ymm12
+        vmovshdup	%ymm8, %ymm15
+        vpmuldq	%ymm14, %ymm8, %ymm8
+        vpmuldq	%ymm14, %ymm15, %ymm15
+        vpsubq	%ymm8, %ymm2, %ymm8
+        vpsubq	%ymm15, %ymm9, %ymm15
+        vmovshdup	%ymm10, %ymm9
+        vpmuldq	%ymm14, %ymm10, %ymm10
+        vpmuldq	%ymm14, %ymm9, %ymm9
+        vpsubq	%ymm10, %ymm3, %ymm10
+        vpsubq	%ymm9, %ymm12, %ymm9
+        vmovshdup	%ymm8, %ymm8
+        vmovshdup	%ymm10, %ymm10
+        vpblendd	$0xaa, %ymm15, %ymm8, %ymm2
+        vpblendd	$0xaa, %ymm9, %ymm10, %ymm3
+        vpmulld	%ymm13, %ymm4, %ymm8
+        vpmulld	%ymm13, %ymm5, %ymm10
+        vmovshdup	%ymm4, %ymm9
+        vmovshdup	%ymm5, %ymm12
+        vpmuldq	%ymm11, %ymm4, %ymm4
+        vpmuldq	%ymm11, %ymm5, %ymm5
+        vpmuldq	%ymm11, %ymm9, %ymm9
+        vpmuldq	%ymm11, %ymm12, %ymm12
+        vmovshdup	%ymm8, %ymm15
+        vpmuldq	%ymm14, %ymm8, %ymm8
+        vpmuldq	%ymm14, %ymm15, %ymm15
+        vpsubq	%ymm8, %ymm4, %ymm8
+        vpsubq	%ymm15, %ymm9, %ymm15
+        vmovshdup	%ymm10, %ymm9
+        vpmuldq	%ymm14, %ymm10, %ymm10
+        vpmuldq	%ymm14, %ymm9, %ymm9
+        vpsubq	%ymm10, %ymm5, %ymm10
+        vpsubq	%ymm9, %ymm12, %ymm9
+        vmovshdup	%ymm8, %ymm8
+        vmovshdup	%ymm10, %ymm10
+        vpblendd	$0xaa, %ymm15, %ymm8, %ymm4
+        vpblendd	$0xaa, %ymm9, %ymm10, %ymm5
+        vpmulld	%ymm13, %ymm6, %ymm8
+        vpmulld	%ymm13, %ymm7, %ymm10
+        vmovshdup	%ymm6, %ymm9
+        vmovshdup	%ymm7, %ymm12
+        vpmuldq	%ymm11, %ymm6, %ymm6
+        vpmuldq	%ymm11, %ymm7, %ymm7
+        vpmuldq	%ymm11, %ymm9, %ymm9
+        vpmuldq	%ymm11, %ymm12, %ymm12
+        vmovshdup	%ymm8, %ymm15
+        vpmuldq	%ymm14, %ymm8, %ymm8
+        vpmuldq	%ymm14, %ymm15, %ymm15
+        vpsubq	%ymm8, %ymm6, %ymm8
+        vpsubq	%ymm15, %ymm9, %ymm15
+        vmovshdup	%ymm10, %ymm9
+        vpmuldq	%ymm14, %ymm10, %ymm10
+        vpmuldq	%ymm14, %ymm9, %ymm9
+        vpsubq	%ymm10, %ymm7, %ymm10
+        vpsubq	%ymm9, %ymm12, %ymm9
+        vmovshdup	%ymm8, %ymm8
+        vmovshdup	%ymm10, %ymm10
+        vpblendd	$0xaa, %ymm15, %ymm8, %ymm6
+        vpblendd	$0xaa, %ymm9, %ymm10, %ymm7
+        vmovdqu	%ymm0, (%rdi)
+        vmovdqu	%ymm1, 128(%rdi)
+        vmovdqu	%ymm2, 256(%rdi)
+        vmovdqu	%ymm3, 384(%rdi)
+        vmovdqu	%ymm4, 512(%rdi)
+        vmovdqu	%ymm5, 640(%rdi)
+        vmovdqu	%ymm6, 768(%rdi)
+        vmovdqu	%ymm7, 896(%rdi)
+        vzeroupper
+        repz retq
+#ifndef __APPLE__
+.size	wc_mldsa_invntt_full_avx2,.-wc_mldsa_invntt_full_avx2
+#endif /* __APPLE__ */
+#ifndef __APPLE__
+.text
+.globl	wc_mldsa_mul_avx2
+.type	wc_mldsa_mul_avx2,@function
+.align	16
+wc_mldsa_mul_avx2:
+#else
+.section	__TEXT,__text
+.globl	_wc_mldsa_mul_avx2
+.p2align	4
+_wc_mldsa_mul_avx2:
+#endif /* __APPLE__ */
+        vpxor	%ymm8, %ymm8, %ymm8
+        vmovdqu	mldsa_q(%rip), %ymm8
+        vmovdqu	mldsa_qinv(%rip), %ymm9
+        # 0..15
+        vmovdqu	(%rsi), %ymm0
+        vmovdqu	32(%rsi), %ymm2
+        vmovdqu	(%rdx), %ymm4
+        vmovdqu	32(%rdx), %ymm6
+        vpshufd	$0xf5, %ymm0, %ymm1
+        vpshufd	$0xf5, %ymm2, %ymm3
+        vpshufd	$0xf5, %ymm4, %ymm5
+        vpshufd	$0xf5, %ymm6, %ymm7
+        vpmuldq	%ymm4, %ymm0, %ymm0
+        vpmuldq	%ymm5, %ymm1, %ymm1
+        vpmuldq	%ymm6, %ymm2, %ymm2
+        vpmuldq	%ymm7, %ymm3, %ymm3
+        # Mont Reduce 2
+        vpmulld	%ymm9, %ymm0, %ymm4
+        vpmulld	%ymm9, %ymm1, %ymm5
+        vpmulld	%ymm9, %ymm2, %ymm6
+        vpmulld	%ymm9, %ymm3, %ymm7
+        vpmuldq	%ymm8, %ymm4, %ymm4
+        vpmuldq	%ymm8, %ymm5, %ymm5
+        vpmuldq	%ymm8, %ymm6, %ymm6
+        vpmuldq	%ymm8, %ymm7, %ymm7
+        vpsubd	%ymm4, %ymm0, %ymm0
+        vpsubd	%ymm5, %ymm1, %ymm1
+        vpsubd	%ymm6, %ymm2, %ymm2
+        vpsubd	%ymm7, %ymm3, %ymm3
+        vpsrlq	$32, %ymm0, %ymm0
+        vpsrlq	$32, %ymm2, %ymm2
+        vpor	%ymm1, %ymm0, %ymm0
+        vpor	%ymm3, %ymm2, %ymm2
+        vmovdqu	%ymm0, (%rdi)
+        vmovdqu	%ymm2, 32(%rdi)
+        # 16..31
+        vmovdqu	64(%rsi), %ymm0
+        vmovdqu	96(%rsi), %ymm2
+        vmovdqu	64(%rdx), %ymm4
+        vmovdqu	96(%rdx), %ymm6
+        vpshufd	$0xf5, %ymm0, %ymm1
+        vpshufd	$0xf5, %ymm2, %ymm3
+        vpshufd	$0xf5, %ymm4, %ymm5
+        vpshufd	$0xf5, %ymm6, %ymm7
+        vpmuldq	%ymm4, %ymm0, %ymm0
+        vpmuldq	%ymm5, %ymm1, %ymm1
+        vpmuldq	%ymm6, %ymm2, %ymm2
+        vpmuldq	%ymm7, %ymm3, %ymm3
+        # Mont Reduce 2
+        vpmulld	%ymm9, %ymm0, %ymm4
+        vpmulld	%ymm9, %ymm1, %ymm5
+        vpmulld	%ymm9, %ymm2, %ymm6
+        vpmulld	%ymm9, %ymm3, %ymm7
+        vpmuldq	%ymm8, %ymm4, %ymm4
+        vpmuldq	%ymm8, %ymm5, %ymm5
+        vpmuldq	%ymm8, %ymm6, %ymm6
+        vpmuldq	%ymm8, %ymm7, %ymm7
+        vpsubd	%ymm4, %ymm0, %ymm0
+        vpsubd	%ymm5, %ymm1, %ymm1
+        vpsubd	%ymm6, %ymm2, %ymm2
+        vpsubd	%ymm7, %ymm3, %ymm3
+        vpsrlq	$32, %ymm0, %ymm0
+        vpsrlq	$32, %ymm2, %ymm2
+        vpor	%ymm1, %ymm0, %ymm0
+        vpor	%ymm3, %ymm2, %ymm2
+        vmovdqu	%ymm0, 64(%rdi)
+        vmovdqu	%ymm2, 96(%rdi)
+        # 32..47
+        vmovdqu	128(%rsi), %ymm0
+        vmovdqu	160(%rsi), %ymm2
+        vmovdqu	128(%rdx), %ymm4
+        vmovdqu	160(%rdx), %ymm6
+        vpshufd	$0xf5, %ymm0, %ymm1
+        vpshufd	$0xf5, %ymm2, %ymm3
+        vpshufd	$0xf5, %ymm4, %ymm5
+        vpshufd	$0xf5, %ymm6, %ymm7
+        vpmuldq	%ymm4, %ymm0, %ymm0
+        vpmuldq	%ymm5, %ymm1, %ymm1
+        vpmuldq	%ymm6, %ymm2, %ymm2
+        vpmuldq	%ymm7, %ymm3, %ymm3
+        # Mont Reduce 2
+        vpmulld	%ymm9, %ymm0, %ymm4
+        vpmulld	%ymm9, %ymm1, %ymm5
+        vpmulld	%ymm9, %ymm2, %ymm6
+        vpmulld	%ymm9, %ymm3, %ymm7
+        vpmuldq	%ymm8, %ymm4, %ymm4
+        vpmuldq	%ymm8, %ymm5, %ymm5
+        vpmuldq	%ymm8, %ymm6, %ymm6
+        vpmuldq	%ymm8, %ymm7, %ymm7
+        vpsubd	%ymm4, %ymm0, %ymm0
+        vpsubd	%ymm5, %ymm1, %ymm1
+        vpsubd	%ymm6, %ymm2, %ymm2
+        vpsubd	%ymm7, %ymm3, %ymm3
+        vpsrlq	$32, %ymm0, %ymm0
+        vpsrlq	$32, %ymm2, %ymm2
+        vpor	%ymm1, %ymm0, %ymm0
+        vpor	%ymm3, %ymm2, %ymm2
+        vmovdqu	%ymm0, 128(%rdi)
+        vmovdqu	%ymm2, 160(%rdi)
+        # 48..63
+        vmovdqu	192(%rsi), %ymm0
+        vmovdqu	224(%rsi), %ymm2
+        vmovdqu	192(%rdx), %ymm4
+        vmovdqu	224(%rdx), %ymm6
+        vpshufd	$0xf5, %ymm0, %ymm1
+        vpshufd	$0xf5, %ymm2, %ymm3
+        vpshufd	$0xf5, %ymm4, %ymm5
+        vpshufd	$0xf5, %ymm6, %ymm7
+        vpmuldq	%ymm4, %ymm0, %ymm0
+        vpmuldq	%ymm5, %ymm1, %ymm1
+        vpmuldq	%ymm6, %ymm2, %ymm2
+        vpmuldq	%ymm7, %ymm3, %ymm3
+        # Mont Reduce 2
+        vpmulld	%ymm9, %ymm0, %ymm4
+        vpmulld	%ymm9, %ymm1, %ymm5
+        vpmulld	%ymm9, %ymm2, %ymm6
+        vpmulld	%ymm9, %ymm3, %ymm7
+        vpmuldq	%ymm8, %ymm4, %ymm4
+        vpmuldq	%ymm8, %ymm5, %ymm5
+        vpmuldq	%ymm8, %ymm6, %ymm6
+        vpmuldq	%ymm8, %ymm7, %ymm7
+        vpsubd	%ymm4, %ymm0, %ymm0
+        vpsubd	%ymm5, %ymm1, %ymm1
+        vpsubd	%ymm6, %ymm2, %ymm2
+        vpsubd	%ymm7, %ymm3, %ymm3
+        vpsrlq	$32, %ymm0, %ymm0
+        vpsrlq	$32, %ymm2, %ymm2
+        vpor	%ymm1, %ymm0, %ymm0
+        vpor	%ymm3, %ymm2, %ymm2
+        vmovdqu	%ymm0, 192(%rdi)
+        vmovdqu	%ymm2, 224(%rdi)
+        # 64..79
+        vmovdqu	256(%rsi), %ymm0
+        vmovdqu	288(%rsi), %ymm2
+        vmovdqu	256(%rdx), %ymm4
+        vmovdqu	288(%rdx), %ymm6
+        vpshufd	$0xf5, %ymm0, %ymm1
+        vpshufd	$0xf5, %ymm2, %ymm3
+        vpshufd	$0xf5, %ymm4, %ymm5
+        vpshufd	$0xf5, %ymm6, %ymm7
+        vpmuldq	%ymm4, %ymm0, %ymm0
+        vpmuldq	%ymm5, %ymm1, %ymm1
+        vpmuldq	%ymm6, %ymm2, %ymm2
+        vpmuldq	%ymm7, %ymm3, %ymm3
+        # Mont Reduce 2
+        vpmulld	%ymm9, %ymm0, %ymm4
+        vpmulld	%ymm9, %ymm1, %ymm5
+        vpmulld	%ymm9, %ymm2, %ymm6
+        vpmulld	%ymm9, %ymm3, %ymm7
+        vpmuldq	%ymm8, %ymm4, %ymm4
+        vpmuldq	%ymm8, %ymm5, %ymm5
+        vpmuldq	%ymm8, %ymm6, %ymm6
+        vpmuldq	%ymm8, %ymm7, %ymm7
+        vpsubd	%ymm4, %ymm0, %ymm0
+        vpsubd	%ymm5, %ymm1, %ymm1
+        vpsubd	%ymm6, %ymm2, %ymm2
+        vpsubd	%ymm7, %ymm3, %ymm3
+        vpsrlq	$32, %ymm0, %ymm0
+        vpsrlq	$32, %ymm2, %ymm2
+        vpor	%ymm1, %ymm0, %ymm0
+        vpor	%ymm3, %ymm2, %ymm2
+        vmovdqu	%ymm0, 256(%rdi)
+        vmovdqu	%ymm2, 288(%rdi)
+        # 80..95
+        vmovdqu	320(%rsi), %ymm0
+        vmovdqu	352(%rsi), %ymm2
+        vmovdqu	320(%rdx), %ymm4
+        vmovdqu	352(%rdx), %ymm6
+        vpshufd	$0xf5, %ymm0, %ymm1
+        vpshufd	$0xf5, %ymm2, %ymm3
+        vpshufd	$0xf5, %ymm4, %ymm5
+        vpshufd	$0xf5, %ymm6, %ymm7
+        vpmuldq	%ymm4, %ymm0, %ymm0
+        vpmuldq	%ymm5, %ymm1, %ymm1
+        vpmuldq	%ymm6, %ymm2, %ymm2
+        vpmuldq	%ymm7, %ymm3, %ymm3
+        # Mont Reduce 2
+        vpmulld	%ymm9, %ymm0, %ymm4
+        vpmulld	%ymm9, %ymm1, %ymm5
+        vpmulld	%ymm9, %ymm2, %ymm6
+        vpmulld	%ymm9, %ymm3, %ymm7
+        vpmuldq	%ymm8, %ymm4, %ymm4
+        vpmuldq	%ymm8, %ymm5, %ymm5
+        vpmuldq	%ymm8, %ymm6, %ymm6
+        vpmuldq	%ymm8, %ymm7, %ymm7
+        vpsubd	%ymm4, %ymm0, %ymm0
+        vpsubd	%ymm5, %ymm1, %ymm1
+        vpsubd	%ymm6, %ymm2, %ymm2
+        vpsubd	%ymm7, %ymm3, %ymm3
+        vpsrlq	$32, %ymm0, %ymm0
+        vpsrlq	$32, %ymm2, %ymm2
+        vpor	%ymm1, %ymm0, %ymm0
+        vpor	%ymm3, %ymm2, %ymm2
+        vmovdqu	%ymm0, 320(%rdi)
+        vmovdqu	%ymm2, 352(%rdi)
+        # 96..111
+        vmovdqu	384(%rsi), %ymm0
+        vmovdqu	416(%rsi), %ymm2
+        vmovdqu	384(%rdx), %ymm4
+        vmovdqu	416(%rdx), %ymm6
+        vpshufd	$0xf5, %ymm0, %ymm1
+        vpshufd	$0xf5, %ymm2, %ymm3
+        vpshufd	$0xf5, %ymm4, %ymm5
+        vpshufd	$0xf5, %ymm6, %ymm7
+        vpmuldq	%ymm4, %ymm0, %ymm0
+        vpmuldq	%ymm5, %ymm1, %ymm1
+        vpmuldq	%ymm6, %ymm2, %ymm2
+        vpmuldq	%ymm7, %ymm3, %ymm3
+        # Mont Reduce 2
+        vpmulld	%ymm9, %ymm0, %ymm4
+        vpmulld	%ymm9, %ymm1, %ymm5
+        vpmulld	%ymm9, %ymm2, %ymm6
+        vpmulld	%ymm9, %ymm3, %ymm7
+        vpmuldq	%ymm8, %ymm4, %ymm4
+        vpmuldq	%ymm8, %ymm5, %ymm5
+        vpmuldq	%ymm8, %ymm6, %ymm6
+        vpmuldq	%ymm8, %ymm7, %ymm7
+        vpsubd	%ymm4, %ymm0, %ymm0
+        vpsubd	%ymm5, %ymm1, %ymm1
+        vpsubd	%ymm6, %ymm2, %ymm2
+        vpsubd	%ymm7, %ymm3, %ymm3
+        vpsrlq	$32, %ymm0, %ymm0
+        vpsrlq	$32, %ymm2, %ymm2
+        vpor	%ymm1, %ymm0, %ymm0
+        vpor	%ymm3, %ymm2, %ymm2
+        vmovdqu	%ymm0, 384(%rdi)
+        vmovdqu	%ymm2, 416(%rdi)
+        # 112..127
+        vmovdqu	448(%rsi), %ymm0
+        vmovdqu	480(%rsi), %ymm2
+        vmovdqu	448(%rdx), %ymm4
+        vmovdqu	480(%rdx), %ymm6
+        vpshufd	$0xf5, %ymm0, %ymm1
+        vpshufd	$0xf5, %ymm2, %ymm3
+        vpshufd	$0xf5, %ymm4, %ymm5
+        vpshufd	$0xf5, %ymm6, %ymm7
+        vpmuldq	%ymm4, %ymm0, %ymm0
+        vpmuldq	%ymm5, %ymm1, %ymm1
+        vpmuldq	%ymm6, %ymm2, %ymm2
+        vpmuldq	%ymm7, %ymm3, %ymm3
+        # Mont Reduce 2
+        vpmulld	%ymm9, %ymm0, %ymm4
+        vpmulld	%ymm9, %ymm1, %ymm5
+        vpmulld	%ymm9, %ymm2, %ymm6
+        vpmulld	%ymm9, %ymm3, %ymm7
+        vpmuldq	%ymm8, %ymm4, %ymm4
+        vpmuldq	%ymm8, %ymm5, %ymm5
+        vpmuldq	%ymm8, %ymm6, %ymm6
+        vpmuldq	%ymm8, %ymm7, %ymm7
+        vpsubd	%ymm4, %ymm0, %ymm0
+        vpsubd	%ymm5, %ymm1, %ymm1
+        vpsubd	%ymm6, %ymm2, %ymm2
+        vpsubd	%ymm7, %ymm3, %ymm3
+        vpsrlq	$32, %ymm0, %ymm0
+        vpsrlq	$32, %ymm2, %ymm2
+        vpor	%ymm1, %ymm0, %ymm0
+        vpor	%ymm3, %ymm2, %ymm2
+        vmovdqu	%ymm0, 448(%rdi)
+        vmovdqu	%ymm2, 480(%rdi)
+        # 128..143
+        vmovdqu	512(%rsi), %ymm0
+        vmovdqu	544(%rsi), %ymm2
+        vmovdqu	512(%rdx), %ymm4
+        vmovdqu	544(%rdx), %ymm6
+        vpshufd	$0xf5, %ymm0, %ymm1
+        vpshufd	$0xf5, %ymm2, %ymm3
+        vpshufd	$0xf5, %ymm4, %ymm5
+        vpshufd	$0xf5, %ymm6, %ymm7
+        vpmuldq	%ymm4, %ymm0, %ymm0
+        vpmuldq	%ymm5, %ymm1, %ymm1
+        vpmuldq	%ymm6, %ymm2, %ymm2
+        vpmuldq	%ymm7, %ymm3, %ymm3
+        # Mont Reduce 2
+        vpmulld	%ymm9, %ymm0, %ymm4
+        vpmulld	%ymm9, %ymm1, %ymm5
+        vpmulld	%ymm9, %ymm2, %ymm6
+        vpmulld	%ymm9, %ymm3, %ymm7
+        vpmuldq	%ymm8, %ymm4, %ymm4
+        vpmuldq	%ymm8, %ymm5, %ymm5
+        vpmuldq	%ymm8, %ymm6, %ymm6
+        vpmuldq	%ymm8, %ymm7, %ymm7
+        vpsubd	%ymm4, %ymm0, %ymm0
+        vpsubd	%ymm5, %ymm1, %ymm1
+        vpsubd	%ymm6, %ymm2, %ymm2
+        vpsubd	%ymm7, %ymm3, %ymm3
+        vpsrlq	$32, %ymm0, %ymm0
+        vpsrlq	$32, %ymm2, %ymm2
+        vpor	%ymm1, %ymm0, %ymm0
+        vpor	%ymm3, %ymm2, %ymm2
+        vmovdqu	%ymm0, 512(%rdi)
+        vmovdqu	%ymm2, 544(%rdi)
+        # 144..159
+        vmovdqu	576(%rsi), %ymm0
+        vmovdqu	608(%rsi), %ymm2
+        vmovdqu	576(%rdx), %ymm4
+        vmovdqu	608(%rdx), %ymm6
+        vpshufd	$0xf5, %ymm0, %ymm1
+        vpshufd	$0xf5, %ymm2, %ymm3
+        vpshufd	$0xf5, %ymm4, %ymm5
+        vpshufd	$0xf5, %ymm6, %ymm7
+        vpmuldq	%ymm4, %ymm0, %ymm0
+        vpmuldq	%ymm5, %ymm1, %ymm1
+        vpmuldq	%ymm6, %ymm2, %ymm2
+        vpmuldq	%ymm7, %ymm3, %ymm3
+        # Mont Reduce 2
+        vpmulld	%ymm9, %ymm0, %ymm4
+        vpmulld	%ymm9, %ymm1, %ymm5
+        vpmulld	%ymm9, %ymm2, %ymm6
+        vpmulld	%ymm9, %ymm3, %ymm7
+        vpmuldq	%ymm8, %ymm4, %ymm4
+        vpmuldq	%ymm8, %ymm5, %ymm5
+        vpmuldq	%ymm8, %ymm6, %ymm6
+        vpmuldq	%ymm8, %ymm7, %ymm7
+        vpsubd	%ymm4, %ymm0, %ymm0
+        vpsubd	%ymm5, %ymm1, %ymm1
+        vpsubd	%ymm6, %ymm2, %ymm2
+        vpsubd	%ymm7, %ymm3, %ymm3
+        vpsrlq	$32, %ymm0, %ymm0
+        vpsrlq	$32, %ymm2, %ymm2
+        vpor	%ymm1, %ymm0, %ymm0
+        vpor	%ymm3, %ymm2, %ymm2
+        vmovdqu	%ymm0, 576(%rdi)
+        vmovdqu	%ymm2, 608(%rdi)
+        # 160..175
+        vmovdqu	640(%rsi), %ymm0
+        vmovdqu	672(%rsi), %ymm2
+        vmovdqu	640(%rdx), %ymm4
+        vmovdqu	672(%rdx), %ymm6
+        vpshufd	$0xf5, %ymm0, %ymm1
+        vpshufd	$0xf5, %ymm2, %ymm3
+        vpshufd	$0xf5, %ymm4, %ymm5
+        vpshufd	$0xf5, %ymm6, %ymm7
+        vpmuldq	%ymm4, %ymm0, %ymm0
+        vpmuldq	%ymm5, %ymm1, %ymm1
+        vpmuldq	%ymm6, %ymm2, %ymm2
+        vpmuldq	%ymm7, %ymm3, %ymm3
+        # Mont Reduce 2
+        vpmulld	%ymm9, %ymm0, %ymm4
+        vpmulld	%ymm9, %ymm1, %ymm5
+        vpmulld	%ymm9, %ymm2, %ymm6
+        vpmulld	%ymm9, %ymm3, %ymm7
+        vpmuldq	%ymm8, %ymm4, %ymm4
+        vpmuldq	%ymm8, %ymm5, %ymm5
+        vpmuldq	%ymm8, %ymm6, %ymm6
+        vpmuldq	%ymm8, %ymm7, %ymm7
+        vpsubd	%ymm4, %ymm0, %ymm0
+        vpsubd	%ymm5, %ymm1, %ymm1
+        vpsubd	%ymm6, %ymm2, %ymm2
+        vpsubd	%ymm7, %ymm3, %ymm3
+        vpsrlq	$32, %ymm0, %ymm0
+        vpsrlq	$32, %ymm2, %ymm2
+        vpor	%ymm1, %ymm0, %ymm0
+        vpor	%ymm3, %ymm2, %ymm2
+        vmovdqu	%ymm0, 640(%rdi)
+        vmovdqu	%ymm2, 672(%rdi)
+        # 176..191
+        vmovdqu	704(%rsi), %ymm0
+        vmovdqu	736(%rsi), %ymm2
+        vmovdqu	704(%rdx), %ymm4
+        vmovdqu	736(%rdx), %ymm6
+        vpshufd	$0xf5, %ymm0, %ymm1
+        vpshufd	$0xf5, %ymm2, %ymm3
+        vpshufd	$0xf5, %ymm4, %ymm5
+        vpshufd	$0xf5, %ymm6, %ymm7
+        vpmuldq	%ymm4, %ymm0, %ymm0
+        vpmuldq	%ymm5, %ymm1, %ymm1
+        vpmuldq	%ymm6, %ymm2, %ymm2
+        vpmuldq	%ymm7, %ymm3, %ymm3
+        # Mont Reduce 2
+        vpmulld	%ymm9, %ymm0, %ymm4
+        vpmulld	%ymm9, %ymm1, %ymm5
+        vpmulld	%ymm9, %ymm2, %ymm6
+        vpmulld	%ymm9, %ymm3, %ymm7
+        vpmuldq	%ymm8, %ymm4, %ymm4
+        vpmuldq	%ymm8, %ymm5, %ymm5
+        vpmuldq	%ymm8, %ymm6, %ymm6
+        vpmuldq	%ymm8, %ymm7, %ymm7
+        vpsubd	%ymm4, %ymm0, %ymm0
+        vpsubd	%ymm5, %ymm1, %ymm1
+        vpsubd	%ymm6, %ymm2, %ymm2
+        vpsubd	%ymm7, %ymm3, %ymm3
+        vpsrlq	$32, %ymm0, %ymm0
+        vpsrlq	$32, %ymm2, %ymm2
+        vpor	%ymm1, %ymm0, %ymm0
+        vpor	%ymm3, %ymm2, %ymm2
+        vmovdqu	%ymm0, 704(%rdi)
+        vmovdqu	%ymm2, 736(%rdi)
+        # 192..207
+        vmovdqu	768(%rsi), %ymm0
+        vmovdqu	800(%rsi), %ymm2
+        vmovdqu	768(%rdx), %ymm4
+        vmovdqu	800(%rdx), %ymm6
+        vpshufd	$0xf5, %ymm0, %ymm1
+        vpshufd	$0xf5, %ymm2, %ymm3
+        vpshufd	$0xf5, %ymm4, %ymm5
+        vpshufd	$0xf5, %ymm6, %ymm7
+        vpmuldq	%ymm4, %ymm0, %ymm0
+        vpmuldq	%ymm5, %ymm1, %ymm1
+        vpmuldq	%ymm6, %ymm2, %ymm2
+        vpmuldq	%ymm7, %ymm3, %ymm3
+        # Mont Reduce 2
+        vpmulld	%ymm9, %ymm0, %ymm4
+        vpmulld	%ymm9, %ymm1, %ymm5
+        vpmulld	%ymm9, %ymm2, %ymm6
+        vpmulld	%ymm9, %ymm3, %ymm7
+        vpmuldq	%ymm8, %ymm4, %ymm4
+        vpmuldq	%ymm8, %ymm5, %ymm5
+        vpmuldq	%ymm8, %ymm6, %ymm6
+        vpmuldq	%ymm8, %ymm7, %ymm7
+        vpsubd	%ymm4, %ymm0, %ymm0
+        vpsubd	%ymm5, %ymm1, %ymm1
+        vpsubd	%ymm6, %ymm2, %ymm2
+        vpsubd	%ymm7, %ymm3, %ymm3
+        vpsrlq	$32, %ymm0, %ymm0
+        vpsrlq	$32, %ymm2, %ymm2
+        vpor	%ymm1, %ymm0, %ymm0
+        vpor	%ymm3, %ymm2, %ymm2
+        vmovdqu	%ymm0, 768(%rdi)
+        vmovdqu	%ymm2, 800(%rdi)
+        # 208..223
+        vmovdqu	832(%rsi), %ymm0
+        vmovdqu	864(%rsi), %ymm2
+        vmovdqu	832(%rdx), %ymm4
+        vmovdqu	864(%rdx), %ymm6
+        vpshufd	$0xf5, %ymm0, %ymm1
+        vpshufd	$0xf5, %ymm2, %ymm3
+        vpshufd	$0xf5, %ymm4, %ymm5
+        vpshufd	$0xf5, %ymm6, %ymm7
+        vpmuldq	%ymm4, %ymm0, %ymm0
+        vpmuldq	%ymm5, %ymm1, %ymm1
+        vpmuldq	%ymm6, %ymm2, %ymm2
+        vpmuldq	%ymm7, %ymm3, %ymm3
+        # Mont Reduce 2
+        vpmulld	%ymm9, %ymm0, %ymm4
+        vpmulld	%ymm9, %ymm1, %ymm5
+        vpmulld	%ymm9, %ymm2, %ymm6
+        vpmulld	%ymm9, %ymm3, %ymm7
+        vpmuldq	%ymm8, %ymm4, %ymm4
+        vpmuldq	%ymm8, %ymm5, %ymm5
+        vpmuldq	%ymm8, %ymm6, %ymm6
+        vpmuldq	%ymm8, %ymm7, %ymm7
+        vpsubd	%ymm4, %ymm0, %ymm0
+        vpsubd	%ymm5, %ymm1, %ymm1
+        vpsubd	%ymm6, %ymm2, %ymm2
+        vpsubd	%ymm7, %ymm3, %ymm3
+        vpsrlq	$32, %ymm0, %ymm0
+        vpsrlq	$32, %ymm2, %ymm2
+        vpor	%ymm1, %ymm0, %ymm0
+        vpor	%ymm3, %ymm2, %ymm2
+        vmovdqu	%ymm0, 832(%rdi)
+        vmovdqu	%ymm2, 864(%rdi)
+        # 224..239
+        vmovdqu	896(%rsi), %ymm0
+        vmovdqu	928(%rsi), %ymm2
+        vmovdqu	896(%rdx), %ymm4
+        vmovdqu	928(%rdx), %ymm6
+        vpshufd	$0xf5, %ymm0, %ymm1
+        vpshufd	$0xf5, %ymm2, %ymm3
+        vpshufd	$0xf5, %ymm4, %ymm5
+        vpshufd	$0xf5, %ymm6, %ymm7
+        vpmuldq	%ymm4, %ymm0, %ymm0
+        vpmuldq	%ymm5, %ymm1, %ymm1
+        vpmuldq	%ymm6, %ymm2, %ymm2
+        vpmuldq	%ymm7, %ymm3, %ymm3
+        # Mont Reduce 2
+        vpmulld	%ymm9, %ymm0, %ymm4
+        vpmulld	%ymm9, %ymm1, %ymm5
+        vpmulld	%ymm9, %ymm2, %ymm6
+        vpmulld	%ymm9, %ymm3, %ymm7
+        vpmuldq	%ymm8, %ymm4, %ymm4
+        vpmuldq	%ymm8, %ymm5, %ymm5
+        vpmuldq	%ymm8, %ymm6, %ymm6
+        vpmuldq	%ymm8, %ymm7, %ymm7
+        vpsubd	%ymm4, %ymm0, %ymm0
+        vpsubd	%ymm5, %ymm1, %ymm1
+        vpsubd	%ymm6, %ymm2, %ymm2
+        vpsubd	%ymm7, %ymm3, %ymm3
+        vpsrlq	$32, %ymm0, %ymm0
+        vpsrlq	$32, %ymm2, %ymm2
+        vpor	%ymm1, %ymm0, %ymm0
+        vpor	%ymm3, %ymm2, %ymm2
+        vmovdqu	%ymm0, 896(%rdi)
+        vmovdqu	%ymm2, 928(%rdi)
+        # 240..255
+        vmovdqu	960(%rsi), %ymm0
+        vmovdqu	992(%rsi), %ymm2
+        vmovdqu	960(%rdx), %ymm4
+        vmovdqu	992(%rdx), %ymm6
+        vpshufd	$0xf5, %ymm0, %ymm1
+        vpshufd	$0xf5, %ymm2, %ymm3
+        vpshufd	$0xf5, %ymm4, %ymm5
+        vpshufd	$0xf5, %ymm6, %ymm7
+        vpmuldq	%ymm4, %ymm0, %ymm0
+        vpmuldq	%ymm5, %ymm1, %ymm1
+        vpmuldq	%ymm6, %ymm2, %ymm2
+        vpmuldq	%ymm7, %ymm3, %ymm3
+        # Mont Reduce 2
+        vpmulld	%ymm9, %ymm0, %ymm4
+        vpmulld	%ymm9, %ymm1, %ymm5
+        vpmulld	%ymm9, %ymm2, %ymm6
+        vpmulld	%ymm9, %ymm3, %ymm7
+        vpmuldq	%ymm8, %ymm4, %ymm4
+        vpmuldq	%ymm8, %ymm5, %ymm5
+        vpmuldq	%ymm8, %ymm6, %ymm6
+        vpmuldq	%ymm8, %ymm7, %ymm7
+        vpsubd	%ymm4, %ymm0, %ymm0
+        vpsubd	%ymm5, %ymm1, %ymm1
+        vpsubd	%ymm6, %ymm2, %ymm2
+        vpsubd	%ymm7, %ymm3, %ymm3
+        vpsrlq	$32, %ymm0, %ymm0
+        vpsrlq	$32, %ymm2, %ymm2
+        vpor	%ymm1, %ymm0, %ymm0
+        vpor	%ymm3, %ymm2, %ymm2
+        vmovdqu	%ymm0, 960(%rdi)
+        vmovdqu	%ymm2, 992(%rdi)
+        vzeroupper
+        repz retq
+#ifndef __APPLE__
+.size	wc_mldsa_mul_avx2,.-wc_mldsa_mul_avx2
+#endif /* __APPLE__ */
+#ifndef __APPLE__
+.text
+.globl	wc_mldsa_mul_vec_4_avx2
+.type	wc_mldsa_mul_vec_4_avx2,@function
+.align	16
+wc_mldsa_mul_vec_4_avx2:
+#else
+.section	__TEXT,__text
+.globl	_wc_mldsa_mul_vec_4_avx2
+.p2align	4
+_wc_mldsa_mul_vec_4_avx2:
+#endif /* __APPLE__ */
+        vpxor	%ymm12, %ymm12, %ymm12
+        vmovdqu	mldsa_q(%rip), %ymm12
+        vmovdqu	mldsa_qinv(%rip), %ymm13
+        # 0..7
+        vmovdqu	(%rsi), %ymm0
+        vmovdqu	1024(%rsi), %ymm2
+        vmovdqu	(%rdx), %ymm6
+        vmovdqu	1024(%rdx), %ymm8
+        vpshufd	$0xf5, %ymm0, %ymm1
+        vpshufd	$0xf5, %ymm2, %ymm3
+        vpshufd	$0xf5, %ymm6, %ymm7
+        vpshufd	$0xf5, %ymm8, %ymm9
+        vpmuldq	%ymm6, %ymm0, %ymm0
+        vpmuldq	%ymm7, %ymm1, %ymm1
+        vpmuldq	%ymm8, %ymm2, %ymm2
+        vpmuldq	%ymm9, %ymm3, %ymm3
+        vpaddq	%ymm2, %ymm0, %ymm0
+        vpaddq	%ymm3, %ymm1, %ymm1
+        vmovdqu	2048(%rsi), %ymm2
+        vmovdqu	3072(%rsi), %ymm4
+        vmovdqu	2048(%rdx), %ymm8
+        vmovdqu	3072(%rdx), %ymm10
+        vpshufd	$0xf5, %ymm2, %ymm3
+        vpshufd	$0xf5, %ymm4, %ymm5
+        vpshufd	$0xf5, %ymm8, %ymm9
+        vpshufd	$0xf5, %ymm10, %ymm11
+        vpmuldq	%ymm8, %ymm2, %ymm2
+        vpmuldq	%ymm9, %ymm3, %ymm3
+        vpmuldq	%ymm10, %ymm4, %ymm4
+        vpmuldq	%ymm11, %ymm5, %ymm5
+        vpaddq	%ymm2, %ymm0, %ymm0
+        vpaddq	%ymm3, %ymm1, %ymm1
+        vpaddq	%ymm4, %ymm0, %ymm0
+        vpaddq	%ymm5, %ymm1, %ymm1
+        # Mont Reduce 2
+        vpmulld	%ymm13, %ymm0, %ymm6
+        vpmulld	%ymm13, %ymm1, %ymm7
+        vpmuldq	%ymm12, %ymm6, %ymm6
+        vpmuldq	%ymm12, %ymm7, %ymm7
+        vpsubd	%ymm6, %ymm0, %ymm0
+        vpsubd	%ymm7, %ymm1, %ymm1
+        vpsrlq	$32, %ymm0, %ymm0
+        vpor	%ymm1, %ymm0, %ymm0
+        vmovdqu	%ymm0, (%rdi)
+        # 8..15
+        vmovdqu	32(%rsi), %ymm0
+        vmovdqu	1056(%rsi), %ymm2
+        vmovdqu	32(%rdx), %ymm6
+        vmovdqu	1056(%rdx), %ymm8
+        vpshufd	$0xf5, %ymm0, %ymm1
+        vpshufd	$0xf5, %ymm2, %ymm3
+        vpshufd	$0xf5, %ymm6, %ymm7
+        vpshufd	$0xf5, %ymm8, %ymm9
+        vpmuldq	%ymm6, %ymm0, %ymm0
+        vpmuldq	%ymm7, %ymm1, %ymm1
+        vpmuldq	%ymm8, %ymm2, %ymm2
+        vpmuldq	%ymm9, %ymm3, %ymm3
+        vpaddq	%ymm2, %ymm0, %ymm0
+        vpaddq	%ymm3, %ymm1, %ymm1
+        vmovdqu	2080(%rsi), %ymm2
+        vmovdqu	3104(%rsi), %ymm4
+        vmovdqu	2080(%rdx), %ymm8
+        vmovdqu	3104(%rdx), %ymm10
+        vpshufd	$0xf5, %ymm2, %ymm3
+        vpshufd	$0xf5, %ymm4, %ymm5
+        vpshufd	$0xf5, %ymm8, %ymm9
+        vpshufd	$0xf5, %ymm10, %ymm11
+        vpmuldq	%ymm8, %ymm2, %ymm2
+        vpmuldq	%ymm9, %ymm3, %ymm3
+        vpmuldq	%ymm10, %ymm4, %ymm4
+        vpmuldq	%ymm11, %ymm5, %ymm5
+        vpaddq	%ymm2, %ymm0, %ymm0
+        vpaddq	%ymm3, %ymm1, %ymm1
+        vpaddq	%ymm4, %ymm0, %ymm0
+        vpaddq	%ymm5, %ymm1, %ymm1
+        # Mont Reduce 2
+        vpmulld	%ymm13, %ymm0, %ymm6
+        vpmulld	%ymm13, %ymm1, %ymm7
+        vpmuldq	%ymm12, %ymm6, %ymm6
+        vpmuldq	%ymm12, %ymm7, %ymm7
+        vpsubd	%ymm6, %ymm0, %ymm0
+        vpsubd	%ymm7, %ymm1, %ymm1
+        vpsrlq	$32, %ymm0, %ymm0
+        vpor	%ymm1, %ymm0, %ymm0
+        vmovdqu	%ymm0, 32(%rdi)
+        # 16..23
+        vmovdqu	64(%rsi), %ymm0
+        vmovdqu	1088(%rsi), %ymm2
+        vmovdqu	64(%rdx), %ymm6
+        vmovdqu	1088(%rdx), %ymm8
+        vpshufd	$0xf5, %ymm0, %ymm1
+        vpshufd	$0xf5, %ymm2, %ymm3
+        vpshufd	$0xf5, %ymm6, %ymm7
+        vpshufd	$0xf5, %ymm8, %ymm9
+        vpmuldq	%ymm6, %ymm0, %ymm0
+        vpmuldq	%ymm7, %ymm1, %ymm1
+        vpmuldq	%ymm8, %ymm2, %ymm2
+        vpmuldq	%ymm9, %ymm3, %ymm3
+        vpaddq	%ymm2, %ymm0, %ymm0
+        vpaddq	%ymm3, %ymm1, %ymm1
+        vmovdqu	2112(%rsi), %ymm2
+        vmovdqu	3136(%rsi), %ymm4
+        vmovdqu	2112(%rdx), %ymm8
+        vmovdqu	3136(%rdx), %ymm10
+        vpshufd	$0xf5, %ymm2, %ymm3
+        vpshufd	$0xf5, %ymm4, %ymm5
+        vpshufd	$0xf5, %ymm8, %ymm9
+        vpshufd	$0xf5, %ymm10, %ymm11
+        vpmuldq	%ymm8, %ymm2, %ymm2
+        vpmuldq	%ymm9, %ymm3, %ymm3
+        vpmuldq	%ymm10, %ymm4, %ymm4
+        vpmuldq	%ymm11, %ymm5, %ymm5
+        vpaddq	%ymm2, %ymm0, %ymm0
+        vpaddq	%ymm3, %ymm1, %ymm1
+        vpaddq	%ymm4, %ymm0, %ymm0
+        vpaddq	%ymm5, %ymm1, %ymm1
+        # Mont Reduce 2
+        vpmulld	%ymm13, %ymm0, %ymm6
+        vpmulld	%ymm13, %ymm1, %ymm7
+        vpmuldq	%ymm12, %ymm6, %ymm6
+        vpmuldq	%ymm12, %ymm7, %ymm7
+        vpsubd	%ymm6, %ymm0, %ymm0
+        vpsubd	%ymm7, %ymm1, %ymm1
+        vpsrlq	$32, %ymm0, %ymm0
+        vpor	%ymm1, %ymm0, %ymm0
+        vmovdqu	%ymm0, 64(%rdi)
+        # 24..31
+        vmovdqu	96(%rsi), %ymm0
+        vmovdqu	1120(%rsi), %ymm2
+        vmovdqu	96(%rdx), %ymm6
+        vmovdqu	1120(%rdx), %ymm8
+        vpshufd	$0xf5, %ymm0, %ymm1
+        vpshufd	$0xf5, %ymm2, %ymm3
+        vpshufd	$0xf5, %ymm6, %ymm7
+        vpshufd	$0xf5, %ymm8, %ymm9
+        vpmuldq	%ymm6, %ymm0, %ymm0
+        vpmuldq	%ymm7, %ymm1, %ymm1
+        vpmuldq	%ymm8, %ymm2, %ymm2
+        vpmuldq	%ymm9, %ymm3, %ymm3
+        vpaddq	%ymm2, %ymm0, %ymm0
+        vpaddq	%ymm3, %ymm1, %ymm1
+        vmovdqu	2144(%rsi), %ymm2
+        vmovdqu	3168(%rsi), %ymm4
+        vmovdqu	2144(%rdx), %ymm8
+        vmovdqu	3168(%rdx), %ymm10
+        vpshufd	$0xf5, %ymm2, %ymm3
+        vpshufd	$0xf5, %ymm4, %ymm5
+        vpshufd	$0xf5, %ymm8, %ymm9
+        vpshufd	$0xf5, %ymm10, %ymm11
+        vpmuldq	%ymm8, %ymm2, %ymm2
+        vpmuldq	%ymm9, %ymm3, %ymm3
+        vpmuldq	%ymm10, %ymm4, %ymm4
+        vpmuldq	%ymm11, %ymm5, %ymm5
+        vpaddq	%ymm2, %ymm0, %ymm0
+        vpaddq	%ymm3, %ymm1, %ymm1
+        vpaddq	%ymm4, %ymm0, %ymm0
+        vpaddq	%ymm5, %ymm1, %ymm1
+        # Mont Reduce 2
+        vpmulld	%ymm13, %ymm0, %ymm6
+        vpmulld	%ymm13, %ymm1, %ymm7
+        vpmuldq	%ymm12, %ymm6, %ymm6
+        vpmuldq	%ymm12, %ymm7, %ymm7
+        vpsubd	%ymm6, %ymm0, %ymm0
+        vpsubd	%ymm7, %ymm1, %ymm1
+        vpsrlq	$32, %ymm0, %ymm0
+        vpor	%ymm1, %ymm0, %ymm0
+        vmovdqu	%ymm0, 96(%rdi)
+        # 32..39
+        vmovdqu	128(%rsi), %ymm0
+        vmovdqu	1152(%rsi), %ymm2
+        vmovdqu	128(%rdx), %ymm6
+        vmovdqu	1152(%rdx), %ymm8
+        vpshufd	$0xf5, %ymm0, %ymm1
+        vpshufd	$0xf5, %ymm2, %ymm3
+        vpshufd	$0xf5, %ymm6, %ymm7
+        vpshufd	$0xf5, %ymm8, %ymm9
+        vpmuldq	%ymm6, %ymm0, %ymm0
+        vpmuldq	%ymm7, %ymm1, %ymm1
+        vpmuldq	%ymm8, %ymm2, %ymm2
+        vpmuldq	%ymm9, %ymm3, %ymm3
+        vpaddq	%ymm2, %ymm0, %ymm0
+        vpaddq	%ymm3, %ymm1, %ymm1
+        vmovdqu	2176(%rsi), %ymm2
+        vmovdqu	3200(%rsi), %ymm4
+        vmovdqu	2176(%rdx), %ymm8
+        vmovdqu	3200(%rdx), %ymm10
+        vpshufd	$0xf5, %ymm2, %ymm3
+        vpshufd	$0xf5, %ymm4, %ymm5
+        vpshufd	$0xf5, %ymm8, %ymm9
+        vpshufd	$0xf5, %ymm10, %ymm11
+        vpmuldq	%ymm8, %ymm2, %ymm2
+        vpmuldq	%ymm9, %ymm3, %ymm3
+        vpmuldq	%ymm10, %ymm4, %ymm4
+        vpmuldq	%ymm11, %ymm5, %ymm5
+        vpaddq	%ymm2, %ymm0, %ymm0
+        vpaddq	%ymm3, %ymm1, %ymm1
+        vpaddq	%ymm4, %ymm0, %ymm0
+        vpaddq	%ymm5, %ymm1, %ymm1
+        # Mont Reduce 2
+        vpmulld	%ymm13, %ymm0, %ymm6
+        vpmulld	%ymm13, %ymm1, %ymm7
+        vpmuldq	%ymm12, %ymm6, %ymm6
+        vpmuldq	%ymm12, %ymm7, %ymm7
+        vpsubd	%ymm6, %ymm0, %ymm0
+        vpsubd	%ymm7, %ymm1, %ymm1
+        vpsrlq	$32, %ymm0, %ymm0
+        vpor	%ymm1, %ymm0, %ymm0
+        vmovdqu	%ymm0, 128(%rdi)
+        # 40..47
+        vmovdqu	160(%rsi), %ymm0
+        vmovdqu	1184(%rsi), %ymm2
+        vmovdqu	160(%rdx), %ymm6
+        vmovdqu	1184(%rdx), %ymm8
+        vpshufd	$0xf5, %ymm0, %ymm1
+        vpshufd	$0xf5, %ymm2, %ymm3
+        vpshufd	$0xf5, %ymm6, %ymm7
+        vpshufd	$0xf5, %ymm8, %ymm9
+        vpmuldq	%ymm6, %ymm0, %ymm0
+        vpmuldq	%ymm7, %ymm1, %ymm1
+        vpmuldq	%ymm8, %ymm2, %ymm2
+        vpmuldq	%ymm9, %ymm3, %ymm3
+        vpaddq	%ymm2, %ymm0, %ymm0
+        vpaddq	%ymm3, %ymm1, %ymm1
+        vmovdqu	2208(%rsi), %ymm2
+        vmovdqu	3232(%rsi), %ymm4
+        vmovdqu	2208(%rdx), %ymm8
+        vmovdqu	3232(%rdx), %ymm10
+        vpshufd	$0xf5, %ymm2, %ymm3
+        vpshufd	$0xf5, %ymm4, %ymm5
+        vpshufd	$0xf5, %ymm8, %ymm9
+        vpshufd	$0xf5, %ymm10, %ymm11
+        vpmuldq	%ymm8, %ymm2, %ymm2
+        vpmuldq	%ymm9, %ymm3, %ymm3
+        vpmuldq	%ymm10, %ymm4, %ymm4
+        vpmuldq	%ymm11, %ymm5, %ymm5
+        vpaddq	%ymm2, %ymm0, %ymm0
+        vpaddq	%ymm3, %ymm1, %ymm1
+        vpaddq	%ymm4, %ymm0, %ymm0
+        vpaddq	%ymm5, %ymm1, %ymm1
+        # Mont Reduce 2
+        vpmulld	%ymm13, %ymm0, %ymm6
+        vpmulld	%ymm13, %ymm1, %ymm7
+        vpmuldq	%ymm12, %ymm6, %ymm6
+        vpmuldq	%ymm12, %ymm7, %ymm7
+        vpsubd	%ymm6, %ymm0, %ymm0
+        vpsubd	%ymm7, %ymm1, %ymm1
+        vpsrlq	$32, %ymm0, %ymm0
+        vpor	%ymm1, %ymm0, %ymm0
+        vmovdqu	%ymm0, 160(%rdi)
+        # 48..55
+        vmovdqu	192(%rsi), %ymm0
+        vmovdqu	1216(%rsi), %ymm2
+        vmovdqu	192(%rdx), %ymm6
+        vmovdqu	1216(%rdx), %ymm8
+        vpshufd	$0xf5, %ymm0, %ymm1
+        vpshufd	$0xf5, %ymm2, %ymm3
+        vpshufd	$0xf5, %ymm6, %ymm7
+        vpshufd	$0xf5, %ymm8, %ymm9
+        vpmuldq	%ymm6, %ymm0, %ymm0
+        vpmuldq	%ymm7, %ymm1, %ymm1
+        vpmuldq	%ymm8, %ymm2, %ymm2
+        vpmuldq	%ymm9, %ymm3, %ymm3
+        vpaddq	%ymm2, %ymm0, %ymm0
+        vpaddq	%ymm3, %ymm1, %ymm1
+        vmovdqu	2240(%rsi), %ymm2
+        vmovdqu	3264(%rsi), %ymm4
+        vmovdqu	2240(%rdx), %ymm8
+        vmovdqu	3264(%rdx), %ymm10
+        vpshufd	$0xf5, %ymm2, %ymm3
+        vpshufd	$0xf5, %ymm4, %ymm5
+        vpshufd	$0xf5, %ymm8, %ymm9
+        vpshufd	$0xf5, %ymm10, %ymm11
+        vpmuldq	%ymm8, %ymm2, %ymm2
+        vpmuldq	%ymm9, %ymm3, %ymm3
+        vpmuldq	%ymm10, %ymm4, %ymm4
+        vpmuldq	%ymm11, %ymm5, %ymm5
+        vpaddq	%ymm2, %ymm0, %ymm0
+        vpaddq	%ymm3, %ymm1, %ymm1
+        vpaddq	%ymm4, %ymm0, %ymm0
+        vpaddq	%ymm5, %ymm1, %ymm1
+        # Mont Reduce 2
+        vpmulld	%ymm13, %ymm0, %ymm6
+        vpmulld	%ymm13, %ymm1, %ymm7
+        vpmuldq	%ymm12, %ymm6, %ymm6
+        vpmuldq	%ymm12, %ymm7, %ymm7
+        vpsubd	%ymm6, %ymm0, %ymm0
+        vpsubd	%ymm7, %ymm1, %ymm1
+        vpsrlq	$32, %ymm0, %ymm0
+        vpor	%ymm1, %ymm0, %ymm0
+        vmovdqu	%ymm0, 192(%rdi)
+        # 56..63
+        vmovdqu	224(%rsi), %ymm0
+        vmovdqu	1248(%rsi), %ymm2
+        vmovdqu	224(%rdx), %ymm6
+        vmovdqu	1248(%rdx), %ymm8
+        vpshufd	$0xf5, %ymm0, %ymm1
+        vpshufd	$0xf5, %ymm2, %ymm3
+        vpshufd	$0xf5, %ymm6, %ymm7
+        vpshufd	$0xf5, %ymm8, %ymm9
+        vpmuldq	%ymm6, %ymm0, %ymm0
+        vpmuldq	%ymm7, %ymm1, %ymm1
+        vpmuldq	%ymm8, %ymm2, %ymm2
+        vpmuldq	%ymm9, %ymm3, %ymm3
+        vpaddq	%ymm2, %ymm0, %ymm0
+        vpaddq	%ymm3, %ymm1, %ymm1
+        vmovdqu	2272(%rsi), %ymm2
+        vmovdqu	3296(%rsi), %ymm4
+        vmovdqu	2272(%rdx), %ymm8
+        vmovdqu	3296(%rdx), %ymm10
+        vpshufd	$0xf5, %ymm2, %ymm3
+        vpshufd	$0xf5, %ymm4, %ymm5
+        vpshufd	$0xf5, %ymm8, %ymm9
+        vpshufd	$0xf5, %ymm10, %ymm11
+        vpmuldq	%ymm8, %ymm2, %ymm2
+        vpmuldq	%ymm9, %ymm3, %ymm3
+        vpmuldq	%ymm10, %ymm4, %ymm4
+        vpmuldq	%ymm11, %ymm5, %ymm5
+        vpaddq	%ymm2, %ymm0, %ymm0
+        vpaddq	%ymm3, %ymm1, %ymm1
+        vpaddq	%ymm4, %ymm0, %ymm0
+        vpaddq	%ymm5, %ymm1, %ymm1
+        # Mont Reduce 2
+        vpmulld	%ymm13, %ymm0, %ymm6
+        vpmulld	%ymm13, %ymm1, %ymm7
+        vpmuldq	%ymm12, %ymm6, %ymm6
+        vpmuldq	%ymm12, %ymm7, %ymm7
+        vpsubd	%ymm6, %ymm0, %ymm0
+        vpsubd	%ymm7, %ymm1, %ymm1
+        vpsrlq	$32, %ymm0, %ymm0
+        vpor	%ymm1, %ymm0, %ymm0
+        vmovdqu	%ymm0, 224(%rdi)
+        # 64..71
+        vmovdqu	256(%rsi), %ymm0
+        vmovdqu	1280(%rsi), %ymm2
+        vmovdqu	256(%rdx), %ymm6
+        vmovdqu	1280(%rdx), %ymm8
+        vpshufd	$0xf5, %ymm0, %ymm1
+        vpshufd	$0xf5, %ymm2, %ymm3
+        vpshufd	$0xf5, %ymm6, %ymm7
+        vpshufd	$0xf5, %ymm8, %ymm9
+        vpmuldq	%ymm6, %ymm0, %ymm0
+        vpmuldq	%ymm7, %ymm1, %ymm1
+        vpmuldq	%ymm8, %ymm2, %ymm2
+        vpmuldq	%ymm9, %ymm3, %ymm3
+        vpaddq	%ymm2, %ymm0, %ymm0
+        vpaddq	%ymm3, %ymm1, %ymm1
+        vmovdqu	2304(%rsi), %ymm2
+        vmovdqu	3328(%rsi), %ymm4
+        vmovdqu	2304(%rdx), %ymm8
+        vmovdqu	3328(%rdx), %ymm10
+        vpshufd	$0xf5, %ymm2, %ymm3
+        vpshufd	$0xf5, %ymm4, %ymm5
+        vpshufd	$0xf5, %ymm8, %ymm9
+        vpshufd	$0xf5, %ymm10, %ymm11
+        vpmuldq	%ymm8, %ymm2, %ymm2
+        vpmuldq	%ymm9, %ymm3, %ymm3
+        vpmuldq	%ymm10, %ymm4, %ymm4
+        vpmuldq	%ymm11, %ymm5, %ymm5
+        vpaddq	%ymm2, %ymm0, %ymm0
+        vpaddq	%ymm3, %ymm1, %ymm1
+        vpaddq	%ymm4, %ymm0, %ymm0
+        vpaddq	%ymm5, %ymm1, %ymm1
+        # Mont Reduce 2
+        vpmulld	%ymm13, %ymm0, %ymm6
+        vpmulld	%ymm13, %ymm1, %ymm7
+        vpmuldq	%ymm12, %ymm6, %ymm6
+        vpmuldq	%ymm12, %ymm7, %ymm7
+        vpsubd	%ymm6, %ymm0, %ymm0
+        vpsubd	%ymm7, %ymm1, %ymm1
+        vpsrlq	$32, %ymm0, %ymm0
+        vpor	%ymm1, %ymm0, %ymm0
+        vmovdqu	%ymm0, 256(%rdi)
+        # 72..79
+        vmovdqu	288(%rsi), %ymm0
+        vmovdqu	1312(%rsi), %ymm2
+        vmovdqu	288(%rdx), %ymm6
+        vmovdqu	1312(%rdx), %ymm8
+        vpshufd	$0xf5, %ymm0, %ymm1
+        vpshufd	$0xf5, %ymm2, %ymm3
+        vpshufd	$0xf5, %ymm6, %ymm7
+        vpshufd	$0xf5, %ymm8, %ymm9
+        vpmuldq	%ymm6, %ymm0, %ymm0
+        vpmuldq	%ymm7, %ymm1, %ymm1
+        vpmuldq	%ymm8, %ymm2, %ymm2
+        vpmuldq	%ymm9, %ymm3, %ymm3
+        vpaddq	%ymm2, %ymm0, %ymm0
+        vpaddq	%ymm3, %ymm1, %ymm1
+        vmovdqu	2336(%rsi), %ymm2
+        vmovdqu	3360(%rsi), %ymm4
+        vmovdqu	2336(%rdx), %ymm8
+        vmovdqu	3360(%rdx), %ymm10
+        vpshufd	$0xf5, %ymm2, %ymm3
+        vpshufd	$0xf5, %ymm4, %ymm5
+        vpshufd	$0xf5, %ymm8, %ymm9
+        vpshufd	$0xf5, %ymm10, %ymm11
+        vpmuldq	%ymm8, %ymm2, %ymm2
+        vpmuldq	%ymm9, %ymm3, %ymm3
+        vpmuldq	%ymm10, %ymm4, %ymm4
+        vpmuldq	%ymm11, %ymm5, %ymm5
+        vpaddq	%ymm2, %ymm0, %ymm0
+        vpaddq	%ymm3, %ymm1, %ymm1
+        vpaddq	%ymm4, %ymm0, %ymm0
+        vpaddq	%ymm5, %ymm1, %ymm1
+        # Mont Reduce 2
+        vpmulld	%ymm13, %ymm0, %ymm6
+        vpmulld	%ymm13, %ymm1, %ymm7
+        vpmuldq	%ymm12, %ymm6, %ymm6
+        vpmuldq	%ymm12, %ymm7, %ymm7
+        vpsubd	%ymm6, %ymm0, %ymm0
+        vpsubd	%ymm7, %ymm1, %ymm1
+        vpsrlq	$32, %ymm0, %ymm0
+        vpor	%ymm1, %ymm0, %ymm0
+        vmovdqu	%ymm0, 288(%rdi)
+        # 80..87
+        vmovdqu	320(%rsi), %ymm0
+        vmovdqu	1344(%rsi), %ymm2
+        vmovdqu	320(%rdx), %ymm6
+        vmovdqu	1344(%rdx), %ymm8
+        vpshufd	$0xf5, %ymm0, %ymm1
+        vpshufd	$0xf5, %ymm2, %ymm3
+        vpshufd	$0xf5, %ymm6, %ymm7
+        vpshufd	$0xf5, %ymm8, %ymm9
+        vpmuldq	%ymm6, %ymm0, %ymm0
+        vpmuldq	%ymm7, %ymm1, %ymm1
+        vpmuldq	%ymm8, %ymm2, %ymm2
+        vpmuldq	%ymm9, %ymm3, %ymm3
+        vpaddq	%ymm2, %ymm0, %ymm0
+        vpaddq	%ymm3, %ymm1, %ymm1
+        vmovdqu	2368(%rsi), %ymm2
+        vmovdqu	3392(%rsi), %ymm4
+        vmovdqu	2368(%rdx), %ymm8
+        vmovdqu	3392(%rdx), %ymm10
+        vpshufd	$0xf5, %ymm2, %ymm3
+        vpshufd	$0xf5, %ymm4, %ymm5
+        vpshufd	$0xf5, %ymm8, %ymm9
+        vpshufd	$0xf5, %ymm10, %ymm11
+        vpmuldq	%ymm8, %ymm2, %ymm2
+        vpmuldq	%ymm9, %ymm3, %ymm3
+        vpmuldq	%ymm10, %ymm4, %ymm4
+        vpmuldq	%ymm11, %ymm5, %ymm5
+        vpaddq	%ymm2, %ymm0, %ymm0
+        vpaddq	%ymm3, %ymm1, %ymm1
+        vpaddq	%ymm4, %ymm0, %ymm0
+        vpaddq	%ymm5, %ymm1, %ymm1
+        # Mont Reduce 2
+        vpmulld	%ymm13, %ymm0, %ymm6
+        vpmulld	%ymm13, %ymm1, %ymm7
+        vpmuldq	%ymm12, %ymm6, %ymm6
+        vpmuldq	%ymm12, %ymm7, %ymm7
+        vpsubd	%ymm6, %ymm0, %ymm0
+        vpsubd	%ymm7, %ymm1, %ymm1
+        vpsrlq	$32, %ymm0, %ymm0
+        vpor	%ymm1, %ymm0, %ymm0
+        vmovdqu	%ymm0, 320(%rdi)
+        # 88..95
+        vmovdqu	352(%rsi), %ymm0
+        vmovdqu	1376(%rsi), %ymm2
+        vmovdqu	352(%rdx), %ymm6
+        vmovdqu	1376(%rdx), %ymm8
+        vpshufd	$0xf5, %ymm0, %ymm1
+        vpshufd	$0xf5, %ymm2, %ymm3
+        vpshufd	$0xf5, %ymm6, %ymm7
+        vpshufd	$0xf5, %ymm8, %ymm9
+        vpmuldq	%ymm6, %ymm0, %ymm0
+        vpmuldq	%ymm7, %ymm1, %ymm1
+        vpmuldq	%ymm8, %ymm2, %ymm2
+        vpmuldq	%ymm9, %ymm3, %ymm3
+        vpaddq	%ymm2, %ymm0, %ymm0
+        vpaddq	%ymm3, %ymm1, %ymm1
+        vmovdqu	2400(%rsi), %ymm2
+        vmovdqu	3424(%rsi), %ymm4
+        vmovdqu	2400(%rdx), %ymm8
+        vmovdqu	3424(%rdx), %ymm10
+        vpshufd	$0xf5, %ymm2, %ymm3
+        vpshufd	$0xf5, %ymm4, %ymm5
+        vpshufd	$0xf5, %ymm8, %ymm9
+        vpshufd	$0xf5, %ymm10, %ymm11
+        vpmuldq	%ymm8, %ymm2, %ymm2
+        vpmuldq	%ymm9, %ymm3, %ymm3
+        vpmuldq	%ymm10, %ymm4, %ymm4
+        vpmuldq	%ymm11, %ymm5, %ymm5
+        vpaddq	%ymm2, %ymm0, %ymm0
+        vpaddq	%ymm3, %ymm1, %ymm1
+        vpaddq	%ymm4, %ymm0, %ymm0
+        vpaddq	%ymm5, %ymm1, %ymm1
+        # Mont Reduce 2
+        vpmulld	%ymm13, %ymm0, %ymm6
+        vpmulld	%ymm13, %ymm1, %ymm7
+        vpmuldq	%ymm12, %ymm6, %ymm6
+        vpmuldq	%ymm12, %ymm7, %ymm7
+        vpsubd	%ymm6, %ymm0, %ymm0
+        vpsubd	%ymm7, %ymm1, %ymm1
+        vpsrlq	$32, %ymm0, %ymm0
+        vpor	%ymm1, %ymm0, %ymm0
+        vmovdqu	%ymm0, 352(%rdi)
+        # 96..103
+        vmovdqu	384(%rsi), %ymm0
+        vmovdqu	1408(%rsi), %ymm2
+        vmovdqu	384(%rdx), %ymm6
+        vmovdqu	1408(%rdx), %ymm8
+        vpshufd	$0xf5, %ymm0, %ymm1
+        vpshufd	$0xf5, %ymm2, %ymm3
+        vpshufd	$0xf5, %ymm6, %ymm7
+        vpshufd	$0xf5, %ymm8, %ymm9
+        vpmuldq	%ymm6, %ymm0, %ymm0
+        vpmuldq	%ymm7, %ymm1, %ymm1
+        vpmuldq	%ymm8, %ymm2, %ymm2
+        vpmuldq	%ymm9, %ymm3, %ymm3
+        vpaddq	%ymm2, %ymm0, %ymm0
+        vpaddq	%ymm3, %ymm1, %ymm1
+        vmovdqu	2432(%rsi), %ymm2
+        vmovdqu	3456(%rsi), %ymm4
+        vmovdqu	2432(%rdx), %ymm8
+        vmovdqu	3456(%rdx), %ymm10
+        vpshufd	$0xf5, %ymm2, %ymm3
+        vpshufd	$0xf5, %ymm4, %ymm5
+        vpshufd	$0xf5, %ymm8, %ymm9
+        vpshufd	$0xf5, %ymm10, %ymm11
+        vpmuldq	%ymm8, %ymm2, %ymm2
+        vpmuldq	%ymm9, %ymm3, %ymm3
+        vpmuldq	%ymm10, %ymm4, %ymm4
+        vpmuldq	%ymm11, %ymm5, %ymm5
+        vpaddq	%ymm2, %ymm0, %ymm0
+        vpaddq	%ymm3, %ymm1, %ymm1
+        vpaddq	%ymm4, %ymm0, %ymm0
+        vpaddq	%ymm5, %ymm1, %ymm1
+        # Mont Reduce 2
+        vpmulld	%ymm13, %ymm0, %ymm6
+        vpmulld	%ymm13, %ymm1, %ymm7
+        vpmuldq	%ymm12, %ymm6, %ymm6
+        vpmuldq	%ymm12, %ymm7, %ymm7
+        vpsubd	%ymm6, %ymm0, %ymm0
+        vpsubd	%ymm7, %ymm1, %ymm1
+        vpsrlq	$32, %ymm0, %ymm0
+        vpor	%ymm1, %ymm0, %ymm0
+        vmovdqu	%ymm0, 384(%rdi)
+        # 104..111
+        vmovdqu	416(%rsi), %ymm0
+        vmovdqu	1440(%rsi), %ymm2
+        vmovdqu	416(%rdx), %ymm6
+        vmovdqu	1440(%rdx), %ymm8
+        vpshufd	$0xf5, %ymm0, %ymm1
+        vpshufd	$0xf5, %ymm2, %ymm3
+        vpshufd	$0xf5, %ymm6, %ymm7
+        vpshufd	$0xf5, %ymm8, %ymm9
+        vpmuldq	%ymm6, %ymm0, %ymm0
+        vpmuldq	%ymm7, %ymm1, %ymm1
+        vpmuldq	%ymm8, %ymm2, %ymm2
+        vpmuldq	%ymm9, %ymm3, %ymm3
+        vpaddq	%ymm2, %ymm0, %ymm0
+        vpaddq	%ymm3, %ymm1, %ymm1
+        vmovdqu	2464(%rsi), %ymm2
+        vmovdqu	3488(%rsi), %ymm4
+        vmovdqu	2464(%rdx), %ymm8
+        vmovdqu	3488(%rdx), %ymm10
+        vpshufd	$0xf5, %ymm2, %ymm3
+        vpshufd	$0xf5, %ymm4, %ymm5
+        vpshufd	$0xf5, %ymm8, %ymm9
+        vpshufd	$0xf5, %ymm10, %ymm11
+        vpmuldq	%ymm8, %ymm2, %ymm2
+        vpmuldq	%ymm9, %ymm3, %ymm3
+        vpmuldq	%ymm10, %ymm4, %ymm4
+        vpmuldq	%ymm11, %ymm5, %ymm5
+        vpaddq	%ymm2, %ymm0, %ymm0
+        vpaddq	%ymm3, %ymm1, %ymm1
+        vpaddq	%ymm4, %ymm0, %ymm0
+        vpaddq	%ymm5, %ymm1, %ymm1
+        # Mont Reduce 2
+        vpmulld	%ymm13, %ymm0, %ymm6
+        vpmulld	%ymm13, %ymm1, %ymm7
+        vpmuldq	%ymm12, %ymm6, %ymm6
+        vpmuldq	%ymm12, %ymm7, %ymm7
+        vpsubd	%ymm6, %ymm0, %ymm0
+        vpsubd	%ymm7, %ymm1, %ymm1
+        vpsrlq	$32, %ymm0, %ymm0
+        vpor	%ymm1, %ymm0, %ymm0
+        vmovdqu	%ymm0, 416(%rdi)
+        # 112..119
+        vmovdqu	448(%rsi), %ymm0
+        vmovdqu	1472(%rsi), %ymm2
+        vmovdqu	448(%rdx), %ymm6
+        vmovdqu	1472(%rdx), %ymm8
+        vpshufd	$0xf5, %ymm0, %ymm1
+        vpshufd	$0xf5, %ymm2, %ymm3
+        vpshufd	$0xf5, %ymm6, %ymm7
+        vpshufd	$0xf5, %ymm8, %ymm9
+        vpmuldq	%ymm6, %ymm0, %ymm0
+        vpmuldq	%ymm7, %ymm1, %ymm1
+        vpmuldq	%ymm8, %ymm2, %ymm2
+        vpmuldq	%ymm9, %ymm3, %ymm3
+        vpaddq	%ymm2, %ymm0, %ymm0
+        vpaddq	%ymm3, %ymm1, %ymm1
+        vmovdqu	2496(%rsi), %ymm2
+        vmovdqu	3520(%rsi), %ymm4
+        vmovdqu	2496(%rdx), %ymm8
+        vmovdqu	3520(%rdx), %ymm10
+        vpshufd	$0xf5, %ymm2, %ymm3
+        vpshufd	$0xf5, %ymm4, %ymm5
+        vpshufd	$0xf5, %ymm8, %ymm9
+        vpshufd	$0xf5, %ymm10, %ymm11
+        vpmuldq	%ymm8, %ymm2, %ymm2
+        vpmuldq	%ymm9, %ymm3, %ymm3
+        vpmuldq	%ymm10, %ymm4, %ymm4
+        vpmuldq	%ymm11, %ymm5, %ymm5
+        vpaddq	%ymm2, %ymm0, %ymm0
+        vpaddq	%ymm3, %ymm1, %ymm1
+        vpaddq	%ymm4, %ymm0, %ymm0
+        vpaddq	%ymm5, %ymm1, %ymm1
+        # Mont Reduce 2
+        vpmulld	%ymm13, %ymm0, %ymm6
+        vpmulld	%ymm13, %ymm1, %ymm7
+        vpmuldq	%ymm12, %ymm6, %ymm6
+        vpmuldq	%ymm12, %ymm7, %ymm7
+        vpsubd	%ymm6, %ymm0, %ymm0
+        vpsubd	%ymm7, %ymm1, %ymm1
+        vpsrlq	$32, %ymm0, %ymm0
+        vpor	%ymm1, %ymm0, %ymm0
+        vmovdqu	%ymm0, 448(%rdi)
+        # 120..127
+        vmovdqu	480(%rsi), %ymm0
+        vmovdqu	1504(%rsi), %ymm2
+        vmovdqu	480(%rdx), %ymm6
+        vmovdqu	1504(%rdx), %ymm8
+        vpshufd	$0xf5, %ymm0, %ymm1
+        vpshufd	$0xf5, %ymm2, %ymm3
+        vpshufd	$0xf5, %ymm6, %ymm7
+        vpshufd	$0xf5, %ymm8, %ymm9
+        vpmuldq	%ymm6, %ymm0, %ymm0
+        vpmuldq	%ymm7, %ymm1, %ymm1
+        vpmuldq	%ymm8, %ymm2, %ymm2
+        vpmuldq	%ymm9, %ymm3, %ymm3
+        vpaddq	%ymm2, %ymm0, %ymm0
+        vpaddq	%ymm3, %ymm1, %ymm1
+        vmovdqu	2528(%rsi), %ymm2
+        vmovdqu	3552(%rsi), %ymm4
+        vmovdqu	2528(%rdx), %ymm8
+        vmovdqu	3552(%rdx), %ymm10
+        vpshufd	$0xf5, %ymm2, %ymm3
+        vpshufd	$0xf5, %ymm4, %ymm5
+        vpshufd	$0xf5, %ymm8, %ymm9
+        vpshufd	$0xf5, %ymm10, %ymm11
+        vpmuldq	%ymm8, %ymm2, %ymm2
+        vpmuldq	%ymm9, %ymm3, %ymm3
+        vpmuldq	%ymm10, %ymm4, %ymm4
+        vpmuldq	%ymm11, %ymm5, %ymm5
+        vpaddq	%ymm2, %ymm0, %ymm0
+        vpaddq	%ymm3, %ymm1, %ymm1
+        vpaddq	%ymm4, %ymm0, %ymm0
+        vpaddq	%ymm5, %ymm1, %ymm1
+        # Mont Reduce 2
+        vpmulld	%ymm13, %ymm0, %ymm6
+        vpmulld	%ymm13, %ymm1, %ymm7
+        vpmuldq	%ymm12, %ymm6, %ymm6
+        vpmuldq	%ymm12, %ymm7, %ymm7
+        vpsubd	%ymm6, %ymm0, %ymm0
+        vpsubd	%ymm7, %ymm1, %ymm1
+        vpsrlq	$32, %ymm0, %ymm0
+        vpor	%ymm1, %ymm0, %ymm0
+        vmovdqu	%ymm0, 480(%rdi)
+        # 128..135
+        vmovdqu	512(%rsi), %ymm0
+        vmovdqu	1536(%rsi), %ymm2
+        vmovdqu	512(%rdx), %ymm6
+        vmovdqu	1536(%rdx), %ymm8
+        vpshufd	$0xf5, %ymm0, %ymm1
+        vpshufd	$0xf5, %ymm2, %ymm3
+        vpshufd	$0xf5, %ymm6, %ymm7
+        vpshufd	$0xf5, %ymm8, %ymm9
+        vpmuldq	%ymm6, %ymm0, %ymm0
+        vpmuldq	%ymm7, %ymm1, %ymm1
+        vpmuldq	%ymm8, %ymm2, %ymm2
+        vpmuldq	%ymm9, %ymm3, %ymm3
+        vpaddq	%ymm2, %ymm0, %ymm0
+        vpaddq	%ymm3, %ymm1, %ymm1
+        vmovdqu	2560(%rsi), %ymm2
+        vmovdqu	3584(%rsi), %ymm4
+        vmovdqu	2560(%rdx), %ymm8
+        vmovdqu	3584(%rdx), %ymm10
+        vpshufd	$0xf5, %ymm2, %ymm3
+        vpshufd	$0xf5, %ymm4, %ymm5
+        vpshufd	$0xf5, %ymm8, %ymm9
+        vpshufd	$0xf5, %ymm10, %ymm11
+        vpmuldq	%ymm8, %ymm2, %ymm2
+        vpmuldq	%ymm9, %ymm3, %ymm3
+        vpmuldq	%ymm10, %ymm4, %ymm4
+        vpmuldq	%ymm11, %ymm5, %ymm5
+        vpaddq	%ymm2, %ymm0, %ymm0
+        vpaddq	%ymm3, %ymm1, %ymm1
+        vpaddq	%ymm4, %ymm0, %ymm0
+        vpaddq	%ymm5, %ymm1, %ymm1
+        # Mont Reduce 2
+        vpmulld	%ymm13, %ymm0, %ymm6
+        vpmulld	%ymm13, %ymm1, %ymm7
+        vpmuldq	%ymm12, %ymm6, %ymm6
+        vpmuldq	%ymm12, %ymm7, %ymm7
+        vpsubd	%ymm6, %ymm0, %ymm0
+        vpsubd	%ymm7, %ymm1, %ymm1
+        vpsrlq	$32, %ymm0, %ymm0
+        vpor	%ymm1, %ymm0, %ymm0
+        vmovdqu	%ymm0, 512(%rdi)
+        # 136..143
+        vmovdqu	544(%rsi), %ymm0
+        vmovdqu	1568(%rsi), %ymm2
+        vmovdqu	544(%rdx), %ymm6
+        vmovdqu	1568(%rdx), %ymm8
+        vpshufd	$0xf5, %ymm0, %ymm1
+        vpshufd	$0xf5, %ymm2, %ymm3
+        vpshufd	$0xf5, %ymm6, %ymm7
+        vpshufd	$0xf5, %ymm8, %ymm9
+        vpmuldq	%ymm6, %ymm0, %ymm0
+        vpmuldq	%ymm7, %ymm1, %ymm1
+        vpmuldq	%ymm8, %ymm2, %ymm2
+        vpmuldq	%ymm9, %ymm3, %ymm3
+        vpaddq	%ymm2, %ymm0, %ymm0
+        vpaddq	%ymm3, %ymm1, %ymm1
+        vmovdqu	2592(%rsi), %ymm2
+        vmovdqu	3616(%rsi), %ymm4
+        vmovdqu	2592(%rdx), %ymm8
+        vmovdqu	3616(%rdx), %ymm10
+        vpshufd	$0xf5, %ymm2, %ymm3
+        vpshufd	$0xf5, %ymm4, %ymm5
+        vpshufd	$0xf5, %ymm8, %ymm9
+        vpshufd	$0xf5, %ymm10, %ymm11
+        vpmuldq	%ymm8, %ymm2, %ymm2
+        vpmuldq	%ymm9, %ymm3, %ymm3
+        vpmuldq	%ymm10, %ymm4, %ymm4
+        vpmuldq	%ymm11, %ymm5, %ymm5
+        vpaddq	%ymm2, %ymm0, %ymm0
+        vpaddq	%ymm3, %ymm1, %ymm1
+        vpaddq	%ymm4, %ymm0, %ymm0
+        vpaddq	%ymm5, %ymm1, %ymm1
+        # Mont Reduce 2
+        vpmulld	%ymm13, %ymm0, %ymm6
+        vpmulld	%ymm13, %ymm1, %ymm7
+        vpmuldq	%ymm12, %ymm6, %ymm6
+        vpmuldq	%ymm12, %ymm7, %ymm7
+        vpsubd	%ymm6, %ymm0, %ymm0
+        vpsubd	%ymm7, %ymm1, %ymm1
+        vpsrlq	$32, %ymm0, %ymm0
+        vpor	%ymm1, %ymm0, %ymm0
+        vmovdqu	%ymm0, 544(%rdi)
+        # 144..151
+        vmovdqu	576(%rsi), %ymm0
+        vmovdqu	1600(%rsi), %ymm2
+        vmovdqu	576(%rdx), %ymm6
+        vmovdqu	1600(%rdx), %ymm8
+        vpshufd	$0xf5, %ymm0, %ymm1
+        vpshufd	$0xf5, %ymm2, %ymm3
+        vpshufd	$0xf5, %ymm6, %ymm7
+        vpshufd	$0xf5, %ymm8, %ymm9
+        vpmuldq	%ymm6, %ymm0, %ymm0
+        vpmuldq	%ymm7, %ymm1, %ymm1
+        vpmuldq	%ymm8, %ymm2, %ymm2
+        vpmuldq	%ymm9, %ymm3, %ymm3
+        vpaddq	%ymm2, %ymm0, %ymm0
+        vpaddq	%ymm3, %ymm1, %ymm1
+        vmovdqu	2624(%rsi), %ymm2
+        vmovdqu	3648(%rsi), %ymm4
+        vmovdqu	2624(%rdx), %ymm8
+        vmovdqu	3648(%rdx), %ymm10
+        vpshufd	$0xf5, %ymm2, %ymm3
+        vpshufd	$0xf5, %ymm4, %ymm5
+        vpshufd	$0xf5, %ymm8, %ymm9
+        vpshufd	$0xf5, %ymm10, %ymm11
+        vpmuldq	%ymm8, %ymm2, %ymm2
+        vpmuldq	%ymm9, %ymm3, %ymm3
+        vpmuldq	%ymm10, %ymm4, %ymm4
+        vpmuldq	%ymm11, %ymm5, %ymm5
+        vpaddq	%ymm2, %ymm0, %ymm0
+        vpaddq	%ymm3, %ymm1, %ymm1
+        vpaddq	%ymm4, %ymm0, %ymm0
+        vpaddq	%ymm5, %ymm1, %ymm1
+        # Mont Reduce 2
+        vpmulld	%ymm13, %ymm0, %ymm6
+        vpmulld	%ymm13, %ymm1, %ymm7
+        vpmuldq	%ymm12, %ymm6, %ymm6
+        vpmuldq	%ymm12, %ymm7, %ymm7
+        vpsubd	%ymm6, %ymm0, %ymm0
+        vpsubd	%ymm7, %ymm1, %ymm1
+        vpsrlq	$32, %ymm0, %ymm0
+        vpor	%ymm1, %ymm0, %ymm0
+        vmovdqu	%ymm0, 576(%rdi)
+        # 152..159
+        vmovdqu	608(%rsi), %ymm0
+        vmovdqu	1632(%rsi), %ymm2
+        vmovdqu	608(%rdx), %ymm6
+        vmovdqu	1632(%rdx), %ymm8
+        vpshufd	$0xf5, %ymm0, %ymm1
+        vpshufd	$0xf5, %ymm2, %ymm3
+        vpshufd	$0xf5, %ymm6, %ymm7
+        vpshufd	$0xf5, %ymm8, %ymm9
+        vpmuldq	%ymm6, %ymm0, %ymm0
+        vpmuldq	%ymm7, %ymm1, %ymm1
+        vpmuldq	%ymm8, %ymm2, %ymm2
+        vpmuldq	%ymm9, %ymm3, %ymm3
+        vpaddq	%ymm2, %ymm0, %ymm0
+        vpaddq	%ymm3, %ymm1, %ymm1
+        vmovdqu	2656(%rsi), %ymm2
+        vmovdqu	3680(%rsi), %ymm4
+        vmovdqu	2656(%rdx), %ymm8
+        vmovdqu	3680(%rdx), %ymm10
+        vpshufd	$0xf5, %ymm2, %ymm3
+        vpshufd	$0xf5, %ymm4, %ymm5
+        vpshufd	$0xf5, %ymm8, %ymm9
+        vpshufd	$0xf5, %ymm10, %ymm11
+        vpmuldq	%ymm8, %ymm2, %ymm2
+        vpmuldq	%ymm9, %ymm3, %ymm3
+        vpmuldq	%ymm10, %ymm4, %ymm4
+        vpmuldq	%ymm11, %ymm5, %ymm5
+        vpaddq	%ymm2, %ymm0, %ymm0
+        vpaddq	%ymm3, %ymm1, %ymm1
+        vpaddq	%ymm4, %ymm0, %ymm0
+        vpaddq	%ymm5, %ymm1, %ymm1
+        # Mont Reduce 2
+        vpmulld	%ymm13, %ymm0, %ymm6
+        vpmulld	%ymm13, %ymm1, %ymm7
+        vpmuldq	%ymm12, %ymm6, %ymm6
+        vpmuldq	%ymm12, %ymm7, %ymm7
+        vpsubd	%ymm6, %ymm0, %ymm0
+        vpsubd	%ymm7, %ymm1, %ymm1
+        vpsrlq	$32, %ymm0, %ymm0
+        vpor	%ymm1, %ymm0, %ymm0
+        vmovdqu	%ymm0, 608(%rdi)
+        # 160..167
+        vmovdqu	640(%rsi), %ymm0
+        vmovdqu	1664(%rsi), %ymm2
+        vmovdqu	640(%rdx), %ymm6
+        vmovdqu	1664(%rdx), %ymm8
+        vpshufd	$0xf5, %ymm0, %ymm1
+        vpshufd	$0xf5, %ymm2, %ymm3
+        vpshufd	$0xf5, %ymm6, %ymm7
+        vpshufd	$0xf5, %ymm8, %ymm9
+        vpmuldq	%ymm6, %ymm0, %ymm0
+        vpmuldq	%ymm7, %ymm1, %ymm1
+        vpmuldq	%ymm8, %ymm2, %ymm2
+        vpmuldq	%ymm9, %ymm3, %ymm3
+        vpaddq	%ymm2, %ymm0, %ymm0
+        vpaddq	%ymm3, %ymm1, %ymm1
+        vmovdqu	2688(%rsi), %ymm2
+        vmovdqu	3712(%rsi), %ymm4
+        vmovdqu	2688(%rdx), %ymm8
+        vmovdqu	3712(%rdx), %ymm10
+        vpshufd	$0xf5, %ymm2, %ymm3
+        vpshufd	$0xf5, %ymm4, %ymm5
+        vpshufd	$0xf5, %ymm8, %ymm9
+        vpshufd	$0xf5, %ymm10, %ymm11
+        vpmuldq	%ymm8, %ymm2, %ymm2
+        vpmuldq	%ymm9, %ymm3, %ymm3
+        vpmuldq	%ymm10, %ymm4, %ymm4
+        vpmuldq	%ymm11, %ymm5, %ymm5
+        vpaddq	%ymm2, %ymm0, %ymm0
+        vpaddq	%ymm3, %ymm1, %ymm1
+        vpaddq	%ymm4, %ymm0, %ymm0
+        vpaddq	%ymm5, %ymm1, %ymm1
+        # Mont Reduce 2
+        vpmulld	%ymm13, %ymm0, %ymm6
+        vpmulld	%ymm13, %ymm1, %ymm7
+        vpmuldq	%ymm12, %ymm6, %ymm6
+        vpmuldq	%ymm12, %ymm7, %ymm7
+        vpsubd	%ymm6, %ymm0, %ymm0
+        vpsubd	%ymm7, %ymm1, %ymm1
+        vpsrlq	$32, %ymm0, %ymm0
+        vpor	%ymm1, %ymm0, %ymm0
+        vmovdqu	%ymm0, 640(%rdi)
+        # 168..175
+        vmovdqu	672(%rsi), %ymm0
+        vmovdqu	1696(%rsi), %ymm2
+        vmovdqu	672(%rdx), %ymm6
+        vmovdqu	1696(%rdx), %ymm8
+        vpshufd	$0xf5, %ymm0, %ymm1
+        vpshufd	$0xf5, %ymm2, %ymm3
+        vpshufd	$0xf5, %ymm6, %ymm7
+        vpshufd	$0xf5, %ymm8, %ymm9
+        vpmuldq	%ymm6, %ymm0, %ymm0
+        vpmuldq	%ymm7, %ymm1, %ymm1
+        vpmuldq	%ymm8, %ymm2, %ymm2
+        vpmuldq	%ymm9, %ymm3, %ymm3
+        vpaddq	%ymm2, %ymm0, %ymm0
+        vpaddq	%ymm3, %ymm1, %ymm1
+        vmovdqu	2720(%rsi), %ymm2
+        vmovdqu	3744(%rsi), %ymm4
+        vmovdqu	2720(%rdx), %ymm8
+        vmovdqu	3744(%rdx), %ymm10
+        vpshufd	$0xf5, %ymm2, %ymm3
+        vpshufd	$0xf5, %ymm4, %ymm5
+        vpshufd	$0xf5, %ymm8, %ymm9
+        vpshufd	$0xf5, %ymm10, %ymm11
+        vpmuldq	%ymm8, %ymm2, %ymm2
+        vpmuldq	%ymm9, %ymm3, %ymm3
+        vpmuldq	%ymm10, %ymm4, %ymm4
+        vpmuldq	%ymm11, %ymm5, %ymm5
+        vpaddq	%ymm2, %ymm0, %ymm0
+        vpaddq	%ymm3, %ymm1, %ymm1
+        vpaddq	%ymm4, %ymm0, %ymm0
+        vpaddq	%ymm5, %ymm1, %ymm1
+        # Mont Reduce 2
+        vpmulld	%ymm13, %ymm0, %ymm6
+        vpmulld	%ymm13, %ymm1, %ymm7
+        vpmuldq	%ymm12, %ymm6, %ymm6
+        vpmuldq	%ymm12, %ymm7, %ymm7
+        vpsubd	%ymm6, %ymm0, %ymm0
+        vpsubd	%ymm7, %ymm1, %ymm1
+        vpsrlq	$32, %ymm0, %ymm0
+        vpor	%ymm1, %ymm0, %ymm0
+        vmovdqu	%ymm0, 672(%rdi)
+        # 176..183
+        vmovdqu	704(%rsi), %ymm0
+        vmovdqu	1728(%rsi), %ymm2
+        vmovdqu	704(%rdx), %ymm6
+        vmovdqu	1728(%rdx), %ymm8
+        vpshufd	$0xf5, %ymm0, %ymm1
+        vpshufd	$0xf5, %ymm2, %ymm3
+        vpshufd	$0xf5, %ymm6, %ymm7
+        vpshufd	$0xf5, %ymm8, %ymm9
+        vpmuldq	%ymm6, %ymm0, %ymm0
+        vpmuldq	%ymm7, %ymm1, %ymm1
+        vpmuldq	%ymm8, %ymm2, %ymm2
+        vpmuldq	%ymm9, %ymm3, %ymm3
+        vpaddq	%ymm2, %ymm0, %ymm0
+        vpaddq	%ymm3, %ymm1, %ymm1
+        vmovdqu	2752(%rsi), %ymm2
+        vmovdqu	3776(%rsi), %ymm4
+        vmovdqu	2752(%rdx), %ymm8
+        vmovdqu	3776(%rdx), %ymm10
+        vpshufd	$0xf5, %ymm2, %ymm3
+        vpshufd	$0xf5, %ymm4, %ymm5
+        vpshufd	$0xf5, %ymm8, %ymm9
+        vpshufd	$0xf5, %ymm10, %ymm11
+        vpmuldq	%ymm8, %ymm2, %ymm2
+        vpmuldq	%ymm9, %ymm3, %ymm3
+        vpmuldq	%ymm10, %ymm4, %ymm4
+        vpmuldq	%ymm11, %ymm5, %ymm5
+        vpaddq	%ymm2, %ymm0, %ymm0
+        vpaddq	%ymm3, %ymm1, %ymm1
+        vpaddq	%ymm4, %ymm0, %ymm0
+        vpaddq	%ymm5, %ymm1, %ymm1
+        # Mont Reduce 2
+        vpmulld	%ymm13, %ymm0, %ymm6
+        vpmulld	%ymm13, %ymm1, %ymm7
+        vpmuldq	%ymm12, %ymm6, %ymm6
+        vpmuldq	%ymm12, %ymm7, %ymm7
+        vpsubd	%ymm6, %ymm0, %ymm0
+        vpsubd	%ymm7, %ymm1, %ymm1
+        vpsrlq	$32, %ymm0, %ymm0
+        vpor	%ymm1, %ymm0, %ymm0
+        vmovdqu	%ymm0, 704(%rdi)
+        # 184..191
+        vmovdqu	736(%rsi), %ymm0
+        vmovdqu	1760(%rsi), %ymm2
+        vmovdqu	736(%rdx), %ymm6
+        vmovdqu	1760(%rdx), %ymm8
+        vpshufd	$0xf5, %ymm0, %ymm1
+        vpshufd	$0xf5, %ymm2, %ymm3
+        vpshufd	$0xf5, %ymm6, %ymm7
+        vpshufd	$0xf5, %ymm8, %ymm9
+        vpmuldq	%ymm6, %ymm0, %ymm0
+        vpmuldq	%ymm7, %ymm1, %ymm1
+        vpmuldq	%ymm8, %ymm2, %ymm2
+        vpmuldq	%ymm9, %ymm3, %ymm3
+        vpaddq	%ymm2, %ymm0, %ymm0
+        vpaddq	%ymm3, %ymm1, %ymm1
+        vmovdqu	2784(%rsi), %ymm2
+        vmovdqu	3808(%rsi), %ymm4
+        vmovdqu	2784(%rdx), %ymm8
+        vmovdqu	3808(%rdx), %ymm10
+        vpshufd	$0xf5, %ymm2, %ymm3
+        vpshufd	$0xf5, %ymm4, %ymm5
+        vpshufd	$0xf5, %ymm8, %ymm9
+        vpshufd	$0xf5, %ymm10, %ymm11
+        vpmuldq	%ymm8, %ymm2, %ymm2
+        vpmuldq	%ymm9, %ymm3, %ymm3
+        vpmuldq	%ymm10, %ymm4, %ymm4
+        vpmuldq	%ymm11, %ymm5, %ymm5
+        vpaddq	%ymm2, %ymm0, %ymm0
+        vpaddq	%ymm3, %ymm1, %ymm1
+        vpaddq	%ymm4, %ymm0, %ymm0
+        vpaddq	%ymm5, %ymm1, %ymm1
+        # Mont Reduce 2
+        vpmulld	%ymm13, %ymm0, %ymm6
+        vpmulld	%ymm13, %ymm1, %ymm7
+        vpmuldq	%ymm12, %ymm6, %ymm6
+        vpmuldq	%ymm12, %ymm7, %ymm7
+        vpsubd	%ymm6, %ymm0, %ymm0
+        vpsubd	%ymm7, %ymm1, %ymm1
+        vpsrlq	$32, %ymm0, %ymm0
+        vpor	%ymm1, %ymm0, %ymm0
+        vmovdqu	%ymm0, 736(%rdi)
+        # 192..199
+        vmovdqu	768(%rsi), %ymm0
+        vmovdqu	1792(%rsi), %ymm2
+        vmovdqu	768(%rdx), %ymm6
+        vmovdqu	1792(%rdx), %ymm8
+        vpshufd	$0xf5, %ymm0, %ymm1
+        vpshufd	$0xf5, %ymm2, %ymm3
+        vpshufd	$0xf5, %ymm6, %ymm7
+        vpshufd	$0xf5, %ymm8, %ymm9
+        vpmuldq	%ymm6, %ymm0, %ymm0
+        vpmuldq	%ymm7, %ymm1, %ymm1
+        vpmuldq	%ymm8, %ymm2, %ymm2
+        vpmuldq	%ymm9, %ymm3, %ymm3
+        vpaddq	%ymm2, %ymm0, %ymm0
+        vpaddq	%ymm3, %ymm1, %ymm1
+        vmovdqu	2816(%rsi), %ymm2
+        vmovdqu	3840(%rsi), %ymm4
+        vmovdqu	2816(%rdx), %ymm8
+        vmovdqu	3840(%rdx), %ymm10
+        vpshufd	$0xf5, %ymm2, %ymm3
+        vpshufd	$0xf5, %ymm4, %ymm5
+        vpshufd	$0xf5, %ymm8, %ymm9
+        vpshufd	$0xf5, %ymm10, %ymm11
+        vpmuldq	%ymm8, %ymm2, %ymm2
+        vpmuldq	%ymm9, %ymm3, %ymm3
+        vpmuldq	%ymm10, %ymm4, %ymm4
+        vpmuldq	%ymm11, %ymm5, %ymm5
+        vpaddq	%ymm2, %ymm0, %ymm0
+        vpaddq	%ymm3, %ymm1, %ymm1
+        vpaddq	%ymm4, %ymm0, %ymm0
+        vpaddq	%ymm5, %ymm1, %ymm1
+        # Mont Reduce 2
+        vpmulld	%ymm13, %ymm0, %ymm6
+        vpmulld	%ymm13, %ymm1, %ymm7
+        vpmuldq	%ymm12, %ymm6, %ymm6
+        vpmuldq	%ymm12, %ymm7, %ymm7
+        vpsubd	%ymm6, %ymm0, %ymm0
+        vpsubd	%ymm7, %ymm1, %ymm1
+        vpsrlq	$32, %ymm0, %ymm0
+        vpor	%ymm1, %ymm0, %ymm0
+        vmovdqu	%ymm0, 768(%rdi)
+        # 200..207
+        vmovdqu	800(%rsi), %ymm0
+        vmovdqu	1824(%rsi), %ymm2
+        vmovdqu	800(%rdx), %ymm6
+        vmovdqu	1824(%rdx), %ymm8
+        vpshufd	$0xf5, %ymm0, %ymm1
+        vpshufd	$0xf5, %ymm2, %ymm3
+        vpshufd	$0xf5, %ymm6, %ymm7
+        vpshufd	$0xf5, %ymm8, %ymm9
+        vpmuldq	%ymm6, %ymm0, %ymm0
+        vpmuldq	%ymm7, %ymm1, %ymm1
+        vpmuldq	%ymm8, %ymm2, %ymm2
+        vpmuldq	%ymm9, %ymm3, %ymm3
+        vpaddq	%ymm2, %ymm0, %ymm0
+        vpaddq	%ymm3, %ymm1, %ymm1
+        vmovdqu	2848(%rsi), %ymm2
+        vmovdqu	3872(%rsi), %ymm4
+        vmovdqu	2848(%rdx), %ymm8
+        vmovdqu	3872(%rdx), %ymm10
+        vpshufd	$0xf5, %ymm2, %ymm3
+        vpshufd	$0xf5, %ymm4, %ymm5
+        vpshufd	$0xf5, %ymm8, %ymm9
+        vpshufd	$0xf5, %ymm10, %ymm11
+        vpmuldq	%ymm8, %ymm2, %ymm2
+        vpmuldq	%ymm9, %ymm3, %ymm3
+        vpmuldq	%ymm10, %ymm4, %ymm4
+        vpmuldq	%ymm11, %ymm5, %ymm5
+        vpaddq	%ymm2, %ymm0, %ymm0
+        vpaddq	%ymm3, %ymm1, %ymm1
+        vpaddq	%ymm4, %ymm0, %ymm0
+        vpaddq	%ymm5, %ymm1, %ymm1
+        # Mont Reduce 2
+        vpmulld	%ymm13, %ymm0, %ymm6
+        vpmulld	%ymm13, %ymm1, %ymm7
+        vpmuldq	%ymm12, %ymm6, %ymm6
+        vpmuldq	%ymm12, %ymm7, %ymm7
+        vpsubd	%ymm6, %ymm0, %ymm0
+        vpsubd	%ymm7, %ymm1, %ymm1
+        vpsrlq	$32, %ymm0, %ymm0
+        vpor	%ymm1, %ymm0, %ymm0
+        vmovdqu	%ymm0, 800(%rdi)
+        # 208..215
+        vmovdqu	832(%rsi), %ymm0
+        vmovdqu	1856(%rsi), %ymm2
+        vmovdqu	832(%rdx), %ymm6
+        vmovdqu	1856(%rdx), %ymm8
+        vpshufd	$0xf5, %ymm0, %ymm1
+        vpshufd	$0xf5, %ymm2, %ymm3
+        vpshufd	$0xf5, %ymm6, %ymm7
+        vpshufd	$0xf5, %ymm8, %ymm9
+        vpmuldq	%ymm6, %ymm0, %ymm0
+        vpmuldq	%ymm7, %ymm1, %ymm1
+        vpmuldq	%ymm8, %ymm2, %ymm2
+        vpmuldq	%ymm9, %ymm3, %ymm3
+        vpaddq	%ymm2, %ymm0, %ymm0
+        vpaddq	%ymm3, %ymm1, %ymm1
+        vmovdqu	2880(%rsi), %ymm2
+        vmovdqu	3904(%rsi), %ymm4
+        vmovdqu	2880(%rdx), %ymm8
+        vmovdqu	3904(%rdx), %ymm10
+        vpshufd	$0xf5, %ymm2, %ymm3
+        vpshufd	$0xf5, %ymm4, %ymm5
+        vpshufd	$0xf5, %ymm8, %ymm9
+        vpshufd	$0xf5, %ymm10, %ymm11
+        vpmuldq	%ymm8, %ymm2, %ymm2
+        vpmuldq	%ymm9, %ymm3, %ymm3
+        vpmuldq	%ymm10, %ymm4, %ymm4
+        vpmuldq	%ymm11, %ymm5, %ymm5
+        vpaddq	%ymm2, %ymm0, %ymm0
+        vpaddq	%ymm3, %ymm1, %ymm1
+        vpaddq	%ymm4, %ymm0, %ymm0
+        vpaddq	%ymm5, %ymm1, %ymm1
+        # Mont Reduce 2
+        vpmulld	%ymm13, %ymm0, %ymm6
+        vpmulld	%ymm13, %ymm1, %ymm7
+        vpmuldq	%ymm12, %ymm6, %ymm6
+        vpmuldq	%ymm12, %ymm7, %ymm7
+        vpsubd	%ymm6, %ymm0, %ymm0
+        vpsubd	%ymm7, %ymm1, %ymm1
+        vpsrlq	$32, %ymm0, %ymm0
+        vpor	%ymm1, %ymm0, %ymm0
+        vmovdqu	%ymm0, 832(%rdi)
+        # 216..223
+        vmovdqu	864(%rsi), %ymm0
+        vmovdqu	1888(%rsi), %ymm2
+        vmovdqu	864(%rdx), %ymm6
+        vmovdqu	1888(%rdx), %ymm8
+        vpshufd	$0xf5, %ymm0, %ymm1
+        vpshufd	$0xf5, %ymm2, %ymm3
+        vpshufd	$0xf5, %ymm6, %ymm7
+        vpshufd	$0xf5, %ymm8, %ymm9
+        vpmuldq	%ymm6, %ymm0, %ymm0
+        vpmuldq	%ymm7, %ymm1, %ymm1
+        vpmuldq	%ymm8, %ymm2, %ymm2
+        vpmuldq	%ymm9, %ymm3, %ymm3
+        vpaddq	%ymm2, %ymm0, %ymm0
+        vpaddq	%ymm3, %ymm1, %ymm1
+        vmovdqu	2912(%rsi), %ymm2
+        vmovdqu	3936(%rsi), %ymm4
+        vmovdqu	2912(%rdx), %ymm8
+        vmovdqu	3936(%rdx), %ymm10
+        vpshufd	$0xf5, %ymm2, %ymm3
+        vpshufd	$0xf5, %ymm4, %ymm5
+        vpshufd	$0xf5, %ymm8, %ymm9
+        vpshufd	$0xf5, %ymm10, %ymm11
+        vpmuldq	%ymm8, %ymm2, %ymm2
+        vpmuldq	%ymm9, %ymm3, %ymm3
+        vpmuldq	%ymm10, %ymm4, %ymm4
+        vpmuldq	%ymm11, %ymm5, %ymm5
+        vpaddq	%ymm2, %ymm0, %ymm0
+        vpaddq	%ymm3, %ymm1, %ymm1
+        vpaddq	%ymm4, %ymm0, %ymm0
+        vpaddq	%ymm5, %ymm1, %ymm1
+        # Mont Reduce 2
+        vpmulld	%ymm13, %ymm0, %ymm6
+        vpmulld	%ymm13, %ymm1, %ymm7
+        vpmuldq	%ymm12, %ymm6, %ymm6
+        vpmuldq	%ymm12, %ymm7, %ymm7
+        vpsubd	%ymm6, %ymm0, %ymm0
+        vpsubd	%ymm7, %ymm1, %ymm1
+        vpsrlq	$32, %ymm0, %ymm0
+        vpor	%ymm1, %ymm0, %ymm0
+        vmovdqu	%ymm0, 864(%rdi)
+        # 224..231
+        vmovdqu	896(%rsi), %ymm0
+        vmovdqu	1920(%rsi), %ymm2
+        vmovdqu	896(%rdx), %ymm6
+        vmovdqu	1920(%rdx), %ymm8
+        vpshufd	$0xf5, %ymm0, %ymm1
+        vpshufd	$0xf5, %ymm2, %ymm3
+        vpshufd	$0xf5, %ymm6, %ymm7
+        vpshufd	$0xf5, %ymm8, %ymm9
+        vpmuldq	%ymm6, %ymm0, %ymm0
+        vpmuldq	%ymm7, %ymm1, %ymm1
+        vpmuldq	%ymm8, %ymm2, %ymm2
+        vpmuldq	%ymm9, %ymm3, %ymm3
+        vpaddq	%ymm2, %ymm0, %ymm0
+        vpaddq	%ymm3, %ymm1, %ymm1
+        vmovdqu	2944(%rsi), %ymm2
+        vmovdqu	3968(%rsi), %ymm4
+        vmovdqu	2944(%rdx), %ymm8
+        vmovdqu	3968(%rdx), %ymm10
+        vpshufd	$0xf5, %ymm2, %ymm3
+        vpshufd	$0xf5, %ymm4, %ymm5
+        vpshufd	$0xf5, %ymm8, %ymm9
+        vpshufd	$0xf5, %ymm10, %ymm11
+        vpmuldq	%ymm8, %ymm2, %ymm2
+        vpmuldq	%ymm9, %ymm3, %ymm3
+        vpmuldq	%ymm10, %ymm4, %ymm4
+        vpmuldq	%ymm11, %ymm5, %ymm5
+        vpaddq	%ymm2, %ymm0, %ymm0
+        vpaddq	%ymm3, %ymm1, %ymm1
+        vpaddq	%ymm4, %ymm0, %ymm0
+        vpaddq	%ymm5, %ymm1, %ymm1
+        # Mont Reduce 2
+        vpmulld	%ymm13, %ymm0, %ymm6
+        vpmulld	%ymm13, %ymm1, %ymm7
+        vpmuldq	%ymm12, %ymm6, %ymm6
+        vpmuldq	%ymm12, %ymm7, %ymm7
+        vpsubd	%ymm6, %ymm0, %ymm0
+        vpsubd	%ymm7, %ymm1, %ymm1
+        vpsrlq	$32, %ymm0, %ymm0
+        vpor	%ymm1, %ymm0, %ymm0
+        vmovdqu	%ymm0, 896(%rdi)
+        # 232..239
+        vmovdqu	928(%rsi), %ymm0
+        vmovdqu	1952(%rsi), %ymm2
+        vmovdqu	928(%rdx), %ymm6
+        vmovdqu	1952(%rdx), %ymm8
+        vpshufd	$0xf5, %ymm0, %ymm1
+        vpshufd	$0xf5, %ymm2, %ymm3
+        vpshufd	$0xf5, %ymm6, %ymm7
+        vpshufd	$0xf5, %ymm8, %ymm9
+        vpmuldq	%ymm6, %ymm0, %ymm0
+        vpmuldq	%ymm7, %ymm1, %ymm1
+        vpmuldq	%ymm8, %ymm2, %ymm2
+        vpmuldq	%ymm9, %ymm3, %ymm3
+        vpaddq	%ymm2, %ymm0, %ymm0
+        vpaddq	%ymm3, %ymm1, %ymm1
+        vmovdqu	2976(%rsi), %ymm2
+        vmovdqu	4000(%rsi), %ymm4
+        vmovdqu	2976(%rdx), %ymm8
+        vmovdqu	4000(%rdx), %ymm10
+        vpshufd	$0xf5, %ymm2, %ymm3
+        vpshufd	$0xf5, %ymm4, %ymm5
+        vpshufd	$0xf5, %ymm8, %ymm9
+        vpshufd	$0xf5, %ymm10, %ymm11
+        vpmuldq	%ymm8, %ymm2, %ymm2
+        vpmuldq	%ymm9, %ymm3, %ymm3
+        vpmuldq	%ymm10, %ymm4, %ymm4
+        vpmuldq	%ymm11, %ymm5, %ymm5
+        vpaddq	%ymm2, %ymm0, %ymm0
+        vpaddq	%ymm3, %ymm1, %ymm1
+        vpaddq	%ymm4, %ymm0, %ymm0
+        vpaddq	%ymm5, %ymm1, %ymm1
+        # Mont Reduce 2
+        vpmulld	%ymm13, %ymm0, %ymm6
+        vpmulld	%ymm13, %ymm1, %ymm7
+        vpmuldq	%ymm12, %ymm6, %ymm6
+        vpmuldq	%ymm12, %ymm7, %ymm7
+        vpsubd	%ymm6, %ymm0, %ymm0
+        vpsubd	%ymm7, %ymm1, %ymm1
+        vpsrlq	$32, %ymm0, %ymm0
+        vpor	%ymm1, %ymm0, %ymm0
+        vmovdqu	%ymm0, 928(%rdi)
+        # 240..247
+        vmovdqu	960(%rsi), %ymm0
+        vmovdqu	1984(%rsi), %ymm2
+        vmovdqu	960(%rdx), %ymm6
+        vmovdqu	1984(%rdx), %ymm8
+        vpshufd	$0xf5, %ymm0, %ymm1
+        vpshufd	$0xf5, %ymm2, %ymm3
+        vpshufd	$0xf5, %ymm6, %ymm7
+        vpshufd	$0xf5, %ymm8, %ymm9
+        vpmuldq	%ymm6, %ymm0, %ymm0
+        vpmuldq	%ymm7, %ymm1, %ymm1
+        vpmuldq	%ymm8, %ymm2, %ymm2
+        vpmuldq	%ymm9, %ymm3, %ymm3
+        vpaddq	%ymm2, %ymm0, %ymm0
+        vpaddq	%ymm3, %ymm1, %ymm1
+        vmovdqu	3008(%rsi), %ymm2
+        vmovdqu	4032(%rsi), %ymm4
+        vmovdqu	3008(%rdx), %ymm8
+        vmovdqu	4032(%rdx), %ymm10
+        vpshufd	$0xf5, %ymm2, %ymm3
+        vpshufd	$0xf5, %ymm4, %ymm5
+        vpshufd	$0xf5, %ymm8, %ymm9
+        vpshufd	$0xf5, %ymm10, %ymm11
+        vpmuldq	%ymm8, %ymm2, %ymm2
+        vpmuldq	%ymm9, %ymm3, %ymm3
+        vpmuldq	%ymm10, %ymm4, %ymm4
+        vpmuldq	%ymm11, %ymm5, %ymm5
+        vpaddq	%ymm2, %ymm0, %ymm0
+        vpaddq	%ymm3, %ymm1, %ymm1
+        vpaddq	%ymm4, %ymm0, %ymm0
+        vpaddq	%ymm5, %ymm1, %ymm1
+        # Mont Reduce 2
+        vpmulld	%ymm13, %ymm0, %ymm6
+        vpmulld	%ymm13, %ymm1, %ymm7
+        vpmuldq	%ymm12, %ymm6, %ymm6
+        vpmuldq	%ymm12, %ymm7, %ymm7
+        vpsubd	%ymm6, %ymm0, %ymm0
+        vpsubd	%ymm7, %ymm1, %ymm1
+        vpsrlq	$32, %ymm0, %ymm0
+        vpor	%ymm1, %ymm0, %ymm0
+        vmovdqu	%ymm0, 960(%rdi)
+        # 248..255
+        vmovdqu	992(%rsi), %ymm0
+        vmovdqu	2016(%rsi), %ymm2
+        vmovdqu	992(%rdx), %ymm6
+        vmovdqu	2016(%rdx), %ymm8
+        vpshufd	$0xf5, %ymm0, %ymm1
+        vpshufd	$0xf5, %ymm2, %ymm3
+        vpshufd	$0xf5, %ymm6, %ymm7
+        vpshufd	$0xf5, %ymm8, %ymm9
+        vpmuldq	%ymm6, %ymm0, %ymm0
+        vpmuldq	%ymm7, %ymm1, %ymm1
+        vpmuldq	%ymm8, %ymm2, %ymm2
+        vpmuldq	%ymm9, %ymm3, %ymm3
+        vpaddq	%ymm2, %ymm0, %ymm0
+        vpaddq	%ymm3, %ymm1, %ymm1
+        vmovdqu	3040(%rsi), %ymm2
+        vmovdqu	4064(%rsi), %ymm4
+        vmovdqu	3040(%rdx), %ymm8
+        vmovdqu	4064(%rdx), %ymm10
+        vpshufd	$0xf5, %ymm2, %ymm3
+        vpshufd	$0xf5, %ymm4, %ymm5
+        vpshufd	$0xf5, %ymm8, %ymm9
+        vpshufd	$0xf5, %ymm10, %ymm11
+        vpmuldq	%ymm8, %ymm2, %ymm2
+        vpmuldq	%ymm9, %ymm3, %ymm3
+        vpmuldq	%ymm10, %ymm4, %ymm4
+        vpmuldq	%ymm11, %ymm5, %ymm5
+        vpaddq	%ymm2, %ymm0, %ymm0
+        vpaddq	%ymm3, %ymm1, %ymm1
+        vpaddq	%ymm4, %ymm0, %ymm0
+        vpaddq	%ymm5, %ymm1, %ymm1
+        # Mont Reduce 2
+        vpmulld	%ymm13, %ymm0, %ymm6
+        vpmulld	%ymm13, %ymm1, %ymm7
+        vpmuldq	%ymm12, %ymm6, %ymm6
+        vpmuldq	%ymm12, %ymm7, %ymm7
+        vpsubd	%ymm6, %ymm0, %ymm0
+        vpsubd	%ymm7, %ymm1, %ymm1
+        vpsrlq	$32, %ymm0, %ymm0
+        vpor	%ymm1, %ymm0, %ymm0
+        vmovdqu	%ymm0, 992(%rdi)
+        vzeroupper
+        repz retq
+#ifndef __APPLE__
+.size	wc_mldsa_mul_vec_4_avx2,.-wc_mldsa_mul_vec_4_avx2
+#endif /* __APPLE__ */
+#ifndef __APPLE__
+.text
+.globl	wc_mldsa_mul_vec_5_avx2
+.type	wc_mldsa_mul_vec_5_avx2,@function
+.align	16
+wc_mldsa_mul_vec_5_avx2:
+#else
+.section	__TEXT,__text
+.globl	_wc_mldsa_mul_vec_5_avx2
+.p2align	4
+_wc_mldsa_mul_vec_5_avx2:
+#endif /* __APPLE__ */
+        vpxor	%ymm12, %ymm12, %ymm12
+        vmovdqu	mldsa_q(%rip), %ymm12
+        vmovdqu	mldsa_qinv(%rip), %ymm13
+        # 0..7
+        vmovdqu	(%rsi), %ymm0
+        vmovdqu	1024(%rsi), %ymm2
+        vmovdqu	2048(%rsi), %ymm4
+        vmovdqu	(%rdx), %ymm6
+        vmovdqu	1024(%rdx), %ymm8
+        vmovdqu	2048(%rdx), %ymm10
+        vpshufd	$0xf5, %ymm0, %ymm1
+        vpshufd	$0xf5, %ymm2, %ymm3
+        vpshufd	$0xf5, %ymm4, %ymm5
+        vpshufd	$0xf5, %ymm6, %ymm7
+        vpshufd	$0xf5, %ymm8, %ymm9
+        vpshufd	$0xf5, %ymm10, %ymm11
+        vpmuldq	%ymm6, %ymm0, %ymm0
+        vpmuldq	%ymm7, %ymm1, %ymm1
+        vpmuldq	%ymm8, %ymm2, %ymm2
+        vpmuldq	%ymm9, %ymm3, %ymm3
+        vpmuldq	%ymm10, %ymm4, %ymm4
+        vpmuldq	%ymm11, %ymm5, %ymm5
+        vpaddq	%ymm2, %ymm0, %ymm0
+        vpaddq	%ymm3, %ymm1, %ymm1
+        vpaddq	%ymm4, %ymm0, %ymm0
+        vpaddq	%ymm5, %ymm1, %ymm1
+        vmovdqu	3072(%rsi), %ymm2
+        vmovdqu	4096(%rsi), %ymm4
+        vmovdqu	3072(%rdx), %ymm8
+        vmovdqu	4096(%rdx), %ymm10
+        vpshufd	$0xf5, %ymm2, %ymm3
+        vpshufd	$0xf5, %ymm4, %ymm5
+        vpshufd	$0xf5, %ymm8, %ymm9
+        vpshufd	$0xf5, %ymm10, %ymm11
+        vpmuldq	%ymm8, %ymm2, %ymm2
+        vpmuldq	%ymm9, %ymm3, %ymm3
+        vpmuldq	%ymm10, %ymm4, %ymm4
+        vpmuldq	%ymm11, %ymm5, %ymm5
+        vpaddq	%ymm2, %ymm0, %ymm0
+        vpaddq	%ymm3, %ymm1, %ymm1
+        vpaddq	%ymm4, %ymm0, %ymm0
+        vpaddq	%ymm5, %ymm1, %ymm1
+        # Mont Reduce 2
+        vpmulld	%ymm13, %ymm0, %ymm6
+        vpmulld	%ymm13, %ymm1, %ymm7
+        vpmuldq	%ymm12, %ymm6, %ymm6
+        vpmuldq	%ymm12, %ymm7, %ymm7
+        vpsubd	%ymm6, %ymm0, %ymm0
+        vpsubd	%ymm7, %ymm1, %ymm1
+        vpsrlq	$32, %ymm0, %ymm0
+        vpor	%ymm1, %ymm0, %ymm0
+        vmovdqu	%ymm0, (%rdi)
+        # 8..15
+        vmovdqu	32(%rsi), %ymm0
+        vmovdqu	1056(%rsi), %ymm2
+        vmovdqu	2080(%rsi), %ymm4
+        vmovdqu	32(%rdx), %ymm6
+        vmovdqu	1056(%rdx), %ymm8
+        vmovdqu	2080(%rdx), %ymm10
+        vpshufd	$0xf5, %ymm0, %ymm1
+        vpshufd	$0xf5, %ymm2, %ymm3
+        vpshufd	$0xf5, %ymm4, %ymm5
+        vpshufd	$0xf5, %ymm6, %ymm7
+        vpshufd	$0xf5, %ymm8, %ymm9
+        vpshufd	$0xf5, %ymm10, %ymm11
+        vpmuldq	%ymm6, %ymm0, %ymm0
+        vpmuldq	%ymm7, %ymm1, %ymm1
+        vpmuldq	%ymm8, %ymm2, %ymm2
+        vpmuldq	%ymm9, %ymm3, %ymm3
+        vpmuldq	%ymm10, %ymm4, %ymm4
+        vpmuldq	%ymm11, %ymm5, %ymm5
+        vpaddq	%ymm2, %ymm0, %ymm0
+        vpaddq	%ymm3, %ymm1, %ymm1
+        vpaddq	%ymm4, %ymm0, %ymm0
+        vpaddq	%ymm5, %ymm1, %ymm1
+        vmovdqu	3104(%rsi), %ymm2
+        vmovdqu	4128(%rsi), %ymm4
+        vmovdqu	3104(%rdx), %ymm8
+        vmovdqu	4128(%rdx), %ymm10
+        vpshufd	$0xf5, %ymm2, %ymm3
+        vpshufd	$0xf5, %ymm4, %ymm5
+        vpshufd	$0xf5, %ymm8, %ymm9
+        vpshufd	$0xf5, %ymm10, %ymm11
+        vpmuldq	%ymm8, %ymm2, %ymm2
+        vpmuldq	%ymm9, %ymm3, %ymm3
+        vpmuldq	%ymm10, %ymm4, %ymm4
+        vpmuldq	%ymm11, %ymm5, %ymm5
+        vpaddq	%ymm2, %ymm0, %ymm0
+        vpaddq	%ymm3, %ymm1, %ymm1
+        vpaddq	%ymm4, %ymm0, %ymm0
+        vpaddq	%ymm5, %ymm1, %ymm1
+        # Mont Reduce 2
+        vpmulld	%ymm13, %ymm0, %ymm6
+        vpmulld	%ymm13, %ymm1, %ymm7
+        vpmuldq	%ymm12, %ymm6, %ymm6
+        vpmuldq	%ymm12, %ymm7, %ymm7
+        vpsubd	%ymm6, %ymm0, %ymm0
+        vpsubd	%ymm7, %ymm1, %ymm1
+        vpsrlq	$32, %ymm0, %ymm0
+        vpor	%ymm1, %ymm0, %ymm0
+        vmovdqu	%ymm0, 32(%rdi)
+        # 16..23
+        vmovdqu	64(%rsi), %ymm0
+        vmovdqu	1088(%rsi), %ymm2
+        vmovdqu	2112(%rsi), %ymm4
+        vmovdqu	64(%rdx), %ymm6
+        vmovdqu	1088(%rdx), %ymm8
+        vmovdqu	2112(%rdx), %ymm10
+        vpshufd	$0xf5, %ymm0, %ymm1
+        vpshufd	$0xf5, %ymm2, %ymm3
+        vpshufd	$0xf5, %ymm4, %ymm5
+        vpshufd	$0xf5, %ymm6, %ymm7
+        vpshufd	$0xf5, %ymm8, %ymm9
+        vpshufd	$0xf5, %ymm10, %ymm11
+        vpmuldq	%ymm6, %ymm0, %ymm0
+        vpmuldq	%ymm7, %ymm1, %ymm1
+        vpmuldq	%ymm8, %ymm2, %ymm2
+        vpmuldq	%ymm9, %ymm3, %ymm3
+        vpmuldq	%ymm10, %ymm4, %ymm4
+        vpmuldq	%ymm11, %ymm5, %ymm5
+        vpaddq	%ymm2, %ymm0, %ymm0
+        vpaddq	%ymm3, %ymm1, %ymm1
+        vpaddq	%ymm4, %ymm0, %ymm0
+        vpaddq	%ymm5, %ymm1, %ymm1
+        vmovdqu	3136(%rsi), %ymm2
+        vmovdqu	4160(%rsi), %ymm4
+        vmovdqu	3136(%rdx), %ymm8
+        vmovdqu	4160(%rdx), %ymm10
+        vpshufd	$0xf5, %ymm2, %ymm3
+        vpshufd	$0xf5, %ymm4, %ymm5
+        vpshufd	$0xf5, %ymm8, %ymm9
+        vpshufd	$0xf5, %ymm10, %ymm11
+        vpmuldq	%ymm8, %ymm2, %ymm2
+        vpmuldq	%ymm9, %ymm3, %ymm3
+        vpmuldq	%ymm10, %ymm4, %ymm4
+        vpmuldq	%ymm11, %ymm5, %ymm5
+        vpaddq	%ymm2, %ymm0, %ymm0
+        vpaddq	%ymm3, %ymm1, %ymm1
+        vpaddq	%ymm4, %ymm0, %ymm0
+        vpaddq	%ymm5, %ymm1, %ymm1
+        # Mont Reduce 2
+        vpmulld	%ymm13, %ymm0, %ymm6
+        vpmulld	%ymm13, %ymm1, %ymm7
+        vpmuldq	%ymm12, %ymm6, %ymm6
+        vpmuldq	%ymm12, %ymm7, %ymm7
+        vpsubd	%ymm6, %ymm0, %ymm0
+        vpsubd	%ymm7, %ymm1, %ymm1
+        vpsrlq	$32, %ymm0, %ymm0
+        vpor	%ymm1, %ymm0, %ymm0
+        vmovdqu	%ymm0, 64(%rdi)
+        # 24..31
+        vmovdqu	96(%rsi), %ymm0
+        vmovdqu	1120(%rsi), %ymm2
+        vmovdqu	2144(%rsi), %ymm4
+        vmovdqu	96(%rdx), %ymm6
+        vmovdqu	1120(%rdx), %ymm8
+        vmovdqu	2144(%rdx), %ymm10
+        vpshufd	$0xf5, %ymm0, %ymm1
+        vpshufd	$0xf5, %ymm2, %ymm3
+        vpshufd	$0xf5, %ymm4, %ymm5
+        vpshufd	$0xf5, %ymm6, %ymm7
+        vpshufd	$0xf5, %ymm8, %ymm9
+        vpshufd	$0xf5, %ymm10, %ymm11
+        vpmuldq	%ymm6, %ymm0, %ymm0
+        vpmuldq	%ymm7, %ymm1, %ymm1
+        vpmuldq	%ymm8, %ymm2, %ymm2
+        vpmuldq	%ymm9, %ymm3, %ymm3
+        vpmuldq	%ymm10, %ymm4, %ymm4
+        vpmuldq	%ymm11, %ymm5, %ymm5
+        vpaddq	%ymm2, %ymm0, %ymm0
+        vpaddq	%ymm3, %ymm1, %ymm1
+        vpaddq	%ymm4, %ymm0, %ymm0
+        vpaddq	%ymm5, %ymm1, %ymm1
+        vmovdqu	3168(%rsi), %ymm2
+        vmovdqu	4192(%rsi), %ymm4
+        vmovdqu	3168(%rdx), %ymm8
+        vmovdqu	4192(%rdx), %ymm10
+        vpshufd	$0xf5, %ymm2, %ymm3
+        vpshufd	$0xf5, %ymm4, %ymm5
+        vpshufd	$0xf5, %ymm8, %ymm9
+        vpshufd	$0xf5, %ymm10, %ymm11
+        vpmuldq	%ymm8, %ymm2, %ymm2
+        vpmuldq	%ymm9, %ymm3, %ymm3
+        vpmuldq	%ymm10, %ymm4, %ymm4
+        vpmuldq	%ymm11, %ymm5, %ymm5
+        vpaddq	%ymm2, %ymm0, %ymm0
+        vpaddq	%ymm3, %ymm1, %ymm1
+        vpaddq	%ymm4, %ymm0, %ymm0
+        vpaddq	%ymm5, %ymm1, %ymm1
+        # Mont Reduce 2
+        vpmulld	%ymm13, %ymm0, %ymm6
+        vpmulld	%ymm13, %ymm1, %ymm7
+        vpmuldq	%ymm12, %ymm6, %ymm6
+        vpmuldq	%ymm12, %ymm7, %ymm7
+        vpsubd	%ymm6, %ymm0, %ymm0
+        vpsubd	%ymm7, %ymm1, %ymm1
+        vpsrlq	$32, %ymm0, %ymm0
+        vpor	%ymm1, %ymm0, %ymm0
+        vmovdqu	%ymm0, 96(%rdi)
+        # 32..39
+        vmovdqu	128(%rsi), %ymm0
+        vmovdqu	1152(%rsi), %ymm2
+        vmovdqu	2176(%rsi), %ymm4
+        vmovdqu	128(%rdx), %ymm6
+        vmovdqu	1152(%rdx), %ymm8
+        vmovdqu	2176(%rdx), %ymm10
+        vpshufd	$0xf5, %ymm0, %ymm1
+        vpshufd	$0xf5, %ymm2, %ymm3
+        vpshufd	$0xf5, %ymm4, %ymm5
+        vpshufd	$0xf5, %ymm6, %ymm7
+        vpshufd	$0xf5, %ymm8, %ymm9
+        vpshufd	$0xf5, %ymm10, %ymm11
+        vpmuldq	%ymm6, %ymm0, %ymm0
+        vpmuldq	%ymm7, %ymm1, %ymm1
+        vpmuldq	%ymm8, %ymm2, %ymm2
+        vpmuldq	%ymm9, %ymm3, %ymm3
+        vpmuldq	%ymm10, %ymm4, %ymm4
+        vpmuldq	%ymm11, %ymm5, %ymm5
+        vpaddq	%ymm2, %ymm0, %ymm0
+        vpaddq	%ymm3, %ymm1, %ymm1
+        vpaddq	%ymm4, %ymm0, %ymm0
+        vpaddq	%ymm5, %ymm1, %ymm1
+        vmovdqu	3200(%rsi), %ymm2
+        vmovdqu	4224(%rsi), %ymm4
+        vmovdqu	3200(%rdx), %ymm8
+        vmovdqu	4224(%rdx), %ymm10
+        vpshufd	$0xf5, %ymm2, %ymm3
+        vpshufd	$0xf5, %ymm4, %ymm5
+        vpshufd	$0xf5, %ymm8, %ymm9
+        vpshufd	$0xf5, %ymm10, %ymm11
+        vpmuldq	%ymm8, %ymm2, %ymm2
+        vpmuldq	%ymm9, %ymm3, %ymm3
+        vpmuldq	%ymm10, %ymm4, %ymm4
+        vpmuldq	%ymm11, %ymm5, %ymm5
+        vpaddq	%ymm2, %ymm0, %ymm0
+        vpaddq	%ymm3, %ymm1, %ymm1
+        vpaddq	%ymm4, %ymm0, %ymm0
+        vpaddq	%ymm5, %ymm1, %ymm1
+        # Mont Reduce 2
+        vpmulld	%ymm13, %ymm0, %ymm6
+        vpmulld	%ymm13, %ymm1, %ymm7
+        vpmuldq	%ymm12, %ymm6, %ymm6
+        vpmuldq	%ymm12, %ymm7, %ymm7
+        vpsubd	%ymm6, %ymm0, %ymm0
+        vpsubd	%ymm7, %ymm1, %ymm1
+        vpsrlq	$32, %ymm0, %ymm0
+        vpor	%ymm1, %ymm0, %ymm0
+        vmovdqu	%ymm0, 128(%rdi)
+        # 40..47
+        vmovdqu	160(%rsi), %ymm0
+        vmovdqu	1184(%rsi), %ymm2
+        vmovdqu	2208(%rsi), %ymm4
+        vmovdqu	160(%rdx), %ymm6
+        vmovdqu	1184(%rdx), %ymm8
+        vmovdqu	2208(%rdx), %ymm10
+        vpshufd	$0xf5, %ymm0, %ymm1
+        vpshufd	$0xf5, %ymm2, %ymm3
+        vpshufd	$0xf5, %ymm4, %ymm5
+        vpshufd	$0xf5, %ymm6, %ymm7
+        vpshufd	$0xf5, %ymm8, %ymm9
+        vpshufd	$0xf5, %ymm10, %ymm11
+        vpmuldq	%ymm6, %ymm0, %ymm0
+        vpmuldq	%ymm7, %ymm1, %ymm1
+        vpmuldq	%ymm8, %ymm2, %ymm2
+        vpmuldq	%ymm9, %ymm3, %ymm3
+        vpmuldq	%ymm10, %ymm4, %ymm4
+        vpmuldq	%ymm11, %ymm5, %ymm5
+        vpaddq	%ymm2, %ymm0, %ymm0
+        vpaddq	%ymm3, %ymm1, %ymm1
+        vpaddq	%ymm4, %ymm0, %ymm0
+        vpaddq	%ymm5, %ymm1, %ymm1
+        vmovdqu	3232(%rsi), %ymm2
+        vmovdqu	4256(%rsi), %ymm4
+        vmovdqu	3232(%rdx), %ymm8
+        vmovdqu	4256(%rdx), %ymm10
+        vpshufd	$0xf5, %ymm2, %ymm3
+        vpshufd	$0xf5, %ymm4, %ymm5
+        vpshufd	$0xf5, %ymm8, %ymm9
+        vpshufd	$0xf5, %ymm10, %ymm11
+        vpmuldq	%ymm8, %ymm2, %ymm2
+        vpmuldq	%ymm9, %ymm3, %ymm3
+        vpmuldq	%ymm10, %ymm4, %ymm4
+        vpmuldq	%ymm11, %ymm5, %ymm5
+        vpaddq	%ymm2, %ymm0, %ymm0
+        vpaddq	%ymm3, %ymm1, %ymm1
+        vpaddq	%ymm4, %ymm0, %ymm0
+        vpaddq	%ymm5, %ymm1, %ymm1
+        # Mont Reduce 2
+        vpmulld	%ymm13, %ymm0, %ymm6
+        vpmulld	%ymm13, %ymm1, %ymm7
+        vpmuldq	%ymm12, %ymm6, %ymm6
+        vpmuldq	%ymm12, %ymm7, %ymm7
+        vpsubd	%ymm6, %ymm0, %ymm0
+        vpsubd	%ymm7, %ymm1, %ymm1
+        vpsrlq	$32, %ymm0, %ymm0
+        vpor	%ymm1, %ymm0, %ymm0
+        vmovdqu	%ymm0, 160(%rdi)
+        # 48..55
+        vmovdqu	192(%rsi), %ymm0
+        vmovdqu	1216(%rsi), %ymm2
+        vmovdqu	2240(%rsi), %ymm4
+        vmovdqu	192(%rdx), %ymm6
+        vmovdqu	1216(%rdx), %ymm8
+        vmovdqu	2240(%rdx), %ymm10
+        vpshufd	$0xf5, %ymm0, %ymm1
+        vpshufd	$0xf5, %ymm2, %ymm3
+        vpshufd	$0xf5, %ymm4, %ymm5
+        vpshufd	$0xf5, %ymm6, %ymm7
+        vpshufd	$0xf5, %ymm8, %ymm9
+        vpshufd	$0xf5, %ymm10, %ymm11
+        vpmuldq	%ymm6, %ymm0, %ymm0
+        vpmuldq	%ymm7, %ymm1, %ymm1
+        vpmuldq	%ymm8, %ymm2, %ymm2
+        vpmuldq	%ymm9, %ymm3, %ymm3
+        vpmuldq	%ymm10, %ymm4, %ymm4
+        vpmuldq	%ymm11, %ymm5, %ymm5
+        vpaddq	%ymm2, %ymm0, %ymm0
+        vpaddq	%ymm3, %ymm1, %ymm1
+        vpaddq	%ymm4, %ymm0, %ymm0
+        vpaddq	%ymm5, %ymm1, %ymm1
+        vmovdqu	3264(%rsi), %ymm2
+        vmovdqu	4288(%rsi), %ymm4
+        vmovdqu	3264(%rdx), %ymm8
+        vmovdqu	4288(%rdx), %ymm10
+        vpshufd	$0xf5, %ymm2, %ymm3
+        vpshufd	$0xf5, %ymm4, %ymm5
+        vpshufd	$0xf5, %ymm8, %ymm9
+        vpshufd	$0xf5, %ymm10, %ymm11
+        vpmuldq	%ymm8, %ymm2, %ymm2
+        vpmuldq	%ymm9, %ymm3, %ymm3
+        vpmuldq	%ymm10, %ymm4, %ymm4
+        vpmuldq	%ymm11, %ymm5, %ymm5
+        vpaddq	%ymm2, %ymm0, %ymm0
+        vpaddq	%ymm3, %ymm1, %ymm1
+        vpaddq	%ymm4, %ymm0, %ymm0
+        vpaddq	%ymm5, %ymm1, %ymm1
+        # Mont Reduce 2
+        vpmulld	%ymm13, %ymm0, %ymm6
+        vpmulld	%ymm13, %ymm1, %ymm7
+        vpmuldq	%ymm12, %ymm6, %ymm6
+        vpmuldq	%ymm12, %ymm7, %ymm7
+        vpsubd	%ymm6, %ymm0, %ymm0
+        vpsubd	%ymm7, %ymm1, %ymm1
+        vpsrlq	$32, %ymm0, %ymm0
+        vpor	%ymm1, %ymm0, %ymm0
+        vmovdqu	%ymm0, 192(%rdi)
+        # 56..63
+        vmovdqu	224(%rsi), %ymm0
+        vmovdqu	1248(%rsi), %ymm2
+        vmovdqu	2272(%rsi), %ymm4
+        vmovdqu	224(%rdx), %ymm6
+        vmovdqu	1248(%rdx), %ymm8
+        vmovdqu	2272(%rdx), %ymm10
+        vpshufd	$0xf5, %ymm0, %ymm1
+        vpshufd	$0xf5, %ymm2, %ymm3
+        vpshufd	$0xf5, %ymm4, %ymm5
+        vpshufd	$0xf5, %ymm6, %ymm7
+        vpshufd	$0xf5, %ymm8, %ymm9
+        vpshufd	$0xf5, %ymm10, %ymm11
+        vpmuldq	%ymm6, %ymm0, %ymm0
+        vpmuldq	%ymm7, %ymm1, %ymm1
+        vpmuldq	%ymm8, %ymm2, %ymm2
+        vpmuldq	%ymm9, %ymm3, %ymm3
+        vpmuldq	%ymm10, %ymm4, %ymm4
+        vpmuldq	%ymm11, %ymm5, %ymm5
+        vpaddq	%ymm2, %ymm0, %ymm0
+        vpaddq	%ymm3, %ymm1, %ymm1
+        vpaddq	%ymm4, %ymm0, %ymm0
+        vpaddq	%ymm5, %ymm1, %ymm1
+        vmovdqu	3296(%rsi), %ymm2
+        vmovdqu	4320(%rsi), %ymm4
+        vmovdqu	3296(%rdx), %ymm8
+        vmovdqu	4320(%rdx), %ymm10
+        vpshufd	$0xf5, %ymm2, %ymm3
+        vpshufd	$0xf5, %ymm4, %ymm5
+        vpshufd	$0xf5, %ymm8, %ymm9
+        vpshufd	$0xf5, %ymm10, %ymm11
+        vpmuldq	%ymm8, %ymm2, %ymm2
+        vpmuldq	%ymm9, %ymm3, %ymm3
+        vpmuldq	%ymm10, %ymm4, %ymm4
+        vpmuldq	%ymm11, %ymm5, %ymm5
+        vpaddq	%ymm2, %ymm0, %ymm0
+        vpaddq	%ymm3, %ymm1, %ymm1
+        vpaddq	%ymm4, %ymm0, %ymm0
+        vpaddq	%ymm5, %ymm1, %ymm1
+        # Mont Reduce 2
+        vpmulld	%ymm13, %ymm0, %ymm6
+        vpmulld	%ymm13, %ymm1, %ymm7
+        vpmuldq	%ymm12, %ymm6, %ymm6
+        vpmuldq	%ymm12, %ymm7, %ymm7
+        vpsubd	%ymm6, %ymm0, %ymm0
+        vpsubd	%ymm7, %ymm1, %ymm1
+        vpsrlq	$32, %ymm0, %ymm0
+        vpor	%ymm1, %ymm0, %ymm0
+        vmovdqu	%ymm0, 224(%rdi)
+        # 64..71
+        vmovdqu	256(%rsi), %ymm0
+        vmovdqu	1280(%rsi), %ymm2
+        vmovdqu	2304(%rsi), %ymm4
+        vmovdqu	256(%rdx), %ymm6
+        vmovdqu	1280(%rdx), %ymm8
+        vmovdqu	2304(%rdx), %ymm10
+        vpshufd	$0xf5, %ymm0, %ymm1
+        vpshufd	$0xf5, %ymm2, %ymm3
+        vpshufd	$0xf5, %ymm4, %ymm5
+        vpshufd	$0xf5, %ymm6, %ymm7
+        vpshufd	$0xf5, %ymm8, %ymm9
+        vpshufd	$0xf5, %ymm10, %ymm11
+        vpmuldq	%ymm6, %ymm0, %ymm0
+        vpmuldq	%ymm7, %ymm1, %ymm1
+        vpmuldq	%ymm8, %ymm2, %ymm2
+        vpmuldq	%ymm9, %ymm3, %ymm3
+        vpmuldq	%ymm10, %ymm4, %ymm4
+        vpmuldq	%ymm11, %ymm5, %ymm5
+        vpaddq	%ymm2, %ymm0, %ymm0
+        vpaddq	%ymm3, %ymm1, %ymm1
+        vpaddq	%ymm4, %ymm0, %ymm0
+        vpaddq	%ymm5, %ymm1, %ymm1
+        vmovdqu	3328(%rsi), %ymm2
+        vmovdqu	4352(%rsi), %ymm4
+        vmovdqu	3328(%rdx), %ymm8
+        vmovdqu	4352(%rdx), %ymm10
+        vpshufd	$0xf5, %ymm2, %ymm3
+        vpshufd	$0xf5, %ymm4, %ymm5
+        vpshufd	$0xf5, %ymm8, %ymm9
+        vpshufd	$0xf5, %ymm10, %ymm11
+        vpmuldq	%ymm8, %ymm2, %ymm2
+        vpmuldq	%ymm9, %ymm3, %ymm3
+        vpmuldq	%ymm10, %ymm4, %ymm4
+        vpmuldq	%ymm11, %ymm5, %ymm5
+        vpaddq	%ymm2, %ymm0, %ymm0
+        vpaddq	%ymm3, %ymm1, %ymm1
+        vpaddq	%ymm4, %ymm0, %ymm0
+        vpaddq	%ymm5, %ymm1, %ymm1
+        # Mont Reduce 2
+        vpmulld	%ymm13, %ymm0, %ymm6
+        vpmulld	%ymm13, %ymm1, %ymm7
+        vpmuldq	%ymm12, %ymm6, %ymm6
+        vpmuldq	%ymm12, %ymm7, %ymm7
+        vpsubd	%ymm6, %ymm0, %ymm0
+        vpsubd	%ymm7, %ymm1, %ymm1
+        vpsrlq	$32, %ymm0, %ymm0
+        vpor	%ymm1, %ymm0, %ymm0
+        vmovdqu	%ymm0, 256(%rdi)
+        # 72..79
+        vmovdqu	288(%rsi), %ymm0
+        vmovdqu	1312(%rsi), %ymm2
+        vmovdqu	2336(%rsi), %ymm4
+        vmovdqu	288(%rdx), %ymm6
+        vmovdqu	1312(%rdx), %ymm8
+        vmovdqu	2336(%rdx), %ymm10
+        vpshufd	$0xf5, %ymm0, %ymm1
+        vpshufd	$0xf5, %ymm2, %ymm3
+        vpshufd	$0xf5, %ymm4, %ymm5
+        vpshufd	$0xf5, %ymm6, %ymm7
+        vpshufd	$0xf5, %ymm8, %ymm9
+        vpshufd	$0xf5, %ymm10, %ymm11
+        vpmuldq	%ymm6, %ymm0, %ymm0
+        vpmuldq	%ymm7, %ymm1, %ymm1
+        vpmuldq	%ymm8, %ymm2, %ymm2
+        vpmuldq	%ymm9, %ymm3, %ymm3
+        vpmuldq	%ymm10, %ymm4, %ymm4
+        vpmuldq	%ymm11, %ymm5, %ymm5
+        vpaddq	%ymm2, %ymm0, %ymm0
+        vpaddq	%ymm3, %ymm1, %ymm1
+        vpaddq	%ymm4, %ymm0, %ymm0
+        vpaddq	%ymm5, %ymm1, %ymm1
+        vmovdqu	3360(%rsi), %ymm2
+        vmovdqu	4384(%rsi), %ymm4
+        vmovdqu	3360(%rdx), %ymm8
+        vmovdqu	4384(%rdx), %ymm10
+        vpshufd	$0xf5, %ymm2, %ymm3
+        vpshufd	$0xf5, %ymm4, %ymm5
+        vpshufd	$0xf5, %ymm8, %ymm9
+        vpshufd	$0xf5, %ymm10, %ymm11
+        vpmuldq	%ymm8, %ymm2, %ymm2
+        vpmuldq	%ymm9, %ymm3, %ymm3
+        vpmuldq	%ymm10, %ymm4, %ymm4
+        vpmuldq	%ymm11, %ymm5, %ymm5
+        vpaddq	%ymm2, %ymm0, %ymm0
+        vpaddq	%ymm3, %ymm1, %ymm1
+        vpaddq	%ymm4, %ymm0, %ymm0
+        vpaddq	%ymm5, %ymm1, %ymm1
+        # Mont Reduce 2
+        vpmulld	%ymm13, %ymm0, %ymm6
+        vpmulld	%ymm13, %ymm1, %ymm7
+        vpmuldq	%ymm12, %ymm6, %ymm6
+        vpmuldq	%ymm12, %ymm7, %ymm7
+        vpsubd	%ymm6, %ymm0, %ymm0
+        vpsubd	%ymm7, %ymm1, %ymm1
+        vpsrlq	$32, %ymm0, %ymm0
+        vpor	%ymm1, %ymm0, %ymm0
+        vmovdqu	%ymm0, 288(%rdi)
+        # 80..87
+        vmovdqu	320(%rsi), %ymm0
+        vmovdqu	1344(%rsi), %ymm2
+        vmovdqu	2368(%rsi), %ymm4
+        vmovdqu	320(%rdx), %ymm6
+        vmovdqu	1344(%rdx), %ymm8
+        vmovdqu	2368(%rdx), %ymm10
+        vpshufd	$0xf5, %ymm0, %ymm1
+        vpshufd	$0xf5, %ymm2, %ymm3
+        vpshufd	$0xf5, %ymm4, %ymm5
+        vpshufd	$0xf5, %ymm6, %ymm7
+        vpshufd	$0xf5, %ymm8, %ymm9
+        vpshufd	$0xf5, %ymm10, %ymm11
+        vpmuldq	%ymm6, %ymm0, %ymm0
+        vpmuldq	%ymm7, %ymm1, %ymm1
+        vpmuldq	%ymm8, %ymm2, %ymm2
+        vpmuldq	%ymm9, %ymm3, %ymm3
+        vpmuldq	%ymm10, %ymm4, %ymm4
+        vpmuldq	%ymm11, %ymm5, %ymm5
+        vpaddq	%ymm2, %ymm0, %ymm0
+        vpaddq	%ymm3, %ymm1, %ymm1
+        vpaddq	%ymm4, %ymm0, %ymm0
+        vpaddq	%ymm5, %ymm1, %ymm1
+        vmovdqu	3392(%rsi), %ymm2
+        vmovdqu	4416(%rsi), %ymm4
+        vmovdqu	3392(%rdx), %ymm8
+        vmovdqu	4416(%rdx), %ymm10
+        vpshufd	$0xf5, %ymm2, %ymm3
+        vpshufd	$0xf5, %ymm4, %ymm5
+        vpshufd	$0xf5, %ymm8, %ymm9
+        vpshufd	$0xf5, %ymm10, %ymm11
+        vpmuldq	%ymm8, %ymm2, %ymm2
+        vpmuldq	%ymm9, %ymm3, %ymm3
+        vpmuldq	%ymm10, %ymm4, %ymm4
+        vpmuldq	%ymm11, %ymm5, %ymm5
+        vpaddq	%ymm2, %ymm0, %ymm0
+        vpaddq	%ymm3, %ymm1, %ymm1
+        vpaddq	%ymm4, %ymm0, %ymm0
+        vpaddq	%ymm5, %ymm1, %ymm1
+        # Mont Reduce 2
+        vpmulld	%ymm13, %ymm0, %ymm6
+        vpmulld	%ymm13, %ymm1, %ymm7
+        vpmuldq	%ymm12, %ymm6, %ymm6
+        vpmuldq	%ymm12, %ymm7, %ymm7
+        vpsubd	%ymm6, %ymm0, %ymm0
+        vpsubd	%ymm7, %ymm1, %ymm1
+        vpsrlq	$32, %ymm0, %ymm0
+        vpor	%ymm1, %ymm0, %ymm0
+        vmovdqu	%ymm0, 320(%rdi)
+        # 88..95
+        vmovdqu	352(%rsi), %ymm0
+        vmovdqu	1376(%rsi), %ymm2
+        vmovdqu	2400(%rsi), %ymm4
+        vmovdqu	352(%rdx), %ymm6
+        vmovdqu	1376(%rdx), %ymm8
+        vmovdqu	2400(%rdx), %ymm10
+        vpshufd	$0xf5, %ymm0, %ymm1
+        vpshufd	$0xf5, %ymm2, %ymm3
+        vpshufd	$0xf5, %ymm4, %ymm5
+        vpshufd	$0xf5, %ymm6, %ymm7
+        vpshufd	$0xf5, %ymm8, %ymm9
+        vpshufd	$0xf5, %ymm10, %ymm11
+        vpmuldq	%ymm6, %ymm0, %ymm0
+        vpmuldq	%ymm7, %ymm1, %ymm1
+        vpmuldq	%ymm8, %ymm2, %ymm2
+        vpmuldq	%ymm9, %ymm3, %ymm3
+        vpmuldq	%ymm10, %ymm4, %ymm4
+        vpmuldq	%ymm11, %ymm5, %ymm5
+        vpaddq	%ymm2, %ymm0, %ymm0
+        vpaddq	%ymm3, %ymm1, %ymm1
+        vpaddq	%ymm4, %ymm0, %ymm0
+        vpaddq	%ymm5, %ymm1, %ymm1
+        vmovdqu	3424(%rsi), %ymm2
+        vmovdqu	4448(%rsi), %ymm4
+        vmovdqu	3424(%rdx), %ymm8
+        vmovdqu	4448(%rdx), %ymm10
+        vpshufd	$0xf5, %ymm2, %ymm3
+        vpshufd	$0xf5, %ymm4, %ymm5
+        vpshufd	$0xf5, %ymm8, %ymm9
+        vpshufd	$0xf5, %ymm10, %ymm11
+        vpmuldq	%ymm8, %ymm2, %ymm2
+        vpmuldq	%ymm9, %ymm3, %ymm3
+        vpmuldq	%ymm10, %ymm4, %ymm4
+        vpmuldq	%ymm11, %ymm5, %ymm5
+        vpaddq	%ymm2, %ymm0, %ymm0
+        vpaddq	%ymm3, %ymm1, %ymm1
+        vpaddq	%ymm4, %ymm0, %ymm0
+        vpaddq	%ymm5, %ymm1, %ymm1
+        # Mont Reduce 2
+        vpmulld	%ymm13, %ymm0, %ymm6
+        vpmulld	%ymm13, %ymm1, %ymm7
+        vpmuldq	%ymm12, %ymm6, %ymm6
+        vpmuldq	%ymm12, %ymm7, %ymm7
+        vpsubd	%ymm6, %ymm0, %ymm0
+        vpsubd	%ymm7, %ymm1, %ymm1
+        vpsrlq	$32, %ymm0, %ymm0
+        vpor	%ymm1, %ymm0, %ymm0
+        vmovdqu	%ymm0, 352(%rdi)
+        # 96..103
+        vmovdqu	384(%rsi), %ymm0
+        vmovdqu	1408(%rsi), %ymm2
+        vmovdqu	2432(%rsi), %ymm4
+        vmovdqu	384(%rdx), %ymm6
+        vmovdqu	1408(%rdx), %ymm8
+        vmovdqu	2432(%rdx), %ymm10
+        vpshufd	$0xf5, %ymm0, %ymm1
+        vpshufd	$0xf5, %ymm2, %ymm3
+        vpshufd	$0xf5, %ymm4, %ymm5
+        vpshufd	$0xf5, %ymm6, %ymm7
+        vpshufd	$0xf5, %ymm8, %ymm9
+        vpshufd	$0xf5, %ymm10, %ymm11
+        vpmuldq	%ymm6, %ymm0, %ymm0
+        vpmuldq	%ymm7, %ymm1, %ymm1
+        vpmuldq	%ymm8, %ymm2, %ymm2
+        vpmuldq	%ymm9, %ymm3, %ymm3
+        vpmuldq	%ymm10, %ymm4, %ymm4
+        vpmuldq	%ymm11, %ymm5, %ymm5
+        vpaddq	%ymm2, %ymm0, %ymm0
+        vpaddq	%ymm3, %ymm1, %ymm1
+        vpaddq	%ymm4, %ymm0, %ymm0
+        vpaddq	%ymm5, %ymm1, %ymm1
+        vmovdqu	3456(%rsi), %ymm2
+        vmovdqu	4480(%rsi), %ymm4
+        vmovdqu	3456(%rdx), %ymm8
+        vmovdqu	4480(%rdx), %ymm10
+        vpshufd	$0xf5, %ymm2, %ymm3
+        vpshufd	$0xf5, %ymm4, %ymm5
+        vpshufd	$0xf5, %ymm8, %ymm9
+        vpshufd	$0xf5, %ymm10, %ymm11
+        vpmuldq	%ymm8, %ymm2, %ymm2
+        vpmuldq	%ymm9, %ymm3, %ymm3
+        vpmuldq	%ymm10, %ymm4, %ymm4
+        vpmuldq	%ymm11, %ymm5, %ymm5
+        vpaddq	%ymm2, %ymm0, %ymm0
+        vpaddq	%ymm3, %ymm1, %ymm1
+        vpaddq	%ymm4, %ymm0, %ymm0
+        vpaddq	%ymm5, %ymm1, %ymm1
+        # Mont Reduce 2
+        vpmulld	%ymm13, %ymm0, %ymm6
+        vpmulld	%ymm13, %ymm1, %ymm7
+        vpmuldq	%ymm12, %ymm6, %ymm6
+        vpmuldq	%ymm12, %ymm7, %ymm7
+        vpsubd	%ymm6, %ymm0, %ymm0
+        vpsubd	%ymm7, %ymm1, %ymm1
+        vpsrlq	$32, %ymm0, %ymm0
+        vpor	%ymm1, %ymm0, %ymm0
+        vmovdqu	%ymm0, 384(%rdi)
+        # 104..111
+        vmovdqu	416(%rsi), %ymm0
+        vmovdqu	1440(%rsi), %ymm2
+        vmovdqu	2464(%rsi), %ymm4
+        vmovdqu	416(%rdx), %ymm6
+        vmovdqu	1440(%rdx), %ymm8
+        vmovdqu	2464(%rdx), %ymm10
+        vpshufd	$0xf5, %ymm0, %ymm1
+        vpshufd	$0xf5, %ymm2, %ymm3
+        vpshufd	$0xf5, %ymm4, %ymm5
+        vpshufd	$0xf5, %ymm6, %ymm7
+        vpshufd	$0xf5, %ymm8, %ymm9
+        vpshufd	$0xf5, %ymm10, %ymm11
+        vpmuldq	%ymm6, %ymm0, %ymm0
+        vpmuldq	%ymm7, %ymm1, %ymm1
+        vpmuldq	%ymm8, %ymm2, %ymm2
+        vpmuldq	%ymm9, %ymm3, %ymm3
+        vpmuldq	%ymm10, %ymm4, %ymm4
+        vpmuldq	%ymm11, %ymm5, %ymm5
+        vpaddq	%ymm2, %ymm0, %ymm0
+        vpaddq	%ymm3, %ymm1, %ymm1
+        vpaddq	%ymm4, %ymm0, %ymm0
+        vpaddq	%ymm5, %ymm1, %ymm1
+        vmovdqu	3488(%rsi), %ymm2
+        vmovdqu	4512(%rsi), %ymm4
+        vmovdqu	3488(%rdx), %ymm8
+        vmovdqu	4512(%rdx), %ymm10
+        vpshufd	$0xf5, %ymm2, %ymm3
+        vpshufd	$0xf5, %ymm4, %ymm5
+        vpshufd	$0xf5, %ymm8, %ymm9
+        vpshufd	$0xf5, %ymm10, %ymm11
+        vpmuldq	%ymm8, %ymm2, %ymm2
+        vpmuldq	%ymm9, %ymm3, %ymm3
+        vpmuldq	%ymm10, %ymm4, %ymm4
+        vpmuldq	%ymm11, %ymm5, %ymm5
+        vpaddq	%ymm2, %ymm0, %ymm0
+        vpaddq	%ymm3, %ymm1, %ymm1
+        vpaddq	%ymm4, %ymm0, %ymm0
+        vpaddq	%ymm5, %ymm1, %ymm1
+        # Mont Reduce 2
+        vpmulld	%ymm13, %ymm0, %ymm6
+        vpmulld	%ymm13, %ymm1, %ymm7
+        vpmuldq	%ymm12, %ymm6, %ymm6
+        vpmuldq	%ymm12, %ymm7, %ymm7
+        vpsubd	%ymm6, %ymm0, %ymm0
+        vpsubd	%ymm7, %ymm1, %ymm1
+        vpsrlq	$32, %ymm0, %ymm0
+        vpor	%ymm1, %ymm0, %ymm0
+        vmovdqu	%ymm0, 416(%rdi)
+        # 112..119
+        vmovdqu	448(%rsi), %ymm0
+        vmovdqu	1472(%rsi), %ymm2
+        vmovdqu	2496(%rsi), %ymm4
+        vmovdqu	448(%rdx), %ymm6
+        vmovdqu	1472(%rdx), %ymm8
+        vmovdqu	2496(%rdx), %ymm10
+        vpshufd	$0xf5, %ymm0, %ymm1
+        vpshufd	$0xf5, %ymm2, %ymm3
+        vpshufd	$0xf5, %ymm4, %ymm5
+        vpshufd	$0xf5, %ymm6, %ymm7
+        vpshufd	$0xf5, %ymm8, %ymm9
+        vpshufd	$0xf5, %ymm10, %ymm11
+        vpmuldq	%ymm6, %ymm0, %ymm0
+        vpmuldq	%ymm7, %ymm1, %ymm1
+        vpmuldq	%ymm8, %ymm2, %ymm2
+        vpmuldq	%ymm9, %ymm3, %ymm3
+        vpmuldq	%ymm10, %ymm4, %ymm4
+        vpmuldq	%ymm11, %ymm5, %ymm5
+        vpaddq	%ymm2, %ymm0, %ymm0
+        vpaddq	%ymm3, %ymm1, %ymm1
+        vpaddq	%ymm4, %ymm0, %ymm0
+        vpaddq	%ymm5, %ymm1, %ymm1
+        vmovdqu	3520(%rsi), %ymm2
+        vmovdqu	4544(%rsi), %ymm4
+        vmovdqu	3520(%rdx), %ymm8
+        vmovdqu	4544(%rdx), %ymm10
+        vpshufd	$0xf5, %ymm2, %ymm3
+        vpshufd	$0xf5, %ymm4, %ymm5
+        vpshufd	$0xf5, %ymm8, %ymm9
+        vpshufd	$0xf5, %ymm10, %ymm11
+        vpmuldq	%ymm8, %ymm2, %ymm2
+        vpmuldq	%ymm9, %ymm3, %ymm3
+        vpmuldq	%ymm10, %ymm4, %ymm4
+        vpmuldq	%ymm11, %ymm5, %ymm5
+        vpaddq	%ymm2, %ymm0, %ymm0
+        vpaddq	%ymm3, %ymm1, %ymm1
+        vpaddq	%ymm4, %ymm0, %ymm0
+        vpaddq	%ymm5, %ymm1, %ymm1
+        # Mont Reduce 2
+        vpmulld	%ymm13, %ymm0, %ymm6
+        vpmulld	%ymm13, %ymm1, %ymm7
+        vpmuldq	%ymm12, %ymm6, %ymm6
+        vpmuldq	%ymm12, %ymm7, %ymm7
+        vpsubd	%ymm6, %ymm0, %ymm0
+        vpsubd	%ymm7, %ymm1, %ymm1
+        vpsrlq	$32, %ymm0, %ymm0
+        vpor	%ymm1, %ymm0, %ymm0
+        vmovdqu	%ymm0, 448(%rdi)
+        # 120..127
+        vmovdqu	480(%rsi), %ymm0
+        vmovdqu	1504(%rsi), %ymm2
+        vmovdqu	2528(%rsi), %ymm4
+        vmovdqu	480(%rdx), %ymm6
+        vmovdqu	1504(%rdx), %ymm8
+        vmovdqu	2528(%rdx), %ymm10
+        vpshufd	$0xf5, %ymm0, %ymm1
+        vpshufd	$0xf5, %ymm2, %ymm3
+        vpshufd	$0xf5, %ymm4, %ymm5
+        vpshufd	$0xf5, %ymm6, %ymm7
+        vpshufd	$0xf5, %ymm8, %ymm9
+        vpshufd	$0xf5, %ymm10, %ymm11
+        vpmuldq	%ymm6, %ymm0, %ymm0
+        vpmuldq	%ymm7, %ymm1, %ymm1
+        vpmuldq	%ymm8, %ymm2, %ymm2
+        vpmuldq	%ymm9, %ymm3, %ymm3
+        vpmuldq	%ymm10, %ymm4, %ymm4
+        vpmuldq	%ymm11, %ymm5, %ymm5
+        vpaddq	%ymm2, %ymm0, %ymm0
+        vpaddq	%ymm3, %ymm1, %ymm1
+        vpaddq	%ymm4, %ymm0, %ymm0
+        vpaddq	%ymm5, %ymm1, %ymm1
+        vmovdqu	3552(%rsi), %ymm2
+        vmovdqu	4576(%rsi), %ymm4
+        vmovdqu	3552(%rdx), %ymm8
+        vmovdqu	4576(%rdx), %ymm10
+        vpshufd	$0xf5, %ymm2, %ymm3
+        vpshufd	$0xf5, %ymm4, %ymm5
+        vpshufd	$0xf5, %ymm8, %ymm9
+        vpshufd	$0xf5, %ymm10, %ymm11
+        vpmuldq	%ymm8, %ymm2, %ymm2
+        vpmuldq	%ymm9, %ymm3, %ymm3
+        vpmuldq	%ymm10, %ymm4, %ymm4
+        vpmuldq	%ymm11, %ymm5, %ymm5
+        vpaddq	%ymm2, %ymm0, %ymm0
+        vpaddq	%ymm3, %ymm1, %ymm1
+        vpaddq	%ymm4, %ymm0, %ymm0
+        vpaddq	%ymm5, %ymm1, %ymm1
+        # Mont Reduce 2
+        vpmulld	%ymm13, %ymm0, %ymm6
+        vpmulld	%ymm13, %ymm1, %ymm7
+        vpmuldq	%ymm12, %ymm6, %ymm6
+        vpmuldq	%ymm12, %ymm7, %ymm7
+        vpsubd	%ymm6, %ymm0, %ymm0
+        vpsubd	%ymm7, %ymm1, %ymm1
+        vpsrlq	$32, %ymm0, %ymm0
+        vpor	%ymm1, %ymm0, %ymm0
+        vmovdqu	%ymm0, 480(%rdi)
+        # 128..135
+        vmovdqu	512(%rsi), %ymm0
+        vmovdqu	1536(%rsi), %ymm2
+        vmovdqu	2560(%rsi), %ymm4
+        vmovdqu	512(%rdx), %ymm6
+        vmovdqu	1536(%rdx), %ymm8
+        vmovdqu	2560(%rdx), %ymm10
+        vpshufd	$0xf5, %ymm0, %ymm1
+        vpshufd	$0xf5, %ymm2, %ymm3
+        vpshufd	$0xf5, %ymm4, %ymm5
+        vpshufd	$0xf5, %ymm6, %ymm7
+        vpshufd	$0xf5, %ymm8, %ymm9
+        vpshufd	$0xf5, %ymm10, %ymm11
+        vpmuldq	%ymm6, %ymm0, %ymm0
+        vpmuldq	%ymm7, %ymm1, %ymm1
+        vpmuldq	%ymm8, %ymm2, %ymm2
+        vpmuldq	%ymm9, %ymm3, %ymm3
+        vpmuldq	%ymm10, %ymm4, %ymm4
+        vpmuldq	%ymm11, %ymm5, %ymm5
+        vpaddq	%ymm2, %ymm0, %ymm0
+        vpaddq	%ymm3, %ymm1, %ymm1
+        vpaddq	%ymm4, %ymm0, %ymm0
+        vpaddq	%ymm5, %ymm1, %ymm1
+        vmovdqu	3584(%rsi), %ymm2
+        vmovdqu	4608(%rsi), %ymm4
+        vmovdqu	3584(%rdx), %ymm8
+        vmovdqu	4608(%rdx), %ymm10
+        vpshufd	$0xf5, %ymm2, %ymm3
+        vpshufd	$0xf5, %ymm4, %ymm5
+        vpshufd	$0xf5, %ymm8, %ymm9
+        vpshufd	$0xf5, %ymm10, %ymm11
+        vpmuldq	%ymm8, %ymm2, %ymm2
+        vpmuldq	%ymm9, %ymm3, %ymm3
+        vpmuldq	%ymm10, %ymm4, %ymm4
+        vpmuldq	%ymm11, %ymm5, %ymm5
+        vpaddq	%ymm2, %ymm0, %ymm0
+        vpaddq	%ymm3, %ymm1, %ymm1
+        vpaddq	%ymm4, %ymm0, %ymm0
+        vpaddq	%ymm5, %ymm1, %ymm1
+        # Mont Reduce 2
+        vpmulld	%ymm13, %ymm0, %ymm6
+        vpmulld	%ymm13, %ymm1, %ymm7
+        vpmuldq	%ymm12, %ymm6, %ymm6
+        vpmuldq	%ymm12, %ymm7, %ymm7
+        vpsubd	%ymm6, %ymm0, %ymm0
+        vpsubd	%ymm7, %ymm1, %ymm1
+        vpsrlq	$32, %ymm0, %ymm0
+        vpor	%ymm1, %ymm0, %ymm0
+        vmovdqu	%ymm0, 512(%rdi)
+        # 136..143
+        vmovdqu	544(%rsi), %ymm0
+        vmovdqu	1568(%rsi), %ymm2
+        vmovdqu	2592(%rsi), %ymm4
+        vmovdqu	544(%rdx), %ymm6
+        vmovdqu	1568(%rdx), %ymm8
+        vmovdqu	2592(%rdx), %ymm10
+        vpshufd	$0xf5, %ymm0, %ymm1
+        vpshufd	$0xf5, %ymm2, %ymm3
+        vpshufd	$0xf5, %ymm4, %ymm5
+        vpshufd	$0xf5, %ymm6, %ymm7
+        vpshufd	$0xf5, %ymm8, %ymm9
+        vpshufd	$0xf5, %ymm10, %ymm11
+        vpmuldq	%ymm6, %ymm0, %ymm0
+        vpmuldq	%ymm7, %ymm1, %ymm1
+        vpmuldq	%ymm8, %ymm2, %ymm2
+        vpmuldq	%ymm9, %ymm3, %ymm3
+        vpmuldq	%ymm10, %ymm4, %ymm4
+        vpmuldq	%ymm11, %ymm5, %ymm5
+        vpaddq	%ymm2, %ymm0, %ymm0
+        vpaddq	%ymm3, %ymm1, %ymm1
+        vpaddq	%ymm4, %ymm0, %ymm0
+        vpaddq	%ymm5, %ymm1, %ymm1
+        vmovdqu	3616(%rsi), %ymm2
+        vmovdqu	4640(%rsi), %ymm4
+        vmovdqu	3616(%rdx), %ymm8
+        vmovdqu	4640(%rdx), %ymm10
+        vpshufd	$0xf5, %ymm2, %ymm3
+        vpshufd	$0xf5, %ymm4, %ymm5
+        vpshufd	$0xf5, %ymm8, %ymm9
+        vpshufd	$0xf5, %ymm10, %ymm11
+        vpmuldq	%ymm8, %ymm2, %ymm2
+        vpmuldq	%ymm9, %ymm3, %ymm3
+        vpmuldq	%ymm10, %ymm4, %ymm4
+        vpmuldq	%ymm11, %ymm5, %ymm5
+        vpaddq	%ymm2, %ymm0, %ymm0
+        vpaddq	%ymm3, %ymm1, %ymm1
+        vpaddq	%ymm4, %ymm0, %ymm0
+        vpaddq	%ymm5, %ymm1, %ymm1
+        # Mont Reduce 2
+        vpmulld	%ymm13, %ymm0, %ymm6
+        vpmulld	%ymm13, %ymm1, %ymm7
+        vpmuldq	%ymm12, %ymm6, %ymm6
+        vpmuldq	%ymm12, %ymm7, %ymm7
+        vpsubd	%ymm6, %ymm0, %ymm0
+        vpsubd	%ymm7, %ymm1, %ymm1
+        vpsrlq	$32, %ymm0, %ymm0
+        vpor	%ymm1, %ymm0, %ymm0
+        vmovdqu	%ymm0, 544(%rdi)
+        # 144..151
+        vmovdqu	576(%rsi), %ymm0
+        vmovdqu	1600(%rsi), %ymm2
+        vmovdqu	2624(%rsi), %ymm4
+        vmovdqu	576(%rdx), %ymm6
+        vmovdqu	1600(%rdx), %ymm8
+        vmovdqu	2624(%rdx), %ymm10
+        vpshufd	$0xf5, %ymm0, %ymm1
+        vpshufd	$0xf5, %ymm2, %ymm3
+        vpshufd	$0xf5, %ymm4, %ymm5
+        vpshufd	$0xf5, %ymm6, %ymm7
+        vpshufd	$0xf5, %ymm8, %ymm9
+        vpshufd	$0xf5, %ymm10, %ymm11
+        vpmuldq	%ymm6, %ymm0, %ymm0
+        vpmuldq	%ymm7, %ymm1, %ymm1
+        vpmuldq	%ymm8, %ymm2, %ymm2
+        vpmuldq	%ymm9, %ymm3, %ymm3
+        vpmuldq	%ymm10, %ymm4, %ymm4
+        vpmuldq	%ymm11, %ymm5, %ymm5
+        vpaddq	%ymm2, %ymm0, %ymm0
+        vpaddq	%ymm3, %ymm1, %ymm1
+        vpaddq	%ymm4, %ymm0, %ymm0
+        vpaddq	%ymm5, %ymm1, %ymm1
+        vmovdqu	3648(%rsi), %ymm2
+        vmovdqu	4672(%rsi), %ymm4
+        vmovdqu	3648(%rdx), %ymm8
+        vmovdqu	4672(%rdx), %ymm10
+        vpshufd	$0xf5, %ymm2, %ymm3
+        vpshufd	$0xf5, %ymm4, %ymm5
+        vpshufd	$0xf5, %ymm8, %ymm9
+        vpshufd	$0xf5, %ymm10, %ymm11
+        vpmuldq	%ymm8, %ymm2, %ymm2
+        vpmuldq	%ymm9, %ymm3, %ymm3
+        vpmuldq	%ymm10, %ymm4, %ymm4
+        vpmuldq	%ymm11, %ymm5, %ymm5
+        vpaddq	%ymm2, %ymm0, %ymm0
+        vpaddq	%ymm3, %ymm1, %ymm1
+        vpaddq	%ymm4, %ymm0, %ymm0
+        vpaddq	%ymm5, %ymm1, %ymm1
+        # Mont Reduce 2
+        vpmulld	%ymm13, %ymm0, %ymm6
+        vpmulld	%ymm13, %ymm1, %ymm7
+        vpmuldq	%ymm12, %ymm6, %ymm6
+        vpmuldq	%ymm12, %ymm7, %ymm7
+        vpsubd	%ymm6, %ymm0, %ymm0
+        vpsubd	%ymm7, %ymm1, %ymm1
+        vpsrlq	$32, %ymm0, %ymm0
+        vpor	%ymm1, %ymm0, %ymm0
+        vmovdqu	%ymm0, 576(%rdi)
+        # 152..159
+        vmovdqu	608(%rsi), %ymm0
+        vmovdqu	1632(%rsi), %ymm2
+        vmovdqu	2656(%rsi), %ymm4
+        vmovdqu	608(%rdx), %ymm6
+        vmovdqu	1632(%rdx), %ymm8
+        vmovdqu	2656(%rdx), %ymm10
+        vpshufd	$0xf5, %ymm0, %ymm1
+        vpshufd	$0xf5, %ymm2, %ymm3
+        vpshufd	$0xf5, %ymm4, %ymm5
+        vpshufd	$0xf5, %ymm6, %ymm7
+        vpshufd	$0xf5, %ymm8, %ymm9
+        vpshufd	$0xf5, %ymm10, %ymm11
+        vpmuldq	%ymm6, %ymm0, %ymm0
+        vpmuldq	%ymm7, %ymm1, %ymm1
+        vpmuldq	%ymm8, %ymm2, %ymm2
+        vpmuldq	%ymm9, %ymm3, %ymm3
+        vpmuldq	%ymm10, %ymm4, %ymm4
+        vpmuldq	%ymm11, %ymm5, %ymm5
+        vpaddq	%ymm2, %ymm0, %ymm0
+        vpaddq	%ymm3, %ymm1, %ymm1
+        vpaddq	%ymm4, %ymm0, %ymm0
+        vpaddq	%ymm5, %ymm1, %ymm1
+        vmovdqu	3680(%rsi), %ymm2
+        vmovdqu	4704(%rsi), %ymm4
+        vmovdqu	3680(%rdx), %ymm8
+        vmovdqu	4704(%rdx), %ymm10
+        vpshufd	$0xf5, %ymm2, %ymm3
+        vpshufd	$0xf5, %ymm4, %ymm5
+        vpshufd	$0xf5, %ymm8, %ymm9
+        vpshufd	$0xf5, %ymm10, %ymm11
+        vpmuldq	%ymm8, %ymm2, %ymm2
+        vpmuldq	%ymm9, %ymm3, %ymm3
+        vpmuldq	%ymm10, %ymm4, %ymm4
+        vpmuldq	%ymm11, %ymm5, %ymm5
+        vpaddq	%ymm2, %ymm0, %ymm0
+        vpaddq	%ymm3, %ymm1, %ymm1
+        vpaddq	%ymm4, %ymm0, %ymm0
+        vpaddq	%ymm5, %ymm1, %ymm1
+        # Mont Reduce 2
+        vpmulld	%ymm13, %ymm0, %ymm6
+        vpmulld	%ymm13, %ymm1, %ymm7
+        vpmuldq	%ymm12, %ymm6, %ymm6
+        vpmuldq	%ymm12, %ymm7, %ymm7
+        vpsubd	%ymm6, %ymm0, %ymm0
+        vpsubd	%ymm7, %ymm1, %ymm1
+        vpsrlq	$32, %ymm0, %ymm0
+        vpor	%ymm1, %ymm0, %ymm0
+        vmovdqu	%ymm0, 608(%rdi)
+        # 160..167
+        vmovdqu	640(%rsi), %ymm0
+        vmovdqu	1664(%rsi), %ymm2
+        vmovdqu	2688(%rsi), %ymm4
+        vmovdqu	640(%rdx), %ymm6
+        vmovdqu	1664(%rdx), %ymm8
+        vmovdqu	2688(%rdx), %ymm10
+        vpshufd	$0xf5, %ymm0, %ymm1
+        vpshufd	$0xf5, %ymm2, %ymm3
+        vpshufd	$0xf5, %ymm4, %ymm5
+        vpshufd	$0xf5, %ymm6, %ymm7
+        vpshufd	$0xf5, %ymm8, %ymm9
+        vpshufd	$0xf5, %ymm10, %ymm11
+        vpmuldq	%ymm6, %ymm0, %ymm0
+        vpmuldq	%ymm7, %ymm1, %ymm1
+        vpmuldq	%ymm8, %ymm2, %ymm2
+        vpmuldq	%ymm9, %ymm3, %ymm3
+        vpmuldq	%ymm10, %ymm4, %ymm4
+        vpmuldq	%ymm11, %ymm5, %ymm5
+        vpaddq	%ymm2, %ymm0, %ymm0
+        vpaddq	%ymm3, %ymm1, %ymm1
+        vpaddq	%ymm4, %ymm0, %ymm0
+        vpaddq	%ymm5, %ymm1, %ymm1
+        vmovdqu	3712(%rsi), %ymm2
+        vmovdqu	4736(%rsi), %ymm4
+        vmovdqu	3712(%rdx), %ymm8
+        vmovdqu	4736(%rdx), %ymm10
+        vpshufd	$0xf5, %ymm2, %ymm3
+        vpshufd	$0xf5, %ymm4, %ymm5
+        vpshufd	$0xf5, %ymm8, %ymm9
+        vpshufd	$0xf5, %ymm10, %ymm11
+        vpmuldq	%ymm8, %ymm2, %ymm2
+        vpmuldq	%ymm9, %ymm3, %ymm3
+        vpmuldq	%ymm10, %ymm4, %ymm4
+        vpmuldq	%ymm11, %ymm5, %ymm5
+        vpaddq	%ymm2, %ymm0, %ymm0
+        vpaddq	%ymm3, %ymm1, %ymm1
+        vpaddq	%ymm4, %ymm0, %ymm0
+        vpaddq	%ymm5, %ymm1, %ymm1
+        # Mont Reduce 2
+        vpmulld	%ymm13, %ymm0, %ymm6
+        vpmulld	%ymm13, %ymm1, %ymm7
+        vpmuldq	%ymm12, %ymm6, %ymm6
+        vpmuldq	%ymm12, %ymm7, %ymm7
+        vpsubd	%ymm6, %ymm0, %ymm0
+        vpsubd	%ymm7, %ymm1, %ymm1
+        vpsrlq	$32, %ymm0, %ymm0
+        vpor	%ymm1, %ymm0, %ymm0
+        vmovdqu	%ymm0, 640(%rdi)
+        # 168..175
+        vmovdqu	672(%rsi), %ymm0
+        vmovdqu	1696(%rsi), %ymm2
+        vmovdqu	2720(%rsi), %ymm4
+        vmovdqu	672(%rdx), %ymm6
+        vmovdqu	1696(%rdx), %ymm8
+        vmovdqu	2720(%rdx), %ymm10
+        vpshufd	$0xf5, %ymm0, %ymm1
+        vpshufd	$0xf5, %ymm2, %ymm3
+        vpshufd	$0xf5, %ymm4, %ymm5
+        vpshufd	$0xf5, %ymm6, %ymm7
+        vpshufd	$0xf5, %ymm8, %ymm9
+        vpshufd	$0xf5, %ymm10, %ymm11
+        vpmuldq	%ymm6, %ymm0, %ymm0
+        vpmuldq	%ymm7, %ymm1, %ymm1
+        vpmuldq	%ymm8, %ymm2, %ymm2
+        vpmuldq	%ymm9, %ymm3, %ymm3
+        vpmuldq	%ymm10, %ymm4, %ymm4
+        vpmuldq	%ymm11, %ymm5, %ymm5
+        vpaddq	%ymm2, %ymm0, %ymm0
+        vpaddq	%ymm3, %ymm1, %ymm1
+        vpaddq	%ymm4, %ymm0, %ymm0
+        vpaddq	%ymm5, %ymm1, %ymm1
+        vmovdqu	3744(%rsi), %ymm2
+        vmovdqu	4768(%rsi), %ymm4
+        vmovdqu	3744(%rdx), %ymm8
+        vmovdqu	4768(%rdx), %ymm10
+        vpshufd	$0xf5, %ymm2, %ymm3
+        vpshufd	$0xf5, %ymm4, %ymm5
+        vpshufd	$0xf5, %ymm8, %ymm9
+        vpshufd	$0xf5, %ymm10, %ymm11
+        vpmuldq	%ymm8, %ymm2, %ymm2
+        vpmuldq	%ymm9, %ymm3, %ymm3
+        vpmuldq	%ymm10, %ymm4, %ymm4
+        vpmuldq	%ymm11, %ymm5, %ymm5
+        vpaddq	%ymm2, %ymm0, %ymm0
+        vpaddq	%ymm3, %ymm1, %ymm1
+        vpaddq	%ymm4, %ymm0, %ymm0
+        vpaddq	%ymm5, %ymm1, %ymm1
+        # Mont Reduce 2
+        vpmulld	%ymm13, %ymm0, %ymm6
+        vpmulld	%ymm13, %ymm1, %ymm7
+        vpmuldq	%ymm12, %ymm6, %ymm6
+        vpmuldq	%ymm12, %ymm7, %ymm7
+        vpsubd	%ymm6, %ymm0, %ymm0
+        vpsubd	%ymm7, %ymm1, %ymm1
+        vpsrlq	$32, %ymm0, %ymm0
+        vpor	%ymm1, %ymm0, %ymm0
+        vmovdqu	%ymm0, 672(%rdi)
+        # 176..183
+        vmovdqu	704(%rsi), %ymm0
+        vmovdqu	1728(%rsi), %ymm2
+        vmovdqu	2752(%rsi), %ymm4
+        vmovdqu	704(%rdx), %ymm6
+        vmovdqu	1728(%rdx), %ymm8
+        vmovdqu	2752(%rdx), %ymm10
+        vpshufd	$0xf5, %ymm0, %ymm1
+        vpshufd	$0xf5, %ymm2, %ymm3
+        vpshufd	$0xf5, %ymm4, %ymm5
+        vpshufd	$0xf5, %ymm6, %ymm7
+        vpshufd	$0xf5, %ymm8, %ymm9
+        vpshufd	$0xf5, %ymm10, %ymm11
+        vpmuldq	%ymm6, %ymm0, %ymm0
+        vpmuldq	%ymm7, %ymm1, %ymm1
+        vpmuldq	%ymm8, %ymm2, %ymm2
+        vpmuldq	%ymm9, %ymm3, %ymm3
+        vpmuldq	%ymm10, %ymm4, %ymm4
+        vpmuldq	%ymm11, %ymm5, %ymm5
+        vpaddq	%ymm2, %ymm0, %ymm0
+        vpaddq	%ymm3, %ymm1, %ymm1
+        vpaddq	%ymm4, %ymm0, %ymm0
+        vpaddq	%ymm5, %ymm1, %ymm1
+        vmovdqu	3776(%rsi), %ymm2
+        vmovdqu	4800(%rsi), %ymm4
+        vmovdqu	3776(%rdx), %ymm8
+        vmovdqu	4800(%rdx), %ymm10
+        vpshufd	$0xf5, %ymm2, %ymm3
+        vpshufd	$0xf5, %ymm4, %ymm5
+        vpshufd	$0xf5, %ymm8, %ymm9
+        vpshufd	$0xf5, %ymm10, %ymm11
+        vpmuldq	%ymm8, %ymm2, %ymm2
+        vpmuldq	%ymm9, %ymm3, %ymm3
+        vpmuldq	%ymm10, %ymm4, %ymm4
+        vpmuldq	%ymm11, %ymm5, %ymm5
+        vpaddq	%ymm2, %ymm0, %ymm0
+        vpaddq	%ymm3, %ymm1, %ymm1
+        vpaddq	%ymm4, %ymm0, %ymm0
+        vpaddq	%ymm5, %ymm1, %ymm1
+        # Mont Reduce 2
+        vpmulld	%ymm13, %ymm0, %ymm6
+        vpmulld	%ymm13, %ymm1, %ymm7
+        vpmuldq	%ymm12, %ymm6, %ymm6
+        vpmuldq	%ymm12, %ymm7, %ymm7
+        vpsubd	%ymm6, %ymm0, %ymm0
+        vpsubd	%ymm7, %ymm1, %ymm1
+        vpsrlq	$32, %ymm0, %ymm0
+        vpor	%ymm1, %ymm0, %ymm0
+        vmovdqu	%ymm0, 704(%rdi)
+        # 184..191
+        vmovdqu	736(%rsi), %ymm0
+        vmovdqu	1760(%rsi), %ymm2
+        vmovdqu	2784(%rsi), %ymm4
+        vmovdqu	736(%rdx), %ymm6
+        vmovdqu	1760(%rdx), %ymm8
+        vmovdqu	2784(%rdx), %ymm10
+        vpshufd	$0xf5, %ymm0, %ymm1
+        vpshufd	$0xf5, %ymm2, %ymm3
+        vpshufd	$0xf5, %ymm4, %ymm5
+        vpshufd	$0xf5, %ymm6, %ymm7
+        vpshufd	$0xf5, %ymm8, %ymm9
+        vpshufd	$0xf5, %ymm10, %ymm11
+        vpmuldq	%ymm6, %ymm0, %ymm0
+        vpmuldq	%ymm7, %ymm1, %ymm1
+        vpmuldq	%ymm8, %ymm2, %ymm2
+        vpmuldq	%ymm9, %ymm3, %ymm3
+        vpmuldq	%ymm10, %ymm4, %ymm4
+        vpmuldq	%ymm11, %ymm5, %ymm5
+        vpaddq	%ymm2, %ymm0, %ymm0
+        vpaddq	%ymm3, %ymm1, %ymm1
+        vpaddq	%ymm4, %ymm0, %ymm0
+        vpaddq	%ymm5, %ymm1, %ymm1
+        vmovdqu	3808(%rsi), %ymm2
+        vmovdqu	4832(%rsi), %ymm4
+        vmovdqu	3808(%rdx), %ymm8
+        vmovdqu	4832(%rdx), %ymm10
+        vpshufd	$0xf5, %ymm2, %ymm3
+        vpshufd	$0xf5, %ymm4, %ymm5
+        vpshufd	$0xf5, %ymm8, %ymm9
+        vpshufd	$0xf5, %ymm10, %ymm11
+        vpmuldq	%ymm8, %ymm2, %ymm2
+        vpmuldq	%ymm9, %ymm3, %ymm3
+        vpmuldq	%ymm10, %ymm4, %ymm4
+        vpmuldq	%ymm11, %ymm5, %ymm5
+        vpaddq	%ymm2, %ymm0, %ymm0
+        vpaddq	%ymm3, %ymm1, %ymm1
+        vpaddq	%ymm4, %ymm0, %ymm0
+        vpaddq	%ymm5, %ymm1, %ymm1
+        # Mont Reduce 2
+        vpmulld	%ymm13, %ymm0, %ymm6
+        vpmulld	%ymm13, %ymm1, %ymm7
+        vpmuldq	%ymm12, %ymm6, %ymm6
+        vpmuldq	%ymm12, %ymm7, %ymm7
+        vpsubd	%ymm6, %ymm0, %ymm0
+        vpsubd	%ymm7, %ymm1, %ymm1
+        vpsrlq	$32, %ymm0, %ymm0
+        vpor	%ymm1, %ymm0, %ymm0
+        vmovdqu	%ymm0, 736(%rdi)
+        # 192..199
+        vmovdqu	768(%rsi), %ymm0
+        vmovdqu	1792(%rsi), %ymm2
+        vmovdqu	2816(%rsi), %ymm4
+        vmovdqu	768(%rdx), %ymm6
+        vmovdqu	1792(%rdx), %ymm8
+        vmovdqu	2816(%rdx), %ymm10
+        vpshufd	$0xf5, %ymm0, %ymm1
+        vpshufd	$0xf5, %ymm2, %ymm3
+        vpshufd	$0xf5, %ymm4, %ymm5
+        vpshufd	$0xf5, %ymm6, %ymm7
+        vpshufd	$0xf5, %ymm8, %ymm9
+        vpshufd	$0xf5, %ymm10, %ymm11
+        vpmuldq	%ymm6, %ymm0, %ymm0
+        vpmuldq	%ymm7, %ymm1, %ymm1
+        vpmuldq	%ymm8, %ymm2, %ymm2
+        vpmuldq	%ymm9, %ymm3, %ymm3
+        vpmuldq	%ymm10, %ymm4, %ymm4
+        vpmuldq	%ymm11, %ymm5, %ymm5
+        vpaddq	%ymm2, %ymm0, %ymm0
+        vpaddq	%ymm3, %ymm1, %ymm1
+        vpaddq	%ymm4, %ymm0, %ymm0
+        vpaddq	%ymm5, %ymm1, %ymm1
+        vmovdqu	3840(%rsi), %ymm2
+        vmovdqu	4864(%rsi), %ymm4
+        vmovdqu	3840(%rdx), %ymm8
+        vmovdqu	4864(%rdx), %ymm10
+        vpshufd	$0xf5, %ymm2, %ymm3
+        vpshufd	$0xf5, %ymm4, %ymm5
+        vpshufd	$0xf5, %ymm8, %ymm9
+        vpshufd	$0xf5, %ymm10, %ymm11
+        vpmuldq	%ymm8, %ymm2, %ymm2
+        vpmuldq	%ymm9, %ymm3, %ymm3
+        vpmuldq	%ymm10, %ymm4, %ymm4
+        vpmuldq	%ymm11, %ymm5, %ymm5
+        vpaddq	%ymm2, %ymm0, %ymm0
+        vpaddq	%ymm3, %ymm1, %ymm1
+        vpaddq	%ymm4, %ymm0, %ymm0
+        vpaddq	%ymm5, %ymm1, %ymm1
+        # Mont Reduce 2
+        vpmulld	%ymm13, %ymm0, %ymm6
+        vpmulld	%ymm13, %ymm1, %ymm7
+        vpmuldq	%ymm12, %ymm6, %ymm6
+        vpmuldq	%ymm12, %ymm7, %ymm7
+        vpsubd	%ymm6, %ymm0, %ymm0
+        vpsubd	%ymm7, %ymm1, %ymm1
+        vpsrlq	$32, %ymm0, %ymm0
+        vpor	%ymm1, %ymm0, %ymm0
+        vmovdqu	%ymm0, 768(%rdi)
+        # 200..207
+        vmovdqu	800(%rsi), %ymm0
+        vmovdqu	1824(%rsi), %ymm2
+        vmovdqu	2848(%rsi), %ymm4
+        vmovdqu	800(%rdx), %ymm6
+        vmovdqu	1824(%rdx), %ymm8
+        vmovdqu	2848(%rdx), %ymm10
+        vpshufd	$0xf5, %ymm0, %ymm1
+        vpshufd	$0xf5, %ymm2, %ymm3
+        vpshufd	$0xf5, %ymm4, %ymm5
+        vpshufd	$0xf5, %ymm6, %ymm7
+        vpshufd	$0xf5, %ymm8, %ymm9
+        vpshufd	$0xf5, %ymm10, %ymm11
+        vpmuldq	%ymm6, %ymm0, %ymm0
+        vpmuldq	%ymm7, %ymm1, %ymm1
+        vpmuldq	%ymm8, %ymm2, %ymm2
+        vpmuldq	%ymm9, %ymm3, %ymm3
+        vpmuldq	%ymm10, %ymm4, %ymm4
+        vpmuldq	%ymm11, %ymm5, %ymm5
+        vpaddq	%ymm2, %ymm0, %ymm0
+        vpaddq	%ymm3, %ymm1, %ymm1
+        vpaddq	%ymm4, %ymm0, %ymm0
+        vpaddq	%ymm5, %ymm1, %ymm1
+        vmovdqu	3872(%rsi), %ymm2
+        vmovdqu	4896(%rsi), %ymm4
+        vmovdqu	3872(%rdx), %ymm8
+        vmovdqu	4896(%rdx), %ymm10
+        vpshufd	$0xf5, %ymm2, %ymm3
+        vpshufd	$0xf5, %ymm4, %ymm5
+        vpshufd	$0xf5, %ymm8, %ymm9
+        vpshufd	$0xf5, %ymm10, %ymm11
+        vpmuldq	%ymm8, %ymm2, %ymm2
+        vpmuldq	%ymm9, %ymm3, %ymm3
+        vpmuldq	%ymm10, %ymm4, %ymm4
+        vpmuldq	%ymm11, %ymm5, %ymm5
+        vpaddq	%ymm2, %ymm0, %ymm0
+        vpaddq	%ymm3, %ymm1, %ymm1
+        vpaddq	%ymm4, %ymm0, %ymm0
+        vpaddq	%ymm5, %ymm1, %ymm1
+        # Mont Reduce 2
+        vpmulld	%ymm13, %ymm0, %ymm6
+        vpmulld	%ymm13, %ymm1, %ymm7
+        vpmuldq	%ymm12, %ymm6, %ymm6
+        vpmuldq	%ymm12, %ymm7, %ymm7
+        vpsubd	%ymm6, %ymm0, %ymm0
+        vpsubd	%ymm7, %ymm1, %ymm1
+        vpsrlq	$32, %ymm0, %ymm0
+        vpor	%ymm1, %ymm0, %ymm0
+        vmovdqu	%ymm0, 800(%rdi)
+        # 208..215
+        vmovdqu	832(%rsi), %ymm0
+        vmovdqu	1856(%rsi), %ymm2
+        vmovdqu	2880(%rsi), %ymm4
+        vmovdqu	832(%rdx), %ymm6
+        vmovdqu	1856(%rdx), %ymm8
+        vmovdqu	2880(%rdx), %ymm10
+        vpshufd	$0xf5, %ymm0, %ymm1
+        vpshufd	$0xf5, %ymm2, %ymm3
+        vpshufd	$0xf5, %ymm4, %ymm5
+        vpshufd	$0xf5, %ymm6, %ymm7
+        vpshufd	$0xf5, %ymm8, %ymm9
+        vpshufd	$0xf5, %ymm10, %ymm11
+        vpmuldq	%ymm6, %ymm0, %ymm0
+        vpmuldq	%ymm7, %ymm1, %ymm1
+        vpmuldq	%ymm8, %ymm2, %ymm2
+        vpmuldq	%ymm9, %ymm3, %ymm3
+        vpmuldq	%ymm10, %ymm4, %ymm4
+        vpmuldq	%ymm11, %ymm5, %ymm5
+        vpaddq	%ymm2, %ymm0, %ymm0
+        vpaddq	%ymm3, %ymm1, %ymm1
+        vpaddq	%ymm4, %ymm0, %ymm0
+        vpaddq	%ymm5, %ymm1, %ymm1
+        vmovdqu	3904(%rsi), %ymm2
+        vmovdqu	4928(%rsi), %ymm4
+        vmovdqu	3904(%rdx), %ymm8
+        vmovdqu	4928(%rdx), %ymm10
+        vpshufd	$0xf5, %ymm2, %ymm3
+        vpshufd	$0xf5, %ymm4, %ymm5
+        vpshufd	$0xf5, %ymm8, %ymm9
+        vpshufd	$0xf5, %ymm10, %ymm11
+        vpmuldq	%ymm8, %ymm2, %ymm2
+        vpmuldq	%ymm9, %ymm3, %ymm3
+        vpmuldq	%ymm10, %ymm4, %ymm4
+        vpmuldq	%ymm11, %ymm5, %ymm5
+        vpaddq	%ymm2, %ymm0, %ymm0
+        vpaddq	%ymm3, %ymm1, %ymm1
+        vpaddq	%ymm4, %ymm0, %ymm0
+        vpaddq	%ymm5, %ymm1, %ymm1
+        # Mont Reduce 2
+        vpmulld	%ymm13, %ymm0, %ymm6
+        vpmulld	%ymm13, %ymm1, %ymm7
+        vpmuldq	%ymm12, %ymm6, %ymm6
+        vpmuldq	%ymm12, %ymm7, %ymm7
+        vpsubd	%ymm6, %ymm0, %ymm0
+        vpsubd	%ymm7, %ymm1, %ymm1
+        vpsrlq	$32, %ymm0, %ymm0
+        vpor	%ymm1, %ymm0, %ymm0
+        vmovdqu	%ymm0, 832(%rdi)
+        # 216..223
+        vmovdqu	864(%rsi), %ymm0
+        vmovdqu	1888(%rsi), %ymm2
+        vmovdqu	2912(%rsi), %ymm4
+        vmovdqu	864(%rdx), %ymm6
+        vmovdqu	1888(%rdx), %ymm8
+        vmovdqu	2912(%rdx), %ymm10
+        vpshufd	$0xf5, %ymm0, %ymm1
+        vpshufd	$0xf5, %ymm2, %ymm3
+        vpshufd	$0xf5, %ymm4, %ymm5
+        vpshufd	$0xf5, %ymm6, %ymm7
+        vpshufd	$0xf5, %ymm8, %ymm9
+        vpshufd	$0xf5, %ymm10, %ymm11
+        vpmuldq	%ymm6, %ymm0, %ymm0
+        vpmuldq	%ymm7, %ymm1, %ymm1
+        vpmuldq	%ymm8, %ymm2, %ymm2
+        vpmuldq	%ymm9, %ymm3, %ymm3
+        vpmuldq	%ymm10, %ymm4, %ymm4
+        vpmuldq	%ymm11, %ymm5, %ymm5
+        vpaddq	%ymm2, %ymm0, %ymm0
+        vpaddq	%ymm3, %ymm1, %ymm1
+        vpaddq	%ymm4, %ymm0, %ymm0
+        vpaddq	%ymm5, %ymm1, %ymm1
+        vmovdqu	3936(%rsi), %ymm2
+        vmovdqu	4960(%rsi), %ymm4
+        vmovdqu	3936(%rdx), %ymm8
+        vmovdqu	4960(%rdx), %ymm10
+        vpshufd	$0xf5, %ymm2, %ymm3
+        vpshufd	$0xf5, %ymm4, %ymm5
+        vpshufd	$0xf5, %ymm8, %ymm9
+        vpshufd	$0xf5, %ymm10, %ymm11
+        vpmuldq	%ymm8, %ymm2, %ymm2
+        vpmuldq	%ymm9, %ymm3, %ymm3
+        vpmuldq	%ymm10, %ymm4, %ymm4
+        vpmuldq	%ymm11, %ymm5, %ymm5
+        vpaddq	%ymm2, %ymm0, %ymm0
+        vpaddq	%ymm3, %ymm1, %ymm1
+        vpaddq	%ymm4, %ymm0, %ymm0
+        vpaddq	%ymm5, %ymm1, %ymm1
+        # Mont Reduce 2
+        vpmulld	%ymm13, %ymm0, %ymm6
+        vpmulld	%ymm13, %ymm1, %ymm7
+        vpmuldq	%ymm12, %ymm6, %ymm6
+        vpmuldq	%ymm12, %ymm7, %ymm7
+        vpsubd	%ymm6, %ymm0, %ymm0
+        vpsubd	%ymm7, %ymm1, %ymm1
+        vpsrlq	$32, %ymm0, %ymm0
+        vpor	%ymm1, %ymm0, %ymm0
+        vmovdqu	%ymm0, 864(%rdi)
+        # 224..231
+        vmovdqu	896(%rsi), %ymm0
+        vmovdqu	1920(%rsi), %ymm2
+        vmovdqu	2944(%rsi), %ymm4
+        vmovdqu	896(%rdx), %ymm6
+        vmovdqu	1920(%rdx), %ymm8
+        vmovdqu	2944(%rdx), %ymm10
+        vpshufd	$0xf5, %ymm0, %ymm1
+        vpshufd	$0xf5, %ymm2, %ymm3
+        vpshufd	$0xf5, %ymm4, %ymm5
+        vpshufd	$0xf5, %ymm6, %ymm7
+        vpshufd	$0xf5, %ymm8, %ymm9
+        vpshufd	$0xf5, %ymm10, %ymm11
+        vpmuldq	%ymm6, %ymm0, %ymm0
+        vpmuldq	%ymm7, %ymm1, %ymm1
+        vpmuldq	%ymm8, %ymm2, %ymm2
+        vpmuldq	%ymm9, %ymm3, %ymm3
+        vpmuldq	%ymm10, %ymm4, %ymm4
+        vpmuldq	%ymm11, %ymm5, %ymm5
+        vpaddq	%ymm2, %ymm0, %ymm0
+        vpaddq	%ymm3, %ymm1, %ymm1
+        vpaddq	%ymm4, %ymm0, %ymm0
+        vpaddq	%ymm5, %ymm1, %ymm1
+        vmovdqu	3968(%rsi), %ymm2
+        vmovdqu	4992(%rsi), %ymm4
+        vmovdqu	3968(%rdx), %ymm8
+        vmovdqu	4992(%rdx), %ymm10
+        vpshufd	$0xf5, %ymm2, %ymm3
+        vpshufd	$0xf5, %ymm4, %ymm5
+        vpshufd	$0xf5, %ymm8, %ymm9
+        vpshufd	$0xf5, %ymm10, %ymm11
+        vpmuldq	%ymm8, %ymm2, %ymm2
+        vpmuldq	%ymm9, %ymm3, %ymm3
+        vpmuldq	%ymm10, %ymm4, %ymm4
+        vpmuldq	%ymm11, %ymm5, %ymm5
+        vpaddq	%ymm2, %ymm0, %ymm0
+        vpaddq	%ymm3, %ymm1, %ymm1
+        vpaddq	%ymm4, %ymm0, %ymm0
+        vpaddq	%ymm5, %ymm1, %ymm1
+        # Mont Reduce 2
+        vpmulld	%ymm13, %ymm0, %ymm6
+        vpmulld	%ymm13, %ymm1, %ymm7
+        vpmuldq	%ymm12, %ymm6, %ymm6
+        vpmuldq	%ymm12, %ymm7, %ymm7
+        vpsubd	%ymm6, %ymm0, %ymm0
+        vpsubd	%ymm7, %ymm1, %ymm1
+        vpsrlq	$32, %ymm0, %ymm0
+        vpor	%ymm1, %ymm0, %ymm0
+        vmovdqu	%ymm0, 896(%rdi)
+        # 232..239
+        vmovdqu	928(%rsi), %ymm0
+        vmovdqu	1952(%rsi), %ymm2
+        vmovdqu	2976(%rsi), %ymm4
+        vmovdqu	928(%rdx), %ymm6
+        vmovdqu	1952(%rdx), %ymm8
+        vmovdqu	2976(%rdx), %ymm10
+        vpshufd	$0xf5, %ymm0, %ymm1
+        vpshufd	$0xf5, %ymm2, %ymm3
+        vpshufd	$0xf5, %ymm4, %ymm5
+        vpshufd	$0xf5, %ymm6, %ymm7
+        vpshufd	$0xf5, %ymm8, %ymm9
+        vpshufd	$0xf5, %ymm10, %ymm11
+        vpmuldq	%ymm6, %ymm0, %ymm0
+        vpmuldq	%ymm7, %ymm1, %ymm1
+        vpmuldq	%ymm8, %ymm2, %ymm2
+        vpmuldq	%ymm9, %ymm3, %ymm3
+        vpmuldq	%ymm10, %ymm4, %ymm4
+        vpmuldq	%ymm11, %ymm5, %ymm5
+        vpaddq	%ymm2, %ymm0, %ymm0
+        vpaddq	%ymm3, %ymm1, %ymm1
+        vpaddq	%ymm4, %ymm0, %ymm0
+        vpaddq	%ymm5, %ymm1, %ymm1
+        vmovdqu	4000(%rsi), %ymm2
+        vmovdqu	5024(%rsi), %ymm4
+        vmovdqu	4000(%rdx), %ymm8
+        vmovdqu	5024(%rdx), %ymm10
+        vpshufd	$0xf5, %ymm2, %ymm3
+        vpshufd	$0xf5, %ymm4, %ymm5
+        vpshufd	$0xf5, %ymm8, %ymm9
+        vpshufd	$0xf5, %ymm10, %ymm11
+        vpmuldq	%ymm8, %ymm2, %ymm2
+        vpmuldq	%ymm9, %ymm3, %ymm3
+        vpmuldq	%ymm10, %ymm4, %ymm4
+        vpmuldq	%ymm11, %ymm5, %ymm5
+        vpaddq	%ymm2, %ymm0, %ymm0
+        vpaddq	%ymm3, %ymm1, %ymm1
+        vpaddq	%ymm4, %ymm0, %ymm0
+        vpaddq	%ymm5, %ymm1, %ymm1
+        # Mont Reduce 2
+        vpmulld	%ymm13, %ymm0, %ymm6
+        vpmulld	%ymm13, %ymm1, %ymm7
+        vpmuldq	%ymm12, %ymm6, %ymm6
+        vpmuldq	%ymm12, %ymm7, %ymm7
+        vpsubd	%ymm6, %ymm0, %ymm0
+        vpsubd	%ymm7, %ymm1, %ymm1
+        vpsrlq	$32, %ymm0, %ymm0
+        vpor	%ymm1, %ymm0, %ymm0
+        vmovdqu	%ymm0, 928(%rdi)
+        # 240..247
+        vmovdqu	960(%rsi), %ymm0
+        vmovdqu	1984(%rsi), %ymm2
+        vmovdqu	3008(%rsi), %ymm4
+        vmovdqu	960(%rdx), %ymm6
+        vmovdqu	1984(%rdx), %ymm8
+        vmovdqu	3008(%rdx), %ymm10
+        vpshufd	$0xf5, %ymm0, %ymm1
+        vpshufd	$0xf5, %ymm2, %ymm3
+        vpshufd	$0xf5, %ymm4, %ymm5
+        vpshufd	$0xf5, %ymm6, %ymm7
+        vpshufd	$0xf5, %ymm8, %ymm9
+        vpshufd	$0xf5, %ymm10, %ymm11
+        vpmuldq	%ymm6, %ymm0, %ymm0
+        vpmuldq	%ymm7, %ymm1, %ymm1
+        vpmuldq	%ymm8, %ymm2, %ymm2
+        vpmuldq	%ymm9, %ymm3, %ymm3
+        vpmuldq	%ymm10, %ymm4, %ymm4
+        vpmuldq	%ymm11, %ymm5, %ymm5
+        vpaddq	%ymm2, %ymm0, %ymm0
+        vpaddq	%ymm3, %ymm1, %ymm1
+        vpaddq	%ymm4, %ymm0, %ymm0
+        vpaddq	%ymm5, %ymm1, %ymm1
+        vmovdqu	4032(%rsi), %ymm2
+        vmovdqu	5056(%rsi), %ymm4
+        vmovdqu	4032(%rdx), %ymm8
+        vmovdqu	5056(%rdx), %ymm10
+        vpshufd	$0xf5, %ymm2, %ymm3
+        vpshufd	$0xf5, %ymm4, %ymm5
+        vpshufd	$0xf5, %ymm8, %ymm9
+        vpshufd	$0xf5, %ymm10, %ymm11
+        vpmuldq	%ymm8, %ymm2, %ymm2
+        vpmuldq	%ymm9, %ymm3, %ymm3
+        vpmuldq	%ymm10, %ymm4, %ymm4
+        vpmuldq	%ymm11, %ymm5, %ymm5
+        vpaddq	%ymm2, %ymm0, %ymm0
+        vpaddq	%ymm3, %ymm1, %ymm1
+        vpaddq	%ymm4, %ymm0, %ymm0
+        vpaddq	%ymm5, %ymm1, %ymm1
+        # Mont Reduce 2
+        vpmulld	%ymm13, %ymm0, %ymm6
+        vpmulld	%ymm13, %ymm1, %ymm7
+        vpmuldq	%ymm12, %ymm6, %ymm6
+        vpmuldq	%ymm12, %ymm7, %ymm7
+        vpsubd	%ymm6, %ymm0, %ymm0
+        vpsubd	%ymm7, %ymm1, %ymm1
+        vpsrlq	$32, %ymm0, %ymm0
+        vpor	%ymm1, %ymm0, %ymm0
+        vmovdqu	%ymm0, 960(%rdi)
+        # 248..255
+        vmovdqu	992(%rsi), %ymm0
+        vmovdqu	2016(%rsi), %ymm2
+        vmovdqu	3040(%rsi), %ymm4
+        vmovdqu	992(%rdx), %ymm6
+        vmovdqu	2016(%rdx), %ymm8
+        vmovdqu	3040(%rdx), %ymm10
+        vpshufd	$0xf5, %ymm0, %ymm1
+        vpshufd	$0xf5, %ymm2, %ymm3
+        vpshufd	$0xf5, %ymm4, %ymm5
+        vpshufd	$0xf5, %ymm6, %ymm7
+        vpshufd	$0xf5, %ymm8, %ymm9
+        vpshufd	$0xf5, %ymm10, %ymm11
+        vpmuldq	%ymm6, %ymm0, %ymm0
+        vpmuldq	%ymm7, %ymm1, %ymm1
+        vpmuldq	%ymm8, %ymm2, %ymm2
+        vpmuldq	%ymm9, %ymm3, %ymm3
+        vpmuldq	%ymm10, %ymm4, %ymm4
+        vpmuldq	%ymm11, %ymm5, %ymm5
+        vpaddq	%ymm2, %ymm0, %ymm0
+        vpaddq	%ymm3, %ymm1, %ymm1
+        vpaddq	%ymm4, %ymm0, %ymm0
+        vpaddq	%ymm5, %ymm1, %ymm1
+        vmovdqu	4064(%rsi), %ymm2
+        vmovdqu	5088(%rsi), %ymm4
+        vmovdqu	4064(%rdx), %ymm8
+        vmovdqu	5088(%rdx), %ymm10
+        vpshufd	$0xf5, %ymm2, %ymm3
+        vpshufd	$0xf5, %ymm4, %ymm5
+        vpshufd	$0xf5, %ymm8, %ymm9
+        vpshufd	$0xf5, %ymm10, %ymm11
+        vpmuldq	%ymm8, %ymm2, %ymm2
+        vpmuldq	%ymm9, %ymm3, %ymm3
+        vpmuldq	%ymm10, %ymm4, %ymm4
+        vpmuldq	%ymm11, %ymm5, %ymm5
+        vpaddq	%ymm2, %ymm0, %ymm0
+        vpaddq	%ymm3, %ymm1, %ymm1
+        vpaddq	%ymm4, %ymm0, %ymm0
+        vpaddq	%ymm5, %ymm1, %ymm1
+        # Mont Reduce 2
+        vpmulld	%ymm13, %ymm0, %ymm6
+        vpmulld	%ymm13, %ymm1, %ymm7
+        vpmuldq	%ymm12, %ymm6, %ymm6
+        vpmuldq	%ymm12, %ymm7, %ymm7
+        vpsubd	%ymm6, %ymm0, %ymm0
+        vpsubd	%ymm7, %ymm1, %ymm1
+        vpsrlq	$32, %ymm0, %ymm0
+        vpor	%ymm1, %ymm0, %ymm0
+        vmovdqu	%ymm0, 992(%rdi)
+        vzeroupper
+        repz retq
+#ifndef __APPLE__
+.size	wc_mldsa_mul_vec_5_avx2,.-wc_mldsa_mul_vec_5_avx2
+#endif /* __APPLE__ */
+#ifndef __APPLE__
+.text
+.globl	wc_mldsa_mul_vec_7_avx2
+.type	wc_mldsa_mul_vec_7_avx2,@function
+.align	16
+wc_mldsa_mul_vec_7_avx2:
+#else
+.section	__TEXT,__text
+.globl	_wc_mldsa_mul_vec_7_avx2
+.p2align	4
+_wc_mldsa_mul_vec_7_avx2:
+#endif /* __APPLE__ */
+        vpxor	%ymm12, %ymm12, %ymm12
+        vmovdqu	mldsa_q(%rip), %ymm12
+        vmovdqu	mldsa_qinv(%rip), %ymm13
+        # 0..7
+        vmovdqu	(%rsi), %ymm0
+        vmovdqu	1024(%rsi), %ymm2
+        vmovdqu	2048(%rsi), %ymm4
+        vmovdqu	(%rdx), %ymm6
+        vmovdqu	1024(%rdx), %ymm8
+        vmovdqu	2048(%rdx), %ymm10
+        vpshufd	$0xf5, %ymm0, %ymm1
+        vpshufd	$0xf5, %ymm2, %ymm3
+        vpshufd	$0xf5, %ymm4, %ymm5
+        vpshufd	$0xf5, %ymm6, %ymm7
+        vpshufd	$0xf5, %ymm8, %ymm9
+        vpshufd	$0xf5, %ymm10, %ymm11
+        vpmuldq	%ymm6, %ymm0, %ymm0
+        vpmuldq	%ymm7, %ymm1, %ymm1
+        vpmuldq	%ymm8, %ymm2, %ymm2
+        vpmuldq	%ymm9, %ymm3, %ymm3
+        vpmuldq	%ymm10, %ymm4, %ymm4
+        vpmuldq	%ymm11, %ymm5, %ymm5
+        vpaddq	%ymm2, %ymm0, %ymm0
+        vpaddq	%ymm3, %ymm1, %ymm1
+        vpaddq	%ymm4, %ymm0, %ymm0
+        vpaddq	%ymm5, %ymm1, %ymm1
+        vmovdqu	3072(%rsi), %ymm2
+        vmovdqu	4096(%rsi), %ymm4
+        vmovdqu	3072(%rdx), %ymm8
+        vmovdqu	4096(%rdx), %ymm10
+        vpshufd	$0xf5, %ymm2, %ymm3
+        vpshufd	$0xf5, %ymm4, %ymm5
+        vpshufd	$0xf5, %ymm8, %ymm9
+        vpshufd	$0xf5, %ymm10, %ymm11
+        vpmuldq	%ymm8, %ymm2, %ymm2
+        vpmuldq	%ymm9, %ymm3, %ymm3
+        vpmuldq	%ymm10, %ymm4, %ymm4
+        vpmuldq	%ymm11, %ymm5, %ymm5
+        vpaddq	%ymm2, %ymm0, %ymm0
+        vpaddq	%ymm3, %ymm1, %ymm1
+        vpaddq	%ymm4, %ymm0, %ymm0
+        vpaddq	%ymm5, %ymm1, %ymm1
+        vmovdqu	5120(%rsi), %ymm2
+        vmovdqu	6144(%rsi), %ymm4
+        vmovdqu	5120(%rdx), %ymm8
+        vmovdqu	6144(%rdx), %ymm10
+        vpshufd	$0xf5, %ymm2, %ymm3
+        vpshufd	$0xf5, %ymm4, %ymm5
+        vpshufd	$0xf5, %ymm8, %ymm9
+        vpshufd	$0xf5, %ymm10, %ymm11
+        vpmuldq	%ymm8, %ymm2, %ymm2
+        vpmuldq	%ymm9, %ymm3, %ymm3
+        vpmuldq	%ymm10, %ymm4, %ymm4
+        vpmuldq	%ymm11, %ymm5, %ymm5
+        vpaddq	%ymm2, %ymm0, %ymm0
+        vpaddq	%ymm3, %ymm1, %ymm1
+        vpaddq	%ymm4, %ymm0, %ymm0
+        vpaddq	%ymm5, %ymm1, %ymm1
+        # Mont Reduce 2
+        vpmulld	%ymm13, %ymm0, %ymm6
+        vpmulld	%ymm13, %ymm1, %ymm7
+        vpmuldq	%ymm12, %ymm6, %ymm6
+        vpmuldq	%ymm12, %ymm7, %ymm7
+        vpsubd	%ymm6, %ymm0, %ymm0
+        vpsubd	%ymm7, %ymm1, %ymm1
+        vpsrlq	$32, %ymm0, %ymm0
+        vpor	%ymm1, %ymm0, %ymm0
+        vmovdqu	%ymm0, (%rdi)
+        # 8..15
+        vmovdqu	32(%rsi), %ymm0
+        vmovdqu	1056(%rsi), %ymm2
+        vmovdqu	2080(%rsi), %ymm4
+        vmovdqu	32(%rdx), %ymm6
+        vmovdqu	1056(%rdx), %ymm8
+        vmovdqu	2080(%rdx), %ymm10
+        vpshufd	$0xf5, %ymm0, %ymm1
+        vpshufd	$0xf5, %ymm2, %ymm3
+        vpshufd	$0xf5, %ymm4, %ymm5
+        vpshufd	$0xf5, %ymm6, %ymm7
+        vpshufd	$0xf5, %ymm8, %ymm9
+        vpshufd	$0xf5, %ymm10, %ymm11
+        vpmuldq	%ymm6, %ymm0, %ymm0
+        vpmuldq	%ymm7, %ymm1, %ymm1
+        vpmuldq	%ymm8, %ymm2, %ymm2
+        vpmuldq	%ymm9, %ymm3, %ymm3
+        vpmuldq	%ymm10, %ymm4, %ymm4
+        vpmuldq	%ymm11, %ymm5, %ymm5
+        vpaddq	%ymm2, %ymm0, %ymm0
+        vpaddq	%ymm3, %ymm1, %ymm1
+        vpaddq	%ymm4, %ymm0, %ymm0
+        vpaddq	%ymm5, %ymm1, %ymm1
+        vmovdqu	3104(%rsi), %ymm2
+        vmovdqu	4128(%rsi), %ymm4
+        vmovdqu	3104(%rdx), %ymm8
+        vmovdqu	4128(%rdx), %ymm10
+        vpshufd	$0xf5, %ymm2, %ymm3
+        vpshufd	$0xf5, %ymm4, %ymm5
+        vpshufd	$0xf5, %ymm8, %ymm9
+        vpshufd	$0xf5, %ymm10, %ymm11
+        vpmuldq	%ymm8, %ymm2, %ymm2
+        vpmuldq	%ymm9, %ymm3, %ymm3
+        vpmuldq	%ymm10, %ymm4, %ymm4
+        vpmuldq	%ymm11, %ymm5, %ymm5
+        vpaddq	%ymm2, %ymm0, %ymm0
+        vpaddq	%ymm3, %ymm1, %ymm1
+        vpaddq	%ymm4, %ymm0, %ymm0
+        vpaddq	%ymm5, %ymm1, %ymm1
+        vmovdqu	5152(%rsi), %ymm2
+        vmovdqu	6176(%rsi), %ymm4
+        vmovdqu	5152(%rdx), %ymm8
+        vmovdqu	6176(%rdx), %ymm10
+        vpshufd	$0xf5, %ymm2, %ymm3
+        vpshufd	$0xf5, %ymm4, %ymm5
+        vpshufd	$0xf5, %ymm8, %ymm9
+        vpshufd	$0xf5, %ymm10, %ymm11
+        vpmuldq	%ymm8, %ymm2, %ymm2
+        vpmuldq	%ymm9, %ymm3, %ymm3
+        vpmuldq	%ymm10, %ymm4, %ymm4
+        vpmuldq	%ymm11, %ymm5, %ymm5
+        vpaddq	%ymm2, %ymm0, %ymm0
+        vpaddq	%ymm3, %ymm1, %ymm1
+        vpaddq	%ymm4, %ymm0, %ymm0
+        vpaddq	%ymm5, %ymm1, %ymm1
+        # Mont Reduce 2
+        vpmulld	%ymm13, %ymm0, %ymm6
+        vpmulld	%ymm13, %ymm1, %ymm7
+        vpmuldq	%ymm12, %ymm6, %ymm6
+        vpmuldq	%ymm12, %ymm7, %ymm7
+        vpsubd	%ymm6, %ymm0, %ymm0
+        vpsubd	%ymm7, %ymm1, %ymm1
+        vpsrlq	$32, %ymm0, %ymm0
+        vpor	%ymm1, %ymm0, %ymm0
+        vmovdqu	%ymm0, 32(%rdi)
+        # 16..23
+        vmovdqu	64(%rsi), %ymm0
+        vmovdqu	1088(%rsi), %ymm2
+        vmovdqu	2112(%rsi), %ymm4
+        vmovdqu	64(%rdx), %ymm6
+        vmovdqu	1088(%rdx), %ymm8
+        vmovdqu	2112(%rdx), %ymm10
+        vpshufd	$0xf5, %ymm0, %ymm1
+        vpshufd	$0xf5, %ymm2, %ymm3
+        vpshufd	$0xf5, %ymm4, %ymm5
+        vpshufd	$0xf5, %ymm6, %ymm7
+        vpshufd	$0xf5, %ymm8, %ymm9
+        vpshufd	$0xf5, %ymm10, %ymm11
+        vpmuldq	%ymm6, %ymm0, %ymm0
+        vpmuldq	%ymm7, %ymm1, %ymm1
+        vpmuldq	%ymm8, %ymm2, %ymm2
+        vpmuldq	%ymm9, %ymm3, %ymm3
+        vpmuldq	%ymm10, %ymm4, %ymm4
+        vpmuldq	%ymm11, %ymm5, %ymm5
+        vpaddq	%ymm2, %ymm0, %ymm0
+        vpaddq	%ymm3, %ymm1, %ymm1
+        vpaddq	%ymm4, %ymm0, %ymm0
+        vpaddq	%ymm5, %ymm1, %ymm1
+        vmovdqu	3136(%rsi), %ymm2
+        vmovdqu	4160(%rsi), %ymm4
+        vmovdqu	3136(%rdx), %ymm8
+        vmovdqu	4160(%rdx), %ymm10
+        vpshufd	$0xf5, %ymm2, %ymm3
+        vpshufd	$0xf5, %ymm4, %ymm5
+        vpshufd	$0xf5, %ymm8, %ymm9
+        vpshufd	$0xf5, %ymm10, %ymm11
+        vpmuldq	%ymm8, %ymm2, %ymm2
+        vpmuldq	%ymm9, %ymm3, %ymm3
+        vpmuldq	%ymm10, %ymm4, %ymm4
+        vpmuldq	%ymm11, %ymm5, %ymm5
+        vpaddq	%ymm2, %ymm0, %ymm0
+        vpaddq	%ymm3, %ymm1, %ymm1
+        vpaddq	%ymm4, %ymm0, %ymm0
+        vpaddq	%ymm5, %ymm1, %ymm1
+        vmovdqu	5184(%rsi), %ymm2
+        vmovdqu	6208(%rsi), %ymm4
+        vmovdqu	5184(%rdx), %ymm8
+        vmovdqu	6208(%rdx), %ymm10
+        vpshufd	$0xf5, %ymm2, %ymm3
+        vpshufd	$0xf5, %ymm4, %ymm5
+        vpshufd	$0xf5, %ymm8, %ymm9
+        vpshufd	$0xf5, %ymm10, %ymm11
+        vpmuldq	%ymm8, %ymm2, %ymm2
+        vpmuldq	%ymm9, %ymm3, %ymm3
+        vpmuldq	%ymm10, %ymm4, %ymm4
+        vpmuldq	%ymm11, %ymm5, %ymm5
+        vpaddq	%ymm2, %ymm0, %ymm0
+        vpaddq	%ymm3, %ymm1, %ymm1
+        vpaddq	%ymm4, %ymm0, %ymm0
+        vpaddq	%ymm5, %ymm1, %ymm1
+        # Mont Reduce 2
+        vpmulld	%ymm13, %ymm0, %ymm6
+        vpmulld	%ymm13, %ymm1, %ymm7
+        vpmuldq	%ymm12, %ymm6, %ymm6
+        vpmuldq	%ymm12, %ymm7, %ymm7
+        vpsubd	%ymm6, %ymm0, %ymm0
+        vpsubd	%ymm7, %ymm1, %ymm1
+        vpsrlq	$32, %ymm0, %ymm0
+        vpor	%ymm1, %ymm0, %ymm0
+        vmovdqu	%ymm0, 64(%rdi)
+        # 24..31
+        vmovdqu	96(%rsi), %ymm0
+        vmovdqu	1120(%rsi), %ymm2
+        vmovdqu	2144(%rsi), %ymm4
+        vmovdqu	96(%rdx), %ymm6
+        vmovdqu	1120(%rdx), %ymm8
+        vmovdqu	2144(%rdx), %ymm10
+        vpshufd	$0xf5, %ymm0, %ymm1
+        vpshufd	$0xf5, %ymm2, %ymm3
+        vpshufd	$0xf5, %ymm4, %ymm5
+        vpshufd	$0xf5, %ymm6, %ymm7
+        vpshufd	$0xf5, %ymm8, %ymm9
+        vpshufd	$0xf5, %ymm10, %ymm11
+        vpmuldq	%ymm6, %ymm0, %ymm0
+        vpmuldq	%ymm7, %ymm1, %ymm1
+        vpmuldq	%ymm8, %ymm2, %ymm2
+        vpmuldq	%ymm9, %ymm3, %ymm3
+        vpmuldq	%ymm10, %ymm4, %ymm4
+        vpmuldq	%ymm11, %ymm5, %ymm5
+        vpaddq	%ymm2, %ymm0, %ymm0
+        vpaddq	%ymm3, %ymm1, %ymm1
+        vpaddq	%ymm4, %ymm0, %ymm0
+        vpaddq	%ymm5, %ymm1, %ymm1
+        vmovdqu	3168(%rsi), %ymm2
+        vmovdqu	4192(%rsi), %ymm4
+        vmovdqu	3168(%rdx), %ymm8
+        vmovdqu	4192(%rdx), %ymm10
+        vpshufd	$0xf5, %ymm2, %ymm3
+        vpshufd	$0xf5, %ymm4, %ymm5
+        vpshufd	$0xf5, %ymm8, %ymm9
+        vpshufd	$0xf5, %ymm10, %ymm11
+        vpmuldq	%ymm8, %ymm2, %ymm2
+        vpmuldq	%ymm9, %ymm3, %ymm3
+        vpmuldq	%ymm10, %ymm4, %ymm4
+        vpmuldq	%ymm11, %ymm5, %ymm5
+        vpaddq	%ymm2, %ymm0, %ymm0
+        vpaddq	%ymm3, %ymm1, %ymm1
+        vpaddq	%ymm4, %ymm0, %ymm0
+        vpaddq	%ymm5, %ymm1, %ymm1
+        vmovdqu	5216(%rsi), %ymm2
+        vmovdqu	6240(%rsi), %ymm4
+        vmovdqu	5216(%rdx), %ymm8
+        vmovdqu	6240(%rdx), %ymm10
+        vpshufd	$0xf5, %ymm2, %ymm3
+        vpshufd	$0xf5, %ymm4, %ymm5
+        vpshufd	$0xf5, %ymm8, %ymm9
+        vpshufd	$0xf5, %ymm10, %ymm11
+        vpmuldq	%ymm8, %ymm2, %ymm2
+        vpmuldq	%ymm9, %ymm3, %ymm3
+        vpmuldq	%ymm10, %ymm4, %ymm4
+        vpmuldq	%ymm11, %ymm5, %ymm5
+        vpaddq	%ymm2, %ymm0, %ymm0
+        vpaddq	%ymm3, %ymm1, %ymm1
+        vpaddq	%ymm4, %ymm0, %ymm0
+        vpaddq	%ymm5, %ymm1, %ymm1
+        # Mont Reduce 2
+        vpmulld	%ymm13, %ymm0, %ymm6
+        vpmulld	%ymm13, %ymm1, %ymm7
+        vpmuldq	%ymm12, %ymm6, %ymm6
+        vpmuldq	%ymm12, %ymm7, %ymm7
+        vpsubd	%ymm6, %ymm0, %ymm0
+        vpsubd	%ymm7, %ymm1, %ymm1
+        vpsrlq	$32, %ymm0, %ymm0
+        vpor	%ymm1, %ymm0, %ymm0
+        vmovdqu	%ymm0, 96(%rdi)
+        # 32..39
+        vmovdqu	128(%rsi), %ymm0
+        vmovdqu	1152(%rsi), %ymm2
+        vmovdqu	2176(%rsi), %ymm4
+        vmovdqu	128(%rdx), %ymm6
+        vmovdqu	1152(%rdx), %ymm8
+        vmovdqu	2176(%rdx), %ymm10
+        vpshufd	$0xf5, %ymm0, %ymm1
+        vpshufd	$0xf5, %ymm2, %ymm3
+        vpshufd	$0xf5, %ymm4, %ymm5
+        vpshufd	$0xf5, %ymm6, %ymm7
+        vpshufd	$0xf5, %ymm8, %ymm9
+        vpshufd	$0xf5, %ymm10, %ymm11
+        vpmuldq	%ymm6, %ymm0, %ymm0
+        vpmuldq	%ymm7, %ymm1, %ymm1
+        vpmuldq	%ymm8, %ymm2, %ymm2
+        vpmuldq	%ymm9, %ymm3, %ymm3
+        vpmuldq	%ymm10, %ymm4, %ymm4
+        vpmuldq	%ymm11, %ymm5, %ymm5
+        vpaddq	%ymm2, %ymm0, %ymm0
+        vpaddq	%ymm3, %ymm1, %ymm1
+        vpaddq	%ymm4, %ymm0, %ymm0
+        vpaddq	%ymm5, %ymm1, %ymm1
+        vmovdqu	3200(%rsi), %ymm2
+        vmovdqu	4224(%rsi), %ymm4
+        vmovdqu	3200(%rdx), %ymm8
+        vmovdqu	4224(%rdx), %ymm10
+        vpshufd	$0xf5, %ymm2, %ymm3
+        vpshufd	$0xf5, %ymm4, %ymm5
+        vpshufd	$0xf5, %ymm8, %ymm9
+        vpshufd	$0xf5, %ymm10, %ymm11
+        vpmuldq	%ymm8, %ymm2, %ymm2
+        vpmuldq	%ymm9, %ymm3, %ymm3
+        vpmuldq	%ymm10, %ymm4, %ymm4
+        vpmuldq	%ymm11, %ymm5, %ymm5
+        vpaddq	%ymm2, %ymm0, %ymm0
+        vpaddq	%ymm3, %ymm1, %ymm1
+        vpaddq	%ymm4, %ymm0, %ymm0
+        vpaddq	%ymm5, %ymm1, %ymm1
+        vmovdqu	5248(%rsi), %ymm2
+        vmovdqu	6272(%rsi), %ymm4
+        vmovdqu	5248(%rdx), %ymm8
+        vmovdqu	6272(%rdx), %ymm10
+        vpshufd	$0xf5, %ymm2, %ymm3
+        vpshufd	$0xf5, %ymm4, %ymm5
+        vpshufd	$0xf5, %ymm8, %ymm9
+        vpshufd	$0xf5, %ymm10, %ymm11
+        vpmuldq	%ymm8, %ymm2, %ymm2
+        vpmuldq	%ymm9, %ymm3, %ymm3
+        vpmuldq	%ymm10, %ymm4, %ymm4
+        vpmuldq	%ymm11, %ymm5, %ymm5
+        vpaddq	%ymm2, %ymm0, %ymm0
+        vpaddq	%ymm3, %ymm1, %ymm1
+        vpaddq	%ymm4, %ymm0, %ymm0
+        vpaddq	%ymm5, %ymm1, %ymm1
+        # Mont Reduce 2
+        vpmulld	%ymm13, %ymm0, %ymm6
+        vpmulld	%ymm13, %ymm1, %ymm7
+        vpmuldq	%ymm12, %ymm6, %ymm6
+        vpmuldq	%ymm12, %ymm7, %ymm7
+        vpsubd	%ymm6, %ymm0, %ymm0
+        vpsubd	%ymm7, %ymm1, %ymm1
+        vpsrlq	$32, %ymm0, %ymm0
+        vpor	%ymm1, %ymm0, %ymm0
+        vmovdqu	%ymm0, 128(%rdi)
+        # 40..47
+        vmovdqu	160(%rsi), %ymm0
+        vmovdqu	1184(%rsi), %ymm2
+        vmovdqu	2208(%rsi), %ymm4
+        vmovdqu	160(%rdx), %ymm6
+        vmovdqu	1184(%rdx), %ymm8
+        vmovdqu	2208(%rdx), %ymm10
+        vpshufd	$0xf5, %ymm0, %ymm1
+        vpshufd	$0xf5, %ymm2, %ymm3
+        vpshufd	$0xf5, %ymm4, %ymm5
+        vpshufd	$0xf5, %ymm6, %ymm7
+        vpshufd	$0xf5, %ymm8, %ymm9
+        vpshufd	$0xf5, %ymm10, %ymm11
+        vpmuldq	%ymm6, %ymm0, %ymm0
+        vpmuldq	%ymm7, %ymm1, %ymm1
+        vpmuldq	%ymm8, %ymm2, %ymm2
+        vpmuldq	%ymm9, %ymm3, %ymm3
+        vpmuldq	%ymm10, %ymm4, %ymm4
+        vpmuldq	%ymm11, %ymm5, %ymm5
+        vpaddq	%ymm2, %ymm0, %ymm0
+        vpaddq	%ymm3, %ymm1, %ymm1
+        vpaddq	%ymm4, %ymm0, %ymm0
+        vpaddq	%ymm5, %ymm1, %ymm1
+        vmovdqu	3232(%rsi), %ymm2
+        vmovdqu	4256(%rsi), %ymm4
+        vmovdqu	3232(%rdx), %ymm8
+        vmovdqu	4256(%rdx), %ymm10
+        vpshufd	$0xf5, %ymm2, %ymm3
+        vpshufd	$0xf5, %ymm4, %ymm5
+        vpshufd	$0xf5, %ymm8, %ymm9
+        vpshufd	$0xf5, %ymm10, %ymm11
+        vpmuldq	%ymm8, %ymm2, %ymm2
+        vpmuldq	%ymm9, %ymm3, %ymm3
+        vpmuldq	%ymm10, %ymm4, %ymm4
+        vpmuldq	%ymm11, %ymm5, %ymm5
+        vpaddq	%ymm2, %ymm0, %ymm0
+        vpaddq	%ymm3, %ymm1, %ymm1
+        vpaddq	%ymm4, %ymm0, %ymm0
+        vpaddq	%ymm5, %ymm1, %ymm1
+        vmovdqu	5280(%rsi), %ymm2
+        vmovdqu	6304(%rsi), %ymm4
+        vmovdqu	5280(%rdx), %ymm8
+        vmovdqu	6304(%rdx), %ymm10
+        vpshufd	$0xf5, %ymm2, %ymm3
+        vpshufd	$0xf5, %ymm4, %ymm5
+        vpshufd	$0xf5, %ymm8, %ymm9
+        vpshufd	$0xf5, %ymm10, %ymm11
+        vpmuldq	%ymm8, %ymm2, %ymm2
+        vpmuldq	%ymm9, %ymm3, %ymm3
+        vpmuldq	%ymm10, %ymm4, %ymm4
+        vpmuldq	%ymm11, %ymm5, %ymm5
+        vpaddq	%ymm2, %ymm0, %ymm0
+        vpaddq	%ymm3, %ymm1, %ymm1
+        vpaddq	%ymm4, %ymm0, %ymm0
+        vpaddq	%ymm5, %ymm1, %ymm1
+        # Mont Reduce 2
+        vpmulld	%ymm13, %ymm0, %ymm6
+        vpmulld	%ymm13, %ymm1, %ymm7
+        vpmuldq	%ymm12, %ymm6, %ymm6
+        vpmuldq	%ymm12, %ymm7, %ymm7
+        vpsubd	%ymm6, %ymm0, %ymm0
+        vpsubd	%ymm7, %ymm1, %ymm1
+        vpsrlq	$32, %ymm0, %ymm0
+        vpor	%ymm1, %ymm0, %ymm0
+        vmovdqu	%ymm0, 160(%rdi)
+        # 48..55
+        vmovdqu	192(%rsi), %ymm0
+        vmovdqu	1216(%rsi), %ymm2
+        vmovdqu	2240(%rsi), %ymm4
+        vmovdqu	192(%rdx), %ymm6
+        vmovdqu	1216(%rdx), %ymm8
+        vmovdqu	2240(%rdx), %ymm10
+        vpshufd	$0xf5, %ymm0, %ymm1
+        vpshufd	$0xf5, %ymm2, %ymm3
+        vpshufd	$0xf5, %ymm4, %ymm5
+        vpshufd	$0xf5, %ymm6, %ymm7
+        vpshufd	$0xf5, %ymm8, %ymm9
+        vpshufd	$0xf5, %ymm10, %ymm11
+        vpmuldq	%ymm6, %ymm0, %ymm0
+        vpmuldq	%ymm7, %ymm1, %ymm1
+        vpmuldq	%ymm8, %ymm2, %ymm2
+        vpmuldq	%ymm9, %ymm3, %ymm3
+        vpmuldq	%ymm10, %ymm4, %ymm4
+        vpmuldq	%ymm11, %ymm5, %ymm5
+        vpaddq	%ymm2, %ymm0, %ymm0
+        vpaddq	%ymm3, %ymm1, %ymm1
+        vpaddq	%ymm4, %ymm0, %ymm0
+        vpaddq	%ymm5, %ymm1, %ymm1
+        vmovdqu	3264(%rsi), %ymm2
+        vmovdqu	4288(%rsi), %ymm4
+        vmovdqu	3264(%rdx), %ymm8
+        vmovdqu	4288(%rdx), %ymm10
+        vpshufd	$0xf5, %ymm2, %ymm3
+        vpshufd	$0xf5, %ymm4, %ymm5
+        vpshufd	$0xf5, %ymm8, %ymm9
+        vpshufd	$0xf5, %ymm10, %ymm11
+        vpmuldq	%ymm8, %ymm2, %ymm2
+        vpmuldq	%ymm9, %ymm3, %ymm3
+        vpmuldq	%ymm10, %ymm4, %ymm4
+        vpmuldq	%ymm11, %ymm5, %ymm5
+        vpaddq	%ymm2, %ymm0, %ymm0
+        vpaddq	%ymm3, %ymm1, %ymm1
+        vpaddq	%ymm4, %ymm0, %ymm0
+        vpaddq	%ymm5, %ymm1, %ymm1
+        vmovdqu	5312(%rsi), %ymm2
+        vmovdqu	6336(%rsi), %ymm4
+        vmovdqu	5312(%rdx), %ymm8
+        vmovdqu	6336(%rdx), %ymm10
+        vpshufd	$0xf5, %ymm2, %ymm3
+        vpshufd	$0xf5, %ymm4, %ymm5
+        vpshufd	$0xf5, %ymm8, %ymm9
+        vpshufd	$0xf5, %ymm10, %ymm11
+        vpmuldq	%ymm8, %ymm2, %ymm2
+        vpmuldq	%ymm9, %ymm3, %ymm3
+        vpmuldq	%ymm10, %ymm4, %ymm4
+        vpmuldq	%ymm11, %ymm5, %ymm5
+        vpaddq	%ymm2, %ymm0, %ymm0
+        vpaddq	%ymm3, %ymm1, %ymm1
+        vpaddq	%ymm4, %ymm0, %ymm0
+        vpaddq	%ymm5, %ymm1, %ymm1
+        # Mont Reduce 2
+        vpmulld	%ymm13, %ymm0, %ymm6
+        vpmulld	%ymm13, %ymm1, %ymm7
+        vpmuldq	%ymm12, %ymm6, %ymm6
+        vpmuldq	%ymm12, %ymm7, %ymm7
+        vpsubd	%ymm6, %ymm0, %ymm0
+        vpsubd	%ymm7, %ymm1, %ymm1
+        vpsrlq	$32, %ymm0, %ymm0
+        vpor	%ymm1, %ymm0, %ymm0
+        vmovdqu	%ymm0, 192(%rdi)
+        # 56..63
+        vmovdqu	224(%rsi), %ymm0
+        vmovdqu	1248(%rsi), %ymm2
+        vmovdqu	2272(%rsi), %ymm4
+        vmovdqu	224(%rdx), %ymm6
+        vmovdqu	1248(%rdx), %ymm8
+        vmovdqu	2272(%rdx), %ymm10
+        vpshufd	$0xf5, %ymm0, %ymm1
+        vpshufd	$0xf5, %ymm2, %ymm3
+        vpshufd	$0xf5, %ymm4, %ymm5
+        vpshufd	$0xf5, %ymm6, %ymm7
+        vpshufd	$0xf5, %ymm8, %ymm9
+        vpshufd	$0xf5, %ymm10, %ymm11
+        vpmuldq	%ymm6, %ymm0, %ymm0
+        vpmuldq	%ymm7, %ymm1, %ymm1
+        vpmuldq	%ymm8, %ymm2, %ymm2
+        vpmuldq	%ymm9, %ymm3, %ymm3
+        vpmuldq	%ymm10, %ymm4, %ymm4
+        vpmuldq	%ymm11, %ymm5, %ymm5
+        vpaddq	%ymm2, %ymm0, %ymm0
+        vpaddq	%ymm3, %ymm1, %ymm1
+        vpaddq	%ymm4, %ymm0, %ymm0
+        vpaddq	%ymm5, %ymm1, %ymm1
+        vmovdqu	3296(%rsi), %ymm2
+        vmovdqu	4320(%rsi), %ymm4
+        vmovdqu	3296(%rdx), %ymm8
+        vmovdqu	4320(%rdx), %ymm10
+        vpshufd	$0xf5, %ymm2, %ymm3
+        vpshufd	$0xf5, %ymm4, %ymm5
+        vpshufd	$0xf5, %ymm8, %ymm9
+        vpshufd	$0xf5, %ymm10, %ymm11
+        vpmuldq	%ymm8, %ymm2, %ymm2
+        vpmuldq	%ymm9, %ymm3, %ymm3
+        vpmuldq	%ymm10, %ymm4, %ymm4
+        vpmuldq	%ymm11, %ymm5, %ymm5
+        vpaddq	%ymm2, %ymm0, %ymm0
+        vpaddq	%ymm3, %ymm1, %ymm1
+        vpaddq	%ymm4, %ymm0, %ymm0
+        vpaddq	%ymm5, %ymm1, %ymm1
+        vmovdqu	5344(%rsi), %ymm2
+        vmovdqu	6368(%rsi), %ymm4
+        vmovdqu	5344(%rdx), %ymm8
+        vmovdqu	6368(%rdx), %ymm10
+        vpshufd	$0xf5, %ymm2, %ymm3
+        vpshufd	$0xf5, %ymm4, %ymm5
+        vpshufd	$0xf5, %ymm8, %ymm9
+        vpshufd	$0xf5, %ymm10, %ymm11
+        vpmuldq	%ymm8, %ymm2, %ymm2
+        vpmuldq	%ymm9, %ymm3, %ymm3
+        vpmuldq	%ymm10, %ymm4, %ymm4
+        vpmuldq	%ymm11, %ymm5, %ymm5
+        vpaddq	%ymm2, %ymm0, %ymm0
+        vpaddq	%ymm3, %ymm1, %ymm1
+        vpaddq	%ymm4, %ymm0, %ymm0
+        vpaddq	%ymm5, %ymm1, %ymm1
+        # Mont Reduce 2
+        vpmulld	%ymm13, %ymm0, %ymm6
+        vpmulld	%ymm13, %ymm1, %ymm7
+        vpmuldq	%ymm12, %ymm6, %ymm6
+        vpmuldq	%ymm12, %ymm7, %ymm7
+        vpsubd	%ymm6, %ymm0, %ymm0
+        vpsubd	%ymm7, %ymm1, %ymm1
+        vpsrlq	$32, %ymm0, %ymm0
+        vpor	%ymm1, %ymm0, %ymm0
+        vmovdqu	%ymm0, 224(%rdi)
+        # 64..71
+        vmovdqu	256(%rsi), %ymm0
+        vmovdqu	1280(%rsi), %ymm2
+        vmovdqu	2304(%rsi), %ymm4
+        vmovdqu	256(%rdx), %ymm6
+        vmovdqu	1280(%rdx), %ymm8
+        vmovdqu	2304(%rdx), %ymm10
+        vpshufd	$0xf5, %ymm0, %ymm1
+        vpshufd	$0xf5, %ymm2, %ymm3
+        vpshufd	$0xf5, %ymm4, %ymm5
+        vpshufd	$0xf5, %ymm6, %ymm7
+        vpshufd	$0xf5, %ymm8, %ymm9
+        vpshufd	$0xf5, %ymm10, %ymm11
+        vpmuldq	%ymm6, %ymm0, %ymm0
+        vpmuldq	%ymm7, %ymm1, %ymm1
+        vpmuldq	%ymm8, %ymm2, %ymm2
+        vpmuldq	%ymm9, %ymm3, %ymm3
+        vpmuldq	%ymm10, %ymm4, %ymm4
+        vpmuldq	%ymm11, %ymm5, %ymm5
+        vpaddq	%ymm2, %ymm0, %ymm0
+        vpaddq	%ymm3, %ymm1, %ymm1
+        vpaddq	%ymm4, %ymm0, %ymm0
+        vpaddq	%ymm5, %ymm1, %ymm1
+        vmovdqu	3328(%rsi), %ymm2
+        vmovdqu	4352(%rsi), %ymm4
+        vmovdqu	3328(%rdx), %ymm8
+        vmovdqu	4352(%rdx), %ymm10
+        vpshufd	$0xf5, %ymm2, %ymm3
+        vpshufd	$0xf5, %ymm4, %ymm5
+        vpshufd	$0xf5, %ymm8, %ymm9
+        vpshufd	$0xf5, %ymm10, %ymm11
+        vpmuldq	%ymm8, %ymm2, %ymm2
+        vpmuldq	%ymm9, %ymm3, %ymm3
+        vpmuldq	%ymm10, %ymm4, %ymm4
+        vpmuldq	%ymm11, %ymm5, %ymm5
+        vpaddq	%ymm2, %ymm0, %ymm0
+        vpaddq	%ymm3, %ymm1, %ymm1
+        vpaddq	%ymm4, %ymm0, %ymm0
+        vpaddq	%ymm5, %ymm1, %ymm1
+        vmovdqu	5376(%rsi), %ymm2
+        vmovdqu	6400(%rsi), %ymm4
+        vmovdqu	5376(%rdx), %ymm8
+        vmovdqu	6400(%rdx), %ymm10
+        vpshufd	$0xf5, %ymm2, %ymm3
+        vpshufd	$0xf5, %ymm4, %ymm5
+        vpshufd	$0xf5, %ymm8, %ymm9
+        vpshufd	$0xf5, %ymm10, %ymm11
+        vpmuldq	%ymm8, %ymm2, %ymm2
+        vpmuldq	%ymm9, %ymm3, %ymm3
+        vpmuldq	%ymm10, %ymm4, %ymm4
+        vpmuldq	%ymm11, %ymm5, %ymm5
+        vpaddq	%ymm2, %ymm0, %ymm0
+        vpaddq	%ymm3, %ymm1, %ymm1
+        vpaddq	%ymm4, %ymm0, %ymm0
+        vpaddq	%ymm5, %ymm1, %ymm1
+        # Mont Reduce 2
+        vpmulld	%ymm13, %ymm0, %ymm6
+        vpmulld	%ymm13, %ymm1, %ymm7
+        vpmuldq	%ymm12, %ymm6, %ymm6
+        vpmuldq	%ymm12, %ymm7, %ymm7
+        vpsubd	%ymm6, %ymm0, %ymm0
+        vpsubd	%ymm7, %ymm1, %ymm1
+        vpsrlq	$32, %ymm0, %ymm0
+        vpor	%ymm1, %ymm0, %ymm0
+        vmovdqu	%ymm0, 256(%rdi)
+        # 72..79
+        vmovdqu	288(%rsi), %ymm0
+        vmovdqu	1312(%rsi), %ymm2
+        vmovdqu	2336(%rsi), %ymm4
+        vmovdqu	288(%rdx), %ymm6
+        vmovdqu	1312(%rdx), %ymm8
+        vmovdqu	2336(%rdx), %ymm10
+        vpshufd	$0xf5, %ymm0, %ymm1
+        vpshufd	$0xf5, %ymm2, %ymm3
+        vpshufd	$0xf5, %ymm4, %ymm5
+        vpshufd	$0xf5, %ymm6, %ymm7
+        vpshufd	$0xf5, %ymm8, %ymm9
+        vpshufd	$0xf5, %ymm10, %ymm11
+        vpmuldq	%ymm6, %ymm0, %ymm0
+        vpmuldq	%ymm7, %ymm1, %ymm1
+        vpmuldq	%ymm8, %ymm2, %ymm2
+        vpmuldq	%ymm9, %ymm3, %ymm3
+        vpmuldq	%ymm10, %ymm4, %ymm4
+        vpmuldq	%ymm11, %ymm5, %ymm5
+        vpaddq	%ymm2, %ymm0, %ymm0
+        vpaddq	%ymm3, %ymm1, %ymm1
+        vpaddq	%ymm4, %ymm0, %ymm0
+        vpaddq	%ymm5, %ymm1, %ymm1
+        vmovdqu	3360(%rsi), %ymm2
+        vmovdqu	4384(%rsi), %ymm4
+        vmovdqu	3360(%rdx), %ymm8
+        vmovdqu	4384(%rdx), %ymm10
+        vpshufd	$0xf5, %ymm2, %ymm3
+        vpshufd	$0xf5, %ymm4, %ymm5
+        vpshufd	$0xf5, %ymm8, %ymm9
+        vpshufd	$0xf5, %ymm10, %ymm11
+        vpmuldq	%ymm8, %ymm2, %ymm2
+        vpmuldq	%ymm9, %ymm3, %ymm3
+        vpmuldq	%ymm10, %ymm4, %ymm4
+        vpmuldq	%ymm11, %ymm5, %ymm5
+        vpaddq	%ymm2, %ymm0, %ymm0
+        vpaddq	%ymm3, %ymm1, %ymm1
+        vpaddq	%ymm4, %ymm0, %ymm0
+        vpaddq	%ymm5, %ymm1, %ymm1
+        vmovdqu	5408(%rsi), %ymm2
+        vmovdqu	6432(%rsi), %ymm4
+        vmovdqu	5408(%rdx), %ymm8
+        vmovdqu	6432(%rdx), %ymm10
+        vpshufd	$0xf5, %ymm2, %ymm3
+        vpshufd	$0xf5, %ymm4, %ymm5
+        vpshufd	$0xf5, %ymm8, %ymm9
+        vpshufd	$0xf5, %ymm10, %ymm11
+        vpmuldq	%ymm8, %ymm2, %ymm2
+        vpmuldq	%ymm9, %ymm3, %ymm3
+        vpmuldq	%ymm10, %ymm4, %ymm4
+        vpmuldq	%ymm11, %ymm5, %ymm5
+        vpaddq	%ymm2, %ymm0, %ymm0
+        vpaddq	%ymm3, %ymm1, %ymm1
+        vpaddq	%ymm4, %ymm0, %ymm0
+        vpaddq	%ymm5, %ymm1, %ymm1
+        # Mont Reduce 2
+        vpmulld	%ymm13, %ymm0, %ymm6
+        vpmulld	%ymm13, %ymm1, %ymm7
+        vpmuldq	%ymm12, %ymm6, %ymm6
+        vpmuldq	%ymm12, %ymm7, %ymm7
+        vpsubd	%ymm6, %ymm0, %ymm0
+        vpsubd	%ymm7, %ymm1, %ymm1
+        vpsrlq	$32, %ymm0, %ymm0
+        vpor	%ymm1, %ymm0, %ymm0
+        vmovdqu	%ymm0, 288(%rdi)
+        # 80..87
+        vmovdqu	320(%rsi), %ymm0
+        vmovdqu	1344(%rsi), %ymm2
+        vmovdqu	2368(%rsi), %ymm4
+        vmovdqu	320(%rdx), %ymm6
+        vmovdqu	1344(%rdx), %ymm8
+        vmovdqu	2368(%rdx), %ymm10
+        vpshufd	$0xf5, %ymm0, %ymm1
+        vpshufd	$0xf5, %ymm2, %ymm3
+        vpshufd	$0xf5, %ymm4, %ymm5
+        vpshufd	$0xf5, %ymm6, %ymm7
+        vpshufd	$0xf5, %ymm8, %ymm9
+        vpshufd	$0xf5, %ymm10, %ymm11
+        vpmuldq	%ymm6, %ymm0, %ymm0
+        vpmuldq	%ymm7, %ymm1, %ymm1
+        vpmuldq	%ymm8, %ymm2, %ymm2
+        vpmuldq	%ymm9, %ymm3, %ymm3
+        vpmuldq	%ymm10, %ymm4, %ymm4
+        vpmuldq	%ymm11, %ymm5, %ymm5
+        vpaddq	%ymm2, %ymm0, %ymm0
+        vpaddq	%ymm3, %ymm1, %ymm1
+        vpaddq	%ymm4, %ymm0, %ymm0
+        vpaddq	%ymm5, %ymm1, %ymm1
+        vmovdqu	3392(%rsi), %ymm2
+        vmovdqu	4416(%rsi), %ymm4
+        vmovdqu	3392(%rdx), %ymm8
+        vmovdqu	4416(%rdx), %ymm10
+        vpshufd	$0xf5, %ymm2, %ymm3
+        vpshufd	$0xf5, %ymm4, %ymm5
+        vpshufd	$0xf5, %ymm8, %ymm9
+        vpshufd	$0xf5, %ymm10, %ymm11
+        vpmuldq	%ymm8, %ymm2, %ymm2
+        vpmuldq	%ymm9, %ymm3, %ymm3
+        vpmuldq	%ymm10, %ymm4, %ymm4
+        vpmuldq	%ymm11, %ymm5, %ymm5
+        vpaddq	%ymm2, %ymm0, %ymm0
+        vpaddq	%ymm3, %ymm1, %ymm1
+        vpaddq	%ymm4, %ymm0, %ymm0
+        vpaddq	%ymm5, %ymm1, %ymm1
+        vmovdqu	5440(%rsi), %ymm2
+        vmovdqu	6464(%rsi), %ymm4
+        vmovdqu	5440(%rdx), %ymm8
+        vmovdqu	6464(%rdx), %ymm10
+        vpshufd	$0xf5, %ymm2, %ymm3
+        vpshufd	$0xf5, %ymm4, %ymm5
+        vpshufd	$0xf5, %ymm8, %ymm9
+        vpshufd	$0xf5, %ymm10, %ymm11
+        vpmuldq	%ymm8, %ymm2, %ymm2
+        vpmuldq	%ymm9, %ymm3, %ymm3
+        vpmuldq	%ymm10, %ymm4, %ymm4
+        vpmuldq	%ymm11, %ymm5, %ymm5
+        vpaddq	%ymm2, %ymm0, %ymm0
+        vpaddq	%ymm3, %ymm1, %ymm1
+        vpaddq	%ymm4, %ymm0, %ymm0
+        vpaddq	%ymm5, %ymm1, %ymm1
+        # Mont Reduce 2
+        vpmulld	%ymm13, %ymm0, %ymm6
+        vpmulld	%ymm13, %ymm1, %ymm7
+        vpmuldq	%ymm12, %ymm6, %ymm6
+        vpmuldq	%ymm12, %ymm7, %ymm7
+        vpsubd	%ymm6, %ymm0, %ymm0
+        vpsubd	%ymm7, %ymm1, %ymm1
+        vpsrlq	$32, %ymm0, %ymm0
+        vpor	%ymm1, %ymm0, %ymm0
+        vmovdqu	%ymm0, 320(%rdi)
+        # 88..95
+        vmovdqu	352(%rsi), %ymm0
+        vmovdqu	1376(%rsi), %ymm2
+        vmovdqu	2400(%rsi), %ymm4
+        vmovdqu	352(%rdx), %ymm6
+        vmovdqu	1376(%rdx), %ymm8
+        vmovdqu	2400(%rdx), %ymm10
+        vpshufd	$0xf5, %ymm0, %ymm1
+        vpshufd	$0xf5, %ymm2, %ymm3
+        vpshufd	$0xf5, %ymm4, %ymm5
+        vpshufd	$0xf5, %ymm6, %ymm7
+        vpshufd	$0xf5, %ymm8, %ymm9
+        vpshufd	$0xf5, %ymm10, %ymm11
+        vpmuldq	%ymm6, %ymm0, %ymm0
+        vpmuldq	%ymm7, %ymm1, %ymm1
+        vpmuldq	%ymm8, %ymm2, %ymm2
+        vpmuldq	%ymm9, %ymm3, %ymm3
+        vpmuldq	%ymm10, %ymm4, %ymm4
+        vpmuldq	%ymm11, %ymm5, %ymm5
+        vpaddq	%ymm2, %ymm0, %ymm0
+        vpaddq	%ymm3, %ymm1, %ymm1
+        vpaddq	%ymm4, %ymm0, %ymm0
+        vpaddq	%ymm5, %ymm1, %ymm1
+        vmovdqu	3424(%rsi), %ymm2
+        vmovdqu	4448(%rsi), %ymm4
+        vmovdqu	3424(%rdx), %ymm8
+        vmovdqu	4448(%rdx), %ymm10
+        vpshufd	$0xf5, %ymm2, %ymm3
+        vpshufd	$0xf5, %ymm4, %ymm5
+        vpshufd	$0xf5, %ymm8, %ymm9
+        vpshufd	$0xf5, %ymm10, %ymm11
+        vpmuldq	%ymm8, %ymm2, %ymm2
+        vpmuldq	%ymm9, %ymm3, %ymm3
+        vpmuldq	%ymm10, %ymm4, %ymm4
+        vpmuldq	%ymm11, %ymm5, %ymm5
+        vpaddq	%ymm2, %ymm0, %ymm0
+        vpaddq	%ymm3, %ymm1, %ymm1
+        vpaddq	%ymm4, %ymm0, %ymm0
+        vpaddq	%ymm5, %ymm1, %ymm1
+        vmovdqu	5472(%rsi), %ymm2
+        vmovdqu	6496(%rsi), %ymm4
+        vmovdqu	5472(%rdx), %ymm8
+        vmovdqu	6496(%rdx), %ymm10
+        vpshufd	$0xf5, %ymm2, %ymm3
+        vpshufd	$0xf5, %ymm4, %ymm5
+        vpshufd	$0xf5, %ymm8, %ymm9
+        vpshufd	$0xf5, %ymm10, %ymm11
+        vpmuldq	%ymm8, %ymm2, %ymm2
+        vpmuldq	%ymm9, %ymm3, %ymm3
+        vpmuldq	%ymm10, %ymm4, %ymm4
+        vpmuldq	%ymm11, %ymm5, %ymm5
+        vpaddq	%ymm2, %ymm0, %ymm0
+        vpaddq	%ymm3, %ymm1, %ymm1
+        vpaddq	%ymm4, %ymm0, %ymm0
+        vpaddq	%ymm5, %ymm1, %ymm1
+        # Mont Reduce 2
+        vpmulld	%ymm13, %ymm0, %ymm6
+        vpmulld	%ymm13, %ymm1, %ymm7
+        vpmuldq	%ymm12, %ymm6, %ymm6
+        vpmuldq	%ymm12, %ymm7, %ymm7
+        vpsubd	%ymm6, %ymm0, %ymm0
+        vpsubd	%ymm7, %ymm1, %ymm1
+        vpsrlq	$32, %ymm0, %ymm0
+        vpor	%ymm1, %ymm0, %ymm0
+        vmovdqu	%ymm0, 352(%rdi)
+        # 96..103
+        vmovdqu	384(%rsi), %ymm0
+        vmovdqu	1408(%rsi), %ymm2
+        vmovdqu	2432(%rsi), %ymm4
+        vmovdqu	384(%rdx), %ymm6
+        vmovdqu	1408(%rdx), %ymm8
+        vmovdqu	2432(%rdx), %ymm10
+        vpshufd	$0xf5, %ymm0, %ymm1
+        vpshufd	$0xf5, %ymm2, %ymm3
+        vpshufd	$0xf5, %ymm4, %ymm5
+        vpshufd	$0xf5, %ymm6, %ymm7
+        vpshufd	$0xf5, %ymm8, %ymm9
+        vpshufd	$0xf5, %ymm10, %ymm11
+        vpmuldq	%ymm6, %ymm0, %ymm0
+        vpmuldq	%ymm7, %ymm1, %ymm1
+        vpmuldq	%ymm8, %ymm2, %ymm2
+        vpmuldq	%ymm9, %ymm3, %ymm3
+        vpmuldq	%ymm10, %ymm4, %ymm4
+        vpmuldq	%ymm11, %ymm5, %ymm5
+        vpaddq	%ymm2, %ymm0, %ymm0
+        vpaddq	%ymm3, %ymm1, %ymm1
+        vpaddq	%ymm4, %ymm0, %ymm0
+        vpaddq	%ymm5, %ymm1, %ymm1
+        vmovdqu	3456(%rsi), %ymm2
+        vmovdqu	4480(%rsi), %ymm4
+        vmovdqu	3456(%rdx), %ymm8
+        vmovdqu	4480(%rdx), %ymm10
+        vpshufd	$0xf5, %ymm2, %ymm3
+        vpshufd	$0xf5, %ymm4, %ymm5
+        vpshufd	$0xf5, %ymm8, %ymm9
+        vpshufd	$0xf5, %ymm10, %ymm11
+        vpmuldq	%ymm8, %ymm2, %ymm2
+        vpmuldq	%ymm9, %ymm3, %ymm3
+        vpmuldq	%ymm10, %ymm4, %ymm4
+        vpmuldq	%ymm11, %ymm5, %ymm5
+        vpaddq	%ymm2, %ymm0, %ymm0
+        vpaddq	%ymm3, %ymm1, %ymm1
+        vpaddq	%ymm4, %ymm0, %ymm0
+        vpaddq	%ymm5, %ymm1, %ymm1
+        vmovdqu	5504(%rsi), %ymm2
+        vmovdqu	6528(%rsi), %ymm4
+        vmovdqu	5504(%rdx), %ymm8
+        vmovdqu	6528(%rdx), %ymm10
+        vpshufd	$0xf5, %ymm2, %ymm3
+        vpshufd	$0xf5, %ymm4, %ymm5
+        vpshufd	$0xf5, %ymm8, %ymm9
+        vpshufd	$0xf5, %ymm10, %ymm11
+        vpmuldq	%ymm8, %ymm2, %ymm2
+        vpmuldq	%ymm9, %ymm3, %ymm3
+        vpmuldq	%ymm10, %ymm4, %ymm4
+        vpmuldq	%ymm11, %ymm5, %ymm5
+        vpaddq	%ymm2, %ymm0, %ymm0
+        vpaddq	%ymm3, %ymm1, %ymm1
+        vpaddq	%ymm4, %ymm0, %ymm0
+        vpaddq	%ymm5, %ymm1, %ymm1
+        # Mont Reduce 2
+        vpmulld	%ymm13, %ymm0, %ymm6
+        vpmulld	%ymm13, %ymm1, %ymm7
+        vpmuldq	%ymm12, %ymm6, %ymm6
+        vpmuldq	%ymm12, %ymm7, %ymm7
+        vpsubd	%ymm6, %ymm0, %ymm0
+        vpsubd	%ymm7, %ymm1, %ymm1
+        vpsrlq	$32, %ymm0, %ymm0
+        vpor	%ymm1, %ymm0, %ymm0
+        vmovdqu	%ymm0, 384(%rdi)
+        # 104..111
+        vmovdqu	416(%rsi), %ymm0
+        vmovdqu	1440(%rsi), %ymm2
+        vmovdqu	2464(%rsi), %ymm4
+        vmovdqu	416(%rdx), %ymm6
+        vmovdqu	1440(%rdx), %ymm8
+        vmovdqu	2464(%rdx), %ymm10
+        vpshufd	$0xf5, %ymm0, %ymm1
+        vpshufd	$0xf5, %ymm2, %ymm3
+        vpshufd	$0xf5, %ymm4, %ymm5
+        vpshufd	$0xf5, %ymm6, %ymm7
+        vpshufd	$0xf5, %ymm8, %ymm9
+        vpshufd	$0xf5, %ymm10, %ymm11
+        vpmuldq	%ymm6, %ymm0, %ymm0
+        vpmuldq	%ymm7, %ymm1, %ymm1
+        vpmuldq	%ymm8, %ymm2, %ymm2
+        vpmuldq	%ymm9, %ymm3, %ymm3
+        vpmuldq	%ymm10, %ymm4, %ymm4
+        vpmuldq	%ymm11, %ymm5, %ymm5
+        vpaddq	%ymm2, %ymm0, %ymm0
+        vpaddq	%ymm3, %ymm1, %ymm1
+        vpaddq	%ymm4, %ymm0, %ymm0
+        vpaddq	%ymm5, %ymm1, %ymm1
+        vmovdqu	3488(%rsi), %ymm2
+        vmovdqu	4512(%rsi), %ymm4
+        vmovdqu	3488(%rdx), %ymm8
+        vmovdqu	4512(%rdx), %ymm10
+        vpshufd	$0xf5, %ymm2, %ymm3
+        vpshufd	$0xf5, %ymm4, %ymm5
+        vpshufd	$0xf5, %ymm8, %ymm9
+        vpshufd	$0xf5, %ymm10, %ymm11
+        vpmuldq	%ymm8, %ymm2, %ymm2
+        vpmuldq	%ymm9, %ymm3, %ymm3
+        vpmuldq	%ymm10, %ymm4, %ymm4
+        vpmuldq	%ymm11, %ymm5, %ymm5
+        vpaddq	%ymm2, %ymm0, %ymm0
+        vpaddq	%ymm3, %ymm1, %ymm1
+        vpaddq	%ymm4, %ymm0, %ymm0
+        vpaddq	%ymm5, %ymm1, %ymm1
+        vmovdqu	5536(%rsi), %ymm2
+        vmovdqu	6560(%rsi), %ymm4
+        vmovdqu	5536(%rdx), %ymm8
+        vmovdqu	6560(%rdx), %ymm10
+        vpshufd	$0xf5, %ymm2, %ymm3
+        vpshufd	$0xf5, %ymm4, %ymm5
+        vpshufd	$0xf5, %ymm8, %ymm9
+        vpshufd	$0xf5, %ymm10, %ymm11
+        vpmuldq	%ymm8, %ymm2, %ymm2
+        vpmuldq	%ymm9, %ymm3, %ymm3
+        vpmuldq	%ymm10, %ymm4, %ymm4
+        vpmuldq	%ymm11, %ymm5, %ymm5
+        vpaddq	%ymm2, %ymm0, %ymm0
+        vpaddq	%ymm3, %ymm1, %ymm1
+        vpaddq	%ymm4, %ymm0, %ymm0
+        vpaddq	%ymm5, %ymm1, %ymm1
+        # Mont Reduce 2
+        vpmulld	%ymm13, %ymm0, %ymm6
+        vpmulld	%ymm13, %ymm1, %ymm7
+        vpmuldq	%ymm12, %ymm6, %ymm6
+        vpmuldq	%ymm12, %ymm7, %ymm7
+        vpsubd	%ymm6, %ymm0, %ymm0
+        vpsubd	%ymm7, %ymm1, %ymm1
+        vpsrlq	$32, %ymm0, %ymm0
+        vpor	%ymm1, %ymm0, %ymm0
+        vmovdqu	%ymm0, 416(%rdi)
+        # 112..119
+        vmovdqu	448(%rsi), %ymm0
+        vmovdqu	1472(%rsi), %ymm2
+        vmovdqu	2496(%rsi), %ymm4
+        vmovdqu	448(%rdx), %ymm6
+        vmovdqu	1472(%rdx), %ymm8
+        vmovdqu	2496(%rdx), %ymm10
+        vpshufd	$0xf5, %ymm0, %ymm1
+        vpshufd	$0xf5, %ymm2, %ymm3
+        vpshufd	$0xf5, %ymm4, %ymm5
+        vpshufd	$0xf5, %ymm6, %ymm7
+        vpshufd	$0xf5, %ymm8, %ymm9
+        vpshufd	$0xf5, %ymm10, %ymm11
+        vpmuldq	%ymm6, %ymm0, %ymm0
+        vpmuldq	%ymm7, %ymm1, %ymm1
+        vpmuldq	%ymm8, %ymm2, %ymm2
+        vpmuldq	%ymm9, %ymm3, %ymm3
+        vpmuldq	%ymm10, %ymm4, %ymm4
+        vpmuldq	%ymm11, %ymm5, %ymm5
+        vpaddq	%ymm2, %ymm0, %ymm0
+        vpaddq	%ymm3, %ymm1, %ymm1
+        vpaddq	%ymm4, %ymm0, %ymm0
+        vpaddq	%ymm5, %ymm1, %ymm1
+        vmovdqu	3520(%rsi), %ymm2
+        vmovdqu	4544(%rsi), %ymm4
+        vmovdqu	3520(%rdx), %ymm8
+        vmovdqu	4544(%rdx), %ymm10
+        vpshufd	$0xf5, %ymm2, %ymm3
+        vpshufd	$0xf5, %ymm4, %ymm5
+        vpshufd	$0xf5, %ymm8, %ymm9
+        vpshufd	$0xf5, %ymm10, %ymm11
+        vpmuldq	%ymm8, %ymm2, %ymm2
+        vpmuldq	%ymm9, %ymm3, %ymm3
+        vpmuldq	%ymm10, %ymm4, %ymm4
+        vpmuldq	%ymm11, %ymm5, %ymm5
+        vpaddq	%ymm2, %ymm0, %ymm0
+        vpaddq	%ymm3, %ymm1, %ymm1
+        vpaddq	%ymm4, %ymm0, %ymm0
+        vpaddq	%ymm5, %ymm1, %ymm1
+        vmovdqu	5568(%rsi), %ymm2
+        vmovdqu	6592(%rsi), %ymm4
+        vmovdqu	5568(%rdx), %ymm8
+        vmovdqu	6592(%rdx), %ymm10
+        vpshufd	$0xf5, %ymm2, %ymm3
+        vpshufd	$0xf5, %ymm4, %ymm5
+        vpshufd	$0xf5, %ymm8, %ymm9
+        vpshufd	$0xf5, %ymm10, %ymm11
+        vpmuldq	%ymm8, %ymm2, %ymm2
+        vpmuldq	%ymm9, %ymm3, %ymm3
+        vpmuldq	%ymm10, %ymm4, %ymm4
+        vpmuldq	%ymm11, %ymm5, %ymm5
+        vpaddq	%ymm2, %ymm0, %ymm0
+        vpaddq	%ymm3, %ymm1, %ymm1
+        vpaddq	%ymm4, %ymm0, %ymm0
+        vpaddq	%ymm5, %ymm1, %ymm1
+        # Mont Reduce 2
+        vpmulld	%ymm13, %ymm0, %ymm6
+        vpmulld	%ymm13, %ymm1, %ymm7
+        vpmuldq	%ymm12, %ymm6, %ymm6
+        vpmuldq	%ymm12, %ymm7, %ymm7
+        vpsubd	%ymm6, %ymm0, %ymm0
+        vpsubd	%ymm7, %ymm1, %ymm1
+        vpsrlq	$32, %ymm0, %ymm0
+        vpor	%ymm1, %ymm0, %ymm0
+        vmovdqu	%ymm0, 448(%rdi)
+        # 120..127
+        vmovdqu	480(%rsi), %ymm0
+        vmovdqu	1504(%rsi), %ymm2
+        vmovdqu	2528(%rsi), %ymm4
+        vmovdqu	480(%rdx), %ymm6
+        vmovdqu	1504(%rdx), %ymm8
+        vmovdqu	2528(%rdx), %ymm10
+        vpshufd	$0xf5, %ymm0, %ymm1
+        vpshufd	$0xf5, %ymm2, %ymm3
+        vpshufd	$0xf5, %ymm4, %ymm5
+        vpshufd	$0xf5, %ymm6, %ymm7
+        vpshufd	$0xf5, %ymm8, %ymm9
+        vpshufd	$0xf5, %ymm10, %ymm11
+        vpmuldq	%ymm6, %ymm0, %ymm0
+        vpmuldq	%ymm7, %ymm1, %ymm1
+        vpmuldq	%ymm8, %ymm2, %ymm2
+        vpmuldq	%ymm9, %ymm3, %ymm3
+        vpmuldq	%ymm10, %ymm4, %ymm4
+        vpmuldq	%ymm11, %ymm5, %ymm5
+        vpaddq	%ymm2, %ymm0, %ymm0
+        vpaddq	%ymm3, %ymm1, %ymm1
+        vpaddq	%ymm4, %ymm0, %ymm0
+        vpaddq	%ymm5, %ymm1, %ymm1
+        vmovdqu	3552(%rsi), %ymm2
+        vmovdqu	4576(%rsi), %ymm4
+        vmovdqu	3552(%rdx), %ymm8
+        vmovdqu	4576(%rdx), %ymm10
+        vpshufd	$0xf5, %ymm2, %ymm3
+        vpshufd	$0xf5, %ymm4, %ymm5
+        vpshufd	$0xf5, %ymm8, %ymm9
+        vpshufd	$0xf5, %ymm10, %ymm11
+        vpmuldq	%ymm8, %ymm2, %ymm2
+        vpmuldq	%ymm9, %ymm3, %ymm3
+        vpmuldq	%ymm10, %ymm4, %ymm4
+        vpmuldq	%ymm11, %ymm5, %ymm5
+        vpaddq	%ymm2, %ymm0, %ymm0
+        vpaddq	%ymm3, %ymm1, %ymm1
+        vpaddq	%ymm4, %ymm0, %ymm0
+        vpaddq	%ymm5, %ymm1, %ymm1
+        vmovdqu	5600(%rsi), %ymm2
+        vmovdqu	6624(%rsi), %ymm4
+        vmovdqu	5600(%rdx), %ymm8
+        vmovdqu	6624(%rdx), %ymm10
+        vpshufd	$0xf5, %ymm2, %ymm3
+        vpshufd	$0xf5, %ymm4, %ymm5
+        vpshufd	$0xf5, %ymm8, %ymm9
+        vpshufd	$0xf5, %ymm10, %ymm11
+        vpmuldq	%ymm8, %ymm2, %ymm2
+        vpmuldq	%ymm9, %ymm3, %ymm3
+        vpmuldq	%ymm10, %ymm4, %ymm4
+        vpmuldq	%ymm11, %ymm5, %ymm5
+        vpaddq	%ymm2, %ymm0, %ymm0
+        vpaddq	%ymm3, %ymm1, %ymm1
+        vpaddq	%ymm4, %ymm0, %ymm0
+        vpaddq	%ymm5, %ymm1, %ymm1
+        # Mont Reduce 2
+        vpmulld	%ymm13, %ymm0, %ymm6
+        vpmulld	%ymm13, %ymm1, %ymm7
+        vpmuldq	%ymm12, %ymm6, %ymm6
+        vpmuldq	%ymm12, %ymm7, %ymm7
+        vpsubd	%ymm6, %ymm0, %ymm0
+        vpsubd	%ymm7, %ymm1, %ymm1
+        vpsrlq	$32, %ymm0, %ymm0
+        vpor	%ymm1, %ymm0, %ymm0
+        vmovdqu	%ymm0, 480(%rdi)
+        # 128..135
+        vmovdqu	512(%rsi), %ymm0
+        vmovdqu	1536(%rsi), %ymm2
+        vmovdqu	2560(%rsi), %ymm4
+        vmovdqu	512(%rdx), %ymm6
+        vmovdqu	1536(%rdx), %ymm8
+        vmovdqu	2560(%rdx), %ymm10
+        vpshufd	$0xf5, %ymm0, %ymm1
+        vpshufd	$0xf5, %ymm2, %ymm3
+        vpshufd	$0xf5, %ymm4, %ymm5
+        vpshufd	$0xf5, %ymm6, %ymm7
+        vpshufd	$0xf5, %ymm8, %ymm9
+        vpshufd	$0xf5, %ymm10, %ymm11
+        vpmuldq	%ymm6, %ymm0, %ymm0
+        vpmuldq	%ymm7, %ymm1, %ymm1
+        vpmuldq	%ymm8, %ymm2, %ymm2
+        vpmuldq	%ymm9, %ymm3, %ymm3
+        vpmuldq	%ymm10, %ymm4, %ymm4
+        vpmuldq	%ymm11, %ymm5, %ymm5
+        vpaddq	%ymm2, %ymm0, %ymm0
+        vpaddq	%ymm3, %ymm1, %ymm1
+        vpaddq	%ymm4, %ymm0, %ymm0
+        vpaddq	%ymm5, %ymm1, %ymm1
+        vmovdqu	3584(%rsi), %ymm2
+        vmovdqu	4608(%rsi), %ymm4
+        vmovdqu	3584(%rdx), %ymm8
+        vmovdqu	4608(%rdx), %ymm10
+        vpshufd	$0xf5, %ymm2, %ymm3
+        vpshufd	$0xf5, %ymm4, %ymm5
+        vpshufd	$0xf5, %ymm8, %ymm9
+        vpshufd	$0xf5, %ymm10, %ymm11
+        vpmuldq	%ymm8, %ymm2, %ymm2
+        vpmuldq	%ymm9, %ymm3, %ymm3
+        vpmuldq	%ymm10, %ymm4, %ymm4
+        vpmuldq	%ymm11, %ymm5, %ymm5
+        vpaddq	%ymm2, %ymm0, %ymm0
+        vpaddq	%ymm3, %ymm1, %ymm1
+        vpaddq	%ymm4, %ymm0, %ymm0
+        vpaddq	%ymm5, %ymm1, %ymm1
+        vmovdqu	5632(%rsi), %ymm2
+        vmovdqu	6656(%rsi), %ymm4
+        vmovdqu	5632(%rdx), %ymm8
+        vmovdqu	6656(%rdx), %ymm10
+        vpshufd	$0xf5, %ymm2, %ymm3
+        vpshufd	$0xf5, %ymm4, %ymm5
+        vpshufd	$0xf5, %ymm8, %ymm9
+        vpshufd	$0xf5, %ymm10, %ymm11
+        vpmuldq	%ymm8, %ymm2, %ymm2
+        vpmuldq	%ymm9, %ymm3, %ymm3
+        vpmuldq	%ymm10, %ymm4, %ymm4
+        vpmuldq	%ymm11, %ymm5, %ymm5
+        vpaddq	%ymm2, %ymm0, %ymm0
+        vpaddq	%ymm3, %ymm1, %ymm1
+        vpaddq	%ymm4, %ymm0, %ymm0
+        vpaddq	%ymm5, %ymm1, %ymm1
+        # Mont Reduce 2
+        vpmulld	%ymm13, %ymm0, %ymm6
+        vpmulld	%ymm13, %ymm1, %ymm7
+        vpmuldq	%ymm12, %ymm6, %ymm6
+        vpmuldq	%ymm12, %ymm7, %ymm7
+        vpsubd	%ymm6, %ymm0, %ymm0
+        vpsubd	%ymm7, %ymm1, %ymm1
+        vpsrlq	$32, %ymm0, %ymm0
+        vpor	%ymm1, %ymm0, %ymm0
+        vmovdqu	%ymm0, 512(%rdi)
+        # 136..143
+        vmovdqu	544(%rsi), %ymm0
+        vmovdqu	1568(%rsi), %ymm2
+        vmovdqu	2592(%rsi), %ymm4
+        vmovdqu	544(%rdx), %ymm6
+        vmovdqu	1568(%rdx), %ymm8
+        vmovdqu	2592(%rdx), %ymm10
+        vpshufd	$0xf5, %ymm0, %ymm1
+        vpshufd	$0xf5, %ymm2, %ymm3
+        vpshufd	$0xf5, %ymm4, %ymm5
+        vpshufd	$0xf5, %ymm6, %ymm7
+        vpshufd	$0xf5, %ymm8, %ymm9
+        vpshufd	$0xf5, %ymm10, %ymm11
+        vpmuldq	%ymm6, %ymm0, %ymm0
+        vpmuldq	%ymm7, %ymm1, %ymm1
+        vpmuldq	%ymm8, %ymm2, %ymm2
+        vpmuldq	%ymm9, %ymm3, %ymm3
+        vpmuldq	%ymm10, %ymm4, %ymm4
+        vpmuldq	%ymm11, %ymm5, %ymm5
+        vpaddq	%ymm2, %ymm0, %ymm0
+        vpaddq	%ymm3, %ymm1, %ymm1
+        vpaddq	%ymm4, %ymm0, %ymm0
+        vpaddq	%ymm5, %ymm1, %ymm1
+        vmovdqu	3616(%rsi), %ymm2
+        vmovdqu	4640(%rsi), %ymm4
+        vmovdqu	3616(%rdx), %ymm8
+        vmovdqu	4640(%rdx), %ymm10
+        vpshufd	$0xf5, %ymm2, %ymm3
+        vpshufd	$0xf5, %ymm4, %ymm5
+        vpshufd	$0xf5, %ymm8, %ymm9
+        vpshufd	$0xf5, %ymm10, %ymm11
+        vpmuldq	%ymm8, %ymm2, %ymm2
+        vpmuldq	%ymm9, %ymm3, %ymm3
+        vpmuldq	%ymm10, %ymm4, %ymm4
+        vpmuldq	%ymm11, %ymm5, %ymm5
+        vpaddq	%ymm2, %ymm0, %ymm0
+        vpaddq	%ymm3, %ymm1, %ymm1
+        vpaddq	%ymm4, %ymm0, %ymm0
+        vpaddq	%ymm5, %ymm1, %ymm1
+        vmovdqu	5664(%rsi), %ymm2
+        vmovdqu	6688(%rsi), %ymm4
+        vmovdqu	5664(%rdx), %ymm8
+        vmovdqu	6688(%rdx), %ymm10
+        vpshufd	$0xf5, %ymm2, %ymm3
+        vpshufd	$0xf5, %ymm4, %ymm5
+        vpshufd	$0xf5, %ymm8, %ymm9
+        vpshufd	$0xf5, %ymm10, %ymm11
+        vpmuldq	%ymm8, %ymm2, %ymm2
+        vpmuldq	%ymm9, %ymm3, %ymm3
+        vpmuldq	%ymm10, %ymm4, %ymm4
+        vpmuldq	%ymm11, %ymm5, %ymm5
+        vpaddq	%ymm2, %ymm0, %ymm0
+        vpaddq	%ymm3, %ymm1, %ymm1
+        vpaddq	%ymm4, %ymm0, %ymm0
+        vpaddq	%ymm5, %ymm1, %ymm1
+        # Mont Reduce 2
+        vpmulld	%ymm13, %ymm0, %ymm6
+        vpmulld	%ymm13, %ymm1, %ymm7
+        vpmuldq	%ymm12, %ymm6, %ymm6
+        vpmuldq	%ymm12, %ymm7, %ymm7
+        vpsubd	%ymm6, %ymm0, %ymm0
+        vpsubd	%ymm7, %ymm1, %ymm1
+        vpsrlq	$32, %ymm0, %ymm0
+        vpor	%ymm1, %ymm0, %ymm0
+        vmovdqu	%ymm0, 544(%rdi)
+        # 144..151
+        vmovdqu	576(%rsi), %ymm0
+        vmovdqu	1600(%rsi), %ymm2
+        vmovdqu	2624(%rsi), %ymm4
+        vmovdqu	576(%rdx), %ymm6
+        vmovdqu	1600(%rdx), %ymm8
+        vmovdqu	2624(%rdx), %ymm10
+        vpshufd	$0xf5, %ymm0, %ymm1
+        vpshufd	$0xf5, %ymm2, %ymm3
+        vpshufd	$0xf5, %ymm4, %ymm5
+        vpshufd	$0xf5, %ymm6, %ymm7
+        vpshufd	$0xf5, %ymm8, %ymm9
+        vpshufd	$0xf5, %ymm10, %ymm11
+        vpmuldq	%ymm6, %ymm0, %ymm0
+        vpmuldq	%ymm7, %ymm1, %ymm1
+        vpmuldq	%ymm8, %ymm2, %ymm2
+        vpmuldq	%ymm9, %ymm3, %ymm3
+        vpmuldq	%ymm10, %ymm4, %ymm4
+        vpmuldq	%ymm11, %ymm5, %ymm5
+        vpaddq	%ymm2, %ymm0, %ymm0
+        vpaddq	%ymm3, %ymm1, %ymm1
+        vpaddq	%ymm4, %ymm0, %ymm0
+        vpaddq	%ymm5, %ymm1, %ymm1
+        vmovdqu	3648(%rsi), %ymm2
+        vmovdqu	4672(%rsi), %ymm4
+        vmovdqu	3648(%rdx), %ymm8
+        vmovdqu	4672(%rdx), %ymm10
+        vpshufd	$0xf5, %ymm2, %ymm3
+        vpshufd	$0xf5, %ymm4, %ymm5
+        vpshufd	$0xf5, %ymm8, %ymm9
+        vpshufd	$0xf5, %ymm10, %ymm11
+        vpmuldq	%ymm8, %ymm2, %ymm2
+        vpmuldq	%ymm9, %ymm3, %ymm3
+        vpmuldq	%ymm10, %ymm4, %ymm4
+        vpmuldq	%ymm11, %ymm5, %ymm5
+        vpaddq	%ymm2, %ymm0, %ymm0
+        vpaddq	%ymm3, %ymm1, %ymm1
+        vpaddq	%ymm4, %ymm0, %ymm0
+        vpaddq	%ymm5, %ymm1, %ymm1
+        vmovdqu	5696(%rsi), %ymm2
+        vmovdqu	6720(%rsi), %ymm4
+        vmovdqu	5696(%rdx), %ymm8
+        vmovdqu	6720(%rdx), %ymm10
+        vpshufd	$0xf5, %ymm2, %ymm3
+        vpshufd	$0xf5, %ymm4, %ymm5
+        vpshufd	$0xf5, %ymm8, %ymm9
+        vpshufd	$0xf5, %ymm10, %ymm11
+        vpmuldq	%ymm8, %ymm2, %ymm2
+        vpmuldq	%ymm9, %ymm3, %ymm3
+        vpmuldq	%ymm10, %ymm4, %ymm4
+        vpmuldq	%ymm11, %ymm5, %ymm5
+        vpaddq	%ymm2, %ymm0, %ymm0
+        vpaddq	%ymm3, %ymm1, %ymm1
+        vpaddq	%ymm4, %ymm0, %ymm0
+        vpaddq	%ymm5, %ymm1, %ymm1
+        # Mont Reduce 2
+        vpmulld	%ymm13, %ymm0, %ymm6
+        vpmulld	%ymm13, %ymm1, %ymm7
+        vpmuldq	%ymm12, %ymm6, %ymm6
+        vpmuldq	%ymm12, %ymm7, %ymm7
+        vpsubd	%ymm6, %ymm0, %ymm0
+        vpsubd	%ymm7, %ymm1, %ymm1
+        vpsrlq	$32, %ymm0, %ymm0
+        vpor	%ymm1, %ymm0, %ymm0
+        vmovdqu	%ymm0, 576(%rdi)
+        # 152..159
+        vmovdqu	608(%rsi), %ymm0
+        vmovdqu	1632(%rsi), %ymm2
+        vmovdqu	2656(%rsi), %ymm4
+        vmovdqu	608(%rdx), %ymm6
+        vmovdqu	1632(%rdx), %ymm8
+        vmovdqu	2656(%rdx), %ymm10
+        vpshufd	$0xf5, %ymm0, %ymm1
+        vpshufd	$0xf5, %ymm2, %ymm3
+        vpshufd	$0xf5, %ymm4, %ymm5
+        vpshufd	$0xf5, %ymm6, %ymm7
+        vpshufd	$0xf5, %ymm8, %ymm9
+        vpshufd	$0xf5, %ymm10, %ymm11
+        vpmuldq	%ymm6, %ymm0, %ymm0
+        vpmuldq	%ymm7, %ymm1, %ymm1
+        vpmuldq	%ymm8, %ymm2, %ymm2
+        vpmuldq	%ymm9, %ymm3, %ymm3
+        vpmuldq	%ymm10, %ymm4, %ymm4
+        vpmuldq	%ymm11, %ymm5, %ymm5
+        vpaddq	%ymm2, %ymm0, %ymm0
+        vpaddq	%ymm3, %ymm1, %ymm1
+        vpaddq	%ymm4, %ymm0, %ymm0
+        vpaddq	%ymm5, %ymm1, %ymm1
+        vmovdqu	3680(%rsi), %ymm2
+        vmovdqu	4704(%rsi), %ymm4
+        vmovdqu	3680(%rdx), %ymm8
+        vmovdqu	4704(%rdx), %ymm10
+        vpshufd	$0xf5, %ymm2, %ymm3
+        vpshufd	$0xf5, %ymm4, %ymm5
+        vpshufd	$0xf5, %ymm8, %ymm9
+        vpshufd	$0xf5, %ymm10, %ymm11
+        vpmuldq	%ymm8, %ymm2, %ymm2
+        vpmuldq	%ymm9, %ymm3, %ymm3
+        vpmuldq	%ymm10, %ymm4, %ymm4
+        vpmuldq	%ymm11, %ymm5, %ymm5
+        vpaddq	%ymm2, %ymm0, %ymm0
+        vpaddq	%ymm3, %ymm1, %ymm1
+        vpaddq	%ymm4, %ymm0, %ymm0
+        vpaddq	%ymm5, %ymm1, %ymm1
+        vmovdqu	5728(%rsi), %ymm2
+        vmovdqu	6752(%rsi), %ymm4
+        vmovdqu	5728(%rdx), %ymm8
+        vmovdqu	6752(%rdx), %ymm10
+        vpshufd	$0xf5, %ymm2, %ymm3
+        vpshufd	$0xf5, %ymm4, %ymm5
+        vpshufd	$0xf5, %ymm8, %ymm9
+        vpshufd	$0xf5, %ymm10, %ymm11
+        vpmuldq	%ymm8, %ymm2, %ymm2
+        vpmuldq	%ymm9, %ymm3, %ymm3
+        vpmuldq	%ymm10, %ymm4, %ymm4
+        vpmuldq	%ymm11, %ymm5, %ymm5
+        vpaddq	%ymm2, %ymm0, %ymm0
+        vpaddq	%ymm3, %ymm1, %ymm1
+        vpaddq	%ymm4, %ymm0, %ymm0
+        vpaddq	%ymm5, %ymm1, %ymm1
+        # Mont Reduce 2
+        vpmulld	%ymm13, %ymm0, %ymm6
+        vpmulld	%ymm13, %ymm1, %ymm7
+        vpmuldq	%ymm12, %ymm6, %ymm6
+        vpmuldq	%ymm12, %ymm7, %ymm7
+        vpsubd	%ymm6, %ymm0, %ymm0
+        vpsubd	%ymm7, %ymm1, %ymm1
+        vpsrlq	$32, %ymm0, %ymm0
+        vpor	%ymm1, %ymm0, %ymm0
+        vmovdqu	%ymm0, 608(%rdi)
+        # 160..167
+        vmovdqu	640(%rsi), %ymm0
+        vmovdqu	1664(%rsi), %ymm2
+        vmovdqu	2688(%rsi), %ymm4
+        vmovdqu	640(%rdx), %ymm6
+        vmovdqu	1664(%rdx), %ymm8
+        vmovdqu	2688(%rdx), %ymm10
+        vpshufd	$0xf5, %ymm0, %ymm1
+        vpshufd	$0xf5, %ymm2, %ymm3
+        vpshufd	$0xf5, %ymm4, %ymm5
+        vpshufd	$0xf5, %ymm6, %ymm7
+        vpshufd	$0xf5, %ymm8, %ymm9
+        vpshufd	$0xf5, %ymm10, %ymm11
+        vpmuldq	%ymm6, %ymm0, %ymm0
+        vpmuldq	%ymm7, %ymm1, %ymm1
+        vpmuldq	%ymm8, %ymm2, %ymm2
+        vpmuldq	%ymm9, %ymm3, %ymm3
+        vpmuldq	%ymm10, %ymm4, %ymm4
+        vpmuldq	%ymm11, %ymm5, %ymm5
+        vpaddq	%ymm2, %ymm0, %ymm0
+        vpaddq	%ymm3, %ymm1, %ymm1
+        vpaddq	%ymm4, %ymm0, %ymm0
+        vpaddq	%ymm5, %ymm1, %ymm1
+        vmovdqu	3712(%rsi), %ymm2
+        vmovdqu	4736(%rsi), %ymm4
+        vmovdqu	3712(%rdx), %ymm8
+        vmovdqu	4736(%rdx), %ymm10
+        vpshufd	$0xf5, %ymm2, %ymm3
+        vpshufd	$0xf5, %ymm4, %ymm5
+        vpshufd	$0xf5, %ymm8, %ymm9
+        vpshufd	$0xf5, %ymm10, %ymm11
+        vpmuldq	%ymm8, %ymm2, %ymm2
+        vpmuldq	%ymm9, %ymm3, %ymm3
+        vpmuldq	%ymm10, %ymm4, %ymm4
+        vpmuldq	%ymm11, %ymm5, %ymm5
+        vpaddq	%ymm2, %ymm0, %ymm0
+        vpaddq	%ymm3, %ymm1, %ymm1
+        vpaddq	%ymm4, %ymm0, %ymm0
+        vpaddq	%ymm5, %ymm1, %ymm1
+        vmovdqu	5760(%rsi), %ymm2
+        vmovdqu	6784(%rsi), %ymm4
+        vmovdqu	5760(%rdx), %ymm8
+        vmovdqu	6784(%rdx), %ymm10
+        vpshufd	$0xf5, %ymm2, %ymm3
+        vpshufd	$0xf5, %ymm4, %ymm5
+        vpshufd	$0xf5, %ymm8, %ymm9
+        vpshufd	$0xf5, %ymm10, %ymm11
+        vpmuldq	%ymm8, %ymm2, %ymm2
+        vpmuldq	%ymm9, %ymm3, %ymm3
+        vpmuldq	%ymm10, %ymm4, %ymm4
+        vpmuldq	%ymm11, %ymm5, %ymm5
+        vpaddq	%ymm2, %ymm0, %ymm0
+        vpaddq	%ymm3, %ymm1, %ymm1
+        vpaddq	%ymm4, %ymm0, %ymm0
+        vpaddq	%ymm5, %ymm1, %ymm1
+        # Mont Reduce 2
+        vpmulld	%ymm13, %ymm0, %ymm6
+        vpmulld	%ymm13, %ymm1, %ymm7
+        vpmuldq	%ymm12, %ymm6, %ymm6
+        vpmuldq	%ymm12, %ymm7, %ymm7
+        vpsubd	%ymm6, %ymm0, %ymm0
+        vpsubd	%ymm7, %ymm1, %ymm1
+        vpsrlq	$32, %ymm0, %ymm0
+        vpor	%ymm1, %ymm0, %ymm0
+        vmovdqu	%ymm0, 640(%rdi)
+        # 168..175
+        vmovdqu	672(%rsi), %ymm0
+        vmovdqu	1696(%rsi), %ymm2
+        vmovdqu	2720(%rsi), %ymm4
+        vmovdqu	672(%rdx), %ymm6
+        vmovdqu	1696(%rdx), %ymm8
+        vmovdqu	2720(%rdx), %ymm10
+        vpshufd	$0xf5, %ymm0, %ymm1
+        vpshufd	$0xf5, %ymm2, %ymm3
+        vpshufd	$0xf5, %ymm4, %ymm5
+        vpshufd	$0xf5, %ymm6, %ymm7
+        vpshufd	$0xf5, %ymm8, %ymm9
+        vpshufd	$0xf5, %ymm10, %ymm11
+        vpmuldq	%ymm6, %ymm0, %ymm0
+        vpmuldq	%ymm7, %ymm1, %ymm1
+        vpmuldq	%ymm8, %ymm2, %ymm2
+        vpmuldq	%ymm9, %ymm3, %ymm3
+        vpmuldq	%ymm10, %ymm4, %ymm4
+        vpmuldq	%ymm11, %ymm5, %ymm5
+        vpaddq	%ymm2, %ymm0, %ymm0
+        vpaddq	%ymm3, %ymm1, %ymm1
+        vpaddq	%ymm4, %ymm0, %ymm0
+        vpaddq	%ymm5, %ymm1, %ymm1
+        vmovdqu	3744(%rsi), %ymm2
+        vmovdqu	4768(%rsi), %ymm4
+        vmovdqu	3744(%rdx), %ymm8
+        vmovdqu	4768(%rdx), %ymm10
+        vpshufd	$0xf5, %ymm2, %ymm3
+        vpshufd	$0xf5, %ymm4, %ymm5
+        vpshufd	$0xf5, %ymm8, %ymm9
+        vpshufd	$0xf5, %ymm10, %ymm11
+        vpmuldq	%ymm8, %ymm2, %ymm2
+        vpmuldq	%ymm9, %ymm3, %ymm3
+        vpmuldq	%ymm10, %ymm4, %ymm4
+        vpmuldq	%ymm11, %ymm5, %ymm5
+        vpaddq	%ymm2, %ymm0, %ymm0
+        vpaddq	%ymm3, %ymm1, %ymm1
+        vpaddq	%ymm4, %ymm0, %ymm0
+        vpaddq	%ymm5, %ymm1, %ymm1
+        vmovdqu	5792(%rsi), %ymm2
+        vmovdqu	6816(%rsi), %ymm4
+        vmovdqu	5792(%rdx), %ymm8
+        vmovdqu	6816(%rdx), %ymm10
+        vpshufd	$0xf5, %ymm2, %ymm3
+        vpshufd	$0xf5, %ymm4, %ymm5
+        vpshufd	$0xf5, %ymm8, %ymm9
+        vpshufd	$0xf5, %ymm10, %ymm11
+        vpmuldq	%ymm8, %ymm2, %ymm2
+        vpmuldq	%ymm9, %ymm3, %ymm3
+        vpmuldq	%ymm10, %ymm4, %ymm4
+        vpmuldq	%ymm11, %ymm5, %ymm5
+        vpaddq	%ymm2, %ymm0, %ymm0
+        vpaddq	%ymm3, %ymm1, %ymm1
+        vpaddq	%ymm4, %ymm0, %ymm0
+        vpaddq	%ymm5, %ymm1, %ymm1
+        # Mont Reduce 2
+        vpmulld	%ymm13, %ymm0, %ymm6
+        vpmulld	%ymm13, %ymm1, %ymm7
+        vpmuldq	%ymm12, %ymm6, %ymm6
+        vpmuldq	%ymm12, %ymm7, %ymm7
+        vpsubd	%ymm6, %ymm0, %ymm0
+        vpsubd	%ymm7, %ymm1, %ymm1
+        vpsrlq	$32, %ymm0, %ymm0
+        vpor	%ymm1, %ymm0, %ymm0
+        vmovdqu	%ymm0, 672(%rdi)
+        # 176..183
+        vmovdqu	704(%rsi), %ymm0
+        vmovdqu	1728(%rsi), %ymm2
+        vmovdqu	2752(%rsi), %ymm4
+        vmovdqu	704(%rdx), %ymm6
+        vmovdqu	1728(%rdx), %ymm8
+        vmovdqu	2752(%rdx), %ymm10
+        vpshufd	$0xf5, %ymm0, %ymm1
+        vpshufd	$0xf5, %ymm2, %ymm3
+        vpshufd	$0xf5, %ymm4, %ymm5
+        vpshufd	$0xf5, %ymm6, %ymm7
+        vpshufd	$0xf5, %ymm8, %ymm9
+        vpshufd	$0xf5, %ymm10, %ymm11
+        vpmuldq	%ymm6, %ymm0, %ymm0
+        vpmuldq	%ymm7, %ymm1, %ymm1
+        vpmuldq	%ymm8, %ymm2, %ymm2
+        vpmuldq	%ymm9, %ymm3, %ymm3
+        vpmuldq	%ymm10, %ymm4, %ymm4
+        vpmuldq	%ymm11, %ymm5, %ymm5
+        vpaddq	%ymm2, %ymm0, %ymm0
+        vpaddq	%ymm3, %ymm1, %ymm1
+        vpaddq	%ymm4, %ymm0, %ymm0
+        vpaddq	%ymm5, %ymm1, %ymm1
+        vmovdqu	3776(%rsi), %ymm2
+        vmovdqu	4800(%rsi), %ymm4
+        vmovdqu	3776(%rdx), %ymm8
+        vmovdqu	4800(%rdx), %ymm10
+        vpshufd	$0xf5, %ymm2, %ymm3
+        vpshufd	$0xf5, %ymm4, %ymm5
+        vpshufd	$0xf5, %ymm8, %ymm9
+        vpshufd	$0xf5, %ymm10, %ymm11
+        vpmuldq	%ymm8, %ymm2, %ymm2
+        vpmuldq	%ymm9, %ymm3, %ymm3
+        vpmuldq	%ymm10, %ymm4, %ymm4
+        vpmuldq	%ymm11, %ymm5, %ymm5
+        vpaddq	%ymm2, %ymm0, %ymm0
+        vpaddq	%ymm3, %ymm1, %ymm1
+        vpaddq	%ymm4, %ymm0, %ymm0
+        vpaddq	%ymm5, %ymm1, %ymm1
+        vmovdqu	5824(%rsi), %ymm2
+        vmovdqu	6848(%rsi), %ymm4
+        vmovdqu	5824(%rdx), %ymm8
+        vmovdqu	6848(%rdx), %ymm10
+        vpshufd	$0xf5, %ymm2, %ymm3
+        vpshufd	$0xf5, %ymm4, %ymm5
+        vpshufd	$0xf5, %ymm8, %ymm9
+        vpshufd	$0xf5, %ymm10, %ymm11
+        vpmuldq	%ymm8, %ymm2, %ymm2
+        vpmuldq	%ymm9, %ymm3, %ymm3
+        vpmuldq	%ymm10, %ymm4, %ymm4
+        vpmuldq	%ymm11, %ymm5, %ymm5
+        vpaddq	%ymm2, %ymm0, %ymm0
+        vpaddq	%ymm3, %ymm1, %ymm1
+        vpaddq	%ymm4, %ymm0, %ymm0
+        vpaddq	%ymm5, %ymm1, %ymm1
+        # Mont Reduce 2
+        vpmulld	%ymm13, %ymm0, %ymm6
+        vpmulld	%ymm13, %ymm1, %ymm7
+        vpmuldq	%ymm12, %ymm6, %ymm6
+        vpmuldq	%ymm12, %ymm7, %ymm7
+        vpsubd	%ymm6, %ymm0, %ymm0
+        vpsubd	%ymm7, %ymm1, %ymm1
+        vpsrlq	$32, %ymm0, %ymm0
+        vpor	%ymm1, %ymm0, %ymm0
+        vmovdqu	%ymm0, 704(%rdi)
+        # 184..191
+        vmovdqu	736(%rsi), %ymm0
+        vmovdqu	1760(%rsi), %ymm2
+        vmovdqu	2784(%rsi), %ymm4
+        vmovdqu	736(%rdx), %ymm6
+        vmovdqu	1760(%rdx), %ymm8
+        vmovdqu	2784(%rdx), %ymm10
+        vpshufd	$0xf5, %ymm0, %ymm1
+        vpshufd	$0xf5, %ymm2, %ymm3
+        vpshufd	$0xf5, %ymm4, %ymm5
+        vpshufd	$0xf5, %ymm6, %ymm7
+        vpshufd	$0xf5, %ymm8, %ymm9
+        vpshufd	$0xf5, %ymm10, %ymm11
+        vpmuldq	%ymm6, %ymm0, %ymm0
+        vpmuldq	%ymm7, %ymm1, %ymm1
+        vpmuldq	%ymm8, %ymm2, %ymm2
+        vpmuldq	%ymm9, %ymm3, %ymm3
+        vpmuldq	%ymm10, %ymm4, %ymm4
+        vpmuldq	%ymm11, %ymm5, %ymm5
+        vpaddq	%ymm2, %ymm0, %ymm0
+        vpaddq	%ymm3, %ymm1, %ymm1
+        vpaddq	%ymm4, %ymm0, %ymm0
+        vpaddq	%ymm5, %ymm1, %ymm1
+        vmovdqu	3808(%rsi), %ymm2
+        vmovdqu	4832(%rsi), %ymm4
+        vmovdqu	3808(%rdx), %ymm8
+        vmovdqu	4832(%rdx), %ymm10
+        vpshufd	$0xf5, %ymm2, %ymm3
+        vpshufd	$0xf5, %ymm4, %ymm5
+        vpshufd	$0xf5, %ymm8, %ymm9
+        vpshufd	$0xf5, %ymm10, %ymm11
+        vpmuldq	%ymm8, %ymm2, %ymm2
+        vpmuldq	%ymm9, %ymm3, %ymm3
+        vpmuldq	%ymm10, %ymm4, %ymm4
+        vpmuldq	%ymm11, %ymm5, %ymm5
+        vpaddq	%ymm2, %ymm0, %ymm0
+        vpaddq	%ymm3, %ymm1, %ymm1
+        vpaddq	%ymm4, %ymm0, %ymm0
+        vpaddq	%ymm5, %ymm1, %ymm1
+        vmovdqu	5856(%rsi), %ymm2
+        vmovdqu	6880(%rsi), %ymm4
+        vmovdqu	5856(%rdx), %ymm8
+        vmovdqu	6880(%rdx), %ymm10
+        vpshufd	$0xf5, %ymm2, %ymm3
+        vpshufd	$0xf5, %ymm4, %ymm5
+        vpshufd	$0xf5, %ymm8, %ymm9
+        vpshufd	$0xf5, %ymm10, %ymm11
+        vpmuldq	%ymm8, %ymm2, %ymm2
+        vpmuldq	%ymm9, %ymm3, %ymm3
+        vpmuldq	%ymm10, %ymm4, %ymm4
+        vpmuldq	%ymm11, %ymm5, %ymm5
+        vpaddq	%ymm2, %ymm0, %ymm0
+        vpaddq	%ymm3, %ymm1, %ymm1
+        vpaddq	%ymm4, %ymm0, %ymm0
+        vpaddq	%ymm5, %ymm1, %ymm1
+        # Mont Reduce 2
+        vpmulld	%ymm13, %ymm0, %ymm6
+        vpmulld	%ymm13, %ymm1, %ymm7
+        vpmuldq	%ymm12, %ymm6, %ymm6
+        vpmuldq	%ymm12, %ymm7, %ymm7
+        vpsubd	%ymm6, %ymm0, %ymm0
+        vpsubd	%ymm7, %ymm1, %ymm1
+        vpsrlq	$32, %ymm0, %ymm0
+        vpor	%ymm1, %ymm0, %ymm0
+        vmovdqu	%ymm0, 736(%rdi)
+        # 192..199
+        vmovdqu	768(%rsi), %ymm0
+        vmovdqu	1792(%rsi), %ymm2
+        vmovdqu	2816(%rsi), %ymm4
+        vmovdqu	768(%rdx), %ymm6
+        vmovdqu	1792(%rdx), %ymm8
+        vmovdqu	2816(%rdx), %ymm10
+        vpshufd	$0xf5, %ymm0, %ymm1
+        vpshufd	$0xf5, %ymm2, %ymm3
+        vpshufd	$0xf5, %ymm4, %ymm5
+        vpshufd	$0xf5, %ymm6, %ymm7
+        vpshufd	$0xf5, %ymm8, %ymm9
+        vpshufd	$0xf5, %ymm10, %ymm11
+        vpmuldq	%ymm6, %ymm0, %ymm0
+        vpmuldq	%ymm7, %ymm1, %ymm1
+        vpmuldq	%ymm8, %ymm2, %ymm2
+        vpmuldq	%ymm9, %ymm3, %ymm3
+        vpmuldq	%ymm10, %ymm4, %ymm4
+        vpmuldq	%ymm11, %ymm5, %ymm5
+        vpaddq	%ymm2, %ymm0, %ymm0
+        vpaddq	%ymm3, %ymm1, %ymm1
+        vpaddq	%ymm4, %ymm0, %ymm0
+        vpaddq	%ymm5, %ymm1, %ymm1
+        vmovdqu	3840(%rsi), %ymm2
+        vmovdqu	4864(%rsi), %ymm4
+        vmovdqu	3840(%rdx), %ymm8
+        vmovdqu	4864(%rdx), %ymm10
+        vpshufd	$0xf5, %ymm2, %ymm3
+        vpshufd	$0xf5, %ymm4, %ymm5
+        vpshufd	$0xf5, %ymm8, %ymm9
+        vpshufd	$0xf5, %ymm10, %ymm11
+        vpmuldq	%ymm8, %ymm2, %ymm2
+        vpmuldq	%ymm9, %ymm3, %ymm3
+        vpmuldq	%ymm10, %ymm4, %ymm4
+        vpmuldq	%ymm11, %ymm5, %ymm5
+        vpaddq	%ymm2, %ymm0, %ymm0
+        vpaddq	%ymm3, %ymm1, %ymm1
+        vpaddq	%ymm4, %ymm0, %ymm0
+        vpaddq	%ymm5, %ymm1, %ymm1
+        vmovdqu	5888(%rsi), %ymm2
+        vmovdqu	6912(%rsi), %ymm4
+        vmovdqu	5888(%rdx), %ymm8
+        vmovdqu	6912(%rdx), %ymm10
+        vpshufd	$0xf5, %ymm2, %ymm3
+        vpshufd	$0xf5, %ymm4, %ymm5
+        vpshufd	$0xf5, %ymm8, %ymm9
+        vpshufd	$0xf5, %ymm10, %ymm11
+        vpmuldq	%ymm8, %ymm2, %ymm2
+        vpmuldq	%ymm9, %ymm3, %ymm3
+        vpmuldq	%ymm10, %ymm4, %ymm4
+        vpmuldq	%ymm11, %ymm5, %ymm5
+        vpaddq	%ymm2, %ymm0, %ymm0
+        vpaddq	%ymm3, %ymm1, %ymm1
+        vpaddq	%ymm4, %ymm0, %ymm0
+        vpaddq	%ymm5, %ymm1, %ymm1
+        # Mont Reduce 2
+        vpmulld	%ymm13, %ymm0, %ymm6
+        vpmulld	%ymm13, %ymm1, %ymm7
+        vpmuldq	%ymm12, %ymm6, %ymm6
+        vpmuldq	%ymm12, %ymm7, %ymm7
+        vpsubd	%ymm6, %ymm0, %ymm0
+        vpsubd	%ymm7, %ymm1, %ymm1
+        vpsrlq	$32, %ymm0, %ymm0
+        vpor	%ymm1, %ymm0, %ymm0
+        vmovdqu	%ymm0, 768(%rdi)
+        # 200..207
+        vmovdqu	800(%rsi), %ymm0
+        vmovdqu	1824(%rsi), %ymm2
+        vmovdqu	2848(%rsi), %ymm4
+        vmovdqu	800(%rdx), %ymm6
+        vmovdqu	1824(%rdx), %ymm8
+        vmovdqu	2848(%rdx), %ymm10
+        vpshufd	$0xf5, %ymm0, %ymm1
+        vpshufd	$0xf5, %ymm2, %ymm3
+        vpshufd	$0xf5, %ymm4, %ymm5
+        vpshufd	$0xf5, %ymm6, %ymm7
+        vpshufd	$0xf5, %ymm8, %ymm9
+        vpshufd	$0xf5, %ymm10, %ymm11
+        vpmuldq	%ymm6, %ymm0, %ymm0
+        vpmuldq	%ymm7, %ymm1, %ymm1
+        vpmuldq	%ymm8, %ymm2, %ymm2
+        vpmuldq	%ymm9, %ymm3, %ymm3
+        vpmuldq	%ymm10, %ymm4, %ymm4
+        vpmuldq	%ymm11, %ymm5, %ymm5
+        vpaddq	%ymm2, %ymm0, %ymm0
+        vpaddq	%ymm3, %ymm1, %ymm1
+        vpaddq	%ymm4, %ymm0, %ymm0
+        vpaddq	%ymm5, %ymm1, %ymm1
+        vmovdqu	3872(%rsi), %ymm2
+        vmovdqu	4896(%rsi), %ymm4
+        vmovdqu	3872(%rdx), %ymm8
+        vmovdqu	4896(%rdx), %ymm10
+        vpshufd	$0xf5, %ymm2, %ymm3
+        vpshufd	$0xf5, %ymm4, %ymm5
+        vpshufd	$0xf5, %ymm8, %ymm9
+        vpshufd	$0xf5, %ymm10, %ymm11
+        vpmuldq	%ymm8, %ymm2, %ymm2
+        vpmuldq	%ymm9, %ymm3, %ymm3
+        vpmuldq	%ymm10, %ymm4, %ymm4
+        vpmuldq	%ymm11, %ymm5, %ymm5
+        vpaddq	%ymm2, %ymm0, %ymm0
+        vpaddq	%ymm3, %ymm1, %ymm1
+        vpaddq	%ymm4, %ymm0, %ymm0
+        vpaddq	%ymm5, %ymm1, %ymm1
+        vmovdqu	5920(%rsi), %ymm2
+        vmovdqu	6944(%rsi), %ymm4
+        vmovdqu	5920(%rdx), %ymm8
+        vmovdqu	6944(%rdx), %ymm10
+        vpshufd	$0xf5, %ymm2, %ymm3
+        vpshufd	$0xf5, %ymm4, %ymm5
+        vpshufd	$0xf5, %ymm8, %ymm9
+        vpshufd	$0xf5, %ymm10, %ymm11
+        vpmuldq	%ymm8, %ymm2, %ymm2
+        vpmuldq	%ymm9, %ymm3, %ymm3
+        vpmuldq	%ymm10, %ymm4, %ymm4
+        vpmuldq	%ymm11, %ymm5, %ymm5
+        vpaddq	%ymm2, %ymm0, %ymm0
+        vpaddq	%ymm3, %ymm1, %ymm1
+        vpaddq	%ymm4, %ymm0, %ymm0
+        vpaddq	%ymm5, %ymm1, %ymm1
+        # Mont Reduce 2
+        vpmulld	%ymm13, %ymm0, %ymm6
+        vpmulld	%ymm13, %ymm1, %ymm7
+        vpmuldq	%ymm12, %ymm6, %ymm6
+        vpmuldq	%ymm12, %ymm7, %ymm7
+        vpsubd	%ymm6, %ymm0, %ymm0
+        vpsubd	%ymm7, %ymm1, %ymm1
+        vpsrlq	$32, %ymm0, %ymm0
+        vpor	%ymm1, %ymm0, %ymm0
+        vmovdqu	%ymm0, 800(%rdi)
+        # 208..215
+        vmovdqu	832(%rsi), %ymm0
+        vmovdqu	1856(%rsi), %ymm2
+        vmovdqu	2880(%rsi), %ymm4
+        vmovdqu	832(%rdx), %ymm6
+        vmovdqu	1856(%rdx), %ymm8
+        vmovdqu	2880(%rdx), %ymm10
+        vpshufd	$0xf5, %ymm0, %ymm1
+        vpshufd	$0xf5, %ymm2, %ymm3
+        vpshufd	$0xf5, %ymm4, %ymm5
+        vpshufd	$0xf5, %ymm6, %ymm7
+        vpshufd	$0xf5, %ymm8, %ymm9
+        vpshufd	$0xf5, %ymm10, %ymm11
+        vpmuldq	%ymm6, %ymm0, %ymm0
+        vpmuldq	%ymm7, %ymm1, %ymm1
+        vpmuldq	%ymm8, %ymm2, %ymm2
+        vpmuldq	%ymm9, %ymm3, %ymm3
+        vpmuldq	%ymm10, %ymm4, %ymm4
+        vpmuldq	%ymm11, %ymm5, %ymm5
+        vpaddq	%ymm2, %ymm0, %ymm0
+        vpaddq	%ymm3, %ymm1, %ymm1
+        vpaddq	%ymm4, %ymm0, %ymm0
+        vpaddq	%ymm5, %ymm1, %ymm1
+        vmovdqu	3904(%rsi), %ymm2
+        vmovdqu	4928(%rsi), %ymm4
+        vmovdqu	3904(%rdx), %ymm8
+        vmovdqu	4928(%rdx), %ymm10
+        vpshufd	$0xf5, %ymm2, %ymm3
+        vpshufd	$0xf5, %ymm4, %ymm5
+        vpshufd	$0xf5, %ymm8, %ymm9
+        vpshufd	$0xf5, %ymm10, %ymm11
+        vpmuldq	%ymm8, %ymm2, %ymm2
+        vpmuldq	%ymm9, %ymm3, %ymm3
+        vpmuldq	%ymm10, %ymm4, %ymm4
+        vpmuldq	%ymm11, %ymm5, %ymm5
+        vpaddq	%ymm2, %ymm0, %ymm0
+        vpaddq	%ymm3, %ymm1, %ymm1
+        vpaddq	%ymm4, %ymm0, %ymm0
+        vpaddq	%ymm5, %ymm1, %ymm1
+        vmovdqu	5952(%rsi), %ymm2
+        vmovdqu	6976(%rsi), %ymm4
+        vmovdqu	5952(%rdx), %ymm8
+        vmovdqu	6976(%rdx), %ymm10
+        vpshufd	$0xf5, %ymm2, %ymm3
+        vpshufd	$0xf5, %ymm4, %ymm5
+        vpshufd	$0xf5, %ymm8, %ymm9
+        vpshufd	$0xf5, %ymm10, %ymm11
+        vpmuldq	%ymm8, %ymm2, %ymm2
+        vpmuldq	%ymm9, %ymm3, %ymm3
+        vpmuldq	%ymm10, %ymm4, %ymm4
+        vpmuldq	%ymm11, %ymm5, %ymm5
+        vpaddq	%ymm2, %ymm0, %ymm0
+        vpaddq	%ymm3, %ymm1, %ymm1
+        vpaddq	%ymm4, %ymm0, %ymm0
+        vpaddq	%ymm5, %ymm1, %ymm1
+        # Mont Reduce 2
+        vpmulld	%ymm13, %ymm0, %ymm6
+        vpmulld	%ymm13, %ymm1, %ymm7
+        vpmuldq	%ymm12, %ymm6, %ymm6
+        vpmuldq	%ymm12, %ymm7, %ymm7
+        vpsubd	%ymm6, %ymm0, %ymm0
+        vpsubd	%ymm7, %ymm1, %ymm1
+        vpsrlq	$32, %ymm0, %ymm0
+        vpor	%ymm1, %ymm0, %ymm0
+        vmovdqu	%ymm0, 832(%rdi)
+        # 216..223
+        vmovdqu	864(%rsi), %ymm0
+        vmovdqu	1888(%rsi), %ymm2
+        vmovdqu	2912(%rsi), %ymm4
+        vmovdqu	864(%rdx), %ymm6
+        vmovdqu	1888(%rdx), %ymm8
+        vmovdqu	2912(%rdx), %ymm10
+        vpshufd	$0xf5, %ymm0, %ymm1
+        vpshufd	$0xf5, %ymm2, %ymm3
+        vpshufd	$0xf5, %ymm4, %ymm5
+        vpshufd	$0xf5, %ymm6, %ymm7
+        vpshufd	$0xf5, %ymm8, %ymm9
+        vpshufd	$0xf5, %ymm10, %ymm11
+        vpmuldq	%ymm6, %ymm0, %ymm0
+        vpmuldq	%ymm7, %ymm1, %ymm1
+        vpmuldq	%ymm8, %ymm2, %ymm2
+        vpmuldq	%ymm9, %ymm3, %ymm3
+        vpmuldq	%ymm10, %ymm4, %ymm4
+        vpmuldq	%ymm11, %ymm5, %ymm5
+        vpaddq	%ymm2, %ymm0, %ymm0
+        vpaddq	%ymm3, %ymm1, %ymm1
+        vpaddq	%ymm4, %ymm0, %ymm0
+        vpaddq	%ymm5, %ymm1, %ymm1
+        vmovdqu	3936(%rsi), %ymm2
+        vmovdqu	4960(%rsi), %ymm4
+        vmovdqu	3936(%rdx), %ymm8
+        vmovdqu	4960(%rdx), %ymm10
+        vpshufd	$0xf5, %ymm2, %ymm3
+        vpshufd	$0xf5, %ymm4, %ymm5
+        vpshufd	$0xf5, %ymm8, %ymm9
+        vpshufd	$0xf5, %ymm10, %ymm11
+        vpmuldq	%ymm8, %ymm2, %ymm2
+        vpmuldq	%ymm9, %ymm3, %ymm3
+        vpmuldq	%ymm10, %ymm4, %ymm4
+        vpmuldq	%ymm11, %ymm5, %ymm5
+        vpaddq	%ymm2, %ymm0, %ymm0
+        vpaddq	%ymm3, %ymm1, %ymm1
+        vpaddq	%ymm4, %ymm0, %ymm0
+        vpaddq	%ymm5, %ymm1, %ymm1
+        vmovdqu	5984(%rsi), %ymm2
+        vmovdqu	7008(%rsi), %ymm4
+        vmovdqu	5984(%rdx), %ymm8
+        vmovdqu	7008(%rdx), %ymm10
+        vpshufd	$0xf5, %ymm2, %ymm3
+        vpshufd	$0xf5, %ymm4, %ymm5
+        vpshufd	$0xf5, %ymm8, %ymm9
+        vpshufd	$0xf5, %ymm10, %ymm11
+        vpmuldq	%ymm8, %ymm2, %ymm2
+        vpmuldq	%ymm9, %ymm3, %ymm3
+        vpmuldq	%ymm10, %ymm4, %ymm4
+        vpmuldq	%ymm11, %ymm5, %ymm5
+        vpaddq	%ymm2, %ymm0, %ymm0
+        vpaddq	%ymm3, %ymm1, %ymm1
+        vpaddq	%ymm4, %ymm0, %ymm0
+        vpaddq	%ymm5, %ymm1, %ymm1
+        # Mont Reduce 2
+        vpmulld	%ymm13, %ymm0, %ymm6
+        vpmulld	%ymm13, %ymm1, %ymm7
+        vpmuldq	%ymm12, %ymm6, %ymm6
+        vpmuldq	%ymm12, %ymm7, %ymm7
+        vpsubd	%ymm6, %ymm0, %ymm0
+        vpsubd	%ymm7, %ymm1, %ymm1
+        vpsrlq	$32, %ymm0, %ymm0
+        vpor	%ymm1, %ymm0, %ymm0
+        vmovdqu	%ymm0, 864(%rdi)
+        # 224..231
+        vmovdqu	896(%rsi), %ymm0
+        vmovdqu	1920(%rsi), %ymm2
+        vmovdqu	2944(%rsi), %ymm4
+        vmovdqu	896(%rdx), %ymm6
+        vmovdqu	1920(%rdx), %ymm8
+        vmovdqu	2944(%rdx), %ymm10
+        vpshufd	$0xf5, %ymm0, %ymm1
+        vpshufd	$0xf5, %ymm2, %ymm3
+        vpshufd	$0xf5, %ymm4, %ymm5
+        vpshufd	$0xf5, %ymm6, %ymm7
+        vpshufd	$0xf5, %ymm8, %ymm9
+        vpshufd	$0xf5, %ymm10, %ymm11
+        vpmuldq	%ymm6, %ymm0, %ymm0
+        vpmuldq	%ymm7, %ymm1, %ymm1
+        vpmuldq	%ymm8, %ymm2, %ymm2
+        vpmuldq	%ymm9, %ymm3, %ymm3
+        vpmuldq	%ymm10, %ymm4, %ymm4
+        vpmuldq	%ymm11, %ymm5, %ymm5
+        vpaddq	%ymm2, %ymm0, %ymm0
+        vpaddq	%ymm3, %ymm1, %ymm1
+        vpaddq	%ymm4, %ymm0, %ymm0
+        vpaddq	%ymm5, %ymm1, %ymm1
+        vmovdqu	3968(%rsi), %ymm2
+        vmovdqu	4992(%rsi), %ymm4
+        vmovdqu	3968(%rdx), %ymm8
+        vmovdqu	4992(%rdx), %ymm10
+        vpshufd	$0xf5, %ymm2, %ymm3
+        vpshufd	$0xf5, %ymm4, %ymm5
+        vpshufd	$0xf5, %ymm8, %ymm9
+        vpshufd	$0xf5, %ymm10, %ymm11
+        vpmuldq	%ymm8, %ymm2, %ymm2
+        vpmuldq	%ymm9, %ymm3, %ymm3
+        vpmuldq	%ymm10, %ymm4, %ymm4
+        vpmuldq	%ymm11, %ymm5, %ymm5
+        vpaddq	%ymm2, %ymm0, %ymm0
+        vpaddq	%ymm3, %ymm1, %ymm1
+        vpaddq	%ymm4, %ymm0, %ymm0
+        vpaddq	%ymm5, %ymm1, %ymm1
+        vmovdqu	6016(%rsi), %ymm2
+        vmovdqu	7040(%rsi), %ymm4
+        vmovdqu	6016(%rdx), %ymm8
+        vmovdqu	7040(%rdx), %ymm10
+        vpshufd	$0xf5, %ymm2, %ymm3
+        vpshufd	$0xf5, %ymm4, %ymm5
+        vpshufd	$0xf5, %ymm8, %ymm9
+        vpshufd	$0xf5, %ymm10, %ymm11
+        vpmuldq	%ymm8, %ymm2, %ymm2
+        vpmuldq	%ymm9, %ymm3, %ymm3
+        vpmuldq	%ymm10, %ymm4, %ymm4
+        vpmuldq	%ymm11, %ymm5, %ymm5
+        vpaddq	%ymm2, %ymm0, %ymm0
+        vpaddq	%ymm3, %ymm1, %ymm1
+        vpaddq	%ymm4, %ymm0, %ymm0
+        vpaddq	%ymm5, %ymm1, %ymm1
+        # Mont Reduce 2
+        vpmulld	%ymm13, %ymm0, %ymm6
+        vpmulld	%ymm13, %ymm1, %ymm7
+        vpmuldq	%ymm12, %ymm6, %ymm6
+        vpmuldq	%ymm12, %ymm7, %ymm7
+        vpsubd	%ymm6, %ymm0, %ymm0
+        vpsubd	%ymm7, %ymm1, %ymm1
+        vpsrlq	$32, %ymm0, %ymm0
+        vpor	%ymm1, %ymm0, %ymm0
+        vmovdqu	%ymm0, 896(%rdi)
+        # 232..239
+        vmovdqu	928(%rsi), %ymm0
+        vmovdqu	1952(%rsi), %ymm2
+        vmovdqu	2976(%rsi), %ymm4
+        vmovdqu	928(%rdx), %ymm6
+        vmovdqu	1952(%rdx), %ymm8
+        vmovdqu	2976(%rdx), %ymm10
+        vpshufd	$0xf5, %ymm0, %ymm1
+        vpshufd	$0xf5, %ymm2, %ymm3
+        vpshufd	$0xf5, %ymm4, %ymm5
+        vpshufd	$0xf5, %ymm6, %ymm7
+        vpshufd	$0xf5, %ymm8, %ymm9
+        vpshufd	$0xf5, %ymm10, %ymm11
+        vpmuldq	%ymm6, %ymm0, %ymm0
+        vpmuldq	%ymm7, %ymm1, %ymm1
+        vpmuldq	%ymm8, %ymm2, %ymm2
+        vpmuldq	%ymm9, %ymm3, %ymm3
+        vpmuldq	%ymm10, %ymm4, %ymm4
+        vpmuldq	%ymm11, %ymm5, %ymm5
+        vpaddq	%ymm2, %ymm0, %ymm0
+        vpaddq	%ymm3, %ymm1, %ymm1
+        vpaddq	%ymm4, %ymm0, %ymm0
+        vpaddq	%ymm5, %ymm1, %ymm1
+        vmovdqu	4000(%rsi), %ymm2
+        vmovdqu	5024(%rsi), %ymm4
+        vmovdqu	4000(%rdx), %ymm8
+        vmovdqu	5024(%rdx), %ymm10
+        vpshufd	$0xf5, %ymm2, %ymm3
+        vpshufd	$0xf5, %ymm4, %ymm5
+        vpshufd	$0xf5, %ymm8, %ymm9
+        vpshufd	$0xf5, %ymm10, %ymm11
+        vpmuldq	%ymm8, %ymm2, %ymm2
+        vpmuldq	%ymm9, %ymm3, %ymm3
+        vpmuldq	%ymm10, %ymm4, %ymm4
+        vpmuldq	%ymm11, %ymm5, %ymm5
+        vpaddq	%ymm2, %ymm0, %ymm0
+        vpaddq	%ymm3, %ymm1, %ymm1
+        vpaddq	%ymm4, %ymm0, %ymm0
+        vpaddq	%ymm5, %ymm1, %ymm1
+        vmovdqu	6048(%rsi), %ymm2
+        vmovdqu	7072(%rsi), %ymm4
+        vmovdqu	6048(%rdx), %ymm8
+        vmovdqu	7072(%rdx), %ymm10
+        vpshufd	$0xf5, %ymm2, %ymm3
+        vpshufd	$0xf5, %ymm4, %ymm5
+        vpshufd	$0xf5, %ymm8, %ymm9
+        vpshufd	$0xf5, %ymm10, %ymm11
+        vpmuldq	%ymm8, %ymm2, %ymm2
+        vpmuldq	%ymm9, %ymm3, %ymm3
+        vpmuldq	%ymm10, %ymm4, %ymm4
+        vpmuldq	%ymm11, %ymm5, %ymm5
+        vpaddq	%ymm2, %ymm0, %ymm0
+        vpaddq	%ymm3, %ymm1, %ymm1
+        vpaddq	%ymm4, %ymm0, %ymm0
+        vpaddq	%ymm5, %ymm1, %ymm1
+        # Mont Reduce 2
+        vpmulld	%ymm13, %ymm0, %ymm6
+        vpmulld	%ymm13, %ymm1, %ymm7
+        vpmuldq	%ymm12, %ymm6, %ymm6
+        vpmuldq	%ymm12, %ymm7, %ymm7
+        vpsubd	%ymm6, %ymm0, %ymm0
+        vpsubd	%ymm7, %ymm1, %ymm1
+        vpsrlq	$32, %ymm0, %ymm0
+        vpor	%ymm1, %ymm0, %ymm0
+        vmovdqu	%ymm0, 928(%rdi)
+        # 240..247
+        vmovdqu	960(%rsi), %ymm0
+        vmovdqu	1984(%rsi), %ymm2
+        vmovdqu	3008(%rsi), %ymm4
+        vmovdqu	960(%rdx), %ymm6
+        vmovdqu	1984(%rdx), %ymm8
+        vmovdqu	3008(%rdx), %ymm10
+        vpshufd	$0xf5, %ymm0, %ymm1
+        vpshufd	$0xf5, %ymm2, %ymm3
+        vpshufd	$0xf5, %ymm4, %ymm5
+        vpshufd	$0xf5, %ymm6, %ymm7
+        vpshufd	$0xf5, %ymm8, %ymm9
+        vpshufd	$0xf5, %ymm10, %ymm11
+        vpmuldq	%ymm6, %ymm0, %ymm0
+        vpmuldq	%ymm7, %ymm1, %ymm1
+        vpmuldq	%ymm8, %ymm2, %ymm2
+        vpmuldq	%ymm9, %ymm3, %ymm3
+        vpmuldq	%ymm10, %ymm4, %ymm4
+        vpmuldq	%ymm11, %ymm5, %ymm5
+        vpaddq	%ymm2, %ymm0, %ymm0
+        vpaddq	%ymm3, %ymm1, %ymm1
+        vpaddq	%ymm4, %ymm0, %ymm0
+        vpaddq	%ymm5, %ymm1, %ymm1
+        vmovdqu	4032(%rsi), %ymm2
+        vmovdqu	5056(%rsi), %ymm4
+        vmovdqu	4032(%rdx), %ymm8
+        vmovdqu	5056(%rdx), %ymm10
+        vpshufd	$0xf5, %ymm2, %ymm3
+        vpshufd	$0xf5, %ymm4, %ymm5
+        vpshufd	$0xf5, %ymm8, %ymm9
+        vpshufd	$0xf5, %ymm10, %ymm11
+        vpmuldq	%ymm8, %ymm2, %ymm2
+        vpmuldq	%ymm9, %ymm3, %ymm3
+        vpmuldq	%ymm10, %ymm4, %ymm4
+        vpmuldq	%ymm11, %ymm5, %ymm5
+        vpaddq	%ymm2, %ymm0, %ymm0
+        vpaddq	%ymm3, %ymm1, %ymm1
+        vpaddq	%ymm4, %ymm0, %ymm0
+        vpaddq	%ymm5, %ymm1, %ymm1
+        vmovdqu	6080(%rsi), %ymm2
+        vmovdqu	7104(%rsi), %ymm4
+        vmovdqu	6080(%rdx), %ymm8
+        vmovdqu	7104(%rdx), %ymm10
+        vpshufd	$0xf5, %ymm2, %ymm3
+        vpshufd	$0xf5, %ymm4, %ymm5
+        vpshufd	$0xf5, %ymm8, %ymm9
+        vpshufd	$0xf5, %ymm10, %ymm11
+        vpmuldq	%ymm8, %ymm2, %ymm2
+        vpmuldq	%ymm9, %ymm3, %ymm3
+        vpmuldq	%ymm10, %ymm4, %ymm4
+        vpmuldq	%ymm11, %ymm5, %ymm5
+        vpaddq	%ymm2, %ymm0, %ymm0
+        vpaddq	%ymm3, %ymm1, %ymm1
+        vpaddq	%ymm4, %ymm0, %ymm0
+        vpaddq	%ymm5, %ymm1, %ymm1
+        # Mont Reduce 2
+        vpmulld	%ymm13, %ymm0, %ymm6
+        vpmulld	%ymm13, %ymm1, %ymm7
+        vpmuldq	%ymm12, %ymm6, %ymm6
+        vpmuldq	%ymm12, %ymm7, %ymm7
+        vpsubd	%ymm6, %ymm0, %ymm0
+        vpsubd	%ymm7, %ymm1, %ymm1
+        vpsrlq	$32, %ymm0, %ymm0
+        vpor	%ymm1, %ymm0, %ymm0
+        vmovdqu	%ymm0, 960(%rdi)
+        # 248..255
+        vmovdqu	992(%rsi), %ymm0
+        vmovdqu	2016(%rsi), %ymm2
+        vmovdqu	3040(%rsi), %ymm4
+        vmovdqu	992(%rdx), %ymm6
+        vmovdqu	2016(%rdx), %ymm8
+        vmovdqu	3040(%rdx), %ymm10
+        vpshufd	$0xf5, %ymm0, %ymm1
+        vpshufd	$0xf5, %ymm2, %ymm3
+        vpshufd	$0xf5, %ymm4, %ymm5
+        vpshufd	$0xf5, %ymm6, %ymm7
+        vpshufd	$0xf5, %ymm8, %ymm9
+        vpshufd	$0xf5, %ymm10, %ymm11
+        vpmuldq	%ymm6, %ymm0, %ymm0
+        vpmuldq	%ymm7, %ymm1, %ymm1
+        vpmuldq	%ymm8, %ymm2, %ymm2
+        vpmuldq	%ymm9, %ymm3, %ymm3
+        vpmuldq	%ymm10, %ymm4, %ymm4
+        vpmuldq	%ymm11, %ymm5, %ymm5
+        vpaddq	%ymm2, %ymm0, %ymm0
+        vpaddq	%ymm3, %ymm1, %ymm1
+        vpaddq	%ymm4, %ymm0, %ymm0
+        vpaddq	%ymm5, %ymm1, %ymm1
+        vmovdqu	4064(%rsi), %ymm2
+        vmovdqu	5088(%rsi), %ymm4
+        vmovdqu	4064(%rdx), %ymm8
+        vmovdqu	5088(%rdx), %ymm10
+        vpshufd	$0xf5, %ymm2, %ymm3
+        vpshufd	$0xf5, %ymm4, %ymm5
+        vpshufd	$0xf5, %ymm8, %ymm9
+        vpshufd	$0xf5, %ymm10, %ymm11
+        vpmuldq	%ymm8, %ymm2, %ymm2
+        vpmuldq	%ymm9, %ymm3, %ymm3
+        vpmuldq	%ymm10, %ymm4, %ymm4
+        vpmuldq	%ymm11, %ymm5, %ymm5
+        vpaddq	%ymm2, %ymm0, %ymm0
+        vpaddq	%ymm3, %ymm1, %ymm1
+        vpaddq	%ymm4, %ymm0, %ymm0
+        vpaddq	%ymm5, %ymm1, %ymm1
+        vmovdqu	6112(%rsi), %ymm2
+        vmovdqu	7136(%rsi), %ymm4
+        vmovdqu	6112(%rdx), %ymm8
+        vmovdqu	7136(%rdx), %ymm10
+        vpshufd	$0xf5, %ymm2, %ymm3
+        vpshufd	$0xf5, %ymm4, %ymm5
+        vpshufd	$0xf5, %ymm8, %ymm9
+        vpshufd	$0xf5, %ymm10, %ymm11
+        vpmuldq	%ymm8, %ymm2, %ymm2
+        vpmuldq	%ymm9, %ymm3, %ymm3
+        vpmuldq	%ymm10, %ymm4, %ymm4
+        vpmuldq	%ymm11, %ymm5, %ymm5
+        vpaddq	%ymm2, %ymm0, %ymm0
+        vpaddq	%ymm3, %ymm1, %ymm1
+        vpaddq	%ymm4, %ymm0, %ymm0
+        vpaddq	%ymm5, %ymm1, %ymm1
+        # Mont Reduce 2
+        vpmulld	%ymm13, %ymm0, %ymm6
+        vpmulld	%ymm13, %ymm1, %ymm7
+        vpmuldq	%ymm12, %ymm6, %ymm6
+        vpmuldq	%ymm12, %ymm7, %ymm7
+        vpsubd	%ymm6, %ymm0, %ymm0
+        vpsubd	%ymm7, %ymm1, %ymm1
+        vpsrlq	$32, %ymm0, %ymm0
+        vpor	%ymm1, %ymm0, %ymm0
+        vmovdqu	%ymm0, 992(%rdi)
+        vzeroupper
+        repz retq
+#ifndef __APPLE__
+.size	wc_mldsa_mul_vec_7_avx2,.-wc_mldsa_mul_vec_7_avx2
+#endif /* __APPLE__ */
+#ifndef __APPLE__
+.data
+#else
+.section	__DATA,__data
+#endif /* __APPLE__ */
+#ifndef __APPLE__
+.align	16
+#else
+.p2align	4
+#endif /* __APPLE__ */
+L_mldsa_rej_idx:
+.quad	0x0000000000000000,0x0000000000000000
+.quad	0x0000000000000000,0x0000000000000000
+.quad	0x0000000000000000,0x0000000000000000
+.quad	0x0000000000000000,0x0000000000000000
+.quad	0x0000000000000001,0x0000000000000000
+.quad	0x0000000000000000,0x0000000000000000
+.quad	0x0000000100000000,0x0000000000000000
+.quad	0x0000000000000000,0x0000000000000000
+.quad	0x0000000000000002,0x0000000000000000
+.quad	0x0000000000000000,0x0000000000000000
+.quad	0x0000000200000000,0x0000000000000000
+.quad	0x0000000000000000,0x0000000000000000
+.quad	0x0000000200000001,0x0000000000000000
+.quad	0x0000000000000000,0x0000000000000000
+.quad	0x0000000100000000,0x0000000000000002
+.quad	0x0000000000000000,0x0000000000000000
+.quad	0x0000000000000003,0x0000000000000000
+.quad	0x0000000000000000,0x0000000000000000
+.quad	0x0000000300000000,0x0000000000000000
+.quad	0x0000000000000000,0x0000000000000000
+.quad	0x0000000300000001,0x0000000000000000
+.quad	0x0000000000000000,0x0000000000000000
+.quad	0x0000000100000000,0x0000000000000003
+.quad	0x0000000000000000,0x0000000000000000
+.quad	0x0000000300000002,0x0000000000000000
+.quad	0x0000000000000000,0x0000000000000000
+.quad	0x0000000200000000,0x0000000000000003
+.quad	0x0000000000000000,0x0000000000000000
+.quad	0x0000000200000001,0x0000000000000003
+.quad	0x0000000000000000,0x0000000000000000
+.quad	0x0000000100000000,0x0000000300000002
+.quad	0x0000000000000000,0x0000000000000000
+.quad	0x0000000000000004,0x0000000000000000
+.quad	0x0000000000000000,0x0000000000000000
+.quad	0x0000000400000000,0x0000000000000000
+.quad	0x0000000000000000,0x0000000000000000
+.quad	0x0000000400000001,0x0000000000000000
+.quad	0x0000000000000000,0x0000000000000000
+.quad	0x0000000100000000,0x0000000000000004
+.quad	0x0000000000000000,0x0000000000000000
+.quad	0x0000000400000002,0x0000000000000000
+.quad	0x0000000000000000,0x0000000000000000
+.quad	0x0000000200000000,0x0000000000000004
+.quad	0x0000000000000000,0x0000000000000000
+.quad	0x0000000200000001,0x0000000000000004
+.quad	0x0000000000000000,0x0000000000000000
+.quad	0x0000000100000000,0x0000000400000002
+.quad	0x0000000000000000,0x0000000000000000
+.quad	0x0000000400000003,0x0000000000000000
+.quad	0x0000000000000000,0x0000000000000000
+.quad	0x0000000300000000,0x0000000000000004
+.quad	0x0000000000000000,0x0000000000000000
+.quad	0x0000000300000001,0x0000000000000004
+.quad	0x0000000000000000,0x0000000000000000
+.quad	0x0000000100000000,0x0000000400000003
+.quad	0x0000000000000000,0x0000000000000000
+.quad	0x0000000300000002,0x0000000000000004
+.quad	0x0000000000000000,0x0000000000000000
+.quad	0x0000000200000000,0x0000000400000003
+.quad	0x0000000000000000,0x0000000000000000
+.quad	0x0000000200000001,0x0000000400000003
+.quad	0x0000000000000000,0x0000000000000000
+.quad	0x0000000100000000,0x0000000300000002
+.quad	0x0000000000000004,0x0000000000000000
+.quad	0x0000000000000005,0x0000000000000000
+.quad	0x0000000000000000,0x0000000000000000
+.quad	0x0000000500000000,0x0000000000000000
+.quad	0x0000000000000000,0x0000000000000000
+.quad	0x0000000500000001,0x0000000000000000
+.quad	0x0000000000000000,0x0000000000000000
+.quad	0x0000000100000000,0x0000000000000005
+.quad	0x0000000000000000,0x0000000000000000
+.quad	0x0000000500000002,0x0000000000000000
+.quad	0x0000000000000000,0x0000000000000000
+.quad	0x0000000200000000,0x0000000000000005
+.quad	0x0000000000000000,0x0000000000000000
+.quad	0x0000000200000001,0x0000000000000005
+.quad	0x0000000000000000,0x0000000000000000
+.quad	0x0000000100000000,0x0000000500000002
+.quad	0x0000000000000000,0x0000000000000000
+.quad	0x0000000500000003,0x0000000000000000
+.quad	0x0000000000000000,0x0000000000000000
+.quad	0x0000000300000000,0x0000000000000005
+.quad	0x0000000000000000,0x0000000000000000
+.quad	0x0000000300000001,0x0000000000000005
+.quad	0x0000000000000000,0x0000000000000000
+.quad	0x0000000100000000,0x0000000500000003
+.quad	0x0000000000000000,0x0000000000000000
+.quad	0x0000000300000002,0x0000000000000005
+.quad	0x0000000000000000,0x0000000000000000
+.quad	0x0000000200000000,0x0000000500000003
+.quad	0x0000000000000000,0x0000000000000000
+.quad	0x0000000200000001,0x0000000500000003
+.quad	0x0000000000000000,0x0000000000000000
+.quad	0x0000000100000000,0x0000000300000002
+.quad	0x0000000000000005,0x0000000000000000
+.quad	0x0000000500000004,0x0000000000000000
+.quad	0x0000000000000000,0x0000000000000000
+.quad	0x0000000400000000,0x0000000000000005
+.quad	0x0000000000000000,0x0000000000000000
+.quad	0x0000000400000001,0x0000000000000005
+.quad	0x0000000000000000,0x0000000000000000
+.quad	0x0000000100000000,0x0000000500000004
+.quad	0x0000000000000000,0x0000000000000000
+.quad	0x0000000400000002,0x0000000000000005
+.quad	0x0000000000000000,0x0000000000000000
+.quad	0x0000000200000000,0x0000000500000004
+.quad	0x0000000000000000,0x0000000000000000
+.quad	0x0000000200000001,0x0000000500000004
+.quad	0x0000000000000000,0x0000000000000000
+.quad	0x0000000100000000,0x0000000400000002
+.quad	0x0000000000000005,0x0000000000000000
+.quad	0x0000000400000003,0x0000000000000005
+.quad	0x0000000000000000,0x0000000000000000
+.quad	0x0000000300000000,0x0000000500000004
+.quad	0x0000000000000000,0x0000000000000000
+.quad	0x0000000300000001,0x0000000500000004
+.quad	0x0000000000000000,0x0000000000000000
+.quad	0x0000000100000000,0x0000000400000003
+.quad	0x0000000000000005,0x0000000000000000
+.quad	0x0000000300000002,0x0000000500000004
+.quad	0x0000000000000000,0x0000000000000000
+.quad	0x0000000200000000,0x0000000400000003
+.quad	0x0000000000000005,0x0000000000000000
+.quad	0x0000000200000001,0x0000000400000003
+.quad	0x0000000000000005,0x0000000000000000
+.quad	0x0000000100000000,0x0000000300000002
+.quad	0x0000000500000004,0x0000000000000000
+.quad	0x0000000000000006,0x0000000000000000
+.quad	0x0000000000000000,0x0000000000000000
+.quad	0x0000000600000000,0x0000000000000000
+.quad	0x0000000000000000,0x0000000000000000
+.quad	0x0000000600000001,0x0000000000000000
+.quad	0x0000000000000000,0x0000000000000000
+.quad	0x0000000100000000,0x0000000000000006
+.quad	0x0000000000000000,0x0000000000000000
+.quad	0x0000000600000002,0x0000000000000000
+.quad	0x0000000000000000,0x0000000000000000
+.quad	0x0000000200000000,0x0000000000000006
+.quad	0x0000000000000000,0x0000000000000000
+.quad	0x0000000200000001,0x0000000000000006
+.quad	0x0000000000000000,0x0000000000000000
+.quad	0x0000000100000000,0x0000000600000002
+.quad	0x0000000000000000,0x0000000000000000
+.quad	0x0000000600000003,0x0000000000000000
+.quad	0x0000000000000000,0x0000000000000000
+.quad	0x0000000300000000,0x0000000000000006
+.quad	0x0000000000000000,0x0000000000000000
+.quad	0x0000000300000001,0x0000000000000006
+.quad	0x0000000000000000,0x0000000000000000
+.quad	0x0000000100000000,0x0000000600000003
+.quad	0x0000000000000000,0x0000000000000000
+.quad	0x0000000300000002,0x0000000000000006
+.quad	0x0000000000000000,0x0000000000000000
+.quad	0x0000000200000000,0x0000000600000003
+.quad	0x0000000000000000,0x0000000000000000
+.quad	0x0000000200000001,0x0000000600000003
+.quad	0x0000000000000000,0x0000000000000000
+.quad	0x0000000100000000,0x0000000300000002
+.quad	0x0000000000000006,0x0000000000000000
+.quad	0x0000000600000004,0x0000000000000000
+.quad	0x0000000000000000,0x0000000000000000
+.quad	0x0000000400000000,0x0000000000000006
+.quad	0x0000000000000000,0x0000000000000000
+.quad	0x0000000400000001,0x0000000000000006
+.quad	0x0000000000000000,0x0000000000000000
+.quad	0x0000000100000000,0x0000000600000004
+.quad	0x0000000000000000,0x0000000000000000
+.quad	0x0000000400000002,0x0000000000000006
+.quad	0x0000000000000000,0x0000000000000000
+.quad	0x0000000200000000,0x0000000600000004
+.quad	0x0000000000000000,0x0000000000000000
+.quad	0x0000000200000001,0x0000000600000004
+.quad	0x0000000000000000,0x0000000000000000
+.quad	0x0000000100000000,0x0000000400000002
+.quad	0x0000000000000006,0x0000000000000000
+.quad	0x0000000400000003,0x0000000000000006
+.quad	0x0000000000000000,0x0000000000000000
+.quad	0x0000000300000000,0x0000000600000004
+.quad	0x0000000000000000,0x0000000000000000
+.quad	0x0000000300000001,0x0000000600000004
+.quad	0x0000000000000000,0x0000000000000000
+.quad	0x0000000100000000,0x0000000400000003
+.quad	0x0000000000000006,0x0000000000000000
+.quad	0x0000000300000002,0x0000000600000004
+.quad	0x0000000000000000,0x0000000000000000
+.quad	0x0000000200000000,0x0000000400000003
+.quad	0x0000000000000006,0x0000000000000000
+.quad	0x0000000200000001,0x0000000400000003
+.quad	0x0000000000000006,0x0000000000000000
+.quad	0x0000000100000000,0x0000000300000002
+.quad	0x0000000600000004,0x0000000000000000
+.quad	0x0000000600000005,0x0000000000000000
+.quad	0x0000000000000000,0x0000000000000000
+.quad	0x0000000500000000,0x0000000000000006
+.quad	0x0000000000000000,0x0000000000000000
+.quad	0x0000000500000001,0x0000000000000006
+.quad	0x0000000000000000,0x0000000000000000
+.quad	0x0000000100000000,0x0000000600000005
+.quad	0x0000000000000000,0x0000000000000000
+.quad	0x0000000500000002,0x0000000000000006
+.quad	0x0000000000000000,0x0000000000000000
+.quad	0x0000000200000000,0x0000000600000005
+.quad	0x0000000000000000,0x0000000000000000
+.quad	0x0000000200000001,0x0000000600000005
+.quad	0x0000000000000000,0x0000000000000000
+.quad	0x0000000100000000,0x0000000500000002
+.quad	0x0000000000000006,0x0000000000000000
+.quad	0x0000000500000003,0x0000000000000006
+.quad	0x0000000000000000,0x0000000000000000
+.quad	0x0000000300000000,0x0000000600000005
+.quad	0x0000000000000000,0x0000000000000000
+.quad	0x0000000300000001,0x0000000600000005
+.quad	0x0000000000000000,0x0000000000000000
+.quad	0x0000000100000000,0x0000000500000003
+.quad	0x0000000000000006,0x0000000000000000
+.quad	0x0000000300000002,0x0000000600000005
+.quad	0x0000000000000000,0x0000000000000000
+.quad	0x0000000200000000,0x0000000500000003
+.quad	0x0000000000000006,0x0000000000000000
+.quad	0x0000000200000001,0x0000000500000003
+.quad	0x0000000000000006,0x0000000000000000
+.quad	0x0000000100000000,0x0000000300000002
+.quad	0x0000000600000005,0x0000000000000000
+.quad	0x0000000500000004,0x0000000000000006
+.quad	0x0000000000000000,0x0000000000000000
+.quad	0x0000000400000000,0x0000000600000005
+.quad	0x0000000000000000,0x0000000000000000
+.quad	0x0000000400000001,0x0000000600000005
+.quad	0x0000000000000000,0x0000000000000000
+.quad	0x0000000100000000,0x0000000500000004
+.quad	0x0000000000000006,0x0000000000000000
+.quad	0x0000000400000002,0x0000000600000005
+.quad	0x0000000000000000,0x0000000000000000
+.quad	0x0000000200000000,0x0000000500000004
+.quad	0x0000000000000006,0x0000000000000000
+.quad	0x0000000200000001,0x0000000500000004
+.quad	0x0000000000000006,0x0000000000000000
+.quad	0x0000000100000000,0x0000000400000002
+.quad	0x0000000600000005,0x0000000000000000
+.quad	0x0000000400000003,0x0000000600000005
+.quad	0x0000000000000000,0x0000000000000000
+.quad	0x0000000300000000,0x0000000500000004
+.quad	0x0000000000000006,0x0000000000000000
+.quad	0x0000000300000001,0x0000000500000004
+.quad	0x0000000000000006,0x0000000000000000
+.quad	0x0000000100000000,0x0000000400000003
+.quad	0x0000000600000005,0x0000000000000000
+.quad	0x0000000300000002,0x0000000500000004
+.quad	0x0000000000000006,0x0000000000000000
+.quad	0x0000000200000000,0x0000000400000003
+.quad	0x0000000600000005,0x0000000000000000
+.quad	0x0000000200000001,0x0000000400000003
+.quad	0x0000000600000005,0x0000000000000000
+.quad	0x0000000100000000,0x0000000300000002
+.quad	0x0000000500000004,0x0000000000000006
+.quad	0x0000000000000007,0x0000000000000000
+.quad	0x0000000000000000,0x0000000000000000
+.quad	0x0000000700000000,0x0000000000000000
+.quad	0x0000000000000000,0x0000000000000000
+.quad	0x0000000700000001,0x0000000000000000
+.quad	0x0000000000000000,0x0000000000000000
+.quad	0x0000000100000000,0x0000000000000007
+.quad	0x0000000000000000,0x0000000000000000
+.quad	0x0000000700000002,0x0000000000000000
+.quad	0x0000000000000000,0x0000000000000000
+.quad	0x0000000200000000,0x0000000000000007
+.quad	0x0000000000000000,0x0000000000000000
+.quad	0x0000000200000001,0x0000000000000007
+.quad	0x0000000000000000,0x0000000000000000
+.quad	0x0000000100000000,0x0000000700000002
+.quad	0x0000000000000000,0x0000000000000000
+.quad	0x0000000700000003,0x0000000000000000
+.quad	0x0000000000000000,0x0000000000000000
+.quad	0x0000000300000000,0x0000000000000007
+.quad	0x0000000000000000,0x0000000000000000
+.quad	0x0000000300000001,0x0000000000000007
+.quad	0x0000000000000000,0x0000000000000000
+.quad	0x0000000100000000,0x0000000700000003
+.quad	0x0000000000000000,0x0000000000000000
+.quad	0x0000000300000002,0x0000000000000007
+.quad	0x0000000000000000,0x0000000000000000
+.quad	0x0000000200000000,0x0000000700000003
+.quad	0x0000000000000000,0x0000000000000000
+.quad	0x0000000200000001,0x0000000700000003
+.quad	0x0000000000000000,0x0000000000000000
+.quad	0x0000000100000000,0x0000000300000002
+.quad	0x0000000000000007,0x0000000000000000
+.quad	0x0000000700000004,0x0000000000000000
+.quad	0x0000000000000000,0x0000000000000000
+.quad	0x0000000400000000,0x0000000000000007
+.quad	0x0000000000000000,0x0000000000000000
+.quad	0x0000000400000001,0x0000000000000007
+.quad	0x0000000000000000,0x0000000000000000
+.quad	0x0000000100000000,0x0000000700000004
+.quad	0x0000000000000000,0x0000000000000000
+.quad	0x0000000400000002,0x0000000000000007
+.quad	0x0000000000000000,0x0000000000000000
+.quad	0x0000000200000000,0x0000000700000004
+.quad	0x0000000000000000,0x0000000000000000
+.quad	0x0000000200000001,0x0000000700000004
+.quad	0x0000000000000000,0x0000000000000000
+.quad	0x0000000100000000,0x0000000400000002
+.quad	0x0000000000000007,0x0000000000000000
+.quad	0x0000000400000003,0x0000000000000007
+.quad	0x0000000000000000,0x0000000000000000
+.quad	0x0000000300000000,0x0000000700000004
+.quad	0x0000000000000000,0x0000000000000000
+.quad	0x0000000300000001,0x0000000700000004
+.quad	0x0000000000000000,0x0000000000000000
+.quad	0x0000000100000000,0x0000000400000003
+.quad	0x0000000000000007,0x0000000000000000
+.quad	0x0000000300000002,0x0000000700000004
+.quad	0x0000000000000000,0x0000000000000000
+.quad	0x0000000200000000,0x0000000400000003
+.quad	0x0000000000000007,0x0000000000000000
+.quad	0x0000000200000001,0x0000000400000003
+.quad	0x0000000000000007,0x0000000000000000
+.quad	0x0000000100000000,0x0000000300000002
+.quad	0x0000000700000004,0x0000000000000000
+.quad	0x0000000700000005,0x0000000000000000
+.quad	0x0000000000000000,0x0000000000000000
+.quad	0x0000000500000000,0x0000000000000007
+.quad	0x0000000000000000,0x0000000000000000
+.quad	0x0000000500000001,0x0000000000000007
+.quad	0x0000000000000000,0x0000000000000000
+.quad	0x0000000100000000,0x0000000700000005
+.quad	0x0000000000000000,0x0000000000000000
+.quad	0x0000000500000002,0x0000000000000007
+.quad	0x0000000000000000,0x0000000000000000
+.quad	0x0000000200000000,0x0000000700000005
+.quad	0x0000000000000000,0x0000000000000000
+.quad	0x0000000200000001,0x0000000700000005
+.quad	0x0000000000000000,0x0000000000000000
+.quad	0x0000000100000000,0x0000000500000002
+.quad	0x0000000000000007,0x0000000000000000
+.quad	0x0000000500000003,0x0000000000000007
+.quad	0x0000000000000000,0x0000000000000000
+.quad	0x0000000300000000,0x0000000700000005
+.quad	0x0000000000000000,0x0000000000000000
+.quad	0x0000000300000001,0x0000000700000005
+.quad	0x0000000000000000,0x0000000000000000
+.quad	0x0000000100000000,0x0000000500000003
+.quad	0x0000000000000007,0x0000000000000000
+.quad	0x0000000300000002,0x0000000700000005
+.quad	0x0000000000000000,0x0000000000000000
+.quad	0x0000000200000000,0x0000000500000003
+.quad	0x0000000000000007,0x0000000000000000
+.quad	0x0000000200000001,0x0000000500000003
+.quad	0x0000000000000007,0x0000000000000000
+.quad	0x0000000100000000,0x0000000300000002
+.quad	0x0000000700000005,0x0000000000000000
+.quad	0x0000000500000004,0x0000000000000007
+.quad	0x0000000000000000,0x0000000000000000
+.quad	0x0000000400000000,0x0000000700000005
+.quad	0x0000000000000000,0x0000000000000000
+.quad	0x0000000400000001,0x0000000700000005
+.quad	0x0000000000000000,0x0000000000000000
+.quad	0x0000000100000000,0x0000000500000004
+.quad	0x0000000000000007,0x0000000000000000
+.quad	0x0000000400000002,0x0000000700000005
+.quad	0x0000000000000000,0x0000000000000000
+.quad	0x0000000200000000,0x0000000500000004
+.quad	0x0000000000000007,0x0000000000000000
+.quad	0x0000000200000001,0x0000000500000004
+.quad	0x0000000000000007,0x0000000000000000
+.quad	0x0000000100000000,0x0000000400000002
+.quad	0x0000000700000005,0x0000000000000000
+.quad	0x0000000400000003,0x0000000700000005
+.quad	0x0000000000000000,0x0000000000000000
+.quad	0x0000000300000000,0x0000000500000004
+.quad	0x0000000000000007,0x0000000000000000
+.quad	0x0000000300000001,0x0000000500000004
+.quad	0x0000000000000007,0x0000000000000000
+.quad	0x0000000100000000,0x0000000400000003
+.quad	0x0000000700000005,0x0000000000000000
+.quad	0x0000000300000002,0x0000000500000004
+.quad	0x0000000000000007,0x0000000000000000
+.quad	0x0000000200000000,0x0000000400000003
+.quad	0x0000000700000005,0x0000000000000000
+.quad	0x0000000200000001,0x0000000400000003
+.quad	0x0000000700000005,0x0000000000000000
+.quad	0x0000000100000000,0x0000000300000002
+.quad	0x0000000500000004,0x0000000000000007
+.quad	0x0000000700000006,0x0000000000000000
+.quad	0x0000000000000000,0x0000000000000000
+.quad	0x0000000600000000,0x0000000000000007
+.quad	0x0000000000000000,0x0000000000000000
+.quad	0x0000000600000001,0x0000000000000007
+.quad	0x0000000000000000,0x0000000000000000
+.quad	0x0000000100000000,0x0000000700000006
+.quad	0x0000000000000000,0x0000000000000000
+.quad	0x0000000600000002,0x0000000000000007
+.quad	0x0000000000000000,0x0000000000000000
+.quad	0x0000000200000000,0x0000000700000006
+.quad	0x0000000000000000,0x0000000000000000
+.quad	0x0000000200000001,0x0000000700000006
+.quad	0x0000000000000000,0x0000000000000000
+.quad	0x0000000100000000,0x0000000600000002
+.quad	0x0000000000000007,0x0000000000000000
+.quad	0x0000000600000003,0x0000000000000007
+.quad	0x0000000000000000,0x0000000000000000
+.quad	0x0000000300000000,0x0000000700000006
+.quad	0x0000000000000000,0x0000000000000000
+.quad	0x0000000300000001,0x0000000700000006
+.quad	0x0000000000000000,0x0000000000000000
+.quad	0x0000000100000000,0x0000000600000003
+.quad	0x0000000000000007,0x0000000000000000
+.quad	0x0000000300000002,0x0000000700000006
+.quad	0x0000000000000000,0x0000000000000000
+.quad	0x0000000200000000,0x0000000600000003
+.quad	0x0000000000000007,0x0000000000000000
+.quad	0x0000000200000001,0x0000000600000003
+.quad	0x0000000000000007,0x0000000000000000
+.quad	0x0000000100000000,0x0000000300000002
+.quad	0x0000000700000006,0x0000000000000000
+.quad	0x0000000600000004,0x0000000000000007
+.quad	0x0000000000000000,0x0000000000000000
+.quad	0x0000000400000000,0x0000000700000006
+.quad	0x0000000000000000,0x0000000000000000
+.quad	0x0000000400000001,0x0000000700000006
+.quad	0x0000000000000000,0x0000000000000000
+.quad	0x0000000100000000,0x0000000600000004
+.quad	0x0000000000000007,0x0000000000000000
+.quad	0x0000000400000002,0x0000000700000006
+.quad	0x0000000000000000,0x0000000000000000
+.quad	0x0000000200000000,0x0000000600000004
+.quad	0x0000000000000007,0x0000000000000000
+.quad	0x0000000200000001,0x0000000600000004
+.quad	0x0000000000000007,0x0000000000000000
+.quad	0x0000000100000000,0x0000000400000002
+.quad	0x0000000700000006,0x0000000000000000
+.quad	0x0000000400000003,0x0000000700000006
+.quad	0x0000000000000000,0x0000000000000000
+.quad	0x0000000300000000,0x0000000600000004
+.quad	0x0000000000000007,0x0000000000000000
+.quad	0x0000000300000001,0x0000000600000004
+.quad	0x0000000000000007,0x0000000000000000
+.quad	0x0000000100000000,0x0000000400000003
+.quad	0x0000000700000006,0x0000000000000000
+.quad	0x0000000300000002,0x0000000600000004
+.quad	0x0000000000000007,0x0000000000000000
+.quad	0x0000000200000000,0x0000000400000003
+.quad	0x0000000700000006,0x0000000000000000
+.quad	0x0000000200000001,0x0000000400000003
+.quad	0x0000000700000006,0x0000000000000000
+.quad	0x0000000100000000,0x0000000300000002
+.quad	0x0000000600000004,0x0000000000000007
+.quad	0x0000000600000005,0x0000000000000007
+.quad	0x0000000000000000,0x0000000000000000
+.quad	0x0000000500000000,0x0000000700000006
+.quad	0x0000000000000000,0x0000000000000000
+.quad	0x0000000500000001,0x0000000700000006
+.quad	0x0000000000000000,0x0000000000000000
+.quad	0x0000000100000000,0x0000000600000005
+.quad	0x0000000000000007,0x0000000000000000
+.quad	0x0000000500000002,0x0000000700000006
+.quad	0x0000000000000000,0x0000000000000000
+.quad	0x0000000200000000,0x0000000600000005
+.quad	0x0000000000000007,0x0000000000000000
+.quad	0x0000000200000001,0x0000000600000005
+.quad	0x0000000000000007,0x0000000000000000
+.quad	0x0000000100000000,0x0000000500000002
+.quad	0x0000000700000006,0x0000000000000000
+.quad	0x0000000500000003,0x0000000700000006
+.quad	0x0000000000000000,0x0000000000000000
+.quad	0x0000000300000000,0x0000000600000005
+.quad	0x0000000000000007,0x0000000000000000
+.quad	0x0000000300000001,0x0000000600000005
+.quad	0x0000000000000007,0x0000000000000000
+.quad	0x0000000100000000,0x0000000500000003
+.quad	0x0000000700000006,0x0000000000000000
+.quad	0x0000000300000002,0x0000000600000005
+.quad	0x0000000000000007,0x0000000000000000
+.quad	0x0000000200000000,0x0000000500000003
+.quad	0x0000000700000006,0x0000000000000000
+.quad	0x0000000200000001,0x0000000500000003
+.quad	0x0000000700000006,0x0000000000000000
+.quad	0x0000000100000000,0x0000000300000002
+.quad	0x0000000600000005,0x0000000000000007
+.quad	0x0000000500000004,0x0000000700000006
+.quad	0x0000000000000000,0x0000000000000000
+.quad	0x0000000400000000,0x0000000600000005
+.quad	0x0000000000000007,0x0000000000000000
+.quad	0x0000000400000001,0x0000000600000005
+.quad	0x0000000000000007,0x0000000000000000
+.quad	0x0000000100000000,0x0000000500000004
+.quad	0x0000000700000006,0x0000000000000000
+.quad	0x0000000400000002,0x0000000600000005
+.quad	0x0000000000000007,0x0000000000000000
+.quad	0x0000000200000000,0x0000000500000004
+.quad	0x0000000700000006,0x0000000000000000
+.quad	0x0000000200000001,0x0000000500000004
+.quad	0x0000000700000006,0x0000000000000000
+.quad	0x0000000100000000,0x0000000400000002
+.quad	0x0000000600000005,0x0000000000000007
+.quad	0x0000000400000003,0x0000000600000005
+.quad	0x0000000000000007,0x0000000000000000
+.quad	0x0000000300000000,0x0000000500000004
+.quad	0x0000000700000006,0x0000000000000000
+.quad	0x0000000300000001,0x0000000500000004
+.quad	0x0000000700000006,0x0000000000000000
+.quad	0x0000000100000000,0x0000000400000003
+.quad	0x0000000600000005,0x0000000000000007
+.quad	0x0000000300000002,0x0000000500000004
+.quad	0x0000000700000006,0x0000000000000000
+.quad	0x0000000200000000,0x0000000400000003
+.quad	0x0000000600000005,0x0000000000000007
+.quad	0x0000000200000001,0x0000000400000003
+.quad	0x0000000600000005,0x0000000000000007
+.quad	0x0000000100000000,0x0000000300000002
+.quad	0x0000000500000004,0x0000000700000006
+#ifndef __APPLE__
+.data
+#else
+.section	__DATA,__data
+#endif /* __APPLE__ */
+L_mldsa_rej_q:
+.long	0x007fe001,0x007fe001,0x007fe001,0x007fe001
+.long	0x007fe001,0x007fe001,0x007fe001,0x007fe001
+#ifndef __APPLE__
+.data
+#else
+.section	__DATA,__data
+#endif /* __APPLE__ */
+#ifndef __APPLE__
+.align	32
+#else
+.p2align	5
+#endif /* __APPLE__ */
+L_mldsa_rej_mask:
+.quad	0x7fffff007fffff, 0x7fffff007fffff
+.quad	0x7fffff007fffff, 0x7fffff007fffff
+#ifndef __APPLE__
+.data
+#else
+.section	__DATA,__data
+#endif /* __APPLE__ */
+#ifndef __APPLE__
+.align	32
+#else
+.p2align	5
+#endif /* __APPLE__ */
+L_mldsa_rej_shuffle:
+.quad	0x5040300020100, 0xb0a0900080706
+.quad	0x9080700060504, 0xf0e0d000c0b0a
+#ifndef __APPLE__
+.data
+#else
+.section	__DATA,__data
+#endif /* __APPLE__ */
+#ifndef __APPLE__
+.align	32
+#else
+.p2align	5
+#endif /* __APPLE__ */
+L_mldsa_rej_ones:
+.quad	0x101010101010101, 0x101010101010101
+.quad	0x101010101010101, 0x101010101010101
+#ifndef __APPLE__
+.text
+.globl	wc_mldsa_rej_uniform_n_avx2
+.type	wc_mldsa_rej_uniform_n_avx2,@function
+.align	16
+wc_mldsa_rej_uniform_n_avx2:
+#else
+.section	__TEXT,__text
+.globl	_wc_mldsa_rej_uniform_n_avx2
+.p2align	4
+_wc_mldsa_rej_uniform_n_avx2:
+#endif /* __APPLE__ */
+        pushq	%rbx
+        pushq	%r12
+        pushq	%r13
+        pushq	%r14
+        movq	%rcx, %r8
+        movl	%esi, %eax
+        vmovdqu	L_mldsa_rej_q(%rip), %ymm6
+        vmovdqu	L_mldsa_rej_mask(%rip), %ymm7
+        vmovdqu	L_mldsa_rej_shuffle(%rip), %ymm8
+        vmovdqu	L_mldsa_rej_ones(%rip), %ymm9
+        leaq	L_mldsa_rej_idx(%rip), %r9
+        vpermq	$0x94, (%rdx), %ymm0
+        vpermq	$0x94, 24(%rdx), %ymm1
+        vpshufb	%ymm8, %ymm0, %ymm0
+        vpshufb	%ymm8, %ymm1, %ymm1
+        vpand	%ymm7, %ymm0, %ymm0
+        vpand	%ymm7, %ymm1, %ymm1
+        vpcmpgtd	%ymm0, %ymm6, %ymm2
+        vpcmpgtd	%ymm1, %ymm6, %ymm3
+        vpackssdw	%ymm3, %ymm2, %ymm2
+        vpermq	$0xd8, %ymm2, %ymm2
+        vpacksswb	%ymm2, %ymm2, %ymm2
+        vpermq	$0xd8, %ymm2, %ymm2
+        vpmovmskb	%ymm2, %rbx
+        movzbl	%bl, %r10d
+        movzbl	%bh, %ecx
+        shll	$5, %r10d
+        shll	$5, %ecx
+        vmovdqu	(%r9,%r10,1), %ymm2
+        vmovdqu	(%r9,%rcx,1), %ymm3
+        vpermd	%ymm0, %ymm2, %ymm0
+        vpermd	%ymm1, %ymm3, %ymm1
+        popcntl	%r10d, %r10d
+        popcntl	%ecx, %ecx
+        vmovdqu	%ymm0, (%rdi)
+        leaq	(%rdi,%r10,4), %rdi
+        subl	%r10d, %esi
+        vmovdqu	%ymm1, (%rdi)
+        leaq	(%rdi,%rcx,4), %rdi
+        subl	%ecx, %esi
+        vpermq	$0x94, 48(%rdx), %ymm0
+        vpermq	$0x94, 72(%rdx), %ymm1
+        vpshufb	%ymm8, %ymm0, %ymm0
+        vpshufb	%ymm8, %ymm1, %ymm1
+        vpand	%ymm7, %ymm0, %ymm0
+        vpand	%ymm7, %ymm1, %ymm1
+        vpcmpgtd	%ymm0, %ymm6, %ymm2
+        vpcmpgtd	%ymm1, %ymm6, %ymm3
+        vpackssdw	%ymm3, %ymm2, %ymm2
+        vpermq	$0xd8, %ymm2, %ymm2
+        vpacksswb	%ymm2, %ymm2, %ymm2
+        vpermq	$0xd8, %ymm2, %ymm2
+        vpmovmskb	%ymm2, %rbx
+        movzbl	%bl, %r10d
+        movzbl	%bh, %ecx
+        shll	$5, %r10d
+        shll	$5, %ecx
+        vmovdqu	(%r9,%r10,1), %ymm2
+        vmovdqu	(%r9,%rcx,1), %ymm3
+        vpermd	%ymm0, %ymm2, %ymm0
+        vpermd	%ymm1, %ymm3, %ymm1
+        popcntl	%r10d, %r10d
+        popcntl	%ecx, %ecx
+        vmovdqu	%ymm0, (%rdi)
+        leaq	(%rdi,%r10,4), %rdi
+        subl	%r10d, %esi
+        vmovdqu	%ymm1, (%rdi)
+        leaq	(%rdi,%rcx,4), %rdi
+        subl	%ecx, %esi
+        vpermq	$0x94, 96(%rdx), %ymm0
+        vpermq	$0x94, 120(%rdx), %ymm1
+        vpshufb	%ymm8, %ymm0, %ymm0
+        vpshufb	%ymm8, %ymm1, %ymm1
+        vpand	%ymm7, %ymm0, %ymm0
+        vpand	%ymm7, %ymm1, %ymm1
+        vpcmpgtd	%ymm0, %ymm6, %ymm2
+        vpcmpgtd	%ymm1, %ymm6, %ymm3
+        vpackssdw	%ymm3, %ymm2, %ymm2
+        vpermq	$0xd8, %ymm2, %ymm2
+        vpacksswb	%ymm2, %ymm2, %ymm2
+        vpermq	$0xd8, %ymm2, %ymm2
+        vpmovmskb	%ymm2, %rbx
+        movzbl	%bl, %r10d
+        movzbl	%bh, %ecx
+        shll	$5, %r10d
+        shll	$5, %ecx
+        vmovdqu	(%r9,%r10,1), %ymm2
+        vmovdqu	(%r9,%rcx,1), %ymm3
+        vpermd	%ymm0, %ymm2, %ymm0
+        vpermd	%ymm1, %ymm3, %ymm1
+        popcntl	%r10d, %r10d
+        popcntl	%ecx, %ecx
+        vmovdqu	%ymm0, (%rdi)
+        leaq	(%rdi,%r10,4), %rdi
+        subl	%r10d, %esi
+        vmovdqu	%ymm1, (%rdi)
+        leaq	(%rdi,%rcx,4), %rdi
+        subl	%ecx, %esi
+        vpermq	$0x94, 144(%rdx), %ymm0
+        vpermq	$0x94, 168(%rdx), %ymm1
+        vpshufb	%ymm8, %ymm0, %ymm0
+        vpshufb	%ymm8, %ymm1, %ymm1
+        vpand	%ymm7, %ymm0, %ymm0
+        vpand	%ymm7, %ymm1, %ymm1
+        vpcmpgtd	%ymm0, %ymm6, %ymm2
+        vpcmpgtd	%ymm1, %ymm6, %ymm3
+        vpackssdw	%ymm3, %ymm2, %ymm2
+        vpermq	$0xd8, %ymm2, %ymm2
+        vpacksswb	%ymm2, %ymm2, %ymm2
+        vpermq	$0xd8, %ymm2, %ymm2
+        vpmovmskb	%ymm2, %rbx
+        movzbl	%bl, %r10d
+        movzbl	%bh, %ecx
+        shll	$5, %r10d
+        shll	$5, %ecx
+        vmovdqu	(%r9,%r10,1), %ymm2
+        vmovdqu	(%r9,%rcx,1), %ymm3
+        vpermd	%ymm0, %ymm2, %ymm0
+        vpermd	%ymm1, %ymm3, %ymm1
+        popcntl	%r10d, %r10d
+        popcntl	%ecx, %ecx
+        vmovdqu	%ymm0, (%rdi)
+        leaq	(%rdi,%r10,4), %rdi
+        subl	%r10d, %esi
+        vmovdqu	%ymm1, (%rdi)
+        leaq	(%rdi,%rcx,4), %rdi
+        subl	%ecx, %esi
+        vpermq	$0x94, 192(%rdx), %ymm0
+        vpermq	$0x94, 216(%rdx), %ymm1
+        vpshufb	%ymm8, %ymm0, %ymm0
+        vpshufb	%ymm8, %ymm1, %ymm1
+        vpand	%ymm7, %ymm0, %ymm0
+        vpand	%ymm7, %ymm1, %ymm1
+        vpcmpgtd	%ymm0, %ymm6, %ymm2
+        vpcmpgtd	%ymm1, %ymm6, %ymm3
+        vpackssdw	%ymm3, %ymm2, %ymm2
+        vpermq	$0xd8, %ymm2, %ymm2
+        vpacksswb	%ymm2, %ymm2, %ymm2
+        vpermq	$0xd8, %ymm2, %ymm2
+        vpmovmskb	%ymm2, %rbx
+        movzbl	%bl, %r10d
+        movzbl	%bh, %ecx
+        shll	$5, %r10d
+        shll	$5, %ecx
+        vmovdqu	(%r9,%r10,1), %ymm2
+        vmovdqu	(%r9,%rcx,1), %ymm3
+        vpermd	%ymm0, %ymm2, %ymm0
+        vpermd	%ymm1, %ymm3, %ymm1
+        popcntl	%r10d, %r10d
+        popcntl	%ecx, %ecx
+        vmovdqu	%ymm0, (%rdi)
+        leaq	(%rdi,%r10,4), %rdi
+        subl	%r10d, %esi
+        vmovdqu	%ymm1, (%rdi)
+        leaq	(%rdi,%rcx,4), %rdi
+        subl	%ecx, %esi
+        vpermq	$0x94, 240(%rdx), %ymm0
+        vpermq	$0x94, 264(%rdx), %ymm1
+        vpshufb	%ymm8, %ymm0, %ymm0
+        vpshufb	%ymm8, %ymm1, %ymm1
+        vpand	%ymm7, %ymm0, %ymm0
+        vpand	%ymm7, %ymm1, %ymm1
+        vpcmpgtd	%ymm0, %ymm6, %ymm2
+        vpcmpgtd	%ymm1, %ymm6, %ymm3
+        vpackssdw	%ymm3, %ymm2, %ymm2
+        vpermq	$0xd8, %ymm2, %ymm2
+        vpacksswb	%ymm2, %ymm2, %ymm2
+        vpermq	$0xd8, %ymm2, %ymm2
+        vpmovmskb	%ymm2, %rbx
+        movzbl	%bl, %r10d
+        movzbl	%bh, %ecx
+        shll	$5, %r10d
+        shll	$5, %ecx
+        vmovdqu	(%r9,%r10,1), %ymm2
+        vmovdqu	(%r9,%rcx,1), %ymm3
+        vpermd	%ymm0, %ymm2, %ymm0
+        vpermd	%ymm1, %ymm3, %ymm1
+        popcntl	%r10d, %r10d
+        popcntl	%ecx, %ecx
+        vmovdqu	%ymm0, (%rdi)
+        leaq	(%rdi,%r10,4), %rdi
+        subl	%r10d, %esi
+        vmovdqu	%ymm1, (%rdi)
+        leaq	(%rdi,%rcx,4), %rdi
+        subl	%ecx, %esi
+        vpermq	$0x94, 288(%rdx), %ymm0
+        vpermq	$0x94, 312(%rdx), %ymm1
+        vpshufb	%ymm8, %ymm0, %ymm0
+        vpshufb	%ymm8, %ymm1, %ymm1
+        vpand	%ymm7, %ymm0, %ymm0
+        vpand	%ymm7, %ymm1, %ymm1
+        vpcmpgtd	%ymm0, %ymm6, %ymm2
+        vpcmpgtd	%ymm1, %ymm6, %ymm3
+        vpackssdw	%ymm3, %ymm2, %ymm2
+        vpermq	$0xd8, %ymm2, %ymm2
+        vpacksswb	%ymm2, %ymm2, %ymm2
+        vpermq	$0xd8, %ymm2, %ymm2
+        vpmovmskb	%ymm2, %rbx
+        movzbl	%bl, %r10d
+        movzbl	%bh, %ecx
+        shll	$5, %r10d
+        shll	$5, %ecx
+        vmovdqu	(%r9,%r10,1), %ymm2
+        vmovdqu	(%r9,%rcx,1), %ymm3
+        vpermd	%ymm0, %ymm2, %ymm0
+        vpermd	%ymm1, %ymm3, %ymm1
+        popcntl	%r10d, %r10d
+        popcntl	%ecx, %ecx
+        vmovdqu	%ymm0, (%rdi)
+        leaq	(%rdi,%r10,4), %rdi
+        subl	%r10d, %esi
+        vmovdqu	%ymm1, (%rdi)
+        leaq	(%rdi,%rcx,4), %rdi
+        subl	%ecx, %esi
+        vpermq	$0x94, 336(%rdx), %ymm0
+        vpermq	$0x94, 360(%rdx), %ymm1
+        vpshufb	%ymm8, %ymm0, %ymm0
+        vpshufb	%ymm8, %ymm1, %ymm1
+        vpand	%ymm7, %ymm0, %ymm0
+        vpand	%ymm7, %ymm1, %ymm1
+        vpcmpgtd	%ymm0, %ymm6, %ymm2
+        vpcmpgtd	%ymm1, %ymm6, %ymm3
+        vpackssdw	%ymm3, %ymm2, %ymm2
+        vpermq	$0xd8, %ymm2, %ymm2
+        vpacksswb	%ymm2, %ymm2, %ymm2
+        vpermq	$0xd8, %ymm2, %ymm2
+        vpmovmskb	%ymm2, %rbx
+        movzbl	%bl, %r10d
+        movzbl	%bh, %ecx
+        shll	$5, %r10d
+        shll	$5, %ecx
+        vmovdqu	(%r9,%r10,1), %ymm2
+        vmovdqu	(%r9,%rcx,1), %ymm3
+        vpermd	%ymm0, %ymm2, %ymm0
+        vpermd	%ymm1, %ymm3, %ymm1
+        popcntl	%r10d, %r10d
+        popcntl	%ecx, %ecx
+        vmovdqu	%ymm0, (%rdi)
+        leaq	(%rdi,%r10,4), %rdi
+        subl	%r10d, %esi
+        vmovdqu	%ymm1, (%rdi)
+        leaq	(%rdi,%rcx,4), %rdi
+        subl	%ecx, %esi
+        vpermq	$0x94, 384(%rdx), %ymm0
+        vpermq	$0x94, 408(%rdx), %ymm1
+        vpshufb	%ymm8, %ymm0, %ymm0
+        vpshufb	%ymm8, %ymm1, %ymm1
+        vpand	%ymm7, %ymm0, %ymm0
+        vpand	%ymm7, %ymm1, %ymm1
+        vpcmpgtd	%ymm0, %ymm6, %ymm2
+        vpcmpgtd	%ymm1, %ymm6, %ymm3
+        vpackssdw	%ymm3, %ymm2, %ymm2
+        vpermq	$0xd8, %ymm2, %ymm2
+        vpacksswb	%ymm2, %ymm2, %ymm2
+        vpermq	$0xd8, %ymm2, %ymm2
+        vpmovmskb	%ymm2, %rbx
+        movzbl	%bl, %r10d
+        movzbl	%bh, %ecx
+        shll	$5, %r10d
+        shll	$5, %ecx
+        vmovdqu	(%r9,%r10,1), %ymm2
+        vmovdqu	(%r9,%rcx,1), %ymm3
+        vpermd	%ymm0, %ymm2, %ymm0
+        vpermd	%ymm1, %ymm3, %ymm1
+        popcntl	%r10d, %r10d
+        popcntl	%ecx, %ecx
+        vmovdqu	%ymm0, (%rdi)
+        leaq	(%rdi,%r10,4), %rdi
+        subl	%r10d, %esi
+        vmovdqu	%ymm1, (%rdi)
+        leaq	(%rdi,%rcx,4), %rdi
+        subl	%ecx, %esi
+        vpermq	$0x94, 432(%rdx), %ymm0
+        vpermq	$0x94, 456(%rdx), %ymm1
+        vpshufb	%ymm8, %ymm0, %ymm0
+        vpshufb	%ymm8, %ymm1, %ymm1
+        vpand	%ymm7, %ymm0, %ymm0
+        vpand	%ymm7, %ymm1, %ymm1
+        vpcmpgtd	%ymm0, %ymm6, %ymm2
+        vpcmpgtd	%ymm1, %ymm6, %ymm3
+        vpackssdw	%ymm3, %ymm2, %ymm2
+        vpermq	$0xd8, %ymm2, %ymm2
+        vpacksswb	%ymm2, %ymm2, %ymm2
+        vpermq	$0xd8, %ymm2, %ymm2
+        vpmovmskb	%ymm2, %rbx
+        movzbl	%bl, %r10d
+        movzbl	%bh, %ecx
+        shll	$5, %r10d
+        shll	$5, %ecx
+        vmovdqu	(%r9,%r10,1), %ymm2
+        vmovdqu	(%r9,%rcx,1), %ymm3
+        vpermd	%ymm0, %ymm2, %ymm0
+        vpermd	%ymm1, %ymm3, %ymm1
+        popcntl	%r10d, %r10d
+        popcntl	%ecx, %ecx
+        vmovdqu	%ymm0, (%rdi)
+        leaq	(%rdi,%r10,4), %rdi
+        subl	%r10d, %esi
+        vmovdqu	%ymm1, (%rdi)
+        leaq	(%rdi,%rcx,4), %rdi
+        subl	%ecx, %esi
+        vpermq	$0x94, 480(%rdx), %ymm0
+        vpermq	$0x94, 504(%rdx), %ymm1
+        vpshufb	%ymm8, %ymm0, %ymm0
+        vpshufb	%ymm8, %ymm1, %ymm1
+        vpand	%ymm7, %ymm0, %ymm0
+        vpand	%ymm7, %ymm1, %ymm1
+        vpcmpgtd	%ymm0, %ymm6, %ymm2
+        vpcmpgtd	%ymm1, %ymm6, %ymm3
+        vpackssdw	%ymm3, %ymm2, %ymm2
+        vpermq	$0xd8, %ymm2, %ymm2
+        vpacksswb	%ymm2, %ymm2, %ymm2
+        vpermq	$0xd8, %ymm2, %ymm2
+        vpmovmskb	%ymm2, %rbx
+        movzbl	%bl, %r10d
+        movzbl	%bh, %ecx
+        shll	$5, %r10d
+        shll	$5, %ecx
+        vmovdqu	(%r9,%r10,1), %ymm2
+        vmovdqu	(%r9,%rcx,1), %ymm3
+        vpermd	%ymm0, %ymm2, %ymm0
+        vpermd	%ymm1, %ymm3, %ymm1
+        popcntl	%r10d, %r10d
+        popcntl	%ecx, %ecx
+        vmovdqu	%ymm0, (%rdi)
+        leaq	(%rdi,%r10,4), %rdi
+        subl	%r10d, %esi
+        vmovdqu	%ymm1, (%rdi)
+        leaq	(%rdi,%rcx,4), %rdi
+        subl	%ecx, %esi
+        vpermq	$0x94, 528(%rdx), %ymm0
+        vpermq	$0x94, 552(%rdx), %ymm1
+        vpshufb	%ymm8, %ymm0, %ymm0
+        vpshufb	%ymm8, %ymm1, %ymm1
+        vpand	%ymm7, %ymm0, %ymm0
+        vpand	%ymm7, %ymm1, %ymm1
+        vpcmpgtd	%ymm0, %ymm6, %ymm2
+        vpcmpgtd	%ymm1, %ymm6, %ymm3
+        vpackssdw	%ymm3, %ymm2, %ymm2
+        vpermq	$0xd8, %ymm2, %ymm2
+        vpacksswb	%ymm2, %ymm2, %ymm2
+        vpermq	$0xd8, %ymm2, %ymm2
+        vpmovmskb	%ymm2, %rbx
+        movzbl	%bl, %r10d
+        movzbl	%bh, %ecx
+        shll	$5, %r10d
+        shll	$5, %ecx
+        vmovdqu	(%r9,%r10,1), %ymm2
+        vmovdqu	(%r9,%rcx,1), %ymm3
+        vpermd	%ymm0, %ymm2, %ymm0
+        vpermd	%ymm1, %ymm3, %ymm1
+        popcntl	%r10d, %r10d
+        popcntl	%ecx, %ecx
+        vmovdqu	%ymm0, (%rdi)
+        leaq	(%rdi,%r10,4), %rdi
+        subl	%r10d, %esi
+        vmovdqu	%ymm1, (%rdi)
+        leaq	(%rdi,%rcx,4), %rdi
+        subl	%ecx, %esi
+        vpermq	$0x94, 576(%rdx), %ymm0
+        vpermq	$0x94, 600(%rdx), %ymm1
+        vpshufb	%ymm8, %ymm0, %ymm0
+        vpshufb	%ymm8, %ymm1, %ymm1
+        vpand	%ymm7, %ymm0, %ymm0
+        vpand	%ymm7, %ymm1, %ymm1
+        vpcmpgtd	%ymm0, %ymm6, %ymm2
+        vpcmpgtd	%ymm1, %ymm6, %ymm3
+        vpackssdw	%ymm3, %ymm2, %ymm2
+        vpermq	$0xd8, %ymm2, %ymm2
+        vpacksswb	%ymm2, %ymm2, %ymm2
+        vpermq	$0xd8, %ymm2, %ymm2
+        vpmovmskb	%ymm2, %rbx
+        movzbl	%bl, %r10d
+        movzbl	%bh, %ecx
+        shll	$5, %r10d
+        shll	$5, %ecx
+        vmovdqu	(%r9,%r10,1), %ymm2
+        vmovdqu	(%r9,%rcx,1), %ymm3
+        vpermd	%ymm0, %ymm2, %ymm0
+        vpermd	%ymm1, %ymm3, %ymm1
+        popcntl	%r10d, %r10d
+        popcntl	%ecx, %ecx
+        vmovdqu	%ymm0, (%rdi)
+        leaq	(%rdi,%r10,4), %rdi
+        subl	%r10d, %esi
+        vmovdqu	%ymm1, (%rdi)
+        leaq	(%rdi,%rcx,4), %rdi
+        subl	%ecx, %esi
+        vpermq	$0x94, 624(%rdx), %ymm0
+        vpermq	$0x94, 648(%rdx), %ymm1
+        vpshufb	%ymm8, %ymm0, %ymm0
+        vpshufb	%ymm8, %ymm1, %ymm1
+        vpand	%ymm7, %ymm0, %ymm0
+        vpand	%ymm7, %ymm1, %ymm1
+        vpcmpgtd	%ymm0, %ymm6, %ymm2
+        vpcmpgtd	%ymm1, %ymm6, %ymm3
+        vpackssdw	%ymm3, %ymm2, %ymm2
+        vpermq	$0xd8, %ymm2, %ymm2
+        vpacksswb	%ymm2, %ymm2, %ymm2
+        vpermq	$0xd8, %ymm2, %ymm2
+        vpmovmskb	%ymm2, %rbx
+        movzbl	%bl, %r10d
+        movzbl	%bh, %ecx
+        shll	$5, %r10d
+        shll	$5, %ecx
+        vmovdqu	(%r9,%r10,1), %ymm2
+        vmovdqu	(%r9,%rcx,1), %ymm3
+        vpermd	%ymm0, %ymm2, %ymm0
+        vpermd	%ymm1, %ymm3, %ymm1
+        popcntl	%r10d, %r10d
+        popcntl	%ecx, %ecx
+        vmovdqu	%ymm0, (%rdi)
+        leaq	(%rdi,%r10,4), %rdi
+        subl	%r10d, %esi
+        vmovdqu	%ymm1, (%rdi)
+        leaq	(%rdi,%rcx,4), %rdi
+        subl	%ecx, %esi
+        vpermq	$0x94, 672(%rdx), %ymm0
+        vpermq	$0x94, 696(%rdx), %ymm1
+        vpshufb	%ymm8, %ymm0, %ymm0
+        vpshufb	%ymm8, %ymm1, %ymm1
+        vpand	%ymm7, %ymm0, %ymm0
+        vpand	%ymm7, %ymm1, %ymm1
+        vpcmpgtd	%ymm0, %ymm6, %ymm2
+        vpcmpgtd	%ymm1, %ymm6, %ymm3
+        vpackssdw	%ymm3, %ymm2, %ymm2
+        vpermq	$0xd8, %ymm2, %ymm2
+        vpacksswb	%ymm2, %ymm2, %ymm2
+        vpermq	$0xd8, %ymm2, %ymm2
+        vpmovmskb	%ymm2, %rbx
+        movzbl	%bl, %r10d
+        movzbl	%bh, %ecx
+        shll	$5, %r10d
+        shll	$5, %ecx
+        vmovdqu	(%r9,%r10,1), %ymm2
+        vmovdqu	(%r9,%rcx,1), %ymm3
+        vpermd	%ymm0, %ymm2, %ymm0
+        vpermd	%ymm1, %ymm3, %ymm1
+        popcntl	%r10d, %r10d
+        popcntl	%ecx, %ecx
+        vmovdqu	%ymm0, (%rdi)
+        leaq	(%rdi,%r10,4), %rdi
+        subl	%r10d, %esi
+        vmovdqu	%ymm1, (%rdi)
+        leaq	(%rdi,%rcx,4), %rdi
+        subl	%ecx, %esi
+        addq	$0x2d0, %rdx
+        subl	$0x2d0, %r8d
+L_mldsa_rej_uniform_n_avx2_start_256:
+        vpermq	$0x94, (%rdx), %ymm0
+        vpermq	$0x94, 24(%rdx), %ymm1
+        vpshufb	%ymm8, %ymm0, %ymm0
+        vpshufb	%ymm8, %ymm1, %ymm1
+        vpand	%ymm7, %ymm0, %ymm0
+        vpand	%ymm7, %ymm1, %ymm1
+        vpcmpgtd	%ymm0, %ymm6, %ymm2
+        vpcmpgtd	%ymm1, %ymm6, %ymm3
+        vpackssdw	%ymm3, %ymm2, %ymm2
+        vpermq	$0xd8, %ymm2, %ymm2
+        vpacksswb	%ymm2, %ymm2, %ymm2
+        vpermq	$0xd8, %ymm2, %ymm2
+        vpmovmskb	%ymm2, %rbx
+        movzbl	%bl, %r10d
+        movzbl	%bh, %ecx
+        shll	$5, %r10d
+        shll	$5, %ecx
+        vmovdqu	(%r9,%r10,1), %ymm2
+        vmovdqu	(%r9,%rcx,1), %ymm3
+        vpermd	%ymm0, %ymm2, %ymm0
+        vpermd	%ymm1, %ymm3, %ymm1
+        popcntl	%r10d, %r10d
+        popcntl	%ecx, %ecx
+        vmovdqu	%ymm0, (%rdi)
+        leaq	(%rdi,%r10,4), %rdi
+        subl	%r10d, %esi
+        vmovdqu	%ymm1, (%rdi)
+        leaq	(%rdi,%rcx,4), %rdi
+        subl	%ecx, %esi
+        addq	$48, %rdx
+        subl	$48, %r8d
+        cmpl	$48, %r8d
+        jl	L_mldsa_rej_uniform_n_avx2_done_256
+        cmpl	$16, %esi
+        jge	L_mldsa_rej_uniform_n_avx2_start_256
+L_mldsa_rej_uniform_n_avx2_done_256:
+        cmpl	$0x00, %esi
+        je	L_mldsa_rej_uniform_n_avx2_done_64
+        movq	$0xffffff00ffffff, %r14
+        movq	$0x7fffff007fffff, %r13
+L_mldsa_rej_uniform_n_avx2_start_64:
+        movq	(%rdx), %rcx
+        pdepq	%r14, %rcx, %rcx
+        andq	%r13, %rcx
+        cmpl	$0x7fe001, %ecx
+        jge	L_mldsa_rej_uniform_0_avx2_rej_large_0
+        movl	%ecx, (%rdi)
+        addq	$4, %rdi
+        subl	$0x01, %esi
+        je	L_mldsa_rej_uniform_n_avx2_done_64
+L_mldsa_rej_uniform_0_avx2_rej_large_0:
+        shrq	$32, %rcx
+        cmpl	$0x7fe001, %ecx
+        jge	L_mldsa_rej_uniform_0_avx2_rej_large_1
+        movl	%ecx, (%rdi)
+        addq	$4, %rdi
+        subl	$0x01, %esi
+        je	L_mldsa_rej_uniform_n_avx2_done_64
+L_mldsa_rej_uniform_0_avx2_rej_large_1:
+        addq	$6, %rdx
+        subl	$6, %r8d
+        jle	L_mldsa_rej_uniform_n_avx2_done_64
+        cmpl	$0x00, %esi
+        jg	L_mldsa_rej_uniform_n_avx2_start_64
+L_mldsa_rej_uniform_n_avx2_done_64:
+        vzeroupper
+        subl	%esi, %eax
+        popq	%r14
+        popq	%r13
+        popq	%r12
+        popq	%rbx
+        repz retq
+#ifndef __APPLE__
+.size	wc_mldsa_rej_uniform_n_avx2,.-wc_mldsa_rej_uniform_n_avx2
+#endif /* __APPLE__ */
+#ifndef __APPLE__
+.text
+.globl	wc_mldsa_rej_uniform_avx2
+.type	wc_mldsa_rej_uniform_avx2,@function
+.align	16
+wc_mldsa_rej_uniform_avx2:
+#else
+.section	__TEXT,__text
+.globl	_wc_mldsa_rej_uniform_avx2
+.p2align	4
+_wc_mldsa_rej_uniform_avx2:
+#endif /* __APPLE__ */
+        pushq	%rbx
+        pushq	%r12
+        pushq	%r13
+        pushq	%r14
+        movq	%rcx, %r8
+        movl	%esi, %eax
+        movq	$0xffffff00ffffff, %r14
+        movq	$0x7fffff007fffff, %r13
+L_mldsa_rej_uniform_avx2_start_64:
+        movq	(%rdx), %rcx
+        pdepq	%r14, %rcx, %rcx
+        andq	%r13, %rcx
+        cmpl	$0x7fe001, %ecx
+        jge	L_mldsa_rej_uniform_avx2_rej_large_0
+        movl	%ecx, (%rdi)
+        addq	$4, %rdi
+        subl	$0x01, %esi
+        je	L_mldsa_rej_uniform_avx2_done_64
+L_mldsa_rej_uniform_avx2_rej_large_0:
+        shrq	$32, %rcx
+        cmpl	$0x7fe001, %ecx
+        jge	L_mldsa_rej_uniform_avx2_rej_large_1
+        movl	%ecx, (%rdi)
+        addq	$4, %rdi
+        subl	$0x01, %esi
+        je	L_mldsa_rej_uniform_avx2_done_64
+L_mldsa_rej_uniform_avx2_rej_large_1:
+        addq	$6, %rdx
+        subl	$6, %r8d
+        jle	L_mldsa_rej_uniform_avx2_done_64
+L_mldsa_rej_uniform_avx2_done_64:
+        subl	%esi, %eax
+        popq	%r14
+        popq	%r13
+        popq	%r12
+        popq	%rbx
+        repz retq
+#ifndef __APPLE__
+.size	wc_mldsa_rej_uniform_avx2,.-wc_mldsa_rej_uniform_avx2
+#endif /* __APPLE__ */
+#ifndef __APPLE__
+.data
+#else
+.section	__DATA,__data
+#endif /* __APPLE__ */
+#ifndef __APPLE__
+.align	16
+#else
+.p2align	4
+#endif /* __APPLE__ */
+L_mldsa_shufb_rej_idx:
+.quad	0xffffffffffffffff,0xffffffffffffffff
+.quad	0xffffffffffff0100,0xffffffffffffffff
+.quad	0xffffffffffff0302,0xffffffffffffffff
+.quad	0xffffffff03020100,0xffffffffffffffff
+.quad	0xffffffffffff0504,0xffffffffffffffff
+.quad	0xffffffff05040100,0xffffffffffffffff
+.quad	0xffffffff05040302,0xffffffffffffffff
+.quad	0xffff050403020100,0xffffffffffffffff
+.quad	0xffffffffffff0706,0xffffffffffffffff
+.quad	0xffffffff07060100,0xffffffffffffffff
+.quad	0xffffffff07060302,0xffffffffffffffff
+.quad	0xffff070603020100,0xffffffffffffffff
+.quad	0xffffffff07060504,0xffffffffffffffff
+.quad	0xffff070605040100,0xffffffffffffffff
+.quad	0xffff070605040302,0xffffffffffffffff
+.quad	0x0706050403020100,0xffffffffffffffff
+.quad	0xffffffffffff0908,0xffffffffffffffff
+.quad	0xffffffff09080100,0xffffffffffffffff
+.quad	0xffffffff09080302,0xffffffffffffffff
+.quad	0xffff090803020100,0xffffffffffffffff
+.quad	0xffffffff09080504,0xffffffffffffffff
+.quad	0xffff090805040100,0xffffffffffffffff
+.quad	0xffff090805040302,0xffffffffffffffff
+.quad	0x0908050403020100,0xffffffffffffffff
+.quad	0xffffffff09080706,0xffffffffffffffff
+.quad	0xffff090807060100,0xffffffffffffffff
+.quad	0xffff090807060302,0xffffffffffffffff
+.quad	0x0908070603020100,0xffffffffffffffff
+.quad	0xffff090807060504,0xffffffffffffffff
+.quad	0x0908070605040100,0xffffffffffffffff
+.quad	0x0908070605040302,0xffffffffffffffff
+.quad	0x0706050403020100,0xffffffffffff0908
+.quad	0xffffffffffff0b0a,0xffffffffffffffff
+.quad	0xffffffff0b0a0100,0xffffffffffffffff
+.quad	0xffffffff0b0a0302,0xffffffffffffffff
+.quad	0xffff0b0a03020100,0xffffffffffffffff
+.quad	0xffffffff0b0a0504,0xffffffffffffffff
+.quad	0xffff0b0a05040100,0xffffffffffffffff
+.quad	0xffff0b0a05040302,0xffffffffffffffff
+.quad	0x0b0a050403020100,0xffffffffffffffff
+.quad	0xffffffff0b0a0706,0xffffffffffffffff
+.quad	0xffff0b0a07060100,0xffffffffffffffff
+.quad	0xffff0b0a07060302,0xffffffffffffffff
+.quad	0x0b0a070603020100,0xffffffffffffffff
+.quad	0xffff0b0a07060504,0xffffffffffffffff
+.quad	0x0b0a070605040100,0xffffffffffffffff
+.quad	0x0b0a070605040302,0xffffffffffffffff
+.quad	0x0706050403020100,0xffffffffffff0b0a
+.quad	0xffffffff0b0a0908,0xffffffffffffffff
+.quad	0xffff0b0a09080100,0xffffffffffffffff
+.quad	0xffff0b0a09080302,0xffffffffffffffff
+.quad	0x0b0a090803020100,0xffffffffffffffff
+.quad	0xffff0b0a09080504,0xffffffffffffffff
+.quad	0x0b0a090805040100,0xffffffffffffffff
+.quad	0x0b0a090805040302,0xffffffffffffffff
+.quad	0x0908050403020100,0xffffffffffff0b0a
+.quad	0xffff0b0a09080706,0xffffffffffffffff
+.quad	0x0b0a090807060100,0xffffffffffffffff
+.quad	0x0b0a090807060302,0xffffffffffffffff
+.quad	0x0908070603020100,0xffffffffffff0b0a
+.quad	0x0b0a090807060504,0xffffffffffffffff
+.quad	0x0908070605040100,0xffffffffffff0b0a
+.quad	0x0908070605040302,0xffffffffffff0b0a
+.quad	0x0706050403020100,0xffffffff0b0a0908
+.quad	0xffffffffffff0d0c,0xffffffffffffffff
+.quad	0xffffffff0d0c0100,0xffffffffffffffff
+.quad	0xffffffff0d0c0302,0xffffffffffffffff
+.quad	0xffff0d0c03020100,0xffffffffffffffff
+.quad	0xffffffff0d0c0504,0xffffffffffffffff
+.quad	0xffff0d0c05040100,0xffffffffffffffff
+.quad	0xffff0d0c05040302,0xffffffffffffffff
+.quad	0x0d0c050403020100,0xffffffffffffffff
+.quad	0xffffffff0d0c0706,0xffffffffffffffff
+.quad	0xffff0d0c07060100,0xffffffffffffffff
+.quad	0xffff0d0c07060302,0xffffffffffffffff
+.quad	0x0d0c070603020100,0xffffffffffffffff
+.quad	0xffff0d0c07060504,0xffffffffffffffff
+.quad	0x0d0c070605040100,0xffffffffffffffff
+.quad	0x0d0c070605040302,0xffffffffffffffff
+.quad	0x0706050403020100,0xffffffffffff0d0c
+.quad	0xffffffff0d0c0908,0xffffffffffffffff
+.quad	0xffff0d0c09080100,0xffffffffffffffff
+.quad	0xffff0d0c09080302,0xffffffffffffffff
+.quad	0x0d0c090803020100,0xffffffffffffffff
+.quad	0xffff0d0c09080504,0xffffffffffffffff
+.quad	0x0d0c090805040100,0xffffffffffffffff
+.quad	0x0d0c090805040302,0xffffffffffffffff
+.quad	0x0908050403020100,0xffffffffffff0d0c
+.quad	0xffff0d0c09080706,0xffffffffffffffff
+.quad	0x0d0c090807060100,0xffffffffffffffff
+.quad	0x0d0c090807060302,0xffffffffffffffff
+.quad	0x0908070603020100,0xffffffffffff0d0c
+.quad	0x0d0c090807060504,0xffffffffffffffff
+.quad	0x0908070605040100,0xffffffffffff0d0c
+.quad	0x0908070605040302,0xffffffffffff0d0c
+.quad	0x0706050403020100,0xffffffff0d0c0908
+.quad	0xffffffff0d0c0b0a,0xffffffffffffffff
+.quad	0xffff0d0c0b0a0100,0xffffffffffffffff
+.quad	0xffff0d0c0b0a0302,0xffffffffffffffff
+.quad	0x0d0c0b0a03020100,0xffffffffffffffff
+.quad	0xffff0d0c0b0a0504,0xffffffffffffffff
+.quad	0x0d0c0b0a05040100,0xffffffffffffffff
+.quad	0x0d0c0b0a05040302,0xffffffffffffffff
+.quad	0x0b0a050403020100,0xffffffffffff0d0c
+.quad	0xffff0d0c0b0a0706,0xffffffffffffffff
+.quad	0x0d0c0b0a07060100,0xffffffffffffffff
+.quad	0x0d0c0b0a07060302,0xffffffffffffffff
+.quad	0x0b0a070603020100,0xffffffffffff0d0c
+.quad	0x0d0c0b0a07060504,0xffffffffffffffff
+.quad	0x0b0a070605040100,0xffffffffffff0d0c
+.quad	0x0b0a070605040302,0xffffffffffff0d0c
+.quad	0x0706050403020100,0xffffffff0d0c0b0a
+.quad	0xffff0d0c0b0a0908,0xffffffffffffffff
+.quad	0x0d0c0b0a09080100,0xffffffffffffffff
+.quad	0x0d0c0b0a09080302,0xffffffffffffffff
+.quad	0x0b0a090803020100,0xffffffffffff0d0c
+.quad	0x0d0c0b0a09080504,0xffffffffffffffff
+.quad	0x0b0a090805040100,0xffffffffffff0d0c
+.quad	0x0b0a090805040302,0xffffffffffff0d0c
+.quad	0x0908050403020100,0xffffffff0d0c0b0a
+.quad	0x0d0c0b0a09080706,0xffffffffffffffff
+.quad	0x0b0a090807060100,0xffffffffffff0d0c
+.quad	0x0b0a090807060302,0xffffffffffff0d0c
+.quad	0x0908070603020100,0xffffffff0d0c0b0a
+.quad	0x0b0a090807060504,0xffffffffffff0d0c
+.quad	0x0908070605040100,0xffffffff0d0c0b0a
+.quad	0x0908070605040302,0xffffffff0d0c0b0a
+.quad	0x0706050403020100,0xffff0d0c0b0a0908
+.quad	0xffffffffffff0f0e,0xffffffffffffffff
+.quad	0xffffffff0f0e0100,0xffffffffffffffff
+.quad	0xffffffff0f0e0302,0xffffffffffffffff
+.quad	0xffff0f0e03020100,0xffffffffffffffff
+.quad	0xffffffff0f0e0504,0xffffffffffffffff
+.quad	0xffff0f0e05040100,0xffffffffffffffff
+.quad	0xffff0f0e05040302,0xffffffffffffffff
+.quad	0x0f0e050403020100,0xffffffffffffffff
+.quad	0xffffffff0f0e0706,0xffffffffffffffff
+.quad	0xffff0f0e07060100,0xffffffffffffffff
+.quad	0xffff0f0e07060302,0xffffffffffffffff
+.quad	0x0f0e070603020100,0xffffffffffffffff
+.quad	0xffff0f0e07060504,0xffffffffffffffff
+.quad	0x0f0e070605040100,0xffffffffffffffff
+.quad	0x0f0e070605040302,0xffffffffffffffff
+.quad	0x0706050403020100,0xffffffffffff0f0e
+.quad	0xffffffff0f0e0908,0xffffffffffffffff
+.quad	0xffff0f0e09080100,0xffffffffffffffff
+.quad	0xffff0f0e09080302,0xffffffffffffffff
+.quad	0x0f0e090803020100,0xffffffffffffffff
+.quad	0xffff0f0e09080504,0xffffffffffffffff
+.quad	0x0f0e090805040100,0xffffffffffffffff
+.quad	0x0f0e090805040302,0xffffffffffffffff
+.quad	0x0908050403020100,0xffffffffffff0f0e
+.quad	0xffff0f0e09080706,0xffffffffffffffff
+.quad	0x0f0e090807060100,0xffffffffffffffff
+.quad	0x0f0e090807060302,0xffffffffffffffff
+.quad	0x0908070603020100,0xffffffffffff0f0e
+.quad	0x0f0e090807060504,0xffffffffffffffff
+.quad	0x0908070605040100,0xffffffffffff0f0e
+.quad	0x0908070605040302,0xffffffffffff0f0e
+.quad	0x0706050403020100,0xffffffff0f0e0908
+.quad	0xffffffff0f0e0b0a,0xffffffffffffffff
+.quad	0xffff0f0e0b0a0100,0xffffffffffffffff
+.quad	0xffff0f0e0b0a0302,0xffffffffffffffff
+.quad	0x0f0e0b0a03020100,0xffffffffffffffff
+.quad	0xffff0f0e0b0a0504,0xffffffffffffffff
+.quad	0x0f0e0b0a05040100,0xffffffffffffffff
+.quad	0x0f0e0b0a05040302,0xffffffffffffffff
+.quad	0x0b0a050403020100,0xffffffffffff0f0e
+.quad	0xffff0f0e0b0a0706,0xffffffffffffffff
+.quad	0x0f0e0b0a07060100,0xffffffffffffffff
+.quad	0x0f0e0b0a07060302,0xffffffffffffffff
+.quad	0x0b0a070603020100,0xffffffffffff0f0e
+.quad	0x0f0e0b0a07060504,0xffffffffffffffff
+.quad	0x0b0a070605040100,0xffffffffffff0f0e
+.quad	0x0b0a070605040302,0xffffffffffff0f0e
+.quad	0x0706050403020100,0xffffffff0f0e0b0a
+.quad	0xffff0f0e0b0a0908,0xffffffffffffffff
+.quad	0x0f0e0b0a09080100,0xffffffffffffffff
+.quad	0x0f0e0b0a09080302,0xffffffffffffffff
+.quad	0x0b0a090803020100,0xffffffffffff0f0e
+.quad	0x0f0e0b0a09080504,0xffffffffffffffff
+.quad	0x0b0a090805040100,0xffffffffffff0f0e
+.quad	0x0b0a090805040302,0xffffffffffff0f0e
+.quad	0x0908050403020100,0xffffffff0f0e0b0a
+.quad	0x0f0e0b0a09080706,0xffffffffffffffff
+.quad	0x0b0a090807060100,0xffffffffffff0f0e
+.quad	0x0b0a090807060302,0xffffffffffff0f0e
+.quad	0x0908070603020100,0xffffffff0f0e0b0a
+.quad	0x0b0a090807060504,0xffffffffffff0f0e
+.quad	0x0908070605040100,0xffffffff0f0e0b0a
+.quad	0x0908070605040302,0xffffffff0f0e0b0a
+.quad	0x0706050403020100,0xffff0f0e0b0a0908
+.quad	0xffffffff0f0e0d0c,0xffffffffffffffff
+.quad	0xffff0f0e0d0c0100,0xffffffffffffffff
+.quad	0xffff0f0e0d0c0302,0xffffffffffffffff
+.quad	0x0f0e0d0c03020100,0xffffffffffffffff
+.quad	0xffff0f0e0d0c0504,0xffffffffffffffff
+.quad	0x0f0e0d0c05040100,0xffffffffffffffff
+.quad	0x0f0e0d0c05040302,0xffffffffffffffff
+.quad	0x0d0c050403020100,0xffffffffffff0f0e
+.quad	0xffff0f0e0d0c0706,0xffffffffffffffff
+.quad	0x0f0e0d0c07060100,0xffffffffffffffff
+.quad	0x0f0e0d0c07060302,0xffffffffffffffff
+.quad	0x0d0c070603020100,0xffffffffffff0f0e
+.quad	0x0f0e0d0c07060504,0xffffffffffffffff
+.quad	0x0d0c070605040100,0xffffffffffff0f0e
+.quad	0x0d0c070605040302,0xffffffffffff0f0e
+.quad	0x0706050403020100,0xffffffff0f0e0d0c
+.quad	0xffff0f0e0d0c0908,0xffffffffffffffff
+.quad	0x0f0e0d0c09080100,0xffffffffffffffff
+.quad	0x0f0e0d0c09080302,0xffffffffffffffff
+.quad	0x0d0c090803020100,0xffffffffffff0f0e
+.quad	0x0f0e0d0c09080504,0xffffffffffffffff
+.quad	0x0d0c090805040100,0xffffffffffff0f0e
+.quad	0x0d0c090805040302,0xffffffffffff0f0e
+.quad	0x0908050403020100,0xffffffff0f0e0d0c
+.quad	0x0f0e0d0c09080706,0xffffffffffffffff
+.quad	0x0d0c090807060100,0xffffffffffff0f0e
+.quad	0x0d0c090807060302,0xffffffffffff0f0e
+.quad	0x0908070603020100,0xffffffff0f0e0d0c
+.quad	0x0d0c090807060504,0xffffffffffff0f0e
+.quad	0x0908070605040100,0xffffffff0f0e0d0c
+.quad	0x0908070605040302,0xffffffff0f0e0d0c
+.quad	0x0706050403020100,0xffff0f0e0d0c0908
+.quad	0xffff0f0e0d0c0b0a,0xffffffffffffffff
+.quad	0x0f0e0d0c0b0a0100,0xffffffffffffffff
+.quad	0x0f0e0d0c0b0a0302,0xffffffffffffffff
+.quad	0x0d0c0b0a03020100,0xffffffffffff0f0e
+.quad	0x0f0e0d0c0b0a0504,0xffffffffffffffff
+.quad	0x0d0c0b0a05040100,0xffffffffffff0f0e
+.quad	0x0d0c0b0a05040302,0xffffffffffff0f0e
+.quad	0x0b0a050403020100,0xffffffff0f0e0d0c
+.quad	0x0f0e0d0c0b0a0706,0xffffffffffffffff
+.quad	0x0d0c0b0a07060100,0xffffffffffff0f0e
+.quad	0x0d0c0b0a07060302,0xffffffffffff0f0e
+.quad	0x0b0a070603020100,0xffffffff0f0e0d0c
+.quad	0x0d0c0b0a07060504,0xffffffffffff0f0e
+.quad	0x0b0a070605040100,0xffffffff0f0e0d0c
+.quad	0x0b0a070605040302,0xffffffff0f0e0d0c
+.quad	0x0706050403020100,0xffff0f0e0d0c0b0a
+.quad	0x0f0e0d0c0b0a0908,0xffffffffffffffff
+.quad	0x0d0c0b0a09080100,0xffffffffffff0f0e
+.quad	0x0d0c0b0a09080302,0xffffffffffff0f0e
+.quad	0x0b0a090803020100,0xffffffff0f0e0d0c
+.quad	0x0d0c0b0a09080504,0xffffffffffff0f0e
+.quad	0x0b0a090805040100,0xffffffff0f0e0d0c
+.quad	0x0b0a090805040302,0xffffffff0f0e0d0c
+.quad	0x0908050403020100,0xffff0f0e0d0c0b0a
+.quad	0x0d0c0b0a09080706,0xffffffffffff0f0e
+.quad	0x0b0a090807060100,0xffffffff0f0e0d0c
+.quad	0x0b0a090807060302,0xffffffff0f0e0d0c
+.quad	0x0908070603020100,0xffff0f0e0d0c0b0a
+.quad	0x0b0a090807060504,0xffffffff0f0e0d0c
+.quad	0x0908070605040100,0xffff0f0e0d0c0b0a
+.quad	0x0908070605040302,0xffff0f0e0d0c0b0a
+.quad	0x0706050403020100,0x0f0e0d0c0b0a0908
+#ifndef __APPLE__
+.data
+#else
+.section	__DATA,__data
+#endif /* __APPLE__ */
+#ifndef __APPLE__
+.align	16
+#else
+.p2align	4
+#endif /* __APPLE__ */
+L_mldsa_extract_coeffs_eta2_mask_nibbles:
+.value	0x000f,0x000f
+.value	0x000f,0x000f
+.value	0x000f,0x000f
+.value	0x000f,0x000f
+.value	0x000f,0x000f
+.value	0x000f,0x000f
+.value	0x000f,0x000f
+.value	0x000f,0x000f
+#ifndef __APPLE__
+.data
+#else
+.section	__DATA,__data
+#endif /* __APPLE__ */
+#ifndef __APPLE__
+.align	16
+#else
+.p2align	4
+#endif /* __APPLE__ */
+L_mldsa_extract_coeffs_eta2_mul:
+.value	0x3340,0x3340
+.value	0x3340,0x3340
+.value	0x3340,0x3340
+.value	0x3340,0x3340
+.value	0x3340,0x3340
+.value	0x3340,0x3340
+.value	0x3340,0x3340
+.value	0x3340,0x3340
+#ifndef __APPLE__
+.data
+#else
+.section	__DATA,__data
+#endif /* __APPLE__ */
+#ifndef __APPLE__
+.align	16
+#else
+.p2align	4
+#endif /* __APPLE__ */
+L_mldsa_extract_coeffs_eta2_five:
+.value	0x0005,0x0005
+.value	0x0005,0x0005
+.value	0x0005,0x0005
+.value	0x0005,0x0005
+.value	0x0005,0x0005
+.value	0x0005,0x0005
+.value	0x0005,0x0005
+.value	0x0005,0x0005
+#ifndef __APPLE__
+.data
+#else
+.section	__DATA,__data
+#endif /* __APPLE__ */
+#ifndef __APPLE__
+.align	16
+#else
+.p2align	4
+#endif /* __APPLE__ */
+L_mldsa_extract_coeffs_eta2_two:
+.value	0x0002,0x0002
+.value	0x0002,0x0002
+.value	0x0002,0x0002
+.value	0x0002,0x0002
+.value	0x0002,0x0002
+.value	0x0002,0x0002
+.value	0x0002,0x0002
+.value	0x0002,0x0002
+#ifndef __APPLE__
+.data
+#else
+.section	__DATA,__data
+#endif /* __APPLE__ */
+L_mldsa_extract_coeffs_eta2_nibble_table:
+.long	0x00000002,0x00000001,0x00000000,0xffffffff
+.long	0xfffffffe,0x00000002,0x00000001,0x00000000
+.long	0xffffffff,0xfffffffe,0x00000002,0x00000001
+.long	0x00000000,0xffffffff,0xfffffffe,0x00000000
+#ifndef __APPLE__
+.text
+.globl	wc_mldsa_extract_coeffs_eta2_avx2
+.type	wc_mldsa_extract_coeffs_eta2_avx2,@function
+.align	16
+wc_mldsa_extract_coeffs_eta2_avx2:
+#else
+.section	__TEXT,__text
+.globl	_wc_mldsa_extract_coeffs_eta2_avx2
+.p2align	4
+_wc_mldsa_extract_coeffs_eta2_avx2:
+#endif /* __APPLE__ */
+        pushq	%rbx
+        pushq	%r12
+        pushq	%r13
+        vmovdqu	L_mldsa_extract_coeffs_eta2_mask_nibbles(%rip), %ymm6
+        vmovdqu	L_mldsa_extract_coeffs_eta2_mul(%rip), %ymm7
+        vmovdqu	L_mldsa_extract_coeffs_eta2_five(%rip), %ymm8
+        vmovdqu	L_mldsa_extract_coeffs_eta2_two(%rip), %ymm9
+        leaq	L_mldsa_shufb_rej_idx(%rip), %r13
+        movl	(%rcx), %r8d
+        cmpl	$0x00, %r8d
+        jne	L_mldsa_extract_coeffs_eta2_less_than_256
+        vpmovzxbd	(%rdi), %ymm0
+        vpmovzxbd	8(%rdi), %ymm1
+        vpslld	$12, %ymm0, %ymm2
+        vpslld	$12, %ymm1, %ymm3
+        vpor	%ymm2, %ymm0, %ymm0
+        vpor	%ymm3, %ymm1, %ymm1
+        vpand	%ymm6, %ymm0, %ymm0
+        vpand	%ymm6, %ymm1, %ymm1
+        vpcmpgtw	%ymm0, %ymm6, %ymm2
+        vpcmpgtw	%ymm1, %ymm6, %ymm3
+        vpacksswb	%ymm3, %ymm2, %ymm2
+        vpmovmskb	%ymm2, %eax
+        movl	%eax, %r11d
+        movl	%eax, %r12d
+        movzbl	%al, %r10d
+        movzbl	%ah, %ebx
+        shr	$16, %r11
+        shr	$24, %r12
+        andl	$0xff, %r11d
+        shll	$4, %r10d
+        shll	$4, %ebx
+        shll	$4, %r11d
+        shll	$4, %r12d
+        vmovdqu	(%r13,%r10,1), %ymm2
+        vmovdqu	(%r13,%rbx,1), %ymm3
+        vmovdqu	(%r13,%r11,1), %ymm4
+        vmovdqu	(%r13,%r12,1), %ymm5
+        vinserti128	$0x01, %xmm4, %ymm2, %ymm2
+        vinserti128	$0x01, %xmm5, %ymm3, %ymm3
+        vpshufb	%ymm2, %ymm0, %ymm0
+        vpshufb	%ymm3, %ymm1, %ymm1
+        popcntl	%r10d, %r10d
+        popcntl	%ebx, %ebx
+        popcntl	%r11d, %r11d
+        popcntl	%r12d, %r12d
+        vpmulhw	%ymm7, %ymm0, %ymm2
+        vpmulhw	%ymm7, %ymm1, %ymm3
+        vpmullw	%ymm8, %ymm2, %ymm2
+        vpmullw	%ymm8, %ymm3, %ymm3
+        vpsubw	%ymm0, %ymm9, %ymm0
+        vpsubw	%ymm1, %ymm9, %ymm1
+        vpaddw	%ymm2, %ymm0, %ymm0
+        vpaddw	%ymm3, %ymm1, %ymm1
+        vpmovsxwd	%xmm0, %ymm2
+        vpmovsxwd	%xmm1, %ymm3
+        vextracti128	$0x01, %ymm0, %xmm0
+        vextracti128	$0x01, %ymm1, %xmm1
+        vpmovsxwd	%xmm0, %ymm0
+        vpmovsxwd	%xmm1, %ymm1
+        vmovdqu	%ymm2, (%rdx)
+        leaq	(%rdx,%r10,4), %rdx
+        addl	%r10d, %r8d
+        vmovdqu	%ymm0, (%rdx)
+        leaq	(%rdx,%r11,4), %rdx
+        addl	%r11d, %r8d
+        vmovdqu	%ymm3, (%rdx)
+        leaq	(%rdx,%rbx,4), %rdx
+        addl	%ebx, %r8d
+        vmovdqu	%ymm1, (%rdx)
+        leaq	(%rdx,%r12,4), %rdx
+        addl	%r12d, %r8d
+        vpmovzxbd	16(%rdi), %ymm0
+        vpmovzxbd	24(%rdi), %ymm1
+        vpslld	$12, %ymm0, %ymm2
+        vpslld	$12, %ymm1, %ymm3
+        vpor	%ymm2, %ymm0, %ymm0
+        vpor	%ymm3, %ymm1, %ymm1
+        vpand	%ymm6, %ymm0, %ymm0
+        vpand	%ymm6, %ymm1, %ymm1
+        vpcmpgtw	%ymm0, %ymm6, %ymm2
+        vpcmpgtw	%ymm1, %ymm6, %ymm3
+        vpacksswb	%ymm3, %ymm2, %ymm2
+        vpmovmskb	%ymm2, %eax
+        movl	%eax, %r11d
+        movl	%eax, %r12d
+        movzbl	%al, %r10d
+        movzbl	%ah, %ebx
+        shr	$16, %r11
+        shr	$24, %r12
+        andl	$0xff, %r11d
+        shll	$4, %r10d
+        shll	$4, %ebx
+        shll	$4, %r11d
+        shll	$4, %r12d
+        vmovdqu	(%r13,%r10,1), %ymm2
+        vmovdqu	(%r13,%rbx,1), %ymm3
+        vmovdqu	(%r13,%r11,1), %ymm4
+        vmovdqu	(%r13,%r12,1), %ymm5
+        vinserti128	$0x01, %xmm4, %ymm2, %ymm2
+        vinserti128	$0x01, %xmm5, %ymm3, %ymm3
+        vpshufb	%ymm2, %ymm0, %ymm0
+        vpshufb	%ymm3, %ymm1, %ymm1
+        popcntl	%r10d, %r10d
+        popcntl	%ebx, %ebx
+        popcntl	%r11d, %r11d
+        popcntl	%r12d, %r12d
+        vpmulhw	%ymm7, %ymm0, %ymm2
+        vpmulhw	%ymm7, %ymm1, %ymm3
+        vpmullw	%ymm8, %ymm2, %ymm2
+        vpmullw	%ymm8, %ymm3, %ymm3
+        vpsubw	%ymm0, %ymm9, %ymm0
+        vpsubw	%ymm1, %ymm9, %ymm1
+        vpaddw	%ymm2, %ymm0, %ymm0
+        vpaddw	%ymm3, %ymm1, %ymm1
+        vpmovsxwd	%xmm0, %ymm2
+        vpmovsxwd	%xmm1, %ymm3
+        vextracti128	$0x01, %ymm0, %xmm0
+        vextracti128	$0x01, %ymm1, %xmm1
+        vpmovsxwd	%xmm0, %ymm0
+        vpmovsxwd	%xmm1, %ymm1
+        vmovdqu	%ymm2, (%rdx)
+        leaq	(%rdx,%r10,4), %rdx
+        addl	%r10d, %r8d
+        vmovdqu	%ymm0, (%rdx)
+        leaq	(%rdx,%r11,4), %rdx
+        addl	%r11d, %r8d
+        vmovdqu	%ymm3, (%rdx)
+        leaq	(%rdx,%rbx,4), %rdx
+        addl	%ebx, %r8d
+        vmovdqu	%ymm1, (%rdx)
+        leaq	(%rdx,%r12,4), %rdx
+        addl	%r12d, %r8d
+        vpmovzxbd	32(%rdi), %ymm0
+        vpmovzxbd	40(%rdi), %ymm1
+        vpslld	$12, %ymm0, %ymm2
+        vpslld	$12, %ymm1, %ymm3
+        vpor	%ymm2, %ymm0, %ymm0
+        vpor	%ymm3, %ymm1, %ymm1
+        vpand	%ymm6, %ymm0, %ymm0
+        vpand	%ymm6, %ymm1, %ymm1
+        vpcmpgtw	%ymm0, %ymm6, %ymm2
+        vpcmpgtw	%ymm1, %ymm6, %ymm3
+        vpacksswb	%ymm3, %ymm2, %ymm2
+        vpmovmskb	%ymm2, %eax
+        movl	%eax, %r11d
+        movl	%eax, %r12d
+        movzbl	%al, %r10d
+        movzbl	%ah, %ebx
+        shr	$16, %r11
+        shr	$24, %r12
+        andl	$0xff, %r11d
+        shll	$4, %r10d
+        shll	$4, %ebx
+        shll	$4, %r11d
+        shll	$4, %r12d
+        vmovdqu	(%r13,%r10,1), %ymm2
+        vmovdqu	(%r13,%rbx,1), %ymm3
+        vmovdqu	(%r13,%r11,1), %ymm4
+        vmovdqu	(%r13,%r12,1), %ymm5
+        vinserti128	$0x01, %xmm4, %ymm2, %ymm2
+        vinserti128	$0x01, %xmm5, %ymm3, %ymm3
+        vpshufb	%ymm2, %ymm0, %ymm0
+        vpshufb	%ymm3, %ymm1, %ymm1
+        popcntl	%r10d, %r10d
+        popcntl	%ebx, %ebx
+        popcntl	%r11d, %r11d
+        popcntl	%r12d, %r12d
+        vpmulhw	%ymm7, %ymm0, %ymm2
+        vpmulhw	%ymm7, %ymm1, %ymm3
+        vpmullw	%ymm8, %ymm2, %ymm2
+        vpmullw	%ymm8, %ymm3, %ymm3
+        vpsubw	%ymm0, %ymm9, %ymm0
+        vpsubw	%ymm1, %ymm9, %ymm1
+        vpaddw	%ymm2, %ymm0, %ymm0
+        vpaddw	%ymm3, %ymm1, %ymm1
+        vpmovsxwd	%xmm0, %ymm2
+        vpmovsxwd	%xmm1, %ymm3
+        vextracti128	$0x01, %ymm0, %xmm0
+        vextracti128	$0x01, %ymm1, %xmm1
+        vpmovsxwd	%xmm0, %ymm0
+        vpmovsxwd	%xmm1, %ymm1
+        vmovdqu	%ymm2, (%rdx)
+        leaq	(%rdx,%r10,4), %rdx
+        addl	%r10d, %r8d
+        vmovdqu	%ymm0, (%rdx)
+        leaq	(%rdx,%r11,4), %rdx
+        addl	%r11d, %r8d
+        vmovdqu	%ymm3, (%rdx)
+        leaq	(%rdx,%rbx,4), %rdx
+        addl	%ebx, %r8d
+        vmovdqu	%ymm1, (%rdx)
+        leaq	(%rdx,%r12,4), %rdx
+        addl	%r12d, %r8d
+        vpmovzxbd	48(%rdi), %ymm0
+        vpmovzxbd	56(%rdi), %ymm1
+        vpslld	$12, %ymm0, %ymm2
+        vpslld	$12, %ymm1, %ymm3
+        vpor	%ymm2, %ymm0, %ymm0
+        vpor	%ymm3, %ymm1, %ymm1
+        vpand	%ymm6, %ymm0, %ymm0
+        vpand	%ymm6, %ymm1, %ymm1
+        vpcmpgtw	%ymm0, %ymm6, %ymm2
+        vpcmpgtw	%ymm1, %ymm6, %ymm3
+        vpacksswb	%ymm3, %ymm2, %ymm2
+        vpmovmskb	%ymm2, %eax
+        movl	%eax, %r11d
+        movl	%eax, %r12d
+        movzbl	%al, %r10d
+        movzbl	%ah, %ebx
+        shr	$16, %r11
+        shr	$24, %r12
+        andl	$0xff, %r11d
+        shll	$4, %r10d
+        shll	$4, %ebx
+        shll	$4, %r11d
+        shll	$4, %r12d
+        vmovdqu	(%r13,%r10,1), %ymm2
+        vmovdqu	(%r13,%rbx,1), %ymm3
+        vmovdqu	(%r13,%r11,1), %ymm4
+        vmovdqu	(%r13,%r12,1), %ymm5
+        vinserti128	$0x01, %xmm4, %ymm2, %ymm2
+        vinserti128	$0x01, %xmm5, %ymm3, %ymm3
+        vpshufb	%ymm2, %ymm0, %ymm0
+        vpshufb	%ymm3, %ymm1, %ymm1
+        popcntl	%r10d, %r10d
+        popcntl	%ebx, %ebx
+        popcntl	%r11d, %r11d
+        popcntl	%r12d, %r12d
+        vpmulhw	%ymm7, %ymm0, %ymm2
+        vpmulhw	%ymm7, %ymm1, %ymm3
+        vpmullw	%ymm8, %ymm2, %ymm2
+        vpmullw	%ymm8, %ymm3, %ymm3
+        vpsubw	%ymm0, %ymm9, %ymm0
+        vpsubw	%ymm1, %ymm9, %ymm1
+        vpaddw	%ymm2, %ymm0, %ymm0
+        vpaddw	%ymm3, %ymm1, %ymm1
+        vpmovsxwd	%xmm0, %ymm2
+        vpmovsxwd	%xmm1, %ymm3
+        vextracti128	$0x01, %ymm0, %xmm0
+        vextracti128	$0x01, %ymm1, %xmm1
+        vpmovsxwd	%xmm0, %ymm0
+        vpmovsxwd	%xmm1, %ymm1
+        vmovdqu	%ymm2, (%rdx)
+        leaq	(%rdx,%r10,4), %rdx
+        addl	%r10d, %r8d
+        vmovdqu	%ymm0, (%rdx)
+        leaq	(%rdx,%r11,4), %rdx
+        addl	%r11d, %r8d
+        vmovdqu	%ymm3, (%rdx)
+        leaq	(%rdx,%rbx,4), %rdx
+        addl	%ebx, %r8d
+        vmovdqu	%ymm1, (%rdx)
+        leaq	(%rdx,%r12,4), %rdx
+        addl	%r12d, %r8d
+        vpmovzxbd	64(%rdi), %ymm0
+        vpmovzxbd	72(%rdi), %ymm1
+        vpslld	$12, %ymm0, %ymm2
+        vpslld	$12, %ymm1, %ymm3
+        vpor	%ymm2, %ymm0, %ymm0
+        vpor	%ymm3, %ymm1, %ymm1
+        vpand	%ymm6, %ymm0, %ymm0
+        vpand	%ymm6, %ymm1, %ymm1
+        vpcmpgtw	%ymm0, %ymm6, %ymm2
+        vpcmpgtw	%ymm1, %ymm6, %ymm3
+        vpacksswb	%ymm3, %ymm2, %ymm2
+        vpmovmskb	%ymm2, %eax
+        movl	%eax, %r11d
+        movl	%eax, %r12d
+        movzbl	%al, %r10d
+        movzbl	%ah, %ebx
+        shr	$16, %r11
+        shr	$24, %r12
+        andl	$0xff, %r11d
+        shll	$4, %r10d
+        shll	$4, %ebx
+        shll	$4, %r11d
+        shll	$4, %r12d
+        vmovdqu	(%r13,%r10,1), %ymm2
+        vmovdqu	(%r13,%rbx,1), %ymm3
+        vmovdqu	(%r13,%r11,1), %ymm4
+        vmovdqu	(%r13,%r12,1), %ymm5
+        vinserti128	$0x01, %xmm4, %ymm2, %ymm2
+        vinserti128	$0x01, %xmm5, %ymm3, %ymm3
+        vpshufb	%ymm2, %ymm0, %ymm0
+        vpshufb	%ymm3, %ymm1, %ymm1
+        popcntl	%r10d, %r10d
+        popcntl	%ebx, %ebx
+        popcntl	%r11d, %r11d
+        popcntl	%r12d, %r12d
+        vpmulhw	%ymm7, %ymm0, %ymm2
+        vpmulhw	%ymm7, %ymm1, %ymm3
+        vpmullw	%ymm8, %ymm2, %ymm2
+        vpmullw	%ymm8, %ymm3, %ymm3
+        vpsubw	%ymm0, %ymm9, %ymm0
+        vpsubw	%ymm1, %ymm9, %ymm1
+        vpaddw	%ymm2, %ymm0, %ymm0
+        vpaddw	%ymm3, %ymm1, %ymm1
+        vpmovsxwd	%xmm0, %ymm2
+        vpmovsxwd	%xmm1, %ymm3
+        vextracti128	$0x01, %ymm0, %xmm0
+        vextracti128	$0x01, %ymm1, %xmm1
+        vpmovsxwd	%xmm0, %ymm0
+        vpmovsxwd	%xmm1, %ymm1
+        vmovdqu	%ymm2, (%rdx)
+        leaq	(%rdx,%r10,4), %rdx
+        addl	%r10d, %r8d
+        vmovdqu	%ymm0, (%rdx)
+        leaq	(%rdx,%r11,4), %rdx
+        addl	%r11d, %r8d
+        vmovdqu	%ymm3, (%rdx)
+        leaq	(%rdx,%rbx,4), %rdx
+        addl	%ebx, %r8d
+        vmovdqu	%ymm1, (%rdx)
+        leaq	(%rdx,%r12,4), %rdx
+        addl	%r12d, %r8d
+        vpmovzxbd	80(%rdi), %ymm0
+        vpmovzxbd	88(%rdi), %ymm1
+        vpslld	$12, %ymm0, %ymm2
+        vpslld	$12, %ymm1, %ymm3
+        vpor	%ymm2, %ymm0, %ymm0
+        vpor	%ymm3, %ymm1, %ymm1
+        vpand	%ymm6, %ymm0, %ymm0
+        vpand	%ymm6, %ymm1, %ymm1
+        vpcmpgtw	%ymm0, %ymm6, %ymm2
+        vpcmpgtw	%ymm1, %ymm6, %ymm3
+        vpacksswb	%ymm3, %ymm2, %ymm2
+        vpmovmskb	%ymm2, %eax
+        movl	%eax, %r11d
+        movl	%eax, %r12d
+        movzbl	%al, %r10d
+        movzbl	%ah, %ebx
+        shr	$16, %r11
+        shr	$24, %r12
+        andl	$0xff, %r11d
+        shll	$4, %r10d
+        shll	$4, %ebx
+        shll	$4, %r11d
+        shll	$4, %r12d
+        vmovdqu	(%r13,%r10,1), %ymm2
+        vmovdqu	(%r13,%rbx,1), %ymm3
+        vmovdqu	(%r13,%r11,1), %ymm4
+        vmovdqu	(%r13,%r12,1), %ymm5
+        vinserti128	$0x01, %xmm4, %ymm2, %ymm2
+        vinserti128	$0x01, %xmm5, %ymm3, %ymm3
+        vpshufb	%ymm2, %ymm0, %ymm0
+        vpshufb	%ymm3, %ymm1, %ymm1
+        popcntl	%r10d, %r10d
+        popcntl	%ebx, %ebx
+        popcntl	%r11d, %r11d
+        popcntl	%r12d, %r12d
+        vpmulhw	%ymm7, %ymm0, %ymm2
+        vpmulhw	%ymm7, %ymm1, %ymm3
+        vpmullw	%ymm8, %ymm2, %ymm2
+        vpmullw	%ymm8, %ymm3, %ymm3
+        vpsubw	%ymm0, %ymm9, %ymm0
+        vpsubw	%ymm1, %ymm9, %ymm1
+        vpaddw	%ymm2, %ymm0, %ymm0
+        vpaddw	%ymm3, %ymm1, %ymm1
+        vpmovsxwd	%xmm0, %ymm2
+        vpmovsxwd	%xmm1, %ymm3
+        vextracti128	$0x01, %ymm0, %xmm0
+        vextracti128	$0x01, %ymm1, %xmm1
+        vpmovsxwd	%xmm0, %ymm0
+        vpmovsxwd	%xmm1, %ymm1
+        vmovdqu	%ymm2, (%rdx)
+        leaq	(%rdx,%r10,4), %rdx
+        addl	%r10d, %r8d
+        vmovdqu	%ymm0, (%rdx)
+        leaq	(%rdx,%r11,4), %rdx
+        addl	%r11d, %r8d
+        vmovdqu	%ymm3, (%rdx)
+        leaq	(%rdx,%rbx,4), %rdx
+        addl	%ebx, %r8d
+        vmovdqu	%ymm1, (%rdx)
+        leaq	(%rdx,%r12,4), %rdx
+        addl	%r12d, %r8d
+        vpmovzxbd	96(%rdi), %ymm0
+        vpmovzxbd	104(%rdi), %ymm1
+        vpslld	$12, %ymm0, %ymm2
+        vpslld	$12, %ymm1, %ymm3
+        vpor	%ymm2, %ymm0, %ymm0
+        vpor	%ymm3, %ymm1, %ymm1
+        vpand	%ymm6, %ymm0, %ymm0
+        vpand	%ymm6, %ymm1, %ymm1
+        vpcmpgtw	%ymm0, %ymm6, %ymm2
+        vpcmpgtw	%ymm1, %ymm6, %ymm3
+        vpacksswb	%ymm3, %ymm2, %ymm2
+        vpmovmskb	%ymm2, %eax
+        movl	%eax, %r11d
+        movl	%eax, %r12d
+        movzbl	%al, %r10d
+        movzbl	%ah, %ebx
+        shr	$16, %r11
+        shr	$24, %r12
+        andl	$0xff, %r11d
+        shll	$4, %r10d
+        shll	$4, %ebx
+        shll	$4, %r11d
+        shll	$4, %r12d
+        vmovdqu	(%r13,%r10,1), %ymm2
+        vmovdqu	(%r13,%rbx,1), %ymm3
+        vmovdqu	(%r13,%r11,1), %ymm4
+        vmovdqu	(%r13,%r12,1), %ymm5
+        vinserti128	$0x01, %xmm4, %ymm2, %ymm2
+        vinserti128	$0x01, %xmm5, %ymm3, %ymm3
+        vpshufb	%ymm2, %ymm0, %ymm0
+        vpshufb	%ymm3, %ymm1, %ymm1
+        popcntl	%r10d, %r10d
+        popcntl	%ebx, %ebx
+        popcntl	%r11d, %r11d
+        popcntl	%r12d, %r12d
+        vpmulhw	%ymm7, %ymm0, %ymm2
+        vpmulhw	%ymm7, %ymm1, %ymm3
+        vpmullw	%ymm8, %ymm2, %ymm2
+        vpmullw	%ymm8, %ymm3, %ymm3
+        vpsubw	%ymm0, %ymm9, %ymm0
+        vpsubw	%ymm1, %ymm9, %ymm1
+        vpaddw	%ymm2, %ymm0, %ymm0
+        vpaddw	%ymm3, %ymm1, %ymm1
+        vpmovsxwd	%xmm0, %ymm2
+        vpmovsxwd	%xmm1, %ymm3
+        vextracti128	$0x01, %ymm0, %xmm0
+        vextracti128	$0x01, %ymm1, %xmm1
+        vpmovsxwd	%xmm0, %ymm0
+        vpmovsxwd	%xmm1, %ymm1
+        vmovdqu	%ymm2, (%rdx)
+        leaq	(%rdx,%r10,4), %rdx
+        addl	%r10d, %r8d
+        vmovdqu	%ymm0, (%rdx)
+        leaq	(%rdx,%r11,4), %rdx
+        addl	%r11d, %r8d
+        vmovdqu	%ymm3, (%rdx)
+        leaq	(%rdx,%rbx,4), %rdx
+        addl	%ebx, %r8d
+        vmovdqu	%ymm1, (%rdx)
+        leaq	(%rdx,%r12,4), %rdx
+        addl	%r12d, %r8d
+        vpmovzxbd	112(%rdi), %ymm0
+        vpmovzxbd	120(%rdi), %ymm1
+        vpslld	$12, %ymm0, %ymm2
+        vpslld	$12, %ymm1, %ymm3
+        vpor	%ymm2, %ymm0, %ymm0
+        vpor	%ymm3, %ymm1, %ymm1
+        vpand	%ymm6, %ymm0, %ymm0
+        vpand	%ymm6, %ymm1, %ymm1
+        vpcmpgtw	%ymm0, %ymm6, %ymm2
+        vpcmpgtw	%ymm1, %ymm6, %ymm3
+        vpacksswb	%ymm3, %ymm2, %ymm2
+        vpmovmskb	%ymm2, %eax
+        movl	%eax, %r11d
+        movl	%eax, %r12d
+        movzbl	%al, %r10d
+        movzbl	%ah, %ebx
+        shr	$16, %r11
+        shr	$24, %r12
+        andl	$0xff, %r11d
+        shll	$4, %r10d
+        shll	$4, %ebx
+        shll	$4, %r11d
+        shll	$4, %r12d
+        vmovdqu	(%r13,%r10,1), %ymm2
+        vmovdqu	(%r13,%rbx,1), %ymm3
+        vmovdqu	(%r13,%r11,1), %ymm4
+        vmovdqu	(%r13,%r12,1), %ymm5
+        vinserti128	$0x01, %xmm4, %ymm2, %ymm2
+        vinserti128	$0x01, %xmm5, %ymm3, %ymm3
+        vpshufb	%ymm2, %ymm0, %ymm0
+        vpshufb	%ymm3, %ymm1, %ymm1
+        popcntl	%r10d, %r10d
+        popcntl	%ebx, %ebx
+        popcntl	%r11d, %r11d
+        popcntl	%r12d, %r12d
+        vpmulhw	%ymm7, %ymm0, %ymm2
+        vpmulhw	%ymm7, %ymm1, %ymm3
+        vpmullw	%ymm8, %ymm2, %ymm2
+        vpmullw	%ymm8, %ymm3, %ymm3
+        vpsubw	%ymm0, %ymm9, %ymm0
+        vpsubw	%ymm1, %ymm9, %ymm1
+        vpaddw	%ymm2, %ymm0, %ymm0
+        vpaddw	%ymm3, %ymm1, %ymm1
+        vpmovsxwd	%xmm0, %ymm2
+        vpmovsxwd	%xmm1, %ymm3
+        vextracti128	$0x01, %ymm0, %xmm0
+        vextracti128	$0x01, %ymm1, %xmm1
+        vpmovsxwd	%xmm0, %ymm0
+        vpmovsxwd	%xmm1, %ymm1
+        vmovdqu	%ymm2, (%rdx)
+        leaq	(%rdx,%r10,4), %rdx
+        addl	%r10d, %r8d
+        vmovdqu	%ymm0, (%rdx)
+        leaq	(%rdx,%r11,4), %rdx
+        addl	%r11d, %r8d
+        vmovdqu	%ymm3, (%rdx)
+        leaq	(%rdx,%rbx,4), %rdx
+        addl	%ebx, %r8d
+        vmovdqu	%ymm1, (%rdx)
+        leaq	(%rdx,%r12,4), %rdx
+        addl	%r12d, %r8d
+        subl	$0x80, %esi
+        addq	$0x80, %rdi
+L_mldsa_extract_coeffs_eta2_less_than_256:
+        cmpl	$0xf0, %r8d
+        jg	L_mldsa_extract_coeffs_eta2_less_than_ymm
+L_mldsa_extract_coeffs_eta2_start_one_ymm:
+        vpmovzxbd	(%rdi), %ymm0
+        vpslld	$12, %ymm0, %ymm2
+        vpor	%ymm2, %ymm0, %ymm0
+        vpand	%ymm6, %ymm0, %ymm0
+        vpcmpgtw	%ymm0, %ymm6, %ymm2
+        vpacksswb	%ymm2, %ymm2, %ymm2
+        vpmovmskb	%ymm2, %eax
+        movl	%eax, %r11d
+        movzbl	%al, %r10d
+        shr	$16, %r11
+        andl	$0xff, %r11d
+        shll	$4, %r10d
+        shll	$4, %r11d
+        vmovdqu	(%r13,%r10,1), %ymm2
+        vmovdqu	(%r13,%r11,1), %ymm4
+        vinserti128	$0x01, %xmm4, %ymm2, %ymm2
+        vpshufb	%ymm2, %ymm0, %ymm0
+        popcntl	%r10d, %r10d
+        popcntl	%r11d, %r11d
+        vpmulhw	%ymm7, %ymm0, %ymm2
+        vpmullw	%ymm8, %ymm2, %ymm2
+        vpsubw	%ymm0, %ymm9, %ymm0
+        vpaddw	%ymm2, %ymm0, %ymm0
+        vpmovsxwd	%xmm0, %ymm2
+        vextracti128	$0x01, %ymm0, %xmm0
+        vpmovsxwd	%xmm0, %ymm0
+        vmovdqu	%ymm2, (%rdx)
+        leaq	(%rdx,%r10,4), %rdx
+        addl	%r10d, %r8d
+        vmovdqu	%ymm0, (%rdx)
+        leaq	(%rdx,%r11,4), %rdx
+        addl	%r11d, %r8d
+        subl	$8, %esi
+        addq	$8, %rdi
+        cmpl	$8, %esi
+        jl	L_mldsa_extract_coeffs_eta2_less_than_ymm
+        cmpl	$0xf0, %r8d
+        jle	L_mldsa_extract_coeffs_eta2_start_one_ymm
+L_mldsa_extract_coeffs_eta2_less_than_ymm:
+        cmpl	$0x100, %r8d
+        je	L_mldsa_extract_coeffs_eta2_done
+L_mldsa_extract_coeffs_eta2_start_byte:
+        leaq	L_mldsa_extract_coeffs_eta2_nibble_table(%rip), %r13
+        cmpl	$0x00, %esi
+        je	L_mldsa_extract_coeffs_eta2_done
+        movzbl	(%rdi), %ebx
+        addq	$0x01, %rdi
+        subl	$0x01, %esi
+        movl	%ebx, %eax
+        shrl	$4, %eax
+        andb	$15, %bl
+        xorq	%r11, %r11
+        cmpb	$15, %bl
+        adcl	$0x00, %r11d
+        movl	(%r13,%rbx,4), %r12d
+        movl	%r12d, (%rdx)
+        addl	%r11d, %r8d
+        shl	$2, %r11d
+        addq	%r11, %rdx
+        cmpl	$0x100, %r8d
+        je	L_mldsa_extract_coeffs_eta2_done
+        xorq	%r11, %r11
+        cmpb	$15, %al
+        adcl	$0x00, %r11d
+        movl	(%r13,%rax,4), %r12d
+        movl	%r12d, (%rdx)
+        addl	%r11d, %r8d
+        shl	$2, %r11d
+        addq	%r11, %rdx
+        cmpl	$0x100, %r8d
+        je	L_mldsa_extract_coeffs_eta2_done
+        jmp	L_mldsa_extract_coeffs_eta2_start_byte
+L_mldsa_extract_coeffs_eta2_done:
+        movl	%r8d, (%rcx)
+        vzeroupper
+        popq	%r13
+        popq	%r12
+        popq	%rbx
+        repz retq
+#ifndef __APPLE__
+.size	wc_mldsa_extract_coeffs_eta2_avx2,.-wc_mldsa_extract_coeffs_eta2_avx2
+#endif /* __APPLE__ */
+#ifndef __APPLE__
+.data
+#else
+.section	__DATA,__data
+#endif /* __APPLE__ */
+#ifndef __APPLE__
+.align	16
+#else
+.p2align	4
+#endif /* __APPLE__ */
+L_mldsa_extract_coeffs_eta4_mask_nibbles:
+.value	0x000f,0x000f
+.value	0x000f,0x000f
+.value	0x000f,0x000f
+.value	0x000f,0x000f
+.value	0x000f,0x000f
+.value	0x000f,0x000f
+.value	0x000f,0x000f
+.value	0x000f,0x000f
+#ifndef __APPLE__
+.data
+#else
+.section	__DATA,__data
+#endif /* __APPLE__ */
+#ifndef __APPLE__
+.align	16
+#else
+.p2align	4
+#endif /* __APPLE__ */
+L_mldsa_extract_coeffs_eta4_nine:
+.value	0x0009,0x0009
+.value	0x0009,0x0009
+.value	0x0009,0x0009
+.value	0x0009,0x0009
+.value	0x0009,0x0009
+.value	0x0009,0x0009
+.value	0x0009,0x0009
+.value	0x0009,0x0009
+#ifndef __APPLE__
+.data
+#else
+.section	__DATA,__data
+#endif /* __APPLE__ */
+#ifndef __APPLE__
+.align	16
+#else
+.p2align	4
+#endif /* __APPLE__ */
+L_mldsa_extract_coeffs_eta4_four:
+.value	0x0004,0x0004
+.value	0x0004,0x0004
+.value	0x0004,0x0004
+.value	0x0004,0x0004
+.value	0x0004,0x0004
+.value	0x0004,0x0004
+.value	0x0004,0x0004
+.value	0x0004,0x0004
+#ifndef __APPLE__
+.text
+.globl	wc_mldsa_extract_coeffs_eta4_avx2
+.type	wc_mldsa_extract_coeffs_eta4_avx2,@function
+.align	16
+wc_mldsa_extract_coeffs_eta4_avx2:
+#else
+.section	__TEXT,__text
+.globl	_wc_mldsa_extract_coeffs_eta4_avx2
+.p2align	4
+_wc_mldsa_extract_coeffs_eta4_avx2:
+#endif /* __APPLE__ */
+        pushq	%rbx
+        pushq	%r12
+        pushq	%r13
+        vmovdqu	L_mldsa_extract_coeffs_eta4_mask_nibbles(%rip), %ymm6
+        vmovdqu	L_mldsa_extract_coeffs_eta4_nine(%rip), %ymm7
+        vmovdqu	L_mldsa_extract_coeffs_eta4_four(%rip), %ymm8
+        leaq	L_mldsa_shufb_rej_idx(%rip), %r13
+        movl	(%rcx), %r8d
+        cmpl	$0x00, %r8d
+        jne	L_mldsa_extract_coeffs_eta4_less_than_256
+        vpmovzxbd	(%rdi), %ymm0
+        vpmovzxbd	8(%rdi), %ymm1
+        vpslld	$12, %ymm0, %ymm2
+        vpslld	$12, %ymm1, %ymm3
+        vpor	%ymm2, %ymm0, %ymm0
+        vpor	%ymm3, %ymm1, %ymm1
+        vpand	%ymm6, %ymm0, %ymm0
+        vpand	%ymm6, %ymm1, %ymm1
+        vpcmpgtw	%ymm0, %ymm7, %ymm2
+        vpcmpgtw	%ymm1, %ymm7, %ymm3
+        vpacksswb	%ymm3, %ymm2, %ymm2
+        vpmovmskb	%ymm2, %eax
+        movl	%eax, %r11d
+        movl	%eax, %r12d
+        movzbl	%al, %r10d
+        movzbl	%ah, %ebx
+        shr	$16, %r11
+        shr	$24, %r12
+        andl	$0xff, %r11d
+        shll	$4, %r10d
+        shll	$4, %ebx
+        shll	$4, %r11d
+        shll	$4, %r12d
+        vmovdqu	(%r13,%r10,1), %xmm2
+        vmovdqu	(%r13,%rbx,1), %xmm3
+        vmovdqu	(%r13,%r11,1), %xmm4
+        vmovdqu	(%r13,%r12,1), %xmm5
+        vinserti128	$0x01, %xmm4, %ymm2, %ymm2
+        vinserti128	$0x01, %xmm5, %ymm3, %ymm3
+        vpshufb	%ymm2, %ymm0, %ymm0
+        vpshufb	%ymm3, %ymm1, %ymm1
+        popcntl	%r10d, %r10d
+        popcntl	%ebx, %ebx
+        popcntl	%r11d, %r11d
+        popcntl	%r12d, %r12d
+        vpsubw	%ymm0, %ymm8, %ymm0
+        vpsubw	%ymm1, %ymm8, %ymm1
+        vpmovsxwd	%xmm0, %ymm2
+        vpmovsxwd	%xmm1, %ymm3
+        vextracti128	$0x01, %ymm0, %xmm0
+        vextracti128	$0x01, %ymm1, %xmm1
+        vpmovsxwd	%xmm0, %ymm0
+        vpmovsxwd	%xmm1, %ymm1
+        vmovdqu	%ymm2, (%rdx)
+        leaq	(%rdx,%r10,4), %rdx
+        addl	%r10d, %r8d
+        vmovdqu	%ymm0, (%rdx)
+        leaq	(%rdx,%r11,4), %rdx
+        addl	%r11d, %r8d
+        vmovdqu	%ymm3, (%rdx)
+        leaq	(%rdx,%rbx,4), %rdx
+        addl	%ebx, %r8d
+        vmovdqu	%ymm1, (%rdx)
+        leaq	(%rdx,%r12,4), %rdx
+        addl	%r12d, %r8d
+        vpmovzxbd	16(%rdi), %ymm0
+        vpmovzxbd	24(%rdi), %ymm1
+        vpslld	$12, %ymm0, %ymm2
+        vpslld	$12, %ymm1, %ymm3
+        vpor	%ymm2, %ymm0, %ymm0
+        vpor	%ymm3, %ymm1, %ymm1
+        vpand	%ymm6, %ymm0, %ymm0
+        vpand	%ymm6, %ymm1, %ymm1
+        vpcmpgtw	%ymm0, %ymm7, %ymm2
+        vpcmpgtw	%ymm1, %ymm7, %ymm3
+        vpacksswb	%ymm3, %ymm2, %ymm2
+        vpmovmskb	%ymm2, %eax
+        movl	%eax, %r11d
+        movl	%eax, %r12d
+        movzbl	%al, %r10d
+        movzbl	%ah, %ebx
+        shr	$16, %r11
+        shr	$24, %r12
+        andl	$0xff, %r11d
+        shll	$4, %r10d
+        shll	$4, %ebx
+        shll	$4, %r11d
+        shll	$4, %r12d
+        vmovdqu	(%r13,%r10,1), %xmm2
+        vmovdqu	(%r13,%rbx,1), %xmm3
+        vmovdqu	(%r13,%r11,1), %xmm4
+        vmovdqu	(%r13,%r12,1), %xmm5
+        vinserti128	$0x01, %xmm4, %ymm2, %ymm2
+        vinserti128	$0x01, %xmm5, %ymm3, %ymm3
+        vpshufb	%ymm2, %ymm0, %ymm0
+        vpshufb	%ymm3, %ymm1, %ymm1
+        popcntl	%r10d, %r10d
+        popcntl	%ebx, %ebx
+        popcntl	%r11d, %r11d
+        popcntl	%r12d, %r12d
+        vpsubw	%ymm0, %ymm8, %ymm0
+        vpsubw	%ymm1, %ymm8, %ymm1
+        vpmovsxwd	%xmm0, %ymm2
+        vpmovsxwd	%xmm1, %ymm3
+        vextracti128	$0x01, %ymm0, %xmm0
+        vextracti128	$0x01, %ymm1, %xmm1
+        vpmovsxwd	%xmm0, %ymm0
+        vpmovsxwd	%xmm1, %ymm1
+        vmovdqu	%ymm2, (%rdx)
+        leaq	(%rdx,%r10,4), %rdx
+        addl	%r10d, %r8d
+        vmovdqu	%ymm0, (%rdx)
+        leaq	(%rdx,%r11,4), %rdx
+        addl	%r11d, %r8d
+        vmovdqu	%ymm3, (%rdx)
+        leaq	(%rdx,%rbx,4), %rdx
+        addl	%ebx, %r8d
+        vmovdqu	%ymm1, (%rdx)
+        leaq	(%rdx,%r12,4), %rdx
+        addl	%r12d, %r8d
+        vpmovzxbd	32(%rdi), %ymm0
+        vpmovzxbd	40(%rdi), %ymm1
+        vpslld	$12, %ymm0, %ymm2
+        vpslld	$12, %ymm1, %ymm3
+        vpor	%ymm2, %ymm0, %ymm0
+        vpor	%ymm3, %ymm1, %ymm1
+        vpand	%ymm6, %ymm0, %ymm0
+        vpand	%ymm6, %ymm1, %ymm1
+        vpcmpgtw	%ymm0, %ymm7, %ymm2
+        vpcmpgtw	%ymm1, %ymm7, %ymm3
+        vpacksswb	%ymm3, %ymm2, %ymm2
+        vpmovmskb	%ymm2, %eax
+        movl	%eax, %r11d
+        movl	%eax, %r12d
+        movzbl	%al, %r10d
+        movzbl	%ah, %ebx
+        shr	$16, %r11
+        shr	$24, %r12
+        andl	$0xff, %r11d
+        shll	$4, %r10d
+        shll	$4, %ebx
+        shll	$4, %r11d
+        shll	$4, %r12d
+        vmovdqu	(%r13,%r10,1), %xmm2
+        vmovdqu	(%r13,%rbx,1), %xmm3
+        vmovdqu	(%r13,%r11,1), %xmm4
+        vmovdqu	(%r13,%r12,1), %xmm5
+        vinserti128	$0x01, %xmm4, %ymm2, %ymm2
+        vinserti128	$0x01, %xmm5, %ymm3, %ymm3
+        vpshufb	%ymm2, %ymm0, %ymm0
+        vpshufb	%ymm3, %ymm1, %ymm1
+        popcntl	%r10d, %r10d
+        popcntl	%ebx, %ebx
+        popcntl	%r11d, %r11d
+        popcntl	%r12d, %r12d
+        vpsubw	%ymm0, %ymm8, %ymm0
+        vpsubw	%ymm1, %ymm8, %ymm1
+        vpmovsxwd	%xmm0, %ymm2
+        vpmovsxwd	%xmm1, %ymm3
+        vextracti128	$0x01, %ymm0, %xmm0
+        vextracti128	$0x01, %ymm1, %xmm1
+        vpmovsxwd	%xmm0, %ymm0
+        vpmovsxwd	%xmm1, %ymm1
+        vmovdqu	%ymm2, (%rdx)
+        leaq	(%rdx,%r10,4), %rdx
+        addl	%r10d, %r8d
+        vmovdqu	%ymm0, (%rdx)
+        leaq	(%rdx,%r11,4), %rdx
+        addl	%r11d, %r8d
+        vmovdqu	%ymm3, (%rdx)
+        leaq	(%rdx,%rbx,4), %rdx
+        addl	%ebx, %r8d
+        vmovdqu	%ymm1, (%rdx)
+        leaq	(%rdx,%r12,4), %rdx
+        addl	%r12d, %r8d
+        vpmovzxbd	48(%rdi), %ymm0
+        vpmovzxbd	56(%rdi), %ymm1
+        vpslld	$12, %ymm0, %ymm2
+        vpslld	$12, %ymm1, %ymm3
+        vpor	%ymm2, %ymm0, %ymm0
+        vpor	%ymm3, %ymm1, %ymm1
+        vpand	%ymm6, %ymm0, %ymm0
+        vpand	%ymm6, %ymm1, %ymm1
+        vpcmpgtw	%ymm0, %ymm7, %ymm2
+        vpcmpgtw	%ymm1, %ymm7, %ymm3
+        vpacksswb	%ymm3, %ymm2, %ymm2
+        vpmovmskb	%ymm2, %eax
+        movl	%eax, %r11d
+        movl	%eax, %r12d
+        movzbl	%al, %r10d
+        movzbl	%ah, %ebx
+        shr	$16, %r11
+        shr	$24, %r12
+        andl	$0xff, %r11d
+        shll	$4, %r10d
+        shll	$4, %ebx
+        shll	$4, %r11d
+        shll	$4, %r12d
+        vmovdqu	(%r13,%r10,1), %xmm2
+        vmovdqu	(%r13,%rbx,1), %xmm3
+        vmovdqu	(%r13,%r11,1), %xmm4
+        vmovdqu	(%r13,%r12,1), %xmm5
+        vinserti128	$0x01, %xmm4, %ymm2, %ymm2
+        vinserti128	$0x01, %xmm5, %ymm3, %ymm3
+        vpshufb	%ymm2, %ymm0, %ymm0
+        vpshufb	%ymm3, %ymm1, %ymm1
+        popcntl	%r10d, %r10d
+        popcntl	%ebx, %ebx
+        popcntl	%r11d, %r11d
+        popcntl	%r12d, %r12d
+        vpsubw	%ymm0, %ymm8, %ymm0
+        vpsubw	%ymm1, %ymm8, %ymm1
+        vpmovsxwd	%xmm0, %ymm2
+        vpmovsxwd	%xmm1, %ymm3
+        vextracti128	$0x01, %ymm0, %xmm0
+        vextracti128	$0x01, %ymm1, %xmm1
+        vpmovsxwd	%xmm0, %ymm0
+        vpmovsxwd	%xmm1, %ymm1
+        vmovdqu	%ymm2, (%rdx)
+        leaq	(%rdx,%r10,4), %rdx
+        addl	%r10d, %r8d
+        vmovdqu	%ymm0, (%rdx)
+        leaq	(%rdx,%r11,4), %rdx
+        addl	%r11d, %r8d
+        vmovdqu	%ymm3, (%rdx)
+        leaq	(%rdx,%rbx,4), %rdx
+        addl	%ebx, %r8d
+        vmovdqu	%ymm1, (%rdx)
+        leaq	(%rdx,%r12,4), %rdx
+        addl	%r12d, %r8d
+        vpmovzxbd	64(%rdi), %ymm0
+        vpmovzxbd	72(%rdi), %ymm1
+        vpslld	$12, %ymm0, %ymm2
+        vpslld	$12, %ymm1, %ymm3
+        vpor	%ymm2, %ymm0, %ymm0
+        vpor	%ymm3, %ymm1, %ymm1
+        vpand	%ymm6, %ymm0, %ymm0
+        vpand	%ymm6, %ymm1, %ymm1
+        vpcmpgtw	%ymm0, %ymm7, %ymm2
+        vpcmpgtw	%ymm1, %ymm7, %ymm3
+        vpacksswb	%ymm3, %ymm2, %ymm2
+        vpmovmskb	%ymm2, %eax
+        movl	%eax, %r11d
+        movl	%eax, %r12d
+        movzbl	%al, %r10d
+        movzbl	%ah, %ebx
+        shr	$16, %r11
+        shr	$24, %r12
+        andl	$0xff, %r11d
+        shll	$4, %r10d
+        shll	$4, %ebx
+        shll	$4, %r11d
+        shll	$4, %r12d
+        vmovdqu	(%r13,%r10,1), %xmm2
+        vmovdqu	(%r13,%rbx,1), %xmm3
+        vmovdqu	(%r13,%r11,1), %xmm4
+        vmovdqu	(%r13,%r12,1), %xmm5
+        vinserti128	$0x01, %xmm4, %ymm2, %ymm2
+        vinserti128	$0x01, %xmm5, %ymm3, %ymm3
+        vpshufb	%ymm2, %ymm0, %ymm0
+        vpshufb	%ymm3, %ymm1, %ymm1
+        popcntl	%r10d, %r10d
+        popcntl	%ebx, %ebx
+        popcntl	%r11d, %r11d
+        popcntl	%r12d, %r12d
+        vpsubw	%ymm0, %ymm8, %ymm0
+        vpsubw	%ymm1, %ymm8, %ymm1
+        vpmovsxwd	%xmm0, %ymm2
+        vpmovsxwd	%xmm1, %ymm3
+        vextracti128	$0x01, %ymm0, %xmm0
+        vextracti128	$0x01, %ymm1, %xmm1
+        vpmovsxwd	%xmm0, %ymm0
+        vpmovsxwd	%xmm1, %ymm1
+        vmovdqu	%ymm2, (%rdx)
+        leaq	(%rdx,%r10,4), %rdx
+        addl	%r10d, %r8d
+        vmovdqu	%ymm0, (%rdx)
+        leaq	(%rdx,%r11,4), %rdx
+        addl	%r11d, %r8d
+        vmovdqu	%ymm3, (%rdx)
+        leaq	(%rdx,%rbx,4), %rdx
+        addl	%ebx, %r8d
+        vmovdqu	%ymm1, (%rdx)
+        leaq	(%rdx,%r12,4), %rdx
+        addl	%r12d, %r8d
+        vpmovzxbd	80(%rdi), %ymm0
+        vpmovzxbd	88(%rdi), %ymm1
+        vpslld	$12, %ymm0, %ymm2
+        vpslld	$12, %ymm1, %ymm3
+        vpor	%ymm2, %ymm0, %ymm0
+        vpor	%ymm3, %ymm1, %ymm1
+        vpand	%ymm6, %ymm0, %ymm0
+        vpand	%ymm6, %ymm1, %ymm1
+        vpcmpgtw	%ymm0, %ymm7, %ymm2
+        vpcmpgtw	%ymm1, %ymm7, %ymm3
+        vpacksswb	%ymm3, %ymm2, %ymm2
+        vpmovmskb	%ymm2, %eax
+        movl	%eax, %r11d
+        movl	%eax, %r12d
+        movzbl	%al, %r10d
+        movzbl	%ah, %ebx
+        shr	$16, %r11
+        shr	$24, %r12
+        andl	$0xff, %r11d
+        shll	$4, %r10d
+        shll	$4, %ebx
+        shll	$4, %r11d
+        shll	$4, %r12d
+        vmovdqu	(%r13,%r10,1), %xmm2
+        vmovdqu	(%r13,%rbx,1), %xmm3
+        vmovdqu	(%r13,%r11,1), %xmm4
+        vmovdqu	(%r13,%r12,1), %xmm5
+        vinserti128	$0x01, %xmm4, %ymm2, %ymm2
+        vinserti128	$0x01, %xmm5, %ymm3, %ymm3
+        vpshufb	%ymm2, %ymm0, %ymm0
+        vpshufb	%ymm3, %ymm1, %ymm1
+        popcntl	%r10d, %r10d
+        popcntl	%ebx, %ebx
+        popcntl	%r11d, %r11d
+        popcntl	%r12d, %r12d
+        vpsubw	%ymm0, %ymm8, %ymm0
+        vpsubw	%ymm1, %ymm8, %ymm1
+        vpmovsxwd	%xmm0, %ymm2
+        vpmovsxwd	%xmm1, %ymm3
+        vextracti128	$0x01, %ymm0, %xmm0
+        vextracti128	$0x01, %ymm1, %xmm1
+        vpmovsxwd	%xmm0, %ymm0
+        vpmovsxwd	%xmm1, %ymm1
+        vmovdqu	%ymm2, (%rdx)
+        leaq	(%rdx,%r10,4), %rdx
+        addl	%r10d, %r8d
+        vmovdqu	%ymm0, (%rdx)
+        leaq	(%rdx,%r11,4), %rdx
+        addl	%r11d, %r8d
+        vmovdqu	%ymm3, (%rdx)
+        leaq	(%rdx,%rbx,4), %rdx
+        addl	%ebx, %r8d
+        vmovdqu	%ymm1, (%rdx)
+        leaq	(%rdx,%r12,4), %rdx
+        addl	%r12d, %r8d
+        vpmovzxbd	96(%rdi), %ymm0
+        vpmovzxbd	104(%rdi), %ymm1
+        vpslld	$12, %ymm0, %ymm2
+        vpslld	$12, %ymm1, %ymm3
+        vpor	%ymm2, %ymm0, %ymm0
+        vpor	%ymm3, %ymm1, %ymm1
+        vpand	%ymm6, %ymm0, %ymm0
+        vpand	%ymm6, %ymm1, %ymm1
+        vpcmpgtw	%ymm0, %ymm7, %ymm2
+        vpcmpgtw	%ymm1, %ymm7, %ymm3
+        vpacksswb	%ymm3, %ymm2, %ymm2
+        vpmovmskb	%ymm2, %eax
+        movl	%eax, %r11d
+        movl	%eax, %r12d
+        movzbl	%al, %r10d
+        movzbl	%ah, %ebx
+        shr	$16, %r11
+        shr	$24, %r12
+        andl	$0xff, %r11d
+        shll	$4, %r10d
+        shll	$4, %ebx
+        shll	$4, %r11d
+        shll	$4, %r12d
+        vmovdqu	(%r13,%r10,1), %xmm2
+        vmovdqu	(%r13,%rbx,1), %xmm3
+        vmovdqu	(%r13,%r11,1), %xmm4
+        vmovdqu	(%r13,%r12,1), %xmm5
+        vinserti128	$0x01, %xmm4, %ymm2, %ymm2
+        vinserti128	$0x01, %xmm5, %ymm3, %ymm3
+        vpshufb	%ymm2, %ymm0, %ymm0
+        vpshufb	%ymm3, %ymm1, %ymm1
+        popcntl	%r10d, %r10d
+        popcntl	%ebx, %ebx
+        popcntl	%r11d, %r11d
+        popcntl	%r12d, %r12d
+        vpsubw	%ymm0, %ymm8, %ymm0
+        vpsubw	%ymm1, %ymm8, %ymm1
+        vpmovsxwd	%xmm0, %ymm2
+        vpmovsxwd	%xmm1, %ymm3
+        vextracti128	$0x01, %ymm0, %xmm0
+        vextracti128	$0x01, %ymm1, %xmm1
+        vpmovsxwd	%xmm0, %ymm0
+        vpmovsxwd	%xmm1, %ymm1
+        vmovdqu	%ymm2, (%rdx)
+        leaq	(%rdx,%r10,4), %rdx
+        addl	%r10d, %r8d
+        vmovdqu	%ymm0, (%rdx)
+        leaq	(%rdx,%r11,4), %rdx
+        addl	%r11d, %r8d
+        vmovdqu	%ymm3, (%rdx)
+        leaq	(%rdx,%rbx,4), %rdx
+        addl	%ebx, %r8d
+        vmovdqu	%ymm1, (%rdx)
+        leaq	(%rdx,%r12,4), %rdx
+        addl	%r12d, %r8d
+        vpmovzxbd	112(%rdi), %ymm0
+        vpmovzxbd	120(%rdi), %ymm1
+        vpslld	$12, %ymm0, %ymm2
+        vpslld	$12, %ymm1, %ymm3
+        vpor	%ymm2, %ymm0, %ymm0
+        vpor	%ymm3, %ymm1, %ymm1
+        vpand	%ymm6, %ymm0, %ymm0
+        vpand	%ymm6, %ymm1, %ymm1
+        vpcmpgtw	%ymm0, %ymm7, %ymm2
+        vpcmpgtw	%ymm1, %ymm7, %ymm3
+        vpacksswb	%ymm3, %ymm2, %ymm2
+        vpmovmskb	%ymm2, %eax
+        movl	%eax, %r11d
+        movl	%eax, %r12d
+        movzbl	%al, %r10d
+        movzbl	%ah, %ebx
+        shr	$16, %r11
+        shr	$24, %r12
+        andl	$0xff, %r11d
+        shll	$4, %r10d
+        shll	$4, %ebx
+        shll	$4, %r11d
+        shll	$4, %r12d
+        vmovdqu	(%r13,%r10,1), %xmm2
+        vmovdqu	(%r13,%rbx,1), %xmm3
+        vmovdqu	(%r13,%r11,1), %xmm4
+        vmovdqu	(%r13,%r12,1), %xmm5
+        vinserti128	$0x01, %xmm4, %ymm2, %ymm2
+        vinserti128	$0x01, %xmm5, %ymm3, %ymm3
+        vpshufb	%ymm2, %ymm0, %ymm0
+        vpshufb	%ymm3, %ymm1, %ymm1
+        popcntl	%r10d, %r10d
+        popcntl	%ebx, %ebx
+        popcntl	%r11d, %r11d
+        popcntl	%r12d, %r12d
+        vpsubw	%ymm0, %ymm8, %ymm0
+        vpsubw	%ymm1, %ymm8, %ymm1
+        vpmovsxwd	%xmm0, %ymm2
+        vpmovsxwd	%xmm1, %ymm3
+        vextracti128	$0x01, %ymm0, %xmm0
+        vextracti128	$0x01, %ymm1, %xmm1
+        vpmovsxwd	%xmm0, %ymm0
+        vpmovsxwd	%xmm1, %ymm1
+        vmovdqu	%ymm2, (%rdx)
+        leaq	(%rdx,%r10,4), %rdx
+        addl	%r10d, %r8d
+        vmovdqu	%ymm0, (%rdx)
+        leaq	(%rdx,%r11,4), %rdx
+        addl	%r11d, %r8d
+        vmovdqu	%ymm3, (%rdx)
+        leaq	(%rdx,%rbx,4), %rdx
+        addl	%ebx, %r8d
+        vmovdqu	%ymm1, (%rdx)
+        leaq	(%rdx,%r12,4), %rdx
+        addl	%r12d, %r8d
+        subl	$0x80, %esi
+        addq	$0x80, %rdi
+L_mldsa_extract_coeffs_eta4_less_than_256:
+        cmpl	$0xf0, %r8d
+        jg	L_mldsa_extract_coeffs_eta4_less_than_ymm
+L_mldsa_extract_coeffs_eta4_start_one_ymm:
+        vpmovzxbd	(%rdi), %ymm0
+        vpslld	$12, %ymm0, %ymm2
+        vpor	%ymm2, %ymm0, %ymm0
+        vpand	%ymm6, %ymm0, %ymm0
+        vpcmpgtw	%ymm0, %ymm7, %ymm2
+        vpacksswb	%ymm2, %ymm2, %ymm2
+        vpmovmskb	%ymm2, %eax
+        movl	%eax, %r11d
+        movzbl	%al, %r10d
+        shr	$16, %r11
+        andl	$0xff, %r11d
+        shll	$4, %r10d
+        shll	$4, %r11d
+        vmovdqu	(%r13,%r10,1), %xmm2
+        vmovdqu	(%r13,%r11,1), %xmm4
+        vinserti128	$0x01, %xmm4, %ymm2, %ymm2
+        vpshufb	%ymm2, %ymm0, %ymm0
+        popcntl	%r10d, %r10d
+        popcntl	%r11d, %r11d
+        vpsubw	%ymm0, %ymm8, %ymm0
+        vpmovsxwd	%xmm0, %ymm2
+        vextracti128	$0x01, %ymm0, %xmm0
+        vpmovsxwd	%xmm0, %ymm0
+        vmovdqu	%ymm2, (%rdx)
+        leaq	(%rdx,%r10,4), %rdx
+        addl	%r10d, %r8d
+        vmovdqu	%ymm0, (%rdx)
+        leaq	(%rdx,%r11,4), %rdx
+        addl	%r11d, %r8d
+        subl	$8, %esi
+        addq	$8, %rdi
+        cmpl	$8, %esi
+        jl	L_mldsa_extract_coeffs_eta4_less_than_ymm
+        cmpl	$0xf0, %r8d
+        jle	L_mldsa_extract_coeffs_eta4_start_one_ymm
+L_mldsa_extract_coeffs_eta4_less_than_ymm:
+        cmpl	$0x100, %r8d
+        je	L_mldsa_extract_coeffs_eta4_done
+L_mldsa_extract_coeffs_eta4_start_byte:
+        cmpl	$0x00, %esi
+        je	L_mldsa_extract_coeffs_eta4_done
+        movzbl	(%rdi), %ebx
+        addq	$0x01, %rdi
+        subl	$0x01, %esi
+        movl	%ebx, %eax
+        shrl	$4, %eax
+        andb	$15, %bl
+        xorq	%r11, %r11
+        movq	$4, %r12
+        cmpb	$9, %bl
+        adcl	$0x00, %r11d
+        subl	%ebx, %r12d
+        movl	%r12d, (%rdx)
+        addl	%r11d, %r8d
+        shl	$2, %r11d
+        addq	%r11, %rdx
+        cmpl	$0x100, %r8d
+        je	L_mldsa_extract_coeffs_eta4_done
+        xorq	%r11, %r11
+        movq	$4, %r12
+        cmpb	$9, %al
+        adcl	$0x00, %r11d
+        subl	%eax, %r12d
+        movl	%r12d, (%rdx)
+        addl	%r11d, %r8d
+        shl	$2, %r11d
+        addq	%r11, %rdx
+        cmpl	$0x100, %r8d
+        je	L_mldsa_extract_coeffs_eta4_done
+        jmp	L_mldsa_extract_coeffs_eta4_start_byte
+L_mldsa_extract_coeffs_eta4_done:
+        movl	%r8d, (%rcx)
+        vzeroupper
+        popq	%r13
+        popq	%r12
+        popq	%rbx
+        repz retq
+#ifndef __APPLE__
+.size	wc_mldsa_extract_coeffs_eta4_avx2,.-wc_mldsa_extract_coeffs_eta4_avx2
+#endif /* __APPLE__ */
+#ifndef __APPLE__
+.text
+.globl	wc_mldsa_redistribute_21_rand_avx2
+.type	wc_mldsa_redistribute_21_rand_avx2,@function
+.align	16
+wc_mldsa_redistribute_21_rand_avx2:
+#else
+.section	__TEXT,__text
+.globl	_wc_mldsa_redistribute_21_rand_avx2
+.p2align	4
+_wc_mldsa_redistribute_21_rand_avx2:
+#endif /* __APPLE__ */
+        vmovdqu	(%rdi), %ymm0
+        vmovdqu	32(%rdi), %ymm1
+        vmovdqu	64(%rdi), %ymm2
+        vmovdqu	96(%rdi), %ymm3
+        vmovdqu	128(%rdi), %ymm4
+        vmovdqu	160(%rdi), %ymm5
+        vmovdqu	192(%rdi), %ymm6
+        vmovdqu	224(%rdi), %ymm7
+        vmovdqu	256(%rdi), %ymm8
+        vmovdqu	288(%rdi), %ymm9
+        vmovdqu	320(%rdi), %ymm10
+        vmovdqu	352(%rdi), %ymm11
+        vpunpcklqdq	%ymm1, %ymm0, %ymm12
+        vpunpckhqdq	%ymm1, %ymm0, %ymm13
+        vpunpcklqdq	%ymm3, %ymm2, %ymm14
+        vpunpckhqdq	%ymm3, %ymm2, %ymm15
+        vperm2i128	$32, %ymm14, %ymm12, %ymm0
+        vperm2i128	$32, %ymm15, %ymm13, %ymm1
+        vperm2i128	$49, %ymm14, %ymm12, %ymm2
+        vperm2i128	$49, %ymm15, %ymm13, %ymm3
+        vpunpcklqdq	%ymm5, %ymm4, %ymm12
+        vpunpckhqdq	%ymm5, %ymm4, %ymm13
+        vpunpcklqdq	%ymm7, %ymm6, %ymm14
+        vpunpckhqdq	%ymm7, %ymm6, %ymm15
+        vperm2i128	$32, %ymm14, %ymm12, %ymm4
+        vperm2i128	$32, %ymm15, %ymm13, %ymm5
+        vperm2i128	$49, %ymm14, %ymm12, %ymm6
+        vperm2i128	$49, %ymm15, %ymm13, %ymm7
+        vpunpcklqdq	%ymm9, %ymm8, %ymm12
+        vpunpckhqdq	%ymm9, %ymm8, %ymm13
+        vpunpcklqdq	%ymm11, %ymm10, %ymm14
+        vpunpckhqdq	%ymm11, %ymm10, %ymm15
+        vperm2i128	$32, %ymm14, %ymm12, %ymm8
+        vperm2i128	$32, %ymm15, %ymm13, %ymm9
+        vperm2i128	$49, %ymm14, %ymm12, %ymm10
+        vperm2i128	$49, %ymm15, %ymm13, %ymm11
+        vmovdqu	%ymm0, (%rsi)
+        vmovdqu	%ymm4, 32(%rsi)
+        vmovdqu	%ymm8, 64(%rsi)
+        vmovdqu	%ymm1, (%rdx)
+        vmovdqu	%ymm5, 32(%rdx)
+        vmovdqu	%ymm9, 64(%rdx)
+        vmovdqu	%ymm2, (%rcx)
+        vmovdqu	%ymm6, 32(%rcx)
+        vmovdqu	%ymm10, 64(%rcx)
+        vmovdqu	%ymm3, (%r8)
+        vmovdqu	%ymm7, 32(%r8)
+        vmovdqu	%ymm11, 64(%r8)
+        vmovdqu	384(%rdi), %ymm0
+        vmovdqu	416(%rdi), %ymm1
+        vmovdqu	448(%rdi), %ymm2
+        vmovdqu	480(%rdi), %ymm3
+        vmovdqu	512(%rdi), %ymm4
+        vmovdqu	544(%rdi), %ymm5
+        vmovdqu	576(%rdi), %ymm6
+        vmovdqu	608(%rdi), %ymm7
+        movq	640(%rdi), %rax
+        movq	648(%rdi), %r9
+        movq	656(%rdi), %r10
+        movq	664(%rdi), %r11
+        vpunpcklqdq	%ymm1, %ymm0, %ymm12
+        vpunpckhqdq	%ymm1, %ymm0, %ymm13
+        vpunpcklqdq	%ymm3, %ymm2, %ymm14
+        vpunpckhqdq	%ymm3, %ymm2, %ymm15
+        vperm2i128	$32, %ymm14, %ymm12, %ymm0
+        vperm2i128	$32, %ymm15, %ymm13, %ymm1
+        vperm2i128	$49, %ymm14, %ymm12, %ymm2
+        vperm2i128	$49, %ymm15, %ymm13, %ymm3
+        vpunpcklqdq	%ymm5, %ymm4, %ymm12
+        vpunpckhqdq	%ymm5, %ymm4, %ymm13
+        vpunpcklqdq	%ymm7, %ymm6, %ymm14
+        vpunpckhqdq	%ymm7, %ymm6, %ymm15
+        vperm2i128	$32, %ymm14, %ymm12, %ymm4
+        vperm2i128	$32, %ymm15, %ymm13, %ymm5
+        vperm2i128	$49, %ymm14, %ymm12, %ymm6
+        vperm2i128	$49, %ymm15, %ymm13, %ymm7
+        vmovdqu	%ymm0, 96(%rsi)
+        vmovdqu	%ymm4, 128(%rsi)
+        movq	%rax, 160(%rsi)
+        vmovdqu	%ymm1, 96(%rdx)
+        vmovdqu	%ymm5, 128(%rdx)
+        movq	%r9, 160(%rdx)
+        vmovdqu	%ymm2, 96(%rcx)
+        vmovdqu	%ymm6, 128(%rcx)
+        movq	%r10, 160(%rcx)
+        vmovdqu	%ymm3, 96(%r8)
+        vmovdqu	%ymm7, 128(%r8)
+        movq	%r11, 160(%r8)
+        vzeroupper
+        repz retq
+#ifndef __APPLE__
+.size	wc_mldsa_redistribute_21_rand_avx2,.-wc_mldsa_redistribute_21_rand_avx2
+#endif /* __APPLE__ */
+#ifndef __APPLE__
+.text
+.globl	wc_mldsa_redistribute_17_rand_avx2
+.type	wc_mldsa_redistribute_17_rand_avx2,@function
+.align	16
+wc_mldsa_redistribute_17_rand_avx2:
+#else
+.section	__TEXT,__text
+.globl	_wc_mldsa_redistribute_17_rand_avx2
+.p2align	4
+_wc_mldsa_redistribute_17_rand_avx2:
+#endif /* __APPLE__ */
+        vmovdqu	(%rdi), %ymm0
+        vmovdqu	32(%rdi), %ymm1
+        vmovdqu	64(%rdi), %ymm2
+        vmovdqu	96(%rdi), %ymm3
+        vmovdqu	128(%rdi), %ymm4
+        vmovdqu	160(%rdi), %ymm5
+        vmovdqu	192(%rdi), %ymm6
+        vmovdqu	224(%rdi), %ymm7
+        vpunpcklqdq	%ymm1, %ymm0, %ymm8
+        vpunpckhqdq	%ymm1, %ymm0, %ymm9
+        vpunpcklqdq	%ymm3, %ymm2, %ymm10
+        vpunpckhqdq	%ymm3, %ymm2, %ymm11
+        vperm2i128	$32, %ymm10, %ymm8, %ymm0
+        vperm2i128	$32, %ymm11, %ymm9, %ymm1
+        vperm2i128	$49, %ymm10, %ymm8, %ymm2
+        vperm2i128	$49, %ymm11, %ymm9, %ymm3
+        vpunpcklqdq	%ymm5, %ymm4, %ymm8
+        vpunpckhqdq	%ymm5, %ymm4, %ymm9
+        vpunpcklqdq	%ymm7, %ymm6, %ymm10
+        vpunpckhqdq	%ymm7, %ymm6, %ymm11
+        vperm2i128	$32, %ymm10, %ymm8, %ymm4
+        vperm2i128	$32, %ymm11, %ymm9, %ymm5
+        vperm2i128	$49, %ymm10, %ymm8, %ymm6
+        vperm2i128	$49, %ymm11, %ymm9, %ymm7
+        vmovdqu	%ymm0, (%rsi)
+        vmovdqu	%ymm4, 32(%rsi)
+        vmovdqu	%ymm1, (%rdx)
+        vmovdqu	%ymm5, 32(%rdx)
+        vmovdqu	%ymm2, (%rcx)
+        vmovdqu	%ymm6, 32(%rcx)
+        vmovdqu	%ymm3, (%r8)
+        vmovdqu	%ymm7, 32(%r8)
+        vmovdqu	256(%rdi), %ymm0
+        vmovdqu	288(%rdi), %ymm1
+        vmovdqu	320(%rdi), %ymm2
+        vmovdqu	352(%rdi), %ymm3
+        vmovdqu	384(%rdi), %ymm4
+        vmovdqu	416(%rdi), %ymm5
+        vmovdqu	448(%rdi), %ymm6
+        vmovdqu	480(%rdi), %ymm7
+        movq	512(%rdi), %rax
+        movq	520(%rdi), %r9
+        movq	528(%rdi), %r10
+        movq	536(%rdi), %r11
+        vpunpcklqdq	%ymm1, %ymm0, %ymm8
+        vpunpckhqdq	%ymm1, %ymm0, %ymm9
+        vpunpcklqdq	%ymm3, %ymm2, %ymm10
+        vpunpckhqdq	%ymm3, %ymm2, %ymm11
+        vperm2i128	$32, %ymm10, %ymm8, %ymm0
+        vperm2i128	$32, %ymm11, %ymm9, %ymm1
+        vperm2i128	$49, %ymm10, %ymm8, %ymm2
+        vperm2i128	$49, %ymm11, %ymm9, %ymm3
+        vpunpcklqdq	%ymm5, %ymm4, %ymm8
+        vpunpckhqdq	%ymm5, %ymm4, %ymm9
+        vpunpcklqdq	%ymm7, %ymm6, %ymm10
+        vpunpckhqdq	%ymm7, %ymm6, %ymm11
+        vperm2i128	$32, %ymm10, %ymm8, %ymm4
+        vperm2i128	$32, %ymm11, %ymm9, %ymm5
+        vperm2i128	$49, %ymm10, %ymm8, %ymm6
+        vperm2i128	$49, %ymm11, %ymm9, %ymm7
+        vmovdqu	%ymm0, 64(%rsi)
+        vmovdqu	%ymm4, 96(%rsi)
+        movq	%rax, 128(%rsi)
+        vmovdqu	%ymm1, 64(%rdx)
+        vmovdqu	%ymm5, 96(%rdx)
+        movq	%r9, 128(%rdx)
+        vmovdqu	%ymm2, 64(%rcx)
+        vmovdqu	%ymm6, 96(%rcx)
+        movq	%r10, 128(%rcx)
+        vmovdqu	%ymm3, 64(%r8)
+        vmovdqu	%ymm7, 96(%r8)
+        movq	%r11, 128(%r8)
+        vzeroupper
+        repz retq
+#ifndef __APPLE__
+.size	wc_mldsa_redistribute_17_rand_avx2,.-wc_mldsa_redistribute_17_rand_avx2
+#endif /* __APPLE__ */
+#ifndef __APPLE__
+.data
+#else
+.section	__DATA,__data
+#endif /* __APPLE__ */
+L_mldsa_encode_eta_2_avx2_two:
+.long	0x00000002,0x00000002,0x00000002,0x00000002
+.long	0x00000002,0x00000002,0x00000002,0x00000002
+#ifndef __APPLE__
+.data
+#else
+.section	__DATA,__data
+#endif /* __APPLE__ */
+L_mldsa_encode_eta_2_avx2_vs_3:
+.long	0x00000000,0x00000003,0x00000006,0x00000009
+.long	0x00000004,0x00000007,0x0000000a,0x0000000d
+#ifndef __APPLE__
+.data
+#else
+.section	__DATA,__data
+#endif /* __APPLE__ */
+#ifndef __APPLE__
+.align	16
+#else
+.p2align	4
+#endif /* __APPLE__ */
+L_mldsa_encode_eta_2_avx2_shuff_3_even:
+.value	0xff00,0x504
+.value	0xff08,0xd0c
+.value	0xffff,0xffff
+.value	0xffff,0xffff
+.value	0xff00,0x504
+.value	0xff08,0xd0c
+.value	0xffff,0xffff
+.value	0xffff,0xffff
+#ifndef __APPLE__
+.data
+#else
+.section	__DATA,__data
+#endif /* __APPLE__ */
+#ifndef __APPLE__
+.align	16
+#else
+.p2align	4
+#endif /* __APPLE__ */
+L_mldsa_encode_eta_2_avx2_shuff_3_odd:
+.value	0xff02,0x7ff
+.value	0xb0a,0xfff
+.value	0xffff,0xffff
+.value	0xffff,0xffff
+.value	0xff02,0x7ff
+.value	0xb0a,0xfff
+.value	0xffff,0xffff
+.value	0xffff,0xffff
+#ifndef __APPLE__
+.data
+#else
+.section	__DATA,__data
+#endif /* __APPLE__ */
+#ifndef __APPLE__
+.align	16
+#else
+.p2align	4
+#endif /* __APPLE__ */
+L_mldsa_encode_eta_2_avx2_shuff_6_even:
+.value	0x400,0x805
+.value	0xd0c,0xffff
+.value	0xffff,0xffff
+.value	0xffff,0xffff
+.value	0xffff,0xffff
+.value	0xffff,0x400
+.value	0x805,0xd0c
+.value	0xffff,0xffff
+#ifndef __APPLE__
+.data
+#else
+.section	__DATA,__data
+#endif /* __APPLE__ */
+#ifndef __APPLE__
+.align	16
+#else
+.p2align	4
+#endif /* __APPLE__ */
+L_mldsa_encode_eta_2_avx2_shuff_6_odd:
+.value	0x302,0xa07
+.value	0xf0b,0xffff
+.value	0xffff,0xffff
+.value	0xffff,0xffff
+.value	0xffff,0xffff
+.value	0xffff,0x302
+.value	0xa07,0xf0b
+.value	0xffff,0xffff
+#ifndef __APPLE__
+.text
+.globl	wc_mldsa_vec_encode_eta_2_avx2
+.type	wc_mldsa_vec_encode_eta_2_avx2,@function
+.align	16
+wc_mldsa_vec_encode_eta_2_avx2:
+#else
+.section	__TEXT,__text
+.globl	_wc_mldsa_vec_encode_eta_2_avx2
+.p2align	4
+_wc_mldsa_vec_encode_eta_2_avx2:
+#endif /* __APPLE__ */
+        vmovdqu	L_mldsa_encode_eta_2_avx2_two(%rip), %ymm6
+        vmovdqu	L_mldsa_encode_eta_2_avx2_vs_3(%rip), %ymm7
+        vmovdqu	L_mldsa_encode_eta_2_avx2_shuff_3_even(%rip), %ymm8
+        vmovdqu	L_mldsa_encode_eta_2_avx2_shuff_3_odd(%rip), %ymm9
+        vmovdqu	L_mldsa_encode_eta_2_avx2_shuff_6_even(%rip), %ymm10
+        vmovdqu	L_mldsa_encode_eta_2_avx2_shuff_6_odd(%rip), %ymm11
+L_mldsa_encode_eta_2_avx2_loop:
+        vmovdqu	(%rdi), %ymm0
+        vmovdqu	32(%rdi), %ymm1
+        vmovdqu	64(%rdi), %ymm2
+        vmovdqu	96(%rdi), %ymm3
+        vpsubd	%ymm0, %ymm6, %ymm0
+        vpsubd	%ymm1, %ymm6, %ymm1
+        vpsubd	%ymm2, %ymm6, %ymm2
+        vpsubd	%ymm3, %ymm6, %ymm3
+        vpsllvd	%ymm7, %ymm0, %ymm0
+        vpsllvd	%ymm7, %ymm1, %ymm1
+        vpsllvd	%ymm7, %ymm2, %ymm2
+        vpsllvd	%ymm7, %ymm3, %ymm3
+        vpackusdw	%ymm2, %ymm0, %ymm0
+        vpackusdw	%ymm3, %ymm1, %ymm1
+        vpermq	$0xd8, %ymm0, %ymm0
+        vpermq	$0xd8, %ymm1, %ymm1
+        vpshufb	%ymm9, %ymm0, %ymm4
+        vpshufb	%ymm9, %ymm1, %ymm5
+        vpshufb	%ymm8, %ymm0, %ymm0
+        vpshufb	%ymm8, %ymm1, %ymm1
+        vpor	%ymm4, %ymm0, %ymm0
+        vpor	%ymm5, %ymm1, %ymm1
+        vpermq	$0xb1, %ymm1, %ymm1
+        vpor	%ymm1, %ymm0, %ymm0
+        vpshufb	%ymm11, %ymm0, %ymm4
+        vpshufb	%ymm10, %ymm0, %ymm0
+        vpor	%ymm4, %ymm0, %ymm0
+        vextracti128	$0x01, %ymm0, %xmm4
+        vpor	%ymm4, %ymm0, %ymm0
+        vmovdqu	%xmm0, (%rdx)
+        addq	$12, %rdx
+        vmovdqu	128(%rdi), %ymm0
+        vmovdqu	160(%rdi), %ymm1
+        vmovdqu	192(%rdi), %ymm2
+        vmovdqu	224(%rdi), %ymm3
+        vpsubd	%ymm0, %ymm6, %ymm0
+        vpsubd	%ymm1, %ymm6, %ymm1
+        vpsubd	%ymm2, %ymm6, %ymm2
+        vpsubd	%ymm3, %ymm6, %ymm3
+        vpsllvd	%ymm7, %ymm0, %ymm0
+        vpsllvd	%ymm7, %ymm1, %ymm1
+        vpsllvd	%ymm7, %ymm2, %ymm2
+        vpsllvd	%ymm7, %ymm3, %ymm3
+        vpackusdw	%ymm2, %ymm0, %ymm0
+        vpackusdw	%ymm3, %ymm1, %ymm1
+        vpermq	$0xd8, %ymm0, %ymm0
+        vpermq	$0xd8, %ymm1, %ymm1
+        vpshufb	%ymm9, %ymm0, %ymm4
+        vpshufb	%ymm9, %ymm1, %ymm5
+        vpshufb	%ymm8, %ymm0, %ymm0
+        vpshufb	%ymm8, %ymm1, %ymm1
+        vpor	%ymm4, %ymm0, %ymm0
+        vpor	%ymm5, %ymm1, %ymm1
+        vpermq	$0xb1, %ymm1, %ymm1
+        vpor	%ymm1, %ymm0, %ymm0
+        vpshufb	%ymm11, %ymm0, %ymm4
+        vpshufb	%ymm10, %ymm0, %ymm0
+        vpor	%ymm4, %ymm0, %ymm0
+        vextracti128	$0x01, %ymm0, %xmm4
+        vpor	%ymm4, %ymm0, %ymm0
+        vmovdqu	%xmm0, (%rdx)
+        addq	$12, %rdx
+        vmovdqu	256(%rdi), %ymm0
+        vmovdqu	288(%rdi), %ymm1
+        vmovdqu	320(%rdi), %ymm2
+        vmovdqu	352(%rdi), %ymm3
+        vpsubd	%ymm0, %ymm6, %ymm0
+        vpsubd	%ymm1, %ymm6, %ymm1
+        vpsubd	%ymm2, %ymm6, %ymm2
+        vpsubd	%ymm3, %ymm6, %ymm3
+        vpsllvd	%ymm7, %ymm0, %ymm0
+        vpsllvd	%ymm7, %ymm1, %ymm1
+        vpsllvd	%ymm7, %ymm2, %ymm2
+        vpsllvd	%ymm7, %ymm3, %ymm3
+        vpackusdw	%ymm2, %ymm0, %ymm0
+        vpackusdw	%ymm3, %ymm1, %ymm1
+        vpermq	$0xd8, %ymm0, %ymm0
+        vpermq	$0xd8, %ymm1, %ymm1
+        vpshufb	%ymm9, %ymm0, %ymm4
+        vpshufb	%ymm9, %ymm1, %ymm5
+        vpshufb	%ymm8, %ymm0, %ymm0
+        vpshufb	%ymm8, %ymm1, %ymm1
+        vpor	%ymm4, %ymm0, %ymm0
+        vpor	%ymm5, %ymm1, %ymm1
+        vpermq	$0xb1, %ymm1, %ymm1
+        vpor	%ymm1, %ymm0, %ymm0
+        vpshufb	%ymm11, %ymm0, %ymm4
+        vpshufb	%ymm10, %ymm0, %ymm0
+        vpor	%ymm4, %ymm0, %ymm0
+        vextracti128	$0x01, %ymm0, %xmm4
+        vpor	%ymm4, %ymm0, %ymm0
+        vmovdqu	%xmm0, (%rdx)
+        addq	$12, %rdx
+        vmovdqu	384(%rdi), %ymm0
+        vmovdqu	416(%rdi), %ymm1
+        vmovdqu	448(%rdi), %ymm2
+        vmovdqu	480(%rdi), %ymm3
+        vpsubd	%ymm0, %ymm6, %ymm0
+        vpsubd	%ymm1, %ymm6, %ymm1
+        vpsubd	%ymm2, %ymm6, %ymm2
+        vpsubd	%ymm3, %ymm6, %ymm3
+        vpsllvd	%ymm7, %ymm0, %ymm0
+        vpsllvd	%ymm7, %ymm1, %ymm1
+        vpsllvd	%ymm7, %ymm2, %ymm2
+        vpsllvd	%ymm7, %ymm3, %ymm3
+        vpackusdw	%ymm2, %ymm0, %ymm0
+        vpackusdw	%ymm3, %ymm1, %ymm1
+        vpermq	$0xd8, %ymm0, %ymm0
+        vpermq	$0xd8, %ymm1, %ymm1
+        vpshufb	%ymm9, %ymm0, %ymm4
+        vpshufb	%ymm9, %ymm1, %ymm5
+        vpshufb	%ymm8, %ymm0, %ymm0
+        vpshufb	%ymm8, %ymm1, %ymm1
+        vpor	%ymm4, %ymm0, %ymm0
+        vpor	%ymm5, %ymm1, %ymm1
+        vpermq	$0xb1, %ymm1, %ymm1
+        vpor	%ymm1, %ymm0, %ymm0
+        vpshufb	%ymm11, %ymm0, %ymm4
+        vpshufb	%ymm10, %ymm0, %ymm0
+        vpor	%ymm4, %ymm0, %ymm0
+        vextracti128	$0x01, %ymm0, %xmm4
+        vpor	%ymm4, %ymm0, %ymm0
+        vmovdqu	%xmm0, (%rdx)
+        addq	$12, %rdx
+        vmovdqu	512(%rdi), %ymm0
+        vmovdqu	544(%rdi), %ymm1
+        vmovdqu	576(%rdi), %ymm2
+        vmovdqu	608(%rdi), %ymm3
+        vpsubd	%ymm0, %ymm6, %ymm0
+        vpsubd	%ymm1, %ymm6, %ymm1
+        vpsubd	%ymm2, %ymm6, %ymm2
+        vpsubd	%ymm3, %ymm6, %ymm3
+        vpsllvd	%ymm7, %ymm0, %ymm0
+        vpsllvd	%ymm7, %ymm1, %ymm1
+        vpsllvd	%ymm7, %ymm2, %ymm2
+        vpsllvd	%ymm7, %ymm3, %ymm3
+        vpackusdw	%ymm2, %ymm0, %ymm0
+        vpackusdw	%ymm3, %ymm1, %ymm1
+        vpermq	$0xd8, %ymm0, %ymm0
+        vpermq	$0xd8, %ymm1, %ymm1
+        vpshufb	%ymm9, %ymm0, %ymm4
+        vpshufb	%ymm9, %ymm1, %ymm5
+        vpshufb	%ymm8, %ymm0, %ymm0
+        vpshufb	%ymm8, %ymm1, %ymm1
+        vpor	%ymm4, %ymm0, %ymm0
+        vpor	%ymm5, %ymm1, %ymm1
+        vpermq	$0xb1, %ymm1, %ymm1
+        vpor	%ymm1, %ymm0, %ymm0
+        vpshufb	%ymm11, %ymm0, %ymm4
+        vpshufb	%ymm10, %ymm0, %ymm0
+        vpor	%ymm4, %ymm0, %ymm0
+        vextracti128	$0x01, %ymm0, %xmm4
+        vpor	%ymm4, %ymm0, %ymm0
+        vmovdqu	%xmm0, (%rdx)
+        addq	$12, %rdx
+        vmovdqu	640(%rdi), %ymm0
+        vmovdqu	672(%rdi), %ymm1
+        vmovdqu	704(%rdi), %ymm2
+        vmovdqu	736(%rdi), %ymm3
+        vpsubd	%ymm0, %ymm6, %ymm0
+        vpsubd	%ymm1, %ymm6, %ymm1
+        vpsubd	%ymm2, %ymm6, %ymm2
+        vpsubd	%ymm3, %ymm6, %ymm3
+        vpsllvd	%ymm7, %ymm0, %ymm0
+        vpsllvd	%ymm7, %ymm1, %ymm1
+        vpsllvd	%ymm7, %ymm2, %ymm2
+        vpsllvd	%ymm7, %ymm3, %ymm3
+        vpackusdw	%ymm2, %ymm0, %ymm0
+        vpackusdw	%ymm3, %ymm1, %ymm1
+        vpermq	$0xd8, %ymm0, %ymm0
+        vpermq	$0xd8, %ymm1, %ymm1
+        vpshufb	%ymm9, %ymm0, %ymm4
+        vpshufb	%ymm9, %ymm1, %ymm5
+        vpshufb	%ymm8, %ymm0, %ymm0
+        vpshufb	%ymm8, %ymm1, %ymm1
+        vpor	%ymm4, %ymm0, %ymm0
+        vpor	%ymm5, %ymm1, %ymm1
+        vpermq	$0xb1, %ymm1, %ymm1
+        vpor	%ymm1, %ymm0, %ymm0
+        vpshufb	%ymm11, %ymm0, %ymm4
+        vpshufb	%ymm10, %ymm0, %ymm0
+        vpor	%ymm4, %ymm0, %ymm0
+        vextracti128	$0x01, %ymm0, %xmm4
+        vpor	%ymm4, %ymm0, %ymm0
+        vmovdqu	%xmm0, (%rdx)
+        addq	$12, %rdx
+        vmovdqu	768(%rdi), %ymm0
+        vmovdqu	800(%rdi), %ymm1
+        vmovdqu	832(%rdi), %ymm2
+        vmovdqu	864(%rdi), %ymm3
+        vpsubd	%ymm0, %ymm6, %ymm0
+        vpsubd	%ymm1, %ymm6, %ymm1
+        vpsubd	%ymm2, %ymm6, %ymm2
+        vpsubd	%ymm3, %ymm6, %ymm3
+        vpsllvd	%ymm7, %ymm0, %ymm0
+        vpsllvd	%ymm7, %ymm1, %ymm1
+        vpsllvd	%ymm7, %ymm2, %ymm2
+        vpsllvd	%ymm7, %ymm3, %ymm3
+        vpackusdw	%ymm2, %ymm0, %ymm0
+        vpackusdw	%ymm3, %ymm1, %ymm1
+        vpermq	$0xd8, %ymm0, %ymm0
+        vpermq	$0xd8, %ymm1, %ymm1
+        vpshufb	%ymm9, %ymm0, %ymm4
+        vpshufb	%ymm9, %ymm1, %ymm5
+        vpshufb	%ymm8, %ymm0, %ymm0
+        vpshufb	%ymm8, %ymm1, %ymm1
+        vpor	%ymm4, %ymm0, %ymm0
+        vpor	%ymm5, %ymm1, %ymm1
+        vpermq	$0xb1, %ymm1, %ymm1
+        vpor	%ymm1, %ymm0, %ymm0
+        vpshufb	%ymm11, %ymm0, %ymm4
+        vpshufb	%ymm10, %ymm0, %ymm0
+        vpor	%ymm4, %ymm0, %ymm0
+        vextracti128	$0x01, %ymm0, %xmm4
+        vpor	%ymm4, %ymm0, %ymm0
+        vmovdqu	%xmm0, (%rdx)
+        addq	$12, %rdx
+        vmovdqu	896(%rdi), %ymm0
+        vmovdqu	928(%rdi), %ymm1
+        vmovdqu	960(%rdi), %ymm2
+        vmovdqu	992(%rdi), %ymm3
+        vpsubd	%ymm0, %ymm6, %ymm0
+        vpsubd	%ymm1, %ymm6, %ymm1
+        vpsubd	%ymm2, %ymm6, %ymm2
+        vpsubd	%ymm3, %ymm6, %ymm3
+        vpsllvd	%ymm7, %ymm0, %ymm0
+        vpsllvd	%ymm7, %ymm1, %ymm1
+        vpsllvd	%ymm7, %ymm2, %ymm2
+        vpsllvd	%ymm7, %ymm3, %ymm3
+        vpackusdw	%ymm2, %ymm0, %ymm0
+        vpackusdw	%ymm3, %ymm1, %ymm1
+        vpermq	$0xd8, %ymm0, %ymm0
+        vpermq	$0xd8, %ymm1, %ymm1
+        vpshufb	%ymm9, %ymm0, %ymm4
+        vpshufb	%ymm9, %ymm1, %ymm5
+        vpshufb	%ymm8, %ymm0, %ymm0
+        vpshufb	%ymm8, %ymm1, %ymm1
+        vpor	%ymm4, %ymm0, %ymm0
+        vpor	%ymm5, %ymm1, %ymm1
+        vpermq	$0xb1, %ymm1, %ymm1
+        vpor	%ymm1, %ymm0, %ymm0
+        vpshufb	%ymm11, %ymm0, %ymm4
+        vpshufb	%ymm10, %ymm0, %ymm0
+        vpor	%ymm4, %ymm0, %ymm0
+        vextracti128	$0x01, %ymm0, %xmm4
+        vpor	%ymm4, %ymm0, %ymm0
+        vmovdqu	%xmm0, (%rdx)
+        addq	$12, %rdx
+        addq	$0x400, %rdi
+        decb	%sil
+        jnz	L_mldsa_encode_eta_2_avx2_loop
+        vzeroupper
+        repz retq
+#ifndef __APPLE__
+.size	wc_mldsa_vec_encode_eta_2_avx2,.-wc_mldsa_vec_encode_eta_2_avx2
+#endif /* __APPLE__ */
+#ifndef __APPLE__
+.data
+#else
+.section	__DATA,__data
+#endif /* __APPLE__ */
+L_mldsa_encode_eta_4_avx2_four:
+.long	0x00000004,0x00000004,0x00000004,0x00000004
+.long	0x00000004,0x00000004,0x00000004,0x00000004
+#ifndef __APPLE__
+.data
+#else
+.section	__DATA,__data
+#endif /* __APPLE__ */
+L_mldsa_encode_eta_4_avx2_vs_4:
+.long	0x00000000,0x00000004,0x00000000,0x00000004
+.long	0x00000000,0x00000004,0x00000000,0x00000004
+#ifndef __APPLE__
+.text
+.globl	wc_mldsa_vec_encode_eta_4_avx2
+.type	wc_mldsa_vec_encode_eta_4_avx2,@function
+.align	16
+wc_mldsa_vec_encode_eta_4_avx2:
+#else
+.section	__TEXT,__text
+.globl	_wc_mldsa_vec_encode_eta_4_avx2
+.p2align	4
+_wc_mldsa_vec_encode_eta_4_avx2:
+#endif /* __APPLE__ */
+        vpxor	%ymm8, %ymm8, %ymm8
+        vmovdqu	L_mldsa_encode_eta_4_avx2_four(%rip), %ymm8
+        vmovdqu	L_mldsa_encode_eta_4_avx2_vs_4(%rip), %ymm9
+        vmovdqu	(%rdi), %ymm0
+        vmovdqu	32(%rdi), %ymm1
+        vmovdqu	64(%rdi), %ymm2
+        vmovdqu	96(%rdi), %ymm3
+        vmovdqu	128(%rdi), %ymm4
+        vmovdqu	160(%rdi), %ymm5
+        vmovdqu	192(%rdi), %ymm6
+        vmovdqu	224(%rdi), %ymm7
+        vpsubd	%ymm0, %ymm8, %ymm0
+        vpsubd	%ymm1, %ymm8, %ymm1
+        vpsubd	%ymm2, %ymm8, %ymm2
+        vpsubd	%ymm3, %ymm8, %ymm3
+        vpsubd	%ymm4, %ymm8, %ymm4
+        vpsubd	%ymm5, %ymm8, %ymm5
+        vpsubd	%ymm6, %ymm8, %ymm6
+        vpsubd	%ymm7, %ymm8, %ymm7
+        vpsllvd	%ymm9, %ymm0, %ymm0
+        vpsllvd	%ymm9, %ymm1, %ymm1
+        vpsllvd	%ymm9, %ymm2, %ymm2
+        vpsllvd	%ymm9, %ymm3, %ymm3
+        vpsllvd	%ymm9, %ymm4, %ymm4
+        vpsllvd	%ymm9, %ymm5, %ymm5
+        vpsllvd	%ymm9, %ymm6, %ymm6
+        vpsllvd	%ymm9, %ymm7, %ymm7
+        vpackusdw	%ymm1, %ymm0, %ymm0
+        vpackusdw	%ymm3, %ymm2, %ymm1
+        vpackusdw	%ymm5, %ymm4, %ymm2
+        vpackusdw	%ymm7, %ymm6, %ymm3
+        vpermq	$0xd8, %ymm0, %ymm0
+        vpermq	$0xd8, %ymm1, %ymm1
+        vpermq	$0xd8, %ymm2, %ymm2
+        vpermq	$0xd8, %ymm3, %ymm3
+        vphaddw	%ymm1, %ymm0, %ymm0
+        vphaddw	%ymm3, %ymm2, %ymm1
+        vphaddw	%ymm5, %ymm4, %ymm2
+        vphaddw	%ymm7, %ymm6, %ymm3
+        vpermq	$0xd8, %ymm0, %ymm0
+        vpermq	$0xd8, %ymm1, %ymm1
+        vpackuswb	%ymm1, %ymm0, %ymm0
+        vpermq	$0xd8, %ymm0, %ymm0
+        vmovdqu	%ymm0, (%rsi)
+        vmovdqu	256(%rdi), %ymm0
+        vmovdqu	288(%rdi), %ymm1
+        vmovdqu	320(%rdi), %ymm2
+        vmovdqu	352(%rdi), %ymm3
+        vmovdqu	384(%rdi), %ymm4
+        vmovdqu	416(%rdi), %ymm5
+        vmovdqu	448(%rdi), %ymm6
+        vmovdqu	480(%rdi), %ymm7
+        vpsubd	%ymm0, %ymm8, %ymm0
+        vpsubd	%ymm1, %ymm8, %ymm1
+        vpsubd	%ymm2, %ymm8, %ymm2
+        vpsubd	%ymm3, %ymm8, %ymm3
+        vpsubd	%ymm4, %ymm8, %ymm4
+        vpsubd	%ymm5, %ymm8, %ymm5
+        vpsubd	%ymm6, %ymm8, %ymm6
+        vpsubd	%ymm7, %ymm8, %ymm7
+        vpsllvd	%ymm9, %ymm0, %ymm0
+        vpsllvd	%ymm9, %ymm1, %ymm1
+        vpsllvd	%ymm9, %ymm2, %ymm2
+        vpsllvd	%ymm9, %ymm3, %ymm3
+        vpsllvd	%ymm9, %ymm4, %ymm4
+        vpsllvd	%ymm9, %ymm5, %ymm5
+        vpsllvd	%ymm9, %ymm6, %ymm6
+        vpsllvd	%ymm9, %ymm7, %ymm7
+        vpackusdw	%ymm1, %ymm0, %ymm0
+        vpackusdw	%ymm3, %ymm2, %ymm1
+        vpackusdw	%ymm5, %ymm4, %ymm2
+        vpackusdw	%ymm7, %ymm6, %ymm3
+        vpermq	$0xd8, %ymm0, %ymm0
+        vpermq	$0xd8, %ymm1, %ymm1
+        vpermq	$0xd8, %ymm2, %ymm2
+        vpermq	$0xd8, %ymm3, %ymm3
+        vphaddw	%ymm1, %ymm0, %ymm0
+        vphaddw	%ymm3, %ymm2, %ymm1
+        vphaddw	%ymm5, %ymm4, %ymm2
+        vphaddw	%ymm7, %ymm6, %ymm3
+        vpermq	$0xd8, %ymm0, %ymm0
+        vpermq	$0xd8, %ymm1, %ymm1
+        vpackuswb	%ymm1, %ymm0, %ymm0
+        vpermq	$0xd8, %ymm0, %ymm0
+        vmovdqu	%ymm0, 32(%rsi)
+        vmovdqu	512(%rdi), %ymm0
+        vmovdqu	544(%rdi), %ymm1
+        vmovdqu	576(%rdi), %ymm2
+        vmovdqu	608(%rdi), %ymm3
+        vmovdqu	640(%rdi), %ymm4
+        vmovdqu	672(%rdi), %ymm5
+        vmovdqu	704(%rdi), %ymm6
+        vmovdqu	736(%rdi), %ymm7
+        vpsubd	%ymm0, %ymm8, %ymm0
+        vpsubd	%ymm1, %ymm8, %ymm1
+        vpsubd	%ymm2, %ymm8, %ymm2
+        vpsubd	%ymm3, %ymm8, %ymm3
+        vpsubd	%ymm4, %ymm8, %ymm4
+        vpsubd	%ymm5, %ymm8, %ymm5
+        vpsubd	%ymm6, %ymm8, %ymm6
+        vpsubd	%ymm7, %ymm8, %ymm7
+        vpsllvd	%ymm9, %ymm0, %ymm0
+        vpsllvd	%ymm9, %ymm1, %ymm1
+        vpsllvd	%ymm9, %ymm2, %ymm2
+        vpsllvd	%ymm9, %ymm3, %ymm3
+        vpsllvd	%ymm9, %ymm4, %ymm4
+        vpsllvd	%ymm9, %ymm5, %ymm5
+        vpsllvd	%ymm9, %ymm6, %ymm6
+        vpsllvd	%ymm9, %ymm7, %ymm7
+        vpackusdw	%ymm1, %ymm0, %ymm0
+        vpackusdw	%ymm3, %ymm2, %ymm1
+        vpackusdw	%ymm5, %ymm4, %ymm2
+        vpackusdw	%ymm7, %ymm6, %ymm3
+        vpermq	$0xd8, %ymm0, %ymm0
+        vpermq	$0xd8, %ymm1, %ymm1
+        vpermq	$0xd8, %ymm2, %ymm2
+        vpermq	$0xd8, %ymm3, %ymm3
+        vphaddw	%ymm1, %ymm0, %ymm0
+        vphaddw	%ymm3, %ymm2, %ymm1
+        vphaddw	%ymm5, %ymm4, %ymm2
+        vphaddw	%ymm7, %ymm6, %ymm3
+        vpermq	$0xd8, %ymm0, %ymm0
+        vpermq	$0xd8, %ymm1, %ymm1
+        vpackuswb	%ymm1, %ymm0, %ymm0
+        vpermq	$0xd8, %ymm0, %ymm0
+        vmovdqu	%ymm0, 64(%rsi)
+        vmovdqu	768(%rdi), %ymm0
+        vmovdqu	800(%rdi), %ymm1
+        vmovdqu	832(%rdi), %ymm2
+        vmovdqu	864(%rdi), %ymm3
+        vmovdqu	896(%rdi), %ymm4
+        vmovdqu	928(%rdi), %ymm5
+        vmovdqu	960(%rdi), %ymm6
+        vmovdqu	992(%rdi), %ymm7
+        vpsubd	%ymm0, %ymm8, %ymm0
+        vpsubd	%ymm1, %ymm8, %ymm1
+        vpsubd	%ymm2, %ymm8, %ymm2
+        vpsubd	%ymm3, %ymm8, %ymm3
+        vpsubd	%ymm4, %ymm8, %ymm4
+        vpsubd	%ymm5, %ymm8, %ymm5
+        vpsubd	%ymm6, %ymm8, %ymm6
+        vpsubd	%ymm7, %ymm8, %ymm7
+        vpsllvd	%ymm9, %ymm0, %ymm0
+        vpsllvd	%ymm9, %ymm1, %ymm1
+        vpsllvd	%ymm9, %ymm2, %ymm2
+        vpsllvd	%ymm9, %ymm3, %ymm3
+        vpsllvd	%ymm9, %ymm4, %ymm4
+        vpsllvd	%ymm9, %ymm5, %ymm5
+        vpsllvd	%ymm9, %ymm6, %ymm6
+        vpsllvd	%ymm9, %ymm7, %ymm7
+        vpackusdw	%ymm1, %ymm0, %ymm0
+        vpackusdw	%ymm3, %ymm2, %ymm1
+        vpackusdw	%ymm5, %ymm4, %ymm2
+        vpackusdw	%ymm7, %ymm6, %ymm3
+        vpermq	$0xd8, %ymm0, %ymm0
+        vpermq	$0xd8, %ymm1, %ymm1
+        vpermq	$0xd8, %ymm2, %ymm2
+        vpermq	$0xd8, %ymm3, %ymm3
+        vphaddw	%ymm1, %ymm0, %ymm0
+        vphaddw	%ymm3, %ymm2, %ymm1
+        vphaddw	%ymm5, %ymm4, %ymm2
+        vphaddw	%ymm7, %ymm6, %ymm3
+        vpermq	$0xd8, %ymm0, %ymm0
+        vpermq	$0xd8, %ymm1, %ymm1
+        vpackuswb	%ymm1, %ymm0, %ymm0
+        vpermq	$0xd8, %ymm0, %ymm0
+        vmovdqu	%ymm0, 96(%rsi)
+        vmovdqu	1024(%rdi), %ymm0
+        vmovdqu	1056(%rdi), %ymm1
+        vmovdqu	1088(%rdi), %ymm2
+        vmovdqu	1120(%rdi), %ymm3
+        vmovdqu	1152(%rdi), %ymm4
+        vmovdqu	1184(%rdi), %ymm5
+        vmovdqu	1216(%rdi), %ymm6
+        vmovdqu	1248(%rdi), %ymm7
+        vpsubd	%ymm0, %ymm8, %ymm0
+        vpsubd	%ymm1, %ymm8, %ymm1
+        vpsubd	%ymm2, %ymm8, %ymm2
+        vpsubd	%ymm3, %ymm8, %ymm3
+        vpsubd	%ymm4, %ymm8, %ymm4
+        vpsubd	%ymm5, %ymm8, %ymm5
+        vpsubd	%ymm6, %ymm8, %ymm6
+        vpsubd	%ymm7, %ymm8, %ymm7
+        vpsllvd	%ymm9, %ymm0, %ymm0
+        vpsllvd	%ymm9, %ymm1, %ymm1
+        vpsllvd	%ymm9, %ymm2, %ymm2
+        vpsllvd	%ymm9, %ymm3, %ymm3
+        vpsllvd	%ymm9, %ymm4, %ymm4
+        vpsllvd	%ymm9, %ymm5, %ymm5
+        vpsllvd	%ymm9, %ymm6, %ymm6
+        vpsllvd	%ymm9, %ymm7, %ymm7
+        vpackusdw	%ymm1, %ymm0, %ymm0
+        vpackusdw	%ymm3, %ymm2, %ymm1
+        vpackusdw	%ymm5, %ymm4, %ymm2
+        vpackusdw	%ymm7, %ymm6, %ymm3
+        vpermq	$0xd8, %ymm0, %ymm0
+        vpermq	$0xd8, %ymm1, %ymm1
+        vpermq	$0xd8, %ymm2, %ymm2
+        vpermq	$0xd8, %ymm3, %ymm3
+        vphaddw	%ymm1, %ymm0, %ymm0
+        vphaddw	%ymm3, %ymm2, %ymm1
+        vphaddw	%ymm5, %ymm4, %ymm2
+        vphaddw	%ymm7, %ymm6, %ymm3
+        vpermq	$0xd8, %ymm0, %ymm0
+        vpermq	$0xd8, %ymm1, %ymm1
+        vpackuswb	%ymm1, %ymm0, %ymm0
+        vpermq	$0xd8, %ymm0, %ymm0
+        vmovdqu	%ymm0, 128(%rsi)
+        vmovdqu	1280(%rdi), %ymm0
+        vmovdqu	1312(%rdi), %ymm1
+        vmovdqu	1344(%rdi), %ymm2
+        vmovdqu	1376(%rdi), %ymm3
+        vmovdqu	1408(%rdi), %ymm4
+        vmovdqu	1440(%rdi), %ymm5
+        vmovdqu	1472(%rdi), %ymm6
+        vmovdqu	1504(%rdi), %ymm7
+        vpsubd	%ymm0, %ymm8, %ymm0
+        vpsubd	%ymm1, %ymm8, %ymm1
+        vpsubd	%ymm2, %ymm8, %ymm2
+        vpsubd	%ymm3, %ymm8, %ymm3
+        vpsubd	%ymm4, %ymm8, %ymm4
+        vpsubd	%ymm5, %ymm8, %ymm5
+        vpsubd	%ymm6, %ymm8, %ymm6
+        vpsubd	%ymm7, %ymm8, %ymm7
+        vpsllvd	%ymm9, %ymm0, %ymm0
+        vpsllvd	%ymm9, %ymm1, %ymm1
+        vpsllvd	%ymm9, %ymm2, %ymm2
+        vpsllvd	%ymm9, %ymm3, %ymm3
+        vpsllvd	%ymm9, %ymm4, %ymm4
+        vpsllvd	%ymm9, %ymm5, %ymm5
+        vpsllvd	%ymm9, %ymm6, %ymm6
+        vpsllvd	%ymm9, %ymm7, %ymm7
+        vpackusdw	%ymm1, %ymm0, %ymm0
+        vpackusdw	%ymm3, %ymm2, %ymm1
+        vpackusdw	%ymm5, %ymm4, %ymm2
+        vpackusdw	%ymm7, %ymm6, %ymm3
+        vpermq	$0xd8, %ymm0, %ymm0
+        vpermq	$0xd8, %ymm1, %ymm1
+        vpermq	$0xd8, %ymm2, %ymm2
+        vpermq	$0xd8, %ymm3, %ymm3
+        vphaddw	%ymm1, %ymm0, %ymm0
+        vphaddw	%ymm3, %ymm2, %ymm1
+        vphaddw	%ymm5, %ymm4, %ymm2
+        vphaddw	%ymm7, %ymm6, %ymm3
+        vpermq	$0xd8, %ymm0, %ymm0
+        vpermq	$0xd8, %ymm1, %ymm1
+        vpackuswb	%ymm1, %ymm0, %ymm0
+        vpermq	$0xd8, %ymm0, %ymm0
+        vmovdqu	%ymm0, 160(%rsi)
+        vmovdqu	1536(%rdi), %ymm0
+        vmovdqu	1568(%rdi), %ymm1
+        vmovdqu	1600(%rdi), %ymm2
+        vmovdqu	1632(%rdi), %ymm3
+        vmovdqu	1664(%rdi), %ymm4
+        vmovdqu	1696(%rdi), %ymm5
+        vmovdqu	1728(%rdi), %ymm6
+        vmovdqu	1760(%rdi), %ymm7
+        vpsubd	%ymm0, %ymm8, %ymm0
+        vpsubd	%ymm1, %ymm8, %ymm1
+        vpsubd	%ymm2, %ymm8, %ymm2
+        vpsubd	%ymm3, %ymm8, %ymm3
+        vpsubd	%ymm4, %ymm8, %ymm4
+        vpsubd	%ymm5, %ymm8, %ymm5
+        vpsubd	%ymm6, %ymm8, %ymm6
+        vpsubd	%ymm7, %ymm8, %ymm7
+        vpsllvd	%ymm9, %ymm0, %ymm0
+        vpsllvd	%ymm9, %ymm1, %ymm1
+        vpsllvd	%ymm9, %ymm2, %ymm2
+        vpsllvd	%ymm9, %ymm3, %ymm3
+        vpsllvd	%ymm9, %ymm4, %ymm4
+        vpsllvd	%ymm9, %ymm5, %ymm5
+        vpsllvd	%ymm9, %ymm6, %ymm6
+        vpsllvd	%ymm9, %ymm7, %ymm7
+        vpackusdw	%ymm1, %ymm0, %ymm0
+        vpackusdw	%ymm3, %ymm2, %ymm1
+        vpackusdw	%ymm5, %ymm4, %ymm2
+        vpackusdw	%ymm7, %ymm6, %ymm3
+        vpermq	$0xd8, %ymm0, %ymm0
+        vpermq	$0xd8, %ymm1, %ymm1
+        vpermq	$0xd8, %ymm2, %ymm2
+        vpermq	$0xd8, %ymm3, %ymm3
+        vphaddw	%ymm1, %ymm0, %ymm0
+        vphaddw	%ymm3, %ymm2, %ymm1
+        vphaddw	%ymm5, %ymm4, %ymm2
+        vphaddw	%ymm7, %ymm6, %ymm3
+        vpermq	$0xd8, %ymm0, %ymm0
+        vpermq	$0xd8, %ymm1, %ymm1
+        vpackuswb	%ymm1, %ymm0, %ymm0
+        vpermq	$0xd8, %ymm0, %ymm0
+        vmovdqu	%ymm0, 192(%rsi)
+        vmovdqu	1792(%rdi), %ymm0
+        vmovdqu	1824(%rdi), %ymm1
+        vmovdqu	1856(%rdi), %ymm2
+        vmovdqu	1888(%rdi), %ymm3
+        vmovdqu	1920(%rdi), %ymm4
+        vmovdqu	1952(%rdi), %ymm5
+        vmovdqu	1984(%rdi), %ymm6
+        vmovdqu	2016(%rdi), %ymm7
+        vpsubd	%ymm0, %ymm8, %ymm0
+        vpsubd	%ymm1, %ymm8, %ymm1
+        vpsubd	%ymm2, %ymm8, %ymm2
+        vpsubd	%ymm3, %ymm8, %ymm3
+        vpsubd	%ymm4, %ymm8, %ymm4
+        vpsubd	%ymm5, %ymm8, %ymm5
+        vpsubd	%ymm6, %ymm8, %ymm6
+        vpsubd	%ymm7, %ymm8, %ymm7
+        vpsllvd	%ymm9, %ymm0, %ymm0
+        vpsllvd	%ymm9, %ymm1, %ymm1
+        vpsllvd	%ymm9, %ymm2, %ymm2
+        vpsllvd	%ymm9, %ymm3, %ymm3
+        vpsllvd	%ymm9, %ymm4, %ymm4
+        vpsllvd	%ymm9, %ymm5, %ymm5
+        vpsllvd	%ymm9, %ymm6, %ymm6
+        vpsllvd	%ymm9, %ymm7, %ymm7
+        vpackusdw	%ymm1, %ymm0, %ymm0
+        vpackusdw	%ymm3, %ymm2, %ymm1
+        vpackusdw	%ymm5, %ymm4, %ymm2
+        vpackusdw	%ymm7, %ymm6, %ymm3
+        vpermq	$0xd8, %ymm0, %ymm0
+        vpermq	$0xd8, %ymm1, %ymm1
+        vpermq	$0xd8, %ymm2, %ymm2
+        vpermq	$0xd8, %ymm3, %ymm3
+        vphaddw	%ymm1, %ymm0, %ymm0
+        vphaddw	%ymm3, %ymm2, %ymm1
+        vphaddw	%ymm5, %ymm4, %ymm2
+        vphaddw	%ymm7, %ymm6, %ymm3
+        vpermq	$0xd8, %ymm0, %ymm0
+        vpermq	$0xd8, %ymm1, %ymm1
+        vpackuswb	%ymm1, %ymm0, %ymm0
+        vpermq	$0xd8, %ymm0, %ymm0
+        vmovdqu	%ymm0, 224(%rsi)
+        vmovdqu	2048(%rdi), %ymm0
+        vmovdqu	2080(%rdi), %ymm1
+        vmovdqu	2112(%rdi), %ymm2
+        vmovdqu	2144(%rdi), %ymm3
+        vmovdqu	2176(%rdi), %ymm4
+        vmovdqu	2208(%rdi), %ymm5
+        vmovdqu	2240(%rdi), %ymm6
+        vmovdqu	2272(%rdi), %ymm7
+        vpsubd	%ymm0, %ymm8, %ymm0
+        vpsubd	%ymm1, %ymm8, %ymm1
+        vpsubd	%ymm2, %ymm8, %ymm2
+        vpsubd	%ymm3, %ymm8, %ymm3
+        vpsubd	%ymm4, %ymm8, %ymm4
+        vpsubd	%ymm5, %ymm8, %ymm5
+        vpsubd	%ymm6, %ymm8, %ymm6
+        vpsubd	%ymm7, %ymm8, %ymm7
+        vpsllvd	%ymm9, %ymm0, %ymm0
+        vpsllvd	%ymm9, %ymm1, %ymm1
+        vpsllvd	%ymm9, %ymm2, %ymm2
+        vpsllvd	%ymm9, %ymm3, %ymm3
+        vpsllvd	%ymm9, %ymm4, %ymm4
+        vpsllvd	%ymm9, %ymm5, %ymm5
+        vpsllvd	%ymm9, %ymm6, %ymm6
+        vpsllvd	%ymm9, %ymm7, %ymm7
+        vpackusdw	%ymm1, %ymm0, %ymm0
+        vpackusdw	%ymm3, %ymm2, %ymm1
+        vpackusdw	%ymm5, %ymm4, %ymm2
+        vpackusdw	%ymm7, %ymm6, %ymm3
+        vpermq	$0xd8, %ymm0, %ymm0
+        vpermq	$0xd8, %ymm1, %ymm1
+        vpermq	$0xd8, %ymm2, %ymm2
+        vpermq	$0xd8, %ymm3, %ymm3
+        vphaddw	%ymm1, %ymm0, %ymm0
+        vphaddw	%ymm3, %ymm2, %ymm1
+        vphaddw	%ymm5, %ymm4, %ymm2
+        vphaddw	%ymm7, %ymm6, %ymm3
+        vpermq	$0xd8, %ymm0, %ymm0
+        vpermq	$0xd8, %ymm1, %ymm1
+        vpackuswb	%ymm1, %ymm0, %ymm0
+        vpermq	$0xd8, %ymm0, %ymm0
+        vmovdqu	%ymm0, 256(%rsi)
+        vmovdqu	2304(%rdi), %ymm0
+        vmovdqu	2336(%rdi), %ymm1
+        vmovdqu	2368(%rdi), %ymm2
+        vmovdqu	2400(%rdi), %ymm3
+        vmovdqu	2432(%rdi), %ymm4
+        vmovdqu	2464(%rdi), %ymm5
+        vmovdqu	2496(%rdi), %ymm6
+        vmovdqu	2528(%rdi), %ymm7
+        vpsubd	%ymm0, %ymm8, %ymm0
+        vpsubd	%ymm1, %ymm8, %ymm1
+        vpsubd	%ymm2, %ymm8, %ymm2
+        vpsubd	%ymm3, %ymm8, %ymm3
+        vpsubd	%ymm4, %ymm8, %ymm4
+        vpsubd	%ymm5, %ymm8, %ymm5
+        vpsubd	%ymm6, %ymm8, %ymm6
+        vpsubd	%ymm7, %ymm8, %ymm7
+        vpsllvd	%ymm9, %ymm0, %ymm0
+        vpsllvd	%ymm9, %ymm1, %ymm1
+        vpsllvd	%ymm9, %ymm2, %ymm2
+        vpsllvd	%ymm9, %ymm3, %ymm3
+        vpsllvd	%ymm9, %ymm4, %ymm4
+        vpsllvd	%ymm9, %ymm5, %ymm5
+        vpsllvd	%ymm9, %ymm6, %ymm6
+        vpsllvd	%ymm9, %ymm7, %ymm7
+        vpackusdw	%ymm1, %ymm0, %ymm0
+        vpackusdw	%ymm3, %ymm2, %ymm1
+        vpackusdw	%ymm5, %ymm4, %ymm2
+        vpackusdw	%ymm7, %ymm6, %ymm3
+        vpermq	$0xd8, %ymm0, %ymm0
+        vpermq	$0xd8, %ymm1, %ymm1
+        vpermq	$0xd8, %ymm2, %ymm2
+        vpermq	$0xd8, %ymm3, %ymm3
+        vphaddw	%ymm1, %ymm0, %ymm0
+        vphaddw	%ymm3, %ymm2, %ymm1
+        vphaddw	%ymm5, %ymm4, %ymm2
+        vphaddw	%ymm7, %ymm6, %ymm3
+        vpermq	$0xd8, %ymm0, %ymm0
+        vpermq	$0xd8, %ymm1, %ymm1
+        vpackuswb	%ymm1, %ymm0, %ymm0
+        vpermq	$0xd8, %ymm0, %ymm0
+        vmovdqu	%ymm0, 288(%rsi)
+        vmovdqu	2560(%rdi), %ymm0
+        vmovdqu	2592(%rdi), %ymm1
+        vmovdqu	2624(%rdi), %ymm2
+        vmovdqu	2656(%rdi), %ymm3
+        vmovdqu	2688(%rdi), %ymm4
+        vmovdqu	2720(%rdi), %ymm5
+        vmovdqu	2752(%rdi), %ymm6
+        vmovdqu	2784(%rdi), %ymm7
+        vpsubd	%ymm0, %ymm8, %ymm0
+        vpsubd	%ymm1, %ymm8, %ymm1
+        vpsubd	%ymm2, %ymm8, %ymm2
+        vpsubd	%ymm3, %ymm8, %ymm3
+        vpsubd	%ymm4, %ymm8, %ymm4
+        vpsubd	%ymm5, %ymm8, %ymm5
+        vpsubd	%ymm6, %ymm8, %ymm6
+        vpsubd	%ymm7, %ymm8, %ymm7
+        vpsllvd	%ymm9, %ymm0, %ymm0
+        vpsllvd	%ymm9, %ymm1, %ymm1
+        vpsllvd	%ymm9, %ymm2, %ymm2
+        vpsllvd	%ymm9, %ymm3, %ymm3
+        vpsllvd	%ymm9, %ymm4, %ymm4
+        vpsllvd	%ymm9, %ymm5, %ymm5
+        vpsllvd	%ymm9, %ymm6, %ymm6
+        vpsllvd	%ymm9, %ymm7, %ymm7
+        vpackusdw	%ymm1, %ymm0, %ymm0
+        vpackusdw	%ymm3, %ymm2, %ymm1
+        vpackusdw	%ymm5, %ymm4, %ymm2
+        vpackusdw	%ymm7, %ymm6, %ymm3
+        vpermq	$0xd8, %ymm0, %ymm0
+        vpermq	$0xd8, %ymm1, %ymm1
+        vpermq	$0xd8, %ymm2, %ymm2
+        vpermq	$0xd8, %ymm3, %ymm3
+        vphaddw	%ymm1, %ymm0, %ymm0
+        vphaddw	%ymm3, %ymm2, %ymm1
+        vphaddw	%ymm5, %ymm4, %ymm2
+        vphaddw	%ymm7, %ymm6, %ymm3
+        vpermq	$0xd8, %ymm0, %ymm0
+        vpermq	$0xd8, %ymm1, %ymm1
+        vpackuswb	%ymm1, %ymm0, %ymm0
+        vpermq	$0xd8, %ymm0, %ymm0
+        vmovdqu	%ymm0, 320(%rsi)
+        vmovdqu	2816(%rdi), %ymm0
+        vmovdqu	2848(%rdi), %ymm1
+        vmovdqu	2880(%rdi), %ymm2
+        vmovdqu	2912(%rdi), %ymm3
+        vmovdqu	2944(%rdi), %ymm4
+        vmovdqu	2976(%rdi), %ymm5
+        vmovdqu	3008(%rdi), %ymm6
+        vmovdqu	3040(%rdi), %ymm7
+        vpsubd	%ymm0, %ymm8, %ymm0
+        vpsubd	%ymm1, %ymm8, %ymm1
+        vpsubd	%ymm2, %ymm8, %ymm2
+        vpsubd	%ymm3, %ymm8, %ymm3
+        vpsubd	%ymm4, %ymm8, %ymm4
+        vpsubd	%ymm5, %ymm8, %ymm5
+        vpsubd	%ymm6, %ymm8, %ymm6
+        vpsubd	%ymm7, %ymm8, %ymm7
+        vpsllvd	%ymm9, %ymm0, %ymm0
+        vpsllvd	%ymm9, %ymm1, %ymm1
+        vpsllvd	%ymm9, %ymm2, %ymm2
+        vpsllvd	%ymm9, %ymm3, %ymm3
+        vpsllvd	%ymm9, %ymm4, %ymm4
+        vpsllvd	%ymm9, %ymm5, %ymm5
+        vpsllvd	%ymm9, %ymm6, %ymm6
+        vpsllvd	%ymm9, %ymm7, %ymm7
+        vpackusdw	%ymm1, %ymm0, %ymm0
+        vpackusdw	%ymm3, %ymm2, %ymm1
+        vpackusdw	%ymm5, %ymm4, %ymm2
+        vpackusdw	%ymm7, %ymm6, %ymm3
+        vpermq	$0xd8, %ymm0, %ymm0
+        vpermq	$0xd8, %ymm1, %ymm1
+        vpermq	$0xd8, %ymm2, %ymm2
+        vpermq	$0xd8, %ymm3, %ymm3
+        vphaddw	%ymm1, %ymm0, %ymm0
+        vphaddw	%ymm3, %ymm2, %ymm1
+        vphaddw	%ymm5, %ymm4, %ymm2
+        vphaddw	%ymm7, %ymm6, %ymm3
+        vpermq	$0xd8, %ymm0, %ymm0
+        vpermq	$0xd8, %ymm1, %ymm1
+        vpackuswb	%ymm1, %ymm0, %ymm0
+        vpermq	$0xd8, %ymm0, %ymm0
+        vmovdqu	%ymm0, 352(%rsi)
+        vmovdqu	3072(%rdi), %ymm0
+        vmovdqu	3104(%rdi), %ymm1
+        vmovdqu	3136(%rdi), %ymm2
+        vmovdqu	3168(%rdi), %ymm3
+        vmovdqu	3200(%rdi), %ymm4
+        vmovdqu	3232(%rdi), %ymm5
+        vmovdqu	3264(%rdi), %ymm6
+        vmovdqu	3296(%rdi), %ymm7
+        vpsubd	%ymm0, %ymm8, %ymm0
+        vpsubd	%ymm1, %ymm8, %ymm1
+        vpsubd	%ymm2, %ymm8, %ymm2
+        vpsubd	%ymm3, %ymm8, %ymm3
+        vpsubd	%ymm4, %ymm8, %ymm4
+        vpsubd	%ymm5, %ymm8, %ymm5
+        vpsubd	%ymm6, %ymm8, %ymm6
+        vpsubd	%ymm7, %ymm8, %ymm7
+        vpsllvd	%ymm9, %ymm0, %ymm0
+        vpsllvd	%ymm9, %ymm1, %ymm1
+        vpsllvd	%ymm9, %ymm2, %ymm2
+        vpsllvd	%ymm9, %ymm3, %ymm3
+        vpsllvd	%ymm9, %ymm4, %ymm4
+        vpsllvd	%ymm9, %ymm5, %ymm5
+        vpsllvd	%ymm9, %ymm6, %ymm6
+        vpsllvd	%ymm9, %ymm7, %ymm7
+        vpackusdw	%ymm1, %ymm0, %ymm0
+        vpackusdw	%ymm3, %ymm2, %ymm1
+        vpackusdw	%ymm5, %ymm4, %ymm2
+        vpackusdw	%ymm7, %ymm6, %ymm3
+        vpermq	$0xd8, %ymm0, %ymm0
+        vpermq	$0xd8, %ymm1, %ymm1
+        vpermq	$0xd8, %ymm2, %ymm2
+        vpermq	$0xd8, %ymm3, %ymm3
+        vphaddw	%ymm1, %ymm0, %ymm0
+        vphaddw	%ymm3, %ymm2, %ymm1
+        vphaddw	%ymm5, %ymm4, %ymm2
+        vphaddw	%ymm7, %ymm6, %ymm3
+        vpermq	$0xd8, %ymm0, %ymm0
+        vpermq	$0xd8, %ymm1, %ymm1
+        vpackuswb	%ymm1, %ymm0, %ymm0
+        vpermq	$0xd8, %ymm0, %ymm0
+        vmovdqu	%ymm0, 384(%rsi)
+        vmovdqu	3328(%rdi), %ymm0
+        vmovdqu	3360(%rdi), %ymm1
+        vmovdqu	3392(%rdi), %ymm2
+        vmovdqu	3424(%rdi), %ymm3
+        vmovdqu	3456(%rdi), %ymm4
+        vmovdqu	3488(%rdi), %ymm5
+        vmovdqu	3520(%rdi), %ymm6
+        vmovdqu	3552(%rdi), %ymm7
+        vpsubd	%ymm0, %ymm8, %ymm0
+        vpsubd	%ymm1, %ymm8, %ymm1
+        vpsubd	%ymm2, %ymm8, %ymm2
+        vpsubd	%ymm3, %ymm8, %ymm3
+        vpsubd	%ymm4, %ymm8, %ymm4
+        vpsubd	%ymm5, %ymm8, %ymm5
+        vpsubd	%ymm6, %ymm8, %ymm6
+        vpsubd	%ymm7, %ymm8, %ymm7
+        vpsllvd	%ymm9, %ymm0, %ymm0
+        vpsllvd	%ymm9, %ymm1, %ymm1
+        vpsllvd	%ymm9, %ymm2, %ymm2
+        vpsllvd	%ymm9, %ymm3, %ymm3
+        vpsllvd	%ymm9, %ymm4, %ymm4
+        vpsllvd	%ymm9, %ymm5, %ymm5
+        vpsllvd	%ymm9, %ymm6, %ymm6
+        vpsllvd	%ymm9, %ymm7, %ymm7
+        vpackusdw	%ymm1, %ymm0, %ymm0
+        vpackusdw	%ymm3, %ymm2, %ymm1
+        vpackusdw	%ymm5, %ymm4, %ymm2
+        vpackusdw	%ymm7, %ymm6, %ymm3
+        vpermq	$0xd8, %ymm0, %ymm0
+        vpermq	$0xd8, %ymm1, %ymm1
+        vpermq	$0xd8, %ymm2, %ymm2
+        vpermq	$0xd8, %ymm3, %ymm3
+        vphaddw	%ymm1, %ymm0, %ymm0
+        vphaddw	%ymm3, %ymm2, %ymm1
+        vphaddw	%ymm5, %ymm4, %ymm2
+        vphaddw	%ymm7, %ymm6, %ymm3
+        vpermq	$0xd8, %ymm0, %ymm0
+        vpermq	$0xd8, %ymm1, %ymm1
+        vpackuswb	%ymm1, %ymm0, %ymm0
+        vpermq	$0xd8, %ymm0, %ymm0
+        vmovdqu	%ymm0, 416(%rsi)
+        vmovdqu	3584(%rdi), %ymm0
+        vmovdqu	3616(%rdi), %ymm1
+        vmovdqu	3648(%rdi), %ymm2
+        vmovdqu	3680(%rdi), %ymm3
+        vmovdqu	3712(%rdi), %ymm4
+        vmovdqu	3744(%rdi), %ymm5
+        vmovdqu	3776(%rdi), %ymm6
+        vmovdqu	3808(%rdi), %ymm7
+        vpsubd	%ymm0, %ymm8, %ymm0
+        vpsubd	%ymm1, %ymm8, %ymm1
+        vpsubd	%ymm2, %ymm8, %ymm2
+        vpsubd	%ymm3, %ymm8, %ymm3
+        vpsubd	%ymm4, %ymm8, %ymm4
+        vpsubd	%ymm5, %ymm8, %ymm5
+        vpsubd	%ymm6, %ymm8, %ymm6
+        vpsubd	%ymm7, %ymm8, %ymm7
+        vpsllvd	%ymm9, %ymm0, %ymm0
+        vpsllvd	%ymm9, %ymm1, %ymm1
+        vpsllvd	%ymm9, %ymm2, %ymm2
+        vpsllvd	%ymm9, %ymm3, %ymm3
+        vpsllvd	%ymm9, %ymm4, %ymm4
+        vpsllvd	%ymm9, %ymm5, %ymm5
+        vpsllvd	%ymm9, %ymm6, %ymm6
+        vpsllvd	%ymm9, %ymm7, %ymm7
+        vpackusdw	%ymm1, %ymm0, %ymm0
+        vpackusdw	%ymm3, %ymm2, %ymm1
+        vpackusdw	%ymm5, %ymm4, %ymm2
+        vpackusdw	%ymm7, %ymm6, %ymm3
+        vpermq	$0xd8, %ymm0, %ymm0
+        vpermq	$0xd8, %ymm1, %ymm1
+        vpermq	$0xd8, %ymm2, %ymm2
+        vpermq	$0xd8, %ymm3, %ymm3
+        vphaddw	%ymm1, %ymm0, %ymm0
+        vphaddw	%ymm3, %ymm2, %ymm1
+        vphaddw	%ymm5, %ymm4, %ymm2
+        vphaddw	%ymm7, %ymm6, %ymm3
+        vpermq	$0xd8, %ymm0, %ymm0
+        vpermq	$0xd8, %ymm1, %ymm1
+        vpackuswb	%ymm1, %ymm0, %ymm0
+        vpermq	$0xd8, %ymm0, %ymm0
+        vmovdqu	%ymm0, 448(%rsi)
+        vmovdqu	3840(%rdi), %ymm0
+        vmovdqu	3872(%rdi), %ymm1
+        vmovdqu	3904(%rdi), %ymm2
+        vmovdqu	3936(%rdi), %ymm3
+        vmovdqu	3968(%rdi), %ymm4
+        vmovdqu	4000(%rdi), %ymm5
+        vmovdqu	4032(%rdi), %ymm6
+        vmovdqu	4064(%rdi), %ymm7
+        vpsubd	%ymm0, %ymm8, %ymm0
+        vpsubd	%ymm1, %ymm8, %ymm1
+        vpsubd	%ymm2, %ymm8, %ymm2
+        vpsubd	%ymm3, %ymm8, %ymm3
+        vpsubd	%ymm4, %ymm8, %ymm4
+        vpsubd	%ymm5, %ymm8, %ymm5
+        vpsubd	%ymm6, %ymm8, %ymm6
+        vpsubd	%ymm7, %ymm8, %ymm7
+        vpsllvd	%ymm9, %ymm0, %ymm0
+        vpsllvd	%ymm9, %ymm1, %ymm1
+        vpsllvd	%ymm9, %ymm2, %ymm2
+        vpsllvd	%ymm9, %ymm3, %ymm3
+        vpsllvd	%ymm9, %ymm4, %ymm4
+        vpsllvd	%ymm9, %ymm5, %ymm5
+        vpsllvd	%ymm9, %ymm6, %ymm6
+        vpsllvd	%ymm9, %ymm7, %ymm7
+        vpackusdw	%ymm1, %ymm0, %ymm0
+        vpackusdw	%ymm3, %ymm2, %ymm1
+        vpackusdw	%ymm5, %ymm4, %ymm2
+        vpackusdw	%ymm7, %ymm6, %ymm3
+        vpermq	$0xd8, %ymm0, %ymm0
+        vpermq	$0xd8, %ymm1, %ymm1
+        vpermq	$0xd8, %ymm2, %ymm2
+        vpermq	$0xd8, %ymm3, %ymm3
+        vphaddw	%ymm1, %ymm0, %ymm0
+        vphaddw	%ymm3, %ymm2, %ymm1
+        vphaddw	%ymm5, %ymm4, %ymm2
+        vphaddw	%ymm7, %ymm6, %ymm3
+        vpermq	$0xd8, %ymm0, %ymm0
+        vpermq	$0xd8, %ymm1, %ymm1
+        vpackuswb	%ymm1, %ymm0, %ymm0
+        vpermq	$0xd8, %ymm0, %ymm0
+        vmovdqu	%ymm0, 480(%rsi)
+        vmovdqu	4096(%rdi), %ymm0
+        vmovdqu	4128(%rdi), %ymm1
+        vmovdqu	4160(%rdi), %ymm2
+        vmovdqu	4192(%rdi), %ymm3
+        vmovdqu	4224(%rdi), %ymm4
+        vmovdqu	4256(%rdi), %ymm5
+        vmovdqu	4288(%rdi), %ymm6
+        vmovdqu	4320(%rdi), %ymm7
+        vpsubd	%ymm0, %ymm8, %ymm0
+        vpsubd	%ymm1, %ymm8, %ymm1
+        vpsubd	%ymm2, %ymm8, %ymm2
+        vpsubd	%ymm3, %ymm8, %ymm3
+        vpsubd	%ymm4, %ymm8, %ymm4
+        vpsubd	%ymm5, %ymm8, %ymm5
+        vpsubd	%ymm6, %ymm8, %ymm6
+        vpsubd	%ymm7, %ymm8, %ymm7
+        vpsllvd	%ymm9, %ymm0, %ymm0
+        vpsllvd	%ymm9, %ymm1, %ymm1
+        vpsllvd	%ymm9, %ymm2, %ymm2
+        vpsllvd	%ymm9, %ymm3, %ymm3
+        vpsllvd	%ymm9, %ymm4, %ymm4
+        vpsllvd	%ymm9, %ymm5, %ymm5
+        vpsllvd	%ymm9, %ymm6, %ymm6
+        vpsllvd	%ymm9, %ymm7, %ymm7
+        vpackusdw	%ymm1, %ymm0, %ymm0
+        vpackusdw	%ymm3, %ymm2, %ymm1
+        vpackusdw	%ymm5, %ymm4, %ymm2
+        vpackusdw	%ymm7, %ymm6, %ymm3
+        vpermq	$0xd8, %ymm0, %ymm0
+        vpermq	$0xd8, %ymm1, %ymm1
+        vpermq	$0xd8, %ymm2, %ymm2
+        vpermq	$0xd8, %ymm3, %ymm3
+        vphaddw	%ymm1, %ymm0, %ymm0
+        vphaddw	%ymm3, %ymm2, %ymm1
+        vphaddw	%ymm5, %ymm4, %ymm2
+        vphaddw	%ymm7, %ymm6, %ymm3
+        vpermq	$0xd8, %ymm0, %ymm0
+        vpermq	$0xd8, %ymm1, %ymm1
+        vpackuswb	%ymm1, %ymm0, %ymm0
+        vpermq	$0xd8, %ymm0, %ymm0
+        vmovdqu	%ymm0, 512(%rsi)
+        vmovdqu	4352(%rdi), %ymm0
+        vmovdqu	4384(%rdi), %ymm1
+        vmovdqu	4416(%rdi), %ymm2
+        vmovdqu	4448(%rdi), %ymm3
+        vmovdqu	4480(%rdi), %ymm4
+        vmovdqu	4512(%rdi), %ymm5
+        vmovdqu	4544(%rdi), %ymm6
+        vmovdqu	4576(%rdi), %ymm7
+        vpsubd	%ymm0, %ymm8, %ymm0
+        vpsubd	%ymm1, %ymm8, %ymm1
+        vpsubd	%ymm2, %ymm8, %ymm2
+        vpsubd	%ymm3, %ymm8, %ymm3
+        vpsubd	%ymm4, %ymm8, %ymm4
+        vpsubd	%ymm5, %ymm8, %ymm5
+        vpsubd	%ymm6, %ymm8, %ymm6
+        vpsubd	%ymm7, %ymm8, %ymm7
+        vpsllvd	%ymm9, %ymm0, %ymm0
+        vpsllvd	%ymm9, %ymm1, %ymm1
+        vpsllvd	%ymm9, %ymm2, %ymm2
+        vpsllvd	%ymm9, %ymm3, %ymm3
+        vpsllvd	%ymm9, %ymm4, %ymm4
+        vpsllvd	%ymm9, %ymm5, %ymm5
+        vpsllvd	%ymm9, %ymm6, %ymm6
+        vpsllvd	%ymm9, %ymm7, %ymm7
+        vpackusdw	%ymm1, %ymm0, %ymm0
+        vpackusdw	%ymm3, %ymm2, %ymm1
+        vpackusdw	%ymm5, %ymm4, %ymm2
+        vpackusdw	%ymm7, %ymm6, %ymm3
+        vpermq	$0xd8, %ymm0, %ymm0
+        vpermq	$0xd8, %ymm1, %ymm1
+        vpermq	$0xd8, %ymm2, %ymm2
+        vpermq	$0xd8, %ymm3, %ymm3
+        vphaddw	%ymm1, %ymm0, %ymm0
+        vphaddw	%ymm3, %ymm2, %ymm1
+        vphaddw	%ymm5, %ymm4, %ymm2
+        vphaddw	%ymm7, %ymm6, %ymm3
+        vpermq	$0xd8, %ymm0, %ymm0
+        vpermq	$0xd8, %ymm1, %ymm1
+        vpackuswb	%ymm1, %ymm0, %ymm0
+        vpermq	$0xd8, %ymm0, %ymm0
+        vmovdqu	%ymm0, 544(%rsi)
+        vmovdqu	4608(%rdi), %ymm0
+        vmovdqu	4640(%rdi), %ymm1
+        vmovdqu	4672(%rdi), %ymm2
+        vmovdqu	4704(%rdi), %ymm3
+        vmovdqu	4736(%rdi), %ymm4
+        vmovdqu	4768(%rdi), %ymm5
+        vmovdqu	4800(%rdi), %ymm6
+        vmovdqu	4832(%rdi), %ymm7
+        vpsubd	%ymm0, %ymm8, %ymm0
+        vpsubd	%ymm1, %ymm8, %ymm1
+        vpsubd	%ymm2, %ymm8, %ymm2
+        vpsubd	%ymm3, %ymm8, %ymm3
+        vpsubd	%ymm4, %ymm8, %ymm4
+        vpsubd	%ymm5, %ymm8, %ymm5
+        vpsubd	%ymm6, %ymm8, %ymm6
+        vpsubd	%ymm7, %ymm8, %ymm7
+        vpsllvd	%ymm9, %ymm0, %ymm0
+        vpsllvd	%ymm9, %ymm1, %ymm1
+        vpsllvd	%ymm9, %ymm2, %ymm2
+        vpsllvd	%ymm9, %ymm3, %ymm3
+        vpsllvd	%ymm9, %ymm4, %ymm4
+        vpsllvd	%ymm9, %ymm5, %ymm5
+        vpsllvd	%ymm9, %ymm6, %ymm6
+        vpsllvd	%ymm9, %ymm7, %ymm7
+        vpackusdw	%ymm1, %ymm0, %ymm0
+        vpackusdw	%ymm3, %ymm2, %ymm1
+        vpackusdw	%ymm5, %ymm4, %ymm2
+        vpackusdw	%ymm7, %ymm6, %ymm3
+        vpermq	$0xd8, %ymm0, %ymm0
+        vpermq	$0xd8, %ymm1, %ymm1
+        vpermq	$0xd8, %ymm2, %ymm2
+        vpermq	$0xd8, %ymm3, %ymm3
+        vphaddw	%ymm1, %ymm0, %ymm0
+        vphaddw	%ymm3, %ymm2, %ymm1
+        vphaddw	%ymm5, %ymm4, %ymm2
+        vphaddw	%ymm7, %ymm6, %ymm3
+        vpermq	$0xd8, %ymm0, %ymm0
+        vpermq	$0xd8, %ymm1, %ymm1
+        vpackuswb	%ymm1, %ymm0, %ymm0
+        vpermq	$0xd8, %ymm0, %ymm0
+        vmovdqu	%ymm0, 576(%rsi)
+        vmovdqu	4864(%rdi), %ymm0
+        vmovdqu	4896(%rdi), %ymm1
+        vmovdqu	4928(%rdi), %ymm2
+        vmovdqu	4960(%rdi), %ymm3
+        vmovdqu	4992(%rdi), %ymm4
+        vmovdqu	5024(%rdi), %ymm5
+        vmovdqu	5056(%rdi), %ymm6
+        vmovdqu	5088(%rdi), %ymm7
+        vpsubd	%ymm0, %ymm8, %ymm0
+        vpsubd	%ymm1, %ymm8, %ymm1
+        vpsubd	%ymm2, %ymm8, %ymm2
+        vpsubd	%ymm3, %ymm8, %ymm3
+        vpsubd	%ymm4, %ymm8, %ymm4
+        vpsubd	%ymm5, %ymm8, %ymm5
+        vpsubd	%ymm6, %ymm8, %ymm6
+        vpsubd	%ymm7, %ymm8, %ymm7
+        vpsllvd	%ymm9, %ymm0, %ymm0
+        vpsllvd	%ymm9, %ymm1, %ymm1
+        vpsllvd	%ymm9, %ymm2, %ymm2
+        vpsllvd	%ymm9, %ymm3, %ymm3
+        vpsllvd	%ymm9, %ymm4, %ymm4
+        vpsllvd	%ymm9, %ymm5, %ymm5
+        vpsllvd	%ymm9, %ymm6, %ymm6
+        vpsllvd	%ymm9, %ymm7, %ymm7
+        vpackusdw	%ymm1, %ymm0, %ymm0
+        vpackusdw	%ymm3, %ymm2, %ymm1
+        vpackusdw	%ymm5, %ymm4, %ymm2
+        vpackusdw	%ymm7, %ymm6, %ymm3
+        vpermq	$0xd8, %ymm0, %ymm0
+        vpermq	$0xd8, %ymm1, %ymm1
+        vpermq	$0xd8, %ymm2, %ymm2
+        vpermq	$0xd8, %ymm3, %ymm3
+        vphaddw	%ymm1, %ymm0, %ymm0
+        vphaddw	%ymm3, %ymm2, %ymm1
+        vphaddw	%ymm5, %ymm4, %ymm2
+        vphaddw	%ymm7, %ymm6, %ymm3
+        vpermq	$0xd8, %ymm0, %ymm0
+        vpermq	$0xd8, %ymm1, %ymm1
+        vpackuswb	%ymm1, %ymm0, %ymm0
+        vpermq	$0xd8, %ymm0, %ymm0
+        vmovdqu	%ymm0, 608(%rsi)
+        vmovdqu	5120(%rdi), %ymm0
+        vmovdqu	5152(%rdi), %ymm1
+        vmovdqu	5184(%rdi), %ymm2
+        vmovdqu	5216(%rdi), %ymm3
+        vmovdqu	5248(%rdi), %ymm4
+        vmovdqu	5280(%rdi), %ymm5
+        vmovdqu	5312(%rdi), %ymm6
+        vmovdqu	5344(%rdi), %ymm7
+        vpsubd	%ymm0, %ymm8, %ymm0
+        vpsubd	%ymm1, %ymm8, %ymm1
+        vpsubd	%ymm2, %ymm8, %ymm2
+        vpsubd	%ymm3, %ymm8, %ymm3
+        vpsubd	%ymm4, %ymm8, %ymm4
+        vpsubd	%ymm5, %ymm8, %ymm5
+        vpsubd	%ymm6, %ymm8, %ymm6
+        vpsubd	%ymm7, %ymm8, %ymm7
+        vpsllvd	%ymm9, %ymm0, %ymm0
+        vpsllvd	%ymm9, %ymm1, %ymm1
+        vpsllvd	%ymm9, %ymm2, %ymm2
+        vpsllvd	%ymm9, %ymm3, %ymm3
+        vpsllvd	%ymm9, %ymm4, %ymm4
+        vpsllvd	%ymm9, %ymm5, %ymm5
+        vpsllvd	%ymm9, %ymm6, %ymm6
+        vpsllvd	%ymm9, %ymm7, %ymm7
+        vpackusdw	%ymm1, %ymm0, %ymm0
+        vpackusdw	%ymm3, %ymm2, %ymm1
+        vpackusdw	%ymm5, %ymm4, %ymm2
+        vpackusdw	%ymm7, %ymm6, %ymm3
+        vpermq	$0xd8, %ymm0, %ymm0
+        vpermq	$0xd8, %ymm1, %ymm1
+        vpermq	$0xd8, %ymm2, %ymm2
+        vpermq	$0xd8, %ymm3, %ymm3
+        vphaddw	%ymm1, %ymm0, %ymm0
+        vphaddw	%ymm3, %ymm2, %ymm1
+        vphaddw	%ymm5, %ymm4, %ymm2
+        vphaddw	%ymm7, %ymm6, %ymm3
+        vpermq	$0xd8, %ymm0, %ymm0
+        vpermq	$0xd8, %ymm1, %ymm1
+        vpackuswb	%ymm1, %ymm0, %ymm0
+        vpermq	$0xd8, %ymm0, %ymm0
+        vmovdqu	%ymm0, 640(%rsi)
+        vmovdqu	5376(%rdi), %ymm0
+        vmovdqu	5408(%rdi), %ymm1
+        vmovdqu	5440(%rdi), %ymm2
+        vmovdqu	5472(%rdi), %ymm3
+        vmovdqu	5504(%rdi), %ymm4
+        vmovdqu	5536(%rdi), %ymm5
+        vmovdqu	5568(%rdi), %ymm6
+        vmovdqu	5600(%rdi), %ymm7
+        vpsubd	%ymm0, %ymm8, %ymm0
+        vpsubd	%ymm1, %ymm8, %ymm1
+        vpsubd	%ymm2, %ymm8, %ymm2
+        vpsubd	%ymm3, %ymm8, %ymm3
+        vpsubd	%ymm4, %ymm8, %ymm4
+        vpsubd	%ymm5, %ymm8, %ymm5
+        vpsubd	%ymm6, %ymm8, %ymm6
+        vpsubd	%ymm7, %ymm8, %ymm7
+        vpsllvd	%ymm9, %ymm0, %ymm0
+        vpsllvd	%ymm9, %ymm1, %ymm1
+        vpsllvd	%ymm9, %ymm2, %ymm2
+        vpsllvd	%ymm9, %ymm3, %ymm3
+        vpsllvd	%ymm9, %ymm4, %ymm4
+        vpsllvd	%ymm9, %ymm5, %ymm5
+        vpsllvd	%ymm9, %ymm6, %ymm6
+        vpsllvd	%ymm9, %ymm7, %ymm7
+        vpackusdw	%ymm1, %ymm0, %ymm0
+        vpackusdw	%ymm3, %ymm2, %ymm1
+        vpackusdw	%ymm5, %ymm4, %ymm2
+        vpackusdw	%ymm7, %ymm6, %ymm3
+        vpermq	$0xd8, %ymm0, %ymm0
+        vpermq	$0xd8, %ymm1, %ymm1
+        vpermq	$0xd8, %ymm2, %ymm2
+        vpermq	$0xd8, %ymm3, %ymm3
+        vphaddw	%ymm1, %ymm0, %ymm0
+        vphaddw	%ymm3, %ymm2, %ymm1
+        vphaddw	%ymm5, %ymm4, %ymm2
+        vphaddw	%ymm7, %ymm6, %ymm3
+        vpermq	$0xd8, %ymm0, %ymm0
+        vpermq	$0xd8, %ymm1, %ymm1
+        vpackuswb	%ymm1, %ymm0, %ymm0
+        vpermq	$0xd8, %ymm0, %ymm0
+        vmovdqu	%ymm0, 672(%rsi)
+        vmovdqu	5632(%rdi), %ymm0
+        vmovdqu	5664(%rdi), %ymm1
+        vmovdqu	5696(%rdi), %ymm2
+        vmovdqu	5728(%rdi), %ymm3
+        vmovdqu	5760(%rdi), %ymm4
+        vmovdqu	5792(%rdi), %ymm5
+        vmovdqu	5824(%rdi), %ymm6
+        vmovdqu	5856(%rdi), %ymm7
+        vpsubd	%ymm0, %ymm8, %ymm0
+        vpsubd	%ymm1, %ymm8, %ymm1
+        vpsubd	%ymm2, %ymm8, %ymm2
+        vpsubd	%ymm3, %ymm8, %ymm3
+        vpsubd	%ymm4, %ymm8, %ymm4
+        vpsubd	%ymm5, %ymm8, %ymm5
+        vpsubd	%ymm6, %ymm8, %ymm6
+        vpsubd	%ymm7, %ymm8, %ymm7
+        vpsllvd	%ymm9, %ymm0, %ymm0
+        vpsllvd	%ymm9, %ymm1, %ymm1
+        vpsllvd	%ymm9, %ymm2, %ymm2
+        vpsllvd	%ymm9, %ymm3, %ymm3
+        vpsllvd	%ymm9, %ymm4, %ymm4
+        vpsllvd	%ymm9, %ymm5, %ymm5
+        vpsllvd	%ymm9, %ymm6, %ymm6
+        vpsllvd	%ymm9, %ymm7, %ymm7
+        vpackusdw	%ymm1, %ymm0, %ymm0
+        vpackusdw	%ymm3, %ymm2, %ymm1
+        vpackusdw	%ymm5, %ymm4, %ymm2
+        vpackusdw	%ymm7, %ymm6, %ymm3
+        vpermq	$0xd8, %ymm0, %ymm0
+        vpermq	$0xd8, %ymm1, %ymm1
+        vpermq	$0xd8, %ymm2, %ymm2
+        vpermq	$0xd8, %ymm3, %ymm3
+        vphaddw	%ymm1, %ymm0, %ymm0
+        vphaddw	%ymm3, %ymm2, %ymm1
+        vphaddw	%ymm5, %ymm4, %ymm2
+        vphaddw	%ymm7, %ymm6, %ymm3
+        vpermq	$0xd8, %ymm0, %ymm0
+        vpermq	$0xd8, %ymm1, %ymm1
+        vpackuswb	%ymm1, %ymm0, %ymm0
+        vpermq	$0xd8, %ymm0, %ymm0
+        vmovdqu	%ymm0, 704(%rsi)
+        vmovdqu	5888(%rdi), %ymm0
+        vmovdqu	5920(%rdi), %ymm1
+        vmovdqu	5952(%rdi), %ymm2
+        vmovdqu	5984(%rdi), %ymm3
+        vmovdqu	6016(%rdi), %ymm4
+        vmovdqu	6048(%rdi), %ymm5
+        vmovdqu	6080(%rdi), %ymm6
+        vmovdqu	6112(%rdi), %ymm7
+        vpsubd	%ymm0, %ymm8, %ymm0
+        vpsubd	%ymm1, %ymm8, %ymm1
+        vpsubd	%ymm2, %ymm8, %ymm2
+        vpsubd	%ymm3, %ymm8, %ymm3
+        vpsubd	%ymm4, %ymm8, %ymm4
+        vpsubd	%ymm5, %ymm8, %ymm5
+        vpsubd	%ymm6, %ymm8, %ymm6
+        vpsubd	%ymm7, %ymm8, %ymm7
+        vpsllvd	%ymm9, %ymm0, %ymm0
+        vpsllvd	%ymm9, %ymm1, %ymm1
+        vpsllvd	%ymm9, %ymm2, %ymm2
+        vpsllvd	%ymm9, %ymm3, %ymm3
+        vpsllvd	%ymm9, %ymm4, %ymm4
+        vpsllvd	%ymm9, %ymm5, %ymm5
+        vpsllvd	%ymm9, %ymm6, %ymm6
+        vpsllvd	%ymm9, %ymm7, %ymm7
+        vpackusdw	%ymm1, %ymm0, %ymm0
+        vpackusdw	%ymm3, %ymm2, %ymm1
+        vpackusdw	%ymm5, %ymm4, %ymm2
+        vpackusdw	%ymm7, %ymm6, %ymm3
+        vpermq	$0xd8, %ymm0, %ymm0
+        vpermq	$0xd8, %ymm1, %ymm1
+        vpermq	$0xd8, %ymm2, %ymm2
+        vpermq	$0xd8, %ymm3, %ymm3
+        vphaddw	%ymm1, %ymm0, %ymm0
+        vphaddw	%ymm3, %ymm2, %ymm1
+        vphaddw	%ymm5, %ymm4, %ymm2
+        vphaddw	%ymm7, %ymm6, %ymm3
+        vpermq	$0xd8, %ymm0, %ymm0
+        vpermq	$0xd8, %ymm1, %ymm1
+        vpackuswb	%ymm1, %ymm0, %ymm0
+        vpermq	$0xd8, %ymm0, %ymm0
+        vmovdqu	%ymm0, 736(%rsi)
+        vzeroupper
+        repz retq
+#ifndef __APPLE__
+.size	wc_mldsa_vec_encode_eta_4_avx2,.-wc_mldsa_vec_encode_eta_4_avx2
+#endif /* __APPLE__ */
+#ifndef __APPLE__
+.data
+#else
+.section	__DATA,__data
+#endif /* __APPLE__ */
+#ifndef __APPLE__
+.align	16
+#else
+.p2align	4
+#endif /* __APPLE__ */
+L_mldsa_decode_eta_2_avx2_shuff_0:
+.value	0xff00,0xffff
+.value	0xff00,0xffff
+.value	0x100,0xffff
+.value	0xff01,0xffff
+.value	0xff01,0xffff
+.value	0x201,0xffff
+.value	0xff02,0xffff
+.value	0xff02,0xffff
+#ifndef __APPLE__
+.data
+#else
+.section	__DATA,__data
+#endif /* __APPLE__ */
+#ifndef __APPLE__
+.align	16
+#else
+.p2align	4
+#endif /* __APPLE__ */
+L_mldsa_decode_eta_2_avx2_shuff_1:
+.value	0xff01,0xffff
+.value	0xff01,0xffff
+.value	0x201,0xffff
+.value	0xff02,0xffff
+.value	0xff02,0xffff
+.value	0x302,0xffff
+.value	0xff03,0xffff
+.value	0xff03,0xffff
+#ifndef __APPLE__
+.data
+#else
+.section	__DATA,__data
+#endif /* __APPLE__ */
+#ifndef __APPLE__
+.align	16
+#else
+.p2align	4
+#endif /* __APPLE__ */
+L_mldsa_decode_eta_2_avx2_shuff_2:
+.value	0xff02,0xffff
+.value	0xff02,0xffff
+.value	0x302,0xffff
+.value	0xff03,0xffff
+.value	0xff03,0xffff
+.value	0x403,0xffff
+.value	0xff04,0xffff
+.value	0xff04,0xffff
+#ifndef __APPLE__
+.data
+#else
+.section	__DATA,__data
+#endif /* __APPLE__ */
+#ifndef __APPLE__
+.align	16
+#else
+.p2align	4
+#endif /* __APPLE__ */
+L_mldsa_decode_eta_2_avx2_shuff_3:
+.value	0xff03,0xffff
+.value	0xff03,0xffff
+.value	0x403,0xffff
+.value	0xff04,0xffff
+.value	0xff04,0xffff
+.value	0x504,0xffff
+.value	0xff05,0xffff
+.value	0xff05,0xffff
+#ifndef __APPLE__
+.data
+#else
+.section	__DATA,__data
+#endif /* __APPLE__ */
+#ifndef __APPLE__
+.align	16
+#else
+.p2align	4
+#endif /* __APPLE__ */
+L_mldsa_decode_eta_2_avx2_shuff_4:
+.value	0xff04,0xffff
+.value	0xff04,0xffff
+.value	0x504,0xffff
+.value	0xff05,0xffff
+.value	0xff05,0xffff
+.value	0x605,0xffff
+.value	0xff06,0xffff
+.value	0xff06,0xffff
+#ifndef __APPLE__
+.data
+#else
+.section	__DATA,__data
+#endif /* __APPLE__ */
+#ifndef __APPLE__
+.align	16
+#else
+.p2align	4
+#endif /* __APPLE__ */
+L_mldsa_decode_eta_2_avx2_shuff_5:
+.value	0xff05,0xffff
+.value	0xff05,0xffff
+.value	0x605,0xffff
+.value	0xff06,0xffff
+.value	0xff06,0xffff
+.value	0x706,0xffff
+.value	0xff07,0xffff
+.value	0xff07,0xffff
+#ifndef __APPLE__
+.data
+#else
+.section	__DATA,__data
+#endif /* __APPLE__ */
+#ifndef __APPLE__
+.align	16
+#else
+.p2align	4
+#endif /* __APPLE__ */
+L_mldsa_decode_eta_2_avx2_shuff_6:
+.value	0xff06,0xffff
+.value	0xff06,0xffff
+.value	0x706,0xffff
+.value	0xff07,0xffff
+.value	0xff07,0xffff
+.value	0x807,0xffff
+.value	0xff08,0xffff
+.value	0xff08,0xffff
+#ifndef __APPLE__
+.data
+#else
+.section	__DATA,__data
+#endif /* __APPLE__ */
+#ifndef __APPLE__
+.align	16
+#else
+.p2align	4
+#endif /* __APPLE__ */
+L_mldsa_decode_eta_2_avx2_shuff_7:
+.value	0xff07,0xffff
+.value	0xff07,0xffff
+.value	0x807,0xffff
+.value	0xff08,0xffff
+.value	0xff08,0xffff
+.value	0x908,0xffff
+.value	0xff09,0xffff
+.value	0xff09,0xffff
+#ifndef __APPLE__
+.data
+#else
+.section	__DATA,__data
+#endif /* __APPLE__ */
+L_mldsa_decode_eta_2_avx2_two:
+.long	0x00000002,0x00000002,0x00000002,0x00000002
+.long	0x00000002,0x00000002,0x00000002,0x00000002
+#ifndef __APPLE__
+.data
+#else
+.section	__DATA,__data
+#endif /* __APPLE__ */
+L_mldsa_decode_eta_2_avx2_vs:
+.long	0x00000000,0x00000003,0x00000006,0x00000001
+.long	0x00000004,0x00000007,0x00000002,0x00000005
+#ifndef __APPLE__
+.data
+#else
+.section	__DATA,__data
+#endif /* __APPLE__ */
+L_mldsa_decode_eta_2_avx2_mask:
+.long	0x00000007,0x00000007,0x00000007,0x00000007
+.long	0x00000007,0x00000007,0x00000007,0x00000007
+#ifndef __APPLE__
+.text
+.globl	wc_mldsa_decode_eta_2_avx2
+.type	wc_mldsa_decode_eta_2_avx2,@function
+.align	16
+wc_mldsa_decode_eta_2_avx2:
+#else
+.section	__TEXT,__text
+.globl	_wc_mldsa_decode_eta_2_avx2
+.p2align	4
+_wc_mldsa_decode_eta_2_avx2:
+#endif /* __APPLE__ */
+        vpxor	%ymm4, %ymm4, %ymm4
+        vmovdqu	L_mldsa_decode_eta_2_avx2_shuff_0(%rip), %ymm4
+        vmovdqu	L_mldsa_decode_eta_2_avx2_shuff_1(%rip), %ymm5
+        vmovdqu	L_mldsa_decode_eta_2_avx2_shuff_2(%rip), %ymm6
+        vmovdqu	L_mldsa_decode_eta_2_avx2_shuff_3(%rip), %ymm7
+        vmovdqu	L_mldsa_decode_eta_2_avx2_shuff_4(%rip), %ymm8
+        vmovdqu	L_mldsa_decode_eta_2_avx2_shuff_5(%rip), %ymm9
+        vmovdqu	L_mldsa_decode_eta_2_avx2_shuff_6(%rip), %ymm10
+        vmovdqu	L_mldsa_decode_eta_2_avx2_shuff_7(%rip), %ymm11
+        vmovdqu	L_mldsa_decode_eta_2_avx2_two(%rip), %ymm12
+        vmovdqu	L_mldsa_decode_eta_2_avx2_vs(%rip), %ymm13
+        vmovdqu	L_mldsa_decode_eta_2_avx2_mask(%rip), %ymm14
+        vmovdqu	(%rdi), %ymm0
+        vmovdqu	32(%rdi), %ymm1
+        vmovdqu	64(%rdi), %ymm2
+        vpermq	$0x44, %ymm0, %ymm3
+        vpshufb	%ymm4, %ymm3, %ymm3
+        vpsrlvd	%ymm13, %ymm3, %ymm3
+        vpand	%ymm14, %ymm3, %ymm3
+        vpsubd	%ymm3, %ymm12, %ymm3
+        vmovdqu	%ymm3, (%rsi)
+        vpermq	$0x44, %ymm0, %ymm3
+        vpshufb	%ymm7, %ymm3, %ymm3
+        vpsrlvd	%ymm13, %ymm3, %ymm3
+        vpand	%ymm14, %ymm3, %ymm3
+        vpsubd	%ymm3, %ymm12, %ymm3
+        vmovdqu	%ymm3, 32(%rsi)
+        vpermq	$0x44, %ymm0, %ymm3
+        vpshufb	%ymm10, %ymm3, %ymm3
+        vpsrlvd	%ymm13, %ymm3, %ymm3
+        vpand	%ymm14, %ymm3, %ymm3
+        vpsubd	%ymm3, %ymm12, %ymm3
+        vmovdqu	%ymm3, 64(%rsi)
+        vpermq	$57, %ymm0, %ymm0
+        vpermq	$0x44, %ymm0, %ymm3
+        vpshufb	%ymm5, %ymm3, %ymm3
+        vpsrlvd	%ymm13, %ymm3, %ymm3
+        vpand	%ymm14, %ymm3, %ymm3
+        vpsubd	%ymm3, %ymm12, %ymm3
+        vmovdqu	%ymm3, 96(%rsi)
+        vpermq	$0x44, %ymm0, %ymm3
+        vpshufb	%ymm8, %ymm3, %ymm3
+        vpsrlvd	%ymm13, %ymm3, %ymm3
+        vpand	%ymm14, %ymm3, %ymm3
+        vpsubd	%ymm3, %ymm12, %ymm3
+        vmovdqu	%ymm3, 128(%rsi)
+        vpermq	$0x44, %ymm0, %ymm3
+        vpshufb	%ymm11, %ymm3, %ymm3
+        vpsrlvd	%ymm13, %ymm3, %ymm3
+        vpand	%ymm14, %ymm3, %ymm3
+        vpsubd	%ymm3, %ymm12, %ymm3
+        vmovdqu	%ymm3, 160(%rsi)
+        vpermq	$57, %ymm0, %ymm0
+        vpermq	$0x44, %ymm0, %ymm3
+        vpshufb	%ymm6, %ymm3, %ymm3
+        vpsrlvd	%ymm13, %ymm3, %ymm3
+        vpand	%ymm14, %ymm3, %ymm3
+        vpsubd	%ymm3, %ymm12, %ymm3
+        vmovdqu	%ymm3, 192(%rsi)
+        vpermq	$0x44, %ymm0, %ymm3
+        vpshufb	%ymm9, %ymm3, %ymm3
+        vpsrlvd	%ymm13, %ymm3, %ymm3
+        vpand	%ymm14, %ymm3, %ymm3
+        vpsubd	%ymm3, %ymm12, %ymm3
+        vmovdqu	%ymm3, 224(%rsi)
+        vpermq	$57, %ymm0, %ymm0
+        vpermq	$0x44, %ymm0, %ymm3
+        vpshufb	%ymm4, %ymm3, %ymm3
+        vpsrlvd	%ymm13, %ymm3, %ymm3
+        vpand	%ymm14, %ymm3, %ymm3
+        vpsubd	%ymm3, %ymm12, %ymm3
+        vmovdqu	%ymm3, 256(%rsi)
+        vpermq	$0x44, %ymm0, %ymm3
+        vpshufb	%ymm7, %ymm3, %ymm3
+        vpsrlvd	%ymm13, %ymm3, %ymm3
+        vpand	%ymm14, %ymm3, %ymm3
+        vpsubd	%ymm3, %ymm12, %ymm3
+        vmovdqu	%ymm3, 288(%rsi)
+        vperm2i128	$32, %ymm1, %ymm0, %ymm0
+        vpermq	$56, %ymm0, %ymm0
+        vpermq	$0x44, %ymm0, %ymm3
+        vpshufb	%ymm10, %ymm3, %ymm3
+        vpsrlvd	%ymm13, %ymm3, %ymm3
+        vpand	%ymm14, %ymm3, %ymm3
+        vpsubd	%ymm3, %ymm12, %ymm3
+        vmovdqu	%ymm3, 320(%rsi)
+        vpermq	$0x44, %ymm1, %ymm3
+        vpshufb	%ymm5, %ymm3, %ymm3
+        vpsrlvd	%ymm13, %ymm3, %ymm3
+        vpand	%ymm14, %ymm3, %ymm3
+        vpsubd	%ymm3, %ymm12, %ymm3
+        vmovdqu	%ymm3, 352(%rsi)
+        vpermq	$0x44, %ymm1, %ymm3
+        vpshufb	%ymm8, %ymm3, %ymm3
+        vpsrlvd	%ymm13, %ymm3, %ymm3
+        vpand	%ymm14, %ymm3, %ymm3
+        vpsubd	%ymm3, %ymm12, %ymm3
+        vmovdqu	%ymm3, 384(%rsi)
+        vpermq	$0x44, %ymm1, %ymm3
+        vpshufb	%ymm11, %ymm3, %ymm3
+        vpsrlvd	%ymm13, %ymm3, %ymm3
+        vpand	%ymm14, %ymm3, %ymm3
+        vpsubd	%ymm3, %ymm12, %ymm3
+        vmovdqu	%ymm3, 416(%rsi)
+        vpermq	$57, %ymm1, %ymm1
+        vpermq	$0x44, %ymm1, %ymm3
+        vpshufb	%ymm6, %ymm3, %ymm3
+        vpsrlvd	%ymm13, %ymm3, %ymm3
+        vpand	%ymm14, %ymm3, %ymm3
+        vpsubd	%ymm3, %ymm12, %ymm3
+        vmovdqu	%ymm3, 448(%rsi)
+        vpermq	$0x44, %ymm1, %ymm3
+        vpshufb	%ymm9, %ymm3, %ymm3
+        vpsrlvd	%ymm13, %ymm3, %ymm3
+        vpand	%ymm14, %ymm3, %ymm3
+        vpsubd	%ymm3, %ymm12, %ymm3
+        vmovdqu	%ymm3, 480(%rsi)
+        vpermq	$57, %ymm1, %ymm1
+        vpermq	$0x44, %ymm1, %ymm3
+        vpshufb	%ymm4, %ymm3, %ymm3
+        vpsrlvd	%ymm13, %ymm3, %ymm3
+        vpand	%ymm14, %ymm3, %ymm3
+        vpsubd	%ymm3, %ymm12, %ymm3
+        vmovdqu	%ymm3, 512(%rsi)
+        vpermq	$0x44, %ymm1, %ymm3
+        vpshufb	%ymm7, %ymm3, %ymm3
+        vpsrlvd	%ymm13, %ymm3, %ymm3
+        vpand	%ymm14, %ymm3, %ymm3
+        vpsubd	%ymm3, %ymm12, %ymm3
+        vmovdqu	%ymm3, 544(%rsi)
+        vpermq	$0x44, %ymm1, %ymm3
+        vpshufb	%ymm10, %ymm3, %ymm3
+        vpsrlvd	%ymm13, %ymm3, %ymm3
+        vpand	%ymm14, %ymm3, %ymm3
+        vpsubd	%ymm3, %ymm12, %ymm3
+        vmovdqu	%ymm3, 576(%rsi)
+        vpermq	$57, %ymm1, %ymm1
+        vpermq	$0x44, %ymm1, %ymm3
+        vpshufb	%ymm5, %ymm3, %ymm3
+        vpsrlvd	%ymm13, %ymm3, %ymm3
+        vpand	%ymm14, %ymm3, %ymm3
+        vpsubd	%ymm3, %ymm12, %ymm3
+        vmovdqu	%ymm3, 608(%rsi)
+        vpermq	$0x44, %ymm1, %ymm3
+        vpshufb	%ymm8, %ymm3, %ymm3
+        vpsrlvd	%ymm13, %ymm3, %ymm3
+        vpand	%ymm14, %ymm3, %ymm3
+        vpsubd	%ymm3, %ymm12, %ymm3
+        vmovdqu	%ymm3, 640(%rsi)
+        vperm2i128	$32, %ymm2, %ymm1, %ymm1
+        vpermq	$56, %ymm1, %ymm1
+        vpermq	$0x44, %ymm1, %ymm3
+        vpshufb	%ymm11, %ymm3, %ymm3
+        vpsrlvd	%ymm13, %ymm3, %ymm3
+        vpand	%ymm14, %ymm3, %ymm3
+        vpsubd	%ymm3, %ymm12, %ymm3
+        vmovdqu	%ymm3, 672(%rsi)
+        vpermq	$0x44, %ymm2, %ymm3
+        vpshufb	%ymm6, %ymm3, %ymm3
+        vpsrlvd	%ymm13, %ymm3, %ymm3
+        vpand	%ymm14, %ymm3, %ymm3
+        vpsubd	%ymm3, %ymm12, %ymm3
+        vmovdqu	%ymm3, 704(%rsi)
+        vpermq	$0x44, %ymm2, %ymm3
+        vpshufb	%ymm9, %ymm3, %ymm3
+        vpsrlvd	%ymm13, %ymm3, %ymm3
+        vpand	%ymm14, %ymm3, %ymm3
+        vpsubd	%ymm3, %ymm12, %ymm3
+        vmovdqu	%ymm3, 736(%rsi)
+        vpermq	$57, %ymm2, %ymm2
+        vpermq	$0x44, %ymm2, %ymm3
+        vpshufb	%ymm4, %ymm3, %ymm3
+        vpsrlvd	%ymm13, %ymm3, %ymm3
+        vpand	%ymm14, %ymm3, %ymm3
+        vpsubd	%ymm3, %ymm12, %ymm3
+        vmovdqu	%ymm3, 768(%rsi)
+        vpermq	$0x44, %ymm2, %ymm3
+        vpshufb	%ymm7, %ymm3, %ymm3
+        vpsrlvd	%ymm13, %ymm3, %ymm3
+        vpand	%ymm14, %ymm3, %ymm3
+        vpsubd	%ymm3, %ymm12, %ymm3
+        vmovdqu	%ymm3, 800(%rsi)
+        vpermq	$0x44, %ymm2, %ymm3
+        vpshufb	%ymm10, %ymm3, %ymm3
+        vpsrlvd	%ymm13, %ymm3, %ymm3
+        vpand	%ymm14, %ymm3, %ymm3
+        vpsubd	%ymm3, %ymm12, %ymm3
+        vmovdqu	%ymm3, 832(%rsi)
+        vpermq	$57, %ymm2, %ymm2
+        vpermq	$0x44, %ymm2, %ymm3
+        vpshufb	%ymm5, %ymm3, %ymm3
+        vpsrlvd	%ymm13, %ymm3, %ymm3
+        vpand	%ymm14, %ymm3, %ymm3
+        vpsubd	%ymm3, %ymm12, %ymm3
+        vmovdqu	%ymm3, 864(%rsi)
+        vpermq	$0x44, %ymm2, %ymm3
+        vpshufb	%ymm8, %ymm3, %ymm3
+        vpsrlvd	%ymm13, %ymm3, %ymm3
+        vpand	%ymm14, %ymm3, %ymm3
+        vpsubd	%ymm3, %ymm12, %ymm3
+        vmovdqu	%ymm3, 896(%rsi)
+        vpermq	$0x44, %ymm2, %ymm3
+        vpshufb	%ymm11, %ymm3, %ymm3
+        vpsrlvd	%ymm13, %ymm3, %ymm3
+        vpand	%ymm14, %ymm3, %ymm3
+        vpsubd	%ymm3, %ymm12, %ymm3
+        vmovdqu	%ymm3, 928(%rsi)
+        vpermq	$57, %ymm2, %ymm2
+        vpermq	$0x44, %ymm2, %ymm3
+        vpshufb	%ymm6, %ymm3, %ymm3
+        vpsrlvd	%ymm13, %ymm3, %ymm3
+        vpand	%ymm14, %ymm3, %ymm3
+        vpsubd	%ymm3, %ymm12, %ymm3
+        vmovdqu	%ymm3, 960(%rsi)
+        vpermq	$0x44, %ymm2, %ymm3
+        vpshufb	%ymm9, %ymm3, %ymm3
+        vpsrlvd	%ymm13, %ymm3, %ymm3
+        vpand	%ymm14, %ymm3, %ymm3
+        vpsubd	%ymm3, %ymm12, %ymm3
+        vmovdqu	%ymm3, 992(%rsi)
+        vzeroupper
+        repz retq
+#ifndef __APPLE__
+.size	wc_mldsa_decode_eta_2_avx2,.-wc_mldsa_decode_eta_2_avx2
+#endif /* __APPLE__ */
+#ifndef __APPLE__
+.data
+#else
+.section	__DATA,__data
+#endif /* __APPLE__ */
+#ifndef __APPLE__
+.align	16
+#else
+.p2align	4
+#endif /* __APPLE__ */
+L_mldsa_decode_eta_4_avx2_shuff_0:
+.value	0xff00,0xffff
+.value	0xff00,0xffff
+.value	0x100,0xffff
+.value	0xff01,0xffff
+.value	0xff01,0xffff
+.value	0x201,0xffff
+.value	0xff02,0xffff
+.value	0xff02,0xffff
+#ifndef __APPLE__
+.data
+#else
+.section	__DATA,__data
+#endif /* __APPLE__ */
+#ifndef __APPLE__
+.align	16
+#else
+.p2align	4
+#endif /* __APPLE__ */
+L_mldsa_decode_eta_4_avx2_shuff_1:
+.value	0xff01,0xffff
+.value	0xff01,0xffff
+.value	0x201,0xffff
+.value	0xff02,0xffff
+.value	0xff02,0xffff
+.value	0x302,0xffff
+.value	0xff03,0xffff
+.value	0xff03,0xffff
+#ifndef __APPLE__
+.data
+#else
+.section	__DATA,__data
+#endif /* __APPLE__ */
+#ifndef __APPLE__
+.align	16
+#else
+.p2align	4
+#endif /* __APPLE__ */
+L_mldsa_decode_eta_4_avx2_shuff_2:
+.value	0xff02,0xffff
+.value	0xff02,0xffff
+.value	0x302,0xffff
+.value	0xff03,0xffff
+.value	0xff03,0xffff
+.value	0x403,0xffff
+.value	0xff04,0xffff
+.value	0xff04,0xffff
+#ifndef __APPLE__
+.data
+#else
+.section	__DATA,__data
+#endif /* __APPLE__ */
+#ifndef __APPLE__
+.align	16
+#else
+.p2align	4
+#endif /* __APPLE__ */
+L_mldsa_decode_eta_4_avx2_shuff_3:
+.value	0xff03,0xffff
+.value	0xff03,0xffff
+.value	0x403,0xffff
+.value	0xff04,0xffff
+.value	0xff04,0xffff
+.value	0x504,0xffff
+.value	0xff05,0xffff
+.value	0xff05,0xffff
+#ifndef __APPLE__
+.data
+#else
+.section	__DATA,__data
+#endif /* __APPLE__ */
+#ifndef __APPLE__
+.align	16
+#else
+.p2align	4
+#endif /* __APPLE__ */
+L_mldsa_decode_eta_4_avx2_shuff_4:
+.value	0xff04,0xffff
+.value	0xff04,0xffff
+.value	0x504,0xffff
+.value	0xff05,0xffff
+.value	0xff05,0xffff
+.value	0x605,0xffff
+.value	0xff06,0xffff
+.value	0xff06,0xffff
+#ifndef __APPLE__
+.data
+#else
+.section	__DATA,__data
+#endif /* __APPLE__ */
+#ifndef __APPLE__
+.align	16
+#else
+.p2align	4
+#endif /* __APPLE__ */
+L_mldsa_decode_eta_4_avx2_shuff_5:
+.value	0xff05,0xffff
+.value	0xff05,0xffff
+.value	0x605,0xffff
+.value	0xff06,0xffff
+.value	0xff06,0xffff
+.value	0x706,0xffff
+.value	0xff07,0xffff
+.value	0xff07,0xffff
+#ifndef __APPLE__
+.data
+#else
+.section	__DATA,__data
+#endif /* __APPLE__ */
+#ifndef __APPLE__
+.align	16
+#else
+.p2align	4
+#endif /* __APPLE__ */
+L_mldsa_decode_eta_4_avx2_shuff_6:
+.value	0xff06,0xffff
+.value	0xff06,0xffff
+.value	0x706,0xffff
+.value	0xff07,0xffff
+.value	0xff07,0xffff
+.value	0x807,0xffff
+.value	0xff08,0xffff
+.value	0xff08,0xffff
+#ifndef __APPLE__
+.data
+#else
+.section	__DATA,__data
+#endif /* __APPLE__ */
+#ifndef __APPLE__
+.align	16
+#else
+.p2align	4
+#endif /* __APPLE__ */
+L_mldsa_decode_eta_4_avx2_shuff_7:
+.value	0xff07,0xffff
+.value	0xff07,0xffff
+.value	0x807,0xffff
+.value	0xff08,0xffff
+.value	0xff08,0xffff
+.value	0x908,0xffff
+.value	0xff09,0xffff
+.value	0xff09,0xffff
+#ifndef __APPLE__
+.data
+#else
+.section	__DATA,__data
+#endif /* __APPLE__ */
+L_mldsa_decode_eta_4_avx2_four:
+.long	0x00000004,0x00000004,0x00000004,0x00000004
+.long	0x00000004,0x00000004,0x00000004,0x00000004
+#ifndef __APPLE__
+.data
+#else
+.section	__DATA,__data
+#endif /* __APPLE__ */
+L_mldsa_decode_eta_4_avx2_vs:
+.long	0x00000000,0x00000004,0x00000008,0x0000000c
+.long	0x00000010,0x00000014,0x00000018,0x0000001c
+#ifndef __APPLE__
+.data
+#else
+.section	__DATA,__data
+#endif /* __APPLE__ */
+L_mldsa_decode_eta_4_avx2_mask:
+.long	0x0000000f,0x0000000f,0x0000000f,0x0000000f
+.long	0x0000000f,0x0000000f,0x0000000f,0x0000000f
+#ifndef __APPLE__
+.text
+.globl	wc_mldsa_decode_eta_4_avx2
+.type	wc_mldsa_decode_eta_4_avx2,@function
+.align	16
+wc_mldsa_decode_eta_4_avx2:
+#else
+.section	__TEXT,__text
+.globl	_wc_mldsa_decode_eta_4_avx2
+.p2align	4
+_wc_mldsa_decode_eta_4_avx2:
+#endif /* __APPLE__ */
+        vpxor	%ymm8, %ymm8, %ymm8
+        vmovdqu	L_mldsa_decode_eta_4_avx2_four(%rip), %ymm8
+        vmovdqu	L_mldsa_decode_eta_4_avx2_vs(%rip), %ymm9
+        vmovdqu	L_mldsa_decode_eta_4_avx2_mask(%rip), %ymm10
+        vpbroadcastd	(%rdi), %ymm0
+        vpbroadcastd	4(%rdi), %ymm1
+        vpbroadcastd	8(%rdi), %ymm2
+        vpbroadcastd	12(%rdi), %ymm3
+        vpbroadcastd	16(%rdi), %ymm4
+        vpbroadcastd	20(%rdi), %ymm5
+        vpbroadcastd	24(%rdi), %ymm6
+        vpbroadcastd	28(%rdi), %ymm7
+        vpsrlvd	%ymm9, %ymm0, %ymm0
+        vpsrlvd	%ymm9, %ymm1, %ymm1
+        vpsrlvd	%ymm9, %ymm2, %ymm2
+        vpsrlvd	%ymm9, %ymm3, %ymm3
+        vpsrlvd	%ymm9, %ymm4, %ymm4
+        vpsrlvd	%ymm9, %ymm5, %ymm5
+        vpsrlvd	%ymm9, %ymm6, %ymm6
+        vpsrlvd	%ymm9, %ymm7, %ymm7
+        vpand	%ymm10, %ymm0, %ymm0
+        vpand	%ymm10, %ymm1, %ymm1
+        vpand	%ymm10, %ymm2, %ymm2
+        vpand	%ymm10, %ymm3, %ymm3
+        vpand	%ymm10, %ymm4, %ymm4
+        vpand	%ymm10, %ymm5, %ymm5
+        vpand	%ymm10, %ymm6, %ymm6
+        vpand	%ymm10, %ymm7, %ymm7
+        vpsubd	%ymm0, %ymm8, %ymm0
+        vpsubd	%ymm1, %ymm8, %ymm1
+        vpsubd	%ymm2, %ymm8, %ymm2
+        vpsubd	%ymm3, %ymm8, %ymm3
+        vpsubd	%ymm4, %ymm8, %ymm4
+        vpsubd	%ymm5, %ymm8, %ymm5
+        vpsubd	%ymm6, %ymm8, %ymm6
+        vpsubd	%ymm7, %ymm8, %ymm7
+        vmovdqu	%ymm0, (%rsi)
+        vmovdqu	%ymm1, 32(%rsi)
+        vmovdqu	%ymm2, 64(%rsi)
+        vmovdqu	%ymm3, 96(%rsi)
+        vmovdqu	%ymm4, 128(%rsi)
+        vmovdqu	%ymm5, 160(%rsi)
+        vmovdqu	%ymm6, 192(%rsi)
+        vmovdqu	%ymm7, 224(%rsi)
+        vpbroadcastd	32(%rdi), %ymm0
+        vpbroadcastd	36(%rdi), %ymm1
+        vpbroadcastd	40(%rdi), %ymm2
+        vpbroadcastd	44(%rdi), %ymm3
+        vpbroadcastd	48(%rdi), %ymm4
+        vpbroadcastd	52(%rdi), %ymm5
+        vpbroadcastd	56(%rdi), %ymm6
+        vpbroadcastd	60(%rdi), %ymm7
+        vpsrlvd	%ymm9, %ymm0, %ymm0
+        vpsrlvd	%ymm9, %ymm1, %ymm1
+        vpsrlvd	%ymm9, %ymm2, %ymm2
+        vpsrlvd	%ymm9, %ymm3, %ymm3
+        vpsrlvd	%ymm9, %ymm4, %ymm4
+        vpsrlvd	%ymm9, %ymm5, %ymm5
+        vpsrlvd	%ymm9, %ymm6, %ymm6
+        vpsrlvd	%ymm9, %ymm7, %ymm7
+        vpand	%ymm10, %ymm0, %ymm0
+        vpand	%ymm10, %ymm1, %ymm1
+        vpand	%ymm10, %ymm2, %ymm2
+        vpand	%ymm10, %ymm3, %ymm3
+        vpand	%ymm10, %ymm4, %ymm4
+        vpand	%ymm10, %ymm5, %ymm5
+        vpand	%ymm10, %ymm6, %ymm6
+        vpand	%ymm10, %ymm7, %ymm7
+        vpsubd	%ymm0, %ymm8, %ymm0
+        vpsubd	%ymm1, %ymm8, %ymm1
+        vpsubd	%ymm2, %ymm8, %ymm2
+        vpsubd	%ymm3, %ymm8, %ymm3
+        vpsubd	%ymm4, %ymm8, %ymm4
+        vpsubd	%ymm5, %ymm8, %ymm5
+        vpsubd	%ymm6, %ymm8, %ymm6
+        vpsubd	%ymm7, %ymm8, %ymm7
+        vmovdqu	%ymm0, 256(%rsi)
+        vmovdqu	%ymm1, 288(%rsi)
+        vmovdqu	%ymm2, 320(%rsi)
+        vmovdqu	%ymm3, 352(%rsi)
+        vmovdqu	%ymm4, 384(%rsi)
+        vmovdqu	%ymm5, 416(%rsi)
+        vmovdqu	%ymm6, 448(%rsi)
+        vmovdqu	%ymm7, 480(%rsi)
+        vpbroadcastd	64(%rdi), %ymm0
+        vpbroadcastd	68(%rdi), %ymm1
+        vpbroadcastd	72(%rdi), %ymm2
+        vpbroadcastd	76(%rdi), %ymm3
+        vpbroadcastd	80(%rdi), %ymm4
+        vpbroadcastd	84(%rdi), %ymm5
+        vpbroadcastd	88(%rdi), %ymm6
+        vpbroadcastd	92(%rdi), %ymm7
+        vpsrlvd	%ymm9, %ymm0, %ymm0
+        vpsrlvd	%ymm9, %ymm1, %ymm1
+        vpsrlvd	%ymm9, %ymm2, %ymm2
+        vpsrlvd	%ymm9, %ymm3, %ymm3
+        vpsrlvd	%ymm9, %ymm4, %ymm4
+        vpsrlvd	%ymm9, %ymm5, %ymm5
+        vpsrlvd	%ymm9, %ymm6, %ymm6
+        vpsrlvd	%ymm9, %ymm7, %ymm7
+        vpand	%ymm10, %ymm0, %ymm0
+        vpand	%ymm10, %ymm1, %ymm1
+        vpand	%ymm10, %ymm2, %ymm2
+        vpand	%ymm10, %ymm3, %ymm3
+        vpand	%ymm10, %ymm4, %ymm4
+        vpand	%ymm10, %ymm5, %ymm5
+        vpand	%ymm10, %ymm6, %ymm6
+        vpand	%ymm10, %ymm7, %ymm7
+        vpsubd	%ymm0, %ymm8, %ymm0
+        vpsubd	%ymm1, %ymm8, %ymm1
+        vpsubd	%ymm2, %ymm8, %ymm2
+        vpsubd	%ymm3, %ymm8, %ymm3
+        vpsubd	%ymm4, %ymm8, %ymm4
+        vpsubd	%ymm5, %ymm8, %ymm5
+        vpsubd	%ymm6, %ymm8, %ymm6
+        vpsubd	%ymm7, %ymm8, %ymm7
+        vmovdqu	%ymm0, 512(%rsi)
+        vmovdqu	%ymm1, 544(%rsi)
+        vmovdqu	%ymm2, 576(%rsi)
+        vmovdqu	%ymm3, 608(%rsi)
+        vmovdqu	%ymm4, 640(%rsi)
+        vmovdqu	%ymm5, 672(%rsi)
+        vmovdqu	%ymm6, 704(%rsi)
+        vmovdqu	%ymm7, 736(%rsi)
+        vpbroadcastd	96(%rdi), %ymm0
+        vpbroadcastd	100(%rdi), %ymm1
+        vpbroadcastd	104(%rdi), %ymm2
+        vpbroadcastd	108(%rdi), %ymm3
+        vpbroadcastd	112(%rdi), %ymm4
+        vpbroadcastd	116(%rdi), %ymm5
+        vpbroadcastd	120(%rdi), %ymm6
+        vpbroadcastd	124(%rdi), %ymm7
+        vpsrlvd	%ymm9, %ymm0, %ymm0
+        vpsrlvd	%ymm9, %ymm1, %ymm1
+        vpsrlvd	%ymm9, %ymm2, %ymm2
+        vpsrlvd	%ymm9, %ymm3, %ymm3
+        vpsrlvd	%ymm9, %ymm4, %ymm4
+        vpsrlvd	%ymm9, %ymm5, %ymm5
+        vpsrlvd	%ymm9, %ymm6, %ymm6
+        vpsrlvd	%ymm9, %ymm7, %ymm7
+        vpand	%ymm10, %ymm0, %ymm0
+        vpand	%ymm10, %ymm1, %ymm1
+        vpand	%ymm10, %ymm2, %ymm2
+        vpand	%ymm10, %ymm3, %ymm3
+        vpand	%ymm10, %ymm4, %ymm4
+        vpand	%ymm10, %ymm5, %ymm5
+        vpand	%ymm10, %ymm6, %ymm6
+        vpand	%ymm10, %ymm7, %ymm7
+        vpsubd	%ymm0, %ymm8, %ymm0
+        vpsubd	%ymm1, %ymm8, %ymm1
+        vpsubd	%ymm2, %ymm8, %ymm2
+        vpsubd	%ymm3, %ymm8, %ymm3
+        vpsubd	%ymm4, %ymm8, %ymm4
+        vpsubd	%ymm5, %ymm8, %ymm5
+        vpsubd	%ymm6, %ymm8, %ymm6
+        vpsubd	%ymm7, %ymm8, %ymm7
+        vmovdqu	%ymm0, 768(%rsi)
+        vmovdqu	%ymm1, 800(%rsi)
+        vmovdqu	%ymm2, 832(%rsi)
+        vmovdqu	%ymm3, 864(%rsi)
+        vmovdqu	%ymm4, 896(%rsi)
+        vmovdqu	%ymm5, 928(%rsi)
+        vmovdqu	%ymm6, 960(%rsi)
+        vmovdqu	%ymm7, 992(%rsi)
+        vzeroupper
+        repz retq
+#ifndef __APPLE__
+.size	wc_mldsa_decode_eta_4_avx2,.-wc_mldsa_decode_eta_4_avx2
+#endif /* __APPLE__ */
+#ifndef __APPLE__
+.data
+#else
+.section	__DATA,__data
+#endif /* __APPLE__ */
+#ifndef __APPLE__
+.align	16
+#else
+.p2align	4
+#endif /* __APPLE__ */
+L_mldsa_encode_w1_88_avx2_shuff_0_even:
+.value	0x900,0xff0a
+.value	0xffff,0xffff
+.value	0xffff,0xffff
+.value	0xffff,0xffff
+.value	0xffff,0xff
+.value	0xa09,0xffff
+.value	0xffff,0xffff
+.value	0xffff,0xffff
+#ifndef __APPLE__
+.data
+#else
+.section	__DATA,__data
+#endif /* __APPLE__ */
+#ifndef __APPLE__
+.align	16
+#else
+.p2align	4
+#endif /* __APPLE__ */
+L_mldsa_encode_w1_88_avx2_shuff_0_odd:
+.value	0x504,0xff0e
+.value	0xffff,0xffff
+.value	0xffff,0xffff
+.value	0xffff,0xffff
+.value	0xffff,0x4ff
+.value	0xe05,0xffff
+.value	0xffff,0xffff
+.value	0xffff,0xffff
+#ifndef __APPLE__
+.data
+#else
+.section	__DATA,__data
+#endif /* __APPLE__ */
+#ifndef __APPLE__
+.align	16
+#else
+.p2align	4
+#endif /* __APPLE__ */
+L_mldsa_encode_w1_88_avx2_shuff_1_even:
+.value	0xffff,0xffff
+.value	0xffff,0x900
+.value	0xff0a,0xffff
+.value	0xffff,0xffff
+.value	0xffff,0xffff
+.value	0xffff,0xffff
+.value	0xff,0xa09
+.value	0xffff,0xffff
+#ifndef __APPLE__
+.data
+#else
+.section	__DATA,__data
+#endif /* __APPLE__ */
+#ifndef __APPLE__
+.align	16
+#else
+.p2align	4
+#endif /* __APPLE__ */
+L_mldsa_encode_w1_88_avx2_shuff_1_odd:
+.value	0xffff,0xffff
+.value	0xffff,0x504
+.value	0xff0e,0xffff
+.value	0xffff,0xffff
+.value	0xffff,0xffff
+.value	0xffff,0xffff
+.value	0x4ff,0xe05
+.value	0xffff,0xffff
+#ifndef __APPLE__
+.data
+#else
+.section	__DATA,__data
+#endif /* __APPLE__ */
+L_mldsa_encode_w1_88_avx2_vs:
+.long	0x00000000,0x00000006,0x0000000c,0x00000012
+.long	0x00000000,0x00000006,0x0000000c,0x00000012
+#ifndef __APPLE__
+.text
+.globl	wc_mldsa_encode_w1_88_avx2
+.type	wc_mldsa_encode_w1_88_avx2,@function
+.align	16
+wc_mldsa_encode_w1_88_avx2:
+#else
+.section	__TEXT,__text
+.globl	_wc_mldsa_encode_w1_88_avx2
+.p2align	4
+_wc_mldsa_encode_w1_88_avx2:
+#endif /* __APPLE__ */
+        vpxor	%ymm4, %ymm4, %ymm4
+        vmovdqu	L_mldsa_encode_w1_88_avx2_shuff_0_even(%rip), %ymm4
+        vmovdqu	L_mldsa_encode_w1_88_avx2_shuff_0_odd(%rip), %ymm5
+        vmovdqu	L_mldsa_encode_w1_88_avx2_shuff_1_even(%rip), %ymm6
+        vmovdqu	L_mldsa_encode_w1_88_avx2_shuff_1_odd(%rip), %ymm7
+        vmovdqu	L_mldsa_encode_w1_88_avx2_vs(%rip), %ymm8
+        vmovdqu	(%rdi), %ymm0
+        vmovdqu	32(%rdi), %ymm1
+        vpsllvd	%ymm8, %ymm0, %ymm0
+        vpsllvd	%ymm8, %ymm1, %ymm1
+        vpshufb	%ymm5, %ymm0, %ymm2
+        vpshufb	%ymm4, %ymm0, %ymm0
+        vpshufb	%ymm7, %ymm1, %ymm3
+        vpshufb	%ymm6, %ymm1, %ymm1
+        vpor	%ymm2, %ymm0, %ymm0
+        vpor	%ymm3, %ymm0, %ymm0
+        vpor	%ymm1, %ymm0, %ymm0
+        vextracti128	$0x01, %ymm0, %xmm2
+        vpor	%ymm2, %ymm0, %ymm0
+        vmovq	%xmm0, (%rsi)
+        vpextrd	$2, %xmm0, 8(%rsi)
+        addq	$12, %rsi
+        vmovdqu	64(%rdi), %ymm0
+        vmovdqu	96(%rdi), %ymm1
+        vpsllvd	%ymm8, %ymm0, %ymm0
+        vpsllvd	%ymm8, %ymm1, %ymm1
+        vpshufb	%ymm5, %ymm0, %ymm2
+        vpshufb	%ymm4, %ymm0, %ymm0
+        vpshufb	%ymm7, %ymm1, %ymm3
+        vpshufb	%ymm6, %ymm1, %ymm1
+        vpor	%ymm2, %ymm0, %ymm0
+        vpor	%ymm3, %ymm0, %ymm0
+        vpor	%ymm1, %ymm0, %ymm0
+        vextracti128	$0x01, %ymm0, %xmm2
+        vpor	%ymm2, %ymm0, %ymm0
+        vmovq	%xmm0, (%rsi)
+        vpextrd	$2, %xmm0, 8(%rsi)
+        addq	$12, %rsi
+        vmovdqu	128(%rdi), %ymm0
+        vmovdqu	160(%rdi), %ymm1
+        vpsllvd	%ymm8, %ymm0, %ymm0
+        vpsllvd	%ymm8, %ymm1, %ymm1
+        vpshufb	%ymm5, %ymm0, %ymm2
+        vpshufb	%ymm4, %ymm0, %ymm0
+        vpshufb	%ymm7, %ymm1, %ymm3
+        vpshufb	%ymm6, %ymm1, %ymm1
+        vpor	%ymm2, %ymm0, %ymm0
+        vpor	%ymm3, %ymm0, %ymm0
+        vpor	%ymm1, %ymm0, %ymm0
+        vextracti128	$0x01, %ymm0, %xmm2
+        vpor	%ymm2, %ymm0, %ymm0
+        vmovq	%xmm0, (%rsi)
+        vpextrd	$2, %xmm0, 8(%rsi)
+        addq	$12, %rsi
+        vmovdqu	192(%rdi), %ymm0
+        vmovdqu	224(%rdi), %ymm1
+        vpsllvd	%ymm8, %ymm0, %ymm0
+        vpsllvd	%ymm8, %ymm1, %ymm1
+        vpshufb	%ymm5, %ymm0, %ymm2
+        vpshufb	%ymm4, %ymm0, %ymm0
+        vpshufb	%ymm7, %ymm1, %ymm3
+        vpshufb	%ymm6, %ymm1, %ymm1
+        vpor	%ymm2, %ymm0, %ymm0
+        vpor	%ymm3, %ymm0, %ymm0
+        vpor	%ymm1, %ymm0, %ymm0
+        vextracti128	$0x01, %ymm0, %xmm2
+        vpor	%ymm2, %ymm0, %ymm0
+        vmovq	%xmm0, (%rsi)
+        vpextrd	$2, %xmm0, 8(%rsi)
+        addq	$12, %rsi
+        vmovdqu	256(%rdi), %ymm0
+        vmovdqu	288(%rdi), %ymm1
+        vpsllvd	%ymm8, %ymm0, %ymm0
+        vpsllvd	%ymm8, %ymm1, %ymm1
+        vpshufb	%ymm5, %ymm0, %ymm2
+        vpshufb	%ymm4, %ymm0, %ymm0
+        vpshufb	%ymm7, %ymm1, %ymm3
+        vpshufb	%ymm6, %ymm1, %ymm1
+        vpor	%ymm2, %ymm0, %ymm0
+        vpor	%ymm3, %ymm0, %ymm0
+        vpor	%ymm1, %ymm0, %ymm0
+        vextracti128	$0x01, %ymm0, %xmm2
+        vpor	%ymm2, %ymm0, %ymm0
+        vmovq	%xmm0, (%rsi)
+        vpextrd	$2, %xmm0, 8(%rsi)
+        addq	$12, %rsi
+        vmovdqu	320(%rdi), %ymm0
+        vmovdqu	352(%rdi), %ymm1
+        vpsllvd	%ymm8, %ymm0, %ymm0
+        vpsllvd	%ymm8, %ymm1, %ymm1
+        vpshufb	%ymm5, %ymm0, %ymm2
+        vpshufb	%ymm4, %ymm0, %ymm0
+        vpshufb	%ymm7, %ymm1, %ymm3
+        vpshufb	%ymm6, %ymm1, %ymm1
+        vpor	%ymm2, %ymm0, %ymm0
+        vpor	%ymm3, %ymm0, %ymm0
+        vpor	%ymm1, %ymm0, %ymm0
+        vextracti128	$0x01, %ymm0, %xmm2
+        vpor	%ymm2, %ymm0, %ymm0
+        vmovq	%xmm0, (%rsi)
+        vpextrd	$2, %xmm0, 8(%rsi)
+        addq	$12, %rsi
+        vmovdqu	384(%rdi), %ymm0
+        vmovdqu	416(%rdi), %ymm1
+        vpsllvd	%ymm8, %ymm0, %ymm0
+        vpsllvd	%ymm8, %ymm1, %ymm1
+        vpshufb	%ymm5, %ymm0, %ymm2
+        vpshufb	%ymm4, %ymm0, %ymm0
+        vpshufb	%ymm7, %ymm1, %ymm3
+        vpshufb	%ymm6, %ymm1, %ymm1
+        vpor	%ymm2, %ymm0, %ymm0
+        vpor	%ymm3, %ymm0, %ymm0
+        vpor	%ymm1, %ymm0, %ymm0
+        vextracti128	$0x01, %ymm0, %xmm2
+        vpor	%ymm2, %ymm0, %ymm0
+        vmovq	%xmm0, (%rsi)
+        vpextrd	$2, %xmm0, 8(%rsi)
+        addq	$12, %rsi
+        vmovdqu	448(%rdi), %ymm0
+        vmovdqu	480(%rdi), %ymm1
+        vpsllvd	%ymm8, %ymm0, %ymm0
+        vpsllvd	%ymm8, %ymm1, %ymm1
+        vpshufb	%ymm5, %ymm0, %ymm2
+        vpshufb	%ymm4, %ymm0, %ymm0
+        vpshufb	%ymm7, %ymm1, %ymm3
+        vpshufb	%ymm6, %ymm1, %ymm1
+        vpor	%ymm2, %ymm0, %ymm0
+        vpor	%ymm3, %ymm0, %ymm0
+        vpor	%ymm1, %ymm0, %ymm0
+        vextracti128	$0x01, %ymm0, %xmm2
+        vpor	%ymm2, %ymm0, %ymm0
+        vmovq	%xmm0, (%rsi)
+        vpextrd	$2, %xmm0, 8(%rsi)
+        addq	$12, %rsi
+        vmovdqu	512(%rdi), %ymm0
+        vmovdqu	544(%rdi), %ymm1
+        vpsllvd	%ymm8, %ymm0, %ymm0
+        vpsllvd	%ymm8, %ymm1, %ymm1
+        vpshufb	%ymm5, %ymm0, %ymm2
+        vpshufb	%ymm4, %ymm0, %ymm0
+        vpshufb	%ymm7, %ymm1, %ymm3
+        vpshufb	%ymm6, %ymm1, %ymm1
+        vpor	%ymm2, %ymm0, %ymm0
+        vpor	%ymm3, %ymm0, %ymm0
+        vpor	%ymm1, %ymm0, %ymm0
+        vextracti128	$0x01, %ymm0, %xmm2
+        vpor	%ymm2, %ymm0, %ymm0
+        vmovq	%xmm0, (%rsi)
+        vpextrd	$2, %xmm0, 8(%rsi)
+        addq	$12, %rsi
+        vmovdqu	576(%rdi), %ymm0
+        vmovdqu	608(%rdi), %ymm1
+        vpsllvd	%ymm8, %ymm0, %ymm0
+        vpsllvd	%ymm8, %ymm1, %ymm1
+        vpshufb	%ymm5, %ymm0, %ymm2
+        vpshufb	%ymm4, %ymm0, %ymm0
+        vpshufb	%ymm7, %ymm1, %ymm3
+        vpshufb	%ymm6, %ymm1, %ymm1
+        vpor	%ymm2, %ymm0, %ymm0
+        vpor	%ymm3, %ymm0, %ymm0
+        vpor	%ymm1, %ymm0, %ymm0
+        vextracti128	$0x01, %ymm0, %xmm2
+        vpor	%ymm2, %ymm0, %ymm0
+        vmovq	%xmm0, (%rsi)
+        vpextrd	$2, %xmm0, 8(%rsi)
+        addq	$12, %rsi
+        vmovdqu	640(%rdi), %ymm0
+        vmovdqu	672(%rdi), %ymm1
+        vpsllvd	%ymm8, %ymm0, %ymm0
+        vpsllvd	%ymm8, %ymm1, %ymm1
+        vpshufb	%ymm5, %ymm0, %ymm2
+        vpshufb	%ymm4, %ymm0, %ymm0
+        vpshufb	%ymm7, %ymm1, %ymm3
+        vpshufb	%ymm6, %ymm1, %ymm1
+        vpor	%ymm2, %ymm0, %ymm0
+        vpor	%ymm3, %ymm0, %ymm0
+        vpor	%ymm1, %ymm0, %ymm0
+        vextracti128	$0x01, %ymm0, %xmm2
+        vpor	%ymm2, %ymm0, %ymm0
+        vmovq	%xmm0, (%rsi)
+        vpextrd	$2, %xmm0, 8(%rsi)
+        addq	$12, %rsi
+        vmovdqu	704(%rdi), %ymm0
+        vmovdqu	736(%rdi), %ymm1
+        vpsllvd	%ymm8, %ymm0, %ymm0
+        vpsllvd	%ymm8, %ymm1, %ymm1
+        vpshufb	%ymm5, %ymm0, %ymm2
+        vpshufb	%ymm4, %ymm0, %ymm0
+        vpshufb	%ymm7, %ymm1, %ymm3
+        vpshufb	%ymm6, %ymm1, %ymm1
+        vpor	%ymm2, %ymm0, %ymm0
+        vpor	%ymm3, %ymm0, %ymm0
+        vpor	%ymm1, %ymm0, %ymm0
+        vextracti128	$0x01, %ymm0, %xmm2
+        vpor	%ymm2, %ymm0, %ymm0
+        vmovq	%xmm0, (%rsi)
+        vpextrd	$2, %xmm0, 8(%rsi)
+        addq	$12, %rsi
+        vmovdqu	768(%rdi), %ymm0
+        vmovdqu	800(%rdi), %ymm1
+        vpsllvd	%ymm8, %ymm0, %ymm0
+        vpsllvd	%ymm8, %ymm1, %ymm1
+        vpshufb	%ymm5, %ymm0, %ymm2
+        vpshufb	%ymm4, %ymm0, %ymm0
+        vpshufb	%ymm7, %ymm1, %ymm3
+        vpshufb	%ymm6, %ymm1, %ymm1
+        vpor	%ymm2, %ymm0, %ymm0
+        vpor	%ymm3, %ymm0, %ymm0
+        vpor	%ymm1, %ymm0, %ymm0
+        vextracti128	$0x01, %ymm0, %xmm2
+        vpor	%ymm2, %ymm0, %ymm0
+        vmovq	%xmm0, (%rsi)
+        vpextrd	$2, %xmm0, 8(%rsi)
+        addq	$12, %rsi
+        vmovdqu	832(%rdi), %ymm0
+        vmovdqu	864(%rdi), %ymm1
+        vpsllvd	%ymm8, %ymm0, %ymm0
+        vpsllvd	%ymm8, %ymm1, %ymm1
+        vpshufb	%ymm5, %ymm0, %ymm2
+        vpshufb	%ymm4, %ymm0, %ymm0
+        vpshufb	%ymm7, %ymm1, %ymm3
+        vpshufb	%ymm6, %ymm1, %ymm1
+        vpor	%ymm2, %ymm0, %ymm0
+        vpor	%ymm3, %ymm0, %ymm0
+        vpor	%ymm1, %ymm0, %ymm0
+        vextracti128	$0x01, %ymm0, %xmm2
+        vpor	%ymm2, %ymm0, %ymm0
+        vmovq	%xmm0, (%rsi)
+        vpextrd	$2, %xmm0, 8(%rsi)
+        addq	$12, %rsi
+        vmovdqu	896(%rdi), %ymm0
+        vmovdqu	928(%rdi), %ymm1
+        vpsllvd	%ymm8, %ymm0, %ymm0
+        vpsllvd	%ymm8, %ymm1, %ymm1
+        vpshufb	%ymm5, %ymm0, %ymm2
+        vpshufb	%ymm4, %ymm0, %ymm0
+        vpshufb	%ymm7, %ymm1, %ymm3
+        vpshufb	%ymm6, %ymm1, %ymm1
+        vpor	%ymm2, %ymm0, %ymm0
+        vpor	%ymm3, %ymm0, %ymm0
+        vpor	%ymm1, %ymm0, %ymm0
+        vextracti128	$0x01, %ymm0, %xmm2
+        vpor	%ymm2, %ymm0, %ymm0
+        vmovq	%xmm0, (%rsi)
+        vpextrd	$2, %xmm0, 8(%rsi)
+        addq	$12, %rsi
+        vmovdqu	960(%rdi), %ymm0
+        vmovdqu	992(%rdi), %ymm1
+        vpsllvd	%ymm8, %ymm0, %ymm0
+        vpsllvd	%ymm8, %ymm1, %ymm1
+        vpshufb	%ymm5, %ymm0, %ymm2
+        vpshufb	%ymm4, %ymm0, %ymm0
+        vpshufb	%ymm7, %ymm1, %ymm3
+        vpshufb	%ymm6, %ymm1, %ymm1
+        vpor	%ymm2, %ymm0, %ymm0
+        vpor	%ymm3, %ymm0, %ymm0
+        vpor	%ymm1, %ymm0, %ymm0
+        vextracti128	$0x01, %ymm0, %xmm2
+        vpor	%ymm2, %ymm0, %ymm0
+        vmovq	%xmm0, (%rsi)
+        vpextrd	$2, %xmm0, 8(%rsi)
+        addq	$12, %rsi
+        vzeroupper
+        repz retq
+#ifndef __APPLE__
+.size	wc_mldsa_encode_w1_88_avx2,.-wc_mldsa_encode_w1_88_avx2
+#endif /* __APPLE__ */
+#ifndef __APPLE__
+.data
+#else
+.section	__DATA,__data
+#endif /* __APPLE__ */
+L_mldsa_encode_w1_32_avx2_vs_4:
+.long	0x00000000,0x00000004,0x00000000,0x00000004
+.long	0x00000000,0x00000004,0x00000000,0x00000004
+#ifndef __APPLE__
+.text
+.globl	wc_mldsa_encode_w1_32_avx2
+.type	wc_mldsa_encode_w1_32_avx2,@function
+.align	16
+wc_mldsa_encode_w1_32_avx2:
+#else
+.section	__TEXT,__text
+.globl	_wc_mldsa_encode_w1_32_avx2
+.p2align	4
+_wc_mldsa_encode_w1_32_avx2:
+#endif /* __APPLE__ */
+        vpxor	%ymm8, %ymm8, %ymm8
+        vmovdqu	L_mldsa_encode_w1_32_avx2_vs_4(%rip), %ymm8
+        vmovdqu	(%rdi), %ymm0
+        vmovdqu	32(%rdi), %ymm1
+        vmovdqu	64(%rdi), %ymm2
+        vmovdqu	96(%rdi), %ymm3
+        vmovdqu	128(%rdi), %ymm4
+        vmovdqu	160(%rdi), %ymm5
+        vmovdqu	192(%rdi), %ymm6
+        vmovdqu	224(%rdi), %ymm7
+        vpsllvd	%ymm8, %ymm0, %ymm0
+        vpsllvd	%ymm8, %ymm1, %ymm1
+        vpsllvd	%ymm8, %ymm2, %ymm2
+        vpsllvd	%ymm8, %ymm3, %ymm3
+        vpsllvd	%ymm8, %ymm4, %ymm4
+        vpsllvd	%ymm8, %ymm5, %ymm5
+        vpsllvd	%ymm8, %ymm6, %ymm6
+        vpsllvd	%ymm8, %ymm7, %ymm7
+        vpackusdw	%ymm1, %ymm0, %ymm0
+        vpackusdw	%ymm3, %ymm2, %ymm1
+        vpackusdw	%ymm5, %ymm4, %ymm2
+        vpackusdw	%ymm7, %ymm6, %ymm3
+        vpermq	$0xd8, %ymm0, %ymm0
+        vpermq	$0xd8, %ymm1, %ymm1
+        vpermq	$0xd8, %ymm2, %ymm2
+        vpermq	$0xd8, %ymm3, %ymm3
+        vphaddw	%ymm1, %ymm0, %ymm0
+        vphaddw	%ymm3, %ymm2, %ymm1
+        vphaddw	%ymm5, %ymm4, %ymm2
+        vphaddw	%ymm7, %ymm6, %ymm3
+        vpermq	$0xd8, %ymm0, %ymm0
+        vpermq	$0xd8, %ymm1, %ymm1
+        vpackuswb	%ymm1, %ymm0, %ymm0
+        vpermq	$0xd8, %ymm0, %ymm0
+        vmovdqu	%ymm0, (%rsi)
+        vmovdqu	256(%rdi), %ymm0
+        vmovdqu	288(%rdi), %ymm1
+        vmovdqu	320(%rdi), %ymm2
+        vmovdqu	352(%rdi), %ymm3
+        vmovdqu	384(%rdi), %ymm4
+        vmovdqu	416(%rdi), %ymm5
+        vmovdqu	448(%rdi), %ymm6
+        vmovdqu	480(%rdi), %ymm7
+        vpsllvd	%ymm8, %ymm0, %ymm0
+        vpsllvd	%ymm8, %ymm1, %ymm1
+        vpsllvd	%ymm8, %ymm2, %ymm2
+        vpsllvd	%ymm8, %ymm3, %ymm3
+        vpsllvd	%ymm8, %ymm4, %ymm4
+        vpsllvd	%ymm8, %ymm5, %ymm5
+        vpsllvd	%ymm8, %ymm6, %ymm6
+        vpsllvd	%ymm8, %ymm7, %ymm7
+        vpackusdw	%ymm1, %ymm0, %ymm0
+        vpackusdw	%ymm3, %ymm2, %ymm1
+        vpackusdw	%ymm5, %ymm4, %ymm2
+        vpackusdw	%ymm7, %ymm6, %ymm3
+        vpermq	$0xd8, %ymm0, %ymm0
+        vpermq	$0xd8, %ymm1, %ymm1
+        vpermq	$0xd8, %ymm2, %ymm2
+        vpermq	$0xd8, %ymm3, %ymm3
+        vphaddw	%ymm1, %ymm0, %ymm0
+        vphaddw	%ymm3, %ymm2, %ymm1
+        vphaddw	%ymm5, %ymm4, %ymm2
+        vphaddw	%ymm7, %ymm6, %ymm3
+        vpermq	$0xd8, %ymm0, %ymm0
+        vpermq	$0xd8, %ymm1, %ymm1
+        vpackuswb	%ymm1, %ymm0, %ymm0
+        vpermq	$0xd8, %ymm0, %ymm0
+        vmovdqu	%ymm0, 32(%rsi)
+        vmovdqu	512(%rdi), %ymm0
+        vmovdqu	544(%rdi), %ymm1
+        vmovdqu	576(%rdi), %ymm2
+        vmovdqu	608(%rdi), %ymm3
+        vmovdqu	640(%rdi), %ymm4
+        vmovdqu	672(%rdi), %ymm5
+        vmovdqu	704(%rdi), %ymm6
+        vmovdqu	736(%rdi), %ymm7
+        vpsllvd	%ymm8, %ymm0, %ymm0
+        vpsllvd	%ymm8, %ymm1, %ymm1
+        vpsllvd	%ymm8, %ymm2, %ymm2
+        vpsllvd	%ymm8, %ymm3, %ymm3
+        vpsllvd	%ymm8, %ymm4, %ymm4
+        vpsllvd	%ymm8, %ymm5, %ymm5
+        vpsllvd	%ymm8, %ymm6, %ymm6
+        vpsllvd	%ymm8, %ymm7, %ymm7
+        vpackusdw	%ymm1, %ymm0, %ymm0
+        vpackusdw	%ymm3, %ymm2, %ymm1
+        vpackusdw	%ymm5, %ymm4, %ymm2
+        vpackusdw	%ymm7, %ymm6, %ymm3
+        vpermq	$0xd8, %ymm0, %ymm0
+        vpermq	$0xd8, %ymm1, %ymm1
+        vpermq	$0xd8, %ymm2, %ymm2
+        vpermq	$0xd8, %ymm3, %ymm3
+        vphaddw	%ymm1, %ymm0, %ymm0
+        vphaddw	%ymm3, %ymm2, %ymm1
+        vphaddw	%ymm5, %ymm4, %ymm2
+        vphaddw	%ymm7, %ymm6, %ymm3
+        vpermq	$0xd8, %ymm0, %ymm0
+        vpermq	$0xd8, %ymm1, %ymm1
+        vpackuswb	%ymm1, %ymm0, %ymm0
+        vpermq	$0xd8, %ymm0, %ymm0
+        vmovdqu	%ymm0, 64(%rsi)
+        vmovdqu	768(%rdi), %ymm0
+        vmovdqu	800(%rdi), %ymm1
+        vmovdqu	832(%rdi), %ymm2
+        vmovdqu	864(%rdi), %ymm3
+        vmovdqu	896(%rdi), %ymm4
+        vmovdqu	928(%rdi), %ymm5
+        vmovdqu	960(%rdi), %ymm6
+        vmovdqu	992(%rdi), %ymm7
+        vpsllvd	%ymm8, %ymm0, %ymm0
+        vpsllvd	%ymm8, %ymm1, %ymm1
+        vpsllvd	%ymm8, %ymm2, %ymm2
+        vpsllvd	%ymm8, %ymm3, %ymm3
+        vpsllvd	%ymm8, %ymm4, %ymm4
+        vpsllvd	%ymm8, %ymm5, %ymm5
+        vpsllvd	%ymm8, %ymm6, %ymm6
+        vpsllvd	%ymm8, %ymm7, %ymm7
+        vpackusdw	%ymm1, %ymm0, %ymm0
+        vpackusdw	%ymm3, %ymm2, %ymm1
+        vpackusdw	%ymm5, %ymm4, %ymm2
+        vpackusdw	%ymm7, %ymm6, %ymm3
+        vpermq	$0xd8, %ymm0, %ymm0
+        vpermq	$0xd8, %ymm1, %ymm1
+        vpermq	$0xd8, %ymm2, %ymm2
+        vpermq	$0xd8, %ymm3, %ymm3
+        vphaddw	%ymm1, %ymm0, %ymm0
+        vphaddw	%ymm3, %ymm2, %ymm1
+        vphaddw	%ymm5, %ymm4, %ymm2
+        vphaddw	%ymm7, %ymm6, %ymm3
+        vpermq	$0xd8, %ymm0, %ymm0
+        vpermq	$0xd8, %ymm1, %ymm1
+        vpackuswb	%ymm1, %ymm0, %ymm0
+        vpermq	$0xd8, %ymm0, %ymm0
+        vmovdqu	%ymm0, 96(%rsi)
+        vzeroupper
+        repz retq
+#ifndef __APPLE__
+.size	wc_mldsa_encode_w1_32_avx2,.-wc_mldsa_encode_w1_32_avx2
+#endif /* __APPLE__ */
+#ifndef __APPLE__
+.data
+#else
+.section	__DATA,__data
+#endif /* __APPLE__ */
+L_mldsa_encode_t0_t1_avx2_d_max_half_m1:
+.long	0x00000fff,0x00000fff,0x00000fff,0x00000fff
+.long	0x00000fff,0x00000fff,0x00000fff,0x00000fff
+#ifndef __APPLE__
+.data
+#else
+.section	__DATA,__data
+#endif /* __APPLE__ */
+L_mldsa_encode_t0_t1_avx2_d_max_half:
+.long	0x00001000,0x00001000,0x00001000,0x00001000
+.long	0x00001000,0x00001000,0x00001000,0x00001000
+#ifndef __APPLE__
+.data
+#else
+.section	__DATA,__data
+#endif /* __APPLE__ */
+L_mldsa_encode_t0_t1_avx2_vs_13:
+.long	0x00000000,0x0000000d,0x00000002,0x0000000f
+.long	0x00000004,0x00000011,0x00000006,0x00000013
+#ifndef __APPLE__
+.data
+#else
+.section	__DATA,__data
+#endif /* __APPLE__ */
+#ifndef __APPLE__
+.align	16
+#else
+.p2align	4
+#endif /* __APPLE__ */
+L_mldsa_encode_t0_t1_avx2_shuff_13_even:
+.value	0x100,0x8ff
+.value	0xff09,0xffff
+.value	0xffff,0xffff
+.value	0xffff,0xffff
+.value	0xffff,0xffff
+.value	0xffff,0x100
+.value	0x802,0xa09
+.value	0xffff,0xffff
+#ifndef __APPLE__
+.data
+#else
+.section	__DATA,__data
+#endif /* __APPLE__ */
+#ifndef __APPLE__
+.align	16
+#else
+.p2align	4
+#endif /* __APPLE__ */
+L_mldsa_encode_t0_t1_avx2_shuff_13_odd:
+.value	0x5ff,0x706
+.value	0xe0d,0xff0f
+.value	0xffff,0xffff
+.value	0xffff,0xffff
+.value	0xffff,0xffff
+.value	0xffff,0xffff
+.value	0x706,0xeff
+.value	0xff0f,0xffff
+#ifndef __APPLE__
+.data
+#else
+.section	__DATA,__data
+#endif /* __APPLE__ */
+L_mldsa_encode_t0_t1_avx2_vs_10:
+.long	0x00000000,0x0000000a,0x00000004,0x0000000e
+.long	0x00000000,0x0000000a,0x00000004,0x0000000e
+#ifndef __APPLE__
+.data
+#else
+.section	__DATA,__data
+#endif /* __APPLE__ */
+#ifndef __APPLE__
+.align	16
+#else
+.p2align	4
+#endif /* __APPLE__ */
+L_mldsa_encode_t0_t1_avx2_shuff_10_even:
+.value	0x100,0x908
+.value	0xffff,0xffff
+.value	0xffff,0xffff
+.value	0xffff,0xffff
+.value	0xffff,0xffff
+.value	0xff,0x801
+.value	0xff09,0xffff
+.value	0xffff,0xffff
+#ifndef __APPLE__
+.data
+#else
+.section	__DATA,__data
+#endif /* __APPLE__ */
+#ifndef __APPLE__
+.align	16
+#else
+.p2align	4
+#endif /* __APPLE__ */
+L_mldsa_encode_t0_t1_avx2_shuff_10_odd:
+.value	0x5ff,0xd06
+.value	0xff0e,0xffff
+.value	0xffff,0xffff
+.value	0xffff,0xffff
+.value	0xffff,0xffff
+.value	0xffff,0x605
+.value	0xe0d,0xffff
+.value	0xffff,0xffff
+#ifndef __APPLE__
+.text
+.globl	wc_mldsa_vec_encode_t0_t1_avx2
+.type	wc_mldsa_vec_encode_t0_t1_avx2,@function
+.align	16
+wc_mldsa_vec_encode_t0_t1_avx2:
+#else
+.section	__TEXT,__text
+.globl	_wc_mldsa_vec_encode_t0_t1_avx2
+.p2align	4
+_wc_mldsa_vec_encode_t0_t1_avx2:
+#endif /* __APPLE__ */
+        vmovdqu	L_mldsa_encode_t0_t1_avx2_d_max_half_m1(%rip), %ymm6
+        vmovdqu	L_mldsa_encode_t0_t1_avx2_d_max_half(%rip), %ymm7
+        vmovdqu	L_mldsa_encode_t0_t1_avx2_vs_13(%rip), %ymm8
+        vmovdqu	L_mldsa_encode_t0_t1_avx2_shuff_13_even(%rip), %ymm9
+        vmovdqu	L_mldsa_encode_t0_t1_avx2_shuff_13_odd(%rip), %ymm10
+        vmovdqu	L_mldsa_encode_t0_t1_avx2_vs_10(%rip), %ymm11
+        vmovdqu	L_mldsa_encode_t0_t1_avx2_shuff_10_even(%rip), %ymm12
+        vmovdqu	L_mldsa_encode_t0_t1_avx2_shuff_10_odd(%rip), %ymm13
+L_mldsa_encode_t0_t1_avx2_loop:
+        vmovdqu	(%rdi), %ymm0
+        vmovdqu	32(%rdi), %ymm1
+        vpaddd	%ymm6, %ymm0, %ymm4
+        vpaddd	%ymm6, %ymm1, %ymm5
+        vpsrld	$13, %ymm4, %ymm4
+        vpsrld	$13, %ymm5, %ymm5
+        vpslld	$13, %ymm4, %ymm2
+        vpslld	$13, %ymm5, %ymm3
+        vpsubd	%ymm2, %ymm0, %ymm2
+        vpsubd	%ymm3, %ymm1, %ymm3
+        vpsubd	%ymm2, %ymm7, %ymm2
+        vpsubd	%ymm3, %ymm7, %ymm3
+        vpsllvd	%ymm8, %ymm2, %ymm2
+        vpsllvd	%ymm8, %ymm3, %ymm3
+        vpshufb	%ymm10, %ymm2, %ymm0
+        vpshufb	%ymm10, %ymm3, %ymm1
+        vpshufb	%ymm9, %ymm2, %ymm2
+        vpshufb	%ymm9, %ymm3, %ymm3
+        vpor	%ymm0, %ymm2, %ymm2
+        vpor	%ymm1, %ymm3, %ymm3
+        vextracti128	$0x01, %ymm2, %xmm0
+        vextracti128	$0x01, %ymm3, %xmm1
+        vpor	%ymm0, %ymm2, %ymm2
+        vpor	%ymm1, %ymm3, %ymm3
+        vmovdqu	%xmm2, (%rdx)
+        addq	$13, %rdx
+        vmovdqu	%xmm3, (%rdx)
+        addq	$13, %rdx
+        vpsllvd	%ymm11, %ymm4, %ymm4
+        vpsllvd	%ymm11, %ymm5, %ymm5
+        vpshufb	%ymm13, %ymm4, %ymm0
+        vpshufb	%ymm13, %ymm5, %ymm1
+        vpshufb	%ymm12, %ymm4, %ymm4
+        vpshufb	%ymm12, %ymm5, %ymm5
+        vpor	%ymm0, %ymm4, %ymm4
+        vpor	%ymm1, %ymm5, %ymm5
+        vextracti128	$0x01, %ymm4, %xmm0
+        vextracti128	$0x01, %ymm5, %xmm1
+        vpor	%ymm0, %ymm4, %ymm4
+        vpor	%ymm1, %ymm5, %ymm5
+        vmovdqu	%xmm4, (%rcx)
+        addq	$10, %rcx
+        vmovdqu	%xmm5, (%rcx)
+        addq	$10, %rcx
+        vmovdqu	64(%rdi), %ymm0
+        vmovdqu	96(%rdi), %ymm1
+        vpaddd	%ymm6, %ymm0, %ymm4
+        vpaddd	%ymm6, %ymm1, %ymm5
+        vpsrld	$13, %ymm4, %ymm4
+        vpsrld	$13, %ymm5, %ymm5
+        vpslld	$13, %ymm4, %ymm2
+        vpslld	$13, %ymm5, %ymm3
+        vpsubd	%ymm2, %ymm0, %ymm2
+        vpsubd	%ymm3, %ymm1, %ymm3
+        vpsubd	%ymm2, %ymm7, %ymm2
+        vpsubd	%ymm3, %ymm7, %ymm3
+        vpsllvd	%ymm8, %ymm2, %ymm2
+        vpsllvd	%ymm8, %ymm3, %ymm3
+        vpshufb	%ymm10, %ymm2, %ymm0
+        vpshufb	%ymm10, %ymm3, %ymm1
+        vpshufb	%ymm9, %ymm2, %ymm2
+        vpshufb	%ymm9, %ymm3, %ymm3
+        vpor	%ymm0, %ymm2, %ymm2
+        vpor	%ymm1, %ymm3, %ymm3
+        vextracti128	$0x01, %ymm2, %xmm0
+        vextracti128	$0x01, %ymm3, %xmm1
+        vpor	%ymm0, %ymm2, %ymm2
+        vpor	%ymm1, %ymm3, %ymm3
+        vmovdqu	%xmm2, (%rdx)
+        addq	$13, %rdx
+        vmovdqu	%xmm3, (%rdx)
+        addq	$13, %rdx
+        vpsllvd	%ymm11, %ymm4, %ymm4
+        vpsllvd	%ymm11, %ymm5, %ymm5
+        vpshufb	%ymm13, %ymm4, %ymm0
+        vpshufb	%ymm13, %ymm5, %ymm1
+        vpshufb	%ymm12, %ymm4, %ymm4
+        vpshufb	%ymm12, %ymm5, %ymm5
+        vpor	%ymm0, %ymm4, %ymm4
+        vpor	%ymm1, %ymm5, %ymm5
+        vextracti128	$0x01, %ymm4, %xmm0
+        vextracti128	$0x01, %ymm5, %xmm1
+        vpor	%ymm0, %ymm4, %ymm4
+        vpor	%ymm1, %ymm5, %ymm5
+        vmovdqu	%xmm4, (%rcx)
+        addq	$10, %rcx
+        vmovdqu	%xmm5, (%rcx)
+        addq	$10, %rcx
+        vmovdqu	128(%rdi), %ymm0
+        vmovdqu	160(%rdi), %ymm1
+        vpaddd	%ymm6, %ymm0, %ymm4
+        vpaddd	%ymm6, %ymm1, %ymm5
+        vpsrld	$13, %ymm4, %ymm4
+        vpsrld	$13, %ymm5, %ymm5
+        vpslld	$13, %ymm4, %ymm2
+        vpslld	$13, %ymm5, %ymm3
+        vpsubd	%ymm2, %ymm0, %ymm2
+        vpsubd	%ymm3, %ymm1, %ymm3
+        vpsubd	%ymm2, %ymm7, %ymm2
+        vpsubd	%ymm3, %ymm7, %ymm3
+        vpsllvd	%ymm8, %ymm2, %ymm2
+        vpsllvd	%ymm8, %ymm3, %ymm3
+        vpshufb	%ymm10, %ymm2, %ymm0
+        vpshufb	%ymm10, %ymm3, %ymm1
+        vpshufb	%ymm9, %ymm2, %ymm2
+        vpshufb	%ymm9, %ymm3, %ymm3
+        vpor	%ymm0, %ymm2, %ymm2
+        vpor	%ymm1, %ymm3, %ymm3
+        vextracti128	$0x01, %ymm2, %xmm0
+        vextracti128	$0x01, %ymm3, %xmm1
+        vpor	%ymm0, %ymm2, %ymm2
+        vpor	%ymm1, %ymm3, %ymm3
+        vmovdqu	%xmm2, (%rdx)
+        addq	$13, %rdx
+        vmovdqu	%xmm3, (%rdx)
+        addq	$13, %rdx
+        vpsllvd	%ymm11, %ymm4, %ymm4
+        vpsllvd	%ymm11, %ymm5, %ymm5
+        vpshufb	%ymm13, %ymm4, %ymm0
+        vpshufb	%ymm13, %ymm5, %ymm1
+        vpshufb	%ymm12, %ymm4, %ymm4
+        vpshufb	%ymm12, %ymm5, %ymm5
+        vpor	%ymm0, %ymm4, %ymm4
+        vpor	%ymm1, %ymm5, %ymm5
+        vextracti128	$0x01, %ymm4, %xmm0
+        vextracti128	$0x01, %ymm5, %xmm1
+        vpor	%ymm0, %ymm4, %ymm4
+        vpor	%ymm1, %ymm5, %ymm5
+        vmovdqu	%xmm4, (%rcx)
+        addq	$10, %rcx
+        vmovdqu	%xmm5, (%rcx)
+        addq	$10, %rcx
+        vmovdqu	192(%rdi), %ymm0
+        vmovdqu	224(%rdi), %ymm1
+        vpaddd	%ymm6, %ymm0, %ymm4
+        vpaddd	%ymm6, %ymm1, %ymm5
+        vpsrld	$13, %ymm4, %ymm4
+        vpsrld	$13, %ymm5, %ymm5
+        vpslld	$13, %ymm4, %ymm2
+        vpslld	$13, %ymm5, %ymm3
+        vpsubd	%ymm2, %ymm0, %ymm2
+        vpsubd	%ymm3, %ymm1, %ymm3
+        vpsubd	%ymm2, %ymm7, %ymm2
+        vpsubd	%ymm3, %ymm7, %ymm3
+        vpsllvd	%ymm8, %ymm2, %ymm2
+        vpsllvd	%ymm8, %ymm3, %ymm3
+        vpshufb	%ymm10, %ymm2, %ymm0
+        vpshufb	%ymm10, %ymm3, %ymm1
+        vpshufb	%ymm9, %ymm2, %ymm2
+        vpshufb	%ymm9, %ymm3, %ymm3
+        vpor	%ymm0, %ymm2, %ymm2
+        vpor	%ymm1, %ymm3, %ymm3
+        vextracti128	$0x01, %ymm2, %xmm0
+        vextracti128	$0x01, %ymm3, %xmm1
+        vpor	%ymm0, %ymm2, %ymm2
+        vpor	%ymm1, %ymm3, %ymm3
+        vmovdqu	%xmm2, (%rdx)
+        addq	$13, %rdx
+        vmovdqu	%xmm3, (%rdx)
+        addq	$13, %rdx
+        vpsllvd	%ymm11, %ymm4, %ymm4
+        vpsllvd	%ymm11, %ymm5, %ymm5
+        vpshufb	%ymm13, %ymm4, %ymm0
+        vpshufb	%ymm13, %ymm5, %ymm1
+        vpshufb	%ymm12, %ymm4, %ymm4
+        vpshufb	%ymm12, %ymm5, %ymm5
+        vpor	%ymm0, %ymm4, %ymm4
+        vpor	%ymm1, %ymm5, %ymm5
+        vextracti128	$0x01, %ymm4, %xmm0
+        vextracti128	$0x01, %ymm5, %xmm1
+        vpor	%ymm0, %ymm4, %ymm4
+        vpor	%ymm1, %ymm5, %ymm5
+        vmovdqu	%xmm4, (%rcx)
+        addq	$10, %rcx
+        vmovdqu	%xmm5, (%rcx)
+        addq	$10, %rcx
+        vmovdqu	256(%rdi), %ymm0
+        vmovdqu	288(%rdi), %ymm1
+        vpaddd	%ymm6, %ymm0, %ymm4
+        vpaddd	%ymm6, %ymm1, %ymm5
+        vpsrld	$13, %ymm4, %ymm4
+        vpsrld	$13, %ymm5, %ymm5
+        vpslld	$13, %ymm4, %ymm2
+        vpslld	$13, %ymm5, %ymm3
+        vpsubd	%ymm2, %ymm0, %ymm2
+        vpsubd	%ymm3, %ymm1, %ymm3
+        vpsubd	%ymm2, %ymm7, %ymm2
+        vpsubd	%ymm3, %ymm7, %ymm3
+        vpsllvd	%ymm8, %ymm2, %ymm2
+        vpsllvd	%ymm8, %ymm3, %ymm3
+        vpshufb	%ymm10, %ymm2, %ymm0
+        vpshufb	%ymm10, %ymm3, %ymm1
+        vpshufb	%ymm9, %ymm2, %ymm2
+        vpshufb	%ymm9, %ymm3, %ymm3
+        vpor	%ymm0, %ymm2, %ymm2
+        vpor	%ymm1, %ymm3, %ymm3
+        vextracti128	$0x01, %ymm2, %xmm0
+        vextracti128	$0x01, %ymm3, %xmm1
+        vpor	%ymm0, %ymm2, %ymm2
+        vpor	%ymm1, %ymm3, %ymm3
+        vmovdqu	%xmm2, (%rdx)
+        addq	$13, %rdx
+        vmovdqu	%xmm3, (%rdx)
+        addq	$13, %rdx
+        vpsllvd	%ymm11, %ymm4, %ymm4
+        vpsllvd	%ymm11, %ymm5, %ymm5
+        vpshufb	%ymm13, %ymm4, %ymm0
+        vpshufb	%ymm13, %ymm5, %ymm1
+        vpshufb	%ymm12, %ymm4, %ymm4
+        vpshufb	%ymm12, %ymm5, %ymm5
+        vpor	%ymm0, %ymm4, %ymm4
+        vpor	%ymm1, %ymm5, %ymm5
+        vextracti128	$0x01, %ymm4, %xmm0
+        vextracti128	$0x01, %ymm5, %xmm1
+        vpor	%ymm0, %ymm4, %ymm4
+        vpor	%ymm1, %ymm5, %ymm5
+        vmovdqu	%xmm4, (%rcx)
+        addq	$10, %rcx
+        vmovdqu	%xmm5, (%rcx)
+        addq	$10, %rcx
+        vmovdqu	320(%rdi), %ymm0
+        vmovdqu	352(%rdi), %ymm1
+        vpaddd	%ymm6, %ymm0, %ymm4
+        vpaddd	%ymm6, %ymm1, %ymm5
+        vpsrld	$13, %ymm4, %ymm4
+        vpsrld	$13, %ymm5, %ymm5
+        vpslld	$13, %ymm4, %ymm2
+        vpslld	$13, %ymm5, %ymm3
+        vpsubd	%ymm2, %ymm0, %ymm2
+        vpsubd	%ymm3, %ymm1, %ymm3
+        vpsubd	%ymm2, %ymm7, %ymm2
+        vpsubd	%ymm3, %ymm7, %ymm3
+        vpsllvd	%ymm8, %ymm2, %ymm2
+        vpsllvd	%ymm8, %ymm3, %ymm3
+        vpshufb	%ymm10, %ymm2, %ymm0
+        vpshufb	%ymm10, %ymm3, %ymm1
+        vpshufb	%ymm9, %ymm2, %ymm2
+        vpshufb	%ymm9, %ymm3, %ymm3
+        vpor	%ymm0, %ymm2, %ymm2
+        vpor	%ymm1, %ymm3, %ymm3
+        vextracti128	$0x01, %ymm2, %xmm0
+        vextracti128	$0x01, %ymm3, %xmm1
+        vpor	%ymm0, %ymm2, %ymm2
+        vpor	%ymm1, %ymm3, %ymm3
+        vmovdqu	%xmm2, (%rdx)
+        addq	$13, %rdx
+        vmovdqu	%xmm3, (%rdx)
+        addq	$13, %rdx
+        vpsllvd	%ymm11, %ymm4, %ymm4
+        vpsllvd	%ymm11, %ymm5, %ymm5
+        vpshufb	%ymm13, %ymm4, %ymm0
+        vpshufb	%ymm13, %ymm5, %ymm1
+        vpshufb	%ymm12, %ymm4, %ymm4
+        vpshufb	%ymm12, %ymm5, %ymm5
+        vpor	%ymm0, %ymm4, %ymm4
+        vpor	%ymm1, %ymm5, %ymm5
+        vextracti128	$0x01, %ymm4, %xmm0
+        vextracti128	$0x01, %ymm5, %xmm1
+        vpor	%ymm0, %ymm4, %ymm4
+        vpor	%ymm1, %ymm5, %ymm5
+        vmovdqu	%xmm4, (%rcx)
+        addq	$10, %rcx
+        vmovdqu	%xmm5, (%rcx)
+        addq	$10, %rcx
+        vmovdqu	384(%rdi), %ymm0
+        vmovdqu	416(%rdi), %ymm1
+        vpaddd	%ymm6, %ymm0, %ymm4
+        vpaddd	%ymm6, %ymm1, %ymm5
+        vpsrld	$13, %ymm4, %ymm4
+        vpsrld	$13, %ymm5, %ymm5
+        vpslld	$13, %ymm4, %ymm2
+        vpslld	$13, %ymm5, %ymm3
+        vpsubd	%ymm2, %ymm0, %ymm2
+        vpsubd	%ymm3, %ymm1, %ymm3
+        vpsubd	%ymm2, %ymm7, %ymm2
+        vpsubd	%ymm3, %ymm7, %ymm3
+        vpsllvd	%ymm8, %ymm2, %ymm2
+        vpsllvd	%ymm8, %ymm3, %ymm3
+        vpshufb	%ymm10, %ymm2, %ymm0
+        vpshufb	%ymm10, %ymm3, %ymm1
+        vpshufb	%ymm9, %ymm2, %ymm2
+        vpshufb	%ymm9, %ymm3, %ymm3
+        vpor	%ymm0, %ymm2, %ymm2
+        vpor	%ymm1, %ymm3, %ymm3
+        vextracti128	$0x01, %ymm2, %xmm0
+        vextracti128	$0x01, %ymm3, %xmm1
+        vpor	%ymm0, %ymm2, %ymm2
+        vpor	%ymm1, %ymm3, %ymm3
+        vmovdqu	%xmm2, (%rdx)
+        addq	$13, %rdx
+        vmovdqu	%xmm3, (%rdx)
+        addq	$13, %rdx
+        vpsllvd	%ymm11, %ymm4, %ymm4
+        vpsllvd	%ymm11, %ymm5, %ymm5
+        vpshufb	%ymm13, %ymm4, %ymm0
+        vpshufb	%ymm13, %ymm5, %ymm1
+        vpshufb	%ymm12, %ymm4, %ymm4
+        vpshufb	%ymm12, %ymm5, %ymm5
+        vpor	%ymm0, %ymm4, %ymm4
+        vpor	%ymm1, %ymm5, %ymm5
+        vextracti128	$0x01, %ymm4, %xmm0
+        vextracti128	$0x01, %ymm5, %xmm1
+        vpor	%ymm0, %ymm4, %ymm4
+        vpor	%ymm1, %ymm5, %ymm5
+        vmovdqu	%xmm4, (%rcx)
+        addq	$10, %rcx
+        vmovdqu	%xmm5, (%rcx)
+        addq	$10, %rcx
+        vmovdqu	448(%rdi), %ymm0
+        vmovdqu	480(%rdi), %ymm1
+        vpaddd	%ymm6, %ymm0, %ymm4
+        vpaddd	%ymm6, %ymm1, %ymm5
+        vpsrld	$13, %ymm4, %ymm4
+        vpsrld	$13, %ymm5, %ymm5
+        vpslld	$13, %ymm4, %ymm2
+        vpslld	$13, %ymm5, %ymm3
+        vpsubd	%ymm2, %ymm0, %ymm2
+        vpsubd	%ymm3, %ymm1, %ymm3
+        vpsubd	%ymm2, %ymm7, %ymm2
+        vpsubd	%ymm3, %ymm7, %ymm3
+        vpsllvd	%ymm8, %ymm2, %ymm2
+        vpsllvd	%ymm8, %ymm3, %ymm3
+        vpshufb	%ymm10, %ymm2, %ymm0
+        vpshufb	%ymm10, %ymm3, %ymm1
+        vpshufb	%ymm9, %ymm2, %ymm2
+        vpshufb	%ymm9, %ymm3, %ymm3
+        vpor	%ymm0, %ymm2, %ymm2
+        vpor	%ymm1, %ymm3, %ymm3
+        vextracti128	$0x01, %ymm2, %xmm0
+        vextracti128	$0x01, %ymm3, %xmm1
+        vpor	%ymm0, %ymm2, %ymm2
+        vpor	%ymm1, %ymm3, %ymm3
+        vmovdqu	%xmm2, (%rdx)
+        addq	$13, %rdx
+        vmovdqu	%xmm3, (%rdx)
+        addq	$13, %rdx
+        vpsllvd	%ymm11, %ymm4, %ymm4
+        vpsllvd	%ymm11, %ymm5, %ymm5
+        vpshufb	%ymm13, %ymm4, %ymm0
+        vpshufb	%ymm13, %ymm5, %ymm1
+        vpshufb	%ymm12, %ymm4, %ymm4
+        vpshufb	%ymm12, %ymm5, %ymm5
+        vpor	%ymm0, %ymm4, %ymm4
+        vpor	%ymm1, %ymm5, %ymm5
+        vextracti128	$0x01, %ymm4, %xmm0
+        vextracti128	$0x01, %ymm5, %xmm1
+        vpor	%ymm0, %ymm4, %ymm4
+        vpor	%ymm1, %ymm5, %ymm5
+        vmovdqu	%xmm4, (%rcx)
+        addq	$10, %rcx
+        vmovdqu	%xmm5, (%rcx)
+        addq	$10, %rcx
+        vmovdqu	512(%rdi), %ymm0
+        vmovdqu	544(%rdi), %ymm1
+        vpaddd	%ymm6, %ymm0, %ymm4
+        vpaddd	%ymm6, %ymm1, %ymm5
+        vpsrld	$13, %ymm4, %ymm4
+        vpsrld	$13, %ymm5, %ymm5
+        vpslld	$13, %ymm4, %ymm2
+        vpslld	$13, %ymm5, %ymm3
+        vpsubd	%ymm2, %ymm0, %ymm2
+        vpsubd	%ymm3, %ymm1, %ymm3
+        vpsubd	%ymm2, %ymm7, %ymm2
+        vpsubd	%ymm3, %ymm7, %ymm3
+        vpsllvd	%ymm8, %ymm2, %ymm2
+        vpsllvd	%ymm8, %ymm3, %ymm3
+        vpshufb	%ymm10, %ymm2, %ymm0
+        vpshufb	%ymm10, %ymm3, %ymm1
+        vpshufb	%ymm9, %ymm2, %ymm2
+        vpshufb	%ymm9, %ymm3, %ymm3
+        vpor	%ymm0, %ymm2, %ymm2
+        vpor	%ymm1, %ymm3, %ymm3
+        vextracti128	$0x01, %ymm2, %xmm0
+        vextracti128	$0x01, %ymm3, %xmm1
+        vpor	%ymm0, %ymm2, %ymm2
+        vpor	%ymm1, %ymm3, %ymm3
+        vmovdqu	%xmm2, (%rdx)
+        addq	$13, %rdx
+        vmovdqu	%xmm3, (%rdx)
+        addq	$13, %rdx
+        vpsllvd	%ymm11, %ymm4, %ymm4
+        vpsllvd	%ymm11, %ymm5, %ymm5
+        vpshufb	%ymm13, %ymm4, %ymm0
+        vpshufb	%ymm13, %ymm5, %ymm1
+        vpshufb	%ymm12, %ymm4, %ymm4
+        vpshufb	%ymm12, %ymm5, %ymm5
+        vpor	%ymm0, %ymm4, %ymm4
+        vpor	%ymm1, %ymm5, %ymm5
+        vextracti128	$0x01, %ymm4, %xmm0
+        vextracti128	$0x01, %ymm5, %xmm1
+        vpor	%ymm0, %ymm4, %ymm4
+        vpor	%ymm1, %ymm5, %ymm5
+        vmovdqu	%xmm4, (%rcx)
+        addq	$10, %rcx
+        vmovdqu	%xmm5, (%rcx)
+        addq	$10, %rcx
+        vmovdqu	576(%rdi), %ymm0
+        vmovdqu	608(%rdi), %ymm1
+        vpaddd	%ymm6, %ymm0, %ymm4
+        vpaddd	%ymm6, %ymm1, %ymm5
+        vpsrld	$13, %ymm4, %ymm4
+        vpsrld	$13, %ymm5, %ymm5
+        vpslld	$13, %ymm4, %ymm2
+        vpslld	$13, %ymm5, %ymm3
+        vpsubd	%ymm2, %ymm0, %ymm2
+        vpsubd	%ymm3, %ymm1, %ymm3
+        vpsubd	%ymm2, %ymm7, %ymm2
+        vpsubd	%ymm3, %ymm7, %ymm3
+        vpsllvd	%ymm8, %ymm2, %ymm2
+        vpsllvd	%ymm8, %ymm3, %ymm3
+        vpshufb	%ymm10, %ymm2, %ymm0
+        vpshufb	%ymm10, %ymm3, %ymm1
+        vpshufb	%ymm9, %ymm2, %ymm2
+        vpshufb	%ymm9, %ymm3, %ymm3
+        vpor	%ymm0, %ymm2, %ymm2
+        vpor	%ymm1, %ymm3, %ymm3
+        vextracti128	$0x01, %ymm2, %xmm0
+        vextracti128	$0x01, %ymm3, %xmm1
+        vpor	%ymm0, %ymm2, %ymm2
+        vpor	%ymm1, %ymm3, %ymm3
+        vmovdqu	%xmm2, (%rdx)
+        addq	$13, %rdx
+        vmovdqu	%xmm3, (%rdx)
+        addq	$13, %rdx
+        vpsllvd	%ymm11, %ymm4, %ymm4
+        vpsllvd	%ymm11, %ymm5, %ymm5
+        vpshufb	%ymm13, %ymm4, %ymm0
+        vpshufb	%ymm13, %ymm5, %ymm1
+        vpshufb	%ymm12, %ymm4, %ymm4
+        vpshufb	%ymm12, %ymm5, %ymm5
+        vpor	%ymm0, %ymm4, %ymm4
+        vpor	%ymm1, %ymm5, %ymm5
+        vextracti128	$0x01, %ymm4, %xmm0
+        vextracti128	$0x01, %ymm5, %xmm1
+        vpor	%ymm0, %ymm4, %ymm4
+        vpor	%ymm1, %ymm5, %ymm5
+        vmovdqu	%xmm4, (%rcx)
+        addq	$10, %rcx
+        vmovdqu	%xmm5, (%rcx)
+        addq	$10, %rcx
+        vmovdqu	640(%rdi), %ymm0
+        vmovdqu	672(%rdi), %ymm1
+        vpaddd	%ymm6, %ymm0, %ymm4
+        vpaddd	%ymm6, %ymm1, %ymm5
+        vpsrld	$13, %ymm4, %ymm4
+        vpsrld	$13, %ymm5, %ymm5
+        vpslld	$13, %ymm4, %ymm2
+        vpslld	$13, %ymm5, %ymm3
+        vpsubd	%ymm2, %ymm0, %ymm2
+        vpsubd	%ymm3, %ymm1, %ymm3
+        vpsubd	%ymm2, %ymm7, %ymm2
+        vpsubd	%ymm3, %ymm7, %ymm3
+        vpsllvd	%ymm8, %ymm2, %ymm2
+        vpsllvd	%ymm8, %ymm3, %ymm3
+        vpshufb	%ymm10, %ymm2, %ymm0
+        vpshufb	%ymm10, %ymm3, %ymm1
+        vpshufb	%ymm9, %ymm2, %ymm2
+        vpshufb	%ymm9, %ymm3, %ymm3
+        vpor	%ymm0, %ymm2, %ymm2
+        vpor	%ymm1, %ymm3, %ymm3
+        vextracti128	$0x01, %ymm2, %xmm0
+        vextracti128	$0x01, %ymm3, %xmm1
+        vpor	%ymm0, %ymm2, %ymm2
+        vpor	%ymm1, %ymm3, %ymm3
+        vmovdqu	%xmm2, (%rdx)
+        addq	$13, %rdx
+        vmovdqu	%xmm3, (%rdx)
+        addq	$13, %rdx
+        vpsllvd	%ymm11, %ymm4, %ymm4
+        vpsllvd	%ymm11, %ymm5, %ymm5
+        vpshufb	%ymm13, %ymm4, %ymm0
+        vpshufb	%ymm13, %ymm5, %ymm1
+        vpshufb	%ymm12, %ymm4, %ymm4
+        vpshufb	%ymm12, %ymm5, %ymm5
+        vpor	%ymm0, %ymm4, %ymm4
+        vpor	%ymm1, %ymm5, %ymm5
+        vextracti128	$0x01, %ymm4, %xmm0
+        vextracti128	$0x01, %ymm5, %xmm1
+        vpor	%ymm0, %ymm4, %ymm4
+        vpor	%ymm1, %ymm5, %ymm5
+        vmovdqu	%xmm4, (%rcx)
+        addq	$10, %rcx
+        vmovdqu	%xmm5, (%rcx)
+        addq	$10, %rcx
+        vmovdqu	704(%rdi), %ymm0
+        vmovdqu	736(%rdi), %ymm1
+        vpaddd	%ymm6, %ymm0, %ymm4
+        vpaddd	%ymm6, %ymm1, %ymm5
+        vpsrld	$13, %ymm4, %ymm4
+        vpsrld	$13, %ymm5, %ymm5
+        vpslld	$13, %ymm4, %ymm2
+        vpslld	$13, %ymm5, %ymm3
+        vpsubd	%ymm2, %ymm0, %ymm2
+        vpsubd	%ymm3, %ymm1, %ymm3
+        vpsubd	%ymm2, %ymm7, %ymm2
+        vpsubd	%ymm3, %ymm7, %ymm3
+        vpsllvd	%ymm8, %ymm2, %ymm2
+        vpsllvd	%ymm8, %ymm3, %ymm3
+        vpshufb	%ymm10, %ymm2, %ymm0
+        vpshufb	%ymm10, %ymm3, %ymm1
+        vpshufb	%ymm9, %ymm2, %ymm2
+        vpshufb	%ymm9, %ymm3, %ymm3
+        vpor	%ymm0, %ymm2, %ymm2
+        vpor	%ymm1, %ymm3, %ymm3
+        vextracti128	$0x01, %ymm2, %xmm0
+        vextracti128	$0x01, %ymm3, %xmm1
+        vpor	%ymm0, %ymm2, %ymm2
+        vpor	%ymm1, %ymm3, %ymm3
+        vmovdqu	%xmm2, (%rdx)
+        addq	$13, %rdx
+        vmovdqu	%xmm3, (%rdx)
+        addq	$13, %rdx
+        vpsllvd	%ymm11, %ymm4, %ymm4
+        vpsllvd	%ymm11, %ymm5, %ymm5
+        vpshufb	%ymm13, %ymm4, %ymm0
+        vpshufb	%ymm13, %ymm5, %ymm1
+        vpshufb	%ymm12, %ymm4, %ymm4
+        vpshufb	%ymm12, %ymm5, %ymm5
+        vpor	%ymm0, %ymm4, %ymm4
+        vpor	%ymm1, %ymm5, %ymm5
+        vextracti128	$0x01, %ymm4, %xmm0
+        vextracti128	$0x01, %ymm5, %xmm1
+        vpor	%ymm0, %ymm4, %ymm4
+        vpor	%ymm1, %ymm5, %ymm5
+        vmovdqu	%xmm4, (%rcx)
+        addq	$10, %rcx
+        vmovdqu	%xmm5, (%rcx)
+        addq	$10, %rcx
+        vmovdqu	768(%rdi), %ymm0
+        vmovdqu	800(%rdi), %ymm1
+        vpaddd	%ymm6, %ymm0, %ymm4
+        vpaddd	%ymm6, %ymm1, %ymm5
+        vpsrld	$13, %ymm4, %ymm4
+        vpsrld	$13, %ymm5, %ymm5
+        vpslld	$13, %ymm4, %ymm2
+        vpslld	$13, %ymm5, %ymm3
+        vpsubd	%ymm2, %ymm0, %ymm2
+        vpsubd	%ymm3, %ymm1, %ymm3
+        vpsubd	%ymm2, %ymm7, %ymm2
+        vpsubd	%ymm3, %ymm7, %ymm3
+        vpsllvd	%ymm8, %ymm2, %ymm2
+        vpsllvd	%ymm8, %ymm3, %ymm3
+        vpshufb	%ymm10, %ymm2, %ymm0
+        vpshufb	%ymm10, %ymm3, %ymm1
+        vpshufb	%ymm9, %ymm2, %ymm2
+        vpshufb	%ymm9, %ymm3, %ymm3
+        vpor	%ymm0, %ymm2, %ymm2
+        vpor	%ymm1, %ymm3, %ymm3
+        vextracti128	$0x01, %ymm2, %xmm0
+        vextracti128	$0x01, %ymm3, %xmm1
+        vpor	%ymm0, %ymm2, %ymm2
+        vpor	%ymm1, %ymm3, %ymm3
+        vmovdqu	%xmm2, (%rdx)
+        addq	$13, %rdx
+        vmovdqu	%xmm3, (%rdx)
+        addq	$13, %rdx
+        vpsllvd	%ymm11, %ymm4, %ymm4
+        vpsllvd	%ymm11, %ymm5, %ymm5
+        vpshufb	%ymm13, %ymm4, %ymm0
+        vpshufb	%ymm13, %ymm5, %ymm1
+        vpshufb	%ymm12, %ymm4, %ymm4
+        vpshufb	%ymm12, %ymm5, %ymm5
+        vpor	%ymm0, %ymm4, %ymm4
+        vpor	%ymm1, %ymm5, %ymm5
+        vextracti128	$0x01, %ymm4, %xmm0
+        vextracti128	$0x01, %ymm5, %xmm1
+        vpor	%ymm0, %ymm4, %ymm4
+        vpor	%ymm1, %ymm5, %ymm5
+        vmovdqu	%xmm4, (%rcx)
+        addq	$10, %rcx
+        vmovdqu	%xmm5, (%rcx)
+        addq	$10, %rcx
+        vmovdqu	832(%rdi), %ymm0
+        vmovdqu	864(%rdi), %ymm1
+        vpaddd	%ymm6, %ymm0, %ymm4
+        vpaddd	%ymm6, %ymm1, %ymm5
+        vpsrld	$13, %ymm4, %ymm4
+        vpsrld	$13, %ymm5, %ymm5
+        vpslld	$13, %ymm4, %ymm2
+        vpslld	$13, %ymm5, %ymm3
+        vpsubd	%ymm2, %ymm0, %ymm2
+        vpsubd	%ymm3, %ymm1, %ymm3
+        vpsubd	%ymm2, %ymm7, %ymm2
+        vpsubd	%ymm3, %ymm7, %ymm3
+        vpsllvd	%ymm8, %ymm2, %ymm2
+        vpsllvd	%ymm8, %ymm3, %ymm3
+        vpshufb	%ymm10, %ymm2, %ymm0
+        vpshufb	%ymm10, %ymm3, %ymm1
+        vpshufb	%ymm9, %ymm2, %ymm2
+        vpshufb	%ymm9, %ymm3, %ymm3
+        vpor	%ymm0, %ymm2, %ymm2
+        vpor	%ymm1, %ymm3, %ymm3
+        vextracti128	$0x01, %ymm2, %xmm0
+        vextracti128	$0x01, %ymm3, %xmm1
+        vpor	%ymm0, %ymm2, %ymm2
+        vpor	%ymm1, %ymm3, %ymm3
+        vmovdqu	%xmm2, (%rdx)
+        addq	$13, %rdx
+        vmovdqu	%xmm3, (%rdx)
+        addq	$13, %rdx
+        vpsllvd	%ymm11, %ymm4, %ymm4
+        vpsllvd	%ymm11, %ymm5, %ymm5
+        vpshufb	%ymm13, %ymm4, %ymm0
+        vpshufb	%ymm13, %ymm5, %ymm1
+        vpshufb	%ymm12, %ymm4, %ymm4
+        vpshufb	%ymm12, %ymm5, %ymm5
+        vpor	%ymm0, %ymm4, %ymm4
+        vpor	%ymm1, %ymm5, %ymm5
+        vextracti128	$0x01, %ymm4, %xmm0
+        vextracti128	$0x01, %ymm5, %xmm1
+        vpor	%ymm0, %ymm4, %ymm4
+        vpor	%ymm1, %ymm5, %ymm5
+        vmovdqu	%xmm4, (%rcx)
+        addq	$10, %rcx
+        vmovdqu	%xmm5, (%rcx)
+        addq	$10, %rcx
+        vmovdqu	896(%rdi), %ymm0
+        vmovdqu	928(%rdi), %ymm1
+        vpaddd	%ymm6, %ymm0, %ymm4
+        vpaddd	%ymm6, %ymm1, %ymm5
+        vpsrld	$13, %ymm4, %ymm4
+        vpsrld	$13, %ymm5, %ymm5
+        vpslld	$13, %ymm4, %ymm2
+        vpslld	$13, %ymm5, %ymm3
+        vpsubd	%ymm2, %ymm0, %ymm2
+        vpsubd	%ymm3, %ymm1, %ymm3
+        vpsubd	%ymm2, %ymm7, %ymm2
+        vpsubd	%ymm3, %ymm7, %ymm3
+        vpsllvd	%ymm8, %ymm2, %ymm2
+        vpsllvd	%ymm8, %ymm3, %ymm3
+        vpshufb	%ymm10, %ymm2, %ymm0
+        vpshufb	%ymm10, %ymm3, %ymm1
+        vpshufb	%ymm9, %ymm2, %ymm2
+        vpshufb	%ymm9, %ymm3, %ymm3
+        vpor	%ymm0, %ymm2, %ymm2
+        vpor	%ymm1, %ymm3, %ymm3
+        vextracti128	$0x01, %ymm2, %xmm0
+        vextracti128	$0x01, %ymm3, %xmm1
+        vpor	%ymm0, %ymm2, %ymm2
+        vpor	%ymm1, %ymm3, %ymm3
+        vmovdqu	%xmm2, (%rdx)
+        addq	$13, %rdx
+        vmovdqu	%xmm3, (%rdx)
+        addq	$13, %rdx
+        vpsllvd	%ymm11, %ymm4, %ymm4
+        vpsllvd	%ymm11, %ymm5, %ymm5
+        vpshufb	%ymm13, %ymm4, %ymm0
+        vpshufb	%ymm13, %ymm5, %ymm1
+        vpshufb	%ymm12, %ymm4, %ymm4
+        vpshufb	%ymm12, %ymm5, %ymm5
+        vpor	%ymm0, %ymm4, %ymm4
+        vpor	%ymm1, %ymm5, %ymm5
+        vextracti128	$0x01, %ymm4, %xmm0
+        vextracti128	$0x01, %ymm5, %xmm1
+        vpor	%ymm0, %ymm4, %ymm4
+        vpor	%ymm1, %ymm5, %ymm5
+        vmovdqu	%xmm4, (%rcx)
+        addq	$10, %rcx
+        vmovdqu	%xmm5, (%rcx)
+        addq	$10, %rcx
+        vmovdqu	960(%rdi), %ymm0
+        vmovdqu	992(%rdi), %ymm1
+        vpaddd	%ymm6, %ymm0, %ymm4
+        vpaddd	%ymm6, %ymm1, %ymm5
+        vpsrld	$13, %ymm4, %ymm4
+        vpsrld	$13, %ymm5, %ymm5
+        vpslld	$13, %ymm4, %ymm2
+        vpslld	$13, %ymm5, %ymm3
+        vpsubd	%ymm2, %ymm0, %ymm2
+        vpsubd	%ymm3, %ymm1, %ymm3
+        vpsubd	%ymm2, %ymm7, %ymm2
+        vpsubd	%ymm3, %ymm7, %ymm3
+        vpsllvd	%ymm8, %ymm2, %ymm2
+        vpsllvd	%ymm8, %ymm3, %ymm3
+        vpshufb	%ymm10, %ymm2, %ymm0
+        vpshufb	%ymm10, %ymm3, %ymm1
+        vpshufb	%ymm9, %ymm2, %ymm2
+        vpshufb	%ymm9, %ymm3, %ymm3
+        vpor	%ymm0, %ymm2, %ymm2
+        vpor	%ymm1, %ymm3, %ymm3
+        vextracti128	$0x01, %ymm2, %xmm0
+        vextracti128	$0x01, %ymm3, %xmm1
+        vpor	%ymm0, %ymm2, %ymm2
+        vpor	%ymm1, %ymm3, %ymm3
+        vmovdqu	%xmm2, (%rdx)
+        addq	$13, %rdx
+        vmovdqu	%xmm3, (%rdx)
+        addq	$13, %rdx
+        vpsllvd	%ymm11, %ymm4, %ymm4
+        vpsllvd	%ymm11, %ymm5, %ymm5
+        vpshufb	%ymm13, %ymm4, %ymm0
+        vpshufb	%ymm13, %ymm5, %ymm1
+        vpshufb	%ymm12, %ymm4, %ymm4
+        vpshufb	%ymm12, %ymm5, %ymm5
+        vpor	%ymm0, %ymm4, %ymm4
+        vpor	%ymm1, %ymm5, %ymm5
+        vextracti128	$0x01, %ymm4, %xmm0
+        vextracti128	$0x01, %ymm5, %xmm1
+        vpor	%ymm0, %ymm4, %ymm4
+        vpor	%ymm1, %ymm5, %ymm5
+        vmovdqu	%xmm4, (%rcx)
+        addq	$10, %rcx
+        vmovdqu	%xmm5, (%rcx)
+        addq	$10, %rcx
+        addq	$0x400, %rdi
+        decb	%sil
+        jnz	L_mldsa_encode_t0_t1_avx2_loop
+        vzeroupper
+        repz retq
+#ifndef __APPLE__
+.size	wc_mldsa_vec_encode_t0_t1_avx2,.-wc_mldsa_vec_encode_t0_t1_avx2
+#endif /* __APPLE__ */
+#ifndef __APPLE__
+.data
+#else
+.section	__DATA,__data
+#endif /* __APPLE__ */
+#ifndef __APPLE__
+.align	16
+#else
+.p2align	4
+#endif /* __APPLE__ */
+L_mldsa_decode_t0_avx2_shuff_0:
+.value	0x100,0xffff
+.value	0x1ff,0x302
+.value	0x403,0xff05
+.value	0x504,0x706
+.value	0x706,0xff08
+.value	0x8ff,0xff09
+.value	0xa09,0xff0b
+.value	0xffff,0xc0b
+#ifndef __APPLE__
+.data
+#else
+.section	__DATA,__data
+#endif /* __APPLE__ */
+#ifndef __APPLE__
+.align	16
+#else
+.p2align	4
+#endif /* __APPLE__ */
+L_mldsa_decode_t0_avx2_shuff_1:
+.value	0x605,0xffff
+.value	0x6ff,0x807
+.value	0x908,0xffff
+.value	0xa09,0xff0b
+.value	0x403,0xff05
+.value	0x5ff,0xff06
+.value	0x706,0xff08
+.value	0xffff,0x908
+#ifndef __APPLE__
+.data
+#else
+.section	__DATA,__data
+#endif /* __APPLE__ */
+#ifndef __APPLE__
+.align	16
+#else
+.p2align	4
+#endif /* __APPLE__ */
+L_mldsa_decode_t0_avx2_shuff_2:
+.value	0x302,0xffff
+.value	0x3ff,0x504
+.value	0x605,0xffff
+.value	0x706,0xff08
+.value	0x100,0xff02
+.value	0x2ff,0xff03
+.value	0x403,0xff05
+.value	0xffff,0x605
+#ifndef __APPLE__
+.data
+#else
+.section	__DATA,__data
+#endif /* __APPLE__ */
+#ifndef __APPLE__
+.align	16
+#else
+.p2align	4
+#endif /* __APPLE__ */
+L_mldsa_decode_t0_avx2_shuff_3:
+.value	0x807,0xffff
+.value	0x8ff,0xa09
+.value	0xb0a,0xffff
+.value	0xc0b,0xff0d
+.value	0x605,0xff07
+.value	0x7ff,0xff08
+.value	0x908,0xff0a
+.value	0xffff,0xb0a
+#ifndef __APPLE__
+.data
+#else
+.section	__DATA,__data
+#endif /* __APPLE__ */
+#ifndef __APPLE__
+.align	16
+#else
+.p2align	4
+#endif /* __APPLE__ */
+L_mldsa_decode_t0_avx2_shuff_4:
+.value	0x504,0xffff
+.value	0x5ff,0x706
+.value	0x807,0xffff
+.value	0x908,0xff0a
+.value	0x302,0xff04
+.value	0x4ff,0xff05
+.value	0x605,0xff07
+.value	0xffff,0x807
+#ifndef __APPLE__
+.data
+#else
+.section	__DATA,__data
+#endif /* __APPLE__ */
+#ifndef __APPLE__
+.align	16
+#else
+.p2align	4
+#endif /* __APPLE__ */
+L_mldsa_decode_t0_avx2_shuff_5:
+.value	0x201,0xffff
+.value	0x2ff,0x403
+.value	0x504,0xffff
+.value	0x605,0xff07
+.value	0x807,0xff09
+.value	0x9ff,0xff0a
+.value	0xb0a,0xff0c
+.value	0xffff,0xd0c
+#ifndef __APPLE__
+.data
+#else
+.section	__DATA,__data
+#endif /* __APPLE__ */
+#ifndef __APPLE__
+.align	16
+#else
+.p2align	4
+#endif /* __APPLE__ */
+L_mldsa_decode_t0_avx2_shuff_6:
+.value	0x706,0xffff
+.value	0x7ff,0x908
+.value	0xa09,0xffff
+.value	0xb0a,0xff0c
+.value	0x504,0xff06
+.value	0x6ff,0x807
+.value	0x807,0xff09
+.value	0xffff,0xa09
+#ifndef __APPLE__
+.data
+#else
+.section	__DATA,__data
+#endif /* __APPLE__ */
+#ifndef __APPLE__
+.align	16
+#else
+.p2align	4
+#endif /* __APPLE__ */
+L_mldsa_decode_t0_avx2_shuff_7:
+.value	0x403,0xffff
+.value	0x4ff,0x605
+.value	0x706,0xffff
+.value	0x807,0xff09
+.value	0x201,0xff03
+.value	0x3ff,0xff04
+.value	0x504,0xff06
+.value	0xffff,0x706
+#ifndef __APPLE__
+.data
+#else
+.section	__DATA,__data
+#endif /* __APPLE__ */
+L_mldsa_decode_t0_avx2_vs_8:
+.long	0x00000000,0x0000000d,0x00000002,0x00000007
+.long	0x00000004,0x00000009,0x00000006,0x00000013
+#ifndef __APPLE__
+.data
+#else
+.section	__DATA,__data
+#endif /* __APPLE__ */
+L_mldsa_decode_t0_avx2_mask:
+.long	0x00001fff,0x00001fff,0x00001fff,0x00001fff
+.long	0x00001fff,0x00001fff,0x00001fff,0x00001fff
+#ifndef __APPLE__
+.data
+#else
+.section	__DATA,__data
+#endif /* __APPLE__ */
+L_mldsa_decode_t0_avx2_d_max_half:
+.long	0x00001000,0x00001000,0x00001000,0x00001000
+.long	0x00001000,0x00001000,0x00001000,0x00001000
+#ifndef __APPLE__
+.text
+.globl	wc_mldsa_decode_t0_avx2
+.type	wc_mldsa_decode_t0_avx2,@function
+.align	16
+wc_mldsa_decode_t0_avx2:
+#else
+.section	__TEXT,__text
+.globl	_wc_mldsa_decode_t0_avx2
+.p2align	4
+_wc_mldsa_decode_t0_avx2:
+#endif /* __APPLE__ */
+        vpxor	%ymm5, %ymm5, %ymm5
+        vmovdqu	L_mldsa_decode_t0_avx2_shuff_0(%rip), %ymm5
+        vmovdqu	L_mldsa_decode_t0_avx2_shuff_1(%rip), %ymm6
+        vmovdqu	L_mldsa_decode_t0_avx2_shuff_2(%rip), %ymm7
+        vmovdqu	L_mldsa_decode_t0_avx2_shuff_3(%rip), %ymm8
+        vmovdqu	L_mldsa_decode_t0_avx2_shuff_4(%rip), %ymm9
+        vmovdqu	L_mldsa_decode_t0_avx2_shuff_5(%rip), %ymm10
+        vmovdqu	L_mldsa_decode_t0_avx2_shuff_6(%rip), %ymm11
+        vmovdqu	L_mldsa_decode_t0_avx2_shuff_7(%rip), %ymm12
+        vmovdqu	L_mldsa_decode_t0_avx2_vs_8(%rip), %ymm13
+        vmovdqu	L_mldsa_decode_t0_avx2_mask(%rip), %ymm14
+        vmovdqu	L_mldsa_decode_t0_avx2_d_max_half(%rip), %ymm15
+        vmovdqu	(%rdi), %ymm0
+        vmovdqu	32(%rdi), %ymm1
+        vmovdqu	64(%rdi), %ymm2
+        vmovdqu	96(%rdi), %ymm3
+        # 1/32
+        vpermq	$0x44, %ymm0, %ymm4
+        vpshufb	%ymm5, %ymm4, %ymm4
+        vpsrlvd	%ymm13, %ymm4, %ymm4
+        vpand	%ymm14, %ymm4, %ymm4
+        vpsubd	%ymm4, %ymm15, %ymm4
+        vmovdqu	%ymm4, (%rsi)
+        # 2/32
+        vpermq	$0xe9, %ymm0, %ymm4
+        vpshufb	%ymm6, %ymm4, %ymm4
+        vpsrlvd	%ymm13, %ymm4, %ymm4
+        vpand	%ymm14, %ymm4, %ymm4
+        vpsubd	%ymm4, %ymm15, %ymm4
+        vmovdqu	%ymm4, 32(%rsi)
+        # 3/32
+        vperm2i128	$0x21, %ymm1, %ymm0, %ymm0
+        vpermq	$0xe9, %ymm0, %ymm4
+        vpshufb	%ymm7, %ymm4, %ymm4
+        vpsrlvd	%ymm13, %ymm4, %ymm4
+        vpand	%ymm14, %ymm4, %ymm4
+        vpsubd	%ymm4, %ymm15, %ymm4
+        vmovdqu	%ymm4, 64(%rsi)
+        # 4/32
+        vpermq	$0x94, %ymm1, %ymm4
+        vpshufb	%ymm8, %ymm4, %ymm4
+        vpsrlvd	%ymm13, %ymm4, %ymm4
+        vpand	%ymm14, %ymm4, %ymm4
+        vpsubd	%ymm4, %ymm15, %ymm4
+        vmovdqu	%ymm4, 96(%rsi)
+        # 5/32
+        vperm2i128	$0x21, %ymm2, %ymm1, %ymm1
+        vpermq	$0x94, %ymm1, %ymm4
+        vpshufb	%ymm9, %ymm4, %ymm4
+        vpsrlvd	%ymm13, %ymm4, %ymm4
+        vpand	%ymm14, %ymm4, %ymm4
+        vpsubd	%ymm4, %ymm15, %ymm4
+        vmovdqu	%ymm4, 128(%rsi)
+        # 6/32
+        vpermq	$0x44, %ymm2, %ymm4
+        vpshufb	%ymm10, %ymm4, %ymm4
+        vpsrlvd	%ymm13, %ymm4, %ymm4
+        vpand	%ymm14, %ymm4, %ymm4
+        vpsubd	%ymm4, %ymm15, %ymm4
+        vmovdqu	%ymm4, 160(%rsi)
+        # 7/32
+        vpermq	$0xe9, %ymm2, %ymm4
+        vpshufb	%ymm11, %ymm4, %ymm4
+        vpsrlvd	%ymm13, %ymm4, %ymm4
+        vpand	%ymm14, %ymm4, %ymm4
+        vpsubd	%ymm4, %ymm15, %ymm4
+        vmovdqu	%ymm4, 192(%rsi)
+        # 8/32
+        vperm2i128	$0x21, %ymm3, %ymm2, %ymm2
+        vpermq	$0xe9, %ymm2, %ymm4
+        vpshufb	%ymm12, %ymm4, %ymm4
+        vpsrlvd	%ymm13, %ymm4, %ymm4
+        vpand	%ymm14, %ymm4, %ymm4
+        vpsubd	%ymm4, %ymm15, %ymm4
+        vmovdqu	%ymm4, 224(%rsi)
+        # 9/32
+        vpermq	$0x99, %ymm3, %ymm4
+        vpshufb	%ymm5, %ymm4, %ymm4
+        vpsrlvd	%ymm13, %ymm4, %ymm4
+        vpand	%ymm14, %ymm4, %ymm4
+        vpsubd	%ymm4, %ymm15, %ymm4
+        vmovdqu	%ymm4, 256(%rsi)
+        # 10/32
+        vmovdqu	128(%rdi), %ymm0
+        vmovdqu	160(%rdi), %ymm1
+        vperm2i128	$0x21, %ymm0, %ymm3, %ymm3
+        vpermq	$0x94, %ymm3, %ymm4
+        vpshufb	%ymm6, %ymm4, %ymm4
+        vpsrlvd	%ymm13, %ymm4, %ymm4
+        vpand	%ymm14, %ymm4, %ymm4
+        vpsubd	%ymm4, %ymm15, %ymm4
+        vmovdqu	%ymm4, 288(%rsi)
+        # 11/32
+        vpermq	$0x94, %ymm0, %ymm4
+        vpshufb	%ymm7, %ymm4, %ymm4
+        vpsrlvd	%ymm13, %ymm4, %ymm4
+        vpand	%ymm14, %ymm4, %ymm4
+        vpsubd	%ymm4, %ymm15, %ymm4
+        vmovdqu	%ymm4, 320(%rsi)
+        # 12/32
+        vpermq	$0xe9, %ymm0, %ymm4
+        vpshufb	%ymm8, %ymm4, %ymm4
+        vpsrlvd	%ymm13, %ymm4, %ymm4
+        vpand	%ymm14, %ymm4, %ymm4
+        vpsubd	%ymm4, %ymm15, %ymm4
+        vmovdqu	%ymm4, 352(%rsi)
+        # 13/32
+        vperm2i128	$0x21, %ymm1, %ymm0, %ymm0
+        vpermq	$0xe9, %ymm0, %ymm4
+        vpshufb	%ymm9, %ymm4, %ymm4
+        vpsrlvd	%ymm13, %ymm4, %ymm4
+        vpand	%ymm14, %ymm4, %ymm4
+        vpsubd	%ymm4, %ymm15, %ymm4
+        vmovdqu	%ymm4, 384(%rsi)
+        # 14/32
+        vpermq	$0x99, %ymm1, %ymm4
+        vpshufb	%ymm10, %ymm4, %ymm4
+        vpsrlvd	%ymm13, %ymm4, %ymm4
+        vpand	%ymm14, %ymm4, %ymm4
+        vpsubd	%ymm4, %ymm15, %ymm4
+        vmovdqu	%ymm4, 416(%rsi)
+        # 15/32
+        vmovdqu	192(%rdi), %ymm2
+        vmovdqu	224(%rdi), %ymm3
+        vperm2i128	$0x21, %ymm2, %ymm1, %ymm1
+        vpermq	$0x94, %ymm1, %ymm4
+        vpshufb	%ymm11, %ymm4, %ymm4
+        vpsrlvd	%ymm13, %ymm4, %ymm4
+        vpand	%ymm14, %ymm4, %ymm4
+        vpsubd	%ymm4, %ymm15, %ymm4
+        vmovdqu	%ymm4, 448(%rsi)
+        # 16/32
+        vpermq	$0x94, %ymm2, %ymm4
+        vpshufb	%ymm12, %ymm4, %ymm4
+        vpsrlvd	%ymm13, %ymm4, %ymm4
+        vpand	%ymm14, %ymm4, %ymm4
+        vpsubd	%ymm4, %ymm15, %ymm4
+        vmovdqu	%ymm4, 480(%rsi)
+        # 17/32
+        vpermq	$0xee, %ymm2, %ymm4
+        vpshufb	%ymm5, %ymm4, %ymm4
+        vpsrlvd	%ymm13, %ymm4, %ymm4
+        vpand	%ymm14, %ymm4, %ymm4
+        vpsubd	%ymm4, %ymm15, %ymm4
+        vmovdqu	%ymm4, 512(%rsi)
+        # 18/32
+        vperm2i128	$0x21, %ymm3, %ymm2, %ymm2
+        vpermq	$0xe9, %ymm2, %ymm4
+        vpshufb	%ymm6, %ymm4, %ymm4
+        vpsrlvd	%ymm13, %ymm4, %ymm4
+        vpand	%ymm14, %ymm4, %ymm4
+        vpsubd	%ymm4, %ymm15, %ymm4
+        vmovdqu	%ymm4, 544(%rsi)
+        # 19/32
+        vpermq	$0xe9, %ymm3, %ymm4
+        vpshufb	%ymm7, %ymm4, %ymm4
+        vpsrlvd	%ymm13, %ymm4, %ymm4
+        vpand	%ymm14, %ymm4, %ymm4
+        vpsubd	%ymm4, %ymm15, %ymm4
+        vmovdqu	%ymm4, 576(%rsi)
+        # 20/32
+        vmovdqu	256(%rdi), %ymm0
+        vmovdqu	288(%rdi), %ymm1
+        vperm2i128	$0x21, %ymm0, %ymm3, %ymm3
+        vpermq	$0x94, %ymm3, %ymm4
+        vpshufb	%ymm8, %ymm4, %ymm4
+        vpsrlvd	%ymm13, %ymm4, %ymm4
+        vpand	%ymm14, %ymm4, %ymm4
+        vpsubd	%ymm4, %ymm15, %ymm4
+        vmovdqu	%ymm4, 608(%rsi)
+        # 21/32
+        vpermq	$0x94, %ymm0, %ymm4
+        vpshufb	%ymm9, %ymm4, %ymm4
+        vpsrlvd	%ymm13, %ymm4, %ymm4
+        vpand	%ymm14, %ymm4, %ymm4
+        vpsubd	%ymm4, %ymm15, %ymm4
+        vmovdqu	%ymm4, 640(%rsi)
+        # 22/32
+        vpermq	$0xee, %ymm0, %ymm4
+        vpshufb	%ymm10, %ymm4, %ymm4
+        vpsrlvd	%ymm13, %ymm4, %ymm4
+        vpand	%ymm14, %ymm4, %ymm4
+        vpsubd	%ymm4, %ymm15, %ymm4
+        vmovdqu	%ymm4, 672(%rsi)
+        # 23/32
+        vperm2i128	$0x21, %ymm1, %ymm0, %ymm0
+        vpermq	$0xe9, %ymm0, %ymm4
+        vpshufb	%ymm11, %ymm4, %ymm4
+        vpsrlvd	%ymm13, %ymm4, %ymm4
+        vpand	%ymm14, %ymm4, %ymm4
+        vpsubd	%ymm4, %ymm15, %ymm4
+        vmovdqu	%ymm4, 704(%rsi)
+        # 24/32
+        vpermq	$0xe9, %ymm1, %ymm4
+        vpshufb	%ymm12, %ymm4, %ymm4
+        vpsrlvd	%ymm13, %ymm4, %ymm4
+        vpand	%ymm14, %ymm4, %ymm4
+        vpsubd	%ymm4, %ymm15, %ymm4
+        vmovdqu	%ymm4, 736(%rsi)
+        # 25/32
+        vmovdqu	320(%rdi), %ymm2
+        vmovdqu	352(%rdi), %ymm3
+        vperm2i128	$0x21, %ymm2, %ymm1, %ymm1
+        vpermq	$0x99, %ymm1, %ymm4
+        vpshufb	%ymm5, %ymm4, %ymm4
+        vpsrlvd	%ymm13, %ymm4, %ymm4
+        vpand	%ymm14, %ymm4, %ymm4
+        vpsubd	%ymm4, %ymm15, %ymm4
+        vmovdqu	%ymm4, 768(%rsi)
+        # 26/32
+        vpermq	$0x94, %ymm2, %ymm4
+        vpshufb	%ymm6, %ymm4, %ymm4
+        vpsrlvd	%ymm13, %ymm4, %ymm4
+        vpand	%ymm14, %ymm4, %ymm4
+        vpsubd	%ymm4, %ymm15, %ymm4
+        vmovdqu	%ymm4, 800(%rsi)
+        # 27/32
+        vpermq	$0x3e, %ymm2, %ymm4
+        vpshufb	%ymm7, %ymm4, %ymm4
+        vpsrlvd	%ymm13, %ymm4, %ymm4
+        vpand	%ymm14, %ymm4, %ymm4
+        vpsubd	%ymm4, %ymm15, %ymm4
+        vmovdqu	%ymm4, 832(%rsi)
+        # 28/32
+        vperm2i128	$0x21, %ymm3, %ymm2, %ymm2
+        vpermq	$0xe9, %ymm2, %ymm4
+        vpshufb	%ymm8, %ymm4, %ymm4
+        vpsrlvd	%ymm13, %ymm4, %ymm4
+        vpand	%ymm14, %ymm4, %ymm4
+        vpsubd	%ymm4, %ymm15, %ymm4
+        vmovdqu	%ymm4, 864(%rsi)
+        # 29/32
+        vpermq	$0xe9, %ymm3, %ymm4
+        vpshufb	%ymm9, %ymm4, %ymm4
+        vpsrlvd	%ymm13, %ymm4, %ymm4
+        vpand	%ymm14, %ymm4, %ymm4
+        vpsubd	%ymm4, %ymm15, %ymm4
+        vmovdqu	%ymm4, 896(%rsi)
+        # 30/32
+        vmovdqu	384(%rdi), %ymm0
+        vmovdqu	416(%rdi), %ymm1
+        vperm2i128	$0x21, %ymm0, %ymm3, %ymm3
+        vpermq	$0x99, %ymm3, %ymm4
+        vpshufb	%ymm10, %ymm4, %ymm4
+        vpsrlvd	%ymm13, %ymm4, %ymm4
+        vpand	%ymm14, %ymm4, %ymm4
+        vpsubd	%ymm4, %ymm15, %ymm4
+        vmovdqu	%ymm4, 928(%rsi)
+        # 31/32
+        vpermq	$0x94, %ymm0, %ymm4
+        vpshufb	%ymm11, %ymm4, %ymm4
+        vpsrlvd	%ymm13, %ymm4, %ymm4
+        vpand	%ymm14, %ymm4, %ymm4
+        vpsubd	%ymm4, %ymm15, %ymm4
+        vmovdqu	%ymm4, 960(%rsi)
+        # 32/32
+        vpermq	$0x3e, %ymm0, %ymm4
+        vpshufb	%ymm12, %ymm4, %ymm4
+        vpsrlvd	%ymm13, %ymm4, %ymm4
+        vpand	%ymm14, %ymm4, %ymm4
+        vpsubd	%ymm4, %ymm15, %ymm4
+        vmovdqu	%ymm4, 992(%rsi)
+        vzeroupper
+        repz retq
+#ifndef __APPLE__
+.size	wc_mldsa_decode_t0_avx2,.-wc_mldsa_decode_t0_avx2
+#endif /* __APPLE__ */
+#ifndef __APPLE__
+.data
+#else
+.section	__DATA,__data
+#endif /* __APPLE__ */
+#ifndef __APPLE__
+.align	16
+#else
+.p2align	4
+#endif /* __APPLE__ */
+L_mldsa_decode_t1_avx2_shuff_0:
+.value	0x100,0xffff
+.value	0x1ff,0xff02
+.value	0x302,0xffff
+.value	0x3ff,0xff04
+.value	0x605,0xffff
+.value	0x6ff,0xff07
+.value	0x807,0xffff
+.value	0x8ff,0xff09
+#ifndef __APPLE__
+.data
+#else
+.section	__DATA,__data
+#endif /* __APPLE__ */
+#ifndef __APPLE__
+.align	16
+#else
+.p2align	4
+#endif /* __APPLE__ */
+L_mldsa_decode_t1_avx2_shuff_1:
+.value	0x302,0xffff
+.value	0x3ff,0xff04
+.value	0x504,0xffff
+.value	0x5ff,0xff06
+.value	0x807,0xffff
+.value	0x8ff,0xff09
+.value	0xa09,0xff08
+.value	0xaff,0xff0b
+#ifndef __APPLE__
+.data
+#else
+.section	__DATA,__data
+#endif /* __APPLE__ */
+#ifndef __APPLE__
+.align	16
+#else
+.p2align	4
+#endif /* __APPLE__ */
+L_mldsa_decode_t1_avx2_shuff_2:
+.value	0x504,0xffff
+.value	0x5ff,0xff06
+.value	0x706,0xffff
+.value	0x7ff,0xff08
+.value	0x201,0xffff
+.value	0x2ff,0xff03
+.value	0x403,0xffff
+.value	0x4ff,0xff05
+#ifndef __APPLE__
+.data
+#else
+.section	__DATA,__data
+#endif /* __APPLE__ */
+#ifndef __APPLE__
+.align	16
+#else
+.p2align	4
+#endif /* __APPLE__ */
+L_mldsa_decode_t1_avx2_shuff_3:
+.value	0x706,0xffff
+.value	0x7ff,0xff08
+.value	0x908,0xffff
+.value	0x9ff,0xff0a
+.value	0x403,0xffff
+.value	0x4ff,0xff05
+.value	0x605,0xffff
+.value	0x6ff,0xff07
+#ifndef __APPLE__
+.data
+#else
+.section	__DATA,__data
+#endif /* __APPLE__ */
+L_mldsa_decode_t1_avx2_vs_8:
+.long	0x00000000,0x0000000a,0x00000004,0x0000000e
+.long	0x00000000,0x0000000a,0x00000004,0x0000000e
+#ifndef __APPLE__
+.data
+#else
+.section	__DATA,__data
+#endif /* __APPLE__ */
+L_mldsa_decode_t1_avx2_mask:
+.long	0x000003ff,0x000003ff,0x000003ff,0x000003ff
+.long	0x000003ff,0x000003ff,0x000003ff,0x000003ff
+#ifndef __APPLE__
+.text
+.globl	wc_mldsa_decode_t1_avx2
+.type	wc_mldsa_decode_t1_avx2,@function
+.align	16
+wc_mldsa_decode_t1_avx2:
+#else
+.section	__TEXT,__text
+.globl	_wc_mldsa_decode_t1_avx2
+.p2align	4
+_wc_mldsa_decode_t1_avx2:
+#endif /* __APPLE__ */
+        vpxor	%ymm5, %ymm5, %ymm5
+        vmovdqu	L_mldsa_decode_t1_avx2_shuff_0(%rip), %ymm5
+        vmovdqu	L_mldsa_decode_t1_avx2_shuff_1(%rip), %ymm6
+        vmovdqu	L_mldsa_decode_t1_avx2_shuff_2(%rip), %ymm7
+        vmovdqu	L_mldsa_decode_t1_avx2_shuff_3(%rip), %ymm8
+        vmovdqu	L_mldsa_decode_t1_avx2_vs_8(%rip), %ymm9
+        vmovdqu	L_mldsa_decode_t1_avx2_mask(%rip), %ymm10
+        vmovdqu	(%rdi), %ymm0
+        vmovdqu	32(%rdi), %ymm1
+        vmovdqu	64(%rdi), %ymm2
+        vmovdqu	96(%rdi), %ymm3
+        # 1/32
+        vpermq	$0x44, %ymm0, %ymm4
+        vpshufb	%ymm5, %ymm4, %ymm4
+        vpsrlvd	%ymm9, %ymm4, %ymm4
+        vpand	%ymm10, %ymm4, %ymm4
+        vpslld	$13, %ymm4, %ymm4
+        vmovdqu	%ymm4, (%rsi)
+        # 2/32
+        vpermq	$0x99, %ymm0, %ymm4
+        vpshufb	%ymm6, %ymm4, %ymm4
+        vpsrlvd	%ymm9, %ymm4, %ymm4
+        vpand	%ymm10, %ymm4, %ymm4
+        vpslld	$13, %ymm4, %ymm4
+        vmovdqu	%ymm4, 32(%rsi)
+        # 3/32
+        vpermq	$0x3e, %ymm0, %ymm4
+        vpshufb	%ymm7, %ymm4, %ymm4
+        vpsrlvd	%ymm9, %ymm4, %ymm4
+        vpand	%ymm10, %ymm4, %ymm4
+        vpslld	$13, %ymm4, %ymm4
+        vmovdqu	%ymm4, 64(%rsi)
+        # 4/32
+        vperm2i128	$0x21, %ymm1, %ymm0, %ymm0
+        vpermq	$0xe9, %ymm0, %ymm4
+        vpshufb	%ymm8, %ymm4, %ymm4
+        vpsrlvd	%ymm9, %ymm4, %ymm4
+        vpand	%ymm10, %ymm4, %ymm4
+        vpslld	$13, %ymm4, %ymm4
+        vmovdqu	%ymm4, 96(%rsi)
+        # 5/32
+        vpermq	$0x99, %ymm1, %ymm4
+        vpshufb	%ymm5, %ymm4, %ymm4
+        vpsrlvd	%ymm9, %ymm4, %ymm4
+        vpand	%ymm10, %ymm4, %ymm4
+        vpslld	$13, %ymm4, %ymm4
+        vmovdqu	%ymm4, 128(%rsi)
+        # 6/32
+        vpermq	$0xee, %ymm1, %ymm4
+        vpshufb	%ymm6, %ymm4, %ymm4
+        vpsrlvd	%ymm9, %ymm4, %ymm4
+        vpand	%ymm10, %ymm4, %ymm4
+        vpslld	$13, %ymm4, %ymm4
+        vmovdqu	%ymm4, 160(%rsi)
+        # 7/32
+        vperm2i128	$0x21, %ymm2, %ymm1, %ymm1
+        vpermq	$0xe9, %ymm1, %ymm4
+        vpshufb	%ymm7, %ymm4, %ymm4
+        vpsrlvd	%ymm9, %ymm4, %ymm4
+        vpand	%ymm10, %ymm4, %ymm4
+        vpslld	$13, %ymm4, %ymm4
+        vmovdqu	%ymm4, 192(%rsi)
+        # 8/32
+        vpermq	$0x94, %ymm2, %ymm4
+        vpshufb	%ymm8, %ymm4, %ymm4
+        vpsrlvd	%ymm9, %ymm4, %ymm4
+        vpand	%ymm10, %ymm4, %ymm4
+        vpslld	$13, %ymm4, %ymm4
+        vmovdqu	%ymm4, 224(%rsi)
+        # 9/32
+        vpermq	$0xee, %ymm2, %ymm4
+        vpshufb	%ymm5, %ymm4, %ymm4
+        vpsrlvd	%ymm9, %ymm4, %ymm4
+        vpand	%ymm10, %ymm4, %ymm4
+        vpslld	$13, %ymm4, %ymm4
+        vmovdqu	%ymm4, 256(%rsi)
+        # 10/32
+        vperm2i128	$0x21, %ymm3, %ymm2, %ymm2
+        vpermq	$0x99, %ymm2, %ymm4
+        vpshufb	%ymm6, %ymm4, %ymm4
+        vpsrlvd	%ymm9, %ymm4, %ymm4
+        vpand	%ymm10, %ymm4, %ymm4
+        vpslld	$13, %ymm4, %ymm4
+        vmovdqu	%ymm4, 288(%rsi)
+        # 11/32
+        vpermq	$0x94, %ymm3, %ymm4
+        vpshufb	%ymm7, %ymm4, %ymm4
+        vpsrlvd	%ymm9, %ymm4, %ymm4
+        vpand	%ymm10, %ymm4, %ymm4
+        vpslld	$13, %ymm4, %ymm4
+        vmovdqu	%ymm4, 320(%rsi)
+        # 12/32
+        vpermq	$0xe9, %ymm3, %ymm4
+        vpshufb	%ymm8, %ymm4, %ymm4
+        vpsrlvd	%ymm9, %ymm4, %ymm4
+        vpand	%ymm10, %ymm4, %ymm4
+        vpslld	$13, %ymm4, %ymm4
+        vmovdqu	%ymm4, 352(%rsi)
+        # 13/32
+        vmovdqu	128(%rdi), %ymm0
+        vmovdqu	160(%rdi), %ymm1
+        vperm2i128	$0x21, %ymm0, %ymm3, %ymm3
+        vpermq	$0x99, %ymm3, %ymm4
+        vpshufb	%ymm5, %ymm4, %ymm4
+        vpsrlvd	%ymm9, %ymm4, %ymm4
+        vpand	%ymm10, %ymm4, %ymm4
+        vpslld	$13, %ymm4, %ymm4
+        vmovdqu	%ymm4, 384(%rsi)
+        # 14/32
+        vpermq	$0x44, %ymm0, %ymm4
+        vpshufb	%ymm6, %ymm4, %ymm4
+        vpsrlvd	%ymm9, %ymm4, %ymm4
+        vpand	%ymm10, %ymm4, %ymm4
+        vpslld	$13, %ymm4, %ymm4
+        vmovdqu	%ymm4, 416(%rsi)
+        # 15/32
+        vpermq	$0xe9, %ymm0, %ymm4
+        vpshufb	%ymm7, %ymm4, %ymm4
+        vpsrlvd	%ymm9, %ymm4, %ymm4
+        vpand	%ymm10, %ymm4, %ymm4
+        vpslld	$13, %ymm4, %ymm4
+        vmovdqu	%ymm4, 448(%rsi)
+        # 16/32
+        vpermq	$0x3e, %ymm0, %ymm4
+        vpshufb	%ymm8, %ymm4, %ymm4
+        vpsrlvd	%ymm9, %ymm4, %ymm4
+        vpand	%ymm10, %ymm4, %ymm4
+        vpslld	$13, %ymm4, %ymm4
+        vmovdqu	%ymm4, 480(%rsi)
+        # 17/32
+        vpermq	$0x44, %ymm1, %ymm4
+        vpshufb	%ymm5, %ymm4, %ymm4
+        vpsrlvd	%ymm9, %ymm4, %ymm4
+        vpand	%ymm10, %ymm4, %ymm4
+        vpslld	$13, %ymm4, %ymm4
+        vmovdqu	%ymm4, 512(%rsi)
+        # 18/32
+        vpermq	$0x99, %ymm1, %ymm4
+        vpshufb	%ymm6, %ymm4, %ymm4
+        vpsrlvd	%ymm9, %ymm4, %ymm4
+        vpand	%ymm10, %ymm4, %ymm4
+        vpslld	$13, %ymm4, %ymm4
+        vmovdqu	%ymm4, 544(%rsi)
+        # 19/32
+        vpermq	$0x3e, %ymm1, %ymm4
+        vpshufb	%ymm7, %ymm4, %ymm4
+        vpsrlvd	%ymm9, %ymm4, %ymm4
+        vpand	%ymm10, %ymm4, %ymm4
+        vpslld	$13, %ymm4, %ymm4
+        vmovdqu	%ymm4, 576(%rsi)
+        # 20/32
+        vmovdqu	192(%rdi), %ymm2
+        vmovdqu	224(%rdi), %ymm3
+        vperm2i128	$0x21, %ymm2, %ymm1, %ymm1
+        vpermq	$0xe9, %ymm1, %ymm4
+        vpshufb	%ymm8, %ymm4, %ymm4
+        vpsrlvd	%ymm9, %ymm4, %ymm4
+        vpand	%ymm10, %ymm4, %ymm4
+        vpslld	$13, %ymm4, %ymm4
+        vmovdqu	%ymm4, 608(%rsi)
+        # 21/32
+        vpermq	$0x99, %ymm2, %ymm4
+        vpshufb	%ymm5, %ymm4, %ymm4
+        vpsrlvd	%ymm9, %ymm4, %ymm4
+        vpand	%ymm10, %ymm4, %ymm4
+        vpslld	$13, %ymm4, %ymm4
+        vmovdqu	%ymm4, 640(%rsi)
+        # 22/32
+        vpermq	$0xee, %ymm2, %ymm4
+        vpshufb	%ymm6, %ymm4, %ymm4
+        vpsrlvd	%ymm9, %ymm4, %ymm4
+        vpand	%ymm10, %ymm4, %ymm4
+        vpslld	$13, %ymm4, %ymm4
+        vmovdqu	%ymm4, 672(%rsi)
+        # 23/32
+        vperm2i128	$0x21, %ymm3, %ymm2, %ymm2
+        vpermq	$0xe9, %ymm2, %ymm4
+        vpshufb	%ymm7, %ymm4, %ymm4
+        vpsrlvd	%ymm9, %ymm4, %ymm4
+        vpand	%ymm10, %ymm4, %ymm4
+        vpslld	$13, %ymm4, %ymm4
+        vmovdqu	%ymm4, 704(%rsi)
+        # 24/32
+        vpermq	$0x94, %ymm3, %ymm4
+        vpshufb	%ymm8, %ymm4, %ymm4
+        vpsrlvd	%ymm9, %ymm4, %ymm4
+        vpand	%ymm10, %ymm4, %ymm4
+        vpslld	$13, %ymm4, %ymm4
+        vmovdqu	%ymm4, 736(%rsi)
+        # 25/32
+        vpermq	$0xee, %ymm3, %ymm4
+        vpshufb	%ymm5, %ymm4, %ymm4
+        vpsrlvd	%ymm9, %ymm4, %ymm4
+        vpand	%ymm10, %ymm4, %ymm4
+        vpslld	$13, %ymm4, %ymm4
+        vmovdqu	%ymm4, 768(%rsi)
+        # 26/32
+        vmovdqu	256(%rdi), %ymm0
+        vmovdqu	288(%rdi), %ymm1
+        vperm2i128	$0x21, %ymm0, %ymm3, %ymm3
+        vpermq	$0x99, %ymm3, %ymm4
+        vpshufb	%ymm6, %ymm4, %ymm4
+        vpsrlvd	%ymm9, %ymm4, %ymm4
+        vpand	%ymm10, %ymm4, %ymm4
+        vpslld	$13, %ymm4, %ymm4
+        vmovdqu	%ymm4, 800(%rsi)
+        # 27/32
+        vpermq	$0x94, %ymm0, %ymm4
+        vpshufb	%ymm7, %ymm4, %ymm4
+        vpsrlvd	%ymm9, %ymm4, %ymm4
+        vpand	%ymm10, %ymm4, %ymm4
+        vpslld	$13, %ymm4, %ymm4
+        vmovdqu	%ymm4, 832(%rsi)
+        # 28/32
+        vpermq	$0xe9, %ymm0, %ymm4
+        vpshufb	%ymm8, %ymm4, %ymm4
+        vpsrlvd	%ymm9, %ymm4, %ymm4
+        vpand	%ymm10, %ymm4, %ymm4
+        vpslld	$13, %ymm4, %ymm4
+        vmovdqu	%ymm4, 864(%rsi)
+        # 29/32
+        vperm2i128	$0x21, %ymm1, %ymm0, %ymm0
+        vpermq	$0x99, %ymm0, %ymm4
+        vpshufb	%ymm5, %ymm4, %ymm4
+        vpsrlvd	%ymm9, %ymm4, %ymm4
+        vpand	%ymm10, %ymm4, %ymm4
+        vpslld	$13, %ymm4, %ymm4
+        vmovdqu	%ymm4, 896(%rsi)
+        # 30/32
+        vpermq	$0x44, %ymm1, %ymm4
+        vpshufb	%ymm6, %ymm4, %ymm4
+        vpsrlvd	%ymm9, %ymm4, %ymm4
+        vpand	%ymm10, %ymm4, %ymm4
+        vpslld	$13, %ymm4, %ymm4
+        vmovdqu	%ymm4, 928(%rsi)
+        # 31/32
+        vpermq	$0xe9, %ymm1, %ymm4
+        vpshufb	%ymm7, %ymm4, %ymm4
+        vpsrlvd	%ymm9, %ymm4, %ymm4
+        vpand	%ymm10, %ymm4, %ymm4
+        vpslld	$13, %ymm4, %ymm4
+        vmovdqu	%ymm4, 960(%rsi)
+        # 32/32
+        vpermq	$0x3e, %ymm1, %ymm4
+        vpshufb	%ymm8, %ymm4, %ymm4
+        vpsrlvd	%ymm9, %ymm4, %ymm4
+        vpand	%ymm10, %ymm4, %ymm4
+        vpslld	$13, %ymm4, %ymm4
+        vmovdqu	%ymm4, 992(%rsi)
+        vzeroupper
+        repz retq
+#ifndef __APPLE__
+.size	wc_mldsa_decode_t1_avx2,.-wc_mldsa_decode_t1_avx2
+#endif /* __APPLE__ */
+#ifndef __APPLE__
+.data
+#else
+.section	__DATA,__data
+#endif /* __APPLE__ */
+#ifndef __APPLE__
+.align	16
+#else
+.p2align	4
+#endif /* __APPLE__ */
+L_mldsa_decode_gamma1_17_avx2_shuff_0:
+.value	0x100,0xff02
+.value	0x302,0xff04
+.value	0x504,0xff06
+.value	0x706,0xff08
+.value	0x1ff,0x302
+.value	0x3ff,0x504
+.value	0x5ff,0x706
+.value	0x7ff,0x908
+#ifndef __APPLE__
+.data
+#else
+.section	__DATA,__data
+#endif /* __APPLE__ */
+#ifndef __APPLE__
+.align	16
+#else
+.p2align	4
+#endif /* __APPLE__ */
+L_mldsa_decode_gamma1_17_avx2_shuff_1:
+.value	0x302,0xff04
+.value	0x504,0xff06
+.value	0x706,0xff08
+.value	0x908,0xff0a
+.value	0x3ff,0x504
+.value	0x5ff,0x706
+.value	0x7ff,0x908
+.value	0x9ff,0xb0a
+#ifndef __APPLE__
+.data
+#else
+.section	__DATA,__data
+#endif /* __APPLE__ */
+#ifndef __APPLE__
+.align	16
+#else
+.p2align	4
+#endif /* __APPLE__ */
+L_mldsa_decode_gamma1_17_avx2_shuff_2:
+.value	0x504,0xff06
+.value	0x706,0xff08
+.value	0x908,0xff0a
+.value	0xb0a,0xff0c
+.value	0x5ff,0x706
+.value	0x7ff,0x908
+.value	0x9ff,0xb0a
+.value	0xbff,0xd0c
+#ifndef __APPLE__
+.data
+#else
+.section	__DATA,__data
+#endif /* __APPLE__ */
+#ifndef __APPLE__
+.align	16
+#else
+.p2align	4
+#endif /* __APPLE__ */
+L_mldsa_decode_gamma1_17_avx2_shuff_3:
+.value	0x706,0xff08
+.value	0x908,0xff0a
+.value	0xb0a,0xff0c
+.value	0xd0c,0xff0e
+.value	0x7ff,0x908
+.value	0x9ff,0xb0a
+.value	0xbff,0xd0c
+.value	0xdff,0xf0e
+#ifndef __APPLE__
+.data
+#else
+.section	__DATA,__data
+#endif /* __APPLE__ */
+L_mldsa_decode_gamma1_17_avx2_vs_8:
+.long	0x00000000,0x00000002,0x00000004,0x00000006
+.long	0x00000008,0x0000000a,0x0000000c,0x0000000e
+#ifndef __APPLE__
+.data
+#else
+.section	__DATA,__data
+#endif /* __APPLE__ */
+L_mldsa_decode_gamma1_17_avx2_mask:
+.long	0x0003ffff,0x0003ffff,0x0003ffff,0x0003ffff
+.long	0x0003ffff,0x0003ffff,0x0003ffff,0x0003ffff
+#ifndef __APPLE__
+.data
+#else
+.section	__DATA,__data
+#endif /* __APPLE__ */
+L_mldsa_decode_gamma1_17_avx2_gamma17:
+.long	0x00020000,0x00020000,0x00020000,0x00020000
+.long	0x00020000,0x00020000,0x00020000,0x00020000
+#ifndef __APPLE__
+.text
+.globl	wc_mldsa_decode_gamma1_17_avx2
+.type	wc_mldsa_decode_gamma1_17_avx2,@function
+.align	16
+wc_mldsa_decode_gamma1_17_avx2:
+#else
+.section	__TEXT,__text
+.globl	_wc_mldsa_decode_gamma1_17_avx2
+.p2align	4
+_wc_mldsa_decode_gamma1_17_avx2:
+#endif /* __APPLE__ */
+        vmovdqu	L_mldsa_decode_gamma1_17_avx2_shuff_0(%rip), %ymm7
+        vmovdqu	L_mldsa_decode_gamma1_17_avx2_shuff_1(%rip), %ymm8
+        vmovdqu	L_mldsa_decode_gamma1_17_avx2_shuff_2(%rip), %ymm9
+        vmovdqu	L_mldsa_decode_gamma1_17_avx2_shuff_3(%rip), %ymm10
+        vmovdqu	L_mldsa_decode_gamma1_17_avx2_vs_8(%rip), %ymm11
+        vmovdqu	L_mldsa_decode_gamma1_17_avx2_mask(%rip), %ymm12
+        vmovdqu	L_mldsa_decode_gamma1_17_avx2_gamma17(%rip), %ymm13
+        vmovdqu	(%rdi), %ymm0
+        vmovdqu	32(%rdi), %ymm1
+        vmovdqu	64(%rdi), %ymm2
+        vmovdqu	96(%rdi), %ymm3
+        vmovdqu	128(%rdi), %ymm4
+        vmovdqu	160(%rdi), %ymm5
+        # 0/15
+        vpermq	$0x94, %ymm0, %ymm6
+        vpshufb	%ymm7, %ymm6, %ymm6
+        vpsrlvd	%ymm11, %ymm6, %ymm6
+        vpand	%ymm12, %ymm6, %ymm6
+        vpsubd	%ymm6, %ymm13, %ymm6
+        vmovdqu	%ymm6, (%rsi)
+        # 1/15
+        vperm2i128	$33, %ymm1, %ymm0, %ymm6
+        vpermq	$0x94, %ymm6, %ymm6
+        vpshufb	%ymm8, %ymm6, %ymm6
+        vpsrlvd	%ymm11, %ymm6, %ymm6
+        vpand	%ymm12, %ymm6, %ymm6
+        vpsubd	%ymm6, %ymm13, %ymm6
+        vmovdqu	%ymm6, 32(%rsi)
+        # 2/15
+        vpermq	$0x94, %ymm1, %ymm6
+        vpshufb	%ymm9, %ymm6, %ymm6
+        vpsrlvd	%ymm11, %ymm6, %ymm6
+        vpand	%ymm12, %ymm6, %ymm6
+        vpsubd	%ymm6, %ymm13, %ymm6
+        vmovdqu	%ymm6, 64(%rsi)
+        # 3/15
+        vperm2i128	$33, %ymm2, %ymm1, %ymm6
+        vpermq	$0x94, %ymm6, %ymm6
+        vpshufb	%ymm10, %ymm6, %ymm6
+        vpsrlvd	%ymm11, %ymm6, %ymm6
+        vpand	%ymm12, %ymm6, %ymm6
+        vpsubd	%ymm6, %ymm13, %ymm6
+        vmovdqu	%ymm6, 96(%rsi)
+        # 4/15
+        vpermq	$0xe9, %ymm2, %ymm6
+        vpshufb	%ymm7, %ymm6, %ymm6
+        vpsrlvd	%ymm11, %ymm6, %ymm6
+        vpand	%ymm12, %ymm6, %ymm6
+        vpsubd	%ymm6, %ymm13, %ymm6
+        vmovdqu	%ymm6, 128(%rsi)
+        # 5/15
+        vperm2i128	$33, %ymm3, %ymm2, %ymm6
+        vpermq	$0xe9, %ymm6, %ymm6
+        vpshufb	%ymm8, %ymm6, %ymm6
+        vpsrlvd	%ymm11, %ymm6, %ymm6
+        vpand	%ymm12, %ymm6, %ymm6
+        vpsubd	%ymm6, %ymm13, %ymm6
+        vmovdqu	%ymm6, 160(%rsi)
+        # 6/15
+        vpermq	$0xe9, %ymm3, %ymm6
+        vpshufb	%ymm9, %ymm6, %ymm6
+        vpsrlvd	%ymm11, %ymm6, %ymm6
+        vpand	%ymm12, %ymm6, %ymm6
+        vpsubd	%ymm6, %ymm13, %ymm6
+        vmovdqu	%ymm6, 192(%rsi)
+        # 7/15
+        vperm2i128	$33, %ymm4, %ymm3, %ymm6
+        vpermq	$0xe9, %ymm6, %ymm6
+        vpshufb	%ymm10, %ymm6, %ymm6
+        vpsrlvd	%ymm11, %ymm6, %ymm6
+        vpand	%ymm12, %ymm6, %ymm6
+        vpsubd	%ymm6, %ymm13, %ymm6
+        vmovdqu	%ymm6, 224(%rsi)
+        # 8/15
+        vperm2i128	$33, %ymm5, %ymm4, %ymm6
+        vpermq	$0x94, %ymm6, %ymm6
+        vpshufb	%ymm7, %ymm6, %ymm6
+        vpsrlvd	%ymm11, %ymm6, %ymm6
+        vpand	%ymm12, %ymm6, %ymm6
+        vpsubd	%ymm6, %ymm13, %ymm6
+        vmovdqu	%ymm6, 256(%rsi)
+        # 9/15
+        vpermq	$0x94, %ymm5, %ymm6
+        vpshufb	%ymm8, %ymm6, %ymm6
+        vpsrlvd	%ymm11, %ymm6, %ymm6
+        vpand	%ymm12, %ymm6, %ymm6
+        vpsubd	%ymm6, %ymm13, %ymm6
+        vmovdqu	%ymm6, 288(%rsi)
+        vmovdqu	192(%rdi), %ymm0
+        vmovdqu	224(%rdi), %ymm1
+        vmovdqu	256(%rdi), %ymm2
+        # 10/15
+        vperm2i128	$33, %ymm0, %ymm5, %ymm6
+        vpermq	$0x94, %ymm6, %ymm6
+        vpshufb	%ymm9, %ymm6, %ymm6
+        vpsrlvd	%ymm11, %ymm6, %ymm6
+        vpand	%ymm12, %ymm6, %ymm6
+        vpsubd	%ymm6, %ymm13, %ymm6
+        vmovdqu	%ymm6, 320(%rsi)
+        # 11/15
+        vpermq	$0x94, %ymm0, %ymm6
+        vpshufb	%ymm10, %ymm6, %ymm6
+        vpsrlvd	%ymm11, %ymm6, %ymm6
+        vpand	%ymm12, %ymm6, %ymm6
+        vpsubd	%ymm6, %ymm13, %ymm6
+        vmovdqu	%ymm6, 352(%rsi)
+        # 12/15
+        vperm2i128	$33, %ymm1, %ymm0, %ymm6
+        vpermq	$0xe9, %ymm6, %ymm6
+        vpshufb	%ymm7, %ymm6, %ymm6
+        vpsrlvd	%ymm11, %ymm6, %ymm6
+        vpand	%ymm12, %ymm6, %ymm6
+        vpsubd	%ymm6, %ymm13, %ymm6
+        vmovdqu	%ymm6, 384(%rsi)
+        # 13/15
+        vpermq	$0xe9, %ymm1, %ymm6
+        vpshufb	%ymm8, %ymm6, %ymm6
+        vpsrlvd	%ymm11, %ymm6, %ymm6
+        vpand	%ymm12, %ymm6, %ymm6
+        vpsubd	%ymm6, %ymm13, %ymm6
+        vmovdqu	%ymm6, 416(%rsi)
+        # 14/15
+        vperm2i128	$33, %ymm2, %ymm1, %ymm6
+        vpermq	$0xe9, %ymm6, %ymm6
+        vpshufb	%ymm9, %ymm6, %ymm6
+        vpsrlvd	%ymm11, %ymm6, %ymm6
+        vpand	%ymm12, %ymm6, %ymm6
+        vpsubd	%ymm6, %ymm13, %ymm6
+        vmovdqu	%ymm6, 448(%rsi)
+        # 15/15
+        vpermq	$0xe9, %ymm2, %ymm6
+        vpshufb	%ymm10, %ymm6, %ymm6
+        vpsrlvd	%ymm11, %ymm6, %ymm6
+        vpand	%ymm12, %ymm6, %ymm6
+        vpsubd	%ymm6, %ymm13, %ymm6
+        vmovdqu	%ymm6, 480(%rsi)
+        vmovdqu	288(%rdi), %ymm0
+        vmovdqu	320(%rdi), %ymm1
+        vmovdqu	352(%rdi), %ymm2
+        vmovdqu	384(%rdi), %ymm3
+        vmovdqu	416(%rdi), %ymm4
+        vmovdqu	448(%rdi), %ymm5
+        # 0/15
+        vpermq	$0x94, %ymm0, %ymm6
+        vpshufb	%ymm7, %ymm6, %ymm6
+        vpsrlvd	%ymm11, %ymm6, %ymm6
+        vpand	%ymm12, %ymm6, %ymm6
+        vpsubd	%ymm6, %ymm13, %ymm6
+        vmovdqu	%ymm6, 512(%rsi)
+        # 1/15
+        vperm2i128	$33, %ymm1, %ymm0, %ymm6
+        vpermq	$0x94, %ymm6, %ymm6
+        vpshufb	%ymm8, %ymm6, %ymm6
+        vpsrlvd	%ymm11, %ymm6, %ymm6
+        vpand	%ymm12, %ymm6, %ymm6
+        vpsubd	%ymm6, %ymm13, %ymm6
+        vmovdqu	%ymm6, 544(%rsi)
+        # 2/15
+        vpermq	$0x94, %ymm1, %ymm6
+        vpshufb	%ymm9, %ymm6, %ymm6
+        vpsrlvd	%ymm11, %ymm6, %ymm6
+        vpand	%ymm12, %ymm6, %ymm6
+        vpsubd	%ymm6, %ymm13, %ymm6
+        vmovdqu	%ymm6, 576(%rsi)
+        # 3/15
+        vperm2i128	$33, %ymm2, %ymm1, %ymm6
+        vpermq	$0x94, %ymm6, %ymm6
+        vpshufb	%ymm10, %ymm6, %ymm6
+        vpsrlvd	%ymm11, %ymm6, %ymm6
+        vpand	%ymm12, %ymm6, %ymm6
+        vpsubd	%ymm6, %ymm13, %ymm6
+        vmovdqu	%ymm6, 608(%rsi)
+        # 4/15
+        vpermq	$0xe9, %ymm2, %ymm6
+        vpshufb	%ymm7, %ymm6, %ymm6
+        vpsrlvd	%ymm11, %ymm6, %ymm6
+        vpand	%ymm12, %ymm6, %ymm6
+        vpsubd	%ymm6, %ymm13, %ymm6
+        vmovdqu	%ymm6, 640(%rsi)
+        # 5/15
+        vperm2i128	$33, %ymm3, %ymm2, %ymm6
+        vpermq	$0xe9, %ymm6, %ymm6
+        vpshufb	%ymm8, %ymm6, %ymm6
+        vpsrlvd	%ymm11, %ymm6, %ymm6
+        vpand	%ymm12, %ymm6, %ymm6
+        vpsubd	%ymm6, %ymm13, %ymm6
+        vmovdqu	%ymm6, 672(%rsi)
+        # 6/15
+        vpermq	$0xe9, %ymm3, %ymm6
+        vpshufb	%ymm9, %ymm6, %ymm6
+        vpsrlvd	%ymm11, %ymm6, %ymm6
+        vpand	%ymm12, %ymm6, %ymm6
+        vpsubd	%ymm6, %ymm13, %ymm6
+        vmovdqu	%ymm6, 704(%rsi)
+        # 7/15
+        vperm2i128	$33, %ymm4, %ymm3, %ymm6
+        vpermq	$0xe9, %ymm6, %ymm6
+        vpshufb	%ymm10, %ymm6, %ymm6
+        vpsrlvd	%ymm11, %ymm6, %ymm6
+        vpand	%ymm12, %ymm6, %ymm6
+        vpsubd	%ymm6, %ymm13, %ymm6
+        vmovdqu	%ymm6, 736(%rsi)
+        # 8/15
+        vperm2i128	$33, %ymm5, %ymm4, %ymm6
+        vpermq	$0x94, %ymm6, %ymm6
+        vpshufb	%ymm7, %ymm6, %ymm6
+        vpsrlvd	%ymm11, %ymm6, %ymm6
+        vpand	%ymm12, %ymm6, %ymm6
+        vpsubd	%ymm6, %ymm13, %ymm6
+        vmovdqu	%ymm6, 768(%rsi)
+        # 9/15
+        vpermq	$0x94, %ymm5, %ymm6
+        vpshufb	%ymm8, %ymm6, %ymm6
+        vpsrlvd	%ymm11, %ymm6, %ymm6
+        vpand	%ymm12, %ymm6, %ymm6
+        vpsubd	%ymm6, %ymm13, %ymm6
+        vmovdqu	%ymm6, 800(%rsi)
+        vmovdqu	480(%rdi), %ymm0
+        vmovdqu	512(%rdi), %ymm1
+        vmovdqu	544(%rdi), %ymm2
+        # 10/15
+        vperm2i128	$33, %ymm0, %ymm5, %ymm6
+        vpermq	$0x94, %ymm6, %ymm6
+        vpshufb	%ymm9, %ymm6, %ymm6
+        vpsrlvd	%ymm11, %ymm6, %ymm6
+        vpand	%ymm12, %ymm6, %ymm6
+        vpsubd	%ymm6, %ymm13, %ymm6
+        vmovdqu	%ymm6, 832(%rsi)
+        # 11/15
+        vpermq	$0x94, %ymm0, %ymm6
+        vpshufb	%ymm10, %ymm6, %ymm6
+        vpsrlvd	%ymm11, %ymm6, %ymm6
+        vpand	%ymm12, %ymm6, %ymm6
+        vpsubd	%ymm6, %ymm13, %ymm6
+        vmovdqu	%ymm6, 864(%rsi)
+        # 12/15
+        vperm2i128	$33, %ymm1, %ymm0, %ymm6
+        vpermq	$0xe9, %ymm6, %ymm6
+        vpshufb	%ymm7, %ymm6, %ymm6
+        vpsrlvd	%ymm11, %ymm6, %ymm6
+        vpand	%ymm12, %ymm6, %ymm6
+        vpsubd	%ymm6, %ymm13, %ymm6
+        vmovdqu	%ymm6, 896(%rsi)
+        # 13/15
+        vpermq	$0xe9, %ymm1, %ymm6
+        vpshufb	%ymm8, %ymm6, %ymm6
+        vpsrlvd	%ymm11, %ymm6, %ymm6
+        vpand	%ymm12, %ymm6, %ymm6
+        vpsubd	%ymm6, %ymm13, %ymm6
+        vmovdqu	%ymm6, 928(%rsi)
+        # 14/15
+        vperm2i128	$33, %ymm2, %ymm1, %ymm6
+        vpermq	$0xe9, %ymm6, %ymm6
+        vpshufb	%ymm9, %ymm6, %ymm6
+        vpsrlvd	%ymm11, %ymm6, %ymm6
+        vpand	%ymm12, %ymm6, %ymm6
+        vpsubd	%ymm6, %ymm13, %ymm6
+        vmovdqu	%ymm6, 960(%rsi)
+        # 15/15
+        vpermq	$0xe9, %ymm2, %ymm6
+        vpshufb	%ymm10, %ymm6, %ymm6
+        vpsrlvd	%ymm11, %ymm6, %ymm6
+        vpand	%ymm12, %ymm6, %ymm6
+        vpsubd	%ymm6, %ymm13, %ymm6
+        vmovdqu	%ymm6, 992(%rsi)
+        vzeroupper
+        repz retq
+#ifndef __APPLE__
+.size	wc_mldsa_decode_gamma1_17_avx2,.-wc_mldsa_decode_gamma1_17_avx2
+#endif /* __APPLE__ */
+#ifndef __APPLE__
+.data
+#else
+.section	__DATA,__data
+#endif /* __APPLE__ */
+#ifndef __APPLE__
+.align	16
+#else
+.p2align	4
+#endif /* __APPLE__ */
+L_mldsa_decode_gamma1_20_avx2_shuff_0:
+.value	0x100,0xff02
+.value	0x302,0xff04
+.value	0x605,0xff07
+.value	0x807,0xff09
+.value	0x2ff,0x403
+.value	0x4ff,0x605
+.value	0x7ff,0x908
+.value	0x9ff,0xb0a
+#ifndef __APPLE__
+.data
+#else
+.section	__DATA,__data
+#endif /* __APPLE__ */
+#ifndef __APPLE__
+.align	16
+#else
+.p2align	4
+#endif /* __APPLE__ */
+L_mldsa_decode_gamma1_20_avx2_shuff_1:
+.value	0x504,0xff06
+.value	0x706,0xff08
+.value	0xa09,0xff0b
+.value	0xc0b,0xff0d
+.value	0x6ff,0x807
+.value	0x8ff,0xa09
+.value	0xbff,0xd0c
+.value	0xdff,0xf0e
+#ifndef __APPLE__
+.data
+#else
+.section	__DATA,__data
+#endif /* __APPLE__ */
+L_mldsa_decode_gamma1_20_avx2_vs_8:
+.long	0x00000000,0x00000004,0x00000000,0x00000004
+.long	0x00000008,0x0000000c,0x00000008,0x0000000c
+#ifndef __APPLE__
+.data
+#else
+.section	__DATA,__data
+#endif /* __APPLE__ */
+L_mldsa_decode_gamma1_20_avx2_mask:
+.long	0x000fffff,0x000fffff,0x000fffff,0x000fffff
+.long	0x000fffff,0x000fffff,0x000fffff,0x000fffff
+#ifndef __APPLE__
+.data
+#else
+.section	__DATA,__data
+#endif /* __APPLE__ */
+L_mldsa_decode_gamma1_20_avx2_gamma19:
+.long	0x00080000,0x00080000,0x00080000,0x00080000
+.long	0x00080000,0x00080000,0x00080000,0x00080000
+#ifndef __APPLE__
+.text
+.globl	wc_mldsa_decode_gamma1_19_avx2
+.type	wc_mldsa_decode_gamma1_19_avx2,@function
+.align	16
+wc_mldsa_decode_gamma1_19_avx2:
+#else
+.section	__TEXT,__text
+.globl	_wc_mldsa_decode_gamma1_19_avx2
+.p2align	4
+_wc_mldsa_decode_gamma1_19_avx2:
+#endif /* __APPLE__ */
+        vmovdqu	L_mldsa_decode_gamma1_20_avx2_shuff_0(%rip), %ymm6
+        vmovdqu	L_mldsa_decode_gamma1_20_avx2_shuff_1(%rip), %ymm7
+        vmovdqu	L_mldsa_decode_gamma1_20_avx2_vs_8(%rip), %ymm8
+        vmovdqu	L_mldsa_decode_gamma1_20_avx2_mask(%rip), %ymm9
+        vmovdqu	L_mldsa_decode_gamma1_20_avx2_gamma19(%rip), %ymm10
+        vmovdqu	(%rdi), %ymm0
+        vmovdqu	32(%rdi), %ymm1
+        vmovdqu	64(%rdi), %ymm2
+        vmovdqu	96(%rdi), %ymm3
+        vmovdqu	128(%rdi), %ymm4
+        # 0/7
+        vpermq	$0x94, %ymm0, %ymm5
+        vpshufb	%ymm6, %ymm5, %ymm5
+        vpsrlvd	%ymm8, %ymm5, %ymm5
+        vpand	%ymm9, %ymm5, %ymm5
+        vpsubd	%ymm5, %ymm10, %ymm5
+        vmovdqu	%ymm5, (%rsi)
+        # 1/7
+        vperm2i128	$33, %ymm1, %ymm0, %ymm5
+        vpermq	$0x94, %ymm5, %ymm5
+        vpshufb	%ymm7, %ymm5, %ymm5
+        vpsrlvd	%ymm8, %ymm5, %ymm5
+        vpand	%ymm9, %ymm5, %ymm5
+        vpsubd	%ymm5, %ymm10, %ymm5
+        vmovdqu	%ymm5, 32(%rsi)
+        # 2/7
+        vpermq	$0xe9, %ymm1, %ymm5
+        vpshufb	%ymm6, %ymm5, %ymm5
+        vpsrlvd	%ymm8, %ymm5, %ymm5
+        vpand	%ymm9, %ymm5, %ymm5
+        vpsubd	%ymm5, %ymm10, %ymm5
+        vmovdqu	%ymm5, 64(%rsi)
+        # 3/7
+        vperm2i128	$33, %ymm2, %ymm1, %ymm5
+        vpermq	$0xe9, %ymm5, %ymm5
+        vpshufb	%ymm7, %ymm5, %ymm5
+        vpsrlvd	%ymm8, %ymm5, %ymm5
+        vpand	%ymm9, %ymm5, %ymm5
+        vpsubd	%ymm5, %ymm10, %ymm5
+        vmovdqu	%ymm5, 96(%rsi)
+        # 4/7
+        vperm2i128	$33, %ymm3, %ymm2, %ymm5
+        vpermq	$0x94, %ymm5, %ymm5
+        vpshufb	%ymm6, %ymm5, %ymm5
+        vpsrlvd	%ymm8, %ymm5, %ymm5
+        vpand	%ymm9, %ymm5, %ymm5
+        vpsubd	%ymm5, %ymm10, %ymm5
+        vmovdqu	%ymm5, 128(%rsi)
+        # 5/7
+        vpermq	$0x94, %ymm3, %ymm5
+        vpshufb	%ymm7, %ymm5, %ymm5
+        vpsrlvd	%ymm8, %ymm5, %ymm5
+        vpand	%ymm9, %ymm5, %ymm5
+        vpsubd	%ymm5, %ymm10, %ymm5
+        vmovdqu	%ymm5, 160(%rsi)
+        # 6/7
+        vperm2i128	$33, %ymm4, %ymm3, %ymm5
+        vpermq	$0xe9, %ymm5, %ymm5
+        vpshufb	%ymm6, %ymm5, %ymm5
+        vpsrlvd	%ymm8, %ymm5, %ymm5
+        vpand	%ymm9, %ymm5, %ymm5
+        vpsubd	%ymm5, %ymm10, %ymm5
+        vmovdqu	%ymm5, 192(%rsi)
+        # 7/7
+        vpermq	$0xe9, %ymm4, %ymm5
+        vpshufb	%ymm7, %ymm5, %ymm5
+        vpsrlvd	%ymm8, %ymm5, %ymm5
+        vpand	%ymm9, %ymm5, %ymm5
+        vpsubd	%ymm5, %ymm10, %ymm5
+        vmovdqu	%ymm5, 224(%rsi)
+        vmovdqu	160(%rdi), %ymm0
+        vmovdqu	192(%rdi), %ymm1
+        vmovdqu	224(%rdi), %ymm2
+        vmovdqu	256(%rdi), %ymm3
+        vmovdqu	288(%rdi), %ymm4
+        # 0/7
+        vpermq	$0x94, %ymm0, %ymm5
+        vpshufb	%ymm6, %ymm5, %ymm5
+        vpsrlvd	%ymm8, %ymm5, %ymm5
+        vpand	%ymm9, %ymm5, %ymm5
+        vpsubd	%ymm5, %ymm10, %ymm5
+        vmovdqu	%ymm5, 256(%rsi)
+        # 1/7
+        vperm2i128	$33, %ymm1, %ymm0, %ymm5
+        vpermq	$0x94, %ymm5, %ymm5
+        vpshufb	%ymm7, %ymm5, %ymm5
+        vpsrlvd	%ymm8, %ymm5, %ymm5
+        vpand	%ymm9, %ymm5, %ymm5
+        vpsubd	%ymm5, %ymm10, %ymm5
+        vmovdqu	%ymm5, 288(%rsi)
+        # 2/7
+        vpermq	$0xe9, %ymm1, %ymm5
+        vpshufb	%ymm6, %ymm5, %ymm5
+        vpsrlvd	%ymm8, %ymm5, %ymm5
+        vpand	%ymm9, %ymm5, %ymm5
+        vpsubd	%ymm5, %ymm10, %ymm5
+        vmovdqu	%ymm5, 320(%rsi)
+        # 3/7
+        vperm2i128	$33, %ymm2, %ymm1, %ymm5
+        vpermq	$0xe9, %ymm5, %ymm5
+        vpshufb	%ymm7, %ymm5, %ymm5
+        vpsrlvd	%ymm8, %ymm5, %ymm5
+        vpand	%ymm9, %ymm5, %ymm5
+        vpsubd	%ymm5, %ymm10, %ymm5
+        vmovdqu	%ymm5, 352(%rsi)
+        # 4/7
+        vperm2i128	$33, %ymm3, %ymm2, %ymm5
+        vpermq	$0x94, %ymm5, %ymm5
+        vpshufb	%ymm6, %ymm5, %ymm5
+        vpsrlvd	%ymm8, %ymm5, %ymm5
+        vpand	%ymm9, %ymm5, %ymm5
+        vpsubd	%ymm5, %ymm10, %ymm5
+        vmovdqu	%ymm5, 384(%rsi)
+        # 5/7
+        vpermq	$0x94, %ymm3, %ymm5
+        vpshufb	%ymm7, %ymm5, %ymm5
+        vpsrlvd	%ymm8, %ymm5, %ymm5
+        vpand	%ymm9, %ymm5, %ymm5
+        vpsubd	%ymm5, %ymm10, %ymm5
+        vmovdqu	%ymm5, 416(%rsi)
+        # 6/7
+        vperm2i128	$33, %ymm4, %ymm3, %ymm5
+        vpermq	$0xe9, %ymm5, %ymm5
+        vpshufb	%ymm6, %ymm5, %ymm5
+        vpsrlvd	%ymm8, %ymm5, %ymm5
+        vpand	%ymm9, %ymm5, %ymm5
+        vpsubd	%ymm5, %ymm10, %ymm5
+        vmovdqu	%ymm5, 448(%rsi)
+        # 7/7
+        vpermq	$0xe9, %ymm4, %ymm5
+        vpshufb	%ymm7, %ymm5, %ymm5
+        vpsrlvd	%ymm8, %ymm5, %ymm5
+        vpand	%ymm9, %ymm5, %ymm5
+        vpsubd	%ymm5, %ymm10, %ymm5
+        vmovdqu	%ymm5, 480(%rsi)
+        vmovdqu	320(%rdi), %ymm0
+        vmovdqu	352(%rdi), %ymm1
+        vmovdqu	384(%rdi), %ymm2
+        vmovdqu	416(%rdi), %ymm3
+        vmovdqu	448(%rdi), %ymm4
+        # 0/7
+        vpermq	$0x94, %ymm0, %ymm5
+        vpshufb	%ymm6, %ymm5, %ymm5
+        vpsrlvd	%ymm8, %ymm5, %ymm5
+        vpand	%ymm9, %ymm5, %ymm5
+        vpsubd	%ymm5, %ymm10, %ymm5
+        vmovdqu	%ymm5, 512(%rsi)
+        # 1/7
+        vperm2i128	$33, %ymm1, %ymm0, %ymm5
+        vpermq	$0x94, %ymm5, %ymm5
+        vpshufb	%ymm7, %ymm5, %ymm5
+        vpsrlvd	%ymm8, %ymm5, %ymm5
+        vpand	%ymm9, %ymm5, %ymm5
+        vpsubd	%ymm5, %ymm10, %ymm5
+        vmovdqu	%ymm5, 544(%rsi)
+        # 2/7
+        vpermq	$0xe9, %ymm1, %ymm5
+        vpshufb	%ymm6, %ymm5, %ymm5
+        vpsrlvd	%ymm8, %ymm5, %ymm5
+        vpand	%ymm9, %ymm5, %ymm5
+        vpsubd	%ymm5, %ymm10, %ymm5
+        vmovdqu	%ymm5, 576(%rsi)
+        # 3/7
+        vperm2i128	$33, %ymm2, %ymm1, %ymm5
+        vpermq	$0xe9, %ymm5, %ymm5
+        vpshufb	%ymm7, %ymm5, %ymm5
+        vpsrlvd	%ymm8, %ymm5, %ymm5
+        vpand	%ymm9, %ymm5, %ymm5
+        vpsubd	%ymm5, %ymm10, %ymm5
+        vmovdqu	%ymm5, 608(%rsi)
+        # 4/7
+        vperm2i128	$33, %ymm3, %ymm2, %ymm5
+        vpermq	$0x94, %ymm5, %ymm5
+        vpshufb	%ymm6, %ymm5, %ymm5
+        vpsrlvd	%ymm8, %ymm5, %ymm5
+        vpand	%ymm9, %ymm5, %ymm5
+        vpsubd	%ymm5, %ymm10, %ymm5
+        vmovdqu	%ymm5, 640(%rsi)
+        # 5/7
+        vpermq	$0x94, %ymm3, %ymm5
+        vpshufb	%ymm7, %ymm5, %ymm5
+        vpsrlvd	%ymm8, %ymm5, %ymm5
+        vpand	%ymm9, %ymm5, %ymm5
+        vpsubd	%ymm5, %ymm10, %ymm5
+        vmovdqu	%ymm5, 672(%rsi)
+        # 6/7
+        vperm2i128	$33, %ymm4, %ymm3, %ymm5
+        vpermq	$0xe9, %ymm5, %ymm5
+        vpshufb	%ymm6, %ymm5, %ymm5
+        vpsrlvd	%ymm8, %ymm5, %ymm5
+        vpand	%ymm9, %ymm5, %ymm5
+        vpsubd	%ymm5, %ymm10, %ymm5
+        vmovdqu	%ymm5, 704(%rsi)
+        # 7/7
+        vpermq	$0xe9, %ymm4, %ymm5
+        vpshufb	%ymm7, %ymm5, %ymm5
+        vpsrlvd	%ymm8, %ymm5, %ymm5
+        vpand	%ymm9, %ymm5, %ymm5
+        vpsubd	%ymm5, %ymm10, %ymm5
+        vmovdqu	%ymm5, 736(%rsi)
+        vmovdqu	480(%rdi), %ymm0
+        vmovdqu	512(%rdi), %ymm1
+        vmovdqu	544(%rdi), %ymm2
+        vmovdqu	576(%rdi), %ymm3
+        vmovdqu	608(%rdi), %ymm4
+        # 0/7
+        vpermq	$0x94, %ymm0, %ymm5
+        vpshufb	%ymm6, %ymm5, %ymm5
+        vpsrlvd	%ymm8, %ymm5, %ymm5
+        vpand	%ymm9, %ymm5, %ymm5
+        vpsubd	%ymm5, %ymm10, %ymm5
+        vmovdqu	%ymm5, 768(%rsi)
+        # 1/7
+        vperm2i128	$33, %ymm1, %ymm0, %ymm5
+        vpermq	$0x94, %ymm5, %ymm5
+        vpshufb	%ymm7, %ymm5, %ymm5
+        vpsrlvd	%ymm8, %ymm5, %ymm5
+        vpand	%ymm9, %ymm5, %ymm5
+        vpsubd	%ymm5, %ymm10, %ymm5
+        vmovdqu	%ymm5, 800(%rsi)
+        # 2/7
+        vpermq	$0xe9, %ymm1, %ymm5
+        vpshufb	%ymm6, %ymm5, %ymm5
+        vpsrlvd	%ymm8, %ymm5, %ymm5
+        vpand	%ymm9, %ymm5, %ymm5
+        vpsubd	%ymm5, %ymm10, %ymm5
+        vmovdqu	%ymm5, 832(%rsi)
+        # 3/7
+        vperm2i128	$33, %ymm2, %ymm1, %ymm5
+        vpermq	$0xe9, %ymm5, %ymm5
+        vpshufb	%ymm7, %ymm5, %ymm5
+        vpsrlvd	%ymm8, %ymm5, %ymm5
+        vpand	%ymm9, %ymm5, %ymm5
+        vpsubd	%ymm5, %ymm10, %ymm5
+        vmovdqu	%ymm5, 864(%rsi)
+        # 4/7
+        vperm2i128	$33, %ymm3, %ymm2, %ymm5
+        vpermq	$0x94, %ymm5, %ymm5
+        vpshufb	%ymm6, %ymm5, %ymm5
+        vpsrlvd	%ymm8, %ymm5, %ymm5
+        vpand	%ymm9, %ymm5, %ymm5
+        vpsubd	%ymm5, %ymm10, %ymm5
+        vmovdqu	%ymm5, 896(%rsi)
+        # 5/7
+        vpermq	$0x94, %ymm3, %ymm5
+        vpshufb	%ymm7, %ymm5, %ymm5
+        vpsrlvd	%ymm8, %ymm5, %ymm5
+        vpand	%ymm9, %ymm5, %ymm5
+        vpsubd	%ymm5, %ymm10, %ymm5
+        vmovdqu	%ymm5, 928(%rsi)
+        # 6/7
+        vperm2i128	$33, %ymm4, %ymm3, %ymm5
+        vpermq	$0xe9, %ymm5, %ymm5
+        vpshufb	%ymm6, %ymm5, %ymm5
+        vpsrlvd	%ymm8, %ymm5, %ymm5
+        vpand	%ymm9, %ymm5, %ymm5
+        vpsubd	%ymm5, %ymm10, %ymm5
+        vmovdqu	%ymm5, 960(%rsi)
+        # 7/7
+        vpermq	$0xe9, %ymm4, %ymm5
+        vpshufb	%ymm7, %ymm5, %ymm5
+        vpsrlvd	%ymm8, %ymm5, %ymm5
+        vpand	%ymm9, %ymm5, %ymm5
+        vpsubd	%ymm5, %ymm10, %ymm5
+        vmovdqu	%ymm5, 992(%rsi)
+        vzeroupper
+        repz retq
+#ifndef __APPLE__
+.size	wc_mldsa_decode_gamma1_19_avx2,.-wc_mldsa_decode_gamma1_19_avx2
+#endif /* __APPLE__ */
+#ifndef __APPLE__
+.data
+#else
+.section	__DATA,__data
+#endif /* __APPLE__ */
+L_mldsa_encode_gamma1_17_avx2_gamma17:
+.long	0x00020000,0x00020000,0x00020000,0x00020000
+.long	0x00020000,0x00020000,0x00020000,0x00020000
+#ifndef __APPLE__
+.data
+#else
+.section	__DATA,__data
+#endif /* __APPLE__ */
+#ifndef __APPLE__
+.align	16
+#else
+.p2align	4
+#endif /* __APPLE__ */
+L_mldsa_encode_gamma1_17_avx2_shuff_even:
+.value	0x100,0xff02
+.value	0x908,0xff0a
+.value	0xffff,0xffff
+.value	0xffff,0xffff
+.value	0x100,0xff02
+.value	0x908,0xff0a
+.value	0xffff,0xffff
+.value	0xffff,0xffff
+#ifndef __APPLE__
+.data
+#else
+.section	__DATA,__data
+#endif /* __APPLE__ */
+#ifndef __APPLE__
+.align	16
+#else
+.p2align	4
+#endif /* __APPLE__ */
+L_mldsa_encode_gamma1_17_avx2_shuff_odd:
+.value	0xffff,0x504
+.value	0xff06,0xd0c
+.value	0xff0e,0xffff
+.value	0xffff,0xffff
+.value	0xffff,0x504
+.value	0xff06,0xd0c
+.value	0xff0e,0xffff
+.value	0xffff,0xffff
+#ifndef __APPLE__
+.data
+#else
+.section	__DATA,__data
+#endif /* __APPLE__ */
+L_mldsa_encode_gamma1_17_avx2_vs:
+.long	0x00000000,0x00000002,0x00000004,0x00000006
+.long	0x00000000,0x00000002,0x00000004,0x00000006
+#ifndef __APPLE__
+.text
+.globl	wc_mldsa_encode_gamma1_17_avx2
+.type	wc_mldsa_encode_gamma1_17_avx2,@function
+.align	16
+wc_mldsa_encode_gamma1_17_avx2:
+#else
+.section	__TEXT,__text
+.globl	_wc_mldsa_encode_gamma1_17_avx2
+.p2align	4
+_wc_mldsa_encode_gamma1_17_avx2:
+#endif /* __APPLE__ */
+        vpxor	%ymm8, %ymm8, %ymm8
+        vmovdqu	L_mldsa_encode_gamma1_17_avx2_gamma17(%rip), %ymm8
+        vmovdqu	L_mldsa_encode_gamma1_17_avx2_shuff_even(%rip), %ymm9
+        vmovdqu	L_mldsa_encode_gamma1_17_avx2_shuff_odd(%rip), %ymm10
+        vmovdqu	L_mldsa_encode_gamma1_17_avx2_vs(%rip), %ymm11
+        vmovdqu	(%rdi), %ymm0
+        vmovdqu	32(%rdi), %ymm1
+        vmovdqu	64(%rdi), %ymm2
+        vmovdqu	96(%rdi), %ymm3
+        vpsubd	%ymm0, %ymm8, %ymm0
+        vpsubd	%ymm1, %ymm8, %ymm1
+        vpsubd	%ymm2, %ymm8, %ymm2
+        vpsubd	%ymm3, %ymm8, %ymm3
+        vpsllvd	%ymm11, %ymm0, %ymm0
+        vpsllvd	%ymm11, %ymm1, %ymm1
+        vpsllvd	%ymm11, %ymm2, %ymm2
+        vpsllvd	%ymm11, %ymm3, %ymm3
+        vpshufb	%ymm10, %ymm0, %ymm4
+        vpshufb	%ymm10, %ymm1, %ymm5
+        vpshufb	%ymm10, %ymm2, %ymm6
+        vpshufb	%ymm10, %ymm3, %ymm7
+        vpshufb	%ymm9, %ymm0, %ymm0
+        vpshufb	%ymm9, %ymm1, %ymm1
+        vpshufb	%ymm9, %ymm2, %ymm2
+        vpshufb	%ymm9, %ymm3, %ymm3
+        vpor	%ymm4, %ymm0, %ymm0
+        vpor	%ymm5, %ymm1, %ymm1
+        vpor	%ymm6, %ymm2, %ymm2
+        vpor	%ymm7, %ymm3, %ymm3
+        vextracti128	$0x01, %ymm0, %xmm4
+        vextracti128	$0x01, %ymm1, %xmm5
+        vextracti128	$0x01, %ymm2, %xmm6
+        vextracti128	$0x01, %ymm3, %xmm7
+        movq	%xmm0, (%rsi)
+        vpextrb	$8, %xmm0, 8(%rsi)
+        movq	%xmm4, 9(%rsi)
+        vpextrb	$8, %xmm4, 17(%rsi)
+        addq	$18, %rsi
+        movq	%xmm1, (%rsi)
+        vpextrb	$8, %xmm1, 8(%rsi)
+        movq	%xmm5, 9(%rsi)
+        vpextrb	$8, %xmm5, 17(%rsi)
+        addq	$18, %rsi
+        movq	%xmm2, (%rsi)
+        vpextrb	$8, %xmm2, 8(%rsi)
+        movq	%xmm6, 9(%rsi)
+        vpextrb	$8, %xmm6, 17(%rsi)
+        addq	$18, %rsi
+        movq	%xmm3, (%rsi)
+        vpextrb	$8, %xmm3, 8(%rsi)
+        movq	%xmm7, 9(%rsi)
+        vpextrb	$8, %xmm7, 17(%rsi)
+        addq	$18, %rsi
+        vmovdqu	128(%rdi), %ymm0
+        vmovdqu	160(%rdi), %ymm1
+        vmovdqu	192(%rdi), %ymm2
+        vmovdqu	224(%rdi), %ymm3
+        vpsubd	%ymm0, %ymm8, %ymm0
+        vpsubd	%ymm1, %ymm8, %ymm1
+        vpsubd	%ymm2, %ymm8, %ymm2
+        vpsubd	%ymm3, %ymm8, %ymm3
+        vpsllvd	%ymm11, %ymm0, %ymm0
+        vpsllvd	%ymm11, %ymm1, %ymm1
+        vpsllvd	%ymm11, %ymm2, %ymm2
+        vpsllvd	%ymm11, %ymm3, %ymm3
+        vpshufb	%ymm10, %ymm0, %ymm4
+        vpshufb	%ymm10, %ymm1, %ymm5
+        vpshufb	%ymm10, %ymm2, %ymm6
+        vpshufb	%ymm10, %ymm3, %ymm7
+        vpshufb	%ymm9, %ymm0, %ymm0
+        vpshufb	%ymm9, %ymm1, %ymm1
+        vpshufb	%ymm9, %ymm2, %ymm2
+        vpshufb	%ymm9, %ymm3, %ymm3
+        vpor	%ymm4, %ymm0, %ymm0
+        vpor	%ymm5, %ymm1, %ymm1
+        vpor	%ymm6, %ymm2, %ymm2
+        vpor	%ymm7, %ymm3, %ymm3
+        vextracti128	$0x01, %ymm0, %xmm4
+        vextracti128	$0x01, %ymm1, %xmm5
+        vextracti128	$0x01, %ymm2, %xmm6
+        vextracti128	$0x01, %ymm3, %xmm7
+        movq	%xmm0, (%rsi)
+        vpextrb	$8, %xmm0, 8(%rsi)
+        movq	%xmm4, 9(%rsi)
+        vpextrb	$8, %xmm4, 17(%rsi)
+        addq	$18, %rsi
+        movq	%xmm1, (%rsi)
+        vpextrb	$8, %xmm1, 8(%rsi)
+        movq	%xmm5, 9(%rsi)
+        vpextrb	$8, %xmm5, 17(%rsi)
+        addq	$18, %rsi
+        movq	%xmm2, (%rsi)
+        vpextrb	$8, %xmm2, 8(%rsi)
+        movq	%xmm6, 9(%rsi)
+        vpextrb	$8, %xmm6, 17(%rsi)
+        addq	$18, %rsi
+        movq	%xmm3, (%rsi)
+        vpextrb	$8, %xmm3, 8(%rsi)
+        movq	%xmm7, 9(%rsi)
+        vpextrb	$8, %xmm7, 17(%rsi)
+        addq	$18, %rsi
+        vmovdqu	256(%rdi), %ymm0
+        vmovdqu	288(%rdi), %ymm1
+        vmovdqu	320(%rdi), %ymm2
+        vmovdqu	352(%rdi), %ymm3
+        vpsubd	%ymm0, %ymm8, %ymm0
+        vpsubd	%ymm1, %ymm8, %ymm1
+        vpsubd	%ymm2, %ymm8, %ymm2
+        vpsubd	%ymm3, %ymm8, %ymm3
+        vpsllvd	%ymm11, %ymm0, %ymm0
+        vpsllvd	%ymm11, %ymm1, %ymm1
+        vpsllvd	%ymm11, %ymm2, %ymm2
+        vpsllvd	%ymm11, %ymm3, %ymm3
+        vpshufb	%ymm10, %ymm0, %ymm4
+        vpshufb	%ymm10, %ymm1, %ymm5
+        vpshufb	%ymm10, %ymm2, %ymm6
+        vpshufb	%ymm10, %ymm3, %ymm7
+        vpshufb	%ymm9, %ymm0, %ymm0
+        vpshufb	%ymm9, %ymm1, %ymm1
+        vpshufb	%ymm9, %ymm2, %ymm2
+        vpshufb	%ymm9, %ymm3, %ymm3
+        vpor	%ymm4, %ymm0, %ymm0
+        vpor	%ymm5, %ymm1, %ymm1
+        vpor	%ymm6, %ymm2, %ymm2
+        vpor	%ymm7, %ymm3, %ymm3
+        vextracti128	$0x01, %ymm0, %xmm4
+        vextracti128	$0x01, %ymm1, %xmm5
+        vextracti128	$0x01, %ymm2, %xmm6
+        vextracti128	$0x01, %ymm3, %xmm7
+        movq	%xmm0, (%rsi)
+        vpextrb	$8, %xmm0, 8(%rsi)
+        movq	%xmm4, 9(%rsi)
+        vpextrb	$8, %xmm4, 17(%rsi)
+        addq	$18, %rsi
+        movq	%xmm1, (%rsi)
+        vpextrb	$8, %xmm1, 8(%rsi)
+        movq	%xmm5, 9(%rsi)
+        vpextrb	$8, %xmm5, 17(%rsi)
+        addq	$18, %rsi
+        movq	%xmm2, (%rsi)
+        vpextrb	$8, %xmm2, 8(%rsi)
+        movq	%xmm6, 9(%rsi)
+        vpextrb	$8, %xmm6, 17(%rsi)
+        addq	$18, %rsi
+        movq	%xmm3, (%rsi)
+        vpextrb	$8, %xmm3, 8(%rsi)
+        movq	%xmm7, 9(%rsi)
+        vpextrb	$8, %xmm7, 17(%rsi)
+        addq	$18, %rsi
+        vmovdqu	384(%rdi), %ymm0
+        vmovdqu	416(%rdi), %ymm1
+        vmovdqu	448(%rdi), %ymm2
+        vmovdqu	480(%rdi), %ymm3
+        vpsubd	%ymm0, %ymm8, %ymm0
+        vpsubd	%ymm1, %ymm8, %ymm1
+        vpsubd	%ymm2, %ymm8, %ymm2
+        vpsubd	%ymm3, %ymm8, %ymm3
+        vpsllvd	%ymm11, %ymm0, %ymm0
+        vpsllvd	%ymm11, %ymm1, %ymm1
+        vpsllvd	%ymm11, %ymm2, %ymm2
+        vpsllvd	%ymm11, %ymm3, %ymm3
+        vpshufb	%ymm10, %ymm0, %ymm4
+        vpshufb	%ymm10, %ymm1, %ymm5
+        vpshufb	%ymm10, %ymm2, %ymm6
+        vpshufb	%ymm10, %ymm3, %ymm7
+        vpshufb	%ymm9, %ymm0, %ymm0
+        vpshufb	%ymm9, %ymm1, %ymm1
+        vpshufb	%ymm9, %ymm2, %ymm2
+        vpshufb	%ymm9, %ymm3, %ymm3
+        vpor	%ymm4, %ymm0, %ymm0
+        vpor	%ymm5, %ymm1, %ymm1
+        vpor	%ymm6, %ymm2, %ymm2
+        vpor	%ymm7, %ymm3, %ymm3
+        vextracti128	$0x01, %ymm0, %xmm4
+        vextracti128	$0x01, %ymm1, %xmm5
+        vextracti128	$0x01, %ymm2, %xmm6
+        vextracti128	$0x01, %ymm3, %xmm7
+        movq	%xmm0, (%rsi)
+        vpextrb	$8, %xmm0, 8(%rsi)
+        movq	%xmm4, 9(%rsi)
+        vpextrb	$8, %xmm4, 17(%rsi)
+        addq	$18, %rsi
+        movq	%xmm1, (%rsi)
+        vpextrb	$8, %xmm1, 8(%rsi)
+        movq	%xmm5, 9(%rsi)
+        vpextrb	$8, %xmm5, 17(%rsi)
+        addq	$18, %rsi
+        movq	%xmm2, (%rsi)
+        vpextrb	$8, %xmm2, 8(%rsi)
+        movq	%xmm6, 9(%rsi)
+        vpextrb	$8, %xmm6, 17(%rsi)
+        addq	$18, %rsi
+        movq	%xmm3, (%rsi)
+        vpextrb	$8, %xmm3, 8(%rsi)
+        movq	%xmm7, 9(%rsi)
+        vpextrb	$8, %xmm7, 17(%rsi)
+        addq	$18, %rsi
+        vmovdqu	512(%rdi), %ymm0
+        vmovdqu	544(%rdi), %ymm1
+        vmovdqu	576(%rdi), %ymm2
+        vmovdqu	608(%rdi), %ymm3
+        vpsubd	%ymm0, %ymm8, %ymm0
+        vpsubd	%ymm1, %ymm8, %ymm1
+        vpsubd	%ymm2, %ymm8, %ymm2
+        vpsubd	%ymm3, %ymm8, %ymm3
+        vpsllvd	%ymm11, %ymm0, %ymm0
+        vpsllvd	%ymm11, %ymm1, %ymm1
+        vpsllvd	%ymm11, %ymm2, %ymm2
+        vpsllvd	%ymm11, %ymm3, %ymm3
+        vpshufb	%ymm10, %ymm0, %ymm4
+        vpshufb	%ymm10, %ymm1, %ymm5
+        vpshufb	%ymm10, %ymm2, %ymm6
+        vpshufb	%ymm10, %ymm3, %ymm7
+        vpshufb	%ymm9, %ymm0, %ymm0
+        vpshufb	%ymm9, %ymm1, %ymm1
+        vpshufb	%ymm9, %ymm2, %ymm2
+        vpshufb	%ymm9, %ymm3, %ymm3
+        vpor	%ymm4, %ymm0, %ymm0
+        vpor	%ymm5, %ymm1, %ymm1
+        vpor	%ymm6, %ymm2, %ymm2
+        vpor	%ymm7, %ymm3, %ymm3
+        vextracti128	$0x01, %ymm0, %xmm4
+        vextracti128	$0x01, %ymm1, %xmm5
+        vextracti128	$0x01, %ymm2, %xmm6
+        vextracti128	$0x01, %ymm3, %xmm7
+        movq	%xmm0, (%rsi)
+        vpextrb	$8, %xmm0, 8(%rsi)
+        movq	%xmm4, 9(%rsi)
+        vpextrb	$8, %xmm4, 17(%rsi)
+        addq	$18, %rsi
+        movq	%xmm1, (%rsi)
+        vpextrb	$8, %xmm1, 8(%rsi)
+        movq	%xmm5, 9(%rsi)
+        vpextrb	$8, %xmm5, 17(%rsi)
+        addq	$18, %rsi
+        movq	%xmm2, (%rsi)
+        vpextrb	$8, %xmm2, 8(%rsi)
+        movq	%xmm6, 9(%rsi)
+        vpextrb	$8, %xmm6, 17(%rsi)
+        addq	$18, %rsi
+        movq	%xmm3, (%rsi)
+        vpextrb	$8, %xmm3, 8(%rsi)
+        movq	%xmm7, 9(%rsi)
+        vpextrb	$8, %xmm7, 17(%rsi)
+        addq	$18, %rsi
+        vmovdqu	640(%rdi), %ymm0
+        vmovdqu	672(%rdi), %ymm1
+        vmovdqu	704(%rdi), %ymm2
+        vmovdqu	736(%rdi), %ymm3
+        vpsubd	%ymm0, %ymm8, %ymm0
+        vpsubd	%ymm1, %ymm8, %ymm1
+        vpsubd	%ymm2, %ymm8, %ymm2
+        vpsubd	%ymm3, %ymm8, %ymm3
+        vpsllvd	%ymm11, %ymm0, %ymm0
+        vpsllvd	%ymm11, %ymm1, %ymm1
+        vpsllvd	%ymm11, %ymm2, %ymm2
+        vpsllvd	%ymm11, %ymm3, %ymm3
+        vpshufb	%ymm10, %ymm0, %ymm4
+        vpshufb	%ymm10, %ymm1, %ymm5
+        vpshufb	%ymm10, %ymm2, %ymm6
+        vpshufb	%ymm10, %ymm3, %ymm7
+        vpshufb	%ymm9, %ymm0, %ymm0
+        vpshufb	%ymm9, %ymm1, %ymm1
+        vpshufb	%ymm9, %ymm2, %ymm2
+        vpshufb	%ymm9, %ymm3, %ymm3
+        vpor	%ymm4, %ymm0, %ymm0
+        vpor	%ymm5, %ymm1, %ymm1
+        vpor	%ymm6, %ymm2, %ymm2
+        vpor	%ymm7, %ymm3, %ymm3
+        vextracti128	$0x01, %ymm0, %xmm4
+        vextracti128	$0x01, %ymm1, %xmm5
+        vextracti128	$0x01, %ymm2, %xmm6
+        vextracti128	$0x01, %ymm3, %xmm7
+        movq	%xmm0, (%rsi)
+        vpextrb	$8, %xmm0, 8(%rsi)
+        movq	%xmm4, 9(%rsi)
+        vpextrb	$8, %xmm4, 17(%rsi)
+        addq	$18, %rsi
+        movq	%xmm1, (%rsi)
+        vpextrb	$8, %xmm1, 8(%rsi)
+        movq	%xmm5, 9(%rsi)
+        vpextrb	$8, %xmm5, 17(%rsi)
+        addq	$18, %rsi
+        movq	%xmm2, (%rsi)
+        vpextrb	$8, %xmm2, 8(%rsi)
+        movq	%xmm6, 9(%rsi)
+        vpextrb	$8, %xmm6, 17(%rsi)
+        addq	$18, %rsi
+        movq	%xmm3, (%rsi)
+        vpextrb	$8, %xmm3, 8(%rsi)
+        movq	%xmm7, 9(%rsi)
+        vpextrb	$8, %xmm7, 17(%rsi)
+        addq	$18, %rsi
+        vmovdqu	768(%rdi), %ymm0
+        vmovdqu	800(%rdi), %ymm1
+        vmovdqu	832(%rdi), %ymm2
+        vmovdqu	864(%rdi), %ymm3
+        vpsubd	%ymm0, %ymm8, %ymm0
+        vpsubd	%ymm1, %ymm8, %ymm1
+        vpsubd	%ymm2, %ymm8, %ymm2
+        vpsubd	%ymm3, %ymm8, %ymm3
+        vpsllvd	%ymm11, %ymm0, %ymm0
+        vpsllvd	%ymm11, %ymm1, %ymm1
+        vpsllvd	%ymm11, %ymm2, %ymm2
+        vpsllvd	%ymm11, %ymm3, %ymm3
+        vpshufb	%ymm10, %ymm0, %ymm4
+        vpshufb	%ymm10, %ymm1, %ymm5
+        vpshufb	%ymm10, %ymm2, %ymm6
+        vpshufb	%ymm10, %ymm3, %ymm7
+        vpshufb	%ymm9, %ymm0, %ymm0
+        vpshufb	%ymm9, %ymm1, %ymm1
+        vpshufb	%ymm9, %ymm2, %ymm2
+        vpshufb	%ymm9, %ymm3, %ymm3
+        vpor	%ymm4, %ymm0, %ymm0
+        vpor	%ymm5, %ymm1, %ymm1
+        vpor	%ymm6, %ymm2, %ymm2
+        vpor	%ymm7, %ymm3, %ymm3
+        vextracti128	$0x01, %ymm0, %xmm4
+        vextracti128	$0x01, %ymm1, %xmm5
+        vextracti128	$0x01, %ymm2, %xmm6
+        vextracti128	$0x01, %ymm3, %xmm7
+        movq	%xmm0, (%rsi)
+        vpextrb	$8, %xmm0, 8(%rsi)
+        movq	%xmm4, 9(%rsi)
+        vpextrb	$8, %xmm4, 17(%rsi)
+        addq	$18, %rsi
+        movq	%xmm1, (%rsi)
+        vpextrb	$8, %xmm1, 8(%rsi)
+        movq	%xmm5, 9(%rsi)
+        vpextrb	$8, %xmm5, 17(%rsi)
+        addq	$18, %rsi
+        movq	%xmm2, (%rsi)
+        vpextrb	$8, %xmm2, 8(%rsi)
+        movq	%xmm6, 9(%rsi)
+        vpextrb	$8, %xmm6, 17(%rsi)
+        addq	$18, %rsi
+        movq	%xmm3, (%rsi)
+        vpextrb	$8, %xmm3, 8(%rsi)
+        movq	%xmm7, 9(%rsi)
+        vpextrb	$8, %xmm7, 17(%rsi)
+        addq	$18, %rsi
+        vmovdqu	896(%rdi), %ymm0
+        vmovdqu	928(%rdi), %ymm1
+        vmovdqu	960(%rdi), %ymm2
+        vmovdqu	992(%rdi), %ymm3
+        vpsubd	%ymm0, %ymm8, %ymm0
+        vpsubd	%ymm1, %ymm8, %ymm1
+        vpsubd	%ymm2, %ymm8, %ymm2
+        vpsubd	%ymm3, %ymm8, %ymm3
+        vpsllvd	%ymm11, %ymm0, %ymm0
+        vpsllvd	%ymm11, %ymm1, %ymm1
+        vpsllvd	%ymm11, %ymm2, %ymm2
+        vpsllvd	%ymm11, %ymm3, %ymm3
+        vpshufb	%ymm10, %ymm0, %ymm4
+        vpshufb	%ymm10, %ymm1, %ymm5
+        vpshufb	%ymm10, %ymm2, %ymm6
+        vpshufb	%ymm10, %ymm3, %ymm7
+        vpshufb	%ymm9, %ymm0, %ymm0
+        vpshufb	%ymm9, %ymm1, %ymm1
+        vpshufb	%ymm9, %ymm2, %ymm2
+        vpshufb	%ymm9, %ymm3, %ymm3
+        vpor	%ymm4, %ymm0, %ymm0
+        vpor	%ymm5, %ymm1, %ymm1
+        vpor	%ymm6, %ymm2, %ymm2
+        vpor	%ymm7, %ymm3, %ymm3
+        vextracti128	$0x01, %ymm0, %xmm4
+        vextracti128	$0x01, %ymm1, %xmm5
+        vextracti128	$0x01, %ymm2, %xmm6
+        vextracti128	$0x01, %ymm3, %xmm7
+        movq	%xmm0, (%rsi)
+        vpextrb	$8, %xmm0, 8(%rsi)
+        movq	%xmm4, 9(%rsi)
+        vpextrb	$8, %xmm4, 17(%rsi)
+        addq	$18, %rsi
+        movq	%xmm1, (%rsi)
+        vpextrb	$8, %xmm1, 8(%rsi)
+        movq	%xmm5, 9(%rsi)
+        vpextrb	$8, %xmm5, 17(%rsi)
+        addq	$18, %rsi
+        movq	%xmm2, (%rsi)
+        vpextrb	$8, %xmm2, 8(%rsi)
+        movq	%xmm6, 9(%rsi)
+        vpextrb	$8, %xmm6, 17(%rsi)
+        addq	$18, %rsi
+        movq	%xmm3, (%rsi)
+        vpextrb	$8, %xmm3, 8(%rsi)
+        movq	%xmm7, 9(%rsi)
+        vpextrb	$8, %xmm7, 17(%rsi)
+        addq	$18, %rsi
+        vzeroupper
+        repz retq
+#ifndef __APPLE__
+.size	wc_mldsa_encode_gamma1_17_avx2,.-wc_mldsa_encode_gamma1_17_avx2
+#endif /* __APPLE__ */
+#ifndef __APPLE__
+.data
+#else
+.section	__DATA,__data
+#endif /* __APPLE__ */
+L_mldsa_encode_gamma1_19_avx2_gamma19:
+.long	0x00080000,0x00080000,0x00080000,0x00080000
+.long	0x00080000,0x00080000,0x00080000,0x00080000
+#ifndef __APPLE__
+.data
+#else
+.section	__DATA,__data
+#endif /* __APPLE__ */
+#ifndef __APPLE__
+.align	16
+#else
+.p2align	4
+#endif /* __APPLE__ */
+L_mldsa_encode_gamma1_19_avx2_shuff_even:
+.value	0x100,0xff02
+.value	0x8ff,0xa09
+.value	0xffff,0xffff
+.value	0xffff,0xffff
+.value	0x100,0xff02
+.value	0x8ff,0xa09
+.value	0xffff,0xffff
+.value	0xffff,0xffff
+#ifndef __APPLE__
+.data
+#else
+.section	__DATA,__data
+#endif /* __APPLE__ */
+#ifndef __APPLE__
+.align	16
+#else
+.p2align	4
+#endif /* __APPLE__ */
+L_mldsa_encode_gamma1_19_avx2_shuff_odd:
+.value	0xffff,0x504
+.value	0xff06,0xcff
+.value	0xe0d,0xffff
+.value	0xffff,0xffff
+.value	0xffff,0x504
+.value	0xff06,0xcff
+.value	0xe0d,0xffff
+.value	0xffff,0xffff
+#ifndef __APPLE__
+.data
+#else
+.section	__DATA,__data
+#endif /* __APPLE__ */
+L_mldsa_encode_gamma1_19_avx2_vs:
+.long	0x00000000,0x00000004,0x00000000,0x00000004
+.long	0x00000000,0x00000004,0x00000000,0x00000004
+#ifndef __APPLE__
+.text
+.globl	wc_mldsa_encode_gamma1_19_avx2
+.type	wc_mldsa_encode_gamma1_19_avx2,@function
+.align	16
+wc_mldsa_encode_gamma1_19_avx2:
+#else
+.section	__TEXT,__text
+.globl	_wc_mldsa_encode_gamma1_19_avx2
+.p2align	4
+_wc_mldsa_encode_gamma1_19_avx2:
+#endif /* __APPLE__ */
+        vpxor	%ymm8, %ymm8, %ymm8
+        vmovdqu	L_mldsa_encode_gamma1_19_avx2_gamma19(%rip), %ymm8
+        vmovdqu	L_mldsa_encode_gamma1_19_avx2_shuff_even(%rip), %ymm9
+        vmovdqu	L_mldsa_encode_gamma1_19_avx2_shuff_odd(%rip), %ymm10
+        vmovdqu	L_mldsa_encode_gamma1_19_avx2_vs(%rip), %ymm11
+        vmovdqu	(%rdi), %ymm0
+        vmovdqu	32(%rdi), %ymm1
+        vmovdqu	64(%rdi), %ymm2
+        vmovdqu	96(%rdi), %ymm3
+        vpsubd	%ymm0, %ymm8, %ymm0
+        vpsubd	%ymm1, %ymm8, %ymm1
+        vpsubd	%ymm2, %ymm8, %ymm2
+        vpsubd	%ymm3, %ymm8, %ymm3
+        vpsllvd	%ymm11, %ymm0, %ymm0
+        vpsllvd	%ymm11, %ymm1, %ymm1
+        vpsllvd	%ymm11, %ymm2, %ymm2
+        vpsllvd	%ymm11, %ymm3, %ymm3
+        vpshufb	%ymm10, %ymm0, %ymm4
+        vpshufb	%ymm10, %ymm1, %ymm5
+        vpshufb	%ymm10, %ymm2, %ymm6
+        vpshufb	%ymm10, %ymm3, %ymm7
+        vpshufb	%ymm9, %ymm0, %ymm0
+        vpshufb	%ymm9, %ymm1, %ymm1
+        vpshufb	%ymm9, %ymm2, %ymm2
+        vpshufb	%ymm9, %ymm3, %ymm3
+        vpor	%ymm4, %ymm0, %ymm0
+        vpor	%ymm5, %ymm1, %ymm1
+        vpor	%ymm6, %ymm2, %ymm2
+        vpor	%ymm7, %ymm3, %ymm3
+        vextracti128	$0x01, %ymm0, %xmm4
+        vextracti128	$0x01, %ymm1, %xmm5
+        vextracti128	$0x01, %ymm2, %xmm6
+        vextracti128	$0x01, %ymm3, %xmm7
+        movq	%xmm0, (%rsi)
+        vpextrw	$4, %xmm0, 8(%rsi)
+        movq	%xmm4, 10(%rsi)
+        vpextrw	$4, %xmm4, 18(%rsi)
+        addq	$20, %rsi
+        movq	%xmm1, (%rsi)
+        vpextrw	$4, %xmm1, 8(%rsi)
+        movq	%xmm5, 10(%rsi)
+        vpextrw	$4, %xmm5, 18(%rsi)
+        addq	$20, %rsi
+        movq	%xmm2, (%rsi)
+        vpextrw	$4, %xmm2, 8(%rsi)
+        movq	%xmm6, 10(%rsi)
+        vpextrw	$4, %xmm6, 18(%rsi)
+        addq	$20, %rsi
+        movq	%xmm3, (%rsi)
+        vpextrw	$4, %xmm3, 8(%rsi)
+        movq	%xmm7, 10(%rsi)
+        vpextrw	$4, %xmm7, 18(%rsi)
+        addq	$20, %rsi
+        vmovdqu	128(%rdi), %ymm0
+        vmovdqu	160(%rdi), %ymm1
+        vmovdqu	192(%rdi), %ymm2
+        vmovdqu	224(%rdi), %ymm3
+        vpsubd	%ymm0, %ymm8, %ymm0
+        vpsubd	%ymm1, %ymm8, %ymm1
+        vpsubd	%ymm2, %ymm8, %ymm2
+        vpsubd	%ymm3, %ymm8, %ymm3
+        vpsllvd	%ymm11, %ymm0, %ymm0
+        vpsllvd	%ymm11, %ymm1, %ymm1
+        vpsllvd	%ymm11, %ymm2, %ymm2
+        vpsllvd	%ymm11, %ymm3, %ymm3
+        vpshufb	%ymm10, %ymm0, %ymm4
+        vpshufb	%ymm10, %ymm1, %ymm5
+        vpshufb	%ymm10, %ymm2, %ymm6
+        vpshufb	%ymm10, %ymm3, %ymm7
+        vpshufb	%ymm9, %ymm0, %ymm0
+        vpshufb	%ymm9, %ymm1, %ymm1
+        vpshufb	%ymm9, %ymm2, %ymm2
+        vpshufb	%ymm9, %ymm3, %ymm3
+        vpor	%ymm4, %ymm0, %ymm0
+        vpor	%ymm5, %ymm1, %ymm1
+        vpor	%ymm6, %ymm2, %ymm2
+        vpor	%ymm7, %ymm3, %ymm3
+        vextracti128	$0x01, %ymm0, %xmm4
+        vextracti128	$0x01, %ymm1, %xmm5
+        vextracti128	$0x01, %ymm2, %xmm6
+        vextracti128	$0x01, %ymm3, %xmm7
+        movq	%xmm0, (%rsi)
+        vpextrw	$4, %xmm0, 8(%rsi)
+        movq	%xmm4, 10(%rsi)
+        vpextrw	$4, %xmm4, 18(%rsi)
+        addq	$20, %rsi
+        movq	%xmm1, (%rsi)
+        vpextrw	$4, %xmm1, 8(%rsi)
+        movq	%xmm5, 10(%rsi)
+        vpextrw	$4, %xmm5, 18(%rsi)
+        addq	$20, %rsi
+        movq	%xmm2, (%rsi)
+        vpextrw	$4, %xmm2, 8(%rsi)
+        movq	%xmm6, 10(%rsi)
+        vpextrw	$4, %xmm6, 18(%rsi)
+        addq	$20, %rsi
+        movq	%xmm3, (%rsi)
+        vpextrw	$4, %xmm3, 8(%rsi)
+        movq	%xmm7, 10(%rsi)
+        vpextrw	$4, %xmm7, 18(%rsi)
+        addq	$20, %rsi
+        vmovdqu	256(%rdi), %ymm0
+        vmovdqu	288(%rdi), %ymm1
+        vmovdqu	320(%rdi), %ymm2
+        vmovdqu	352(%rdi), %ymm3
+        vpsubd	%ymm0, %ymm8, %ymm0
+        vpsubd	%ymm1, %ymm8, %ymm1
+        vpsubd	%ymm2, %ymm8, %ymm2
+        vpsubd	%ymm3, %ymm8, %ymm3
+        vpsllvd	%ymm11, %ymm0, %ymm0
+        vpsllvd	%ymm11, %ymm1, %ymm1
+        vpsllvd	%ymm11, %ymm2, %ymm2
+        vpsllvd	%ymm11, %ymm3, %ymm3
+        vpshufb	%ymm10, %ymm0, %ymm4
+        vpshufb	%ymm10, %ymm1, %ymm5
+        vpshufb	%ymm10, %ymm2, %ymm6
+        vpshufb	%ymm10, %ymm3, %ymm7
+        vpshufb	%ymm9, %ymm0, %ymm0
+        vpshufb	%ymm9, %ymm1, %ymm1
+        vpshufb	%ymm9, %ymm2, %ymm2
+        vpshufb	%ymm9, %ymm3, %ymm3
+        vpor	%ymm4, %ymm0, %ymm0
+        vpor	%ymm5, %ymm1, %ymm1
+        vpor	%ymm6, %ymm2, %ymm2
+        vpor	%ymm7, %ymm3, %ymm3
+        vextracti128	$0x01, %ymm0, %xmm4
+        vextracti128	$0x01, %ymm1, %xmm5
+        vextracti128	$0x01, %ymm2, %xmm6
+        vextracti128	$0x01, %ymm3, %xmm7
+        movq	%xmm0, (%rsi)
+        vpextrw	$4, %xmm0, 8(%rsi)
+        movq	%xmm4, 10(%rsi)
+        vpextrw	$4, %xmm4, 18(%rsi)
+        addq	$20, %rsi
+        movq	%xmm1, (%rsi)
+        vpextrw	$4, %xmm1, 8(%rsi)
+        movq	%xmm5, 10(%rsi)
+        vpextrw	$4, %xmm5, 18(%rsi)
+        addq	$20, %rsi
+        movq	%xmm2, (%rsi)
+        vpextrw	$4, %xmm2, 8(%rsi)
+        movq	%xmm6, 10(%rsi)
+        vpextrw	$4, %xmm6, 18(%rsi)
+        addq	$20, %rsi
+        movq	%xmm3, (%rsi)
+        vpextrw	$4, %xmm3, 8(%rsi)
+        movq	%xmm7, 10(%rsi)
+        vpextrw	$4, %xmm7, 18(%rsi)
+        addq	$20, %rsi
+        vmovdqu	384(%rdi), %ymm0
+        vmovdqu	416(%rdi), %ymm1
+        vmovdqu	448(%rdi), %ymm2
+        vmovdqu	480(%rdi), %ymm3
+        vpsubd	%ymm0, %ymm8, %ymm0
+        vpsubd	%ymm1, %ymm8, %ymm1
+        vpsubd	%ymm2, %ymm8, %ymm2
+        vpsubd	%ymm3, %ymm8, %ymm3
+        vpsllvd	%ymm11, %ymm0, %ymm0
+        vpsllvd	%ymm11, %ymm1, %ymm1
+        vpsllvd	%ymm11, %ymm2, %ymm2
+        vpsllvd	%ymm11, %ymm3, %ymm3
+        vpshufb	%ymm10, %ymm0, %ymm4
+        vpshufb	%ymm10, %ymm1, %ymm5
+        vpshufb	%ymm10, %ymm2, %ymm6
+        vpshufb	%ymm10, %ymm3, %ymm7
+        vpshufb	%ymm9, %ymm0, %ymm0
+        vpshufb	%ymm9, %ymm1, %ymm1
+        vpshufb	%ymm9, %ymm2, %ymm2
+        vpshufb	%ymm9, %ymm3, %ymm3
+        vpor	%ymm4, %ymm0, %ymm0
+        vpor	%ymm5, %ymm1, %ymm1
+        vpor	%ymm6, %ymm2, %ymm2
+        vpor	%ymm7, %ymm3, %ymm3
+        vextracti128	$0x01, %ymm0, %xmm4
+        vextracti128	$0x01, %ymm1, %xmm5
+        vextracti128	$0x01, %ymm2, %xmm6
+        vextracti128	$0x01, %ymm3, %xmm7
+        movq	%xmm0, (%rsi)
+        vpextrw	$4, %xmm0, 8(%rsi)
+        movq	%xmm4, 10(%rsi)
+        vpextrw	$4, %xmm4, 18(%rsi)
+        addq	$20, %rsi
+        movq	%xmm1, (%rsi)
+        vpextrw	$4, %xmm1, 8(%rsi)
+        movq	%xmm5, 10(%rsi)
+        vpextrw	$4, %xmm5, 18(%rsi)
+        addq	$20, %rsi
+        movq	%xmm2, (%rsi)
+        vpextrw	$4, %xmm2, 8(%rsi)
+        movq	%xmm6, 10(%rsi)
+        vpextrw	$4, %xmm6, 18(%rsi)
+        addq	$20, %rsi
+        movq	%xmm3, (%rsi)
+        vpextrw	$4, %xmm3, 8(%rsi)
+        movq	%xmm7, 10(%rsi)
+        vpextrw	$4, %xmm7, 18(%rsi)
+        addq	$20, %rsi
+        vmovdqu	512(%rdi), %ymm0
+        vmovdqu	544(%rdi), %ymm1
+        vmovdqu	576(%rdi), %ymm2
+        vmovdqu	608(%rdi), %ymm3
+        vpsubd	%ymm0, %ymm8, %ymm0
+        vpsubd	%ymm1, %ymm8, %ymm1
+        vpsubd	%ymm2, %ymm8, %ymm2
+        vpsubd	%ymm3, %ymm8, %ymm3
+        vpsllvd	%ymm11, %ymm0, %ymm0
+        vpsllvd	%ymm11, %ymm1, %ymm1
+        vpsllvd	%ymm11, %ymm2, %ymm2
+        vpsllvd	%ymm11, %ymm3, %ymm3
+        vpshufb	%ymm10, %ymm0, %ymm4
+        vpshufb	%ymm10, %ymm1, %ymm5
+        vpshufb	%ymm10, %ymm2, %ymm6
+        vpshufb	%ymm10, %ymm3, %ymm7
+        vpshufb	%ymm9, %ymm0, %ymm0
+        vpshufb	%ymm9, %ymm1, %ymm1
+        vpshufb	%ymm9, %ymm2, %ymm2
+        vpshufb	%ymm9, %ymm3, %ymm3
+        vpor	%ymm4, %ymm0, %ymm0
+        vpor	%ymm5, %ymm1, %ymm1
+        vpor	%ymm6, %ymm2, %ymm2
+        vpor	%ymm7, %ymm3, %ymm3
+        vextracti128	$0x01, %ymm0, %xmm4
+        vextracti128	$0x01, %ymm1, %xmm5
+        vextracti128	$0x01, %ymm2, %xmm6
+        vextracti128	$0x01, %ymm3, %xmm7
+        movq	%xmm0, (%rsi)
+        vpextrw	$4, %xmm0, 8(%rsi)
+        movq	%xmm4, 10(%rsi)
+        vpextrw	$4, %xmm4, 18(%rsi)
+        addq	$20, %rsi
+        movq	%xmm1, (%rsi)
+        vpextrw	$4, %xmm1, 8(%rsi)
+        movq	%xmm5, 10(%rsi)
+        vpextrw	$4, %xmm5, 18(%rsi)
+        addq	$20, %rsi
+        movq	%xmm2, (%rsi)
+        vpextrw	$4, %xmm2, 8(%rsi)
+        movq	%xmm6, 10(%rsi)
+        vpextrw	$4, %xmm6, 18(%rsi)
+        addq	$20, %rsi
+        movq	%xmm3, (%rsi)
+        vpextrw	$4, %xmm3, 8(%rsi)
+        movq	%xmm7, 10(%rsi)
+        vpextrw	$4, %xmm7, 18(%rsi)
+        addq	$20, %rsi
+        vmovdqu	640(%rdi), %ymm0
+        vmovdqu	672(%rdi), %ymm1
+        vmovdqu	704(%rdi), %ymm2
+        vmovdqu	736(%rdi), %ymm3
+        vpsubd	%ymm0, %ymm8, %ymm0
+        vpsubd	%ymm1, %ymm8, %ymm1
+        vpsubd	%ymm2, %ymm8, %ymm2
+        vpsubd	%ymm3, %ymm8, %ymm3
+        vpsllvd	%ymm11, %ymm0, %ymm0
+        vpsllvd	%ymm11, %ymm1, %ymm1
+        vpsllvd	%ymm11, %ymm2, %ymm2
+        vpsllvd	%ymm11, %ymm3, %ymm3
+        vpshufb	%ymm10, %ymm0, %ymm4
+        vpshufb	%ymm10, %ymm1, %ymm5
+        vpshufb	%ymm10, %ymm2, %ymm6
+        vpshufb	%ymm10, %ymm3, %ymm7
+        vpshufb	%ymm9, %ymm0, %ymm0
+        vpshufb	%ymm9, %ymm1, %ymm1
+        vpshufb	%ymm9, %ymm2, %ymm2
+        vpshufb	%ymm9, %ymm3, %ymm3
+        vpor	%ymm4, %ymm0, %ymm0
+        vpor	%ymm5, %ymm1, %ymm1
+        vpor	%ymm6, %ymm2, %ymm2
+        vpor	%ymm7, %ymm3, %ymm3
+        vextracti128	$0x01, %ymm0, %xmm4
+        vextracti128	$0x01, %ymm1, %xmm5
+        vextracti128	$0x01, %ymm2, %xmm6
+        vextracti128	$0x01, %ymm3, %xmm7
+        movq	%xmm0, (%rsi)
+        vpextrw	$4, %xmm0, 8(%rsi)
+        movq	%xmm4, 10(%rsi)
+        vpextrw	$4, %xmm4, 18(%rsi)
+        addq	$20, %rsi
+        movq	%xmm1, (%rsi)
+        vpextrw	$4, %xmm1, 8(%rsi)
+        movq	%xmm5, 10(%rsi)
+        vpextrw	$4, %xmm5, 18(%rsi)
+        addq	$20, %rsi
+        movq	%xmm2, (%rsi)
+        vpextrw	$4, %xmm2, 8(%rsi)
+        movq	%xmm6, 10(%rsi)
+        vpextrw	$4, %xmm6, 18(%rsi)
+        addq	$20, %rsi
+        movq	%xmm3, (%rsi)
+        vpextrw	$4, %xmm3, 8(%rsi)
+        movq	%xmm7, 10(%rsi)
+        vpextrw	$4, %xmm7, 18(%rsi)
+        addq	$20, %rsi
+        vmovdqu	768(%rdi), %ymm0
+        vmovdqu	800(%rdi), %ymm1
+        vmovdqu	832(%rdi), %ymm2
+        vmovdqu	864(%rdi), %ymm3
+        vpsubd	%ymm0, %ymm8, %ymm0
+        vpsubd	%ymm1, %ymm8, %ymm1
+        vpsubd	%ymm2, %ymm8, %ymm2
+        vpsubd	%ymm3, %ymm8, %ymm3
+        vpsllvd	%ymm11, %ymm0, %ymm0
+        vpsllvd	%ymm11, %ymm1, %ymm1
+        vpsllvd	%ymm11, %ymm2, %ymm2
+        vpsllvd	%ymm11, %ymm3, %ymm3
+        vpshufb	%ymm10, %ymm0, %ymm4
+        vpshufb	%ymm10, %ymm1, %ymm5
+        vpshufb	%ymm10, %ymm2, %ymm6
+        vpshufb	%ymm10, %ymm3, %ymm7
+        vpshufb	%ymm9, %ymm0, %ymm0
+        vpshufb	%ymm9, %ymm1, %ymm1
+        vpshufb	%ymm9, %ymm2, %ymm2
+        vpshufb	%ymm9, %ymm3, %ymm3
+        vpor	%ymm4, %ymm0, %ymm0
+        vpor	%ymm5, %ymm1, %ymm1
+        vpor	%ymm6, %ymm2, %ymm2
+        vpor	%ymm7, %ymm3, %ymm3
+        vextracti128	$0x01, %ymm0, %xmm4
+        vextracti128	$0x01, %ymm1, %xmm5
+        vextracti128	$0x01, %ymm2, %xmm6
+        vextracti128	$0x01, %ymm3, %xmm7
+        movq	%xmm0, (%rsi)
+        vpextrw	$4, %xmm0, 8(%rsi)
+        movq	%xmm4, 10(%rsi)
+        vpextrw	$4, %xmm4, 18(%rsi)
+        addq	$20, %rsi
+        movq	%xmm1, (%rsi)
+        vpextrw	$4, %xmm1, 8(%rsi)
+        movq	%xmm5, 10(%rsi)
+        vpextrw	$4, %xmm5, 18(%rsi)
+        addq	$20, %rsi
+        movq	%xmm2, (%rsi)
+        vpextrw	$4, %xmm2, 8(%rsi)
+        movq	%xmm6, 10(%rsi)
+        vpextrw	$4, %xmm6, 18(%rsi)
+        addq	$20, %rsi
+        movq	%xmm3, (%rsi)
+        vpextrw	$4, %xmm3, 8(%rsi)
+        movq	%xmm7, 10(%rsi)
+        vpextrw	$4, %xmm7, 18(%rsi)
+        addq	$20, %rsi
+        vmovdqu	896(%rdi), %ymm0
+        vmovdqu	928(%rdi), %ymm1
+        vmovdqu	960(%rdi), %ymm2
+        vmovdqu	992(%rdi), %ymm3
+        vpsubd	%ymm0, %ymm8, %ymm0
+        vpsubd	%ymm1, %ymm8, %ymm1
+        vpsubd	%ymm2, %ymm8, %ymm2
+        vpsubd	%ymm3, %ymm8, %ymm3
+        vpsllvd	%ymm11, %ymm0, %ymm0
+        vpsllvd	%ymm11, %ymm1, %ymm1
+        vpsllvd	%ymm11, %ymm2, %ymm2
+        vpsllvd	%ymm11, %ymm3, %ymm3
+        vpshufb	%ymm10, %ymm0, %ymm4
+        vpshufb	%ymm10, %ymm1, %ymm5
+        vpshufb	%ymm10, %ymm2, %ymm6
+        vpshufb	%ymm10, %ymm3, %ymm7
+        vpshufb	%ymm9, %ymm0, %ymm0
+        vpshufb	%ymm9, %ymm1, %ymm1
+        vpshufb	%ymm9, %ymm2, %ymm2
+        vpshufb	%ymm9, %ymm3, %ymm3
+        vpor	%ymm4, %ymm0, %ymm0
+        vpor	%ymm5, %ymm1, %ymm1
+        vpor	%ymm6, %ymm2, %ymm2
+        vpor	%ymm7, %ymm3, %ymm3
+        vextracti128	$0x01, %ymm0, %xmm4
+        vextracti128	$0x01, %ymm1, %xmm5
+        vextracti128	$0x01, %ymm2, %xmm6
+        vextracti128	$0x01, %ymm3, %xmm7
+        movq	%xmm0, (%rsi)
+        vpextrw	$4, %xmm0, 8(%rsi)
+        movq	%xmm4, 10(%rsi)
+        vpextrw	$4, %xmm4, 18(%rsi)
+        addq	$20, %rsi
+        movq	%xmm1, (%rsi)
+        vpextrw	$4, %xmm1, 8(%rsi)
+        movq	%xmm5, 10(%rsi)
+        vpextrw	$4, %xmm5, 18(%rsi)
+        addq	$20, %rsi
+        movq	%xmm2, (%rsi)
+        vpextrw	$4, %xmm2, 8(%rsi)
+        movq	%xmm6, 10(%rsi)
+        vpextrw	$4, %xmm6, 18(%rsi)
+        addq	$20, %rsi
+        movq	%xmm3, (%rsi)
+        vpextrw	$4, %xmm3, 8(%rsi)
+        movq	%xmm7, 10(%rsi)
+        vpextrw	$4, %xmm7, 18(%rsi)
+        addq	$20, %rsi
+        vzeroupper
+        repz retq
+#ifndef __APPLE__
+.size	wc_mldsa_encode_gamma1_19_avx2,.-wc_mldsa_encode_gamma1_19_avx2
+#endif /* __APPLE__ */
+#ifndef __APPLE__
+.data
+#else
+.section	__DATA,__data
+#endif /* __APPLE__ */
+L_mldsa_decompose_q88_avx2_q_low_88:
+.long	0x00017400,0x00017400,0x00017400,0x00017400
+.long	0x00017400,0x00017400,0x00017400,0x00017400
+#ifndef __APPLE__
+.data
+#else
+.section	__DATA,__data
+#endif /* __APPLE__ */
+L_mldsa_decompose_q88_avx2_q_low_88_2:
+.long	0x0002e800,0x0002e800,0x0002e800,0x0002e800
+.long	0x0002e800,0x0002e800,0x0002e800,0x0002e800
+#ifndef __APPLE__
+.data
+#else
+.section	__DATA,__data
+#endif /* __APPLE__ */
+L_mldsa_decompose_q88_avx2_q_2:
+.long	0x003fefd4,0x003fefd4,0x003fefd4,0x003fefd4
+.long	0x003fefd4,0x003fefd4,0x003fefd4,0x003fefd4
+#ifndef __APPLE__
+.data
+#else
+.section	__DATA,__data
+#endif /* __APPLE__ */
+L_mldsa_decompose_q88_avx2_44:
+.long	0x0000002c,0x0000002c,0x0000002c,0x0000002c
+.long	0x0000002c,0x0000002c,0x0000002c,0x0000002c
+#ifndef __APPLE__
+.text
+.globl	wc_mldsa_decompose_q88_avx2
+.type	wc_mldsa_decompose_q88_avx2,@function
+.align	16
+wc_mldsa_decompose_q88_avx2:
+#else
+.section	__TEXT,__text
+.globl	_wc_mldsa_decompose_q88_avx2
+.p2align	4
+_wc_mldsa_decompose_q88_avx2:
+#endif /* __APPLE__ */
+        vmovdqu	L_mldsa_decompose_q88_avx2_q_low_88(%rip), %ymm12
+        vmovdqu	L_mldsa_decompose_q88_avx2_q_low_88_2(%rip), %ymm13
+        vmovdqu	L_mldsa_decompose_q88_avx2_q_2(%rip), %ymm14
+        vmovdqu	L_mldsa_decompose_q88_avx2_44(%rip), %ymm15
+        # 1/4 vectors
+        vmovdqu	(%rdi), %ymm0
+        vmovdqu	32(%rdi), %ymm1
+        vmovdqu	64(%rdi), %ymm2
+        vmovdqu	96(%rdi), %ymm3
+        vpmulld	%ymm15, %ymm0, %ymm8
+        vpmulld	%ymm15, %ymm1, %ymm9
+        vpmulld	%ymm15, %ymm2, %ymm10
+        vpmulld	%ymm15, %ymm3, %ymm11
+        vpaddd	%ymm14, %ymm8, %ymm8
+        vpaddd	%ymm14, %ymm9, %ymm9
+        vpaddd	%ymm14, %ymm10, %ymm10
+        vpaddd	%ymm14, %ymm11, %ymm11
+        vpsrld	$23, %ymm8, %ymm8
+        vpsrld	$23, %ymm9, %ymm9
+        vpsrld	$23, %ymm10, %ymm10
+        vpsrld	$23, %ymm11, %ymm11
+        vpmulld	%ymm13, %ymm8, %ymm4
+        vpmulld	%ymm13, %ymm9, %ymm5
+        vpmulld	%ymm13, %ymm10, %ymm6
+        vpmulld	%ymm13, %ymm11, %ymm7
+        vpsubd	%ymm4, %ymm0, %ymm4
+        vpsubd	%ymm5, %ymm1, %ymm5
+        vpsubd	%ymm6, %ymm2, %ymm6
+        vpsubd	%ymm7, %ymm3, %ymm7
+        vpsubd	%ymm4, %ymm12, %ymm4
+        vpsubd	%ymm5, %ymm12, %ymm5
+        vpsubd	%ymm6, %ymm12, %ymm6
+        vpsubd	%ymm7, %ymm12, %ymm7
+        vpsrld	$31, %ymm4, %ymm4
+        vpsrld	$31, %ymm5, %ymm5
+        vpsrld	$31, %ymm6, %ymm6
+        vpsrld	$31, %ymm7, %ymm7
+        vpaddd	%ymm4, %ymm8, %ymm8
+        vpaddd	%ymm5, %ymm9, %ymm9
+        vpaddd	%ymm6, %ymm10, %ymm10
+        vpaddd	%ymm7, %ymm11, %ymm11
+        vpmulld	%ymm13, %ymm8, %ymm4
+        vpmulld	%ymm13, %ymm9, %ymm5
+        vpmulld	%ymm13, %ymm10, %ymm6
+        vpmulld	%ymm13, %ymm11, %ymm7
+        vpsubd	%ymm4, %ymm0, %ymm4
+        vpsubd	%ymm5, %ymm1, %ymm5
+        vpsubd	%ymm6, %ymm2, %ymm6
+        vpsubd	%ymm7, %ymm3, %ymm7
+        vpcmpeqd	%ymm15, %ymm8, %ymm0
+        vpcmpeqd	%ymm15, %ymm9, %ymm1
+        vpcmpeqd	%ymm15, %ymm10, %ymm2
+        vpcmpeqd	%ymm15, %ymm11, %ymm3
+        vpaddd	%ymm0, %ymm4, %ymm4
+        vpaddd	%ymm1, %ymm5, %ymm5
+        vpaddd	%ymm2, %ymm6, %ymm6
+        vpaddd	%ymm3, %ymm7, %ymm7
+        vpcmpgtd	%ymm8, %ymm15, %ymm0
+        vpcmpgtd	%ymm9, %ymm15, %ymm1
+        vpcmpgtd	%ymm10, %ymm15, %ymm2
+        vpcmpgtd	%ymm11, %ymm15, %ymm3
+        vpand	%ymm0, %ymm8, %ymm8
+        vpand	%ymm1, %ymm9, %ymm9
+        vpand	%ymm2, %ymm10, %ymm10
+        vpand	%ymm3, %ymm11, %ymm11
+        vmovdqu	%ymm4, (%rsi)
+        vmovdqu	%ymm5, 32(%rsi)
+        vmovdqu	%ymm6, 64(%rsi)
+        vmovdqu	%ymm7, 96(%rsi)
+        vmovdqu	%ymm8, (%rdx)
+        vmovdqu	%ymm9, 32(%rdx)
+        vmovdqu	%ymm10, 64(%rdx)
+        vmovdqu	%ymm11, 96(%rdx)
+        vmovdqu	128(%rdi), %ymm0
+        vmovdqu	160(%rdi), %ymm1
+        vmovdqu	192(%rdi), %ymm2
+        vmovdqu	224(%rdi), %ymm3
+        vpmulld	%ymm15, %ymm0, %ymm8
+        vpmulld	%ymm15, %ymm1, %ymm9
+        vpmulld	%ymm15, %ymm2, %ymm10
+        vpmulld	%ymm15, %ymm3, %ymm11
+        vpaddd	%ymm14, %ymm8, %ymm8
+        vpaddd	%ymm14, %ymm9, %ymm9
+        vpaddd	%ymm14, %ymm10, %ymm10
+        vpaddd	%ymm14, %ymm11, %ymm11
+        vpsrld	$23, %ymm8, %ymm8
+        vpsrld	$23, %ymm9, %ymm9
+        vpsrld	$23, %ymm10, %ymm10
+        vpsrld	$23, %ymm11, %ymm11
+        vpmulld	%ymm13, %ymm8, %ymm4
+        vpmulld	%ymm13, %ymm9, %ymm5
+        vpmulld	%ymm13, %ymm10, %ymm6
+        vpmulld	%ymm13, %ymm11, %ymm7
+        vpsubd	%ymm4, %ymm0, %ymm4
+        vpsubd	%ymm5, %ymm1, %ymm5
+        vpsubd	%ymm6, %ymm2, %ymm6
+        vpsubd	%ymm7, %ymm3, %ymm7
+        vpsubd	%ymm4, %ymm12, %ymm4
+        vpsubd	%ymm5, %ymm12, %ymm5
+        vpsubd	%ymm6, %ymm12, %ymm6
+        vpsubd	%ymm7, %ymm12, %ymm7
+        vpsrld	$31, %ymm4, %ymm4
+        vpsrld	$31, %ymm5, %ymm5
+        vpsrld	$31, %ymm6, %ymm6
+        vpsrld	$31, %ymm7, %ymm7
+        vpaddd	%ymm4, %ymm8, %ymm8
+        vpaddd	%ymm5, %ymm9, %ymm9
+        vpaddd	%ymm6, %ymm10, %ymm10
+        vpaddd	%ymm7, %ymm11, %ymm11
+        vpmulld	%ymm13, %ymm8, %ymm4
+        vpmulld	%ymm13, %ymm9, %ymm5
+        vpmulld	%ymm13, %ymm10, %ymm6
+        vpmulld	%ymm13, %ymm11, %ymm7
+        vpsubd	%ymm4, %ymm0, %ymm4
+        vpsubd	%ymm5, %ymm1, %ymm5
+        vpsubd	%ymm6, %ymm2, %ymm6
+        vpsubd	%ymm7, %ymm3, %ymm7
+        vpcmpeqd	%ymm15, %ymm8, %ymm0
+        vpcmpeqd	%ymm15, %ymm9, %ymm1
+        vpcmpeqd	%ymm15, %ymm10, %ymm2
+        vpcmpeqd	%ymm15, %ymm11, %ymm3
+        vpaddd	%ymm0, %ymm4, %ymm4
+        vpaddd	%ymm1, %ymm5, %ymm5
+        vpaddd	%ymm2, %ymm6, %ymm6
+        vpaddd	%ymm3, %ymm7, %ymm7
+        vpcmpgtd	%ymm8, %ymm15, %ymm0
+        vpcmpgtd	%ymm9, %ymm15, %ymm1
+        vpcmpgtd	%ymm10, %ymm15, %ymm2
+        vpcmpgtd	%ymm11, %ymm15, %ymm3
+        vpand	%ymm0, %ymm8, %ymm8
+        vpand	%ymm1, %ymm9, %ymm9
+        vpand	%ymm2, %ymm10, %ymm10
+        vpand	%ymm3, %ymm11, %ymm11
+        vmovdqu	%ymm4, 128(%rsi)
+        vmovdqu	%ymm5, 160(%rsi)
+        vmovdqu	%ymm6, 192(%rsi)
+        vmovdqu	%ymm7, 224(%rsi)
+        vmovdqu	%ymm8, 128(%rdx)
+        vmovdqu	%ymm9, 160(%rdx)
+        vmovdqu	%ymm10, 192(%rdx)
+        vmovdqu	%ymm11, 224(%rdx)
+        vmovdqu	256(%rdi), %ymm0
+        vmovdqu	288(%rdi), %ymm1
+        vmovdqu	320(%rdi), %ymm2
+        vmovdqu	352(%rdi), %ymm3
+        vpmulld	%ymm15, %ymm0, %ymm8
+        vpmulld	%ymm15, %ymm1, %ymm9
+        vpmulld	%ymm15, %ymm2, %ymm10
+        vpmulld	%ymm15, %ymm3, %ymm11
+        vpaddd	%ymm14, %ymm8, %ymm8
+        vpaddd	%ymm14, %ymm9, %ymm9
+        vpaddd	%ymm14, %ymm10, %ymm10
+        vpaddd	%ymm14, %ymm11, %ymm11
+        vpsrld	$23, %ymm8, %ymm8
+        vpsrld	$23, %ymm9, %ymm9
+        vpsrld	$23, %ymm10, %ymm10
+        vpsrld	$23, %ymm11, %ymm11
+        vpmulld	%ymm13, %ymm8, %ymm4
+        vpmulld	%ymm13, %ymm9, %ymm5
+        vpmulld	%ymm13, %ymm10, %ymm6
+        vpmulld	%ymm13, %ymm11, %ymm7
+        vpsubd	%ymm4, %ymm0, %ymm4
+        vpsubd	%ymm5, %ymm1, %ymm5
+        vpsubd	%ymm6, %ymm2, %ymm6
+        vpsubd	%ymm7, %ymm3, %ymm7
+        vpsubd	%ymm4, %ymm12, %ymm4
+        vpsubd	%ymm5, %ymm12, %ymm5
+        vpsubd	%ymm6, %ymm12, %ymm6
+        vpsubd	%ymm7, %ymm12, %ymm7
+        vpsrld	$31, %ymm4, %ymm4
+        vpsrld	$31, %ymm5, %ymm5
+        vpsrld	$31, %ymm6, %ymm6
+        vpsrld	$31, %ymm7, %ymm7
+        vpaddd	%ymm4, %ymm8, %ymm8
+        vpaddd	%ymm5, %ymm9, %ymm9
+        vpaddd	%ymm6, %ymm10, %ymm10
+        vpaddd	%ymm7, %ymm11, %ymm11
+        vpmulld	%ymm13, %ymm8, %ymm4
+        vpmulld	%ymm13, %ymm9, %ymm5
+        vpmulld	%ymm13, %ymm10, %ymm6
+        vpmulld	%ymm13, %ymm11, %ymm7
+        vpsubd	%ymm4, %ymm0, %ymm4
+        vpsubd	%ymm5, %ymm1, %ymm5
+        vpsubd	%ymm6, %ymm2, %ymm6
+        vpsubd	%ymm7, %ymm3, %ymm7
+        vpcmpeqd	%ymm15, %ymm8, %ymm0
+        vpcmpeqd	%ymm15, %ymm9, %ymm1
+        vpcmpeqd	%ymm15, %ymm10, %ymm2
+        vpcmpeqd	%ymm15, %ymm11, %ymm3
+        vpaddd	%ymm0, %ymm4, %ymm4
+        vpaddd	%ymm1, %ymm5, %ymm5
+        vpaddd	%ymm2, %ymm6, %ymm6
+        vpaddd	%ymm3, %ymm7, %ymm7
+        vpcmpgtd	%ymm8, %ymm15, %ymm0
+        vpcmpgtd	%ymm9, %ymm15, %ymm1
+        vpcmpgtd	%ymm10, %ymm15, %ymm2
+        vpcmpgtd	%ymm11, %ymm15, %ymm3
+        vpand	%ymm0, %ymm8, %ymm8
+        vpand	%ymm1, %ymm9, %ymm9
+        vpand	%ymm2, %ymm10, %ymm10
+        vpand	%ymm3, %ymm11, %ymm11
+        vmovdqu	%ymm4, 256(%rsi)
+        vmovdqu	%ymm5, 288(%rsi)
+        vmovdqu	%ymm6, 320(%rsi)
+        vmovdqu	%ymm7, 352(%rsi)
+        vmovdqu	%ymm8, 256(%rdx)
+        vmovdqu	%ymm9, 288(%rdx)
+        vmovdqu	%ymm10, 320(%rdx)
+        vmovdqu	%ymm11, 352(%rdx)
+        vmovdqu	384(%rdi), %ymm0
+        vmovdqu	416(%rdi), %ymm1
+        vmovdqu	448(%rdi), %ymm2
+        vmovdqu	480(%rdi), %ymm3
+        vpmulld	%ymm15, %ymm0, %ymm8
+        vpmulld	%ymm15, %ymm1, %ymm9
+        vpmulld	%ymm15, %ymm2, %ymm10
+        vpmulld	%ymm15, %ymm3, %ymm11
+        vpaddd	%ymm14, %ymm8, %ymm8
+        vpaddd	%ymm14, %ymm9, %ymm9
+        vpaddd	%ymm14, %ymm10, %ymm10
+        vpaddd	%ymm14, %ymm11, %ymm11
+        vpsrld	$23, %ymm8, %ymm8
+        vpsrld	$23, %ymm9, %ymm9
+        vpsrld	$23, %ymm10, %ymm10
+        vpsrld	$23, %ymm11, %ymm11
+        vpmulld	%ymm13, %ymm8, %ymm4
+        vpmulld	%ymm13, %ymm9, %ymm5
+        vpmulld	%ymm13, %ymm10, %ymm6
+        vpmulld	%ymm13, %ymm11, %ymm7
+        vpsubd	%ymm4, %ymm0, %ymm4
+        vpsubd	%ymm5, %ymm1, %ymm5
+        vpsubd	%ymm6, %ymm2, %ymm6
+        vpsubd	%ymm7, %ymm3, %ymm7
+        vpsubd	%ymm4, %ymm12, %ymm4
+        vpsubd	%ymm5, %ymm12, %ymm5
+        vpsubd	%ymm6, %ymm12, %ymm6
+        vpsubd	%ymm7, %ymm12, %ymm7
+        vpsrld	$31, %ymm4, %ymm4
+        vpsrld	$31, %ymm5, %ymm5
+        vpsrld	$31, %ymm6, %ymm6
+        vpsrld	$31, %ymm7, %ymm7
+        vpaddd	%ymm4, %ymm8, %ymm8
+        vpaddd	%ymm5, %ymm9, %ymm9
+        vpaddd	%ymm6, %ymm10, %ymm10
+        vpaddd	%ymm7, %ymm11, %ymm11
+        vpmulld	%ymm13, %ymm8, %ymm4
+        vpmulld	%ymm13, %ymm9, %ymm5
+        vpmulld	%ymm13, %ymm10, %ymm6
+        vpmulld	%ymm13, %ymm11, %ymm7
+        vpsubd	%ymm4, %ymm0, %ymm4
+        vpsubd	%ymm5, %ymm1, %ymm5
+        vpsubd	%ymm6, %ymm2, %ymm6
+        vpsubd	%ymm7, %ymm3, %ymm7
+        vpcmpeqd	%ymm15, %ymm8, %ymm0
+        vpcmpeqd	%ymm15, %ymm9, %ymm1
+        vpcmpeqd	%ymm15, %ymm10, %ymm2
+        vpcmpeqd	%ymm15, %ymm11, %ymm3
+        vpaddd	%ymm0, %ymm4, %ymm4
+        vpaddd	%ymm1, %ymm5, %ymm5
+        vpaddd	%ymm2, %ymm6, %ymm6
+        vpaddd	%ymm3, %ymm7, %ymm7
+        vpcmpgtd	%ymm8, %ymm15, %ymm0
+        vpcmpgtd	%ymm9, %ymm15, %ymm1
+        vpcmpgtd	%ymm10, %ymm15, %ymm2
+        vpcmpgtd	%ymm11, %ymm15, %ymm3
+        vpand	%ymm0, %ymm8, %ymm8
+        vpand	%ymm1, %ymm9, %ymm9
+        vpand	%ymm2, %ymm10, %ymm10
+        vpand	%ymm3, %ymm11, %ymm11
+        vmovdqu	%ymm4, 384(%rsi)
+        vmovdqu	%ymm5, 416(%rsi)
+        vmovdqu	%ymm6, 448(%rsi)
+        vmovdqu	%ymm7, 480(%rsi)
+        vmovdqu	%ymm8, 384(%rdx)
+        vmovdqu	%ymm9, 416(%rdx)
+        vmovdqu	%ymm10, 448(%rdx)
+        vmovdqu	%ymm11, 480(%rdx)
+        vmovdqu	512(%rdi), %ymm0
+        vmovdqu	544(%rdi), %ymm1
+        vmovdqu	576(%rdi), %ymm2
+        vmovdqu	608(%rdi), %ymm3
+        vpmulld	%ymm15, %ymm0, %ymm8
+        vpmulld	%ymm15, %ymm1, %ymm9
+        vpmulld	%ymm15, %ymm2, %ymm10
+        vpmulld	%ymm15, %ymm3, %ymm11
+        vpaddd	%ymm14, %ymm8, %ymm8
+        vpaddd	%ymm14, %ymm9, %ymm9
+        vpaddd	%ymm14, %ymm10, %ymm10
+        vpaddd	%ymm14, %ymm11, %ymm11
+        vpsrld	$23, %ymm8, %ymm8
+        vpsrld	$23, %ymm9, %ymm9
+        vpsrld	$23, %ymm10, %ymm10
+        vpsrld	$23, %ymm11, %ymm11
+        vpmulld	%ymm13, %ymm8, %ymm4
+        vpmulld	%ymm13, %ymm9, %ymm5
+        vpmulld	%ymm13, %ymm10, %ymm6
+        vpmulld	%ymm13, %ymm11, %ymm7
+        vpsubd	%ymm4, %ymm0, %ymm4
+        vpsubd	%ymm5, %ymm1, %ymm5
+        vpsubd	%ymm6, %ymm2, %ymm6
+        vpsubd	%ymm7, %ymm3, %ymm7
+        vpsubd	%ymm4, %ymm12, %ymm4
+        vpsubd	%ymm5, %ymm12, %ymm5
+        vpsubd	%ymm6, %ymm12, %ymm6
+        vpsubd	%ymm7, %ymm12, %ymm7
+        vpsrld	$31, %ymm4, %ymm4
+        vpsrld	$31, %ymm5, %ymm5
+        vpsrld	$31, %ymm6, %ymm6
+        vpsrld	$31, %ymm7, %ymm7
+        vpaddd	%ymm4, %ymm8, %ymm8
+        vpaddd	%ymm5, %ymm9, %ymm9
+        vpaddd	%ymm6, %ymm10, %ymm10
+        vpaddd	%ymm7, %ymm11, %ymm11
+        vpmulld	%ymm13, %ymm8, %ymm4
+        vpmulld	%ymm13, %ymm9, %ymm5
+        vpmulld	%ymm13, %ymm10, %ymm6
+        vpmulld	%ymm13, %ymm11, %ymm7
+        vpsubd	%ymm4, %ymm0, %ymm4
+        vpsubd	%ymm5, %ymm1, %ymm5
+        vpsubd	%ymm6, %ymm2, %ymm6
+        vpsubd	%ymm7, %ymm3, %ymm7
+        vpcmpeqd	%ymm15, %ymm8, %ymm0
+        vpcmpeqd	%ymm15, %ymm9, %ymm1
+        vpcmpeqd	%ymm15, %ymm10, %ymm2
+        vpcmpeqd	%ymm15, %ymm11, %ymm3
+        vpaddd	%ymm0, %ymm4, %ymm4
+        vpaddd	%ymm1, %ymm5, %ymm5
+        vpaddd	%ymm2, %ymm6, %ymm6
+        vpaddd	%ymm3, %ymm7, %ymm7
+        vpcmpgtd	%ymm8, %ymm15, %ymm0
+        vpcmpgtd	%ymm9, %ymm15, %ymm1
+        vpcmpgtd	%ymm10, %ymm15, %ymm2
+        vpcmpgtd	%ymm11, %ymm15, %ymm3
+        vpand	%ymm0, %ymm8, %ymm8
+        vpand	%ymm1, %ymm9, %ymm9
+        vpand	%ymm2, %ymm10, %ymm10
+        vpand	%ymm3, %ymm11, %ymm11
+        vmovdqu	%ymm4, 512(%rsi)
+        vmovdqu	%ymm5, 544(%rsi)
+        vmovdqu	%ymm6, 576(%rsi)
+        vmovdqu	%ymm7, 608(%rsi)
+        vmovdqu	%ymm8, 512(%rdx)
+        vmovdqu	%ymm9, 544(%rdx)
+        vmovdqu	%ymm10, 576(%rdx)
+        vmovdqu	%ymm11, 608(%rdx)
+        vmovdqu	640(%rdi), %ymm0
+        vmovdqu	672(%rdi), %ymm1
+        vmovdqu	704(%rdi), %ymm2
+        vmovdqu	736(%rdi), %ymm3
+        vpmulld	%ymm15, %ymm0, %ymm8
+        vpmulld	%ymm15, %ymm1, %ymm9
+        vpmulld	%ymm15, %ymm2, %ymm10
+        vpmulld	%ymm15, %ymm3, %ymm11
+        vpaddd	%ymm14, %ymm8, %ymm8
+        vpaddd	%ymm14, %ymm9, %ymm9
+        vpaddd	%ymm14, %ymm10, %ymm10
+        vpaddd	%ymm14, %ymm11, %ymm11
+        vpsrld	$23, %ymm8, %ymm8
+        vpsrld	$23, %ymm9, %ymm9
+        vpsrld	$23, %ymm10, %ymm10
+        vpsrld	$23, %ymm11, %ymm11
+        vpmulld	%ymm13, %ymm8, %ymm4
+        vpmulld	%ymm13, %ymm9, %ymm5
+        vpmulld	%ymm13, %ymm10, %ymm6
+        vpmulld	%ymm13, %ymm11, %ymm7
+        vpsubd	%ymm4, %ymm0, %ymm4
+        vpsubd	%ymm5, %ymm1, %ymm5
+        vpsubd	%ymm6, %ymm2, %ymm6
+        vpsubd	%ymm7, %ymm3, %ymm7
+        vpsubd	%ymm4, %ymm12, %ymm4
+        vpsubd	%ymm5, %ymm12, %ymm5
+        vpsubd	%ymm6, %ymm12, %ymm6
+        vpsubd	%ymm7, %ymm12, %ymm7
+        vpsrld	$31, %ymm4, %ymm4
+        vpsrld	$31, %ymm5, %ymm5
+        vpsrld	$31, %ymm6, %ymm6
+        vpsrld	$31, %ymm7, %ymm7
+        vpaddd	%ymm4, %ymm8, %ymm8
+        vpaddd	%ymm5, %ymm9, %ymm9
+        vpaddd	%ymm6, %ymm10, %ymm10
+        vpaddd	%ymm7, %ymm11, %ymm11
+        vpmulld	%ymm13, %ymm8, %ymm4
+        vpmulld	%ymm13, %ymm9, %ymm5
+        vpmulld	%ymm13, %ymm10, %ymm6
+        vpmulld	%ymm13, %ymm11, %ymm7
+        vpsubd	%ymm4, %ymm0, %ymm4
+        vpsubd	%ymm5, %ymm1, %ymm5
+        vpsubd	%ymm6, %ymm2, %ymm6
+        vpsubd	%ymm7, %ymm3, %ymm7
+        vpcmpeqd	%ymm15, %ymm8, %ymm0
+        vpcmpeqd	%ymm15, %ymm9, %ymm1
+        vpcmpeqd	%ymm15, %ymm10, %ymm2
+        vpcmpeqd	%ymm15, %ymm11, %ymm3
+        vpaddd	%ymm0, %ymm4, %ymm4
+        vpaddd	%ymm1, %ymm5, %ymm5
+        vpaddd	%ymm2, %ymm6, %ymm6
+        vpaddd	%ymm3, %ymm7, %ymm7
+        vpcmpgtd	%ymm8, %ymm15, %ymm0
+        vpcmpgtd	%ymm9, %ymm15, %ymm1
+        vpcmpgtd	%ymm10, %ymm15, %ymm2
+        vpcmpgtd	%ymm11, %ymm15, %ymm3
+        vpand	%ymm0, %ymm8, %ymm8
+        vpand	%ymm1, %ymm9, %ymm9
+        vpand	%ymm2, %ymm10, %ymm10
+        vpand	%ymm3, %ymm11, %ymm11
+        vmovdqu	%ymm4, 640(%rsi)
+        vmovdqu	%ymm5, 672(%rsi)
+        vmovdqu	%ymm6, 704(%rsi)
+        vmovdqu	%ymm7, 736(%rsi)
+        vmovdqu	%ymm8, 640(%rdx)
+        vmovdqu	%ymm9, 672(%rdx)
+        vmovdqu	%ymm10, 704(%rdx)
+        vmovdqu	%ymm11, 736(%rdx)
+        vmovdqu	768(%rdi), %ymm0
+        vmovdqu	800(%rdi), %ymm1
+        vmovdqu	832(%rdi), %ymm2
+        vmovdqu	864(%rdi), %ymm3
+        vpmulld	%ymm15, %ymm0, %ymm8
+        vpmulld	%ymm15, %ymm1, %ymm9
+        vpmulld	%ymm15, %ymm2, %ymm10
+        vpmulld	%ymm15, %ymm3, %ymm11
+        vpaddd	%ymm14, %ymm8, %ymm8
+        vpaddd	%ymm14, %ymm9, %ymm9
+        vpaddd	%ymm14, %ymm10, %ymm10
+        vpaddd	%ymm14, %ymm11, %ymm11
+        vpsrld	$23, %ymm8, %ymm8
+        vpsrld	$23, %ymm9, %ymm9
+        vpsrld	$23, %ymm10, %ymm10
+        vpsrld	$23, %ymm11, %ymm11
+        vpmulld	%ymm13, %ymm8, %ymm4
+        vpmulld	%ymm13, %ymm9, %ymm5
+        vpmulld	%ymm13, %ymm10, %ymm6
+        vpmulld	%ymm13, %ymm11, %ymm7
+        vpsubd	%ymm4, %ymm0, %ymm4
+        vpsubd	%ymm5, %ymm1, %ymm5
+        vpsubd	%ymm6, %ymm2, %ymm6
+        vpsubd	%ymm7, %ymm3, %ymm7
+        vpsubd	%ymm4, %ymm12, %ymm4
+        vpsubd	%ymm5, %ymm12, %ymm5
+        vpsubd	%ymm6, %ymm12, %ymm6
+        vpsubd	%ymm7, %ymm12, %ymm7
+        vpsrld	$31, %ymm4, %ymm4
+        vpsrld	$31, %ymm5, %ymm5
+        vpsrld	$31, %ymm6, %ymm6
+        vpsrld	$31, %ymm7, %ymm7
+        vpaddd	%ymm4, %ymm8, %ymm8
+        vpaddd	%ymm5, %ymm9, %ymm9
+        vpaddd	%ymm6, %ymm10, %ymm10
+        vpaddd	%ymm7, %ymm11, %ymm11
+        vpmulld	%ymm13, %ymm8, %ymm4
+        vpmulld	%ymm13, %ymm9, %ymm5
+        vpmulld	%ymm13, %ymm10, %ymm6
+        vpmulld	%ymm13, %ymm11, %ymm7
+        vpsubd	%ymm4, %ymm0, %ymm4
+        vpsubd	%ymm5, %ymm1, %ymm5
+        vpsubd	%ymm6, %ymm2, %ymm6
+        vpsubd	%ymm7, %ymm3, %ymm7
+        vpcmpeqd	%ymm15, %ymm8, %ymm0
+        vpcmpeqd	%ymm15, %ymm9, %ymm1
+        vpcmpeqd	%ymm15, %ymm10, %ymm2
+        vpcmpeqd	%ymm15, %ymm11, %ymm3
+        vpaddd	%ymm0, %ymm4, %ymm4
+        vpaddd	%ymm1, %ymm5, %ymm5
+        vpaddd	%ymm2, %ymm6, %ymm6
+        vpaddd	%ymm3, %ymm7, %ymm7
+        vpcmpgtd	%ymm8, %ymm15, %ymm0
+        vpcmpgtd	%ymm9, %ymm15, %ymm1
+        vpcmpgtd	%ymm10, %ymm15, %ymm2
+        vpcmpgtd	%ymm11, %ymm15, %ymm3
+        vpand	%ymm0, %ymm8, %ymm8
+        vpand	%ymm1, %ymm9, %ymm9
+        vpand	%ymm2, %ymm10, %ymm10
+        vpand	%ymm3, %ymm11, %ymm11
+        vmovdqu	%ymm4, 768(%rsi)
+        vmovdqu	%ymm5, 800(%rsi)
+        vmovdqu	%ymm6, 832(%rsi)
+        vmovdqu	%ymm7, 864(%rsi)
+        vmovdqu	%ymm8, 768(%rdx)
+        vmovdqu	%ymm9, 800(%rdx)
+        vmovdqu	%ymm10, 832(%rdx)
+        vmovdqu	%ymm11, 864(%rdx)
+        vmovdqu	896(%rdi), %ymm0
+        vmovdqu	928(%rdi), %ymm1
+        vmovdqu	960(%rdi), %ymm2
+        vmovdqu	992(%rdi), %ymm3
+        vpmulld	%ymm15, %ymm0, %ymm8
+        vpmulld	%ymm15, %ymm1, %ymm9
+        vpmulld	%ymm15, %ymm2, %ymm10
+        vpmulld	%ymm15, %ymm3, %ymm11
+        vpaddd	%ymm14, %ymm8, %ymm8
+        vpaddd	%ymm14, %ymm9, %ymm9
+        vpaddd	%ymm14, %ymm10, %ymm10
+        vpaddd	%ymm14, %ymm11, %ymm11
+        vpsrld	$23, %ymm8, %ymm8
+        vpsrld	$23, %ymm9, %ymm9
+        vpsrld	$23, %ymm10, %ymm10
+        vpsrld	$23, %ymm11, %ymm11
+        vpmulld	%ymm13, %ymm8, %ymm4
+        vpmulld	%ymm13, %ymm9, %ymm5
+        vpmulld	%ymm13, %ymm10, %ymm6
+        vpmulld	%ymm13, %ymm11, %ymm7
+        vpsubd	%ymm4, %ymm0, %ymm4
+        vpsubd	%ymm5, %ymm1, %ymm5
+        vpsubd	%ymm6, %ymm2, %ymm6
+        vpsubd	%ymm7, %ymm3, %ymm7
+        vpsubd	%ymm4, %ymm12, %ymm4
+        vpsubd	%ymm5, %ymm12, %ymm5
+        vpsubd	%ymm6, %ymm12, %ymm6
+        vpsubd	%ymm7, %ymm12, %ymm7
+        vpsrld	$31, %ymm4, %ymm4
+        vpsrld	$31, %ymm5, %ymm5
+        vpsrld	$31, %ymm6, %ymm6
+        vpsrld	$31, %ymm7, %ymm7
+        vpaddd	%ymm4, %ymm8, %ymm8
+        vpaddd	%ymm5, %ymm9, %ymm9
+        vpaddd	%ymm6, %ymm10, %ymm10
+        vpaddd	%ymm7, %ymm11, %ymm11
+        vpmulld	%ymm13, %ymm8, %ymm4
+        vpmulld	%ymm13, %ymm9, %ymm5
+        vpmulld	%ymm13, %ymm10, %ymm6
+        vpmulld	%ymm13, %ymm11, %ymm7
+        vpsubd	%ymm4, %ymm0, %ymm4
+        vpsubd	%ymm5, %ymm1, %ymm5
+        vpsubd	%ymm6, %ymm2, %ymm6
+        vpsubd	%ymm7, %ymm3, %ymm7
+        vpcmpeqd	%ymm15, %ymm8, %ymm0
+        vpcmpeqd	%ymm15, %ymm9, %ymm1
+        vpcmpeqd	%ymm15, %ymm10, %ymm2
+        vpcmpeqd	%ymm15, %ymm11, %ymm3
+        vpaddd	%ymm0, %ymm4, %ymm4
+        vpaddd	%ymm1, %ymm5, %ymm5
+        vpaddd	%ymm2, %ymm6, %ymm6
+        vpaddd	%ymm3, %ymm7, %ymm7
+        vpcmpgtd	%ymm8, %ymm15, %ymm0
+        vpcmpgtd	%ymm9, %ymm15, %ymm1
+        vpcmpgtd	%ymm10, %ymm15, %ymm2
+        vpcmpgtd	%ymm11, %ymm15, %ymm3
+        vpand	%ymm0, %ymm8, %ymm8
+        vpand	%ymm1, %ymm9, %ymm9
+        vpand	%ymm2, %ymm10, %ymm10
+        vpand	%ymm3, %ymm11, %ymm11
+        vmovdqu	%ymm4, 896(%rsi)
+        vmovdqu	%ymm5, 928(%rsi)
+        vmovdqu	%ymm6, 960(%rsi)
+        vmovdqu	%ymm7, 992(%rsi)
+        vmovdqu	%ymm8, 896(%rdx)
+        vmovdqu	%ymm9, 928(%rdx)
+        vmovdqu	%ymm10, 960(%rdx)
+        vmovdqu	%ymm11, 992(%rdx)
+        # 2/4 vectors
+        vmovdqu	1024(%rdi), %ymm0
+        vmovdqu	1056(%rdi), %ymm1
+        vmovdqu	1088(%rdi), %ymm2
+        vmovdqu	1120(%rdi), %ymm3
+        vpmulld	%ymm15, %ymm0, %ymm8
+        vpmulld	%ymm15, %ymm1, %ymm9
+        vpmulld	%ymm15, %ymm2, %ymm10
+        vpmulld	%ymm15, %ymm3, %ymm11
+        vpaddd	%ymm14, %ymm8, %ymm8
+        vpaddd	%ymm14, %ymm9, %ymm9
+        vpaddd	%ymm14, %ymm10, %ymm10
+        vpaddd	%ymm14, %ymm11, %ymm11
+        vpsrld	$23, %ymm8, %ymm8
+        vpsrld	$23, %ymm9, %ymm9
+        vpsrld	$23, %ymm10, %ymm10
+        vpsrld	$23, %ymm11, %ymm11
+        vpmulld	%ymm13, %ymm8, %ymm4
+        vpmulld	%ymm13, %ymm9, %ymm5
+        vpmulld	%ymm13, %ymm10, %ymm6
+        vpmulld	%ymm13, %ymm11, %ymm7
+        vpsubd	%ymm4, %ymm0, %ymm4
+        vpsubd	%ymm5, %ymm1, %ymm5
+        vpsubd	%ymm6, %ymm2, %ymm6
+        vpsubd	%ymm7, %ymm3, %ymm7
+        vpsubd	%ymm4, %ymm12, %ymm4
+        vpsubd	%ymm5, %ymm12, %ymm5
+        vpsubd	%ymm6, %ymm12, %ymm6
+        vpsubd	%ymm7, %ymm12, %ymm7
+        vpsrld	$31, %ymm4, %ymm4
+        vpsrld	$31, %ymm5, %ymm5
+        vpsrld	$31, %ymm6, %ymm6
+        vpsrld	$31, %ymm7, %ymm7
+        vpaddd	%ymm4, %ymm8, %ymm8
+        vpaddd	%ymm5, %ymm9, %ymm9
+        vpaddd	%ymm6, %ymm10, %ymm10
+        vpaddd	%ymm7, %ymm11, %ymm11
+        vpmulld	%ymm13, %ymm8, %ymm4
+        vpmulld	%ymm13, %ymm9, %ymm5
+        vpmulld	%ymm13, %ymm10, %ymm6
+        vpmulld	%ymm13, %ymm11, %ymm7
+        vpsubd	%ymm4, %ymm0, %ymm4
+        vpsubd	%ymm5, %ymm1, %ymm5
+        vpsubd	%ymm6, %ymm2, %ymm6
+        vpsubd	%ymm7, %ymm3, %ymm7
+        vpcmpeqd	%ymm15, %ymm8, %ymm0
+        vpcmpeqd	%ymm15, %ymm9, %ymm1
+        vpcmpeqd	%ymm15, %ymm10, %ymm2
+        vpcmpeqd	%ymm15, %ymm11, %ymm3
+        vpaddd	%ymm0, %ymm4, %ymm4
+        vpaddd	%ymm1, %ymm5, %ymm5
+        vpaddd	%ymm2, %ymm6, %ymm6
+        vpaddd	%ymm3, %ymm7, %ymm7
+        vpcmpgtd	%ymm8, %ymm15, %ymm0
+        vpcmpgtd	%ymm9, %ymm15, %ymm1
+        vpcmpgtd	%ymm10, %ymm15, %ymm2
+        vpcmpgtd	%ymm11, %ymm15, %ymm3
+        vpand	%ymm0, %ymm8, %ymm8
+        vpand	%ymm1, %ymm9, %ymm9
+        vpand	%ymm2, %ymm10, %ymm10
+        vpand	%ymm3, %ymm11, %ymm11
+        vmovdqu	%ymm4, 1024(%rsi)
+        vmovdqu	%ymm5, 1056(%rsi)
+        vmovdqu	%ymm6, 1088(%rsi)
+        vmovdqu	%ymm7, 1120(%rsi)
+        vmovdqu	%ymm8, 1024(%rdx)
+        vmovdqu	%ymm9, 1056(%rdx)
+        vmovdqu	%ymm10, 1088(%rdx)
+        vmovdqu	%ymm11, 1120(%rdx)
+        vmovdqu	1152(%rdi), %ymm0
+        vmovdqu	1184(%rdi), %ymm1
+        vmovdqu	1216(%rdi), %ymm2
+        vmovdqu	1248(%rdi), %ymm3
+        vpmulld	%ymm15, %ymm0, %ymm8
+        vpmulld	%ymm15, %ymm1, %ymm9
+        vpmulld	%ymm15, %ymm2, %ymm10
+        vpmulld	%ymm15, %ymm3, %ymm11
+        vpaddd	%ymm14, %ymm8, %ymm8
+        vpaddd	%ymm14, %ymm9, %ymm9
+        vpaddd	%ymm14, %ymm10, %ymm10
+        vpaddd	%ymm14, %ymm11, %ymm11
+        vpsrld	$23, %ymm8, %ymm8
+        vpsrld	$23, %ymm9, %ymm9
+        vpsrld	$23, %ymm10, %ymm10
+        vpsrld	$23, %ymm11, %ymm11
+        vpmulld	%ymm13, %ymm8, %ymm4
+        vpmulld	%ymm13, %ymm9, %ymm5
+        vpmulld	%ymm13, %ymm10, %ymm6
+        vpmulld	%ymm13, %ymm11, %ymm7
+        vpsubd	%ymm4, %ymm0, %ymm4
+        vpsubd	%ymm5, %ymm1, %ymm5
+        vpsubd	%ymm6, %ymm2, %ymm6
+        vpsubd	%ymm7, %ymm3, %ymm7
+        vpsubd	%ymm4, %ymm12, %ymm4
+        vpsubd	%ymm5, %ymm12, %ymm5
+        vpsubd	%ymm6, %ymm12, %ymm6
+        vpsubd	%ymm7, %ymm12, %ymm7
+        vpsrld	$31, %ymm4, %ymm4
+        vpsrld	$31, %ymm5, %ymm5
+        vpsrld	$31, %ymm6, %ymm6
+        vpsrld	$31, %ymm7, %ymm7
+        vpaddd	%ymm4, %ymm8, %ymm8
+        vpaddd	%ymm5, %ymm9, %ymm9
+        vpaddd	%ymm6, %ymm10, %ymm10
+        vpaddd	%ymm7, %ymm11, %ymm11
+        vpmulld	%ymm13, %ymm8, %ymm4
+        vpmulld	%ymm13, %ymm9, %ymm5
+        vpmulld	%ymm13, %ymm10, %ymm6
+        vpmulld	%ymm13, %ymm11, %ymm7
+        vpsubd	%ymm4, %ymm0, %ymm4
+        vpsubd	%ymm5, %ymm1, %ymm5
+        vpsubd	%ymm6, %ymm2, %ymm6
+        vpsubd	%ymm7, %ymm3, %ymm7
+        vpcmpeqd	%ymm15, %ymm8, %ymm0
+        vpcmpeqd	%ymm15, %ymm9, %ymm1
+        vpcmpeqd	%ymm15, %ymm10, %ymm2
+        vpcmpeqd	%ymm15, %ymm11, %ymm3
+        vpaddd	%ymm0, %ymm4, %ymm4
+        vpaddd	%ymm1, %ymm5, %ymm5
+        vpaddd	%ymm2, %ymm6, %ymm6
+        vpaddd	%ymm3, %ymm7, %ymm7
+        vpcmpgtd	%ymm8, %ymm15, %ymm0
+        vpcmpgtd	%ymm9, %ymm15, %ymm1
+        vpcmpgtd	%ymm10, %ymm15, %ymm2
+        vpcmpgtd	%ymm11, %ymm15, %ymm3
+        vpand	%ymm0, %ymm8, %ymm8
+        vpand	%ymm1, %ymm9, %ymm9
+        vpand	%ymm2, %ymm10, %ymm10
+        vpand	%ymm3, %ymm11, %ymm11
+        vmovdqu	%ymm4, 1152(%rsi)
+        vmovdqu	%ymm5, 1184(%rsi)
+        vmovdqu	%ymm6, 1216(%rsi)
+        vmovdqu	%ymm7, 1248(%rsi)
+        vmovdqu	%ymm8, 1152(%rdx)
+        vmovdqu	%ymm9, 1184(%rdx)
+        vmovdqu	%ymm10, 1216(%rdx)
+        vmovdqu	%ymm11, 1248(%rdx)
+        vmovdqu	1280(%rdi), %ymm0
+        vmovdqu	1312(%rdi), %ymm1
+        vmovdqu	1344(%rdi), %ymm2
+        vmovdqu	1376(%rdi), %ymm3
+        vpmulld	%ymm15, %ymm0, %ymm8
+        vpmulld	%ymm15, %ymm1, %ymm9
+        vpmulld	%ymm15, %ymm2, %ymm10
+        vpmulld	%ymm15, %ymm3, %ymm11
+        vpaddd	%ymm14, %ymm8, %ymm8
+        vpaddd	%ymm14, %ymm9, %ymm9
+        vpaddd	%ymm14, %ymm10, %ymm10
+        vpaddd	%ymm14, %ymm11, %ymm11
+        vpsrld	$23, %ymm8, %ymm8
+        vpsrld	$23, %ymm9, %ymm9
+        vpsrld	$23, %ymm10, %ymm10
+        vpsrld	$23, %ymm11, %ymm11
+        vpmulld	%ymm13, %ymm8, %ymm4
+        vpmulld	%ymm13, %ymm9, %ymm5
+        vpmulld	%ymm13, %ymm10, %ymm6
+        vpmulld	%ymm13, %ymm11, %ymm7
+        vpsubd	%ymm4, %ymm0, %ymm4
+        vpsubd	%ymm5, %ymm1, %ymm5
+        vpsubd	%ymm6, %ymm2, %ymm6
+        vpsubd	%ymm7, %ymm3, %ymm7
+        vpsubd	%ymm4, %ymm12, %ymm4
+        vpsubd	%ymm5, %ymm12, %ymm5
+        vpsubd	%ymm6, %ymm12, %ymm6
+        vpsubd	%ymm7, %ymm12, %ymm7
+        vpsrld	$31, %ymm4, %ymm4
+        vpsrld	$31, %ymm5, %ymm5
+        vpsrld	$31, %ymm6, %ymm6
+        vpsrld	$31, %ymm7, %ymm7
+        vpaddd	%ymm4, %ymm8, %ymm8
+        vpaddd	%ymm5, %ymm9, %ymm9
+        vpaddd	%ymm6, %ymm10, %ymm10
+        vpaddd	%ymm7, %ymm11, %ymm11
+        vpmulld	%ymm13, %ymm8, %ymm4
+        vpmulld	%ymm13, %ymm9, %ymm5
+        vpmulld	%ymm13, %ymm10, %ymm6
+        vpmulld	%ymm13, %ymm11, %ymm7
+        vpsubd	%ymm4, %ymm0, %ymm4
+        vpsubd	%ymm5, %ymm1, %ymm5
+        vpsubd	%ymm6, %ymm2, %ymm6
+        vpsubd	%ymm7, %ymm3, %ymm7
+        vpcmpeqd	%ymm15, %ymm8, %ymm0
+        vpcmpeqd	%ymm15, %ymm9, %ymm1
+        vpcmpeqd	%ymm15, %ymm10, %ymm2
+        vpcmpeqd	%ymm15, %ymm11, %ymm3
+        vpaddd	%ymm0, %ymm4, %ymm4
+        vpaddd	%ymm1, %ymm5, %ymm5
+        vpaddd	%ymm2, %ymm6, %ymm6
+        vpaddd	%ymm3, %ymm7, %ymm7
+        vpcmpgtd	%ymm8, %ymm15, %ymm0
+        vpcmpgtd	%ymm9, %ymm15, %ymm1
+        vpcmpgtd	%ymm10, %ymm15, %ymm2
+        vpcmpgtd	%ymm11, %ymm15, %ymm3
+        vpand	%ymm0, %ymm8, %ymm8
+        vpand	%ymm1, %ymm9, %ymm9
+        vpand	%ymm2, %ymm10, %ymm10
+        vpand	%ymm3, %ymm11, %ymm11
+        vmovdqu	%ymm4, 1280(%rsi)
+        vmovdqu	%ymm5, 1312(%rsi)
+        vmovdqu	%ymm6, 1344(%rsi)
+        vmovdqu	%ymm7, 1376(%rsi)
+        vmovdqu	%ymm8, 1280(%rdx)
+        vmovdqu	%ymm9, 1312(%rdx)
+        vmovdqu	%ymm10, 1344(%rdx)
+        vmovdqu	%ymm11, 1376(%rdx)
+        vmovdqu	1408(%rdi), %ymm0
+        vmovdqu	1440(%rdi), %ymm1
+        vmovdqu	1472(%rdi), %ymm2
+        vmovdqu	1504(%rdi), %ymm3
+        vpmulld	%ymm15, %ymm0, %ymm8
+        vpmulld	%ymm15, %ymm1, %ymm9
+        vpmulld	%ymm15, %ymm2, %ymm10
+        vpmulld	%ymm15, %ymm3, %ymm11
+        vpaddd	%ymm14, %ymm8, %ymm8
+        vpaddd	%ymm14, %ymm9, %ymm9
+        vpaddd	%ymm14, %ymm10, %ymm10
+        vpaddd	%ymm14, %ymm11, %ymm11
+        vpsrld	$23, %ymm8, %ymm8
+        vpsrld	$23, %ymm9, %ymm9
+        vpsrld	$23, %ymm10, %ymm10
+        vpsrld	$23, %ymm11, %ymm11
+        vpmulld	%ymm13, %ymm8, %ymm4
+        vpmulld	%ymm13, %ymm9, %ymm5
+        vpmulld	%ymm13, %ymm10, %ymm6
+        vpmulld	%ymm13, %ymm11, %ymm7
+        vpsubd	%ymm4, %ymm0, %ymm4
+        vpsubd	%ymm5, %ymm1, %ymm5
+        vpsubd	%ymm6, %ymm2, %ymm6
+        vpsubd	%ymm7, %ymm3, %ymm7
+        vpsubd	%ymm4, %ymm12, %ymm4
+        vpsubd	%ymm5, %ymm12, %ymm5
+        vpsubd	%ymm6, %ymm12, %ymm6
+        vpsubd	%ymm7, %ymm12, %ymm7
+        vpsrld	$31, %ymm4, %ymm4
+        vpsrld	$31, %ymm5, %ymm5
+        vpsrld	$31, %ymm6, %ymm6
+        vpsrld	$31, %ymm7, %ymm7
+        vpaddd	%ymm4, %ymm8, %ymm8
+        vpaddd	%ymm5, %ymm9, %ymm9
+        vpaddd	%ymm6, %ymm10, %ymm10
+        vpaddd	%ymm7, %ymm11, %ymm11
+        vpmulld	%ymm13, %ymm8, %ymm4
+        vpmulld	%ymm13, %ymm9, %ymm5
+        vpmulld	%ymm13, %ymm10, %ymm6
+        vpmulld	%ymm13, %ymm11, %ymm7
+        vpsubd	%ymm4, %ymm0, %ymm4
+        vpsubd	%ymm5, %ymm1, %ymm5
+        vpsubd	%ymm6, %ymm2, %ymm6
+        vpsubd	%ymm7, %ymm3, %ymm7
+        vpcmpeqd	%ymm15, %ymm8, %ymm0
+        vpcmpeqd	%ymm15, %ymm9, %ymm1
+        vpcmpeqd	%ymm15, %ymm10, %ymm2
+        vpcmpeqd	%ymm15, %ymm11, %ymm3
+        vpaddd	%ymm0, %ymm4, %ymm4
+        vpaddd	%ymm1, %ymm5, %ymm5
+        vpaddd	%ymm2, %ymm6, %ymm6
+        vpaddd	%ymm3, %ymm7, %ymm7
+        vpcmpgtd	%ymm8, %ymm15, %ymm0
+        vpcmpgtd	%ymm9, %ymm15, %ymm1
+        vpcmpgtd	%ymm10, %ymm15, %ymm2
+        vpcmpgtd	%ymm11, %ymm15, %ymm3
+        vpand	%ymm0, %ymm8, %ymm8
+        vpand	%ymm1, %ymm9, %ymm9
+        vpand	%ymm2, %ymm10, %ymm10
+        vpand	%ymm3, %ymm11, %ymm11
+        vmovdqu	%ymm4, 1408(%rsi)
+        vmovdqu	%ymm5, 1440(%rsi)
+        vmovdqu	%ymm6, 1472(%rsi)
+        vmovdqu	%ymm7, 1504(%rsi)
+        vmovdqu	%ymm8, 1408(%rdx)
+        vmovdqu	%ymm9, 1440(%rdx)
+        vmovdqu	%ymm10, 1472(%rdx)
+        vmovdqu	%ymm11, 1504(%rdx)
+        vmovdqu	1536(%rdi), %ymm0
+        vmovdqu	1568(%rdi), %ymm1
+        vmovdqu	1600(%rdi), %ymm2
+        vmovdqu	1632(%rdi), %ymm3
+        vpmulld	%ymm15, %ymm0, %ymm8
+        vpmulld	%ymm15, %ymm1, %ymm9
+        vpmulld	%ymm15, %ymm2, %ymm10
+        vpmulld	%ymm15, %ymm3, %ymm11
+        vpaddd	%ymm14, %ymm8, %ymm8
+        vpaddd	%ymm14, %ymm9, %ymm9
+        vpaddd	%ymm14, %ymm10, %ymm10
+        vpaddd	%ymm14, %ymm11, %ymm11
+        vpsrld	$23, %ymm8, %ymm8
+        vpsrld	$23, %ymm9, %ymm9
+        vpsrld	$23, %ymm10, %ymm10
+        vpsrld	$23, %ymm11, %ymm11
+        vpmulld	%ymm13, %ymm8, %ymm4
+        vpmulld	%ymm13, %ymm9, %ymm5
+        vpmulld	%ymm13, %ymm10, %ymm6
+        vpmulld	%ymm13, %ymm11, %ymm7
+        vpsubd	%ymm4, %ymm0, %ymm4
+        vpsubd	%ymm5, %ymm1, %ymm5
+        vpsubd	%ymm6, %ymm2, %ymm6
+        vpsubd	%ymm7, %ymm3, %ymm7
+        vpsubd	%ymm4, %ymm12, %ymm4
+        vpsubd	%ymm5, %ymm12, %ymm5
+        vpsubd	%ymm6, %ymm12, %ymm6
+        vpsubd	%ymm7, %ymm12, %ymm7
+        vpsrld	$31, %ymm4, %ymm4
+        vpsrld	$31, %ymm5, %ymm5
+        vpsrld	$31, %ymm6, %ymm6
+        vpsrld	$31, %ymm7, %ymm7
+        vpaddd	%ymm4, %ymm8, %ymm8
+        vpaddd	%ymm5, %ymm9, %ymm9
+        vpaddd	%ymm6, %ymm10, %ymm10
+        vpaddd	%ymm7, %ymm11, %ymm11
+        vpmulld	%ymm13, %ymm8, %ymm4
+        vpmulld	%ymm13, %ymm9, %ymm5
+        vpmulld	%ymm13, %ymm10, %ymm6
+        vpmulld	%ymm13, %ymm11, %ymm7
+        vpsubd	%ymm4, %ymm0, %ymm4
+        vpsubd	%ymm5, %ymm1, %ymm5
+        vpsubd	%ymm6, %ymm2, %ymm6
+        vpsubd	%ymm7, %ymm3, %ymm7
+        vpcmpeqd	%ymm15, %ymm8, %ymm0
+        vpcmpeqd	%ymm15, %ymm9, %ymm1
+        vpcmpeqd	%ymm15, %ymm10, %ymm2
+        vpcmpeqd	%ymm15, %ymm11, %ymm3
+        vpaddd	%ymm0, %ymm4, %ymm4
+        vpaddd	%ymm1, %ymm5, %ymm5
+        vpaddd	%ymm2, %ymm6, %ymm6
+        vpaddd	%ymm3, %ymm7, %ymm7
+        vpcmpgtd	%ymm8, %ymm15, %ymm0
+        vpcmpgtd	%ymm9, %ymm15, %ymm1
+        vpcmpgtd	%ymm10, %ymm15, %ymm2
+        vpcmpgtd	%ymm11, %ymm15, %ymm3
+        vpand	%ymm0, %ymm8, %ymm8
+        vpand	%ymm1, %ymm9, %ymm9
+        vpand	%ymm2, %ymm10, %ymm10
+        vpand	%ymm3, %ymm11, %ymm11
+        vmovdqu	%ymm4, 1536(%rsi)
+        vmovdqu	%ymm5, 1568(%rsi)
+        vmovdqu	%ymm6, 1600(%rsi)
+        vmovdqu	%ymm7, 1632(%rsi)
+        vmovdqu	%ymm8, 1536(%rdx)
+        vmovdqu	%ymm9, 1568(%rdx)
+        vmovdqu	%ymm10, 1600(%rdx)
+        vmovdqu	%ymm11, 1632(%rdx)
+        vmovdqu	1664(%rdi), %ymm0
+        vmovdqu	1696(%rdi), %ymm1
+        vmovdqu	1728(%rdi), %ymm2
+        vmovdqu	1760(%rdi), %ymm3
+        vpmulld	%ymm15, %ymm0, %ymm8
+        vpmulld	%ymm15, %ymm1, %ymm9
+        vpmulld	%ymm15, %ymm2, %ymm10
+        vpmulld	%ymm15, %ymm3, %ymm11
+        vpaddd	%ymm14, %ymm8, %ymm8
+        vpaddd	%ymm14, %ymm9, %ymm9
+        vpaddd	%ymm14, %ymm10, %ymm10
+        vpaddd	%ymm14, %ymm11, %ymm11
+        vpsrld	$23, %ymm8, %ymm8
+        vpsrld	$23, %ymm9, %ymm9
+        vpsrld	$23, %ymm10, %ymm10
+        vpsrld	$23, %ymm11, %ymm11
+        vpmulld	%ymm13, %ymm8, %ymm4
+        vpmulld	%ymm13, %ymm9, %ymm5
+        vpmulld	%ymm13, %ymm10, %ymm6
+        vpmulld	%ymm13, %ymm11, %ymm7
+        vpsubd	%ymm4, %ymm0, %ymm4
+        vpsubd	%ymm5, %ymm1, %ymm5
+        vpsubd	%ymm6, %ymm2, %ymm6
+        vpsubd	%ymm7, %ymm3, %ymm7
+        vpsubd	%ymm4, %ymm12, %ymm4
+        vpsubd	%ymm5, %ymm12, %ymm5
+        vpsubd	%ymm6, %ymm12, %ymm6
+        vpsubd	%ymm7, %ymm12, %ymm7
+        vpsrld	$31, %ymm4, %ymm4
+        vpsrld	$31, %ymm5, %ymm5
+        vpsrld	$31, %ymm6, %ymm6
+        vpsrld	$31, %ymm7, %ymm7
+        vpaddd	%ymm4, %ymm8, %ymm8
+        vpaddd	%ymm5, %ymm9, %ymm9
+        vpaddd	%ymm6, %ymm10, %ymm10
+        vpaddd	%ymm7, %ymm11, %ymm11
+        vpmulld	%ymm13, %ymm8, %ymm4
+        vpmulld	%ymm13, %ymm9, %ymm5
+        vpmulld	%ymm13, %ymm10, %ymm6
+        vpmulld	%ymm13, %ymm11, %ymm7
+        vpsubd	%ymm4, %ymm0, %ymm4
+        vpsubd	%ymm5, %ymm1, %ymm5
+        vpsubd	%ymm6, %ymm2, %ymm6
+        vpsubd	%ymm7, %ymm3, %ymm7
+        vpcmpeqd	%ymm15, %ymm8, %ymm0
+        vpcmpeqd	%ymm15, %ymm9, %ymm1
+        vpcmpeqd	%ymm15, %ymm10, %ymm2
+        vpcmpeqd	%ymm15, %ymm11, %ymm3
+        vpaddd	%ymm0, %ymm4, %ymm4
+        vpaddd	%ymm1, %ymm5, %ymm5
+        vpaddd	%ymm2, %ymm6, %ymm6
+        vpaddd	%ymm3, %ymm7, %ymm7
+        vpcmpgtd	%ymm8, %ymm15, %ymm0
+        vpcmpgtd	%ymm9, %ymm15, %ymm1
+        vpcmpgtd	%ymm10, %ymm15, %ymm2
+        vpcmpgtd	%ymm11, %ymm15, %ymm3
+        vpand	%ymm0, %ymm8, %ymm8
+        vpand	%ymm1, %ymm9, %ymm9
+        vpand	%ymm2, %ymm10, %ymm10
+        vpand	%ymm3, %ymm11, %ymm11
+        vmovdqu	%ymm4, 1664(%rsi)
+        vmovdqu	%ymm5, 1696(%rsi)
+        vmovdqu	%ymm6, 1728(%rsi)
+        vmovdqu	%ymm7, 1760(%rsi)
+        vmovdqu	%ymm8, 1664(%rdx)
+        vmovdqu	%ymm9, 1696(%rdx)
+        vmovdqu	%ymm10, 1728(%rdx)
+        vmovdqu	%ymm11, 1760(%rdx)
+        vmovdqu	1792(%rdi), %ymm0
+        vmovdqu	1824(%rdi), %ymm1
+        vmovdqu	1856(%rdi), %ymm2
+        vmovdqu	1888(%rdi), %ymm3
+        vpmulld	%ymm15, %ymm0, %ymm8
+        vpmulld	%ymm15, %ymm1, %ymm9
+        vpmulld	%ymm15, %ymm2, %ymm10
+        vpmulld	%ymm15, %ymm3, %ymm11
+        vpaddd	%ymm14, %ymm8, %ymm8
+        vpaddd	%ymm14, %ymm9, %ymm9
+        vpaddd	%ymm14, %ymm10, %ymm10
+        vpaddd	%ymm14, %ymm11, %ymm11
+        vpsrld	$23, %ymm8, %ymm8
+        vpsrld	$23, %ymm9, %ymm9
+        vpsrld	$23, %ymm10, %ymm10
+        vpsrld	$23, %ymm11, %ymm11
+        vpmulld	%ymm13, %ymm8, %ymm4
+        vpmulld	%ymm13, %ymm9, %ymm5
+        vpmulld	%ymm13, %ymm10, %ymm6
+        vpmulld	%ymm13, %ymm11, %ymm7
+        vpsubd	%ymm4, %ymm0, %ymm4
+        vpsubd	%ymm5, %ymm1, %ymm5
+        vpsubd	%ymm6, %ymm2, %ymm6
+        vpsubd	%ymm7, %ymm3, %ymm7
+        vpsubd	%ymm4, %ymm12, %ymm4
+        vpsubd	%ymm5, %ymm12, %ymm5
+        vpsubd	%ymm6, %ymm12, %ymm6
+        vpsubd	%ymm7, %ymm12, %ymm7
+        vpsrld	$31, %ymm4, %ymm4
+        vpsrld	$31, %ymm5, %ymm5
+        vpsrld	$31, %ymm6, %ymm6
+        vpsrld	$31, %ymm7, %ymm7
+        vpaddd	%ymm4, %ymm8, %ymm8
+        vpaddd	%ymm5, %ymm9, %ymm9
+        vpaddd	%ymm6, %ymm10, %ymm10
+        vpaddd	%ymm7, %ymm11, %ymm11
+        vpmulld	%ymm13, %ymm8, %ymm4
+        vpmulld	%ymm13, %ymm9, %ymm5
+        vpmulld	%ymm13, %ymm10, %ymm6
+        vpmulld	%ymm13, %ymm11, %ymm7
+        vpsubd	%ymm4, %ymm0, %ymm4
+        vpsubd	%ymm5, %ymm1, %ymm5
+        vpsubd	%ymm6, %ymm2, %ymm6
+        vpsubd	%ymm7, %ymm3, %ymm7
+        vpcmpeqd	%ymm15, %ymm8, %ymm0
+        vpcmpeqd	%ymm15, %ymm9, %ymm1
+        vpcmpeqd	%ymm15, %ymm10, %ymm2
+        vpcmpeqd	%ymm15, %ymm11, %ymm3
+        vpaddd	%ymm0, %ymm4, %ymm4
+        vpaddd	%ymm1, %ymm5, %ymm5
+        vpaddd	%ymm2, %ymm6, %ymm6
+        vpaddd	%ymm3, %ymm7, %ymm7
+        vpcmpgtd	%ymm8, %ymm15, %ymm0
+        vpcmpgtd	%ymm9, %ymm15, %ymm1
+        vpcmpgtd	%ymm10, %ymm15, %ymm2
+        vpcmpgtd	%ymm11, %ymm15, %ymm3
+        vpand	%ymm0, %ymm8, %ymm8
+        vpand	%ymm1, %ymm9, %ymm9
+        vpand	%ymm2, %ymm10, %ymm10
+        vpand	%ymm3, %ymm11, %ymm11
+        vmovdqu	%ymm4, 1792(%rsi)
+        vmovdqu	%ymm5, 1824(%rsi)
+        vmovdqu	%ymm6, 1856(%rsi)
+        vmovdqu	%ymm7, 1888(%rsi)
+        vmovdqu	%ymm8, 1792(%rdx)
+        vmovdqu	%ymm9, 1824(%rdx)
+        vmovdqu	%ymm10, 1856(%rdx)
+        vmovdqu	%ymm11, 1888(%rdx)
+        vmovdqu	1920(%rdi), %ymm0
+        vmovdqu	1952(%rdi), %ymm1
+        vmovdqu	1984(%rdi), %ymm2
+        vmovdqu	2016(%rdi), %ymm3
+        vpmulld	%ymm15, %ymm0, %ymm8
+        vpmulld	%ymm15, %ymm1, %ymm9
+        vpmulld	%ymm15, %ymm2, %ymm10
+        vpmulld	%ymm15, %ymm3, %ymm11
+        vpaddd	%ymm14, %ymm8, %ymm8
+        vpaddd	%ymm14, %ymm9, %ymm9
+        vpaddd	%ymm14, %ymm10, %ymm10
+        vpaddd	%ymm14, %ymm11, %ymm11
+        vpsrld	$23, %ymm8, %ymm8
+        vpsrld	$23, %ymm9, %ymm9
+        vpsrld	$23, %ymm10, %ymm10
+        vpsrld	$23, %ymm11, %ymm11
+        vpmulld	%ymm13, %ymm8, %ymm4
+        vpmulld	%ymm13, %ymm9, %ymm5
+        vpmulld	%ymm13, %ymm10, %ymm6
+        vpmulld	%ymm13, %ymm11, %ymm7
+        vpsubd	%ymm4, %ymm0, %ymm4
+        vpsubd	%ymm5, %ymm1, %ymm5
+        vpsubd	%ymm6, %ymm2, %ymm6
+        vpsubd	%ymm7, %ymm3, %ymm7
+        vpsubd	%ymm4, %ymm12, %ymm4
+        vpsubd	%ymm5, %ymm12, %ymm5
+        vpsubd	%ymm6, %ymm12, %ymm6
+        vpsubd	%ymm7, %ymm12, %ymm7
+        vpsrld	$31, %ymm4, %ymm4
+        vpsrld	$31, %ymm5, %ymm5
+        vpsrld	$31, %ymm6, %ymm6
+        vpsrld	$31, %ymm7, %ymm7
+        vpaddd	%ymm4, %ymm8, %ymm8
+        vpaddd	%ymm5, %ymm9, %ymm9
+        vpaddd	%ymm6, %ymm10, %ymm10
+        vpaddd	%ymm7, %ymm11, %ymm11
+        vpmulld	%ymm13, %ymm8, %ymm4
+        vpmulld	%ymm13, %ymm9, %ymm5
+        vpmulld	%ymm13, %ymm10, %ymm6
+        vpmulld	%ymm13, %ymm11, %ymm7
+        vpsubd	%ymm4, %ymm0, %ymm4
+        vpsubd	%ymm5, %ymm1, %ymm5
+        vpsubd	%ymm6, %ymm2, %ymm6
+        vpsubd	%ymm7, %ymm3, %ymm7
+        vpcmpeqd	%ymm15, %ymm8, %ymm0
+        vpcmpeqd	%ymm15, %ymm9, %ymm1
+        vpcmpeqd	%ymm15, %ymm10, %ymm2
+        vpcmpeqd	%ymm15, %ymm11, %ymm3
+        vpaddd	%ymm0, %ymm4, %ymm4
+        vpaddd	%ymm1, %ymm5, %ymm5
+        vpaddd	%ymm2, %ymm6, %ymm6
+        vpaddd	%ymm3, %ymm7, %ymm7
+        vpcmpgtd	%ymm8, %ymm15, %ymm0
+        vpcmpgtd	%ymm9, %ymm15, %ymm1
+        vpcmpgtd	%ymm10, %ymm15, %ymm2
+        vpcmpgtd	%ymm11, %ymm15, %ymm3
+        vpand	%ymm0, %ymm8, %ymm8
+        vpand	%ymm1, %ymm9, %ymm9
+        vpand	%ymm2, %ymm10, %ymm10
+        vpand	%ymm3, %ymm11, %ymm11
+        vmovdqu	%ymm4, 1920(%rsi)
+        vmovdqu	%ymm5, 1952(%rsi)
+        vmovdqu	%ymm6, 1984(%rsi)
+        vmovdqu	%ymm7, 2016(%rsi)
+        vmovdqu	%ymm8, 1920(%rdx)
+        vmovdqu	%ymm9, 1952(%rdx)
+        vmovdqu	%ymm10, 1984(%rdx)
+        vmovdqu	%ymm11, 2016(%rdx)
+        # 3/4 vectors
+        vmovdqu	2048(%rdi), %ymm0
+        vmovdqu	2080(%rdi), %ymm1
+        vmovdqu	2112(%rdi), %ymm2
+        vmovdqu	2144(%rdi), %ymm3
+        vpmulld	%ymm15, %ymm0, %ymm8
+        vpmulld	%ymm15, %ymm1, %ymm9
+        vpmulld	%ymm15, %ymm2, %ymm10
+        vpmulld	%ymm15, %ymm3, %ymm11
+        vpaddd	%ymm14, %ymm8, %ymm8
+        vpaddd	%ymm14, %ymm9, %ymm9
+        vpaddd	%ymm14, %ymm10, %ymm10
+        vpaddd	%ymm14, %ymm11, %ymm11
+        vpsrld	$23, %ymm8, %ymm8
+        vpsrld	$23, %ymm9, %ymm9
+        vpsrld	$23, %ymm10, %ymm10
+        vpsrld	$23, %ymm11, %ymm11
+        vpmulld	%ymm13, %ymm8, %ymm4
+        vpmulld	%ymm13, %ymm9, %ymm5
+        vpmulld	%ymm13, %ymm10, %ymm6
+        vpmulld	%ymm13, %ymm11, %ymm7
+        vpsubd	%ymm4, %ymm0, %ymm4
+        vpsubd	%ymm5, %ymm1, %ymm5
+        vpsubd	%ymm6, %ymm2, %ymm6
+        vpsubd	%ymm7, %ymm3, %ymm7
+        vpsubd	%ymm4, %ymm12, %ymm4
+        vpsubd	%ymm5, %ymm12, %ymm5
+        vpsubd	%ymm6, %ymm12, %ymm6
+        vpsubd	%ymm7, %ymm12, %ymm7
+        vpsrld	$31, %ymm4, %ymm4
+        vpsrld	$31, %ymm5, %ymm5
+        vpsrld	$31, %ymm6, %ymm6
+        vpsrld	$31, %ymm7, %ymm7
+        vpaddd	%ymm4, %ymm8, %ymm8
+        vpaddd	%ymm5, %ymm9, %ymm9
+        vpaddd	%ymm6, %ymm10, %ymm10
+        vpaddd	%ymm7, %ymm11, %ymm11
+        vpmulld	%ymm13, %ymm8, %ymm4
+        vpmulld	%ymm13, %ymm9, %ymm5
+        vpmulld	%ymm13, %ymm10, %ymm6
+        vpmulld	%ymm13, %ymm11, %ymm7
+        vpsubd	%ymm4, %ymm0, %ymm4
+        vpsubd	%ymm5, %ymm1, %ymm5
+        vpsubd	%ymm6, %ymm2, %ymm6
+        vpsubd	%ymm7, %ymm3, %ymm7
+        vpcmpeqd	%ymm15, %ymm8, %ymm0
+        vpcmpeqd	%ymm15, %ymm9, %ymm1
+        vpcmpeqd	%ymm15, %ymm10, %ymm2
+        vpcmpeqd	%ymm15, %ymm11, %ymm3
+        vpaddd	%ymm0, %ymm4, %ymm4
+        vpaddd	%ymm1, %ymm5, %ymm5
+        vpaddd	%ymm2, %ymm6, %ymm6
+        vpaddd	%ymm3, %ymm7, %ymm7
+        vpcmpgtd	%ymm8, %ymm15, %ymm0
+        vpcmpgtd	%ymm9, %ymm15, %ymm1
+        vpcmpgtd	%ymm10, %ymm15, %ymm2
+        vpcmpgtd	%ymm11, %ymm15, %ymm3
+        vpand	%ymm0, %ymm8, %ymm8
+        vpand	%ymm1, %ymm9, %ymm9
+        vpand	%ymm2, %ymm10, %ymm10
+        vpand	%ymm3, %ymm11, %ymm11
+        vmovdqu	%ymm4, 2048(%rsi)
+        vmovdqu	%ymm5, 2080(%rsi)
+        vmovdqu	%ymm6, 2112(%rsi)
+        vmovdqu	%ymm7, 2144(%rsi)
+        vmovdqu	%ymm8, 2048(%rdx)
+        vmovdqu	%ymm9, 2080(%rdx)
+        vmovdqu	%ymm10, 2112(%rdx)
+        vmovdqu	%ymm11, 2144(%rdx)
+        vmovdqu	2176(%rdi), %ymm0
+        vmovdqu	2208(%rdi), %ymm1
+        vmovdqu	2240(%rdi), %ymm2
+        vmovdqu	2272(%rdi), %ymm3
+        vpmulld	%ymm15, %ymm0, %ymm8
+        vpmulld	%ymm15, %ymm1, %ymm9
+        vpmulld	%ymm15, %ymm2, %ymm10
+        vpmulld	%ymm15, %ymm3, %ymm11
+        vpaddd	%ymm14, %ymm8, %ymm8
+        vpaddd	%ymm14, %ymm9, %ymm9
+        vpaddd	%ymm14, %ymm10, %ymm10
+        vpaddd	%ymm14, %ymm11, %ymm11
+        vpsrld	$23, %ymm8, %ymm8
+        vpsrld	$23, %ymm9, %ymm9
+        vpsrld	$23, %ymm10, %ymm10
+        vpsrld	$23, %ymm11, %ymm11
+        vpmulld	%ymm13, %ymm8, %ymm4
+        vpmulld	%ymm13, %ymm9, %ymm5
+        vpmulld	%ymm13, %ymm10, %ymm6
+        vpmulld	%ymm13, %ymm11, %ymm7
+        vpsubd	%ymm4, %ymm0, %ymm4
+        vpsubd	%ymm5, %ymm1, %ymm5
+        vpsubd	%ymm6, %ymm2, %ymm6
+        vpsubd	%ymm7, %ymm3, %ymm7
+        vpsubd	%ymm4, %ymm12, %ymm4
+        vpsubd	%ymm5, %ymm12, %ymm5
+        vpsubd	%ymm6, %ymm12, %ymm6
+        vpsubd	%ymm7, %ymm12, %ymm7
+        vpsrld	$31, %ymm4, %ymm4
+        vpsrld	$31, %ymm5, %ymm5
+        vpsrld	$31, %ymm6, %ymm6
+        vpsrld	$31, %ymm7, %ymm7
+        vpaddd	%ymm4, %ymm8, %ymm8
+        vpaddd	%ymm5, %ymm9, %ymm9
+        vpaddd	%ymm6, %ymm10, %ymm10
+        vpaddd	%ymm7, %ymm11, %ymm11
+        vpmulld	%ymm13, %ymm8, %ymm4
+        vpmulld	%ymm13, %ymm9, %ymm5
+        vpmulld	%ymm13, %ymm10, %ymm6
+        vpmulld	%ymm13, %ymm11, %ymm7
+        vpsubd	%ymm4, %ymm0, %ymm4
+        vpsubd	%ymm5, %ymm1, %ymm5
+        vpsubd	%ymm6, %ymm2, %ymm6
+        vpsubd	%ymm7, %ymm3, %ymm7
+        vpcmpeqd	%ymm15, %ymm8, %ymm0
+        vpcmpeqd	%ymm15, %ymm9, %ymm1
+        vpcmpeqd	%ymm15, %ymm10, %ymm2
+        vpcmpeqd	%ymm15, %ymm11, %ymm3
+        vpaddd	%ymm0, %ymm4, %ymm4
+        vpaddd	%ymm1, %ymm5, %ymm5
+        vpaddd	%ymm2, %ymm6, %ymm6
+        vpaddd	%ymm3, %ymm7, %ymm7
+        vpcmpgtd	%ymm8, %ymm15, %ymm0
+        vpcmpgtd	%ymm9, %ymm15, %ymm1
+        vpcmpgtd	%ymm10, %ymm15, %ymm2
+        vpcmpgtd	%ymm11, %ymm15, %ymm3
+        vpand	%ymm0, %ymm8, %ymm8
+        vpand	%ymm1, %ymm9, %ymm9
+        vpand	%ymm2, %ymm10, %ymm10
+        vpand	%ymm3, %ymm11, %ymm11
+        vmovdqu	%ymm4, 2176(%rsi)
+        vmovdqu	%ymm5, 2208(%rsi)
+        vmovdqu	%ymm6, 2240(%rsi)
+        vmovdqu	%ymm7, 2272(%rsi)
+        vmovdqu	%ymm8, 2176(%rdx)
+        vmovdqu	%ymm9, 2208(%rdx)
+        vmovdqu	%ymm10, 2240(%rdx)
+        vmovdqu	%ymm11, 2272(%rdx)
+        vmovdqu	2304(%rdi), %ymm0
+        vmovdqu	2336(%rdi), %ymm1
+        vmovdqu	2368(%rdi), %ymm2
+        vmovdqu	2400(%rdi), %ymm3
+        vpmulld	%ymm15, %ymm0, %ymm8
+        vpmulld	%ymm15, %ymm1, %ymm9
+        vpmulld	%ymm15, %ymm2, %ymm10
+        vpmulld	%ymm15, %ymm3, %ymm11
+        vpaddd	%ymm14, %ymm8, %ymm8
+        vpaddd	%ymm14, %ymm9, %ymm9
+        vpaddd	%ymm14, %ymm10, %ymm10
+        vpaddd	%ymm14, %ymm11, %ymm11
+        vpsrld	$23, %ymm8, %ymm8
+        vpsrld	$23, %ymm9, %ymm9
+        vpsrld	$23, %ymm10, %ymm10
+        vpsrld	$23, %ymm11, %ymm11
+        vpmulld	%ymm13, %ymm8, %ymm4
+        vpmulld	%ymm13, %ymm9, %ymm5
+        vpmulld	%ymm13, %ymm10, %ymm6
+        vpmulld	%ymm13, %ymm11, %ymm7
+        vpsubd	%ymm4, %ymm0, %ymm4
+        vpsubd	%ymm5, %ymm1, %ymm5
+        vpsubd	%ymm6, %ymm2, %ymm6
+        vpsubd	%ymm7, %ymm3, %ymm7
+        vpsubd	%ymm4, %ymm12, %ymm4
+        vpsubd	%ymm5, %ymm12, %ymm5
+        vpsubd	%ymm6, %ymm12, %ymm6
+        vpsubd	%ymm7, %ymm12, %ymm7
+        vpsrld	$31, %ymm4, %ymm4
+        vpsrld	$31, %ymm5, %ymm5
+        vpsrld	$31, %ymm6, %ymm6
+        vpsrld	$31, %ymm7, %ymm7
+        vpaddd	%ymm4, %ymm8, %ymm8
+        vpaddd	%ymm5, %ymm9, %ymm9
+        vpaddd	%ymm6, %ymm10, %ymm10
+        vpaddd	%ymm7, %ymm11, %ymm11
+        vpmulld	%ymm13, %ymm8, %ymm4
+        vpmulld	%ymm13, %ymm9, %ymm5
+        vpmulld	%ymm13, %ymm10, %ymm6
+        vpmulld	%ymm13, %ymm11, %ymm7
+        vpsubd	%ymm4, %ymm0, %ymm4
+        vpsubd	%ymm5, %ymm1, %ymm5
+        vpsubd	%ymm6, %ymm2, %ymm6
+        vpsubd	%ymm7, %ymm3, %ymm7
+        vpcmpeqd	%ymm15, %ymm8, %ymm0
+        vpcmpeqd	%ymm15, %ymm9, %ymm1
+        vpcmpeqd	%ymm15, %ymm10, %ymm2
+        vpcmpeqd	%ymm15, %ymm11, %ymm3
+        vpaddd	%ymm0, %ymm4, %ymm4
+        vpaddd	%ymm1, %ymm5, %ymm5
+        vpaddd	%ymm2, %ymm6, %ymm6
+        vpaddd	%ymm3, %ymm7, %ymm7
+        vpcmpgtd	%ymm8, %ymm15, %ymm0
+        vpcmpgtd	%ymm9, %ymm15, %ymm1
+        vpcmpgtd	%ymm10, %ymm15, %ymm2
+        vpcmpgtd	%ymm11, %ymm15, %ymm3
+        vpand	%ymm0, %ymm8, %ymm8
+        vpand	%ymm1, %ymm9, %ymm9
+        vpand	%ymm2, %ymm10, %ymm10
+        vpand	%ymm3, %ymm11, %ymm11
+        vmovdqu	%ymm4, 2304(%rsi)
+        vmovdqu	%ymm5, 2336(%rsi)
+        vmovdqu	%ymm6, 2368(%rsi)
+        vmovdqu	%ymm7, 2400(%rsi)
+        vmovdqu	%ymm8, 2304(%rdx)
+        vmovdqu	%ymm9, 2336(%rdx)
+        vmovdqu	%ymm10, 2368(%rdx)
+        vmovdqu	%ymm11, 2400(%rdx)
+        vmovdqu	2432(%rdi), %ymm0
+        vmovdqu	2464(%rdi), %ymm1
+        vmovdqu	2496(%rdi), %ymm2
+        vmovdqu	2528(%rdi), %ymm3
+        vpmulld	%ymm15, %ymm0, %ymm8
+        vpmulld	%ymm15, %ymm1, %ymm9
+        vpmulld	%ymm15, %ymm2, %ymm10
+        vpmulld	%ymm15, %ymm3, %ymm11
+        vpaddd	%ymm14, %ymm8, %ymm8
+        vpaddd	%ymm14, %ymm9, %ymm9
+        vpaddd	%ymm14, %ymm10, %ymm10
+        vpaddd	%ymm14, %ymm11, %ymm11
+        vpsrld	$23, %ymm8, %ymm8
+        vpsrld	$23, %ymm9, %ymm9
+        vpsrld	$23, %ymm10, %ymm10
+        vpsrld	$23, %ymm11, %ymm11
+        vpmulld	%ymm13, %ymm8, %ymm4
+        vpmulld	%ymm13, %ymm9, %ymm5
+        vpmulld	%ymm13, %ymm10, %ymm6
+        vpmulld	%ymm13, %ymm11, %ymm7
+        vpsubd	%ymm4, %ymm0, %ymm4
+        vpsubd	%ymm5, %ymm1, %ymm5
+        vpsubd	%ymm6, %ymm2, %ymm6
+        vpsubd	%ymm7, %ymm3, %ymm7
+        vpsubd	%ymm4, %ymm12, %ymm4
+        vpsubd	%ymm5, %ymm12, %ymm5
+        vpsubd	%ymm6, %ymm12, %ymm6
+        vpsubd	%ymm7, %ymm12, %ymm7
+        vpsrld	$31, %ymm4, %ymm4
+        vpsrld	$31, %ymm5, %ymm5
+        vpsrld	$31, %ymm6, %ymm6
+        vpsrld	$31, %ymm7, %ymm7
+        vpaddd	%ymm4, %ymm8, %ymm8
+        vpaddd	%ymm5, %ymm9, %ymm9
+        vpaddd	%ymm6, %ymm10, %ymm10
+        vpaddd	%ymm7, %ymm11, %ymm11
+        vpmulld	%ymm13, %ymm8, %ymm4
+        vpmulld	%ymm13, %ymm9, %ymm5
+        vpmulld	%ymm13, %ymm10, %ymm6
+        vpmulld	%ymm13, %ymm11, %ymm7
+        vpsubd	%ymm4, %ymm0, %ymm4
+        vpsubd	%ymm5, %ymm1, %ymm5
+        vpsubd	%ymm6, %ymm2, %ymm6
+        vpsubd	%ymm7, %ymm3, %ymm7
+        vpcmpeqd	%ymm15, %ymm8, %ymm0
+        vpcmpeqd	%ymm15, %ymm9, %ymm1
+        vpcmpeqd	%ymm15, %ymm10, %ymm2
+        vpcmpeqd	%ymm15, %ymm11, %ymm3
+        vpaddd	%ymm0, %ymm4, %ymm4
+        vpaddd	%ymm1, %ymm5, %ymm5
+        vpaddd	%ymm2, %ymm6, %ymm6
+        vpaddd	%ymm3, %ymm7, %ymm7
+        vpcmpgtd	%ymm8, %ymm15, %ymm0
+        vpcmpgtd	%ymm9, %ymm15, %ymm1
+        vpcmpgtd	%ymm10, %ymm15, %ymm2
+        vpcmpgtd	%ymm11, %ymm15, %ymm3
+        vpand	%ymm0, %ymm8, %ymm8
+        vpand	%ymm1, %ymm9, %ymm9
+        vpand	%ymm2, %ymm10, %ymm10
+        vpand	%ymm3, %ymm11, %ymm11
+        vmovdqu	%ymm4, 2432(%rsi)
+        vmovdqu	%ymm5, 2464(%rsi)
+        vmovdqu	%ymm6, 2496(%rsi)
+        vmovdqu	%ymm7, 2528(%rsi)
+        vmovdqu	%ymm8, 2432(%rdx)
+        vmovdqu	%ymm9, 2464(%rdx)
+        vmovdqu	%ymm10, 2496(%rdx)
+        vmovdqu	%ymm11, 2528(%rdx)
+        vmovdqu	2560(%rdi), %ymm0
+        vmovdqu	2592(%rdi), %ymm1
+        vmovdqu	2624(%rdi), %ymm2
+        vmovdqu	2656(%rdi), %ymm3
+        vpmulld	%ymm15, %ymm0, %ymm8
+        vpmulld	%ymm15, %ymm1, %ymm9
+        vpmulld	%ymm15, %ymm2, %ymm10
+        vpmulld	%ymm15, %ymm3, %ymm11
+        vpaddd	%ymm14, %ymm8, %ymm8
+        vpaddd	%ymm14, %ymm9, %ymm9
+        vpaddd	%ymm14, %ymm10, %ymm10
+        vpaddd	%ymm14, %ymm11, %ymm11
+        vpsrld	$23, %ymm8, %ymm8
+        vpsrld	$23, %ymm9, %ymm9
+        vpsrld	$23, %ymm10, %ymm10
+        vpsrld	$23, %ymm11, %ymm11
+        vpmulld	%ymm13, %ymm8, %ymm4
+        vpmulld	%ymm13, %ymm9, %ymm5
+        vpmulld	%ymm13, %ymm10, %ymm6
+        vpmulld	%ymm13, %ymm11, %ymm7
+        vpsubd	%ymm4, %ymm0, %ymm4
+        vpsubd	%ymm5, %ymm1, %ymm5
+        vpsubd	%ymm6, %ymm2, %ymm6
+        vpsubd	%ymm7, %ymm3, %ymm7
+        vpsubd	%ymm4, %ymm12, %ymm4
+        vpsubd	%ymm5, %ymm12, %ymm5
+        vpsubd	%ymm6, %ymm12, %ymm6
+        vpsubd	%ymm7, %ymm12, %ymm7
+        vpsrld	$31, %ymm4, %ymm4
+        vpsrld	$31, %ymm5, %ymm5
+        vpsrld	$31, %ymm6, %ymm6
+        vpsrld	$31, %ymm7, %ymm7
+        vpaddd	%ymm4, %ymm8, %ymm8
+        vpaddd	%ymm5, %ymm9, %ymm9
+        vpaddd	%ymm6, %ymm10, %ymm10
+        vpaddd	%ymm7, %ymm11, %ymm11
+        vpmulld	%ymm13, %ymm8, %ymm4
+        vpmulld	%ymm13, %ymm9, %ymm5
+        vpmulld	%ymm13, %ymm10, %ymm6
+        vpmulld	%ymm13, %ymm11, %ymm7
+        vpsubd	%ymm4, %ymm0, %ymm4
+        vpsubd	%ymm5, %ymm1, %ymm5
+        vpsubd	%ymm6, %ymm2, %ymm6
+        vpsubd	%ymm7, %ymm3, %ymm7
+        vpcmpeqd	%ymm15, %ymm8, %ymm0
+        vpcmpeqd	%ymm15, %ymm9, %ymm1
+        vpcmpeqd	%ymm15, %ymm10, %ymm2
+        vpcmpeqd	%ymm15, %ymm11, %ymm3
+        vpaddd	%ymm0, %ymm4, %ymm4
+        vpaddd	%ymm1, %ymm5, %ymm5
+        vpaddd	%ymm2, %ymm6, %ymm6
+        vpaddd	%ymm3, %ymm7, %ymm7
+        vpcmpgtd	%ymm8, %ymm15, %ymm0
+        vpcmpgtd	%ymm9, %ymm15, %ymm1
+        vpcmpgtd	%ymm10, %ymm15, %ymm2
+        vpcmpgtd	%ymm11, %ymm15, %ymm3
+        vpand	%ymm0, %ymm8, %ymm8
+        vpand	%ymm1, %ymm9, %ymm9
+        vpand	%ymm2, %ymm10, %ymm10
+        vpand	%ymm3, %ymm11, %ymm11
+        vmovdqu	%ymm4, 2560(%rsi)
+        vmovdqu	%ymm5, 2592(%rsi)
+        vmovdqu	%ymm6, 2624(%rsi)
+        vmovdqu	%ymm7, 2656(%rsi)
+        vmovdqu	%ymm8, 2560(%rdx)
+        vmovdqu	%ymm9, 2592(%rdx)
+        vmovdqu	%ymm10, 2624(%rdx)
+        vmovdqu	%ymm11, 2656(%rdx)
+        vmovdqu	2688(%rdi), %ymm0
+        vmovdqu	2720(%rdi), %ymm1
+        vmovdqu	2752(%rdi), %ymm2
+        vmovdqu	2784(%rdi), %ymm3
+        vpmulld	%ymm15, %ymm0, %ymm8
+        vpmulld	%ymm15, %ymm1, %ymm9
+        vpmulld	%ymm15, %ymm2, %ymm10
+        vpmulld	%ymm15, %ymm3, %ymm11
+        vpaddd	%ymm14, %ymm8, %ymm8
+        vpaddd	%ymm14, %ymm9, %ymm9
+        vpaddd	%ymm14, %ymm10, %ymm10
+        vpaddd	%ymm14, %ymm11, %ymm11
+        vpsrld	$23, %ymm8, %ymm8
+        vpsrld	$23, %ymm9, %ymm9
+        vpsrld	$23, %ymm10, %ymm10
+        vpsrld	$23, %ymm11, %ymm11
+        vpmulld	%ymm13, %ymm8, %ymm4
+        vpmulld	%ymm13, %ymm9, %ymm5
+        vpmulld	%ymm13, %ymm10, %ymm6
+        vpmulld	%ymm13, %ymm11, %ymm7
+        vpsubd	%ymm4, %ymm0, %ymm4
+        vpsubd	%ymm5, %ymm1, %ymm5
+        vpsubd	%ymm6, %ymm2, %ymm6
+        vpsubd	%ymm7, %ymm3, %ymm7
+        vpsubd	%ymm4, %ymm12, %ymm4
+        vpsubd	%ymm5, %ymm12, %ymm5
+        vpsubd	%ymm6, %ymm12, %ymm6
+        vpsubd	%ymm7, %ymm12, %ymm7
+        vpsrld	$31, %ymm4, %ymm4
+        vpsrld	$31, %ymm5, %ymm5
+        vpsrld	$31, %ymm6, %ymm6
+        vpsrld	$31, %ymm7, %ymm7
+        vpaddd	%ymm4, %ymm8, %ymm8
+        vpaddd	%ymm5, %ymm9, %ymm9
+        vpaddd	%ymm6, %ymm10, %ymm10
+        vpaddd	%ymm7, %ymm11, %ymm11
+        vpmulld	%ymm13, %ymm8, %ymm4
+        vpmulld	%ymm13, %ymm9, %ymm5
+        vpmulld	%ymm13, %ymm10, %ymm6
+        vpmulld	%ymm13, %ymm11, %ymm7
+        vpsubd	%ymm4, %ymm0, %ymm4
+        vpsubd	%ymm5, %ymm1, %ymm5
+        vpsubd	%ymm6, %ymm2, %ymm6
+        vpsubd	%ymm7, %ymm3, %ymm7
+        vpcmpeqd	%ymm15, %ymm8, %ymm0
+        vpcmpeqd	%ymm15, %ymm9, %ymm1
+        vpcmpeqd	%ymm15, %ymm10, %ymm2
+        vpcmpeqd	%ymm15, %ymm11, %ymm3
+        vpaddd	%ymm0, %ymm4, %ymm4
+        vpaddd	%ymm1, %ymm5, %ymm5
+        vpaddd	%ymm2, %ymm6, %ymm6
+        vpaddd	%ymm3, %ymm7, %ymm7
+        vpcmpgtd	%ymm8, %ymm15, %ymm0
+        vpcmpgtd	%ymm9, %ymm15, %ymm1
+        vpcmpgtd	%ymm10, %ymm15, %ymm2
+        vpcmpgtd	%ymm11, %ymm15, %ymm3
+        vpand	%ymm0, %ymm8, %ymm8
+        vpand	%ymm1, %ymm9, %ymm9
+        vpand	%ymm2, %ymm10, %ymm10
+        vpand	%ymm3, %ymm11, %ymm11
+        vmovdqu	%ymm4, 2688(%rsi)
+        vmovdqu	%ymm5, 2720(%rsi)
+        vmovdqu	%ymm6, 2752(%rsi)
+        vmovdqu	%ymm7, 2784(%rsi)
+        vmovdqu	%ymm8, 2688(%rdx)
+        vmovdqu	%ymm9, 2720(%rdx)
+        vmovdqu	%ymm10, 2752(%rdx)
+        vmovdqu	%ymm11, 2784(%rdx)
+        vmovdqu	2816(%rdi), %ymm0
+        vmovdqu	2848(%rdi), %ymm1
+        vmovdqu	2880(%rdi), %ymm2
+        vmovdqu	2912(%rdi), %ymm3
+        vpmulld	%ymm15, %ymm0, %ymm8
+        vpmulld	%ymm15, %ymm1, %ymm9
+        vpmulld	%ymm15, %ymm2, %ymm10
+        vpmulld	%ymm15, %ymm3, %ymm11
+        vpaddd	%ymm14, %ymm8, %ymm8
+        vpaddd	%ymm14, %ymm9, %ymm9
+        vpaddd	%ymm14, %ymm10, %ymm10
+        vpaddd	%ymm14, %ymm11, %ymm11
+        vpsrld	$23, %ymm8, %ymm8
+        vpsrld	$23, %ymm9, %ymm9
+        vpsrld	$23, %ymm10, %ymm10
+        vpsrld	$23, %ymm11, %ymm11
+        vpmulld	%ymm13, %ymm8, %ymm4
+        vpmulld	%ymm13, %ymm9, %ymm5
+        vpmulld	%ymm13, %ymm10, %ymm6
+        vpmulld	%ymm13, %ymm11, %ymm7
+        vpsubd	%ymm4, %ymm0, %ymm4
+        vpsubd	%ymm5, %ymm1, %ymm5
+        vpsubd	%ymm6, %ymm2, %ymm6
+        vpsubd	%ymm7, %ymm3, %ymm7
+        vpsubd	%ymm4, %ymm12, %ymm4
+        vpsubd	%ymm5, %ymm12, %ymm5
+        vpsubd	%ymm6, %ymm12, %ymm6
+        vpsubd	%ymm7, %ymm12, %ymm7
+        vpsrld	$31, %ymm4, %ymm4
+        vpsrld	$31, %ymm5, %ymm5
+        vpsrld	$31, %ymm6, %ymm6
+        vpsrld	$31, %ymm7, %ymm7
+        vpaddd	%ymm4, %ymm8, %ymm8
+        vpaddd	%ymm5, %ymm9, %ymm9
+        vpaddd	%ymm6, %ymm10, %ymm10
+        vpaddd	%ymm7, %ymm11, %ymm11
+        vpmulld	%ymm13, %ymm8, %ymm4
+        vpmulld	%ymm13, %ymm9, %ymm5
+        vpmulld	%ymm13, %ymm10, %ymm6
+        vpmulld	%ymm13, %ymm11, %ymm7
+        vpsubd	%ymm4, %ymm0, %ymm4
+        vpsubd	%ymm5, %ymm1, %ymm5
+        vpsubd	%ymm6, %ymm2, %ymm6
+        vpsubd	%ymm7, %ymm3, %ymm7
+        vpcmpeqd	%ymm15, %ymm8, %ymm0
+        vpcmpeqd	%ymm15, %ymm9, %ymm1
+        vpcmpeqd	%ymm15, %ymm10, %ymm2
+        vpcmpeqd	%ymm15, %ymm11, %ymm3
+        vpaddd	%ymm0, %ymm4, %ymm4
+        vpaddd	%ymm1, %ymm5, %ymm5
+        vpaddd	%ymm2, %ymm6, %ymm6
+        vpaddd	%ymm3, %ymm7, %ymm7
+        vpcmpgtd	%ymm8, %ymm15, %ymm0
+        vpcmpgtd	%ymm9, %ymm15, %ymm1
+        vpcmpgtd	%ymm10, %ymm15, %ymm2
+        vpcmpgtd	%ymm11, %ymm15, %ymm3
+        vpand	%ymm0, %ymm8, %ymm8
+        vpand	%ymm1, %ymm9, %ymm9
+        vpand	%ymm2, %ymm10, %ymm10
+        vpand	%ymm3, %ymm11, %ymm11
+        vmovdqu	%ymm4, 2816(%rsi)
+        vmovdqu	%ymm5, 2848(%rsi)
+        vmovdqu	%ymm6, 2880(%rsi)
+        vmovdqu	%ymm7, 2912(%rsi)
+        vmovdqu	%ymm8, 2816(%rdx)
+        vmovdqu	%ymm9, 2848(%rdx)
+        vmovdqu	%ymm10, 2880(%rdx)
+        vmovdqu	%ymm11, 2912(%rdx)
+        vmovdqu	2944(%rdi), %ymm0
+        vmovdqu	2976(%rdi), %ymm1
+        vmovdqu	3008(%rdi), %ymm2
+        vmovdqu	3040(%rdi), %ymm3
+        vpmulld	%ymm15, %ymm0, %ymm8
+        vpmulld	%ymm15, %ymm1, %ymm9
+        vpmulld	%ymm15, %ymm2, %ymm10
+        vpmulld	%ymm15, %ymm3, %ymm11
+        vpaddd	%ymm14, %ymm8, %ymm8
+        vpaddd	%ymm14, %ymm9, %ymm9
+        vpaddd	%ymm14, %ymm10, %ymm10
+        vpaddd	%ymm14, %ymm11, %ymm11
+        vpsrld	$23, %ymm8, %ymm8
+        vpsrld	$23, %ymm9, %ymm9
+        vpsrld	$23, %ymm10, %ymm10
+        vpsrld	$23, %ymm11, %ymm11
+        vpmulld	%ymm13, %ymm8, %ymm4
+        vpmulld	%ymm13, %ymm9, %ymm5
+        vpmulld	%ymm13, %ymm10, %ymm6
+        vpmulld	%ymm13, %ymm11, %ymm7
+        vpsubd	%ymm4, %ymm0, %ymm4
+        vpsubd	%ymm5, %ymm1, %ymm5
+        vpsubd	%ymm6, %ymm2, %ymm6
+        vpsubd	%ymm7, %ymm3, %ymm7
+        vpsubd	%ymm4, %ymm12, %ymm4
+        vpsubd	%ymm5, %ymm12, %ymm5
+        vpsubd	%ymm6, %ymm12, %ymm6
+        vpsubd	%ymm7, %ymm12, %ymm7
+        vpsrld	$31, %ymm4, %ymm4
+        vpsrld	$31, %ymm5, %ymm5
+        vpsrld	$31, %ymm6, %ymm6
+        vpsrld	$31, %ymm7, %ymm7
+        vpaddd	%ymm4, %ymm8, %ymm8
+        vpaddd	%ymm5, %ymm9, %ymm9
+        vpaddd	%ymm6, %ymm10, %ymm10
+        vpaddd	%ymm7, %ymm11, %ymm11
+        vpmulld	%ymm13, %ymm8, %ymm4
+        vpmulld	%ymm13, %ymm9, %ymm5
+        vpmulld	%ymm13, %ymm10, %ymm6
+        vpmulld	%ymm13, %ymm11, %ymm7
+        vpsubd	%ymm4, %ymm0, %ymm4
+        vpsubd	%ymm5, %ymm1, %ymm5
+        vpsubd	%ymm6, %ymm2, %ymm6
+        vpsubd	%ymm7, %ymm3, %ymm7
+        vpcmpeqd	%ymm15, %ymm8, %ymm0
+        vpcmpeqd	%ymm15, %ymm9, %ymm1
+        vpcmpeqd	%ymm15, %ymm10, %ymm2
+        vpcmpeqd	%ymm15, %ymm11, %ymm3
+        vpaddd	%ymm0, %ymm4, %ymm4
+        vpaddd	%ymm1, %ymm5, %ymm5
+        vpaddd	%ymm2, %ymm6, %ymm6
+        vpaddd	%ymm3, %ymm7, %ymm7
+        vpcmpgtd	%ymm8, %ymm15, %ymm0
+        vpcmpgtd	%ymm9, %ymm15, %ymm1
+        vpcmpgtd	%ymm10, %ymm15, %ymm2
+        vpcmpgtd	%ymm11, %ymm15, %ymm3
+        vpand	%ymm0, %ymm8, %ymm8
+        vpand	%ymm1, %ymm9, %ymm9
+        vpand	%ymm2, %ymm10, %ymm10
+        vpand	%ymm3, %ymm11, %ymm11
+        vmovdqu	%ymm4, 2944(%rsi)
+        vmovdqu	%ymm5, 2976(%rsi)
+        vmovdqu	%ymm6, 3008(%rsi)
+        vmovdqu	%ymm7, 3040(%rsi)
+        vmovdqu	%ymm8, 2944(%rdx)
+        vmovdqu	%ymm9, 2976(%rdx)
+        vmovdqu	%ymm10, 3008(%rdx)
+        vmovdqu	%ymm11, 3040(%rdx)
+        # 4/4 vectors
+        vmovdqu	3072(%rdi), %ymm0
+        vmovdqu	3104(%rdi), %ymm1
+        vmovdqu	3136(%rdi), %ymm2
+        vmovdqu	3168(%rdi), %ymm3
+        vpmulld	%ymm15, %ymm0, %ymm8
+        vpmulld	%ymm15, %ymm1, %ymm9
+        vpmulld	%ymm15, %ymm2, %ymm10
+        vpmulld	%ymm15, %ymm3, %ymm11
+        vpaddd	%ymm14, %ymm8, %ymm8
+        vpaddd	%ymm14, %ymm9, %ymm9
+        vpaddd	%ymm14, %ymm10, %ymm10
+        vpaddd	%ymm14, %ymm11, %ymm11
+        vpsrld	$23, %ymm8, %ymm8
+        vpsrld	$23, %ymm9, %ymm9
+        vpsrld	$23, %ymm10, %ymm10
+        vpsrld	$23, %ymm11, %ymm11
+        vpmulld	%ymm13, %ymm8, %ymm4
+        vpmulld	%ymm13, %ymm9, %ymm5
+        vpmulld	%ymm13, %ymm10, %ymm6
+        vpmulld	%ymm13, %ymm11, %ymm7
+        vpsubd	%ymm4, %ymm0, %ymm4
+        vpsubd	%ymm5, %ymm1, %ymm5
+        vpsubd	%ymm6, %ymm2, %ymm6
+        vpsubd	%ymm7, %ymm3, %ymm7
+        vpsubd	%ymm4, %ymm12, %ymm4
+        vpsubd	%ymm5, %ymm12, %ymm5
+        vpsubd	%ymm6, %ymm12, %ymm6
+        vpsubd	%ymm7, %ymm12, %ymm7
+        vpsrld	$31, %ymm4, %ymm4
+        vpsrld	$31, %ymm5, %ymm5
+        vpsrld	$31, %ymm6, %ymm6
+        vpsrld	$31, %ymm7, %ymm7
+        vpaddd	%ymm4, %ymm8, %ymm8
+        vpaddd	%ymm5, %ymm9, %ymm9
+        vpaddd	%ymm6, %ymm10, %ymm10
+        vpaddd	%ymm7, %ymm11, %ymm11
+        vpmulld	%ymm13, %ymm8, %ymm4
+        vpmulld	%ymm13, %ymm9, %ymm5
+        vpmulld	%ymm13, %ymm10, %ymm6
+        vpmulld	%ymm13, %ymm11, %ymm7
+        vpsubd	%ymm4, %ymm0, %ymm4
+        vpsubd	%ymm5, %ymm1, %ymm5
+        vpsubd	%ymm6, %ymm2, %ymm6
+        vpsubd	%ymm7, %ymm3, %ymm7
+        vpcmpeqd	%ymm15, %ymm8, %ymm0
+        vpcmpeqd	%ymm15, %ymm9, %ymm1
+        vpcmpeqd	%ymm15, %ymm10, %ymm2
+        vpcmpeqd	%ymm15, %ymm11, %ymm3
+        vpaddd	%ymm0, %ymm4, %ymm4
+        vpaddd	%ymm1, %ymm5, %ymm5
+        vpaddd	%ymm2, %ymm6, %ymm6
+        vpaddd	%ymm3, %ymm7, %ymm7
+        vpcmpgtd	%ymm8, %ymm15, %ymm0
+        vpcmpgtd	%ymm9, %ymm15, %ymm1
+        vpcmpgtd	%ymm10, %ymm15, %ymm2
+        vpcmpgtd	%ymm11, %ymm15, %ymm3
+        vpand	%ymm0, %ymm8, %ymm8
+        vpand	%ymm1, %ymm9, %ymm9
+        vpand	%ymm2, %ymm10, %ymm10
+        vpand	%ymm3, %ymm11, %ymm11
+        vmovdqu	%ymm4, 3072(%rsi)
+        vmovdqu	%ymm5, 3104(%rsi)
+        vmovdqu	%ymm6, 3136(%rsi)
+        vmovdqu	%ymm7, 3168(%rsi)
+        vmovdqu	%ymm8, 3072(%rdx)
+        vmovdqu	%ymm9, 3104(%rdx)
+        vmovdqu	%ymm10, 3136(%rdx)
+        vmovdqu	%ymm11, 3168(%rdx)
+        vmovdqu	3200(%rdi), %ymm0
+        vmovdqu	3232(%rdi), %ymm1
+        vmovdqu	3264(%rdi), %ymm2
+        vmovdqu	3296(%rdi), %ymm3
+        vpmulld	%ymm15, %ymm0, %ymm8
+        vpmulld	%ymm15, %ymm1, %ymm9
+        vpmulld	%ymm15, %ymm2, %ymm10
+        vpmulld	%ymm15, %ymm3, %ymm11
+        vpaddd	%ymm14, %ymm8, %ymm8
+        vpaddd	%ymm14, %ymm9, %ymm9
+        vpaddd	%ymm14, %ymm10, %ymm10
+        vpaddd	%ymm14, %ymm11, %ymm11
+        vpsrld	$23, %ymm8, %ymm8
+        vpsrld	$23, %ymm9, %ymm9
+        vpsrld	$23, %ymm10, %ymm10
+        vpsrld	$23, %ymm11, %ymm11
+        vpmulld	%ymm13, %ymm8, %ymm4
+        vpmulld	%ymm13, %ymm9, %ymm5
+        vpmulld	%ymm13, %ymm10, %ymm6
+        vpmulld	%ymm13, %ymm11, %ymm7
+        vpsubd	%ymm4, %ymm0, %ymm4
+        vpsubd	%ymm5, %ymm1, %ymm5
+        vpsubd	%ymm6, %ymm2, %ymm6
+        vpsubd	%ymm7, %ymm3, %ymm7
+        vpsubd	%ymm4, %ymm12, %ymm4
+        vpsubd	%ymm5, %ymm12, %ymm5
+        vpsubd	%ymm6, %ymm12, %ymm6
+        vpsubd	%ymm7, %ymm12, %ymm7
+        vpsrld	$31, %ymm4, %ymm4
+        vpsrld	$31, %ymm5, %ymm5
+        vpsrld	$31, %ymm6, %ymm6
+        vpsrld	$31, %ymm7, %ymm7
+        vpaddd	%ymm4, %ymm8, %ymm8
+        vpaddd	%ymm5, %ymm9, %ymm9
+        vpaddd	%ymm6, %ymm10, %ymm10
+        vpaddd	%ymm7, %ymm11, %ymm11
+        vpmulld	%ymm13, %ymm8, %ymm4
+        vpmulld	%ymm13, %ymm9, %ymm5
+        vpmulld	%ymm13, %ymm10, %ymm6
+        vpmulld	%ymm13, %ymm11, %ymm7
+        vpsubd	%ymm4, %ymm0, %ymm4
+        vpsubd	%ymm5, %ymm1, %ymm5
+        vpsubd	%ymm6, %ymm2, %ymm6
+        vpsubd	%ymm7, %ymm3, %ymm7
+        vpcmpeqd	%ymm15, %ymm8, %ymm0
+        vpcmpeqd	%ymm15, %ymm9, %ymm1
+        vpcmpeqd	%ymm15, %ymm10, %ymm2
+        vpcmpeqd	%ymm15, %ymm11, %ymm3
+        vpaddd	%ymm0, %ymm4, %ymm4
+        vpaddd	%ymm1, %ymm5, %ymm5
+        vpaddd	%ymm2, %ymm6, %ymm6
+        vpaddd	%ymm3, %ymm7, %ymm7
+        vpcmpgtd	%ymm8, %ymm15, %ymm0
+        vpcmpgtd	%ymm9, %ymm15, %ymm1
+        vpcmpgtd	%ymm10, %ymm15, %ymm2
+        vpcmpgtd	%ymm11, %ymm15, %ymm3
+        vpand	%ymm0, %ymm8, %ymm8
+        vpand	%ymm1, %ymm9, %ymm9
+        vpand	%ymm2, %ymm10, %ymm10
+        vpand	%ymm3, %ymm11, %ymm11
+        vmovdqu	%ymm4, 3200(%rsi)
+        vmovdqu	%ymm5, 3232(%rsi)
+        vmovdqu	%ymm6, 3264(%rsi)
+        vmovdqu	%ymm7, 3296(%rsi)
+        vmovdqu	%ymm8, 3200(%rdx)
+        vmovdqu	%ymm9, 3232(%rdx)
+        vmovdqu	%ymm10, 3264(%rdx)
+        vmovdqu	%ymm11, 3296(%rdx)
+        vmovdqu	3328(%rdi), %ymm0
+        vmovdqu	3360(%rdi), %ymm1
+        vmovdqu	3392(%rdi), %ymm2
+        vmovdqu	3424(%rdi), %ymm3
+        vpmulld	%ymm15, %ymm0, %ymm8
+        vpmulld	%ymm15, %ymm1, %ymm9
+        vpmulld	%ymm15, %ymm2, %ymm10
+        vpmulld	%ymm15, %ymm3, %ymm11
+        vpaddd	%ymm14, %ymm8, %ymm8
+        vpaddd	%ymm14, %ymm9, %ymm9
+        vpaddd	%ymm14, %ymm10, %ymm10
+        vpaddd	%ymm14, %ymm11, %ymm11
+        vpsrld	$23, %ymm8, %ymm8
+        vpsrld	$23, %ymm9, %ymm9
+        vpsrld	$23, %ymm10, %ymm10
+        vpsrld	$23, %ymm11, %ymm11
+        vpmulld	%ymm13, %ymm8, %ymm4
+        vpmulld	%ymm13, %ymm9, %ymm5
+        vpmulld	%ymm13, %ymm10, %ymm6
+        vpmulld	%ymm13, %ymm11, %ymm7
+        vpsubd	%ymm4, %ymm0, %ymm4
+        vpsubd	%ymm5, %ymm1, %ymm5
+        vpsubd	%ymm6, %ymm2, %ymm6
+        vpsubd	%ymm7, %ymm3, %ymm7
+        vpsubd	%ymm4, %ymm12, %ymm4
+        vpsubd	%ymm5, %ymm12, %ymm5
+        vpsubd	%ymm6, %ymm12, %ymm6
+        vpsubd	%ymm7, %ymm12, %ymm7
+        vpsrld	$31, %ymm4, %ymm4
+        vpsrld	$31, %ymm5, %ymm5
+        vpsrld	$31, %ymm6, %ymm6
+        vpsrld	$31, %ymm7, %ymm7
+        vpaddd	%ymm4, %ymm8, %ymm8
+        vpaddd	%ymm5, %ymm9, %ymm9
+        vpaddd	%ymm6, %ymm10, %ymm10
+        vpaddd	%ymm7, %ymm11, %ymm11
+        vpmulld	%ymm13, %ymm8, %ymm4
+        vpmulld	%ymm13, %ymm9, %ymm5
+        vpmulld	%ymm13, %ymm10, %ymm6
+        vpmulld	%ymm13, %ymm11, %ymm7
+        vpsubd	%ymm4, %ymm0, %ymm4
+        vpsubd	%ymm5, %ymm1, %ymm5
+        vpsubd	%ymm6, %ymm2, %ymm6
+        vpsubd	%ymm7, %ymm3, %ymm7
+        vpcmpeqd	%ymm15, %ymm8, %ymm0
+        vpcmpeqd	%ymm15, %ymm9, %ymm1
+        vpcmpeqd	%ymm15, %ymm10, %ymm2
+        vpcmpeqd	%ymm15, %ymm11, %ymm3
+        vpaddd	%ymm0, %ymm4, %ymm4
+        vpaddd	%ymm1, %ymm5, %ymm5
+        vpaddd	%ymm2, %ymm6, %ymm6
+        vpaddd	%ymm3, %ymm7, %ymm7
+        vpcmpgtd	%ymm8, %ymm15, %ymm0
+        vpcmpgtd	%ymm9, %ymm15, %ymm1
+        vpcmpgtd	%ymm10, %ymm15, %ymm2
+        vpcmpgtd	%ymm11, %ymm15, %ymm3
+        vpand	%ymm0, %ymm8, %ymm8
+        vpand	%ymm1, %ymm9, %ymm9
+        vpand	%ymm2, %ymm10, %ymm10
+        vpand	%ymm3, %ymm11, %ymm11
+        vmovdqu	%ymm4, 3328(%rsi)
+        vmovdqu	%ymm5, 3360(%rsi)
+        vmovdqu	%ymm6, 3392(%rsi)
+        vmovdqu	%ymm7, 3424(%rsi)
+        vmovdqu	%ymm8, 3328(%rdx)
+        vmovdqu	%ymm9, 3360(%rdx)
+        vmovdqu	%ymm10, 3392(%rdx)
+        vmovdqu	%ymm11, 3424(%rdx)
+        vmovdqu	3456(%rdi), %ymm0
+        vmovdqu	3488(%rdi), %ymm1
+        vmovdqu	3520(%rdi), %ymm2
+        vmovdqu	3552(%rdi), %ymm3
+        vpmulld	%ymm15, %ymm0, %ymm8
+        vpmulld	%ymm15, %ymm1, %ymm9
+        vpmulld	%ymm15, %ymm2, %ymm10
+        vpmulld	%ymm15, %ymm3, %ymm11
+        vpaddd	%ymm14, %ymm8, %ymm8
+        vpaddd	%ymm14, %ymm9, %ymm9
+        vpaddd	%ymm14, %ymm10, %ymm10
+        vpaddd	%ymm14, %ymm11, %ymm11
+        vpsrld	$23, %ymm8, %ymm8
+        vpsrld	$23, %ymm9, %ymm9
+        vpsrld	$23, %ymm10, %ymm10
+        vpsrld	$23, %ymm11, %ymm11
+        vpmulld	%ymm13, %ymm8, %ymm4
+        vpmulld	%ymm13, %ymm9, %ymm5
+        vpmulld	%ymm13, %ymm10, %ymm6
+        vpmulld	%ymm13, %ymm11, %ymm7
+        vpsubd	%ymm4, %ymm0, %ymm4
+        vpsubd	%ymm5, %ymm1, %ymm5
+        vpsubd	%ymm6, %ymm2, %ymm6
+        vpsubd	%ymm7, %ymm3, %ymm7
+        vpsubd	%ymm4, %ymm12, %ymm4
+        vpsubd	%ymm5, %ymm12, %ymm5
+        vpsubd	%ymm6, %ymm12, %ymm6
+        vpsubd	%ymm7, %ymm12, %ymm7
+        vpsrld	$31, %ymm4, %ymm4
+        vpsrld	$31, %ymm5, %ymm5
+        vpsrld	$31, %ymm6, %ymm6
+        vpsrld	$31, %ymm7, %ymm7
+        vpaddd	%ymm4, %ymm8, %ymm8
+        vpaddd	%ymm5, %ymm9, %ymm9
+        vpaddd	%ymm6, %ymm10, %ymm10
+        vpaddd	%ymm7, %ymm11, %ymm11
+        vpmulld	%ymm13, %ymm8, %ymm4
+        vpmulld	%ymm13, %ymm9, %ymm5
+        vpmulld	%ymm13, %ymm10, %ymm6
+        vpmulld	%ymm13, %ymm11, %ymm7
+        vpsubd	%ymm4, %ymm0, %ymm4
+        vpsubd	%ymm5, %ymm1, %ymm5
+        vpsubd	%ymm6, %ymm2, %ymm6
+        vpsubd	%ymm7, %ymm3, %ymm7
+        vpcmpeqd	%ymm15, %ymm8, %ymm0
+        vpcmpeqd	%ymm15, %ymm9, %ymm1
+        vpcmpeqd	%ymm15, %ymm10, %ymm2
+        vpcmpeqd	%ymm15, %ymm11, %ymm3
+        vpaddd	%ymm0, %ymm4, %ymm4
+        vpaddd	%ymm1, %ymm5, %ymm5
+        vpaddd	%ymm2, %ymm6, %ymm6
+        vpaddd	%ymm3, %ymm7, %ymm7
+        vpcmpgtd	%ymm8, %ymm15, %ymm0
+        vpcmpgtd	%ymm9, %ymm15, %ymm1
+        vpcmpgtd	%ymm10, %ymm15, %ymm2
+        vpcmpgtd	%ymm11, %ymm15, %ymm3
+        vpand	%ymm0, %ymm8, %ymm8
+        vpand	%ymm1, %ymm9, %ymm9
+        vpand	%ymm2, %ymm10, %ymm10
+        vpand	%ymm3, %ymm11, %ymm11
+        vmovdqu	%ymm4, 3456(%rsi)
+        vmovdqu	%ymm5, 3488(%rsi)
+        vmovdqu	%ymm6, 3520(%rsi)
+        vmovdqu	%ymm7, 3552(%rsi)
+        vmovdqu	%ymm8, 3456(%rdx)
+        vmovdqu	%ymm9, 3488(%rdx)
+        vmovdqu	%ymm10, 3520(%rdx)
+        vmovdqu	%ymm11, 3552(%rdx)
+        vmovdqu	3584(%rdi), %ymm0
+        vmovdqu	3616(%rdi), %ymm1
+        vmovdqu	3648(%rdi), %ymm2
+        vmovdqu	3680(%rdi), %ymm3
+        vpmulld	%ymm15, %ymm0, %ymm8
+        vpmulld	%ymm15, %ymm1, %ymm9
+        vpmulld	%ymm15, %ymm2, %ymm10
+        vpmulld	%ymm15, %ymm3, %ymm11
+        vpaddd	%ymm14, %ymm8, %ymm8
+        vpaddd	%ymm14, %ymm9, %ymm9
+        vpaddd	%ymm14, %ymm10, %ymm10
+        vpaddd	%ymm14, %ymm11, %ymm11
+        vpsrld	$23, %ymm8, %ymm8
+        vpsrld	$23, %ymm9, %ymm9
+        vpsrld	$23, %ymm10, %ymm10
+        vpsrld	$23, %ymm11, %ymm11
+        vpmulld	%ymm13, %ymm8, %ymm4
+        vpmulld	%ymm13, %ymm9, %ymm5
+        vpmulld	%ymm13, %ymm10, %ymm6
+        vpmulld	%ymm13, %ymm11, %ymm7
+        vpsubd	%ymm4, %ymm0, %ymm4
+        vpsubd	%ymm5, %ymm1, %ymm5
+        vpsubd	%ymm6, %ymm2, %ymm6
+        vpsubd	%ymm7, %ymm3, %ymm7
+        vpsubd	%ymm4, %ymm12, %ymm4
+        vpsubd	%ymm5, %ymm12, %ymm5
+        vpsubd	%ymm6, %ymm12, %ymm6
+        vpsubd	%ymm7, %ymm12, %ymm7
+        vpsrld	$31, %ymm4, %ymm4
+        vpsrld	$31, %ymm5, %ymm5
+        vpsrld	$31, %ymm6, %ymm6
+        vpsrld	$31, %ymm7, %ymm7
+        vpaddd	%ymm4, %ymm8, %ymm8
+        vpaddd	%ymm5, %ymm9, %ymm9
+        vpaddd	%ymm6, %ymm10, %ymm10
+        vpaddd	%ymm7, %ymm11, %ymm11
+        vpmulld	%ymm13, %ymm8, %ymm4
+        vpmulld	%ymm13, %ymm9, %ymm5
+        vpmulld	%ymm13, %ymm10, %ymm6
+        vpmulld	%ymm13, %ymm11, %ymm7
+        vpsubd	%ymm4, %ymm0, %ymm4
+        vpsubd	%ymm5, %ymm1, %ymm5
+        vpsubd	%ymm6, %ymm2, %ymm6
+        vpsubd	%ymm7, %ymm3, %ymm7
+        vpcmpeqd	%ymm15, %ymm8, %ymm0
+        vpcmpeqd	%ymm15, %ymm9, %ymm1
+        vpcmpeqd	%ymm15, %ymm10, %ymm2
+        vpcmpeqd	%ymm15, %ymm11, %ymm3
+        vpaddd	%ymm0, %ymm4, %ymm4
+        vpaddd	%ymm1, %ymm5, %ymm5
+        vpaddd	%ymm2, %ymm6, %ymm6
+        vpaddd	%ymm3, %ymm7, %ymm7
+        vpcmpgtd	%ymm8, %ymm15, %ymm0
+        vpcmpgtd	%ymm9, %ymm15, %ymm1
+        vpcmpgtd	%ymm10, %ymm15, %ymm2
+        vpcmpgtd	%ymm11, %ymm15, %ymm3
+        vpand	%ymm0, %ymm8, %ymm8
+        vpand	%ymm1, %ymm9, %ymm9
+        vpand	%ymm2, %ymm10, %ymm10
+        vpand	%ymm3, %ymm11, %ymm11
+        vmovdqu	%ymm4, 3584(%rsi)
+        vmovdqu	%ymm5, 3616(%rsi)
+        vmovdqu	%ymm6, 3648(%rsi)
+        vmovdqu	%ymm7, 3680(%rsi)
+        vmovdqu	%ymm8, 3584(%rdx)
+        vmovdqu	%ymm9, 3616(%rdx)
+        vmovdqu	%ymm10, 3648(%rdx)
+        vmovdqu	%ymm11, 3680(%rdx)
+        vmovdqu	3712(%rdi), %ymm0
+        vmovdqu	3744(%rdi), %ymm1
+        vmovdqu	3776(%rdi), %ymm2
+        vmovdqu	3808(%rdi), %ymm3
+        vpmulld	%ymm15, %ymm0, %ymm8
+        vpmulld	%ymm15, %ymm1, %ymm9
+        vpmulld	%ymm15, %ymm2, %ymm10
+        vpmulld	%ymm15, %ymm3, %ymm11
+        vpaddd	%ymm14, %ymm8, %ymm8
+        vpaddd	%ymm14, %ymm9, %ymm9
+        vpaddd	%ymm14, %ymm10, %ymm10
+        vpaddd	%ymm14, %ymm11, %ymm11
+        vpsrld	$23, %ymm8, %ymm8
+        vpsrld	$23, %ymm9, %ymm9
+        vpsrld	$23, %ymm10, %ymm10
+        vpsrld	$23, %ymm11, %ymm11
+        vpmulld	%ymm13, %ymm8, %ymm4
+        vpmulld	%ymm13, %ymm9, %ymm5
+        vpmulld	%ymm13, %ymm10, %ymm6
+        vpmulld	%ymm13, %ymm11, %ymm7
+        vpsubd	%ymm4, %ymm0, %ymm4
+        vpsubd	%ymm5, %ymm1, %ymm5
+        vpsubd	%ymm6, %ymm2, %ymm6
+        vpsubd	%ymm7, %ymm3, %ymm7
+        vpsubd	%ymm4, %ymm12, %ymm4
+        vpsubd	%ymm5, %ymm12, %ymm5
+        vpsubd	%ymm6, %ymm12, %ymm6
+        vpsubd	%ymm7, %ymm12, %ymm7
+        vpsrld	$31, %ymm4, %ymm4
+        vpsrld	$31, %ymm5, %ymm5
+        vpsrld	$31, %ymm6, %ymm6
+        vpsrld	$31, %ymm7, %ymm7
+        vpaddd	%ymm4, %ymm8, %ymm8
+        vpaddd	%ymm5, %ymm9, %ymm9
+        vpaddd	%ymm6, %ymm10, %ymm10
+        vpaddd	%ymm7, %ymm11, %ymm11
+        vpmulld	%ymm13, %ymm8, %ymm4
+        vpmulld	%ymm13, %ymm9, %ymm5
+        vpmulld	%ymm13, %ymm10, %ymm6
+        vpmulld	%ymm13, %ymm11, %ymm7
+        vpsubd	%ymm4, %ymm0, %ymm4
+        vpsubd	%ymm5, %ymm1, %ymm5
+        vpsubd	%ymm6, %ymm2, %ymm6
+        vpsubd	%ymm7, %ymm3, %ymm7
+        vpcmpeqd	%ymm15, %ymm8, %ymm0
+        vpcmpeqd	%ymm15, %ymm9, %ymm1
+        vpcmpeqd	%ymm15, %ymm10, %ymm2
+        vpcmpeqd	%ymm15, %ymm11, %ymm3
+        vpaddd	%ymm0, %ymm4, %ymm4
+        vpaddd	%ymm1, %ymm5, %ymm5
+        vpaddd	%ymm2, %ymm6, %ymm6
+        vpaddd	%ymm3, %ymm7, %ymm7
+        vpcmpgtd	%ymm8, %ymm15, %ymm0
+        vpcmpgtd	%ymm9, %ymm15, %ymm1
+        vpcmpgtd	%ymm10, %ymm15, %ymm2
+        vpcmpgtd	%ymm11, %ymm15, %ymm3
+        vpand	%ymm0, %ymm8, %ymm8
+        vpand	%ymm1, %ymm9, %ymm9
+        vpand	%ymm2, %ymm10, %ymm10
+        vpand	%ymm3, %ymm11, %ymm11
+        vmovdqu	%ymm4, 3712(%rsi)
+        vmovdqu	%ymm5, 3744(%rsi)
+        vmovdqu	%ymm6, 3776(%rsi)
+        vmovdqu	%ymm7, 3808(%rsi)
+        vmovdqu	%ymm8, 3712(%rdx)
+        vmovdqu	%ymm9, 3744(%rdx)
+        vmovdqu	%ymm10, 3776(%rdx)
+        vmovdqu	%ymm11, 3808(%rdx)
+        vmovdqu	3840(%rdi), %ymm0
+        vmovdqu	3872(%rdi), %ymm1
+        vmovdqu	3904(%rdi), %ymm2
+        vmovdqu	3936(%rdi), %ymm3
+        vpmulld	%ymm15, %ymm0, %ymm8
+        vpmulld	%ymm15, %ymm1, %ymm9
+        vpmulld	%ymm15, %ymm2, %ymm10
+        vpmulld	%ymm15, %ymm3, %ymm11
+        vpaddd	%ymm14, %ymm8, %ymm8
+        vpaddd	%ymm14, %ymm9, %ymm9
+        vpaddd	%ymm14, %ymm10, %ymm10
+        vpaddd	%ymm14, %ymm11, %ymm11
+        vpsrld	$23, %ymm8, %ymm8
+        vpsrld	$23, %ymm9, %ymm9
+        vpsrld	$23, %ymm10, %ymm10
+        vpsrld	$23, %ymm11, %ymm11
+        vpmulld	%ymm13, %ymm8, %ymm4
+        vpmulld	%ymm13, %ymm9, %ymm5
+        vpmulld	%ymm13, %ymm10, %ymm6
+        vpmulld	%ymm13, %ymm11, %ymm7
+        vpsubd	%ymm4, %ymm0, %ymm4
+        vpsubd	%ymm5, %ymm1, %ymm5
+        vpsubd	%ymm6, %ymm2, %ymm6
+        vpsubd	%ymm7, %ymm3, %ymm7
+        vpsubd	%ymm4, %ymm12, %ymm4
+        vpsubd	%ymm5, %ymm12, %ymm5
+        vpsubd	%ymm6, %ymm12, %ymm6
+        vpsubd	%ymm7, %ymm12, %ymm7
+        vpsrld	$31, %ymm4, %ymm4
+        vpsrld	$31, %ymm5, %ymm5
+        vpsrld	$31, %ymm6, %ymm6
+        vpsrld	$31, %ymm7, %ymm7
+        vpaddd	%ymm4, %ymm8, %ymm8
+        vpaddd	%ymm5, %ymm9, %ymm9
+        vpaddd	%ymm6, %ymm10, %ymm10
+        vpaddd	%ymm7, %ymm11, %ymm11
+        vpmulld	%ymm13, %ymm8, %ymm4
+        vpmulld	%ymm13, %ymm9, %ymm5
+        vpmulld	%ymm13, %ymm10, %ymm6
+        vpmulld	%ymm13, %ymm11, %ymm7
+        vpsubd	%ymm4, %ymm0, %ymm4
+        vpsubd	%ymm5, %ymm1, %ymm5
+        vpsubd	%ymm6, %ymm2, %ymm6
+        vpsubd	%ymm7, %ymm3, %ymm7
+        vpcmpeqd	%ymm15, %ymm8, %ymm0
+        vpcmpeqd	%ymm15, %ymm9, %ymm1
+        vpcmpeqd	%ymm15, %ymm10, %ymm2
+        vpcmpeqd	%ymm15, %ymm11, %ymm3
+        vpaddd	%ymm0, %ymm4, %ymm4
+        vpaddd	%ymm1, %ymm5, %ymm5
+        vpaddd	%ymm2, %ymm6, %ymm6
+        vpaddd	%ymm3, %ymm7, %ymm7
+        vpcmpgtd	%ymm8, %ymm15, %ymm0
+        vpcmpgtd	%ymm9, %ymm15, %ymm1
+        vpcmpgtd	%ymm10, %ymm15, %ymm2
+        vpcmpgtd	%ymm11, %ymm15, %ymm3
+        vpand	%ymm0, %ymm8, %ymm8
+        vpand	%ymm1, %ymm9, %ymm9
+        vpand	%ymm2, %ymm10, %ymm10
+        vpand	%ymm3, %ymm11, %ymm11
+        vmovdqu	%ymm4, 3840(%rsi)
+        vmovdqu	%ymm5, 3872(%rsi)
+        vmovdqu	%ymm6, 3904(%rsi)
+        vmovdqu	%ymm7, 3936(%rsi)
+        vmovdqu	%ymm8, 3840(%rdx)
+        vmovdqu	%ymm9, 3872(%rdx)
+        vmovdqu	%ymm10, 3904(%rdx)
+        vmovdqu	%ymm11, 3936(%rdx)
+        vmovdqu	3968(%rdi), %ymm0
+        vmovdqu	4000(%rdi), %ymm1
+        vmovdqu	4032(%rdi), %ymm2
+        vmovdqu	4064(%rdi), %ymm3
+        vpmulld	%ymm15, %ymm0, %ymm8
+        vpmulld	%ymm15, %ymm1, %ymm9
+        vpmulld	%ymm15, %ymm2, %ymm10
+        vpmulld	%ymm15, %ymm3, %ymm11
+        vpaddd	%ymm14, %ymm8, %ymm8
+        vpaddd	%ymm14, %ymm9, %ymm9
+        vpaddd	%ymm14, %ymm10, %ymm10
+        vpaddd	%ymm14, %ymm11, %ymm11
+        vpsrld	$23, %ymm8, %ymm8
+        vpsrld	$23, %ymm9, %ymm9
+        vpsrld	$23, %ymm10, %ymm10
+        vpsrld	$23, %ymm11, %ymm11
+        vpmulld	%ymm13, %ymm8, %ymm4
+        vpmulld	%ymm13, %ymm9, %ymm5
+        vpmulld	%ymm13, %ymm10, %ymm6
+        vpmulld	%ymm13, %ymm11, %ymm7
+        vpsubd	%ymm4, %ymm0, %ymm4
+        vpsubd	%ymm5, %ymm1, %ymm5
+        vpsubd	%ymm6, %ymm2, %ymm6
+        vpsubd	%ymm7, %ymm3, %ymm7
+        vpsubd	%ymm4, %ymm12, %ymm4
+        vpsubd	%ymm5, %ymm12, %ymm5
+        vpsubd	%ymm6, %ymm12, %ymm6
+        vpsubd	%ymm7, %ymm12, %ymm7
+        vpsrld	$31, %ymm4, %ymm4
+        vpsrld	$31, %ymm5, %ymm5
+        vpsrld	$31, %ymm6, %ymm6
+        vpsrld	$31, %ymm7, %ymm7
+        vpaddd	%ymm4, %ymm8, %ymm8
+        vpaddd	%ymm5, %ymm9, %ymm9
+        vpaddd	%ymm6, %ymm10, %ymm10
+        vpaddd	%ymm7, %ymm11, %ymm11
+        vpmulld	%ymm13, %ymm8, %ymm4
+        vpmulld	%ymm13, %ymm9, %ymm5
+        vpmulld	%ymm13, %ymm10, %ymm6
+        vpmulld	%ymm13, %ymm11, %ymm7
+        vpsubd	%ymm4, %ymm0, %ymm4
+        vpsubd	%ymm5, %ymm1, %ymm5
+        vpsubd	%ymm6, %ymm2, %ymm6
+        vpsubd	%ymm7, %ymm3, %ymm7
+        vpcmpeqd	%ymm15, %ymm8, %ymm0
+        vpcmpeqd	%ymm15, %ymm9, %ymm1
+        vpcmpeqd	%ymm15, %ymm10, %ymm2
+        vpcmpeqd	%ymm15, %ymm11, %ymm3
+        vpaddd	%ymm0, %ymm4, %ymm4
+        vpaddd	%ymm1, %ymm5, %ymm5
+        vpaddd	%ymm2, %ymm6, %ymm6
+        vpaddd	%ymm3, %ymm7, %ymm7
+        vpcmpgtd	%ymm8, %ymm15, %ymm0
+        vpcmpgtd	%ymm9, %ymm15, %ymm1
+        vpcmpgtd	%ymm10, %ymm15, %ymm2
+        vpcmpgtd	%ymm11, %ymm15, %ymm3
+        vpand	%ymm0, %ymm8, %ymm8
+        vpand	%ymm1, %ymm9, %ymm9
+        vpand	%ymm2, %ymm10, %ymm10
+        vpand	%ymm3, %ymm11, %ymm11
+        vmovdqu	%ymm4, 3968(%rsi)
+        vmovdqu	%ymm5, 4000(%rsi)
+        vmovdqu	%ymm6, 4032(%rsi)
+        vmovdqu	%ymm7, 4064(%rsi)
+        vmovdqu	%ymm8, 3968(%rdx)
+        vmovdqu	%ymm9, 4000(%rdx)
+        vmovdqu	%ymm10, 4032(%rdx)
+        vmovdqu	%ymm11, 4064(%rdx)
+        vzeroupper
+        repz retq
+#ifndef __APPLE__
+.size	wc_mldsa_decompose_q88_avx2,.-wc_mldsa_decompose_q88_avx2
+#endif /* __APPLE__ */
+#ifndef __APPLE__
+.data
+#else
+.section	__DATA,__data
+#endif /* __APPLE__ */
+L_mldsa_decompose_q32_avx2_q_low_32:
+.long	0x0003ff00,0x0003ff00,0x0003ff00,0x0003ff00
+.long	0x0003ff00,0x0003ff00,0x0003ff00,0x0003ff00
+#ifndef __APPLE__
+.data
+#else
+.section	__DATA,__data
+#endif /* __APPLE__ */
+L_mldsa_decompose_q32_avx2_q_low_32_2:
+.long	0x0007fe00,0x0007fe00,0x0007fe00,0x0007fe00
+.long	0x0007fe00,0x0007fe00,0x0007fe00,0x0007fe00
+#ifndef __APPLE__
+.data
+#else
+.section	__DATA,__data
+#endif /* __APPLE__ */
+L_mldsa_decompose_q32_avx2_q_low_32_m1:
+.long	0x0003feff,0x0003feff,0x0003feff,0x0003feff
+.long	0x0003feff,0x0003feff,0x0003feff,0x0003feff
+#ifndef __APPLE__
+.data
+#else
+.section	__DATA,__data
+#endif /* __APPLE__ */
+L_mldsa_decompose_q32_avx2_mask:
+.long	0x0000000f,0x0000000f,0x0000000f,0x0000000f
+.long	0x0000000f,0x0000000f,0x0000000f,0x0000000f
+#ifndef __APPLE__
+.text
+.globl	wc_mldsa_decompose_q32_avx2
+.type	wc_mldsa_decompose_q32_avx2,@function
+.align	16
+wc_mldsa_decompose_q32_avx2:
+#else
+.section	__TEXT,__text
+.globl	_wc_mldsa_decompose_q32_avx2
+.p2align	4
+_wc_mldsa_decompose_q32_avx2:
+#endif /* __APPLE__ */
+        vmovdqu	L_mldsa_decompose_q32_avx2_q_low_32(%rip), %ymm12
+        vmovdqu	L_mldsa_decompose_q32_avx2_q_low_32_2(%rip), %ymm13
+        vmovdqu	L_mldsa_decompose_q32_avx2_q_low_32_m1(%rip), %ymm14
+        vmovdqu	L_mldsa_decompose_q32_avx2_mask(%rip), %ymm15
+L_mldsa_decompose_q32_avx2_start_256:
+        vmovdqu	(%rdi), %ymm0
+        vmovdqu	32(%rdi), %ymm1
+        vmovdqu	64(%rdi), %ymm2
+        vmovdqu	96(%rdi), %ymm3
+        vpaddd	%ymm14, %ymm0, %ymm8
+        vpaddd	%ymm14, %ymm1, %ymm9
+        vpaddd	%ymm14, %ymm2, %ymm10
+        vpaddd	%ymm14, %ymm3, %ymm11
+        vpsrld	$19, %ymm8, %ymm8
+        vpsrld	$19, %ymm9, %ymm9
+        vpsrld	$19, %ymm10, %ymm10
+        vpsrld	$19, %ymm11, %ymm11
+        vpmulld	%ymm13, %ymm8, %ymm4
+        vpmulld	%ymm13, %ymm9, %ymm5
+        vpmulld	%ymm13, %ymm10, %ymm6
+        vpmulld	%ymm13, %ymm11, %ymm7
+        vpsubd	%ymm4, %ymm0, %ymm4
+        vpsubd	%ymm5, %ymm1, %ymm5
+        vpsubd	%ymm6, %ymm2, %ymm6
+        vpsubd	%ymm7, %ymm3, %ymm7
+        vpsubd	%ymm4, %ymm12, %ymm4
+        vpsubd	%ymm5, %ymm12, %ymm5
+        vpsubd	%ymm6, %ymm12, %ymm6
+        vpsubd	%ymm7, %ymm12, %ymm7
+        vpsrld	$31, %ymm4, %ymm4
+        vpsrld	$31, %ymm5, %ymm5
+        vpsrld	$31, %ymm6, %ymm6
+        vpsrld	$31, %ymm7, %ymm7
+        vpaddd	%ymm4, %ymm8, %ymm8
+        vpaddd	%ymm5, %ymm9, %ymm9
+        vpaddd	%ymm6, %ymm10, %ymm10
+        vpaddd	%ymm7, %ymm11, %ymm11
+        vpmulld	%ymm13, %ymm8, %ymm4
+        vpmulld	%ymm13, %ymm9, %ymm5
+        vpmulld	%ymm13, %ymm10, %ymm6
+        vpmulld	%ymm13, %ymm11, %ymm7
+        vpsubd	%ymm4, %ymm0, %ymm4
+        vpsubd	%ymm5, %ymm1, %ymm5
+        vpsubd	%ymm6, %ymm2, %ymm6
+        vpsubd	%ymm7, %ymm3, %ymm7
+        vpsrld	$4, %ymm8, %ymm0
+        vpsrld	$4, %ymm9, %ymm1
+        vpsrld	$4, %ymm10, %ymm2
+        vpsrld	$4, %ymm11, %ymm3
+        vpsubd	%ymm0, %ymm4, %ymm4
+        vpsubd	%ymm1, %ymm5, %ymm5
+        vpsubd	%ymm2, %ymm6, %ymm6
+        vpsubd	%ymm3, %ymm7, %ymm7
+        vpand	%ymm15, %ymm8, %ymm8
+        vpand	%ymm15, %ymm9, %ymm9
+        vpand	%ymm15, %ymm10, %ymm10
+        vpand	%ymm15, %ymm11, %ymm11
+        vmovdqu	%ymm4, (%rdx)
+        vmovdqu	%ymm5, 32(%rdx)
+        vmovdqu	%ymm6, 64(%rdx)
+        vmovdqu	%ymm7, 96(%rdx)
+        vmovdqu	%ymm8, (%rcx)
+        vmovdqu	%ymm9, 32(%rcx)
+        vmovdqu	%ymm10, 64(%rcx)
+        vmovdqu	%ymm11, 96(%rcx)
+        vmovdqu	128(%rdi), %ymm0
+        vmovdqu	160(%rdi), %ymm1
+        vmovdqu	192(%rdi), %ymm2
+        vmovdqu	224(%rdi), %ymm3
+        vpaddd	%ymm14, %ymm0, %ymm8
+        vpaddd	%ymm14, %ymm1, %ymm9
+        vpaddd	%ymm14, %ymm2, %ymm10
+        vpaddd	%ymm14, %ymm3, %ymm11
+        vpsrld	$19, %ymm8, %ymm8
+        vpsrld	$19, %ymm9, %ymm9
+        vpsrld	$19, %ymm10, %ymm10
+        vpsrld	$19, %ymm11, %ymm11
+        vpmulld	%ymm13, %ymm8, %ymm4
+        vpmulld	%ymm13, %ymm9, %ymm5
+        vpmulld	%ymm13, %ymm10, %ymm6
+        vpmulld	%ymm13, %ymm11, %ymm7
+        vpsubd	%ymm4, %ymm0, %ymm4
+        vpsubd	%ymm5, %ymm1, %ymm5
+        vpsubd	%ymm6, %ymm2, %ymm6
+        vpsubd	%ymm7, %ymm3, %ymm7
+        vpsubd	%ymm4, %ymm12, %ymm4
+        vpsubd	%ymm5, %ymm12, %ymm5
+        vpsubd	%ymm6, %ymm12, %ymm6
+        vpsubd	%ymm7, %ymm12, %ymm7
+        vpsrld	$31, %ymm4, %ymm4
+        vpsrld	$31, %ymm5, %ymm5
+        vpsrld	$31, %ymm6, %ymm6
+        vpsrld	$31, %ymm7, %ymm7
+        vpaddd	%ymm4, %ymm8, %ymm8
+        vpaddd	%ymm5, %ymm9, %ymm9
+        vpaddd	%ymm6, %ymm10, %ymm10
+        vpaddd	%ymm7, %ymm11, %ymm11
+        vpmulld	%ymm13, %ymm8, %ymm4
+        vpmulld	%ymm13, %ymm9, %ymm5
+        vpmulld	%ymm13, %ymm10, %ymm6
+        vpmulld	%ymm13, %ymm11, %ymm7
+        vpsubd	%ymm4, %ymm0, %ymm4
+        vpsubd	%ymm5, %ymm1, %ymm5
+        vpsubd	%ymm6, %ymm2, %ymm6
+        vpsubd	%ymm7, %ymm3, %ymm7
+        vpsrld	$4, %ymm8, %ymm0
+        vpsrld	$4, %ymm9, %ymm1
+        vpsrld	$4, %ymm10, %ymm2
+        vpsrld	$4, %ymm11, %ymm3
+        vpsubd	%ymm0, %ymm4, %ymm4
+        vpsubd	%ymm1, %ymm5, %ymm5
+        vpsubd	%ymm2, %ymm6, %ymm6
+        vpsubd	%ymm3, %ymm7, %ymm7
+        vpand	%ymm15, %ymm8, %ymm8
+        vpand	%ymm15, %ymm9, %ymm9
+        vpand	%ymm15, %ymm10, %ymm10
+        vpand	%ymm15, %ymm11, %ymm11
+        vmovdqu	%ymm4, 128(%rdx)
+        vmovdqu	%ymm5, 160(%rdx)
+        vmovdqu	%ymm6, 192(%rdx)
+        vmovdqu	%ymm7, 224(%rdx)
+        vmovdqu	%ymm8, 128(%rcx)
+        vmovdqu	%ymm9, 160(%rcx)
+        vmovdqu	%ymm10, 192(%rcx)
+        vmovdqu	%ymm11, 224(%rcx)
+        vmovdqu	256(%rdi), %ymm0
+        vmovdqu	288(%rdi), %ymm1
+        vmovdqu	320(%rdi), %ymm2
+        vmovdqu	352(%rdi), %ymm3
+        vpaddd	%ymm14, %ymm0, %ymm8
+        vpaddd	%ymm14, %ymm1, %ymm9
+        vpaddd	%ymm14, %ymm2, %ymm10
+        vpaddd	%ymm14, %ymm3, %ymm11
+        vpsrld	$19, %ymm8, %ymm8
+        vpsrld	$19, %ymm9, %ymm9
+        vpsrld	$19, %ymm10, %ymm10
+        vpsrld	$19, %ymm11, %ymm11
+        vpmulld	%ymm13, %ymm8, %ymm4
+        vpmulld	%ymm13, %ymm9, %ymm5
+        vpmulld	%ymm13, %ymm10, %ymm6
+        vpmulld	%ymm13, %ymm11, %ymm7
+        vpsubd	%ymm4, %ymm0, %ymm4
+        vpsubd	%ymm5, %ymm1, %ymm5
+        vpsubd	%ymm6, %ymm2, %ymm6
+        vpsubd	%ymm7, %ymm3, %ymm7
+        vpsubd	%ymm4, %ymm12, %ymm4
+        vpsubd	%ymm5, %ymm12, %ymm5
+        vpsubd	%ymm6, %ymm12, %ymm6
+        vpsubd	%ymm7, %ymm12, %ymm7
+        vpsrld	$31, %ymm4, %ymm4
+        vpsrld	$31, %ymm5, %ymm5
+        vpsrld	$31, %ymm6, %ymm6
+        vpsrld	$31, %ymm7, %ymm7
+        vpaddd	%ymm4, %ymm8, %ymm8
+        vpaddd	%ymm5, %ymm9, %ymm9
+        vpaddd	%ymm6, %ymm10, %ymm10
+        vpaddd	%ymm7, %ymm11, %ymm11
+        vpmulld	%ymm13, %ymm8, %ymm4
+        vpmulld	%ymm13, %ymm9, %ymm5
+        vpmulld	%ymm13, %ymm10, %ymm6
+        vpmulld	%ymm13, %ymm11, %ymm7
+        vpsubd	%ymm4, %ymm0, %ymm4
+        vpsubd	%ymm5, %ymm1, %ymm5
+        vpsubd	%ymm6, %ymm2, %ymm6
+        vpsubd	%ymm7, %ymm3, %ymm7
+        vpsrld	$4, %ymm8, %ymm0
+        vpsrld	$4, %ymm9, %ymm1
+        vpsrld	$4, %ymm10, %ymm2
+        vpsrld	$4, %ymm11, %ymm3
+        vpsubd	%ymm0, %ymm4, %ymm4
+        vpsubd	%ymm1, %ymm5, %ymm5
+        vpsubd	%ymm2, %ymm6, %ymm6
+        vpsubd	%ymm3, %ymm7, %ymm7
+        vpand	%ymm15, %ymm8, %ymm8
+        vpand	%ymm15, %ymm9, %ymm9
+        vpand	%ymm15, %ymm10, %ymm10
+        vpand	%ymm15, %ymm11, %ymm11
+        vmovdqu	%ymm4, 256(%rdx)
+        vmovdqu	%ymm5, 288(%rdx)
+        vmovdqu	%ymm6, 320(%rdx)
+        vmovdqu	%ymm7, 352(%rdx)
+        vmovdqu	%ymm8, 256(%rcx)
+        vmovdqu	%ymm9, 288(%rcx)
+        vmovdqu	%ymm10, 320(%rcx)
+        vmovdqu	%ymm11, 352(%rcx)
+        vmovdqu	384(%rdi), %ymm0
+        vmovdqu	416(%rdi), %ymm1
+        vmovdqu	448(%rdi), %ymm2
+        vmovdqu	480(%rdi), %ymm3
+        vpaddd	%ymm14, %ymm0, %ymm8
+        vpaddd	%ymm14, %ymm1, %ymm9
+        vpaddd	%ymm14, %ymm2, %ymm10
+        vpaddd	%ymm14, %ymm3, %ymm11
+        vpsrld	$19, %ymm8, %ymm8
+        vpsrld	$19, %ymm9, %ymm9
+        vpsrld	$19, %ymm10, %ymm10
+        vpsrld	$19, %ymm11, %ymm11
+        vpmulld	%ymm13, %ymm8, %ymm4
+        vpmulld	%ymm13, %ymm9, %ymm5
+        vpmulld	%ymm13, %ymm10, %ymm6
+        vpmulld	%ymm13, %ymm11, %ymm7
+        vpsubd	%ymm4, %ymm0, %ymm4
+        vpsubd	%ymm5, %ymm1, %ymm5
+        vpsubd	%ymm6, %ymm2, %ymm6
+        vpsubd	%ymm7, %ymm3, %ymm7
+        vpsubd	%ymm4, %ymm12, %ymm4
+        vpsubd	%ymm5, %ymm12, %ymm5
+        vpsubd	%ymm6, %ymm12, %ymm6
+        vpsubd	%ymm7, %ymm12, %ymm7
+        vpsrld	$31, %ymm4, %ymm4
+        vpsrld	$31, %ymm5, %ymm5
+        vpsrld	$31, %ymm6, %ymm6
+        vpsrld	$31, %ymm7, %ymm7
+        vpaddd	%ymm4, %ymm8, %ymm8
+        vpaddd	%ymm5, %ymm9, %ymm9
+        vpaddd	%ymm6, %ymm10, %ymm10
+        vpaddd	%ymm7, %ymm11, %ymm11
+        vpmulld	%ymm13, %ymm8, %ymm4
+        vpmulld	%ymm13, %ymm9, %ymm5
+        vpmulld	%ymm13, %ymm10, %ymm6
+        vpmulld	%ymm13, %ymm11, %ymm7
+        vpsubd	%ymm4, %ymm0, %ymm4
+        vpsubd	%ymm5, %ymm1, %ymm5
+        vpsubd	%ymm6, %ymm2, %ymm6
+        vpsubd	%ymm7, %ymm3, %ymm7
+        vpsrld	$4, %ymm8, %ymm0
+        vpsrld	$4, %ymm9, %ymm1
+        vpsrld	$4, %ymm10, %ymm2
+        vpsrld	$4, %ymm11, %ymm3
+        vpsubd	%ymm0, %ymm4, %ymm4
+        vpsubd	%ymm1, %ymm5, %ymm5
+        vpsubd	%ymm2, %ymm6, %ymm6
+        vpsubd	%ymm3, %ymm7, %ymm7
+        vpand	%ymm15, %ymm8, %ymm8
+        vpand	%ymm15, %ymm9, %ymm9
+        vpand	%ymm15, %ymm10, %ymm10
+        vpand	%ymm15, %ymm11, %ymm11
+        vmovdqu	%ymm4, 384(%rdx)
+        vmovdqu	%ymm5, 416(%rdx)
+        vmovdqu	%ymm6, 448(%rdx)
+        vmovdqu	%ymm7, 480(%rdx)
+        vmovdqu	%ymm8, 384(%rcx)
+        vmovdqu	%ymm9, 416(%rcx)
+        vmovdqu	%ymm10, 448(%rcx)
+        vmovdqu	%ymm11, 480(%rcx)
+        vmovdqu	512(%rdi), %ymm0
+        vmovdqu	544(%rdi), %ymm1
+        vmovdqu	576(%rdi), %ymm2
+        vmovdqu	608(%rdi), %ymm3
+        vpaddd	%ymm14, %ymm0, %ymm8
+        vpaddd	%ymm14, %ymm1, %ymm9
+        vpaddd	%ymm14, %ymm2, %ymm10
+        vpaddd	%ymm14, %ymm3, %ymm11
+        vpsrld	$19, %ymm8, %ymm8
+        vpsrld	$19, %ymm9, %ymm9
+        vpsrld	$19, %ymm10, %ymm10
+        vpsrld	$19, %ymm11, %ymm11
+        vpmulld	%ymm13, %ymm8, %ymm4
+        vpmulld	%ymm13, %ymm9, %ymm5
+        vpmulld	%ymm13, %ymm10, %ymm6
+        vpmulld	%ymm13, %ymm11, %ymm7
+        vpsubd	%ymm4, %ymm0, %ymm4
+        vpsubd	%ymm5, %ymm1, %ymm5
+        vpsubd	%ymm6, %ymm2, %ymm6
+        vpsubd	%ymm7, %ymm3, %ymm7
+        vpsubd	%ymm4, %ymm12, %ymm4
+        vpsubd	%ymm5, %ymm12, %ymm5
+        vpsubd	%ymm6, %ymm12, %ymm6
+        vpsubd	%ymm7, %ymm12, %ymm7
+        vpsrld	$31, %ymm4, %ymm4
+        vpsrld	$31, %ymm5, %ymm5
+        vpsrld	$31, %ymm6, %ymm6
+        vpsrld	$31, %ymm7, %ymm7
+        vpaddd	%ymm4, %ymm8, %ymm8
+        vpaddd	%ymm5, %ymm9, %ymm9
+        vpaddd	%ymm6, %ymm10, %ymm10
+        vpaddd	%ymm7, %ymm11, %ymm11
+        vpmulld	%ymm13, %ymm8, %ymm4
+        vpmulld	%ymm13, %ymm9, %ymm5
+        vpmulld	%ymm13, %ymm10, %ymm6
+        vpmulld	%ymm13, %ymm11, %ymm7
+        vpsubd	%ymm4, %ymm0, %ymm4
+        vpsubd	%ymm5, %ymm1, %ymm5
+        vpsubd	%ymm6, %ymm2, %ymm6
+        vpsubd	%ymm7, %ymm3, %ymm7
+        vpsrld	$4, %ymm8, %ymm0
+        vpsrld	$4, %ymm9, %ymm1
+        vpsrld	$4, %ymm10, %ymm2
+        vpsrld	$4, %ymm11, %ymm3
+        vpsubd	%ymm0, %ymm4, %ymm4
+        vpsubd	%ymm1, %ymm5, %ymm5
+        vpsubd	%ymm2, %ymm6, %ymm6
+        vpsubd	%ymm3, %ymm7, %ymm7
+        vpand	%ymm15, %ymm8, %ymm8
+        vpand	%ymm15, %ymm9, %ymm9
+        vpand	%ymm15, %ymm10, %ymm10
+        vpand	%ymm15, %ymm11, %ymm11
+        vmovdqu	%ymm4, 512(%rdx)
+        vmovdqu	%ymm5, 544(%rdx)
+        vmovdqu	%ymm6, 576(%rdx)
+        vmovdqu	%ymm7, 608(%rdx)
+        vmovdqu	%ymm8, 512(%rcx)
+        vmovdqu	%ymm9, 544(%rcx)
+        vmovdqu	%ymm10, 576(%rcx)
+        vmovdqu	%ymm11, 608(%rcx)
+        vmovdqu	640(%rdi), %ymm0
+        vmovdqu	672(%rdi), %ymm1
+        vmovdqu	704(%rdi), %ymm2
+        vmovdqu	736(%rdi), %ymm3
+        vpaddd	%ymm14, %ymm0, %ymm8
+        vpaddd	%ymm14, %ymm1, %ymm9
+        vpaddd	%ymm14, %ymm2, %ymm10
+        vpaddd	%ymm14, %ymm3, %ymm11
+        vpsrld	$19, %ymm8, %ymm8
+        vpsrld	$19, %ymm9, %ymm9
+        vpsrld	$19, %ymm10, %ymm10
+        vpsrld	$19, %ymm11, %ymm11
+        vpmulld	%ymm13, %ymm8, %ymm4
+        vpmulld	%ymm13, %ymm9, %ymm5
+        vpmulld	%ymm13, %ymm10, %ymm6
+        vpmulld	%ymm13, %ymm11, %ymm7
+        vpsubd	%ymm4, %ymm0, %ymm4
+        vpsubd	%ymm5, %ymm1, %ymm5
+        vpsubd	%ymm6, %ymm2, %ymm6
+        vpsubd	%ymm7, %ymm3, %ymm7
+        vpsubd	%ymm4, %ymm12, %ymm4
+        vpsubd	%ymm5, %ymm12, %ymm5
+        vpsubd	%ymm6, %ymm12, %ymm6
+        vpsubd	%ymm7, %ymm12, %ymm7
+        vpsrld	$31, %ymm4, %ymm4
+        vpsrld	$31, %ymm5, %ymm5
+        vpsrld	$31, %ymm6, %ymm6
+        vpsrld	$31, %ymm7, %ymm7
+        vpaddd	%ymm4, %ymm8, %ymm8
+        vpaddd	%ymm5, %ymm9, %ymm9
+        vpaddd	%ymm6, %ymm10, %ymm10
+        vpaddd	%ymm7, %ymm11, %ymm11
+        vpmulld	%ymm13, %ymm8, %ymm4
+        vpmulld	%ymm13, %ymm9, %ymm5
+        vpmulld	%ymm13, %ymm10, %ymm6
+        vpmulld	%ymm13, %ymm11, %ymm7
+        vpsubd	%ymm4, %ymm0, %ymm4
+        vpsubd	%ymm5, %ymm1, %ymm5
+        vpsubd	%ymm6, %ymm2, %ymm6
+        vpsubd	%ymm7, %ymm3, %ymm7
+        vpsrld	$4, %ymm8, %ymm0
+        vpsrld	$4, %ymm9, %ymm1
+        vpsrld	$4, %ymm10, %ymm2
+        vpsrld	$4, %ymm11, %ymm3
+        vpsubd	%ymm0, %ymm4, %ymm4
+        vpsubd	%ymm1, %ymm5, %ymm5
+        vpsubd	%ymm2, %ymm6, %ymm6
+        vpsubd	%ymm3, %ymm7, %ymm7
+        vpand	%ymm15, %ymm8, %ymm8
+        vpand	%ymm15, %ymm9, %ymm9
+        vpand	%ymm15, %ymm10, %ymm10
+        vpand	%ymm15, %ymm11, %ymm11
+        vmovdqu	%ymm4, 640(%rdx)
+        vmovdqu	%ymm5, 672(%rdx)
+        vmovdqu	%ymm6, 704(%rdx)
+        vmovdqu	%ymm7, 736(%rdx)
+        vmovdqu	%ymm8, 640(%rcx)
+        vmovdqu	%ymm9, 672(%rcx)
+        vmovdqu	%ymm10, 704(%rcx)
+        vmovdqu	%ymm11, 736(%rcx)
+        vmovdqu	768(%rdi), %ymm0
+        vmovdqu	800(%rdi), %ymm1
+        vmovdqu	832(%rdi), %ymm2
+        vmovdqu	864(%rdi), %ymm3
+        vpaddd	%ymm14, %ymm0, %ymm8
+        vpaddd	%ymm14, %ymm1, %ymm9
+        vpaddd	%ymm14, %ymm2, %ymm10
+        vpaddd	%ymm14, %ymm3, %ymm11
+        vpsrld	$19, %ymm8, %ymm8
+        vpsrld	$19, %ymm9, %ymm9
+        vpsrld	$19, %ymm10, %ymm10
+        vpsrld	$19, %ymm11, %ymm11
+        vpmulld	%ymm13, %ymm8, %ymm4
+        vpmulld	%ymm13, %ymm9, %ymm5
+        vpmulld	%ymm13, %ymm10, %ymm6
+        vpmulld	%ymm13, %ymm11, %ymm7
+        vpsubd	%ymm4, %ymm0, %ymm4
+        vpsubd	%ymm5, %ymm1, %ymm5
+        vpsubd	%ymm6, %ymm2, %ymm6
+        vpsubd	%ymm7, %ymm3, %ymm7
+        vpsubd	%ymm4, %ymm12, %ymm4
+        vpsubd	%ymm5, %ymm12, %ymm5
+        vpsubd	%ymm6, %ymm12, %ymm6
+        vpsubd	%ymm7, %ymm12, %ymm7
+        vpsrld	$31, %ymm4, %ymm4
+        vpsrld	$31, %ymm5, %ymm5
+        vpsrld	$31, %ymm6, %ymm6
+        vpsrld	$31, %ymm7, %ymm7
+        vpaddd	%ymm4, %ymm8, %ymm8
+        vpaddd	%ymm5, %ymm9, %ymm9
+        vpaddd	%ymm6, %ymm10, %ymm10
+        vpaddd	%ymm7, %ymm11, %ymm11
+        vpmulld	%ymm13, %ymm8, %ymm4
+        vpmulld	%ymm13, %ymm9, %ymm5
+        vpmulld	%ymm13, %ymm10, %ymm6
+        vpmulld	%ymm13, %ymm11, %ymm7
+        vpsubd	%ymm4, %ymm0, %ymm4
+        vpsubd	%ymm5, %ymm1, %ymm5
+        vpsubd	%ymm6, %ymm2, %ymm6
+        vpsubd	%ymm7, %ymm3, %ymm7
+        vpsrld	$4, %ymm8, %ymm0
+        vpsrld	$4, %ymm9, %ymm1
+        vpsrld	$4, %ymm10, %ymm2
+        vpsrld	$4, %ymm11, %ymm3
+        vpsubd	%ymm0, %ymm4, %ymm4
+        vpsubd	%ymm1, %ymm5, %ymm5
+        vpsubd	%ymm2, %ymm6, %ymm6
+        vpsubd	%ymm3, %ymm7, %ymm7
+        vpand	%ymm15, %ymm8, %ymm8
+        vpand	%ymm15, %ymm9, %ymm9
+        vpand	%ymm15, %ymm10, %ymm10
+        vpand	%ymm15, %ymm11, %ymm11
+        vmovdqu	%ymm4, 768(%rdx)
+        vmovdqu	%ymm5, 800(%rdx)
+        vmovdqu	%ymm6, 832(%rdx)
+        vmovdqu	%ymm7, 864(%rdx)
+        vmovdqu	%ymm8, 768(%rcx)
+        vmovdqu	%ymm9, 800(%rcx)
+        vmovdqu	%ymm10, 832(%rcx)
+        vmovdqu	%ymm11, 864(%rcx)
+        vmovdqu	896(%rdi), %ymm0
+        vmovdqu	928(%rdi), %ymm1
+        vmovdqu	960(%rdi), %ymm2
+        vmovdqu	992(%rdi), %ymm3
+        vpaddd	%ymm14, %ymm0, %ymm8
+        vpaddd	%ymm14, %ymm1, %ymm9
+        vpaddd	%ymm14, %ymm2, %ymm10
+        vpaddd	%ymm14, %ymm3, %ymm11
+        vpsrld	$19, %ymm8, %ymm8
+        vpsrld	$19, %ymm9, %ymm9
+        vpsrld	$19, %ymm10, %ymm10
+        vpsrld	$19, %ymm11, %ymm11
+        vpmulld	%ymm13, %ymm8, %ymm4
+        vpmulld	%ymm13, %ymm9, %ymm5
+        vpmulld	%ymm13, %ymm10, %ymm6
+        vpmulld	%ymm13, %ymm11, %ymm7
+        vpsubd	%ymm4, %ymm0, %ymm4
+        vpsubd	%ymm5, %ymm1, %ymm5
+        vpsubd	%ymm6, %ymm2, %ymm6
+        vpsubd	%ymm7, %ymm3, %ymm7
+        vpsubd	%ymm4, %ymm12, %ymm4
+        vpsubd	%ymm5, %ymm12, %ymm5
+        vpsubd	%ymm6, %ymm12, %ymm6
+        vpsubd	%ymm7, %ymm12, %ymm7
+        vpsrld	$31, %ymm4, %ymm4
+        vpsrld	$31, %ymm5, %ymm5
+        vpsrld	$31, %ymm6, %ymm6
+        vpsrld	$31, %ymm7, %ymm7
+        vpaddd	%ymm4, %ymm8, %ymm8
+        vpaddd	%ymm5, %ymm9, %ymm9
+        vpaddd	%ymm6, %ymm10, %ymm10
+        vpaddd	%ymm7, %ymm11, %ymm11
+        vpmulld	%ymm13, %ymm8, %ymm4
+        vpmulld	%ymm13, %ymm9, %ymm5
+        vpmulld	%ymm13, %ymm10, %ymm6
+        vpmulld	%ymm13, %ymm11, %ymm7
+        vpsubd	%ymm4, %ymm0, %ymm4
+        vpsubd	%ymm5, %ymm1, %ymm5
+        vpsubd	%ymm6, %ymm2, %ymm6
+        vpsubd	%ymm7, %ymm3, %ymm7
+        vpsrld	$4, %ymm8, %ymm0
+        vpsrld	$4, %ymm9, %ymm1
+        vpsrld	$4, %ymm10, %ymm2
+        vpsrld	$4, %ymm11, %ymm3
+        vpsubd	%ymm0, %ymm4, %ymm4
+        vpsubd	%ymm1, %ymm5, %ymm5
+        vpsubd	%ymm2, %ymm6, %ymm6
+        vpsubd	%ymm3, %ymm7, %ymm7
+        vpand	%ymm15, %ymm8, %ymm8
+        vpand	%ymm15, %ymm9, %ymm9
+        vpand	%ymm15, %ymm10, %ymm10
+        vpand	%ymm15, %ymm11, %ymm11
+        vmovdqu	%ymm4, 896(%rdx)
+        vmovdqu	%ymm5, 928(%rdx)
+        vmovdqu	%ymm6, 960(%rdx)
+        vmovdqu	%ymm7, 992(%rdx)
+        vmovdqu	%ymm8, 896(%rcx)
+        vmovdqu	%ymm9, 928(%rcx)
+        vmovdqu	%ymm10, 960(%rcx)
+        vmovdqu	%ymm11, 992(%rcx)
+        addq	$0x400, %rdi
+        addq	$0x400, %rdx
+        addq	$0x400, %rcx
+        sub	$0x01, %rsi
+        jne	L_mldsa_decompose_q32_avx2_start_256
+        vzeroupper
+        repz retq
+#ifndef __APPLE__
+.size	wc_mldsa_decompose_q32_avx2,.-wc_mldsa_decompose_q32_avx2
+#endif /* __APPLE__ */
+#ifndef __APPLE__
+.data
+#else
+.section	__DATA,__data
+#endif /* __APPLE__ */
+L_mldsa_use_hint_88_avx2_q:
+.long	0x007fe001,0x007fe001,0x007fe001,0x007fe001
+.long	0x007fe001,0x007fe001,0x007fe001,0x007fe001
+#ifndef __APPLE__
+.data
+#else
+.section	__DATA,__data
+#endif /* __APPLE__ */
+L_mldsa_use_hint_88_avx2_q_low_88:
+.long	0x00017400,0x00017400,0x00017400,0x00017400
+.long	0x00017400,0x00017400,0x00017400,0x00017400
+#ifndef __APPLE__
+.data
+#else
+.section	__DATA,__data
+#endif /* __APPLE__ */
+L_mldsa_use_hint_88_avx2_q_low_88_2:
+.long	0x0002e800,0x0002e800,0x0002e800,0x0002e800
+.long	0x0002e800,0x0002e800,0x0002e800,0x0002e800
+#ifndef __APPLE__
+.data
+#else
+.section	__DATA,__data
+#endif /* __APPLE__ */
+L_mldsa_use_hint_88_avx2_q_2:
+.long	0x003fefd4,0x003fefd4,0x003fefd4,0x003fefd4
+.long	0x003fefd4,0x003fefd4,0x003fefd4,0x003fefd4
+#ifndef __APPLE__
+.data
+#else
+.section	__DATA,__data
+#endif /* __APPLE__ */
+L_mldsa_use_hint_88_avx2_44:
+.long	0x0000002c,0x0000002c,0x0000002c,0x0000002c
+.long	0x0000002c,0x0000002c,0x0000002c,0x0000002c
+#ifndef __APPLE__
+.data
+#else
+.section	__DATA,__data
+#endif /* __APPLE__ */
+L_mldsa_use_hint_88_avx2_vsl:
+.long	0x0000001f,0x0000001e,0x0000001d,0x0000001c
+.long	0x0000001b,0x0000001a,0x00000019,0x00000018
+#ifndef __APPLE__
+.data
+#else
+.section	__DATA,__data
+#endif /* __APPLE__ */
+L_mldsa_use_hint_88_avx2_one:
+.long	0x00000001,0x00000001,0x00000001,0x00000001
+.long	0x00000001,0x00000001,0x00000001,0x00000001
+#ifndef __APPLE__
+.text
+.globl	wc_mldsa_use_hint_88_avx2
+.type	wc_mldsa_use_hint_88_avx2,@function
+.align	16
+wc_mldsa_use_hint_88_avx2:
+#else
+.section	__TEXT,__text
+.globl	_wc_mldsa_use_hint_88_avx2
+.p2align	4
+_wc_mldsa_use_hint_88_avx2:
+#endif /* __APPLE__ */
+        vpxor	%ymm8, %ymm8, %ymm8
+        vmovdqu	L_mldsa_use_hint_88_avx2_q(%rip), %ymm8
+        vmovdqu	L_mldsa_use_hint_88_avx2_q_low_88(%rip), %ymm9
+        vmovdqu	L_mldsa_use_hint_88_avx2_q_low_88_2(%rip), %ymm10
+        vmovdqu	L_mldsa_use_hint_88_avx2_q_2(%rip), %ymm11
+        vmovdqu	L_mldsa_use_hint_88_avx2_44(%rip), %ymm12
+        vmovdqu	L_mldsa_use_hint_88_avx2_vsl(%rip), %ymm13
+        vmovdqu	L_mldsa_use_hint_88_avx2_one(%rip), %ymm14
+        xorq	%rax, %rax
+        mov	(%rsi), %r8b
+        # 1/4 vectors
+        mov	80(%rsi), %dl
+        vmovdqu	(%rdi), %ymm0
+        vmovdqu	32(%rdi), %ymm1
+        vpsrad	$31, %ymm0, %ymm2
+        vpsrad	$31, %ymm1, %ymm3
+        vpand	%ymm8, %ymm2, %ymm2
+        vpand	%ymm8, %ymm3, %ymm3
+        vpaddd	%ymm2, %ymm0, %ymm0
+        vpaddd	%ymm3, %ymm1, %ymm1
+        vpmulld	%ymm12, %ymm0, %ymm4
+        vpmulld	%ymm12, %ymm1, %ymm5
+        vpaddd	%ymm11, %ymm4, %ymm4
+        vpaddd	%ymm11, %ymm5, %ymm5
+        vpsrld	$23, %ymm4, %ymm4
+        vpsrld	$23, %ymm5, %ymm5
+        vpmulld	%ymm10, %ymm4, %ymm2
+        vpmulld	%ymm10, %ymm5, %ymm3
+        vpsubd	%ymm2, %ymm0, %ymm2
+        vpsubd	%ymm3, %ymm1, %ymm3
+        vpsubd	%ymm2, %ymm9, %ymm2
+        vpsubd	%ymm3, %ymm9, %ymm3
+        vpsrld	$31, %ymm2, %ymm2
+        vpsrld	$31, %ymm3, %ymm3
+        vpaddd	%ymm2, %ymm4, %ymm4
+        vpaddd	%ymm3, %ymm5, %ymm5
+        vpmulld	%ymm10, %ymm4, %ymm2
+        vpmulld	%ymm10, %ymm5, %ymm3
+        vpsubd	%ymm2, %ymm0, %ymm2
+        vpsubd	%ymm3, %ymm1, %ymm3
+        vpcmpeqd	%ymm12, %ymm4, %ymm0
+        vpcmpeqd	%ymm12, %ymm5, %ymm1
+        vpaddd	%ymm0, %ymm2, %ymm2
+        vpaddd	%ymm1, %ymm3, %ymm3
+        vpcmpgtd	%ymm4, %ymm12, %ymm0
+        vpcmpgtd	%ymm5, %ymm12, %ymm1
+        vpand	%ymm0, %ymm4, %ymm4
+        vpand	%ymm1, %ymm5, %ymm5
+        movq	$0x01, %r9
+        xorq	%r10, %r10
+        xorq	%rcx, %rcx
+L_mldsa_use_hint_88_avx2_hints_next_0_0:
+        cmp	%dl, %al
+        jge	L_mldsa_use_hint_88_avx2_hints_done_0_0
+        mov	%r8b, %cl
+        cmpq	$16, %rcx
+        jge	L_mldsa_use_hint_88_avx2_hints_done_0_0
+        mov	%r9, %r11
+        shlq	%cl, %r11
+        orq	%r11, %r10
+        inc	%al
+        mov	(%rsi,%rax,1), %r8b
+        jmp	L_mldsa_use_hint_88_avx2_hints_next_0_0
+L_mldsa_use_hint_88_avx2_hints_done_0_0:
+        movd	%r10d, %xmm6
+        shr	$8, %r10
+        movd	%r10d, %xmm7
+        vpbroadcastd	%xmm6, %ymm6
+        vpbroadcastd	%xmm7, %ymm7
+        vpsllvd	%ymm13, %ymm6, %ymm6
+        vpsllvd	%ymm13, %ymm7, %ymm7
+        vpsrad	$31, %ymm6, %ymm6
+        vpsrad	$31, %ymm7, %ymm7
+        vpsrld	$31, %ymm2, %ymm2
+        vpsrld	$31, %ymm3, %ymm3
+        vpslld	$0x01, %ymm2, %ymm2
+        vpslld	$0x01, %ymm3, %ymm3
+        vpsubd	%ymm2, %ymm14, %ymm2
+        vpsubd	%ymm3, %ymm14, %ymm3
+        vpand	%ymm6, %ymm2, %ymm2
+        vpand	%ymm7, %ymm3, %ymm3
+        vpaddd	%ymm2, %ymm4, %ymm4
+        vpaddd	%ymm3, %ymm5, %ymm5
+        vpcmpgtd	%ymm4, %ymm12, %ymm0
+        vpcmpgtd	%ymm5, %ymm12, %ymm1
+        vpand	%ymm0, %ymm4, %ymm4
+        vpand	%ymm1, %ymm5, %ymm5
+        vpsrad	$31, %ymm4, %ymm0
+        vpsrad	$31, %ymm5, %ymm1
+        vpand	%ymm12, %ymm0, %ymm0
+        vpand	%ymm12, %ymm1, %ymm1
+        vpaddd	%ymm0, %ymm4, %ymm4
+        vpaddd	%ymm1, %ymm5, %ymm5
+        vmovdqu	%ymm4, (%rdi)
+        vmovdqu	%ymm5, 32(%rdi)
+        vmovdqu	64(%rdi), %ymm0
+        vmovdqu	96(%rdi), %ymm1
+        vpsrad	$31, %ymm0, %ymm2
+        vpsrad	$31, %ymm1, %ymm3
+        vpand	%ymm8, %ymm2, %ymm2
+        vpand	%ymm8, %ymm3, %ymm3
+        vpaddd	%ymm2, %ymm0, %ymm0
+        vpaddd	%ymm3, %ymm1, %ymm1
+        vpmulld	%ymm12, %ymm0, %ymm4
+        vpmulld	%ymm12, %ymm1, %ymm5
+        vpaddd	%ymm11, %ymm4, %ymm4
+        vpaddd	%ymm11, %ymm5, %ymm5
+        vpsrld	$23, %ymm4, %ymm4
+        vpsrld	$23, %ymm5, %ymm5
+        vpmulld	%ymm10, %ymm4, %ymm2
+        vpmulld	%ymm10, %ymm5, %ymm3
+        vpsubd	%ymm2, %ymm0, %ymm2
+        vpsubd	%ymm3, %ymm1, %ymm3
+        vpsubd	%ymm2, %ymm9, %ymm2
+        vpsubd	%ymm3, %ymm9, %ymm3
+        vpsrld	$31, %ymm2, %ymm2
+        vpsrld	$31, %ymm3, %ymm3
+        vpaddd	%ymm2, %ymm4, %ymm4
+        vpaddd	%ymm3, %ymm5, %ymm5
+        vpmulld	%ymm10, %ymm4, %ymm2
+        vpmulld	%ymm10, %ymm5, %ymm3
+        vpsubd	%ymm2, %ymm0, %ymm2
+        vpsubd	%ymm3, %ymm1, %ymm3
+        vpcmpeqd	%ymm12, %ymm4, %ymm0
+        vpcmpeqd	%ymm12, %ymm5, %ymm1
+        vpaddd	%ymm0, %ymm2, %ymm2
+        vpaddd	%ymm1, %ymm3, %ymm3
+        vpcmpgtd	%ymm4, %ymm12, %ymm0
+        vpcmpgtd	%ymm5, %ymm12, %ymm1
+        vpand	%ymm0, %ymm4, %ymm4
+        vpand	%ymm1, %ymm5, %ymm5
+        movq	$0x01, %r9
+        xorq	%r10, %r10
+        xorq	%rcx, %rcx
+L_mldsa_use_hint_88_avx2_hints_next_0_1:
+        cmp	%dl, %al
+        jge	L_mldsa_use_hint_88_avx2_hints_done_0_1
+        mov	%r8b, %cl
+        sub	$16, %cl
+        cmpq	$16, %rcx
+        jge	L_mldsa_use_hint_88_avx2_hints_done_0_1
+        mov	%r9, %r11
+        shlq	%cl, %r11
+        orq	%r11, %r10
+        inc	%al
+        mov	(%rsi,%rax,1), %r8b
+        jmp	L_mldsa_use_hint_88_avx2_hints_next_0_1
+L_mldsa_use_hint_88_avx2_hints_done_0_1:
+        movd	%r10d, %xmm6
+        shr	$8, %r10
+        movd	%r10d, %xmm7
+        vpbroadcastd	%xmm6, %ymm6
+        vpbroadcastd	%xmm7, %ymm7
+        vpsllvd	%ymm13, %ymm6, %ymm6
+        vpsllvd	%ymm13, %ymm7, %ymm7
+        vpsrad	$31, %ymm6, %ymm6
+        vpsrad	$31, %ymm7, %ymm7
+        vpsrld	$31, %ymm2, %ymm2
+        vpsrld	$31, %ymm3, %ymm3
+        vpslld	$0x01, %ymm2, %ymm2
+        vpslld	$0x01, %ymm3, %ymm3
+        vpsubd	%ymm2, %ymm14, %ymm2
+        vpsubd	%ymm3, %ymm14, %ymm3
+        vpand	%ymm6, %ymm2, %ymm2
+        vpand	%ymm7, %ymm3, %ymm3
+        vpaddd	%ymm2, %ymm4, %ymm4
+        vpaddd	%ymm3, %ymm5, %ymm5
+        vpcmpgtd	%ymm4, %ymm12, %ymm0
+        vpcmpgtd	%ymm5, %ymm12, %ymm1
+        vpand	%ymm0, %ymm4, %ymm4
+        vpand	%ymm1, %ymm5, %ymm5
+        vpsrad	$31, %ymm4, %ymm0
+        vpsrad	$31, %ymm5, %ymm1
+        vpand	%ymm12, %ymm0, %ymm0
+        vpand	%ymm12, %ymm1, %ymm1
+        vpaddd	%ymm0, %ymm4, %ymm4
+        vpaddd	%ymm1, %ymm5, %ymm5
+        vmovdqu	%ymm4, 64(%rdi)
+        vmovdqu	%ymm5, 96(%rdi)
+        vmovdqu	128(%rdi), %ymm0
+        vmovdqu	160(%rdi), %ymm1
+        vpsrad	$31, %ymm0, %ymm2
+        vpsrad	$31, %ymm1, %ymm3
+        vpand	%ymm8, %ymm2, %ymm2
+        vpand	%ymm8, %ymm3, %ymm3
+        vpaddd	%ymm2, %ymm0, %ymm0
+        vpaddd	%ymm3, %ymm1, %ymm1
+        vpmulld	%ymm12, %ymm0, %ymm4
+        vpmulld	%ymm12, %ymm1, %ymm5
+        vpaddd	%ymm11, %ymm4, %ymm4
+        vpaddd	%ymm11, %ymm5, %ymm5
+        vpsrld	$23, %ymm4, %ymm4
+        vpsrld	$23, %ymm5, %ymm5
+        vpmulld	%ymm10, %ymm4, %ymm2
+        vpmulld	%ymm10, %ymm5, %ymm3
+        vpsubd	%ymm2, %ymm0, %ymm2
+        vpsubd	%ymm3, %ymm1, %ymm3
+        vpsubd	%ymm2, %ymm9, %ymm2
+        vpsubd	%ymm3, %ymm9, %ymm3
+        vpsrld	$31, %ymm2, %ymm2
+        vpsrld	$31, %ymm3, %ymm3
+        vpaddd	%ymm2, %ymm4, %ymm4
+        vpaddd	%ymm3, %ymm5, %ymm5
+        vpmulld	%ymm10, %ymm4, %ymm2
+        vpmulld	%ymm10, %ymm5, %ymm3
+        vpsubd	%ymm2, %ymm0, %ymm2
+        vpsubd	%ymm3, %ymm1, %ymm3
+        vpcmpeqd	%ymm12, %ymm4, %ymm0
+        vpcmpeqd	%ymm12, %ymm5, %ymm1
+        vpaddd	%ymm0, %ymm2, %ymm2
+        vpaddd	%ymm1, %ymm3, %ymm3
+        vpcmpgtd	%ymm4, %ymm12, %ymm0
+        vpcmpgtd	%ymm5, %ymm12, %ymm1
+        vpand	%ymm0, %ymm4, %ymm4
+        vpand	%ymm1, %ymm5, %ymm5
+        movq	$0x01, %r9
+        xorq	%r10, %r10
+        xorq	%rcx, %rcx
+L_mldsa_use_hint_88_avx2_hints_next_0_2:
+        cmp	%dl, %al
+        jge	L_mldsa_use_hint_88_avx2_hints_done_0_2
+        mov	%r8b, %cl
+        sub	$32, %cl
+        cmpq	$16, %rcx
+        jge	L_mldsa_use_hint_88_avx2_hints_done_0_2
+        mov	%r9, %r11
+        shlq	%cl, %r11
+        orq	%r11, %r10
+        inc	%al
+        mov	(%rsi,%rax,1), %r8b
+        jmp	L_mldsa_use_hint_88_avx2_hints_next_0_2
+L_mldsa_use_hint_88_avx2_hints_done_0_2:
+        movd	%r10d, %xmm6
+        shr	$8, %r10
+        movd	%r10d, %xmm7
+        vpbroadcastd	%xmm6, %ymm6
+        vpbroadcastd	%xmm7, %ymm7
+        vpsllvd	%ymm13, %ymm6, %ymm6
+        vpsllvd	%ymm13, %ymm7, %ymm7
+        vpsrad	$31, %ymm6, %ymm6
+        vpsrad	$31, %ymm7, %ymm7
+        vpsrld	$31, %ymm2, %ymm2
+        vpsrld	$31, %ymm3, %ymm3
+        vpslld	$0x01, %ymm2, %ymm2
+        vpslld	$0x01, %ymm3, %ymm3
+        vpsubd	%ymm2, %ymm14, %ymm2
+        vpsubd	%ymm3, %ymm14, %ymm3
+        vpand	%ymm6, %ymm2, %ymm2
+        vpand	%ymm7, %ymm3, %ymm3
+        vpaddd	%ymm2, %ymm4, %ymm4
+        vpaddd	%ymm3, %ymm5, %ymm5
+        vpcmpgtd	%ymm4, %ymm12, %ymm0
+        vpcmpgtd	%ymm5, %ymm12, %ymm1
+        vpand	%ymm0, %ymm4, %ymm4
+        vpand	%ymm1, %ymm5, %ymm5
+        vpsrad	$31, %ymm4, %ymm0
+        vpsrad	$31, %ymm5, %ymm1
+        vpand	%ymm12, %ymm0, %ymm0
+        vpand	%ymm12, %ymm1, %ymm1
+        vpaddd	%ymm0, %ymm4, %ymm4
+        vpaddd	%ymm1, %ymm5, %ymm5
+        vmovdqu	%ymm4, 128(%rdi)
+        vmovdqu	%ymm5, 160(%rdi)
+        vmovdqu	192(%rdi), %ymm0
+        vmovdqu	224(%rdi), %ymm1
+        vpsrad	$31, %ymm0, %ymm2
+        vpsrad	$31, %ymm1, %ymm3
+        vpand	%ymm8, %ymm2, %ymm2
+        vpand	%ymm8, %ymm3, %ymm3
+        vpaddd	%ymm2, %ymm0, %ymm0
+        vpaddd	%ymm3, %ymm1, %ymm1
+        vpmulld	%ymm12, %ymm0, %ymm4
+        vpmulld	%ymm12, %ymm1, %ymm5
+        vpaddd	%ymm11, %ymm4, %ymm4
+        vpaddd	%ymm11, %ymm5, %ymm5
+        vpsrld	$23, %ymm4, %ymm4
+        vpsrld	$23, %ymm5, %ymm5
+        vpmulld	%ymm10, %ymm4, %ymm2
+        vpmulld	%ymm10, %ymm5, %ymm3
+        vpsubd	%ymm2, %ymm0, %ymm2
+        vpsubd	%ymm3, %ymm1, %ymm3
+        vpsubd	%ymm2, %ymm9, %ymm2
+        vpsubd	%ymm3, %ymm9, %ymm3
+        vpsrld	$31, %ymm2, %ymm2
+        vpsrld	$31, %ymm3, %ymm3
+        vpaddd	%ymm2, %ymm4, %ymm4
+        vpaddd	%ymm3, %ymm5, %ymm5
+        vpmulld	%ymm10, %ymm4, %ymm2
+        vpmulld	%ymm10, %ymm5, %ymm3
+        vpsubd	%ymm2, %ymm0, %ymm2
+        vpsubd	%ymm3, %ymm1, %ymm3
+        vpcmpeqd	%ymm12, %ymm4, %ymm0
+        vpcmpeqd	%ymm12, %ymm5, %ymm1
+        vpaddd	%ymm0, %ymm2, %ymm2
+        vpaddd	%ymm1, %ymm3, %ymm3
+        vpcmpgtd	%ymm4, %ymm12, %ymm0
+        vpcmpgtd	%ymm5, %ymm12, %ymm1
+        vpand	%ymm0, %ymm4, %ymm4
+        vpand	%ymm1, %ymm5, %ymm5
+        movq	$0x01, %r9
+        xorq	%r10, %r10
+        xorq	%rcx, %rcx
+L_mldsa_use_hint_88_avx2_hints_next_0_3:
+        cmp	%dl, %al
+        jge	L_mldsa_use_hint_88_avx2_hints_done_0_3
+        mov	%r8b, %cl
+        sub	$48, %cl
+        cmpq	$16, %rcx
+        jge	L_mldsa_use_hint_88_avx2_hints_done_0_3
+        mov	%r9, %r11
+        shlq	%cl, %r11
+        orq	%r11, %r10
+        inc	%al
+        mov	(%rsi,%rax,1), %r8b
+        jmp	L_mldsa_use_hint_88_avx2_hints_next_0_3
+L_mldsa_use_hint_88_avx2_hints_done_0_3:
+        movd	%r10d, %xmm6
+        shr	$8, %r10
+        movd	%r10d, %xmm7
+        vpbroadcastd	%xmm6, %ymm6
+        vpbroadcastd	%xmm7, %ymm7
+        vpsllvd	%ymm13, %ymm6, %ymm6
+        vpsllvd	%ymm13, %ymm7, %ymm7
+        vpsrad	$31, %ymm6, %ymm6
+        vpsrad	$31, %ymm7, %ymm7
+        vpsrld	$31, %ymm2, %ymm2
+        vpsrld	$31, %ymm3, %ymm3
+        vpslld	$0x01, %ymm2, %ymm2
+        vpslld	$0x01, %ymm3, %ymm3
+        vpsubd	%ymm2, %ymm14, %ymm2
+        vpsubd	%ymm3, %ymm14, %ymm3
+        vpand	%ymm6, %ymm2, %ymm2
+        vpand	%ymm7, %ymm3, %ymm3
+        vpaddd	%ymm2, %ymm4, %ymm4
+        vpaddd	%ymm3, %ymm5, %ymm5
+        vpcmpgtd	%ymm4, %ymm12, %ymm0
+        vpcmpgtd	%ymm5, %ymm12, %ymm1
+        vpand	%ymm0, %ymm4, %ymm4
+        vpand	%ymm1, %ymm5, %ymm5
+        vpsrad	$31, %ymm4, %ymm0
+        vpsrad	$31, %ymm5, %ymm1
+        vpand	%ymm12, %ymm0, %ymm0
+        vpand	%ymm12, %ymm1, %ymm1
+        vpaddd	%ymm0, %ymm4, %ymm4
+        vpaddd	%ymm1, %ymm5, %ymm5
+        vmovdqu	%ymm4, 192(%rdi)
+        vmovdqu	%ymm5, 224(%rdi)
+        vmovdqu	256(%rdi), %ymm0
+        vmovdqu	288(%rdi), %ymm1
+        vpsrad	$31, %ymm0, %ymm2
+        vpsrad	$31, %ymm1, %ymm3
+        vpand	%ymm8, %ymm2, %ymm2
+        vpand	%ymm8, %ymm3, %ymm3
+        vpaddd	%ymm2, %ymm0, %ymm0
+        vpaddd	%ymm3, %ymm1, %ymm1
+        vpmulld	%ymm12, %ymm0, %ymm4
+        vpmulld	%ymm12, %ymm1, %ymm5
+        vpaddd	%ymm11, %ymm4, %ymm4
+        vpaddd	%ymm11, %ymm5, %ymm5
+        vpsrld	$23, %ymm4, %ymm4
+        vpsrld	$23, %ymm5, %ymm5
+        vpmulld	%ymm10, %ymm4, %ymm2
+        vpmulld	%ymm10, %ymm5, %ymm3
+        vpsubd	%ymm2, %ymm0, %ymm2
+        vpsubd	%ymm3, %ymm1, %ymm3
+        vpsubd	%ymm2, %ymm9, %ymm2
+        vpsubd	%ymm3, %ymm9, %ymm3
+        vpsrld	$31, %ymm2, %ymm2
+        vpsrld	$31, %ymm3, %ymm3
+        vpaddd	%ymm2, %ymm4, %ymm4
+        vpaddd	%ymm3, %ymm5, %ymm5
+        vpmulld	%ymm10, %ymm4, %ymm2
+        vpmulld	%ymm10, %ymm5, %ymm3
+        vpsubd	%ymm2, %ymm0, %ymm2
+        vpsubd	%ymm3, %ymm1, %ymm3
+        vpcmpeqd	%ymm12, %ymm4, %ymm0
+        vpcmpeqd	%ymm12, %ymm5, %ymm1
+        vpaddd	%ymm0, %ymm2, %ymm2
+        vpaddd	%ymm1, %ymm3, %ymm3
+        vpcmpgtd	%ymm4, %ymm12, %ymm0
+        vpcmpgtd	%ymm5, %ymm12, %ymm1
+        vpand	%ymm0, %ymm4, %ymm4
+        vpand	%ymm1, %ymm5, %ymm5
+        movq	$0x01, %r9
+        xorq	%r10, %r10
+        xorq	%rcx, %rcx
+L_mldsa_use_hint_88_avx2_hints_next_0_4:
+        cmp	%dl, %al
+        jge	L_mldsa_use_hint_88_avx2_hints_done_0_4
+        mov	%r8b, %cl
+        sub	$0x40, %cl
+        cmpq	$16, %rcx
+        jge	L_mldsa_use_hint_88_avx2_hints_done_0_4
+        mov	%r9, %r11
+        shlq	%cl, %r11
+        orq	%r11, %r10
+        inc	%al
+        mov	(%rsi,%rax,1), %r8b
+        jmp	L_mldsa_use_hint_88_avx2_hints_next_0_4
+L_mldsa_use_hint_88_avx2_hints_done_0_4:
+        movd	%r10d, %xmm6
+        shr	$8, %r10
+        movd	%r10d, %xmm7
+        vpbroadcastd	%xmm6, %ymm6
+        vpbroadcastd	%xmm7, %ymm7
+        vpsllvd	%ymm13, %ymm6, %ymm6
+        vpsllvd	%ymm13, %ymm7, %ymm7
+        vpsrad	$31, %ymm6, %ymm6
+        vpsrad	$31, %ymm7, %ymm7
+        vpsrld	$31, %ymm2, %ymm2
+        vpsrld	$31, %ymm3, %ymm3
+        vpslld	$0x01, %ymm2, %ymm2
+        vpslld	$0x01, %ymm3, %ymm3
+        vpsubd	%ymm2, %ymm14, %ymm2
+        vpsubd	%ymm3, %ymm14, %ymm3
+        vpand	%ymm6, %ymm2, %ymm2
+        vpand	%ymm7, %ymm3, %ymm3
+        vpaddd	%ymm2, %ymm4, %ymm4
+        vpaddd	%ymm3, %ymm5, %ymm5
+        vpcmpgtd	%ymm4, %ymm12, %ymm0
+        vpcmpgtd	%ymm5, %ymm12, %ymm1
+        vpand	%ymm0, %ymm4, %ymm4
+        vpand	%ymm1, %ymm5, %ymm5
+        vpsrad	$31, %ymm4, %ymm0
+        vpsrad	$31, %ymm5, %ymm1
+        vpand	%ymm12, %ymm0, %ymm0
+        vpand	%ymm12, %ymm1, %ymm1
+        vpaddd	%ymm0, %ymm4, %ymm4
+        vpaddd	%ymm1, %ymm5, %ymm5
+        vmovdqu	%ymm4, 256(%rdi)
+        vmovdqu	%ymm5, 288(%rdi)
+        vmovdqu	320(%rdi), %ymm0
+        vmovdqu	352(%rdi), %ymm1
+        vpsrad	$31, %ymm0, %ymm2
+        vpsrad	$31, %ymm1, %ymm3
+        vpand	%ymm8, %ymm2, %ymm2
+        vpand	%ymm8, %ymm3, %ymm3
+        vpaddd	%ymm2, %ymm0, %ymm0
+        vpaddd	%ymm3, %ymm1, %ymm1
+        vpmulld	%ymm12, %ymm0, %ymm4
+        vpmulld	%ymm12, %ymm1, %ymm5
+        vpaddd	%ymm11, %ymm4, %ymm4
+        vpaddd	%ymm11, %ymm5, %ymm5
+        vpsrld	$23, %ymm4, %ymm4
+        vpsrld	$23, %ymm5, %ymm5
+        vpmulld	%ymm10, %ymm4, %ymm2
+        vpmulld	%ymm10, %ymm5, %ymm3
+        vpsubd	%ymm2, %ymm0, %ymm2
+        vpsubd	%ymm3, %ymm1, %ymm3
+        vpsubd	%ymm2, %ymm9, %ymm2
+        vpsubd	%ymm3, %ymm9, %ymm3
+        vpsrld	$31, %ymm2, %ymm2
+        vpsrld	$31, %ymm3, %ymm3
+        vpaddd	%ymm2, %ymm4, %ymm4
+        vpaddd	%ymm3, %ymm5, %ymm5
+        vpmulld	%ymm10, %ymm4, %ymm2
+        vpmulld	%ymm10, %ymm5, %ymm3
+        vpsubd	%ymm2, %ymm0, %ymm2
+        vpsubd	%ymm3, %ymm1, %ymm3
+        vpcmpeqd	%ymm12, %ymm4, %ymm0
+        vpcmpeqd	%ymm12, %ymm5, %ymm1
+        vpaddd	%ymm0, %ymm2, %ymm2
+        vpaddd	%ymm1, %ymm3, %ymm3
+        vpcmpgtd	%ymm4, %ymm12, %ymm0
+        vpcmpgtd	%ymm5, %ymm12, %ymm1
+        vpand	%ymm0, %ymm4, %ymm4
+        vpand	%ymm1, %ymm5, %ymm5
+        movq	$0x01, %r9
+        xorq	%r10, %r10
+        xorq	%rcx, %rcx
+L_mldsa_use_hint_88_avx2_hints_next_0_5:
+        cmp	%dl, %al
+        jge	L_mldsa_use_hint_88_avx2_hints_done_0_5
+        mov	%r8b, %cl
+        sub	$0x50, %cl
+        cmpq	$16, %rcx
+        jge	L_mldsa_use_hint_88_avx2_hints_done_0_5
+        mov	%r9, %r11
+        shlq	%cl, %r11
+        orq	%r11, %r10
+        inc	%al
+        mov	(%rsi,%rax,1), %r8b
+        jmp	L_mldsa_use_hint_88_avx2_hints_next_0_5
+L_mldsa_use_hint_88_avx2_hints_done_0_5:
+        movd	%r10d, %xmm6
+        shr	$8, %r10
+        movd	%r10d, %xmm7
+        vpbroadcastd	%xmm6, %ymm6
+        vpbroadcastd	%xmm7, %ymm7
+        vpsllvd	%ymm13, %ymm6, %ymm6
+        vpsllvd	%ymm13, %ymm7, %ymm7
+        vpsrad	$31, %ymm6, %ymm6
+        vpsrad	$31, %ymm7, %ymm7
+        vpsrld	$31, %ymm2, %ymm2
+        vpsrld	$31, %ymm3, %ymm3
+        vpslld	$0x01, %ymm2, %ymm2
+        vpslld	$0x01, %ymm3, %ymm3
+        vpsubd	%ymm2, %ymm14, %ymm2
+        vpsubd	%ymm3, %ymm14, %ymm3
+        vpand	%ymm6, %ymm2, %ymm2
+        vpand	%ymm7, %ymm3, %ymm3
+        vpaddd	%ymm2, %ymm4, %ymm4
+        vpaddd	%ymm3, %ymm5, %ymm5
+        vpcmpgtd	%ymm4, %ymm12, %ymm0
+        vpcmpgtd	%ymm5, %ymm12, %ymm1
+        vpand	%ymm0, %ymm4, %ymm4
+        vpand	%ymm1, %ymm5, %ymm5
+        vpsrad	$31, %ymm4, %ymm0
+        vpsrad	$31, %ymm5, %ymm1
+        vpand	%ymm12, %ymm0, %ymm0
+        vpand	%ymm12, %ymm1, %ymm1
+        vpaddd	%ymm0, %ymm4, %ymm4
+        vpaddd	%ymm1, %ymm5, %ymm5
+        vmovdqu	%ymm4, 320(%rdi)
+        vmovdqu	%ymm5, 352(%rdi)
+        vmovdqu	384(%rdi), %ymm0
+        vmovdqu	416(%rdi), %ymm1
+        vpsrad	$31, %ymm0, %ymm2
+        vpsrad	$31, %ymm1, %ymm3
+        vpand	%ymm8, %ymm2, %ymm2
+        vpand	%ymm8, %ymm3, %ymm3
+        vpaddd	%ymm2, %ymm0, %ymm0
+        vpaddd	%ymm3, %ymm1, %ymm1
+        vpmulld	%ymm12, %ymm0, %ymm4
+        vpmulld	%ymm12, %ymm1, %ymm5
+        vpaddd	%ymm11, %ymm4, %ymm4
+        vpaddd	%ymm11, %ymm5, %ymm5
+        vpsrld	$23, %ymm4, %ymm4
+        vpsrld	$23, %ymm5, %ymm5
+        vpmulld	%ymm10, %ymm4, %ymm2
+        vpmulld	%ymm10, %ymm5, %ymm3
+        vpsubd	%ymm2, %ymm0, %ymm2
+        vpsubd	%ymm3, %ymm1, %ymm3
+        vpsubd	%ymm2, %ymm9, %ymm2
+        vpsubd	%ymm3, %ymm9, %ymm3
+        vpsrld	$31, %ymm2, %ymm2
+        vpsrld	$31, %ymm3, %ymm3
+        vpaddd	%ymm2, %ymm4, %ymm4
+        vpaddd	%ymm3, %ymm5, %ymm5
+        vpmulld	%ymm10, %ymm4, %ymm2
+        vpmulld	%ymm10, %ymm5, %ymm3
+        vpsubd	%ymm2, %ymm0, %ymm2
+        vpsubd	%ymm3, %ymm1, %ymm3
+        vpcmpeqd	%ymm12, %ymm4, %ymm0
+        vpcmpeqd	%ymm12, %ymm5, %ymm1
+        vpaddd	%ymm0, %ymm2, %ymm2
+        vpaddd	%ymm1, %ymm3, %ymm3
+        vpcmpgtd	%ymm4, %ymm12, %ymm0
+        vpcmpgtd	%ymm5, %ymm12, %ymm1
+        vpand	%ymm0, %ymm4, %ymm4
+        vpand	%ymm1, %ymm5, %ymm5
+        movq	$0x01, %r9
+        xorq	%r10, %r10
+        xorq	%rcx, %rcx
+L_mldsa_use_hint_88_avx2_hints_next_0_6:
+        cmp	%dl, %al
+        jge	L_mldsa_use_hint_88_avx2_hints_done_0_6
+        mov	%r8b, %cl
+        sub	$0x60, %cl
+        cmpq	$16, %rcx
+        jge	L_mldsa_use_hint_88_avx2_hints_done_0_6
+        mov	%r9, %r11
+        shlq	%cl, %r11
+        orq	%r11, %r10
+        inc	%al
+        mov	(%rsi,%rax,1), %r8b
+        jmp	L_mldsa_use_hint_88_avx2_hints_next_0_6
+L_mldsa_use_hint_88_avx2_hints_done_0_6:
+        movd	%r10d, %xmm6
+        shr	$8, %r10
+        movd	%r10d, %xmm7
+        vpbroadcastd	%xmm6, %ymm6
+        vpbroadcastd	%xmm7, %ymm7
+        vpsllvd	%ymm13, %ymm6, %ymm6
+        vpsllvd	%ymm13, %ymm7, %ymm7
+        vpsrad	$31, %ymm6, %ymm6
+        vpsrad	$31, %ymm7, %ymm7
+        vpsrld	$31, %ymm2, %ymm2
+        vpsrld	$31, %ymm3, %ymm3
+        vpslld	$0x01, %ymm2, %ymm2
+        vpslld	$0x01, %ymm3, %ymm3
+        vpsubd	%ymm2, %ymm14, %ymm2
+        vpsubd	%ymm3, %ymm14, %ymm3
+        vpand	%ymm6, %ymm2, %ymm2
+        vpand	%ymm7, %ymm3, %ymm3
+        vpaddd	%ymm2, %ymm4, %ymm4
+        vpaddd	%ymm3, %ymm5, %ymm5
+        vpcmpgtd	%ymm4, %ymm12, %ymm0
+        vpcmpgtd	%ymm5, %ymm12, %ymm1
+        vpand	%ymm0, %ymm4, %ymm4
+        vpand	%ymm1, %ymm5, %ymm5
+        vpsrad	$31, %ymm4, %ymm0
+        vpsrad	$31, %ymm5, %ymm1
+        vpand	%ymm12, %ymm0, %ymm0
+        vpand	%ymm12, %ymm1, %ymm1
+        vpaddd	%ymm0, %ymm4, %ymm4
+        vpaddd	%ymm1, %ymm5, %ymm5
+        vmovdqu	%ymm4, 384(%rdi)
+        vmovdqu	%ymm5, 416(%rdi)
+        vmovdqu	448(%rdi), %ymm0
+        vmovdqu	480(%rdi), %ymm1
+        vpsrad	$31, %ymm0, %ymm2
+        vpsrad	$31, %ymm1, %ymm3
+        vpand	%ymm8, %ymm2, %ymm2
+        vpand	%ymm8, %ymm3, %ymm3
+        vpaddd	%ymm2, %ymm0, %ymm0
+        vpaddd	%ymm3, %ymm1, %ymm1
+        vpmulld	%ymm12, %ymm0, %ymm4
+        vpmulld	%ymm12, %ymm1, %ymm5
+        vpaddd	%ymm11, %ymm4, %ymm4
+        vpaddd	%ymm11, %ymm5, %ymm5
+        vpsrld	$23, %ymm4, %ymm4
+        vpsrld	$23, %ymm5, %ymm5
+        vpmulld	%ymm10, %ymm4, %ymm2
+        vpmulld	%ymm10, %ymm5, %ymm3
+        vpsubd	%ymm2, %ymm0, %ymm2
+        vpsubd	%ymm3, %ymm1, %ymm3
+        vpsubd	%ymm2, %ymm9, %ymm2
+        vpsubd	%ymm3, %ymm9, %ymm3
+        vpsrld	$31, %ymm2, %ymm2
+        vpsrld	$31, %ymm3, %ymm3
+        vpaddd	%ymm2, %ymm4, %ymm4
+        vpaddd	%ymm3, %ymm5, %ymm5
+        vpmulld	%ymm10, %ymm4, %ymm2
+        vpmulld	%ymm10, %ymm5, %ymm3
+        vpsubd	%ymm2, %ymm0, %ymm2
+        vpsubd	%ymm3, %ymm1, %ymm3
+        vpcmpeqd	%ymm12, %ymm4, %ymm0
+        vpcmpeqd	%ymm12, %ymm5, %ymm1
+        vpaddd	%ymm0, %ymm2, %ymm2
+        vpaddd	%ymm1, %ymm3, %ymm3
+        vpcmpgtd	%ymm4, %ymm12, %ymm0
+        vpcmpgtd	%ymm5, %ymm12, %ymm1
+        vpand	%ymm0, %ymm4, %ymm4
+        vpand	%ymm1, %ymm5, %ymm5
+        movq	$0x01, %r9
+        xorq	%r10, %r10
+        xorq	%rcx, %rcx
+L_mldsa_use_hint_88_avx2_hints_next_0_7:
+        cmp	%dl, %al
+        jge	L_mldsa_use_hint_88_avx2_hints_done_0_7
+        mov	%r8b, %cl
+        sub	$0x70, %cl
+        cmpq	$16, %rcx
+        jge	L_mldsa_use_hint_88_avx2_hints_done_0_7
+        mov	%r9, %r11
+        shlq	%cl, %r11
+        orq	%r11, %r10
+        inc	%al
+        mov	(%rsi,%rax,1), %r8b
+        jmp	L_mldsa_use_hint_88_avx2_hints_next_0_7
+L_mldsa_use_hint_88_avx2_hints_done_0_7:
+        movd	%r10d, %xmm6
+        shr	$8, %r10
+        movd	%r10d, %xmm7
+        vpbroadcastd	%xmm6, %ymm6
+        vpbroadcastd	%xmm7, %ymm7
+        vpsllvd	%ymm13, %ymm6, %ymm6
+        vpsllvd	%ymm13, %ymm7, %ymm7
+        vpsrad	$31, %ymm6, %ymm6
+        vpsrad	$31, %ymm7, %ymm7
+        vpsrld	$31, %ymm2, %ymm2
+        vpsrld	$31, %ymm3, %ymm3
+        vpslld	$0x01, %ymm2, %ymm2
+        vpslld	$0x01, %ymm3, %ymm3
+        vpsubd	%ymm2, %ymm14, %ymm2
+        vpsubd	%ymm3, %ymm14, %ymm3
+        vpand	%ymm6, %ymm2, %ymm2
+        vpand	%ymm7, %ymm3, %ymm3
+        vpaddd	%ymm2, %ymm4, %ymm4
+        vpaddd	%ymm3, %ymm5, %ymm5
+        vpcmpgtd	%ymm4, %ymm12, %ymm0
+        vpcmpgtd	%ymm5, %ymm12, %ymm1
+        vpand	%ymm0, %ymm4, %ymm4
+        vpand	%ymm1, %ymm5, %ymm5
+        vpsrad	$31, %ymm4, %ymm0
+        vpsrad	$31, %ymm5, %ymm1
+        vpand	%ymm12, %ymm0, %ymm0
+        vpand	%ymm12, %ymm1, %ymm1
+        vpaddd	%ymm0, %ymm4, %ymm4
+        vpaddd	%ymm1, %ymm5, %ymm5
+        vmovdqu	%ymm4, 448(%rdi)
+        vmovdqu	%ymm5, 480(%rdi)
+        vmovdqu	512(%rdi), %ymm0
+        vmovdqu	544(%rdi), %ymm1
+        vpsrad	$31, %ymm0, %ymm2
+        vpsrad	$31, %ymm1, %ymm3
+        vpand	%ymm8, %ymm2, %ymm2
+        vpand	%ymm8, %ymm3, %ymm3
+        vpaddd	%ymm2, %ymm0, %ymm0
+        vpaddd	%ymm3, %ymm1, %ymm1
+        vpmulld	%ymm12, %ymm0, %ymm4
+        vpmulld	%ymm12, %ymm1, %ymm5
+        vpaddd	%ymm11, %ymm4, %ymm4
+        vpaddd	%ymm11, %ymm5, %ymm5
+        vpsrld	$23, %ymm4, %ymm4
+        vpsrld	$23, %ymm5, %ymm5
+        vpmulld	%ymm10, %ymm4, %ymm2
+        vpmulld	%ymm10, %ymm5, %ymm3
+        vpsubd	%ymm2, %ymm0, %ymm2
+        vpsubd	%ymm3, %ymm1, %ymm3
+        vpsubd	%ymm2, %ymm9, %ymm2
+        vpsubd	%ymm3, %ymm9, %ymm3
+        vpsrld	$31, %ymm2, %ymm2
+        vpsrld	$31, %ymm3, %ymm3
+        vpaddd	%ymm2, %ymm4, %ymm4
+        vpaddd	%ymm3, %ymm5, %ymm5
+        vpmulld	%ymm10, %ymm4, %ymm2
+        vpmulld	%ymm10, %ymm5, %ymm3
+        vpsubd	%ymm2, %ymm0, %ymm2
+        vpsubd	%ymm3, %ymm1, %ymm3
+        vpcmpeqd	%ymm12, %ymm4, %ymm0
+        vpcmpeqd	%ymm12, %ymm5, %ymm1
+        vpaddd	%ymm0, %ymm2, %ymm2
+        vpaddd	%ymm1, %ymm3, %ymm3
+        vpcmpgtd	%ymm4, %ymm12, %ymm0
+        vpcmpgtd	%ymm5, %ymm12, %ymm1
+        vpand	%ymm0, %ymm4, %ymm4
+        vpand	%ymm1, %ymm5, %ymm5
+        movq	$0x01, %r9
+        xorq	%r10, %r10
+        xorq	%rcx, %rcx
+L_mldsa_use_hint_88_avx2_hints_next_0_8:
+        cmp	%dl, %al
+        jge	L_mldsa_use_hint_88_avx2_hints_done_0_8
+        mov	%r8b, %cl
+        sub	$0x80, %cl
+        cmpq	$16, %rcx
+        jge	L_mldsa_use_hint_88_avx2_hints_done_0_8
+        mov	%r9, %r11
+        shlq	%cl, %r11
+        orq	%r11, %r10
+        inc	%al
+        mov	(%rsi,%rax,1), %r8b
+        jmp	L_mldsa_use_hint_88_avx2_hints_next_0_8
+L_mldsa_use_hint_88_avx2_hints_done_0_8:
+        movd	%r10d, %xmm6
+        shr	$8, %r10
+        movd	%r10d, %xmm7
+        vpbroadcastd	%xmm6, %ymm6
+        vpbroadcastd	%xmm7, %ymm7
+        vpsllvd	%ymm13, %ymm6, %ymm6
+        vpsllvd	%ymm13, %ymm7, %ymm7
+        vpsrad	$31, %ymm6, %ymm6
+        vpsrad	$31, %ymm7, %ymm7
+        vpsrld	$31, %ymm2, %ymm2
+        vpsrld	$31, %ymm3, %ymm3
+        vpslld	$0x01, %ymm2, %ymm2
+        vpslld	$0x01, %ymm3, %ymm3
+        vpsubd	%ymm2, %ymm14, %ymm2
+        vpsubd	%ymm3, %ymm14, %ymm3
+        vpand	%ymm6, %ymm2, %ymm2
+        vpand	%ymm7, %ymm3, %ymm3
+        vpaddd	%ymm2, %ymm4, %ymm4
+        vpaddd	%ymm3, %ymm5, %ymm5
+        vpcmpgtd	%ymm4, %ymm12, %ymm0
+        vpcmpgtd	%ymm5, %ymm12, %ymm1
+        vpand	%ymm0, %ymm4, %ymm4
+        vpand	%ymm1, %ymm5, %ymm5
+        vpsrad	$31, %ymm4, %ymm0
+        vpsrad	$31, %ymm5, %ymm1
+        vpand	%ymm12, %ymm0, %ymm0
+        vpand	%ymm12, %ymm1, %ymm1
+        vpaddd	%ymm0, %ymm4, %ymm4
+        vpaddd	%ymm1, %ymm5, %ymm5
+        vmovdqu	%ymm4, 512(%rdi)
+        vmovdqu	%ymm5, 544(%rdi)
+        vmovdqu	576(%rdi), %ymm0
+        vmovdqu	608(%rdi), %ymm1
+        vpsrad	$31, %ymm0, %ymm2
+        vpsrad	$31, %ymm1, %ymm3
+        vpand	%ymm8, %ymm2, %ymm2
+        vpand	%ymm8, %ymm3, %ymm3
+        vpaddd	%ymm2, %ymm0, %ymm0
+        vpaddd	%ymm3, %ymm1, %ymm1
+        vpmulld	%ymm12, %ymm0, %ymm4
+        vpmulld	%ymm12, %ymm1, %ymm5
+        vpaddd	%ymm11, %ymm4, %ymm4
+        vpaddd	%ymm11, %ymm5, %ymm5
+        vpsrld	$23, %ymm4, %ymm4
+        vpsrld	$23, %ymm5, %ymm5
+        vpmulld	%ymm10, %ymm4, %ymm2
+        vpmulld	%ymm10, %ymm5, %ymm3
+        vpsubd	%ymm2, %ymm0, %ymm2
+        vpsubd	%ymm3, %ymm1, %ymm3
+        vpsubd	%ymm2, %ymm9, %ymm2
+        vpsubd	%ymm3, %ymm9, %ymm3
+        vpsrld	$31, %ymm2, %ymm2
+        vpsrld	$31, %ymm3, %ymm3
+        vpaddd	%ymm2, %ymm4, %ymm4
+        vpaddd	%ymm3, %ymm5, %ymm5
+        vpmulld	%ymm10, %ymm4, %ymm2
+        vpmulld	%ymm10, %ymm5, %ymm3
+        vpsubd	%ymm2, %ymm0, %ymm2
+        vpsubd	%ymm3, %ymm1, %ymm3
+        vpcmpeqd	%ymm12, %ymm4, %ymm0
+        vpcmpeqd	%ymm12, %ymm5, %ymm1
+        vpaddd	%ymm0, %ymm2, %ymm2
+        vpaddd	%ymm1, %ymm3, %ymm3
+        vpcmpgtd	%ymm4, %ymm12, %ymm0
+        vpcmpgtd	%ymm5, %ymm12, %ymm1
+        vpand	%ymm0, %ymm4, %ymm4
+        vpand	%ymm1, %ymm5, %ymm5
+        movq	$0x01, %r9
+        xorq	%r10, %r10
+        xorq	%rcx, %rcx
+L_mldsa_use_hint_88_avx2_hints_next_0_9:
+        cmp	%dl, %al
+        jge	L_mldsa_use_hint_88_avx2_hints_done_0_9
+        mov	%r8b, %cl
+        sub	$0x90, %cl
+        cmpq	$16, %rcx
+        jge	L_mldsa_use_hint_88_avx2_hints_done_0_9
+        mov	%r9, %r11
+        shlq	%cl, %r11
+        orq	%r11, %r10
+        inc	%al
+        mov	(%rsi,%rax,1), %r8b
+        jmp	L_mldsa_use_hint_88_avx2_hints_next_0_9
+L_mldsa_use_hint_88_avx2_hints_done_0_9:
+        movd	%r10d, %xmm6
+        shr	$8, %r10
+        movd	%r10d, %xmm7
+        vpbroadcastd	%xmm6, %ymm6
+        vpbroadcastd	%xmm7, %ymm7
+        vpsllvd	%ymm13, %ymm6, %ymm6
+        vpsllvd	%ymm13, %ymm7, %ymm7
+        vpsrad	$31, %ymm6, %ymm6
+        vpsrad	$31, %ymm7, %ymm7
+        vpsrld	$31, %ymm2, %ymm2
+        vpsrld	$31, %ymm3, %ymm3
+        vpslld	$0x01, %ymm2, %ymm2
+        vpslld	$0x01, %ymm3, %ymm3
+        vpsubd	%ymm2, %ymm14, %ymm2
+        vpsubd	%ymm3, %ymm14, %ymm3
+        vpand	%ymm6, %ymm2, %ymm2
+        vpand	%ymm7, %ymm3, %ymm3
+        vpaddd	%ymm2, %ymm4, %ymm4
+        vpaddd	%ymm3, %ymm5, %ymm5
+        vpcmpgtd	%ymm4, %ymm12, %ymm0
+        vpcmpgtd	%ymm5, %ymm12, %ymm1
+        vpand	%ymm0, %ymm4, %ymm4
+        vpand	%ymm1, %ymm5, %ymm5
+        vpsrad	$31, %ymm4, %ymm0
+        vpsrad	$31, %ymm5, %ymm1
+        vpand	%ymm12, %ymm0, %ymm0
+        vpand	%ymm12, %ymm1, %ymm1
+        vpaddd	%ymm0, %ymm4, %ymm4
+        vpaddd	%ymm1, %ymm5, %ymm5
+        vmovdqu	%ymm4, 576(%rdi)
+        vmovdqu	%ymm5, 608(%rdi)
+        vmovdqu	640(%rdi), %ymm0
+        vmovdqu	672(%rdi), %ymm1
+        vpsrad	$31, %ymm0, %ymm2
+        vpsrad	$31, %ymm1, %ymm3
+        vpand	%ymm8, %ymm2, %ymm2
+        vpand	%ymm8, %ymm3, %ymm3
+        vpaddd	%ymm2, %ymm0, %ymm0
+        vpaddd	%ymm3, %ymm1, %ymm1
+        vpmulld	%ymm12, %ymm0, %ymm4
+        vpmulld	%ymm12, %ymm1, %ymm5
+        vpaddd	%ymm11, %ymm4, %ymm4
+        vpaddd	%ymm11, %ymm5, %ymm5
+        vpsrld	$23, %ymm4, %ymm4
+        vpsrld	$23, %ymm5, %ymm5
+        vpmulld	%ymm10, %ymm4, %ymm2
+        vpmulld	%ymm10, %ymm5, %ymm3
+        vpsubd	%ymm2, %ymm0, %ymm2
+        vpsubd	%ymm3, %ymm1, %ymm3
+        vpsubd	%ymm2, %ymm9, %ymm2
+        vpsubd	%ymm3, %ymm9, %ymm3
+        vpsrld	$31, %ymm2, %ymm2
+        vpsrld	$31, %ymm3, %ymm3
+        vpaddd	%ymm2, %ymm4, %ymm4
+        vpaddd	%ymm3, %ymm5, %ymm5
+        vpmulld	%ymm10, %ymm4, %ymm2
+        vpmulld	%ymm10, %ymm5, %ymm3
+        vpsubd	%ymm2, %ymm0, %ymm2
+        vpsubd	%ymm3, %ymm1, %ymm3
+        vpcmpeqd	%ymm12, %ymm4, %ymm0
+        vpcmpeqd	%ymm12, %ymm5, %ymm1
+        vpaddd	%ymm0, %ymm2, %ymm2
+        vpaddd	%ymm1, %ymm3, %ymm3
+        vpcmpgtd	%ymm4, %ymm12, %ymm0
+        vpcmpgtd	%ymm5, %ymm12, %ymm1
+        vpand	%ymm0, %ymm4, %ymm4
+        vpand	%ymm1, %ymm5, %ymm5
+        movq	$0x01, %r9
+        xorq	%r10, %r10
+        xorq	%rcx, %rcx
+L_mldsa_use_hint_88_avx2_hints_next_0_10:
+        cmp	%dl, %al
+        jge	L_mldsa_use_hint_88_avx2_hints_done_0_10
+        mov	%r8b, %cl
+        sub	$0xa0, %cl
+        cmpq	$16, %rcx
+        jge	L_mldsa_use_hint_88_avx2_hints_done_0_10
+        mov	%r9, %r11
+        shlq	%cl, %r11
+        orq	%r11, %r10
+        inc	%al
+        mov	(%rsi,%rax,1), %r8b
+        jmp	L_mldsa_use_hint_88_avx2_hints_next_0_10
+L_mldsa_use_hint_88_avx2_hints_done_0_10:
+        movd	%r10d, %xmm6
+        shr	$8, %r10
+        movd	%r10d, %xmm7
+        vpbroadcastd	%xmm6, %ymm6
+        vpbroadcastd	%xmm7, %ymm7
+        vpsllvd	%ymm13, %ymm6, %ymm6
+        vpsllvd	%ymm13, %ymm7, %ymm7
+        vpsrad	$31, %ymm6, %ymm6
+        vpsrad	$31, %ymm7, %ymm7
+        vpsrld	$31, %ymm2, %ymm2
+        vpsrld	$31, %ymm3, %ymm3
+        vpslld	$0x01, %ymm2, %ymm2
+        vpslld	$0x01, %ymm3, %ymm3
+        vpsubd	%ymm2, %ymm14, %ymm2
+        vpsubd	%ymm3, %ymm14, %ymm3
+        vpand	%ymm6, %ymm2, %ymm2
+        vpand	%ymm7, %ymm3, %ymm3
+        vpaddd	%ymm2, %ymm4, %ymm4
+        vpaddd	%ymm3, %ymm5, %ymm5
+        vpcmpgtd	%ymm4, %ymm12, %ymm0
+        vpcmpgtd	%ymm5, %ymm12, %ymm1
+        vpand	%ymm0, %ymm4, %ymm4
+        vpand	%ymm1, %ymm5, %ymm5
+        vpsrad	$31, %ymm4, %ymm0
+        vpsrad	$31, %ymm5, %ymm1
+        vpand	%ymm12, %ymm0, %ymm0
+        vpand	%ymm12, %ymm1, %ymm1
+        vpaddd	%ymm0, %ymm4, %ymm4
+        vpaddd	%ymm1, %ymm5, %ymm5
+        vmovdqu	%ymm4, 640(%rdi)
+        vmovdqu	%ymm5, 672(%rdi)
+        vmovdqu	704(%rdi), %ymm0
+        vmovdqu	736(%rdi), %ymm1
+        vpsrad	$31, %ymm0, %ymm2
+        vpsrad	$31, %ymm1, %ymm3
+        vpand	%ymm8, %ymm2, %ymm2
+        vpand	%ymm8, %ymm3, %ymm3
+        vpaddd	%ymm2, %ymm0, %ymm0
+        vpaddd	%ymm3, %ymm1, %ymm1
+        vpmulld	%ymm12, %ymm0, %ymm4
+        vpmulld	%ymm12, %ymm1, %ymm5
+        vpaddd	%ymm11, %ymm4, %ymm4
+        vpaddd	%ymm11, %ymm5, %ymm5
+        vpsrld	$23, %ymm4, %ymm4
+        vpsrld	$23, %ymm5, %ymm5
+        vpmulld	%ymm10, %ymm4, %ymm2
+        vpmulld	%ymm10, %ymm5, %ymm3
+        vpsubd	%ymm2, %ymm0, %ymm2
+        vpsubd	%ymm3, %ymm1, %ymm3
+        vpsubd	%ymm2, %ymm9, %ymm2
+        vpsubd	%ymm3, %ymm9, %ymm3
+        vpsrld	$31, %ymm2, %ymm2
+        vpsrld	$31, %ymm3, %ymm3
+        vpaddd	%ymm2, %ymm4, %ymm4
+        vpaddd	%ymm3, %ymm5, %ymm5
+        vpmulld	%ymm10, %ymm4, %ymm2
+        vpmulld	%ymm10, %ymm5, %ymm3
+        vpsubd	%ymm2, %ymm0, %ymm2
+        vpsubd	%ymm3, %ymm1, %ymm3
+        vpcmpeqd	%ymm12, %ymm4, %ymm0
+        vpcmpeqd	%ymm12, %ymm5, %ymm1
+        vpaddd	%ymm0, %ymm2, %ymm2
+        vpaddd	%ymm1, %ymm3, %ymm3
+        vpcmpgtd	%ymm4, %ymm12, %ymm0
+        vpcmpgtd	%ymm5, %ymm12, %ymm1
+        vpand	%ymm0, %ymm4, %ymm4
+        vpand	%ymm1, %ymm5, %ymm5
+        movq	$0x01, %r9
+        xorq	%r10, %r10
+        xorq	%rcx, %rcx
+L_mldsa_use_hint_88_avx2_hints_next_0_11:
+        cmp	%dl, %al
+        jge	L_mldsa_use_hint_88_avx2_hints_done_0_11
+        mov	%r8b, %cl
+        sub	$0xb0, %cl
+        cmpq	$16, %rcx
+        jge	L_mldsa_use_hint_88_avx2_hints_done_0_11
+        mov	%r9, %r11
+        shlq	%cl, %r11
+        orq	%r11, %r10
+        inc	%al
+        mov	(%rsi,%rax,1), %r8b
+        jmp	L_mldsa_use_hint_88_avx2_hints_next_0_11
+L_mldsa_use_hint_88_avx2_hints_done_0_11:
+        movd	%r10d, %xmm6
+        shr	$8, %r10
+        movd	%r10d, %xmm7
+        vpbroadcastd	%xmm6, %ymm6
+        vpbroadcastd	%xmm7, %ymm7
+        vpsllvd	%ymm13, %ymm6, %ymm6
+        vpsllvd	%ymm13, %ymm7, %ymm7
+        vpsrad	$31, %ymm6, %ymm6
+        vpsrad	$31, %ymm7, %ymm7
+        vpsrld	$31, %ymm2, %ymm2
+        vpsrld	$31, %ymm3, %ymm3
+        vpslld	$0x01, %ymm2, %ymm2
+        vpslld	$0x01, %ymm3, %ymm3
+        vpsubd	%ymm2, %ymm14, %ymm2
+        vpsubd	%ymm3, %ymm14, %ymm3
+        vpand	%ymm6, %ymm2, %ymm2
+        vpand	%ymm7, %ymm3, %ymm3
+        vpaddd	%ymm2, %ymm4, %ymm4
+        vpaddd	%ymm3, %ymm5, %ymm5
+        vpcmpgtd	%ymm4, %ymm12, %ymm0
+        vpcmpgtd	%ymm5, %ymm12, %ymm1
+        vpand	%ymm0, %ymm4, %ymm4
+        vpand	%ymm1, %ymm5, %ymm5
+        vpsrad	$31, %ymm4, %ymm0
+        vpsrad	$31, %ymm5, %ymm1
+        vpand	%ymm12, %ymm0, %ymm0
+        vpand	%ymm12, %ymm1, %ymm1
+        vpaddd	%ymm0, %ymm4, %ymm4
+        vpaddd	%ymm1, %ymm5, %ymm5
+        vmovdqu	%ymm4, 704(%rdi)
+        vmovdqu	%ymm5, 736(%rdi)
+        vmovdqu	768(%rdi), %ymm0
+        vmovdqu	800(%rdi), %ymm1
+        vpsrad	$31, %ymm0, %ymm2
+        vpsrad	$31, %ymm1, %ymm3
+        vpand	%ymm8, %ymm2, %ymm2
+        vpand	%ymm8, %ymm3, %ymm3
+        vpaddd	%ymm2, %ymm0, %ymm0
+        vpaddd	%ymm3, %ymm1, %ymm1
+        vpmulld	%ymm12, %ymm0, %ymm4
+        vpmulld	%ymm12, %ymm1, %ymm5
+        vpaddd	%ymm11, %ymm4, %ymm4
+        vpaddd	%ymm11, %ymm5, %ymm5
+        vpsrld	$23, %ymm4, %ymm4
+        vpsrld	$23, %ymm5, %ymm5
+        vpmulld	%ymm10, %ymm4, %ymm2
+        vpmulld	%ymm10, %ymm5, %ymm3
+        vpsubd	%ymm2, %ymm0, %ymm2
+        vpsubd	%ymm3, %ymm1, %ymm3
+        vpsubd	%ymm2, %ymm9, %ymm2
+        vpsubd	%ymm3, %ymm9, %ymm3
+        vpsrld	$31, %ymm2, %ymm2
+        vpsrld	$31, %ymm3, %ymm3
+        vpaddd	%ymm2, %ymm4, %ymm4
+        vpaddd	%ymm3, %ymm5, %ymm5
+        vpmulld	%ymm10, %ymm4, %ymm2
+        vpmulld	%ymm10, %ymm5, %ymm3
+        vpsubd	%ymm2, %ymm0, %ymm2
+        vpsubd	%ymm3, %ymm1, %ymm3
+        vpcmpeqd	%ymm12, %ymm4, %ymm0
+        vpcmpeqd	%ymm12, %ymm5, %ymm1
+        vpaddd	%ymm0, %ymm2, %ymm2
+        vpaddd	%ymm1, %ymm3, %ymm3
+        vpcmpgtd	%ymm4, %ymm12, %ymm0
+        vpcmpgtd	%ymm5, %ymm12, %ymm1
+        vpand	%ymm0, %ymm4, %ymm4
+        vpand	%ymm1, %ymm5, %ymm5
+        movq	$0x01, %r9
+        xorq	%r10, %r10
+        xorq	%rcx, %rcx
+L_mldsa_use_hint_88_avx2_hints_next_0_12:
+        cmp	%dl, %al
+        jge	L_mldsa_use_hint_88_avx2_hints_done_0_12
+        mov	%r8b, %cl
+        sub	$0xc0, %cl
+        cmpq	$16, %rcx
+        jge	L_mldsa_use_hint_88_avx2_hints_done_0_12
+        mov	%r9, %r11
+        shlq	%cl, %r11
+        orq	%r11, %r10
+        inc	%al
+        mov	(%rsi,%rax,1), %r8b
+        jmp	L_mldsa_use_hint_88_avx2_hints_next_0_12
+L_mldsa_use_hint_88_avx2_hints_done_0_12:
+        movd	%r10d, %xmm6
+        shr	$8, %r10
+        movd	%r10d, %xmm7
+        vpbroadcastd	%xmm6, %ymm6
+        vpbroadcastd	%xmm7, %ymm7
+        vpsllvd	%ymm13, %ymm6, %ymm6
+        vpsllvd	%ymm13, %ymm7, %ymm7
+        vpsrad	$31, %ymm6, %ymm6
+        vpsrad	$31, %ymm7, %ymm7
+        vpsrld	$31, %ymm2, %ymm2
+        vpsrld	$31, %ymm3, %ymm3
+        vpslld	$0x01, %ymm2, %ymm2
+        vpslld	$0x01, %ymm3, %ymm3
+        vpsubd	%ymm2, %ymm14, %ymm2
+        vpsubd	%ymm3, %ymm14, %ymm3
+        vpand	%ymm6, %ymm2, %ymm2
+        vpand	%ymm7, %ymm3, %ymm3
+        vpaddd	%ymm2, %ymm4, %ymm4
+        vpaddd	%ymm3, %ymm5, %ymm5
+        vpcmpgtd	%ymm4, %ymm12, %ymm0
+        vpcmpgtd	%ymm5, %ymm12, %ymm1
+        vpand	%ymm0, %ymm4, %ymm4
+        vpand	%ymm1, %ymm5, %ymm5
+        vpsrad	$31, %ymm4, %ymm0
+        vpsrad	$31, %ymm5, %ymm1
+        vpand	%ymm12, %ymm0, %ymm0
+        vpand	%ymm12, %ymm1, %ymm1
+        vpaddd	%ymm0, %ymm4, %ymm4
+        vpaddd	%ymm1, %ymm5, %ymm5
+        vmovdqu	%ymm4, 768(%rdi)
+        vmovdqu	%ymm5, 800(%rdi)
+        vmovdqu	832(%rdi), %ymm0
+        vmovdqu	864(%rdi), %ymm1
+        vpsrad	$31, %ymm0, %ymm2
+        vpsrad	$31, %ymm1, %ymm3
+        vpand	%ymm8, %ymm2, %ymm2
+        vpand	%ymm8, %ymm3, %ymm3
+        vpaddd	%ymm2, %ymm0, %ymm0
+        vpaddd	%ymm3, %ymm1, %ymm1
+        vpmulld	%ymm12, %ymm0, %ymm4
+        vpmulld	%ymm12, %ymm1, %ymm5
+        vpaddd	%ymm11, %ymm4, %ymm4
+        vpaddd	%ymm11, %ymm5, %ymm5
+        vpsrld	$23, %ymm4, %ymm4
+        vpsrld	$23, %ymm5, %ymm5
+        vpmulld	%ymm10, %ymm4, %ymm2
+        vpmulld	%ymm10, %ymm5, %ymm3
+        vpsubd	%ymm2, %ymm0, %ymm2
+        vpsubd	%ymm3, %ymm1, %ymm3
+        vpsubd	%ymm2, %ymm9, %ymm2
+        vpsubd	%ymm3, %ymm9, %ymm3
+        vpsrld	$31, %ymm2, %ymm2
+        vpsrld	$31, %ymm3, %ymm3
+        vpaddd	%ymm2, %ymm4, %ymm4
+        vpaddd	%ymm3, %ymm5, %ymm5
+        vpmulld	%ymm10, %ymm4, %ymm2
+        vpmulld	%ymm10, %ymm5, %ymm3
+        vpsubd	%ymm2, %ymm0, %ymm2
+        vpsubd	%ymm3, %ymm1, %ymm3
+        vpcmpeqd	%ymm12, %ymm4, %ymm0
+        vpcmpeqd	%ymm12, %ymm5, %ymm1
+        vpaddd	%ymm0, %ymm2, %ymm2
+        vpaddd	%ymm1, %ymm3, %ymm3
+        vpcmpgtd	%ymm4, %ymm12, %ymm0
+        vpcmpgtd	%ymm5, %ymm12, %ymm1
+        vpand	%ymm0, %ymm4, %ymm4
+        vpand	%ymm1, %ymm5, %ymm5
+        movq	$0x01, %r9
+        xorq	%r10, %r10
+        xorq	%rcx, %rcx
+L_mldsa_use_hint_88_avx2_hints_next_0_13:
+        cmp	%dl, %al
+        jge	L_mldsa_use_hint_88_avx2_hints_done_0_13
+        mov	%r8b, %cl
+        sub	$0xd0, %cl
+        cmpq	$16, %rcx
+        jge	L_mldsa_use_hint_88_avx2_hints_done_0_13
+        mov	%r9, %r11
+        shlq	%cl, %r11
+        orq	%r11, %r10
+        inc	%al
+        mov	(%rsi,%rax,1), %r8b
+        jmp	L_mldsa_use_hint_88_avx2_hints_next_0_13
+L_mldsa_use_hint_88_avx2_hints_done_0_13:
+        movd	%r10d, %xmm6
+        shr	$8, %r10
+        movd	%r10d, %xmm7
+        vpbroadcastd	%xmm6, %ymm6
+        vpbroadcastd	%xmm7, %ymm7
+        vpsllvd	%ymm13, %ymm6, %ymm6
+        vpsllvd	%ymm13, %ymm7, %ymm7
+        vpsrad	$31, %ymm6, %ymm6
+        vpsrad	$31, %ymm7, %ymm7
+        vpsrld	$31, %ymm2, %ymm2
+        vpsrld	$31, %ymm3, %ymm3
+        vpslld	$0x01, %ymm2, %ymm2
+        vpslld	$0x01, %ymm3, %ymm3
+        vpsubd	%ymm2, %ymm14, %ymm2
+        vpsubd	%ymm3, %ymm14, %ymm3
+        vpand	%ymm6, %ymm2, %ymm2
+        vpand	%ymm7, %ymm3, %ymm3
+        vpaddd	%ymm2, %ymm4, %ymm4
+        vpaddd	%ymm3, %ymm5, %ymm5
+        vpcmpgtd	%ymm4, %ymm12, %ymm0
+        vpcmpgtd	%ymm5, %ymm12, %ymm1
+        vpand	%ymm0, %ymm4, %ymm4
+        vpand	%ymm1, %ymm5, %ymm5
+        vpsrad	$31, %ymm4, %ymm0
+        vpsrad	$31, %ymm5, %ymm1
+        vpand	%ymm12, %ymm0, %ymm0
+        vpand	%ymm12, %ymm1, %ymm1
+        vpaddd	%ymm0, %ymm4, %ymm4
+        vpaddd	%ymm1, %ymm5, %ymm5
+        vmovdqu	%ymm4, 832(%rdi)
+        vmovdqu	%ymm5, 864(%rdi)
+        vmovdqu	896(%rdi), %ymm0
+        vmovdqu	928(%rdi), %ymm1
+        vpsrad	$31, %ymm0, %ymm2
+        vpsrad	$31, %ymm1, %ymm3
+        vpand	%ymm8, %ymm2, %ymm2
+        vpand	%ymm8, %ymm3, %ymm3
+        vpaddd	%ymm2, %ymm0, %ymm0
+        vpaddd	%ymm3, %ymm1, %ymm1
+        vpmulld	%ymm12, %ymm0, %ymm4
+        vpmulld	%ymm12, %ymm1, %ymm5
+        vpaddd	%ymm11, %ymm4, %ymm4
+        vpaddd	%ymm11, %ymm5, %ymm5
+        vpsrld	$23, %ymm4, %ymm4
+        vpsrld	$23, %ymm5, %ymm5
+        vpmulld	%ymm10, %ymm4, %ymm2
+        vpmulld	%ymm10, %ymm5, %ymm3
+        vpsubd	%ymm2, %ymm0, %ymm2
+        vpsubd	%ymm3, %ymm1, %ymm3
+        vpsubd	%ymm2, %ymm9, %ymm2
+        vpsubd	%ymm3, %ymm9, %ymm3
+        vpsrld	$31, %ymm2, %ymm2
+        vpsrld	$31, %ymm3, %ymm3
+        vpaddd	%ymm2, %ymm4, %ymm4
+        vpaddd	%ymm3, %ymm5, %ymm5
+        vpmulld	%ymm10, %ymm4, %ymm2
+        vpmulld	%ymm10, %ymm5, %ymm3
+        vpsubd	%ymm2, %ymm0, %ymm2
+        vpsubd	%ymm3, %ymm1, %ymm3
+        vpcmpeqd	%ymm12, %ymm4, %ymm0
+        vpcmpeqd	%ymm12, %ymm5, %ymm1
+        vpaddd	%ymm0, %ymm2, %ymm2
+        vpaddd	%ymm1, %ymm3, %ymm3
+        vpcmpgtd	%ymm4, %ymm12, %ymm0
+        vpcmpgtd	%ymm5, %ymm12, %ymm1
+        vpand	%ymm0, %ymm4, %ymm4
+        vpand	%ymm1, %ymm5, %ymm5
+        movq	$0x01, %r9
+        xorq	%r10, %r10
+        xorq	%rcx, %rcx
+L_mldsa_use_hint_88_avx2_hints_next_0_14:
+        cmp	%dl, %al
+        jge	L_mldsa_use_hint_88_avx2_hints_done_0_14
+        mov	%r8b, %cl
+        sub	$0xe0, %cl
+        cmpq	$16, %rcx
+        jge	L_mldsa_use_hint_88_avx2_hints_done_0_14
+        mov	%r9, %r11
+        shlq	%cl, %r11
+        orq	%r11, %r10
+        inc	%al
+        mov	(%rsi,%rax,1), %r8b
+        jmp	L_mldsa_use_hint_88_avx2_hints_next_0_14
+L_mldsa_use_hint_88_avx2_hints_done_0_14:
+        movd	%r10d, %xmm6
+        shr	$8, %r10
+        movd	%r10d, %xmm7
+        vpbroadcastd	%xmm6, %ymm6
+        vpbroadcastd	%xmm7, %ymm7
+        vpsllvd	%ymm13, %ymm6, %ymm6
+        vpsllvd	%ymm13, %ymm7, %ymm7
+        vpsrad	$31, %ymm6, %ymm6
+        vpsrad	$31, %ymm7, %ymm7
+        vpsrld	$31, %ymm2, %ymm2
+        vpsrld	$31, %ymm3, %ymm3
+        vpslld	$0x01, %ymm2, %ymm2
+        vpslld	$0x01, %ymm3, %ymm3
+        vpsubd	%ymm2, %ymm14, %ymm2
+        vpsubd	%ymm3, %ymm14, %ymm3
+        vpand	%ymm6, %ymm2, %ymm2
+        vpand	%ymm7, %ymm3, %ymm3
+        vpaddd	%ymm2, %ymm4, %ymm4
+        vpaddd	%ymm3, %ymm5, %ymm5
+        vpcmpgtd	%ymm4, %ymm12, %ymm0
+        vpcmpgtd	%ymm5, %ymm12, %ymm1
+        vpand	%ymm0, %ymm4, %ymm4
+        vpand	%ymm1, %ymm5, %ymm5
+        vpsrad	$31, %ymm4, %ymm0
+        vpsrad	$31, %ymm5, %ymm1
+        vpand	%ymm12, %ymm0, %ymm0
+        vpand	%ymm12, %ymm1, %ymm1
+        vpaddd	%ymm0, %ymm4, %ymm4
+        vpaddd	%ymm1, %ymm5, %ymm5
+        vmovdqu	%ymm4, 896(%rdi)
+        vmovdqu	%ymm5, 928(%rdi)
+        vmovdqu	960(%rdi), %ymm0
+        vmovdqu	992(%rdi), %ymm1
+        vpsrad	$31, %ymm0, %ymm2
+        vpsrad	$31, %ymm1, %ymm3
+        vpand	%ymm8, %ymm2, %ymm2
+        vpand	%ymm8, %ymm3, %ymm3
+        vpaddd	%ymm2, %ymm0, %ymm0
+        vpaddd	%ymm3, %ymm1, %ymm1
+        vpmulld	%ymm12, %ymm0, %ymm4
+        vpmulld	%ymm12, %ymm1, %ymm5
+        vpaddd	%ymm11, %ymm4, %ymm4
+        vpaddd	%ymm11, %ymm5, %ymm5
+        vpsrld	$23, %ymm4, %ymm4
+        vpsrld	$23, %ymm5, %ymm5
+        vpmulld	%ymm10, %ymm4, %ymm2
+        vpmulld	%ymm10, %ymm5, %ymm3
+        vpsubd	%ymm2, %ymm0, %ymm2
+        vpsubd	%ymm3, %ymm1, %ymm3
+        vpsubd	%ymm2, %ymm9, %ymm2
+        vpsubd	%ymm3, %ymm9, %ymm3
+        vpsrld	$31, %ymm2, %ymm2
+        vpsrld	$31, %ymm3, %ymm3
+        vpaddd	%ymm2, %ymm4, %ymm4
+        vpaddd	%ymm3, %ymm5, %ymm5
+        vpmulld	%ymm10, %ymm4, %ymm2
+        vpmulld	%ymm10, %ymm5, %ymm3
+        vpsubd	%ymm2, %ymm0, %ymm2
+        vpsubd	%ymm3, %ymm1, %ymm3
+        vpcmpeqd	%ymm12, %ymm4, %ymm0
+        vpcmpeqd	%ymm12, %ymm5, %ymm1
+        vpaddd	%ymm0, %ymm2, %ymm2
+        vpaddd	%ymm1, %ymm3, %ymm3
+        vpcmpgtd	%ymm4, %ymm12, %ymm0
+        vpcmpgtd	%ymm5, %ymm12, %ymm1
+        vpand	%ymm0, %ymm4, %ymm4
+        vpand	%ymm1, %ymm5, %ymm5
+        movq	$0x01, %r9
+        xorq	%r10, %r10
+        xorq	%rcx, %rcx
+L_mldsa_use_hint_88_avx2_hints_next_0_15:
+        cmp	%dl, %al
+        jge	L_mldsa_use_hint_88_avx2_hints_done_0_15
+        mov	%r8b, %cl
+        sub	$0xf0, %cl
+        cmpq	$16, %rcx
+        jge	L_mldsa_use_hint_88_avx2_hints_done_0_15
+        mov	%r9, %r11
+        shlq	%cl, %r11
+        orq	%r11, %r10
+        inc	%al
+        mov	(%rsi,%rax,1), %r8b
+        jmp	L_mldsa_use_hint_88_avx2_hints_next_0_15
+L_mldsa_use_hint_88_avx2_hints_done_0_15:
+        movd	%r10d, %xmm6
+        shr	$8, %r10
+        movd	%r10d, %xmm7
+        vpbroadcastd	%xmm6, %ymm6
+        vpbroadcastd	%xmm7, %ymm7
+        vpsllvd	%ymm13, %ymm6, %ymm6
+        vpsllvd	%ymm13, %ymm7, %ymm7
+        vpsrad	$31, %ymm6, %ymm6
+        vpsrad	$31, %ymm7, %ymm7
+        vpsrld	$31, %ymm2, %ymm2
+        vpsrld	$31, %ymm3, %ymm3
+        vpslld	$0x01, %ymm2, %ymm2
+        vpslld	$0x01, %ymm3, %ymm3
+        vpsubd	%ymm2, %ymm14, %ymm2
+        vpsubd	%ymm3, %ymm14, %ymm3
+        vpand	%ymm6, %ymm2, %ymm2
+        vpand	%ymm7, %ymm3, %ymm3
+        vpaddd	%ymm2, %ymm4, %ymm4
+        vpaddd	%ymm3, %ymm5, %ymm5
+        vpcmpgtd	%ymm4, %ymm12, %ymm0
+        vpcmpgtd	%ymm5, %ymm12, %ymm1
+        vpand	%ymm0, %ymm4, %ymm4
+        vpand	%ymm1, %ymm5, %ymm5
+        vpsrad	$31, %ymm4, %ymm0
+        vpsrad	$31, %ymm5, %ymm1
+        vpand	%ymm12, %ymm0, %ymm0
+        vpand	%ymm12, %ymm1, %ymm1
+        vpaddd	%ymm0, %ymm4, %ymm4
+        vpaddd	%ymm1, %ymm5, %ymm5
+        vmovdqu	%ymm4, 960(%rdi)
+        vmovdqu	%ymm5, 992(%rdi)
+        # 2/4 vectors
+        mov	81(%rsi), %dl
+        vmovdqu	1024(%rdi), %ymm0
+        vmovdqu	1056(%rdi), %ymm1
+        vpsrad	$31, %ymm0, %ymm2
+        vpsrad	$31, %ymm1, %ymm3
+        vpand	%ymm8, %ymm2, %ymm2
+        vpand	%ymm8, %ymm3, %ymm3
+        vpaddd	%ymm2, %ymm0, %ymm0
+        vpaddd	%ymm3, %ymm1, %ymm1
+        vpmulld	%ymm12, %ymm0, %ymm4
+        vpmulld	%ymm12, %ymm1, %ymm5
+        vpaddd	%ymm11, %ymm4, %ymm4
+        vpaddd	%ymm11, %ymm5, %ymm5
+        vpsrld	$23, %ymm4, %ymm4
+        vpsrld	$23, %ymm5, %ymm5
+        vpmulld	%ymm10, %ymm4, %ymm2
+        vpmulld	%ymm10, %ymm5, %ymm3
+        vpsubd	%ymm2, %ymm0, %ymm2
+        vpsubd	%ymm3, %ymm1, %ymm3
+        vpsubd	%ymm2, %ymm9, %ymm2
+        vpsubd	%ymm3, %ymm9, %ymm3
+        vpsrld	$31, %ymm2, %ymm2
+        vpsrld	$31, %ymm3, %ymm3
+        vpaddd	%ymm2, %ymm4, %ymm4
+        vpaddd	%ymm3, %ymm5, %ymm5
+        vpmulld	%ymm10, %ymm4, %ymm2
+        vpmulld	%ymm10, %ymm5, %ymm3
+        vpsubd	%ymm2, %ymm0, %ymm2
+        vpsubd	%ymm3, %ymm1, %ymm3
+        vpcmpeqd	%ymm12, %ymm4, %ymm0
+        vpcmpeqd	%ymm12, %ymm5, %ymm1
+        vpaddd	%ymm0, %ymm2, %ymm2
+        vpaddd	%ymm1, %ymm3, %ymm3
+        vpcmpgtd	%ymm4, %ymm12, %ymm0
+        vpcmpgtd	%ymm5, %ymm12, %ymm1
+        vpand	%ymm0, %ymm4, %ymm4
+        vpand	%ymm1, %ymm5, %ymm5
+        movq	$0x01, %r9
+        xorq	%r10, %r10
+        xorq	%rcx, %rcx
+L_mldsa_use_hint_88_avx2_hints_next_1_0:
+        cmp	%dl, %al
+        jge	L_mldsa_use_hint_88_avx2_hints_done_1_0
+        mov	%r8b, %cl
+        cmpq	$16, %rcx
+        jge	L_mldsa_use_hint_88_avx2_hints_done_1_0
+        mov	%r9, %r11
+        shlq	%cl, %r11
+        orq	%r11, %r10
+        inc	%al
+        mov	(%rsi,%rax,1), %r8b
+        jmp	L_mldsa_use_hint_88_avx2_hints_next_1_0
+L_mldsa_use_hint_88_avx2_hints_done_1_0:
+        movd	%r10d, %xmm6
+        shr	$8, %r10
+        movd	%r10d, %xmm7
+        vpbroadcastd	%xmm6, %ymm6
+        vpbroadcastd	%xmm7, %ymm7
+        vpsllvd	%ymm13, %ymm6, %ymm6
+        vpsllvd	%ymm13, %ymm7, %ymm7
+        vpsrad	$31, %ymm6, %ymm6
+        vpsrad	$31, %ymm7, %ymm7
+        vpsrld	$31, %ymm2, %ymm2
+        vpsrld	$31, %ymm3, %ymm3
+        vpslld	$0x01, %ymm2, %ymm2
+        vpslld	$0x01, %ymm3, %ymm3
+        vpsubd	%ymm2, %ymm14, %ymm2
+        vpsubd	%ymm3, %ymm14, %ymm3
+        vpand	%ymm6, %ymm2, %ymm2
+        vpand	%ymm7, %ymm3, %ymm3
+        vpaddd	%ymm2, %ymm4, %ymm4
+        vpaddd	%ymm3, %ymm5, %ymm5
+        vpcmpgtd	%ymm4, %ymm12, %ymm0
+        vpcmpgtd	%ymm5, %ymm12, %ymm1
+        vpand	%ymm0, %ymm4, %ymm4
+        vpand	%ymm1, %ymm5, %ymm5
+        vpsrad	$31, %ymm4, %ymm0
+        vpsrad	$31, %ymm5, %ymm1
+        vpand	%ymm12, %ymm0, %ymm0
+        vpand	%ymm12, %ymm1, %ymm1
+        vpaddd	%ymm0, %ymm4, %ymm4
+        vpaddd	%ymm1, %ymm5, %ymm5
+        vmovdqu	%ymm4, 1024(%rdi)
+        vmovdqu	%ymm5, 1056(%rdi)
+        vmovdqu	1088(%rdi), %ymm0
+        vmovdqu	1120(%rdi), %ymm1
+        vpsrad	$31, %ymm0, %ymm2
+        vpsrad	$31, %ymm1, %ymm3
+        vpand	%ymm8, %ymm2, %ymm2
+        vpand	%ymm8, %ymm3, %ymm3
+        vpaddd	%ymm2, %ymm0, %ymm0
+        vpaddd	%ymm3, %ymm1, %ymm1
+        vpmulld	%ymm12, %ymm0, %ymm4
+        vpmulld	%ymm12, %ymm1, %ymm5
+        vpaddd	%ymm11, %ymm4, %ymm4
+        vpaddd	%ymm11, %ymm5, %ymm5
+        vpsrld	$23, %ymm4, %ymm4
+        vpsrld	$23, %ymm5, %ymm5
+        vpmulld	%ymm10, %ymm4, %ymm2
+        vpmulld	%ymm10, %ymm5, %ymm3
+        vpsubd	%ymm2, %ymm0, %ymm2
+        vpsubd	%ymm3, %ymm1, %ymm3
+        vpsubd	%ymm2, %ymm9, %ymm2
+        vpsubd	%ymm3, %ymm9, %ymm3
+        vpsrld	$31, %ymm2, %ymm2
+        vpsrld	$31, %ymm3, %ymm3
+        vpaddd	%ymm2, %ymm4, %ymm4
+        vpaddd	%ymm3, %ymm5, %ymm5
+        vpmulld	%ymm10, %ymm4, %ymm2
+        vpmulld	%ymm10, %ymm5, %ymm3
+        vpsubd	%ymm2, %ymm0, %ymm2
+        vpsubd	%ymm3, %ymm1, %ymm3
+        vpcmpeqd	%ymm12, %ymm4, %ymm0
+        vpcmpeqd	%ymm12, %ymm5, %ymm1
+        vpaddd	%ymm0, %ymm2, %ymm2
+        vpaddd	%ymm1, %ymm3, %ymm3
+        vpcmpgtd	%ymm4, %ymm12, %ymm0
+        vpcmpgtd	%ymm5, %ymm12, %ymm1
+        vpand	%ymm0, %ymm4, %ymm4
+        vpand	%ymm1, %ymm5, %ymm5
+        movq	$0x01, %r9
+        xorq	%r10, %r10
+        xorq	%rcx, %rcx
+L_mldsa_use_hint_88_avx2_hints_next_1_1:
+        cmp	%dl, %al
+        jge	L_mldsa_use_hint_88_avx2_hints_done_1_1
+        mov	%r8b, %cl
+        sub	$16, %cl
+        cmpq	$16, %rcx
+        jge	L_mldsa_use_hint_88_avx2_hints_done_1_1
+        mov	%r9, %r11
+        shlq	%cl, %r11
+        orq	%r11, %r10
+        inc	%al
+        mov	(%rsi,%rax,1), %r8b
+        jmp	L_mldsa_use_hint_88_avx2_hints_next_1_1
+L_mldsa_use_hint_88_avx2_hints_done_1_1:
+        movd	%r10d, %xmm6
+        shr	$8, %r10
+        movd	%r10d, %xmm7
+        vpbroadcastd	%xmm6, %ymm6
+        vpbroadcastd	%xmm7, %ymm7
+        vpsllvd	%ymm13, %ymm6, %ymm6
+        vpsllvd	%ymm13, %ymm7, %ymm7
+        vpsrad	$31, %ymm6, %ymm6
+        vpsrad	$31, %ymm7, %ymm7
+        vpsrld	$31, %ymm2, %ymm2
+        vpsrld	$31, %ymm3, %ymm3
+        vpslld	$0x01, %ymm2, %ymm2
+        vpslld	$0x01, %ymm3, %ymm3
+        vpsubd	%ymm2, %ymm14, %ymm2
+        vpsubd	%ymm3, %ymm14, %ymm3
+        vpand	%ymm6, %ymm2, %ymm2
+        vpand	%ymm7, %ymm3, %ymm3
+        vpaddd	%ymm2, %ymm4, %ymm4
+        vpaddd	%ymm3, %ymm5, %ymm5
+        vpcmpgtd	%ymm4, %ymm12, %ymm0
+        vpcmpgtd	%ymm5, %ymm12, %ymm1
+        vpand	%ymm0, %ymm4, %ymm4
+        vpand	%ymm1, %ymm5, %ymm5
+        vpsrad	$31, %ymm4, %ymm0
+        vpsrad	$31, %ymm5, %ymm1
+        vpand	%ymm12, %ymm0, %ymm0
+        vpand	%ymm12, %ymm1, %ymm1
+        vpaddd	%ymm0, %ymm4, %ymm4
+        vpaddd	%ymm1, %ymm5, %ymm5
+        vmovdqu	%ymm4, 1088(%rdi)
+        vmovdqu	%ymm5, 1120(%rdi)
+        vmovdqu	1152(%rdi), %ymm0
+        vmovdqu	1184(%rdi), %ymm1
+        vpsrad	$31, %ymm0, %ymm2
+        vpsrad	$31, %ymm1, %ymm3
+        vpand	%ymm8, %ymm2, %ymm2
+        vpand	%ymm8, %ymm3, %ymm3
+        vpaddd	%ymm2, %ymm0, %ymm0
+        vpaddd	%ymm3, %ymm1, %ymm1
+        vpmulld	%ymm12, %ymm0, %ymm4
+        vpmulld	%ymm12, %ymm1, %ymm5
+        vpaddd	%ymm11, %ymm4, %ymm4
+        vpaddd	%ymm11, %ymm5, %ymm5
+        vpsrld	$23, %ymm4, %ymm4
+        vpsrld	$23, %ymm5, %ymm5
+        vpmulld	%ymm10, %ymm4, %ymm2
+        vpmulld	%ymm10, %ymm5, %ymm3
+        vpsubd	%ymm2, %ymm0, %ymm2
+        vpsubd	%ymm3, %ymm1, %ymm3
+        vpsubd	%ymm2, %ymm9, %ymm2
+        vpsubd	%ymm3, %ymm9, %ymm3
+        vpsrld	$31, %ymm2, %ymm2
+        vpsrld	$31, %ymm3, %ymm3
+        vpaddd	%ymm2, %ymm4, %ymm4
+        vpaddd	%ymm3, %ymm5, %ymm5
+        vpmulld	%ymm10, %ymm4, %ymm2
+        vpmulld	%ymm10, %ymm5, %ymm3
+        vpsubd	%ymm2, %ymm0, %ymm2
+        vpsubd	%ymm3, %ymm1, %ymm3
+        vpcmpeqd	%ymm12, %ymm4, %ymm0
+        vpcmpeqd	%ymm12, %ymm5, %ymm1
+        vpaddd	%ymm0, %ymm2, %ymm2
+        vpaddd	%ymm1, %ymm3, %ymm3
+        vpcmpgtd	%ymm4, %ymm12, %ymm0
+        vpcmpgtd	%ymm5, %ymm12, %ymm1
+        vpand	%ymm0, %ymm4, %ymm4
+        vpand	%ymm1, %ymm5, %ymm5
+        movq	$0x01, %r9
+        xorq	%r10, %r10
+        xorq	%rcx, %rcx
+L_mldsa_use_hint_88_avx2_hints_next_1_2:
+        cmp	%dl, %al
+        jge	L_mldsa_use_hint_88_avx2_hints_done_1_2
+        mov	%r8b, %cl
+        sub	$32, %cl
+        cmpq	$16, %rcx
+        jge	L_mldsa_use_hint_88_avx2_hints_done_1_2
+        mov	%r9, %r11
+        shlq	%cl, %r11
+        orq	%r11, %r10
+        inc	%al
+        mov	(%rsi,%rax,1), %r8b
+        jmp	L_mldsa_use_hint_88_avx2_hints_next_1_2
+L_mldsa_use_hint_88_avx2_hints_done_1_2:
+        movd	%r10d, %xmm6
+        shr	$8, %r10
+        movd	%r10d, %xmm7
+        vpbroadcastd	%xmm6, %ymm6
+        vpbroadcastd	%xmm7, %ymm7
+        vpsllvd	%ymm13, %ymm6, %ymm6
+        vpsllvd	%ymm13, %ymm7, %ymm7
+        vpsrad	$31, %ymm6, %ymm6
+        vpsrad	$31, %ymm7, %ymm7
+        vpsrld	$31, %ymm2, %ymm2
+        vpsrld	$31, %ymm3, %ymm3
+        vpslld	$0x01, %ymm2, %ymm2
+        vpslld	$0x01, %ymm3, %ymm3
+        vpsubd	%ymm2, %ymm14, %ymm2
+        vpsubd	%ymm3, %ymm14, %ymm3
+        vpand	%ymm6, %ymm2, %ymm2
+        vpand	%ymm7, %ymm3, %ymm3
+        vpaddd	%ymm2, %ymm4, %ymm4
+        vpaddd	%ymm3, %ymm5, %ymm5
+        vpcmpgtd	%ymm4, %ymm12, %ymm0
+        vpcmpgtd	%ymm5, %ymm12, %ymm1
+        vpand	%ymm0, %ymm4, %ymm4
+        vpand	%ymm1, %ymm5, %ymm5
+        vpsrad	$31, %ymm4, %ymm0
+        vpsrad	$31, %ymm5, %ymm1
+        vpand	%ymm12, %ymm0, %ymm0
+        vpand	%ymm12, %ymm1, %ymm1
+        vpaddd	%ymm0, %ymm4, %ymm4
+        vpaddd	%ymm1, %ymm5, %ymm5
+        vmovdqu	%ymm4, 1152(%rdi)
+        vmovdqu	%ymm5, 1184(%rdi)
+        vmovdqu	1216(%rdi), %ymm0
+        vmovdqu	1248(%rdi), %ymm1
+        vpsrad	$31, %ymm0, %ymm2
+        vpsrad	$31, %ymm1, %ymm3
+        vpand	%ymm8, %ymm2, %ymm2
+        vpand	%ymm8, %ymm3, %ymm3
+        vpaddd	%ymm2, %ymm0, %ymm0
+        vpaddd	%ymm3, %ymm1, %ymm1
+        vpmulld	%ymm12, %ymm0, %ymm4
+        vpmulld	%ymm12, %ymm1, %ymm5
+        vpaddd	%ymm11, %ymm4, %ymm4
+        vpaddd	%ymm11, %ymm5, %ymm5
+        vpsrld	$23, %ymm4, %ymm4
+        vpsrld	$23, %ymm5, %ymm5
+        vpmulld	%ymm10, %ymm4, %ymm2
+        vpmulld	%ymm10, %ymm5, %ymm3
+        vpsubd	%ymm2, %ymm0, %ymm2
+        vpsubd	%ymm3, %ymm1, %ymm3
+        vpsubd	%ymm2, %ymm9, %ymm2
+        vpsubd	%ymm3, %ymm9, %ymm3
+        vpsrld	$31, %ymm2, %ymm2
+        vpsrld	$31, %ymm3, %ymm3
+        vpaddd	%ymm2, %ymm4, %ymm4
+        vpaddd	%ymm3, %ymm5, %ymm5
+        vpmulld	%ymm10, %ymm4, %ymm2
+        vpmulld	%ymm10, %ymm5, %ymm3
+        vpsubd	%ymm2, %ymm0, %ymm2
+        vpsubd	%ymm3, %ymm1, %ymm3
+        vpcmpeqd	%ymm12, %ymm4, %ymm0
+        vpcmpeqd	%ymm12, %ymm5, %ymm1
+        vpaddd	%ymm0, %ymm2, %ymm2
+        vpaddd	%ymm1, %ymm3, %ymm3
+        vpcmpgtd	%ymm4, %ymm12, %ymm0
+        vpcmpgtd	%ymm5, %ymm12, %ymm1
+        vpand	%ymm0, %ymm4, %ymm4
+        vpand	%ymm1, %ymm5, %ymm5
+        movq	$0x01, %r9
+        xorq	%r10, %r10
+        xorq	%rcx, %rcx
+L_mldsa_use_hint_88_avx2_hints_next_1_3:
+        cmp	%dl, %al
+        jge	L_mldsa_use_hint_88_avx2_hints_done_1_3
+        mov	%r8b, %cl
+        sub	$48, %cl
+        cmpq	$16, %rcx
+        jge	L_mldsa_use_hint_88_avx2_hints_done_1_3
+        mov	%r9, %r11
+        shlq	%cl, %r11
+        orq	%r11, %r10
+        inc	%al
+        mov	(%rsi,%rax,1), %r8b
+        jmp	L_mldsa_use_hint_88_avx2_hints_next_1_3
+L_mldsa_use_hint_88_avx2_hints_done_1_3:
+        movd	%r10d, %xmm6
+        shr	$8, %r10
+        movd	%r10d, %xmm7
+        vpbroadcastd	%xmm6, %ymm6
+        vpbroadcastd	%xmm7, %ymm7
+        vpsllvd	%ymm13, %ymm6, %ymm6
+        vpsllvd	%ymm13, %ymm7, %ymm7
+        vpsrad	$31, %ymm6, %ymm6
+        vpsrad	$31, %ymm7, %ymm7
+        vpsrld	$31, %ymm2, %ymm2
+        vpsrld	$31, %ymm3, %ymm3
+        vpslld	$0x01, %ymm2, %ymm2
+        vpslld	$0x01, %ymm3, %ymm3
+        vpsubd	%ymm2, %ymm14, %ymm2
+        vpsubd	%ymm3, %ymm14, %ymm3
+        vpand	%ymm6, %ymm2, %ymm2
+        vpand	%ymm7, %ymm3, %ymm3
+        vpaddd	%ymm2, %ymm4, %ymm4
+        vpaddd	%ymm3, %ymm5, %ymm5
+        vpcmpgtd	%ymm4, %ymm12, %ymm0
+        vpcmpgtd	%ymm5, %ymm12, %ymm1
+        vpand	%ymm0, %ymm4, %ymm4
+        vpand	%ymm1, %ymm5, %ymm5
+        vpsrad	$31, %ymm4, %ymm0
+        vpsrad	$31, %ymm5, %ymm1
+        vpand	%ymm12, %ymm0, %ymm0
+        vpand	%ymm12, %ymm1, %ymm1
+        vpaddd	%ymm0, %ymm4, %ymm4
+        vpaddd	%ymm1, %ymm5, %ymm5
+        vmovdqu	%ymm4, 1216(%rdi)
+        vmovdqu	%ymm5, 1248(%rdi)
+        vmovdqu	1280(%rdi), %ymm0
+        vmovdqu	1312(%rdi), %ymm1
+        vpsrad	$31, %ymm0, %ymm2
+        vpsrad	$31, %ymm1, %ymm3
+        vpand	%ymm8, %ymm2, %ymm2
+        vpand	%ymm8, %ymm3, %ymm3
+        vpaddd	%ymm2, %ymm0, %ymm0
+        vpaddd	%ymm3, %ymm1, %ymm1
+        vpmulld	%ymm12, %ymm0, %ymm4
+        vpmulld	%ymm12, %ymm1, %ymm5
+        vpaddd	%ymm11, %ymm4, %ymm4
+        vpaddd	%ymm11, %ymm5, %ymm5
+        vpsrld	$23, %ymm4, %ymm4
+        vpsrld	$23, %ymm5, %ymm5
+        vpmulld	%ymm10, %ymm4, %ymm2
+        vpmulld	%ymm10, %ymm5, %ymm3
+        vpsubd	%ymm2, %ymm0, %ymm2
+        vpsubd	%ymm3, %ymm1, %ymm3
+        vpsubd	%ymm2, %ymm9, %ymm2
+        vpsubd	%ymm3, %ymm9, %ymm3
+        vpsrld	$31, %ymm2, %ymm2
+        vpsrld	$31, %ymm3, %ymm3
+        vpaddd	%ymm2, %ymm4, %ymm4
+        vpaddd	%ymm3, %ymm5, %ymm5
+        vpmulld	%ymm10, %ymm4, %ymm2
+        vpmulld	%ymm10, %ymm5, %ymm3
+        vpsubd	%ymm2, %ymm0, %ymm2
+        vpsubd	%ymm3, %ymm1, %ymm3
+        vpcmpeqd	%ymm12, %ymm4, %ymm0
+        vpcmpeqd	%ymm12, %ymm5, %ymm1
+        vpaddd	%ymm0, %ymm2, %ymm2
+        vpaddd	%ymm1, %ymm3, %ymm3
+        vpcmpgtd	%ymm4, %ymm12, %ymm0
+        vpcmpgtd	%ymm5, %ymm12, %ymm1
+        vpand	%ymm0, %ymm4, %ymm4
+        vpand	%ymm1, %ymm5, %ymm5
+        movq	$0x01, %r9
+        xorq	%r10, %r10
+        xorq	%rcx, %rcx
+L_mldsa_use_hint_88_avx2_hints_next_1_4:
+        cmp	%dl, %al
+        jge	L_mldsa_use_hint_88_avx2_hints_done_1_4
+        mov	%r8b, %cl
+        sub	$0x40, %cl
+        cmpq	$16, %rcx
+        jge	L_mldsa_use_hint_88_avx2_hints_done_1_4
+        mov	%r9, %r11
+        shlq	%cl, %r11
+        orq	%r11, %r10
+        inc	%al
+        mov	(%rsi,%rax,1), %r8b
+        jmp	L_mldsa_use_hint_88_avx2_hints_next_1_4
+L_mldsa_use_hint_88_avx2_hints_done_1_4:
+        movd	%r10d, %xmm6
+        shr	$8, %r10
+        movd	%r10d, %xmm7
+        vpbroadcastd	%xmm6, %ymm6
+        vpbroadcastd	%xmm7, %ymm7
+        vpsllvd	%ymm13, %ymm6, %ymm6
+        vpsllvd	%ymm13, %ymm7, %ymm7
+        vpsrad	$31, %ymm6, %ymm6
+        vpsrad	$31, %ymm7, %ymm7
+        vpsrld	$31, %ymm2, %ymm2
+        vpsrld	$31, %ymm3, %ymm3
+        vpslld	$0x01, %ymm2, %ymm2
+        vpslld	$0x01, %ymm3, %ymm3
+        vpsubd	%ymm2, %ymm14, %ymm2
+        vpsubd	%ymm3, %ymm14, %ymm3
+        vpand	%ymm6, %ymm2, %ymm2
+        vpand	%ymm7, %ymm3, %ymm3
+        vpaddd	%ymm2, %ymm4, %ymm4
+        vpaddd	%ymm3, %ymm5, %ymm5
+        vpcmpgtd	%ymm4, %ymm12, %ymm0
+        vpcmpgtd	%ymm5, %ymm12, %ymm1
+        vpand	%ymm0, %ymm4, %ymm4
+        vpand	%ymm1, %ymm5, %ymm5
+        vpsrad	$31, %ymm4, %ymm0
+        vpsrad	$31, %ymm5, %ymm1
+        vpand	%ymm12, %ymm0, %ymm0
+        vpand	%ymm12, %ymm1, %ymm1
+        vpaddd	%ymm0, %ymm4, %ymm4
+        vpaddd	%ymm1, %ymm5, %ymm5
+        vmovdqu	%ymm4, 1280(%rdi)
+        vmovdqu	%ymm5, 1312(%rdi)
+        vmovdqu	1344(%rdi), %ymm0
+        vmovdqu	1376(%rdi), %ymm1
+        vpsrad	$31, %ymm0, %ymm2
+        vpsrad	$31, %ymm1, %ymm3
+        vpand	%ymm8, %ymm2, %ymm2
+        vpand	%ymm8, %ymm3, %ymm3
+        vpaddd	%ymm2, %ymm0, %ymm0
+        vpaddd	%ymm3, %ymm1, %ymm1
+        vpmulld	%ymm12, %ymm0, %ymm4
+        vpmulld	%ymm12, %ymm1, %ymm5
+        vpaddd	%ymm11, %ymm4, %ymm4
+        vpaddd	%ymm11, %ymm5, %ymm5
+        vpsrld	$23, %ymm4, %ymm4
+        vpsrld	$23, %ymm5, %ymm5
+        vpmulld	%ymm10, %ymm4, %ymm2
+        vpmulld	%ymm10, %ymm5, %ymm3
+        vpsubd	%ymm2, %ymm0, %ymm2
+        vpsubd	%ymm3, %ymm1, %ymm3
+        vpsubd	%ymm2, %ymm9, %ymm2
+        vpsubd	%ymm3, %ymm9, %ymm3
+        vpsrld	$31, %ymm2, %ymm2
+        vpsrld	$31, %ymm3, %ymm3
+        vpaddd	%ymm2, %ymm4, %ymm4
+        vpaddd	%ymm3, %ymm5, %ymm5
+        vpmulld	%ymm10, %ymm4, %ymm2
+        vpmulld	%ymm10, %ymm5, %ymm3
+        vpsubd	%ymm2, %ymm0, %ymm2
+        vpsubd	%ymm3, %ymm1, %ymm3
+        vpcmpeqd	%ymm12, %ymm4, %ymm0
+        vpcmpeqd	%ymm12, %ymm5, %ymm1
+        vpaddd	%ymm0, %ymm2, %ymm2
+        vpaddd	%ymm1, %ymm3, %ymm3
+        vpcmpgtd	%ymm4, %ymm12, %ymm0
+        vpcmpgtd	%ymm5, %ymm12, %ymm1
+        vpand	%ymm0, %ymm4, %ymm4
+        vpand	%ymm1, %ymm5, %ymm5
+        movq	$0x01, %r9
+        xorq	%r10, %r10
+        xorq	%rcx, %rcx
+L_mldsa_use_hint_88_avx2_hints_next_1_5:
+        cmp	%dl, %al
+        jge	L_mldsa_use_hint_88_avx2_hints_done_1_5
+        mov	%r8b, %cl
+        sub	$0x50, %cl
+        cmpq	$16, %rcx
+        jge	L_mldsa_use_hint_88_avx2_hints_done_1_5
+        mov	%r9, %r11
+        shlq	%cl, %r11
+        orq	%r11, %r10
+        inc	%al
+        mov	(%rsi,%rax,1), %r8b
+        jmp	L_mldsa_use_hint_88_avx2_hints_next_1_5
+L_mldsa_use_hint_88_avx2_hints_done_1_5:
+        movd	%r10d, %xmm6
+        shr	$8, %r10
+        movd	%r10d, %xmm7
+        vpbroadcastd	%xmm6, %ymm6
+        vpbroadcastd	%xmm7, %ymm7
+        vpsllvd	%ymm13, %ymm6, %ymm6
+        vpsllvd	%ymm13, %ymm7, %ymm7
+        vpsrad	$31, %ymm6, %ymm6
+        vpsrad	$31, %ymm7, %ymm7
+        vpsrld	$31, %ymm2, %ymm2
+        vpsrld	$31, %ymm3, %ymm3
+        vpslld	$0x01, %ymm2, %ymm2
+        vpslld	$0x01, %ymm3, %ymm3
+        vpsubd	%ymm2, %ymm14, %ymm2
+        vpsubd	%ymm3, %ymm14, %ymm3
+        vpand	%ymm6, %ymm2, %ymm2
+        vpand	%ymm7, %ymm3, %ymm3
+        vpaddd	%ymm2, %ymm4, %ymm4
+        vpaddd	%ymm3, %ymm5, %ymm5
+        vpcmpgtd	%ymm4, %ymm12, %ymm0
+        vpcmpgtd	%ymm5, %ymm12, %ymm1
+        vpand	%ymm0, %ymm4, %ymm4
+        vpand	%ymm1, %ymm5, %ymm5
+        vpsrad	$31, %ymm4, %ymm0
+        vpsrad	$31, %ymm5, %ymm1
+        vpand	%ymm12, %ymm0, %ymm0
+        vpand	%ymm12, %ymm1, %ymm1
+        vpaddd	%ymm0, %ymm4, %ymm4
+        vpaddd	%ymm1, %ymm5, %ymm5
+        vmovdqu	%ymm4, 1344(%rdi)
+        vmovdqu	%ymm5, 1376(%rdi)
+        vmovdqu	1408(%rdi), %ymm0
+        vmovdqu	1440(%rdi), %ymm1
+        vpsrad	$31, %ymm0, %ymm2
+        vpsrad	$31, %ymm1, %ymm3
+        vpand	%ymm8, %ymm2, %ymm2
+        vpand	%ymm8, %ymm3, %ymm3
+        vpaddd	%ymm2, %ymm0, %ymm0
+        vpaddd	%ymm3, %ymm1, %ymm1
+        vpmulld	%ymm12, %ymm0, %ymm4
+        vpmulld	%ymm12, %ymm1, %ymm5
+        vpaddd	%ymm11, %ymm4, %ymm4
+        vpaddd	%ymm11, %ymm5, %ymm5
+        vpsrld	$23, %ymm4, %ymm4
+        vpsrld	$23, %ymm5, %ymm5
+        vpmulld	%ymm10, %ymm4, %ymm2
+        vpmulld	%ymm10, %ymm5, %ymm3
+        vpsubd	%ymm2, %ymm0, %ymm2
+        vpsubd	%ymm3, %ymm1, %ymm3
+        vpsubd	%ymm2, %ymm9, %ymm2
+        vpsubd	%ymm3, %ymm9, %ymm3
+        vpsrld	$31, %ymm2, %ymm2
+        vpsrld	$31, %ymm3, %ymm3
+        vpaddd	%ymm2, %ymm4, %ymm4
+        vpaddd	%ymm3, %ymm5, %ymm5
+        vpmulld	%ymm10, %ymm4, %ymm2
+        vpmulld	%ymm10, %ymm5, %ymm3
+        vpsubd	%ymm2, %ymm0, %ymm2
+        vpsubd	%ymm3, %ymm1, %ymm3
+        vpcmpeqd	%ymm12, %ymm4, %ymm0
+        vpcmpeqd	%ymm12, %ymm5, %ymm1
+        vpaddd	%ymm0, %ymm2, %ymm2
+        vpaddd	%ymm1, %ymm3, %ymm3
+        vpcmpgtd	%ymm4, %ymm12, %ymm0
+        vpcmpgtd	%ymm5, %ymm12, %ymm1
+        vpand	%ymm0, %ymm4, %ymm4
+        vpand	%ymm1, %ymm5, %ymm5
+        movq	$0x01, %r9
+        xorq	%r10, %r10
+        xorq	%rcx, %rcx
+L_mldsa_use_hint_88_avx2_hints_next_1_6:
+        cmp	%dl, %al
+        jge	L_mldsa_use_hint_88_avx2_hints_done_1_6
+        mov	%r8b, %cl
+        sub	$0x60, %cl
+        cmpq	$16, %rcx
+        jge	L_mldsa_use_hint_88_avx2_hints_done_1_6
+        mov	%r9, %r11
+        shlq	%cl, %r11
+        orq	%r11, %r10
+        inc	%al
+        mov	(%rsi,%rax,1), %r8b
+        jmp	L_mldsa_use_hint_88_avx2_hints_next_1_6
+L_mldsa_use_hint_88_avx2_hints_done_1_6:
+        movd	%r10d, %xmm6
+        shr	$8, %r10
+        movd	%r10d, %xmm7
+        vpbroadcastd	%xmm6, %ymm6
+        vpbroadcastd	%xmm7, %ymm7
+        vpsllvd	%ymm13, %ymm6, %ymm6
+        vpsllvd	%ymm13, %ymm7, %ymm7
+        vpsrad	$31, %ymm6, %ymm6
+        vpsrad	$31, %ymm7, %ymm7
+        vpsrld	$31, %ymm2, %ymm2
+        vpsrld	$31, %ymm3, %ymm3
+        vpslld	$0x01, %ymm2, %ymm2
+        vpslld	$0x01, %ymm3, %ymm3
+        vpsubd	%ymm2, %ymm14, %ymm2
+        vpsubd	%ymm3, %ymm14, %ymm3
+        vpand	%ymm6, %ymm2, %ymm2
+        vpand	%ymm7, %ymm3, %ymm3
+        vpaddd	%ymm2, %ymm4, %ymm4
+        vpaddd	%ymm3, %ymm5, %ymm5
+        vpcmpgtd	%ymm4, %ymm12, %ymm0
+        vpcmpgtd	%ymm5, %ymm12, %ymm1
+        vpand	%ymm0, %ymm4, %ymm4
+        vpand	%ymm1, %ymm5, %ymm5
+        vpsrad	$31, %ymm4, %ymm0
+        vpsrad	$31, %ymm5, %ymm1
+        vpand	%ymm12, %ymm0, %ymm0
+        vpand	%ymm12, %ymm1, %ymm1
+        vpaddd	%ymm0, %ymm4, %ymm4
+        vpaddd	%ymm1, %ymm5, %ymm5
+        vmovdqu	%ymm4, 1408(%rdi)
+        vmovdqu	%ymm5, 1440(%rdi)
+        vmovdqu	1472(%rdi), %ymm0
+        vmovdqu	1504(%rdi), %ymm1
+        vpsrad	$31, %ymm0, %ymm2
+        vpsrad	$31, %ymm1, %ymm3
+        vpand	%ymm8, %ymm2, %ymm2
+        vpand	%ymm8, %ymm3, %ymm3
+        vpaddd	%ymm2, %ymm0, %ymm0
+        vpaddd	%ymm3, %ymm1, %ymm1
+        vpmulld	%ymm12, %ymm0, %ymm4
+        vpmulld	%ymm12, %ymm1, %ymm5
+        vpaddd	%ymm11, %ymm4, %ymm4
+        vpaddd	%ymm11, %ymm5, %ymm5
+        vpsrld	$23, %ymm4, %ymm4
+        vpsrld	$23, %ymm5, %ymm5
+        vpmulld	%ymm10, %ymm4, %ymm2
+        vpmulld	%ymm10, %ymm5, %ymm3
+        vpsubd	%ymm2, %ymm0, %ymm2
+        vpsubd	%ymm3, %ymm1, %ymm3
+        vpsubd	%ymm2, %ymm9, %ymm2
+        vpsubd	%ymm3, %ymm9, %ymm3
+        vpsrld	$31, %ymm2, %ymm2
+        vpsrld	$31, %ymm3, %ymm3
+        vpaddd	%ymm2, %ymm4, %ymm4
+        vpaddd	%ymm3, %ymm5, %ymm5
+        vpmulld	%ymm10, %ymm4, %ymm2
+        vpmulld	%ymm10, %ymm5, %ymm3
+        vpsubd	%ymm2, %ymm0, %ymm2
+        vpsubd	%ymm3, %ymm1, %ymm3
+        vpcmpeqd	%ymm12, %ymm4, %ymm0
+        vpcmpeqd	%ymm12, %ymm5, %ymm1
+        vpaddd	%ymm0, %ymm2, %ymm2
+        vpaddd	%ymm1, %ymm3, %ymm3
+        vpcmpgtd	%ymm4, %ymm12, %ymm0
+        vpcmpgtd	%ymm5, %ymm12, %ymm1
+        vpand	%ymm0, %ymm4, %ymm4
+        vpand	%ymm1, %ymm5, %ymm5
+        movq	$0x01, %r9
+        xorq	%r10, %r10
+        xorq	%rcx, %rcx
+L_mldsa_use_hint_88_avx2_hints_next_1_7:
+        cmp	%dl, %al
+        jge	L_mldsa_use_hint_88_avx2_hints_done_1_7
+        mov	%r8b, %cl
+        sub	$0x70, %cl
+        cmpq	$16, %rcx
+        jge	L_mldsa_use_hint_88_avx2_hints_done_1_7
+        mov	%r9, %r11
+        shlq	%cl, %r11
+        orq	%r11, %r10
+        inc	%al
+        mov	(%rsi,%rax,1), %r8b
+        jmp	L_mldsa_use_hint_88_avx2_hints_next_1_7
+L_mldsa_use_hint_88_avx2_hints_done_1_7:
+        movd	%r10d, %xmm6
+        shr	$8, %r10
+        movd	%r10d, %xmm7
+        vpbroadcastd	%xmm6, %ymm6
+        vpbroadcastd	%xmm7, %ymm7
+        vpsllvd	%ymm13, %ymm6, %ymm6
+        vpsllvd	%ymm13, %ymm7, %ymm7
+        vpsrad	$31, %ymm6, %ymm6
+        vpsrad	$31, %ymm7, %ymm7
+        vpsrld	$31, %ymm2, %ymm2
+        vpsrld	$31, %ymm3, %ymm3
+        vpslld	$0x01, %ymm2, %ymm2
+        vpslld	$0x01, %ymm3, %ymm3
+        vpsubd	%ymm2, %ymm14, %ymm2
+        vpsubd	%ymm3, %ymm14, %ymm3
+        vpand	%ymm6, %ymm2, %ymm2
+        vpand	%ymm7, %ymm3, %ymm3
+        vpaddd	%ymm2, %ymm4, %ymm4
+        vpaddd	%ymm3, %ymm5, %ymm5
+        vpcmpgtd	%ymm4, %ymm12, %ymm0
+        vpcmpgtd	%ymm5, %ymm12, %ymm1
+        vpand	%ymm0, %ymm4, %ymm4
+        vpand	%ymm1, %ymm5, %ymm5
+        vpsrad	$31, %ymm4, %ymm0
+        vpsrad	$31, %ymm5, %ymm1
+        vpand	%ymm12, %ymm0, %ymm0
+        vpand	%ymm12, %ymm1, %ymm1
+        vpaddd	%ymm0, %ymm4, %ymm4
+        vpaddd	%ymm1, %ymm5, %ymm5
+        vmovdqu	%ymm4, 1472(%rdi)
+        vmovdqu	%ymm5, 1504(%rdi)
+        vmovdqu	1536(%rdi), %ymm0
+        vmovdqu	1568(%rdi), %ymm1
+        vpsrad	$31, %ymm0, %ymm2
+        vpsrad	$31, %ymm1, %ymm3
+        vpand	%ymm8, %ymm2, %ymm2
+        vpand	%ymm8, %ymm3, %ymm3
+        vpaddd	%ymm2, %ymm0, %ymm0
+        vpaddd	%ymm3, %ymm1, %ymm1
+        vpmulld	%ymm12, %ymm0, %ymm4
+        vpmulld	%ymm12, %ymm1, %ymm5
+        vpaddd	%ymm11, %ymm4, %ymm4
+        vpaddd	%ymm11, %ymm5, %ymm5
+        vpsrld	$23, %ymm4, %ymm4
+        vpsrld	$23, %ymm5, %ymm5
+        vpmulld	%ymm10, %ymm4, %ymm2
+        vpmulld	%ymm10, %ymm5, %ymm3
+        vpsubd	%ymm2, %ymm0, %ymm2
+        vpsubd	%ymm3, %ymm1, %ymm3
+        vpsubd	%ymm2, %ymm9, %ymm2
+        vpsubd	%ymm3, %ymm9, %ymm3
+        vpsrld	$31, %ymm2, %ymm2
+        vpsrld	$31, %ymm3, %ymm3
+        vpaddd	%ymm2, %ymm4, %ymm4
+        vpaddd	%ymm3, %ymm5, %ymm5
+        vpmulld	%ymm10, %ymm4, %ymm2
+        vpmulld	%ymm10, %ymm5, %ymm3
+        vpsubd	%ymm2, %ymm0, %ymm2
+        vpsubd	%ymm3, %ymm1, %ymm3
+        vpcmpeqd	%ymm12, %ymm4, %ymm0
+        vpcmpeqd	%ymm12, %ymm5, %ymm1
+        vpaddd	%ymm0, %ymm2, %ymm2
+        vpaddd	%ymm1, %ymm3, %ymm3
+        vpcmpgtd	%ymm4, %ymm12, %ymm0
+        vpcmpgtd	%ymm5, %ymm12, %ymm1
+        vpand	%ymm0, %ymm4, %ymm4
+        vpand	%ymm1, %ymm5, %ymm5
+        movq	$0x01, %r9
+        xorq	%r10, %r10
+        xorq	%rcx, %rcx
+L_mldsa_use_hint_88_avx2_hints_next_1_8:
+        cmp	%dl, %al
+        jge	L_mldsa_use_hint_88_avx2_hints_done_1_8
+        mov	%r8b, %cl
+        sub	$0x80, %cl
+        cmpq	$16, %rcx
+        jge	L_mldsa_use_hint_88_avx2_hints_done_1_8
+        mov	%r9, %r11
+        shlq	%cl, %r11
+        orq	%r11, %r10
+        inc	%al
+        mov	(%rsi,%rax,1), %r8b
+        jmp	L_mldsa_use_hint_88_avx2_hints_next_1_8
+L_mldsa_use_hint_88_avx2_hints_done_1_8:
+        movd	%r10d, %xmm6
+        shr	$8, %r10
+        movd	%r10d, %xmm7
+        vpbroadcastd	%xmm6, %ymm6
+        vpbroadcastd	%xmm7, %ymm7
+        vpsllvd	%ymm13, %ymm6, %ymm6
+        vpsllvd	%ymm13, %ymm7, %ymm7
+        vpsrad	$31, %ymm6, %ymm6
+        vpsrad	$31, %ymm7, %ymm7
+        vpsrld	$31, %ymm2, %ymm2
+        vpsrld	$31, %ymm3, %ymm3
+        vpslld	$0x01, %ymm2, %ymm2
+        vpslld	$0x01, %ymm3, %ymm3
+        vpsubd	%ymm2, %ymm14, %ymm2
+        vpsubd	%ymm3, %ymm14, %ymm3
+        vpand	%ymm6, %ymm2, %ymm2
+        vpand	%ymm7, %ymm3, %ymm3
+        vpaddd	%ymm2, %ymm4, %ymm4
+        vpaddd	%ymm3, %ymm5, %ymm5
+        vpcmpgtd	%ymm4, %ymm12, %ymm0
+        vpcmpgtd	%ymm5, %ymm12, %ymm1
+        vpand	%ymm0, %ymm4, %ymm4
+        vpand	%ymm1, %ymm5, %ymm5
+        vpsrad	$31, %ymm4, %ymm0
+        vpsrad	$31, %ymm5, %ymm1
+        vpand	%ymm12, %ymm0, %ymm0
+        vpand	%ymm12, %ymm1, %ymm1
+        vpaddd	%ymm0, %ymm4, %ymm4
+        vpaddd	%ymm1, %ymm5, %ymm5
+        vmovdqu	%ymm4, 1536(%rdi)
+        vmovdqu	%ymm5, 1568(%rdi)
+        vmovdqu	1600(%rdi), %ymm0
+        vmovdqu	1632(%rdi), %ymm1
+        vpsrad	$31, %ymm0, %ymm2
+        vpsrad	$31, %ymm1, %ymm3
+        vpand	%ymm8, %ymm2, %ymm2
+        vpand	%ymm8, %ymm3, %ymm3
+        vpaddd	%ymm2, %ymm0, %ymm0
+        vpaddd	%ymm3, %ymm1, %ymm1
+        vpmulld	%ymm12, %ymm0, %ymm4
+        vpmulld	%ymm12, %ymm1, %ymm5
+        vpaddd	%ymm11, %ymm4, %ymm4
+        vpaddd	%ymm11, %ymm5, %ymm5
+        vpsrld	$23, %ymm4, %ymm4
+        vpsrld	$23, %ymm5, %ymm5
+        vpmulld	%ymm10, %ymm4, %ymm2
+        vpmulld	%ymm10, %ymm5, %ymm3
+        vpsubd	%ymm2, %ymm0, %ymm2
+        vpsubd	%ymm3, %ymm1, %ymm3
+        vpsubd	%ymm2, %ymm9, %ymm2
+        vpsubd	%ymm3, %ymm9, %ymm3
+        vpsrld	$31, %ymm2, %ymm2
+        vpsrld	$31, %ymm3, %ymm3
+        vpaddd	%ymm2, %ymm4, %ymm4
+        vpaddd	%ymm3, %ymm5, %ymm5
+        vpmulld	%ymm10, %ymm4, %ymm2
+        vpmulld	%ymm10, %ymm5, %ymm3
+        vpsubd	%ymm2, %ymm0, %ymm2
+        vpsubd	%ymm3, %ymm1, %ymm3
+        vpcmpeqd	%ymm12, %ymm4, %ymm0
+        vpcmpeqd	%ymm12, %ymm5, %ymm1
+        vpaddd	%ymm0, %ymm2, %ymm2
+        vpaddd	%ymm1, %ymm3, %ymm3
+        vpcmpgtd	%ymm4, %ymm12, %ymm0
+        vpcmpgtd	%ymm5, %ymm12, %ymm1
+        vpand	%ymm0, %ymm4, %ymm4
+        vpand	%ymm1, %ymm5, %ymm5
+        movq	$0x01, %r9
+        xorq	%r10, %r10
+        xorq	%rcx, %rcx
+L_mldsa_use_hint_88_avx2_hints_next_1_9:
+        cmp	%dl, %al
+        jge	L_mldsa_use_hint_88_avx2_hints_done_1_9
+        mov	%r8b, %cl
+        sub	$0x90, %cl
+        cmpq	$16, %rcx
+        jge	L_mldsa_use_hint_88_avx2_hints_done_1_9
+        mov	%r9, %r11
+        shlq	%cl, %r11
+        orq	%r11, %r10
+        inc	%al
+        mov	(%rsi,%rax,1), %r8b
+        jmp	L_mldsa_use_hint_88_avx2_hints_next_1_9
+L_mldsa_use_hint_88_avx2_hints_done_1_9:
+        movd	%r10d, %xmm6
+        shr	$8, %r10
+        movd	%r10d, %xmm7
+        vpbroadcastd	%xmm6, %ymm6
+        vpbroadcastd	%xmm7, %ymm7
+        vpsllvd	%ymm13, %ymm6, %ymm6
+        vpsllvd	%ymm13, %ymm7, %ymm7
+        vpsrad	$31, %ymm6, %ymm6
+        vpsrad	$31, %ymm7, %ymm7
+        vpsrld	$31, %ymm2, %ymm2
+        vpsrld	$31, %ymm3, %ymm3
+        vpslld	$0x01, %ymm2, %ymm2
+        vpslld	$0x01, %ymm3, %ymm3
+        vpsubd	%ymm2, %ymm14, %ymm2
+        vpsubd	%ymm3, %ymm14, %ymm3
+        vpand	%ymm6, %ymm2, %ymm2
+        vpand	%ymm7, %ymm3, %ymm3
+        vpaddd	%ymm2, %ymm4, %ymm4
+        vpaddd	%ymm3, %ymm5, %ymm5
+        vpcmpgtd	%ymm4, %ymm12, %ymm0
+        vpcmpgtd	%ymm5, %ymm12, %ymm1
+        vpand	%ymm0, %ymm4, %ymm4
+        vpand	%ymm1, %ymm5, %ymm5
+        vpsrad	$31, %ymm4, %ymm0
+        vpsrad	$31, %ymm5, %ymm1
+        vpand	%ymm12, %ymm0, %ymm0
+        vpand	%ymm12, %ymm1, %ymm1
+        vpaddd	%ymm0, %ymm4, %ymm4
+        vpaddd	%ymm1, %ymm5, %ymm5
+        vmovdqu	%ymm4, 1600(%rdi)
+        vmovdqu	%ymm5, 1632(%rdi)
+        vmovdqu	1664(%rdi), %ymm0
+        vmovdqu	1696(%rdi), %ymm1
+        vpsrad	$31, %ymm0, %ymm2
+        vpsrad	$31, %ymm1, %ymm3
+        vpand	%ymm8, %ymm2, %ymm2
+        vpand	%ymm8, %ymm3, %ymm3
+        vpaddd	%ymm2, %ymm0, %ymm0
+        vpaddd	%ymm3, %ymm1, %ymm1
+        vpmulld	%ymm12, %ymm0, %ymm4
+        vpmulld	%ymm12, %ymm1, %ymm5
+        vpaddd	%ymm11, %ymm4, %ymm4
+        vpaddd	%ymm11, %ymm5, %ymm5
+        vpsrld	$23, %ymm4, %ymm4
+        vpsrld	$23, %ymm5, %ymm5
+        vpmulld	%ymm10, %ymm4, %ymm2
+        vpmulld	%ymm10, %ymm5, %ymm3
+        vpsubd	%ymm2, %ymm0, %ymm2
+        vpsubd	%ymm3, %ymm1, %ymm3
+        vpsubd	%ymm2, %ymm9, %ymm2
+        vpsubd	%ymm3, %ymm9, %ymm3
+        vpsrld	$31, %ymm2, %ymm2
+        vpsrld	$31, %ymm3, %ymm3
+        vpaddd	%ymm2, %ymm4, %ymm4
+        vpaddd	%ymm3, %ymm5, %ymm5
+        vpmulld	%ymm10, %ymm4, %ymm2
+        vpmulld	%ymm10, %ymm5, %ymm3
+        vpsubd	%ymm2, %ymm0, %ymm2
+        vpsubd	%ymm3, %ymm1, %ymm3
+        vpcmpeqd	%ymm12, %ymm4, %ymm0
+        vpcmpeqd	%ymm12, %ymm5, %ymm1
+        vpaddd	%ymm0, %ymm2, %ymm2
+        vpaddd	%ymm1, %ymm3, %ymm3
+        vpcmpgtd	%ymm4, %ymm12, %ymm0
+        vpcmpgtd	%ymm5, %ymm12, %ymm1
+        vpand	%ymm0, %ymm4, %ymm4
+        vpand	%ymm1, %ymm5, %ymm5
+        movq	$0x01, %r9
+        xorq	%r10, %r10
+        xorq	%rcx, %rcx
+L_mldsa_use_hint_88_avx2_hints_next_1_10:
+        cmp	%dl, %al
+        jge	L_mldsa_use_hint_88_avx2_hints_done_1_10
+        mov	%r8b, %cl
+        sub	$0xa0, %cl
+        cmpq	$16, %rcx
+        jge	L_mldsa_use_hint_88_avx2_hints_done_1_10
+        mov	%r9, %r11
+        shlq	%cl, %r11
+        orq	%r11, %r10
+        inc	%al
+        mov	(%rsi,%rax,1), %r8b
+        jmp	L_mldsa_use_hint_88_avx2_hints_next_1_10
+L_mldsa_use_hint_88_avx2_hints_done_1_10:
+        movd	%r10d, %xmm6
+        shr	$8, %r10
+        movd	%r10d, %xmm7
+        vpbroadcastd	%xmm6, %ymm6
+        vpbroadcastd	%xmm7, %ymm7
+        vpsllvd	%ymm13, %ymm6, %ymm6
+        vpsllvd	%ymm13, %ymm7, %ymm7
+        vpsrad	$31, %ymm6, %ymm6
+        vpsrad	$31, %ymm7, %ymm7
+        vpsrld	$31, %ymm2, %ymm2
+        vpsrld	$31, %ymm3, %ymm3
+        vpslld	$0x01, %ymm2, %ymm2
+        vpslld	$0x01, %ymm3, %ymm3
+        vpsubd	%ymm2, %ymm14, %ymm2
+        vpsubd	%ymm3, %ymm14, %ymm3
+        vpand	%ymm6, %ymm2, %ymm2
+        vpand	%ymm7, %ymm3, %ymm3
+        vpaddd	%ymm2, %ymm4, %ymm4
+        vpaddd	%ymm3, %ymm5, %ymm5
+        vpcmpgtd	%ymm4, %ymm12, %ymm0
+        vpcmpgtd	%ymm5, %ymm12, %ymm1
+        vpand	%ymm0, %ymm4, %ymm4
+        vpand	%ymm1, %ymm5, %ymm5
+        vpsrad	$31, %ymm4, %ymm0
+        vpsrad	$31, %ymm5, %ymm1
+        vpand	%ymm12, %ymm0, %ymm0
+        vpand	%ymm12, %ymm1, %ymm1
+        vpaddd	%ymm0, %ymm4, %ymm4
+        vpaddd	%ymm1, %ymm5, %ymm5
+        vmovdqu	%ymm4, 1664(%rdi)
+        vmovdqu	%ymm5, 1696(%rdi)
+        vmovdqu	1728(%rdi), %ymm0
+        vmovdqu	1760(%rdi), %ymm1
+        vpsrad	$31, %ymm0, %ymm2
+        vpsrad	$31, %ymm1, %ymm3
+        vpand	%ymm8, %ymm2, %ymm2
+        vpand	%ymm8, %ymm3, %ymm3
+        vpaddd	%ymm2, %ymm0, %ymm0
+        vpaddd	%ymm3, %ymm1, %ymm1
+        vpmulld	%ymm12, %ymm0, %ymm4
+        vpmulld	%ymm12, %ymm1, %ymm5
+        vpaddd	%ymm11, %ymm4, %ymm4
+        vpaddd	%ymm11, %ymm5, %ymm5
+        vpsrld	$23, %ymm4, %ymm4
+        vpsrld	$23, %ymm5, %ymm5
+        vpmulld	%ymm10, %ymm4, %ymm2
+        vpmulld	%ymm10, %ymm5, %ymm3
+        vpsubd	%ymm2, %ymm0, %ymm2
+        vpsubd	%ymm3, %ymm1, %ymm3
+        vpsubd	%ymm2, %ymm9, %ymm2
+        vpsubd	%ymm3, %ymm9, %ymm3
+        vpsrld	$31, %ymm2, %ymm2
+        vpsrld	$31, %ymm3, %ymm3
+        vpaddd	%ymm2, %ymm4, %ymm4
+        vpaddd	%ymm3, %ymm5, %ymm5
+        vpmulld	%ymm10, %ymm4, %ymm2
+        vpmulld	%ymm10, %ymm5, %ymm3
+        vpsubd	%ymm2, %ymm0, %ymm2
+        vpsubd	%ymm3, %ymm1, %ymm3
+        vpcmpeqd	%ymm12, %ymm4, %ymm0
+        vpcmpeqd	%ymm12, %ymm5, %ymm1
+        vpaddd	%ymm0, %ymm2, %ymm2
+        vpaddd	%ymm1, %ymm3, %ymm3
+        vpcmpgtd	%ymm4, %ymm12, %ymm0
+        vpcmpgtd	%ymm5, %ymm12, %ymm1
+        vpand	%ymm0, %ymm4, %ymm4
+        vpand	%ymm1, %ymm5, %ymm5
+        movq	$0x01, %r9
+        xorq	%r10, %r10
+        xorq	%rcx, %rcx
+L_mldsa_use_hint_88_avx2_hints_next_1_11:
+        cmp	%dl, %al
+        jge	L_mldsa_use_hint_88_avx2_hints_done_1_11
+        mov	%r8b, %cl
+        sub	$0xb0, %cl
+        cmpq	$16, %rcx
+        jge	L_mldsa_use_hint_88_avx2_hints_done_1_11
+        mov	%r9, %r11
+        shlq	%cl, %r11
+        orq	%r11, %r10
+        inc	%al
+        mov	(%rsi,%rax,1), %r8b
+        jmp	L_mldsa_use_hint_88_avx2_hints_next_1_11
+L_mldsa_use_hint_88_avx2_hints_done_1_11:
+        movd	%r10d, %xmm6
+        shr	$8, %r10
+        movd	%r10d, %xmm7
+        vpbroadcastd	%xmm6, %ymm6
+        vpbroadcastd	%xmm7, %ymm7
+        vpsllvd	%ymm13, %ymm6, %ymm6
+        vpsllvd	%ymm13, %ymm7, %ymm7
+        vpsrad	$31, %ymm6, %ymm6
+        vpsrad	$31, %ymm7, %ymm7
+        vpsrld	$31, %ymm2, %ymm2
+        vpsrld	$31, %ymm3, %ymm3
+        vpslld	$0x01, %ymm2, %ymm2
+        vpslld	$0x01, %ymm3, %ymm3
+        vpsubd	%ymm2, %ymm14, %ymm2
+        vpsubd	%ymm3, %ymm14, %ymm3
+        vpand	%ymm6, %ymm2, %ymm2
+        vpand	%ymm7, %ymm3, %ymm3
+        vpaddd	%ymm2, %ymm4, %ymm4
+        vpaddd	%ymm3, %ymm5, %ymm5
+        vpcmpgtd	%ymm4, %ymm12, %ymm0
+        vpcmpgtd	%ymm5, %ymm12, %ymm1
+        vpand	%ymm0, %ymm4, %ymm4
+        vpand	%ymm1, %ymm5, %ymm5
+        vpsrad	$31, %ymm4, %ymm0
+        vpsrad	$31, %ymm5, %ymm1
+        vpand	%ymm12, %ymm0, %ymm0
+        vpand	%ymm12, %ymm1, %ymm1
+        vpaddd	%ymm0, %ymm4, %ymm4
+        vpaddd	%ymm1, %ymm5, %ymm5
+        vmovdqu	%ymm4, 1728(%rdi)
+        vmovdqu	%ymm5, 1760(%rdi)
+        vmovdqu	1792(%rdi), %ymm0
+        vmovdqu	1824(%rdi), %ymm1
+        vpsrad	$31, %ymm0, %ymm2
+        vpsrad	$31, %ymm1, %ymm3
+        vpand	%ymm8, %ymm2, %ymm2
+        vpand	%ymm8, %ymm3, %ymm3
+        vpaddd	%ymm2, %ymm0, %ymm0
+        vpaddd	%ymm3, %ymm1, %ymm1
+        vpmulld	%ymm12, %ymm0, %ymm4
+        vpmulld	%ymm12, %ymm1, %ymm5
+        vpaddd	%ymm11, %ymm4, %ymm4
+        vpaddd	%ymm11, %ymm5, %ymm5
+        vpsrld	$23, %ymm4, %ymm4
+        vpsrld	$23, %ymm5, %ymm5
+        vpmulld	%ymm10, %ymm4, %ymm2
+        vpmulld	%ymm10, %ymm5, %ymm3
+        vpsubd	%ymm2, %ymm0, %ymm2
+        vpsubd	%ymm3, %ymm1, %ymm3
+        vpsubd	%ymm2, %ymm9, %ymm2
+        vpsubd	%ymm3, %ymm9, %ymm3
+        vpsrld	$31, %ymm2, %ymm2
+        vpsrld	$31, %ymm3, %ymm3
+        vpaddd	%ymm2, %ymm4, %ymm4
+        vpaddd	%ymm3, %ymm5, %ymm5
+        vpmulld	%ymm10, %ymm4, %ymm2
+        vpmulld	%ymm10, %ymm5, %ymm3
+        vpsubd	%ymm2, %ymm0, %ymm2
+        vpsubd	%ymm3, %ymm1, %ymm3
+        vpcmpeqd	%ymm12, %ymm4, %ymm0
+        vpcmpeqd	%ymm12, %ymm5, %ymm1
+        vpaddd	%ymm0, %ymm2, %ymm2
+        vpaddd	%ymm1, %ymm3, %ymm3
+        vpcmpgtd	%ymm4, %ymm12, %ymm0
+        vpcmpgtd	%ymm5, %ymm12, %ymm1
+        vpand	%ymm0, %ymm4, %ymm4
+        vpand	%ymm1, %ymm5, %ymm5
+        movq	$0x01, %r9
+        xorq	%r10, %r10
+        xorq	%rcx, %rcx
+L_mldsa_use_hint_88_avx2_hints_next_1_12:
+        cmp	%dl, %al
+        jge	L_mldsa_use_hint_88_avx2_hints_done_1_12
+        mov	%r8b, %cl
+        sub	$0xc0, %cl
+        cmpq	$16, %rcx
+        jge	L_mldsa_use_hint_88_avx2_hints_done_1_12
+        mov	%r9, %r11
+        shlq	%cl, %r11
+        orq	%r11, %r10
+        inc	%al
+        mov	(%rsi,%rax,1), %r8b
+        jmp	L_mldsa_use_hint_88_avx2_hints_next_1_12
+L_mldsa_use_hint_88_avx2_hints_done_1_12:
+        movd	%r10d, %xmm6
+        shr	$8, %r10
+        movd	%r10d, %xmm7
+        vpbroadcastd	%xmm6, %ymm6
+        vpbroadcastd	%xmm7, %ymm7
+        vpsllvd	%ymm13, %ymm6, %ymm6
+        vpsllvd	%ymm13, %ymm7, %ymm7
+        vpsrad	$31, %ymm6, %ymm6
+        vpsrad	$31, %ymm7, %ymm7
+        vpsrld	$31, %ymm2, %ymm2
+        vpsrld	$31, %ymm3, %ymm3
+        vpslld	$0x01, %ymm2, %ymm2
+        vpslld	$0x01, %ymm3, %ymm3
+        vpsubd	%ymm2, %ymm14, %ymm2
+        vpsubd	%ymm3, %ymm14, %ymm3
+        vpand	%ymm6, %ymm2, %ymm2
+        vpand	%ymm7, %ymm3, %ymm3
+        vpaddd	%ymm2, %ymm4, %ymm4
+        vpaddd	%ymm3, %ymm5, %ymm5
+        vpcmpgtd	%ymm4, %ymm12, %ymm0
+        vpcmpgtd	%ymm5, %ymm12, %ymm1
+        vpand	%ymm0, %ymm4, %ymm4
+        vpand	%ymm1, %ymm5, %ymm5
+        vpsrad	$31, %ymm4, %ymm0
+        vpsrad	$31, %ymm5, %ymm1
+        vpand	%ymm12, %ymm0, %ymm0
+        vpand	%ymm12, %ymm1, %ymm1
+        vpaddd	%ymm0, %ymm4, %ymm4
+        vpaddd	%ymm1, %ymm5, %ymm5
+        vmovdqu	%ymm4, 1792(%rdi)
+        vmovdqu	%ymm5, 1824(%rdi)
+        vmovdqu	1856(%rdi), %ymm0
+        vmovdqu	1888(%rdi), %ymm1
+        vpsrad	$31, %ymm0, %ymm2
+        vpsrad	$31, %ymm1, %ymm3
+        vpand	%ymm8, %ymm2, %ymm2
+        vpand	%ymm8, %ymm3, %ymm3
+        vpaddd	%ymm2, %ymm0, %ymm0
+        vpaddd	%ymm3, %ymm1, %ymm1
+        vpmulld	%ymm12, %ymm0, %ymm4
+        vpmulld	%ymm12, %ymm1, %ymm5
+        vpaddd	%ymm11, %ymm4, %ymm4
+        vpaddd	%ymm11, %ymm5, %ymm5
+        vpsrld	$23, %ymm4, %ymm4
+        vpsrld	$23, %ymm5, %ymm5
+        vpmulld	%ymm10, %ymm4, %ymm2
+        vpmulld	%ymm10, %ymm5, %ymm3
+        vpsubd	%ymm2, %ymm0, %ymm2
+        vpsubd	%ymm3, %ymm1, %ymm3
+        vpsubd	%ymm2, %ymm9, %ymm2
+        vpsubd	%ymm3, %ymm9, %ymm3
+        vpsrld	$31, %ymm2, %ymm2
+        vpsrld	$31, %ymm3, %ymm3
+        vpaddd	%ymm2, %ymm4, %ymm4
+        vpaddd	%ymm3, %ymm5, %ymm5
+        vpmulld	%ymm10, %ymm4, %ymm2
+        vpmulld	%ymm10, %ymm5, %ymm3
+        vpsubd	%ymm2, %ymm0, %ymm2
+        vpsubd	%ymm3, %ymm1, %ymm3
+        vpcmpeqd	%ymm12, %ymm4, %ymm0
+        vpcmpeqd	%ymm12, %ymm5, %ymm1
+        vpaddd	%ymm0, %ymm2, %ymm2
+        vpaddd	%ymm1, %ymm3, %ymm3
+        vpcmpgtd	%ymm4, %ymm12, %ymm0
+        vpcmpgtd	%ymm5, %ymm12, %ymm1
+        vpand	%ymm0, %ymm4, %ymm4
+        vpand	%ymm1, %ymm5, %ymm5
+        movq	$0x01, %r9
+        xorq	%r10, %r10
+        xorq	%rcx, %rcx
+L_mldsa_use_hint_88_avx2_hints_next_1_13:
+        cmp	%dl, %al
+        jge	L_mldsa_use_hint_88_avx2_hints_done_1_13
+        mov	%r8b, %cl
+        sub	$0xd0, %cl
+        cmpq	$16, %rcx
+        jge	L_mldsa_use_hint_88_avx2_hints_done_1_13
+        mov	%r9, %r11
+        shlq	%cl, %r11
+        orq	%r11, %r10
+        inc	%al
+        mov	(%rsi,%rax,1), %r8b
+        jmp	L_mldsa_use_hint_88_avx2_hints_next_1_13
+L_mldsa_use_hint_88_avx2_hints_done_1_13:
+        movd	%r10d, %xmm6
+        shr	$8, %r10
+        movd	%r10d, %xmm7
+        vpbroadcastd	%xmm6, %ymm6
+        vpbroadcastd	%xmm7, %ymm7
+        vpsllvd	%ymm13, %ymm6, %ymm6
+        vpsllvd	%ymm13, %ymm7, %ymm7
+        vpsrad	$31, %ymm6, %ymm6
+        vpsrad	$31, %ymm7, %ymm7
+        vpsrld	$31, %ymm2, %ymm2
+        vpsrld	$31, %ymm3, %ymm3
+        vpslld	$0x01, %ymm2, %ymm2
+        vpslld	$0x01, %ymm3, %ymm3
+        vpsubd	%ymm2, %ymm14, %ymm2
+        vpsubd	%ymm3, %ymm14, %ymm3
+        vpand	%ymm6, %ymm2, %ymm2
+        vpand	%ymm7, %ymm3, %ymm3
+        vpaddd	%ymm2, %ymm4, %ymm4
+        vpaddd	%ymm3, %ymm5, %ymm5
+        vpcmpgtd	%ymm4, %ymm12, %ymm0
+        vpcmpgtd	%ymm5, %ymm12, %ymm1
+        vpand	%ymm0, %ymm4, %ymm4
+        vpand	%ymm1, %ymm5, %ymm5
+        vpsrad	$31, %ymm4, %ymm0
+        vpsrad	$31, %ymm5, %ymm1
+        vpand	%ymm12, %ymm0, %ymm0
+        vpand	%ymm12, %ymm1, %ymm1
+        vpaddd	%ymm0, %ymm4, %ymm4
+        vpaddd	%ymm1, %ymm5, %ymm5
+        vmovdqu	%ymm4, 1856(%rdi)
+        vmovdqu	%ymm5, 1888(%rdi)
+        vmovdqu	1920(%rdi), %ymm0
+        vmovdqu	1952(%rdi), %ymm1
+        vpsrad	$31, %ymm0, %ymm2
+        vpsrad	$31, %ymm1, %ymm3
+        vpand	%ymm8, %ymm2, %ymm2
+        vpand	%ymm8, %ymm3, %ymm3
+        vpaddd	%ymm2, %ymm0, %ymm0
+        vpaddd	%ymm3, %ymm1, %ymm1
+        vpmulld	%ymm12, %ymm0, %ymm4
+        vpmulld	%ymm12, %ymm1, %ymm5
+        vpaddd	%ymm11, %ymm4, %ymm4
+        vpaddd	%ymm11, %ymm5, %ymm5
+        vpsrld	$23, %ymm4, %ymm4
+        vpsrld	$23, %ymm5, %ymm5
+        vpmulld	%ymm10, %ymm4, %ymm2
+        vpmulld	%ymm10, %ymm5, %ymm3
+        vpsubd	%ymm2, %ymm0, %ymm2
+        vpsubd	%ymm3, %ymm1, %ymm3
+        vpsubd	%ymm2, %ymm9, %ymm2
+        vpsubd	%ymm3, %ymm9, %ymm3
+        vpsrld	$31, %ymm2, %ymm2
+        vpsrld	$31, %ymm3, %ymm3
+        vpaddd	%ymm2, %ymm4, %ymm4
+        vpaddd	%ymm3, %ymm5, %ymm5
+        vpmulld	%ymm10, %ymm4, %ymm2
+        vpmulld	%ymm10, %ymm5, %ymm3
+        vpsubd	%ymm2, %ymm0, %ymm2
+        vpsubd	%ymm3, %ymm1, %ymm3
+        vpcmpeqd	%ymm12, %ymm4, %ymm0
+        vpcmpeqd	%ymm12, %ymm5, %ymm1
+        vpaddd	%ymm0, %ymm2, %ymm2
+        vpaddd	%ymm1, %ymm3, %ymm3
+        vpcmpgtd	%ymm4, %ymm12, %ymm0
+        vpcmpgtd	%ymm5, %ymm12, %ymm1
+        vpand	%ymm0, %ymm4, %ymm4
+        vpand	%ymm1, %ymm5, %ymm5
+        movq	$0x01, %r9
+        xorq	%r10, %r10
+        xorq	%rcx, %rcx
+L_mldsa_use_hint_88_avx2_hints_next_1_14:
+        cmp	%dl, %al
+        jge	L_mldsa_use_hint_88_avx2_hints_done_1_14
+        mov	%r8b, %cl
+        sub	$0xe0, %cl
+        cmpq	$16, %rcx
+        jge	L_mldsa_use_hint_88_avx2_hints_done_1_14
+        mov	%r9, %r11
+        shlq	%cl, %r11
+        orq	%r11, %r10
+        inc	%al
+        mov	(%rsi,%rax,1), %r8b
+        jmp	L_mldsa_use_hint_88_avx2_hints_next_1_14
+L_mldsa_use_hint_88_avx2_hints_done_1_14:
+        movd	%r10d, %xmm6
+        shr	$8, %r10
+        movd	%r10d, %xmm7
+        vpbroadcastd	%xmm6, %ymm6
+        vpbroadcastd	%xmm7, %ymm7
+        vpsllvd	%ymm13, %ymm6, %ymm6
+        vpsllvd	%ymm13, %ymm7, %ymm7
+        vpsrad	$31, %ymm6, %ymm6
+        vpsrad	$31, %ymm7, %ymm7
+        vpsrld	$31, %ymm2, %ymm2
+        vpsrld	$31, %ymm3, %ymm3
+        vpslld	$0x01, %ymm2, %ymm2
+        vpslld	$0x01, %ymm3, %ymm3
+        vpsubd	%ymm2, %ymm14, %ymm2
+        vpsubd	%ymm3, %ymm14, %ymm3
+        vpand	%ymm6, %ymm2, %ymm2
+        vpand	%ymm7, %ymm3, %ymm3
+        vpaddd	%ymm2, %ymm4, %ymm4
+        vpaddd	%ymm3, %ymm5, %ymm5
+        vpcmpgtd	%ymm4, %ymm12, %ymm0
+        vpcmpgtd	%ymm5, %ymm12, %ymm1
+        vpand	%ymm0, %ymm4, %ymm4
+        vpand	%ymm1, %ymm5, %ymm5
+        vpsrad	$31, %ymm4, %ymm0
+        vpsrad	$31, %ymm5, %ymm1
+        vpand	%ymm12, %ymm0, %ymm0
+        vpand	%ymm12, %ymm1, %ymm1
+        vpaddd	%ymm0, %ymm4, %ymm4
+        vpaddd	%ymm1, %ymm5, %ymm5
+        vmovdqu	%ymm4, 1920(%rdi)
+        vmovdqu	%ymm5, 1952(%rdi)
+        vmovdqu	1984(%rdi), %ymm0
+        vmovdqu	2016(%rdi), %ymm1
+        vpsrad	$31, %ymm0, %ymm2
+        vpsrad	$31, %ymm1, %ymm3
+        vpand	%ymm8, %ymm2, %ymm2
+        vpand	%ymm8, %ymm3, %ymm3
+        vpaddd	%ymm2, %ymm0, %ymm0
+        vpaddd	%ymm3, %ymm1, %ymm1
+        vpmulld	%ymm12, %ymm0, %ymm4
+        vpmulld	%ymm12, %ymm1, %ymm5
+        vpaddd	%ymm11, %ymm4, %ymm4
+        vpaddd	%ymm11, %ymm5, %ymm5
+        vpsrld	$23, %ymm4, %ymm4
+        vpsrld	$23, %ymm5, %ymm5
+        vpmulld	%ymm10, %ymm4, %ymm2
+        vpmulld	%ymm10, %ymm5, %ymm3
+        vpsubd	%ymm2, %ymm0, %ymm2
+        vpsubd	%ymm3, %ymm1, %ymm3
+        vpsubd	%ymm2, %ymm9, %ymm2
+        vpsubd	%ymm3, %ymm9, %ymm3
+        vpsrld	$31, %ymm2, %ymm2
+        vpsrld	$31, %ymm3, %ymm3
+        vpaddd	%ymm2, %ymm4, %ymm4
+        vpaddd	%ymm3, %ymm5, %ymm5
+        vpmulld	%ymm10, %ymm4, %ymm2
+        vpmulld	%ymm10, %ymm5, %ymm3
+        vpsubd	%ymm2, %ymm0, %ymm2
+        vpsubd	%ymm3, %ymm1, %ymm3
+        vpcmpeqd	%ymm12, %ymm4, %ymm0
+        vpcmpeqd	%ymm12, %ymm5, %ymm1
+        vpaddd	%ymm0, %ymm2, %ymm2
+        vpaddd	%ymm1, %ymm3, %ymm3
+        vpcmpgtd	%ymm4, %ymm12, %ymm0
+        vpcmpgtd	%ymm5, %ymm12, %ymm1
+        vpand	%ymm0, %ymm4, %ymm4
+        vpand	%ymm1, %ymm5, %ymm5
+        movq	$0x01, %r9
+        xorq	%r10, %r10
+        xorq	%rcx, %rcx
+L_mldsa_use_hint_88_avx2_hints_next_1_15:
+        cmp	%dl, %al
+        jge	L_mldsa_use_hint_88_avx2_hints_done_1_15
+        mov	%r8b, %cl
+        sub	$0xf0, %cl
+        cmpq	$16, %rcx
+        jge	L_mldsa_use_hint_88_avx2_hints_done_1_15
+        mov	%r9, %r11
+        shlq	%cl, %r11
+        orq	%r11, %r10
+        inc	%al
+        mov	(%rsi,%rax,1), %r8b
+        jmp	L_mldsa_use_hint_88_avx2_hints_next_1_15
+L_mldsa_use_hint_88_avx2_hints_done_1_15:
+        movd	%r10d, %xmm6
+        shr	$8, %r10
+        movd	%r10d, %xmm7
+        vpbroadcastd	%xmm6, %ymm6
+        vpbroadcastd	%xmm7, %ymm7
+        vpsllvd	%ymm13, %ymm6, %ymm6
+        vpsllvd	%ymm13, %ymm7, %ymm7
+        vpsrad	$31, %ymm6, %ymm6
+        vpsrad	$31, %ymm7, %ymm7
+        vpsrld	$31, %ymm2, %ymm2
+        vpsrld	$31, %ymm3, %ymm3
+        vpslld	$0x01, %ymm2, %ymm2
+        vpslld	$0x01, %ymm3, %ymm3
+        vpsubd	%ymm2, %ymm14, %ymm2
+        vpsubd	%ymm3, %ymm14, %ymm3
+        vpand	%ymm6, %ymm2, %ymm2
+        vpand	%ymm7, %ymm3, %ymm3
+        vpaddd	%ymm2, %ymm4, %ymm4
+        vpaddd	%ymm3, %ymm5, %ymm5
+        vpcmpgtd	%ymm4, %ymm12, %ymm0
+        vpcmpgtd	%ymm5, %ymm12, %ymm1
+        vpand	%ymm0, %ymm4, %ymm4
+        vpand	%ymm1, %ymm5, %ymm5
+        vpsrad	$31, %ymm4, %ymm0
+        vpsrad	$31, %ymm5, %ymm1
+        vpand	%ymm12, %ymm0, %ymm0
+        vpand	%ymm12, %ymm1, %ymm1
+        vpaddd	%ymm0, %ymm4, %ymm4
+        vpaddd	%ymm1, %ymm5, %ymm5
+        vmovdqu	%ymm4, 1984(%rdi)
+        vmovdqu	%ymm5, 2016(%rdi)
+        # 3/4 vectors
+        mov	82(%rsi), %dl
+        vmovdqu	2048(%rdi), %ymm0
+        vmovdqu	2080(%rdi), %ymm1
+        vpsrad	$31, %ymm0, %ymm2
+        vpsrad	$31, %ymm1, %ymm3
+        vpand	%ymm8, %ymm2, %ymm2
+        vpand	%ymm8, %ymm3, %ymm3
+        vpaddd	%ymm2, %ymm0, %ymm0
+        vpaddd	%ymm3, %ymm1, %ymm1
+        vpmulld	%ymm12, %ymm0, %ymm4
+        vpmulld	%ymm12, %ymm1, %ymm5
+        vpaddd	%ymm11, %ymm4, %ymm4
+        vpaddd	%ymm11, %ymm5, %ymm5
+        vpsrld	$23, %ymm4, %ymm4
+        vpsrld	$23, %ymm5, %ymm5
+        vpmulld	%ymm10, %ymm4, %ymm2
+        vpmulld	%ymm10, %ymm5, %ymm3
+        vpsubd	%ymm2, %ymm0, %ymm2
+        vpsubd	%ymm3, %ymm1, %ymm3
+        vpsubd	%ymm2, %ymm9, %ymm2
+        vpsubd	%ymm3, %ymm9, %ymm3
+        vpsrld	$31, %ymm2, %ymm2
+        vpsrld	$31, %ymm3, %ymm3
+        vpaddd	%ymm2, %ymm4, %ymm4
+        vpaddd	%ymm3, %ymm5, %ymm5
+        vpmulld	%ymm10, %ymm4, %ymm2
+        vpmulld	%ymm10, %ymm5, %ymm3
+        vpsubd	%ymm2, %ymm0, %ymm2
+        vpsubd	%ymm3, %ymm1, %ymm3
+        vpcmpeqd	%ymm12, %ymm4, %ymm0
+        vpcmpeqd	%ymm12, %ymm5, %ymm1
+        vpaddd	%ymm0, %ymm2, %ymm2
+        vpaddd	%ymm1, %ymm3, %ymm3
+        vpcmpgtd	%ymm4, %ymm12, %ymm0
+        vpcmpgtd	%ymm5, %ymm12, %ymm1
+        vpand	%ymm0, %ymm4, %ymm4
+        vpand	%ymm1, %ymm5, %ymm5
+        movq	$0x01, %r9
+        xorq	%r10, %r10
+        xorq	%rcx, %rcx
+L_mldsa_use_hint_88_avx2_hints_next_2_0:
+        cmp	%dl, %al
+        jge	L_mldsa_use_hint_88_avx2_hints_done_2_0
+        mov	%r8b, %cl
+        cmpq	$16, %rcx
+        jge	L_mldsa_use_hint_88_avx2_hints_done_2_0
+        mov	%r9, %r11
+        shlq	%cl, %r11
+        orq	%r11, %r10
+        inc	%al
+        mov	(%rsi,%rax,1), %r8b
+        jmp	L_mldsa_use_hint_88_avx2_hints_next_2_0
+L_mldsa_use_hint_88_avx2_hints_done_2_0:
+        movd	%r10d, %xmm6
+        shr	$8, %r10
+        movd	%r10d, %xmm7
+        vpbroadcastd	%xmm6, %ymm6
+        vpbroadcastd	%xmm7, %ymm7
+        vpsllvd	%ymm13, %ymm6, %ymm6
+        vpsllvd	%ymm13, %ymm7, %ymm7
+        vpsrad	$31, %ymm6, %ymm6
+        vpsrad	$31, %ymm7, %ymm7
+        vpsrld	$31, %ymm2, %ymm2
+        vpsrld	$31, %ymm3, %ymm3
+        vpslld	$0x01, %ymm2, %ymm2
+        vpslld	$0x01, %ymm3, %ymm3
+        vpsubd	%ymm2, %ymm14, %ymm2
+        vpsubd	%ymm3, %ymm14, %ymm3
+        vpand	%ymm6, %ymm2, %ymm2
+        vpand	%ymm7, %ymm3, %ymm3
+        vpaddd	%ymm2, %ymm4, %ymm4
+        vpaddd	%ymm3, %ymm5, %ymm5
+        vpcmpgtd	%ymm4, %ymm12, %ymm0
+        vpcmpgtd	%ymm5, %ymm12, %ymm1
+        vpand	%ymm0, %ymm4, %ymm4
+        vpand	%ymm1, %ymm5, %ymm5
+        vpsrad	$31, %ymm4, %ymm0
+        vpsrad	$31, %ymm5, %ymm1
+        vpand	%ymm12, %ymm0, %ymm0
+        vpand	%ymm12, %ymm1, %ymm1
+        vpaddd	%ymm0, %ymm4, %ymm4
+        vpaddd	%ymm1, %ymm5, %ymm5
+        vmovdqu	%ymm4, 2048(%rdi)
+        vmovdqu	%ymm5, 2080(%rdi)
+        vmovdqu	2112(%rdi), %ymm0
+        vmovdqu	2144(%rdi), %ymm1
+        vpsrad	$31, %ymm0, %ymm2
+        vpsrad	$31, %ymm1, %ymm3
+        vpand	%ymm8, %ymm2, %ymm2
+        vpand	%ymm8, %ymm3, %ymm3
+        vpaddd	%ymm2, %ymm0, %ymm0
+        vpaddd	%ymm3, %ymm1, %ymm1
+        vpmulld	%ymm12, %ymm0, %ymm4
+        vpmulld	%ymm12, %ymm1, %ymm5
+        vpaddd	%ymm11, %ymm4, %ymm4
+        vpaddd	%ymm11, %ymm5, %ymm5
+        vpsrld	$23, %ymm4, %ymm4
+        vpsrld	$23, %ymm5, %ymm5
+        vpmulld	%ymm10, %ymm4, %ymm2
+        vpmulld	%ymm10, %ymm5, %ymm3
+        vpsubd	%ymm2, %ymm0, %ymm2
+        vpsubd	%ymm3, %ymm1, %ymm3
+        vpsubd	%ymm2, %ymm9, %ymm2
+        vpsubd	%ymm3, %ymm9, %ymm3
+        vpsrld	$31, %ymm2, %ymm2
+        vpsrld	$31, %ymm3, %ymm3
+        vpaddd	%ymm2, %ymm4, %ymm4
+        vpaddd	%ymm3, %ymm5, %ymm5
+        vpmulld	%ymm10, %ymm4, %ymm2
+        vpmulld	%ymm10, %ymm5, %ymm3
+        vpsubd	%ymm2, %ymm0, %ymm2
+        vpsubd	%ymm3, %ymm1, %ymm3
+        vpcmpeqd	%ymm12, %ymm4, %ymm0
+        vpcmpeqd	%ymm12, %ymm5, %ymm1
+        vpaddd	%ymm0, %ymm2, %ymm2
+        vpaddd	%ymm1, %ymm3, %ymm3
+        vpcmpgtd	%ymm4, %ymm12, %ymm0
+        vpcmpgtd	%ymm5, %ymm12, %ymm1
+        vpand	%ymm0, %ymm4, %ymm4
+        vpand	%ymm1, %ymm5, %ymm5
+        movq	$0x01, %r9
+        xorq	%r10, %r10
+        xorq	%rcx, %rcx
+L_mldsa_use_hint_88_avx2_hints_next_2_1:
+        cmp	%dl, %al
+        jge	L_mldsa_use_hint_88_avx2_hints_done_2_1
+        mov	%r8b, %cl
+        sub	$16, %cl
+        cmpq	$16, %rcx
+        jge	L_mldsa_use_hint_88_avx2_hints_done_2_1
+        mov	%r9, %r11
+        shlq	%cl, %r11
+        orq	%r11, %r10
+        inc	%al
+        mov	(%rsi,%rax,1), %r8b
+        jmp	L_mldsa_use_hint_88_avx2_hints_next_2_1
+L_mldsa_use_hint_88_avx2_hints_done_2_1:
+        movd	%r10d, %xmm6
+        shr	$8, %r10
+        movd	%r10d, %xmm7
+        vpbroadcastd	%xmm6, %ymm6
+        vpbroadcastd	%xmm7, %ymm7
+        vpsllvd	%ymm13, %ymm6, %ymm6
+        vpsllvd	%ymm13, %ymm7, %ymm7
+        vpsrad	$31, %ymm6, %ymm6
+        vpsrad	$31, %ymm7, %ymm7
+        vpsrld	$31, %ymm2, %ymm2
+        vpsrld	$31, %ymm3, %ymm3
+        vpslld	$0x01, %ymm2, %ymm2
+        vpslld	$0x01, %ymm3, %ymm3
+        vpsubd	%ymm2, %ymm14, %ymm2
+        vpsubd	%ymm3, %ymm14, %ymm3
+        vpand	%ymm6, %ymm2, %ymm2
+        vpand	%ymm7, %ymm3, %ymm3
+        vpaddd	%ymm2, %ymm4, %ymm4
+        vpaddd	%ymm3, %ymm5, %ymm5
+        vpcmpgtd	%ymm4, %ymm12, %ymm0
+        vpcmpgtd	%ymm5, %ymm12, %ymm1
+        vpand	%ymm0, %ymm4, %ymm4
+        vpand	%ymm1, %ymm5, %ymm5
+        vpsrad	$31, %ymm4, %ymm0
+        vpsrad	$31, %ymm5, %ymm1
+        vpand	%ymm12, %ymm0, %ymm0
+        vpand	%ymm12, %ymm1, %ymm1
+        vpaddd	%ymm0, %ymm4, %ymm4
+        vpaddd	%ymm1, %ymm5, %ymm5
+        vmovdqu	%ymm4, 2112(%rdi)
+        vmovdqu	%ymm5, 2144(%rdi)
+        vmovdqu	2176(%rdi), %ymm0
+        vmovdqu	2208(%rdi), %ymm1
+        vpsrad	$31, %ymm0, %ymm2
+        vpsrad	$31, %ymm1, %ymm3
+        vpand	%ymm8, %ymm2, %ymm2
+        vpand	%ymm8, %ymm3, %ymm3
+        vpaddd	%ymm2, %ymm0, %ymm0
+        vpaddd	%ymm3, %ymm1, %ymm1
+        vpmulld	%ymm12, %ymm0, %ymm4
+        vpmulld	%ymm12, %ymm1, %ymm5
+        vpaddd	%ymm11, %ymm4, %ymm4
+        vpaddd	%ymm11, %ymm5, %ymm5
+        vpsrld	$23, %ymm4, %ymm4
+        vpsrld	$23, %ymm5, %ymm5
+        vpmulld	%ymm10, %ymm4, %ymm2
+        vpmulld	%ymm10, %ymm5, %ymm3
+        vpsubd	%ymm2, %ymm0, %ymm2
+        vpsubd	%ymm3, %ymm1, %ymm3
+        vpsubd	%ymm2, %ymm9, %ymm2
+        vpsubd	%ymm3, %ymm9, %ymm3
+        vpsrld	$31, %ymm2, %ymm2
+        vpsrld	$31, %ymm3, %ymm3
+        vpaddd	%ymm2, %ymm4, %ymm4
+        vpaddd	%ymm3, %ymm5, %ymm5
+        vpmulld	%ymm10, %ymm4, %ymm2
+        vpmulld	%ymm10, %ymm5, %ymm3
+        vpsubd	%ymm2, %ymm0, %ymm2
+        vpsubd	%ymm3, %ymm1, %ymm3
+        vpcmpeqd	%ymm12, %ymm4, %ymm0
+        vpcmpeqd	%ymm12, %ymm5, %ymm1
+        vpaddd	%ymm0, %ymm2, %ymm2
+        vpaddd	%ymm1, %ymm3, %ymm3
+        vpcmpgtd	%ymm4, %ymm12, %ymm0
+        vpcmpgtd	%ymm5, %ymm12, %ymm1
+        vpand	%ymm0, %ymm4, %ymm4
+        vpand	%ymm1, %ymm5, %ymm5
+        movq	$0x01, %r9
+        xorq	%r10, %r10
+        xorq	%rcx, %rcx
+L_mldsa_use_hint_88_avx2_hints_next_2_2:
+        cmp	%dl, %al
+        jge	L_mldsa_use_hint_88_avx2_hints_done_2_2
+        mov	%r8b, %cl
+        sub	$32, %cl
+        cmpq	$16, %rcx
+        jge	L_mldsa_use_hint_88_avx2_hints_done_2_2
+        mov	%r9, %r11
+        shlq	%cl, %r11
+        orq	%r11, %r10
+        inc	%al
+        mov	(%rsi,%rax,1), %r8b
+        jmp	L_mldsa_use_hint_88_avx2_hints_next_2_2
+L_mldsa_use_hint_88_avx2_hints_done_2_2:
+        movd	%r10d, %xmm6
+        shr	$8, %r10
+        movd	%r10d, %xmm7
+        vpbroadcastd	%xmm6, %ymm6
+        vpbroadcastd	%xmm7, %ymm7
+        vpsllvd	%ymm13, %ymm6, %ymm6
+        vpsllvd	%ymm13, %ymm7, %ymm7
+        vpsrad	$31, %ymm6, %ymm6
+        vpsrad	$31, %ymm7, %ymm7
+        vpsrld	$31, %ymm2, %ymm2
+        vpsrld	$31, %ymm3, %ymm3
+        vpslld	$0x01, %ymm2, %ymm2
+        vpslld	$0x01, %ymm3, %ymm3
+        vpsubd	%ymm2, %ymm14, %ymm2
+        vpsubd	%ymm3, %ymm14, %ymm3
+        vpand	%ymm6, %ymm2, %ymm2
+        vpand	%ymm7, %ymm3, %ymm3
+        vpaddd	%ymm2, %ymm4, %ymm4
+        vpaddd	%ymm3, %ymm5, %ymm5
+        vpcmpgtd	%ymm4, %ymm12, %ymm0
+        vpcmpgtd	%ymm5, %ymm12, %ymm1
+        vpand	%ymm0, %ymm4, %ymm4
+        vpand	%ymm1, %ymm5, %ymm5
+        vpsrad	$31, %ymm4, %ymm0
+        vpsrad	$31, %ymm5, %ymm1
+        vpand	%ymm12, %ymm0, %ymm0
+        vpand	%ymm12, %ymm1, %ymm1
+        vpaddd	%ymm0, %ymm4, %ymm4
+        vpaddd	%ymm1, %ymm5, %ymm5
+        vmovdqu	%ymm4, 2176(%rdi)
+        vmovdqu	%ymm5, 2208(%rdi)
+        vmovdqu	2240(%rdi), %ymm0
+        vmovdqu	2272(%rdi), %ymm1
+        vpsrad	$31, %ymm0, %ymm2
+        vpsrad	$31, %ymm1, %ymm3
+        vpand	%ymm8, %ymm2, %ymm2
+        vpand	%ymm8, %ymm3, %ymm3
+        vpaddd	%ymm2, %ymm0, %ymm0
+        vpaddd	%ymm3, %ymm1, %ymm1
+        vpmulld	%ymm12, %ymm0, %ymm4
+        vpmulld	%ymm12, %ymm1, %ymm5
+        vpaddd	%ymm11, %ymm4, %ymm4
+        vpaddd	%ymm11, %ymm5, %ymm5
+        vpsrld	$23, %ymm4, %ymm4
+        vpsrld	$23, %ymm5, %ymm5
+        vpmulld	%ymm10, %ymm4, %ymm2
+        vpmulld	%ymm10, %ymm5, %ymm3
+        vpsubd	%ymm2, %ymm0, %ymm2
+        vpsubd	%ymm3, %ymm1, %ymm3
+        vpsubd	%ymm2, %ymm9, %ymm2
+        vpsubd	%ymm3, %ymm9, %ymm3
+        vpsrld	$31, %ymm2, %ymm2
+        vpsrld	$31, %ymm3, %ymm3
+        vpaddd	%ymm2, %ymm4, %ymm4
+        vpaddd	%ymm3, %ymm5, %ymm5
+        vpmulld	%ymm10, %ymm4, %ymm2
+        vpmulld	%ymm10, %ymm5, %ymm3
+        vpsubd	%ymm2, %ymm0, %ymm2
+        vpsubd	%ymm3, %ymm1, %ymm3
+        vpcmpeqd	%ymm12, %ymm4, %ymm0
+        vpcmpeqd	%ymm12, %ymm5, %ymm1
+        vpaddd	%ymm0, %ymm2, %ymm2
+        vpaddd	%ymm1, %ymm3, %ymm3
+        vpcmpgtd	%ymm4, %ymm12, %ymm0
+        vpcmpgtd	%ymm5, %ymm12, %ymm1
+        vpand	%ymm0, %ymm4, %ymm4
+        vpand	%ymm1, %ymm5, %ymm5
+        movq	$0x01, %r9
+        xorq	%r10, %r10
+        xorq	%rcx, %rcx
+L_mldsa_use_hint_88_avx2_hints_next_2_3:
+        cmp	%dl, %al
+        jge	L_mldsa_use_hint_88_avx2_hints_done_2_3
+        mov	%r8b, %cl
+        sub	$48, %cl
+        cmpq	$16, %rcx
+        jge	L_mldsa_use_hint_88_avx2_hints_done_2_3
+        mov	%r9, %r11
+        shlq	%cl, %r11
+        orq	%r11, %r10
+        inc	%al
+        mov	(%rsi,%rax,1), %r8b
+        jmp	L_mldsa_use_hint_88_avx2_hints_next_2_3
+L_mldsa_use_hint_88_avx2_hints_done_2_3:
+        movd	%r10d, %xmm6
+        shr	$8, %r10
+        movd	%r10d, %xmm7
+        vpbroadcastd	%xmm6, %ymm6
+        vpbroadcastd	%xmm7, %ymm7
+        vpsllvd	%ymm13, %ymm6, %ymm6
+        vpsllvd	%ymm13, %ymm7, %ymm7
+        vpsrad	$31, %ymm6, %ymm6
+        vpsrad	$31, %ymm7, %ymm7
+        vpsrld	$31, %ymm2, %ymm2
+        vpsrld	$31, %ymm3, %ymm3
+        vpslld	$0x01, %ymm2, %ymm2
+        vpslld	$0x01, %ymm3, %ymm3
+        vpsubd	%ymm2, %ymm14, %ymm2
+        vpsubd	%ymm3, %ymm14, %ymm3
+        vpand	%ymm6, %ymm2, %ymm2
+        vpand	%ymm7, %ymm3, %ymm3
+        vpaddd	%ymm2, %ymm4, %ymm4
+        vpaddd	%ymm3, %ymm5, %ymm5
+        vpcmpgtd	%ymm4, %ymm12, %ymm0
+        vpcmpgtd	%ymm5, %ymm12, %ymm1
+        vpand	%ymm0, %ymm4, %ymm4
+        vpand	%ymm1, %ymm5, %ymm5
+        vpsrad	$31, %ymm4, %ymm0
+        vpsrad	$31, %ymm5, %ymm1
+        vpand	%ymm12, %ymm0, %ymm0
+        vpand	%ymm12, %ymm1, %ymm1
+        vpaddd	%ymm0, %ymm4, %ymm4
+        vpaddd	%ymm1, %ymm5, %ymm5
+        vmovdqu	%ymm4, 2240(%rdi)
+        vmovdqu	%ymm5, 2272(%rdi)
+        vmovdqu	2304(%rdi), %ymm0
+        vmovdqu	2336(%rdi), %ymm1
+        vpsrad	$31, %ymm0, %ymm2
+        vpsrad	$31, %ymm1, %ymm3
+        vpand	%ymm8, %ymm2, %ymm2
+        vpand	%ymm8, %ymm3, %ymm3
+        vpaddd	%ymm2, %ymm0, %ymm0
+        vpaddd	%ymm3, %ymm1, %ymm1
+        vpmulld	%ymm12, %ymm0, %ymm4
+        vpmulld	%ymm12, %ymm1, %ymm5
+        vpaddd	%ymm11, %ymm4, %ymm4
+        vpaddd	%ymm11, %ymm5, %ymm5
+        vpsrld	$23, %ymm4, %ymm4
+        vpsrld	$23, %ymm5, %ymm5
+        vpmulld	%ymm10, %ymm4, %ymm2
+        vpmulld	%ymm10, %ymm5, %ymm3
+        vpsubd	%ymm2, %ymm0, %ymm2
+        vpsubd	%ymm3, %ymm1, %ymm3
+        vpsubd	%ymm2, %ymm9, %ymm2
+        vpsubd	%ymm3, %ymm9, %ymm3
+        vpsrld	$31, %ymm2, %ymm2
+        vpsrld	$31, %ymm3, %ymm3
+        vpaddd	%ymm2, %ymm4, %ymm4
+        vpaddd	%ymm3, %ymm5, %ymm5
+        vpmulld	%ymm10, %ymm4, %ymm2
+        vpmulld	%ymm10, %ymm5, %ymm3
+        vpsubd	%ymm2, %ymm0, %ymm2
+        vpsubd	%ymm3, %ymm1, %ymm3
+        vpcmpeqd	%ymm12, %ymm4, %ymm0
+        vpcmpeqd	%ymm12, %ymm5, %ymm1
+        vpaddd	%ymm0, %ymm2, %ymm2
+        vpaddd	%ymm1, %ymm3, %ymm3
+        vpcmpgtd	%ymm4, %ymm12, %ymm0
+        vpcmpgtd	%ymm5, %ymm12, %ymm1
+        vpand	%ymm0, %ymm4, %ymm4
+        vpand	%ymm1, %ymm5, %ymm5
+        movq	$0x01, %r9
+        xorq	%r10, %r10
+        xorq	%rcx, %rcx
+L_mldsa_use_hint_88_avx2_hints_next_2_4:
+        cmp	%dl, %al
+        jge	L_mldsa_use_hint_88_avx2_hints_done_2_4
+        mov	%r8b, %cl
+        sub	$0x40, %cl
+        cmpq	$16, %rcx
+        jge	L_mldsa_use_hint_88_avx2_hints_done_2_4
+        mov	%r9, %r11
+        shlq	%cl, %r11
+        orq	%r11, %r10
+        inc	%al
+        mov	(%rsi,%rax,1), %r8b
+        jmp	L_mldsa_use_hint_88_avx2_hints_next_2_4
+L_mldsa_use_hint_88_avx2_hints_done_2_4:
+        movd	%r10d, %xmm6
+        shr	$8, %r10
+        movd	%r10d, %xmm7
+        vpbroadcastd	%xmm6, %ymm6
+        vpbroadcastd	%xmm7, %ymm7
+        vpsllvd	%ymm13, %ymm6, %ymm6
+        vpsllvd	%ymm13, %ymm7, %ymm7
+        vpsrad	$31, %ymm6, %ymm6
+        vpsrad	$31, %ymm7, %ymm7
+        vpsrld	$31, %ymm2, %ymm2
+        vpsrld	$31, %ymm3, %ymm3
+        vpslld	$0x01, %ymm2, %ymm2
+        vpslld	$0x01, %ymm3, %ymm3
+        vpsubd	%ymm2, %ymm14, %ymm2
+        vpsubd	%ymm3, %ymm14, %ymm3
+        vpand	%ymm6, %ymm2, %ymm2
+        vpand	%ymm7, %ymm3, %ymm3
+        vpaddd	%ymm2, %ymm4, %ymm4
+        vpaddd	%ymm3, %ymm5, %ymm5
+        vpcmpgtd	%ymm4, %ymm12, %ymm0
+        vpcmpgtd	%ymm5, %ymm12, %ymm1
+        vpand	%ymm0, %ymm4, %ymm4
+        vpand	%ymm1, %ymm5, %ymm5
+        vpsrad	$31, %ymm4, %ymm0
+        vpsrad	$31, %ymm5, %ymm1
+        vpand	%ymm12, %ymm0, %ymm0
+        vpand	%ymm12, %ymm1, %ymm1
+        vpaddd	%ymm0, %ymm4, %ymm4
+        vpaddd	%ymm1, %ymm5, %ymm5
+        vmovdqu	%ymm4, 2304(%rdi)
+        vmovdqu	%ymm5, 2336(%rdi)
+        vmovdqu	2368(%rdi), %ymm0
+        vmovdqu	2400(%rdi), %ymm1
+        vpsrad	$31, %ymm0, %ymm2
+        vpsrad	$31, %ymm1, %ymm3
+        vpand	%ymm8, %ymm2, %ymm2
+        vpand	%ymm8, %ymm3, %ymm3
+        vpaddd	%ymm2, %ymm0, %ymm0
+        vpaddd	%ymm3, %ymm1, %ymm1
+        vpmulld	%ymm12, %ymm0, %ymm4
+        vpmulld	%ymm12, %ymm1, %ymm5
+        vpaddd	%ymm11, %ymm4, %ymm4
+        vpaddd	%ymm11, %ymm5, %ymm5
+        vpsrld	$23, %ymm4, %ymm4
+        vpsrld	$23, %ymm5, %ymm5
+        vpmulld	%ymm10, %ymm4, %ymm2
+        vpmulld	%ymm10, %ymm5, %ymm3
+        vpsubd	%ymm2, %ymm0, %ymm2
+        vpsubd	%ymm3, %ymm1, %ymm3
+        vpsubd	%ymm2, %ymm9, %ymm2
+        vpsubd	%ymm3, %ymm9, %ymm3
+        vpsrld	$31, %ymm2, %ymm2
+        vpsrld	$31, %ymm3, %ymm3
+        vpaddd	%ymm2, %ymm4, %ymm4
+        vpaddd	%ymm3, %ymm5, %ymm5
+        vpmulld	%ymm10, %ymm4, %ymm2
+        vpmulld	%ymm10, %ymm5, %ymm3
+        vpsubd	%ymm2, %ymm0, %ymm2
+        vpsubd	%ymm3, %ymm1, %ymm3
+        vpcmpeqd	%ymm12, %ymm4, %ymm0
+        vpcmpeqd	%ymm12, %ymm5, %ymm1
+        vpaddd	%ymm0, %ymm2, %ymm2
+        vpaddd	%ymm1, %ymm3, %ymm3
+        vpcmpgtd	%ymm4, %ymm12, %ymm0
+        vpcmpgtd	%ymm5, %ymm12, %ymm1
+        vpand	%ymm0, %ymm4, %ymm4
+        vpand	%ymm1, %ymm5, %ymm5
+        movq	$0x01, %r9
+        xorq	%r10, %r10
+        xorq	%rcx, %rcx
+L_mldsa_use_hint_88_avx2_hints_next_2_5:
+        cmp	%dl, %al
+        jge	L_mldsa_use_hint_88_avx2_hints_done_2_5
+        mov	%r8b, %cl
+        sub	$0x50, %cl
+        cmpq	$16, %rcx
+        jge	L_mldsa_use_hint_88_avx2_hints_done_2_5
+        mov	%r9, %r11
+        shlq	%cl, %r11
+        orq	%r11, %r10
+        inc	%al
+        mov	(%rsi,%rax,1), %r8b
+        jmp	L_mldsa_use_hint_88_avx2_hints_next_2_5
+L_mldsa_use_hint_88_avx2_hints_done_2_5:
+        movd	%r10d, %xmm6
+        shr	$8, %r10
+        movd	%r10d, %xmm7
+        vpbroadcastd	%xmm6, %ymm6
+        vpbroadcastd	%xmm7, %ymm7
+        vpsllvd	%ymm13, %ymm6, %ymm6
+        vpsllvd	%ymm13, %ymm7, %ymm7
+        vpsrad	$31, %ymm6, %ymm6
+        vpsrad	$31, %ymm7, %ymm7
+        vpsrld	$31, %ymm2, %ymm2
+        vpsrld	$31, %ymm3, %ymm3
+        vpslld	$0x01, %ymm2, %ymm2
+        vpslld	$0x01, %ymm3, %ymm3
+        vpsubd	%ymm2, %ymm14, %ymm2
+        vpsubd	%ymm3, %ymm14, %ymm3
+        vpand	%ymm6, %ymm2, %ymm2
+        vpand	%ymm7, %ymm3, %ymm3
+        vpaddd	%ymm2, %ymm4, %ymm4
+        vpaddd	%ymm3, %ymm5, %ymm5
+        vpcmpgtd	%ymm4, %ymm12, %ymm0
+        vpcmpgtd	%ymm5, %ymm12, %ymm1
+        vpand	%ymm0, %ymm4, %ymm4
+        vpand	%ymm1, %ymm5, %ymm5
+        vpsrad	$31, %ymm4, %ymm0
+        vpsrad	$31, %ymm5, %ymm1
+        vpand	%ymm12, %ymm0, %ymm0
+        vpand	%ymm12, %ymm1, %ymm1
+        vpaddd	%ymm0, %ymm4, %ymm4
+        vpaddd	%ymm1, %ymm5, %ymm5
+        vmovdqu	%ymm4, 2368(%rdi)
+        vmovdqu	%ymm5, 2400(%rdi)
+        vmovdqu	2432(%rdi), %ymm0
+        vmovdqu	2464(%rdi), %ymm1
+        vpsrad	$31, %ymm0, %ymm2
+        vpsrad	$31, %ymm1, %ymm3
+        vpand	%ymm8, %ymm2, %ymm2
+        vpand	%ymm8, %ymm3, %ymm3
+        vpaddd	%ymm2, %ymm0, %ymm0
+        vpaddd	%ymm3, %ymm1, %ymm1
+        vpmulld	%ymm12, %ymm0, %ymm4
+        vpmulld	%ymm12, %ymm1, %ymm5
+        vpaddd	%ymm11, %ymm4, %ymm4
+        vpaddd	%ymm11, %ymm5, %ymm5
+        vpsrld	$23, %ymm4, %ymm4
+        vpsrld	$23, %ymm5, %ymm5
+        vpmulld	%ymm10, %ymm4, %ymm2
+        vpmulld	%ymm10, %ymm5, %ymm3
+        vpsubd	%ymm2, %ymm0, %ymm2
+        vpsubd	%ymm3, %ymm1, %ymm3
+        vpsubd	%ymm2, %ymm9, %ymm2
+        vpsubd	%ymm3, %ymm9, %ymm3
+        vpsrld	$31, %ymm2, %ymm2
+        vpsrld	$31, %ymm3, %ymm3
+        vpaddd	%ymm2, %ymm4, %ymm4
+        vpaddd	%ymm3, %ymm5, %ymm5
+        vpmulld	%ymm10, %ymm4, %ymm2
+        vpmulld	%ymm10, %ymm5, %ymm3
+        vpsubd	%ymm2, %ymm0, %ymm2
+        vpsubd	%ymm3, %ymm1, %ymm3
+        vpcmpeqd	%ymm12, %ymm4, %ymm0
+        vpcmpeqd	%ymm12, %ymm5, %ymm1
+        vpaddd	%ymm0, %ymm2, %ymm2
+        vpaddd	%ymm1, %ymm3, %ymm3
+        vpcmpgtd	%ymm4, %ymm12, %ymm0
+        vpcmpgtd	%ymm5, %ymm12, %ymm1
+        vpand	%ymm0, %ymm4, %ymm4
+        vpand	%ymm1, %ymm5, %ymm5
+        movq	$0x01, %r9
+        xorq	%r10, %r10
+        xorq	%rcx, %rcx
+L_mldsa_use_hint_88_avx2_hints_next_2_6:
+        cmp	%dl, %al
+        jge	L_mldsa_use_hint_88_avx2_hints_done_2_6
+        mov	%r8b, %cl
+        sub	$0x60, %cl
+        cmpq	$16, %rcx
+        jge	L_mldsa_use_hint_88_avx2_hints_done_2_6
+        mov	%r9, %r11
+        shlq	%cl, %r11
+        orq	%r11, %r10
+        inc	%al
+        mov	(%rsi,%rax,1), %r8b
+        jmp	L_mldsa_use_hint_88_avx2_hints_next_2_6
+L_mldsa_use_hint_88_avx2_hints_done_2_6:
+        movd	%r10d, %xmm6
+        shr	$8, %r10
+        movd	%r10d, %xmm7
+        vpbroadcastd	%xmm6, %ymm6
+        vpbroadcastd	%xmm7, %ymm7
+        vpsllvd	%ymm13, %ymm6, %ymm6
+        vpsllvd	%ymm13, %ymm7, %ymm7
+        vpsrad	$31, %ymm6, %ymm6
+        vpsrad	$31, %ymm7, %ymm7
+        vpsrld	$31, %ymm2, %ymm2
+        vpsrld	$31, %ymm3, %ymm3
+        vpslld	$0x01, %ymm2, %ymm2
+        vpslld	$0x01, %ymm3, %ymm3
+        vpsubd	%ymm2, %ymm14, %ymm2
+        vpsubd	%ymm3, %ymm14, %ymm3
+        vpand	%ymm6, %ymm2, %ymm2
+        vpand	%ymm7, %ymm3, %ymm3
+        vpaddd	%ymm2, %ymm4, %ymm4
+        vpaddd	%ymm3, %ymm5, %ymm5
+        vpcmpgtd	%ymm4, %ymm12, %ymm0
+        vpcmpgtd	%ymm5, %ymm12, %ymm1
+        vpand	%ymm0, %ymm4, %ymm4
+        vpand	%ymm1, %ymm5, %ymm5
+        vpsrad	$31, %ymm4, %ymm0
+        vpsrad	$31, %ymm5, %ymm1
+        vpand	%ymm12, %ymm0, %ymm0
+        vpand	%ymm12, %ymm1, %ymm1
+        vpaddd	%ymm0, %ymm4, %ymm4
+        vpaddd	%ymm1, %ymm5, %ymm5
+        vmovdqu	%ymm4, 2432(%rdi)
+        vmovdqu	%ymm5, 2464(%rdi)
+        vmovdqu	2496(%rdi), %ymm0
+        vmovdqu	2528(%rdi), %ymm1
+        vpsrad	$31, %ymm0, %ymm2
+        vpsrad	$31, %ymm1, %ymm3
+        vpand	%ymm8, %ymm2, %ymm2
+        vpand	%ymm8, %ymm3, %ymm3
+        vpaddd	%ymm2, %ymm0, %ymm0
+        vpaddd	%ymm3, %ymm1, %ymm1
+        vpmulld	%ymm12, %ymm0, %ymm4
+        vpmulld	%ymm12, %ymm1, %ymm5
+        vpaddd	%ymm11, %ymm4, %ymm4
+        vpaddd	%ymm11, %ymm5, %ymm5
+        vpsrld	$23, %ymm4, %ymm4
+        vpsrld	$23, %ymm5, %ymm5
+        vpmulld	%ymm10, %ymm4, %ymm2
+        vpmulld	%ymm10, %ymm5, %ymm3
+        vpsubd	%ymm2, %ymm0, %ymm2
+        vpsubd	%ymm3, %ymm1, %ymm3
+        vpsubd	%ymm2, %ymm9, %ymm2
+        vpsubd	%ymm3, %ymm9, %ymm3
+        vpsrld	$31, %ymm2, %ymm2
+        vpsrld	$31, %ymm3, %ymm3
+        vpaddd	%ymm2, %ymm4, %ymm4
+        vpaddd	%ymm3, %ymm5, %ymm5
+        vpmulld	%ymm10, %ymm4, %ymm2
+        vpmulld	%ymm10, %ymm5, %ymm3
+        vpsubd	%ymm2, %ymm0, %ymm2
+        vpsubd	%ymm3, %ymm1, %ymm3
+        vpcmpeqd	%ymm12, %ymm4, %ymm0
+        vpcmpeqd	%ymm12, %ymm5, %ymm1
+        vpaddd	%ymm0, %ymm2, %ymm2
+        vpaddd	%ymm1, %ymm3, %ymm3
+        vpcmpgtd	%ymm4, %ymm12, %ymm0
+        vpcmpgtd	%ymm5, %ymm12, %ymm1
+        vpand	%ymm0, %ymm4, %ymm4
+        vpand	%ymm1, %ymm5, %ymm5
+        movq	$0x01, %r9
+        xorq	%r10, %r10
+        xorq	%rcx, %rcx
+L_mldsa_use_hint_88_avx2_hints_next_2_7:
+        cmp	%dl, %al
+        jge	L_mldsa_use_hint_88_avx2_hints_done_2_7
+        mov	%r8b, %cl
+        sub	$0x70, %cl
+        cmpq	$16, %rcx
+        jge	L_mldsa_use_hint_88_avx2_hints_done_2_7
+        mov	%r9, %r11
+        shlq	%cl, %r11
+        orq	%r11, %r10
+        inc	%al
+        mov	(%rsi,%rax,1), %r8b
+        jmp	L_mldsa_use_hint_88_avx2_hints_next_2_7
+L_mldsa_use_hint_88_avx2_hints_done_2_7:
+        movd	%r10d, %xmm6
+        shr	$8, %r10
+        movd	%r10d, %xmm7
+        vpbroadcastd	%xmm6, %ymm6
+        vpbroadcastd	%xmm7, %ymm7
+        vpsllvd	%ymm13, %ymm6, %ymm6
+        vpsllvd	%ymm13, %ymm7, %ymm7
+        vpsrad	$31, %ymm6, %ymm6
+        vpsrad	$31, %ymm7, %ymm7
+        vpsrld	$31, %ymm2, %ymm2
+        vpsrld	$31, %ymm3, %ymm3
+        vpslld	$0x01, %ymm2, %ymm2
+        vpslld	$0x01, %ymm3, %ymm3
+        vpsubd	%ymm2, %ymm14, %ymm2
+        vpsubd	%ymm3, %ymm14, %ymm3
+        vpand	%ymm6, %ymm2, %ymm2
+        vpand	%ymm7, %ymm3, %ymm3
+        vpaddd	%ymm2, %ymm4, %ymm4
+        vpaddd	%ymm3, %ymm5, %ymm5
+        vpcmpgtd	%ymm4, %ymm12, %ymm0
+        vpcmpgtd	%ymm5, %ymm12, %ymm1
+        vpand	%ymm0, %ymm4, %ymm4
+        vpand	%ymm1, %ymm5, %ymm5
+        vpsrad	$31, %ymm4, %ymm0
+        vpsrad	$31, %ymm5, %ymm1
+        vpand	%ymm12, %ymm0, %ymm0
+        vpand	%ymm12, %ymm1, %ymm1
+        vpaddd	%ymm0, %ymm4, %ymm4
+        vpaddd	%ymm1, %ymm5, %ymm5
+        vmovdqu	%ymm4, 2496(%rdi)
+        vmovdqu	%ymm5, 2528(%rdi)
+        vmovdqu	2560(%rdi), %ymm0
+        vmovdqu	2592(%rdi), %ymm1
+        vpsrad	$31, %ymm0, %ymm2
+        vpsrad	$31, %ymm1, %ymm3
+        vpand	%ymm8, %ymm2, %ymm2
+        vpand	%ymm8, %ymm3, %ymm3
+        vpaddd	%ymm2, %ymm0, %ymm0
+        vpaddd	%ymm3, %ymm1, %ymm1
+        vpmulld	%ymm12, %ymm0, %ymm4
+        vpmulld	%ymm12, %ymm1, %ymm5
+        vpaddd	%ymm11, %ymm4, %ymm4
+        vpaddd	%ymm11, %ymm5, %ymm5
+        vpsrld	$23, %ymm4, %ymm4
+        vpsrld	$23, %ymm5, %ymm5
+        vpmulld	%ymm10, %ymm4, %ymm2
+        vpmulld	%ymm10, %ymm5, %ymm3
+        vpsubd	%ymm2, %ymm0, %ymm2
+        vpsubd	%ymm3, %ymm1, %ymm3
+        vpsubd	%ymm2, %ymm9, %ymm2
+        vpsubd	%ymm3, %ymm9, %ymm3
+        vpsrld	$31, %ymm2, %ymm2
+        vpsrld	$31, %ymm3, %ymm3
+        vpaddd	%ymm2, %ymm4, %ymm4
+        vpaddd	%ymm3, %ymm5, %ymm5
+        vpmulld	%ymm10, %ymm4, %ymm2
+        vpmulld	%ymm10, %ymm5, %ymm3
+        vpsubd	%ymm2, %ymm0, %ymm2
+        vpsubd	%ymm3, %ymm1, %ymm3
+        vpcmpeqd	%ymm12, %ymm4, %ymm0
+        vpcmpeqd	%ymm12, %ymm5, %ymm1
+        vpaddd	%ymm0, %ymm2, %ymm2
+        vpaddd	%ymm1, %ymm3, %ymm3
+        vpcmpgtd	%ymm4, %ymm12, %ymm0
+        vpcmpgtd	%ymm5, %ymm12, %ymm1
+        vpand	%ymm0, %ymm4, %ymm4
+        vpand	%ymm1, %ymm5, %ymm5
+        movq	$0x01, %r9
+        xorq	%r10, %r10
+        xorq	%rcx, %rcx
+L_mldsa_use_hint_88_avx2_hints_next_2_8:
+        cmp	%dl, %al
+        jge	L_mldsa_use_hint_88_avx2_hints_done_2_8
+        mov	%r8b, %cl
+        sub	$0x80, %cl
+        cmpq	$16, %rcx
+        jge	L_mldsa_use_hint_88_avx2_hints_done_2_8
+        mov	%r9, %r11
+        shlq	%cl, %r11
+        orq	%r11, %r10
+        inc	%al
+        mov	(%rsi,%rax,1), %r8b
+        jmp	L_mldsa_use_hint_88_avx2_hints_next_2_8
+L_mldsa_use_hint_88_avx2_hints_done_2_8:
+        movd	%r10d, %xmm6
+        shr	$8, %r10
+        movd	%r10d, %xmm7
+        vpbroadcastd	%xmm6, %ymm6
+        vpbroadcastd	%xmm7, %ymm7
+        vpsllvd	%ymm13, %ymm6, %ymm6
+        vpsllvd	%ymm13, %ymm7, %ymm7
+        vpsrad	$31, %ymm6, %ymm6
+        vpsrad	$31, %ymm7, %ymm7
+        vpsrld	$31, %ymm2, %ymm2
+        vpsrld	$31, %ymm3, %ymm3
+        vpslld	$0x01, %ymm2, %ymm2
+        vpslld	$0x01, %ymm3, %ymm3
+        vpsubd	%ymm2, %ymm14, %ymm2
+        vpsubd	%ymm3, %ymm14, %ymm3
+        vpand	%ymm6, %ymm2, %ymm2
+        vpand	%ymm7, %ymm3, %ymm3
+        vpaddd	%ymm2, %ymm4, %ymm4
+        vpaddd	%ymm3, %ymm5, %ymm5
+        vpcmpgtd	%ymm4, %ymm12, %ymm0
+        vpcmpgtd	%ymm5, %ymm12, %ymm1
+        vpand	%ymm0, %ymm4, %ymm4
+        vpand	%ymm1, %ymm5, %ymm5
+        vpsrad	$31, %ymm4, %ymm0
+        vpsrad	$31, %ymm5, %ymm1
+        vpand	%ymm12, %ymm0, %ymm0
+        vpand	%ymm12, %ymm1, %ymm1
+        vpaddd	%ymm0, %ymm4, %ymm4
+        vpaddd	%ymm1, %ymm5, %ymm5
+        vmovdqu	%ymm4, 2560(%rdi)
+        vmovdqu	%ymm5, 2592(%rdi)
+        vmovdqu	2624(%rdi), %ymm0
+        vmovdqu	2656(%rdi), %ymm1
+        vpsrad	$31, %ymm0, %ymm2
+        vpsrad	$31, %ymm1, %ymm3
+        vpand	%ymm8, %ymm2, %ymm2
+        vpand	%ymm8, %ymm3, %ymm3
+        vpaddd	%ymm2, %ymm0, %ymm0
+        vpaddd	%ymm3, %ymm1, %ymm1
+        vpmulld	%ymm12, %ymm0, %ymm4
+        vpmulld	%ymm12, %ymm1, %ymm5
+        vpaddd	%ymm11, %ymm4, %ymm4
+        vpaddd	%ymm11, %ymm5, %ymm5
+        vpsrld	$23, %ymm4, %ymm4
+        vpsrld	$23, %ymm5, %ymm5
+        vpmulld	%ymm10, %ymm4, %ymm2
+        vpmulld	%ymm10, %ymm5, %ymm3
+        vpsubd	%ymm2, %ymm0, %ymm2
+        vpsubd	%ymm3, %ymm1, %ymm3
+        vpsubd	%ymm2, %ymm9, %ymm2
+        vpsubd	%ymm3, %ymm9, %ymm3
+        vpsrld	$31, %ymm2, %ymm2
+        vpsrld	$31, %ymm3, %ymm3
+        vpaddd	%ymm2, %ymm4, %ymm4
+        vpaddd	%ymm3, %ymm5, %ymm5
+        vpmulld	%ymm10, %ymm4, %ymm2
+        vpmulld	%ymm10, %ymm5, %ymm3
+        vpsubd	%ymm2, %ymm0, %ymm2
+        vpsubd	%ymm3, %ymm1, %ymm3
+        vpcmpeqd	%ymm12, %ymm4, %ymm0
+        vpcmpeqd	%ymm12, %ymm5, %ymm1
+        vpaddd	%ymm0, %ymm2, %ymm2
+        vpaddd	%ymm1, %ymm3, %ymm3
+        vpcmpgtd	%ymm4, %ymm12, %ymm0
+        vpcmpgtd	%ymm5, %ymm12, %ymm1
+        vpand	%ymm0, %ymm4, %ymm4
+        vpand	%ymm1, %ymm5, %ymm5
+        movq	$0x01, %r9
+        xorq	%r10, %r10
+        xorq	%rcx, %rcx
+L_mldsa_use_hint_88_avx2_hints_next_2_9:
+        cmp	%dl, %al
+        jge	L_mldsa_use_hint_88_avx2_hints_done_2_9
+        mov	%r8b, %cl
+        sub	$0x90, %cl
+        cmpq	$16, %rcx
+        jge	L_mldsa_use_hint_88_avx2_hints_done_2_9
+        mov	%r9, %r11
+        shlq	%cl, %r11
+        orq	%r11, %r10
+        inc	%al
+        mov	(%rsi,%rax,1), %r8b
+        jmp	L_mldsa_use_hint_88_avx2_hints_next_2_9
+L_mldsa_use_hint_88_avx2_hints_done_2_9:
+        movd	%r10d, %xmm6
+        shr	$8, %r10
+        movd	%r10d, %xmm7
+        vpbroadcastd	%xmm6, %ymm6
+        vpbroadcastd	%xmm7, %ymm7
+        vpsllvd	%ymm13, %ymm6, %ymm6
+        vpsllvd	%ymm13, %ymm7, %ymm7
+        vpsrad	$31, %ymm6, %ymm6
+        vpsrad	$31, %ymm7, %ymm7
+        vpsrld	$31, %ymm2, %ymm2
+        vpsrld	$31, %ymm3, %ymm3
+        vpslld	$0x01, %ymm2, %ymm2
+        vpslld	$0x01, %ymm3, %ymm3
+        vpsubd	%ymm2, %ymm14, %ymm2
+        vpsubd	%ymm3, %ymm14, %ymm3
+        vpand	%ymm6, %ymm2, %ymm2
+        vpand	%ymm7, %ymm3, %ymm3
+        vpaddd	%ymm2, %ymm4, %ymm4
+        vpaddd	%ymm3, %ymm5, %ymm5
+        vpcmpgtd	%ymm4, %ymm12, %ymm0
+        vpcmpgtd	%ymm5, %ymm12, %ymm1
+        vpand	%ymm0, %ymm4, %ymm4
+        vpand	%ymm1, %ymm5, %ymm5
+        vpsrad	$31, %ymm4, %ymm0
+        vpsrad	$31, %ymm5, %ymm1
+        vpand	%ymm12, %ymm0, %ymm0
+        vpand	%ymm12, %ymm1, %ymm1
+        vpaddd	%ymm0, %ymm4, %ymm4
+        vpaddd	%ymm1, %ymm5, %ymm5
+        vmovdqu	%ymm4, 2624(%rdi)
+        vmovdqu	%ymm5, 2656(%rdi)
+        vmovdqu	2688(%rdi), %ymm0
+        vmovdqu	2720(%rdi), %ymm1
+        vpsrad	$31, %ymm0, %ymm2
+        vpsrad	$31, %ymm1, %ymm3
+        vpand	%ymm8, %ymm2, %ymm2
+        vpand	%ymm8, %ymm3, %ymm3
+        vpaddd	%ymm2, %ymm0, %ymm0
+        vpaddd	%ymm3, %ymm1, %ymm1
+        vpmulld	%ymm12, %ymm0, %ymm4
+        vpmulld	%ymm12, %ymm1, %ymm5
+        vpaddd	%ymm11, %ymm4, %ymm4
+        vpaddd	%ymm11, %ymm5, %ymm5
+        vpsrld	$23, %ymm4, %ymm4
+        vpsrld	$23, %ymm5, %ymm5
+        vpmulld	%ymm10, %ymm4, %ymm2
+        vpmulld	%ymm10, %ymm5, %ymm3
+        vpsubd	%ymm2, %ymm0, %ymm2
+        vpsubd	%ymm3, %ymm1, %ymm3
+        vpsubd	%ymm2, %ymm9, %ymm2
+        vpsubd	%ymm3, %ymm9, %ymm3
+        vpsrld	$31, %ymm2, %ymm2
+        vpsrld	$31, %ymm3, %ymm3
+        vpaddd	%ymm2, %ymm4, %ymm4
+        vpaddd	%ymm3, %ymm5, %ymm5
+        vpmulld	%ymm10, %ymm4, %ymm2
+        vpmulld	%ymm10, %ymm5, %ymm3
+        vpsubd	%ymm2, %ymm0, %ymm2
+        vpsubd	%ymm3, %ymm1, %ymm3
+        vpcmpeqd	%ymm12, %ymm4, %ymm0
+        vpcmpeqd	%ymm12, %ymm5, %ymm1
+        vpaddd	%ymm0, %ymm2, %ymm2
+        vpaddd	%ymm1, %ymm3, %ymm3
+        vpcmpgtd	%ymm4, %ymm12, %ymm0
+        vpcmpgtd	%ymm5, %ymm12, %ymm1
+        vpand	%ymm0, %ymm4, %ymm4
+        vpand	%ymm1, %ymm5, %ymm5
+        movq	$0x01, %r9
+        xorq	%r10, %r10
+        xorq	%rcx, %rcx
+L_mldsa_use_hint_88_avx2_hints_next_2_10:
+        cmp	%dl, %al
+        jge	L_mldsa_use_hint_88_avx2_hints_done_2_10
+        mov	%r8b, %cl
+        sub	$0xa0, %cl
+        cmpq	$16, %rcx
+        jge	L_mldsa_use_hint_88_avx2_hints_done_2_10
+        mov	%r9, %r11
+        shlq	%cl, %r11
+        orq	%r11, %r10
+        inc	%al
+        mov	(%rsi,%rax,1), %r8b
+        jmp	L_mldsa_use_hint_88_avx2_hints_next_2_10
+L_mldsa_use_hint_88_avx2_hints_done_2_10:
+        movd	%r10d, %xmm6
+        shr	$8, %r10
+        movd	%r10d, %xmm7
+        vpbroadcastd	%xmm6, %ymm6
+        vpbroadcastd	%xmm7, %ymm7
+        vpsllvd	%ymm13, %ymm6, %ymm6
+        vpsllvd	%ymm13, %ymm7, %ymm7
+        vpsrad	$31, %ymm6, %ymm6
+        vpsrad	$31, %ymm7, %ymm7
+        vpsrld	$31, %ymm2, %ymm2
+        vpsrld	$31, %ymm3, %ymm3
+        vpslld	$0x01, %ymm2, %ymm2
+        vpslld	$0x01, %ymm3, %ymm3
+        vpsubd	%ymm2, %ymm14, %ymm2
+        vpsubd	%ymm3, %ymm14, %ymm3
+        vpand	%ymm6, %ymm2, %ymm2
+        vpand	%ymm7, %ymm3, %ymm3
+        vpaddd	%ymm2, %ymm4, %ymm4
+        vpaddd	%ymm3, %ymm5, %ymm5
+        vpcmpgtd	%ymm4, %ymm12, %ymm0
+        vpcmpgtd	%ymm5, %ymm12, %ymm1
+        vpand	%ymm0, %ymm4, %ymm4
+        vpand	%ymm1, %ymm5, %ymm5
+        vpsrad	$31, %ymm4, %ymm0
+        vpsrad	$31, %ymm5, %ymm1
+        vpand	%ymm12, %ymm0, %ymm0
+        vpand	%ymm12, %ymm1, %ymm1
+        vpaddd	%ymm0, %ymm4, %ymm4
+        vpaddd	%ymm1, %ymm5, %ymm5
+        vmovdqu	%ymm4, 2688(%rdi)
+        vmovdqu	%ymm5, 2720(%rdi)
+        vmovdqu	2752(%rdi), %ymm0
+        vmovdqu	2784(%rdi), %ymm1
+        vpsrad	$31, %ymm0, %ymm2
+        vpsrad	$31, %ymm1, %ymm3
+        vpand	%ymm8, %ymm2, %ymm2
+        vpand	%ymm8, %ymm3, %ymm3
+        vpaddd	%ymm2, %ymm0, %ymm0
+        vpaddd	%ymm3, %ymm1, %ymm1
+        vpmulld	%ymm12, %ymm0, %ymm4
+        vpmulld	%ymm12, %ymm1, %ymm5
+        vpaddd	%ymm11, %ymm4, %ymm4
+        vpaddd	%ymm11, %ymm5, %ymm5
+        vpsrld	$23, %ymm4, %ymm4
+        vpsrld	$23, %ymm5, %ymm5
+        vpmulld	%ymm10, %ymm4, %ymm2
+        vpmulld	%ymm10, %ymm5, %ymm3
+        vpsubd	%ymm2, %ymm0, %ymm2
+        vpsubd	%ymm3, %ymm1, %ymm3
+        vpsubd	%ymm2, %ymm9, %ymm2
+        vpsubd	%ymm3, %ymm9, %ymm3
+        vpsrld	$31, %ymm2, %ymm2
+        vpsrld	$31, %ymm3, %ymm3
+        vpaddd	%ymm2, %ymm4, %ymm4
+        vpaddd	%ymm3, %ymm5, %ymm5
+        vpmulld	%ymm10, %ymm4, %ymm2
+        vpmulld	%ymm10, %ymm5, %ymm3
+        vpsubd	%ymm2, %ymm0, %ymm2
+        vpsubd	%ymm3, %ymm1, %ymm3
+        vpcmpeqd	%ymm12, %ymm4, %ymm0
+        vpcmpeqd	%ymm12, %ymm5, %ymm1
+        vpaddd	%ymm0, %ymm2, %ymm2
+        vpaddd	%ymm1, %ymm3, %ymm3
+        vpcmpgtd	%ymm4, %ymm12, %ymm0
+        vpcmpgtd	%ymm5, %ymm12, %ymm1
+        vpand	%ymm0, %ymm4, %ymm4
+        vpand	%ymm1, %ymm5, %ymm5
+        movq	$0x01, %r9
+        xorq	%r10, %r10
+        xorq	%rcx, %rcx
+L_mldsa_use_hint_88_avx2_hints_next_2_11:
+        cmp	%dl, %al
+        jge	L_mldsa_use_hint_88_avx2_hints_done_2_11
+        mov	%r8b, %cl
+        sub	$0xb0, %cl
+        cmpq	$16, %rcx
+        jge	L_mldsa_use_hint_88_avx2_hints_done_2_11
+        mov	%r9, %r11
+        shlq	%cl, %r11
+        orq	%r11, %r10
+        inc	%al
+        mov	(%rsi,%rax,1), %r8b
+        jmp	L_mldsa_use_hint_88_avx2_hints_next_2_11
+L_mldsa_use_hint_88_avx2_hints_done_2_11:
+        movd	%r10d, %xmm6
+        shr	$8, %r10
+        movd	%r10d, %xmm7
+        vpbroadcastd	%xmm6, %ymm6
+        vpbroadcastd	%xmm7, %ymm7
+        vpsllvd	%ymm13, %ymm6, %ymm6
+        vpsllvd	%ymm13, %ymm7, %ymm7
+        vpsrad	$31, %ymm6, %ymm6
+        vpsrad	$31, %ymm7, %ymm7
+        vpsrld	$31, %ymm2, %ymm2
+        vpsrld	$31, %ymm3, %ymm3
+        vpslld	$0x01, %ymm2, %ymm2
+        vpslld	$0x01, %ymm3, %ymm3
+        vpsubd	%ymm2, %ymm14, %ymm2
+        vpsubd	%ymm3, %ymm14, %ymm3
+        vpand	%ymm6, %ymm2, %ymm2
+        vpand	%ymm7, %ymm3, %ymm3
+        vpaddd	%ymm2, %ymm4, %ymm4
+        vpaddd	%ymm3, %ymm5, %ymm5
+        vpcmpgtd	%ymm4, %ymm12, %ymm0
+        vpcmpgtd	%ymm5, %ymm12, %ymm1
+        vpand	%ymm0, %ymm4, %ymm4
+        vpand	%ymm1, %ymm5, %ymm5
+        vpsrad	$31, %ymm4, %ymm0
+        vpsrad	$31, %ymm5, %ymm1
+        vpand	%ymm12, %ymm0, %ymm0
+        vpand	%ymm12, %ymm1, %ymm1
+        vpaddd	%ymm0, %ymm4, %ymm4
+        vpaddd	%ymm1, %ymm5, %ymm5
+        vmovdqu	%ymm4, 2752(%rdi)
+        vmovdqu	%ymm5, 2784(%rdi)
+        vmovdqu	2816(%rdi), %ymm0
+        vmovdqu	2848(%rdi), %ymm1
+        vpsrad	$31, %ymm0, %ymm2
+        vpsrad	$31, %ymm1, %ymm3
+        vpand	%ymm8, %ymm2, %ymm2
+        vpand	%ymm8, %ymm3, %ymm3
+        vpaddd	%ymm2, %ymm0, %ymm0
+        vpaddd	%ymm3, %ymm1, %ymm1
+        vpmulld	%ymm12, %ymm0, %ymm4
+        vpmulld	%ymm12, %ymm1, %ymm5
+        vpaddd	%ymm11, %ymm4, %ymm4
+        vpaddd	%ymm11, %ymm5, %ymm5
+        vpsrld	$23, %ymm4, %ymm4
+        vpsrld	$23, %ymm5, %ymm5
+        vpmulld	%ymm10, %ymm4, %ymm2
+        vpmulld	%ymm10, %ymm5, %ymm3
+        vpsubd	%ymm2, %ymm0, %ymm2
+        vpsubd	%ymm3, %ymm1, %ymm3
+        vpsubd	%ymm2, %ymm9, %ymm2
+        vpsubd	%ymm3, %ymm9, %ymm3
+        vpsrld	$31, %ymm2, %ymm2
+        vpsrld	$31, %ymm3, %ymm3
+        vpaddd	%ymm2, %ymm4, %ymm4
+        vpaddd	%ymm3, %ymm5, %ymm5
+        vpmulld	%ymm10, %ymm4, %ymm2
+        vpmulld	%ymm10, %ymm5, %ymm3
+        vpsubd	%ymm2, %ymm0, %ymm2
+        vpsubd	%ymm3, %ymm1, %ymm3
+        vpcmpeqd	%ymm12, %ymm4, %ymm0
+        vpcmpeqd	%ymm12, %ymm5, %ymm1
+        vpaddd	%ymm0, %ymm2, %ymm2
+        vpaddd	%ymm1, %ymm3, %ymm3
+        vpcmpgtd	%ymm4, %ymm12, %ymm0
+        vpcmpgtd	%ymm5, %ymm12, %ymm1
+        vpand	%ymm0, %ymm4, %ymm4
+        vpand	%ymm1, %ymm5, %ymm5
+        movq	$0x01, %r9
+        xorq	%r10, %r10
+        xorq	%rcx, %rcx
+L_mldsa_use_hint_88_avx2_hints_next_2_12:
+        cmp	%dl, %al
+        jge	L_mldsa_use_hint_88_avx2_hints_done_2_12
+        mov	%r8b, %cl
+        sub	$0xc0, %cl
+        cmpq	$16, %rcx
+        jge	L_mldsa_use_hint_88_avx2_hints_done_2_12
+        mov	%r9, %r11
+        shlq	%cl, %r11
+        orq	%r11, %r10
+        inc	%al
+        mov	(%rsi,%rax,1), %r8b
+        jmp	L_mldsa_use_hint_88_avx2_hints_next_2_12
+L_mldsa_use_hint_88_avx2_hints_done_2_12:
+        movd	%r10d, %xmm6
+        shr	$8, %r10
+        movd	%r10d, %xmm7
+        vpbroadcastd	%xmm6, %ymm6
+        vpbroadcastd	%xmm7, %ymm7
+        vpsllvd	%ymm13, %ymm6, %ymm6
+        vpsllvd	%ymm13, %ymm7, %ymm7
+        vpsrad	$31, %ymm6, %ymm6
+        vpsrad	$31, %ymm7, %ymm7
+        vpsrld	$31, %ymm2, %ymm2
+        vpsrld	$31, %ymm3, %ymm3
+        vpslld	$0x01, %ymm2, %ymm2
+        vpslld	$0x01, %ymm3, %ymm3
+        vpsubd	%ymm2, %ymm14, %ymm2
+        vpsubd	%ymm3, %ymm14, %ymm3
+        vpand	%ymm6, %ymm2, %ymm2
+        vpand	%ymm7, %ymm3, %ymm3
+        vpaddd	%ymm2, %ymm4, %ymm4
+        vpaddd	%ymm3, %ymm5, %ymm5
+        vpcmpgtd	%ymm4, %ymm12, %ymm0
+        vpcmpgtd	%ymm5, %ymm12, %ymm1
+        vpand	%ymm0, %ymm4, %ymm4
+        vpand	%ymm1, %ymm5, %ymm5
+        vpsrad	$31, %ymm4, %ymm0
+        vpsrad	$31, %ymm5, %ymm1
+        vpand	%ymm12, %ymm0, %ymm0
+        vpand	%ymm12, %ymm1, %ymm1
+        vpaddd	%ymm0, %ymm4, %ymm4
+        vpaddd	%ymm1, %ymm5, %ymm5
+        vmovdqu	%ymm4, 2816(%rdi)
+        vmovdqu	%ymm5, 2848(%rdi)
+        vmovdqu	2880(%rdi), %ymm0
+        vmovdqu	2912(%rdi), %ymm1
+        vpsrad	$31, %ymm0, %ymm2
+        vpsrad	$31, %ymm1, %ymm3
+        vpand	%ymm8, %ymm2, %ymm2
+        vpand	%ymm8, %ymm3, %ymm3
+        vpaddd	%ymm2, %ymm0, %ymm0
+        vpaddd	%ymm3, %ymm1, %ymm1
+        vpmulld	%ymm12, %ymm0, %ymm4
+        vpmulld	%ymm12, %ymm1, %ymm5
+        vpaddd	%ymm11, %ymm4, %ymm4
+        vpaddd	%ymm11, %ymm5, %ymm5
+        vpsrld	$23, %ymm4, %ymm4
+        vpsrld	$23, %ymm5, %ymm5
+        vpmulld	%ymm10, %ymm4, %ymm2
+        vpmulld	%ymm10, %ymm5, %ymm3
+        vpsubd	%ymm2, %ymm0, %ymm2
+        vpsubd	%ymm3, %ymm1, %ymm3
+        vpsubd	%ymm2, %ymm9, %ymm2
+        vpsubd	%ymm3, %ymm9, %ymm3
+        vpsrld	$31, %ymm2, %ymm2
+        vpsrld	$31, %ymm3, %ymm3
+        vpaddd	%ymm2, %ymm4, %ymm4
+        vpaddd	%ymm3, %ymm5, %ymm5
+        vpmulld	%ymm10, %ymm4, %ymm2
+        vpmulld	%ymm10, %ymm5, %ymm3
+        vpsubd	%ymm2, %ymm0, %ymm2
+        vpsubd	%ymm3, %ymm1, %ymm3
+        vpcmpeqd	%ymm12, %ymm4, %ymm0
+        vpcmpeqd	%ymm12, %ymm5, %ymm1
+        vpaddd	%ymm0, %ymm2, %ymm2
+        vpaddd	%ymm1, %ymm3, %ymm3
+        vpcmpgtd	%ymm4, %ymm12, %ymm0
+        vpcmpgtd	%ymm5, %ymm12, %ymm1
+        vpand	%ymm0, %ymm4, %ymm4
+        vpand	%ymm1, %ymm5, %ymm5
+        movq	$0x01, %r9
+        xorq	%r10, %r10
+        xorq	%rcx, %rcx
+L_mldsa_use_hint_88_avx2_hints_next_2_13:
+        cmp	%dl, %al
+        jge	L_mldsa_use_hint_88_avx2_hints_done_2_13
+        mov	%r8b, %cl
+        sub	$0xd0, %cl
+        cmpq	$16, %rcx
+        jge	L_mldsa_use_hint_88_avx2_hints_done_2_13
+        mov	%r9, %r11
+        shlq	%cl, %r11
+        orq	%r11, %r10
+        inc	%al
+        mov	(%rsi,%rax,1), %r8b
+        jmp	L_mldsa_use_hint_88_avx2_hints_next_2_13
+L_mldsa_use_hint_88_avx2_hints_done_2_13:
+        movd	%r10d, %xmm6
+        shr	$8, %r10
+        movd	%r10d, %xmm7
+        vpbroadcastd	%xmm6, %ymm6
+        vpbroadcastd	%xmm7, %ymm7
+        vpsllvd	%ymm13, %ymm6, %ymm6
+        vpsllvd	%ymm13, %ymm7, %ymm7
+        vpsrad	$31, %ymm6, %ymm6
+        vpsrad	$31, %ymm7, %ymm7
+        vpsrld	$31, %ymm2, %ymm2
+        vpsrld	$31, %ymm3, %ymm3
+        vpslld	$0x01, %ymm2, %ymm2
+        vpslld	$0x01, %ymm3, %ymm3
+        vpsubd	%ymm2, %ymm14, %ymm2
+        vpsubd	%ymm3, %ymm14, %ymm3
+        vpand	%ymm6, %ymm2, %ymm2
+        vpand	%ymm7, %ymm3, %ymm3
+        vpaddd	%ymm2, %ymm4, %ymm4
+        vpaddd	%ymm3, %ymm5, %ymm5
+        vpcmpgtd	%ymm4, %ymm12, %ymm0
+        vpcmpgtd	%ymm5, %ymm12, %ymm1
+        vpand	%ymm0, %ymm4, %ymm4
+        vpand	%ymm1, %ymm5, %ymm5
+        vpsrad	$31, %ymm4, %ymm0
+        vpsrad	$31, %ymm5, %ymm1
+        vpand	%ymm12, %ymm0, %ymm0
+        vpand	%ymm12, %ymm1, %ymm1
+        vpaddd	%ymm0, %ymm4, %ymm4
+        vpaddd	%ymm1, %ymm5, %ymm5
+        vmovdqu	%ymm4, 2880(%rdi)
+        vmovdqu	%ymm5, 2912(%rdi)
+        vmovdqu	2944(%rdi), %ymm0
+        vmovdqu	2976(%rdi), %ymm1
+        vpsrad	$31, %ymm0, %ymm2
+        vpsrad	$31, %ymm1, %ymm3
+        vpand	%ymm8, %ymm2, %ymm2
+        vpand	%ymm8, %ymm3, %ymm3
+        vpaddd	%ymm2, %ymm0, %ymm0
+        vpaddd	%ymm3, %ymm1, %ymm1
+        vpmulld	%ymm12, %ymm0, %ymm4
+        vpmulld	%ymm12, %ymm1, %ymm5
+        vpaddd	%ymm11, %ymm4, %ymm4
+        vpaddd	%ymm11, %ymm5, %ymm5
+        vpsrld	$23, %ymm4, %ymm4
+        vpsrld	$23, %ymm5, %ymm5
+        vpmulld	%ymm10, %ymm4, %ymm2
+        vpmulld	%ymm10, %ymm5, %ymm3
+        vpsubd	%ymm2, %ymm0, %ymm2
+        vpsubd	%ymm3, %ymm1, %ymm3
+        vpsubd	%ymm2, %ymm9, %ymm2
+        vpsubd	%ymm3, %ymm9, %ymm3
+        vpsrld	$31, %ymm2, %ymm2
+        vpsrld	$31, %ymm3, %ymm3
+        vpaddd	%ymm2, %ymm4, %ymm4
+        vpaddd	%ymm3, %ymm5, %ymm5
+        vpmulld	%ymm10, %ymm4, %ymm2
+        vpmulld	%ymm10, %ymm5, %ymm3
+        vpsubd	%ymm2, %ymm0, %ymm2
+        vpsubd	%ymm3, %ymm1, %ymm3
+        vpcmpeqd	%ymm12, %ymm4, %ymm0
+        vpcmpeqd	%ymm12, %ymm5, %ymm1
+        vpaddd	%ymm0, %ymm2, %ymm2
+        vpaddd	%ymm1, %ymm3, %ymm3
+        vpcmpgtd	%ymm4, %ymm12, %ymm0
+        vpcmpgtd	%ymm5, %ymm12, %ymm1
+        vpand	%ymm0, %ymm4, %ymm4
+        vpand	%ymm1, %ymm5, %ymm5
+        movq	$0x01, %r9
+        xorq	%r10, %r10
+        xorq	%rcx, %rcx
+L_mldsa_use_hint_88_avx2_hints_next_2_14:
+        cmp	%dl, %al
+        jge	L_mldsa_use_hint_88_avx2_hints_done_2_14
+        mov	%r8b, %cl
+        sub	$0xe0, %cl
+        cmpq	$16, %rcx
+        jge	L_mldsa_use_hint_88_avx2_hints_done_2_14
+        mov	%r9, %r11
+        shlq	%cl, %r11
+        orq	%r11, %r10
+        inc	%al
+        mov	(%rsi,%rax,1), %r8b
+        jmp	L_mldsa_use_hint_88_avx2_hints_next_2_14
+L_mldsa_use_hint_88_avx2_hints_done_2_14:
+        movd	%r10d, %xmm6
+        shr	$8, %r10
+        movd	%r10d, %xmm7
+        vpbroadcastd	%xmm6, %ymm6
+        vpbroadcastd	%xmm7, %ymm7
+        vpsllvd	%ymm13, %ymm6, %ymm6
+        vpsllvd	%ymm13, %ymm7, %ymm7
+        vpsrad	$31, %ymm6, %ymm6
+        vpsrad	$31, %ymm7, %ymm7
+        vpsrld	$31, %ymm2, %ymm2
+        vpsrld	$31, %ymm3, %ymm3
+        vpslld	$0x01, %ymm2, %ymm2
+        vpslld	$0x01, %ymm3, %ymm3
+        vpsubd	%ymm2, %ymm14, %ymm2
+        vpsubd	%ymm3, %ymm14, %ymm3
+        vpand	%ymm6, %ymm2, %ymm2
+        vpand	%ymm7, %ymm3, %ymm3
+        vpaddd	%ymm2, %ymm4, %ymm4
+        vpaddd	%ymm3, %ymm5, %ymm5
+        vpcmpgtd	%ymm4, %ymm12, %ymm0
+        vpcmpgtd	%ymm5, %ymm12, %ymm1
+        vpand	%ymm0, %ymm4, %ymm4
+        vpand	%ymm1, %ymm5, %ymm5
+        vpsrad	$31, %ymm4, %ymm0
+        vpsrad	$31, %ymm5, %ymm1
+        vpand	%ymm12, %ymm0, %ymm0
+        vpand	%ymm12, %ymm1, %ymm1
+        vpaddd	%ymm0, %ymm4, %ymm4
+        vpaddd	%ymm1, %ymm5, %ymm5
+        vmovdqu	%ymm4, 2944(%rdi)
+        vmovdqu	%ymm5, 2976(%rdi)
+        vmovdqu	3008(%rdi), %ymm0
+        vmovdqu	3040(%rdi), %ymm1
+        vpsrad	$31, %ymm0, %ymm2
+        vpsrad	$31, %ymm1, %ymm3
+        vpand	%ymm8, %ymm2, %ymm2
+        vpand	%ymm8, %ymm3, %ymm3
+        vpaddd	%ymm2, %ymm0, %ymm0
+        vpaddd	%ymm3, %ymm1, %ymm1
+        vpmulld	%ymm12, %ymm0, %ymm4
+        vpmulld	%ymm12, %ymm1, %ymm5
+        vpaddd	%ymm11, %ymm4, %ymm4
+        vpaddd	%ymm11, %ymm5, %ymm5
+        vpsrld	$23, %ymm4, %ymm4
+        vpsrld	$23, %ymm5, %ymm5
+        vpmulld	%ymm10, %ymm4, %ymm2
+        vpmulld	%ymm10, %ymm5, %ymm3
+        vpsubd	%ymm2, %ymm0, %ymm2
+        vpsubd	%ymm3, %ymm1, %ymm3
+        vpsubd	%ymm2, %ymm9, %ymm2
+        vpsubd	%ymm3, %ymm9, %ymm3
+        vpsrld	$31, %ymm2, %ymm2
+        vpsrld	$31, %ymm3, %ymm3
+        vpaddd	%ymm2, %ymm4, %ymm4
+        vpaddd	%ymm3, %ymm5, %ymm5
+        vpmulld	%ymm10, %ymm4, %ymm2
+        vpmulld	%ymm10, %ymm5, %ymm3
+        vpsubd	%ymm2, %ymm0, %ymm2
+        vpsubd	%ymm3, %ymm1, %ymm3
+        vpcmpeqd	%ymm12, %ymm4, %ymm0
+        vpcmpeqd	%ymm12, %ymm5, %ymm1
+        vpaddd	%ymm0, %ymm2, %ymm2
+        vpaddd	%ymm1, %ymm3, %ymm3
+        vpcmpgtd	%ymm4, %ymm12, %ymm0
+        vpcmpgtd	%ymm5, %ymm12, %ymm1
+        vpand	%ymm0, %ymm4, %ymm4
+        vpand	%ymm1, %ymm5, %ymm5
+        movq	$0x01, %r9
+        xorq	%r10, %r10
+        xorq	%rcx, %rcx
+L_mldsa_use_hint_88_avx2_hints_next_2_15:
+        cmp	%dl, %al
+        jge	L_mldsa_use_hint_88_avx2_hints_done_2_15
+        mov	%r8b, %cl
+        sub	$0xf0, %cl
+        cmpq	$16, %rcx
+        jge	L_mldsa_use_hint_88_avx2_hints_done_2_15
+        mov	%r9, %r11
+        shlq	%cl, %r11
+        orq	%r11, %r10
+        inc	%al
+        mov	(%rsi,%rax,1), %r8b
+        jmp	L_mldsa_use_hint_88_avx2_hints_next_2_15
+L_mldsa_use_hint_88_avx2_hints_done_2_15:
+        movd	%r10d, %xmm6
+        shr	$8, %r10
+        movd	%r10d, %xmm7
+        vpbroadcastd	%xmm6, %ymm6
+        vpbroadcastd	%xmm7, %ymm7
+        vpsllvd	%ymm13, %ymm6, %ymm6
+        vpsllvd	%ymm13, %ymm7, %ymm7
+        vpsrad	$31, %ymm6, %ymm6
+        vpsrad	$31, %ymm7, %ymm7
+        vpsrld	$31, %ymm2, %ymm2
+        vpsrld	$31, %ymm3, %ymm3
+        vpslld	$0x01, %ymm2, %ymm2
+        vpslld	$0x01, %ymm3, %ymm3
+        vpsubd	%ymm2, %ymm14, %ymm2
+        vpsubd	%ymm3, %ymm14, %ymm3
+        vpand	%ymm6, %ymm2, %ymm2
+        vpand	%ymm7, %ymm3, %ymm3
+        vpaddd	%ymm2, %ymm4, %ymm4
+        vpaddd	%ymm3, %ymm5, %ymm5
+        vpcmpgtd	%ymm4, %ymm12, %ymm0
+        vpcmpgtd	%ymm5, %ymm12, %ymm1
+        vpand	%ymm0, %ymm4, %ymm4
+        vpand	%ymm1, %ymm5, %ymm5
+        vpsrad	$31, %ymm4, %ymm0
+        vpsrad	$31, %ymm5, %ymm1
+        vpand	%ymm12, %ymm0, %ymm0
+        vpand	%ymm12, %ymm1, %ymm1
+        vpaddd	%ymm0, %ymm4, %ymm4
+        vpaddd	%ymm1, %ymm5, %ymm5
+        vmovdqu	%ymm4, 3008(%rdi)
+        vmovdqu	%ymm5, 3040(%rdi)
+        # 4/4 vectors
+        mov	83(%rsi), %dl
+        vmovdqu	3072(%rdi), %ymm0
+        vmovdqu	3104(%rdi), %ymm1
+        vpsrad	$31, %ymm0, %ymm2
+        vpsrad	$31, %ymm1, %ymm3
+        vpand	%ymm8, %ymm2, %ymm2
+        vpand	%ymm8, %ymm3, %ymm3
+        vpaddd	%ymm2, %ymm0, %ymm0
+        vpaddd	%ymm3, %ymm1, %ymm1
+        vpmulld	%ymm12, %ymm0, %ymm4
+        vpmulld	%ymm12, %ymm1, %ymm5
+        vpaddd	%ymm11, %ymm4, %ymm4
+        vpaddd	%ymm11, %ymm5, %ymm5
+        vpsrld	$23, %ymm4, %ymm4
+        vpsrld	$23, %ymm5, %ymm5
+        vpmulld	%ymm10, %ymm4, %ymm2
+        vpmulld	%ymm10, %ymm5, %ymm3
+        vpsubd	%ymm2, %ymm0, %ymm2
+        vpsubd	%ymm3, %ymm1, %ymm3
+        vpsubd	%ymm2, %ymm9, %ymm2
+        vpsubd	%ymm3, %ymm9, %ymm3
+        vpsrld	$31, %ymm2, %ymm2
+        vpsrld	$31, %ymm3, %ymm3
+        vpaddd	%ymm2, %ymm4, %ymm4
+        vpaddd	%ymm3, %ymm5, %ymm5
+        vpmulld	%ymm10, %ymm4, %ymm2
+        vpmulld	%ymm10, %ymm5, %ymm3
+        vpsubd	%ymm2, %ymm0, %ymm2
+        vpsubd	%ymm3, %ymm1, %ymm3
+        vpcmpeqd	%ymm12, %ymm4, %ymm0
+        vpcmpeqd	%ymm12, %ymm5, %ymm1
+        vpaddd	%ymm0, %ymm2, %ymm2
+        vpaddd	%ymm1, %ymm3, %ymm3
+        vpcmpgtd	%ymm4, %ymm12, %ymm0
+        vpcmpgtd	%ymm5, %ymm12, %ymm1
+        vpand	%ymm0, %ymm4, %ymm4
+        vpand	%ymm1, %ymm5, %ymm5
+        movq	$0x01, %r9
+        xorq	%r10, %r10
+        xorq	%rcx, %rcx
+L_mldsa_use_hint_88_avx2_hints_next_3_0:
+        cmp	%dl, %al
+        jge	L_mldsa_use_hint_88_avx2_hints_done_3_0
+        mov	%r8b, %cl
+        cmpq	$16, %rcx
+        jge	L_mldsa_use_hint_88_avx2_hints_done_3_0
+        mov	%r9, %r11
+        shlq	%cl, %r11
+        orq	%r11, %r10
+        inc	%al
+        mov	(%rsi,%rax,1), %r8b
+        jmp	L_mldsa_use_hint_88_avx2_hints_next_3_0
+L_mldsa_use_hint_88_avx2_hints_done_3_0:
+        movd	%r10d, %xmm6
+        shr	$8, %r10
+        movd	%r10d, %xmm7
+        vpbroadcastd	%xmm6, %ymm6
+        vpbroadcastd	%xmm7, %ymm7
+        vpsllvd	%ymm13, %ymm6, %ymm6
+        vpsllvd	%ymm13, %ymm7, %ymm7
+        vpsrad	$31, %ymm6, %ymm6
+        vpsrad	$31, %ymm7, %ymm7
+        vpsrld	$31, %ymm2, %ymm2
+        vpsrld	$31, %ymm3, %ymm3
+        vpslld	$0x01, %ymm2, %ymm2
+        vpslld	$0x01, %ymm3, %ymm3
+        vpsubd	%ymm2, %ymm14, %ymm2
+        vpsubd	%ymm3, %ymm14, %ymm3
+        vpand	%ymm6, %ymm2, %ymm2
+        vpand	%ymm7, %ymm3, %ymm3
+        vpaddd	%ymm2, %ymm4, %ymm4
+        vpaddd	%ymm3, %ymm5, %ymm5
+        vpcmpgtd	%ymm4, %ymm12, %ymm0
+        vpcmpgtd	%ymm5, %ymm12, %ymm1
+        vpand	%ymm0, %ymm4, %ymm4
+        vpand	%ymm1, %ymm5, %ymm5
+        vpsrad	$31, %ymm4, %ymm0
+        vpsrad	$31, %ymm5, %ymm1
+        vpand	%ymm12, %ymm0, %ymm0
+        vpand	%ymm12, %ymm1, %ymm1
+        vpaddd	%ymm0, %ymm4, %ymm4
+        vpaddd	%ymm1, %ymm5, %ymm5
+        vmovdqu	%ymm4, 3072(%rdi)
+        vmovdqu	%ymm5, 3104(%rdi)
+        vmovdqu	3136(%rdi), %ymm0
+        vmovdqu	3168(%rdi), %ymm1
+        vpsrad	$31, %ymm0, %ymm2
+        vpsrad	$31, %ymm1, %ymm3
+        vpand	%ymm8, %ymm2, %ymm2
+        vpand	%ymm8, %ymm3, %ymm3
+        vpaddd	%ymm2, %ymm0, %ymm0
+        vpaddd	%ymm3, %ymm1, %ymm1
+        vpmulld	%ymm12, %ymm0, %ymm4
+        vpmulld	%ymm12, %ymm1, %ymm5
+        vpaddd	%ymm11, %ymm4, %ymm4
+        vpaddd	%ymm11, %ymm5, %ymm5
+        vpsrld	$23, %ymm4, %ymm4
+        vpsrld	$23, %ymm5, %ymm5
+        vpmulld	%ymm10, %ymm4, %ymm2
+        vpmulld	%ymm10, %ymm5, %ymm3
+        vpsubd	%ymm2, %ymm0, %ymm2
+        vpsubd	%ymm3, %ymm1, %ymm3
+        vpsubd	%ymm2, %ymm9, %ymm2
+        vpsubd	%ymm3, %ymm9, %ymm3
+        vpsrld	$31, %ymm2, %ymm2
+        vpsrld	$31, %ymm3, %ymm3
+        vpaddd	%ymm2, %ymm4, %ymm4
+        vpaddd	%ymm3, %ymm5, %ymm5
+        vpmulld	%ymm10, %ymm4, %ymm2
+        vpmulld	%ymm10, %ymm5, %ymm3
+        vpsubd	%ymm2, %ymm0, %ymm2
+        vpsubd	%ymm3, %ymm1, %ymm3
+        vpcmpeqd	%ymm12, %ymm4, %ymm0
+        vpcmpeqd	%ymm12, %ymm5, %ymm1
+        vpaddd	%ymm0, %ymm2, %ymm2
+        vpaddd	%ymm1, %ymm3, %ymm3
+        vpcmpgtd	%ymm4, %ymm12, %ymm0
+        vpcmpgtd	%ymm5, %ymm12, %ymm1
+        vpand	%ymm0, %ymm4, %ymm4
+        vpand	%ymm1, %ymm5, %ymm5
+        movq	$0x01, %r9
+        xorq	%r10, %r10
+        xorq	%rcx, %rcx
+L_mldsa_use_hint_88_avx2_hints_next_3_1:
+        cmp	%dl, %al
+        jge	L_mldsa_use_hint_88_avx2_hints_done_3_1
+        mov	%r8b, %cl
+        sub	$16, %cl
+        cmpq	$16, %rcx
+        jge	L_mldsa_use_hint_88_avx2_hints_done_3_1
+        mov	%r9, %r11
+        shlq	%cl, %r11
+        orq	%r11, %r10
+        inc	%al
+        mov	(%rsi,%rax,1), %r8b
+        jmp	L_mldsa_use_hint_88_avx2_hints_next_3_1
+L_mldsa_use_hint_88_avx2_hints_done_3_1:
+        movd	%r10d, %xmm6
+        shr	$8, %r10
+        movd	%r10d, %xmm7
+        vpbroadcastd	%xmm6, %ymm6
+        vpbroadcastd	%xmm7, %ymm7
+        vpsllvd	%ymm13, %ymm6, %ymm6
+        vpsllvd	%ymm13, %ymm7, %ymm7
+        vpsrad	$31, %ymm6, %ymm6
+        vpsrad	$31, %ymm7, %ymm7
+        vpsrld	$31, %ymm2, %ymm2
+        vpsrld	$31, %ymm3, %ymm3
+        vpslld	$0x01, %ymm2, %ymm2
+        vpslld	$0x01, %ymm3, %ymm3
+        vpsubd	%ymm2, %ymm14, %ymm2
+        vpsubd	%ymm3, %ymm14, %ymm3
+        vpand	%ymm6, %ymm2, %ymm2
+        vpand	%ymm7, %ymm3, %ymm3
+        vpaddd	%ymm2, %ymm4, %ymm4
+        vpaddd	%ymm3, %ymm5, %ymm5
+        vpcmpgtd	%ymm4, %ymm12, %ymm0
+        vpcmpgtd	%ymm5, %ymm12, %ymm1
+        vpand	%ymm0, %ymm4, %ymm4
+        vpand	%ymm1, %ymm5, %ymm5
+        vpsrad	$31, %ymm4, %ymm0
+        vpsrad	$31, %ymm5, %ymm1
+        vpand	%ymm12, %ymm0, %ymm0
+        vpand	%ymm12, %ymm1, %ymm1
+        vpaddd	%ymm0, %ymm4, %ymm4
+        vpaddd	%ymm1, %ymm5, %ymm5
+        vmovdqu	%ymm4, 3136(%rdi)
+        vmovdqu	%ymm5, 3168(%rdi)
+        vmovdqu	3200(%rdi), %ymm0
+        vmovdqu	3232(%rdi), %ymm1
+        vpsrad	$31, %ymm0, %ymm2
+        vpsrad	$31, %ymm1, %ymm3
+        vpand	%ymm8, %ymm2, %ymm2
+        vpand	%ymm8, %ymm3, %ymm3
+        vpaddd	%ymm2, %ymm0, %ymm0
+        vpaddd	%ymm3, %ymm1, %ymm1
+        vpmulld	%ymm12, %ymm0, %ymm4
+        vpmulld	%ymm12, %ymm1, %ymm5
+        vpaddd	%ymm11, %ymm4, %ymm4
+        vpaddd	%ymm11, %ymm5, %ymm5
+        vpsrld	$23, %ymm4, %ymm4
+        vpsrld	$23, %ymm5, %ymm5
+        vpmulld	%ymm10, %ymm4, %ymm2
+        vpmulld	%ymm10, %ymm5, %ymm3
+        vpsubd	%ymm2, %ymm0, %ymm2
+        vpsubd	%ymm3, %ymm1, %ymm3
+        vpsubd	%ymm2, %ymm9, %ymm2
+        vpsubd	%ymm3, %ymm9, %ymm3
+        vpsrld	$31, %ymm2, %ymm2
+        vpsrld	$31, %ymm3, %ymm3
+        vpaddd	%ymm2, %ymm4, %ymm4
+        vpaddd	%ymm3, %ymm5, %ymm5
+        vpmulld	%ymm10, %ymm4, %ymm2
+        vpmulld	%ymm10, %ymm5, %ymm3
+        vpsubd	%ymm2, %ymm0, %ymm2
+        vpsubd	%ymm3, %ymm1, %ymm3
+        vpcmpeqd	%ymm12, %ymm4, %ymm0
+        vpcmpeqd	%ymm12, %ymm5, %ymm1
+        vpaddd	%ymm0, %ymm2, %ymm2
+        vpaddd	%ymm1, %ymm3, %ymm3
+        vpcmpgtd	%ymm4, %ymm12, %ymm0
+        vpcmpgtd	%ymm5, %ymm12, %ymm1
+        vpand	%ymm0, %ymm4, %ymm4
+        vpand	%ymm1, %ymm5, %ymm5
+        movq	$0x01, %r9
+        xorq	%r10, %r10
+        xorq	%rcx, %rcx
+L_mldsa_use_hint_88_avx2_hints_next_3_2:
+        cmp	%dl, %al
+        jge	L_mldsa_use_hint_88_avx2_hints_done_3_2
+        mov	%r8b, %cl
+        sub	$32, %cl
+        cmpq	$16, %rcx
+        jge	L_mldsa_use_hint_88_avx2_hints_done_3_2
+        mov	%r9, %r11
+        shlq	%cl, %r11
+        orq	%r11, %r10
+        inc	%al
+        mov	(%rsi,%rax,1), %r8b
+        jmp	L_mldsa_use_hint_88_avx2_hints_next_3_2
+L_mldsa_use_hint_88_avx2_hints_done_3_2:
+        movd	%r10d, %xmm6
+        shr	$8, %r10
+        movd	%r10d, %xmm7
+        vpbroadcastd	%xmm6, %ymm6
+        vpbroadcastd	%xmm7, %ymm7
+        vpsllvd	%ymm13, %ymm6, %ymm6
+        vpsllvd	%ymm13, %ymm7, %ymm7
+        vpsrad	$31, %ymm6, %ymm6
+        vpsrad	$31, %ymm7, %ymm7
+        vpsrld	$31, %ymm2, %ymm2
+        vpsrld	$31, %ymm3, %ymm3
+        vpslld	$0x01, %ymm2, %ymm2
+        vpslld	$0x01, %ymm3, %ymm3
+        vpsubd	%ymm2, %ymm14, %ymm2
+        vpsubd	%ymm3, %ymm14, %ymm3
+        vpand	%ymm6, %ymm2, %ymm2
+        vpand	%ymm7, %ymm3, %ymm3
+        vpaddd	%ymm2, %ymm4, %ymm4
+        vpaddd	%ymm3, %ymm5, %ymm5
+        vpcmpgtd	%ymm4, %ymm12, %ymm0
+        vpcmpgtd	%ymm5, %ymm12, %ymm1
+        vpand	%ymm0, %ymm4, %ymm4
+        vpand	%ymm1, %ymm5, %ymm5
+        vpsrad	$31, %ymm4, %ymm0
+        vpsrad	$31, %ymm5, %ymm1
+        vpand	%ymm12, %ymm0, %ymm0
+        vpand	%ymm12, %ymm1, %ymm1
+        vpaddd	%ymm0, %ymm4, %ymm4
+        vpaddd	%ymm1, %ymm5, %ymm5
+        vmovdqu	%ymm4, 3200(%rdi)
+        vmovdqu	%ymm5, 3232(%rdi)
+        vmovdqu	3264(%rdi), %ymm0
+        vmovdqu	3296(%rdi), %ymm1
+        vpsrad	$31, %ymm0, %ymm2
+        vpsrad	$31, %ymm1, %ymm3
+        vpand	%ymm8, %ymm2, %ymm2
+        vpand	%ymm8, %ymm3, %ymm3
+        vpaddd	%ymm2, %ymm0, %ymm0
+        vpaddd	%ymm3, %ymm1, %ymm1
+        vpmulld	%ymm12, %ymm0, %ymm4
+        vpmulld	%ymm12, %ymm1, %ymm5
+        vpaddd	%ymm11, %ymm4, %ymm4
+        vpaddd	%ymm11, %ymm5, %ymm5
+        vpsrld	$23, %ymm4, %ymm4
+        vpsrld	$23, %ymm5, %ymm5
+        vpmulld	%ymm10, %ymm4, %ymm2
+        vpmulld	%ymm10, %ymm5, %ymm3
+        vpsubd	%ymm2, %ymm0, %ymm2
+        vpsubd	%ymm3, %ymm1, %ymm3
+        vpsubd	%ymm2, %ymm9, %ymm2
+        vpsubd	%ymm3, %ymm9, %ymm3
+        vpsrld	$31, %ymm2, %ymm2
+        vpsrld	$31, %ymm3, %ymm3
+        vpaddd	%ymm2, %ymm4, %ymm4
+        vpaddd	%ymm3, %ymm5, %ymm5
+        vpmulld	%ymm10, %ymm4, %ymm2
+        vpmulld	%ymm10, %ymm5, %ymm3
+        vpsubd	%ymm2, %ymm0, %ymm2
+        vpsubd	%ymm3, %ymm1, %ymm3
+        vpcmpeqd	%ymm12, %ymm4, %ymm0
+        vpcmpeqd	%ymm12, %ymm5, %ymm1
+        vpaddd	%ymm0, %ymm2, %ymm2
+        vpaddd	%ymm1, %ymm3, %ymm3
+        vpcmpgtd	%ymm4, %ymm12, %ymm0
+        vpcmpgtd	%ymm5, %ymm12, %ymm1
+        vpand	%ymm0, %ymm4, %ymm4
+        vpand	%ymm1, %ymm5, %ymm5
+        movq	$0x01, %r9
+        xorq	%r10, %r10
+        xorq	%rcx, %rcx
+L_mldsa_use_hint_88_avx2_hints_next_3_3:
+        cmp	%dl, %al
+        jge	L_mldsa_use_hint_88_avx2_hints_done_3_3
+        mov	%r8b, %cl
+        sub	$48, %cl
+        cmpq	$16, %rcx
+        jge	L_mldsa_use_hint_88_avx2_hints_done_3_3
+        mov	%r9, %r11
+        shlq	%cl, %r11
+        orq	%r11, %r10
+        inc	%al
+        mov	(%rsi,%rax,1), %r8b
+        jmp	L_mldsa_use_hint_88_avx2_hints_next_3_3
+L_mldsa_use_hint_88_avx2_hints_done_3_3:
+        movd	%r10d, %xmm6
+        shr	$8, %r10
+        movd	%r10d, %xmm7
+        vpbroadcastd	%xmm6, %ymm6
+        vpbroadcastd	%xmm7, %ymm7
+        vpsllvd	%ymm13, %ymm6, %ymm6
+        vpsllvd	%ymm13, %ymm7, %ymm7
+        vpsrad	$31, %ymm6, %ymm6
+        vpsrad	$31, %ymm7, %ymm7
+        vpsrld	$31, %ymm2, %ymm2
+        vpsrld	$31, %ymm3, %ymm3
+        vpslld	$0x01, %ymm2, %ymm2
+        vpslld	$0x01, %ymm3, %ymm3
+        vpsubd	%ymm2, %ymm14, %ymm2
+        vpsubd	%ymm3, %ymm14, %ymm3
+        vpand	%ymm6, %ymm2, %ymm2
+        vpand	%ymm7, %ymm3, %ymm3
+        vpaddd	%ymm2, %ymm4, %ymm4
+        vpaddd	%ymm3, %ymm5, %ymm5
+        vpcmpgtd	%ymm4, %ymm12, %ymm0
+        vpcmpgtd	%ymm5, %ymm12, %ymm1
+        vpand	%ymm0, %ymm4, %ymm4
+        vpand	%ymm1, %ymm5, %ymm5
+        vpsrad	$31, %ymm4, %ymm0
+        vpsrad	$31, %ymm5, %ymm1
+        vpand	%ymm12, %ymm0, %ymm0
+        vpand	%ymm12, %ymm1, %ymm1
+        vpaddd	%ymm0, %ymm4, %ymm4
+        vpaddd	%ymm1, %ymm5, %ymm5
+        vmovdqu	%ymm4, 3264(%rdi)
+        vmovdqu	%ymm5, 3296(%rdi)
+        vmovdqu	3328(%rdi), %ymm0
+        vmovdqu	3360(%rdi), %ymm1
+        vpsrad	$31, %ymm0, %ymm2
+        vpsrad	$31, %ymm1, %ymm3
+        vpand	%ymm8, %ymm2, %ymm2
+        vpand	%ymm8, %ymm3, %ymm3
+        vpaddd	%ymm2, %ymm0, %ymm0
+        vpaddd	%ymm3, %ymm1, %ymm1
+        vpmulld	%ymm12, %ymm0, %ymm4
+        vpmulld	%ymm12, %ymm1, %ymm5
+        vpaddd	%ymm11, %ymm4, %ymm4
+        vpaddd	%ymm11, %ymm5, %ymm5
+        vpsrld	$23, %ymm4, %ymm4
+        vpsrld	$23, %ymm5, %ymm5
+        vpmulld	%ymm10, %ymm4, %ymm2
+        vpmulld	%ymm10, %ymm5, %ymm3
+        vpsubd	%ymm2, %ymm0, %ymm2
+        vpsubd	%ymm3, %ymm1, %ymm3
+        vpsubd	%ymm2, %ymm9, %ymm2
+        vpsubd	%ymm3, %ymm9, %ymm3
+        vpsrld	$31, %ymm2, %ymm2
+        vpsrld	$31, %ymm3, %ymm3
+        vpaddd	%ymm2, %ymm4, %ymm4
+        vpaddd	%ymm3, %ymm5, %ymm5
+        vpmulld	%ymm10, %ymm4, %ymm2
+        vpmulld	%ymm10, %ymm5, %ymm3
+        vpsubd	%ymm2, %ymm0, %ymm2
+        vpsubd	%ymm3, %ymm1, %ymm3
+        vpcmpeqd	%ymm12, %ymm4, %ymm0
+        vpcmpeqd	%ymm12, %ymm5, %ymm1
+        vpaddd	%ymm0, %ymm2, %ymm2
+        vpaddd	%ymm1, %ymm3, %ymm3
+        vpcmpgtd	%ymm4, %ymm12, %ymm0
+        vpcmpgtd	%ymm5, %ymm12, %ymm1
+        vpand	%ymm0, %ymm4, %ymm4
+        vpand	%ymm1, %ymm5, %ymm5
+        movq	$0x01, %r9
+        xorq	%r10, %r10
+        xorq	%rcx, %rcx
+L_mldsa_use_hint_88_avx2_hints_next_3_4:
+        cmp	%dl, %al
+        jge	L_mldsa_use_hint_88_avx2_hints_done_3_4
+        mov	%r8b, %cl
+        sub	$0x40, %cl
+        cmpq	$16, %rcx
+        jge	L_mldsa_use_hint_88_avx2_hints_done_3_4
+        mov	%r9, %r11
+        shlq	%cl, %r11
+        orq	%r11, %r10
+        inc	%al
+        mov	(%rsi,%rax,1), %r8b
+        jmp	L_mldsa_use_hint_88_avx2_hints_next_3_4
+L_mldsa_use_hint_88_avx2_hints_done_3_4:
+        movd	%r10d, %xmm6
+        shr	$8, %r10
+        movd	%r10d, %xmm7
+        vpbroadcastd	%xmm6, %ymm6
+        vpbroadcastd	%xmm7, %ymm7
+        vpsllvd	%ymm13, %ymm6, %ymm6
+        vpsllvd	%ymm13, %ymm7, %ymm7
+        vpsrad	$31, %ymm6, %ymm6
+        vpsrad	$31, %ymm7, %ymm7
+        vpsrld	$31, %ymm2, %ymm2
+        vpsrld	$31, %ymm3, %ymm3
+        vpslld	$0x01, %ymm2, %ymm2
+        vpslld	$0x01, %ymm3, %ymm3
+        vpsubd	%ymm2, %ymm14, %ymm2
+        vpsubd	%ymm3, %ymm14, %ymm3
+        vpand	%ymm6, %ymm2, %ymm2
+        vpand	%ymm7, %ymm3, %ymm3
+        vpaddd	%ymm2, %ymm4, %ymm4
+        vpaddd	%ymm3, %ymm5, %ymm5
+        vpcmpgtd	%ymm4, %ymm12, %ymm0
+        vpcmpgtd	%ymm5, %ymm12, %ymm1
+        vpand	%ymm0, %ymm4, %ymm4
+        vpand	%ymm1, %ymm5, %ymm5
+        vpsrad	$31, %ymm4, %ymm0
+        vpsrad	$31, %ymm5, %ymm1
+        vpand	%ymm12, %ymm0, %ymm0
+        vpand	%ymm12, %ymm1, %ymm1
+        vpaddd	%ymm0, %ymm4, %ymm4
+        vpaddd	%ymm1, %ymm5, %ymm5
+        vmovdqu	%ymm4, 3328(%rdi)
+        vmovdqu	%ymm5, 3360(%rdi)
+        vmovdqu	3392(%rdi), %ymm0
+        vmovdqu	3424(%rdi), %ymm1
+        vpsrad	$31, %ymm0, %ymm2
+        vpsrad	$31, %ymm1, %ymm3
+        vpand	%ymm8, %ymm2, %ymm2
+        vpand	%ymm8, %ymm3, %ymm3
+        vpaddd	%ymm2, %ymm0, %ymm0
+        vpaddd	%ymm3, %ymm1, %ymm1
+        vpmulld	%ymm12, %ymm0, %ymm4
+        vpmulld	%ymm12, %ymm1, %ymm5
+        vpaddd	%ymm11, %ymm4, %ymm4
+        vpaddd	%ymm11, %ymm5, %ymm5
+        vpsrld	$23, %ymm4, %ymm4
+        vpsrld	$23, %ymm5, %ymm5
+        vpmulld	%ymm10, %ymm4, %ymm2
+        vpmulld	%ymm10, %ymm5, %ymm3
+        vpsubd	%ymm2, %ymm0, %ymm2
+        vpsubd	%ymm3, %ymm1, %ymm3
+        vpsubd	%ymm2, %ymm9, %ymm2
+        vpsubd	%ymm3, %ymm9, %ymm3
+        vpsrld	$31, %ymm2, %ymm2
+        vpsrld	$31, %ymm3, %ymm3
+        vpaddd	%ymm2, %ymm4, %ymm4
+        vpaddd	%ymm3, %ymm5, %ymm5
+        vpmulld	%ymm10, %ymm4, %ymm2
+        vpmulld	%ymm10, %ymm5, %ymm3
+        vpsubd	%ymm2, %ymm0, %ymm2
+        vpsubd	%ymm3, %ymm1, %ymm3
+        vpcmpeqd	%ymm12, %ymm4, %ymm0
+        vpcmpeqd	%ymm12, %ymm5, %ymm1
+        vpaddd	%ymm0, %ymm2, %ymm2
+        vpaddd	%ymm1, %ymm3, %ymm3
+        vpcmpgtd	%ymm4, %ymm12, %ymm0
+        vpcmpgtd	%ymm5, %ymm12, %ymm1
+        vpand	%ymm0, %ymm4, %ymm4
+        vpand	%ymm1, %ymm5, %ymm5
+        movq	$0x01, %r9
+        xorq	%r10, %r10
+        xorq	%rcx, %rcx
+L_mldsa_use_hint_88_avx2_hints_next_3_5:
+        cmp	%dl, %al
+        jge	L_mldsa_use_hint_88_avx2_hints_done_3_5
+        mov	%r8b, %cl
+        sub	$0x50, %cl
+        cmpq	$16, %rcx
+        jge	L_mldsa_use_hint_88_avx2_hints_done_3_5
+        mov	%r9, %r11
+        shlq	%cl, %r11
+        orq	%r11, %r10
+        inc	%al
+        mov	(%rsi,%rax,1), %r8b
+        jmp	L_mldsa_use_hint_88_avx2_hints_next_3_5
+L_mldsa_use_hint_88_avx2_hints_done_3_5:
+        movd	%r10d, %xmm6
+        shr	$8, %r10
+        movd	%r10d, %xmm7
+        vpbroadcastd	%xmm6, %ymm6
+        vpbroadcastd	%xmm7, %ymm7
+        vpsllvd	%ymm13, %ymm6, %ymm6
+        vpsllvd	%ymm13, %ymm7, %ymm7
+        vpsrad	$31, %ymm6, %ymm6
+        vpsrad	$31, %ymm7, %ymm7
+        vpsrld	$31, %ymm2, %ymm2
+        vpsrld	$31, %ymm3, %ymm3
+        vpslld	$0x01, %ymm2, %ymm2
+        vpslld	$0x01, %ymm3, %ymm3
+        vpsubd	%ymm2, %ymm14, %ymm2
+        vpsubd	%ymm3, %ymm14, %ymm3
+        vpand	%ymm6, %ymm2, %ymm2
+        vpand	%ymm7, %ymm3, %ymm3
+        vpaddd	%ymm2, %ymm4, %ymm4
+        vpaddd	%ymm3, %ymm5, %ymm5
+        vpcmpgtd	%ymm4, %ymm12, %ymm0
+        vpcmpgtd	%ymm5, %ymm12, %ymm1
+        vpand	%ymm0, %ymm4, %ymm4
+        vpand	%ymm1, %ymm5, %ymm5
+        vpsrad	$31, %ymm4, %ymm0
+        vpsrad	$31, %ymm5, %ymm1
+        vpand	%ymm12, %ymm0, %ymm0
+        vpand	%ymm12, %ymm1, %ymm1
+        vpaddd	%ymm0, %ymm4, %ymm4
+        vpaddd	%ymm1, %ymm5, %ymm5
+        vmovdqu	%ymm4, 3392(%rdi)
+        vmovdqu	%ymm5, 3424(%rdi)
+        vmovdqu	3456(%rdi), %ymm0
+        vmovdqu	3488(%rdi), %ymm1
+        vpsrad	$31, %ymm0, %ymm2
+        vpsrad	$31, %ymm1, %ymm3
+        vpand	%ymm8, %ymm2, %ymm2
+        vpand	%ymm8, %ymm3, %ymm3
+        vpaddd	%ymm2, %ymm0, %ymm0
+        vpaddd	%ymm3, %ymm1, %ymm1
+        vpmulld	%ymm12, %ymm0, %ymm4
+        vpmulld	%ymm12, %ymm1, %ymm5
+        vpaddd	%ymm11, %ymm4, %ymm4
+        vpaddd	%ymm11, %ymm5, %ymm5
+        vpsrld	$23, %ymm4, %ymm4
+        vpsrld	$23, %ymm5, %ymm5
+        vpmulld	%ymm10, %ymm4, %ymm2
+        vpmulld	%ymm10, %ymm5, %ymm3
+        vpsubd	%ymm2, %ymm0, %ymm2
+        vpsubd	%ymm3, %ymm1, %ymm3
+        vpsubd	%ymm2, %ymm9, %ymm2
+        vpsubd	%ymm3, %ymm9, %ymm3
+        vpsrld	$31, %ymm2, %ymm2
+        vpsrld	$31, %ymm3, %ymm3
+        vpaddd	%ymm2, %ymm4, %ymm4
+        vpaddd	%ymm3, %ymm5, %ymm5
+        vpmulld	%ymm10, %ymm4, %ymm2
+        vpmulld	%ymm10, %ymm5, %ymm3
+        vpsubd	%ymm2, %ymm0, %ymm2
+        vpsubd	%ymm3, %ymm1, %ymm3
+        vpcmpeqd	%ymm12, %ymm4, %ymm0
+        vpcmpeqd	%ymm12, %ymm5, %ymm1
+        vpaddd	%ymm0, %ymm2, %ymm2
+        vpaddd	%ymm1, %ymm3, %ymm3
+        vpcmpgtd	%ymm4, %ymm12, %ymm0
+        vpcmpgtd	%ymm5, %ymm12, %ymm1
+        vpand	%ymm0, %ymm4, %ymm4
+        vpand	%ymm1, %ymm5, %ymm5
+        movq	$0x01, %r9
+        xorq	%r10, %r10
+        xorq	%rcx, %rcx
+L_mldsa_use_hint_88_avx2_hints_next_3_6:
+        cmp	%dl, %al
+        jge	L_mldsa_use_hint_88_avx2_hints_done_3_6
+        mov	%r8b, %cl
+        sub	$0x60, %cl
+        cmpq	$16, %rcx
+        jge	L_mldsa_use_hint_88_avx2_hints_done_3_6
+        mov	%r9, %r11
+        shlq	%cl, %r11
+        orq	%r11, %r10
+        inc	%al
+        mov	(%rsi,%rax,1), %r8b
+        jmp	L_mldsa_use_hint_88_avx2_hints_next_3_6
+L_mldsa_use_hint_88_avx2_hints_done_3_6:
+        movd	%r10d, %xmm6
+        shr	$8, %r10
+        movd	%r10d, %xmm7
+        vpbroadcastd	%xmm6, %ymm6
+        vpbroadcastd	%xmm7, %ymm7
+        vpsllvd	%ymm13, %ymm6, %ymm6
+        vpsllvd	%ymm13, %ymm7, %ymm7
+        vpsrad	$31, %ymm6, %ymm6
+        vpsrad	$31, %ymm7, %ymm7
+        vpsrld	$31, %ymm2, %ymm2
+        vpsrld	$31, %ymm3, %ymm3
+        vpslld	$0x01, %ymm2, %ymm2
+        vpslld	$0x01, %ymm3, %ymm3
+        vpsubd	%ymm2, %ymm14, %ymm2
+        vpsubd	%ymm3, %ymm14, %ymm3
+        vpand	%ymm6, %ymm2, %ymm2
+        vpand	%ymm7, %ymm3, %ymm3
+        vpaddd	%ymm2, %ymm4, %ymm4
+        vpaddd	%ymm3, %ymm5, %ymm5
+        vpcmpgtd	%ymm4, %ymm12, %ymm0
+        vpcmpgtd	%ymm5, %ymm12, %ymm1
+        vpand	%ymm0, %ymm4, %ymm4
+        vpand	%ymm1, %ymm5, %ymm5
+        vpsrad	$31, %ymm4, %ymm0
+        vpsrad	$31, %ymm5, %ymm1
+        vpand	%ymm12, %ymm0, %ymm0
+        vpand	%ymm12, %ymm1, %ymm1
+        vpaddd	%ymm0, %ymm4, %ymm4
+        vpaddd	%ymm1, %ymm5, %ymm5
+        vmovdqu	%ymm4, 3456(%rdi)
+        vmovdqu	%ymm5, 3488(%rdi)
+        vmovdqu	3520(%rdi), %ymm0
+        vmovdqu	3552(%rdi), %ymm1
+        vpsrad	$31, %ymm0, %ymm2
+        vpsrad	$31, %ymm1, %ymm3
+        vpand	%ymm8, %ymm2, %ymm2
+        vpand	%ymm8, %ymm3, %ymm3
+        vpaddd	%ymm2, %ymm0, %ymm0
+        vpaddd	%ymm3, %ymm1, %ymm1
+        vpmulld	%ymm12, %ymm0, %ymm4
+        vpmulld	%ymm12, %ymm1, %ymm5
+        vpaddd	%ymm11, %ymm4, %ymm4
+        vpaddd	%ymm11, %ymm5, %ymm5
+        vpsrld	$23, %ymm4, %ymm4
+        vpsrld	$23, %ymm5, %ymm5
+        vpmulld	%ymm10, %ymm4, %ymm2
+        vpmulld	%ymm10, %ymm5, %ymm3
+        vpsubd	%ymm2, %ymm0, %ymm2
+        vpsubd	%ymm3, %ymm1, %ymm3
+        vpsubd	%ymm2, %ymm9, %ymm2
+        vpsubd	%ymm3, %ymm9, %ymm3
+        vpsrld	$31, %ymm2, %ymm2
+        vpsrld	$31, %ymm3, %ymm3
+        vpaddd	%ymm2, %ymm4, %ymm4
+        vpaddd	%ymm3, %ymm5, %ymm5
+        vpmulld	%ymm10, %ymm4, %ymm2
+        vpmulld	%ymm10, %ymm5, %ymm3
+        vpsubd	%ymm2, %ymm0, %ymm2
+        vpsubd	%ymm3, %ymm1, %ymm3
+        vpcmpeqd	%ymm12, %ymm4, %ymm0
+        vpcmpeqd	%ymm12, %ymm5, %ymm1
+        vpaddd	%ymm0, %ymm2, %ymm2
+        vpaddd	%ymm1, %ymm3, %ymm3
+        vpcmpgtd	%ymm4, %ymm12, %ymm0
+        vpcmpgtd	%ymm5, %ymm12, %ymm1
+        vpand	%ymm0, %ymm4, %ymm4
+        vpand	%ymm1, %ymm5, %ymm5
+        movq	$0x01, %r9
+        xorq	%r10, %r10
+        xorq	%rcx, %rcx
+L_mldsa_use_hint_88_avx2_hints_next_3_7:
+        cmp	%dl, %al
+        jge	L_mldsa_use_hint_88_avx2_hints_done_3_7
+        mov	%r8b, %cl
+        sub	$0x70, %cl
+        cmpq	$16, %rcx
+        jge	L_mldsa_use_hint_88_avx2_hints_done_3_7
+        mov	%r9, %r11
+        shlq	%cl, %r11
+        orq	%r11, %r10
+        inc	%al
+        mov	(%rsi,%rax,1), %r8b
+        jmp	L_mldsa_use_hint_88_avx2_hints_next_3_7
+L_mldsa_use_hint_88_avx2_hints_done_3_7:
+        movd	%r10d, %xmm6
+        shr	$8, %r10
+        movd	%r10d, %xmm7
+        vpbroadcastd	%xmm6, %ymm6
+        vpbroadcastd	%xmm7, %ymm7
+        vpsllvd	%ymm13, %ymm6, %ymm6
+        vpsllvd	%ymm13, %ymm7, %ymm7
+        vpsrad	$31, %ymm6, %ymm6
+        vpsrad	$31, %ymm7, %ymm7
+        vpsrld	$31, %ymm2, %ymm2
+        vpsrld	$31, %ymm3, %ymm3
+        vpslld	$0x01, %ymm2, %ymm2
+        vpslld	$0x01, %ymm3, %ymm3
+        vpsubd	%ymm2, %ymm14, %ymm2
+        vpsubd	%ymm3, %ymm14, %ymm3
+        vpand	%ymm6, %ymm2, %ymm2
+        vpand	%ymm7, %ymm3, %ymm3
+        vpaddd	%ymm2, %ymm4, %ymm4
+        vpaddd	%ymm3, %ymm5, %ymm5
+        vpcmpgtd	%ymm4, %ymm12, %ymm0
+        vpcmpgtd	%ymm5, %ymm12, %ymm1
+        vpand	%ymm0, %ymm4, %ymm4
+        vpand	%ymm1, %ymm5, %ymm5
+        vpsrad	$31, %ymm4, %ymm0
+        vpsrad	$31, %ymm5, %ymm1
+        vpand	%ymm12, %ymm0, %ymm0
+        vpand	%ymm12, %ymm1, %ymm1
+        vpaddd	%ymm0, %ymm4, %ymm4
+        vpaddd	%ymm1, %ymm5, %ymm5
+        vmovdqu	%ymm4, 3520(%rdi)
+        vmovdqu	%ymm5, 3552(%rdi)
+        vmovdqu	3584(%rdi), %ymm0
+        vmovdqu	3616(%rdi), %ymm1
+        vpsrad	$31, %ymm0, %ymm2
+        vpsrad	$31, %ymm1, %ymm3
+        vpand	%ymm8, %ymm2, %ymm2
+        vpand	%ymm8, %ymm3, %ymm3
+        vpaddd	%ymm2, %ymm0, %ymm0
+        vpaddd	%ymm3, %ymm1, %ymm1
+        vpmulld	%ymm12, %ymm0, %ymm4
+        vpmulld	%ymm12, %ymm1, %ymm5
+        vpaddd	%ymm11, %ymm4, %ymm4
+        vpaddd	%ymm11, %ymm5, %ymm5
+        vpsrld	$23, %ymm4, %ymm4
+        vpsrld	$23, %ymm5, %ymm5
+        vpmulld	%ymm10, %ymm4, %ymm2
+        vpmulld	%ymm10, %ymm5, %ymm3
+        vpsubd	%ymm2, %ymm0, %ymm2
+        vpsubd	%ymm3, %ymm1, %ymm3
+        vpsubd	%ymm2, %ymm9, %ymm2
+        vpsubd	%ymm3, %ymm9, %ymm3
+        vpsrld	$31, %ymm2, %ymm2
+        vpsrld	$31, %ymm3, %ymm3
+        vpaddd	%ymm2, %ymm4, %ymm4
+        vpaddd	%ymm3, %ymm5, %ymm5
+        vpmulld	%ymm10, %ymm4, %ymm2
+        vpmulld	%ymm10, %ymm5, %ymm3
+        vpsubd	%ymm2, %ymm0, %ymm2
+        vpsubd	%ymm3, %ymm1, %ymm3
+        vpcmpeqd	%ymm12, %ymm4, %ymm0
+        vpcmpeqd	%ymm12, %ymm5, %ymm1
+        vpaddd	%ymm0, %ymm2, %ymm2
+        vpaddd	%ymm1, %ymm3, %ymm3
+        vpcmpgtd	%ymm4, %ymm12, %ymm0
+        vpcmpgtd	%ymm5, %ymm12, %ymm1
+        vpand	%ymm0, %ymm4, %ymm4
+        vpand	%ymm1, %ymm5, %ymm5
+        movq	$0x01, %r9
+        xorq	%r10, %r10
+        xorq	%rcx, %rcx
+L_mldsa_use_hint_88_avx2_hints_next_3_8:
+        cmp	%dl, %al
+        jge	L_mldsa_use_hint_88_avx2_hints_done_3_8
+        mov	%r8b, %cl
+        sub	$0x80, %cl
+        cmpq	$16, %rcx
+        jge	L_mldsa_use_hint_88_avx2_hints_done_3_8
+        mov	%r9, %r11
+        shlq	%cl, %r11
+        orq	%r11, %r10
+        inc	%al
+        mov	(%rsi,%rax,1), %r8b
+        jmp	L_mldsa_use_hint_88_avx2_hints_next_3_8
+L_mldsa_use_hint_88_avx2_hints_done_3_8:
+        movd	%r10d, %xmm6
+        shr	$8, %r10
+        movd	%r10d, %xmm7
+        vpbroadcastd	%xmm6, %ymm6
+        vpbroadcastd	%xmm7, %ymm7
+        vpsllvd	%ymm13, %ymm6, %ymm6
+        vpsllvd	%ymm13, %ymm7, %ymm7
+        vpsrad	$31, %ymm6, %ymm6
+        vpsrad	$31, %ymm7, %ymm7
+        vpsrld	$31, %ymm2, %ymm2
+        vpsrld	$31, %ymm3, %ymm3
+        vpslld	$0x01, %ymm2, %ymm2
+        vpslld	$0x01, %ymm3, %ymm3
+        vpsubd	%ymm2, %ymm14, %ymm2
+        vpsubd	%ymm3, %ymm14, %ymm3
+        vpand	%ymm6, %ymm2, %ymm2
+        vpand	%ymm7, %ymm3, %ymm3
+        vpaddd	%ymm2, %ymm4, %ymm4
+        vpaddd	%ymm3, %ymm5, %ymm5
+        vpcmpgtd	%ymm4, %ymm12, %ymm0
+        vpcmpgtd	%ymm5, %ymm12, %ymm1
+        vpand	%ymm0, %ymm4, %ymm4
+        vpand	%ymm1, %ymm5, %ymm5
+        vpsrad	$31, %ymm4, %ymm0
+        vpsrad	$31, %ymm5, %ymm1
+        vpand	%ymm12, %ymm0, %ymm0
+        vpand	%ymm12, %ymm1, %ymm1
+        vpaddd	%ymm0, %ymm4, %ymm4
+        vpaddd	%ymm1, %ymm5, %ymm5
+        vmovdqu	%ymm4, 3584(%rdi)
+        vmovdqu	%ymm5, 3616(%rdi)
+        vmovdqu	3648(%rdi), %ymm0
+        vmovdqu	3680(%rdi), %ymm1
+        vpsrad	$31, %ymm0, %ymm2
+        vpsrad	$31, %ymm1, %ymm3
+        vpand	%ymm8, %ymm2, %ymm2
+        vpand	%ymm8, %ymm3, %ymm3
+        vpaddd	%ymm2, %ymm0, %ymm0
+        vpaddd	%ymm3, %ymm1, %ymm1
+        vpmulld	%ymm12, %ymm0, %ymm4
+        vpmulld	%ymm12, %ymm1, %ymm5
+        vpaddd	%ymm11, %ymm4, %ymm4
+        vpaddd	%ymm11, %ymm5, %ymm5
+        vpsrld	$23, %ymm4, %ymm4
+        vpsrld	$23, %ymm5, %ymm5
+        vpmulld	%ymm10, %ymm4, %ymm2
+        vpmulld	%ymm10, %ymm5, %ymm3
+        vpsubd	%ymm2, %ymm0, %ymm2
+        vpsubd	%ymm3, %ymm1, %ymm3
+        vpsubd	%ymm2, %ymm9, %ymm2
+        vpsubd	%ymm3, %ymm9, %ymm3
+        vpsrld	$31, %ymm2, %ymm2
+        vpsrld	$31, %ymm3, %ymm3
+        vpaddd	%ymm2, %ymm4, %ymm4
+        vpaddd	%ymm3, %ymm5, %ymm5
+        vpmulld	%ymm10, %ymm4, %ymm2
+        vpmulld	%ymm10, %ymm5, %ymm3
+        vpsubd	%ymm2, %ymm0, %ymm2
+        vpsubd	%ymm3, %ymm1, %ymm3
+        vpcmpeqd	%ymm12, %ymm4, %ymm0
+        vpcmpeqd	%ymm12, %ymm5, %ymm1
+        vpaddd	%ymm0, %ymm2, %ymm2
+        vpaddd	%ymm1, %ymm3, %ymm3
+        vpcmpgtd	%ymm4, %ymm12, %ymm0
+        vpcmpgtd	%ymm5, %ymm12, %ymm1
+        vpand	%ymm0, %ymm4, %ymm4
+        vpand	%ymm1, %ymm5, %ymm5
+        movq	$0x01, %r9
+        xorq	%r10, %r10
+        xorq	%rcx, %rcx
+L_mldsa_use_hint_88_avx2_hints_next_3_9:
+        cmp	%dl, %al
+        jge	L_mldsa_use_hint_88_avx2_hints_done_3_9
+        mov	%r8b, %cl
+        sub	$0x90, %cl
+        cmpq	$16, %rcx
+        jge	L_mldsa_use_hint_88_avx2_hints_done_3_9
+        mov	%r9, %r11
+        shlq	%cl, %r11
+        orq	%r11, %r10
+        inc	%al
+        mov	(%rsi,%rax,1), %r8b
+        jmp	L_mldsa_use_hint_88_avx2_hints_next_3_9
+L_mldsa_use_hint_88_avx2_hints_done_3_9:
+        movd	%r10d, %xmm6
+        shr	$8, %r10
+        movd	%r10d, %xmm7
+        vpbroadcastd	%xmm6, %ymm6
+        vpbroadcastd	%xmm7, %ymm7
+        vpsllvd	%ymm13, %ymm6, %ymm6
+        vpsllvd	%ymm13, %ymm7, %ymm7
+        vpsrad	$31, %ymm6, %ymm6
+        vpsrad	$31, %ymm7, %ymm7
+        vpsrld	$31, %ymm2, %ymm2
+        vpsrld	$31, %ymm3, %ymm3
+        vpslld	$0x01, %ymm2, %ymm2
+        vpslld	$0x01, %ymm3, %ymm3
+        vpsubd	%ymm2, %ymm14, %ymm2
+        vpsubd	%ymm3, %ymm14, %ymm3
+        vpand	%ymm6, %ymm2, %ymm2
+        vpand	%ymm7, %ymm3, %ymm3
+        vpaddd	%ymm2, %ymm4, %ymm4
+        vpaddd	%ymm3, %ymm5, %ymm5
+        vpcmpgtd	%ymm4, %ymm12, %ymm0
+        vpcmpgtd	%ymm5, %ymm12, %ymm1
+        vpand	%ymm0, %ymm4, %ymm4
+        vpand	%ymm1, %ymm5, %ymm5
+        vpsrad	$31, %ymm4, %ymm0
+        vpsrad	$31, %ymm5, %ymm1
+        vpand	%ymm12, %ymm0, %ymm0
+        vpand	%ymm12, %ymm1, %ymm1
+        vpaddd	%ymm0, %ymm4, %ymm4
+        vpaddd	%ymm1, %ymm5, %ymm5
+        vmovdqu	%ymm4, 3648(%rdi)
+        vmovdqu	%ymm5, 3680(%rdi)
+        vmovdqu	3712(%rdi), %ymm0
+        vmovdqu	3744(%rdi), %ymm1
+        vpsrad	$31, %ymm0, %ymm2
+        vpsrad	$31, %ymm1, %ymm3
+        vpand	%ymm8, %ymm2, %ymm2
+        vpand	%ymm8, %ymm3, %ymm3
+        vpaddd	%ymm2, %ymm0, %ymm0
+        vpaddd	%ymm3, %ymm1, %ymm1
+        vpmulld	%ymm12, %ymm0, %ymm4
+        vpmulld	%ymm12, %ymm1, %ymm5
+        vpaddd	%ymm11, %ymm4, %ymm4
+        vpaddd	%ymm11, %ymm5, %ymm5
+        vpsrld	$23, %ymm4, %ymm4
+        vpsrld	$23, %ymm5, %ymm5
+        vpmulld	%ymm10, %ymm4, %ymm2
+        vpmulld	%ymm10, %ymm5, %ymm3
+        vpsubd	%ymm2, %ymm0, %ymm2
+        vpsubd	%ymm3, %ymm1, %ymm3
+        vpsubd	%ymm2, %ymm9, %ymm2
+        vpsubd	%ymm3, %ymm9, %ymm3
+        vpsrld	$31, %ymm2, %ymm2
+        vpsrld	$31, %ymm3, %ymm3
+        vpaddd	%ymm2, %ymm4, %ymm4
+        vpaddd	%ymm3, %ymm5, %ymm5
+        vpmulld	%ymm10, %ymm4, %ymm2
+        vpmulld	%ymm10, %ymm5, %ymm3
+        vpsubd	%ymm2, %ymm0, %ymm2
+        vpsubd	%ymm3, %ymm1, %ymm3
+        vpcmpeqd	%ymm12, %ymm4, %ymm0
+        vpcmpeqd	%ymm12, %ymm5, %ymm1
+        vpaddd	%ymm0, %ymm2, %ymm2
+        vpaddd	%ymm1, %ymm3, %ymm3
+        vpcmpgtd	%ymm4, %ymm12, %ymm0
+        vpcmpgtd	%ymm5, %ymm12, %ymm1
+        vpand	%ymm0, %ymm4, %ymm4
+        vpand	%ymm1, %ymm5, %ymm5
+        movq	$0x01, %r9
+        xorq	%r10, %r10
+        xorq	%rcx, %rcx
+L_mldsa_use_hint_88_avx2_hints_next_3_10:
+        cmp	%dl, %al
+        jge	L_mldsa_use_hint_88_avx2_hints_done_3_10
+        mov	%r8b, %cl
+        sub	$0xa0, %cl
+        cmpq	$16, %rcx
+        jge	L_mldsa_use_hint_88_avx2_hints_done_3_10
+        mov	%r9, %r11
+        shlq	%cl, %r11
+        orq	%r11, %r10
+        inc	%al
+        mov	(%rsi,%rax,1), %r8b
+        jmp	L_mldsa_use_hint_88_avx2_hints_next_3_10
+L_mldsa_use_hint_88_avx2_hints_done_3_10:
+        movd	%r10d, %xmm6
+        shr	$8, %r10
+        movd	%r10d, %xmm7
+        vpbroadcastd	%xmm6, %ymm6
+        vpbroadcastd	%xmm7, %ymm7
+        vpsllvd	%ymm13, %ymm6, %ymm6
+        vpsllvd	%ymm13, %ymm7, %ymm7
+        vpsrad	$31, %ymm6, %ymm6
+        vpsrad	$31, %ymm7, %ymm7
+        vpsrld	$31, %ymm2, %ymm2
+        vpsrld	$31, %ymm3, %ymm3
+        vpslld	$0x01, %ymm2, %ymm2
+        vpslld	$0x01, %ymm3, %ymm3
+        vpsubd	%ymm2, %ymm14, %ymm2
+        vpsubd	%ymm3, %ymm14, %ymm3
+        vpand	%ymm6, %ymm2, %ymm2
+        vpand	%ymm7, %ymm3, %ymm3
+        vpaddd	%ymm2, %ymm4, %ymm4
+        vpaddd	%ymm3, %ymm5, %ymm5
+        vpcmpgtd	%ymm4, %ymm12, %ymm0
+        vpcmpgtd	%ymm5, %ymm12, %ymm1
+        vpand	%ymm0, %ymm4, %ymm4
+        vpand	%ymm1, %ymm5, %ymm5
+        vpsrad	$31, %ymm4, %ymm0
+        vpsrad	$31, %ymm5, %ymm1
+        vpand	%ymm12, %ymm0, %ymm0
+        vpand	%ymm12, %ymm1, %ymm1
+        vpaddd	%ymm0, %ymm4, %ymm4
+        vpaddd	%ymm1, %ymm5, %ymm5
+        vmovdqu	%ymm4, 3712(%rdi)
+        vmovdqu	%ymm5, 3744(%rdi)
+        vmovdqu	3776(%rdi), %ymm0
+        vmovdqu	3808(%rdi), %ymm1
+        vpsrad	$31, %ymm0, %ymm2
+        vpsrad	$31, %ymm1, %ymm3
+        vpand	%ymm8, %ymm2, %ymm2
+        vpand	%ymm8, %ymm3, %ymm3
+        vpaddd	%ymm2, %ymm0, %ymm0
+        vpaddd	%ymm3, %ymm1, %ymm1
+        vpmulld	%ymm12, %ymm0, %ymm4
+        vpmulld	%ymm12, %ymm1, %ymm5
+        vpaddd	%ymm11, %ymm4, %ymm4
+        vpaddd	%ymm11, %ymm5, %ymm5
+        vpsrld	$23, %ymm4, %ymm4
+        vpsrld	$23, %ymm5, %ymm5
+        vpmulld	%ymm10, %ymm4, %ymm2
+        vpmulld	%ymm10, %ymm5, %ymm3
+        vpsubd	%ymm2, %ymm0, %ymm2
+        vpsubd	%ymm3, %ymm1, %ymm3
+        vpsubd	%ymm2, %ymm9, %ymm2
+        vpsubd	%ymm3, %ymm9, %ymm3
+        vpsrld	$31, %ymm2, %ymm2
+        vpsrld	$31, %ymm3, %ymm3
+        vpaddd	%ymm2, %ymm4, %ymm4
+        vpaddd	%ymm3, %ymm5, %ymm5
+        vpmulld	%ymm10, %ymm4, %ymm2
+        vpmulld	%ymm10, %ymm5, %ymm3
+        vpsubd	%ymm2, %ymm0, %ymm2
+        vpsubd	%ymm3, %ymm1, %ymm3
+        vpcmpeqd	%ymm12, %ymm4, %ymm0
+        vpcmpeqd	%ymm12, %ymm5, %ymm1
+        vpaddd	%ymm0, %ymm2, %ymm2
+        vpaddd	%ymm1, %ymm3, %ymm3
+        vpcmpgtd	%ymm4, %ymm12, %ymm0
+        vpcmpgtd	%ymm5, %ymm12, %ymm1
+        vpand	%ymm0, %ymm4, %ymm4
+        vpand	%ymm1, %ymm5, %ymm5
+        movq	$0x01, %r9
+        xorq	%r10, %r10
+        xorq	%rcx, %rcx
+L_mldsa_use_hint_88_avx2_hints_next_3_11:
+        cmp	%dl, %al
+        jge	L_mldsa_use_hint_88_avx2_hints_done_3_11
+        mov	%r8b, %cl
+        sub	$0xb0, %cl
+        cmpq	$16, %rcx
+        jge	L_mldsa_use_hint_88_avx2_hints_done_3_11
+        mov	%r9, %r11
+        shlq	%cl, %r11
+        orq	%r11, %r10
+        inc	%al
+        mov	(%rsi,%rax,1), %r8b
+        jmp	L_mldsa_use_hint_88_avx2_hints_next_3_11
+L_mldsa_use_hint_88_avx2_hints_done_3_11:
+        movd	%r10d, %xmm6
+        shr	$8, %r10
+        movd	%r10d, %xmm7
+        vpbroadcastd	%xmm6, %ymm6
+        vpbroadcastd	%xmm7, %ymm7
+        vpsllvd	%ymm13, %ymm6, %ymm6
+        vpsllvd	%ymm13, %ymm7, %ymm7
+        vpsrad	$31, %ymm6, %ymm6
+        vpsrad	$31, %ymm7, %ymm7
+        vpsrld	$31, %ymm2, %ymm2
+        vpsrld	$31, %ymm3, %ymm3
+        vpslld	$0x01, %ymm2, %ymm2
+        vpslld	$0x01, %ymm3, %ymm3
+        vpsubd	%ymm2, %ymm14, %ymm2
+        vpsubd	%ymm3, %ymm14, %ymm3
+        vpand	%ymm6, %ymm2, %ymm2
+        vpand	%ymm7, %ymm3, %ymm3
+        vpaddd	%ymm2, %ymm4, %ymm4
+        vpaddd	%ymm3, %ymm5, %ymm5
+        vpcmpgtd	%ymm4, %ymm12, %ymm0
+        vpcmpgtd	%ymm5, %ymm12, %ymm1
+        vpand	%ymm0, %ymm4, %ymm4
+        vpand	%ymm1, %ymm5, %ymm5
+        vpsrad	$31, %ymm4, %ymm0
+        vpsrad	$31, %ymm5, %ymm1
+        vpand	%ymm12, %ymm0, %ymm0
+        vpand	%ymm12, %ymm1, %ymm1
+        vpaddd	%ymm0, %ymm4, %ymm4
+        vpaddd	%ymm1, %ymm5, %ymm5
+        vmovdqu	%ymm4, 3776(%rdi)
+        vmovdqu	%ymm5, 3808(%rdi)
+        vmovdqu	3840(%rdi), %ymm0
+        vmovdqu	3872(%rdi), %ymm1
+        vpsrad	$31, %ymm0, %ymm2
+        vpsrad	$31, %ymm1, %ymm3
+        vpand	%ymm8, %ymm2, %ymm2
+        vpand	%ymm8, %ymm3, %ymm3
+        vpaddd	%ymm2, %ymm0, %ymm0
+        vpaddd	%ymm3, %ymm1, %ymm1
+        vpmulld	%ymm12, %ymm0, %ymm4
+        vpmulld	%ymm12, %ymm1, %ymm5
+        vpaddd	%ymm11, %ymm4, %ymm4
+        vpaddd	%ymm11, %ymm5, %ymm5
+        vpsrld	$23, %ymm4, %ymm4
+        vpsrld	$23, %ymm5, %ymm5
+        vpmulld	%ymm10, %ymm4, %ymm2
+        vpmulld	%ymm10, %ymm5, %ymm3
+        vpsubd	%ymm2, %ymm0, %ymm2
+        vpsubd	%ymm3, %ymm1, %ymm3
+        vpsubd	%ymm2, %ymm9, %ymm2
+        vpsubd	%ymm3, %ymm9, %ymm3
+        vpsrld	$31, %ymm2, %ymm2
+        vpsrld	$31, %ymm3, %ymm3
+        vpaddd	%ymm2, %ymm4, %ymm4
+        vpaddd	%ymm3, %ymm5, %ymm5
+        vpmulld	%ymm10, %ymm4, %ymm2
+        vpmulld	%ymm10, %ymm5, %ymm3
+        vpsubd	%ymm2, %ymm0, %ymm2
+        vpsubd	%ymm3, %ymm1, %ymm3
+        vpcmpeqd	%ymm12, %ymm4, %ymm0
+        vpcmpeqd	%ymm12, %ymm5, %ymm1
+        vpaddd	%ymm0, %ymm2, %ymm2
+        vpaddd	%ymm1, %ymm3, %ymm3
+        vpcmpgtd	%ymm4, %ymm12, %ymm0
+        vpcmpgtd	%ymm5, %ymm12, %ymm1
+        vpand	%ymm0, %ymm4, %ymm4
+        vpand	%ymm1, %ymm5, %ymm5
+        movq	$0x01, %r9
+        xorq	%r10, %r10
+        xorq	%rcx, %rcx
+L_mldsa_use_hint_88_avx2_hints_next_3_12:
+        cmp	%dl, %al
+        jge	L_mldsa_use_hint_88_avx2_hints_done_3_12
+        mov	%r8b, %cl
+        sub	$0xc0, %cl
+        cmpq	$16, %rcx
+        jge	L_mldsa_use_hint_88_avx2_hints_done_3_12
+        mov	%r9, %r11
+        shlq	%cl, %r11
+        orq	%r11, %r10
+        inc	%al
+        mov	(%rsi,%rax,1), %r8b
+        jmp	L_mldsa_use_hint_88_avx2_hints_next_3_12
+L_mldsa_use_hint_88_avx2_hints_done_3_12:
+        movd	%r10d, %xmm6
+        shr	$8, %r10
+        movd	%r10d, %xmm7
+        vpbroadcastd	%xmm6, %ymm6
+        vpbroadcastd	%xmm7, %ymm7
+        vpsllvd	%ymm13, %ymm6, %ymm6
+        vpsllvd	%ymm13, %ymm7, %ymm7
+        vpsrad	$31, %ymm6, %ymm6
+        vpsrad	$31, %ymm7, %ymm7
+        vpsrld	$31, %ymm2, %ymm2
+        vpsrld	$31, %ymm3, %ymm3
+        vpslld	$0x01, %ymm2, %ymm2
+        vpslld	$0x01, %ymm3, %ymm3
+        vpsubd	%ymm2, %ymm14, %ymm2
+        vpsubd	%ymm3, %ymm14, %ymm3
+        vpand	%ymm6, %ymm2, %ymm2
+        vpand	%ymm7, %ymm3, %ymm3
+        vpaddd	%ymm2, %ymm4, %ymm4
+        vpaddd	%ymm3, %ymm5, %ymm5
+        vpcmpgtd	%ymm4, %ymm12, %ymm0
+        vpcmpgtd	%ymm5, %ymm12, %ymm1
+        vpand	%ymm0, %ymm4, %ymm4
+        vpand	%ymm1, %ymm5, %ymm5
+        vpsrad	$31, %ymm4, %ymm0
+        vpsrad	$31, %ymm5, %ymm1
+        vpand	%ymm12, %ymm0, %ymm0
+        vpand	%ymm12, %ymm1, %ymm1
+        vpaddd	%ymm0, %ymm4, %ymm4
+        vpaddd	%ymm1, %ymm5, %ymm5
+        vmovdqu	%ymm4, 3840(%rdi)
+        vmovdqu	%ymm5, 3872(%rdi)
+        vmovdqu	3904(%rdi), %ymm0
+        vmovdqu	3936(%rdi), %ymm1
+        vpsrad	$31, %ymm0, %ymm2
+        vpsrad	$31, %ymm1, %ymm3
+        vpand	%ymm8, %ymm2, %ymm2
+        vpand	%ymm8, %ymm3, %ymm3
+        vpaddd	%ymm2, %ymm0, %ymm0
+        vpaddd	%ymm3, %ymm1, %ymm1
+        vpmulld	%ymm12, %ymm0, %ymm4
+        vpmulld	%ymm12, %ymm1, %ymm5
+        vpaddd	%ymm11, %ymm4, %ymm4
+        vpaddd	%ymm11, %ymm5, %ymm5
+        vpsrld	$23, %ymm4, %ymm4
+        vpsrld	$23, %ymm5, %ymm5
+        vpmulld	%ymm10, %ymm4, %ymm2
+        vpmulld	%ymm10, %ymm5, %ymm3
+        vpsubd	%ymm2, %ymm0, %ymm2
+        vpsubd	%ymm3, %ymm1, %ymm3
+        vpsubd	%ymm2, %ymm9, %ymm2
+        vpsubd	%ymm3, %ymm9, %ymm3
+        vpsrld	$31, %ymm2, %ymm2
+        vpsrld	$31, %ymm3, %ymm3
+        vpaddd	%ymm2, %ymm4, %ymm4
+        vpaddd	%ymm3, %ymm5, %ymm5
+        vpmulld	%ymm10, %ymm4, %ymm2
+        vpmulld	%ymm10, %ymm5, %ymm3
+        vpsubd	%ymm2, %ymm0, %ymm2
+        vpsubd	%ymm3, %ymm1, %ymm3
+        vpcmpeqd	%ymm12, %ymm4, %ymm0
+        vpcmpeqd	%ymm12, %ymm5, %ymm1
+        vpaddd	%ymm0, %ymm2, %ymm2
+        vpaddd	%ymm1, %ymm3, %ymm3
+        vpcmpgtd	%ymm4, %ymm12, %ymm0
+        vpcmpgtd	%ymm5, %ymm12, %ymm1
+        vpand	%ymm0, %ymm4, %ymm4
+        vpand	%ymm1, %ymm5, %ymm5
+        movq	$0x01, %r9
+        xorq	%r10, %r10
+        xorq	%rcx, %rcx
+L_mldsa_use_hint_88_avx2_hints_next_3_13:
+        cmp	%dl, %al
+        jge	L_mldsa_use_hint_88_avx2_hints_done_3_13
+        mov	%r8b, %cl
+        sub	$0xd0, %cl
+        cmpq	$16, %rcx
+        jge	L_mldsa_use_hint_88_avx2_hints_done_3_13
+        mov	%r9, %r11
+        shlq	%cl, %r11
+        orq	%r11, %r10
+        inc	%al
+        mov	(%rsi,%rax,1), %r8b
+        jmp	L_mldsa_use_hint_88_avx2_hints_next_3_13
+L_mldsa_use_hint_88_avx2_hints_done_3_13:
+        movd	%r10d, %xmm6
+        shr	$8, %r10
+        movd	%r10d, %xmm7
+        vpbroadcastd	%xmm6, %ymm6
+        vpbroadcastd	%xmm7, %ymm7
+        vpsllvd	%ymm13, %ymm6, %ymm6
+        vpsllvd	%ymm13, %ymm7, %ymm7
+        vpsrad	$31, %ymm6, %ymm6
+        vpsrad	$31, %ymm7, %ymm7
+        vpsrld	$31, %ymm2, %ymm2
+        vpsrld	$31, %ymm3, %ymm3
+        vpslld	$0x01, %ymm2, %ymm2
+        vpslld	$0x01, %ymm3, %ymm3
+        vpsubd	%ymm2, %ymm14, %ymm2
+        vpsubd	%ymm3, %ymm14, %ymm3
+        vpand	%ymm6, %ymm2, %ymm2
+        vpand	%ymm7, %ymm3, %ymm3
+        vpaddd	%ymm2, %ymm4, %ymm4
+        vpaddd	%ymm3, %ymm5, %ymm5
+        vpcmpgtd	%ymm4, %ymm12, %ymm0
+        vpcmpgtd	%ymm5, %ymm12, %ymm1
+        vpand	%ymm0, %ymm4, %ymm4
+        vpand	%ymm1, %ymm5, %ymm5
+        vpsrad	$31, %ymm4, %ymm0
+        vpsrad	$31, %ymm5, %ymm1
+        vpand	%ymm12, %ymm0, %ymm0
+        vpand	%ymm12, %ymm1, %ymm1
+        vpaddd	%ymm0, %ymm4, %ymm4
+        vpaddd	%ymm1, %ymm5, %ymm5
+        vmovdqu	%ymm4, 3904(%rdi)
+        vmovdqu	%ymm5, 3936(%rdi)
+        vmovdqu	3968(%rdi), %ymm0
+        vmovdqu	4000(%rdi), %ymm1
+        vpsrad	$31, %ymm0, %ymm2
+        vpsrad	$31, %ymm1, %ymm3
+        vpand	%ymm8, %ymm2, %ymm2
+        vpand	%ymm8, %ymm3, %ymm3
+        vpaddd	%ymm2, %ymm0, %ymm0
+        vpaddd	%ymm3, %ymm1, %ymm1
+        vpmulld	%ymm12, %ymm0, %ymm4
+        vpmulld	%ymm12, %ymm1, %ymm5
+        vpaddd	%ymm11, %ymm4, %ymm4
+        vpaddd	%ymm11, %ymm5, %ymm5
+        vpsrld	$23, %ymm4, %ymm4
+        vpsrld	$23, %ymm5, %ymm5
+        vpmulld	%ymm10, %ymm4, %ymm2
+        vpmulld	%ymm10, %ymm5, %ymm3
+        vpsubd	%ymm2, %ymm0, %ymm2
+        vpsubd	%ymm3, %ymm1, %ymm3
+        vpsubd	%ymm2, %ymm9, %ymm2
+        vpsubd	%ymm3, %ymm9, %ymm3
+        vpsrld	$31, %ymm2, %ymm2
+        vpsrld	$31, %ymm3, %ymm3
+        vpaddd	%ymm2, %ymm4, %ymm4
+        vpaddd	%ymm3, %ymm5, %ymm5
+        vpmulld	%ymm10, %ymm4, %ymm2
+        vpmulld	%ymm10, %ymm5, %ymm3
+        vpsubd	%ymm2, %ymm0, %ymm2
+        vpsubd	%ymm3, %ymm1, %ymm3
+        vpcmpeqd	%ymm12, %ymm4, %ymm0
+        vpcmpeqd	%ymm12, %ymm5, %ymm1
+        vpaddd	%ymm0, %ymm2, %ymm2
+        vpaddd	%ymm1, %ymm3, %ymm3
+        vpcmpgtd	%ymm4, %ymm12, %ymm0
+        vpcmpgtd	%ymm5, %ymm12, %ymm1
+        vpand	%ymm0, %ymm4, %ymm4
+        vpand	%ymm1, %ymm5, %ymm5
+        movq	$0x01, %r9
+        xorq	%r10, %r10
+        xorq	%rcx, %rcx
+L_mldsa_use_hint_88_avx2_hints_next_3_14:
+        cmp	%dl, %al
+        jge	L_mldsa_use_hint_88_avx2_hints_done_3_14
+        mov	%r8b, %cl
+        sub	$0xe0, %cl
+        cmpq	$16, %rcx
+        jge	L_mldsa_use_hint_88_avx2_hints_done_3_14
+        mov	%r9, %r11
+        shlq	%cl, %r11
+        orq	%r11, %r10
+        inc	%al
+        mov	(%rsi,%rax,1), %r8b
+        jmp	L_mldsa_use_hint_88_avx2_hints_next_3_14
+L_mldsa_use_hint_88_avx2_hints_done_3_14:
+        movd	%r10d, %xmm6
+        shr	$8, %r10
+        movd	%r10d, %xmm7
+        vpbroadcastd	%xmm6, %ymm6
+        vpbroadcastd	%xmm7, %ymm7
+        vpsllvd	%ymm13, %ymm6, %ymm6
+        vpsllvd	%ymm13, %ymm7, %ymm7
+        vpsrad	$31, %ymm6, %ymm6
+        vpsrad	$31, %ymm7, %ymm7
+        vpsrld	$31, %ymm2, %ymm2
+        vpsrld	$31, %ymm3, %ymm3
+        vpslld	$0x01, %ymm2, %ymm2
+        vpslld	$0x01, %ymm3, %ymm3
+        vpsubd	%ymm2, %ymm14, %ymm2
+        vpsubd	%ymm3, %ymm14, %ymm3
+        vpand	%ymm6, %ymm2, %ymm2
+        vpand	%ymm7, %ymm3, %ymm3
+        vpaddd	%ymm2, %ymm4, %ymm4
+        vpaddd	%ymm3, %ymm5, %ymm5
+        vpcmpgtd	%ymm4, %ymm12, %ymm0
+        vpcmpgtd	%ymm5, %ymm12, %ymm1
+        vpand	%ymm0, %ymm4, %ymm4
+        vpand	%ymm1, %ymm5, %ymm5
+        vpsrad	$31, %ymm4, %ymm0
+        vpsrad	$31, %ymm5, %ymm1
+        vpand	%ymm12, %ymm0, %ymm0
+        vpand	%ymm12, %ymm1, %ymm1
+        vpaddd	%ymm0, %ymm4, %ymm4
+        vpaddd	%ymm1, %ymm5, %ymm5
+        vmovdqu	%ymm4, 3968(%rdi)
+        vmovdqu	%ymm5, 4000(%rdi)
+        vmovdqu	4032(%rdi), %ymm0
+        vmovdqu	4064(%rdi), %ymm1
+        vpsrad	$31, %ymm0, %ymm2
+        vpsrad	$31, %ymm1, %ymm3
+        vpand	%ymm8, %ymm2, %ymm2
+        vpand	%ymm8, %ymm3, %ymm3
+        vpaddd	%ymm2, %ymm0, %ymm0
+        vpaddd	%ymm3, %ymm1, %ymm1
+        vpmulld	%ymm12, %ymm0, %ymm4
+        vpmulld	%ymm12, %ymm1, %ymm5
+        vpaddd	%ymm11, %ymm4, %ymm4
+        vpaddd	%ymm11, %ymm5, %ymm5
+        vpsrld	$23, %ymm4, %ymm4
+        vpsrld	$23, %ymm5, %ymm5
+        vpmulld	%ymm10, %ymm4, %ymm2
+        vpmulld	%ymm10, %ymm5, %ymm3
+        vpsubd	%ymm2, %ymm0, %ymm2
+        vpsubd	%ymm3, %ymm1, %ymm3
+        vpsubd	%ymm2, %ymm9, %ymm2
+        vpsubd	%ymm3, %ymm9, %ymm3
+        vpsrld	$31, %ymm2, %ymm2
+        vpsrld	$31, %ymm3, %ymm3
+        vpaddd	%ymm2, %ymm4, %ymm4
+        vpaddd	%ymm3, %ymm5, %ymm5
+        vpmulld	%ymm10, %ymm4, %ymm2
+        vpmulld	%ymm10, %ymm5, %ymm3
+        vpsubd	%ymm2, %ymm0, %ymm2
+        vpsubd	%ymm3, %ymm1, %ymm3
+        vpcmpeqd	%ymm12, %ymm4, %ymm0
+        vpcmpeqd	%ymm12, %ymm5, %ymm1
+        vpaddd	%ymm0, %ymm2, %ymm2
+        vpaddd	%ymm1, %ymm3, %ymm3
+        vpcmpgtd	%ymm4, %ymm12, %ymm0
+        vpcmpgtd	%ymm5, %ymm12, %ymm1
+        vpand	%ymm0, %ymm4, %ymm4
+        vpand	%ymm1, %ymm5, %ymm5
+        movq	$0x01, %r9
+        xorq	%r10, %r10
+        xorq	%rcx, %rcx
+L_mldsa_use_hint_88_avx2_hints_next_3_15:
+        cmp	%dl, %al
+        jge	L_mldsa_use_hint_88_avx2_hints_done_3_15
+        mov	%r8b, %cl
+        sub	$0xf0, %cl
+        cmpq	$16, %rcx
+        jge	L_mldsa_use_hint_88_avx2_hints_done_3_15
+        mov	%r9, %r11
+        shlq	%cl, %r11
+        orq	%r11, %r10
+        inc	%al
+        mov	(%rsi,%rax,1), %r8b
+        jmp	L_mldsa_use_hint_88_avx2_hints_next_3_15
+L_mldsa_use_hint_88_avx2_hints_done_3_15:
+        movd	%r10d, %xmm6
+        shr	$8, %r10
+        movd	%r10d, %xmm7
+        vpbroadcastd	%xmm6, %ymm6
+        vpbroadcastd	%xmm7, %ymm7
+        vpsllvd	%ymm13, %ymm6, %ymm6
+        vpsllvd	%ymm13, %ymm7, %ymm7
+        vpsrad	$31, %ymm6, %ymm6
+        vpsrad	$31, %ymm7, %ymm7
+        vpsrld	$31, %ymm2, %ymm2
+        vpsrld	$31, %ymm3, %ymm3
+        vpslld	$0x01, %ymm2, %ymm2
+        vpslld	$0x01, %ymm3, %ymm3
+        vpsubd	%ymm2, %ymm14, %ymm2
+        vpsubd	%ymm3, %ymm14, %ymm3
+        vpand	%ymm6, %ymm2, %ymm2
+        vpand	%ymm7, %ymm3, %ymm3
+        vpaddd	%ymm2, %ymm4, %ymm4
+        vpaddd	%ymm3, %ymm5, %ymm5
+        vpcmpgtd	%ymm4, %ymm12, %ymm0
+        vpcmpgtd	%ymm5, %ymm12, %ymm1
+        vpand	%ymm0, %ymm4, %ymm4
+        vpand	%ymm1, %ymm5, %ymm5
+        vpsrad	$31, %ymm4, %ymm0
+        vpsrad	$31, %ymm5, %ymm1
+        vpand	%ymm12, %ymm0, %ymm0
+        vpand	%ymm12, %ymm1, %ymm1
+        vpaddd	%ymm0, %ymm4, %ymm4
+        vpaddd	%ymm1, %ymm5, %ymm5
+        vmovdqu	%ymm4, 4032(%rdi)
+        vmovdqu	%ymm5, 4064(%rdi)
+        vzeroupper
+        repz retq
+#ifndef __APPLE__
+.size	wc_mldsa_use_hint_88_avx2,.-wc_mldsa_use_hint_88_avx2
+#endif /* __APPLE__ */
+#ifndef __APPLE__
+.data
+#else
+.section	__DATA,__data
+#endif /* __APPLE__ */
+L_mldsa_use_hint_32_avx2_q:
+.long	0x007fe001,0x007fe001,0x007fe001,0x007fe001
+.long	0x007fe001,0x007fe001,0x007fe001,0x007fe001
+#ifndef __APPLE__
+.data
+#else
+.section	__DATA,__data
+#endif /* __APPLE__ */
+L_mldsa_use_hint_32_avx2_q_low_32:
+.long	0x0003ff00,0x0003ff00,0x0003ff00,0x0003ff00
+.long	0x0003ff00,0x0003ff00,0x0003ff00,0x0003ff00
+#ifndef __APPLE__
+.data
+#else
+.section	__DATA,__data
+#endif /* __APPLE__ */
+L_mldsa_use_hint_32_avx2_q_low_32_2:
+.long	0x0007fe00,0x0007fe00,0x0007fe00,0x0007fe00
+.long	0x0007fe00,0x0007fe00,0x0007fe00,0x0007fe00
+#ifndef __APPLE__
+.data
+#else
+.section	__DATA,__data
+#endif /* __APPLE__ */
+L_mldsa_use_hint_32_avx2_q_low_32_m1:
+.long	0x0003feff,0x0003feff,0x0003feff,0x0003feff
+.long	0x0003feff,0x0003feff,0x0003feff,0x0003feff
+#ifndef __APPLE__
+.data
+#else
+.section	__DATA,__data
+#endif /* __APPLE__ */
+L_mldsa_use_hint_32_avx2_mask:
+.long	0x0000000f,0x0000000f,0x0000000f,0x0000000f
+.long	0x0000000f,0x0000000f,0x0000000f,0x0000000f
+#ifndef __APPLE__
+.data
+#else
+.section	__DATA,__data
+#endif /* __APPLE__ */
+L_mldsa_use_hint_32_avx2_vsl:
+.long	0x0000001f,0x0000001e,0x0000001d,0x0000001c
+.long	0x0000001b,0x0000001a,0x00000019,0x00000018
+#ifndef __APPLE__
+.data
+#else
+.section	__DATA,__data
+#endif /* __APPLE__ */
+L_mldsa_use_hint_32_avx2_one:
+.long	0x00000001,0x00000001,0x00000001,0x00000001
+.long	0x00000001,0x00000001,0x00000001,0x00000001
+#ifndef __APPLE__
+.text
+.globl	wc_mldsa_use_hint_32_avx2
+.type	wc_mldsa_use_hint_32_avx2,@function
+.align	16
+wc_mldsa_use_hint_32_avx2:
+#else
+.section	__TEXT,__text
+.globl	_wc_mldsa_use_hint_32_avx2
+.p2align	4
+_wc_mldsa_use_hint_32_avx2:
+#endif /* __APPLE__ */
+        pushq	%r12
+        pushq	%r13
+        vpxor	%ymm8, %ymm8, %ymm8
+        vmovdqu	L_mldsa_use_hint_32_avx2_q(%rip), %ymm8
+        vmovdqu	L_mldsa_use_hint_32_avx2_q_low_32(%rip), %ymm9
+        vmovdqu	L_mldsa_use_hint_32_avx2_q_low_32_2(%rip), %ymm10
+        vmovdqu	L_mldsa_use_hint_32_avx2_q_low_32_m1(%rip), %ymm11
+        vmovdqu	L_mldsa_use_hint_32_avx2_mask(%rip), %ymm12
+        vmovdqu	L_mldsa_use_hint_32_avx2_vsl(%rip), %ymm13
+        vmovdqu	L_mldsa_use_hint_32_avx2_one(%rip), %ymm14
+        xorq	%r8, %r8
+        mov	(%rdx), %r9b
+        imulq	$10, %rsi, %r13
+        subq	$5, %r13
+L_mldsa_use_hint_32_avx2_start_256:
+        mov	(%rdx,%r13,1), %al
+        incq	%r13
+        vmovdqu	(%rdi), %ymm0
+        vmovdqu	32(%rdi), %ymm1
+        vpsrad	$31, %ymm0, %ymm2
+        vpsrad	$31, %ymm1, %ymm3
+        vpand	%ymm8, %ymm2, %ymm2
+        vpand	%ymm8, %ymm3, %ymm3
+        vpaddd	%ymm2, %ymm0, %ymm0
+        vpaddd	%ymm3, %ymm1, %ymm1
+        vpaddd	%ymm11, %ymm0, %ymm4
+        vpaddd	%ymm11, %ymm1, %ymm5
+        vpsrld	$19, %ymm4, %ymm4
+        vpsrld	$19, %ymm5, %ymm5
+        vpmulld	%ymm10, %ymm4, %ymm2
+        vpmulld	%ymm10, %ymm5, %ymm3
+        vpsubd	%ymm2, %ymm0, %ymm2
+        vpsubd	%ymm3, %ymm1, %ymm3
+        vpsubd	%ymm2, %ymm9, %ymm2
+        vpsubd	%ymm3, %ymm9, %ymm3
+        vpsrld	$31, %ymm2, %ymm2
+        vpsrld	$31, %ymm3, %ymm3
+        vpaddd	%ymm2, %ymm4, %ymm4
+        vpaddd	%ymm3, %ymm5, %ymm5
+        vpmulld	%ymm10, %ymm4, %ymm2
+        vpmulld	%ymm10, %ymm5, %ymm3
+        vpsubd	%ymm2, %ymm0, %ymm2
+        vpsubd	%ymm3, %ymm1, %ymm3
+        vpsrld	$4, %ymm4, %ymm0
+        vpsrld	$4, %ymm5, %ymm1
+        vpsubd	%ymm0, %ymm2, %ymm2
+        vpsubd	%ymm1, %ymm3, %ymm3
+        vpand	%ymm12, %ymm4, %ymm4
+        vpand	%ymm12, %ymm5, %ymm5
+        movq	$0x01, %r10
+        xorq	%r11, %r11
+        xorq	%rcx, %rcx
+L_mldsa_use_hint_32_avx2_hints_next__0:
+        cmp	%al, %r8b
+        jge	L_mldsa_use_hint_32_avx2_hints_done__0
+        mov	%r9b, %cl
+        cmpq	$16, %rcx
+        jge	L_mldsa_use_hint_32_avx2_hints_done__0
+        mov	%r10, %r12
+        shlq	%cl, %r12
+        orq	%r12, %r11
+        inc	%r8b
+        mov	(%rdx,%r8,1), %r9b
+        jmp	L_mldsa_use_hint_32_avx2_hints_next__0
+L_mldsa_use_hint_32_avx2_hints_done__0:
+        movd	%r11d, %xmm6
+        shr	$8, %r11
+        movd	%r11d, %xmm7
+        vpbroadcastd	%xmm6, %ymm6
+        vpbroadcastd	%xmm7, %ymm7
+        vpsllvd	%ymm13, %ymm6, %ymm6
+        vpsllvd	%ymm13, %ymm7, %ymm7
+        vpsrad	$31, %ymm6, %ymm6
+        vpsrad	$31, %ymm7, %ymm7
+        vpsrld	$31, %ymm2, %ymm2
+        vpsrld	$31, %ymm3, %ymm3
+        vpslld	$0x01, %ymm2, %ymm2
+        vpslld	$0x01, %ymm3, %ymm3
+        vpsubd	%ymm2, %ymm14, %ymm2
+        vpsubd	%ymm3, %ymm14, %ymm3
+        vpand	%ymm6, %ymm2, %ymm2
+        vpand	%ymm7, %ymm3, %ymm3
+        vpaddd	%ymm2, %ymm4, %ymm4
+        vpaddd	%ymm3, %ymm5, %ymm5
+        vpand	%ymm12, %ymm4, %ymm4
+        vpand	%ymm12, %ymm5, %ymm5
+        vmovdqu	%ymm4, (%rdi)
+        vmovdqu	%ymm5, 32(%rdi)
+        vmovdqu	64(%rdi), %ymm0
+        vmovdqu	96(%rdi), %ymm1
+        vpsrad	$31, %ymm0, %ymm2
+        vpsrad	$31, %ymm1, %ymm3
+        vpand	%ymm8, %ymm2, %ymm2
+        vpand	%ymm8, %ymm3, %ymm3
+        vpaddd	%ymm2, %ymm0, %ymm0
+        vpaddd	%ymm3, %ymm1, %ymm1
+        vpaddd	%ymm11, %ymm0, %ymm4
+        vpaddd	%ymm11, %ymm1, %ymm5
+        vpsrld	$19, %ymm4, %ymm4
+        vpsrld	$19, %ymm5, %ymm5
+        vpmulld	%ymm10, %ymm4, %ymm2
+        vpmulld	%ymm10, %ymm5, %ymm3
+        vpsubd	%ymm2, %ymm0, %ymm2
+        vpsubd	%ymm3, %ymm1, %ymm3
+        vpsubd	%ymm2, %ymm9, %ymm2
+        vpsubd	%ymm3, %ymm9, %ymm3
+        vpsrld	$31, %ymm2, %ymm2
+        vpsrld	$31, %ymm3, %ymm3
+        vpaddd	%ymm2, %ymm4, %ymm4
+        vpaddd	%ymm3, %ymm5, %ymm5
+        vpmulld	%ymm10, %ymm4, %ymm2
+        vpmulld	%ymm10, %ymm5, %ymm3
+        vpsubd	%ymm2, %ymm0, %ymm2
+        vpsubd	%ymm3, %ymm1, %ymm3
+        vpsrld	$4, %ymm4, %ymm0
+        vpsrld	$4, %ymm5, %ymm1
+        vpsubd	%ymm0, %ymm2, %ymm2
+        vpsubd	%ymm1, %ymm3, %ymm3
+        vpand	%ymm12, %ymm4, %ymm4
+        vpand	%ymm12, %ymm5, %ymm5
+        movq	$0x01, %r10
+        xorq	%r11, %r11
+        xorq	%rcx, %rcx
+L_mldsa_use_hint_32_avx2_hints_next__1:
+        cmp	%al, %r8b
+        jge	L_mldsa_use_hint_32_avx2_hints_done__1
+        mov	%r9b, %cl
+        sub	$16, %cl
+        cmpq	$16, %rcx
+        jge	L_mldsa_use_hint_32_avx2_hints_done__1
+        mov	%r10, %r12
+        shlq	%cl, %r12
+        orq	%r12, %r11
+        inc	%r8b
+        mov	(%rdx,%r8,1), %r9b
+        jmp	L_mldsa_use_hint_32_avx2_hints_next__1
+L_mldsa_use_hint_32_avx2_hints_done__1:
+        movd	%r11d, %xmm6
+        shr	$8, %r11
+        movd	%r11d, %xmm7
+        vpbroadcastd	%xmm6, %ymm6
+        vpbroadcastd	%xmm7, %ymm7
+        vpsllvd	%ymm13, %ymm6, %ymm6
+        vpsllvd	%ymm13, %ymm7, %ymm7
+        vpsrad	$31, %ymm6, %ymm6
+        vpsrad	$31, %ymm7, %ymm7
+        vpsrld	$31, %ymm2, %ymm2
+        vpsrld	$31, %ymm3, %ymm3
+        vpslld	$0x01, %ymm2, %ymm2
+        vpslld	$0x01, %ymm3, %ymm3
+        vpsubd	%ymm2, %ymm14, %ymm2
+        vpsubd	%ymm3, %ymm14, %ymm3
+        vpand	%ymm6, %ymm2, %ymm2
+        vpand	%ymm7, %ymm3, %ymm3
+        vpaddd	%ymm2, %ymm4, %ymm4
+        vpaddd	%ymm3, %ymm5, %ymm5
+        vpand	%ymm12, %ymm4, %ymm4
+        vpand	%ymm12, %ymm5, %ymm5
+        vmovdqu	%ymm4, 64(%rdi)
+        vmovdqu	%ymm5, 96(%rdi)
+        vmovdqu	128(%rdi), %ymm0
+        vmovdqu	160(%rdi), %ymm1
+        vpsrad	$31, %ymm0, %ymm2
+        vpsrad	$31, %ymm1, %ymm3
+        vpand	%ymm8, %ymm2, %ymm2
+        vpand	%ymm8, %ymm3, %ymm3
+        vpaddd	%ymm2, %ymm0, %ymm0
+        vpaddd	%ymm3, %ymm1, %ymm1
+        vpaddd	%ymm11, %ymm0, %ymm4
+        vpaddd	%ymm11, %ymm1, %ymm5
+        vpsrld	$19, %ymm4, %ymm4
+        vpsrld	$19, %ymm5, %ymm5
+        vpmulld	%ymm10, %ymm4, %ymm2
+        vpmulld	%ymm10, %ymm5, %ymm3
+        vpsubd	%ymm2, %ymm0, %ymm2
+        vpsubd	%ymm3, %ymm1, %ymm3
+        vpsubd	%ymm2, %ymm9, %ymm2
+        vpsubd	%ymm3, %ymm9, %ymm3
+        vpsrld	$31, %ymm2, %ymm2
+        vpsrld	$31, %ymm3, %ymm3
+        vpaddd	%ymm2, %ymm4, %ymm4
+        vpaddd	%ymm3, %ymm5, %ymm5
+        vpmulld	%ymm10, %ymm4, %ymm2
+        vpmulld	%ymm10, %ymm5, %ymm3
+        vpsubd	%ymm2, %ymm0, %ymm2
+        vpsubd	%ymm3, %ymm1, %ymm3
+        vpsrld	$4, %ymm4, %ymm0
+        vpsrld	$4, %ymm5, %ymm1
+        vpsubd	%ymm0, %ymm2, %ymm2
+        vpsubd	%ymm1, %ymm3, %ymm3
+        vpand	%ymm12, %ymm4, %ymm4
+        vpand	%ymm12, %ymm5, %ymm5
+        movq	$0x01, %r10
+        xorq	%r11, %r11
+        xorq	%rcx, %rcx
+L_mldsa_use_hint_32_avx2_hints_next__2:
+        cmp	%al, %r8b
+        jge	L_mldsa_use_hint_32_avx2_hints_done__2
+        mov	%r9b, %cl
+        sub	$32, %cl
+        cmpq	$16, %rcx
+        jge	L_mldsa_use_hint_32_avx2_hints_done__2
+        mov	%r10, %r12
+        shlq	%cl, %r12
+        orq	%r12, %r11
+        inc	%r8b
+        mov	(%rdx,%r8,1), %r9b
+        jmp	L_mldsa_use_hint_32_avx2_hints_next__2
+L_mldsa_use_hint_32_avx2_hints_done__2:
+        movd	%r11d, %xmm6
+        shr	$8, %r11
+        movd	%r11d, %xmm7
+        vpbroadcastd	%xmm6, %ymm6
+        vpbroadcastd	%xmm7, %ymm7
+        vpsllvd	%ymm13, %ymm6, %ymm6
+        vpsllvd	%ymm13, %ymm7, %ymm7
+        vpsrad	$31, %ymm6, %ymm6
+        vpsrad	$31, %ymm7, %ymm7
+        vpsrld	$31, %ymm2, %ymm2
+        vpsrld	$31, %ymm3, %ymm3
+        vpslld	$0x01, %ymm2, %ymm2
+        vpslld	$0x01, %ymm3, %ymm3
+        vpsubd	%ymm2, %ymm14, %ymm2
+        vpsubd	%ymm3, %ymm14, %ymm3
+        vpand	%ymm6, %ymm2, %ymm2
+        vpand	%ymm7, %ymm3, %ymm3
+        vpaddd	%ymm2, %ymm4, %ymm4
+        vpaddd	%ymm3, %ymm5, %ymm5
+        vpand	%ymm12, %ymm4, %ymm4
+        vpand	%ymm12, %ymm5, %ymm5
+        vmovdqu	%ymm4, 128(%rdi)
+        vmovdqu	%ymm5, 160(%rdi)
+        vmovdqu	192(%rdi), %ymm0
+        vmovdqu	224(%rdi), %ymm1
+        vpsrad	$31, %ymm0, %ymm2
+        vpsrad	$31, %ymm1, %ymm3
+        vpand	%ymm8, %ymm2, %ymm2
+        vpand	%ymm8, %ymm3, %ymm3
+        vpaddd	%ymm2, %ymm0, %ymm0
+        vpaddd	%ymm3, %ymm1, %ymm1
+        vpaddd	%ymm11, %ymm0, %ymm4
+        vpaddd	%ymm11, %ymm1, %ymm5
+        vpsrld	$19, %ymm4, %ymm4
+        vpsrld	$19, %ymm5, %ymm5
+        vpmulld	%ymm10, %ymm4, %ymm2
+        vpmulld	%ymm10, %ymm5, %ymm3
+        vpsubd	%ymm2, %ymm0, %ymm2
+        vpsubd	%ymm3, %ymm1, %ymm3
+        vpsubd	%ymm2, %ymm9, %ymm2
+        vpsubd	%ymm3, %ymm9, %ymm3
+        vpsrld	$31, %ymm2, %ymm2
+        vpsrld	$31, %ymm3, %ymm3
+        vpaddd	%ymm2, %ymm4, %ymm4
+        vpaddd	%ymm3, %ymm5, %ymm5
+        vpmulld	%ymm10, %ymm4, %ymm2
+        vpmulld	%ymm10, %ymm5, %ymm3
+        vpsubd	%ymm2, %ymm0, %ymm2
+        vpsubd	%ymm3, %ymm1, %ymm3
+        vpsrld	$4, %ymm4, %ymm0
+        vpsrld	$4, %ymm5, %ymm1
+        vpsubd	%ymm0, %ymm2, %ymm2
+        vpsubd	%ymm1, %ymm3, %ymm3
+        vpand	%ymm12, %ymm4, %ymm4
+        vpand	%ymm12, %ymm5, %ymm5
+        movq	$0x01, %r10
+        xorq	%r11, %r11
+        xorq	%rcx, %rcx
+L_mldsa_use_hint_32_avx2_hints_next__3:
+        cmp	%al, %r8b
+        jge	L_mldsa_use_hint_32_avx2_hints_done__3
+        mov	%r9b, %cl
+        sub	$48, %cl
+        cmpq	$16, %rcx
+        jge	L_mldsa_use_hint_32_avx2_hints_done__3
+        mov	%r10, %r12
+        shlq	%cl, %r12
+        orq	%r12, %r11
+        inc	%r8b
+        mov	(%rdx,%r8,1), %r9b
+        jmp	L_mldsa_use_hint_32_avx2_hints_next__3
+L_mldsa_use_hint_32_avx2_hints_done__3:
+        movd	%r11d, %xmm6
+        shr	$8, %r11
+        movd	%r11d, %xmm7
+        vpbroadcastd	%xmm6, %ymm6
+        vpbroadcastd	%xmm7, %ymm7
+        vpsllvd	%ymm13, %ymm6, %ymm6
+        vpsllvd	%ymm13, %ymm7, %ymm7
+        vpsrad	$31, %ymm6, %ymm6
+        vpsrad	$31, %ymm7, %ymm7
+        vpsrld	$31, %ymm2, %ymm2
+        vpsrld	$31, %ymm3, %ymm3
+        vpslld	$0x01, %ymm2, %ymm2
+        vpslld	$0x01, %ymm3, %ymm3
+        vpsubd	%ymm2, %ymm14, %ymm2
+        vpsubd	%ymm3, %ymm14, %ymm3
+        vpand	%ymm6, %ymm2, %ymm2
+        vpand	%ymm7, %ymm3, %ymm3
+        vpaddd	%ymm2, %ymm4, %ymm4
+        vpaddd	%ymm3, %ymm5, %ymm5
+        vpand	%ymm12, %ymm4, %ymm4
+        vpand	%ymm12, %ymm5, %ymm5
+        vmovdqu	%ymm4, 192(%rdi)
+        vmovdqu	%ymm5, 224(%rdi)
+        vmovdqu	256(%rdi), %ymm0
+        vmovdqu	288(%rdi), %ymm1
+        vpsrad	$31, %ymm0, %ymm2
+        vpsrad	$31, %ymm1, %ymm3
+        vpand	%ymm8, %ymm2, %ymm2
+        vpand	%ymm8, %ymm3, %ymm3
+        vpaddd	%ymm2, %ymm0, %ymm0
+        vpaddd	%ymm3, %ymm1, %ymm1
+        vpaddd	%ymm11, %ymm0, %ymm4
+        vpaddd	%ymm11, %ymm1, %ymm5
+        vpsrld	$19, %ymm4, %ymm4
+        vpsrld	$19, %ymm5, %ymm5
+        vpmulld	%ymm10, %ymm4, %ymm2
+        vpmulld	%ymm10, %ymm5, %ymm3
+        vpsubd	%ymm2, %ymm0, %ymm2
+        vpsubd	%ymm3, %ymm1, %ymm3
+        vpsubd	%ymm2, %ymm9, %ymm2
+        vpsubd	%ymm3, %ymm9, %ymm3
+        vpsrld	$31, %ymm2, %ymm2
+        vpsrld	$31, %ymm3, %ymm3
+        vpaddd	%ymm2, %ymm4, %ymm4
+        vpaddd	%ymm3, %ymm5, %ymm5
+        vpmulld	%ymm10, %ymm4, %ymm2
+        vpmulld	%ymm10, %ymm5, %ymm3
+        vpsubd	%ymm2, %ymm0, %ymm2
+        vpsubd	%ymm3, %ymm1, %ymm3
+        vpsrld	$4, %ymm4, %ymm0
+        vpsrld	$4, %ymm5, %ymm1
+        vpsubd	%ymm0, %ymm2, %ymm2
+        vpsubd	%ymm1, %ymm3, %ymm3
+        vpand	%ymm12, %ymm4, %ymm4
+        vpand	%ymm12, %ymm5, %ymm5
+        movq	$0x01, %r10
+        xorq	%r11, %r11
+        xorq	%rcx, %rcx
+L_mldsa_use_hint_32_avx2_hints_next__4:
+        cmp	%al, %r8b
+        jge	L_mldsa_use_hint_32_avx2_hints_done__4
+        mov	%r9b, %cl
+        sub	$0x40, %cl
+        cmpq	$16, %rcx
+        jge	L_mldsa_use_hint_32_avx2_hints_done__4
+        mov	%r10, %r12
+        shlq	%cl, %r12
+        orq	%r12, %r11
+        inc	%r8b
+        mov	(%rdx,%r8,1), %r9b
+        jmp	L_mldsa_use_hint_32_avx2_hints_next__4
+L_mldsa_use_hint_32_avx2_hints_done__4:
+        movd	%r11d, %xmm6
+        shr	$8, %r11
+        movd	%r11d, %xmm7
+        vpbroadcastd	%xmm6, %ymm6
+        vpbroadcastd	%xmm7, %ymm7
+        vpsllvd	%ymm13, %ymm6, %ymm6
+        vpsllvd	%ymm13, %ymm7, %ymm7
+        vpsrad	$31, %ymm6, %ymm6
+        vpsrad	$31, %ymm7, %ymm7
+        vpsrld	$31, %ymm2, %ymm2
+        vpsrld	$31, %ymm3, %ymm3
+        vpslld	$0x01, %ymm2, %ymm2
+        vpslld	$0x01, %ymm3, %ymm3
+        vpsubd	%ymm2, %ymm14, %ymm2
+        vpsubd	%ymm3, %ymm14, %ymm3
+        vpand	%ymm6, %ymm2, %ymm2
+        vpand	%ymm7, %ymm3, %ymm3
+        vpaddd	%ymm2, %ymm4, %ymm4
+        vpaddd	%ymm3, %ymm5, %ymm5
+        vpand	%ymm12, %ymm4, %ymm4
+        vpand	%ymm12, %ymm5, %ymm5
+        vmovdqu	%ymm4, 256(%rdi)
+        vmovdqu	%ymm5, 288(%rdi)
+        vmovdqu	320(%rdi), %ymm0
+        vmovdqu	352(%rdi), %ymm1
+        vpsrad	$31, %ymm0, %ymm2
+        vpsrad	$31, %ymm1, %ymm3
+        vpand	%ymm8, %ymm2, %ymm2
+        vpand	%ymm8, %ymm3, %ymm3
+        vpaddd	%ymm2, %ymm0, %ymm0
+        vpaddd	%ymm3, %ymm1, %ymm1
+        vpaddd	%ymm11, %ymm0, %ymm4
+        vpaddd	%ymm11, %ymm1, %ymm5
+        vpsrld	$19, %ymm4, %ymm4
+        vpsrld	$19, %ymm5, %ymm5
+        vpmulld	%ymm10, %ymm4, %ymm2
+        vpmulld	%ymm10, %ymm5, %ymm3
+        vpsubd	%ymm2, %ymm0, %ymm2
+        vpsubd	%ymm3, %ymm1, %ymm3
+        vpsubd	%ymm2, %ymm9, %ymm2
+        vpsubd	%ymm3, %ymm9, %ymm3
+        vpsrld	$31, %ymm2, %ymm2
+        vpsrld	$31, %ymm3, %ymm3
+        vpaddd	%ymm2, %ymm4, %ymm4
+        vpaddd	%ymm3, %ymm5, %ymm5
+        vpmulld	%ymm10, %ymm4, %ymm2
+        vpmulld	%ymm10, %ymm5, %ymm3
+        vpsubd	%ymm2, %ymm0, %ymm2
+        vpsubd	%ymm3, %ymm1, %ymm3
+        vpsrld	$4, %ymm4, %ymm0
+        vpsrld	$4, %ymm5, %ymm1
+        vpsubd	%ymm0, %ymm2, %ymm2
+        vpsubd	%ymm1, %ymm3, %ymm3
+        vpand	%ymm12, %ymm4, %ymm4
+        vpand	%ymm12, %ymm5, %ymm5
+        movq	$0x01, %r10
+        xorq	%r11, %r11
+        xorq	%rcx, %rcx
+L_mldsa_use_hint_32_avx2_hints_next__5:
+        cmp	%al, %r8b
+        jge	L_mldsa_use_hint_32_avx2_hints_done__5
+        mov	%r9b, %cl
+        sub	$0x50, %cl
+        cmpq	$16, %rcx
+        jge	L_mldsa_use_hint_32_avx2_hints_done__5
+        mov	%r10, %r12
+        shlq	%cl, %r12
+        orq	%r12, %r11
+        inc	%r8b
+        mov	(%rdx,%r8,1), %r9b
+        jmp	L_mldsa_use_hint_32_avx2_hints_next__5
+L_mldsa_use_hint_32_avx2_hints_done__5:
+        movd	%r11d, %xmm6
+        shr	$8, %r11
+        movd	%r11d, %xmm7
+        vpbroadcastd	%xmm6, %ymm6
+        vpbroadcastd	%xmm7, %ymm7
+        vpsllvd	%ymm13, %ymm6, %ymm6
+        vpsllvd	%ymm13, %ymm7, %ymm7
+        vpsrad	$31, %ymm6, %ymm6
+        vpsrad	$31, %ymm7, %ymm7
+        vpsrld	$31, %ymm2, %ymm2
+        vpsrld	$31, %ymm3, %ymm3
+        vpslld	$0x01, %ymm2, %ymm2
+        vpslld	$0x01, %ymm3, %ymm3
+        vpsubd	%ymm2, %ymm14, %ymm2
+        vpsubd	%ymm3, %ymm14, %ymm3
+        vpand	%ymm6, %ymm2, %ymm2
+        vpand	%ymm7, %ymm3, %ymm3
+        vpaddd	%ymm2, %ymm4, %ymm4
+        vpaddd	%ymm3, %ymm5, %ymm5
+        vpand	%ymm12, %ymm4, %ymm4
+        vpand	%ymm12, %ymm5, %ymm5
+        vmovdqu	%ymm4, 320(%rdi)
+        vmovdqu	%ymm5, 352(%rdi)
+        vmovdqu	384(%rdi), %ymm0
+        vmovdqu	416(%rdi), %ymm1
+        vpsrad	$31, %ymm0, %ymm2
+        vpsrad	$31, %ymm1, %ymm3
+        vpand	%ymm8, %ymm2, %ymm2
+        vpand	%ymm8, %ymm3, %ymm3
+        vpaddd	%ymm2, %ymm0, %ymm0
+        vpaddd	%ymm3, %ymm1, %ymm1
+        vpaddd	%ymm11, %ymm0, %ymm4
+        vpaddd	%ymm11, %ymm1, %ymm5
+        vpsrld	$19, %ymm4, %ymm4
+        vpsrld	$19, %ymm5, %ymm5
+        vpmulld	%ymm10, %ymm4, %ymm2
+        vpmulld	%ymm10, %ymm5, %ymm3
+        vpsubd	%ymm2, %ymm0, %ymm2
+        vpsubd	%ymm3, %ymm1, %ymm3
+        vpsubd	%ymm2, %ymm9, %ymm2
+        vpsubd	%ymm3, %ymm9, %ymm3
+        vpsrld	$31, %ymm2, %ymm2
+        vpsrld	$31, %ymm3, %ymm3
+        vpaddd	%ymm2, %ymm4, %ymm4
+        vpaddd	%ymm3, %ymm5, %ymm5
+        vpmulld	%ymm10, %ymm4, %ymm2
+        vpmulld	%ymm10, %ymm5, %ymm3
+        vpsubd	%ymm2, %ymm0, %ymm2
+        vpsubd	%ymm3, %ymm1, %ymm3
+        vpsrld	$4, %ymm4, %ymm0
+        vpsrld	$4, %ymm5, %ymm1
+        vpsubd	%ymm0, %ymm2, %ymm2
+        vpsubd	%ymm1, %ymm3, %ymm3
+        vpand	%ymm12, %ymm4, %ymm4
+        vpand	%ymm12, %ymm5, %ymm5
+        movq	$0x01, %r10
+        xorq	%r11, %r11
+        xorq	%rcx, %rcx
+L_mldsa_use_hint_32_avx2_hints_next__6:
+        cmp	%al, %r8b
+        jge	L_mldsa_use_hint_32_avx2_hints_done__6
+        mov	%r9b, %cl
+        sub	$0x60, %cl
+        cmpq	$16, %rcx
+        jge	L_mldsa_use_hint_32_avx2_hints_done__6
+        mov	%r10, %r12
+        shlq	%cl, %r12
+        orq	%r12, %r11
+        inc	%r8b
+        mov	(%rdx,%r8,1), %r9b
+        jmp	L_mldsa_use_hint_32_avx2_hints_next__6
+L_mldsa_use_hint_32_avx2_hints_done__6:
+        movd	%r11d, %xmm6
+        shr	$8, %r11
+        movd	%r11d, %xmm7
+        vpbroadcastd	%xmm6, %ymm6
+        vpbroadcastd	%xmm7, %ymm7
+        vpsllvd	%ymm13, %ymm6, %ymm6
+        vpsllvd	%ymm13, %ymm7, %ymm7
+        vpsrad	$31, %ymm6, %ymm6
+        vpsrad	$31, %ymm7, %ymm7
+        vpsrld	$31, %ymm2, %ymm2
+        vpsrld	$31, %ymm3, %ymm3
+        vpslld	$0x01, %ymm2, %ymm2
+        vpslld	$0x01, %ymm3, %ymm3
+        vpsubd	%ymm2, %ymm14, %ymm2
+        vpsubd	%ymm3, %ymm14, %ymm3
+        vpand	%ymm6, %ymm2, %ymm2
+        vpand	%ymm7, %ymm3, %ymm3
+        vpaddd	%ymm2, %ymm4, %ymm4
+        vpaddd	%ymm3, %ymm5, %ymm5
+        vpand	%ymm12, %ymm4, %ymm4
+        vpand	%ymm12, %ymm5, %ymm5
+        vmovdqu	%ymm4, 384(%rdi)
+        vmovdqu	%ymm5, 416(%rdi)
+        vmovdqu	448(%rdi), %ymm0
+        vmovdqu	480(%rdi), %ymm1
+        vpsrad	$31, %ymm0, %ymm2
+        vpsrad	$31, %ymm1, %ymm3
+        vpand	%ymm8, %ymm2, %ymm2
+        vpand	%ymm8, %ymm3, %ymm3
+        vpaddd	%ymm2, %ymm0, %ymm0
+        vpaddd	%ymm3, %ymm1, %ymm1
+        vpaddd	%ymm11, %ymm0, %ymm4
+        vpaddd	%ymm11, %ymm1, %ymm5
+        vpsrld	$19, %ymm4, %ymm4
+        vpsrld	$19, %ymm5, %ymm5
+        vpmulld	%ymm10, %ymm4, %ymm2
+        vpmulld	%ymm10, %ymm5, %ymm3
+        vpsubd	%ymm2, %ymm0, %ymm2
+        vpsubd	%ymm3, %ymm1, %ymm3
+        vpsubd	%ymm2, %ymm9, %ymm2
+        vpsubd	%ymm3, %ymm9, %ymm3
+        vpsrld	$31, %ymm2, %ymm2
+        vpsrld	$31, %ymm3, %ymm3
+        vpaddd	%ymm2, %ymm4, %ymm4
+        vpaddd	%ymm3, %ymm5, %ymm5
+        vpmulld	%ymm10, %ymm4, %ymm2
+        vpmulld	%ymm10, %ymm5, %ymm3
+        vpsubd	%ymm2, %ymm0, %ymm2
+        vpsubd	%ymm3, %ymm1, %ymm3
+        vpsrld	$4, %ymm4, %ymm0
+        vpsrld	$4, %ymm5, %ymm1
+        vpsubd	%ymm0, %ymm2, %ymm2
+        vpsubd	%ymm1, %ymm3, %ymm3
+        vpand	%ymm12, %ymm4, %ymm4
+        vpand	%ymm12, %ymm5, %ymm5
+        movq	$0x01, %r10
+        xorq	%r11, %r11
+        xorq	%rcx, %rcx
+L_mldsa_use_hint_32_avx2_hints_next__7:
+        cmp	%al, %r8b
+        jge	L_mldsa_use_hint_32_avx2_hints_done__7
+        mov	%r9b, %cl
+        sub	$0x70, %cl
+        cmpq	$16, %rcx
+        jge	L_mldsa_use_hint_32_avx2_hints_done__7
+        mov	%r10, %r12
+        shlq	%cl, %r12
+        orq	%r12, %r11
+        inc	%r8b
+        mov	(%rdx,%r8,1), %r9b
+        jmp	L_mldsa_use_hint_32_avx2_hints_next__7
+L_mldsa_use_hint_32_avx2_hints_done__7:
+        movd	%r11d, %xmm6
+        shr	$8, %r11
+        movd	%r11d, %xmm7
+        vpbroadcastd	%xmm6, %ymm6
+        vpbroadcastd	%xmm7, %ymm7
+        vpsllvd	%ymm13, %ymm6, %ymm6
+        vpsllvd	%ymm13, %ymm7, %ymm7
+        vpsrad	$31, %ymm6, %ymm6
+        vpsrad	$31, %ymm7, %ymm7
+        vpsrld	$31, %ymm2, %ymm2
+        vpsrld	$31, %ymm3, %ymm3
+        vpslld	$0x01, %ymm2, %ymm2
+        vpslld	$0x01, %ymm3, %ymm3
+        vpsubd	%ymm2, %ymm14, %ymm2
+        vpsubd	%ymm3, %ymm14, %ymm3
+        vpand	%ymm6, %ymm2, %ymm2
+        vpand	%ymm7, %ymm3, %ymm3
+        vpaddd	%ymm2, %ymm4, %ymm4
+        vpaddd	%ymm3, %ymm5, %ymm5
+        vpand	%ymm12, %ymm4, %ymm4
+        vpand	%ymm12, %ymm5, %ymm5
+        vmovdqu	%ymm4, 448(%rdi)
+        vmovdqu	%ymm5, 480(%rdi)
+        vmovdqu	512(%rdi), %ymm0
+        vmovdqu	544(%rdi), %ymm1
+        vpsrad	$31, %ymm0, %ymm2
+        vpsrad	$31, %ymm1, %ymm3
+        vpand	%ymm8, %ymm2, %ymm2
+        vpand	%ymm8, %ymm3, %ymm3
+        vpaddd	%ymm2, %ymm0, %ymm0
+        vpaddd	%ymm3, %ymm1, %ymm1
+        vpaddd	%ymm11, %ymm0, %ymm4
+        vpaddd	%ymm11, %ymm1, %ymm5
+        vpsrld	$19, %ymm4, %ymm4
+        vpsrld	$19, %ymm5, %ymm5
+        vpmulld	%ymm10, %ymm4, %ymm2
+        vpmulld	%ymm10, %ymm5, %ymm3
+        vpsubd	%ymm2, %ymm0, %ymm2
+        vpsubd	%ymm3, %ymm1, %ymm3
+        vpsubd	%ymm2, %ymm9, %ymm2
+        vpsubd	%ymm3, %ymm9, %ymm3
+        vpsrld	$31, %ymm2, %ymm2
+        vpsrld	$31, %ymm3, %ymm3
+        vpaddd	%ymm2, %ymm4, %ymm4
+        vpaddd	%ymm3, %ymm5, %ymm5
+        vpmulld	%ymm10, %ymm4, %ymm2
+        vpmulld	%ymm10, %ymm5, %ymm3
+        vpsubd	%ymm2, %ymm0, %ymm2
+        vpsubd	%ymm3, %ymm1, %ymm3
+        vpsrld	$4, %ymm4, %ymm0
+        vpsrld	$4, %ymm5, %ymm1
+        vpsubd	%ymm0, %ymm2, %ymm2
+        vpsubd	%ymm1, %ymm3, %ymm3
+        vpand	%ymm12, %ymm4, %ymm4
+        vpand	%ymm12, %ymm5, %ymm5
+        movq	$0x01, %r10
+        xorq	%r11, %r11
+        xorq	%rcx, %rcx
+L_mldsa_use_hint_32_avx2_hints_next__8:
+        cmp	%al, %r8b
+        jge	L_mldsa_use_hint_32_avx2_hints_done__8
+        mov	%r9b, %cl
+        sub	$0x80, %cl
+        cmpq	$16, %rcx
+        jge	L_mldsa_use_hint_32_avx2_hints_done__8
+        mov	%r10, %r12
+        shlq	%cl, %r12
+        orq	%r12, %r11
+        inc	%r8b
+        mov	(%rdx,%r8,1), %r9b
+        jmp	L_mldsa_use_hint_32_avx2_hints_next__8
+L_mldsa_use_hint_32_avx2_hints_done__8:
+        movd	%r11d, %xmm6
+        shr	$8, %r11
+        movd	%r11d, %xmm7
+        vpbroadcastd	%xmm6, %ymm6
+        vpbroadcastd	%xmm7, %ymm7
+        vpsllvd	%ymm13, %ymm6, %ymm6
+        vpsllvd	%ymm13, %ymm7, %ymm7
+        vpsrad	$31, %ymm6, %ymm6
+        vpsrad	$31, %ymm7, %ymm7
+        vpsrld	$31, %ymm2, %ymm2
+        vpsrld	$31, %ymm3, %ymm3
+        vpslld	$0x01, %ymm2, %ymm2
+        vpslld	$0x01, %ymm3, %ymm3
+        vpsubd	%ymm2, %ymm14, %ymm2
+        vpsubd	%ymm3, %ymm14, %ymm3
+        vpand	%ymm6, %ymm2, %ymm2
+        vpand	%ymm7, %ymm3, %ymm3
+        vpaddd	%ymm2, %ymm4, %ymm4
+        vpaddd	%ymm3, %ymm5, %ymm5
+        vpand	%ymm12, %ymm4, %ymm4
+        vpand	%ymm12, %ymm5, %ymm5
+        vmovdqu	%ymm4, 512(%rdi)
+        vmovdqu	%ymm5, 544(%rdi)
+        vmovdqu	576(%rdi), %ymm0
+        vmovdqu	608(%rdi), %ymm1
+        vpsrad	$31, %ymm0, %ymm2
+        vpsrad	$31, %ymm1, %ymm3
+        vpand	%ymm8, %ymm2, %ymm2
+        vpand	%ymm8, %ymm3, %ymm3
+        vpaddd	%ymm2, %ymm0, %ymm0
+        vpaddd	%ymm3, %ymm1, %ymm1
+        vpaddd	%ymm11, %ymm0, %ymm4
+        vpaddd	%ymm11, %ymm1, %ymm5
+        vpsrld	$19, %ymm4, %ymm4
+        vpsrld	$19, %ymm5, %ymm5
+        vpmulld	%ymm10, %ymm4, %ymm2
+        vpmulld	%ymm10, %ymm5, %ymm3
+        vpsubd	%ymm2, %ymm0, %ymm2
+        vpsubd	%ymm3, %ymm1, %ymm3
+        vpsubd	%ymm2, %ymm9, %ymm2
+        vpsubd	%ymm3, %ymm9, %ymm3
+        vpsrld	$31, %ymm2, %ymm2
+        vpsrld	$31, %ymm3, %ymm3
+        vpaddd	%ymm2, %ymm4, %ymm4
+        vpaddd	%ymm3, %ymm5, %ymm5
+        vpmulld	%ymm10, %ymm4, %ymm2
+        vpmulld	%ymm10, %ymm5, %ymm3
+        vpsubd	%ymm2, %ymm0, %ymm2
+        vpsubd	%ymm3, %ymm1, %ymm3
+        vpsrld	$4, %ymm4, %ymm0
+        vpsrld	$4, %ymm5, %ymm1
+        vpsubd	%ymm0, %ymm2, %ymm2
+        vpsubd	%ymm1, %ymm3, %ymm3
+        vpand	%ymm12, %ymm4, %ymm4
+        vpand	%ymm12, %ymm5, %ymm5
+        movq	$0x01, %r10
+        xorq	%r11, %r11
+        xorq	%rcx, %rcx
+L_mldsa_use_hint_32_avx2_hints_next__9:
+        cmp	%al, %r8b
+        jge	L_mldsa_use_hint_32_avx2_hints_done__9
+        mov	%r9b, %cl
+        sub	$0x90, %cl
+        cmpq	$16, %rcx
+        jge	L_mldsa_use_hint_32_avx2_hints_done__9
+        mov	%r10, %r12
+        shlq	%cl, %r12
+        orq	%r12, %r11
+        inc	%r8b
+        mov	(%rdx,%r8,1), %r9b
+        jmp	L_mldsa_use_hint_32_avx2_hints_next__9
+L_mldsa_use_hint_32_avx2_hints_done__9:
+        movd	%r11d, %xmm6
+        shr	$8, %r11
+        movd	%r11d, %xmm7
+        vpbroadcastd	%xmm6, %ymm6
+        vpbroadcastd	%xmm7, %ymm7
+        vpsllvd	%ymm13, %ymm6, %ymm6
+        vpsllvd	%ymm13, %ymm7, %ymm7
+        vpsrad	$31, %ymm6, %ymm6
+        vpsrad	$31, %ymm7, %ymm7
+        vpsrld	$31, %ymm2, %ymm2
+        vpsrld	$31, %ymm3, %ymm3
+        vpslld	$0x01, %ymm2, %ymm2
+        vpslld	$0x01, %ymm3, %ymm3
+        vpsubd	%ymm2, %ymm14, %ymm2
+        vpsubd	%ymm3, %ymm14, %ymm3
+        vpand	%ymm6, %ymm2, %ymm2
+        vpand	%ymm7, %ymm3, %ymm3
+        vpaddd	%ymm2, %ymm4, %ymm4
+        vpaddd	%ymm3, %ymm5, %ymm5
+        vpand	%ymm12, %ymm4, %ymm4
+        vpand	%ymm12, %ymm5, %ymm5
+        vmovdqu	%ymm4, 576(%rdi)
+        vmovdqu	%ymm5, 608(%rdi)
+        vmovdqu	640(%rdi), %ymm0
+        vmovdqu	672(%rdi), %ymm1
+        vpsrad	$31, %ymm0, %ymm2
+        vpsrad	$31, %ymm1, %ymm3
+        vpand	%ymm8, %ymm2, %ymm2
+        vpand	%ymm8, %ymm3, %ymm3
+        vpaddd	%ymm2, %ymm0, %ymm0
+        vpaddd	%ymm3, %ymm1, %ymm1
+        vpaddd	%ymm11, %ymm0, %ymm4
+        vpaddd	%ymm11, %ymm1, %ymm5
+        vpsrld	$19, %ymm4, %ymm4
+        vpsrld	$19, %ymm5, %ymm5
+        vpmulld	%ymm10, %ymm4, %ymm2
+        vpmulld	%ymm10, %ymm5, %ymm3
+        vpsubd	%ymm2, %ymm0, %ymm2
+        vpsubd	%ymm3, %ymm1, %ymm3
+        vpsubd	%ymm2, %ymm9, %ymm2
+        vpsubd	%ymm3, %ymm9, %ymm3
+        vpsrld	$31, %ymm2, %ymm2
+        vpsrld	$31, %ymm3, %ymm3
+        vpaddd	%ymm2, %ymm4, %ymm4
+        vpaddd	%ymm3, %ymm5, %ymm5
+        vpmulld	%ymm10, %ymm4, %ymm2
+        vpmulld	%ymm10, %ymm5, %ymm3
+        vpsubd	%ymm2, %ymm0, %ymm2
+        vpsubd	%ymm3, %ymm1, %ymm3
+        vpsrld	$4, %ymm4, %ymm0
+        vpsrld	$4, %ymm5, %ymm1
+        vpsubd	%ymm0, %ymm2, %ymm2
+        vpsubd	%ymm1, %ymm3, %ymm3
+        vpand	%ymm12, %ymm4, %ymm4
+        vpand	%ymm12, %ymm5, %ymm5
+        movq	$0x01, %r10
+        xorq	%r11, %r11
+        xorq	%rcx, %rcx
+L_mldsa_use_hint_32_avx2_hints_next__10:
+        cmp	%al, %r8b
+        jge	L_mldsa_use_hint_32_avx2_hints_done__10
+        mov	%r9b, %cl
+        sub	$0xa0, %cl
+        cmpq	$16, %rcx
+        jge	L_mldsa_use_hint_32_avx2_hints_done__10
+        mov	%r10, %r12
+        shlq	%cl, %r12
+        orq	%r12, %r11
+        inc	%r8b
+        mov	(%rdx,%r8,1), %r9b
+        jmp	L_mldsa_use_hint_32_avx2_hints_next__10
+L_mldsa_use_hint_32_avx2_hints_done__10:
+        movd	%r11d, %xmm6
+        shr	$8, %r11
+        movd	%r11d, %xmm7
+        vpbroadcastd	%xmm6, %ymm6
+        vpbroadcastd	%xmm7, %ymm7
+        vpsllvd	%ymm13, %ymm6, %ymm6
+        vpsllvd	%ymm13, %ymm7, %ymm7
+        vpsrad	$31, %ymm6, %ymm6
+        vpsrad	$31, %ymm7, %ymm7
+        vpsrld	$31, %ymm2, %ymm2
+        vpsrld	$31, %ymm3, %ymm3
+        vpslld	$0x01, %ymm2, %ymm2
+        vpslld	$0x01, %ymm3, %ymm3
+        vpsubd	%ymm2, %ymm14, %ymm2
+        vpsubd	%ymm3, %ymm14, %ymm3
+        vpand	%ymm6, %ymm2, %ymm2
+        vpand	%ymm7, %ymm3, %ymm3
+        vpaddd	%ymm2, %ymm4, %ymm4
+        vpaddd	%ymm3, %ymm5, %ymm5
+        vpand	%ymm12, %ymm4, %ymm4
+        vpand	%ymm12, %ymm5, %ymm5
+        vmovdqu	%ymm4, 640(%rdi)
+        vmovdqu	%ymm5, 672(%rdi)
+        vmovdqu	704(%rdi), %ymm0
+        vmovdqu	736(%rdi), %ymm1
+        vpsrad	$31, %ymm0, %ymm2
+        vpsrad	$31, %ymm1, %ymm3
+        vpand	%ymm8, %ymm2, %ymm2
+        vpand	%ymm8, %ymm3, %ymm3
+        vpaddd	%ymm2, %ymm0, %ymm0
+        vpaddd	%ymm3, %ymm1, %ymm1
+        vpaddd	%ymm11, %ymm0, %ymm4
+        vpaddd	%ymm11, %ymm1, %ymm5
+        vpsrld	$19, %ymm4, %ymm4
+        vpsrld	$19, %ymm5, %ymm5
+        vpmulld	%ymm10, %ymm4, %ymm2
+        vpmulld	%ymm10, %ymm5, %ymm3
+        vpsubd	%ymm2, %ymm0, %ymm2
+        vpsubd	%ymm3, %ymm1, %ymm3
+        vpsubd	%ymm2, %ymm9, %ymm2
+        vpsubd	%ymm3, %ymm9, %ymm3
+        vpsrld	$31, %ymm2, %ymm2
+        vpsrld	$31, %ymm3, %ymm3
+        vpaddd	%ymm2, %ymm4, %ymm4
+        vpaddd	%ymm3, %ymm5, %ymm5
+        vpmulld	%ymm10, %ymm4, %ymm2
+        vpmulld	%ymm10, %ymm5, %ymm3
+        vpsubd	%ymm2, %ymm0, %ymm2
+        vpsubd	%ymm3, %ymm1, %ymm3
+        vpsrld	$4, %ymm4, %ymm0
+        vpsrld	$4, %ymm5, %ymm1
+        vpsubd	%ymm0, %ymm2, %ymm2
+        vpsubd	%ymm1, %ymm3, %ymm3
+        vpand	%ymm12, %ymm4, %ymm4
+        vpand	%ymm12, %ymm5, %ymm5
+        movq	$0x01, %r10
+        xorq	%r11, %r11
+        xorq	%rcx, %rcx
+L_mldsa_use_hint_32_avx2_hints_next__11:
+        cmp	%al, %r8b
+        jge	L_mldsa_use_hint_32_avx2_hints_done__11
+        mov	%r9b, %cl
+        sub	$0xb0, %cl
+        cmpq	$16, %rcx
+        jge	L_mldsa_use_hint_32_avx2_hints_done__11
+        mov	%r10, %r12
+        shlq	%cl, %r12
+        orq	%r12, %r11
+        inc	%r8b
+        mov	(%rdx,%r8,1), %r9b
+        jmp	L_mldsa_use_hint_32_avx2_hints_next__11
+L_mldsa_use_hint_32_avx2_hints_done__11:
+        movd	%r11d, %xmm6
+        shr	$8, %r11
+        movd	%r11d, %xmm7
+        vpbroadcastd	%xmm6, %ymm6
+        vpbroadcastd	%xmm7, %ymm7
+        vpsllvd	%ymm13, %ymm6, %ymm6
+        vpsllvd	%ymm13, %ymm7, %ymm7
+        vpsrad	$31, %ymm6, %ymm6
+        vpsrad	$31, %ymm7, %ymm7
+        vpsrld	$31, %ymm2, %ymm2
+        vpsrld	$31, %ymm3, %ymm3
+        vpslld	$0x01, %ymm2, %ymm2
+        vpslld	$0x01, %ymm3, %ymm3
+        vpsubd	%ymm2, %ymm14, %ymm2
+        vpsubd	%ymm3, %ymm14, %ymm3
+        vpand	%ymm6, %ymm2, %ymm2
+        vpand	%ymm7, %ymm3, %ymm3
+        vpaddd	%ymm2, %ymm4, %ymm4
+        vpaddd	%ymm3, %ymm5, %ymm5
+        vpand	%ymm12, %ymm4, %ymm4
+        vpand	%ymm12, %ymm5, %ymm5
+        vmovdqu	%ymm4, 704(%rdi)
+        vmovdqu	%ymm5, 736(%rdi)
+        vmovdqu	768(%rdi), %ymm0
+        vmovdqu	800(%rdi), %ymm1
+        vpsrad	$31, %ymm0, %ymm2
+        vpsrad	$31, %ymm1, %ymm3
+        vpand	%ymm8, %ymm2, %ymm2
+        vpand	%ymm8, %ymm3, %ymm3
+        vpaddd	%ymm2, %ymm0, %ymm0
+        vpaddd	%ymm3, %ymm1, %ymm1
+        vpaddd	%ymm11, %ymm0, %ymm4
+        vpaddd	%ymm11, %ymm1, %ymm5
+        vpsrld	$19, %ymm4, %ymm4
+        vpsrld	$19, %ymm5, %ymm5
+        vpmulld	%ymm10, %ymm4, %ymm2
+        vpmulld	%ymm10, %ymm5, %ymm3
+        vpsubd	%ymm2, %ymm0, %ymm2
+        vpsubd	%ymm3, %ymm1, %ymm3
+        vpsubd	%ymm2, %ymm9, %ymm2
+        vpsubd	%ymm3, %ymm9, %ymm3
+        vpsrld	$31, %ymm2, %ymm2
+        vpsrld	$31, %ymm3, %ymm3
+        vpaddd	%ymm2, %ymm4, %ymm4
+        vpaddd	%ymm3, %ymm5, %ymm5
+        vpmulld	%ymm10, %ymm4, %ymm2
+        vpmulld	%ymm10, %ymm5, %ymm3
+        vpsubd	%ymm2, %ymm0, %ymm2
+        vpsubd	%ymm3, %ymm1, %ymm3
+        vpsrld	$4, %ymm4, %ymm0
+        vpsrld	$4, %ymm5, %ymm1
+        vpsubd	%ymm0, %ymm2, %ymm2
+        vpsubd	%ymm1, %ymm3, %ymm3
+        vpand	%ymm12, %ymm4, %ymm4
+        vpand	%ymm12, %ymm5, %ymm5
+        movq	$0x01, %r10
+        xorq	%r11, %r11
+        xorq	%rcx, %rcx
+L_mldsa_use_hint_32_avx2_hints_next__12:
+        cmp	%al, %r8b
+        jge	L_mldsa_use_hint_32_avx2_hints_done__12
+        mov	%r9b, %cl
+        sub	$0xc0, %cl
+        cmpq	$16, %rcx
+        jge	L_mldsa_use_hint_32_avx2_hints_done__12
+        mov	%r10, %r12
+        shlq	%cl, %r12
+        orq	%r12, %r11
+        inc	%r8b
+        mov	(%rdx,%r8,1), %r9b
+        jmp	L_mldsa_use_hint_32_avx2_hints_next__12
+L_mldsa_use_hint_32_avx2_hints_done__12:
+        movd	%r11d, %xmm6
+        shr	$8, %r11
+        movd	%r11d, %xmm7
+        vpbroadcastd	%xmm6, %ymm6
+        vpbroadcastd	%xmm7, %ymm7
+        vpsllvd	%ymm13, %ymm6, %ymm6
+        vpsllvd	%ymm13, %ymm7, %ymm7
+        vpsrad	$31, %ymm6, %ymm6
+        vpsrad	$31, %ymm7, %ymm7
+        vpsrld	$31, %ymm2, %ymm2
+        vpsrld	$31, %ymm3, %ymm3
+        vpslld	$0x01, %ymm2, %ymm2
+        vpslld	$0x01, %ymm3, %ymm3
+        vpsubd	%ymm2, %ymm14, %ymm2
+        vpsubd	%ymm3, %ymm14, %ymm3
+        vpand	%ymm6, %ymm2, %ymm2
+        vpand	%ymm7, %ymm3, %ymm3
+        vpaddd	%ymm2, %ymm4, %ymm4
+        vpaddd	%ymm3, %ymm5, %ymm5
+        vpand	%ymm12, %ymm4, %ymm4
+        vpand	%ymm12, %ymm5, %ymm5
+        vmovdqu	%ymm4, 768(%rdi)
+        vmovdqu	%ymm5, 800(%rdi)
+        vmovdqu	832(%rdi), %ymm0
+        vmovdqu	864(%rdi), %ymm1
+        vpsrad	$31, %ymm0, %ymm2
+        vpsrad	$31, %ymm1, %ymm3
+        vpand	%ymm8, %ymm2, %ymm2
+        vpand	%ymm8, %ymm3, %ymm3
+        vpaddd	%ymm2, %ymm0, %ymm0
+        vpaddd	%ymm3, %ymm1, %ymm1
+        vpaddd	%ymm11, %ymm0, %ymm4
+        vpaddd	%ymm11, %ymm1, %ymm5
+        vpsrld	$19, %ymm4, %ymm4
+        vpsrld	$19, %ymm5, %ymm5
+        vpmulld	%ymm10, %ymm4, %ymm2
+        vpmulld	%ymm10, %ymm5, %ymm3
+        vpsubd	%ymm2, %ymm0, %ymm2
+        vpsubd	%ymm3, %ymm1, %ymm3
+        vpsubd	%ymm2, %ymm9, %ymm2
+        vpsubd	%ymm3, %ymm9, %ymm3
+        vpsrld	$31, %ymm2, %ymm2
+        vpsrld	$31, %ymm3, %ymm3
+        vpaddd	%ymm2, %ymm4, %ymm4
+        vpaddd	%ymm3, %ymm5, %ymm5
+        vpmulld	%ymm10, %ymm4, %ymm2
+        vpmulld	%ymm10, %ymm5, %ymm3
+        vpsubd	%ymm2, %ymm0, %ymm2
+        vpsubd	%ymm3, %ymm1, %ymm3
+        vpsrld	$4, %ymm4, %ymm0
+        vpsrld	$4, %ymm5, %ymm1
+        vpsubd	%ymm0, %ymm2, %ymm2
+        vpsubd	%ymm1, %ymm3, %ymm3
+        vpand	%ymm12, %ymm4, %ymm4
+        vpand	%ymm12, %ymm5, %ymm5
+        movq	$0x01, %r10
+        xorq	%r11, %r11
+        xorq	%rcx, %rcx
+L_mldsa_use_hint_32_avx2_hints_next__13:
+        cmp	%al, %r8b
+        jge	L_mldsa_use_hint_32_avx2_hints_done__13
+        mov	%r9b, %cl
+        sub	$0xd0, %cl
+        cmpq	$16, %rcx
+        jge	L_mldsa_use_hint_32_avx2_hints_done__13
+        mov	%r10, %r12
+        shlq	%cl, %r12
+        orq	%r12, %r11
+        inc	%r8b
+        mov	(%rdx,%r8,1), %r9b
+        jmp	L_mldsa_use_hint_32_avx2_hints_next__13
+L_mldsa_use_hint_32_avx2_hints_done__13:
+        movd	%r11d, %xmm6
+        shr	$8, %r11
+        movd	%r11d, %xmm7
+        vpbroadcastd	%xmm6, %ymm6
+        vpbroadcastd	%xmm7, %ymm7
+        vpsllvd	%ymm13, %ymm6, %ymm6
+        vpsllvd	%ymm13, %ymm7, %ymm7
+        vpsrad	$31, %ymm6, %ymm6
+        vpsrad	$31, %ymm7, %ymm7
+        vpsrld	$31, %ymm2, %ymm2
+        vpsrld	$31, %ymm3, %ymm3
+        vpslld	$0x01, %ymm2, %ymm2
+        vpslld	$0x01, %ymm3, %ymm3
+        vpsubd	%ymm2, %ymm14, %ymm2
+        vpsubd	%ymm3, %ymm14, %ymm3
+        vpand	%ymm6, %ymm2, %ymm2
+        vpand	%ymm7, %ymm3, %ymm3
+        vpaddd	%ymm2, %ymm4, %ymm4
+        vpaddd	%ymm3, %ymm5, %ymm5
+        vpand	%ymm12, %ymm4, %ymm4
+        vpand	%ymm12, %ymm5, %ymm5
+        vmovdqu	%ymm4, 832(%rdi)
+        vmovdqu	%ymm5, 864(%rdi)
+        vmovdqu	896(%rdi), %ymm0
+        vmovdqu	928(%rdi), %ymm1
+        vpsrad	$31, %ymm0, %ymm2
+        vpsrad	$31, %ymm1, %ymm3
+        vpand	%ymm8, %ymm2, %ymm2
+        vpand	%ymm8, %ymm3, %ymm3
+        vpaddd	%ymm2, %ymm0, %ymm0
+        vpaddd	%ymm3, %ymm1, %ymm1
+        vpaddd	%ymm11, %ymm0, %ymm4
+        vpaddd	%ymm11, %ymm1, %ymm5
+        vpsrld	$19, %ymm4, %ymm4
+        vpsrld	$19, %ymm5, %ymm5
+        vpmulld	%ymm10, %ymm4, %ymm2
+        vpmulld	%ymm10, %ymm5, %ymm3
+        vpsubd	%ymm2, %ymm0, %ymm2
+        vpsubd	%ymm3, %ymm1, %ymm3
+        vpsubd	%ymm2, %ymm9, %ymm2
+        vpsubd	%ymm3, %ymm9, %ymm3
+        vpsrld	$31, %ymm2, %ymm2
+        vpsrld	$31, %ymm3, %ymm3
+        vpaddd	%ymm2, %ymm4, %ymm4
+        vpaddd	%ymm3, %ymm5, %ymm5
+        vpmulld	%ymm10, %ymm4, %ymm2
+        vpmulld	%ymm10, %ymm5, %ymm3
+        vpsubd	%ymm2, %ymm0, %ymm2
+        vpsubd	%ymm3, %ymm1, %ymm3
+        vpsrld	$4, %ymm4, %ymm0
+        vpsrld	$4, %ymm5, %ymm1
+        vpsubd	%ymm0, %ymm2, %ymm2
+        vpsubd	%ymm1, %ymm3, %ymm3
+        vpand	%ymm12, %ymm4, %ymm4
+        vpand	%ymm12, %ymm5, %ymm5
+        movq	$0x01, %r10
+        xorq	%r11, %r11
+        xorq	%rcx, %rcx
+L_mldsa_use_hint_32_avx2_hints_next__14:
+        cmp	%al, %r8b
+        jge	L_mldsa_use_hint_32_avx2_hints_done__14
+        mov	%r9b, %cl
+        sub	$0xe0, %cl
+        cmpq	$16, %rcx
+        jge	L_mldsa_use_hint_32_avx2_hints_done__14
+        mov	%r10, %r12
+        shlq	%cl, %r12
+        orq	%r12, %r11
+        inc	%r8b
+        mov	(%rdx,%r8,1), %r9b
+        jmp	L_mldsa_use_hint_32_avx2_hints_next__14
+L_mldsa_use_hint_32_avx2_hints_done__14:
+        movd	%r11d, %xmm6
+        shr	$8, %r11
+        movd	%r11d, %xmm7
+        vpbroadcastd	%xmm6, %ymm6
+        vpbroadcastd	%xmm7, %ymm7
+        vpsllvd	%ymm13, %ymm6, %ymm6
+        vpsllvd	%ymm13, %ymm7, %ymm7
+        vpsrad	$31, %ymm6, %ymm6
+        vpsrad	$31, %ymm7, %ymm7
+        vpsrld	$31, %ymm2, %ymm2
+        vpsrld	$31, %ymm3, %ymm3
+        vpslld	$0x01, %ymm2, %ymm2
+        vpslld	$0x01, %ymm3, %ymm3
+        vpsubd	%ymm2, %ymm14, %ymm2
+        vpsubd	%ymm3, %ymm14, %ymm3
+        vpand	%ymm6, %ymm2, %ymm2
+        vpand	%ymm7, %ymm3, %ymm3
+        vpaddd	%ymm2, %ymm4, %ymm4
+        vpaddd	%ymm3, %ymm5, %ymm5
+        vpand	%ymm12, %ymm4, %ymm4
+        vpand	%ymm12, %ymm5, %ymm5
+        vmovdqu	%ymm4, 896(%rdi)
+        vmovdqu	%ymm5, 928(%rdi)
+        vmovdqu	960(%rdi), %ymm0
+        vmovdqu	992(%rdi), %ymm1
+        vpsrad	$31, %ymm0, %ymm2
+        vpsrad	$31, %ymm1, %ymm3
+        vpand	%ymm8, %ymm2, %ymm2
+        vpand	%ymm8, %ymm3, %ymm3
+        vpaddd	%ymm2, %ymm0, %ymm0
+        vpaddd	%ymm3, %ymm1, %ymm1
+        vpaddd	%ymm11, %ymm0, %ymm4
+        vpaddd	%ymm11, %ymm1, %ymm5
+        vpsrld	$19, %ymm4, %ymm4
+        vpsrld	$19, %ymm5, %ymm5
+        vpmulld	%ymm10, %ymm4, %ymm2
+        vpmulld	%ymm10, %ymm5, %ymm3
+        vpsubd	%ymm2, %ymm0, %ymm2
+        vpsubd	%ymm3, %ymm1, %ymm3
+        vpsubd	%ymm2, %ymm9, %ymm2
+        vpsubd	%ymm3, %ymm9, %ymm3
+        vpsrld	$31, %ymm2, %ymm2
+        vpsrld	$31, %ymm3, %ymm3
+        vpaddd	%ymm2, %ymm4, %ymm4
+        vpaddd	%ymm3, %ymm5, %ymm5
+        vpmulld	%ymm10, %ymm4, %ymm2
+        vpmulld	%ymm10, %ymm5, %ymm3
+        vpsubd	%ymm2, %ymm0, %ymm2
+        vpsubd	%ymm3, %ymm1, %ymm3
+        vpsrld	$4, %ymm4, %ymm0
+        vpsrld	$4, %ymm5, %ymm1
+        vpsubd	%ymm0, %ymm2, %ymm2
+        vpsubd	%ymm1, %ymm3, %ymm3
+        vpand	%ymm12, %ymm4, %ymm4
+        vpand	%ymm12, %ymm5, %ymm5
+        movq	$0x01, %r10
+        xorq	%r11, %r11
+        xorq	%rcx, %rcx
+L_mldsa_use_hint_32_avx2_hints_next__15:
+        cmp	%al, %r8b
+        jge	L_mldsa_use_hint_32_avx2_hints_done__15
+        mov	%r9b, %cl
+        sub	$0xf0, %cl
+        cmpq	$16, %rcx
+        jge	L_mldsa_use_hint_32_avx2_hints_done__15
+        mov	%r10, %r12
+        shlq	%cl, %r12
+        orq	%r12, %r11
+        inc	%r8b
+        mov	(%rdx,%r8,1), %r9b
+        jmp	L_mldsa_use_hint_32_avx2_hints_next__15
+L_mldsa_use_hint_32_avx2_hints_done__15:
+        movd	%r11d, %xmm6
+        shr	$8, %r11
+        movd	%r11d, %xmm7
+        vpbroadcastd	%xmm6, %ymm6
+        vpbroadcastd	%xmm7, %ymm7
+        vpsllvd	%ymm13, %ymm6, %ymm6
+        vpsllvd	%ymm13, %ymm7, %ymm7
+        vpsrad	$31, %ymm6, %ymm6
+        vpsrad	$31, %ymm7, %ymm7
+        vpsrld	$31, %ymm2, %ymm2
+        vpsrld	$31, %ymm3, %ymm3
+        vpslld	$0x01, %ymm2, %ymm2
+        vpslld	$0x01, %ymm3, %ymm3
+        vpsubd	%ymm2, %ymm14, %ymm2
+        vpsubd	%ymm3, %ymm14, %ymm3
+        vpand	%ymm6, %ymm2, %ymm2
+        vpand	%ymm7, %ymm3, %ymm3
+        vpaddd	%ymm2, %ymm4, %ymm4
+        vpaddd	%ymm3, %ymm5, %ymm5
+        vpand	%ymm12, %ymm4, %ymm4
+        vpand	%ymm12, %ymm5, %ymm5
+        vmovdqu	%ymm4, 960(%rdi)
+        vmovdqu	%ymm5, 992(%rdi)
+        addq	$0x400, %rdi
+        sub	$0x01, %rsi
+        jne	L_mldsa_use_hint_32_avx2_start_256
+        vzeroupper
+        popq	%r13
+        popq	%r12
+        repz retq
+#ifndef __APPLE__
+.size	wc_mldsa_use_hint_32_avx2,.-wc_mldsa_use_hint_32_avx2
+#endif /* __APPLE__ */
+#ifndef __APPLE__
+.text
+.globl	wc_mldsa_vec_check_low_avx2
+.type	wc_mldsa_vec_check_low_avx2,@function
+.align	16
+wc_mldsa_vec_check_low_avx2:
+#else
+.section	__TEXT,__text
+.globl	_wc_mldsa_vec_check_low_avx2
+.p2align	4
+_wc_mldsa_vec_check_low_avx2:
+#endif /* __APPLE__ */
+        subl	$0x01, %edx
+        movd	%edx, %xmm2
+        negl	%edx
+        movd	%edx, %xmm3
+        vpbroadcastd	%xmm2, %ymm2
+        vpbroadcastd	%xmm3, %ymm3
+L_mldsa_vec_check_low_vx2_start_256:
+        vmovdqu	(%rdi), %ymm0
+        vmovdqu	32(%rdi), %ymm1
+        vpcmpgtd	%ymm2, %ymm0, %ymm4
+        vpcmpgtd	%ymm2, %ymm1, %ymm5
+        vpcmpgtd	%ymm0, %ymm3, %ymm6
+        vpcmpgtd	%ymm1, %ymm3, %ymm7
+        vpor	%ymm5, %ymm4, %ymm4
+        vpor	%ymm7, %ymm6, %ymm6
+        vpor	%ymm6, %ymm4, %ymm4
+        vpmovmskb	%ymm4, %rax
+        cmp	$0x00, %rax
+        movq	$0x00, %rax
+        jne	L_mldsa_vec_check_low_vx2_done
+        vmovdqu	64(%rdi), %ymm0
+        vmovdqu	96(%rdi), %ymm1
+        vpcmpgtd	%ymm2, %ymm0, %ymm4
+        vpcmpgtd	%ymm2, %ymm1, %ymm5
+        vpcmpgtd	%ymm0, %ymm3, %ymm6
+        vpcmpgtd	%ymm1, %ymm3, %ymm7
+        vpor	%ymm5, %ymm4, %ymm4
+        vpor	%ymm7, %ymm6, %ymm6
+        vpor	%ymm6, %ymm4, %ymm4
+        vpmovmskb	%ymm4, %rax
+        cmp	$0x00, %rax
+        movq	$0x00, %rax
+        jne	L_mldsa_vec_check_low_vx2_done
+        vmovdqu	128(%rdi), %ymm0
+        vmovdqu	160(%rdi), %ymm1
+        vpcmpgtd	%ymm2, %ymm0, %ymm4
+        vpcmpgtd	%ymm2, %ymm1, %ymm5
+        vpcmpgtd	%ymm0, %ymm3, %ymm6
+        vpcmpgtd	%ymm1, %ymm3, %ymm7
+        vpor	%ymm5, %ymm4, %ymm4
+        vpor	%ymm7, %ymm6, %ymm6
+        vpor	%ymm6, %ymm4, %ymm4
+        vpmovmskb	%ymm4, %rax
+        cmp	$0x00, %rax
+        movq	$0x00, %rax
+        jne	L_mldsa_vec_check_low_vx2_done
+        vmovdqu	192(%rdi), %ymm0
+        vmovdqu	224(%rdi), %ymm1
+        vpcmpgtd	%ymm2, %ymm0, %ymm4
+        vpcmpgtd	%ymm2, %ymm1, %ymm5
+        vpcmpgtd	%ymm0, %ymm3, %ymm6
+        vpcmpgtd	%ymm1, %ymm3, %ymm7
+        vpor	%ymm5, %ymm4, %ymm4
+        vpor	%ymm7, %ymm6, %ymm6
+        vpor	%ymm6, %ymm4, %ymm4
+        vpmovmskb	%ymm4, %rax
+        cmp	$0x00, %rax
+        movq	$0x00, %rax
+        jne	L_mldsa_vec_check_low_vx2_done
+        vmovdqu	256(%rdi), %ymm0
+        vmovdqu	288(%rdi), %ymm1
+        vpcmpgtd	%ymm2, %ymm0, %ymm4
+        vpcmpgtd	%ymm2, %ymm1, %ymm5
+        vpcmpgtd	%ymm0, %ymm3, %ymm6
+        vpcmpgtd	%ymm1, %ymm3, %ymm7
+        vpor	%ymm5, %ymm4, %ymm4
+        vpor	%ymm7, %ymm6, %ymm6
+        vpor	%ymm6, %ymm4, %ymm4
+        vpmovmskb	%ymm4, %rax
+        cmp	$0x00, %rax
+        movq	$0x00, %rax
+        jne	L_mldsa_vec_check_low_vx2_done
+        vmovdqu	320(%rdi), %ymm0
+        vmovdqu	352(%rdi), %ymm1
+        vpcmpgtd	%ymm2, %ymm0, %ymm4
+        vpcmpgtd	%ymm2, %ymm1, %ymm5
+        vpcmpgtd	%ymm0, %ymm3, %ymm6
+        vpcmpgtd	%ymm1, %ymm3, %ymm7
+        vpor	%ymm5, %ymm4, %ymm4
+        vpor	%ymm7, %ymm6, %ymm6
+        vpor	%ymm6, %ymm4, %ymm4
+        vpmovmskb	%ymm4, %rax
+        cmp	$0x00, %rax
+        movq	$0x00, %rax
+        jne	L_mldsa_vec_check_low_vx2_done
+        vmovdqu	384(%rdi), %ymm0
+        vmovdqu	416(%rdi), %ymm1
+        vpcmpgtd	%ymm2, %ymm0, %ymm4
+        vpcmpgtd	%ymm2, %ymm1, %ymm5
+        vpcmpgtd	%ymm0, %ymm3, %ymm6
+        vpcmpgtd	%ymm1, %ymm3, %ymm7
+        vpor	%ymm5, %ymm4, %ymm4
+        vpor	%ymm7, %ymm6, %ymm6
+        vpor	%ymm6, %ymm4, %ymm4
+        vpmovmskb	%ymm4, %rax
+        cmp	$0x00, %rax
+        movq	$0x00, %rax
+        jne	L_mldsa_vec_check_low_vx2_done
+        vmovdqu	448(%rdi), %ymm0
+        vmovdqu	480(%rdi), %ymm1
+        vpcmpgtd	%ymm2, %ymm0, %ymm4
+        vpcmpgtd	%ymm2, %ymm1, %ymm5
+        vpcmpgtd	%ymm0, %ymm3, %ymm6
+        vpcmpgtd	%ymm1, %ymm3, %ymm7
+        vpor	%ymm5, %ymm4, %ymm4
+        vpor	%ymm7, %ymm6, %ymm6
+        vpor	%ymm6, %ymm4, %ymm4
+        vpmovmskb	%ymm4, %rax
+        cmp	$0x00, %rax
+        movq	$0x00, %rax
+        jne	L_mldsa_vec_check_low_vx2_done
+        vmovdqu	512(%rdi), %ymm0
+        vmovdqu	544(%rdi), %ymm1
+        vpcmpgtd	%ymm2, %ymm0, %ymm4
+        vpcmpgtd	%ymm2, %ymm1, %ymm5
+        vpcmpgtd	%ymm0, %ymm3, %ymm6
+        vpcmpgtd	%ymm1, %ymm3, %ymm7
+        vpor	%ymm5, %ymm4, %ymm4
+        vpor	%ymm7, %ymm6, %ymm6
+        vpor	%ymm6, %ymm4, %ymm4
+        vpmovmskb	%ymm4, %rax
+        cmp	$0x00, %rax
+        movq	$0x00, %rax
+        jne	L_mldsa_vec_check_low_vx2_done
+        vmovdqu	576(%rdi), %ymm0
+        vmovdqu	608(%rdi), %ymm1
+        vpcmpgtd	%ymm2, %ymm0, %ymm4
+        vpcmpgtd	%ymm2, %ymm1, %ymm5
+        vpcmpgtd	%ymm0, %ymm3, %ymm6
+        vpcmpgtd	%ymm1, %ymm3, %ymm7
+        vpor	%ymm5, %ymm4, %ymm4
+        vpor	%ymm7, %ymm6, %ymm6
+        vpor	%ymm6, %ymm4, %ymm4
+        vpmovmskb	%ymm4, %rax
+        cmp	$0x00, %rax
+        movq	$0x00, %rax
+        jne	L_mldsa_vec_check_low_vx2_done
+        vmovdqu	640(%rdi), %ymm0
+        vmovdqu	672(%rdi), %ymm1
+        vpcmpgtd	%ymm2, %ymm0, %ymm4
+        vpcmpgtd	%ymm2, %ymm1, %ymm5
+        vpcmpgtd	%ymm0, %ymm3, %ymm6
+        vpcmpgtd	%ymm1, %ymm3, %ymm7
+        vpor	%ymm5, %ymm4, %ymm4
+        vpor	%ymm7, %ymm6, %ymm6
+        vpor	%ymm6, %ymm4, %ymm4
+        vpmovmskb	%ymm4, %rax
+        cmp	$0x00, %rax
+        movq	$0x00, %rax
+        jne	L_mldsa_vec_check_low_vx2_done
+        vmovdqu	704(%rdi), %ymm0
+        vmovdqu	736(%rdi), %ymm1
+        vpcmpgtd	%ymm2, %ymm0, %ymm4
+        vpcmpgtd	%ymm2, %ymm1, %ymm5
+        vpcmpgtd	%ymm0, %ymm3, %ymm6
+        vpcmpgtd	%ymm1, %ymm3, %ymm7
+        vpor	%ymm5, %ymm4, %ymm4
+        vpor	%ymm7, %ymm6, %ymm6
+        vpor	%ymm6, %ymm4, %ymm4
+        vpmovmskb	%ymm4, %rax
+        cmp	$0x00, %rax
+        movq	$0x00, %rax
+        jne	L_mldsa_vec_check_low_vx2_done
+        vmovdqu	768(%rdi), %ymm0
+        vmovdqu	800(%rdi), %ymm1
+        vpcmpgtd	%ymm2, %ymm0, %ymm4
+        vpcmpgtd	%ymm2, %ymm1, %ymm5
+        vpcmpgtd	%ymm0, %ymm3, %ymm6
+        vpcmpgtd	%ymm1, %ymm3, %ymm7
+        vpor	%ymm5, %ymm4, %ymm4
+        vpor	%ymm7, %ymm6, %ymm6
+        vpor	%ymm6, %ymm4, %ymm4
+        vpmovmskb	%ymm4, %rax
+        cmp	$0x00, %rax
+        movq	$0x00, %rax
+        jne	L_mldsa_vec_check_low_vx2_done
+        vmovdqu	832(%rdi), %ymm0
+        vmovdqu	864(%rdi), %ymm1
+        vpcmpgtd	%ymm2, %ymm0, %ymm4
+        vpcmpgtd	%ymm2, %ymm1, %ymm5
+        vpcmpgtd	%ymm0, %ymm3, %ymm6
+        vpcmpgtd	%ymm1, %ymm3, %ymm7
+        vpor	%ymm5, %ymm4, %ymm4
+        vpor	%ymm7, %ymm6, %ymm6
+        vpor	%ymm6, %ymm4, %ymm4
+        vpmovmskb	%ymm4, %rax
+        cmp	$0x00, %rax
+        movq	$0x00, %rax
+        jne	L_mldsa_vec_check_low_vx2_done
+        vmovdqu	896(%rdi), %ymm0
+        vmovdqu	928(%rdi), %ymm1
+        vpcmpgtd	%ymm2, %ymm0, %ymm4
+        vpcmpgtd	%ymm2, %ymm1, %ymm5
+        vpcmpgtd	%ymm0, %ymm3, %ymm6
+        vpcmpgtd	%ymm1, %ymm3, %ymm7
+        vpor	%ymm5, %ymm4, %ymm4
+        vpor	%ymm7, %ymm6, %ymm6
+        vpor	%ymm6, %ymm4, %ymm4
+        vpmovmskb	%ymm4, %rax
+        cmp	$0x00, %rax
+        movq	$0x00, %rax
+        jne	L_mldsa_vec_check_low_vx2_done
+        vmovdqu	960(%rdi), %ymm0
+        vmovdqu	992(%rdi), %ymm1
+        vpcmpgtd	%ymm2, %ymm0, %ymm4
+        vpcmpgtd	%ymm2, %ymm1, %ymm5
+        vpcmpgtd	%ymm0, %ymm3, %ymm6
+        vpcmpgtd	%ymm1, %ymm3, %ymm7
+        vpor	%ymm5, %ymm4, %ymm4
+        vpor	%ymm7, %ymm6, %ymm6
+        vpor	%ymm6, %ymm4, %ymm4
+        vpmovmskb	%ymm4, %rax
+        cmp	$0x00, %rax
+        movq	$0x00, %rax
+        jne	L_mldsa_vec_check_low_vx2_done
+        addq	$0x400, %rdi
+        sub	$0x01, %rsi
+        jne	L_mldsa_vec_check_low_vx2_start_256
+        movq	$0x01, %rax
+L_mldsa_vec_check_low_vx2_done:
+        vzeroupper
+        repz retq
+#ifndef __APPLE__
+.size	wc_mldsa_vec_check_low_avx2,.-wc_mldsa_vec_check_low_avx2
+#endif /* __APPLE__ */
+#ifndef __APPLE__
+.text
+.globl	wc_mldsa_poly_add_avx2
+.type	wc_mldsa_poly_add_avx2,@function
+.align	16
+wc_mldsa_poly_add_avx2:
+#else
+.section	__TEXT,__text
+.globl	_wc_mldsa_poly_add_avx2
+.p2align	4
+_wc_mldsa_poly_add_avx2:
+#endif /* __APPLE__ */
+        vmovdqu	(%rdi), %ymm0
+        vmovdqu	32(%rdi), %ymm1
+        vmovdqu	64(%rdi), %ymm2
+        vmovdqu	96(%rdi), %ymm3
+        vmovdqu	128(%rdi), %ymm4
+        vmovdqu	160(%rdi), %ymm5
+        vmovdqu	192(%rdi), %ymm6
+        vmovdqu	224(%rdi), %ymm7
+        vmovdqu	(%rsi), %ymm8
+        vmovdqu	32(%rsi), %ymm9
+        vmovdqu	64(%rsi), %ymm10
+        vmovdqu	96(%rsi), %ymm11
+        vmovdqu	128(%rsi), %ymm12
+        vmovdqu	160(%rsi), %ymm13
+        vmovdqu	192(%rsi), %ymm14
+        vmovdqu	224(%rsi), %ymm15
+        vpaddd	%ymm8, %ymm0, %ymm0
+        vpaddd	%ymm9, %ymm1, %ymm1
+        vpaddd	%ymm10, %ymm2, %ymm2
+        vpaddd	%ymm11, %ymm3, %ymm3
+        vpaddd	%ymm12, %ymm4, %ymm4
+        vpaddd	%ymm13, %ymm5, %ymm5
+        vpaddd	%ymm14, %ymm6, %ymm6
+        vpaddd	%ymm15, %ymm7, %ymm7
+        vmovdqu	%ymm0, (%rdi)
+        vmovdqu	%ymm1, 32(%rdi)
+        vmovdqu	%ymm2, 64(%rdi)
+        vmovdqu	%ymm3, 96(%rdi)
+        vmovdqu	%ymm4, 128(%rdi)
+        vmovdqu	%ymm5, 160(%rdi)
+        vmovdqu	%ymm6, 192(%rdi)
+        vmovdqu	%ymm7, 224(%rdi)
+        vmovdqu	256(%rdi), %ymm0
+        vmovdqu	288(%rdi), %ymm1
+        vmovdqu	320(%rdi), %ymm2
+        vmovdqu	352(%rdi), %ymm3
+        vmovdqu	384(%rdi), %ymm4
+        vmovdqu	416(%rdi), %ymm5
+        vmovdqu	448(%rdi), %ymm6
+        vmovdqu	480(%rdi), %ymm7
+        vmovdqu	256(%rsi), %ymm8
+        vmovdqu	288(%rsi), %ymm9
+        vmovdqu	320(%rsi), %ymm10
+        vmovdqu	352(%rsi), %ymm11
+        vmovdqu	384(%rsi), %ymm12
+        vmovdqu	416(%rsi), %ymm13
+        vmovdqu	448(%rsi), %ymm14
+        vmovdqu	480(%rsi), %ymm15
+        vpaddd	%ymm8, %ymm0, %ymm0
+        vpaddd	%ymm9, %ymm1, %ymm1
+        vpaddd	%ymm10, %ymm2, %ymm2
+        vpaddd	%ymm11, %ymm3, %ymm3
+        vpaddd	%ymm12, %ymm4, %ymm4
+        vpaddd	%ymm13, %ymm5, %ymm5
+        vpaddd	%ymm14, %ymm6, %ymm6
+        vpaddd	%ymm15, %ymm7, %ymm7
+        vmovdqu	%ymm0, 256(%rdi)
+        vmovdqu	%ymm1, 288(%rdi)
+        vmovdqu	%ymm2, 320(%rdi)
+        vmovdqu	%ymm3, 352(%rdi)
+        vmovdqu	%ymm4, 384(%rdi)
+        vmovdqu	%ymm5, 416(%rdi)
+        vmovdqu	%ymm6, 448(%rdi)
+        vmovdqu	%ymm7, 480(%rdi)
+        vmovdqu	512(%rdi), %ymm0
+        vmovdqu	544(%rdi), %ymm1
+        vmovdqu	576(%rdi), %ymm2
+        vmovdqu	608(%rdi), %ymm3
+        vmovdqu	640(%rdi), %ymm4
+        vmovdqu	672(%rdi), %ymm5
+        vmovdqu	704(%rdi), %ymm6
+        vmovdqu	736(%rdi), %ymm7
+        vmovdqu	512(%rsi), %ymm8
+        vmovdqu	544(%rsi), %ymm9
+        vmovdqu	576(%rsi), %ymm10
+        vmovdqu	608(%rsi), %ymm11
+        vmovdqu	640(%rsi), %ymm12
+        vmovdqu	672(%rsi), %ymm13
+        vmovdqu	704(%rsi), %ymm14
+        vmovdqu	736(%rsi), %ymm15
+        vpaddd	%ymm8, %ymm0, %ymm0
+        vpaddd	%ymm9, %ymm1, %ymm1
+        vpaddd	%ymm10, %ymm2, %ymm2
+        vpaddd	%ymm11, %ymm3, %ymm3
+        vpaddd	%ymm12, %ymm4, %ymm4
+        vpaddd	%ymm13, %ymm5, %ymm5
+        vpaddd	%ymm14, %ymm6, %ymm6
+        vpaddd	%ymm15, %ymm7, %ymm7
+        vmovdqu	%ymm0, 512(%rdi)
+        vmovdqu	%ymm1, 544(%rdi)
+        vmovdqu	%ymm2, 576(%rdi)
+        vmovdqu	%ymm3, 608(%rdi)
+        vmovdqu	%ymm4, 640(%rdi)
+        vmovdqu	%ymm5, 672(%rdi)
+        vmovdqu	%ymm6, 704(%rdi)
+        vmovdqu	%ymm7, 736(%rdi)
+        vmovdqu	768(%rdi), %ymm0
+        vmovdqu	800(%rdi), %ymm1
+        vmovdqu	832(%rdi), %ymm2
+        vmovdqu	864(%rdi), %ymm3
+        vmovdqu	896(%rdi), %ymm4
+        vmovdqu	928(%rdi), %ymm5
+        vmovdqu	960(%rdi), %ymm6
+        vmovdqu	992(%rdi), %ymm7
+        vmovdqu	768(%rsi), %ymm8
+        vmovdqu	800(%rsi), %ymm9
+        vmovdqu	832(%rsi), %ymm10
+        vmovdqu	864(%rsi), %ymm11
+        vmovdqu	896(%rsi), %ymm12
+        vmovdqu	928(%rsi), %ymm13
+        vmovdqu	960(%rsi), %ymm14
+        vmovdqu	992(%rsi), %ymm15
+        vpaddd	%ymm8, %ymm0, %ymm0
+        vpaddd	%ymm9, %ymm1, %ymm1
+        vpaddd	%ymm10, %ymm2, %ymm2
+        vpaddd	%ymm11, %ymm3, %ymm3
+        vpaddd	%ymm12, %ymm4, %ymm4
+        vpaddd	%ymm13, %ymm5, %ymm5
+        vpaddd	%ymm14, %ymm6, %ymm6
+        vpaddd	%ymm15, %ymm7, %ymm7
+        vmovdqu	%ymm0, 768(%rdi)
+        vmovdqu	%ymm1, 800(%rdi)
+        vmovdqu	%ymm2, 832(%rdi)
+        vmovdqu	%ymm3, 864(%rdi)
+        vmovdqu	%ymm4, 896(%rdi)
+        vmovdqu	%ymm5, 928(%rdi)
+        vmovdqu	%ymm6, 960(%rdi)
+        vmovdqu	%ymm7, 992(%rdi)
+        repz retq
+#ifndef __APPLE__
+.size	wc_mldsa_poly_add_avx2,.-wc_mldsa_poly_add_avx2
+#endif /* __APPLE__ */
+#ifndef __APPLE__
+.text
+.globl	wc_mldsa_poly_sub_avx2
+.type	wc_mldsa_poly_sub_avx2,@function
+.align	16
+wc_mldsa_poly_sub_avx2:
+#else
+.section	__TEXT,__text
+.globl	_wc_mldsa_poly_sub_avx2
+.p2align	4
+_wc_mldsa_poly_sub_avx2:
+#endif /* __APPLE__ */
+        vmovdqu	(%rdi), %ymm0
+        vmovdqu	32(%rdi), %ymm1
+        vmovdqu	64(%rdi), %ymm2
+        vmovdqu	96(%rdi), %ymm3
+        vmovdqu	128(%rdi), %ymm4
+        vmovdqu	160(%rdi), %ymm5
+        vmovdqu	192(%rdi), %ymm6
+        vmovdqu	224(%rdi), %ymm7
+        vmovdqu	(%rsi), %ymm8
+        vmovdqu	32(%rsi), %ymm9
+        vmovdqu	64(%rsi), %ymm10
+        vmovdqu	96(%rsi), %ymm11
+        vmovdqu	128(%rsi), %ymm12
+        vmovdqu	160(%rsi), %ymm13
+        vmovdqu	192(%rsi), %ymm14
+        vmovdqu	224(%rsi), %ymm15
+        vpsubd	%ymm8, %ymm0, %ymm0
+        vpsubd	%ymm9, %ymm1, %ymm1
+        vpsubd	%ymm10, %ymm2, %ymm2
+        vpsubd	%ymm11, %ymm3, %ymm3
+        vpsubd	%ymm12, %ymm4, %ymm4
+        vpsubd	%ymm13, %ymm5, %ymm5
+        vpsubd	%ymm14, %ymm6, %ymm6
+        vpsubd	%ymm15, %ymm7, %ymm7
+        vmovdqu	%ymm0, (%rdi)
+        vmovdqu	%ymm1, 32(%rdi)
+        vmovdqu	%ymm2, 64(%rdi)
+        vmovdqu	%ymm3, 96(%rdi)
+        vmovdqu	%ymm4, 128(%rdi)
+        vmovdqu	%ymm5, 160(%rdi)
+        vmovdqu	%ymm6, 192(%rdi)
+        vmovdqu	%ymm7, 224(%rdi)
+        vmovdqu	256(%rdi), %ymm0
+        vmovdqu	288(%rdi), %ymm1
+        vmovdqu	320(%rdi), %ymm2
+        vmovdqu	352(%rdi), %ymm3
+        vmovdqu	384(%rdi), %ymm4
+        vmovdqu	416(%rdi), %ymm5
+        vmovdqu	448(%rdi), %ymm6
+        vmovdqu	480(%rdi), %ymm7
+        vmovdqu	256(%rsi), %ymm8
+        vmovdqu	288(%rsi), %ymm9
+        vmovdqu	320(%rsi), %ymm10
+        vmovdqu	352(%rsi), %ymm11
+        vmovdqu	384(%rsi), %ymm12
+        vmovdqu	416(%rsi), %ymm13
+        vmovdqu	448(%rsi), %ymm14
+        vmovdqu	480(%rsi), %ymm15
+        vpsubd	%ymm8, %ymm0, %ymm0
+        vpsubd	%ymm9, %ymm1, %ymm1
+        vpsubd	%ymm10, %ymm2, %ymm2
+        vpsubd	%ymm11, %ymm3, %ymm3
+        vpsubd	%ymm12, %ymm4, %ymm4
+        vpsubd	%ymm13, %ymm5, %ymm5
+        vpsubd	%ymm14, %ymm6, %ymm6
+        vpsubd	%ymm15, %ymm7, %ymm7
+        vmovdqu	%ymm0, 256(%rdi)
+        vmovdqu	%ymm1, 288(%rdi)
+        vmovdqu	%ymm2, 320(%rdi)
+        vmovdqu	%ymm3, 352(%rdi)
+        vmovdqu	%ymm4, 384(%rdi)
+        vmovdqu	%ymm5, 416(%rdi)
+        vmovdqu	%ymm6, 448(%rdi)
+        vmovdqu	%ymm7, 480(%rdi)
+        vmovdqu	512(%rdi), %ymm0
+        vmovdqu	544(%rdi), %ymm1
+        vmovdqu	576(%rdi), %ymm2
+        vmovdqu	608(%rdi), %ymm3
+        vmovdqu	640(%rdi), %ymm4
+        vmovdqu	672(%rdi), %ymm5
+        vmovdqu	704(%rdi), %ymm6
+        vmovdqu	736(%rdi), %ymm7
+        vmovdqu	512(%rsi), %ymm8
+        vmovdqu	544(%rsi), %ymm9
+        vmovdqu	576(%rsi), %ymm10
+        vmovdqu	608(%rsi), %ymm11
+        vmovdqu	640(%rsi), %ymm12
+        vmovdqu	672(%rsi), %ymm13
+        vmovdqu	704(%rsi), %ymm14
+        vmovdqu	736(%rsi), %ymm15
+        vpsubd	%ymm8, %ymm0, %ymm0
+        vpsubd	%ymm9, %ymm1, %ymm1
+        vpsubd	%ymm10, %ymm2, %ymm2
+        vpsubd	%ymm11, %ymm3, %ymm3
+        vpsubd	%ymm12, %ymm4, %ymm4
+        vpsubd	%ymm13, %ymm5, %ymm5
+        vpsubd	%ymm14, %ymm6, %ymm6
+        vpsubd	%ymm15, %ymm7, %ymm7
+        vmovdqu	%ymm0, 512(%rdi)
+        vmovdqu	%ymm1, 544(%rdi)
+        vmovdqu	%ymm2, 576(%rdi)
+        vmovdqu	%ymm3, 608(%rdi)
+        vmovdqu	%ymm4, 640(%rdi)
+        vmovdqu	%ymm5, 672(%rdi)
+        vmovdqu	%ymm6, 704(%rdi)
+        vmovdqu	%ymm7, 736(%rdi)
+        vmovdqu	768(%rdi), %ymm0
+        vmovdqu	800(%rdi), %ymm1
+        vmovdqu	832(%rdi), %ymm2
+        vmovdqu	864(%rdi), %ymm3
+        vmovdqu	896(%rdi), %ymm4
+        vmovdqu	928(%rdi), %ymm5
+        vmovdqu	960(%rdi), %ymm6
+        vmovdqu	992(%rdi), %ymm7
+        vmovdqu	768(%rsi), %ymm8
+        vmovdqu	800(%rsi), %ymm9
+        vmovdqu	832(%rsi), %ymm10
+        vmovdqu	864(%rsi), %ymm11
+        vmovdqu	896(%rsi), %ymm12
+        vmovdqu	928(%rsi), %ymm13
+        vmovdqu	960(%rsi), %ymm14
+        vmovdqu	992(%rsi), %ymm15
+        vpsubd	%ymm8, %ymm0, %ymm0
+        vpsubd	%ymm9, %ymm1, %ymm1
+        vpsubd	%ymm10, %ymm2, %ymm2
+        vpsubd	%ymm11, %ymm3, %ymm3
+        vpsubd	%ymm12, %ymm4, %ymm4
+        vpsubd	%ymm13, %ymm5, %ymm5
+        vpsubd	%ymm14, %ymm6, %ymm6
+        vpsubd	%ymm15, %ymm7, %ymm7
+        vmovdqu	%ymm0, 768(%rdi)
+        vmovdqu	%ymm1, 800(%rdi)
+        vmovdqu	%ymm2, 832(%rdi)
+        vmovdqu	%ymm3, 864(%rdi)
+        vmovdqu	%ymm4, 896(%rdi)
+        vmovdqu	%ymm5, 928(%rdi)
+        vmovdqu	%ymm6, 960(%rdi)
+        vmovdqu	%ymm7, 992(%rdi)
+        repz retq
+#ifndef __APPLE__
+.size	wc_mldsa_poly_sub_avx2,.-wc_mldsa_poly_sub_avx2
+#endif /* __APPLE__ */
+#ifndef __APPLE__
+.text
+.globl	wc_mldsa_poly_make_pos_avx2
+.type	wc_mldsa_poly_make_pos_avx2,@function
+.align	16
+wc_mldsa_poly_make_pos_avx2:
+#else
+.section	__TEXT,__text
+.globl	_wc_mldsa_poly_make_pos_avx2
+.p2align	4
+_wc_mldsa_poly_make_pos_avx2:
+#endif /* __APPLE__ */
+        vpxor	%ymm8, %ymm8, %ymm8
+        vmovdqu	mldsa_q(%rip), %ymm9
+        vmovdqu	(%rdi), %ymm0
+        vmovdqu	32(%rdi), %ymm1
+        vmovdqu	64(%rdi), %ymm2
+        vmovdqu	96(%rdi), %ymm3
+        vpcmpgtd	%ymm0, %ymm8, %ymm4
+        vpcmpgtd	%ymm1, %ymm8, %ymm5
+        vpcmpgtd	%ymm2, %ymm8, %ymm6
+        vpcmpgtd	%ymm3, %ymm8, %ymm7
+        vpand	%ymm9, %ymm4, %ymm4
+        vpand	%ymm9, %ymm5, %ymm5
+        vpand	%ymm9, %ymm6, %ymm6
+        vpand	%ymm9, %ymm7, %ymm7
+        vpaddd	%ymm4, %ymm0, %ymm0
+        vpaddd	%ymm5, %ymm1, %ymm1
+        vpaddd	%ymm6, %ymm2, %ymm2
+        vpaddd	%ymm7, %ymm3, %ymm3
+        vmovdqu	%ymm0, (%rdi)
+        vmovdqu	%ymm1, 32(%rdi)
+        vmovdqu	%ymm2, 64(%rdi)
+        vmovdqu	%ymm3, 96(%rdi)
+        vmovdqu	128(%rdi), %ymm0
+        vmovdqu	160(%rdi), %ymm1
+        vmovdqu	192(%rdi), %ymm2
+        vmovdqu	224(%rdi), %ymm3
+        vpcmpgtd	%ymm0, %ymm8, %ymm4
+        vpcmpgtd	%ymm1, %ymm8, %ymm5
+        vpcmpgtd	%ymm2, %ymm8, %ymm6
+        vpcmpgtd	%ymm3, %ymm8, %ymm7
+        vpand	%ymm9, %ymm4, %ymm4
+        vpand	%ymm9, %ymm5, %ymm5
+        vpand	%ymm9, %ymm6, %ymm6
+        vpand	%ymm9, %ymm7, %ymm7
+        vpaddd	%ymm4, %ymm0, %ymm0
+        vpaddd	%ymm5, %ymm1, %ymm1
+        vpaddd	%ymm6, %ymm2, %ymm2
+        vpaddd	%ymm7, %ymm3, %ymm3
+        vmovdqu	%ymm0, 128(%rdi)
+        vmovdqu	%ymm1, 160(%rdi)
+        vmovdqu	%ymm2, 192(%rdi)
+        vmovdqu	%ymm3, 224(%rdi)
+        vmovdqu	256(%rdi), %ymm0
+        vmovdqu	288(%rdi), %ymm1
+        vmovdqu	320(%rdi), %ymm2
+        vmovdqu	352(%rdi), %ymm3
+        vpcmpgtd	%ymm0, %ymm8, %ymm4
+        vpcmpgtd	%ymm1, %ymm8, %ymm5
+        vpcmpgtd	%ymm2, %ymm8, %ymm6
+        vpcmpgtd	%ymm3, %ymm8, %ymm7
+        vpand	%ymm9, %ymm4, %ymm4
+        vpand	%ymm9, %ymm5, %ymm5
+        vpand	%ymm9, %ymm6, %ymm6
+        vpand	%ymm9, %ymm7, %ymm7
+        vpaddd	%ymm4, %ymm0, %ymm0
+        vpaddd	%ymm5, %ymm1, %ymm1
+        vpaddd	%ymm6, %ymm2, %ymm2
+        vpaddd	%ymm7, %ymm3, %ymm3
+        vmovdqu	%ymm0, 256(%rdi)
+        vmovdqu	%ymm1, 288(%rdi)
+        vmovdqu	%ymm2, 320(%rdi)
+        vmovdqu	%ymm3, 352(%rdi)
+        vmovdqu	384(%rdi), %ymm0
+        vmovdqu	416(%rdi), %ymm1
+        vmovdqu	448(%rdi), %ymm2
+        vmovdqu	480(%rdi), %ymm3
+        vpcmpgtd	%ymm0, %ymm8, %ymm4
+        vpcmpgtd	%ymm1, %ymm8, %ymm5
+        vpcmpgtd	%ymm2, %ymm8, %ymm6
+        vpcmpgtd	%ymm3, %ymm8, %ymm7
+        vpand	%ymm9, %ymm4, %ymm4
+        vpand	%ymm9, %ymm5, %ymm5
+        vpand	%ymm9, %ymm6, %ymm6
+        vpand	%ymm9, %ymm7, %ymm7
+        vpaddd	%ymm4, %ymm0, %ymm0
+        vpaddd	%ymm5, %ymm1, %ymm1
+        vpaddd	%ymm6, %ymm2, %ymm2
+        vpaddd	%ymm7, %ymm3, %ymm3
+        vmovdqu	%ymm0, 384(%rdi)
+        vmovdqu	%ymm1, 416(%rdi)
+        vmovdqu	%ymm2, 448(%rdi)
+        vmovdqu	%ymm3, 480(%rdi)
+        vmovdqu	512(%rdi), %ymm0
+        vmovdqu	544(%rdi), %ymm1
+        vmovdqu	576(%rdi), %ymm2
+        vmovdqu	608(%rdi), %ymm3
+        vpcmpgtd	%ymm0, %ymm8, %ymm4
+        vpcmpgtd	%ymm1, %ymm8, %ymm5
+        vpcmpgtd	%ymm2, %ymm8, %ymm6
+        vpcmpgtd	%ymm3, %ymm8, %ymm7
+        vpand	%ymm9, %ymm4, %ymm4
+        vpand	%ymm9, %ymm5, %ymm5
+        vpand	%ymm9, %ymm6, %ymm6
+        vpand	%ymm9, %ymm7, %ymm7
+        vpaddd	%ymm4, %ymm0, %ymm0
+        vpaddd	%ymm5, %ymm1, %ymm1
+        vpaddd	%ymm6, %ymm2, %ymm2
+        vpaddd	%ymm7, %ymm3, %ymm3
+        vmovdqu	%ymm0, 512(%rdi)
+        vmovdqu	%ymm1, 544(%rdi)
+        vmovdqu	%ymm2, 576(%rdi)
+        vmovdqu	%ymm3, 608(%rdi)
+        vmovdqu	640(%rdi), %ymm0
+        vmovdqu	672(%rdi), %ymm1
+        vmovdqu	704(%rdi), %ymm2
+        vmovdqu	736(%rdi), %ymm3
+        vpcmpgtd	%ymm0, %ymm8, %ymm4
+        vpcmpgtd	%ymm1, %ymm8, %ymm5
+        vpcmpgtd	%ymm2, %ymm8, %ymm6
+        vpcmpgtd	%ymm3, %ymm8, %ymm7
+        vpand	%ymm9, %ymm4, %ymm4
+        vpand	%ymm9, %ymm5, %ymm5
+        vpand	%ymm9, %ymm6, %ymm6
+        vpand	%ymm9, %ymm7, %ymm7
+        vpaddd	%ymm4, %ymm0, %ymm0
+        vpaddd	%ymm5, %ymm1, %ymm1
+        vpaddd	%ymm6, %ymm2, %ymm2
+        vpaddd	%ymm7, %ymm3, %ymm3
+        vmovdqu	%ymm0, 640(%rdi)
+        vmovdqu	%ymm1, 672(%rdi)
+        vmovdqu	%ymm2, 704(%rdi)
+        vmovdqu	%ymm3, 736(%rdi)
+        vmovdqu	768(%rdi), %ymm0
+        vmovdqu	800(%rdi), %ymm1
+        vmovdqu	832(%rdi), %ymm2
+        vmovdqu	864(%rdi), %ymm3
+        vpcmpgtd	%ymm0, %ymm8, %ymm4
+        vpcmpgtd	%ymm1, %ymm8, %ymm5
+        vpcmpgtd	%ymm2, %ymm8, %ymm6
+        vpcmpgtd	%ymm3, %ymm8, %ymm7
+        vpand	%ymm9, %ymm4, %ymm4
+        vpand	%ymm9, %ymm5, %ymm5
+        vpand	%ymm9, %ymm6, %ymm6
+        vpand	%ymm9, %ymm7, %ymm7
+        vpaddd	%ymm4, %ymm0, %ymm0
+        vpaddd	%ymm5, %ymm1, %ymm1
+        vpaddd	%ymm6, %ymm2, %ymm2
+        vpaddd	%ymm7, %ymm3, %ymm3
+        vmovdqu	%ymm0, 768(%rdi)
+        vmovdqu	%ymm1, 800(%rdi)
+        vmovdqu	%ymm2, 832(%rdi)
+        vmovdqu	%ymm3, 864(%rdi)
+        vmovdqu	896(%rdi), %ymm0
+        vmovdqu	928(%rdi), %ymm1
+        vmovdqu	960(%rdi), %ymm2
+        vmovdqu	992(%rdi), %ymm3
+        vpcmpgtd	%ymm0, %ymm8, %ymm4
+        vpcmpgtd	%ymm1, %ymm8, %ymm5
+        vpcmpgtd	%ymm2, %ymm8, %ymm6
+        vpcmpgtd	%ymm3, %ymm8, %ymm7
+        vpand	%ymm9, %ymm4, %ymm4
+        vpand	%ymm9, %ymm5, %ymm5
+        vpand	%ymm9, %ymm6, %ymm6
+        vpand	%ymm9, %ymm7, %ymm7
+        vpaddd	%ymm4, %ymm0, %ymm0
+        vpaddd	%ymm5, %ymm1, %ymm1
+        vpaddd	%ymm6, %ymm2, %ymm2
+        vpaddd	%ymm7, %ymm3, %ymm3
+        vmovdqu	%ymm0, 896(%rdi)
+        vmovdqu	%ymm1, 928(%rdi)
+        vmovdqu	%ymm2, 960(%rdi)
+        vmovdqu	%ymm3, 992(%rdi)
+        repz retq
+#ifndef __APPLE__
+.size	wc_mldsa_poly_make_pos_avx2,.-wc_mldsa_poly_make_pos_avx2
+#endif /* __APPLE__ */
+#endif /* HAVE_INTEL_AVX2 */
+#endif /* WOLFSSL_WC_DILITHIUM */
+
+#if defined(__linux__) && defined(__ELF__)
+.section	.note.GNU-stack,"",%progbits
+#endif
diff --git a/wolfcrypt/src/wc_mlkem.c b/wolfcrypt/src/wc_mlkem.c
index cebdc004c..b7bc4a7c5 100644
--- a/wolfcrypt/src/wc_mlkem.c
+++ b/wolfcrypt/src/wc_mlkem.c
@@ -126,6 +126,60 @@ volatile sword16 mlkem_opt_blocker = 0;
 
 /******************************************************************************/
 
+#ifndef WC_NO_CONSTRUCTORS
+/**
+ * Create a new ML-KEM key object.
+ *
+ * Allocates and initializes a ML-KEM key object.
+ *
+ * @param  [in]   type         Type of key:
+ *                               WC_ML_KEM_512, WC_ML_KEM_768, WC_ML_KEM_1024,
+ *                               KYBER512, KYBER768, KYBER1024.
+ * @param  [in]   heap         Dynamic memory hint.
+ * @param  [in]   devId        Device Id.
+ * @return Pointer to new MlKemKey object, or NULL on failure.
+ */
+
+MlKemKey* wc_MlKemKey_New(int type, void* heap, int devId)
+{
+    int ret;
+    MlKemKey* key = (MlKemKey*)XMALLOC(sizeof(MlKemKey), heap,
+        DYNAMIC_TYPE_TMP_BUFFER);
+    if (key != NULL) {
+        ret = wc_MlKemKey_Init(key, type, heap, devId);
+        if (ret != 0) {
+            XFREE(key, heap, DYNAMIC_TYPE_TMP_BUFFER);
+            key = NULL;
+        }
+    }
+
+    return key;
+}
+
+/**
+ * Delete and free a ML-KEM key object.
+ *
+ * Frees resources associated with a ML-KEM key object and sets pointer to NULL.
+ *
+ * @param  [in]      key    ML-KEM key object to delete.
+ * @param  [in, out] key_p  Pointer to key pointer to set to NULL.
+ * @return  0 on success.
+ * @return  BAD_FUNC_ARG when key is NULL.
+ */
+
+int wc_MlKemKey_Delete(MlKemKey* key, MlKemKey** key_p)
+{
+    if (key == NULL)
+        return BAD_FUNC_ARG;
+    wc_MlKemKey_Free(key);
+    XFREE(key, key->heap, DYNAMIC_TYPE_TMP_BUFFER);
+    if (key_p != NULL)
+        *key_p = NULL;
+
+    return 0;
+}
+#endif /* !WC_NO_CONSTRUCTORS */
+
 /**
  * Initialize the Kyber key.
  *
diff --git a/wolfcrypt/src/wc_mlkem_asm.S b/wolfcrypt/src/wc_mlkem_asm.S
index 1e2e72a53..752542aaf 100644
--- a/wolfcrypt/src/wc_mlkem_asm.S
+++ b/wolfcrypt/src/wc_mlkem_asm.S
@@ -60,14 +60,14 @@
 .p2align	4
 #endif /* __APPLE__ */
 mlkem_q:
-.value	0xd01,0xd01
-.value	0xd01,0xd01
-.value	0xd01,0xd01
-.value	0xd01,0xd01
-.value	0xd01,0xd01
-.value	0xd01,0xd01
-.value	0xd01,0xd01
-.value	0xd01,0xd01
+.value	0x0d01,0x0d01
+.value	0x0d01,0x0d01
+.value	0x0d01,0x0d01
+.value	0x0d01,0x0d01
+.value	0x0d01,0x0d01
+.value	0x0d01,0x0d01
+.value	0x0d01,0x0d01
+.value	0x0d01,0x0d01
 #ifndef __APPLE__
 .data
 #else
@@ -98,14 +98,14 @@ mlkem_qinv:
 .p2align	4
 #endif /* __APPLE__ */
 mlkem_f:
-.value	0x549,0x549
-.value	0x549,0x549
-.value	0x549,0x549
-.value	0x549,0x549
-.value	0x549,0x549
-.value	0x549,0x549
-.value	0x549,0x549
-.value	0x549,0x549
+.value	0x0549,0x0549
+.value	0x0549,0x0549
+.value	0x0549,0x0549
+.value	0x0549,0x0549
+.value	0x0549,0x0549
+.value	0x0549,0x0549
+.value	0x0549,0x0549
+.value	0x0549,0x0549
 #ifndef __APPLE__
 .data
 #else
@@ -155,14 +155,14 @@ mlkem_v:
 .p2align	4
 #endif /* __APPLE__ */
 L_mlkem_avx2_zetas:
-.value	0xa0b,0xa0b
-.value	0xa0b,0xa0b
-.value	0xa0b,0xa0b
-.value	0xa0b,0xa0b
-.value	0xa0b,0xa0b
-.value	0xa0b,0xa0b
-.value	0xa0b,0xa0b
-.value	0xa0b,0xa0b
+.value	0x0a0b,0x0a0b
+.value	0x0a0b,0x0a0b
+.value	0x0a0b,0x0a0b
+.value	0x0a0b,0x0a0b
+.value	0x0a0b,0x0a0b
+.value	0x0a0b,0x0a0b
+.value	0x0a0b,0x0a0b
+.value	0x0a0b,0x0a0b
 .value	0x7b0b,0x7b0b
 .value	0x7b0b,0x7b0b
 .value	0x7b0b,0x7b0b
@@ -171,14 +171,14 @@ L_mlkem_avx2_zetas:
 .value	0x7b0b,0x7b0b
 .value	0x7b0b,0x7b0b
 .value	0x7b0b,0x7b0b
-.value	0xb9a,0xb9a
-.value	0xb9a,0xb9a
-.value	0xb9a,0xb9a
-.value	0xb9a,0xb9a
-.value	0xb9a,0xb9a
-.value	0xb9a,0xb9a
-.value	0xb9a,0xb9a
-.value	0xb9a,0xb9a
+.value	0x0b9a,0x0b9a
+.value	0x0b9a,0x0b9a
+.value	0x0b9a,0x0b9a
+.value	0x0b9a,0x0b9a
+.value	0x0b9a,0x0b9a
+.value	0x0b9a,0x0b9a
+.value	0x0b9a,0x0b9a
+.value	0x0b9a,0x0b9a
 .value	0x399a,0x399a
 .value	0x399a,0x399a
 .value	0x399a,0x399a
@@ -187,14 +187,14 @@ L_mlkem_avx2_zetas:
 .value	0x399a,0x399a
 .value	0x399a,0x399a
 .value	0x399a,0x399a
-.value	0x5d5,0x5d5
-.value	0x5d5,0x5d5
-.value	0x5d5,0x5d5
-.value	0x5d5,0x5d5
-.value	0x5d5,0x5d5
-.value	0x5d5,0x5d5
-.value	0x5d5,0x5d5
-.value	0x5d5,0x5d5
+.value	0x05d5,0x05d5
+.value	0x05d5,0x05d5
+.value	0x05d5,0x05d5
+.value	0x05d5,0x05d5
+.value	0x05d5,0x05d5
+.value	0x05d5,0x05d5
+.value	0x05d5,0x05d5
+.value	0x05d5,0x05d5
 .value	0x34d5,0x34d5
 .value	0x34d5,0x34d5
 .value	0x34d5,0x34d5
@@ -203,14 +203,14 @@ L_mlkem_avx2_zetas:
 .value	0x34d5,0x34d5
 .value	0x34d5,0x34d5
 .value	0x34d5,0x34d5
-.value	0x58e,0x58e
-.value	0x58e,0x58e
-.value	0x58e,0x58e
-.value	0x58e,0x58e
-.value	0x58e,0x58e
-.value	0x58e,0x58e
-.value	0x58e,0x58e
-.value	0x58e,0x58e
+.value	0x058e,0x058e
+.value	0x058e,0x058e
+.value	0x058e,0x058e
+.value	0x058e,0x058e
+.value	0x058e,0x058e
+.value	0x058e,0x058e
+.value	0x058e,0x058e
+.value	0x058e,0x058e
 .value	0xcf8e,0xcf8e
 .value	0xcf8e,0xcf8e
 .value	0xcf8e,0xcf8e
@@ -219,14 +219,14 @@ L_mlkem_avx2_zetas:
 .value	0xcf8e,0xcf8e
 .value	0xcf8e,0xcf8e
 .value	0xcf8e,0xcf8e
-.value	0xc56,0xc56
-.value	0xc56,0xc56
-.value	0xc56,0xc56
-.value	0xc56,0xc56
-.value	0xc56,0xc56
-.value	0xc56,0xc56
-.value	0xc56,0xc56
-.value	0xc56,0xc56
+.value	0x0c56,0x0c56
+.value	0x0c56,0x0c56
+.value	0x0c56,0x0c56
+.value	0x0c56,0x0c56
+.value	0x0c56,0x0c56
+.value	0x0c56,0x0c56
+.value	0x0c56,0x0c56
+.value	0x0c56,0x0c56
 .value	0xae56,0xae56
 .value	0xae56,0xae56
 .value	0xae56,0xae56
@@ -235,14 +235,14 @@ L_mlkem_avx2_zetas:
 .value	0xae56,0xae56
 .value	0xae56,0xae56
 .value	0xae56,0xae56
-.value	0x26e,0x26e
-.value	0x26e,0x26e
-.value	0x26e,0x26e
-.value	0x26e,0x26e
-.value	0x26e,0x26e
-.value	0x26e,0x26e
-.value	0x26e,0x26e
-.value	0x26e,0x26e
+.value	0x026e,0x026e
+.value	0x026e,0x026e
+.value	0x026e,0x026e
+.value	0x026e,0x026e
+.value	0x026e,0x026e
+.value	0x026e,0x026e
+.value	0x026e,0x026e
+.value	0x026e,0x026e
 .value	0x6c6e,0x6c6e
 .value	0x6c6e,0x6c6e
 .value	0x6c6e,0x6c6e
@@ -251,14 +251,14 @@ L_mlkem_avx2_zetas:
 .value	0x6c6e,0x6c6e
 .value	0x6c6e,0x6c6e
 .value	0x6c6e,0x6c6e
-.value	0x629,0x629
-.value	0x629,0x629
-.value	0x629,0x629
-.value	0x629,0x629
-.value	0x629,0x629
-.value	0x629,0x629
-.value	0x629,0x629
-.value	0x629,0x629
+.value	0x0629,0x0629
+.value	0x0629,0x0629
+.value	0x0629,0x0629
+.value	0x0629,0x0629
+.value	0x0629,0x0629
+.value	0x0629,0x0629
+.value	0x0629,0x0629
+.value	0x0629,0x0629
 .value	0xf129,0xf129
 .value	0xf129,0xf129
 .value	0xf129,0xf129
@@ -267,14 +267,14 @@ L_mlkem_avx2_zetas:
 .value	0xf129,0xf129
 .value	0xf129,0xf129
 .value	0xf129,0xf129
-.value	0xb6,0xb6
-.value	0xb6,0xb6
-.value	0xb6,0xb6
-.value	0xb6,0xb6
-.value	0xb6,0xb6
-.value	0xb6,0xb6
-.value	0xb6,0xb6
-.value	0xb6,0xb6
+.value	0x00b6,0x00b6
+.value	0x00b6,0x00b6
+.value	0x00b6,0x00b6
+.value	0x00b6,0x00b6
+.value	0x00b6,0x00b6
+.value	0x00b6,0x00b6
+.value	0x00b6,0x00b6
+.value	0x00b6,0x00b6
 .value	0xc2b6,0xc2b6
 .value	0xc2b6,0xc2b6
 .value	0xc2b6,0xc2b6
@@ -283,14 +283,14 @@ L_mlkem_avx2_zetas:
 .value	0xc2b6,0xc2b6
 .value	0xc2b6,0xc2b6
 .value	0xc2b6,0xc2b6
-.value	0x23d,0x23d
-.value	0x23d,0x23d
-.value	0x23d,0x23d
-.value	0x23d,0x23d
-.value	0x7d4,0x7d4
-.value	0x7d4,0x7d4
-.value	0x7d4,0x7d4
-.value	0x7d4,0x7d4
+.value	0x023d,0x023d
+.value	0x023d,0x023d
+.value	0x023d,0x023d
+.value	0x023d,0x023d
+.value	0x07d4,0x07d4
+.value	0x07d4,0x07d4
+.value	0x07d4,0x07d4
+.value	0x07d4,0x07d4
 .value	0xe93d,0xe93d
 .value	0xe93d,0xe93d
 .value	0xe93d,0xe93d
@@ -299,14 +299,14 @@ L_mlkem_avx2_zetas:
 .value	0x43d4,0x43d4
 .value	0x43d4,0x43d4
 .value	0x43d4,0x43d4
-.value	0x108,0x108
-.value	0x108,0x108
-.value	0x108,0x108
-.value	0x108,0x108
-.value	0x17f,0x17f
-.value	0x17f,0x17f
-.value	0x17f,0x17f
-.value	0x17f,0x17f
+.value	0x0108,0x0108
+.value	0x0108,0x0108
+.value	0x0108,0x0108
+.value	0x0108,0x0108
+.value	0x017f,0x017f
+.value	0x017f,0x017f
+.value	0x017f,0x017f
+.value	0x017f,0x017f
 .value	0x9908,0x9908
 .value	0x9908,0x9908
 .value	0x9908,0x9908
@@ -315,30 +315,30 @@ L_mlkem_avx2_zetas:
 .value	0x8e7f,0x8e7f
 .value	0x8e7f,0x8e7f
 .value	0x8e7f,0x8e7f
-.value	0x4c7,0x4c7
-.value	0x4c7,0x4c7
-.value	0x28c,0x28c
-.value	0x28c,0x28c
-.value	0xad9,0xad9
-.value	0xad9,0xad9
-.value	0x3f7,0x3f7
-.value	0x3f7,0x3f7
+.value	0x04c7,0x04c7
+.value	0x04c7,0x04c7
+.value	0x028c,0x028c
+.value	0x028c,0x028c
+.value	0x0ad9,0x0ad9
+.value	0x0ad9,0x0ad9
+.value	0x03f7,0x03f7
+.value	0x03f7,0x03f7
 .value	0xe9c7,0xe9c7
 .value	0xe9c7,0xe9c7
 .value	0xe68c,0xe68c
 .value	0xe68c,0xe68c
-.value	0x5d9,0x5d9
-.value	0x5d9,0x5d9
+.value	0x05d9,0x05d9
+.value	0x05d9,0x05d9
 .value	0x78f7,0x78f7
 .value	0x78f7,0x78f7
-.value	0x7f4,0x7f4
-.value	0x7f4,0x7f4
-.value	0x5d3,0x5d3
-.value	0x5d3,0x5d3
-.value	0xbe7,0xbe7
-.value	0xbe7,0xbe7
-.value	0x6f9,0x6f9
-.value	0x6f9,0x6f9
+.value	0x07f4,0x07f4
+.value	0x07f4,0x07f4
+.value	0x05d3,0x05d3
+.value	0x05d3,0x05d3
+.value	0x0be7,0x0be7
+.value	0x0be7,0x0be7
+.value	0x06f9,0x06f9
+.value	0x06f9,0x06f9
 .value	0xa3f4,0xa3f4
 .value	0xa3f4,0xa3f4
 .value	0x4ed3,0x4ed3
@@ -347,14 +347,14 @@ L_mlkem_avx2_zetas:
 .value	0x50e7,0x50e7
 .value	0x61f9,0x61f9
 .value	0x61f9,0x61f9
-.value	0x9c4,0x9c4
-.value	0x9c4,0x9c4
-.value	0x9c4,0x9c4
-.value	0x9c4,0x9c4
-.value	0x5b2,0x5b2
-.value	0x5b2,0x5b2
-.value	0x5b2,0x5b2
-.value	0x5b2,0x5b2
+.value	0x09c4,0x09c4
+.value	0x09c4,0x09c4
+.value	0x09c4,0x09c4
+.value	0x09c4,0x09c4
+.value	0x05b2,0x05b2
+.value	0x05b2,0x05b2
+.value	0x05b2,0x05b2
+.value	0x05b2,0x05b2
 .value	0x15c4,0x15c4
 .value	0x15c4,0x15c4
 .value	0x15c4,0x15c4
@@ -363,14 +363,14 @@ L_mlkem_avx2_zetas:
 .value	0xfbb2,0xfbb2
 .value	0xfbb2,0xfbb2
 .value	0xfbb2,0xfbb2
-.value	0x6bf,0x6bf
-.value	0x6bf,0x6bf
-.value	0x6bf,0x6bf
-.value	0x6bf,0x6bf
-.value	0xc7f,0xc7f
-.value	0xc7f,0xc7f
-.value	0xc7f,0xc7f
-.value	0xc7f,0xc7f
+.value	0x06bf,0x06bf
+.value	0x06bf,0x06bf
+.value	0x06bf,0x06bf
+.value	0x06bf,0x06bf
+.value	0x0c7f,0x0c7f
+.value	0x0c7f,0x0c7f
+.value	0x0c7f,0x0c7f
+.value	0x0c7f,0x0c7f
 .value	0x53bf,0x53bf
 .value	0x53bf,0x53bf
 .value	0x53bf,0x53bf
@@ -379,14 +379,14 @@ L_mlkem_avx2_zetas:
 .value	0x997f,0x997f
 .value	0x997f,0x997f
 .value	0x997f,0x997f
-.value	0x204,0x204
-.value	0x204,0x204
-.value	0xcf9,0xcf9
-.value	0xcf9,0xcf9
-.value	0xbc1,0xbc1
-.value	0xbc1,0xbc1
-.value	0xa67,0xa67
-.value	0xa67,0xa67
+.value	0x0204,0x0204
+.value	0x0204,0x0204
+.value	0x0cf9,0x0cf9
+.value	0x0cf9,0x0cf9
+.value	0x0bc1,0x0bc1
+.value	0x0bc1,0x0bc1
+.value	0x0a67,0x0a67
+.value	0x0a67,0x0a67
 .value	0xce04,0xce04
 .value	0xce04,0xce04
 .value	0x67f9,0x67f9
@@ -395,14 +395,14 @@ L_mlkem_avx2_zetas:
 .value	0x3ec1,0x3ec1
 .value	0xcf67,0xcf67
 .value	0xcf67,0xcf67
-.value	0x6af,0x6af
-.value	0x6af,0x6af
-.value	0x877,0x877
-.value	0x877,0x877
-.value	0x7e,0x7e
-.value	0x7e,0x7e
-.value	0x5bd,0x5bd
-.value	0x5bd,0x5bd
+.value	0x06af,0x06af
+.value	0x06af,0x06af
+.value	0x0877,0x0877
+.value	0x0877,0x0877
+.value	0x007e,0x007e
+.value	0x007e,0x007e
+.value	0x05bd,0x05bd
+.value	0x05bd,0x05bd
 .value	0x23af,0x23af
 .value	0x23af,0x23af
 .value	0xfd77,0xfd77
@@ -411,14 +411,14 @@ L_mlkem_avx2_zetas:
 .value	0x9a7e,0x9a7e
 .value	0x6cbd,0x6cbd
 .value	0x6cbd,0x6cbd
-.value	0x8b2,0x8b2
-.value	0x1ae,0x1ae
-.value	0x22b,0x22b
-.value	0x34b,0x34b
-.value	0x81e,0x81e
-.value	0x367,0x367
-.value	0x60e,0x60e
-.value	0x69,0x69
+.value	0x08b2,0x08b2
+.value	0x01ae,0x01ae
+.value	0x022b,0x022b
+.value	0x034b,0x034b
+.value	0x081e,0x081e
+.value	0x0367,0x0367
+.value	0x060e,0x060e
+.value	0x0069,0x0069
 .value	0xfeb2,0xfeb2
 .value	0x2bae,0x2bae
 .value	0xd32b,0xd32b
@@ -427,30 +427,30 @@ L_mlkem_avx2_zetas:
 .value	0xc867,0xc867
 .value	0x500e,0x500e
 .value	0xab69,0xab69
-.value	0x1a6,0x1a6
-.value	0x24b,0x24b
-.value	0xb1,0xb1
-.value	0xc16,0xc16
-.value	0xbde,0xbde
-.value	0xb35,0xb35
-.value	0x626,0x626
-.value	0x675,0x675
+.value	0x01a6,0x01a6
+.value	0x024b,0x024b
+.value	0x00b1,0x00b1
+.value	0x0c16,0x0c16
+.value	0x0bde,0x0bde
+.value	0x0b35,0x0b35
+.value	0x0626,0x0626
+.value	0x0675,0x0675
 .value	0x93a6,0x93a6
 .value	0x334b,0x334b
-.value	0x3b1,0x3b1
+.value	0x03b1,0x03b1
 .value	0xee16,0xee16
 .value	0xc5de,0xc5de
 .value	0x5a35,0x5a35
 .value	0x1826,0x1826
 .value	0x1575,0x1575
-.value	0xc0b,0xc0b
-.value	0x30a,0x30a
-.value	0x487,0x487
-.value	0xc6e,0xc6e
-.value	0x9f8,0x9f8
-.value	0x5cb,0x5cb
-.value	0xaa7,0xaa7
-.value	0x45f,0x45f
+.value	0x0c0b,0x0c0b
+.value	0x030a,0x030a
+.value	0x0487,0x0487
+.value	0x0c6e,0x0c6e
+.value	0x09f8,0x09f8
+.value	0x05cb,0x05cb
+.value	0x0aa7,0x0aa7
+.value	0x045f,0x045f
 .value	0x7d0b,0x7d0b
 .value	0x810a,0x810a
 .value	0x2987,0x2987
@@ -459,14 +459,14 @@ L_mlkem_avx2_zetas:
 .value	0xb6cb,0xb6cb
 .value	0x8fa7,0x8fa7
 .value	0x315f,0x315f
-.value	0x6cb,0x6cb
-.value	0x284,0x284
-.value	0x999,0x999
-.value	0x15d,0x15d
-.value	0x1a2,0x1a2
-.value	0x149,0x149
-.value	0xc65,0xc65
-.value	0xcb6,0xcb6
+.value	0x06cb,0x06cb
+.value	0x0284,0x0284
+.value	0x0999,0x0999
+.value	0x015d,0x015d
+.value	0x01a2,0x01a2
+.value	0x0149,0x0149
+.value	0x0c65,0x0c65
+.value	0x0cb6,0x0cb6
 .value	0xb7cb,0xb7cb
 .value	0x4e84,0x4e84
 .value	0x4499,0x4499
@@ -475,30 +475,30 @@ L_mlkem_avx2_zetas:
 .value	0x4c49,0x4c49
 .value	0xeb65,0xeb65
 .value	0xceb6,0xceb6
-.value	0x714,0x714
-.value	0x714,0x714
-.value	0x714,0x714
-.value	0x714,0x714
-.value	0x714,0x714
-.value	0x714,0x714
-.value	0x714,0x714
-.value	0x714,0x714
-.value	0x314,0x314
-.value	0x314,0x314
-.value	0x314,0x314
-.value	0x314,0x314
-.value	0x314,0x314
-.value	0x314,0x314
-.value	0x314,0x314
-.value	0x314,0x314
-.value	0x11f,0x11f
-.value	0x11f,0x11f
-.value	0x11f,0x11f
-.value	0x11f,0x11f
-.value	0x11f,0x11f
-.value	0x11f,0x11f
-.value	0x11f,0x11f
-.value	0x11f,0x11f
+.value	0x0714,0x0714
+.value	0x0714,0x0714
+.value	0x0714,0x0714
+.value	0x0714,0x0714
+.value	0x0714,0x0714
+.value	0x0714,0x0714
+.value	0x0714,0x0714
+.value	0x0714,0x0714
+.value	0x0314,0x0314
+.value	0x0314,0x0314
+.value	0x0314,0x0314
+.value	0x0314,0x0314
+.value	0x0314,0x0314
+.value	0x0314,0x0314
+.value	0x0314,0x0314
+.value	0x0314,0x0314
+.value	0x011f,0x011f
+.value	0x011f,0x011f
+.value	0x011f,0x011f
+.value	0x011f,0x011f
+.value	0x011f,0x011f
+.value	0x011f,0x011f
+.value	0x011f,0x011f
+.value	0x011f,0x011f
 .value	0x6e1f,0x6e1f
 .value	0x6e1f,0x6e1f
 .value	0x6e1f,0x6e1f
@@ -507,14 +507,14 @@ L_mlkem_avx2_zetas:
 .value	0x6e1f,0x6e1f
 .value	0x6e1f,0x6e1f
 .value	0x6e1f,0x6e1f
-.value	0xca,0xca
-.value	0xca,0xca
-.value	0xca,0xca
-.value	0xca,0xca
-.value	0xca,0xca
-.value	0xca,0xca
-.value	0xca,0xca
-.value	0xca,0xca
+.value	0x00ca,0x00ca
+.value	0x00ca,0x00ca
+.value	0x00ca,0x00ca
+.value	0x00ca,0x00ca
+.value	0x00ca,0x00ca
+.value	0x00ca,0x00ca
+.value	0x00ca,0x00ca
+.value	0x00ca,0x00ca
 .value	0xbeca,0xbeca
 .value	0xbeca,0xbeca
 .value	0xbeca,0xbeca
@@ -523,14 +523,14 @@ L_mlkem_avx2_zetas:
 .value	0xbeca,0xbeca
 .value	0xbeca,0xbeca
 .value	0xbeca,0xbeca
-.value	0x3c2,0x3c2
-.value	0x3c2,0x3c2
-.value	0x3c2,0x3c2
-.value	0x3c2,0x3c2
-.value	0x3c2,0x3c2
-.value	0x3c2,0x3c2
-.value	0x3c2,0x3c2
-.value	0x3c2,0x3c2
+.value	0x03c2,0x03c2
+.value	0x03c2,0x03c2
+.value	0x03c2,0x03c2
+.value	0x03c2,0x03c2
+.value	0x03c2,0x03c2
+.value	0x03c2,0x03c2
+.value	0x03c2,0x03c2
+.value	0x03c2,0x03c2
 .value	0x29c2,0x29c2
 .value	0x29c2,0x29c2
 .value	0x29c2,0x29c2
@@ -539,30 +539,30 @@ L_mlkem_avx2_zetas:
 .value	0x29c2,0x29c2
 .value	0x29c2,0x29c2
 .value	0x29c2,0x29c2
-.value	0x84f,0x84f
-.value	0x84f,0x84f
-.value	0x84f,0x84f
-.value	0x84f,0x84f
-.value	0x84f,0x84f
-.value	0x84f,0x84f
-.value	0x84f,0x84f
-.value	0x84f,0x84f
-.value	0x54f,0x54f
-.value	0x54f,0x54f
-.value	0x54f,0x54f
-.value	0x54f,0x54f
-.value	0x54f,0x54f
-.value	0x54f,0x54f
-.value	0x54f,0x54f
-.value	0x54f,0x54f
-.value	0x73f,0x73f
-.value	0x73f,0x73f
-.value	0x73f,0x73f
-.value	0x73f,0x73f
-.value	0x73f,0x73f
-.value	0x73f,0x73f
-.value	0x73f,0x73f
-.value	0x73f,0x73f
+.value	0x084f,0x084f
+.value	0x084f,0x084f
+.value	0x084f,0x084f
+.value	0x084f,0x084f
+.value	0x084f,0x084f
+.value	0x084f,0x084f
+.value	0x084f,0x084f
+.value	0x084f,0x084f
+.value	0x054f,0x054f
+.value	0x054f,0x054f
+.value	0x054f,0x054f
+.value	0x054f,0x054f
+.value	0x054f,0x054f
+.value	0x054f,0x054f
+.value	0x054f,0x054f
+.value	0x054f,0x054f
+.value	0x073f,0x073f
+.value	0x073f,0x073f
+.value	0x073f,0x073f
+.value	0x073f,0x073f
+.value	0x073f,0x073f
+.value	0x073f,0x073f
+.value	0x073f,0x073f
+.value	0x073f,0x073f
 .value	0xd43f,0xd43f
 .value	0xd43f,0xd43f
 .value	0xd43f,0xd43f
@@ -571,14 +571,14 @@ L_mlkem_avx2_zetas:
 .value	0xd43f,0xd43f
 .value	0xd43f,0xd43f
 .value	0xd43f,0xd43f
-.value	0x5bc,0x5bc
-.value	0x5bc,0x5bc
-.value	0x5bc,0x5bc
-.value	0x5bc,0x5bc
-.value	0x5bc,0x5bc
-.value	0x5bc,0x5bc
-.value	0x5bc,0x5bc
-.value	0x5bc,0x5bc
+.value	0x05bc,0x05bc
+.value	0x05bc,0x05bc
+.value	0x05bc,0x05bc
+.value	0x05bc,0x05bc
+.value	0x05bc,0x05bc
+.value	0x05bc,0x05bc
+.value	0x05bc,0x05bc
+.value	0x05bc,0x05bc
 .value	0x79bc,0x79bc
 .value	0x79bc,0x79bc
 .value	0x79bc,0x79bc
@@ -587,14 +587,14 @@ L_mlkem_avx2_zetas:
 .value	0x79bc,0x79bc
 .value	0x79bc,0x79bc
 .value	0x79bc,0x79bc
-.value	0xa58,0xa58
-.value	0xa58,0xa58
-.value	0xa58,0xa58
-.value	0xa58,0xa58
-.value	0x3f9,0x3f9
-.value	0x3f9,0x3f9
-.value	0x3f9,0x3f9
-.value	0x3f9,0x3f9
+.value	0x0a58,0x0a58
+.value	0x0a58,0x0a58
+.value	0x0a58,0x0a58
+.value	0x0a58,0x0a58
+.value	0x03f9,0x03f9
+.value	0x03f9,0x03f9
+.value	0x03f9,0x03f9
+.value	0x03f9,0x03f9
 .value	0x9258,0x9258
 .value	0x9258,0x9258
 .value	0x9258,0x9258
@@ -603,14 +603,14 @@ L_mlkem_avx2_zetas:
 .value	0x5ef9,0x5ef9
 .value	0x5ef9,0x5ef9
 .value	0x5ef9,0x5ef9
-.value	0x2dc,0x2dc
-.value	0x2dc,0x2dc
-.value	0x2dc,0x2dc
-.value	0x2dc,0x2dc
-.value	0x260,0x260
-.value	0x260,0x260
-.value	0x260,0x260
-.value	0x260,0x260
+.value	0x02dc,0x02dc
+.value	0x02dc,0x02dc
+.value	0x02dc,0x02dc
+.value	0x02dc,0x02dc
+.value	0x0260,0x0260
+.value	0x0260,0x0260
+.value	0x0260,0x0260
+.value	0x0260,0x0260
 .value	0xd6dc,0xd6dc
 .value	0xd6dc,0xd6dc
 .value	0xd6dc,0xd6dc
@@ -619,14 +619,14 @@ L_mlkem_avx2_zetas:
 .value	0x2260,0x2260
 .value	0x2260,0x2260
 .value	0x2260,0x2260
-.value	0x9ac,0x9ac
-.value	0x9ac,0x9ac
-.value	0xca7,0xca7
-.value	0xca7,0xca7
-.value	0xbf2,0xbf2
-.value	0xbf2,0xbf2
-.value	0x33e,0x33e
-.value	0x33e,0x33e
+.value	0x09ac,0x09ac
+.value	0x09ac,0x09ac
+.value	0x0ca7,0x0ca7
+.value	0x0ca7,0x0ca7
+.value	0x0bf2,0x0bf2
+.value	0x0bf2,0x0bf2
+.value	0x033e,0x033e
+.value	0x033e,0x033e
 .value	0x4dac,0x4dac
 .value	0x4dac,0x4dac
 .value	0x91a7,0x91a7
@@ -635,14 +635,14 @@ L_mlkem_avx2_zetas:
 .value	0xc1f2,0xc1f2
 .value	0xdd3e,0xdd3e
 .value	0xdd3e,0xdd3e
-.value	0x6b,0x6b
-.value	0x6b,0x6b
-.value	0x774,0x774
-.value	0x774,0x774
-.value	0xc0a,0xc0a
-.value	0xc0a,0xc0a
-.value	0x94a,0x94a
-.value	0x94a,0x94a
+.value	0x006b,0x006b
+.value	0x006b,0x006b
+.value	0x0774,0x0774
+.value	0x0774,0x0774
+.value	0x0c0a,0x0c0a
+.value	0x0c0a,0x0c0a
+.value	0x094a,0x094a
+.value	0x094a,0x094a
 .value	0x916b,0x916b
 .value	0x916b,0x916b
 .value	0x2374,0x2374
@@ -651,14 +651,14 @@ L_mlkem_avx2_zetas:
 .value	0x8a0a,0x8a0a
 .value	0x474a,0x474a
 .value	0x474a,0x474a
-.value	0x6fb,0x6fb
-.value	0x6fb,0x6fb
-.value	0x6fb,0x6fb
-.value	0x6fb,0x6fb
-.value	0x19b,0x19b
-.value	0x19b,0x19b
-.value	0x19b,0x19b
-.value	0x19b,0x19b
+.value	0x06fb,0x06fb
+.value	0x06fb,0x06fb
+.value	0x06fb,0x06fb
+.value	0x06fb,0x06fb
+.value	0x019b,0x019b
+.value	0x019b,0x019b
+.value	0x019b,0x019b
+.value	0x019b,0x019b
 .value	0x47fb,0x47fb
 .value	0x47fb,0x47fb
 .value	0x47fb,0x47fb
@@ -667,14 +667,14 @@ L_mlkem_avx2_zetas:
 .value	0x229b,0x229b
 .value	0x229b,0x229b
 .value	0x229b,0x229b
-.value	0xc34,0xc34
-.value	0xc34,0xc34
-.value	0xc34,0xc34
-.value	0xc34,0xc34
-.value	0x6de,0x6de
-.value	0x6de,0x6de
-.value	0x6de,0x6de
-.value	0x6de,0x6de
+.value	0x0c34,0x0c34
+.value	0x0c34,0x0c34
+.value	0x0c34,0x0c34
+.value	0x0c34,0x0c34
+.value	0x06de,0x06de
+.value	0x06de,0x06de
+.value	0x06de,0x06de
+.value	0x06de,0x06de
 .value	0x6834,0x6834
 .value	0x6834,0x6834
 .value	0x6834,0x6834
@@ -683,14 +683,14 @@ L_mlkem_avx2_zetas:
 .value	0xc0de,0xc0de
 .value	0xc0de,0xc0de
 .value	0xc0de,0xc0de
-.value	0xb73,0xb73
-.value	0xb73,0xb73
-.value	0x3c1,0x3c1
-.value	0x3c1,0x3c1
-.value	0x71d,0x71d
-.value	0x71d,0x71d
-.value	0xa2c,0xa2c
-.value	0xa2c,0xa2c
+.value	0x0b73,0x0b73
+.value	0x0b73,0x0b73
+.value	0x03c1,0x03c1
+.value	0x03c1,0x03c1
+.value	0x071d,0x071d
+.value	0x071d,0x071d
+.value	0x0a2c,0x0a2c
+.value	0x0a2c,0x0a2c
 .value	0x3473,0x3473
 .value	0x3473,0x3473
 .value	0x36c1,0x36c1
@@ -699,14 +699,14 @@ L_mlkem_avx2_zetas:
 .value	0x8e1d,0x8e1d
 .value	0xce2c,0xce2c
 .value	0xce2c,0xce2c
-.value	0x1c0,0x1c0
-.value	0x1c0,0x1c0
-.value	0x8d8,0x8d8
-.value	0x8d8,0x8d8
-.value	0x2a5,0x2a5
-.value	0x2a5,0x2a5
-.value	0x806,0x806
-.value	0x806,0x806
+.value	0x01c0,0x01c0
+.value	0x01c0,0x01c0
+.value	0x08d8,0x08d8
+.value	0x08d8,0x08d8
+.value	0x02a5,0x02a5
+.value	0x02a5,0x02a5
+.value	0x0806,0x0806
+.value	0x0806,0x0806
 .value	0x41c0,0x41c0
 .value	0x41c0,0x41c0
 .value	0x10d8,0x10d8
@@ -715,30 +715,30 @@ L_mlkem_avx2_zetas:
 .value	0xa1a5,0xa1a5
 .value	0xba06,0xba06
 .value	0xba06,0xba06
-.value	0x331,0x331
-.value	0x449,0x449
-.value	0x25b,0x25b
-.value	0x262,0x262
-.value	0x52a,0x52a
-.value	0x7fc,0x7fc
-.value	0x748,0x748
-.value	0x180,0x180
+.value	0x0331,0x0331
+.value	0x0449,0x0449
+.value	0x025b,0x025b
+.value	0x0262,0x0262
+.value	0x052a,0x052a
+.value	0x07fc,0x07fc
+.value	0x0748,0x0748
+.value	0x0180,0x0180
 .value	0x8631,0x8631
 .value	0x4f49,0x4f49
 .value	0x635b,0x635b
-.value	0x862,0x862
+.value	0x0862,0x0862
 .value	0xe32a,0xe32a
 .value	0x3bfc,0x3bfc
 .value	0x5f48,0x5f48
 .value	0x8180,0x8180
-.value	0x842,0x842
-.value	0xc79,0xc79
-.value	0x4c2,0x4c2
-.value	0x7ca,0x7ca
-.value	0x997,0x997
-.value	0xdc,0xdc
-.value	0x85e,0x85e
-.value	0x686,0x686
+.value	0x0842,0x0842
+.value	0x0c79,0x0c79
+.value	0x04c2,0x04c2
+.value	0x07ca,0x07ca
+.value	0x0997,0x0997
+.value	0x00dc,0x00dc
+.value	0x085e,0x085e
+.value	0x0686,0x0686
 .value	0xae42,0xae42
 .value	0xe779,0xe779
 .value	0x2ac2,0x2ac2
@@ -747,14 +747,14 @@ L_mlkem_avx2_zetas:
 .value	0xd4dc,0xd4dc
 .value	0x425e,0x425e
 .value	0x3886,0x3886
-.value	0x860,0x860
-.value	0x707,0x707
-.value	0x803,0x803
-.value	0x31a,0x31a
-.value	0x71b,0x71b
-.value	0x9ab,0x9ab
-.value	0x99b,0x99b
-.value	0x1de,0x1de
+.value	0x0860,0x0860
+.value	0x0707,0x0707
+.value	0x0803,0x0803
+.value	0x031a,0x031a
+.value	0x071b,0x071b
+.value	0x09ab,0x09ab
+.value	0x099b,0x099b
+.value	0x01de,0x01de
 .value	0x2860,0x2860
 .value	0xac07,0xac07
 .value	0xe103,0xe103
@@ -763,14 +763,14 @@ L_mlkem_avx2_zetas:
 .value	0x5aab,0x5aab
 .value	0x2a9b,0x2a9b
 .value	0xbbde,0xbbde
-.value	0xc95,0xc95
-.value	0xbcd,0xbcd
-.value	0x3e4,0x3e4
-.value	0x3df,0x3df
-.value	0x3be,0x3be
-.value	0x74d,0x74d
-.value	0x5f2,0x5f2
-.value	0x65c,0x65c
+.value	0x0c95,0x0c95
+.value	0x0bcd,0x0bcd
+.value	0x03e4,0x03e4
+.value	0x03df,0x03df
+.value	0x03be,0x03be
+.value	0x074d,0x074d
+.value	0x05f2,0x05f2
+.value	0x065c,0x065c
 .value	0x7b95,0x7b95
 .value	0xa2cd,0xa2cd
 .value	0x6fe4,0x6fe4
@@ -790,45 +790,45 @@ L_mlkem_avx2_zetas:
 .p2align	4
 #endif /* __APPLE__ */
 L_mlkem_avx2_zetas_basemul:
-.value	0x8b2,0x81e
+.value	0x08b2,0x081e
 .value	0xf74e,0xf7e2
-.value	0x1ae,0x367
+.value	0x01ae,0x0367
 .value	0xfe52,0xfc99
-.value	0x22b,0x60e
+.value	0x022b,0x060e
 .value	0xfdd5,0xf9f2
-.value	0x34b,0x69
+.value	0x034b,0x0069
 .value	0xfcb5,0xff97
 .value	0xfeb2,0x821e
-.value	0x14e,0x7de2
+.value	0x014e,0x7de2
 .value	0x2bae,0xc867
 .value	0xd452,0x3799
 .value	0xd32b,0x500e
 .value	0x2cd5,0xaff2
 .value	0x344b,0xab69
 .value	0xcbb5,0x5497
-.value	0x1a6,0xbde
+.value	0x01a6,0x0bde
 .value	0xfe5a,0xf422
-.value	0x24b,0xb35
+.value	0x024b,0x0b35
 .value	0xfdb5,0xf4cb
-.value	0xb1,0x626
+.value	0x00b1,0x0626
 .value	0xff4f,0xf9da
-.value	0xc16,0x675
+.value	0x0c16,0x0675
 .value	0xf3ea,0xf98b
 .value	0x93a6,0xc5de
 .value	0x6c5a,0x3a22
 .value	0x334b,0x5a35
 .value	0xccb5,0xa5cb
-.value	0x3b1,0x1826
+.value	0x03b1,0x1826
 .value	0xfc4f,0xe7da
 .value	0xee16,0x1575
 .value	0x11ea,0xea8b
-.value	0xc0b,0x9f8
+.value	0x0c0b,0x09f8
 .value	0xf3f5,0xf608
-.value	0x30a,0x5cb
+.value	0x030a,0x05cb
 .value	0xfcf6,0xfa35
-.value	0x487,0xaa7
+.value	0x0487,0x0aa7
 .value	0xfb79,0xf559
-.value	0xc6e,0x45f
+.value	0x0c6e,0x045f
 .value	0xf392,0xfba1
 .value	0x7d0b,0x71f8
 .value	0x82f5,0x8e08
@@ -838,13 +838,13 @@ L_mlkem_avx2_zetas_basemul:
 .value	0xd679,0x7059
 .value	0x766e,0x315f
 .value	0x8992,0xcea1
-.value	0x6cb,0x1a2
+.value	0x06cb,0x01a2
 .value	0xf935,0xfe5e
-.value	0x284,0x149
+.value	0x0284,0x0149
 .value	0xfd7c,0xfeb7
-.value	0x999,0xc65
+.value	0x0999,0x0c65
 .value	0xf667,0xf39b
-.value	0x15d,0xcb6
+.value	0x015d,0x0cb6
 .value	0xfea3,0xf34a
 .value	0xb7cb,0xc7a2
 .value	0x4835,0x385e
@@ -854,13 +854,13 @@ L_mlkem_avx2_zetas_basemul:
 .value	0xbb67,0x149b
 .value	0x485d,0xceb6
 .value	0xb7a3,0x314a
-.value	0x331,0x52a
+.value	0x0331,0x052a
 .value	0xfccf,0xfad6
-.value	0x449,0x7fc
+.value	0x0449,0x07fc
 .value	0xfbb7,0xf804
-.value	0x25b,0x748
+.value	0x025b,0x0748
 .value	0xfda5,0xf8b8
-.value	0x262,0x180
+.value	0x0262,0x0180
 .value	0xfd9e,0xfe80
 .value	0x8631,0xe32a
 .value	0x79cf,0x1cd6
@@ -868,15 +868,15 @@ L_mlkem_avx2_zetas_basemul:
 .value	0xb0b7,0xc404
 .value	0x635b,0x5f48
 .value	0x9ca5,0xa0b8
-.value	0x862,0x8180
+.value	0x0862,0x8180
 .value	0xf79e,0x7e80
-.value	0x842,0x997
+.value	0x0842,0x0997
 .value	0xf7be,0xf669
-.value	0xc79,0xdc
+.value	0x0c79,0x00dc
 .value	0xf387,0xff24
-.value	0x4c2,0x85e
+.value	0x04c2,0x085e
 .value	0xfb3e,0xf7a2
-.value	0x7ca,0x686
+.value	0x07ca,0x0686
 .value	0xf836,0xf97a
 .value	0xae42,0x5e97
 .value	0x51be,0xa169
@@ -886,13 +886,13 @@ L_mlkem_avx2_zetas_basemul:
 .value	0xd53e,0xbda2
 .value	0xc5ca,0x3886
 .value	0x3a36,0xc77a
-.value	0x860,0x71b
+.value	0x0860,0x071b
 .value	0xf7a0,0xf8e5
-.value	0x707,0x9ab
+.value	0x0707,0x09ab
 .value	0xf8f9,0xf655
-.value	0x803,0x99b
+.value	0x0803,0x099b
 .value	0xf7fd,0xf665
-.value	0x31a,0x1de
+.value	0x031a,0x01de
 .value	0xfce6,0xfe22
 .value	0x2860,0xa81b
 .value	0xd7a0,0x57e5
@@ -902,13 +902,13 @@ L_mlkem_avx2_zetas_basemul:
 .value	0x1efd,0xd565
 .value	0xb11a,0xbbde
 .value	0x4ee6,0x4422
-.value	0xc95,0x3be
+.value	0x0c95,0x03be
 .value	0xf36b,0xfc42
-.value	0xbcd,0x74d
+.value	0x0bcd,0x074d
 .value	0xf433,0xf8b3
-.value	0x3e4,0x5f2
+.value	0x03e4,0x05f2
 .value	0xfc1c,0xfa0e
-.value	0x3df,0x65c
+.value	0x03df,0x065c
 .value	0xfc21,0xf9a4
 .value	0x7b95,0x5dbe
 .value	0x846b,0xa242
@@ -929,14 +929,14 @@ L_mlkem_avx2_zetas_basemul:
 .p2align	4
 #endif /* __APPLE__ */
 L_mlkem_avx2_zetas_inv:
-.value	0x6a5,0x6a5
-.value	0x5b4,0x5b4
-.value	0x70f,0x70f
-.value	0x943,0x943
-.value	0x922,0x922
-.value	0x134,0x134
-.value	0x91d,0x91d
-.value	0x6c,0x6c
+.value	0x06a5,0x06a5
+.value	0x05b4,0x05b4
+.value	0x070f,0x070f
+.value	0x0943,0x0943
+.value	0x0922,0x0922
+.value	0x0134,0x0134
+.value	0x091d,0x091d
+.value	0x006c,0x006c
 .value	0xa5a5,0xa5a5
 .value	0xe1b4,0xe1b4
 .value	0x440f,0x440f
@@ -945,14 +945,14 @@ L_mlkem_avx2_zetas_inv:
 .value	0x5d34,0x5d34
 .value	0x901d,0x901d
 .value	0x846c,0x846c
-.value	0xb23,0xb23
-.value	0x356,0x356
-.value	0x366,0x366
-.value	0x5e6,0x5e6
-.value	0x9e7,0x9e7
-.value	0x5fa,0x5fa
-.value	0x4fe,0x4fe
-.value	0x4a1,0x4a1
+.value	0x0b23,0x0b23
+.value	0x0356,0x0356
+.value	0x0366,0x0366
+.value	0x05e6,0x05e6
+.value	0x09e7,0x09e7
+.value	0x05fa,0x05fa
+.value	0x04fe,0x04fe
+.value	0x04a1,0x04a1
 .value	0x4423,0x4423
 .value	0xa556,0xa556
 .value	0xd566,0xd566
@@ -961,14 +961,14 @@ L_mlkem_avx2_zetas_inv:
 .value	0x53fa,0x53fa
 .value	0x1efe,0x1efe
 .value	0xd7a1,0xd7a1
-.value	0x4fb,0x4fb
-.value	0x4fb,0x4fb
-.value	0xa5c,0xa5c
-.value	0xa5c,0xa5c
-.value	0x429,0x429
-.value	0x429,0x429
-.value	0xb41,0xb41
-.value	0xb41,0xb41
+.value	0x04fb,0x04fb
+.value	0x04fb,0x04fb
+.value	0x0a5c,0x0a5c
+.value	0x0a5c,0x0a5c
+.value	0x0429,0x0429
+.value	0x0429,0x0429
+.value	0x0b41,0x0b41
+.value	0x0b41,0x0b41
 .value	0x45fb,0x45fb
 .value	0x45fb,0x45fb
 .value	0x5e5c,0x5e5c
@@ -977,14 +977,14 @@ L_mlkem_avx2_zetas_inv:
 .value	0xef29,0xef29
 .value	0xbe41,0xbe41
 .value	0xbe41,0xbe41
-.value	0x2d5,0x2d5
-.value	0x2d5,0x2d5
-.value	0x5e4,0x5e4
-.value	0x5e4,0x5e4
-.value	0x940,0x940
-.value	0x940,0x940
-.value	0x18e,0x18e
-.value	0x18e,0x18e
+.value	0x02d5,0x02d5
+.value	0x02d5,0x02d5
+.value	0x05e4,0x05e4
+.value	0x05e4,0x05e4
+.value	0x0940,0x0940
+.value	0x0940,0x0940
+.value	0x018e,0x018e
+.value	0x018e,0x018e
 .value	0x31d5,0x31d5
 .value	0x31d5,0x31d5
 .value	0x71e4,0x71e4
@@ -993,14 +993,14 @@ L_mlkem_avx2_zetas_inv:
 .value	0xc940,0xc940
 .value	0xcb8e,0xcb8e
 .value	0xcb8e,0xcb8e
-.value	0x623,0x623
-.value	0x623,0x623
-.value	0x623,0x623
-.value	0x623,0x623
-.value	0xcd,0xcd
-.value	0xcd,0xcd
-.value	0xcd,0xcd
-.value	0xcd,0xcd
+.value	0x0623,0x0623
+.value	0x0623,0x0623
+.value	0x0623,0x0623
+.value	0x0623,0x0623
+.value	0x00cd,0x00cd
+.value	0x00cd,0x00cd
+.value	0x00cd,0x00cd
+.value	0x00cd,0x00cd
 .value	0x3f23,0x3f23
 .value	0x3f23,0x3f23
 .value	0x3f23,0x3f23
@@ -1009,14 +1009,14 @@ L_mlkem_avx2_zetas_inv:
 .value	0x97cd,0x97cd
 .value	0x97cd,0x97cd
 .value	0x97cd,0x97cd
-.value	0xb66,0xb66
-.value	0xb66,0xb66
-.value	0xb66,0xb66
-.value	0xb66,0xb66
-.value	0x606,0x606
-.value	0x606,0x606
-.value	0x606,0x606
-.value	0x606,0x606
+.value	0x0b66,0x0b66
+.value	0x0b66,0x0b66
+.value	0x0b66,0x0b66
+.value	0x0b66,0x0b66
+.value	0x0606,0x0606
+.value	0x0606,0x0606
+.value	0x0606,0x0606
+.value	0x0606,0x0606
 .value	0xdd66,0xdd66
 .value	0xdd66,0xdd66
 .value	0xdd66,0xdd66
@@ -1025,14 +1025,14 @@ L_mlkem_avx2_zetas_inv:
 .value	0xb806,0xb806
 .value	0xb806,0xb806
 .value	0xb806,0xb806
-.value	0x745,0x745
-.value	0x745,0x745
-.value	0x745,0x745
-.value	0x745,0x745
-.value	0x745,0x745
-.value	0x745,0x745
-.value	0x745,0x745
-.value	0x745,0x745
+.value	0x0745,0x0745
+.value	0x0745,0x0745
+.value	0x0745,0x0745
+.value	0x0745,0x0745
+.value	0x0745,0x0745
+.value	0x0745,0x0745
+.value	0x0745,0x0745
+.value	0x0745,0x0745
 .value	0x8645,0x8645
 .value	0x8645,0x8645
 .value	0x8645,0x8645
@@ -1041,14 +1041,14 @@ L_mlkem_avx2_zetas_inv:
 .value	0x8645,0x8645
 .value	0x8645,0x8645
 .value	0x8645,0x8645
-.value	0x5c2,0x5c2
-.value	0x5c2,0x5c2
-.value	0x5c2,0x5c2
-.value	0x5c2,0x5c2
-.value	0x5c2,0x5c2
-.value	0x5c2,0x5c2
-.value	0x5c2,0x5c2
-.value	0x5c2,0x5c2
+.value	0x05c2,0x05c2
+.value	0x05c2,0x05c2
+.value	0x05c2,0x05c2
+.value	0x05c2,0x05c2
+.value	0x05c2,0x05c2
+.value	0x05c2,0x05c2
+.value	0x05c2,0x05c2
+.value	0x05c2,0x05c2
 .value	0x2bc2,0x2bc2
 .value	0x2bc2,0x2bc2
 .value	0x2bc2,0x2bc2
@@ -1057,14 +1057,14 @@ L_mlkem_avx2_zetas_inv:
 .value	0x2bc2,0x2bc2
 .value	0x2bc2,0x2bc2
 .value	0x2bc2,0x2bc2
-.value	0xc37,0xc37
-.value	0xc37,0xc37
-.value	0xc37,0xc37
-.value	0xc37,0xc37
-.value	0xc37,0xc37
-.value	0xc37,0xc37
-.value	0xc37,0xc37
-.value	0xc37,0xc37
+.value	0x0c37,0x0c37
+.value	0x0c37,0x0c37
+.value	0x0c37,0x0c37
+.value	0x0c37,0x0c37
+.value	0x0c37,0x0c37
+.value	0x0c37,0x0c37
+.value	0x0c37,0x0c37
+.value	0x0c37,0x0c37
 .value	0x4137,0x4137
 .value	0x4137,0x4137
 .value	0x4137,0x4137
@@ -1073,14 +1073,14 @@ L_mlkem_avx2_zetas_inv:
 .value	0x4137,0x4137
 .value	0x4137,0x4137
 .value	0x4137,0x4137
-.value	0x67b,0x67b
-.value	0xc25,0xc25
-.value	0x4a3,0x4a3
-.value	0x36a,0x36a
-.value	0x537,0x537
-.value	0x88,0x88
-.value	0x83f,0x83f
-.value	0x4bf,0x4bf
+.value	0x067b,0x067b
+.value	0x0c25,0x0c25
+.value	0x04a3,0x04a3
+.value	0x036a,0x036a
+.value	0x0537,0x0537
+.value	0x0088,0x0088
+.value	0x083f,0x083f
+.value	0x04bf,0x04bf
 .value	0xc77b,0xc77b
 .value	0x2b25,0x2b25
 .value	0xbda3,0xbda3
@@ -1089,14 +1089,14 @@ L_mlkem_avx2_zetas_inv:
 .value	0x1888,0x1888
 .value	0xd53f,0xd53f
 .value	0x51bf,0x51bf
-.value	0xb81,0xb81
-.value	0x505,0x505
-.value	0x5b9,0x5b9
-.value	0x7d7,0x7d7
-.value	0xa9f,0xa9f
-.value	0x8b8,0x8b8
-.value	0xaa6,0xaa6
-.value	0x9d0,0x9d0
+.value	0x0b81,0x0b81
+.value	0x0505,0x0505
+.value	0x05b9,0x05b9
+.value	0x07d7,0x07d7
+.value	0x0a9f,0x0a9f
+.value	0x08b8,0x08b8
+.value	0x0aa6,0x0aa6
+.value	0x09d0,0x09d0
 .value	0x7e81,0x7e81
 .value	0xc405,0xc405
 .value	0xa0b9,0xa0b9
@@ -1105,14 +1105,14 @@ L_mlkem_avx2_zetas_inv:
 .value	0xb0b8,0xb0b8
 .value	0x9ca6,0x9ca6
 .value	0x79d0,0x79d0
-.value	0x3b7,0x3b7
-.value	0x3b7,0x3b7
-.value	0xf7,0xf7
-.value	0xf7,0xf7
-.value	0x58d,0x58d
-.value	0x58d,0x58d
-.value	0xc96,0xc96
-.value	0xc96,0xc96
+.value	0x03b7,0x03b7
+.value	0x03b7,0x03b7
+.value	0x00f7,0x00f7
+.value	0x00f7,0x00f7
+.value	0x058d,0x058d
+.value	0x058d,0x058d
+.value	0x0c96,0x0c96
+.value	0x0c96,0x0c96
 .value	0xb8b7,0xb8b7
 .value	0xb8b7,0xb8b7
 .value	0x75f7,0x75f7
@@ -1121,14 +1121,14 @@ L_mlkem_avx2_zetas_inv:
 .value	0xdc8d,0xdc8d
 .value	0x6e96,0x6e96
 .value	0x6e96,0x6e96
-.value	0x9c3,0x9c3
-.value	0x9c3,0x9c3
-.value	0x10f,0x10f
-.value	0x10f,0x10f
-.value	0x5a,0x5a
-.value	0x5a,0x5a
-.value	0x355,0x355
-.value	0x355,0x355
+.value	0x09c3,0x09c3
+.value	0x09c3,0x09c3
+.value	0x010f,0x010f
+.value	0x010f,0x010f
+.value	0x005a,0x005a
+.value	0x005a,0x005a
+.value	0x0355,0x0355
+.value	0x0355,0x0355
 .value	0x22c3,0x22c3
 .value	0x22c3,0x22c3
 .value	0x3e0f,0x3e0f
@@ -1137,14 +1137,14 @@ L_mlkem_avx2_zetas_inv:
 .value	0x6e5a,0x6e5a
 .value	0xb255,0xb255
 .value	0xb255,0xb255
-.value	0xaa1,0xaa1
-.value	0xaa1,0xaa1
-.value	0xaa1,0xaa1
-.value	0xaa1,0xaa1
-.value	0xa25,0xa25
-.value	0xa25,0xa25
-.value	0xa25,0xa25
-.value	0xa25,0xa25
+.value	0x0aa1,0x0aa1
+.value	0x0aa1,0x0aa1
+.value	0x0aa1,0x0aa1
+.value	0x0aa1,0x0aa1
+.value	0x0a25,0x0a25
+.value	0x0a25,0x0a25
+.value	0x0a25,0x0a25
+.value	0x0a25,0x0a25
 .value	0xdda1,0xdda1
 .value	0xdda1,0xdda1
 .value	0xdda1,0xdda1
@@ -1153,14 +1153,14 @@ L_mlkem_avx2_zetas_inv:
 .value	0x2925,0x2925
 .value	0x2925,0x2925
 .value	0x2925,0x2925
-.value	0x908,0x908
-.value	0x908,0x908
-.value	0x908,0x908
-.value	0x908,0x908
-.value	0x2a9,0x2a9
-.value	0x2a9,0x2a9
-.value	0x2a9,0x2a9
-.value	0x2a9,0x2a9
+.value	0x0908,0x0908
+.value	0x0908,0x0908
+.value	0x0908,0x0908
+.value	0x0908,0x0908
+.value	0x02a9,0x02a9
+.value	0x02a9,0x02a9
+.value	0x02a9,0x02a9
+.value	0x02a9,0x02a9
 .value	0xa108,0xa108
 .value	0xa108,0xa108
 .value	0xa108,0xa108
@@ -1169,14 +1169,14 @@ L_mlkem_avx2_zetas_inv:
 .value	0x6da9,0x6da9
 .value	0x6da9,0x6da9
 .value	0x6da9,0x6da9
-.value	0x4b2,0x4b2
-.value	0x4b2,0x4b2
-.value	0x4b2,0x4b2
-.value	0x4b2,0x4b2
-.value	0x4b2,0x4b2
-.value	0x4b2,0x4b2
-.value	0x4b2,0x4b2
-.value	0x4b2,0x4b2
+.value	0x04b2,0x04b2
+.value	0x04b2,0x04b2
+.value	0x04b2,0x04b2
+.value	0x04b2,0x04b2
+.value	0x04b2,0x04b2
+.value	0x04b2,0x04b2
+.value	0x04b2,0x04b2
+.value	0x04b2,0x04b2
 .value	0xfab2,0xfab2
 .value	0xfab2,0xfab2
 .value	0xfab2,0xfab2
@@ -1185,14 +1185,14 @@ L_mlkem_avx2_zetas_inv:
 .value	0xfab2,0xfab2
 .value	0xfab2,0xfab2
 .value	0xfab2,0xfab2
-.value	0x93f,0x93f
-.value	0x93f,0x93f
-.value	0x93f,0x93f
-.value	0x93f,0x93f
-.value	0x93f,0x93f
-.value	0x93f,0x93f
-.value	0x93f,0x93f
-.value	0x93f,0x93f
+.value	0x093f,0x093f
+.value	0x093f,0x093f
+.value	0x093f,0x093f
+.value	0x093f,0x093f
+.value	0x093f,0x093f
+.value	0x093f,0x093f
+.value	0x093f,0x093f
+.value	0x093f,0x093f
 .value	0xd63f,0xd63f
 .value	0xd63f,0xd63f
 .value	0xd63f,0xd63f
@@ -1201,14 +1201,14 @@ L_mlkem_avx2_zetas_inv:
 .value	0xd63f,0xd63f
 .value	0xd63f,0xd63f
 .value	0xd63f,0xd63f
-.value	0xbe2,0xbe2
-.value	0xbe2,0xbe2
-.value	0xbe2,0xbe2
-.value	0xbe2,0xbe2
-.value	0xbe2,0xbe2
-.value	0xbe2,0xbe2
-.value	0xbe2,0xbe2
-.value	0xbe2,0xbe2
+.value	0x0be2,0x0be2
+.value	0x0be2,0x0be2
+.value	0x0be2,0x0be2
+.value	0x0be2,0x0be2
+.value	0x0be2,0x0be2
+.value	0x0be2,0x0be2
+.value	0x0be2,0x0be2
+.value	0x0be2,0x0be2
 .value	0x91e2,0x91e2
 .value	0x91e2,0x91e2
 .value	0x91e2,0x91e2
@@ -1217,14 +1217,14 @@ L_mlkem_avx2_zetas_inv:
 .value	0x91e2,0x91e2
 .value	0x91e2,0x91e2
 .value	0x91e2,0x91e2
-.value	0x5ed,0x5ed
-.value	0x5ed,0x5ed
-.value	0x5ed,0x5ed
-.value	0x5ed,0x5ed
-.value	0x5ed,0x5ed
-.value	0x5ed,0x5ed
-.value	0x5ed,0x5ed
-.value	0x5ed,0x5ed
+.value	0x05ed,0x05ed
+.value	0x05ed,0x05ed
+.value	0x05ed,0x05ed
+.value	0x05ed,0x05ed
+.value	0x05ed,0x05ed
+.value	0x05ed,0x05ed
+.value	0x05ed,0x05ed
+.value	0x05ed,0x05ed
 .value	0xfced,0xfced
 .value	0xfced,0xfced
 .value	0xfced,0xfced
@@ -1233,14 +1233,14 @@ L_mlkem_avx2_zetas_inv:
 .value	0xfced,0xfced
 .value	0xfced,0xfced
 .value	0xfced,0xfced
-.value	0x4b,0x4b
-.value	0xbb8,0xbb8
-.value	0x9c,0x9c
-.value	0xb5f,0xb5f
-.value	0xba4,0xba4
-.value	0xa7d,0xa7d
-.value	0x368,0x368
-.value	0x636,0x636
+.value	0x004b,0x004b
+.value	0x0bb8,0x0bb8
+.value	0x009c,0x009c
+.value	0x0b5f,0x0b5f
+.value	0x0ba4,0x0ba4
+.value	0x0a7d,0x0a7d
+.value	0x0368,0x0368
+.value	0x0636,0x0636
 .value	0x314b,0x314b
 .value	0xb3b8,0xb3b8
 .value	0x149c,0x149c
@@ -1249,14 +1249,14 @@ L_mlkem_avx2_zetas_inv:
 .value	0xb17d,0xb17d
 .value	0xbb68,0xbb68
 .value	0x4836,0x4836
-.value	0x8a2,0x8a2
-.value	0x736,0x736
-.value	0x25a,0x25a
-.value	0x309,0x309
-.value	0x93,0x93
-.value	0x9f7,0x9f7
-.value	0x87a,0x87a
-.value	0xf6,0xf6
+.value	0x08a2,0x08a2
+.value	0x0736,0x0736
+.value	0x025a,0x025a
+.value	0x0309,0x0309
+.value	0x0093,0x0093
+.value	0x09f7,0x09f7
+.value	0x087a,0x087a
+.value	0x00f6,0x00f6
 .value	0xcea2,0xcea2
 .value	0x4936,0x4936
 .value	0x705a,0x705a
@@ -1265,30 +1265,30 @@ L_mlkem_avx2_zetas_inv:
 .value	0x7ef7,0x7ef7
 .value	0xd67a,0xd67a
 .value	0x82f6,0x82f6
-.value	0x744,0x744
-.value	0x744,0x744
-.value	0xc83,0xc83
-.value	0xc83,0xc83
-.value	0x48a,0x48a
-.value	0x48a,0x48a
-.value	0x652,0x652
-.value	0x652,0x652
+.value	0x0744,0x0744
+.value	0x0744,0x0744
+.value	0x0c83,0x0c83
+.value	0x0c83,0x0c83
+.value	0x048a,0x048a
+.value	0x048a,0x048a
+.value	0x0652,0x0652
+.value	0x0652,0x0652
 .value	0x9344,0x9344
 .value	0x9344,0x9344
 .value	0x6583,0x6583
 .value	0x6583,0x6583
-.value	0x28a,0x28a
-.value	0x28a,0x28a
+.value	0x028a,0x028a
+.value	0x028a,0x028a
 .value	0xdc52,0xdc52
 .value	0xdc52,0xdc52
-.value	0x29a,0x29a
-.value	0x29a,0x29a
-.value	0x140,0x140
-.value	0x140,0x140
-.value	0x8,0x8
-.value	0x8,0x8
-.value	0xafd,0xafd
-.value	0xafd,0xafd
+.value	0x029a,0x029a
+.value	0x029a,0x029a
+.value	0x0140,0x0140
+.value	0x0140,0x0140
+.value	0x0008,0x0008
+.value	0x0008,0x0008
+.value	0x0afd,0x0afd
+.value	0x0afd,0x0afd
 .value	0x309a,0x309a
 .value	0x309a,0x309a
 .value	0xc140,0xc140
@@ -1297,14 +1297,14 @@ L_mlkem_avx2_zetas_inv:
 .value	0x9808,0x9808
 .value	0x31fd,0x31fd
 .value	0x31fd,0x31fd
-.value	0x82,0x82
-.value	0x82,0x82
-.value	0x82,0x82
-.value	0x82,0x82
-.value	0x642,0x642
-.value	0x642,0x642
-.value	0x642,0x642
-.value	0x642,0x642
+.value	0x0082,0x0082
+.value	0x0082,0x0082
+.value	0x0082,0x0082
+.value	0x0082,0x0082
+.value	0x0642,0x0642
+.value	0x0642,0x0642
+.value	0x0642,0x0642
+.value	0x0642,0x0642
 .value	0x6682,0x6682
 .value	0x6682,0x6682
 .value	0x6682,0x6682
@@ -1313,30 +1313,30 @@ L_mlkem_avx2_zetas_inv:
 .value	0xac42,0xac42
 .value	0xac42,0xac42
 .value	0xac42,0xac42
-.value	0x74f,0x74f
-.value	0x74f,0x74f
-.value	0x74f,0x74f
-.value	0x74f,0x74f
-.value	0x33d,0x33d
-.value	0x33d,0x33d
-.value	0x33d,0x33d
-.value	0x33d,0x33d
-.value	0x44f,0x44f
-.value	0x44f,0x44f
-.value	0x44f,0x44f
-.value	0x44f,0x44f
+.value	0x074f,0x074f
+.value	0x074f,0x074f
+.value	0x074f,0x074f
+.value	0x074f,0x074f
+.value	0x033d,0x033d
+.value	0x033d,0x033d
+.value	0x033d,0x033d
+.value	0x033d,0x033d
+.value	0x044f,0x044f
+.value	0x044f,0x044f
+.value	0x044f,0x044f
+.value	0x044f,0x044f
 .value	0xea3d,0xea3d
 .value	0xea3d,0xea3d
 .value	0xea3d,0xea3d
 .value	0xea3d,0xea3d
-.value	0xc4b,0xc4b
-.value	0xc4b,0xc4b
-.value	0xc4b,0xc4b
-.value	0xc4b,0xc4b
-.value	0xc4b,0xc4b
-.value	0xc4b,0xc4b
-.value	0xc4b,0xc4b
-.value	0xc4b,0xc4b
+.value	0x0c4b,0x0c4b
+.value	0x0c4b,0x0c4b
+.value	0x0c4b,0x0c4b
+.value	0x0c4b,0x0c4b
+.value	0x0c4b,0x0c4b
+.value	0x0c4b,0x0c4b
+.value	0x0c4b,0x0c4b
+.value	0x0c4b,0x0c4b
 .value	0x3d4b,0x3d4b
 .value	0x3d4b,0x3d4b
 .value	0x3d4b,0x3d4b
@@ -1345,30 +1345,30 @@ L_mlkem_avx2_zetas_inv:
 .value	0x3d4b,0x3d4b
 .value	0x3d4b,0x3d4b
 .value	0x3d4b,0x3d4b
-.value	0x6d8,0x6d8
-.value	0x6d8,0x6d8
-.value	0x6d8,0x6d8
-.value	0x6d8,0x6d8
-.value	0x6d8,0x6d8
-.value	0x6d8,0x6d8
-.value	0x6d8,0x6d8
-.value	0x6d8,0x6d8
-.value	0xed8,0xed8
-.value	0xed8,0xed8
-.value	0xed8,0xed8
-.value	0xed8,0xed8
-.value	0xed8,0xed8
-.value	0xed8,0xed8
-.value	0xed8,0xed8
-.value	0xed8,0xed8
-.value	0x773,0x773
-.value	0x773,0x773
-.value	0x773,0x773
-.value	0x773,0x773
-.value	0x773,0x773
-.value	0x773,0x773
-.value	0x773,0x773
-.value	0x773,0x773
+.value	0x06d8,0x06d8
+.value	0x06d8,0x06d8
+.value	0x06d8,0x06d8
+.value	0x06d8,0x06d8
+.value	0x06d8,0x06d8
+.value	0x06d8,0x06d8
+.value	0x06d8,0x06d8
+.value	0x06d8,0x06d8
+.value	0x0ed8,0x0ed8
+.value	0x0ed8,0x0ed8
+.value	0x0ed8,0x0ed8
+.value	0x0ed8,0x0ed8
+.value	0x0ed8,0x0ed8
+.value	0x0ed8,0x0ed8
+.value	0x0ed8,0x0ed8
+.value	0x0ed8,0x0ed8
+.value	0x0773,0x0773
+.value	0x0773,0x0773
+.value	0x0773,0x0773
+.value	0x0773,0x0773
+.value	0x0773,0x0773
+.value	0x0773,0x0773
+.value	0x0773,0x0773
+.value	0x0773,0x0773
 .value	0x3073,0x3073
 .value	0x3073,0x3073
 .value	0x3073,0x3073
@@ -1377,14 +1377,14 @@ L_mlkem_avx2_zetas_inv:
 .value	0x3073,0x3073
 .value	0x3073,0x3073
 .value	0x3073,0x3073
-.value	0x68c,0x68c
-.value	0x1cc,0x1cc
-.value	0x6db,0x6db
-.value	0x123,0x123
-.value	0xeb,0xeb
-.value	0xab6,0xab6
-.value	0xc50,0xc50
-.value	0xb5b,0xb5b
+.value	0x068c,0x068c
+.value	0x01cc,0x01cc
+.value	0x06db,0x06db
+.value	0x0123,0x0123
+.value	0x00eb,0x00eb
+.value	0x0ab6,0x0ab6
+.value	0x0c50,0x0c50
+.value	0x0b5b,0x0b5b
 .value	0xea8c,0xea8c
 .value	0xa5cc,0xa5cc
 .value	0xe7db,0xe7db
@@ -1393,14 +1393,14 @@ L_mlkem_avx2_zetas_inv:
 .value	0xccb6,0xccb6
 .value	0xfc50,0xfc50
 .value	0x6c5b,0x6c5b
-.value	0xc98,0xc98
-.value	0x99a,0x99a
-.value	0x6f3,0x6f3
-.value	0x4e3,0x4e3
-.value	0x9b6,0x9b6
-.value	0xb53,0xb53
-.value	0xad6,0xad6
-.value	0x44f,0x44f
+.value	0x0c98,0x0c98
+.value	0x099a,0x099a
+.value	0x06f3,0x06f3
+.value	0x04e3,0x04e3
+.value	0x09b6,0x09b6
+.value	0x0b53,0x0b53
+.value	0x0ad6,0x0ad6
+.value	0x044f,0x044f
 .value	0x5498,0x5498
 .value	0x379a,0x379a
 .value	0xaff3,0xaff3
@@ -1408,15 +1408,15 @@ L_mlkem_avx2_zetas_inv:
 .value	0xcbb6,0xcbb6
 .value	0xd453,0xd453
 .value	0x2cd6,0x2cd6
-.value	0x14f,0x14f
-.value	0x608,0x608
-.value	0x608,0x608
-.value	0x11a,0x11a
-.value	0x11a,0x11a
-.value	0x72e,0x72e
-.value	0x72e,0x72e
-.value	0x50d,0x50d
-.value	0x50d,0x50d
+.value	0x014f,0x014f
+.value	0x0608,0x0608
+.value	0x0608,0x0608
+.value	0x011a,0x011a
+.value	0x011a,0x011a
+.value	0x072e,0x072e
+.value	0x072e,0x072e
+.value	0x050d,0x050d
+.value	0x050d,0x050d
 .value	0x9e08,0x9e08
 .value	0x9e08,0x9e08
 .value	0xaf1a,0xaf1a
@@ -1425,14 +1425,14 @@ L_mlkem_avx2_zetas_inv:
 .value	0xb12e,0xb12e
 .value	0x5c0d,0x5c0d
 .value	0x5c0d,0x5c0d
-.value	0x90a,0x90a
-.value	0x90a,0x90a
-.value	0x228,0x228
-.value	0x228,0x228
-.value	0xa75,0xa75
-.value	0xa75,0xa75
-.value	0x83a,0x83a
-.value	0x83a,0x83a
+.value	0x090a,0x090a
+.value	0x090a,0x090a
+.value	0x0228,0x0228
+.value	0x0228,0x0228
+.value	0x0a75,0x0a75
+.value	0x0a75,0x0a75
+.value	0x083a,0x083a
+.value	0x083a,0x083a
 .value	0x870a,0x870a
 .value	0x870a,0x870a
 .value	0xfa28,0xfa28
@@ -1441,14 +1441,14 @@ L_mlkem_avx2_zetas_inv:
 .value	0x1975,0x1975
 .value	0x163a,0x163a
 .value	0x163a,0x163a
-.value	0xb82,0xb82
-.value	0xb82,0xb82
-.value	0xb82,0xb82
-.value	0xb82,0xb82
-.value	0xbf9,0xbf9
-.value	0xbf9,0xbf9
-.value	0xbf9,0xbf9
-.value	0xbf9,0xbf9
+.value	0x0b82,0x0b82
+.value	0x0b82,0x0b82
+.value	0x0b82,0x0b82
+.value	0x0b82,0x0b82
+.value	0x0bf9,0x0bf9
+.value	0x0bf9,0x0bf9
+.value	0x0bf9,0x0bf9
+.value	0x0bf9,0x0bf9
 .value	0x7182,0x7182
 .value	0x7182,0x7182
 .value	0x7182,0x7182
@@ -1457,14 +1457,14 @@ L_mlkem_avx2_zetas_inv:
 .value	0x66f9,0x66f9
 .value	0x66f9,0x66f9
 .value	0x66f9,0x66f9
-.value	0x52d,0x52d
-.value	0x52d,0x52d
-.value	0x52d,0x52d
-.value	0x52d,0x52d
-.value	0xac4,0xac4
-.value	0xac4,0xac4
-.value	0xac4,0xac4
-.value	0xac4,0xac4
+.value	0x052d,0x052d
+.value	0x052d,0x052d
+.value	0x052d,0x052d
+.value	0x052d,0x052d
+.value	0x0ac4,0x0ac4
+.value	0x0ac4,0x0ac4
+.value	0x0ac4,0x0ac4
+.value	0x0ac4,0x0ac4
 .value	0xbc2d,0xbc2d
 .value	0xbc2d,0xbc2d
 .value	0xbc2d,0xbc2d
@@ -1473,14 +1473,14 @@ L_mlkem_avx2_zetas_inv:
 .value	0x16c4,0x16c4
 .value	0x16c4,0x16c4
 .value	0x16c4,0x16c4
-.value	0xa93,0xa93
-.value	0xa93,0xa93
-.value	0xa93,0xa93
-.value	0xa93,0xa93
-.value	0xa93,0xa93
-.value	0xa93,0xa93
-.value	0xa93,0xa93
-.value	0xa93,0xa93
+.value	0x0a93,0x0a93
+.value	0x0a93,0x0a93
+.value	0x0a93,0x0a93
+.value	0x0a93,0x0a93
+.value	0x0a93,0x0a93
+.value	0x0a93,0x0a93
+.value	0x0a93,0x0a93
+.value	0x0a93,0x0a93
 .value	0x9393,0x9393
 .value	0x9393,0x9393
 .value	0x9393,0x9393
@@ -1489,14 +1489,14 @@ L_mlkem_avx2_zetas_inv:
 .value	0x9393,0x9393
 .value	0x9393,0x9393
 .value	0x9393,0x9393
-.value	0xab,0xab
-.value	0xab,0xab
-.value	0xab,0xab
-.value	0xab,0xab
-.value	0xab,0xab
-.value	0xab,0xab
-.value	0xab,0xab
-.value	0xab,0xab
+.value	0x00ab,0x00ab
+.value	0x00ab,0x00ab
+.value	0x00ab,0x00ab
+.value	0x00ab,0x00ab
+.value	0x00ab,0x00ab
+.value	0x00ab,0x00ab
+.value	0x00ab,0x00ab
+.value	0x00ab,0x00ab
 .value	0x51ab,0x51ab
 .value	0x51ab,0x51ab
 .value	0x51ab,0x51ab
@@ -1505,14 +1505,14 @@ L_mlkem_avx2_zetas_inv:
 .value	0x51ab,0x51ab
 .value	0x51ab,0x51ab
 .value	0x51ab,0x51ab
-.value	0x72c,0x72c
-.value	0x72c,0x72c
-.value	0x72c,0x72c
-.value	0x72c,0x72c
-.value	0x72c,0x72c
-.value	0x72c,0x72c
-.value	0x72c,0x72c
-.value	0x72c,0x72c
+.value	0x072c,0x072c
+.value	0x072c,0x072c
+.value	0x072c,0x072c
+.value	0x072c,0x072c
+.value	0x072c,0x072c
+.value	0x072c,0x072c
+.value	0x072c,0x072c
+.value	0x072c,0x072c
 .value	0xcb2c,0xcb2c
 .value	0xcb2c,0xcb2c
 .value	0xcb2c,0xcb2c
@@ -1521,14 +1521,14 @@ L_mlkem_avx2_zetas_inv:
 .value	0xcb2c,0xcb2c
 .value	0xcb2c,0xcb2c
 .value	0xcb2c,0xcb2c
-.value	0x167,0x167
-.value	0x167,0x167
-.value	0x167,0x167
-.value	0x167,0x167
-.value	0x167,0x167
-.value	0x167,0x167
-.value	0x167,0x167
-.value	0x167,0x167
+.value	0x0167,0x0167
+.value	0x0167,0x0167
+.value	0x0167,0x0167
+.value	0x0167,0x0167
+.value	0x0167,0x0167
+.value	0x0167,0x0167
+.value	0x0167,0x0167
+.value	0x0167,0x0167
 .value	0xc667,0xc667
 .value	0xc667,0xc667
 .value	0xc667,0xc667
@@ -1537,14 +1537,14 @@ L_mlkem_avx2_zetas_inv:
 .value	0xc667,0xc667
 .value	0xc667,0xc667
 .value	0xc667,0xc667
-.value	0x2f6,0x2f6
-.value	0x2f6,0x2f6
-.value	0x2f6,0x2f6
-.value	0x2f6,0x2f6
-.value	0x2f6,0x2f6
-.value	0x2f6,0x2f6
-.value	0x2f6,0x2f6
-.value	0x2f6,0x2f6
+.value	0x02f6,0x02f6
+.value	0x02f6,0x02f6
+.value	0x02f6,0x02f6
+.value	0x02f6,0x02f6
+.value	0x02f6,0x02f6
+.value	0x02f6,0x02f6
+.value	0x02f6,0x02f6
+.value	0x02f6,0x02f6
 .value	0x84f6,0x84f6
 .value	0x84f6,0x84f6
 .value	0x84f6,0x84f6
@@ -1553,14 +1553,14 @@ L_mlkem_avx2_zetas_inv:
 .value	0x84f6,0x84f6
 .value	0x84f6,0x84f6
 .value	0x84f6,0x84f6
-.value	0x5a1,0x5a1
-.value	0x5a1,0x5a1
-.value	0x5a1,0x5a1
-.value	0x5a1,0x5a1
-.value	0x5a1,0x5a1
-.value	0x5a1,0x5a1
-.value	0x5a1,0x5a1
-.value	0x5a1,0x5a1
+.value	0x05a1,0x05a1
+.value	0x05a1,0x05a1
+.value	0x05a1,0x05a1
+.value	0x05a1,0x05a1
+.value	0x05a1,0x05a1
+.value	0x05a1,0x05a1
+.value	0x05a1,0x05a1
+.value	0x05a1,0x05a1
 .value	0xd8a1,0xd8a1
 .value	0xd8a1,0xd8a1
 .value	0xd8a1,0xd8a1
@@ -12039,7 +12039,7 @@ L_mlkem_rej_idx:
 .quad	0xffffff0e0c0a0806,0xffff0e0c0a080600
 .quad	0xffff0e0c0a080602,0xff0e0c0a08060200
 .quad	0xffff0e0c0a080604,0xff0e0c0a08060400
-.quad	0xff0e0c0a08060402,0xe0c0a0806040200
+.quad	0xff0e0c0a08060402,0x0e0c0a0806040200
 #ifndef __APPLE__
 .data
 #else
@@ -13562,14 +13562,14 @@ _mlkem_cbd_eta2_avx2:
 .p2align	4
 #endif /* __APPLE__ */
 L_mlkem_compress_10_avx2_mask:
-.value	0x3ff,0x3ff
-.value	0x3ff,0x3ff
-.value	0x3ff,0x3ff
-.value	0x3ff,0x3ff
-.value	0x3ff,0x3ff
-.value	0x3ff,0x3ff
-.value	0x3ff,0x3ff
-.value	0x3ff,0x3ff
+.value	0x03ff,0x03ff
+.value	0x03ff,0x03ff
+.value	0x03ff,0x03ff
+.value	0x03ff,0x03ff
+.value	0x03ff,0x03ff
+.value	0x03ff,0x03ff
+.value	0x03ff,0x03ff
+.value	0x03ff,0x03ff
 #ifndef __APPLE__
 .data
 #else
@@ -13645,14 +13645,14 @@ L_mlkem_compress_10_avx2_v:
 .p2align	4
 #endif /* __APPLE__ */
 L_mlkem_compress_10_avx2_offset:
-.value	0xf,0xf
-.value	0xf,0xf
-.value	0xf,0xf
-.value	0xf,0xf
-.value	0xf,0xf
-.value	0xf,0xf
-.value	0xf,0xf
-.value	0xf,0xf
+.value	0x000f,0x000f
+.value	0x000f,0x000f
+.value	0x000f,0x000f
+.value	0x000f,0x000f
+.value	0x000f,0x000f
+.value	0x000f,0x000f
+.value	0x000f,0x000f
+.value	0x000f,0x000f
 #ifndef __APPLE__
 .data
 #else
@@ -14034,8 +14034,8 @@ L_mlkem_decompress_10_avx2_sllv:
 .section	__DATA,__data
 #endif /* __APPLE__ */
 L_mlkem_decompress_10_avx2_q:
-.long	0xd013404,0xd013404,0xd013404,0xd013404
-.long	0xd013404,0xd013404,0xd013404,0xd013404
+.long	0x0d013404,0x0d013404,0x0d013404,0x0d013404
+.long	0x0d013404,0x0d013404,0x0d013404,0x0d013404
 #ifndef __APPLE__
 .data
 #else
@@ -14223,14 +14223,14 @@ L_mlkem_compress_11_avx2_v:
 .p2align	4
 #endif /* __APPLE__ */
 L_mlkem_compress_11_avx2_off:
-.value	0x24,0x24
-.value	0x24,0x24
-.value	0x24,0x24
-.value	0x24,0x24
-.value	0x24,0x24
-.value	0x24,0x24
-.value	0x24,0x24
-.value	0x24,0x24
+.value	0x0024,0x0024
+.value	0x0024,0x0024
+.value	0x0024,0x0024
+.value	0x0024,0x0024
+.value	0x0024,0x0024
+.value	0x0024,0x0024
+.value	0x0024,0x0024
+.value	0x0024,0x0024
 #ifndef __APPLE__
 .data
 #else
@@ -14261,14 +14261,14 @@ L_mlkem_compress_11_avx2_shift13:
 .p2align	4
 #endif /* __APPLE__ */
 L_mlkem_compress_11_avx2_mask:
-.value	0x7ff,0x7ff
-.value	0x7ff,0x7ff
-.value	0x7ff,0x7ff
-.value	0x7ff,0x7ff
-.value	0x7ff,0x7ff
-.value	0x7ff,0x7ff
-.value	0x7ff,0x7ff
-.value	0x7ff,0x7ff
+.value	0x07ff,0x07ff
+.value	0x07ff,0x07ff
+.value	0x07ff,0x07ff
+.value	0x07ff,0x07ff
+.value	0x07ff,0x07ff
+.value	0x07ff,0x07ff
+.value	0x07ff,0x07ff
+.value	0x07ff,0x07ff
 #ifndef __APPLE__
 .data
 #else
@@ -14288,8 +14288,8 @@ L_mlkem_compress_11_avx2_shift:
 .section	__DATA,__data
 #endif /* __APPLE__ */
 L_mlkem_compress_11_avx2_sllvd:
-.long	0xa,0x0,0xa,0x0
-.long	0xa,0x0,0xa,0x0
+.long	0x0000000a,0x00000000,0x0000000a,0x00000000
+.long	0x0000000a,0x00000000,0x0000000a,0x00000000
 #ifndef __APPLE__
 .data
 #else
@@ -14717,14 +14717,14 @@ L_mlkem_compress_11_avx2_start:
 .p2align	4
 #endif /* __APPLE__ */
 L_mlkem_decompress_11_avx2_q:
-.value	0xd01,0xd01
-.value	0xd01,0xd01
-.value	0xd01,0xd01
-.value	0xd01,0xd01
-.value	0xd01,0xd01
-.value	0xd01,0xd01
-.value	0xd01,0xd01
-.value	0xd01,0xd01
+.value	0x0d01,0x0d01
+.value	0x0d01,0x0d01
+.value	0x0d01,0x0d01
+.value	0x0d01,0x0d01
+.value	0x0d01,0x0d01
+.value	0x0d01,0x0d01
+.value	0x0d01,0x0d01
+.value	0x0d01,0x0d01
 #ifndef __APPLE__
 .data
 #else
@@ -14750,8 +14750,8 @@ L_mlkem_decompress_11_avx2_shuf:
 .section	__DATA,__data
 #endif /* __APPLE__ */
 L_mlkem_decompress_11_avx2_sllv:
-.long	0x0,0x1,0x0,0x0
-.long	0x0,0x1,0x0,0x0
+.long	0x00000000,0x00000001,0x00000000,0x00000000
+.long	0x00000000,0x00000001,0x00000000,0x00000000
 #ifndef __APPLE__
 .data
 #else
@@ -14776,14 +14776,14 @@ L_mlkem_decompress_11_avx2_srlv:
 .p2align	4
 #endif /* __APPLE__ */
 L_mlkem_decompress_11_avx2_shift:
-.value	0x20,0x4
-.value	0x1,0x20
-.value	0x8,0x1
-.value	0x20,0x4
-.value	0x20,0x4
-.value	0x1,0x20
-.value	0x8,0x1
-.value	0x20,0x4
+.value	0x0020,0x0004
+.value	0x0001,0x0020
+.value	0x0008,0x0001
+.value	0x0020,0x0004
+.value	0x0020,0x0004
+.value	0x0001,0x0020
+.value	0x0008,0x0001
+.value	0x0020,0x0004
 #ifndef __APPLE__
 .data
 #else
@@ -14986,14 +14986,14 @@ L_mlkem_decompress_11_avx2_start:
 .p2align	4
 #endif /* __APPLE__ */
 L_mlkem_compress_4_avx2_mask:
-.value	0xf,0xf
-.value	0xf,0xf
-.value	0xf,0xf
-.value	0xf,0xf
-.value	0xf,0xf
-.value	0xf,0xf
-.value	0xf,0xf
-.value	0xf,0xf
+.value	0x000f,0x000f
+.value	0x000f,0x000f
+.value	0x000f,0x000f
+.value	0x000f,0x000f
+.value	0x000f,0x000f
+.value	0x000f,0x000f
+.value	0x000f,0x000f
+.value	0x000f,0x000f
 #ifndef __APPLE__
 .data
 #else
@@ -15005,22 +15005,22 @@ L_mlkem_compress_4_avx2_mask:
 .p2align	4
 #endif /* __APPLE__ */
 L_mlkem_compress_4_avx2_shift:
-.value	0x200,0x200
-.value	0x200,0x200
-.value	0x200,0x200
-.value	0x200,0x200
-.value	0x200,0x200
-.value	0x200,0x200
-.value	0x200,0x200
-.value	0x200,0x200
+.value	0x0200,0x0200
+.value	0x0200,0x0200
+.value	0x0200,0x0200
+.value	0x0200,0x0200
+.value	0x0200,0x0200
+.value	0x0200,0x0200
+.value	0x0200,0x0200
+.value	0x0200,0x0200
 #ifndef __APPLE__
 .data
 #else
 .section	__DATA,__data
 #endif /* __APPLE__ */
 L_mlkem_compress_4_avx2_perm:
-.long	0x0,0x4,0x1,0x5
-.long	0x2,0x6,0x3,0x7
+.long	0x00000000,0x00000004,0x00000001,0x00000005
+.long	0x00000002,0x00000006,0x00000003,0x00000007
 #ifndef __APPLE__
 .data
 #else
@@ -15163,16 +15163,16 @@ _mlkem_compress_4_avx2:
 .section	__DATA,__data
 #endif /* __APPLE__ */
 L_mlkem_decompress_4_avx2_mask:
-.long	0xf0000f,0xf0000f,0xf0000f,0xf0000f
-.long	0xf0000f,0xf0000f,0xf0000f,0xf0000f
+.long	0x00f0000f,0x00f0000f,0x00f0000f,0x00f0000f
+.long	0x00f0000f,0x00f0000f,0x00f0000f,0x00f0000f
 #ifndef __APPLE__
 .data
 #else
 .section	__DATA,__data
 #endif /* __APPLE__ */
 L_mlkem_decompress_4_avx2_shift:
-.long	0x800800,0x800800,0x800800,0x800800
-.long	0x800800,0x800800,0x800800,0x800800
+.long	0x00800800,0x00800800,0x00800800,0x00800800
+.long	0x00800800,0x00800800,0x00800800,0x00800800
 #ifndef __APPLE__
 .data
 #else
@@ -15184,14 +15184,14 @@ L_mlkem_decompress_4_avx2_shift:
 .p2align	4
 #endif /* __APPLE__ */
 L_mlkem_decompress_4_avx2_q:
-.value	0xd01,0xd01
-.value	0xd01,0xd01
-.value	0xd01,0xd01
-.value	0xd01,0xd01
-.value	0xd01,0xd01
-.value	0xd01,0xd01
-.value	0xd01,0xd01
-.value	0xd01,0xd01
+.value	0x0d01,0x0d01
+.value	0x0d01,0x0d01
+.value	0x0d01,0x0d01
+.value	0x0d01,0x0d01
+.value	0x0d01,0x0d01
+.value	0x0d01,0x0d01
+.value	0x0d01,0x0d01
+.value	0x0d01,0x0d01
 #ifndef __APPLE__
 .data
 #else
@@ -15358,14 +15358,14 @@ L_mlkem_compress_5_avx2_v:
 .p2align	4
 #endif /* __APPLE__ */
 L_mlkem_compress_5_avx2_shift:
-.value	0x400,0x400
-.value	0x400,0x400
-.value	0x400,0x400
-.value	0x400,0x400
-.value	0x400,0x400
-.value	0x400,0x400
-.value	0x400,0x400
-.value	0x400,0x400
+.value	0x0400,0x0400
+.value	0x0400,0x0400
+.value	0x0400,0x0400
+.value	0x0400,0x0400
+.value	0x0400,0x0400
+.value	0x0400,0x0400
+.value	0x0400,0x0400
+.value	0x0400,0x0400
 #ifndef __APPLE__
 .data
 #else
@@ -15377,14 +15377,14 @@ L_mlkem_compress_5_avx2_shift:
 .p2align	4
 #endif /* __APPLE__ */
 L_mlkem_compress_5_avx2_mask:
-.value	0x1f,0x1f
-.value	0x1f,0x1f
-.value	0x1f,0x1f
-.value	0x1f,0x1f
-.value	0x1f,0x1f
-.value	0x1f,0x1f
-.value	0x1f,0x1f
-.value	0x1f,0x1f
+.value	0x001f,0x001f
+.value	0x001f,0x001f
+.value	0x001f,0x001f
+.value	0x001f,0x001f
+.value	0x001f,0x001f
+.value	0x001f,0x001f
+.value	0x001f,0x001f
+.value	0x001f,0x001f
 #ifndef __APPLE__
 .data
 #else
@@ -15410,8 +15410,8 @@ L_mlkem_compress_5_avx2_shift1:
 .section	__DATA,__data
 #endif /* __APPLE__ */
 L_mlkem_compress_5_avx2_shift2:
-.long	0x4000001,0x4000001,0x4000001,0x4000001
-.long	0x4000001,0x4000001,0x4000001,0x4000001
+.long	0x04000001,0x04000001,0x04000001,0x04000001
+.long	0x04000001,0x04000001,0x04000001,0x04000001
 #ifndef __APPLE__
 .data
 #else
@@ -15608,14 +15608,14 @@ _mlkem_compress_5_avx2:
 .p2align	4
 #endif /* __APPLE__ */
 L_mlkem_decompress_5_avx2_q:
-.value	0xd01,0xd01
-.value	0xd01,0xd01
-.value	0xd01,0xd01
-.value	0xd01,0xd01
-.value	0xd01,0xd01
-.value	0xd01,0xd01
-.value	0xd01,0xd01
-.value	0xd01,0xd01
+.value	0x0d01,0x0d01
+.value	0x0d01,0x0d01
+.value	0x0d01,0x0d01
+.value	0x0d01,0x0d01
+.value	0x0d01,0x0d01
+.value	0x0d01,0x0d01
+.value	0x0d01,0x0d01
+.value	0x0d01,0x0d01
 #ifndef __APPLE__
 .data
 #else
@@ -15646,14 +15646,14 @@ L_mlkem_decompress_5_avx2_shuf:
 .p2align	4
 #endif /* __APPLE__ */
 L_mlkem_decompress_5_avx2_mask:
-.value	0x1f,0x3e0
-.value	0x7c,0xf80
-.value	0x1f0,0x3e
-.value	0x7c0,0xfb
-.value	0x1f,0x3e0
-.value	0x7c,0xf80
-.value	0x1f0,0x3e
-.value	0x7c0,0xfb
+.value	0x001f,0x03e0
+.value	0x007c,0x0f80
+.value	0x01f0,0x003e
+.value	0x07c0,0x00fb
+.value	0x001f,0x03e0
+.value	0x007c,0x0f80
+.value	0x01f0,0x003e
+.value	0x07c0,0x00fb
 #ifndef __APPLE__
 .data
 #else
@@ -15665,14 +15665,14 @@ L_mlkem_decompress_5_avx2_mask:
 .p2align	4
 #endif /* __APPLE__ */
 L_mlkem_decompress_5_avx2_shift:
-.value	0x400,0x20
-.value	0x100,0x8
-.value	0x40,0x200
-.value	0x10,0x80
-.value	0x400,0x20
-.value	0x100,0x8
-.value	0x40,0x200
-.value	0x10,0x80
+.value	0x0400,0x0020
+.value	0x0100,0x0008
+.value	0x0040,0x0200
+.value	0x0010,0x0080
+.value	0x0400,0x0020
+.value	0x0100,0x0008
+.value	0x0040,0x0200
+.value	0x0010,0x0080
 #ifndef __APPLE__
 .text
 .globl	mlkem_decompress_5_avx2
@@ -15779,7 +15779,10 @@ _mlkem_decompress_5_avx2:
         vpmullw	%ymm4, %ymm0, %ymm0
         vpmulhrsw	%ymm1, %ymm0, %ymm0
         vmovdqu	%ymm0, 448(%rdi)
-        vbroadcasti128	150(%rsi), %ymm0
+        vmovq	150(%rsi), %xmm0
+        movzwq	158(%rsi), %rdx
+        vpinsrq	$0x01, %rdx, %xmm0, %xmm0
+        vinserti128	$0x01, %xmm0, %ymm0, %ymm0
         vpshufb	%ymm2, %ymm0, %ymm0
         vpand	%ymm3, %ymm0, %ymm0
         vpmullw	%ymm4, %ymm0, %ymm0
@@ -15796,8 +15799,8 @@ _mlkem_decompress_5_avx2:
 .section	__DATA,__data
 #endif /* __APPLE__ */
 L_mlkem_from_msg_avx2_shift:
-.long	0x3,0x2,0x1,0x0
-.long	0x3,0x2,0x1,0x0
+.long	0x00000003,0x00000002,0x00000001,0x00000000
+.long	0x00000003,0x00000002,0x00000001,0x00000000
 #ifndef __APPLE__
 .data
 #else
@@ -15828,14 +15831,14 @@ L_mlkem_from_msg_avx2_shuf:
 .p2align	4
 #endif /* __APPLE__ */
 L_mlkem_from_msg_avx2_hqs:
-.value	0x681,0x681
-.value	0x681,0x681
-.value	0x681,0x681
-.value	0x681,0x681
-.value	0x681,0x681
-.value	0x681,0x681
-.value	0x681,0x681
-.value	0x681,0x681
+.value	0x0681,0x0681
+.value	0x0681,0x0681
+.value	0x0681,0x0681
+.value	0x0681,0x0681
+.value	0x0681,0x0681
+.value	0x0681,0x0681
+.value	0x0681,0x0681
+.value	0x0681,0x0681
 #ifndef __APPLE__
 .text
 .globl	mlkem_from_msg_avx2
@@ -15972,14 +15975,14 @@ _mlkem_from_msg_avx2:
 .p2align	4
 #endif /* __APPLE__ */
 L_mlkem_to_msg_avx2_hqs:
-.value	0x680,0x680
-.value	0x680,0x680
-.value	0x680,0x680
-.value	0x680,0x680
-.value	0x680,0x680
-.value	0x680,0x680
-.value	0x680,0x680
-.value	0x680,0x680
+.value	0x0680,0x0680
+.value	0x0680,0x0680
+.value	0x0680,0x0680
+.value	0x0680,0x0680
+.value	0x0680,0x0680
+.value	0x0680,0x0680
+.value	0x0680,0x0680
+.value	0x0680,0x0680
 #ifndef __APPLE__
 .data
 #else
@@ -16139,8 +16142,8 @@ L_mlkem_from_bytes_avx2_shuf:
 .section	__DATA,__data
 #endif /* __APPLE__ */
 L_mlkem_from_bytes_avx2_mask:
-.long	0xfff,0xfff,0xfff,0xfff
-.long	0xfff,0xfff,0xfff,0xfff
+.long	0x00000fff,0x00000fff,0x00000fff,0x00000fff
+.long	0x00000fff,0x00000fff,0x00000fff,0x00000fff
 #ifndef __APPLE__
 .text
 .globl	mlkem_from_bytes_avx2
@@ -16307,8 +16310,8 @@ _mlkem_from_bytes_avx2:
 .section	__DATA,__data
 #endif /* __APPLE__ */
 L_mlkem_to_bytes_avx2_mask:
-.long	0xfff,0xfff,0xfff,0xfff
-.long	0xfff,0xfff,0xfff,0xfff
+.long	0x00000fff,0x00000fff,0x00000fff,0x00000fff
+.long	0x00000fff,0x00000fff,0x00000fff,0x00000fff
 #ifndef __APPLE__
 .data
 #else
@@ -16334,8 +16337,8 @@ L_mlkem_to_bytes_avx2_shuf:
 .section	__DATA,__data
 #endif /* __APPLE__ */
 L_mlkem_to_bytes_avx2_perm:
-.long	0x0,0x1,0x2,0x7
-.long	0x4,0x5,0x3,0x6
+.long	0x00000000,0x00000001,0x00000002,0x00000007
+.long	0x00000004,0x00000005,0x00000003,0x00000006
 #ifndef __APPLE__
 .text
 .globl	mlkem_to_bytes_avx2
@@ -17075,10820 +17078,6 @@ _mlkem_redistribute_8_rand_avx2:
 #ifndef __APPLE__
 .size	mlkem_redistribute_8_rand_avx2,.-mlkem_redistribute_8_rand_avx2
 #endif /* __APPLE__ */
-#ifndef __APPLE__
-.data
-#else
-.section	__DATA,__data
-#endif /* __APPLE__ */
-#ifndef __APPLE__
-.align	16
-#else
-.p2align	4
-#endif /* __APPLE__ */
-L_sha3_parallel_4_r:
-.quad	0x1,0x1
-.quad	0x1,0x1
-.quad	0x8082,0x8082
-.quad	0x8082,0x8082
-.quad	0x800000000000808a,0x800000000000808a
-.quad	0x800000000000808a,0x800000000000808a
-.quad	0x8000000080008000,0x8000000080008000
-.quad	0x8000000080008000,0x8000000080008000
-.quad	0x808b,0x808b
-.quad	0x808b,0x808b
-.quad	0x80000001,0x80000001
-.quad	0x80000001,0x80000001
-.quad	0x8000000080008081,0x8000000080008081
-.quad	0x8000000080008081,0x8000000080008081
-.quad	0x8000000000008009,0x8000000000008009
-.quad	0x8000000000008009,0x8000000000008009
-.quad	0x8a,0x8a
-.quad	0x8a,0x8a
-.quad	0x88,0x88
-.quad	0x88,0x88
-.quad	0x80008009,0x80008009
-.quad	0x80008009,0x80008009
-.quad	0x8000000a,0x8000000a
-.quad	0x8000000a,0x8000000a
-.quad	0x8000808b,0x8000808b
-.quad	0x8000808b,0x8000808b
-.quad	0x800000000000008b,0x800000000000008b
-.quad	0x800000000000008b,0x800000000000008b
-.quad	0x8000000000008089,0x8000000000008089
-.quad	0x8000000000008089,0x8000000000008089
-.quad	0x8000000000008003,0x8000000000008003
-.quad	0x8000000000008003,0x8000000000008003
-.quad	0x8000000000008002,0x8000000000008002
-.quad	0x8000000000008002,0x8000000000008002
-.quad	0x8000000000000080,0x8000000000000080
-.quad	0x8000000000000080,0x8000000000000080
-.quad	0x800a,0x800a
-.quad	0x800a,0x800a
-.quad	0x800000008000000a,0x800000008000000a
-.quad	0x800000008000000a,0x800000008000000a
-.quad	0x8000000080008081,0x8000000080008081
-.quad	0x8000000080008081,0x8000000080008081
-.quad	0x8000000000008080,0x8000000000008080
-.quad	0x8000000000008080,0x8000000000008080
-.quad	0x80000001,0x80000001
-.quad	0x80000001,0x80000001
-.quad	0x8000000080008008,0x8000000080008008
-.quad	0x8000000080008008,0x8000000080008008
-#ifndef __APPLE__
-.data
-#else
-.section	__DATA,__data
-#endif /* __APPLE__ */
-#ifndef __APPLE__
-.align	32
-#else
-.p2align	5
-#endif /* __APPLE__ */
-L_sha3_128_blockx4_seed_avx2_end_mark:
-.quad	0x8000000000000000, 0x8000000000000000
-.quad	0x8000000000000000, 0x8000000000000000
-#ifndef __APPLE__
-.text
-.globl	mlkem_sha3_128_blocksx4_seed_avx2
-.type	mlkem_sha3_128_blocksx4_seed_avx2,@function
-.align	16
-mlkem_sha3_128_blocksx4_seed_avx2:
-#else
-.section	__TEXT,__text
-.globl	_mlkem_sha3_128_blocksx4_seed_avx2
-.p2align	4
-_mlkem_sha3_128_blocksx4_seed_avx2:
-#endif /* __APPLE__ */
-        leaq	L_sha3_parallel_4_r(%rip), %rdx
-        movq	%rdi, %rax
-        movq	%rdi, %rcx
-        vpbroadcastq	(%rsi), %ymm15
-        addq	$0x80, %rdi
-        vpbroadcastq	8(%rsi), %ymm11
-        addq	$0x180, %rax
-        vpbroadcastq	16(%rsi), %ymm12
-        addq	$0x280, %rcx
-        vpbroadcastq	24(%rsi), %ymm13
-        vmovdqu	L_sha3_128_blockx4_seed_avx2_end_mark(%rip), %ymm5
-        vpxor	%ymm6, %ymm6, %ymm6
-        vmovdqu	%ymm11, -96(%rdi)
-        vmovdqu	%ymm12, -64(%rdi)
-        vmovdqu	%ymm13, -32(%rdi)
-        vmovdqu	(%rdi), %ymm14
-        vmovdqu	%ymm6, 32(%rdi)
-        vmovdqu	%ymm6, 64(%rdi)
-        vmovdqu	%ymm6, 96(%rdi)
-        vmovdqu	%ymm6, 128(%rdi)
-        vmovdqu	%ymm6, -96(%rax)
-        vmovdqu	%ymm6, -64(%rax)
-        vmovdqu	%ymm6, -32(%rax)
-        vmovdqu	%ymm6, (%rax)
-        vmovdqu	%ymm6, 32(%rax)
-        vmovdqu	%ymm6, 64(%rax)
-        vmovdqu	%ymm6, 96(%rax)
-        vmovdqu	%ymm6, 128(%rax)
-        vmovdqu	%ymm6, -96(%rcx)
-        vmovdqu	%ymm6, -64(%rcx)
-        vmovdqu	%ymm6, -32(%rcx)
-        vmovdqu	%ymm5, (%rcx)
-        vmovdqu	%ymm6, 32(%rcx)
-        vmovdqu	%ymm6, 64(%rcx)
-        vmovdqu	%ymm6, 96(%rcx)
-        vmovdqu	%ymm6, 128(%rcx)
-        vpxor	%ymm5, %ymm15, %ymm10
-        # Round 0
-        # Calc b[0..4]
-        # Calc t[0..4]
-        vpsrlq	$63, %ymm11, %ymm0
-        vpsrlq	$63, %ymm12, %ymm1
-        vpsrlq	$63, %ymm13, %ymm2
-        vpsrlq	$63, %ymm14, %ymm3
-        vpsrlq	$63, %ymm10, %ymm4
-        vpaddq	%ymm11, %ymm11, %ymm5
-        vpaddq	%ymm12, %ymm12, %ymm6
-        vpaddq	%ymm13, %ymm13, %ymm7
-        vpaddq	%ymm14, %ymm14, %ymm8
-        vpaddq	%ymm10, %ymm10, %ymm9
-        vpor	%ymm0, %ymm5, %ymm5
-        vpor	%ymm1, %ymm6, %ymm6
-        vpor	%ymm2, %ymm7, %ymm7
-        vpor	%ymm3, %ymm8, %ymm8
-        vpor	%ymm4, %ymm9, %ymm9
-        vpxor	%ymm14, %ymm5, %ymm5
-        vpxor	%ymm10, %ymm6, %ymm6
-        vpxor	%ymm11, %ymm7, %ymm7
-        vpxor	%ymm12, %ymm8, %ymm8
-        vpxor	%ymm13, %ymm9, %ymm9
-        # Row Mix
-        # Row 0
-        vpxor	%ymm15, %ymm5, %ymm10
-        vpxor	64(%rdi), %ymm6, %ymm11
-        vpxor	(%rax), %ymm7, %ymm12
-        vpxor	-64(%rcx), %ymm8, %ymm13
-        vpxor	128(%rcx), %ymm9, %ymm14
-        vpsrlq	$20, %ymm11, %ymm0
-        vpsrlq	$21, %ymm12, %ymm1
-        vpsrlq	$43, %ymm13, %ymm2
-        vpsrlq	$50, %ymm14, %ymm3
-        vpsllq	$44, %ymm11, %ymm11
-        vpsllq	$43, %ymm12, %ymm12
-        vpsllq	$21, %ymm13, %ymm13
-        vpsllq	$14, %ymm14, %ymm14
-        vpor	%ymm0, %ymm11, %ymm11
-        vpor	%ymm1, %ymm12, %ymm12
-        vpor	%ymm2, %ymm13, %ymm13
-        vpor	%ymm3, %ymm14, %ymm14
-        vpandn	%ymm12, %ymm11, %ymm15
-        vpandn	%ymm13, %ymm12, %ymm1
-        vpandn	%ymm14, %ymm13, %ymm2
-        vpandn	%ymm10, %ymm14, %ymm3
-        vpandn	%ymm11, %ymm10, %ymm4
-        vpxor	%ymm10, %ymm15, %ymm15
-        vpxor	%ymm11, %ymm1, %ymm1
-        vpxor	%ymm12, %ymm2, %ymm2
-        # XOR in constant
-        vpxor	(%rdx), %ymm15, %ymm15
-        vpxor	%ymm13, %ymm3, %ymm3
-        vpxor	%ymm14, %ymm4, %ymm4
-        vmovdqu	%ymm1, 64(%rdi)
-        vmovdqu	%ymm2, (%rax)
-        vmovdqu	%ymm3, -64(%rcx)
-        vmovdqu	%ymm4, 128(%rcx)
-        # Row 1
-        vpxor	-32(%rdi), %ymm8, %ymm10
-        vpxor	-96(%rax), %ymm9, %ymm11
-        vpxor	-64(%rax), %ymm5, %ymm12
-        vpxor	128(%rax), %ymm6, %ymm13
-        vpxor	64(%rcx), %ymm7, %ymm14
-        vpsrlq	$36, %ymm10, %ymm0
-        vpsrlq	$44, %ymm11, %ymm1
-        vpsrlq	$61, %ymm12, %ymm2
-        vpsrlq	$19, %ymm13, %ymm3
-        vpsrlq	$3, %ymm14, %ymm4
-        vpsllq	$28, %ymm10, %ymm10
-        vpsllq	$20, %ymm11, %ymm11
-        vpsllq	$3, %ymm12, %ymm12
-        vpsllq	$45, %ymm13, %ymm13
-        vpsllq	$61, %ymm14, %ymm14
-        vpor	%ymm0, %ymm10, %ymm10
-        vpor	%ymm1, %ymm11, %ymm11
-        vpor	%ymm2, %ymm12, %ymm12
-        vpor	%ymm3, %ymm13, %ymm13
-        vpor	%ymm4, %ymm14, %ymm14
-        vpandn	%ymm12, %ymm11, %ymm0
-        vpandn	%ymm13, %ymm12, %ymm1
-        vpandn	%ymm14, %ymm13, %ymm2
-        vpandn	%ymm10, %ymm14, %ymm3
-        vpandn	%ymm11, %ymm10, %ymm4
-        vpxor	%ymm10, %ymm0, %ymm0
-        vpxor	%ymm11, %ymm1, %ymm1
-        vpxor	%ymm12, %ymm2, %ymm2
-        vpxor	%ymm13, %ymm3, %ymm3
-        vpxor	%ymm14, %ymm4, %ymm4
-        vmovdqu	%ymm0, -32(%rdi)
-        vmovdqu	%ymm1, -96(%rax)
-        vmovdqu	%ymm2, -64(%rax)
-        vmovdqu	%ymm3, 128(%rax)
-        vmovdqu	%ymm4, 64(%rcx)
-        # Row 2
-        vpxor	-96(%rdi), %ymm6, %ymm10
-        vpxor	96(%rdi), %ymm7, %ymm11
-        vpxor	32(%rax), %ymm8, %ymm12
-        vpxor	-32(%rcx), %ymm9, %ymm13
-        vpxor	(%rcx), %ymm5, %ymm14
-        vpsrlq	$63, %ymm10, %ymm0
-        vpsrlq	$58, %ymm11, %ymm1
-        vpsrlq	$39, %ymm12, %ymm2
-        vpsrlq	$56, %ymm13, %ymm3
-        vpsrlq	$46, %ymm14, %ymm4
-        vpaddq	%ymm10, %ymm10, %ymm10
-        vpsllq	$6, %ymm11, %ymm11
-        vpsllq	$25, %ymm12, %ymm12
-        vpsllq	$8, %ymm13, %ymm13
-        vpsllq	$18, %ymm14, %ymm14
-        vpor	%ymm0, %ymm10, %ymm10
-        vpor	%ymm1, %ymm11, %ymm11
-        vpor	%ymm2, %ymm12, %ymm12
-        vpor	%ymm3, %ymm13, %ymm13
-        vpor	%ymm4, %ymm14, %ymm14
-        vpandn	%ymm12, %ymm11, %ymm0
-        vpandn	%ymm13, %ymm12, %ymm1
-        vpandn	%ymm14, %ymm13, %ymm2
-        vpandn	%ymm10, %ymm14, %ymm3
-        vpandn	%ymm11, %ymm10, %ymm4
-        vpxor	%ymm10, %ymm0, %ymm0
-        vpxor	%ymm11, %ymm1, %ymm1
-        vpxor	%ymm12, %ymm2, %ymm2
-        vpxor	%ymm13, %ymm3, %ymm3
-        vpxor	%ymm14, %ymm4, %ymm4
-        vmovdqu	%ymm0, -96(%rdi)
-        vmovdqu	%ymm1, 96(%rdi)
-        vmovdqu	%ymm2, 32(%rax)
-        vmovdqu	%ymm3, -32(%rcx)
-        vmovdqu	%ymm4, (%rcx)
-        # Row 3
-        vpxor	(%rdi), %ymm9, %ymm10
-        vpxor	32(%rdi), %ymm5, %ymm11
-        vpxor	-32(%rax), %ymm6, %ymm12
-        vpxor	-96(%rcx), %ymm7, %ymm13
-        vpxor	96(%rcx), %ymm8, %ymm14
-        vpsrlq	$37, %ymm10, %ymm0
-        vpsrlq	$28, %ymm11, %ymm1
-        vpsrlq	$54, %ymm12, %ymm2
-        vpsrlq	$49, %ymm13, %ymm3
-        vpsrlq	$8, %ymm14, %ymm4
-        vpsllq	$27, %ymm10, %ymm10
-        vpsllq	$36, %ymm11, %ymm11
-        vpsllq	$10, %ymm12, %ymm12
-        vpsllq	$15, %ymm13, %ymm13
-        vpsllq	$56, %ymm14, %ymm14
-        vpor	%ymm0, %ymm10, %ymm10
-        vpor	%ymm1, %ymm11, %ymm11
-        vpor	%ymm2, %ymm12, %ymm12
-        vpor	%ymm3, %ymm13, %ymm13
-        vpor	%ymm4, %ymm14, %ymm14
-        vpandn	%ymm12, %ymm11, %ymm0
-        vpandn	%ymm13, %ymm12, %ymm1
-        vpandn	%ymm14, %ymm13, %ymm2
-        vpandn	%ymm10, %ymm14, %ymm3
-        vpandn	%ymm11, %ymm10, %ymm4
-        vpxor	%ymm10, %ymm0, %ymm0
-        vpxor	%ymm11, %ymm1, %ymm1
-        vpxor	%ymm12, %ymm2, %ymm2
-        vpxor	%ymm13, %ymm3, %ymm3
-        vpxor	%ymm14, %ymm4, %ymm4
-        vmovdqu	%ymm0, (%rdi)
-        vmovdqu	%ymm1, 32(%rdi)
-        vmovdqu	%ymm2, -32(%rax)
-        vmovdqu	%ymm3, -96(%rcx)
-        vmovdqu	%ymm4, 96(%rcx)
-        # Row 4
-        vpxor	-64(%rdi), %ymm7, %ymm10
-        vpxor	128(%rdi), %ymm8, %ymm11
-        vpxor	64(%rax), %ymm9, %ymm12
-        vpxor	96(%rax), %ymm5, %ymm13
-        vpxor	32(%rcx), %ymm6, %ymm14
-        vpsrlq	$2, %ymm10, %ymm0
-        vpsrlq	$9, %ymm11, %ymm1
-        vpsrlq	$25, %ymm12, %ymm2
-        vpsrlq	$23, %ymm13, %ymm3
-        vpsrlq	$62, %ymm14, %ymm4
-        vpsllq	$62, %ymm10, %ymm10
-        vpsllq	$55, %ymm11, %ymm11
-        vpsllq	$39, %ymm12, %ymm12
-        vpsllq	$41, %ymm13, %ymm13
-        vpsllq	$2, %ymm14, %ymm14
-        vpor	%ymm0, %ymm10, %ymm10
-        vpor	%ymm1, %ymm11, %ymm11
-        vpor	%ymm2, %ymm12, %ymm12
-        vpor	%ymm3, %ymm13, %ymm13
-        vpor	%ymm4, %ymm14, %ymm14
-        vpandn	%ymm12, %ymm11, %ymm0
-        vpandn	%ymm13, %ymm12, %ymm1
-        vpandn	%ymm14, %ymm13, %ymm2
-        vpandn	%ymm10, %ymm14, %ymm3
-        vpandn	%ymm11, %ymm10, %ymm4
-        vpxor	%ymm10, %ymm0, %ymm0
-        vpxor	%ymm11, %ymm1, %ymm1
-        vpxor	%ymm12, %ymm2, %ymm2
-        vpxor	%ymm13, %ymm3, %ymm3
-        vpxor	%ymm14, %ymm4, %ymm4
-        vmovdqu	%ymm0, -64(%rdi)
-        vmovdqu	%ymm1, 128(%rdi)
-        vmovdqu	%ymm2, 64(%rax)
-        vmovdqu	%ymm3, 96(%rax)
-        vmovdqu	%ymm4, 32(%rcx)
-        # Round 1
-        # Calc b[0..4]
-        vpxor	%ymm15, %ymm0, %ymm10
-        vpxor	-96(%rdi), %ymm10, %ymm10
-        vpxor	-32(%rdi), %ymm10, %ymm10
-        vpxor	(%rdi), %ymm10, %ymm10
-        vpxor	32(%rdi), %ymm1, %ymm11
-        vpxor	64(%rdi), %ymm11, %ymm11
-        vpxor	96(%rdi), %ymm11, %ymm11
-        vpxor	-96(%rax), %ymm11, %ymm11
-        vpxor	-64(%rax), %ymm2, %ymm12
-        vpxor	-32(%rax), %ymm12, %ymm12
-        vpxor	(%rax), %ymm12, %ymm12
-        vpxor	32(%rax), %ymm12, %ymm12
-        vpxor	128(%rax), %ymm3, %ymm13
-        vpxor	-96(%rcx), %ymm13, %ymm13
-        vpxor	-64(%rcx), %ymm13, %ymm13
-        vpxor	-32(%rcx), %ymm13, %ymm13
-        vpxor	(%rcx), %ymm4, %ymm14
-        vpxor	64(%rcx), %ymm14, %ymm14
-        vpxor	96(%rcx), %ymm14, %ymm14
-        vpxor	128(%rcx), %ymm14, %ymm14
-        # Calc t[0..4]
-        vpsrlq	$63, %ymm11, %ymm0
-        vpsrlq	$63, %ymm12, %ymm1
-        vpsrlq	$63, %ymm13, %ymm2
-        vpsrlq	$63, %ymm14, %ymm3
-        vpsrlq	$63, %ymm10, %ymm4
-        vpaddq	%ymm11, %ymm11, %ymm5
-        vpaddq	%ymm12, %ymm12, %ymm6
-        vpaddq	%ymm13, %ymm13, %ymm7
-        vpaddq	%ymm14, %ymm14, %ymm8
-        vpaddq	%ymm10, %ymm10, %ymm9
-        vpor	%ymm0, %ymm5, %ymm5
-        vpor	%ymm1, %ymm6, %ymm6
-        vpor	%ymm2, %ymm7, %ymm7
-        vpor	%ymm3, %ymm8, %ymm8
-        vpor	%ymm4, %ymm9, %ymm9
-        vpxor	%ymm14, %ymm5, %ymm5
-        vpxor	%ymm10, %ymm6, %ymm6
-        vpxor	%ymm11, %ymm7, %ymm7
-        vpxor	%ymm12, %ymm8, %ymm8
-        vpxor	%ymm13, %ymm9, %ymm9
-        # Row Mix
-        # Row 0
-        vpxor	%ymm15, %ymm5, %ymm10
-        vpxor	-96(%rax), %ymm6, %ymm11
-        vpxor	32(%rax), %ymm7, %ymm12
-        vpxor	-96(%rcx), %ymm8, %ymm13
-        vpxor	32(%rcx), %ymm9, %ymm14
-        vpsrlq	$20, %ymm11, %ymm0
-        vpsrlq	$21, %ymm12, %ymm1
-        vpsrlq	$43, %ymm13, %ymm2
-        vpsrlq	$50, %ymm14, %ymm3
-        vpsllq	$44, %ymm11, %ymm11
-        vpsllq	$43, %ymm12, %ymm12
-        vpsllq	$21, %ymm13, %ymm13
-        vpsllq	$14, %ymm14, %ymm14
-        vpor	%ymm0, %ymm11, %ymm11
-        vpor	%ymm1, %ymm12, %ymm12
-        vpor	%ymm2, %ymm13, %ymm13
-        vpor	%ymm3, %ymm14, %ymm14
-        vpandn	%ymm12, %ymm11, %ymm15
-        vpandn	%ymm13, %ymm12, %ymm1
-        vpandn	%ymm14, %ymm13, %ymm2
-        vpandn	%ymm10, %ymm14, %ymm3
-        vpandn	%ymm11, %ymm10, %ymm4
-        vpxor	%ymm10, %ymm15, %ymm15
-        vpxor	%ymm11, %ymm1, %ymm1
-        vpxor	%ymm12, %ymm2, %ymm2
-        # XOR in constant
-        vpxor	32(%rdx), %ymm15, %ymm15
-        vpxor	%ymm13, %ymm3, %ymm3
-        vpxor	%ymm14, %ymm4, %ymm4
-        vmovdqu	%ymm1, -96(%rax)
-        vmovdqu	%ymm2, 32(%rax)
-        vmovdqu	%ymm3, -96(%rcx)
-        vmovdqu	%ymm4, 32(%rcx)
-        # Row 1
-        vpxor	-64(%rcx), %ymm8, %ymm10
-        vpxor	64(%rcx), %ymm9, %ymm11
-        vpxor	-96(%rdi), %ymm5, %ymm12
-        vpxor	32(%rdi), %ymm6, %ymm13
-        vpxor	64(%rax), %ymm7, %ymm14
-        vpsrlq	$36, %ymm10, %ymm0
-        vpsrlq	$44, %ymm11, %ymm1
-        vpsrlq	$61, %ymm12, %ymm2
-        vpsrlq	$19, %ymm13, %ymm3
-        vpsrlq	$3, %ymm14, %ymm4
-        vpsllq	$28, %ymm10, %ymm10
-        vpsllq	$20, %ymm11, %ymm11
-        vpsllq	$3, %ymm12, %ymm12
-        vpsllq	$45, %ymm13, %ymm13
-        vpsllq	$61, %ymm14, %ymm14
-        vpor	%ymm0, %ymm10, %ymm10
-        vpor	%ymm1, %ymm11, %ymm11
-        vpor	%ymm2, %ymm12, %ymm12
-        vpor	%ymm3, %ymm13, %ymm13
-        vpor	%ymm4, %ymm14, %ymm14
-        vpandn	%ymm12, %ymm11, %ymm0
-        vpandn	%ymm13, %ymm12, %ymm1
-        vpandn	%ymm14, %ymm13, %ymm2
-        vpandn	%ymm10, %ymm14, %ymm3
-        vpandn	%ymm11, %ymm10, %ymm4
-        vpxor	%ymm10, %ymm0, %ymm0
-        vpxor	%ymm11, %ymm1, %ymm1
-        vpxor	%ymm12, %ymm2, %ymm2
-        vpxor	%ymm13, %ymm3, %ymm3
-        vpxor	%ymm14, %ymm4, %ymm4
-        vmovdqu	%ymm0, -64(%rcx)
-        vmovdqu	%ymm1, 64(%rcx)
-        vmovdqu	%ymm2, -96(%rdi)
-        vmovdqu	%ymm3, 32(%rdi)
-        vmovdqu	%ymm4, 64(%rax)
-        # Row 2
-        vpxor	64(%rdi), %ymm6, %ymm10
-        vpxor	-64(%rax), %ymm7, %ymm11
-        vpxor	-32(%rcx), %ymm8, %ymm12
-        vpxor	96(%rcx), %ymm9, %ymm13
-        vpxor	-64(%rdi), %ymm5, %ymm14
-        vpsrlq	$63, %ymm10, %ymm0
-        vpsrlq	$58, %ymm11, %ymm1
-        vpsrlq	$39, %ymm12, %ymm2
-        vpsrlq	$56, %ymm13, %ymm3
-        vpsrlq	$46, %ymm14, %ymm4
-        vpaddq	%ymm10, %ymm10, %ymm10
-        vpsllq	$6, %ymm11, %ymm11
-        vpsllq	$25, %ymm12, %ymm12
-        vpsllq	$8, %ymm13, %ymm13
-        vpsllq	$18, %ymm14, %ymm14
-        vpor	%ymm0, %ymm10, %ymm10
-        vpor	%ymm1, %ymm11, %ymm11
-        vpor	%ymm2, %ymm12, %ymm12
-        vpor	%ymm3, %ymm13, %ymm13
-        vpor	%ymm4, %ymm14, %ymm14
-        vpandn	%ymm12, %ymm11, %ymm0
-        vpandn	%ymm13, %ymm12, %ymm1
-        vpandn	%ymm14, %ymm13, %ymm2
-        vpandn	%ymm10, %ymm14, %ymm3
-        vpandn	%ymm11, %ymm10, %ymm4
-        vpxor	%ymm10, %ymm0, %ymm0
-        vpxor	%ymm11, %ymm1, %ymm1
-        vpxor	%ymm12, %ymm2, %ymm2
-        vpxor	%ymm13, %ymm3, %ymm3
-        vpxor	%ymm14, %ymm4, %ymm4
-        vmovdqu	%ymm0, 64(%rdi)
-        vmovdqu	%ymm1, -64(%rax)
-        vmovdqu	%ymm2, -32(%rcx)
-        vmovdqu	%ymm3, 96(%rcx)
-        vmovdqu	%ymm4, -64(%rdi)
-        # Row 3
-        vpxor	128(%rcx), %ymm9, %ymm10
-        vpxor	-32(%rdi), %ymm5, %ymm11
-        vpxor	96(%rdi), %ymm6, %ymm12
-        vpxor	-32(%rax), %ymm7, %ymm13
-        vpxor	96(%rax), %ymm8, %ymm14
-        vpsrlq	$37, %ymm10, %ymm0
-        vpsrlq	$28, %ymm11, %ymm1
-        vpsrlq	$54, %ymm12, %ymm2
-        vpsrlq	$49, %ymm13, %ymm3
-        vpsrlq	$8, %ymm14, %ymm4
-        vpsllq	$27, %ymm10, %ymm10
-        vpsllq	$36, %ymm11, %ymm11
-        vpsllq	$10, %ymm12, %ymm12
-        vpsllq	$15, %ymm13, %ymm13
-        vpsllq	$56, %ymm14, %ymm14
-        vpor	%ymm0, %ymm10, %ymm10
-        vpor	%ymm1, %ymm11, %ymm11
-        vpor	%ymm2, %ymm12, %ymm12
-        vpor	%ymm3, %ymm13, %ymm13
-        vpor	%ymm4, %ymm14, %ymm14
-        vpandn	%ymm12, %ymm11, %ymm0
-        vpandn	%ymm13, %ymm12, %ymm1
-        vpandn	%ymm14, %ymm13, %ymm2
-        vpandn	%ymm10, %ymm14, %ymm3
-        vpandn	%ymm11, %ymm10, %ymm4
-        vpxor	%ymm10, %ymm0, %ymm0
-        vpxor	%ymm11, %ymm1, %ymm1
-        vpxor	%ymm12, %ymm2, %ymm2
-        vpxor	%ymm13, %ymm3, %ymm3
-        vpxor	%ymm14, %ymm4, %ymm4
-        vmovdqu	%ymm0, 128(%rcx)
-        vmovdqu	%ymm1, -32(%rdi)
-        vmovdqu	%ymm2, 96(%rdi)
-        vmovdqu	%ymm3, -32(%rax)
-        vmovdqu	%ymm4, 96(%rax)
-        # Row 4
-        vpxor	(%rax), %ymm7, %ymm10
-        vpxor	128(%rax), %ymm8, %ymm11
-        vpxor	(%rcx), %ymm9, %ymm12
-        vpxor	(%rdi), %ymm5, %ymm13
-        vpxor	128(%rdi), %ymm6, %ymm14
-        vpsrlq	$2, %ymm10, %ymm0
-        vpsrlq	$9, %ymm11, %ymm1
-        vpsrlq	$25, %ymm12, %ymm2
-        vpsrlq	$23, %ymm13, %ymm3
-        vpsrlq	$62, %ymm14, %ymm4
-        vpsllq	$62, %ymm10, %ymm10
-        vpsllq	$55, %ymm11, %ymm11
-        vpsllq	$39, %ymm12, %ymm12
-        vpsllq	$41, %ymm13, %ymm13
-        vpsllq	$2, %ymm14, %ymm14
-        vpor	%ymm0, %ymm10, %ymm10
-        vpor	%ymm1, %ymm11, %ymm11
-        vpor	%ymm2, %ymm12, %ymm12
-        vpor	%ymm3, %ymm13, %ymm13
-        vpor	%ymm4, %ymm14, %ymm14
-        vpandn	%ymm12, %ymm11, %ymm0
-        vpandn	%ymm13, %ymm12, %ymm1
-        vpandn	%ymm14, %ymm13, %ymm2
-        vpandn	%ymm10, %ymm14, %ymm3
-        vpandn	%ymm11, %ymm10, %ymm4
-        vpxor	%ymm10, %ymm0, %ymm0
-        vpxor	%ymm11, %ymm1, %ymm1
-        vpxor	%ymm12, %ymm2, %ymm2
-        vpxor	%ymm13, %ymm3, %ymm3
-        vpxor	%ymm14, %ymm4, %ymm4
-        vmovdqu	%ymm0, (%rax)
-        vmovdqu	%ymm1, 128(%rax)
-        vmovdqu	%ymm2, (%rcx)
-        vmovdqu	%ymm3, (%rdi)
-        vmovdqu	%ymm4, 128(%rdi)
-        # Round 2
-        # Calc b[0..4]
-        vpxor	%ymm15, %ymm0, %ymm10
-        vpxor	-96(%rdi), %ymm2, %ymm12
-        vpxor	-64(%rdi), %ymm4, %ymm14
-        vpxor	-32(%rdi), %ymm1, %ymm11
-        vpxor	32(%rdi), %ymm3, %ymm13
-        vpxor	64(%rdi), %ymm10, %ymm10
-        vpxor	96(%rdi), %ymm12, %ymm12
-        vpxor	-96(%rax), %ymm11, %ymm11
-        vpxor	-64(%rax), %ymm11, %ymm11
-        vpxor	-32(%rax), %ymm13, %ymm13
-        vpxor	32(%rax), %ymm12, %ymm12
-        vpxor	64(%rax), %ymm14, %ymm14
-        vpxor	96(%rax), %ymm14, %ymm14
-        vpxor	-96(%rcx), %ymm13, %ymm13
-        vpxor	-64(%rcx), %ymm10, %ymm10
-        vpxor	-32(%rcx), %ymm12, %ymm12
-        vpxor	32(%rcx), %ymm14, %ymm14
-        vpxor	64(%rcx), %ymm11, %ymm11
-        vpxor	96(%rcx), %ymm13, %ymm13
-        vpxor	128(%rcx), %ymm10, %ymm10
-        # Calc t[0..4]
-        vpsrlq	$63, %ymm11, %ymm0
-        vpsrlq	$63, %ymm12, %ymm1
-        vpsrlq	$63, %ymm13, %ymm2
-        vpsrlq	$63, %ymm14, %ymm3
-        vpsrlq	$63, %ymm10, %ymm4
-        vpaddq	%ymm11, %ymm11, %ymm5
-        vpaddq	%ymm12, %ymm12, %ymm6
-        vpaddq	%ymm13, %ymm13, %ymm7
-        vpaddq	%ymm14, %ymm14, %ymm8
-        vpaddq	%ymm10, %ymm10, %ymm9
-        vpor	%ymm0, %ymm5, %ymm5
-        vpor	%ymm1, %ymm6, %ymm6
-        vpor	%ymm2, %ymm7, %ymm7
-        vpor	%ymm3, %ymm8, %ymm8
-        vpor	%ymm4, %ymm9, %ymm9
-        vpxor	%ymm14, %ymm5, %ymm5
-        vpxor	%ymm10, %ymm6, %ymm6
-        vpxor	%ymm11, %ymm7, %ymm7
-        vpxor	%ymm12, %ymm8, %ymm8
-        vpxor	%ymm13, %ymm9, %ymm9
-        # Row Mix
-        # Row 0
-        vpxor	%ymm15, %ymm5, %ymm10
-        vpxor	64(%rcx), %ymm6, %ymm11
-        vpxor	-32(%rcx), %ymm7, %ymm12
-        vpxor	-32(%rax), %ymm8, %ymm13
-        vpxor	128(%rdi), %ymm9, %ymm14
-        vpsrlq	$20, %ymm11, %ymm0
-        vpsrlq	$21, %ymm12, %ymm1
-        vpsrlq	$43, %ymm13, %ymm2
-        vpsrlq	$50, %ymm14, %ymm3
-        vpsllq	$44, %ymm11, %ymm11
-        vpsllq	$43, %ymm12, %ymm12
-        vpsllq	$21, %ymm13, %ymm13
-        vpsllq	$14, %ymm14, %ymm14
-        vpor	%ymm0, %ymm11, %ymm11
-        vpor	%ymm1, %ymm12, %ymm12
-        vpor	%ymm2, %ymm13, %ymm13
-        vpor	%ymm3, %ymm14, %ymm14
-        vpandn	%ymm12, %ymm11, %ymm15
-        vpandn	%ymm13, %ymm12, %ymm1
-        vpandn	%ymm14, %ymm13, %ymm2
-        vpandn	%ymm10, %ymm14, %ymm3
-        vpandn	%ymm11, %ymm10, %ymm4
-        vpxor	%ymm10, %ymm15, %ymm15
-        vpxor	%ymm11, %ymm1, %ymm1
-        vpxor	%ymm12, %ymm2, %ymm2
-        # XOR in constant
-        vpxor	64(%rdx), %ymm15, %ymm15
-        vpxor	%ymm13, %ymm3, %ymm3
-        vpxor	%ymm14, %ymm4, %ymm4
-        vmovdqu	%ymm1, 64(%rcx)
-        vmovdqu	%ymm2, -32(%rcx)
-        vmovdqu	%ymm3, -32(%rax)
-        vmovdqu	%ymm4, 128(%rdi)
-        # Row 1
-        vpxor	-96(%rcx), %ymm8, %ymm10
-        vpxor	64(%rax), %ymm9, %ymm11
-        vpxor	64(%rdi), %ymm5, %ymm12
-        vpxor	-32(%rdi), %ymm6, %ymm13
-        vpxor	(%rcx), %ymm7, %ymm14
-        vpsrlq	$36, %ymm10, %ymm0
-        vpsrlq	$44, %ymm11, %ymm1
-        vpsrlq	$61, %ymm12, %ymm2
-        vpsrlq	$19, %ymm13, %ymm3
-        vpsrlq	$3, %ymm14, %ymm4
-        vpsllq	$28, %ymm10, %ymm10
-        vpsllq	$20, %ymm11, %ymm11
-        vpsllq	$3, %ymm12, %ymm12
-        vpsllq	$45, %ymm13, %ymm13
-        vpsllq	$61, %ymm14, %ymm14
-        vpor	%ymm0, %ymm10, %ymm10
-        vpor	%ymm1, %ymm11, %ymm11
-        vpor	%ymm2, %ymm12, %ymm12
-        vpor	%ymm3, %ymm13, %ymm13
-        vpor	%ymm4, %ymm14, %ymm14
-        vpandn	%ymm12, %ymm11, %ymm0
-        vpandn	%ymm13, %ymm12, %ymm1
-        vpandn	%ymm14, %ymm13, %ymm2
-        vpandn	%ymm10, %ymm14, %ymm3
-        vpandn	%ymm11, %ymm10, %ymm4
-        vpxor	%ymm10, %ymm0, %ymm0
-        vpxor	%ymm11, %ymm1, %ymm1
-        vpxor	%ymm12, %ymm2, %ymm2
-        vpxor	%ymm13, %ymm3, %ymm3
-        vpxor	%ymm14, %ymm4, %ymm4
-        vmovdqu	%ymm0, -96(%rcx)
-        vmovdqu	%ymm1, 64(%rax)
-        vmovdqu	%ymm2, 64(%rdi)
-        vmovdqu	%ymm3, -32(%rdi)
-        vmovdqu	%ymm4, (%rcx)
-        # Row 2
-        vpxor	-96(%rax), %ymm6, %ymm10
-        vpxor	-96(%rdi), %ymm7, %ymm11
-        vpxor	96(%rcx), %ymm8, %ymm12
-        vpxor	96(%rax), %ymm9, %ymm13
-        vpxor	(%rax), %ymm5, %ymm14
-        vpsrlq	$63, %ymm10, %ymm0
-        vpsrlq	$58, %ymm11, %ymm1
-        vpsrlq	$39, %ymm12, %ymm2
-        vpsrlq	$56, %ymm13, %ymm3
-        vpsrlq	$46, %ymm14, %ymm4
-        vpaddq	%ymm10, %ymm10, %ymm10
-        vpsllq	$6, %ymm11, %ymm11
-        vpsllq	$25, %ymm12, %ymm12
-        vpsllq	$8, %ymm13, %ymm13
-        vpsllq	$18, %ymm14, %ymm14
-        vpor	%ymm0, %ymm10, %ymm10
-        vpor	%ymm1, %ymm11, %ymm11
-        vpor	%ymm2, %ymm12, %ymm12
-        vpor	%ymm3, %ymm13, %ymm13
-        vpor	%ymm4, %ymm14, %ymm14
-        vpandn	%ymm12, %ymm11, %ymm0
-        vpandn	%ymm13, %ymm12, %ymm1
-        vpandn	%ymm14, %ymm13, %ymm2
-        vpandn	%ymm10, %ymm14, %ymm3
-        vpandn	%ymm11, %ymm10, %ymm4
-        vpxor	%ymm10, %ymm0, %ymm0
-        vpxor	%ymm11, %ymm1, %ymm1
-        vpxor	%ymm12, %ymm2, %ymm2
-        vpxor	%ymm13, %ymm3, %ymm3
-        vpxor	%ymm14, %ymm4, %ymm4
-        vmovdqu	%ymm0, -96(%rax)
-        vmovdqu	%ymm1, -96(%rdi)
-        vmovdqu	%ymm2, 96(%rcx)
-        vmovdqu	%ymm3, 96(%rax)
-        vmovdqu	%ymm4, (%rax)
-        # Row 3
-        vpxor	32(%rcx), %ymm9, %ymm10
-        vpxor	-64(%rcx), %ymm5, %ymm11
-        vpxor	-64(%rax), %ymm6, %ymm12
-        vpxor	96(%rdi), %ymm7, %ymm13
-        vpxor	(%rdi), %ymm8, %ymm14
-        vpsrlq	$37, %ymm10, %ymm0
-        vpsrlq	$28, %ymm11, %ymm1
-        vpsrlq	$54, %ymm12, %ymm2
-        vpsrlq	$49, %ymm13, %ymm3
-        vpsrlq	$8, %ymm14, %ymm4
-        vpsllq	$27, %ymm10, %ymm10
-        vpsllq	$36, %ymm11, %ymm11
-        vpsllq	$10, %ymm12, %ymm12
-        vpsllq	$15, %ymm13, %ymm13
-        vpsllq	$56, %ymm14, %ymm14
-        vpor	%ymm0, %ymm10, %ymm10
-        vpor	%ymm1, %ymm11, %ymm11
-        vpor	%ymm2, %ymm12, %ymm12
-        vpor	%ymm3, %ymm13, %ymm13
-        vpor	%ymm4, %ymm14, %ymm14
-        vpandn	%ymm12, %ymm11, %ymm0
-        vpandn	%ymm13, %ymm12, %ymm1
-        vpandn	%ymm14, %ymm13, %ymm2
-        vpandn	%ymm10, %ymm14, %ymm3
-        vpandn	%ymm11, %ymm10, %ymm4
-        vpxor	%ymm10, %ymm0, %ymm0
-        vpxor	%ymm11, %ymm1, %ymm1
-        vpxor	%ymm12, %ymm2, %ymm2
-        vpxor	%ymm13, %ymm3, %ymm3
-        vpxor	%ymm14, %ymm4, %ymm4
-        vmovdqu	%ymm0, 32(%rcx)
-        vmovdqu	%ymm1, -64(%rcx)
-        vmovdqu	%ymm2, -64(%rax)
-        vmovdqu	%ymm3, 96(%rdi)
-        vmovdqu	%ymm4, (%rdi)
-        # Row 4
-        vpxor	32(%rax), %ymm7, %ymm10
-        vpxor	32(%rdi), %ymm8, %ymm11
-        vpxor	-64(%rdi), %ymm9, %ymm12
-        vpxor	128(%rcx), %ymm5, %ymm13
-        vpxor	128(%rax), %ymm6, %ymm14
-        vpsrlq	$2, %ymm10, %ymm0
-        vpsrlq	$9, %ymm11, %ymm1
-        vpsrlq	$25, %ymm12, %ymm2
-        vpsrlq	$23, %ymm13, %ymm3
-        vpsrlq	$62, %ymm14, %ymm4
-        vpsllq	$62, %ymm10, %ymm10
-        vpsllq	$55, %ymm11, %ymm11
-        vpsllq	$39, %ymm12, %ymm12
-        vpsllq	$41, %ymm13, %ymm13
-        vpsllq	$2, %ymm14, %ymm14
-        vpor	%ymm0, %ymm10, %ymm10
-        vpor	%ymm1, %ymm11, %ymm11
-        vpor	%ymm2, %ymm12, %ymm12
-        vpor	%ymm3, %ymm13, %ymm13
-        vpor	%ymm4, %ymm14, %ymm14
-        vpandn	%ymm12, %ymm11, %ymm0
-        vpandn	%ymm13, %ymm12, %ymm1
-        vpandn	%ymm14, %ymm13, %ymm2
-        vpandn	%ymm10, %ymm14, %ymm3
-        vpandn	%ymm11, %ymm10, %ymm4
-        vpxor	%ymm10, %ymm0, %ymm0
-        vpxor	%ymm11, %ymm1, %ymm1
-        vpxor	%ymm12, %ymm2, %ymm2
-        vpxor	%ymm13, %ymm3, %ymm3
-        vpxor	%ymm14, %ymm4, %ymm4
-        vmovdqu	%ymm0, 32(%rax)
-        vmovdqu	%ymm1, 32(%rdi)
-        vmovdqu	%ymm2, -64(%rdi)
-        vmovdqu	%ymm3, 128(%rcx)
-        vmovdqu	%ymm4, 128(%rax)
-        # Round 3
-        # Calc b[0..4]
-        vpxor	%ymm15, %ymm0, %ymm10
-        vpxor	-96(%rdi), %ymm1, %ymm11
-        vpxor	-32(%rdi), %ymm3, %ymm13
-        vpxor	(%rdi), %ymm4, %ymm14
-        vpxor	64(%rdi), %ymm2, %ymm12
-        vpxor	96(%rdi), %ymm13, %ymm13
-        vpxor	128(%rdi), %ymm14, %ymm14
-        vpxor	-96(%rax), %ymm10, %ymm10
-        vpxor	-64(%rax), %ymm12, %ymm12
-        vpxor	-32(%rax), %ymm13, %ymm13
-        vpxor	(%rax), %ymm14, %ymm14
-        vpxor	64(%rax), %ymm11, %ymm11
-        vpxor	96(%rax), %ymm13, %ymm13
-        vpxor	-96(%rcx), %ymm10, %ymm10
-        vpxor	-64(%rcx), %ymm11, %ymm11
-        vpxor	-32(%rcx), %ymm12, %ymm12
-        vpxor	(%rcx), %ymm14, %ymm14
-        vpxor	32(%rcx), %ymm10, %ymm10
-        vpxor	64(%rcx), %ymm11, %ymm11
-        vpxor	96(%rcx), %ymm12, %ymm12
-        # Calc t[0..4]
-        vpsrlq	$63, %ymm11, %ymm0
-        vpsrlq	$63, %ymm12, %ymm1
-        vpsrlq	$63, %ymm13, %ymm2
-        vpsrlq	$63, %ymm14, %ymm3
-        vpsrlq	$63, %ymm10, %ymm4
-        vpaddq	%ymm11, %ymm11, %ymm5
-        vpaddq	%ymm12, %ymm12, %ymm6
-        vpaddq	%ymm13, %ymm13, %ymm7
-        vpaddq	%ymm14, %ymm14, %ymm8
-        vpaddq	%ymm10, %ymm10, %ymm9
-        vpor	%ymm0, %ymm5, %ymm5
-        vpor	%ymm1, %ymm6, %ymm6
-        vpor	%ymm2, %ymm7, %ymm7
-        vpor	%ymm3, %ymm8, %ymm8
-        vpor	%ymm4, %ymm9, %ymm9
-        vpxor	%ymm14, %ymm5, %ymm5
-        vpxor	%ymm10, %ymm6, %ymm6
-        vpxor	%ymm11, %ymm7, %ymm7
-        vpxor	%ymm12, %ymm8, %ymm8
-        vpxor	%ymm13, %ymm9, %ymm9
-        # Row Mix
-        # Row 0
-        vpxor	%ymm15, %ymm5, %ymm10
-        vpxor	64(%rax), %ymm6, %ymm11
-        vpxor	96(%rcx), %ymm7, %ymm12
-        vpxor	96(%rdi), %ymm8, %ymm13
-        vpxor	128(%rax), %ymm9, %ymm14
-        vpsrlq	$20, %ymm11, %ymm0
-        vpsrlq	$21, %ymm12, %ymm1
-        vpsrlq	$43, %ymm13, %ymm2
-        vpsrlq	$50, %ymm14, %ymm3
-        vpsllq	$44, %ymm11, %ymm11
-        vpsllq	$43, %ymm12, %ymm12
-        vpsllq	$21, %ymm13, %ymm13
-        vpsllq	$14, %ymm14, %ymm14
-        vpor	%ymm0, %ymm11, %ymm11
-        vpor	%ymm1, %ymm12, %ymm12
-        vpor	%ymm2, %ymm13, %ymm13
-        vpor	%ymm3, %ymm14, %ymm14
-        vpandn	%ymm12, %ymm11, %ymm15
-        vpandn	%ymm13, %ymm12, %ymm1
-        vpandn	%ymm14, %ymm13, %ymm2
-        vpandn	%ymm10, %ymm14, %ymm3
-        vpandn	%ymm11, %ymm10, %ymm4
-        vpxor	%ymm10, %ymm15, %ymm15
-        vpxor	%ymm11, %ymm1, %ymm1
-        vpxor	%ymm12, %ymm2, %ymm2
-        # XOR in constant
-        vpxor	96(%rdx), %ymm15, %ymm15
-        vpxor	%ymm13, %ymm3, %ymm3
-        vpxor	%ymm14, %ymm4, %ymm4
-        vmovdqu	%ymm1, 64(%rax)
-        vmovdqu	%ymm2, 96(%rcx)
-        vmovdqu	%ymm3, 96(%rdi)
-        vmovdqu	%ymm4, 128(%rax)
-        # Row 1
-        vpxor	-32(%rax), %ymm8, %ymm10
-        vpxor	(%rcx), %ymm9, %ymm11
-        vpxor	-96(%rax), %ymm5, %ymm12
-        vpxor	-64(%rcx), %ymm6, %ymm13
-        vpxor	-64(%rdi), %ymm7, %ymm14
-        vpsrlq	$36, %ymm10, %ymm0
-        vpsrlq	$44, %ymm11, %ymm1
-        vpsrlq	$61, %ymm12, %ymm2
-        vpsrlq	$19, %ymm13, %ymm3
-        vpsrlq	$3, %ymm14, %ymm4
-        vpsllq	$28, %ymm10, %ymm10
-        vpsllq	$20, %ymm11, %ymm11
-        vpsllq	$3, %ymm12, %ymm12
-        vpsllq	$45, %ymm13, %ymm13
-        vpsllq	$61, %ymm14, %ymm14
-        vpor	%ymm0, %ymm10, %ymm10
-        vpor	%ymm1, %ymm11, %ymm11
-        vpor	%ymm2, %ymm12, %ymm12
-        vpor	%ymm3, %ymm13, %ymm13
-        vpor	%ymm4, %ymm14, %ymm14
-        vpandn	%ymm12, %ymm11, %ymm0
-        vpandn	%ymm13, %ymm12, %ymm1
-        vpandn	%ymm14, %ymm13, %ymm2
-        vpandn	%ymm10, %ymm14, %ymm3
-        vpandn	%ymm11, %ymm10, %ymm4
-        vpxor	%ymm10, %ymm0, %ymm0
-        vpxor	%ymm11, %ymm1, %ymm1
-        vpxor	%ymm12, %ymm2, %ymm2
-        vpxor	%ymm13, %ymm3, %ymm3
-        vpxor	%ymm14, %ymm4, %ymm4
-        vmovdqu	%ymm0, -32(%rax)
-        vmovdqu	%ymm1, (%rcx)
-        vmovdqu	%ymm2, -96(%rax)
-        vmovdqu	%ymm3, -64(%rcx)
-        vmovdqu	%ymm4, -64(%rdi)
-        # Row 2
-        vpxor	64(%rcx), %ymm6, %ymm10
-        vpxor	64(%rdi), %ymm7, %ymm11
-        vpxor	96(%rax), %ymm8, %ymm12
-        vpxor	(%rdi), %ymm9, %ymm13
-        vpxor	32(%rax), %ymm5, %ymm14
-        vpsrlq	$63, %ymm10, %ymm0
-        vpsrlq	$58, %ymm11, %ymm1
-        vpsrlq	$39, %ymm12, %ymm2
-        vpsrlq	$56, %ymm13, %ymm3
-        vpsrlq	$46, %ymm14, %ymm4
-        vpaddq	%ymm10, %ymm10, %ymm10
-        vpsllq	$6, %ymm11, %ymm11
-        vpsllq	$25, %ymm12, %ymm12
-        vpsllq	$8, %ymm13, %ymm13
-        vpsllq	$18, %ymm14, %ymm14
-        vpor	%ymm0, %ymm10, %ymm10
-        vpor	%ymm1, %ymm11, %ymm11
-        vpor	%ymm2, %ymm12, %ymm12
-        vpor	%ymm3, %ymm13, %ymm13
-        vpor	%ymm4, %ymm14, %ymm14
-        vpandn	%ymm12, %ymm11, %ymm0
-        vpandn	%ymm13, %ymm12, %ymm1
-        vpandn	%ymm14, %ymm13, %ymm2
-        vpandn	%ymm10, %ymm14, %ymm3
-        vpandn	%ymm11, %ymm10, %ymm4
-        vpxor	%ymm10, %ymm0, %ymm0
-        vpxor	%ymm11, %ymm1, %ymm1
-        vpxor	%ymm12, %ymm2, %ymm2
-        vpxor	%ymm13, %ymm3, %ymm3
-        vpxor	%ymm14, %ymm4, %ymm4
-        vmovdqu	%ymm0, 64(%rcx)
-        vmovdqu	%ymm1, 64(%rdi)
-        vmovdqu	%ymm2, 96(%rax)
-        vmovdqu	%ymm3, (%rdi)
-        vmovdqu	%ymm4, 32(%rax)
-        # Row 3
-        vpxor	128(%rdi), %ymm9, %ymm10
-        vpxor	-96(%rcx), %ymm5, %ymm11
-        vpxor	-96(%rdi), %ymm6, %ymm12
-        vpxor	-64(%rax), %ymm7, %ymm13
-        vpxor	128(%rcx), %ymm8, %ymm14
-        vpsrlq	$37, %ymm10, %ymm0
-        vpsrlq	$28, %ymm11, %ymm1
-        vpsrlq	$54, %ymm12, %ymm2
-        vpsrlq	$49, %ymm13, %ymm3
-        vpsrlq	$8, %ymm14, %ymm4
-        vpsllq	$27, %ymm10, %ymm10
-        vpsllq	$36, %ymm11, %ymm11
-        vpsllq	$10, %ymm12, %ymm12
-        vpsllq	$15, %ymm13, %ymm13
-        vpsllq	$56, %ymm14, %ymm14
-        vpor	%ymm0, %ymm10, %ymm10
-        vpor	%ymm1, %ymm11, %ymm11
-        vpor	%ymm2, %ymm12, %ymm12
-        vpor	%ymm3, %ymm13, %ymm13
-        vpor	%ymm4, %ymm14, %ymm14
-        vpandn	%ymm12, %ymm11, %ymm0
-        vpandn	%ymm13, %ymm12, %ymm1
-        vpandn	%ymm14, %ymm13, %ymm2
-        vpandn	%ymm10, %ymm14, %ymm3
-        vpandn	%ymm11, %ymm10, %ymm4
-        vpxor	%ymm10, %ymm0, %ymm0
-        vpxor	%ymm11, %ymm1, %ymm1
-        vpxor	%ymm12, %ymm2, %ymm2
-        vpxor	%ymm13, %ymm3, %ymm3
-        vpxor	%ymm14, %ymm4, %ymm4
-        vmovdqu	%ymm0, 128(%rdi)
-        vmovdqu	%ymm1, -96(%rcx)
-        vmovdqu	%ymm2, -96(%rdi)
-        vmovdqu	%ymm3, -64(%rax)
-        vmovdqu	%ymm4, 128(%rcx)
-        # Row 4
-        vpxor	-32(%rcx), %ymm7, %ymm10
-        vpxor	-32(%rdi), %ymm8, %ymm11
-        vpxor	(%rax), %ymm9, %ymm12
-        vpxor	32(%rcx), %ymm5, %ymm13
-        vpxor	32(%rdi), %ymm6, %ymm14
-        vpsrlq	$2, %ymm10, %ymm0
-        vpsrlq	$9, %ymm11, %ymm1
-        vpsrlq	$25, %ymm12, %ymm2
-        vpsrlq	$23, %ymm13, %ymm3
-        vpsrlq	$62, %ymm14, %ymm4
-        vpsllq	$62, %ymm10, %ymm10
-        vpsllq	$55, %ymm11, %ymm11
-        vpsllq	$39, %ymm12, %ymm12
-        vpsllq	$41, %ymm13, %ymm13
-        vpsllq	$2, %ymm14, %ymm14
-        vpor	%ymm0, %ymm10, %ymm10
-        vpor	%ymm1, %ymm11, %ymm11
-        vpor	%ymm2, %ymm12, %ymm12
-        vpor	%ymm3, %ymm13, %ymm13
-        vpor	%ymm4, %ymm14, %ymm14
-        vpandn	%ymm12, %ymm11, %ymm0
-        vpandn	%ymm13, %ymm12, %ymm1
-        vpandn	%ymm14, %ymm13, %ymm2
-        vpandn	%ymm10, %ymm14, %ymm3
-        vpandn	%ymm11, %ymm10, %ymm4
-        vpxor	%ymm10, %ymm0, %ymm0
-        vpxor	%ymm11, %ymm1, %ymm1
-        vpxor	%ymm12, %ymm2, %ymm2
-        vpxor	%ymm13, %ymm3, %ymm3
-        vpxor	%ymm14, %ymm4, %ymm4
-        vmovdqu	%ymm0, -32(%rcx)
-        vmovdqu	%ymm1, -32(%rdi)
-        vmovdqu	%ymm2, (%rax)
-        vmovdqu	%ymm3, 32(%rcx)
-        vmovdqu	%ymm4, 32(%rdi)
-        # Round 4
-        # Calc b[0..4]
-        vpxor	%ymm15, %ymm0, %ymm10
-        vpxor	-96(%rdi), %ymm2, %ymm12
-        vpxor	-64(%rdi), %ymm4, %ymm14
-        vpxor	(%rdi), %ymm3, %ymm13
-        vpxor	64(%rdi), %ymm1, %ymm11
-        vpxor	96(%rdi), %ymm13, %ymm13
-        vpxor	128(%rdi), %ymm10, %ymm10
-        vpxor	-96(%rax), %ymm12, %ymm12
-        vpxor	-64(%rax), %ymm13, %ymm13
-        vpxor	-32(%rax), %ymm10, %ymm10
-        vpxor	32(%rax), %ymm14, %ymm14
-        vpxor	64(%rax), %ymm11, %ymm11
-        vpxor	96(%rax), %ymm12, %ymm12
-        vpxor	128(%rax), %ymm14, %ymm14
-        vpxor	-96(%rcx), %ymm11, %ymm11
-        vpxor	-64(%rcx), %ymm13, %ymm13
-        vpxor	(%rcx), %ymm11, %ymm11
-        vpxor	64(%rcx), %ymm10, %ymm10
-        vpxor	96(%rcx), %ymm12, %ymm12
-        vpxor	128(%rcx), %ymm14, %ymm14
-        # Calc t[0..4]
-        vpsrlq	$63, %ymm11, %ymm0
-        vpsrlq	$63, %ymm12, %ymm1
-        vpsrlq	$63, %ymm13, %ymm2
-        vpsrlq	$63, %ymm14, %ymm3
-        vpsrlq	$63, %ymm10, %ymm4
-        vpaddq	%ymm11, %ymm11, %ymm5
-        vpaddq	%ymm12, %ymm12, %ymm6
-        vpaddq	%ymm13, %ymm13, %ymm7
-        vpaddq	%ymm14, %ymm14, %ymm8
-        vpaddq	%ymm10, %ymm10, %ymm9
-        vpor	%ymm0, %ymm5, %ymm5
-        vpor	%ymm1, %ymm6, %ymm6
-        vpor	%ymm2, %ymm7, %ymm7
-        vpor	%ymm3, %ymm8, %ymm8
-        vpor	%ymm4, %ymm9, %ymm9
-        vpxor	%ymm14, %ymm5, %ymm5
-        vpxor	%ymm10, %ymm6, %ymm6
-        vpxor	%ymm11, %ymm7, %ymm7
-        vpxor	%ymm12, %ymm8, %ymm8
-        vpxor	%ymm13, %ymm9, %ymm9
-        # Row Mix
-        # Row 0
-        vpxor	%ymm15, %ymm5, %ymm10
-        vpxor	(%rcx), %ymm6, %ymm11
-        vpxor	96(%rax), %ymm7, %ymm12
-        vpxor	-64(%rax), %ymm8, %ymm13
-        vpxor	32(%rdi), %ymm9, %ymm14
-        vpsrlq	$20, %ymm11, %ymm0
-        vpsrlq	$21, %ymm12, %ymm1
-        vpsrlq	$43, %ymm13, %ymm2
-        vpsrlq	$50, %ymm14, %ymm3
-        vpsllq	$44, %ymm11, %ymm11
-        vpsllq	$43, %ymm12, %ymm12
-        vpsllq	$21, %ymm13, %ymm13
-        vpsllq	$14, %ymm14, %ymm14
-        vpor	%ymm0, %ymm11, %ymm11
-        vpor	%ymm1, %ymm12, %ymm12
-        vpor	%ymm2, %ymm13, %ymm13
-        vpor	%ymm3, %ymm14, %ymm14
-        vpandn	%ymm12, %ymm11, %ymm15
-        vpandn	%ymm13, %ymm12, %ymm1
-        vpandn	%ymm14, %ymm13, %ymm2
-        vpandn	%ymm10, %ymm14, %ymm3
-        vpandn	%ymm11, %ymm10, %ymm4
-        vpxor	%ymm10, %ymm15, %ymm15
-        vpxor	%ymm11, %ymm1, %ymm1
-        vpxor	%ymm12, %ymm2, %ymm2
-        # XOR in constant
-        vpxor	128(%rdx), %ymm15, %ymm15
-        vpxor	%ymm13, %ymm3, %ymm3
-        vpxor	%ymm14, %ymm4, %ymm4
-        vmovdqu	%ymm1, (%rcx)
-        vmovdqu	%ymm2, 96(%rax)
-        vmovdqu	%ymm3, -64(%rax)
-        vmovdqu	%ymm4, 32(%rdi)
-        # Row 1
-        vpxor	96(%rdi), %ymm8, %ymm10
-        vpxor	-64(%rdi), %ymm9, %ymm11
-        vpxor	64(%rcx), %ymm5, %ymm12
-        vpxor	-96(%rcx), %ymm6, %ymm13
-        vpxor	(%rax), %ymm7, %ymm14
-        vpsrlq	$36, %ymm10, %ymm0
-        vpsrlq	$44, %ymm11, %ymm1
-        vpsrlq	$61, %ymm12, %ymm2
-        vpsrlq	$19, %ymm13, %ymm3
-        vpsrlq	$3, %ymm14, %ymm4
-        vpsllq	$28, %ymm10, %ymm10
-        vpsllq	$20, %ymm11, %ymm11
-        vpsllq	$3, %ymm12, %ymm12
-        vpsllq	$45, %ymm13, %ymm13
-        vpsllq	$61, %ymm14, %ymm14
-        vpor	%ymm0, %ymm10, %ymm10
-        vpor	%ymm1, %ymm11, %ymm11
-        vpor	%ymm2, %ymm12, %ymm12
-        vpor	%ymm3, %ymm13, %ymm13
-        vpor	%ymm4, %ymm14, %ymm14
-        vpandn	%ymm12, %ymm11, %ymm0
-        vpandn	%ymm13, %ymm12, %ymm1
-        vpandn	%ymm14, %ymm13, %ymm2
-        vpandn	%ymm10, %ymm14, %ymm3
-        vpandn	%ymm11, %ymm10, %ymm4
-        vpxor	%ymm10, %ymm0, %ymm0
-        vpxor	%ymm11, %ymm1, %ymm1
-        vpxor	%ymm12, %ymm2, %ymm2
-        vpxor	%ymm13, %ymm3, %ymm3
-        vpxor	%ymm14, %ymm4, %ymm4
-        vmovdqu	%ymm0, 96(%rdi)
-        vmovdqu	%ymm1, -64(%rdi)
-        vmovdqu	%ymm2, 64(%rcx)
-        vmovdqu	%ymm3, -96(%rcx)
-        vmovdqu	%ymm4, (%rax)
-        # Row 2
-        vpxor	64(%rax), %ymm6, %ymm10
-        vpxor	-96(%rax), %ymm7, %ymm11
-        vpxor	(%rdi), %ymm8, %ymm12
-        vpxor	128(%rcx), %ymm9, %ymm13
-        vpxor	-32(%rcx), %ymm5, %ymm14
-        vpsrlq	$63, %ymm10, %ymm0
-        vpsrlq	$58, %ymm11, %ymm1
-        vpsrlq	$39, %ymm12, %ymm2
-        vpsrlq	$56, %ymm13, %ymm3
-        vpsrlq	$46, %ymm14, %ymm4
-        vpaddq	%ymm10, %ymm10, %ymm10
-        vpsllq	$6, %ymm11, %ymm11
-        vpsllq	$25, %ymm12, %ymm12
-        vpsllq	$8, %ymm13, %ymm13
-        vpsllq	$18, %ymm14, %ymm14
-        vpor	%ymm0, %ymm10, %ymm10
-        vpor	%ymm1, %ymm11, %ymm11
-        vpor	%ymm2, %ymm12, %ymm12
-        vpor	%ymm3, %ymm13, %ymm13
-        vpor	%ymm4, %ymm14, %ymm14
-        vpandn	%ymm12, %ymm11, %ymm0
-        vpandn	%ymm13, %ymm12, %ymm1
-        vpandn	%ymm14, %ymm13, %ymm2
-        vpandn	%ymm10, %ymm14, %ymm3
-        vpandn	%ymm11, %ymm10, %ymm4
-        vpxor	%ymm10, %ymm0, %ymm0
-        vpxor	%ymm11, %ymm1, %ymm1
-        vpxor	%ymm12, %ymm2, %ymm2
-        vpxor	%ymm13, %ymm3, %ymm3
-        vpxor	%ymm14, %ymm4, %ymm4
-        vmovdqu	%ymm0, 64(%rax)
-        vmovdqu	%ymm1, -96(%rax)
-        vmovdqu	%ymm2, (%rdi)
-        vmovdqu	%ymm3, 128(%rcx)
-        vmovdqu	%ymm4, -32(%rcx)
-        # Row 3
-        vpxor	128(%rax), %ymm9, %ymm10
-        vpxor	-32(%rax), %ymm5, %ymm11
-        vpxor	64(%rdi), %ymm6, %ymm12
-        vpxor	-96(%rdi), %ymm7, %ymm13
-        vpxor	32(%rcx), %ymm8, %ymm14
-        vpsrlq	$37, %ymm10, %ymm0
-        vpsrlq	$28, %ymm11, %ymm1
-        vpsrlq	$54, %ymm12, %ymm2
-        vpsrlq	$49, %ymm13, %ymm3
-        vpsrlq	$8, %ymm14, %ymm4
-        vpsllq	$27, %ymm10, %ymm10
-        vpsllq	$36, %ymm11, %ymm11
-        vpsllq	$10, %ymm12, %ymm12
-        vpsllq	$15, %ymm13, %ymm13
-        vpsllq	$56, %ymm14, %ymm14
-        vpor	%ymm0, %ymm10, %ymm10
-        vpor	%ymm1, %ymm11, %ymm11
-        vpor	%ymm2, %ymm12, %ymm12
-        vpor	%ymm3, %ymm13, %ymm13
-        vpor	%ymm4, %ymm14, %ymm14
-        vpandn	%ymm12, %ymm11, %ymm0
-        vpandn	%ymm13, %ymm12, %ymm1
-        vpandn	%ymm14, %ymm13, %ymm2
-        vpandn	%ymm10, %ymm14, %ymm3
-        vpandn	%ymm11, %ymm10, %ymm4
-        vpxor	%ymm10, %ymm0, %ymm0
-        vpxor	%ymm11, %ymm1, %ymm1
-        vpxor	%ymm12, %ymm2, %ymm2
-        vpxor	%ymm13, %ymm3, %ymm3
-        vpxor	%ymm14, %ymm4, %ymm4
-        vmovdqu	%ymm0, 128(%rax)
-        vmovdqu	%ymm1, -32(%rax)
-        vmovdqu	%ymm2, 64(%rdi)
-        vmovdqu	%ymm3, -96(%rdi)
-        vmovdqu	%ymm4, 32(%rcx)
-        # Row 4
-        vpxor	96(%rcx), %ymm7, %ymm10
-        vpxor	-64(%rcx), %ymm8, %ymm11
-        vpxor	32(%rax), %ymm9, %ymm12
-        vpxor	128(%rdi), %ymm5, %ymm13
-        vpxor	-32(%rdi), %ymm6, %ymm14
-        vpsrlq	$2, %ymm10, %ymm0
-        vpsrlq	$9, %ymm11, %ymm1
-        vpsrlq	$25, %ymm12, %ymm2
-        vpsrlq	$23, %ymm13, %ymm3
-        vpsrlq	$62, %ymm14, %ymm4
-        vpsllq	$62, %ymm10, %ymm10
-        vpsllq	$55, %ymm11, %ymm11
-        vpsllq	$39, %ymm12, %ymm12
-        vpsllq	$41, %ymm13, %ymm13
-        vpsllq	$2, %ymm14, %ymm14
-        vpor	%ymm0, %ymm10, %ymm10
-        vpor	%ymm1, %ymm11, %ymm11
-        vpor	%ymm2, %ymm12, %ymm12
-        vpor	%ymm3, %ymm13, %ymm13
-        vpor	%ymm4, %ymm14, %ymm14
-        vpandn	%ymm12, %ymm11, %ymm0
-        vpandn	%ymm13, %ymm12, %ymm1
-        vpandn	%ymm14, %ymm13, %ymm2
-        vpandn	%ymm10, %ymm14, %ymm3
-        vpandn	%ymm11, %ymm10, %ymm4
-        vpxor	%ymm10, %ymm0, %ymm0
-        vpxor	%ymm11, %ymm1, %ymm1
-        vpxor	%ymm12, %ymm2, %ymm2
-        vpxor	%ymm13, %ymm3, %ymm3
-        vpxor	%ymm14, %ymm4, %ymm4
-        vmovdqu	%ymm0, 96(%rcx)
-        vmovdqu	%ymm1, -64(%rcx)
-        vmovdqu	%ymm2, 32(%rax)
-        vmovdqu	%ymm3, 128(%rdi)
-        vmovdqu	%ymm4, -32(%rdi)
-        # Round 5
-        # Calc b[0..4]
-        vpxor	%ymm15, %ymm0, %ymm10
-        vpxor	-96(%rdi), %ymm3, %ymm13
-        vpxor	-64(%rdi), %ymm1, %ymm11
-        vpxor	(%rdi), %ymm2, %ymm12
-        vpxor	32(%rdi), %ymm4, %ymm14
-        vpxor	64(%rdi), %ymm12, %ymm12
-        vpxor	96(%rdi), %ymm10, %ymm10
-        vpxor	-96(%rax), %ymm11, %ymm11
-        vpxor	-64(%rax), %ymm13, %ymm13
-        vpxor	-32(%rax), %ymm11, %ymm11
-        vpxor	(%rax), %ymm14, %ymm14
-        vpxor	64(%rax), %ymm10, %ymm10
-        vpxor	96(%rax), %ymm12, %ymm12
-        vpxor	128(%rax), %ymm10, %ymm10
-        vpxor	-96(%rcx), %ymm13, %ymm13
-        vpxor	-32(%rcx), %ymm14, %ymm14
-        vpxor	(%rcx), %ymm11, %ymm11
-        vpxor	32(%rcx), %ymm14, %ymm14
-        vpxor	64(%rcx), %ymm12, %ymm12
-        vpxor	128(%rcx), %ymm13, %ymm13
-        # Calc t[0..4]
-        vpsrlq	$63, %ymm11, %ymm0
-        vpsrlq	$63, %ymm12, %ymm1
-        vpsrlq	$63, %ymm13, %ymm2
-        vpsrlq	$63, %ymm14, %ymm3
-        vpsrlq	$63, %ymm10, %ymm4
-        vpaddq	%ymm11, %ymm11, %ymm5
-        vpaddq	%ymm12, %ymm12, %ymm6
-        vpaddq	%ymm13, %ymm13, %ymm7
-        vpaddq	%ymm14, %ymm14, %ymm8
-        vpaddq	%ymm10, %ymm10, %ymm9
-        vpor	%ymm0, %ymm5, %ymm5
-        vpor	%ymm1, %ymm6, %ymm6
-        vpor	%ymm2, %ymm7, %ymm7
-        vpor	%ymm3, %ymm8, %ymm8
-        vpor	%ymm4, %ymm9, %ymm9
-        vpxor	%ymm14, %ymm5, %ymm5
-        vpxor	%ymm10, %ymm6, %ymm6
-        vpxor	%ymm11, %ymm7, %ymm7
-        vpxor	%ymm12, %ymm8, %ymm8
-        vpxor	%ymm13, %ymm9, %ymm9
-        # Row Mix
-        # Row 0
-        vpxor	%ymm15, %ymm5, %ymm10
-        vpxor	-64(%rdi), %ymm6, %ymm11
-        vpxor	(%rdi), %ymm7, %ymm12
-        vpxor	-96(%rdi), %ymm8, %ymm13
-        vpxor	-32(%rdi), %ymm9, %ymm14
-        vpsrlq	$20, %ymm11, %ymm0
-        vpsrlq	$21, %ymm12, %ymm1
-        vpsrlq	$43, %ymm13, %ymm2
-        vpsrlq	$50, %ymm14, %ymm3
-        vpsllq	$44, %ymm11, %ymm11
-        vpsllq	$43, %ymm12, %ymm12
-        vpsllq	$21, %ymm13, %ymm13
-        vpsllq	$14, %ymm14, %ymm14
-        vpor	%ymm0, %ymm11, %ymm11
-        vpor	%ymm1, %ymm12, %ymm12
-        vpor	%ymm2, %ymm13, %ymm13
-        vpor	%ymm3, %ymm14, %ymm14
-        vpandn	%ymm12, %ymm11, %ymm15
-        vpandn	%ymm13, %ymm12, %ymm1
-        vpandn	%ymm14, %ymm13, %ymm2
-        vpandn	%ymm10, %ymm14, %ymm3
-        vpandn	%ymm11, %ymm10, %ymm4
-        vpxor	%ymm10, %ymm15, %ymm15
-        vpxor	%ymm11, %ymm1, %ymm1
-        vpxor	%ymm12, %ymm2, %ymm2
-        # XOR in constant
-        vpxor	160(%rdx), %ymm15, %ymm15
-        vpxor	%ymm13, %ymm3, %ymm3
-        vpxor	%ymm14, %ymm4, %ymm4
-        vmovdqu	%ymm1, -64(%rdi)
-        vmovdqu	%ymm2, (%rdi)
-        vmovdqu	%ymm3, -96(%rdi)
-        vmovdqu	%ymm4, -32(%rdi)
-        # Row 1
-        vpxor	-64(%rax), %ymm8, %ymm10
-        vpxor	(%rax), %ymm9, %ymm11
-        vpxor	64(%rax), %ymm5, %ymm12
-        vpxor	-32(%rax), %ymm6, %ymm13
-        vpxor	32(%rax), %ymm7, %ymm14
-        vpsrlq	$36, %ymm10, %ymm0
-        vpsrlq	$44, %ymm11, %ymm1
-        vpsrlq	$61, %ymm12, %ymm2
-        vpsrlq	$19, %ymm13, %ymm3
-        vpsrlq	$3, %ymm14, %ymm4
-        vpsllq	$28, %ymm10, %ymm10
-        vpsllq	$20, %ymm11, %ymm11
-        vpsllq	$3, %ymm12, %ymm12
-        vpsllq	$45, %ymm13, %ymm13
-        vpsllq	$61, %ymm14, %ymm14
-        vpor	%ymm0, %ymm10, %ymm10
-        vpor	%ymm1, %ymm11, %ymm11
-        vpor	%ymm2, %ymm12, %ymm12
-        vpor	%ymm3, %ymm13, %ymm13
-        vpor	%ymm4, %ymm14, %ymm14
-        vpandn	%ymm12, %ymm11, %ymm0
-        vpandn	%ymm13, %ymm12, %ymm1
-        vpandn	%ymm14, %ymm13, %ymm2
-        vpandn	%ymm10, %ymm14, %ymm3
-        vpandn	%ymm11, %ymm10, %ymm4
-        vpxor	%ymm10, %ymm0, %ymm0
-        vpxor	%ymm11, %ymm1, %ymm1
-        vpxor	%ymm12, %ymm2, %ymm2
-        vpxor	%ymm13, %ymm3, %ymm3
-        vpxor	%ymm14, %ymm4, %ymm4
-        vmovdqu	%ymm0, -64(%rax)
-        vmovdqu	%ymm1, (%rax)
-        vmovdqu	%ymm2, 64(%rax)
-        vmovdqu	%ymm3, -32(%rax)
-        vmovdqu	%ymm4, 32(%rax)
-        # Row 2
-        vpxor	(%rcx), %ymm6, %ymm10
-        vpxor	64(%rcx), %ymm7, %ymm11
-        vpxor	128(%rcx), %ymm8, %ymm12
-        vpxor	32(%rcx), %ymm9, %ymm13
-        vpxor	96(%rcx), %ymm5, %ymm14
-        vpsrlq	$63, %ymm10, %ymm0
-        vpsrlq	$58, %ymm11, %ymm1
-        vpsrlq	$39, %ymm12, %ymm2
-        vpsrlq	$56, %ymm13, %ymm3
-        vpsrlq	$46, %ymm14, %ymm4
-        vpaddq	%ymm10, %ymm10, %ymm10
-        vpsllq	$6, %ymm11, %ymm11
-        vpsllq	$25, %ymm12, %ymm12
-        vpsllq	$8, %ymm13, %ymm13
-        vpsllq	$18, %ymm14, %ymm14
-        vpor	%ymm0, %ymm10, %ymm10
-        vpor	%ymm1, %ymm11, %ymm11
-        vpor	%ymm2, %ymm12, %ymm12
-        vpor	%ymm3, %ymm13, %ymm13
-        vpor	%ymm4, %ymm14, %ymm14
-        vpandn	%ymm12, %ymm11, %ymm0
-        vpandn	%ymm13, %ymm12, %ymm1
-        vpandn	%ymm14, %ymm13, %ymm2
-        vpandn	%ymm10, %ymm14, %ymm3
-        vpandn	%ymm11, %ymm10, %ymm4
-        vpxor	%ymm10, %ymm0, %ymm0
-        vpxor	%ymm11, %ymm1, %ymm1
-        vpxor	%ymm12, %ymm2, %ymm2
-        vpxor	%ymm13, %ymm3, %ymm3
-        vpxor	%ymm14, %ymm4, %ymm4
-        vmovdqu	%ymm0, (%rcx)
-        vmovdqu	%ymm1, 64(%rcx)
-        vmovdqu	%ymm2, 128(%rcx)
-        vmovdqu	%ymm3, 32(%rcx)
-        vmovdqu	%ymm4, 96(%rcx)
-        # Row 3
-        vpxor	32(%rdi), %ymm9, %ymm10
-        vpxor	96(%rdi), %ymm5, %ymm11
-        vpxor	-96(%rax), %ymm6, %ymm12
-        vpxor	64(%rdi), %ymm7, %ymm13
-        vpxor	128(%rdi), %ymm8, %ymm14
-        vpsrlq	$37, %ymm10, %ymm0
-        vpsrlq	$28, %ymm11, %ymm1
-        vpsrlq	$54, %ymm12, %ymm2
-        vpsrlq	$49, %ymm13, %ymm3
-        vpsrlq	$8, %ymm14, %ymm4
-        vpsllq	$27, %ymm10, %ymm10
-        vpsllq	$36, %ymm11, %ymm11
-        vpsllq	$10, %ymm12, %ymm12
-        vpsllq	$15, %ymm13, %ymm13
-        vpsllq	$56, %ymm14, %ymm14
-        vpor	%ymm0, %ymm10, %ymm10
-        vpor	%ymm1, %ymm11, %ymm11
-        vpor	%ymm2, %ymm12, %ymm12
-        vpor	%ymm3, %ymm13, %ymm13
-        vpor	%ymm4, %ymm14, %ymm14
-        vpandn	%ymm12, %ymm11, %ymm0
-        vpandn	%ymm13, %ymm12, %ymm1
-        vpandn	%ymm14, %ymm13, %ymm2
-        vpandn	%ymm10, %ymm14, %ymm3
-        vpandn	%ymm11, %ymm10, %ymm4
-        vpxor	%ymm10, %ymm0, %ymm0
-        vpxor	%ymm11, %ymm1, %ymm1
-        vpxor	%ymm12, %ymm2, %ymm2
-        vpxor	%ymm13, %ymm3, %ymm3
-        vpxor	%ymm14, %ymm4, %ymm4
-        vmovdqu	%ymm0, 32(%rdi)
-        vmovdqu	%ymm1, 96(%rdi)
-        vmovdqu	%ymm2, -96(%rax)
-        vmovdqu	%ymm3, 64(%rdi)
-        vmovdqu	%ymm4, 128(%rdi)
-        # Row 4
-        vpxor	96(%rax), %ymm7, %ymm10
-        vpxor	-96(%rcx), %ymm8, %ymm11
-        vpxor	-32(%rcx), %ymm9, %ymm12
-        vpxor	128(%rax), %ymm5, %ymm13
-        vpxor	-64(%rcx), %ymm6, %ymm14
-        vpsrlq	$2, %ymm10, %ymm0
-        vpsrlq	$9, %ymm11, %ymm1
-        vpsrlq	$25, %ymm12, %ymm2
-        vpsrlq	$23, %ymm13, %ymm3
-        vpsrlq	$62, %ymm14, %ymm4
-        vpsllq	$62, %ymm10, %ymm10
-        vpsllq	$55, %ymm11, %ymm11
-        vpsllq	$39, %ymm12, %ymm12
-        vpsllq	$41, %ymm13, %ymm13
-        vpsllq	$2, %ymm14, %ymm14
-        vpor	%ymm0, %ymm10, %ymm10
-        vpor	%ymm1, %ymm11, %ymm11
-        vpor	%ymm2, %ymm12, %ymm12
-        vpor	%ymm3, %ymm13, %ymm13
-        vpor	%ymm4, %ymm14, %ymm14
-        vpandn	%ymm12, %ymm11, %ymm0
-        vpandn	%ymm13, %ymm12, %ymm1
-        vpandn	%ymm14, %ymm13, %ymm2
-        vpandn	%ymm10, %ymm14, %ymm3
-        vpandn	%ymm11, %ymm10, %ymm4
-        vpxor	%ymm10, %ymm0, %ymm0
-        vpxor	%ymm11, %ymm1, %ymm1
-        vpxor	%ymm12, %ymm2, %ymm2
-        vpxor	%ymm13, %ymm3, %ymm3
-        vpxor	%ymm14, %ymm4, %ymm4
-        vmovdqu	%ymm0, 96(%rax)
-        vmovdqu	%ymm1, -96(%rcx)
-        vmovdqu	%ymm2, -32(%rcx)
-        vmovdqu	%ymm3, 128(%rax)
-        vmovdqu	%ymm4, -64(%rcx)
-        # Round 6
-        # Calc b[0..4]
-        vpxor	%ymm15, %ymm0, %ymm10
-        vpxor	-96(%rdi), %ymm3, %ymm13
-        vpxor	-64(%rdi), %ymm1, %ymm11
-        vpxor	-32(%rdi), %ymm4, %ymm14
-        vpxor	(%rdi), %ymm2, %ymm12
-        vpxor	32(%rdi), %ymm10, %ymm10
-        vpxor	64(%rdi), %ymm13, %ymm13
-        vpxor	96(%rdi), %ymm11, %ymm11
-        vpxor	128(%rdi), %ymm14, %ymm14
-        vpxor	-96(%rax), %ymm12, %ymm12
-        vpxor	-64(%rax), %ymm10, %ymm10
-        vpxor	-32(%rax), %ymm13, %ymm13
-        vpxor	(%rax), %ymm11, %ymm11
-        vpxor	32(%rax), %ymm14, %ymm14
-        vpxor	64(%rax), %ymm12, %ymm12
-        vpxor	(%rcx), %ymm10, %ymm10
-        vpxor	32(%rcx), %ymm13, %ymm13
-        vpxor	64(%rcx), %ymm11, %ymm11
-        vpxor	96(%rcx), %ymm14, %ymm14
-        vpxor	128(%rcx), %ymm12, %ymm12
-        # Calc t[0..4]
-        vpsrlq	$63, %ymm11, %ymm0
-        vpsrlq	$63, %ymm12, %ymm1
-        vpsrlq	$63, %ymm13, %ymm2
-        vpsrlq	$63, %ymm14, %ymm3
-        vpsrlq	$63, %ymm10, %ymm4
-        vpaddq	%ymm11, %ymm11, %ymm5
-        vpaddq	%ymm12, %ymm12, %ymm6
-        vpaddq	%ymm13, %ymm13, %ymm7
-        vpaddq	%ymm14, %ymm14, %ymm8
-        vpaddq	%ymm10, %ymm10, %ymm9
-        vpor	%ymm0, %ymm5, %ymm5
-        vpor	%ymm1, %ymm6, %ymm6
-        vpor	%ymm2, %ymm7, %ymm7
-        vpor	%ymm3, %ymm8, %ymm8
-        vpor	%ymm4, %ymm9, %ymm9
-        vpxor	%ymm14, %ymm5, %ymm5
-        vpxor	%ymm10, %ymm6, %ymm6
-        vpxor	%ymm11, %ymm7, %ymm7
-        vpxor	%ymm12, %ymm8, %ymm8
-        vpxor	%ymm13, %ymm9, %ymm9
-        # Row Mix
-        # Row 0
-        vpxor	%ymm15, %ymm5, %ymm10
-        vpxor	(%rax), %ymm6, %ymm11
-        vpxor	128(%rcx), %ymm7, %ymm12
-        vpxor	64(%rdi), %ymm8, %ymm13
-        vpxor	-64(%rcx), %ymm9, %ymm14
-        vpsrlq	$20, %ymm11, %ymm0
-        vpsrlq	$21, %ymm12, %ymm1
-        vpsrlq	$43, %ymm13, %ymm2
-        vpsrlq	$50, %ymm14, %ymm3
-        vpsllq	$44, %ymm11, %ymm11
-        vpsllq	$43, %ymm12, %ymm12
-        vpsllq	$21, %ymm13, %ymm13
-        vpsllq	$14, %ymm14, %ymm14
-        vpor	%ymm0, %ymm11, %ymm11
-        vpor	%ymm1, %ymm12, %ymm12
-        vpor	%ymm2, %ymm13, %ymm13
-        vpor	%ymm3, %ymm14, %ymm14
-        vpandn	%ymm12, %ymm11, %ymm15
-        vpandn	%ymm13, %ymm12, %ymm1
-        vpandn	%ymm14, %ymm13, %ymm2
-        vpandn	%ymm10, %ymm14, %ymm3
-        vpandn	%ymm11, %ymm10, %ymm4
-        vpxor	%ymm10, %ymm15, %ymm15
-        vpxor	%ymm11, %ymm1, %ymm1
-        vpxor	%ymm12, %ymm2, %ymm2
-        # XOR in constant
-        vpxor	192(%rdx), %ymm15, %ymm15
-        vpxor	%ymm13, %ymm3, %ymm3
-        vpxor	%ymm14, %ymm4, %ymm4
-        vmovdqu	%ymm1, (%rax)
-        vmovdqu	%ymm2, 128(%rcx)
-        vmovdqu	%ymm3, 64(%rdi)
-        vmovdqu	%ymm4, -64(%rcx)
-        # Row 1
-        vpxor	-96(%rdi), %ymm8, %ymm10
-        vpxor	32(%rax), %ymm9, %ymm11
-        vpxor	(%rcx), %ymm5, %ymm12
-        vpxor	96(%rdi), %ymm6, %ymm13
-        vpxor	-32(%rcx), %ymm7, %ymm14
-        vpsrlq	$36, %ymm10, %ymm0
-        vpsrlq	$44, %ymm11, %ymm1
-        vpsrlq	$61, %ymm12, %ymm2
-        vpsrlq	$19, %ymm13, %ymm3
-        vpsrlq	$3, %ymm14, %ymm4
-        vpsllq	$28, %ymm10, %ymm10
-        vpsllq	$20, %ymm11, %ymm11
-        vpsllq	$3, %ymm12, %ymm12
-        vpsllq	$45, %ymm13, %ymm13
-        vpsllq	$61, %ymm14, %ymm14
-        vpor	%ymm0, %ymm10, %ymm10
-        vpor	%ymm1, %ymm11, %ymm11
-        vpor	%ymm2, %ymm12, %ymm12
-        vpor	%ymm3, %ymm13, %ymm13
-        vpor	%ymm4, %ymm14, %ymm14
-        vpandn	%ymm12, %ymm11, %ymm0
-        vpandn	%ymm13, %ymm12, %ymm1
-        vpandn	%ymm14, %ymm13, %ymm2
-        vpandn	%ymm10, %ymm14, %ymm3
-        vpandn	%ymm11, %ymm10, %ymm4
-        vpxor	%ymm10, %ymm0, %ymm0
-        vpxor	%ymm11, %ymm1, %ymm1
-        vpxor	%ymm12, %ymm2, %ymm2
-        vpxor	%ymm13, %ymm3, %ymm3
-        vpxor	%ymm14, %ymm4, %ymm4
-        vmovdqu	%ymm0, -96(%rdi)
-        vmovdqu	%ymm1, 32(%rax)
-        vmovdqu	%ymm2, (%rcx)
-        vmovdqu	%ymm3, 96(%rdi)
-        vmovdqu	%ymm4, -32(%rcx)
-        # Row 2
-        vpxor	-64(%rdi), %ymm6, %ymm10
-        vpxor	64(%rax), %ymm7, %ymm11
-        vpxor	32(%rcx), %ymm8, %ymm12
-        vpxor	128(%rdi), %ymm9, %ymm13
-        vpxor	96(%rax), %ymm5, %ymm14
-        vpsrlq	$63, %ymm10, %ymm0
-        vpsrlq	$58, %ymm11, %ymm1
-        vpsrlq	$39, %ymm12, %ymm2
-        vpsrlq	$56, %ymm13, %ymm3
-        vpsrlq	$46, %ymm14, %ymm4
-        vpaddq	%ymm10, %ymm10, %ymm10
-        vpsllq	$6, %ymm11, %ymm11
-        vpsllq	$25, %ymm12, %ymm12
-        vpsllq	$8, %ymm13, %ymm13
-        vpsllq	$18, %ymm14, %ymm14
-        vpor	%ymm0, %ymm10, %ymm10
-        vpor	%ymm1, %ymm11, %ymm11
-        vpor	%ymm2, %ymm12, %ymm12
-        vpor	%ymm3, %ymm13, %ymm13
-        vpor	%ymm4, %ymm14, %ymm14
-        vpandn	%ymm12, %ymm11, %ymm0
-        vpandn	%ymm13, %ymm12, %ymm1
-        vpandn	%ymm14, %ymm13, %ymm2
-        vpandn	%ymm10, %ymm14, %ymm3
-        vpandn	%ymm11, %ymm10, %ymm4
-        vpxor	%ymm10, %ymm0, %ymm0
-        vpxor	%ymm11, %ymm1, %ymm1
-        vpxor	%ymm12, %ymm2, %ymm2
-        vpxor	%ymm13, %ymm3, %ymm3
-        vpxor	%ymm14, %ymm4, %ymm4
-        vmovdqu	%ymm0, -64(%rdi)
-        vmovdqu	%ymm1, 64(%rax)
-        vmovdqu	%ymm2, 32(%rcx)
-        vmovdqu	%ymm3, 128(%rdi)
-        vmovdqu	%ymm4, 96(%rax)
-        # Row 3
-        vpxor	-32(%rdi), %ymm9, %ymm10
-        vpxor	-64(%rax), %ymm5, %ymm11
-        vpxor	64(%rcx), %ymm6, %ymm12
-        vpxor	-96(%rax), %ymm7, %ymm13
-        vpxor	128(%rax), %ymm8, %ymm14
-        vpsrlq	$37, %ymm10, %ymm0
-        vpsrlq	$28, %ymm11, %ymm1
-        vpsrlq	$54, %ymm12, %ymm2
-        vpsrlq	$49, %ymm13, %ymm3
-        vpsrlq	$8, %ymm14, %ymm4
-        vpsllq	$27, %ymm10, %ymm10
-        vpsllq	$36, %ymm11, %ymm11
-        vpsllq	$10, %ymm12, %ymm12
-        vpsllq	$15, %ymm13, %ymm13
-        vpsllq	$56, %ymm14, %ymm14
-        vpor	%ymm0, %ymm10, %ymm10
-        vpor	%ymm1, %ymm11, %ymm11
-        vpor	%ymm2, %ymm12, %ymm12
-        vpor	%ymm3, %ymm13, %ymm13
-        vpor	%ymm4, %ymm14, %ymm14
-        vpandn	%ymm12, %ymm11, %ymm0
-        vpandn	%ymm13, %ymm12, %ymm1
-        vpandn	%ymm14, %ymm13, %ymm2
-        vpandn	%ymm10, %ymm14, %ymm3
-        vpandn	%ymm11, %ymm10, %ymm4
-        vpxor	%ymm10, %ymm0, %ymm0
-        vpxor	%ymm11, %ymm1, %ymm1
-        vpxor	%ymm12, %ymm2, %ymm2
-        vpxor	%ymm13, %ymm3, %ymm3
-        vpxor	%ymm14, %ymm4, %ymm4
-        vmovdqu	%ymm0, -32(%rdi)
-        vmovdqu	%ymm1, -64(%rax)
-        vmovdqu	%ymm2, 64(%rcx)
-        vmovdqu	%ymm3, -96(%rax)
-        vmovdqu	%ymm4, 128(%rax)
-        # Row 4
-        vpxor	(%rdi), %ymm7, %ymm10
-        vpxor	-32(%rax), %ymm8, %ymm11
-        vpxor	96(%rcx), %ymm9, %ymm12
-        vpxor	32(%rdi), %ymm5, %ymm13
-        vpxor	-96(%rcx), %ymm6, %ymm14
-        vpsrlq	$2, %ymm10, %ymm0
-        vpsrlq	$9, %ymm11, %ymm1
-        vpsrlq	$25, %ymm12, %ymm2
-        vpsrlq	$23, %ymm13, %ymm3
-        vpsrlq	$62, %ymm14, %ymm4
-        vpsllq	$62, %ymm10, %ymm10
-        vpsllq	$55, %ymm11, %ymm11
-        vpsllq	$39, %ymm12, %ymm12
-        vpsllq	$41, %ymm13, %ymm13
-        vpsllq	$2, %ymm14, %ymm14
-        vpor	%ymm0, %ymm10, %ymm10
-        vpor	%ymm1, %ymm11, %ymm11
-        vpor	%ymm2, %ymm12, %ymm12
-        vpor	%ymm3, %ymm13, %ymm13
-        vpor	%ymm4, %ymm14, %ymm14
-        vpandn	%ymm12, %ymm11, %ymm0
-        vpandn	%ymm13, %ymm12, %ymm1
-        vpandn	%ymm14, %ymm13, %ymm2
-        vpandn	%ymm10, %ymm14, %ymm3
-        vpandn	%ymm11, %ymm10, %ymm4
-        vpxor	%ymm10, %ymm0, %ymm0
-        vpxor	%ymm11, %ymm1, %ymm1
-        vpxor	%ymm12, %ymm2, %ymm2
-        vpxor	%ymm13, %ymm3, %ymm3
-        vpxor	%ymm14, %ymm4, %ymm4
-        vmovdqu	%ymm0, (%rdi)
-        vmovdqu	%ymm1, -32(%rax)
-        vmovdqu	%ymm2, 96(%rcx)
-        vmovdqu	%ymm3, 32(%rdi)
-        vmovdqu	%ymm4, -96(%rcx)
-        # Round 7
-        # Calc b[0..4]
-        vpxor	%ymm15, %ymm0, %ymm10
-        vpxor	-96(%rdi), %ymm10, %ymm10
-        vpxor	-64(%rdi), %ymm10, %ymm10
-        vpxor	-32(%rdi), %ymm10, %ymm10
-        vpxor	64(%rdi), %ymm3, %ymm13
-        vpxor	96(%rdi), %ymm13, %ymm13
-        vpxor	128(%rdi), %ymm13, %ymm13
-        vpxor	-96(%rax), %ymm13, %ymm13
-        vpxor	-64(%rax), %ymm1, %ymm11
-        vpxor	(%rax), %ymm11, %ymm11
-        vpxor	32(%rax), %ymm11, %ymm11
-        vpxor	64(%rax), %ymm11, %ymm11
-        vpxor	96(%rax), %ymm4, %ymm14
-        vpxor	128(%rax), %ymm14, %ymm14
-        vpxor	-64(%rcx), %ymm14, %ymm14
-        vpxor	-32(%rcx), %ymm14, %ymm14
-        vpxor	(%rcx), %ymm2, %ymm12
-        vpxor	32(%rcx), %ymm12, %ymm12
-        vpxor	64(%rcx), %ymm12, %ymm12
-        vpxor	128(%rcx), %ymm12, %ymm12
-        # Calc t[0..4]
-        vpsrlq	$63, %ymm11, %ymm0
-        vpsrlq	$63, %ymm12, %ymm1
-        vpsrlq	$63, %ymm13, %ymm2
-        vpsrlq	$63, %ymm14, %ymm3
-        vpsrlq	$63, %ymm10, %ymm4
-        vpaddq	%ymm11, %ymm11, %ymm5
-        vpaddq	%ymm12, %ymm12, %ymm6
-        vpaddq	%ymm13, %ymm13, %ymm7
-        vpaddq	%ymm14, %ymm14, %ymm8
-        vpaddq	%ymm10, %ymm10, %ymm9
-        vpor	%ymm0, %ymm5, %ymm5
-        vpor	%ymm1, %ymm6, %ymm6
-        vpor	%ymm2, %ymm7, %ymm7
-        vpor	%ymm3, %ymm8, %ymm8
-        vpor	%ymm4, %ymm9, %ymm9
-        vpxor	%ymm14, %ymm5, %ymm5
-        vpxor	%ymm10, %ymm6, %ymm6
-        vpxor	%ymm11, %ymm7, %ymm7
-        vpxor	%ymm12, %ymm8, %ymm8
-        vpxor	%ymm13, %ymm9, %ymm9
-        # Row Mix
-        # Row 0
-        vpxor	%ymm15, %ymm5, %ymm10
-        vpxor	32(%rax), %ymm6, %ymm11
-        vpxor	32(%rcx), %ymm7, %ymm12
-        vpxor	-96(%rax), %ymm8, %ymm13
-        vpxor	-96(%rcx), %ymm9, %ymm14
-        vpsrlq	$20, %ymm11, %ymm0
-        vpsrlq	$21, %ymm12, %ymm1
-        vpsrlq	$43, %ymm13, %ymm2
-        vpsrlq	$50, %ymm14, %ymm3
-        vpsllq	$44, %ymm11, %ymm11
-        vpsllq	$43, %ymm12, %ymm12
-        vpsllq	$21, %ymm13, %ymm13
-        vpsllq	$14, %ymm14, %ymm14
-        vpor	%ymm0, %ymm11, %ymm11
-        vpor	%ymm1, %ymm12, %ymm12
-        vpor	%ymm2, %ymm13, %ymm13
-        vpor	%ymm3, %ymm14, %ymm14
-        vpandn	%ymm12, %ymm11, %ymm15
-        vpandn	%ymm13, %ymm12, %ymm1
-        vpandn	%ymm14, %ymm13, %ymm2
-        vpandn	%ymm10, %ymm14, %ymm3
-        vpandn	%ymm11, %ymm10, %ymm4
-        vpxor	%ymm10, %ymm15, %ymm15
-        vpxor	%ymm11, %ymm1, %ymm1
-        vpxor	%ymm12, %ymm2, %ymm2
-        # XOR in constant
-        vpxor	224(%rdx), %ymm15, %ymm15
-        vpxor	%ymm13, %ymm3, %ymm3
-        vpxor	%ymm14, %ymm4, %ymm4
-        vmovdqu	%ymm1, 32(%rax)
-        vmovdqu	%ymm2, 32(%rcx)
-        vmovdqu	%ymm3, -96(%rax)
-        vmovdqu	%ymm4, -96(%rcx)
-        # Row 1
-        vpxor	64(%rdi), %ymm8, %ymm10
-        vpxor	-32(%rcx), %ymm9, %ymm11
-        vpxor	-64(%rdi), %ymm5, %ymm12
-        vpxor	-64(%rax), %ymm6, %ymm13
-        vpxor	96(%rcx), %ymm7, %ymm14
-        vpsrlq	$36, %ymm10, %ymm0
-        vpsrlq	$44, %ymm11, %ymm1
-        vpsrlq	$61, %ymm12, %ymm2
-        vpsrlq	$19, %ymm13, %ymm3
-        vpsrlq	$3, %ymm14, %ymm4
-        vpsllq	$28, %ymm10, %ymm10
-        vpsllq	$20, %ymm11, %ymm11
-        vpsllq	$3, %ymm12, %ymm12
-        vpsllq	$45, %ymm13, %ymm13
-        vpsllq	$61, %ymm14, %ymm14
-        vpor	%ymm0, %ymm10, %ymm10
-        vpor	%ymm1, %ymm11, %ymm11
-        vpor	%ymm2, %ymm12, %ymm12
-        vpor	%ymm3, %ymm13, %ymm13
-        vpor	%ymm4, %ymm14, %ymm14
-        vpandn	%ymm12, %ymm11, %ymm0
-        vpandn	%ymm13, %ymm12, %ymm1
-        vpandn	%ymm14, %ymm13, %ymm2
-        vpandn	%ymm10, %ymm14, %ymm3
-        vpandn	%ymm11, %ymm10, %ymm4
-        vpxor	%ymm10, %ymm0, %ymm0
-        vpxor	%ymm11, %ymm1, %ymm1
-        vpxor	%ymm12, %ymm2, %ymm2
-        vpxor	%ymm13, %ymm3, %ymm3
-        vpxor	%ymm14, %ymm4, %ymm4
-        vmovdqu	%ymm0, 64(%rdi)
-        vmovdqu	%ymm1, -32(%rcx)
-        vmovdqu	%ymm2, -64(%rdi)
-        vmovdqu	%ymm3, -64(%rax)
-        vmovdqu	%ymm4, 96(%rcx)
-        # Row 2
-        vpxor	(%rax), %ymm6, %ymm10
-        vpxor	(%rcx), %ymm7, %ymm11
-        vpxor	128(%rdi), %ymm8, %ymm12
-        vpxor	128(%rax), %ymm9, %ymm13
-        vpxor	(%rdi), %ymm5, %ymm14
-        vpsrlq	$63, %ymm10, %ymm0
-        vpsrlq	$58, %ymm11, %ymm1
-        vpsrlq	$39, %ymm12, %ymm2
-        vpsrlq	$56, %ymm13, %ymm3
-        vpsrlq	$46, %ymm14, %ymm4
-        vpaddq	%ymm10, %ymm10, %ymm10
-        vpsllq	$6, %ymm11, %ymm11
-        vpsllq	$25, %ymm12, %ymm12
-        vpsllq	$8, %ymm13, %ymm13
-        vpsllq	$18, %ymm14, %ymm14
-        vpor	%ymm0, %ymm10, %ymm10
-        vpor	%ymm1, %ymm11, %ymm11
-        vpor	%ymm2, %ymm12, %ymm12
-        vpor	%ymm3, %ymm13, %ymm13
-        vpor	%ymm4, %ymm14, %ymm14
-        vpandn	%ymm12, %ymm11, %ymm0
-        vpandn	%ymm13, %ymm12, %ymm1
-        vpandn	%ymm14, %ymm13, %ymm2
-        vpandn	%ymm10, %ymm14, %ymm3
-        vpandn	%ymm11, %ymm10, %ymm4
-        vpxor	%ymm10, %ymm0, %ymm0
-        vpxor	%ymm11, %ymm1, %ymm1
-        vpxor	%ymm12, %ymm2, %ymm2
-        vpxor	%ymm13, %ymm3, %ymm3
-        vpxor	%ymm14, %ymm4, %ymm4
-        vmovdqu	%ymm0, (%rax)
-        vmovdqu	%ymm1, (%rcx)
-        vmovdqu	%ymm2, 128(%rdi)
-        vmovdqu	%ymm3, 128(%rax)
-        vmovdqu	%ymm4, (%rdi)
-        # Row 3
-        vpxor	-64(%rcx), %ymm9, %ymm10
-        vpxor	-96(%rdi), %ymm5, %ymm11
-        vpxor	64(%rax), %ymm6, %ymm12
-        vpxor	64(%rcx), %ymm7, %ymm13
-        vpxor	32(%rdi), %ymm8, %ymm14
-        vpsrlq	$37, %ymm10, %ymm0
-        vpsrlq	$28, %ymm11, %ymm1
-        vpsrlq	$54, %ymm12, %ymm2
-        vpsrlq	$49, %ymm13, %ymm3
-        vpsrlq	$8, %ymm14, %ymm4
-        vpsllq	$27, %ymm10, %ymm10
-        vpsllq	$36, %ymm11, %ymm11
-        vpsllq	$10, %ymm12, %ymm12
-        vpsllq	$15, %ymm13, %ymm13
-        vpsllq	$56, %ymm14, %ymm14
-        vpor	%ymm0, %ymm10, %ymm10
-        vpor	%ymm1, %ymm11, %ymm11
-        vpor	%ymm2, %ymm12, %ymm12
-        vpor	%ymm3, %ymm13, %ymm13
-        vpor	%ymm4, %ymm14, %ymm14
-        vpandn	%ymm12, %ymm11, %ymm0
-        vpandn	%ymm13, %ymm12, %ymm1
-        vpandn	%ymm14, %ymm13, %ymm2
-        vpandn	%ymm10, %ymm14, %ymm3
-        vpandn	%ymm11, %ymm10, %ymm4
-        vpxor	%ymm10, %ymm0, %ymm0
-        vpxor	%ymm11, %ymm1, %ymm1
-        vpxor	%ymm12, %ymm2, %ymm2
-        vpxor	%ymm13, %ymm3, %ymm3
-        vpxor	%ymm14, %ymm4, %ymm4
-        vmovdqu	%ymm0, -64(%rcx)
-        vmovdqu	%ymm1, -96(%rdi)
-        vmovdqu	%ymm2, 64(%rax)
-        vmovdqu	%ymm3, 64(%rcx)
-        vmovdqu	%ymm4, 32(%rdi)
-        # Row 4
-        vpxor	128(%rcx), %ymm7, %ymm10
-        vpxor	96(%rdi), %ymm8, %ymm11
-        vpxor	96(%rax), %ymm9, %ymm12
-        vpxor	-32(%rdi), %ymm5, %ymm13
-        vpxor	-32(%rax), %ymm6, %ymm14
-        vpsrlq	$2, %ymm10, %ymm0
-        vpsrlq	$9, %ymm11, %ymm1
-        vpsrlq	$25, %ymm12, %ymm2
-        vpsrlq	$23, %ymm13, %ymm3
-        vpsrlq	$62, %ymm14, %ymm4
-        vpsllq	$62, %ymm10, %ymm10
-        vpsllq	$55, %ymm11, %ymm11
-        vpsllq	$39, %ymm12, %ymm12
-        vpsllq	$41, %ymm13, %ymm13
-        vpsllq	$2, %ymm14, %ymm14
-        vpor	%ymm0, %ymm10, %ymm10
-        vpor	%ymm1, %ymm11, %ymm11
-        vpor	%ymm2, %ymm12, %ymm12
-        vpor	%ymm3, %ymm13, %ymm13
-        vpor	%ymm4, %ymm14, %ymm14
-        vpandn	%ymm12, %ymm11, %ymm0
-        vpandn	%ymm13, %ymm12, %ymm1
-        vpandn	%ymm14, %ymm13, %ymm2
-        vpandn	%ymm10, %ymm14, %ymm3
-        vpandn	%ymm11, %ymm10, %ymm4
-        vpxor	%ymm10, %ymm0, %ymm0
-        vpxor	%ymm11, %ymm1, %ymm1
-        vpxor	%ymm12, %ymm2, %ymm2
-        vpxor	%ymm13, %ymm3, %ymm3
-        vpxor	%ymm14, %ymm4, %ymm4
-        vmovdqu	%ymm0, 128(%rcx)
-        vmovdqu	%ymm1, 96(%rdi)
-        vmovdqu	%ymm2, 96(%rax)
-        vmovdqu	%ymm3, -32(%rdi)
-        vmovdqu	%ymm4, -32(%rax)
-        # Round 8
-        # Calc b[0..4]
-        vpxor	%ymm15, %ymm0, %ymm10
-        vpxor	-96(%rdi), %ymm1, %ymm11
-        vpxor	-64(%rdi), %ymm2, %ymm12
-        vpxor	(%rdi), %ymm4, %ymm14
-        vpxor	32(%rdi), %ymm14, %ymm14
-        vpxor	64(%rdi), %ymm10, %ymm10
-        vpxor	128(%rdi), %ymm12, %ymm12
-        vpxor	-96(%rax), %ymm3, %ymm13
-        vpxor	-64(%rax), %ymm13, %ymm13
-        vpxor	(%rax), %ymm10, %ymm10
-        vpxor	32(%rax), %ymm11, %ymm11
-        vpxor	64(%rax), %ymm12, %ymm12
-        vpxor	128(%rax), %ymm13, %ymm13
-        vpxor	-96(%rcx), %ymm14, %ymm14
-        vpxor	-64(%rcx), %ymm10, %ymm10
-        vpxor	-32(%rcx), %ymm11, %ymm11
-        vpxor	(%rcx), %ymm11, %ymm11
-        vpxor	32(%rcx), %ymm12, %ymm12
-        vpxor	64(%rcx), %ymm13, %ymm13
-        vpxor	96(%rcx), %ymm14, %ymm14
-        # Calc t[0..4]
-        vpsrlq	$63, %ymm11, %ymm0
-        vpsrlq	$63, %ymm12, %ymm1
-        vpsrlq	$63, %ymm13, %ymm2
-        vpsrlq	$63, %ymm14, %ymm3
-        vpsrlq	$63, %ymm10, %ymm4
-        vpaddq	%ymm11, %ymm11, %ymm5
-        vpaddq	%ymm12, %ymm12, %ymm6
-        vpaddq	%ymm13, %ymm13, %ymm7
-        vpaddq	%ymm14, %ymm14, %ymm8
-        vpaddq	%ymm10, %ymm10, %ymm9
-        vpor	%ymm0, %ymm5, %ymm5
-        vpor	%ymm1, %ymm6, %ymm6
-        vpor	%ymm2, %ymm7, %ymm7
-        vpor	%ymm3, %ymm8, %ymm8
-        vpor	%ymm4, %ymm9, %ymm9
-        vpxor	%ymm14, %ymm5, %ymm5
-        vpxor	%ymm10, %ymm6, %ymm6
-        vpxor	%ymm11, %ymm7, %ymm7
-        vpxor	%ymm12, %ymm8, %ymm8
-        vpxor	%ymm13, %ymm9, %ymm9
-        # Row Mix
-        # Row 0
-        vpxor	%ymm15, %ymm5, %ymm10
-        vpxor	-32(%rcx), %ymm6, %ymm11
-        vpxor	128(%rdi), %ymm7, %ymm12
-        vpxor	64(%rcx), %ymm8, %ymm13
-        vpxor	-32(%rax), %ymm9, %ymm14
-        vpsrlq	$20, %ymm11, %ymm0
-        vpsrlq	$21, %ymm12, %ymm1
-        vpsrlq	$43, %ymm13, %ymm2
-        vpsrlq	$50, %ymm14, %ymm3
-        vpsllq	$44, %ymm11, %ymm11
-        vpsllq	$43, %ymm12, %ymm12
-        vpsllq	$21, %ymm13, %ymm13
-        vpsllq	$14, %ymm14, %ymm14
-        vpor	%ymm0, %ymm11, %ymm11
-        vpor	%ymm1, %ymm12, %ymm12
-        vpor	%ymm2, %ymm13, %ymm13
-        vpor	%ymm3, %ymm14, %ymm14
-        vpandn	%ymm12, %ymm11, %ymm15
-        vpandn	%ymm13, %ymm12, %ymm1
-        vpandn	%ymm14, %ymm13, %ymm2
-        vpandn	%ymm10, %ymm14, %ymm3
-        vpandn	%ymm11, %ymm10, %ymm4
-        vpxor	%ymm10, %ymm15, %ymm15
-        vpxor	%ymm11, %ymm1, %ymm1
-        vpxor	%ymm12, %ymm2, %ymm2
-        # XOR in constant
-        vpxor	256(%rdx), %ymm15, %ymm15
-        vpxor	%ymm13, %ymm3, %ymm3
-        vpxor	%ymm14, %ymm4, %ymm4
-        vmovdqu	%ymm1, -32(%rcx)
-        vmovdqu	%ymm2, 128(%rdi)
-        vmovdqu	%ymm3, 64(%rcx)
-        vmovdqu	%ymm4, -32(%rax)
-        # Row 1
-        vpxor	-96(%rax), %ymm8, %ymm10
-        vpxor	96(%rcx), %ymm9, %ymm11
-        vpxor	(%rax), %ymm5, %ymm12
-        vpxor	-96(%rdi), %ymm6, %ymm13
-        vpxor	96(%rax), %ymm7, %ymm14
-        vpsrlq	$36, %ymm10, %ymm0
-        vpsrlq	$44, %ymm11, %ymm1
-        vpsrlq	$61, %ymm12, %ymm2
-        vpsrlq	$19, %ymm13, %ymm3
-        vpsrlq	$3, %ymm14, %ymm4
-        vpsllq	$28, %ymm10, %ymm10
-        vpsllq	$20, %ymm11, %ymm11
-        vpsllq	$3, %ymm12, %ymm12
-        vpsllq	$45, %ymm13, %ymm13
-        vpsllq	$61, %ymm14, %ymm14
-        vpor	%ymm0, %ymm10, %ymm10
-        vpor	%ymm1, %ymm11, %ymm11
-        vpor	%ymm2, %ymm12, %ymm12
-        vpor	%ymm3, %ymm13, %ymm13
-        vpor	%ymm4, %ymm14, %ymm14
-        vpandn	%ymm12, %ymm11, %ymm0
-        vpandn	%ymm13, %ymm12, %ymm1
-        vpandn	%ymm14, %ymm13, %ymm2
-        vpandn	%ymm10, %ymm14, %ymm3
-        vpandn	%ymm11, %ymm10, %ymm4
-        vpxor	%ymm10, %ymm0, %ymm0
-        vpxor	%ymm11, %ymm1, %ymm1
-        vpxor	%ymm12, %ymm2, %ymm2
-        vpxor	%ymm13, %ymm3, %ymm3
-        vpxor	%ymm14, %ymm4, %ymm4
-        vmovdqu	%ymm0, -96(%rax)
-        vmovdqu	%ymm1, 96(%rcx)
-        vmovdqu	%ymm2, (%rax)
-        vmovdqu	%ymm3, -96(%rdi)
-        vmovdqu	%ymm4, 96(%rax)
-        # Row 2
-        vpxor	32(%rax), %ymm6, %ymm10
-        vpxor	-64(%rdi), %ymm7, %ymm11
-        vpxor	128(%rax), %ymm8, %ymm12
-        vpxor	32(%rdi), %ymm9, %ymm13
-        vpxor	128(%rcx), %ymm5, %ymm14
-        vpsrlq	$63, %ymm10, %ymm0
-        vpsrlq	$58, %ymm11, %ymm1
-        vpsrlq	$39, %ymm12, %ymm2
-        vpsrlq	$56, %ymm13, %ymm3
-        vpsrlq	$46, %ymm14, %ymm4
-        vpaddq	%ymm10, %ymm10, %ymm10
-        vpsllq	$6, %ymm11, %ymm11
-        vpsllq	$25, %ymm12, %ymm12
-        vpsllq	$8, %ymm13, %ymm13
-        vpsllq	$18, %ymm14, %ymm14
-        vpor	%ymm0, %ymm10, %ymm10
-        vpor	%ymm1, %ymm11, %ymm11
-        vpor	%ymm2, %ymm12, %ymm12
-        vpor	%ymm3, %ymm13, %ymm13
-        vpor	%ymm4, %ymm14, %ymm14
-        vpandn	%ymm12, %ymm11, %ymm0
-        vpandn	%ymm13, %ymm12, %ymm1
-        vpandn	%ymm14, %ymm13, %ymm2
-        vpandn	%ymm10, %ymm14, %ymm3
-        vpandn	%ymm11, %ymm10, %ymm4
-        vpxor	%ymm10, %ymm0, %ymm0
-        vpxor	%ymm11, %ymm1, %ymm1
-        vpxor	%ymm12, %ymm2, %ymm2
-        vpxor	%ymm13, %ymm3, %ymm3
-        vpxor	%ymm14, %ymm4, %ymm4
-        vmovdqu	%ymm0, 32(%rax)
-        vmovdqu	%ymm1, -64(%rdi)
-        vmovdqu	%ymm2, 128(%rax)
-        vmovdqu	%ymm3, 32(%rdi)
-        vmovdqu	%ymm4, 128(%rcx)
-        # Row 3
-        vpxor	-96(%rcx), %ymm9, %ymm10
-        vpxor	64(%rdi), %ymm5, %ymm11
-        vpxor	(%rcx), %ymm6, %ymm12
-        vpxor	64(%rax), %ymm7, %ymm13
-        vpxor	-32(%rdi), %ymm8, %ymm14
-        vpsrlq	$37, %ymm10, %ymm0
-        vpsrlq	$28, %ymm11, %ymm1
-        vpsrlq	$54, %ymm12, %ymm2
-        vpsrlq	$49, %ymm13, %ymm3
-        vpsrlq	$8, %ymm14, %ymm4
-        vpsllq	$27, %ymm10, %ymm10
-        vpsllq	$36, %ymm11, %ymm11
-        vpsllq	$10, %ymm12, %ymm12
-        vpsllq	$15, %ymm13, %ymm13
-        vpsllq	$56, %ymm14, %ymm14
-        vpor	%ymm0, %ymm10, %ymm10
-        vpor	%ymm1, %ymm11, %ymm11
-        vpor	%ymm2, %ymm12, %ymm12
-        vpor	%ymm3, %ymm13, %ymm13
-        vpor	%ymm4, %ymm14, %ymm14
-        vpandn	%ymm12, %ymm11, %ymm0
-        vpandn	%ymm13, %ymm12, %ymm1
-        vpandn	%ymm14, %ymm13, %ymm2
-        vpandn	%ymm10, %ymm14, %ymm3
-        vpandn	%ymm11, %ymm10, %ymm4
-        vpxor	%ymm10, %ymm0, %ymm0
-        vpxor	%ymm11, %ymm1, %ymm1
-        vpxor	%ymm12, %ymm2, %ymm2
-        vpxor	%ymm13, %ymm3, %ymm3
-        vpxor	%ymm14, %ymm4, %ymm4
-        vmovdqu	%ymm0, -96(%rcx)
-        vmovdqu	%ymm1, 64(%rdi)
-        vmovdqu	%ymm2, (%rcx)
-        vmovdqu	%ymm3, 64(%rax)
-        vmovdqu	%ymm4, -32(%rdi)
-        # Row 4
-        vpxor	32(%rcx), %ymm7, %ymm10
-        vpxor	-64(%rax), %ymm8, %ymm11
-        vpxor	(%rdi), %ymm9, %ymm12
-        vpxor	-64(%rcx), %ymm5, %ymm13
-        vpxor	96(%rdi), %ymm6, %ymm14
-        vpsrlq	$2, %ymm10, %ymm0
-        vpsrlq	$9, %ymm11, %ymm1
-        vpsrlq	$25, %ymm12, %ymm2
-        vpsrlq	$23, %ymm13, %ymm3
-        vpsrlq	$62, %ymm14, %ymm4
-        vpsllq	$62, %ymm10, %ymm10
-        vpsllq	$55, %ymm11, %ymm11
-        vpsllq	$39, %ymm12, %ymm12
-        vpsllq	$41, %ymm13, %ymm13
-        vpsllq	$2, %ymm14, %ymm14
-        vpor	%ymm0, %ymm10, %ymm10
-        vpor	%ymm1, %ymm11, %ymm11
-        vpor	%ymm2, %ymm12, %ymm12
-        vpor	%ymm3, %ymm13, %ymm13
-        vpor	%ymm4, %ymm14, %ymm14
-        vpandn	%ymm12, %ymm11, %ymm0
-        vpandn	%ymm13, %ymm12, %ymm1
-        vpandn	%ymm14, %ymm13, %ymm2
-        vpandn	%ymm10, %ymm14, %ymm3
-        vpandn	%ymm11, %ymm10, %ymm4
-        vpxor	%ymm10, %ymm0, %ymm0
-        vpxor	%ymm11, %ymm1, %ymm1
-        vpxor	%ymm12, %ymm2, %ymm2
-        vpxor	%ymm13, %ymm3, %ymm3
-        vpxor	%ymm14, %ymm4, %ymm4
-        vmovdqu	%ymm0, 32(%rcx)
-        vmovdqu	%ymm1, -64(%rax)
-        vmovdqu	%ymm2, (%rdi)
-        vmovdqu	%ymm3, -64(%rcx)
-        vmovdqu	%ymm4, 96(%rdi)
-        # Round 9
-        # Calc b[0..4]
-        vpxor	%ymm15, %ymm0, %ymm10
-        vpxor	-96(%rdi), %ymm3, %ymm13
-        vpxor	-64(%rdi), %ymm1, %ymm11
-        vpxor	-32(%rdi), %ymm4, %ymm14
-        vpxor	32(%rdi), %ymm13, %ymm13
-        vpxor	64(%rdi), %ymm11, %ymm11
-        vpxor	128(%rdi), %ymm2, %ymm12
-        vpxor	-96(%rax), %ymm10, %ymm10
-        vpxor	-32(%rax), %ymm14, %ymm14
-        vpxor	(%rax), %ymm12, %ymm12
-        vpxor	32(%rax), %ymm10, %ymm10
-        vpxor	64(%rax), %ymm13, %ymm13
-        vpxor	96(%rax), %ymm14, %ymm14
-        vpxor	128(%rax), %ymm12, %ymm12
-        vpxor	-96(%rcx), %ymm10, %ymm10
-        vpxor	-32(%rcx), %ymm11, %ymm11
-        vpxor	(%rcx), %ymm12, %ymm12
-        vpxor	64(%rcx), %ymm13, %ymm13
-        vpxor	96(%rcx), %ymm11, %ymm11
-        vpxor	128(%rcx), %ymm14, %ymm14
-        # Calc t[0..4]
-        vpsrlq	$63, %ymm11, %ymm0
-        vpsrlq	$63, %ymm12, %ymm1
-        vpsrlq	$63, %ymm13, %ymm2
-        vpsrlq	$63, %ymm14, %ymm3
-        vpsrlq	$63, %ymm10, %ymm4
-        vpaddq	%ymm11, %ymm11, %ymm5
-        vpaddq	%ymm12, %ymm12, %ymm6
-        vpaddq	%ymm13, %ymm13, %ymm7
-        vpaddq	%ymm14, %ymm14, %ymm8
-        vpaddq	%ymm10, %ymm10, %ymm9
-        vpor	%ymm0, %ymm5, %ymm5
-        vpor	%ymm1, %ymm6, %ymm6
-        vpor	%ymm2, %ymm7, %ymm7
-        vpor	%ymm3, %ymm8, %ymm8
-        vpor	%ymm4, %ymm9, %ymm9
-        vpxor	%ymm14, %ymm5, %ymm5
-        vpxor	%ymm10, %ymm6, %ymm6
-        vpxor	%ymm11, %ymm7, %ymm7
-        vpxor	%ymm12, %ymm8, %ymm8
-        vpxor	%ymm13, %ymm9, %ymm9
-        # Row Mix
-        # Row 0
-        vpxor	%ymm15, %ymm5, %ymm10
-        vpxor	96(%rcx), %ymm6, %ymm11
-        vpxor	128(%rax), %ymm7, %ymm12
-        vpxor	64(%rax), %ymm8, %ymm13
-        vpxor	96(%rdi), %ymm9, %ymm14
-        vpsrlq	$20, %ymm11, %ymm0
-        vpsrlq	$21, %ymm12, %ymm1
-        vpsrlq	$43, %ymm13, %ymm2
-        vpsrlq	$50, %ymm14, %ymm3
-        vpsllq	$44, %ymm11, %ymm11
-        vpsllq	$43, %ymm12, %ymm12
-        vpsllq	$21, %ymm13, %ymm13
-        vpsllq	$14, %ymm14, %ymm14
-        vpor	%ymm0, %ymm11, %ymm11
-        vpor	%ymm1, %ymm12, %ymm12
-        vpor	%ymm2, %ymm13, %ymm13
-        vpor	%ymm3, %ymm14, %ymm14
-        vpandn	%ymm12, %ymm11, %ymm15
-        vpandn	%ymm13, %ymm12, %ymm1
-        vpandn	%ymm14, %ymm13, %ymm2
-        vpandn	%ymm10, %ymm14, %ymm3
-        vpandn	%ymm11, %ymm10, %ymm4
-        vpxor	%ymm10, %ymm15, %ymm15
-        vpxor	%ymm11, %ymm1, %ymm1
-        vpxor	%ymm12, %ymm2, %ymm2
-        # XOR in constant
-        vpxor	288(%rdx), %ymm15, %ymm15
-        vpxor	%ymm13, %ymm3, %ymm3
-        vpxor	%ymm14, %ymm4, %ymm4
-        vmovdqu	%ymm1, 96(%rcx)
-        vmovdqu	%ymm2, 128(%rax)
-        vmovdqu	%ymm3, 64(%rax)
-        vmovdqu	%ymm4, 96(%rdi)
-        # Row 1
-        vpxor	64(%rcx), %ymm8, %ymm10
-        vpxor	96(%rax), %ymm9, %ymm11
-        vpxor	32(%rax), %ymm5, %ymm12
-        vpxor	64(%rdi), %ymm6, %ymm13
-        vpxor	(%rdi), %ymm7, %ymm14
-        vpsrlq	$36, %ymm10, %ymm0
-        vpsrlq	$44, %ymm11, %ymm1
-        vpsrlq	$61, %ymm12, %ymm2
-        vpsrlq	$19, %ymm13, %ymm3
-        vpsrlq	$3, %ymm14, %ymm4
-        vpsllq	$28, %ymm10, %ymm10
-        vpsllq	$20, %ymm11, %ymm11
-        vpsllq	$3, %ymm12, %ymm12
-        vpsllq	$45, %ymm13, %ymm13
-        vpsllq	$61, %ymm14, %ymm14
-        vpor	%ymm0, %ymm10, %ymm10
-        vpor	%ymm1, %ymm11, %ymm11
-        vpor	%ymm2, %ymm12, %ymm12
-        vpor	%ymm3, %ymm13, %ymm13
-        vpor	%ymm4, %ymm14, %ymm14
-        vpandn	%ymm12, %ymm11, %ymm0
-        vpandn	%ymm13, %ymm12, %ymm1
-        vpandn	%ymm14, %ymm13, %ymm2
-        vpandn	%ymm10, %ymm14, %ymm3
-        vpandn	%ymm11, %ymm10, %ymm4
-        vpxor	%ymm10, %ymm0, %ymm0
-        vpxor	%ymm11, %ymm1, %ymm1
-        vpxor	%ymm12, %ymm2, %ymm2
-        vpxor	%ymm13, %ymm3, %ymm3
-        vpxor	%ymm14, %ymm4, %ymm4
-        vmovdqu	%ymm0, 64(%rcx)
-        vmovdqu	%ymm1, 96(%rax)
-        vmovdqu	%ymm2, 32(%rax)
-        vmovdqu	%ymm3, 64(%rdi)
-        vmovdqu	%ymm4, (%rdi)
-        # Row 2
-        vpxor	-32(%rcx), %ymm6, %ymm10
-        vpxor	(%rax), %ymm7, %ymm11
-        vpxor	32(%rdi), %ymm8, %ymm12
-        vpxor	-32(%rdi), %ymm9, %ymm13
-        vpxor	32(%rcx), %ymm5, %ymm14
-        vpsrlq	$63, %ymm10, %ymm0
-        vpsrlq	$58, %ymm11, %ymm1
-        vpsrlq	$39, %ymm12, %ymm2
-        vpsrlq	$56, %ymm13, %ymm3
-        vpsrlq	$46, %ymm14, %ymm4
-        vpaddq	%ymm10, %ymm10, %ymm10
-        vpsllq	$6, %ymm11, %ymm11
-        vpsllq	$25, %ymm12, %ymm12
-        vpsllq	$8, %ymm13, %ymm13
-        vpsllq	$18, %ymm14, %ymm14
-        vpor	%ymm0, %ymm10, %ymm10
-        vpor	%ymm1, %ymm11, %ymm11
-        vpor	%ymm2, %ymm12, %ymm12
-        vpor	%ymm3, %ymm13, %ymm13
-        vpor	%ymm4, %ymm14, %ymm14
-        vpandn	%ymm12, %ymm11, %ymm0
-        vpandn	%ymm13, %ymm12, %ymm1
-        vpandn	%ymm14, %ymm13, %ymm2
-        vpandn	%ymm10, %ymm14, %ymm3
-        vpandn	%ymm11, %ymm10, %ymm4
-        vpxor	%ymm10, %ymm0, %ymm0
-        vpxor	%ymm11, %ymm1, %ymm1
-        vpxor	%ymm12, %ymm2, %ymm2
-        vpxor	%ymm13, %ymm3, %ymm3
-        vpxor	%ymm14, %ymm4, %ymm4
-        vmovdqu	%ymm0, -32(%rcx)
-        vmovdqu	%ymm1, (%rax)
-        vmovdqu	%ymm2, 32(%rdi)
-        vmovdqu	%ymm3, -32(%rdi)
-        vmovdqu	%ymm4, 32(%rcx)
-        # Row 3
-        vpxor	-32(%rax), %ymm9, %ymm10
-        vpxor	-96(%rax), %ymm5, %ymm11
-        vpxor	-64(%rdi), %ymm6, %ymm12
-        vpxor	(%rcx), %ymm7, %ymm13
-        vpxor	-64(%rcx), %ymm8, %ymm14
-        vpsrlq	$37, %ymm10, %ymm0
-        vpsrlq	$28, %ymm11, %ymm1
-        vpsrlq	$54, %ymm12, %ymm2
-        vpsrlq	$49, %ymm13, %ymm3
-        vpsrlq	$8, %ymm14, %ymm4
-        vpsllq	$27, %ymm10, %ymm10
-        vpsllq	$36, %ymm11, %ymm11
-        vpsllq	$10, %ymm12, %ymm12
-        vpsllq	$15, %ymm13, %ymm13
-        vpsllq	$56, %ymm14, %ymm14
-        vpor	%ymm0, %ymm10, %ymm10
-        vpor	%ymm1, %ymm11, %ymm11
-        vpor	%ymm2, %ymm12, %ymm12
-        vpor	%ymm3, %ymm13, %ymm13
-        vpor	%ymm4, %ymm14, %ymm14
-        vpandn	%ymm12, %ymm11, %ymm0
-        vpandn	%ymm13, %ymm12, %ymm1
-        vpandn	%ymm14, %ymm13, %ymm2
-        vpandn	%ymm10, %ymm14, %ymm3
-        vpandn	%ymm11, %ymm10, %ymm4
-        vpxor	%ymm10, %ymm0, %ymm0
-        vpxor	%ymm11, %ymm1, %ymm1
-        vpxor	%ymm12, %ymm2, %ymm2
-        vpxor	%ymm13, %ymm3, %ymm3
-        vpxor	%ymm14, %ymm4, %ymm4
-        vmovdqu	%ymm0, -32(%rax)
-        vmovdqu	%ymm1, -96(%rax)
-        vmovdqu	%ymm2, -64(%rdi)
-        vmovdqu	%ymm3, (%rcx)
-        vmovdqu	%ymm4, -64(%rcx)
-        # Row 4
-        vpxor	128(%rdi), %ymm7, %ymm10
-        vpxor	-96(%rdi), %ymm8, %ymm11
-        vpxor	128(%rcx), %ymm9, %ymm12
-        vpxor	-96(%rcx), %ymm5, %ymm13
-        vpxor	-64(%rax), %ymm6, %ymm14
-        vpsrlq	$2, %ymm10, %ymm0
-        vpsrlq	$9, %ymm11, %ymm1
-        vpsrlq	$25, %ymm12, %ymm2
-        vpsrlq	$23, %ymm13, %ymm3
-        vpsrlq	$62, %ymm14, %ymm4
-        vpsllq	$62, %ymm10, %ymm10
-        vpsllq	$55, %ymm11, %ymm11
-        vpsllq	$39, %ymm12, %ymm12
-        vpsllq	$41, %ymm13, %ymm13
-        vpsllq	$2, %ymm14, %ymm14
-        vpor	%ymm0, %ymm10, %ymm10
-        vpor	%ymm1, %ymm11, %ymm11
-        vpor	%ymm2, %ymm12, %ymm12
-        vpor	%ymm3, %ymm13, %ymm13
-        vpor	%ymm4, %ymm14, %ymm14
-        vpandn	%ymm12, %ymm11, %ymm0
-        vpandn	%ymm13, %ymm12, %ymm1
-        vpandn	%ymm14, %ymm13, %ymm2
-        vpandn	%ymm10, %ymm14, %ymm3
-        vpandn	%ymm11, %ymm10, %ymm4
-        vpxor	%ymm10, %ymm0, %ymm0
-        vpxor	%ymm11, %ymm1, %ymm1
-        vpxor	%ymm12, %ymm2, %ymm2
-        vpxor	%ymm13, %ymm3, %ymm3
-        vpxor	%ymm14, %ymm4, %ymm4
-        vmovdqu	%ymm0, 128(%rdi)
-        vmovdqu	%ymm1, -96(%rdi)
-        vmovdqu	%ymm2, 128(%rcx)
-        vmovdqu	%ymm3, -96(%rcx)
-        vmovdqu	%ymm4, -64(%rax)
-        # Round 10
-        # Calc b[0..4]
-        vpxor	%ymm15, %ymm0, %ymm10
-        vpxor	-64(%rdi), %ymm2, %ymm12
-        vpxor	-32(%rdi), %ymm3, %ymm13
-        vpxor	(%rdi), %ymm4, %ymm14
-        vpxor	32(%rdi), %ymm12, %ymm12
-        vpxor	64(%rdi), %ymm13, %ymm13
-        vpxor	96(%rdi), %ymm14, %ymm14
-        vpxor	-96(%rax), %ymm1, %ymm11
-        vpxor	-32(%rax), %ymm10, %ymm10
-        vpxor	(%rax), %ymm11, %ymm11
-        vpxor	32(%rax), %ymm12, %ymm12
-        vpxor	64(%rax), %ymm13, %ymm13
-        vpxor	96(%rax), %ymm11, %ymm11
-        vpxor	128(%rax), %ymm12, %ymm12
-        vpxor	-64(%rcx), %ymm14, %ymm14
-        vpxor	-32(%rcx), %ymm10, %ymm10
-        vpxor	(%rcx), %ymm13, %ymm13
-        vpxor	32(%rcx), %ymm14, %ymm14
-        vpxor	64(%rcx), %ymm10, %ymm10
-        vpxor	96(%rcx), %ymm11, %ymm11
-        # Calc t[0..4]
-        vpsrlq	$63, %ymm11, %ymm0
-        vpsrlq	$63, %ymm12, %ymm1
-        vpsrlq	$63, %ymm13, %ymm2
-        vpsrlq	$63, %ymm14, %ymm3
-        vpsrlq	$63, %ymm10, %ymm4
-        vpaddq	%ymm11, %ymm11, %ymm5
-        vpaddq	%ymm12, %ymm12, %ymm6
-        vpaddq	%ymm13, %ymm13, %ymm7
-        vpaddq	%ymm14, %ymm14, %ymm8
-        vpaddq	%ymm10, %ymm10, %ymm9
-        vpor	%ymm0, %ymm5, %ymm5
-        vpor	%ymm1, %ymm6, %ymm6
-        vpor	%ymm2, %ymm7, %ymm7
-        vpor	%ymm3, %ymm8, %ymm8
-        vpor	%ymm4, %ymm9, %ymm9
-        vpxor	%ymm14, %ymm5, %ymm5
-        vpxor	%ymm10, %ymm6, %ymm6
-        vpxor	%ymm11, %ymm7, %ymm7
-        vpxor	%ymm12, %ymm8, %ymm8
-        vpxor	%ymm13, %ymm9, %ymm9
-        # Row Mix
-        # Row 0
-        vpxor	%ymm15, %ymm5, %ymm10
-        vpxor	96(%rax), %ymm6, %ymm11
-        vpxor	32(%rdi), %ymm7, %ymm12
-        vpxor	(%rcx), %ymm8, %ymm13
-        vpxor	-64(%rax), %ymm9, %ymm14
-        vpsrlq	$20, %ymm11, %ymm0
-        vpsrlq	$21, %ymm12, %ymm1
-        vpsrlq	$43, %ymm13, %ymm2
-        vpsrlq	$50, %ymm14, %ymm3
-        vpsllq	$44, %ymm11, %ymm11
-        vpsllq	$43, %ymm12, %ymm12
-        vpsllq	$21, %ymm13, %ymm13
-        vpsllq	$14, %ymm14, %ymm14
-        vpor	%ymm0, %ymm11, %ymm11
-        vpor	%ymm1, %ymm12, %ymm12
-        vpor	%ymm2, %ymm13, %ymm13
-        vpor	%ymm3, %ymm14, %ymm14
-        vpandn	%ymm12, %ymm11, %ymm15
-        vpandn	%ymm13, %ymm12, %ymm1
-        vpandn	%ymm14, %ymm13, %ymm2
-        vpandn	%ymm10, %ymm14, %ymm3
-        vpandn	%ymm11, %ymm10, %ymm4
-        vpxor	%ymm10, %ymm15, %ymm15
-        vpxor	%ymm11, %ymm1, %ymm1
-        vpxor	%ymm12, %ymm2, %ymm2
-        # XOR in constant
-        vpxor	320(%rdx), %ymm15, %ymm15
-        vpxor	%ymm13, %ymm3, %ymm3
-        vpxor	%ymm14, %ymm4, %ymm4
-        vmovdqu	%ymm1, 96(%rax)
-        vmovdqu	%ymm2, 32(%rdi)
-        vmovdqu	%ymm3, (%rcx)
-        vmovdqu	%ymm4, -64(%rax)
-        # Row 1
-        vpxor	64(%rax), %ymm8, %ymm10
-        vpxor	(%rdi), %ymm9, %ymm11
-        vpxor	-32(%rcx), %ymm5, %ymm12
-        vpxor	-96(%rax), %ymm6, %ymm13
-        vpxor	128(%rcx), %ymm7, %ymm14
-        vpsrlq	$36, %ymm10, %ymm0
-        vpsrlq	$44, %ymm11, %ymm1
-        vpsrlq	$61, %ymm12, %ymm2
-        vpsrlq	$19, %ymm13, %ymm3
-        vpsrlq	$3, %ymm14, %ymm4
-        vpsllq	$28, %ymm10, %ymm10
-        vpsllq	$20, %ymm11, %ymm11
-        vpsllq	$3, %ymm12, %ymm12
-        vpsllq	$45, %ymm13, %ymm13
-        vpsllq	$61, %ymm14, %ymm14
-        vpor	%ymm0, %ymm10, %ymm10
-        vpor	%ymm1, %ymm11, %ymm11
-        vpor	%ymm2, %ymm12, %ymm12
-        vpor	%ymm3, %ymm13, %ymm13
-        vpor	%ymm4, %ymm14, %ymm14
-        vpandn	%ymm12, %ymm11, %ymm0
-        vpandn	%ymm13, %ymm12, %ymm1
-        vpandn	%ymm14, %ymm13, %ymm2
-        vpandn	%ymm10, %ymm14, %ymm3
-        vpandn	%ymm11, %ymm10, %ymm4
-        vpxor	%ymm10, %ymm0, %ymm0
-        vpxor	%ymm11, %ymm1, %ymm1
-        vpxor	%ymm12, %ymm2, %ymm2
-        vpxor	%ymm13, %ymm3, %ymm3
-        vpxor	%ymm14, %ymm4, %ymm4
-        vmovdqu	%ymm0, 64(%rax)
-        vmovdqu	%ymm1, (%rdi)
-        vmovdqu	%ymm2, -32(%rcx)
-        vmovdqu	%ymm3, -96(%rax)
-        vmovdqu	%ymm4, 128(%rcx)
-        # Row 2
-        vpxor	96(%rcx), %ymm6, %ymm10
-        vpxor	32(%rax), %ymm7, %ymm11
-        vpxor	-32(%rdi), %ymm8, %ymm12
-        vpxor	-64(%rcx), %ymm9, %ymm13
-        vpxor	128(%rdi), %ymm5, %ymm14
-        vpsrlq	$63, %ymm10, %ymm0
-        vpsrlq	$58, %ymm11, %ymm1
-        vpsrlq	$39, %ymm12, %ymm2
-        vpsrlq	$56, %ymm13, %ymm3
-        vpsrlq	$46, %ymm14, %ymm4
-        vpaddq	%ymm10, %ymm10, %ymm10
-        vpsllq	$6, %ymm11, %ymm11
-        vpsllq	$25, %ymm12, %ymm12
-        vpsllq	$8, %ymm13, %ymm13
-        vpsllq	$18, %ymm14, %ymm14
-        vpor	%ymm0, %ymm10, %ymm10
-        vpor	%ymm1, %ymm11, %ymm11
-        vpor	%ymm2, %ymm12, %ymm12
-        vpor	%ymm3, %ymm13, %ymm13
-        vpor	%ymm4, %ymm14, %ymm14
-        vpandn	%ymm12, %ymm11, %ymm0
-        vpandn	%ymm13, %ymm12, %ymm1
-        vpandn	%ymm14, %ymm13, %ymm2
-        vpandn	%ymm10, %ymm14, %ymm3
-        vpandn	%ymm11, %ymm10, %ymm4
-        vpxor	%ymm10, %ymm0, %ymm0
-        vpxor	%ymm11, %ymm1, %ymm1
-        vpxor	%ymm12, %ymm2, %ymm2
-        vpxor	%ymm13, %ymm3, %ymm3
-        vpxor	%ymm14, %ymm4, %ymm4
-        vmovdqu	%ymm0, 96(%rcx)
-        vmovdqu	%ymm1, 32(%rax)
-        vmovdqu	%ymm2, -32(%rdi)
-        vmovdqu	%ymm3, -64(%rcx)
-        vmovdqu	%ymm4, 128(%rdi)
-        # Row 3
-        vpxor	96(%rdi), %ymm9, %ymm10
-        vpxor	64(%rcx), %ymm5, %ymm11
-        vpxor	(%rax), %ymm6, %ymm12
-        vpxor	-64(%rdi), %ymm7, %ymm13
-        vpxor	-96(%rcx), %ymm8, %ymm14
-        vpsrlq	$37, %ymm10, %ymm0
-        vpsrlq	$28, %ymm11, %ymm1
-        vpsrlq	$54, %ymm12, %ymm2
-        vpsrlq	$49, %ymm13, %ymm3
-        vpsrlq	$8, %ymm14, %ymm4
-        vpsllq	$27, %ymm10, %ymm10
-        vpsllq	$36, %ymm11, %ymm11
-        vpsllq	$10, %ymm12, %ymm12
-        vpsllq	$15, %ymm13, %ymm13
-        vpsllq	$56, %ymm14, %ymm14
-        vpor	%ymm0, %ymm10, %ymm10
-        vpor	%ymm1, %ymm11, %ymm11
-        vpor	%ymm2, %ymm12, %ymm12
-        vpor	%ymm3, %ymm13, %ymm13
-        vpor	%ymm4, %ymm14, %ymm14
-        vpandn	%ymm12, %ymm11, %ymm0
-        vpandn	%ymm13, %ymm12, %ymm1
-        vpandn	%ymm14, %ymm13, %ymm2
-        vpandn	%ymm10, %ymm14, %ymm3
-        vpandn	%ymm11, %ymm10, %ymm4
-        vpxor	%ymm10, %ymm0, %ymm0
-        vpxor	%ymm11, %ymm1, %ymm1
-        vpxor	%ymm12, %ymm2, %ymm2
-        vpxor	%ymm13, %ymm3, %ymm3
-        vpxor	%ymm14, %ymm4, %ymm4
-        vmovdqu	%ymm0, 96(%rdi)
-        vmovdqu	%ymm1, 64(%rcx)
-        vmovdqu	%ymm2, (%rax)
-        vmovdqu	%ymm3, -64(%rdi)
-        vmovdqu	%ymm4, -96(%rcx)
-        # Row 4
-        vpxor	128(%rax), %ymm7, %ymm10
-        vpxor	64(%rdi), %ymm8, %ymm11
-        vpxor	32(%rcx), %ymm9, %ymm12
-        vpxor	-32(%rax), %ymm5, %ymm13
-        vpxor	-96(%rdi), %ymm6, %ymm14
-        vpsrlq	$2, %ymm10, %ymm0
-        vpsrlq	$9, %ymm11, %ymm1
-        vpsrlq	$25, %ymm12, %ymm2
-        vpsrlq	$23, %ymm13, %ymm3
-        vpsrlq	$62, %ymm14, %ymm4
-        vpsllq	$62, %ymm10, %ymm10
-        vpsllq	$55, %ymm11, %ymm11
-        vpsllq	$39, %ymm12, %ymm12
-        vpsllq	$41, %ymm13, %ymm13
-        vpsllq	$2, %ymm14, %ymm14
-        vpor	%ymm0, %ymm10, %ymm10
-        vpor	%ymm1, %ymm11, %ymm11
-        vpor	%ymm2, %ymm12, %ymm12
-        vpor	%ymm3, %ymm13, %ymm13
-        vpor	%ymm4, %ymm14, %ymm14
-        vpandn	%ymm12, %ymm11, %ymm0
-        vpandn	%ymm13, %ymm12, %ymm1
-        vpandn	%ymm14, %ymm13, %ymm2
-        vpandn	%ymm10, %ymm14, %ymm3
-        vpandn	%ymm11, %ymm10, %ymm4
-        vpxor	%ymm10, %ymm0, %ymm0
-        vpxor	%ymm11, %ymm1, %ymm1
-        vpxor	%ymm12, %ymm2, %ymm2
-        vpxor	%ymm13, %ymm3, %ymm3
-        vpxor	%ymm14, %ymm4, %ymm4
-        vmovdqu	%ymm0, 128(%rax)
-        vmovdqu	%ymm1, 64(%rdi)
-        vmovdqu	%ymm2, 32(%rcx)
-        vmovdqu	%ymm3, -32(%rax)
-        vmovdqu	%ymm4, -96(%rdi)
-        # Round 11
-        # Calc b[0..4]
-        vpxor	%ymm15, %ymm0, %ymm10
-        vpxor	-64(%rdi), %ymm3, %ymm13
-        vpxor	-32(%rdi), %ymm2, %ymm12
-        vpxor	(%rdi), %ymm1, %ymm11
-        vpxor	32(%rdi), %ymm12, %ymm12
-        vpxor	96(%rdi), %ymm10, %ymm10
-        vpxor	128(%rdi), %ymm4, %ymm14
-        vpxor	-96(%rax), %ymm13, %ymm13
-        vpxor	-64(%rax), %ymm14, %ymm14
-        vpxor	(%rax), %ymm12, %ymm12
-        vpxor	32(%rax), %ymm11, %ymm11
-        vpxor	64(%rax), %ymm10, %ymm10
-        vpxor	96(%rax), %ymm11, %ymm11
-        vpxor	-96(%rcx), %ymm14, %ymm14
-        vpxor	-64(%rcx), %ymm13, %ymm13
-        vpxor	-32(%rcx), %ymm12, %ymm12
-        vpxor	(%rcx), %ymm13, %ymm13
-        vpxor	64(%rcx), %ymm11, %ymm11
-        vpxor	96(%rcx), %ymm10, %ymm10
-        vpxor	128(%rcx), %ymm14, %ymm14
-        # Calc t[0..4]
-        vpsrlq	$63, %ymm11, %ymm0
-        vpsrlq	$63, %ymm12, %ymm1
-        vpsrlq	$63, %ymm13, %ymm2
-        vpsrlq	$63, %ymm14, %ymm3
-        vpsrlq	$63, %ymm10, %ymm4
-        vpaddq	%ymm11, %ymm11, %ymm5
-        vpaddq	%ymm12, %ymm12, %ymm6
-        vpaddq	%ymm13, %ymm13, %ymm7
-        vpaddq	%ymm14, %ymm14, %ymm8
-        vpaddq	%ymm10, %ymm10, %ymm9
-        vpor	%ymm0, %ymm5, %ymm5
-        vpor	%ymm1, %ymm6, %ymm6
-        vpor	%ymm2, %ymm7, %ymm7
-        vpor	%ymm3, %ymm8, %ymm8
-        vpor	%ymm4, %ymm9, %ymm9
-        vpxor	%ymm14, %ymm5, %ymm5
-        vpxor	%ymm10, %ymm6, %ymm6
-        vpxor	%ymm11, %ymm7, %ymm7
-        vpxor	%ymm12, %ymm8, %ymm8
-        vpxor	%ymm13, %ymm9, %ymm9
-        # Row Mix
-        # Row 0
-        vpxor	%ymm15, %ymm5, %ymm10
-        vpxor	(%rdi), %ymm6, %ymm11
-        vpxor	-32(%rdi), %ymm7, %ymm12
-        vpxor	-64(%rdi), %ymm8, %ymm13
-        vpxor	-96(%rdi), %ymm9, %ymm14
-        vpsrlq	$20, %ymm11, %ymm0
-        vpsrlq	$21, %ymm12, %ymm1
-        vpsrlq	$43, %ymm13, %ymm2
-        vpsrlq	$50, %ymm14, %ymm3
-        vpsllq	$44, %ymm11, %ymm11
-        vpsllq	$43, %ymm12, %ymm12
-        vpsllq	$21, %ymm13, %ymm13
-        vpsllq	$14, %ymm14, %ymm14
-        vpor	%ymm0, %ymm11, %ymm11
-        vpor	%ymm1, %ymm12, %ymm12
-        vpor	%ymm2, %ymm13, %ymm13
-        vpor	%ymm3, %ymm14, %ymm14
-        vpandn	%ymm12, %ymm11, %ymm15
-        vpandn	%ymm13, %ymm12, %ymm1
-        vpandn	%ymm14, %ymm13, %ymm2
-        vpandn	%ymm10, %ymm14, %ymm3
-        vpandn	%ymm11, %ymm10, %ymm4
-        vpxor	%ymm10, %ymm15, %ymm15
-        vpxor	%ymm11, %ymm1, %ymm1
-        vpxor	%ymm12, %ymm2, %ymm2
-        # XOR in constant
-        vpxor	352(%rdx), %ymm15, %ymm15
-        vpxor	%ymm13, %ymm3, %ymm3
-        vpxor	%ymm14, %ymm4, %ymm4
-        vmovdqu	%ymm1, (%rdi)
-        vmovdqu	%ymm2, -32(%rdi)
-        vmovdqu	%ymm3, -64(%rdi)
-        vmovdqu	%ymm4, -96(%rdi)
-        # Row 1
-        vpxor	(%rcx), %ymm8, %ymm10
-        vpxor	128(%rcx), %ymm9, %ymm11
-        vpxor	96(%rcx), %ymm5, %ymm12
-        vpxor	64(%rcx), %ymm6, %ymm13
-        vpxor	32(%rcx), %ymm7, %ymm14
-        vpsrlq	$36, %ymm10, %ymm0
-        vpsrlq	$44, %ymm11, %ymm1
-        vpsrlq	$61, %ymm12, %ymm2
-        vpsrlq	$19, %ymm13, %ymm3
-        vpsrlq	$3, %ymm14, %ymm4
-        vpsllq	$28, %ymm10, %ymm10
-        vpsllq	$20, %ymm11, %ymm11
-        vpsllq	$3, %ymm12, %ymm12
-        vpsllq	$45, %ymm13, %ymm13
-        vpsllq	$61, %ymm14, %ymm14
-        vpor	%ymm0, %ymm10, %ymm10
-        vpor	%ymm1, %ymm11, %ymm11
-        vpor	%ymm2, %ymm12, %ymm12
-        vpor	%ymm3, %ymm13, %ymm13
-        vpor	%ymm4, %ymm14, %ymm14
-        vpandn	%ymm12, %ymm11, %ymm0
-        vpandn	%ymm13, %ymm12, %ymm1
-        vpandn	%ymm14, %ymm13, %ymm2
-        vpandn	%ymm10, %ymm14, %ymm3
-        vpandn	%ymm11, %ymm10, %ymm4
-        vpxor	%ymm10, %ymm0, %ymm0
-        vpxor	%ymm11, %ymm1, %ymm1
-        vpxor	%ymm12, %ymm2, %ymm2
-        vpxor	%ymm13, %ymm3, %ymm3
-        vpxor	%ymm14, %ymm4, %ymm4
-        vmovdqu	%ymm0, (%rcx)
-        vmovdqu	%ymm1, 128(%rcx)
-        vmovdqu	%ymm2, 96(%rcx)
-        vmovdqu	%ymm3, 64(%rcx)
-        vmovdqu	%ymm4, 32(%rcx)
-        # Row 2
-        vpxor	96(%rax), %ymm6, %ymm10
-        vpxor	-32(%rcx), %ymm7, %ymm11
-        vpxor	-64(%rcx), %ymm8, %ymm12
-        vpxor	-96(%rcx), %ymm9, %ymm13
-        vpxor	128(%rax), %ymm5, %ymm14
-        vpsrlq	$63, %ymm10, %ymm0
-        vpsrlq	$58, %ymm11, %ymm1
-        vpsrlq	$39, %ymm12, %ymm2
-        vpsrlq	$56, %ymm13, %ymm3
-        vpsrlq	$46, %ymm14, %ymm4
-        vpaddq	%ymm10, %ymm10, %ymm10
-        vpsllq	$6, %ymm11, %ymm11
-        vpsllq	$25, %ymm12, %ymm12
-        vpsllq	$8, %ymm13, %ymm13
-        vpsllq	$18, %ymm14, %ymm14
-        vpor	%ymm0, %ymm10, %ymm10
-        vpor	%ymm1, %ymm11, %ymm11
-        vpor	%ymm2, %ymm12, %ymm12
-        vpor	%ymm3, %ymm13, %ymm13
-        vpor	%ymm4, %ymm14, %ymm14
-        vpandn	%ymm12, %ymm11, %ymm0
-        vpandn	%ymm13, %ymm12, %ymm1
-        vpandn	%ymm14, %ymm13, %ymm2
-        vpandn	%ymm10, %ymm14, %ymm3
-        vpandn	%ymm11, %ymm10, %ymm4
-        vpxor	%ymm10, %ymm0, %ymm0
-        vpxor	%ymm11, %ymm1, %ymm1
-        vpxor	%ymm12, %ymm2, %ymm2
-        vpxor	%ymm13, %ymm3, %ymm3
-        vpxor	%ymm14, %ymm4, %ymm4
-        vmovdqu	%ymm0, 96(%rax)
-        vmovdqu	%ymm1, -32(%rcx)
-        vmovdqu	%ymm2, -64(%rcx)
-        vmovdqu	%ymm3, -96(%rcx)
-        vmovdqu	%ymm4, 128(%rax)
-        # Row 3
-        vpxor	-64(%rax), %ymm9, %ymm10
-        vpxor	64(%rax), %ymm5, %ymm11
-        vpxor	32(%rax), %ymm6, %ymm12
-        vpxor	(%rax), %ymm7, %ymm13
-        vpxor	-32(%rax), %ymm8, %ymm14
-        vpsrlq	$37, %ymm10, %ymm0
-        vpsrlq	$28, %ymm11, %ymm1
-        vpsrlq	$54, %ymm12, %ymm2
-        vpsrlq	$49, %ymm13, %ymm3
-        vpsrlq	$8, %ymm14, %ymm4
-        vpsllq	$27, %ymm10, %ymm10
-        vpsllq	$36, %ymm11, %ymm11
-        vpsllq	$10, %ymm12, %ymm12
-        vpsllq	$15, %ymm13, %ymm13
-        vpsllq	$56, %ymm14, %ymm14
-        vpor	%ymm0, %ymm10, %ymm10
-        vpor	%ymm1, %ymm11, %ymm11
-        vpor	%ymm2, %ymm12, %ymm12
-        vpor	%ymm3, %ymm13, %ymm13
-        vpor	%ymm4, %ymm14, %ymm14
-        vpandn	%ymm12, %ymm11, %ymm0
-        vpandn	%ymm13, %ymm12, %ymm1
-        vpandn	%ymm14, %ymm13, %ymm2
-        vpandn	%ymm10, %ymm14, %ymm3
-        vpandn	%ymm11, %ymm10, %ymm4
-        vpxor	%ymm10, %ymm0, %ymm0
-        vpxor	%ymm11, %ymm1, %ymm1
-        vpxor	%ymm12, %ymm2, %ymm2
-        vpxor	%ymm13, %ymm3, %ymm3
-        vpxor	%ymm14, %ymm4, %ymm4
-        vmovdqu	%ymm0, -64(%rax)
-        vmovdqu	%ymm1, 64(%rax)
-        vmovdqu	%ymm2, 32(%rax)
-        vmovdqu	%ymm3, (%rax)
-        vmovdqu	%ymm4, -32(%rax)
-        # Row 4
-        vpxor	32(%rdi), %ymm7, %ymm10
-        vpxor	-96(%rax), %ymm8, %ymm11
-        vpxor	128(%rdi), %ymm9, %ymm12
-        vpxor	96(%rdi), %ymm5, %ymm13
-        vpxor	64(%rdi), %ymm6, %ymm14
-        vpsrlq	$2, %ymm10, %ymm0
-        vpsrlq	$9, %ymm11, %ymm1
-        vpsrlq	$25, %ymm12, %ymm2
-        vpsrlq	$23, %ymm13, %ymm3
-        vpsrlq	$62, %ymm14, %ymm4
-        vpsllq	$62, %ymm10, %ymm10
-        vpsllq	$55, %ymm11, %ymm11
-        vpsllq	$39, %ymm12, %ymm12
-        vpsllq	$41, %ymm13, %ymm13
-        vpsllq	$2, %ymm14, %ymm14
-        vpor	%ymm0, %ymm10, %ymm10
-        vpor	%ymm1, %ymm11, %ymm11
-        vpor	%ymm2, %ymm12, %ymm12
-        vpor	%ymm3, %ymm13, %ymm13
-        vpor	%ymm4, %ymm14, %ymm14
-        vpandn	%ymm12, %ymm11, %ymm0
-        vpandn	%ymm13, %ymm12, %ymm1
-        vpandn	%ymm14, %ymm13, %ymm2
-        vpandn	%ymm10, %ymm14, %ymm3
-        vpandn	%ymm11, %ymm10, %ymm4
-        vpxor	%ymm10, %ymm0, %ymm0
-        vpxor	%ymm11, %ymm1, %ymm1
-        vpxor	%ymm12, %ymm2, %ymm2
-        vpxor	%ymm13, %ymm3, %ymm3
-        vpxor	%ymm14, %ymm4, %ymm4
-        vmovdqu	%ymm0, 32(%rdi)
-        vmovdqu	%ymm1, -96(%rax)
-        vmovdqu	%ymm2, 128(%rdi)
-        vmovdqu	%ymm3, 96(%rdi)
-        vmovdqu	%ymm4, 64(%rdi)
-        # Round 12
-        # Calc b[0..4]
-        vpxor	%ymm15, %ymm0, %ymm10
-        vpxor	-96(%rdi), %ymm4, %ymm14
-        vpxor	-64(%rdi), %ymm3, %ymm13
-        vpxor	-32(%rdi), %ymm2, %ymm12
-        vpxor	(%rdi), %ymm1, %ymm11
-        vpxor	-64(%rax), %ymm10, %ymm10
-        vpxor	-32(%rax), %ymm14, %ymm14
-        vpxor	(%rax), %ymm13, %ymm13
-        vpxor	32(%rax), %ymm12, %ymm12
-        vpxor	64(%rax), %ymm11, %ymm11
-        vpxor	96(%rax), %ymm10, %ymm10
-        vpxor	128(%rax), %ymm14, %ymm14
-        vpxor	-96(%rcx), %ymm13, %ymm13
-        vpxor	-64(%rcx), %ymm12, %ymm12
-        vpxor	-32(%rcx), %ymm11, %ymm11
-        vpxor	(%rcx), %ymm10, %ymm10
-        vpxor	32(%rcx), %ymm14, %ymm14
-        vpxor	64(%rcx), %ymm13, %ymm13
-        vpxor	96(%rcx), %ymm12, %ymm12
-        vpxor	128(%rcx), %ymm11, %ymm11
-        # Calc t[0..4]
-        vpsrlq	$63, %ymm11, %ymm0
-        vpsrlq	$63, %ymm12, %ymm1
-        vpsrlq	$63, %ymm13, %ymm2
-        vpsrlq	$63, %ymm14, %ymm3
-        vpsrlq	$63, %ymm10, %ymm4
-        vpaddq	%ymm11, %ymm11, %ymm5
-        vpaddq	%ymm12, %ymm12, %ymm6
-        vpaddq	%ymm13, %ymm13, %ymm7
-        vpaddq	%ymm14, %ymm14, %ymm8
-        vpaddq	%ymm10, %ymm10, %ymm9
-        vpor	%ymm0, %ymm5, %ymm5
-        vpor	%ymm1, %ymm6, %ymm6
-        vpor	%ymm2, %ymm7, %ymm7
-        vpor	%ymm3, %ymm8, %ymm8
-        vpor	%ymm4, %ymm9, %ymm9
-        vpxor	%ymm14, %ymm5, %ymm5
-        vpxor	%ymm10, %ymm6, %ymm6
-        vpxor	%ymm11, %ymm7, %ymm7
-        vpxor	%ymm12, %ymm8, %ymm8
-        vpxor	%ymm13, %ymm9, %ymm9
-        # Row Mix
-        # Row 0
-        vpxor	%ymm15, %ymm5, %ymm10
-        vpxor	128(%rcx), %ymm6, %ymm11
-        vpxor	-64(%rcx), %ymm7, %ymm12
-        vpxor	(%rax), %ymm8, %ymm13
-        vpxor	64(%rdi), %ymm9, %ymm14
-        vpsrlq	$20, %ymm11, %ymm0
-        vpsrlq	$21, %ymm12, %ymm1
-        vpsrlq	$43, %ymm13, %ymm2
-        vpsrlq	$50, %ymm14, %ymm3
-        vpsllq	$44, %ymm11, %ymm11
-        vpsllq	$43, %ymm12, %ymm12
-        vpsllq	$21, %ymm13, %ymm13
-        vpsllq	$14, %ymm14, %ymm14
-        vpor	%ymm0, %ymm11, %ymm11
-        vpor	%ymm1, %ymm12, %ymm12
-        vpor	%ymm2, %ymm13, %ymm13
-        vpor	%ymm3, %ymm14, %ymm14
-        vpandn	%ymm12, %ymm11, %ymm15
-        vpandn	%ymm13, %ymm12, %ymm1
-        vpandn	%ymm14, %ymm13, %ymm2
-        vpandn	%ymm10, %ymm14, %ymm3
-        vpandn	%ymm11, %ymm10, %ymm4
-        vpxor	%ymm10, %ymm15, %ymm15
-        vpxor	%ymm11, %ymm1, %ymm1
-        vpxor	%ymm12, %ymm2, %ymm2
-        # XOR in constant
-        vpxor	384(%rdx), %ymm15, %ymm15
-        vpxor	%ymm13, %ymm3, %ymm3
-        vpxor	%ymm14, %ymm4, %ymm4
-        vmovdqu	%ymm1, 128(%rcx)
-        vmovdqu	%ymm2, -64(%rcx)
-        vmovdqu	%ymm3, (%rax)
-        vmovdqu	%ymm4, 64(%rdi)
-        # Row 1
-        vpxor	-64(%rdi), %ymm8, %ymm10
-        vpxor	32(%rcx), %ymm9, %ymm11
-        vpxor	96(%rax), %ymm5, %ymm12
-        vpxor	64(%rax), %ymm6, %ymm13
-        vpxor	128(%rdi), %ymm7, %ymm14
-        vpsrlq	$36, %ymm10, %ymm0
-        vpsrlq	$44, %ymm11, %ymm1
-        vpsrlq	$61, %ymm12, %ymm2
-        vpsrlq	$19, %ymm13, %ymm3
-        vpsrlq	$3, %ymm14, %ymm4
-        vpsllq	$28, %ymm10, %ymm10
-        vpsllq	$20, %ymm11, %ymm11
-        vpsllq	$3, %ymm12, %ymm12
-        vpsllq	$45, %ymm13, %ymm13
-        vpsllq	$61, %ymm14, %ymm14
-        vpor	%ymm0, %ymm10, %ymm10
-        vpor	%ymm1, %ymm11, %ymm11
-        vpor	%ymm2, %ymm12, %ymm12
-        vpor	%ymm3, %ymm13, %ymm13
-        vpor	%ymm4, %ymm14, %ymm14
-        vpandn	%ymm12, %ymm11, %ymm0
-        vpandn	%ymm13, %ymm12, %ymm1
-        vpandn	%ymm14, %ymm13, %ymm2
-        vpandn	%ymm10, %ymm14, %ymm3
-        vpandn	%ymm11, %ymm10, %ymm4
-        vpxor	%ymm10, %ymm0, %ymm0
-        vpxor	%ymm11, %ymm1, %ymm1
-        vpxor	%ymm12, %ymm2, %ymm2
-        vpxor	%ymm13, %ymm3, %ymm3
-        vpxor	%ymm14, %ymm4, %ymm4
-        vmovdqu	%ymm0, -64(%rdi)
-        vmovdqu	%ymm1, 32(%rcx)
-        vmovdqu	%ymm2, 96(%rax)
-        vmovdqu	%ymm3, 64(%rax)
-        vmovdqu	%ymm4, 128(%rdi)
-        # Row 2
-        vpxor	(%rdi), %ymm6, %ymm10
-        vpxor	96(%rcx), %ymm7, %ymm11
-        vpxor	-96(%rcx), %ymm8, %ymm12
-        vpxor	-32(%rax), %ymm9, %ymm13
-        vpxor	32(%rdi), %ymm5, %ymm14
-        vpsrlq	$63, %ymm10, %ymm0
-        vpsrlq	$58, %ymm11, %ymm1
-        vpsrlq	$39, %ymm12, %ymm2
-        vpsrlq	$56, %ymm13, %ymm3
-        vpsrlq	$46, %ymm14, %ymm4
-        vpaddq	%ymm10, %ymm10, %ymm10
-        vpsllq	$6, %ymm11, %ymm11
-        vpsllq	$25, %ymm12, %ymm12
-        vpsllq	$8, %ymm13, %ymm13
-        vpsllq	$18, %ymm14, %ymm14
-        vpor	%ymm0, %ymm10, %ymm10
-        vpor	%ymm1, %ymm11, %ymm11
-        vpor	%ymm2, %ymm12, %ymm12
-        vpor	%ymm3, %ymm13, %ymm13
-        vpor	%ymm4, %ymm14, %ymm14
-        vpandn	%ymm12, %ymm11, %ymm0
-        vpandn	%ymm13, %ymm12, %ymm1
-        vpandn	%ymm14, %ymm13, %ymm2
-        vpandn	%ymm10, %ymm14, %ymm3
-        vpandn	%ymm11, %ymm10, %ymm4
-        vpxor	%ymm10, %ymm0, %ymm0
-        vpxor	%ymm11, %ymm1, %ymm1
-        vpxor	%ymm12, %ymm2, %ymm2
-        vpxor	%ymm13, %ymm3, %ymm3
-        vpxor	%ymm14, %ymm4, %ymm4
-        vmovdqu	%ymm0, (%rdi)
-        vmovdqu	%ymm1, 96(%rcx)
-        vmovdqu	%ymm2, -96(%rcx)
-        vmovdqu	%ymm3, -32(%rax)
-        vmovdqu	%ymm4, 32(%rdi)
-        # Row 3
-        vpxor	-96(%rdi), %ymm9, %ymm10
-        vpxor	(%rcx), %ymm5, %ymm11
-        vpxor	-32(%rcx), %ymm6, %ymm12
-        vpxor	32(%rax), %ymm7, %ymm13
-        vpxor	96(%rdi), %ymm8, %ymm14
-        vpsrlq	$37, %ymm10, %ymm0
-        vpsrlq	$28, %ymm11, %ymm1
-        vpsrlq	$54, %ymm12, %ymm2
-        vpsrlq	$49, %ymm13, %ymm3
-        vpsrlq	$8, %ymm14, %ymm4
-        vpsllq	$27, %ymm10, %ymm10
-        vpsllq	$36, %ymm11, %ymm11
-        vpsllq	$10, %ymm12, %ymm12
-        vpsllq	$15, %ymm13, %ymm13
-        vpsllq	$56, %ymm14, %ymm14
-        vpor	%ymm0, %ymm10, %ymm10
-        vpor	%ymm1, %ymm11, %ymm11
-        vpor	%ymm2, %ymm12, %ymm12
-        vpor	%ymm3, %ymm13, %ymm13
-        vpor	%ymm4, %ymm14, %ymm14
-        vpandn	%ymm12, %ymm11, %ymm0
-        vpandn	%ymm13, %ymm12, %ymm1
-        vpandn	%ymm14, %ymm13, %ymm2
-        vpandn	%ymm10, %ymm14, %ymm3
-        vpandn	%ymm11, %ymm10, %ymm4
-        vpxor	%ymm10, %ymm0, %ymm0
-        vpxor	%ymm11, %ymm1, %ymm1
-        vpxor	%ymm12, %ymm2, %ymm2
-        vpxor	%ymm13, %ymm3, %ymm3
-        vpxor	%ymm14, %ymm4, %ymm4
-        vmovdqu	%ymm0, -96(%rdi)
-        vmovdqu	%ymm1, (%rcx)
-        vmovdqu	%ymm2, -32(%rcx)
-        vmovdqu	%ymm3, 32(%rax)
-        vmovdqu	%ymm4, 96(%rdi)
-        # Row 4
-        vpxor	-32(%rdi), %ymm7, %ymm10
-        vpxor	64(%rcx), %ymm8, %ymm11
-        vpxor	128(%rax), %ymm9, %ymm12
-        vpxor	-64(%rax), %ymm5, %ymm13
-        vpxor	-96(%rax), %ymm6, %ymm14
-        vpsrlq	$2, %ymm10, %ymm0
-        vpsrlq	$9, %ymm11, %ymm1
-        vpsrlq	$25, %ymm12, %ymm2
-        vpsrlq	$23, %ymm13, %ymm3
-        vpsrlq	$62, %ymm14, %ymm4
-        vpsllq	$62, %ymm10, %ymm10
-        vpsllq	$55, %ymm11, %ymm11
-        vpsllq	$39, %ymm12, %ymm12
-        vpsllq	$41, %ymm13, %ymm13
-        vpsllq	$2, %ymm14, %ymm14
-        vpor	%ymm0, %ymm10, %ymm10
-        vpor	%ymm1, %ymm11, %ymm11
-        vpor	%ymm2, %ymm12, %ymm12
-        vpor	%ymm3, %ymm13, %ymm13
-        vpor	%ymm4, %ymm14, %ymm14
-        vpandn	%ymm12, %ymm11, %ymm0
-        vpandn	%ymm13, %ymm12, %ymm1
-        vpandn	%ymm14, %ymm13, %ymm2
-        vpandn	%ymm10, %ymm14, %ymm3
-        vpandn	%ymm11, %ymm10, %ymm4
-        vpxor	%ymm10, %ymm0, %ymm0
-        vpxor	%ymm11, %ymm1, %ymm1
-        vpxor	%ymm12, %ymm2, %ymm2
-        vpxor	%ymm13, %ymm3, %ymm3
-        vpxor	%ymm14, %ymm4, %ymm4
-        vmovdqu	%ymm0, -32(%rdi)
-        vmovdqu	%ymm1, 64(%rcx)
-        vmovdqu	%ymm2, 128(%rax)
-        vmovdqu	%ymm3, -64(%rax)
-        vmovdqu	%ymm4, -96(%rax)
-        # Round 13
-        # Calc b[0..4]
-        vpxor	%ymm15, %ymm0, %ymm10
-        vpxor	-96(%rdi), %ymm10, %ymm10
-        vpxor	-64(%rdi), %ymm10, %ymm10
-        vpxor	(%rdi), %ymm10, %ymm10
-        vpxor	32(%rdi), %ymm4, %ymm14
-        vpxor	64(%rdi), %ymm14, %ymm14
-        vpxor	96(%rdi), %ymm14, %ymm14
-        vpxor	128(%rdi), %ymm14, %ymm14
-        vpxor	-32(%rax), %ymm3, %ymm13
-        vpxor	(%rax), %ymm13, %ymm13
-        vpxor	32(%rax), %ymm13, %ymm13
-        vpxor	64(%rax), %ymm13, %ymm13
-        vpxor	96(%rax), %ymm2, %ymm12
-        vpxor	-96(%rcx), %ymm12, %ymm12
-        vpxor	-64(%rcx), %ymm12, %ymm12
-        vpxor	-32(%rcx), %ymm12, %ymm12
-        vpxor	(%rcx), %ymm1, %ymm11
-        vpxor	32(%rcx), %ymm11, %ymm11
-        vpxor	96(%rcx), %ymm11, %ymm11
-        vpxor	128(%rcx), %ymm11, %ymm11
-        # Calc t[0..4]
-        vpsrlq	$63, %ymm11, %ymm0
-        vpsrlq	$63, %ymm12, %ymm1
-        vpsrlq	$63, %ymm13, %ymm2
-        vpsrlq	$63, %ymm14, %ymm3
-        vpsrlq	$63, %ymm10, %ymm4
-        vpaddq	%ymm11, %ymm11, %ymm5
-        vpaddq	%ymm12, %ymm12, %ymm6
-        vpaddq	%ymm13, %ymm13, %ymm7
-        vpaddq	%ymm14, %ymm14, %ymm8
-        vpaddq	%ymm10, %ymm10, %ymm9
-        vpor	%ymm0, %ymm5, %ymm5
-        vpor	%ymm1, %ymm6, %ymm6
-        vpor	%ymm2, %ymm7, %ymm7
-        vpor	%ymm3, %ymm8, %ymm8
-        vpor	%ymm4, %ymm9, %ymm9
-        vpxor	%ymm14, %ymm5, %ymm5
-        vpxor	%ymm10, %ymm6, %ymm6
-        vpxor	%ymm11, %ymm7, %ymm7
-        vpxor	%ymm12, %ymm8, %ymm8
-        vpxor	%ymm13, %ymm9, %ymm9
-        # Row Mix
-        # Row 0
-        vpxor	%ymm15, %ymm5, %ymm10
-        vpxor	32(%rcx), %ymm6, %ymm11
-        vpxor	-96(%rcx), %ymm7, %ymm12
-        vpxor	32(%rax), %ymm8, %ymm13
-        vpxor	-96(%rax), %ymm9, %ymm14
-        vpsrlq	$20, %ymm11, %ymm0
-        vpsrlq	$21, %ymm12, %ymm1
-        vpsrlq	$43, %ymm13, %ymm2
-        vpsrlq	$50, %ymm14, %ymm3
-        vpsllq	$44, %ymm11, %ymm11
-        vpsllq	$43, %ymm12, %ymm12
-        vpsllq	$21, %ymm13, %ymm13
-        vpsllq	$14, %ymm14, %ymm14
-        vpor	%ymm0, %ymm11, %ymm11
-        vpor	%ymm1, %ymm12, %ymm12
-        vpor	%ymm2, %ymm13, %ymm13
-        vpor	%ymm3, %ymm14, %ymm14
-        vpandn	%ymm12, %ymm11, %ymm15
-        vpandn	%ymm13, %ymm12, %ymm1
-        vpandn	%ymm14, %ymm13, %ymm2
-        vpandn	%ymm10, %ymm14, %ymm3
-        vpandn	%ymm11, %ymm10, %ymm4
-        vpxor	%ymm10, %ymm15, %ymm15
-        vpxor	%ymm11, %ymm1, %ymm1
-        vpxor	%ymm12, %ymm2, %ymm2
-        # XOR in constant
-        vpxor	416(%rdx), %ymm15, %ymm15
-        vpxor	%ymm13, %ymm3, %ymm3
-        vpxor	%ymm14, %ymm4, %ymm4
-        vmovdqu	%ymm1, 32(%rcx)
-        vmovdqu	%ymm2, -96(%rcx)
-        vmovdqu	%ymm3, 32(%rax)
-        vmovdqu	%ymm4, -96(%rax)
-        # Row 1
-        vpxor	(%rax), %ymm8, %ymm10
-        vpxor	128(%rdi), %ymm9, %ymm11
-        vpxor	(%rdi), %ymm5, %ymm12
-        vpxor	(%rcx), %ymm6, %ymm13
-        vpxor	128(%rax), %ymm7, %ymm14
-        vpsrlq	$36, %ymm10, %ymm0
-        vpsrlq	$44, %ymm11, %ymm1
-        vpsrlq	$61, %ymm12, %ymm2
-        vpsrlq	$19, %ymm13, %ymm3
-        vpsrlq	$3, %ymm14, %ymm4
-        vpsllq	$28, %ymm10, %ymm10
-        vpsllq	$20, %ymm11, %ymm11
-        vpsllq	$3, %ymm12, %ymm12
-        vpsllq	$45, %ymm13, %ymm13
-        vpsllq	$61, %ymm14, %ymm14
-        vpor	%ymm0, %ymm10, %ymm10
-        vpor	%ymm1, %ymm11, %ymm11
-        vpor	%ymm2, %ymm12, %ymm12
-        vpor	%ymm3, %ymm13, %ymm13
-        vpor	%ymm4, %ymm14, %ymm14
-        vpandn	%ymm12, %ymm11, %ymm0
-        vpandn	%ymm13, %ymm12, %ymm1
-        vpandn	%ymm14, %ymm13, %ymm2
-        vpandn	%ymm10, %ymm14, %ymm3
-        vpandn	%ymm11, %ymm10, %ymm4
-        vpxor	%ymm10, %ymm0, %ymm0
-        vpxor	%ymm11, %ymm1, %ymm1
-        vpxor	%ymm12, %ymm2, %ymm2
-        vpxor	%ymm13, %ymm3, %ymm3
-        vpxor	%ymm14, %ymm4, %ymm4
-        vmovdqu	%ymm0, (%rax)
-        vmovdqu	%ymm1, 128(%rdi)
-        vmovdqu	%ymm2, (%rdi)
-        vmovdqu	%ymm3, (%rcx)
-        vmovdqu	%ymm4, 128(%rax)
-        # Row 2
-        vpxor	128(%rcx), %ymm6, %ymm10
-        vpxor	96(%rax), %ymm7, %ymm11
-        vpxor	-32(%rax), %ymm8, %ymm12
-        vpxor	96(%rdi), %ymm9, %ymm13
-        vpxor	-32(%rdi), %ymm5, %ymm14
-        vpsrlq	$63, %ymm10, %ymm0
-        vpsrlq	$58, %ymm11, %ymm1
-        vpsrlq	$39, %ymm12, %ymm2
-        vpsrlq	$56, %ymm13, %ymm3
-        vpsrlq	$46, %ymm14, %ymm4
-        vpaddq	%ymm10, %ymm10, %ymm10
-        vpsllq	$6, %ymm11, %ymm11
-        vpsllq	$25, %ymm12, %ymm12
-        vpsllq	$8, %ymm13, %ymm13
-        vpsllq	$18, %ymm14, %ymm14
-        vpor	%ymm0, %ymm10, %ymm10
-        vpor	%ymm1, %ymm11, %ymm11
-        vpor	%ymm2, %ymm12, %ymm12
-        vpor	%ymm3, %ymm13, %ymm13
-        vpor	%ymm4, %ymm14, %ymm14
-        vpandn	%ymm12, %ymm11, %ymm0
-        vpandn	%ymm13, %ymm12, %ymm1
-        vpandn	%ymm14, %ymm13, %ymm2
-        vpandn	%ymm10, %ymm14, %ymm3
-        vpandn	%ymm11, %ymm10, %ymm4
-        vpxor	%ymm10, %ymm0, %ymm0
-        vpxor	%ymm11, %ymm1, %ymm1
-        vpxor	%ymm12, %ymm2, %ymm2
-        vpxor	%ymm13, %ymm3, %ymm3
-        vpxor	%ymm14, %ymm4, %ymm4
-        vmovdqu	%ymm0, 128(%rcx)
-        vmovdqu	%ymm1, 96(%rax)
-        vmovdqu	%ymm2, -32(%rax)
-        vmovdqu	%ymm3, 96(%rdi)
-        vmovdqu	%ymm4, -32(%rdi)
-        # Row 3
-        vpxor	64(%rdi), %ymm9, %ymm10
-        vpxor	-64(%rdi), %ymm5, %ymm11
-        vpxor	96(%rcx), %ymm6, %ymm12
-        vpxor	-32(%rcx), %ymm7, %ymm13
-        vpxor	-64(%rax), %ymm8, %ymm14
-        vpsrlq	$37, %ymm10, %ymm0
-        vpsrlq	$28, %ymm11, %ymm1
-        vpsrlq	$54, %ymm12, %ymm2
-        vpsrlq	$49, %ymm13, %ymm3
-        vpsrlq	$8, %ymm14, %ymm4
-        vpsllq	$27, %ymm10, %ymm10
-        vpsllq	$36, %ymm11, %ymm11
-        vpsllq	$10, %ymm12, %ymm12
-        vpsllq	$15, %ymm13, %ymm13
-        vpsllq	$56, %ymm14, %ymm14
-        vpor	%ymm0, %ymm10, %ymm10
-        vpor	%ymm1, %ymm11, %ymm11
-        vpor	%ymm2, %ymm12, %ymm12
-        vpor	%ymm3, %ymm13, %ymm13
-        vpor	%ymm4, %ymm14, %ymm14
-        vpandn	%ymm12, %ymm11, %ymm0
-        vpandn	%ymm13, %ymm12, %ymm1
-        vpandn	%ymm14, %ymm13, %ymm2
-        vpandn	%ymm10, %ymm14, %ymm3
-        vpandn	%ymm11, %ymm10, %ymm4
-        vpxor	%ymm10, %ymm0, %ymm0
-        vpxor	%ymm11, %ymm1, %ymm1
-        vpxor	%ymm12, %ymm2, %ymm2
-        vpxor	%ymm13, %ymm3, %ymm3
-        vpxor	%ymm14, %ymm4, %ymm4
-        vmovdqu	%ymm0, 64(%rdi)
-        vmovdqu	%ymm1, -64(%rdi)
-        vmovdqu	%ymm2, 96(%rcx)
-        vmovdqu	%ymm3, -32(%rcx)
-        vmovdqu	%ymm4, -64(%rax)
-        # Row 4
-        vpxor	-64(%rcx), %ymm7, %ymm10
-        vpxor	64(%rax), %ymm8, %ymm11
-        vpxor	32(%rdi), %ymm9, %ymm12
-        vpxor	-96(%rdi), %ymm5, %ymm13
-        vpxor	64(%rcx), %ymm6, %ymm14
-        vpsrlq	$2, %ymm10, %ymm0
-        vpsrlq	$9, %ymm11, %ymm1
-        vpsrlq	$25, %ymm12, %ymm2
-        vpsrlq	$23, %ymm13, %ymm3
-        vpsrlq	$62, %ymm14, %ymm4
-        vpsllq	$62, %ymm10, %ymm10
-        vpsllq	$55, %ymm11, %ymm11
-        vpsllq	$39, %ymm12, %ymm12
-        vpsllq	$41, %ymm13, %ymm13
-        vpsllq	$2, %ymm14, %ymm14
-        vpor	%ymm0, %ymm10, %ymm10
-        vpor	%ymm1, %ymm11, %ymm11
-        vpor	%ymm2, %ymm12, %ymm12
-        vpor	%ymm3, %ymm13, %ymm13
-        vpor	%ymm4, %ymm14, %ymm14
-        vpandn	%ymm12, %ymm11, %ymm0
-        vpandn	%ymm13, %ymm12, %ymm1
-        vpandn	%ymm14, %ymm13, %ymm2
-        vpandn	%ymm10, %ymm14, %ymm3
-        vpandn	%ymm11, %ymm10, %ymm4
-        vpxor	%ymm10, %ymm0, %ymm0
-        vpxor	%ymm11, %ymm1, %ymm1
-        vpxor	%ymm12, %ymm2, %ymm2
-        vpxor	%ymm13, %ymm3, %ymm3
-        vpxor	%ymm14, %ymm4, %ymm4
-        vmovdqu	%ymm0, -64(%rcx)
-        vmovdqu	%ymm1, 64(%rax)
-        vmovdqu	%ymm2, 32(%rdi)
-        vmovdqu	%ymm3, -96(%rdi)
-        vmovdqu	%ymm4, 64(%rcx)
-        # Round 14
-        # Calc b[0..4]
-        vpxor	%ymm15, %ymm0, %ymm10
-        vpxor	-64(%rdi), %ymm1, %ymm11
-        vpxor	-32(%rdi), %ymm4, %ymm14
-        vpxor	(%rdi), %ymm2, %ymm12
-        vpxor	64(%rdi), %ymm10, %ymm10
-        vpxor	96(%rdi), %ymm3, %ymm13
-        vpxor	128(%rdi), %ymm11, %ymm11
-        vpxor	-96(%rax), %ymm14, %ymm14
-        vpxor	-64(%rax), %ymm14, %ymm14
-        vpxor	-32(%rax), %ymm12, %ymm12
-        vpxor	(%rax), %ymm10, %ymm10
-        vpxor	32(%rax), %ymm13, %ymm13
-        vpxor	96(%rax), %ymm11, %ymm11
-        vpxor	128(%rax), %ymm14, %ymm14
-        vpxor	-96(%rcx), %ymm12, %ymm12
-        vpxor	-32(%rcx), %ymm13, %ymm13
-        vpxor	(%rcx), %ymm13, %ymm13
-        vpxor	32(%rcx), %ymm11, %ymm11
-        vpxor	96(%rcx), %ymm12, %ymm12
-        vpxor	128(%rcx), %ymm10, %ymm10
-        # Calc t[0..4]
-        vpsrlq	$63, %ymm11, %ymm0
-        vpsrlq	$63, %ymm12, %ymm1
-        vpsrlq	$63, %ymm13, %ymm2
-        vpsrlq	$63, %ymm14, %ymm3
-        vpsrlq	$63, %ymm10, %ymm4
-        vpaddq	%ymm11, %ymm11, %ymm5
-        vpaddq	%ymm12, %ymm12, %ymm6
-        vpaddq	%ymm13, %ymm13, %ymm7
-        vpaddq	%ymm14, %ymm14, %ymm8
-        vpaddq	%ymm10, %ymm10, %ymm9
-        vpor	%ymm0, %ymm5, %ymm5
-        vpor	%ymm1, %ymm6, %ymm6
-        vpor	%ymm2, %ymm7, %ymm7
-        vpor	%ymm3, %ymm8, %ymm8
-        vpor	%ymm4, %ymm9, %ymm9
-        vpxor	%ymm14, %ymm5, %ymm5
-        vpxor	%ymm10, %ymm6, %ymm6
-        vpxor	%ymm11, %ymm7, %ymm7
-        vpxor	%ymm12, %ymm8, %ymm8
-        vpxor	%ymm13, %ymm9, %ymm9
-        # Row Mix
-        # Row 0
-        vpxor	%ymm15, %ymm5, %ymm10
-        vpxor	128(%rdi), %ymm6, %ymm11
-        vpxor	-32(%rax), %ymm7, %ymm12
-        vpxor	-32(%rcx), %ymm8, %ymm13
-        vpxor	64(%rcx), %ymm9, %ymm14
-        vpsrlq	$20, %ymm11, %ymm0
-        vpsrlq	$21, %ymm12, %ymm1
-        vpsrlq	$43, %ymm13, %ymm2
-        vpsrlq	$50, %ymm14, %ymm3
-        vpsllq	$44, %ymm11, %ymm11
-        vpsllq	$43, %ymm12, %ymm12
-        vpsllq	$21, %ymm13, %ymm13
-        vpsllq	$14, %ymm14, %ymm14
-        vpor	%ymm0, %ymm11, %ymm11
-        vpor	%ymm1, %ymm12, %ymm12
-        vpor	%ymm2, %ymm13, %ymm13
-        vpor	%ymm3, %ymm14, %ymm14
-        vpandn	%ymm12, %ymm11, %ymm15
-        vpandn	%ymm13, %ymm12, %ymm1
-        vpandn	%ymm14, %ymm13, %ymm2
-        vpandn	%ymm10, %ymm14, %ymm3
-        vpandn	%ymm11, %ymm10, %ymm4
-        vpxor	%ymm10, %ymm15, %ymm15
-        vpxor	%ymm11, %ymm1, %ymm1
-        vpxor	%ymm12, %ymm2, %ymm2
-        # XOR in constant
-        vpxor	448(%rdx), %ymm15, %ymm15
-        vpxor	%ymm13, %ymm3, %ymm3
-        vpxor	%ymm14, %ymm4, %ymm4
-        vmovdqu	%ymm1, 128(%rdi)
-        vmovdqu	%ymm2, -32(%rax)
-        vmovdqu	%ymm3, -32(%rcx)
-        vmovdqu	%ymm4, 64(%rcx)
-        # Row 1
-        vpxor	32(%rax), %ymm8, %ymm10
-        vpxor	128(%rax), %ymm9, %ymm11
-        vpxor	128(%rcx), %ymm5, %ymm12
-        vpxor	-64(%rdi), %ymm6, %ymm13
-        vpxor	32(%rdi), %ymm7, %ymm14
-        vpsrlq	$36, %ymm10, %ymm0
-        vpsrlq	$44, %ymm11, %ymm1
-        vpsrlq	$61, %ymm12, %ymm2
-        vpsrlq	$19, %ymm13, %ymm3
-        vpsrlq	$3, %ymm14, %ymm4
-        vpsllq	$28, %ymm10, %ymm10
-        vpsllq	$20, %ymm11, %ymm11
-        vpsllq	$3, %ymm12, %ymm12
-        vpsllq	$45, %ymm13, %ymm13
-        vpsllq	$61, %ymm14, %ymm14
-        vpor	%ymm0, %ymm10, %ymm10
-        vpor	%ymm1, %ymm11, %ymm11
-        vpor	%ymm2, %ymm12, %ymm12
-        vpor	%ymm3, %ymm13, %ymm13
-        vpor	%ymm4, %ymm14, %ymm14
-        vpandn	%ymm12, %ymm11, %ymm0
-        vpandn	%ymm13, %ymm12, %ymm1
-        vpandn	%ymm14, %ymm13, %ymm2
-        vpandn	%ymm10, %ymm14, %ymm3
-        vpandn	%ymm11, %ymm10, %ymm4
-        vpxor	%ymm10, %ymm0, %ymm0
-        vpxor	%ymm11, %ymm1, %ymm1
-        vpxor	%ymm12, %ymm2, %ymm2
-        vpxor	%ymm13, %ymm3, %ymm3
-        vpxor	%ymm14, %ymm4, %ymm4
-        vmovdqu	%ymm0, 32(%rax)
-        vmovdqu	%ymm1, 128(%rax)
-        vmovdqu	%ymm2, 128(%rcx)
-        vmovdqu	%ymm3, -64(%rdi)
-        vmovdqu	%ymm4, 32(%rdi)
-        # Row 2
-        vpxor	32(%rcx), %ymm6, %ymm10
-        vpxor	(%rdi), %ymm7, %ymm11
-        vpxor	96(%rdi), %ymm8, %ymm12
-        vpxor	-64(%rax), %ymm9, %ymm13
-        vpxor	-64(%rcx), %ymm5, %ymm14
-        vpsrlq	$63, %ymm10, %ymm0
-        vpsrlq	$58, %ymm11, %ymm1
-        vpsrlq	$39, %ymm12, %ymm2
-        vpsrlq	$56, %ymm13, %ymm3
-        vpsrlq	$46, %ymm14, %ymm4
-        vpaddq	%ymm10, %ymm10, %ymm10
-        vpsllq	$6, %ymm11, %ymm11
-        vpsllq	$25, %ymm12, %ymm12
-        vpsllq	$8, %ymm13, %ymm13
-        vpsllq	$18, %ymm14, %ymm14
-        vpor	%ymm0, %ymm10, %ymm10
-        vpor	%ymm1, %ymm11, %ymm11
-        vpor	%ymm2, %ymm12, %ymm12
-        vpor	%ymm3, %ymm13, %ymm13
-        vpor	%ymm4, %ymm14, %ymm14
-        vpandn	%ymm12, %ymm11, %ymm0
-        vpandn	%ymm13, %ymm12, %ymm1
-        vpandn	%ymm14, %ymm13, %ymm2
-        vpandn	%ymm10, %ymm14, %ymm3
-        vpandn	%ymm11, %ymm10, %ymm4
-        vpxor	%ymm10, %ymm0, %ymm0
-        vpxor	%ymm11, %ymm1, %ymm1
-        vpxor	%ymm12, %ymm2, %ymm2
-        vpxor	%ymm13, %ymm3, %ymm3
-        vpxor	%ymm14, %ymm4, %ymm4
-        vmovdqu	%ymm0, 32(%rcx)
-        vmovdqu	%ymm1, (%rdi)
-        vmovdqu	%ymm2, 96(%rdi)
-        vmovdqu	%ymm3, -64(%rax)
-        vmovdqu	%ymm4, -64(%rcx)
-        # Row 3
-        vpxor	-96(%rax), %ymm9, %ymm10
-        vpxor	(%rax), %ymm5, %ymm11
-        vpxor	96(%rax), %ymm6, %ymm12
-        vpxor	96(%rcx), %ymm7, %ymm13
-        vpxor	-96(%rdi), %ymm8, %ymm14
-        vpsrlq	$37, %ymm10, %ymm0
-        vpsrlq	$28, %ymm11, %ymm1
-        vpsrlq	$54, %ymm12, %ymm2
-        vpsrlq	$49, %ymm13, %ymm3
-        vpsrlq	$8, %ymm14, %ymm4
-        vpsllq	$27, %ymm10, %ymm10
-        vpsllq	$36, %ymm11, %ymm11
-        vpsllq	$10, %ymm12, %ymm12
-        vpsllq	$15, %ymm13, %ymm13
-        vpsllq	$56, %ymm14, %ymm14
-        vpor	%ymm0, %ymm10, %ymm10
-        vpor	%ymm1, %ymm11, %ymm11
-        vpor	%ymm2, %ymm12, %ymm12
-        vpor	%ymm3, %ymm13, %ymm13
-        vpor	%ymm4, %ymm14, %ymm14
-        vpandn	%ymm12, %ymm11, %ymm0
-        vpandn	%ymm13, %ymm12, %ymm1
-        vpandn	%ymm14, %ymm13, %ymm2
-        vpandn	%ymm10, %ymm14, %ymm3
-        vpandn	%ymm11, %ymm10, %ymm4
-        vpxor	%ymm10, %ymm0, %ymm0
-        vpxor	%ymm11, %ymm1, %ymm1
-        vpxor	%ymm12, %ymm2, %ymm2
-        vpxor	%ymm13, %ymm3, %ymm3
-        vpxor	%ymm14, %ymm4, %ymm4
-        vmovdqu	%ymm0, -96(%rax)
-        vmovdqu	%ymm1, (%rax)
-        vmovdqu	%ymm2, 96(%rax)
-        vmovdqu	%ymm3, 96(%rcx)
-        vmovdqu	%ymm4, -96(%rdi)
-        # Row 4
-        vpxor	-96(%rcx), %ymm7, %ymm10
-        vpxor	(%rcx), %ymm8, %ymm11
-        vpxor	-32(%rdi), %ymm9, %ymm12
-        vpxor	64(%rdi), %ymm5, %ymm13
-        vpxor	64(%rax), %ymm6, %ymm14
-        vpsrlq	$2, %ymm10, %ymm0
-        vpsrlq	$9, %ymm11, %ymm1
-        vpsrlq	$25, %ymm12, %ymm2
-        vpsrlq	$23, %ymm13, %ymm3
-        vpsrlq	$62, %ymm14, %ymm4
-        vpsllq	$62, %ymm10, %ymm10
-        vpsllq	$55, %ymm11, %ymm11
-        vpsllq	$39, %ymm12, %ymm12
-        vpsllq	$41, %ymm13, %ymm13
-        vpsllq	$2, %ymm14, %ymm14
-        vpor	%ymm0, %ymm10, %ymm10
-        vpor	%ymm1, %ymm11, %ymm11
-        vpor	%ymm2, %ymm12, %ymm12
-        vpor	%ymm3, %ymm13, %ymm13
-        vpor	%ymm4, %ymm14, %ymm14
-        vpandn	%ymm12, %ymm11, %ymm0
-        vpandn	%ymm13, %ymm12, %ymm1
-        vpandn	%ymm14, %ymm13, %ymm2
-        vpandn	%ymm10, %ymm14, %ymm3
-        vpandn	%ymm11, %ymm10, %ymm4
-        vpxor	%ymm10, %ymm0, %ymm0
-        vpxor	%ymm11, %ymm1, %ymm1
-        vpxor	%ymm12, %ymm2, %ymm2
-        vpxor	%ymm13, %ymm3, %ymm3
-        vpxor	%ymm14, %ymm4, %ymm4
-        vmovdqu	%ymm0, -96(%rcx)
-        vmovdqu	%ymm1, (%rcx)
-        vmovdqu	%ymm2, -32(%rdi)
-        vmovdqu	%ymm3, 64(%rdi)
-        vmovdqu	%ymm4, 64(%rax)
-        # Round 15
-        # Calc b[0..4]
-        vpxor	%ymm15, %ymm0, %ymm10
-        vpxor	-96(%rdi), %ymm4, %ymm14
-        vpxor	-64(%rdi), %ymm3, %ymm13
-        vpxor	(%rdi), %ymm1, %ymm11
-        vpxor	32(%rdi), %ymm14, %ymm14
-        vpxor	96(%rdi), %ymm2, %ymm12
-        vpxor	128(%rdi), %ymm11, %ymm11
-        vpxor	-96(%rax), %ymm10, %ymm10
-        vpxor	-64(%rax), %ymm13, %ymm13
-        vpxor	-32(%rax), %ymm12, %ymm12
-        vpxor	(%rax), %ymm11, %ymm11
-        vpxor	32(%rax), %ymm10, %ymm10
-        vpxor	96(%rax), %ymm12, %ymm12
-        vpxor	128(%rax), %ymm11, %ymm11
-        vpxor	-64(%rcx), %ymm14, %ymm14
-        vpxor	-32(%rcx), %ymm13, %ymm13
-        vpxor	32(%rcx), %ymm10, %ymm10
-        vpxor	64(%rcx), %ymm14, %ymm14
-        vpxor	96(%rcx), %ymm13, %ymm13
-        vpxor	128(%rcx), %ymm12, %ymm12
-        # Calc t[0..4]
-        vpsrlq	$63, %ymm11, %ymm0
-        vpsrlq	$63, %ymm12, %ymm1
-        vpsrlq	$63, %ymm13, %ymm2
-        vpsrlq	$63, %ymm14, %ymm3
-        vpsrlq	$63, %ymm10, %ymm4
-        vpaddq	%ymm11, %ymm11, %ymm5
-        vpaddq	%ymm12, %ymm12, %ymm6
-        vpaddq	%ymm13, %ymm13, %ymm7
-        vpaddq	%ymm14, %ymm14, %ymm8
-        vpaddq	%ymm10, %ymm10, %ymm9
-        vpor	%ymm0, %ymm5, %ymm5
-        vpor	%ymm1, %ymm6, %ymm6
-        vpor	%ymm2, %ymm7, %ymm7
-        vpor	%ymm3, %ymm8, %ymm8
-        vpor	%ymm4, %ymm9, %ymm9
-        vpxor	%ymm14, %ymm5, %ymm5
-        vpxor	%ymm10, %ymm6, %ymm6
-        vpxor	%ymm11, %ymm7, %ymm7
-        vpxor	%ymm12, %ymm8, %ymm8
-        vpxor	%ymm13, %ymm9, %ymm9
-        # Row Mix
-        # Row 0
-        vpxor	%ymm15, %ymm5, %ymm10
-        vpxor	128(%rax), %ymm6, %ymm11
-        vpxor	96(%rdi), %ymm7, %ymm12
-        vpxor	96(%rcx), %ymm8, %ymm13
-        vpxor	64(%rax), %ymm9, %ymm14
-        vpsrlq	$20, %ymm11, %ymm0
-        vpsrlq	$21, %ymm12, %ymm1
-        vpsrlq	$43, %ymm13, %ymm2
-        vpsrlq	$50, %ymm14, %ymm3
-        vpsllq	$44, %ymm11, %ymm11
-        vpsllq	$43, %ymm12, %ymm12
-        vpsllq	$21, %ymm13, %ymm13
-        vpsllq	$14, %ymm14, %ymm14
-        vpor	%ymm0, %ymm11, %ymm11
-        vpor	%ymm1, %ymm12, %ymm12
-        vpor	%ymm2, %ymm13, %ymm13
-        vpor	%ymm3, %ymm14, %ymm14
-        vpandn	%ymm12, %ymm11, %ymm15
-        vpandn	%ymm13, %ymm12, %ymm1
-        vpandn	%ymm14, %ymm13, %ymm2
-        vpandn	%ymm10, %ymm14, %ymm3
-        vpandn	%ymm11, %ymm10, %ymm4
-        vpxor	%ymm10, %ymm15, %ymm15
-        vpxor	%ymm11, %ymm1, %ymm1
-        vpxor	%ymm12, %ymm2, %ymm2
-        # XOR in constant
-        vpxor	480(%rdx), %ymm15, %ymm15
-        vpxor	%ymm13, %ymm3, %ymm3
-        vpxor	%ymm14, %ymm4, %ymm4
-        vmovdqu	%ymm1, 128(%rax)
-        vmovdqu	%ymm2, 96(%rdi)
-        vmovdqu	%ymm3, 96(%rcx)
-        vmovdqu	%ymm4, 64(%rax)
-        # Row 1
-        vpxor	-32(%rcx), %ymm8, %ymm10
-        vpxor	32(%rdi), %ymm9, %ymm11
-        vpxor	32(%rcx), %ymm5, %ymm12
-        vpxor	(%rax), %ymm6, %ymm13
-        vpxor	-32(%rdi), %ymm7, %ymm14
-        vpsrlq	$36, %ymm10, %ymm0
-        vpsrlq	$44, %ymm11, %ymm1
-        vpsrlq	$61, %ymm12, %ymm2
-        vpsrlq	$19, %ymm13, %ymm3
-        vpsrlq	$3, %ymm14, %ymm4
-        vpsllq	$28, %ymm10, %ymm10
-        vpsllq	$20, %ymm11, %ymm11
-        vpsllq	$3, %ymm12, %ymm12
-        vpsllq	$45, %ymm13, %ymm13
-        vpsllq	$61, %ymm14, %ymm14
-        vpor	%ymm0, %ymm10, %ymm10
-        vpor	%ymm1, %ymm11, %ymm11
-        vpor	%ymm2, %ymm12, %ymm12
-        vpor	%ymm3, %ymm13, %ymm13
-        vpor	%ymm4, %ymm14, %ymm14
-        vpandn	%ymm12, %ymm11, %ymm0
-        vpandn	%ymm13, %ymm12, %ymm1
-        vpandn	%ymm14, %ymm13, %ymm2
-        vpandn	%ymm10, %ymm14, %ymm3
-        vpandn	%ymm11, %ymm10, %ymm4
-        vpxor	%ymm10, %ymm0, %ymm0
-        vpxor	%ymm11, %ymm1, %ymm1
-        vpxor	%ymm12, %ymm2, %ymm2
-        vpxor	%ymm13, %ymm3, %ymm3
-        vpxor	%ymm14, %ymm4, %ymm4
-        vmovdqu	%ymm0, -32(%rcx)
-        vmovdqu	%ymm1, 32(%rdi)
-        vmovdqu	%ymm2, 32(%rcx)
-        vmovdqu	%ymm3, (%rax)
-        vmovdqu	%ymm4, -32(%rdi)
-        # Row 2
-        vpxor	128(%rdi), %ymm6, %ymm10
-        vpxor	128(%rcx), %ymm7, %ymm11
-        vpxor	-64(%rax), %ymm8, %ymm12
-        vpxor	-96(%rdi), %ymm9, %ymm13
-        vpxor	-96(%rcx), %ymm5, %ymm14
-        vpsrlq	$63, %ymm10, %ymm0
-        vpsrlq	$58, %ymm11, %ymm1
-        vpsrlq	$39, %ymm12, %ymm2
-        vpsrlq	$56, %ymm13, %ymm3
-        vpsrlq	$46, %ymm14, %ymm4
-        vpaddq	%ymm10, %ymm10, %ymm10
-        vpsllq	$6, %ymm11, %ymm11
-        vpsllq	$25, %ymm12, %ymm12
-        vpsllq	$8, %ymm13, %ymm13
-        vpsllq	$18, %ymm14, %ymm14
-        vpor	%ymm0, %ymm10, %ymm10
-        vpor	%ymm1, %ymm11, %ymm11
-        vpor	%ymm2, %ymm12, %ymm12
-        vpor	%ymm3, %ymm13, %ymm13
-        vpor	%ymm4, %ymm14, %ymm14
-        vpandn	%ymm12, %ymm11, %ymm0
-        vpandn	%ymm13, %ymm12, %ymm1
-        vpandn	%ymm14, %ymm13, %ymm2
-        vpandn	%ymm10, %ymm14, %ymm3
-        vpandn	%ymm11, %ymm10, %ymm4
-        vpxor	%ymm10, %ymm0, %ymm0
-        vpxor	%ymm11, %ymm1, %ymm1
-        vpxor	%ymm12, %ymm2, %ymm2
-        vpxor	%ymm13, %ymm3, %ymm3
-        vpxor	%ymm14, %ymm4, %ymm4
-        vmovdqu	%ymm0, 128(%rdi)
-        vmovdqu	%ymm1, 128(%rcx)
-        vmovdqu	%ymm2, -64(%rax)
-        vmovdqu	%ymm3, -96(%rdi)
-        vmovdqu	%ymm4, -96(%rcx)
-        # Row 3
-        vpxor	64(%rcx), %ymm9, %ymm10
-        vpxor	32(%rax), %ymm5, %ymm11
-        vpxor	(%rdi), %ymm6, %ymm12
-        vpxor	96(%rax), %ymm7, %ymm13
-        vpxor	64(%rdi), %ymm8, %ymm14
-        vpsrlq	$37, %ymm10, %ymm0
-        vpsrlq	$28, %ymm11, %ymm1
-        vpsrlq	$54, %ymm12, %ymm2
-        vpsrlq	$49, %ymm13, %ymm3
-        vpsrlq	$8, %ymm14, %ymm4
-        vpsllq	$27, %ymm10, %ymm10
-        vpsllq	$36, %ymm11, %ymm11
-        vpsllq	$10, %ymm12, %ymm12
-        vpsllq	$15, %ymm13, %ymm13
-        vpsllq	$56, %ymm14, %ymm14
-        vpor	%ymm0, %ymm10, %ymm10
-        vpor	%ymm1, %ymm11, %ymm11
-        vpor	%ymm2, %ymm12, %ymm12
-        vpor	%ymm3, %ymm13, %ymm13
-        vpor	%ymm4, %ymm14, %ymm14
-        vpandn	%ymm12, %ymm11, %ymm0
-        vpandn	%ymm13, %ymm12, %ymm1
-        vpandn	%ymm14, %ymm13, %ymm2
-        vpandn	%ymm10, %ymm14, %ymm3
-        vpandn	%ymm11, %ymm10, %ymm4
-        vpxor	%ymm10, %ymm0, %ymm0
-        vpxor	%ymm11, %ymm1, %ymm1
-        vpxor	%ymm12, %ymm2, %ymm2
-        vpxor	%ymm13, %ymm3, %ymm3
-        vpxor	%ymm14, %ymm4, %ymm4
-        vmovdqu	%ymm0, 64(%rcx)
-        vmovdqu	%ymm1, 32(%rax)
-        vmovdqu	%ymm2, (%rdi)
-        vmovdqu	%ymm3, 96(%rax)
-        vmovdqu	%ymm4, 64(%rdi)
-        # Row 4
-        vpxor	-32(%rax), %ymm7, %ymm10
-        vpxor	-64(%rdi), %ymm8, %ymm11
-        vpxor	-64(%rcx), %ymm9, %ymm12
-        vpxor	-96(%rax), %ymm5, %ymm13
-        vpxor	(%rcx), %ymm6, %ymm14
-        vpsrlq	$2, %ymm10, %ymm0
-        vpsrlq	$9, %ymm11, %ymm1
-        vpsrlq	$25, %ymm12, %ymm2
-        vpsrlq	$23, %ymm13, %ymm3
-        vpsrlq	$62, %ymm14, %ymm4
-        vpsllq	$62, %ymm10, %ymm10
-        vpsllq	$55, %ymm11, %ymm11
-        vpsllq	$39, %ymm12, %ymm12
-        vpsllq	$41, %ymm13, %ymm13
-        vpsllq	$2, %ymm14, %ymm14
-        vpor	%ymm0, %ymm10, %ymm10
-        vpor	%ymm1, %ymm11, %ymm11
-        vpor	%ymm2, %ymm12, %ymm12
-        vpor	%ymm3, %ymm13, %ymm13
-        vpor	%ymm4, %ymm14, %ymm14
-        vpandn	%ymm12, %ymm11, %ymm0
-        vpandn	%ymm13, %ymm12, %ymm1
-        vpandn	%ymm14, %ymm13, %ymm2
-        vpandn	%ymm10, %ymm14, %ymm3
-        vpandn	%ymm11, %ymm10, %ymm4
-        vpxor	%ymm10, %ymm0, %ymm0
-        vpxor	%ymm11, %ymm1, %ymm1
-        vpxor	%ymm12, %ymm2, %ymm2
-        vpxor	%ymm13, %ymm3, %ymm3
-        vpxor	%ymm14, %ymm4, %ymm4
-        vmovdqu	%ymm0, -32(%rax)
-        vmovdqu	%ymm1, -64(%rdi)
-        vmovdqu	%ymm2, -64(%rcx)
-        vmovdqu	%ymm3, -96(%rax)
-        vmovdqu	%ymm4, (%rcx)
-        # Round 16
-        # Calc b[0..4]
-        vpxor	%ymm15, %ymm0, %ymm10
-        vpxor	-96(%rdi), %ymm3, %ymm13
-        vpxor	-32(%rdi), %ymm4, %ymm14
-        vpxor	(%rdi), %ymm2, %ymm12
-        vpxor	32(%rdi), %ymm1, %ymm11
-        vpxor	64(%rdi), %ymm14, %ymm14
-        vpxor	96(%rdi), %ymm12, %ymm12
-        vpxor	128(%rdi), %ymm10, %ymm10
-        vpxor	-64(%rax), %ymm12, %ymm12
-        vpxor	(%rax), %ymm13, %ymm13
-        vpxor	32(%rax), %ymm11, %ymm11
-        vpxor	64(%rax), %ymm14, %ymm14
-        vpxor	96(%rax), %ymm13, %ymm13
-        vpxor	128(%rax), %ymm11, %ymm11
-        vpxor	-96(%rcx), %ymm14, %ymm14
-        vpxor	-32(%rcx), %ymm10, %ymm10
-        vpxor	32(%rcx), %ymm12, %ymm12
-        vpxor	64(%rcx), %ymm10, %ymm10
-        vpxor	96(%rcx), %ymm13, %ymm13
-        vpxor	128(%rcx), %ymm11, %ymm11
-        # Calc t[0..4]
-        vpsrlq	$63, %ymm11, %ymm0
-        vpsrlq	$63, %ymm12, %ymm1
-        vpsrlq	$63, %ymm13, %ymm2
-        vpsrlq	$63, %ymm14, %ymm3
-        vpsrlq	$63, %ymm10, %ymm4
-        vpaddq	%ymm11, %ymm11, %ymm5
-        vpaddq	%ymm12, %ymm12, %ymm6
-        vpaddq	%ymm13, %ymm13, %ymm7
-        vpaddq	%ymm14, %ymm14, %ymm8
-        vpaddq	%ymm10, %ymm10, %ymm9
-        vpor	%ymm0, %ymm5, %ymm5
-        vpor	%ymm1, %ymm6, %ymm6
-        vpor	%ymm2, %ymm7, %ymm7
-        vpor	%ymm3, %ymm8, %ymm8
-        vpor	%ymm4, %ymm9, %ymm9
-        vpxor	%ymm14, %ymm5, %ymm5
-        vpxor	%ymm10, %ymm6, %ymm6
-        vpxor	%ymm11, %ymm7, %ymm7
-        vpxor	%ymm12, %ymm8, %ymm8
-        vpxor	%ymm13, %ymm9, %ymm9
-        # Row Mix
-        # Row 0
-        vpxor	%ymm15, %ymm5, %ymm10
-        vpxor	32(%rdi), %ymm6, %ymm11
-        vpxor	-64(%rax), %ymm7, %ymm12
-        vpxor	96(%rax), %ymm8, %ymm13
-        vpxor	(%rcx), %ymm9, %ymm14
-        vpsrlq	$20, %ymm11, %ymm0
-        vpsrlq	$21, %ymm12, %ymm1
-        vpsrlq	$43, %ymm13, %ymm2
-        vpsrlq	$50, %ymm14, %ymm3
-        vpsllq	$44, %ymm11, %ymm11
-        vpsllq	$43, %ymm12, %ymm12
-        vpsllq	$21, %ymm13, %ymm13
-        vpsllq	$14, %ymm14, %ymm14
-        vpor	%ymm0, %ymm11, %ymm11
-        vpor	%ymm1, %ymm12, %ymm12
-        vpor	%ymm2, %ymm13, %ymm13
-        vpor	%ymm3, %ymm14, %ymm14
-        vpandn	%ymm12, %ymm11, %ymm15
-        vpandn	%ymm13, %ymm12, %ymm1
-        vpandn	%ymm14, %ymm13, %ymm2
-        vpandn	%ymm10, %ymm14, %ymm3
-        vpandn	%ymm11, %ymm10, %ymm4
-        vpxor	%ymm10, %ymm15, %ymm15
-        vpxor	%ymm11, %ymm1, %ymm1
-        vpxor	%ymm12, %ymm2, %ymm2
-        # XOR in constant
-        vpxor	512(%rdx), %ymm15, %ymm15
-        vpxor	%ymm13, %ymm3, %ymm3
-        vpxor	%ymm14, %ymm4, %ymm4
-        vmovdqu	%ymm1, 32(%rdi)
-        vmovdqu	%ymm2, -64(%rax)
-        vmovdqu	%ymm3, 96(%rax)
-        vmovdqu	%ymm4, (%rcx)
-        # Row 1
-        vpxor	96(%rcx), %ymm8, %ymm10
-        vpxor	-32(%rdi), %ymm9, %ymm11
-        vpxor	128(%rdi), %ymm5, %ymm12
-        vpxor	32(%rax), %ymm6, %ymm13
-        vpxor	-64(%rcx), %ymm7, %ymm14
-        vpsrlq	$36, %ymm10, %ymm0
-        vpsrlq	$44, %ymm11, %ymm1
-        vpsrlq	$61, %ymm12, %ymm2
-        vpsrlq	$19, %ymm13, %ymm3
-        vpsrlq	$3, %ymm14, %ymm4
-        vpsllq	$28, %ymm10, %ymm10
-        vpsllq	$20, %ymm11, %ymm11
-        vpsllq	$3, %ymm12, %ymm12
-        vpsllq	$45, %ymm13, %ymm13
-        vpsllq	$61, %ymm14, %ymm14
-        vpor	%ymm0, %ymm10, %ymm10
-        vpor	%ymm1, %ymm11, %ymm11
-        vpor	%ymm2, %ymm12, %ymm12
-        vpor	%ymm3, %ymm13, %ymm13
-        vpor	%ymm4, %ymm14, %ymm14
-        vpandn	%ymm12, %ymm11, %ymm0
-        vpandn	%ymm13, %ymm12, %ymm1
-        vpandn	%ymm14, %ymm13, %ymm2
-        vpandn	%ymm10, %ymm14, %ymm3
-        vpandn	%ymm11, %ymm10, %ymm4
-        vpxor	%ymm10, %ymm0, %ymm0
-        vpxor	%ymm11, %ymm1, %ymm1
-        vpxor	%ymm12, %ymm2, %ymm2
-        vpxor	%ymm13, %ymm3, %ymm3
-        vpxor	%ymm14, %ymm4, %ymm4
-        vmovdqu	%ymm0, 96(%rcx)
-        vmovdqu	%ymm1, -32(%rdi)
-        vmovdqu	%ymm2, 128(%rdi)
-        vmovdqu	%ymm3, 32(%rax)
-        vmovdqu	%ymm4, -64(%rcx)
-        # Row 2
-        vpxor	128(%rax), %ymm6, %ymm10
-        vpxor	32(%rcx), %ymm7, %ymm11
-        vpxor	-96(%rdi), %ymm8, %ymm12
-        vpxor	64(%rdi), %ymm9, %ymm13
-        vpxor	-32(%rax), %ymm5, %ymm14
-        vpsrlq	$63, %ymm10, %ymm0
-        vpsrlq	$58, %ymm11, %ymm1
-        vpsrlq	$39, %ymm12, %ymm2
-        vpsrlq	$56, %ymm13, %ymm3
-        vpsrlq	$46, %ymm14, %ymm4
-        vpaddq	%ymm10, %ymm10, %ymm10
-        vpsllq	$6, %ymm11, %ymm11
-        vpsllq	$25, %ymm12, %ymm12
-        vpsllq	$8, %ymm13, %ymm13
-        vpsllq	$18, %ymm14, %ymm14
-        vpor	%ymm0, %ymm10, %ymm10
-        vpor	%ymm1, %ymm11, %ymm11
-        vpor	%ymm2, %ymm12, %ymm12
-        vpor	%ymm3, %ymm13, %ymm13
-        vpor	%ymm4, %ymm14, %ymm14
-        vpandn	%ymm12, %ymm11, %ymm0
-        vpandn	%ymm13, %ymm12, %ymm1
-        vpandn	%ymm14, %ymm13, %ymm2
-        vpandn	%ymm10, %ymm14, %ymm3
-        vpandn	%ymm11, %ymm10, %ymm4
-        vpxor	%ymm10, %ymm0, %ymm0
-        vpxor	%ymm11, %ymm1, %ymm1
-        vpxor	%ymm12, %ymm2, %ymm2
-        vpxor	%ymm13, %ymm3, %ymm3
-        vpxor	%ymm14, %ymm4, %ymm4
-        vmovdqu	%ymm0, 128(%rax)
-        vmovdqu	%ymm1, 32(%rcx)
-        vmovdqu	%ymm2, -96(%rdi)
-        vmovdqu	%ymm3, 64(%rdi)
-        vmovdqu	%ymm4, -32(%rax)
-        # Row 3
-        vpxor	64(%rax), %ymm9, %ymm10
-        vpxor	-32(%rcx), %ymm5, %ymm11
-        vpxor	128(%rcx), %ymm6, %ymm12
-        vpxor	(%rdi), %ymm7, %ymm13
-        vpxor	-96(%rax), %ymm8, %ymm14
-        vpsrlq	$37, %ymm10, %ymm0
-        vpsrlq	$28, %ymm11, %ymm1
-        vpsrlq	$54, %ymm12, %ymm2
-        vpsrlq	$49, %ymm13, %ymm3
-        vpsrlq	$8, %ymm14, %ymm4
-        vpsllq	$27, %ymm10, %ymm10
-        vpsllq	$36, %ymm11, %ymm11
-        vpsllq	$10, %ymm12, %ymm12
-        vpsllq	$15, %ymm13, %ymm13
-        vpsllq	$56, %ymm14, %ymm14
-        vpor	%ymm0, %ymm10, %ymm10
-        vpor	%ymm1, %ymm11, %ymm11
-        vpor	%ymm2, %ymm12, %ymm12
-        vpor	%ymm3, %ymm13, %ymm13
-        vpor	%ymm4, %ymm14, %ymm14
-        vpandn	%ymm12, %ymm11, %ymm0
-        vpandn	%ymm13, %ymm12, %ymm1
-        vpandn	%ymm14, %ymm13, %ymm2
-        vpandn	%ymm10, %ymm14, %ymm3
-        vpandn	%ymm11, %ymm10, %ymm4
-        vpxor	%ymm10, %ymm0, %ymm0
-        vpxor	%ymm11, %ymm1, %ymm1
-        vpxor	%ymm12, %ymm2, %ymm2
-        vpxor	%ymm13, %ymm3, %ymm3
-        vpxor	%ymm14, %ymm4, %ymm4
-        vmovdqu	%ymm0, 64(%rax)
-        vmovdqu	%ymm1, -32(%rcx)
-        vmovdqu	%ymm2, 128(%rcx)
-        vmovdqu	%ymm3, (%rdi)
-        vmovdqu	%ymm4, -96(%rax)
-        # Row 4
-        vpxor	96(%rdi), %ymm7, %ymm10
-        vpxor	(%rax), %ymm8, %ymm11
-        vpxor	-96(%rcx), %ymm9, %ymm12
-        vpxor	64(%rcx), %ymm5, %ymm13
-        vpxor	-64(%rdi), %ymm6, %ymm14
-        vpsrlq	$2, %ymm10, %ymm0
-        vpsrlq	$9, %ymm11, %ymm1
-        vpsrlq	$25, %ymm12, %ymm2
-        vpsrlq	$23, %ymm13, %ymm3
-        vpsrlq	$62, %ymm14, %ymm4
-        vpsllq	$62, %ymm10, %ymm10
-        vpsllq	$55, %ymm11, %ymm11
-        vpsllq	$39, %ymm12, %ymm12
-        vpsllq	$41, %ymm13, %ymm13
-        vpsllq	$2, %ymm14, %ymm14
-        vpor	%ymm0, %ymm10, %ymm10
-        vpor	%ymm1, %ymm11, %ymm11
-        vpor	%ymm2, %ymm12, %ymm12
-        vpor	%ymm3, %ymm13, %ymm13
-        vpor	%ymm4, %ymm14, %ymm14
-        vpandn	%ymm12, %ymm11, %ymm0
-        vpandn	%ymm13, %ymm12, %ymm1
-        vpandn	%ymm14, %ymm13, %ymm2
-        vpandn	%ymm10, %ymm14, %ymm3
-        vpandn	%ymm11, %ymm10, %ymm4
-        vpxor	%ymm10, %ymm0, %ymm0
-        vpxor	%ymm11, %ymm1, %ymm1
-        vpxor	%ymm12, %ymm2, %ymm2
-        vpxor	%ymm13, %ymm3, %ymm3
-        vpxor	%ymm14, %ymm4, %ymm4
-        vmovdqu	%ymm0, 96(%rdi)
-        vmovdqu	%ymm1, (%rax)
-        vmovdqu	%ymm2, -96(%rcx)
-        vmovdqu	%ymm3, 64(%rcx)
-        vmovdqu	%ymm4, -64(%rdi)
-        # Round 17
-        # Calc b[0..4]
-        vpxor	%ymm15, %ymm0, %ymm10
-        vpxor	-96(%rdi), %ymm2, %ymm12
-        vpxor	-32(%rdi), %ymm1, %ymm11
-        vpxor	(%rdi), %ymm3, %ymm13
-        vpxor	32(%rdi), %ymm11, %ymm11
-        vpxor	64(%rdi), %ymm13, %ymm13
-        vpxor	128(%rdi), %ymm12, %ymm12
-        vpxor	-96(%rax), %ymm4, %ymm14
-        vpxor	-64(%rax), %ymm12, %ymm12
-        vpxor	-32(%rax), %ymm14, %ymm14
-        vpxor	32(%rax), %ymm13, %ymm13
-        vpxor	64(%rax), %ymm10, %ymm10
-        vpxor	96(%rax), %ymm13, %ymm13
-        vpxor	128(%rax), %ymm10, %ymm10
-        vpxor	-64(%rcx), %ymm14, %ymm14
-        vpxor	-32(%rcx), %ymm11, %ymm11
-        vpxor	(%rcx), %ymm14, %ymm14
-        vpxor	32(%rcx), %ymm11, %ymm11
-        vpxor	96(%rcx), %ymm10, %ymm10
-        vpxor	128(%rcx), %ymm12, %ymm12
-        # Calc t[0..4]
-        vpsrlq	$63, %ymm11, %ymm0
-        vpsrlq	$63, %ymm12, %ymm1
-        vpsrlq	$63, %ymm13, %ymm2
-        vpsrlq	$63, %ymm14, %ymm3
-        vpsrlq	$63, %ymm10, %ymm4
-        vpaddq	%ymm11, %ymm11, %ymm5
-        vpaddq	%ymm12, %ymm12, %ymm6
-        vpaddq	%ymm13, %ymm13, %ymm7
-        vpaddq	%ymm14, %ymm14, %ymm8
-        vpaddq	%ymm10, %ymm10, %ymm9
-        vpor	%ymm0, %ymm5, %ymm5
-        vpor	%ymm1, %ymm6, %ymm6
-        vpor	%ymm2, %ymm7, %ymm7
-        vpor	%ymm3, %ymm8, %ymm8
-        vpor	%ymm4, %ymm9, %ymm9
-        vpxor	%ymm14, %ymm5, %ymm5
-        vpxor	%ymm10, %ymm6, %ymm6
-        vpxor	%ymm11, %ymm7, %ymm7
-        vpxor	%ymm12, %ymm8, %ymm8
-        vpxor	%ymm13, %ymm9, %ymm9
-        # Row Mix
-        # Row 0
-        vpxor	%ymm15, %ymm5, %ymm10
-        vpxor	-32(%rdi), %ymm6, %ymm11
-        vpxor	-96(%rdi), %ymm7, %ymm12
-        vpxor	(%rdi), %ymm8, %ymm13
-        vpxor	-64(%rdi), %ymm9, %ymm14
-        vpsrlq	$20, %ymm11, %ymm0
-        vpsrlq	$21, %ymm12, %ymm1
-        vpsrlq	$43, %ymm13, %ymm2
-        vpsrlq	$50, %ymm14, %ymm3
-        vpsllq	$44, %ymm11, %ymm11
-        vpsllq	$43, %ymm12, %ymm12
-        vpsllq	$21, %ymm13, %ymm13
-        vpsllq	$14, %ymm14, %ymm14
-        vpor	%ymm0, %ymm11, %ymm11
-        vpor	%ymm1, %ymm12, %ymm12
-        vpor	%ymm2, %ymm13, %ymm13
-        vpor	%ymm3, %ymm14, %ymm14
-        vpandn	%ymm12, %ymm11, %ymm15
-        vpandn	%ymm13, %ymm12, %ymm1
-        vpandn	%ymm14, %ymm13, %ymm2
-        vpandn	%ymm10, %ymm14, %ymm3
-        vpandn	%ymm11, %ymm10, %ymm4
-        vpxor	%ymm10, %ymm15, %ymm15
-        vpxor	%ymm11, %ymm1, %ymm1
-        vpxor	%ymm12, %ymm2, %ymm2
-        # XOR in constant
-        vpxor	544(%rdx), %ymm15, %ymm15
-        vpxor	%ymm13, %ymm3, %ymm3
-        vpxor	%ymm14, %ymm4, %ymm4
-        vmovdqu	%ymm1, -32(%rdi)
-        vmovdqu	%ymm2, -96(%rdi)
-        vmovdqu	%ymm3, (%rdi)
-        vmovdqu	%ymm4, -64(%rdi)
-        # Row 1
-        vpxor	96(%rax), %ymm8, %ymm10
-        vpxor	-64(%rcx), %ymm9, %ymm11
-        vpxor	128(%rax), %ymm5, %ymm12
-        vpxor	-32(%rcx), %ymm6, %ymm13
-        vpxor	-96(%rcx), %ymm7, %ymm14
-        vpsrlq	$36, %ymm10, %ymm0
-        vpsrlq	$44, %ymm11, %ymm1
-        vpsrlq	$61, %ymm12, %ymm2
-        vpsrlq	$19, %ymm13, %ymm3
-        vpsrlq	$3, %ymm14, %ymm4
-        vpsllq	$28, %ymm10, %ymm10
-        vpsllq	$20, %ymm11, %ymm11
-        vpsllq	$3, %ymm12, %ymm12
-        vpsllq	$45, %ymm13, %ymm13
-        vpsllq	$61, %ymm14, %ymm14
-        vpor	%ymm0, %ymm10, %ymm10
-        vpor	%ymm1, %ymm11, %ymm11
-        vpor	%ymm2, %ymm12, %ymm12
-        vpor	%ymm3, %ymm13, %ymm13
-        vpor	%ymm4, %ymm14, %ymm14
-        vpandn	%ymm12, %ymm11, %ymm0
-        vpandn	%ymm13, %ymm12, %ymm1
-        vpandn	%ymm14, %ymm13, %ymm2
-        vpandn	%ymm10, %ymm14, %ymm3
-        vpandn	%ymm11, %ymm10, %ymm4
-        vpxor	%ymm10, %ymm0, %ymm0
-        vpxor	%ymm11, %ymm1, %ymm1
-        vpxor	%ymm12, %ymm2, %ymm2
-        vpxor	%ymm13, %ymm3, %ymm3
-        vpxor	%ymm14, %ymm4, %ymm4
-        vmovdqu	%ymm0, 96(%rax)
-        vmovdqu	%ymm1, -64(%rcx)
-        vmovdqu	%ymm2, 128(%rax)
-        vmovdqu	%ymm3, -32(%rcx)
-        vmovdqu	%ymm4, -96(%rcx)
-        # Row 2
-        vpxor	32(%rdi), %ymm6, %ymm10
-        vpxor	128(%rdi), %ymm7, %ymm11
-        vpxor	64(%rdi), %ymm8, %ymm12
-        vpxor	-96(%rax), %ymm9, %ymm13
-        vpxor	96(%rdi), %ymm5, %ymm14
-        vpsrlq	$63, %ymm10, %ymm0
-        vpsrlq	$58, %ymm11, %ymm1
-        vpsrlq	$39, %ymm12, %ymm2
-        vpsrlq	$56, %ymm13, %ymm3
-        vpsrlq	$46, %ymm14, %ymm4
-        vpaddq	%ymm10, %ymm10, %ymm10
-        vpsllq	$6, %ymm11, %ymm11
-        vpsllq	$25, %ymm12, %ymm12
-        vpsllq	$8, %ymm13, %ymm13
-        vpsllq	$18, %ymm14, %ymm14
-        vpor	%ymm0, %ymm10, %ymm10
-        vpor	%ymm1, %ymm11, %ymm11
-        vpor	%ymm2, %ymm12, %ymm12
-        vpor	%ymm3, %ymm13, %ymm13
-        vpor	%ymm4, %ymm14, %ymm14
-        vpandn	%ymm12, %ymm11, %ymm0
-        vpandn	%ymm13, %ymm12, %ymm1
-        vpandn	%ymm14, %ymm13, %ymm2
-        vpandn	%ymm10, %ymm14, %ymm3
-        vpandn	%ymm11, %ymm10, %ymm4
-        vpxor	%ymm10, %ymm0, %ymm0
-        vpxor	%ymm11, %ymm1, %ymm1
-        vpxor	%ymm12, %ymm2, %ymm2
-        vpxor	%ymm13, %ymm3, %ymm3
-        vpxor	%ymm14, %ymm4, %ymm4
-        vmovdqu	%ymm0, 32(%rdi)
-        vmovdqu	%ymm1, 128(%rdi)
-        vmovdqu	%ymm2, 64(%rdi)
-        vmovdqu	%ymm3, -96(%rax)
-        vmovdqu	%ymm4, 96(%rdi)
-        # Row 3
-        vpxor	(%rcx), %ymm9, %ymm10
-        vpxor	96(%rcx), %ymm5, %ymm11
-        vpxor	32(%rcx), %ymm6, %ymm12
-        vpxor	128(%rcx), %ymm7, %ymm13
-        vpxor	64(%rcx), %ymm8, %ymm14
-        vpsrlq	$37, %ymm10, %ymm0
-        vpsrlq	$28, %ymm11, %ymm1
-        vpsrlq	$54, %ymm12, %ymm2
-        vpsrlq	$49, %ymm13, %ymm3
-        vpsrlq	$8, %ymm14, %ymm4
-        vpsllq	$27, %ymm10, %ymm10
-        vpsllq	$36, %ymm11, %ymm11
-        vpsllq	$10, %ymm12, %ymm12
-        vpsllq	$15, %ymm13, %ymm13
-        vpsllq	$56, %ymm14, %ymm14
-        vpor	%ymm0, %ymm10, %ymm10
-        vpor	%ymm1, %ymm11, %ymm11
-        vpor	%ymm2, %ymm12, %ymm12
-        vpor	%ymm3, %ymm13, %ymm13
-        vpor	%ymm4, %ymm14, %ymm14
-        vpandn	%ymm12, %ymm11, %ymm0
-        vpandn	%ymm13, %ymm12, %ymm1
-        vpandn	%ymm14, %ymm13, %ymm2
-        vpandn	%ymm10, %ymm14, %ymm3
-        vpandn	%ymm11, %ymm10, %ymm4
-        vpxor	%ymm10, %ymm0, %ymm0
-        vpxor	%ymm11, %ymm1, %ymm1
-        vpxor	%ymm12, %ymm2, %ymm2
-        vpxor	%ymm13, %ymm3, %ymm3
-        vpxor	%ymm14, %ymm4, %ymm4
-        vmovdqu	%ymm0, (%rcx)
-        vmovdqu	%ymm1, 96(%rcx)
-        vmovdqu	%ymm2, 32(%rcx)
-        vmovdqu	%ymm3, 128(%rcx)
-        vmovdqu	%ymm4, 64(%rcx)
-        # Row 4
-        vpxor	-64(%rax), %ymm7, %ymm10
-        vpxor	32(%rax), %ymm8, %ymm11
-        vpxor	-32(%rax), %ymm9, %ymm12
-        vpxor	64(%rax), %ymm5, %ymm13
-        vpxor	(%rax), %ymm6, %ymm14
-        vpsrlq	$2, %ymm10, %ymm0
-        vpsrlq	$9, %ymm11, %ymm1
-        vpsrlq	$25, %ymm12, %ymm2
-        vpsrlq	$23, %ymm13, %ymm3
-        vpsrlq	$62, %ymm14, %ymm4
-        vpsllq	$62, %ymm10, %ymm10
-        vpsllq	$55, %ymm11, %ymm11
-        vpsllq	$39, %ymm12, %ymm12
-        vpsllq	$41, %ymm13, %ymm13
-        vpsllq	$2, %ymm14, %ymm14
-        vpor	%ymm0, %ymm10, %ymm10
-        vpor	%ymm1, %ymm11, %ymm11
-        vpor	%ymm2, %ymm12, %ymm12
-        vpor	%ymm3, %ymm13, %ymm13
-        vpor	%ymm4, %ymm14, %ymm14
-        vpandn	%ymm12, %ymm11, %ymm0
-        vpandn	%ymm13, %ymm12, %ymm1
-        vpandn	%ymm14, %ymm13, %ymm2
-        vpandn	%ymm10, %ymm14, %ymm3
-        vpandn	%ymm11, %ymm10, %ymm4
-        vpxor	%ymm10, %ymm0, %ymm0
-        vpxor	%ymm11, %ymm1, %ymm1
-        vpxor	%ymm12, %ymm2, %ymm2
-        vpxor	%ymm13, %ymm3, %ymm3
-        vpxor	%ymm14, %ymm4, %ymm4
-        vmovdqu	%ymm0, -64(%rax)
-        vmovdqu	%ymm1, 32(%rax)
-        vmovdqu	%ymm2, -32(%rax)
-        vmovdqu	%ymm3, 64(%rax)
-        vmovdqu	%ymm4, (%rax)
-        # Round 18
-        # Calc b[0..4]
-        vpxor	%ymm15, %ymm0, %ymm10
-        vpxor	-96(%rdi), %ymm2, %ymm12
-        vpxor	-64(%rdi), %ymm4, %ymm14
-        vpxor	-32(%rdi), %ymm1, %ymm11
-        vpxor	(%rdi), %ymm3, %ymm13
-        vpxor	32(%rdi), %ymm10, %ymm10
-        vpxor	64(%rdi), %ymm12, %ymm12
-        vpxor	96(%rdi), %ymm14, %ymm14
-        vpxor	128(%rdi), %ymm11, %ymm11
-        vpxor	-96(%rax), %ymm13, %ymm13
-        vpxor	96(%rax), %ymm10, %ymm10
-        vpxor	128(%rax), %ymm12, %ymm12
-        vpxor	-96(%rcx), %ymm14, %ymm14
-        vpxor	-64(%rcx), %ymm11, %ymm11
-        vpxor	-32(%rcx), %ymm13, %ymm13
-        vpxor	(%rcx), %ymm10, %ymm10
-        vpxor	32(%rcx), %ymm12, %ymm12
-        vpxor	64(%rcx), %ymm14, %ymm14
-        vpxor	96(%rcx), %ymm11, %ymm11
-        vpxor	128(%rcx), %ymm13, %ymm13
-        # Calc t[0..4]
-        vpsrlq	$63, %ymm11, %ymm0
-        vpsrlq	$63, %ymm12, %ymm1
-        vpsrlq	$63, %ymm13, %ymm2
-        vpsrlq	$63, %ymm14, %ymm3
-        vpsrlq	$63, %ymm10, %ymm4
-        vpaddq	%ymm11, %ymm11, %ymm5
-        vpaddq	%ymm12, %ymm12, %ymm6
-        vpaddq	%ymm13, %ymm13, %ymm7
-        vpaddq	%ymm14, %ymm14, %ymm8
-        vpaddq	%ymm10, %ymm10, %ymm9
-        vpor	%ymm0, %ymm5, %ymm5
-        vpor	%ymm1, %ymm6, %ymm6
-        vpor	%ymm2, %ymm7, %ymm7
-        vpor	%ymm3, %ymm8, %ymm8
-        vpor	%ymm4, %ymm9, %ymm9
-        vpxor	%ymm14, %ymm5, %ymm5
-        vpxor	%ymm10, %ymm6, %ymm6
-        vpxor	%ymm11, %ymm7, %ymm7
-        vpxor	%ymm12, %ymm8, %ymm8
-        vpxor	%ymm13, %ymm9, %ymm9
-        # Row Mix
-        # Row 0
-        vpxor	%ymm15, %ymm5, %ymm10
-        vpxor	-64(%rcx), %ymm6, %ymm11
-        vpxor	64(%rdi), %ymm7, %ymm12
-        vpxor	128(%rcx), %ymm8, %ymm13
-        vpxor	(%rax), %ymm9, %ymm14
-        vpsrlq	$20, %ymm11, %ymm0
-        vpsrlq	$21, %ymm12, %ymm1
-        vpsrlq	$43, %ymm13, %ymm2
-        vpsrlq	$50, %ymm14, %ymm3
-        vpsllq	$44, %ymm11, %ymm11
-        vpsllq	$43, %ymm12, %ymm12
-        vpsllq	$21, %ymm13, %ymm13
-        vpsllq	$14, %ymm14, %ymm14
-        vpor	%ymm0, %ymm11, %ymm11
-        vpor	%ymm1, %ymm12, %ymm12
-        vpor	%ymm2, %ymm13, %ymm13
-        vpor	%ymm3, %ymm14, %ymm14
-        vpandn	%ymm12, %ymm11, %ymm15
-        vpandn	%ymm13, %ymm12, %ymm1
-        vpandn	%ymm14, %ymm13, %ymm2
-        vpandn	%ymm10, %ymm14, %ymm3
-        vpandn	%ymm11, %ymm10, %ymm4
-        vpxor	%ymm10, %ymm15, %ymm15
-        vpxor	%ymm11, %ymm1, %ymm1
-        vpxor	%ymm12, %ymm2, %ymm2
-        # XOR in constant
-        vpxor	576(%rdx), %ymm15, %ymm15
-        vpxor	%ymm13, %ymm3, %ymm3
-        vpxor	%ymm14, %ymm4, %ymm4
-        vmovdqu	%ymm1, -64(%rcx)
-        vmovdqu	%ymm2, 64(%rdi)
-        vmovdqu	%ymm3, 128(%rcx)
-        vmovdqu	%ymm4, (%rax)
-        # Row 1
-        vpxor	(%rdi), %ymm8, %ymm10
-        vpxor	-96(%rcx), %ymm9, %ymm11
-        vpxor	32(%rdi), %ymm5, %ymm12
-        vpxor	96(%rcx), %ymm6, %ymm13
-        vpxor	-32(%rax), %ymm7, %ymm14
-        vpsrlq	$36, %ymm10, %ymm0
-        vpsrlq	$44, %ymm11, %ymm1
-        vpsrlq	$61, %ymm12, %ymm2
-        vpsrlq	$19, %ymm13, %ymm3
-        vpsrlq	$3, %ymm14, %ymm4
-        vpsllq	$28, %ymm10, %ymm10
-        vpsllq	$20, %ymm11, %ymm11
-        vpsllq	$3, %ymm12, %ymm12
-        vpsllq	$45, %ymm13, %ymm13
-        vpsllq	$61, %ymm14, %ymm14
-        vpor	%ymm0, %ymm10, %ymm10
-        vpor	%ymm1, %ymm11, %ymm11
-        vpor	%ymm2, %ymm12, %ymm12
-        vpor	%ymm3, %ymm13, %ymm13
-        vpor	%ymm4, %ymm14, %ymm14
-        vpandn	%ymm12, %ymm11, %ymm0
-        vpandn	%ymm13, %ymm12, %ymm1
-        vpandn	%ymm14, %ymm13, %ymm2
-        vpandn	%ymm10, %ymm14, %ymm3
-        vpandn	%ymm11, %ymm10, %ymm4
-        vpxor	%ymm10, %ymm0, %ymm0
-        vpxor	%ymm11, %ymm1, %ymm1
-        vpxor	%ymm12, %ymm2, %ymm2
-        vpxor	%ymm13, %ymm3, %ymm3
-        vpxor	%ymm14, %ymm4, %ymm4
-        vmovdqu	%ymm0, (%rdi)
-        vmovdqu	%ymm1, -96(%rcx)
-        vmovdqu	%ymm2, 32(%rdi)
-        vmovdqu	%ymm3, 96(%rcx)
-        vmovdqu	%ymm4, -32(%rax)
-        # Row 2
-        vpxor	-32(%rdi), %ymm6, %ymm10
-        vpxor	128(%rax), %ymm7, %ymm11
-        vpxor	-96(%rax), %ymm8, %ymm12
-        vpxor	64(%rcx), %ymm9, %ymm13
-        vpxor	-64(%rax), %ymm5, %ymm14
-        vpsrlq	$63, %ymm10, %ymm0
-        vpsrlq	$58, %ymm11, %ymm1
-        vpsrlq	$39, %ymm12, %ymm2
-        vpsrlq	$56, %ymm13, %ymm3
-        vpsrlq	$46, %ymm14, %ymm4
-        vpaddq	%ymm10, %ymm10, %ymm10
-        vpsllq	$6, %ymm11, %ymm11
-        vpsllq	$25, %ymm12, %ymm12
-        vpsllq	$8, %ymm13, %ymm13
-        vpsllq	$18, %ymm14, %ymm14
-        vpor	%ymm0, %ymm10, %ymm10
-        vpor	%ymm1, %ymm11, %ymm11
-        vpor	%ymm2, %ymm12, %ymm12
-        vpor	%ymm3, %ymm13, %ymm13
-        vpor	%ymm4, %ymm14, %ymm14
-        vpandn	%ymm12, %ymm11, %ymm0
-        vpandn	%ymm13, %ymm12, %ymm1
-        vpandn	%ymm14, %ymm13, %ymm2
-        vpandn	%ymm10, %ymm14, %ymm3
-        vpandn	%ymm11, %ymm10, %ymm4
-        vpxor	%ymm10, %ymm0, %ymm0
-        vpxor	%ymm11, %ymm1, %ymm1
-        vpxor	%ymm12, %ymm2, %ymm2
-        vpxor	%ymm13, %ymm3, %ymm3
-        vpxor	%ymm14, %ymm4, %ymm4
-        vmovdqu	%ymm0, -32(%rdi)
-        vmovdqu	%ymm1, 128(%rax)
-        vmovdqu	%ymm2, -96(%rax)
-        vmovdqu	%ymm3, 64(%rcx)
-        vmovdqu	%ymm4, -64(%rax)
-        # Row 3
-        vpxor	-64(%rdi), %ymm9, %ymm10
-        vpxor	96(%rax), %ymm5, %ymm11
-        vpxor	128(%rdi), %ymm6, %ymm12
-        vpxor	32(%rcx), %ymm7, %ymm13
-        vpxor	64(%rax), %ymm8, %ymm14
-        vpsrlq	$37, %ymm10, %ymm0
-        vpsrlq	$28, %ymm11, %ymm1
-        vpsrlq	$54, %ymm12, %ymm2
-        vpsrlq	$49, %ymm13, %ymm3
-        vpsrlq	$8, %ymm14, %ymm4
-        vpsllq	$27, %ymm10, %ymm10
-        vpsllq	$36, %ymm11, %ymm11
-        vpsllq	$10, %ymm12, %ymm12
-        vpsllq	$15, %ymm13, %ymm13
-        vpsllq	$56, %ymm14, %ymm14
-        vpor	%ymm0, %ymm10, %ymm10
-        vpor	%ymm1, %ymm11, %ymm11
-        vpor	%ymm2, %ymm12, %ymm12
-        vpor	%ymm3, %ymm13, %ymm13
-        vpor	%ymm4, %ymm14, %ymm14
-        vpandn	%ymm12, %ymm11, %ymm0
-        vpandn	%ymm13, %ymm12, %ymm1
-        vpandn	%ymm14, %ymm13, %ymm2
-        vpandn	%ymm10, %ymm14, %ymm3
-        vpandn	%ymm11, %ymm10, %ymm4
-        vpxor	%ymm10, %ymm0, %ymm0
-        vpxor	%ymm11, %ymm1, %ymm1
-        vpxor	%ymm12, %ymm2, %ymm2
-        vpxor	%ymm13, %ymm3, %ymm3
-        vpxor	%ymm14, %ymm4, %ymm4
-        vmovdqu	%ymm0, -64(%rdi)
-        vmovdqu	%ymm1, 96(%rax)
-        vmovdqu	%ymm2, 128(%rdi)
-        vmovdqu	%ymm3, 32(%rcx)
-        vmovdqu	%ymm4, 64(%rax)
-        # Row 4
-        vpxor	-96(%rdi), %ymm7, %ymm10
-        vpxor	-32(%rcx), %ymm8, %ymm11
-        vpxor	96(%rdi), %ymm9, %ymm12
-        vpxor	(%rcx), %ymm5, %ymm13
-        vpxor	32(%rax), %ymm6, %ymm14
-        vpsrlq	$2, %ymm10, %ymm0
-        vpsrlq	$9, %ymm11, %ymm1
-        vpsrlq	$25, %ymm12, %ymm2
-        vpsrlq	$23, %ymm13, %ymm3
-        vpsrlq	$62, %ymm14, %ymm4
-        vpsllq	$62, %ymm10, %ymm10
-        vpsllq	$55, %ymm11, %ymm11
-        vpsllq	$39, %ymm12, %ymm12
-        vpsllq	$41, %ymm13, %ymm13
-        vpsllq	$2, %ymm14, %ymm14
-        vpor	%ymm0, %ymm10, %ymm10
-        vpor	%ymm1, %ymm11, %ymm11
-        vpor	%ymm2, %ymm12, %ymm12
-        vpor	%ymm3, %ymm13, %ymm13
-        vpor	%ymm4, %ymm14, %ymm14
-        vpandn	%ymm12, %ymm11, %ymm0
-        vpandn	%ymm13, %ymm12, %ymm1
-        vpandn	%ymm14, %ymm13, %ymm2
-        vpandn	%ymm10, %ymm14, %ymm3
-        vpandn	%ymm11, %ymm10, %ymm4
-        vpxor	%ymm10, %ymm0, %ymm0
-        vpxor	%ymm11, %ymm1, %ymm1
-        vpxor	%ymm12, %ymm2, %ymm2
-        vpxor	%ymm13, %ymm3, %ymm3
-        vpxor	%ymm14, %ymm4, %ymm4
-        vmovdqu	%ymm0, -96(%rdi)
-        vmovdqu	%ymm1, -32(%rcx)
-        vmovdqu	%ymm2, 96(%rdi)
-        vmovdqu	%ymm3, (%rcx)
-        vmovdqu	%ymm4, 32(%rax)
-        # Round 19
-        # Calc b[0..4]
-        vpxor	%ymm15, %ymm0, %ymm10
-        vpxor	-64(%rdi), %ymm10, %ymm10
-        vpxor	-32(%rdi), %ymm10, %ymm10
-        vpxor	(%rdi), %ymm10, %ymm10
-        vpxor	32(%rdi), %ymm2, %ymm12
-        vpxor	64(%rdi), %ymm12, %ymm12
-        vpxor	128(%rdi), %ymm12, %ymm12
-        vpxor	-96(%rax), %ymm12, %ymm12
-        vpxor	-64(%rax), %ymm4, %ymm14
-        vpxor	-32(%rax), %ymm14, %ymm14
-        vpxor	(%rax), %ymm14, %ymm14
-        vpxor	64(%rax), %ymm14, %ymm14
-        vpxor	96(%rax), %ymm1, %ymm11
-        vpxor	128(%rax), %ymm11, %ymm11
-        vpxor	-96(%rcx), %ymm11, %ymm11
-        vpxor	-64(%rcx), %ymm11, %ymm11
-        vpxor	32(%rcx), %ymm3, %ymm13
-        vpxor	64(%rcx), %ymm13, %ymm13
-        vpxor	96(%rcx), %ymm13, %ymm13
-        vpxor	128(%rcx), %ymm13, %ymm13
-        # Calc t[0..4]
-        vpsrlq	$63, %ymm11, %ymm0
-        vpsrlq	$63, %ymm12, %ymm1
-        vpsrlq	$63, %ymm13, %ymm2
-        vpsrlq	$63, %ymm14, %ymm3
-        vpsrlq	$63, %ymm10, %ymm4
-        vpaddq	%ymm11, %ymm11, %ymm5
-        vpaddq	%ymm12, %ymm12, %ymm6
-        vpaddq	%ymm13, %ymm13, %ymm7
-        vpaddq	%ymm14, %ymm14, %ymm8
-        vpaddq	%ymm10, %ymm10, %ymm9
-        vpor	%ymm0, %ymm5, %ymm5
-        vpor	%ymm1, %ymm6, %ymm6
-        vpor	%ymm2, %ymm7, %ymm7
-        vpor	%ymm3, %ymm8, %ymm8
-        vpor	%ymm4, %ymm9, %ymm9
-        vpxor	%ymm14, %ymm5, %ymm5
-        vpxor	%ymm10, %ymm6, %ymm6
-        vpxor	%ymm11, %ymm7, %ymm7
-        vpxor	%ymm12, %ymm8, %ymm8
-        vpxor	%ymm13, %ymm9, %ymm9
-        # Row Mix
-        # Row 0
-        vpxor	%ymm15, %ymm5, %ymm10
-        vpxor	-96(%rcx), %ymm6, %ymm11
-        vpxor	-96(%rax), %ymm7, %ymm12
-        vpxor	32(%rcx), %ymm8, %ymm13
-        vpxor	32(%rax), %ymm9, %ymm14
-        vpsrlq	$20, %ymm11, %ymm0
-        vpsrlq	$21, %ymm12, %ymm1
-        vpsrlq	$43, %ymm13, %ymm2
-        vpsrlq	$50, %ymm14, %ymm3
-        vpsllq	$44, %ymm11, %ymm11
-        vpsllq	$43, %ymm12, %ymm12
-        vpsllq	$21, %ymm13, %ymm13
-        vpsllq	$14, %ymm14, %ymm14
-        vpor	%ymm0, %ymm11, %ymm11
-        vpor	%ymm1, %ymm12, %ymm12
-        vpor	%ymm2, %ymm13, %ymm13
-        vpor	%ymm3, %ymm14, %ymm14
-        vpandn	%ymm12, %ymm11, %ymm15
-        vpandn	%ymm13, %ymm12, %ymm1
-        vpandn	%ymm14, %ymm13, %ymm2
-        vpandn	%ymm10, %ymm14, %ymm3
-        vpandn	%ymm11, %ymm10, %ymm4
-        vpxor	%ymm10, %ymm15, %ymm15
-        vpxor	%ymm11, %ymm1, %ymm1
-        vpxor	%ymm12, %ymm2, %ymm2
-        # XOR in constant
-        vpxor	608(%rdx), %ymm15, %ymm15
-        vpxor	%ymm13, %ymm3, %ymm3
-        vpxor	%ymm14, %ymm4, %ymm4
-        vmovdqu	%ymm1, -96(%rcx)
-        vmovdqu	%ymm2, -96(%rax)
-        vmovdqu	%ymm3, 32(%rcx)
-        vmovdqu	%ymm4, 32(%rax)
-        # Row 1
-        vpxor	128(%rcx), %ymm8, %ymm10
-        vpxor	-32(%rax), %ymm9, %ymm11
-        vpxor	-32(%rdi), %ymm5, %ymm12
-        vpxor	96(%rax), %ymm6, %ymm13
-        vpxor	96(%rdi), %ymm7, %ymm14
-        vpsrlq	$36, %ymm10, %ymm0
-        vpsrlq	$44, %ymm11, %ymm1
-        vpsrlq	$61, %ymm12, %ymm2
-        vpsrlq	$19, %ymm13, %ymm3
-        vpsrlq	$3, %ymm14, %ymm4
-        vpsllq	$28, %ymm10, %ymm10
-        vpsllq	$20, %ymm11, %ymm11
-        vpsllq	$3, %ymm12, %ymm12
-        vpsllq	$45, %ymm13, %ymm13
-        vpsllq	$61, %ymm14, %ymm14
-        vpor	%ymm0, %ymm10, %ymm10
-        vpor	%ymm1, %ymm11, %ymm11
-        vpor	%ymm2, %ymm12, %ymm12
-        vpor	%ymm3, %ymm13, %ymm13
-        vpor	%ymm4, %ymm14, %ymm14
-        vpandn	%ymm12, %ymm11, %ymm0
-        vpandn	%ymm13, %ymm12, %ymm1
-        vpandn	%ymm14, %ymm13, %ymm2
-        vpandn	%ymm10, %ymm14, %ymm3
-        vpandn	%ymm11, %ymm10, %ymm4
-        vpxor	%ymm10, %ymm0, %ymm0
-        vpxor	%ymm11, %ymm1, %ymm1
-        vpxor	%ymm12, %ymm2, %ymm2
-        vpxor	%ymm13, %ymm3, %ymm3
-        vpxor	%ymm14, %ymm4, %ymm4
-        vmovdqu	%ymm0, 128(%rcx)
-        vmovdqu	%ymm1, -32(%rax)
-        vmovdqu	%ymm2, -32(%rdi)
-        vmovdqu	%ymm3, 96(%rax)
-        vmovdqu	%ymm4, 96(%rdi)
-        # Row 2
-        vpxor	-64(%rcx), %ymm6, %ymm10
-        vpxor	32(%rdi), %ymm7, %ymm11
-        vpxor	64(%rcx), %ymm8, %ymm12
-        vpxor	64(%rax), %ymm9, %ymm13
-        vpxor	-96(%rdi), %ymm5, %ymm14
-        vpsrlq	$63, %ymm10, %ymm0
-        vpsrlq	$58, %ymm11, %ymm1
-        vpsrlq	$39, %ymm12, %ymm2
-        vpsrlq	$56, %ymm13, %ymm3
-        vpsrlq	$46, %ymm14, %ymm4
-        vpaddq	%ymm10, %ymm10, %ymm10
-        vpsllq	$6, %ymm11, %ymm11
-        vpsllq	$25, %ymm12, %ymm12
-        vpsllq	$8, %ymm13, %ymm13
-        vpsllq	$18, %ymm14, %ymm14
-        vpor	%ymm0, %ymm10, %ymm10
-        vpor	%ymm1, %ymm11, %ymm11
-        vpor	%ymm2, %ymm12, %ymm12
-        vpor	%ymm3, %ymm13, %ymm13
-        vpor	%ymm4, %ymm14, %ymm14
-        vpandn	%ymm12, %ymm11, %ymm0
-        vpandn	%ymm13, %ymm12, %ymm1
-        vpandn	%ymm14, %ymm13, %ymm2
-        vpandn	%ymm10, %ymm14, %ymm3
-        vpandn	%ymm11, %ymm10, %ymm4
-        vpxor	%ymm10, %ymm0, %ymm0
-        vpxor	%ymm11, %ymm1, %ymm1
-        vpxor	%ymm12, %ymm2, %ymm2
-        vpxor	%ymm13, %ymm3, %ymm3
-        vpxor	%ymm14, %ymm4, %ymm4
-        vmovdqu	%ymm0, -64(%rcx)
-        vmovdqu	%ymm1, 32(%rdi)
-        vmovdqu	%ymm2, 64(%rcx)
-        vmovdqu	%ymm3, 64(%rax)
-        vmovdqu	%ymm4, -96(%rdi)
-        # Row 3
-        vpxor	(%rax), %ymm9, %ymm10
-        vpxor	(%rdi), %ymm5, %ymm11
-        vpxor	128(%rax), %ymm6, %ymm12
-        vpxor	128(%rdi), %ymm7, %ymm13
-        vpxor	(%rcx), %ymm8, %ymm14
-        vpsrlq	$37, %ymm10, %ymm0
-        vpsrlq	$28, %ymm11, %ymm1
-        vpsrlq	$54, %ymm12, %ymm2
-        vpsrlq	$49, %ymm13, %ymm3
-        vpsrlq	$8, %ymm14, %ymm4
-        vpsllq	$27, %ymm10, %ymm10
-        vpsllq	$36, %ymm11, %ymm11
-        vpsllq	$10, %ymm12, %ymm12
-        vpsllq	$15, %ymm13, %ymm13
-        vpsllq	$56, %ymm14, %ymm14
-        vpor	%ymm0, %ymm10, %ymm10
-        vpor	%ymm1, %ymm11, %ymm11
-        vpor	%ymm2, %ymm12, %ymm12
-        vpor	%ymm3, %ymm13, %ymm13
-        vpor	%ymm4, %ymm14, %ymm14
-        vpandn	%ymm12, %ymm11, %ymm0
-        vpandn	%ymm13, %ymm12, %ymm1
-        vpandn	%ymm14, %ymm13, %ymm2
-        vpandn	%ymm10, %ymm14, %ymm3
-        vpandn	%ymm11, %ymm10, %ymm4
-        vpxor	%ymm10, %ymm0, %ymm0
-        vpxor	%ymm11, %ymm1, %ymm1
-        vpxor	%ymm12, %ymm2, %ymm2
-        vpxor	%ymm13, %ymm3, %ymm3
-        vpxor	%ymm14, %ymm4, %ymm4
-        vmovdqu	%ymm0, (%rax)
-        vmovdqu	%ymm1, (%rdi)
-        vmovdqu	%ymm2, 128(%rax)
-        vmovdqu	%ymm3, 128(%rdi)
-        vmovdqu	%ymm4, (%rcx)
-        # Row 4
-        vpxor	64(%rdi), %ymm7, %ymm10
-        vpxor	96(%rcx), %ymm8, %ymm11
-        vpxor	-64(%rax), %ymm9, %ymm12
-        vpxor	-64(%rdi), %ymm5, %ymm13
-        vpxor	-32(%rcx), %ymm6, %ymm14
-        vpsrlq	$2, %ymm10, %ymm0
-        vpsrlq	$9, %ymm11, %ymm1
-        vpsrlq	$25, %ymm12, %ymm2
-        vpsrlq	$23, %ymm13, %ymm3
-        vpsrlq	$62, %ymm14, %ymm4
-        vpsllq	$62, %ymm10, %ymm10
-        vpsllq	$55, %ymm11, %ymm11
-        vpsllq	$39, %ymm12, %ymm12
-        vpsllq	$41, %ymm13, %ymm13
-        vpsllq	$2, %ymm14, %ymm14
-        vpor	%ymm0, %ymm10, %ymm10
-        vpor	%ymm1, %ymm11, %ymm11
-        vpor	%ymm2, %ymm12, %ymm12
-        vpor	%ymm3, %ymm13, %ymm13
-        vpor	%ymm4, %ymm14, %ymm14
-        vpandn	%ymm12, %ymm11, %ymm0
-        vpandn	%ymm13, %ymm12, %ymm1
-        vpandn	%ymm14, %ymm13, %ymm2
-        vpandn	%ymm10, %ymm14, %ymm3
-        vpandn	%ymm11, %ymm10, %ymm4
-        vpxor	%ymm10, %ymm0, %ymm0
-        vpxor	%ymm11, %ymm1, %ymm1
-        vpxor	%ymm12, %ymm2, %ymm2
-        vpxor	%ymm13, %ymm3, %ymm3
-        vpxor	%ymm14, %ymm4, %ymm4
-        vmovdqu	%ymm0, 64(%rdi)
-        vmovdqu	%ymm1, 96(%rcx)
-        vmovdqu	%ymm2, -64(%rax)
-        vmovdqu	%ymm3, -64(%rdi)
-        vmovdqu	%ymm4, -32(%rcx)
-        # Round 20
-        # Calc b[0..4]
-        vpxor	%ymm15, %ymm0, %ymm10
-        vpxor	-96(%rdi), %ymm4, %ymm14
-        vpxor	-32(%rdi), %ymm2, %ymm12
-        vpxor	(%rdi), %ymm1, %ymm11
-        vpxor	32(%rdi), %ymm11, %ymm11
-        vpxor	96(%rdi), %ymm14, %ymm14
-        vpxor	128(%rdi), %ymm3, %ymm13
-        vpxor	-96(%rax), %ymm12, %ymm12
-        vpxor	-32(%rax), %ymm11, %ymm11
-        vpxor	(%rax), %ymm10, %ymm10
-        vpxor	32(%rax), %ymm14, %ymm14
-        vpxor	64(%rax), %ymm13, %ymm13
-        vpxor	96(%rax), %ymm13, %ymm13
-        vpxor	128(%rax), %ymm12, %ymm12
-        vpxor	-96(%rcx), %ymm11, %ymm11
-        vpxor	-64(%rcx), %ymm10, %ymm10
-        vpxor	(%rcx), %ymm14, %ymm14
-        vpxor	32(%rcx), %ymm13, %ymm13
-        vpxor	64(%rcx), %ymm12, %ymm12
-        vpxor	128(%rcx), %ymm10, %ymm10
-        # Calc t[0..4]
-        vpsrlq	$63, %ymm11, %ymm0
-        vpsrlq	$63, %ymm12, %ymm1
-        vpsrlq	$63, %ymm13, %ymm2
-        vpsrlq	$63, %ymm14, %ymm3
-        vpsrlq	$63, %ymm10, %ymm4
-        vpaddq	%ymm11, %ymm11, %ymm5
-        vpaddq	%ymm12, %ymm12, %ymm6
-        vpaddq	%ymm13, %ymm13, %ymm7
-        vpaddq	%ymm14, %ymm14, %ymm8
-        vpaddq	%ymm10, %ymm10, %ymm9
-        vpor	%ymm0, %ymm5, %ymm5
-        vpor	%ymm1, %ymm6, %ymm6
-        vpor	%ymm2, %ymm7, %ymm7
-        vpor	%ymm3, %ymm8, %ymm8
-        vpor	%ymm4, %ymm9, %ymm9
-        vpxor	%ymm14, %ymm5, %ymm5
-        vpxor	%ymm10, %ymm6, %ymm6
-        vpxor	%ymm11, %ymm7, %ymm7
-        vpxor	%ymm12, %ymm8, %ymm8
-        vpxor	%ymm13, %ymm9, %ymm9
-        # Row Mix
-        # Row 0
-        vpxor	%ymm15, %ymm5, %ymm10
-        vpxor	-32(%rax), %ymm6, %ymm11
-        vpxor	64(%rcx), %ymm7, %ymm12
-        vpxor	128(%rdi), %ymm8, %ymm13
-        vpxor	-32(%rcx), %ymm9, %ymm14
-        vpsrlq	$20, %ymm11, %ymm0
-        vpsrlq	$21, %ymm12, %ymm1
-        vpsrlq	$43, %ymm13, %ymm2
-        vpsrlq	$50, %ymm14, %ymm3
-        vpsllq	$44, %ymm11, %ymm11
-        vpsllq	$43, %ymm12, %ymm12
-        vpsllq	$21, %ymm13, %ymm13
-        vpsllq	$14, %ymm14, %ymm14
-        vpor	%ymm0, %ymm11, %ymm11
-        vpor	%ymm1, %ymm12, %ymm12
-        vpor	%ymm2, %ymm13, %ymm13
-        vpor	%ymm3, %ymm14, %ymm14
-        vpandn	%ymm12, %ymm11, %ymm15
-        vpandn	%ymm13, %ymm12, %ymm1
-        vpandn	%ymm14, %ymm13, %ymm2
-        vpandn	%ymm10, %ymm14, %ymm3
-        vpandn	%ymm11, %ymm10, %ymm4
-        vpxor	%ymm10, %ymm15, %ymm15
-        vpxor	%ymm11, %ymm1, %ymm1
-        vpxor	%ymm12, %ymm2, %ymm2
-        # XOR in constant
-        vpxor	640(%rdx), %ymm15, %ymm15
-        vpxor	%ymm13, %ymm3, %ymm3
-        vpxor	%ymm14, %ymm4, %ymm4
-        vmovdqu	%ymm1, -32(%rax)
-        vmovdqu	%ymm2, 64(%rcx)
-        vmovdqu	%ymm3, 128(%rdi)
-        vmovdqu	%ymm4, -32(%rcx)
-        # Row 1
-        vpxor	32(%rcx), %ymm8, %ymm10
-        vpxor	96(%rdi), %ymm9, %ymm11
-        vpxor	-64(%rcx), %ymm5, %ymm12
-        vpxor	(%rdi), %ymm6, %ymm13
-        vpxor	-64(%rax), %ymm7, %ymm14
-        vpsrlq	$36, %ymm10, %ymm0
-        vpsrlq	$44, %ymm11, %ymm1
-        vpsrlq	$61, %ymm12, %ymm2
-        vpsrlq	$19, %ymm13, %ymm3
-        vpsrlq	$3, %ymm14, %ymm4
-        vpsllq	$28, %ymm10, %ymm10
-        vpsllq	$20, %ymm11, %ymm11
-        vpsllq	$3, %ymm12, %ymm12
-        vpsllq	$45, %ymm13, %ymm13
-        vpsllq	$61, %ymm14, %ymm14
-        vpor	%ymm0, %ymm10, %ymm10
-        vpor	%ymm1, %ymm11, %ymm11
-        vpor	%ymm2, %ymm12, %ymm12
-        vpor	%ymm3, %ymm13, %ymm13
-        vpor	%ymm4, %ymm14, %ymm14
-        vpandn	%ymm12, %ymm11, %ymm0
-        vpandn	%ymm13, %ymm12, %ymm1
-        vpandn	%ymm14, %ymm13, %ymm2
-        vpandn	%ymm10, %ymm14, %ymm3
-        vpandn	%ymm11, %ymm10, %ymm4
-        vpxor	%ymm10, %ymm0, %ymm0
-        vpxor	%ymm11, %ymm1, %ymm1
-        vpxor	%ymm12, %ymm2, %ymm2
-        vpxor	%ymm13, %ymm3, %ymm3
-        vpxor	%ymm14, %ymm4, %ymm4
-        vmovdqu	%ymm0, 32(%rcx)
-        vmovdqu	%ymm1, 96(%rdi)
-        vmovdqu	%ymm2, -64(%rcx)
-        vmovdqu	%ymm3, (%rdi)
-        vmovdqu	%ymm4, -64(%rax)
-        # Row 2
-        vpxor	-96(%rcx), %ymm6, %ymm10
-        vpxor	-32(%rdi), %ymm7, %ymm11
-        vpxor	64(%rax), %ymm8, %ymm12
-        vpxor	(%rcx), %ymm9, %ymm13
-        vpxor	64(%rdi), %ymm5, %ymm14
-        vpsrlq	$63, %ymm10, %ymm0
-        vpsrlq	$58, %ymm11, %ymm1
-        vpsrlq	$39, %ymm12, %ymm2
-        vpsrlq	$56, %ymm13, %ymm3
-        vpsrlq	$46, %ymm14, %ymm4
-        vpaddq	%ymm10, %ymm10, %ymm10
-        vpsllq	$6, %ymm11, %ymm11
-        vpsllq	$25, %ymm12, %ymm12
-        vpsllq	$8, %ymm13, %ymm13
-        vpsllq	$18, %ymm14, %ymm14
-        vpor	%ymm0, %ymm10, %ymm10
-        vpor	%ymm1, %ymm11, %ymm11
-        vpor	%ymm2, %ymm12, %ymm12
-        vpor	%ymm3, %ymm13, %ymm13
-        vpor	%ymm4, %ymm14, %ymm14
-        vpandn	%ymm12, %ymm11, %ymm0
-        vpandn	%ymm13, %ymm12, %ymm1
-        vpandn	%ymm14, %ymm13, %ymm2
-        vpandn	%ymm10, %ymm14, %ymm3
-        vpandn	%ymm11, %ymm10, %ymm4
-        vpxor	%ymm10, %ymm0, %ymm0
-        vpxor	%ymm11, %ymm1, %ymm1
-        vpxor	%ymm12, %ymm2, %ymm2
-        vpxor	%ymm13, %ymm3, %ymm3
-        vpxor	%ymm14, %ymm4, %ymm4
-        vmovdqu	%ymm0, -96(%rcx)
-        vmovdqu	%ymm1, -32(%rdi)
-        vmovdqu	%ymm2, 64(%rax)
-        vmovdqu	%ymm3, (%rcx)
-        vmovdqu	%ymm4, 64(%rdi)
-        # Row 3
-        vpxor	32(%rax), %ymm9, %ymm10
-        vpxor	128(%rcx), %ymm5, %ymm11
-        vpxor	32(%rdi), %ymm6, %ymm12
-        vpxor	128(%rax), %ymm7, %ymm13
-        vpxor	-64(%rdi), %ymm8, %ymm14
-        vpsrlq	$37, %ymm10, %ymm0
-        vpsrlq	$28, %ymm11, %ymm1
-        vpsrlq	$54, %ymm12, %ymm2
-        vpsrlq	$49, %ymm13, %ymm3
-        vpsrlq	$8, %ymm14, %ymm4
-        vpsllq	$27, %ymm10, %ymm10
-        vpsllq	$36, %ymm11, %ymm11
-        vpsllq	$10, %ymm12, %ymm12
-        vpsllq	$15, %ymm13, %ymm13
-        vpsllq	$56, %ymm14, %ymm14
-        vpor	%ymm0, %ymm10, %ymm10
-        vpor	%ymm1, %ymm11, %ymm11
-        vpor	%ymm2, %ymm12, %ymm12
-        vpor	%ymm3, %ymm13, %ymm13
-        vpor	%ymm4, %ymm14, %ymm14
-        vpandn	%ymm12, %ymm11, %ymm0
-        vpandn	%ymm13, %ymm12, %ymm1
-        vpandn	%ymm14, %ymm13, %ymm2
-        vpandn	%ymm10, %ymm14, %ymm3
-        vpandn	%ymm11, %ymm10, %ymm4
-        vpxor	%ymm10, %ymm0, %ymm0
-        vpxor	%ymm11, %ymm1, %ymm1
-        vpxor	%ymm12, %ymm2, %ymm2
-        vpxor	%ymm13, %ymm3, %ymm3
-        vpxor	%ymm14, %ymm4, %ymm4
-        vmovdqu	%ymm0, 32(%rax)
-        vmovdqu	%ymm1, 128(%rcx)
-        vmovdqu	%ymm2, 32(%rdi)
-        vmovdqu	%ymm3, 128(%rax)
-        vmovdqu	%ymm4, -64(%rdi)
-        # Row 4
-        vpxor	-96(%rax), %ymm7, %ymm10
-        vpxor	96(%rax), %ymm8, %ymm11
-        vpxor	-96(%rdi), %ymm9, %ymm12
-        vpxor	(%rax), %ymm5, %ymm13
-        vpxor	96(%rcx), %ymm6, %ymm14
-        vpsrlq	$2, %ymm10, %ymm0
-        vpsrlq	$9, %ymm11, %ymm1
-        vpsrlq	$25, %ymm12, %ymm2
-        vpsrlq	$23, %ymm13, %ymm3
-        vpsrlq	$62, %ymm14, %ymm4
-        vpsllq	$62, %ymm10, %ymm10
-        vpsllq	$55, %ymm11, %ymm11
-        vpsllq	$39, %ymm12, %ymm12
-        vpsllq	$41, %ymm13, %ymm13
-        vpsllq	$2, %ymm14, %ymm14
-        vpor	%ymm0, %ymm10, %ymm10
-        vpor	%ymm1, %ymm11, %ymm11
-        vpor	%ymm2, %ymm12, %ymm12
-        vpor	%ymm3, %ymm13, %ymm13
-        vpor	%ymm4, %ymm14, %ymm14
-        vpandn	%ymm12, %ymm11, %ymm0
-        vpandn	%ymm13, %ymm12, %ymm1
-        vpandn	%ymm14, %ymm13, %ymm2
-        vpandn	%ymm10, %ymm14, %ymm3
-        vpandn	%ymm11, %ymm10, %ymm4
-        vpxor	%ymm10, %ymm0, %ymm0
-        vpxor	%ymm11, %ymm1, %ymm1
-        vpxor	%ymm12, %ymm2, %ymm2
-        vpxor	%ymm13, %ymm3, %ymm3
-        vpxor	%ymm14, %ymm4, %ymm4
-        vmovdqu	%ymm0, -96(%rax)
-        vmovdqu	%ymm1, 96(%rax)
-        vmovdqu	%ymm2, -96(%rdi)
-        vmovdqu	%ymm3, (%rax)
-        vmovdqu	%ymm4, 96(%rcx)
-        # Round 21
-        # Calc b[0..4]
-        vpxor	%ymm15, %ymm0, %ymm10
-        vpxor	-64(%rdi), %ymm4, %ymm14
-        vpxor	-32(%rdi), %ymm1, %ymm11
-        vpxor	(%rdi), %ymm3, %ymm13
-        vpxor	32(%rdi), %ymm2, %ymm12
-        vpxor	64(%rdi), %ymm14, %ymm14
-        vpxor	96(%rdi), %ymm11, %ymm11
-        vpxor	128(%rdi), %ymm13, %ymm13
-        vpxor	-64(%rax), %ymm14, %ymm14
-        vpxor	-32(%rax), %ymm11, %ymm11
-        vpxor	32(%rax), %ymm10, %ymm10
-        vpxor	64(%rax), %ymm12, %ymm12
-        vpxor	128(%rax), %ymm13, %ymm13
-        vpxor	-96(%rcx), %ymm10, %ymm10
-        vpxor	-64(%rcx), %ymm12, %ymm12
-        vpxor	-32(%rcx), %ymm14, %ymm14
-        vpxor	(%rcx), %ymm13, %ymm13
-        vpxor	32(%rcx), %ymm10, %ymm10
-        vpxor	64(%rcx), %ymm12, %ymm12
-        vpxor	128(%rcx), %ymm11, %ymm11
-        # Calc t[0..4]
-        vpsrlq	$63, %ymm11, %ymm0
-        vpsrlq	$63, %ymm12, %ymm1
-        vpsrlq	$63, %ymm13, %ymm2
-        vpsrlq	$63, %ymm14, %ymm3
-        vpsrlq	$63, %ymm10, %ymm4
-        vpaddq	%ymm11, %ymm11, %ymm5
-        vpaddq	%ymm12, %ymm12, %ymm6
-        vpaddq	%ymm13, %ymm13, %ymm7
-        vpaddq	%ymm14, %ymm14, %ymm8
-        vpaddq	%ymm10, %ymm10, %ymm9
-        vpor	%ymm0, %ymm5, %ymm5
-        vpor	%ymm1, %ymm6, %ymm6
-        vpor	%ymm2, %ymm7, %ymm7
-        vpor	%ymm3, %ymm8, %ymm8
-        vpor	%ymm4, %ymm9, %ymm9
-        vpxor	%ymm14, %ymm5, %ymm5
-        vpxor	%ymm10, %ymm6, %ymm6
-        vpxor	%ymm11, %ymm7, %ymm7
-        vpxor	%ymm12, %ymm8, %ymm8
-        vpxor	%ymm13, %ymm9, %ymm9
-        # Row Mix
-        # Row 0
-        vpxor	%ymm15, %ymm5, %ymm10
-        vpxor	96(%rdi), %ymm6, %ymm11
-        vpxor	64(%rax), %ymm7, %ymm12
-        vpxor	128(%rax), %ymm8, %ymm13
-        vpxor	96(%rcx), %ymm9, %ymm14
-        vpsrlq	$20, %ymm11, %ymm0
-        vpsrlq	$21, %ymm12, %ymm1
-        vpsrlq	$43, %ymm13, %ymm2
-        vpsrlq	$50, %ymm14, %ymm3
-        vpsllq	$44, %ymm11, %ymm11
-        vpsllq	$43, %ymm12, %ymm12
-        vpsllq	$21, %ymm13, %ymm13
-        vpsllq	$14, %ymm14, %ymm14
-        vpor	%ymm0, %ymm11, %ymm11
-        vpor	%ymm1, %ymm12, %ymm12
-        vpor	%ymm2, %ymm13, %ymm13
-        vpor	%ymm3, %ymm14, %ymm14
-        vpandn	%ymm12, %ymm11, %ymm15
-        vpandn	%ymm13, %ymm12, %ymm1
-        vpandn	%ymm14, %ymm13, %ymm2
-        vpandn	%ymm10, %ymm14, %ymm3
-        vpandn	%ymm11, %ymm10, %ymm4
-        vpxor	%ymm10, %ymm15, %ymm15
-        vpxor	%ymm11, %ymm1, %ymm1
-        vpxor	%ymm12, %ymm2, %ymm2
-        # XOR in constant
-        vpxor	672(%rdx), %ymm15, %ymm15
-        vpxor	%ymm13, %ymm3, %ymm3
-        vpxor	%ymm14, %ymm4, %ymm4
-        vmovdqu	%ymm1, 96(%rdi)
-        vmovdqu	%ymm2, 64(%rax)
-        vmovdqu	%ymm3, 128(%rax)
-        vmovdqu	%ymm4, 96(%rcx)
-        # Row 1
-        vpxor	128(%rdi), %ymm8, %ymm10
-        vpxor	-64(%rax), %ymm9, %ymm11
-        vpxor	-96(%rcx), %ymm5, %ymm12
-        vpxor	128(%rcx), %ymm6, %ymm13
-        vpxor	-96(%rdi), %ymm7, %ymm14
-        vpsrlq	$36, %ymm10, %ymm0
-        vpsrlq	$44, %ymm11, %ymm1
-        vpsrlq	$61, %ymm12, %ymm2
-        vpsrlq	$19, %ymm13, %ymm3
-        vpsrlq	$3, %ymm14, %ymm4
-        vpsllq	$28, %ymm10, %ymm10
-        vpsllq	$20, %ymm11, %ymm11
-        vpsllq	$3, %ymm12, %ymm12
-        vpsllq	$45, %ymm13, %ymm13
-        vpsllq	$61, %ymm14, %ymm14
-        vpor	%ymm0, %ymm10, %ymm10
-        vpor	%ymm1, %ymm11, %ymm11
-        vpor	%ymm2, %ymm12, %ymm12
-        vpor	%ymm3, %ymm13, %ymm13
-        vpor	%ymm4, %ymm14, %ymm14
-        vpandn	%ymm12, %ymm11, %ymm0
-        vpandn	%ymm13, %ymm12, %ymm1
-        vpandn	%ymm14, %ymm13, %ymm2
-        vpandn	%ymm10, %ymm14, %ymm3
-        vpandn	%ymm11, %ymm10, %ymm4
-        vpxor	%ymm10, %ymm0, %ymm0
-        vpxor	%ymm11, %ymm1, %ymm1
-        vpxor	%ymm12, %ymm2, %ymm2
-        vpxor	%ymm13, %ymm3, %ymm3
-        vpxor	%ymm14, %ymm4, %ymm4
-        vmovdqu	%ymm0, 128(%rdi)
-        vmovdqu	%ymm1, -64(%rax)
-        vmovdqu	%ymm2, -96(%rcx)
-        vmovdqu	%ymm3, 128(%rcx)
-        vmovdqu	%ymm4, -96(%rdi)
-        # Row 2
-        vpxor	-32(%rax), %ymm6, %ymm10
-        vpxor	-64(%rcx), %ymm7, %ymm11
-        vpxor	(%rcx), %ymm8, %ymm12
-        vpxor	-64(%rdi), %ymm9, %ymm13
-        vpxor	-96(%rax), %ymm5, %ymm14
-        vpsrlq	$63, %ymm10, %ymm0
-        vpsrlq	$58, %ymm11, %ymm1
-        vpsrlq	$39, %ymm12, %ymm2
-        vpsrlq	$56, %ymm13, %ymm3
-        vpsrlq	$46, %ymm14, %ymm4
-        vpaddq	%ymm10, %ymm10, %ymm10
-        vpsllq	$6, %ymm11, %ymm11
-        vpsllq	$25, %ymm12, %ymm12
-        vpsllq	$8, %ymm13, %ymm13
-        vpsllq	$18, %ymm14, %ymm14
-        vpor	%ymm0, %ymm10, %ymm10
-        vpor	%ymm1, %ymm11, %ymm11
-        vpor	%ymm2, %ymm12, %ymm12
-        vpor	%ymm3, %ymm13, %ymm13
-        vpor	%ymm4, %ymm14, %ymm14
-        vpandn	%ymm12, %ymm11, %ymm0
-        vpandn	%ymm13, %ymm12, %ymm1
-        vpandn	%ymm14, %ymm13, %ymm2
-        vpandn	%ymm10, %ymm14, %ymm3
-        vpandn	%ymm11, %ymm10, %ymm4
-        vpxor	%ymm10, %ymm0, %ymm0
-        vpxor	%ymm11, %ymm1, %ymm1
-        vpxor	%ymm12, %ymm2, %ymm2
-        vpxor	%ymm13, %ymm3, %ymm3
-        vpxor	%ymm14, %ymm4, %ymm4
-        vmovdqu	%ymm0, -32(%rax)
-        vmovdqu	%ymm1, -64(%rcx)
-        vmovdqu	%ymm2, (%rcx)
-        vmovdqu	%ymm3, -64(%rdi)
-        vmovdqu	%ymm4, -96(%rax)
-        # Row 3
-        vpxor	-32(%rcx), %ymm9, %ymm10
-        vpxor	32(%rcx), %ymm5, %ymm11
-        vpxor	-32(%rdi), %ymm6, %ymm12
-        vpxor	32(%rdi), %ymm7, %ymm13
-        vpxor	(%rax), %ymm8, %ymm14
-        vpsrlq	$37, %ymm10, %ymm0
-        vpsrlq	$28, %ymm11, %ymm1
-        vpsrlq	$54, %ymm12, %ymm2
-        vpsrlq	$49, %ymm13, %ymm3
-        vpsrlq	$8, %ymm14, %ymm4
-        vpsllq	$27, %ymm10, %ymm10
-        vpsllq	$36, %ymm11, %ymm11
-        vpsllq	$10, %ymm12, %ymm12
-        vpsllq	$15, %ymm13, %ymm13
-        vpsllq	$56, %ymm14, %ymm14
-        vpor	%ymm0, %ymm10, %ymm10
-        vpor	%ymm1, %ymm11, %ymm11
-        vpor	%ymm2, %ymm12, %ymm12
-        vpor	%ymm3, %ymm13, %ymm13
-        vpor	%ymm4, %ymm14, %ymm14
-        vpandn	%ymm12, %ymm11, %ymm0
-        vpandn	%ymm13, %ymm12, %ymm1
-        vpandn	%ymm14, %ymm13, %ymm2
-        vpandn	%ymm10, %ymm14, %ymm3
-        vpandn	%ymm11, %ymm10, %ymm4
-        vpxor	%ymm10, %ymm0, %ymm0
-        vpxor	%ymm11, %ymm1, %ymm1
-        vpxor	%ymm12, %ymm2, %ymm2
-        vpxor	%ymm13, %ymm3, %ymm3
-        vpxor	%ymm14, %ymm4, %ymm4
-        vmovdqu	%ymm0, -32(%rcx)
-        vmovdqu	%ymm1, 32(%rcx)
-        vmovdqu	%ymm2, -32(%rdi)
-        vmovdqu	%ymm3, 32(%rdi)
-        vmovdqu	%ymm4, (%rax)
-        # Row 4
-        vpxor	64(%rcx), %ymm7, %ymm10
-        vpxor	(%rdi), %ymm8, %ymm11
-        vpxor	64(%rdi), %ymm9, %ymm12
-        vpxor	32(%rax), %ymm5, %ymm13
-        vpxor	96(%rax), %ymm6, %ymm14
-        vpsrlq	$2, %ymm10, %ymm0
-        vpsrlq	$9, %ymm11, %ymm1
-        vpsrlq	$25, %ymm12, %ymm2
-        vpsrlq	$23, %ymm13, %ymm3
-        vpsrlq	$62, %ymm14, %ymm4
-        vpsllq	$62, %ymm10, %ymm10
-        vpsllq	$55, %ymm11, %ymm11
-        vpsllq	$39, %ymm12, %ymm12
-        vpsllq	$41, %ymm13, %ymm13
-        vpsllq	$2, %ymm14, %ymm14
-        vpor	%ymm0, %ymm10, %ymm10
-        vpor	%ymm1, %ymm11, %ymm11
-        vpor	%ymm2, %ymm12, %ymm12
-        vpor	%ymm3, %ymm13, %ymm13
-        vpor	%ymm4, %ymm14, %ymm14
-        vpandn	%ymm12, %ymm11, %ymm0
-        vpandn	%ymm13, %ymm12, %ymm1
-        vpandn	%ymm14, %ymm13, %ymm2
-        vpandn	%ymm10, %ymm14, %ymm3
-        vpandn	%ymm11, %ymm10, %ymm4
-        vpxor	%ymm10, %ymm0, %ymm0
-        vpxor	%ymm11, %ymm1, %ymm1
-        vpxor	%ymm12, %ymm2, %ymm2
-        vpxor	%ymm13, %ymm3, %ymm3
-        vpxor	%ymm14, %ymm4, %ymm4
-        vmovdqu	%ymm0, 64(%rcx)
-        vmovdqu	%ymm1, (%rdi)
-        vmovdqu	%ymm2, 64(%rdi)
-        vmovdqu	%ymm3, 32(%rax)
-        vmovdqu	%ymm4, 96(%rax)
-        # Round 22
-        # Calc b[0..4]
-        vpxor	%ymm15, %ymm0, %ymm10
-        vpxor	-96(%rdi), %ymm4, %ymm14
-        vpxor	-64(%rdi), %ymm3, %ymm13
-        vpxor	-32(%rdi), %ymm2, %ymm12
-        vpxor	32(%rdi), %ymm13, %ymm13
-        vpxor	96(%rdi), %ymm1, %ymm11
-        vpxor	128(%rdi), %ymm10, %ymm10
-        vpxor	-96(%rax), %ymm14, %ymm14
-        vpxor	-64(%rax), %ymm11, %ymm11
-        vpxor	-32(%rax), %ymm10, %ymm10
-        vpxor	(%rax), %ymm14, %ymm14
-        vpxor	64(%rax), %ymm12, %ymm12
-        vpxor	128(%rax), %ymm13, %ymm13
-        vpxor	-96(%rcx), %ymm12, %ymm12
-        vpxor	-64(%rcx), %ymm11, %ymm11
-        vpxor	-32(%rcx), %ymm10, %ymm10
-        vpxor	(%rcx), %ymm12, %ymm12
-        vpxor	32(%rcx), %ymm11, %ymm11
-        vpxor	96(%rcx), %ymm14, %ymm14
-        vpxor	128(%rcx), %ymm13, %ymm13
-        # Calc t[0..4]
-        vpsrlq	$63, %ymm11, %ymm0
-        vpsrlq	$63, %ymm12, %ymm1
-        vpsrlq	$63, %ymm13, %ymm2
-        vpsrlq	$63, %ymm14, %ymm3
-        vpsrlq	$63, %ymm10, %ymm4
-        vpaddq	%ymm11, %ymm11, %ymm5
-        vpaddq	%ymm12, %ymm12, %ymm6
-        vpaddq	%ymm13, %ymm13, %ymm7
-        vpaddq	%ymm14, %ymm14, %ymm8
-        vpaddq	%ymm10, %ymm10, %ymm9
-        vpor	%ymm0, %ymm5, %ymm5
-        vpor	%ymm1, %ymm6, %ymm6
-        vpor	%ymm2, %ymm7, %ymm7
-        vpor	%ymm3, %ymm8, %ymm8
-        vpor	%ymm4, %ymm9, %ymm9
-        vpxor	%ymm14, %ymm5, %ymm5
-        vpxor	%ymm10, %ymm6, %ymm6
-        vpxor	%ymm11, %ymm7, %ymm7
-        vpxor	%ymm12, %ymm8, %ymm8
-        vpxor	%ymm13, %ymm9, %ymm9
-        # Row Mix
-        # Row 0
-        vpxor	%ymm15, %ymm5, %ymm10
-        vpxor	-64(%rax), %ymm6, %ymm11
-        vpxor	(%rcx), %ymm7, %ymm12
-        vpxor	32(%rdi), %ymm8, %ymm13
-        vpxor	96(%rax), %ymm9, %ymm14
-        vpsrlq	$20, %ymm11, %ymm0
-        vpsrlq	$21, %ymm12, %ymm1
-        vpsrlq	$43, %ymm13, %ymm2
-        vpsrlq	$50, %ymm14, %ymm3
-        vpsllq	$44, %ymm11, %ymm11
-        vpsllq	$43, %ymm12, %ymm12
-        vpsllq	$21, %ymm13, %ymm13
-        vpsllq	$14, %ymm14, %ymm14
-        vpor	%ymm0, %ymm11, %ymm11
-        vpor	%ymm1, %ymm12, %ymm12
-        vpor	%ymm2, %ymm13, %ymm13
-        vpor	%ymm3, %ymm14, %ymm14
-        vpandn	%ymm12, %ymm11, %ymm15
-        vpandn	%ymm13, %ymm12, %ymm1
-        vpandn	%ymm14, %ymm13, %ymm2
-        vpandn	%ymm10, %ymm14, %ymm3
-        vpandn	%ymm11, %ymm10, %ymm4
-        vpxor	%ymm10, %ymm15, %ymm15
-        vpxor	%ymm11, %ymm1, %ymm1
-        vpxor	%ymm12, %ymm2, %ymm2
-        # XOR in constant
-        vpxor	704(%rdx), %ymm15, %ymm15
-        vpxor	%ymm13, %ymm3, %ymm3
-        vpxor	%ymm14, %ymm4, %ymm4
-        vmovdqu	%ymm1, -64(%rax)
-        vmovdqu	%ymm2, (%rcx)
-        vmovdqu	%ymm3, 32(%rdi)
-        vmovdqu	%ymm4, 96(%rax)
-        # Row 1
-        vpxor	128(%rax), %ymm8, %ymm10
-        vpxor	-96(%rdi), %ymm9, %ymm11
-        vpxor	-32(%rax), %ymm5, %ymm12
-        vpxor	32(%rcx), %ymm6, %ymm13
-        vpxor	64(%rdi), %ymm7, %ymm14
-        vpsrlq	$36, %ymm10, %ymm0
-        vpsrlq	$44, %ymm11, %ymm1
-        vpsrlq	$61, %ymm12, %ymm2
-        vpsrlq	$19, %ymm13, %ymm3
-        vpsrlq	$3, %ymm14, %ymm4
-        vpsllq	$28, %ymm10, %ymm10
-        vpsllq	$20, %ymm11, %ymm11
-        vpsllq	$3, %ymm12, %ymm12
-        vpsllq	$45, %ymm13, %ymm13
-        vpsllq	$61, %ymm14, %ymm14
-        vpor	%ymm0, %ymm10, %ymm10
-        vpor	%ymm1, %ymm11, %ymm11
-        vpor	%ymm2, %ymm12, %ymm12
-        vpor	%ymm3, %ymm13, %ymm13
-        vpor	%ymm4, %ymm14, %ymm14
-        vpandn	%ymm12, %ymm11, %ymm0
-        vpandn	%ymm13, %ymm12, %ymm1
-        vpandn	%ymm14, %ymm13, %ymm2
-        vpandn	%ymm10, %ymm14, %ymm3
-        vpandn	%ymm11, %ymm10, %ymm4
-        vpxor	%ymm10, %ymm0, %ymm0
-        vpxor	%ymm11, %ymm1, %ymm1
-        vpxor	%ymm12, %ymm2, %ymm2
-        vpxor	%ymm13, %ymm3, %ymm3
-        vpxor	%ymm14, %ymm4, %ymm4
-        vmovdqu	%ymm0, 128(%rax)
-        vmovdqu	%ymm1, -96(%rdi)
-        vmovdqu	%ymm2, -32(%rax)
-        vmovdqu	%ymm3, 32(%rcx)
-        vmovdqu	%ymm4, 64(%rdi)
-        # Row 2
-        vpxor	96(%rdi), %ymm6, %ymm10
-        vpxor	-96(%rcx), %ymm7, %ymm11
-        vpxor	-64(%rdi), %ymm8, %ymm12
-        vpxor	(%rax), %ymm9, %ymm13
-        vpxor	64(%rcx), %ymm5, %ymm14
-        vpsrlq	$63, %ymm10, %ymm0
-        vpsrlq	$58, %ymm11, %ymm1
-        vpsrlq	$39, %ymm12, %ymm2
-        vpsrlq	$56, %ymm13, %ymm3
-        vpsrlq	$46, %ymm14, %ymm4
-        vpaddq	%ymm10, %ymm10, %ymm10
-        vpsllq	$6, %ymm11, %ymm11
-        vpsllq	$25, %ymm12, %ymm12
-        vpsllq	$8, %ymm13, %ymm13
-        vpsllq	$18, %ymm14, %ymm14
-        vpor	%ymm0, %ymm10, %ymm10
-        vpor	%ymm1, %ymm11, %ymm11
-        vpor	%ymm2, %ymm12, %ymm12
-        vpor	%ymm3, %ymm13, %ymm13
-        vpor	%ymm4, %ymm14, %ymm14
-        vpandn	%ymm12, %ymm11, %ymm0
-        vpandn	%ymm13, %ymm12, %ymm1
-        vpandn	%ymm14, %ymm13, %ymm2
-        vpandn	%ymm10, %ymm14, %ymm3
-        vpandn	%ymm11, %ymm10, %ymm4
-        vpxor	%ymm10, %ymm0, %ymm0
-        vpxor	%ymm11, %ymm1, %ymm1
-        vpxor	%ymm12, %ymm2, %ymm2
-        vpxor	%ymm13, %ymm3, %ymm3
-        vpxor	%ymm14, %ymm4, %ymm4
-        vmovdqu	%ymm0, 96(%rdi)
-        vmovdqu	%ymm1, -96(%rcx)
-        vmovdqu	%ymm2, -64(%rdi)
-        vmovdqu	%ymm3, (%rax)
-        vmovdqu	%ymm4, 64(%rcx)
-        # Row 3
-        vpxor	96(%rcx), %ymm9, %ymm10
-        vpxor	128(%rdi), %ymm5, %ymm11
-        vpxor	-64(%rcx), %ymm6, %ymm12
-        vpxor	-32(%rdi), %ymm7, %ymm13
-        vpxor	32(%rax), %ymm8, %ymm14
-        vpsrlq	$37, %ymm10, %ymm0
-        vpsrlq	$28, %ymm11, %ymm1
-        vpsrlq	$54, %ymm12, %ymm2
-        vpsrlq	$49, %ymm13, %ymm3
-        vpsrlq	$8, %ymm14, %ymm4
-        vpsllq	$27, %ymm10, %ymm10
-        vpsllq	$36, %ymm11, %ymm11
-        vpsllq	$10, %ymm12, %ymm12
-        vpsllq	$15, %ymm13, %ymm13
-        vpsllq	$56, %ymm14, %ymm14
-        vpor	%ymm0, %ymm10, %ymm10
-        vpor	%ymm1, %ymm11, %ymm11
-        vpor	%ymm2, %ymm12, %ymm12
-        vpor	%ymm3, %ymm13, %ymm13
-        vpor	%ymm4, %ymm14, %ymm14
-        vpandn	%ymm12, %ymm11, %ymm0
-        vpandn	%ymm13, %ymm12, %ymm1
-        vpandn	%ymm14, %ymm13, %ymm2
-        vpandn	%ymm10, %ymm14, %ymm3
-        vpandn	%ymm11, %ymm10, %ymm4
-        vpxor	%ymm10, %ymm0, %ymm0
-        vpxor	%ymm11, %ymm1, %ymm1
-        vpxor	%ymm12, %ymm2, %ymm2
-        vpxor	%ymm13, %ymm3, %ymm3
-        vpxor	%ymm14, %ymm4, %ymm4
-        vmovdqu	%ymm0, 96(%rcx)
-        vmovdqu	%ymm1, 128(%rdi)
-        vmovdqu	%ymm2, -64(%rcx)
-        vmovdqu	%ymm3, -32(%rdi)
-        vmovdqu	%ymm4, 32(%rax)
-        # Row 4
-        vpxor	64(%rax), %ymm7, %ymm10
-        vpxor	128(%rcx), %ymm8, %ymm11
-        vpxor	-96(%rax), %ymm9, %ymm12
-        vpxor	-32(%rcx), %ymm5, %ymm13
-        vpxor	(%rdi), %ymm6, %ymm14
-        vpsrlq	$2, %ymm10, %ymm0
-        vpsrlq	$9, %ymm11, %ymm1
-        vpsrlq	$25, %ymm12, %ymm2
-        vpsrlq	$23, %ymm13, %ymm3
-        vpsrlq	$62, %ymm14, %ymm4
-        vpsllq	$62, %ymm10, %ymm10
-        vpsllq	$55, %ymm11, %ymm11
-        vpsllq	$39, %ymm12, %ymm12
-        vpsllq	$41, %ymm13, %ymm13
-        vpsllq	$2, %ymm14, %ymm14
-        vpor	%ymm0, %ymm10, %ymm10
-        vpor	%ymm1, %ymm11, %ymm11
-        vpor	%ymm2, %ymm12, %ymm12
-        vpor	%ymm3, %ymm13, %ymm13
-        vpor	%ymm4, %ymm14, %ymm14
-        vpandn	%ymm12, %ymm11, %ymm0
-        vpandn	%ymm13, %ymm12, %ymm1
-        vpandn	%ymm14, %ymm13, %ymm2
-        vpandn	%ymm10, %ymm14, %ymm3
-        vpandn	%ymm11, %ymm10, %ymm4
-        vpxor	%ymm10, %ymm0, %ymm0
-        vpxor	%ymm11, %ymm1, %ymm1
-        vpxor	%ymm12, %ymm2, %ymm2
-        vpxor	%ymm13, %ymm3, %ymm3
-        vpxor	%ymm14, %ymm4, %ymm4
-        vmovdqu	%ymm0, 64(%rax)
-        vmovdqu	%ymm1, 128(%rcx)
-        vmovdqu	%ymm2, -96(%rax)
-        vmovdqu	%ymm3, -32(%rcx)
-        vmovdqu	%ymm4, (%rdi)
-        # Round 23
-        # Calc b[0..4]
-        vpxor	%ymm15, %ymm0, %ymm10
-        vpxor	-96(%rdi), %ymm1, %ymm11
-        vpxor	-64(%rdi), %ymm2, %ymm12
-        vpxor	-32(%rdi), %ymm3, %ymm13
-        vpxor	32(%rdi), %ymm13, %ymm13
-        vpxor	64(%rdi), %ymm4, %ymm14
-        vpxor	96(%rdi), %ymm10, %ymm10
-        vpxor	128(%rdi), %ymm11, %ymm11
-        vpxor	-64(%rax), %ymm11, %ymm11
-        vpxor	-32(%rax), %ymm12, %ymm12
-        vpxor	(%rax), %ymm13, %ymm13
-        vpxor	32(%rax), %ymm14, %ymm14
-        vpxor	96(%rax), %ymm14, %ymm14
-        vpxor	128(%rax), %ymm10, %ymm10
-        vpxor	-96(%rcx), %ymm11, %ymm11
-        vpxor	-64(%rcx), %ymm12, %ymm12
-        vpxor	(%rcx), %ymm12, %ymm12
-        vpxor	32(%rcx), %ymm13, %ymm13
-        vpxor	64(%rcx), %ymm14, %ymm14
-        vpxor	96(%rcx), %ymm10, %ymm10
-        # Calc t[0..4]
-        vpsrlq	$63, %ymm11, %ymm0
-        vpsrlq	$63, %ymm12, %ymm1
-        vpsrlq	$63, %ymm13, %ymm2
-        vpsrlq	$63, %ymm14, %ymm3
-        vpsrlq	$63, %ymm10, %ymm4
-        vpaddq	%ymm11, %ymm11, %ymm5
-        vpaddq	%ymm12, %ymm12, %ymm6
-        vpaddq	%ymm13, %ymm13, %ymm7
-        vpaddq	%ymm14, %ymm14, %ymm8
-        vpaddq	%ymm10, %ymm10, %ymm9
-        vpor	%ymm0, %ymm5, %ymm5
-        vpor	%ymm1, %ymm6, %ymm6
-        vpor	%ymm2, %ymm7, %ymm7
-        vpor	%ymm3, %ymm8, %ymm8
-        vpor	%ymm4, %ymm9, %ymm9
-        vpxor	%ymm14, %ymm5, %ymm5
-        vpxor	%ymm10, %ymm6, %ymm6
-        vpxor	%ymm11, %ymm7, %ymm7
-        vpxor	%ymm12, %ymm8, %ymm8
-        vpxor	%ymm13, %ymm9, %ymm9
-        # Row Mix
-        # Row 0
-        vpxor	%ymm15, %ymm5, %ymm10
-        vpxor	-96(%rdi), %ymm6, %ymm11
-        vpxor	-64(%rdi), %ymm7, %ymm12
-        vpxor	-32(%rdi), %ymm8, %ymm13
-        vpxor	(%rdi), %ymm9, %ymm14
-        vpsrlq	$20, %ymm11, %ymm0
-        vpsrlq	$21, %ymm12, %ymm1
-        vpsrlq	$43, %ymm13, %ymm2
-        vpsrlq	$50, %ymm14, %ymm3
-        vpsllq	$44, %ymm11, %ymm11
-        vpsllq	$43, %ymm12, %ymm12
-        vpsllq	$21, %ymm13, %ymm13
-        vpsllq	$14, %ymm14, %ymm14
-        vpor	%ymm0, %ymm11, %ymm11
-        vpor	%ymm1, %ymm12, %ymm12
-        vpor	%ymm2, %ymm13, %ymm13
-        vpor	%ymm3, %ymm14, %ymm14
-        vpandn	%ymm12, %ymm11, %ymm15
-        vpandn	%ymm13, %ymm12, %ymm1
-        vpandn	%ymm14, %ymm13, %ymm2
-        vpandn	%ymm10, %ymm14, %ymm3
-        vpandn	%ymm11, %ymm10, %ymm4
-        vpxor	%ymm10, %ymm15, %ymm15
-        vpxor	%ymm11, %ymm1, %ymm1
-        vpxor	%ymm12, %ymm2, %ymm2
-        # XOR in constant
-        vpxor	736(%rdx), %ymm15, %ymm15
-        vpxor	%ymm13, %ymm3, %ymm3
-        vpxor	%ymm14, %ymm4, %ymm4
-        vmovdqu	%ymm1, -96(%rdi)
-        vmovdqu	%ymm2, -64(%rdi)
-        vmovdqu	%ymm3, -32(%rdi)
-        vmovdqu	%ymm4, (%rdi)
-        # Row 1
-        vpxor	32(%rdi), %ymm8, %ymm10
-        vpxor	64(%rdi), %ymm9, %ymm11
-        vpxor	96(%rdi), %ymm5, %ymm12
-        vpxor	128(%rdi), %ymm6, %ymm13
-        vpxor	-96(%rax), %ymm7, %ymm14
-        vpsrlq	$36, %ymm10, %ymm0
-        vpsrlq	$44, %ymm11, %ymm1
-        vpsrlq	$61, %ymm12, %ymm2
-        vpsrlq	$19, %ymm13, %ymm3
-        vpsrlq	$3, %ymm14, %ymm4
-        vpsllq	$28, %ymm10, %ymm10
-        vpsllq	$20, %ymm11, %ymm11
-        vpsllq	$3, %ymm12, %ymm12
-        vpsllq	$45, %ymm13, %ymm13
-        vpsllq	$61, %ymm14, %ymm14
-        vpor	%ymm0, %ymm10, %ymm10
-        vpor	%ymm1, %ymm11, %ymm11
-        vpor	%ymm2, %ymm12, %ymm12
-        vpor	%ymm3, %ymm13, %ymm13
-        vpor	%ymm4, %ymm14, %ymm14
-        vpandn	%ymm12, %ymm11, %ymm0
-        vpandn	%ymm13, %ymm12, %ymm1
-        vpandn	%ymm14, %ymm13, %ymm2
-        vpandn	%ymm10, %ymm14, %ymm3
-        vpandn	%ymm11, %ymm10, %ymm4
-        vpxor	%ymm10, %ymm0, %ymm0
-        vpxor	%ymm11, %ymm1, %ymm1
-        vpxor	%ymm12, %ymm2, %ymm2
-        vpxor	%ymm13, %ymm3, %ymm3
-        vpxor	%ymm14, %ymm4, %ymm4
-        vmovdqu	%ymm0, 32(%rdi)
-        vmovdqu	%ymm1, 64(%rdi)
-        vmovdqu	%ymm2, 96(%rdi)
-        vmovdqu	%ymm3, 128(%rdi)
-        vmovdqu	%ymm4, -96(%rax)
-        # Row 2
-        vpxor	-64(%rax), %ymm6, %ymm10
-        vpxor	-32(%rax), %ymm7, %ymm11
-        vpxor	(%rax), %ymm8, %ymm12
-        vpxor	32(%rax), %ymm9, %ymm13
-        vpxor	64(%rax), %ymm5, %ymm14
-        vpsrlq	$63, %ymm10, %ymm0
-        vpsrlq	$58, %ymm11, %ymm1
-        vpsrlq	$39, %ymm12, %ymm2
-        vpsrlq	$56, %ymm13, %ymm3
-        vpsrlq	$46, %ymm14, %ymm4
-        vpaddq	%ymm10, %ymm10, %ymm10
-        vpsllq	$6, %ymm11, %ymm11
-        vpsllq	$25, %ymm12, %ymm12
-        vpsllq	$8, %ymm13, %ymm13
-        vpsllq	$18, %ymm14, %ymm14
-        vpor	%ymm0, %ymm10, %ymm10
-        vpor	%ymm1, %ymm11, %ymm11
-        vpor	%ymm2, %ymm12, %ymm12
-        vpor	%ymm3, %ymm13, %ymm13
-        vpor	%ymm4, %ymm14, %ymm14
-        vpandn	%ymm12, %ymm11, %ymm0
-        vpandn	%ymm13, %ymm12, %ymm1
-        vpandn	%ymm14, %ymm13, %ymm2
-        vpandn	%ymm10, %ymm14, %ymm3
-        vpandn	%ymm11, %ymm10, %ymm4
-        vpxor	%ymm10, %ymm0, %ymm0
-        vpxor	%ymm11, %ymm1, %ymm1
-        vpxor	%ymm12, %ymm2, %ymm2
-        vpxor	%ymm13, %ymm3, %ymm3
-        vpxor	%ymm14, %ymm4, %ymm4
-        vmovdqu	%ymm0, -64(%rax)
-        vmovdqu	%ymm1, -32(%rax)
-        vmovdqu	%ymm2, (%rax)
-        vmovdqu	%ymm3, 32(%rax)
-        vmovdqu	%ymm4, 64(%rax)
-        # Row 3
-        vpxor	96(%rax), %ymm9, %ymm10
-        vpxor	128(%rax), %ymm5, %ymm11
-        vpxor	-96(%rcx), %ymm6, %ymm12
-        vpxor	-64(%rcx), %ymm7, %ymm13
-        vpxor	-32(%rcx), %ymm8, %ymm14
-        vpsrlq	$37, %ymm10, %ymm0
-        vpsrlq	$28, %ymm11, %ymm1
-        vpsrlq	$54, %ymm12, %ymm2
-        vpsrlq	$49, %ymm13, %ymm3
-        vpsrlq	$8, %ymm14, %ymm4
-        vpsllq	$27, %ymm10, %ymm10
-        vpsllq	$36, %ymm11, %ymm11
-        vpsllq	$10, %ymm12, %ymm12
-        vpsllq	$15, %ymm13, %ymm13
-        vpsllq	$56, %ymm14, %ymm14
-        vpor	%ymm0, %ymm10, %ymm10
-        vpor	%ymm1, %ymm11, %ymm11
-        vpor	%ymm2, %ymm12, %ymm12
-        vpor	%ymm3, %ymm13, %ymm13
-        vpor	%ymm4, %ymm14, %ymm14
-        vpandn	%ymm12, %ymm11, %ymm0
-        vpandn	%ymm13, %ymm12, %ymm1
-        vpandn	%ymm14, %ymm13, %ymm2
-        vpandn	%ymm10, %ymm14, %ymm3
-        vpandn	%ymm11, %ymm10, %ymm4
-        vpxor	%ymm10, %ymm0, %ymm0
-        vpxor	%ymm11, %ymm1, %ymm1
-        vpxor	%ymm12, %ymm2, %ymm2
-        vpxor	%ymm13, %ymm3, %ymm3
-        vpxor	%ymm14, %ymm4, %ymm4
-        vmovdqu	%ymm0, 96(%rax)
-        vmovdqu	%ymm1, 128(%rax)
-        vmovdqu	%ymm2, -96(%rcx)
-        vmovdqu	%ymm3, -64(%rcx)
-        vmovdqu	%ymm4, -32(%rcx)
-        # Row 4
-        vpxor	(%rcx), %ymm7, %ymm10
-        vpxor	32(%rcx), %ymm8, %ymm11
-        vpxor	64(%rcx), %ymm9, %ymm12
-        vpxor	96(%rcx), %ymm5, %ymm13
-        vpxor	128(%rcx), %ymm6, %ymm14
-        vpsrlq	$2, %ymm10, %ymm0
-        vpsrlq	$9, %ymm11, %ymm1
-        vpsrlq	$25, %ymm12, %ymm2
-        vpsrlq	$23, %ymm13, %ymm3
-        vpsrlq	$62, %ymm14, %ymm4
-        vpsllq	$62, %ymm10, %ymm10
-        vpsllq	$55, %ymm11, %ymm11
-        vpsllq	$39, %ymm12, %ymm12
-        vpsllq	$41, %ymm13, %ymm13
-        vpsllq	$2, %ymm14, %ymm14
-        vpor	%ymm0, %ymm10, %ymm10
-        vpor	%ymm1, %ymm11, %ymm11
-        vpor	%ymm2, %ymm12, %ymm12
-        vpor	%ymm3, %ymm13, %ymm13
-        vpor	%ymm4, %ymm14, %ymm14
-        vpandn	%ymm12, %ymm11, %ymm0
-        vpandn	%ymm13, %ymm12, %ymm1
-        vpandn	%ymm14, %ymm13, %ymm2
-        vpandn	%ymm10, %ymm14, %ymm3
-        vpandn	%ymm11, %ymm10, %ymm4
-        vpxor	%ymm10, %ymm0, %ymm0
-        vpxor	%ymm11, %ymm1, %ymm1
-        vpxor	%ymm12, %ymm2, %ymm2
-        vpxor	%ymm13, %ymm3, %ymm3
-        vpxor	%ymm14, %ymm4, %ymm4
-        vmovdqu	%ymm0, (%rcx)
-        vmovdqu	%ymm1, 32(%rcx)
-        vmovdqu	%ymm2, 64(%rcx)
-        vmovdqu	%ymm3, 96(%rcx)
-        vmovdqu	%ymm4, 128(%rcx)
-        subq	$0x80, %rdi
-        vmovdqu	%ymm15, (%rdi)
-        vzeroupper
-        repz retq
-#ifndef __APPLE__
-.size	mlkem_sha3_128_blocksx4_seed_avx2,.-mlkem_sha3_128_blocksx4_seed_avx2
-#endif /* __APPLE__ */
-#ifndef __APPLE__
-.data
-#else
-.section	__DATA,__data
-#endif /* __APPLE__ */
-#ifndef __APPLE__
-.align	32
-#else
-.p2align	5
-#endif /* __APPLE__ */
-L_sha3_256_blockx4_seed_avx2_end_mark:
-.quad	0x8000000000000000, 0x8000000000000000
-.quad	0x8000000000000000, 0x8000000000000000
-#ifndef __APPLE__
-.text
-.globl	mlkem_sha3_256_blocksx4_seed_avx2
-.type	mlkem_sha3_256_blocksx4_seed_avx2,@function
-.align	16
-mlkem_sha3_256_blocksx4_seed_avx2:
-#else
-.section	__TEXT,__text
-.globl	_mlkem_sha3_256_blocksx4_seed_avx2
-.p2align	4
-_mlkem_sha3_256_blocksx4_seed_avx2:
-#endif /* __APPLE__ */
-        leaq	L_sha3_parallel_4_r(%rip), %rdx
-        movq	%rdi, %rax
-        movq	%rdi, %rcx
-        vpbroadcastq	(%rsi), %ymm15
-        addq	$0x80, %rdi
-        vpbroadcastq	8(%rsi), %ymm11
-        addq	$0x180, %rax
-        vpbroadcastq	16(%rsi), %ymm12
-        addq	$0x280, %rcx
-        vpbroadcastq	24(%rsi), %ymm13
-        vmovdqu	L_sha3_256_blockx4_seed_avx2_end_mark(%rip), %ymm5
-        vpxor	%ymm6, %ymm6, %ymm6
-        vmovdqu	%ymm11, -96(%rdi)
-        vmovdqu	%ymm12, -64(%rdi)
-        vmovdqu	%ymm13, -32(%rdi)
-        vmovdqu	(%rdi), %ymm14
-        vmovdqu	%ymm6, 32(%rdi)
-        vmovdqu	%ymm6, 64(%rdi)
-        vmovdqu	%ymm6, 96(%rdi)
-        vmovdqu	%ymm6, 128(%rdi)
-        vmovdqu	%ymm6, -96(%rax)
-        vmovdqu	%ymm6, -64(%rax)
-        vmovdqu	%ymm6, -32(%rax)
-        vmovdqu	%ymm6, (%rax)
-        vmovdqu	%ymm6, 32(%rax)
-        vmovdqu	%ymm6, 64(%rax)
-        vmovdqu	%ymm6, 96(%rax)
-        vmovdqu	%ymm5, 128(%rax)
-        vmovdqu	%ymm6, -96(%rcx)
-        vmovdqu	%ymm6, -64(%rcx)
-        vmovdqu	%ymm6, -32(%rcx)
-        vmovdqu	%ymm6, (%rcx)
-        vmovdqu	%ymm6, 32(%rcx)
-        vmovdqu	%ymm6, 64(%rcx)
-        vmovdqu	%ymm6, 96(%rcx)
-        vmovdqu	%ymm6, 128(%rcx)
-        vmovdqu	%ymm15, %ymm10
-        vpxor	%ymm5, %ymm11, %ymm11
-        # Round 0
-        # Calc b[0..4]
-        # Calc t[0..4]
-        vpsrlq	$63, %ymm11, %ymm0
-        vpsrlq	$63, %ymm12, %ymm1
-        vpsrlq	$63, %ymm13, %ymm2
-        vpsrlq	$63, %ymm14, %ymm3
-        vpsrlq	$63, %ymm10, %ymm4
-        vpaddq	%ymm11, %ymm11, %ymm5
-        vpaddq	%ymm12, %ymm12, %ymm6
-        vpaddq	%ymm13, %ymm13, %ymm7
-        vpaddq	%ymm14, %ymm14, %ymm8
-        vpaddq	%ymm10, %ymm10, %ymm9
-        vpor	%ymm0, %ymm5, %ymm5
-        vpor	%ymm1, %ymm6, %ymm6
-        vpor	%ymm2, %ymm7, %ymm7
-        vpor	%ymm3, %ymm8, %ymm8
-        vpor	%ymm4, %ymm9, %ymm9
-        vpxor	%ymm14, %ymm5, %ymm5
-        vpxor	%ymm10, %ymm6, %ymm6
-        vpxor	%ymm11, %ymm7, %ymm7
-        vpxor	%ymm12, %ymm8, %ymm8
-        vpxor	%ymm13, %ymm9, %ymm9
-        # Row Mix
-        # Row 0
-        vpxor	%ymm15, %ymm5, %ymm10
-        vpxor	64(%rdi), %ymm6, %ymm11
-        vpxor	(%rax), %ymm7, %ymm12
-        vpxor	-64(%rcx), %ymm8, %ymm13
-        vpxor	128(%rcx), %ymm9, %ymm14
-        vpsrlq	$20, %ymm11, %ymm0
-        vpsrlq	$21, %ymm12, %ymm1
-        vpsrlq	$43, %ymm13, %ymm2
-        vpsrlq	$50, %ymm14, %ymm3
-        vpsllq	$44, %ymm11, %ymm11
-        vpsllq	$43, %ymm12, %ymm12
-        vpsllq	$21, %ymm13, %ymm13
-        vpsllq	$14, %ymm14, %ymm14
-        vpor	%ymm0, %ymm11, %ymm11
-        vpor	%ymm1, %ymm12, %ymm12
-        vpor	%ymm2, %ymm13, %ymm13
-        vpor	%ymm3, %ymm14, %ymm14
-        vpandn	%ymm12, %ymm11, %ymm15
-        vpandn	%ymm13, %ymm12, %ymm1
-        vpandn	%ymm14, %ymm13, %ymm2
-        vpandn	%ymm10, %ymm14, %ymm3
-        vpandn	%ymm11, %ymm10, %ymm4
-        vpxor	%ymm10, %ymm15, %ymm15
-        vpxor	%ymm11, %ymm1, %ymm1
-        vpxor	%ymm12, %ymm2, %ymm2
-        # XOR in constant
-        vpxor	(%rdx), %ymm15, %ymm15
-        vpxor	%ymm13, %ymm3, %ymm3
-        vpxor	%ymm14, %ymm4, %ymm4
-        vmovdqu	%ymm1, 64(%rdi)
-        vmovdqu	%ymm2, (%rax)
-        vmovdqu	%ymm3, -64(%rcx)
-        vmovdqu	%ymm4, 128(%rcx)
-        # Row 1
-        vpxor	-32(%rdi), %ymm8, %ymm10
-        vpxor	-96(%rax), %ymm9, %ymm11
-        vpxor	-64(%rax), %ymm5, %ymm12
-        vpxor	128(%rax), %ymm6, %ymm13
-        vpxor	64(%rcx), %ymm7, %ymm14
-        vpsrlq	$36, %ymm10, %ymm0
-        vpsrlq	$44, %ymm11, %ymm1
-        vpsrlq	$61, %ymm12, %ymm2
-        vpsrlq	$19, %ymm13, %ymm3
-        vpsrlq	$3, %ymm14, %ymm4
-        vpsllq	$28, %ymm10, %ymm10
-        vpsllq	$20, %ymm11, %ymm11
-        vpsllq	$3, %ymm12, %ymm12
-        vpsllq	$45, %ymm13, %ymm13
-        vpsllq	$61, %ymm14, %ymm14
-        vpor	%ymm0, %ymm10, %ymm10
-        vpor	%ymm1, %ymm11, %ymm11
-        vpor	%ymm2, %ymm12, %ymm12
-        vpor	%ymm3, %ymm13, %ymm13
-        vpor	%ymm4, %ymm14, %ymm14
-        vpandn	%ymm12, %ymm11, %ymm0
-        vpandn	%ymm13, %ymm12, %ymm1
-        vpandn	%ymm14, %ymm13, %ymm2
-        vpandn	%ymm10, %ymm14, %ymm3
-        vpandn	%ymm11, %ymm10, %ymm4
-        vpxor	%ymm10, %ymm0, %ymm0
-        vpxor	%ymm11, %ymm1, %ymm1
-        vpxor	%ymm12, %ymm2, %ymm2
-        vpxor	%ymm13, %ymm3, %ymm3
-        vpxor	%ymm14, %ymm4, %ymm4
-        vmovdqu	%ymm0, -32(%rdi)
-        vmovdqu	%ymm1, -96(%rax)
-        vmovdqu	%ymm2, -64(%rax)
-        vmovdqu	%ymm3, 128(%rax)
-        vmovdqu	%ymm4, 64(%rcx)
-        # Row 2
-        vpxor	-96(%rdi), %ymm6, %ymm10
-        vpxor	96(%rdi), %ymm7, %ymm11
-        vpxor	32(%rax), %ymm8, %ymm12
-        vpxor	-32(%rcx), %ymm9, %ymm13
-        vpxor	(%rcx), %ymm5, %ymm14
-        vpsrlq	$63, %ymm10, %ymm0
-        vpsrlq	$58, %ymm11, %ymm1
-        vpsrlq	$39, %ymm12, %ymm2
-        vpsrlq	$56, %ymm13, %ymm3
-        vpsrlq	$46, %ymm14, %ymm4
-        vpaddq	%ymm10, %ymm10, %ymm10
-        vpsllq	$6, %ymm11, %ymm11
-        vpsllq	$25, %ymm12, %ymm12
-        vpsllq	$8, %ymm13, %ymm13
-        vpsllq	$18, %ymm14, %ymm14
-        vpor	%ymm0, %ymm10, %ymm10
-        vpor	%ymm1, %ymm11, %ymm11
-        vpor	%ymm2, %ymm12, %ymm12
-        vpor	%ymm3, %ymm13, %ymm13
-        vpor	%ymm4, %ymm14, %ymm14
-        vpandn	%ymm12, %ymm11, %ymm0
-        vpandn	%ymm13, %ymm12, %ymm1
-        vpandn	%ymm14, %ymm13, %ymm2
-        vpandn	%ymm10, %ymm14, %ymm3
-        vpandn	%ymm11, %ymm10, %ymm4
-        vpxor	%ymm10, %ymm0, %ymm0
-        vpxor	%ymm11, %ymm1, %ymm1
-        vpxor	%ymm12, %ymm2, %ymm2
-        vpxor	%ymm13, %ymm3, %ymm3
-        vpxor	%ymm14, %ymm4, %ymm4
-        vmovdqu	%ymm0, -96(%rdi)
-        vmovdqu	%ymm1, 96(%rdi)
-        vmovdqu	%ymm2, 32(%rax)
-        vmovdqu	%ymm3, -32(%rcx)
-        vmovdqu	%ymm4, (%rcx)
-        # Row 3
-        vpxor	(%rdi), %ymm9, %ymm10
-        vpxor	32(%rdi), %ymm5, %ymm11
-        vpxor	-32(%rax), %ymm6, %ymm12
-        vpxor	-96(%rcx), %ymm7, %ymm13
-        vpxor	96(%rcx), %ymm8, %ymm14
-        vpsrlq	$37, %ymm10, %ymm0
-        vpsrlq	$28, %ymm11, %ymm1
-        vpsrlq	$54, %ymm12, %ymm2
-        vpsrlq	$49, %ymm13, %ymm3
-        vpsrlq	$8, %ymm14, %ymm4
-        vpsllq	$27, %ymm10, %ymm10
-        vpsllq	$36, %ymm11, %ymm11
-        vpsllq	$10, %ymm12, %ymm12
-        vpsllq	$15, %ymm13, %ymm13
-        vpsllq	$56, %ymm14, %ymm14
-        vpor	%ymm0, %ymm10, %ymm10
-        vpor	%ymm1, %ymm11, %ymm11
-        vpor	%ymm2, %ymm12, %ymm12
-        vpor	%ymm3, %ymm13, %ymm13
-        vpor	%ymm4, %ymm14, %ymm14
-        vpandn	%ymm12, %ymm11, %ymm0
-        vpandn	%ymm13, %ymm12, %ymm1
-        vpandn	%ymm14, %ymm13, %ymm2
-        vpandn	%ymm10, %ymm14, %ymm3
-        vpandn	%ymm11, %ymm10, %ymm4
-        vpxor	%ymm10, %ymm0, %ymm0
-        vpxor	%ymm11, %ymm1, %ymm1
-        vpxor	%ymm12, %ymm2, %ymm2
-        vpxor	%ymm13, %ymm3, %ymm3
-        vpxor	%ymm14, %ymm4, %ymm4
-        vmovdqu	%ymm0, (%rdi)
-        vmovdqu	%ymm1, 32(%rdi)
-        vmovdqu	%ymm2, -32(%rax)
-        vmovdqu	%ymm3, -96(%rcx)
-        vmovdqu	%ymm4, 96(%rcx)
-        # Row 4
-        vpxor	-64(%rdi), %ymm7, %ymm10
-        vpxor	128(%rdi), %ymm8, %ymm11
-        vpxor	64(%rax), %ymm9, %ymm12
-        vpxor	96(%rax), %ymm5, %ymm13
-        vpxor	32(%rcx), %ymm6, %ymm14
-        vpsrlq	$2, %ymm10, %ymm0
-        vpsrlq	$9, %ymm11, %ymm1
-        vpsrlq	$25, %ymm12, %ymm2
-        vpsrlq	$23, %ymm13, %ymm3
-        vpsrlq	$62, %ymm14, %ymm4
-        vpsllq	$62, %ymm10, %ymm10
-        vpsllq	$55, %ymm11, %ymm11
-        vpsllq	$39, %ymm12, %ymm12
-        vpsllq	$41, %ymm13, %ymm13
-        vpsllq	$2, %ymm14, %ymm14
-        vpor	%ymm0, %ymm10, %ymm10
-        vpor	%ymm1, %ymm11, %ymm11
-        vpor	%ymm2, %ymm12, %ymm12
-        vpor	%ymm3, %ymm13, %ymm13
-        vpor	%ymm4, %ymm14, %ymm14
-        vpandn	%ymm12, %ymm11, %ymm0
-        vpandn	%ymm13, %ymm12, %ymm1
-        vpandn	%ymm14, %ymm13, %ymm2
-        vpandn	%ymm10, %ymm14, %ymm3
-        vpandn	%ymm11, %ymm10, %ymm4
-        vpxor	%ymm10, %ymm0, %ymm0
-        vpxor	%ymm11, %ymm1, %ymm1
-        vpxor	%ymm12, %ymm2, %ymm2
-        vpxor	%ymm13, %ymm3, %ymm3
-        vpxor	%ymm14, %ymm4, %ymm4
-        vmovdqu	%ymm0, -64(%rdi)
-        vmovdqu	%ymm1, 128(%rdi)
-        vmovdqu	%ymm2, 64(%rax)
-        vmovdqu	%ymm3, 96(%rax)
-        vmovdqu	%ymm4, 32(%rcx)
-        # Round 1
-        # Calc b[0..4]
-        vpxor	%ymm15, %ymm0, %ymm10
-        vpxor	-96(%rdi), %ymm10, %ymm10
-        vpxor	-32(%rdi), %ymm10, %ymm10
-        vpxor	(%rdi), %ymm10, %ymm10
-        vpxor	32(%rdi), %ymm1, %ymm11
-        vpxor	64(%rdi), %ymm11, %ymm11
-        vpxor	96(%rdi), %ymm11, %ymm11
-        vpxor	-96(%rax), %ymm11, %ymm11
-        vpxor	-64(%rax), %ymm2, %ymm12
-        vpxor	-32(%rax), %ymm12, %ymm12
-        vpxor	(%rax), %ymm12, %ymm12
-        vpxor	32(%rax), %ymm12, %ymm12
-        vpxor	128(%rax), %ymm3, %ymm13
-        vpxor	-96(%rcx), %ymm13, %ymm13
-        vpxor	-64(%rcx), %ymm13, %ymm13
-        vpxor	-32(%rcx), %ymm13, %ymm13
-        vpxor	(%rcx), %ymm4, %ymm14
-        vpxor	64(%rcx), %ymm14, %ymm14
-        vpxor	96(%rcx), %ymm14, %ymm14
-        vpxor	128(%rcx), %ymm14, %ymm14
-        # Calc t[0..4]
-        vpsrlq	$63, %ymm11, %ymm0
-        vpsrlq	$63, %ymm12, %ymm1
-        vpsrlq	$63, %ymm13, %ymm2
-        vpsrlq	$63, %ymm14, %ymm3
-        vpsrlq	$63, %ymm10, %ymm4
-        vpaddq	%ymm11, %ymm11, %ymm5
-        vpaddq	%ymm12, %ymm12, %ymm6
-        vpaddq	%ymm13, %ymm13, %ymm7
-        vpaddq	%ymm14, %ymm14, %ymm8
-        vpaddq	%ymm10, %ymm10, %ymm9
-        vpor	%ymm0, %ymm5, %ymm5
-        vpor	%ymm1, %ymm6, %ymm6
-        vpor	%ymm2, %ymm7, %ymm7
-        vpor	%ymm3, %ymm8, %ymm8
-        vpor	%ymm4, %ymm9, %ymm9
-        vpxor	%ymm14, %ymm5, %ymm5
-        vpxor	%ymm10, %ymm6, %ymm6
-        vpxor	%ymm11, %ymm7, %ymm7
-        vpxor	%ymm12, %ymm8, %ymm8
-        vpxor	%ymm13, %ymm9, %ymm9
-        # Row Mix
-        # Row 0
-        vpxor	%ymm15, %ymm5, %ymm10
-        vpxor	-96(%rax), %ymm6, %ymm11
-        vpxor	32(%rax), %ymm7, %ymm12
-        vpxor	-96(%rcx), %ymm8, %ymm13
-        vpxor	32(%rcx), %ymm9, %ymm14
-        vpsrlq	$20, %ymm11, %ymm0
-        vpsrlq	$21, %ymm12, %ymm1
-        vpsrlq	$43, %ymm13, %ymm2
-        vpsrlq	$50, %ymm14, %ymm3
-        vpsllq	$44, %ymm11, %ymm11
-        vpsllq	$43, %ymm12, %ymm12
-        vpsllq	$21, %ymm13, %ymm13
-        vpsllq	$14, %ymm14, %ymm14
-        vpor	%ymm0, %ymm11, %ymm11
-        vpor	%ymm1, %ymm12, %ymm12
-        vpor	%ymm2, %ymm13, %ymm13
-        vpor	%ymm3, %ymm14, %ymm14
-        vpandn	%ymm12, %ymm11, %ymm15
-        vpandn	%ymm13, %ymm12, %ymm1
-        vpandn	%ymm14, %ymm13, %ymm2
-        vpandn	%ymm10, %ymm14, %ymm3
-        vpandn	%ymm11, %ymm10, %ymm4
-        vpxor	%ymm10, %ymm15, %ymm15
-        vpxor	%ymm11, %ymm1, %ymm1
-        vpxor	%ymm12, %ymm2, %ymm2
-        # XOR in constant
-        vpxor	32(%rdx), %ymm15, %ymm15
-        vpxor	%ymm13, %ymm3, %ymm3
-        vpxor	%ymm14, %ymm4, %ymm4
-        vmovdqu	%ymm1, -96(%rax)
-        vmovdqu	%ymm2, 32(%rax)
-        vmovdqu	%ymm3, -96(%rcx)
-        vmovdqu	%ymm4, 32(%rcx)
-        # Row 1
-        vpxor	-64(%rcx), %ymm8, %ymm10
-        vpxor	64(%rcx), %ymm9, %ymm11
-        vpxor	-96(%rdi), %ymm5, %ymm12
-        vpxor	32(%rdi), %ymm6, %ymm13
-        vpxor	64(%rax), %ymm7, %ymm14
-        vpsrlq	$36, %ymm10, %ymm0
-        vpsrlq	$44, %ymm11, %ymm1
-        vpsrlq	$61, %ymm12, %ymm2
-        vpsrlq	$19, %ymm13, %ymm3
-        vpsrlq	$3, %ymm14, %ymm4
-        vpsllq	$28, %ymm10, %ymm10
-        vpsllq	$20, %ymm11, %ymm11
-        vpsllq	$3, %ymm12, %ymm12
-        vpsllq	$45, %ymm13, %ymm13
-        vpsllq	$61, %ymm14, %ymm14
-        vpor	%ymm0, %ymm10, %ymm10
-        vpor	%ymm1, %ymm11, %ymm11
-        vpor	%ymm2, %ymm12, %ymm12
-        vpor	%ymm3, %ymm13, %ymm13
-        vpor	%ymm4, %ymm14, %ymm14
-        vpandn	%ymm12, %ymm11, %ymm0
-        vpandn	%ymm13, %ymm12, %ymm1
-        vpandn	%ymm14, %ymm13, %ymm2
-        vpandn	%ymm10, %ymm14, %ymm3
-        vpandn	%ymm11, %ymm10, %ymm4
-        vpxor	%ymm10, %ymm0, %ymm0
-        vpxor	%ymm11, %ymm1, %ymm1
-        vpxor	%ymm12, %ymm2, %ymm2
-        vpxor	%ymm13, %ymm3, %ymm3
-        vpxor	%ymm14, %ymm4, %ymm4
-        vmovdqu	%ymm0, -64(%rcx)
-        vmovdqu	%ymm1, 64(%rcx)
-        vmovdqu	%ymm2, -96(%rdi)
-        vmovdqu	%ymm3, 32(%rdi)
-        vmovdqu	%ymm4, 64(%rax)
-        # Row 2
-        vpxor	64(%rdi), %ymm6, %ymm10
-        vpxor	-64(%rax), %ymm7, %ymm11
-        vpxor	-32(%rcx), %ymm8, %ymm12
-        vpxor	96(%rcx), %ymm9, %ymm13
-        vpxor	-64(%rdi), %ymm5, %ymm14
-        vpsrlq	$63, %ymm10, %ymm0
-        vpsrlq	$58, %ymm11, %ymm1
-        vpsrlq	$39, %ymm12, %ymm2
-        vpsrlq	$56, %ymm13, %ymm3
-        vpsrlq	$46, %ymm14, %ymm4
-        vpaddq	%ymm10, %ymm10, %ymm10
-        vpsllq	$6, %ymm11, %ymm11
-        vpsllq	$25, %ymm12, %ymm12
-        vpsllq	$8, %ymm13, %ymm13
-        vpsllq	$18, %ymm14, %ymm14
-        vpor	%ymm0, %ymm10, %ymm10
-        vpor	%ymm1, %ymm11, %ymm11
-        vpor	%ymm2, %ymm12, %ymm12
-        vpor	%ymm3, %ymm13, %ymm13
-        vpor	%ymm4, %ymm14, %ymm14
-        vpandn	%ymm12, %ymm11, %ymm0
-        vpandn	%ymm13, %ymm12, %ymm1
-        vpandn	%ymm14, %ymm13, %ymm2
-        vpandn	%ymm10, %ymm14, %ymm3
-        vpandn	%ymm11, %ymm10, %ymm4
-        vpxor	%ymm10, %ymm0, %ymm0
-        vpxor	%ymm11, %ymm1, %ymm1
-        vpxor	%ymm12, %ymm2, %ymm2
-        vpxor	%ymm13, %ymm3, %ymm3
-        vpxor	%ymm14, %ymm4, %ymm4
-        vmovdqu	%ymm0, 64(%rdi)
-        vmovdqu	%ymm1, -64(%rax)
-        vmovdqu	%ymm2, -32(%rcx)
-        vmovdqu	%ymm3, 96(%rcx)
-        vmovdqu	%ymm4, -64(%rdi)
-        # Row 3
-        vpxor	128(%rcx), %ymm9, %ymm10
-        vpxor	-32(%rdi), %ymm5, %ymm11
-        vpxor	96(%rdi), %ymm6, %ymm12
-        vpxor	-32(%rax), %ymm7, %ymm13
-        vpxor	96(%rax), %ymm8, %ymm14
-        vpsrlq	$37, %ymm10, %ymm0
-        vpsrlq	$28, %ymm11, %ymm1
-        vpsrlq	$54, %ymm12, %ymm2
-        vpsrlq	$49, %ymm13, %ymm3
-        vpsrlq	$8, %ymm14, %ymm4
-        vpsllq	$27, %ymm10, %ymm10
-        vpsllq	$36, %ymm11, %ymm11
-        vpsllq	$10, %ymm12, %ymm12
-        vpsllq	$15, %ymm13, %ymm13
-        vpsllq	$56, %ymm14, %ymm14
-        vpor	%ymm0, %ymm10, %ymm10
-        vpor	%ymm1, %ymm11, %ymm11
-        vpor	%ymm2, %ymm12, %ymm12
-        vpor	%ymm3, %ymm13, %ymm13
-        vpor	%ymm4, %ymm14, %ymm14
-        vpandn	%ymm12, %ymm11, %ymm0
-        vpandn	%ymm13, %ymm12, %ymm1
-        vpandn	%ymm14, %ymm13, %ymm2
-        vpandn	%ymm10, %ymm14, %ymm3
-        vpandn	%ymm11, %ymm10, %ymm4
-        vpxor	%ymm10, %ymm0, %ymm0
-        vpxor	%ymm11, %ymm1, %ymm1
-        vpxor	%ymm12, %ymm2, %ymm2
-        vpxor	%ymm13, %ymm3, %ymm3
-        vpxor	%ymm14, %ymm4, %ymm4
-        vmovdqu	%ymm0, 128(%rcx)
-        vmovdqu	%ymm1, -32(%rdi)
-        vmovdqu	%ymm2, 96(%rdi)
-        vmovdqu	%ymm3, -32(%rax)
-        vmovdqu	%ymm4, 96(%rax)
-        # Row 4
-        vpxor	(%rax), %ymm7, %ymm10
-        vpxor	128(%rax), %ymm8, %ymm11
-        vpxor	(%rcx), %ymm9, %ymm12
-        vpxor	(%rdi), %ymm5, %ymm13
-        vpxor	128(%rdi), %ymm6, %ymm14
-        vpsrlq	$2, %ymm10, %ymm0
-        vpsrlq	$9, %ymm11, %ymm1
-        vpsrlq	$25, %ymm12, %ymm2
-        vpsrlq	$23, %ymm13, %ymm3
-        vpsrlq	$62, %ymm14, %ymm4
-        vpsllq	$62, %ymm10, %ymm10
-        vpsllq	$55, %ymm11, %ymm11
-        vpsllq	$39, %ymm12, %ymm12
-        vpsllq	$41, %ymm13, %ymm13
-        vpsllq	$2, %ymm14, %ymm14
-        vpor	%ymm0, %ymm10, %ymm10
-        vpor	%ymm1, %ymm11, %ymm11
-        vpor	%ymm2, %ymm12, %ymm12
-        vpor	%ymm3, %ymm13, %ymm13
-        vpor	%ymm4, %ymm14, %ymm14
-        vpandn	%ymm12, %ymm11, %ymm0
-        vpandn	%ymm13, %ymm12, %ymm1
-        vpandn	%ymm14, %ymm13, %ymm2
-        vpandn	%ymm10, %ymm14, %ymm3
-        vpandn	%ymm11, %ymm10, %ymm4
-        vpxor	%ymm10, %ymm0, %ymm0
-        vpxor	%ymm11, %ymm1, %ymm1
-        vpxor	%ymm12, %ymm2, %ymm2
-        vpxor	%ymm13, %ymm3, %ymm3
-        vpxor	%ymm14, %ymm4, %ymm4
-        vmovdqu	%ymm0, (%rax)
-        vmovdqu	%ymm1, 128(%rax)
-        vmovdqu	%ymm2, (%rcx)
-        vmovdqu	%ymm3, (%rdi)
-        vmovdqu	%ymm4, 128(%rdi)
-        # Round 2
-        # Calc b[0..4]
-        vpxor	%ymm15, %ymm0, %ymm10
-        vpxor	-96(%rdi), %ymm2, %ymm12
-        vpxor	-64(%rdi), %ymm4, %ymm14
-        vpxor	-32(%rdi), %ymm1, %ymm11
-        vpxor	32(%rdi), %ymm3, %ymm13
-        vpxor	64(%rdi), %ymm10, %ymm10
-        vpxor	96(%rdi), %ymm12, %ymm12
-        vpxor	-96(%rax), %ymm11, %ymm11
-        vpxor	-64(%rax), %ymm11, %ymm11
-        vpxor	-32(%rax), %ymm13, %ymm13
-        vpxor	32(%rax), %ymm12, %ymm12
-        vpxor	64(%rax), %ymm14, %ymm14
-        vpxor	96(%rax), %ymm14, %ymm14
-        vpxor	-96(%rcx), %ymm13, %ymm13
-        vpxor	-64(%rcx), %ymm10, %ymm10
-        vpxor	-32(%rcx), %ymm12, %ymm12
-        vpxor	32(%rcx), %ymm14, %ymm14
-        vpxor	64(%rcx), %ymm11, %ymm11
-        vpxor	96(%rcx), %ymm13, %ymm13
-        vpxor	128(%rcx), %ymm10, %ymm10
-        # Calc t[0..4]
-        vpsrlq	$63, %ymm11, %ymm0
-        vpsrlq	$63, %ymm12, %ymm1
-        vpsrlq	$63, %ymm13, %ymm2
-        vpsrlq	$63, %ymm14, %ymm3
-        vpsrlq	$63, %ymm10, %ymm4
-        vpaddq	%ymm11, %ymm11, %ymm5
-        vpaddq	%ymm12, %ymm12, %ymm6
-        vpaddq	%ymm13, %ymm13, %ymm7
-        vpaddq	%ymm14, %ymm14, %ymm8
-        vpaddq	%ymm10, %ymm10, %ymm9
-        vpor	%ymm0, %ymm5, %ymm5
-        vpor	%ymm1, %ymm6, %ymm6
-        vpor	%ymm2, %ymm7, %ymm7
-        vpor	%ymm3, %ymm8, %ymm8
-        vpor	%ymm4, %ymm9, %ymm9
-        vpxor	%ymm14, %ymm5, %ymm5
-        vpxor	%ymm10, %ymm6, %ymm6
-        vpxor	%ymm11, %ymm7, %ymm7
-        vpxor	%ymm12, %ymm8, %ymm8
-        vpxor	%ymm13, %ymm9, %ymm9
-        # Row Mix
-        # Row 0
-        vpxor	%ymm15, %ymm5, %ymm10
-        vpxor	64(%rcx), %ymm6, %ymm11
-        vpxor	-32(%rcx), %ymm7, %ymm12
-        vpxor	-32(%rax), %ymm8, %ymm13
-        vpxor	128(%rdi), %ymm9, %ymm14
-        vpsrlq	$20, %ymm11, %ymm0
-        vpsrlq	$21, %ymm12, %ymm1
-        vpsrlq	$43, %ymm13, %ymm2
-        vpsrlq	$50, %ymm14, %ymm3
-        vpsllq	$44, %ymm11, %ymm11
-        vpsllq	$43, %ymm12, %ymm12
-        vpsllq	$21, %ymm13, %ymm13
-        vpsllq	$14, %ymm14, %ymm14
-        vpor	%ymm0, %ymm11, %ymm11
-        vpor	%ymm1, %ymm12, %ymm12
-        vpor	%ymm2, %ymm13, %ymm13
-        vpor	%ymm3, %ymm14, %ymm14
-        vpandn	%ymm12, %ymm11, %ymm15
-        vpandn	%ymm13, %ymm12, %ymm1
-        vpandn	%ymm14, %ymm13, %ymm2
-        vpandn	%ymm10, %ymm14, %ymm3
-        vpandn	%ymm11, %ymm10, %ymm4
-        vpxor	%ymm10, %ymm15, %ymm15
-        vpxor	%ymm11, %ymm1, %ymm1
-        vpxor	%ymm12, %ymm2, %ymm2
-        # XOR in constant
-        vpxor	64(%rdx), %ymm15, %ymm15
-        vpxor	%ymm13, %ymm3, %ymm3
-        vpxor	%ymm14, %ymm4, %ymm4
-        vmovdqu	%ymm1, 64(%rcx)
-        vmovdqu	%ymm2, -32(%rcx)
-        vmovdqu	%ymm3, -32(%rax)
-        vmovdqu	%ymm4, 128(%rdi)
-        # Row 1
-        vpxor	-96(%rcx), %ymm8, %ymm10
-        vpxor	64(%rax), %ymm9, %ymm11
-        vpxor	64(%rdi), %ymm5, %ymm12
-        vpxor	-32(%rdi), %ymm6, %ymm13
-        vpxor	(%rcx), %ymm7, %ymm14
-        vpsrlq	$36, %ymm10, %ymm0
-        vpsrlq	$44, %ymm11, %ymm1
-        vpsrlq	$61, %ymm12, %ymm2
-        vpsrlq	$19, %ymm13, %ymm3
-        vpsrlq	$3, %ymm14, %ymm4
-        vpsllq	$28, %ymm10, %ymm10
-        vpsllq	$20, %ymm11, %ymm11
-        vpsllq	$3, %ymm12, %ymm12
-        vpsllq	$45, %ymm13, %ymm13
-        vpsllq	$61, %ymm14, %ymm14
-        vpor	%ymm0, %ymm10, %ymm10
-        vpor	%ymm1, %ymm11, %ymm11
-        vpor	%ymm2, %ymm12, %ymm12
-        vpor	%ymm3, %ymm13, %ymm13
-        vpor	%ymm4, %ymm14, %ymm14
-        vpandn	%ymm12, %ymm11, %ymm0
-        vpandn	%ymm13, %ymm12, %ymm1
-        vpandn	%ymm14, %ymm13, %ymm2
-        vpandn	%ymm10, %ymm14, %ymm3
-        vpandn	%ymm11, %ymm10, %ymm4
-        vpxor	%ymm10, %ymm0, %ymm0
-        vpxor	%ymm11, %ymm1, %ymm1
-        vpxor	%ymm12, %ymm2, %ymm2
-        vpxor	%ymm13, %ymm3, %ymm3
-        vpxor	%ymm14, %ymm4, %ymm4
-        vmovdqu	%ymm0, -96(%rcx)
-        vmovdqu	%ymm1, 64(%rax)
-        vmovdqu	%ymm2, 64(%rdi)
-        vmovdqu	%ymm3, -32(%rdi)
-        vmovdqu	%ymm4, (%rcx)
-        # Row 2
-        vpxor	-96(%rax), %ymm6, %ymm10
-        vpxor	-96(%rdi), %ymm7, %ymm11
-        vpxor	96(%rcx), %ymm8, %ymm12
-        vpxor	96(%rax), %ymm9, %ymm13
-        vpxor	(%rax), %ymm5, %ymm14
-        vpsrlq	$63, %ymm10, %ymm0
-        vpsrlq	$58, %ymm11, %ymm1
-        vpsrlq	$39, %ymm12, %ymm2
-        vpsrlq	$56, %ymm13, %ymm3
-        vpsrlq	$46, %ymm14, %ymm4
-        vpaddq	%ymm10, %ymm10, %ymm10
-        vpsllq	$6, %ymm11, %ymm11
-        vpsllq	$25, %ymm12, %ymm12
-        vpsllq	$8, %ymm13, %ymm13
-        vpsllq	$18, %ymm14, %ymm14
-        vpor	%ymm0, %ymm10, %ymm10
-        vpor	%ymm1, %ymm11, %ymm11
-        vpor	%ymm2, %ymm12, %ymm12
-        vpor	%ymm3, %ymm13, %ymm13
-        vpor	%ymm4, %ymm14, %ymm14
-        vpandn	%ymm12, %ymm11, %ymm0
-        vpandn	%ymm13, %ymm12, %ymm1
-        vpandn	%ymm14, %ymm13, %ymm2
-        vpandn	%ymm10, %ymm14, %ymm3
-        vpandn	%ymm11, %ymm10, %ymm4
-        vpxor	%ymm10, %ymm0, %ymm0
-        vpxor	%ymm11, %ymm1, %ymm1
-        vpxor	%ymm12, %ymm2, %ymm2
-        vpxor	%ymm13, %ymm3, %ymm3
-        vpxor	%ymm14, %ymm4, %ymm4
-        vmovdqu	%ymm0, -96(%rax)
-        vmovdqu	%ymm1, -96(%rdi)
-        vmovdqu	%ymm2, 96(%rcx)
-        vmovdqu	%ymm3, 96(%rax)
-        vmovdqu	%ymm4, (%rax)
-        # Row 3
-        vpxor	32(%rcx), %ymm9, %ymm10
-        vpxor	-64(%rcx), %ymm5, %ymm11
-        vpxor	-64(%rax), %ymm6, %ymm12
-        vpxor	96(%rdi), %ymm7, %ymm13
-        vpxor	(%rdi), %ymm8, %ymm14
-        vpsrlq	$37, %ymm10, %ymm0
-        vpsrlq	$28, %ymm11, %ymm1
-        vpsrlq	$54, %ymm12, %ymm2
-        vpsrlq	$49, %ymm13, %ymm3
-        vpsrlq	$8, %ymm14, %ymm4
-        vpsllq	$27, %ymm10, %ymm10
-        vpsllq	$36, %ymm11, %ymm11
-        vpsllq	$10, %ymm12, %ymm12
-        vpsllq	$15, %ymm13, %ymm13
-        vpsllq	$56, %ymm14, %ymm14
-        vpor	%ymm0, %ymm10, %ymm10
-        vpor	%ymm1, %ymm11, %ymm11
-        vpor	%ymm2, %ymm12, %ymm12
-        vpor	%ymm3, %ymm13, %ymm13
-        vpor	%ymm4, %ymm14, %ymm14
-        vpandn	%ymm12, %ymm11, %ymm0
-        vpandn	%ymm13, %ymm12, %ymm1
-        vpandn	%ymm14, %ymm13, %ymm2
-        vpandn	%ymm10, %ymm14, %ymm3
-        vpandn	%ymm11, %ymm10, %ymm4
-        vpxor	%ymm10, %ymm0, %ymm0
-        vpxor	%ymm11, %ymm1, %ymm1
-        vpxor	%ymm12, %ymm2, %ymm2
-        vpxor	%ymm13, %ymm3, %ymm3
-        vpxor	%ymm14, %ymm4, %ymm4
-        vmovdqu	%ymm0, 32(%rcx)
-        vmovdqu	%ymm1, -64(%rcx)
-        vmovdqu	%ymm2, -64(%rax)
-        vmovdqu	%ymm3, 96(%rdi)
-        vmovdqu	%ymm4, (%rdi)
-        # Row 4
-        vpxor	32(%rax), %ymm7, %ymm10
-        vpxor	32(%rdi), %ymm8, %ymm11
-        vpxor	-64(%rdi), %ymm9, %ymm12
-        vpxor	128(%rcx), %ymm5, %ymm13
-        vpxor	128(%rax), %ymm6, %ymm14
-        vpsrlq	$2, %ymm10, %ymm0
-        vpsrlq	$9, %ymm11, %ymm1
-        vpsrlq	$25, %ymm12, %ymm2
-        vpsrlq	$23, %ymm13, %ymm3
-        vpsrlq	$62, %ymm14, %ymm4
-        vpsllq	$62, %ymm10, %ymm10
-        vpsllq	$55, %ymm11, %ymm11
-        vpsllq	$39, %ymm12, %ymm12
-        vpsllq	$41, %ymm13, %ymm13
-        vpsllq	$2, %ymm14, %ymm14
-        vpor	%ymm0, %ymm10, %ymm10
-        vpor	%ymm1, %ymm11, %ymm11
-        vpor	%ymm2, %ymm12, %ymm12
-        vpor	%ymm3, %ymm13, %ymm13
-        vpor	%ymm4, %ymm14, %ymm14
-        vpandn	%ymm12, %ymm11, %ymm0
-        vpandn	%ymm13, %ymm12, %ymm1
-        vpandn	%ymm14, %ymm13, %ymm2
-        vpandn	%ymm10, %ymm14, %ymm3
-        vpandn	%ymm11, %ymm10, %ymm4
-        vpxor	%ymm10, %ymm0, %ymm0
-        vpxor	%ymm11, %ymm1, %ymm1
-        vpxor	%ymm12, %ymm2, %ymm2
-        vpxor	%ymm13, %ymm3, %ymm3
-        vpxor	%ymm14, %ymm4, %ymm4
-        vmovdqu	%ymm0, 32(%rax)
-        vmovdqu	%ymm1, 32(%rdi)
-        vmovdqu	%ymm2, -64(%rdi)
-        vmovdqu	%ymm3, 128(%rcx)
-        vmovdqu	%ymm4, 128(%rax)
-        # Round 3
-        # Calc b[0..4]
-        vpxor	%ymm15, %ymm0, %ymm10
-        vpxor	-96(%rdi), %ymm1, %ymm11
-        vpxor	-32(%rdi), %ymm3, %ymm13
-        vpxor	(%rdi), %ymm4, %ymm14
-        vpxor	64(%rdi), %ymm2, %ymm12
-        vpxor	96(%rdi), %ymm13, %ymm13
-        vpxor	128(%rdi), %ymm14, %ymm14
-        vpxor	-96(%rax), %ymm10, %ymm10
-        vpxor	-64(%rax), %ymm12, %ymm12
-        vpxor	-32(%rax), %ymm13, %ymm13
-        vpxor	(%rax), %ymm14, %ymm14
-        vpxor	64(%rax), %ymm11, %ymm11
-        vpxor	96(%rax), %ymm13, %ymm13
-        vpxor	-96(%rcx), %ymm10, %ymm10
-        vpxor	-64(%rcx), %ymm11, %ymm11
-        vpxor	-32(%rcx), %ymm12, %ymm12
-        vpxor	(%rcx), %ymm14, %ymm14
-        vpxor	32(%rcx), %ymm10, %ymm10
-        vpxor	64(%rcx), %ymm11, %ymm11
-        vpxor	96(%rcx), %ymm12, %ymm12
-        # Calc t[0..4]
-        vpsrlq	$63, %ymm11, %ymm0
-        vpsrlq	$63, %ymm12, %ymm1
-        vpsrlq	$63, %ymm13, %ymm2
-        vpsrlq	$63, %ymm14, %ymm3
-        vpsrlq	$63, %ymm10, %ymm4
-        vpaddq	%ymm11, %ymm11, %ymm5
-        vpaddq	%ymm12, %ymm12, %ymm6
-        vpaddq	%ymm13, %ymm13, %ymm7
-        vpaddq	%ymm14, %ymm14, %ymm8
-        vpaddq	%ymm10, %ymm10, %ymm9
-        vpor	%ymm0, %ymm5, %ymm5
-        vpor	%ymm1, %ymm6, %ymm6
-        vpor	%ymm2, %ymm7, %ymm7
-        vpor	%ymm3, %ymm8, %ymm8
-        vpor	%ymm4, %ymm9, %ymm9
-        vpxor	%ymm14, %ymm5, %ymm5
-        vpxor	%ymm10, %ymm6, %ymm6
-        vpxor	%ymm11, %ymm7, %ymm7
-        vpxor	%ymm12, %ymm8, %ymm8
-        vpxor	%ymm13, %ymm9, %ymm9
-        # Row Mix
-        # Row 0
-        vpxor	%ymm15, %ymm5, %ymm10
-        vpxor	64(%rax), %ymm6, %ymm11
-        vpxor	96(%rcx), %ymm7, %ymm12
-        vpxor	96(%rdi), %ymm8, %ymm13
-        vpxor	128(%rax), %ymm9, %ymm14
-        vpsrlq	$20, %ymm11, %ymm0
-        vpsrlq	$21, %ymm12, %ymm1
-        vpsrlq	$43, %ymm13, %ymm2
-        vpsrlq	$50, %ymm14, %ymm3
-        vpsllq	$44, %ymm11, %ymm11
-        vpsllq	$43, %ymm12, %ymm12
-        vpsllq	$21, %ymm13, %ymm13
-        vpsllq	$14, %ymm14, %ymm14
-        vpor	%ymm0, %ymm11, %ymm11
-        vpor	%ymm1, %ymm12, %ymm12
-        vpor	%ymm2, %ymm13, %ymm13
-        vpor	%ymm3, %ymm14, %ymm14
-        vpandn	%ymm12, %ymm11, %ymm15
-        vpandn	%ymm13, %ymm12, %ymm1
-        vpandn	%ymm14, %ymm13, %ymm2
-        vpandn	%ymm10, %ymm14, %ymm3
-        vpandn	%ymm11, %ymm10, %ymm4
-        vpxor	%ymm10, %ymm15, %ymm15
-        vpxor	%ymm11, %ymm1, %ymm1
-        vpxor	%ymm12, %ymm2, %ymm2
-        # XOR in constant
-        vpxor	96(%rdx), %ymm15, %ymm15
-        vpxor	%ymm13, %ymm3, %ymm3
-        vpxor	%ymm14, %ymm4, %ymm4
-        vmovdqu	%ymm1, 64(%rax)
-        vmovdqu	%ymm2, 96(%rcx)
-        vmovdqu	%ymm3, 96(%rdi)
-        vmovdqu	%ymm4, 128(%rax)
-        # Row 1
-        vpxor	-32(%rax), %ymm8, %ymm10
-        vpxor	(%rcx), %ymm9, %ymm11
-        vpxor	-96(%rax), %ymm5, %ymm12
-        vpxor	-64(%rcx), %ymm6, %ymm13
-        vpxor	-64(%rdi), %ymm7, %ymm14
-        vpsrlq	$36, %ymm10, %ymm0
-        vpsrlq	$44, %ymm11, %ymm1
-        vpsrlq	$61, %ymm12, %ymm2
-        vpsrlq	$19, %ymm13, %ymm3
-        vpsrlq	$3, %ymm14, %ymm4
-        vpsllq	$28, %ymm10, %ymm10
-        vpsllq	$20, %ymm11, %ymm11
-        vpsllq	$3, %ymm12, %ymm12
-        vpsllq	$45, %ymm13, %ymm13
-        vpsllq	$61, %ymm14, %ymm14
-        vpor	%ymm0, %ymm10, %ymm10
-        vpor	%ymm1, %ymm11, %ymm11
-        vpor	%ymm2, %ymm12, %ymm12
-        vpor	%ymm3, %ymm13, %ymm13
-        vpor	%ymm4, %ymm14, %ymm14
-        vpandn	%ymm12, %ymm11, %ymm0
-        vpandn	%ymm13, %ymm12, %ymm1
-        vpandn	%ymm14, %ymm13, %ymm2
-        vpandn	%ymm10, %ymm14, %ymm3
-        vpandn	%ymm11, %ymm10, %ymm4
-        vpxor	%ymm10, %ymm0, %ymm0
-        vpxor	%ymm11, %ymm1, %ymm1
-        vpxor	%ymm12, %ymm2, %ymm2
-        vpxor	%ymm13, %ymm3, %ymm3
-        vpxor	%ymm14, %ymm4, %ymm4
-        vmovdqu	%ymm0, -32(%rax)
-        vmovdqu	%ymm1, (%rcx)
-        vmovdqu	%ymm2, -96(%rax)
-        vmovdqu	%ymm3, -64(%rcx)
-        vmovdqu	%ymm4, -64(%rdi)
-        # Row 2
-        vpxor	64(%rcx), %ymm6, %ymm10
-        vpxor	64(%rdi), %ymm7, %ymm11
-        vpxor	96(%rax), %ymm8, %ymm12
-        vpxor	(%rdi), %ymm9, %ymm13
-        vpxor	32(%rax), %ymm5, %ymm14
-        vpsrlq	$63, %ymm10, %ymm0
-        vpsrlq	$58, %ymm11, %ymm1
-        vpsrlq	$39, %ymm12, %ymm2
-        vpsrlq	$56, %ymm13, %ymm3
-        vpsrlq	$46, %ymm14, %ymm4
-        vpaddq	%ymm10, %ymm10, %ymm10
-        vpsllq	$6, %ymm11, %ymm11
-        vpsllq	$25, %ymm12, %ymm12
-        vpsllq	$8, %ymm13, %ymm13
-        vpsllq	$18, %ymm14, %ymm14
-        vpor	%ymm0, %ymm10, %ymm10
-        vpor	%ymm1, %ymm11, %ymm11
-        vpor	%ymm2, %ymm12, %ymm12
-        vpor	%ymm3, %ymm13, %ymm13
-        vpor	%ymm4, %ymm14, %ymm14
-        vpandn	%ymm12, %ymm11, %ymm0
-        vpandn	%ymm13, %ymm12, %ymm1
-        vpandn	%ymm14, %ymm13, %ymm2
-        vpandn	%ymm10, %ymm14, %ymm3
-        vpandn	%ymm11, %ymm10, %ymm4
-        vpxor	%ymm10, %ymm0, %ymm0
-        vpxor	%ymm11, %ymm1, %ymm1
-        vpxor	%ymm12, %ymm2, %ymm2
-        vpxor	%ymm13, %ymm3, %ymm3
-        vpxor	%ymm14, %ymm4, %ymm4
-        vmovdqu	%ymm0, 64(%rcx)
-        vmovdqu	%ymm1, 64(%rdi)
-        vmovdqu	%ymm2, 96(%rax)
-        vmovdqu	%ymm3, (%rdi)
-        vmovdqu	%ymm4, 32(%rax)
-        # Row 3
-        vpxor	128(%rdi), %ymm9, %ymm10
-        vpxor	-96(%rcx), %ymm5, %ymm11
-        vpxor	-96(%rdi), %ymm6, %ymm12
-        vpxor	-64(%rax), %ymm7, %ymm13
-        vpxor	128(%rcx), %ymm8, %ymm14
-        vpsrlq	$37, %ymm10, %ymm0
-        vpsrlq	$28, %ymm11, %ymm1
-        vpsrlq	$54, %ymm12, %ymm2
-        vpsrlq	$49, %ymm13, %ymm3
-        vpsrlq	$8, %ymm14, %ymm4
-        vpsllq	$27, %ymm10, %ymm10
-        vpsllq	$36, %ymm11, %ymm11
-        vpsllq	$10, %ymm12, %ymm12
-        vpsllq	$15, %ymm13, %ymm13
-        vpsllq	$56, %ymm14, %ymm14
-        vpor	%ymm0, %ymm10, %ymm10
-        vpor	%ymm1, %ymm11, %ymm11
-        vpor	%ymm2, %ymm12, %ymm12
-        vpor	%ymm3, %ymm13, %ymm13
-        vpor	%ymm4, %ymm14, %ymm14
-        vpandn	%ymm12, %ymm11, %ymm0
-        vpandn	%ymm13, %ymm12, %ymm1
-        vpandn	%ymm14, %ymm13, %ymm2
-        vpandn	%ymm10, %ymm14, %ymm3
-        vpandn	%ymm11, %ymm10, %ymm4
-        vpxor	%ymm10, %ymm0, %ymm0
-        vpxor	%ymm11, %ymm1, %ymm1
-        vpxor	%ymm12, %ymm2, %ymm2
-        vpxor	%ymm13, %ymm3, %ymm3
-        vpxor	%ymm14, %ymm4, %ymm4
-        vmovdqu	%ymm0, 128(%rdi)
-        vmovdqu	%ymm1, -96(%rcx)
-        vmovdqu	%ymm2, -96(%rdi)
-        vmovdqu	%ymm3, -64(%rax)
-        vmovdqu	%ymm4, 128(%rcx)
-        # Row 4
-        vpxor	-32(%rcx), %ymm7, %ymm10
-        vpxor	-32(%rdi), %ymm8, %ymm11
-        vpxor	(%rax), %ymm9, %ymm12
-        vpxor	32(%rcx), %ymm5, %ymm13
-        vpxor	32(%rdi), %ymm6, %ymm14
-        vpsrlq	$2, %ymm10, %ymm0
-        vpsrlq	$9, %ymm11, %ymm1
-        vpsrlq	$25, %ymm12, %ymm2
-        vpsrlq	$23, %ymm13, %ymm3
-        vpsrlq	$62, %ymm14, %ymm4
-        vpsllq	$62, %ymm10, %ymm10
-        vpsllq	$55, %ymm11, %ymm11
-        vpsllq	$39, %ymm12, %ymm12
-        vpsllq	$41, %ymm13, %ymm13
-        vpsllq	$2, %ymm14, %ymm14
-        vpor	%ymm0, %ymm10, %ymm10
-        vpor	%ymm1, %ymm11, %ymm11
-        vpor	%ymm2, %ymm12, %ymm12
-        vpor	%ymm3, %ymm13, %ymm13
-        vpor	%ymm4, %ymm14, %ymm14
-        vpandn	%ymm12, %ymm11, %ymm0
-        vpandn	%ymm13, %ymm12, %ymm1
-        vpandn	%ymm14, %ymm13, %ymm2
-        vpandn	%ymm10, %ymm14, %ymm3
-        vpandn	%ymm11, %ymm10, %ymm4
-        vpxor	%ymm10, %ymm0, %ymm0
-        vpxor	%ymm11, %ymm1, %ymm1
-        vpxor	%ymm12, %ymm2, %ymm2
-        vpxor	%ymm13, %ymm3, %ymm3
-        vpxor	%ymm14, %ymm4, %ymm4
-        vmovdqu	%ymm0, -32(%rcx)
-        vmovdqu	%ymm1, -32(%rdi)
-        vmovdqu	%ymm2, (%rax)
-        vmovdqu	%ymm3, 32(%rcx)
-        vmovdqu	%ymm4, 32(%rdi)
-        # Round 4
-        # Calc b[0..4]
-        vpxor	%ymm15, %ymm0, %ymm10
-        vpxor	-96(%rdi), %ymm2, %ymm12
-        vpxor	-64(%rdi), %ymm4, %ymm14
-        vpxor	(%rdi), %ymm3, %ymm13
-        vpxor	64(%rdi), %ymm1, %ymm11
-        vpxor	96(%rdi), %ymm13, %ymm13
-        vpxor	128(%rdi), %ymm10, %ymm10
-        vpxor	-96(%rax), %ymm12, %ymm12
-        vpxor	-64(%rax), %ymm13, %ymm13
-        vpxor	-32(%rax), %ymm10, %ymm10
-        vpxor	32(%rax), %ymm14, %ymm14
-        vpxor	64(%rax), %ymm11, %ymm11
-        vpxor	96(%rax), %ymm12, %ymm12
-        vpxor	128(%rax), %ymm14, %ymm14
-        vpxor	-96(%rcx), %ymm11, %ymm11
-        vpxor	-64(%rcx), %ymm13, %ymm13
-        vpxor	(%rcx), %ymm11, %ymm11
-        vpxor	64(%rcx), %ymm10, %ymm10
-        vpxor	96(%rcx), %ymm12, %ymm12
-        vpxor	128(%rcx), %ymm14, %ymm14
-        # Calc t[0..4]
-        vpsrlq	$63, %ymm11, %ymm0
-        vpsrlq	$63, %ymm12, %ymm1
-        vpsrlq	$63, %ymm13, %ymm2
-        vpsrlq	$63, %ymm14, %ymm3
-        vpsrlq	$63, %ymm10, %ymm4
-        vpaddq	%ymm11, %ymm11, %ymm5
-        vpaddq	%ymm12, %ymm12, %ymm6
-        vpaddq	%ymm13, %ymm13, %ymm7
-        vpaddq	%ymm14, %ymm14, %ymm8
-        vpaddq	%ymm10, %ymm10, %ymm9
-        vpor	%ymm0, %ymm5, %ymm5
-        vpor	%ymm1, %ymm6, %ymm6
-        vpor	%ymm2, %ymm7, %ymm7
-        vpor	%ymm3, %ymm8, %ymm8
-        vpor	%ymm4, %ymm9, %ymm9
-        vpxor	%ymm14, %ymm5, %ymm5
-        vpxor	%ymm10, %ymm6, %ymm6
-        vpxor	%ymm11, %ymm7, %ymm7
-        vpxor	%ymm12, %ymm8, %ymm8
-        vpxor	%ymm13, %ymm9, %ymm9
-        # Row Mix
-        # Row 0
-        vpxor	%ymm15, %ymm5, %ymm10
-        vpxor	(%rcx), %ymm6, %ymm11
-        vpxor	96(%rax), %ymm7, %ymm12
-        vpxor	-64(%rax), %ymm8, %ymm13
-        vpxor	32(%rdi), %ymm9, %ymm14
-        vpsrlq	$20, %ymm11, %ymm0
-        vpsrlq	$21, %ymm12, %ymm1
-        vpsrlq	$43, %ymm13, %ymm2
-        vpsrlq	$50, %ymm14, %ymm3
-        vpsllq	$44, %ymm11, %ymm11
-        vpsllq	$43, %ymm12, %ymm12
-        vpsllq	$21, %ymm13, %ymm13
-        vpsllq	$14, %ymm14, %ymm14
-        vpor	%ymm0, %ymm11, %ymm11
-        vpor	%ymm1, %ymm12, %ymm12
-        vpor	%ymm2, %ymm13, %ymm13
-        vpor	%ymm3, %ymm14, %ymm14
-        vpandn	%ymm12, %ymm11, %ymm15
-        vpandn	%ymm13, %ymm12, %ymm1
-        vpandn	%ymm14, %ymm13, %ymm2
-        vpandn	%ymm10, %ymm14, %ymm3
-        vpandn	%ymm11, %ymm10, %ymm4
-        vpxor	%ymm10, %ymm15, %ymm15
-        vpxor	%ymm11, %ymm1, %ymm1
-        vpxor	%ymm12, %ymm2, %ymm2
-        # XOR in constant
-        vpxor	128(%rdx), %ymm15, %ymm15
-        vpxor	%ymm13, %ymm3, %ymm3
-        vpxor	%ymm14, %ymm4, %ymm4
-        vmovdqu	%ymm1, (%rcx)
-        vmovdqu	%ymm2, 96(%rax)
-        vmovdqu	%ymm3, -64(%rax)
-        vmovdqu	%ymm4, 32(%rdi)
-        # Row 1
-        vpxor	96(%rdi), %ymm8, %ymm10
-        vpxor	-64(%rdi), %ymm9, %ymm11
-        vpxor	64(%rcx), %ymm5, %ymm12
-        vpxor	-96(%rcx), %ymm6, %ymm13
-        vpxor	(%rax), %ymm7, %ymm14
-        vpsrlq	$36, %ymm10, %ymm0
-        vpsrlq	$44, %ymm11, %ymm1
-        vpsrlq	$61, %ymm12, %ymm2
-        vpsrlq	$19, %ymm13, %ymm3
-        vpsrlq	$3, %ymm14, %ymm4
-        vpsllq	$28, %ymm10, %ymm10
-        vpsllq	$20, %ymm11, %ymm11
-        vpsllq	$3, %ymm12, %ymm12
-        vpsllq	$45, %ymm13, %ymm13
-        vpsllq	$61, %ymm14, %ymm14
-        vpor	%ymm0, %ymm10, %ymm10
-        vpor	%ymm1, %ymm11, %ymm11
-        vpor	%ymm2, %ymm12, %ymm12
-        vpor	%ymm3, %ymm13, %ymm13
-        vpor	%ymm4, %ymm14, %ymm14
-        vpandn	%ymm12, %ymm11, %ymm0
-        vpandn	%ymm13, %ymm12, %ymm1
-        vpandn	%ymm14, %ymm13, %ymm2
-        vpandn	%ymm10, %ymm14, %ymm3
-        vpandn	%ymm11, %ymm10, %ymm4
-        vpxor	%ymm10, %ymm0, %ymm0
-        vpxor	%ymm11, %ymm1, %ymm1
-        vpxor	%ymm12, %ymm2, %ymm2
-        vpxor	%ymm13, %ymm3, %ymm3
-        vpxor	%ymm14, %ymm4, %ymm4
-        vmovdqu	%ymm0, 96(%rdi)
-        vmovdqu	%ymm1, -64(%rdi)
-        vmovdqu	%ymm2, 64(%rcx)
-        vmovdqu	%ymm3, -96(%rcx)
-        vmovdqu	%ymm4, (%rax)
-        # Row 2
-        vpxor	64(%rax), %ymm6, %ymm10
-        vpxor	-96(%rax), %ymm7, %ymm11
-        vpxor	(%rdi), %ymm8, %ymm12
-        vpxor	128(%rcx), %ymm9, %ymm13
-        vpxor	-32(%rcx), %ymm5, %ymm14
-        vpsrlq	$63, %ymm10, %ymm0
-        vpsrlq	$58, %ymm11, %ymm1
-        vpsrlq	$39, %ymm12, %ymm2
-        vpsrlq	$56, %ymm13, %ymm3
-        vpsrlq	$46, %ymm14, %ymm4
-        vpaddq	%ymm10, %ymm10, %ymm10
-        vpsllq	$6, %ymm11, %ymm11
-        vpsllq	$25, %ymm12, %ymm12
-        vpsllq	$8, %ymm13, %ymm13
-        vpsllq	$18, %ymm14, %ymm14
-        vpor	%ymm0, %ymm10, %ymm10
-        vpor	%ymm1, %ymm11, %ymm11
-        vpor	%ymm2, %ymm12, %ymm12
-        vpor	%ymm3, %ymm13, %ymm13
-        vpor	%ymm4, %ymm14, %ymm14
-        vpandn	%ymm12, %ymm11, %ymm0
-        vpandn	%ymm13, %ymm12, %ymm1
-        vpandn	%ymm14, %ymm13, %ymm2
-        vpandn	%ymm10, %ymm14, %ymm3
-        vpandn	%ymm11, %ymm10, %ymm4
-        vpxor	%ymm10, %ymm0, %ymm0
-        vpxor	%ymm11, %ymm1, %ymm1
-        vpxor	%ymm12, %ymm2, %ymm2
-        vpxor	%ymm13, %ymm3, %ymm3
-        vpxor	%ymm14, %ymm4, %ymm4
-        vmovdqu	%ymm0, 64(%rax)
-        vmovdqu	%ymm1, -96(%rax)
-        vmovdqu	%ymm2, (%rdi)
-        vmovdqu	%ymm3, 128(%rcx)
-        vmovdqu	%ymm4, -32(%rcx)
-        # Row 3
-        vpxor	128(%rax), %ymm9, %ymm10
-        vpxor	-32(%rax), %ymm5, %ymm11
-        vpxor	64(%rdi), %ymm6, %ymm12
-        vpxor	-96(%rdi), %ymm7, %ymm13
-        vpxor	32(%rcx), %ymm8, %ymm14
-        vpsrlq	$37, %ymm10, %ymm0
-        vpsrlq	$28, %ymm11, %ymm1
-        vpsrlq	$54, %ymm12, %ymm2
-        vpsrlq	$49, %ymm13, %ymm3
-        vpsrlq	$8, %ymm14, %ymm4
-        vpsllq	$27, %ymm10, %ymm10
-        vpsllq	$36, %ymm11, %ymm11
-        vpsllq	$10, %ymm12, %ymm12
-        vpsllq	$15, %ymm13, %ymm13
-        vpsllq	$56, %ymm14, %ymm14
-        vpor	%ymm0, %ymm10, %ymm10
-        vpor	%ymm1, %ymm11, %ymm11
-        vpor	%ymm2, %ymm12, %ymm12
-        vpor	%ymm3, %ymm13, %ymm13
-        vpor	%ymm4, %ymm14, %ymm14
-        vpandn	%ymm12, %ymm11, %ymm0
-        vpandn	%ymm13, %ymm12, %ymm1
-        vpandn	%ymm14, %ymm13, %ymm2
-        vpandn	%ymm10, %ymm14, %ymm3
-        vpandn	%ymm11, %ymm10, %ymm4
-        vpxor	%ymm10, %ymm0, %ymm0
-        vpxor	%ymm11, %ymm1, %ymm1
-        vpxor	%ymm12, %ymm2, %ymm2
-        vpxor	%ymm13, %ymm3, %ymm3
-        vpxor	%ymm14, %ymm4, %ymm4
-        vmovdqu	%ymm0, 128(%rax)
-        vmovdqu	%ymm1, -32(%rax)
-        vmovdqu	%ymm2, 64(%rdi)
-        vmovdqu	%ymm3, -96(%rdi)
-        vmovdqu	%ymm4, 32(%rcx)
-        # Row 4
-        vpxor	96(%rcx), %ymm7, %ymm10
-        vpxor	-64(%rcx), %ymm8, %ymm11
-        vpxor	32(%rax), %ymm9, %ymm12
-        vpxor	128(%rdi), %ymm5, %ymm13
-        vpxor	-32(%rdi), %ymm6, %ymm14
-        vpsrlq	$2, %ymm10, %ymm0
-        vpsrlq	$9, %ymm11, %ymm1
-        vpsrlq	$25, %ymm12, %ymm2
-        vpsrlq	$23, %ymm13, %ymm3
-        vpsrlq	$62, %ymm14, %ymm4
-        vpsllq	$62, %ymm10, %ymm10
-        vpsllq	$55, %ymm11, %ymm11
-        vpsllq	$39, %ymm12, %ymm12
-        vpsllq	$41, %ymm13, %ymm13
-        vpsllq	$2, %ymm14, %ymm14
-        vpor	%ymm0, %ymm10, %ymm10
-        vpor	%ymm1, %ymm11, %ymm11
-        vpor	%ymm2, %ymm12, %ymm12
-        vpor	%ymm3, %ymm13, %ymm13
-        vpor	%ymm4, %ymm14, %ymm14
-        vpandn	%ymm12, %ymm11, %ymm0
-        vpandn	%ymm13, %ymm12, %ymm1
-        vpandn	%ymm14, %ymm13, %ymm2
-        vpandn	%ymm10, %ymm14, %ymm3
-        vpandn	%ymm11, %ymm10, %ymm4
-        vpxor	%ymm10, %ymm0, %ymm0
-        vpxor	%ymm11, %ymm1, %ymm1
-        vpxor	%ymm12, %ymm2, %ymm2
-        vpxor	%ymm13, %ymm3, %ymm3
-        vpxor	%ymm14, %ymm4, %ymm4
-        vmovdqu	%ymm0, 96(%rcx)
-        vmovdqu	%ymm1, -64(%rcx)
-        vmovdqu	%ymm2, 32(%rax)
-        vmovdqu	%ymm3, 128(%rdi)
-        vmovdqu	%ymm4, -32(%rdi)
-        # Round 5
-        # Calc b[0..4]
-        vpxor	%ymm15, %ymm0, %ymm10
-        vpxor	-96(%rdi), %ymm3, %ymm13
-        vpxor	-64(%rdi), %ymm1, %ymm11
-        vpxor	(%rdi), %ymm2, %ymm12
-        vpxor	32(%rdi), %ymm4, %ymm14
-        vpxor	64(%rdi), %ymm12, %ymm12
-        vpxor	96(%rdi), %ymm10, %ymm10
-        vpxor	-96(%rax), %ymm11, %ymm11
-        vpxor	-64(%rax), %ymm13, %ymm13
-        vpxor	-32(%rax), %ymm11, %ymm11
-        vpxor	(%rax), %ymm14, %ymm14
-        vpxor	64(%rax), %ymm10, %ymm10
-        vpxor	96(%rax), %ymm12, %ymm12
-        vpxor	128(%rax), %ymm10, %ymm10
-        vpxor	-96(%rcx), %ymm13, %ymm13
-        vpxor	-32(%rcx), %ymm14, %ymm14
-        vpxor	(%rcx), %ymm11, %ymm11
-        vpxor	32(%rcx), %ymm14, %ymm14
-        vpxor	64(%rcx), %ymm12, %ymm12
-        vpxor	128(%rcx), %ymm13, %ymm13
-        # Calc t[0..4]
-        vpsrlq	$63, %ymm11, %ymm0
-        vpsrlq	$63, %ymm12, %ymm1
-        vpsrlq	$63, %ymm13, %ymm2
-        vpsrlq	$63, %ymm14, %ymm3
-        vpsrlq	$63, %ymm10, %ymm4
-        vpaddq	%ymm11, %ymm11, %ymm5
-        vpaddq	%ymm12, %ymm12, %ymm6
-        vpaddq	%ymm13, %ymm13, %ymm7
-        vpaddq	%ymm14, %ymm14, %ymm8
-        vpaddq	%ymm10, %ymm10, %ymm9
-        vpor	%ymm0, %ymm5, %ymm5
-        vpor	%ymm1, %ymm6, %ymm6
-        vpor	%ymm2, %ymm7, %ymm7
-        vpor	%ymm3, %ymm8, %ymm8
-        vpor	%ymm4, %ymm9, %ymm9
-        vpxor	%ymm14, %ymm5, %ymm5
-        vpxor	%ymm10, %ymm6, %ymm6
-        vpxor	%ymm11, %ymm7, %ymm7
-        vpxor	%ymm12, %ymm8, %ymm8
-        vpxor	%ymm13, %ymm9, %ymm9
-        # Row Mix
-        # Row 0
-        vpxor	%ymm15, %ymm5, %ymm10
-        vpxor	-64(%rdi), %ymm6, %ymm11
-        vpxor	(%rdi), %ymm7, %ymm12
-        vpxor	-96(%rdi), %ymm8, %ymm13
-        vpxor	-32(%rdi), %ymm9, %ymm14
-        vpsrlq	$20, %ymm11, %ymm0
-        vpsrlq	$21, %ymm12, %ymm1
-        vpsrlq	$43, %ymm13, %ymm2
-        vpsrlq	$50, %ymm14, %ymm3
-        vpsllq	$44, %ymm11, %ymm11
-        vpsllq	$43, %ymm12, %ymm12
-        vpsllq	$21, %ymm13, %ymm13
-        vpsllq	$14, %ymm14, %ymm14
-        vpor	%ymm0, %ymm11, %ymm11
-        vpor	%ymm1, %ymm12, %ymm12
-        vpor	%ymm2, %ymm13, %ymm13
-        vpor	%ymm3, %ymm14, %ymm14
-        vpandn	%ymm12, %ymm11, %ymm15
-        vpandn	%ymm13, %ymm12, %ymm1
-        vpandn	%ymm14, %ymm13, %ymm2
-        vpandn	%ymm10, %ymm14, %ymm3
-        vpandn	%ymm11, %ymm10, %ymm4
-        vpxor	%ymm10, %ymm15, %ymm15
-        vpxor	%ymm11, %ymm1, %ymm1
-        vpxor	%ymm12, %ymm2, %ymm2
-        # XOR in constant
-        vpxor	160(%rdx), %ymm15, %ymm15
-        vpxor	%ymm13, %ymm3, %ymm3
-        vpxor	%ymm14, %ymm4, %ymm4
-        vmovdqu	%ymm1, -64(%rdi)
-        vmovdqu	%ymm2, (%rdi)
-        vmovdqu	%ymm3, -96(%rdi)
-        vmovdqu	%ymm4, -32(%rdi)
-        # Row 1
-        vpxor	-64(%rax), %ymm8, %ymm10
-        vpxor	(%rax), %ymm9, %ymm11
-        vpxor	64(%rax), %ymm5, %ymm12
-        vpxor	-32(%rax), %ymm6, %ymm13
-        vpxor	32(%rax), %ymm7, %ymm14
-        vpsrlq	$36, %ymm10, %ymm0
-        vpsrlq	$44, %ymm11, %ymm1
-        vpsrlq	$61, %ymm12, %ymm2
-        vpsrlq	$19, %ymm13, %ymm3
-        vpsrlq	$3, %ymm14, %ymm4
-        vpsllq	$28, %ymm10, %ymm10
-        vpsllq	$20, %ymm11, %ymm11
-        vpsllq	$3, %ymm12, %ymm12
-        vpsllq	$45, %ymm13, %ymm13
-        vpsllq	$61, %ymm14, %ymm14
-        vpor	%ymm0, %ymm10, %ymm10
-        vpor	%ymm1, %ymm11, %ymm11
-        vpor	%ymm2, %ymm12, %ymm12
-        vpor	%ymm3, %ymm13, %ymm13
-        vpor	%ymm4, %ymm14, %ymm14
-        vpandn	%ymm12, %ymm11, %ymm0
-        vpandn	%ymm13, %ymm12, %ymm1
-        vpandn	%ymm14, %ymm13, %ymm2
-        vpandn	%ymm10, %ymm14, %ymm3
-        vpandn	%ymm11, %ymm10, %ymm4
-        vpxor	%ymm10, %ymm0, %ymm0
-        vpxor	%ymm11, %ymm1, %ymm1
-        vpxor	%ymm12, %ymm2, %ymm2
-        vpxor	%ymm13, %ymm3, %ymm3
-        vpxor	%ymm14, %ymm4, %ymm4
-        vmovdqu	%ymm0, -64(%rax)
-        vmovdqu	%ymm1, (%rax)
-        vmovdqu	%ymm2, 64(%rax)
-        vmovdqu	%ymm3, -32(%rax)
-        vmovdqu	%ymm4, 32(%rax)
-        # Row 2
-        vpxor	(%rcx), %ymm6, %ymm10
-        vpxor	64(%rcx), %ymm7, %ymm11
-        vpxor	128(%rcx), %ymm8, %ymm12
-        vpxor	32(%rcx), %ymm9, %ymm13
-        vpxor	96(%rcx), %ymm5, %ymm14
-        vpsrlq	$63, %ymm10, %ymm0
-        vpsrlq	$58, %ymm11, %ymm1
-        vpsrlq	$39, %ymm12, %ymm2
-        vpsrlq	$56, %ymm13, %ymm3
-        vpsrlq	$46, %ymm14, %ymm4
-        vpaddq	%ymm10, %ymm10, %ymm10
-        vpsllq	$6, %ymm11, %ymm11
-        vpsllq	$25, %ymm12, %ymm12
-        vpsllq	$8, %ymm13, %ymm13
-        vpsllq	$18, %ymm14, %ymm14
-        vpor	%ymm0, %ymm10, %ymm10
-        vpor	%ymm1, %ymm11, %ymm11
-        vpor	%ymm2, %ymm12, %ymm12
-        vpor	%ymm3, %ymm13, %ymm13
-        vpor	%ymm4, %ymm14, %ymm14
-        vpandn	%ymm12, %ymm11, %ymm0
-        vpandn	%ymm13, %ymm12, %ymm1
-        vpandn	%ymm14, %ymm13, %ymm2
-        vpandn	%ymm10, %ymm14, %ymm3
-        vpandn	%ymm11, %ymm10, %ymm4
-        vpxor	%ymm10, %ymm0, %ymm0
-        vpxor	%ymm11, %ymm1, %ymm1
-        vpxor	%ymm12, %ymm2, %ymm2
-        vpxor	%ymm13, %ymm3, %ymm3
-        vpxor	%ymm14, %ymm4, %ymm4
-        vmovdqu	%ymm0, (%rcx)
-        vmovdqu	%ymm1, 64(%rcx)
-        vmovdqu	%ymm2, 128(%rcx)
-        vmovdqu	%ymm3, 32(%rcx)
-        vmovdqu	%ymm4, 96(%rcx)
-        # Row 3
-        vpxor	32(%rdi), %ymm9, %ymm10
-        vpxor	96(%rdi), %ymm5, %ymm11
-        vpxor	-96(%rax), %ymm6, %ymm12
-        vpxor	64(%rdi), %ymm7, %ymm13
-        vpxor	128(%rdi), %ymm8, %ymm14
-        vpsrlq	$37, %ymm10, %ymm0
-        vpsrlq	$28, %ymm11, %ymm1
-        vpsrlq	$54, %ymm12, %ymm2
-        vpsrlq	$49, %ymm13, %ymm3
-        vpsrlq	$8, %ymm14, %ymm4
-        vpsllq	$27, %ymm10, %ymm10
-        vpsllq	$36, %ymm11, %ymm11
-        vpsllq	$10, %ymm12, %ymm12
-        vpsllq	$15, %ymm13, %ymm13
-        vpsllq	$56, %ymm14, %ymm14
-        vpor	%ymm0, %ymm10, %ymm10
-        vpor	%ymm1, %ymm11, %ymm11
-        vpor	%ymm2, %ymm12, %ymm12
-        vpor	%ymm3, %ymm13, %ymm13
-        vpor	%ymm4, %ymm14, %ymm14
-        vpandn	%ymm12, %ymm11, %ymm0
-        vpandn	%ymm13, %ymm12, %ymm1
-        vpandn	%ymm14, %ymm13, %ymm2
-        vpandn	%ymm10, %ymm14, %ymm3
-        vpandn	%ymm11, %ymm10, %ymm4
-        vpxor	%ymm10, %ymm0, %ymm0
-        vpxor	%ymm11, %ymm1, %ymm1
-        vpxor	%ymm12, %ymm2, %ymm2
-        vpxor	%ymm13, %ymm3, %ymm3
-        vpxor	%ymm14, %ymm4, %ymm4
-        vmovdqu	%ymm0, 32(%rdi)
-        vmovdqu	%ymm1, 96(%rdi)
-        vmovdqu	%ymm2, -96(%rax)
-        vmovdqu	%ymm3, 64(%rdi)
-        vmovdqu	%ymm4, 128(%rdi)
-        # Row 4
-        vpxor	96(%rax), %ymm7, %ymm10
-        vpxor	-96(%rcx), %ymm8, %ymm11
-        vpxor	-32(%rcx), %ymm9, %ymm12
-        vpxor	128(%rax), %ymm5, %ymm13
-        vpxor	-64(%rcx), %ymm6, %ymm14
-        vpsrlq	$2, %ymm10, %ymm0
-        vpsrlq	$9, %ymm11, %ymm1
-        vpsrlq	$25, %ymm12, %ymm2
-        vpsrlq	$23, %ymm13, %ymm3
-        vpsrlq	$62, %ymm14, %ymm4
-        vpsllq	$62, %ymm10, %ymm10
-        vpsllq	$55, %ymm11, %ymm11
-        vpsllq	$39, %ymm12, %ymm12
-        vpsllq	$41, %ymm13, %ymm13
-        vpsllq	$2, %ymm14, %ymm14
-        vpor	%ymm0, %ymm10, %ymm10
-        vpor	%ymm1, %ymm11, %ymm11
-        vpor	%ymm2, %ymm12, %ymm12
-        vpor	%ymm3, %ymm13, %ymm13
-        vpor	%ymm4, %ymm14, %ymm14
-        vpandn	%ymm12, %ymm11, %ymm0
-        vpandn	%ymm13, %ymm12, %ymm1
-        vpandn	%ymm14, %ymm13, %ymm2
-        vpandn	%ymm10, %ymm14, %ymm3
-        vpandn	%ymm11, %ymm10, %ymm4
-        vpxor	%ymm10, %ymm0, %ymm0
-        vpxor	%ymm11, %ymm1, %ymm1
-        vpxor	%ymm12, %ymm2, %ymm2
-        vpxor	%ymm13, %ymm3, %ymm3
-        vpxor	%ymm14, %ymm4, %ymm4
-        vmovdqu	%ymm0, 96(%rax)
-        vmovdqu	%ymm1, -96(%rcx)
-        vmovdqu	%ymm2, -32(%rcx)
-        vmovdqu	%ymm3, 128(%rax)
-        vmovdqu	%ymm4, -64(%rcx)
-        # Round 6
-        # Calc b[0..4]
-        vpxor	%ymm15, %ymm0, %ymm10
-        vpxor	-96(%rdi), %ymm3, %ymm13
-        vpxor	-64(%rdi), %ymm1, %ymm11
-        vpxor	-32(%rdi), %ymm4, %ymm14
-        vpxor	(%rdi), %ymm2, %ymm12
-        vpxor	32(%rdi), %ymm10, %ymm10
-        vpxor	64(%rdi), %ymm13, %ymm13
-        vpxor	96(%rdi), %ymm11, %ymm11
-        vpxor	128(%rdi), %ymm14, %ymm14
-        vpxor	-96(%rax), %ymm12, %ymm12
-        vpxor	-64(%rax), %ymm10, %ymm10
-        vpxor	-32(%rax), %ymm13, %ymm13
-        vpxor	(%rax), %ymm11, %ymm11
-        vpxor	32(%rax), %ymm14, %ymm14
-        vpxor	64(%rax), %ymm12, %ymm12
-        vpxor	(%rcx), %ymm10, %ymm10
-        vpxor	32(%rcx), %ymm13, %ymm13
-        vpxor	64(%rcx), %ymm11, %ymm11
-        vpxor	96(%rcx), %ymm14, %ymm14
-        vpxor	128(%rcx), %ymm12, %ymm12
-        # Calc t[0..4]
-        vpsrlq	$63, %ymm11, %ymm0
-        vpsrlq	$63, %ymm12, %ymm1
-        vpsrlq	$63, %ymm13, %ymm2
-        vpsrlq	$63, %ymm14, %ymm3
-        vpsrlq	$63, %ymm10, %ymm4
-        vpaddq	%ymm11, %ymm11, %ymm5
-        vpaddq	%ymm12, %ymm12, %ymm6
-        vpaddq	%ymm13, %ymm13, %ymm7
-        vpaddq	%ymm14, %ymm14, %ymm8
-        vpaddq	%ymm10, %ymm10, %ymm9
-        vpor	%ymm0, %ymm5, %ymm5
-        vpor	%ymm1, %ymm6, %ymm6
-        vpor	%ymm2, %ymm7, %ymm7
-        vpor	%ymm3, %ymm8, %ymm8
-        vpor	%ymm4, %ymm9, %ymm9
-        vpxor	%ymm14, %ymm5, %ymm5
-        vpxor	%ymm10, %ymm6, %ymm6
-        vpxor	%ymm11, %ymm7, %ymm7
-        vpxor	%ymm12, %ymm8, %ymm8
-        vpxor	%ymm13, %ymm9, %ymm9
-        # Row Mix
-        # Row 0
-        vpxor	%ymm15, %ymm5, %ymm10
-        vpxor	(%rax), %ymm6, %ymm11
-        vpxor	128(%rcx), %ymm7, %ymm12
-        vpxor	64(%rdi), %ymm8, %ymm13
-        vpxor	-64(%rcx), %ymm9, %ymm14
-        vpsrlq	$20, %ymm11, %ymm0
-        vpsrlq	$21, %ymm12, %ymm1
-        vpsrlq	$43, %ymm13, %ymm2
-        vpsrlq	$50, %ymm14, %ymm3
-        vpsllq	$44, %ymm11, %ymm11
-        vpsllq	$43, %ymm12, %ymm12
-        vpsllq	$21, %ymm13, %ymm13
-        vpsllq	$14, %ymm14, %ymm14
-        vpor	%ymm0, %ymm11, %ymm11
-        vpor	%ymm1, %ymm12, %ymm12
-        vpor	%ymm2, %ymm13, %ymm13
-        vpor	%ymm3, %ymm14, %ymm14
-        vpandn	%ymm12, %ymm11, %ymm15
-        vpandn	%ymm13, %ymm12, %ymm1
-        vpandn	%ymm14, %ymm13, %ymm2
-        vpandn	%ymm10, %ymm14, %ymm3
-        vpandn	%ymm11, %ymm10, %ymm4
-        vpxor	%ymm10, %ymm15, %ymm15
-        vpxor	%ymm11, %ymm1, %ymm1
-        vpxor	%ymm12, %ymm2, %ymm2
-        # XOR in constant
-        vpxor	192(%rdx), %ymm15, %ymm15
-        vpxor	%ymm13, %ymm3, %ymm3
-        vpxor	%ymm14, %ymm4, %ymm4
-        vmovdqu	%ymm1, (%rax)
-        vmovdqu	%ymm2, 128(%rcx)
-        vmovdqu	%ymm3, 64(%rdi)
-        vmovdqu	%ymm4, -64(%rcx)
-        # Row 1
-        vpxor	-96(%rdi), %ymm8, %ymm10
-        vpxor	32(%rax), %ymm9, %ymm11
-        vpxor	(%rcx), %ymm5, %ymm12
-        vpxor	96(%rdi), %ymm6, %ymm13
-        vpxor	-32(%rcx), %ymm7, %ymm14
-        vpsrlq	$36, %ymm10, %ymm0
-        vpsrlq	$44, %ymm11, %ymm1
-        vpsrlq	$61, %ymm12, %ymm2
-        vpsrlq	$19, %ymm13, %ymm3
-        vpsrlq	$3, %ymm14, %ymm4
-        vpsllq	$28, %ymm10, %ymm10
-        vpsllq	$20, %ymm11, %ymm11
-        vpsllq	$3, %ymm12, %ymm12
-        vpsllq	$45, %ymm13, %ymm13
-        vpsllq	$61, %ymm14, %ymm14
-        vpor	%ymm0, %ymm10, %ymm10
-        vpor	%ymm1, %ymm11, %ymm11
-        vpor	%ymm2, %ymm12, %ymm12
-        vpor	%ymm3, %ymm13, %ymm13
-        vpor	%ymm4, %ymm14, %ymm14
-        vpandn	%ymm12, %ymm11, %ymm0
-        vpandn	%ymm13, %ymm12, %ymm1
-        vpandn	%ymm14, %ymm13, %ymm2
-        vpandn	%ymm10, %ymm14, %ymm3
-        vpandn	%ymm11, %ymm10, %ymm4
-        vpxor	%ymm10, %ymm0, %ymm0
-        vpxor	%ymm11, %ymm1, %ymm1
-        vpxor	%ymm12, %ymm2, %ymm2
-        vpxor	%ymm13, %ymm3, %ymm3
-        vpxor	%ymm14, %ymm4, %ymm4
-        vmovdqu	%ymm0, -96(%rdi)
-        vmovdqu	%ymm1, 32(%rax)
-        vmovdqu	%ymm2, (%rcx)
-        vmovdqu	%ymm3, 96(%rdi)
-        vmovdqu	%ymm4, -32(%rcx)
-        # Row 2
-        vpxor	-64(%rdi), %ymm6, %ymm10
-        vpxor	64(%rax), %ymm7, %ymm11
-        vpxor	32(%rcx), %ymm8, %ymm12
-        vpxor	128(%rdi), %ymm9, %ymm13
-        vpxor	96(%rax), %ymm5, %ymm14
-        vpsrlq	$63, %ymm10, %ymm0
-        vpsrlq	$58, %ymm11, %ymm1
-        vpsrlq	$39, %ymm12, %ymm2
-        vpsrlq	$56, %ymm13, %ymm3
-        vpsrlq	$46, %ymm14, %ymm4
-        vpaddq	%ymm10, %ymm10, %ymm10
-        vpsllq	$6, %ymm11, %ymm11
-        vpsllq	$25, %ymm12, %ymm12
-        vpsllq	$8, %ymm13, %ymm13
-        vpsllq	$18, %ymm14, %ymm14
-        vpor	%ymm0, %ymm10, %ymm10
-        vpor	%ymm1, %ymm11, %ymm11
-        vpor	%ymm2, %ymm12, %ymm12
-        vpor	%ymm3, %ymm13, %ymm13
-        vpor	%ymm4, %ymm14, %ymm14
-        vpandn	%ymm12, %ymm11, %ymm0
-        vpandn	%ymm13, %ymm12, %ymm1
-        vpandn	%ymm14, %ymm13, %ymm2
-        vpandn	%ymm10, %ymm14, %ymm3
-        vpandn	%ymm11, %ymm10, %ymm4
-        vpxor	%ymm10, %ymm0, %ymm0
-        vpxor	%ymm11, %ymm1, %ymm1
-        vpxor	%ymm12, %ymm2, %ymm2
-        vpxor	%ymm13, %ymm3, %ymm3
-        vpxor	%ymm14, %ymm4, %ymm4
-        vmovdqu	%ymm0, -64(%rdi)
-        vmovdqu	%ymm1, 64(%rax)
-        vmovdqu	%ymm2, 32(%rcx)
-        vmovdqu	%ymm3, 128(%rdi)
-        vmovdqu	%ymm4, 96(%rax)
-        # Row 3
-        vpxor	-32(%rdi), %ymm9, %ymm10
-        vpxor	-64(%rax), %ymm5, %ymm11
-        vpxor	64(%rcx), %ymm6, %ymm12
-        vpxor	-96(%rax), %ymm7, %ymm13
-        vpxor	128(%rax), %ymm8, %ymm14
-        vpsrlq	$37, %ymm10, %ymm0
-        vpsrlq	$28, %ymm11, %ymm1
-        vpsrlq	$54, %ymm12, %ymm2
-        vpsrlq	$49, %ymm13, %ymm3
-        vpsrlq	$8, %ymm14, %ymm4
-        vpsllq	$27, %ymm10, %ymm10
-        vpsllq	$36, %ymm11, %ymm11
-        vpsllq	$10, %ymm12, %ymm12
-        vpsllq	$15, %ymm13, %ymm13
-        vpsllq	$56, %ymm14, %ymm14
-        vpor	%ymm0, %ymm10, %ymm10
-        vpor	%ymm1, %ymm11, %ymm11
-        vpor	%ymm2, %ymm12, %ymm12
-        vpor	%ymm3, %ymm13, %ymm13
-        vpor	%ymm4, %ymm14, %ymm14
-        vpandn	%ymm12, %ymm11, %ymm0
-        vpandn	%ymm13, %ymm12, %ymm1
-        vpandn	%ymm14, %ymm13, %ymm2
-        vpandn	%ymm10, %ymm14, %ymm3
-        vpandn	%ymm11, %ymm10, %ymm4
-        vpxor	%ymm10, %ymm0, %ymm0
-        vpxor	%ymm11, %ymm1, %ymm1
-        vpxor	%ymm12, %ymm2, %ymm2
-        vpxor	%ymm13, %ymm3, %ymm3
-        vpxor	%ymm14, %ymm4, %ymm4
-        vmovdqu	%ymm0, -32(%rdi)
-        vmovdqu	%ymm1, -64(%rax)
-        vmovdqu	%ymm2, 64(%rcx)
-        vmovdqu	%ymm3, -96(%rax)
-        vmovdqu	%ymm4, 128(%rax)
-        # Row 4
-        vpxor	(%rdi), %ymm7, %ymm10
-        vpxor	-32(%rax), %ymm8, %ymm11
-        vpxor	96(%rcx), %ymm9, %ymm12
-        vpxor	32(%rdi), %ymm5, %ymm13
-        vpxor	-96(%rcx), %ymm6, %ymm14
-        vpsrlq	$2, %ymm10, %ymm0
-        vpsrlq	$9, %ymm11, %ymm1
-        vpsrlq	$25, %ymm12, %ymm2
-        vpsrlq	$23, %ymm13, %ymm3
-        vpsrlq	$62, %ymm14, %ymm4
-        vpsllq	$62, %ymm10, %ymm10
-        vpsllq	$55, %ymm11, %ymm11
-        vpsllq	$39, %ymm12, %ymm12
-        vpsllq	$41, %ymm13, %ymm13
-        vpsllq	$2, %ymm14, %ymm14
-        vpor	%ymm0, %ymm10, %ymm10
-        vpor	%ymm1, %ymm11, %ymm11
-        vpor	%ymm2, %ymm12, %ymm12
-        vpor	%ymm3, %ymm13, %ymm13
-        vpor	%ymm4, %ymm14, %ymm14
-        vpandn	%ymm12, %ymm11, %ymm0
-        vpandn	%ymm13, %ymm12, %ymm1
-        vpandn	%ymm14, %ymm13, %ymm2
-        vpandn	%ymm10, %ymm14, %ymm3
-        vpandn	%ymm11, %ymm10, %ymm4
-        vpxor	%ymm10, %ymm0, %ymm0
-        vpxor	%ymm11, %ymm1, %ymm1
-        vpxor	%ymm12, %ymm2, %ymm2
-        vpxor	%ymm13, %ymm3, %ymm3
-        vpxor	%ymm14, %ymm4, %ymm4
-        vmovdqu	%ymm0, (%rdi)
-        vmovdqu	%ymm1, -32(%rax)
-        vmovdqu	%ymm2, 96(%rcx)
-        vmovdqu	%ymm3, 32(%rdi)
-        vmovdqu	%ymm4, -96(%rcx)
-        # Round 7
-        # Calc b[0..4]
-        vpxor	%ymm15, %ymm0, %ymm10
-        vpxor	-96(%rdi), %ymm10, %ymm10
-        vpxor	-64(%rdi), %ymm10, %ymm10
-        vpxor	-32(%rdi), %ymm10, %ymm10
-        vpxor	64(%rdi), %ymm3, %ymm13
-        vpxor	96(%rdi), %ymm13, %ymm13
-        vpxor	128(%rdi), %ymm13, %ymm13
-        vpxor	-96(%rax), %ymm13, %ymm13
-        vpxor	-64(%rax), %ymm1, %ymm11
-        vpxor	(%rax), %ymm11, %ymm11
-        vpxor	32(%rax), %ymm11, %ymm11
-        vpxor	64(%rax), %ymm11, %ymm11
-        vpxor	96(%rax), %ymm4, %ymm14
-        vpxor	128(%rax), %ymm14, %ymm14
-        vpxor	-64(%rcx), %ymm14, %ymm14
-        vpxor	-32(%rcx), %ymm14, %ymm14
-        vpxor	(%rcx), %ymm2, %ymm12
-        vpxor	32(%rcx), %ymm12, %ymm12
-        vpxor	64(%rcx), %ymm12, %ymm12
-        vpxor	128(%rcx), %ymm12, %ymm12
-        # Calc t[0..4]
-        vpsrlq	$63, %ymm11, %ymm0
-        vpsrlq	$63, %ymm12, %ymm1
-        vpsrlq	$63, %ymm13, %ymm2
-        vpsrlq	$63, %ymm14, %ymm3
-        vpsrlq	$63, %ymm10, %ymm4
-        vpaddq	%ymm11, %ymm11, %ymm5
-        vpaddq	%ymm12, %ymm12, %ymm6
-        vpaddq	%ymm13, %ymm13, %ymm7
-        vpaddq	%ymm14, %ymm14, %ymm8
-        vpaddq	%ymm10, %ymm10, %ymm9
-        vpor	%ymm0, %ymm5, %ymm5
-        vpor	%ymm1, %ymm6, %ymm6
-        vpor	%ymm2, %ymm7, %ymm7
-        vpor	%ymm3, %ymm8, %ymm8
-        vpor	%ymm4, %ymm9, %ymm9
-        vpxor	%ymm14, %ymm5, %ymm5
-        vpxor	%ymm10, %ymm6, %ymm6
-        vpxor	%ymm11, %ymm7, %ymm7
-        vpxor	%ymm12, %ymm8, %ymm8
-        vpxor	%ymm13, %ymm9, %ymm9
-        # Row Mix
-        # Row 0
-        vpxor	%ymm15, %ymm5, %ymm10
-        vpxor	32(%rax), %ymm6, %ymm11
-        vpxor	32(%rcx), %ymm7, %ymm12
-        vpxor	-96(%rax), %ymm8, %ymm13
-        vpxor	-96(%rcx), %ymm9, %ymm14
-        vpsrlq	$20, %ymm11, %ymm0
-        vpsrlq	$21, %ymm12, %ymm1
-        vpsrlq	$43, %ymm13, %ymm2
-        vpsrlq	$50, %ymm14, %ymm3
-        vpsllq	$44, %ymm11, %ymm11
-        vpsllq	$43, %ymm12, %ymm12
-        vpsllq	$21, %ymm13, %ymm13
-        vpsllq	$14, %ymm14, %ymm14
-        vpor	%ymm0, %ymm11, %ymm11
-        vpor	%ymm1, %ymm12, %ymm12
-        vpor	%ymm2, %ymm13, %ymm13
-        vpor	%ymm3, %ymm14, %ymm14
-        vpandn	%ymm12, %ymm11, %ymm15
-        vpandn	%ymm13, %ymm12, %ymm1
-        vpandn	%ymm14, %ymm13, %ymm2
-        vpandn	%ymm10, %ymm14, %ymm3
-        vpandn	%ymm11, %ymm10, %ymm4
-        vpxor	%ymm10, %ymm15, %ymm15
-        vpxor	%ymm11, %ymm1, %ymm1
-        vpxor	%ymm12, %ymm2, %ymm2
-        # XOR in constant
-        vpxor	224(%rdx), %ymm15, %ymm15
-        vpxor	%ymm13, %ymm3, %ymm3
-        vpxor	%ymm14, %ymm4, %ymm4
-        vmovdqu	%ymm1, 32(%rax)
-        vmovdqu	%ymm2, 32(%rcx)
-        vmovdqu	%ymm3, -96(%rax)
-        vmovdqu	%ymm4, -96(%rcx)
-        # Row 1
-        vpxor	64(%rdi), %ymm8, %ymm10
-        vpxor	-32(%rcx), %ymm9, %ymm11
-        vpxor	-64(%rdi), %ymm5, %ymm12
-        vpxor	-64(%rax), %ymm6, %ymm13
-        vpxor	96(%rcx), %ymm7, %ymm14
-        vpsrlq	$36, %ymm10, %ymm0
-        vpsrlq	$44, %ymm11, %ymm1
-        vpsrlq	$61, %ymm12, %ymm2
-        vpsrlq	$19, %ymm13, %ymm3
-        vpsrlq	$3, %ymm14, %ymm4
-        vpsllq	$28, %ymm10, %ymm10
-        vpsllq	$20, %ymm11, %ymm11
-        vpsllq	$3, %ymm12, %ymm12
-        vpsllq	$45, %ymm13, %ymm13
-        vpsllq	$61, %ymm14, %ymm14
-        vpor	%ymm0, %ymm10, %ymm10
-        vpor	%ymm1, %ymm11, %ymm11
-        vpor	%ymm2, %ymm12, %ymm12
-        vpor	%ymm3, %ymm13, %ymm13
-        vpor	%ymm4, %ymm14, %ymm14
-        vpandn	%ymm12, %ymm11, %ymm0
-        vpandn	%ymm13, %ymm12, %ymm1
-        vpandn	%ymm14, %ymm13, %ymm2
-        vpandn	%ymm10, %ymm14, %ymm3
-        vpandn	%ymm11, %ymm10, %ymm4
-        vpxor	%ymm10, %ymm0, %ymm0
-        vpxor	%ymm11, %ymm1, %ymm1
-        vpxor	%ymm12, %ymm2, %ymm2
-        vpxor	%ymm13, %ymm3, %ymm3
-        vpxor	%ymm14, %ymm4, %ymm4
-        vmovdqu	%ymm0, 64(%rdi)
-        vmovdqu	%ymm1, -32(%rcx)
-        vmovdqu	%ymm2, -64(%rdi)
-        vmovdqu	%ymm3, -64(%rax)
-        vmovdqu	%ymm4, 96(%rcx)
-        # Row 2
-        vpxor	(%rax), %ymm6, %ymm10
-        vpxor	(%rcx), %ymm7, %ymm11
-        vpxor	128(%rdi), %ymm8, %ymm12
-        vpxor	128(%rax), %ymm9, %ymm13
-        vpxor	(%rdi), %ymm5, %ymm14
-        vpsrlq	$63, %ymm10, %ymm0
-        vpsrlq	$58, %ymm11, %ymm1
-        vpsrlq	$39, %ymm12, %ymm2
-        vpsrlq	$56, %ymm13, %ymm3
-        vpsrlq	$46, %ymm14, %ymm4
-        vpaddq	%ymm10, %ymm10, %ymm10
-        vpsllq	$6, %ymm11, %ymm11
-        vpsllq	$25, %ymm12, %ymm12
-        vpsllq	$8, %ymm13, %ymm13
-        vpsllq	$18, %ymm14, %ymm14
-        vpor	%ymm0, %ymm10, %ymm10
-        vpor	%ymm1, %ymm11, %ymm11
-        vpor	%ymm2, %ymm12, %ymm12
-        vpor	%ymm3, %ymm13, %ymm13
-        vpor	%ymm4, %ymm14, %ymm14
-        vpandn	%ymm12, %ymm11, %ymm0
-        vpandn	%ymm13, %ymm12, %ymm1
-        vpandn	%ymm14, %ymm13, %ymm2
-        vpandn	%ymm10, %ymm14, %ymm3
-        vpandn	%ymm11, %ymm10, %ymm4
-        vpxor	%ymm10, %ymm0, %ymm0
-        vpxor	%ymm11, %ymm1, %ymm1
-        vpxor	%ymm12, %ymm2, %ymm2
-        vpxor	%ymm13, %ymm3, %ymm3
-        vpxor	%ymm14, %ymm4, %ymm4
-        vmovdqu	%ymm0, (%rax)
-        vmovdqu	%ymm1, (%rcx)
-        vmovdqu	%ymm2, 128(%rdi)
-        vmovdqu	%ymm3, 128(%rax)
-        vmovdqu	%ymm4, (%rdi)
-        # Row 3
-        vpxor	-64(%rcx), %ymm9, %ymm10
-        vpxor	-96(%rdi), %ymm5, %ymm11
-        vpxor	64(%rax), %ymm6, %ymm12
-        vpxor	64(%rcx), %ymm7, %ymm13
-        vpxor	32(%rdi), %ymm8, %ymm14
-        vpsrlq	$37, %ymm10, %ymm0
-        vpsrlq	$28, %ymm11, %ymm1
-        vpsrlq	$54, %ymm12, %ymm2
-        vpsrlq	$49, %ymm13, %ymm3
-        vpsrlq	$8, %ymm14, %ymm4
-        vpsllq	$27, %ymm10, %ymm10
-        vpsllq	$36, %ymm11, %ymm11
-        vpsllq	$10, %ymm12, %ymm12
-        vpsllq	$15, %ymm13, %ymm13
-        vpsllq	$56, %ymm14, %ymm14
-        vpor	%ymm0, %ymm10, %ymm10
-        vpor	%ymm1, %ymm11, %ymm11
-        vpor	%ymm2, %ymm12, %ymm12
-        vpor	%ymm3, %ymm13, %ymm13
-        vpor	%ymm4, %ymm14, %ymm14
-        vpandn	%ymm12, %ymm11, %ymm0
-        vpandn	%ymm13, %ymm12, %ymm1
-        vpandn	%ymm14, %ymm13, %ymm2
-        vpandn	%ymm10, %ymm14, %ymm3
-        vpandn	%ymm11, %ymm10, %ymm4
-        vpxor	%ymm10, %ymm0, %ymm0
-        vpxor	%ymm11, %ymm1, %ymm1
-        vpxor	%ymm12, %ymm2, %ymm2
-        vpxor	%ymm13, %ymm3, %ymm3
-        vpxor	%ymm14, %ymm4, %ymm4
-        vmovdqu	%ymm0, -64(%rcx)
-        vmovdqu	%ymm1, -96(%rdi)
-        vmovdqu	%ymm2, 64(%rax)
-        vmovdqu	%ymm3, 64(%rcx)
-        vmovdqu	%ymm4, 32(%rdi)
-        # Row 4
-        vpxor	128(%rcx), %ymm7, %ymm10
-        vpxor	96(%rdi), %ymm8, %ymm11
-        vpxor	96(%rax), %ymm9, %ymm12
-        vpxor	-32(%rdi), %ymm5, %ymm13
-        vpxor	-32(%rax), %ymm6, %ymm14
-        vpsrlq	$2, %ymm10, %ymm0
-        vpsrlq	$9, %ymm11, %ymm1
-        vpsrlq	$25, %ymm12, %ymm2
-        vpsrlq	$23, %ymm13, %ymm3
-        vpsrlq	$62, %ymm14, %ymm4
-        vpsllq	$62, %ymm10, %ymm10
-        vpsllq	$55, %ymm11, %ymm11
-        vpsllq	$39, %ymm12, %ymm12
-        vpsllq	$41, %ymm13, %ymm13
-        vpsllq	$2, %ymm14, %ymm14
-        vpor	%ymm0, %ymm10, %ymm10
-        vpor	%ymm1, %ymm11, %ymm11
-        vpor	%ymm2, %ymm12, %ymm12
-        vpor	%ymm3, %ymm13, %ymm13
-        vpor	%ymm4, %ymm14, %ymm14
-        vpandn	%ymm12, %ymm11, %ymm0
-        vpandn	%ymm13, %ymm12, %ymm1
-        vpandn	%ymm14, %ymm13, %ymm2
-        vpandn	%ymm10, %ymm14, %ymm3
-        vpandn	%ymm11, %ymm10, %ymm4
-        vpxor	%ymm10, %ymm0, %ymm0
-        vpxor	%ymm11, %ymm1, %ymm1
-        vpxor	%ymm12, %ymm2, %ymm2
-        vpxor	%ymm13, %ymm3, %ymm3
-        vpxor	%ymm14, %ymm4, %ymm4
-        vmovdqu	%ymm0, 128(%rcx)
-        vmovdqu	%ymm1, 96(%rdi)
-        vmovdqu	%ymm2, 96(%rax)
-        vmovdqu	%ymm3, -32(%rdi)
-        vmovdqu	%ymm4, -32(%rax)
-        # Round 8
-        # Calc b[0..4]
-        vpxor	%ymm15, %ymm0, %ymm10
-        vpxor	-96(%rdi), %ymm1, %ymm11
-        vpxor	-64(%rdi), %ymm2, %ymm12
-        vpxor	(%rdi), %ymm4, %ymm14
-        vpxor	32(%rdi), %ymm14, %ymm14
-        vpxor	64(%rdi), %ymm10, %ymm10
-        vpxor	128(%rdi), %ymm12, %ymm12
-        vpxor	-96(%rax), %ymm3, %ymm13
-        vpxor	-64(%rax), %ymm13, %ymm13
-        vpxor	(%rax), %ymm10, %ymm10
-        vpxor	32(%rax), %ymm11, %ymm11
-        vpxor	64(%rax), %ymm12, %ymm12
-        vpxor	128(%rax), %ymm13, %ymm13
-        vpxor	-96(%rcx), %ymm14, %ymm14
-        vpxor	-64(%rcx), %ymm10, %ymm10
-        vpxor	-32(%rcx), %ymm11, %ymm11
-        vpxor	(%rcx), %ymm11, %ymm11
-        vpxor	32(%rcx), %ymm12, %ymm12
-        vpxor	64(%rcx), %ymm13, %ymm13
-        vpxor	96(%rcx), %ymm14, %ymm14
-        # Calc t[0..4]
-        vpsrlq	$63, %ymm11, %ymm0
-        vpsrlq	$63, %ymm12, %ymm1
-        vpsrlq	$63, %ymm13, %ymm2
-        vpsrlq	$63, %ymm14, %ymm3
-        vpsrlq	$63, %ymm10, %ymm4
-        vpaddq	%ymm11, %ymm11, %ymm5
-        vpaddq	%ymm12, %ymm12, %ymm6
-        vpaddq	%ymm13, %ymm13, %ymm7
-        vpaddq	%ymm14, %ymm14, %ymm8
-        vpaddq	%ymm10, %ymm10, %ymm9
-        vpor	%ymm0, %ymm5, %ymm5
-        vpor	%ymm1, %ymm6, %ymm6
-        vpor	%ymm2, %ymm7, %ymm7
-        vpor	%ymm3, %ymm8, %ymm8
-        vpor	%ymm4, %ymm9, %ymm9
-        vpxor	%ymm14, %ymm5, %ymm5
-        vpxor	%ymm10, %ymm6, %ymm6
-        vpxor	%ymm11, %ymm7, %ymm7
-        vpxor	%ymm12, %ymm8, %ymm8
-        vpxor	%ymm13, %ymm9, %ymm9
-        # Row Mix
-        # Row 0
-        vpxor	%ymm15, %ymm5, %ymm10
-        vpxor	-32(%rcx), %ymm6, %ymm11
-        vpxor	128(%rdi), %ymm7, %ymm12
-        vpxor	64(%rcx), %ymm8, %ymm13
-        vpxor	-32(%rax), %ymm9, %ymm14
-        vpsrlq	$20, %ymm11, %ymm0
-        vpsrlq	$21, %ymm12, %ymm1
-        vpsrlq	$43, %ymm13, %ymm2
-        vpsrlq	$50, %ymm14, %ymm3
-        vpsllq	$44, %ymm11, %ymm11
-        vpsllq	$43, %ymm12, %ymm12
-        vpsllq	$21, %ymm13, %ymm13
-        vpsllq	$14, %ymm14, %ymm14
-        vpor	%ymm0, %ymm11, %ymm11
-        vpor	%ymm1, %ymm12, %ymm12
-        vpor	%ymm2, %ymm13, %ymm13
-        vpor	%ymm3, %ymm14, %ymm14
-        vpandn	%ymm12, %ymm11, %ymm15
-        vpandn	%ymm13, %ymm12, %ymm1
-        vpandn	%ymm14, %ymm13, %ymm2
-        vpandn	%ymm10, %ymm14, %ymm3
-        vpandn	%ymm11, %ymm10, %ymm4
-        vpxor	%ymm10, %ymm15, %ymm15
-        vpxor	%ymm11, %ymm1, %ymm1
-        vpxor	%ymm12, %ymm2, %ymm2
-        # XOR in constant
-        vpxor	256(%rdx), %ymm15, %ymm15
-        vpxor	%ymm13, %ymm3, %ymm3
-        vpxor	%ymm14, %ymm4, %ymm4
-        vmovdqu	%ymm1, -32(%rcx)
-        vmovdqu	%ymm2, 128(%rdi)
-        vmovdqu	%ymm3, 64(%rcx)
-        vmovdqu	%ymm4, -32(%rax)
-        # Row 1
-        vpxor	-96(%rax), %ymm8, %ymm10
-        vpxor	96(%rcx), %ymm9, %ymm11
-        vpxor	(%rax), %ymm5, %ymm12
-        vpxor	-96(%rdi), %ymm6, %ymm13
-        vpxor	96(%rax), %ymm7, %ymm14
-        vpsrlq	$36, %ymm10, %ymm0
-        vpsrlq	$44, %ymm11, %ymm1
-        vpsrlq	$61, %ymm12, %ymm2
-        vpsrlq	$19, %ymm13, %ymm3
-        vpsrlq	$3, %ymm14, %ymm4
-        vpsllq	$28, %ymm10, %ymm10
-        vpsllq	$20, %ymm11, %ymm11
-        vpsllq	$3, %ymm12, %ymm12
-        vpsllq	$45, %ymm13, %ymm13
-        vpsllq	$61, %ymm14, %ymm14
-        vpor	%ymm0, %ymm10, %ymm10
-        vpor	%ymm1, %ymm11, %ymm11
-        vpor	%ymm2, %ymm12, %ymm12
-        vpor	%ymm3, %ymm13, %ymm13
-        vpor	%ymm4, %ymm14, %ymm14
-        vpandn	%ymm12, %ymm11, %ymm0
-        vpandn	%ymm13, %ymm12, %ymm1
-        vpandn	%ymm14, %ymm13, %ymm2
-        vpandn	%ymm10, %ymm14, %ymm3
-        vpandn	%ymm11, %ymm10, %ymm4
-        vpxor	%ymm10, %ymm0, %ymm0
-        vpxor	%ymm11, %ymm1, %ymm1
-        vpxor	%ymm12, %ymm2, %ymm2
-        vpxor	%ymm13, %ymm3, %ymm3
-        vpxor	%ymm14, %ymm4, %ymm4
-        vmovdqu	%ymm0, -96(%rax)
-        vmovdqu	%ymm1, 96(%rcx)
-        vmovdqu	%ymm2, (%rax)
-        vmovdqu	%ymm3, -96(%rdi)
-        vmovdqu	%ymm4, 96(%rax)
-        # Row 2
-        vpxor	32(%rax), %ymm6, %ymm10
-        vpxor	-64(%rdi), %ymm7, %ymm11
-        vpxor	128(%rax), %ymm8, %ymm12
-        vpxor	32(%rdi), %ymm9, %ymm13
-        vpxor	128(%rcx), %ymm5, %ymm14
-        vpsrlq	$63, %ymm10, %ymm0
-        vpsrlq	$58, %ymm11, %ymm1
-        vpsrlq	$39, %ymm12, %ymm2
-        vpsrlq	$56, %ymm13, %ymm3
-        vpsrlq	$46, %ymm14, %ymm4
-        vpaddq	%ymm10, %ymm10, %ymm10
-        vpsllq	$6, %ymm11, %ymm11
-        vpsllq	$25, %ymm12, %ymm12
-        vpsllq	$8, %ymm13, %ymm13
-        vpsllq	$18, %ymm14, %ymm14
-        vpor	%ymm0, %ymm10, %ymm10
-        vpor	%ymm1, %ymm11, %ymm11
-        vpor	%ymm2, %ymm12, %ymm12
-        vpor	%ymm3, %ymm13, %ymm13
-        vpor	%ymm4, %ymm14, %ymm14
-        vpandn	%ymm12, %ymm11, %ymm0
-        vpandn	%ymm13, %ymm12, %ymm1
-        vpandn	%ymm14, %ymm13, %ymm2
-        vpandn	%ymm10, %ymm14, %ymm3
-        vpandn	%ymm11, %ymm10, %ymm4
-        vpxor	%ymm10, %ymm0, %ymm0
-        vpxor	%ymm11, %ymm1, %ymm1
-        vpxor	%ymm12, %ymm2, %ymm2
-        vpxor	%ymm13, %ymm3, %ymm3
-        vpxor	%ymm14, %ymm4, %ymm4
-        vmovdqu	%ymm0, 32(%rax)
-        vmovdqu	%ymm1, -64(%rdi)
-        vmovdqu	%ymm2, 128(%rax)
-        vmovdqu	%ymm3, 32(%rdi)
-        vmovdqu	%ymm4, 128(%rcx)
-        # Row 3
-        vpxor	-96(%rcx), %ymm9, %ymm10
-        vpxor	64(%rdi), %ymm5, %ymm11
-        vpxor	(%rcx), %ymm6, %ymm12
-        vpxor	64(%rax), %ymm7, %ymm13
-        vpxor	-32(%rdi), %ymm8, %ymm14
-        vpsrlq	$37, %ymm10, %ymm0
-        vpsrlq	$28, %ymm11, %ymm1
-        vpsrlq	$54, %ymm12, %ymm2
-        vpsrlq	$49, %ymm13, %ymm3
-        vpsrlq	$8, %ymm14, %ymm4
-        vpsllq	$27, %ymm10, %ymm10
-        vpsllq	$36, %ymm11, %ymm11
-        vpsllq	$10, %ymm12, %ymm12
-        vpsllq	$15, %ymm13, %ymm13
-        vpsllq	$56, %ymm14, %ymm14
-        vpor	%ymm0, %ymm10, %ymm10
-        vpor	%ymm1, %ymm11, %ymm11
-        vpor	%ymm2, %ymm12, %ymm12
-        vpor	%ymm3, %ymm13, %ymm13
-        vpor	%ymm4, %ymm14, %ymm14
-        vpandn	%ymm12, %ymm11, %ymm0
-        vpandn	%ymm13, %ymm12, %ymm1
-        vpandn	%ymm14, %ymm13, %ymm2
-        vpandn	%ymm10, %ymm14, %ymm3
-        vpandn	%ymm11, %ymm10, %ymm4
-        vpxor	%ymm10, %ymm0, %ymm0
-        vpxor	%ymm11, %ymm1, %ymm1
-        vpxor	%ymm12, %ymm2, %ymm2
-        vpxor	%ymm13, %ymm3, %ymm3
-        vpxor	%ymm14, %ymm4, %ymm4
-        vmovdqu	%ymm0, -96(%rcx)
-        vmovdqu	%ymm1, 64(%rdi)
-        vmovdqu	%ymm2, (%rcx)
-        vmovdqu	%ymm3, 64(%rax)
-        vmovdqu	%ymm4, -32(%rdi)
-        # Row 4
-        vpxor	32(%rcx), %ymm7, %ymm10
-        vpxor	-64(%rax), %ymm8, %ymm11
-        vpxor	(%rdi), %ymm9, %ymm12
-        vpxor	-64(%rcx), %ymm5, %ymm13
-        vpxor	96(%rdi), %ymm6, %ymm14
-        vpsrlq	$2, %ymm10, %ymm0
-        vpsrlq	$9, %ymm11, %ymm1
-        vpsrlq	$25, %ymm12, %ymm2
-        vpsrlq	$23, %ymm13, %ymm3
-        vpsrlq	$62, %ymm14, %ymm4
-        vpsllq	$62, %ymm10, %ymm10
-        vpsllq	$55, %ymm11, %ymm11
-        vpsllq	$39, %ymm12, %ymm12
-        vpsllq	$41, %ymm13, %ymm13
-        vpsllq	$2, %ymm14, %ymm14
-        vpor	%ymm0, %ymm10, %ymm10
-        vpor	%ymm1, %ymm11, %ymm11
-        vpor	%ymm2, %ymm12, %ymm12
-        vpor	%ymm3, %ymm13, %ymm13
-        vpor	%ymm4, %ymm14, %ymm14
-        vpandn	%ymm12, %ymm11, %ymm0
-        vpandn	%ymm13, %ymm12, %ymm1
-        vpandn	%ymm14, %ymm13, %ymm2
-        vpandn	%ymm10, %ymm14, %ymm3
-        vpandn	%ymm11, %ymm10, %ymm4
-        vpxor	%ymm10, %ymm0, %ymm0
-        vpxor	%ymm11, %ymm1, %ymm1
-        vpxor	%ymm12, %ymm2, %ymm2
-        vpxor	%ymm13, %ymm3, %ymm3
-        vpxor	%ymm14, %ymm4, %ymm4
-        vmovdqu	%ymm0, 32(%rcx)
-        vmovdqu	%ymm1, -64(%rax)
-        vmovdqu	%ymm2, (%rdi)
-        vmovdqu	%ymm3, -64(%rcx)
-        vmovdqu	%ymm4, 96(%rdi)
-        # Round 9
-        # Calc b[0..4]
-        vpxor	%ymm15, %ymm0, %ymm10
-        vpxor	-96(%rdi), %ymm3, %ymm13
-        vpxor	-64(%rdi), %ymm1, %ymm11
-        vpxor	-32(%rdi), %ymm4, %ymm14
-        vpxor	32(%rdi), %ymm13, %ymm13
-        vpxor	64(%rdi), %ymm11, %ymm11
-        vpxor	128(%rdi), %ymm2, %ymm12
-        vpxor	-96(%rax), %ymm10, %ymm10
-        vpxor	-32(%rax), %ymm14, %ymm14
-        vpxor	(%rax), %ymm12, %ymm12
-        vpxor	32(%rax), %ymm10, %ymm10
-        vpxor	64(%rax), %ymm13, %ymm13
-        vpxor	96(%rax), %ymm14, %ymm14
-        vpxor	128(%rax), %ymm12, %ymm12
-        vpxor	-96(%rcx), %ymm10, %ymm10
-        vpxor	-32(%rcx), %ymm11, %ymm11
-        vpxor	(%rcx), %ymm12, %ymm12
-        vpxor	64(%rcx), %ymm13, %ymm13
-        vpxor	96(%rcx), %ymm11, %ymm11
-        vpxor	128(%rcx), %ymm14, %ymm14
-        # Calc t[0..4]
-        vpsrlq	$63, %ymm11, %ymm0
-        vpsrlq	$63, %ymm12, %ymm1
-        vpsrlq	$63, %ymm13, %ymm2
-        vpsrlq	$63, %ymm14, %ymm3
-        vpsrlq	$63, %ymm10, %ymm4
-        vpaddq	%ymm11, %ymm11, %ymm5
-        vpaddq	%ymm12, %ymm12, %ymm6
-        vpaddq	%ymm13, %ymm13, %ymm7
-        vpaddq	%ymm14, %ymm14, %ymm8
-        vpaddq	%ymm10, %ymm10, %ymm9
-        vpor	%ymm0, %ymm5, %ymm5
-        vpor	%ymm1, %ymm6, %ymm6
-        vpor	%ymm2, %ymm7, %ymm7
-        vpor	%ymm3, %ymm8, %ymm8
-        vpor	%ymm4, %ymm9, %ymm9
-        vpxor	%ymm14, %ymm5, %ymm5
-        vpxor	%ymm10, %ymm6, %ymm6
-        vpxor	%ymm11, %ymm7, %ymm7
-        vpxor	%ymm12, %ymm8, %ymm8
-        vpxor	%ymm13, %ymm9, %ymm9
-        # Row Mix
-        # Row 0
-        vpxor	%ymm15, %ymm5, %ymm10
-        vpxor	96(%rcx), %ymm6, %ymm11
-        vpxor	128(%rax), %ymm7, %ymm12
-        vpxor	64(%rax), %ymm8, %ymm13
-        vpxor	96(%rdi), %ymm9, %ymm14
-        vpsrlq	$20, %ymm11, %ymm0
-        vpsrlq	$21, %ymm12, %ymm1
-        vpsrlq	$43, %ymm13, %ymm2
-        vpsrlq	$50, %ymm14, %ymm3
-        vpsllq	$44, %ymm11, %ymm11
-        vpsllq	$43, %ymm12, %ymm12
-        vpsllq	$21, %ymm13, %ymm13
-        vpsllq	$14, %ymm14, %ymm14
-        vpor	%ymm0, %ymm11, %ymm11
-        vpor	%ymm1, %ymm12, %ymm12
-        vpor	%ymm2, %ymm13, %ymm13
-        vpor	%ymm3, %ymm14, %ymm14
-        vpandn	%ymm12, %ymm11, %ymm15
-        vpandn	%ymm13, %ymm12, %ymm1
-        vpandn	%ymm14, %ymm13, %ymm2
-        vpandn	%ymm10, %ymm14, %ymm3
-        vpandn	%ymm11, %ymm10, %ymm4
-        vpxor	%ymm10, %ymm15, %ymm15
-        vpxor	%ymm11, %ymm1, %ymm1
-        vpxor	%ymm12, %ymm2, %ymm2
-        # XOR in constant
-        vpxor	288(%rdx), %ymm15, %ymm15
-        vpxor	%ymm13, %ymm3, %ymm3
-        vpxor	%ymm14, %ymm4, %ymm4
-        vmovdqu	%ymm1, 96(%rcx)
-        vmovdqu	%ymm2, 128(%rax)
-        vmovdqu	%ymm3, 64(%rax)
-        vmovdqu	%ymm4, 96(%rdi)
-        # Row 1
-        vpxor	64(%rcx), %ymm8, %ymm10
-        vpxor	96(%rax), %ymm9, %ymm11
-        vpxor	32(%rax), %ymm5, %ymm12
-        vpxor	64(%rdi), %ymm6, %ymm13
-        vpxor	(%rdi), %ymm7, %ymm14
-        vpsrlq	$36, %ymm10, %ymm0
-        vpsrlq	$44, %ymm11, %ymm1
-        vpsrlq	$61, %ymm12, %ymm2
-        vpsrlq	$19, %ymm13, %ymm3
-        vpsrlq	$3, %ymm14, %ymm4
-        vpsllq	$28, %ymm10, %ymm10
-        vpsllq	$20, %ymm11, %ymm11
-        vpsllq	$3, %ymm12, %ymm12
-        vpsllq	$45, %ymm13, %ymm13
-        vpsllq	$61, %ymm14, %ymm14
-        vpor	%ymm0, %ymm10, %ymm10
-        vpor	%ymm1, %ymm11, %ymm11
-        vpor	%ymm2, %ymm12, %ymm12
-        vpor	%ymm3, %ymm13, %ymm13
-        vpor	%ymm4, %ymm14, %ymm14
-        vpandn	%ymm12, %ymm11, %ymm0
-        vpandn	%ymm13, %ymm12, %ymm1
-        vpandn	%ymm14, %ymm13, %ymm2
-        vpandn	%ymm10, %ymm14, %ymm3
-        vpandn	%ymm11, %ymm10, %ymm4
-        vpxor	%ymm10, %ymm0, %ymm0
-        vpxor	%ymm11, %ymm1, %ymm1
-        vpxor	%ymm12, %ymm2, %ymm2
-        vpxor	%ymm13, %ymm3, %ymm3
-        vpxor	%ymm14, %ymm4, %ymm4
-        vmovdqu	%ymm0, 64(%rcx)
-        vmovdqu	%ymm1, 96(%rax)
-        vmovdqu	%ymm2, 32(%rax)
-        vmovdqu	%ymm3, 64(%rdi)
-        vmovdqu	%ymm4, (%rdi)
-        # Row 2
-        vpxor	-32(%rcx), %ymm6, %ymm10
-        vpxor	(%rax), %ymm7, %ymm11
-        vpxor	32(%rdi), %ymm8, %ymm12
-        vpxor	-32(%rdi), %ymm9, %ymm13
-        vpxor	32(%rcx), %ymm5, %ymm14
-        vpsrlq	$63, %ymm10, %ymm0
-        vpsrlq	$58, %ymm11, %ymm1
-        vpsrlq	$39, %ymm12, %ymm2
-        vpsrlq	$56, %ymm13, %ymm3
-        vpsrlq	$46, %ymm14, %ymm4
-        vpaddq	%ymm10, %ymm10, %ymm10
-        vpsllq	$6, %ymm11, %ymm11
-        vpsllq	$25, %ymm12, %ymm12
-        vpsllq	$8, %ymm13, %ymm13
-        vpsllq	$18, %ymm14, %ymm14
-        vpor	%ymm0, %ymm10, %ymm10
-        vpor	%ymm1, %ymm11, %ymm11
-        vpor	%ymm2, %ymm12, %ymm12
-        vpor	%ymm3, %ymm13, %ymm13
-        vpor	%ymm4, %ymm14, %ymm14
-        vpandn	%ymm12, %ymm11, %ymm0
-        vpandn	%ymm13, %ymm12, %ymm1
-        vpandn	%ymm14, %ymm13, %ymm2
-        vpandn	%ymm10, %ymm14, %ymm3
-        vpandn	%ymm11, %ymm10, %ymm4
-        vpxor	%ymm10, %ymm0, %ymm0
-        vpxor	%ymm11, %ymm1, %ymm1
-        vpxor	%ymm12, %ymm2, %ymm2
-        vpxor	%ymm13, %ymm3, %ymm3
-        vpxor	%ymm14, %ymm4, %ymm4
-        vmovdqu	%ymm0, -32(%rcx)
-        vmovdqu	%ymm1, (%rax)
-        vmovdqu	%ymm2, 32(%rdi)
-        vmovdqu	%ymm3, -32(%rdi)
-        vmovdqu	%ymm4, 32(%rcx)
-        # Row 3
-        vpxor	-32(%rax), %ymm9, %ymm10
-        vpxor	-96(%rax), %ymm5, %ymm11
-        vpxor	-64(%rdi), %ymm6, %ymm12
-        vpxor	(%rcx), %ymm7, %ymm13
-        vpxor	-64(%rcx), %ymm8, %ymm14
-        vpsrlq	$37, %ymm10, %ymm0
-        vpsrlq	$28, %ymm11, %ymm1
-        vpsrlq	$54, %ymm12, %ymm2
-        vpsrlq	$49, %ymm13, %ymm3
-        vpsrlq	$8, %ymm14, %ymm4
-        vpsllq	$27, %ymm10, %ymm10
-        vpsllq	$36, %ymm11, %ymm11
-        vpsllq	$10, %ymm12, %ymm12
-        vpsllq	$15, %ymm13, %ymm13
-        vpsllq	$56, %ymm14, %ymm14
-        vpor	%ymm0, %ymm10, %ymm10
-        vpor	%ymm1, %ymm11, %ymm11
-        vpor	%ymm2, %ymm12, %ymm12
-        vpor	%ymm3, %ymm13, %ymm13
-        vpor	%ymm4, %ymm14, %ymm14
-        vpandn	%ymm12, %ymm11, %ymm0
-        vpandn	%ymm13, %ymm12, %ymm1
-        vpandn	%ymm14, %ymm13, %ymm2
-        vpandn	%ymm10, %ymm14, %ymm3
-        vpandn	%ymm11, %ymm10, %ymm4
-        vpxor	%ymm10, %ymm0, %ymm0
-        vpxor	%ymm11, %ymm1, %ymm1
-        vpxor	%ymm12, %ymm2, %ymm2
-        vpxor	%ymm13, %ymm3, %ymm3
-        vpxor	%ymm14, %ymm4, %ymm4
-        vmovdqu	%ymm0, -32(%rax)
-        vmovdqu	%ymm1, -96(%rax)
-        vmovdqu	%ymm2, -64(%rdi)
-        vmovdqu	%ymm3, (%rcx)
-        vmovdqu	%ymm4, -64(%rcx)
-        # Row 4
-        vpxor	128(%rdi), %ymm7, %ymm10
-        vpxor	-96(%rdi), %ymm8, %ymm11
-        vpxor	128(%rcx), %ymm9, %ymm12
-        vpxor	-96(%rcx), %ymm5, %ymm13
-        vpxor	-64(%rax), %ymm6, %ymm14
-        vpsrlq	$2, %ymm10, %ymm0
-        vpsrlq	$9, %ymm11, %ymm1
-        vpsrlq	$25, %ymm12, %ymm2
-        vpsrlq	$23, %ymm13, %ymm3
-        vpsrlq	$62, %ymm14, %ymm4
-        vpsllq	$62, %ymm10, %ymm10
-        vpsllq	$55, %ymm11, %ymm11
-        vpsllq	$39, %ymm12, %ymm12
-        vpsllq	$41, %ymm13, %ymm13
-        vpsllq	$2, %ymm14, %ymm14
-        vpor	%ymm0, %ymm10, %ymm10
-        vpor	%ymm1, %ymm11, %ymm11
-        vpor	%ymm2, %ymm12, %ymm12
-        vpor	%ymm3, %ymm13, %ymm13
-        vpor	%ymm4, %ymm14, %ymm14
-        vpandn	%ymm12, %ymm11, %ymm0
-        vpandn	%ymm13, %ymm12, %ymm1
-        vpandn	%ymm14, %ymm13, %ymm2
-        vpandn	%ymm10, %ymm14, %ymm3
-        vpandn	%ymm11, %ymm10, %ymm4
-        vpxor	%ymm10, %ymm0, %ymm0
-        vpxor	%ymm11, %ymm1, %ymm1
-        vpxor	%ymm12, %ymm2, %ymm2
-        vpxor	%ymm13, %ymm3, %ymm3
-        vpxor	%ymm14, %ymm4, %ymm4
-        vmovdqu	%ymm0, 128(%rdi)
-        vmovdqu	%ymm1, -96(%rdi)
-        vmovdqu	%ymm2, 128(%rcx)
-        vmovdqu	%ymm3, -96(%rcx)
-        vmovdqu	%ymm4, -64(%rax)
-        # Round 10
-        # Calc b[0..4]
-        vpxor	%ymm15, %ymm0, %ymm10
-        vpxor	-64(%rdi), %ymm2, %ymm12
-        vpxor	-32(%rdi), %ymm3, %ymm13
-        vpxor	(%rdi), %ymm4, %ymm14
-        vpxor	32(%rdi), %ymm12, %ymm12
-        vpxor	64(%rdi), %ymm13, %ymm13
-        vpxor	96(%rdi), %ymm14, %ymm14
-        vpxor	-96(%rax), %ymm1, %ymm11
-        vpxor	-32(%rax), %ymm10, %ymm10
-        vpxor	(%rax), %ymm11, %ymm11
-        vpxor	32(%rax), %ymm12, %ymm12
-        vpxor	64(%rax), %ymm13, %ymm13
-        vpxor	96(%rax), %ymm11, %ymm11
-        vpxor	128(%rax), %ymm12, %ymm12
-        vpxor	-64(%rcx), %ymm14, %ymm14
-        vpxor	-32(%rcx), %ymm10, %ymm10
-        vpxor	(%rcx), %ymm13, %ymm13
-        vpxor	32(%rcx), %ymm14, %ymm14
-        vpxor	64(%rcx), %ymm10, %ymm10
-        vpxor	96(%rcx), %ymm11, %ymm11
-        # Calc t[0..4]
-        vpsrlq	$63, %ymm11, %ymm0
-        vpsrlq	$63, %ymm12, %ymm1
-        vpsrlq	$63, %ymm13, %ymm2
-        vpsrlq	$63, %ymm14, %ymm3
-        vpsrlq	$63, %ymm10, %ymm4
-        vpaddq	%ymm11, %ymm11, %ymm5
-        vpaddq	%ymm12, %ymm12, %ymm6
-        vpaddq	%ymm13, %ymm13, %ymm7
-        vpaddq	%ymm14, %ymm14, %ymm8
-        vpaddq	%ymm10, %ymm10, %ymm9
-        vpor	%ymm0, %ymm5, %ymm5
-        vpor	%ymm1, %ymm6, %ymm6
-        vpor	%ymm2, %ymm7, %ymm7
-        vpor	%ymm3, %ymm8, %ymm8
-        vpor	%ymm4, %ymm9, %ymm9
-        vpxor	%ymm14, %ymm5, %ymm5
-        vpxor	%ymm10, %ymm6, %ymm6
-        vpxor	%ymm11, %ymm7, %ymm7
-        vpxor	%ymm12, %ymm8, %ymm8
-        vpxor	%ymm13, %ymm9, %ymm9
-        # Row Mix
-        # Row 0
-        vpxor	%ymm15, %ymm5, %ymm10
-        vpxor	96(%rax), %ymm6, %ymm11
-        vpxor	32(%rdi), %ymm7, %ymm12
-        vpxor	(%rcx), %ymm8, %ymm13
-        vpxor	-64(%rax), %ymm9, %ymm14
-        vpsrlq	$20, %ymm11, %ymm0
-        vpsrlq	$21, %ymm12, %ymm1
-        vpsrlq	$43, %ymm13, %ymm2
-        vpsrlq	$50, %ymm14, %ymm3
-        vpsllq	$44, %ymm11, %ymm11
-        vpsllq	$43, %ymm12, %ymm12
-        vpsllq	$21, %ymm13, %ymm13
-        vpsllq	$14, %ymm14, %ymm14
-        vpor	%ymm0, %ymm11, %ymm11
-        vpor	%ymm1, %ymm12, %ymm12
-        vpor	%ymm2, %ymm13, %ymm13
-        vpor	%ymm3, %ymm14, %ymm14
-        vpandn	%ymm12, %ymm11, %ymm15
-        vpandn	%ymm13, %ymm12, %ymm1
-        vpandn	%ymm14, %ymm13, %ymm2
-        vpandn	%ymm10, %ymm14, %ymm3
-        vpandn	%ymm11, %ymm10, %ymm4
-        vpxor	%ymm10, %ymm15, %ymm15
-        vpxor	%ymm11, %ymm1, %ymm1
-        vpxor	%ymm12, %ymm2, %ymm2
-        # XOR in constant
-        vpxor	320(%rdx), %ymm15, %ymm15
-        vpxor	%ymm13, %ymm3, %ymm3
-        vpxor	%ymm14, %ymm4, %ymm4
-        vmovdqu	%ymm1, 96(%rax)
-        vmovdqu	%ymm2, 32(%rdi)
-        vmovdqu	%ymm3, (%rcx)
-        vmovdqu	%ymm4, -64(%rax)
-        # Row 1
-        vpxor	64(%rax), %ymm8, %ymm10
-        vpxor	(%rdi), %ymm9, %ymm11
-        vpxor	-32(%rcx), %ymm5, %ymm12
-        vpxor	-96(%rax), %ymm6, %ymm13
-        vpxor	128(%rcx), %ymm7, %ymm14
-        vpsrlq	$36, %ymm10, %ymm0
-        vpsrlq	$44, %ymm11, %ymm1
-        vpsrlq	$61, %ymm12, %ymm2
-        vpsrlq	$19, %ymm13, %ymm3
-        vpsrlq	$3, %ymm14, %ymm4
-        vpsllq	$28, %ymm10, %ymm10
-        vpsllq	$20, %ymm11, %ymm11
-        vpsllq	$3, %ymm12, %ymm12
-        vpsllq	$45, %ymm13, %ymm13
-        vpsllq	$61, %ymm14, %ymm14
-        vpor	%ymm0, %ymm10, %ymm10
-        vpor	%ymm1, %ymm11, %ymm11
-        vpor	%ymm2, %ymm12, %ymm12
-        vpor	%ymm3, %ymm13, %ymm13
-        vpor	%ymm4, %ymm14, %ymm14
-        vpandn	%ymm12, %ymm11, %ymm0
-        vpandn	%ymm13, %ymm12, %ymm1
-        vpandn	%ymm14, %ymm13, %ymm2
-        vpandn	%ymm10, %ymm14, %ymm3
-        vpandn	%ymm11, %ymm10, %ymm4
-        vpxor	%ymm10, %ymm0, %ymm0
-        vpxor	%ymm11, %ymm1, %ymm1
-        vpxor	%ymm12, %ymm2, %ymm2
-        vpxor	%ymm13, %ymm3, %ymm3
-        vpxor	%ymm14, %ymm4, %ymm4
-        vmovdqu	%ymm0, 64(%rax)
-        vmovdqu	%ymm1, (%rdi)
-        vmovdqu	%ymm2, -32(%rcx)
-        vmovdqu	%ymm3, -96(%rax)
-        vmovdqu	%ymm4, 128(%rcx)
-        # Row 2
-        vpxor	96(%rcx), %ymm6, %ymm10
-        vpxor	32(%rax), %ymm7, %ymm11
-        vpxor	-32(%rdi), %ymm8, %ymm12
-        vpxor	-64(%rcx), %ymm9, %ymm13
-        vpxor	128(%rdi), %ymm5, %ymm14
-        vpsrlq	$63, %ymm10, %ymm0
-        vpsrlq	$58, %ymm11, %ymm1
-        vpsrlq	$39, %ymm12, %ymm2
-        vpsrlq	$56, %ymm13, %ymm3
-        vpsrlq	$46, %ymm14, %ymm4
-        vpaddq	%ymm10, %ymm10, %ymm10
-        vpsllq	$6, %ymm11, %ymm11
-        vpsllq	$25, %ymm12, %ymm12
-        vpsllq	$8, %ymm13, %ymm13
-        vpsllq	$18, %ymm14, %ymm14
-        vpor	%ymm0, %ymm10, %ymm10
-        vpor	%ymm1, %ymm11, %ymm11
-        vpor	%ymm2, %ymm12, %ymm12
-        vpor	%ymm3, %ymm13, %ymm13
-        vpor	%ymm4, %ymm14, %ymm14
-        vpandn	%ymm12, %ymm11, %ymm0
-        vpandn	%ymm13, %ymm12, %ymm1
-        vpandn	%ymm14, %ymm13, %ymm2
-        vpandn	%ymm10, %ymm14, %ymm3
-        vpandn	%ymm11, %ymm10, %ymm4
-        vpxor	%ymm10, %ymm0, %ymm0
-        vpxor	%ymm11, %ymm1, %ymm1
-        vpxor	%ymm12, %ymm2, %ymm2
-        vpxor	%ymm13, %ymm3, %ymm3
-        vpxor	%ymm14, %ymm4, %ymm4
-        vmovdqu	%ymm0, 96(%rcx)
-        vmovdqu	%ymm1, 32(%rax)
-        vmovdqu	%ymm2, -32(%rdi)
-        vmovdqu	%ymm3, -64(%rcx)
-        vmovdqu	%ymm4, 128(%rdi)
-        # Row 3
-        vpxor	96(%rdi), %ymm9, %ymm10
-        vpxor	64(%rcx), %ymm5, %ymm11
-        vpxor	(%rax), %ymm6, %ymm12
-        vpxor	-64(%rdi), %ymm7, %ymm13
-        vpxor	-96(%rcx), %ymm8, %ymm14
-        vpsrlq	$37, %ymm10, %ymm0
-        vpsrlq	$28, %ymm11, %ymm1
-        vpsrlq	$54, %ymm12, %ymm2
-        vpsrlq	$49, %ymm13, %ymm3
-        vpsrlq	$8, %ymm14, %ymm4
-        vpsllq	$27, %ymm10, %ymm10
-        vpsllq	$36, %ymm11, %ymm11
-        vpsllq	$10, %ymm12, %ymm12
-        vpsllq	$15, %ymm13, %ymm13
-        vpsllq	$56, %ymm14, %ymm14
-        vpor	%ymm0, %ymm10, %ymm10
-        vpor	%ymm1, %ymm11, %ymm11
-        vpor	%ymm2, %ymm12, %ymm12
-        vpor	%ymm3, %ymm13, %ymm13
-        vpor	%ymm4, %ymm14, %ymm14
-        vpandn	%ymm12, %ymm11, %ymm0
-        vpandn	%ymm13, %ymm12, %ymm1
-        vpandn	%ymm14, %ymm13, %ymm2
-        vpandn	%ymm10, %ymm14, %ymm3
-        vpandn	%ymm11, %ymm10, %ymm4
-        vpxor	%ymm10, %ymm0, %ymm0
-        vpxor	%ymm11, %ymm1, %ymm1
-        vpxor	%ymm12, %ymm2, %ymm2
-        vpxor	%ymm13, %ymm3, %ymm3
-        vpxor	%ymm14, %ymm4, %ymm4
-        vmovdqu	%ymm0, 96(%rdi)
-        vmovdqu	%ymm1, 64(%rcx)
-        vmovdqu	%ymm2, (%rax)
-        vmovdqu	%ymm3, -64(%rdi)
-        vmovdqu	%ymm4, -96(%rcx)
-        # Row 4
-        vpxor	128(%rax), %ymm7, %ymm10
-        vpxor	64(%rdi), %ymm8, %ymm11
-        vpxor	32(%rcx), %ymm9, %ymm12
-        vpxor	-32(%rax), %ymm5, %ymm13
-        vpxor	-96(%rdi), %ymm6, %ymm14
-        vpsrlq	$2, %ymm10, %ymm0
-        vpsrlq	$9, %ymm11, %ymm1
-        vpsrlq	$25, %ymm12, %ymm2
-        vpsrlq	$23, %ymm13, %ymm3
-        vpsrlq	$62, %ymm14, %ymm4
-        vpsllq	$62, %ymm10, %ymm10
-        vpsllq	$55, %ymm11, %ymm11
-        vpsllq	$39, %ymm12, %ymm12
-        vpsllq	$41, %ymm13, %ymm13
-        vpsllq	$2, %ymm14, %ymm14
-        vpor	%ymm0, %ymm10, %ymm10
-        vpor	%ymm1, %ymm11, %ymm11
-        vpor	%ymm2, %ymm12, %ymm12
-        vpor	%ymm3, %ymm13, %ymm13
-        vpor	%ymm4, %ymm14, %ymm14
-        vpandn	%ymm12, %ymm11, %ymm0
-        vpandn	%ymm13, %ymm12, %ymm1
-        vpandn	%ymm14, %ymm13, %ymm2
-        vpandn	%ymm10, %ymm14, %ymm3
-        vpandn	%ymm11, %ymm10, %ymm4
-        vpxor	%ymm10, %ymm0, %ymm0
-        vpxor	%ymm11, %ymm1, %ymm1
-        vpxor	%ymm12, %ymm2, %ymm2
-        vpxor	%ymm13, %ymm3, %ymm3
-        vpxor	%ymm14, %ymm4, %ymm4
-        vmovdqu	%ymm0, 128(%rax)
-        vmovdqu	%ymm1, 64(%rdi)
-        vmovdqu	%ymm2, 32(%rcx)
-        vmovdqu	%ymm3, -32(%rax)
-        vmovdqu	%ymm4, -96(%rdi)
-        # Round 11
-        # Calc b[0..4]
-        vpxor	%ymm15, %ymm0, %ymm10
-        vpxor	-64(%rdi), %ymm3, %ymm13
-        vpxor	-32(%rdi), %ymm2, %ymm12
-        vpxor	(%rdi), %ymm1, %ymm11
-        vpxor	32(%rdi), %ymm12, %ymm12
-        vpxor	96(%rdi), %ymm10, %ymm10
-        vpxor	128(%rdi), %ymm4, %ymm14
-        vpxor	-96(%rax), %ymm13, %ymm13
-        vpxor	-64(%rax), %ymm14, %ymm14
-        vpxor	(%rax), %ymm12, %ymm12
-        vpxor	32(%rax), %ymm11, %ymm11
-        vpxor	64(%rax), %ymm10, %ymm10
-        vpxor	96(%rax), %ymm11, %ymm11
-        vpxor	-96(%rcx), %ymm14, %ymm14
-        vpxor	-64(%rcx), %ymm13, %ymm13
-        vpxor	-32(%rcx), %ymm12, %ymm12
-        vpxor	(%rcx), %ymm13, %ymm13
-        vpxor	64(%rcx), %ymm11, %ymm11
-        vpxor	96(%rcx), %ymm10, %ymm10
-        vpxor	128(%rcx), %ymm14, %ymm14
-        # Calc t[0..4]
-        vpsrlq	$63, %ymm11, %ymm0
-        vpsrlq	$63, %ymm12, %ymm1
-        vpsrlq	$63, %ymm13, %ymm2
-        vpsrlq	$63, %ymm14, %ymm3
-        vpsrlq	$63, %ymm10, %ymm4
-        vpaddq	%ymm11, %ymm11, %ymm5
-        vpaddq	%ymm12, %ymm12, %ymm6
-        vpaddq	%ymm13, %ymm13, %ymm7
-        vpaddq	%ymm14, %ymm14, %ymm8
-        vpaddq	%ymm10, %ymm10, %ymm9
-        vpor	%ymm0, %ymm5, %ymm5
-        vpor	%ymm1, %ymm6, %ymm6
-        vpor	%ymm2, %ymm7, %ymm7
-        vpor	%ymm3, %ymm8, %ymm8
-        vpor	%ymm4, %ymm9, %ymm9
-        vpxor	%ymm14, %ymm5, %ymm5
-        vpxor	%ymm10, %ymm6, %ymm6
-        vpxor	%ymm11, %ymm7, %ymm7
-        vpxor	%ymm12, %ymm8, %ymm8
-        vpxor	%ymm13, %ymm9, %ymm9
-        # Row Mix
-        # Row 0
-        vpxor	%ymm15, %ymm5, %ymm10
-        vpxor	(%rdi), %ymm6, %ymm11
-        vpxor	-32(%rdi), %ymm7, %ymm12
-        vpxor	-64(%rdi), %ymm8, %ymm13
-        vpxor	-96(%rdi), %ymm9, %ymm14
-        vpsrlq	$20, %ymm11, %ymm0
-        vpsrlq	$21, %ymm12, %ymm1
-        vpsrlq	$43, %ymm13, %ymm2
-        vpsrlq	$50, %ymm14, %ymm3
-        vpsllq	$44, %ymm11, %ymm11
-        vpsllq	$43, %ymm12, %ymm12
-        vpsllq	$21, %ymm13, %ymm13
-        vpsllq	$14, %ymm14, %ymm14
-        vpor	%ymm0, %ymm11, %ymm11
-        vpor	%ymm1, %ymm12, %ymm12
-        vpor	%ymm2, %ymm13, %ymm13
-        vpor	%ymm3, %ymm14, %ymm14
-        vpandn	%ymm12, %ymm11, %ymm15
-        vpandn	%ymm13, %ymm12, %ymm1
-        vpandn	%ymm14, %ymm13, %ymm2
-        vpandn	%ymm10, %ymm14, %ymm3
-        vpandn	%ymm11, %ymm10, %ymm4
-        vpxor	%ymm10, %ymm15, %ymm15
-        vpxor	%ymm11, %ymm1, %ymm1
-        vpxor	%ymm12, %ymm2, %ymm2
-        # XOR in constant
-        vpxor	352(%rdx), %ymm15, %ymm15
-        vpxor	%ymm13, %ymm3, %ymm3
-        vpxor	%ymm14, %ymm4, %ymm4
-        vmovdqu	%ymm1, (%rdi)
-        vmovdqu	%ymm2, -32(%rdi)
-        vmovdqu	%ymm3, -64(%rdi)
-        vmovdqu	%ymm4, -96(%rdi)
-        # Row 1
-        vpxor	(%rcx), %ymm8, %ymm10
-        vpxor	128(%rcx), %ymm9, %ymm11
-        vpxor	96(%rcx), %ymm5, %ymm12
-        vpxor	64(%rcx), %ymm6, %ymm13
-        vpxor	32(%rcx), %ymm7, %ymm14
-        vpsrlq	$36, %ymm10, %ymm0
-        vpsrlq	$44, %ymm11, %ymm1
-        vpsrlq	$61, %ymm12, %ymm2
-        vpsrlq	$19, %ymm13, %ymm3
-        vpsrlq	$3, %ymm14, %ymm4
-        vpsllq	$28, %ymm10, %ymm10
-        vpsllq	$20, %ymm11, %ymm11
-        vpsllq	$3, %ymm12, %ymm12
-        vpsllq	$45, %ymm13, %ymm13
-        vpsllq	$61, %ymm14, %ymm14
-        vpor	%ymm0, %ymm10, %ymm10
-        vpor	%ymm1, %ymm11, %ymm11
-        vpor	%ymm2, %ymm12, %ymm12
-        vpor	%ymm3, %ymm13, %ymm13
-        vpor	%ymm4, %ymm14, %ymm14
-        vpandn	%ymm12, %ymm11, %ymm0
-        vpandn	%ymm13, %ymm12, %ymm1
-        vpandn	%ymm14, %ymm13, %ymm2
-        vpandn	%ymm10, %ymm14, %ymm3
-        vpandn	%ymm11, %ymm10, %ymm4
-        vpxor	%ymm10, %ymm0, %ymm0
-        vpxor	%ymm11, %ymm1, %ymm1
-        vpxor	%ymm12, %ymm2, %ymm2
-        vpxor	%ymm13, %ymm3, %ymm3
-        vpxor	%ymm14, %ymm4, %ymm4
-        vmovdqu	%ymm0, (%rcx)
-        vmovdqu	%ymm1, 128(%rcx)
-        vmovdqu	%ymm2, 96(%rcx)
-        vmovdqu	%ymm3, 64(%rcx)
-        vmovdqu	%ymm4, 32(%rcx)
-        # Row 2
-        vpxor	96(%rax), %ymm6, %ymm10
-        vpxor	-32(%rcx), %ymm7, %ymm11
-        vpxor	-64(%rcx), %ymm8, %ymm12
-        vpxor	-96(%rcx), %ymm9, %ymm13
-        vpxor	128(%rax), %ymm5, %ymm14
-        vpsrlq	$63, %ymm10, %ymm0
-        vpsrlq	$58, %ymm11, %ymm1
-        vpsrlq	$39, %ymm12, %ymm2
-        vpsrlq	$56, %ymm13, %ymm3
-        vpsrlq	$46, %ymm14, %ymm4
-        vpaddq	%ymm10, %ymm10, %ymm10
-        vpsllq	$6, %ymm11, %ymm11
-        vpsllq	$25, %ymm12, %ymm12
-        vpsllq	$8, %ymm13, %ymm13
-        vpsllq	$18, %ymm14, %ymm14
-        vpor	%ymm0, %ymm10, %ymm10
-        vpor	%ymm1, %ymm11, %ymm11
-        vpor	%ymm2, %ymm12, %ymm12
-        vpor	%ymm3, %ymm13, %ymm13
-        vpor	%ymm4, %ymm14, %ymm14
-        vpandn	%ymm12, %ymm11, %ymm0
-        vpandn	%ymm13, %ymm12, %ymm1
-        vpandn	%ymm14, %ymm13, %ymm2
-        vpandn	%ymm10, %ymm14, %ymm3
-        vpandn	%ymm11, %ymm10, %ymm4
-        vpxor	%ymm10, %ymm0, %ymm0
-        vpxor	%ymm11, %ymm1, %ymm1
-        vpxor	%ymm12, %ymm2, %ymm2
-        vpxor	%ymm13, %ymm3, %ymm3
-        vpxor	%ymm14, %ymm4, %ymm4
-        vmovdqu	%ymm0, 96(%rax)
-        vmovdqu	%ymm1, -32(%rcx)
-        vmovdqu	%ymm2, -64(%rcx)
-        vmovdqu	%ymm3, -96(%rcx)
-        vmovdqu	%ymm4, 128(%rax)
-        # Row 3
-        vpxor	-64(%rax), %ymm9, %ymm10
-        vpxor	64(%rax), %ymm5, %ymm11
-        vpxor	32(%rax), %ymm6, %ymm12
-        vpxor	(%rax), %ymm7, %ymm13
-        vpxor	-32(%rax), %ymm8, %ymm14
-        vpsrlq	$37, %ymm10, %ymm0
-        vpsrlq	$28, %ymm11, %ymm1
-        vpsrlq	$54, %ymm12, %ymm2
-        vpsrlq	$49, %ymm13, %ymm3
-        vpsrlq	$8, %ymm14, %ymm4
-        vpsllq	$27, %ymm10, %ymm10
-        vpsllq	$36, %ymm11, %ymm11
-        vpsllq	$10, %ymm12, %ymm12
-        vpsllq	$15, %ymm13, %ymm13
-        vpsllq	$56, %ymm14, %ymm14
-        vpor	%ymm0, %ymm10, %ymm10
-        vpor	%ymm1, %ymm11, %ymm11
-        vpor	%ymm2, %ymm12, %ymm12
-        vpor	%ymm3, %ymm13, %ymm13
-        vpor	%ymm4, %ymm14, %ymm14
-        vpandn	%ymm12, %ymm11, %ymm0
-        vpandn	%ymm13, %ymm12, %ymm1
-        vpandn	%ymm14, %ymm13, %ymm2
-        vpandn	%ymm10, %ymm14, %ymm3
-        vpandn	%ymm11, %ymm10, %ymm4
-        vpxor	%ymm10, %ymm0, %ymm0
-        vpxor	%ymm11, %ymm1, %ymm1
-        vpxor	%ymm12, %ymm2, %ymm2
-        vpxor	%ymm13, %ymm3, %ymm3
-        vpxor	%ymm14, %ymm4, %ymm4
-        vmovdqu	%ymm0, -64(%rax)
-        vmovdqu	%ymm1, 64(%rax)
-        vmovdqu	%ymm2, 32(%rax)
-        vmovdqu	%ymm3, (%rax)
-        vmovdqu	%ymm4, -32(%rax)
-        # Row 4
-        vpxor	32(%rdi), %ymm7, %ymm10
-        vpxor	-96(%rax), %ymm8, %ymm11
-        vpxor	128(%rdi), %ymm9, %ymm12
-        vpxor	96(%rdi), %ymm5, %ymm13
-        vpxor	64(%rdi), %ymm6, %ymm14
-        vpsrlq	$2, %ymm10, %ymm0
-        vpsrlq	$9, %ymm11, %ymm1
-        vpsrlq	$25, %ymm12, %ymm2
-        vpsrlq	$23, %ymm13, %ymm3
-        vpsrlq	$62, %ymm14, %ymm4
-        vpsllq	$62, %ymm10, %ymm10
-        vpsllq	$55, %ymm11, %ymm11
-        vpsllq	$39, %ymm12, %ymm12
-        vpsllq	$41, %ymm13, %ymm13
-        vpsllq	$2, %ymm14, %ymm14
-        vpor	%ymm0, %ymm10, %ymm10
-        vpor	%ymm1, %ymm11, %ymm11
-        vpor	%ymm2, %ymm12, %ymm12
-        vpor	%ymm3, %ymm13, %ymm13
-        vpor	%ymm4, %ymm14, %ymm14
-        vpandn	%ymm12, %ymm11, %ymm0
-        vpandn	%ymm13, %ymm12, %ymm1
-        vpandn	%ymm14, %ymm13, %ymm2
-        vpandn	%ymm10, %ymm14, %ymm3
-        vpandn	%ymm11, %ymm10, %ymm4
-        vpxor	%ymm10, %ymm0, %ymm0
-        vpxor	%ymm11, %ymm1, %ymm1
-        vpxor	%ymm12, %ymm2, %ymm2
-        vpxor	%ymm13, %ymm3, %ymm3
-        vpxor	%ymm14, %ymm4, %ymm4
-        vmovdqu	%ymm0, 32(%rdi)
-        vmovdqu	%ymm1, -96(%rax)
-        vmovdqu	%ymm2, 128(%rdi)
-        vmovdqu	%ymm3, 96(%rdi)
-        vmovdqu	%ymm4, 64(%rdi)
-        # Round 12
-        # Calc b[0..4]
-        vpxor	%ymm15, %ymm0, %ymm10
-        vpxor	-96(%rdi), %ymm4, %ymm14
-        vpxor	-64(%rdi), %ymm3, %ymm13
-        vpxor	-32(%rdi), %ymm2, %ymm12
-        vpxor	(%rdi), %ymm1, %ymm11
-        vpxor	-64(%rax), %ymm10, %ymm10
-        vpxor	-32(%rax), %ymm14, %ymm14
-        vpxor	(%rax), %ymm13, %ymm13
-        vpxor	32(%rax), %ymm12, %ymm12
-        vpxor	64(%rax), %ymm11, %ymm11
-        vpxor	96(%rax), %ymm10, %ymm10
-        vpxor	128(%rax), %ymm14, %ymm14
-        vpxor	-96(%rcx), %ymm13, %ymm13
-        vpxor	-64(%rcx), %ymm12, %ymm12
-        vpxor	-32(%rcx), %ymm11, %ymm11
-        vpxor	(%rcx), %ymm10, %ymm10
-        vpxor	32(%rcx), %ymm14, %ymm14
-        vpxor	64(%rcx), %ymm13, %ymm13
-        vpxor	96(%rcx), %ymm12, %ymm12
-        vpxor	128(%rcx), %ymm11, %ymm11
-        # Calc t[0..4]
-        vpsrlq	$63, %ymm11, %ymm0
-        vpsrlq	$63, %ymm12, %ymm1
-        vpsrlq	$63, %ymm13, %ymm2
-        vpsrlq	$63, %ymm14, %ymm3
-        vpsrlq	$63, %ymm10, %ymm4
-        vpaddq	%ymm11, %ymm11, %ymm5
-        vpaddq	%ymm12, %ymm12, %ymm6
-        vpaddq	%ymm13, %ymm13, %ymm7
-        vpaddq	%ymm14, %ymm14, %ymm8
-        vpaddq	%ymm10, %ymm10, %ymm9
-        vpor	%ymm0, %ymm5, %ymm5
-        vpor	%ymm1, %ymm6, %ymm6
-        vpor	%ymm2, %ymm7, %ymm7
-        vpor	%ymm3, %ymm8, %ymm8
-        vpor	%ymm4, %ymm9, %ymm9
-        vpxor	%ymm14, %ymm5, %ymm5
-        vpxor	%ymm10, %ymm6, %ymm6
-        vpxor	%ymm11, %ymm7, %ymm7
-        vpxor	%ymm12, %ymm8, %ymm8
-        vpxor	%ymm13, %ymm9, %ymm9
-        # Row Mix
-        # Row 0
-        vpxor	%ymm15, %ymm5, %ymm10
-        vpxor	128(%rcx), %ymm6, %ymm11
-        vpxor	-64(%rcx), %ymm7, %ymm12
-        vpxor	(%rax), %ymm8, %ymm13
-        vpxor	64(%rdi), %ymm9, %ymm14
-        vpsrlq	$20, %ymm11, %ymm0
-        vpsrlq	$21, %ymm12, %ymm1
-        vpsrlq	$43, %ymm13, %ymm2
-        vpsrlq	$50, %ymm14, %ymm3
-        vpsllq	$44, %ymm11, %ymm11
-        vpsllq	$43, %ymm12, %ymm12
-        vpsllq	$21, %ymm13, %ymm13
-        vpsllq	$14, %ymm14, %ymm14
-        vpor	%ymm0, %ymm11, %ymm11
-        vpor	%ymm1, %ymm12, %ymm12
-        vpor	%ymm2, %ymm13, %ymm13
-        vpor	%ymm3, %ymm14, %ymm14
-        vpandn	%ymm12, %ymm11, %ymm15
-        vpandn	%ymm13, %ymm12, %ymm1
-        vpandn	%ymm14, %ymm13, %ymm2
-        vpandn	%ymm10, %ymm14, %ymm3
-        vpandn	%ymm11, %ymm10, %ymm4
-        vpxor	%ymm10, %ymm15, %ymm15
-        vpxor	%ymm11, %ymm1, %ymm1
-        vpxor	%ymm12, %ymm2, %ymm2
-        # XOR in constant
-        vpxor	384(%rdx), %ymm15, %ymm15
-        vpxor	%ymm13, %ymm3, %ymm3
-        vpxor	%ymm14, %ymm4, %ymm4
-        vmovdqu	%ymm1, 128(%rcx)
-        vmovdqu	%ymm2, -64(%rcx)
-        vmovdqu	%ymm3, (%rax)
-        vmovdqu	%ymm4, 64(%rdi)
-        # Row 1
-        vpxor	-64(%rdi), %ymm8, %ymm10
-        vpxor	32(%rcx), %ymm9, %ymm11
-        vpxor	96(%rax), %ymm5, %ymm12
-        vpxor	64(%rax), %ymm6, %ymm13
-        vpxor	128(%rdi), %ymm7, %ymm14
-        vpsrlq	$36, %ymm10, %ymm0
-        vpsrlq	$44, %ymm11, %ymm1
-        vpsrlq	$61, %ymm12, %ymm2
-        vpsrlq	$19, %ymm13, %ymm3
-        vpsrlq	$3, %ymm14, %ymm4
-        vpsllq	$28, %ymm10, %ymm10
-        vpsllq	$20, %ymm11, %ymm11
-        vpsllq	$3, %ymm12, %ymm12
-        vpsllq	$45, %ymm13, %ymm13
-        vpsllq	$61, %ymm14, %ymm14
-        vpor	%ymm0, %ymm10, %ymm10
-        vpor	%ymm1, %ymm11, %ymm11
-        vpor	%ymm2, %ymm12, %ymm12
-        vpor	%ymm3, %ymm13, %ymm13
-        vpor	%ymm4, %ymm14, %ymm14
-        vpandn	%ymm12, %ymm11, %ymm0
-        vpandn	%ymm13, %ymm12, %ymm1
-        vpandn	%ymm14, %ymm13, %ymm2
-        vpandn	%ymm10, %ymm14, %ymm3
-        vpandn	%ymm11, %ymm10, %ymm4
-        vpxor	%ymm10, %ymm0, %ymm0
-        vpxor	%ymm11, %ymm1, %ymm1
-        vpxor	%ymm12, %ymm2, %ymm2
-        vpxor	%ymm13, %ymm3, %ymm3
-        vpxor	%ymm14, %ymm4, %ymm4
-        vmovdqu	%ymm0, -64(%rdi)
-        vmovdqu	%ymm1, 32(%rcx)
-        vmovdqu	%ymm2, 96(%rax)
-        vmovdqu	%ymm3, 64(%rax)
-        vmovdqu	%ymm4, 128(%rdi)
-        # Row 2
-        vpxor	(%rdi), %ymm6, %ymm10
-        vpxor	96(%rcx), %ymm7, %ymm11
-        vpxor	-96(%rcx), %ymm8, %ymm12
-        vpxor	-32(%rax), %ymm9, %ymm13
-        vpxor	32(%rdi), %ymm5, %ymm14
-        vpsrlq	$63, %ymm10, %ymm0
-        vpsrlq	$58, %ymm11, %ymm1
-        vpsrlq	$39, %ymm12, %ymm2
-        vpsrlq	$56, %ymm13, %ymm3
-        vpsrlq	$46, %ymm14, %ymm4
-        vpaddq	%ymm10, %ymm10, %ymm10
-        vpsllq	$6, %ymm11, %ymm11
-        vpsllq	$25, %ymm12, %ymm12
-        vpsllq	$8, %ymm13, %ymm13
-        vpsllq	$18, %ymm14, %ymm14
-        vpor	%ymm0, %ymm10, %ymm10
-        vpor	%ymm1, %ymm11, %ymm11
-        vpor	%ymm2, %ymm12, %ymm12
-        vpor	%ymm3, %ymm13, %ymm13
-        vpor	%ymm4, %ymm14, %ymm14
-        vpandn	%ymm12, %ymm11, %ymm0
-        vpandn	%ymm13, %ymm12, %ymm1
-        vpandn	%ymm14, %ymm13, %ymm2
-        vpandn	%ymm10, %ymm14, %ymm3
-        vpandn	%ymm11, %ymm10, %ymm4
-        vpxor	%ymm10, %ymm0, %ymm0
-        vpxor	%ymm11, %ymm1, %ymm1
-        vpxor	%ymm12, %ymm2, %ymm2
-        vpxor	%ymm13, %ymm3, %ymm3
-        vpxor	%ymm14, %ymm4, %ymm4
-        vmovdqu	%ymm0, (%rdi)
-        vmovdqu	%ymm1, 96(%rcx)
-        vmovdqu	%ymm2, -96(%rcx)
-        vmovdqu	%ymm3, -32(%rax)
-        vmovdqu	%ymm4, 32(%rdi)
-        # Row 3
-        vpxor	-96(%rdi), %ymm9, %ymm10
-        vpxor	(%rcx), %ymm5, %ymm11
-        vpxor	-32(%rcx), %ymm6, %ymm12
-        vpxor	32(%rax), %ymm7, %ymm13
-        vpxor	96(%rdi), %ymm8, %ymm14
-        vpsrlq	$37, %ymm10, %ymm0
-        vpsrlq	$28, %ymm11, %ymm1
-        vpsrlq	$54, %ymm12, %ymm2
-        vpsrlq	$49, %ymm13, %ymm3
-        vpsrlq	$8, %ymm14, %ymm4
-        vpsllq	$27, %ymm10, %ymm10
-        vpsllq	$36, %ymm11, %ymm11
-        vpsllq	$10, %ymm12, %ymm12
-        vpsllq	$15, %ymm13, %ymm13
-        vpsllq	$56, %ymm14, %ymm14
-        vpor	%ymm0, %ymm10, %ymm10
-        vpor	%ymm1, %ymm11, %ymm11
-        vpor	%ymm2, %ymm12, %ymm12
-        vpor	%ymm3, %ymm13, %ymm13
-        vpor	%ymm4, %ymm14, %ymm14
-        vpandn	%ymm12, %ymm11, %ymm0
-        vpandn	%ymm13, %ymm12, %ymm1
-        vpandn	%ymm14, %ymm13, %ymm2
-        vpandn	%ymm10, %ymm14, %ymm3
-        vpandn	%ymm11, %ymm10, %ymm4
-        vpxor	%ymm10, %ymm0, %ymm0
-        vpxor	%ymm11, %ymm1, %ymm1
-        vpxor	%ymm12, %ymm2, %ymm2
-        vpxor	%ymm13, %ymm3, %ymm3
-        vpxor	%ymm14, %ymm4, %ymm4
-        vmovdqu	%ymm0, -96(%rdi)
-        vmovdqu	%ymm1, (%rcx)
-        vmovdqu	%ymm2, -32(%rcx)
-        vmovdqu	%ymm3, 32(%rax)
-        vmovdqu	%ymm4, 96(%rdi)
-        # Row 4
-        vpxor	-32(%rdi), %ymm7, %ymm10
-        vpxor	64(%rcx), %ymm8, %ymm11
-        vpxor	128(%rax), %ymm9, %ymm12
-        vpxor	-64(%rax), %ymm5, %ymm13
-        vpxor	-96(%rax), %ymm6, %ymm14
-        vpsrlq	$2, %ymm10, %ymm0
-        vpsrlq	$9, %ymm11, %ymm1
-        vpsrlq	$25, %ymm12, %ymm2
-        vpsrlq	$23, %ymm13, %ymm3
-        vpsrlq	$62, %ymm14, %ymm4
-        vpsllq	$62, %ymm10, %ymm10
-        vpsllq	$55, %ymm11, %ymm11
-        vpsllq	$39, %ymm12, %ymm12
-        vpsllq	$41, %ymm13, %ymm13
-        vpsllq	$2, %ymm14, %ymm14
-        vpor	%ymm0, %ymm10, %ymm10
-        vpor	%ymm1, %ymm11, %ymm11
-        vpor	%ymm2, %ymm12, %ymm12
-        vpor	%ymm3, %ymm13, %ymm13
-        vpor	%ymm4, %ymm14, %ymm14
-        vpandn	%ymm12, %ymm11, %ymm0
-        vpandn	%ymm13, %ymm12, %ymm1
-        vpandn	%ymm14, %ymm13, %ymm2
-        vpandn	%ymm10, %ymm14, %ymm3
-        vpandn	%ymm11, %ymm10, %ymm4
-        vpxor	%ymm10, %ymm0, %ymm0
-        vpxor	%ymm11, %ymm1, %ymm1
-        vpxor	%ymm12, %ymm2, %ymm2
-        vpxor	%ymm13, %ymm3, %ymm3
-        vpxor	%ymm14, %ymm4, %ymm4
-        vmovdqu	%ymm0, -32(%rdi)
-        vmovdqu	%ymm1, 64(%rcx)
-        vmovdqu	%ymm2, 128(%rax)
-        vmovdqu	%ymm3, -64(%rax)
-        vmovdqu	%ymm4, -96(%rax)
-        # Round 13
-        # Calc b[0..4]
-        vpxor	%ymm15, %ymm0, %ymm10
-        vpxor	-96(%rdi), %ymm10, %ymm10
-        vpxor	-64(%rdi), %ymm10, %ymm10
-        vpxor	(%rdi), %ymm10, %ymm10
-        vpxor	32(%rdi), %ymm4, %ymm14
-        vpxor	64(%rdi), %ymm14, %ymm14
-        vpxor	96(%rdi), %ymm14, %ymm14
-        vpxor	128(%rdi), %ymm14, %ymm14
-        vpxor	-32(%rax), %ymm3, %ymm13
-        vpxor	(%rax), %ymm13, %ymm13
-        vpxor	32(%rax), %ymm13, %ymm13
-        vpxor	64(%rax), %ymm13, %ymm13
-        vpxor	96(%rax), %ymm2, %ymm12
-        vpxor	-96(%rcx), %ymm12, %ymm12
-        vpxor	-64(%rcx), %ymm12, %ymm12
-        vpxor	-32(%rcx), %ymm12, %ymm12
-        vpxor	(%rcx), %ymm1, %ymm11
-        vpxor	32(%rcx), %ymm11, %ymm11
-        vpxor	96(%rcx), %ymm11, %ymm11
-        vpxor	128(%rcx), %ymm11, %ymm11
-        # Calc t[0..4]
-        vpsrlq	$63, %ymm11, %ymm0
-        vpsrlq	$63, %ymm12, %ymm1
-        vpsrlq	$63, %ymm13, %ymm2
-        vpsrlq	$63, %ymm14, %ymm3
-        vpsrlq	$63, %ymm10, %ymm4
-        vpaddq	%ymm11, %ymm11, %ymm5
-        vpaddq	%ymm12, %ymm12, %ymm6
-        vpaddq	%ymm13, %ymm13, %ymm7
-        vpaddq	%ymm14, %ymm14, %ymm8
-        vpaddq	%ymm10, %ymm10, %ymm9
-        vpor	%ymm0, %ymm5, %ymm5
-        vpor	%ymm1, %ymm6, %ymm6
-        vpor	%ymm2, %ymm7, %ymm7
-        vpor	%ymm3, %ymm8, %ymm8
-        vpor	%ymm4, %ymm9, %ymm9
-        vpxor	%ymm14, %ymm5, %ymm5
-        vpxor	%ymm10, %ymm6, %ymm6
-        vpxor	%ymm11, %ymm7, %ymm7
-        vpxor	%ymm12, %ymm8, %ymm8
-        vpxor	%ymm13, %ymm9, %ymm9
-        # Row Mix
-        # Row 0
-        vpxor	%ymm15, %ymm5, %ymm10
-        vpxor	32(%rcx), %ymm6, %ymm11
-        vpxor	-96(%rcx), %ymm7, %ymm12
-        vpxor	32(%rax), %ymm8, %ymm13
-        vpxor	-96(%rax), %ymm9, %ymm14
-        vpsrlq	$20, %ymm11, %ymm0
-        vpsrlq	$21, %ymm12, %ymm1
-        vpsrlq	$43, %ymm13, %ymm2
-        vpsrlq	$50, %ymm14, %ymm3
-        vpsllq	$44, %ymm11, %ymm11
-        vpsllq	$43, %ymm12, %ymm12
-        vpsllq	$21, %ymm13, %ymm13
-        vpsllq	$14, %ymm14, %ymm14
-        vpor	%ymm0, %ymm11, %ymm11
-        vpor	%ymm1, %ymm12, %ymm12
-        vpor	%ymm2, %ymm13, %ymm13
-        vpor	%ymm3, %ymm14, %ymm14
-        vpandn	%ymm12, %ymm11, %ymm15
-        vpandn	%ymm13, %ymm12, %ymm1
-        vpandn	%ymm14, %ymm13, %ymm2
-        vpandn	%ymm10, %ymm14, %ymm3
-        vpandn	%ymm11, %ymm10, %ymm4
-        vpxor	%ymm10, %ymm15, %ymm15
-        vpxor	%ymm11, %ymm1, %ymm1
-        vpxor	%ymm12, %ymm2, %ymm2
-        # XOR in constant
-        vpxor	416(%rdx), %ymm15, %ymm15
-        vpxor	%ymm13, %ymm3, %ymm3
-        vpxor	%ymm14, %ymm4, %ymm4
-        vmovdqu	%ymm1, 32(%rcx)
-        vmovdqu	%ymm2, -96(%rcx)
-        vmovdqu	%ymm3, 32(%rax)
-        vmovdqu	%ymm4, -96(%rax)
-        # Row 1
-        vpxor	(%rax), %ymm8, %ymm10
-        vpxor	128(%rdi), %ymm9, %ymm11
-        vpxor	(%rdi), %ymm5, %ymm12
-        vpxor	(%rcx), %ymm6, %ymm13
-        vpxor	128(%rax), %ymm7, %ymm14
-        vpsrlq	$36, %ymm10, %ymm0
-        vpsrlq	$44, %ymm11, %ymm1
-        vpsrlq	$61, %ymm12, %ymm2
-        vpsrlq	$19, %ymm13, %ymm3
-        vpsrlq	$3, %ymm14, %ymm4
-        vpsllq	$28, %ymm10, %ymm10
-        vpsllq	$20, %ymm11, %ymm11
-        vpsllq	$3, %ymm12, %ymm12
-        vpsllq	$45, %ymm13, %ymm13
-        vpsllq	$61, %ymm14, %ymm14
-        vpor	%ymm0, %ymm10, %ymm10
-        vpor	%ymm1, %ymm11, %ymm11
-        vpor	%ymm2, %ymm12, %ymm12
-        vpor	%ymm3, %ymm13, %ymm13
-        vpor	%ymm4, %ymm14, %ymm14
-        vpandn	%ymm12, %ymm11, %ymm0
-        vpandn	%ymm13, %ymm12, %ymm1
-        vpandn	%ymm14, %ymm13, %ymm2
-        vpandn	%ymm10, %ymm14, %ymm3
-        vpandn	%ymm11, %ymm10, %ymm4
-        vpxor	%ymm10, %ymm0, %ymm0
-        vpxor	%ymm11, %ymm1, %ymm1
-        vpxor	%ymm12, %ymm2, %ymm2
-        vpxor	%ymm13, %ymm3, %ymm3
-        vpxor	%ymm14, %ymm4, %ymm4
-        vmovdqu	%ymm0, (%rax)
-        vmovdqu	%ymm1, 128(%rdi)
-        vmovdqu	%ymm2, (%rdi)
-        vmovdqu	%ymm3, (%rcx)
-        vmovdqu	%ymm4, 128(%rax)
-        # Row 2
-        vpxor	128(%rcx), %ymm6, %ymm10
-        vpxor	96(%rax), %ymm7, %ymm11
-        vpxor	-32(%rax), %ymm8, %ymm12
-        vpxor	96(%rdi), %ymm9, %ymm13
-        vpxor	-32(%rdi), %ymm5, %ymm14
-        vpsrlq	$63, %ymm10, %ymm0
-        vpsrlq	$58, %ymm11, %ymm1
-        vpsrlq	$39, %ymm12, %ymm2
-        vpsrlq	$56, %ymm13, %ymm3
-        vpsrlq	$46, %ymm14, %ymm4
-        vpaddq	%ymm10, %ymm10, %ymm10
-        vpsllq	$6, %ymm11, %ymm11
-        vpsllq	$25, %ymm12, %ymm12
-        vpsllq	$8, %ymm13, %ymm13
-        vpsllq	$18, %ymm14, %ymm14
-        vpor	%ymm0, %ymm10, %ymm10
-        vpor	%ymm1, %ymm11, %ymm11
-        vpor	%ymm2, %ymm12, %ymm12
-        vpor	%ymm3, %ymm13, %ymm13
-        vpor	%ymm4, %ymm14, %ymm14
-        vpandn	%ymm12, %ymm11, %ymm0
-        vpandn	%ymm13, %ymm12, %ymm1
-        vpandn	%ymm14, %ymm13, %ymm2
-        vpandn	%ymm10, %ymm14, %ymm3
-        vpandn	%ymm11, %ymm10, %ymm4
-        vpxor	%ymm10, %ymm0, %ymm0
-        vpxor	%ymm11, %ymm1, %ymm1
-        vpxor	%ymm12, %ymm2, %ymm2
-        vpxor	%ymm13, %ymm3, %ymm3
-        vpxor	%ymm14, %ymm4, %ymm4
-        vmovdqu	%ymm0, 128(%rcx)
-        vmovdqu	%ymm1, 96(%rax)
-        vmovdqu	%ymm2, -32(%rax)
-        vmovdqu	%ymm3, 96(%rdi)
-        vmovdqu	%ymm4, -32(%rdi)
-        # Row 3
-        vpxor	64(%rdi), %ymm9, %ymm10
-        vpxor	-64(%rdi), %ymm5, %ymm11
-        vpxor	96(%rcx), %ymm6, %ymm12
-        vpxor	-32(%rcx), %ymm7, %ymm13
-        vpxor	-64(%rax), %ymm8, %ymm14
-        vpsrlq	$37, %ymm10, %ymm0
-        vpsrlq	$28, %ymm11, %ymm1
-        vpsrlq	$54, %ymm12, %ymm2
-        vpsrlq	$49, %ymm13, %ymm3
-        vpsrlq	$8, %ymm14, %ymm4
-        vpsllq	$27, %ymm10, %ymm10
-        vpsllq	$36, %ymm11, %ymm11
-        vpsllq	$10, %ymm12, %ymm12
-        vpsllq	$15, %ymm13, %ymm13
-        vpsllq	$56, %ymm14, %ymm14
-        vpor	%ymm0, %ymm10, %ymm10
-        vpor	%ymm1, %ymm11, %ymm11
-        vpor	%ymm2, %ymm12, %ymm12
-        vpor	%ymm3, %ymm13, %ymm13
-        vpor	%ymm4, %ymm14, %ymm14
-        vpandn	%ymm12, %ymm11, %ymm0
-        vpandn	%ymm13, %ymm12, %ymm1
-        vpandn	%ymm14, %ymm13, %ymm2
-        vpandn	%ymm10, %ymm14, %ymm3
-        vpandn	%ymm11, %ymm10, %ymm4
-        vpxor	%ymm10, %ymm0, %ymm0
-        vpxor	%ymm11, %ymm1, %ymm1
-        vpxor	%ymm12, %ymm2, %ymm2
-        vpxor	%ymm13, %ymm3, %ymm3
-        vpxor	%ymm14, %ymm4, %ymm4
-        vmovdqu	%ymm0, 64(%rdi)
-        vmovdqu	%ymm1, -64(%rdi)
-        vmovdqu	%ymm2, 96(%rcx)
-        vmovdqu	%ymm3, -32(%rcx)
-        vmovdqu	%ymm4, -64(%rax)
-        # Row 4
-        vpxor	-64(%rcx), %ymm7, %ymm10
-        vpxor	64(%rax), %ymm8, %ymm11
-        vpxor	32(%rdi), %ymm9, %ymm12
-        vpxor	-96(%rdi), %ymm5, %ymm13
-        vpxor	64(%rcx), %ymm6, %ymm14
-        vpsrlq	$2, %ymm10, %ymm0
-        vpsrlq	$9, %ymm11, %ymm1
-        vpsrlq	$25, %ymm12, %ymm2
-        vpsrlq	$23, %ymm13, %ymm3
-        vpsrlq	$62, %ymm14, %ymm4
-        vpsllq	$62, %ymm10, %ymm10
-        vpsllq	$55, %ymm11, %ymm11
-        vpsllq	$39, %ymm12, %ymm12
-        vpsllq	$41, %ymm13, %ymm13
-        vpsllq	$2, %ymm14, %ymm14
-        vpor	%ymm0, %ymm10, %ymm10
-        vpor	%ymm1, %ymm11, %ymm11
-        vpor	%ymm2, %ymm12, %ymm12
-        vpor	%ymm3, %ymm13, %ymm13
-        vpor	%ymm4, %ymm14, %ymm14
-        vpandn	%ymm12, %ymm11, %ymm0
-        vpandn	%ymm13, %ymm12, %ymm1
-        vpandn	%ymm14, %ymm13, %ymm2
-        vpandn	%ymm10, %ymm14, %ymm3
-        vpandn	%ymm11, %ymm10, %ymm4
-        vpxor	%ymm10, %ymm0, %ymm0
-        vpxor	%ymm11, %ymm1, %ymm1
-        vpxor	%ymm12, %ymm2, %ymm2
-        vpxor	%ymm13, %ymm3, %ymm3
-        vpxor	%ymm14, %ymm4, %ymm4
-        vmovdqu	%ymm0, -64(%rcx)
-        vmovdqu	%ymm1, 64(%rax)
-        vmovdqu	%ymm2, 32(%rdi)
-        vmovdqu	%ymm3, -96(%rdi)
-        vmovdqu	%ymm4, 64(%rcx)
-        # Round 14
-        # Calc b[0..4]
-        vpxor	%ymm15, %ymm0, %ymm10
-        vpxor	-64(%rdi), %ymm1, %ymm11
-        vpxor	-32(%rdi), %ymm4, %ymm14
-        vpxor	(%rdi), %ymm2, %ymm12
-        vpxor	64(%rdi), %ymm10, %ymm10
-        vpxor	96(%rdi), %ymm3, %ymm13
-        vpxor	128(%rdi), %ymm11, %ymm11
-        vpxor	-96(%rax), %ymm14, %ymm14
-        vpxor	-64(%rax), %ymm14, %ymm14
-        vpxor	-32(%rax), %ymm12, %ymm12
-        vpxor	(%rax), %ymm10, %ymm10
-        vpxor	32(%rax), %ymm13, %ymm13
-        vpxor	96(%rax), %ymm11, %ymm11
-        vpxor	128(%rax), %ymm14, %ymm14
-        vpxor	-96(%rcx), %ymm12, %ymm12
-        vpxor	-32(%rcx), %ymm13, %ymm13
-        vpxor	(%rcx), %ymm13, %ymm13
-        vpxor	32(%rcx), %ymm11, %ymm11
-        vpxor	96(%rcx), %ymm12, %ymm12
-        vpxor	128(%rcx), %ymm10, %ymm10
-        # Calc t[0..4]
-        vpsrlq	$63, %ymm11, %ymm0
-        vpsrlq	$63, %ymm12, %ymm1
-        vpsrlq	$63, %ymm13, %ymm2
-        vpsrlq	$63, %ymm14, %ymm3
-        vpsrlq	$63, %ymm10, %ymm4
-        vpaddq	%ymm11, %ymm11, %ymm5
-        vpaddq	%ymm12, %ymm12, %ymm6
-        vpaddq	%ymm13, %ymm13, %ymm7
-        vpaddq	%ymm14, %ymm14, %ymm8
-        vpaddq	%ymm10, %ymm10, %ymm9
-        vpor	%ymm0, %ymm5, %ymm5
-        vpor	%ymm1, %ymm6, %ymm6
-        vpor	%ymm2, %ymm7, %ymm7
-        vpor	%ymm3, %ymm8, %ymm8
-        vpor	%ymm4, %ymm9, %ymm9
-        vpxor	%ymm14, %ymm5, %ymm5
-        vpxor	%ymm10, %ymm6, %ymm6
-        vpxor	%ymm11, %ymm7, %ymm7
-        vpxor	%ymm12, %ymm8, %ymm8
-        vpxor	%ymm13, %ymm9, %ymm9
-        # Row Mix
-        # Row 0
-        vpxor	%ymm15, %ymm5, %ymm10
-        vpxor	128(%rdi), %ymm6, %ymm11
-        vpxor	-32(%rax), %ymm7, %ymm12
-        vpxor	-32(%rcx), %ymm8, %ymm13
-        vpxor	64(%rcx), %ymm9, %ymm14
-        vpsrlq	$20, %ymm11, %ymm0
-        vpsrlq	$21, %ymm12, %ymm1
-        vpsrlq	$43, %ymm13, %ymm2
-        vpsrlq	$50, %ymm14, %ymm3
-        vpsllq	$44, %ymm11, %ymm11
-        vpsllq	$43, %ymm12, %ymm12
-        vpsllq	$21, %ymm13, %ymm13
-        vpsllq	$14, %ymm14, %ymm14
-        vpor	%ymm0, %ymm11, %ymm11
-        vpor	%ymm1, %ymm12, %ymm12
-        vpor	%ymm2, %ymm13, %ymm13
-        vpor	%ymm3, %ymm14, %ymm14
-        vpandn	%ymm12, %ymm11, %ymm15
-        vpandn	%ymm13, %ymm12, %ymm1
-        vpandn	%ymm14, %ymm13, %ymm2
-        vpandn	%ymm10, %ymm14, %ymm3
-        vpandn	%ymm11, %ymm10, %ymm4
-        vpxor	%ymm10, %ymm15, %ymm15
-        vpxor	%ymm11, %ymm1, %ymm1
-        vpxor	%ymm12, %ymm2, %ymm2
-        # XOR in constant
-        vpxor	448(%rdx), %ymm15, %ymm15
-        vpxor	%ymm13, %ymm3, %ymm3
-        vpxor	%ymm14, %ymm4, %ymm4
-        vmovdqu	%ymm1, 128(%rdi)
-        vmovdqu	%ymm2, -32(%rax)
-        vmovdqu	%ymm3, -32(%rcx)
-        vmovdqu	%ymm4, 64(%rcx)
-        # Row 1
-        vpxor	32(%rax), %ymm8, %ymm10
-        vpxor	128(%rax), %ymm9, %ymm11
-        vpxor	128(%rcx), %ymm5, %ymm12
-        vpxor	-64(%rdi), %ymm6, %ymm13
-        vpxor	32(%rdi), %ymm7, %ymm14
-        vpsrlq	$36, %ymm10, %ymm0
-        vpsrlq	$44, %ymm11, %ymm1
-        vpsrlq	$61, %ymm12, %ymm2
-        vpsrlq	$19, %ymm13, %ymm3
-        vpsrlq	$3, %ymm14, %ymm4
-        vpsllq	$28, %ymm10, %ymm10
-        vpsllq	$20, %ymm11, %ymm11
-        vpsllq	$3, %ymm12, %ymm12
-        vpsllq	$45, %ymm13, %ymm13
-        vpsllq	$61, %ymm14, %ymm14
-        vpor	%ymm0, %ymm10, %ymm10
-        vpor	%ymm1, %ymm11, %ymm11
-        vpor	%ymm2, %ymm12, %ymm12
-        vpor	%ymm3, %ymm13, %ymm13
-        vpor	%ymm4, %ymm14, %ymm14
-        vpandn	%ymm12, %ymm11, %ymm0
-        vpandn	%ymm13, %ymm12, %ymm1
-        vpandn	%ymm14, %ymm13, %ymm2
-        vpandn	%ymm10, %ymm14, %ymm3
-        vpandn	%ymm11, %ymm10, %ymm4
-        vpxor	%ymm10, %ymm0, %ymm0
-        vpxor	%ymm11, %ymm1, %ymm1
-        vpxor	%ymm12, %ymm2, %ymm2
-        vpxor	%ymm13, %ymm3, %ymm3
-        vpxor	%ymm14, %ymm4, %ymm4
-        vmovdqu	%ymm0, 32(%rax)
-        vmovdqu	%ymm1, 128(%rax)
-        vmovdqu	%ymm2, 128(%rcx)
-        vmovdqu	%ymm3, -64(%rdi)
-        vmovdqu	%ymm4, 32(%rdi)
-        # Row 2
-        vpxor	32(%rcx), %ymm6, %ymm10
-        vpxor	(%rdi), %ymm7, %ymm11
-        vpxor	96(%rdi), %ymm8, %ymm12
-        vpxor	-64(%rax), %ymm9, %ymm13
-        vpxor	-64(%rcx), %ymm5, %ymm14
-        vpsrlq	$63, %ymm10, %ymm0
-        vpsrlq	$58, %ymm11, %ymm1
-        vpsrlq	$39, %ymm12, %ymm2
-        vpsrlq	$56, %ymm13, %ymm3
-        vpsrlq	$46, %ymm14, %ymm4
-        vpaddq	%ymm10, %ymm10, %ymm10
-        vpsllq	$6, %ymm11, %ymm11
-        vpsllq	$25, %ymm12, %ymm12
-        vpsllq	$8, %ymm13, %ymm13
-        vpsllq	$18, %ymm14, %ymm14
-        vpor	%ymm0, %ymm10, %ymm10
-        vpor	%ymm1, %ymm11, %ymm11
-        vpor	%ymm2, %ymm12, %ymm12
-        vpor	%ymm3, %ymm13, %ymm13
-        vpor	%ymm4, %ymm14, %ymm14
-        vpandn	%ymm12, %ymm11, %ymm0
-        vpandn	%ymm13, %ymm12, %ymm1
-        vpandn	%ymm14, %ymm13, %ymm2
-        vpandn	%ymm10, %ymm14, %ymm3
-        vpandn	%ymm11, %ymm10, %ymm4
-        vpxor	%ymm10, %ymm0, %ymm0
-        vpxor	%ymm11, %ymm1, %ymm1
-        vpxor	%ymm12, %ymm2, %ymm2
-        vpxor	%ymm13, %ymm3, %ymm3
-        vpxor	%ymm14, %ymm4, %ymm4
-        vmovdqu	%ymm0, 32(%rcx)
-        vmovdqu	%ymm1, (%rdi)
-        vmovdqu	%ymm2, 96(%rdi)
-        vmovdqu	%ymm3, -64(%rax)
-        vmovdqu	%ymm4, -64(%rcx)
-        # Row 3
-        vpxor	-96(%rax), %ymm9, %ymm10
-        vpxor	(%rax), %ymm5, %ymm11
-        vpxor	96(%rax), %ymm6, %ymm12
-        vpxor	96(%rcx), %ymm7, %ymm13
-        vpxor	-96(%rdi), %ymm8, %ymm14
-        vpsrlq	$37, %ymm10, %ymm0
-        vpsrlq	$28, %ymm11, %ymm1
-        vpsrlq	$54, %ymm12, %ymm2
-        vpsrlq	$49, %ymm13, %ymm3
-        vpsrlq	$8, %ymm14, %ymm4
-        vpsllq	$27, %ymm10, %ymm10
-        vpsllq	$36, %ymm11, %ymm11
-        vpsllq	$10, %ymm12, %ymm12
-        vpsllq	$15, %ymm13, %ymm13
-        vpsllq	$56, %ymm14, %ymm14
-        vpor	%ymm0, %ymm10, %ymm10
-        vpor	%ymm1, %ymm11, %ymm11
-        vpor	%ymm2, %ymm12, %ymm12
-        vpor	%ymm3, %ymm13, %ymm13
-        vpor	%ymm4, %ymm14, %ymm14
-        vpandn	%ymm12, %ymm11, %ymm0
-        vpandn	%ymm13, %ymm12, %ymm1
-        vpandn	%ymm14, %ymm13, %ymm2
-        vpandn	%ymm10, %ymm14, %ymm3
-        vpandn	%ymm11, %ymm10, %ymm4
-        vpxor	%ymm10, %ymm0, %ymm0
-        vpxor	%ymm11, %ymm1, %ymm1
-        vpxor	%ymm12, %ymm2, %ymm2
-        vpxor	%ymm13, %ymm3, %ymm3
-        vpxor	%ymm14, %ymm4, %ymm4
-        vmovdqu	%ymm0, -96(%rax)
-        vmovdqu	%ymm1, (%rax)
-        vmovdqu	%ymm2, 96(%rax)
-        vmovdqu	%ymm3, 96(%rcx)
-        vmovdqu	%ymm4, -96(%rdi)
-        # Row 4
-        vpxor	-96(%rcx), %ymm7, %ymm10
-        vpxor	(%rcx), %ymm8, %ymm11
-        vpxor	-32(%rdi), %ymm9, %ymm12
-        vpxor	64(%rdi), %ymm5, %ymm13
-        vpxor	64(%rax), %ymm6, %ymm14
-        vpsrlq	$2, %ymm10, %ymm0
-        vpsrlq	$9, %ymm11, %ymm1
-        vpsrlq	$25, %ymm12, %ymm2
-        vpsrlq	$23, %ymm13, %ymm3
-        vpsrlq	$62, %ymm14, %ymm4
-        vpsllq	$62, %ymm10, %ymm10
-        vpsllq	$55, %ymm11, %ymm11
-        vpsllq	$39, %ymm12, %ymm12
-        vpsllq	$41, %ymm13, %ymm13
-        vpsllq	$2, %ymm14, %ymm14
-        vpor	%ymm0, %ymm10, %ymm10
-        vpor	%ymm1, %ymm11, %ymm11
-        vpor	%ymm2, %ymm12, %ymm12
-        vpor	%ymm3, %ymm13, %ymm13
-        vpor	%ymm4, %ymm14, %ymm14
-        vpandn	%ymm12, %ymm11, %ymm0
-        vpandn	%ymm13, %ymm12, %ymm1
-        vpandn	%ymm14, %ymm13, %ymm2
-        vpandn	%ymm10, %ymm14, %ymm3
-        vpandn	%ymm11, %ymm10, %ymm4
-        vpxor	%ymm10, %ymm0, %ymm0
-        vpxor	%ymm11, %ymm1, %ymm1
-        vpxor	%ymm12, %ymm2, %ymm2
-        vpxor	%ymm13, %ymm3, %ymm3
-        vpxor	%ymm14, %ymm4, %ymm4
-        vmovdqu	%ymm0, -96(%rcx)
-        vmovdqu	%ymm1, (%rcx)
-        vmovdqu	%ymm2, -32(%rdi)
-        vmovdqu	%ymm3, 64(%rdi)
-        vmovdqu	%ymm4, 64(%rax)
-        # Round 15
-        # Calc b[0..4]
-        vpxor	%ymm15, %ymm0, %ymm10
-        vpxor	-96(%rdi), %ymm4, %ymm14
-        vpxor	-64(%rdi), %ymm3, %ymm13
-        vpxor	(%rdi), %ymm1, %ymm11
-        vpxor	32(%rdi), %ymm14, %ymm14
-        vpxor	96(%rdi), %ymm2, %ymm12
-        vpxor	128(%rdi), %ymm11, %ymm11
-        vpxor	-96(%rax), %ymm10, %ymm10
-        vpxor	-64(%rax), %ymm13, %ymm13
-        vpxor	-32(%rax), %ymm12, %ymm12
-        vpxor	(%rax), %ymm11, %ymm11
-        vpxor	32(%rax), %ymm10, %ymm10
-        vpxor	96(%rax), %ymm12, %ymm12
-        vpxor	128(%rax), %ymm11, %ymm11
-        vpxor	-64(%rcx), %ymm14, %ymm14
-        vpxor	-32(%rcx), %ymm13, %ymm13
-        vpxor	32(%rcx), %ymm10, %ymm10
-        vpxor	64(%rcx), %ymm14, %ymm14
-        vpxor	96(%rcx), %ymm13, %ymm13
-        vpxor	128(%rcx), %ymm12, %ymm12
-        # Calc t[0..4]
-        vpsrlq	$63, %ymm11, %ymm0
-        vpsrlq	$63, %ymm12, %ymm1
-        vpsrlq	$63, %ymm13, %ymm2
-        vpsrlq	$63, %ymm14, %ymm3
-        vpsrlq	$63, %ymm10, %ymm4
-        vpaddq	%ymm11, %ymm11, %ymm5
-        vpaddq	%ymm12, %ymm12, %ymm6
-        vpaddq	%ymm13, %ymm13, %ymm7
-        vpaddq	%ymm14, %ymm14, %ymm8
-        vpaddq	%ymm10, %ymm10, %ymm9
-        vpor	%ymm0, %ymm5, %ymm5
-        vpor	%ymm1, %ymm6, %ymm6
-        vpor	%ymm2, %ymm7, %ymm7
-        vpor	%ymm3, %ymm8, %ymm8
-        vpor	%ymm4, %ymm9, %ymm9
-        vpxor	%ymm14, %ymm5, %ymm5
-        vpxor	%ymm10, %ymm6, %ymm6
-        vpxor	%ymm11, %ymm7, %ymm7
-        vpxor	%ymm12, %ymm8, %ymm8
-        vpxor	%ymm13, %ymm9, %ymm9
-        # Row Mix
-        # Row 0
-        vpxor	%ymm15, %ymm5, %ymm10
-        vpxor	128(%rax), %ymm6, %ymm11
-        vpxor	96(%rdi), %ymm7, %ymm12
-        vpxor	96(%rcx), %ymm8, %ymm13
-        vpxor	64(%rax), %ymm9, %ymm14
-        vpsrlq	$20, %ymm11, %ymm0
-        vpsrlq	$21, %ymm12, %ymm1
-        vpsrlq	$43, %ymm13, %ymm2
-        vpsrlq	$50, %ymm14, %ymm3
-        vpsllq	$44, %ymm11, %ymm11
-        vpsllq	$43, %ymm12, %ymm12
-        vpsllq	$21, %ymm13, %ymm13
-        vpsllq	$14, %ymm14, %ymm14
-        vpor	%ymm0, %ymm11, %ymm11
-        vpor	%ymm1, %ymm12, %ymm12
-        vpor	%ymm2, %ymm13, %ymm13
-        vpor	%ymm3, %ymm14, %ymm14
-        vpandn	%ymm12, %ymm11, %ymm15
-        vpandn	%ymm13, %ymm12, %ymm1
-        vpandn	%ymm14, %ymm13, %ymm2
-        vpandn	%ymm10, %ymm14, %ymm3
-        vpandn	%ymm11, %ymm10, %ymm4
-        vpxor	%ymm10, %ymm15, %ymm15
-        vpxor	%ymm11, %ymm1, %ymm1
-        vpxor	%ymm12, %ymm2, %ymm2
-        # XOR in constant
-        vpxor	480(%rdx), %ymm15, %ymm15
-        vpxor	%ymm13, %ymm3, %ymm3
-        vpxor	%ymm14, %ymm4, %ymm4
-        vmovdqu	%ymm1, 128(%rax)
-        vmovdqu	%ymm2, 96(%rdi)
-        vmovdqu	%ymm3, 96(%rcx)
-        vmovdqu	%ymm4, 64(%rax)
-        # Row 1
-        vpxor	-32(%rcx), %ymm8, %ymm10
-        vpxor	32(%rdi), %ymm9, %ymm11
-        vpxor	32(%rcx), %ymm5, %ymm12
-        vpxor	(%rax), %ymm6, %ymm13
-        vpxor	-32(%rdi), %ymm7, %ymm14
-        vpsrlq	$36, %ymm10, %ymm0
-        vpsrlq	$44, %ymm11, %ymm1
-        vpsrlq	$61, %ymm12, %ymm2
-        vpsrlq	$19, %ymm13, %ymm3
-        vpsrlq	$3, %ymm14, %ymm4
-        vpsllq	$28, %ymm10, %ymm10
-        vpsllq	$20, %ymm11, %ymm11
-        vpsllq	$3, %ymm12, %ymm12
-        vpsllq	$45, %ymm13, %ymm13
-        vpsllq	$61, %ymm14, %ymm14
-        vpor	%ymm0, %ymm10, %ymm10
-        vpor	%ymm1, %ymm11, %ymm11
-        vpor	%ymm2, %ymm12, %ymm12
-        vpor	%ymm3, %ymm13, %ymm13
-        vpor	%ymm4, %ymm14, %ymm14
-        vpandn	%ymm12, %ymm11, %ymm0
-        vpandn	%ymm13, %ymm12, %ymm1
-        vpandn	%ymm14, %ymm13, %ymm2
-        vpandn	%ymm10, %ymm14, %ymm3
-        vpandn	%ymm11, %ymm10, %ymm4
-        vpxor	%ymm10, %ymm0, %ymm0
-        vpxor	%ymm11, %ymm1, %ymm1
-        vpxor	%ymm12, %ymm2, %ymm2
-        vpxor	%ymm13, %ymm3, %ymm3
-        vpxor	%ymm14, %ymm4, %ymm4
-        vmovdqu	%ymm0, -32(%rcx)
-        vmovdqu	%ymm1, 32(%rdi)
-        vmovdqu	%ymm2, 32(%rcx)
-        vmovdqu	%ymm3, (%rax)
-        vmovdqu	%ymm4, -32(%rdi)
-        # Row 2
-        vpxor	128(%rdi), %ymm6, %ymm10
-        vpxor	128(%rcx), %ymm7, %ymm11
-        vpxor	-64(%rax), %ymm8, %ymm12
-        vpxor	-96(%rdi), %ymm9, %ymm13
-        vpxor	-96(%rcx), %ymm5, %ymm14
-        vpsrlq	$63, %ymm10, %ymm0
-        vpsrlq	$58, %ymm11, %ymm1
-        vpsrlq	$39, %ymm12, %ymm2
-        vpsrlq	$56, %ymm13, %ymm3
-        vpsrlq	$46, %ymm14, %ymm4
-        vpaddq	%ymm10, %ymm10, %ymm10
-        vpsllq	$6, %ymm11, %ymm11
-        vpsllq	$25, %ymm12, %ymm12
-        vpsllq	$8, %ymm13, %ymm13
-        vpsllq	$18, %ymm14, %ymm14
-        vpor	%ymm0, %ymm10, %ymm10
-        vpor	%ymm1, %ymm11, %ymm11
-        vpor	%ymm2, %ymm12, %ymm12
-        vpor	%ymm3, %ymm13, %ymm13
-        vpor	%ymm4, %ymm14, %ymm14
-        vpandn	%ymm12, %ymm11, %ymm0
-        vpandn	%ymm13, %ymm12, %ymm1
-        vpandn	%ymm14, %ymm13, %ymm2
-        vpandn	%ymm10, %ymm14, %ymm3
-        vpandn	%ymm11, %ymm10, %ymm4
-        vpxor	%ymm10, %ymm0, %ymm0
-        vpxor	%ymm11, %ymm1, %ymm1
-        vpxor	%ymm12, %ymm2, %ymm2
-        vpxor	%ymm13, %ymm3, %ymm3
-        vpxor	%ymm14, %ymm4, %ymm4
-        vmovdqu	%ymm0, 128(%rdi)
-        vmovdqu	%ymm1, 128(%rcx)
-        vmovdqu	%ymm2, -64(%rax)
-        vmovdqu	%ymm3, -96(%rdi)
-        vmovdqu	%ymm4, -96(%rcx)
-        # Row 3
-        vpxor	64(%rcx), %ymm9, %ymm10
-        vpxor	32(%rax), %ymm5, %ymm11
-        vpxor	(%rdi), %ymm6, %ymm12
-        vpxor	96(%rax), %ymm7, %ymm13
-        vpxor	64(%rdi), %ymm8, %ymm14
-        vpsrlq	$37, %ymm10, %ymm0
-        vpsrlq	$28, %ymm11, %ymm1
-        vpsrlq	$54, %ymm12, %ymm2
-        vpsrlq	$49, %ymm13, %ymm3
-        vpsrlq	$8, %ymm14, %ymm4
-        vpsllq	$27, %ymm10, %ymm10
-        vpsllq	$36, %ymm11, %ymm11
-        vpsllq	$10, %ymm12, %ymm12
-        vpsllq	$15, %ymm13, %ymm13
-        vpsllq	$56, %ymm14, %ymm14
-        vpor	%ymm0, %ymm10, %ymm10
-        vpor	%ymm1, %ymm11, %ymm11
-        vpor	%ymm2, %ymm12, %ymm12
-        vpor	%ymm3, %ymm13, %ymm13
-        vpor	%ymm4, %ymm14, %ymm14
-        vpandn	%ymm12, %ymm11, %ymm0
-        vpandn	%ymm13, %ymm12, %ymm1
-        vpandn	%ymm14, %ymm13, %ymm2
-        vpandn	%ymm10, %ymm14, %ymm3
-        vpandn	%ymm11, %ymm10, %ymm4
-        vpxor	%ymm10, %ymm0, %ymm0
-        vpxor	%ymm11, %ymm1, %ymm1
-        vpxor	%ymm12, %ymm2, %ymm2
-        vpxor	%ymm13, %ymm3, %ymm3
-        vpxor	%ymm14, %ymm4, %ymm4
-        vmovdqu	%ymm0, 64(%rcx)
-        vmovdqu	%ymm1, 32(%rax)
-        vmovdqu	%ymm2, (%rdi)
-        vmovdqu	%ymm3, 96(%rax)
-        vmovdqu	%ymm4, 64(%rdi)
-        # Row 4
-        vpxor	-32(%rax), %ymm7, %ymm10
-        vpxor	-64(%rdi), %ymm8, %ymm11
-        vpxor	-64(%rcx), %ymm9, %ymm12
-        vpxor	-96(%rax), %ymm5, %ymm13
-        vpxor	(%rcx), %ymm6, %ymm14
-        vpsrlq	$2, %ymm10, %ymm0
-        vpsrlq	$9, %ymm11, %ymm1
-        vpsrlq	$25, %ymm12, %ymm2
-        vpsrlq	$23, %ymm13, %ymm3
-        vpsrlq	$62, %ymm14, %ymm4
-        vpsllq	$62, %ymm10, %ymm10
-        vpsllq	$55, %ymm11, %ymm11
-        vpsllq	$39, %ymm12, %ymm12
-        vpsllq	$41, %ymm13, %ymm13
-        vpsllq	$2, %ymm14, %ymm14
-        vpor	%ymm0, %ymm10, %ymm10
-        vpor	%ymm1, %ymm11, %ymm11
-        vpor	%ymm2, %ymm12, %ymm12
-        vpor	%ymm3, %ymm13, %ymm13
-        vpor	%ymm4, %ymm14, %ymm14
-        vpandn	%ymm12, %ymm11, %ymm0
-        vpandn	%ymm13, %ymm12, %ymm1
-        vpandn	%ymm14, %ymm13, %ymm2
-        vpandn	%ymm10, %ymm14, %ymm3
-        vpandn	%ymm11, %ymm10, %ymm4
-        vpxor	%ymm10, %ymm0, %ymm0
-        vpxor	%ymm11, %ymm1, %ymm1
-        vpxor	%ymm12, %ymm2, %ymm2
-        vpxor	%ymm13, %ymm3, %ymm3
-        vpxor	%ymm14, %ymm4, %ymm4
-        vmovdqu	%ymm0, -32(%rax)
-        vmovdqu	%ymm1, -64(%rdi)
-        vmovdqu	%ymm2, -64(%rcx)
-        vmovdqu	%ymm3, -96(%rax)
-        vmovdqu	%ymm4, (%rcx)
-        # Round 16
-        # Calc b[0..4]
-        vpxor	%ymm15, %ymm0, %ymm10
-        vpxor	-96(%rdi), %ymm3, %ymm13
-        vpxor	-32(%rdi), %ymm4, %ymm14
-        vpxor	(%rdi), %ymm2, %ymm12
-        vpxor	32(%rdi), %ymm1, %ymm11
-        vpxor	64(%rdi), %ymm14, %ymm14
-        vpxor	96(%rdi), %ymm12, %ymm12
-        vpxor	128(%rdi), %ymm10, %ymm10
-        vpxor	-64(%rax), %ymm12, %ymm12
-        vpxor	(%rax), %ymm13, %ymm13
-        vpxor	32(%rax), %ymm11, %ymm11
-        vpxor	64(%rax), %ymm14, %ymm14
-        vpxor	96(%rax), %ymm13, %ymm13
-        vpxor	128(%rax), %ymm11, %ymm11
-        vpxor	-96(%rcx), %ymm14, %ymm14
-        vpxor	-32(%rcx), %ymm10, %ymm10
-        vpxor	32(%rcx), %ymm12, %ymm12
-        vpxor	64(%rcx), %ymm10, %ymm10
-        vpxor	96(%rcx), %ymm13, %ymm13
-        vpxor	128(%rcx), %ymm11, %ymm11
-        # Calc t[0..4]
-        vpsrlq	$63, %ymm11, %ymm0
-        vpsrlq	$63, %ymm12, %ymm1
-        vpsrlq	$63, %ymm13, %ymm2
-        vpsrlq	$63, %ymm14, %ymm3
-        vpsrlq	$63, %ymm10, %ymm4
-        vpaddq	%ymm11, %ymm11, %ymm5
-        vpaddq	%ymm12, %ymm12, %ymm6
-        vpaddq	%ymm13, %ymm13, %ymm7
-        vpaddq	%ymm14, %ymm14, %ymm8
-        vpaddq	%ymm10, %ymm10, %ymm9
-        vpor	%ymm0, %ymm5, %ymm5
-        vpor	%ymm1, %ymm6, %ymm6
-        vpor	%ymm2, %ymm7, %ymm7
-        vpor	%ymm3, %ymm8, %ymm8
-        vpor	%ymm4, %ymm9, %ymm9
-        vpxor	%ymm14, %ymm5, %ymm5
-        vpxor	%ymm10, %ymm6, %ymm6
-        vpxor	%ymm11, %ymm7, %ymm7
-        vpxor	%ymm12, %ymm8, %ymm8
-        vpxor	%ymm13, %ymm9, %ymm9
-        # Row Mix
-        # Row 0
-        vpxor	%ymm15, %ymm5, %ymm10
-        vpxor	32(%rdi), %ymm6, %ymm11
-        vpxor	-64(%rax), %ymm7, %ymm12
-        vpxor	96(%rax), %ymm8, %ymm13
-        vpxor	(%rcx), %ymm9, %ymm14
-        vpsrlq	$20, %ymm11, %ymm0
-        vpsrlq	$21, %ymm12, %ymm1
-        vpsrlq	$43, %ymm13, %ymm2
-        vpsrlq	$50, %ymm14, %ymm3
-        vpsllq	$44, %ymm11, %ymm11
-        vpsllq	$43, %ymm12, %ymm12
-        vpsllq	$21, %ymm13, %ymm13
-        vpsllq	$14, %ymm14, %ymm14
-        vpor	%ymm0, %ymm11, %ymm11
-        vpor	%ymm1, %ymm12, %ymm12
-        vpor	%ymm2, %ymm13, %ymm13
-        vpor	%ymm3, %ymm14, %ymm14
-        vpandn	%ymm12, %ymm11, %ymm15
-        vpandn	%ymm13, %ymm12, %ymm1
-        vpandn	%ymm14, %ymm13, %ymm2
-        vpandn	%ymm10, %ymm14, %ymm3
-        vpandn	%ymm11, %ymm10, %ymm4
-        vpxor	%ymm10, %ymm15, %ymm15
-        vpxor	%ymm11, %ymm1, %ymm1
-        vpxor	%ymm12, %ymm2, %ymm2
-        # XOR in constant
-        vpxor	512(%rdx), %ymm15, %ymm15
-        vpxor	%ymm13, %ymm3, %ymm3
-        vpxor	%ymm14, %ymm4, %ymm4
-        vmovdqu	%ymm1, 32(%rdi)
-        vmovdqu	%ymm2, -64(%rax)
-        vmovdqu	%ymm3, 96(%rax)
-        vmovdqu	%ymm4, (%rcx)
-        # Row 1
-        vpxor	96(%rcx), %ymm8, %ymm10
-        vpxor	-32(%rdi), %ymm9, %ymm11
-        vpxor	128(%rdi), %ymm5, %ymm12
-        vpxor	32(%rax), %ymm6, %ymm13
-        vpxor	-64(%rcx), %ymm7, %ymm14
-        vpsrlq	$36, %ymm10, %ymm0
-        vpsrlq	$44, %ymm11, %ymm1
-        vpsrlq	$61, %ymm12, %ymm2
-        vpsrlq	$19, %ymm13, %ymm3
-        vpsrlq	$3, %ymm14, %ymm4
-        vpsllq	$28, %ymm10, %ymm10
-        vpsllq	$20, %ymm11, %ymm11
-        vpsllq	$3, %ymm12, %ymm12
-        vpsllq	$45, %ymm13, %ymm13
-        vpsllq	$61, %ymm14, %ymm14
-        vpor	%ymm0, %ymm10, %ymm10
-        vpor	%ymm1, %ymm11, %ymm11
-        vpor	%ymm2, %ymm12, %ymm12
-        vpor	%ymm3, %ymm13, %ymm13
-        vpor	%ymm4, %ymm14, %ymm14
-        vpandn	%ymm12, %ymm11, %ymm0
-        vpandn	%ymm13, %ymm12, %ymm1
-        vpandn	%ymm14, %ymm13, %ymm2
-        vpandn	%ymm10, %ymm14, %ymm3
-        vpandn	%ymm11, %ymm10, %ymm4
-        vpxor	%ymm10, %ymm0, %ymm0
-        vpxor	%ymm11, %ymm1, %ymm1
-        vpxor	%ymm12, %ymm2, %ymm2
-        vpxor	%ymm13, %ymm3, %ymm3
-        vpxor	%ymm14, %ymm4, %ymm4
-        vmovdqu	%ymm0, 96(%rcx)
-        vmovdqu	%ymm1, -32(%rdi)
-        vmovdqu	%ymm2, 128(%rdi)
-        vmovdqu	%ymm3, 32(%rax)
-        vmovdqu	%ymm4, -64(%rcx)
-        # Row 2
-        vpxor	128(%rax), %ymm6, %ymm10
-        vpxor	32(%rcx), %ymm7, %ymm11
-        vpxor	-96(%rdi), %ymm8, %ymm12
-        vpxor	64(%rdi), %ymm9, %ymm13
-        vpxor	-32(%rax), %ymm5, %ymm14
-        vpsrlq	$63, %ymm10, %ymm0
-        vpsrlq	$58, %ymm11, %ymm1
-        vpsrlq	$39, %ymm12, %ymm2
-        vpsrlq	$56, %ymm13, %ymm3
-        vpsrlq	$46, %ymm14, %ymm4
-        vpaddq	%ymm10, %ymm10, %ymm10
-        vpsllq	$6, %ymm11, %ymm11
-        vpsllq	$25, %ymm12, %ymm12
-        vpsllq	$8, %ymm13, %ymm13
-        vpsllq	$18, %ymm14, %ymm14
-        vpor	%ymm0, %ymm10, %ymm10
-        vpor	%ymm1, %ymm11, %ymm11
-        vpor	%ymm2, %ymm12, %ymm12
-        vpor	%ymm3, %ymm13, %ymm13
-        vpor	%ymm4, %ymm14, %ymm14
-        vpandn	%ymm12, %ymm11, %ymm0
-        vpandn	%ymm13, %ymm12, %ymm1
-        vpandn	%ymm14, %ymm13, %ymm2
-        vpandn	%ymm10, %ymm14, %ymm3
-        vpandn	%ymm11, %ymm10, %ymm4
-        vpxor	%ymm10, %ymm0, %ymm0
-        vpxor	%ymm11, %ymm1, %ymm1
-        vpxor	%ymm12, %ymm2, %ymm2
-        vpxor	%ymm13, %ymm3, %ymm3
-        vpxor	%ymm14, %ymm4, %ymm4
-        vmovdqu	%ymm0, 128(%rax)
-        vmovdqu	%ymm1, 32(%rcx)
-        vmovdqu	%ymm2, -96(%rdi)
-        vmovdqu	%ymm3, 64(%rdi)
-        vmovdqu	%ymm4, -32(%rax)
-        # Row 3
-        vpxor	64(%rax), %ymm9, %ymm10
-        vpxor	-32(%rcx), %ymm5, %ymm11
-        vpxor	128(%rcx), %ymm6, %ymm12
-        vpxor	(%rdi), %ymm7, %ymm13
-        vpxor	-96(%rax), %ymm8, %ymm14
-        vpsrlq	$37, %ymm10, %ymm0
-        vpsrlq	$28, %ymm11, %ymm1
-        vpsrlq	$54, %ymm12, %ymm2
-        vpsrlq	$49, %ymm13, %ymm3
-        vpsrlq	$8, %ymm14, %ymm4
-        vpsllq	$27, %ymm10, %ymm10
-        vpsllq	$36, %ymm11, %ymm11
-        vpsllq	$10, %ymm12, %ymm12
-        vpsllq	$15, %ymm13, %ymm13
-        vpsllq	$56, %ymm14, %ymm14
-        vpor	%ymm0, %ymm10, %ymm10
-        vpor	%ymm1, %ymm11, %ymm11
-        vpor	%ymm2, %ymm12, %ymm12
-        vpor	%ymm3, %ymm13, %ymm13
-        vpor	%ymm4, %ymm14, %ymm14
-        vpandn	%ymm12, %ymm11, %ymm0
-        vpandn	%ymm13, %ymm12, %ymm1
-        vpandn	%ymm14, %ymm13, %ymm2
-        vpandn	%ymm10, %ymm14, %ymm3
-        vpandn	%ymm11, %ymm10, %ymm4
-        vpxor	%ymm10, %ymm0, %ymm0
-        vpxor	%ymm11, %ymm1, %ymm1
-        vpxor	%ymm12, %ymm2, %ymm2
-        vpxor	%ymm13, %ymm3, %ymm3
-        vpxor	%ymm14, %ymm4, %ymm4
-        vmovdqu	%ymm0, 64(%rax)
-        vmovdqu	%ymm1, -32(%rcx)
-        vmovdqu	%ymm2, 128(%rcx)
-        vmovdqu	%ymm3, (%rdi)
-        vmovdqu	%ymm4, -96(%rax)
-        # Row 4
-        vpxor	96(%rdi), %ymm7, %ymm10
-        vpxor	(%rax), %ymm8, %ymm11
-        vpxor	-96(%rcx), %ymm9, %ymm12
-        vpxor	64(%rcx), %ymm5, %ymm13
-        vpxor	-64(%rdi), %ymm6, %ymm14
-        vpsrlq	$2, %ymm10, %ymm0
-        vpsrlq	$9, %ymm11, %ymm1
-        vpsrlq	$25, %ymm12, %ymm2
-        vpsrlq	$23, %ymm13, %ymm3
-        vpsrlq	$62, %ymm14, %ymm4
-        vpsllq	$62, %ymm10, %ymm10
-        vpsllq	$55, %ymm11, %ymm11
-        vpsllq	$39, %ymm12, %ymm12
-        vpsllq	$41, %ymm13, %ymm13
-        vpsllq	$2, %ymm14, %ymm14
-        vpor	%ymm0, %ymm10, %ymm10
-        vpor	%ymm1, %ymm11, %ymm11
-        vpor	%ymm2, %ymm12, %ymm12
-        vpor	%ymm3, %ymm13, %ymm13
-        vpor	%ymm4, %ymm14, %ymm14
-        vpandn	%ymm12, %ymm11, %ymm0
-        vpandn	%ymm13, %ymm12, %ymm1
-        vpandn	%ymm14, %ymm13, %ymm2
-        vpandn	%ymm10, %ymm14, %ymm3
-        vpandn	%ymm11, %ymm10, %ymm4
-        vpxor	%ymm10, %ymm0, %ymm0
-        vpxor	%ymm11, %ymm1, %ymm1
-        vpxor	%ymm12, %ymm2, %ymm2
-        vpxor	%ymm13, %ymm3, %ymm3
-        vpxor	%ymm14, %ymm4, %ymm4
-        vmovdqu	%ymm0, 96(%rdi)
-        vmovdqu	%ymm1, (%rax)
-        vmovdqu	%ymm2, -96(%rcx)
-        vmovdqu	%ymm3, 64(%rcx)
-        vmovdqu	%ymm4, -64(%rdi)
-        # Round 17
-        # Calc b[0..4]
-        vpxor	%ymm15, %ymm0, %ymm10
-        vpxor	-96(%rdi), %ymm2, %ymm12
-        vpxor	-32(%rdi), %ymm1, %ymm11
-        vpxor	(%rdi), %ymm3, %ymm13
-        vpxor	32(%rdi), %ymm11, %ymm11
-        vpxor	64(%rdi), %ymm13, %ymm13
-        vpxor	128(%rdi), %ymm12, %ymm12
-        vpxor	-96(%rax), %ymm4, %ymm14
-        vpxor	-64(%rax), %ymm12, %ymm12
-        vpxor	-32(%rax), %ymm14, %ymm14
-        vpxor	32(%rax), %ymm13, %ymm13
-        vpxor	64(%rax), %ymm10, %ymm10
-        vpxor	96(%rax), %ymm13, %ymm13
-        vpxor	128(%rax), %ymm10, %ymm10
-        vpxor	-64(%rcx), %ymm14, %ymm14
-        vpxor	-32(%rcx), %ymm11, %ymm11
-        vpxor	(%rcx), %ymm14, %ymm14
-        vpxor	32(%rcx), %ymm11, %ymm11
-        vpxor	96(%rcx), %ymm10, %ymm10
-        vpxor	128(%rcx), %ymm12, %ymm12
-        # Calc t[0..4]
-        vpsrlq	$63, %ymm11, %ymm0
-        vpsrlq	$63, %ymm12, %ymm1
-        vpsrlq	$63, %ymm13, %ymm2
-        vpsrlq	$63, %ymm14, %ymm3
-        vpsrlq	$63, %ymm10, %ymm4
-        vpaddq	%ymm11, %ymm11, %ymm5
-        vpaddq	%ymm12, %ymm12, %ymm6
-        vpaddq	%ymm13, %ymm13, %ymm7
-        vpaddq	%ymm14, %ymm14, %ymm8
-        vpaddq	%ymm10, %ymm10, %ymm9
-        vpor	%ymm0, %ymm5, %ymm5
-        vpor	%ymm1, %ymm6, %ymm6
-        vpor	%ymm2, %ymm7, %ymm7
-        vpor	%ymm3, %ymm8, %ymm8
-        vpor	%ymm4, %ymm9, %ymm9
-        vpxor	%ymm14, %ymm5, %ymm5
-        vpxor	%ymm10, %ymm6, %ymm6
-        vpxor	%ymm11, %ymm7, %ymm7
-        vpxor	%ymm12, %ymm8, %ymm8
-        vpxor	%ymm13, %ymm9, %ymm9
-        # Row Mix
-        # Row 0
-        vpxor	%ymm15, %ymm5, %ymm10
-        vpxor	-32(%rdi), %ymm6, %ymm11
-        vpxor	-96(%rdi), %ymm7, %ymm12
-        vpxor	(%rdi), %ymm8, %ymm13
-        vpxor	-64(%rdi), %ymm9, %ymm14
-        vpsrlq	$20, %ymm11, %ymm0
-        vpsrlq	$21, %ymm12, %ymm1
-        vpsrlq	$43, %ymm13, %ymm2
-        vpsrlq	$50, %ymm14, %ymm3
-        vpsllq	$44, %ymm11, %ymm11
-        vpsllq	$43, %ymm12, %ymm12
-        vpsllq	$21, %ymm13, %ymm13
-        vpsllq	$14, %ymm14, %ymm14
-        vpor	%ymm0, %ymm11, %ymm11
-        vpor	%ymm1, %ymm12, %ymm12
-        vpor	%ymm2, %ymm13, %ymm13
-        vpor	%ymm3, %ymm14, %ymm14
-        vpandn	%ymm12, %ymm11, %ymm15
-        vpandn	%ymm13, %ymm12, %ymm1
-        vpandn	%ymm14, %ymm13, %ymm2
-        vpandn	%ymm10, %ymm14, %ymm3
-        vpandn	%ymm11, %ymm10, %ymm4
-        vpxor	%ymm10, %ymm15, %ymm15
-        vpxor	%ymm11, %ymm1, %ymm1
-        vpxor	%ymm12, %ymm2, %ymm2
-        # XOR in constant
-        vpxor	544(%rdx), %ymm15, %ymm15
-        vpxor	%ymm13, %ymm3, %ymm3
-        vpxor	%ymm14, %ymm4, %ymm4
-        vmovdqu	%ymm1, -32(%rdi)
-        vmovdqu	%ymm2, -96(%rdi)
-        vmovdqu	%ymm3, (%rdi)
-        vmovdqu	%ymm4, -64(%rdi)
-        # Row 1
-        vpxor	96(%rax), %ymm8, %ymm10
-        vpxor	-64(%rcx), %ymm9, %ymm11
-        vpxor	128(%rax), %ymm5, %ymm12
-        vpxor	-32(%rcx), %ymm6, %ymm13
-        vpxor	-96(%rcx), %ymm7, %ymm14
-        vpsrlq	$36, %ymm10, %ymm0
-        vpsrlq	$44, %ymm11, %ymm1
-        vpsrlq	$61, %ymm12, %ymm2
-        vpsrlq	$19, %ymm13, %ymm3
-        vpsrlq	$3, %ymm14, %ymm4
-        vpsllq	$28, %ymm10, %ymm10
-        vpsllq	$20, %ymm11, %ymm11
-        vpsllq	$3, %ymm12, %ymm12
-        vpsllq	$45, %ymm13, %ymm13
-        vpsllq	$61, %ymm14, %ymm14
-        vpor	%ymm0, %ymm10, %ymm10
-        vpor	%ymm1, %ymm11, %ymm11
-        vpor	%ymm2, %ymm12, %ymm12
-        vpor	%ymm3, %ymm13, %ymm13
-        vpor	%ymm4, %ymm14, %ymm14
-        vpandn	%ymm12, %ymm11, %ymm0
-        vpandn	%ymm13, %ymm12, %ymm1
-        vpandn	%ymm14, %ymm13, %ymm2
-        vpandn	%ymm10, %ymm14, %ymm3
-        vpandn	%ymm11, %ymm10, %ymm4
-        vpxor	%ymm10, %ymm0, %ymm0
-        vpxor	%ymm11, %ymm1, %ymm1
-        vpxor	%ymm12, %ymm2, %ymm2
-        vpxor	%ymm13, %ymm3, %ymm3
-        vpxor	%ymm14, %ymm4, %ymm4
-        vmovdqu	%ymm0, 96(%rax)
-        vmovdqu	%ymm1, -64(%rcx)
-        vmovdqu	%ymm2, 128(%rax)
-        vmovdqu	%ymm3, -32(%rcx)
-        vmovdqu	%ymm4, -96(%rcx)
-        # Row 2
-        vpxor	32(%rdi), %ymm6, %ymm10
-        vpxor	128(%rdi), %ymm7, %ymm11
-        vpxor	64(%rdi), %ymm8, %ymm12
-        vpxor	-96(%rax), %ymm9, %ymm13
-        vpxor	96(%rdi), %ymm5, %ymm14
-        vpsrlq	$63, %ymm10, %ymm0
-        vpsrlq	$58, %ymm11, %ymm1
-        vpsrlq	$39, %ymm12, %ymm2
-        vpsrlq	$56, %ymm13, %ymm3
-        vpsrlq	$46, %ymm14, %ymm4
-        vpaddq	%ymm10, %ymm10, %ymm10
-        vpsllq	$6, %ymm11, %ymm11
-        vpsllq	$25, %ymm12, %ymm12
-        vpsllq	$8, %ymm13, %ymm13
-        vpsllq	$18, %ymm14, %ymm14
-        vpor	%ymm0, %ymm10, %ymm10
-        vpor	%ymm1, %ymm11, %ymm11
-        vpor	%ymm2, %ymm12, %ymm12
-        vpor	%ymm3, %ymm13, %ymm13
-        vpor	%ymm4, %ymm14, %ymm14
-        vpandn	%ymm12, %ymm11, %ymm0
-        vpandn	%ymm13, %ymm12, %ymm1
-        vpandn	%ymm14, %ymm13, %ymm2
-        vpandn	%ymm10, %ymm14, %ymm3
-        vpandn	%ymm11, %ymm10, %ymm4
-        vpxor	%ymm10, %ymm0, %ymm0
-        vpxor	%ymm11, %ymm1, %ymm1
-        vpxor	%ymm12, %ymm2, %ymm2
-        vpxor	%ymm13, %ymm3, %ymm3
-        vpxor	%ymm14, %ymm4, %ymm4
-        vmovdqu	%ymm0, 32(%rdi)
-        vmovdqu	%ymm1, 128(%rdi)
-        vmovdqu	%ymm2, 64(%rdi)
-        vmovdqu	%ymm3, -96(%rax)
-        vmovdqu	%ymm4, 96(%rdi)
-        # Row 3
-        vpxor	(%rcx), %ymm9, %ymm10
-        vpxor	96(%rcx), %ymm5, %ymm11
-        vpxor	32(%rcx), %ymm6, %ymm12
-        vpxor	128(%rcx), %ymm7, %ymm13
-        vpxor	64(%rcx), %ymm8, %ymm14
-        vpsrlq	$37, %ymm10, %ymm0
-        vpsrlq	$28, %ymm11, %ymm1
-        vpsrlq	$54, %ymm12, %ymm2
-        vpsrlq	$49, %ymm13, %ymm3
-        vpsrlq	$8, %ymm14, %ymm4
-        vpsllq	$27, %ymm10, %ymm10
-        vpsllq	$36, %ymm11, %ymm11
-        vpsllq	$10, %ymm12, %ymm12
-        vpsllq	$15, %ymm13, %ymm13
-        vpsllq	$56, %ymm14, %ymm14
-        vpor	%ymm0, %ymm10, %ymm10
-        vpor	%ymm1, %ymm11, %ymm11
-        vpor	%ymm2, %ymm12, %ymm12
-        vpor	%ymm3, %ymm13, %ymm13
-        vpor	%ymm4, %ymm14, %ymm14
-        vpandn	%ymm12, %ymm11, %ymm0
-        vpandn	%ymm13, %ymm12, %ymm1
-        vpandn	%ymm14, %ymm13, %ymm2
-        vpandn	%ymm10, %ymm14, %ymm3
-        vpandn	%ymm11, %ymm10, %ymm4
-        vpxor	%ymm10, %ymm0, %ymm0
-        vpxor	%ymm11, %ymm1, %ymm1
-        vpxor	%ymm12, %ymm2, %ymm2
-        vpxor	%ymm13, %ymm3, %ymm3
-        vpxor	%ymm14, %ymm4, %ymm4
-        vmovdqu	%ymm0, (%rcx)
-        vmovdqu	%ymm1, 96(%rcx)
-        vmovdqu	%ymm2, 32(%rcx)
-        vmovdqu	%ymm3, 128(%rcx)
-        vmovdqu	%ymm4, 64(%rcx)
-        # Row 4
-        vpxor	-64(%rax), %ymm7, %ymm10
-        vpxor	32(%rax), %ymm8, %ymm11
-        vpxor	-32(%rax), %ymm9, %ymm12
-        vpxor	64(%rax), %ymm5, %ymm13
-        vpxor	(%rax), %ymm6, %ymm14
-        vpsrlq	$2, %ymm10, %ymm0
-        vpsrlq	$9, %ymm11, %ymm1
-        vpsrlq	$25, %ymm12, %ymm2
-        vpsrlq	$23, %ymm13, %ymm3
-        vpsrlq	$62, %ymm14, %ymm4
-        vpsllq	$62, %ymm10, %ymm10
-        vpsllq	$55, %ymm11, %ymm11
-        vpsllq	$39, %ymm12, %ymm12
-        vpsllq	$41, %ymm13, %ymm13
-        vpsllq	$2, %ymm14, %ymm14
-        vpor	%ymm0, %ymm10, %ymm10
-        vpor	%ymm1, %ymm11, %ymm11
-        vpor	%ymm2, %ymm12, %ymm12
-        vpor	%ymm3, %ymm13, %ymm13
-        vpor	%ymm4, %ymm14, %ymm14
-        vpandn	%ymm12, %ymm11, %ymm0
-        vpandn	%ymm13, %ymm12, %ymm1
-        vpandn	%ymm14, %ymm13, %ymm2
-        vpandn	%ymm10, %ymm14, %ymm3
-        vpandn	%ymm11, %ymm10, %ymm4
-        vpxor	%ymm10, %ymm0, %ymm0
-        vpxor	%ymm11, %ymm1, %ymm1
-        vpxor	%ymm12, %ymm2, %ymm2
-        vpxor	%ymm13, %ymm3, %ymm3
-        vpxor	%ymm14, %ymm4, %ymm4
-        vmovdqu	%ymm0, -64(%rax)
-        vmovdqu	%ymm1, 32(%rax)
-        vmovdqu	%ymm2, -32(%rax)
-        vmovdqu	%ymm3, 64(%rax)
-        vmovdqu	%ymm4, (%rax)
-        # Round 18
-        # Calc b[0..4]
-        vpxor	%ymm15, %ymm0, %ymm10
-        vpxor	-96(%rdi), %ymm2, %ymm12
-        vpxor	-64(%rdi), %ymm4, %ymm14
-        vpxor	-32(%rdi), %ymm1, %ymm11
-        vpxor	(%rdi), %ymm3, %ymm13
-        vpxor	32(%rdi), %ymm10, %ymm10
-        vpxor	64(%rdi), %ymm12, %ymm12
-        vpxor	96(%rdi), %ymm14, %ymm14
-        vpxor	128(%rdi), %ymm11, %ymm11
-        vpxor	-96(%rax), %ymm13, %ymm13
-        vpxor	96(%rax), %ymm10, %ymm10
-        vpxor	128(%rax), %ymm12, %ymm12
-        vpxor	-96(%rcx), %ymm14, %ymm14
-        vpxor	-64(%rcx), %ymm11, %ymm11
-        vpxor	-32(%rcx), %ymm13, %ymm13
-        vpxor	(%rcx), %ymm10, %ymm10
-        vpxor	32(%rcx), %ymm12, %ymm12
-        vpxor	64(%rcx), %ymm14, %ymm14
-        vpxor	96(%rcx), %ymm11, %ymm11
-        vpxor	128(%rcx), %ymm13, %ymm13
-        # Calc t[0..4]
-        vpsrlq	$63, %ymm11, %ymm0
-        vpsrlq	$63, %ymm12, %ymm1
-        vpsrlq	$63, %ymm13, %ymm2
-        vpsrlq	$63, %ymm14, %ymm3
-        vpsrlq	$63, %ymm10, %ymm4
-        vpaddq	%ymm11, %ymm11, %ymm5
-        vpaddq	%ymm12, %ymm12, %ymm6
-        vpaddq	%ymm13, %ymm13, %ymm7
-        vpaddq	%ymm14, %ymm14, %ymm8
-        vpaddq	%ymm10, %ymm10, %ymm9
-        vpor	%ymm0, %ymm5, %ymm5
-        vpor	%ymm1, %ymm6, %ymm6
-        vpor	%ymm2, %ymm7, %ymm7
-        vpor	%ymm3, %ymm8, %ymm8
-        vpor	%ymm4, %ymm9, %ymm9
-        vpxor	%ymm14, %ymm5, %ymm5
-        vpxor	%ymm10, %ymm6, %ymm6
-        vpxor	%ymm11, %ymm7, %ymm7
-        vpxor	%ymm12, %ymm8, %ymm8
-        vpxor	%ymm13, %ymm9, %ymm9
-        # Row Mix
-        # Row 0
-        vpxor	%ymm15, %ymm5, %ymm10
-        vpxor	-64(%rcx), %ymm6, %ymm11
-        vpxor	64(%rdi), %ymm7, %ymm12
-        vpxor	128(%rcx), %ymm8, %ymm13
-        vpxor	(%rax), %ymm9, %ymm14
-        vpsrlq	$20, %ymm11, %ymm0
-        vpsrlq	$21, %ymm12, %ymm1
-        vpsrlq	$43, %ymm13, %ymm2
-        vpsrlq	$50, %ymm14, %ymm3
-        vpsllq	$44, %ymm11, %ymm11
-        vpsllq	$43, %ymm12, %ymm12
-        vpsllq	$21, %ymm13, %ymm13
-        vpsllq	$14, %ymm14, %ymm14
-        vpor	%ymm0, %ymm11, %ymm11
-        vpor	%ymm1, %ymm12, %ymm12
-        vpor	%ymm2, %ymm13, %ymm13
-        vpor	%ymm3, %ymm14, %ymm14
-        vpandn	%ymm12, %ymm11, %ymm15
-        vpandn	%ymm13, %ymm12, %ymm1
-        vpandn	%ymm14, %ymm13, %ymm2
-        vpandn	%ymm10, %ymm14, %ymm3
-        vpandn	%ymm11, %ymm10, %ymm4
-        vpxor	%ymm10, %ymm15, %ymm15
-        vpxor	%ymm11, %ymm1, %ymm1
-        vpxor	%ymm12, %ymm2, %ymm2
-        # XOR in constant
-        vpxor	576(%rdx), %ymm15, %ymm15
-        vpxor	%ymm13, %ymm3, %ymm3
-        vpxor	%ymm14, %ymm4, %ymm4
-        vmovdqu	%ymm1, -64(%rcx)
-        vmovdqu	%ymm2, 64(%rdi)
-        vmovdqu	%ymm3, 128(%rcx)
-        vmovdqu	%ymm4, (%rax)
-        # Row 1
-        vpxor	(%rdi), %ymm8, %ymm10
-        vpxor	-96(%rcx), %ymm9, %ymm11
-        vpxor	32(%rdi), %ymm5, %ymm12
-        vpxor	96(%rcx), %ymm6, %ymm13
-        vpxor	-32(%rax), %ymm7, %ymm14
-        vpsrlq	$36, %ymm10, %ymm0
-        vpsrlq	$44, %ymm11, %ymm1
-        vpsrlq	$61, %ymm12, %ymm2
-        vpsrlq	$19, %ymm13, %ymm3
-        vpsrlq	$3, %ymm14, %ymm4
-        vpsllq	$28, %ymm10, %ymm10
-        vpsllq	$20, %ymm11, %ymm11
-        vpsllq	$3, %ymm12, %ymm12
-        vpsllq	$45, %ymm13, %ymm13
-        vpsllq	$61, %ymm14, %ymm14
-        vpor	%ymm0, %ymm10, %ymm10
-        vpor	%ymm1, %ymm11, %ymm11
-        vpor	%ymm2, %ymm12, %ymm12
-        vpor	%ymm3, %ymm13, %ymm13
-        vpor	%ymm4, %ymm14, %ymm14
-        vpandn	%ymm12, %ymm11, %ymm0
-        vpandn	%ymm13, %ymm12, %ymm1
-        vpandn	%ymm14, %ymm13, %ymm2
-        vpandn	%ymm10, %ymm14, %ymm3
-        vpandn	%ymm11, %ymm10, %ymm4
-        vpxor	%ymm10, %ymm0, %ymm0
-        vpxor	%ymm11, %ymm1, %ymm1
-        vpxor	%ymm12, %ymm2, %ymm2
-        vpxor	%ymm13, %ymm3, %ymm3
-        vpxor	%ymm14, %ymm4, %ymm4
-        vmovdqu	%ymm0, (%rdi)
-        vmovdqu	%ymm1, -96(%rcx)
-        vmovdqu	%ymm2, 32(%rdi)
-        vmovdqu	%ymm3, 96(%rcx)
-        vmovdqu	%ymm4, -32(%rax)
-        # Row 2
-        vpxor	-32(%rdi), %ymm6, %ymm10
-        vpxor	128(%rax), %ymm7, %ymm11
-        vpxor	-96(%rax), %ymm8, %ymm12
-        vpxor	64(%rcx), %ymm9, %ymm13
-        vpxor	-64(%rax), %ymm5, %ymm14
-        vpsrlq	$63, %ymm10, %ymm0
-        vpsrlq	$58, %ymm11, %ymm1
-        vpsrlq	$39, %ymm12, %ymm2
-        vpsrlq	$56, %ymm13, %ymm3
-        vpsrlq	$46, %ymm14, %ymm4
-        vpaddq	%ymm10, %ymm10, %ymm10
-        vpsllq	$6, %ymm11, %ymm11
-        vpsllq	$25, %ymm12, %ymm12
-        vpsllq	$8, %ymm13, %ymm13
-        vpsllq	$18, %ymm14, %ymm14
-        vpor	%ymm0, %ymm10, %ymm10
-        vpor	%ymm1, %ymm11, %ymm11
-        vpor	%ymm2, %ymm12, %ymm12
-        vpor	%ymm3, %ymm13, %ymm13
-        vpor	%ymm4, %ymm14, %ymm14
-        vpandn	%ymm12, %ymm11, %ymm0
-        vpandn	%ymm13, %ymm12, %ymm1
-        vpandn	%ymm14, %ymm13, %ymm2
-        vpandn	%ymm10, %ymm14, %ymm3
-        vpandn	%ymm11, %ymm10, %ymm4
-        vpxor	%ymm10, %ymm0, %ymm0
-        vpxor	%ymm11, %ymm1, %ymm1
-        vpxor	%ymm12, %ymm2, %ymm2
-        vpxor	%ymm13, %ymm3, %ymm3
-        vpxor	%ymm14, %ymm4, %ymm4
-        vmovdqu	%ymm0, -32(%rdi)
-        vmovdqu	%ymm1, 128(%rax)
-        vmovdqu	%ymm2, -96(%rax)
-        vmovdqu	%ymm3, 64(%rcx)
-        vmovdqu	%ymm4, -64(%rax)
-        # Row 3
-        vpxor	-64(%rdi), %ymm9, %ymm10
-        vpxor	96(%rax), %ymm5, %ymm11
-        vpxor	128(%rdi), %ymm6, %ymm12
-        vpxor	32(%rcx), %ymm7, %ymm13
-        vpxor	64(%rax), %ymm8, %ymm14
-        vpsrlq	$37, %ymm10, %ymm0
-        vpsrlq	$28, %ymm11, %ymm1
-        vpsrlq	$54, %ymm12, %ymm2
-        vpsrlq	$49, %ymm13, %ymm3
-        vpsrlq	$8, %ymm14, %ymm4
-        vpsllq	$27, %ymm10, %ymm10
-        vpsllq	$36, %ymm11, %ymm11
-        vpsllq	$10, %ymm12, %ymm12
-        vpsllq	$15, %ymm13, %ymm13
-        vpsllq	$56, %ymm14, %ymm14
-        vpor	%ymm0, %ymm10, %ymm10
-        vpor	%ymm1, %ymm11, %ymm11
-        vpor	%ymm2, %ymm12, %ymm12
-        vpor	%ymm3, %ymm13, %ymm13
-        vpor	%ymm4, %ymm14, %ymm14
-        vpandn	%ymm12, %ymm11, %ymm0
-        vpandn	%ymm13, %ymm12, %ymm1
-        vpandn	%ymm14, %ymm13, %ymm2
-        vpandn	%ymm10, %ymm14, %ymm3
-        vpandn	%ymm11, %ymm10, %ymm4
-        vpxor	%ymm10, %ymm0, %ymm0
-        vpxor	%ymm11, %ymm1, %ymm1
-        vpxor	%ymm12, %ymm2, %ymm2
-        vpxor	%ymm13, %ymm3, %ymm3
-        vpxor	%ymm14, %ymm4, %ymm4
-        vmovdqu	%ymm0, -64(%rdi)
-        vmovdqu	%ymm1, 96(%rax)
-        vmovdqu	%ymm2, 128(%rdi)
-        vmovdqu	%ymm3, 32(%rcx)
-        vmovdqu	%ymm4, 64(%rax)
-        # Row 4
-        vpxor	-96(%rdi), %ymm7, %ymm10
-        vpxor	-32(%rcx), %ymm8, %ymm11
-        vpxor	96(%rdi), %ymm9, %ymm12
-        vpxor	(%rcx), %ymm5, %ymm13
-        vpxor	32(%rax), %ymm6, %ymm14
-        vpsrlq	$2, %ymm10, %ymm0
-        vpsrlq	$9, %ymm11, %ymm1
-        vpsrlq	$25, %ymm12, %ymm2
-        vpsrlq	$23, %ymm13, %ymm3
-        vpsrlq	$62, %ymm14, %ymm4
-        vpsllq	$62, %ymm10, %ymm10
-        vpsllq	$55, %ymm11, %ymm11
-        vpsllq	$39, %ymm12, %ymm12
-        vpsllq	$41, %ymm13, %ymm13
-        vpsllq	$2, %ymm14, %ymm14
-        vpor	%ymm0, %ymm10, %ymm10
-        vpor	%ymm1, %ymm11, %ymm11
-        vpor	%ymm2, %ymm12, %ymm12
-        vpor	%ymm3, %ymm13, %ymm13
-        vpor	%ymm4, %ymm14, %ymm14
-        vpandn	%ymm12, %ymm11, %ymm0
-        vpandn	%ymm13, %ymm12, %ymm1
-        vpandn	%ymm14, %ymm13, %ymm2
-        vpandn	%ymm10, %ymm14, %ymm3
-        vpandn	%ymm11, %ymm10, %ymm4
-        vpxor	%ymm10, %ymm0, %ymm0
-        vpxor	%ymm11, %ymm1, %ymm1
-        vpxor	%ymm12, %ymm2, %ymm2
-        vpxor	%ymm13, %ymm3, %ymm3
-        vpxor	%ymm14, %ymm4, %ymm4
-        vmovdqu	%ymm0, -96(%rdi)
-        vmovdqu	%ymm1, -32(%rcx)
-        vmovdqu	%ymm2, 96(%rdi)
-        vmovdqu	%ymm3, (%rcx)
-        vmovdqu	%ymm4, 32(%rax)
-        # Round 19
-        # Calc b[0..4]
-        vpxor	%ymm15, %ymm0, %ymm10
-        vpxor	-64(%rdi), %ymm10, %ymm10
-        vpxor	-32(%rdi), %ymm10, %ymm10
-        vpxor	(%rdi), %ymm10, %ymm10
-        vpxor	32(%rdi), %ymm2, %ymm12
-        vpxor	64(%rdi), %ymm12, %ymm12
-        vpxor	128(%rdi), %ymm12, %ymm12
-        vpxor	-96(%rax), %ymm12, %ymm12
-        vpxor	-64(%rax), %ymm4, %ymm14
-        vpxor	-32(%rax), %ymm14, %ymm14
-        vpxor	(%rax), %ymm14, %ymm14
-        vpxor	64(%rax), %ymm14, %ymm14
-        vpxor	96(%rax), %ymm1, %ymm11
-        vpxor	128(%rax), %ymm11, %ymm11
-        vpxor	-96(%rcx), %ymm11, %ymm11
-        vpxor	-64(%rcx), %ymm11, %ymm11
-        vpxor	32(%rcx), %ymm3, %ymm13
-        vpxor	64(%rcx), %ymm13, %ymm13
-        vpxor	96(%rcx), %ymm13, %ymm13
-        vpxor	128(%rcx), %ymm13, %ymm13
-        # Calc t[0..4]
-        vpsrlq	$63, %ymm11, %ymm0
-        vpsrlq	$63, %ymm12, %ymm1
-        vpsrlq	$63, %ymm13, %ymm2
-        vpsrlq	$63, %ymm14, %ymm3
-        vpsrlq	$63, %ymm10, %ymm4
-        vpaddq	%ymm11, %ymm11, %ymm5
-        vpaddq	%ymm12, %ymm12, %ymm6
-        vpaddq	%ymm13, %ymm13, %ymm7
-        vpaddq	%ymm14, %ymm14, %ymm8
-        vpaddq	%ymm10, %ymm10, %ymm9
-        vpor	%ymm0, %ymm5, %ymm5
-        vpor	%ymm1, %ymm6, %ymm6
-        vpor	%ymm2, %ymm7, %ymm7
-        vpor	%ymm3, %ymm8, %ymm8
-        vpor	%ymm4, %ymm9, %ymm9
-        vpxor	%ymm14, %ymm5, %ymm5
-        vpxor	%ymm10, %ymm6, %ymm6
-        vpxor	%ymm11, %ymm7, %ymm7
-        vpxor	%ymm12, %ymm8, %ymm8
-        vpxor	%ymm13, %ymm9, %ymm9
-        # Row Mix
-        # Row 0
-        vpxor	%ymm15, %ymm5, %ymm10
-        vpxor	-96(%rcx), %ymm6, %ymm11
-        vpxor	-96(%rax), %ymm7, %ymm12
-        vpxor	32(%rcx), %ymm8, %ymm13
-        vpxor	32(%rax), %ymm9, %ymm14
-        vpsrlq	$20, %ymm11, %ymm0
-        vpsrlq	$21, %ymm12, %ymm1
-        vpsrlq	$43, %ymm13, %ymm2
-        vpsrlq	$50, %ymm14, %ymm3
-        vpsllq	$44, %ymm11, %ymm11
-        vpsllq	$43, %ymm12, %ymm12
-        vpsllq	$21, %ymm13, %ymm13
-        vpsllq	$14, %ymm14, %ymm14
-        vpor	%ymm0, %ymm11, %ymm11
-        vpor	%ymm1, %ymm12, %ymm12
-        vpor	%ymm2, %ymm13, %ymm13
-        vpor	%ymm3, %ymm14, %ymm14
-        vpandn	%ymm12, %ymm11, %ymm15
-        vpandn	%ymm13, %ymm12, %ymm1
-        vpandn	%ymm14, %ymm13, %ymm2
-        vpandn	%ymm10, %ymm14, %ymm3
-        vpandn	%ymm11, %ymm10, %ymm4
-        vpxor	%ymm10, %ymm15, %ymm15
-        vpxor	%ymm11, %ymm1, %ymm1
-        vpxor	%ymm12, %ymm2, %ymm2
-        # XOR in constant
-        vpxor	608(%rdx), %ymm15, %ymm15
-        vpxor	%ymm13, %ymm3, %ymm3
-        vpxor	%ymm14, %ymm4, %ymm4
-        vmovdqu	%ymm1, -96(%rcx)
-        vmovdqu	%ymm2, -96(%rax)
-        vmovdqu	%ymm3, 32(%rcx)
-        vmovdqu	%ymm4, 32(%rax)
-        # Row 1
-        vpxor	128(%rcx), %ymm8, %ymm10
-        vpxor	-32(%rax), %ymm9, %ymm11
-        vpxor	-32(%rdi), %ymm5, %ymm12
-        vpxor	96(%rax), %ymm6, %ymm13
-        vpxor	96(%rdi), %ymm7, %ymm14
-        vpsrlq	$36, %ymm10, %ymm0
-        vpsrlq	$44, %ymm11, %ymm1
-        vpsrlq	$61, %ymm12, %ymm2
-        vpsrlq	$19, %ymm13, %ymm3
-        vpsrlq	$3, %ymm14, %ymm4
-        vpsllq	$28, %ymm10, %ymm10
-        vpsllq	$20, %ymm11, %ymm11
-        vpsllq	$3, %ymm12, %ymm12
-        vpsllq	$45, %ymm13, %ymm13
-        vpsllq	$61, %ymm14, %ymm14
-        vpor	%ymm0, %ymm10, %ymm10
-        vpor	%ymm1, %ymm11, %ymm11
-        vpor	%ymm2, %ymm12, %ymm12
-        vpor	%ymm3, %ymm13, %ymm13
-        vpor	%ymm4, %ymm14, %ymm14
-        vpandn	%ymm12, %ymm11, %ymm0
-        vpandn	%ymm13, %ymm12, %ymm1
-        vpandn	%ymm14, %ymm13, %ymm2
-        vpandn	%ymm10, %ymm14, %ymm3
-        vpandn	%ymm11, %ymm10, %ymm4
-        vpxor	%ymm10, %ymm0, %ymm0
-        vpxor	%ymm11, %ymm1, %ymm1
-        vpxor	%ymm12, %ymm2, %ymm2
-        vpxor	%ymm13, %ymm3, %ymm3
-        vpxor	%ymm14, %ymm4, %ymm4
-        vmovdqu	%ymm0, 128(%rcx)
-        vmovdqu	%ymm1, -32(%rax)
-        vmovdqu	%ymm2, -32(%rdi)
-        vmovdqu	%ymm3, 96(%rax)
-        vmovdqu	%ymm4, 96(%rdi)
-        # Row 2
-        vpxor	-64(%rcx), %ymm6, %ymm10
-        vpxor	32(%rdi), %ymm7, %ymm11
-        vpxor	64(%rcx), %ymm8, %ymm12
-        vpxor	64(%rax), %ymm9, %ymm13
-        vpxor	-96(%rdi), %ymm5, %ymm14
-        vpsrlq	$63, %ymm10, %ymm0
-        vpsrlq	$58, %ymm11, %ymm1
-        vpsrlq	$39, %ymm12, %ymm2
-        vpsrlq	$56, %ymm13, %ymm3
-        vpsrlq	$46, %ymm14, %ymm4
-        vpaddq	%ymm10, %ymm10, %ymm10
-        vpsllq	$6, %ymm11, %ymm11
-        vpsllq	$25, %ymm12, %ymm12
-        vpsllq	$8, %ymm13, %ymm13
-        vpsllq	$18, %ymm14, %ymm14
-        vpor	%ymm0, %ymm10, %ymm10
-        vpor	%ymm1, %ymm11, %ymm11
-        vpor	%ymm2, %ymm12, %ymm12
-        vpor	%ymm3, %ymm13, %ymm13
-        vpor	%ymm4, %ymm14, %ymm14
-        vpandn	%ymm12, %ymm11, %ymm0
-        vpandn	%ymm13, %ymm12, %ymm1
-        vpandn	%ymm14, %ymm13, %ymm2
-        vpandn	%ymm10, %ymm14, %ymm3
-        vpandn	%ymm11, %ymm10, %ymm4
-        vpxor	%ymm10, %ymm0, %ymm0
-        vpxor	%ymm11, %ymm1, %ymm1
-        vpxor	%ymm12, %ymm2, %ymm2
-        vpxor	%ymm13, %ymm3, %ymm3
-        vpxor	%ymm14, %ymm4, %ymm4
-        vmovdqu	%ymm0, -64(%rcx)
-        vmovdqu	%ymm1, 32(%rdi)
-        vmovdqu	%ymm2, 64(%rcx)
-        vmovdqu	%ymm3, 64(%rax)
-        vmovdqu	%ymm4, -96(%rdi)
-        # Row 3
-        vpxor	(%rax), %ymm9, %ymm10
-        vpxor	(%rdi), %ymm5, %ymm11
-        vpxor	128(%rax), %ymm6, %ymm12
-        vpxor	128(%rdi), %ymm7, %ymm13
-        vpxor	(%rcx), %ymm8, %ymm14
-        vpsrlq	$37, %ymm10, %ymm0
-        vpsrlq	$28, %ymm11, %ymm1
-        vpsrlq	$54, %ymm12, %ymm2
-        vpsrlq	$49, %ymm13, %ymm3
-        vpsrlq	$8, %ymm14, %ymm4
-        vpsllq	$27, %ymm10, %ymm10
-        vpsllq	$36, %ymm11, %ymm11
-        vpsllq	$10, %ymm12, %ymm12
-        vpsllq	$15, %ymm13, %ymm13
-        vpsllq	$56, %ymm14, %ymm14
-        vpor	%ymm0, %ymm10, %ymm10
-        vpor	%ymm1, %ymm11, %ymm11
-        vpor	%ymm2, %ymm12, %ymm12
-        vpor	%ymm3, %ymm13, %ymm13
-        vpor	%ymm4, %ymm14, %ymm14
-        vpandn	%ymm12, %ymm11, %ymm0
-        vpandn	%ymm13, %ymm12, %ymm1
-        vpandn	%ymm14, %ymm13, %ymm2
-        vpandn	%ymm10, %ymm14, %ymm3
-        vpandn	%ymm11, %ymm10, %ymm4
-        vpxor	%ymm10, %ymm0, %ymm0
-        vpxor	%ymm11, %ymm1, %ymm1
-        vpxor	%ymm12, %ymm2, %ymm2
-        vpxor	%ymm13, %ymm3, %ymm3
-        vpxor	%ymm14, %ymm4, %ymm4
-        vmovdqu	%ymm0, (%rax)
-        vmovdqu	%ymm1, (%rdi)
-        vmovdqu	%ymm2, 128(%rax)
-        vmovdqu	%ymm3, 128(%rdi)
-        vmovdqu	%ymm4, (%rcx)
-        # Row 4
-        vpxor	64(%rdi), %ymm7, %ymm10
-        vpxor	96(%rcx), %ymm8, %ymm11
-        vpxor	-64(%rax), %ymm9, %ymm12
-        vpxor	-64(%rdi), %ymm5, %ymm13
-        vpxor	-32(%rcx), %ymm6, %ymm14
-        vpsrlq	$2, %ymm10, %ymm0
-        vpsrlq	$9, %ymm11, %ymm1
-        vpsrlq	$25, %ymm12, %ymm2
-        vpsrlq	$23, %ymm13, %ymm3
-        vpsrlq	$62, %ymm14, %ymm4
-        vpsllq	$62, %ymm10, %ymm10
-        vpsllq	$55, %ymm11, %ymm11
-        vpsllq	$39, %ymm12, %ymm12
-        vpsllq	$41, %ymm13, %ymm13
-        vpsllq	$2, %ymm14, %ymm14
-        vpor	%ymm0, %ymm10, %ymm10
-        vpor	%ymm1, %ymm11, %ymm11
-        vpor	%ymm2, %ymm12, %ymm12
-        vpor	%ymm3, %ymm13, %ymm13
-        vpor	%ymm4, %ymm14, %ymm14
-        vpandn	%ymm12, %ymm11, %ymm0
-        vpandn	%ymm13, %ymm12, %ymm1
-        vpandn	%ymm14, %ymm13, %ymm2
-        vpandn	%ymm10, %ymm14, %ymm3
-        vpandn	%ymm11, %ymm10, %ymm4
-        vpxor	%ymm10, %ymm0, %ymm0
-        vpxor	%ymm11, %ymm1, %ymm1
-        vpxor	%ymm12, %ymm2, %ymm2
-        vpxor	%ymm13, %ymm3, %ymm3
-        vpxor	%ymm14, %ymm4, %ymm4
-        vmovdqu	%ymm0, 64(%rdi)
-        vmovdqu	%ymm1, 96(%rcx)
-        vmovdqu	%ymm2, -64(%rax)
-        vmovdqu	%ymm3, -64(%rdi)
-        vmovdqu	%ymm4, -32(%rcx)
-        # Round 20
-        # Calc b[0..4]
-        vpxor	%ymm15, %ymm0, %ymm10
-        vpxor	-96(%rdi), %ymm4, %ymm14
-        vpxor	-32(%rdi), %ymm2, %ymm12
-        vpxor	(%rdi), %ymm1, %ymm11
-        vpxor	32(%rdi), %ymm11, %ymm11
-        vpxor	96(%rdi), %ymm14, %ymm14
-        vpxor	128(%rdi), %ymm3, %ymm13
-        vpxor	-96(%rax), %ymm12, %ymm12
-        vpxor	-32(%rax), %ymm11, %ymm11
-        vpxor	(%rax), %ymm10, %ymm10
-        vpxor	32(%rax), %ymm14, %ymm14
-        vpxor	64(%rax), %ymm13, %ymm13
-        vpxor	96(%rax), %ymm13, %ymm13
-        vpxor	128(%rax), %ymm12, %ymm12
-        vpxor	-96(%rcx), %ymm11, %ymm11
-        vpxor	-64(%rcx), %ymm10, %ymm10
-        vpxor	(%rcx), %ymm14, %ymm14
-        vpxor	32(%rcx), %ymm13, %ymm13
-        vpxor	64(%rcx), %ymm12, %ymm12
-        vpxor	128(%rcx), %ymm10, %ymm10
-        # Calc t[0..4]
-        vpsrlq	$63, %ymm11, %ymm0
-        vpsrlq	$63, %ymm12, %ymm1
-        vpsrlq	$63, %ymm13, %ymm2
-        vpsrlq	$63, %ymm14, %ymm3
-        vpsrlq	$63, %ymm10, %ymm4
-        vpaddq	%ymm11, %ymm11, %ymm5
-        vpaddq	%ymm12, %ymm12, %ymm6
-        vpaddq	%ymm13, %ymm13, %ymm7
-        vpaddq	%ymm14, %ymm14, %ymm8
-        vpaddq	%ymm10, %ymm10, %ymm9
-        vpor	%ymm0, %ymm5, %ymm5
-        vpor	%ymm1, %ymm6, %ymm6
-        vpor	%ymm2, %ymm7, %ymm7
-        vpor	%ymm3, %ymm8, %ymm8
-        vpor	%ymm4, %ymm9, %ymm9
-        vpxor	%ymm14, %ymm5, %ymm5
-        vpxor	%ymm10, %ymm6, %ymm6
-        vpxor	%ymm11, %ymm7, %ymm7
-        vpxor	%ymm12, %ymm8, %ymm8
-        vpxor	%ymm13, %ymm9, %ymm9
-        # Row Mix
-        # Row 0
-        vpxor	%ymm15, %ymm5, %ymm10
-        vpxor	-32(%rax), %ymm6, %ymm11
-        vpxor	64(%rcx), %ymm7, %ymm12
-        vpxor	128(%rdi), %ymm8, %ymm13
-        vpxor	-32(%rcx), %ymm9, %ymm14
-        vpsrlq	$20, %ymm11, %ymm0
-        vpsrlq	$21, %ymm12, %ymm1
-        vpsrlq	$43, %ymm13, %ymm2
-        vpsrlq	$50, %ymm14, %ymm3
-        vpsllq	$44, %ymm11, %ymm11
-        vpsllq	$43, %ymm12, %ymm12
-        vpsllq	$21, %ymm13, %ymm13
-        vpsllq	$14, %ymm14, %ymm14
-        vpor	%ymm0, %ymm11, %ymm11
-        vpor	%ymm1, %ymm12, %ymm12
-        vpor	%ymm2, %ymm13, %ymm13
-        vpor	%ymm3, %ymm14, %ymm14
-        vpandn	%ymm12, %ymm11, %ymm15
-        vpandn	%ymm13, %ymm12, %ymm1
-        vpandn	%ymm14, %ymm13, %ymm2
-        vpandn	%ymm10, %ymm14, %ymm3
-        vpandn	%ymm11, %ymm10, %ymm4
-        vpxor	%ymm10, %ymm15, %ymm15
-        vpxor	%ymm11, %ymm1, %ymm1
-        vpxor	%ymm12, %ymm2, %ymm2
-        # XOR in constant
-        vpxor	640(%rdx), %ymm15, %ymm15
-        vpxor	%ymm13, %ymm3, %ymm3
-        vpxor	%ymm14, %ymm4, %ymm4
-        vmovdqu	%ymm1, -32(%rax)
-        vmovdqu	%ymm2, 64(%rcx)
-        vmovdqu	%ymm3, 128(%rdi)
-        vmovdqu	%ymm4, -32(%rcx)
-        # Row 1
-        vpxor	32(%rcx), %ymm8, %ymm10
-        vpxor	96(%rdi), %ymm9, %ymm11
-        vpxor	-64(%rcx), %ymm5, %ymm12
-        vpxor	(%rdi), %ymm6, %ymm13
-        vpxor	-64(%rax), %ymm7, %ymm14
-        vpsrlq	$36, %ymm10, %ymm0
-        vpsrlq	$44, %ymm11, %ymm1
-        vpsrlq	$61, %ymm12, %ymm2
-        vpsrlq	$19, %ymm13, %ymm3
-        vpsrlq	$3, %ymm14, %ymm4
-        vpsllq	$28, %ymm10, %ymm10
-        vpsllq	$20, %ymm11, %ymm11
-        vpsllq	$3, %ymm12, %ymm12
-        vpsllq	$45, %ymm13, %ymm13
-        vpsllq	$61, %ymm14, %ymm14
-        vpor	%ymm0, %ymm10, %ymm10
-        vpor	%ymm1, %ymm11, %ymm11
-        vpor	%ymm2, %ymm12, %ymm12
-        vpor	%ymm3, %ymm13, %ymm13
-        vpor	%ymm4, %ymm14, %ymm14
-        vpandn	%ymm12, %ymm11, %ymm0
-        vpandn	%ymm13, %ymm12, %ymm1
-        vpandn	%ymm14, %ymm13, %ymm2
-        vpandn	%ymm10, %ymm14, %ymm3
-        vpandn	%ymm11, %ymm10, %ymm4
-        vpxor	%ymm10, %ymm0, %ymm0
-        vpxor	%ymm11, %ymm1, %ymm1
-        vpxor	%ymm12, %ymm2, %ymm2
-        vpxor	%ymm13, %ymm3, %ymm3
-        vpxor	%ymm14, %ymm4, %ymm4
-        vmovdqu	%ymm0, 32(%rcx)
-        vmovdqu	%ymm1, 96(%rdi)
-        vmovdqu	%ymm2, -64(%rcx)
-        vmovdqu	%ymm3, (%rdi)
-        vmovdqu	%ymm4, -64(%rax)
-        # Row 2
-        vpxor	-96(%rcx), %ymm6, %ymm10
-        vpxor	-32(%rdi), %ymm7, %ymm11
-        vpxor	64(%rax), %ymm8, %ymm12
-        vpxor	(%rcx), %ymm9, %ymm13
-        vpxor	64(%rdi), %ymm5, %ymm14
-        vpsrlq	$63, %ymm10, %ymm0
-        vpsrlq	$58, %ymm11, %ymm1
-        vpsrlq	$39, %ymm12, %ymm2
-        vpsrlq	$56, %ymm13, %ymm3
-        vpsrlq	$46, %ymm14, %ymm4
-        vpaddq	%ymm10, %ymm10, %ymm10
-        vpsllq	$6, %ymm11, %ymm11
-        vpsllq	$25, %ymm12, %ymm12
-        vpsllq	$8, %ymm13, %ymm13
-        vpsllq	$18, %ymm14, %ymm14
-        vpor	%ymm0, %ymm10, %ymm10
-        vpor	%ymm1, %ymm11, %ymm11
-        vpor	%ymm2, %ymm12, %ymm12
-        vpor	%ymm3, %ymm13, %ymm13
-        vpor	%ymm4, %ymm14, %ymm14
-        vpandn	%ymm12, %ymm11, %ymm0
-        vpandn	%ymm13, %ymm12, %ymm1
-        vpandn	%ymm14, %ymm13, %ymm2
-        vpandn	%ymm10, %ymm14, %ymm3
-        vpandn	%ymm11, %ymm10, %ymm4
-        vpxor	%ymm10, %ymm0, %ymm0
-        vpxor	%ymm11, %ymm1, %ymm1
-        vpxor	%ymm12, %ymm2, %ymm2
-        vpxor	%ymm13, %ymm3, %ymm3
-        vpxor	%ymm14, %ymm4, %ymm4
-        vmovdqu	%ymm0, -96(%rcx)
-        vmovdqu	%ymm1, -32(%rdi)
-        vmovdqu	%ymm2, 64(%rax)
-        vmovdqu	%ymm3, (%rcx)
-        vmovdqu	%ymm4, 64(%rdi)
-        # Row 3
-        vpxor	32(%rax), %ymm9, %ymm10
-        vpxor	128(%rcx), %ymm5, %ymm11
-        vpxor	32(%rdi), %ymm6, %ymm12
-        vpxor	128(%rax), %ymm7, %ymm13
-        vpxor	-64(%rdi), %ymm8, %ymm14
-        vpsrlq	$37, %ymm10, %ymm0
-        vpsrlq	$28, %ymm11, %ymm1
-        vpsrlq	$54, %ymm12, %ymm2
-        vpsrlq	$49, %ymm13, %ymm3
-        vpsrlq	$8, %ymm14, %ymm4
-        vpsllq	$27, %ymm10, %ymm10
-        vpsllq	$36, %ymm11, %ymm11
-        vpsllq	$10, %ymm12, %ymm12
-        vpsllq	$15, %ymm13, %ymm13
-        vpsllq	$56, %ymm14, %ymm14
-        vpor	%ymm0, %ymm10, %ymm10
-        vpor	%ymm1, %ymm11, %ymm11
-        vpor	%ymm2, %ymm12, %ymm12
-        vpor	%ymm3, %ymm13, %ymm13
-        vpor	%ymm4, %ymm14, %ymm14
-        vpandn	%ymm12, %ymm11, %ymm0
-        vpandn	%ymm13, %ymm12, %ymm1
-        vpandn	%ymm14, %ymm13, %ymm2
-        vpandn	%ymm10, %ymm14, %ymm3
-        vpandn	%ymm11, %ymm10, %ymm4
-        vpxor	%ymm10, %ymm0, %ymm0
-        vpxor	%ymm11, %ymm1, %ymm1
-        vpxor	%ymm12, %ymm2, %ymm2
-        vpxor	%ymm13, %ymm3, %ymm3
-        vpxor	%ymm14, %ymm4, %ymm4
-        vmovdqu	%ymm0, 32(%rax)
-        vmovdqu	%ymm1, 128(%rcx)
-        vmovdqu	%ymm2, 32(%rdi)
-        vmovdqu	%ymm3, 128(%rax)
-        vmovdqu	%ymm4, -64(%rdi)
-        # Row 4
-        vpxor	-96(%rax), %ymm7, %ymm10
-        vpxor	96(%rax), %ymm8, %ymm11
-        vpxor	-96(%rdi), %ymm9, %ymm12
-        vpxor	(%rax), %ymm5, %ymm13
-        vpxor	96(%rcx), %ymm6, %ymm14
-        vpsrlq	$2, %ymm10, %ymm0
-        vpsrlq	$9, %ymm11, %ymm1
-        vpsrlq	$25, %ymm12, %ymm2
-        vpsrlq	$23, %ymm13, %ymm3
-        vpsrlq	$62, %ymm14, %ymm4
-        vpsllq	$62, %ymm10, %ymm10
-        vpsllq	$55, %ymm11, %ymm11
-        vpsllq	$39, %ymm12, %ymm12
-        vpsllq	$41, %ymm13, %ymm13
-        vpsllq	$2, %ymm14, %ymm14
-        vpor	%ymm0, %ymm10, %ymm10
-        vpor	%ymm1, %ymm11, %ymm11
-        vpor	%ymm2, %ymm12, %ymm12
-        vpor	%ymm3, %ymm13, %ymm13
-        vpor	%ymm4, %ymm14, %ymm14
-        vpandn	%ymm12, %ymm11, %ymm0
-        vpandn	%ymm13, %ymm12, %ymm1
-        vpandn	%ymm14, %ymm13, %ymm2
-        vpandn	%ymm10, %ymm14, %ymm3
-        vpandn	%ymm11, %ymm10, %ymm4
-        vpxor	%ymm10, %ymm0, %ymm0
-        vpxor	%ymm11, %ymm1, %ymm1
-        vpxor	%ymm12, %ymm2, %ymm2
-        vpxor	%ymm13, %ymm3, %ymm3
-        vpxor	%ymm14, %ymm4, %ymm4
-        vmovdqu	%ymm0, -96(%rax)
-        vmovdqu	%ymm1, 96(%rax)
-        vmovdqu	%ymm2, -96(%rdi)
-        vmovdqu	%ymm3, (%rax)
-        vmovdqu	%ymm4, 96(%rcx)
-        # Round 21
-        # Calc b[0..4]
-        vpxor	%ymm15, %ymm0, %ymm10
-        vpxor	-64(%rdi), %ymm4, %ymm14
-        vpxor	-32(%rdi), %ymm1, %ymm11
-        vpxor	(%rdi), %ymm3, %ymm13
-        vpxor	32(%rdi), %ymm2, %ymm12
-        vpxor	64(%rdi), %ymm14, %ymm14
-        vpxor	96(%rdi), %ymm11, %ymm11
-        vpxor	128(%rdi), %ymm13, %ymm13
-        vpxor	-64(%rax), %ymm14, %ymm14
-        vpxor	-32(%rax), %ymm11, %ymm11
-        vpxor	32(%rax), %ymm10, %ymm10
-        vpxor	64(%rax), %ymm12, %ymm12
-        vpxor	128(%rax), %ymm13, %ymm13
-        vpxor	-96(%rcx), %ymm10, %ymm10
-        vpxor	-64(%rcx), %ymm12, %ymm12
-        vpxor	-32(%rcx), %ymm14, %ymm14
-        vpxor	(%rcx), %ymm13, %ymm13
-        vpxor	32(%rcx), %ymm10, %ymm10
-        vpxor	64(%rcx), %ymm12, %ymm12
-        vpxor	128(%rcx), %ymm11, %ymm11
-        # Calc t[0..4]
-        vpsrlq	$63, %ymm11, %ymm0
-        vpsrlq	$63, %ymm12, %ymm1
-        vpsrlq	$63, %ymm13, %ymm2
-        vpsrlq	$63, %ymm14, %ymm3
-        vpsrlq	$63, %ymm10, %ymm4
-        vpaddq	%ymm11, %ymm11, %ymm5
-        vpaddq	%ymm12, %ymm12, %ymm6
-        vpaddq	%ymm13, %ymm13, %ymm7
-        vpaddq	%ymm14, %ymm14, %ymm8
-        vpaddq	%ymm10, %ymm10, %ymm9
-        vpor	%ymm0, %ymm5, %ymm5
-        vpor	%ymm1, %ymm6, %ymm6
-        vpor	%ymm2, %ymm7, %ymm7
-        vpor	%ymm3, %ymm8, %ymm8
-        vpor	%ymm4, %ymm9, %ymm9
-        vpxor	%ymm14, %ymm5, %ymm5
-        vpxor	%ymm10, %ymm6, %ymm6
-        vpxor	%ymm11, %ymm7, %ymm7
-        vpxor	%ymm12, %ymm8, %ymm8
-        vpxor	%ymm13, %ymm9, %ymm9
-        # Row Mix
-        # Row 0
-        vpxor	%ymm15, %ymm5, %ymm10
-        vpxor	96(%rdi), %ymm6, %ymm11
-        vpxor	64(%rax), %ymm7, %ymm12
-        vpxor	128(%rax), %ymm8, %ymm13
-        vpxor	96(%rcx), %ymm9, %ymm14
-        vpsrlq	$20, %ymm11, %ymm0
-        vpsrlq	$21, %ymm12, %ymm1
-        vpsrlq	$43, %ymm13, %ymm2
-        vpsrlq	$50, %ymm14, %ymm3
-        vpsllq	$44, %ymm11, %ymm11
-        vpsllq	$43, %ymm12, %ymm12
-        vpsllq	$21, %ymm13, %ymm13
-        vpsllq	$14, %ymm14, %ymm14
-        vpor	%ymm0, %ymm11, %ymm11
-        vpor	%ymm1, %ymm12, %ymm12
-        vpor	%ymm2, %ymm13, %ymm13
-        vpor	%ymm3, %ymm14, %ymm14
-        vpandn	%ymm12, %ymm11, %ymm15
-        vpandn	%ymm13, %ymm12, %ymm1
-        vpandn	%ymm14, %ymm13, %ymm2
-        vpandn	%ymm10, %ymm14, %ymm3
-        vpandn	%ymm11, %ymm10, %ymm4
-        vpxor	%ymm10, %ymm15, %ymm15
-        vpxor	%ymm11, %ymm1, %ymm1
-        vpxor	%ymm12, %ymm2, %ymm2
-        # XOR in constant
-        vpxor	672(%rdx), %ymm15, %ymm15
-        vpxor	%ymm13, %ymm3, %ymm3
-        vpxor	%ymm14, %ymm4, %ymm4
-        vmovdqu	%ymm1, 96(%rdi)
-        vmovdqu	%ymm2, 64(%rax)
-        vmovdqu	%ymm3, 128(%rax)
-        vmovdqu	%ymm4, 96(%rcx)
-        # Row 1
-        vpxor	128(%rdi), %ymm8, %ymm10
-        vpxor	-64(%rax), %ymm9, %ymm11
-        vpxor	-96(%rcx), %ymm5, %ymm12
-        vpxor	128(%rcx), %ymm6, %ymm13
-        vpxor	-96(%rdi), %ymm7, %ymm14
-        vpsrlq	$36, %ymm10, %ymm0
-        vpsrlq	$44, %ymm11, %ymm1
-        vpsrlq	$61, %ymm12, %ymm2
-        vpsrlq	$19, %ymm13, %ymm3
-        vpsrlq	$3, %ymm14, %ymm4
-        vpsllq	$28, %ymm10, %ymm10
-        vpsllq	$20, %ymm11, %ymm11
-        vpsllq	$3, %ymm12, %ymm12
-        vpsllq	$45, %ymm13, %ymm13
-        vpsllq	$61, %ymm14, %ymm14
-        vpor	%ymm0, %ymm10, %ymm10
-        vpor	%ymm1, %ymm11, %ymm11
-        vpor	%ymm2, %ymm12, %ymm12
-        vpor	%ymm3, %ymm13, %ymm13
-        vpor	%ymm4, %ymm14, %ymm14
-        vpandn	%ymm12, %ymm11, %ymm0
-        vpandn	%ymm13, %ymm12, %ymm1
-        vpandn	%ymm14, %ymm13, %ymm2
-        vpandn	%ymm10, %ymm14, %ymm3
-        vpandn	%ymm11, %ymm10, %ymm4
-        vpxor	%ymm10, %ymm0, %ymm0
-        vpxor	%ymm11, %ymm1, %ymm1
-        vpxor	%ymm12, %ymm2, %ymm2
-        vpxor	%ymm13, %ymm3, %ymm3
-        vpxor	%ymm14, %ymm4, %ymm4
-        vmovdqu	%ymm0, 128(%rdi)
-        vmovdqu	%ymm1, -64(%rax)
-        vmovdqu	%ymm2, -96(%rcx)
-        vmovdqu	%ymm3, 128(%rcx)
-        vmovdqu	%ymm4, -96(%rdi)
-        # Row 2
-        vpxor	-32(%rax), %ymm6, %ymm10
-        vpxor	-64(%rcx), %ymm7, %ymm11
-        vpxor	(%rcx), %ymm8, %ymm12
-        vpxor	-64(%rdi), %ymm9, %ymm13
-        vpxor	-96(%rax), %ymm5, %ymm14
-        vpsrlq	$63, %ymm10, %ymm0
-        vpsrlq	$58, %ymm11, %ymm1
-        vpsrlq	$39, %ymm12, %ymm2
-        vpsrlq	$56, %ymm13, %ymm3
-        vpsrlq	$46, %ymm14, %ymm4
-        vpaddq	%ymm10, %ymm10, %ymm10
-        vpsllq	$6, %ymm11, %ymm11
-        vpsllq	$25, %ymm12, %ymm12
-        vpsllq	$8, %ymm13, %ymm13
-        vpsllq	$18, %ymm14, %ymm14
-        vpor	%ymm0, %ymm10, %ymm10
-        vpor	%ymm1, %ymm11, %ymm11
-        vpor	%ymm2, %ymm12, %ymm12
-        vpor	%ymm3, %ymm13, %ymm13
-        vpor	%ymm4, %ymm14, %ymm14
-        vpandn	%ymm12, %ymm11, %ymm0
-        vpandn	%ymm13, %ymm12, %ymm1
-        vpandn	%ymm14, %ymm13, %ymm2
-        vpandn	%ymm10, %ymm14, %ymm3
-        vpandn	%ymm11, %ymm10, %ymm4
-        vpxor	%ymm10, %ymm0, %ymm0
-        vpxor	%ymm11, %ymm1, %ymm1
-        vpxor	%ymm12, %ymm2, %ymm2
-        vpxor	%ymm13, %ymm3, %ymm3
-        vpxor	%ymm14, %ymm4, %ymm4
-        vmovdqu	%ymm0, -32(%rax)
-        vmovdqu	%ymm1, -64(%rcx)
-        vmovdqu	%ymm2, (%rcx)
-        vmovdqu	%ymm3, -64(%rdi)
-        vmovdqu	%ymm4, -96(%rax)
-        # Row 3
-        vpxor	-32(%rcx), %ymm9, %ymm10
-        vpxor	32(%rcx), %ymm5, %ymm11
-        vpxor	-32(%rdi), %ymm6, %ymm12
-        vpxor	32(%rdi), %ymm7, %ymm13
-        vpxor	(%rax), %ymm8, %ymm14
-        vpsrlq	$37, %ymm10, %ymm0
-        vpsrlq	$28, %ymm11, %ymm1
-        vpsrlq	$54, %ymm12, %ymm2
-        vpsrlq	$49, %ymm13, %ymm3
-        vpsrlq	$8, %ymm14, %ymm4
-        vpsllq	$27, %ymm10, %ymm10
-        vpsllq	$36, %ymm11, %ymm11
-        vpsllq	$10, %ymm12, %ymm12
-        vpsllq	$15, %ymm13, %ymm13
-        vpsllq	$56, %ymm14, %ymm14
-        vpor	%ymm0, %ymm10, %ymm10
-        vpor	%ymm1, %ymm11, %ymm11
-        vpor	%ymm2, %ymm12, %ymm12
-        vpor	%ymm3, %ymm13, %ymm13
-        vpor	%ymm4, %ymm14, %ymm14
-        vpandn	%ymm12, %ymm11, %ymm0
-        vpandn	%ymm13, %ymm12, %ymm1
-        vpandn	%ymm14, %ymm13, %ymm2
-        vpandn	%ymm10, %ymm14, %ymm3
-        vpandn	%ymm11, %ymm10, %ymm4
-        vpxor	%ymm10, %ymm0, %ymm0
-        vpxor	%ymm11, %ymm1, %ymm1
-        vpxor	%ymm12, %ymm2, %ymm2
-        vpxor	%ymm13, %ymm3, %ymm3
-        vpxor	%ymm14, %ymm4, %ymm4
-        vmovdqu	%ymm0, -32(%rcx)
-        vmovdqu	%ymm1, 32(%rcx)
-        vmovdqu	%ymm2, -32(%rdi)
-        vmovdqu	%ymm3, 32(%rdi)
-        vmovdqu	%ymm4, (%rax)
-        # Row 4
-        vpxor	64(%rcx), %ymm7, %ymm10
-        vpxor	(%rdi), %ymm8, %ymm11
-        vpxor	64(%rdi), %ymm9, %ymm12
-        vpxor	32(%rax), %ymm5, %ymm13
-        vpxor	96(%rax), %ymm6, %ymm14
-        vpsrlq	$2, %ymm10, %ymm0
-        vpsrlq	$9, %ymm11, %ymm1
-        vpsrlq	$25, %ymm12, %ymm2
-        vpsrlq	$23, %ymm13, %ymm3
-        vpsrlq	$62, %ymm14, %ymm4
-        vpsllq	$62, %ymm10, %ymm10
-        vpsllq	$55, %ymm11, %ymm11
-        vpsllq	$39, %ymm12, %ymm12
-        vpsllq	$41, %ymm13, %ymm13
-        vpsllq	$2, %ymm14, %ymm14
-        vpor	%ymm0, %ymm10, %ymm10
-        vpor	%ymm1, %ymm11, %ymm11
-        vpor	%ymm2, %ymm12, %ymm12
-        vpor	%ymm3, %ymm13, %ymm13
-        vpor	%ymm4, %ymm14, %ymm14
-        vpandn	%ymm12, %ymm11, %ymm0
-        vpandn	%ymm13, %ymm12, %ymm1
-        vpandn	%ymm14, %ymm13, %ymm2
-        vpandn	%ymm10, %ymm14, %ymm3
-        vpandn	%ymm11, %ymm10, %ymm4
-        vpxor	%ymm10, %ymm0, %ymm0
-        vpxor	%ymm11, %ymm1, %ymm1
-        vpxor	%ymm12, %ymm2, %ymm2
-        vpxor	%ymm13, %ymm3, %ymm3
-        vpxor	%ymm14, %ymm4, %ymm4
-        vmovdqu	%ymm0, 64(%rcx)
-        vmovdqu	%ymm1, (%rdi)
-        vmovdqu	%ymm2, 64(%rdi)
-        vmovdqu	%ymm3, 32(%rax)
-        vmovdqu	%ymm4, 96(%rax)
-        # Round 22
-        # Calc b[0..4]
-        vpxor	%ymm15, %ymm0, %ymm10
-        vpxor	-96(%rdi), %ymm4, %ymm14
-        vpxor	-64(%rdi), %ymm3, %ymm13
-        vpxor	-32(%rdi), %ymm2, %ymm12
-        vpxor	32(%rdi), %ymm13, %ymm13
-        vpxor	96(%rdi), %ymm1, %ymm11
-        vpxor	128(%rdi), %ymm10, %ymm10
-        vpxor	-96(%rax), %ymm14, %ymm14
-        vpxor	-64(%rax), %ymm11, %ymm11
-        vpxor	-32(%rax), %ymm10, %ymm10
-        vpxor	(%rax), %ymm14, %ymm14
-        vpxor	64(%rax), %ymm12, %ymm12
-        vpxor	128(%rax), %ymm13, %ymm13
-        vpxor	-96(%rcx), %ymm12, %ymm12
-        vpxor	-64(%rcx), %ymm11, %ymm11
-        vpxor	-32(%rcx), %ymm10, %ymm10
-        vpxor	(%rcx), %ymm12, %ymm12
-        vpxor	32(%rcx), %ymm11, %ymm11
-        vpxor	96(%rcx), %ymm14, %ymm14
-        vpxor	128(%rcx), %ymm13, %ymm13
-        # Calc t[0..4]
-        vpsrlq	$63, %ymm11, %ymm0
-        vpsrlq	$63, %ymm12, %ymm1
-        vpsrlq	$63, %ymm13, %ymm2
-        vpsrlq	$63, %ymm14, %ymm3
-        vpsrlq	$63, %ymm10, %ymm4
-        vpaddq	%ymm11, %ymm11, %ymm5
-        vpaddq	%ymm12, %ymm12, %ymm6
-        vpaddq	%ymm13, %ymm13, %ymm7
-        vpaddq	%ymm14, %ymm14, %ymm8
-        vpaddq	%ymm10, %ymm10, %ymm9
-        vpor	%ymm0, %ymm5, %ymm5
-        vpor	%ymm1, %ymm6, %ymm6
-        vpor	%ymm2, %ymm7, %ymm7
-        vpor	%ymm3, %ymm8, %ymm8
-        vpor	%ymm4, %ymm9, %ymm9
-        vpxor	%ymm14, %ymm5, %ymm5
-        vpxor	%ymm10, %ymm6, %ymm6
-        vpxor	%ymm11, %ymm7, %ymm7
-        vpxor	%ymm12, %ymm8, %ymm8
-        vpxor	%ymm13, %ymm9, %ymm9
-        # Row Mix
-        # Row 0
-        vpxor	%ymm15, %ymm5, %ymm10
-        vpxor	-64(%rax), %ymm6, %ymm11
-        vpxor	(%rcx), %ymm7, %ymm12
-        vpxor	32(%rdi), %ymm8, %ymm13
-        vpxor	96(%rax), %ymm9, %ymm14
-        vpsrlq	$20, %ymm11, %ymm0
-        vpsrlq	$21, %ymm12, %ymm1
-        vpsrlq	$43, %ymm13, %ymm2
-        vpsrlq	$50, %ymm14, %ymm3
-        vpsllq	$44, %ymm11, %ymm11
-        vpsllq	$43, %ymm12, %ymm12
-        vpsllq	$21, %ymm13, %ymm13
-        vpsllq	$14, %ymm14, %ymm14
-        vpor	%ymm0, %ymm11, %ymm11
-        vpor	%ymm1, %ymm12, %ymm12
-        vpor	%ymm2, %ymm13, %ymm13
-        vpor	%ymm3, %ymm14, %ymm14
-        vpandn	%ymm12, %ymm11, %ymm15
-        vpandn	%ymm13, %ymm12, %ymm1
-        vpandn	%ymm14, %ymm13, %ymm2
-        vpandn	%ymm10, %ymm14, %ymm3
-        vpandn	%ymm11, %ymm10, %ymm4
-        vpxor	%ymm10, %ymm15, %ymm15
-        vpxor	%ymm11, %ymm1, %ymm1
-        vpxor	%ymm12, %ymm2, %ymm2
-        # XOR in constant
-        vpxor	704(%rdx), %ymm15, %ymm15
-        vpxor	%ymm13, %ymm3, %ymm3
-        vpxor	%ymm14, %ymm4, %ymm4
-        vmovdqu	%ymm1, -64(%rax)
-        vmovdqu	%ymm2, (%rcx)
-        vmovdqu	%ymm3, 32(%rdi)
-        vmovdqu	%ymm4, 96(%rax)
-        # Row 1
-        vpxor	128(%rax), %ymm8, %ymm10
-        vpxor	-96(%rdi), %ymm9, %ymm11
-        vpxor	-32(%rax), %ymm5, %ymm12
-        vpxor	32(%rcx), %ymm6, %ymm13
-        vpxor	64(%rdi), %ymm7, %ymm14
-        vpsrlq	$36, %ymm10, %ymm0
-        vpsrlq	$44, %ymm11, %ymm1
-        vpsrlq	$61, %ymm12, %ymm2
-        vpsrlq	$19, %ymm13, %ymm3
-        vpsrlq	$3, %ymm14, %ymm4
-        vpsllq	$28, %ymm10, %ymm10
-        vpsllq	$20, %ymm11, %ymm11
-        vpsllq	$3, %ymm12, %ymm12
-        vpsllq	$45, %ymm13, %ymm13
-        vpsllq	$61, %ymm14, %ymm14
-        vpor	%ymm0, %ymm10, %ymm10
-        vpor	%ymm1, %ymm11, %ymm11
-        vpor	%ymm2, %ymm12, %ymm12
-        vpor	%ymm3, %ymm13, %ymm13
-        vpor	%ymm4, %ymm14, %ymm14
-        vpandn	%ymm12, %ymm11, %ymm0
-        vpandn	%ymm13, %ymm12, %ymm1
-        vpandn	%ymm14, %ymm13, %ymm2
-        vpandn	%ymm10, %ymm14, %ymm3
-        vpandn	%ymm11, %ymm10, %ymm4
-        vpxor	%ymm10, %ymm0, %ymm0
-        vpxor	%ymm11, %ymm1, %ymm1
-        vpxor	%ymm12, %ymm2, %ymm2
-        vpxor	%ymm13, %ymm3, %ymm3
-        vpxor	%ymm14, %ymm4, %ymm4
-        vmovdqu	%ymm0, 128(%rax)
-        vmovdqu	%ymm1, -96(%rdi)
-        vmovdqu	%ymm2, -32(%rax)
-        vmovdqu	%ymm3, 32(%rcx)
-        vmovdqu	%ymm4, 64(%rdi)
-        # Row 2
-        vpxor	96(%rdi), %ymm6, %ymm10
-        vpxor	-96(%rcx), %ymm7, %ymm11
-        vpxor	-64(%rdi), %ymm8, %ymm12
-        vpxor	(%rax), %ymm9, %ymm13
-        vpxor	64(%rcx), %ymm5, %ymm14
-        vpsrlq	$63, %ymm10, %ymm0
-        vpsrlq	$58, %ymm11, %ymm1
-        vpsrlq	$39, %ymm12, %ymm2
-        vpsrlq	$56, %ymm13, %ymm3
-        vpsrlq	$46, %ymm14, %ymm4
-        vpaddq	%ymm10, %ymm10, %ymm10
-        vpsllq	$6, %ymm11, %ymm11
-        vpsllq	$25, %ymm12, %ymm12
-        vpsllq	$8, %ymm13, %ymm13
-        vpsllq	$18, %ymm14, %ymm14
-        vpor	%ymm0, %ymm10, %ymm10
-        vpor	%ymm1, %ymm11, %ymm11
-        vpor	%ymm2, %ymm12, %ymm12
-        vpor	%ymm3, %ymm13, %ymm13
-        vpor	%ymm4, %ymm14, %ymm14
-        vpandn	%ymm12, %ymm11, %ymm0
-        vpandn	%ymm13, %ymm12, %ymm1
-        vpandn	%ymm14, %ymm13, %ymm2
-        vpandn	%ymm10, %ymm14, %ymm3
-        vpandn	%ymm11, %ymm10, %ymm4
-        vpxor	%ymm10, %ymm0, %ymm0
-        vpxor	%ymm11, %ymm1, %ymm1
-        vpxor	%ymm12, %ymm2, %ymm2
-        vpxor	%ymm13, %ymm3, %ymm3
-        vpxor	%ymm14, %ymm4, %ymm4
-        vmovdqu	%ymm0, 96(%rdi)
-        vmovdqu	%ymm1, -96(%rcx)
-        vmovdqu	%ymm2, -64(%rdi)
-        vmovdqu	%ymm3, (%rax)
-        vmovdqu	%ymm4, 64(%rcx)
-        # Row 3
-        vpxor	96(%rcx), %ymm9, %ymm10
-        vpxor	128(%rdi), %ymm5, %ymm11
-        vpxor	-64(%rcx), %ymm6, %ymm12
-        vpxor	-32(%rdi), %ymm7, %ymm13
-        vpxor	32(%rax), %ymm8, %ymm14
-        vpsrlq	$37, %ymm10, %ymm0
-        vpsrlq	$28, %ymm11, %ymm1
-        vpsrlq	$54, %ymm12, %ymm2
-        vpsrlq	$49, %ymm13, %ymm3
-        vpsrlq	$8, %ymm14, %ymm4
-        vpsllq	$27, %ymm10, %ymm10
-        vpsllq	$36, %ymm11, %ymm11
-        vpsllq	$10, %ymm12, %ymm12
-        vpsllq	$15, %ymm13, %ymm13
-        vpsllq	$56, %ymm14, %ymm14
-        vpor	%ymm0, %ymm10, %ymm10
-        vpor	%ymm1, %ymm11, %ymm11
-        vpor	%ymm2, %ymm12, %ymm12
-        vpor	%ymm3, %ymm13, %ymm13
-        vpor	%ymm4, %ymm14, %ymm14
-        vpandn	%ymm12, %ymm11, %ymm0
-        vpandn	%ymm13, %ymm12, %ymm1
-        vpandn	%ymm14, %ymm13, %ymm2
-        vpandn	%ymm10, %ymm14, %ymm3
-        vpandn	%ymm11, %ymm10, %ymm4
-        vpxor	%ymm10, %ymm0, %ymm0
-        vpxor	%ymm11, %ymm1, %ymm1
-        vpxor	%ymm12, %ymm2, %ymm2
-        vpxor	%ymm13, %ymm3, %ymm3
-        vpxor	%ymm14, %ymm4, %ymm4
-        vmovdqu	%ymm0, 96(%rcx)
-        vmovdqu	%ymm1, 128(%rdi)
-        vmovdqu	%ymm2, -64(%rcx)
-        vmovdqu	%ymm3, -32(%rdi)
-        vmovdqu	%ymm4, 32(%rax)
-        # Row 4
-        vpxor	64(%rax), %ymm7, %ymm10
-        vpxor	128(%rcx), %ymm8, %ymm11
-        vpxor	-96(%rax), %ymm9, %ymm12
-        vpxor	-32(%rcx), %ymm5, %ymm13
-        vpxor	(%rdi), %ymm6, %ymm14
-        vpsrlq	$2, %ymm10, %ymm0
-        vpsrlq	$9, %ymm11, %ymm1
-        vpsrlq	$25, %ymm12, %ymm2
-        vpsrlq	$23, %ymm13, %ymm3
-        vpsrlq	$62, %ymm14, %ymm4
-        vpsllq	$62, %ymm10, %ymm10
-        vpsllq	$55, %ymm11, %ymm11
-        vpsllq	$39, %ymm12, %ymm12
-        vpsllq	$41, %ymm13, %ymm13
-        vpsllq	$2, %ymm14, %ymm14
-        vpor	%ymm0, %ymm10, %ymm10
-        vpor	%ymm1, %ymm11, %ymm11
-        vpor	%ymm2, %ymm12, %ymm12
-        vpor	%ymm3, %ymm13, %ymm13
-        vpor	%ymm4, %ymm14, %ymm14
-        vpandn	%ymm12, %ymm11, %ymm0
-        vpandn	%ymm13, %ymm12, %ymm1
-        vpandn	%ymm14, %ymm13, %ymm2
-        vpandn	%ymm10, %ymm14, %ymm3
-        vpandn	%ymm11, %ymm10, %ymm4
-        vpxor	%ymm10, %ymm0, %ymm0
-        vpxor	%ymm11, %ymm1, %ymm1
-        vpxor	%ymm12, %ymm2, %ymm2
-        vpxor	%ymm13, %ymm3, %ymm3
-        vpxor	%ymm14, %ymm4, %ymm4
-        vmovdqu	%ymm0, 64(%rax)
-        vmovdqu	%ymm1, 128(%rcx)
-        vmovdqu	%ymm2, -96(%rax)
-        vmovdqu	%ymm3, -32(%rcx)
-        vmovdqu	%ymm4, (%rdi)
-        # Round 23
-        # Calc b[0..4]
-        vpxor	%ymm15, %ymm0, %ymm10
-        vpxor	-96(%rdi), %ymm1, %ymm11
-        vpxor	-64(%rdi), %ymm2, %ymm12
-        vpxor	-32(%rdi), %ymm3, %ymm13
-        vpxor	32(%rdi), %ymm13, %ymm13
-        vpxor	64(%rdi), %ymm4, %ymm14
-        vpxor	96(%rdi), %ymm10, %ymm10
-        vpxor	128(%rdi), %ymm11, %ymm11
-        vpxor	-64(%rax), %ymm11, %ymm11
-        vpxor	-32(%rax), %ymm12, %ymm12
-        vpxor	(%rax), %ymm13, %ymm13
-        vpxor	32(%rax), %ymm14, %ymm14
-        vpxor	96(%rax), %ymm14, %ymm14
-        vpxor	128(%rax), %ymm10, %ymm10
-        vpxor	-96(%rcx), %ymm11, %ymm11
-        vpxor	-64(%rcx), %ymm12, %ymm12
-        vpxor	(%rcx), %ymm12, %ymm12
-        vpxor	32(%rcx), %ymm13, %ymm13
-        vpxor	64(%rcx), %ymm14, %ymm14
-        vpxor	96(%rcx), %ymm10, %ymm10
-        # Calc t[0..4]
-        vpsrlq	$63, %ymm11, %ymm0
-        vpsrlq	$63, %ymm12, %ymm1
-        vpsrlq	$63, %ymm13, %ymm2
-        vpsrlq	$63, %ymm14, %ymm3
-        vpsrlq	$63, %ymm10, %ymm4
-        vpaddq	%ymm11, %ymm11, %ymm5
-        vpaddq	%ymm12, %ymm12, %ymm6
-        vpaddq	%ymm13, %ymm13, %ymm7
-        vpaddq	%ymm14, %ymm14, %ymm8
-        vpaddq	%ymm10, %ymm10, %ymm9
-        vpor	%ymm0, %ymm5, %ymm5
-        vpor	%ymm1, %ymm6, %ymm6
-        vpor	%ymm2, %ymm7, %ymm7
-        vpor	%ymm3, %ymm8, %ymm8
-        vpor	%ymm4, %ymm9, %ymm9
-        vpxor	%ymm14, %ymm5, %ymm5
-        vpxor	%ymm10, %ymm6, %ymm6
-        vpxor	%ymm11, %ymm7, %ymm7
-        vpxor	%ymm12, %ymm8, %ymm8
-        vpxor	%ymm13, %ymm9, %ymm9
-        # Row Mix
-        # Row 0
-        vpxor	%ymm15, %ymm5, %ymm10
-        vpxor	-96(%rdi), %ymm6, %ymm11
-        vpxor	-64(%rdi), %ymm7, %ymm12
-        vpxor	-32(%rdi), %ymm8, %ymm13
-        vpxor	(%rdi), %ymm9, %ymm14
-        vpsrlq	$20, %ymm11, %ymm0
-        vpsrlq	$21, %ymm12, %ymm1
-        vpsrlq	$43, %ymm13, %ymm2
-        vpsrlq	$50, %ymm14, %ymm3
-        vpsllq	$44, %ymm11, %ymm11
-        vpsllq	$43, %ymm12, %ymm12
-        vpsllq	$21, %ymm13, %ymm13
-        vpsllq	$14, %ymm14, %ymm14
-        vpor	%ymm0, %ymm11, %ymm11
-        vpor	%ymm1, %ymm12, %ymm12
-        vpor	%ymm2, %ymm13, %ymm13
-        vpor	%ymm3, %ymm14, %ymm14
-        vpandn	%ymm12, %ymm11, %ymm15
-        vpandn	%ymm13, %ymm12, %ymm1
-        vpandn	%ymm14, %ymm13, %ymm2
-        vpandn	%ymm10, %ymm14, %ymm3
-        vpandn	%ymm11, %ymm10, %ymm4
-        vpxor	%ymm10, %ymm15, %ymm15
-        vpxor	%ymm11, %ymm1, %ymm1
-        vpxor	%ymm12, %ymm2, %ymm2
-        # XOR in constant
-        vpxor	736(%rdx), %ymm15, %ymm15
-        vpxor	%ymm13, %ymm3, %ymm3
-        vpxor	%ymm14, %ymm4, %ymm4
-        vmovdqu	%ymm1, -96(%rdi)
-        vmovdqu	%ymm2, -64(%rdi)
-        vmovdqu	%ymm3, -32(%rdi)
-        vmovdqu	%ymm4, (%rdi)
-        # Row 1
-        vpxor	32(%rdi), %ymm8, %ymm10
-        vpxor	64(%rdi), %ymm9, %ymm11
-        vpxor	96(%rdi), %ymm5, %ymm12
-        vpxor	128(%rdi), %ymm6, %ymm13
-        vpxor	-96(%rax), %ymm7, %ymm14
-        vpsrlq	$36, %ymm10, %ymm0
-        vpsrlq	$44, %ymm11, %ymm1
-        vpsrlq	$61, %ymm12, %ymm2
-        vpsrlq	$19, %ymm13, %ymm3
-        vpsrlq	$3, %ymm14, %ymm4
-        vpsllq	$28, %ymm10, %ymm10
-        vpsllq	$20, %ymm11, %ymm11
-        vpsllq	$3, %ymm12, %ymm12
-        vpsllq	$45, %ymm13, %ymm13
-        vpsllq	$61, %ymm14, %ymm14
-        vpor	%ymm0, %ymm10, %ymm10
-        vpor	%ymm1, %ymm11, %ymm11
-        vpor	%ymm2, %ymm12, %ymm12
-        vpor	%ymm3, %ymm13, %ymm13
-        vpor	%ymm4, %ymm14, %ymm14
-        vpandn	%ymm12, %ymm11, %ymm0
-        vpandn	%ymm13, %ymm12, %ymm1
-        vpandn	%ymm14, %ymm13, %ymm2
-        vpandn	%ymm10, %ymm14, %ymm3
-        vpandn	%ymm11, %ymm10, %ymm4
-        vpxor	%ymm10, %ymm0, %ymm0
-        vpxor	%ymm11, %ymm1, %ymm1
-        vpxor	%ymm12, %ymm2, %ymm2
-        vpxor	%ymm13, %ymm3, %ymm3
-        vpxor	%ymm14, %ymm4, %ymm4
-        vmovdqu	%ymm0, 32(%rdi)
-        vmovdqu	%ymm1, 64(%rdi)
-        vmovdqu	%ymm2, 96(%rdi)
-        vmovdqu	%ymm3, 128(%rdi)
-        vmovdqu	%ymm4, -96(%rax)
-        # Row 2
-        vpxor	-64(%rax), %ymm6, %ymm10
-        vpxor	-32(%rax), %ymm7, %ymm11
-        vpxor	(%rax), %ymm8, %ymm12
-        vpxor	32(%rax), %ymm9, %ymm13
-        vpxor	64(%rax), %ymm5, %ymm14
-        vpsrlq	$63, %ymm10, %ymm0
-        vpsrlq	$58, %ymm11, %ymm1
-        vpsrlq	$39, %ymm12, %ymm2
-        vpsrlq	$56, %ymm13, %ymm3
-        vpsrlq	$46, %ymm14, %ymm4
-        vpaddq	%ymm10, %ymm10, %ymm10
-        vpsllq	$6, %ymm11, %ymm11
-        vpsllq	$25, %ymm12, %ymm12
-        vpsllq	$8, %ymm13, %ymm13
-        vpsllq	$18, %ymm14, %ymm14
-        vpor	%ymm0, %ymm10, %ymm10
-        vpor	%ymm1, %ymm11, %ymm11
-        vpor	%ymm2, %ymm12, %ymm12
-        vpor	%ymm3, %ymm13, %ymm13
-        vpor	%ymm4, %ymm14, %ymm14
-        vpandn	%ymm12, %ymm11, %ymm0
-        vpandn	%ymm13, %ymm12, %ymm1
-        vpandn	%ymm14, %ymm13, %ymm2
-        vpandn	%ymm10, %ymm14, %ymm3
-        vpandn	%ymm11, %ymm10, %ymm4
-        vpxor	%ymm10, %ymm0, %ymm0
-        vpxor	%ymm11, %ymm1, %ymm1
-        vpxor	%ymm12, %ymm2, %ymm2
-        vpxor	%ymm13, %ymm3, %ymm3
-        vpxor	%ymm14, %ymm4, %ymm4
-        vmovdqu	%ymm0, -64(%rax)
-        vmovdqu	%ymm1, -32(%rax)
-        vmovdqu	%ymm2, (%rax)
-        vmovdqu	%ymm3, 32(%rax)
-        vmovdqu	%ymm4, 64(%rax)
-        # Row 3
-        vpxor	96(%rax), %ymm9, %ymm10
-        vpxor	128(%rax), %ymm5, %ymm11
-        vpxor	-96(%rcx), %ymm6, %ymm12
-        vpxor	-64(%rcx), %ymm7, %ymm13
-        vpxor	-32(%rcx), %ymm8, %ymm14
-        vpsrlq	$37, %ymm10, %ymm0
-        vpsrlq	$28, %ymm11, %ymm1
-        vpsrlq	$54, %ymm12, %ymm2
-        vpsrlq	$49, %ymm13, %ymm3
-        vpsrlq	$8, %ymm14, %ymm4
-        vpsllq	$27, %ymm10, %ymm10
-        vpsllq	$36, %ymm11, %ymm11
-        vpsllq	$10, %ymm12, %ymm12
-        vpsllq	$15, %ymm13, %ymm13
-        vpsllq	$56, %ymm14, %ymm14
-        vpor	%ymm0, %ymm10, %ymm10
-        vpor	%ymm1, %ymm11, %ymm11
-        vpor	%ymm2, %ymm12, %ymm12
-        vpor	%ymm3, %ymm13, %ymm13
-        vpor	%ymm4, %ymm14, %ymm14
-        vpandn	%ymm12, %ymm11, %ymm0
-        vpandn	%ymm13, %ymm12, %ymm1
-        vpandn	%ymm14, %ymm13, %ymm2
-        vpandn	%ymm10, %ymm14, %ymm3
-        vpandn	%ymm11, %ymm10, %ymm4
-        vpxor	%ymm10, %ymm0, %ymm0
-        vpxor	%ymm11, %ymm1, %ymm1
-        vpxor	%ymm12, %ymm2, %ymm2
-        vpxor	%ymm13, %ymm3, %ymm3
-        vpxor	%ymm14, %ymm4, %ymm4
-        vmovdqu	%ymm0, 96(%rax)
-        vmovdqu	%ymm1, 128(%rax)
-        vmovdqu	%ymm2, -96(%rcx)
-        vmovdqu	%ymm3, -64(%rcx)
-        vmovdqu	%ymm4, -32(%rcx)
-        # Row 4
-        vpxor	(%rcx), %ymm7, %ymm10
-        vpxor	32(%rcx), %ymm8, %ymm11
-        vpxor	64(%rcx), %ymm9, %ymm12
-        vpxor	96(%rcx), %ymm5, %ymm13
-        vpxor	128(%rcx), %ymm6, %ymm14
-        vpsrlq	$2, %ymm10, %ymm0
-        vpsrlq	$9, %ymm11, %ymm1
-        vpsrlq	$25, %ymm12, %ymm2
-        vpsrlq	$23, %ymm13, %ymm3
-        vpsrlq	$62, %ymm14, %ymm4
-        vpsllq	$62, %ymm10, %ymm10
-        vpsllq	$55, %ymm11, %ymm11
-        vpsllq	$39, %ymm12, %ymm12
-        vpsllq	$41, %ymm13, %ymm13
-        vpsllq	$2, %ymm14, %ymm14
-        vpor	%ymm0, %ymm10, %ymm10
-        vpor	%ymm1, %ymm11, %ymm11
-        vpor	%ymm2, %ymm12, %ymm12
-        vpor	%ymm3, %ymm13, %ymm13
-        vpor	%ymm4, %ymm14, %ymm14
-        vpandn	%ymm12, %ymm11, %ymm0
-        vpandn	%ymm13, %ymm12, %ymm1
-        vpandn	%ymm14, %ymm13, %ymm2
-        vpandn	%ymm10, %ymm14, %ymm3
-        vpandn	%ymm11, %ymm10, %ymm4
-        vpxor	%ymm10, %ymm0, %ymm0
-        vpxor	%ymm11, %ymm1, %ymm1
-        vpxor	%ymm12, %ymm2, %ymm2
-        vpxor	%ymm13, %ymm3, %ymm3
-        vpxor	%ymm14, %ymm4, %ymm4
-        vmovdqu	%ymm0, (%rcx)
-        vmovdqu	%ymm1, 32(%rcx)
-        vmovdqu	%ymm2, 64(%rcx)
-        vmovdqu	%ymm3, 96(%rcx)
-        vmovdqu	%ymm4, 128(%rcx)
-        subq	$0x80, %rdi
-        vmovdqu	%ymm15, (%rdi)
-        vzeroupper
-        repz retq
-#ifndef __APPLE__
-.size	mlkem_sha3_256_blocksx4_seed_avx2,.-mlkem_sha3_256_blocksx4_seed_avx2
-#endif /* __APPLE__ */
 #endif /* HAVE_INTEL_AVX2 */
 #endif /* WOLFSSL_WC_MLKEM */
 
diff --git a/wolfcrypt/src/wc_mlkem_poly.c b/wolfcrypt/src/wc_mlkem_poly.c
index e2e184928..9f8184de3 100644
--- a/wolfcrypt/src/wc_mlkem_poly.c
+++ b/wolfcrypt/src/wc_mlkem_poly.c
@@ -76,6 +76,7 @@
 #endif
 
 #include <wolfssl/wolfcrypt/wc_mlkem.h>
+#include <wolfssl/wolfcrypt/sha3.h>
 #include <wolfssl/wolfcrypt/cpuid.h>
 
 #ifdef WOLFSSL_WC_MLKEM
@@ -102,7 +103,7 @@ extern volatile sword16 mlkem_opt_blocker;
 
 #if defined(USE_INTEL_SPEEDUP) || (defined(__aarch64__) && \
     defined(WOLFSSL_ARMASM))
-static word32 cpuid_flags = 0;
+static cpuid_flags_t cpuid_flags = WC_CPUID_INITIALIZER;
 #endif
 
 /* Half of Q plus one. Converted message bit value of 1. */
@@ -1242,7 +1243,7 @@ void mlkem_init(void)
 {
 #if defined(USE_INTEL_SPEEDUP) || (defined(__aarch64__) && \
     defined(WOLFSSL_ARMASM))
-    cpuid_flags = cpuid_get_flags();
+    cpuid_get_flags_ex(&cpuid_flags);
 #endif
 }
 
@@ -2264,7 +2265,7 @@ void mlkem_decapsulate(const sword16* s, sword16* w, sword16* u,
 
 /******************************************************************************/
 
-#ifdef USE_INTEL_SPEEDUP
+#if defined(USE_INTEL_SPEEDUP) && !defined(WC_SHA3_NO_ASM)
 #if defined(WOLFSSL_KYBER512) || defined(WOLFSSL_WC_ML_KEM_512)
 /* Deterministically generate a matrix (or transpose) of uniform integers mod q.
  *
@@ -2322,7 +2323,7 @@ static int mlkem_gen_matrix_k2_avx2(sword16* a, byte* seed, int transposed)
         state[4*4 + 3] = 0x1f0000 + 0x101;
     }
 
-    mlkem_sha3_128_blocksx4_seed_avx2(state, seed);
+    sha3_128_blocksx4_seed_avx2(state, seed);
     mlkem_redistribute_21_rand_avx2(state, rand + 0 * GEN_MATRIX_SIZE,
         rand + 1 * GEN_MATRIX_SIZE, rand + 2 * GEN_MATRIX_SIZE,
         rand + 3 * GEN_MATRIX_SIZE);
@@ -2432,7 +2433,7 @@ static int mlkem_gen_matrix_k3_avx2(sword16* a, byte* seed, int transposed)
             }
         }
 
-        mlkem_sha3_128_blocksx4_seed_avx2(state, seed);
+        sha3_128_blocksx4_seed_avx2(state, seed);
         mlkem_redistribute_21_rand_avx2(state,
             rand + 0 * GEN_MATRIX_SIZE, rand + 1 * GEN_MATRIX_SIZE,
             rand + 2 * GEN_MATRIX_SIZE, rand + 3 * GEN_MATRIX_SIZE);
@@ -2587,7 +2588,7 @@ static int mlkem_gen_matrix_k4_avx2(sword16* a, byte* seed, int transposed)
             }
         }
 
-        mlkem_sha3_128_blocksx4_seed_avx2(state, seed);
+        sha3_128_blocksx4_seed_avx2(state, seed);
         mlkem_redistribute_21_rand_avx2(state,
             rand + 0 * GEN_MATRIX_SIZE, rand + 1 * GEN_MATRIX_SIZE,
             rand + 2 * GEN_MATRIX_SIZE, rand + 3 * GEN_MATRIX_SIZE);
@@ -3527,7 +3528,7 @@ int mlkem_gen_matrix(MLKEM_PRF_T* prf, sword16* a, int k, byte* seed,
 #if defined(WOLFSSL_ARMASM) && defined(__aarch64__)
         ret = mlkem_gen_matrix_k2_aarch64(a, seed, transposed);
 #else
-    #ifdef USE_INTEL_SPEEDUP
+    #if defined(USE_INTEL_SPEEDUP) && !defined(WC_SHA3_NO_ASM)
         if (IS_INTEL_AVX2(cpuid_flags) && (SAVE_VECTOR_REGISTERS2() == 0)) {
             ret = mlkem_gen_matrix_k2_avx2(a, seed, transposed);
             RESTORE_VECTOR_REGISTERS();
@@ -3546,7 +3547,7 @@ int mlkem_gen_matrix(MLKEM_PRF_T* prf, sword16* a, int k, byte* seed,
 #if defined(WOLFSSL_ARMASM) && defined(__aarch64__)
         ret = mlkem_gen_matrix_k3_aarch64(a, seed, transposed);
 #else
-    #ifdef USE_INTEL_SPEEDUP
+    #if defined(USE_INTEL_SPEEDUP) && !defined(WC_SHA3_NO_ASM)
         if (IS_INTEL_AVX2(cpuid_flags) && (SAVE_VECTOR_REGISTERS2() == 0)) {
             ret = mlkem_gen_matrix_k3_avx2(a, seed, transposed);
             RESTORE_VECTOR_REGISTERS();
@@ -3565,7 +3566,7 @@ int mlkem_gen_matrix(MLKEM_PRF_T* prf, sword16* a, int k, byte* seed,
 #if defined(WOLFSSL_ARMASM) && defined(__aarch64__)
         ret = mlkem_gen_matrix_k4_aarch64(a, seed, transposed);
 #else
-    #ifdef USE_INTEL_SPEEDUP
+    #if defined(USE_INTEL_SPEEDUP) && !defined(WC_SHA3_NO_ASM)
         if (IS_INTEL_AVX2(cpuid_flags) && (SAVE_VECTOR_REGISTERS2() == 0)) {
             ret = mlkem_gen_matrix_k4_avx2(a, seed, transposed);
             RESTORE_VECTOR_REGISTERS();
@@ -4070,7 +4071,7 @@ static int mlkem_get_noise_eta2_c(MLKEM_PRF_T* prf, sword16* p,
 
 #endif
 
-#ifdef USE_INTEL_SPEEDUP
+#if defined(USE_INTEL_SPEEDUP) && !defined(WC_SHA3_NO_ASM)
 #define PRF_RAND_SZ   (2 * SHA3_256_BYTES)
 
 #if defined(WOLFSSL_KYBER768) || defined(WOLFSSL_WC_ML_KEM_768) || \
@@ -4097,7 +4098,7 @@ static void mlkem_get_noise_x4_eta2_avx2(byte* rand, byte* seed, byte o)
         state[4*4 + i] = 0x1f00 + i + o;
     }
 
-    mlkem_sha3_256_blocksx4_seed_avx2(state, seed);
+    sha3_256_blocksx4_seed_avx2(state, seed);
     mlkem_redistribute_16_rand_avx2(state, rand + 0 * ETA2_RAND_SIZE,
         rand + 1 * ETA2_RAND_SIZE, rand + 2 * ETA2_RAND_SIZE,
         rand + 3 * ETA2_RAND_SIZE);
@@ -4182,7 +4183,7 @@ static void mlkem_get_noise_x4_eta3_avx2(byte* rand, byte* seed)
     state[4*4 + 2] = 0x1f00 + 2;
     state[4*4 + 3] = 0x1f00 + 3;
 
-    mlkem_sha3_256_blocksx4_seed_avx2(state, seed);
+    sha3_256_blocksx4_seed_avx2(state, seed);
     mlkem_redistribute_17_rand_avx2(state, rand + 0 * PRF_RAND_SZ,
         rand + 1 * PRF_RAND_SZ, rand + 2 * PRF_RAND_SZ,
         rand + 3 * PRF_RAND_SZ);
@@ -4611,7 +4612,7 @@ int mlkem_get_noise(MLKEM_PRF_T* prf, int k, sword16* vec1, sword16* vec2,
 #if defined(WOLFSSL_ARMASM) && defined(__aarch64__)
         ret = mlkem_get_noise_k2_aarch64(vec1, vec2, poly, seed);
 #else
-    #ifdef USE_INTEL_SPEEDUP
+    #if defined(USE_INTEL_SPEEDUP) && !defined(WC_SHA3_NO_ASM)
         if (IS_INTEL_AVX2(cpuid_flags) && (SAVE_VECTOR_REGISTERS2() == 0)) {
             ret = mlkem_get_noise_k2_avx2(prf, vec1, vec2, poly, seed);
             RESTORE_VECTOR_REGISTERS();
@@ -4635,7 +4636,7 @@ int mlkem_get_noise(MLKEM_PRF_T* prf, int k, sword16* vec1, sword16* vec2,
 #if defined(WOLFSSL_ARMASM) && defined(__aarch64__)
         ret = mlkem_get_noise_k3_aarch64(vec1, vec2, poly, seed);
 #else
-    #ifdef USE_INTEL_SPEEDUP
+    #if defined(USE_INTEL_SPEEDUP) && !defined(WC_SHA3_NO_ASM)
         if (IS_INTEL_AVX2(cpuid_flags) && (SAVE_VECTOR_REGISTERS2() == 0)) {
             ret = mlkem_get_noise_k3_avx2(vec1, vec2, poly, seed);
             RESTORE_VECTOR_REGISTERS();
@@ -4655,7 +4656,7 @@ int mlkem_get_noise(MLKEM_PRF_T* prf, int k, sword16* vec1, sword16* vec2,
 #if defined(WOLFSSL_ARMASM) && defined(__aarch64__)
         ret = mlkem_get_noise_k4_aarch64(vec1, vec2, poly, seed);
 #else
-    #ifdef USE_INTEL_SPEEDUP
+    #if defined(USE_INTEL_SPEEDUP) && !defined(WC_SHA3_NO_ASM)
         if (IS_INTEL_AVX2(cpuid_flags) && (SAVE_VECTOR_REGISTERS2() == 0)) {
             ret = mlkem_get_noise_k4_avx2(prf, vec1, vec2, poly, seed);
             RESTORE_VECTOR_REGISTERS();
diff --git a/wolfcrypt/src/wc_port.c b/wolfcrypt/src/wc_port.c
index 3c63d2662..0b328408b 100644
--- a/wolfcrypt/src/wc_port.c
+++ b/wolfcrypt/src/wc_port.c
@@ -60,10 +60,10 @@
     #include <wolfssl/wolfcrypt/port/atmel/atmel.h>
 #endif
 #if defined(WOLFSSL_RENESAS_TSIP)
-    #include <wolfssl/wolfcrypt/port/Renesas/renesas-tsip-crypt.h>
+    #include <wolfssl/wolfcrypt/port/Renesas/renesas_tsip_internal.h>
 #endif
 #if defined(WOLFSSL_RENESAS_FSPSM)
-    #include <wolfssl/wolfcrypt/port/Renesas/renesas-fspsm-crypt.h>
+    #include <wolfssl/wolfcrypt/port/Renesas/renesas_fspsm_internal.h>
 #endif
 #if defined(WOLFSSL_RENESAS_RX64_HASH)
     #include <wolfssl/wolfcrypt/port/Renesas/renesas-rx64-hw-crypt.h>
@@ -241,7 +241,7 @@ int wolfCrypt_Init(void)
         }
     #endif
 
-    #ifdef WOLFSSL_LINUXKM_USE_SAVE_VECTOR_REGISTERS
+    #if defined(WOLFSSL_USE_SAVE_VECTOR_REGISTERS) && defined(WOLFSSL_LINUXKM)
         ret = allocate_wolfcrypt_linuxkm_fpu_states();
         if (ret != 0) {
             WOLFSSL_MSG("allocate_wolfcrypt_linuxkm_fpu_states failed");
@@ -540,7 +540,7 @@ int wolfCrypt_Cleanup(void)
         rpcmem_deinit();
         wolfSSL_CleanupHandle();
     #endif
-    #ifdef WOLFSSL_LINUXKM_USE_SAVE_VECTOR_REGISTERS
+    #if defined(WOLFSSL_USE_SAVE_VECTOR_REGISTERS) && defined(WOLFSSL_LINUXKM)
         free_wolfcrypt_linuxkm_fpu_states();
     #endif
 
@@ -1282,6 +1282,11 @@ void wolfSSL_Atomic_Int_Init(wolfSSL_Atomic_Int* c, int i)
     *c = i;
 }
 
+void wolfSSL_Atomic_Uint_Init(wolfSSL_Atomic_Uint* c, unsigned int i)
+{
+    *c = i;
+}
+
 int wolfSSL_Atomic_Int_FetchAdd(wolfSSL_Atomic_Int* c, int i)
 {
     return __atomic_fetch_add(c, i, __ATOMIC_RELAXED);
@@ -1291,13 +1296,80 @@ int wolfSSL_Atomic_Int_FetchSub(wolfSSL_Atomic_Int* c, int i)
 {
     return __atomic_fetch_sub(c, i, __ATOMIC_RELAXED);
 }
+
+int wolfSSL_Atomic_Int_AddFetch(wolfSSL_Atomic_Int* c, int i)
+{
+    return __atomic_add_fetch(c, i, __ATOMIC_RELAXED);
+}
+
+int wolfSSL_Atomic_Int_SubFetch(wolfSSL_Atomic_Int* c, int i)
+{
+    return __atomic_sub_fetch(c, i, __ATOMIC_RELAXED);
+}
+
+int wolfSSL_Atomic_Int_CompareExchange(wolfSSL_Atomic_Int* c, int *expected_i,
+                                       int new_i)
+{
+    /* For the success path, use full synchronization with barriers --
+     * "Sequentially-consistent ordering" -- so that all threads see the same
+     * "single total modification order of all atomic operations" -- but on
+     * failure we just need to be sure we acquire the value that changed out
+     * from under us.
+     */
+    return __atomic_compare_exchange_n(c, expected_i, new_i, 0 /* weak */,
+                                       __ATOMIC_SEQ_CST, __ATOMIC_ACQUIRE);
+}
+
+unsigned int wolfSSL_Atomic_Uint_FetchAdd(wolfSSL_Atomic_Uint* c,
+                                          unsigned int i)
+{
+    return __atomic_fetch_add(c, i, __ATOMIC_RELAXED);
+}
+
+unsigned int wolfSSL_Atomic_Uint_FetchSub(wolfSSL_Atomic_Uint* c,
+                                          unsigned int i)
+{
+    return __atomic_fetch_sub(c, i, __ATOMIC_RELAXED);
+}
+
+unsigned int wolfSSL_Atomic_Uint_AddFetch(wolfSSL_Atomic_Uint* c,
+                                          unsigned int i)
+{
+    return __atomic_add_fetch(c, i, __ATOMIC_RELAXED);
+}
+
+unsigned int wolfSSL_Atomic_Uint_SubFetch(wolfSSL_Atomic_Uint* c,
+                                          unsigned int i)
+{
+    return __atomic_sub_fetch(c, i, __ATOMIC_RELAXED);
+}
+
+int wolfSSL_Atomic_Uint_CompareExchange(
+    wolfSSL_Atomic_Uint* c, unsigned int *expected_i, unsigned int new_i)
+{
+    /* For the success path, use full synchronization with barriers --
+     * "Sequentially-consistent ordering" -- so that all threads see the same
+     * "single total modification order of all atomic operations" -- but on
+     * failure we just need to be sure we acquire the value that changed out
+     * from under us.
+     */
+    return __atomic_compare_exchange_n(
+        c, expected_i, new_i, 0 /* weak */, __ATOMIC_SEQ_CST, __ATOMIC_ACQUIRE);
+}
+
 #else
+
 /* Default C Implementation */
 void wolfSSL_Atomic_Int_Init(wolfSSL_Atomic_Int* c, int i)
 {
     atomic_init(c, i);
 }
 
+void wolfSSL_Atomic_Uint_Init(wolfSSL_Atomic_Uint* c, unsigned int i)
+{
+    atomic_init(c, i);
+}
+
 int wolfSSL_Atomic_Int_FetchAdd(wolfSSL_Atomic_Int* c, int i)
 {
     return atomic_fetch_add_explicit(c, i, memory_order_relaxed);
@@ -1307,16 +1379,85 @@ int wolfSSL_Atomic_Int_FetchSub(wolfSSL_Atomic_Int* c, int i)
 {
     return atomic_fetch_sub_explicit(c, i, memory_order_relaxed);
 }
+
+int wolfSSL_Atomic_Int_AddFetch(wolfSSL_Atomic_Int* c, int i)
+{
+    int ret = atomic_fetch_add_explicit(c, i, memory_order_relaxed);
+    return ret + i;
+}
+
+int wolfSSL_Atomic_Int_SubFetch(wolfSSL_Atomic_Int* c, int i)
+{
+    int ret = atomic_fetch_sub_explicit(c, i, memory_order_relaxed);
+    return ret - i;
+}
+
+int wolfSSL_Atomic_Int_CompareExchange(
+    wolfSSL_Atomic_Int* c, int *expected_i, int new_i)
+{
+    /* For the success path, use full synchronization with barriers --
+     * "Sequentially-consistent ordering" -- so that all threads see the same
+     * "single total modification order of all atomic operations" -- but on
+     * failure we just need to be sure we acquire the value that changed out
+     * from under us.
+     */
+    return atomic_compare_exchange_strong_explicit(
+        c, expected_i, new_i, memory_order_seq_cst, memory_order_acquire);
+}
+
+unsigned int wolfSSL_Atomic_Uint_FetchAdd(wolfSSL_Atomic_Uint* c,
+                                          unsigned int i)
+{
+    return atomic_fetch_add_explicit(c, i, memory_order_relaxed);
+}
+
+unsigned int wolfSSL_Atomic_Uint_FetchSub(wolfSSL_Atomic_Uint* c,
+                                          unsigned int i)
+{
+    return atomic_fetch_sub_explicit(c, i, memory_order_relaxed);
+}
+
+unsigned int wolfSSL_Atomic_Uint_AddFetch(wolfSSL_Atomic_Uint* c,
+                                          unsigned int i)
+{
+    unsigned int ret = atomic_fetch_add_explicit(c, i, memory_order_relaxed);
+    return ret + i;
+}
+
+unsigned int wolfSSL_Atomic_Uint_SubFetch(wolfSSL_Atomic_Uint* c,
+                                          unsigned int i)
+{
+    unsigned int ret = atomic_fetch_sub_explicit(c, i, memory_order_relaxed);
+    return ret - i;
+}
+
+int wolfSSL_Atomic_Uint_CompareExchange(
+    wolfSSL_Atomic_Uint* c, unsigned int *expected_i, unsigned int new_i)
+{
+    /* For the success path, use full synchronization with barriers --
+     * "Sequentially-consistent ordering" -- so that all threads see the same
+     * "single total modification order of all atomic operations" -- but on
+     * failure we just need to be sure we acquire the value that changed out
+     * from under us.
+     */
+    return atomic_compare_exchange_strong_explicit(
+        c, expected_i, new_i, memory_order_seq_cst, memory_order_acquire);
+}
+
 #endif /* __cplusplus */
 
 #elif defined(_MSC_VER)
 
-/* Default C Implementation */
 void wolfSSL_Atomic_Int_Init(wolfSSL_Atomic_Int* c, int i)
 {
     *c = i;
 }
 
+void wolfSSL_Atomic_Uint_Init(wolfSSL_Atomic_Uint* c, unsigned int i)
+{
+    *c = i;
+}
+
 int wolfSSL_Atomic_Int_FetchAdd(wolfSSL_Atomic_Int* c, int i)
 {
     return (int)_InterlockedExchangeAdd(c, (long)i);
@@ -1327,6 +1468,76 @@ int wolfSSL_Atomic_Int_FetchSub(wolfSSL_Atomic_Int* c, int i)
     return (int)_InterlockedExchangeAdd(c, (long)-i);
 }
 
+int wolfSSL_Atomic_Int_AddFetch(wolfSSL_Atomic_Int* c, int i)
+{
+    int ret = (int)_InterlockedExchangeAdd(c, (long)i);
+    return ret + i;
+}
+
+int wolfSSL_Atomic_Int_SubFetch(wolfSSL_Atomic_Int* c, int i)
+{
+    int ret = (int)_InterlockedExchangeAdd(c, (long)-i);
+    return ret - i;
+}
+
+int wolfSSL_Atomic_Int_CompareExchange(wolfSSL_Atomic_Int* c, int *expected_i,
+                                       int new_i)
+{
+    long actual_i = InterlockedCompareExchange(c, (long)new_i,
+                                               (long)*expected_i);
+    if (actual_i == (long)*expected_i) {
+        return 1;
+    }
+    else {
+        *expected_i = (int)actual_i;
+        return 0;
+    }
+}
+
+unsigned int wolfSSL_Atomic_Uint_FetchAdd(wolfSSL_Atomic_Uint* c,
+                                          unsigned int i)
+{
+    return (unsigned int)_InterlockedExchangeAdd((wolfSSL_Atomic_Int *)c,
+                                                 (long)i);
+}
+
+unsigned int wolfSSL_Atomic_Uint_FetchSub(wolfSSL_Atomic_Uint* c,
+                                          unsigned int i)
+{
+    return (unsigned int)_InterlockedExchangeAdd((wolfSSL_Atomic_Int *)c,
+                                                 -(long)i);
+}
+
+unsigned int wolfSSL_Atomic_Uint_AddFetch(wolfSSL_Atomic_Uint* c,
+                                          unsigned int i)
+{
+    unsigned int ret = (unsigned int)_InterlockedExchangeAdd
+        ((wolfSSL_Atomic_Int *)c, (long)i);
+    return ret + i;
+}
+
+unsigned int wolfSSL_Atomic_Uint_SubFetch(wolfSSL_Atomic_Uint* c,
+                                          unsigned int i)
+{
+    unsigned int ret = (unsigned int)_InterlockedExchangeAdd
+        ((wolfSSL_Atomic_Int *)c, -(long)i);
+    return ret - i;
+}
+
+int wolfSSL_Atomic_Uint_CompareExchange(
+    wolfSSL_Atomic_Uint* c, unsigned int *expected_i, unsigned int new_i)
+{
+    long actual_i = InterlockedCompareExchange
+        ((wolfSSL_Atomic_Int *)c, (long)new_i, (long)*expected_i);
+    if (actual_i == (long)*expected_i) {
+        return 1;
+    }
+    else {
+        *expected_i = (unsigned int)actual_i;
+        return 0;
+    }
+}
+
 #endif
 
 #endif /* WOLFSSL_ATOMIC_OPS */
@@ -1395,7 +1606,8 @@ void wolfSSL_RefWithMutexDec(wolfSSL_RefWithMutex* ref, int* isZero, int* err)
 
 #if WOLFSSL_CRYPT_HW_MUTEX
 /* Mutex for protection of cryptography hardware */
-static wolfSSL_Mutex wcCryptHwMutex WOLFSSL_MUTEX_INITIALIZER_CLAUSE(wcCryptHwMutex);
+static wolfSSL_Mutex wcCryptHwMutex
+    WOLFSSL_MUTEX_INITIALIZER_CLAUSE(wcCryptHwMutex);
 #ifndef WOLFSSL_MUTEX_INITIALIZER
 static int wcCryptHwMutexInit = 0;
 #endif
@@ -1437,20 +1649,20 @@ int wolfSSL_CryptHwMutexUnLock(void)
 #if WOLFSSL_CRYPT_HW_MUTEX && defined(WOLFSSL_ALGO_HW_MUTEX)
 /* Mutex for protection of cryptography hardware */
 #ifndef NO_RNG_MUTEX
-static wolfSSL_Mutex wcCryptHwRngMutex \
-                        WOLFSSL_MUTEX_INITIALIZER_CLAUSE(wcCryptHwRngMutex);
+static wolfSSL_Mutex wcCryptHwRngMutex
+    WOLFSSL_MUTEX_INITIALIZER_CLAUSE(wcCryptHwRngMutex);
 #endif /* NO_RNG_MUTEX */
 #ifndef NO_AES_MUTEX
-static wolfSSL_Mutex wcCryptHwAesMutex \
-                        WOLFSSL_MUTEX_INITIALIZER_CLAUSE(wcCryptHwAesMutex);
+static wolfSSL_Mutex wcCryptHwAesMutex
+    WOLFSSL_MUTEX_INITIALIZER_CLAUSE(wcCryptHwAesMutex);
 #endif /* NO_AES_MUTEX */
 #ifndef NO_HASH_MUTEX
-static wolfSSL_Mutex wcCryptHwHashMutex \
-                        WOLFSSL_MUTEX_INITIALIZER_CLAUSE(wcCryptHwHashMutex);
+static wolfSSL_Mutex wcCryptHwHashMutex
+    WOLFSSL_MUTEX_INITIALIZER_CLAUSE(wcCryptHwHashMutex);
 #endif /* NO_HASH_MUTEX */
 #ifndef NO_PK_MUTEX
-static wolfSSL_Mutex wcCryptHwPkMutex \
-                        WOLFSSL_MUTEX_INITIALIZER_CLAUSE(wcCryptHwPkMutex);
+static wolfSSL_Mutex wcCryptHwPkMutex
+    WOLFSSL_MUTEX_INITIALIZER_CLAUSE(wcCryptHwPkMutex);
 #endif /* NO_PK_MUTEX */
 
 #ifndef WOLFSSL_MUTEX_INITIALIZER
@@ -2260,7 +2472,7 @@ int wolfSSL_HwPkMutexUnLock(void)
 
     int wc_InitMutex(wolfSSL_Mutex* m)
     {
-        if (tx_mutex_create(m, "wolfSSL Mutex", TX_NO_INHERIT) == 0)
+        if (tx_mutex_create(m, (CHAR*)"wolfSSL Mutex", TX_NO_INHERIT) == 0)
             return 0;
         else
             return BAD_MUTEX_E;
@@ -4628,13 +4840,13 @@ char* mystrnstr(const char* s1, const char* s2, unsigned int n)
 noinstr void my__alt_cb_patch_nops(struct alt_instr *alt, __le32 *origptr,
                                    __le32 *updptr, int nr_inst)
 {
-    return (wolfssl_linuxkm_get_pie_redirect_table()->
-            alt_cb_patch_nops)(alt, origptr, updptr, nr_inst);
+    return WC_LKM_INDIRECT_SYM(alt_cb_patch_nops)
+        (alt, origptr, updptr, nr_inst);
 }
 
 void my__queued_spin_lock_slowpath(struct qspinlock *lock, u32 val)
 {
-    return (wolfssl_linuxkm_get_pie_redirect_table()->
-            queued_spin_lock_slowpath)(lock, val);
+    return WC_LKM_INDIRECT_SYM(queued_spin_lock_slowpath)
+        (lock, val);
 }
 #endif
diff --git a/wolfcrypt/src/wolfmath.c b/wolfcrypt/src/wolfmath.c
index c29e2943b..480b78470 100644
--- a/wolfcrypt/src/wolfmath.c
+++ b/wolfcrypt/src/wolfmath.c
@@ -513,7 +513,8 @@ const char *wc_GetMathInfo(void)
     #endif
 
     /* ARM Assembly speedups */
-    #if defined(WOLFSSL_ARMASM) || defined(USE_INTEL_SPEEDUP)
+    #if defined(WOLFSSL_ARMASM) || defined(USE_INTEL_SPEEDUP) || \
+        defined(WOLFSSL_RISCV_ASM) || defined(WOLFSSL_PPC32_ASM)
         "\n\tAssembly Speedups:"
 
         #ifdef WOLFSSL_ARMASM
@@ -533,7 +534,7 @@ const char *wc_GetMathInfo(void)
             #ifdef WOLFSSL_ARM_ARCH
                 " ARM ARCH=" WC_STRINGIFY(WOLFSSL_ARM_ARCH)
             #endif
-        #endif
+        #endif /* WOLFSSL_ARMASM */
 
         #ifdef USE_INTEL_SPEEDUP
             " INTELASM"
@@ -542,6 +543,50 @@ const char *wc_GetMathInfo(void)
             #endif
         #endif
 
+        #ifdef WOLFSSL_RISCV_ASM
+            " RISCVASM"
+            #ifdef WOLFSSL_RISCV_BASE_BIT_MANIPULATION
+                " REV8"
+            #endif
+            #ifdef WOLFSSL_RISCV_CARRYLESS
+                " CLMUL CLMULH"
+            #endif
+            #ifdef WOLFSSL_RISCV_BIT_MANIPULATION
+                " PACK"
+            #endif
+            #ifdef WOLFSSL_RISCV_BIT_MANIPULATION_TERNARY
+                " FSL FSR FSRI CMOV CMIX"
+            #endif
+            #ifdef WOLFSSL_RISCV_VECTOR_BASE_BIT_MANIPULATION
+                " VBREV8"
+            #endif
+            #ifdef WOLFSSL_RISCV_VECTOR_CARRYLESS
+                " VCLMUL VCLMULH"
+            #endif
+            #ifdef WOLFSSL_RISCV_VECTOR_GCM
+                " VGMUL VHHSH"
+            #endif
+            #ifdef WOLFSSL_RISCV_VECTOR_CRYPTO_ASM
+                " Vector AES SHA-2"
+            #endif
+            #ifdef WOLFSSL_RISCV_SCALAR_CRYPTO_ASM
+                " AES encrypt/decrpyt SHA-2"
+            #endif
+        #endif /* WOLFSSL_RISCV_ASM */
+
+        #ifdef WOLFSSL_PPC32_ASM
+            " PPC32ASM"
+            #ifdef WOLFSSL_PPC32_ASM_INLINE
+                " INLINE"
+            #endif
+            #ifdef WOLFSSL_PPC32_ASM_SMALL
+                " SMALL"
+            #endif
+            #ifdef WOLFSSL_PPC32_ASM_SPE
+                " SPE"
+            #endif
+        #endif /* WOLFSSL_PPC32_ASM */
+
         #ifdef WOLFSSL_USE_ALIGN
             " ALIGN"
         #endif
diff --git a/wolfcrypt/test/test.c b/wolfcrypt/test/test.c
index a47809b16..273861b77 100644
--- a/wolfcrypt/test/test.c
+++ b/wolfcrypt/test/test.c
@@ -65,7 +65,8 @@
 #endif
 
 #if defined(WC_ECC_NONBLOCK) && defined(WOLFSSL_PUBLIC_MP) && \
-    defined(HAVE_ECC_SIGN) && defined(HAVE_ECC_VERIFY)
+    defined(HAVE_ECC_SIGN) && defined(HAVE_ECC_VERIFY) && \
+    !defined(NO_STDINT_H)
     #include <stdint.h>
 #endif
 
@@ -263,7 +264,7 @@ const byte const_byte_array[] = "A+Gd\0\0\0";
     #include <printx.h>
     #undef printf
     #define printf printx
-#elif defined(WOLFSSL_RENESAS_RSIP)
+#elif defined(WOLFSSL_RENESAS_RSIP) || defined(WOLFSSL_RENESAS_RZN2L)
     #ifndef TEST_SLEEP
         #define TEST_SLEEP() vTaskDelay(50)
     #endif
@@ -284,11 +285,11 @@ const byte const_byte_array[] = "A+Gd\0\0\0";
     #ifdef XMALLOC_USER
         #include <stdlib.h>  /* we're using malloc / free direct here */
     #endif
-    #if !defined(STRING_USER) && !defined(WOLFSSL_LINUXKM)
+    #if !defined(STRING_USER) && !defined(NO_STDIO_FILESYSTEM)
         #include <stdio.h>
     #endif
 
-    #if defined(WOLFSSL_LINUXKM) && !defined(WOLFSSL_LINUXKM_VERBOSE_DEBUG)
+    #if defined(WOLFSSL_KERNEL_MODE) && !defined(WOLFSSL_KERNEL_VERBOSE_DEBUG)
         #undef printf
         #define printf(...) ({})
     #endif
@@ -890,8 +891,8 @@ void wc_test_render_error_message(const char* msg, wc_test_ret_t es)
     (void)msg;
     (void)es;
 
-#ifdef WOLFSSL_LINUXKM
-    #define err_sys_printf lkm_printf
+#ifdef WOLFSSL_KERNEL_MODE
+    #define err_sys_printf wc_km_printf
 #else
     #define err_sys_printf printf
 #endif
@@ -972,7 +973,7 @@ static wc_test_ret_t err_sys(const char* msg, wc_test_ret_t es)
 {
     wc_test_render_error_message(msg, es);
     print_fiducials();
-#ifdef WOLFSSL_LINUXKM
+#ifdef WOLFSSL_KERNEL_MODE
     EXIT_TEST(es);
 #else
     EXIT_TEST(-1);
@@ -988,7 +989,10 @@ typedef struct func_args {
 } func_args;
 #endif /* !HAVE_WOLFCRYPT_TEST_OPTIONS */
 
-#if defined(HAVE_FIPS) && !defined(WOLFSSL_LINUXKM)
+/* Kernel modules implement and install their own FIPS callback with similar
+ * functionality.
+ */
+#if defined(HAVE_FIPS) && !defined(WOLFSSL_KERNEL_MODE)
 static void myFipsCb(int ok, int err, const char* hash)
 {
     printf("in my Fips callback, ok = %d, err = %d\n", ok, err);
@@ -1000,7 +1004,7 @@ static void myFipsCb(int ok, int err, const char* hash)
         printf("into verifyCore[] in fips_test.c and rebuild\n");
     }
 }
-#endif /* HAVE_FIPS && !WOLFSSL_LINUXKM */
+#endif /* HAVE_FIPS && !WOLFSSL_KERNEL_MODE */
 
 #if defined(HAVE_FIPS) && FIPS_VERSION3_LT(6,0,0) && !defined(WC_NO_CONSTRUCTORS)
 
@@ -1531,7 +1535,7 @@ wc_test_ret_t wolfcrypt_test(void* args)
 #endif
 
 #ifdef WC_RNG_SEED_CB
-        wc_SetSeed_Cb(wc_GenerateSeed);
+        wc_SetSeed_Cb(WC_GENERATE_SEED_DEFAULT);
 #endif
 
     printf("------------------------------------------------------------------------------\n");
@@ -1601,7 +1605,7 @@ options: [-s max_relative_stack_bytes] [-m max_relative_heap_memory_bytes]\n\
     wc_SetLoggingHeap(HEAP_HINT);
 #endif
 
-#if defined(HAVE_FIPS) && !defined(WOLFSSL_LINUXKM)
+#if defined(HAVE_FIPS) && !defined(WOLFSSL_KERNEL_MODE)
     wolfCrypt_SetCb_fips(myFipsCb);
     #if FIPS_VERSION3_GE(6,0,0)
         printf("FIPS module version in use: %s\n",
@@ -1706,13 +1710,6 @@ options: [-s max_relative_stack_bytes] [-m max_relative_heap_memory_bytes]\n\
         TEST_PASS("asn      test passed!\n");
 #endif
 
-#ifndef WC_NO_RNG
-    if ( (ret = random_test()) != 0)
-        TEST_FAIL("RANDOM   test failed!\n", ret);
-    else
-        TEST_PASS("RANDOM   test passed!\n");
-#endif /* WC_NO_RNG */
-
 #ifndef NO_MD5
     if ( (ret = md5_test()) != 0)
         TEST_FAIL("MD5      test failed!\n", ret);
@@ -1797,6 +1794,13 @@ options: [-s max_relative_stack_bytes] [-m max_relative_heap_memory_bytes]\n\
         TEST_PASS("SHA-3    test passed!\n");
 #endif
 
+#ifndef WC_NO_RNG
+    if ((ret = random_test()) != 0)
+        TEST_FAIL("RANDOM   test failed!\n", ret);
+    else
+        TEST_PASS("RANDOM   test passed!\n");
+#endif /* WC_NO_RNG */
+
 #ifdef WOLFSSL_SHAKE128
     if ( (ret = shake128_test()) != 0)
         TEST_FAIL("SHAKE128 test failed!\n", ret);
@@ -2568,6 +2572,9 @@ options: [-s max_relative_stack_bytes] [-m max_relative_heap_memory_bytes]\n\
 #ifdef HAVE_CAVIUM_OCTEON_SYNC
     wc_CryptoCb_CleanupOcteon(&devId);
 #endif
+#ifdef HAVE_RENESAS_SYNC
+    wc_CryptoCb_CleanupRenesasCmn(&devId);
+#endif
 #endif
 
 #ifdef WOLFSSL_ASYNC_CRYPT
@@ -2967,6 +2974,11 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t base64_test(void)
         "abcdefghijklmnopqrstuvwxyz"
         "0123456789+/;";
     static const byte charTest[] = "A+Gd\0\0\0";
+    static const byte oneByteTest[] = "YQ==";
+    static const byte twoByteTest[] = "YWE=";
+    static const byte threeByteTest[] = "YWFh";
+    static const byte fourByteTest[] = "YWFhYQ==";
+    static const byte byteTestOutput[] = "aaaa";
     int        i;
     WOLFSSL_ENTER("base64_test");
 
@@ -2994,7 +3006,7 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t base64_test(void)
     /* Bad parameters. */
     outLen = 1;
     ret = Base64_Decode(good, sizeof(good), out, &outLen);
-    if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG))
+    if (ret != WC_NO_ERR_TRACE(BUFFER_E))
         return WC_TEST_RET_ENC_EC(ret);
 
     outLen = sizeof(out);
@@ -3043,6 +3055,48 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t base64_test(void)
             return WC_TEST_RET_ENC_I(i);
     }
 
+    /* overrun/right-sized tests */
+#define N_BYTE_TEST(f, n, t) do {                               \
+    outLen = (n) - 1;                                           \
+    ret = (f)(t, sizeof(t), out, &outLen);                      \
+    if (ret != WC_NO_ERR_TRACE(BUFFER_E))                       \
+        return WC_TEST_RET_ENC_EC(ret);                         \
+    outLen = (n);                                               \
+    ret = (f)(t, sizeof(t), out, &outLen);                      \
+    if (ret != 0)                                               \
+        return WC_TEST_RET_ENC_EC(ret);                         \
+    if (outLen != (n))                                          \
+        return WC_TEST_RET_ENC_I(outLen);                       \
+    ret = XMEMCMP(out, byteTestOutput, (n));                    \
+    if (ret != 0)                                               \
+        return WC_TEST_RET_ENC_I(ret);                          \
+    ret = (f)(t, sizeof(t) - 1, out, &outLen);                  \
+    if (ret != 0)                                               \
+        return WC_TEST_RET_ENC_EC(ret);                         \
+    if (outLen != (n))                                          \
+        return WC_TEST_RET_ENC_I(outLen);                       \
+    ret = XMEMCMP(out, byteTestOutput, (n));                    \
+    if (ret != 0)                                               \
+        return WC_TEST_RET_ENC_I(ret);                          \
+    outLen = (n) + 1;                                           \
+    out[n] = 1;                                                 \
+    ret = (f)(t, sizeof(t), out, &outLen);                      \
+    if (ret != 0)                                               \
+        return WC_TEST_RET_ENC_EC(ret);                         \
+    if (outLen != (n))                                          \
+        return WC_TEST_RET_ENC_I(outLen);                       \
+    ret = XMEMCMP(out, byteTestOutput, (n));                    \
+    if (ret != 0)                                               \
+        return WC_TEST_RET_ENC_I(ret);                          \
+    if (out[n] != 0)                                            \
+        return WC_TEST_RET_ENC_NC;                              \
+    } while (0)
+
+    N_BYTE_TEST(Base64_Decode, 1, oneByteTest);
+    N_BYTE_TEST(Base64_Decode, 2, twoByteTest);
+    N_BYTE_TEST(Base64_Decode, 3, threeByteTest);
+    N_BYTE_TEST(Base64_Decode, 4, fourByteTest);
+
     /* Same tests again, using Base64_Decode_nonCT() */
 
     /* Good Base64 encodings. */
@@ -3069,7 +3123,7 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t base64_test(void)
     /* Bad parameters. */
     outLen = 1;
     ret = Base64_Decode_nonCT(good, sizeof(good), out, &outLen);
-    if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG))
+    if (ret != WC_NO_ERR_TRACE(BUFFER_E))
         return WC_TEST_RET_ENC_EC(ret);
 
     outLen = sizeof(out);
@@ -3118,6 +3172,10 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t base64_test(void)
             return WC_TEST_RET_ENC_I(i);
     }
 
+    N_BYTE_TEST(Base64_Decode_nonCT, 1, oneByteTest);
+    N_BYTE_TEST(Base64_Decode_nonCT, 2, twoByteTest);
+    N_BYTE_TEST(Base64_Decode_nonCT, 3, threeByteTest);
+    N_BYTE_TEST(Base64_Decode_nonCT, 4, fourByteTest);
 
 #ifdef WOLFSSL_BASE64_ENCODE
     /* Decode and encode all symbols - non-alphanumeric. */
@@ -13171,7 +13229,7 @@ static wc_test_ret_t aes_xts_sector_test(void)
         0x24, 0xe7, 0x3d, 0x6f
     };
 
-    word64 s3 = 0x000000ffffffffff;
+    word64 s3 = W64LIT(0x000000ffffffffff);
 #endif
 
 #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC)
@@ -14328,7 +14386,7 @@ static wc_test_ret_t aes_direct_test(Aes* enc, Aes* dec, byte* cipher, byte* pla
         if (ret != 0)
             ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
 #if !defined(HAVE_SELFTEST) && \
-    (defined(WOLFSSL_LINUXKM) || \
+    (defined(WOLFSSL_KERNEL_MODE) || \
      !defined(HAVE_FIPS) || \
      (defined(FIPS_VERSION_GE) && FIPS_VERSION_GE(5,3)))
         ret = wc_AesEncryptDirect(enc, cipher, niPlain);
@@ -14346,7 +14404,7 @@ static wc_test_ret_t aes_direct_test(Aes* enc, Aes* dec, byte* cipher, byte* pla
         if (ret != 0)
             ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
 #if !defined(HAVE_SELFTEST) && \
-    (defined(WOLFSSL_LINUXKM) || \
+    (defined(WOLFSSL_KERNEL_MODE) || \
      !defined(HAVE_FIPS) || \
      (defined(FIPS_VERSION_GE) && FIPS_VERSION_GE(5,3)))
         ret = wc_AesDecryptDirect(dec, plain, niCipher);
@@ -16694,10 +16752,12 @@ static wc_test_ret_t aesccm_128_test(void)
         ERROR_OUT(WC_TEST_RET_ENC_NC, out);
 
     /* Clear c2 to compare against p2. p2 should be set to zero in case of
-     * authentication fail. */
+     * authentication fail. With ACVP_VECTOR_TESTING, this is not cleared */
+#ifndef ACVP_VECTOR_TESTING
     XMEMSET(c2, 0, sizeof(c2));
     if (XMEMCMP(p2, c2, sizeof(p2)))
         ERROR_OUT(WC_TEST_RET_ENC_NC, out);
+#endif
 #endif
 
     XMEMSET(t2, 0, sizeof(t2));
@@ -18352,7 +18412,8 @@ static wc_test_ret_t random_rng_test(void)
 
 #if defined(HAVE_HASHDRBG) && !defined(CUSTOM_RAND_GENERATE_BLOCK)
 
-#ifdef WC_RNG_SEED_CB
+#if defined(WC_RNG_SEED_CB) && \
+    !(defined(ENTROPY_SCALE_FACTOR) || defined(SEED_BLOCK_SZ))
 static int seed_cb(OS_Seed* os, byte* output, word32 sz)
 {
     word32 i;
@@ -18365,16 +18426,85 @@ static int seed_cb(OS_Seed* os, byte* output, word32 sz)
 
 static wc_test_ret_t rng_seed_test(void)
 {
-#ifndef HAVE_FIPS
+    /* The expected PRNG block depends on ENTROPY_SCALE_FACTOR and
+     * SEED_BLOCK_SZ, which depend on which seed back end is configured.
+     */
+#if defined(HAVE_ENTROPY_MEMUSE) && defined(HAVE_AMD_RDSEED) && \
+    !(defined(HAVE_FIPS) && FIPS_VERSION_LT(6,0))
+    #ifdef HAVE_FIPS
     WOLFSSL_SMALL_STACK_STATIC const byte check[] =
     {
-        0x83, 0x46, 0x65, 0x2f, 0x5c, 0x44, 0x16, 0x5f,
-        0xb3, 0x89, 0x26, 0xde, 0x0b, 0x6b, 0xa2, 0x06,
-        0x7e, 0xa7, 0x9a, 0x55, 0x22, 0x01, 0xb0, 0x22,
-        0xf4, 0x7e, 0xa2, 0x66, 0xc4, 0x08, 0x6f, 0xba
+        0x35, 0x1e, 0xf9, 0xe8, 0x6b, 0x19, 0xe0, 0xe5,
+        0x32, 0xb3, 0x41, 0xe5, 0xc1, 0x35, 0x18, 0x35,
+        0x84, 0x2a, 0x3f, 0x84, 0x16, 0xc4, 0xf3, 0x50,
+        0xdd, 0x4b, 0xeb, 0xe4, 0xcd, 0xbe, 0x94, 0x84
     };
-#else
-    /* FIPS uses a longer seed, so different check value. */
+    #else
+    WOLFSSL_SMALL_STACK_STATIC const byte check[] =
+    {
+        0xb8, 0x3e, 0x23, 0xad, 0x34, 0xb6, 0x1e, 0xc7,
+        0x0f, 0xa6, 0x4a, 0x45, 0x12, 0x66, 0xfd, 0x4d,
+        0x97, 0xb2, 0x3d, 0xb3, 0xda, 0xcc, 0xed, 0x50,
+        0x2e, 0xe0, 0x51, 0x38, 0x1d, 0x0f, 0x81, 0x35
+    };
+    #endif
+#elif defined(HAVE_ENTROPY_MEMUSE) && \
+    (defined(HAVE_INTEL_RDSEED) || defined(HAVE_INTEL_RDRAND))
+    #ifdef HAVE_FIPS
+    WOLFSSL_SMALL_STACK_STATIC const byte check[] =
+    {
+        0xba, 0xc3, 0x2f, 0xcf, 0xd2, 0x0e, 0xe1, 0x16,
+        0x45, 0xdc, 0xc2, 0x87, 0x0d, 0x70, 0xde, 0x5e,
+        0x2e, 0x2f, 0x0c, 0x7a, 0x1d, 0x04, 0x89, 0x0d,
+        0x0b, 0x9a, 0x51, 0x00, 0x4f, 0x7e, 0xce, 0xd6
+    };
+    #else
+    WOLFSSL_SMALL_STACK_STATIC const byte check[] =
+    {
+        0xa6, 0xfa, 0x3e, 0xb7, 0x66, 0x85, 0x96, 0x79,
+        0xef, 0x91, 0x26, 0xa1, 0xe8, 0x71, 0xa7, 0x13,
+        0x03, 0xea, 0xe5, 0x7b, 0x36, 0x52, 0x02, 0x39,
+        0x83, 0xbf, 0x41, 0xd1, 0x3e, 0x8f, 0xc0, 0x45
+    };
+    #endif
+#elif defined(HAVE_AMD_RDSEED) && \
+    !(defined(HAVE_FIPS) && FIPS_VERSION_LT(6,0))
+    WOLFSSL_SMALL_STACK_STATIC const byte check[] =
+    {
+        0x2c, 0xd4, 0x9b, 0x1e, 0x1e, 0xe7, 0xb0, 0xb0,
+        0xf9, 0xa0, 0xa9, 0xd5, 0x8d, 0xf9, 0x6d, 0x10,
+        0xf4, 0x77, 0xaf, 0xac, 0x3d, 0x2f, 0x6b, 0x1f,
+        0xa2, 0xe7, 0xe5, 0x90, 0x6d, 0x1f, 0x88, 0x98
+    };
+#elif (defined(HAVE_INTEL_RDSEED) || defined(HAVE_INTEL_RDRAND)) && \
+    !(defined(HAVE_FIPS) && FIPS_VERSION_LT(6,0))
+    #ifdef HAVE_FIPS
+    WOLFSSL_SMALL_STACK_STATIC const byte check[] =
+    {
+        0x27, 0xdd, 0xff, 0x5b, 0x21, 0x26, 0x0a, 0x48,
+        0xb3, 0x6b, 0xd8, 0x14, 0x00, 0x55, 0xe8, 0x39,
+        0x6d, 0x31, 0xf3, 0x6e, 0xe7, 0xbf, 0xce, 0x08,
+        0x1f, 0x61, 0x73, 0xe6, 0x3c, 0xb9, 0x12, 0xea
+    };
+    #else
+    WOLFSSL_SMALL_STACK_STATIC const byte check[] =
+    {
+        0x3b, 0x9d, 0x0d, 0xc8, 0x0e, 0xb4, 0x33, 0x0b,
+        0x50, 0x5f, 0x3a, 0xee, 0xc8, 0x68, 0x8d, 0x9f,
+        0xdf, 0x39, 0x06, 0x78, 0xf8, 0x6a, 0xd6, 0xc6,
+        0xd7, 0x63, 0x57, 0xe8, 0x6d, 0xf7, 0xc8, 0x6b
+    };
+    #endif
+#elif defined(HAVE_INTEL_RDSEED) && \
+    defined(HAVE_FIPS) && FIPS_VERSION_LT(6,0)
+    WOLFSSL_SMALL_STACK_STATIC const byte check[] =
+    {
+        0x27, 0xdd, 0xff, 0x5b, 0x21, 0x26, 0x0a, 0x48,
+        0xb3, 0x6b, 0xd8, 0x14, 0x00, 0x55, 0xe8, 0x39,
+        0x6d, 0x31, 0xf3, 0x6e, 0xe7, 0xbf, 0xce, 0x08,
+        0x1f, 0x61, 0x73, 0xe6, 0x3c, 0xb9, 0x12, 0xea
+    };
+#elif defined(HAVE_FIPS)
     WOLFSSL_SMALL_STACK_STATIC const byte check[] =
     {
         0xaf, 0x31, 0xcc, 0xef, 0xa9, 0x29, 0x4c, 0x24,
@@ -18382,6 +18512,14 @@ static wc_test_ret_t rng_seed_test(void)
         0x1e, 0xd4, 0x52, 0x3b, 0x9a, 0x96, 0x06, 0x20,
         0xc0, 0x5f, 0x44, 0x06, 0x1f, 0x80, 0xdf, 0xe0
     };
+#else
+    WOLFSSL_SMALL_STACK_STATIC const byte check[] =
+    {
+        0x83, 0x46, 0x65, 0x2f, 0x5c, 0x44, 0x16, 0x5f,
+        0xb3, 0x89, 0x26, 0xde, 0x0b, 0x6b, 0xa2, 0x06,
+        0x7e, 0xa7, 0x9a, 0x55, 0x22, 0x01, 0xb0, 0x22,
+        0xf4, 0x7e, 0xa2, 0x66, 0xc4, 0x08, 0x6f, 0xba
+    };
 #endif
     byte output[WC_SHA256_DIGEST_SIZE];
     WC_RNG rng;
@@ -18407,7 +18545,7 @@ static wc_test_ret_t rng_seed_test(void)
     if (ret != 0) {
         ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
     }
-    ret = wc_SetSeed_Cb(wc_GenerateSeed);
+    ret = wc_SetSeed_Cb(WC_GENERATE_SEED_DEFAULT);
     if (ret != 0) {
         ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
     }
@@ -18415,7 +18553,7 @@ static wc_test_ret_t rng_seed_test(void)
 out:
     return ret;
 }
-#endif
+#endif /* WC_RNG_SEED_CB) && !(ENTROPY_SCALE_FACTOR || SEED_BLOCK_SZ) */
 
 
 WOLFSSL_TEST_SUBROUTINE wc_test_ret_t random_test(void)
@@ -18526,7 +18664,8 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t random_test(void)
 #endif
 
     /* Test the seed callback. */
-#ifdef WC_RNG_SEED_CB
+#if defined(WC_RNG_SEED_CB) && \
+    !(defined(ENTROPY_SCALE_FACTOR) || defined(SEED_BLOCK_SZ))
     if ((ret = rng_seed_test()) != 0)
         return ret;
 #endif
@@ -18596,7 +18735,7 @@ static wc_test_ret_t const_byte_ptr_test(const byte* in, word32 *outJ)
     j = *outJ; /* Found index to use in const array. */
 
     if (j == 0) {
-#ifdef WOLFSSL_DEBUG
+#ifdef DEBUG_WOLFSSL
         printf("Testing const byte ptr reference...\n");
 #endif
         /* although j is zero, in[0] does not detect the Illegal instruction */
@@ -18771,6 +18910,91 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t memory_test(void)
         if (const_byte_ptr_test(const_byte_array, &j) != CBPTR_EXPECTED) {
             ret = 1;
         }
+        if (ret != 0)
+            return WC_TEST_RET_ENC_NC;
+    }
+
+    {
+
+#ifdef WOLFSSL_NO_ATOMICS
+        int a_int = WOLFSSL_ATOMIC_INITIALIZER(-2);
+        unsigned int a_uint = WOLFSSL_ATOMIC_INITIALIZER(2);
+#else
+        wolfSSL_Atomic_Int a_int = WOLFSSL_ATOMIC_INITIALIZER(-2);
+        wolfSSL_Atomic_Uint a_uint = WOLFSSL_ATOMIC_INITIALIZER(2);
+#endif
+        int int_expected;
+        unsigned int uint_expected;
+
+        if (WOLFSSL_ATOMIC_LOAD(a_int) != -2)
+            return WC_TEST_RET_ENC_NC;
+        if (WOLFSSL_ATOMIC_LOAD(a_uint) != 2)
+            return WC_TEST_RET_ENC_NC;
+        wolfSSL_Atomic_Int_Init(&a_int, -3);
+        if (WOLFSSL_ATOMIC_LOAD(a_int) != -3)
+            return WC_TEST_RET_ENC_NC;
+        wolfSSL_Atomic_Uint_Init(&a_uint, 3);
+        if (WOLFSSL_ATOMIC_LOAD(a_uint) != 3)
+            return WC_TEST_RET_ENC_NC;
+        WOLFSSL_ATOMIC_STORE(a_int, -4);
+        if (WOLFSSL_ATOMIC_LOAD(a_int) != -4)
+            return WC_TEST_RET_ENC_NC;
+        WOLFSSL_ATOMIC_STORE(a_uint, 4);
+        if (WOLFSSL_ATOMIC_LOAD(a_uint) != 4)
+            return WC_TEST_RET_ENC_NC;
+
+        if (wolfSSL_Atomic_Int_FetchAdd(&a_int, 2) != -4)
+            return WC_TEST_RET_ENC_NC;
+        if (WOLFSSL_ATOMIC_LOAD(a_int) != -2)
+            return WC_TEST_RET_ENC_NC;
+        if (wolfSSL_Atomic_Uint_FetchAdd(&a_uint, 2) != 4)
+            return WC_TEST_RET_ENC_NC;
+        if (WOLFSSL_ATOMIC_LOAD(a_uint) != 6)
+            return WC_TEST_RET_ENC_NC;
+        if (wolfSSL_Atomic_Int_FetchSub(&a_int, 2) != -2)
+            return WC_TEST_RET_ENC_NC;
+        if (WOLFSSL_ATOMIC_LOAD(a_int) != -4)
+            return WC_TEST_RET_ENC_NC;
+        if (wolfSSL_Atomic_Uint_FetchSub(&a_uint, 2) != 6)
+            return WC_TEST_RET_ENC_NC;
+        if (WOLFSSL_ATOMIC_LOAD(a_uint) != 4)
+            return WC_TEST_RET_ENC_NC;
+
+        if (wolfSSL_Atomic_Int_AddFetch(&a_int, 2) != -2)
+            return WC_TEST_RET_ENC_NC;
+        if (WOLFSSL_ATOMIC_LOAD(a_int) != -2)
+            return WC_TEST_RET_ENC_NC;
+        if (wolfSSL_Atomic_Uint_AddFetch(&a_uint, 2) != 6)
+            return WC_TEST_RET_ENC_NC;
+        if (WOLFSSL_ATOMIC_LOAD(a_uint) != 6)
+            return WC_TEST_RET_ENC_NC;
+        if (wolfSSL_Atomic_Int_SubFetch(&a_int, 2) != -4)
+            return WC_TEST_RET_ENC_NC;
+        if (WOLFSSL_ATOMIC_LOAD(a_int) != -4)
+            return WC_TEST_RET_ENC_NC;
+        if (wolfSSL_Atomic_Uint_SubFetch(&a_uint, 2) != 4)
+            return WC_TEST_RET_ENC_NC;
+        if (WOLFSSL_ATOMIC_LOAD(a_uint) != 4)
+            return WC_TEST_RET_ENC_NC;
+
+        int_expected = -5;
+        if (wolfSSL_Atomic_Int_CompareExchange(&a_int, &int_expected, -7))
+            return WC_TEST_RET_ENC_NC;
+        if (int_expected != -4)
+            return WC_TEST_RET_ENC_NC;
+        if (! wolfSSL_Atomic_Int_CompareExchange(&a_int, &int_expected, -7))
+            return WC_TEST_RET_ENC_NC;
+        if (WOLFSSL_ATOMIC_LOAD(a_int) != -7)
+            return WC_TEST_RET_ENC_NC;
+        uint_expected = 5;
+        if (wolfSSL_Atomic_Uint_CompareExchange(&a_uint, &uint_expected, 7))
+            return WC_TEST_RET_ENC_NC;
+        if (uint_expected != 4)
+            return WC_TEST_RET_ENC_NC;
+        if (! wolfSSL_Atomic_Uint_CompareExchange(&a_uint, &uint_expected, 7))
+            return WC_TEST_RET_ENC_NC;
+        if (WOLFSSL_ATOMIC_LOAD(a_uint) != 7)
+            return WC_TEST_RET_ENC_NC;
     }
 
     return ret;
@@ -18967,7 +19191,7 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t memory_test(void)
 #endif /* !NO_RSA */
 
 #if !defined(NO_RSA) || !defined(NO_DSA)
-    #ifdef WOLFSSL_KEY_GEN
+    #if defined(WOLFSSL_KEY_GEN) && !defined(WOLFSSL_RSA_PUBLIC_ONLY)
         static const char* keyDerFile = CERT_WRITE_TEMP_DIR "key.der";
         static const char* keyPemFile = CERT_WRITE_TEMP_DIR "key.pem";
     #endif
@@ -21707,7 +21931,7 @@ exit_rsa:
 }
 #endif /* !NO_RSA && HAVE_ECC && WOLFSSL_CERT_GEN */
 
-#ifdef WOLFSSL_KEY_GEN
+#if defined(WOLFSSL_KEY_GEN) && !defined(WOLFSSL_RSA_PUBLIC_ONLY)
 static wc_test_ret_t rsa_keygen_test(WC_RNG* rng)
 {
 #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC)
@@ -22641,7 +22865,7 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t rsa_test(void)
         ERROR_OUT(WC_TEST_RET_ENC_EC(ret), exit_rsa);
 #endif /* WOLFSSL_CERT_EXT */
 
-#ifdef WOLFSSL_KEY_GEN
+#if defined(WOLFSSL_KEY_GEN) && !defined(WOLFSSL_RSA_PUBLIC_ONLY)
     ret = rsa_keygen_test(&rng);
     if (ret != 0)
         goto exit_rsa;
@@ -23390,7 +23614,15 @@ static wc_test_ret_t dh_ffdhe_test(WC_RNG *rng, int name)
         ERROR_OUT(WC_TEST_RET_ENC_NC, done);
     }
 
-#if defined(WOLFSSL_DH_GEN_PUB) && defined(WOLFSSL_DH_EXTRA)
+    /* wc_DhGeneratePublic_fips() was added in 5.2.3, but some customers are
+     * building with configure scripts that set version to 5.2.1, but with 5.2.3
+     * wolfCrypt sources.
+     */
+#if !(defined(HAVE_SELFTEST) || \
+      (defined(HAVE_FIPS) && FIPS_VERSION3_LT(5,2,3)) || \
+      FIPS_VERSION3_EQ(6,0,0) || \
+      defined(NO_WC_DHGENERATEPUBLIC))
+
     /* additional test for wc_DhGeneratePublic:
      *   1. reset key2.
      *   2. using priv from dh key 1, generate pub2 with
@@ -23422,7 +23654,7 @@ static wc_test_ret_t dh_ffdhe_test(WC_RNG *rng, int name)
     if (pubSz != pubSz2 || XMEMCMP(pub, pub2, pubSz)) {
         ERROR_OUT(WC_TEST_RET_ENC_NC, done);
     }
-#endif /* WOLFSSL_DH_GEN_PUB && WOLFSSL_DH_EXTRA */
+#endif /* !(HAVE_SELFTEST || FIPS <5.2.3 || FIPS == 6.0.0 || NO_WC_DHGENERATEPUBLIC */
 
 #if (defined(WOLFSSL_HAVE_SP_DH) || defined(USE_FAST_MATH)) && \
     !defined(HAVE_INTEL_QA)
@@ -27269,7 +27501,7 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t scrypt_test(void)
         0x83, 0x60, 0xcb, 0xdf, 0xa2, 0xcc, 0x06, 0x40
     };
 #endif
-#if !defined(BENCH_EMBEDDED) && !defined(WOLFSSL_LINUXKM) && !defined(HAVE_INTEL_QA)
+#if !defined(BENCH_EMBEDDED) && !defined(WOLFSSL_KERNEL_MODE) && !defined(HAVE_INTEL_QA)
     WOLFSSL_SMALL_STACK_STATIC const byte verify3[] = {
         0x70, 0x23, 0xbd, 0xcb, 0x3a, 0xfd, 0x73, 0x48,
         0x46, 0x1c, 0x06, 0xcd, 0x81, 0xfd, 0x38, 0xeb,
@@ -27320,7 +27552,7 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t scrypt_test(void)
         return WC_TEST_RET_ENC_EC(ret);
 
     /* Don't run these test on embedded, since they use large mallocs */
-#if !defined(BENCH_EMBEDDED) && !defined(WOLFSSL_LINUXKM) && !defined(HAVE_INTEL_QA)
+#if !defined(BENCH_EMBEDDED) && !defined(WOLFSSL_KERNEL_MODE) && !defined(HAVE_INTEL_QA)
     ret = wc_scrypt(derived, (byte*)"pleaseletmein", 13,
                     (byte*)"SodiumChloride", 14, 14, 8, 1, sizeof(verify3));
     if (ret != 0)
@@ -27335,12 +27567,17 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t scrypt_test(void)
         return WC_TEST_RET_ENC_EC(ret);
     if (XMEMCMP(derived, verify4, sizeof(verify4)) != 0)
         return WC_TEST_RET_ENC_NC;
+
+    ret = wc_scrypt(derived,(byte*)"pleaseletmein", 13,
+                    (byte*)"SodiumChloride", 14, 22, 8, 1, sizeof(derived));
+    if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG))
+        return WC_TEST_RET_ENC_EC(ret);
 #endif
 #else
 #ifdef SCRYPT_TEST_ALL
     (void)verify4;
 #endif
-#endif /* !BENCH_EMBEDDED && !defined(WOLFSSL_LINUXKM) && !HAVE_INTEL_QA */
+#endif /* !BENCH_EMBEDDED && !defined(WOLFSSL_KERNEL_MODE) && !HAVE_INTEL_QA */
 
 #if !defined(BENCH_EMBEDDED)
     ret = wc_scrypt_ex(derived, (byte*)"password", 8, (byte*)"NaCl", 4, 1<<10,
@@ -27672,8 +27909,13 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t hkdf_test(void)
     L = (int)sizeof(okm1);
 
 #ifndef NO_SHA
+#if !defined(HAVE_SELFTEST) && (!defined(HAVE_FIPS) || FIPS_VERSION_GE(7,0))
+    ret = wc_HKDF_ex(WC_SHA, ikm1, (word32)sizeof(ikm1), NULL, 0, NULL, 0,
+                     okm1, (word32)L, HEAP_HINT, devId);
+#else
     ret = wc_HKDF(WC_SHA, ikm1, (word32)sizeof(ikm1), NULL, 0, NULL, 0,
-        okm1, (word32)L);
+                  okm1, (word32)L);
+#endif
     if (ret != 0)
         return WC_TEST_RET_ENC_EC(ret);
 
@@ -27683,8 +27925,13 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t hkdf_test(void)
 #ifndef HAVE_FIPS
     /* fips can't have key size under 14 bytes, salt is key too */
     L = (int)sizeof(okm1);
-    ret = wc_HKDF(WC_SHA, ikm1, 11, salt1, (word32)sizeof(salt1),
-        info1, (word32)sizeof(info1), okm1, (word32)L);
+#if !defined(HAVE_SELFTEST) && (!defined(HAVE_FIPS) || FIPS_VERSION_GE(7,0))
+    ret = wc_HKDF_ex(WC_SHA, ikm1, 11, salt1, (word32)sizeof(salt1), info1,
+                     (word32)sizeof(info1), okm1, (word32)L, HEAP_HINT, devId);
+#else
+    ret = wc_HKDF(WC_SHA, ikm1, 11, salt1, (word32)sizeof(salt1), info1,
+                  (word32)sizeof(info1), okm1, (word32)L);
+#endif
     if (ret != 0)
         return WC_TEST_RET_ENC_EC(ret);
 
@@ -27694,8 +27941,13 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t hkdf_test(void)
 #endif /* !NO_SHA */
 
 #ifndef NO_SHA256
+#if !defined(HAVE_SELFTEST) && (!defined(HAVE_FIPS) || FIPS_VERSION_GE(7,0))
+    ret = wc_HKDF_ex(WC_SHA256, ikm1, (word32)sizeof(ikm1), NULL, 0, NULL, 0,
+        okm1, (word32)L, HEAP_HINT, devId);
+#else
     ret = wc_HKDF(WC_SHA256, ikm1, (word32)sizeof(ikm1), NULL, 0, NULL, 0,
-        okm1, (word32)L);
+                     okm1, (word32)L);
+#endif
     if (ret != 0)
         return WC_TEST_RET_ENC_EC(ret);
 
@@ -27704,8 +27956,15 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t hkdf_test(void)
 
 #ifndef HAVE_FIPS
     /* fips can't have key size under 14 bytes, salt is key too */
-    ret = wc_HKDF(WC_SHA256, ikm1, (word32)sizeof(ikm1),
-        salt1, (word32)sizeof(salt1), info1, (word32)sizeof(info1), okm1, (word32)L);
+#if !defined(HAVE_SELFTEST)
+    ret = wc_HKDF_ex(WC_SHA256, ikm1, (word32)sizeof(ikm1),
+        salt1, (word32)sizeof(salt1), info1, (word32)sizeof(info1), okm1,
+        (word32)L, HEAP_HINT, devId);
+#else
+    ret = wc_HKDF(WC_SHA256, ikm1, (word32)sizeof(ikm1), salt1,
+                  (word32)sizeof(salt1), info1, (word32)sizeof(info1), okm1,
+                  (word32)L);
+#endif
     if (ret != 0)
         return WC_TEST_RET_ENC_EC(ret);
 
@@ -31105,6 +31364,7 @@ done:
 #else
     wc_ecc_free(key);
 #endif
+    (void)tmpSz;
 
     return ret;
 }
@@ -43480,6 +43740,9 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t mlkem_test(void)
 #endif
 #endif
 #endif
+#endif
+#ifdef WOLFSSL_WC_MLKEM
+    MlKemKey *tmpKey = NULL;
 #endif
     int key_inited = 0;
     static const int testData[][4] = {
@@ -43628,6 +43891,15 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t mlkem_test(void)
 
         if (XMEMCMP(priv, priv2, testData[i][2]) != 0)
             ERROR_OUT(WC_TEST_RET_ENC_I(i), out);
+
+#ifdef WOLFSSL_WC_MLKEM
+        tmpKey = wc_MlKemKey_New(testData[i][0], HEAP_HINT, INVALID_DEVID);
+        if (tmpKey == NULL)
+            ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
+        ret = wc_MlKemKey_Delete(tmpKey, &tmpKey);
+        if (ret != 0)
+            ERROR_OUT(WC_TEST_RET_ENC_I(i), out);
+#endif
 #endif
     }
 
@@ -46865,6 +47137,7 @@ static wc_test_ret_t dilithium_param_test(int param, WC_RNG* rng)
 #ifndef WOLFSSL_DILITHIUM_NO_VERIFY
     int res = 0;
 #endif
+    dilithium_key* tmpKey = NULL;
 #endif
 
 #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC)
@@ -46910,6 +47183,14 @@ static wc_test_ret_t dilithium_param_test(int param, WC_RNG* rng)
 #endif
 #endif
 
+    tmpKey = wc_dilithium_new(HEAP_HINT, INVALID_DEVID);
+    if (tmpKey == NULL)
+        ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
+
+    ret = wc_dilithium_delete(tmpKey, &tmpKey);
+    if (ret != 0)
+        ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
+
 out:
     wc_dilithium_free(key);
 #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC)
@@ -46932,7 +47213,7 @@ static wc_test_ret_t test_dilithium_decode_level(const byte* rawKey,
                                                  int         isPublicOnlyKey)
 {
     int           ret = 0;
-#ifndef WOLFSSL_DILITHIUM_NO_ASN1
+#if !defined(WOLFSSL_DILITHIUM_NO_ASN1) && defined(WOLFSSL_ASN_TEMPLATE)
     /* Size the buffer to accommodate the largest encoded key size */
     const word32  maxDerSz = DILITHIUM_MAX_PRV_KEY_DER_SIZE;
     word32        derSz;
@@ -46982,7 +47263,7 @@ static wc_test_ret_t test_dilithium_decode_level(const byte* rawKey,
 #endif
     }
 
-#ifndef WOLFSSL_DILITHIUM_NO_ASN1
+#if !defined(WOLFSSL_DILITHIUM_NO_ASN1) && defined(WOLFSSL_ASN_TEMPLATE)
     /* Export raw key as DER */
     if (ret == 0) {
 #ifdef WOLFSSL_DILITHIUM_PUBLIC_KEY
@@ -47056,7 +47337,7 @@ static wc_test_ret_t test_dilithium_decode_level(const byte* rawKey,
         ret = WC_TEST_RET_ENC_NC;
     }
 #endif /* !WOLFSSL_DILITHIUM_FIPS204_DRAFT */
-#endif /* WOLFSSL_DILITHIUM_NO_ASN1 */
+#endif /* !WOLFSSL_DILITHIUM_NO_ASN1 && WOLFSSL_ASN_TEMPLATE */
 
     /* Cleanup */
     wc_dilithium_free(key);
@@ -52135,14 +52416,15 @@ static wc_test_ret_t pkcs7enveloped_run_vectors(byte* rsaCert, word32 rsaCertSz,
     };
 
 #if !defined(NO_AES) && defined(HAVE_AES_CBC) && defined(WOLFSSL_AES_256) && \
-    defined(HAVE_ECC) && defined(WOLFSSL_SHA512)
+    defined(HAVE_ECC) && defined(WOLFSSL_SHA512) && \
+    defined(HAVE_AES_KEYWRAP) && defined(HAVE_X963_KDF)
     byte optionalUkm[] = {
         0x00,0x01,0x02,0x03,0x04,0x05,0x06,0x07
     };
 #endif /* !NO_AES */
 
 #if !defined(NO_AES) && defined(HAVE_AES_CBC) && defined(WOLFSSL_AES_128) && \
-    !defined(NO_SHA)
+    !defined(NO_SHA) && defined(HAVE_AES_KEYWRAP)
     /* encryption key for kekri recipient types */
     WOLFSSL_SMALL_STACK_STATIC const byte secretKey[] = {
         0x00,0x01,0x02,0x03,0x04,0x05,0x06,0x07,
@@ -52156,7 +52438,8 @@ static wc_test_ret_t pkcs7enveloped_run_vectors(byte* rsaCert, word32 rsaCertSz,
 #endif
 
 #if !defined(NO_PWDBASED) && !defined(NO_SHA) && \
-    !defined(NO_AES) && defined(HAVE_AES_CBC) && defined(WOLFSSL_AES_128)
+    !defined(NO_AES) && defined(HAVE_AES_CBC) && defined(WOLFSSL_AES_128) && \
+    defined(HAVE_AES_KEYWRAP)
 
     #ifndef HAVE_FIPS
     WOLFSSL_SMALL_STACK_STATIC const char password[] = "password"; /* NOTE: Password is too short for FIPS */
@@ -52203,7 +52486,7 @@ static wc_test_ret_t pkcs7enveloped_run_vectors(byte* rsaCert, word32 rsaCertSz,
          "pkcs7envelopedDataDES3.der");
     #endif
 
-    #if !defined(NO_AES) && defined(HAVE_AES_CBC)
+    #if !defined(NO_AES) && defined(HAVE_AES_CBC) && defined(HAVE_AES_KEYWRAP)
         #ifdef WOLFSSL_AES_128
         ADD_PKCS7ENVELOPEDVECTOR(
          data, (word32)sizeof(data), DATA, AES128CBCb, 0, 0, rsaCert, rsaCertSz,
@@ -52239,11 +52522,11 @@ static wc_test_ret_t pkcs7enveloped_run_vectors(byte* rsaCert, word32 rsaCertSz,
          NULL, 0, NULL, 0, NULL, NULL, 0, NULL, 0, 0, NULL, 0, NULL, 0, 0, 0,
          0, 0, 0, 0, "pkcs7envelopedDataAES256CBC_IANDS.der");
         #endif
-    #endif /* !NO_AES && HAVE_AES_CBC */
+    #endif /* !NO_AES && HAVE_AES_CBC && HAVE_AES_KEYWRAP */
 #endif
 
         /* key agreement key encryption technique*/
-#ifdef HAVE_ECC
+#if defined(HAVE_ECC) && defined(HAVE_AES_KEYWRAP) && defined(HAVE_X963_KDF)
     #if !defined(NO_AES) && defined(HAVE_AES_CBC)
         #if !defined(NO_SHA) && defined(WOLFSSL_AES_128)
         ADD_PKCS7ENVELOPEDVECTOR(
@@ -52283,7 +52566,7 @@ static wc_test_ret_t pkcs7enveloped_run_vectors(byte* rsaCert, word32 rsaCertSz,
 #endif
 
         /* kekri (KEKRecipientInfo) recipient types */
-#if !defined(NO_AES) && defined(HAVE_AES_CBC)
+#if !defined(NO_AES) && defined(HAVE_AES_CBC) && defined(HAVE_AES_KEYWRAP)
         #if !defined(NO_SHA) && defined(WOLFSSL_AES_128)
         ADD_PKCS7ENVELOPEDVECTOR(
          data, (word32)sizeof(data), DATA, AES128CBCb, AES128_WRAP, 0,
@@ -52292,11 +52575,12 @@ static wc_test_ret_t pkcs7enveloped_run_vectors(byte* rsaCert, word32 rsaCertSz,
          0, NULL, 0, NULL, 0, 0, 0, 0, 0, 0, 0,
          "pkcs7envelopedDataAES128CBC_KEKRI.der");
         #endif
-#endif /* !NO_AES && HAVE_AES_CBC */
+#endif /* !NO_AES && HAVE_AES_CBC && HAVE_AES_KEYWRAP */
 
         /* pwri (PasswordRecipientInfo) recipient types */
 #if !defined(NO_PWDBASED) && !defined(NO_AES) && defined(HAVE_AES_CBC)
-        #if !defined(NO_SHA) && defined(WOLFSSL_AES_128)
+        #if !defined(NO_SHA) && defined(WOLFSSL_AES_128) && \
+        defined(HAVE_AES_KEYWRAP)
         ADD_PKCS7ENVELOPEDVECTOR(
          data, (word32)sizeof(data), DATA, AES128CBCb, 0, 0,
          NULL, 0, NULL, 0, NULL, 0, 0, 0, NULL, 0,
@@ -52306,7 +52590,8 @@ static wc_test_ret_t pkcs7enveloped_run_vectors(byte* rsaCert, word32 rsaCertSz,
         #endif
 #endif
 
-#if !defined(NO_AES) && defined(HAVE_AES_CBC) && defined(WOLFSSL_AES_128)
+#if !defined(NO_AES) && defined(HAVE_AES_CBC) && defined(WOLFSSL_AES_128) && \
+        defined(HAVE_AES_KEYWRAP)
         /* ori (OtherRecipientInfo) recipient types */
         ADD_PKCS7ENVELOPEDVECTOR(
          data, (word32)sizeof(data), DATA, AES128CBCb, 0, 0, NULL, 0, NULL, 0,
@@ -52752,7 +53037,8 @@ static wc_test_ret_t pkcs7authenveloped_run_vectors(byte* rsaCert, word32 rsaCer
     };
     byte senderNonce[PKCS7_NONCE_SZ + 2];
 #ifdef HAVE_ECC
-    #if !defined(NO_AES) && defined(HAVE_AESGCM)
+    #if !defined(NO_AES) && defined(HAVE_AESGCM) && \
+    defined(HAVE_AES_KEYWRAP) && defined(HAVE_X963_KDF)
     #if !defined(NO_SHA256) && defined(WOLFSSL_AES_256)
     WOLFSSL_SMALL_STACK_STATIC const byte senderNonceOid[] =
                { 0x06, 0x0a, 0x60, 0x86, 0x48, 0x01, 0x86, 0xF8, 0x45, 0x01,
@@ -52768,13 +53054,15 @@ static wc_test_ret_t pkcs7authenveloped_run_vectors(byte* rsaCert, word32 rsaCer
 #endif
 
 #if !defined(NO_AES) && defined(WOLFSSL_AES_256) && defined(HAVE_ECC) && \
-    defined(WOLFSSL_SHA512) && defined(HAVE_AESGCM)
+    defined(WOLFSSL_SHA512) && defined(HAVE_AESGCM) && \
+    defined(HAVE_AES_KEYWRAP) && defined(HAVE_X963_KDF)
     WOLFSSL_SMALL_STACK_STATIC const byte optionalUkm[] = {
         0x00,0x01,0x02,0x03,0x04,0x05,0x06,0x07
     };
 #endif /* !NO_AES */
 
-#if !defined(NO_AES) && !defined(NO_SHA) && defined(WOLFSSL_AES_128)
+#if !defined(NO_AES) && !defined(NO_SHA) && defined(WOLFSSL_AES_128) && \
+    defined(HAVE_AES_KEYWRAP)
     /* encryption key for kekri recipient types */
     WOLFSSL_SMALL_STACK_STATIC const byte secretKey[] = {
         0x00,0x01,0x02,0x03,0x04,0x05,0x06,0x07,
@@ -52788,7 +53076,8 @@ static wc_test_ret_t pkcs7authenveloped_run_vectors(byte* rsaCert, word32 rsaCer
 #endif
 
 #if !defined(NO_PWDBASED) && !defined(NO_AES) && defined(HAVE_AESGCM) && \
-    !defined(NO_SHA) && defined(HAVE_AES_CBC) && defined(WOLFSSL_AES_128)
+    !defined(NO_SHA) && defined(HAVE_AES_CBC) && defined(WOLFSSL_AES_128) && \
+    defined(HAVE_AES_KEYWRAP)
 
     #ifndef HAVE_FIPS
     WOLFSSL_SMALL_STACK_STATIC const char password[] = "password";
@@ -52826,7 +53115,7 @@ static wc_test_ret_t pkcs7authenveloped_run_vectors(byte* rsaCert, word32 rsaCer
     {
         /* key transport key encryption technique */
 #ifndef NO_RSA
-    #if !defined(NO_AES) && defined(HAVE_AESGCM)
+    #if !defined(NO_AES) && defined(HAVE_AESGCM) && defined(HAVE_AES_KEYWRAP)
         #ifdef WOLFSSL_AES_128
         ADD_PKCS7AUTHENVELOPEDVECTOR(
          data, (word32)sizeof(data), DATA, AES128GCMb, 0, 0, rsaCert, rsaCertSz,
@@ -52876,12 +53165,13 @@ static wc_test_ret_t pkcs7authenveloped_run_vectors(byte* rsaCert, word32 rsaCer
         (void)rsaCertSz;
         (void)rsaPrivKey;
         (void)rsaPrivKeySz;
-    #endif /* !NO_AES && !HAVE_AESGCM */
+    #endif /* !NO_AES && !HAVE_AESGCM && HAVE_AES_KEYWRAP */
 #endif
 
         /* key agreement key encryption technique*/
 #ifdef HAVE_ECC
-    #if !defined(NO_AES) && defined(HAVE_AESGCM)
+    #if !defined(NO_AES) && defined(HAVE_AESGCM) && \
+    defined(HAVE_AES_KEYWRAP) && defined(HAVE_X963_KDF)
         #if !defined(NO_SHA) && defined(WOLFSSL_AES_128)
         ADD_PKCS7AUTHENVELOPEDVECTOR(
          data, (word32)sizeof(data), DATA, AES128GCMb, AES128_WRAP,
@@ -52958,11 +53248,11 @@ static wc_test_ret_t pkcs7authenveloped_run_vectors(byte* rsaCert, word32 rsaCer
          0, 0, 0, 0, 0, 0,
          "pkcs7authEnvelopedDataAES256GCM_ECDH_SHA512KDF_ukm.der");
         #endif /* WOLFSSL_SHA512 && WOLFSSL_AES_256 */
-    #endif /* !NO_AES && HAVE_AESGCM */
+    #endif /* !NO_AES && HAVE_AESGCM && HAVE_AES_KEYWRAP */
 #endif
 
         /* kekri (KEKRecipientInfo) recipient types */
-#if !defined(NO_AES) && defined(HAVE_AESGCM)
+#if !defined(NO_AES) && defined(HAVE_AESGCM) && defined(HAVE_AES_KEYWRAP)
         #if !defined(NO_SHA) && defined(WOLFSSL_AES_128)
         ADD_PKCS7AUTHENVELOPEDVECTOR(
          data, (word32)sizeof(data), DATA, AES128GCMb, AES128_WRAP, 0,
@@ -52974,7 +53264,8 @@ static wc_test_ret_t pkcs7authenveloped_run_vectors(byte* rsaCert, word32 rsaCer
 #endif
 
         /* pwri (PasswordRecipientInfo) recipient types */
-#if !defined(NO_PWDBASED) && !defined(NO_AES) && defined(HAVE_AESGCM)
+#if !defined(NO_PWDBASED) && !defined(NO_AES) && defined(HAVE_AESGCM) && \
+        defined(HAVE_AES_KEYWRAP)
         #if !defined(NO_SHA) && defined(HAVE_AES_CBC) && defined(WOLFSSL_AES_128)
         ADD_PKCS7AUTHENVELOPEDVECTOR(
          data, (word32)sizeof(data), DATA, AES128GCMb, 0, 0,
@@ -52985,7 +53276,7 @@ static wc_test_ret_t pkcs7authenveloped_run_vectors(byte* rsaCert, word32 rsaCer
         #endif
 #endif
 
-#if !defined(NO_AES) && defined(HAVE_AESGCM)
+#if !defined(NO_AES) && defined(HAVE_AESGCM) && defined(HAVE_AES_KEYWRAP)
         #ifdef WOLFSSL_AES_128
         /* ori (OtherRecipientInfo) recipient types */
         ADD_PKCS7AUTHENVELOPEDVECTOR(
@@ -53271,7 +53562,8 @@ static wc_test_ret_t pkcs7authenveloped_run_vectors(byte* rsaCert, word32 rsaCer
     (void)eccCertSz;
     (void)eccPrivKey;
     (void)eccPrivKeySz;
-#if !defined(NO_AES) && !defined(NO_SHA) && defined(WOLFSSL_AES_128)
+#if !defined(NO_AES) && !defined(NO_SHA) && defined(WOLFSSL_AES_128) && \
+    defined(HAVE_AES_KEYWRAP)
     (void)secretKey;
     (void)secretKeyId;
 #endif
@@ -53381,7 +53673,8 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t pkcs7authenveloped_test(void)
 
 #endif /* HAVE_AESGCM || HAVE_AESCCM */
 
-#if !defined(NO_AES) && defined(HAVE_AES_CBC) && defined(WOLFSSL_AES_256)
+#if !defined(NO_AES) && defined(HAVE_AES_CBC) && defined(WOLFSSL_AES_256) && \
+    defined(HAVE_AES_KEYWRAP)
 static const byte p7DefKey[] = {
     0x01,0x02,0x03,0x04,0x05,0x06,0x07,0x08,
     0x01,0x02,0x03,0x04,0x05,0x06,0x07,0x08,
@@ -53813,7 +54106,7 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t pkcs7callback_test(byte* cert, word32 cert
 
     return ret;
 }
-#endif /* !NO_AES && HAVE_AES_CBC && WOLFSSL_AES_256 */
+#endif /* !NO_AES && HAVE_AES_CBC && WOLFSSL_AES_256 && HAVE_AES_KEYWRAP */
 
 #ifndef NO_PKCS7_ENCRYPTED_DATA
 
@@ -55417,7 +55710,7 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t pkcs7signed_test(void)
                             eccClientPrivKeyBuf, (word32)eccClientPrivKeyBufSz);
 
 #if !defined(NO_RSA) && !defined(NO_AES) && defined(HAVE_AES_CBC) && \
-    defined(WOLFSSL_AES_256)
+    defined(WOLFSSL_AES_256) && defined(HAVE_AES_KEYWRAP)
     if (ret >= 0)
         ret = pkcs7callback_test(
                             rsaClientCertBuf, (word32)rsaClientCertBufSz,
@@ -59105,7 +59398,7 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t mutex_test(void)
 
 #if defined(USE_WOLFSSL_MEMORY) && !defined(FREERTOS)
 
-#if !defined(WOLFSSL_NO_MALLOC) && !defined(WOLFSSL_LINUXKM) && \
+#if !defined(WOLFSSL_NO_MALLOC) && !defined(WOLFSSL_KERNEL_MODE) && \
     !defined(WOLFSSL_STATIC_MEMORY)
 static wc_test_ret_t malloc_cnt = 0;
 static wc_test_ret_t realloc_cnt = 0;
@@ -59173,7 +59466,7 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t memcb_test(void)
 {
     wc_test_ret_t ret = 0;
 #if !defined(WOLFSSL_NO_MALLOC) && !defined(WOLFSSL_NO_REALLOC) && \
-    !defined(WOLFSSL_LINUXKM) && !defined(WOLFSSL_STATIC_MEMORY)
+    !defined(WOLFSSL_KERNEL_MODE) && !defined(WOLFSSL_STATIC_MEMORY)
     byte* b = NULL;
 #endif
     wolfSSL_Malloc_cb  mc;
@@ -59187,7 +59480,7 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t memcb_test(void)
         return WC_TEST_RET_ENC_EC(ret);
 
 #if !defined(WOLFSSL_NO_MALLOC) && !defined(WOLFSSL_NO_REALLOC) && \
-    !defined(WOLFSSL_LINUXKM) && !defined(WOLFSSL_STATIC_MEMORY)
+    !defined(WOLFSSL_KERNEL_MODE) && !defined(WOLFSSL_STATIC_MEMORY)
 
     /* test realloc */
     b = (byte*)XREALLOC(b, 1024, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
@@ -59231,7 +59524,7 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t memcb_test(void)
 #endif /* !WOLFSSL_NO_MALLOC */
 
 #if !defined(WOLFSSL_NO_MALLOC) && !defined(WOLFSSL_NO_REALLOC) && \
-    !defined(WOLFSSL_LINUXKM) && !defined(WOLFSSL_STATIC_MEMORY)
+    !defined(WOLFSSL_KERNEL_MODE) && !defined(WOLFSSL_STATIC_MEMORY)
 exit_memcb:
 
     /* reset malloc/free/realloc counts */
@@ -59503,12 +59796,11 @@ static wc_test_ret_t ecc_onlycb_test(myCryptoDevCtx *ctx)
      wc_test_ret_t ret = 0;
 #if defined(HAVE_ECC)
 #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC)
-    ecc_key* key = (ecc_key *)XMALLOC(sizeof *key,
+    ecc_key* key = (ecc_key *)XMALLOC(sizeof(*key),
                                             HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
-    ecc_key* pub = (ecc_key *)XMALLOC(sizeof *pub,
-                                            HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
-    byte* out = (byte*)XMALLOC(sizeof(byte),
+    ecc_key* pub = (ecc_key *)XMALLOC(sizeof(*pub),
                                             HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
+    byte* out = (byte*)XMALLOC(256, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
     #if !defined(WOLFCRYPT_ONLY) && defined(OPENSSL_EXTRA)
     byte* check = (byte*)XMALLOC(256, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
     #endif
@@ -59517,6 +59809,9 @@ static wc_test_ret_t ecc_onlycb_test(myCryptoDevCtx *ctx)
     #ifdef HAVE_ECC_DHE
     ecc_key pub[1];
     #endif
+    #if defined(HAVE_ECC_SIGN) && defined(HAVE_ECC_VERIFY)
+    byte   out[256];
+    #endif
     #if !defined(WOLFCRYPT_ONLY) && defined(OPENSSL_EXTRA)
     byte check[256];
     #endif
@@ -59572,7 +59867,6 @@ static wc_test_ret_t ecc_onlycb_test(myCryptoDevCtx *ctx)
 #if defined(HAVE_ECC_SIGN) && defined(HAVE_ECC_VERIFY)
     byte   in[] = "Everyone gets Friday off. ecc p";
     word32 inLen = (word32)XSTRLEN((char*)in);
-    byte   out[256];
     word32 outLen;
     int    verify;
 #endif
@@ -60545,6 +60839,28 @@ static int myCryptoDevCb(int devIdArg, wc_CryptoInfo* info, void* ctx)
         info->cmac.cmac->devId = devIdArg;
     }
 #endif /* WOLFSSL_CMAC && !(NO_AES) && WOLFSSL_AES_DIRECT */
+#if defined(HAVE_HKDF) && !defined(NO_HMAC)
+    else if (info->algo_type == WC_ALGO_TYPE_KDF) {
+        if (info->kdf.type == WC_KDF_TYPE_HKDF) {
+            /* Redirect to software implementation for testing */
+
+#if !defined(HAVE_SELFTEST) && (!defined(HAVE_FIPS) || FIPS_VERSION_GE(7,0))
+            ret = wc_HKDF_ex(info->kdf.hkdf.hashType,
+                           info->kdf.hkdf.inKey, info->kdf.hkdf.inKeySz,
+                           info->kdf.hkdf.salt, info->kdf.hkdf.saltSz,
+                           info->kdf.hkdf.info, info->kdf.hkdf.infoSz,
+                           info->kdf.hkdf.out, info->kdf.hkdf.outSz,
+                           NULL, INVALID_DEVID);
+#else
+            ret = wc_HKDF(info->kdf.hkdf.hashType,
+                          info->kdf.hkdf.inKey, info->kdf.hkdf.inKeySz,
+                          info->kdf.hkdf.salt, info->kdf.hkdf.saltSz,
+                          info->kdf.hkdf.info, info->kdf.hkdf.infoSz,
+                          info->kdf.hkdf.out, info->kdf.hkdf.outSz);
+#endif
+        }
+    }
+#endif /* HAVE_HKDF && !NO_HMAC */
 
     (void)devIdArg;
     (void)myCtx;
@@ -60662,6 +60978,10 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t cryptocb_test(void)
     if (ret == 0)
         ret = sha_test();
 #endif
+#ifdef WOLFSSL_SHA224
+    if (ret == 0)
+        ret = sha224_test();
+#endif
 #ifndef NO_SHA256
     if (ret == 0)
         ret = sha256_test();
@@ -60692,6 +61012,10 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t cryptocb_test(void)
         ret = hmac_sha3_test();
     #endif
 #endif
+#if defined(HAVE_HKDF) && !defined(NO_HMAC)
+    if (ret == 0)
+        ret = hkdf_test();
+#endif
 #ifndef NO_PWDBASED
     #if defined(HAVE_PBKDF2) && !defined(NO_SHA256) && !defined(NO_HMAC)
     PRIVATE_KEY_UNLOCK();
diff --git a/wolfssl/certs_test.h b/wolfssl/certs_test.h
index 37e8da844..8ef0aabf2 100644
--- a/wolfssl/certs_test.h
+++ b/wolfssl/certs_test.h
@@ -71,7 +71,7 @@ static const unsigned char client_key_der_1024[] =
         0xA2, 0xFE, 0xBF, 0x08, 0x6B, 0x1A, 0x5D, 0x3F, 0x90, 0x12,
         0xB1, 0x05, 0x86, 0x31, 0x29, 0xDB, 0xD9, 0xE2
 };
-static const int sizeof_client_key_der_1024 = sizeof(client_key_der_1024);
+#define sizeof_client_key_der_1024 (sizeof(client_key_der_1024))
 
 /* ./certs/1024/client-keyPub.der, 1024-bit */
 static const unsigned char client_keypub_der_1024[] =
@@ -94,7 +94,7 @@ static const unsigned char client_keypub_der_1024[] =
         0x27, 0x00, 0xF6, 0x91, 0x68, 0x65, 0xA9, 0x02, 0x03, 0x01,
         0x00, 0x01
 };
-static const int sizeof_client_keypub_der_1024 = sizeof(client_keypub_der_1024);
+#define sizeof_client_keypub_der_1024 (sizeof(client_keypub_der_1024))
 
 /* ./certs/1024/client-cert.der, 1024-bit */
 static const unsigned char client_cert_der_1024[] =
@@ -206,7 +206,7 @@ static const unsigned char client_cert_der_1024[] =
         0x67, 0xCA, 0xA7, 0xA6, 0x41, 0xC5, 0x28, 0x0F, 0xFD, 0x2E,
         0x0E, 0xF0
 };
-static const int sizeof_client_cert_der_1024 = sizeof(client_cert_der_1024);
+#define sizeof_client_cert_der_1024 (sizeof(client_cert_der_1024))
 
 /* ./certs/1024/dh1024.der, 1024-bit */
 static const unsigned char dh_key_der_1024[] =
@@ -226,7 +226,7 @@ static const unsigned char dh_key_der_1024[] =
         0x8C, 0x63, 0x0A, 0xAD, 0xC7, 0x10, 0xEA, 0xC7, 0xA1, 0xB9,
         0x9D, 0xF2, 0xA8, 0x37, 0x73, 0x02, 0x01, 0x02
 };
-static const int sizeof_dh_key_der_1024 = sizeof(dh_key_der_1024);
+#define sizeof_dh_key_der_1024 (sizeof(dh_key_der_1024))
 
 /* ./certs/1024/dsa1024.der, 1024-bit */
 static const unsigned char dsa_key_der_1024[] =
@@ -277,7 +277,7 @@ static const unsigned char dsa_key_der_1024[] =
         0x3B, 0xA1, 0x19, 0x75, 0xDF, 0x9B, 0xF5, 0x72, 0x53, 0x4F,
         0x39, 0xE1, 0x1C, 0xEC, 0x13, 0x84, 0x82, 0x18
 };
-static const int sizeof_dsa_key_der_1024 = sizeof(dsa_key_der_1024);
+#define sizeof_dsa_key_der_1024 (sizeof(dsa_key_der_1024))
 
 /* ./certs/1024/rsa1024.der, 1024-bit */
 static const unsigned char rsa_key_der_1024[] =
@@ -344,7 +344,7 @@ static const unsigned char rsa_key_der_1024[] =
         0xB9, 0x9E, 0xD5, 0x5B, 0x2E, 0x87, 0x1C, 0x58, 0xD0, 0x37,
         0x89, 0x96, 0xEC, 0x48, 0x54, 0xF5, 0x9F, 0x0F, 0xB3
 };
-static const int sizeof_rsa_key_der_1024 = sizeof(rsa_key_der_1024);
+#define sizeof_rsa_key_der_1024 (sizeof(rsa_key_der_1024))
 
 /* ./certs/1024/ca-key.der, 1024-bit */
 static const unsigned char ca_key_der_1024[] =
@@ -412,7 +412,7 @@ static const unsigned char ca_key_der_1024[] =
         0x8A, 0x20, 0x4B, 0xF2, 0xB1, 0x52, 0x83, 0xAB, 0x6F, 0x10
 
 };
-static const int sizeof_ca_key_der_1024 = sizeof(ca_key_der_1024);
+#define sizeof_ca_key_der_1024 (sizeof(ca_key_der_1024))
 
 /* ./certs/1024/ca-cert.der, 1024-bit */
 static const unsigned char ca_cert_der_1024[] =
@@ -522,7 +522,7 @@ static const unsigned char ca_cert_der_1024[] =
         0x52, 0xF8, 0x8A, 0x51, 0xB7, 0xED, 0x3A, 0xAA, 0x78, 0x41,
         0x90, 0x95, 0xE8, 0x40, 0x2E, 0x66, 0xFC
 };
-static const int sizeof_ca_cert_der_1024 = sizeof(ca_cert_der_1024);
+#define sizeof_ca_cert_der_1024 (sizeof(ca_cert_der_1024))
 
 /* ./certs/1024/server-key.der, 1024-bit */
 static const unsigned char server_key_der_1024[] =
@@ -589,7 +589,7 @@ static const unsigned char server_key_der_1024[] =
         0xE1, 0x00, 0x72, 0xBE, 0x6E, 0xC3, 0x94, 0x49, 0xDC, 0xBB,
         0x8E, 0x1A, 0x78, 0xE5, 0x49, 0x1F, 0x55, 0x41, 0xA1
 };
-static const int sizeof_server_key_der_1024 = sizeof(server_key_der_1024);
+#define sizeof_server_key_der_1024 (sizeof(server_key_der_1024))
 
 /* ./certs/1024/server-cert.der, 1024-bit */
 static const unsigned char server_cert_der_1024[] =
@@ -697,7 +697,7 @@ static const unsigned char server_cert_der_1024[] =
         0x77, 0xCF, 0x6D, 0xA0, 0x27, 0xAD, 0xC0, 0x16, 0x56, 0x55,
         0x46, 0xB2, 0xBF, 0xF1
 };
-static const int sizeof_server_cert_der_1024 = sizeof(server_cert_der_1024);
+#define sizeof_server_cert_der_1024 (sizeof(server_cert_der_1024))
 
 #endif /* USE_CERT_BUFFERS_1024 */
 
@@ -827,7 +827,7 @@ static const unsigned char client_key_der_2048[] =
         0x45, 0x5D, 0x13, 0x39, 0x65, 0x42, 0x46, 0xA1, 0x9F, 0xCD,
         0xF5, 0xBF
 };
-static const int sizeof_client_key_der_2048 = sizeof(client_key_der_2048);
+#define sizeof_client_key_der_2048 (sizeof(client_key_der_2048))
 
 /* ./certs/client-keyPub.der, 2048-bit */
 static const unsigned char client_keypub_der_2048[] =
@@ -863,7 +863,7 @@ static const unsigned char client_keypub_der_2048[] =
         0xAE, 0xF5, 0xFC, 0x5B, 0xE5, 0xFB, 0xA1, 0xBA, 0xD3, 0x02,
         0x03, 0x01, 0x00, 0x01
 };
-static const int sizeof_client_keypub_der_2048 = sizeof(client_keypub_der_2048);
+#define sizeof_client_keypub_der_2048 (sizeof(client_keypub_der_2048))
 
 /* ./certs/client-cert.der, 2048-bit */
 static const unsigned char client_cert_der_2048[] =
@@ -1001,7 +1001,7 @@ static const unsigned char client_cert_der_2048[] =
         0xE8, 0xBC, 0x89, 0xED, 0x01, 0xE2, 0xFE, 0x44, 0x86, 0x86,
         0x80, 0x39, 0xEC
 };
-static const int sizeof_client_cert_der_2048 = sizeof(client_cert_der_2048);
+#define sizeof_client_cert_der_2048 (sizeof(client_cert_der_2048))
 
 /* ./certs/dh2048.der, 2048-bit */
 static const unsigned char dh_key_der_2048[] =
@@ -1034,7 +1034,7 @@ static const unsigned char dh_key_der_2048[] =
         0xC3, 0xA9, 0x41, 0x83, 0xFB, 0xC7, 0xFA, 0xC8, 0xE2, 0x1E,
         0x7E, 0xAF, 0x00, 0x3F, 0x93, 0x02, 0x01, 0x02
 };
-static const int sizeof_dh_key_der_2048 = sizeof(dh_key_der_2048);
+#define sizeof_dh_key_der_2048 (sizeof(dh_key_der_2048))
 
 /* ./certs/dh-pubkey-2048.der, 2048-bit */
 static const unsigned char dh_pub_key_der_2048[] =
@@ -1096,7 +1096,7 @@ static const unsigned char dh_pub_key_der_2048[] =
         0x81, 0x8F, 0xE7, 0x96, 0x18, 0xD9, 0xE0, 0x97, 0x08, 0x45,
         0x36, 0xC3
 };
-static const int sizeof_dh_pub_key_der_2048 = sizeof(dh_pub_key_der_2048);
+#define sizeof_dh_pub_key_der_2048 (sizeof(dh_pub_key_der_2048))
 
 /* ./certs/statickeys/dh-ffdhe2048.der, 2048-bit */
 static const unsigned char dh_ffdhe_statickey_der_2048[] =
@@ -1135,7 +1135,7 @@ static const unsigned char dh_ffdhe_statickey_der_2048[] =
         0x65, 0x46, 0xF6, 0x34, 0xB8, 0xB0, 0xC1, 0x55, 0x3A, 0xF7,
         0xC8, 0x43, 0xB8
 };
-static const int sizeof_dh_ffdhe_statickey_der_2048 = sizeof(dh_ffdhe_statickey_der_2048);
+#define sizeof_dh_ffdhe_statickey_der_2048 (sizeof(dh_ffdhe_statickey_der_2048))
 
 /* ./certs/statickeys/dh-ffdhe2048-pub.der, 2048-bit */
 static const unsigned char dh_ffdhe_pub_statickey_der_2048[] =
@@ -1197,7 +1197,7 @@ static const unsigned char dh_ffdhe_pub_statickey_der_2048[] =
         0x10, 0xE0, 0xF2, 0x09, 0x1C, 0x6D, 0x02, 0x5D, 0xFC, 0x7A,
         0x08, 0x82
 };
-static const int sizeof_dh_ffdhe_pub_statickey_der_2048 = sizeof(dh_ffdhe_pub_statickey_der_2048);
+#define sizeof_dh_ffdhe_pub_statickey_der_2048 (sizeof(dh_ffdhe_pub_statickey_der_2048))
 
 /* ./certs/dsa-pubkey-2048.der, 2048-bit */
 static const unsigned char dsa_pub_key_der_2048[] =
@@ -1288,7 +1288,7 @@ static const unsigned char dsa_pub_key_der_2048[] =
         0x11, 0xF9, 0x1B, 0xF1, 0x3C, 0x68, 0xDF, 0xC2, 0xF4, 0x98,
         0x5F, 0x6C, 0xC8
 };
-static const int sizeof_dsa_pub_key_der_2048 = sizeof(dsa_pub_key_der_2048);
+#define sizeof_dsa_pub_key_der_2048 (sizeof(dsa_pub_key_der_2048))
 
 /* ./certs/dsa2048.der, 2048-bit */
 static const unsigned char dsa_key_der_2048[] =
@@ -1378,7 +1378,7 @@ static const unsigned char dsa_key_der_2048[] =
         0x3E, 0x75, 0x13, 0x13, 0x06, 0x8F, 0x94, 0xD3, 0xE6, 0xE9,
         0x00, 0xCB, 0x62, 0x6D, 0x9A
 };
-static const int sizeof_dsa_key_der_2048 = sizeof(dsa_key_der_2048);
+#define sizeof_dsa_key_der_2048 (sizeof(dsa_key_der_2048))
 
 /* ./certs/rsa2048.der, 2048-bit */
 static const unsigned char rsa_key_der_2048[] =
@@ -1504,7 +1504,7 @@ static const unsigned char rsa_key_der_2048[] =
         0x83, 0x0B, 0xD4, 0x74, 0x80, 0xB6, 0x7D, 0x62, 0x45, 0xBF,
         0x56
 };
-static const int sizeof_rsa_key_der_2048 = sizeof(rsa_key_der_2048);
+#define sizeof_rsa_key_der_2048 (sizeof(rsa_key_der_2048))
 
 /* ./certs/ca-key.der, 2048-bit */
 static const unsigned char ca_key_der_2048[] =
@@ -1630,7 +1630,7 @@ static const unsigned char ca_key_der_2048[] =
         0x8A, 0xC0, 0x05, 0x55, 0x2C, 0x24, 0xC0, 0x4A, 0x97, 0x04,
         0x27, 0x9A
 };
-static const int sizeof_ca_key_der_2048 = sizeof(ca_key_der_2048);
+#define sizeof_ca_key_der_2048 (sizeof(ca_key_der_2048))
 
 /* ./certs/ca-cert.der, 2048-bit */
 static const unsigned char ca_cert_der_2048[] =
@@ -1765,7 +1765,7 @@ static const unsigned char ca_cert_der_2048[] =
         0xD3, 0xDF, 0x7A, 0x06, 0x32, 0x8D, 0x29, 0x1F, 0x28, 0x1D,
         0x8D, 0x26, 0x33
 };
-static const int sizeof_ca_cert_der_2048 = sizeof(ca_cert_der_2048);
+#define sizeof_ca_cert_der_2048 (sizeof(ca_cert_der_2048))
 
 /* ./certs/ca-cert-chain.der, 2048-bit */
 static const unsigned char ca_cert_chain_der[] =
@@ -1874,7 +1874,7 @@ static const unsigned char ca_cert_chain_der[] =
         0xD9, 0xA2, 0x38, 0xD0, 0x22, 0x04, 0xCA, 0x31, 0x1C, 0xAC,
         0x3C, 0xF2
 };
-static const int sizeof_ca_cert_chain_der = sizeof(ca_cert_chain_der);
+#define sizeof_ca_cert_chain_der (sizeof(ca_cert_chain_der))
 
 /* ./certs/server-key.der, 2048-bit */
 static const unsigned char server_key_der_2048[] =
@@ -2000,7 +2000,7 @@ static const unsigned char server_key_der_2048[] =
         0x7C, 0x9A, 0x1F, 0x0C, 0x7C, 0xA9, 0xB0, 0x0E, 0x21, 0x37,
         0x3B, 0xF1, 0xB0
 };
-static const int sizeof_server_key_der_2048 = sizeof(server_key_der_2048);
+#define sizeof_server_key_der_2048 (sizeof(server_key_der_2048))
 
 /* ./certs/server-cert.der, 2048-bit */
 static const unsigned char server_cert_der_2048[] =
@@ -2133,7 +2133,7 @@ static const unsigned char server_cert_der_2048[] =
         0xF0, 0x24, 0x9F, 0x83, 0x83, 0xDA, 0xA6, 0xAA, 0x3C, 0xC8
 
 };
-static const int sizeof_server_cert_der_2048 = sizeof(server_cert_der_2048);
+#define sizeof_server_cert_der_2048 (sizeof(server_cert_der_2048))
 
 #endif /* USE_CERT_BUFFERS_2048 */
 
@@ -2183,7 +2183,7 @@ static const unsigned char dh_key_der_3072[] =
         0x11, 0x03, 0xB9, 0x03, 0x07, 0xFE, 0x66, 0x38, 0x5F, 0xA2,
         0x3E, 0x9C, 0x1B, 0x02, 0x01, 0x02
 };
-static const int sizeof_dh_key_der_3072 = sizeof(dh_key_der_3072);
+#define sizeof_dh_key_der_3072 (sizeof(dh_key_der_3072))
 
 /* ./certs/dsa3072.der, 3072-bit */
 static const unsigned char dsa_key_der_3072[] =
@@ -2314,7 +2314,7 @@ static const unsigned char dsa_key_der_3072[] =
         0x73, 0x99, 0x40, 0x1B, 0xDC, 0xA9, 0xBA, 0xC4, 0x1B, 0x12,
         0x6C, 0xFF, 0x53
 };
-static const int sizeof_dsa_key_der_3072 = sizeof(dsa_key_der_3072);
+#define sizeof_dsa_key_der_3072 (sizeof(dsa_key_der_3072))
 
 /* ./certs/rsa3072.der, 3072-bit */
 static const unsigned char rsa_key_der_3072[] =
@@ -2497,7 +2497,7 @@ static const unsigned char rsa_key_der_3072[] =
         0xA6, 0x9F, 0x7E, 0x3D, 0x2D, 0x1A, 0x44, 0x31, 0x3D, 0x81,
         0x91, 0xB8, 0x36, 0x08, 0x27, 0x42, 0x9E, 0x08
 };
-static const int sizeof_rsa_key_der_3072 = sizeof(rsa_key_der_3072);
+#define sizeof_rsa_key_der_3072 (sizeof(rsa_key_der_3072))
 
 /* ./certs/3072/client-key.der, 3072-bit */
 static const unsigned char client_key_der_3072[] =
@@ -2683,7 +2683,7 @@ static const unsigned char client_key_der_3072[] =
         0x67, 0x7C, 0xC7, 0x51, 0x5B, 0xBE, 0xE3, 0xF8, 0xBE, 0x1E,
         0xC7, 0xD2, 0x28, 0x97
 };
-static const int sizeof_client_key_der_3072 = sizeof(client_key_der_3072);
+#define sizeof_client_key_der_3072 (sizeof(client_key_der_3072))
 
 /* ./certs/3072/client-keyPub.der, 3072-bit */
 static const unsigned char client_keypub_der_3072[] =
@@ -2732,7 +2732,7 @@ static const unsigned char client_keypub_der_3072[] =
         0xC9, 0xD6, 0x73, 0x7C, 0x96, 0x41, 0x93, 0x02, 0x03, 0x01,
         0x00, 0x01
 };
-static const int sizeof_client_keypub_der_3072 = sizeof(client_keypub_der_3072);
+#define sizeof_client_keypub_der_3072 (sizeof(client_keypub_der_3072))
 
 /* ./certs/3072/client-cert.der, 3072-bit */
 static const unsigned char client_cert_der_3072[] =
@@ -2895,7 +2895,7 @@ static const unsigned char client_cert_der_3072[] =
         0x54, 0xB0, 0x7C, 0x6F, 0xF5, 0xDE, 0x26, 0x66, 0xC0, 0xBA,
         0x85, 0x38, 0xD0, 0x25, 0xFE, 0xB9, 0xBF, 0x12, 0x98
 };
-static const int sizeof_client_cert_der_3072 = sizeof(client_cert_der_3072);
+#define sizeof_client_cert_der_3072 (sizeof(client_cert_der_3072))
 
 #endif /* USE_CERT_BUFFERS_3072 */
 
@@ -3143,7 +3143,7 @@ static const unsigned char client_key_der_4096[] =
         0x92, 0xEA, 0x01, 0x45, 0x89, 0xD1, 0x4E, 0xFE, 0x4D, 0x2B,
         0x4B, 0x18, 0xE6, 0xCE
 };
-static const int sizeof_client_key_der_4096 = sizeof(client_key_der_4096);
+#define sizeof_client_key_der_4096 (sizeof(client_key_der_4096))
 
 /* ./certs/4096/client-keyPub.der, 4096-bit */
 static const unsigned char client_keypub_der_4096[] =
@@ -3205,7 +3205,7 @@ static const unsigned char client_keypub_der_4096[] =
         0xF2, 0xCF, 0x6B, 0x15, 0xAB, 0x02, 0x03, 0x01, 0x00, 0x01
 
 };
-static const int sizeof_client_keypub_der_4096 = sizeof(client_keypub_der_4096);
+#define sizeof_client_keypub_der_4096 (sizeof(client_keypub_der_4096))
 
 /* ./certs/4096/client-cert.der, 4096-bit */
 static const unsigned char client_cert_der_4096[] =
@@ -3394,7 +3394,7 @@ static const unsigned char client_cert_der_4096[] =
         0x89, 0x18, 0x29, 0x32, 0xC5, 0xAD, 0xFB, 0x9C, 0xF7, 0x26,
         0xAC, 0x56, 0x3E, 0xF7, 0x73
 };
-static const int sizeof_client_cert_der_4096 = sizeof(client_cert_der_4096);
+#define sizeof_client_cert_der_4096 (sizeof(client_cert_der_4096))
 
 /* ./certs/dh4096.der, 4096-bit */
 static const unsigned char dh_key_der_4096[] =
@@ -3453,7 +3453,7 @@ static const unsigned char dh_key_der_4096[] =
         0xF3, 0x56, 0xBD, 0xF0, 0xFC, 0x00, 0x78, 0x00, 0x56, 0xB4,
         0x3B, 0x02, 0x01, 0x02
 };
-static const int sizeof_dh_key_der_4096 = sizeof(dh_key_der_4096);
+#define sizeof_dh_key_der_4096 (sizeof(dh_key_der_4096))
 
 #endif /* USE_CERT_BUFFERS_4096 */
 
@@ -3684,7 +3684,7 @@ static const unsigned char bench_falcon_level1_key[] =
         0xCB, 0xC9, 0x40, 0xD2, 0x3A, 0xBE, 0xA9, 0xB7, 0x78, 0x76,
         0x9F, 0x1E
 };
-static const int sizeof_bench_falcon_level1_key = sizeof(bench_falcon_level1_key);
+#define sizeof_bench_falcon_level1_key (sizeof(bench_falcon_level1_key))
 
 /* certs/falcon/bench_falcon_level5_key.der */
 static const unsigned char bench_falcon_level5_key[] =
@@ -4103,7 +4103,7 @@ static const unsigned char bench_falcon_level5_key[] =
         0xED, 0xD3, 0x59, 0x13, 0x9D, 0xB5, 0xD0, 0x50, 0x68, 0x1A,
         0xA5, 0xA6
 };
-static const int sizeof_bench_falcon_level5_key = sizeof(bench_falcon_level5_key);
+#define sizeof_bench_falcon_level5_key (sizeof(bench_falcon_level5_key))
 
 #endif /* HAVE_FALCON */
 
@@ -4370,7 +4370,7 @@ static const unsigned char bench_dilithium_level2_key[] = {
     0x12, 0xea, 0xc1, 0x94, 0x37, 0xa0, 0x11, 0xff, 0xb2, 0xa4,
     0xc3, 0x61, 0xf2, 0xa3, 0x49, 0xbe, 0xe7, 0xb6, 0x96, 0x2f,
 };
-static const int sizeof_bench_dilithium_level2_key = sizeof(bench_dilithium_level2_key);
+#define sizeof_bench_dilithium_level2_key (sizeof(bench_dilithium_level2_key))
 
 #endif /* !WOLFSSL_DILITHIUM_NO_SIGN */
 
@@ -4512,8 +4512,8 @@ static const unsigned char bench_dilithium_level2_pubkey[] = {
     0x36, 0x8b, 0x81, 0x26, 0x99, 0x92, 0x42, 0xda, 0x45, 0xb1,
     0xfe, 0x4b,
 };
-static const int sizeof_bench_dilithium_level2_pubkey =
-    sizeof(bench_dilithium_level2_pubkey);
+#define sizeof_bench_dilithium_level2_pubkey \
+       (sizeof(bench_dilithium_level2_pubkey))
 
 #endif /* !WOLFSSL_DILITHIUM_NO_VERIFY */
 
@@ -4927,7 +4927,7 @@ static const unsigned char bench_dilithium_level3_key[] = {
     0xd2, 0x71, 0xb2, 0x5e, 0xae, 0x72, 0xc9, 0x69, 0x3b, 0x80,
     0xc2, 0x27,
 };
-static const int sizeof_bench_dilithium_level3_key = sizeof(bench_dilithium_level3_key);
+#define sizeof_bench_dilithium_level3_key (sizeof(bench_dilithium_level3_key))
 
 #endif /* !WOLFSSL_DILITHIUM_NO_SIGN */
 
@@ -5634,7 +5634,7 @@ static const unsigned char bench_dilithium_level5_key[] = {
     0x15, 0xed, 0xa6, 0x86, 0x8f, 0x2f, 0xe5, 0x67, 0x0f, 0xdd,
     0xbf, 0x70, 0x53, 0xaa, 0x9b, 0x74,
 };
-static const int sizeof_bench_dilithium_level5_key = sizeof(bench_dilithium_level5_key);
+#define sizeof_bench_dilithium_level5_key (sizeof(bench_dilithium_level5_key))
 
 #endif /* !WOLFSSL_DILITHIUM_NO_SIGN */
 
@@ -5904,8 +5904,8 @@ static const unsigned char bench_dilithium_level5_pubkey[] = {
     0xe9, 0x0e, 0x42, 0xdd, 0x17, 0xd7, 0x6e, 0x19, 0x8d, 0x95,
     0x0a, 0x93,
 };
-static const int sizeof_bench_dilithium_level5_pubkey =
-    sizeof(bench_dilithium_level5_pubkey);
+#define sizeof_bench_dilithium_level5_pubkey \
+       (sizeof(bench_dilithium_level5_pubkey))
 
 #endif /* !WOLFSSL_DILITHIUM_NO_VERIFY */
 
@@ -5929,7 +5929,7 @@ static const unsigned char bench_sphincs_fast_level1_key[] =
         0xF6, 0x57, 0xCE, 0x45, 0x8F, 0x8B, 0x1D, 0x68, 0x63, 0xAA,
         0x24, 0xA4, 0xE1, 0x0D, 0xFB
 };
-static const int sizeof_bench_sphincs_fast_level1_key = sizeof(bench_sphincs_fast_level1_key);
+#define sizeof_bench_sphincs_fast_level1_key (sizeof(bench_sphincs_fast_level1_key))
 
 /* certs/sphincs/bench_sphincs_fast_level3_key.der */
 static const unsigned char bench_sphincs_fast_level3_key[] =
@@ -5952,7 +5952,7 @@ static const unsigned char bench_sphincs_fast_level3_key[] =
         0x38, 0x1F, 0x57, 0x89, 0x76, 0x8C, 0x6D, 0x88, 0xCE, 0x18,
         0x4F, 0xA7, 0x88, 0x48, 0x7C, 0x0D
 };
-static const int sizeof_bench_sphincs_fast_level3_key = sizeof(bench_sphincs_fast_level3_key);
+#define sizeof_bench_sphincs_fast_level3_key (sizeof(bench_sphincs_fast_level3_key))
 
 /* certs/sphincs/bench_sphincs_fast_level5_key.der */
 static const unsigned char bench_sphincs_fast_level5_key[] =
@@ -5980,7 +5980,7 @@ static const unsigned char bench_sphincs_fast_level5_key[] =
         0x2B, 0x66, 0x58, 0x64, 0x1D, 0x94, 0xAF, 0x58, 0xB5, 0x23,
         0x2C, 0xA1, 0xE9, 0x95
 };
-static const int sizeof_bench_sphincs_fast_level5_key = sizeof(bench_sphincs_fast_level5_key);
+#define sizeof_bench_sphincs_fast_level5_key (sizeof(bench_sphincs_fast_level5_key))
 
 /* certs/sphincs/bench_sphincs_small_level1_key.der */
 static const unsigned char bench_sphincs_small_level1_key[] =
@@ -5998,7 +5998,7 @@ static const unsigned char bench_sphincs_small_level1_key[] =
         0x52, 0xC1, 0x31, 0xF7, 0xC1, 0x86, 0x7E, 0x73, 0xFB, 0x9E,
         0x72, 0x57, 0x8A, 0xD7, 0x44
 };
-static const int sizeof_bench_sphincs_small_level1_key = sizeof(bench_sphincs_small_level1_key);
+#define sizeof_bench_sphincs_small_level1_key (sizeof(bench_sphincs_small_level1_key))
 
 /* certs/sphincs/bench_sphincs_small_level3_key.der */
 static const unsigned char bench_sphincs_small_level3_key[] =
@@ -6021,7 +6021,7 @@ static const unsigned char bench_sphincs_small_level3_key[] =
         0x90, 0x55, 0x58, 0x6C, 0x0A, 0x52, 0x61, 0x0B, 0xF3, 0xBC,
         0xE1, 0x1F, 0xB4, 0xA6, 0x5F, 0x9F
 };
-static const int sizeof_bench_sphincs_small_level3_key = sizeof(bench_sphincs_small_level3_key);
+#define sizeof_bench_sphincs_small_level3_key (sizeof(bench_sphincs_small_level3_key))
 
 /* certs/sphincs/bench_sphincs_small_level5_key.der */
 static const unsigned char bench_sphincs_small_level5_key[] =
@@ -6049,7 +6049,7 @@ static const unsigned char bench_sphincs_small_level5_key[] =
         0x34, 0x9A, 0x4E, 0x86, 0x25, 0x66, 0xFF, 0xA0, 0x79, 0x47,
         0xBE, 0x94, 0xC2, 0x69
 };
-static const int sizeof_bench_sphincs_small_level5_key = sizeof(bench_sphincs_small_level5_key);
+#define sizeof_bench_sphincs_small_level5_key (sizeof(bench_sphincs_small_level5_key))
 
 #endif /* HAVE_SPHINCS */
 
@@ -6072,7 +6072,7 @@ static const unsigned char ecc_clikey_der_256[] =
         0xF7, 0xBD, 0xA9, 0xB2, 0x36, 0x22, 0x5F, 0xC7, 0x5D, 0x7F,
         0xB4
 };
-static const int sizeof_ecc_clikey_der_256 = sizeof(ecc_clikey_der_256);
+#define sizeof_ecc_clikey_der_256 (sizeof(ecc_clikey_der_256))
 
 /* ./certs/ecc-client-keyPub.der, ECC */
 static const unsigned char ecc_clikeypub_der_256[] =
@@ -6088,7 +6088,7 @@ static const unsigned char ecc_clikeypub_der_256[] =
         0xF7, 0xBD, 0xA9, 0xB2, 0x36, 0x22, 0x5F, 0xC7, 0x5D, 0x7F,
         0xB4
 };
-static const int sizeof_ecc_clikeypub_der_256 = sizeof(ecc_clikeypub_der_256);
+#define sizeof_ecc_clikeypub_der_256 (sizeof(ecc_clikeypub_der_256))
 
 /* ./certs/client-ecc-cert.der, ECC */
 static const unsigned char cliecc_cert_der_256[] =
@@ -6181,7 +6181,7 @@ static const unsigned char cliecc_cert_der_256[] =
         0x0C, 0xDA, 0x34, 0x0B, 0x4E, 0x83, 0xA2, 0x10, 0x67, 0x99,
         0x19, 0x1C, 0x93, 0x91, 0xC8, 0xC7
 };
-static const int sizeof_cliecc_cert_der_256 = sizeof(cliecc_cert_der_256);
+#define sizeof_cliecc_cert_der_256 (sizeof(cliecc_cert_der_256))
 
 /* ./certs/ecc-key.der, ECC */
 static const unsigned char ecc_key_der_256[] =
@@ -6200,7 +6200,7 @@ static const unsigned char ecc_key_der_256[] =
         0x34, 0x86, 0xE8, 0x20, 0x58, 0x33, 0x0B, 0x80, 0x34, 0x89,
         0xD8
 };
-static const int sizeof_ecc_key_der_256 = sizeof(ecc_key_der_256);
+#define sizeof_ecc_key_der_256 (sizeof(ecc_key_der_256))
 
 /* ./certs/ecc-keyPub.der, ECC */
 static const unsigned char ecc_key_pub_der_256[] =
@@ -6216,7 +6216,7 @@ static const unsigned char ecc_key_pub_der_256[] =
         0x34, 0x86, 0xE8, 0x20, 0x58, 0x33, 0x0B, 0x80, 0x34, 0x89,
         0xD8
 };
-static const int sizeof_ecc_key_pub_der_256 = sizeof(ecc_key_pub_der_256);
+#define sizeof_ecc_key_pub_der_256 (sizeof(ecc_key_pub_der_256))
 
 /* ./certs/statickeys/ecc-secp256r1.der, ECC */
 static const unsigned char ecc_secp_r1_statickey_der_256[] =
@@ -6235,7 +6235,7 @@ static const unsigned char ecc_secp_r1_statickey_der_256[] =
         0xB5, 0x1D, 0xCC, 0xBA, 0x3C, 0xED, 0x04, 0xC9, 0xA8, 0x92,
         0x37
 };
-static const int sizeof_ecc_secp_r1_statickey_der_256 = sizeof(ecc_secp_r1_statickey_der_256);
+#define sizeof_ecc_secp_r1_statickey_der_256 (sizeof(ecc_secp_r1_statickey_der_256))
 
 /* ./certs/server-ecc-comp.der, ECC */
 static const unsigned char serv_ecc_comp_der_256[] =
@@ -6331,7 +6331,7 @@ static const unsigned char serv_ecc_comp_der_256[] =
         0x00, 0x03, 0xC1, 0x0C, 0x1F, 0x54, 0xA0, 0xCA, 0x4D, 0x99,
         0x6A
 };
-static const int sizeof_serv_ecc_comp_der_256 = sizeof(serv_ecc_comp_der_256);
+#define sizeof_serv_ecc_comp_der_256 (sizeof(serv_ecc_comp_der_256))
 
 /* ./certs/server-ecc-rsa.der, ECC */
 static const unsigned char serv_ecc_rsa_der_256[] =
@@ -6445,7 +6445,7 @@ static const unsigned char serv_ecc_rsa_der_256[] =
         0x9C, 0x65, 0x96, 0x1A, 0xB3, 0x98, 0x4D, 0x3B, 0xFB, 0xC7
 
 };
-static const int sizeof_serv_ecc_rsa_der_256 = sizeof(serv_ecc_rsa_der_256);
+#define sizeof_serv_ecc_rsa_der_256 (sizeof(serv_ecc_rsa_der_256))
 
 /* ./certs/server-ecc.der, ECC */
 static const unsigned char serv_ecc_der_256[] =
@@ -6519,7 +6519,7 @@ static const unsigned char serv_ecc_der_256[] =
         0x1D, 0xAA, 0x63, 0xDA, 0xFC, 0x97, 0x50, 0x87, 0x92, 0x69,
         0xEE, 0x63, 0x57, 0xB6, 0xEC, 0xE2, 0xE9, 0xFA
 };
-static const int sizeof_serv_ecc_der_256 = sizeof(serv_ecc_der_256);
+#define sizeof_serv_ecc_der_256 (sizeof(serv_ecc_der_256))
 
 /* ./certs/ca-ecc-key.der, ECC */
 static const unsigned char ca_ecc_key_der_256[] =
@@ -6538,7 +6538,7 @@ static const unsigned char ca_ecc_key_der_256[] =
         0x37, 0x44, 0xC1, 0xCB, 0xFC, 0x80, 0xCA, 0xE8, 0x43, 0xEA,
         0xA7
 };
-static const int sizeof_ca_ecc_key_der_256 = sizeof(ca_ecc_key_der_256);
+#define sizeof_ca_ecc_key_der_256 (sizeof(ca_ecc_key_der_256))
 
 /* ./certs/ca-ecc-cert.der, ECC */
 static const unsigned char ca_ecc_cert_der_256[] =
@@ -6611,7 +6611,7 @@ static const unsigned char ca_ecc_cert_der_256[] =
         0x2A, 0x7D, 0x59, 0xA8, 0xDE, 0xE7, 0x0A, 0x11, 0x83, 0x4F,
         0x92, 0x77, 0x8D, 0x92, 0x3B
 };
-static const int sizeof_ca_ecc_cert_der_256 = sizeof(ca_ecc_cert_der_256);
+#define sizeof_ca_ecc_cert_der_256 (sizeof(ca_ecc_cert_der_256))
 
 /* ./certs/ca-ecc384-key.der, ECC */
 static const unsigned char ca_ecc_key_der_384[] =
@@ -6634,7 +6634,7 @@ static const unsigned char ca_ecc_key_der_384[] =
         0x83, 0xBD, 0x93, 0x3F, 0x5F, 0x50, 0x2D, 0x70, 0x3F, 0xDE,
         0x35, 0x25, 0xE1, 0x90, 0x3B, 0x86, 0xE0
 };
-static const int sizeof_ca_ecc_key_der_384 = sizeof(ca_ecc_key_der_384);
+#define sizeof_ca_ecc_key_der_384 (sizeof(ca_ecc_key_der_384))
 
 /* ./certs/ca-ecc384-cert.der, ECC */
 static const unsigned char ca_ecc_cert_der_384[] =
@@ -6713,7 +6713,7 @@ static const unsigned char ca_ecc_cert_der_384[] =
         0x27, 0x6D, 0x60, 0xED, 0xA2, 0x9F, 0x9F, 0x7E, 0x66, 0x43,
         0xF9, 0x15, 0x1D, 0x65, 0x5D, 0x49
 };
-static const int sizeof_ca_ecc_cert_der_384 = sizeof(ca_ecc_cert_der_384);
+#define sizeof_ca_ecc_cert_der_384 (sizeof(ca_ecc_cert_der_384))
 
 #endif /* HAVE_ECC && USE_CERT_BUFFERS_256 */
 
@@ -6849,7 +6849,7 @@ static const unsigned char server_ed25519_cert[] =
         0x25, 0x92, 0xAC, 0xA8, 0x6C, 0xDE, 0xDF, 0x1D, 0xEB, 0x64,
         0xE4, 0x8A, 0x06
 };
-static const int sizeof_server_ed25519_cert = sizeof(server_ed25519_cert);
+#define sizeof_server_ed25519_cert (sizeof(server_ed25519_cert))
 
 /* ./certs/ed25519/server-ed25519-key.der, ED25519 */
 static const unsigned char server_ed25519_key[] =
@@ -6860,7 +6860,7 @@ static const unsigned char server_ed25519_key[] =
         0x2F, 0xD2, 0x5B, 0x1A, 0x10, 0x05, 0xEF, 0x5A, 0x41, 0x25,
         0xCE, 0x1B, 0x53, 0x78
 };
-static const int sizeof_server_ed25519_key = sizeof(server_ed25519_key);
+#define sizeof_server_ed25519_key (sizeof(server_ed25519_key))
 
 /* ./certs/ed25519/ca-ed25519.der, ED25519 */
 static const unsigned char ca_ed25519_cert[] =
@@ -6928,7 +6928,7 @@ static const unsigned char ca_ed25519_cert[] =
         0x4D, 0xB6, 0x0F, 0x42, 0x9E, 0x51, 0xF7, 0xDB, 0xA7, 0xBF,
         0x16, 0x23, 0xC4, 0xBD, 0x7D, 0xC9, 0x03
 };
-static const int sizeof_ca_ed25519_cert = sizeof(ca_ed25519_cert);
+#define sizeof_ca_ed25519_cert (sizeof(ca_ed25519_cert))
 
 /* ./certs/ed25519/client-ed25519.der, ED25519 */
 static const unsigned char client_ed25519_cert[] =
@@ -7028,7 +7028,7 @@ static const unsigned char client_ed25519_cert[] =
         0x92, 0xE3, 0x21, 0x58, 0xD1, 0x3E, 0x8A, 0x71, 0x91, 0x2D,
         0x0E
 };
-static const int sizeof_client_ed25519_cert = sizeof(client_ed25519_cert);
+#define sizeof_client_ed25519_cert (sizeof(client_ed25519_cert))
 
 /* ./certs/ed25519/client-ed25519-key.der, ED25519 */
 static const unsigned char client_ed25519_key[] =
@@ -7039,7 +7039,7 @@ static const unsigned char client_ed25519_key[] =
         0xEB, 0x02, 0x09, 0xA3, 0x99, 0xF5, 0x6E, 0xBF, 0x9D, 0x3C,
         0xFE, 0x54, 0x39, 0xE6
 };
-static const int sizeof_client_ed25519_key = sizeof(client_ed25519_key);
+#define sizeof_client_ed25519_key (sizeof(client_ed25519_key))
 
 #endif /* HAVE_ED25519 */
 
@@ -7054,7 +7054,7 @@ static const unsigned char x25519_statickey_der[] =
         0xEF, 0xC1, 0x89, 0x8C, 0xB3, 0x15, 0xC6, 0x79, 0xD3, 0xAC,
         0x22, 0x00, 0xAE, 0xFA, 0xB3, 0xB7, 0x0F, 0x78
 };
-static const int sizeof_x25519_statickey_der = sizeof(x25519_statickey_der);
+#define sizeof_x25519_statickey_der (sizeof(x25519_statickey_der))
 
 /* ./certs/statickeys/x25519-pub.der, CURVE25519 */
 static const unsigned char x25519_pub_statickey_der[] =
@@ -7065,7 +7065,7 @@ static const unsigned char x25519_pub_statickey_der[] =
         0xF0, 0x99, 0x39, 0x98, 0xEA, 0x26, 0xA2, 0x5B, 0x38, 0xFD,
         0x96, 0xDB, 0x2A, 0x26
 };
-static const int sizeof_x25519_pub_statickey_der = sizeof(x25519_pub_statickey_der);
+#define sizeof_x25519_pub_statickey_der (sizeof(x25519_pub_statickey_der))
 
 #endif /* USE_CERT_BUFFERS_25519 */
 
diff --git a/wolfssl/certs_test_sm.h b/wolfssl/certs_test_sm.h
new file mode 100644
index 000000000..b11c222ab
--- /dev/null
+++ b/wolfssl/certs_test_sm.h
@@ -0,0 +1,2913 @@
+/* certs_test_sm.h */
+/* This file was generated using: ./gencertbuf.pl */
+
+#ifndef WOLFSSL_CERTS_TEST_SM_H
+#define WOLFSSL_CERTS_TEST_SM_H
+
+#if defined(WOLFSSL_SM2) || defined(WOLFSSL_SM3) || defined(WOLFSSL_SM4)
+
+    /* DER Certs Begin */
+
+/* ./certs/sm2/ca-sm2.der */
+static const unsigned char ca_sm2_der[] =
+{
+        0x30, 0x82, 0x02, 0x96, 0x30, 0x82, 0x02, 0x3C, 0xA0, 0x03,
+        0x02, 0x01, 0x02, 0x02, 0x01, 0x01, 0x30, 0x0A, 0x06, 0x08,
+        0x2A, 0x81, 0x1C, 0xCF, 0x55, 0x01, 0x83, 0x75, 0x30, 0x81,
+        0x95, 0x31, 0x0B, 0x30, 0x09, 0x06, 0x03, 0x55, 0x04, 0x06,
+        0x13, 0x02, 0x55, 0x53, 0x31, 0x10, 0x30, 0x0E, 0x06, 0x03,
+        0x55, 0x04, 0x08, 0x0C, 0x07, 0x4D, 0x6F, 0x6E, 0x74, 0x61,
+        0x6E, 0x61, 0x31, 0x10, 0x30, 0x0E, 0x06, 0x03, 0x55, 0x04,
+        0x07, 0x0C, 0x07, 0x42, 0x6F, 0x7A, 0x65, 0x6D, 0x61, 0x6E,
+        0x31, 0x14, 0x30, 0x12, 0x06, 0x03, 0x55, 0x04, 0x0A, 0x0C,
+        0x0B, 0x77, 0x6F, 0x6C, 0x66, 0x53, 0x53, 0x4C, 0x5F, 0x53,
+        0x4D, 0x32, 0x31, 0x11, 0x30, 0x0F, 0x06, 0x03, 0x55, 0x04,
+        0x0B, 0x0C, 0x08, 0x52, 0x6F, 0x6F, 0x74, 0x2D, 0x53, 0x4D,
+        0x32, 0x31, 0x18, 0x30, 0x16, 0x06, 0x03, 0x55, 0x04, 0x03,
+        0x0C, 0x0F, 0x77, 0x77, 0x77, 0x2E, 0x77, 0x6F, 0x6C, 0x66,
+        0x73, 0x73, 0x6C, 0x2E, 0x63, 0x6F, 0x6D, 0x31, 0x1F, 0x30,
+        0x1D, 0x06, 0x09, 0x2A, 0x86, 0x48, 0x86, 0xF7, 0x0D, 0x01,
+        0x09, 0x01, 0x16, 0x10, 0x69, 0x6E, 0x66, 0x6F, 0x40, 0x77,
+        0x6F, 0x6C, 0x66, 0x73, 0x73, 0x6C, 0x2E, 0x63, 0x6F, 0x6D,
+        0x30, 0x1E, 0x17, 0x0D, 0x32, 0x33, 0x30, 0x32, 0x31, 0x35,
+        0x30, 0x36, 0x32, 0x33, 0x30, 0x37, 0x5A, 0x17, 0x0D, 0x32,
+        0x35, 0x31, 0x31, 0x31, 0x31, 0x30, 0x36, 0x32, 0x33, 0x30,
+        0x37, 0x5A, 0x30, 0x81, 0xAC, 0x31, 0x0B, 0x30, 0x09, 0x06,
+        0x03, 0x55, 0x04, 0x06, 0x13, 0x02, 0x55, 0x53, 0x31, 0x10,
+        0x30, 0x0E, 0x06, 0x03, 0x55, 0x04, 0x08, 0x0C, 0x07, 0x4D,
+        0x6F, 0x6E, 0x74, 0x61, 0x6E, 0x61, 0x31, 0x10, 0x30, 0x0E,
+        0x06, 0x03, 0x55, 0x04, 0x07, 0x0C, 0x07, 0x42, 0x6F, 0x7A,
+        0x65, 0x6D, 0x61, 0x6E, 0x31, 0x14, 0x30, 0x12, 0x06, 0x03,
+        0x55, 0x04, 0x0A, 0x0C, 0x0B, 0x77, 0x6F, 0x6C, 0x66, 0x53,
+        0x53, 0x4C, 0x5F, 0x73, 0x6D, 0x32, 0x31, 0x0F, 0x30, 0x0D,
+        0x06, 0x03, 0x55, 0x04, 0x0B, 0x0C, 0x06, 0x43, 0x41, 0x2D,
+        0x73, 0x6D, 0x32, 0x31, 0x18, 0x30, 0x16, 0x06, 0x03, 0x55,
+        0x04, 0x03, 0x0C, 0x0F, 0x77, 0x77, 0x77, 0x2E, 0x77, 0x6F,
+        0x6C, 0x66, 0x73, 0x73, 0x6C, 0x2E, 0x63, 0x6F, 0x6D, 0x31,
+        0x1F, 0x30, 0x1D, 0x06, 0x09, 0x2A, 0x86, 0x48, 0x86, 0xF7,
+        0x0D, 0x01, 0x09, 0x01, 0x16, 0x10, 0x69, 0x6E, 0x66, 0x6F,
+        0x40, 0x77, 0x6F, 0x6C, 0x66, 0x73, 0x73, 0x6C, 0x2E, 0x63,
+        0x6F, 0x6D, 0x31, 0x17, 0x30, 0x15, 0x06, 0x0A, 0x09, 0x92,
+        0x26, 0x89, 0x93, 0xF2, 0x2C, 0x64, 0x01, 0x01, 0x0C, 0x07,
+        0x77, 0x6F, 0x6C, 0x66, 0x53, 0x53, 0x4C, 0x30, 0x5A, 0x30,
+        0x14, 0x06, 0x08, 0x2A, 0x81, 0x1C, 0xCF, 0x55, 0x01, 0x82,
+        0x2D, 0x06, 0x08, 0x2A, 0x81, 0x1C, 0xCF, 0x55, 0x01, 0x82,
+        0x2D, 0x03, 0x42, 0x00, 0x04, 0x21, 0x92, 0xF7, 0xCB, 0x24,
+        0xDF, 0x64, 0x4D, 0xBA, 0xAB, 0x66, 0x7B, 0x83, 0x75, 0xA9,
+        0x29, 0xE7, 0xFF, 0x64, 0x63, 0xB6, 0xD5, 0x42, 0x80, 0x20,
+        0xBD, 0xE2, 0xE2, 0x02, 0x12, 0x3B, 0x8E, 0xB4, 0x00, 0x95,
+        0x09, 0x80, 0xCB, 0x56, 0xED, 0x4B, 0xCA, 0x8D, 0x57, 0xE6,
+        0xAE, 0x05, 0xD3, 0x76, 0x27, 0x63, 0x71, 0x39, 0x89, 0xB7,
+        0x69, 0xE6, 0x48, 0x80, 0xAE, 0xD1, 0xA9, 0x48, 0x12, 0xA3,
+        0x63, 0x30, 0x61, 0x30, 0x1D, 0x06, 0x03, 0x55, 0x1D, 0x0E,
+        0x04, 0x16, 0x04, 0x14, 0x47, 0x0A, 0x48, 0x7E, 0xBB, 0x02,
+        0xA8, 0x5A, 0x26, 0x57, 0x2B, 0x19, 0xA9, 0x7B, 0x61, 0x8B,
+        0x7F, 0x5D, 0x99, 0x6E, 0x30, 0x1F, 0x06, 0x03, 0x55, 0x1D,
+        0x23, 0x04, 0x18, 0x30, 0x16, 0x80, 0x14, 0x34, 0x1D, 0x79,
+        0x44, 0x15, 0x79, 0xA1, 0xB1, 0x63, 0x99, 0xE3, 0xED, 0x65,
+        0x7C, 0x64, 0x89, 0x80, 0xFF, 0xB8, 0xEC, 0x30, 0x0F, 0x06,
+        0x03, 0x55, 0x1D, 0x13, 0x01, 0x01, 0xFF, 0x04, 0x05, 0x30,
+        0x03, 0x01, 0x01, 0xFF, 0x30, 0x0E, 0x06, 0x03, 0x55, 0x1D,
+        0x0F, 0x01, 0x01, 0xFF, 0x04, 0x04, 0x03, 0x02, 0x01, 0x86,
+        0x30, 0x0A, 0x06, 0x08, 0x2A, 0x81, 0x1C, 0xCF, 0x55, 0x01,
+        0x83, 0x75, 0x03, 0x48, 0x00, 0x30, 0x45, 0x02, 0x20, 0x47,
+        0x4E, 0x00, 0x03, 0xAB, 0x34, 0xA1, 0xAF, 0x59, 0x39, 0x8F,
+        0x60, 0x36, 0xBF, 0x89, 0x88, 0x42, 0x41, 0x27, 0xC1, 0xDD,
+        0x57, 0xC9, 0x79, 0xCB, 0x1F, 0x56, 0x5C, 0x16, 0xB5, 0x28,
+        0xBD, 0x02, 0x21, 0x00, 0x8B, 0x2E, 0x25, 0xEB, 0x21, 0x9B,
+        0xA9, 0x2B, 0xA6, 0x6A, 0x5B, 0xDB, 0xA7, 0xC7, 0x2B, 0x11,
+        0xDF, 0x73, 0x15, 0xAD, 0xE4, 0xC5, 0xC3, 0xC2, 0xF3, 0xB4,
+        0xB4, 0x67, 0xAF, 0xD7, 0x51, 0x1C
+};
+#define sizeof_ca_sm2_der (sizeof(ca_sm2_der))
+
+/* ./certs/sm2/ca-sm2-key.der */
+static const unsigned char ca_sm2_key_der[] =
+{
+        0x30, 0x5A, 0x30, 0x14, 0x06, 0x08, 0x2A, 0x81, 0x1C, 0xCF,
+        0x55, 0x01, 0x82, 0x2D, 0x06, 0x08, 0x2A, 0x81, 0x1C, 0xCF,
+        0x55, 0x01, 0x82, 0x2D, 0x03, 0x42, 0x00, 0x04, 0x21, 0x92,
+        0xF7, 0xCB, 0x24, 0xDF, 0x64, 0x4D, 0xBA, 0xAB, 0x66, 0x7B,
+        0x83, 0x75, 0xA9, 0x29, 0xE7, 0xFF, 0x64, 0x63, 0xB6, 0xD5,
+        0x42, 0x80, 0x20, 0xBD, 0xE2, 0xE2, 0x02, 0x12, 0x3B, 0x8E,
+        0xB4, 0x00, 0x95, 0x09, 0x80, 0xCB, 0x56, 0xED, 0x4B, 0xCA,
+        0x8D, 0x57, 0xE6, 0xAE, 0x05, 0xD3, 0x76, 0x27, 0x63, 0x71,
+        0x39, 0x89, 0xB7, 0x69, 0xE6, 0x48, 0x80, 0xAE, 0xD1, 0xA9,
+        0x48, 0x12
+};
+#define sizeof_ca_sm2_key_der (sizeof(ca_sm2_key_der))
+
+/* ./certs/sm2/ca-sm2-priv.der */
+static const unsigned char ca_sm2_priv_der[] =
+{
+        0x30, 0x77, 0x02, 0x01, 0x01, 0x04, 0x20, 0x8F, 0xB9, 0xB8,
+        0x40, 0x19, 0x0E, 0x21, 0x39, 0xEB, 0xE8, 0x08, 0x7C, 0xFD,
+        0xD8, 0xA1, 0x05, 0x93, 0xA4, 0x35, 0x2C, 0xD1, 0x80, 0xE3,
+        0xBF, 0x7E, 0x48, 0x47, 0xE4, 0x05, 0x0D, 0x09, 0x41, 0xA0,
+        0x0A, 0x06, 0x08, 0x2A, 0x81, 0x1C, 0xCF, 0x55, 0x01, 0x82,
+        0x2D, 0xA1, 0x44, 0x03, 0x42, 0x00, 0x04, 0x21, 0x92, 0xF7,
+        0xCB, 0x24, 0xDF, 0x64, 0x4D, 0xBA, 0xAB, 0x66, 0x7B, 0x83,
+        0x75, 0xA9, 0x29, 0xE7, 0xFF, 0x64, 0x63, 0xB6, 0xD5, 0x42,
+        0x80, 0x20, 0xBD, 0xE2, 0xE2, 0x02, 0x12, 0x3B, 0x8E, 0xB4,
+        0x00, 0x95, 0x09, 0x80, 0xCB, 0x56, 0xED, 0x4B, 0xCA, 0x8D,
+        0x57, 0xE6, 0xAE, 0x05, 0xD3, 0x76, 0x27, 0x63, 0x71, 0x39,
+        0x89, 0xB7, 0x69, 0xE6, 0x48, 0x80, 0xAE, 0xD1, 0xA9, 0x48,
+        0x12
+};
+#define sizeof_ca_sm2_priv_der (sizeof(ca_sm2_priv_der))
+
+/* ./certs/sm2/client-sm2.der */
+static const unsigned char client_sm2_der[] =
+{
+        0x30, 0x82, 0x03, 0xC9, 0x30, 0x82, 0x03, 0x6E, 0xA0, 0x03,
+        0x02, 0x01, 0x02, 0x02, 0x14, 0x60, 0xA0, 0x4A, 0x0B, 0x36,
+        0xEB, 0x7D, 0xE1, 0x3F, 0x74, 0x29, 0xA9, 0x29, 0xB4, 0x05,
+        0x6C, 0x17, 0xF7, 0xA6, 0xD4, 0x30, 0x0A, 0x06, 0x08, 0x2A,
+        0x81, 0x1C, 0xCF, 0x55, 0x01, 0x83, 0x75, 0x30, 0x81, 0xB0,
+        0x31, 0x0B, 0x30, 0x09, 0x06, 0x03, 0x55, 0x04, 0x06, 0x13,
+        0x02, 0x55, 0x53, 0x31, 0x10, 0x30, 0x0E, 0x06, 0x03, 0x55,
+        0x04, 0x08, 0x0C, 0x07, 0x4D, 0x6F, 0x6E, 0x74, 0x61, 0x6E,
+        0x61, 0x31, 0x10, 0x30, 0x0E, 0x06, 0x03, 0x55, 0x04, 0x07,
+        0x0C, 0x07, 0x42, 0x6F, 0x7A, 0x65, 0x6D, 0x61, 0x6E, 0x31,
+        0x14, 0x30, 0x12, 0x06, 0x03, 0x55, 0x04, 0x0A, 0x0C, 0x0B,
+        0x77, 0x6F, 0x6C, 0x66, 0x53, 0x53, 0x4C, 0x5F, 0x73, 0x6D,
+        0x32, 0x31, 0x13, 0x30, 0x11, 0x06, 0x03, 0x55, 0x04, 0x0B,
+        0x0C, 0x0A, 0x43, 0x6C, 0x69, 0x65, 0x6E, 0x74, 0x2D, 0x73,
+        0x6D, 0x32, 0x31, 0x18, 0x30, 0x16, 0x06, 0x03, 0x55, 0x04,
+        0x03, 0x0C, 0x0F, 0x77, 0x77, 0x77, 0x2E, 0x77, 0x6F, 0x6C,
+        0x66, 0x73, 0x73, 0x6C, 0x2E, 0x63, 0x6F, 0x6D, 0x31, 0x1F,
+        0x30, 0x1D, 0x06, 0x09, 0x2A, 0x86, 0x48, 0x86, 0xF7, 0x0D,
+        0x01, 0x09, 0x01, 0x16, 0x10, 0x69, 0x6E, 0x66, 0x6F, 0x40,
+        0x77, 0x6F, 0x6C, 0x66, 0x73, 0x73, 0x6C, 0x2E, 0x63, 0x6F,
+        0x6D, 0x31, 0x17, 0x30, 0x15, 0x06, 0x0A, 0x09, 0x92, 0x26,
+        0x89, 0x93, 0xF2, 0x2C, 0x64, 0x01, 0x01, 0x0C, 0x07, 0x77,
+        0x6F, 0x6C, 0x66, 0x53, 0x53, 0x4C, 0x30, 0x1E, 0x17, 0x0D,
+        0x32, 0x33, 0x30, 0x32, 0x31, 0x35, 0x30, 0x36, 0x32, 0x33,
+        0x30, 0x37, 0x5A, 0x17, 0x0D, 0x32, 0x35, 0x31, 0x31, 0x31,
+        0x31, 0x30, 0x36, 0x32, 0x33, 0x30, 0x37, 0x5A, 0x30, 0x81,
+        0xB0, 0x31, 0x0B, 0x30, 0x09, 0x06, 0x03, 0x55, 0x04, 0x06,
+        0x13, 0x02, 0x55, 0x53, 0x31, 0x10, 0x30, 0x0E, 0x06, 0x03,
+        0x55, 0x04, 0x08, 0x0C, 0x07, 0x4D, 0x6F, 0x6E, 0x74, 0x61,
+        0x6E, 0x61, 0x31, 0x10, 0x30, 0x0E, 0x06, 0x03, 0x55, 0x04,
+        0x07, 0x0C, 0x07, 0x42, 0x6F, 0x7A, 0x65, 0x6D, 0x61, 0x6E,
+        0x31, 0x14, 0x30, 0x12, 0x06, 0x03, 0x55, 0x04, 0x0A, 0x0C,
+        0x0B, 0x77, 0x6F, 0x6C, 0x66, 0x53, 0x53, 0x4C, 0x5F, 0x73,
+        0x6D, 0x32, 0x31, 0x13, 0x30, 0x11, 0x06, 0x03, 0x55, 0x04,
+        0x0B, 0x0C, 0x0A, 0x43, 0x6C, 0x69, 0x65, 0x6E, 0x74, 0x2D,
+        0x73, 0x6D, 0x32, 0x31, 0x18, 0x30, 0x16, 0x06, 0x03, 0x55,
+        0x04, 0x03, 0x0C, 0x0F, 0x77, 0x77, 0x77, 0x2E, 0x77, 0x6F,
+        0x6C, 0x66, 0x73, 0x73, 0x6C, 0x2E, 0x63, 0x6F, 0x6D, 0x31,
+        0x1F, 0x30, 0x1D, 0x06, 0x09, 0x2A, 0x86, 0x48, 0x86, 0xF7,
+        0x0D, 0x01, 0x09, 0x01, 0x16, 0x10, 0x69, 0x6E, 0x66, 0x6F,
+        0x40, 0x77, 0x6F, 0x6C, 0x66, 0x73, 0x73, 0x6C, 0x2E, 0x63,
+        0x6F, 0x6D, 0x31, 0x17, 0x30, 0x15, 0x06, 0x0A, 0x09, 0x92,
+        0x26, 0x89, 0x93, 0xF2, 0x2C, 0x64, 0x01, 0x01, 0x0C, 0x07,
+        0x77, 0x6F, 0x6C, 0x66, 0x53, 0x53, 0x4C, 0x30, 0x5A, 0x30,
+        0x14, 0x06, 0x08, 0x2A, 0x81, 0x1C, 0xCF, 0x55, 0x01, 0x82,
+        0x2D, 0x06, 0x08, 0x2A, 0x81, 0x1C, 0xCF, 0x55, 0x01, 0x82,
+        0x2D, 0x03, 0x42, 0x00, 0x04, 0x3A, 0x1D, 0xE8, 0xCB, 0x4B,
+        0xD3, 0x2E, 0x3F, 0x4B, 0x07, 0x3F, 0xB0, 0x21, 0xFE, 0xC5,
+        0x9E, 0xD9, 0xCA, 0x3A, 0x93, 0x93, 0x95, 0x76, 0x1D, 0x30,
+        0xD9, 0x0B, 0xF5, 0x56, 0xED, 0x19, 0x60, 0xED, 0x01, 0x4C,
+        0xF6, 0x67, 0x1D, 0xF1, 0xAC, 0xA8, 0x74, 0x0D, 0xB2, 0x77,
+        0xC8, 0x49, 0x38, 0xE4, 0xFF, 0x4C, 0xEF, 0x8D, 0x6D, 0x87,
+        0xF6, 0x4E, 0xC7, 0xF8, 0x39, 0x74, 0x70, 0x70, 0xB5, 0xA3,
+        0x82, 0x01, 0x61, 0x30, 0x82, 0x01, 0x5D, 0x30, 0x1D, 0x06,
+        0x03, 0x55, 0x1D, 0x0E, 0x04, 0x16, 0x04, 0x14, 0xE4, 0x21,
+        0xB2, 0xC5, 0xE5, 0xD4, 0x9E, 0x82, 0xCA, 0xF8, 0x67, 0xF2,
+        0x28, 0x99, 0xF6, 0x85, 0xE8, 0xF1, 0x55, 0xEF, 0x30, 0x81,
+        0xF0, 0x06, 0x03, 0x55, 0x1D, 0x23, 0x04, 0x81, 0xE8, 0x30,
+        0x81, 0xE5, 0x80, 0x14, 0xE4, 0x21, 0xB2, 0xC5, 0xE5, 0xD4,
+        0x9E, 0x82, 0xCA, 0xF8, 0x67, 0xF2, 0x28, 0x99, 0xF6, 0x85,
+        0xE8, 0xF1, 0x55, 0xEF, 0xA1, 0x81, 0xB6, 0xA4, 0x81, 0xB3,
+        0x30, 0x81, 0xB0, 0x31, 0x0B, 0x30, 0x09, 0x06, 0x03, 0x55,
+        0x04, 0x06, 0x13, 0x02, 0x55, 0x53, 0x31, 0x10, 0x30, 0x0E,
+        0x06, 0x03, 0x55, 0x04, 0x08, 0x0C, 0x07, 0x4D, 0x6F, 0x6E,
+        0x74, 0x61, 0x6E, 0x61, 0x31, 0x10, 0x30, 0x0E, 0x06, 0x03,
+        0x55, 0x04, 0x07, 0x0C, 0x07, 0x42, 0x6F, 0x7A, 0x65, 0x6D,
+        0x61, 0x6E, 0x31, 0x14, 0x30, 0x12, 0x06, 0x03, 0x55, 0x04,
+        0x0A, 0x0C, 0x0B, 0x77, 0x6F, 0x6C, 0x66, 0x53, 0x53, 0x4C,
+        0x5F, 0x73, 0x6D, 0x32, 0x31, 0x13, 0x30, 0x11, 0x06, 0x03,
+        0x55, 0x04, 0x0B, 0x0C, 0x0A, 0x43, 0x6C, 0x69, 0x65, 0x6E,
+        0x74, 0x2D, 0x73, 0x6D, 0x32, 0x31, 0x18, 0x30, 0x16, 0x06,
+        0x03, 0x55, 0x04, 0x03, 0x0C, 0x0F, 0x77, 0x77, 0x77, 0x2E,
+        0x77, 0x6F, 0x6C, 0x66, 0x73, 0x73, 0x6C, 0x2E, 0x63, 0x6F,
+        0x6D, 0x31, 0x1F, 0x30, 0x1D, 0x06, 0x09, 0x2A, 0x86, 0x48,
+        0x86, 0xF7, 0x0D, 0x01, 0x09, 0x01, 0x16, 0x10, 0x69, 0x6E,
+        0x66, 0x6F, 0x40, 0x77, 0x6F, 0x6C, 0x66, 0x73, 0x73, 0x6C,
+        0x2E, 0x63, 0x6F, 0x6D, 0x31, 0x17, 0x30, 0x15, 0x06, 0x0A,
+        0x09, 0x92, 0x26, 0x89, 0x93, 0xF2, 0x2C, 0x64, 0x01, 0x01,
+        0x0C, 0x07, 0x77, 0x6F, 0x6C, 0x66, 0x53, 0x53, 0x4C, 0x82,
+        0x14, 0x60, 0xA0, 0x4A, 0x0B, 0x36, 0xEB, 0x7D, 0xE1, 0x3F,
+        0x74, 0x29, 0xA9, 0x29, 0xB4, 0x05, 0x6C, 0x17, 0xF7, 0xA6,
+        0xD4, 0x30, 0x0C, 0x06, 0x03, 0x55, 0x1D, 0x13, 0x04, 0x05,
+        0x30, 0x03, 0x01, 0x01, 0xFF, 0x30, 0x1C, 0x06, 0x03, 0x55,
+        0x1D, 0x11, 0x04, 0x15, 0x30, 0x13, 0x82, 0x0B, 0x65, 0x78,
+        0x61, 0x6D, 0x70, 0x6C, 0x65, 0x2E, 0x63, 0x6F, 0x6D, 0x87,
+        0x04, 0x7F, 0x00, 0x00, 0x01, 0x30, 0x1D, 0x06, 0x03, 0x55,
+        0x1D, 0x25, 0x04, 0x16, 0x30, 0x14, 0x06, 0x08, 0x2B, 0x06,
+        0x01, 0x05, 0x05, 0x07, 0x03, 0x01, 0x06, 0x08, 0x2B, 0x06,
+        0x01, 0x05, 0x05, 0x07, 0x03, 0x02, 0x30, 0x0A, 0x06, 0x08,
+        0x2A, 0x81, 0x1C, 0xCF, 0x55, 0x01, 0x83, 0x75, 0x03, 0x49,
+        0x00, 0x30, 0x46, 0x02, 0x21, 0x00, 0x8F, 0xB2, 0xB5, 0x95,
+        0x8F, 0x79, 0xF6, 0x5E, 0x75, 0xE5, 0xC5, 0xE9, 0x9A, 0x12,
+        0xD2, 0x0F, 0x78, 0x9F, 0xC0, 0x1D, 0x8D, 0x1C, 0xBE, 0x6B,
+        0x0C, 0xF1, 0xF5, 0x57, 0x60, 0xDB, 0x91, 0x4F, 0x02, 0x21,
+        0x00, 0x87, 0x5E, 0x7D, 0xE4, 0xD6, 0x3A, 0xBB, 0x7B, 0x98,
+        0x27, 0x85, 0xDE, 0x7A, 0xF0, 0x21, 0xE2, 0x66, 0xA1, 0x9F,
+        0x26, 0xE0, 0xDD, 0x86, 0x23, 0xB4, 0xC8, 0xC0, 0x46, 0x5A,
+        0xF2, 0x49, 0x8D
+};
+#define sizeof_client_sm2_der (sizeof(client_sm2_der))
+
+/* ./certs/sm2/client-sm2-key.der */
+static const unsigned char client_sm2_key_der[] =
+{
+        0x30, 0x5A, 0x30, 0x14, 0x06, 0x08, 0x2A, 0x81, 0x1C, 0xCF,
+        0x55, 0x01, 0x82, 0x2D, 0x06, 0x08, 0x2A, 0x81, 0x1C, 0xCF,
+        0x55, 0x01, 0x82, 0x2D, 0x03, 0x42, 0x00, 0x04, 0x3A, 0x1D,
+        0xE8, 0xCB, 0x4B, 0xD3, 0x2E, 0x3F, 0x4B, 0x07, 0x3F, 0xB0,
+        0x21, 0xFE, 0xC5, 0x9E, 0xD9, 0xCA, 0x3A, 0x93, 0x93, 0x95,
+        0x76, 0x1D, 0x30, 0xD9, 0x0B, 0xF5, 0x56, 0xED, 0x19, 0x60,
+        0xED, 0x01, 0x4C, 0xF6, 0x67, 0x1D, 0xF1, 0xAC, 0xA8, 0x74,
+        0x0D, 0xB2, 0x77, 0xC8, 0x49, 0x38, 0xE4, 0xFF, 0x4C, 0xEF,
+        0x8D, 0x6D, 0x87, 0xF6, 0x4E, 0xC7, 0xF8, 0x39, 0x74, 0x70,
+        0x70, 0xB5
+};
+#define sizeof_client_sm2_key_der (sizeof(client_sm2_key_der))
+
+/* ./certs/sm2/client-sm2-priv.der */
+static const unsigned char client_sm2_priv_der[] =
+{
+        0x30, 0x77, 0x02, 0x01, 0x01, 0x04, 0x20, 0xD0, 0xA2, 0xDF,
+        0x49, 0x7A, 0x2D, 0xDF, 0x02, 0xC9, 0xCE, 0xB7, 0xF2, 0x37,
+        0x02, 0x0D, 0xDD, 0xFC, 0x08, 0xB8, 0xDE, 0x14, 0x93, 0x7A,
+        0x53, 0x26, 0x49, 0xD5, 0xFE, 0x02, 0xD9, 0xF3, 0x71, 0xA0,
+        0x0A, 0x06, 0x08, 0x2A, 0x81, 0x1C, 0xCF, 0x55, 0x01, 0x82,
+        0x2D, 0xA1, 0x44, 0x03, 0x42, 0x00, 0x04, 0x3A, 0x1D, 0xE8,
+        0xCB, 0x4B, 0xD3, 0x2E, 0x3F, 0x4B, 0x07, 0x3F, 0xB0, 0x21,
+        0xFE, 0xC5, 0x9E, 0xD9, 0xCA, 0x3A, 0x93, 0x93, 0x95, 0x76,
+        0x1D, 0x30, 0xD9, 0x0B, 0xF5, 0x56, 0xED, 0x19, 0x60, 0xED,
+        0x01, 0x4C, 0xF6, 0x67, 0x1D, 0xF1, 0xAC, 0xA8, 0x74, 0x0D,
+        0xB2, 0x77, 0xC8, 0x49, 0x38, 0xE4, 0xFF, 0x4C, 0xEF, 0x8D,
+        0x6D, 0x87, 0xF6, 0x4E, 0xC7, 0xF8, 0x39, 0x74, 0x70, 0x70,
+        0xB5
+};
+#define sizeof_client_sm2_priv_der (sizeof(client_sm2_priv_der))
+
+/* ./certs/sm2/root-sm2.der */
+static const unsigned char root_sm2_der[] =
+{
+        0x30, 0x82, 0x02, 0x91, 0x30, 0x82, 0x02, 0x38, 0xA0, 0x03,
+        0x02, 0x01, 0x02, 0x02, 0x14, 0x74, 0x9C, 0xDD, 0xA4, 0xB2,
+        0x67, 0x26, 0x57, 0x29, 0xFB, 0xE9, 0x13, 0x54, 0xE0, 0x34,
+        0x08, 0x03, 0x2B, 0x70, 0xA9, 0x30, 0x0A, 0x06, 0x08, 0x2A,
+        0x81, 0x1C, 0xCF, 0x55, 0x01, 0x83, 0x75, 0x30, 0x81, 0x95,
+        0x31, 0x0B, 0x30, 0x09, 0x06, 0x03, 0x55, 0x04, 0x06, 0x13,
+        0x02, 0x55, 0x53, 0x31, 0x10, 0x30, 0x0E, 0x06, 0x03, 0x55,
+        0x04, 0x08, 0x0C, 0x07, 0x4D, 0x6F, 0x6E, 0x74, 0x61, 0x6E,
+        0x61, 0x31, 0x10, 0x30, 0x0E, 0x06, 0x03, 0x55, 0x04, 0x07,
+        0x0C, 0x07, 0x42, 0x6F, 0x7A, 0x65, 0x6D, 0x61, 0x6E, 0x31,
+        0x14, 0x30, 0x12, 0x06, 0x03, 0x55, 0x04, 0x0A, 0x0C, 0x0B,
+        0x77, 0x6F, 0x6C, 0x66, 0x53, 0x53, 0x4C, 0x5F, 0x53, 0x4D,
+        0x32, 0x31, 0x11, 0x30, 0x0F, 0x06, 0x03, 0x55, 0x04, 0x0B,
+        0x0C, 0x08, 0x52, 0x6F, 0x6F, 0x74, 0x2D, 0x53, 0x4D, 0x32,
+        0x31, 0x18, 0x30, 0x16, 0x06, 0x03, 0x55, 0x04, 0x03, 0x0C,
+        0x0F, 0x77, 0x77, 0x77, 0x2E, 0x77, 0x6F, 0x6C, 0x66, 0x73,
+        0x73, 0x6C, 0x2E, 0x63, 0x6F, 0x6D, 0x31, 0x1F, 0x30, 0x1D,
+        0x06, 0x09, 0x2A, 0x86, 0x48, 0x86, 0xF7, 0x0D, 0x01, 0x09,
+        0x01, 0x16, 0x10, 0x69, 0x6E, 0x66, 0x6F, 0x40, 0x77, 0x6F,
+        0x6C, 0x66, 0x73, 0x73, 0x6C, 0x2E, 0x63, 0x6F, 0x6D, 0x30,
+        0x1E, 0x17, 0x0D, 0x32, 0x33, 0x30, 0x32, 0x31, 0x35, 0x30,
+        0x36, 0x32, 0x33, 0x30, 0x37, 0x5A, 0x17, 0x0D, 0x32, 0x35,
+        0x31, 0x31, 0x31, 0x31, 0x30, 0x36, 0x32, 0x33, 0x30, 0x37,
+        0x5A, 0x30, 0x81, 0x95, 0x31, 0x0B, 0x30, 0x09, 0x06, 0x03,
+        0x55, 0x04, 0x06, 0x13, 0x02, 0x55, 0x53, 0x31, 0x10, 0x30,
+        0x0E, 0x06, 0x03, 0x55, 0x04, 0x08, 0x0C, 0x07, 0x4D, 0x6F,
+        0x6E, 0x74, 0x61, 0x6E, 0x61, 0x31, 0x10, 0x30, 0x0E, 0x06,
+        0x03, 0x55, 0x04, 0x07, 0x0C, 0x07, 0x42, 0x6F, 0x7A, 0x65,
+        0x6D, 0x61, 0x6E, 0x31, 0x14, 0x30, 0x12, 0x06, 0x03, 0x55,
+        0x04, 0x0A, 0x0C, 0x0B, 0x77, 0x6F, 0x6C, 0x66, 0x53, 0x53,
+        0x4C, 0x5F, 0x53, 0x4D, 0x32, 0x31, 0x11, 0x30, 0x0F, 0x06,
+        0x03, 0x55, 0x04, 0x0B, 0x0C, 0x08, 0x52, 0x6F, 0x6F, 0x74,
+        0x2D, 0x53, 0x4D, 0x32, 0x31, 0x18, 0x30, 0x16, 0x06, 0x03,
+        0x55, 0x04, 0x03, 0x0C, 0x0F, 0x77, 0x77, 0x77, 0x2E, 0x77,
+        0x6F, 0x6C, 0x66, 0x73, 0x73, 0x6C, 0x2E, 0x63, 0x6F, 0x6D,
+        0x31, 0x1F, 0x30, 0x1D, 0x06, 0x09, 0x2A, 0x86, 0x48, 0x86,
+        0xF7, 0x0D, 0x01, 0x09, 0x01, 0x16, 0x10, 0x69, 0x6E, 0x66,
+        0x6F, 0x40, 0x77, 0x6F, 0x6C, 0x66, 0x73, 0x73, 0x6C, 0x2E,
+        0x63, 0x6F, 0x6D, 0x30, 0x5A, 0x30, 0x14, 0x06, 0x08, 0x2A,
+        0x81, 0x1C, 0xCF, 0x55, 0x01, 0x82, 0x2D, 0x06, 0x08, 0x2A,
+        0x81, 0x1C, 0xCF, 0x55, 0x01, 0x82, 0x2D, 0x03, 0x42, 0x00,
+        0x04, 0xBB, 0x9C, 0x75, 0x8C, 0xF7, 0x17, 0xF8, 0x48, 0xAB,
+        0xF7, 0xF6, 0xDB, 0x0D, 0x9A, 0x8D, 0x9F, 0xC2, 0xD1, 0x47,
+        0x97, 0x95, 0x0B, 0x4E, 0xE6, 0x57, 0xEC, 0xC5, 0xF8, 0x57,
+        0x54, 0x71, 0x39, 0x3C, 0x79, 0xE1, 0x40, 0x3F, 0xB6, 0x51,
+        0xE9, 0x7C, 0xC7, 0xDA, 0x2D, 0xEF, 0xD2, 0xE8, 0x79, 0x81,
+        0x7B, 0xAB, 0xA3, 0x5F, 0x6B, 0x2A, 0x6C, 0x97, 0x1A, 0x5E,
+        0x8E, 0xD9, 0xD0, 0xCC, 0x04, 0xA3, 0x63, 0x30, 0x61, 0x30,
+        0x1D, 0x06, 0x03, 0x55, 0x1D, 0x0E, 0x04, 0x16, 0x04, 0x14,
+        0x34, 0x1D, 0x79, 0x44, 0x15, 0x79, 0xA1, 0xB1, 0x63, 0x99,
+        0xE3, 0xED, 0x65, 0x7C, 0x64, 0x89, 0x80, 0xFF, 0xB8, 0xEC,
+        0x30, 0x1F, 0x06, 0x03, 0x55, 0x1D, 0x23, 0x04, 0x18, 0x30,
+        0x16, 0x80, 0x14, 0x34, 0x1D, 0x79, 0x44, 0x15, 0x79, 0xA1,
+        0xB1, 0x63, 0x99, 0xE3, 0xED, 0x65, 0x7C, 0x64, 0x89, 0x80,
+        0xFF, 0xB8, 0xEC, 0x30, 0x0F, 0x06, 0x03, 0x55, 0x1D, 0x13,
+        0x01, 0x01, 0xFF, 0x04, 0x05, 0x30, 0x03, 0x01, 0x01, 0xFF,
+        0x30, 0x0E, 0x06, 0x03, 0x55, 0x1D, 0x0F, 0x01, 0x01, 0xFF,
+        0x04, 0x04, 0x03, 0x02, 0x01, 0x86, 0x30, 0x0A, 0x06, 0x08,
+        0x2A, 0x81, 0x1C, 0xCF, 0x55, 0x01, 0x83, 0x75, 0x03, 0x47,
+        0x00, 0x30, 0x44, 0x02, 0x20, 0x03, 0x27, 0x29, 0xF0, 0xEF,
+        0x78, 0x26, 0xA1, 0x1A, 0x6A, 0x1E, 0x88, 0x81, 0xE7, 0x83,
+        0x72, 0x5F, 0x3E, 0xE6, 0x08, 0xE8, 0x14, 0x68, 0xBF, 0x4B,
+        0x0F, 0x68, 0x52, 0x92, 0xAA, 0x8F, 0xA1, 0x02, 0x20, 0x0B,
+        0xFE, 0x1B, 0x14, 0xBA, 0x51, 0x82, 0x65, 0x06, 0xBB, 0x22,
+        0xD8, 0x1A, 0xA7, 0x9F, 0x54, 0x62, 0xEB, 0x8D, 0xB2, 0xD5,
+        0x13, 0xB3, 0xB8, 0xA2, 0xF3, 0x14, 0x44, 0xB2, 0xA0, 0x21,
+        0xD0
+};
+#define sizeof_root_sm2_der (sizeof(root_sm2_der))
+
+/* ./certs/sm2/root-sm2-key.der */
+static const unsigned char root_sm2_key_der[] =
+{
+        0x30, 0x5A, 0x30, 0x14, 0x06, 0x08, 0x2A, 0x81, 0x1C, 0xCF,
+        0x55, 0x01, 0x82, 0x2D, 0x06, 0x08, 0x2A, 0x81, 0x1C, 0xCF,
+        0x55, 0x01, 0x82, 0x2D, 0x03, 0x42, 0x00, 0x04, 0xBB, 0x9C,
+        0x75, 0x8C, 0xF7, 0x17, 0xF8, 0x48, 0xAB, 0xF7, 0xF6, 0xDB,
+        0x0D, 0x9A, 0x8D, 0x9F, 0xC2, 0xD1, 0x47, 0x97, 0x95, 0x0B,
+        0x4E, 0xE6, 0x57, 0xEC, 0xC5, 0xF8, 0x57, 0x54, 0x71, 0x39,
+        0x3C, 0x79, 0xE1, 0x40, 0x3F, 0xB6, 0x51, 0xE9, 0x7C, 0xC7,
+        0xDA, 0x2D, 0xEF, 0xD2, 0xE8, 0x79, 0x81, 0x7B, 0xAB, 0xA3,
+        0x5F, 0x6B, 0x2A, 0x6C, 0x97, 0x1A, 0x5E, 0x8E, 0xD9, 0xD0,
+        0xCC, 0x04
+};
+#define sizeof_root_sm2_key_der (sizeof(root_sm2_key_der))
+
+/* ./certs/sm2/root-sm2-priv.der */
+static const unsigned char root_sm2_priv_der[] =
+{
+        0x30, 0x77, 0x02, 0x01, 0x01, 0x04, 0x20, 0xC6, 0x6B, 0x34,
+        0x4C, 0x33, 0x37, 0x5B, 0x64, 0x16, 0x5A, 0x7F, 0x04, 0xF9,
+        0xFC, 0x87, 0x30, 0xD1, 0x15, 0xBA, 0x58, 0x78, 0xEE, 0x07,
+        0x98, 0x20, 0x26, 0xE1, 0x06, 0x8D, 0x51, 0x8A, 0x28, 0xA0,
+        0x0A, 0x06, 0x08, 0x2A, 0x81, 0x1C, 0xCF, 0x55, 0x01, 0x82,
+        0x2D, 0xA1, 0x44, 0x03, 0x42, 0x00, 0x04, 0xBB, 0x9C, 0x75,
+        0x8C, 0xF7, 0x17, 0xF8, 0x48, 0xAB, 0xF7, 0xF6, 0xDB, 0x0D,
+        0x9A, 0x8D, 0x9F, 0xC2, 0xD1, 0x47, 0x97, 0x95, 0x0B, 0x4E,
+        0xE6, 0x57, 0xEC, 0xC5, 0xF8, 0x57, 0x54, 0x71, 0x39, 0x3C,
+        0x79, 0xE1, 0x40, 0x3F, 0xB6, 0x51, 0xE9, 0x7C, 0xC7, 0xDA,
+        0x2D, 0xEF, 0xD2, 0xE8, 0x79, 0x81, 0x7B, 0xAB, 0xA3, 0x5F,
+        0x6B, 0x2A, 0x6C, 0x97, 0x1A, 0x5E, 0x8E, 0xD9, 0xD0, 0xCC,
+        0x04
+};
+#define sizeof_root_sm2_priv_der (sizeof(root_sm2_priv_der))
+
+/* ./certs/sm2/server-sm2.der */
+static const unsigned char server_sm2_der[] =
+{
+        0x30, 0x82, 0x02, 0xD8, 0x30, 0x82, 0x02, 0x7E, 0xA0, 0x03,
+        0x02, 0x01, 0x02, 0x02, 0x01, 0x01, 0x30, 0x0A, 0x06, 0x08,
+        0x2A, 0x81, 0x1C, 0xCF, 0x55, 0x01, 0x83, 0x75, 0x30, 0x81,
+        0xAC, 0x31, 0x0B, 0x30, 0x09, 0x06, 0x03, 0x55, 0x04, 0x06,
+        0x13, 0x02, 0x55, 0x53, 0x31, 0x10, 0x30, 0x0E, 0x06, 0x03,
+        0x55, 0x04, 0x08, 0x0C, 0x07, 0x4D, 0x6F, 0x6E, 0x74, 0x61,
+        0x6E, 0x61, 0x31, 0x10, 0x30, 0x0E, 0x06, 0x03, 0x55, 0x04,
+        0x07, 0x0C, 0x07, 0x42, 0x6F, 0x7A, 0x65, 0x6D, 0x61, 0x6E,
+        0x31, 0x14, 0x30, 0x12, 0x06, 0x03, 0x55, 0x04, 0x0A, 0x0C,
+        0x0B, 0x77, 0x6F, 0x6C, 0x66, 0x53, 0x53, 0x4C, 0x5F, 0x73,
+        0x6D, 0x32, 0x31, 0x0F, 0x30, 0x0D, 0x06, 0x03, 0x55, 0x04,
+        0x0B, 0x0C, 0x06, 0x43, 0x41, 0x2D, 0x73, 0x6D, 0x32, 0x31,
+        0x18, 0x30, 0x16, 0x06, 0x03, 0x55, 0x04, 0x03, 0x0C, 0x0F,
+        0x77, 0x77, 0x77, 0x2E, 0x77, 0x6F, 0x6C, 0x66, 0x73, 0x73,
+        0x6C, 0x2E, 0x63, 0x6F, 0x6D, 0x31, 0x1F, 0x30, 0x1D, 0x06,
+        0x09, 0x2A, 0x86, 0x48, 0x86, 0xF7, 0x0D, 0x01, 0x09, 0x01,
+        0x16, 0x10, 0x69, 0x6E, 0x66, 0x6F, 0x40, 0x77, 0x6F, 0x6C,
+        0x66, 0x73, 0x73, 0x6C, 0x2E, 0x63, 0x6F, 0x6D, 0x31, 0x17,
+        0x30, 0x15, 0x06, 0x0A, 0x09, 0x92, 0x26, 0x89, 0x93, 0xF2,
+        0x2C, 0x64, 0x01, 0x01, 0x0C, 0x07, 0x77, 0x6F, 0x6C, 0x66,
+        0x53, 0x53, 0x4C, 0x30, 0x1E, 0x17, 0x0D, 0x32, 0x33, 0x30,
+        0x32, 0x31, 0x35, 0x30, 0x36, 0x32, 0x33, 0x30, 0x37, 0x5A,
+        0x17, 0x0D, 0x32, 0x35, 0x31, 0x31, 0x31, 0x31, 0x30, 0x36,
+        0x32, 0x33, 0x30, 0x37, 0x5A, 0x30, 0x81, 0xB0, 0x31, 0x0B,
+        0x30, 0x09, 0x06, 0x03, 0x55, 0x04, 0x06, 0x13, 0x02, 0x55,
+        0x53, 0x31, 0x10, 0x30, 0x0E, 0x06, 0x03, 0x55, 0x04, 0x08,
+        0x0C, 0x07, 0x4D, 0x6F, 0x6E, 0x74, 0x61, 0x6E, 0x61, 0x31,
+        0x10, 0x30, 0x0E, 0x06, 0x03, 0x55, 0x04, 0x07, 0x0C, 0x07,
+        0x42, 0x6F, 0x7A, 0x65, 0x6D, 0x61, 0x6E, 0x31, 0x14, 0x30,
+        0x12, 0x06, 0x03, 0x55, 0x04, 0x0A, 0x0C, 0x0B, 0x77, 0x6F,
+        0x6C, 0x66, 0x53, 0x53, 0x4C, 0x5F, 0x73, 0x6D, 0x32, 0x31,
+        0x13, 0x30, 0x11, 0x06, 0x03, 0x55, 0x04, 0x0B, 0x0C, 0x0A,
+        0x53, 0x65, 0x72, 0x76, 0x65, 0x72, 0x2D, 0x73, 0x6D, 0x32,
+        0x31, 0x18, 0x30, 0x16, 0x06, 0x03, 0x55, 0x04, 0x03, 0x0C,
+        0x0F, 0x77, 0x77, 0x77, 0x2E, 0x77, 0x6F, 0x6C, 0x66, 0x73,
+        0x73, 0x6C, 0x2E, 0x63, 0x6F, 0x6D, 0x31, 0x1F, 0x30, 0x1D,
+        0x06, 0x09, 0x2A, 0x86, 0x48, 0x86, 0xF7, 0x0D, 0x01, 0x09,
+        0x01, 0x16, 0x10, 0x69, 0x6E, 0x66, 0x6F, 0x40, 0x77, 0x6F,
+        0x6C, 0x66, 0x73, 0x73, 0x6C, 0x2E, 0x63, 0x6F, 0x6D, 0x31,
+        0x17, 0x30, 0x15, 0x06, 0x0A, 0x09, 0x92, 0x26, 0x89, 0x93,
+        0xF2, 0x2C, 0x64, 0x01, 0x01, 0x0C, 0x07, 0x77, 0x6F, 0x6C,
+        0x66, 0x53, 0x53, 0x4C, 0x30, 0x5A, 0x30, 0x14, 0x06, 0x08,
+        0x2A, 0x81, 0x1C, 0xCF, 0x55, 0x01, 0x82, 0x2D, 0x06, 0x08,
+        0x2A, 0x81, 0x1C, 0xCF, 0x55, 0x01, 0x82, 0x2D, 0x03, 0x42,
+        0x00, 0x04, 0x94, 0x70, 0x2B, 0x46, 0xE4, 0x5E, 0x0F, 0x41,
+        0xFB, 0x8F, 0x2D, 0x34, 0x0A, 0x41, 0x40, 0x19, 0x5E, 0xFB,
+        0xD4, 0x1D, 0x11, 0xAC, 0xFA, 0xF5, 0x93, 0x37, 0xC6, 0xFA,
+        0x87, 0x08, 0xF7, 0x16, 0x1F, 0x2C, 0xCE, 0x30, 0x40, 0x9D,
+        0x4F, 0xA6, 0x2A, 0x0A, 0xA1, 0xD6, 0x95, 0x33, 0xC3, 0xA6,
+        0x03, 0x98, 0xE6, 0x8D, 0x05, 0x34, 0xB0, 0x97, 0x0C, 0xDE,
+        0xA4, 0xC7, 0xCF, 0x53, 0x8F, 0xD1, 0xA3, 0x81, 0x89, 0x30,
+        0x81, 0x86, 0x30, 0x1D, 0x06, 0x03, 0x55, 0x1D, 0x0E, 0x04,
+        0x16, 0x04, 0x14, 0x67, 0xAE, 0x60, 0xFF, 0x7E, 0x1B, 0x0F,
+        0x95, 0xAE, 0x1F, 0x82, 0x59, 0xF2, 0x6C, 0x56, 0x2D, 0x93,
+        0xEF, 0x17, 0x32, 0x30, 0x1F, 0x06, 0x03, 0x55, 0x1D, 0x23,
+        0x04, 0x18, 0x30, 0x16, 0x80, 0x14, 0x47, 0x0A, 0x48, 0x7E,
+        0xBB, 0x02, 0xA8, 0x5A, 0x26, 0x57, 0x2B, 0x19, 0xA9, 0x7B,
+        0x61, 0x8B, 0x7F, 0x5D, 0x99, 0x6E, 0x30, 0x0C, 0x06, 0x03,
+        0x55, 0x1D, 0x13, 0x01, 0x01, 0xFF, 0x04, 0x02, 0x30, 0x00,
+        0x30, 0x0E, 0x06, 0x03, 0x55, 0x1D, 0x0F, 0x01, 0x01, 0xFF,
+        0x04, 0x04, 0x03, 0x02, 0x03, 0xA8, 0x30, 0x13, 0x06, 0x03,
+        0x55, 0x1D, 0x25, 0x04, 0x0C, 0x30, 0x0A, 0x06, 0x08, 0x2B,
+        0x06, 0x01, 0x05, 0x05, 0x07, 0x03, 0x01, 0x30, 0x11, 0x06,
+        0x09, 0x60, 0x86, 0x48, 0x01, 0x86, 0xF8, 0x42, 0x01, 0x01,
+        0x04, 0x04, 0x03, 0x02, 0x06, 0x40, 0x30, 0x0A, 0x06, 0x08,
+        0x2A, 0x81, 0x1C, 0xCF, 0x55, 0x01, 0x83, 0x75, 0x03, 0x48,
+        0x00, 0x30, 0x45, 0x02, 0x20, 0x1B, 0xCA, 0x94, 0x28, 0x7F,
+        0xF6, 0xB2, 0x0D, 0x31, 0x43, 0x50, 0xE1, 0xD5, 0x34, 0x17,
+        0xDD, 0xAF, 0x3A, 0xDE, 0x81, 0x06, 0x67, 0x9A, 0xB3, 0x06,
+        0x22, 0x7E, 0x64, 0xEC, 0xFD, 0x0E, 0xB9, 0x02, 0x21, 0x00,
+        0xA1, 0x48, 0xA8, 0x32, 0xD1, 0x05, 0x09, 0x6B, 0x1C, 0xEB,
+        0x89, 0x12, 0x66, 0xD8, 0x38, 0xA1, 0xC4, 0x5C, 0x89, 0x09,
+        0x0F, 0xFD, 0xE9, 0xC0, 0x3B, 0x1D, 0xFB, 0xCD, 0xB5, 0x4C,
+        0x31, 0x68
+};
+#define sizeof_server_sm2_der (sizeof(server_sm2_der))
+
+/* ./certs/sm2/server-sm2-cert.der */
+static const unsigned char server_sm2_cert_der[] =
+{
+        0x30, 0x82, 0x02, 0xD8, 0x30, 0x82, 0x02, 0x7E, 0xA0, 0x03,
+        0x02, 0x01, 0x02, 0x02, 0x01, 0x01, 0x30, 0x0A, 0x06, 0x08,
+        0x2A, 0x81, 0x1C, 0xCF, 0x55, 0x01, 0x83, 0x75, 0x30, 0x81,
+        0xAC, 0x31, 0x0B, 0x30, 0x09, 0x06, 0x03, 0x55, 0x04, 0x06,
+        0x13, 0x02, 0x55, 0x53, 0x31, 0x10, 0x30, 0x0E, 0x06, 0x03,
+        0x55, 0x04, 0x08, 0x0C, 0x07, 0x4D, 0x6F, 0x6E, 0x74, 0x61,
+        0x6E, 0x61, 0x31, 0x10, 0x30, 0x0E, 0x06, 0x03, 0x55, 0x04,
+        0x07, 0x0C, 0x07, 0x42, 0x6F, 0x7A, 0x65, 0x6D, 0x61, 0x6E,
+        0x31, 0x14, 0x30, 0x12, 0x06, 0x03, 0x55, 0x04, 0x0A, 0x0C,
+        0x0B, 0x77, 0x6F, 0x6C, 0x66, 0x53, 0x53, 0x4C, 0x5F, 0x73,
+        0x6D, 0x32, 0x31, 0x0F, 0x30, 0x0D, 0x06, 0x03, 0x55, 0x04,
+        0x0B, 0x0C, 0x06, 0x43, 0x41, 0x2D, 0x73, 0x6D, 0x32, 0x31,
+        0x18, 0x30, 0x16, 0x06, 0x03, 0x55, 0x04, 0x03, 0x0C, 0x0F,
+        0x77, 0x77, 0x77, 0x2E, 0x77, 0x6F, 0x6C, 0x66, 0x73, 0x73,
+        0x6C, 0x2E, 0x63, 0x6F, 0x6D, 0x31, 0x1F, 0x30, 0x1D, 0x06,
+        0x09, 0x2A, 0x86, 0x48, 0x86, 0xF7, 0x0D, 0x01, 0x09, 0x01,
+        0x16, 0x10, 0x69, 0x6E, 0x66, 0x6F, 0x40, 0x77, 0x6F, 0x6C,
+        0x66, 0x73, 0x73, 0x6C, 0x2E, 0x63, 0x6F, 0x6D, 0x31, 0x17,
+        0x30, 0x15, 0x06, 0x0A, 0x09, 0x92, 0x26, 0x89, 0x93, 0xF2,
+        0x2C, 0x64, 0x01, 0x01, 0x0C, 0x07, 0x77, 0x6F, 0x6C, 0x66,
+        0x53, 0x53, 0x4C, 0x30, 0x1E, 0x17, 0x0D, 0x32, 0x33, 0x30,
+        0x32, 0x31, 0x35, 0x30, 0x36, 0x32, 0x33, 0x30, 0x37, 0x5A,
+        0x17, 0x0D, 0x32, 0x35, 0x31, 0x31, 0x31, 0x31, 0x30, 0x36,
+        0x32, 0x33, 0x30, 0x37, 0x5A, 0x30, 0x81, 0xB0, 0x31, 0x0B,
+        0x30, 0x09, 0x06, 0x03, 0x55, 0x04, 0x06, 0x13, 0x02, 0x55,
+        0x53, 0x31, 0x10, 0x30, 0x0E, 0x06, 0x03, 0x55, 0x04, 0x08,
+        0x0C, 0x07, 0x4D, 0x6F, 0x6E, 0x74, 0x61, 0x6E, 0x61, 0x31,
+        0x10, 0x30, 0x0E, 0x06, 0x03, 0x55, 0x04, 0x07, 0x0C, 0x07,
+        0x42, 0x6F, 0x7A, 0x65, 0x6D, 0x61, 0x6E, 0x31, 0x14, 0x30,
+        0x12, 0x06, 0x03, 0x55, 0x04, 0x0A, 0x0C, 0x0B, 0x77, 0x6F,
+        0x6C, 0x66, 0x53, 0x53, 0x4C, 0x5F, 0x73, 0x6D, 0x32, 0x31,
+        0x13, 0x30, 0x11, 0x06, 0x03, 0x55, 0x04, 0x0B, 0x0C, 0x0A,
+        0x53, 0x65, 0x72, 0x76, 0x65, 0x72, 0x2D, 0x73, 0x6D, 0x32,
+        0x31, 0x18, 0x30, 0x16, 0x06, 0x03, 0x55, 0x04, 0x03, 0x0C,
+        0x0F, 0x77, 0x77, 0x77, 0x2E, 0x77, 0x6F, 0x6C, 0x66, 0x73,
+        0x73, 0x6C, 0x2E, 0x63, 0x6F, 0x6D, 0x31, 0x1F, 0x30, 0x1D,
+        0x06, 0x09, 0x2A, 0x86, 0x48, 0x86, 0xF7, 0x0D, 0x01, 0x09,
+        0x01, 0x16, 0x10, 0x69, 0x6E, 0x66, 0x6F, 0x40, 0x77, 0x6F,
+        0x6C, 0x66, 0x73, 0x73, 0x6C, 0x2E, 0x63, 0x6F, 0x6D, 0x31,
+        0x17, 0x30, 0x15, 0x06, 0x0A, 0x09, 0x92, 0x26, 0x89, 0x93,
+        0xF2, 0x2C, 0x64, 0x01, 0x01, 0x0C, 0x07, 0x77, 0x6F, 0x6C,
+        0x66, 0x53, 0x53, 0x4C, 0x30, 0x5A, 0x30, 0x14, 0x06, 0x08,
+        0x2A, 0x81, 0x1C, 0xCF, 0x55, 0x01, 0x82, 0x2D, 0x06, 0x08,
+        0x2A, 0x81, 0x1C, 0xCF, 0x55, 0x01, 0x82, 0x2D, 0x03, 0x42,
+        0x00, 0x04, 0x94, 0x70, 0x2B, 0x46, 0xE4, 0x5E, 0x0F, 0x41,
+        0xFB, 0x8F, 0x2D, 0x34, 0x0A, 0x41, 0x40, 0x19, 0x5E, 0xFB,
+        0xD4, 0x1D, 0x11, 0xAC, 0xFA, 0xF5, 0x93, 0x37, 0xC6, 0xFA,
+        0x87, 0x08, 0xF7, 0x16, 0x1F, 0x2C, 0xCE, 0x30, 0x40, 0x9D,
+        0x4F, 0xA6, 0x2A, 0x0A, 0xA1, 0xD6, 0x95, 0x33, 0xC3, 0xA6,
+        0x03, 0x98, 0xE6, 0x8D, 0x05, 0x34, 0xB0, 0x97, 0x0C, 0xDE,
+        0xA4, 0xC7, 0xCF, 0x53, 0x8F, 0xD1, 0xA3, 0x81, 0x89, 0x30,
+        0x81, 0x86, 0x30, 0x1D, 0x06, 0x03, 0x55, 0x1D, 0x0E, 0x04,
+        0x16, 0x04, 0x14, 0x67, 0xAE, 0x60, 0xFF, 0x7E, 0x1B, 0x0F,
+        0x95, 0xAE, 0x1F, 0x82, 0x59, 0xF2, 0x6C, 0x56, 0x2D, 0x93,
+        0xEF, 0x17, 0x32, 0x30, 0x1F, 0x06, 0x03, 0x55, 0x1D, 0x23,
+        0x04, 0x18, 0x30, 0x16, 0x80, 0x14, 0x47, 0x0A, 0x48, 0x7E,
+        0xBB, 0x02, 0xA8, 0x5A, 0x26, 0x57, 0x2B, 0x19, 0xA9, 0x7B,
+        0x61, 0x8B, 0x7F, 0x5D, 0x99, 0x6E, 0x30, 0x0C, 0x06, 0x03,
+        0x55, 0x1D, 0x13, 0x01, 0x01, 0xFF, 0x04, 0x02, 0x30, 0x00,
+        0x30, 0x0E, 0x06, 0x03, 0x55, 0x1D, 0x0F, 0x01, 0x01, 0xFF,
+        0x04, 0x04, 0x03, 0x02, 0x03, 0xA8, 0x30, 0x13, 0x06, 0x03,
+        0x55, 0x1D, 0x25, 0x04, 0x0C, 0x30, 0x0A, 0x06, 0x08, 0x2B,
+        0x06, 0x01, 0x05, 0x05, 0x07, 0x03, 0x01, 0x30, 0x11, 0x06,
+        0x09, 0x60, 0x86, 0x48, 0x01, 0x86, 0xF8, 0x42, 0x01, 0x01,
+        0x04, 0x04, 0x03, 0x02, 0x06, 0x40, 0x30, 0x0A, 0x06, 0x08,
+        0x2A, 0x81, 0x1C, 0xCF, 0x55, 0x01, 0x83, 0x75, 0x03, 0x48,
+        0x00, 0x30, 0x45, 0x02, 0x20, 0x1B, 0xCA, 0x94, 0x28, 0x7F,
+        0xF6, 0xB2, 0x0D, 0x31, 0x43, 0x50, 0xE1, 0xD5, 0x34, 0x17,
+        0xDD, 0xAF, 0x3A, 0xDE, 0x81, 0x06, 0x67, 0x9A, 0xB3, 0x06,
+        0x22, 0x7E, 0x64, 0xEC, 0xFD, 0x0E, 0xB9, 0x02, 0x21, 0x00,
+        0xA1, 0x48, 0xA8, 0x32, 0xD1, 0x05, 0x09, 0x6B, 0x1C, 0xEB,
+        0x89, 0x12, 0x66, 0xD8, 0x38, 0xA1, 0xC4, 0x5C, 0x89, 0x09,
+        0x0F, 0xFD, 0xE9, 0xC0, 0x3B, 0x1D, 0xFB, 0xCD, 0xB5, 0x4C,
+        0x31, 0x68
+};
+#define sizeof_server_sm2_cert_der (sizeof(server_sm2_cert_der))
+
+/* ./certs/sm2/server-sm2-key.der */
+static const unsigned char server_sm2_key_der[] =
+{
+        0x30, 0x5A, 0x30, 0x14, 0x06, 0x08, 0x2A, 0x81, 0x1C, 0xCF,
+        0x55, 0x01, 0x82, 0x2D, 0x06, 0x08, 0x2A, 0x81, 0x1C, 0xCF,
+        0x55, 0x01, 0x82, 0x2D, 0x03, 0x42, 0x00, 0x04, 0x94, 0x70,
+        0x2B, 0x46, 0xE4, 0x5E, 0x0F, 0x41, 0xFB, 0x8F, 0x2D, 0x34,
+        0x0A, 0x41, 0x40, 0x19, 0x5E, 0xFB, 0xD4, 0x1D, 0x11, 0xAC,
+        0xFA, 0xF5, 0x93, 0x37, 0xC6, 0xFA, 0x87, 0x08, 0xF7, 0x16,
+        0x1F, 0x2C, 0xCE, 0x30, 0x40, 0x9D, 0x4F, 0xA6, 0x2A, 0x0A,
+        0xA1, 0xD6, 0x95, 0x33, 0xC3, 0xA6, 0x03, 0x98, 0xE6, 0x8D,
+        0x05, 0x34, 0xB0, 0x97, 0x0C, 0xDE, 0xA4, 0xC7, 0xCF, 0x53,
+        0x8F, 0xD1
+};
+#define sizeof_server_sm2_key_der (sizeof(server_sm2_key_der))
+
+/* ./certs/sm2/server-sm2-priv.der */
+static const unsigned char server_sm2_priv_der[] =
+{
+        0x30, 0x77, 0x02, 0x01, 0x01, 0x04, 0x20, 0xD7, 0x33, 0xC1,
+        0xA1, 0x71, 0x98, 0xDA, 0x43, 0x81, 0x0D, 0x70, 0x42, 0x88,
+        0x63, 0xD0, 0x4C, 0x7E, 0x0F, 0x8A, 0x9B, 0x2D, 0xDA, 0x15,
+        0xAA, 0x0E, 0x5A, 0xFA, 0xED, 0x77, 0x3A, 0x43, 0xA8, 0xA0,
+        0x0A, 0x06, 0x08, 0x2A, 0x81, 0x1C, 0xCF, 0x55, 0x01, 0x82,
+        0x2D, 0xA1, 0x44, 0x03, 0x42, 0x00, 0x04, 0x94, 0x70, 0x2B,
+        0x46, 0xE4, 0x5E, 0x0F, 0x41, 0xFB, 0x8F, 0x2D, 0x34, 0x0A,
+        0x41, 0x40, 0x19, 0x5E, 0xFB, 0xD4, 0x1D, 0x11, 0xAC, 0xFA,
+        0xF5, 0x93, 0x37, 0xC6, 0xFA, 0x87, 0x08, 0xF7, 0x16, 0x1F,
+        0x2C, 0xCE, 0x30, 0x40, 0x9D, 0x4F, 0xA6, 0x2A, 0x0A, 0xA1,
+        0xD6, 0x95, 0x33, 0xC3, 0xA6, 0x03, 0x98, 0xE6, 0x8D, 0x05,
+        0x34, 0xB0, 0x97, 0x0C, 0xDE, 0xA4, 0xC7, 0xCF, 0x53, 0x8F,
+        0xD1
+};
+#define sizeof_server_sm2_priv_der (sizeof(server_sm2_priv_der))
+
+    /* DER Certs End */
+
+#ifdef WOLFSSL_NO_PEM
+
+    /* SM PEM Certs disabled */
+
+#else
+
+/* ./certs/sm2/ca-sm2.pem */
+static const unsigned char ca_sm2[] =
+{
+        0x43, 0x65, 0x72, 0x74, 0x69, 0x66, 0x69, 0x63, 0x61, 0x74,
+        0x65, 0x3A, 0x0A, 0x20, 0x20, 0x20, 0x20, 0x44, 0x61, 0x74,
+        0x61, 0x3A, 0x0A, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20,
+        0x20, 0x56, 0x65, 0x72, 0x73, 0x69, 0x6F, 0x6E, 0x3A, 0x20,
+        0x33, 0x20, 0x28, 0x30, 0x78, 0x32, 0x29, 0x0A, 0x20, 0x20,
+        0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x53, 0x65, 0x72, 0x69,
+        0x61, 0x6C, 0x20, 0x4E, 0x75, 0x6D, 0x62, 0x65, 0x72, 0x3A,
+        0x20, 0x31, 0x20, 0x28, 0x30, 0x78, 0x31, 0x29, 0x0A, 0x20,
+        0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x53, 0x69, 0x67,
+        0x6E, 0x61, 0x74, 0x75, 0x72, 0x65, 0x20, 0x41, 0x6C, 0x67,
+        0x6F, 0x72, 0x69, 0x74, 0x68, 0x6D, 0x3A, 0x20, 0x53, 0x4D,
+        0x32, 0x2D, 0x77, 0x69, 0x74, 0x68, 0x2D, 0x53, 0x4D, 0x33,
+        0x0A, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x49,
+        0x73, 0x73, 0x75, 0x65, 0x72, 0x3A, 0x20, 0x43, 0x20, 0x3D,
+        0x20, 0x55, 0x53, 0x2C, 0x20, 0x53, 0x54, 0x20, 0x3D, 0x20,
+        0x4D, 0x6F, 0x6E, 0x74, 0x61, 0x6E, 0x61, 0x2C, 0x20, 0x4C,
+        0x20, 0x3D, 0x20, 0x42, 0x6F, 0x7A, 0x65, 0x6D, 0x61, 0x6E,
+        0x2C, 0x20, 0x4F, 0x20, 0x3D, 0x20, 0x77, 0x6F, 0x6C, 0x66,
+        0x53, 0x53, 0x4C, 0x5F, 0x53, 0x4D, 0x32, 0x2C, 0x20, 0x4F,
+        0x55, 0x20, 0x3D, 0x20, 0x52, 0x6F, 0x6F, 0x74, 0x2D, 0x53,
+        0x4D, 0x32, 0x2C, 0x20, 0x43, 0x4E, 0x20, 0x3D, 0x20, 0x77,
+        0x77, 0x77, 0x2E, 0x77, 0x6F, 0x6C, 0x66, 0x73, 0x73, 0x6C,
+        0x2E, 0x63, 0x6F, 0x6D, 0x2C, 0x20, 0x65, 0x6D, 0x61, 0x69,
+        0x6C, 0x41, 0x64, 0x64, 0x72, 0x65, 0x73, 0x73, 0x20, 0x3D,
+        0x20, 0x69, 0x6E, 0x66, 0x6F, 0x40, 0x77, 0x6F, 0x6C, 0x66,
+        0x73, 0x73, 0x6C, 0x2E, 0x63, 0x6F, 0x6D, 0x0A, 0x20, 0x20,
+        0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x56, 0x61, 0x6C, 0x69,
+        0x64, 0x69, 0x74, 0x79, 0x0A, 0x20, 0x20, 0x20, 0x20, 0x20,
+        0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x4E, 0x6F, 0x74,
+        0x20, 0x42, 0x65, 0x66, 0x6F, 0x72, 0x65, 0x3A, 0x20, 0x46,
+        0x65, 0x62, 0x20, 0x31, 0x35, 0x20, 0x30, 0x36, 0x3A, 0x32,
+        0x33, 0x3A, 0x30, 0x37, 0x20, 0x32, 0x30, 0x32, 0x33, 0x20,
+        0x47, 0x4D, 0x54, 0x0A, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20,
+        0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x4E, 0x6F, 0x74, 0x20,
+        0x41, 0x66, 0x74, 0x65, 0x72, 0x20, 0x3A, 0x20, 0x4E, 0x6F,
+        0x76, 0x20, 0x31, 0x31, 0x20, 0x30, 0x36, 0x3A, 0x32, 0x33,
+        0x3A, 0x30, 0x37, 0x20, 0x32, 0x30, 0x32, 0x35, 0x20, 0x47,
+        0x4D, 0x54, 0x0A, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20,
+        0x20, 0x53, 0x75, 0x62, 0x6A, 0x65, 0x63, 0x74, 0x3A, 0x20,
+        0x43, 0x20, 0x3D, 0x20, 0x55, 0x53, 0x2C, 0x20, 0x53, 0x54,
+        0x20, 0x3D, 0x20, 0x4D, 0x6F, 0x6E, 0x74, 0x61, 0x6E, 0x61,
+        0x2C, 0x20, 0x4C, 0x20, 0x3D, 0x20, 0x42, 0x6F, 0x7A, 0x65,
+        0x6D, 0x61, 0x6E, 0x2C, 0x20, 0x4F, 0x20, 0x3D, 0x20, 0x77,
+        0x6F, 0x6C, 0x66, 0x53, 0x53, 0x4C, 0x5F, 0x73, 0x6D, 0x32,
+        0x2C, 0x20, 0x4F, 0x55, 0x20, 0x3D, 0x20, 0x43, 0x41, 0x2D,
+        0x73, 0x6D, 0x32, 0x2C, 0x20, 0x43, 0x4E, 0x20, 0x3D, 0x20,
+        0x77, 0x77, 0x77, 0x2E, 0x77, 0x6F, 0x6C, 0x66, 0x73, 0x73,
+        0x6C, 0x2E, 0x63, 0x6F, 0x6D, 0x2C, 0x20, 0x65, 0x6D, 0x61,
+        0x69, 0x6C, 0x41, 0x64, 0x64, 0x72, 0x65, 0x73, 0x73, 0x20,
+        0x3D, 0x20, 0x69, 0x6E, 0x66, 0x6F, 0x40, 0x77, 0x6F, 0x6C,
+        0x66, 0x73, 0x73, 0x6C, 0x2E, 0x63, 0x6F, 0x6D, 0x2C, 0x20,
+        0x55, 0x49, 0x44, 0x20, 0x3D, 0x20, 0x77, 0x6F, 0x6C, 0x66,
+        0x53, 0x53, 0x4C, 0x0A, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20,
+        0x20, 0x20, 0x53, 0x75, 0x62, 0x6A, 0x65, 0x63, 0x74, 0x20,
+        0x50, 0x75, 0x62, 0x6C, 0x69, 0x63, 0x20, 0x4B, 0x65, 0x79,
+        0x20, 0x49, 0x6E, 0x66, 0x6F, 0x3A, 0x0A, 0x20, 0x20, 0x20,
+        0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x50,
+        0x75, 0x62, 0x6C, 0x69, 0x63, 0x20, 0x4B, 0x65, 0x79, 0x20,
+        0x41, 0x6C, 0x67, 0x6F, 0x72, 0x69, 0x74, 0x68, 0x6D, 0x3A,
+        0x20, 0x73, 0x6D, 0x32, 0x0A, 0x20, 0x20, 0x20, 0x20, 0x20,
+        0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20,
+        0x20, 0x50, 0x75, 0x62, 0x6C, 0x69, 0x63, 0x2D, 0x4B, 0x65,
+        0x79, 0x3A, 0x20, 0x28, 0x32, 0x35, 0x36, 0x20, 0x62, 0x69,
+        0x74, 0x29, 0x0A, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20,
+        0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x70,
+        0x75, 0x62, 0x3A, 0x0A, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20,
+        0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20,
+        0x20, 0x20, 0x20, 0x20, 0x30, 0x34, 0x3A, 0x32, 0x31, 0x3A,
+        0x39, 0x32, 0x3A, 0x66, 0x37, 0x3A, 0x63, 0x62, 0x3A, 0x32,
+        0x34, 0x3A, 0x64, 0x66, 0x3A, 0x36, 0x34, 0x3A, 0x34, 0x64,
+        0x3A, 0x62, 0x61, 0x3A, 0x61, 0x62, 0x3A, 0x36, 0x36, 0x3A,
+        0x37, 0x62, 0x3A, 0x38, 0x33, 0x3A, 0x37, 0x35, 0x3A, 0x0A,
+        0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20,
+        0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20,
+        0x61, 0x39, 0x3A, 0x32, 0x39, 0x3A, 0x65, 0x37, 0x3A, 0x66,
+        0x66, 0x3A, 0x36, 0x34, 0x3A, 0x36, 0x33, 0x3A, 0x62, 0x36,
+        0x3A, 0x64, 0x35, 0x3A, 0x34, 0x32, 0x3A, 0x38, 0x30, 0x3A,
+        0x32, 0x30, 0x3A, 0x62, 0x64, 0x3A, 0x65, 0x32, 0x3A, 0x65,
+        0x32, 0x3A, 0x30, 0x32, 0x3A, 0x0A, 0x20, 0x20, 0x20, 0x20,
+        0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20,
+        0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x31, 0x32, 0x3A, 0x33,
+        0x62, 0x3A, 0x38, 0x65, 0x3A, 0x62, 0x34, 0x3A, 0x30, 0x30,
+        0x3A, 0x39, 0x35, 0x3A, 0x30, 0x39, 0x3A, 0x38, 0x30, 0x3A,
+        0x63, 0x62, 0x3A, 0x35, 0x36, 0x3A, 0x65, 0x64, 0x3A, 0x34,
+        0x62, 0x3A, 0x63, 0x61, 0x3A, 0x38, 0x64, 0x3A, 0x35, 0x37,
+        0x3A, 0x0A, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20,
+        0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20,
+        0x20, 0x20, 0x65, 0x36, 0x3A, 0x61, 0x65, 0x3A, 0x30, 0x35,
+        0x3A, 0x64, 0x33, 0x3A, 0x37, 0x36, 0x3A, 0x32, 0x37, 0x3A,
+        0x36, 0x33, 0x3A, 0x37, 0x31, 0x3A, 0x33, 0x39, 0x3A, 0x38,
+        0x39, 0x3A, 0x62, 0x37, 0x3A, 0x36, 0x39, 0x3A, 0x65, 0x36,
+        0x3A, 0x34, 0x38, 0x3A, 0x38, 0x30, 0x3A, 0x0A, 0x20, 0x20,
+        0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20,
+        0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x61, 0x65,
+        0x3A, 0x64, 0x31, 0x3A, 0x61, 0x39, 0x3A, 0x34, 0x38, 0x3A,
+        0x31, 0x32, 0x0A, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20,
+        0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x41,
+        0x53, 0x4E, 0x31, 0x20, 0x4F, 0x49, 0x44, 0x3A, 0x20, 0x53,
+        0x4D, 0x32, 0x0A, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20,
+        0x20, 0x58, 0x35, 0x30, 0x39, 0x76, 0x33, 0x20, 0x65, 0x78,
+        0x74, 0x65, 0x6E, 0x73, 0x69, 0x6F, 0x6E, 0x73, 0x3A, 0x0A,
+        0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20,
+        0x20, 0x20, 0x58, 0x35, 0x30, 0x39, 0x76, 0x33, 0x20, 0x53,
+        0x75, 0x62, 0x6A, 0x65, 0x63, 0x74, 0x20, 0x4B, 0x65, 0x79,
+        0x20, 0x49, 0x64, 0x65, 0x6E, 0x74, 0x69, 0x66, 0x69, 0x65,
+        0x72, 0x3A, 0x20, 0x0A, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20,
+        0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20,
+        0x34, 0x37, 0x3A, 0x30, 0x41, 0x3A, 0x34, 0x38, 0x3A, 0x37,
+        0x45, 0x3A, 0x42, 0x42, 0x3A, 0x30, 0x32, 0x3A, 0x41, 0x38,
+        0x3A, 0x35, 0x41, 0x3A, 0x32, 0x36, 0x3A, 0x35, 0x37, 0x3A,
+        0x32, 0x42, 0x3A, 0x31, 0x39, 0x3A, 0x41, 0x39, 0x3A, 0x37,
+        0x42, 0x3A, 0x36, 0x31, 0x3A, 0x38, 0x42, 0x3A, 0x37, 0x46,
+        0x3A, 0x35, 0x44, 0x3A, 0x39, 0x39, 0x3A, 0x36, 0x45, 0x0A,
+        0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20,
+        0x20, 0x20, 0x58, 0x35, 0x30, 0x39, 0x76, 0x33, 0x20, 0x41,
+        0x75, 0x74, 0x68, 0x6F, 0x72, 0x69, 0x74, 0x79, 0x20, 0x4B,
+        0x65, 0x79, 0x20, 0x49, 0x64, 0x65, 0x6E, 0x74, 0x69, 0x66,
+        0x69, 0x65, 0x72, 0x3A, 0x20, 0x0A, 0x20, 0x20, 0x20, 0x20,
+        0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20,
+        0x20, 0x20, 0x33, 0x34, 0x3A, 0x31, 0x44, 0x3A, 0x37, 0x39,
+        0x3A, 0x34, 0x34, 0x3A, 0x31, 0x35, 0x3A, 0x37, 0x39, 0x3A,
+        0x41, 0x31, 0x3A, 0x42, 0x31, 0x3A, 0x36, 0x33, 0x3A, 0x39,
+        0x39, 0x3A, 0x45, 0x33, 0x3A, 0x45, 0x44, 0x3A, 0x36, 0x35,
+        0x3A, 0x37, 0x43, 0x3A, 0x36, 0x34, 0x3A, 0x38, 0x39, 0x3A,
+        0x38, 0x30, 0x3A, 0x46, 0x46, 0x3A, 0x42, 0x38, 0x3A, 0x45,
+        0x43, 0x0A, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20,
+        0x20, 0x20, 0x20, 0x20, 0x58, 0x35, 0x30, 0x39, 0x76, 0x33,
+        0x20, 0x42, 0x61, 0x73, 0x69, 0x63, 0x20, 0x43, 0x6F, 0x6E,
+        0x73, 0x74, 0x72, 0x61, 0x69, 0x6E, 0x74, 0x73, 0x3A, 0x20,
+        0x63, 0x72, 0x69, 0x74, 0x69, 0x63, 0x61, 0x6C, 0x0A, 0x20,
+        0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20,
+        0x20, 0x20, 0x20, 0x20, 0x20, 0x43, 0x41, 0x3A, 0x54, 0x52,
+        0x55, 0x45, 0x0A, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20,
+        0x20, 0x20, 0x20, 0x20, 0x20, 0x58, 0x35, 0x30, 0x39, 0x76,
+        0x33, 0x20, 0x4B, 0x65, 0x79, 0x20, 0x55, 0x73, 0x61, 0x67,
+        0x65, 0x3A, 0x20, 0x63, 0x72, 0x69, 0x74, 0x69, 0x63, 0x61,
+        0x6C, 0x0A, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20,
+        0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x44, 0x69,
+        0x67, 0x69, 0x74, 0x61, 0x6C, 0x20, 0x53, 0x69, 0x67, 0x6E,
+        0x61, 0x74, 0x75, 0x72, 0x65, 0x2C, 0x20, 0x43, 0x65, 0x72,
+        0x74, 0x69, 0x66, 0x69, 0x63, 0x61, 0x74, 0x65, 0x20, 0x53,
+        0x69, 0x67, 0x6E, 0x2C, 0x20, 0x43, 0x52, 0x4C, 0x20, 0x53,
+        0x69, 0x67, 0x6E, 0x0A, 0x20, 0x20, 0x20, 0x20, 0x53, 0x69,
+        0x67, 0x6E, 0x61, 0x74, 0x75, 0x72, 0x65, 0x20, 0x41, 0x6C,
+        0x67, 0x6F, 0x72, 0x69, 0x74, 0x68, 0x6D, 0x3A, 0x20, 0x53,
+        0x4D, 0x32, 0x2D, 0x77, 0x69, 0x74, 0x68, 0x2D, 0x53, 0x4D,
+        0x33, 0x0A, 0x20, 0x20, 0x20, 0x20, 0x53, 0x69, 0x67, 0x6E,
+        0x61, 0x74, 0x75, 0x72, 0x65, 0x20, 0x56, 0x61, 0x6C, 0x75,
+        0x65, 0x3A, 0x0A, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20,
+        0x20, 0x33, 0x30, 0x3A, 0x34, 0x35, 0x3A, 0x30, 0x32, 0x3A,
+        0x32, 0x30, 0x3A, 0x34, 0x37, 0x3A, 0x34, 0x65, 0x3A, 0x30,
+        0x30, 0x3A, 0x30, 0x33, 0x3A, 0x61, 0x62, 0x3A, 0x33, 0x34,
+        0x3A, 0x61, 0x31, 0x3A, 0x61, 0x66, 0x3A, 0x35, 0x39, 0x3A,
+        0x33, 0x39, 0x3A, 0x38, 0x66, 0x3A, 0x36, 0x30, 0x3A, 0x33,
+        0x36, 0x3A, 0x62, 0x66, 0x3A, 0x0A, 0x20, 0x20, 0x20, 0x20,
+        0x20, 0x20, 0x20, 0x20, 0x38, 0x39, 0x3A, 0x38, 0x38, 0x3A,
+        0x34, 0x32, 0x3A, 0x34, 0x31, 0x3A, 0x32, 0x37, 0x3A, 0x63,
+        0x31, 0x3A, 0x64, 0x64, 0x3A, 0x35, 0x37, 0x3A, 0x63, 0x39,
+        0x3A, 0x37, 0x39, 0x3A, 0x63, 0x62, 0x3A, 0x31, 0x66, 0x3A,
+        0x35, 0x36, 0x3A, 0x35, 0x63, 0x3A, 0x31, 0x36, 0x3A, 0x62,
+        0x35, 0x3A, 0x32, 0x38, 0x3A, 0x62, 0x64, 0x3A, 0x0A, 0x20,
+        0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x30, 0x32, 0x3A,
+        0x32, 0x31, 0x3A, 0x30, 0x30, 0x3A, 0x38, 0x62, 0x3A, 0x32,
+        0x65, 0x3A, 0x32, 0x35, 0x3A, 0x65, 0x62, 0x3A, 0x32, 0x31,
+        0x3A, 0x39, 0x62, 0x3A, 0x61, 0x39, 0x3A, 0x32, 0x62, 0x3A,
+        0x61, 0x36, 0x3A, 0x36, 0x61, 0x3A, 0x35, 0x62, 0x3A, 0x64,
+        0x62, 0x3A, 0x61, 0x37, 0x3A, 0x63, 0x37, 0x3A, 0x32, 0x62,
+        0x3A, 0x0A, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20,
+        0x31, 0x31, 0x3A, 0x64, 0x66, 0x3A, 0x37, 0x33, 0x3A, 0x31,
+        0x35, 0x3A, 0x61, 0x64, 0x3A, 0x65, 0x34, 0x3A, 0x63, 0x35,
+        0x3A, 0x63, 0x33, 0x3A, 0x63, 0x32, 0x3A, 0x66, 0x33, 0x3A,
+        0x62, 0x34, 0x3A, 0x62, 0x34, 0x3A, 0x36, 0x37, 0x3A, 0x61,
+        0x66, 0x3A, 0x64, 0x37, 0x3A, 0x35, 0x31, 0x3A, 0x31, 0x63,
+        0x0A, 0x2D, 0x2D, 0x2D, 0x2D, 0x2D, 0x42, 0x45, 0x47, 0x49,
+        0x4E, 0x20, 0x43, 0x45, 0x52, 0x54, 0x49, 0x46, 0x49, 0x43,
+        0x41, 0x54, 0x45, 0x2D, 0x2D, 0x2D, 0x2D, 0x2D, 0x0A, 0x4D,
+        0x49, 0x49, 0x43, 0x6C, 0x6A, 0x43, 0x43, 0x41, 0x6A, 0x79,
+        0x67, 0x41, 0x77, 0x49, 0x42, 0x41, 0x67, 0x49, 0x42, 0x41,
+        0x54, 0x41, 0x4B, 0x42, 0x67, 0x67, 0x71, 0x67, 0x52, 0x7A,
+        0x50, 0x56, 0x51, 0x47, 0x44, 0x64, 0x54, 0x43, 0x42, 0x6C,
+        0x54, 0x45, 0x4C, 0x4D, 0x41, 0x6B, 0x47, 0x41, 0x31, 0x55,
+        0x45, 0x42, 0x68, 0x4D, 0x43, 0x56, 0x56, 0x4D, 0x78, 0x45,
+        0x44, 0x41, 0x4F, 0x0A, 0x42, 0x67, 0x4E, 0x56, 0x42, 0x41,
+        0x67, 0x4D, 0x42, 0x30, 0x31, 0x76, 0x62, 0x6E, 0x52, 0x68,
+        0x62, 0x6D, 0x45, 0x78, 0x45, 0x44, 0x41, 0x4F, 0x42, 0x67,
+        0x4E, 0x56, 0x42, 0x41, 0x63, 0x4D, 0x42, 0x30, 0x4A, 0x76,
+        0x65, 0x6D, 0x56, 0x74, 0x59, 0x57, 0x34, 0x78, 0x46, 0x44,
+        0x41, 0x53, 0x42, 0x67, 0x4E, 0x56, 0x42, 0x41, 0x6F, 0x4D,
+        0x43, 0x33, 0x64, 0x76, 0x62, 0x47, 0x5A, 0x54, 0x0A, 0x55,
+        0x30, 0x78, 0x66, 0x55, 0x30, 0x30, 0x79, 0x4D, 0x52, 0x45,
+        0x77, 0x44, 0x77, 0x59, 0x44, 0x56, 0x51, 0x51, 0x4C, 0x44,
+        0x41, 0x68, 0x53, 0x62, 0x32, 0x39, 0x30, 0x4C, 0x56, 0x4E,
+        0x4E, 0x4D, 0x6A, 0x45, 0x59, 0x4D, 0x42, 0x59, 0x47, 0x41,
+        0x31, 0x55, 0x45, 0x41, 0x77, 0x77, 0x50, 0x64, 0x33, 0x64,
+        0x33, 0x4C, 0x6E, 0x64, 0x76, 0x62, 0x47, 0x5A, 0x7A, 0x63,
+        0x32, 0x77, 0x75, 0x0A, 0x59, 0x32, 0x39, 0x74, 0x4D, 0x52,
+        0x38, 0x77, 0x48, 0x51, 0x59, 0x4A, 0x4B, 0x6F, 0x5A, 0x49,
+        0x68, 0x76, 0x63, 0x4E, 0x41, 0x51, 0x6B, 0x42, 0x46, 0x68,
+        0x42, 0x70, 0x62, 0x6D, 0x5A, 0x76, 0x51, 0x48, 0x64, 0x76,
+        0x62, 0x47, 0x5A, 0x7A, 0x63, 0x32, 0x77, 0x75, 0x59, 0x32,
+        0x39, 0x74, 0x4D, 0x42, 0x34, 0x58, 0x44, 0x54, 0x49, 0x7A,
+        0x4D, 0x44, 0x49, 0x78, 0x4E, 0x54, 0x41, 0x32, 0x0A, 0x4D,
+        0x6A, 0x4D, 0x77, 0x4E, 0x31, 0x6F, 0x58, 0x44, 0x54, 0x49,
+        0x31, 0x4D, 0x54, 0x45, 0x78, 0x4D, 0x54, 0x41, 0x32, 0x4D,
+        0x6A, 0x4D, 0x77, 0x4E, 0x31, 0x6F, 0x77, 0x67, 0x61, 0x77,
+        0x78, 0x43, 0x7A, 0x41, 0x4A, 0x42, 0x67, 0x4E, 0x56, 0x42,
+        0x41, 0x59, 0x54, 0x41, 0x6C, 0x56, 0x54, 0x4D, 0x52, 0x41,
+        0x77, 0x44, 0x67, 0x59, 0x44, 0x56, 0x51, 0x51, 0x49, 0x44,
+        0x41, 0x64, 0x4E, 0x0A, 0x62, 0x32, 0x35, 0x30, 0x59, 0x57,
+        0x35, 0x68, 0x4D, 0x52, 0x41, 0x77, 0x44, 0x67, 0x59, 0x44,
+        0x56, 0x51, 0x51, 0x48, 0x44, 0x41, 0x64, 0x43, 0x62, 0x33,
+        0x70, 0x6C, 0x62, 0x57, 0x46, 0x75, 0x4D, 0x52, 0x51, 0x77,
+        0x45, 0x67, 0x59, 0x44, 0x56, 0x51, 0x51, 0x4B, 0x44, 0x41,
+        0x74, 0x33, 0x62, 0x32, 0x78, 0x6D, 0x55, 0x31, 0x4E, 0x4D,
+        0x58, 0x33, 0x4E, 0x74, 0x4D, 0x6A, 0x45, 0x50, 0x0A, 0x4D,
+        0x41, 0x30, 0x47, 0x41, 0x31, 0x55, 0x45, 0x43, 0x77, 0x77,
+        0x47, 0x51, 0x30, 0x45, 0x74, 0x63, 0x32, 0x30, 0x79, 0x4D,
+        0x52, 0x67, 0x77, 0x46, 0x67, 0x59, 0x44, 0x56, 0x51, 0x51,
+        0x44, 0x44, 0x41, 0x39, 0x33, 0x64, 0x33, 0x63, 0x75, 0x64,
+        0x32, 0x39, 0x73, 0x5A, 0x6E, 0x4E, 0x7A, 0x62, 0x43, 0x35,
+        0x6A, 0x62, 0x32, 0x30, 0x78, 0x48, 0x7A, 0x41, 0x64, 0x42,
+        0x67, 0x6B, 0x71, 0x0A, 0x68, 0x6B, 0x69, 0x47, 0x39, 0x77,
+        0x30, 0x42, 0x43, 0x51, 0x45, 0x57, 0x45, 0x47, 0x6C, 0x75,
+        0x5A, 0x6D, 0x39, 0x41, 0x64, 0x32, 0x39, 0x73, 0x5A, 0x6E,
+        0x4E, 0x7A, 0x62, 0x43, 0x35, 0x6A, 0x62, 0x32, 0x30, 0x78,
+        0x46, 0x7A, 0x41, 0x56, 0x42, 0x67, 0x6F, 0x4A, 0x6B, 0x69,
+        0x61, 0x4A, 0x6B, 0x2F, 0x49, 0x73, 0x5A, 0x41, 0x45, 0x42,
+        0x44, 0x41, 0x64, 0x33, 0x62, 0x32, 0x78, 0x6D, 0x0A, 0x55,
+        0x31, 0x4E, 0x4D, 0x4D, 0x46, 0x6F, 0x77, 0x46, 0x41, 0x59,
+        0x49, 0x4B, 0x6F, 0x45, 0x63, 0x7A, 0x31, 0x55, 0x42, 0x67,
+        0x69, 0x30, 0x47, 0x43, 0x43, 0x71, 0x42, 0x48, 0x4D, 0x39,
+        0x56, 0x41, 0x59, 0x49, 0x74, 0x41, 0x30, 0x49, 0x41, 0x42,
+        0x43, 0x47, 0x53, 0x39, 0x38, 0x73, 0x6B, 0x33, 0x32, 0x52,
+        0x4E, 0x75, 0x71, 0x74, 0x6D, 0x65, 0x34, 0x4E, 0x31, 0x71,
+        0x53, 0x6E, 0x6E, 0x0A, 0x2F, 0x32, 0x52, 0x6A, 0x74, 0x74,
+        0x56, 0x43, 0x67, 0x43, 0x43, 0x39, 0x34, 0x75, 0x49, 0x43,
+        0x45, 0x6A, 0x75, 0x4F, 0x74, 0x41, 0x43, 0x56, 0x43, 0x59,
+        0x44, 0x4C, 0x56, 0x75, 0x31, 0x4C, 0x79, 0x6F, 0x31, 0x58,
+        0x35, 0x71, 0x34, 0x46, 0x30, 0x33, 0x59, 0x6E, 0x59, 0x33,
+        0x45, 0x35, 0x69, 0x62, 0x64, 0x70, 0x35, 0x6B, 0x69, 0x41,
+        0x72, 0x74, 0x47, 0x70, 0x53, 0x42, 0x4B, 0x6A, 0x0A, 0x59,
+        0x7A, 0x42, 0x68, 0x4D, 0x42, 0x30, 0x47, 0x41, 0x31, 0x55,
+        0x64, 0x44, 0x67, 0x51, 0x57, 0x42, 0x42, 0x52, 0x48, 0x43,
+        0x6B, 0x68, 0x2B, 0x75, 0x77, 0x4B, 0x6F, 0x57, 0x69, 0x5A,
+        0x58, 0x4B, 0x78, 0x6D, 0x70, 0x65, 0x32, 0x47, 0x4C, 0x66,
+        0x31, 0x32, 0x5A, 0x62, 0x6A, 0x41, 0x66, 0x42, 0x67, 0x4E,
+        0x56, 0x48, 0x53, 0x4D, 0x45, 0x47, 0x44, 0x41, 0x57, 0x67,
+        0x42, 0x51, 0x30, 0x0A, 0x48, 0x58, 0x6C, 0x45, 0x46, 0x58,
+        0x6D, 0x68, 0x73, 0x57, 0x4F, 0x5A, 0x34, 0x2B, 0x31, 0x6C,
+        0x66, 0x47, 0x53, 0x4A, 0x67, 0x50, 0x2B, 0x34, 0x37, 0x44,
+        0x41, 0x50, 0x42, 0x67, 0x4E, 0x56, 0x48, 0x52, 0x4D, 0x42,
+        0x41, 0x66, 0x38, 0x45, 0x42, 0x54, 0x41, 0x44, 0x41, 0x51,
+        0x48, 0x2F, 0x4D, 0x41, 0x34, 0x47, 0x41, 0x31, 0x55, 0x64,
+        0x44, 0x77, 0x45, 0x42, 0x2F, 0x77, 0x51, 0x45, 0x0A, 0x41,
+        0x77, 0x49, 0x42, 0x68, 0x6A, 0x41, 0x4B, 0x42, 0x67, 0x67,
+        0x71, 0x67, 0x52, 0x7A, 0x50, 0x56, 0x51, 0x47, 0x44, 0x64,
+        0x51, 0x4E, 0x49, 0x41, 0x44, 0x42, 0x46, 0x41, 0x69, 0x42,
+        0x48, 0x54, 0x67, 0x41, 0x44, 0x71, 0x7A, 0x53, 0x68, 0x72,
+        0x31, 0x6B, 0x35, 0x6A, 0x32, 0x41, 0x32, 0x76, 0x34, 0x6D,
+        0x49, 0x51, 0x6B, 0x45, 0x6E, 0x77, 0x64, 0x31, 0x58, 0x79,
+        0x58, 0x6E, 0x4C, 0x0A, 0x48, 0x31, 0x5A, 0x63, 0x46, 0x72,
+        0x55, 0x6F, 0x76, 0x51, 0x49, 0x68, 0x41, 0x49, 0x73, 0x75,
+        0x4A, 0x65, 0x73, 0x68, 0x6D, 0x36, 0x6B, 0x72, 0x70, 0x6D,
+        0x70, 0x62, 0x32, 0x36, 0x66, 0x48, 0x4B, 0x78, 0x48, 0x66,
+        0x63, 0x78, 0x57, 0x74, 0x35, 0x4D, 0x58, 0x44, 0x77, 0x76,
+        0x4F, 0x30, 0x74, 0x47, 0x65, 0x76, 0x31, 0x31, 0x45, 0x63,
+        0x0A, 0x2D, 0x2D, 0x2D, 0x2D, 0x2D, 0x45, 0x4E, 0x44, 0x20,
+        0x43, 0x45, 0x52, 0x54, 0x49, 0x46, 0x49, 0x43, 0x41, 0x54,
+        0x45, 0x2D, 0x2D, 0x2D, 0x2D, 0x2D, 0x0A
+};
+#define sizeof_ca_sm2 (sizeof(ca_sm2))
+
+/* ./certs/sm2/ca-sm2-key.pem */
+static const unsigned char ca_sm2_key[] =
+{
+        0x2D, 0x2D, 0x2D, 0x2D, 0x2D, 0x42, 0x45, 0x47, 0x49, 0x4E,
+        0x20, 0x50, 0x55, 0x42, 0x4C, 0x49, 0x43, 0x20, 0x4B, 0x45,
+        0x59, 0x2D, 0x2D, 0x2D, 0x2D, 0x2D, 0x0A, 0x4D, 0x46, 0x6F,
+        0x77, 0x46, 0x41, 0x59, 0x49, 0x4B, 0x6F, 0x45, 0x63, 0x7A,
+        0x31, 0x55, 0x42, 0x67, 0x69, 0x30, 0x47, 0x43, 0x43, 0x71,
+        0x42, 0x48, 0x4D, 0x39, 0x56, 0x41, 0x59, 0x49, 0x74, 0x41,
+        0x30, 0x49, 0x41, 0x42, 0x43, 0x47, 0x53, 0x39, 0x38, 0x73,
+        0x6B, 0x33, 0x32, 0x52, 0x4E, 0x75, 0x71, 0x74, 0x6D, 0x65,
+        0x34, 0x4E, 0x31, 0x71, 0x53, 0x6E, 0x6E, 0x2F, 0x32, 0x52,
+        0x6A, 0x0A, 0x74, 0x74, 0x56, 0x43, 0x67, 0x43, 0x43, 0x39,
+        0x34, 0x75, 0x49, 0x43, 0x45, 0x6A, 0x75, 0x4F, 0x74, 0x41,
+        0x43, 0x56, 0x43, 0x59, 0x44, 0x4C, 0x56, 0x75, 0x31, 0x4C,
+        0x79, 0x6F, 0x31, 0x58, 0x35, 0x71, 0x34, 0x46, 0x30, 0x33,
+        0x59, 0x6E, 0x59, 0x33, 0x45, 0x35, 0x69, 0x62, 0x64, 0x70,
+        0x35, 0x6B, 0x69, 0x41, 0x72, 0x74, 0x47, 0x70, 0x53, 0x42,
+        0x49, 0x3D, 0x0A, 0x2D, 0x2D, 0x2D, 0x2D, 0x2D, 0x45, 0x4E,
+        0x44, 0x20, 0x50, 0x55, 0x42, 0x4C, 0x49, 0x43, 0x20, 0x4B,
+        0x45, 0x59, 0x2D, 0x2D, 0x2D, 0x2D, 0x2D, 0x0A
+};
+#define sizeof_ca_sm2_key (sizeof(ca_sm2_key))
+
+/* ./certs/sm2/ca-sm2-priv.pem */
+static const unsigned char ca_sm2_priv[] =
+{
+        0x2D, 0x2D, 0x2D, 0x2D, 0x2D, 0x42, 0x45, 0x47, 0x49, 0x4E,
+        0x20, 0x50, 0x52, 0x49, 0x56, 0x41, 0x54, 0x45, 0x20, 0x4B,
+        0x45, 0x59, 0x2D, 0x2D, 0x2D, 0x2D, 0x2D, 0x0A, 0x4D, 0x49,
+        0x47, 0x49, 0x41, 0x67, 0x45, 0x41, 0x4D, 0x42, 0x51, 0x47,
+        0x43, 0x43, 0x71, 0x42, 0x48, 0x4D, 0x39, 0x56, 0x41, 0x59,
+        0x49, 0x74, 0x42, 0x67, 0x67, 0x71, 0x67, 0x52, 0x7A, 0x50,
+        0x56, 0x51, 0x47, 0x43, 0x4C, 0x51, 0x52, 0x74, 0x4D, 0x47,
+        0x73, 0x43, 0x41, 0x51, 0x45, 0x45, 0x49, 0x49, 0x2B, 0x35,
+        0x75, 0x45, 0x41, 0x5A, 0x44, 0x69, 0x45, 0x35, 0x36, 0x2B,
+        0x67, 0x49, 0x0A, 0x66, 0x50, 0x33, 0x59, 0x6F, 0x51, 0x57,
+        0x54, 0x70, 0x44, 0x55, 0x73, 0x30, 0x59, 0x44, 0x6A, 0x76,
+        0x33, 0x35, 0x49, 0x52, 0x2B, 0x51, 0x46, 0x44, 0x51, 0x6C,
+        0x42, 0x6F, 0x55, 0x51, 0x44, 0x51, 0x67, 0x41, 0x45, 0x49,
+        0x5A, 0x4C, 0x33, 0x79, 0x79, 0x54, 0x66, 0x5A, 0x45, 0x32,
+        0x36, 0x71, 0x32, 0x5A, 0x37, 0x67, 0x33, 0x57, 0x70, 0x4B,
+        0x65, 0x66, 0x2F, 0x5A, 0x47, 0x4F, 0x32, 0x0A, 0x31, 0x55,
+        0x4B, 0x41, 0x49, 0x4C, 0x33, 0x69, 0x34, 0x67, 0x49, 0x53,
+        0x4F, 0x34, 0x36, 0x30, 0x41, 0x4A, 0x55, 0x4A, 0x67, 0x4D,
+        0x74, 0x57, 0x37, 0x55, 0x76, 0x4B, 0x6A, 0x56, 0x66, 0x6D,
+        0x72, 0x67, 0x58, 0x54, 0x64, 0x69, 0x64, 0x6A, 0x63, 0x54,
+        0x6D, 0x4A, 0x74, 0x32, 0x6E, 0x6D, 0x53, 0x49, 0x43, 0x75,
+        0x30, 0x61, 0x6C, 0x49, 0x45, 0x67, 0x3D, 0x3D, 0x0A, 0x2D,
+        0x2D, 0x2D, 0x2D, 0x2D, 0x45, 0x4E, 0x44, 0x20, 0x50, 0x52,
+        0x49, 0x56, 0x41, 0x54, 0x45, 0x20, 0x4B, 0x45, 0x59, 0x2D,
+        0x2D, 0x2D, 0x2D, 0x2D, 0x0A
+};
+#define sizeof_ca_sm2_priv (sizeof(ca_sm2_priv))
+
+/* ./certs/sm2/client-sm2.pem */
+static const unsigned char client_sm2[] =
+{
+        0x43, 0x65, 0x72, 0x74, 0x69, 0x66, 0x69, 0x63, 0x61, 0x74,
+        0x65, 0x3A, 0x0A, 0x20, 0x20, 0x20, 0x20, 0x44, 0x61, 0x74,
+        0x61, 0x3A, 0x0A, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20,
+        0x20, 0x56, 0x65, 0x72, 0x73, 0x69, 0x6F, 0x6E, 0x3A, 0x20,
+        0x33, 0x20, 0x28, 0x30, 0x78, 0x32, 0x29, 0x0A, 0x20, 0x20,
+        0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x53, 0x65, 0x72, 0x69,
+        0x61, 0x6C, 0x20, 0x4E, 0x75, 0x6D, 0x62, 0x65, 0x72, 0x3A,
+        0x0A, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20,
+        0x20, 0x20, 0x20, 0x36, 0x30, 0x3A, 0x61, 0x30, 0x3A, 0x34,
+        0x61, 0x3A, 0x30, 0x62, 0x3A, 0x33, 0x36, 0x3A, 0x65, 0x62,
+        0x3A, 0x37, 0x64, 0x3A, 0x65, 0x31, 0x3A, 0x33, 0x66, 0x3A,
+        0x37, 0x34, 0x3A, 0x32, 0x39, 0x3A, 0x61, 0x39, 0x3A, 0x32,
+        0x39, 0x3A, 0x62, 0x34, 0x3A, 0x30, 0x35, 0x3A, 0x36, 0x63,
+        0x3A, 0x31, 0x37, 0x3A, 0x66, 0x37, 0x3A, 0x61, 0x36, 0x3A,
+        0x64, 0x34, 0x0A, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20,
+        0x20, 0x53, 0x69, 0x67, 0x6E, 0x61, 0x74, 0x75, 0x72, 0x65,
+        0x20, 0x41, 0x6C, 0x67, 0x6F, 0x72, 0x69, 0x74, 0x68, 0x6D,
+        0x3A, 0x20, 0x53, 0x4D, 0x32, 0x2D, 0x77, 0x69, 0x74, 0x68,
+        0x2D, 0x53, 0x4D, 0x33, 0x0A, 0x20, 0x20, 0x20, 0x20, 0x20,
+        0x20, 0x20, 0x20, 0x49, 0x73, 0x73, 0x75, 0x65, 0x72, 0x3A,
+        0x20, 0x43, 0x20, 0x3D, 0x20, 0x55, 0x53, 0x2C, 0x20, 0x53,
+        0x54, 0x20, 0x3D, 0x20, 0x4D, 0x6F, 0x6E, 0x74, 0x61, 0x6E,
+        0x61, 0x2C, 0x20, 0x4C, 0x20, 0x3D, 0x20, 0x42, 0x6F, 0x7A,
+        0x65, 0x6D, 0x61, 0x6E, 0x2C, 0x20, 0x4F, 0x20, 0x3D, 0x20,
+        0x77, 0x6F, 0x6C, 0x66, 0x53, 0x53, 0x4C, 0x5F, 0x73, 0x6D,
+        0x32, 0x2C, 0x20, 0x4F, 0x55, 0x20, 0x3D, 0x20, 0x43, 0x6C,
+        0x69, 0x65, 0x6E, 0x74, 0x2D, 0x73, 0x6D, 0x32, 0x2C, 0x20,
+        0x43, 0x4E, 0x20, 0x3D, 0x20, 0x77, 0x77, 0x77, 0x2E, 0x77,
+        0x6F, 0x6C, 0x66, 0x73, 0x73, 0x6C, 0x2E, 0x63, 0x6F, 0x6D,
+        0x2C, 0x20, 0x65, 0x6D, 0x61, 0x69, 0x6C, 0x41, 0x64, 0x64,
+        0x72, 0x65, 0x73, 0x73, 0x20, 0x3D, 0x20, 0x69, 0x6E, 0x66,
+        0x6F, 0x40, 0x77, 0x6F, 0x6C, 0x66, 0x73, 0x73, 0x6C, 0x2E,
+        0x63, 0x6F, 0x6D, 0x2C, 0x20, 0x55, 0x49, 0x44, 0x20, 0x3D,
+        0x20, 0x77, 0x6F, 0x6C, 0x66, 0x53, 0x53, 0x4C, 0x0A, 0x20,
+        0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x56, 0x61, 0x6C,
+        0x69, 0x64, 0x69, 0x74, 0x79, 0x0A, 0x20, 0x20, 0x20, 0x20,
+        0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x4E, 0x6F,
+        0x74, 0x20, 0x42, 0x65, 0x66, 0x6F, 0x72, 0x65, 0x3A, 0x20,
+        0x46, 0x65, 0x62, 0x20, 0x31, 0x35, 0x20, 0x30, 0x36, 0x3A,
+        0x32, 0x33, 0x3A, 0x30, 0x37, 0x20, 0x32, 0x30, 0x32, 0x33,
+        0x20, 0x47, 0x4D, 0x54, 0x0A, 0x20, 0x20, 0x20, 0x20, 0x20,
+        0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x4E, 0x6F, 0x74,
+        0x20, 0x41, 0x66, 0x74, 0x65, 0x72, 0x20, 0x3A, 0x20, 0x4E,
+        0x6F, 0x76, 0x20, 0x31, 0x31, 0x20, 0x30, 0x36, 0x3A, 0x32,
+        0x33, 0x3A, 0x30, 0x37, 0x20, 0x32, 0x30, 0x32, 0x35, 0x20,
+        0x47, 0x4D, 0x54, 0x0A, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20,
+        0x20, 0x20, 0x53, 0x75, 0x62, 0x6A, 0x65, 0x63, 0x74, 0x3A,
+        0x20, 0x43, 0x20, 0x3D, 0x20, 0x55, 0x53, 0x2C, 0x20, 0x53,
+        0x54, 0x20, 0x3D, 0x20, 0x4D, 0x6F, 0x6E, 0x74, 0x61, 0x6E,
+        0x61, 0x2C, 0x20, 0x4C, 0x20, 0x3D, 0x20, 0x42, 0x6F, 0x7A,
+        0x65, 0x6D, 0x61, 0x6E, 0x2C, 0x20, 0x4F, 0x20, 0x3D, 0x20,
+        0x77, 0x6F, 0x6C, 0x66, 0x53, 0x53, 0x4C, 0x5F, 0x73, 0x6D,
+        0x32, 0x2C, 0x20, 0x4F, 0x55, 0x20, 0x3D, 0x20, 0x43, 0x6C,
+        0x69, 0x65, 0x6E, 0x74, 0x2D, 0x73, 0x6D, 0x32, 0x2C, 0x20,
+        0x43, 0x4E, 0x20, 0x3D, 0x20, 0x77, 0x77, 0x77, 0x2E, 0x77,
+        0x6F, 0x6C, 0x66, 0x73, 0x73, 0x6C, 0x2E, 0x63, 0x6F, 0x6D,
+        0x2C, 0x20, 0x65, 0x6D, 0x61, 0x69, 0x6C, 0x41, 0x64, 0x64,
+        0x72, 0x65, 0x73, 0x73, 0x20, 0x3D, 0x20, 0x69, 0x6E, 0x66,
+        0x6F, 0x40, 0x77, 0x6F, 0x6C, 0x66, 0x73, 0x73, 0x6C, 0x2E,
+        0x63, 0x6F, 0x6D, 0x2C, 0x20, 0x55, 0x49, 0x44, 0x20, 0x3D,
+        0x20, 0x77, 0x6F, 0x6C, 0x66, 0x53, 0x53, 0x4C, 0x0A, 0x20,
+        0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x53, 0x75, 0x62,
+        0x6A, 0x65, 0x63, 0x74, 0x20, 0x50, 0x75, 0x62, 0x6C, 0x69,
+        0x63, 0x20, 0x4B, 0x65, 0x79, 0x20, 0x49, 0x6E, 0x66, 0x6F,
+        0x3A, 0x0A, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20,
+        0x20, 0x20, 0x20, 0x20, 0x50, 0x75, 0x62, 0x6C, 0x69, 0x63,
+        0x20, 0x4B, 0x65, 0x79, 0x20, 0x41, 0x6C, 0x67, 0x6F, 0x72,
+        0x69, 0x74, 0x68, 0x6D, 0x3A, 0x20, 0x73, 0x6D, 0x32, 0x0A,
+        0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20,
+        0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x50, 0x75, 0x62, 0x6C,
+        0x69, 0x63, 0x2D, 0x4B, 0x65, 0x79, 0x3A, 0x20, 0x28, 0x32,
+        0x35, 0x36, 0x20, 0x62, 0x69, 0x74, 0x29, 0x0A, 0x20, 0x20,
+        0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20,
+        0x20, 0x20, 0x20, 0x20, 0x70, 0x75, 0x62, 0x3A, 0x0A, 0x20,
+        0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20,
+        0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x30,
+        0x34, 0x3A, 0x33, 0x61, 0x3A, 0x31, 0x64, 0x3A, 0x65, 0x38,
+        0x3A, 0x63, 0x62, 0x3A, 0x34, 0x62, 0x3A, 0x64, 0x33, 0x3A,
+        0x32, 0x65, 0x3A, 0x33, 0x66, 0x3A, 0x34, 0x62, 0x3A, 0x30,
+        0x37, 0x3A, 0x33, 0x66, 0x3A, 0x62, 0x30, 0x3A, 0x32, 0x31,
+        0x3A, 0x66, 0x65, 0x3A, 0x0A, 0x20, 0x20, 0x20, 0x20, 0x20,
+        0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20,
+        0x20, 0x20, 0x20, 0x20, 0x20, 0x63, 0x35, 0x3A, 0x39, 0x65,
+        0x3A, 0x64, 0x39, 0x3A, 0x63, 0x61, 0x3A, 0x33, 0x61, 0x3A,
+        0x39, 0x33, 0x3A, 0x39, 0x33, 0x3A, 0x39, 0x35, 0x3A, 0x37,
+        0x36, 0x3A, 0x31, 0x64, 0x3A, 0x33, 0x30, 0x3A, 0x64, 0x39,
+        0x3A, 0x30, 0x62, 0x3A, 0x66, 0x35, 0x3A, 0x35, 0x36, 0x3A,
+        0x0A, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20,
+        0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20,
+        0x20, 0x65, 0x64, 0x3A, 0x31, 0x39, 0x3A, 0x36, 0x30, 0x3A,
+        0x65, 0x64, 0x3A, 0x30, 0x31, 0x3A, 0x34, 0x63, 0x3A, 0x66,
+        0x36, 0x3A, 0x36, 0x37, 0x3A, 0x31, 0x64, 0x3A, 0x66, 0x31,
+        0x3A, 0x61, 0x63, 0x3A, 0x61, 0x38, 0x3A, 0x37, 0x34, 0x3A,
+        0x30, 0x64, 0x3A, 0x62, 0x32, 0x3A, 0x0A, 0x20, 0x20, 0x20,
+        0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20,
+        0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x37, 0x37, 0x3A,
+        0x63, 0x38, 0x3A, 0x34, 0x39, 0x3A, 0x33, 0x38, 0x3A, 0x65,
+        0x34, 0x3A, 0x66, 0x66, 0x3A, 0x34, 0x63, 0x3A, 0x65, 0x66,
+        0x3A, 0x38, 0x64, 0x3A, 0x36, 0x64, 0x3A, 0x38, 0x37, 0x3A,
+        0x66, 0x36, 0x3A, 0x34, 0x65, 0x3A, 0x63, 0x37, 0x3A, 0x66,
+        0x38, 0x3A, 0x0A, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20,
+        0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20,
+        0x20, 0x20, 0x20, 0x33, 0x39, 0x3A, 0x37, 0x34, 0x3A, 0x37,
+        0x30, 0x3A, 0x37, 0x30, 0x3A, 0x62, 0x35, 0x0A, 0x20, 0x20,
+        0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20,
+        0x20, 0x20, 0x20, 0x20, 0x41, 0x53, 0x4E, 0x31, 0x20, 0x4F,
+        0x49, 0x44, 0x3A, 0x20, 0x53, 0x4D, 0x32, 0x0A, 0x20, 0x20,
+        0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x58, 0x35, 0x30, 0x39,
+        0x76, 0x33, 0x20, 0x65, 0x78, 0x74, 0x65, 0x6E, 0x73, 0x69,
+        0x6F, 0x6E, 0x73, 0x3A, 0x0A, 0x20, 0x20, 0x20, 0x20, 0x20,
+        0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x58, 0x35, 0x30,
+        0x39, 0x76, 0x33, 0x20, 0x53, 0x75, 0x62, 0x6A, 0x65, 0x63,
+        0x74, 0x20, 0x4B, 0x65, 0x79, 0x20, 0x49, 0x64, 0x65, 0x6E,
+        0x74, 0x69, 0x66, 0x69, 0x65, 0x72, 0x3A, 0x20, 0x0A, 0x20,
+        0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20,
+        0x20, 0x20, 0x20, 0x20, 0x20, 0x45, 0x34, 0x3A, 0x32, 0x31,
+        0x3A, 0x42, 0x32, 0x3A, 0x43, 0x35, 0x3A, 0x45, 0x35, 0x3A,
+        0x44, 0x34, 0x3A, 0x39, 0x45, 0x3A, 0x38, 0x32, 0x3A, 0x43,
+        0x41, 0x3A, 0x46, 0x38, 0x3A, 0x36, 0x37, 0x3A, 0x46, 0x32,
+        0x3A, 0x32, 0x38, 0x3A, 0x39, 0x39, 0x3A, 0x46, 0x36, 0x3A,
+        0x38, 0x35, 0x3A, 0x45, 0x38, 0x3A, 0x46, 0x31, 0x3A, 0x35,
+        0x35, 0x3A, 0x45, 0x46, 0x0A, 0x20, 0x20, 0x20, 0x20, 0x20,
+        0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x58, 0x35, 0x30,
+        0x39, 0x76, 0x33, 0x20, 0x41, 0x75, 0x74, 0x68, 0x6F, 0x72,
+        0x69, 0x74, 0x79, 0x20, 0x4B, 0x65, 0x79, 0x20, 0x49, 0x64,
+        0x65, 0x6E, 0x74, 0x69, 0x66, 0x69, 0x65, 0x72, 0x3A, 0x20,
+        0x0A, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20,
+        0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x6B, 0x65, 0x79,
+        0x69, 0x64, 0x3A, 0x45, 0x34, 0x3A, 0x32, 0x31, 0x3A, 0x42,
+        0x32, 0x3A, 0x43, 0x35, 0x3A, 0x45, 0x35, 0x3A, 0x44, 0x34,
+        0x3A, 0x39, 0x45, 0x3A, 0x38, 0x32, 0x3A, 0x43, 0x41, 0x3A,
+        0x46, 0x38, 0x3A, 0x36, 0x37, 0x3A, 0x46, 0x32, 0x3A, 0x32,
+        0x38, 0x3A, 0x39, 0x39, 0x3A, 0x46, 0x36, 0x3A, 0x38, 0x35,
+        0x3A, 0x45, 0x38, 0x3A, 0x46, 0x31, 0x3A, 0x35, 0x35, 0x3A,
+        0x45, 0x46, 0x0A, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20,
+        0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x44,
+        0x69, 0x72, 0x4E, 0x61, 0x6D, 0x65, 0x3A, 0x2F, 0x43, 0x3D,
+        0x55, 0x53, 0x2F, 0x53, 0x54, 0x3D, 0x4D, 0x6F, 0x6E, 0x74,
+        0x61, 0x6E, 0x61, 0x2F, 0x4C, 0x3D, 0x42, 0x6F, 0x7A, 0x65,
+        0x6D, 0x61, 0x6E, 0x2F, 0x4F, 0x3D, 0x77, 0x6F, 0x6C, 0x66,
+        0x53, 0x53, 0x4C, 0x5F, 0x73, 0x6D, 0x32, 0x2F, 0x4F, 0x55,
+        0x3D, 0x43, 0x6C, 0x69, 0x65, 0x6E, 0x74, 0x2D, 0x73, 0x6D,
+        0x32, 0x2F, 0x43, 0x4E, 0x3D, 0x77, 0x77, 0x77, 0x2E, 0x77,
+        0x6F, 0x6C, 0x66, 0x73, 0x73, 0x6C, 0x2E, 0x63, 0x6F, 0x6D,
+        0x2F, 0x65, 0x6D, 0x61, 0x69, 0x6C, 0x41, 0x64, 0x64, 0x72,
+        0x65, 0x73, 0x73, 0x3D, 0x69, 0x6E, 0x66, 0x6F, 0x40, 0x77,
+        0x6F, 0x6C, 0x66, 0x73, 0x73, 0x6C, 0x2E, 0x63, 0x6F, 0x6D,
+        0x2F, 0x55, 0x49, 0x44, 0x3D, 0x77, 0x6F, 0x6C, 0x66, 0x53,
+        0x53, 0x4C, 0x0A, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20,
+        0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x73,
+        0x65, 0x72, 0x69, 0x61, 0x6C, 0x3A, 0x36, 0x30, 0x3A, 0x41,
+        0x30, 0x3A, 0x34, 0x41, 0x3A, 0x30, 0x42, 0x3A, 0x33, 0x36,
+        0x3A, 0x45, 0x42, 0x3A, 0x37, 0x44, 0x3A, 0x45, 0x31, 0x3A,
+        0x33, 0x46, 0x3A, 0x37, 0x34, 0x3A, 0x32, 0x39, 0x3A, 0x41,
+        0x39, 0x3A, 0x32, 0x39, 0x3A, 0x42, 0x34, 0x3A, 0x30, 0x35,
+        0x3A, 0x36, 0x43, 0x3A, 0x31, 0x37, 0x3A, 0x46, 0x37, 0x3A,
+        0x41, 0x36, 0x3A, 0x44, 0x34, 0x0A, 0x20, 0x20, 0x20, 0x20,
+        0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x58, 0x35,
+        0x30, 0x39, 0x76, 0x33, 0x20, 0x42, 0x61, 0x73, 0x69, 0x63,
+        0x20, 0x43, 0x6F, 0x6E, 0x73, 0x74, 0x72, 0x61, 0x69, 0x6E,
+        0x74, 0x73, 0x3A, 0x20, 0x0A, 0x20, 0x20, 0x20, 0x20, 0x20,
+        0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20,
+        0x20, 0x43, 0x41, 0x3A, 0x54, 0x52, 0x55, 0x45, 0x0A, 0x20,
+        0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20,
+        0x20, 0x58, 0x35, 0x30, 0x39, 0x76, 0x33, 0x20, 0x53, 0x75,
+        0x62, 0x6A, 0x65, 0x63, 0x74, 0x20, 0x41, 0x6C, 0x74, 0x65,
+        0x72, 0x6E, 0x61, 0x74, 0x69, 0x76, 0x65, 0x20, 0x4E, 0x61,
+        0x6D, 0x65, 0x3A, 0x20, 0x0A, 0x20, 0x20, 0x20, 0x20, 0x20,
+        0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20,
+        0x20, 0x44, 0x4E, 0x53, 0x3A, 0x65, 0x78, 0x61, 0x6D, 0x70,
+        0x6C, 0x65, 0x2E, 0x63, 0x6F, 0x6D, 0x2C, 0x20, 0x49, 0x50,
+        0x20, 0x41, 0x64, 0x64, 0x72, 0x65, 0x73, 0x73, 0x3A, 0x31,
+        0x32, 0x37, 0x2E, 0x30, 0x2E, 0x30, 0x2E, 0x31, 0x0A, 0x20,
+        0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20,
+        0x20, 0x58, 0x35, 0x30, 0x39, 0x76, 0x33, 0x20, 0x45, 0x78,
+        0x74, 0x65, 0x6E, 0x64, 0x65, 0x64, 0x20, 0x4B, 0x65, 0x79,
+        0x20, 0x55, 0x73, 0x61, 0x67, 0x65, 0x3A, 0x20, 0x0A, 0x20,
+        0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20,
+        0x20, 0x20, 0x20, 0x20, 0x20, 0x54, 0x4C, 0x53, 0x20, 0x57,
+        0x65, 0x62, 0x20, 0x53, 0x65, 0x72, 0x76, 0x65, 0x72, 0x20,
+        0x41, 0x75, 0x74, 0x68, 0x65, 0x6E, 0x74, 0x69, 0x63, 0x61,
+        0x74, 0x69, 0x6F, 0x6E, 0x2C, 0x20, 0x54, 0x4C, 0x53, 0x20,
+        0x57, 0x65, 0x62, 0x20, 0x43, 0x6C, 0x69, 0x65, 0x6E, 0x74,
+        0x20, 0x41, 0x75, 0x74, 0x68, 0x65, 0x6E, 0x74, 0x69, 0x63,
+        0x61, 0x74, 0x69, 0x6F, 0x6E, 0x0A, 0x20, 0x20, 0x20, 0x20,
+        0x53, 0x69, 0x67, 0x6E, 0x61, 0x74, 0x75, 0x72, 0x65, 0x20,
+        0x41, 0x6C, 0x67, 0x6F, 0x72, 0x69, 0x74, 0x68, 0x6D, 0x3A,
+        0x20, 0x53, 0x4D, 0x32, 0x2D, 0x77, 0x69, 0x74, 0x68, 0x2D,
+        0x53, 0x4D, 0x33, 0x0A, 0x20, 0x20, 0x20, 0x20, 0x53, 0x69,
+        0x67, 0x6E, 0x61, 0x74, 0x75, 0x72, 0x65, 0x20, 0x56, 0x61,
+        0x6C, 0x75, 0x65, 0x3A, 0x0A, 0x20, 0x20, 0x20, 0x20, 0x20,
+        0x20, 0x20, 0x20, 0x33, 0x30, 0x3A, 0x34, 0x36, 0x3A, 0x30,
+        0x32, 0x3A, 0x32, 0x31, 0x3A, 0x30, 0x30, 0x3A, 0x38, 0x66,
+        0x3A, 0x62, 0x32, 0x3A, 0x62, 0x35, 0x3A, 0x39, 0x35, 0x3A,
+        0x38, 0x66, 0x3A, 0x37, 0x39, 0x3A, 0x66, 0x36, 0x3A, 0x35,
+        0x65, 0x3A, 0x37, 0x35, 0x3A, 0x65, 0x35, 0x3A, 0x63, 0x35,
+        0x3A, 0x65, 0x39, 0x3A, 0x39, 0x61, 0x3A, 0x0A, 0x20, 0x20,
+        0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x31, 0x32, 0x3A, 0x64,
+        0x32, 0x3A, 0x30, 0x66, 0x3A, 0x37, 0x38, 0x3A, 0x39, 0x66,
+        0x3A, 0x63, 0x30, 0x3A, 0x31, 0x64, 0x3A, 0x38, 0x64, 0x3A,
+        0x31, 0x63, 0x3A, 0x62, 0x65, 0x3A, 0x36, 0x62, 0x3A, 0x30,
+        0x63, 0x3A, 0x66, 0x31, 0x3A, 0x66, 0x35, 0x3A, 0x35, 0x37,
+        0x3A, 0x36, 0x30, 0x3A, 0x64, 0x62, 0x3A, 0x39, 0x31, 0x3A,
+        0x0A, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x34,
+        0x66, 0x3A, 0x30, 0x32, 0x3A, 0x32, 0x31, 0x3A, 0x30, 0x30,
+        0x3A, 0x38, 0x37, 0x3A, 0x35, 0x65, 0x3A, 0x37, 0x64, 0x3A,
+        0x65, 0x34, 0x3A, 0x64, 0x36, 0x3A, 0x33, 0x61, 0x3A, 0x62,
+        0x62, 0x3A, 0x37, 0x62, 0x3A, 0x39, 0x38, 0x3A, 0x32, 0x37,
+        0x3A, 0x38, 0x35, 0x3A, 0x64, 0x65, 0x3A, 0x37, 0x61, 0x3A,
+        0x66, 0x30, 0x3A, 0x0A, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20,
+        0x20, 0x20, 0x32, 0x31, 0x3A, 0x65, 0x32, 0x3A, 0x36, 0x36,
+        0x3A, 0x61, 0x31, 0x3A, 0x39, 0x66, 0x3A, 0x32, 0x36, 0x3A,
+        0x65, 0x30, 0x3A, 0x64, 0x64, 0x3A, 0x38, 0x36, 0x3A, 0x32,
+        0x33, 0x3A, 0x62, 0x34, 0x3A, 0x63, 0x38, 0x3A, 0x63, 0x30,
+        0x3A, 0x34, 0x36, 0x3A, 0x35, 0x61, 0x3A, 0x66, 0x32, 0x3A,
+        0x34, 0x39, 0x3A, 0x38, 0x64, 0x0A, 0x2D, 0x2D, 0x2D, 0x2D,
+        0x2D, 0x42, 0x45, 0x47, 0x49, 0x4E, 0x20, 0x43, 0x45, 0x52,
+        0x54, 0x49, 0x46, 0x49, 0x43, 0x41, 0x54, 0x45, 0x2D, 0x2D,
+        0x2D, 0x2D, 0x2D, 0x0A, 0x4D, 0x49, 0x49, 0x44, 0x79, 0x54,
+        0x43, 0x43, 0x41, 0x32, 0x36, 0x67, 0x41, 0x77, 0x49, 0x42,
+        0x41, 0x67, 0x49, 0x55, 0x59, 0x4B, 0x42, 0x4B, 0x43, 0x7A,
+        0x62, 0x72, 0x66, 0x65, 0x45, 0x2F, 0x64, 0x43, 0x6D, 0x70,
+        0x4B, 0x62, 0x51, 0x46, 0x62, 0x42, 0x66, 0x33, 0x70, 0x74,
+        0x51, 0x77, 0x43, 0x67, 0x59, 0x49, 0x4B, 0x6F, 0x45, 0x63,
+        0x7A, 0x31, 0x55, 0x42, 0x67, 0x33, 0x55, 0x77, 0x0A, 0x67,
+        0x62, 0x41, 0x78, 0x43, 0x7A, 0x41, 0x4A, 0x42, 0x67, 0x4E,
+        0x56, 0x42, 0x41, 0x59, 0x54, 0x41, 0x6C, 0x56, 0x54, 0x4D,
+        0x52, 0x41, 0x77, 0x44, 0x67, 0x59, 0x44, 0x56, 0x51, 0x51,
+        0x49, 0x44, 0x41, 0x64, 0x4E, 0x62, 0x32, 0x35, 0x30, 0x59,
+        0x57, 0x35, 0x68, 0x4D, 0x52, 0x41, 0x77, 0x44, 0x67, 0x59,
+        0x44, 0x56, 0x51, 0x51, 0x48, 0x44, 0x41, 0x64, 0x43, 0x62,
+        0x33, 0x70, 0x6C, 0x0A, 0x62, 0x57, 0x46, 0x75, 0x4D, 0x52,
+        0x51, 0x77, 0x45, 0x67, 0x59, 0x44, 0x56, 0x51, 0x51, 0x4B,
+        0x44, 0x41, 0x74, 0x33, 0x62, 0x32, 0x78, 0x6D, 0x55, 0x31,
+        0x4E, 0x4D, 0x58, 0x33, 0x4E, 0x74, 0x4D, 0x6A, 0x45, 0x54,
+        0x4D, 0x42, 0x45, 0x47, 0x41, 0x31, 0x55, 0x45, 0x43, 0x77,
+        0x77, 0x4B, 0x51, 0x32, 0x78, 0x70, 0x5A, 0x57, 0x35, 0x30,
+        0x4C, 0x58, 0x4E, 0x74, 0x4D, 0x6A, 0x45, 0x59, 0x0A, 0x4D,
+        0x42, 0x59, 0x47, 0x41, 0x31, 0x55, 0x45, 0x41, 0x77, 0x77,
+        0x50, 0x64, 0x33, 0x64, 0x33, 0x4C, 0x6E, 0x64, 0x76, 0x62,
+        0x47, 0x5A, 0x7A, 0x63, 0x32, 0x77, 0x75, 0x59, 0x32, 0x39,
+        0x74, 0x4D, 0x52, 0x38, 0x77, 0x48, 0x51, 0x59, 0x4A, 0x4B,
+        0x6F, 0x5A, 0x49, 0x68, 0x76, 0x63, 0x4E, 0x41, 0x51, 0x6B,
+        0x42, 0x46, 0x68, 0x42, 0x70, 0x62, 0x6D, 0x5A, 0x76, 0x51,
+        0x48, 0x64, 0x76, 0x0A, 0x62, 0x47, 0x5A, 0x7A, 0x63, 0x32,
+        0x77, 0x75, 0x59, 0x32, 0x39, 0x74, 0x4D, 0x52, 0x63, 0x77,
+        0x46, 0x51, 0x59, 0x4B, 0x43, 0x5A, 0x49, 0x6D, 0x69, 0x5A,
+        0x50, 0x79, 0x4C, 0x47, 0x51, 0x42, 0x41, 0x51, 0x77, 0x48,
+        0x64, 0x32, 0x39, 0x73, 0x5A, 0x6C, 0x4E, 0x54, 0x54, 0x44,
+        0x41, 0x65, 0x46, 0x77, 0x30, 0x79, 0x4D, 0x7A, 0x41, 0x79,
+        0x4D, 0x54, 0x55, 0x77, 0x4E, 0x6A, 0x49, 0x7A, 0x0A, 0x4D,
+        0x44, 0x64, 0x61, 0x46, 0x77, 0x30, 0x79, 0x4E, 0x54, 0x45,
+        0x78, 0x4D, 0x54, 0x45, 0x77, 0x4E, 0x6A, 0x49, 0x7A, 0x4D,
+        0x44, 0x64, 0x61, 0x4D, 0x49, 0x47, 0x77, 0x4D, 0x51, 0x73,
+        0x77, 0x43, 0x51, 0x59, 0x44, 0x56, 0x51, 0x51, 0x47, 0x45,
+        0x77, 0x4A, 0x56, 0x55, 0x7A, 0x45, 0x51, 0x4D, 0x41, 0x34,
+        0x47, 0x41, 0x31, 0x55, 0x45, 0x43, 0x41, 0x77, 0x48, 0x54,
+        0x57, 0x39, 0x75, 0x0A, 0x64, 0x47, 0x46, 0x75, 0x59, 0x54,
+        0x45, 0x51, 0x4D, 0x41, 0x34, 0x47, 0x41, 0x31, 0x55, 0x45,
+        0x42, 0x77, 0x77, 0x48, 0x51, 0x6D, 0x39, 0x36, 0x5A, 0x57,
+        0x31, 0x68, 0x62, 0x6A, 0x45, 0x55, 0x4D, 0x42, 0x49, 0x47,
+        0x41, 0x31, 0x55, 0x45, 0x43, 0x67, 0x77, 0x4C, 0x64, 0x32,
+        0x39, 0x73, 0x5A, 0x6C, 0x4E, 0x54, 0x54, 0x46, 0x39, 0x7A,
+        0x62, 0x54, 0x49, 0x78, 0x45, 0x7A, 0x41, 0x52, 0x0A, 0x42,
+        0x67, 0x4E, 0x56, 0x42, 0x41, 0x73, 0x4D, 0x43, 0x6B, 0x4E,
+        0x73, 0x61, 0x57, 0x56, 0x75, 0x64, 0x43, 0x31, 0x7A, 0x62,
+        0x54, 0x49, 0x78, 0x47, 0x44, 0x41, 0x57, 0x42, 0x67, 0x4E,
+        0x56, 0x42, 0x41, 0x4D, 0x4D, 0x44, 0x33, 0x64, 0x33, 0x64,
+        0x79, 0x35, 0x33, 0x62, 0x32, 0x78, 0x6D, 0x63, 0x33, 0x4E,
+        0x73, 0x4C, 0x6D, 0x4E, 0x76, 0x62, 0x54, 0x45, 0x66, 0x4D,
+        0x42, 0x30, 0x47, 0x0A, 0x43, 0x53, 0x71, 0x47, 0x53, 0x49,
+        0x62, 0x33, 0x44, 0x51, 0x45, 0x4A, 0x41, 0x52, 0x59, 0x51,
+        0x61, 0x57, 0x35, 0x6D, 0x62, 0x30, 0x42, 0x33, 0x62, 0x32,
+        0x78, 0x6D, 0x63, 0x33, 0x4E, 0x73, 0x4C, 0x6D, 0x4E, 0x76,
+        0x62, 0x54, 0x45, 0x58, 0x4D, 0x42, 0x55, 0x47, 0x43, 0x67,
+        0x6D, 0x53, 0x4A, 0x6F, 0x6D, 0x54, 0x38, 0x69, 0x78, 0x6B,
+        0x41, 0x51, 0x45, 0x4D, 0x42, 0x33, 0x64, 0x76, 0x0A, 0x62,
+        0x47, 0x5A, 0x54, 0x55, 0x30, 0x77, 0x77, 0x57, 0x6A, 0x41,
+        0x55, 0x42, 0x67, 0x67, 0x71, 0x67, 0x52, 0x7A, 0x50, 0x56,
+        0x51, 0x47, 0x43, 0x4C, 0x51, 0x59, 0x49, 0x4B, 0x6F, 0x45,
+        0x63, 0x7A, 0x31, 0x55, 0x42, 0x67, 0x69, 0x30, 0x44, 0x51,
+        0x67, 0x41, 0x45, 0x4F, 0x68, 0x33, 0x6F, 0x79, 0x30, 0x76,
+        0x54, 0x4C, 0x6A, 0x39, 0x4C, 0x42, 0x7A, 0x2B, 0x77, 0x49,
+        0x66, 0x37, 0x46, 0x0A, 0x6E, 0x74, 0x6E, 0x4B, 0x4F, 0x70,
+        0x4F, 0x54, 0x6C, 0x58, 0x59, 0x64, 0x4D, 0x4E, 0x6B, 0x4C,
+        0x39, 0x56, 0x62, 0x74, 0x47, 0x57, 0x44, 0x74, 0x41, 0x55,
+        0x7A, 0x32, 0x5A, 0x78, 0x33, 0x78, 0x72, 0x4B, 0x68, 0x30,
+        0x44, 0x62, 0x4A, 0x33, 0x79, 0x45, 0x6B, 0x34, 0x35, 0x50,
+        0x39, 0x4D, 0x37, 0x34, 0x31, 0x74, 0x68, 0x2F, 0x5A, 0x4F,
+        0x78, 0x2F, 0x67, 0x35, 0x64, 0x48, 0x42, 0x77, 0x0A, 0x74,
+        0x61, 0x4F, 0x43, 0x41, 0x57, 0x45, 0x77, 0x67, 0x67, 0x46,
+        0x64, 0x4D, 0x42, 0x30, 0x47, 0x41, 0x31, 0x55, 0x64, 0x44,
+        0x67, 0x51, 0x57, 0x42, 0x42, 0x54, 0x6B, 0x49, 0x62, 0x4C,
+        0x46, 0x35, 0x64, 0x53, 0x65, 0x67, 0x73, 0x72, 0x34, 0x5A,
+        0x2F, 0x49, 0x6F, 0x6D, 0x66, 0x61, 0x46, 0x36, 0x50, 0x46,
+        0x56, 0x37, 0x7A, 0x43, 0x42, 0x38, 0x41, 0x59, 0x44, 0x56,
+        0x52, 0x30, 0x6A, 0x0A, 0x42, 0x49, 0x48, 0x6F, 0x4D, 0x49,
+        0x48, 0x6C, 0x67, 0x42, 0x54, 0x6B, 0x49, 0x62, 0x4C, 0x46,
+        0x35, 0x64, 0x53, 0x65, 0x67, 0x73, 0x72, 0x34, 0x5A, 0x2F,
+        0x49, 0x6F, 0x6D, 0x66, 0x61, 0x46, 0x36, 0x50, 0x46, 0x56,
+        0x37, 0x36, 0x47, 0x42, 0x74, 0x71, 0x53, 0x42, 0x73, 0x7A,
+        0x43, 0x42, 0x73, 0x44, 0x45, 0x4C, 0x4D, 0x41, 0x6B, 0x47,
+        0x41, 0x31, 0x55, 0x45, 0x42, 0x68, 0x4D, 0x43, 0x0A, 0x56,
+        0x56, 0x4D, 0x78, 0x45, 0x44, 0x41, 0x4F, 0x42, 0x67, 0x4E,
+        0x56, 0x42, 0x41, 0x67, 0x4D, 0x42, 0x30, 0x31, 0x76, 0x62,
+        0x6E, 0x52, 0x68, 0x62, 0x6D, 0x45, 0x78, 0x45, 0x44, 0x41,
+        0x4F, 0x42, 0x67, 0x4E, 0x56, 0x42, 0x41, 0x63, 0x4D, 0x42,
+        0x30, 0x4A, 0x76, 0x65, 0x6D, 0x56, 0x74, 0x59, 0x57, 0x34,
+        0x78, 0x46, 0x44, 0x41, 0x53, 0x42, 0x67, 0x4E, 0x56, 0x42,
+        0x41, 0x6F, 0x4D, 0x0A, 0x43, 0x33, 0x64, 0x76, 0x62, 0x47,
+        0x5A, 0x54, 0x55, 0x30, 0x78, 0x66, 0x63, 0x32, 0x30, 0x79,
+        0x4D, 0x52, 0x4D, 0x77, 0x45, 0x51, 0x59, 0x44, 0x56, 0x51,
+        0x51, 0x4C, 0x44, 0x41, 0x70, 0x44, 0x62, 0x47, 0x6C, 0x6C,
+        0x62, 0x6E, 0x51, 0x74, 0x63, 0x32, 0x30, 0x79, 0x4D, 0x52,
+        0x67, 0x77, 0x46, 0x67, 0x59, 0x44, 0x56, 0x51, 0x51, 0x44,
+        0x44, 0x41, 0x39, 0x33, 0x64, 0x33, 0x63, 0x75, 0x0A, 0x64,
+        0x32, 0x39, 0x73, 0x5A, 0x6E, 0x4E, 0x7A, 0x62, 0x43, 0x35,
+        0x6A, 0x62, 0x32, 0x30, 0x78, 0x48, 0x7A, 0x41, 0x64, 0x42,
+        0x67, 0x6B, 0x71, 0x68, 0x6B, 0x69, 0x47, 0x39, 0x77, 0x30,
+        0x42, 0x43, 0x51, 0x45, 0x57, 0x45, 0x47, 0x6C, 0x75, 0x5A,
+        0x6D, 0x39, 0x41, 0x64, 0x32, 0x39, 0x73, 0x5A, 0x6E, 0x4E,
+        0x7A, 0x62, 0x43, 0x35, 0x6A, 0x62, 0x32, 0x30, 0x78, 0x46,
+        0x7A, 0x41, 0x56, 0x0A, 0x42, 0x67, 0x6F, 0x4A, 0x6B, 0x69,
+        0x61, 0x4A, 0x6B, 0x2F, 0x49, 0x73, 0x5A, 0x41, 0x45, 0x42,
+        0x44, 0x41, 0x64, 0x33, 0x62, 0x32, 0x78, 0x6D, 0x55, 0x31,
+        0x4E, 0x4D, 0x67, 0x68, 0x52, 0x67, 0x6F, 0x45, 0x6F, 0x4C,
+        0x4E, 0x75, 0x74, 0x39, 0x34, 0x54, 0x39, 0x30, 0x4B, 0x61,
+        0x6B, 0x70, 0x74, 0x41, 0x56, 0x73, 0x46, 0x2F, 0x65, 0x6D,
+        0x31, 0x44, 0x41, 0x4D, 0x42, 0x67, 0x4E, 0x56, 0x0A, 0x48,
+        0x52, 0x4D, 0x45, 0x42, 0x54, 0x41, 0x44, 0x41, 0x51, 0x48,
+        0x2F, 0x4D, 0x42, 0x77, 0x47, 0x41, 0x31, 0x55, 0x64, 0x45,
+        0x51, 0x51, 0x56, 0x4D, 0x42, 0x4F, 0x43, 0x43, 0x32, 0x56,
+        0x34, 0x59, 0x57, 0x31, 0x77, 0x62, 0x47, 0x55, 0x75, 0x59,
+        0x32, 0x39, 0x74, 0x68, 0x77, 0x52, 0x2F, 0x41, 0x41, 0x41,
+        0x42, 0x4D, 0x42, 0x30, 0x47, 0x41, 0x31, 0x55, 0x64, 0x4A,
+        0x51, 0x51, 0x57, 0x0A, 0x4D, 0x42, 0x51, 0x47, 0x43, 0x43,
+        0x73, 0x47, 0x41, 0x51, 0x55, 0x46, 0x42, 0x77, 0x4D, 0x42,
+        0x42, 0x67, 0x67, 0x72, 0x42, 0x67, 0x45, 0x46, 0x42, 0x51,
+        0x63, 0x44, 0x41, 0x6A, 0x41, 0x4B, 0x42, 0x67, 0x67, 0x71,
+        0x67, 0x52, 0x7A, 0x50, 0x56, 0x51, 0x47, 0x44, 0x64, 0x51,
+        0x4E, 0x4A, 0x41, 0x44, 0x42, 0x47, 0x41, 0x69, 0x45, 0x41,
+        0x6A, 0x37, 0x4B, 0x31, 0x6C, 0x59, 0x39, 0x35, 0x0A, 0x39,
+        0x6C, 0x35, 0x31, 0x35, 0x63, 0x58, 0x70, 0x6D, 0x68, 0x4C,
+        0x53, 0x44, 0x33, 0x69, 0x66, 0x77, 0x42, 0x32, 0x4E, 0x48,
+        0x4C, 0x35, 0x72, 0x44, 0x50, 0x48, 0x31, 0x56, 0x32, 0x44,
+        0x62, 0x6B, 0x55, 0x38, 0x43, 0x49, 0x51, 0x43, 0x48, 0x58,
+        0x6E, 0x33, 0x6B, 0x31, 0x6A, 0x71, 0x37, 0x65, 0x35, 0x67,
+        0x6E, 0x68, 0x64, 0x35, 0x36, 0x38, 0x43, 0x48, 0x69, 0x5A,
+        0x71, 0x47, 0x66, 0x0A, 0x4A, 0x75, 0x44, 0x64, 0x68, 0x69,
+        0x4F, 0x30, 0x79, 0x4D, 0x42, 0x47, 0x57, 0x76, 0x4A, 0x4A,
+        0x6A, 0x51, 0x3D, 0x3D, 0x0A, 0x2D, 0x2D, 0x2D, 0x2D, 0x2D,
+        0x45, 0x4E, 0x44, 0x20, 0x43, 0x45, 0x52, 0x54, 0x49, 0x46,
+        0x49, 0x43, 0x41, 0x54, 0x45, 0x2D, 0x2D, 0x2D, 0x2D, 0x2D,
+        0x0A
+};
+#define sizeof_client_sm2 (sizeof(client_sm2))
+
+/* ./certs/sm2/client-sm2-key.pem */
+static const unsigned char client_sm2_key[] =
+{
+        0x2D, 0x2D, 0x2D, 0x2D, 0x2D, 0x42, 0x45, 0x47, 0x49, 0x4E,
+        0x20, 0x50, 0x55, 0x42, 0x4C, 0x49, 0x43, 0x20, 0x4B, 0x45,
+        0x59, 0x2D, 0x2D, 0x2D, 0x2D, 0x2D, 0x0A, 0x4D, 0x46, 0x6F,
+        0x77, 0x46, 0x41, 0x59, 0x49, 0x4B, 0x6F, 0x45, 0x63, 0x7A,
+        0x31, 0x55, 0x42, 0x67, 0x69, 0x30, 0x47, 0x43, 0x43, 0x71,
+        0x42, 0x48, 0x4D, 0x39, 0x56, 0x41, 0x59, 0x49, 0x74, 0x41,
+        0x30, 0x49, 0x41, 0x42, 0x44, 0x6F, 0x64, 0x36, 0x4D, 0x74,
+        0x4C, 0x30, 0x79, 0x34, 0x2F, 0x53, 0x77, 0x63, 0x2F, 0x73,
+        0x43, 0x48, 0x2B, 0x78, 0x5A, 0x37, 0x5A, 0x79, 0x6A, 0x71,
+        0x54, 0x0A, 0x6B, 0x35, 0x56, 0x32, 0x48, 0x54, 0x44, 0x5A,
+        0x43, 0x2F, 0x56, 0x57, 0x37, 0x52, 0x6C, 0x67, 0x37, 0x51,
+        0x46, 0x4D, 0x39, 0x6D, 0x63, 0x64, 0x38, 0x61, 0x79, 0x6F,
+        0x64, 0x41, 0x32, 0x79, 0x64, 0x38, 0x68, 0x4A, 0x4F, 0x4F,
+        0x54, 0x2F, 0x54, 0x4F, 0x2B, 0x4E, 0x62, 0x59, 0x66, 0x32,
+        0x54, 0x73, 0x66, 0x34, 0x4F, 0x58, 0x52, 0x77, 0x63, 0x4C,
+        0x55, 0x3D, 0x0A, 0x2D, 0x2D, 0x2D, 0x2D, 0x2D, 0x45, 0x4E,
+        0x44, 0x20, 0x50, 0x55, 0x42, 0x4C, 0x49, 0x43, 0x20, 0x4B,
+        0x45, 0x59, 0x2D, 0x2D, 0x2D, 0x2D, 0x2D, 0x0A
+};
+#define sizeof_client_sm2_key (sizeof(client_sm2_key))
+
+/* ./certs/sm2/client-sm2-priv.pem */
+static const unsigned char client_sm2_priv[] =
+{
+        0x2D, 0x2D, 0x2D, 0x2D, 0x2D, 0x42, 0x45, 0x47, 0x49, 0x4E,
+        0x20, 0x50, 0x52, 0x49, 0x56, 0x41, 0x54, 0x45, 0x20, 0x4B,
+        0x45, 0x59, 0x2D, 0x2D, 0x2D, 0x2D, 0x2D, 0x0A, 0x4D, 0x49,
+        0x47, 0x49, 0x41, 0x67, 0x45, 0x41, 0x4D, 0x42, 0x51, 0x47,
+        0x43, 0x43, 0x71, 0x42, 0x48, 0x4D, 0x39, 0x56, 0x41, 0x59,
+        0x49, 0x74, 0x42, 0x67, 0x67, 0x71, 0x67, 0x52, 0x7A, 0x50,
+        0x56, 0x51, 0x47, 0x43, 0x4C, 0x51, 0x52, 0x74, 0x4D, 0x47,
+        0x73, 0x43, 0x41, 0x51, 0x45, 0x45, 0x49, 0x4E, 0x43, 0x69,
+        0x33, 0x30, 0x6C, 0x36, 0x4C, 0x64, 0x38, 0x43, 0x79, 0x63,
+        0x36, 0x33, 0x0A, 0x38, 0x6A, 0x63, 0x43, 0x44, 0x64, 0x33,
+        0x38, 0x43, 0x4C, 0x6A, 0x65, 0x46, 0x4A, 0x4E, 0x36, 0x55,
+        0x79, 0x5A, 0x4A, 0x31, 0x66, 0x34, 0x43, 0x32, 0x66, 0x4E,
+        0x78, 0x6F, 0x55, 0x51, 0x44, 0x51, 0x67, 0x41, 0x45, 0x4F,
+        0x68, 0x33, 0x6F, 0x79, 0x30, 0x76, 0x54, 0x4C, 0x6A, 0x39,
+        0x4C, 0x42, 0x7A, 0x2B, 0x77, 0x49, 0x66, 0x37, 0x46, 0x6E,
+        0x74, 0x6E, 0x4B, 0x4F, 0x70, 0x4F, 0x54, 0x0A, 0x6C, 0x58,
+        0x59, 0x64, 0x4D, 0x4E, 0x6B, 0x4C, 0x39, 0x56, 0x62, 0x74,
+        0x47, 0x57, 0x44, 0x74, 0x41, 0x55, 0x7A, 0x32, 0x5A, 0x78,
+        0x33, 0x78, 0x72, 0x4B, 0x68, 0x30, 0x44, 0x62, 0x4A, 0x33,
+        0x79, 0x45, 0x6B, 0x34, 0x35, 0x50, 0x39, 0x4D, 0x37, 0x34,
+        0x31, 0x74, 0x68, 0x2F, 0x5A, 0x4F, 0x78, 0x2F, 0x67, 0x35,
+        0x64, 0x48, 0x42, 0x77, 0x74, 0x51, 0x3D, 0x3D, 0x0A, 0x2D,
+        0x2D, 0x2D, 0x2D, 0x2D, 0x45, 0x4E, 0x44, 0x20, 0x50, 0x52,
+        0x49, 0x56, 0x41, 0x54, 0x45, 0x20, 0x4B, 0x45, 0x59, 0x2D,
+        0x2D, 0x2D, 0x2D, 0x2D, 0x0A
+};
+#define sizeof_client_sm2_priv (sizeof(client_sm2_priv))
+
+/* ./certs/sm2/root-sm2.pem */
+static const unsigned char root_sm2[] =
+{
+        0x43, 0x65, 0x72, 0x74, 0x69, 0x66, 0x69, 0x63, 0x61, 0x74,
+        0x65, 0x3A, 0x0A, 0x20, 0x20, 0x20, 0x20, 0x44, 0x61, 0x74,
+        0x61, 0x3A, 0x0A, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20,
+        0x20, 0x56, 0x65, 0x72, 0x73, 0x69, 0x6F, 0x6E, 0x3A, 0x20,
+        0x33, 0x20, 0x28, 0x30, 0x78, 0x32, 0x29, 0x0A, 0x20, 0x20,
+        0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x53, 0x65, 0x72, 0x69,
+        0x61, 0x6C, 0x20, 0x4E, 0x75, 0x6D, 0x62, 0x65, 0x72, 0x3A,
+        0x0A, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20,
+        0x20, 0x20, 0x20, 0x37, 0x34, 0x3A, 0x39, 0x63, 0x3A, 0x64,
+        0x64, 0x3A, 0x61, 0x34, 0x3A, 0x62, 0x32, 0x3A, 0x36, 0x37,
+        0x3A, 0x32, 0x36, 0x3A, 0x35, 0x37, 0x3A, 0x32, 0x39, 0x3A,
+        0x66, 0x62, 0x3A, 0x65, 0x39, 0x3A, 0x31, 0x33, 0x3A, 0x35,
+        0x34, 0x3A, 0x65, 0x30, 0x3A, 0x33, 0x34, 0x3A, 0x30, 0x38,
+        0x3A, 0x30, 0x33, 0x3A, 0x32, 0x62, 0x3A, 0x37, 0x30, 0x3A,
+        0x61, 0x39, 0x0A, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20,
+        0x20, 0x53, 0x69, 0x67, 0x6E, 0x61, 0x74, 0x75, 0x72, 0x65,
+        0x20, 0x41, 0x6C, 0x67, 0x6F, 0x72, 0x69, 0x74, 0x68, 0x6D,
+        0x3A, 0x20, 0x53, 0x4D, 0x32, 0x2D, 0x77, 0x69, 0x74, 0x68,
+        0x2D, 0x53, 0x4D, 0x33, 0x0A, 0x20, 0x20, 0x20, 0x20, 0x20,
+        0x20, 0x20, 0x20, 0x49, 0x73, 0x73, 0x75, 0x65, 0x72, 0x3A,
+        0x20, 0x43, 0x20, 0x3D, 0x20, 0x55, 0x53, 0x2C, 0x20, 0x53,
+        0x54, 0x20, 0x3D, 0x20, 0x4D, 0x6F, 0x6E, 0x74, 0x61, 0x6E,
+        0x61, 0x2C, 0x20, 0x4C, 0x20, 0x3D, 0x20, 0x42, 0x6F, 0x7A,
+        0x65, 0x6D, 0x61, 0x6E, 0x2C, 0x20, 0x4F, 0x20, 0x3D, 0x20,
+        0x77, 0x6F, 0x6C, 0x66, 0x53, 0x53, 0x4C, 0x5F, 0x53, 0x4D,
+        0x32, 0x2C, 0x20, 0x4F, 0x55, 0x20, 0x3D, 0x20, 0x52, 0x6F,
+        0x6F, 0x74, 0x2D, 0x53, 0x4D, 0x32, 0x2C, 0x20, 0x43, 0x4E,
+        0x20, 0x3D, 0x20, 0x77, 0x77, 0x77, 0x2E, 0x77, 0x6F, 0x6C,
+        0x66, 0x73, 0x73, 0x6C, 0x2E, 0x63, 0x6F, 0x6D, 0x2C, 0x20,
+        0x65, 0x6D, 0x61, 0x69, 0x6C, 0x41, 0x64, 0x64, 0x72, 0x65,
+        0x73, 0x73, 0x20, 0x3D, 0x20, 0x69, 0x6E, 0x66, 0x6F, 0x40,
+        0x77, 0x6F, 0x6C, 0x66, 0x73, 0x73, 0x6C, 0x2E, 0x63, 0x6F,
+        0x6D, 0x0A, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20,
+        0x56, 0x61, 0x6C, 0x69, 0x64, 0x69, 0x74, 0x79, 0x0A, 0x20,
+        0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20,
+        0x20, 0x4E, 0x6F, 0x74, 0x20, 0x42, 0x65, 0x66, 0x6F, 0x72,
+        0x65, 0x3A, 0x20, 0x46, 0x65, 0x62, 0x20, 0x31, 0x35, 0x20,
+        0x30, 0x36, 0x3A, 0x32, 0x33, 0x3A, 0x30, 0x37, 0x20, 0x32,
+        0x30, 0x32, 0x33, 0x20, 0x47, 0x4D, 0x54, 0x0A, 0x20, 0x20,
+        0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20,
+        0x4E, 0x6F, 0x74, 0x20, 0x41, 0x66, 0x74, 0x65, 0x72, 0x20,
+        0x3A, 0x20, 0x4E, 0x6F, 0x76, 0x20, 0x31, 0x31, 0x20, 0x30,
+        0x36, 0x3A, 0x32, 0x33, 0x3A, 0x30, 0x37, 0x20, 0x32, 0x30,
+        0x32, 0x35, 0x20, 0x47, 0x4D, 0x54, 0x0A, 0x20, 0x20, 0x20,
+        0x20, 0x20, 0x20, 0x20, 0x20, 0x53, 0x75, 0x62, 0x6A, 0x65,
+        0x63, 0x74, 0x3A, 0x20, 0x43, 0x20, 0x3D, 0x20, 0x55, 0x53,
+        0x2C, 0x20, 0x53, 0x54, 0x20, 0x3D, 0x20, 0x4D, 0x6F, 0x6E,
+        0x74, 0x61, 0x6E, 0x61, 0x2C, 0x20, 0x4C, 0x20, 0x3D, 0x20,
+        0x42, 0x6F, 0x7A, 0x65, 0x6D, 0x61, 0x6E, 0x2C, 0x20, 0x4F,
+        0x20, 0x3D, 0x20, 0x77, 0x6F, 0x6C, 0x66, 0x53, 0x53, 0x4C,
+        0x5F, 0x53, 0x4D, 0x32, 0x2C, 0x20, 0x4F, 0x55, 0x20, 0x3D,
+        0x20, 0x52, 0x6F, 0x6F, 0x74, 0x2D, 0x53, 0x4D, 0x32, 0x2C,
+        0x20, 0x43, 0x4E, 0x20, 0x3D, 0x20, 0x77, 0x77, 0x77, 0x2E,
+        0x77, 0x6F, 0x6C, 0x66, 0x73, 0x73, 0x6C, 0x2E, 0x63, 0x6F,
+        0x6D, 0x2C, 0x20, 0x65, 0x6D, 0x61, 0x69, 0x6C, 0x41, 0x64,
+        0x64, 0x72, 0x65, 0x73, 0x73, 0x20, 0x3D, 0x20, 0x69, 0x6E,
+        0x66, 0x6F, 0x40, 0x77, 0x6F, 0x6C, 0x66, 0x73, 0x73, 0x6C,
+        0x2E, 0x63, 0x6F, 0x6D, 0x0A, 0x20, 0x20, 0x20, 0x20, 0x20,
+        0x20, 0x20, 0x20, 0x53, 0x75, 0x62, 0x6A, 0x65, 0x63, 0x74,
+        0x20, 0x50, 0x75, 0x62, 0x6C, 0x69, 0x63, 0x20, 0x4B, 0x65,
+        0x79, 0x20, 0x49, 0x6E, 0x66, 0x6F, 0x3A, 0x0A, 0x20, 0x20,
+        0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20,
+        0x50, 0x75, 0x62, 0x6C, 0x69, 0x63, 0x20, 0x4B, 0x65, 0x79,
+        0x20, 0x41, 0x6C, 0x67, 0x6F, 0x72, 0x69, 0x74, 0x68, 0x6D,
+        0x3A, 0x20, 0x73, 0x6D, 0x32, 0x0A, 0x20, 0x20, 0x20, 0x20,
+        0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20,
+        0x20, 0x20, 0x50, 0x75, 0x62, 0x6C, 0x69, 0x63, 0x2D, 0x4B,
+        0x65, 0x79, 0x3A, 0x20, 0x28, 0x32, 0x35, 0x36, 0x20, 0x62,
+        0x69, 0x74, 0x29, 0x0A, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20,
+        0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20,
+        0x70, 0x75, 0x62, 0x3A, 0x0A, 0x20, 0x20, 0x20, 0x20, 0x20,
+        0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20,
+        0x20, 0x20, 0x20, 0x20, 0x20, 0x30, 0x34, 0x3A, 0x62, 0x62,
+        0x3A, 0x39, 0x63, 0x3A, 0x37, 0x35, 0x3A, 0x38, 0x63, 0x3A,
+        0x66, 0x37, 0x3A, 0x31, 0x37, 0x3A, 0x66, 0x38, 0x3A, 0x34,
+        0x38, 0x3A, 0x61, 0x62, 0x3A, 0x66, 0x37, 0x3A, 0x66, 0x36,
+        0x3A, 0x64, 0x62, 0x3A, 0x30, 0x64, 0x3A, 0x39, 0x61, 0x3A,
+        0x0A, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20,
+        0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20,
+        0x20, 0x38, 0x64, 0x3A, 0x39, 0x66, 0x3A, 0x63, 0x32, 0x3A,
+        0x64, 0x31, 0x3A, 0x34, 0x37, 0x3A, 0x39, 0x37, 0x3A, 0x39,
+        0x35, 0x3A, 0x30, 0x62, 0x3A, 0x34, 0x65, 0x3A, 0x65, 0x36,
+        0x3A, 0x35, 0x37, 0x3A, 0x65, 0x63, 0x3A, 0x63, 0x35, 0x3A,
+        0x66, 0x38, 0x3A, 0x35, 0x37, 0x3A, 0x0A, 0x20, 0x20, 0x20,
+        0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20,
+        0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x35, 0x34, 0x3A,
+        0x37, 0x31, 0x3A, 0x33, 0x39, 0x3A, 0x33, 0x63, 0x3A, 0x37,
+        0x39, 0x3A, 0x65, 0x31, 0x3A, 0x34, 0x30, 0x3A, 0x33, 0x66,
+        0x3A, 0x62, 0x36, 0x3A, 0x35, 0x31, 0x3A, 0x65, 0x39, 0x3A,
+        0x37, 0x63, 0x3A, 0x63, 0x37, 0x3A, 0x64, 0x61, 0x3A, 0x32,
+        0x64, 0x3A, 0x0A, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20,
+        0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20,
+        0x20, 0x20, 0x20, 0x65, 0x66, 0x3A, 0x64, 0x32, 0x3A, 0x65,
+        0x38, 0x3A, 0x37, 0x39, 0x3A, 0x38, 0x31, 0x3A, 0x37, 0x62,
+        0x3A, 0x61, 0x62, 0x3A, 0x61, 0x33, 0x3A, 0x35, 0x66, 0x3A,
+        0x36, 0x62, 0x3A, 0x32, 0x61, 0x3A, 0x36, 0x63, 0x3A, 0x39,
+        0x37, 0x3A, 0x31, 0x61, 0x3A, 0x35, 0x65, 0x3A, 0x0A, 0x20,
+        0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20,
+        0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x38,
+        0x65, 0x3A, 0x64, 0x39, 0x3A, 0x64, 0x30, 0x3A, 0x63, 0x63,
+        0x3A, 0x30, 0x34, 0x0A, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20,
+        0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20,
+        0x41, 0x53, 0x4E, 0x31, 0x20, 0x4F, 0x49, 0x44, 0x3A, 0x20,
+        0x53, 0x4D, 0x32, 0x0A, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20,
+        0x20, 0x20, 0x58, 0x35, 0x30, 0x39, 0x76, 0x33, 0x20, 0x65,
+        0x78, 0x74, 0x65, 0x6E, 0x73, 0x69, 0x6F, 0x6E, 0x73, 0x3A,
+        0x0A, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20,
+        0x20, 0x20, 0x20, 0x58, 0x35, 0x30, 0x39, 0x76, 0x33, 0x20,
+        0x53, 0x75, 0x62, 0x6A, 0x65, 0x63, 0x74, 0x20, 0x4B, 0x65,
+        0x79, 0x20, 0x49, 0x64, 0x65, 0x6E, 0x74, 0x69, 0x66, 0x69,
+        0x65, 0x72, 0x3A, 0x20, 0x0A, 0x20, 0x20, 0x20, 0x20, 0x20,
+        0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20,
+        0x20, 0x33, 0x34, 0x3A, 0x31, 0x44, 0x3A, 0x37, 0x39, 0x3A,
+        0x34, 0x34, 0x3A, 0x31, 0x35, 0x3A, 0x37, 0x39, 0x3A, 0x41,
+        0x31, 0x3A, 0x42, 0x31, 0x3A, 0x36, 0x33, 0x3A, 0x39, 0x39,
+        0x3A, 0x45, 0x33, 0x3A, 0x45, 0x44, 0x3A, 0x36, 0x35, 0x3A,
+        0x37, 0x43, 0x3A, 0x36, 0x34, 0x3A, 0x38, 0x39, 0x3A, 0x38,
+        0x30, 0x3A, 0x46, 0x46, 0x3A, 0x42, 0x38, 0x3A, 0x45, 0x43,
+        0x0A, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20,
+        0x20, 0x20, 0x20, 0x58, 0x35, 0x30, 0x39, 0x76, 0x33, 0x20,
+        0x41, 0x75, 0x74, 0x68, 0x6F, 0x72, 0x69, 0x74, 0x79, 0x20,
+        0x4B, 0x65, 0x79, 0x20, 0x49, 0x64, 0x65, 0x6E, 0x74, 0x69,
+        0x66, 0x69, 0x65, 0x72, 0x3A, 0x20, 0x0A, 0x20, 0x20, 0x20,
+        0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20,
+        0x20, 0x20, 0x20, 0x33, 0x34, 0x3A, 0x31, 0x44, 0x3A, 0x37,
+        0x39, 0x3A, 0x34, 0x34, 0x3A, 0x31, 0x35, 0x3A, 0x37, 0x39,
+        0x3A, 0x41, 0x31, 0x3A, 0x42, 0x31, 0x3A, 0x36, 0x33, 0x3A,
+        0x39, 0x39, 0x3A, 0x45, 0x33, 0x3A, 0x45, 0x44, 0x3A, 0x36,
+        0x35, 0x3A, 0x37, 0x43, 0x3A, 0x36, 0x34, 0x3A, 0x38, 0x39,
+        0x3A, 0x38, 0x30, 0x3A, 0x46, 0x46, 0x3A, 0x42, 0x38, 0x3A,
+        0x45, 0x43, 0x0A, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20,
+        0x20, 0x20, 0x20, 0x20, 0x20, 0x58, 0x35, 0x30, 0x39, 0x76,
+        0x33, 0x20, 0x42, 0x61, 0x73, 0x69, 0x63, 0x20, 0x43, 0x6F,
+        0x6E, 0x73, 0x74, 0x72, 0x61, 0x69, 0x6E, 0x74, 0x73, 0x3A,
+        0x20, 0x63, 0x72, 0x69, 0x74, 0x69, 0x63, 0x61, 0x6C, 0x0A,
+        0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20,
+        0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x43, 0x41, 0x3A, 0x54,
+        0x52, 0x55, 0x45, 0x0A, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20,
+        0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x58, 0x35, 0x30, 0x39,
+        0x76, 0x33, 0x20, 0x4B, 0x65, 0x79, 0x20, 0x55, 0x73, 0x61,
+        0x67, 0x65, 0x3A, 0x20, 0x63, 0x72, 0x69, 0x74, 0x69, 0x63,
+        0x61, 0x6C, 0x0A, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20,
+        0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x44,
+        0x69, 0x67, 0x69, 0x74, 0x61, 0x6C, 0x20, 0x53, 0x69, 0x67,
+        0x6E, 0x61, 0x74, 0x75, 0x72, 0x65, 0x2C, 0x20, 0x43, 0x65,
+        0x72, 0x74, 0x69, 0x66, 0x69, 0x63, 0x61, 0x74, 0x65, 0x20,
+        0x53, 0x69, 0x67, 0x6E, 0x2C, 0x20, 0x43, 0x52, 0x4C, 0x20,
+        0x53, 0x69, 0x67, 0x6E, 0x0A, 0x20, 0x20, 0x20, 0x20, 0x53,
+        0x69, 0x67, 0x6E, 0x61, 0x74, 0x75, 0x72, 0x65, 0x20, 0x41,
+        0x6C, 0x67, 0x6F, 0x72, 0x69, 0x74, 0x68, 0x6D, 0x3A, 0x20,
+        0x53, 0x4D, 0x32, 0x2D, 0x77, 0x69, 0x74, 0x68, 0x2D, 0x53,
+        0x4D, 0x33, 0x0A, 0x20, 0x20, 0x20, 0x20, 0x53, 0x69, 0x67,
+        0x6E, 0x61, 0x74, 0x75, 0x72, 0x65, 0x20, 0x56, 0x61, 0x6C,
+        0x75, 0x65, 0x3A, 0x0A, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20,
+        0x20, 0x20, 0x33, 0x30, 0x3A, 0x34, 0x34, 0x3A, 0x30, 0x32,
+        0x3A, 0x32, 0x30, 0x3A, 0x30, 0x33, 0x3A, 0x32, 0x37, 0x3A,
+        0x32, 0x39, 0x3A, 0x66, 0x30, 0x3A, 0x65, 0x66, 0x3A, 0x37,
+        0x38, 0x3A, 0x32, 0x36, 0x3A, 0x61, 0x31, 0x3A, 0x31, 0x61,
+        0x3A, 0x36, 0x61, 0x3A, 0x31, 0x65, 0x3A, 0x38, 0x38, 0x3A,
+        0x38, 0x31, 0x3A, 0x65, 0x37, 0x3A, 0x0A, 0x20, 0x20, 0x20,
+        0x20, 0x20, 0x20, 0x20, 0x20, 0x38, 0x33, 0x3A, 0x37, 0x32,
+        0x3A, 0x35, 0x66, 0x3A, 0x33, 0x65, 0x3A, 0x65, 0x36, 0x3A,
+        0x30, 0x38, 0x3A, 0x65, 0x38, 0x3A, 0x31, 0x34, 0x3A, 0x36,
+        0x38, 0x3A, 0x62, 0x66, 0x3A, 0x34, 0x62, 0x3A, 0x30, 0x66,
+        0x3A, 0x36, 0x38, 0x3A, 0x35, 0x32, 0x3A, 0x39, 0x32, 0x3A,
+        0x61, 0x61, 0x3A, 0x38, 0x66, 0x3A, 0x61, 0x31, 0x3A, 0x0A,
+        0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x30, 0x32,
+        0x3A, 0x32, 0x30, 0x3A, 0x30, 0x62, 0x3A, 0x66, 0x65, 0x3A,
+        0x31, 0x62, 0x3A, 0x31, 0x34, 0x3A, 0x62, 0x61, 0x3A, 0x35,
+        0x31, 0x3A, 0x38, 0x32, 0x3A, 0x36, 0x35, 0x3A, 0x30, 0x36,
+        0x3A, 0x62, 0x62, 0x3A, 0x32, 0x32, 0x3A, 0x64, 0x38, 0x3A,
+        0x31, 0x61, 0x3A, 0x61, 0x37, 0x3A, 0x39, 0x66, 0x3A, 0x35,
+        0x34, 0x3A, 0x0A, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20,
+        0x20, 0x36, 0x32, 0x3A, 0x65, 0x62, 0x3A, 0x38, 0x64, 0x3A,
+        0x62, 0x32, 0x3A, 0x64, 0x35, 0x3A, 0x31, 0x33, 0x3A, 0x62,
+        0x33, 0x3A, 0x62, 0x38, 0x3A, 0x61, 0x32, 0x3A, 0x66, 0x33,
+        0x3A, 0x31, 0x34, 0x3A, 0x34, 0x34, 0x3A, 0x62, 0x32, 0x3A,
+        0x61, 0x30, 0x3A, 0x32, 0x31, 0x3A, 0x64, 0x30, 0x0A, 0x2D,
+        0x2D, 0x2D, 0x2D, 0x2D, 0x42, 0x45, 0x47, 0x49, 0x4E, 0x20,
+        0x43, 0x45, 0x52, 0x54, 0x49, 0x46, 0x49, 0x43, 0x41, 0x54,
+        0x45, 0x2D, 0x2D, 0x2D, 0x2D, 0x2D, 0x0A, 0x4D, 0x49, 0x49,
+        0x43, 0x6B, 0x54, 0x43, 0x43, 0x41, 0x6A, 0x69, 0x67, 0x41,
+        0x77, 0x49, 0x42, 0x41, 0x67, 0x49, 0x55, 0x64, 0x4A, 0x7A,
+        0x64, 0x70, 0x4C, 0x4A, 0x6E, 0x4A, 0x6C, 0x63, 0x70, 0x2B,
+        0x2B, 0x6B, 0x54, 0x56, 0x4F, 0x41, 0x30, 0x43, 0x41, 0x4D,
+        0x72, 0x63, 0x4B, 0x6B, 0x77, 0x43, 0x67, 0x59, 0x49, 0x4B,
+        0x6F, 0x45, 0x63, 0x7A, 0x31, 0x55, 0x42, 0x67, 0x33, 0x55,
+        0x77, 0x0A, 0x67, 0x5A, 0x55, 0x78, 0x43, 0x7A, 0x41, 0x4A,
+        0x42, 0x67, 0x4E, 0x56, 0x42, 0x41, 0x59, 0x54, 0x41, 0x6C,
+        0x56, 0x54, 0x4D, 0x52, 0x41, 0x77, 0x44, 0x67, 0x59, 0x44,
+        0x56, 0x51, 0x51, 0x49, 0x44, 0x41, 0x64, 0x4E, 0x62, 0x32,
+        0x35, 0x30, 0x59, 0x57, 0x35, 0x68, 0x4D, 0x52, 0x41, 0x77,
+        0x44, 0x67, 0x59, 0x44, 0x56, 0x51, 0x51, 0x48, 0x44, 0x41,
+        0x64, 0x43, 0x62, 0x33, 0x70, 0x6C, 0x0A, 0x62, 0x57, 0x46,
+        0x75, 0x4D, 0x52, 0x51, 0x77, 0x45, 0x67, 0x59, 0x44, 0x56,
+        0x51, 0x51, 0x4B, 0x44, 0x41, 0x74, 0x33, 0x62, 0x32, 0x78,
+        0x6D, 0x55, 0x31, 0x4E, 0x4D, 0x58, 0x31, 0x4E, 0x4E, 0x4D,
+        0x6A, 0x45, 0x52, 0x4D, 0x41, 0x38, 0x47, 0x41, 0x31, 0x55,
+        0x45, 0x43, 0x77, 0x77, 0x49, 0x55, 0x6D, 0x39, 0x76, 0x64,
+        0x43, 0x31, 0x54, 0x54, 0x54, 0x49, 0x78, 0x47, 0x44, 0x41,
+        0x57, 0x0A, 0x42, 0x67, 0x4E, 0x56, 0x42, 0x41, 0x4D, 0x4D,
+        0x44, 0x33, 0x64, 0x33, 0x64, 0x79, 0x35, 0x33, 0x62, 0x32,
+        0x78, 0x6D, 0x63, 0x33, 0x4E, 0x73, 0x4C, 0x6D, 0x4E, 0x76,
+        0x62, 0x54, 0x45, 0x66, 0x4D, 0x42, 0x30, 0x47, 0x43, 0x53,
+        0x71, 0x47, 0x53, 0x49, 0x62, 0x33, 0x44, 0x51, 0x45, 0x4A,
+        0x41, 0x52, 0x59, 0x51, 0x61, 0x57, 0x35, 0x6D, 0x62, 0x30,
+        0x42, 0x33, 0x62, 0x32, 0x78, 0x6D, 0x0A, 0x63, 0x33, 0x4E,
+        0x73, 0x4C, 0x6D, 0x4E, 0x76, 0x62, 0x54, 0x41, 0x65, 0x46,
+        0x77, 0x30, 0x79, 0x4D, 0x7A, 0x41, 0x79, 0x4D, 0x54, 0x55,
+        0x77, 0x4E, 0x6A, 0x49, 0x7A, 0x4D, 0x44, 0x64, 0x61, 0x46,
+        0x77, 0x30, 0x79, 0x4E, 0x54, 0x45, 0x78, 0x4D, 0x54, 0x45,
+        0x77, 0x4E, 0x6A, 0x49, 0x7A, 0x4D, 0x44, 0x64, 0x61, 0x4D,
+        0x49, 0x47, 0x56, 0x4D, 0x51, 0x73, 0x77, 0x43, 0x51, 0x59,
+        0x44, 0x0A, 0x56, 0x51, 0x51, 0x47, 0x45, 0x77, 0x4A, 0x56,
+        0x55, 0x7A, 0x45, 0x51, 0x4D, 0x41, 0x34, 0x47, 0x41, 0x31,
+        0x55, 0x45, 0x43, 0x41, 0x77, 0x48, 0x54, 0x57, 0x39, 0x75,
+        0x64, 0x47, 0x46, 0x75, 0x59, 0x54, 0x45, 0x51, 0x4D, 0x41,
+        0x34, 0x47, 0x41, 0x31, 0x55, 0x45, 0x42, 0x77, 0x77, 0x48,
+        0x51, 0x6D, 0x39, 0x36, 0x5A, 0x57, 0x31, 0x68, 0x62, 0x6A,
+        0x45, 0x55, 0x4D, 0x42, 0x49, 0x47, 0x0A, 0x41, 0x31, 0x55,
+        0x45, 0x43, 0x67, 0x77, 0x4C, 0x64, 0x32, 0x39, 0x73, 0x5A,
+        0x6C, 0x4E, 0x54, 0x54, 0x46, 0x39, 0x54, 0x54, 0x54, 0x49,
+        0x78, 0x45, 0x54, 0x41, 0x50, 0x42, 0x67, 0x4E, 0x56, 0x42,
+        0x41, 0x73, 0x4D, 0x43, 0x46, 0x4A, 0x76, 0x62, 0x33, 0x51,
+        0x74, 0x55, 0x30, 0x30, 0x79, 0x4D, 0x52, 0x67, 0x77, 0x46,
+        0x67, 0x59, 0x44, 0x56, 0x51, 0x51, 0x44, 0x44, 0x41, 0x39,
+        0x33, 0x0A, 0x64, 0x33, 0x63, 0x75, 0x64, 0x32, 0x39, 0x73,
+        0x5A, 0x6E, 0x4E, 0x7A, 0x62, 0x43, 0x35, 0x6A, 0x62, 0x32,
+        0x30, 0x78, 0x48, 0x7A, 0x41, 0x64, 0x42, 0x67, 0x6B, 0x71,
+        0x68, 0x6B, 0x69, 0x47, 0x39, 0x77, 0x30, 0x42, 0x43, 0x51,
+        0x45, 0x57, 0x45, 0x47, 0x6C, 0x75, 0x5A, 0x6D, 0x39, 0x41,
+        0x64, 0x32, 0x39, 0x73, 0x5A, 0x6E, 0x4E, 0x7A, 0x62, 0x43,
+        0x35, 0x6A, 0x62, 0x32, 0x30, 0x77, 0x0A, 0x57, 0x6A, 0x41,
+        0x55, 0x42, 0x67, 0x67, 0x71, 0x67, 0x52, 0x7A, 0x50, 0x56,
+        0x51, 0x47, 0x43, 0x4C, 0x51, 0x59, 0x49, 0x4B, 0x6F, 0x45,
+        0x63, 0x7A, 0x31, 0x55, 0x42, 0x67, 0x69, 0x30, 0x44, 0x51,
+        0x67, 0x41, 0x45, 0x75, 0x35, 0x78, 0x31, 0x6A, 0x50, 0x63,
+        0x58, 0x2B, 0x45, 0x69, 0x72, 0x39, 0x2F, 0x62, 0x62, 0x44,
+        0x5A, 0x71, 0x4E, 0x6E, 0x38, 0x4C, 0x52, 0x52, 0x35, 0x65,
+        0x56, 0x0A, 0x43, 0x30, 0x37, 0x6D, 0x56, 0x2B, 0x7A, 0x46,
+        0x2B, 0x46, 0x64, 0x55, 0x63, 0x54, 0x6B, 0x38, 0x65, 0x65,
+        0x46, 0x41, 0x50, 0x37, 0x5A, 0x52, 0x36, 0x58, 0x7A, 0x48,
+        0x32, 0x69, 0x33, 0x76, 0x30, 0x75, 0x68, 0x35, 0x67, 0x58,
+        0x75, 0x72, 0x6F, 0x31, 0x39, 0x72, 0x4B, 0x6D, 0x79, 0x58,
+        0x47, 0x6C, 0x36, 0x4F, 0x32, 0x64, 0x44, 0x4D, 0x42, 0x4B,
+        0x4E, 0x6A, 0x4D, 0x47, 0x45, 0x77, 0x0A, 0x48, 0x51, 0x59,
+        0x44, 0x56, 0x52, 0x30, 0x4F, 0x42, 0x42, 0x59, 0x45, 0x46,
+        0x44, 0x51, 0x64, 0x65, 0x55, 0x51, 0x56, 0x65, 0x61, 0x47,
+        0x78, 0x59, 0x35, 0x6E, 0x6A, 0x37, 0x57, 0x56, 0x38, 0x5A,
+        0x49, 0x6D, 0x41, 0x2F, 0x37, 0x6A, 0x73, 0x4D, 0x42, 0x38,
+        0x47, 0x41, 0x31, 0x55, 0x64, 0x49, 0x77, 0x51, 0x59, 0x4D,
+        0x42, 0x61, 0x41, 0x46, 0x44, 0x51, 0x64, 0x65, 0x55, 0x51,
+        0x56, 0x0A, 0x65, 0x61, 0x47, 0x78, 0x59, 0x35, 0x6E, 0x6A,
+        0x37, 0x57, 0x56, 0x38, 0x5A, 0x49, 0x6D, 0x41, 0x2F, 0x37,
+        0x6A, 0x73, 0x4D, 0x41, 0x38, 0x47, 0x41, 0x31, 0x55, 0x64,
+        0x45, 0x77, 0x45, 0x42, 0x2F, 0x77, 0x51, 0x46, 0x4D, 0x41,
+        0x4D, 0x42, 0x41, 0x66, 0x38, 0x77, 0x44, 0x67, 0x59, 0x44,
+        0x56, 0x52, 0x30, 0x50, 0x41, 0x51, 0x48, 0x2F, 0x42, 0x41,
+        0x51, 0x44, 0x41, 0x67, 0x47, 0x47, 0x0A, 0x4D, 0x41, 0x6F,
+        0x47, 0x43, 0x43, 0x71, 0x42, 0x48, 0x4D, 0x39, 0x56, 0x41,
+        0x59, 0x4E, 0x31, 0x41, 0x30, 0x63, 0x41, 0x4D, 0x45, 0x51,
+        0x43, 0x49, 0x41, 0x4D, 0x6E, 0x4B, 0x66, 0x44, 0x76, 0x65,
+        0x43, 0x61, 0x68, 0x47, 0x6D, 0x6F, 0x65, 0x69, 0x49, 0x48,
+        0x6E, 0x67, 0x33, 0x4A, 0x66, 0x50, 0x75, 0x59, 0x49, 0x36,
+        0x42, 0x52, 0x6F, 0x76, 0x30, 0x73, 0x50, 0x61, 0x46, 0x4B,
+        0x53, 0x0A, 0x71, 0x6F, 0x2B, 0x68, 0x41, 0x69, 0x41, 0x4C,
+        0x2F, 0x68, 0x73, 0x55, 0x75, 0x6C, 0x47, 0x43, 0x5A, 0x51,
+        0x61, 0x37, 0x49, 0x74, 0x67, 0x61, 0x70, 0x35, 0x39, 0x55,
+        0x59, 0x75, 0x75, 0x4E, 0x73, 0x74, 0x55, 0x54, 0x73, 0x37,
+        0x69, 0x69, 0x38, 0x78, 0x52, 0x45, 0x73, 0x71, 0x41, 0x68,
+        0x30, 0x41, 0x3D, 0x3D, 0x0A, 0x2D, 0x2D, 0x2D, 0x2D, 0x2D,
+        0x45, 0x4E, 0x44, 0x20, 0x43, 0x45, 0x52, 0x54, 0x49, 0x46,
+        0x49, 0x43, 0x41, 0x54, 0x45, 0x2D, 0x2D, 0x2D, 0x2D, 0x2D,
+        0x0A
+};
+#define sizeof_root_sm2 (sizeof(root_sm2))
+
+/* ./certs/sm2/root-sm2-key.pem */
+static const unsigned char root_sm2_key[] =
+{
+        0x2D, 0x2D, 0x2D, 0x2D, 0x2D, 0x42, 0x45, 0x47, 0x49, 0x4E,
+        0x20, 0x50, 0x55, 0x42, 0x4C, 0x49, 0x43, 0x20, 0x4B, 0x45,
+        0x59, 0x2D, 0x2D, 0x2D, 0x2D, 0x2D, 0x0A, 0x4D, 0x46, 0x6F,
+        0x77, 0x46, 0x41, 0x59, 0x49, 0x4B, 0x6F, 0x45, 0x63, 0x7A,
+        0x31, 0x55, 0x42, 0x67, 0x69, 0x30, 0x47, 0x43, 0x43, 0x71,
+        0x42, 0x48, 0x4D, 0x39, 0x56, 0x41, 0x59, 0x49, 0x74, 0x41,
+        0x30, 0x49, 0x41, 0x42, 0x4C, 0x75, 0x63, 0x64, 0x59, 0x7A,
+        0x33, 0x46, 0x2F, 0x68, 0x49, 0x71, 0x2F, 0x66, 0x32, 0x32,
+        0x77, 0x32, 0x61, 0x6A, 0x5A, 0x2F, 0x43, 0x30, 0x55, 0x65,
+        0x58, 0x0A, 0x6C, 0x51, 0x74, 0x4F, 0x35, 0x6C, 0x66, 0x73,
+        0x78, 0x66, 0x68, 0x58, 0x56, 0x48, 0x45, 0x35, 0x50, 0x48,
+        0x6E, 0x68, 0x51, 0x44, 0x2B, 0x32, 0x55, 0x65, 0x6C, 0x38,
+        0x78, 0x39, 0x6F, 0x74, 0x37, 0x39, 0x4C, 0x6F, 0x65, 0x59,
+        0x46, 0x37, 0x71, 0x36, 0x4E, 0x66, 0x61, 0x79, 0x70, 0x73,
+        0x6C, 0x78, 0x70, 0x65, 0x6A, 0x74, 0x6E, 0x51, 0x7A, 0x41,
+        0x51, 0x3D, 0x0A, 0x2D, 0x2D, 0x2D, 0x2D, 0x2D, 0x45, 0x4E,
+        0x44, 0x20, 0x50, 0x55, 0x42, 0x4C, 0x49, 0x43, 0x20, 0x4B,
+        0x45, 0x59, 0x2D, 0x2D, 0x2D, 0x2D, 0x2D, 0x0A
+};
+#define sizeof_root_sm2_key (sizeof(root_sm2_key))
+
+/* ./certs/sm2/root-sm2-priv.pem */
+static const unsigned char root_sm2_priv[] =
+{
+        0x2D, 0x2D, 0x2D, 0x2D, 0x2D, 0x42, 0x45, 0x47, 0x49, 0x4E,
+        0x20, 0x50, 0x52, 0x49, 0x56, 0x41, 0x54, 0x45, 0x20, 0x4B,
+        0x45, 0x59, 0x2D, 0x2D, 0x2D, 0x2D, 0x2D, 0x0A, 0x4D, 0x49,
+        0x47, 0x49, 0x41, 0x67, 0x45, 0x41, 0x4D, 0x42, 0x51, 0x47,
+        0x43, 0x43, 0x71, 0x42, 0x48, 0x4D, 0x39, 0x56, 0x41, 0x59,
+        0x49, 0x74, 0x42, 0x67, 0x67, 0x71, 0x67, 0x52, 0x7A, 0x50,
+        0x56, 0x51, 0x47, 0x43, 0x4C, 0x51, 0x52, 0x74, 0x4D, 0x47,
+        0x73, 0x43, 0x41, 0x51, 0x45, 0x45, 0x49, 0x4D, 0x5A, 0x72,
+        0x4E, 0x45, 0x77, 0x7A, 0x4E, 0x31, 0x74, 0x6B, 0x46, 0x6C,
+        0x70, 0x2F, 0x0A, 0x42, 0x50, 0x6E, 0x38, 0x68, 0x7A, 0x44,
+        0x52, 0x46, 0x62, 0x70, 0x59, 0x65, 0x4F, 0x34, 0x48, 0x6D,
+        0x43, 0x41, 0x6D, 0x34, 0x51, 0x61, 0x4E, 0x55, 0x59, 0x6F,
+        0x6F, 0x6F, 0x55, 0x51, 0x44, 0x51, 0x67, 0x41, 0x45, 0x75,
+        0x35, 0x78, 0x31, 0x6A, 0x50, 0x63, 0x58, 0x2B, 0x45, 0x69,
+        0x72, 0x39, 0x2F, 0x62, 0x62, 0x44, 0x5A, 0x71, 0x4E, 0x6E,
+        0x38, 0x4C, 0x52, 0x52, 0x35, 0x65, 0x56, 0x0A, 0x43, 0x30,
+        0x37, 0x6D, 0x56, 0x2B, 0x7A, 0x46, 0x2B, 0x46, 0x64, 0x55,
+        0x63, 0x54, 0x6B, 0x38, 0x65, 0x65, 0x46, 0x41, 0x50, 0x37,
+        0x5A, 0x52, 0x36, 0x58, 0x7A, 0x48, 0x32, 0x69, 0x33, 0x76,
+        0x30, 0x75, 0x68, 0x35, 0x67, 0x58, 0x75, 0x72, 0x6F, 0x31,
+        0x39, 0x72, 0x4B, 0x6D, 0x79, 0x58, 0x47, 0x6C, 0x36, 0x4F,
+        0x32, 0x64, 0x44, 0x4D, 0x42, 0x41, 0x3D, 0x3D, 0x0A, 0x2D,
+        0x2D, 0x2D, 0x2D, 0x2D, 0x45, 0x4E, 0x44, 0x20, 0x50, 0x52,
+        0x49, 0x56, 0x41, 0x54, 0x45, 0x20, 0x4B, 0x45, 0x59, 0x2D,
+        0x2D, 0x2D, 0x2D, 0x2D, 0x0A
+};
+#define sizeof_root_sm2_priv (sizeof(root_sm2_priv))
+
+/* ./certs/sm2/self-sm2-cert.pem */
+static const unsigned char self_sm2_cert[] =
+{
+        0x43, 0x65, 0x72, 0x74, 0x69, 0x66, 0x69, 0x63, 0x61, 0x74,
+        0x65, 0x3A, 0x0A, 0x20, 0x20, 0x20, 0x20, 0x44, 0x61, 0x74,
+        0x61, 0x3A, 0x0A, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20,
+        0x20, 0x56, 0x65, 0x72, 0x73, 0x69, 0x6F, 0x6E, 0x3A, 0x20,
+        0x33, 0x20, 0x28, 0x30, 0x78, 0x32, 0x29, 0x0A, 0x20, 0x20,
+        0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x53, 0x65, 0x72, 0x69,
+        0x61, 0x6C, 0x20, 0x4E, 0x75, 0x6D, 0x62, 0x65, 0x72, 0x3A,
+        0x0A, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20,
+        0x20, 0x20, 0x20, 0x30, 0x36, 0x3A, 0x37, 0x62, 0x3A, 0x33,
+        0x61, 0x3A, 0x35, 0x64, 0x3A, 0x63, 0x66, 0x3A, 0x32, 0x32,
+        0x3A, 0x61, 0x39, 0x3A, 0x36, 0x64, 0x3A, 0x36, 0x64, 0x3A,
+        0x37, 0x38, 0x3A, 0x32, 0x62, 0x3A, 0x31, 0x30, 0x3A, 0x30,
+        0x31, 0x3A, 0x35, 0x31, 0x3A, 0x62, 0x36, 0x3A, 0x34, 0x63,
+        0x3A, 0x64, 0x34, 0x3A, 0x38, 0x32, 0x3A, 0x61, 0x32, 0x3A,
+        0x61, 0x31, 0x0A, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20,
+        0x20, 0x53, 0x69, 0x67, 0x6E, 0x61, 0x74, 0x75, 0x72, 0x65,
+        0x20, 0x41, 0x6C, 0x67, 0x6F, 0x72, 0x69, 0x74, 0x68, 0x6D,
+        0x3A, 0x20, 0x53, 0x4D, 0x32, 0x2D, 0x77, 0x69, 0x74, 0x68,
+        0x2D, 0x53, 0x4D, 0x33, 0x0A, 0x20, 0x20, 0x20, 0x20, 0x20,
+        0x20, 0x20, 0x20, 0x49, 0x73, 0x73, 0x75, 0x65, 0x72, 0x3A,
+        0x20, 0x43, 0x20, 0x3D, 0x20, 0x41, 0x55, 0x2C, 0x20, 0x53,
+        0x54, 0x20, 0x3D, 0x20, 0x51, 0x4C, 0x44, 0x2C, 0x20, 0x4F,
+        0x20, 0x3D, 0x20, 0x77, 0x6F, 0x6C, 0x66, 0x53, 0x53, 0x4C,
+        0x2C, 0x20, 0x4F, 0x55, 0x20, 0x3D, 0x20, 0x54, 0x65, 0x73,
+        0x74, 0x69, 0x6E, 0x67, 0x2C, 0x20, 0x43, 0x4E, 0x20, 0x3D,
+        0x20, 0x77, 0x6F, 0x6C, 0x66, 0x73, 0x73, 0x6C, 0x2D, 0x64,
+        0x65, 0x76, 0x2D, 0x73, 0x6D, 0x32, 0x2C, 0x20, 0x65, 0x6D,
+        0x61, 0x69, 0x6C, 0x41, 0x64, 0x64, 0x72, 0x65, 0x73, 0x73,
+        0x20, 0x3D, 0x20, 0x69, 0x6E, 0x66, 0x6F, 0x40, 0x77, 0x6F,
+        0x6C, 0x66, 0x73, 0x73, 0x6C, 0x2E, 0x63, 0x6F, 0x6D, 0x2C,
+        0x20, 0x55, 0x49, 0x44, 0x20, 0x3D, 0x20, 0x77, 0x6F, 0x6C,
+        0x66, 0x53, 0x53, 0x4C, 0x0A, 0x20, 0x20, 0x20, 0x20, 0x20,
+        0x20, 0x20, 0x20, 0x56, 0x61, 0x6C, 0x69, 0x64, 0x69, 0x74,
+        0x79, 0x0A, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20,
+        0x20, 0x20, 0x20, 0x20, 0x4E, 0x6F, 0x74, 0x20, 0x42, 0x65,
+        0x66, 0x6F, 0x72, 0x65, 0x3A, 0x20, 0x4E, 0x6F, 0x76, 0x20,
+        0x32, 0x32, 0x20, 0x32, 0x31, 0x3A, 0x32, 0x38, 0x3A, 0x33,
+        0x37, 0x20, 0x32, 0x30, 0x32, 0x33, 0x20, 0x47, 0x4D, 0x54,
+        0x0A, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20,
+        0x20, 0x20, 0x20, 0x4E, 0x6F, 0x74, 0x20, 0x41, 0x66, 0x74,
+        0x65, 0x72, 0x20, 0x3A, 0x20, 0x41, 0x75, 0x67, 0x20, 0x31,
+        0x38, 0x20, 0x32, 0x31, 0x3A, 0x32, 0x38, 0x3A, 0x33, 0x37,
+        0x20, 0x32, 0x30, 0x32, 0x36, 0x20, 0x47, 0x4D, 0x54, 0x0A,
+        0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x53, 0x75,
+        0x62, 0x6A, 0x65, 0x63, 0x74, 0x3A, 0x20, 0x43, 0x20, 0x3D,
+        0x20, 0x41, 0x55, 0x2C, 0x20, 0x53, 0x54, 0x20, 0x3D, 0x20,
+        0x51, 0x4C, 0x44, 0x2C, 0x20, 0x4F, 0x20, 0x3D, 0x20, 0x77,
+        0x6F, 0x6C, 0x66, 0x53, 0x53, 0x4C, 0x2C, 0x20, 0x4F, 0x55,
+        0x20, 0x3D, 0x20, 0x54, 0x65, 0x73, 0x74, 0x69, 0x6E, 0x67,
+        0x2C, 0x20, 0x43, 0x4E, 0x20, 0x3D, 0x20, 0x77, 0x6F, 0x6C,
+        0x66, 0x73, 0x73, 0x6C, 0x2D, 0x64, 0x65, 0x76, 0x2D, 0x73,
+        0x6D, 0x32, 0x2C, 0x20, 0x65, 0x6D, 0x61, 0x69, 0x6C, 0x41,
+        0x64, 0x64, 0x72, 0x65, 0x73, 0x73, 0x20, 0x3D, 0x20, 0x69,
+        0x6E, 0x66, 0x6F, 0x40, 0x77, 0x6F, 0x6C, 0x66, 0x73, 0x73,
+        0x6C, 0x2E, 0x63, 0x6F, 0x6D, 0x2C, 0x20, 0x55, 0x49, 0x44,
+        0x20, 0x3D, 0x20, 0x77, 0x6F, 0x6C, 0x66, 0x53, 0x53, 0x4C,
+        0x0A, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x53,
+        0x75, 0x62, 0x6A, 0x65, 0x63, 0x74, 0x20, 0x50, 0x75, 0x62,
+        0x6C, 0x69, 0x63, 0x20, 0x4B, 0x65, 0x79, 0x20, 0x49, 0x6E,
+        0x66, 0x6F, 0x3A, 0x0A, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20,
+        0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x50, 0x75, 0x62, 0x6C,
+        0x69, 0x63, 0x20, 0x4B, 0x65, 0x79, 0x20, 0x41, 0x6C, 0x67,
+        0x6F, 0x72, 0x69, 0x74, 0x68, 0x6D, 0x3A, 0x20, 0x69, 0x64,
+        0x2D, 0x65, 0x63, 0x50, 0x75, 0x62, 0x6C, 0x69, 0x63, 0x4B,
+        0x65, 0x79, 0x0A, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20,
+        0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x50,
+        0x75, 0x62, 0x6C, 0x69, 0x63, 0x2D, 0x4B, 0x65, 0x79, 0x3A,
+        0x20, 0x28, 0x32, 0x35, 0x36, 0x20, 0x62, 0x69, 0x74, 0x29,
+        0x0A, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20,
+        0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x70, 0x75, 0x62,
+        0x3A, 0x0A, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20,
+        0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20,
+        0x20, 0x20, 0x30, 0x34, 0x3A, 0x64, 0x38, 0x3A, 0x63, 0x34,
+        0x3A, 0x61, 0x31, 0x3A, 0x66, 0x31, 0x3A, 0x30, 0x62, 0x3A,
+        0x38, 0x62, 0x3A, 0x38, 0x64, 0x3A, 0x63, 0x34, 0x3A, 0x37,
+        0x64, 0x3A, 0x64, 0x63, 0x3A, 0x64, 0x34, 0x3A, 0x36, 0x35,
+        0x3A, 0x62, 0x39, 0x3A, 0x61, 0x35, 0x3A, 0x0A, 0x20, 0x20,
+        0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20,
+        0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x35, 0x35,
+        0x3A, 0x34, 0x65, 0x3A, 0x66, 0x62, 0x3A, 0x61, 0x63, 0x3A,
+        0x33, 0x33, 0x3A, 0x61, 0x62, 0x3A, 0x39, 0x62, 0x3A, 0x34,
+        0x33, 0x3A, 0x39, 0x34, 0x3A, 0x34, 0x63, 0x3A, 0x34, 0x38,
+        0x3A, 0x34, 0x30, 0x3A, 0x31, 0x62, 0x3A, 0x33, 0x33, 0x3A,
+        0x64, 0x39, 0x3A, 0x0A, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20,
+        0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20,
+        0x20, 0x20, 0x20, 0x20, 0x31, 0x62, 0x3A, 0x63, 0x63, 0x3A,
+        0x33, 0x31, 0x3A, 0x63, 0x31, 0x3A, 0x38, 0x32, 0x3A, 0x35,
+        0x36, 0x3A, 0x33, 0x66, 0x3A, 0x62, 0x30, 0x3A, 0x63, 0x30,
+        0x3A, 0x36, 0x62, 0x3A, 0x39, 0x35, 0x3A, 0x34, 0x30, 0x3A,
+        0x35, 0x31, 0x3A, 0x66, 0x64, 0x3A, 0x38, 0x38, 0x3A, 0x0A,
+        0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20,
+        0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20,
+        0x30, 0x32, 0x3A, 0x30, 0x31, 0x3A, 0x62, 0x31, 0x3A, 0x62,
+        0x30, 0x3A, 0x39, 0x34, 0x3A, 0x36, 0x63, 0x3A, 0x30, 0x36,
+        0x3A, 0x65, 0x62, 0x3A, 0x61, 0x37, 0x3A, 0x64, 0x61, 0x3A,
+        0x38, 0x65, 0x3A, 0x65, 0x65, 0x3A, 0x37, 0x30, 0x3A, 0x62,
+        0x36, 0x3A, 0x65, 0x35, 0x3A, 0x0A, 0x20, 0x20, 0x20, 0x20,
+        0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20,
+        0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x62, 0x62, 0x3A, 0x62,
+        0x34, 0x3A, 0x31, 0x65, 0x3A, 0x65, 0x37, 0x3A, 0x62, 0x34,
+        0x0A, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20,
+        0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x41, 0x53, 0x4E,
+        0x31, 0x20, 0x4F, 0x49, 0x44, 0x3A, 0x20, 0x53, 0x4D, 0x32,
+        0x0A, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x58,
+        0x35, 0x30, 0x39, 0x76, 0x33, 0x20, 0x65, 0x78, 0x74, 0x65,
+        0x6E, 0x73, 0x69, 0x6F, 0x6E, 0x73, 0x3A, 0x0A, 0x20, 0x20,
+        0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20,
+        0x58, 0x35, 0x30, 0x39, 0x76, 0x33, 0x20, 0x53, 0x75, 0x62,
+        0x6A, 0x65, 0x63, 0x74, 0x20, 0x4B, 0x65, 0x79, 0x20, 0x49,
+        0x64, 0x65, 0x6E, 0x74, 0x69, 0x66, 0x69, 0x65, 0x72, 0x3A,
+        0x20, 0x0A, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20,
+        0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x36, 0x45,
+        0x3A, 0x39, 0x37, 0x3A, 0x45, 0x38, 0x3A, 0x39, 0x38, 0x3A,
+        0x42, 0x36, 0x3A, 0x35, 0x42, 0x3A, 0x42, 0x36, 0x3A, 0x41,
+        0x45, 0x3A, 0x38, 0x37, 0x3A, 0x30, 0x34, 0x3A, 0x44, 0x42,
+        0x3A, 0x31, 0x34, 0x3A, 0x35, 0x36, 0x3A, 0x36, 0x36, 0x3A,
+        0x31, 0x36, 0x3A, 0x46, 0x34, 0x3A, 0x42, 0x38, 0x3A, 0x32,
+        0x44, 0x3A, 0x38, 0x43, 0x3A, 0x46, 0x32, 0x0A, 0x20, 0x20,
+        0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20,
+        0x58, 0x35, 0x30, 0x39, 0x76, 0x33, 0x20, 0x41, 0x75, 0x74,
+        0x68, 0x6F, 0x72, 0x69, 0x74, 0x79, 0x20, 0x4B, 0x65, 0x79,
+        0x20, 0x49, 0x64, 0x65, 0x6E, 0x74, 0x69, 0x66, 0x69, 0x65,
+        0x72, 0x3A, 0x20, 0x0A, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20,
+        0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20,
+        0x36, 0x45, 0x3A, 0x39, 0x37, 0x3A, 0x45, 0x38, 0x3A, 0x39,
+        0x38, 0x3A, 0x42, 0x36, 0x3A, 0x35, 0x42, 0x3A, 0x42, 0x36,
+        0x3A, 0x41, 0x45, 0x3A, 0x38, 0x37, 0x3A, 0x30, 0x34, 0x3A,
+        0x44, 0x42, 0x3A, 0x31, 0x34, 0x3A, 0x35, 0x36, 0x3A, 0x36,
+        0x36, 0x3A, 0x31, 0x36, 0x3A, 0x46, 0x34, 0x3A, 0x42, 0x38,
+        0x3A, 0x32, 0x44, 0x3A, 0x38, 0x43, 0x3A, 0x46, 0x32, 0x0A,
+        0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20,
+        0x20, 0x20, 0x58, 0x35, 0x30, 0x39, 0x76, 0x33, 0x20, 0x42,
+        0x61, 0x73, 0x69, 0x63, 0x20, 0x43, 0x6F, 0x6E, 0x73, 0x74,
+        0x72, 0x61, 0x69, 0x6E, 0x74, 0x73, 0x3A, 0x20, 0x63, 0x72,
+        0x69, 0x74, 0x69, 0x63, 0x61, 0x6C, 0x0A, 0x20, 0x20, 0x20,
+        0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20,
+        0x20, 0x20, 0x20, 0x43, 0x41, 0x3A, 0x54, 0x52, 0x55, 0x45,
+        0x0A, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20,
+        0x20, 0x20, 0x20, 0x58, 0x35, 0x30, 0x39, 0x76, 0x33, 0x20,
+        0x4B, 0x65, 0x79, 0x20, 0x55, 0x73, 0x61, 0x67, 0x65, 0x3A,
+        0x20, 0x63, 0x72, 0x69, 0x74, 0x69, 0x63, 0x61, 0x6C, 0x0A,
+        0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20,
+        0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x44, 0x69, 0x67, 0x69,
+        0x74, 0x61, 0x6C, 0x20, 0x53, 0x69, 0x67, 0x6E, 0x61, 0x74,
+        0x75, 0x72, 0x65, 0x2C, 0x20, 0x43, 0x65, 0x72, 0x74, 0x69,
+        0x66, 0x69, 0x63, 0x61, 0x74, 0x65, 0x20, 0x53, 0x69, 0x67,
+        0x6E, 0x2C, 0x20, 0x43, 0x52, 0x4C, 0x20, 0x53, 0x69, 0x67,
+        0x6E, 0x0A, 0x20, 0x20, 0x20, 0x20, 0x53, 0x69, 0x67, 0x6E,
+        0x61, 0x74, 0x75, 0x72, 0x65, 0x20, 0x41, 0x6C, 0x67, 0x6F,
+        0x72, 0x69, 0x74, 0x68, 0x6D, 0x3A, 0x20, 0x53, 0x4D, 0x32,
+        0x2D, 0x77, 0x69, 0x74, 0x68, 0x2D, 0x53, 0x4D, 0x33, 0x0A,
+        0x20, 0x20, 0x20, 0x20, 0x53, 0x69, 0x67, 0x6E, 0x61, 0x74,
+        0x75, 0x72, 0x65, 0x20, 0x56, 0x61, 0x6C, 0x75, 0x65, 0x3A,
+        0x0A, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x33,
+        0x30, 0x3A, 0x34, 0x34, 0x3A, 0x30, 0x32, 0x3A, 0x32, 0x30,
+        0x3A, 0x30, 0x66, 0x3A, 0x63, 0x33, 0x3A, 0x32, 0x63, 0x3A,
+        0x33, 0x36, 0x3A, 0x65, 0x33, 0x3A, 0x39, 0x66, 0x3A, 0x31,
+        0x63, 0x3A, 0x65, 0x39, 0x3A, 0x36, 0x38, 0x3A, 0x31, 0x63,
+        0x3A, 0x33, 0x62, 0x3A, 0x34, 0x33, 0x3A, 0x31, 0x38, 0x3A,
+        0x35, 0x62, 0x3A, 0x0A, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20,
+        0x20, 0x20, 0x63, 0x39, 0x3A, 0x38, 0x66, 0x3A, 0x65, 0x34,
+        0x3A, 0x66, 0x61, 0x3A, 0x64, 0x64, 0x3A, 0x33, 0x33, 0x3A,
+        0x63, 0x31, 0x3A, 0x62, 0x38, 0x3A, 0x31, 0x63, 0x3A, 0x64,
+        0x33, 0x3A, 0x64, 0x34, 0x3A, 0x36, 0x31, 0x3A, 0x33, 0x33,
+        0x3A, 0x66, 0x38, 0x3A, 0x33, 0x37, 0x3A, 0x39, 0x64, 0x3A,
+        0x35, 0x61, 0x3A, 0x66, 0x34, 0x3A, 0x0A, 0x20, 0x20, 0x20,
+        0x20, 0x20, 0x20, 0x20, 0x20, 0x30, 0x32, 0x3A, 0x32, 0x30,
+        0x3A, 0x33, 0x61, 0x3A, 0x62, 0x39, 0x3A, 0x61, 0x38, 0x3A,
+        0x34, 0x33, 0x3A, 0x38, 0x30, 0x3A, 0x63, 0x66, 0x3A, 0x33,
+        0x38, 0x3A, 0x32, 0x35, 0x3A, 0x65, 0x39, 0x3A, 0x36, 0x34,
+        0x3A, 0x64, 0x38, 0x3A, 0x32, 0x36, 0x3A, 0x34, 0x37, 0x3A,
+        0x39, 0x64, 0x3A, 0x35, 0x30, 0x3A, 0x30, 0x34, 0x3A, 0x0A,
+        0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x30, 0x63,
+        0x3A, 0x38, 0x61, 0x3A, 0x65, 0x38, 0x3A, 0x61, 0x32, 0x3A,
+        0x34, 0x32, 0x3A, 0x65, 0x38, 0x3A, 0x36, 0x33, 0x3A, 0x64,
+        0x64, 0x3A, 0x35, 0x33, 0x3A, 0x39, 0x34, 0x3A, 0x37, 0x64,
+        0x3A, 0x33, 0x38, 0x3A, 0x36, 0x64, 0x3A, 0x35, 0x32, 0x3A,
+        0x37, 0x30, 0x3A, 0x66, 0x64, 0x0A, 0x2D, 0x2D, 0x2D, 0x2D,
+        0x2D, 0x42, 0x45, 0x47, 0x49, 0x4E, 0x20, 0x43, 0x45, 0x52,
+        0x54, 0x49, 0x46, 0x49, 0x43, 0x41, 0x54, 0x45, 0x2D, 0x2D,
+        0x2D, 0x2D, 0x2D, 0x0A, 0x4D, 0x49, 0x49, 0x43, 0x6A, 0x44,
+        0x43, 0x43, 0x41, 0x6A, 0x4F, 0x67, 0x41, 0x77, 0x49, 0x42,
+        0x41, 0x67, 0x49, 0x55, 0x42, 0x6E, 0x73, 0x36, 0x58, 0x63,
+        0x38, 0x69, 0x71, 0x57, 0x31, 0x74, 0x65, 0x43, 0x73, 0x51,
+        0x41, 0x56, 0x47, 0x32, 0x54, 0x4E, 0x53, 0x43, 0x6F, 0x71,
+        0x45, 0x77, 0x43, 0x67, 0x59, 0x49, 0x4B, 0x6F, 0x45, 0x63,
+        0x7A, 0x31, 0x55, 0x42, 0x67, 0x33, 0x55, 0x77, 0x0A, 0x67,
+        0x5A, 0x4D, 0x78, 0x43, 0x7A, 0x41, 0x4A, 0x42, 0x67, 0x4E,
+        0x56, 0x42, 0x41, 0x59, 0x54, 0x41, 0x6B, 0x46, 0x56, 0x4D,
+        0x51, 0x77, 0x77, 0x43, 0x67, 0x59, 0x44, 0x56, 0x51, 0x51,
+        0x49, 0x44, 0x41, 0x4E, 0x52, 0x54, 0x45, 0x51, 0x78, 0x45,
+        0x44, 0x41, 0x4F, 0x42, 0x67, 0x4E, 0x56, 0x42, 0x41, 0x6F,
+        0x4D, 0x42, 0x33, 0x64, 0x76, 0x62, 0x47, 0x5A, 0x54, 0x55,
+        0x30, 0x77, 0x78, 0x0A, 0x45, 0x44, 0x41, 0x4F, 0x42, 0x67,
+        0x4E, 0x56, 0x42, 0x41, 0x73, 0x4D, 0x42, 0x31, 0x52, 0x6C,
+        0x63, 0x33, 0x52, 0x70, 0x62, 0x6D, 0x63, 0x78, 0x47, 0x44,
+        0x41, 0x57, 0x42, 0x67, 0x4E, 0x56, 0x42, 0x41, 0x4D, 0x4D,
+        0x44, 0x33, 0x64, 0x76, 0x62, 0x47, 0x5A, 0x7A, 0x63, 0x32,
+        0x77, 0x74, 0x5A, 0x47, 0x56, 0x32, 0x4C, 0x58, 0x4E, 0x74,
+        0x4D, 0x6A, 0x45, 0x66, 0x4D, 0x42, 0x30, 0x47, 0x0A, 0x43,
+        0x53, 0x71, 0x47, 0x53, 0x49, 0x62, 0x33, 0x44, 0x51, 0x45,
+        0x4A, 0x41, 0x52, 0x59, 0x51, 0x61, 0x57, 0x35, 0x6D, 0x62,
+        0x30, 0x42, 0x33, 0x62, 0x32, 0x78, 0x6D, 0x63, 0x33, 0x4E,
+        0x73, 0x4C, 0x6D, 0x4E, 0x76, 0x62, 0x54, 0x45, 0x58, 0x4D,
+        0x42, 0x55, 0x47, 0x43, 0x67, 0x6D, 0x53, 0x4A, 0x6F, 0x6D,
+        0x54, 0x38, 0x69, 0x78, 0x6B, 0x41, 0x51, 0x45, 0x4D, 0x42,
+        0x33, 0x64, 0x76, 0x0A, 0x62, 0x47, 0x5A, 0x54, 0x55, 0x30,
+        0x77, 0x77, 0x48, 0x68, 0x63, 0x4E, 0x4D, 0x6A, 0x4D, 0x78,
+        0x4D, 0x54, 0x49, 0x79, 0x4D, 0x6A, 0x45, 0x79, 0x4F, 0x44,
+        0x4D, 0x33, 0x57, 0x68, 0x63, 0x4E, 0x4D, 0x6A, 0x59, 0x77,
+        0x4F, 0x44, 0x45, 0x34, 0x4D, 0x6A, 0x45, 0x79, 0x4F, 0x44,
+        0x4D, 0x33, 0x57, 0x6A, 0x43, 0x42, 0x6B, 0x7A, 0x45, 0x4C,
+        0x4D, 0x41, 0x6B, 0x47, 0x41, 0x31, 0x55, 0x45, 0x0A, 0x42,
+        0x68, 0x4D, 0x43, 0x51, 0x56, 0x55, 0x78, 0x44, 0x44, 0x41,
+        0x4B, 0x42, 0x67, 0x4E, 0x56, 0x42, 0x41, 0x67, 0x4D, 0x41,
+        0x31, 0x46, 0x4D, 0x52, 0x44, 0x45, 0x51, 0x4D, 0x41, 0x34,
+        0x47, 0x41, 0x31, 0x55, 0x45, 0x43, 0x67, 0x77, 0x48, 0x64,
+        0x32, 0x39, 0x73, 0x5A, 0x6C, 0x4E, 0x54, 0x54, 0x44, 0x45,
+        0x51, 0x4D, 0x41, 0x34, 0x47, 0x41, 0x31, 0x55, 0x45, 0x43,
+        0x77, 0x77, 0x48, 0x0A, 0x56, 0x47, 0x56, 0x7A, 0x64, 0x47,
+        0x6C, 0x75, 0x5A, 0x7A, 0x45, 0x59, 0x4D, 0x42, 0x59, 0x47,
+        0x41, 0x31, 0x55, 0x45, 0x41, 0x77, 0x77, 0x50, 0x64, 0x32,
+        0x39, 0x73, 0x5A, 0x6E, 0x4E, 0x7A, 0x62, 0x43, 0x31, 0x6B,
+        0x5A, 0x58, 0x59, 0x74, 0x63, 0x32, 0x30, 0x79, 0x4D, 0x52,
+        0x38, 0x77, 0x48, 0x51, 0x59, 0x4A, 0x4B, 0x6F, 0x5A, 0x49,
+        0x68, 0x76, 0x63, 0x4E, 0x41, 0x51, 0x6B, 0x42, 0x0A, 0x46,
+        0x68, 0x42, 0x70, 0x62, 0x6D, 0x5A, 0x76, 0x51, 0x48, 0x64,
+        0x76, 0x62, 0x47, 0x5A, 0x7A, 0x63, 0x32, 0x77, 0x75, 0x59,
+        0x32, 0x39, 0x74, 0x4D, 0x52, 0x63, 0x77, 0x46, 0x51, 0x59,
+        0x4B, 0x43, 0x5A, 0x49, 0x6D, 0x69, 0x5A, 0x50, 0x79, 0x4C,
+        0x47, 0x51, 0x42, 0x41, 0x51, 0x77, 0x48, 0x64, 0x32, 0x39,
+        0x73, 0x5A, 0x6C, 0x4E, 0x54, 0x54, 0x44, 0x42, 0x5A, 0x4D,
+        0x42, 0x4D, 0x47, 0x0A, 0x42, 0x79, 0x71, 0x47, 0x53, 0x4D,
+        0x34, 0x39, 0x41, 0x67, 0x45, 0x47, 0x43, 0x43, 0x71, 0x42,
+        0x48, 0x4D, 0x39, 0x56, 0x41, 0x59, 0x49, 0x74, 0x41, 0x30,
+        0x49, 0x41, 0x42, 0x4E, 0x6A, 0x45, 0x6F, 0x66, 0x45, 0x4C,
+        0x69, 0x34, 0x33, 0x45, 0x66, 0x64, 0x7A, 0x55, 0x5A, 0x62,
+        0x6D, 0x6C, 0x56, 0x55, 0x37, 0x37, 0x72, 0x44, 0x4F, 0x72,
+        0x6D, 0x30, 0x4F, 0x55, 0x54, 0x45, 0x68, 0x41, 0x0A, 0x47,
+        0x7A, 0x50, 0x5A, 0x47, 0x38, 0x77, 0x78, 0x77, 0x59, 0x4A,
+        0x57, 0x50, 0x37, 0x44, 0x41, 0x61, 0x35, 0x56, 0x41, 0x55,
+        0x66, 0x32, 0x49, 0x41, 0x67, 0x47, 0x78, 0x73, 0x4A, 0x52,
+        0x73, 0x42, 0x75, 0x75, 0x6E, 0x32, 0x6F, 0x37, 0x75, 0x63,
+        0x4C, 0x62, 0x6C, 0x75, 0x37, 0x51, 0x65, 0x35, 0x37, 0x53,
+        0x6A, 0x59, 0x7A, 0x42, 0x68, 0x4D, 0x42, 0x30, 0x47, 0x41,
+        0x31, 0x55, 0x64, 0x0A, 0x44, 0x67, 0x51, 0x57, 0x42, 0x42,
+        0x52, 0x75, 0x6C, 0x2B, 0x69, 0x59, 0x74, 0x6C, 0x75, 0x32,
+        0x72, 0x6F, 0x63, 0x45, 0x32, 0x78, 0x52, 0x57, 0x5A, 0x68,
+        0x62, 0x30, 0x75, 0x43, 0x32, 0x4D, 0x38, 0x6A, 0x41, 0x66,
+        0x42, 0x67, 0x4E, 0x56, 0x48, 0x53, 0x4D, 0x45, 0x47, 0x44,
+        0x41, 0x57, 0x67, 0x42, 0x52, 0x75, 0x6C, 0x2B, 0x69, 0x59,
+        0x74, 0x6C, 0x75, 0x32, 0x72, 0x6F, 0x63, 0x45, 0x0A, 0x32,
+        0x78, 0x52, 0x57, 0x5A, 0x68, 0x62, 0x30, 0x75, 0x43, 0x32,
+        0x4D, 0x38, 0x6A, 0x41, 0x50, 0x42, 0x67, 0x4E, 0x56, 0x48,
+        0x52, 0x4D, 0x42, 0x41, 0x66, 0x38, 0x45, 0x42, 0x54, 0x41,
+        0x44, 0x41, 0x51, 0x48, 0x2F, 0x4D, 0x41, 0x34, 0x47, 0x41,
+        0x31, 0x55, 0x64, 0x44, 0x77, 0x45, 0x42, 0x2F, 0x77, 0x51,
+        0x45, 0x41, 0x77, 0x49, 0x42, 0x68, 0x6A, 0x41, 0x4B, 0x42,
+        0x67, 0x67, 0x71, 0x0A, 0x67, 0x52, 0x7A, 0x50, 0x56, 0x51,
+        0x47, 0x44, 0x64, 0x51, 0x4E, 0x48, 0x41, 0x44, 0x42, 0x45,
+        0x41, 0x69, 0x41, 0x50, 0x77, 0x79, 0x77, 0x32, 0x34, 0x35,
+        0x38, 0x63, 0x36, 0x57, 0x67, 0x63, 0x4F, 0x30, 0x4D, 0x59,
+        0x57, 0x38, 0x6D, 0x50, 0x35, 0x50, 0x72, 0x64, 0x4D, 0x38,
+        0x47, 0x34, 0x48, 0x4E, 0x50, 0x55, 0x59, 0x54, 0x50, 0x34,
+        0x4E, 0x35, 0x31, 0x61, 0x39, 0x41, 0x49, 0x67, 0x0A, 0x4F,
+        0x72, 0x6D, 0x6F, 0x51, 0x34, 0x44, 0x50, 0x4F, 0x43, 0x58,
+        0x70, 0x5A, 0x4E, 0x67, 0x6D, 0x52, 0x35, 0x31, 0x51, 0x42,
+        0x41, 0x79, 0x4B, 0x36, 0x4B, 0x4A, 0x43, 0x36, 0x47, 0x50,
+        0x64, 0x55, 0x35, 0x52, 0x39, 0x4F, 0x47, 0x31, 0x53, 0x63,
+        0x50, 0x30, 0x3D, 0x0A, 0x2D, 0x2D, 0x2D, 0x2D, 0x2D, 0x45,
+        0x4E, 0x44, 0x20, 0x43, 0x45, 0x52, 0x54, 0x49, 0x46, 0x49,
+        0x43, 0x41, 0x54, 0x45, 0x2D, 0x2D, 0x2D, 0x2D, 0x2D, 0x0A
+
+};
+#define sizeof_self_sm2_cert (sizeof(self_sm2_cert))
+
+/* ./certs/sm2/self-sm2-key.pem */
+static const unsigned char self_sm2_key[] =
+{
+        0x2D, 0x2D, 0x2D, 0x2D, 0x2D, 0x42, 0x45, 0x47, 0x49, 0x4E,
+        0x20, 0x50, 0x55, 0x42, 0x4C, 0x49, 0x43, 0x20, 0x4B, 0x45,
+        0x59, 0x2D, 0x2D, 0x2D, 0x2D, 0x2D, 0x0A, 0x4D, 0x46, 0x6B,
+        0x77, 0x45, 0x77, 0x59, 0x48, 0x4B, 0x6F, 0x5A, 0x49, 0x7A,
+        0x6A, 0x30, 0x43, 0x41, 0x51, 0x59, 0x49, 0x4B, 0x6F, 0x45,
+        0x63, 0x7A, 0x31, 0x55, 0x42, 0x67, 0x69, 0x30, 0x44, 0x51,
+        0x67, 0x41, 0x45, 0x32, 0x4D, 0x53, 0x68, 0x38, 0x51, 0x75,
+        0x4C, 0x6A, 0x63, 0x52, 0x39, 0x33, 0x4E, 0x52, 0x6C, 0x75,
+        0x61, 0x56, 0x56, 0x54, 0x76, 0x75, 0x73, 0x4D, 0x36, 0x75,
+        0x62, 0x0A, 0x51, 0x35, 0x52, 0x4D, 0x53, 0x45, 0x41, 0x62,
+        0x4D, 0x39, 0x6B, 0x62, 0x7A, 0x44, 0x48, 0x42, 0x67, 0x6C,
+        0x59, 0x2F, 0x73, 0x4D, 0x42, 0x72, 0x6C, 0x55, 0x42, 0x52,
+        0x2F, 0x59, 0x67, 0x43, 0x41, 0x62, 0x47, 0x77, 0x6C, 0x47,
+        0x77, 0x47, 0x36, 0x36, 0x66, 0x61, 0x6A, 0x75, 0x35, 0x77,
+        0x74, 0x75, 0x57, 0x37, 0x74, 0x42, 0x37, 0x6E, 0x74, 0x41,
+        0x3D, 0x3D, 0x0A, 0x2D, 0x2D, 0x2D, 0x2D, 0x2D, 0x45, 0x4E,
+        0x44, 0x20, 0x50, 0x55, 0x42, 0x4C, 0x49, 0x43, 0x20, 0x4B,
+        0x45, 0x59, 0x2D, 0x2D, 0x2D, 0x2D, 0x2D, 0x0A
+};
+#define sizeof_self_sm2_key (sizeof(self_sm2_key))
+
+/* ./certs/sm2/self-sm2-priv.pem */
+static const unsigned char self_sm2_priv[] =
+{
+        0x2D, 0x2D, 0x2D, 0x2D, 0x2D, 0x42, 0x45, 0x47, 0x49, 0x4E,
+        0x20, 0x50, 0x52, 0x49, 0x56, 0x41, 0x54, 0x45, 0x20, 0x4B,
+        0x45, 0x59, 0x2D, 0x2D, 0x2D, 0x2D, 0x2D, 0x0A, 0x4D, 0x49,
+        0x47, 0x54, 0x41, 0x67, 0x45, 0x41, 0x4D, 0x42, 0x4D, 0x47,
+        0x42, 0x79, 0x71, 0x47, 0x53, 0x4D, 0x34, 0x39, 0x41, 0x67,
+        0x45, 0x47, 0x43, 0x43, 0x71, 0x42, 0x48, 0x4D, 0x39, 0x56,
+        0x41, 0x59, 0x49, 0x74, 0x42, 0x48, 0x6B, 0x77, 0x64, 0x77,
+        0x49, 0x42, 0x41, 0x51, 0x51, 0x67, 0x30, 0x4A, 0x77, 0x6F,
+        0x57, 0x68, 0x58, 0x57, 0x4A, 0x51, 0x32, 0x32, 0x58, 0x39,
+        0x47, 0x68, 0x0A, 0x41, 0x57, 0x36, 0x30, 0x44, 0x74, 0x41,
+        0x32, 0x2B, 0x68, 0x58, 0x38, 0x71, 0x51, 0x54, 0x6C, 0x46,
+        0x36, 0x48, 0x51, 0x4C, 0x79, 0x6E, 0x57, 0x2F, 0x6D, 0x71,
+        0x67, 0x43, 0x67, 0x59, 0x49, 0x4B, 0x6F, 0x45, 0x63, 0x7A,
+        0x31, 0x55, 0x42, 0x67, 0x69, 0x32, 0x68, 0x52, 0x41, 0x4E,
+        0x43, 0x41, 0x41, 0x54, 0x59, 0x78, 0x4B, 0x48, 0x78, 0x43,
+        0x34, 0x75, 0x4E, 0x78, 0x48, 0x33, 0x63, 0x0A, 0x31, 0x47,
+        0x57, 0x35, 0x70, 0x56, 0x56, 0x4F, 0x2B, 0x36, 0x77, 0x7A,
+        0x71, 0x35, 0x74, 0x44, 0x6C, 0x45, 0x78, 0x49, 0x51, 0x42,
+        0x73, 0x7A, 0x32, 0x52, 0x76, 0x4D, 0x4D, 0x63, 0x47, 0x43,
+        0x56, 0x6A, 0x2B, 0x77, 0x77, 0x47, 0x75, 0x56, 0x51, 0x46,
+        0x48, 0x39, 0x69, 0x41, 0x49, 0x42, 0x73, 0x62, 0x43, 0x55,
+        0x62, 0x41, 0x62, 0x72, 0x70, 0x39, 0x71, 0x4F, 0x37, 0x6E,
+        0x43, 0x32, 0x0A, 0x35, 0x62, 0x75, 0x30, 0x48, 0x75, 0x65,
+        0x30, 0x0A, 0x2D, 0x2D, 0x2D, 0x2D, 0x2D, 0x45, 0x4E, 0x44,
+        0x20, 0x50, 0x52, 0x49, 0x56, 0x41, 0x54, 0x45, 0x20, 0x4B,
+        0x45, 0x59, 0x2D, 0x2D, 0x2D, 0x2D, 0x2D, 0x0A
+};
+#define sizeof_self_sm2_priv (sizeof(self_sm2_priv))
+
+/* ./certs/sm2/server-sm2.pem */
+static const unsigned char server_sm2[] =
+{
+        0x43, 0x65, 0x72, 0x74, 0x69, 0x66, 0x69, 0x63, 0x61, 0x74,
+        0x65, 0x3A, 0x0A, 0x20, 0x20, 0x20, 0x20, 0x44, 0x61, 0x74,
+        0x61, 0x3A, 0x0A, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20,
+        0x20, 0x56, 0x65, 0x72, 0x73, 0x69, 0x6F, 0x6E, 0x3A, 0x20,
+        0x33, 0x20, 0x28, 0x30, 0x78, 0x32, 0x29, 0x0A, 0x20, 0x20,
+        0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x53, 0x65, 0x72, 0x69,
+        0x61, 0x6C, 0x20, 0x4E, 0x75, 0x6D, 0x62, 0x65, 0x72, 0x3A,
+        0x20, 0x31, 0x20, 0x28, 0x30, 0x78, 0x31, 0x29, 0x0A, 0x20,
+        0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x53, 0x69, 0x67,
+        0x6E, 0x61, 0x74, 0x75, 0x72, 0x65, 0x20, 0x41, 0x6C, 0x67,
+        0x6F, 0x72, 0x69, 0x74, 0x68, 0x6D, 0x3A, 0x20, 0x53, 0x4D,
+        0x32, 0x2D, 0x77, 0x69, 0x74, 0x68, 0x2D, 0x53, 0x4D, 0x33,
+        0x0A, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x49,
+        0x73, 0x73, 0x75, 0x65, 0x72, 0x3A, 0x20, 0x43, 0x20, 0x3D,
+        0x20, 0x55, 0x53, 0x2C, 0x20, 0x53, 0x54, 0x20, 0x3D, 0x20,
+        0x4D, 0x6F, 0x6E, 0x74, 0x61, 0x6E, 0x61, 0x2C, 0x20, 0x4C,
+        0x20, 0x3D, 0x20, 0x42, 0x6F, 0x7A, 0x65, 0x6D, 0x61, 0x6E,
+        0x2C, 0x20, 0x4F, 0x20, 0x3D, 0x20, 0x77, 0x6F, 0x6C, 0x66,
+        0x53, 0x53, 0x4C, 0x5F, 0x73, 0x6D, 0x32, 0x2C, 0x20, 0x4F,
+        0x55, 0x20, 0x3D, 0x20, 0x43, 0x41, 0x2D, 0x73, 0x6D, 0x32,
+        0x2C, 0x20, 0x43, 0x4E, 0x20, 0x3D, 0x20, 0x77, 0x77, 0x77,
+        0x2E, 0x77, 0x6F, 0x6C, 0x66, 0x73, 0x73, 0x6C, 0x2E, 0x63,
+        0x6F, 0x6D, 0x2C, 0x20, 0x65, 0x6D, 0x61, 0x69, 0x6C, 0x41,
+        0x64, 0x64, 0x72, 0x65, 0x73, 0x73, 0x20, 0x3D, 0x20, 0x69,
+        0x6E, 0x66, 0x6F, 0x40, 0x77, 0x6F, 0x6C, 0x66, 0x73, 0x73,
+        0x6C, 0x2E, 0x63, 0x6F, 0x6D, 0x2C, 0x20, 0x55, 0x49, 0x44,
+        0x20, 0x3D, 0x20, 0x77, 0x6F, 0x6C, 0x66, 0x53, 0x53, 0x4C,
+        0x0A, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x56,
+        0x61, 0x6C, 0x69, 0x64, 0x69, 0x74, 0x79, 0x0A, 0x20, 0x20,
+        0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20,
+        0x4E, 0x6F, 0x74, 0x20, 0x42, 0x65, 0x66, 0x6F, 0x72, 0x65,
+        0x3A, 0x20, 0x46, 0x65, 0x62, 0x20, 0x31, 0x35, 0x20, 0x30,
+        0x36, 0x3A, 0x32, 0x33, 0x3A, 0x30, 0x37, 0x20, 0x32, 0x30,
+        0x32, 0x33, 0x20, 0x47, 0x4D, 0x54, 0x0A, 0x20, 0x20, 0x20,
+        0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x4E,
+        0x6F, 0x74, 0x20, 0x41, 0x66, 0x74, 0x65, 0x72, 0x20, 0x3A,
+        0x20, 0x4E, 0x6F, 0x76, 0x20, 0x31, 0x31, 0x20, 0x30, 0x36,
+        0x3A, 0x32, 0x33, 0x3A, 0x30, 0x37, 0x20, 0x32, 0x30, 0x32,
+        0x35, 0x20, 0x47, 0x4D, 0x54, 0x0A, 0x20, 0x20, 0x20, 0x20,
+        0x20, 0x20, 0x20, 0x20, 0x53, 0x75, 0x62, 0x6A, 0x65, 0x63,
+        0x74, 0x3A, 0x20, 0x43, 0x20, 0x3D, 0x20, 0x55, 0x53, 0x2C,
+        0x20, 0x53, 0x54, 0x20, 0x3D, 0x20, 0x4D, 0x6F, 0x6E, 0x74,
+        0x61, 0x6E, 0x61, 0x2C, 0x20, 0x4C, 0x20, 0x3D, 0x20, 0x42,
+        0x6F, 0x7A, 0x65, 0x6D, 0x61, 0x6E, 0x2C, 0x20, 0x4F, 0x20,
+        0x3D, 0x20, 0x77, 0x6F, 0x6C, 0x66, 0x53, 0x53, 0x4C, 0x5F,
+        0x73, 0x6D, 0x32, 0x2C, 0x20, 0x4F, 0x55, 0x20, 0x3D, 0x20,
+        0x53, 0x65, 0x72, 0x76, 0x65, 0x72, 0x2D, 0x73, 0x6D, 0x32,
+        0x2C, 0x20, 0x43, 0x4E, 0x20, 0x3D, 0x20, 0x77, 0x77, 0x77,
+        0x2E, 0x77, 0x6F, 0x6C, 0x66, 0x73, 0x73, 0x6C, 0x2E, 0x63,
+        0x6F, 0x6D, 0x2C, 0x20, 0x65, 0x6D, 0x61, 0x69, 0x6C, 0x41,
+        0x64, 0x64, 0x72, 0x65, 0x73, 0x73, 0x20, 0x3D, 0x20, 0x69,
+        0x6E, 0x66, 0x6F, 0x40, 0x77, 0x6F, 0x6C, 0x66, 0x73, 0x73,
+        0x6C, 0x2E, 0x63, 0x6F, 0x6D, 0x2C, 0x20, 0x55, 0x49, 0x44,
+        0x20, 0x3D, 0x20, 0x77, 0x6F, 0x6C, 0x66, 0x53, 0x53, 0x4C,
+        0x0A, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x53,
+        0x75, 0x62, 0x6A, 0x65, 0x63, 0x74, 0x20, 0x50, 0x75, 0x62,
+        0x6C, 0x69, 0x63, 0x20, 0x4B, 0x65, 0x79, 0x20, 0x49, 0x6E,
+        0x66, 0x6F, 0x3A, 0x0A, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20,
+        0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x50, 0x75, 0x62, 0x6C,
+        0x69, 0x63, 0x20, 0x4B, 0x65, 0x79, 0x20, 0x41, 0x6C, 0x67,
+        0x6F, 0x72, 0x69, 0x74, 0x68, 0x6D, 0x3A, 0x20, 0x73, 0x6D,
+        0x32, 0x0A, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20,
+        0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x50, 0x75,
+        0x62, 0x6C, 0x69, 0x63, 0x2D, 0x4B, 0x65, 0x79, 0x3A, 0x20,
+        0x28, 0x32, 0x35, 0x36, 0x20, 0x62, 0x69, 0x74, 0x29, 0x0A,
+        0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20,
+        0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x70, 0x75, 0x62, 0x3A,
+        0x0A, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20,
+        0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20,
+        0x20, 0x30, 0x34, 0x3A, 0x39, 0x34, 0x3A, 0x37, 0x30, 0x3A,
+        0x32, 0x62, 0x3A, 0x34, 0x36, 0x3A, 0x65, 0x34, 0x3A, 0x35,
+        0x65, 0x3A, 0x30, 0x66, 0x3A, 0x34, 0x31, 0x3A, 0x66, 0x62,
+        0x3A, 0x38, 0x66, 0x3A, 0x32, 0x64, 0x3A, 0x33, 0x34, 0x3A,
+        0x30, 0x61, 0x3A, 0x34, 0x31, 0x3A, 0x0A, 0x20, 0x20, 0x20,
+        0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20,
+        0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x34, 0x30, 0x3A,
+        0x31, 0x39, 0x3A, 0x35, 0x65, 0x3A, 0x66, 0x62, 0x3A, 0x64,
+        0x34, 0x3A, 0x31, 0x64, 0x3A, 0x31, 0x31, 0x3A, 0x61, 0x63,
+        0x3A, 0x66, 0x61, 0x3A, 0x66, 0x35, 0x3A, 0x39, 0x33, 0x3A,
+        0x33, 0x37, 0x3A, 0x63, 0x36, 0x3A, 0x66, 0x61, 0x3A, 0x38,
+        0x37, 0x3A, 0x0A, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20,
+        0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20,
+        0x20, 0x20, 0x20, 0x30, 0x38, 0x3A, 0x66, 0x37, 0x3A, 0x31,
+        0x36, 0x3A, 0x31, 0x66, 0x3A, 0x32, 0x63, 0x3A, 0x63, 0x65,
+        0x3A, 0x33, 0x30, 0x3A, 0x34, 0x30, 0x3A, 0x39, 0x64, 0x3A,
+        0x34, 0x66, 0x3A, 0x61, 0x36, 0x3A, 0x32, 0x61, 0x3A, 0x30,
+        0x61, 0x3A, 0x61, 0x31, 0x3A, 0x64, 0x36, 0x3A, 0x0A, 0x20,
+        0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20,
+        0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x39,
+        0x35, 0x3A, 0x33, 0x33, 0x3A, 0x63, 0x33, 0x3A, 0x61, 0x36,
+        0x3A, 0x30, 0x33, 0x3A, 0x39, 0x38, 0x3A, 0x65, 0x36, 0x3A,
+        0x38, 0x64, 0x3A, 0x30, 0x35, 0x3A, 0x33, 0x34, 0x3A, 0x62,
+        0x30, 0x3A, 0x39, 0x37, 0x3A, 0x30, 0x63, 0x3A, 0x64, 0x65,
+        0x3A, 0x61, 0x34, 0x3A, 0x0A, 0x20, 0x20, 0x20, 0x20, 0x20,
+        0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20,
+        0x20, 0x20, 0x20, 0x20, 0x20, 0x63, 0x37, 0x3A, 0x63, 0x66,
+        0x3A, 0x35, 0x33, 0x3A, 0x38, 0x66, 0x3A, 0x64, 0x31, 0x0A,
+        0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20,
+        0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x41, 0x53, 0x4E, 0x31,
+        0x20, 0x4F, 0x49, 0x44, 0x3A, 0x20, 0x53, 0x4D, 0x32, 0x0A,
+        0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x58, 0x35,
+        0x30, 0x39, 0x76, 0x33, 0x20, 0x65, 0x78, 0x74, 0x65, 0x6E,
+        0x73, 0x69, 0x6F, 0x6E, 0x73, 0x3A, 0x0A, 0x20, 0x20, 0x20,
+        0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x58,
+        0x35, 0x30, 0x39, 0x76, 0x33, 0x20, 0x53, 0x75, 0x62, 0x6A,
+        0x65, 0x63, 0x74, 0x20, 0x4B, 0x65, 0x79, 0x20, 0x49, 0x64,
+        0x65, 0x6E, 0x74, 0x69, 0x66, 0x69, 0x65, 0x72, 0x3A, 0x20,
+        0x0A, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20,
+        0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x36, 0x37, 0x3A,
+        0x41, 0x45, 0x3A, 0x36, 0x30, 0x3A, 0x46, 0x46, 0x3A, 0x37,
+        0x45, 0x3A, 0x31, 0x42, 0x3A, 0x30, 0x46, 0x3A, 0x39, 0x35,
+        0x3A, 0x41, 0x45, 0x3A, 0x31, 0x46, 0x3A, 0x38, 0x32, 0x3A,
+        0x35, 0x39, 0x3A, 0x46, 0x32, 0x3A, 0x36, 0x43, 0x3A, 0x35,
+        0x36, 0x3A, 0x32, 0x44, 0x3A, 0x39, 0x33, 0x3A, 0x45, 0x46,
+        0x3A, 0x31, 0x37, 0x3A, 0x33, 0x32, 0x0A, 0x20, 0x20, 0x20,
+        0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x58,
+        0x35, 0x30, 0x39, 0x76, 0x33, 0x20, 0x41, 0x75, 0x74, 0x68,
+        0x6F, 0x72, 0x69, 0x74, 0x79, 0x20, 0x4B, 0x65, 0x79, 0x20,
+        0x49, 0x64, 0x65, 0x6E, 0x74, 0x69, 0x66, 0x69, 0x65, 0x72,
+        0x3A, 0x20, 0x0A, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20,
+        0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x34,
+        0x37, 0x3A, 0x30, 0x41, 0x3A, 0x34, 0x38, 0x3A, 0x37, 0x45,
+        0x3A, 0x42, 0x42, 0x3A, 0x30, 0x32, 0x3A, 0x41, 0x38, 0x3A,
+        0x35, 0x41, 0x3A, 0x32, 0x36, 0x3A, 0x35, 0x37, 0x3A, 0x32,
+        0x42, 0x3A, 0x31, 0x39, 0x3A, 0x41, 0x39, 0x3A, 0x37, 0x42,
+        0x3A, 0x36, 0x31, 0x3A, 0x38, 0x42, 0x3A, 0x37, 0x46, 0x3A,
+        0x35, 0x44, 0x3A, 0x39, 0x39, 0x3A, 0x36, 0x45, 0x0A, 0x20,
+        0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20,
+        0x20, 0x58, 0x35, 0x30, 0x39, 0x76, 0x33, 0x20, 0x42, 0x61,
+        0x73, 0x69, 0x63, 0x20, 0x43, 0x6F, 0x6E, 0x73, 0x74, 0x72,
+        0x61, 0x69, 0x6E, 0x74, 0x73, 0x3A, 0x20, 0x63, 0x72, 0x69,
+        0x74, 0x69, 0x63, 0x61, 0x6C, 0x0A, 0x20, 0x20, 0x20, 0x20,
+        0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20,
+        0x20, 0x20, 0x43, 0x41, 0x3A, 0x46, 0x41, 0x4C, 0x53, 0x45,
+        0x0A, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20,
+        0x20, 0x20, 0x20, 0x58, 0x35, 0x30, 0x39, 0x76, 0x33, 0x20,
+        0x4B, 0x65, 0x79, 0x20, 0x55, 0x73, 0x61, 0x67, 0x65, 0x3A,
+        0x20, 0x63, 0x72, 0x69, 0x74, 0x69, 0x63, 0x61, 0x6C, 0x0A,
+        0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20,
+        0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x44, 0x69, 0x67, 0x69,
+        0x74, 0x61, 0x6C, 0x20, 0x53, 0x69, 0x67, 0x6E, 0x61, 0x74,
+        0x75, 0x72, 0x65, 0x2C, 0x20, 0x4B, 0x65, 0x79, 0x20, 0x45,
+        0x6E, 0x63, 0x69, 0x70, 0x68, 0x65, 0x72, 0x6D, 0x65, 0x6E,
+        0x74, 0x2C, 0x20, 0x4B, 0x65, 0x79, 0x20, 0x41, 0x67, 0x72,
+        0x65, 0x65, 0x6D, 0x65, 0x6E, 0x74, 0x0A, 0x20, 0x20, 0x20,
+        0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x58,
+        0x35, 0x30, 0x39, 0x76, 0x33, 0x20, 0x45, 0x78, 0x74, 0x65,
+        0x6E, 0x64, 0x65, 0x64, 0x20, 0x4B, 0x65, 0x79, 0x20, 0x55,
+        0x73, 0x61, 0x67, 0x65, 0x3A, 0x20, 0x0A, 0x20, 0x20, 0x20,
+        0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20,
+        0x20, 0x20, 0x20, 0x54, 0x4C, 0x53, 0x20, 0x57, 0x65, 0x62,
+        0x20, 0x53, 0x65, 0x72, 0x76, 0x65, 0x72, 0x20, 0x41, 0x75,
+        0x74, 0x68, 0x65, 0x6E, 0x74, 0x69, 0x63, 0x61, 0x74, 0x69,
+        0x6F, 0x6E, 0x0A, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20,
+        0x20, 0x20, 0x20, 0x20, 0x20, 0x4E, 0x65, 0x74, 0x73, 0x63,
+        0x61, 0x70, 0x65, 0x20, 0x43, 0x65, 0x72, 0x74, 0x20, 0x54,
+        0x79, 0x70, 0x65, 0x3A, 0x20, 0x0A, 0x20, 0x20, 0x20, 0x20,
+        0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20,
+        0x20, 0x20, 0x53, 0x53, 0x4C, 0x20, 0x53, 0x65, 0x72, 0x76,
+        0x65, 0x72, 0x0A, 0x20, 0x20, 0x20, 0x20, 0x53, 0x69, 0x67,
+        0x6E, 0x61, 0x74, 0x75, 0x72, 0x65, 0x20, 0x41, 0x6C, 0x67,
+        0x6F, 0x72, 0x69, 0x74, 0x68, 0x6D, 0x3A, 0x20, 0x53, 0x4D,
+        0x32, 0x2D, 0x77, 0x69, 0x74, 0x68, 0x2D, 0x53, 0x4D, 0x33,
+        0x0A, 0x20, 0x20, 0x20, 0x20, 0x53, 0x69, 0x67, 0x6E, 0x61,
+        0x74, 0x75, 0x72, 0x65, 0x20, 0x56, 0x61, 0x6C, 0x75, 0x65,
+        0x3A, 0x0A, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20,
+        0x33, 0x30, 0x3A, 0x34, 0x35, 0x3A, 0x30, 0x32, 0x3A, 0x32,
+        0x30, 0x3A, 0x31, 0x62, 0x3A, 0x63, 0x61, 0x3A, 0x39, 0x34,
+        0x3A, 0x32, 0x38, 0x3A, 0x37, 0x66, 0x3A, 0x66, 0x36, 0x3A,
+        0x62, 0x32, 0x3A, 0x30, 0x64, 0x3A, 0x33, 0x31, 0x3A, 0x34,
+        0x33, 0x3A, 0x35, 0x30, 0x3A, 0x65, 0x31, 0x3A, 0x64, 0x35,
+        0x3A, 0x33, 0x34, 0x3A, 0x0A, 0x20, 0x20, 0x20, 0x20, 0x20,
+        0x20, 0x20, 0x20, 0x31, 0x37, 0x3A, 0x64, 0x64, 0x3A, 0x61,
+        0x66, 0x3A, 0x33, 0x61, 0x3A, 0x64, 0x65, 0x3A, 0x38, 0x31,
+        0x3A, 0x30, 0x36, 0x3A, 0x36, 0x37, 0x3A, 0x39, 0x61, 0x3A,
+        0x62, 0x33, 0x3A, 0x30, 0x36, 0x3A, 0x32, 0x32, 0x3A, 0x37,
+        0x65, 0x3A, 0x36, 0x34, 0x3A, 0x65, 0x63, 0x3A, 0x66, 0x64,
+        0x3A, 0x30, 0x65, 0x3A, 0x62, 0x39, 0x3A, 0x0A, 0x20, 0x20,
+        0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x30, 0x32, 0x3A, 0x32,
+        0x31, 0x3A, 0x30, 0x30, 0x3A, 0x61, 0x31, 0x3A, 0x34, 0x38,
+        0x3A, 0x61, 0x38, 0x3A, 0x33, 0x32, 0x3A, 0x64, 0x31, 0x3A,
+        0x30, 0x35, 0x3A, 0x30, 0x39, 0x3A, 0x36, 0x62, 0x3A, 0x31,
+        0x63, 0x3A, 0x65, 0x62, 0x3A, 0x38, 0x39, 0x3A, 0x31, 0x32,
+        0x3A, 0x36, 0x36, 0x3A, 0x64, 0x38, 0x3A, 0x33, 0x38, 0x3A,
+        0x0A, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x61,
+        0x31, 0x3A, 0x63, 0x34, 0x3A, 0x35, 0x63, 0x3A, 0x38, 0x39,
+        0x3A, 0x30, 0x39, 0x3A, 0x30, 0x66, 0x3A, 0x66, 0x64, 0x3A,
+        0x65, 0x39, 0x3A, 0x63, 0x30, 0x3A, 0x33, 0x62, 0x3A, 0x31,
+        0x64, 0x3A, 0x66, 0x62, 0x3A, 0x63, 0x64, 0x3A, 0x62, 0x35,
+        0x3A, 0x34, 0x63, 0x3A, 0x33, 0x31, 0x3A, 0x36, 0x38, 0x0A,
+        0x2D, 0x2D, 0x2D, 0x2D, 0x2D, 0x42, 0x45, 0x47, 0x49, 0x4E,
+        0x20, 0x43, 0x45, 0x52, 0x54, 0x49, 0x46, 0x49, 0x43, 0x41,
+        0x54, 0x45, 0x2D, 0x2D, 0x2D, 0x2D, 0x2D, 0x0A, 0x4D, 0x49,
+        0x49, 0x43, 0x32, 0x44, 0x43, 0x43, 0x41, 0x6E, 0x36, 0x67,
+        0x41, 0x77, 0x49, 0x42, 0x41, 0x67, 0x49, 0x42, 0x41, 0x54,
+        0x41, 0x4B, 0x42, 0x67, 0x67, 0x71, 0x67, 0x52, 0x7A, 0x50,
+        0x56, 0x51, 0x47, 0x44, 0x64, 0x54, 0x43, 0x42, 0x72, 0x44,
+        0x45, 0x4C, 0x4D, 0x41, 0x6B, 0x47, 0x41, 0x31, 0x55, 0x45,
+        0x42, 0x68, 0x4D, 0x43, 0x56, 0x56, 0x4D, 0x78, 0x45, 0x44,
+        0x41, 0x4F, 0x0A, 0x42, 0x67, 0x4E, 0x56, 0x42, 0x41, 0x67,
+        0x4D, 0x42, 0x30, 0x31, 0x76, 0x62, 0x6E, 0x52, 0x68, 0x62,
+        0x6D, 0x45, 0x78, 0x45, 0x44, 0x41, 0x4F, 0x42, 0x67, 0x4E,
+        0x56, 0x42, 0x41, 0x63, 0x4D, 0x42, 0x30, 0x4A, 0x76, 0x65,
+        0x6D, 0x56, 0x74, 0x59, 0x57, 0x34, 0x78, 0x46, 0x44, 0x41,
+        0x53, 0x42, 0x67, 0x4E, 0x56, 0x42, 0x41, 0x6F, 0x4D, 0x43,
+        0x33, 0x64, 0x76, 0x62, 0x47, 0x5A, 0x54, 0x0A, 0x55, 0x30,
+        0x78, 0x66, 0x63, 0x32, 0x30, 0x79, 0x4D, 0x51, 0x38, 0x77,
+        0x44, 0x51, 0x59, 0x44, 0x56, 0x51, 0x51, 0x4C, 0x44, 0x41,
+        0x5A, 0x44, 0x51, 0x53, 0x31, 0x7A, 0x62, 0x54, 0x49, 0x78,
+        0x47, 0x44, 0x41, 0x57, 0x42, 0x67, 0x4E, 0x56, 0x42, 0x41,
+        0x4D, 0x4D, 0x44, 0x33, 0x64, 0x33, 0x64, 0x79, 0x35, 0x33,
+        0x62, 0x32, 0x78, 0x6D, 0x63, 0x33, 0x4E, 0x73, 0x4C, 0x6D,
+        0x4E, 0x76, 0x0A, 0x62, 0x54, 0x45, 0x66, 0x4D, 0x42, 0x30,
+        0x47, 0x43, 0x53, 0x71, 0x47, 0x53, 0x49, 0x62, 0x33, 0x44,
+        0x51, 0x45, 0x4A, 0x41, 0x52, 0x59, 0x51, 0x61, 0x57, 0x35,
+        0x6D, 0x62, 0x30, 0x42, 0x33, 0x62, 0x32, 0x78, 0x6D, 0x63,
+        0x33, 0x4E, 0x73, 0x4C, 0x6D, 0x4E, 0x76, 0x62, 0x54, 0x45,
+        0x58, 0x4D, 0x42, 0x55, 0x47, 0x43, 0x67, 0x6D, 0x53, 0x4A,
+        0x6F, 0x6D, 0x54, 0x38, 0x69, 0x78, 0x6B, 0x0A, 0x41, 0x51,
+        0x45, 0x4D, 0x42, 0x33, 0x64, 0x76, 0x62, 0x47, 0x5A, 0x54,
+        0x55, 0x30, 0x77, 0x77, 0x48, 0x68, 0x63, 0x4E, 0x4D, 0x6A,
+        0x4D, 0x77, 0x4D, 0x6A, 0x45, 0x31, 0x4D, 0x44, 0x59, 0x79,
+        0x4D, 0x7A, 0x41, 0x33, 0x57, 0x68, 0x63, 0x4E, 0x4D, 0x6A,
+        0x55, 0x78, 0x4D, 0x54, 0x45, 0x78, 0x4D, 0x44, 0x59, 0x79,
+        0x4D, 0x7A, 0x41, 0x33, 0x57, 0x6A, 0x43, 0x42, 0x73, 0x44,
+        0x45, 0x4C, 0x0A, 0x4D, 0x41, 0x6B, 0x47, 0x41, 0x31, 0x55,
+        0x45, 0x42, 0x68, 0x4D, 0x43, 0x56, 0x56, 0x4D, 0x78, 0x45,
+        0x44, 0x41, 0x4F, 0x42, 0x67, 0x4E, 0x56, 0x42, 0x41, 0x67,
+        0x4D, 0x42, 0x30, 0x31, 0x76, 0x62, 0x6E, 0x52, 0x68, 0x62,
+        0x6D, 0x45, 0x78, 0x45, 0x44, 0x41, 0x4F, 0x42, 0x67, 0x4E,
+        0x56, 0x42, 0x41, 0x63, 0x4D, 0x42, 0x30, 0x4A, 0x76, 0x65,
+        0x6D, 0x56, 0x74, 0x59, 0x57, 0x34, 0x78, 0x0A, 0x46, 0x44,
+        0x41, 0x53, 0x42, 0x67, 0x4E, 0x56, 0x42, 0x41, 0x6F, 0x4D,
+        0x43, 0x33, 0x64, 0x76, 0x62, 0x47, 0x5A, 0x54, 0x55, 0x30,
+        0x78, 0x66, 0x63, 0x32, 0x30, 0x79, 0x4D, 0x52, 0x4D, 0x77,
+        0x45, 0x51, 0x59, 0x44, 0x56, 0x51, 0x51, 0x4C, 0x44, 0x41,
+        0x70, 0x54, 0x5A, 0x58, 0x4A, 0x32, 0x5A, 0x58, 0x49, 0x74,
+        0x63, 0x32, 0x30, 0x79, 0x4D, 0x52, 0x67, 0x77, 0x46, 0x67,
+        0x59, 0x44, 0x0A, 0x56, 0x51, 0x51, 0x44, 0x44, 0x41, 0x39,
+        0x33, 0x64, 0x33, 0x63, 0x75, 0x64, 0x32, 0x39, 0x73, 0x5A,
+        0x6E, 0x4E, 0x7A, 0x62, 0x43, 0x35, 0x6A, 0x62, 0x32, 0x30,
+        0x78, 0x48, 0x7A, 0x41, 0x64, 0x42, 0x67, 0x6B, 0x71, 0x68,
+        0x6B, 0x69, 0x47, 0x39, 0x77, 0x30, 0x42, 0x43, 0x51, 0x45,
+        0x57, 0x45, 0x47, 0x6C, 0x75, 0x5A, 0x6D, 0x39, 0x41, 0x64,
+        0x32, 0x39, 0x73, 0x5A, 0x6E, 0x4E, 0x7A, 0x0A, 0x62, 0x43,
+        0x35, 0x6A, 0x62, 0x32, 0x30, 0x78, 0x46, 0x7A, 0x41, 0x56,
+        0x42, 0x67, 0x6F, 0x4A, 0x6B, 0x69, 0x61, 0x4A, 0x6B, 0x2F,
+        0x49, 0x73, 0x5A, 0x41, 0x45, 0x42, 0x44, 0x41, 0x64, 0x33,
+        0x62, 0x32, 0x78, 0x6D, 0x55, 0x31, 0x4E, 0x4D, 0x4D, 0x46,
+        0x6F, 0x77, 0x46, 0x41, 0x59, 0x49, 0x4B, 0x6F, 0x45, 0x63,
+        0x7A, 0x31, 0x55, 0x42, 0x67, 0x69, 0x30, 0x47, 0x43, 0x43,
+        0x71, 0x42, 0x0A, 0x48, 0x4D, 0x39, 0x56, 0x41, 0x59, 0x49,
+        0x74, 0x41, 0x30, 0x49, 0x41, 0x42, 0x4A, 0x52, 0x77, 0x4B,
+        0x30, 0x62, 0x6B, 0x58, 0x67, 0x39, 0x42, 0x2B, 0x34, 0x38,
+        0x74, 0x4E, 0x41, 0x70, 0x42, 0x51, 0x42, 0x6C, 0x65, 0x2B,
+        0x39, 0x51, 0x64, 0x45, 0x61, 0x7A, 0x36, 0x39, 0x5A, 0x4D,
+        0x33, 0x78, 0x76, 0x71, 0x48, 0x43, 0x50, 0x63, 0x57, 0x48,
+        0x79, 0x7A, 0x4F, 0x4D, 0x45, 0x43, 0x64, 0x0A, 0x54, 0x36,
+        0x59, 0x71, 0x43, 0x71, 0x48, 0x57, 0x6C, 0x54, 0x50, 0x44,
+        0x70, 0x67, 0x4F, 0x59, 0x35, 0x6F, 0x30, 0x46, 0x4E, 0x4C,
+        0x43, 0x58, 0x44, 0x4E, 0x36, 0x6B, 0x78, 0x38, 0x39, 0x54,
+        0x6A, 0x39, 0x47, 0x6A, 0x67, 0x59, 0x6B, 0x77, 0x67, 0x59,
+        0x59, 0x77, 0x48, 0x51, 0x59, 0x44, 0x56, 0x52, 0x30, 0x4F,
+        0x42, 0x42, 0x59, 0x45, 0x46, 0x47, 0x65, 0x75, 0x59, 0x50,
+        0x39, 0x2B, 0x0A, 0x47, 0x77, 0x2B, 0x56, 0x72, 0x68, 0x2B,
+        0x43, 0x57, 0x66, 0x4A, 0x73, 0x56, 0x69, 0x32, 0x54, 0x37,
+        0x78, 0x63, 0x79, 0x4D, 0x42, 0x38, 0x47, 0x41, 0x31, 0x55,
+        0x64, 0x49, 0x77, 0x51, 0x59, 0x4D, 0x42, 0x61, 0x41, 0x46,
+        0x45, 0x63, 0x4B, 0x53, 0x48, 0x36, 0x37, 0x41, 0x71, 0x68,
+        0x61, 0x4A, 0x6C, 0x63, 0x72, 0x47, 0x61, 0x6C, 0x37, 0x59,
+        0x59, 0x74, 0x2F, 0x58, 0x5A, 0x6C, 0x75, 0x0A, 0x4D, 0x41,
+        0x77, 0x47, 0x41, 0x31, 0x55, 0x64, 0x45, 0x77, 0x45, 0x42,
+        0x2F, 0x77, 0x51, 0x43, 0x4D, 0x41, 0x41, 0x77, 0x44, 0x67,
+        0x59, 0x44, 0x56, 0x52, 0x30, 0x50, 0x41, 0x51, 0x48, 0x2F,
+        0x42, 0x41, 0x51, 0x44, 0x41, 0x67, 0x4F, 0x6F, 0x4D, 0x42,
+        0x4D, 0x47, 0x41, 0x31, 0x55, 0x64, 0x4A, 0x51, 0x51, 0x4D,
+        0x4D, 0x41, 0x6F, 0x47, 0x43, 0x43, 0x73, 0x47, 0x41, 0x51,
+        0x55, 0x46, 0x0A, 0x42, 0x77, 0x4D, 0x42, 0x4D, 0x42, 0x45,
+        0x47, 0x43, 0x57, 0x43, 0x47, 0x53, 0x41, 0x47, 0x47, 0x2B,
+        0x45, 0x49, 0x42, 0x41, 0x51, 0x51, 0x45, 0x41, 0x77, 0x49,
+        0x47, 0x51, 0x44, 0x41, 0x4B, 0x42, 0x67, 0x67, 0x71, 0x67,
+        0x52, 0x7A, 0x50, 0x56, 0x51, 0x47, 0x44, 0x64, 0x51, 0x4E,
+        0x49, 0x41, 0x44, 0x42, 0x46, 0x41, 0x69, 0x41, 0x62, 0x79,
+        0x70, 0x51, 0x6F, 0x66, 0x2F, 0x61, 0x79, 0x0A, 0x44, 0x54,
+        0x46, 0x44, 0x55, 0x4F, 0x48, 0x56, 0x4E, 0x42, 0x66, 0x64,
+        0x72, 0x7A, 0x72, 0x65, 0x67, 0x51, 0x5A, 0x6E, 0x6D, 0x72,
+        0x4D, 0x47, 0x49, 0x6E, 0x35, 0x6B, 0x37, 0x50, 0x30, 0x4F,
+        0x75, 0x51, 0x49, 0x68, 0x41, 0x4B, 0x46, 0x49, 0x71, 0x44,
+        0x4C, 0x52, 0x42, 0x51, 0x6C, 0x72, 0x48, 0x4F, 0x75, 0x4A,
+        0x45, 0x6D, 0x62, 0x59, 0x4F, 0x4B, 0x48, 0x45, 0x58, 0x49,
+        0x6B, 0x4A, 0x0A, 0x44, 0x2F, 0x33, 0x70, 0x77, 0x44, 0x73,
+        0x64, 0x2B, 0x38, 0x32, 0x31, 0x54, 0x44, 0x46, 0x6F, 0x0A,
+        0x2D, 0x2D, 0x2D, 0x2D, 0x2D, 0x45, 0x4E, 0x44, 0x20, 0x43,
+        0x45, 0x52, 0x54, 0x49, 0x46, 0x49, 0x43, 0x41, 0x54, 0x45,
+        0x2D, 0x2D, 0x2D, 0x2D, 0x2D, 0x0A, 0x43, 0x65, 0x72, 0x74,
+        0x69, 0x66, 0x69, 0x63, 0x61, 0x74, 0x65, 0x3A, 0x0A, 0x20,
+        0x20, 0x20, 0x20, 0x44, 0x61, 0x74, 0x61, 0x3A, 0x0A, 0x20,
+        0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x56, 0x65, 0x72,
+        0x73, 0x69, 0x6F, 0x6E, 0x3A, 0x20, 0x33, 0x20, 0x28, 0x30,
+        0x78, 0x32, 0x29, 0x0A, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20,
+        0x20, 0x20, 0x53, 0x65, 0x72, 0x69, 0x61, 0x6C, 0x20, 0x4E,
+        0x75, 0x6D, 0x62, 0x65, 0x72, 0x3A, 0x20, 0x31, 0x20, 0x28,
+        0x30, 0x78, 0x31, 0x29, 0x0A, 0x20, 0x20, 0x20, 0x20, 0x20,
+        0x20, 0x20, 0x20, 0x53, 0x69, 0x67, 0x6E, 0x61, 0x74, 0x75,
+        0x72, 0x65, 0x20, 0x41, 0x6C, 0x67, 0x6F, 0x72, 0x69, 0x74,
+        0x68, 0x6D, 0x3A, 0x20, 0x53, 0x4D, 0x32, 0x2D, 0x77, 0x69,
+        0x74, 0x68, 0x2D, 0x53, 0x4D, 0x33, 0x0A, 0x20, 0x20, 0x20,
+        0x20, 0x20, 0x20, 0x20, 0x20, 0x49, 0x73, 0x73, 0x75, 0x65,
+        0x72, 0x3A, 0x20, 0x43, 0x20, 0x3D, 0x20, 0x55, 0x53, 0x2C,
+        0x20, 0x53, 0x54, 0x20, 0x3D, 0x20, 0x4D, 0x6F, 0x6E, 0x74,
+        0x61, 0x6E, 0x61, 0x2C, 0x20, 0x4C, 0x20, 0x3D, 0x20, 0x42,
+        0x6F, 0x7A, 0x65, 0x6D, 0x61, 0x6E, 0x2C, 0x20, 0x4F, 0x20,
+        0x3D, 0x20, 0x77, 0x6F, 0x6C, 0x66, 0x53, 0x53, 0x4C, 0x5F,
+        0x53, 0x4D, 0x32, 0x2C, 0x20, 0x4F, 0x55, 0x20, 0x3D, 0x20,
+        0x52, 0x6F, 0x6F, 0x74, 0x2D, 0x53, 0x4D, 0x32, 0x2C, 0x20,
+        0x43, 0x4E, 0x20, 0x3D, 0x20, 0x77, 0x77, 0x77, 0x2E, 0x77,
+        0x6F, 0x6C, 0x66, 0x73, 0x73, 0x6C, 0x2E, 0x63, 0x6F, 0x6D,
+        0x2C, 0x20, 0x65, 0x6D, 0x61, 0x69, 0x6C, 0x41, 0x64, 0x64,
+        0x72, 0x65, 0x73, 0x73, 0x20, 0x3D, 0x20, 0x69, 0x6E, 0x66,
+        0x6F, 0x40, 0x77, 0x6F, 0x6C, 0x66, 0x73, 0x73, 0x6C, 0x2E,
+        0x63, 0x6F, 0x6D, 0x0A, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20,
+        0x20, 0x20, 0x56, 0x61, 0x6C, 0x69, 0x64, 0x69, 0x74, 0x79,
+        0x0A, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20,
+        0x20, 0x20, 0x20, 0x4E, 0x6F, 0x74, 0x20, 0x42, 0x65, 0x66,
+        0x6F, 0x72, 0x65, 0x3A, 0x20, 0x46, 0x65, 0x62, 0x20, 0x31,
+        0x35, 0x20, 0x30, 0x36, 0x3A, 0x32, 0x33, 0x3A, 0x30, 0x37,
+        0x20, 0x32, 0x30, 0x32, 0x33, 0x20, 0x47, 0x4D, 0x54, 0x0A,
+        0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20,
+        0x20, 0x20, 0x4E, 0x6F, 0x74, 0x20, 0x41, 0x66, 0x74, 0x65,
+        0x72, 0x20, 0x3A, 0x20, 0x4E, 0x6F, 0x76, 0x20, 0x31, 0x31,
+        0x20, 0x30, 0x36, 0x3A, 0x32, 0x33, 0x3A, 0x30, 0x37, 0x20,
+        0x32, 0x30, 0x32, 0x35, 0x20, 0x47, 0x4D, 0x54, 0x0A, 0x20,
+        0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x53, 0x75, 0x62,
+        0x6A, 0x65, 0x63, 0x74, 0x3A, 0x20, 0x43, 0x20, 0x3D, 0x20,
+        0x55, 0x53, 0x2C, 0x20, 0x53, 0x54, 0x20, 0x3D, 0x20, 0x4D,
+        0x6F, 0x6E, 0x74, 0x61, 0x6E, 0x61, 0x2C, 0x20, 0x4C, 0x20,
+        0x3D, 0x20, 0x42, 0x6F, 0x7A, 0x65, 0x6D, 0x61, 0x6E, 0x2C,
+        0x20, 0x4F, 0x20, 0x3D, 0x20, 0x77, 0x6F, 0x6C, 0x66, 0x53,
+        0x53, 0x4C, 0x5F, 0x73, 0x6D, 0x32, 0x2C, 0x20, 0x4F, 0x55,
+        0x20, 0x3D, 0x20, 0x43, 0x41, 0x2D, 0x73, 0x6D, 0x32, 0x2C,
+        0x20, 0x43, 0x4E, 0x20, 0x3D, 0x20, 0x77, 0x77, 0x77, 0x2E,
+        0x77, 0x6F, 0x6C, 0x66, 0x73, 0x73, 0x6C, 0x2E, 0x63, 0x6F,
+        0x6D, 0x2C, 0x20, 0x65, 0x6D, 0x61, 0x69, 0x6C, 0x41, 0x64,
+        0x64, 0x72, 0x65, 0x73, 0x73, 0x20, 0x3D, 0x20, 0x69, 0x6E,
+        0x66, 0x6F, 0x40, 0x77, 0x6F, 0x6C, 0x66, 0x73, 0x73, 0x6C,
+        0x2E, 0x63, 0x6F, 0x6D, 0x2C, 0x20, 0x55, 0x49, 0x44, 0x20,
+        0x3D, 0x20, 0x77, 0x6F, 0x6C, 0x66, 0x53, 0x53, 0x4C, 0x0A,
+        0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x53, 0x75,
+        0x62, 0x6A, 0x65, 0x63, 0x74, 0x20, 0x50, 0x75, 0x62, 0x6C,
+        0x69, 0x63, 0x20, 0x4B, 0x65, 0x79, 0x20, 0x49, 0x6E, 0x66,
+        0x6F, 0x3A, 0x0A, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20,
+        0x20, 0x20, 0x20, 0x20, 0x20, 0x50, 0x75, 0x62, 0x6C, 0x69,
+        0x63, 0x20, 0x4B, 0x65, 0x79, 0x20, 0x41, 0x6C, 0x67, 0x6F,
+        0x72, 0x69, 0x74, 0x68, 0x6D, 0x3A, 0x20, 0x73, 0x6D, 0x32,
+        0x0A, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20,
+        0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x50, 0x75, 0x62,
+        0x6C, 0x69, 0x63, 0x2D, 0x4B, 0x65, 0x79, 0x3A, 0x20, 0x28,
+        0x32, 0x35, 0x36, 0x20, 0x62, 0x69, 0x74, 0x29, 0x0A, 0x20,
+        0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20,
+        0x20, 0x20, 0x20, 0x20, 0x20, 0x70, 0x75, 0x62, 0x3A, 0x0A,
+        0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20,
+        0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20,
+        0x30, 0x34, 0x3A, 0x32, 0x31, 0x3A, 0x39, 0x32, 0x3A, 0x66,
+        0x37, 0x3A, 0x63, 0x62, 0x3A, 0x32, 0x34, 0x3A, 0x64, 0x66,
+        0x3A, 0x36, 0x34, 0x3A, 0x34, 0x64, 0x3A, 0x62, 0x61, 0x3A,
+        0x61, 0x62, 0x3A, 0x36, 0x36, 0x3A, 0x37, 0x62, 0x3A, 0x38,
+        0x33, 0x3A, 0x37, 0x35, 0x3A, 0x0A, 0x20, 0x20, 0x20, 0x20,
+        0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20,
+        0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x61, 0x39, 0x3A, 0x32,
+        0x39, 0x3A, 0x65, 0x37, 0x3A, 0x66, 0x66, 0x3A, 0x36, 0x34,
+        0x3A, 0x36, 0x33, 0x3A, 0x62, 0x36, 0x3A, 0x64, 0x35, 0x3A,
+        0x34, 0x32, 0x3A, 0x38, 0x30, 0x3A, 0x32, 0x30, 0x3A, 0x62,
+        0x64, 0x3A, 0x65, 0x32, 0x3A, 0x65, 0x32, 0x3A, 0x30, 0x32,
+        0x3A, 0x0A, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20,
+        0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20,
+        0x20, 0x20, 0x31, 0x32, 0x3A, 0x33, 0x62, 0x3A, 0x38, 0x65,
+        0x3A, 0x62, 0x34, 0x3A, 0x30, 0x30, 0x3A, 0x39, 0x35, 0x3A,
+        0x30, 0x39, 0x3A, 0x38, 0x30, 0x3A, 0x63, 0x62, 0x3A, 0x35,
+        0x36, 0x3A, 0x65, 0x64, 0x3A, 0x34, 0x62, 0x3A, 0x63, 0x61,
+        0x3A, 0x38, 0x64, 0x3A, 0x35, 0x37, 0x3A, 0x0A, 0x20, 0x20,
+        0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20,
+        0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x65, 0x36,
+        0x3A, 0x61, 0x65, 0x3A, 0x30, 0x35, 0x3A, 0x64, 0x33, 0x3A,
+        0x37, 0x36, 0x3A, 0x32, 0x37, 0x3A, 0x36, 0x33, 0x3A, 0x37,
+        0x31, 0x3A, 0x33, 0x39, 0x3A, 0x38, 0x39, 0x3A, 0x62, 0x37,
+        0x3A, 0x36, 0x39, 0x3A, 0x65, 0x36, 0x3A, 0x34, 0x38, 0x3A,
+        0x38, 0x30, 0x3A, 0x0A, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20,
+        0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20,
+        0x20, 0x20, 0x20, 0x20, 0x61, 0x65, 0x3A, 0x64, 0x31, 0x3A,
+        0x61, 0x39, 0x3A, 0x34, 0x38, 0x3A, 0x31, 0x32, 0x0A, 0x20,
+        0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20,
+        0x20, 0x20, 0x20, 0x20, 0x20, 0x41, 0x53, 0x4E, 0x31, 0x20,
+        0x4F, 0x49, 0x44, 0x3A, 0x20, 0x53, 0x4D, 0x32, 0x0A, 0x20,
+        0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x58, 0x35, 0x30,
+        0x39, 0x76, 0x33, 0x20, 0x65, 0x78, 0x74, 0x65, 0x6E, 0x73,
+        0x69, 0x6F, 0x6E, 0x73, 0x3A, 0x0A, 0x20, 0x20, 0x20, 0x20,
+        0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x58, 0x35,
+        0x30, 0x39, 0x76, 0x33, 0x20, 0x53, 0x75, 0x62, 0x6A, 0x65,
+        0x63, 0x74, 0x20, 0x4B, 0x65, 0x79, 0x20, 0x49, 0x64, 0x65,
+        0x6E, 0x74, 0x69, 0x66, 0x69, 0x65, 0x72, 0x3A, 0x20, 0x0A,
+        0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20,
+        0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x34, 0x37, 0x3A, 0x30,
+        0x41, 0x3A, 0x34, 0x38, 0x3A, 0x37, 0x45, 0x3A, 0x42, 0x42,
+        0x3A, 0x30, 0x32, 0x3A, 0x41, 0x38, 0x3A, 0x35, 0x41, 0x3A,
+        0x32, 0x36, 0x3A, 0x35, 0x37, 0x3A, 0x32, 0x42, 0x3A, 0x31,
+        0x39, 0x3A, 0x41, 0x39, 0x3A, 0x37, 0x42, 0x3A, 0x36, 0x31,
+        0x3A, 0x38, 0x42, 0x3A, 0x37, 0x46, 0x3A, 0x35, 0x44, 0x3A,
+        0x39, 0x39, 0x3A, 0x36, 0x45, 0x0A, 0x20, 0x20, 0x20, 0x20,
+        0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x58, 0x35,
+        0x30, 0x39, 0x76, 0x33, 0x20, 0x41, 0x75, 0x74, 0x68, 0x6F,
+        0x72, 0x69, 0x74, 0x79, 0x20, 0x4B, 0x65, 0x79, 0x20, 0x49,
+        0x64, 0x65, 0x6E, 0x74, 0x69, 0x66, 0x69, 0x65, 0x72, 0x3A,
+        0x20, 0x0A, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20,
+        0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x33, 0x34,
+        0x3A, 0x31, 0x44, 0x3A, 0x37, 0x39, 0x3A, 0x34, 0x34, 0x3A,
+        0x31, 0x35, 0x3A, 0x37, 0x39, 0x3A, 0x41, 0x31, 0x3A, 0x42,
+        0x31, 0x3A, 0x36, 0x33, 0x3A, 0x39, 0x39, 0x3A, 0x45, 0x33,
+        0x3A, 0x45, 0x44, 0x3A, 0x36, 0x35, 0x3A, 0x37, 0x43, 0x3A,
+        0x36, 0x34, 0x3A, 0x38, 0x39, 0x3A, 0x38, 0x30, 0x3A, 0x46,
+        0x46, 0x3A, 0x42, 0x38, 0x3A, 0x45, 0x43, 0x0A, 0x20, 0x20,
+        0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20,
+        0x58, 0x35, 0x30, 0x39, 0x76, 0x33, 0x20, 0x42, 0x61, 0x73,
+        0x69, 0x63, 0x20, 0x43, 0x6F, 0x6E, 0x73, 0x74, 0x72, 0x61,
+        0x69, 0x6E, 0x74, 0x73, 0x3A, 0x20, 0x63, 0x72, 0x69, 0x74,
+        0x69, 0x63, 0x61, 0x6C, 0x0A, 0x20, 0x20, 0x20, 0x20, 0x20,
+        0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20,
+        0x20, 0x43, 0x41, 0x3A, 0x54, 0x52, 0x55, 0x45, 0x0A, 0x20,
+        0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20,
+        0x20, 0x58, 0x35, 0x30, 0x39, 0x76, 0x33, 0x20, 0x4B, 0x65,
+        0x79, 0x20, 0x55, 0x73, 0x61, 0x67, 0x65, 0x3A, 0x20, 0x63,
+        0x72, 0x69, 0x74, 0x69, 0x63, 0x61, 0x6C, 0x0A, 0x20, 0x20,
+        0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20,
+        0x20, 0x20, 0x20, 0x20, 0x44, 0x69, 0x67, 0x69, 0x74, 0x61,
+        0x6C, 0x20, 0x53, 0x69, 0x67, 0x6E, 0x61, 0x74, 0x75, 0x72,
+        0x65, 0x2C, 0x20, 0x43, 0x65, 0x72, 0x74, 0x69, 0x66, 0x69,
+        0x63, 0x61, 0x74, 0x65, 0x20, 0x53, 0x69, 0x67, 0x6E, 0x2C,
+        0x20, 0x43, 0x52, 0x4C, 0x20, 0x53, 0x69, 0x67, 0x6E, 0x0A,
+        0x20, 0x20, 0x20, 0x20, 0x53, 0x69, 0x67, 0x6E, 0x61, 0x74,
+        0x75, 0x72, 0x65, 0x20, 0x41, 0x6C, 0x67, 0x6F, 0x72, 0x69,
+        0x74, 0x68, 0x6D, 0x3A, 0x20, 0x53, 0x4D, 0x32, 0x2D, 0x77,
+        0x69, 0x74, 0x68, 0x2D, 0x53, 0x4D, 0x33, 0x0A, 0x20, 0x20,
+        0x20, 0x20, 0x53, 0x69, 0x67, 0x6E, 0x61, 0x74, 0x75, 0x72,
+        0x65, 0x20, 0x56, 0x61, 0x6C, 0x75, 0x65, 0x3A, 0x0A, 0x20,
+        0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x33, 0x30, 0x3A,
+        0x34, 0x35, 0x3A, 0x30, 0x32, 0x3A, 0x32, 0x30, 0x3A, 0x34,
+        0x37, 0x3A, 0x34, 0x65, 0x3A, 0x30, 0x30, 0x3A, 0x30, 0x33,
+        0x3A, 0x61, 0x62, 0x3A, 0x33, 0x34, 0x3A, 0x61, 0x31, 0x3A,
+        0x61, 0x66, 0x3A, 0x35, 0x39, 0x3A, 0x33, 0x39, 0x3A, 0x38,
+        0x66, 0x3A, 0x36, 0x30, 0x3A, 0x33, 0x36, 0x3A, 0x62, 0x66,
+        0x3A, 0x0A, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20,
+        0x38, 0x39, 0x3A, 0x38, 0x38, 0x3A, 0x34, 0x32, 0x3A, 0x34,
+        0x31, 0x3A, 0x32, 0x37, 0x3A, 0x63, 0x31, 0x3A, 0x64, 0x64,
+        0x3A, 0x35, 0x37, 0x3A, 0x63, 0x39, 0x3A, 0x37, 0x39, 0x3A,
+        0x63, 0x62, 0x3A, 0x31, 0x66, 0x3A, 0x35, 0x36, 0x3A, 0x35,
+        0x63, 0x3A, 0x31, 0x36, 0x3A, 0x62, 0x35, 0x3A, 0x32, 0x38,
+        0x3A, 0x62, 0x64, 0x3A, 0x0A, 0x20, 0x20, 0x20, 0x20, 0x20,
+        0x20, 0x20, 0x20, 0x30, 0x32, 0x3A, 0x32, 0x31, 0x3A, 0x30,
+        0x30, 0x3A, 0x38, 0x62, 0x3A, 0x32, 0x65, 0x3A, 0x32, 0x35,
+        0x3A, 0x65, 0x62, 0x3A, 0x32, 0x31, 0x3A, 0x39, 0x62, 0x3A,
+        0x61, 0x39, 0x3A, 0x32, 0x62, 0x3A, 0x61, 0x36, 0x3A, 0x36,
+        0x61, 0x3A, 0x35, 0x62, 0x3A, 0x64, 0x62, 0x3A, 0x61, 0x37,
+        0x3A, 0x63, 0x37, 0x3A, 0x32, 0x62, 0x3A, 0x0A, 0x20, 0x20,
+        0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x31, 0x31, 0x3A, 0x64,
+        0x66, 0x3A, 0x37, 0x33, 0x3A, 0x31, 0x35, 0x3A, 0x61, 0x64,
+        0x3A, 0x65, 0x34, 0x3A, 0x63, 0x35, 0x3A, 0x63, 0x33, 0x3A,
+        0x63, 0x32, 0x3A, 0x66, 0x33, 0x3A, 0x62, 0x34, 0x3A, 0x62,
+        0x34, 0x3A, 0x36, 0x37, 0x3A, 0x61, 0x66, 0x3A, 0x64, 0x37,
+        0x3A, 0x35, 0x31, 0x3A, 0x31, 0x63, 0x0A, 0x2D, 0x2D, 0x2D,
+        0x2D, 0x2D, 0x42, 0x45, 0x47, 0x49, 0x4E, 0x20, 0x43, 0x45,
+        0x52, 0x54, 0x49, 0x46, 0x49, 0x43, 0x41, 0x54, 0x45, 0x2D,
+        0x2D, 0x2D, 0x2D, 0x2D, 0x0A, 0x4D, 0x49, 0x49, 0x43, 0x6C,
+        0x6A, 0x43, 0x43, 0x41, 0x6A, 0x79, 0x67, 0x41, 0x77, 0x49,
+        0x42, 0x41, 0x67, 0x49, 0x42, 0x41, 0x54, 0x41, 0x4B, 0x42,
+        0x67, 0x67, 0x71, 0x67, 0x52, 0x7A, 0x50, 0x56, 0x51, 0x47,
+        0x44, 0x64, 0x54, 0x43, 0x42, 0x6C, 0x54, 0x45, 0x4C, 0x4D,
+        0x41, 0x6B, 0x47, 0x41, 0x31, 0x55, 0x45, 0x42, 0x68, 0x4D,
+        0x43, 0x56, 0x56, 0x4D, 0x78, 0x45, 0x44, 0x41, 0x4F, 0x0A,
+        0x42, 0x67, 0x4E, 0x56, 0x42, 0x41, 0x67, 0x4D, 0x42, 0x30,
+        0x31, 0x76, 0x62, 0x6E, 0x52, 0x68, 0x62, 0x6D, 0x45, 0x78,
+        0x45, 0x44, 0x41, 0x4F, 0x42, 0x67, 0x4E, 0x56, 0x42, 0x41,
+        0x63, 0x4D, 0x42, 0x30, 0x4A, 0x76, 0x65, 0x6D, 0x56, 0x74,
+        0x59, 0x57, 0x34, 0x78, 0x46, 0x44, 0x41, 0x53, 0x42, 0x67,
+        0x4E, 0x56, 0x42, 0x41, 0x6F, 0x4D, 0x43, 0x33, 0x64, 0x76,
+        0x62, 0x47, 0x5A, 0x54, 0x0A, 0x55, 0x30, 0x78, 0x66, 0x55,
+        0x30, 0x30, 0x79, 0x4D, 0x52, 0x45, 0x77, 0x44, 0x77, 0x59,
+        0x44, 0x56, 0x51, 0x51, 0x4C, 0x44, 0x41, 0x68, 0x53, 0x62,
+        0x32, 0x39, 0x30, 0x4C, 0x56, 0x4E, 0x4E, 0x4D, 0x6A, 0x45,
+        0x59, 0x4D, 0x42, 0x59, 0x47, 0x41, 0x31, 0x55, 0x45, 0x41,
+        0x77, 0x77, 0x50, 0x64, 0x33, 0x64, 0x33, 0x4C, 0x6E, 0x64,
+        0x76, 0x62, 0x47, 0x5A, 0x7A, 0x63, 0x32, 0x77, 0x75, 0x0A,
+        0x59, 0x32, 0x39, 0x74, 0x4D, 0x52, 0x38, 0x77, 0x48, 0x51,
+        0x59, 0x4A, 0x4B, 0x6F, 0x5A, 0x49, 0x68, 0x76, 0x63, 0x4E,
+        0x41, 0x51, 0x6B, 0x42, 0x46, 0x68, 0x42, 0x70, 0x62, 0x6D,
+        0x5A, 0x76, 0x51, 0x48, 0x64, 0x76, 0x62, 0x47, 0x5A, 0x7A,
+        0x63, 0x32, 0x77, 0x75, 0x59, 0x32, 0x39, 0x74, 0x4D, 0x42,
+        0x34, 0x58, 0x44, 0x54, 0x49, 0x7A, 0x4D, 0x44, 0x49, 0x78,
+        0x4E, 0x54, 0x41, 0x32, 0x0A, 0x4D, 0x6A, 0x4D, 0x77, 0x4E,
+        0x31, 0x6F, 0x58, 0x44, 0x54, 0x49, 0x31, 0x4D, 0x54, 0x45,
+        0x78, 0x4D, 0x54, 0x41, 0x32, 0x4D, 0x6A, 0x4D, 0x77, 0x4E,
+        0x31, 0x6F, 0x77, 0x67, 0x61, 0x77, 0x78, 0x43, 0x7A, 0x41,
+        0x4A, 0x42, 0x67, 0x4E, 0x56, 0x42, 0x41, 0x59, 0x54, 0x41,
+        0x6C, 0x56, 0x54, 0x4D, 0x52, 0x41, 0x77, 0x44, 0x67, 0x59,
+        0x44, 0x56, 0x51, 0x51, 0x49, 0x44, 0x41, 0x64, 0x4E, 0x0A,
+        0x62, 0x32, 0x35, 0x30, 0x59, 0x57, 0x35, 0x68, 0x4D, 0x52,
+        0x41, 0x77, 0x44, 0x67, 0x59, 0x44, 0x56, 0x51, 0x51, 0x48,
+        0x44, 0x41, 0x64, 0x43, 0x62, 0x33, 0x70, 0x6C, 0x62, 0x57,
+        0x46, 0x75, 0x4D, 0x52, 0x51, 0x77, 0x45, 0x67, 0x59, 0x44,
+        0x56, 0x51, 0x51, 0x4B, 0x44, 0x41, 0x74, 0x33, 0x62, 0x32,
+        0x78, 0x6D, 0x55, 0x31, 0x4E, 0x4D, 0x58, 0x33, 0x4E, 0x74,
+        0x4D, 0x6A, 0x45, 0x50, 0x0A, 0x4D, 0x41, 0x30, 0x47, 0x41,
+        0x31, 0x55, 0x45, 0x43, 0x77, 0x77, 0x47, 0x51, 0x30, 0x45,
+        0x74, 0x63, 0x32, 0x30, 0x79, 0x4D, 0x52, 0x67, 0x77, 0x46,
+        0x67, 0x59, 0x44, 0x56, 0x51, 0x51, 0x44, 0x44, 0x41, 0x39,
+        0x33, 0x64, 0x33, 0x63, 0x75, 0x64, 0x32, 0x39, 0x73, 0x5A,
+        0x6E, 0x4E, 0x7A, 0x62, 0x43, 0x35, 0x6A, 0x62, 0x32, 0x30,
+        0x78, 0x48, 0x7A, 0x41, 0x64, 0x42, 0x67, 0x6B, 0x71, 0x0A,
+        0x68, 0x6B, 0x69, 0x47, 0x39, 0x77, 0x30, 0x42, 0x43, 0x51,
+        0x45, 0x57, 0x45, 0x47, 0x6C, 0x75, 0x5A, 0x6D, 0x39, 0x41,
+        0x64, 0x32, 0x39, 0x73, 0x5A, 0x6E, 0x4E, 0x7A, 0x62, 0x43,
+        0x35, 0x6A, 0x62, 0x32, 0x30, 0x78, 0x46, 0x7A, 0x41, 0x56,
+        0x42, 0x67, 0x6F, 0x4A, 0x6B, 0x69, 0x61, 0x4A, 0x6B, 0x2F,
+        0x49, 0x73, 0x5A, 0x41, 0x45, 0x42, 0x44, 0x41, 0x64, 0x33,
+        0x62, 0x32, 0x78, 0x6D, 0x0A, 0x55, 0x31, 0x4E, 0x4D, 0x4D,
+        0x46, 0x6F, 0x77, 0x46, 0x41, 0x59, 0x49, 0x4B, 0x6F, 0x45,
+        0x63, 0x7A, 0x31, 0x55, 0x42, 0x67, 0x69, 0x30, 0x47, 0x43,
+        0x43, 0x71, 0x42, 0x48, 0x4D, 0x39, 0x56, 0x41, 0x59, 0x49,
+        0x74, 0x41, 0x30, 0x49, 0x41, 0x42, 0x43, 0x47, 0x53, 0x39,
+        0x38, 0x73, 0x6B, 0x33, 0x32, 0x52, 0x4E, 0x75, 0x71, 0x74,
+        0x6D, 0x65, 0x34, 0x4E, 0x31, 0x71, 0x53, 0x6E, 0x6E, 0x0A,
+        0x2F, 0x32, 0x52, 0x6A, 0x74, 0x74, 0x56, 0x43, 0x67, 0x43,
+        0x43, 0x39, 0x34, 0x75, 0x49, 0x43, 0x45, 0x6A, 0x75, 0x4F,
+        0x74, 0x41, 0x43, 0x56, 0x43, 0x59, 0x44, 0x4C, 0x56, 0x75,
+        0x31, 0x4C, 0x79, 0x6F, 0x31, 0x58, 0x35, 0x71, 0x34, 0x46,
+        0x30, 0x33, 0x59, 0x6E, 0x59, 0x33, 0x45, 0x35, 0x69, 0x62,
+        0x64, 0x70, 0x35, 0x6B, 0x69, 0x41, 0x72, 0x74, 0x47, 0x70,
+        0x53, 0x42, 0x4B, 0x6A, 0x0A, 0x59, 0x7A, 0x42, 0x68, 0x4D,
+        0x42, 0x30, 0x47, 0x41, 0x31, 0x55, 0x64, 0x44, 0x67, 0x51,
+        0x57, 0x42, 0x42, 0x52, 0x48, 0x43, 0x6B, 0x68, 0x2B, 0x75,
+        0x77, 0x4B, 0x6F, 0x57, 0x69, 0x5A, 0x58, 0x4B, 0x78, 0x6D,
+        0x70, 0x65, 0x32, 0x47, 0x4C, 0x66, 0x31, 0x32, 0x5A, 0x62,
+        0x6A, 0x41, 0x66, 0x42, 0x67, 0x4E, 0x56, 0x48, 0x53, 0x4D,
+        0x45, 0x47, 0x44, 0x41, 0x57, 0x67, 0x42, 0x51, 0x30, 0x0A,
+        0x48, 0x58, 0x6C, 0x45, 0x46, 0x58, 0x6D, 0x68, 0x73, 0x57,
+        0x4F, 0x5A, 0x34, 0x2B, 0x31, 0x6C, 0x66, 0x47, 0x53, 0x4A,
+        0x67, 0x50, 0x2B, 0x34, 0x37, 0x44, 0x41, 0x50, 0x42, 0x67,
+        0x4E, 0x56, 0x48, 0x52, 0x4D, 0x42, 0x41, 0x66, 0x38, 0x45,
+        0x42, 0x54, 0x41, 0x44, 0x41, 0x51, 0x48, 0x2F, 0x4D, 0x41,
+        0x34, 0x47, 0x41, 0x31, 0x55, 0x64, 0x44, 0x77, 0x45, 0x42,
+        0x2F, 0x77, 0x51, 0x45, 0x0A, 0x41, 0x77, 0x49, 0x42, 0x68,
+        0x6A, 0x41, 0x4B, 0x42, 0x67, 0x67, 0x71, 0x67, 0x52, 0x7A,
+        0x50, 0x56, 0x51, 0x47, 0x44, 0x64, 0x51, 0x4E, 0x49, 0x41,
+        0x44, 0x42, 0x46, 0x41, 0x69, 0x42, 0x48, 0x54, 0x67, 0x41,
+        0x44, 0x71, 0x7A, 0x53, 0x68, 0x72, 0x31, 0x6B, 0x35, 0x6A,
+        0x32, 0x41, 0x32, 0x76, 0x34, 0x6D, 0x49, 0x51, 0x6B, 0x45,
+        0x6E, 0x77, 0x64, 0x31, 0x58, 0x79, 0x58, 0x6E, 0x4C, 0x0A,
+        0x48, 0x31, 0x5A, 0x63, 0x46, 0x72, 0x55, 0x6F, 0x76, 0x51,
+        0x49, 0x68, 0x41, 0x49, 0x73, 0x75, 0x4A, 0x65, 0x73, 0x68,
+        0x6D, 0x36, 0x6B, 0x72, 0x70, 0x6D, 0x70, 0x62, 0x32, 0x36,
+        0x66, 0x48, 0x4B, 0x78, 0x48, 0x66, 0x63, 0x78, 0x57, 0x74,
+        0x35, 0x4D, 0x58, 0x44, 0x77, 0x76, 0x4F, 0x30, 0x74, 0x47,
+        0x65, 0x76, 0x31, 0x31, 0x45, 0x63, 0x0A, 0x2D, 0x2D, 0x2D,
+        0x2D, 0x2D, 0x45, 0x4E, 0x44, 0x20, 0x43, 0x45, 0x52, 0x54,
+        0x49, 0x46, 0x49, 0x43, 0x41, 0x54, 0x45, 0x2D, 0x2D, 0x2D,
+        0x2D, 0x2D, 0x0A
+};
+#define sizeof_server_sm2 (sizeof(server_sm2))
+
+/* ./certs/sm2/server-sm2-cert.pem */
+static const unsigned char server_sm2_cert[] =
+{
+        0x43, 0x65, 0x72, 0x74, 0x69, 0x66, 0x69, 0x63, 0x61, 0x74,
+        0x65, 0x3A, 0x0A, 0x20, 0x20, 0x20, 0x20, 0x44, 0x61, 0x74,
+        0x61, 0x3A, 0x0A, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20,
+        0x20, 0x56, 0x65, 0x72, 0x73, 0x69, 0x6F, 0x6E, 0x3A, 0x20,
+        0x33, 0x20, 0x28, 0x30, 0x78, 0x32, 0x29, 0x0A, 0x20, 0x20,
+        0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x53, 0x65, 0x72, 0x69,
+        0x61, 0x6C, 0x20, 0x4E, 0x75, 0x6D, 0x62, 0x65, 0x72, 0x3A,
+        0x20, 0x31, 0x20, 0x28, 0x30, 0x78, 0x31, 0x29, 0x0A, 0x20,
+        0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x53, 0x69, 0x67,
+        0x6E, 0x61, 0x74, 0x75, 0x72, 0x65, 0x20, 0x41, 0x6C, 0x67,
+        0x6F, 0x72, 0x69, 0x74, 0x68, 0x6D, 0x3A, 0x20, 0x53, 0x4D,
+        0x32, 0x2D, 0x77, 0x69, 0x74, 0x68, 0x2D, 0x53, 0x4D, 0x33,
+        0x0A, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x49,
+        0x73, 0x73, 0x75, 0x65, 0x72, 0x3A, 0x20, 0x43, 0x20, 0x3D,
+        0x20, 0x55, 0x53, 0x2C, 0x20, 0x53, 0x54, 0x20, 0x3D, 0x20,
+        0x4D, 0x6F, 0x6E, 0x74, 0x61, 0x6E, 0x61, 0x2C, 0x20, 0x4C,
+        0x20, 0x3D, 0x20, 0x42, 0x6F, 0x7A, 0x65, 0x6D, 0x61, 0x6E,
+        0x2C, 0x20, 0x4F, 0x20, 0x3D, 0x20, 0x77, 0x6F, 0x6C, 0x66,
+        0x53, 0x53, 0x4C, 0x5F, 0x73, 0x6D, 0x32, 0x2C, 0x20, 0x4F,
+        0x55, 0x20, 0x3D, 0x20, 0x43, 0x41, 0x2D, 0x73, 0x6D, 0x32,
+        0x2C, 0x20, 0x43, 0x4E, 0x20, 0x3D, 0x20, 0x77, 0x77, 0x77,
+        0x2E, 0x77, 0x6F, 0x6C, 0x66, 0x73, 0x73, 0x6C, 0x2E, 0x63,
+        0x6F, 0x6D, 0x2C, 0x20, 0x65, 0x6D, 0x61, 0x69, 0x6C, 0x41,
+        0x64, 0x64, 0x72, 0x65, 0x73, 0x73, 0x20, 0x3D, 0x20, 0x69,
+        0x6E, 0x66, 0x6F, 0x40, 0x77, 0x6F, 0x6C, 0x66, 0x73, 0x73,
+        0x6C, 0x2E, 0x63, 0x6F, 0x6D, 0x2C, 0x20, 0x55, 0x49, 0x44,
+        0x20, 0x3D, 0x20, 0x77, 0x6F, 0x6C, 0x66, 0x53, 0x53, 0x4C,
+        0x0A, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x56,
+        0x61, 0x6C, 0x69, 0x64, 0x69, 0x74, 0x79, 0x0A, 0x20, 0x20,
+        0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20,
+        0x4E, 0x6F, 0x74, 0x20, 0x42, 0x65, 0x66, 0x6F, 0x72, 0x65,
+        0x3A, 0x20, 0x46, 0x65, 0x62, 0x20, 0x31, 0x35, 0x20, 0x30,
+        0x36, 0x3A, 0x32, 0x33, 0x3A, 0x30, 0x37, 0x20, 0x32, 0x30,
+        0x32, 0x33, 0x20, 0x47, 0x4D, 0x54, 0x0A, 0x20, 0x20, 0x20,
+        0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x4E,
+        0x6F, 0x74, 0x20, 0x41, 0x66, 0x74, 0x65, 0x72, 0x20, 0x3A,
+        0x20, 0x4E, 0x6F, 0x76, 0x20, 0x31, 0x31, 0x20, 0x30, 0x36,
+        0x3A, 0x32, 0x33, 0x3A, 0x30, 0x37, 0x20, 0x32, 0x30, 0x32,
+        0x35, 0x20, 0x47, 0x4D, 0x54, 0x0A, 0x20, 0x20, 0x20, 0x20,
+        0x20, 0x20, 0x20, 0x20, 0x53, 0x75, 0x62, 0x6A, 0x65, 0x63,
+        0x74, 0x3A, 0x20, 0x43, 0x20, 0x3D, 0x20, 0x55, 0x53, 0x2C,
+        0x20, 0x53, 0x54, 0x20, 0x3D, 0x20, 0x4D, 0x6F, 0x6E, 0x74,
+        0x61, 0x6E, 0x61, 0x2C, 0x20, 0x4C, 0x20, 0x3D, 0x20, 0x42,
+        0x6F, 0x7A, 0x65, 0x6D, 0x61, 0x6E, 0x2C, 0x20, 0x4F, 0x20,
+        0x3D, 0x20, 0x77, 0x6F, 0x6C, 0x66, 0x53, 0x53, 0x4C, 0x5F,
+        0x73, 0x6D, 0x32, 0x2C, 0x20, 0x4F, 0x55, 0x20, 0x3D, 0x20,
+        0x53, 0x65, 0x72, 0x76, 0x65, 0x72, 0x2D, 0x73, 0x6D, 0x32,
+        0x2C, 0x20, 0x43, 0x4E, 0x20, 0x3D, 0x20, 0x77, 0x77, 0x77,
+        0x2E, 0x77, 0x6F, 0x6C, 0x66, 0x73, 0x73, 0x6C, 0x2E, 0x63,
+        0x6F, 0x6D, 0x2C, 0x20, 0x65, 0x6D, 0x61, 0x69, 0x6C, 0x41,
+        0x64, 0x64, 0x72, 0x65, 0x73, 0x73, 0x20, 0x3D, 0x20, 0x69,
+        0x6E, 0x66, 0x6F, 0x40, 0x77, 0x6F, 0x6C, 0x66, 0x73, 0x73,
+        0x6C, 0x2E, 0x63, 0x6F, 0x6D, 0x2C, 0x20, 0x55, 0x49, 0x44,
+        0x20, 0x3D, 0x20, 0x77, 0x6F, 0x6C, 0x66, 0x53, 0x53, 0x4C,
+        0x0A, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x53,
+        0x75, 0x62, 0x6A, 0x65, 0x63, 0x74, 0x20, 0x50, 0x75, 0x62,
+        0x6C, 0x69, 0x63, 0x20, 0x4B, 0x65, 0x79, 0x20, 0x49, 0x6E,
+        0x66, 0x6F, 0x3A, 0x0A, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20,
+        0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x50, 0x75, 0x62, 0x6C,
+        0x69, 0x63, 0x20, 0x4B, 0x65, 0x79, 0x20, 0x41, 0x6C, 0x67,
+        0x6F, 0x72, 0x69, 0x74, 0x68, 0x6D, 0x3A, 0x20, 0x73, 0x6D,
+        0x32, 0x0A, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20,
+        0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x50, 0x75,
+        0x62, 0x6C, 0x69, 0x63, 0x2D, 0x4B, 0x65, 0x79, 0x3A, 0x20,
+        0x28, 0x32, 0x35, 0x36, 0x20, 0x62, 0x69, 0x74, 0x29, 0x0A,
+        0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20,
+        0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x70, 0x75, 0x62, 0x3A,
+        0x0A, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20,
+        0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20,
+        0x20, 0x30, 0x34, 0x3A, 0x39, 0x34, 0x3A, 0x37, 0x30, 0x3A,
+        0x32, 0x62, 0x3A, 0x34, 0x36, 0x3A, 0x65, 0x34, 0x3A, 0x35,
+        0x65, 0x3A, 0x30, 0x66, 0x3A, 0x34, 0x31, 0x3A, 0x66, 0x62,
+        0x3A, 0x38, 0x66, 0x3A, 0x32, 0x64, 0x3A, 0x33, 0x34, 0x3A,
+        0x30, 0x61, 0x3A, 0x34, 0x31, 0x3A, 0x0A, 0x20, 0x20, 0x20,
+        0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20,
+        0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x34, 0x30, 0x3A,
+        0x31, 0x39, 0x3A, 0x35, 0x65, 0x3A, 0x66, 0x62, 0x3A, 0x64,
+        0x34, 0x3A, 0x31, 0x64, 0x3A, 0x31, 0x31, 0x3A, 0x61, 0x63,
+        0x3A, 0x66, 0x61, 0x3A, 0x66, 0x35, 0x3A, 0x39, 0x33, 0x3A,
+        0x33, 0x37, 0x3A, 0x63, 0x36, 0x3A, 0x66, 0x61, 0x3A, 0x38,
+        0x37, 0x3A, 0x0A, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20,
+        0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20,
+        0x20, 0x20, 0x20, 0x30, 0x38, 0x3A, 0x66, 0x37, 0x3A, 0x31,
+        0x36, 0x3A, 0x31, 0x66, 0x3A, 0x32, 0x63, 0x3A, 0x63, 0x65,
+        0x3A, 0x33, 0x30, 0x3A, 0x34, 0x30, 0x3A, 0x39, 0x64, 0x3A,
+        0x34, 0x66, 0x3A, 0x61, 0x36, 0x3A, 0x32, 0x61, 0x3A, 0x30,
+        0x61, 0x3A, 0x61, 0x31, 0x3A, 0x64, 0x36, 0x3A, 0x0A, 0x20,
+        0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20,
+        0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x39,
+        0x35, 0x3A, 0x33, 0x33, 0x3A, 0x63, 0x33, 0x3A, 0x61, 0x36,
+        0x3A, 0x30, 0x33, 0x3A, 0x39, 0x38, 0x3A, 0x65, 0x36, 0x3A,
+        0x38, 0x64, 0x3A, 0x30, 0x35, 0x3A, 0x33, 0x34, 0x3A, 0x62,
+        0x30, 0x3A, 0x39, 0x37, 0x3A, 0x30, 0x63, 0x3A, 0x64, 0x65,
+        0x3A, 0x61, 0x34, 0x3A, 0x0A, 0x20, 0x20, 0x20, 0x20, 0x20,
+        0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20,
+        0x20, 0x20, 0x20, 0x20, 0x20, 0x63, 0x37, 0x3A, 0x63, 0x66,
+        0x3A, 0x35, 0x33, 0x3A, 0x38, 0x66, 0x3A, 0x64, 0x31, 0x0A,
+        0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20,
+        0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x41, 0x53, 0x4E, 0x31,
+        0x20, 0x4F, 0x49, 0x44, 0x3A, 0x20, 0x53, 0x4D, 0x32, 0x0A,
+        0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x58, 0x35,
+        0x30, 0x39, 0x76, 0x33, 0x20, 0x65, 0x78, 0x74, 0x65, 0x6E,
+        0x73, 0x69, 0x6F, 0x6E, 0x73, 0x3A, 0x0A, 0x20, 0x20, 0x20,
+        0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x58,
+        0x35, 0x30, 0x39, 0x76, 0x33, 0x20, 0x53, 0x75, 0x62, 0x6A,
+        0x65, 0x63, 0x74, 0x20, 0x4B, 0x65, 0x79, 0x20, 0x49, 0x64,
+        0x65, 0x6E, 0x74, 0x69, 0x66, 0x69, 0x65, 0x72, 0x3A, 0x20,
+        0x0A, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20,
+        0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x36, 0x37, 0x3A,
+        0x41, 0x45, 0x3A, 0x36, 0x30, 0x3A, 0x46, 0x46, 0x3A, 0x37,
+        0x45, 0x3A, 0x31, 0x42, 0x3A, 0x30, 0x46, 0x3A, 0x39, 0x35,
+        0x3A, 0x41, 0x45, 0x3A, 0x31, 0x46, 0x3A, 0x38, 0x32, 0x3A,
+        0x35, 0x39, 0x3A, 0x46, 0x32, 0x3A, 0x36, 0x43, 0x3A, 0x35,
+        0x36, 0x3A, 0x32, 0x44, 0x3A, 0x39, 0x33, 0x3A, 0x45, 0x46,
+        0x3A, 0x31, 0x37, 0x3A, 0x33, 0x32, 0x0A, 0x20, 0x20, 0x20,
+        0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x58,
+        0x35, 0x30, 0x39, 0x76, 0x33, 0x20, 0x41, 0x75, 0x74, 0x68,
+        0x6F, 0x72, 0x69, 0x74, 0x79, 0x20, 0x4B, 0x65, 0x79, 0x20,
+        0x49, 0x64, 0x65, 0x6E, 0x74, 0x69, 0x66, 0x69, 0x65, 0x72,
+        0x3A, 0x20, 0x0A, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20,
+        0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x34,
+        0x37, 0x3A, 0x30, 0x41, 0x3A, 0x34, 0x38, 0x3A, 0x37, 0x45,
+        0x3A, 0x42, 0x42, 0x3A, 0x30, 0x32, 0x3A, 0x41, 0x38, 0x3A,
+        0x35, 0x41, 0x3A, 0x32, 0x36, 0x3A, 0x35, 0x37, 0x3A, 0x32,
+        0x42, 0x3A, 0x31, 0x39, 0x3A, 0x41, 0x39, 0x3A, 0x37, 0x42,
+        0x3A, 0x36, 0x31, 0x3A, 0x38, 0x42, 0x3A, 0x37, 0x46, 0x3A,
+        0x35, 0x44, 0x3A, 0x39, 0x39, 0x3A, 0x36, 0x45, 0x0A, 0x20,
+        0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20,
+        0x20, 0x58, 0x35, 0x30, 0x39, 0x76, 0x33, 0x20, 0x42, 0x61,
+        0x73, 0x69, 0x63, 0x20, 0x43, 0x6F, 0x6E, 0x73, 0x74, 0x72,
+        0x61, 0x69, 0x6E, 0x74, 0x73, 0x3A, 0x20, 0x63, 0x72, 0x69,
+        0x74, 0x69, 0x63, 0x61, 0x6C, 0x0A, 0x20, 0x20, 0x20, 0x20,
+        0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20,
+        0x20, 0x20, 0x43, 0x41, 0x3A, 0x46, 0x41, 0x4C, 0x53, 0x45,
+        0x0A, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20,
+        0x20, 0x20, 0x20, 0x58, 0x35, 0x30, 0x39, 0x76, 0x33, 0x20,
+        0x4B, 0x65, 0x79, 0x20, 0x55, 0x73, 0x61, 0x67, 0x65, 0x3A,
+        0x20, 0x63, 0x72, 0x69, 0x74, 0x69, 0x63, 0x61, 0x6C, 0x0A,
+        0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20,
+        0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x44, 0x69, 0x67, 0x69,
+        0x74, 0x61, 0x6C, 0x20, 0x53, 0x69, 0x67, 0x6E, 0x61, 0x74,
+        0x75, 0x72, 0x65, 0x2C, 0x20, 0x4B, 0x65, 0x79, 0x20, 0x45,
+        0x6E, 0x63, 0x69, 0x70, 0x68, 0x65, 0x72, 0x6D, 0x65, 0x6E,
+        0x74, 0x2C, 0x20, 0x4B, 0x65, 0x79, 0x20, 0x41, 0x67, 0x72,
+        0x65, 0x65, 0x6D, 0x65, 0x6E, 0x74, 0x0A, 0x20, 0x20, 0x20,
+        0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x58,
+        0x35, 0x30, 0x39, 0x76, 0x33, 0x20, 0x45, 0x78, 0x74, 0x65,
+        0x6E, 0x64, 0x65, 0x64, 0x20, 0x4B, 0x65, 0x79, 0x20, 0x55,
+        0x73, 0x61, 0x67, 0x65, 0x3A, 0x20, 0x0A, 0x20, 0x20, 0x20,
+        0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20,
+        0x20, 0x20, 0x20, 0x54, 0x4C, 0x53, 0x20, 0x57, 0x65, 0x62,
+        0x20, 0x53, 0x65, 0x72, 0x76, 0x65, 0x72, 0x20, 0x41, 0x75,
+        0x74, 0x68, 0x65, 0x6E, 0x74, 0x69, 0x63, 0x61, 0x74, 0x69,
+        0x6F, 0x6E, 0x0A, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20,
+        0x20, 0x20, 0x20, 0x20, 0x20, 0x4E, 0x65, 0x74, 0x73, 0x63,
+        0x61, 0x70, 0x65, 0x20, 0x43, 0x65, 0x72, 0x74, 0x20, 0x54,
+        0x79, 0x70, 0x65, 0x3A, 0x20, 0x0A, 0x20, 0x20, 0x20, 0x20,
+        0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20,
+        0x20, 0x20, 0x53, 0x53, 0x4C, 0x20, 0x53, 0x65, 0x72, 0x76,
+        0x65, 0x72, 0x0A, 0x20, 0x20, 0x20, 0x20, 0x53, 0x69, 0x67,
+        0x6E, 0x61, 0x74, 0x75, 0x72, 0x65, 0x20, 0x41, 0x6C, 0x67,
+        0x6F, 0x72, 0x69, 0x74, 0x68, 0x6D, 0x3A, 0x20, 0x53, 0x4D,
+        0x32, 0x2D, 0x77, 0x69, 0x74, 0x68, 0x2D, 0x53, 0x4D, 0x33,
+        0x0A, 0x20, 0x20, 0x20, 0x20, 0x53, 0x69, 0x67, 0x6E, 0x61,
+        0x74, 0x75, 0x72, 0x65, 0x20, 0x56, 0x61, 0x6C, 0x75, 0x65,
+        0x3A, 0x0A, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20,
+        0x33, 0x30, 0x3A, 0x34, 0x35, 0x3A, 0x30, 0x32, 0x3A, 0x32,
+        0x30, 0x3A, 0x31, 0x62, 0x3A, 0x63, 0x61, 0x3A, 0x39, 0x34,
+        0x3A, 0x32, 0x38, 0x3A, 0x37, 0x66, 0x3A, 0x66, 0x36, 0x3A,
+        0x62, 0x32, 0x3A, 0x30, 0x64, 0x3A, 0x33, 0x31, 0x3A, 0x34,
+        0x33, 0x3A, 0x35, 0x30, 0x3A, 0x65, 0x31, 0x3A, 0x64, 0x35,
+        0x3A, 0x33, 0x34, 0x3A, 0x0A, 0x20, 0x20, 0x20, 0x20, 0x20,
+        0x20, 0x20, 0x20, 0x31, 0x37, 0x3A, 0x64, 0x64, 0x3A, 0x61,
+        0x66, 0x3A, 0x33, 0x61, 0x3A, 0x64, 0x65, 0x3A, 0x38, 0x31,
+        0x3A, 0x30, 0x36, 0x3A, 0x36, 0x37, 0x3A, 0x39, 0x61, 0x3A,
+        0x62, 0x33, 0x3A, 0x30, 0x36, 0x3A, 0x32, 0x32, 0x3A, 0x37,
+        0x65, 0x3A, 0x36, 0x34, 0x3A, 0x65, 0x63, 0x3A, 0x66, 0x64,
+        0x3A, 0x30, 0x65, 0x3A, 0x62, 0x39, 0x3A, 0x0A, 0x20, 0x20,
+        0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x30, 0x32, 0x3A, 0x32,
+        0x31, 0x3A, 0x30, 0x30, 0x3A, 0x61, 0x31, 0x3A, 0x34, 0x38,
+        0x3A, 0x61, 0x38, 0x3A, 0x33, 0x32, 0x3A, 0x64, 0x31, 0x3A,
+        0x30, 0x35, 0x3A, 0x30, 0x39, 0x3A, 0x36, 0x62, 0x3A, 0x31,
+        0x63, 0x3A, 0x65, 0x62, 0x3A, 0x38, 0x39, 0x3A, 0x31, 0x32,
+        0x3A, 0x36, 0x36, 0x3A, 0x64, 0x38, 0x3A, 0x33, 0x38, 0x3A,
+        0x0A, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x61,
+        0x31, 0x3A, 0x63, 0x34, 0x3A, 0x35, 0x63, 0x3A, 0x38, 0x39,
+        0x3A, 0x30, 0x39, 0x3A, 0x30, 0x66, 0x3A, 0x66, 0x64, 0x3A,
+        0x65, 0x39, 0x3A, 0x63, 0x30, 0x3A, 0x33, 0x62, 0x3A, 0x31,
+        0x64, 0x3A, 0x66, 0x62, 0x3A, 0x63, 0x64, 0x3A, 0x62, 0x35,
+        0x3A, 0x34, 0x63, 0x3A, 0x33, 0x31, 0x3A, 0x36, 0x38, 0x0A,
+        0x2D, 0x2D, 0x2D, 0x2D, 0x2D, 0x42, 0x45, 0x47, 0x49, 0x4E,
+        0x20, 0x43, 0x45, 0x52, 0x54, 0x49, 0x46, 0x49, 0x43, 0x41,
+        0x54, 0x45, 0x2D, 0x2D, 0x2D, 0x2D, 0x2D, 0x0A, 0x4D, 0x49,
+        0x49, 0x43, 0x32, 0x44, 0x43, 0x43, 0x41, 0x6E, 0x36, 0x67,
+        0x41, 0x77, 0x49, 0x42, 0x41, 0x67, 0x49, 0x42, 0x41, 0x54,
+        0x41, 0x4B, 0x42, 0x67, 0x67, 0x71, 0x67, 0x52, 0x7A, 0x50,
+        0x56, 0x51, 0x47, 0x44, 0x64, 0x54, 0x43, 0x42, 0x72, 0x44,
+        0x45, 0x4C, 0x4D, 0x41, 0x6B, 0x47, 0x41, 0x31, 0x55, 0x45,
+        0x42, 0x68, 0x4D, 0x43, 0x56, 0x56, 0x4D, 0x78, 0x45, 0x44,
+        0x41, 0x4F, 0x0A, 0x42, 0x67, 0x4E, 0x56, 0x42, 0x41, 0x67,
+        0x4D, 0x42, 0x30, 0x31, 0x76, 0x62, 0x6E, 0x52, 0x68, 0x62,
+        0x6D, 0x45, 0x78, 0x45, 0x44, 0x41, 0x4F, 0x42, 0x67, 0x4E,
+        0x56, 0x42, 0x41, 0x63, 0x4D, 0x42, 0x30, 0x4A, 0x76, 0x65,
+        0x6D, 0x56, 0x74, 0x59, 0x57, 0x34, 0x78, 0x46, 0x44, 0x41,
+        0x53, 0x42, 0x67, 0x4E, 0x56, 0x42, 0x41, 0x6F, 0x4D, 0x43,
+        0x33, 0x64, 0x76, 0x62, 0x47, 0x5A, 0x54, 0x0A, 0x55, 0x30,
+        0x78, 0x66, 0x63, 0x32, 0x30, 0x79, 0x4D, 0x51, 0x38, 0x77,
+        0x44, 0x51, 0x59, 0x44, 0x56, 0x51, 0x51, 0x4C, 0x44, 0x41,
+        0x5A, 0x44, 0x51, 0x53, 0x31, 0x7A, 0x62, 0x54, 0x49, 0x78,
+        0x47, 0x44, 0x41, 0x57, 0x42, 0x67, 0x4E, 0x56, 0x42, 0x41,
+        0x4D, 0x4D, 0x44, 0x33, 0x64, 0x33, 0x64, 0x79, 0x35, 0x33,
+        0x62, 0x32, 0x78, 0x6D, 0x63, 0x33, 0x4E, 0x73, 0x4C, 0x6D,
+        0x4E, 0x76, 0x0A, 0x62, 0x54, 0x45, 0x66, 0x4D, 0x42, 0x30,
+        0x47, 0x43, 0x53, 0x71, 0x47, 0x53, 0x49, 0x62, 0x33, 0x44,
+        0x51, 0x45, 0x4A, 0x41, 0x52, 0x59, 0x51, 0x61, 0x57, 0x35,
+        0x6D, 0x62, 0x30, 0x42, 0x33, 0x62, 0x32, 0x78, 0x6D, 0x63,
+        0x33, 0x4E, 0x73, 0x4C, 0x6D, 0x4E, 0x76, 0x62, 0x54, 0x45,
+        0x58, 0x4D, 0x42, 0x55, 0x47, 0x43, 0x67, 0x6D, 0x53, 0x4A,
+        0x6F, 0x6D, 0x54, 0x38, 0x69, 0x78, 0x6B, 0x0A, 0x41, 0x51,
+        0x45, 0x4D, 0x42, 0x33, 0x64, 0x76, 0x62, 0x47, 0x5A, 0x54,
+        0x55, 0x30, 0x77, 0x77, 0x48, 0x68, 0x63, 0x4E, 0x4D, 0x6A,
+        0x4D, 0x77, 0x4D, 0x6A, 0x45, 0x31, 0x4D, 0x44, 0x59, 0x79,
+        0x4D, 0x7A, 0x41, 0x33, 0x57, 0x68, 0x63, 0x4E, 0x4D, 0x6A,
+        0x55, 0x78, 0x4D, 0x54, 0x45, 0x78, 0x4D, 0x44, 0x59, 0x79,
+        0x4D, 0x7A, 0x41, 0x33, 0x57, 0x6A, 0x43, 0x42, 0x73, 0x44,
+        0x45, 0x4C, 0x0A, 0x4D, 0x41, 0x6B, 0x47, 0x41, 0x31, 0x55,
+        0x45, 0x42, 0x68, 0x4D, 0x43, 0x56, 0x56, 0x4D, 0x78, 0x45,
+        0x44, 0x41, 0x4F, 0x42, 0x67, 0x4E, 0x56, 0x42, 0x41, 0x67,
+        0x4D, 0x42, 0x30, 0x31, 0x76, 0x62, 0x6E, 0x52, 0x68, 0x62,
+        0x6D, 0x45, 0x78, 0x45, 0x44, 0x41, 0x4F, 0x42, 0x67, 0x4E,
+        0x56, 0x42, 0x41, 0x63, 0x4D, 0x42, 0x30, 0x4A, 0x76, 0x65,
+        0x6D, 0x56, 0x74, 0x59, 0x57, 0x34, 0x78, 0x0A, 0x46, 0x44,
+        0x41, 0x53, 0x42, 0x67, 0x4E, 0x56, 0x42, 0x41, 0x6F, 0x4D,
+        0x43, 0x33, 0x64, 0x76, 0x62, 0x47, 0x5A, 0x54, 0x55, 0x30,
+        0x78, 0x66, 0x63, 0x32, 0x30, 0x79, 0x4D, 0x52, 0x4D, 0x77,
+        0x45, 0x51, 0x59, 0x44, 0x56, 0x51, 0x51, 0x4C, 0x44, 0x41,
+        0x70, 0x54, 0x5A, 0x58, 0x4A, 0x32, 0x5A, 0x58, 0x49, 0x74,
+        0x63, 0x32, 0x30, 0x79, 0x4D, 0x52, 0x67, 0x77, 0x46, 0x67,
+        0x59, 0x44, 0x0A, 0x56, 0x51, 0x51, 0x44, 0x44, 0x41, 0x39,
+        0x33, 0x64, 0x33, 0x63, 0x75, 0x64, 0x32, 0x39, 0x73, 0x5A,
+        0x6E, 0x4E, 0x7A, 0x62, 0x43, 0x35, 0x6A, 0x62, 0x32, 0x30,
+        0x78, 0x48, 0x7A, 0x41, 0x64, 0x42, 0x67, 0x6B, 0x71, 0x68,
+        0x6B, 0x69, 0x47, 0x39, 0x77, 0x30, 0x42, 0x43, 0x51, 0x45,
+        0x57, 0x45, 0x47, 0x6C, 0x75, 0x5A, 0x6D, 0x39, 0x41, 0x64,
+        0x32, 0x39, 0x73, 0x5A, 0x6E, 0x4E, 0x7A, 0x0A, 0x62, 0x43,
+        0x35, 0x6A, 0x62, 0x32, 0x30, 0x78, 0x46, 0x7A, 0x41, 0x56,
+        0x42, 0x67, 0x6F, 0x4A, 0x6B, 0x69, 0x61, 0x4A, 0x6B, 0x2F,
+        0x49, 0x73, 0x5A, 0x41, 0x45, 0x42, 0x44, 0x41, 0x64, 0x33,
+        0x62, 0x32, 0x78, 0x6D, 0x55, 0x31, 0x4E, 0x4D, 0x4D, 0x46,
+        0x6F, 0x77, 0x46, 0x41, 0x59, 0x49, 0x4B, 0x6F, 0x45, 0x63,
+        0x7A, 0x31, 0x55, 0x42, 0x67, 0x69, 0x30, 0x47, 0x43, 0x43,
+        0x71, 0x42, 0x0A, 0x48, 0x4D, 0x39, 0x56, 0x41, 0x59, 0x49,
+        0x74, 0x41, 0x30, 0x49, 0x41, 0x42, 0x4A, 0x52, 0x77, 0x4B,
+        0x30, 0x62, 0x6B, 0x58, 0x67, 0x39, 0x42, 0x2B, 0x34, 0x38,
+        0x74, 0x4E, 0x41, 0x70, 0x42, 0x51, 0x42, 0x6C, 0x65, 0x2B,
+        0x39, 0x51, 0x64, 0x45, 0x61, 0x7A, 0x36, 0x39, 0x5A, 0x4D,
+        0x33, 0x78, 0x76, 0x71, 0x48, 0x43, 0x50, 0x63, 0x57, 0x48,
+        0x79, 0x7A, 0x4F, 0x4D, 0x45, 0x43, 0x64, 0x0A, 0x54, 0x36,
+        0x59, 0x71, 0x43, 0x71, 0x48, 0x57, 0x6C, 0x54, 0x50, 0x44,
+        0x70, 0x67, 0x4F, 0x59, 0x35, 0x6F, 0x30, 0x46, 0x4E, 0x4C,
+        0x43, 0x58, 0x44, 0x4E, 0x36, 0x6B, 0x78, 0x38, 0x39, 0x54,
+        0x6A, 0x39, 0x47, 0x6A, 0x67, 0x59, 0x6B, 0x77, 0x67, 0x59,
+        0x59, 0x77, 0x48, 0x51, 0x59, 0x44, 0x56, 0x52, 0x30, 0x4F,
+        0x42, 0x42, 0x59, 0x45, 0x46, 0x47, 0x65, 0x75, 0x59, 0x50,
+        0x39, 0x2B, 0x0A, 0x47, 0x77, 0x2B, 0x56, 0x72, 0x68, 0x2B,
+        0x43, 0x57, 0x66, 0x4A, 0x73, 0x56, 0x69, 0x32, 0x54, 0x37,
+        0x78, 0x63, 0x79, 0x4D, 0x42, 0x38, 0x47, 0x41, 0x31, 0x55,
+        0x64, 0x49, 0x77, 0x51, 0x59, 0x4D, 0x42, 0x61, 0x41, 0x46,
+        0x45, 0x63, 0x4B, 0x53, 0x48, 0x36, 0x37, 0x41, 0x71, 0x68,
+        0x61, 0x4A, 0x6C, 0x63, 0x72, 0x47, 0x61, 0x6C, 0x37, 0x59,
+        0x59, 0x74, 0x2F, 0x58, 0x5A, 0x6C, 0x75, 0x0A, 0x4D, 0x41,
+        0x77, 0x47, 0x41, 0x31, 0x55, 0x64, 0x45, 0x77, 0x45, 0x42,
+        0x2F, 0x77, 0x51, 0x43, 0x4D, 0x41, 0x41, 0x77, 0x44, 0x67,
+        0x59, 0x44, 0x56, 0x52, 0x30, 0x50, 0x41, 0x51, 0x48, 0x2F,
+        0x42, 0x41, 0x51, 0x44, 0x41, 0x67, 0x4F, 0x6F, 0x4D, 0x42,
+        0x4D, 0x47, 0x41, 0x31, 0x55, 0x64, 0x4A, 0x51, 0x51, 0x4D,
+        0x4D, 0x41, 0x6F, 0x47, 0x43, 0x43, 0x73, 0x47, 0x41, 0x51,
+        0x55, 0x46, 0x0A, 0x42, 0x77, 0x4D, 0x42, 0x4D, 0x42, 0x45,
+        0x47, 0x43, 0x57, 0x43, 0x47, 0x53, 0x41, 0x47, 0x47, 0x2B,
+        0x45, 0x49, 0x42, 0x41, 0x51, 0x51, 0x45, 0x41, 0x77, 0x49,
+        0x47, 0x51, 0x44, 0x41, 0x4B, 0x42, 0x67, 0x67, 0x71, 0x67,
+        0x52, 0x7A, 0x50, 0x56, 0x51, 0x47, 0x44, 0x64, 0x51, 0x4E,
+        0x49, 0x41, 0x44, 0x42, 0x46, 0x41, 0x69, 0x41, 0x62, 0x79,
+        0x70, 0x51, 0x6F, 0x66, 0x2F, 0x61, 0x79, 0x0A, 0x44, 0x54,
+        0x46, 0x44, 0x55, 0x4F, 0x48, 0x56, 0x4E, 0x42, 0x66, 0x64,
+        0x72, 0x7A, 0x72, 0x65, 0x67, 0x51, 0x5A, 0x6E, 0x6D, 0x72,
+        0x4D, 0x47, 0x49, 0x6E, 0x35, 0x6B, 0x37, 0x50, 0x30, 0x4F,
+        0x75, 0x51, 0x49, 0x68, 0x41, 0x4B, 0x46, 0x49, 0x71, 0x44,
+        0x4C, 0x52, 0x42, 0x51, 0x6C, 0x72, 0x48, 0x4F, 0x75, 0x4A,
+        0x45, 0x6D, 0x62, 0x59, 0x4F, 0x4B, 0x48, 0x45, 0x58, 0x49,
+        0x6B, 0x4A, 0x0A, 0x44, 0x2F, 0x33, 0x70, 0x77, 0x44, 0x73,
+        0x64, 0x2B, 0x38, 0x32, 0x31, 0x54, 0x44, 0x46, 0x6F, 0x0A,
+        0x2D, 0x2D, 0x2D, 0x2D, 0x2D, 0x45, 0x4E, 0x44, 0x20, 0x43,
+        0x45, 0x52, 0x54, 0x49, 0x46, 0x49, 0x43, 0x41, 0x54, 0x45,
+        0x2D, 0x2D, 0x2D, 0x2D, 0x2D, 0x0A
+};
+#define sizeof_server_sm2_cert (sizeof(server_sm2_cert))
+
+/* ./certs/sm2/server-sm2-key.pem */
+static const unsigned char server_sm2_key[] =
+{
+        0x2D, 0x2D, 0x2D, 0x2D, 0x2D, 0x42, 0x45, 0x47, 0x49, 0x4E,
+        0x20, 0x50, 0x55, 0x42, 0x4C, 0x49, 0x43, 0x20, 0x4B, 0x45,
+        0x59, 0x2D, 0x2D, 0x2D, 0x2D, 0x2D, 0x0A, 0x4D, 0x46, 0x6F,
+        0x77, 0x46, 0x41, 0x59, 0x49, 0x4B, 0x6F, 0x45, 0x63, 0x7A,
+        0x31, 0x55, 0x42, 0x67, 0x69, 0x30, 0x47, 0x43, 0x43, 0x71,
+        0x42, 0x48, 0x4D, 0x39, 0x56, 0x41, 0x59, 0x49, 0x74, 0x41,
+        0x30, 0x49, 0x41, 0x42, 0x4A, 0x52, 0x77, 0x4B, 0x30, 0x62,
+        0x6B, 0x58, 0x67, 0x39, 0x42, 0x2B, 0x34, 0x38, 0x74, 0x4E,
+        0x41, 0x70, 0x42, 0x51, 0x42, 0x6C, 0x65, 0x2B, 0x39, 0x51,
+        0x64, 0x0A, 0x45, 0x61, 0x7A, 0x36, 0x39, 0x5A, 0x4D, 0x33,
+        0x78, 0x76, 0x71, 0x48, 0x43, 0x50, 0x63, 0x57, 0x48, 0x79,
+        0x7A, 0x4F, 0x4D, 0x45, 0x43, 0x64, 0x54, 0x36, 0x59, 0x71,
+        0x43, 0x71, 0x48, 0x57, 0x6C, 0x54, 0x50, 0x44, 0x70, 0x67,
+        0x4F, 0x59, 0x35, 0x6F, 0x30, 0x46, 0x4E, 0x4C, 0x43, 0x58,
+        0x44, 0x4E, 0x36, 0x6B, 0x78, 0x38, 0x39, 0x54, 0x6A, 0x39,
+        0x45, 0x3D, 0x0A, 0x2D, 0x2D, 0x2D, 0x2D, 0x2D, 0x45, 0x4E,
+        0x44, 0x20, 0x50, 0x55, 0x42, 0x4C, 0x49, 0x43, 0x20, 0x4B,
+        0x45, 0x59, 0x2D, 0x2D, 0x2D, 0x2D, 0x2D, 0x0A
+};
+#define sizeof_server_sm2_key (sizeof(server_sm2_key))
+
+/* ./certs/sm2/server-sm2-priv.pem */
+static const unsigned char server_sm2_priv[] =
+{
+        0x2D, 0x2D, 0x2D, 0x2D, 0x2D, 0x42, 0x45, 0x47, 0x49, 0x4E,
+        0x20, 0x50, 0x52, 0x49, 0x56, 0x41, 0x54, 0x45, 0x20, 0x4B,
+        0x45, 0x59, 0x2D, 0x2D, 0x2D, 0x2D, 0x2D, 0x0A, 0x4D, 0x49,
+        0x47, 0x49, 0x41, 0x67, 0x45, 0x41, 0x4D, 0x42, 0x51, 0x47,
+        0x43, 0x43, 0x71, 0x42, 0x48, 0x4D, 0x39, 0x56, 0x41, 0x59,
+        0x49, 0x74, 0x42, 0x67, 0x67, 0x71, 0x67, 0x52, 0x7A, 0x50,
+        0x56, 0x51, 0x47, 0x43, 0x4C, 0x51, 0x52, 0x74, 0x4D, 0x47,
+        0x73, 0x43, 0x41, 0x51, 0x45, 0x45, 0x49, 0x4E, 0x63, 0x7A,
+        0x77, 0x61, 0x46, 0x78, 0x6D, 0x4E, 0x70, 0x44, 0x67, 0x51,
+        0x31, 0x77, 0x0A, 0x51, 0x6F, 0x68, 0x6A, 0x30, 0x45, 0x78,
+        0x2B, 0x44, 0x34, 0x71, 0x62, 0x4C, 0x64, 0x6F, 0x56, 0x71,
+        0x67, 0x35, 0x61, 0x2B, 0x75, 0x31, 0x33, 0x4F, 0x6B, 0x4F,
+        0x6F, 0x6F, 0x55, 0x51, 0x44, 0x51, 0x67, 0x41, 0x45, 0x6C,
+        0x48, 0x41, 0x72, 0x52, 0x75, 0x52, 0x65, 0x44, 0x30, 0x48,
+        0x37, 0x6A, 0x79, 0x30, 0x30, 0x43, 0x6B, 0x46, 0x41, 0x47,
+        0x56, 0x37, 0x37, 0x31, 0x42, 0x30, 0x52, 0x0A, 0x72, 0x50,
+        0x72, 0x31, 0x6B, 0x7A, 0x66, 0x47, 0x2B, 0x6F, 0x63, 0x49,
+        0x39, 0x78, 0x59, 0x66, 0x4C, 0x4D, 0x34, 0x77, 0x51, 0x4A,
+        0x31, 0x50, 0x70, 0x69, 0x6F, 0x4B, 0x6F, 0x64, 0x61, 0x56,
+        0x4D, 0x38, 0x4F, 0x6D, 0x41, 0x35, 0x6A, 0x6D, 0x6A, 0x51,
+        0x55, 0x30, 0x73, 0x4A, 0x63, 0x4D, 0x33, 0x71, 0x54, 0x48,
+        0x7A, 0x31, 0x4F, 0x50, 0x30, 0x51, 0x3D, 0x3D, 0x0A, 0x2D,
+        0x2D, 0x2D, 0x2D, 0x2D, 0x45, 0x4E, 0x44, 0x20, 0x50, 0x52,
+        0x49, 0x56, 0x41, 0x54, 0x45, 0x20, 0x4B, 0x45, 0x59, 0x2D,
+        0x2D, 0x2D, 0x2D, 0x2D, 0x0A
+};
+#define sizeof_server_sm2_priv (sizeof(server_sm2_priv))
+
+#endif /* WOLFSSL_NO_PEM */
+
+#endif /* WOLFSSL_SM2 || WOLFSSL_SM3 || WOLFSSL_SM4 */
+#endif /* WOLFSSL_CERTS_TEST_SM_H */
diff --git a/wolfssl/error-ssl.h b/wolfssl/error-ssl.h
index 3873b25bc..dda189273 100644
--- a/wolfssl/error-ssl.h
+++ b/wolfssl/error-ssl.h
@@ -264,7 +264,7 @@ enum IOerrors {
 
 
 WOLFSSL_LOCAL
-void SetErrorString(int err, char* buff);
+void SetErrorString(int err, char* str);
 
 #if defined(WOLFSSL_DEBUG_TRACE_ERROR_CODES) && \
         (defined(BUILDING_WOLFSSL) || \
diff --git a/wolfssl/include.am b/wolfssl/include.am
index 8fba008b8..5c20caf4a 100644
--- a/wolfssl/include.am
+++ b/wolfssl/include.am
@@ -8,6 +8,8 @@ include wolfssl/openssl/include.am
 endif
 
 EXTRA_DIST+= wolfssl/sniffer_error.rc
+EXTRA_DIST+= wolfssl/debug-trace-error-codes.h
+EXTRA_DIST+= wolfssl/debug-untrace-error-codes.h
 
 nobase_include_HEADERS+= \
                          wolfssl/error-ssl.h \
@@ -16,6 +18,7 @@ nobase_include_HEADERS+= \
                          wolfssl/sniffer.h \
                          wolfssl/callbacks.h \
                          wolfssl/certs_test.h \
+                         wolfssl/certs_test_sm.h \
                          wolfssl/test.h \
                          wolfssl/version.h \
                          wolfssl/ocsp.h \
@@ -36,6 +39,3 @@ endif
 
 wolfssl/debug-trace-error-codes.h wolfssl/debug-untrace-error-codes.h: wolfssl/wolfcrypt/error-crypt.h wolfssl/error-ssl.h
 	@support/gen-debug-trace-error-codes.sh
-
-DISTCLEANFILES += wolfssl/debug-trace-error-codes.h \
-                  wolfssl/debug-untrace-error-codes.h
diff --git a/wolfssl/internal.h b/wolfssl/internal.h
index 07b75f2d6..0faf0bdc4 100644
--- a/wolfssl/internal.h
+++ b/wolfssl/internal.h
@@ -151,102 +151,11 @@
     #include <signal.h>
 #endif
 
-#ifdef __WATCOMC__
-    #if defined(__OS2__)
-    #elif defined(__NT__)
-        #define _WINSOCKAPI_ /* block inclusion of winsock.h header file */
-        #include <windows.h>
-        #undef _WINSOCKAPI_ /* undefine it for MINGW winsock2.h header file */
-    #elif defined(__LINUX__)
-        #ifndef SINGLE_THREADED
-            #define WOLFSSL_PTHREADS
-            #include <pthread.h>
-        #endif
-    #endif
-#elif defined(USE_WINDOWS_API)
-    #ifdef WOLFSSL_GAME_BUILD
-        #include "system/xtl.h"
-    #else
-        #define _WINSOCKAPI_ /* block inclusion of winsock.h header file */
-        #include <windows.h>
-        #undef _WINSOCKAPI_ /* undefine it for MINGW winsock2.h header file */
-    #endif
-#elif defined(THREADX)
-    #ifndef SINGLE_THREADED
-        #include "tx_api.h"
-    #endif
-
-#elif defined(WOLFSSL_DEOS)
-    /* do nothing, just don't pick Unix */
-#elif defined(MICRIUM)
-    /* do nothing, just don't pick Unix */
-#elif defined(FREERTOS) || defined(FREERTOS_TCP) || defined(WOLFSSL_SAFERTOS)
-    /* do nothing */
-#elif defined(RTTHREAD)
-    /* do nothing */
-#elif defined(EBSNET)
-    /* do nothing */
-#elif defined(FREESCALE_MQX) || defined(FREESCALE_KSDK_MQX)
-    /* do nothing */
-#elif defined(FREESCALE_FREE_RTOS)
-    #include "fsl_os_abstraction.h"
-#elif defined(WOLFSSL_uITRON4)
-        /* do nothing */
-#elif defined(WOLFSSL_uTKERNEL2)
-        /* do nothing */
-#elif defined(WOLFSSL_CMSIS_RTOS)
-    #include "cmsis_os.h"
-#elif defined(WOLFSSL_CMSIS_RTOSv2)
-    #include "cmsis_os2.h"
-#elif defined(WOLFSSL_MDK_ARM)
-    #if defined(WOLFSSL_MDK5)
-        #include "cmsis_os.h"
-    #else
-        #include <rtl.h>
-    #endif
-#elif defined(MBED)
-#elif defined(WOLFSSL_TIRTOS)
-    /* do nothing */
-#elif defined(INTIME_RTOS)
-    #include <rt.h>
-#elif defined(WOLFSSL_NUCLEUS_1_2)
-    /* do nothing */
-#elif defined(WOLFSSL_APACHE_MYNEWT)
+#ifdef WOLFSSL_APACHE_MYNEWT
     #if !defined(WOLFSSL_LWIP)
         void mynewt_ctx_clear(void *ctx);
         void* mynewt_ctx_new();
     #endif
-#elif defined(WOLFSSL_ZEPHYR)
-    #ifndef SINGLE_THREADED
-        #include <version.h>
-        #if KERNEL_VERSION_NUMBER >= 0x30100
-            #include <zephyr/kernel.h>
-        #else
-            #include <kernel.h>
-        #endif
-    #endif
-#elif defined(WOLFSSL_TELIT_M2MB)
-    /* do nothing */
-#elif defined(WOLFSSL_EMBOS)
-    /* do nothing */
-#else
-    #ifndef SINGLE_THREADED
-        #if defined(WOLFSSL_LINUXKM)
-            /* setup is in linuxkm/linuxkm_wc_port.h */
-        #elif defined(WOLFSSL_USER_MUTEX)
-            /* do nothing */
-        #else
-            #define WOLFSSL_PTHREADS
-            #include <pthread.h>
-        #endif
-    #endif
-    #if defined(OPENSSL_EXTRA) && !defined(NO_FILESYSTEM)
-        #ifdef FUSION_RTOS
-            #include <fclunistd.h>
-        #else
-            #include <unistd.h>      /* for close of BIO */
-        #endif
-    #endif
 #endif
 
 #if !defined(WOLFCRYPT_ONLY) && !defined(INT_MAX)
@@ -291,7 +200,7 @@
 #endif
 
 #if defined(WOLFSSL_RENESAS_TSIP_TLS)
-    #include <wolfssl/wolfcrypt/port/Renesas/renesas-tsip-crypt.h>
+    #include <wolfssl/wolfcrypt/port/Renesas/renesas_tsip_internal.h>
 #endif
 
 #include <wolfssl/wolfcrypt/hpke.h>
@@ -1090,11 +999,22 @@
 
 #undef WSSL_HARDEN_TLS
 
-/* Client CA Names feature */
+/* CA Names feature */
 #if !defined(WOLFSSL_NO_CA_NAMES) && defined(OPENSSL_EXTRA)
-    #define SSL_CA_NAMES(ssl) ((ssl)->client_ca_names != NULL ? \
+    #define SSL_CLIENT_CA_NAMES(ssl) ((ssl)->client_ca_names != NULL ? \
         (ssl)->client_ca_names : \
         (ssl)->ctx->client_ca_names)
+    #define SSL_CA_NAMES(ssl) ((ssl)->ca_names != NULL ? \
+        (ssl)->ca_names : \
+        (ssl)->ctx->ca_names)
+    /* On the server, client_ca_names has priority over ca_names if both are
+     * set. This mimics OpenSSL's API:
+     * https://docs.openssl.org/3.6/man3/SSL_CTX_set0_CA_list/ */
+    #define SSL_PRIORITY_CA_NAMES(ssl) \
+        (((ssl)->options.side == WOLFSSL_SERVER_END && \
+        SSL_CLIENT_CA_NAMES(ssl) != NULL) ? \
+            SSL_CLIENT_CA_NAMES(ssl) : \
+            SSL_CA_NAMES(ssl))
 #else
     #undef  WOLFSSL_NO_CA_NAMES
     #define WOLFSSL_NO_CA_NAMES
@@ -1713,7 +1633,8 @@ enum Misc {
     TLS_EXPORT_PRO           = 167,/* wolfSSL protocol for serialized TLS */
     DTLS_EXPORT_OPT_SZ       = 62, /* amount of bytes used from Options */
     DTLS_EXPORT_OPT_SZ_4     = 61, /* amount of bytes used from Options */
-    TLS_EXPORT_OPT_SZ        = 65, /* amount of bytes used from Options */
+    TLS_EXPORT_OPT_SZ        = 66, /* amount of bytes used from Options */
+    TLS_EXPORT_OPT_SZ_4      = 65, /* amount of bytes used from Options */
     DTLS_EXPORT_OPT_SZ_3     = 60, /* amount of bytes used from Options */
     DTLS_EXPORT_KEY_SZ       = 325 + (DTLS_SEQ_SZ * 2),
                                    /* max amount of bytes used from Keys */
@@ -2292,7 +2213,7 @@ WOLFSSL_LOCAL void CopyDecodedName(WOLFSSL_X509_NAME* name, DecodedCert* dCert,
 #endif
 WOLFSSL_LOCAL int  SetupTicket(WOLFSSL* ssl);
 WOLFSSL_LOCAL int  CreateTicket(WOLFSSL* ssl);
-WOLFSSL_LOCAL int  HashRaw(WOLFSSL* ssl, const byte* output, int sz);
+WOLFSSL_LOCAL int  HashRaw(WOLFSSL* ssl, const byte* data, int sz);
 WOLFSSL_LOCAL int  HashOutput(WOLFSSL* ssl, const byte* output, int sz,
                               int ivSz);
 WOLFSSL_LOCAL int  HashInput(WOLFSSL* ssl, const byte* input, int sz);
@@ -2779,7 +2700,7 @@ typedef struct ProcPeerCertArgs {
 #endif
 } ProcPeerCertArgs;
 WOLFSSL_LOCAL int DoVerifyCallback(WOLFSSL_CERT_MANAGER* cm, WOLFSSL* ssl,
-        int ret, ProcPeerCertArgs* args);
+        int cert_err, ProcPeerCertArgs* args);
 WOLFSSL_LOCAL void DoCrlCallback(WOLFSSL_CERT_MANAGER* cm, WOLFSSL* ssl,
         ProcPeerCertArgs* args, int* outRet);
 
@@ -3631,6 +3552,10 @@ typedef struct KeyShareEntry {
     byte*                 privKey;   /* Private key                       */
     word32                privKeyLen;/* Private key length - PQC only     */
 #endif
+#if defined(HAVE_SESSION_TICKET) || !defined(NO_PSK)
+    word16                session;   /* NamedGroup that was in session    */
+    word16                derived;   /* preMaster has been derived        */
+#endif
 #ifdef WOLFSSL_ASYNC_CRYPT
     int                   lastRet;
 #endif
@@ -3825,6 +3750,7 @@ struct WOLFSSL_CTX {
                  /* chain after self, in DER, with leading size for each cert */
     #ifndef WOLFSSL_NO_CA_NAMES
     WOLF_STACK_OF(WOLFSSL_X509_NAME)* client_ca_names;
+    WOLF_STACK_OF(WOLFSSL_X509_NAME)* ca_names;
     #endif
     #ifdef OPENSSL_EXTRA
     WOLF_STACK_OF(WOLFSSL_X509)* x509Chain;
@@ -4276,6 +4202,8 @@ int ProcessOldClientHello(WOLFSSL* ssl, const byte* input, word32* inOutIdx,
     WOLFSSL_LOCAL int AddSigner(WOLFSSL_CERT_MANAGER* cm, Signer *s);
     WOLFSSL_LOCAL
     int AddCA(WOLFSSL_CERT_MANAGER* cm, DerBuffer** pDer, int type, int verify);
+    WOLFSSL_LOCAL int RemoveCA(WOLFSSL_CERT_MANAGER* cm, byte* hash, int type);
+    WOLFSSL_LOCAL int SetCAType(WOLFSSL_CERT_MANAGER* cm, byte* hash, int type);
     WOLFSSL_LOCAL
     int AlreadySigner(WOLFSSL_CERT_MANAGER* cm, byte* hash);
 #ifdef WOLFSSL_TRUST_PEER_CERT
@@ -4324,7 +4252,8 @@ enum KeyExchangeAlgorithm {
     dhe_psk_kea,
     ecdhe_psk_kea,
     ecc_diffie_hellman_kea,
-    ecc_static_diffie_hellman_kea       /* for verify suite only */
+    ecc_static_diffie_hellman_kea,      /* for verify suite only */
+    any_kea
 };
 
 /* Used with InitSuitesHashSigAlgo */
@@ -4354,6 +4283,7 @@ enum SignatureAlgorithm {
     dilithium_level3_sa_algo     = 15,
     dilithium_level5_sa_algo     = 16,
     sm2_sa_algo                  = 17,
+    any_sa_algo                  = 18,
     invalid_sa_algo              = 255
 };
 
@@ -5131,6 +5061,12 @@ struct Options {
 #if defined(HAVE_DANE)
     word16            useDANE:1;
 #endif /* HAVE_DANE */
+#ifdef WOLFSSL_TLS13
+#ifdef WOLFSSL_SEND_HRR_COOKIE
+    word16            hrrSentCookie:1;    /* HRR sent with cookie */
+#endif
+    word16            hrrSentKeyShare:1;  /* HRR sent with key share */
+#endif
     word16            disableRead:1;
 #ifdef WOLFSSL_DTLS
     byte              haveMcast;          /* using multicast ? */
@@ -6302,7 +6238,12 @@ struct WOLFSSL {
     byte serverFinished_len;
 #endif
 #ifndef WOLFSSL_NO_CA_NAMES
-    WOLF_STACK_OF(WOLFSSL_X509_NAME)* client_ca_names;
+    WOLF_STACK_OF(WOLFSSL_X509_NAME)* client_ca_names; /* Used in *_set/get_client_CA_list
+                                                          (server only) */
+    WOLF_STACK_OF(WOLFSSL_X509_NAME)* ca_names;        /* Used in *_set0/get0_CA_list */
+    WOLF_STACK_OF(WOLFSSL_X509_NAME)* peer_ca_names;   /* Used in *_get0_peer_CA_list
+                                                          and (client only)
+                                                          wolfSSL_get_client_CA_list */
 #endif
 #if defined(WOLFSSL_IOTSAFE) && defined(HAVE_PK_CALLBACKS)
     IOTSAFE iotsafe;
@@ -6521,7 +6462,7 @@ static const byte kTlsServerStr[SIZEOF_SENDER+1] = { 0x53, 0x52, 0x56, 0x52, 0x0
 static const byte kTlsClientFinStr[FINISHED_LABEL_SZ + 1] = "client finished";
 static const byte kTlsServerFinStr[FINISHED_LABEL_SZ + 1] = "server finished";
 
-#if defined(OPENSSL_EXTRA) || defined(WOLFSSL_WPAS_SMALL)
+#if defined(OPENSSL_EXTRA) || defined(WOLFSSL_WPAS_SMALL) || defined(HAVE_CURL)
 typedef struct {
     int name_len;
     const char *name;
@@ -6531,7 +6472,7 @@ typedef struct {
 extern const WOLF_EC_NIST_NAME kNistCurves[];
 WOLFSSL_LOCAL int set_curves_list(WOLFSSL* ssl, WOLFSSL_CTX *ctx,
         const char* names, byte curves_only);
-#endif /* OPENSSL_EXTRA || WOLFSSL_WPAS_SMALL */
+#endif /* OPENSSL_EXTRA || WOLFSSL_WPAS_SMALL || HAVE_CURL */
 
 /* internal functions */
 WOLFSSL_LOCAL int SendChangeCipher(WOLFSSL* ssl);
@@ -6719,7 +6660,7 @@ WOLFSSL_LOCAL WC_RNG* WOLFSSL_RSA_GetRNG(WOLFSSL_RSA *rsa, WC_RNG **tmpRNG,
         WOLFSSL_LOCAL Signer* GetCAByKeyHash(void* vp, const byte* keyHash);
     #endif
     #if !defined(NO_SKID) && !defined(GetCAByName)
-        WOLFSSL_LOCAL Signer* GetCAByName(void* cm, byte* hash);
+        WOLFSSL_LOCAL Signer* GetCAByName(void* vp, byte* hash);
     #endif
 #endif /* !NO_CERTS */
 WOLFSSL_LOCAL int  BuildTlsHandshakeHash(WOLFSSL* ssl, byte* hash,
@@ -6806,7 +6747,8 @@ WOLFSSL_LOCAL word32 MacSize(const WOLFSSL* ssl);
     WOLFSSL_LOCAL int DoClientHelloStateless(WOLFSSL* ssl,
             const byte* input, word32 helloSz, byte isFirstCHFrag, byte* tls13);
 #endif /* !defined(NO_WOLFSSL_SERVER) */
-#if !defined(WOLFCRYPT_ONLY) && defined(USE_WOLFSSL_IO)
+#if !defined(WOLFCRYPT_ONLY) && !defined(WOLFSSL_NO_SOCK) && \
+    (defined(USE_WOLFSSL_IO) || defined(WOLFSSL_USER_IO))
     WOLFSSL_LOCAL int sockAddrEqual(SOCKADDR_S *a, XSOCKLENT aLen,
                                     SOCKADDR_S *b, XSOCKLENT bLen);
 #endif
diff --git a/wolfssl/openssl/ssl.h b/wolfssl/openssl/ssl.h
index 326f0fd5b..582f9b754 100644
--- a/wolfssl/openssl/ssl.h
+++ b/wolfssl/openssl/ssl.h
@@ -1044,6 +1044,8 @@ wolfSSL_X509_STORE_set_verify_cb((WOLFSSL_X509_STORE *)(s), (WOLFSSL_X509_STORE_
 
 #define SSL_CTX_get_client_CA_list      wolfSSL_CTX_get_client_CA_list
 #define SSL_CTX_set_client_CA_list      wolfSSL_CTX_set_client_CA_list
+#define SSL_CTX_get0_CA_list            wolfSSL_CTX_get0_CA_list
+#define SSL_CTX_set0_CA_list            wolfSSL_CTX_set0_CA_list
 #define SSL_CTX_set_client_cert_cb      wolfSSL_CTX_set_client_cert_cb
 #define SSL_CTX_set_cert_store          wolfSSL_CTX_set_cert_store
 #ifdef OPENSSL_ALL
@@ -1054,6 +1056,9 @@ wolfSSL_X509_STORE_set_verify_cb((WOLFSSL_X509_STORE *)(s), (WOLFSSL_X509_STORE_
 #define SSL_CTX_get_cert_store(x)       wolfSSL_CTX_get_cert_store ((x))
 #define SSL_get_client_CA_list          wolfSSL_get_client_CA_list
 #define SSL_set_client_CA_list          wolfSSL_set_client_CA_list
+#define SSL_get0_CA_list                wolfSSL_get0_CA_list
+#define SSL_set0_CA_list                wolfSSL_set0_CA_list
+#define SSL_get0_peer_CA_list           wolfSSL_get0_peer_CA_list
 #define SSL_get_ex_data_X509_STORE_CTX_idx wolfSSL_get_ex_data_X509_STORE_CTX_idx
 #define SSL_get_ex_data                 wolfSSL_get_ex_data
 
@@ -1743,6 +1748,9 @@ typedef WOLFSSL_SRTP_PROTECTION_PROFILE      SRTP_PROTECTION_PROFILE;
 
 #ifdef OPENSSL_EXTRA
 #define SSL_CTX_add_client_CA           wolfSSL_CTX_add_client_CA
+#define SSL_add_client_CA               wolfSSL_add_client_CA
+#define SSL_CTX_add1_to_CA_list         wolfSSL_CTX_add1_to_CA_list
+#define SSL_add1_to_CA_list             wolfSSL_add1_to_CA_list
 #define SSL_CTX_set_srp_password        wolfSSL_CTX_set_srp_password
 #define SSL_CTX_set_srp_username        wolfSSL_CTX_set_srp_username
 #define SSL_CTX_set_srp_strength        wolfSSL_CTX_set_srp_strength
diff --git a/wolfssl/quic.h b/wolfssl/quic.h
index e1dab03cc..263c5c1ba 100644
--- a/wolfssl/quic.h
+++ b/wolfssl/quic.h
@@ -32,7 +32,9 @@
 
 #ifdef WOLFSSL_QUIC
 
-#include <stdint.h>
+#ifndef NO_STDINT_H
+    #include <stdint.h>
+#endif
 
 /* QUIC operates on three encryption levels which determine
  * which keys/algos are used for de-/encryption. These are
diff --git a/wolfssl/ssl.h b/wolfssl/ssl.h
index 3e6865b41..8f370ee1a 100644
--- a/wolfssl/ssl.h
+++ b/wolfssl/ssl.h
@@ -1835,7 +1835,7 @@ WOLFSSL_API int   wolfSSL_ERR_GET_LIB(unsigned long err);
 WOLFSSL_API int   wolfSSL_ERR_GET_REASON(unsigned long err);
 WOLFSSL_API char* wolfSSL_ERR_error_string(unsigned long errNumber,char* data);
 WOLFSSL_API void  wolfSSL_ERR_error_string_n(unsigned long e, char* buf,
-                                           unsigned long sz);
+                                           unsigned long len);
 WOLFSSL_API const char* wolfSSL_ERR_reason_error_string(unsigned long e);
 WOLFSSL_API const char* wolfSSL_ERR_func_error_string(unsigned long e);
 WOLFSSL_API const char* wolfSSL_ERR_lib_error_string(unsigned long e);
@@ -2425,6 +2425,17 @@ WOLFSSL_API void wolfSSL_set_client_CA_list(WOLFSSL* ssl,
                                                WOLF_STACK_OF(WOLFSSL_X509_NAME)*);
 WOLFSSL_API WOLF_STACK_OF(WOLFSSL_X509_NAME)* wolfSSL_get_client_CA_list(
             const WOLFSSL* ssl);
+
+WOLFSSL_API void wolfSSL_CTX_set0_CA_list(WOLFSSL_CTX *ctx,
+        WOLF_STACK_OF(WOLFSSL_X509_NAME)* names);
+WOLFSSL_API void wolfSSL_set0_CA_list(WOLFSSL *ssl,
+        WOLF_STACK_OF(WOLFSSL_X509_NAME) *names);
+WOLFSSL_API WOLF_STACK_OF(WOLFSSL_X509_NAME) *wolfSSL_CTX_get0_CA_list(
+        const WOLFSSL_CTX *ctx);
+WOLFSSL_API WOLF_STACK_OF(WOLFSSL_X509_NAME) *wolfSSL_get0_CA_list(
+        const WOLFSSL *ssl);
+WOLFSSL_API WOLF_STACK_OF(WOLFSSL_X509_NAME) *wolfSSL_get0_peer_CA_list(
+        const WOLFSSL *ssl);
 #endif /* !WOLFSSL_NO_CA_NAMES */
 
 typedef int (*client_cert_cb)(WOLFSSL *ssl, WOLFSSL_X509 **x509,
@@ -2536,6 +2547,9 @@ WOLFSSL_API long wolfSSL_CTX_set_tlsext_status_arg(WOLFSSL_CTX* ctx, void* arg);
 WOLFSSL_API long wolfSSL_CTX_set_tlsext_opaque_prf_input_callback_arg(
         WOLFSSL_CTX* ctx, void* arg);
 WOLFSSL_API int  wolfSSL_CTX_add_client_CA(WOLFSSL_CTX* ctx, WOLFSSL_X509* x509);
+WOLFSSL_API int  wolfSSL_add_client_CA(WOLFSSL *ssl, WOLFSSL_X509 *x509);
+WOLFSSL_API int  wolfSSL_CTX_add1_to_CA_list(WOLFSSL_CTX *ctx, WOLFSSL_X509 *x509);
+WOLFSSL_API int  wolfSSL_add1_to_CA_list(WOLFSSL *ssl, WOLFSSL_X509 *x509);
 WOLFSSL_API int  wolfSSL_CTX_set_srp_password(WOLFSSL_CTX* ctx, char* password);
 WOLFSSL_API int  wolfSSL_CTX_set_srp_username(WOLFSSL_CTX* ctx, char* username);
 WOLFSSL_API int  wolfSSL_CTX_set_srp_strength(WOLFSSL_CTX *ctx, int strength);
@@ -3719,8 +3733,9 @@ enum {
 
     WOLFSSL_USER_CA  = 1,          /* user added as trusted */
     WOLFSSL_CHAIN_CA = 2,          /* added to cache from trusted chain */
-    WOLFSSL_TEMP_CA = 3            /* Temp intermediate CA, only for use by
+    WOLFSSL_TEMP_CA  = 3,          /* Temp intermediate CA, only for use by
                                     * X509_STORE */
+    WOLFSSL_USER_INTER = 4         /* user added intermediate cert */
 };
 
 WOLFSSL_ABI WOLFSSL_API WC_RNG* wolfSSL_GetRNG(WOLFSSL* ssl);
@@ -4202,6 +4217,9 @@ WOLFSSL_API void wolfSSL_CTX_SetPerformTlsRecordProcessingCb(WOLFSSL_CTX* ctx,
 
     WOLFSSL_API int wolfSSL_CertManagerLoadCA(WOLFSSL_CERT_MANAGER* cm,
         const char* f, const char* d);
+    WOLFSSL_API int wolfSSL_CertManagerLoadCABufferType(WOLFSSL_CERT_MANAGER* cm,
+        const unsigned char* buff, long sz, int format, int userChain,
+        word32 flags, int type);
     WOLFSSL_API int wolfSSL_CertManagerLoadCABuffer_ex(WOLFSSL_CERT_MANAGER* cm,
         const unsigned char* buff, long sz, int format, int userChain,
         word32 flags);
@@ -4209,6 +4227,8 @@ WOLFSSL_API void wolfSSL_CTX_SetPerformTlsRecordProcessingCb(WOLFSSL_CTX* ctx,
         const unsigned char* buff, long sz, int format);
 
     WOLFSSL_API int wolfSSL_CertManagerUnloadCAs(WOLFSSL_CERT_MANAGER* cm);
+    WOLFSSL_API int wolfSSL_CertManagerUnloadTypeCerts(
+                                WOLFSSL_CERT_MANAGER* cm, byte type);
     WOLFSSL_API int wolfSSL_CertManagerUnloadIntermediateCerts(
         WOLFSSL_CERT_MANAGER* cm);
 #ifdef WOLFSSL_TRUST_PEER_CERT
@@ -4226,7 +4246,7 @@ WOLFSSL_API void wolfSSL_CTX_SetPerformTlsRecordProcessingCb(WOLFSSL_CTX* ctx,
     WOLFSSL_API int wolfSSL_CertManagerDisableCRL(WOLFSSL_CERT_MANAGER* cm);
 #ifndef NO_WOLFSSL_CM_VERIFY
     WOLFSSL_API void wolfSSL_CertManagerSetVerify(WOLFSSL_CERT_MANAGER* cm,
-        VerifyCallback vc);
+        VerifyCallback verify_callback);
 #endif
     WOLFSSL_API int wolfSSL_CertManagerLoadCRL(WOLFSSL_CERT_MANAGER* cm,
         const char* path, int type, int monitor);
@@ -4618,9 +4638,9 @@ enum {
      * https://github.com/post-quantum-cryptography/
      *      draft-kwiatkowski-tls-ecdhe-mlkem/
      */
-    WOLFSSL_P256_ML_KEM_768       = 4587,
-    WOLFSSL_X25519_ML_KEM_768     = 4588,
-    WOLFSSL_P384_ML_KEM_1024      = 4589,
+    WOLFSSL_SECP256R1MLKEM768     = 4587,
+    WOLFSSL_X25519MLKEM768        = 4588,
+    WOLFSSL_SECP384R1MLKEM1024    = 4589,
 
     /* Taken from OQS's openssl provider, see:
      * https://github.com/open-quantum-safe/oqs-provider/blob/main/oqs-template/
@@ -4631,11 +4651,11 @@ enum {
     WOLFSSL_P384_ML_KEM_768_OLD   = 12104,
     WOLFSSL_P521_ML_KEM_1024_OLD  = 12105,
 #endif
-    WOLFSSL_P256_ML_KEM_512       = 12107,
-    WOLFSSL_P384_ML_KEM_768       = 12108,
-    WOLFSSL_P521_ML_KEM_1024      = 12109,
-    WOLFSSL_X25519_ML_KEM_512     = 12214,
-    WOLFSSL_X448_ML_KEM_768       = 12215,
+    WOLFSSL_SECP256R1MLKEM512     = 12107,
+    WOLFSSL_SECP384R1MLKEM768     = 12108,
+    WOLFSSL_SECP521R1MLKEM1024    = 12109,
+    WOLFSSL_X25519MLKEM512        = 12214,
+    WOLFSSL_X448MLKEM768          = 12215,
 #endif /* WOLFSSL_NO_ML_KEM */
 #endif /* HAVE_PQC */
     WOLF_ENUM_DUMMY_LAST_ELEMENT(SSL_H)
@@ -5550,8 +5570,25 @@ WOLFSSL_API void* wolfSSL_get_jobject(WOLFSSL* ssl);
 WOLFSSL_API int wolfSSL_AsyncPoll(WOLFSSL* ssl, WOLF_EVENT_FLAG flags);
 WOLFSSL_API int wolfSSL_CTX_AsyncPoll(WOLFSSL_CTX* ctx, WOLF_EVENT** events, int maxEvents,
     WOLF_EVENT_FLAG flags, int* eventCount);
+#define WOLFSSL_ASYNC_IF_PENDING                                \
+    if (err == WC_NO_ERR_TRACE(WC_PENDING_E)) {                 \
+        ret = wolfSSL_AsyncPoll(ssl, WOLF_POLL_FLAG_CHECK_HW);  \
+        if (ret < 0) break;                                     \
+    }
+#else
+#define WOLFSSL_ASYNC_IF_PENDING if(0)(void)0;
 #endif /* WOLFSSL_ASYNC_CRYPT */
 
+#define WOLFSSL_ASYNC_WHILE_PENDING(call, cond)                 \
+    do {                                                        \
+        err = 0;                                                \
+        call;                                                   \
+        if (cond) {                                             \
+            err = wolfSSL_get_error(ssl, 0);                    \
+            WOLFSSL_ASYNC_IF_PENDING                            \
+        }                                                       \
+    } while (err == WC_NO_ERR_TRACE(WC_PENDING_E))
+
 typedef void (*Rem_Sess_Cb)(WOLFSSL_CTX*, WOLFSSL_SESSION*);
 
 #ifdef OPENSSL_EXTRA
diff --git a/wolfssl/test.h b/wolfssl/test.h
index ecce2178b..b73e03437 100644
--- a/wolfssl/test.h
+++ b/wolfssl/test.h
@@ -495,6 +495,7 @@ err_sys_with_errno(const char* msg)
 
 /* all certs relative to wolfSSL home directory now */
 #if defined(WOLFSSL_NO_CURRDIR) || defined(WOLFSSL_MDK_SHELL)
+#ifdef WOLFSSL_PEM_TO_DER
 #define caCertFile        "certs/ca-cert.pem"
 #define eccCertFile       "certs/server-ecc.pem"
 #define eccKeyFile        "certs/ecc-key.pem"
@@ -528,6 +529,41 @@ err_sys_with_errno(const char* msg)
 #define cliEd448KeyFile   "certs/ed448/client-ed448-priv.pem"
 #define caEd448CertFile   "certs/ed448/ca-ed448.pem"
 #define noIssuerCertFile  "certs/empty-issuer-cert.pem"
+#else
+#define caCertFile        "certs/ca-cert.der"
+#define eccCertFile       "certs/server-ecc.der"
+#define eccKeyFile        "certs/ecc-key.der"
+#define eccKeyPubFile     "certs/ecc-keyPub.der"
+#define eccRsaCertFile    "certs/server-ecc-rsa.der"
+#define svrCertFile       "certs/server-cert.der"
+#define svrKeyFile        "certs/server-key.der"
+#define svrKeyPubFile     "certs/server-keyPub.der"
+#define cliCertFile       "certs/client-cert.der"
+#define cliCertDerFile    "certs/client-cert.der"
+#define cliCertFileExt    "certs/client-cert-ext.der"
+#define cliCertDerFileExt "certs/client-cert-ext.der"
+#define cliKeyFile        "certs/client-key.der"
+#define cliKeyPubFile     "certs/client-keyPub.der"
+#define dhParamFile       "certs/dh2048.der"
+#define cliEccKeyFile     "certs/ecc-client-key.der"
+#define cliEccKeyPubFile  "certs/ecc-client-keyPub.der"
+#define cliEccCertFile    "certs/client-ecc-cert.der"
+#define caEccCertFile     "certs/ca-ecc-cert.der"
+#define crlPemDir         "certs/crl"
+#define edCertFile        "certs/ed25519/server-ed25519-cert.der"
+#define edKeyFile         "certs/ed25519/server-ed25519-priv.der"
+#define edKeyPubFile      "certs/ed25519/server-ed25519-key.der"
+#define cliEdCertFile     "certs/ed25519/client-ed25519.der"
+#define cliEdKeyFile      "certs/ed25519/client-ed25519-priv.der"
+#define cliEdKeyPubFile   "certs/ed25519/client-ed25519-key.der"
+#define caEdCertFile      "certs/ed25519/ca-ed25519.der"
+#define ed448CertFile     "certs/ed448/server-ed448-cert.der"
+#define ed448KeyFile      "certs/ed448/server-ed448-priv.der"
+#define cliEd448CertFile  "certs/ed448/client-ed448.der"
+#define cliEd448KeyFile   "certs/ed448/client-ed448-priv.der"
+#define caEd448CertFile   "certs/ed448/ca-ed448.der"
+#define noIssuerCertFile  "certs/empty-issuer-cert.der"
+#endif
 #define caCertFolder      "certs/"
 #ifdef HAVE_WNR
     /* Whitewood netRandom default config file */
@@ -559,6 +595,7 @@ err_sys_with_errno(const char* msg)
         #define wnrConfig  "wnr-example.conf"
     #endif
 #else
+#ifdef WOLFSSL_PEM_TO_DER
 #define caCertFile        "./certs/ca-cert.pem"
 #define eccCertFile       "./certs/server-ecc.pem"
 #define eccKeyFile        "./certs/ecc-key.pem"
@@ -592,6 +629,41 @@ err_sys_with_errno(const char* msg)
 #define cliEd448KeyFile   "./certs/ed448/client-ed448-priv.pem"
 #define caEd448CertFile   "./certs/ed448/ca-ed448.pem"
 #define noIssuerCertFile  "./certs/empty-issuer-cert.pem"
+#else
+#define caCertFile        "./certs/ca-cert.der"
+#define eccCertFile       "./certs/server-ecc.der"
+#define eccKeyFile        "./certs/ecc-key.der"
+#define eccKeyPubFile     "./certs/ecc-keyPub.der"
+#define eccRsaCertFile    "./certs/server-ecc-rsa.der"
+#define svrCertFile       "./certs/server-cert.der"
+#define svrKeyFile        "./certs/server-key.der"
+#define svrKeyPubFile     "./certs/server-keyPub.der"
+#define cliCertFile       "./certs/client-cert.der"
+#define cliCertDerFile    "./certs/client-cert.der"
+#define cliCertFileExt    "./certs/client-cert-ext.der"
+#define cliCertDerFileExt "./certs/client-cert-ext.der"
+#define cliKeyFile        "./certs/client-key.der"
+#define cliKeyPubFile     "./certs/client-keyPub.der"
+#define dhParamFile       "./certs/dh2048.der"
+#define cliEccKeyFile     "./certs/ecc-client-key.der"
+#define cliEccKeyPubFile  "./certs/ecc-client-keyPub.der"
+#define cliEccCertFile    "./certs/client-ecc-cert.der"
+#define caEccCertFile     "./certs/ca-ecc-cert.der"
+#define crlPemDir         "./certs/crl"
+#define edCertFile        "./certs/ed25519/server-ed25519-cert.der"
+#define edKeyFile         "./certs/ed25519/server-ed25519-priv.der"
+#define edKeyPubFile      "./certs/ed25519/server-ed25519-key.der"
+#define cliEdCertFile     "./certs/ed25519/client-ed25519.der"
+#define cliEdKeyFile      "./certs/ed25519/client-ed25519-priv.der"
+#define cliEdKeyPubFile   "./certs/ed25519/client-ed25519-key.der"
+#define caEdCertFile      "./certs/ed25519/ca-ed25519.der"
+#define ed448CertFile     "./certs/ed448/server-ed448-cert.der"
+#define ed448KeyFile      "./certs/ed448/server-ed448-priv.der"
+#define cliEd448CertFile  "./certs/ed448/client-ed448.der"
+#define cliEd448KeyFile   "./certs/ed448/client-ed448-priv.der"
+#define caEd448CertFile   "./certs/ed448/ca-ed448.der"
+#define noIssuerCertFile  "./certs/empty-issuer-cert.der"
+#endif
 #define caCertFolder      "./certs/"
 #ifdef HAVE_WNR
     /* Whitewood netRandom default config file */
@@ -599,6 +671,11 @@ err_sys_with_errno(const char* msg)
 #endif
 #endif
 
+#ifdef WOLFSSL_PEM_TO_DER
+    #define CERT_FILETYPE WOLFSSL_FILETYPE_PEM
+#else
+    #define CERT_FILETYPE WOLFSSL_FILETYPE_ASN1
+#endif
 
 #ifdef TEST_IPV6
     typedef struct sockaddr_in6 SOCKADDR_IN_T;
@@ -1233,7 +1310,7 @@ static WC_INLINE void showPeerEx(WOLFSSL* ssl, int lng_index)
 #if defined(SHOW_CERTS) && defined(KEEP_OUR_CERT) && \
     (defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL))
     ShowX509(wolfSSL_get_certificate(ssl), "our cert info:");
-    printf("Peer verify result = %lu\n", wolfSSL_get_verify_result(ssl));
+    printf("Peer verify result = %ld\n", wolfSSL_get_verify_result(ssl));
 #endif /* SHOW_CERTS && KEEP_OUR_CERT */
     printf("%s %s\n", words[0], wolfSSL_get_version(ssl));
 
@@ -1302,60 +1379,7 @@ static WC_INLINE void build_addr(SOCKADDR_IN_T* addr, const char* peer,
 #ifndef TEST_IPV6
     /* peer could be in human readable form */
     if ( ((size_t)peer != INADDR_ANY) && isalpha((unsigned char)peer[0])) {
-    #ifdef WOLFSSL_USE_POPEN_HOST
-        char host_ipaddr[4] = { 127, 0, 0, 1 };
-        int found = 1;
-
-        if ((XSTRCMP(peer, "localhost") != 0) &&
-            (XSTRCMP(peer, "127.0.0.1") != 0)) {
-            FILE* fp;
-            char cmd[100];
-
-            XSTRNCPY(cmd, "host ", 6);
-            XSTRNCAT(cmd, peer, 99 - XSTRLEN(cmd));
-            found = 0;
-            fp = popen(cmd, "r");
-            if (fp != NULL) {
-                char host_out[100];
-                while (fgets(host_out, sizeof(host_out), fp) != NULL) {
-                    int i;
-                    int j = 0;
-                    for (j = 0; host_out[j] != '\0'; j++) {
-                        if ((host_out[j] >= '0') && (host_out[j] <= '9')) {
-                            break;
-                        }
-                    }
-                    found = (host_out[j] >= '0') && (host_out[j] <= '9');
-                    if (!found) {
-                        continue;
-                    }
-
-                    for (i = 0; i < 4; i++) {
-                        host_ipaddr[i] = atoi(host_out + j);
-                        while ((host_out[j] >= '0') && (host_out[j] <= '9')) {
-                            j++;
-                        }
-                        if (host_out[j] == '.') {
-                            j++;
-                            found &= (i != 3);
-                        }
-                        else {
-                            found &= (i == 3);
-                            break;
-                        }
-                    }
-                    if (found) {
-                        break;
-                    }
-                }
-                pclose(fp);
-            }
-        }
-        if (found) {
-            XMEMCPY(&addr->sin_addr.s_addr, host_ipaddr, sizeof(host_ipaddr));
-            useLookup = 1;
-        }
-    #elif !defined(WOLFSSL_USE_GETADDRINFO)
+    #if !defined(WOLFSSL_USE_GETADDRINFO)
         #if defined(WOLFSSL_MDK_ARM) || defined(WOLFSSL_KEIL_TCP_NET)
             int err;
             struct hostent* entry = gethostbyname(peer, &err);
@@ -1924,7 +1948,7 @@ static WC_INLINE unsigned int my_psk_client_cb(WOLFSSL* ssl, const char* hint,
     }
 
 #if defined(HAVE_PK_CALLBACKS) && defined(TEST_PK_PSK)
-    WOLFSSL_PKMSG("PSK Client using HW (Len %d, Hint %s)\n", ret, hint);
+    WOLFSSL_PKMSG("PSK Client using HW (Len %u, Hint %s)\n", ret, hint);
     ret = (unsigned int)USE_HW_PSK;
 #endif
 
@@ -1968,7 +1992,7 @@ static WC_INLINE unsigned int my_psk_server_cb(WOLFSSL* ssl, const char* identit
         ret = 32;   /* length of key in octets or 0 for error */
     }
 #if defined(HAVE_PK_CALLBACKS) && defined(TEST_PK_PSK)
-    WOLFSSL_PKMSG("PSK Server using HW (Len %d, Hint %s)\n", ret, identity);
+    WOLFSSL_PKMSG("PSK Server using HW (Len %u, Hint %s)\n", ret, identity);
     ret = (unsigned int)USE_HW_PSK;
 #endif
 
@@ -2007,7 +2031,7 @@ static WC_INLINE unsigned int my_psk_client_tls13_cb(WOLFSSL* ssl,
     ret = 32;   /* length of key in octets or 0 for error */
 
 #if defined(HAVE_PK_CALLBACKS) && defined(TEST_PK_PSK)
-    WOLFSSL_PKMSG("PSK Client TLS 1.3 using HW (Len %d, Hint %s)\n", ret, hint);
+    WOLFSSL_PKMSG("PSK Client TLS 1.3 using HW (Len %u, Hint %s)\n", ret, hint);
     ret = (unsigned int)USE_HW_PSK;
 #endif
 
@@ -2050,7 +2074,7 @@ static WC_INLINE unsigned int my_psk_server_tls13_cb(WOLFSSL* ssl,
     ret = 32;   /* length of key in octets or 0 for error */
 
 #if defined(HAVE_PK_CALLBACKS) && defined(TEST_PK_PSK)
-    WOLFSSL_PKMSG("PSK Server TLS 1.3 using HW (Len %d, Hint %s)\n",
+    WOLFSSL_PKMSG("PSK Server TLS 1.3 using HW (Len %u, Hint %s)\n",
         ret, identity);
     ret = (unsigned int)USE_HW_PSK;
 #endif
@@ -3177,7 +3201,7 @@ static WC_INLINE int wolfSSL_PrintStats(WOLFSSL_MEM_STATS* stats)
         return 0;
     }
 
-    /* print to stderr so is on the same pipe as WOLFSSL_DEBUG */
+    /* print to stderr so is on the same pipe as DEBUG_WOLFSSL */
     fprintf(stderr, "Total mallocs   = %d\n", stats->totalAlloc);
     fprintf(stderr, "Total frees     = %d\n", stats->totalFr);
     fprintf(stderr, "Current mallocs = %d\n", stats->curAlloc);
diff --git a/wolfssl/wolfcrypt/aes.h b/wolfssl/wolfcrypt/aes.h
index 90c9f4762..d4e2006fc 100644
--- a/wolfssl/wolfcrypt/aes.h
+++ b/wolfssl/wolfcrypt/aes.h
@@ -148,7 +148,7 @@ WOLFSSL_LOCAL void GHASH(Gcm* gcm, const byte* a, word32 aSz, const byte* c,
 #endif
 
 #if defined(WOLFSSL_RENESAS_FSPSM)
-    #include <wolfssl/wolfcrypt/port/Renesas/renesas-fspsm-crypt.h>
+    #include <wolfssl/wolfcrypt/port/Renesas/renesas_fspsm_internal.h>
 #endif
 
 #ifdef WOLFSSL_MAXQ10XX_CRYPTO
@@ -286,7 +286,10 @@ struct Aes {
 #endif
 #ifdef HAVE_AESGCM
     Gcm gcm;
-
+#ifdef WOLFSSL_STM32U5_DHUK
+    byte dhukIV[16]; /* Used when unwrapping an encrypted key */
+    int dhukIVLen;
+#endif
 #ifdef WOLFSSL_SE050
     sss_symmetric_t aes_ctx; /* used as the function context */
     int ctxInitDone;
@@ -303,13 +306,13 @@ struct Aes {
 #endif
 #ifdef WOLFSSL_AESNI
     byte use_aesni;
-    #if defined(WOLFSSL_LINUXKM) || defined(WC_WANT_FLAG_DONT_USE_AESNI)
-        /* Note, we can't support WC_FLAG_DONT_USE_AESNI by default because we
-         * need to support legacy applications that call wc_AesSetKey() on
+    #if defined(WOLFSSL_KERNEL_MODE) || defined(WC_WANT_FLAG_DONT_USE_VECTOR_OPS)
+        /* Note, we can't support WC_FLAG_DONT_USE_VECTOR_OPS by default because
+         * we need to support legacy applications that call wc_AesSetKey() on
          * uninited struct Aes.  For details see the software implementation of
          * wc_AesSetKeyLocal() (aes.c).
          */
-        #define WC_FLAG_DONT_USE_AESNI 2
+        #define WC_FLAG_DONT_USE_VECTOR_OPS 2
     #endif
 #endif /* WOLFSSL_AESNI */
 #if defined(__aarch64__) && defined(WOLFSSL_ARMASM) && \
@@ -320,7 +323,7 @@ struct Aes {
     byte use_sha3_hw_crypto;
 #endif
 #endif /* __aarch64__ && WOLFSSL_ARMASM && !WOLFSSL_ARMASM_NO_HW_CRYPTO */
-#ifdef WOLF_CRYPTO_CB
+#if defined(WOLF_CRYPTO_CB) || defined(WOLFSSL_STM32U5_DHUK)
     int    devId;
     void*  devCtx;
 #endif
diff --git a/wolfssl/wolfcrypt/asn.h b/wolfssl/wolfcrypt/asn.h
index 03ebfd31d..2b1762a57 100644
--- a/wolfssl/wolfcrypt/asn.h
+++ b/wolfssl/wolfcrypt/asn.h
@@ -204,7 +204,10 @@ enum ASN_Tags {
 
     /* OneAsymmetricKey Fields */
     ASN_ASYMKEY_ATTRS     = 0x00,
-    ASN_ASYMKEY_PUBKEY    = 0x01
+    ASN_ASYMKEY_PUBKEY    = 0x01,
+
+    /* PKEY Fields */
+    ASN_PKEY_SEED         = 0x00
 };
 
 /* NOTE: If ASN_UTC_TIME_SIZE or ASN_GENERALIZED_TIME_SIZE are ever modified
@@ -1383,7 +1386,7 @@ struct SignatureCtx {
 #endif
 #if !defined(NO_RSA) || !defined(NO_DSA)
     #ifdef WOLFSSL_NO_MALLOC
-    byte  sigCpy[MAX_SIG_SZ];
+    byte  sigCpy[MAX_ENCODED_SIG_SZ];
     #else
     byte* sigCpy;
     #endif
@@ -1642,8 +1645,8 @@ struct DecodedCert {
     const byte* extAuthKeyIdIssuerSN; /* Authority Key ID authorityCertSerialNumber */
     word32  extAuthKeyIdIssuerSNSz;   /* Authority Key ID authorityCertSerialNumber length */
 #endif
-    byte    pathLength;              /* CA basic constraint path length  */
-    byte    maxPathLen;              /* max_path_len see RFC 5280 section
+    word16    pathLength;              /* CA basic constraint path length  */
+    word16    maxPathLen;              /* max_path_len see RFC 5280 section
                                       * 6.1.2 "Initialization" - (k) for
                                       * description of max_path_len */
     byte    policyConstSkip;         /* Policy Constraints skip certs value */
@@ -1943,7 +1946,7 @@ struct Signer {
     word32  pubKeySize;
     word32  keyOID;                  /* key type */
     word16  keyUsage;
-    byte    maxPathLen;
+    word16  maxPathLen;
     WC_BITFIELD selfSigned:1;
     const byte* publicKey;
     int     nameLen;
@@ -2060,6 +2063,8 @@ WOLFSSL_LOCAL int HashIdAlg(word32 oidSum);
 WOLFSSL_LOCAL int CalcHashId(const byte* data, word32 len, byte* hash);
 WOLFSSL_LOCAL int CalcHashId_ex(const byte* data, word32 len, byte* hash,
     int hashAlg);
+WOLFSSL_LOCAL int GetHashId(const byte* id, int length, byte* hash,
+    int hashAlg);
 WOLFSSL_LOCAL int GetName(DecodedCert* cert, int nameType, int maxIdx);
 
 #ifdef ASN_BER_TO_DER
@@ -2095,6 +2100,9 @@ WOLFSSL_LOCAL int DecodePolicyOID(char *out, word32 outSz, const byte *in,
                                   word32 inSz);
 WOLFSSL_LOCAL int EncodePolicyOID(byte *out, word32 *outSz,
                                   const char *in, void* heap);
+WOLFSSL_LOCAL int DecodeExtensionType(const byte* input, word32 length,
+                                      word32 oid, byte critical,
+                                      DecodedCert* cert, int *isUnknownExt);
 WOLFSSL_LOCAL int CheckCertSignaturePubKey(const byte* cert, word32 certSz,
         void* heap, const byte* pubKey, word32 pubKeySz, int pubKeyOID);
 #if defined(OPENSSL_EXTRA) || defined(WOLFSSL_SMALL_CERT_VERIFY)
@@ -2132,6 +2140,26 @@ WOLFSSL_LOCAL int DecodeToKey(DecodedCert* cert, int verify);
 #ifdef WOLFSSL_ASN_TEMPLATE
 WOLFSSL_LOCAL int DecodeCert(DecodedCert* cert, int verify, int* criticalExt);
 #endif
+
+WOLFSSL_LOCAL int DecodeBasicCaConstraint(const byte* input, int sz,
+                           byte *isCa, word16 *pathLength, byte *pathLengthSet);
+
+WOLFSSL_LOCAL int DecodeSubjKeyId(const byte* input, word32 sz,
+                            const byte **extSubjKeyId, word32 *extSubjKeyIdSz);
+
+WOLFSSL_LOCAL int DecodeAuthKeyId(const byte* input, word32 sz,
+            const byte **extAuthKeyId, word32 *extAuthKeyIdSz,
+            const byte **extAuthKeyIdIssuer, word32 *extAuthKeyIdIssuerSz,
+            const byte **extAuthKeyIdIssuerSN, word32 *extAuthKeyIdIssuerSNSz);
+
+WOLFSSL_LOCAL int DecodeKeyUsage(const byte* input, word32 sz,
+                                 word16 *extKeyUsage);
+
+WOLFSSL_LOCAL int DecodeExtKeyUsage(const byte* input, word32 sz,
+        const byte **extExtKeyUsageSrc, word32 *extExtKeyUsageSz,
+        word32 *extExtKeyUsageCount, byte *extExtKeyUsage,
+        byte *extExtKeyUsageSsh);
+
 WOLFSSL_LOCAL int TryDecodeRPKToKey(DecodedCert* cert);
 WOLFSSL_LOCAL int wc_GetPubX509(DecodedCert* cert, int verify, int* badDate);
 
@@ -2203,8 +2231,8 @@ WOLFSSL_ASN_API int SetName(byte* output, word32 outputSz, CertName* name);
 WOLFSSL_LOCAL const char* GetOneCertName(CertName* name, int idx);
 WOLFSSL_LOCAL byte GetCertNameId(int idx);
 #endif
-WOLFSSL_LOCAL int GetShortInt(const byte* input, word32* inOutIdx, int* number,
-                              word32 maxIdx);
+WOLFSSL_TEST_VIS int GetShortInt(const byte* input, word32* inOutIdx,
+        int* number, word32 maxIdx);
 WOLFSSL_TEST_VIS int SetShortInt(byte* output, word32* inOutIdx, word32 number,
                               word32 maxIdx);
 
@@ -2219,6 +2247,8 @@ WOLFSSL_LOCAL int GetSequence(const byte* input, word32* inOutIdx, int* len,
                              word32 maxIdx);
 WOLFSSL_LOCAL int GetSequence_ex(const byte* input, word32* inOutIdx, int* len,
                            word32 maxIdx, int check);
+WOLFSSL_TEST_VIS int wc_IndexSequenceOf(byte const * seqOf, word32 seqOfSz,
+        size_t seqIndex, byte const ** out, word32 * outSz);
 WOLFSSL_LOCAL int GetOctetString(const byte* input, word32* inOutIdx, int* len,
                          word32 maxIdx);
 WOLFSSL_LOCAL int CheckBitString(const byte* input, word32* inOutIdx, int* len,
@@ -2341,14 +2371,18 @@ WOLFSSL_LOCAL int StoreDSAParams(byte*, word32*, const mp_int*, const mp_int*,
 WOLFSSL_LOCAL void InitSignatureCtx(SignatureCtx* sigCtx, void* heap, int devId);
 WOLFSSL_LOCAL void FreeSignatureCtx(SignatureCtx* sigCtx);
 
+#ifdef WC_ENABLE_ASYM_KEY_EXPORT
 WOLFSSL_LOCAL int SetAsymKeyDerPublic(const byte* pubKey, word32 pubKeyLen,
     byte* output, word32 outLen, int keyType, int withHeader);
+#endif /* WC_ENABLE_ASYM_KEY_EXPORT */
+#ifdef WC_ENABLE_ASYM_KEY_IMPORT
 WOLFSSL_LOCAL int DecodeAsymKeyPublic_Assign(const byte* input,
     word32* inOutIdx, word32 inSz, const byte** pubKey, word32* pubKeyLen,
     int* keyType);
 
 WOLFSSL_LOCAL int DecodeAsymKeyPublic(const byte* input, word32* inOutIdx,
     word32 inSz, byte* pubKey, word32* pubKeyLen, int keyType);
+#endif /* WC_ENABLE_ASYM_KEY_IMPORT */
 
 #ifndef NO_CERTS
 
@@ -2721,8 +2755,9 @@ WOLFSSL_LOCAL int  VerifyX509Acert(const byte* cert, word32 certSz,
     || (defined(HAVE_CURVE448) && defined(HAVE_CURVE448_KEY_IMPORT)) \
     || defined(HAVE_FALCON) || defined(HAVE_DILITHIUM) || defined(HAVE_SPHINCS))
 WOLFSSL_LOCAL int DecodeAsymKey_Assign(const byte* input, word32* inOutIdx,
-    word32 inSz, const byte** privKey, word32* privKeyLen, const byte** pubKey,
-    word32* pubKeyLen, int* inOutKeyType);
+    word32 inSz, const byte** seed, word32* seedLen, const byte** privKey,
+    word32* privKeyLen, const byte** pubKey, word32* pubKeyLen,
+    int* inOutKeyType);
 
 WOLFSSL_LOCAL int DecodeAsymKey(const byte* input, word32* inOutIdx,
     word32 inSz, byte* privKey, word32* privKeyLen, byte* pubKey,
@@ -2730,7 +2765,7 @@ WOLFSSL_LOCAL int DecodeAsymKey(const byte* input, word32* inOutIdx,
 #endif
 
 #ifdef WC_ENABLE_ASYM_KEY_EXPORT
-WOLFSSL_LOCAL int SetAsymKeyDer(const byte* privKey, word32 privKeyLen,
+WOLFSSL_TEST_VIS int SetAsymKeyDer(const byte* privKey, word32 privKeyLen,
     const byte* pubKey, word32 pubKeyLen, byte* output, word32 outLen,
     int keyType);
 #endif
diff --git a/wolfssl/wolfcrypt/cpuid.h b/wolfssl/wolfcrypt/cpuid.h
index e6b7eb667..5b461ffb4 100644
--- a/wolfssl/wolfcrypt/cpuid.h
+++ b/wolfssl/wolfcrypt/cpuid.h
@@ -44,6 +44,17 @@
     #define HAVE_CPUID_AARCH64
 #endif
 
+#define WC_CPUID_INITIALIZER 0xffffffffU
+typedef word32 cpuid_flags_t;
+#if !defined(WOLFSSL_NO_ATOMICS) && !defined(SINGLE_THREADED)
+    typedef wolfSSL_Atomic_Uint cpuid_flags_atomic_t;
+    #define WC_CPUID_ATOMIC_INITIALIZER \
+        WOLFSSL_ATOMIC_INITIALIZER(WC_CPUID_INITIALIZER)
+#else
+    typedef word32 cpuid_flags_atomic_t;
+    #define WC_CPUID_ATOMIC_INITIALIZER WC_CPUID_INITIALIZER
+#endif
+
 #ifdef HAVE_CPUID_INTEL
 
     #define CPUID_AVX1   0x0001
@@ -57,16 +68,16 @@
     #define CPUID_BMI1   0x0100   /* ANDN */
     #define CPUID_SHA    0x0200   /* SHA-1 and SHA-256 instructions */
 
-    #define IS_INTEL_AVX1(f)    ((f) & CPUID_AVX1)
-    #define IS_INTEL_AVX2(f)    ((f) & CPUID_AVX2)
-    #define IS_INTEL_RDRAND(f)  ((f) & CPUID_RDRAND)
-    #define IS_INTEL_RDSEED(f)  ((f) & CPUID_RDSEED)
-    #define IS_INTEL_BMI2(f)    ((f) & CPUID_BMI2)
-    #define IS_INTEL_AESNI(f)   ((f) & CPUID_AESNI)
-    #define IS_INTEL_ADX(f)     ((f) & CPUID_ADX)
-    #define IS_INTEL_MOVBE(f)   ((f) & CPUID_MOVBE)
-    #define IS_INTEL_BMI1(f)    ((f) & CPUID_BMI1)
-    #define IS_INTEL_SHA(f)     ((f) & CPUID_SHA)
+    #define IS_INTEL_AVX1(f)    (WOLFSSL_ATOMIC_COERCE_UINT(f) & CPUID_AVX1)
+    #define IS_INTEL_AVX2(f)    (WOLFSSL_ATOMIC_COERCE_UINT(f) & CPUID_AVX2)
+    #define IS_INTEL_RDRAND(f)  (WOLFSSL_ATOMIC_COERCE_UINT(f) & CPUID_RDRAND)
+    #define IS_INTEL_RDSEED(f)  (WOLFSSL_ATOMIC_COERCE_UINT(f) & CPUID_RDSEED)
+    #define IS_INTEL_BMI2(f)    (WOLFSSL_ATOMIC_COERCE_UINT(f) & CPUID_BMI2)
+    #define IS_INTEL_AESNI(f)   (WOLFSSL_ATOMIC_COERCE_UINT(f) & CPUID_AESNI)
+    #define IS_INTEL_ADX(f)     (WOLFSSL_ATOMIC_COERCE_UINT(f) & CPUID_ADX)
+    #define IS_INTEL_MOVBE(f)   (WOLFSSL_ATOMIC_COERCE_UINT(f) & CPUID_MOVBE)
+    #define IS_INTEL_BMI1(f)    (WOLFSSL_ATOMIC_COERCE_UINT(f) & CPUID_BMI1)
+    #define IS_INTEL_SHA(f)     (WOLFSSL_ATOMIC_COERCE_UINT(f) & CPUID_SHA)
 
 #elif defined(HAVE_CPUID_AARCH64)
 
@@ -80,26 +91,51 @@
     #define CPUID_SM4         0x0080    /* SM4 enc/dec */
     #define CPUID_SB          0x0100    /* Speculation barrier */
 
-    #define IS_AARCH64_AES(f)       ((f) & CPUID_AES)
-    #define IS_AARCH64_PMULL(f)     ((f) & CPUID_PMULL)
-    #define IS_AARCH64_SHA256(f)    ((f) & CPUID_SHA256)
-    #define IS_AARCH64_SHA512(f)    ((f) & CPUID_SHA512)
-    #define IS_AARCH64_RDM(f)       ((f) & CPUID_RDM)
-    #define IS_AARCH64_SHA3(f)      ((f) & CPUID_SHA3)
-    #define IS_AARCH64_SM3(f)       ((f) & CPUID_SM3)
-    #define IS_AARCH64_SM4(f)       ((f) & CPUID_SM4)
-    #define IS_AARCH64_SB(f)        ((f) & CPUID_SB)
+    #define IS_AARCH64_AES(f)       (WOLFSSL_ATOMIC_COERCE_UINT(f) & CPUID_AES)
+    #define IS_AARCH64_PMULL(f)     (WOLFSSL_ATOMIC_COERCE_UINT(f) & CPUID_PMULL)
+    #define IS_AARCH64_SHA256(f)    (WOLFSSL_ATOMIC_COERCE_UINT(f) & CPUID_SHA256)
+    #define IS_AARCH64_SHA512(f)    (WOLFSSL_ATOMIC_COERCE_UINT(f) & CPUID_SHA512)
+    #define IS_AARCH64_RDM(f)       (WOLFSSL_ATOMIC_COERCE_UINT(f) & CPUID_RDM)
+    #define IS_AARCH64_SHA3(f)      (WOLFSSL_ATOMIC_COERCE_UINT(f) & CPUID_SHA3)
+    #define IS_AARCH64_SM3(f)       (WOLFSSL_ATOMIC_COERCE_UINT(f) & CPUID_SM3)
+    #define IS_AARCH64_SM4(f)       (WOLFSSL_ATOMIC_COERCE_UINT(f) & CPUID_SM4)
+    #define IS_AARCH64_SB(f)        (WOLFSSL_ATOMIC_COERCE_UINT(f) & CPUID_SB)
 
 #endif
 
 #ifdef HAVE_CPUID
-    void cpuid_set_flags(void);
-    word32 cpuid_get_flags(void);
+    cpuid_flags_t cpuid_get_flags(void);
+
+    /* Idempotent flag getter -- fast, but return value (whether updated) is not
+     * strictly reliable.
+     */
+    static WC_INLINE int cpuid_get_flags_ex(cpuid_flags_t *flags) {
+        if (*flags == WC_CPUID_INITIALIZER) {
+            *flags = cpuid_get_flags();
+            return 1;
+        }
+        else
+            return 0;
+    }
+
+    /* Strictly race-free flag getter -- slow, but the return value is strictly
+     * accurate.
+     */
+    static WC_INLINE int cpuid_get_flags_atomic(cpuid_flags_atomic_t *flags) {
+        if (WOLFSSL_ATOMIC_LOAD(*flags) == WC_CPUID_INITIALIZER) {
+            cpuid_flags_t old_cpuid_flags = WC_CPUID_INITIALIZER;
+            return wolfSSL_Atomic_Uint_CompareExchange
+                (flags, &old_cpuid_flags, cpuid_get_flags());
+        }
+        else
+            return 0;
+    }
+
 
     /* Public APIs to modify flags. */
-    WOLFSSL_API void cpuid_select_flags(word32 flags);
-    WOLFSSL_API void cpuid_set_flag(word32 flag);
-    WOLFSSL_API void cpuid_clear_flag(word32 flag);
+    WOLFSSL_API void cpuid_select_flags(cpuid_flags_t flags);
+    WOLFSSL_API void cpuid_set_flag(cpuid_flags_t flag);
+    WOLFSSL_API void cpuid_clear_flag(cpuid_flags_t flag);
 
 #endif
 
diff --git a/wolfssl/wolfcrypt/cryptocb.h b/wolfssl/wolfcrypt/cryptocb.h
index af5f912ff..35b6f715c 100644
--- a/wolfssl/wolfcrypt/cryptocb.h
+++ b/wolfssl/wolfcrypt/cryptocb.h
@@ -468,6 +468,29 @@ typedef struct wc_CryptoInfo {
         void *ctx;
     } cmd;
 #endif
+#ifdef HAVE_HKDF
+    struct {
+        int type; /* enum wc_KdfType */
+#ifdef HAVE_ANONYMOUS_INLINE_AGGREGATES
+        union {
+#endif
+            struct {                  /* HKDF one-shot */
+                int         hashType; /* WC_SHA256, etc. */
+                const byte* inKey;    /* Input keying material */
+                word32      inKeySz;
+                const byte* salt; /* Optional salt */
+                word32      saltSz;
+                const byte* info; /* Optional info */
+                word32      infoSz;
+                byte*       out; /* Output key material */
+                word32      outSz;
+            } hkdf;
+            /* Future KDF type structures here */
+#ifdef HAVE_ANONYMOUS_INLINE_AGGREGATES
+        };
+#endif
+    } kdf;
+#endif
 #ifdef HAVE_ANONYMOUS_INLINE_AGGREGATES
     };
 #endif
@@ -639,6 +662,10 @@ WOLFSSL_LOCAL int wc_CryptoCb_ShaHash(wc_Sha* sha, const byte* in,
     word32 inSz, byte* digest);
 #endif /* !NO_SHA */
 
+#ifdef WOLFSSL_SHA224
+WOLFSSL_LOCAL int wc_CryptoCb_Sha224Hash(wc_Sha224* sha224, const byte* in,
+    word32 inSz, byte* digest);
+#endif /* WOLFSSL_SHA224 */
 #ifndef NO_SHA256
 WOLFSSL_LOCAL int wc_CryptoCb_Sha256Hash(wc_Sha256* sha256, const byte* in,
     word32 inSz, byte* digest);
@@ -662,6 +689,14 @@ WOLFSSL_LOCAL int wc_CryptoCb_Hmac(Hmac* hmac, int macType, const byte* in,
     word32 inSz, byte* digest);
 #endif /* !NO_HMAC */
 
+#ifdef HAVE_HKDF
+WOLFSSL_LOCAL int wc_CryptoCb_Hkdf(int hashType, const byte* inKey,
+                                   word32 inKeySz, const byte* salt,
+                                   word32 saltSz, const byte* info,
+                                   word32 infoSz, byte* out, word32 outSz,
+                                   int devId);
+#endif
+
 #ifndef WC_NO_RNG
 WOLFSSL_LOCAL int wc_CryptoCb_RandomBlock(WC_RNG* rng, byte* out, word32 sz);
 WOLFSSL_LOCAL int wc_CryptoCb_RandomSeed(OS_Seed* os, byte* seed, word32 sz);
diff --git a/wolfssl/wolfcrypt/dh.h b/wolfssl/wolfcrypt/dh.h
index bbb253600..0bb8508a7 100644
--- a/wolfssl/wolfcrypt/dh.h
+++ b/wolfssl/wolfcrypt/dh.h
@@ -171,17 +171,8 @@ WOLFSSL_API int wc_DhCmpNamedKey(int name, int noQ,
         const byte* q, word32 qSz);
 WOLFSSL_API int wc_DhCopyNamedKey(int name,
         byte* p, word32* pSz, byte* g, word32* gSz, byte* q, word32* qSz);
-
-#ifndef WOLFSSL_NO_DH_GEN_PUB
-    #if defined(WOLFSSL_DH_EXTRA) && !defined(WOLFSSL_DH_GEN_PUB)
-        #define WOLFSSL_DH_GEN_PUB
-    #endif
-    #ifdef WOLFSSL_DH_GEN_PUB
-        WOLFSSL_API int wc_DhGeneratePublic(DhKey* key, byte* priv,
-                                            word32 privSz, byte* pub,
-                                            word32* pubSz);
-    #endif /* WOLFSSL_DH_GEN_PUB */
-#endif /* !WOLFSSL_NO_DH_GEN_PUB */
+WOLFSSL_API int wc_DhGeneratePublic(DhKey* key, byte* priv,
+        word32 privSz, byte* pub, word32* pubSz);
 
 #ifdef WOLFSSL_DH_EXTRA
 WOLFSSL_API int wc_DhImportKeyPair(DhKey* key, const byte* priv, word32 privSz,
@@ -200,9 +191,9 @@ WOLFSSL_API int wc_DhCheckPubKey_ex(DhKey* key, const byte* pub, word32 pubSz,
                             const byte* prime, word32 primeSz);
 WOLFSSL_API int wc_DhCheckPubValue(const byte* prime, word32 primeSz,
                                    const byte* pub, word32 pubSz);
-WOLFSSL_API int wc_DhCheckPrivKey(DhKey* key, const byte* priv, word32 pubSz);
-WOLFSSL_API int wc_DhCheckPrivKey_ex(DhKey* key, const byte* priv, word32 pubSz,
-                            const byte* prime, word32 primeSz);
+WOLFSSL_API int wc_DhCheckPrivKey(DhKey* key, const byte* priv, word32 privSz);
+WOLFSSL_API int wc_DhCheckPrivKey_ex(DhKey* key, const byte* priv,
+        word32 privSz, const byte* prime, word32 primeSz);
 WOLFSSL_API int wc_DhCheckKeyPair(DhKey* key, const byte* pub, word32 pubSz,
                         const byte* priv, word32 privSz);
 WOLFSSL_API int wc_DhGenerateParams(WC_RNG *rng, int modSz, DhKey *dh);
diff --git a/wolfssl/wolfcrypt/dilithium.h b/wolfssl/wolfcrypt/dilithium.h
index faa4e9252..abded5ce2 100644
--- a/wolfssl/wolfcrypt/dilithium.h
+++ b/wolfssl/wolfcrypt/dilithium.h
@@ -195,6 +195,7 @@
 #define DILITHIUM_Q_BITS                23
 /* Number of elements in polynomial. */
 #define DILITHIUM_N                     256
+#define MLDSA_N                         256
 
 /* Number of dropped bits. */
 #define DILITHIUM_D                     13
@@ -683,8 +684,13 @@ struct dilithium_key {
 #endif
 
 #ifndef WOLFSSL_DILITHIUM_ASSIGN_KEY
+#ifdef USE_INTEL_SPEEDUP
+    byte p[DILITHIUM_MAX_PUB_KEY_SIZE+8];
+    byte k[DILITHIUM_MAX_KEY_SIZE+8];
+#else
     byte p[DILITHIUM_MAX_PUB_KEY_SIZE];
     byte k[DILITHIUM_MAX_KEY_SIZE];
+#endif
 #else
     const byte* p;
     const byte* k;
@@ -788,6 +794,11 @@ int wc_dilithium_verify_ctx_hash(const byte* sig, word32 sigLen,
     const byte* ctx, word32 ctxLen, int hashAlg, const byte* hash,
     word32 hashLen, int* res, dilithium_key* key);
 
+WOLFSSL_API
+dilithium_key* wc_dilithium_new(void* heap, int devId);
+WOLFSSL_API
+int wc_dilithium_delete(dilithium_key* key, dilithium_key** key_p);
+
 WOLFSSL_API
 int wc_dilithium_init(dilithium_key* key);
 
@@ -893,6 +904,79 @@ WOLFSSL_API int wc_Dilithium_PrivateKeyToDer(dilithium_key* key, byte* output,
 #endif
 #endif /* WOLFSSL_DILITHIUM_NO_ASN1 */
 
+#ifdef USE_INTEL_SPEEDUP
+WOLFSSL_LOCAL void wc_mldsa_poly_red_avx2(sword32* a);
+
+WOLFSSL_LOCAL void wc_mldsa_ntt_avx2(sword32* r);
+WOLFSSL_LOCAL void wc_mldsa_ntt_full_avx2(sword32* r);
+WOLFSSL_LOCAL void wc_mldsa_invntt_avx2(sword32* r);
+WOLFSSL_LOCAL void wc_mldsa_invntt_full_avx2(sword32* r);
+
+WOLFSSL_LOCAL void wc_mldsa_mul_avx2(sword32* r, const sword32* a,
+    const sword32* b);
+WOLFSSL_LOCAL void wc_mldsa_mul_vec_4_avx2(sword32* r, const sword32* a,
+    const sword32* b);
+WOLFSSL_LOCAL void wc_mldsa_mul_vec_5_avx2(sword32* r, const sword32* a,
+    const sword32* b);
+WOLFSSL_LOCAL void wc_mldsa_mul_vec_7_avx2(sword32* r, const sword32* a,
+    const sword32* b);
+WOLFSSL_LOCAL void wc_mldsa_matrix_mul_4x4_avx2(sword32* r, const sword32* m,
+    const sword32* v);
+WOLFSSL_LOCAL void wc_mldsa_matrix_mul_6x5_avx2(sword32* r, const sword32* m,
+    const sword32* v);
+WOLFSSL_LOCAL void wc_mldsa_matrix_mul_8x7_avx2(sword32* r, const sword32* m,
+    const sword32* v);
+
+WOLFSSL_LOCAL void wc_mldsa_redistribute_21_rand_avx2(word64* s, byte* r0,
+    byte* r1, byte* r2, byte* r3);
+WOLFSSL_LOCAL int wc_mldsa_rej_uniform_n_avx2(sword32* a, word32 len,
+    const byte* r, word32 rLen);
+WOLFSSL_LOCAL int wc_mldsa_rej_uniform_avx2(sword32* a, word32 len,
+    const byte* r, word32 rLen);
+
+WOLFSSL_LOCAL void wc_mldsa_redistribute_17_rand_avx2(word64* s, byte* r0,
+    byte* r1, byte* r2, byte* r3);
+WOLFSSL_LOCAL void wc_mldsa_extract_coeffs_eta2_avx2(const byte* z,
+    unsigned int zLen, sword32* s, unsigned int* cnt);
+WOLFSSL_LOCAL void wc_mldsa_extract_coeffs_eta4_avx2(const byte* z,
+    unsigned int zLen, sword32* s, unsigned int* cnt);
+
+WOLFSSL_LOCAL void wc_mldsa_vec_encode_eta_2_avx2(const sword32* s, byte d,
+    byte* p);
+WOLFSSL_LOCAL void wc_mldsa_vec_encode_eta_4_avx2(const sword32* t, byte* p);
+WOLFSSL_LOCAL void wc_mldsa_decode_eta_2_avx2(const byte* p, sword32* s);
+WOLFSSL_LOCAL void wc_mldsa_decode_eta_4_avx2(const byte* p, sword32* s);
+
+WOLFSSL_LOCAL void wc_mldsa_encode_w1_88_avx2(const sword32* w1, byte* w1e);
+WOLFSSL_LOCAL void wc_mldsa_encode_w1_32_avx2(const sword32* w1, byte* w1e);
+
+WOLFSSL_LOCAL void wc_mldsa_vec_encode_t0_t1_avx2(const sword32* t, byte d,
+    byte* t0, byte* t1);
+WOLFSSL_LOCAL void wc_mldsa_decode_t0_avx2(const byte* t0, sword32* t);
+WOLFSSL_LOCAL void wc_mldsa_decode_t1_avx2(const byte* t1, sword32* t);
+
+WOLFSSL_LOCAL void wc_mldsa_decode_gamma1_17_avx2(const byte* s, sword32* z);
+WOLFSSL_LOCAL void wc_mldsa_decode_gamma1_19_avx2(const byte* s, sword32* z);
+WOLFSSL_LOCAL void wc_mldsa_encode_gamma1_17_avx2(const sword32* z, byte* s);
+WOLFSSL_LOCAL void wc_mldsa_encode_gamma1_19_avx2(const sword32* z, byte* s);
+
+WOLFSSL_LOCAL void wc_mldsa_decompose_q88_avx2(const sword32* r, sword32* r0,
+    sword32* r1);
+WOLFSSL_LOCAL void wc_mldsa_decompose_q32_avx2(const sword32* r, byte k,
+    sword32* r0, sword32* r1);
+
+WOLFSSL_LOCAL void wc_mldsa_use_hint_88_avx2(sword32* w1, const byte* h);
+WOLFSSL_LOCAL void wc_mldsa_use_hint_32_avx2(sword32* w1, byte k,
+    const byte* h);
+
+WOLFSSL_LOCAL int wc_mldsa_vec_check_low_avx2(const sword32* a, byte l,
+    sword32 hi);
+
+WOLFSSL_LOCAL void wc_mldsa_poly_add_avx2(sword32* r, const sword32* a);
+WOLFSSL_LOCAL void wc_mldsa_poly_sub_avx2(sword32* r, const sword32* a);
+WOLFSSL_LOCAL void wc_mldsa_poly_make_pos_avx2(sword32* a);
+#endif
+
 
 #define WC_ML_DSA_DRAFT         10
 
diff --git a/wolfssl/wolfcrypt/error-crypt.h b/wolfssl/wolfcrypt/error-crypt.h
index d95e5277a..4a5df0561 100644
--- a/wolfssl/wolfcrypt/error-crypt.h
+++ b/wolfssl/wolfcrypt/error-crypt.h
@@ -305,14 +305,14 @@ enum wolfCrypt_ErrorCodes {
     DEADLOCK_AVERTED_E  = -1000, /* Deadlock averted -- retry the call */
     ASCON_AUTH_E        = -1001, /* ASCON Authentication check failure */
     WC_ACCEL_INHIBIT_E  = -1002, /* Crypto acceleration is currently inhibited */
+    BAD_INDEX_E         = -1003, /* Bad index */
+    INTERRUPTED_E       = -1004, /* Process interrupted */
+
+    WC_SPAN2_LAST_E     = -1004, /* Update to indicate last used error code */
+    WC_LAST_E           = -1004, /* the last code used either here or in
+                                  * error-ssl.h */
 
-    WC_SPAN2_LAST_E     = -1002, /* Update to indicate last used error code */
     WC_SPAN2_MIN_CODE_E = -1999, /* Last usable code in span 2 */
-
-    WC_LAST_E           = -1002, /* the last code used either here or in
-                                  * error-ssl.h
-                                  */
-
     MIN_CODE_E          = -1999  /* the last code allocated either here or in
                                   * error-ssl.h
                                   */
@@ -349,22 +349,13 @@ WOLFSSL_ABI WOLFSSL_API const char* wc_GetErrorString(int error);
         #endif
     #endif
     #ifndef WC_ERR_TRACE
-        #ifdef NO_STDIO_FILESYSTEM
-        #define WC_ERR_TRACE(label)                           \
-            ( printf("ERR TRACE: %s L %d %s (%d)\n",          \
-                      __FILE__, __LINE__, #label, label),     \
-              WOLFSSL_DEBUG_BACKTRACE_RENDER_CLAUSE,          \
-              label                                           \
+        #define WC_ERR_TRACE(label)                                   \
+            ( WOLFSSL_DEBUG_PRINTF_FN(WOLFSSL_DEBUG_PRINTF_FIRST_ARGS \
+                                      "ERR TRACE: %s L %d %s (%d)\n", \
+                      __FILE__, __LINE__, #label, label),             \
+              WOLFSSL_DEBUG_BACKTRACE_RENDER_CLAUSE,                  \
+              label                                                   \
             )
-        #else
-        #define WC_ERR_TRACE(label)                           \
-            ( fprintf(stderr,                                 \
-                      "ERR TRACE: %s L %d %s (%d)\n",         \
-                      __FILE__, __LINE__, #label, label),     \
-              WOLFSSL_DEBUG_BACKTRACE_RENDER_CLAUSE,          \
-              label                                           \
-            )
-        #endif
     #endif
     #include <wolfssl/debug-trace-error-codes.h>
 #else
diff --git a/wolfssl/wolfcrypt/fe_operations.h b/wolfssl/wolfcrypt/fe_operations.h
index 844d93879..1848ca652 100644
--- a/wolfssl/wolfcrypt/fe_operations.h
+++ b/wolfssl/wolfcrypt/fe_operations.h
@@ -63,12 +63,12 @@ Bounds on each t[i] vary depending on context.
 #if defined(CURVE25519_SMALL) || defined(ED25519_SMALL)
     #define F25519_SIZE 32
 
-    WOLFSSL_LOCAL void lm_copy(byte*, const byte*);
-    WOLFSSL_LOCAL void lm_add(byte*, const byte*, const byte*);
-    WOLFSSL_LOCAL void lm_sub(byte*, const byte*, const byte*);
-    WOLFSSL_LOCAL void lm_neg(byte*,const byte*);
-    WOLFSSL_LOCAL void lm_invert(byte*, const byte*);
-    WOLFSSL_LOCAL void lm_mul(byte*,const byte*,const byte*);
+    WOLFSSL_LOCAL void lm_copy(byte* x, const byte* a);
+    WOLFSSL_LOCAL void lm_add(byte* r, const byte* a, const byte* b);
+    WOLFSSL_LOCAL void lm_sub(byte* r, const byte* a, const byte* b);
+    WOLFSSL_LOCAL void lm_neg(byte* r,const byte* a);
+    WOLFSSL_LOCAL void lm_invert(byte* r, const byte* x);
+    WOLFSSL_LOCAL void lm_mul(byte* r,const byte* a, const byte* b);
 #endif
 
 
@@ -119,9 +119,10 @@ WOLFSSL_LOCAL void fe_mul121666(fe h,fe f);
 WOLFSSL_LOCAL void fe_cmov(fe f, const fe g, int b);
 WOLFSSL_LOCAL void fe_pow22523(fe out,const fe z);
 
-/* 64 type needed for SHA512 */
-WOLFSSL_LOCAL sword64 load_3(const unsigned char *in);
-WOLFSSL_LOCAL sword64 load_4(const unsigned char *in);
+#if !defined(CURVE25519_SMALL) && !defined(ED25519_SMALL)
+    WOLFSSL_LOCAL sword64 load_3(const unsigned char *in);
+    WOLFSSL_LOCAL sword64 load_4(const unsigned char *in);
+#endif
 
 #ifdef CURVED25519_ASM
 WOLFSSL_LOCAL void fe_cmov_table(fe* r, fe* base, signed char b);
diff --git a/wolfssl/wolfcrypt/hash.h b/wolfssl/wolfcrypt/hash.h
index 9ac6cff2a..99bcea00a 100644
--- a/wolfssl/wolfcrypt/hash.h
+++ b/wolfssl/wolfcrypt/hash.h
@@ -137,6 +137,9 @@ typedef struct {
 #elif defined(WOLFSSL_SHA384)
     #define WC_MAX_DIGEST_SIZE WC_SHA384_DIGEST_SIZE
     #define WC_MAX_BLOCK_SIZE  WC_SHA384_BLOCK_SIZE
+#elif !defined(NO_SHA) && !defined(NO_MD5)
+    #define WC_MAX_DIGEST_SIZE (WC_SHA_DIGEST_SIZE + WC_MD5_DIGEST_SIZE)
+    #define WC_MAX_BLOCK_SIZE  WC_SHA_BLOCK_SIZE
 #elif !defined(NO_SHA256)
     #define WC_MAX_DIGEST_SIZE WC_SHA256_DIGEST_SIZE
     #define WC_MAX_BLOCK_SIZE  WC_SHA256_BLOCK_SIZE
diff --git a/wolfssl/wolfcrypt/hmac.h b/wolfssl/wolfcrypt/hmac.h
index 90b04faba..855555536 100644
--- a/wolfssl/wolfcrypt/hmac.h
+++ b/wolfssl/wolfcrypt/hmac.h
@@ -169,11 +169,11 @@ struct Hmac {
 
 /* does init */
 WOLFSSL_API int wc_HmacSetKey(Hmac* hmac, int type, const byte* key,
-                              word32 keySz);
+                              word32 length);
 WOLFSSL_API int wc_HmacSetKey_ex(Hmac* hmac, int type, const byte* key,
                                  word32 length, int allowFlag);
-WOLFSSL_API int wc_HmacUpdate(Hmac* hmac, const byte* in, word32 sz);
-WOLFSSL_API int wc_HmacFinal(Hmac* hmac, byte* out);
+WOLFSSL_API int wc_HmacUpdate(Hmac* hmac, const byte* msg, word32 length);
+WOLFSSL_API int wc_HmacFinal(Hmac* hmac, byte* hash);
 #ifdef WOLFSSL_KCAPI_HMAC
 WOLFSSL_API int wc_HmacSetKey_Software(Hmac* hmac, int type, const byte* key,
                                        word32 keySz);
@@ -216,6 +216,10 @@ WOLFSSL_API int wc_HKDF(int type, const byte* inKey, word32 inKeySz,
                     const byte* salt, word32 saltSz,
                     const byte* info, word32 infoSz,
                     byte* out, word32 outSz);
+WOLFSSL_API int wc_HKDF_ex(int type, const byte* inKey, word32 inKeySz,
+                       const byte* salt, word32 saltSz,
+                       const byte* info, word32 infoSz,
+                       byte* out, word32 outSz, void* heap, int devId);
 
 #endif /* HAVE_HKDF */
 
diff --git a/wolfssl/wolfcrypt/include.am b/wolfssl/wolfcrypt/include.am
index bf798d366..a19af7426 100644
--- a/wolfssl/wolfcrypt/include.am
+++ b/wolfssl/wolfcrypt/include.am
@@ -120,6 +120,7 @@ noinst_HEADERS+= \
                          wolfssl/wolfcrypt/port/Renesas/renesas_sync.h \
                          wolfssl/wolfcrypt/port/Renesas/renesas_cmn.h \
                          wolfssl/wolfcrypt/port/Renesas/renesas_tsip_types.h \
+                         wolfssl/wolfcrypt/port/Renesas/renesas_tsip_internal.h \
                          wolfssl/wolfcrypt/port/cypress/psoc6_crypto.h \
                          wolfssl/wolfcrypt/port/maxim/max3266x.h \
                          wolfssl/wolfcrypt/port/maxim/max3266x-cryptocb.h \
diff --git a/wolfssl/wolfcrypt/integer.h b/wolfssl/wolfcrypt/integer.h
index 7d3f6ea89..807847a06 100644
--- a/wolfssl/wolfcrypt/integer.h
+++ b/wolfssl/wolfcrypt/integer.h
@@ -46,12 +46,8 @@
 #include <wolfssl/wolfcrypt/error-crypt.h>
 #include <wolfssl/wolfcrypt/random.h>
 
-#ifndef CHAR_BIT
-    #if defined(WOLFSSL_LINUXKM)
-        #include <linux/limits.h>
-    #else
-        #include <limits.h>
-    #endif
+#if !defined(CHAR_BIT) && !defined(NO_LIMITS_H)
+    #include <limits.h>
 #endif
 
 #include <wolfssl/wolfcrypt/mpi_class.h>
diff --git a/wolfssl/wolfcrypt/logging.h b/wolfssl/wolfcrypt/logging.h
index f7ccf9555..fe5adad66 100644
--- a/wolfssl/wolfcrypt/logging.h
+++ b/wolfssl/wolfcrypt/logging.h
@@ -26,11 +26,114 @@
 
 /* submitted by eof */
 
+/*
+ * Enable wolfSSL debugging with DEBUG_WOLFSSL
+ *
+ * Certificate debugging is a subset of DEBUG_WOLFSSL but can be enabled
+ * exclusively with WOLFSSL_DEBUG_CERTS.
+ *
+ * When DEBUG_WOLFSSL is enabled, but the subset of certificate debugging
+ * is not desired, it can disabled with NO_WOLFSSL_DEBUG_CERTS
+ *
+ * ****************************************************************************
+ * Message / printf debugging
+ * ****************************************************************************
+ *
+ * WOLFSSL_DEBUG_PRINTF()
+ *   Utility macro: A buffer-less, non-truncating debug message renderer.  On
+ *   supported targets, it is always functional, i.e. it is not affected by
+ *   DEBUG_WOLFSSL or wolfSSL_Debugging_{ON,OFF}().  Test for support using
+ *   defined(WOLFSSL_DEBUG_PRINTF) -- if it is unsupported it is not defined.
+ *
+ * WOLFSSL_DEBUG_PRINTF_FN
+ *   Used to supply an override definition of the target platform's printf-like
+ *   function.  By default, it is defined to fprintf.  If defined, this is used
+ *   as the underlying function for all logging by the library.
+ *
+ * WOLFSSL_DEBUG_PRINTF_FIRST_ARGS
+ *   Used to supply an override definition of the initial args to the target
+ *   platform's printf-like function, with a trailing comma.  This can be
+ *   defined to nothing if there are no initial args to supply.  By default, it
+ *   is defined to stderr plus a trailing comma.  If defined, the args are
+ *   passed to WOLFSSL_DEBUG_PRINTF_FN wherever it is called.
+ *
+ * WOLFSSL_MSG_EX_BUF_SZ
+ *   Re-definable macro: maximum length of WOLFSSL_MSG_EX debugging messages.
+ *
+ * WOLFSSL_MSG
+ *   Single message parameter. Works everywhere.
+ *
+ * WOLFSSL_MSG_EX
+ *   Variable number of parameters. Should be supported nearly everywhere.
+ *
+ * WOLFSSL_MSG_EX2
+ *   Variable number of parameters. Should be supported nearly everywhere.
+ *   Special case where first two parameters are const char *file, int line
+ *
+ * ****************************************************************************
+ * Certificate Debugging: a subset of DEBUG_WOLFSSL
+ * or can be used alone WOLFSSL_DEBUG_CERTS without all the debugging noise
+ * ****************************************************************************
+ *
+ * WOLFSSL_MSG_CERT_BUF_SZ
+ *   Used by WOLFSSL_MSG_CERT and WOLFSSL_MSG_CERT_EX
+ *   Re-definable macro: maximum length of debugging messages.
+ *
+ * WOLFSSL_MSG_CERT
+ *   Single message parameter. Works everywhere.
+ *   Print only during WOLFSSL_DEBUG_CERTS
+ *
+ * WOLFSSL_MSG_CERT_LOG
+ *   Single message parameter. Works everywhere.
+ *   Print during either DEBUG_WOLFSSL or WOLFSSL_DEBUG_CERTS
+ *
+ * WOLFSSL_MSG_CERT_EX
+ *   Variable number of parameters. Should be supported nearly everywhere.
+ *
+ * WOLFSSL_MSG_CERT_LOG_EX
+ *   Variable number of parameters. Should be supported nearly everywhere.
+ *   Print during either DEBUG_WOLFSSL or WOLFSSL_DEBUG_CERTS
+ *
+ * When any of the above are disabled:
+ *   With WOLF_NO_VARIADIC_MACROS a do nothing placeholder function is used.
+ *   Otherwise, a do-nothing macro. See WC_DO_NOTHING
+ *
+ * Optional user callbacks:
+ *   wolfSSL_SetLoggingCb(my_log_cb);
+ *
+ * To disable certificate debugging:
+ *   Do not define WOLFSSL_DEBUG_CERTS when used without DEBUG_WOLFSSL
+ *      or
+ *   Define NO_WOLFSSL_DEBUG_CERTS when DEBUG_WOLFSSL is enabled
+ *
+ *  If NO_WOLFSSL_DEBUG_CERTS is detected in settings.h, the respective
+ *  WOLFSSL_DEBUG_CERTS will be undefined. The explicit NO_WOLFSSL_DEBUG_CERTS
+ *  checks are still performed in logging source for code clarity only.
+ *
+ * ****************************************************************************
+ * At runtime with debugging enabled:
+ * ****************************************************************************
+ *
+ * Display debug messages:
+ *  int  wolfSSL_Debugging_ON(void)
+ *  int  wolfSSL_CertDebugging_ON(void)
+ *
+ * Disable debug messages until re-enabled at runtime:
+ *  void wolfSSL_Debugging_OFF(void);
+ *  int  wolfSSL_CertDebugging_OFF(void)
+ *
+ * See also:
+ *  int WOLFSSL_IS_DEBUG_ON(void)
+ *
+ *  Note: does not affect WOLFSSL_DEBUG_PRINTF(), which renders unconditionally.
+ *
+ */
 
 #ifndef WOLFSSL_LOGGING_H
 #define WOLFSSL_LOGGING_H
 
 #include <wolfssl/wolfcrypt/types.h>
+#include <wolfssl/wolfcrypt/error-crypt.h>
 
 #ifdef __cplusplus
     extern "C" {
@@ -42,6 +145,7 @@ enum wc_LogLevels {
     INFO_LOG,
     ENTER_LOG,
     LEAVE_LOG,
+    CERT_LOG,
     OTHER_LOG
 };
 
@@ -99,6 +203,11 @@ WOLFSSL_API wolfSSL_Logging_cb wolfSSL_GetLoggingCb(void);
 WOLFSSL_API int  wolfSSL_Debugging_ON(void);
 /* turn logging off */
 WOLFSSL_API void wolfSSL_Debugging_OFF(void);
+/* turn cert debugging on, only if compiled in */
+WOLFSSL_API int  wolfSSL_CertDebugging_ON(void);
+/* turn cert debugging off */
+WOLFSSL_API int  wolfSSL_CertDebugging_OFF(void);
+
 
 WOLFSSL_API void wolfSSL_SetLoggingPrefix(const char* prefix);
 
@@ -152,8 +261,52 @@ WOLFSSL_API void wolfSSL_SetLoggingPrefix(const char* prefix);
     #define WOLFSSL_TIME(n)  WC_DO_NOTHING
 #endif
 
+/* Certificate Debugging: WOLFSSL_MSG_CERT */
+#if defined(XVSNPRINTF) && !defined(NO_WOLFSSL_DEBUG_CERTS) && \
+   (defined(DEBUG_WOLFSSL) || defined(WOLFSSL_DEBUG_CERTS))
+    #define HAVE_WOLFSSL_DEBUG_CERTS
+    #ifndef WOLFSSL_MSG_CERT_INDENT
+        #define WOLFSSL_MSG_CERT_INDENT "\t-  "
+    #endif
+
+    WOLFSSL_API int WOLFSSL_MSG_CERT(const char* msg);
+    WOLFSSL_API int WOLFSSL_MSG_CERT_EX(const char* fmt, ...);
+#else
+    /* No Certificate Debugging */
+    #undef WOLFSSL_DEBUG_CERTS
+
+    #ifndef WOLFSSL_MSG_CERT_INDENT
+        #define WOLFSSL_MSG_CERT_INDENT ""
+    #endif
+    #ifdef WOLF_NO_VARIADIC_MACROS
+        /* The issue is variadic macros, not function parameters. e.g Watcom
+         * Additionally, Watcom needs the empty declaration here: */
+        #ifdef __WATCOMC__
+            /* don't use WOLFSSL_API nor inline for Watcom stubs */
+            static int WOLFSSL_MSG_CERT(const char* msg)
+            {
+                (void)msg;
+                return NOT_COMPILED_IN;
+            }
+
+            static int WOLFSSL_MSG_CERT_EX(const char* fmt, ...)
+            {
+                (void)fmt;
+                return NOT_COMPILED_IN;
+            }
+        #else
+            WOLFSSL_API int WOLFSSL_MSG_CERT(const char* msg);
+            WOLFSSL_API int WOLFSSL_MSG_CERT_EX(const char* fmt, ...);
+        #endif
+    #else
+        /* Nearly all compilers will support variadic macros */
+        #define WOLFSSL_MSG_CERT(m)      WC_DO_NOTHING
+        #define WOLFSSL_MSG_CERT_EX(...) WC_DO_NOTHING
+    #endif
+#endif /* Certificate Debugging: WOLFSSL_MSG_CERT */
+
 #if defined(DEBUG_WOLFSSL) && !defined(WOLFSSL_DEBUG_ERRORS_ONLY)
-    #if defined(_WIN32)
+    #if defined(_WIN32) && !defined(__WATCOMC__)
         #if defined(INTIME_RTOS)
             #define __func__ NULL
         #else
@@ -169,14 +322,18 @@ WOLFSSL_API void wolfSSL_SetLoggingPrefix(const char* prefix);
     #define WOLFSSL_STUB(m) \
         WOLFSSL_MSG(WOLFSSL_LOG_CAT(wolfSSL Stub, m, not implemented))
     WOLFSSL_API int WOLFSSL_IS_DEBUG_ON(void);
+
+    /* WOLFSSL_MSG_EX may not be available. Check with HAVE_WOLFSSL_MSG_EX */
 #if defined(XVSNPRINTF) && !defined(NO_WOLFSSL_MSG_EX)
     WOLFSSL_API void WOLFSSL_MSG_EX(const char* fmt, ...);
     #define HAVE_WOLFSSL_MSG_EX
 #else
     #ifdef WOLF_NO_VARIADIC_MACROS
-        #define WOLFSSL_MSG_EX()    WC_DO_NOTHING
+        /* We need a do-nothing function with a variable number of parameters */
+        /* see logging.c
+         *   static inline void WOLFSSL_MSG_EX(const char* fmt, ...); */
     #else
-        #define WOLFSSL_MSG_EX(...) WC_DO_NOTHING
+        #define WOLFSSL_MSG_EX(...)   WC_DO_NOTHING
     #endif
 #endif
     WOLFSSL_API void WOLFSSL_MSG(const char* msg);
@@ -206,25 +363,54 @@ WOLFSSL_API void wolfSSL_SetLoggingPrefix(const char* prefix);
     WOLFSSL_API void WOLFSSL_BUFFER(const byte* buffer, word32 length);
 
 #else
-
-    #define WOLFSSL_ENTER(m)      WC_DO_NOTHING
-    #define WOLFSSL_LEAVE(m, r)   WC_DO_NOTHING
-    #define WOLFSSL_STUB(m)       WC_DO_NOTHING
+    /* ! (defined(DEBUG_WOLFSSL) && !defined(WOLFSSL_DEBUG_ERRORS_ONLY)) */
+    #define WOLFSSL_ENTER(m)          WC_DO_NOTHING
+    #define WOLFSSL_LEAVE(m, r)       WC_DO_NOTHING
+    #define WOLFSSL_STUB(m)           WC_DO_NOTHING
     #define WOLFSSL_IS_DEBUG_ON() 0
 
     #ifdef WOLF_NO_VARIADIC_MACROS
         /* note, modern preprocessors will generate errors with this definition.
          * "error: macro "WOLFSSL_MSG_EX" passed 2 arguments, but takes just 0"
-         */
-        #define WOLFSSL_MSG_EX()    WC_DO_NOTHING
+         *
+         *  #define WOLFSSL_MSG_EX(a, b)  WC_DO_NOTHING
+         *
+         * We need a do-nothing function with a variable number of parameters: */
+        #ifdef __WATCOMC__
+            /* don't use WOLFSSL_API nor inline for Watcom stubs */
+            static void WOLFSSL_MSG_EX(const char* fmt, ...)
+            {
+                (void)fmt;
+            }
+        #else
+            WOLFSSL_API void WOLFSSL_MSG_EX(const char* fmt, ...);
+        #endif
     #else
-        #define WOLFSSL_MSG_EX(...) WC_DO_NOTHING
+        #define WOLFSSL_MSG_EX(...)   WC_DO_NOTHING
     #endif
-    #define WOLFSSL_MSG(m)        WC_DO_NOTHING
-    #define WOLFSSL_BUFFER(b, l)  WC_DO_NOTHING
 
+    #define WOLFSSL_MSG(m)            WC_DO_NOTHING
+    #define WOLFSSL_BUFFER(b, l)      WC_DO_NOTHING
 #endif /* DEBUG_WOLFSSL && !WOLFSSL_DEBUG_ERRORS_ONLY */
 
+/* A special case of certificate-related debug AND regular debug.
+ * WOLFSSL_MSG_CERT_LOG will always print during DEBUG_WOLFSSL
+ * even if cert debugging disabled with NO_WOLFSSL_DEBUG_CERTS.
+ *
+ * WOLFSSL_MSG_CERT_LOG will also print during WOLFSSL_DEBUG_CERTS
+ * even if standard DEBUG_WOLFSSL is not enabled. */
+#if defined(WOLFSSL_DEBUG_CERTS)
+    #define WOLFSSL_MSG_CERT_LOG(msg) WOLFSSL_MSG_CERT(msg)
+    #define WOLFSSL_MSG_CERT_LOG_EX WOLFSSL_MSG_CERT_EX
+#elif defined(DEBUG_WOLFSSL)
+    #define WOLFSSL_MSG_CERT_LOG(msg) WOLFSSL_MSG(msg)
+    #define WOLFSSL_MSG_CERT_LOG_EX WOLFSSL_MSG_EX
+#else
+    #define WOLFSSL_MSG_CERT_LOG(msg) WC_DO_NOTHING
+    #define WOLFSSL_MSG_CERT_LOG_EX WOLFSSL_MSG_EX
+#endif
+
+/* WOLFSSL_ERROR and WOLFSSL_HAVE_ERROR_QUEUE */
 #if defined(DEBUG_WOLFSSL) || defined(OPENSSL_ALL) || defined(WOLFSSL_NGINX) ||\
     defined(WOLFSSL_HAPROXY) || defined(OPENSSL_EXTRA)
 
@@ -305,10 +491,33 @@ WOLFSSL_API void wolfSSL_SetLoggingPrefix(const char* prefix);
     int dc_log_printf(char*, ...);
 #endif
 
+/* WOLFSSL_DEBUG_PRINTF_FN is intended to be used only in wolfssl_log(),
+ * but is exposed in header as a customer cross-platform debugging capability.
+ *
+ * All general wolfSSL debugging should use:
+ *   WOLFSSL_MSG and WOLFSSL_MSG_EX
+ *
+ * All wolfSSL certificate-related debugging should use:
+ *   WOLFSSL_MSG_CERT and WOLFSSL_MSG_CERT_EX
+ *
+ * For custom debugging output, define your own WOLFSSL_DEBUG_PRINTF_FN
+ */
 #ifdef WOLFSSL_DEBUG_PRINTF_FN
     /* user-supplied definition */
 #elif defined(ARDUINO)
     /* ARDUINO only has print and sprintf, no printf. */
+#elif defined(__WATCOMC__)
+    #if defined(DEBUG_WOLFSSL) || defined(WOLFSSL_DEBUG_CERTS)
+        #include <stdio.h>
+        #define WOLFSSL_DEBUG_PRINTF_FN printf
+    #else
+        /* Watcom does not support variadic macros; we need a no-op function */
+        static int WOLFSSL_DEBUG_PRINTF(const char* fmt, ...)
+        {
+            (void)fmt;
+            return NOT_COMPILED_IN;
+        }
+    #endif /* __WATCOMC__ */
 #elif defined(WOLFSSL_LOG_PRINTF) || defined(WOLFSSL_DEOS)
     #define WOLFSSL_DEBUG_PRINTF_FN printf
 #elif defined(THREADX) && !defined(THREADX_NO_DC_PRINTF)
@@ -334,13 +543,15 @@ WOLFSSL_API void wolfSSL_SetLoggingPrefix(const char* prefix);
     #define WOLFSSL_DEBUG_PRINTF_FN M2M_LOG_INFO
 #elif defined(WOLFSSL_ANDROID_DEBUG)
     #define WOLFSSL_DEBUG_PRINTF_FN __android_log_print
-    #define WOLFSSL_DEBUG_PRINTF_FIRST_ARGS ANDROID_LOG_VERBOSE, "[wolfSSL]"
+    #define WOLFSSL_DEBUG_PRINTF_FIRST_ARGS ANDROID_LOG_VERBOSE, "[wolfSSL]",
 #elif defined(WOLFSSL_XILINX)
     #define WOLFSSL_DEBUG_PRINTF_FN xil_printf
 #elif defined(WOLFSSL_LINUXKM)
     #define WOLFSSL_DEBUG_PRINTF_FN printk
 #elif defined(WOLFSSL_RENESAS_RA6M4)
     #define WOLFSSL_DEBUG_PRINTF_FN myprintf
+#elif defined(NO_STDIO_FILESYSTEM)
+    #define WOLFSSL_DEBUG_PRINTF_FN printf
 #else
     #define WOLFSSL_DEBUG_PRINTF_FN fprintf
     #define WOLFSSL_DEBUG_PRINTF_FIRST_ARGS stderr,
@@ -350,10 +561,22 @@ WOLFSSL_API void wolfSSL_SetLoggingPrefix(const char* prefix);
     #define WOLFSSL_DEBUG_PRINTF_FIRST_ARGS
 #endif
 
-#if defined(WOLFSSL_DEBUG_PRINTF_FN) && !defined(WOLFSSL_DEBUG_PRINTF) && \
-    !defined(WOLF_NO_VARIADIC_MACROS)
-    #define WOLFSSL_DEBUG_PRINTF(...) \
-        WOLFSSL_DEBUG_PRINTF_FN(WOLFSSL_DEBUG_PRINTF_FIRST_ARGS __VA_ARGS__)
+#if defined(WOLFSSL_DEBUG_PRINTF_FN) && !defined(WOLFSSL_DEBUG_PRINTF)
+    #if defined(WOLF_NO_VARIADIC_MACROS)
+        #define WOLFSSL_DEBUG_PRINTF(a) \
+            WOLFSSL_DEBUG_PRINTF_FN(WOLFSSL_DEBUG_PRINTF_FIRST_ARGS a)
+    #else
+        #define WOLFSSL_DEBUG_PRINTF(...) \
+            WOLFSSL_DEBUG_PRINTF_FN(WOLFSSL_DEBUG_PRINTF_FIRST_ARGS __VA_ARGS__)
+    #endif
+#endif
+
+/* Sanity Checks */
+#if defined(WOLFSSL_DEBUG_ERRORS_ONLY) && defined(DEBUG_WOLFSSL)
+    #error "Failed: WOLFSSL_DEBUG_ERRORS_ONLY and DEBUG_WOLFSSL pick one"
+#endif
+#if defined(WOLFSSL_DEBUG_ERRORS_ONLY) && defined(WOLFSSL_DEBUG_CERTS)
+    #error "Failed: Cannot WOLFSSL_DEBUG_CERTS with WOLFSSL_DEBUG_ERRORS_ONLY"
 #endif
 
 #ifdef __cplusplus
diff --git a/wolfssl/wolfcrypt/mem_track.h b/wolfssl/wolfcrypt/mem_track.h
index 6a0d5aaaf..e7d17c61b 100644
--- a/wolfssl/wolfcrypt/mem_track.h
+++ b/wolfssl/wolfcrypt/mem_track.h
@@ -67,9 +67,6 @@
 #if defined(WOLFSSL_TRACK_MEMORY) || defined(HAVE_STACK_SIZE) || \
     defined(HAVE_STACK_SIZE_VERBOSE)
     #ifdef NO_STDIO_FILESYSTEM
-        /* if wc_port.h/linuxkm_wc_port.h doesn't define printf, then the user
-         * needs to define it.
-         */
         #define wc_mem_printf(...) printf(__VA_ARGS__)
     #else
         #include <stdio.h>
@@ -82,7 +79,7 @@
     !defined(WOLFSSL_STATIC_MEMORY)
 
 #define DO_MEM_STATS
-#if (defined(__linux__) && !defined(WOLFSSL_LINUXKM)) || defined(__MACH__)
+#if (defined(__linux__) && !defined(WOLFSSL_KERNEL_MODE)) || defined(__MACH__)
     #define DO_MEM_LIST
 #endif
 
diff --git a/wolfssl/wolfcrypt/memory.h b/wolfssl/wolfcrypt/memory.h
index fa8e5d02e..bb6265040 100644
--- a/wolfssl/wolfcrypt/memory.h
+++ b/wolfssl/wolfcrypt/memory.h
@@ -29,7 +29,7 @@
 #ifndef WOLFSSL_MEMORY_H
 #define WOLFSSL_MEMORY_H
 
-#if !defined(STRING_USER) && !defined(WOLFSSL_LINUXKM)
+#if !defined(STRING_USER) && !defined(NO_STDLIB_H)
 #include <stdlib.h>
 #endif
 
@@ -342,6 +342,10 @@ WOLFSSL_LOCAL void wc_MemZero_Add(const char* name, const void* addr,
 WOLFSSL_LOCAL void wc_MemZero_Check(void* addr, size_t len);
 #endif
 
+#ifndef WOLFSSL_NO_FORCE_ZERO
+WOLFSSL_API void wc_ForceZero(void *mem, size_t len);
+#endif
+
 #ifdef WC_DEBUG_CIPHER_LIFECYCLE
 WOLFSSL_LOCAL int wc_debug_CipherLifecycleInit(void **CipherLifecycleTag,
                                                void *heap);
diff --git a/wolfssl/wolfcrypt/misc.h b/wolfssl/wolfcrypt/misc.h
index 096f3dda0..5da53819e 100644
--- a/wolfssl/wolfcrypt/misc.h
+++ b/wolfssl/wolfcrypt/misc.h
@@ -67,7 +67,7 @@ WOLFSSL_LOCAL
 void xorbuf(void* buf, const void* mask, word32 count);
 
 WOLFSSL_LOCAL
-void ForceZero(void* mem, word32 len);
+void ForceZero(void* mem, size_t len);
 
 WOLFSSL_LOCAL
 int ConstantCompare(const byte* a, const byte* b, int length);
@@ -184,7 +184,7 @@ WOLFSSL_LOCAL w64wrapper w64Mul(word32 a, word32 b);
 
 /* Declarations for user defined functions */
 #ifdef WOLFSSL_NO_FORCE_ZERO
-void ForceZero(void* mem, word32 len);
+void ForceZero(void* mem, size_t len);
 #endif
 #ifdef WOLFSSL_NO_CONST_CMP
 int ConstantCompare(const byte* a, const byte* b, int length);
diff --git a/wolfssl/wolfcrypt/mlkem.h b/wolfssl/wolfcrypt/mlkem.h
index f4ad34eab..074cd8cd3 100644
--- a/wolfssl/wolfcrypt/mlkem.h
+++ b/wolfssl/wolfcrypt/mlkem.h
@@ -313,6 +313,9 @@ typedef struct MlKemKey MlKemKey;
     extern "C" {
 #endif
 
+WOLFSSL_API MlKemKey* wc_MlKemKey_New(int type, void* heap, int devId);
+WOLFSSL_API int  wc_MlKemKey_Delete(MlKemKey* key, MlKemKey** key_p);
+
 WOLFSSL_API int wc_MlKemKey_Init(MlKemKey* key, int type, void* heap,
     int devId);
 WOLFSSL_API int wc_MlKemKey_Free(MlKemKey* key);
diff --git a/wolfssl/wolfcrypt/oid_sum.h b/wolfssl/wolfcrypt/oid_sum.h
index 2c6eadc02..d2663c00c 100644
--- a/wolfssl/wolfcrypt/oid_sum.h
+++ b/wolfssl/wolfcrypt/oid_sum.h
@@ -26,6 +26,10 @@
 #ifndef WOLF_CRYPT_OID_SUM_H
 #define WOLF_CRYPT_OID_SUM_H
 
+/* Note for some CPUs smaller than 32 bit, the upper 16 bits of new OID
+ * values may be ignored. If collisions are encountered, consider WC_16BIT_CPU
+ * and/or WOLFSSL_OLD_OID_SUM to force smaller, old OID values. */
+
 enum Hash_Sum {
 #ifdef WOLFSSL_OLD_OID_SUM
     /* 0x2a,0x86,0x48,0x86,0xf7,0x0d,0x02,0x02  */
diff --git a/wolfssl/wolfcrypt/pkcs7.h b/wolfssl/wolfcrypt/pkcs7.h
index 011fec9a3..b65c442c6 100644
--- a/wolfssl/wolfcrypt/pkcs7.h
+++ b/wolfssl/wolfcrypt/pkcs7.h
@@ -213,6 +213,8 @@ typedef int (*CallbackWrapCEK)(wc_PKCS7* pkcs7, byte* cek, word32 cekSz,
                                   byte* originKey, word32 originKeySz,
                                   byte* out, word32 outSz,
                                   int keyWrapAlgo, int type, int dir);
+typedef int (*CallbackAESKeyWrapUnwrap)(const byte* key, word32 keySz,
+        const byte* in, word32 inSz, int wrap, byte* out, word32 outSz);
 
 /* Callbacks for supporting different stream cases */
 typedef int (*CallbackGetContent)(wc_PKCS7* pkcs7, byte** content, void* ctx);
@@ -371,6 +373,8 @@ struct wc_PKCS7 {
     } decryptKey;
 #endif
 
+    CallbackAESKeyWrapUnwrap aesKeyWrapUnwrapCb;
+
     /* !! NEW DATA MEMBERS MUST BE ADDED AT END !! */
 };
 
@@ -498,6 +502,8 @@ WOLFSSL_API int  wc_PKCS7_AddRecipient_ORI(wc_PKCS7* pkcs7, CallbackOriEncrypt c
                                            int options);
 WOLFSSL_API int  wc_PKCS7_SetWrapCEKCb(wc_PKCS7* pkcs7,
         CallbackWrapCEK wrapCEKCb);
+WOLFSSL_API int  wc_PKCS7_SetAESKeyWrapUnwrapCb(wc_PKCS7* pkcs7,
+        CallbackAESKeyWrapUnwrap aesKeyWrapUnwrapCb);
 
 #if defined(HAVE_PKCS7_RSA_RAW_SIGN_CALLBACK) && !defined(NO_RSA)
 WOLFSSL_API int  wc_PKCS7_SetRsaSignRawDigestCb(wc_PKCS7* pkcs7,
@@ -510,6 +516,8 @@ WOLFSSL_API int  wc_PKCS7_EncodeEnvelopedData(wc_PKCS7* pkcs7,
 WOLFSSL_API int  wc_PKCS7_DecodeEnvelopedData(wc_PKCS7* pkcs7, byte* pkiMsg,
                                           word32 pkiMsgSz, byte* output,
                                           word32 outputSz);
+WOLFSSL_API int wc_PKCS7_GetEnvelopedDataKariRid(const byte * in, word32 inSz,
+        byte * out, word32 * outSz);
 
 /* CMS/PKCS#7 AuthEnvelopedData */
 WOLFSSL_API int  wc_PKCS7_EncodeAuthEnvelopedData(wc_PKCS7* pkcs7,
@@ -552,10 +560,18 @@ WOLFSSL_API int wc_PKCS7_DecodeCompressedData(wc_PKCS7* pkcs7, byte* pkiMsg,
                                               word32 outputSz);
 #endif /* HAVE_LIBZ && !NO_PKCS7_COMPRESSED_DATA */
 
+WOLFSSL_API int wc_PKCS7_DecodeSymmetricKeyPackageAttribute(const byte * skp,
+        word32 skpSz, size_t index, const byte ** attr, word32 * attrSz);
+WOLFSSL_API int wc_PKCS7_DecodeSymmetricKeyPackageKey(const byte * skp,
+        word32 skpSz, size_t index, const byte ** key, word32 * keySz);
+WOLFSSL_API int wc_PKCS7_DecodeOneSymmetricKeyAttribute(const byte * osk,
+        word32 oskSz, size_t index, const byte ** attr, word32 * attrSz);
+WOLFSSL_API int wc_PKCS7_DecodeOneSymmetricKeyKey(const byte * osk,
+        word32 oskSz, const byte ** key, word32 * keySz);
+
 #ifdef __cplusplus
     } /* extern "C" */
 #endif
 
 #endif /* HAVE_PKCS7 */
 #endif /* WOLF_CRYPT_PKCS7_H */
-
diff --git a/wolfssl/wolfcrypt/port/Espressif/esp-sdk-lib.h b/wolfssl/wolfcrypt/port/Espressif/esp-sdk-lib.h
index 829e9b168..977a95902 100644
--- a/wolfssl/wolfcrypt/port/Espressif/esp-sdk-lib.h
+++ b/wolfssl/wolfcrypt/port/Espressif/esp-sdk-lib.h
@@ -212,8 +212,23 @@ WOLFSSL_LOCAL esp_err_t esp_sdk_wifi_show_ip(void);
 * Debug helpers
 ******************************************************************************/
 WOLFSSL_LOCAL esp_err_t sdk_init_meminfo(void);
+
+#if defined(DEBUG_WOLFSSL_MALLOC) || defined(DEBUG_WOLFSSL)
 WOLFSSL_LOCAL void* wc_debug_pvPortMalloc(size_t size,
                                 const char* file, int line, const char* fname);
+WOLFSSL_LOCAL void wc_debug_pvPortFree(void *ptr,
+                                const char* file, int line, const char* fname);
+#ifndef WOLFSSL_NO_REALLOC
+WOLFSSL_LOCAL void* wc_debug_pvPortRealloc(void* ptr, size_t size,
+                                const char* file, int line, const char* fname);
+#endif
+#else
+WOLFSSL_LOCAL void* wc_pvPortMalloc(size_t size);
+WOLFSSL_LOCAL void wc_pvPortFree(void *ptr);
+#ifndef WOLFSSL_NO_REALLOC
+WOLFSSL_LOCAL void* wc_pvPortRealloc(void* ptr, size_t size);
+#endif
+#endif /*DEBUG_WOLFSSL_MALLOC || DEBUG_WOLFSSL */
 
 #ifdef __cplusplus
 } /* extern "C" */
diff --git a/wolfssl/wolfcrypt/port/Renesas/renesas-fspsm-crypt.h b/wolfssl/wolfcrypt/port/Renesas/renesas-fspsm-crypt.h
index ea16de751..d8652adbc 100644
--- a/wolfssl/wolfcrypt/port/Renesas/renesas-fspsm-crypt.h
+++ b/wolfssl/wolfcrypt/port/Renesas/renesas-fspsm-crypt.h
@@ -21,7 +21,6 @@
 #ifndef __RENESAS_FSPSM_CRYPT_H__
 #define __RENESAS_FSPSM_CRYPT_H__
 
-
 #include <wolfssl/wolfcrypt/port/Renesas/renesas-fspsm-types.h>
 
 #ifdef __cplusplus
@@ -29,16 +28,9 @@ extern "C" {
 #endif
 
 #define WOLFSSL_FSPSM_ILLEGAL_CIPHERSUITE     -1
-#define MAX_FSPSM_CBINDEX 5
 
 typedef void* FSPSM_W_KEYVAR;
 
-/* flsgas related to TLS */
-struct FSPSM_tls_flg_ST {
-    uint8_t pk_key_set:1;
-    uint8_t session_key_set:1;
-};
-
 /* flags Crypt Only */
 struct FSPSM_key_flg_ST {
     uint8_t aes256_installedkey_set:1;
@@ -50,24 +42,11 @@ struct FSPSM_key_flg_ST {
     uint8_t message_type:1;/*message 0, hashed 1*/
 };
 
+typedef struct FSPSM_ST_Internal FSPSM_ST_Internal;
+
 typedef struct FSPSM_tag_ST {
     /* unique number for each session */
     int devId;
-   #if defined(WOLFSSL_RENESAS_FSPSM_TLS) && \
-        !defined(WOLFSSL_RENESAS_FSPSM_CRYPTONLY)
-    /* out from R_SCE_TLS_ServerKeyExchangeVerify */
-    uint32_t
-        encrypted_ephemeral_ecdh_public_key[FSPSM_TLS_ENCRYPTED_ECCPUBKEY_SZ];
-    /* out from R_SCE_TLS_ECC_secp256r1_EphemeralWrappedKeyPairGenerate */
-    sce_tls_p256_ecc_wrapped_key_t ecc_p256_wrapped_key;
-    uint8_t ecc_ecdh_public_key[HW_SCE_ECC_PUBLIC_KEY_BYTE_SIZE];
-
-    uint32_t    masterSecret[FSPSM_TLS_MASTERSECRET_SIZE/4];
-    uint8_t     clientRandom[FSPSM_TLS_CLIENTRANDOM_SZ];
-    uint8_t     serverRandom[FSPSM_TLS_SERVERRANDOM_SZ];
-    uint8_t     cipher;
-    uint8_t     side; /* for key set side */
-   #endif
 
     /* installed key handling */
     /* aes */
@@ -85,228 +64,27 @@ typedef struct FSPSM_tag_ST {
    #if defined(WOLFSSL_RENESAS_RSIP)
     uint8_t hash_type;
    #endif
-    /* key status flags */
-    /* flag whether encrypted ec key is set */
-    union {
-        uint8_t chr;
-        struct FSPSM_tls_flg_ST bits;
-    } keyflgs_tls;
+
     /* key status flags */
     /* flags shows status if wrapped keys are installed */
     union {
         uint8_t chr;
         struct FSPSM_key_flg_ST bits;
     } keyflgs_crypt;
+
+    FSPSM_ST_Internal* internal;
+
 } FSPSM_ST;
 
-typedef struct tagPKCbInfo {
-    FSPSM_ST    *user_PKCbInfo[MAX_FSPSM_CBINDEX];
-    uint32_t    num_session;
-} FSPSM_ST_PKC;
-
-#ifdef WOLFSSL_RENESAS_FSPSM_TLS
-typedef struct
-{
-    uint8_t                          *encrypted_provisioning_key;
-    uint8_t                          *iv;
-    uint8_t                          *encrypted_user_tls_key;
-    uint32_t                         encrypted_user_tls_key_type;
-    FSPSM_CACERT_PUB_WKEY            user_rsa2048_tls_wrappedkey;
-} fspsm_key_data;
-#endif
-
 struct WOLFSSL;
 struct WOLFSSL_CTX;
 struct ecc_key;
-
-WOLFSSL_LOCAL int     wc_fspsm_Open();
-WOLFSSL_LOCAL void    wc_fspsm_Close();
-WOLFSSL_LOCAL int     wc_fspsm_hw_lock();
-WOLFSSL_LOCAL void    wc_fspsm_hw_unlock( void );
-WOLFSSL_LOCAL int     wc_fspsm_usable(const struct WOLFSSL *ssl,
-                                    uint8_t session_key_generated);
-
-typedef struct {
-    FSPSM_AES_PWKEY   wrapped_key;
-    word32           keySize;
-#ifdef WOLFSSL_RENESAS_FSPSM_TLS
-    byte             setup;
-#endif
-} FSPSM_AES_CTX;
-
+struct wc_CryptoInfo;
 struct Aes;
-WOLFSSL_LOCAL void wc_fspsm_Aesfree(struct Aes* aes);
-WOLFSSL_LOCAL int wc_fspsm_AesCbcEncrypt(struct Aes* aes, byte* out,
-                        const byte* in, word32 sz);
-WOLFSSL_LOCAL int wc_fspsm_AesCbcDecrypt(struct Aes* aes, byte* out,
-                        const byte* in, word32 sz);
 
-WOLFSSL_LOCAL int  wc_fspsm_AesGcmEncrypt(struct Aes* aes, byte* out,
-                          const byte* in, word32 sz,
-                          byte* iv, word32 ivSz,
-                          byte* authTag, word32 authTagSz,
-                          const byte* authIn, word32 authInSz,
-                          void* ctx);
-
-WOLFSSL_LOCAL int  wc_fspsm_AesGcmDecrypt(struct Aes* aes, byte* out,
-                          const byte* in, word32 sz,
-                          const byte* iv, word32 ivSz,
-                          const byte* authTag, word32 authTagSz,
-                          const byte* authIn, word32 authInSz,
-                          void* ctx);
-
-#if (!defined(NO_SHA) || !defined(NO_SHA256) || defined(WOLFSSL_SH224) || \
-    defined(WOLFSSL_SHA384) || defined(WOLFSSL_SHA512)) && \
-    !defined(NO_WOLFSSL_RENESAS_FSPSM_HASH)
-
-typedef enum {
-#if defined(WOLFSSL_RENESAS_SCEPROTECT)
-    FSPSM_SHA256 = 1,
-#elif defined(WOLFSSL_RENESAS_RSIP)
-    FSPSM_SHA1 = RSIP_HASH_TYPE_SHA1,
-    FSPSM_SHA224 = RSIP_HASH_TYPE_SHA224,
-    FSPSM_SHA256 = RSIP_HASH_TYPE_SHA256,
-    FSPSM_SHA384 = RSIP_HASH_TYPE_SHA384,
-    FSPSM_SHA512 = RSIP_HASH_TYPE_SHA512,
-    FSPSM_SHA512_224 = RSIP_HASH_TYPE_SHA512_224,
-    FSPSM_SHA512_256 = RSIP_HASH_TYPE_SHA512_256,
-#endif
-} FSPSM_SHA_TYPE;
-
-typedef struct {
-    void*  heap;
-    word32 sha_type;
-#if defined(WOLFSSL_RENESAS_SCEPROTECT)
-    word32 used;
-    word32 len;
-    byte*  msg;
-#endif
-#if defined(WOLFSSL_RENESAS_RSIP)
-    FSPSM_SHA_HANDLE handle;
-#endif
-#if defined(WOLF_CRYPTO_CB)
-    word32 flags;
-    int devId;
-#endif
-} wolfssl_FSPSM_Hash;
-
-/* RAW hash function APIs are not implemented with SCE */
-#undef  WOLFSSL_NO_HASH_RAW
-#define WOLFSSL_NO_HASH_RAW
-
-#if !defined(NO_SHA) && defined(WOLFSSL_RENESAS_RSIP)
-    typedef wolfssl_FSPSM_Hash wc_Sha;
-#endif
-
-#if defined(WOLFSSL_SHA224) && defined(WOLFSSL_RENESAS_RSIP)
-    typedef wolfssl_FSPSM_Hash wc_Sha224;
-    #define WC_SHA224_TYPE_DEFINED
-#endif
-
-#if !defined(NO_SHA256) && \
-    (defined(WOLFSSL_RENESAS_SCEPROTECT) || defined(WOLFSSL_RENESAS_RSIP))
-    typedef wolfssl_FSPSM_Hash wc_Sha256;
-#endif
-
-#if defined(WOLFSSL_SHA384) && defined(WOLFSSL_RENESAS_RSIP)
-    typedef wolfssl_FSPSM_Hash wc_Sha384;
-    #define WC_SHA384_TYPE_DEFINED
-#endif
-
-#if defined(WOLFSSL_SHA512) && defined(WOLFSSL_RENESAS_RSIP)
-    typedef wolfssl_FSPSM_Hash wc_Sha512;
-    typedef wolfssl_FSPSM_Hash wc_Sha512_224;
-    typedef wolfssl_FSPSM_Hash wc_Sha512_256;
-    #define WC_SHA512_TYPE_DEFINED
-#endif
-
-#endif /* NO_SHA */
 
 #if defined(WOLFSSL_RENESAS_FSPSM_TLS) && \
         !defined(WOLFSSL_RENESAS_FSPSM_CRYPT_ONLY)
-
-WOLFSSL_LOCAL int     wc_fspsm_tls_RootCertVerify(
-            const   uint8_t* cert,         uint32_t cert_len,
-            uint32_t  key_n_start,        uint32_t key_n_len,
-            uint32_t  key_e_start,        uint32_t key_e_len,
-            uint32_t  cm_row);
-
-WOLFSSL_LOCAL int     wc_sce_tls_CertVerify(
-            const   uint8_t* cert,         uint32_t certSz,
-            const   uint8_t* signature,    uint32_t sigSz,
-            uint32_t  key_n_start,        uint32_t key_n_len,
-            uint32_t  key_e_start,        uint32_t key_e_len,
-            uint8_t*   sce_encRsaKeyIdx);
-
-
-WOLFSSL_LOCAL int     wc_fspsm_generatePremasterSecret(
-            uint8_t*   premaster,
-            uint32_t  preSz);
-
-WOLFSSL_LOCAL int     wc_fspsm_generateEncryptPreMasterSecret(
-            struct WOLFSSL* ssl,
-            uint8_t*           out,
-            uint32_t*         outSz);
-
-WOLFSSL_LOCAL int     wc_fspsm_Sha256GenerateHmac(
-            const struct WOLFSSL *ssl,
-            const uint8_t* myInner,
-            uint32_t      innerSz,
-            const uint8_t* in,
-            uint32_t      sz,
-            uint8_t*       digest);
-
-WOLFSSL_LOCAL int wc_fspsm_Sha256VerifyHmac(
-        const struct WOLFSSL *ssl,
-        const uint8_t* message,
-        uint32_t      messageSz,
-        uint32_t      macSz,
-        uint32_t      content);
-
-WOLFSSL_LOCAL int wc_fspsm_storeKeyCtx(
-        struct WOLFSSL* ssl,
-        FSPSM_ST* info);
-
-WOLFSSL_LOCAL int wc_fspsm_generateVerifyData(
-        const uint8_t*  ms, /* master secret */
-        const uint8_t*  side,
-        const uint8_t*  handshake_hash,
-        uint8_t*        hashes /* out */);
-
-WOLFSSL_LOCAL int wc_fspsm_generateSessionKey(
-        struct WOLFSSL*   ssl,
-        FSPSM_ST* cbInfo,
-        int               devId);
-
-WOLFSSL_LOCAL int wc_fspsm_generateMasterSecret(
-        uint8_t        cipherSuiteFirst,
-        uint8_t        cipherSuite,
-        const uint8_t *pr, /* pre-master    */
-        const uint8_t *cr, /* client random */
-        const uint8_t *sr, /* server random */
-        uint8_t *ms);
-
-WOLFSSL_LOCAL int wc_fspsm_RsaVerifyTLS(struct WOLFSSL* ssl, byte* sig,
-                        uint32_t sigSz, uint8_t** out,
-                        const byte* key, uint32_t keySz, void* ctx);
-WOLFSSL_LOCAL int wc_fspsm_EccVerifyTLS(struct WOLFSSL* ssl,
-                        const uint8_t* sig, uint32_t sigSz,
-                        const uint8_t* hash, uint32_t hashSz,
-                        const uint8_t* key, uint32_t keySz,
-                        int* result, void* ctx);
-WOLFSSL_LOCAL int wc_fspsm_tls_CertVerify(
-        const uint8_t* cert,       uint32_t certSz,
-        const uint8_t* signature,  uint32_t sigSz,
-        uint32_t      key_n_start,uint32_t key_n_len,
-        uint32_t      key_e_start,uint32_t key_e_len,
-        uint8_t*      fspsm_encPublickey);
-
-/* Callback for EccShareSecret */
-WOLFSSL_LOCAL int fspsm_EccSharedSecret(struct WOLFSSL* ssl,
-            struct ecc_key* otherKey,
-            uint8_t* pubKeyDer, unsigned int* pubKeySz,
-            uint8_t* out, unsigned int* outlen, int side, void* ctx);
-
 /* user API */
 WOLFSSL_API void FSPSM_INFORM_FUNC(
     uint8_t*     encrypted_provisioning_key,
@@ -318,28 +96,7 @@ WOLFSSL_API void FSPSM_CALLBACK_FUNC(struct WOLFSSL_CTX* ctx);
 WOLFSSL_API int  FSPSM_CALLBACK_CTX_FUNC(struct WOLFSSL* ssl, void* user_ctx);
 WOLFSSL_API void FSPSM_INFORM_CERT_SIGN(const uint8_t *sign);
 
-
 #endif  /* WOLFSSL_RENESAS_FSPSM_TLS &&
          * !WOLFSSL_RENESAS_FSPSM_CRYPT_ONLY */
 
-typedef struct FSPSM_RSA_CTX {
-    FSPSM_RSA1024_WPI_KEY *wrapped_pri1024_key;
-    FSPSM_RSA1024_WPB_KEY *wrapped_pub1024_key;
-    FSPSM_RSA2048_WPI_KEY *wrapped_pri2048_key;
-    FSPSM_RSA2048_WPB_KEY *wrapped_pub2048_key;
-    word32 keySz;
-} FSPSM_RSA_CTX;
-
-/* rsa */
-struct RsaKey;
-struct WC_RNG;
-WOLFSSL_LOCAL void wc_fspsm_RsaKeyFree(struct RsaKey *key);
-WOLFSSL_LOCAL int  wc_fspsm_RsaFunction(const byte* in, word32 inLen, byte* out,
-  word32 *outLen, int type, struct RsaKey* key, struct WC_RNG* rng);
-WOLFSSL_LOCAL int  wc_fspsm_MakeRsaKey(struct RsaKey* key, int size, void* ctx);
-WOLFSSL_LOCAL int  wc_fspsm_RsaSign(const byte* in, word32 inLen, byte* out,
-                    word32* outLen, struct RsaKey* key, void* ctx);
-WOLFSSL_LOCAL int  wc_fspsm_RsaVerify(const byte* in, word32 inLen, byte* out,
-                    word32* outLen,struct RsaKey* key, void* ctx);
-WOLFSSL_LOCAL int  wc_fspsm_GenerateRandBlock(byte* output, word32 size);
 #endif  /* __RENESAS_FSPSM_CRYPT_H__ */
diff --git a/wolfssl/wolfcrypt/port/Renesas/renesas-fspsm-types.h b/wolfssl/wolfcrypt/port/Renesas/renesas-fspsm-types.h
index 01f15d951..f7d57361d 100644
--- a/wolfssl/wolfcrypt/port/Renesas/renesas-fspsm-types.h
+++ b/wolfssl/wolfcrypt/port/Renesas/renesas-fspsm-types.h
@@ -34,6 +34,7 @@
     #define FSPSM_key_flg_ST        sce_keyflgs_crypt
     #define FSPSM_tag_ST            tagUser_SCEPKCbInfo
     #define FSPSM_ST                User_SCEPKCbInfo
+    #define FSPSM_ST_Internal       FSPSM_ST_Internal
     #define FSPSM_ST_PKC            SCE_PKCbInfo
 
     /* map SCE API to macro */
@@ -167,28 +168,38 @@
 #elif defined(WOLFSSL_RENESAS_RSIP)
 
     #include "r_rsip.h"
-
+   #if (WOLFSSL_RENESAS_RZFSP_VER >= 200)
+    #include "r_rsip_api.h"
+   #endif
     /* structure, type so on */
     #define FSPSM_W_KEYVAR          renesas_rsip_wrappedkey
     #define FSPSM_tls_flg_ST        rsip_keyflgs_tls
     #define FSPSM_key_flg_ST        rsip_keyflgs_crypt
     #define FSPSM_tag_ST            tagUser_RSIPPKCbInfo
     #define FSPSM_ST                User_RSIPPKCbInfo
+    #define FSPSM_ST_Internal       FSPSM_ST_Internal
     #define FSPSM_ST_PKC            RSIP_PKCbInfo
     #define FSPSM_KEY_TYPE          rsip_key_type_t
 
     #define FSPSM_INSTANCE          rsip_instance_ctrl_t
-    #define gFSPSM_ctrl             rsip_ctrl
     #define FSPSM_CONFIG            rsip_cfg_t
+   #if (WOLFSSL_RENESAS_RZFSP_VER >= 220)
+    #define gFSPSM_ctrl             g_rsip_ctrl
+    #define gFSPSM_cfg              g_rsip_cfg
+   #else
+    #define gFSPSM_ctrl             rsip_ctrl
     #define gFSPSM_cfg              rsip_cfg
+   #endif
     #define H_INSTANCE              gFSPSM_ctrl
     #define FSPSM_OPEN              R_RSIP_Open
     #define FSPSM_CLOSE             R_RSIP_Close
 
     /* rnd generation func */
-    #define R_RANDOM_GEN(b)         R_RSIP_RandomNumberGenerate(&gFSPSM_ctrl,b)
+    #define R_RANDOM_GEN(b) \
+        R_RSIP_RandomNumberGenerate(&gFSPSM_ctrl, (uint8_t* const)b)
     /* sha 1*/
     #define FSPSM_SHA_HANDLE        rsip_sha_handle_t
+
     #define FSPSM_SHA1_Init         _R_RSIP_SHA1_GenerateInit
     #define FSPSM_SHA1_Up           _R_RSIP_SHA_GenerateUpdate
     #define FSPSM_SHA1_Final        _R_RSIP_SHA_GenerateFinal
diff --git a/wolfssl/wolfcrypt/port/Renesas/renesas-tsip-crypt.h b/wolfssl/wolfcrypt/port/Renesas/renesas-tsip-crypt.h
index ed9930a06..a0e3f7de2 100644
--- a/wolfssl/wolfcrypt/port/Renesas/renesas-tsip-crypt.h
+++ b/wolfssl/wolfcrypt/port/Renesas/renesas-tsip-crypt.h
@@ -148,6 +148,7 @@ struct tsip_keyflgs_crypt {
 };
 #endif
 
+typedef struct TsipUserCtx_Internal TsipUserCtx_Internal;
 /*
  * TsipUserCtx holds mainly keys used for TLS handshake in TSIP specific format.
  */
@@ -155,150 +156,7 @@ typedef struct TsipUserCtx {
     /* unique number for each session */
     int devId;
 
-    /* client key pair wrapped by provisioning key */
-    byte*                                              wrappedPrivateKey;
-    byte*                                              wrappedPublicKey;
-
-    int                                                wrappedKeyType;
-
-#ifdef WOLFSSL_RENESAS_TSIP_TLS
-    /* 0:working as a TLS client, 1: as a server */
-    byte                    side;
-    /* ENCRYPT_SIDE_ONLY:1 DECRYPT_SIDE_ONLY:2 ENCRYPT AND DECRYPT:3 */
-    byte                    key_side;
-    /* public key index for verification of RootCA cert */
-    uint32_t                user_key_id;
-
-    /* WOLFSSL object associated with */
-    struct WOLFSSL*         ssl;
-    struct WOLFSSL_CTX*     ctx;
-
-    /* HEAP_HINT */
-    void*                   heap;
-
-    /* TLSv1.3 handshake related members, mainly keys */
-
-    /* handle is used as work area for Tls13 handshake */
-    tsip_tls13_handle_t                                handle13;
-
-#if !defined(NO_RSA)
-    /* RSA-2048bit private and public key-index for client authentication */
-    tsip_rsa2048_private_key_index_t                   Rsa2048PrivateKeyIdx;
-    tsip_rsa2048_public_key_index_t                    Rsa2048PublicKeyIdx;
-#endif /* !NO_RSA */
-#if defined(HAVE_ECC)
-    /* ECC private and public key-index for client authentication */
-    tsip_ecc_private_key_index_t                       EcdsaPrivateKeyIdx;
-    tsip_ecc_public_key_index_t                        EcdsaPublicKeyIdx;
-#endif /* HAVE_ECC */
-
-    /* ECDHE private key index for Tls13 handshake */
-    tsip_tls_p256_ecc_key_index_t                      EcdhPrivKey13Idx;
-
-    /* ECDHE pre-master secret */
-    tsip_tls13_ephemeral_shared_secret_key_index_t     sharedSecret13Idx;
-
-    /* Handshake secret for Tls13 handshake */
-    tsip_tls13_ephemeral_handshake_secret_key_index_t  handshakeSecret13Idx;
-
-    /* the key to decrypt server-finished message */
-    tsip_tls13_ephemeral_server_finished_key_index_t   serverFinished13Idx;
-
-    /* key for Sha256-Hmac to gen "Client Finished" */
-    tsip_hmac_sha_key_index_t                          clientFinished13Idx;
-
-    /* AES decryption key for handshake */
-    tsip_aes_key_index_t                               serverWriteKey13Idx;
-
-    /* AES encryption key for handshake */
-    tsip_aes_key_index_t                               clientWriteKey13Idx;
-
-    /* Handshake verified data used for master secret */
-    word32                          verifyData13Idx[TSIP_TLS_VERIFY_DATA_WD_SZ];
-
-    /* master secret for TLS1.3 */
-    tsip_tls13_ephemeral_master_secret_key_index_t     masterSecret13Idx;
-
-    /* server app traffic secret */
-    tsip_tls13_ephemeral_app_secret_key_index_t        serverAppTraffic13Secret;
-
-    /* client app traffic secret */
-    tsip_tls13_ephemeral_app_secret_key_index_t        clientAppTraffic13Secret;
-
-    /* server write key */
-    tsip_aes_key_index_t                               serverAppWriteKey13Idx;
-
-    /* client write key */
-    tsip_aes_key_index_t                               clientAppWriteKey13Idx;
-
-    /* hash handle for transcript hash of handshake messages */
-    tsip_hmac_sha_handle_t                             hmacFinished13Handle;
-
-    /* storage for handshake messages */
-    MsgBag                                             messageBag;
-
-    /* signature data area for TLS1.3 CertificateVerify message  */
-    byte                             sigDataCertVerify[TSIP_TLS_MAX_SIGDATA_SZ];
-
-#if (WOLFSSL_RENESAS_TSIP_VER >=109)
-    /* out from R_SCE_TLS_ServerKeyExchangeVerify */
-    uint32_t encrypted_ephemeral_ecdh_public_key[ENCRYPTED_ECDHE_PUBKEY_SZ];
-
-    /* ephemeral ECDH pubkey index
-     * got from R_TSIP_GenerateTlsP256EccKeyIndex.
-     * Input to R_TSIP_TlsGeneratePreMasterSecretWithEccP256Key.
-     */
-    tsip_tls_p256_ecc_key_index_t ecc_p256_wrapped_key;
-
-    /* ephemeral ECDH pub-key Qx(256bit)||Qy(256bit)
-     * got from  R_TSIP_GenerateTlsP256EccKeyIndex.
-     * Should be sent to peer(server) in Client Key Exchange msg.
-     */
-    uint8_t ecc_ecdh_public_key[ECCP256_PUBKEY_SZ];
-#endif /* WOLFSSL_RENESAS_TSIP_VER >=109 */
-
-    /* info to generate session key */
-    uint32_t    tsip_masterSecret[TSIP_TLS_MASTERSECRET_SIZE/4];
-    uint8_t     tsip_clientRandom[TSIP_TLS_CLIENTRANDOM_SZ];
-    uint8_t     tsip_serverRandom[TSIP_TLS_SERVERRANDOM_SZ];
-
-    /* TSIP defined cipher suite number */
-    uint32_t    tsip_cipher;
-
-    /* flags */
-#if !defined(NO_RSA)
-    uint8_t ClientRsa2048PrivKey_set:1;
-    uint8_t ClientRsa2048PubKey_set:1;
-#endif
-#if defined(HAVE_ECC)
-    uint8_t ClientEccPrivKey_set:1;
-    uint8_t ClientEccPubKey_set:1;
-#endif
-
-    uint8_t HmacInitialized:1;
-    uint8_t RootCAverified:1;
-    uint8_t EcdsaPrivKey_set:1;
-    uint8_t Dhe_key_set:1;
-    uint8_t SharedSecret_set:1;
-    uint8_t EarlySecret_set:1;
-    uint8_t HandshakeSecret_set:1;
-    uint8_t HandshakeClientTrafficKey_set:1;
-    uint8_t HandshakeServerTrafficKey_set:1;
-    uint8_t HandshakeVerifiedData_set:1;
-    uint8_t MasterSecret_set:1;
-    uint8_t ServerTrafficSecret_set:1;
-    uint8_t ClientTrafficSecret_set:1;
-    uint8_t ServerWriteTrafficKey_set:1;
-    uint8_t ClientWriteTrafficKey_set:1;
-    uint8_t session_key_set:1;
-#endif /* WOLFSSL_RENESAS_TSIP_TLS */
-
-    /* installed key handling */
-    tsip_aes_key_index_t user_aes256_key_index;
-    uint8_t user_aes256_key_set:1;
-    tsip_aes_key_index_t user_aes128_key_index;
-    uint8_t user_aes128_key_set:1;
-
+    int wrappedKeyType;
 /* for tsip crypt only mode */
 #ifdef WOLFSSL_RENESAS_TSIP_CRYPTONLY
 #ifndef NO_RSA
@@ -330,17 +188,18 @@ typedef struct TsipUserCtx {
     } keyflgs_crypt;
 #endif /* WOLFSSL_RENESAS_TSIP_CRYPTONLY */
 
+    /* installed key handling */
+    tsip_aes_key_index_t user_aes256_key_index;
+    uint8_t user_aes256_key_set:1;
+    tsip_aes_key_index_t user_aes128_key_index;
+    uint8_t user_aes128_key_set:1;
+
+    TsipUserCtx_Internal* internal;
 } TsipUserCtx;
 
 typedef TsipUserCtx RenesasUserCtx;
 typedef TsipUserCtx user_PKCbInfo;
 
-typedef struct
-{
-    TsipUserCtx* userCtx;
-} TsipPKCbInfo;
-
-
 typedef struct
 {
 #if (WOLFSSL_RENESAS_TSIP_VER >=109)
diff --git a/wolfssl/wolfcrypt/port/Renesas/renesas_fspsm_internal.h b/wolfssl/wolfcrypt/port/Renesas/renesas_fspsm_internal.h
new file mode 100644
index 000000000..95b5f5982
--- /dev/null
+++ b/wolfssl/wolfcrypt/port/Renesas/renesas_fspsm_internal.h
@@ -0,0 +1,288 @@
+/* renesas_fspsm_internal.h
+ *
+ * Copyright (C) 2006-2025 wolfSSL Inc.
+ *
+ * This file is part of wolfSSL.
+ *
+ * wolfSSL is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * wolfSSL is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA
+ */
+
+#ifndef _RENESAS_FSPSM_INTERNAL_H_
+#define _RENESAS_FSPSM_INTERNAL_H_
+
+
+#include <wolfssl/wolfcrypt/port/Renesas/renesas-fspsm-crypt.h>
+
+/* Wrapped TLS FSP Key Set Flags */
+struct FSPSM_tls_flg_ST {
+    uint8_t pk_key_set:1;
+    uint8_t session_key_set:1;
+};
+
+struct FSPSM_ST_Internal {
+
+#if defined(WOLFSSL_RENESAS_FSPSM_TLS) && \
+        !defined(WOLFSSL_RENESAS_FSPSM_CRYPTONLY)
+    /* WOLFSSL object associated with */
+    struct WOLFSSL*         ssl;
+    struct WOLFSSL_CTX*     ctx;
+
+    /* HEAP_HINT */
+    void*                   heap;
+
+    /* out from R_SCE_TLS_ServerKeyExchangeVerify */
+    uint32_t
+        encrypted_ephemeral_ecdh_public_key[FSPSM_TLS_ENCRYPTED_ECCPUBKEY_SZ];
+    /* out from R_SCE_TLS_ECC_secp256r1_EphemeralWrappedKeyPairGenerate */
+    sce_tls_p256_ecc_wrapped_key_t ecc_p256_wrapped_key;
+    uint8_t ecc_ecdh_public_key[HW_SCE_ECC_PUBLIC_KEY_BYTE_SIZE];
+
+    uint32_t    masterSecret[FSPSM_TLS_MASTERSECRET_SIZE/4];
+    uint8_t     clientRandom[FSPSM_TLS_CLIENTRANDOM_SZ];
+    uint8_t     serverRandom[FSPSM_TLS_SERVERRANDOM_SZ];
+    uint8_t     cipher;
+    uint8_t     side; /* for key set side */
+#endif
+    /* key status flags */
+    /* flag whether encrypted ec key is set */
+    union {
+        uint8_t chr;
+        struct FSPSM_tls_flg_ST bits;
+    } keyflgs_tls;
+};
+
+#ifdef WOLFSSL_RENESAS_FSPSM_TLS
+typedef struct
+{
+    uint8_t                          *encrypted_provisioning_key;
+    uint8_t                          *iv;
+    uint8_t                          *encrypted_user_tls_key;
+    uint32_t                         encrypted_user_tls_key_type;
+    FSPSM_CACERT_PUB_WKEY            user_rsa2048_tls_wrappedkey;
+} fspsm_key_data;
+#endif
+
+typedef struct {
+    FSPSM_AES_PWKEY   wrapped_key;
+    word32           keySize;
+#ifdef WOLFSSL_RENESAS_FSPSM_TLS
+    byte             setup;
+#endif
+} FSPSM_AES_CTX;
+
+typedef struct FSPSM_RSA_CTX {
+    FSPSM_RSA1024_WPI_KEY *wrapped_pri1024_key;
+    FSPSM_RSA1024_WPB_KEY *wrapped_pub1024_key;
+    FSPSM_RSA2048_WPI_KEY *wrapped_pri2048_key;
+    FSPSM_RSA2048_WPB_KEY *wrapped_pub2048_key;
+    word32 keySz;
+} FSPSM_RSA_CTX;
+
+
+#if (!defined(NO_SHA) || !defined(NO_SHA256) || defined(WOLFSSL_SH224) || \
+    defined(WOLFSSL_SHA384) || defined(WOLFSSL_SHA512)) && \
+    !defined(NO_WOLFSSL_RENESAS_FSPSM_HASH)
+
+typedef struct {
+    void*  heap;
+    word32 sha_type;
+#if defined(WOLFSSL_RENESAS_SCEPROTECT) || \
+    (defined(WOLFSSL_RENESAS_RSIP) && (WOLFSSL_RENESAS_RZFSP_VER >= 220))
+    word32 used;
+    word32 len;
+    byte*  msg;
+#endif
+#if defined(WOLFSSL_RENESAS_RSIP)
+    FSPSM_SHA_HANDLE handle;
+#endif
+#if defined(WOLF_CRYPTO_CB)
+    word32 flags;
+    int devId;
+#endif
+}wolfssl_FSPSM_Hash;
+
+typedef enum {
+#if defined(WOLFSSL_RENESAS_SCEPROTECT)
+    FSPSM_SHA256 = 1,
+#elif defined(WOLFSSL_RENESAS_RSIP)
+    FSPSM_SHA1 = RSIP_HASH_TYPE_SHA1,
+    FSPSM_SHA224 = RSIP_HASH_TYPE_SHA224,
+    FSPSM_SHA256 = RSIP_HASH_TYPE_SHA256,
+    FSPSM_SHA384 = RSIP_HASH_TYPE_SHA384,
+    FSPSM_SHA512 = RSIP_HASH_TYPE_SHA512,
+    FSPSM_SHA512_224 = RSIP_HASH_TYPE_SHA512_224,
+    FSPSM_SHA512_256 = RSIP_HASH_TYPE_SHA512_256,
+#endif
+} FSPSM_SHA_TYPE;
+
+/* RAW hash function APIs are not implemented with SCE */
+#undef  WOLFSSL_NO_HASH_RAW
+#define WOLFSSL_NO_HASH_RAW
+
+#if !defined(NO_SHA) && defined(WOLFSSL_RENESAS_RSIP)
+    typedef wolfssl_FSPSM_Hash wc_Sha;
+#endif
+
+#if defined(WOLFSSL_SHA224) && defined(WOLFSSL_RENESAS_RSIP)
+    typedef wolfssl_FSPSM_Hash wc_Sha224;
+    #define WC_SHA224_TYPE_DEFINED
+#endif
+
+#if !defined(NO_SHA256) && \
+    (defined(WOLFSSL_RENESAS_SCEPROTECT) || defined(WOLFSSL_RENESAS_RSIP))
+    typedef wolfssl_FSPSM_Hash wc_Sha256;
+#endif
+
+#if defined(WOLFSSL_SHA384) && defined(WOLFSSL_RENESAS_RSIP)
+    typedef wolfssl_FSPSM_Hash wc_Sha384;
+    #define WC_SHA384_TYPE_DEFINED
+#endif
+
+#if defined(WOLFSSL_SHA512) && defined(WOLFSSL_RENESAS_RSIP)
+    typedef wolfssl_FSPSM_Hash wc_Sha512;
+    typedef wolfssl_FSPSM_Hash wc_Sha512_224;
+    typedef wolfssl_FSPSM_Hash wc_Sha512_256;
+    #define WC_SHA512_TYPE_DEFINED
+#endif
+
+#endif /* NO_SHA */
+
+struct WOLFSSL;
+struct Aes;
+WOLFSSL_LOCAL int wc_fspsm_TlsCleanup(struct WOLFSSL* ssl);
+WOLFSSL_LOCAL int     wc_fspsm_Open();
+WOLFSSL_LOCAL void    wc_fspsm_Close();
+WOLFSSL_LOCAL int     wc_fspsm_hw_lock();
+WOLFSSL_LOCAL void    wc_fspsm_hw_unlock( void );
+WOLFSSL_LOCAL int     wc_fspsm_usable(const struct WOLFSSL *ssl,
+                                    uint8_t session_key_generated);
+WOLFSSL_LOCAL void wc_fspsm_Aesfree(struct Aes* aes);
+WOLFSSL_LOCAL int wc_fspsm_AesCbcEncrypt(struct Aes* aes, byte* out,
+                        const byte* in, word32 sz);
+WOLFSSL_LOCAL int wc_fspsm_AesCbcDecrypt(struct Aes* aes, byte* out,
+                        const byte* in, word32 sz);
+
+WOLFSSL_LOCAL int  wc_fspsm_AesGcmEncrypt(struct Aes* aes, byte* out,
+                          const byte* in, word32 sz,
+                          byte* iv, word32 ivSz,
+                          byte* authTag, word32 authTagSz,
+                          const byte* authIn, word32 authInSz,
+                          void* ctx);
+
+WOLFSSL_LOCAL int  wc_fspsm_AesGcmDecrypt(struct Aes* aes, byte* out,
+                          const byte* in, word32 sz,
+                          const byte* iv, word32 ivSz,
+                          const byte* authTag, word32 authTagSz,
+                          const byte* authIn, word32 authInSz,
+                          void* ctx);
+
+WOLFSSL_LOCAL int wc_fspsm_AesCipher(int devIdArg, struct wc_CryptoInfo* info,
+                                                                    void* ctx);
+WOLFSSL_LOCAL int     wc_fspsm_tls_RootCertVerify(
+            const   uint8_t* cert,         uint32_t cert_len,
+            uint32_t  key_n_start,        uint32_t key_n_len,
+            uint32_t  key_e_start,        uint32_t key_e_len,
+            uint32_t  cm_row);
+
+WOLFSSL_LOCAL int     wc_sce_tls_CertVerify(
+            const   uint8_t* cert,         uint32_t certSz,
+            const   uint8_t* signature,    uint32_t sigSz,
+            uint32_t  key_n_start,        uint32_t key_n_len,
+            uint32_t  key_e_start,        uint32_t key_e_len,
+            uint8_t*   sce_encRsaKeyIdx);
+
+
+WOLFSSL_LOCAL int     wc_fspsm_generatePremasterSecret(
+            uint8_t*   premaster,
+            uint32_t  preSz);
+
+WOLFSSL_LOCAL int     wc_fspsm_generateEncryptPreMasterSecret(
+            struct WOLFSSL* ssl,
+            uint8_t*           out,
+            uint32_t*         outSz);
+
+WOLFSSL_LOCAL int     wc_fspsm_Sha256GenerateHmac(
+            const struct WOLFSSL *ssl,
+            const uint8_t* myInner,
+            uint32_t      innerSz,
+            const uint8_t* in,
+            uint32_t      sz,
+            uint8_t*       digest);
+
+WOLFSSL_LOCAL int wc_fspsm_Sha256VerifyHmac(
+        const struct WOLFSSL *ssl,
+        const uint8_t* message,
+        uint32_t      messageSz,
+        uint32_t      macSz,
+        uint32_t      content);
+
+WOLFSSL_LOCAL int wc_fspsm_storeKeyCtx(
+        struct WOLFSSL* ssl,
+        FSPSM_ST* info);
+
+WOLFSSL_LOCAL int wc_fspsm_generateVerifyData(
+        const uint8_t*  ms, /* master secret */
+        const uint8_t*  side,
+        const uint8_t*  handshake_hash,
+        uint8_t*        hashes /* out */);
+
+WOLFSSL_LOCAL int wc_fspsm_generateSessionKey(
+        struct WOLFSSL*   ssl,
+        FSPSM_ST* cbInfo,
+        int               devId);
+
+WOLFSSL_LOCAL int wc_fspsm_generateMasterSecret(
+        uint8_t        cipherSuiteFirst,
+        uint8_t        cipherSuite,
+        const uint8_t *pr, /* pre-master    */
+        const uint8_t *cr, /* client random */
+        const uint8_t *sr, /* server random */
+        uint8_t *ms);
+
+WOLFSSL_LOCAL int wc_fspsm_RsaVerifyTLS(struct WOLFSSL* ssl, byte* sig,
+                        uint32_t sigSz, uint8_t** out,
+                        const byte* key, uint32_t keySz, void* ctx);
+WOLFSSL_LOCAL int wc_fspsm_EccVerifyTLS(struct WOLFSSL* ssl,
+                        const uint8_t* sig, uint32_t sigSz,
+                        const uint8_t* hash, uint32_t hashSz,
+                        const uint8_t* key, uint32_t keySz,
+                        int* result, void* ctx);
+WOLFSSL_LOCAL int wc_fspsm_tls_CertVerify(
+        const uint8_t* cert,       uint32_t certSz,
+        const uint8_t* signature,  uint32_t sigSz,
+        uint32_t      key_n_start,uint32_t key_n_len,
+        uint32_t      key_e_start,uint32_t key_e_len,
+        uint8_t*      fspsm_encPublickey);
+
+/* Callback for EccShareSecret */
+WOLFSSL_LOCAL int fspsm_EccSharedSecret(struct WOLFSSL* ssl,
+            struct ecc_key* otherKey,
+            uint8_t* pubKeyDer, unsigned int* pubKeySz,
+            uint8_t* out, unsigned int* outlen, int side, void* ctx);
+/* rsa */
+struct RsaKey;
+struct WC_RNG;
+WOLFSSL_LOCAL void wc_fspsm_RsaKeyFree(struct RsaKey *key);
+WOLFSSL_LOCAL int  wc_fspsm_RsaFunction(const byte* in, word32 inLen, byte* out,
+  word32 *outLen, int type, struct RsaKey* key, struct WC_RNG* rng);
+WOLFSSL_LOCAL int  wc_fspsm_MakeRsaKey(struct RsaKey* key, int size, void* ctx);
+WOLFSSL_LOCAL int  wc_fspsm_RsaSign(const byte* in, word32 inLen, byte* out,
+                    word32* outLen, struct RsaKey* key, void* ctx);
+WOLFSSL_LOCAL int  wc_fspsm_RsaVerify(const byte* in, word32 inLen, byte* out,
+                    word32* outLen,struct RsaKey* key, void* ctx);
+WOLFSSL_LOCAL int  wc_fspsm_GenerateRandBlock(byte* output, word32 size);
+
+#endif /* RENESAS_FSPSM_INTERNAL_H */
+
diff --git a/wolfssl/wolfcrypt/port/Renesas/renesas_tsip_internal.h b/wolfssl/wolfcrypt/port/Renesas/renesas_tsip_internal.h
new file mode 100644
index 000000000..be306b0db
--- /dev/null
+++ b/wolfssl/wolfcrypt/port/Renesas/renesas_tsip_internal.h
@@ -0,0 +1,165 @@
+/* renesas_tsip_internal.h
+ *
+ * Copyright (C) 2006-2025 wolfSSL Inc.
+ *
+ * This file is part of wolfSSL.
+ *
+ * wolfSSL is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * wolfSSL is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA
+ */
+#ifndef _RENESAS_TSIP_INTERNAL_H_
+#define _RENESAS_TSIP_INTERNAL_H_
+
+#include "renesas-tsip-crypt.h"
+
+struct TsipUserCtx_Internal {
+    /* client key pair wrapped by provisioning key */
+    byte*                                              wrappedPrivateKey;
+    byte*                                              wrappedPublicKey;
+
+
+#ifdef WOLFSSL_RENESAS_TSIP_TLS
+    /* 0:working as a TLS client, 1: as a server */
+    byte                    side;
+    /* ENCRYPT_SIDE_ONLY:1 DECRYPT_SIDE_ONLY:2 ENCRYPT AND DECRYPT:3 */
+    byte                    key_side;
+    /* public key index for verification of RootCA cert */
+    uint32_t                user_key_id;
+
+    /* WOLFSSL object associated with */
+    struct WOLFSSL*         ssl;
+    struct WOLFSSL_CTX*     ctx;
+
+    /* HEAP_HINT */
+    void*                   heap;
+
+    /* TLSv1.3 handshake related members, mainly keys */
+
+    /* handle is used as work area for Tls13 handshake */
+    tsip_tls13_handle_t                                handle13;
+
+#if !defined(NO_RSA)
+    /* RSA-2048bit private and public key-index for client authentication */
+    tsip_rsa2048_private_key_index_t                   Rsa2048PrivateKeyIdx;
+    tsip_rsa2048_public_key_index_t                    Rsa2048PublicKeyIdx;
+#endif /* !NO_RSA */
+#if defined(HAVE_ECC)
+    /* ECC private and public key-index for client authentication */
+    tsip_ecc_private_key_index_t                       EcdsaPrivateKeyIdx;
+    tsip_ecc_public_key_index_t                        EcdsaPublicKeyIdx;
+#endif /* HAVE_ECC */
+
+    /* ECDHE private key index for Tls13 handshake */
+    tsip_tls_p256_ecc_key_index_t                      EcdhPrivKey13Idx;
+
+    /* ECDHE pre-master secret */
+    tsip_tls13_ephemeral_shared_secret_key_index_t     sharedSecret13Idx;
+
+    /* Handshake secret for Tls13 handshake */
+    tsip_tls13_ephemeral_handshake_secret_key_index_t  handshakeSecret13Idx;
+
+    /* the key to decrypt server-finished message */
+    tsip_tls13_ephemeral_server_finished_key_index_t   serverFinished13Idx;
+
+    /* key for Sha256-Hmac to gen "Client Finished" */
+    tsip_hmac_sha_key_index_t                          clientFinished13Idx;
+
+    /* AES decryption key for handshake */
+    tsip_aes_key_index_t                               serverWriteKey13Idx;
+
+    /* AES encryption key for handshake */
+    tsip_aes_key_index_t                               clientWriteKey13Idx;
+
+    /* Handshake verified data used for master secret */
+    word32                          verifyData13Idx[TSIP_TLS_VERIFY_DATA_WD_SZ];
+
+    /* master secret for TLS1.3 */
+    tsip_tls13_ephemeral_master_secret_key_index_t     masterSecret13Idx;
+
+    /* server app traffic secret */
+    tsip_tls13_ephemeral_app_secret_key_index_t        serverAppTraffic13Secret;
+
+    /* client app traffic secret */
+    tsip_tls13_ephemeral_app_secret_key_index_t        clientAppTraffic13Secret;
+
+    /* server write key */
+    tsip_aes_key_index_t                               serverAppWriteKey13Idx;
+
+    /* client write key */
+    tsip_aes_key_index_t                               clientAppWriteKey13Idx;
+
+    /* hash handle for transcript hash of handshake messages */
+    tsip_hmac_sha_handle_t                             hmacFinished13Handle;
+
+    /* storage for handshake messages */
+    MsgBag                                             messageBag;
+
+    /* signature data area for TLS1.3 CertificateVerify message  */
+    byte                             sigDataCertVerify[TSIP_TLS_MAX_SIGDATA_SZ];
+
+#if (WOLFSSL_RENESAS_TSIP_VER >=109)
+    /* out from R_SCE_TLS_ServerKeyExchangeVerify */
+    uint32_t encrypted_ephemeral_ecdh_public_key[ENCRYPTED_ECDHE_PUBKEY_SZ];
+
+    /* ephemeral ECDH pubkey index
+     * got from R_TSIP_GenerateTlsP256EccKeyIndex.
+     * Input to R_TSIP_TlsGeneratePreMasterSecretWithEccP256Key.
+     */
+    tsip_tls_p256_ecc_key_index_t ecc_p256_wrapped_key;
+
+    /* ephemeral ECDH pub-key Qx(256bit)||Qy(256bit)
+     * got from  R_TSIP_GenerateTlsP256EccKeyIndex.
+     * Should be sent to peer(server) in Client Key Exchange msg.
+     */
+    uint8_t ecc_ecdh_public_key[ECCP256_PUBKEY_SZ];
+#endif /* WOLFSSL_RENESAS_TSIP_VER >=109 */
+
+    /* info to generate session key */
+    uint32_t    tsip_masterSecret[TSIP_TLS_MASTERSECRET_SIZE/4];
+    uint8_t     tsip_clientRandom[TSIP_TLS_CLIENTRANDOM_SZ];
+    uint8_t     tsip_serverRandom[TSIP_TLS_SERVERRANDOM_SZ];
+
+    /* TSIP defined cipher suite number */
+    uint32_t    tsip_cipher;
+        /* flags */
+#if !defined(NO_RSA)
+    uint8_t ClientRsa2048PrivKey_set:1;
+    uint8_t ClientRsa2048PubKey_set:1;
+#endif
+#if defined(HAVE_ECC)
+    uint8_t ClientEccPrivKey_set:1;
+    uint8_t ClientEccPubKey_set:1;
+#endif
+
+    uint8_t HmacInitialized:1;
+    uint8_t RootCAverified:1;
+    uint8_t EcdsaPrivKey_set:1;
+    uint8_t Dhe_key_set:1;
+    uint8_t SharedSecret_set:1;
+    uint8_t EarlySecret_set:1;
+    uint8_t HandshakeSecret_set:1;
+    uint8_t HandshakeClientTrafficKey_set:1;
+    uint8_t HandshakeServerTrafficKey_set:1;
+    uint8_t HandshakeVerifiedData_set:1;
+    uint8_t MasterSecret_set:1;
+    uint8_t ServerTrafficSecret_set:1;
+    uint8_t ClientTrafficSecret_set:1;
+    uint8_t ServerWriteTrafficKey_set:1;
+    uint8_t ClientWriteTrafficKey_set:1;
+    uint8_t session_key_set:1;
+#endif /* WOLFSSL_RENESAS_TSIP_TLS */
+
+};
+
+#endif
diff --git a/wolfssl/wolfcrypt/port/st/stm32.h b/wolfssl/wolfcrypt/port/st/stm32.h
index ab47b660c..f1269f617 100644
--- a/wolfssl/wolfcrypt/port/st/stm32.h
+++ b/wolfssl/wolfcrypt/port/st/stm32.h
@@ -205,7 +205,8 @@ int  wc_Stm32_Hash_Final(STM32_HASH_Context* stmCtx, word32 algo,
 
     struct Aes;
     #ifdef WOLFSSL_STM32_CUBEMX
-        int wc_Stm32_Aes_Init(struct Aes* aes, CRYP_HandleTypeDef* hcryp);
+        int wc_Stm32_Aes_Init(struct Aes* aes, CRYP_HandleTypeDef* hcryp,
+                int useSAES);
         void wc_Stm32_Aes_Cleanup(void);
     #else /* Standard Peripheral Library */
         int wc_Stm32_Aes_Init(struct Aes* aes, CRYP_InitTypeDef* cryptInit,
@@ -216,6 +217,17 @@ int  wc_Stm32_Hash_Final(STM32_HASH_Context* stmCtx, word32 algo,
 
 #endif /* STM32_CRYPTO */
 
+#if defined(WOLFSSL_STM32U5_DHUK) && !defined(WOLFSSL_STM32U5_DHUK_DEVID)
+    #define WOLFSSL_STM32U5_DHUK_DEVID 808
+    #define WOLFSSL_STM32U5_SAES_DEVID 807
+    #define WOLFSSL_STM32U5_DHUK_WRAPPED_DEVID 809
+    int wc_Stm32_Aes_Wrap(struct Aes* aes, const byte* in, word32 inSz, byte* out,
+        word32* outSz, const byte* iv, int ivSz);
+    int wc_Stm32_Aes_UnWrap(struct Aes* aes, CRYP_HandleTypeDef* hcryp, const byte* in,
+        word32 inSz, const byte* iv, int ivSz);
+    int wc_Stm32_Aes_SetDHUK_IV(struct Aes* aes, const byte* iv, int ivSz);
+#endif
+
 #if defined(WOLFSSL_STM32_PKA) && defined(HAVE_ECC)
 struct ecc_key;
 struct WC_RNG;
diff --git a/wolfssl/wolfcrypt/pwdbased.h b/wolfssl/wolfcrypt/pwdbased.h
index efce73015..ee8daae58 100644
--- a/wolfssl/wolfcrypt/pwdbased.h
+++ b/wolfssl/wolfcrypt/pwdbased.h
@@ -49,16 +49,16 @@ WOLFSSL_API int wc_PBKDF1_ex(byte* key, int keyLen, byte* iv, int ivLen,
                       int hashType, void* heap);
 WOLFSSL_API int wc_PBKDF1(byte* output, const byte* passwd, int pLen,
                       const byte* salt, int sLen, int iterations, int kLen,
-                      int typeH);
+                      int hashType);
 WOLFSSL_API int wc_PBKDF2_ex(byte* output, const byte* passwd, int pLen,
                     const byte* salt, int sLen, int iterations, int kLen,
-                    int typeH, void* heap, int devId);
+                    int hashType, void* heap, int devId);
 WOLFSSL_API int wc_PBKDF2(byte* output, const byte* passwd, int pLen,
                       const byte* salt, int sLen, int iterations, int kLen,
-                      int typeH);
-WOLFSSL_API int wc_PKCS12_PBKDF(byte* output, const byte* passwd, int pLen,
-                            const byte* salt, int sLen, int iterations,
-                            int kLen, int typeH, int purpose);
+                      int hashType);
+WOLFSSL_API int wc_PKCS12_PBKDF(byte* output, const byte* passwd, int passLen,
+                            const byte* salt, int saltLen, int iterations,
+                            int kLen, int hashType, int id);
 WOLFSSL_API int wc_PKCS12_PBKDF_ex(byte* output, const byte* passwd,int passLen,
                        const byte* salt, int saltLen, int iterations, int kLen,
                        int hashType, int id, void* heap);
diff --git a/wolfssl/wolfcrypt/random.h b/wolfssl/wolfcrypt/random.h
index b7759ae53..342e04274 100644
--- a/wolfssl/wolfcrypt/random.h
+++ b/wolfssl/wolfcrypt/random.h
@@ -212,7 +212,7 @@ struct WC_RNG {
     #define RNG WC_RNG
 #endif
 
-WOLFSSL_API int wc_GenerateSeed(OS_Seed* os, byte* seed, word32 sz);
+WOLFSSL_API int wc_GenerateSeed(OS_Seed* os, byte* output, word32 sz);
 
 
 #ifdef HAVE_WNR
@@ -235,7 +235,7 @@ WOLFSSL_API int  wc_InitRng_ex(WC_RNG* rng, void* heap, int devId);
 WOLFSSL_API int  wc_InitRngNonce(WC_RNG* rng, byte* nonce, word32 nonceSz);
 WOLFSSL_API int  wc_InitRngNonce_ex(WC_RNG* rng, byte* nonce, word32 nonceSz,
                                     void* heap, int devId);
-WOLFSSL_ABI WOLFSSL_API int wc_RNG_GenerateBlock(WC_RNG* rng, byte* b, word32 sz);
+WOLFSSL_ABI WOLFSSL_API int wc_RNG_GenerateBlock(WC_RNG* rng, byte* output, word32 sz);
 WOLFSSL_API int  wc_RNG_GenerateByte(WC_RNG* rng, byte* b);
 WOLFSSL_API int  wc_FreeRng(WC_RNG* rng);
 #else
@@ -259,17 +259,17 @@ WOLFSSL_API int  wc_FreeRng(WC_RNG* rng);
 #endif
 
 #ifdef HAVE_HASHDRBG
-    WOLFSSL_API int wc_RNG_DRBG_Reseed(WC_RNG* rng, const byte* entropy,
-                                       word32 entropySz);
+    WOLFSSL_API int wc_RNG_DRBG_Reseed(WC_RNG* rng, const byte* seed,
+                                       word32 seedSz);
     WOLFSSL_API int wc_RNG_TestSeed(const byte* seed, word32 seedSz);
     WOLFSSL_API int wc_RNG_HealthTest(int reseed,
-                                        const byte* entropyA, word32 entropyASz,
-                                        const byte* entropyB, word32 entropyBSz,
+                                        const byte* seedA, word32 seedASz,
+                                        const byte* seedB, word32 seedBSz,
                                         byte* output, word32 outputSz);
     WOLFSSL_API int wc_RNG_HealthTest_ex(int reseed,
                                         const byte* nonce, word32 nonceSz,
-                                        const byte* entropyA, word32 entropyASz,
-                                        const byte* entropyB, word32 entropyBSz,
+                                        const byte* seedA, word32 seedASz,
+                                        const byte* seedB, word32 seedBSz,
                                         byte* output, word32 outputSz,
                                         void* heap, int devId);
 #endif /* HAVE_HASHDRBG */
diff --git a/wolfssl/wolfcrypt/rsa.h b/wolfssl/wolfcrypt/rsa.h
index ff959d68c..fe3241e46 100644
--- a/wolfssl/wolfcrypt/rsa.h
+++ b/wolfssl/wolfcrypt/rsa.h
@@ -90,7 +90,7 @@ RSA keys can be used to encrypt, decrypt, sign and verify data.
 #endif
 
 #if defined(WOLFSSL_RENESAS_FSPSM)
-    #include <wolfssl/wolfcrypt/port/renesas/renesas-fspsm-crypt.h>
+    #include <wolfssl/wolfcrypt/port/renesas/renesas_fspsm_internal.h>
 #endif
 
 #ifdef __cplusplus
@@ -395,8 +395,7 @@ WOLFSSL_API int  wc_RsaPublicKeyDecode(const byte* input, word32* inOutIdx,
                                        RsaKey* key, word32 inSz);
 WOLFSSL_API int  wc_RsaPublicKeyDecodeRaw(const byte* n, word32 nSz,
                                         const byte* e, word32 eSz, RsaKey* key);
-#if defined(WOLFSSL_KEY_GEN) || defined(OPENSSL_EXTRA) || \
-        defined(WOLFSSL_KCAPI_RSA) || defined(WOLFSSL_SE050)
+#ifdef WOLFSSL_KEY_TO_DER
     WOLFSSL_API int wc_RsaKeyToDer(RsaKey* key, byte* output, word32 inLen);
 #endif
 
diff --git a/wolfssl/wolfcrypt/settings.h b/wolfssl/wolfcrypt/settings.h
index fc08d66e2..153e301a0 100644
--- a/wolfssl/wolfcrypt/settings.h
+++ b/wolfssl/wolfcrypt/settings.h
@@ -319,11 +319,24 @@
         #define WOLFSSL_USER_IO
         #define WOLFSSL_NO_SOCK
         #define NO_WRITEV
+
+        /* boards less than 32 bit int get tripped up on long OID values */
+        #define WC_16BIT_CPU
+        #define WOLFSSL_OLD_OID_SUM
+    #elif defined(__SAM3X8E__)
+        #define WOLFSSL_NO_ATOMIC
+        #define WOLFSSL_NO_SOCK
+        #define WOLFSSL_USER_IO
+        #define NO_WRITEV
     #elif defined(__arm__)
         #define WOLFSSL_NO_SOCK
         #define NO_WRITEV
-    #elif defined(ESP32) || defined(ESP8266)
+    #elif defined(ESP32)
         /* assume sockets available */
+    #elif defined(ESP8266)
+        #define WOLFSSL_NO_SOCK
+        #define WOLFSSL_USER_IO
+        #define NO_WRITEV
     #else
         #define WOLFSSL_NO_SOCK
     #endif
@@ -356,6 +369,12 @@
     #warning "No configuration for wolfSSL detected, check header order"
 #endif
 
+/* Ensure WOLFSSL_DEBUG_CERTS is always set when DEBUG_WOLFSSL is enabled */
+#ifdef DEBUG_WOLFSSL
+    #undef  WOLFSSL_DEBUG_CERTS
+    #define WOLFSSL_DEBUG_CERTS
+#endif
+
 #include <wolfssl/wolfcrypt/visibility.h>
 
 /*------------------------------------------------------------*/
@@ -563,6 +582,9 @@
         #define WOLFSSL_MAX_ERROR_SZ 200
     #endif
 
+    /* Debug message do not need an additional LF for ESP_LOG */
+    #define WOLFSSL_DEBUG_LINE_ENDING ""
+
     /* Parse any Kconfig / menuconfig items into wolfSSL macro equivalents.
      * Macros may or may not be defined. If defined, they may have a value of
      *
@@ -1497,27 +1519,53 @@ extern void uITRON4_free(void *p) ;
     #if !defined(XMALLOC_USER) && !defined(NO_WOLFSSL_MEMORY) && \
         !defined(WOLFSSL_STATIC_MEMORY) && !defined(WOLFSSL_TRACK_MEMORY)
 
-        /* XMALLOC */
-        #if defined(WOLFSSL_ESPIDF) && \
-           (defined(DEBUG_WOLFSSL) || defined(DEBUG_WOLFSSL_MALLOC))
+        #if defined(WOLFSSL_ESPIDF)
             #include <wolfssl/wolfcrypt/port/Espressif/esp-sdk-lib.h>
-            #define XMALLOC(s, h, type)  \
-                           ((void)(h), (void)(type), wc_debug_pvPortMalloc( \
-                           (s), (__FILE__), (__LINE__), (__FUNCTION__) ))
+        #endif
+
+        /* XMALLOC */
+        #if defined(WOLFSSL_ESPIDF)
+            #if (defined(DEBUG_WOLFSSL) || defined(DEBUG_WOLFSSL_MALLOC))
+                #define XMALLOC(s, h, type)  \
+                              ((void)(h), (void)(type), wc_debug_pvPortMalloc( \
+                               (s), (__FILE__), (__LINE__), (__FUNCTION__) ))
+            #else
+                #define XMALLOC(s, h, type)  \
+                        ((void)(h), (void)(type), wc_pvPortMalloc((s))) /* native heap */
+            #endif
         #else
             #define XMALLOC(s, h, type)  \
                            ((void)(h), (void)(type), pvPortMalloc((s))) /* native heap */
         #endif
 
         /* XFREE */
-        #define XFREE(p, h, type)    ((void)(h), (void)(type), vPortFree((p))) /* native heap */
+        #if defined(WOLFSSL_ESPIDF)
+            #if (defined(DEBUG_WOLFSSL) || defined(DEBUG_WOLFSSL_MALLOC))
+                #define XFREE(p, h, type)   \
+                        ((void)(h), (void)(type), wc_debug_pvPortFree( \
+                                 (p), (__FILE__), (__LINE__), (__FUNCTION__) ))
+            #else
+                #define XFREE(p, h, type)   \
+                        ((void)(h), (void)(type), wc_pvPortFree((p)))
+            #endif
+        #else
+            #define XFREE(p, h, type)   \
+                     ((void)(h), (void)(type), vPortFree((p))) /* native heap */
+        #endif
 
         /* XREALLOC */
         #if defined(WOLFSSL_ESPIDF)
-            /* In the Espressif EDP-IDF, realloc(p, n) is equivalent to
-             *     heap_caps_realloc(p, s, MALLOC_CAP_8BIT)
-             * There's no pvPortRealloc available:  */
-            #define XREALLOC(p, n, h, t) ((void)(h), (void)(t), realloc((p), (n))) /* native heap */
+            #if (defined(DEBUG_WOLFSSL) || defined(DEBUG_WOLFSSL_MALLOC))
+                #define XREALLOC(p, n, h, t) \
+                        ((void)(h), (void)(t), wc_debug_pvPortRealloc( \
+                        (p), (n),(__FILE__), (__LINE__), (__FUNCTION__) ))
+            #else
+                /* In the Espressif EDP-IDF, realloc(p, n) is equivalent to
+                 *     heap_caps_realloc(p, s, MALLOC_CAP_8BIT)
+                 * There's no pvPortRealloc available, use native heap:  */
+                #define XREALLOC(p, n, h, t) \
+                       ((void)(h), (void)(t), wc_pvPortRealloc((p), (n)))
+            #endif
         #elif defined(USE_INTEGER_HEAP_MATH) || defined(OPENSSL_EXTRA) || \
               defined(OPENSSL_ALL)
             /* FreeRTOS pvPortRealloc() implementation can be found here:
@@ -3390,12 +3438,6 @@ extern void uITRON4_free(void *p) ;
     #if defined(NO_AES) && defined(NO_DES3)
         #error PKCS7 needs either AES or 3DES enabled, please enable one
     #endif
-    #ifndef HAVE_AES_KEYWRAP
-        #error PKCS7 requires AES key wrap please define HAVE_AES_KEYWRAP
-    #endif
-    #if defined(HAVE_ECC) && !defined(HAVE_X963_KDF)
-        #error PKCS7 requires X963 KDF please define HAVE_X963_KDF
-    #endif
 #endif
 
 #ifndef NO_PKCS12
@@ -3610,6 +3652,10 @@ extern void uITRON4_free(void *p) ;
 
 /* Linux Kernel Module */
 #ifdef WOLFSSL_LINUXKM
+    #define WOLFSSL_KERNEL_MODE
+    #ifdef WOLFSSL_LINUXKM_VERBOSE_DEBUG
+        #define WOLFSSL_KERNEL_VERBOSE_DEBUG
+    #endif
     #ifdef HAVE_CONFIG_H
         #include <config.h>
         #undef HAVE_CONFIG_H
@@ -3654,8 +3700,13 @@ extern void uITRON4_free(void *p) ;
     #undef HAVE_PTHREAD
     /* linuxkm uses linux/string.h, included by linuxkm_wc_port.h. */
     #undef HAVE_STRINGS_H
+    #define NO_STRING_H
     /* linuxkm uses linux/limits.h, included by linuxkm_wc_port.h. */
     #undef HAVE_LIMITS_H
+    #define NO_LIMITS_H
+    #define NO_STDLIB_H
+    #define NO_STDINT_H
+    #define NO_CTYPE_H
     #undef HAVE_ERRNO_H
     #undef HAVE_THREAD_LS
     #undef HAVE_ATEXIT
@@ -3727,11 +3778,14 @@ extern void uITRON4_free(void *p) ;
          * NIST SP 800-90A Rev. 1, to avoid unnecessary delays in DRBG
          * generation.
          */
-        #define WC_RESEED_INTERVAL (((word64)1UL)<<48UL)
+        #if defined(HAVE_FIPS) && FIPS_VERSION_LT(6,0)
+            #define WC_RESEED_INTERVAL UINT_MAX
+        #else
+            #define WC_RESEED_INTERVAL (((word64)1UL)<<48UL)
+        #endif
     #endif
 #endif
 
-
 /* Place any other flags or defines here */
 
 #if defined(WOLFSSL_MYSQL_COMPATIBLE) && defined(_WIN32) \
@@ -4018,7 +4072,8 @@ extern void uITRON4_free(void *p) ;
 #if defined(WOLFCRYPT_ONLY) && defined(NO_AES) && !defined(WOLFSSL_SHA384) && \
     !defined(WOLFSSL_SHA512) && defined(WC_NO_RNG) && \
     !defined(WOLFSSL_SP_MATH) && !defined(WOLFSSL_SP_MATH_ALL) \
-    && !defined(USE_FAST_MATH) && defined(NO_SHA256)
+    && !defined(USE_FAST_MATH) && defined(NO_SHA256) && \
+    !defined(WOLFSSL_USE_FORCE_ZERO)
     #undef  WOLFSSL_NO_FORCE_ZERO
     #define WOLFSSL_NO_FORCE_ZERO
 #endif
@@ -4369,6 +4424,31 @@ extern void uITRON4_free(void *p) ;
     #undef XREALLOC
 #endif
 
+/* There's currently no 100% reliable "smaller than 32 bit" detection.
+ * The user can specify: WC_16BIT_CPU
+ * Lower 16 bits of new OID values may collide on some 16 bit platforms.
+ *   e.g  Arduino Mega, fqbn=arduino:avr:mega  */
+#if defined(WC_16BIT_CPU)
+    /* Force the old, 16 bit OIDs to be used in wolfcrypt/oid_sum.h */
+    #undef  WOLFSSL_OLD_OID_SUM
+    #define WOLFSSL_OLD_OID_SUM
+#endif
+
+/* Support for Key to DER conversion */
+#if !defined(NO_RSA) && \
+    (defined(WOLFSSL_KEY_GEN) || defined(WOLFSSL_CERT_GEN) || \
+     defined(WOLFSSL_KCAPI_RSA) || defined(OPENSSL_EXTRA) || \
+     defined(WOLFSSL_SE050))
+    /* FIPS v2 has the wc_RsaKeyToDer in rsa.h (in boundary),
+     * so with FIPS or self test only allow with WOLFSSL_KEY_GEN */
+    #if (!defined(HAVE_FIPS) && !defined(HAVE_SELFTEST)) || \
+        defined(WOLFSSL_KEY_GEN)
+
+        #undef  WOLFSSL_KEY_TO_DER
+        #define WOLFSSL_KEY_TO_DER
+    #endif
+#endif
+
 
 /* ---------------------------------------------------------------------------
  * Deprecated Algorithm Handling
@@ -4405,6 +4485,12 @@ extern void uITRON4_free(void *p) ;
     #endif
 #endif /* WOLFSSL_SYS_CA_CERTS */
 
+#ifdef NO_WOLFSSL_DEBUG_CERTS
+    /* Simplify certificate debugging gate check with only WOLFSSL_DEBUG_CERTS.
+     * NO_WOLFSSL_DEBUG_CERTS prioritized over WOLFSSL_DEBUG_CERTS; disable: */
+    #undef WOLFSSL_DEBUG_CERTS
+#endif
+
 #if defined(SESSION_CACHE_DYNAMIC_MEM) && defined(PERSIST_SESSION_CACHE)
 #error "Dynamic session cache currently does not support persistent session cache."
 #endif
diff --git a/wolfssl/wolfcrypt/sha.h b/wolfssl/wolfcrypt/sha.h
index 9a42e8791..ca5780edc 100644
--- a/wolfssl/wolfcrypt/sha.h
+++ b/wolfssl/wolfcrypt/sha.h
@@ -113,7 +113,7 @@ enum {
     #include "wolfssl/wolfcrypt/port/Renesas/renesas-rx64-hw-crypt.h"
 #elif defined(WOLFSSL_RENESAS_RSIP) && \
     !defined(NO_WOLFSSL_RENESAS_FSPSM_HASH)
-    #include "wolfssl/wolfcrypt/port/Renesas/renesas-fspsm-crypt.h"
+    #include "wolfssl/wolfcrypt/port/Renesas/renesas_fspsm_internal.h"
 #else
 
 #if defined(WOLFSSL_SE050) && defined(WOLFSSL_SE050_HASH)
diff --git a/wolfssl/wolfcrypt/sha256.h b/wolfssl/wolfcrypt/sha256.h
index f203dad12..468e4d1db 100644
--- a/wolfssl/wolfcrypt/sha256.h
+++ b/wolfssl/wolfcrypt/sha256.h
@@ -141,7 +141,7 @@ enum {
 #elif (defined(WOLFSSL_RENESAS_SCEPROTECT) || \
        defined(WOLFSSL_RENESAS_RSIP))    && \
      !defined(NO_WOLFSSL_RENESAS_FSPSM_HASH)
-    #include "wolfssl/wolfcrypt/port/Renesas/renesas-fspsm-crypt.h"
+    #include "wolfssl/wolfcrypt/port/Renesas/renesas_fspsm_internal.h"
 #elif defined(WOLFSSL_RENESAS_RX64_HASH)
     #include "wolfssl/wolfcrypt/port/Renesas/renesas-rx64-hw-crypt.h"
 #else
diff --git a/wolfssl/wolfcrypt/sha3.h b/wolfssl/wolfcrypt/sha3.h
index 1c0348ce8..88382e4be 100644
--- a/wolfssl/wolfcrypt/sha3.h
+++ b/wolfssl/wolfcrypt/sha3.h
@@ -232,8 +232,15 @@ WOLFSSL_LOCAL void BlockSha3(word64 *s);
     WOLFSSL_LOCAL void sha3_block_n_bmi2(word64* s, const byte* data, word32 n,
         word64 c);
     WOLFSSL_LOCAL void sha3_block_bmi2(word64* s);
+    WOLFSSL_LOCAL void sha3_block_n_avx2(word64* s, const byte* data, word32 n,
+        word64 c);
     WOLFSSL_LOCAL void sha3_block_avx2(word64* s);
     WOLFSSL_LOCAL void sha3_blocksx4_avx2(word64* s);
+
+    WOLFSSL_LOCAL void sha3_128_blocksx4_seed_avx2(word64* s, byte* seed);
+    WOLFSSL_LOCAL void sha3_256_blocksx4_seed_avx2(word64* s, byte* seed);
+
+    WOLFSSL_LOCAL void sha3_256_blocksx4_seed_64_avx2(word64* s, byte* seed);
 #elif defined(__aarch64__) && defined(WOLFSSL_ARMASM)
     #ifdef WOLFSSL_ARMASM_CRYPTO_SHA3
         WOLFSSL_LOCAL void BlockSha3_crypto(word64 *s);
diff --git a/wolfssl/wolfcrypt/sha512.h b/wolfssl/wolfcrypt/sha512.h
index b90e2b204..36c056408 100644
--- a/wolfssl/wolfcrypt/sha512.h
+++ b/wolfssl/wolfcrypt/sha512.h
@@ -129,7 +129,7 @@ enum {
     #include "wolfssl/wolfcrypt/port/caam/wolfcaam_sha.h"
 #elif defined(WOLFSSL_RENESAS_RSIP) && \
      !defined(NO_WOLFSSL_RENESAS_FSPSM_HASH)
-    #include "wolfssl/wolfcrypt/port/Renesas/renesas-fspsm-crypt.h"
+    #include "wolfssl/wolfcrypt/port/Renesas/renesas_fspsm_internal.h"
 
 #else
 #if defined(WOLFSSL_SE050) && defined(WOLFSSL_SE050_HASH)
@@ -209,6 +209,9 @@ struct wc_Sha512 {
 #if defined(STM32_HASH_SHA512)
     STM32_HASH_Context stmCtx;
 #endif
+#if defined(WOLFSSL_SHA512_HASHTYPE)
+    int hashType; /* used to determine which SHA512 is used */
+#endif /* WOLFSSL_SHA512_HASHTYPE */
 #endif /* WOLFSSL_PSOC6_CRYPTO */
 };
 
diff --git a/wolfssl/wolfcrypt/sp.h b/wolfssl/wolfcrypt/sp.h
index c116cb0ae..666bbb9f1 100644
--- a/wolfssl/wolfcrypt/sp.h
+++ b/wolfssl/wolfcrypt/sp.h
@@ -35,7 +35,7 @@
     typedef unsigned __int8  uint8_t;
     typedef unsigned __int32 uint32_t;
     typedef unsigned __int64 uint64_t;
-#elif !defined(WOLFSSL_LINUXKM)
+#elif !defined(NO_STDINT_H)
     #include <stdint.h>
 #endif
 
diff --git a/wolfssl/wolfcrypt/sp_int.h b/wolfssl/wolfcrypt/sp_int.h
index eb42d8090..0774fb95f 100644
--- a/wolfssl/wolfcrypt/sp_int.h
+++ b/wolfssl/wolfcrypt/sp_int.h
@@ -27,7 +27,7 @@ This library provides single precision (SP) integer math functions.
 #ifndef WOLF_CRYPT_SP_INT_H
 #define WOLF_CRYPT_SP_INT_H
 
-#ifndef WOLFSSL_LINUXKM
+#ifndef NO_LIMITS_H
 #include <limits.h>
 #endif
 #include <wolfssl/wolfcrypt/settings.h>
diff --git a/wolfssl/wolfcrypt/tfm.h b/wolfssl/wolfcrypt/tfm.h
index d4392508a..9918abae2 100644
--- a/wolfssl/wolfcrypt/tfm.h
+++ b/wolfssl/wolfcrypt/tfm.h
@@ -234,6 +234,9 @@
    #ifndef NO_TFM_64BIT
       #if defined(_MSC_VER) || defined(__BORLANDC__)
          typedef unsigned __int64   ulong64;
+         #if defined(INTIME_RTOS)
+            #undef long64
+         #endif
          typedef   signed __int64    long64;
       #else
          typedef unsigned long long ulong64;
diff --git a/wolfssl/wolfcrypt/types.h b/wolfssl/wolfcrypt/types.h
index 01ca1b7fe..e4be257ae 100644
--- a/wolfssl/wolfcrypt/types.h
+++ b/wolfssl/wolfcrypt/types.h
@@ -374,7 +374,9 @@ typedef struct w64wrapper {
 #ifdef WC_PTR_TYPE /* Allow user supplied type */
     typedef WC_PTR_TYPE wc_ptr_t;
 #elif defined(HAVE_UINTPTR_T)
-    #include <stdint.h>
+    #ifndef NO_STDINT_H
+        #include <stdint.h>
+    #endif
     typedef uintptr_t wc_ptr_t;
 #else /* fallback to architecture size_t for pointer size */
     #include <stddef.h> /* included for getting size_t type */
@@ -423,7 +425,7 @@ enum {
 #endif
 
 /* set up thread local storage if available */
-#ifdef HAVE_THREAD_LS
+#if defined(HAVE_THREAD_LS) && !defined(NO_THREAD_LS)
     #if defined(_MSC_VER) || defined(__WATCOMC__)
         #define THREAD_LS_T __declspec(thread)
     /* Thread local storage only in FreeRTOS v8.2.1 and higher */
@@ -746,9 +748,9 @@ enum {
     #define WC_FREE_VAR(VAR_NAME, HEAP) WC_DO_NOTHING \
         /* nothing to free, its stack */
     #define WC_DECLARE_ARRAY(VAR_NAME, VAR_TYPE, VAR_ITEMS, VAR_SIZE, HEAP) \
-        VAR_TYPE VAR_NAME[VAR_ITEMS][(VAR_SIZE) / sizeof(VAR_TYPE)] /* // NOLINT(bugprone-sizeof-expression) */
+        VAR_TYPE VAR_NAME[VAR_ITEMS][(VAR_SIZE) / sizeof(VAR_TYPE)] /* NOLINT(bugprone-sizeof-expression) */
     #define WC_ARRAY_ARG(VAR_NAME, VAR_TYPE, VAR_ITEMS, VAR_SIZE) \
-        VAR_TYPE VAR_NAME[VAR_ITEMS][(VAR_SIZE) / sizeof(VAR_TYPE)] /* // NOLINT(bugprone-sizeof-expression) */
+        VAR_TYPE VAR_NAME[VAR_ITEMS][(VAR_SIZE) / sizeof(VAR_TYPE)] /* NOLINT(bugprone-sizeof-expression) */
     #define WC_ALLOC_ARRAY(VAR_NAME, VAR_TYPE, VAR_ITEMS, VAR_SIZE, HEAP) \
         WC_DO_NOTHING
     #define WC_CALLOC_ARRAY(VAR_NAME, VAR_TYPE, VAR_ITEMS, VAR_SIZE, HEAP) \
@@ -786,9 +788,7 @@ enum {
 #endif
 
 #ifndef STRING_USER
-    #if defined(WOLFSSL_LINUXKM)
-        #include <linux/string.h>
-    #else
+    #ifndef NO_STRING_H
         #include <string.h>
     #endif
 
@@ -1047,7 +1047,7 @@ binding for XSNPRINTF
 #endif /* !NO_FILESYSTEM && !NO_STDIO_FILESYSTEM */
 
 #ifndef CTYPE_USER
-    #ifndef WOLFSSL_LINUXKM
+    #ifndef NO_CTYPE_H
         #include <ctype.h>
     #endif
     #if defined(HAVE_ECC) || defined(HAVE_OCSP) || \
@@ -1220,8 +1220,16 @@ enum wc_AlgoType {
     WC_ALGO_TYPE_HMAC = 6,
     WC_ALGO_TYPE_CMAC = 7,
     WC_ALGO_TYPE_CERT = 8,
+    WC_ALGO_TYPE_KDF = 9,
 
-    WC_ALGO_TYPE_MAX = WC_ALGO_TYPE_CERT
+    WC_ALGO_TYPE_MAX = WC_ALGO_TYPE_KDF
+};
+
+/* KDF types */
+enum wc_KdfType {
+    WC_KDF_TYPE_NONE = 0,
+    WC_KDF_TYPE_HKDF = 1
+    /* Future: WC_KDF_TYPE_PBKDF2 = 2, WC_KDF_TYPE_SCRYPT = 3, etc. */
 };
 
 /* hash types */
@@ -1482,6 +1490,9 @@ WOLFSSL_API word32 CheckRunTimeSettings(void);
         #define XALIGNED(x) __attribute__ ( (aligned (x)))
     #elif defined(__KEIL__)
         #define XALIGNED(x) __align(x)
+    #elif defined(__WATCOMC__) /* && (_MSC_VER or !_MSC_VER) */
+        /* No align available for Open Watcom V2, expansion comment needed: */
+        #define XALIGNED(x) /* null expansion */
     #elif defined(_MSC_VER)
         /* disable align warning, we want alignment ! */
         #pragma warning(disable: 4324)
@@ -1551,7 +1562,7 @@ WOLFSSL_API word32 CheckRunTimeSettings(void);
 #elif defined(WOLFSSL_USER_THREADING)
     /* User can define user specific threading types
         *  THREAD_RETURN
-        *  TREAD_TYPE
+        *  THREAD_TYPE
         *  WOLFSSL_THREAD
         * e.g.
         *  typedef unsigned int  THREAD_RETURN;
@@ -1579,7 +1590,7 @@ WOLFSSL_API word32 CheckRunTimeSettings(void);
         #ifndef HAVE_SELFTEST
             #define WOLFSSL_THREAD_NO_JOIN
         #endif
-    #elif defined(__NT__)
+    #elif defined(__NT__) || defined(INTIME_RTOS)
         typedef unsigned      THREAD_RETURN;
         typedef uintptr_t     THREAD_TYPE;
         typedef struct COND_TYPE {
@@ -1711,13 +1722,18 @@ WOLFSSL_API word32 CheckRunTimeSettings(void);
     typedef unsigned int   THREAD_RETURN;
     typedef TX_THREAD      THREAD_TYPE;
     #define WOLFSSL_THREAD
+#elif defined(INTIME_RTOS)
+    typedef unsigned int  THREAD_RETURN;
+    #define INTIME_THREAD_TYPE THREAD_TYPE
+    #undef THREAD_TYPE
+    typedef uintptr_t     THREAD_TYPE;
+    #define WOLFSSL_THREAD __stdcall
 #else
     typedef unsigned int  THREAD_RETURN;
     typedef size_t        THREAD_TYPE;
     #define WOLFSSL_THREAD __stdcall
 #endif
 
-
 #ifndef SINGLE_THREADED
     /* Necessary headers should already be included. */
 
@@ -1802,6 +1818,12 @@ WOLFSSL_API word32 CheckRunTimeSettings(void);
         WOLFSSL_API int wolfSSL_CondStart(COND_TYPE* cond);
         WOLFSSL_API int wolfSSL_CondEnd(COND_TYPE* cond);
     #endif
+
+    #ifdef INTIME_RTOS
+       #undef  THREAD_TYPE
+       #define THREAD_TYPE INTIME_THREAD_TYPE
+       #undef  INTIME_THREAD_TYPE
+    #endif
 #else
     #define WOLFSSL_RETURN_FROM_THREAD(x) return (THREAD_RETURN)(x)
 #endif /* SINGLE_THREADED */
@@ -1935,12 +1957,41 @@ WOLFSSL_API word32 CheckRunTimeSettings(void);
         #define wc_static_assert2(expr, msg) wc_static_assert(expr)
 #endif
 
+#ifndef WC_RELAX_LONG_LOOP
+    #define WC_RELAX_LONG_LOOP() WC_DO_NOTHING
+#endif
+#ifndef WC_CHECK_FOR_INTR_SIGNALS
+    #define WC_CHECK_FOR_INTR_SIGNALS() 0
+    #ifndef SAVE_NO_VECTOR_REGISTERS
+        #define SAVE_NO_VECTOR_REGISTERS(fail_clause) WC_RELAX_LONG_LOOP()
+    #endif
+    #ifndef SAVE_NO_VECTOR_REGISTERS2
+        #define SAVE_NO_VECTOR_REGISTERS2() 0
+    #endif
+#else
+    #ifndef SAVE_NO_VECTOR_REGISTERS
+        #define SAVE_NO_VECTOR_REGISTERS(fail_clause) {     \
+                int _svr_ret = WC_CHECK_FOR_INTR_SIGNALS(); \
+                if (_svr_ret != 0) { fail_clause }          \
+                WC_RELAX_LONG_LOOP();                       \
+            }
+    #endif
+    #ifndef SAVE_NO_VECTOR_REGISTERS2
+        #define SAVE_NO_VECTOR_REGISTERS2() WC_CHECK_FOR_INTR_SIGNALS()
+    #endif
+#endif
+#ifndef RESTORE_NO_VECTOR_REGISTERS
+    #define RESTORE_NO_VECTOR_REGISTERS() WC_RELAX_LONG_LOOP()
+#endif
+
 #ifndef SAVE_VECTOR_REGISTERS
-    #define SAVE_VECTOR_REGISTERS(fail_clause) WC_DO_NOTHING
+    #define SAVE_VECTOR_REGISTERS(fail_clause) SAVE_NO_VECTOR_REGISTERS(fail_clause)
 #endif
 #ifndef SAVE_VECTOR_REGISTERS2
-    #define SAVE_VECTOR_REGISTERS2() 0
-    #define SAVE_VECTOR_REGISTERS2_DOES_NOTHING
+    #define SAVE_VECTOR_REGISTERS2() SAVE_NO_VECTOR_REGISTERS2()
+    #define SAVE_VECTOR_REGISTERS2_DOES_NOTHING /* VECTOR_REGISTERS_{PUSH,POP}
+                                                 * in aes.c depend on this.
+                                                 */
 #endif
 #ifndef CAN_SAVE_VECTOR_REGISTERS
     #define CAN_SAVE_VECTOR_REGISTERS() 1
@@ -1956,23 +2007,31 @@ WOLFSSL_API word32 CheckRunTimeSettings(void);
     #define ASSERT_RESTORED_VECTOR_REGISTERS(fail_clause) WC_DO_NOTHING
 #endif
 #ifndef RESTORE_VECTOR_REGISTERS
-    #define RESTORE_VECTOR_REGISTERS() WC_DO_NOTHING
+    #define RESTORE_VECTOR_REGISTERS() RESTORE_NO_VECTOR_REGISTERS()
 #endif
-#ifdef WOLFSSL_NO_ASM
-    /* We define fallback no-op definitions for these only if asm is disabled,
-     * otherwise the using code must detect that these macros are undefined and
-     * provide its own non-vector implementation paths.
-     *
-     * Currently these macros are only used in WOLFSSL_LINUXKM code paths, which
-     * are always compiled either with substantive definitions from
-     * linuxkm_wc_port.h, or with WOLFSSL_NO_ASM defined.
-     */
-    #ifndef DISABLE_VECTOR_REGISTERS
+
+#if (defined(USE_INTEL_SPEEDUP) || defined(USE_INTEL_SPEEDUP_FOR_AES) || \
+     defined(WOLFSSL_AESNI) || defined(WOLFSSL_ARMASM) || \
+     defined(WOLFSSL_SP_ASM)) && !defined(WOLFSSL_NO_ASM)
+    #define WC_HAVE_VECTOR_SPEEDUPS
+#endif
+
+/* DISABLE_VECTOR_REGISTERS() and REENABLE_VECTOR_REGISTERS() are currently only
+ * used by Linux kernel code.  If WC_HAVE_VECTOR_SPEEDUPS, we default
+ * DISABLE_VECTOR_REGISTERS() to -1, to assure calling code is forced to handle
+ * the failure.  But if the build disables vec regs globally, we can return 0
+ * harmlessly.  The kernel build defines real calls for these in vectorized
+ * builds, otherwise it uses these fallbacks.
+ */
+#ifndef DISABLE_VECTOR_REGISTERS
+    #ifdef WC_HAVE_VECTOR_SPEEDUPS
+        #define DISABLE_VECTOR_REGISTERS() (-1)
+    #else
         #define DISABLE_VECTOR_REGISTERS() 0
     #endif
-    #ifndef REENABLE_VECTOR_REGISTERS
-        #define REENABLE_VECTOR_REGISTERS() WC_DO_NOTHING
-    #endif
+#endif
+#ifndef REENABLE_VECTOR_REGISTERS
+    #define REENABLE_VECTOR_REGISTERS() WC_DO_NOTHING
 #endif
 
 #ifndef WC_SANITIZE_DISABLE
@@ -2046,7 +2105,6 @@ enum Max_ASN {
 #else
     MAX_ENCODED_SIG_SZ  =  64,
 #endif
-    MAX_SIG_SZ          = 256,
     MAX_ALGO_SZ         =  20,
     MAX_LENGTH_SZ       = WOLFSSL_ASN_MAX_LENGTH_SZ, /* Max length size for DER encoding */
     MAX_SHORT_SZ        = (1 + 1 + 5), /* asn int + byte len + 5 byte length */
@@ -2103,6 +2161,8 @@ enum Max_ASN {
 #define WC_MAX_BLOCK_SIZE  128
 #endif
 
+#define MAX_SIG_SZ MAX_ENCODED_SIG_SZ
+
 #ifdef WOLFSSL_CERT_GEN
     /* Used in asn.c MakeSignature for ECC and RSA non-blocking/async */
     enum CertSignState {
diff --git a/wolfssl/wolfcrypt/wc_mlkem.h b/wolfssl/wolfcrypt/wc_mlkem.h
index 649a73db6..91e015f36 100644
--- a/wolfssl/wolfcrypt/wc_mlkem.h
+++ b/wolfssl/wolfcrypt/wc_mlkem.h
@@ -267,11 +267,6 @@ void mlkem_redistribute_16_rand_avx2(const word64* s, byte* r0, byte* r1,
 void mlkem_redistribute_8_rand_avx2(const word64* s, byte* r0, byte* r1,
     byte* r2, byte* r3);
 
-WOLFSSL_LOCAL
-void mlkem_sha3_128_blocksx4_seed_avx2(word64* s, byte* seed);
-WOLFSSL_LOCAL
-void mlkem_sha3_256_blocksx4_seed_avx2(word64* s, byte* seed);
-
 WOLFSSL_LOCAL
 void mlkem_cbd_eta2_avx2(sword16* p, const byte* r);
 WOLFSSL_LOCAL
diff --git a/wolfssl/wolfcrypt/wc_port.h b/wolfssl/wolfcrypt/wc_port.h
index c0fd47f62..bad52a989 100644
--- a/wolfssl/wolfcrypt/wc_port.h
+++ b/wolfssl/wolfcrypt/wc_port.h
@@ -90,8 +90,11 @@
             ((__GNUC__ == 4) && (__GNUC_MINOR__ > 5))))) ||  \
           defined(__clang__)
         #define WC_DEPRECATED(msg) __attribute__((deprecated(msg)))
+    #elif defined(__WATCOMC__)
+          /* Watcom macro needs to expand to something, here just a comment: */
+          #define WC_DEPRECATED(msg) /* null expansion */
     #elif defined(_MSC_VER) || defined(__MINGW32__) || defined(__CYGWIN__) || \
-          defined(_WIN32_WCE) || defined(__WATCOMC__)
+          defined(_WIN32_WCE)
         #define WC_DEPRECATED(msg) __declspec(deprecated(msg))
     #elif (defined(__GNUC__) && (__GNUC__ >= 4)) || \
           defined(__IAR_SYSTEMS_ICC__)
@@ -173,6 +176,10 @@
                 #include <winsock2.h>
                 #include <ws2tcpip.h> /* required for InetPton */
             #endif
+        #elif defined(__NT__)
+            #define _WINSOCKAPI_ /* block inclusion of winsock.h header file */
+            #include <windows.h>
+            #undef _WINSOCKAPI_ /* undefine it for MINGW winsock2.h header file */
         #elif defined(__OS2__)
             #define INCL_DOSSEMAPHORES
             #define INCL_DOSPROCESS
@@ -255,6 +262,8 @@
     #endif
 #elif defined(WOLFSSL_CMSIS_RTOS)
     #include "cmsis_os.h"
+#elif defined(MBED)
+    /* do nothing */
 #elif defined(WOLFSSL_TIRTOS)
     #include <ti/sysbios/BIOS.h>
     #include <ti/sysbios/knl/Task.h>
@@ -463,62 +472,123 @@
 #endif
 
 #ifndef WOLFSSL_NO_ATOMICS
-#ifdef SINGLE_THREADED
-    typedef int wolfSSL_Atomic_Int;
-    #define WOLFSSL_ATOMIC_INITIALIZER(x) (x)
-    #define WOLFSSL_ATOMIC_LOAD(x) (x)
-    #define WOLFSSL_ATOMIC_STORE(x, val) (x) = (val)
-    #define WOLFSSL_ATOMIC_OPS
-#elif defined(HAVE_C___ATOMIC)
-#ifdef __cplusplus
-#if defined(__GNUC__) && defined(__ATOMIC_RELAXED)
-    /* C++ using direct calls to compiler built-in functions */
-    typedef volatile int wolfSSL_Atomic_Int;
-    #define WOLFSSL_ATOMIC_INITIALIZER(x) (x)
-    #define WOLFSSL_ATOMIC_LOAD(x) __atomic_load_n(&(x), __ATOMIC_CONSUME)
-    #define WOLFSSL_ATOMIC_STORE(x, val) __atomic_store_n(&(x), val, __ATOMIC_RELEASE)
-    #define WOLFSSL_ATOMIC_OPS
-#endif
-#else
-    #ifdef WOLFSSL_HAVE_ATOMIC_H
-    /* Default C Implementation */
-    #include <stdatomic.h>
-    typedef atomic_int wolfSSL_Atomic_Int;
-    #define WOLFSSL_ATOMIC_INITIALIZER(x) (x)
-    #define WOLFSSL_ATOMIC_LOAD(x) atomic_load(&(x))
-    #define WOLFSSL_ATOMIC_STORE(x, val) atomic_store(&(x), val)
-    #define WOLFSSL_ATOMIC_OPS
-    #endif /* WOLFSSL_HAVE_ATOMIC_H */
-#endif
-#elif defined(_MSC_VER) && !defined(WOLFSSL_NOT_WINDOWS_API)
-    /* Use MSVC compiler intrinsics for atomic ops */
-    #ifdef _WIN32_WCE
-        #include <armintr.h>
-    #else
-        #include <intrin.h>
+    #if defined(WOLFSSL_USER_DEFINED_ATOMICS)
+        /* user-supplied bindings for wolfSSL_Atomic_Int etc. */
+        #if !defined(WOLFSSL_ATOMIC_INITIALIZER) || \
+            !defined(WOLFSSL_ATOMIC_LOAD) || \
+            !defined(WOLFSSL_ATOMIC_STORE)
+            #error WOLFSSL_USER_DEFINED_ATOMICS is set but macro(s) are missing.
+        #else
+            #define WOLFSSL_ATOMIC_OPS
+        #endif
+    #elif defined(SINGLE_THREADED)
+        typedef int wolfSSL_Atomic_Int;
+        typedef unsigned int wolfSSL_Atomic_Uint;
+        #define WOLFSSL_ATOMIC_INITIALIZER(x) (x)
+        #define WOLFSSL_ATOMIC_LOAD(x) (x)
+        #define WOLFSSL_ATOMIC_STORE(x, val) (x) = (val)
+        #define WOLFSSL_ATOMIC_OPS
+    #elif defined(HAVE_C___ATOMIC)
+        #ifdef __cplusplus
+            #if defined(__GNUC__) && defined(__ATOMIC_RELAXED)
+                /* C++ using direct calls to compiler built-in functions */
+                typedef volatile int wolfSSL_Atomic_Int;
+                typedef volatile unsigned int wolfSSL_Atomic_Uint;
+                #define WOLFSSL_ATOMIC_INITIALIZER(x) (x)
+                #define WOLFSSL_ATOMIC_LOAD(x) __atomic_load_n(&(x), \
+                                                               __ATOMIC_CONSUME)
+                #define WOLFSSL_ATOMIC_STORE(x, val) __atomic_store_n(&(x), \
+                                                          val, __ATOMIC_RELEASE)
+                #define WOLFSSL_ATOMIC_OPS
+            #endif
+        #else
+            #ifdef WOLFSSL_HAVE_ATOMIC_H
+                /* Default C Implementation */
+                #include <stdatomic.h>
+                typedef atomic_int wolfSSL_Atomic_Int;
+                typedef atomic_uint wolfSSL_Atomic_Uint;
+                #define WOLFSSL_ATOMIC_INITIALIZER(x) (x)
+                #define WOLFSSL_ATOMIC_LOAD(x) atomic_load(&(x))
+                #define WOLFSSL_ATOMIC_STORE(x, val) atomic_store(&(x), val)
+                #define WOLFSSL_ATOMIC_OPS
+            #endif /* WOLFSSL_HAVE_ATOMIC_H */
+        #endif
+    #elif defined(_MSC_VER) && !defined(WOLFSSL_NOT_WINDOWS_API)
+        /* Use MSVC compiler intrinsics for atomic ops */
+        #ifdef _WIN32_WCE
+            #include <armintr.h>
+        #else
+            #include <intrin.h>
+        #endif
+        typedef volatile long wolfSSL_Atomic_Int;
+        typedef volatile unsigned long wolfSSL_Atomic_Uint;
+        #define WOLFSSL_ATOMIC_INITIALIZER(x) (x)
+        #define WOLFSSL_ATOMIC_LOAD(x) (x)
+        #define WOLFSSL_ATOMIC_STORE(x, val) (x) = (val)
+        #define WOLFSSL_ATOMIC_OPS
     #endif
-    typedef volatile long wolfSSL_Atomic_Int;
+
+    #ifndef WOLFSSL_ATOMIC_INITIALIZER
+        /* If we weren't able to implement atomics above, disable them here. */
+        #define WOLFSSL_NO_ATOMICS
+    #endif
+#endif
+
+#ifdef WOLFSSL_NO_ATOMICS
     #define WOLFSSL_ATOMIC_INITIALIZER(x) (x)
     #define WOLFSSL_ATOMIC_LOAD(x) (x)
     #define WOLFSSL_ATOMIC_STORE(x, val) (x) = (val)
-    #define WOLFSSL_ATOMIC_OPS
-#endif
 #endif /* WOLFSSL_NO_ATOMICS */
 
-#if defined(WOLFSSL_ATOMIC_OPS) && !defined(SINGLE_THREADED)
+/* WOLFSSL_ATOMIC_COERCE_INT() needs to accept either a regular int or an
+ * wolfSSL_Atomic_Int as its argument, and evaluate to a regular int.
+ * Allows a user-supplied override definition with type introspection.
+ */
+#ifndef WOLFSSL_ATOMIC_COERCE_INT
+    #define WOLFSSL_ATOMIC_COERCE_INT(x) ((int)(x))
+#endif
+#ifndef WOLFSSL_ATOMIC_COERCE_UINT
+    #define WOLFSSL_ATOMIC_COERCE_UINT(x) ((unsigned int)(x))
+#endif
+
+#ifdef WOLFSSL_USER_DEFINED_ATOMICS
+    /* user-supplied bindings for wolfSSL_Atomic_Int_Init(),
+     * wolfSSL_Atomic_Int_FetchAdd(), etc.
+     */
+#elif defined(WOLFSSL_ATOMIC_OPS) && !defined(SINGLE_THREADED)
     WOLFSSL_API void wolfSSL_Atomic_Int_Init(wolfSSL_Atomic_Int* c, int i);
-    /* Fetch* functions return the value of the counter immediately preceding
-     * the effects of the function. */
+    WOLFSSL_API void wolfSSL_Atomic_Uint_Init(
+        wolfSSL_Atomic_Uint* c, unsigned int i);
+    /* FetchOp functions return the value of the counter immediately preceding
+     * the effects of the operation.
+     * OpFetch functions return the value of the counter immediately after
+     * the effects of the operation.
+     */
     WOLFSSL_API int wolfSSL_Atomic_Int_FetchAdd(wolfSSL_Atomic_Int* c, int i);
     WOLFSSL_API int wolfSSL_Atomic_Int_FetchSub(wolfSSL_Atomic_Int* c, int i);
+    WOLFSSL_API int wolfSSL_Atomic_Int_AddFetch(wolfSSL_Atomic_Int* c, int i);
+    WOLFSSL_API int wolfSSL_Atomic_Int_SubFetch(wolfSSL_Atomic_Int* c, int i);
+    WOLFSSL_API int wolfSSL_Atomic_Int_CompareExchange(
+        wolfSSL_Atomic_Int* c, int *expected_i, int new_i);
+    WOLFSSL_API unsigned int wolfSSL_Atomic_Uint_FetchAdd(
+        wolfSSL_Atomic_Uint* c, unsigned int i);
+    WOLFSSL_API unsigned int wolfSSL_Atomic_Uint_FetchSub(
+        wolfSSL_Atomic_Uint* c, unsigned int i);
+    WOLFSSL_API unsigned int wolfSSL_Atomic_Uint_AddFetch(
+        wolfSSL_Atomic_Uint* c, unsigned int i);
+    WOLFSSL_API unsigned int wolfSSL_Atomic_Uint_SubFetch(
+        wolfSSL_Atomic_Uint* c, unsigned int i);
+    WOLFSSL_API int wolfSSL_Atomic_Uint_CompareExchange(
+        wolfSSL_Atomic_Uint* c, unsigned int *expected_i, unsigned int new_i);
 #else
     /* Code using these fallback implementations in non-SINGLE_THREADED builds
-     * needs to arrange its own explicit fallback to int for wolfSSL_Atomic_Int,
-     * which is not defined if !defined(WOLFSSL_ATOMIC_OPS) &&
-     * !defined(SINGLE_THREADED).  This forces local awareness of thread-unsafe
-     * semantics.
+     * needs to arrange its own explicit fallback to int for wolfSSL_Atomic_Int
+     * and unsigned int for wolfSSL_Atomic_Uint, which is not defined if
+     * !defined(WOLFSSL_ATOMIC_OPS) && !defined(SINGLE_THREADED).  This forces
+     * local awareness of thread-unsafe semantics.
      */
     #define wolfSSL_Atomic_Int_Init(c, i) (*(c) = (i))
+    #define wolfSSL_Atomic_Uint_Init(c, i) (*(c) = (i))
     static WC_INLINE int wolfSSL_Atomic_Int_FetchAdd(int *c, int i) {
         int ret = *c;
         *c += i;
@@ -529,6 +599,60 @@
         *c -= i;
         return ret;
     }
+    static WC_INLINE int wolfSSL_Atomic_Int_AddFetch(int *c, int i) {
+        return (*c += i);
+    }
+    static WC_INLINE int wolfSSL_Atomic_Int_SubFetch(int *c, int i) {
+        return (*c -= i);
+    }
+    static WC_INLINE int wolfSSL_Atomic_Int_CompareExchange(
+        int *c, int *expected_i, int new_i)
+    {
+        if (*c == *expected_i) {
+            *c = new_i;
+            return 1;
+        }
+        else {
+            *expected_i = *c;
+            return 0;
+        }
+    }
+    static WC_INLINE unsigned int wolfSSL_Atomic_Uint_FetchAdd(
+        unsigned int *c, unsigned int i)
+    {
+        unsigned int ret = *c;
+        *c += i;
+        return ret;
+    }
+    static WC_INLINE unsigned int wolfSSL_Atomic_Uint_FetchSub(
+        unsigned int *c, unsigned int i)
+    {
+        unsigned int ret = *c;
+        *c -= i;
+        return ret;
+    }
+    static WC_INLINE unsigned int wolfSSL_Atomic_Uint_AddFetch(
+        unsigned int *c, unsigned int i)
+    {
+        return (*c += i);
+    }
+    static WC_INLINE unsigned int wolfSSL_Atomic_Uint_SubFetch(
+        unsigned int *c, unsigned int i)
+    {
+        return (*c -= i);
+    }
+    static WC_INLINE int wolfSSL_Atomic_Uint_CompareExchange(
+        unsigned int *c, unsigned int *expected_i, unsigned int new_i)
+    {
+        if (*c == *expected_i) {
+            *c = new_i;
+            return 1;
+        }
+        else {
+            *expected_i = *c;
+            return 0;
+        }
+    }
 #endif
 
 /* Reference counting. */
@@ -1535,8 +1659,12 @@ WOLFSSL_ABI WOLFSSL_API int wolfCrypt_Cleanup(void);
         /* use user-supplied XFENCE definition. */
     #elif defined(__STDC_VERSION__) && (__STDC_VERSION__ >= 201112L) && \
           !defined(__STDC_NO_ATOMICS__)
-        #include <stdatomic.h>
-        #define XFENCE() atomic_thread_fence(memory_order_seq_cst)
+        #ifdef WOLFSSL_NO_ATOMIC
+            #define XFENCE() WC_DO_NOTHING
+        #else
+            #include <stdatomic.h>
+            #define XFENCE() atomic_thread_fence(memory_order_seq_cst)
+        #endif
     #elif defined(__GNUC__) && (__GNUC__ == 4) && \
           defined(__GNUC_MINOR__) && (__GNUC_MINOR__ >= 1)
         #define XFENCE() __sync_synchronize()
@@ -1592,6 +1720,10 @@ WOLFSSL_ABI WOLFSSL_API int wolfCrypt_Cleanup(void);
         #endif
     #endif
 
+#if defined(WC_RNG_SEED_CB) && !defined(WC_GENERATE_SEED_DEFAULT)
+    #define WC_GENERATE_SEED_DEFAULT wc_GenerateSeed
+#endif
+
 #ifdef __cplusplus
     }  /* extern "C" */
 #endif
diff --git a/wolfssl/wolfio.h b/wolfssl/wolfio.h
index 0673b88ad..acd6676f8 100644
--- a/wolfssl/wolfio.h
+++ b/wolfssl/wolfio.h
@@ -50,9 +50,8 @@
     #endif
 #endif
 
-
-#if defined(USE_WOLFSSL_IO) || defined(HAVE_HTTP_CLIENT)
-
+#if defined(USE_WOLFSSL_IO) || defined(WOLFSSL_USER_IO) || \
+    defined(HAVE_HTTP_CLIENT)
 #ifdef HAVE_LIBZ
     #include "zlib.h"
 #endif
@@ -82,6 +81,8 @@
         #include <netinet/in.h>
     #endif
 #elif defined(USE_WINDOWS_API)
+    #include <winsock2.h>
+    #include <ws2tcpip.h>
 #else
     #if defined(WOLFSSL_LWIP) && !defined(WOLFSSL_APACHE_MYNEWT)
         /* lwIP needs to be configured to use sockets API in this mode */
@@ -92,7 +93,25 @@
             #define LWIP_PROVIDE_ERRNO 1
         #endif
     #elif defined(ARDUINO)
-        /* TODO Add specific boards */
+        /* board-specific */
+        #if defined(__AVR__)
+            /* No AVR specifics at this time */
+        #elif defined(__arm__)
+            /* No ARM specifics at this time */
+        #elif defined(ESP8266)
+            #define WOLFSSL_NO_SOCK
+            #define WOLFSSL_USER_IO
+            #define NO_WRITEV
+            /* No Sockets on ESP8266, thus no DTLS */
+        #elif defined(ESP32)
+            #if defined(WOLFSSL_DTLS) || defined(WOLFSSL_DTLS13)
+                #include <sys/socket.h>
+                #include <netinet/in.h>
+                #include <arpa/inet.h>
+            #endif
+        #else
+            /* Add new boards here */
+        #endif
     #elif defined(FREESCALE_MQX)
         #include <posix.h>
         #include <rtcs.h>
@@ -219,7 +238,6 @@
     #if defined(WOLFSSL_EMBOS)
         #include <errno.h>
     #endif
-
 #endif /* USE_WINDOWS_API */
 
 #ifdef __sun
@@ -262,6 +280,20 @@
         #define SOCKET_ECONNREFUSED ECONNREFUSED
         #define SOCKET_ECONNABORTED ECONNABORTED
     #endif
+#elif defined(ARDUINO)
+    #if defined(WOLFSSL_DTLS) || defined(WOLFSSL_DTLS13)
+        #define SOCKADDR_S        struct sockaddr_storage
+        #define SOCKADDR          struct sockaddr
+        #define SOCKADDR_IN       struct sockaddr_in
+    #endif
+    #define SOCKET_EWOULDBLOCK EWOULDBLOCK
+    #define SOCKET_EAGAIN      EAGAIN
+    #define SOCKET_ETIMEDOUT   ETIMEDOUT
+    #define SOCKET_ECONNRESET  ECONNRESET
+    #define SOCKET_EINTR       EINTR
+    #define SOCKET_EPIPE       EPIPE
+    #define SOCKET_ECONNREFUSED ECONNREFUSED
+    #define SOCKET_ECONNABORTED ECONNABORTED
 #elif defined(USE_WINDOWS_API)
     /* no epipe yet */
     #ifndef WSAEPIPE
@@ -402,7 +434,7 @@
     #define SOCKET_EPIPE       EPIPE
     #define SOCKET_ECONNREFUSED ECONNREFUSED
     #define SOCKET_ECONNABORTED ECONNABORTED
-#endif /* USE_WINDOWS_API */
+#endif /* __WATCOMC__ || ARDUINO || USE_WINDOWS_API || __PPU || .. etc */
 
 #ifdef DEVKITPRO
     /* from network.h */
@@ -959,6 +991,9 @@ WOLFSSL_API void wolfSSL_SetIOWriteFlags(WOLFSSL* ssl, int flags);
     #define WOLFSSL_IP6 AF_INET6
 #endif
 
+#ifndef WOLFSSL_SOCKADDR_IN6
+    #define WOLFSSL_SOCKADDR_IN6 struct sockaddr_in6
+#endif
 
 #ifdef __cplusplus
     }  /* extern "C" */
diff --git a/wrapper/Ada/tls_server.adb b/wrapper/Ada/tls_server.adb
index 9cd30b9d3..64e4f988d 100644
--- a/wrapper/Ada/tls_server.adb
+++ b/wrapper/Ada/tls_server.adb
@@ -346,6 +346,14 @@ package body Tls_Server with SPARK_Mode is
          WolfSSL.Create_WolfSSL (Context => Ctx, Ssl => Ssl);
          if not WolfSSL.Is_Valid (Ssl) then
             Put_Line ("ERROR: failed to create WOLFSSL object.");
+            declare
+               Error_Message : constant WolfSSL.Error_Message :=
+                 WolfSSL.Error (WolfSSL.Get_Error (Ssl, Result));
+            begin
+               if Result = Success then
+                  Put_Line (Error_Message.Text (1 .. Error_Message.Last));
+               end if;
+            end;
             SPARK_Sockets.Close_Socket (L);
 
             if not DTLS then
diff --git a/wrapper/Ada/wolfssl.adb b/wrapper/Ada/wolfssl.adb
index 9bdd07afd..2f7caba0b 100644
--- a/wrapper/Ada/wolfssl.adb
+++ b/wrapper/Ada/wolfssl.adb
@@ -19,6 +19,7 @@
 -- Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA
 --
 
+with Ada.Unchecked_Conversion;
 pragma Warnings (Off, "* is an internal GNAT unit");
 with GNAT.Sockets.Thin_Common;
 pragma Warnings (On, "* is an internal GNAT unit");
@@ -798,10 +799,15 @@ package body WolfSSL is
       S : String (1 .. Error_Message_Index'Last);
       B : Byte_Array (1 .. size_t (Error_Message_Index'Last));
       C : Natural;
+      -- Use unchecked conversion instead of type conversion to mimic C style
+      -- conversion from int to unsigned long, avoiding the Ada overflow check.
+      function To_Unsigned_Long is new Ada.Unchecked_Conversion
+         (Source => long,
+          Target => unsigned_long);
    begin
-      WolfSSL_Error_String (Error => unsigned_long (Code),
+      WolfSSL_Error_String (Error => To_Unsigned_Long (long (Code)),
                             Data  => B,
-                            Size  => unsigned_long (B'Last));
+                            Size  => To_Unsigned_Long (long (B'Last)));
       Interfaces.C.To_Ada (Item     => B,
                            Target   => S,
                            Count    => C,
diff --git a/wrapper/include.am b/wrapper/include.am
index 0bdcbc78f..e0e76aabf 100644
--- a/wrapper/include.am
+++ b/wrapper/include.am
@@ -4,5 +4,6 @@
 
 include wrapper/Ada/include.am
 include wrapper/CSharp/include.am
+include wrapper/rust/include.am
 
 EXTRA_DIST+= wrapper/python/README.md
diff --git a/wrapper/rust/Makefile b/wrapper/rust/Makefile
new file mode 100644
index 000000000..8ac8e3e1a
--- /dev/null
+++ b/wrapper/rust/Makefile
@@ -0,0 +1,13 @@
+.PHONY: all
+all:
+	+$(MAKE) -C wolfssl-sys
+	+$(MAKE) -C wolfssl
+
+.PHONY: test
+test:
+	+$(MAKE) -C wolfssl test
+
+.PHONY: clean
+clean:
+	+$(MAKE) -C wolfssl-sys clean
+	+$(MAKE) -C wolfssl clean
diff --git a/wrapper/rust/README.md b/wrapper/rust/README.md
new file mode 100644
index 000000000..a93d6e236
--- /dev/null
+++ b/wrapper/rust/README.md
@@ -0,0 +1,21 @@
+# wolfSSL Rust Wrapper
+
+## Building the wolfssl Rust Wrapper
+
+First, configure and build wolfssl C library.
+
+Then build the wolfssl Rust wrapper with:
+
+    make -C wrapper/rust
+
+Run tests with:
+
+    make -C wrapper/rust test
+
+## Repository Directory Structure
+
+| Repository Directory | Description |
+| --- | --- |
+| `/wrapper/rust` | Top level container for all Rust wrapper functionality. |
+| `/wrapper/rust/wolfssl` | Top level for the `wolfssl` library crate. This crate contains high-level Rust sources that use the bindings from the `wolfssl-sys` crate. |
+| `/wrapper/rust/wolfssl-sys` | Top level for the `wolfssl-sys` library crate. This crate contains only automatically generated bindings to the `wolfssl` C library. |
diff --git a/wrapper/rust/include.am b/wrapper/rust/include.am
new file mode 100644
index 000000000..0cd71a891
--- /dev/null
+++ b/wrapper/rust/include.am
@@ -0,0 +1,22 @@
+# vim:ft=automake
+# included from Top Level Makefile.am
+# All paths should be given relative to the root
+
+EXTRA_DIST += wrapper/rust/Makefile
+EXTRA_DIST += wrapper/rust/README.md
+EXTRA_DIST += wrapper/rust/wolfssl-sys/Cargo.lock
+EXTRA_DIST += wrapper/rust/wolfssl-sys/Cargo.toml
+EXTRA_DIST += wrapper/rust/wolfssl-sys/Makefile
+EXTRA_DIST += wrapper/rust/wolfssl-sys/build.rs
+EXTRA_DIST += wrapper/rust/wolfssl-sys/headers.h
+EXTRA_DIST += wrapper/rust/wolfssl-sys/src/lib.rs
+EXTRA_DIST += wrapper/rust/wolfssl/Cargo.lock
+EXTRA_DIST += wrapper/rust/wolfssl/Cargo.toml
+EXTRA_DIST += wrapper/rust/wolfssl/Makefile
+EXTRA_DIST += wrapper/rust/wolfssl/build.rs
+EXTRA_DIST += wrapper/rust/wolfssl/src/lib.rs
+EXTRA_DIST += wrapper/rust/wolfssl/src/wolfcrypt.rs
+EXTRA_DIST += wrapper/rust/wolfssl/src/wolfcrypt/aes.rs
+EXTRA_DIST += wrapper/rust/wolfssl/src/wolfcrypt/random.rs
+EXTRA_DIST += wrapper/rust/wolfssl/tests/test_aes.rs
+EXTRA_DIST += wrapper/rust/wolfssl/tests/test_random.rs
diff --git a/wrapper/rust/wolfssl-sys/Cargo.lock b/wrapper/rust/wolfssl-sys/Cargo.lock
new file mode 100644
index 000000000..d43a739f4
--- /dev/null
+++ b/wrapper/rust/wolfssl-sys/Cargo.lock
@@ -0,0 +1,293 @@
+# This file is automatically @generated by Cargo.
+# It is not intended for manual editing.
+version = 4
+
+[[package]]
+name = "aho-corasick"
+version = "1.1.3"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "8e60d3430d3a69478ad0993f19238d2df97c507009a52b3c10addcd7f6bcb916"
+dependencies = [
+ "memchr",
+]
+
+[[package]]
+name = "bindgen"
+version = "0.72.1"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "993776b509cfb49c750f11b8f07a46fa23e0a1386ffc01fb1e7d343efc387895"
+dependencies = [
+ "bitflags",
+ "cexpr",
+ "clang-sys",
+ "itertools",
+ "log",
+ "prettyplease",
+ "proc-macro2",
+ "quote",
+ "regex",
+ "rustc-hash",
+ "shlex",
+ "syn",
+]
+
+[[package]]
+name = "bitflags"
+version = "2.9.4"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "2261d10cca569e4643e526d8dc2e62e433cc8aba21ab764233731f8d369bf394"
+
+[[package]]
+name = "cexpr"
+version = "0.6.0"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "6fac387a98bb7c37292057cffc56d62ecb629900026402633ae9160df93a8766"
+dependencies = [
+ "nom",
+]
+
+[[package]]
+name = "cfg-if"
+version = "1.0.3"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "2fd1289c04a9ea8cb22300a459a72a385d7c73d3259e2ed7dcb2af674838cfa9"
+
+[[package]]
+name = "clang-sys"
+version = "1.8.1"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "0b023947811758c97c59bf9d1c188fd619ad4718dcaa767947df1cadb14f39f4"
+dependencies = [
+ "glob",
+ "libc",
+ "libloading",
+]
+
+[[package]]
+name = "either"
+version = "1.15.0"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "48c757948c5ede0e46177b7add2e67155f70e33c07fea8284df6576da70b3719"
+
+[[package]]
+name = "glob"
+version = "0.3.3"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "0cc23270f6e1808e30a928bdc84dea0b9b4136a8bc82338574f23baf47bbd280"
+
+[[package]]
+name = "itertools"
+version = "0.13.0"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "413ee7dfc52ee1a4949ceeb7dbc8a33f2d6c088194d9f922fb8318faf1f01186"
+dependencies = [
+ "either",
+]
+
+[[package]]
+name = "libc"
+version = "0.2.175"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "6a82ae493e598baaea5209805c49bbf2ea7de956d50d7da0da1164f9c6d28543"
+
+[[package]]
+name = "libloading"
+version = "0.8.8"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "07033963ba89ebaf1584d767badaa2e8fcec21aedea6b8c0346d487d49c28667"
+dependencies = [
+ "cfg-if",
+ "windows-targets",
+]
+
+[[package]]
+name = "log"
+version = "0.4.28"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "34080505efa8e45a4b816c349525ebe327ceaa8559756f0356cba97ef3bf7432"
+
+[[package]]
+name = "memchr"
+version = "2.7.5"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "32a282da65faaf38286cf3be983213fcf1d2e2a58700e808f83f4ea9a4804bc0"
+
+[[package]]
+name = "minimal-lexical"
+version = "0.2.1"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "68354c5c6bd36d73ff3feceb05efa59b6acb7626617f4962be322a825e61f79a"
+
+[[package]]
+name = "nom"
+version = "7.1.3"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "d273983c5a657a70a3e8f2a01329822f3b8c8172b73826411a55751e404a0a4a"
+dependencies = [
+ "memchr",
+ "minimal-lexical",
+]
+
+[[package]]
+name = "prettyplease"
+version = "0.2.37"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "479ca8adacdd7ce8f1fb39ce9ecccbfe93a3f1344b3d0d97f20bc0196208f62b"
+dependencies = [
+ "proc-macro2",
+ "syn",
+]
+
+[[package]]
+name = "proc-macro2"
+version = "1.0.101"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "89ae43fd86e4158d6db51ad8e2b80f313af9cc74f5c0e03ccb87de09998732de"
+dependencies = [
+ "unicode-ident",
+]
+
+[[package]]
+name = "quote"
+version = "1.0.40"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "1885c039570dc00dcb4ff087a89e185fd56bae234ddc7f056a945bf36467248d"
+dependencies = [
+ "proc-macro2",
+]
+
+[[package]]
+name = "regex"
+version = "1.11.2"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "23d7fd106d8c02486a8d64e778353d1cffe08ce79ac2e82f540c86d0facf6912"
+dependencies = [
+ "aho-corasick",
+ "memchr",
+ "regex-automata",
+ "regex-syntax",
+]
+
+[[package]]
+name = "regex-automata"
+version = "0.4.10"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "6b9458fa0bfeeac22b5ca447c63aaf45f28439a709ccd244698632f9aa6394d6"
+dependencies = [
+ "aho-corasick",
+ "memchr",
+ "regex-syntax",
+]
+
+[[package]]
+name = "regex-syntax"
+version = "0.8.6"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "caf4aa5b0f434c91fe5c7f1ecb6a5ece2130b02ad2a590589dda5146df959001"
+
+[[package]]
+name = "rustc-hash"
+version = "2.1.1"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "357703d41365b4b27c590e3ed91eabb1b663f07c4c084095e60cbed4362dff0d"
+
+[[package]]
+name = "shlex"
+version = "1.3.0"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "0fda2ff0d084019ba4d7c6f371c95d8fd75ce3524c3cb8fb653a3023f6323e64"
+
+[[package]]
+name = "syn"
+version = "2.0.106"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "ede7c438028d4436d71104916910f5bb611972c5cfd7f89b8300a8186e6fada6"
+dependencies = [
+ "proc-macro2",
+ "quote",
+ "unicode-ident",
+]
+
+[[package]]
+name = "unicode-ident"
+version = "1.0.19"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "f63a545481291138910575129486daeaf8ac54aee4387fe7906919f7830c7d9d"
+
+[[package]]
+name = "windows-link"
+version = "0.1.3"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "5e6ad25900d524eaabdbbb96d20b4311e1e7ae1699af4fb28c17ae66c80d798a"
+
+[[package]]
+name = "windows-targets"
+version = "0.53.3"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "d5fe6031c4041849d7c496a8ded650796e7b6ecc19df1a431c1a363342e5dc91"
+dependencies = [
+ "windows-link",
+ "windows_aarch64_gnullvm",
+ "windows_aarch64_msvc",
+ "windows_i686_gnu",
+ "windows_i686_gnullvm",
+ "windows_i686_msvc",
+ "windows_x86_64_gnu",
+ "windows_x86_64_gnullvm",
+ "windows_x86_64_msvc",
+]
+
+[[package]]
+name = "windows_aarch64_gnullvm"
+version = "0.53.0"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "86b8d5f90ddd19cb4a147a5fa63ca848db3df085e25fee3cc10b39b6eebae764"
+
+[[package]]
+name = "windows_aarch64_msvc"
+version = "0.53.0"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "c7651a1f62a11b8cbd5e0d42526e55f2c99886c77e007179efff86c2b137e66c"
+
+[[package]]
+name = "windows_i686_gnu"
+version = "0.53.0"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "c1dc67659d35f387f5f6c479dc4e28f1d4bb90ddd1a5d3da2e5d97b42d6272c3"
+
+[[package]]
+name = "windows_i686_gnullvm"
+version = "0.53.0"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "9ce6ccbdedbf6d6354471319e781c0dfef054c81fbc7cf83f338a4296c0cae11"
+
+[[package]]
+name = "windows_i686_msvc"
+version = "0.53.0"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "581fee95406bb13382d2f65cd4a908ca7b1e4c2f1917f143ba16efe98a589b5d"
+
+[[package]]
+name = "windows_x86_64_gnu"
+version = "0.53.0"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "2e55b5ac9ea33f2fc1716d1742db15574fd6fc8dadc51caab1c16a3d3b4190ba"
+
+[[package]]
+name = "windows_x86_64_gnullvm"
+version = "0.53.0"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "0a6e035dd0599267ce1ee132e51c27dd29437f63325753051e71dd9e42406c57"
+
+[[package]]
+name = "windows_x86_64_msvc"
+version = "0.53.0"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "271414315aff87387382ec3d271b52d7ae78726f5d44ac98b4f4030c91880486"
+
+[[package]]
+name = "wolfssl-sys"
+version = "0.1.0"
+dependencies = [
+ "bindgen",
+]
diff --git a/wrapper/rust/wolfssl-sys/Cargo.toml b/wrapper/rust/wolfssl-sys/Cargo.toml
new file mode 100644
index 000000000..c959a2d99
--- /dev/null
+++ b/wrapper/rust/wolfssl-sys/Cargo.toml
@@ -0,0 +1,17 @@
+[package]
+name = "wolfssl-sys"
+version = "0.1.0"
+edition = "2024"
+
+[features]
+std = []
+
+[build-dependencies]
+bindgen = "0.72.1"
+
+[profile.release]
+strip = true
+opt-level = "s"
+lto = true
+codegen-units = 1
+panic = "abort"
diff --git a/wrapper/rust/wolfssl-sys/Makefile b/wrapper/rust/wolfssl-sys/Makefile
new file mode 100644
index 000000000..6414a60f6
--- /dev/null
+++ b/wrapper/rust/wolfssl-sys/Makefile
@@ -0,0 +1,7 @@
+.PHONY: all
+all:
+	cargo build
+
+.PHONY: clean
+clean:
+	cargo clean
diff --git a/wrapper/rust/wolfssl-sys/build.rs b/wrapper/rust/wolfssl-sys/build.rs
new file mode 100644
index 000000000..3f902be0c
--- /dev/null
+++ b/wrapper/rust/wolfssl-sys/build.rs
@@ -0,0 +1,58 @@
+extern crate bindgen;
+
+use std::env;
+use std::io::{self, Result};
+use std::path::PathBuf;
+
+/// Perform crate build.
+fn main() {
+    if let Err(e) = run_build() {
+        eprintln!("Build failed: {}", e);
+        std::process::exit(1);
+    }
+}
+
+/// Perform all build steps.
+///
+/// Returns `Ok(())` if successful, or an error if any step fails.
+fn run_build() -> Result<()> {
+    // Generate Rust bindings for wolfssl C library.
+    generate_bindings()?;
+    Ok(())
+}
+
+/// Generate Rust bindings for the wolfssl C library using bindgen.
+///
+/// This function:
+/// 1. Sets up the library and include paths
+/// 2. Configures the build environment
+/// 3. Generates Rust bindings using bindgen
+/// 4. Writes the bindings to a file
+///
+/// Returns `Ok(())` if successful, or an error if binding generation fails.
+fn generate_bindings() -> Result<()> {
+    let wrapper_dir = std::env::current_dir()?.display().to_string();
+    let wolfssl_base_dir = format!("{}/../../..", wrapper_dir);
+    let wolfssl_lib_dir = format!("{}/src/.libs", wolfssl_base_dir);
+
+    println!("cargo:rustc-link-search={}", wolfssl_lib_dir);
+//    TODO: do we need this if only a static library is built?
+//    println!("cargo:rustc-link-lib=static=wolfssl");
+
+    let bindings = bindgen::Builder::default()
+        .header("headers.h")
+        .clang_arg(format!("-I{}", wolfssl_base_dir))
+        .parse_callbacks(Box::new(bindgen::CargoCallbacks::new()))
+        .generate()
+        .map_err(|_| io::Error::new(io::ErrorKind::Other, "Failed to generate bindings"))?;
+
+    let out_path = PathBuf::from(env::var("OUT_DIR").unwrap());
+    bindings
+        .write_to_file(out_path.join("bindings.rs"))
+        .map_err(|e| {
+            io::Error::new(
+                io::ErrorKind::Other,
+                format!("Couldn't write bindings: {}", e),
+            )
+        })
+}
diff --git a/wrapper/rust/wolfssl-sys/headers.h b/wrapper/rust/wolfssl-sys/headers.h
new file mode 100644
index 000000000..da0815449
--- /dev/null
+++ b/wrapper/rust/wolfssl-sys/headers.h
@@ -0,0 +1,20 @@
+#include "wolfssl/options.h"
+#include "wolfssl/wolfcrypt/settings.h"
+#include "wolfssl/wolfcrypt/types.h"
+#include "wolfssl/wolfcrypt/error-crypt.h"
+#include "wolfssl/wolfcrypt/random.h"
+#include "wolfssl/wolfcrypt/hmac.h"
+#include "wolfssl/wolfcrypt/rsa.h"
+#include "wolfssl/wolfcrypt/sha256.h"
+#include "wolfssl/wolfcrypt/curve25519.h"
+#include "wolfssl/wolfcrypt/ed25519.h"
+#include "wolfssl/wolfcrypt/ed448.h"
+#include "wolfssl/wolfcrypt/ecc.h"
+#include "wolfssl/wolfcrypt/asn_public.h"
+#include "wolfssl/wolfcrypt/asn.h"
+#include "wolfssl/wolfcrypt/chacha20_poly1305.h"
+#include "wolfssl/wolfcrypt/kdf.h"
+#include "wolfssl/wolfcrypt/coding.h"
+#include "wolfssl/wolfcrypt/signature.h"
+#include "wolfssl/wolfcrypt/logging.h"
+#include "wolfssl/wolfcrypt/aes.h"
diff --git a/wrapper/rust/wolfssl-sys/src/lib.rs b/wrapper/rust/wolfssl-sys/src/lib.rs
new file mode 100644
index 000000000..3ab98816b
--- /dev/null
+++ b/wrapper/rust/wolfssl-sys/src/lib.rs
@@ -0,0 +1,16 @@
+/*
+ * Suppress warnings for bindgen-generated bindings to wolfssl C library.
+ */
+#![allow(clippy::missing_safety_doc)]
+#![allow(clippy::ptr_offset_with_cast)]
+#![allow(clippy::too_many_arguments)]
+#![allow(clippy::upper_case_acronyms)]
+#![allow(clippy::useless_transmute)]
+#![allow(dead_code)]
+#![allow(improper_ctypes)]
+#![allow(non_camel_case_types)]
+#![allow(non_snake_case)]
+#![allow(non_upper_case_globals)]
+#![allow(unnecessary_transmutes)]
+#![allow(unsafe_op_in_unsafe_fn)]
+include!(concat!(env!("OUT_DIR"), "/bindings.rs"));
diff --git a/wrapper/rust/wolfssl/Cargo.lock b/wrapper/rust/wolfssl/Cargo.lock
new file mode 100644
index 000000000..d9a2ea87c
--- /dev/null
+++ b/wrapper/rust/wolfssl/Cargo.lock
@@ -0,0 +1,300 @@
+# This file is automatically @generated by Cargo.
+# It is not intended for manual editing.
+version = 4
+
+[[package]]
+name = "aho-corasick"
+version = "1.1.3"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "8e60d3430d3a69478ad0993f19238d2df97c507009a52b3c10addcd7f6bcb916"
+dependencies = [
+ "memchr",
+]
+
+[[package]]
+name = "bindgen"
+version = "0.72.1"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "993776b509cfb49c750f11b8f07a46fa23e0a1386ffc01fb1e7d343efc387895"
+dependencies = [
+ "bitflags",
+ "cexpr",
+ "clang-sys",
+ "itertools",
+ "log",
+ "prettyplease",
+ "proc-macro2",
+ "quote",
+ "regex",
+ "rustc-hash",
+ "shlex",
+ "syn",
+]
+
+[[package]]
+name = "bitflags"
+version = "2.9.4"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "2261d10cca569e4643e526d8dc2e62e433cc8aba21ab764233731f8d369bf394"
+
+[[package]]
+name = "cexpr"
+version = "0.6.0"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "6fac387a98bb7c37292057cffc56d62ecb629900026402633ae9160df93a8766"
+dependencies = [
+ "nom",
+]
+
+[[package]]
+name = "cfg-if"
+version = "1.0.3"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "2fd1289c04a9ea8cb22300a459a72a385d7c73d3259e2ed7dcb2af674838cfa9"
+
+[[package]]
+name = "clang-sys"
+version = "1.8.1"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "0b023947811758c97c59bf9d1c188fd619ad4718dcaa767947df1cadb14f39f4"
+dependencies = [
+ "glob",
+ "libc",
+ "libloading",
+]
+
+[[package]]
+name = "either"
+version = "1.15.0"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "48c757948c5ede0e46177b7add2e67155f70e33c07fea8284df6576da70b3719"
+
+[[package]]
+name = "glob"
+version = "0.3.3"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "0cc23270f6e1808e30a928bdc84dea0b9b4136a8bc82338574f23baf47bbd280"
+
+[[package]]
+name = "itertools"
+version = "0.13.0"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "413ee7dfc52ee1a4949ceeb7dbc8a33f2d6c088194d9f922fb8318faf1f01186"
+dependencies = [
+ "either",
+]
+
+[[package]]
+name = "libc"
+version = "0.2.175"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "6a82ae493e598baaea5209805c49bbf2ea7de956d50d7da0da1164f9c6d28543"
+
+[[package]]
+name = "libloading"
+version = "0.8.8"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "07033963ba89ebaf1584d767badaa2e8fcec21aedea6b8c0346d487d49c28667"
+dependencies = [
+ "cfg-if",
+ "windows-targets",
+]
+
+[[package]]
+name = "log"
+version = "0.4.28"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "34080505efa8e45a4b816c349525ebe327ceaa8559756f0356cba97ef3bf7432"
+
+[[package]]
+name = "memchr"
+version = "2.7.5"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "32a282da65faaf38286cf3be983213fcf1d2e2a58700e808f83f4ea9a4804bc0"
+
+[[package]]
+name = "minimal-lexical"
+version = "0.2.1"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "68354c5c6bd36d73ff3feceb05efa59b6acb7626617f4962be322a825e61f79a"
+
+[[package]]
+name = "nom"
+version = "7.1.3"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "d273983c5a657a70a3e8f2a01329822f3b8c8172b73826411a55751e404a0a4a"
+dependencies = [
+ "memchr",
+ "minimal-lexical",
+]
+
+[[package]]
+name = "prettyplease"
+version = "0.2.37"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "479ca8adacdd7ce8f1fb39ce9ecccbfe93a3f1344b3d0d97f20bc0196208f62b"
+dependencies = [
+ "proc-macro2",
+ "syn",
+]
+
+[[package]]
+name = "proc-macro2"
+version = "1.0.101"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "89ae43fd86e4158d6db51ad8e2b80f313af9cc74f5c0e03ccb87de09998732de"
+dependencies = [
+ "unicode-ident",
+]
+
+[[package]]
+name = "quote"
+version = "1.0.40"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "1885c039570dc00dcb4ff087a89e185fd56bae234ddc7f056a945bf36467248d"
+dependencies = [
+ "proc-macro2",
+]
+
+[[package]]
+name = "regex"
+version = "1.11.2"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "23d7fd106d8c02486a8d64e778353d1cffe08ce79ac2e82f540c86d0facf6912"
+dependencies = [
+ "aho-corasick",
+ "memchr",
+ "regex-automata",
+ "regex-syntax",
+]
+
+[[package]]
+name = "regex-automata"
+version = "0.4.10"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "6b9458fa0bfeeac22b5ca447c63aaf45f28439a709ccd244698632f9aa6394d6"
+dependencies = [
+ "aho-corasick",
+ "memchr",
+ "regex-syntax",
+]
+
+[[package]]
+name = "regex-syntax"
+version = "0.8.6"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "caf4aa5b0f434c91fe5c7f1ecb6a5ece2130b02ad2a590589dda5146df959001"
+
+[[package]]
+name = "rustc-hash"
+version = "2.1.1"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "357703d41365b4b27c590e3ed91eabb1b663f07c4c084095e60cbed4362dff0d"
+
+[[package]]
+name = "shlex"
+version = "1.3.0"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "0fda2ff0d084019ba4d7c6f371c95d8fd75ce3524c3cb8fb653a3023f6323e64"
+
+[[package]]
+name = "syn"
+version = "2.0.106"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "ede7c438028d4436d71104916910f5bb611972c5cfd7f89b8300a8186e6fada6"
+dependencies = [
+ "proc-macro2",
+ "quote",
+ "unicode-ident",
+]
+
+[[package]]
+name = "unicode-ident"
+version = "1.0.19"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "f63a545481291138910575129486daeaf8ac54aee4387fe7906919f7830c7d9d"
+
+[[package]]
+name = "windows-link"
+version = "0.1.3"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "5e6ad25900d524eaabdbbb96d20b4311e1e7ae1699af4fb28c17ae66c80d798a"
+
+[[package]]
+name = "windows-targets"
+version = "0.53.3"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "d5fe6031c4041849d7c496a8ded650796e7b6ecc19df1a431c1a363342e5dc91"
+dependencies = [
+ "windows-link",
+ "windows_aarch64_gnullvm",
+ "windows_aarch64_msvc",
+ "windows_i686_gnu",
+ "windows_i686_gnullvm",
+ "windows_i686_msvc",
+ "windows_x86_64_gnu",
+ "windows_x86_64_gnullvm",
+ "windows_x86_64_msvc",
+]
+
+[[package]]
+name = "windows_aarch64_gnullvm"
+version = "0.53.0"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "86b8d5f90ddd19cb4a147a5fa63ca848db3df085e25fee3cc10b39b6eebae764"
+
+[[package]]
+name = "windows_aarch64_msvc"
+version = "0.53.0"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "c7651a1f62a11b8cbd5e0d42526e55f2c99886c77e007179efff86c2b137e66c"
+
+[[package]]
+name = "windows_i686_gnu"
+version = "0.53.0"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "c1dc67659d35f387f5f6c479dc4e28f1d4bb90ddd1a5d3da2e5d97b42d6272c3"
+
+[[package]]
+name = "windows_i686_gnullvm"
+version = "0.53.0"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "9ce6ccbdedbf6d6354471319e781c0dfef054c81fbc7cf83f338a4296c0cae11"
+
+[[package]]
+name = "windows_i686_msvc"
+version = "0.53.0"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "581fee95406bb13382d2f65cd4a908ca7b1e4c2f1917f143ba16efe98a589b5d"
+
+[[package]]
+name = "windows_x86_64_gnu"
+version = "0.53.0"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "2e55b5ac9ea33f2fc1716d1742db15574fd6fc8dadc51caab1c16a3d3b4190ba"
+
+[[package]]
+name = "windows_x86_64_gnullvm"
+version = "0.53.0"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "0a6e035dd0599267ce1ee132e51c27dd29437f63325753051e71dd9e42406c57"
+
+[[package]]
+name = "windows_x86_64_msvc"
+version = "0.53.0"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "271414315aff87387382ec3d271b52d7ae78726f5d44ac98b4f4030c91880486"
+
+[[package]]
+name = "wolfssl"
+version = "0.1.0"
+dependencies = [
+ "wolfssl-sys",
+]
+
+[[package]]
+name = "wolfssl-sys"
+version = "0.1.0"
+dependencies = [
+ "bindgen",
+]
diff --git a/wrapper/rust/wolfssl/Cargo.toml b/wrapper/rust/wolfssl/Cargo.toml
new file mode 100644
index 000000000..596cfc16d
--- /dev/null
+++ b/wrapper/rust/wolfssl/Cargo.toml
@@ -0,0 +1,7 @@
+[package]
+name = "wolfssl"
+version = "0.1.0"
+edition = "2024"
+
+[dependencies]
+wolfssl-sys = { path = "../wolfssl-sys" }
diff --git a/wrapper/rust/wolfssl/Makefile b/wrapper/rust/wolfssl/Makefile
new file mode 100644
index 000000000..8bc689515
--- /dev/null
+++ b/wrapper/rust/wolfssl/Makefile
@@ -0,0 +1,12 @@
+.PHONY: all
+all:
+	cargo build
+	cargo doc
+
+.PHONY: test
+test:
+	cargo test
+
+.PHONY: clean
+clean:
+	cargo clean
diff --git a/wrapper/rust/wolfssl/build.rs b/wrapper/rust/wolfssl/build.rs
new file mode 100644
index 000000000..572004141
--- /dev/null
+++ b/wrapper/rust/wolfssl/build.rs
@@ -0,0 +1,32 @@
+use std::io::Result;
+
+/// Perform crate build.
+fn main() {
+    if let Err(e) = run_build() {
+        eprintln!("Build failed: {}", e);
+        std::process::exit(1);
+    }
+}
+
+/// Perform all build steps.
+///
+/// Returns `Ok(())` if successful, or an error if any step fails.
+fn run_build() -> Result<()> {
+    setup_wolfssl_link()?;
+    Ok(())
+}
+
+/// Instruct cargo to link against wolfssl C library
+///
+/// Returns `Ok(())` if successful, or an error if any step fails.
+fn setup_wolfssl_link() -> Result<()> {
+    let wrapper_dir = std::env::current_dir()?.display().to_string();
+    let wolfssl_base_dir = format!("{}/../../..", wrapper_dir);
+    let wolfssl_lib_dir = format!("{}/src/.libs", wolfssl_base_dir);
+
+    println!("cargo:rustc-link-search={}", wolfssl_lib_dir);
+    println!("cargo:rustc-link-lib=wolfssl");
+    println!("cargo:rustc-link-arg=-Wl,-rpath,{}", wolfssl_lib_dir);
+
+    Ok(())
+}
diff --git a/wrapper/rust/wolfssl/src/lib.rs b/wrapper/rust/wolfssl/src/lib.rs
new file mode 100644
index 000000000..701d3e0b6
--- /dev/null
+++ b/wrapper/rust/wolfssl/src/lib.rs
@@ -0,0 +1 @@
+pub mod wolfcrypt;
diff --git a/wrapper/rust/wolfssl/src/wolfcrypt.rs b/wrapper/rust/wolfssl/src/wolfcrypt.rs
new file mode 100644
index 000000000..c360e2e94
--- /dev/null
+++ b/wrapper/rust/wolfssl/src/wolfcrypt.rs
@@ -0,0 +1,2 @@
+pub mod aes;
+pub mod random;
diff --git a/wrapper/rust/wolfssl/src/wolfcrypt/aes.rs b/wrapper/rust/wolfssl/src/wolfcrypt/aes.rs
new file mode 100644
index 000000000..5536076f2
--- /dev/null
+++ b/wrapper/rust/wolfssl/src/wolfcrypt/aes.rs
@@ -0,0 +1,2359 @@
+/*!
+This crate provides a Rust wrapper for the wolfCrypt library's Advanced
+Encryption Standard (AES) functionality.
+
+It leverages the `wolfssl-sys` crate for low-level FFI bindings, encapsulating
+the raw C functions in a memory-safe and easy-to-use Rust API.
+*/
+
+use std::mem::{size_of, MaybeUninit};
+use std::ptr::{null, null_mut};
+use wolfssl_sys as ws;
+
+/// AES Cipher Block Chaining (CBC) mode.
+///
+/// # Example
+/// ```rust
+/// use wolfssl::wolfcrypt::aes::CBC;
+/// let mut cbc = CBC::new().expect("Failed to create CBC");
+/// let key: &[u8; 16] = b"0123456789abcdef";
+/// let iv: &[u8; 16] = b"1234567890abcdef";
+/// let msg: [u8; 16] = [
+///     0x6e, 0x6f, 0x77, 0x20, 0x69, 0x73, 0x20, 0x74,
+///     0x68, 0x65, 0x20, 0x74, 0x69, 0x6d, 0x65, 0x20,
+/// ];
+/// let expected_cipher: [u8; 16] = [
+///     0x95, 0x94, 0x92, 0x57, 0x5f, 0x42, 0x81, 0x53,
+///     0x2c, 0xcc, 0x9d, 0x46, 0x77, 0xa2, 0x33, 0xcb
+/// ];
+/// cbc.init_encrypt(key, iv).expect("Error with init_encrypt()");
+/// let mut cipher: [u8; 16] = [0; 16];
+/// cbc.encrypt(&msg, &mut cipher).expect("Error with encrypt()");
+/// assert_eq!(&cipher, &expected_cipher);
+/// let mut plain_out = [0; 16];
+/// cbc.init_decrypt(key, iv).expect("Error with init_decrypt()");
+/// cbc.decrypt(&cipher, &mut plain_out).expect("Error with decrypt()");
+/// assert_eq!(&plain_out, &msg);
+/// ```
+pub struct CBC {
+    ws_aes: ws::Aes,
+}
+impl CBC {
+    /// Create a new `CBC` instance.
+    ///
+    /// # Returns
+    ///
+    /// A Result which is Ok(CBC) on success or an Err containing the wolfSSL
+    /// library return code on failure.
+    pub fn new() -> Result<Self, i32> {
+        let ws_aes = new_ws_aes()?;
+        let cbc = CBC {ws_aes};
+        Ok(cbc)
+    }
+
+    fn init(&mut self, key: &[u8], iv: &[u8], dir: i32) -> Result<(), i32> {
+        let key_ptr = key.as_ptr() as *const u8;
+        let key_size = key.len() as u32;
+        let iv_ptr = iv.as_ptr() as *const u8;
+        if iv.len() as u32 != ws::WC_AES_BLOCK_SIZE {
+            return Err(ws::wolfCrypt_ErrorCodes_BAD_FUNC_ARG);
+        }
+        let rc = unsafe {
+            ws::wc_AesSetKey(&mut self.ws_aes, key_ptr, key_size, iv_ptr, dir)
+        };
+        if rc != 0 {
+            return Err(rc);
+        }
+        Ok(())
+    }
+
+    /// Initialize a CBC instance for encryption.
+    ///
+    /// This method must be called before calling `encrypt()`.
+    ///
+    /// # Parameters
+    ///
+    /// * `key`: A slice containing the encryption key to use. The key must be
+    /// 16, 24, or 32 bytes in length.
+    /// * `iv`: A slice containing the initialization vector (IV) to use. The
+    /// IV must be 16 bytes in length.
+    ///
+    /// # Returns
+    ///
+    /// A Result which is Ok(()) on success or an Err containing the wolfSSL
+    /// library return code on failure.
+    pub fn init_encrypt(&mut self, key: &[u8], iv: &[u8]) -> Result<(), i32> {
+        return self.init(key, iv, ws::AES_ENCRYPTION as i32);
+    }
+
+    /// Initialize a CBC instance for decryption.
+    ///
+    /// This method must be called before calling `decrypt()`.
+    ///
+    /// # Parameters
+    ///
+    /// * `key`: A slice containing the decryption key to use. The key must be
+    /// 16, 24, or 32 bytes in length.
+    /// * `iv`: A slice containing the initialization vector (IV) to use. The
+    /// IV must be 16 bytes in length.
+    ///
+    /// # Returns
+    ///
+    /// A Result which is Ok(()) on success or an Err containing the wolfSSL
+    /// library return code on failure.
+    pub fn init_decrypt(&mut self, key: &[u8], iv: &[u8]) -> Result<(), i32> {
+        return self.init(key, iv, ws::AES_DECRYPTION as i32);
+    }
+
+    /// Encrypt data.
+    ///
+    /// The `init_encrypt()` method must be called before calling this method.
+    ///
+    /// # Parameters
+    ///
+    /// * `din`: Data to encrypt. The size of the data must be a multiple of
+    /// 16 bytes.
+    /// * `dout`: Buffer in which to store the encrypted data. The size of
+    /// the buffer must match that of the `din` buffer.
+    ///
+    /// # Returns
+    ///
+    /// A Result which is Ok(()) on success or an Err containing the wolfSSL
+    /// library return code on failure.
+    pub fn encrypt<I,O>(&mut self, din: &[I], dout: &mut [O]) -> Result<(), i32> {
+        let in_ptr = din.as_ptr() as *const u8;
+        let in_size = (din.len() * size_of::<I>()) as u32;
+        let out_ptr = dout.as_ptr() as *mut u8;
+        let out_size = (dout.len() * size_of::<O>()) as u32;
+        if in_size != out_size {
+            return Err(ws::wolfCrypt_ErrorCodes_BAD_FUNC_ARG);
+        }
+        let rc = unsafe {
+            ws::wc_AesCbcEncrypt(&mut self.ws_aes, out_ptr, in_ptr, in_size)
+        };
+        if rc != 0 {
+            return Err(rc);
+        }
+        Ok(())
+    }
+
+    /// Decrypt data.
+    ///
+    /// The `init_decrypt()` method must be called before calling this method.
+    ///
+    /// # Parameters
+    ///
+    /// * `din`: Data to decrypt. The size of the data must be a multiple of
+    /// 16 bytes.
+    /// * `dout`: Buffer in which to store the decrypted data. The size of
+    /// the data must match that of the `din` slice.
+    ///
+    /// # Returns
+    ///
+    /// A Result which is Ok(()) on success or an Err containing the wolfSSL
+    /// library return code on failure.
+    pub fn decrypt<I,O>(&mut self, din: &[I], dout: &mut [O]) -> Result<(), i32> {
+        let in_ptr = din.as_ptr() as *const u8;
+        let in_size = (din.len() * size_of::<I>()) as u32;
+        let out_ptr = dout.as_ptr() as *mut u8;
+        let out_size = (dout.len() * size_of::<O>()) as u32;
+        if in_size != out_size {
+            return Err(ws::wolfCrypt_ErrorCodes_BAD_FUNC_ARG);
+        }
+        let rc = unsafe {
+            ws::wc_AesCbcDecrypt(&mut self.ws_aes, out_ptr, in_ptr, in_size)
+        };
+        if rc != 0 {
+            return Err(rc);
+        }
+        Ok(())
+    }
+}
+impl Drop for CBC {
+    /// Safely free the wolfSSL resources.
+    fn drop(&mut self) {
+        unsafe { ws::wc_AesFree(&mut self.ws_aes); }
+    }
+}
+
+/// AES Counter with CBC-MAC (CCM) mode.
+///
+/// # Example
+/// ```rust
+/// use wolfssl::wolfcrypt::aes::CCM;
+/// let key: [u8; 16] = [
+///     0xc0, 0xc1, 0xc2, 0xc3, 0xc4, 0xc5, 0xc6, 0xc7,
+///     0xc8, 0xc9, 0xca, 0xcb, 0xcc, 0xcd, 0xce, 0xcf
+/// ];
+/// let nonce: [u8; 13] = [
+///     0x00, 0x00, 0x00, 0x03, 0x02, 0x01, 0x00, 0xa0,
+///     0xa1, 0xa2, 0xa3, 0xa4, 0xa5
+/// ];
+/// let plaintext: [u8; 23] = [
+///     0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f,
+///     0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17,
+///     0x18, 0x19, 0x1a, 0x1b, 0x1c, 0x1d, 0x1e
+/// ];
+/// let auth_data: [u8; 8] = [
+///     0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07
+/// ];
+/// let expected_ciphertext: [u8; 23] = [
+///     0x58, 0x8c, 0x97, 0x9a, 0x61, 0xc6, 0x63, 0xd2,
+///     0xf0, 0x66, 0xd0, 0xc2, 0xc0, 0xf9, 0x89, 0x80,
+///     0x6d, 0x5f, 0x6b, 0x61, 0xda, 0xc3, 0x84
+/// ];
+/// let expected_auth_tag: [u8; 8] = [
+///     0x17, 0xe8, 0xd1, 0x2c, 0xfd, 0xf9, 0x26, 0xe0
+/// ];
+///
+/// let mut ccm = CCM::new().expect("Failed to create CCM");
+/// ccm.init(&key).expect("Error with init()");
+/// let mut auth_tag_out: [u8; 8] = [0; 8];
+/// let mut cipher_out: [u8; 23] = [0; 23];
+/// ccm.encrypt(&plaintext, &mut cipher_out,
+///     &nonce, &auth_data, &mut auth_tag_out).expect("Error with encrypt()");
+/// assert_eq!(cipher_out, expected_ciphertext);
+/// assert_eq!(auth_tag_out, expected_auth_tag);
+/// ccm.init(&key).expect("Error with init()");
+/// let mut plain_out: [u8; 23] = [0; 23];
+/// ccm.decrypt(&cipher_out, &mut plain_out,
+///     &nonce, &auth_data, &auth_tag_out).expect("Error with decrypt()");
+/// assert_eq!(plain_out, plaintext);
+/// ```
+pub struct CCM {
+    ws_aes: ws::Aes,
+}
+impl CCM {
+    /// Create a new `CCM` instance.
+    ///
+    /// # Returns
+    ///
+    /// A Result which is Ok(CCM) on success or an Err containing the wolfSSL
+    /// library return code on failure.
+    pub fn new() -> Result<Self, i32> {
+        let ws_aes = new_ws_aes()?;
+        let ccm = CCM {ws_aes};
+        Ok(ccm)
+    }
+
+    /// Initialize a CCM instance for encryption or decryption.
+    ///
+    /// This method must be called before calling `encrypt()` or `decrypt()`.
+    ///
+    /// # Parameters
+    ///
+    /// * `key`: A slice containing the encryption key to use. The key must be
+    /// 16, 24, or 32 bytes in length.
+    ///
+    /// # Returns
+    ///
+    /// A Result which is Ok(()) on success or an Err containing the wolfSSL
+    /// library return code on failure.
+    pub fn init(&mut self, key: &[u8]) -> Result<(), i32> {
+        let key_ptr = key.as_ptr() as *const u8;
+        let key_size = key.len() as u32;
+        let rc = unsafe {
+            ws::wc_AesCcmSetKey(&mut self.ws_aes, key_ptr, key_size)
+        };
+        if rc != 0 {
+            return Err(rc);
+        }
+        Ok(())
+    }
+
+    /// Encrypt data.
+    ///
+    /// The `init()` method must be called before calling this method.
+    ///
+    /// # Parameters
+    ///
+    /// * `din`: Data to encrypt.
+    /// * `dout`: Buffer in which to store the encrypted data. The size of
+    /// the buffer must match that of the `din` buffer.
+    /// * `nonce`: Nonce (number used once).
+    /// * `auth`: Authentication data input.
+    /// * `auth_tag`: Buffer in which to store the authentication tag.
+    ///
+    /// # Returns
+    ///
+    /// A Result which is Ok(()) on success or an Err containing the wolfSSL
+    /// library return code on failure.
+    pub fn encrypt<I,O,N,A>(&mut self, din: &[I], dout: &mut [O], nonce: &[N], auth: &[A], auth_tag: &mut [A]) -> Result<(), i32> {
+        let in_ptr = din.as_ptr() as *const u8;
+        let in_size = (din.len() * size_of::<I>()) as u32;
+        let out_ptr = dout.as_ptr() as *mut u8;
+        let out_size = (dout.len() * size_of::<O>()) as u32;
+        let nonce_ptr = nonce.as_ptr() as *const u8;
+        let nonce_size = (nonce.len() * size_of::<O>()) as u32;
+        let auth_ptr = auth.as_ptr() as *const u8;
+        let auth_size = (auth.len() * size_of::<O>()) as u32;
+        let auth_tag_ptr = auth_tag.as_ptr() as *mut u8;
+        let auth_tag_size = (auth_tag.len() * size_of::<O>()) as u32;
+        if in_size != out_size {
+            return Err(ws::wolfCrypt_ErrorCodes_BAD_FUNC_ARG);
+        }
+        let rc = unsafe {
+            ws::wc_AesCcmEncrypt(&mut self.ws_aes, out_ptr,
+                in_ptr, in_size,
+                nonce_ptr, nonce_size,
+                auth_tag_ptr, auth_tag_size,
+                auth_ptr, auth_size)
+        };
+        if rc != 0 {
+            return Err(rc);
+        }
+        Ok(())
+    }
+
+    /// Decrypt data.
+    ///
+    /// The `init()` method must be called before calling this method.
+    ///
+    /// # Parameters
+    ///
+    /// * `din`: Data to decrypt.
+    /// * `dout`: Buffer in which to store the decrypted data. The size of
+    /// the buffer must match that of the `din` buffer.
+    /// * `nonce`: Nonce (number used once).
+    /// * `auth`: Authentication data input.
+    /// * `auth_tag`: Authentication tag input to verify.
+    ///
+    /// # Returns
+    ///
+    /// A Result which is Ok(()) on success or an Err containing the wolfSSL
+    /// library return code on failure.
+    pub fn decrypt<I,O,N,A>(&mut self, din: &[I], dout: &mut [O], nonce: &[N], auth: &[A], auth_tag: &[A]) -> Result<(), i32> {
+        let in_ptr = din.as_ptr() as *const u8;
+        let in_size = (din.len() * size_of::<I>()) as u32;
+        let out_ptr = dout.as_ptr() as *mut u8;
+        let out_size = (dout.len() * size_of::<O>()) as u32;
+        let nonce_ptr = nonce.as_ptr() as *const u8;
+        let nonce_size = (nonce.len() * size_of::<O>()) as u32;
+        let auth_ptr = auth.as_ptr() as *const u8;
+        let auth_size = (auth.len() * size_of::<O>()) as u32;
+        let auth_tag_ptr = auth_tag.as_ptr() as *const u8;
+        let auth_tag_size = (auth_tag.len() * size_of::<O>()) as u32;
+        if in_size != out_size {
+            return Err(ws::wolfCrypt_ErrorCodes_BAD_FUNC_ARG);
+        }
+        let rc = unsafe {
+            ws::wc_AesCcmDecrypt(&mut self.ws_aes, out_ptr,
+                in_ptr, in_size,
+                nonce_ptr, nonce_size,
+                auth_tag_ptr, auth_tag_size,
+                auth_ptr, auth_size)
+        };
+        if rc != 0 {
+            return Err(rc);
+        }
+        Ok(())
+    }
+}
+impl Drop for CCM {
+    /// Safely free the wolfSSL resources.
+    fn drop(&mut self) {
+        unsafe { ws::wc_AesFree(&mut self.ws_aes); }
+    }
+}
+
+/// AES Cipher FeedBack (CFB) mode.
+///
+/// # Example
+/// ```rust
+/// use wolfssl::wolfcrypt::aes::CFB;
+/// let mut cfb = CFB::new().expect("Failed to create CFB");
+/// let key: [u8; 16] = [
+///     0x2b,0x7e,0x15,0x16,0x28,0xae,0xd2,0xa6,
+///     0xab,0xf7,0x15,0x88,0x09,0xcf,0x4f,0x3c
+/// ];
+/// let iv: [u8; 16] = [
+///     0x00,0x01,0x02,0x03,0x04,0x05,0x06,0x07,
+///     0x08,0x09,0x0a,0x0b,0x0c,0x0d,0x0e,0x0f
+/// ];
+/// let msg: [u8; 48] = [
+///     0x6b,0xc1,0xbe,0xe2,0x2e,0x40,0x9f,0x96,
+///     0xe9,0x3d,0x7e,0x11,0x73,0x93,0x17,0x2a,
+///     0xae,0x2d,0x8a,0x57,0x1e,0x03,0xac,0x9c,
+///     0x9e,0xb7,0x6f,0xac,0x45,0xaf,0x8e,0x51,
+///     0x30,0xc8,0x1c,0x46,0xa3,0x5c,0xe4,0x11,
+///     0xe5,0xfb,0xc1,0x19,0x1a,0x0a,0x52,0xef
+/// ];
+/// let cipher: [u8; 48] = [
+///     0x3b,0x3f,0xd9,0x2e,0xb7,0x2d,0xad,0x20,
+///     0x33,0x34,0x49,0xf8,0xe8,0x3c,0xfb,0x4a,
+///     0xc8,0xa6,0x45,0x37,0xa0,0xb3,0xa9,0x3f,
+///     0xcd,0xe3,0xcd,0xad,0x9f,0x1c,0xe5,0x8b,
+///     0x26,0x75,0x1f,0x67,0xa3,0xcb,0xb1,0x40,
+///     0xb1,0x80,0x8c,0xf1,0x87,0xa4,0xf4,0xdf
+/// ];
+/// cfb.init(&key, &iv).expect("Error with init()");
+/// let mut outbuf: [u8; 48] = [0; 48];
+/// cfb.encrypt(&msg[0..32], &mut outbuf[0..32]).expect("Error with encrypt()");
+/// cfb.encrypt(&msg[32..48], &mut outbuf[32..48]).expect("Error with encrypt()");
+/// assert_eq!(outbuf, cipher);
+/// cfb.init(&key, &iv).expect("Error with init()");
+/// let mut plain: [u8; 48] = [0; 48];
+/// cfb.decrypt(&outbuf, &mut plain).expect("Error with decrypt()");
+/// assert_eq!(plain, msg);
+/// ```
+pub struct CFB {
+    ws_aes: ws::Aes,
+}
+impl CFB {
+    /// Create a new `CFB` instance.
+    ///
+    /// # Returns
+    ///
+    /// A Result which is Ok(CFB) on success or an Err containing the wolfSSL
+    /// library return code on failure.
+    pub fn new() -> Result<Self, i32> {
+        let ws_aes = new_ws_aes()?;
+        let cfb = CFB {ws_aes};
+        Ok(cfb)
+    }
+
+    /// Initialize a CFB instance for encryption or decryption.
+    ///
+    /// This method must be called before calling `encrypt()`, `encrypt1()`,
+    /// `encrypt8()`, `decrypt()`, `decrypt1()`, or `decrypt8()`.
+    ///
+    /// # Parameters
+    ///
+    /// * `key`: A slice containing the encryption key to use. The key must be
+    /// 16, 24, or 32 bytes in length.
+    /// * `iv`: A slice containing the initialization vector (IV) to use. The
+    /// IV must be 16 bytes in length.
+    ///
+    /// # Returns
+    ///
+    /// A Result which is Ok(()) on success or an Err containing the wolfSSL
+    /// library return code on failure.
+    pub fn init(&mut self, key: &[u8], iv: &[u8]) -> Result<(), i32> {
+        let key_ptr = key.as_ptr() as *const u8;
+        let key_size = key.len() as u32;
+        let iv_ptr = iv.as_ptr() as *const u8;
+        if iv.len() as u32 != ws::WC_AES_BLOCK_SIZE {
+            return Err(ws::wolfCrypt_ErrorCodes_BAD_FUNC_ARG);
+        }
+        let rc = unsafe {
+            ws::wc_AesSetKey(&mut self.ws_aes, key_ptr, key_size,
+                iv_ptr, ws::AES_ENCRYPTION as i32)
+        };
+        if rc != 0 {
+            return Err(rc);
+        }
+        Ok(())
+    }
+
+    /// Encrypt data in full-block CFB mode.
+    ///
+    /// The `init()` method must be called before calling this method.
+    ///
+    /// # Parameters
+    ///
+    /// * `din`: Data to encrypt.
+    /// * `dout`: Buffer in which to store the encrypted data. The size of
+    /// the buffer must match that of the `din` buffer.
+    ///
+    /// # Returns
+    ///
+    /// A Result which is Ok(()) on success or an Err containing the wolfSSL
+    /// library return code on failure.
+    pub fn encrypt<I,O>(&mut self, din: &[I], dout: &mut [O]) -> Result<(), i32> {
+        let in_ptr = din.as_ptr() as *const u8;
+        let in_size = (din.len() * size_of::<I>()) as u32;
+        let out_ptr = dout.as_ptr() as *mut u8;
+        let out_size = (dout.len() * size_of::<O>()) as u32;
+        if in_size != out_size {
+            return Err(ws::wolfCrypt_ErrorCodes_BAD_FUNC_ARG);
+        }
+        let rc = unsafe {
+            ws::wc_AesCfbEncrypt(&mut self.ws_aes, out_ptr, in_ptr, in_size)
+        };
+        if rc != 0 {
+            return Err(rc);
+        }
+        Ok(())
+    }
+
+    /// Encrypt data in 1-bit CFB mode.
+    ///
+    /// The `init()` method must be called before calling this method.
+    ///
+    /// # Parameters
+    ///
+    /// * `din`: Data to encrypt.
+    /// * `dout`: Buffer in which to store the encrypted data. The size of
+    /// the buffer must match that of the `din` buffer.
+    ///
+    /// # Returns
+    ///
+    /// A Result which is Ok(()) on success or an Err containing the wolfSSL
+    /// library return code on failure.
+    pub fn encrypt1<I,O>(&mut self, din: &[I], dout: &mut [O]) -> Result<(), i32> {
+        let in_ptr = din.as_ptr() as *const u8;
+        let in_size = (din.len() * size_of::<I>()) as u32;
+        let out_ptr = dout.as_ptr() as *mut u8;
+        let out_size = (dout.len() * size_of::<O>()) as u32;
+        if in_size != out_size {
+            return Err(ws::wolfCrypt_ErrorCodes_BAD_FUNC_ARG);
+        }
+        let rc = unsafe {
+            ws::wc_AesCfb1Encrypt(&mut self.ws_aes, out_ptr, in_ptr, in_size)
+        };
+        if rc != 0 {
+            return Err(rc);
+        }
+        Ok(())
+    }
+
+    /// Encrypt data in 8-bit CFB mode.
+    ///
+    /// The `init()` method must be called before calling this method.
+    ///
+    /// # Parameters
+    ///
+    /// * `din`: Data to encrypt.
+    /// * `dout`: Buffer in which to store the encrypted data. The size of
+    /// the buffer must match that of the `din` buffer.
+    ///
+    /// # Returns
+    ///
+    /// A Result which is Ok(()) on success or an Err containing the wolfSSL
+    /// library return code on failure.
+    pub fn encrypt8<I,O>(&mut self, din: &[I], dout: &mut [O]) -> Result<(), i32> {
+        let in_ptr = din.as_ptr() as *const u8;
+        let in_size = (din.len() * size_of::<I>()) as u32;
+        let out_ptr = dout.as_ptr() as *mut u8;
+        let out_size = (dout.len() * size_of::<O>()) as u32;
+        if in_size != out_size {
+            return Err(ws::wolfCrypt_ErrorCodes_BAD_FUNC_ARG);
+        }
+        let rc = unsafe {
+            ws::wc_AesCfb8Encrypt(&mut self.ws_aes, out_ptr, in_ptr, in_size)
+        };
+        if rc != 0 {
+            return Err(rc);
+        }
+        Ok(())
+    }
+
+    /// Decrypt data in full-block CFB mode.
+    ///
+    /// The `init()` method must be called before calling this method.
+    ///
+    /// # Parameters
+    ///
+    /// * `din`: Data to decrypt.
+    /// * `dout`: Buffer in which to store the decrypted data. The size of
+    /// the buffer must match that of the `din` buffer.
+    ///
+    /// # Returns
+    ///
+    /// A Result which is Ok(()) on success or an Err containing the wolfSSL
+    /// library return code on failure.
+    pub fn decrypt<I,O>(&mut self, din: &[I], dout: &mut [O]) -> Result<(), i32> {
+        let in_ptr = din.as_ptr() as *const u8;
+        let in_size = (din.len() * size_of::<I>()) as u32;
+        let out_ptr = dout.as_ptr() as *mut u8;
+        let out_size = (dout.len() * size_of::<O>()) as u32;
+        if in_size != out_size {
+            return Err(ws::wolfCrypt_ErrorCodes_BAD_FUNC_ARG);
+        }
+        let rc = unsafe {
+            ws::wc_AesCfbDecrypt(&mut self.ws_aes, out_ptr, in_ptr, in_size)
+        };
+        if rc != 0 {
+            return Err(rc);
+        }
+        Ok(())
+    }
+
+    /// Decrypt data in 1-bit CFB mode.
+    ///
+    /// The `init()` method must be called before calling this method.
+    ///
+    /// # Parameters
+    ///
+    /// * `din`: Data to decrypt.
+    /// * `dout`: Buffer in which to store the decrypted data. The size of
+    /// the buffer must match that of the `din` buffer.
+    ///
+    /// # Returns
+    ///
+    /// A Result which is Ok(()) on success or an Err containing the wolfSSL
+    /// library return code on failure.
+    pub fn decrypt1<I,O>(&mut self, din: &[I], dout: &mut [O]) -> Result<(), i32> {
+        let in_ptr = din.as_ptr() as *const u8;
+        let in_size = (din.len() * size_of::<I>()) as u32;
+        let out_ptr = dout.as_ptr() as *mut u8;
+        let out_size = (dout.len() * size_of::<O>()) as u32;
+        if in_size != out_size {
+            return Err(ws::wolfCrypt_ErrorCodes_BAD_FUNC_ARG);
+        }
+        let rc = unsafe {
+            ws::wc_AesCfb1Decrypt(&mut self.ws_aes, out_ptr, in_ptr, in_size)
+        };
+        if rc != 0 {
+            return Err(rc);
+        }
+        Ok(())
+    }
+
+    /// Decrypt data in 8-bit CFB mode.
+    ///
+    /// The `init()` method must be called before calling this method.
+    ///
+    /// # Parameters
+    ///
+    /// * `din`: Data to decrypt.
+    /// * `dout`: Buffer in which to store the decrypted data. The size of
+    /// the buffer must match that of the `din` buffer.
+    ///
+    /// # Returns
+    ///
+    /// A Result which is Ok(()) on success or an Err containing the wolfSSL
+    /// library return code on failure.
+    pub fn decrypt8<I,O>(&mut self, din: &[I], dout: &mut [O]) -> Result<(), i32> {
+        let in_ptr = din.as_ptr() as *const u8;
+        let in_size = (din.len() * size_of::<I>()) as u32;
+        let out_ptr = dout.as_ptr() as *mut u8;
+        let out_size = (dout.len() * size_of::<O>()) as u32;
+        if in_size != out_size {
+            return Err(ws::wolfCrypt_ErrorCodes_BAD_FUNC_ARG);
+        }
+        let rc = unsafe {
+            ws::wc_AesCfb8Decrypt(&mut self.ws_aes, out_ptr, in_ptr, in_size)
+        };
+        if rc != 0 {
+            return Err(rc);
+        }
+        Ok(())
+    }
+}
+impl Drop for CFB {
+    /// Safely free the wolfSSL resources.
+    fn drop(&mut self) {
+        unsafe { ws::wc_AesFree(&mut self.ws_aes); }
+    }
+}
+
+/// AES Counter (CTR) mode.
+///
+/// # Example
+/// ```rust
+/// use wolfssl::wolfcrypt::aes::CTR;
+/// let iv: [u8; 16] = [
+///     0xf0,0xf1,0xf2,0xf3,0xf4,0xf5,0xf6,0xf7,
+///     0xf8,0xf9,0xfa,0xfb,0xfc,0xfd,0xfe,0xff
+/// ];
+/// let msg: [u8; 64] = [
+///     0x6b,0xc1,0xbe,0xe2,0x2e,0x40,0x9f,0x96,
+///     0xe9,0x3d,0x7e,0x11,0x73,0x93,0x17,0x2a,
+///     0xae,0x2d,0x8a,0x57,0x1e,0x03,0xac,0x9c,
+///     0x9e,0xb7,0x6f,0xac,0x45,0xaf,0x8e,0x51,
+///     0x30,0xc8,0x1c,0x46,0xa3,0x5c,0xe4,0x11,
+///     0xe5,0xfb,0xc1,0x19,0x1a,0x0a,0x52,0xef,
+///     0xf6,0x9f,0x24,0x45,0xdf,0x4f,0x9b,0x17,
+///     0xad,0x2b,0x41,0x7b,0xe6,0x6c,0x37,0x10
+/// ];
+/// let key: [u8; 16] = [
+///     0x2b,0x7e,0x15,0x16,0x28,0xae,0xd2,0xa6,
+///     0xab,0xf7,0x15,0x88,0x09,0xcf,0x4f,0x3c
+/// ];
+/// let cipher: [u8; 64] = [
+///     0x87,0x4d,0x61,0x91,0xb6,0x20,0xe3,0x26,
+///     0x1b,0xef,0x68,0x64,0x99,0x0d,0xb6,0xce,
+///     0x98,0x06,0xf6,0x6b,0x79,0x70,0xfd,0xff,
+///     0x86,0x17,0x18,0x7b,0xb9,0xff,0xfd,0xff,
+///     0x5a,0xe4,0xdf,0x3e,0xdb,0xd5,0xd3,0x5e,
+///     0x5b,0x4f,0x09,0x02,0x0d,0xb0,0x3e,0xab,
+///     0x1e,0x03,0x1d,0xda,0x2f,0xbe,0x03,0xd1,
+///     0x79,0x21,0x70,0xa0,0xf3,0x00,0x9c,0xee
+/// ];
+/// let mut ctr = CTR::new().expect("Failed to create CTR");
+/// ctr.init(&key, &iv).expect("Error with init()");
+/// let mut outbuf: [u8; 64] = [0; 64];
+/// ctr.encrypt(&msg, &mut outbuf).expect("Error with encrypt()");
+/// assert_eq!(outbuf, cipher);
+/// ctr.init(&key, &iv).expect("Error with init()");
+/// let mut plain: [u8; 64] = [0; 64];
+/// ctr.decrypt(&outbuf, &mut plain).expect("Error with decrypt()");
+/// assert_eq!(plain, msg);
+/// ```
+pub struct CTR {
+    ws_aes: ws::Aes,
+}
+impl CTR {
+    /// Create a new `CTR` instance.
+    ///
+    /// # Returns
+    ///
+    /// A Result which is Ok(CTR) on success or an Err containing the wolfSSL
+    /// library return code on failure.
+    pub fn new() -> Result<Self, i32> {
+        let ws_aes = new_ws_aes()?;
+        let ctr = CTR {ws_aes};
+        Ok(ctr)
+    }
+
+    /// Initialize a CTR instance for encryption or decryption.
+    ///
+    /// This method must be called before calling `encrypt()` or `decrypt()`.
+    ///
+    /// # Parameters
+    ///
+    /// * `key`: A slice containing the encryption key to use. The key must be
+    /// 16, 24, or 32 bytes in length.
+    /// * `iv`: A slice containing the initialization vector (IV) to use. The
+    /// IV must be 16 bytes in length.
+    ///
+    /// # Returns
+    ///
+    /// A Result which is Ok(()) on success or an Err containing the wolfSSL
+    /// library return code on failure.
+    pub fn init(&mut self, key: &[u8], iv: &[u8]) -> Result<(), i32> {
+        let key_ptr = key.as_ptr() as *const u8;
+        let key_size = key.len() as u32;
+        let iv_ptr = iv.as_ptr() as *const u8;
+        if iv.len() as u32 != ws::WC_AES_BLOCK_SIZE {
+            return Err(ws::wolfCrypt_ErrorCodes_BAD_FUNC_ARG);
+        }
+        let rc = unsafe {
+            ws::wc_AesSetKeyDirect(&mut self.ws_aes, key_ptr, key_size,
+                iv_ptr, ws::AES_ENCRYPTION as i32)
+        };
+        if rc != 0 {
+            return Err(rc);
+        }
+        Ok(())
+    }
+
+    fn encrypt_decrypt<I,O>(&mut self, din: &[I], dout: &mut [O]) -> Result<(), i32> {
+        let in_ptr = din.as_ptr() as *const u8;
+        let in_size = (din.len() * size_of::<I>()) as u32;
+        let out_ptr = dout.as_ptr() as *mut u8;
+        let out_size = (dout.len() * size_of::<O>()) as u32;
+        if in_size != out_size {
+            return Err(ws::wolfCrypt_ErrorCodes_BAD_FUNC_ARG);
+        }
+        let rc = unsafe {
+            ws::wc_AesCtrEncrypt(&mut self.ws_aes, out_ptr, in_ptr, in_size)
+        };
+        if rc != 0 {
+            return Err(rc);
+        }
+        Ok(())
+    }
+
+    /// Encrypt data.
+    ///
+    /// The `init()` method must be called before calling this method.
+    ///
+    /// # Parameters
+    ///
+    /// * `din`: Data to encrypt.
+    /// * `dout`: Buffer in which to store the encrypted data. The size of
+    /// the buffer must match that of the `din` buffer.
+    ///
+    /// # Returns
+    ///
+    /// A Result which is Ok(()) on success or an Err containing the wolfSSL
+    /// library return code on failure.
+    pub fn encrypt<I,O>(&mut self, din: &[I], dout: &mut [O]) -> Result<(), i32> {
+        return self.encrypt_decrypt(din, dout);
+    }
+
+    /// Decrypt data.
+    ///
+    /// The `init()` method must be called before calling this method.
+    ///
+    /// # Parameters
+    ///
+    /// * `din`: Data to decrypt.
+    /// * `dout`: Buffer in which to store the decrypted data. The size of
+    /// the buffer must match that of the `din` buffer.
+    ///
+    /// # Returns
+    ///
+    /// A Result which is Ok(()) on success or an Err containing the wolfSSL
+    /// library return code on failure.
+    pub fn decrypt<I,O>(&mut self, din: &[I], dout: &mut [O]) -> Result<(), i32> {
+        return self.encrypt_decrypt(din, dout);
+    }
+}
+impl Drop for CTR {
+    /// Safely free the wolfSSL resources.
+    fn drop(&mut self) {
+        unsafe { ws::wc_AesFree(&mut self.ws_aes); }
+    }
+}
+
+/// AES Encrypt-Then-Authenticate-Then-Translate (EAX) mode.
+///
+/// # Example
+/// ```rust
+/// use wolfssl::wolfcrypt::aes::EAX;
+/// let key: [u8; 16] = [
+///     0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
+///     0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f
+/// ];
+/// let nonce: [u8; 16] = [
+///     0x3c, 0x8c, 0xc2, 0x97, 0x0a, 0x00, 0x8f, 0x75,
+///     0xcc, 0x5b, 0xea, 0xe2, 0x84, 0x72, 0x58, 0xc2
+/// ];
+/// let auth: &[u8] = &[];
+/// let msg: [u8; 32] = [
+///     0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+///     0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+///     0x11, 0x11, 0x11, 0x11, 0x11, 0x11, 0x11, 0x11,
+///     0x11, 0x11, 0x11, 0x11, 0x11, 0x11, 0x11, 0x11
+/// ];
+/// let expected_cipher: [u8; 32] = [
+///     0x3c, 0x44, 0x1f, 0x32, 0xce, 0x07, 0x82, 0x23,
+///     0x64, 0xd7, 0xa2, 0x99, 0x0e, 0x50, 0xbb, 0x13,
+///     0xd7, 0xb0, 0x2a, 0x26, 0x96, 0x9e, 0x4a, 0x93,
+///     0x7e, 0x5e, 0x90, 0x73, 0xb0, 0xd9, 0xc9, 0x68
+/// ];
+/// let expected_auth_tag: [u8; 16] = [
+///     0xdb, 0x90, 0xbd, 0xb3, 0xda, 0x3d, 0x00, 0xaf,
+///     0xd0, 0xfc, 0x6a, 0x83, 0x55, 0x1d, 0xa9, 0x5e
+/// ];
+/// let mut cipher: [u8; 32] = [0; 32];
+/// let mut auth_tag: [u8; 16] = [0; 16];
+/// EAX::encrypt(&msg, &mut cipher, &key, &nonce, auth, &mut auth_tag).expect("Error with encrypt()");
+/// assert_eq!(cipher, expected_cipher);
+/// assert_eq!(auth_tag, expected_auth_tag);
+/// let mut plain: [u8; 32] = [0; 32];
+/// EAX::decrypt(&cipher, &mut plain, &key, &nonce, auth, &auth_tag).expect("Error with decrypt()");
+/// assert_eq!(plain, msg);
+/// ```
+pub struct EAX {
+}
+impl EAX {
+    /// Encrypt data.
+    ///
+    /// # Parameters
+    ///
+    /// * `din`: Data to encrypt.
+    /// * `dout`: Buffer in which to store the encrypted data. The size of
+    /// the buffer must match that of the `din` buffer.
+    /// * `key`: Encryption key to use. The key size must be 16, 24, or 32
+    /// bytes.
+    /// * `nonce`: Nonce (number used once).
+    /// * `auth`: Authentication data input.
+    /// * `auth_tag`: Buffer in which to store the authentication tag.
+    ///
+    /// # Returns
+    ///
+    /// A Result which is Ok(()) on success or an Err containing the wolfSSL
+    /// library return code on failure.
+    pub fn encrypt<I,O>(din: &[I], dout: &mut [O], key: &[u8], nonce: &[u8],
+            auth: &[u8], auth_tag: &mut [u8]) -> Result<(), i32> {
+        let key_ptr = key.as_ptr() as *const u8;
+        let key_size = key.len() as u32;
+        let nonce_ptr = nonce.as_ptr() as *const u8;
+        let nonce_size = nonce.len() as u32;
+        let auth_ptr = auth.as_ptr() as *const u8;
+        let auth_size = auth.len() as u32;
+        let auth_tag_ptr = auth_tag.as_ptr() as *mut u8;
+        let auth_tag_size = auth_tag.len() as u32;
+        let in_ptr = din.as_ptr() as *const u8;
+        let in_size = din.len() as u32;
+        let out_ptr = dout.as_ptr() as *mut u8;
+        let out_size = dout.len() as u32;
+        if in_size != out_size {
+            return Err(ws::wolfCrypt_ErrorCodes_BAD_FUNC_ARG);
+        }
+        let rc = unsafe {
+            ws::wc_AesEaxEncryptAuth(key_ptr, key_size, out_ptr,
+                in_ptr, in_size, nonce_ptr, nonce_size,
+                auth_tag_ptr, auth_tag_size,
+                auth_ptr, auth_size)
+        };
+        if rc != 0 {
+            return Err(rc);
+        }
+        Ok(())
+    }
+
+    /// Decrypt data.
+    ///
+    /// # Parameters
+    ///
+    /// * `din`: Data to decrypt.
+    /// * `dout`: Buffer in which to store the decrypted data. The size of
+    /// the buffer must match that of the `din` buffer.
+    /// * `key`: Decryption key to use. The key size must be 16, 24, or 32
+    /// bytes.
+    /// * `nonce`: Nonce (number used once).
+    /// * `auth`: Authentication data input.
+    /// * `auth_tag`: Authentication tag input to verify.
+    ///
+    /// # Returns
+    ///
+    /// A Result which is Ok(()) on success or an Err containing the wolfSSL
+    /// library return code on failure.
+    pub fn decrypt<I,O>(din: &[I], dout: &mut [O], key: &[u8], nonce: &[u8],
+            auth: &[u8], auth_tag: &[u8]) -> Result<(), i32> {
+        let key_ptr = key.as_ptr() as *const u8;
+        let key_size = key.len() as u32;
+        let nonce_ptr = nonce.as_ptr() as *const u8;
+        let nonce_size = nonce.len() as u32;
+        let auth_ptr = auth.as_ptr() as *const u8;
+        let auth_size = auth.len() as u32;
+        let auth_tag_ptr = auth_tag.as_ptr() as *const u8;
+        let auth_tag_size = auth_tag.len() as u32;
+        let in_ptr = din.as_ptr() as *const u8;
+        let in_size = din.len() as u32;
+        let out_ptr = dout.as_ptr() as *mut u8;
+        let out_size = dout.len() as u32;
+        if in_size != out_size {
+            return Err(ws::wolfCrypt_ErrorCodes_BAD_FUNC_ARG);
+        }
+        let rc = unsafe {
+            ws::wc_AesEaxDecryptAuth(key_ptr, key_size, out_ptr,
+                in_ptr, in_size, nonce_ptr, nonce_size,
+                auth_tag_ptr, auth_tag_size,
+                auth_ptr, auth_size)
+        };
+        if rc != 0 {
+            return Err(rc);
+        }
+        Ok(())
+    }
+}
+
+/// AES Electronic CodeBook (ECB) mode.
+///
+/// # Example
+/// ```rust
+/// use wolfssl::wolfcrypt::aes::ECB;
+/// let mut ecb = ECB::new().expect("Failed to create ECB");
+/// let key_128: &[u8; 16] = b"0123456789abcdef";
+/// let msg: [u8; 16] = [
+///     0x6e, 0x6f, 0x77, 0x20, 0x69, 0x73, 0x20, 0x74,
+///     0x68, 0x65, 0x20, 0x74, 0x69, 0x6d, 0x65, 0x20
+/// ];
+/// let verify_ecb_128: [u8; 16] = [
+///     0xd0, 0xc9, 0xd9, 0xc9, 0x40, 0xe8, 0x97, 0xb6,
+///     0xc8, 0x8c, 0x33, 0x3b, 0xb5, 0x8f, 0x85, 0xd1
+/// ];
+/// ecb.init_encrypt(key_128).expect("Error with init_encrypt()");
+/// let mut outbuf: [u8; 16] = [0; 16];
+/// ecb.encrypt(&msg, &mut outbuf).expect("Error with encrypt()");
+/// assert_eq!(&outbuf, &verify_ecb_128);
+/// outbuf = [0; 16];
+/// ecb.init_decrypt(key_128).expect("Error with init_decrypt()");
+/// ecb.decrypt(&verify_ecb_128, &mut outbuf).expect("Error with decrypt()");
+/// assert_eq!(&outbuf, &msg);
+/// ```
+pub struct ECB {
+    ws_aes: ws::Aes,
+}
+impl ECB {
+    /// Create a new `ECB` instance.
+    ///
+    /// # Returns
+    ///
+    /// A Result which is Ok(ECB) on success or an Err containing the wolfSSL
+    /// library return code on failure.
+    pub fn new() -> Result<Self, i32> {
+        let ws_aes = new_ws_aes()?;
+        let ecb = ECB {ws_aes};
+        Ok(ecb)
+    }
+
+    fn init(&mut self, key: &[u8], dir: i32) -> Result<(), i32> {
+        let key_ptr = key.as_ptr() as *const u8;
+        let key_size = key.len() as u32;
+        let rc = unsafe {
+            ws::wc_AesSetKey(&mut self.ws_aes, key_ptr, key_size,
+                null(), dir)
+        };
+        if rc != 0 {
+            return Err(rc);
+        }
+        Ok(())
+    }
+
+    /// Initialize a ECB instance for encryption.
+    ///
+    /// This method must be called before calling `encrypt()`.
+    ///
+    /// # Parameters
+    ///
+    /// * `key`: A slice containing the encryption key to use. The key must be
+    /// 16, 24, or 32 bytes in length.
+    ///
+    /// # Returns
+    ///
+    /// A Result which is Ok(()) on success or an Err containing the wolfSSL
+    /// library return code on failure.
+    pub fn init_encrypt(&mut self, key: &[u8]) -> Result<(), i32> {
+        return self.init(key, ws::AES_ENCRYPTION as i32);
+    }
+
+    /// Initialize a ECB instance for decryption.
+    ///
+    /// This method must be called before calling `decrypt()`.
+    ///
+    /// # Parameters
+    ///
+    /// * `key`: A slice containing the decryption key to use. The key must be
+    /// 16, 24, or 32 bytes in length.
+    ///
+    /// # Returns
+    ///
+    /// A Result which is Ok(()) on success or an Err containing the wolfSSL
+    /// library return code on failure.
+    pub fn init_decrypt(&mut self, key: &[u8]) -> Result<(), i32> {
+        return self.init(key, ws::AES_DECRYPTION as i32);
+    }
+
+    /// Encrypt data.
+    ///
+    /// The `init_encrypt()` method must be called before calling this method.
+    ///
+    /// # Parameters
+    ///
+    /// * `din`: Data to encrypt. The size of the data must be a multiple of
+    /// 16 bytes.
+    /// * `dout`: Buffer in which to store the encrypted data. The size of
+    /// the buffer must match that of the `din` buffer.
+    ///
+    /// # Returns
+    ///
+    /// A Result which is Ok(()) on success or an Err containing the wolfSSL
+    /// library return code on failure.
+    pub fn encrypt<I,O>(&mut self, din: &[I], dout: &mut [O]) -> Result<(), i32> {
+        let in_ptr = din.as_ptr() as *const u8;
+        let in_size = (din.len() * size_of::<I>()) as u32;
+        let out_ptr = dout.as_ptr() as *mut u8;
+        let out_size = (dout.len() * size_of::<O>()) as u32;
+        if in_size != out_size {
+            return Err(ws::wolfCrypt_ErrorCodes_BAD_FUNC_ARG);
+        }
+        let rc = unsafe {
+            ws::wc_AesEcbEncrypt(&mut self.ws_aes, out_ptr, in_ptr, in_size)
+        };
+        if rc != 0 {
+            return Err(rc);
+        }
+        Ok(())
+    }
+
+    /// Decrypt data.
+    ///
+    /// The `init_decrypt()` method must be called before calling this method.
+    ///
+    /// # Parameters
+    ///
+    /// * `din`: Data to decrypt. The size of the data must be a multiple of
+    /// 16 bytes.
+    /// * `dout`: Buffer in which to store the decrypted data. The size of
+    /// the buffer must match that of the `din` buffer.
+    ///
+    /// # Returns
+    ///
+    /// A Result which is Ok(()) on success or an Err containing the wolfSSL
+    /// library return code on failure.
+    pub fn decrypt<I,O>(&mut self, din: &[I], dout: &mut [O]) -> Result<(), i32> {
+        let in_ptr = din.as_ptr() as *const u8;
+        let in_size = (din.len() * size_of::<I>()) as u32;
+        let out_ptr = dout.as_ptr() as *mut u8;
+        let out_size = (dout.len() * size_of::<O>()) as u32;
+        if in_size != out_size {
+            return Err(ws::wolfCrypt_ErrorCodes_BAD_FUNC_ARG);
+        }
+        let rc = unsafe {
+            ws::wc_AesEcbDecrypt(&mut self.ws_aes, out_ptr, in_ptr, in_size)
+        };
+        if rc != 0 {
+            return Err(rc);
+        }
+        Ok(())
+    }
+}
+impl Drop for ECB {
+    /// Safely free the wolfSSL resources.
+    fn drop(&mut self) {
+        unsafe { ws::wc_AesFree(&mut self.ws_aes); }
+    }
+}
+
+/// AES Galois/Counter Mode (GCM) mode (one shot functionality).
+///
+/// This struct provides one-shot encryption and decryption functionality.
+/// For streaming/chunking functionality, see the `GCMStream` struct instead.
+///
+/// # Example
+/// ```rust
+/// use wolfssl::wolfcrypt::aes::GCM;
+/// let key: [u8; 16] = [
+///     0x29, 0x8e, 0xfa, 0x1c, 0xcf, 0x29, 0xcf, 0x62,
+///     0xae, 0x68, 0x24, 0xbf, 0xc1, 0x95, 0x57, 0xfc
+/// ];
+/// let iv: [u8; 12] = [
+///     0x6f, 0x58, 0xa9, 0x3f, 0xe1, 0xd2, 0x07, 0xfa,
+///     0xe4, 0xed, 0x2f, 0x6d
+/// ];
+/// let plain: [u8; 32] = [
+///     0xcc, 0x38, 0xbc, 0xcd, 0x6b, 0xc5, 0x36, 0xad,
+///     0x91, 0x9b, 0x13, 0x95, 0xf5, 0xd6, 0x38, 0x01,
+///     0xf9, 0x9f, 0x80, 0x68, 0xd6, 0x5c, 0xa5, 0xac,
+///     0x63, 0x87, 0x2d, 0xaf, 0x16, 0xb9, 0x39, 0x01
+/// ];
+/// let auth: [u8; 16] = [
+///     0x02, 0x1f, 0xaf, 0xd2, 0x38, 0x46, 0x39, 0x73,
+///     0xff, 0xe8, 0x02, 0x56, 0xe5, 0xb1, 0xc6, 0xb1
+/// ];
+/// let expected_cipher: [u8; 32] = [
+///     0xdf, 0xce, 0x4e, 0x9c, 0xd2, 0x91, 0x10, 0x3d,
+///     0x7f, 0xe4, 0xe6, 0x33, 0x51, 0xd9, 0xe7, 0x9d,
+///     0x3d, 0xfd, 0x39, 0x1e, 0x32, 0x67, 0x10, 0x46,
+///     0x58, 0x21, 0x2d, 0xa9, 0x65, 0x21, 0xb7, 0xdb
+/// ];
+/// let expected_auth_tag: [u8; 16] = [
+///     0x54, 0x24, 0x65, 0xef, 0x59, 0x93, 0x16, 0xf7,
+///     0x3a, 0x7a, 0x56, 0x05, 0x09, 0xa2, 0xd9, 0xf2
+/// ];
+/// let mut gcm = GCM::new().expect("Failed to create GCM");
+/// gcm.init(&key).expect("Error with init()");
+/// let mut cipher: [u8; 32] = [0; 32];
+/// let mut auth_tag: [u8; 16] = [0; 16];
+/// gcm.encrypt(&plain, &mut cipher, &iv, &auth, &mut auth_tag).expect("Error with encrypt()");
+/// assert_eq!(cipher, expected_cipher);
+/// assert_eq!(auth_tag, expected_auth_tag);
+/// let mut plain_out: [u8; 32] = [0; 32];
+/// gcm.decrypt(&cipher, &mut plain_out, &iv, &auth, &auth_tag).expect("Error with decrypt()");
+/// assert_eq!(plain_out, plain);
+/// ```
+pub struct GCM {
+    ws_aes: ws::Aes,
+}
+impl GCM {
+    /// Create a new `GCM` instance.
+    ///
+    /// # Returns
+    ///
+    /// A Result which is Ok(GCM) on success or an Err containing the wolfSSL
+    /// library return code on failure.
+    pub fn new() -> Result<Self, i32> {
+        let ws_aes = new_ws_aes()?;
+        let gcm = GCM {ws_aes};
+        Ok(gcm)
+    }
+
+    /// Initialize a GCM instance for encryption or decryption.
+    ///
+    /// This method must be called before calling `encrypt()` or `decrypt()`.
+    ///
+    /// # Parameters
+    ///
+    /// * `key`: A slice containing the encryption key to use. The key must be
+    /// 16, 24, or 32 bytes in length.
+    ///
+    /// # Returns
+    ///
+    /// A Result which is Ok(()) on success or an Err containing the wolfSSL
+    /// library return code on failure.
+    pub fn init(&mut self, key: &[u8]) -> Result<(), i32> {
+        let key_ptr = key.as_ptr() as *const u8;
+        let key_size = key.len() as u32;
+        let rc = unsafe {
+            ws::wc_AesGcmSetKey(&mut self.ws_aes, key_ptr, key_size)
+        };
+        if rc != 0 {
+            return Err(rc);
+        }
+        Ok(())
+    }
+
+    /// Encrypt data.
+    ///
+    /// The `init()` method must be called before calling this method.
+    ///
+    /// # Parameters
+    ///
+    /// * `din`: Data to encrypt.
+    /// * `dout`: Buffer in which to store the encrypted data. The size of
+    /// the buffer must match that of the `din` buffer.
+    /// * `iv`: Initialization vector to use for the encryption operation.
+    /// * `auth`: Authentication data input.
+    /// * `auth_tag`: Buffer in which to store the authentication tag.
+    ///
+    /// # Returns
+    ///
+    /// A Result which is Ok(()) on success or an Err containing the wolfSSL
+    /// library return code on failure.
+    pub fn encrypt<I,O>(&mut self, din: &[I], dout: &mut [O], iv: &[u8],
+            auth: &[u8], auth_tag: &mut [u8]) -> Result<(), i32> {
+        let in_ptr = din.as_ptr() as *const u8;
+        let in_size = (din.len() * size_of::<I>()) as u32;
+        let out_ptr = dout.as_ptr() as *mut u8;
+        let out_size = (dout.len() * size_of::<O>()) as u32;
+        let iv_ptr = iv.as_ptr() as *const u8;
+        let iv_size = iv.len() as u32;
+        let auth_ptr = auth.as_ptr() as *const u8;
+        let auth_size = auth.len() as u32;
+        let auth_tag_ptr = auth_tag.as_ptr() as *mut u8;
+        let auth_tag_size = auth_tag.len() as u32;
+        if in_size != out_size {
+            return Err(ws::wolfCrypt_ErrorCodes_BAD_FUNC_ARG);
+        }
+        let rc = unsafe {
+            ws::wc_AesGcmEncrypt(&mut self.ws_aes, out_ptr,
+                in_ptr, in_size,
+                iv_ptr, iv_size,
+                auth_tag_ptr, auth_tag_size,
+                auth_ptr, auth_size)
+        };
+        if rc != 0 {
+            return Err(rc);
+        }
+        Ok(())
+    }
+
+    /// Decrypt data.
+    ///
+    /// The `init()` method must be called before calling this method.
+    ///
+    /// # Parameters
+    ///
+    /// * `din`: Data to decrypt.
+    /// * `dout`: Buffer in which to store the decrypted data. The size of
+    /// the buffer must match that of the `din` buffer.
+    /// * `iv`: Initialization vector to use for the decryption operation.
+    /// * `auth`: Authentication data input.
+    /// * `auth_tag`: Authentication tag input to verify.
+    ///
+    /// # Returns
+    ///
+    /// A Result which is Ok(()) on success or an Err containing the wolfSSL
+    /// library return code on failure.
+    pub fn decrypt<I,O>(&mut self, din: &[I], dout: &mut [O], iv: &[u8],
+            auth: &[u8], auth_tag: &[u8]) -> Result<(), i32> {
+        let in_ptr = din.as_ptr() as *const u8;
+        let in_size = (din.len() * size_of::<I>()) as u32;
+        let out_ptr = dout.as_ptr() as *mut u8;
+        let out_size = (dout.len() * size_of::<O>()) as u32;
+        let iv_ptr = iv.as_ptr() as *const u8;
+        let iv_size = iv.len() as u32;
+        let auth_ptr = auth.as_ptr() as *const u8;
+        let auth_size = auth.len() as u32;
+        let auth_tag_ptr = auth_tag.as_ptr() as *const u8;
+        let auth_tag_size = auth_tag.len() as u32;
+        if in_size != out_size {
+            return Err(ws::wolfCrypt_ErrorCodes_BAD_FUNC_ARG);
+        }
+        let rc = unsafe {
+            ws::wc_AesGcmDecrypt(&mut self.ws_aes, out_ptr,
+                in_ptr, in_size,
+                iv_ptr, iv_size,
+                auth_tag_ptr, auth_tag_size,
+                auth_ptr, auth_size)
+        };
+        if rc != 0 {
+            return Err(rc);
+        }
+        Ok(())
+    }
+}
+impl Drop for GCM {
+    /// Safely free the wolfSSL resources.
+    fn drop(&mut self) {
+        unsafe { ws::wc_AesFree(&mut self.ws_aes); }
+    }
+}
+
+/// AES Galois/Counter Mode (GCM) mode (streaming functionality).
+///
+/// This struct provides streaming/chunking encryption and decryption
+/// functionality. For one-shot functionality, see the `GCM` struct instead.
+///
+/// # Example
+/// ```rust
+/// use wolfssl::wolfcrypt::aes::GCMStream;
+/// let plain: [u8; 60] = [
+///     0xd9, 0x31, 0x32, 0x25, 0xf8, 0x84, 0x06, 0xe5,
+///     0xa5, 0x59, 0x09, 0xc5, 0xaf, 0xf5, 0x26, 0x9a,
+///     0x86, 0xa7, 0xa9, 0x53, 0x15, 0x34, 0xf7, 0xda,
+///     0x2e, 0x4c, 0x30, 0x3d, 0x8a, 0x31, 0x8a, 0x72,
+///     0x1c, 0x3c, 0x0c, 0x95, 0x95, 0x68, 0x09, 0x53,
+///     0x2f, 0xcf, 0x0e, 0x24, 0x49, 0xa6, 0xb5, 0x25,
+///     0xb1, 0x6a, 0xed, 0xf5, 0xaa, 0x0d, 0xe6, 0x57,
+///     0xba, 0x63, 0x7b, 0x39
+/// ];
+/// let auth: [u8; 20] = [
+///     0xfe, 0xed, 0xfa, 0xce, 0xde, 0xad, 0xbe, 0xef,
+///     0xfe, 0xed, 0xfa, 0xce, 0xde, 0xad, 0xbe, 0xef,
+///     0xab, 0xad, 0xda, 0xd2
+/// ];
+/// let key: [u8; 32] = [
+///     0xfe, 0xff, 0xe9, 0x92, 0x86, 0x65, 0x73, 0x1c,
+///     0x6d, 0x6a, 0x8f, 0x94, 0x67, 0x30, 0x83, 0x08,
+///     0xfe, 0xff, 0xe9, 0x92, 0x86, 0x65, 0x73, 0x1c,
+///     0x6d, 0x6a, 0x8f, 0x94, 0x67, 0x30, 0x83, 0x08
+/// ];
+/// let iv: [u8; 12] = [
+///     0xca, 0xfe, 0xba, 0xbe, 0xfa, 0xce, 0xdb, 0xad,
+///     0xde, 0xca, 0xf8, 0x88
+/// ];
+/// let expected_cipher: [u8; 60] = [
+///     0x52, 0x2d, 0xc1, 0xf0, 0x99, 0x56, 0x7d, 0x07,
+///     0xf4, 0x7f, 0x37, 0xa3, 0x2a, 0x84, 0x42, 0x7d,
+///     0x64, 0x3a, 0x8c, 0xdc, 0xbf, 0xe5, 0xc0, 0xc9,
+///     0x75, 0x98, 0xa2, 0xbd, 0x25, 0x55, 0xd1, 0xaa,
+///     0x8c, 0xb0, 0x8e, 0x48, 0x59, 0x0d, 0xbb, 0x3d,
+///     0xa7, 0xb0, 0x8b, 0x10, 0x56, 0x82, 0x88, 0x38,
+///     0xc5, 0xf6, 0x1e, 0x63, 0x93, 0xba, 0x7a, 0x0a,
+///     0xbc, 0xc9, 0xf6, 0x62
+/// ];
+/// let expected_auth_tag: [u8; 16] = [
+///     0x76, 0xfc, 0x6e, 0xce, 0x0f, 0x4e, 0x17, 0x68,
+///     0xcd, 0xdf, 0x88, 0x53, 0xbb, 0x2d, 0x55, 0x1b
+/// ];
+/// let mut gcmstream = GCMStream::new().expect("Failed to create GCMStream");
+/// for chunk_size in 1..=auth.len() {
+///     gcmstream.init(&key, &iv).expect("Error with init()");
+///     let mut cipher: [u8; 60] = [0; 60];
+///     let mut i = 0;
+///     while i < auth.len() {
+///         let mut end = i + chunk_size;
+///         if end > auth.len() {
+///             end = auth.len()
+///         }
+///         gcmstream.encrypt_update(&plain[0..0], &mut cipher[0..0], &auth[i..end]).expect("Error with encrypt_update()");
+///         i += chunk_size;
+///     }
+///     i = 0;
+///     while i < plain.len() {
+///         let mut end = i + chunk_size;
+///         if end > plain.len() {
+///             end = plain.len()
+///         }
+///         gcmstream.encrypt_update(&plain[i..end], &mut cipher[i..end], &auth[0..0]).expect("Error with encrypt_update()");
+///         i += chunk_size;
+///     }
+///     let mut auth_tag: [u8; 16] = [0; 16];
+///     gcmstream.encrypt_final(&mut auth_tag).expect("Error with encrypt_final()");
+///     assert_eq!(cipher, expected_cipher);
+///     assert_eq!(auth_tag, expected_auth_tag);
+/// }
+/// ```
+pub struct GCMStream {
+    ws_aes: ws::Aes,
+}
+impl GCMStream {
+    /// Create a new `GCMStream` instance.
+    ///
+    /// # Returns
+    ///
+    /// A Result which is Ok(GCMStream) on success or an Err containing the
+    /// wolfSSL library return code on failure.
+    pub fn new() -> Result<Self, i32> {
+        let ws_aes = new_ws_aes()?;
+        let gcmstream = GCMStream {ws_aes};
+        Ok(gcmstream)
+    }
+
+    /// Initialize a GCMStream instance for encryption or decryption.
+    ///
+    /// This method must be called before calling `encrypt_update()`,
+    /// `encrypt_final()`, `decrypt_update()`, or `decrypt_final()`.
+    ///
+    /// # Parameters
+    ///
+    /// * `key`: A slice containing the encryption key to use. The key must be
+    /// 16, 24, or 32 bytes in length.
+    /// * `iv`: A slice containing the initialization vector (IV) to use.
+    ///
+    /// # Returns
+    ///
+    /// A Result which is Ok(()) on success or an Err containing the wolfSSL
+    /// library return code on failure.
+    pub fn init(&mut self, key: &[u8], iv: &[u8]) -> Result<(), i32> {
+        let key_ptr = key.as_ptr() as *const u8;
+        let key_size = key.len() as u32;
+        let iv_ptr = iv.as_ptr() as *const u8;
+        let iv_size = iv.len() as u32;
+        let rc = unsafe {
+            ws::wc_AesGcmInit(&mut self.ws_aes, key_ptr, key_size, iv_ptr, iv_size)
+        };
+        if rc != 0 {
+            return Err(rc);
+        }
+        Ok(())
+    }
+
+    /// Add a chunk of data to encrypt or authentication data.
+    ///
+    /// All authentication data must be passed in to update before the
+    /// plaintext to encrypt. The last part of the authentication data can be
+    /// passed in with the same call as the first part of the plaintext data.
+    ///
+    /// The `init()` method must be called before calling this method.
+    /// The `encrypt_final()` method must be called to finalize the encryption
+    /// operation and retrieve the calculated authentication tag.
+    ///
+    /// # Parameters
+    ///
+    /// * `din`: Data to encrypt.
+    /// * `dout`: Buffer in which to store the encrypted data. The size of
+    /// the buffer must match that of the `din` buffer.
+    /// * `auth`: Authentication data input.
+    ///
+    /// # Returns
+    ///
+    /// A Result which is Ok(()) on success or an Err containing the wolfSSL
+    /// library return code on failure.
+    pub fn encrypt_update<I,O>(&mut self, din: &[I], dout: &mut [O],
+            auth: &[u8]) -> Result<(), i32> {
+        let in_ptr = din.as_ptr() as *const u8;
+        let in_size = (din.len() * size_of::<I>()) as u32;
+        let out_ptr = dout.as_ptr() as *mut u8;
+        let out_size = (dout.len() * size_of::<O>()) as u32;
+        let auth_ptr = auth.as_ptr() as *const u8;
+        let auth_size = auth.len() as u32;
+        if in_size != out_size {
+            return Err(ws::wolfCrypt_ErrorCodes_BAD_FUNC_ARG);
+        }
+        let rc = unsafe {
+            ws::wc_AesGcmEncryptUpdate(&mut self.ws_aes, out_ptr,
+                in_ptr, in_size,
+                auth_ptr, auth_size)
+        };
+        if rc != 0 {
+            return Err(rc);
+        }
+        Ok(())
+    }
+
+    /// Finalize encryption.
+    ///
+    /// The `init()` method must be called before calling this method.
+    /// The `encrypt_update()` method must be called one or more times before
+    /// calling this method to supply authentication data and plaintext input
+    /// for encryption.
+    ///
+    /// # Parameters
+    ///
+    /// * `auth_tag`: Buffer in which to store the authentication tag.
+    ///
+    /// # Returns
+    ///
+    /// A Result which is Ok(()) on success or an Err containing the wolfSSL
+    /// library return code on failure.
+    pub fn encrypt_final(&mut self, auth_tag: &mut [u8]) -> Result<(), i32> {
+        let auth_tag_ptr = auth_tag.as_ptr() as *mut u8;
+        let auth_tag_size = auth_tag.len() as u32;
+        let rc = unsafe {
+            ws::wc_AesGcmEncryptFinal(&mut self.ws_aes, auth_tag_ptr, auth_tag_size)
+        };
+        if rc != 0 {
+            return Err(rc);
+        }
+        Ok(())
+    }
+
+    /// Add a chunk of data to decrypt or authentication data.
+    ///
+    /// All authentication data must be passed in to update before the
+    /// ciphertext to decrypt. The last part of the authentication data can be
+    /// passed in with the same call as the first part of the ciphertext data.
+    ///
+    /// The `init()` method must be called before calling this method.
+    /// The `decrypt_final()` method must be called to finalize the decryption
+    /// operation and verify the authentication tag.
+    ///
+    /// # Parameters
+    ///
+    /// * `din`: Data to encrypt.
+    /// * `dout`: Buffer in which to store the decrypted data. The size of
+    /// the buffer must match that of the `din` buffer.
+    /// * `auth`: Authentication data input.
+    ///
+    /// # Returns
+    ///
+    /// A Result which is Ok(()) on success or an Err containing the wolfSSL
+    /// library return code on failure.
+    pub fn decrypt_update<I,O>(&mut self, din: &[I], dout: &mut [O],
+            auth: &[u8]) -> Result<(), i32> {
+        let in_ptr = din.as_ptr() as *const u8;
+        let in_size = (din.len() * size_of::<I>()) as u32;
+        let out_ptr = dout.as_ptr() as *mut u8;
+        let out_size = (dout.len() * size_of::<O>()) as u32;
+        let auth_ptr = auth.as_ptr() as *const u8;
+        let auth_size = auth.len() as u32;
+        if in_size != out_size {
+            return Err(ws::wolfCrypt_ErrorCodes_BAD_FUNC_ARG);
+        }
+        let rc = unsafe {
+            ws::wc_AesGcmDecryptUpdate(&mut self.ws_aes, out_ptr,
+                in_ptr, in_size,
+                auth_ptr, auth_size)
+        };
+        if rc != 0 {
+            return Err(rc);
+        }
+        Ok(())
+    }
+
+    /// Finalize decryption.
+    ///
+    /// The `init()` method must be called before calling this method.
+    /// The `decrypt_update()` method must be called one or more times before
+    /// calling this method to supply authentication data and ciphertext input
+    /// for decryption.
+    ///
+    /// # Parameters
+    ///
+    /// * `auth_tag`: Authentication tag input to verify.
+    ///
+    /// # Returns
+    ///
+    /// A Result which is Ok(()) on success or an Err containing the wolfSSL
+    /// library return code on failure.
+    pub fn decrypt_final(&mut self, auth_tag: &[u8]) -> Result<(), i32> {
+        let auth_tag_ptr = auth_tag.as_ptr() as *const u8;
+        let auth_tag_size = auth_tag.len() as u32;
+        let rc = unsafe {
+            ws::wc_AesGcmDecryptFinal(&mut self.ws_aes, auth_tag_ptr, auth_tag_size)
+        };
+        if rc != 0 {
+            return Err(rc);
+        }
+        Ok(())
+    }
+}
+impl Drop for GCMStream {
+    /// Safely free the wolfSSL resources.
+    fn drop(&mut self) {
+        unsafe { ws::wc_AesFree(&mut self.ws_aes); }
+    }
+}
+
+/// AES Output FeedBack (OFB) mode.
+///
+/// # Example
+/// ```rust
+/// use wolfssl::wolfcrypt::aes::OFB;
+/// let key: [u8; 32] = [
+///     0xc4,0xc7,0xfa,0xd6,0x53,0x5c,0xb8,0x71,
+///     0x4a,0x5c,0x40,0x77,0x9a,0x8b,0xa1,0xd2,
+///     0x53,0x3e,0x23,0xb4,0xb2,0x58,0x73,0x2a,
+///     0x5b,0x78,0x01,0xf4,0xe3,0x71,0xa7,0x94
+/// ];
+/// let iv: [u8; 16] = [
+///     0x5e,0xb9,0x33,0x13,0xb8,0x71,0xff,0x16,
+///     0xb9,0x8a,0x9b,0xcb,0x43,0x33,0x0d,0x6f
+/// ];
+/// let plain: [u8; 48] = [
+///     0x6d,0x0b,0xb0,0x79,0x63,0x84,0x71,0xe9,
+///     0x39,0xd4,0x53,0x14,0x86,0xc1,0x4c,0x25,
+///     0x9a,0xee,0xc6,0xf3,0xc0,0x0d,0xfd,0xd6,
+///     0xc0,0x50,0xa8,0xba,0xa8,0x20,0xdb,0x71,
+///     0xcc,0x12,0x2c,0x4e,0x0c,0x17,0x15,0xef,
+///     0x55,0xf3,0x99,0x5a,0x6b,0xf0,0x2a,0x4c
+/// ];
+/// let expected_cipher: [u8; 48] = [
+///     0x0f,0x54,0x61,0x71,0x59,0xd0,0x3f,0xfc,
+///     0x1b,0xfa,0xfb,0x60,0x29,0x30,0xd7,0x00,
+///     0xf4,0xa4,0xa8,0xe6,0xdd,0x93,0x94,0x46,
+///     0x64,0xd2,0x19,0xc4,0xc5,0x4d,0xde,0x1b,
+///     0x04,0x53,0xe1,0x73,0xf5,0x18,0x74,0xae,
+///     0xfd,0x64,0xa2,0xe1,0xe2,0x76,0x13,0xb0
+/// ];
+/// let mut ofb = OFB::new().expect("Failed to create OFB");
+/// ofb.init(&key, &iv).expect("Error with init()");
+/// let mut cipher: [u8; 48] = [0; 48];
+/// ofb.encrypt(&plain, &mut cipher).expect("Error with encrypt()");
+/// assert_eq!(cipher, expected_cipher);
+/// ofb.init(&key, &iv).expect("Error with init()");
+/// let mut plain_out: [u8; 48] = [0; 48];
+/// ofb.decrypt(&cipher, &mut plain_out).expect("Error with decrypt()");
+/// assert_eq!(plain_out, plain);
+/// ```
+pub struct OFB {
+    ws_aes: ws::Aes,
+}
+impl OFB {
+    /// Create a new `OFB` instance.
+    ///
+    /// # Returns
+    ///
+    /// A Result which is Ok(OFB) on success or an Err containing the wolfSSL
+    /// library return code on failure.
+    pub fn new() -> Result<Self, i32> {
+        let ws_aes = new_ws_aes()?;
+        let ofb = OFB {ws_aes};
+        Ok(ofb)
+    }
+
+    /// Initialize a OFB instance for encryption or decryption.
+    ///
+    /// This method must be called before calling `encrypt()` or `decrypt()`.
+    ///
+    /// # Parameters
+    ///
+    /// * `key`: A slice containing the encryption key to use. The key must be
+    /// 16, 24, or 32 bytes in length.
+    /// * `iv`: A slice containing the initialization vector (IV) to use. The
+    /// IV must be 16 bytes in length.
+    ///
+    /// # Returns
+    ///
+    /// A Result which is Ok(()) on success or an Err containing the wolfSSL
+    /// library return code on failure.
+    pub fn init(&mut self, key: &[u8], iv: &[u8]) -> Result<(), i32> {
+        let key_ptr = key.as_ptr() as *const u8;
+        let key_size = key.len() as u32;
+        let iv_ptr = iv.as_ptr() as *const u8;
+        if iv.len() as u32 != ws::WC_AES_BLOCK_SIZE {
+            return Err(ws::wolfCrypt_ErrorCodes_BAD_FUNC_ARG);
+        }
+        let rc = unsafe {
+            ws::wc_AesSetKey(&mut self.ws_aes, key_ptr, key_size, iv_ptr,
+                ws::AES_ENCRYPTION as i32)
+        };
+        if rc != 0 {
+            return Err(rc);
+        }
+        Ok(())
+    }
+
+    /// Encrypt data.
+    ///
+    /// The `init()` method must be called before calling this method.
+    ///
+    /// # Parameters
+    ///
+    /// * `din`: Data to encrypt.
+    /// * `dout`: Buffer in which to store the encrypted data. The size of
+    /// the buffer must match that of the `din` buffer.
+    ///
+    /// # Returns
+    ///
+    /// A Result which is Ok(()) on success or an Err containing the wolfSSL
+    /// library return code on failure.
+    pub fn encrypt<I,O>(&mut self, din: &[I], dout: &mut [O]) -> Result<(), i32> {
+        let in_ptr = din.as_ptr() as *const u8;
+        let in_size = (din.len() * size_of::<I>()) as u32;
+        let out_ptr = dout.as_ptr() as *mut u8;
+        let out_size = (dout.len() * size_of::<O>()) as u32;
+        if in_size != out_size {
+            return Err(ws::wolfCrypt_ErrorCodes_BAD_FUNC_ARG);
+        }
+        let rc = unsafe {
+            ws::wc_AesOfbEncrypt(&mut self.ws_aes, out_ptr, in_ptr, in_size)
+        };
+        if rc != 0 {
+            return Err(rc);
+        }
+        Ok(())
+    }
+
+    /// Decrypt data.
+    ///
+    /// The `init()` method must be called before calling this method.
+    ///
+    /// # Parameters
+    ///
+    /// * `din`: Data to decrypt.
+    /// * `dout`: Buffer in which to store the decrypted data. The size of
+    /// the buffer must match that of the `din` buffer.
+    ///
+    /// # Returns
+    ///
+    /// A Result which is Ok(()) on success or an Err containing the wolfSSL
+    /// library return code on failure.
+    pub fn decrypt<I,O>(&mut self, din: &[I], dout: &mut [O]) -> Result<(), i32> {
+        let in_ptr = din.as_ptr() as *const u8;
+        let in_size = (din.len() * size_of::<I>()) as u32;
+        let out_ptr = dout.as_ptr() as *mut u8;
+        let out_size = (dout.len() * size_of::<O>()) as u32;
+        if in_size != out_size {
+            return Err(ws::wolfCrypt_ErrorCodes_BAD_FUNC_ARG);
+        }
+        let rc = unsafe {
+            ws::wc_AesOfbDecrypt(&mut self.ws_aes, out_ptr, in_ptr, in_size)
+        };
+        if rc != 0 {
+            return Err(rc);
+        }
+        Ok(())
+    }
+}
+impl Drop for OFB {
+    /// Safely free the wolfSSL resources.
+    fn drop(&mut self) {
+        unsafe { ws::wc_AesFree(&mut self.ws_aes); }
+    }
+}
+
+/// AES XEX-based Tweaked-Codebook Mode With Ciphertext Stealing (XTS) support
+/// (one shot functionality).
+///
+/// This struct provides one-shot encryption and decryption functionality.
+/// For streaming/chunking functionality, see the `XTSStream` struct instead.
+///
+/// # Example
+/// ```rust
+/// use wolfssl::wolfcrypt::aes::XTS;
+/// let key: [u8; 32] = [
+///     0xa1, 0xb9, 0x0c, 0xba, 0x3f, 0x06, 0xac, 0x35,
+///     0x3b, 0x2c, 0x34, 0x38, 0x76, 0x08, 0x17, 0x62,
+///     0x09, 0x09, 0x23, 0x02, 0x6e, 0x91, 0x77, 0x18,
+///     0x15, 0xf2, 0x9d, 0xab, 0x01, 0x93, 0x2f, 0x2f
+/// ];
+/// let tweak: [u8; 16] = [
+///     0x4f, 0xae, 0xf7, 0x11, 0x7c, 0xda, 0x59, 0xc6,
+///     0x6e, 0x4b, 0x92, 0x01, 0x3e, 0x76, 0x8a, 0xd5
+/// ];
+/// let plain: [u8; 16] = [
+///     0xeb, 0xab, 0xce, 0x95, 0xb1, 0x4d, 0x3c, 0x8d,
+///     0x6f, 0xb3, 0x50, 0x39, 0x07, 0x90, 0x31, 0x1c
+/// ];
+/// let expected_cipher: [u8; 16] = [
+///     0x77, 0x8a, 0xe8, 0xb4, 0x3c, 0xb9, 0x8d, 0x5a,
+///     0x82, 0x50, 0x81, 0xd5, 0xbe, 0x47, 0x1c, 0x63
+/// ];
+/// let partial: [u8; 24] = [
+///     0xeb, 0xab, 0xce, 0x95, 0xb1, 0x4d, 0x3c, 0x8d,
+///     0x6f, 0xb3, 0x50, 0x39, 0x07, 0x90, 0x31, 0x1c,
+///     0x6e, 0x4b, 0x92, 0x01, 0x3e, 0x76, 0x8a, 0xd5
+/// ];
+/// let expected_partial_cipher: [u8; 24] = [
+///     0x2b, 0xf7, 0x2c, 0xf3, 0xeb, 0x85, 0xef, 0x7b,
+///     0x0b, 0x76, 0xa0, 0xaa, 0xf3, 0x3f, 0x25, 0x8b,
+///     0x77, 0x8a, 0xe8, 0xb4, 0x3c, 0xb9, 0x8d, 0x5a
+/// ];
+///
+/// let mut xts = XTS::new().expect("Failed to create XTS");
+/// xts.init_encrypt(&key).expect("Error with init_encrypt()");
+/// let mut cipher: [u8; 16] = [0; 16];
+/// xts.encrypt(&plain, &mut cipher, &tweak).expect("Error with encrypt()");
+/// assert_eq!(cipher, expected_cipher);
+/// xts.init_decrypt(&key).expect("Error with init_decrypt()");
+/// let mut plain_out: [u8; 16] = [0; 16];
+/// xts.decrypt(&cipher, &mut plain_out, &tweak).expect("Error with decrypt()");
+/// assert_eq!(plain_out, plain);
+///
+/// xts.init_encrypt(&key).expect("Error with init_encrypt()");
+/// let mut partial_cipher: [u8; 24] = [0; 24];
+/// xts.encrypt(&partial, &mut partial_cipher, &tweak).expect("Error with encrypt()");
+/// assert_eq!(partial_cipher, expected_partial_cipher);
+/// xts.init_decrypt(&key).expect("Error with init_decrypt()");
+/// let mut partial_out: [u8; 24] = [0; 24];
+/// xts.decrypt(&partial_cipher, &mut partial_out, &tweak).expect("Error with decrypt()");
+/// assert_eq!(partial_out, partial);
+/// ```
+pub struct XTS {
+    ws_xtsaes: ws::XtsAes,
+}
+impl XTS {
+    /// Create a new `XTS` instance.
+    ///
+    /// # Returns
+    ///
+    /// A Result which is Ok(XTS) on success or an Err containing the wolfSSL
+    /// library return code on failure.
+    pub fn new() -> Result<Self, i32> {
+        let ws_xtsaes = new_ws_xtsaes()?;
+        let xts = XTS {ws_xtsaes};
+        Ok(xts)
+    }
+
+    fn init(&mut self, key: &[u8], dir: i32) -> Result<(), i32> {
+        let key_ptr = key.as_ptr() as *const u8;
+        let key_size = key.len() as u32;
+        let rc = unsafe {
+            ws::wc_AesXtsSetKeyNoInit(&mut self.ws_xtsaes, key_ptr, key_size,
+                dir)
+        };
+        if rc != 0 {
+            return Err(rc);
+        }
+        Ok(())
+    }
+
+    /// Initialize a XTS instance for encryption.
+    ///
+    /// This method must be called before calling any encryption methods.
+    ///
+    /// # Parameters
+    ///
+    /// * `key`: A slice containing the encryption key to use. The key must be
+    /// 16, 24, or 32 bytes in length.
+    ///
+    /// # Returns
+    ///
+    /// A Result which is Ok(()) on success or an Err containing the wolfSSL
+    /// library return code on failure.
+    pub fn init_encrypt(&mut self, key: &[u8]) -> Result<(), i32> {
+        return self.init(key, ws::AES_ENCRYPTION as i32);
+    }
+
+    /// Initialize a XTS instance for decryption.
+    ///
+    /// This method must be called before calling any decryption methods.
+    ///
+    /// # Parameters
+    ///
+    /// * `key`: A slice containing the decryption key to use. The key must be
+    /// 16, 24, or 32 bytes in length.
+    ///
+    /// # Returns
+    ///
+    /// A Result which is Ok(()) on success or an Err containing the wolfSSL
+    /// library return code on failure.
+    pub fn init_decrypt(&mut self, key: &[u8]) -> Result<(), i32> {
+        return self.init(key, ws::AES_DECRYPTION as i32);
+    }
+
+    /// Encrypt data.
+    ///
+    /// The `init_encrypt()` method must be called before calling this method.
+    ///
+    /// # Parameters
+    ///
+    /// * `din`: Data to encrypt.
+    /// * `dout`: Buffer in which to store the encrypted data. The size of
+    /// the buffer must match that of the `din` buffer.
+    /// * `tweak`: Tweak value to use for the encryption operation.
+    ///
+    /// # Returns
+    ///
+    /// A Result which is Ok(()) on success or an Err containing the wolfSSL
+    /// library return code on failure.
+    pub fn encrypt<I,O>(&mut self, din: &[I], dout: &mut [O], tweak: &[u8]) -> Result<(), i32> {
+        let in_ptr = din.as_ptr() as *const u8;
+        let in_size = (din.len() * size_of::<I>()) as u32;
+        let out_ptr = dout.as_ptr() as *mut u8;
+        let out_size = (dout.len() * size_of::<O>()) as u32;
+        let tweak_ptr = tweak.as_ptr() as *const u8;
+        let tweak_size = tweak.len() as u32;
+        if in_size != out_size {
+            return Err(ws::wolfCrypt_ErrorCodes_BAD_FUNC_ARG);
+        }
+        let rc = unsafe {
+            ws::wc_AesXtsEncrypt(&mut self.ws_xtsaes, out_ptr,
+                in_ptr, in_size,
+                tweak_ptr, tweak_size)
+        };
+        if rc != 0 {
+            return Err(rc);
+        }
+        Ok(())
+    }
+
+    /// Encrypt a sector of data.
+    ///
+    /// The `init_encrypt()` method must be called before calling this method.
+    ///
+    /// This method is the same as `encrypt()` except that a sector number is
+    /// taken instead of a tweak buffer. Internally the sector number is
+    /// expanded into the tweak value to use.
+    ///
+    /// # Parameters
+    ///
+    /// * `din`: Data to encrypt.
+    /// * `dout`: Buffer in which to store the encrypted data. The size of
+    /// the buffer must match that of the `din` buffer.
+    /// * `sector`: Sector number to use for encryption operation. This value
+    /// is expanded into a tweak value.
+    ///
+    /// # Returns
+    ///
+    /// A Result which is Ok(()) on success or an Err containing the wolfSSL
+    /// library return code on failure.
+    pub fn encrypt_sector<I,O>(&mut self, din: &[I], dout: &mut [O], sector: u64) -> Result<(), i32> {
+        let in_ptr = din.as_ptr() as *const u8;
+        let in_size = (din.len() * size_of::<I>()) as u32;
+        let out_ptr = dout.as_ptr() as *mut u8;
+        let out_size = (dout.len() * size_of::<O>()) as u32;
+        if in_size != out_size {
+            return Err(ws::wolfCrypt_ErrorCodes_BAD_FUNC_ARG);
+        }
+        let rc = unsafe {
+            ws::wc_AesXtsEncryptSector(&mut self.ws_xtsaes, out_ptr,
+                in_ptr, in_size, sector)
+        };
+        if rc != 0 {
+            return Err(rc);
+        }
+        Ok(())
+    }
+
+    /// Encrypt consecutive sectors of data.
+    ///
+    /// The `init_encrypt()` method must be called before calling this method.
+    ///
+    /// This method is the same as `encrypt_sector()` except that the sector
+    /// number is automatically incremented every `sector_size` bytes.
+    ///
+    /// # Parameters
+    ///
+    /// * `din`: Data to encrypt.
+    /// * `dout`: Buffer in which to store the encrypted data. The size of
+    /// the buffer must match that of the `din` buffer.
+    /// * `sector`: Sector number to use for encryption operation. This value
+    /// is expanded into a tweak value.
+    /// * `sector_size`: Sector size. The `sector` value is internally
+    /// incremented every `sector_size` bytes.
+    ///
+    /// # Returns
+    ///
+    /// A Result which is Ok(()) on success or an Err containing the wolfSSL
+    /// library return code on failure.
+    pub fn encrypt_consecutive_sectors<I,O>(&mut self, din: &[I], dout: &mut [O],
+            sector: u64, sector_size: u32) -> Result<(), i32> {
+        let in_ptr = din.as_ptr() as *const u8;
+        let in_size = (din.len() * size_of::<I>()) as u32;
+        let out_ptr = dout.as_ptr() as *mut u8;
+        let out_size = (dout.len() * size_of::<O>()) as u32;
+        if in_size != out_size {
+            return Err(ws::wolfCrypt_ErrorCodes_BAD_FUNC_ARG);
+        }
+        let rc = unsafe {
+            ws::wc_AesXtsEncryptConsecutiveSectors(&mut self.ws_xtsaes, out_ptr,
+                in_ptr, in_size, sector, sector_size)
+        };
+        if rc != 0 {
+            return Err(rc);
+        }
+        Ok(())
+    }
+
+    /// Decrypt data.
+    ///
+    /// The `init_decrypt()` method must be called before calling this method.
+    ///
+    /// # Parameters
+    ///
+    /// * `din`: Data to decrypt.
+    /// * `dout`: Buffer in which to store the decrypted data. The size of
+    /// the buffer must match that of the `din` buffer.
+    /// * `tweak`: Tweak value to use for the decryption operation.
+    ///
+    /// # Returns
+    ///
+    /// A Result which is Ok(()) on success or an Err containing the wolfSSL
+    /// library return code on failure.
+    pub fn decrypt<I,O>(&mut self, din: &[I], dout: &mut [O], tweak: &[u8]) -> Result<(), i32> {
+        let in_ptr = din.as_ptr() as *const u8;
+        let in_size = (din.len() * size_of::<I>()) as u32;
+        let out_ptr = dout.as_ptr() as *mut u8;
+        let out_size = (dout.len() * size_of::<O>()) as u32;
+        let tweak_ptr = tweak.as_ptr() as *const u8;
+        let tweak_size = tweak.len() as u32;
+        if in_size != out_size {
+            return Err(ws::wolfCrypt_ErrorCodes_BAD_FUNC_ARG);
+        }
+        let rc = unsafe {
+            ws::wc_AesXtsDecrypt(&mut self.ws_xtsaes, out_ptr,
+                in_ptr, in_size,
+                tweak_ptr, tweak_size)
+        };
+        if rc != 0 {
+            return Err(rc);
+        }
+        Ok(())
+    }
+
+    /// Decrypt a sector of data.
+    ///
+    /// The `init_decrypt()` method must be called before calling this method.
+    ///
+    /// This method is the same as `decrypt()` except that a sector number is
+    /// taken instead of a tweak buffer. Internally the sector number is
+    /// expanded into the tweak value to use.
+    ///
+    /// # Parameters
+    ///
+    /// * `din`: Data to decrypt.
+    /// * `dout`: Buffer in which to store the decrypted data. The size of
+    /// the buffer must match that of the `din` buffer.
+    /// * `sector`: Sector number to use for decryption operation. This value
+    /// is expanded into a tweak value.
+    ///
+    /// # Returns
+    ///
+    /// A Result which is Ok(()) on success or an Err containing the wolfSSL
+    /// library return code on failure.
+    pub fn decrypt_sector<I,O>(&mut self, din: &[I], dout: &mut [O], sector: u64) -> Result<(), i32> {
+        let in_ptr = din.as_ptr() as *const u8;
+        let in_size = (din.len() * size_of::<I>()) as u32;
+        let out_ptr = dout.as_ptr() as *mut u8;
+        let out_size = (dout.len() * size_of::<O>()) as u32;
+        if in_size != out_size {
+            return Err(ws::wolfCrypt_ErrorCodes_BAD_FUNC_ARG);
+        }
+        let rc = unsafe {
+            ws::wc_AesXtsDecryptSector(&mut self.ws_xtsaes, out_ptr,
+                in_ptr, in_size, sector)
+        };
+        if rc != 0 {
+            return Err(rc);
+        }
+        Ok(())
+    }
+
+    /// Decrypt consecutive sectors of data.
+    ///
+    /// The `init_decrypt()` method must be called before calling this method.
+    ///
+    /// This method is the same as `decrypt_sector()` except that the sector
+    /// number is automatically incremented every `sector_size` bytes.
+    ///
+    /// # Parameters
+    ///
+    /// * `din`: Data to decrypt.
+    /// * `dout`: Buffer in which to store the decrypted data. The size of
+    /// the buffer must match that of the `din` buffer.
+    /// * `sector`: Sector number to use for decryption operation. This value
+    /// is expanded into a tweak value.
+    /// * `sector_size`: Sector size. The `sector` value is internally
+    /// incremented every `sector_size` bytes.
+    ///
+    /// # Returns
+    ///
+    /// A Result which is Ok(()) on success or an Err containing the wolfSSL
+    /// library return code on failure.
+    pub fn decrypt_consecutive_sectors<I,O>(&mut self, din: &[I], dout: &mut [O],
+            sector: u64, sector_size: u32) -> Result<(), i32> {
+        let in_ptr = din.as_ptr() as *const u8;
+        let in_size = (din.len() * size_of::<I>()) as u32;
+        let out_ptr = dout.as_ptr() as *mut u8;
+        let out_size = (dout.len() * size_of::<O>()) as u32;
+        if in_size != out_size {
+            return Err(ws::wolfCrypt_ErrorCodes_BAD_FUNC_ARG);
+        }
+        let rc = unsafe {
+            ws::wc_AesXtsDecryptConsecutiveSectors(&mut self.ws_xtsaes, out_ptr,
+                in_ptr, in_size, sector, sector_size)
+        };
+        if rc != 0 {
+            return Err(rc);
+        }
+        Ok(())
+    }
+}
+impl Drop for XTS {
+    /// Safely free the wolfSSL resources.
+    fn drop(&mut self) {
+        unsafe { ws::wc_AesXtsFree(&mut self.ws_xtsaes); }
+    }
+}
+
+/// AES XEX-based Tweaked-Codebook Mode With Ciphertext Stealing (XTS) support
+/// (streaming functionality).
+///
+/// This struct provides streaming/chunking encryption and decryption
+/// functionality. For one-shot functionality, see the `XTS` struct instead.
+///
+/// # Example
+/// ```rust
+/// use wolfssl::wolfcrypt::aes::XTSStream;
+/// let keys: [u8; 32] = [
+///     0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20,
+///     0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20,
+///     0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20,
+///     0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20,
+/// ];
+/// let tweak: [u8; 16] = [
+///     0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20,
+///     0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20,
+/// ];
+/// let plain: [u8; 40] = [
+///     0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20,
+///     0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20,
+///     0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20,
+///     0x20, 0xff, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20,
+///     0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20
+/// ];
+/// let expected_cipher: [u8; 40] = [
+///     0xA2, 0x07, 0x47, 0x76, 0x3F, 0xEC, 0x0C, 0x23,
+///     0x1B, 0xD0, 0xBD, 0x46, 0x9A, 0x27, 0x38, 0x12,
+///     0x95, 0x02, 0x3D, 0x5D, 0xC6, 0x94, 0x51, 0x36,
+///     0xA0, 0x85, 0xD2, 0x69, 0x6E, 0x87, 0x0A, 0xBF,
+///     0xB5, 0x5A, 0xDD, 0xCB, 0x80, 0xE0, 0xFC, 0xCD
+/// ];
+///
+/// let mut xtsstream = XTSStream::new().expect("Failed to create XTSStream");
+/// xtsstream.init_encrypt(&keys, &tweak).expect("Error with init_encrypt()");
+/// let mut cipher: [u8; 40] = [0; 40];
+/// xtsstream.encrypt_update(&plain[0..16], &mut cipher[0..16]).expect("Error with encrypt_update()");
+/// xtsstream.encrypt_final(&plain[16..40], &mut cipher[16..40]).expect("Error with encrypt_final()");
+/// assert_eq!(cipher, expected_cipher);
+///
+/// xtsstream.init_decrypt(&keys, &tweak).expect("Error with init_decrypt()");
+/// let mut plain_out: [u8; 40] = [0; 40];
+/// xtsstream.decrypt_update(&cipher[0..16], &mut plain_out[0..16]).expect("Error with decrypt_update()");
+/// xtsstream.decrypt_final(&cipher[16..40], &mut plain_out[16..40]).expect("Error with decrypt_final()");
+/// assert_eq!(plain_out, plain);
+/// ```
+pub struct XTSStream {
+    ws_xtsaes: ws::XtsAes,
+    ws_xtsaesstreamdata: ws::XtsAesStreamData,
+}
+impl XTSStream {
+    /// Create a new `XTSStream` instance.
+    ///
+    /// # Returns
+    ///
+    /// A Result which is Ok(XTSStream) on success or an Err containing the
+    /// wolfSSL library return code on failure.
+    pub fn new() -> Result<Self, i32> {
+        let ws_xtsaes = new_ws_xtsaes()?;
+        let ws_xtsaesstreamdata: MaybeUninit<ws::XtsAesStreamData> = MaybeUninit::uninit();
+        let ws_xtsaesstreamdata = unsafe { ws_xtsaesstreamdata.assume_init() };
+        let xtsstream = XTSStream {ws_xtsaes, ws_xtsaesstreamdata};
+        Ok(xtsstream)
+    }
+
+    /// Initialize a XTSStream instance for encryption.
+    ///
+    /// This method must be called before calling `encrypt_update()`.
+    ///
+    /// # Parameters
+    ///
+    /// * `key`: A slice containing the encryption key to use. The key must be
+    /// 16, 24, or 32 bytes in length.
+    /// * `tweak`: Tweak value to use for the encryption operation.
+    ///
+    /// # Returns
+    ///
+    /// A Result which is Ok(()) on success or an Err containing the wolfSSL
+    /// library return code on failure.
+    pub fn init_encrypt(&mut self, key: &[u8], tweak: &[u8]) -> Result<(), i32> {
+        let key_ptr = key.as_ptr() as *const u8;
+        let key_size = key.len() as u32;
+        let rc = unsafe {
+            ws::wc_AesXtsSetKeyNoInit(&mut self.ws_xtsaes, key_ptr, key_size,
+                ws::AES_ENCRYPTION as i32)
+        };
+        if rc != 0 {
+            return Err(rc);
+        }
+        let tweak_ptr = tweak.as_ptr() as *const u8;
+        let tweak_size = tweak.len() as u32;
+        let rc = unsafe {
+            ws::wc_AesXtsEncryptInit(&mut self.ws_xtsaes, tweak_ptr, tweak_size,
+                &mut self.ws_xtsaesstreamdata)
+        };
+        if rc != 0 {
+            return Err(rc);
+        }
+        Ok(())
+    }
+
+    /// Initialize a XTSStream instance for decryption.
+    ///
+    /// This method must be called before calling `decrypt_update()`.
+    ///
+    /// # Parameters
+    ///
+    /// * `key`: A slice containing the decryption key to use. The key must be
+    /// 16, 24, or 32 bytes in length.
+    /// * `tweak`: Tweak value to use for the decryption operation.
+    ///
+    /// # Returns
+    ///
+    /// A Result which is Ok(()) on success or an Err containing the wolfSSL
+    /// library return code on failure.
+    pub fn init_decrypt(&mut self, key: &[u8], tweak: &[u8]) -> Result<(), i32> {
+        let key_ptr = key.as_ptr() as *const u8;
+        let key_size = key.len() as u32;
+        let rc = unsafe {
+            ws::wc_AesXtsSetKeyNoInit(&mut self.ws_xtsaes, key_ptr, key_size,
+                ws::AES_DECRYPTION as i32)
+        };
+        if rc != 0 {
+            return Err(rc);
+        }
+        let tweak_ptr = tweak.as_ptr() as *const u8;
+        let tweak_size = tweak.len() as u32;
+        let rc = unsafe {
+            ws::wc_AesXtsDecryptInit(&mut self.ws_xtsaes, tweak_ptr, tweak_size,
+                &mut self.ws_xtsaesstreamdata)
+        };
+        if rc != 0 {
+            return Err(rc);
+        }
+        Ok(())
+    }
+
+    /// Add a chunk of data to encrypt.
+    ///
+    /// The `init_encrypt()` method must be called before calling this method.
+    /// The `encrypt_final()` method must be called to finalize the encryption
+    /// operation.
+    ///
+    /// # Parameters
+    ///
+    /// * `din`: Data to encrypt. The size of the data must be a multiple of
+    /// 16 bytes. A final chunk of data that is not a multiple of 16 bytes can
+    /// be passed in to `encrypt_final()`.
+    /// * `dout`: Buffer in which to store the encrypted data. The size of
+    /// the buffer must match that of the `din` buffer.
+    ///
+    /// # Returns
+    ///
+    /// A Result which is Ok(()) on success or an Err containing the wolfSSL
+    /// library return code on failure.
+    pub fn encrypt_update<I,O>(&mut self, din: &[I], dout: &mut [O]) -> Result<(), i32> {
+        let in_ptr = din.as_ptr() as *const u8;
+        let in_size = (din.len() * size_of::<I>()) as u32;
+        let out_ptr = dout.as_ptr() as *mut u8;
+        let out_size = (dout.len() * size_of::<O>()) as u32;
+        if in_size != out_size {
+            return Err(ws::wolfCrypt_ErrorCodes_BAD_FUNC_ARG);
+        }
+        let rc = unsafe {
+            ws::wc_AesXtsEncryptUpdate(&mut self.ws_xtsaes, out_ptr,
+                in_ptr, in_size, &mut self.ws_xtsaesstreamdata)
+        };
+        if rc != 0 {
+            return Err(rc);
+        }
+        Ok(())
+    }
+
+    /// Encrypt the final chunk of data.
+    ///
+    /// The `init_encrypt()` method must be called before calling this method.
+    /// The `encrypt_update()` method may be called prior to this to encrypt
+    /// blocks of data in chunks.
+    ///
+    /// # Parameters
+    ///
+    /// * `din`: Data to encrypt. The size of the data must be 0 or at least
+    /// 16 bytes. It does not need to be a multiple of 16 bytes.
+    /// * `dout`: Buffer in which to store the encrypted data. The size of
+    /// the buffer must match that of the `din` buffer.
+    ///
+    /// # Returns
+    ///
+    /// A Result which is Ok(()) on success or an Err containing the wolfSSL
+    /// library return code on failure.
+    pub fn encrypt_final<I,O>(&mut self, din: &[I], dout: &mut [O]) -> Result<(), i32> {
+        let in_ptr = din.as_ptr() as *const u8;
+        let in_size = (din.len() * size_of::<I>()) as u32;
+        let out_ptr = dout.as_ptr() as *mut u8;
+        let out_size = (dout.len() * size_of::<O>()) as u32;
+        if in_size != out_size {
+            return Err(ws::wolfCrypt_ErrorCodes_BAD_FUNC_ARG);
+        }
+        let rc = unsafe {
+            ws::wc_AesXtsEncryptFinal(&mut self.ws_xtsaes, out_ptr,
+                in_ptr, in_size, &mut self.ws_xtsaesstreamdata)
+        };
+        if rc != 0 {
+            return Err(rc);
+        }
+        Ok(())
+    }
+
+    /// Add a chunk of data to decrypt.
+    ///
+    /// The `init_decrypt()` method must be called before calling this method.
+    /// The `decrypt_final()` method must be called to finalize the decryption
+    /// operation.
+    ///
+    /// # Parameters
+    ///
+    /// * `din`: Data to decrypt. The size of the data must be a multiple of
+    /// 16 bytes. A final chunk of data that is not a multiple of 16 bytes can
+    /// be passed in to `decrypt_final()`.
+    /// * `dout`: Buffer in which to store the decrypted data. The size of
+    /// the buffer must match that of the `din` buffer.
+    ///
+    /// # Returns
+    ///
+    /// A Result which is Ok(()) on success or an Err containing the wolfSSL
+    /// library return code on failure.
+    pub fn decrypt_update<I,O>(&mut self, din: &[I], dout: &mut [O]) -> Result<(), i32> {
+        let in_ptr = din.as_ptr() as *const u8;
+        let in_size = (din.len() * size_of::<I>()) as u32;
+        let out_ptr = dout.as_ptr() as *mut u8;
+        let out_size = (dout.len() * size_of::<O>()) as u32;
+        if in_size != out_size {
+            return Err(ws::wolfCrypt_ErrorCodes_BAD_FUNC_ARG);
+        }
+        let rc = unsafe {
+            ws::wc_AesXtsDecryptUpdate(&mut self.ws_xtsaes, out_ptr,
+                in_ptr, in_size, &mut self.ws_xtsaesstreamdata)
+        };
+        if rc != 0 {
+            return Err(rc);
+        }
+        Ok(())
+    }
+
+    /// Decrypt the final chunk of data.
+    ///
+    /// The `init_decrypt()` method must be called before calling this method.
+    /// The `decrypt_update()` method may be called prior to this to decrypt
+    /// blocks of data in chunks.
+    ///
+    /// # Parameters
+    ///
+    /// * `din`: Data to decrypt. The size of the data must be 0 or at least
+    /// 16 bytes. It does not need to be a multiple of 16 bytes.
+    /// * `dout`: Buffer in which to store the decrypted data. The size of
+    /// the buffer must match that of the `din` buffer.
+    ///
+    /// # Returns
+    ///
+    /// A Result which is Ok(()) on success or an Err containing the wolfSSL
+    /// library return code on failure.
+    pub fn decrypt_final<I,O>(&mut self, din: &[I], dout: &mut [O]) -> Result<(), i32> {
+        let in_ptr = din.as_ptr() as *const u8;
+        let in_size = (din.len() * size_of::<I>()) as u32;
+        let out_ptr = dout.as_ptr() as *mut u8;
+        let out_size = (dout.len() * size_of::<O>()) as u32;
+        if in_size != out_size {
+            return Err(ws::wolfCrypt_ErrorCodes_BAD_FUNC_ARG);
+        }
+        let rc = unsafe {
+            ws::wc_AesXtsDecryptFinal(&mut self.ws_xtsaes, out_ptr,
+                in_ptr, in_size, &mut self.ws_xtsaesstreamdata)
+        };
+        if rc != 0 {
+            return Err(rc);
+        }
+        Ok(())
+    }
+}
+impl Drop for XTSStream {
+    /// Safely free the wolfSSL resources.
+    fn drop(&mut self) {
+        unsafe { ws::wc_AesXtsFree(&mut self.ws_xtsaes); }
+    }
+}
+
+fn new_ws_aes() -> Result<ws::Aes, i32> {
+    let mut ws_aes: MaybeUninit<ws::Aes> = MaybeUninit::uninit();
+    let rc = unsafe {
+        ws::wc_AesInit(ws_aes.as_mut_ptr(), null_mut(), ws::INVALID_DEVID)
+    };
+    if rc != 0 {
+        return Err(rc);
+    }
+    let ws_aes = unsafe { ws_aes.assume_init() };
+    Ok(ws_aes)
+}
+
+fn new_ws_xtsaes() -> Result<ws::XtsAes, i32> {
+    let mut ws_xtsaes: MaybeUninit<ws::XtsAes> = MaybeUninit::uninit();
+    let rc = unsafe {
+        ws::wc_AesXtsInit(ws_xtsaes.as_mut_ptr(), null_mut(), ws::INVALID_DEVID)
+    };
+    if rc != 0 {
+        return Err(rc);
+    }
+    let ws_xtsaes = unsafe { ws_xtsaes.assume_init() };
+    Ok(ws_xtsaes)
+}
diff --git a/wrapper/rust/wolfssl/src/wolfcrypt/random.rs b/wrapper/rust/wolfssl/src/wolfcrypt/random.rs
new file mode 100644
index 000000000..55f26015a
--- /dev/null
+++ b/wrapper/rust/wolfssl/src/wolfcrypt/random.rs
@@ -0,0 +1,146 @@
+/*!
+This crate provides a Rust wrapper for the wolfCrypt library's random number
+generator (RNG).
+
+It leverages the `wolfssl-sys` crate for low-level FFI bindings, encapsulating
+the raw C functions in a memory-safe and easy-to-use Rust API.
+
+The primary component is the `RNG` struct, which manages the lifecycle of a
+wolfSSL `WC_RNG` object. It ensures proper initialization and deallocation.
+
+# Examples
+
+```rust
+use wolfssl::wolfcrypt::random::RNG;
+
+fn main() {
+    // Create a RNG instance.
+    let mut rng = RNG::new().expect("Failed to create RNG");
+
+    // Generate a single random byte value.
+    let byte = rng.generate_byte().expect("Failed to generate a single byte");
+
+    // Generate a random block.
+    let mut buffer = [0u32; 8];
+    rng.generate_block(&mut buffer).expect("Failed to generate a block");
+}
+```
+*/
+use wolfssl_sys as ws;
+
+use std::mem::{size_of, MaybeUninit};
+
+/// A cryptographically secure random number generator based on the wolfSSL
+/// library.
+///
+/// This struct wraps the wolfssl `WC_RNG` type, providing a high-level API
+/// for generating random bytes and blocks of data. The `Drop` implementation
+/// ensures that the underlying wolfSSL RNG context is correctly freed when the
+/// `RNG` struct goes out of scope, preventing memory leaks.
+pub struct RNG {
+    wc_rng: ws::WC_RNG,
+}
+
+impl RNG {
+    /// Initialize a new `RNG` instance.
+    ///
+    /// This function wraps the wolfssl library function `wc_InitRng`, which
+    /// performs the necessary initialization for the RNG context.
+    ///
+    /// # Returns
+    ///
+    /// A Result which is Ok(RNG) on success or an Err containing the wolfSSL
+    /// library return code on failure.
+    pub fn new() -> Result<Self, i32> {
+        let mut rng: MaybeUninit<RNG> = MaybeUninit::uninit();
+        let rc = unsafe { ws::wc_InitRng(&mut (*rng.as_mut_ptr()).wc_rng) };
+        if rc == 0 {
+            let rng = unsafe { rng.assume_init() };
+            Ok(rng)
+        } else {
+            Err(rc)
+        }
+    }
+
+    /// Initialize a new `RNG` instance and provide a nonce input.
+    ///
+    /// This function wraps the wolfssl library function `wc_InitRngNonce`,
+    /// which performs the necessary initialization for the RNG context and
+    /// accepts a nonce input buffer.
+    ///
+    /// # Returns
+    ///
+    /// A Result which is Ok(RNG) on success or an Err containing the wolfSSL
+    /// library return code on failure.
+    pub fn new_with_nonce<T>(nonce: &mut [T]) -> Result<Self, i32> {
+        let ptr = nonce.as_mut_ptr() as *mut u8;
+        let size: u32 = (nonce.len() * size_of::<T>()) as u32;
+        let mut rng: MaybeUninit<RNG> = MaybeUninit::uninit();
+        let rc = unsafe {
+            ws::wc_InitRngNonce(&mut (*rng.as_mut_ptr()).wc_rng, ptr, size)
+        };
+        if rc == 0 {
+            let rng = unsafe { rng.assume_init() };
+            Ok(rng)
+        } else {
+            Err(rc)
+        }
+    }
+
+    /// Generate a single cryptographically secure random byte.
+    ///
+    /// This method calls the `wc_RNG_GenerateByte` wolfSSL library function to
+    /// retrieve a random byte from the underlying wolfSSL RNG context.
+    ///
+    /// # Returns
+    ///
+    /// A `Result` which is `Ok(u8)` containing the random byte on success or
+    /// an `Err` with the wolfssl library return code on failure.
+    pub fn generate_byte(&mut self) -> Result<u8, i32> {
+        let mut b: u8 = 0;
+        let rc = unsafe { ws::wc_RNG_GenerateByte(&mut self.wc_rng, &mut b) };
+        if rc == 0 {
+            Ok(b)
+        } else {
+            Err(rc)
+        }
+    }
+
+    /// Fill a mutable slice with cryptographically secure random data.
+    ///
+    /// This is a generic function that can fill a slice of any type `T` with
+    /// random bytes. It calculates the total size of the slice in bytes and
+    /// calls the underlying `wc_RNG_GenerateBlock` wolfssl library function.
+    ///
+    /// # Parameters
+    ///
+    /// * `buf`: A mutable slice of any type `T` to be filled with random data.
+    ///
+    /// # Returns
+    ///
+    /// A `Result` which is `Ok(())` on success or an `Err` with the wolfssl
+    /// library return code on failure.
+    pub fn generate_block<T>(&mut self, buf: &mut [T]) -> Result<(), i32> {
+        let ptr = buf.as_mut_ptr() as *mut u8;
+        let size: u32 = (buf.len() * size_of::<T>()) as u32;
+        let rc = unsafe { ws::wc_RNG_GenerateBlock(&mut self.wc_rng, ptr, size) };
+        if rc == 0 {
+            Ok(())
+        } else {
+            Err(rc)
+        }
+    }
+}
+
+impl Drop for RNG {
+    /// Safely free the underlying wolfSSL RNG context.
+    ///
+    /// This calls the `wc_FreeRng` wolfssl library function.
+    ///
+    /// The Rust Drop trait guarantees that this method is called when the RNG
+    /// struct goes out of scope, automatically cleaning up resources and
+    /// preventing memory leaks.
+    fn drop(&mut self) {
+        unsafe { ws::wc_FreeRng(&mut self.wc_rng); }
+    }
+}
diff --git a/wrapper/rust/wolfssl/tests/test_aes.rs b/wrapper/rust/wolfssl/tests/test_aes.rs
new file mode 100644
index 000000000..87c41edb4
--- /dev/null
+++ b/wrapper/rust/wolfssl/tests/test_aes.rs
@@ -0,0 +1,846 @@
+use wolfssl::wolfcrypt::aes::*;
+
+const BIG_MSG: [u8; 384] = [
+    0x41,0x6c,0x6c,0x20,0x77,0x6f,0x72,0x6b,
+    0x20,0x61,0x6e,0x64,0x20,0x6e,0x6f,0x20,
+    0x70,0x6c,0x61,0x79,0x20,0x6d,0x61,0x6b,
+    0x65,0x73,0x20,0x4a,0x61,0x63,0x6b,0x20,
+    0x61,0x20,0x64,0x75,0x6c,0x6c,0x20,0x62,
+    0x6f,0x79,0x2e,0x20,0x41,0x6c,0x6c,0x20,
+    0x77,0x6f,0x72,0x6b,0x20,0x61,0x6e,0x64,
+    0x20,0x6e,0x6f,0x20,0x70,0x6c,0x61,0x79,
+    0x20,0x6d,0x61,0x6b,0x65,0x73,0x20,0x4a,
+    0x61,0x63,0x6b,0x20,0x61,0x20,0x64,0x75,
+    0x6c,0x6c,0x20,0x62,0x6f,0x79,0x2e,0x20,
+    0x41,0x6c,0x6c,0x20,0x77,0x6f,0x72,0x6b,
+    0x20,0x61,0x6e,0x64,0x20,0x6e,0x6f,0x20,
+    0x70,0x6c,0x61,0x79,0x20,0x6d,0x61,0x6b,
+    0x65,0x73,0x20,0x4a,0x61,0x63,0x6b,0x20,
+    0x61,0x20,0x64,0x75,0x6c,0x6c,0x20,0x62,
+    0x6f,0x79,0x2e,0x20,0x41,0x6c,0x6c,0x20,
+    0x77,0x6f,0x72,0x6b,0x20,0x61,0x6e,0x64,
+    0x20,0x6e,0x6f,0x20,0x70,0x6c,0x61,0x79,
+    0x20,0x6d,0x61,0x6b,0x65,0x73,0x20,0x4a,
+    0x61,0x63,0x6b,0x20,0x61,0x20,0x64,0x75,
+    0x6c,0x6c,0x20,0x62,0x6f,0x79,0x2e,0x20,
+    0x41,0x6c,0x6c,0x20,0x77,0x6f,0x72,0x6b,
+    0x20,0x61,0x6e,0x64,0x20,0x6e,0x6f,0x20,
+    0x70,0x6c,0x61,0x79,0x20,0x6d,0x61,0x6b,
+    0x65,0x73,0x20,0x4a,0x61,0x63,0x6b,0x20,
+    0x61,0x20,0x64,0x75,0x6c,0x6c,0x20,0x62,
+    0x6f,0x79,0x2e,0x20,0x41,0x6c,0x6c,0x20,
+    0x77,0x6f,0x72,0x6b,0x20,0x61,0x6e,0x64,
+    0x20,0x6e,0x6f,0x20,0x70,0x6c,0x61,0x79,
+    0x20,0x6d,0x61,0x6b,0x65,0x73,0x20,0x4a,
+    0x61,0x63,0x6b,0x20,0x61,0x20,0x64,0x75,
+    0x6c,0x6c,0x20,0x62,0x6f,0x79,0x2e,0x20,
+    0x41,0x6c,0x6c,0x20,0x77,0x6f,0x72,0x6b,
+    0x20,0x61,0x6e,0x64,0x20,0x6e,0x6f,0x20,
+    0x70,0x6c,0x61,0x79,0x20,0x6d,0x61,0x6b,
+    0x65,0x73,0x20,0x4a,0x61,0x63,0x6b,0x20,
+    0x61,0x20,0x64,0x75,0x6c,0x6c,0x20,0x62,
+    0x6f,0x79,0x2e,0x20,0x41,0x6c,0x6c,0x20,
+    0x77,0x6f,0x72,0x6b,0x20,0x61,0x6e,0x64,
+    0x20,0x6e,0x6f,0x20,0x70,0x6c,0x61,0x79,
+    0x20,0x6d,0x61,0x6b,0x65,0x73,0x20,0x4a,
+    0x61,0x63,0x6b,0x20,0x61,0x20,0x64,0x75,
+    0x6c,0x6c,0x20,0x62,0x6f,0x79,0x2e,0x20,
+    0x41,0x6c,0x6c,0x20,0x77,0x6f,0x72,0x6b,
+    0x20,0x61,0x6e,0x64,0x20,0x6e,0x6f,0x20,
+    0x70,0x6c,0x61,0x79,0x20,0x6d,0x61,0x6b,
+    0x65,0x73,0x20,0x4a,0x61,0x63,0x6b,0x20
+];
+
+#[test]
+fn test_cbc_encrypt_decrypt() {
+    let mut cbc = CBC::new().expect("Failed to create CBC");
+    let key: &[u8; 16] = b"0123456789abcdef";
+    let iv: &[u8; 16] = b"1234567890abcdef";
+    let msg: [u8; 16] = [
+        0x6e, 0x6f, 0x77, 0x20, 0x69, 0x73, 0x20, 0x74,
+        0x68, 0x65, 0x20, 0x74, 0x69, 0x6d, 0x65, 0x20,
+    ];
+    let expected_cipher: [u8; 16] = [
+        0x95, 0x94, 0x92, 0x57, 0x5f, 0x42, 0x81, 0x53,
+        0x2c, 0xcc, 0x9d, 0x46, 0x77, 0xa2, 0x33, 0xcb
+    ];
+    cbc.init_encrypt(key, iv).expect("Error with init_encrypt()");
+    let mut cipher: [u8; 16] = [0; 16];
+    cbc.encrypt(&msg, &mut cipher).expect("Error with encrypt()");
+    assert_eq!(&cipher, &expected_cipher);
+    let mut plain_out = [0; 16];
+    cbc.init_decrypt(key, iv).expect("Error with init_decrypt()");
+    cbc.decrypt(&cipher, &mut plain_out).expect("Error with decrypt()");
+    assert_eq!(&plain_out, &msg);
+}
+
+#[test]
+fn test_cbc_big_msg() {
+    let mut cbc = CBC::new().expect("Failed to create CBC");
+    let big_key = b"0123456789abcdeffedcba9876543210";
+    let iv: &[u8; 16] = b"1234567890abcdef";
+    let mut big_cipher: [u8; 384] = [0; 384];
+    let mut big_plain: [u8; 384] = [0; 384];
+    cbc.init_encrypt(big_key, iv).expect("Error with init_encrypt()");
+    for i in (0..384).step_by(16) {
+        cbc.encrypt(&BIG_MSG[i..(i + 16)], &mut big_cipher[i..(i + 16)]).expect("Error with encrypt()");
+    }
+    cbc.init_decrypt(big_key, iv).expect("Error with init_decrypt()");
+    for i in (0..384).step_by(16) {
+        cbc.decrypt(&big_cipher[i..(i + 16)], &mut big_plain[i..(i + 16)]).expect("Error with decrypt()");
+    }
+    assert_eq!(big_plain, BIG_MSG);
+}
+
+#[test]
+fn test_ccm_encrypt_decrypt() {
+    let key: [u8; 16] = [
+        0xc0, 0xc1, 0xc2, 0xc3, 0xc4, 0xc5, 0xc6, 0xc7,
+        0xc8, 0xc9, 0xca, 0xcb, 0xcc, 0xcd, 0xce, 0xcf
+    ];
+    let nonce: [u8; 13] = [
+        0x00, 0x00, 0x00, 0x03, 0x02, 0x01, 0x00, 0xa0,
+        0xa1, 0xa2, 0xa3, 0xa4, 0xa5
+    ];
+    let plaintext: [u8; 23] = [
+        0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f,
+        0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17,
+        0x18, 0x19, 0x1a, 0x1b, 0x1c, 0x1d, 0x1e
+    ];
+    let plaintext_long: [u8; 73] = [
+        0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f,
+        0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17,
+        0x18, 0x19, 0x1a, 0x1b, 0x1c, 0x1d, 0x1e, 0x1f,
+        0x20, 0x21, 0x22, 0x23, 0x24, 0x25, 0x26, 0x27,
+        0x28, 0x29, 0x2a, 0x2b, 0x2c, 0x2d, 0x2e, 0x2f,
+        0x30, 0x31, 0x32, 0x33, 0x34, 0x35, 0x36, 0x37,
+        0x38, 0x39, 0x3a, 0x3b, 0x3c, 0x3d, 0x3e, 0x3f,
+        0x40, 0x41, 0x42, 0x43, 0x44, 0x45, 0x46, 0x47,
+        0x48, 0x49, 0x4a, 0x4b, 0x4c, 0x4d, 0x4e, 0x4f,
+        0x50
+    ];
+    let auth_data: [u8; 8] = [
+        0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07
+    ];
+    let expected_ciphertext: [u8; 23] = [
+        0x58, 0x8c, 0x97, 0x9a, 0x61, 0xc6, 0x63, 0xd2,
+        0xf0, 0x66, 0xd0, 0xc2, 0xc0, 0xf9, 0x89, 0x80,
+        0x6d, 0x5f, 0x6b, 0x61, 0xda, 0xc3, 0x84
+    ];
+    let expected_auth_tag: [u8; 8] = [
+        0x17, 0xe8, 0xd1, 0x2c, 0xfd, 0xf9, 0x26, 0xe0
+    ];
+    let expected_ciphertext_long: [u8; 73] = [
+        0x58, 0x8c, 0x97, 0x9a, 0x61, 0xc6, 0x63, 0xd2,
+        0xf0, 0x66, 0xd0, 0xc2, 0xc0, 0xf9, 0x89, 0x80,
+        0x6d, 0x5f, 0x6b, 0x61, 0xda, 0xc3, 0x84, 0xe0,
+        0x44, 0x2d, 0xbe, 0x25, 0xfa, 0x48, 0x2b, 0xa8,
+        0x36, 0x0b, 0xbf, 0x01, 0xc0, 0x12, 0x45, 0xa4,
+        0x82, 0x9f, 0x20, 0x6c, 0xc3, 0xd6, 0xae, 0x5b,
+        0x54, 0x8d, 0xd0, 0xb1, 0x69, 0x2c, 0xec, 0x5e,
+        0x95, 0xa5, 0x6b, 0x48, 0xc3, 0xc6, 0xc8, 0x9e,
+        0xc7, 0x92, 0x98, 0x9d, 0x26, 0x7d, 0x2a, 0x10,
+        0x0b
+    ];
+    let expected_auth_tag_long: [u8; 8] = [
+        0x89, 0xd8, 0xd2, 0x02, 0xc5, 0xcf, 0xae, 0xf4
+    ];
+
+    let mut ccm = CCM::new().expect("Failed to create CCM");
+    ccm.init(&key).expect("Error with init()");
+    let mut auth_tag_out: [u8; 8] = [0; 8];
+    let mut cipher_out: [u8; 23] = [0; 23];
+    ccm.encrypt(&plaintext, &mut cipher_out,
+        &nonce, &auth_data, &mut auth_tag_out).expect("Error with encrypt()");
+    assert_eq!(cipher_out, expected_ciphertext);
+    assert_eq!(auth_tag_out, expected_auth_tag);
+    ccm.init(&key).expect("Error with init()");
+    let mut plain_out: [u8; 23] = [0; 23];
+    ccm.decrypt(&cipher_out, &mut plain_out,
+        &nonce, &auth_data, &auth_tag_out).expect("Error with decrypt()");
+    assert_eq!(plain_out, plaintext);
+
+    ccm.init(&key).expect("Error with init()");
+    let mut auth_tag_long_out: [u8; 8] = [0; 8];
+    let mut cipher_long_out: [u8; 73] = [0; 73];
+    ccm.encrypt(&plaintext_long, &mut cipher_long_out,
+        &nonce, &auth_data, &mut auth_tag_long_out).expect("Error with encrypt()");
+    assert_eq!(cipher_long_out, expected_ciphertext_long);
+    assert_eq!(auth_tag_long_out, expected_auth_tag_long);
+    ccm.init(&key).expect("Error with init()");
+    let mut plain_long_out: [u8; 73] = [0; 73];
+    ccm.decrypt(&cipher_long_out, &mut plain_long_out,
+        &nonce, &auth_data, &auth_tag_long_out).expect("Error with decrypt()");
+    assert_eq!(plain_long_out, plaintext_long);
+}
+
+#[test]
+fn test_ccm_big_msg() {
+    let mut ccm = CCM::new().expect("Failed to create CCM");
+    let big_key = b"0123456789abcdeffedcba9876543210";
+    let nonce: [u8; 7] = [0x00, 0x00, 0x00, 0x03, 0x02, 0x01, 0x00];
+    let auth_data: [u8; 8] = [0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07];
+    let mut big_cipher: [u8; 384] = [0; 384];
+    let mut big_plain: [u8; 384] = [0; 384];
+    let mut auth_tag: [u8; 8] = [0; 8];
+    ccm.init(big_key).expect("Error with init()");
+    ccm.encrypt(&BIG_MSG, &mut big_cipher,
+        &nonce, &auth_data, &mut auth_tag).expect("Error with encrypt()");
+    ccm.init(big_key).expect("Error with init()");
+    ccm.decrypt(&big_cipher, &mut big_plain,
+        &nonce, &auth_data, &auth_tag).expect("Error with decrypt()");
+    assert_eq!(big_plain, BIG_MSG);
+}
+
+#[test]
+fn test_cfb_encrypt_decrypt() {
+    let mut cfb = CFB::new().expect("Failed to create CFB");
+    let key: [u8; 16] = [
+        0x2b,0x7e,0x15,0x16,0x28,0xae,0xd2,0xa6,
+        0xab,0xf7,0x15,0x88,0x09,0xcf,0x4f,0x3c
+    ];
+    let iv: [u8; 16] = [
+        0x00,0x01,0x02,0x03,0x04,0x05,0x06,0x07,
+        0x08,0x09,0x0a,0x0b,0x0c,0x0d,0x0e,0x0f
+    ];
+    let msg: [u8; 48] = [
+        0x6b,0xc1,0xbe,0xe2,0x2e,0x40,0x9f,0x96,
+        0xe9,0x3d,0x7e,0x11,0x73,0x93,0x17,0x2a,
+        0xae,0x2d,0x8a,0x57,0x1e,0x03,0xac,0x9c,
+        0x9e,0xb7,0x6f,0xac,0x45,0xaf,0x8e,0x51,
+        0x30,0xc8,0x1c,0x46,0xa3,0x5c,0xe4,0x11,
+        0xe5,0xfb,0xc1,0x19,0x1a,0x0a,0x52,0xef
+    ];
+    let cipher: [u8; 48] = [
+        0x3b,0x3f,0xd9,0x2e,0xb7,0x2d,0xad,0x20,
+        0x33,0x34,0x49,0xf8,0xe8,0x3c,0xfb,0x4a,
+        0xc8,0xa6,0x45,0x37,0xa0,0xb3,0xa9,0x3f,
+        0xcd,0xe3,0xcd,0xad,0x9f,0x1c,0xe5,0x8b,
+        0x26,0x75,0x1f,0x67,0xa3,0xcb,0xb1,0x40,
+        0xb1,0x80,0x8c,0xf1,0x87,0xa4,0xf4,0xdf
+    ];
+    cfb.init(&key, &iv).expect("Error with init()");
+    let mut outbuf: [u8; 48] = [0; 48];
+    cfb.encrypt(&msg[0..32], &mut outbuf[0..32]).expect("Error with encrypt()");
+    /* Break up encrypt over two operations to test continuation. */
+    cfb.encrypt(&msg[32..48], &mut outbuf[32..48]).expect("Error with encrypt()");
+    assert_eq!(outbuf, cipher);
+    cfb.init(&key, &iv).expect("Error with init()");
+    let mut plain: [u8; 48] = [0; 48];
+    cfb.decrypt(&outbuf, &mut plain).expect("Error with decrypt()");
+    assert_eq!(plain, msg);
+}
+
+#[test]
+fn test_cfb_big_msg() {
+    let mut cfb = CFB::new().expect("Failed to create CFB");
+    let big_key = b"0123456789abcdeffedcba9876543210";
+    let iv: [u8; 16] = [
+        0x00,0x01,0x02,0x03,0x04,0x05,0x06,0x07,
+        0x08,0x09,0x0a,0x0b,0x0c,0x0d,0x0e,0x0f
+    ];
+    let mut big_cipher: [u8; 384] = [0; 384];
+    let mut big_plain: [u8; 384] = [0; 384];
+    cfb.init(big_key, &iv).expect("Error with init()");
+    cfb.encrypt(&BIG_MSG, &mut big_cipher).expect("Error with encrypt()");
+    cfb.init(big_key, &iv).expect("Error with init()");
+    cfb.decrypt(&big_cipher, &mut big_plain).expect("Error with decrypt()");
+    assert_eq!(big_plain, BIG_MSG);
+}
+
+#[test]
+fn test_ctr_encrypt_decrypt() {
+    let iv: [u8; 16] = [
+        0xf0,0xf1,0xf2,0xf3,0xf4,0xf5,0xf6,0xf7,
+        0xf8,0xf9,0xfa,0xfb,0xfc,0xfd,0xfe,0xff
+    ];
+    let msg: [u8; 64] = [
+        0x6b,0xc1,0xbe,0xe2,0x2e,0x40,0x9f,0x96,
+        0xe9,0x3d,0x7e,0x11,0x73,0x93,0x17,0x2a,
+        0xae,0x2d,0x8a,0x57,0x1e,0x03,0xac,0x9c,
+        0x9e,0xb7,0x6f,0xac,0x45,0xaf,0x8e,0x51,
+        0x30,0xc8,0x1c,0x46,0xa3,0x5c,0xe4,0x11,
+        0xe5,0xfb,0xc1,0x19,0x1a,0x0a,0x52,0xef,
+        0xf6,0x9f,0x24,0x45,0xdf,0x4f,0x9b,0x17,
+        0xad,0x2b,0x41,0x7b,0xe6,0x6c,0x37,0x10
+    ];
+    let key: [u8; 16] = [
+        0x2b,0x7e,0x15,0x16,0x28,0xae,0xd2,0xa6,
+        0xab,0xf7,0x15,0x88,0x09,0xcf,0x4f,0x3c
+    ];
+    let cipher: [u8; 64] = [
+        0x87,0x4d,0x61,0x91,0xb6,0x20,0xe3,0x26,
+        0x1b,0xef,0x68,0x64,0x99,0x0d,0xb6,0xce,
+        0x98,0x06,0xf6,0x6b,0x79,0x70,0xfd,0xff,
+        0x86,0x17,0x18,0x7b,0xb9,0xff,0xfd,0xff,
+        0x5a,0xe4,0xdf,0x3e,0xdb,0xd5,0xd3,0x5e,
+        0x5b,0x4f,0x09,0x02,0x0d,0xb0,0x3e,0xab,
+        0x1e,0x03,0x1d,0xda,0x2f,0xbe,0x03,0xd1,
+        0x79,0x21,0x70,0xa0,0xf3,0x00,0x9c,0xee
+    ];
+    let mut ctr = CTR::new().expect("Failed to create CTR");
+    ctr.init(&key, &iv).expect("Error with init()");
+    let mut outbuf: [u8; 64] = [0; 64];
+    ctr.encrypt(&msg, &mut outbuf).expect("Error with encrypt()");
+    assert_eq!(outbuf, cipher);
+    ctr.init(&key, &iv).expect("Error with init()");
+    let mut plain: [u8; 64] = [0; 64];
+    ctr.decrypt(&outbuf, &mut plain).expect("Error with decrypt()");
+    assert_eq!(plain, msg);
+}
+
+#[test]
+fn test_ctr_big_msg() {
+    let mut ctr = CTR::new().expect("Failed to create CTR");
+    let big_key = b"0123456789abcdeffedcba9876543210";
+    let iv: [u8; 16] = [
+        0x00,0x01,0x02,0x03,0x04,0x05,0x06,0x07,
+        0x08,0x09,0x0a,0x0b,0x0c,0x0d,0x0e,0x0f
+    ];
+    let mut big_cipher: [u8; 384] = [0; 384];
+    let mut big_plain: [u8; 384] = [0; 384];
+    ctr.init(big_key, &iv).expect("Error with init()");
+    ctr.encrypt(&BIG_MSG, &mut big_cipher).expect("Error with encrypt()");
+    ctr.init(big_key, &iv).expect("Error with init()");
+    ctr.decrypt(&big_cipher, &mut big_plain).expect("Error with decrypt()");
+    assert_eq!(big_plain, BIG_MSG);
+}
+
+#[test]
+fn test_eax_one_shot_encrypt_decrypt() {
+    let key: [u8; 16] = [
+        0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
+        0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f
+    ];
+    let nonce: [u8; 16] = [
+        0x3c, 0x8c, 0xc2, 0x97, 0x0a, 0x00, 0x8f, 0x75,
+        0xcc, 0x5b, 0xea, 0xe2, 0x84, 0x72, 0x58, 0xc2
+    ];
+    let auth: &[u8] = &[];
+    let msg: [u8; 32] = [
+        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+        0x11, 0x11, 0x11, 0x11, 0x11, 0x11, 0x11, 0x11,
+        0x11, 0x11, 0x11, 0x11, 0x11, 0x11, 0x11, 0x11
+    ];
+    let expected_cipher: [u8; 32] = [
+        0x3c, 0x44, 0x1f, 0x32, 0xce, 0x07, 0x82, 0x23,
+        0x64, 0xd7, 0xa2, 0x99, 0x0e, 0x50, 0xbb, 0x13,
+        0xd7, 0xb0, 0x2a, 0x26, 0x96, 0x9e, 0x4a, 0x93,
+        0x7e, 0x5e, 0x90, 0x73, 0xb0, 0xd9, 0xc9, 0x68
+    ];
+    let expected_auth_tag: [u8; 16] = [
+        0xdb, 0x90, 0xbd, 0xb3, 0xda, 0x3d, 0x00, 0xaf,
+        0xd0, 0xfc, 0x6a, 0x83, 0x55, 0x1d, 0xa9, 0x5e
+    ];
+    let mut cipher: [u8; 32] = [0; 32];
+    let mut auth_tag: [u8; 16] = [0; 16];
+    EAX::encrypt(&msg, &mut cipher, &key, &nonce, auth, &mut auth_tag).expect("Error with encrypt()");
+    assert_eq!(cipher, expected_cipher);
+    assert_eq!(auth_tag, expected_auth_tag);
+    let mut plain: [u8; 32] = [0; 32];
+    EAX::decrypt(&cipher, &mut plain, &key, &nonce, auth, &auth_tag).expect("Error with decrypt()");
+    assert_eq!(plain, msg);
+}
+
+#[test]
+fn test_ecb_encrypt_decrypt() {
+    let mut ecb = ECB::new().expect("Failed to create ECB");
+    let key_128: &[u8; 16] = b"0123456789abcdef";
+    let msg: [u8; 16] = [
+        0x6e, 0x6f, 0x77, 0x20, 0x69, 0x73, 0x20, 0x74,
+        0x68, 0x65, 0x20, 0x74, 0x69, 0x6d, 0x65, 0x20
+    ];
+    let verify_ecb_128: [u8; 16] = [
+        0xd0, 0xc9, 0xd9, 0xc9, 0x40, 0xe8, 0x97, 0xb6,
+        0xc8, 0x8c, 0x33, 0x3b, 0xb5, 0x8f, 0x85, 0xd1
+    ];
+    ecb.init_encrypt(key_128).expect("Error with init_encrypt()");
+    let mut outbuf: [u8; 16] = [0; 16];
+    ecb.encrypt(&msg, &mut outbuf).expect("Error with encrypt()");
+    assert_eq!(&outbuf, &verify_ecb_128);
+    outbuf = [0; 16];
+    ecb.init_decrypt(key_128).expect("Error with init_decrypt()");
+    ecb.decrypt(&verify_ecb_128, &mut outbuf).expect("Error with decrypt()");
+    assert_eq!(&outbuf, &msg);
+}
+
+#[test]
+fn test_gcm_encrypt_decrypt() {
+    let key: [u8; 16] = [
+        0x29, 0x8e, 0xfa, 0x1c, 0xcf, 0x29, 0xcf, 0x62,
+        0xae, 0x68, 0x24, 0xbf, 0xc1, 0x95, 0x57, 0xfc
+    ];
+    let iv: [u8; 12] = [
+        0x6f, 0x58, 0xa9, 0x3f, 0xe1, 0xd2, 0x07, 0xfa,
+        0xe4, 0xed, 0x2f, 0x6d
+    ];
+    let plain: [u8; 32] = [
+        0xcc, 0x38, 0xbc, 0xcd, 0x6b, 0xc5, 0x36, 0xad,
+        0x91, 0x9b, 0x13, 0x95, 0xf5, 0xd6, 0x38, 0x01,
+        0xf9, 0x9f, 0x80, 0x68, 0xd6, 0x5c, 0xa5, 0xac,
+        0x63, 0x87, 0x2d, 0xaf, 0x16, 0xb9, 0x39, 0x01
+    ];
+    let auth: [u8; 16] = [
+        0x02, 0x1f, 0xaf, 0xd2, 0x38, 0x46, 0x39, 0x73,
+        0xff, 0xe8, 0x02, 0x56, 0xe5, 0xb1, 0xc6, 0xb1
+    ];
+    let expected_cipher: [u8; 32] = [
+        0xdf, 0xce, 0x4e, 0x9c, 0xd2, 0x91, 0x10, 0x3d,
+        0x7f, 0xe4, 0xe6, 0x33, 0x51, 0xd9, 0xe7, 0x9d,
+        0x3d, 0xfd, 0x39, 0x1e, 0x32, 0x67, 0x10, 0x46,
+        0x58, 0x21, 0x2d, 0xa9, 0x65, 0x21, 0xb7, 0xdb
+    ];
+    let expected_auth_tag: [u8; 16] = [
+        0x54, 0x24, 0x65, 0xef, 0x59, 0x93, 0x16, 0xf7,
+        0x3a, 0x7a, 0x56, 0x05, 0x09, 0xa2, 0xd9, 0xf2
+    ];
+    let mut gcm = GCM::new().expect("Failed to create GCM");
+    gcm.init(&key).expect("Error with init()");
+    let mut cipher: [u8; 32] = [0; 32];
+    let mut auth_tag: [u8; 16] = [0; 16];
+    gcm.encrypt(&plain, &mut cipher, &iv, &auth, &mut auth_tag).expect("Error with encrypt()");
+    assert_eq!(cipher, expected_cipher);
+    assert_eq!(auth_tag, expected_auth_tag);
+    let mut plain_out: [u8; 32] = [0; 32];
+    gcm.decrypt(&cipher, &mut plain_out, &iv, &auth, &auth_tag).expect("Error with decrypt()");
+    assert_eq!(plain_out, plain);
+}
+
+#[test]
+fn test_gcmstream_encrypt_decrypt() {
+    let plain: [u8; 60] = [
+        0xd9, 0x31, 0x32, 0x25, 0xf8, 0x84, 0x06, 0xe5,
+        0xa5, 0x59, 0x09, 0xc5, 0xaf, 0xf5, 0x26, 0x9a,
+        0x86, 0xa7, 0xa9, 0x53, 0x15, 0x34, 0xf7, 0xda,
+        0x2e, 0x4c, 0x30, 0x3d, 0x8a, 0x31, 0x8a, 0x72,
+        0x1c, 0x3c, 0x0c, 0x95, 0x95, 0x68, 0x09, 0x53,
+        0x2f, 0xcf, 0x0e, 0x24, 0x49, 0xa6, 0xb5, 0x25,
+        0xb1, 0x6a, 0xed, 0xf5, 0xaa, 0x0d, 0xe6, 0x57,
+        0xba, 0x63, 0x7b, 0x39
+    ];
+    let auth: [u8; 20] = [
+        0xfe, 0xed, 0xfa, 0xce, 0xde, 0xad, 0xbe, 0xef,
+        0xfe, 0xed, 0xfa, 0xce, 0xde, 0xad, 0xbe, 0xef,
+        0xab, 0xad, 0xda, 0xd2
+    ];
+    let key: [u8; 32] = [
+        0xfe, 0xff, 0xe9, 0x92, 0x86, 0x65, 0x73, 0x1c,
+        0x6d, 0x6a, 0x8f, 0x94, 0x67, 0x30, 0x83, 0x08,
+        0xfe, 0xff, 0xe9, 0x92, 0x86, 0x65, 0x73, 0x1c,
+        0x6d, 0x6a, 0x8f, 0x94, 0x67, 0x30, 0x83, 0x08
+    ];
+    let iv: [u8; 12] = [
+        0xca, 0xfe, 0xba, 0xbe, 0xfa, 0xce, 0xdb, 0xad,
+        0xde, 0xca, 0xf8, 0x88
+    ];
+    let expected_cipher: [u8; 60] = [
+        0x52, 0x2d, 0xc1, 0xf0, 0x99, 0x56, 0x7d, 0x07,
+        0xf4, 0x7f, 0x37, 0xa3, 0x2a, 0x84, 0x42, 0x7d,
+        0x64, 0x3a, 0x8c, 0xdc, 0xbf, 0xe5, 0xc0, 0xc9,
+        0x75, 0x98, 0xa2, 0xbd, 0x25, 0x55, 0xd1, 0xaa,
+        0x8c, 0xb0, 0x8e, 0x48, 0x59, 0x0d, 0xbb, 0x3d,
+        0xa7, 0xb0, 0x8b, 0x10, 0x56, 0x82, 0x88, 0x38,
+        0xc5, 0xf6, 0x1e, 0x63, 0x93, 0xba, 0x7a, 0x0a,
+        0xbc, 0xc9, 0xf6, 0x62
+    ];
+    let expected_auth_tag: [u8; 16] = [
+        0x76, 0xfc, 0x6e, 0xce, 0x0f, 0x4e, 0x17, 0x68,
+        0xcd, 0xdf, 0x88, 0x53, 0xbb, 0x2d, 0x55, 0x1b
+    ];
+    let mut gcmstream = GCMStream::new().expect("Failed to create GCMStream");
+    for chunk_size in 1..=auth.len() {
+        gcmstream.init(&key, &iv).expect("Error with init()");
+        let mut cipher: [u8; 60] = [0; 60];
+        let mut i = 0;
+        while i < auth.len() {
+            let mut end = i + chunk_size;
+            if end > auth.len() {
+                end = auth.len()
+            }
+            gcmstream.encrypt_update(&plain[0..0], &mut cipher[0..0], &auth[i..end]).expect("Error with encrypt_update()");
+            i += chunk_size;
+        }
+        i = 0;
+        while i < plain.len() {
+            let mut end = i + chunk_size;
+            if end > plain.len() {
+                end = plain.len()
+            }
+            gcmstream.encrypt_update(&plain[i..end], &mut cipher[i..end], &auth[0..0]).expect("Error with encrypt_update()");
+            i += chunk_size;
+        }
+        let mut auth_tag: [u8; 16] = [0; 16];
+        gcmstream.encrypt_final(&mut auth_tag).expect("Error with encrypt_final()");
+        assert_eq!(cipher, expected_cipher);
+        assert_eq!(auth_tag, expected_auth_tag);
+    }
+}
+
+#[test]
+fn test_ofb_encrypt_decrypt() {
+    let key: [u8; 32] = [
+        0xc4,0xc7,0xfa,0xd6,0x53,0x5c,0xb8,0x71,
+        0x4a,0x5c,0x40,0x77,0x9a,0x8b,0xa1,0xd2,
+        0x53,0x3e,0x23,0xb4,0xb2,0x58,0x73,0x2a,
+        0x5b,0x78,0x01,0xf4,0xe3,0x71,0xa7,0x94
+    ];
+    let iv: [u8; 16] = [
+        0x5e,0xb9,0x33,0x13,0xb8,0x71,0xff,0x16,
+        0xb9,0x8a,0x9b,0xcb,0x43,0x33,0x0d,0x6f
+    ];
+    let plain: [u8; 48] = [
+        0x6d,0x0b,0xb0,0x79,0x63,0x84,0x71,0xe9,
+        0x39,0xd4,0x53,0x14,0x86,0xc1,0x4c,0x25,
+        0x9a,0xee,0xc6,0xf3,0xc0,0x0d,0xfd,0xd6,
+        0xc0,0x50,0xa8,0xba,0xa8,0x20,0xdb,0x71,
+        0xcc,0x12,0x2c,0x4e,0x0c,0x17,0x15,0xef,
+        0x55,0xf3,0x99,0x5a,0x6b,0xf0,0x2a,0x4c
+    ];
+    let expected_cipher: [u8; 48] = [
+        0x0f,0x54,0x61,0x71,0x59,0xd0,0x3f,0xfc,
+        0x1b,0xfa,0xfb,0x60,0x29,0x30,0xd7,0x00,
+        0xf4,0xa4,0xa8,0xe6,0xdd,0x93,0x94,0x46,
+        0x64,0xd2,0x19,0xc4,0xc5,0x4d,0xde,0x1b,
+        0x04,0x53,0xe1,0x73,0xf5,0x18,0x74,0xae,
+        0xfd,0x64,0xa2,0xe1,0xe2,0x76,0x13,0xb0
+    ];
+    let mut ofb = OFB::new().expect("Failed to create OFB");
+    ofb.init(&key, &iv).expect("Error with init()");
+    let mut cipher: [u8; 48] = [0; 48];
+    ofb.encrypt(&plain, &mut cipher).expect("Error with encrypt()");
+    assert_eq!(cipher, expected_cipher);
+    ofb.init(&key, &iv).expect("Error with init()");
+    let mut plain_out: [u8; 48] = [0; 48];
+    ofb.decrypt(&cipher, &mut plain_out).expect("Error with decrypt()");
+    assert_eq!(plain_out, plain);
+}
+
+#[test]
+fn test_xts_one_shot() {
+    let key: [u8; 32] = [
+        0xa1, 0xb9, 0x0c, 0xba, 0x3f, 0x06, 0xac, 0x35,
+        0x3b, 0x2c, 0x34, 0x38, 0x76, 0x08, 0x17, 0x62,
+        0x09, 0x09, 0x23, 0x02, 0x6e, 0x91, 0x77, 0x18,
+        0x15, 0xf2, 0x9d, 0xab, 0x01, 0x93, 0x2f, 0x2f
+    ];
+    let tweak: [u8; 16] = [
+        0x4f, 0xae, 0xf7, 0x11, 0x7c, 0xda, 0x59, 0xc6,
+        0x6e, 0x4b, 0x92, 0x01, 0x3e, 0x76, 0x8a, 0xd5
+    ];
+    let plain: [u8; 16] = [
+        0xeb, 0xab, 0xce, 0x95, 0xb1, 0x4d, 0x3c, 0x8d,
+        0x6f, 0xb3, 0x50, 0x39, 0x07, 0x90, 0x31, 0x1c
+    ];
+    let expected_cipher: [u8; 16] = [
+        0x77, 0x8a, 0xe8, 0xb4, 0x3c, 0xb9, 0x8d, 0x5a,
+        0x82, 0x50, 0x81, 0xd5, 0xbe, 0x47, 0x1c, 0x63
+    ];
+    let partial: [u8; 24] = [
+        0xeb, 0xab, 0xce, 0x95, 0xb1, 0x4d, 0x3c, 0x8d,
+        0x6f, 0xb3, 0x50, 0x39, 0x07, 0x90, 0x31, 0x1c,
+        0x6e, 0x4b, 0x92, 0x01, 0x3e, 0x76, 0x8a, 0xd5
+    ];
+    let expected_partial_cipher: [u8; 24] = [
+        0x2b, 0xf7, 0x2c, 0xf3, 0xeb, 0x85, 0xef, 0x7b,
+        0x0b, 0x76, 0xa0, 0xaa, 0xf3, 0x3f, 0x25, 0x8b,
+        0x77, 0x8a, 0xe8, 0xb4, 0x3c, 0xb9, 0x8d, 0x5a
+    ];
+
+    let mut xts = XTS::new().expect("Failed to create XTS");
+    xts.init_encrypt(&key).expect("Error with init_encrypt()");
+    let mut cipher: [u8; 16] = [0; 16];
+    xts.encrypt(&plain, &mut cipher, &tweak).expect("Error with encrypt()");
+    assert_eq!(cipher, expected_cipher);
+    xts.init_decrypt(&key).expect("Error with init_decrypt()");
+    let mut plain_out: [u8; 16] = [0; 16];
+    xts.decrypt(&cipher, &mut plain_out, &tweak).expect("Error with decrypt()");
+    assert_eq!(plain_out, plain);
+
+    xts.init_encrypt(&key).expect("Error with init_encrypt()");
+    let mut partial_cipher: [u8; 24] = [0; 24];
+    xts.encrypt(&partial, &mut partial_cipher, &tweak).expect("Error with encrypt()");
+    assert_eq!(partial_cipher, expected_partial_cipher);
+    xts.init_decrypt(&key).expect("Error with init_decrypt()");
+    let mut partial_out: [u8; 24] = [0; 24];
+    xts.decrypt(&partial_cipher, &mut partial_out, &tweak).expect("Error with decrypt()");
+    assert_eq!(partial_out, partial);
+}
+
+#[test]
+fn test_xts_sector_128() {
+    let keys: [u8; 32] = [
+        0xa3, 0xe4, 0x0d, 0x5b, 0xd4, 0xb6, 0xbb, 0xed,
+        0xb2, 0xd1, 0x8c, 0x70, 0x0a, 0xd2, 0xdb, 0x22,
+        0x10, 0xc8, 0x11, 0x90, 0x64, 0x6d, 0x67, 0x3c,
+        0xbc, 0xa5, 0x3f, 0x13, 0x3e, 0xab, 0x37, 0x3c
+    ];
+    let plain: [u8; 16] =[
+        0x20, 0xe0, 0x71, 0x94, 0x05, 0x99, 0x3f, 0x09,
+        0xa6, 0x6a, 0xe5, 0xbb, 0x50, 0x0e, 0x56, 0x2c
+    ];
+    let expected_cipher: [u8; 16] = [
+        0x74, 0x62, 0x35, 0x51, 0x21, 0x02, 0x16, 0xac,
+        0x92, 0x6b, 0x96, 0x50, 0xb6, 0xd3, 0xfa, 0x52
+    ];
+    let sector = 141;
+
+    let mut xts = XTS::new().expect("Failed to create XTS");
+    xts.init_encrypt(&keys).expect("Error with init_encrypt()");
+    let mut cipher: [u8; 16] = [0; 16];
+    xts.encrypt_sector(&plain, &mut cipher, sector).expect("Error with encrypt_sector()");
+    assert_eq!(cipher, expected_cipher);
+
+    xts.init_decrypt(&keys).expect("Error with init_decrypt()");
+    let mut plain_out: [u8; 16] = [0; 16];
+    xts.decrypt_sector(&cipher, &mut plain_out, sector).expect("Error with decrypt_sector()");
+    assert_eq!(plain_out, plain);
+}
+
+#[test]
+fn test_xts_sector_256() {
+    let keys: [u8; 64] = [
+        0xef, 0x01, 0x0c, 0xa1, 0xa3, 0x66, 0x3e, 0x32,
+        0x53, 0x43, 0x49, 0xbc, 0x0b, 0xae, 0x62, 0x23,
+        0x2a, 0x15, 0x73, 0x34, 0x85, 0x68, 0xfb, 0x9e,
+        0xf4, 0x17, 0x68, 0xa7, 0x67, 0x4f, 0x50, 0x7a,
+        0x72, 0x7f, 0x98, 0x75, 0x53, 0x97, 0xd0, 0xe0,
+        0xaa, 0x32, 0xf8, 0x30, 0x33, 0x8c, 0xc7, 0xa9,
+        0x26, 0xc7, 0x73, 0xf0, 0x9e, 0x57, 0xb3, 0x57,
+        0xcd, 0x15, 0x6a, 0xfb, 0xca, 0x46, 0xe1, 0xa0
+    ];
+    let plain: [u8; 32] =[
+        0xed, 0x98, 0xe0, 0x17, 0x70, 0xa8, 0x53, 0xb4,
+        0x9d, 0xb9, 0xe6, 0xaa, 0xf8, 0x8f, 0x0a, 0x41,
+        0xb9, 0xb5, 0x6e, 0x91, 0xa5, 0xa2, 0xb1, 0x1d,
+        0x40, 0x52, 0x92, 0x54, 0xf5, 0x52, 0x3e, 0x75
+    ];
+    let expected_cipher: [u8; 32] = [
+        0xca, 0x20, 0xc5, 0x5e, 0x8d, 0xc1, 0x49, 0x68,
+        0x7d, 0x25, 0x41, 0xde, 0x39, 0xc3, 0xdf, 0x63,
+        0x00, 0xbb, 0x5a, 0x16, 0x3c, 0x10, 0xce, 0xd3,
+        0x66, 0x6b, 0x13, 0x57, 0xdb, 0x8b, 0xd3, 0x9d
+    ];
+    let sector = 187;
+
+    let mut xts = XTS::new().expect("Failed to create XTS");
+    xts.init_encrypt(&keys).expect("Error with init_encrypt()");
+    let mut cipher: [u8; 32] = [0; 32];
+    xts.encrypt_sector(&plain, &mut cipher, sector).expect("Error with encrypt_sector()");
+    assert_eq!(cipher, expected_cipher);
+
+    xts.init_decrypt(&keys).expect("Error with init_decrypt()");
+    let mut plain_out: [u8; 32] = [0; 32];
+    xts.decrypt_sector(&cipher, &mut plain_out, sector).expect("Error with decrypt_sector()");
+    assert_eq!(plain_out, plain);
+}
+
+#[test]
+fn test_xts_consecutive_sectors() {
+    let keys: [u8; 32] = [
+        0x11, 0x11, 0x11, 0x11, 0x11, 0x11, 0x11, 0x11,
+        0x11, 0x11, 0x11, 0x11, 0x11, 0x11, 0x11, 0x11,
+        0x22, 0x22, 0x22, 0x22, 0x22, 0x22, 0x22, 0x22,
+        0x22, 0x22, 0x22, 0x22, 0x22, 0x22, 0x22, 0x22
+    ];
+    let plain: [u8; 544] =[
+        0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0a, 0x0b,
+        0x0c, 0x0d, 0x0e, 0x0f, 0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17,
+        0x18, 0x19, 0x1a, 0x1b, 0x1c, 0x1d, 0x1e, 0x1f, 0x20, 0x21, 0x22, 0x23,
+        0x24, 0x25, 0x26, 0x27, 0x28, 0x29, 0x2a, 0x2b, 0x2c, 0x2d, 0x2e, 0x2f,
+        0x30, 0x31, 0x32, 0x33, 0x34, 0x35, 0x36, 0x37, 0x38, 0x39, 0x3a, 0x3b,
+        0x3c, 0x3d, 0x3e, 0x3f, 0x40, 0x41, 0x42, 0x43, 0x44, 0x45, 0x46, 0x47,
+        0x48, 0x49, 0x4a, 0x4b, 0x4c, 0x4d, 0x4e, 0x4f, 0x50, 0x51, 0x52, 0x53,
+        0x54, 0x55, 0x56, 0x57, 0x58, 0x59, 0x5a, 0x5b, 0x5c, 0x5d, 0x5e, 0x5f,
+        0x60, 0x61, 0x62, 0x63, 0x64, 0x65, 0x66, 0x67, 0x68, 0x69, 0x6a, 0x6b,
+        0x6c, 0x6d, 0x6e, 0x6f, 0x70, 0x71, 0x72, 0x73, 0x74, 0x75, 0x76, 0x77,
+        0x78, 0x79, 0x7a, 0x7b, 0x7c, 0x7d, 0x7e, 0x7f, 0x80, 0x81, 0x82, 0x83,
+        0x84, 0x85, 0x86, 0x87, 0x88, 0x89, 0x8a, 0x8b, 0x8c, 0x8d, 0x8e, 0x8f,
+        0x90, 0x91, 0x92, 0x93, 0x94, 0x95, 0x96, 0x97, 0x98, 0x99, 0x9a, 0x9b,
+        0x9c, 0x9d, 0x9e, 0x9f, 0xa0, 0xa1, 0xa2, 0xa3, 0xa4, 0xa5, 0xa6, 0xa7,
+        0xa8, 0xa9, 0xaa, 0xab, 0xac, 0xad, 0xae, 0xaf, 0xb0, 0xb1, 0xb2, 0xb3,
+        0xb4, 0xb5, 0xb6, 0xb7, 0xb8, 0xb9, 0xba, 0xbb, 0xbc, 0xbd, 0xbe, 0xbf,
+        0xc0, 0xc1, 0xc2, 0xc3, 0xc4, 0xc5, 0xc6, 0xc7, 0xc8, 0xc9, 0xca, 0xcb,
+        0xcc, 0xcd, 0xce, 0xcf, 0xd0, 0xd1, 0xd2, 0xd3, 0xd4, 0xd5, 0xd6, 0xd7,
+        0xd8, 0xd9, 0xda, 0xdb, 0xdc, 0xdd, 0xde, 0xdf, 0xe0, 0xe1, 0xe2, 0xe3,
+        0xe4, 0xe5, 0xe6, 0xe7, 0xe8, 0xe9, 0xea, 0xeb, 0xec, 0xed, 0xee, 0xef,
+        0xf0, 0xf1, 0xf2, 0xf3, 0xf4, 0xf5, 0xf6, 0xf7, 0xf8, 0xf9, 0xfa, 0xfb,
+        0xfc, 0xfd, 0xfe, 0xff,
+
+        0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0a, 0x0b,
+        0x0c, 0x0d, 0x0e, 0x0f, 0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17,
+        0x18, 0x19, 0x1a, 0x1b, 0x1c, 0x1d, 0x1e, 0x1f, 0x20, 0x21, 0x22, 0x23,
+        0x24, 0x25, 0x26, 0x27, 0x28, 0x29, 0x2a, 0x2b, 0x2c, 0x2d, 0x2e, 0x2f,
+        0x30, 0x31, 0x32, 0x33, 0x34, 0x35, 0x36, 0x37, 0x38, 0x39, 0x3a, 0x3b,
+        0x3c, 0x3d, 0x3e, 0x3f, 0x40, 0x41, 0x42, 0x43, 0x44, 0x45, 0x46, 0x47,
+        0x48, 0x49, 0x4a, 0x4b, 0x4c, 0x4d, 0x4e, 0x4f, 0x50, 0x51, 0x52, 0x53,
+        0x54, 0x55, 0x56, 0x57, 0x58, 0x59, 0x5a, 0x5b, 0x5c, 0x5d, 0x5e, 0x5f,
+        0x60, 0x61, 0x62, 0x63, 0x64, 0x65, 0x66, 0x67, 0x68, 0x69, 0x6a, 0x6b,
+        0x6c, 0x6d, 0x6e, 0x6f, 0x70, 0x71, 0x72, 0x73, 0x74, 0x75, 0x76, 0x77,
+        0x78, 0x79, 0x7a, 0x7b, 0x7c, 0x7d, 0x7e, 0x7f, 0x80, 0x81, 0x82, 0x83,
+        0x84, 0x85, 0x86, 0x87, 0x88, 0x89, 0x8a, 0x8b, 0x8c, 0x8d, 0x8e, 0x8f,
+        0x90, 0x91, 0x92, 0x93, 0x94, 0x95, 0x96, 0x97, 0x98, 0x99, 0x9a, 0x9b,
+        0x9c, 0x9d, 0x9e, 0x9f, 0xa0, 0xa1, 0xa2, 0xa3, 0xa4, 0xa5, 0xa6, 0xa7,
+        0xa8, 0xa9, 0xaa, 0xab, 0xac, 0xad, 0xae, 0xaf, 0xb0, 0xb1, 0xb2, 0xb3,
+        0xb4, 0xb5, 0xb6, 0xb7, 0xb8, 0xb9, 0xba, 0xbb, 0xbc, 0xbd, 0xbe, 0xbf,
+        0xc0, 0xc1, 0xc2, 0xc3, 0xc4, 0xc5, 0xc6, 0xc7, 0xc8, 0xc9, 0xca, 0xcb,
+        0xcc, 0xcd, 0xce, 0xcf, 0xd0, 0xd1, 0xd2, 0xd3, 0xd4, 0xd5, 0xd6, 0xd7,
+        0xd8, 0xd9, 0xda, 0xdb, 0xdc, 0xdd, 0xde, 0xdf, 0xe0, 0xe1, 0xe2, 0xe3,
+        0xe4, 0xe5, 0xe6, 0xe7, 0xe8, 0xe9, 0xea, 0xeb, 0xec, 0xed, 0xee, 0xef,
+        0xf0, 0xf1, 0xf2, 0xf3, 0xf4, 0xf5, 0xf6, 0xf7, 0xf8, 0xf9, 0xfa, 0xfb,
+        0xfc, 0xfd, 0xfe, 0xff,
+
+        0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0a, 0x0b,
+        0x0c, 0x0d, 0x0e, 0x0f, 0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17,
+        0x18, 0x19, 0x1a, 0x1b, 0x1c, 0x1d, 0x1e, 0x1f
+    ];
+    let expected_cipher: [u8; 544] = [
+        0xb9, 0x6b, 0x2b, 0xfd, 0x61, 0x87, 0x84, 0xd5, 0x26, 0xd2, 0x8c, 0x62,
+        0x63, 0x01, 0xca, 0x46, 0xb1, 0x82, 0xfa, 0xdc, 0xbc, 0x32, 0x18, 0xe9,
+        0xda, 0xe6, 0xda, 0xd1, 0x1a, 0x52, 0x77, 0xca, 0xdb, 0x0e, 0xbe, 0x37,
+        0x88, 0x36, 0x1c, 0x87, 0x16, 0x60, 0xfe, 0xa8, 0x9e, 0xf6, 0x48, 0x64,
+        0x94, 0x34, 0x64, 0xed, 0xf6, 0x9a, 0xc5, 0x28, 0xc9, 0xed, 0x64, 0x80,
+        0x85, 0xd8, 0x93, 0xa7, 0x50, 0xb1, 0x9d, 0x2f, 0x1e, 0x34, 0xcc, 0xb4,
+        0x03, 0xfb, 0x6b, 0x43, 0x21, 0xa8, 0x5b, 0xc6, 0x59, 0x13, 0xd2, 0xb5,
+        0xf5, 0x7b, 0xf6, 0xb2, 0xa4, 0x7a, 0xd2, 0x50, 0x26, 0xcb, 0xa4, 0x83,
+        0xc3, 0x56, 0xb0, 0xb1, 0x14, 0x34, 0x12, 0x1b, 0xea, 0x26, 0x97, 0x24,
+        0x54, 0xcc, 0x32, 0x4c, 0xa4, 0xc2, 0xa3, 0x07, 0xfa, 0x30, 0xa9, 0xf0,
+        0x91, 0x17, 0x60, 0x68, 0x88, 0x7f, 0x34, 0x7e, 0xbd, 0x20, 0x33, 0x95,
+        0x6e, 0xc0, 0xb6, 0x2b, 0xff, 0x7e, 0x61, 0x35, 0x9a, 0x88, 0xff, 0xd9,
+        0x69, 0x21, 0xe7, 0x8f, 0x45, 0x02, 0xf9, 0xd7, 0xeb, 0xa6, 0x53, 0xf1,
+        0x73, 0x04, 0xf1, 0x0b, 0x85, 0xc6, 0x1f, 0x4a, 0x51, 0x2f, 0x95, 0x87,
+        0x5a, 0x67, 0x37, 0xb2, 0x87, 0xf7, 0xbe, 0x2a, 0x17, 0x57, 0xca, 0xfc,
+        0xdd, 0x5f, 0x37, 0x48, 0x78, 0xbd, 0xfa, 0x75, 0xc9, 0xfa, 0x86, 0x7e,
+        0xc4, 0x0f, 0x60, 0x85, 0xce, 0x12, 0x44, 0x7c, 0xd9, 0xb2, 0x50, 0xd9,
+        0x57, 0x85, 0xa5, 0xd7, 0x68, 0x59, 0x03, 0x09, 0x97, 0x2e, 0x8e, 0xa5,
+        0xe3, 0x98, 0xac, 0x16, 0xfb, 0x6d, 0x54, 0xc5, 0x5d, 0x7a, 0x33, 0x44,
+        0x0a, 0x39, 0x91, 0xcc, 0x9f, 0x67, 0xf9, 0x89, 0xbb, 0x62, 0x02, 0xc4,
+        0x22, 0xec, 0xcf, 0x97, 0x69, 0x81, 0x3d, 0x00, 0xfd, 0xeb, 0x55, 0x08,
+        0xa2, 0xff, 0x97, 0xaa, 0x79, 0xde, 0x3c, 0x8a, 0x78, 0x71, 0x73, 0xa2,
+        0x98, 0x2f, 0xd8, 0x5c, 0x62, 0x1c, 0x5c, 0x23, 0x0a, 0xd1, 0xf1, 0x81,
+        0x8a, 0x12, 0xe7, 0x4d, 0xdd, 0x4f, 0xd4, 0xf1, 0xe8, 0x0f, 0x25, 0x79,
+        0x45, 0x4a, 0x49, 0x49, 0x7e, 0x56, 0x91, 0x4e, 0xaa, 0xba, 0x18, 0xe1,
+        0xe4, 0xbe, 0x21, 0xdc, 0x58, 0x60, 0x6f, 0x6a, 0x7f, 0xdc, 0x5e, 0x74,
+        0x47, 0xbf, 0xeb, 0x84, 0xc4, 0x1e, 0x5a, 0x61, 0x64, 0xc8, 0x63, 0x68,
+        0xfa, 0x17, 0x9c, 0xac, 0x60, 0x1c, 0xa5, 0x6e, 0x00, 0x21, 0x93, 0x3c,
+        0xd7, 0xbb, 0x73, 0x45, 0xf7, 0x34, 0x81, 0x6c, 0xfa, 0xf2, 0x33, 0xfd,
+        0xb1, 0x40, 0x30, 0x6b, 0x30, 0xd1, 0x83, 0x5e, 0x2e, 0x7a, 0xce, 0xa6,
+        0x12, 0x2a, 0x15, 0x03, 0x78, 0x29, 0xb9, 0x07, 0xae, 0xe7, 0xc2, 0x78,
+        0x74, 0x72, 0xa5, 0x0e, 0x6b, 0x1f, 0x78, 0xf2, 0x5a, 0x69, 0xb6, 0x2b,
+        0x99, 0x94, 0x1f, 0x89, 0xd1, 0x21, 0x14, 0x4a, 0x54, 0xab, 0x5a, 0x9f,
+        0xaa, 0xa7, 0x96, 0x0a, 0x21, 0xce, 0x30, 0xb6, 0x70, 0x81, 0xe9, 0xd3,
+        0x71, 0xc0, 0xf1, 0x15, 0xe2, 0xf6, 0xd3, 0xcc, 0x41, 0x15, 0x9d, 0xd5,
+        0xa3, 0xa4, 0xe0, 0xf8, 0x62, 0xc4, 0x76, 0x65, 0x63, 0x89, 0xa7, 0xe2,
+        0xfb, 0xf5, 0xc9, 0x80, 0x15, 0x5b, 0xc1, 0x59, 0xb2, 0xd0, 0x01, 0x3a,
+        0xf9, 0xab, 0x5b, 0x79, 0x54, 0xed, 0x6b, 0xf9, 0x1d, 0x9d, 0x87, 0x63,
+        0x80, 0x4f, 0xec, 0x9c, 0x4f, 0xad, 0x97, 0x04, 0xff, 0x62, 0x4a, 0x17,
+        0xc0, 0x09, 0x2a, 0x2c, 0x23, 0x4b, 0xc3, 0xb6, 0x6d, 0xed, 0xdb, 0x1a,
+        0x6f, 0x56, 0x2b, 0x78, 0x92, 0x3a, 0x5c, 0x7f, 0xb2, 0x63, 0xd3, 0xd5,
+        0x1a, 0xbe, 0xc2, 0x34, 0xc8, 0xad, 0x36, 0xb7, 0x12, 0xb8, 0xe1, 0xb7,
+        0x52, 0x7f, 0x16, 0x84, 0x2c, 0x47, 0x7e, 0xf2, 0xa5, 0x36, 0x2e, 0xad,
+        0xe7, 0xbb, 0xc0, 0x6f, 0x27, 0x8e, 0x41, 0x08, 0x75, 0xe5, 0xff, 0xde,
+        0x08, 0x9f, 0x8c, 0x91, 0xba, 0xc9, 0x9d, 0x9f, 0x27, 0x90, 0x50, 0x44,
+        0x24, 0xe7, 0x3d, 0x6f
+    ];
+    let sector = 0x000000ffffffffff;
+    let sector_size = 512;
+
+    let mut xts = XTS::new().expect("Failed to create XTS");
+    xts.init_encrypt(&keys).expect("Error with init_encrypt()");
+    let mut cipher: [u8; 544] = [0; 544];
+    xts.encrypt_consecutive_sectors(&plain, &mut cipher, sector, sector_size).expect("Error with encrypt_consecutive_sectors()");
+    assert_eq!(cipher, expected_cipher);
+
+    xts.init_decrypt(&keys).expect("Error with init_decrypt()");
+    let mut plain_out: [u8; 544] = [0; 544];
+    xts.decrypt_consecutive_sectors(&cipher, &mut plain_out, sector, sector_size).expect("Error with decrypt_consecutive_sectors()");
+    assert_eq!(plain_out, plain);
+}
+
+#[test]
+fn test_xtsstream() {
+    let keys: [u8; 32] = [
+        0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20,
+        0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20,
+        0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20,
+        0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20,
+    ];
+    let tweak: [u8; 16] = [
+        0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20,
+        0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20,
+    ];
+    let plain: [u8; 40] = [
+        0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20,
+        0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20,
+        0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20,
+        0x20, 0xff, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20,
+        0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20
+    ];
+    let expected_cipher: [u8; 40] = [
+        0xA2, 0x07, 0x47, 0x76, 0x3F, 0xEC, 0x0C, 0x23,
+        0x1B, 0xD0, 0xBD, 0x46, 0x9A, 0x27, 0x38, 0x12,
+        0x95, 0x02, 0x3D, 0x5D, 0xC6, 0x94, 0x51, 0x36,
+        0xA0, 0x85, 0xD2, 0x69, 0x6E, 0x87, 0x0A, 0xBF,
+        0xB5, 0x5A, 0xDD, 0xCB, 0x80, 0xE0, 0xFC, 0xCD
+    ];
+
+    let mut xtsstream = XTSStream::new().expect("Failed to create XTSStream");
+    xtsstream.init_encrypt(&keys, &tweak).expect("Error with init_encrypt()");
+    let mut cipher: [u8; 40] = [0; 40];
+    xtsstream.encrypt_update(&plain[0..16], &mut cipher[0..16]).expect("Error with encrypt_update()");
+    xtsstream.encrypt_final(&plain[16..40], &mut cipher[16..40]).expect("Error with encrypt_final()");
+    assert_eq!(cipher, expected_cipher);
+
+    xtsstream.init_decrypt(&keys, &tweak).expect("Error with init_decrypt()");
+    let mut plain_out: [u8; 40] = [0; 40];
+    xtsstream.decrypt_update(&cipher[0..16], &mut plain_out[0..16]).expect("Error with decrypt_update()");
+    xtsstream.decrypt_final(&cipher[16..40], &mut plain_out[16..40]).expect("Error with decrypt_final()");
+    assert_eq!(plain_out, plain);
+}
+
+#[test]
+fn test_xtsstream_big_msg() {
+    let key: [u8; 32] = [
+        0xa1, 0xb9, 0x0c, 0xba, 0x3f, 0x06, 0xac, 0x35,
+        0x3b, 0x2c, 0x34, 0x38, 0x76, 0x08, 0x17, 0x62,
+        0x09, 0x09, 0x23, 0x02, 0x6e, 0x91, 0x77, 0x18,
+        0x15, 0xf2, 0x9d, 0xab, 0x01, 0x93, 0x2f, 0x2f
+    ];
+    let tweak: [u8; 16] = [
+        0x4f, 0xae, 0xf7, 0x11, 0x7c, 0xda, 0x59, 0xc6,
+        0x6e, 0x4b, 0x92, 0x01, 0x3e, 0x76, 0x8a, 0xd5
+    ];
+
+    let mut xtsstream = XTSStream::new().expect("Failed to create XTSStream");
+    xtsstream.init_encrypt(&key, &tweak).expect("Error with init_encrypt()");
+    let mut cipher: [u8; 384] = [0; 384];
+    let mut i = 0;
+    while i < BIG_MSG.len() {
+        let remaining = BIG_MSG.len() - i;
+        if remaining < 32 {
+            xtsstream.encrypt_final(&BIG_MSG[i..BIG_MSG.len()], &mut cipher[i..BIG_MSG.len()]).expect("Error with encrypt_final()");
+            i += remaining;
+        } else {
+            let end = i + 16;
+            xtsstream.encrypt_update(&BIG_MSG[i..end], &mut cipher[i..end]).expect("Error with encrypt_update()");
+            i += 16;
+        }
+    }
+
+    xtsstream.init_decrypt(&key, &tweak).expect("Error with init_decrypt()");
+    let mut plain_out: [u8; 384] = [0; 384];
+    let mut i = 0;
+    while i < BIG_MSG.len() {
+        let remaining = BIG_MSG.len() - i;
+        if remaining < 32 {
+            xtsstream.decrypt_final(&cipher[i..BIG_MSG.len()], &mut plain_out[i..BIG_MSG.len()]).expect("Error with decrypt_final()");
+            i += remaining;
+        } else {
+            let end = i + 16;
+            xtsstream.decrypt_update(&cipher[i..end], &mut plain_out[i..end]).expect("Error with decrypt_update()");
+            i += 16;
+        }
+    }
+
+    assert_eq!(plain_out, BIG_MSG);
+}
diff --git a/wrapper/rust/wolfssl/tests/test_random.rs b/wrapper/rust/wolfssl/tests/test_random.rs
new file mode 100644
index 000000000..c5a9c5b74
--- /dev/null
+++ b/wrapper/rust/wolfssl/tests/test_random.rs
@@ -0,0 +1,58 @@
+use wolfssl::wolfcrypt::random::RNG;
+
+// Test that RNG::new() returns successfully and that drop() does not panic.
+#[test]
+fn test_rng_new_and_drop() {
+    let _rng = RNG::new().expect("Failed to create RNG");
+}
+
+// Test that RNG::new_with_nonce() returns successfully and that drop() does
+// not panic.
+#[test]
+fn test_rng_new_with_nonce_and_drop() {
+    let mut nonce = [1, 2, 3, 4];
+    let _rng = RNG::new_with_nonce(&mut nonce).expect("Failed to create RNG");
+}
+
+// Test that generate_byte() returns random values.
+#[test]
+fn test_rng_generate_byte() {
+    // Since a single 0x00 or 0xFF could occur occasionally, we'll combine four
+    // bytes into a u32 and make sure they aren't all 0x00 or all 0xFF.
+    let mut rng = RNG::new().expect("Failed to create RNG");
+    let mut v: u32 = 0;
+    for _i in 0..4 {
+        let byte = rng.generate_byte().expect("Failed to generate a single byte");
+        v = (v << 8) | (byte as u32);
+    }
+    assert_ne!(v, 0u32);
+    assert_ne!(v, 0xFFFF_FFFFu32);
+}
+
+// Test that generate_block works for a slice of u8.
+#[test]
+fn test_rng_generate_block_u8() {
+    let mut rng = RNG::new().expect("Failed to create RNG");
+    let mut buffer = [0u8; 32];
+    rng.generate_block(&mut buffer).expect("Failed to generate a block of bytes");
+
+    // Check if the buffer has been modified from its initial state.
+    let all_zeros = [0u8; 32];
+    assert_ne!(buffer, all_zeros);
+}
+
+// Test that generate_block works for a slice of u32.
+#[test]
+fn test_rng_generate_block_u32() {
+    let mut rng = RNG::new().expect("Failed to create RNG");
+    let mut buffer = [0u32; 8];
+    rng.generate_block(&mut buffer).expect("Failed to generate a block of u32");
+
+    // Check if the buffer has been modified.
+    let all_zeros = [0u32; 8];
+    assert_ne!(buffer, all_zeros);
+    // Check that the last u32 is populated so the size of the buffer was
+    // calculated properly.
+    assert_ne!(buffer[buffer.len() - 1], 0u32);
+    assert_ne!(buffer[buffer.len() - 1], 0xFFFF_FFFFu32);
+}
diff --git a/zephyr/samples/wolfssl_test/sample.yaml b/zephyr/samples/wolfssl_test/sample.yaml
index 50010f76a..e9fbbcdd2 100644
--- a/zephyr/samples/wolfssl_test/sample.yaml
+++ b/zephyr/samples/wolfssl_test/sample.yaml
@@ -14,7 +14,7 @@ tests:
     integration_platforms:
       - qemu_x86
   sample.crypto.wolfssl_test_no_malloc:
-    timeout: 120
+    timeout: 200
     platform_allow: qemu_x86
     extra_args: CONF_FILE="prj-no-malloc.conf"
     integration_platforms: